Community discussions

MikroTik App

Search found 11416 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 39
by pe1chl
Sat Dec 02, 2023 11:17 am
Forum: Beginner Basics
Topic: IPv6 on only one vlan?
Replies: 11
Views: 577

Re: IPv6 on only one vlan?

No, the ND setting is fine. Addresses are only advertised on interfaces that have an address AND have "Advertise" set on that address.

Having IPv6 on a VLAN is fine, as long as you have only untagged ports on that VLAN and/or you have no Windows systems.
by pe1chl
Fri Dec 01, 2023 8:01 pm
Forum: Beginner Basics
Topic: IPv6 on only one vlan?
Replies: 11
Views: 577

Re: IPv6 on only one vlan?

Make sure you have no Windows systems where your normal network is received "untagged" and your "one VLAN" is received "tagged", because that will seriously foul up the Windows broken networking! (When a Windows system is not configured for tagged VLAN handling, which u...
by pe1chl
Fri Dec 01, 2023 12:12 pm
Forum: RouterOS beta
Topic: OS upgrade Issue from version 6 to version 7
Replies: 22
Views: 2938

Re: OS upgrade Issue from version 6 to version 7

It was earlier in the v7 releases. I have reported some to support, they were acknowledged to exist. But I have never seen (or do not remember seeing) release notes lines that mention improvements. When I have time I will attempt another conversion of v6.49.10 to v7.12.1 with these config items and ...
by pe1chl
Fri Dec 01, 2023 10:42 am
Forum: RouterOS beta
Topic: OS upgrade Issue from version 6 to version 7
Replies: 22
Views: 2938

Re: OS upgrade Issue from version 6 to version 7

Read my posting above from Mon Jun 12, 2023 1:11 pm
That is what came out of my own tests of existing standard configuration for our clients. Maybe there is more.
Do you claim these were fixed?
by pe1chl
Thu Nov 30, 2023 11:24 am
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 69698

Re: v7.13beta [testing] is released!

Yeah, under "Lost features" it says: VLAN configuration in the wireless settings (Per-interface VLANs can be configured in bridge settings) but that really does not describe the full situation. It might seem a minor thing when described like that ("just one time move the VLAN you conf...
by pe1chl
Thu Nov 30, 2023 11:20 am
Forum: RouterOS beta
Topic: OS upgrade Issue from version 6 to version 7
Replies: 22
Views: 2938

Re: OS upgrade Issue from version 6 to version 7

Normis,
Do you think the conversion issues I described above are resolved in recent v7?
I have never seen change notes in versions claiming that they were.
Do I need to setup a test v6 and convert to v7.12.1 and reproduce them or can you show any other evidence?
by pe1chl
Thu Nov 30, 2023 11:16 am
Forum: General
Topic: Feature Request: Logging of all administrator user actions
Replies: 28
Views: 15678

Re: Feature Request: Logging of all administrator user actions

Yes indeed, the situation has improved a lot! It is now possible to log at least the majority of every config change to an external system, at least for auditing purposes. It still isn't complete enough to be able to synchronize routers (by doing the same change on a standby router) or to undo any c...
by pe1chl
Thu Nov 30, 2023 11:14 am
Forum: General
Topic: Strange switching behaviour for a packet with unknown MAC?
Replies: 4
Views: 370

Re: Strange switching behaviour for a packet with unknown MAC?

Yes it is required to work this way because some devices simply send no traffic at all for extended times, but still may need to be reached. E.g. when you have a network printer or other passively monitored device like a UPS, it will initially do DHCP but for the entire time of the lease it may send...
by pe1chl
Wed Nov 29, 2023 9:04 pm
Forum: Beginner Basics
Topic: First to Mikrotik v7 for BGP, GRE Tunnel Router
Replies: 1
Views: 242

Re: First to Mikrotik v7 for BGP, GRE Tunnel Router

Docs for version 7.x are here: https://help.mikrotik.com/docs/
Use search box to search for "routing", "bgp" etc.
by pe1chl
Wed Nov 29, 2023 9:02 pm
Forum: General
Topic: Strange switching behaviour for a packet with unknown MAC?
Replies: 4
Views: 370

Re: Strange switching behaviour for a packet with unknown MAC?

Yes, this is normal behavior. The first (unclear) description probably points to the fact that in RouterOS v7 the ARP table is not expired. So the router remembers indefinately (until reboot) what the MAC address was for a certain IP address. Then, when this MAC is not present in the bridge hosts ta...
by pe1chl
Tue Nov 28, 2023 7:30 pm
Forum: Announcements
Topic: v7.12.1 [stable] is released!
Replies: 243
Views: 62792

Re: v7.12.1 [stable] is released!

Instead it is often better to: - export config in v6 just in case - upgrade to v7 - export config in v7 - clear config or even better: netinstall v7 again, no default config - connect winbox on MAC address and open terminal, verify that config is empty (/export to terminal) - upload and /import the ...
by pe1chl
Tue Nov 28, 2023 11:20 am
Forum: Announcements
Topic: v7.12.1 [stable] is released!
Replies: 243
Views: 62792

Re: v7.12.1 [stable] is released!

Did someone else notice that at the moment IPsec-encrypted tunnels sometimes go down for a short while when the key lifetime is reached? In earlier versions the key renegotiation was seamless, but now e.g. a BGP over GRE/IPsec peer with BFD enabled will sometimes go down/up even when there is no iss...
by pe1chl
Mon Nov 27, 2023 5:03 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 69698

Re: v7.13beta [testing] is released!

How is that relevant in this situation? Nothing has been broken, upgrade is transparent. Just ignore the capsman menu, you will get used to it. (that was a reply to the confusing situation that now a device which uses the "wireless" driver has two different menus for wireless config) Well...
by pe1chl
Sun Nov 26, 2023 8:21 pm
Forum: Announcements
Topic: v7.12.1 [stable] is released!
Replies: 243
Views: 62792

Re: v7.12.1 [stable] is released!

Why can't you set it to "forced on" instead?
by pe1chl
Sat Nov 25, 2023 12:26 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 69698

Re: v7.13beta [testing] is released!

For every device in my network I have a winbox session open which I carefully configured with the windows opened that I like. Each with columns selected and set to the correct width. On a devices running 7.12 I have configured the "wireless" window to be open, tab "registration" ...
by pe1chl
Fri Nov 24, 2023 11:15 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 69698

Re: v7.13beta [testing] is released!

My use case is a lot simpler that that, no RADIUS, no user-manager, only 4 SSIDs connected to 4 bridges, each connected to different VLAN, having different firewall rules on main router (RB1100AHx4 in my case). I had that before, but the problem is it does not scale: for every new network you need ...
by pe1chl
Fri Nov 24, 2023 5:44 pm
Forum: Announcements
Topic: v7.12.1 [stable] is released!
Replies: 243
Views: 62792

Re: v7.12.1 [stable] is released!

Our CCR2004-16G-2S+ which ran fine with 7.11beta4 has now had two occurrences of "router was rebooted without proper shutdown by watchdog timer".
Did others see this as well? I have submitted a support ticket with supout.rif.
by pe1chl
Fri Nov 24, 2023 2:12 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 69698

Re: v7.13beta [testing] is released!

That was just an idea, considering that VLANs don't work on ac equipment. I can (and will) create some scripts to automate this for me, but that will be anything but "no configuration needed"... I don't think it is possible to write a script that creates the functionality of the old wirel...
by pe1chl
Thu Nov 23, 2023 7:28 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 69698

Re: v7.13beta [testing] is released!

We need some automatic solution for this, like for example: CAPsMAN should instruct CAP to create: VLAN on Discovery interface, bridge with new VLAN as one of the ports, Datapath going to this new bridge, SSID with new Datapath, all with some Comments or some other info so the CAP knows not to save...
by pe1chl
Thu Nov 23, 2023 2:03 pm
Forum: General
Topic: ARP entries building up
Replies: 23
Views: 3657

Re: ARP entries building up

When you have no special ARP entries you made yourself (static, published) but only entries that show up in the list as DC (with the occasional D) you can clear the entire table using:
/ip arp remove [ find ]
Then it will immediately re-build itself with what is minimally necessary at that moment.
by pe1chl
Wed Nov 22, 2023 9:33 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 69698

Re: v7.13beta [testing] is released!

oh, and one more thing. please give the same treatment to /tool/fetch currently it won't fall back to IPv6 if ipv4 is not available. i don't care if we don't get the full blown "happy eyeballs" algorithm - the routers i've seen til this day did not have eyes anyway - but if fetch would ha...
by pe1chl
Wed Nov 22, 2023 9:31 pm
Forum: General
Topic: ARP entries building up
Replies: 23
Views: 3657

Re: ARP entries building up

When you have lots of incomplete entries there is something that is scanning your network.
Try to get rid of that. Sometimes "autodiscover" options in certain devices or drivers do that.
(e.g. to find a printer on the network)
by pe1chl
Tue Nov 21, 2023 8:06 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 69698

Re: v7.13beta [testing] is released!

In v7.13beta2, NAT PMP logs are too verbose:
I hope this changes before the stable release.
When you don't like it, of course you can change your System->Logging configuration.
Just add !natpmp to the configuration of the info topic.
by pe1chl
Mon Nov 20, 2023 2:08 pm
Forum: Scripting
Topic: Use fetch wil create the File
Replies: 8
Views: 750

Re: Use fetch wil create the File

The manual is here: https://help.mikrotik.com/docs/display/ROS/Fetch
Try to read it.
by pe1chl
Sat Nov 18, 2023 1:04 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 69698

Re: v7.13beta [testing] is released!

This problem is only present on the RB4011, due to it's unfortunate design with different chip manufacturers for the 2GHz and 5GHz WiFi. Other models do not have that problem. In theory it could be fixed on the RB4011 because the 2 GHz WiFi happens to be on a plugin miniPCIe card inside the device. ...
by pe1chl
Sat Nov 18, 2023 11:30 am
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 69698

Re: v7.13beta [testing] is released!

Some old devices only want as low as WPA.
Start telling us about your devices that only support WEP!!
by pe1chl
Sat Nov 18, 2023 11:22 am
Forum: Forwarding Protocols
Topic: How in v7? Selectivity accept prefixes, not load the rest?
Replies: 12
Views: 1899

Re: How in v7? Selectivity accept prefixes, not load the rest?

What he (and others above) is worried about is that such a filter rule only prevents the route to become active. It is still put in the table but as "filtered". That takes up resources.
In v6 such filters would discard the route before it is being stored somewhere.
by pe1chl
Sat Nov 18, 2023 11:17 am
Forum: Scripting
Topic: Splitting/parsing variable data [SOLVED]
Replies: 21
Views: 12462

Re: Splitting/parsing variable data [SOLVED]

The data used is for learning use only.
Doesn't matter. What matters is the SOURCE of the data. Is it from a file or database you edit yourself or is it somehow imported from another system that you cannot fully trust. That is what matters.
by pe1chl
Fri Nov 17, 2023 10:33 pm
Forum: Announcements
Topic: v7.12.1 [stable] is released!
Replies: 243
Views: 62792

Re: v7.12 [stable] is released!

Any idea why PoE auto was removed for L009?
Most likely the hardware did not (reliably) support it...
by pe1chl
Fri Nov 17, 2023 10:33 pm
Forum: Scripting
Topic: Splitting/parsing variable data [SOLVED]
Replies: 21
Views: 12462

Re: Splitting/parsing variable data [SOLVED]

Remember that this is a recipe for "injection attacks" similar to the wellknown "SQL injection attacks" that are so often used to hack websites, online stores, etc., and also like using eval() to quickly parse JSON data into JavaScript. This can really only be used when the data ...
by pe1chl
Fri Nov 17, 2023 5:37 pm
Forum: Announcements
Topic: v7.12.1 [stable] is released!
Replies: 243
Views: 62792

Re: v7.12 [stable] is released!

For VRF, yes. But RouterOS can also policy-route depending on source address, incoming interface, or routing mark (assigned in firewall mangle rule).
This is often used for loadbalancing/failover or for overlay networks, where VRF is much too restrictive.
by pe1chl
Fri Nov 17, 2023 4:48 pm
Forum: Scripting
Topic: Splitting/parsing variable data [SOLVED]
Replies: 21
Views: 12462

Re: Splitting/parsing variable data [SOLVED]

Normally the reason to use some separator is because it is known that this separator cannot occur in the data. I often use <TAB> but in this case apparently | was chosen. I would not want to change all | to , and then use :toarray, it may well be that some fields between the | separators can have , ...
by pe1chl
Fri Nov 17, 2023 3:40 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 69698

Re: v7.13beta [testing] is released!

Are you aware of (and working on) problems with the bridge, maybe only in devices with more than one switch chip?
I am experiencing an issue with VLAN-filtering bridge on the RB4011 where devices on untagged ethernet ports (member of a VLAN) get no address from DHCP. See above.
by pe1chl
Fri Nov 17, 2023 3:02 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 69698

Re: v7.13beta [testing] is released!

what tool you use to do that? (showed on screenshot) I have a perl script that exports from devices every night and then shows me a diff when something has changed. The output is that of Text::Diff::FormattedHTML from CPAN. The grey blob in the middle was just a quick way to cover some parts of the...
by pe1chl
Fri Nov 17, 2023 2:35 pm
Forum: General
Topic: Seen this? DHCP Server logs client declines IP several times a second?
Replies: 12
Views: 7892

Re: Seen this? DHCP Server logs client declines IP several times a second?

That is normal. Extenders can only be added to a WiFi network when they are from the same manufacturer as the original Access Point.
(and of course correctly configured)
by pe1chl
Fri Nov 17, 2023 11:19 am
Forum: Wireless Networking
Topic: Bridge filtering client-to-client traffic
Replies: 13
Views: 1221

Re: Bridge filtering client-to-client traffic

The reason I configured it as above is that I do not want a virtual AP for every usage. That just doesn't scale. Every extra virtual AP takes radio time sending beacons at the lowest rate. My solution uses only a single AP, and tags each client with a different VLAN tag so they remain separated in t...
by pe1chl
Thu Nov 16, 2023 5:52 pm
Forum: General
Topic: Multiple ARP entries for the same MAC
Replies: 16
Views: 2879

Re: Multiple ARP entries for the same MAC

- turn off "Conflict Detection" in the DHCP server
- make the lease for the problematic device static (click the entry in "DHCP Leases" and click "Make Static"
by pe1chl
Thu Nov 16, 2023 3:50 pm
Forum: Announcements
Topic: v7.12.1 [stable] is released!
Replies: 243
Views: 62792

Re: v7.12 [stable] is released!

My RB4011 on firmware 7.12 reboot random from 45m to 3 ir 6 hours, on firmware 7.11.2 works fine.!!! Can anyone help ir a clue, no messages on logs nothing .... Just reboots. My RB4011 runs fine in 7.12 What are the first 5 messages after boot? When you no longer can see these because there are a l...
by pe1chl
Thu Nov 16, 2023 2:31 pm
Forum: Wireless Networking
Topic: Bridge filtering client-to-client traffic
Replies: 13
Views: 1221

Re: Bridge filtering client-to-client traffic

Well, yes. Say you want to have all your LED lamps with their controller in a network where they can talk to eachother and to internet, but not to your PC or TV or whatever, then you put all those devices in a VLAN and just have forwarding (between WiFi devices) enabled. Then there is no need for br...
by pe1chl
Thu Nov 16, 2023 10:40 am
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 69698

Re: v7.13beta [testing] is released!

After installing 7.13Beta2 on my CRS Switches (1x CRS326-24S+2Q+, 2x CRS328-24P-4S+, 2x CRS326-24G-2S+) the IPv6 Prefixes from all VLANs were propagated in all networks. It may be related to the trouble I have with DHCP? Maybe multicasting is fouled up in the VLAN-filtering bridge. I may add that i...
by pe1chl
Thu Nov 16, 2023 10:35 am
Forum: Announcements
Topic: v7.12.1 [stable] is released!
Replies: 243
Views: 62792

Re: v7.12 [stable] is released!

cisco gives a definitive result which mirrors the routers routing decision rather then MTs version of "hey i got these routes which MIGHT could be used to route your asked DST" a "show" cmd. to reflect the routers routing decision to the current FDB would be great. Unfortunately...
by pe1chl
Wed Nov 15, 2023 8:54 pm
Forum: Announcements
Topic: v7.12.1 [stable] is released!
Replies: 243
Views: 62792

Re: v7.12 [stable] is released!

Just look at the 7.13beta1 changelog: *) ovpn - improved memory allocation during key-renegotiation; Am I the only one with conclusion, that MikroTik programmers are reimplementing existing code? I have such fears for years now. If they would be taking the original OpenVPN source code, then they wo...
by pe1chl
Wed Nov 15, 2023 2:04 pm
Forum: Wireless Networking
Topic: Bridge filtering client-to-client traffic
Replies: 13
Views: 1221

Re: Bridge filtering client-to-client traffic

On my network I use VLAN tagging depending on MAC address. Could use WPA2-EAP but IoT devices usually do not support it. So I have setup MAC-authentication (and accounting) via RADIUS, installed user-manager and made user entries for each MAC address, and created User Groups with the appropriate Att...
by pe1chl
Wed Nov 15, 2023 1:47 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 69698

Re: v7.13beta [testing] is released!

Let us call this "luck" this time. But it would not be correct for everyone to post their findings here and assume that there is a bug and scare away others. When in the end, the issue for a particular user had nothing to do with the release/software. That is our goal - to not scare away ...
by pe1chl
Wed Nov 15, 2023 1:21 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 69698

Re: v7.13beta [testing] is released!

I have upgraded from 7.12 but I had to revert: several devices on my network did not get addresses from DHCP anymore. These were all ethernet-connected devices on different VLANs on a VLAN-filtering bridge. The bridge has protocol-mode=none (no STP) but I notice that in the export I made when runnin...
by pe1chl
Wed Nov 15, 2023 1:14 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 69698

Re: v7.13beta [testing] is released!

*) disk - fixed hang on reboot when network file systems mounted; That is interesting! Strods says 'Please remember that actual "bugs" must be reported to support@mikrotik.com complemented with logs, supout files, etc.' above. I reported this bug both on the 7.12 topic and as a ticket, an...
by pe1chl
Wed Nov 15, 2023 1:13 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 69698

Re: v7.13beta [testing] is released!

That is interesting! Strods says 'Please remember that actual "bugs" must be reported to support@mikrotik.com complemented with logs, supout files, etc.' above. @pe1chl, do I understand you correctly that you're complaining about MT fixing a bug which was not properly reported (and you'd ...
by pe1chl
Wed Nov 15, 2023 12:32 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 69698

Re: v7.13beta [testing] is released!

*) disk - fixed hang on reboot when network file systems mounted; That is interesting! Strods says 'Please remember that actual "bugs" must be reported to support@mikrotik.com complemented with logs, supout files, etc.' above. I reported this bug both on the 7.12 topic and as a ticket, an...
by pe1chl
Wed Nov 15, 2023 12:25 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 69698

Re: v7.13beta [testing] is released!

In my experience, you can sometimes gain a little space on those 16MB flash devices especially when in the past you have done a lot of upgrading (especially when it was originally delivered with RouterOS v6) or you have done a lot of configuration experiments that you have later removed. In this cas...
by pe1chl
Tue Nov 14, 2023 8:55 pm
Forum: RouterBOARD hardware
Topic: Is Utilization of RouterBoards as 1Gbps RF signal processor possible?
Replies: 5
Views: 475

Re: Is Utilization of RouterBoards as 1Gbps RF signal processor possible?

What you need is covered more by devices like ADALM PLUTO(+) or Red Pitaya...
I saw a mention of a Chinese clone of the PLUTO+. The cost is around 300 euro.
Your reaction may be "way too much!!" but realize that it would have cost much more not so long ago.
by pe1chl
Tue Nov 14, 2023 8:32 pm
Forum: Forwarding Protocols
Topic: IS-IS
Replies: 120
Views: 45291

Re: IS-IS

It is possible to make it easier in eBGP by using options like "redistribute connected". Of course it should be avoided but in such a limited environment it can be used. Whether IP management is an extra burden depends on the underlying VPN. Of course when you use an L2 VPN it is, but I no...
by pe1chl
Tue Nov 14, 2023 8:27 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 69698

Re: v7.13beta [testing] is released!

I think a lot of the confusion and difficulty with packages could be solved when the /system/package window is extended with a tab that shows all available but currently not installed packages, and a button to download them for installation at next reboot. This should be easy to do (at least in any ...
by pe1chl
Tue Nov 14, 2023 8:07 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 69698

Re: v7.13beta [testing] is released!

This means to me that I can only have one VLAN per WLAN Interface ? I hope, that limitation will not stay for long. I was so happy until now for the life extension for my CAP ACs, but this is a huge limitation. Indeed, that is not good! In my current network (still running classic wireless) I have ...
by pe1chl
Tue Nov 14, 2023 8:03 pm
Forum: Forwarding Protocols
Topic: IS-IS
Replies: 120
Views: 45291

Re: IS-IS

When you are just looking for a routing protocol that can do routing in a MikroTik environment, e.g. for VPN, you can just as well use eBGP.
It works quite well and is easy to configure (although in v7 not as easy as in v6). Once you get the hang of it, you get it working in 5 minutes.
by pe1chl
Tue Nov 14, 2023 11:52 am
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 69698

Re: v7.13beta [testing] is released!

RouterOS consists of things that many people don't use. Even in Windows you have menus you can't use. At least on Windows you can install and uninstall drivers for different hardware independently, so that you are not confronted with "when you install the driver for this 5 GHz radio, your 2 GH...
by pe1chl
Tue Nov 14, 2023 11:11 am
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 69698

Re: v7.13beta [testing] is released!

Wifi menu is included in the bundle as described in changelog. All routers will have "WifiI" menu. You can not run router without system (a.k.a. bundle) package. "our" suggestion was that you move the WiFi menu and associated software into a separate package as well, so that it ...
by pe1chl
Mon Nov 13, 2023 8:20 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 69698

Re: v7.13beta [testing] is released!

Just curious, since I think this release says both versions of wireless and wifi (formerly wave2) are now supported side by side, why can't the 2ghz radio continue to operate on the older driver and the 5ghz radio operate on the new driver? It would seem that to be the ideal balance of support &...
by pe1chl
Mon Nov 13, 2023 8:13 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 69698

Re: v7.13beta [testing] is released!

There is no "pipe" as it the CLI isn't a Bourne-based shell, that part is to be expected... That's a question of a few lines code :-) The biggest advantage is that you can attach "| grep" to any command, which is more pleasant than surround a grep string around the command. Yeah...
by pe1chl
Mon Nov 13, 2023 7:42 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 69698

Re: v7.13beta [testing] is released!

But I would have guess the command is: :grep [/interface/print as-value] pattern=".*" but that actually causes the console to CRASH — with the ".*", just using "." works without a crash. Ignoring the ".*" crash, :grep is still pretty funky in how it work AFAI...
by pe1chl
Mon Nov 13, 2023 7:35 pm
Forum: Announcements
Topic: v7.13beta [testing] is released!
Replies: 467
Views: 69698

Re: v7.13beta [testing] is released!

I don't think it's a good idea to automatically install wireless package on chr. Having multiple WiFi / Wireless menus in winbox after installing the wireless package is extremely confusing. It seems what is happening here is that "wireless" was part of the "routeros" package in...
by pe1chl
Mon Nov 13, 2023 5:50 pm
Forum: Announcements
Topic: v7.12.1 [stable] is released!
Replies: 243
Views: 62792

Re: v7.12 [stable] is released!

Of course he did not read what I wrote. I wrote "It is best to update the firmware once after purchase of the device" so you won't have ancient firmware.
by pe1chl
Mon Nov 13, 2023 3:13 pm
Forum: Announcements
Topic: v7.12.1 [stable] is released!
Replies: 243
Views: 62792

Re: v7.12 [stable] is released!

Can Mikrotik add a flag to reboot the router automatically just after software + firmware upgrade ? Like: /system routerboard settings set auto-upgrade-reboot=yes This will have the advantage of having only one down time (and only one operation) for the cost of a small extra down time. In productio...
by pe1chl
Fri Nov 10, 2023 9:05 pm
Forum: General
Topic: CCR2004-16G-2S+ cold weather performance
Replies: 4
Views: 409

Re: CCR2004-16G-2S+ cold weather performance

Maybe when there is not much air circulation it will keep itself warm enough...
We have one in the server room (airconditioned) and its CPU runs at 54C even though the fans run at 4800 rpm.
by pe1chl
Fri Nov 10, 2023 9:02 pm
Forum: RouterBOARD hardware
Topic: MIKROTIK RB5009UG+S+IN DC Pin Power Failure [SOLVED]
Replies: 7
Views: 792

Re: MIKROTIK RB5009UG+S+IN DC Pin Power Failure [SOLVED]

Maybe your external power has + connected to case and the router has - connected to case?
by pe1chl
Thu Nov 09, 2023 7:01 pm
Forum: Announcements
Topic: v7.12.1 [stable] is released!
Replies: 243
Views: 62792

Re: v7.12 [stable] is released!

Researching the "hang during reboot" problem (when upgrading) again, I now found that this is the way to reproduce it: - have rose-storage and user-manager packages installed - add an nfs mount using a command like this: /disk add nfs-address=192.168.1.3 nfs-share=/local/mikrotik slot=nfs ...
by pe1chl
Wed Nov 08, 2023 6:46 pm
Forum: Announcements
Topic: v7.12rc is released!
Replies: 225
Views: 84018

Re: v7.12rc is released!

... and of course it will very likely ship with wellknown easy-to-fix bugs.
at some time a release has to be made.
by pe1chl
Wed Nov 08, 2023 2:54 pm
Forum: Announcements
Topic: v7.12rc is released!
Replies: 225
Views: 84018

Re: v7.12rc is released!

yes, till 7.12rc126 :)
I guess there is more than enough room for SFP fixes :-)
by pe1chl
Wed Nov 08, 2023 11:20 am
Forum: General
Topic: RB3011 / ROS 7.2.1 perfomance issues
Replies: 42
Views: 11537

Re: RB3011 / ROS 7.2.1 perfomance issues

Well, you are saying "I'm planning to buy a RB3011" and that is just a bad idea in general, independently from this or another problem.
by pe1chl
Wed Nov 08, 2023 11:17 am
Forum: General
Topic: IPsec Dead Peer Detection Best Practice
Replies: 7
Views: 11989

Re: IPsec Dead Peer Detection Best Practice

Sorry but my memory is not that good (anymore)...
by pe1chl
Tue Nov 07, 2023 2:52 pm
Forum: Scripting
Topic: Auto Fail over BGP Peers and ports
Replies: 6
Views: 551

Re: Auto Fail over BGP Peers and ports

Indeed. And he has 6.48.6 so it isn't an issue.
by pe1chl
Tue Nov 07, 2023 12:28 pm
Forum: Scripting
Topic: Auto Fail over BGP Peers and ports
Replies: 6
Views: 551

Re: Auto Fail over BGP Peers and ports

Or even better, BFD. It was made for this purpose.
by pe1chl
Tue Nov 07, 2023 11:32 am
Forum: General
Topic: How to replace fast Mikrotik devices in case of failure
Replies: 9
Views: 1155

Re: How to replace fast Mikrotik devices in case of failure

Sure I did that! On our more complex installations, I am using a bridge for every "functional" connection, which contains only a single port as a member and has fast-forward enabled. Like one for LAN, one or more for fiber internet connections, etc. All configuration is done on those bridg...
by pe1chl
Tue Nov 07, 2023 11:25 am
Forum: Announcements
Topic: v7.12rc is released!
Replies: 225
Views: 84018

Re: v7.12rc is released!

almost no changes.... :) Stable release is behind corner :)
Are you sure? There definitely is another bug in SFP... it seems that they are doing whack-a-mole there.
by pe1chl
Mon Nov 06, 2023 4:40 pm
Forum: General
Topic: How to replace fast Mikrotik devices in case of failure
Replies: 9
Views: 1155

Re: How to replace fast Mikrotik devices in case of failure

Based on these last details, could you please tell me if there is any flaw in this hypothetical procedure: 1) Both Mikrotiks (Primary and spare) are turned on. 2) All the cables are connected to the Primary. Spare unit has only a lan cable, in this way I can give a secondary IP to it and monitor it...
by pe1chl
Sun Nov 05, 2023 3:14 pm
Forum: Beginner Basics
Topic: Bug/Improvement suggestion - Lost connection to Winbox
Replies: 11
Views: 1070

Re: Bug/Improvement suggestion - Lost connection to Winbox

I agree that QuickSet is sort of suggesting more features than it really has, and ought to be disabled after its first use. It is easy to view it as an "easy control panel" to configure the router without using all those complicated menus, but in reality it isn't. The MikroTik products req...
by pe1chl
Sun Nov 05, 2023 3:09 pm
Forum: Wireless Networking
Topic: Device connected to tplink repeater not getting ip's from Mikrotik DHCP [SOLVED]
Replies: 3
Views: 710

Re: Device connected to tplink repeater not getting ip's from Mikrotik DHCP [SOLVED]

This is normal. In the WiFi world (this is NOT a MikroTik-specific problem) you cannot combine access points and repeaters from different manufacturers.
by pe1chl
Sun Nov 05, 2023 3:07 pm
Forum: General
Topic: What is this traffic?
Replies: 2
Views: 449

Re: What is this traffic?

To understand what the traffic is, do a packet sniffer with output to a file, download the file, and load it in "wireshark" on your computer.
That will show all fields with the deciphering knowledge of wireshark.

But I think it is MQTT. That is a protocol used by Home Assistant.
by pe1chl
Sat Nov 04, 2023 10:58 am
Forum: RouterOS beta
Topic: Feature Request : IPv6 Fasttrack
Replies: 168
Views: 45464

Re: Feature Request : IPv6 Fasttrack

Of course this (the above) is also a lesson learned by MikroTik, and likely the reason why such things are not incorporated that quickly anymore. See how it went with the long release delay of RouterOS v7 (updating the heavily patched Linux kernel was a major effort), and what is happening now with ...
by pe1chl
Fri Nov 03, 2023 6:45 pm
Forum: General
Topic: Feature requests
Replies: 1644
Views: 528910

Re: Feature requests

+1 too. The "Use IPSec" checkbox is so handy, just limited today – a profile selector be useful . I just add equally or more useful on EoIP too. Yes, of course when that is implemented for GRE/IPsec it should be added for *all* cases where automatic IPsec config is possible. (IPIP/IPsec, ...
by pe1chl
Fri Nov 03, 2023 6:41 pm
Forum: General
Topic: Feature requests
Replies: 1644
Views: 528910

Re: Feature requests

Why is this then not working? [xxxxx@yyyyy] /ip firewall address-list> print where list=TEST Flags: X - disabled, D - dynamic # LIST ADDRESS CREATION-TIME TIMEOUT 0 TEST play.google.com nov/03/2023 15:43:46 1 D ;;; play.google.com TEST 172.217.16.78 nov/03/2023 16:28:30 2 TEST www.google.com nov/03...
by pe1chl
Fri Nov 03, 2023 4:16 pm
Forum: General
Topic: Feature requests
Replies: 1644
Views: 528910

Re: Feature requests

We need wildcard searching (*) in address-list searches: [xxxxx@yyyyy] /ip firewall address-list> add list=TEST address=192.168.128.3 [xxxxx@yyyyy] /ip firewall address-list> add list=TEST address=192.168.128.0/24 [xxxxx@yyyyy] /ip firewall address-list> print where address=192.168.128 .* Flags: X ...
by pe1chl
Fri Nov 03, 2023 4:15 pm
Forum: General
Topic: Feature requests
Replies: 1644
Views: 528910

Re: Feature requests

+1! It would be great to be able to select a profile other than default (but I see exchange mode is not part of the profile) It would be great when these settings would be moved into the profile, e.g. also "passive". how would you like to move phase1 settings to phase2 around or vice-vers...
by pe1chl
Fri Nov 03, 2023 1:45 pm
Forum: General
Topic: How to replace fast Mikrotik devices in case of failure
Replies: 9
Views: 1155

Re: How to replace fast Mikrotik devices in case of failure

It is not easy. For most solutions you would need to make double configuration change anyway... When you don't, you will not be able to plug the new router into the network and have it work immediately. In our network I have a spare router (the previuous one used for production) and I regularly expo...
by pe1chl
Fri Nov 03, 2023 11:36 am
Forum: General
Topic: Feature requests
Replies: 1644
Views: 528910

Re: Feature requests

+1! It would be great to be able to select a profile other than default (but I see exchange mode is not part of the profile)
It would be great when these settings would be moved into the profile, e.g. also "passive".
by pe1chl
Fri Nov 03, 2023 11:24 am
Forum: The User Manager
Topic: userman not available in 7.2.3
Replies: 10
Views: 4135

Re: userman not available in 7.2.3

There is a user manager in v7 but it really is a different thing.
More useful for me, less useful in other scenarios.
by pe1chl
Thu Nov 02, 2023 11:03 am
Forum: The Dude
Topic: Is too much to ask for Dude x64 windows client?
Replies: 24
Views: 4425

Re: Is too much to ask for Dude x64 windows client?

Did you not read the text is showed?
by pe1chl
Wed Nov 01, 2023 10:02 pm
Forum: Wireless Networking
Topic: hap ax3/ax2 with jumbo frames
Replies: 6
Views: 666

Re: hap ax3/ax2 with jumbo frames

Indeed. So when you want WiFi to work and also jumbo frames on ethernet you will have to set it up so the WiFi is not part of (the same) bridge. That will add an extra routing hop for your WiFi and the MTU can be different.
by pe1chl
Wed Nov 01, 2023 8:33 pm
Forum: Wireless Networking
Topic: hap ax3/ax2 with jumbo frames
Replies: 6
Views: 666

Re: hap ax3/ax2 with jumbo frames

The wifiwave2 driver does not support MTU over 1500 bytes, that is why it keeps dropping back.
With only ethernet it would probably work fine.
(WiFi does not support jumbo frames)
by pe1chl
Wed Nov 01, 2023 6:39 pm
Forum: The Dude
Topic: Is too much to ask for Dude x64 windows client?
Replies: 24
Views: 4425

Re: Is too much to ask for Dude x64 windows client?

On Linux, you can install the i386 libs and 32-bit wine. Now...for Intel-based Mac, wine wouldn't work with 32-bit Dude. Must be CrossOver wine, it can run 32bit applications with emulation on 64bit CrossOver wine No idea, when installing wine64 on Debian Linux (64-bit) and using it to run winbox64...
by pe1chl
Wed Nov 01, 2023 6:24 pm
Forum: General
Topic: Manual DNS bypasses the Pihole - force redirect to pihole
Replies: 10
Views: 908

Re: Manual DNS bypasses the Pihole - force redirect to pihole

except: if some client set the DNS server manually it bypass the pihole Once you have fixed that, some client will not use the DNS protocol on TCP/UDP port 53, but instead will use DoH or DoT. Or when you have a client that does not like your limitations, they will just setup a VPN and send everyth...
by pe1chl
Wed Nov 01, 2023 6:01 pm
Forum: Announcements
Topic: v7.12rc is released!
Replies: 225
Views: 84018

Re: v7.12rc is released!

Hold on, you're right, it is just webfig traffic. I thought it was total traffic, which be okay. But not sure what webfig traffic usage shows... It shows how much traffic it takes to display and update the page you are viewing in webfig. For some pages that is almost zero, because they are just sta...
by pe1chl
Wed Nov 01, 2023 2:06 pm
Forum: Beginner Basics
Topic: port forwarding not working on RB3011
Replies: 8
Views: 1053

Re: port forwarding not working on RB3011

The default firewall already blocks everything from WAN except port forwarded traffic . He chose to modify that, and now he has trouble. Lesson: when you do not understand how it works, and you modify it, it may break. This is the rule as it is by default: /ip firewall filter add chain=forward actio...
by pe1chl
Wed Nov 01, 2023 1:40 pm
Forum: General
Topic: Issue with ARP in a bridge
Replies: 4
Views: 1079

Re: Issue with ARP in a bridge

I recommend you to use netinstall to install the current version of RouterOS (6.49.10 when you want to remain on v6 or otherwise 7.11.2) and then reconfigure your router by pasting the export into a command prompt section by section. Or even better by manually configuring again what you really need ...
by pe1chl
Wed Nov 01, 2023 1:37 pm
Forum: General
Topic: IPsec IKEv2 and multiple traffic selectors per SA
Replies: 4
Views: 2131

Re: IPsec IKEv2 and multiple traffic selectors per SA

I used a similar scheme with multiple prefixes in the traffic selector quite widely. But, of course, StrongSwan acted as both server and client. (Linux servers). And there were no problems with this. More precisely, in IKEv2 mode Mikrotik only accepts the first prefix in the traffic selector. But i...
by pe1chl
Wed Nov 01, 2023 1:30 pm
Forum: Beginner Basics
Topic: port forwarding not working on RB3011
Replies: 8
Views: 1053

Re: port forwarding not working on RB3011

Study the packet flow to understand that. Or do not add rules to the default firewall before you understand what they do.

https://help.mikrotik.com/docs/display/ ... n+RouterOS
by pe1chl
Wed Nov 01, 2023 11:49 am
Forum: Announcements
Topic: v7.12rc is released!
Replies: 225
Views: 84018

Re: v7.12rc is released!

These values are there for a purpose. Is there a problem with them? I presume these figures are the TX/RX rate of the connection with webfig. People probably assume these are the global TX/RX rate of the router (same as was on the LCD back in the old days)? Anyway, how important is that "purpo...
by pe1chl
Wed Nov 01, 2023 11:41 am
Forum: Forwarding Protocols
Topic: Multiple Peer sessions on the same IP address problem [SOLVED]
Replies: 10
Views: 4096

Re: Multiple Peer sessions on the same IP address problem [SOLVED]

You are replying to a very old topic, and things have changed a lot since then.
I would not know if that still works.
by pe1chl
Wed Nov 01, 2023 11:35 am
Forum: General
Topic: How to limit number of connection per local/public ip?
Replies: 5
Views: 781

Re: How to limit number of connection per local/public ip?

You say you control 200 proxies.
Configure IN THOSE PROXIES what the maximum number of connections is.
by pe1chl
Wed Nov 01, 2023 11:33 am
Forum: Beginner Basics
Topic: ROS Documentation
Replies: 6
Views: 790

Re: ROS Documentation

In case it was not clear yet: the bridge is not between internet and your local network. It is between the ports that you assign to your local network, usually all ports you do not use for internet or other purposes, and the WiFi interfaces (if any). In the current version of RouterOS it is like the...
by pe1chl
Tue Oct 31, 2023 4:34 pm
Forum: Beginner Basics
Topic: ROS Documentation
Replies: 6
Views: 790

Re: Literally the first sentence in ROS Documentation

I am now setting up a new Mikrotik router and it is telling me to set up a bridge first thing, this just makes absolutely no sense to me as I thought the point of a bridge was to link different networking equipment together? Not just to create a dhcp network, the documentation doesn't say why it wa...
by pe1chl
Mon Oct 30, 2023 7:03 pm
Forum: Announcements
Topic: v7.12rc is released!
Replies: 225
Views: 84018

Re: v7.12rc is released!

Noted after installation (do no know how long it exists as I just changed IPv6 settings) that when you have IPv6 enabled but IPv6 routing disabled, the IPv6 forward chain gets hit with multicast packets from the local network, as if it wants to forward them. I've put that drop rule with log into 7....
by pe1chl
Mon Oct 30, 2023 1:58 pm
Forum: Forwarding Protocols
Topic: BGP: Whats the difference between these two commands?
Replies: 8
Views: 677

Re: BGP: Whats the difference between these two commands?

I think it v6 it worked both ways which is of course a bit silly... "in" suggests that the network on the left is smaller (or same size) than the network on the right.
by pe1chl
Mon Oct 30, 2023 11:52 am
Forum: Announcements
Topic: v7.12rc is released!
Replies: 225
Views: 84018

Re: v7.12rc is released!

Noted after installation (do no know how long it exists as I just changed IPv6 settings) that when you have IPv6 enabled but IPv6 routing disabled, the IPv6 forward chain gets hit with multicast packets from the local network, as if it wants to forward them. /ipv6 settings set forward=no /ipv6 firew...
by pe1chl
Mon Oct 30, 2023 11:48 am
Forum: Forwarding Protocols
Topic: BGP: Whats the difference between these two commands?
Replies: 8
Views: 677

Re: BGP: Whats the difference between these two commands?

No.
The first one is "is the room in you" and the second one is "are you in the room".
by pe1chl
Mon Oct 30, 2023 11:29 am
Forum: General
Topic: How to limit number of connection per local/public ip?
Replies: 5
Views: 781

Re: How to limit number of connection per local/public ip?

Why don't you solve the problem where it occurs: in the proxies ?
by pe1chl
Mon Oct 30, 2023 11:28 am
Forum: Forwarding Protocols
Topic: BGP: Whats the difference between these two commands?
Replies: 8
Views: 677

Re: BGP: Whats the difference between these two commands?

The second version is the correct one. The first one does not make sense.
by pe1chl
Sun Oct 29, 2023 12:42 pm
Forum: Announcements
Topic: v7.12rc is released!
Replies: 225
Views: 84018

Re: v7.12rc is released!

However, different wireless drivers do interact with passing frames beyond basic MAC addressing and some drivers might burp on frames they don't recognize. I think the problem is that the drivers have to do some kind of workaround to replace ARP. The WiFi has the same MAC for all clients, but they ...
by pe1chl
Sun Oct 29, 2023 12:34 pm
Forum: General
Topic: ROUTEROS 7 BGP network announcement issue
Replies: 22
Views: 3629

Re: ROUTEROS 7 BGP network announcement issue

When my routing table is empty, the default route is announced immediately, which means that my configuration is good (maybe not optimal, but it works). When my routing table is full, I run into problems. I've been so irritated by the situation that I've made all the combinations you mentioned befo...
by pe1chl
Sat Oct 28, 2023 4:38 pm
Forum: RouterBOARD hardware
Topic: hAPax2 RAM size 1GB or 128MB ?
Replies: 18
Views: 1915

Re: hAPax2 RAM size 1GB or 128MB ?

It doesn't really matter. To continue to work in the wifiwave2 era, the hAP ac2 would need to have more flash as well.
by pe1chl
Sat Oct 28, 2023 12:33 pm
Forum: General
Topic: ROUTEROS 7 BGP network announcement issue
Replies: 22
Views: 3629

Re: ROUTEROS 7 BGP network announcement issue

When you want to keep your routing table fully populated from uplinks but want to send only default route to clients, it is probably best to run different instances (templates) for them.
by pe1chl
Sat Oct 28, 2023 11:35 am
Forum: Beginner Basics
Topic: DNS Server
Replies: 3
Views: 516

Re: DNS Server

It thurns out that mikrotik doesnt like one word domains as static. # NAME REGEXP TYPE ADDRESS TTL 0 X ;;; defconf router.lan 192.168.1.1 1d 1 mobilesvr 192.168.1.150 1w3d 2 mobilesvr.lan 192.168.1.150 1w3d dig 'mobilesvr.lan' returns 192.168.1.150 dig 'mobilesvr' returns SERVFAIL I cannot confirm ...
by pe1chl
Sat Oct 28, 2023 11:02 am
Forum: Announcements
Topic: v7.12rc is released!
Replies: 225
Views: 84018

Re: v7.12rc is released!

I don't really get all this tagged/untagged discussion. The 802.11 frame header has no place for a VLAN ID, so, technically, wifi interfaces are never tagged. Well 802.11 standard frame has no space for a VLAN tag, and only has space for 3 MAC addresses. But MT with WLAN driver "AP bridge"...
by pe1chl
Sat Oct 28, 2023 10:53 am
Forum: General
Topic: LHG 5 ac
Replies: 6
Views: 1041

Re: LHG 5 ac

Those are garbage, don't buy them!
No, I think we will see an AX model in the (near?) future...
by pe1chl
Fri Oct 27, 2023 3:16 pm
Forum: Announcements
Topic: v7.12rc is released!
Replies: 225
Views: 84018

Re: v7.12rc is released!

When you need fixes you can just as well install an RC version. At some point in time the version will change to 7.12 and it is still the same software.
by pe1chl
Fri Oct 27, 2023 10:59 am
Forum: General
Topic: Seamless Wi-Fi Roaming with Mikrotik Hotspot
Replies: 6
Views: 675

Re: Seamless Wi-Fi Roaming with Mikrotik Hotspot

The method you have will work, but you need to increase the "maximum number of connections" ("shared users") to something higher than 1. Even when you do not want that.
by pe1chl
Fri Oct 27, 2023 10:56 am
Forum: Announcements
Topic: v7.11.2 [stable] is released!
Replies: 348
Views: 151060

Re: v7.11.2 [stable] is released!

Likely you can still view the routing table in the Snmp tab, if that is an option.
Except when you have multiple routing tables, then SNMP retrieval of routes will fail in v7.
by pe1chl
Thu Oct 26, 2023 10:33 pm
Forum: General
Topic: VPN get disconnected when LTE interface is UP
Replies: 4
Views: 561

Re: VPN get disconnected when LTE interface is UP

Well of course in the typical setup where the normal WAN and the LTE both get their IP and default gateway using some dynamic mechanism (like PPPoE or DHCP) it can easily happen that adding another uplink kills the first one. You need to configure the routing in such a way that the different "d...
by pe1chl
Thu Oct 26, 2023 10:24 pm
Forum: General
Topic: port forwarding specific domain / hostname
Replies: 5
Views: 641

Re: port forwarding specific domain / hostname

... so you want to explain the visitors of https://test456.com/ "no, you must not enter that, you must enter https://test456.com:4443/ ??? And when they forget the :4443 then they get "warning! invalid certficate! someone may be eavesdropping on you!!" ?? Good luck with that. No, it i...
by pe1chl
Thu Oct 26, 2023 10:20 pm
Forum: General
Topic: External FTP server download error
Replies: 5
Views: 639

Re: External FTP server download error

Isn't it time by now (2023) that you abandon the use of FTP?
by pe1chl
Thu Oct 26, 2023 10:19 pm
Forum: General
Topic: Seamless Wi-Fi Roaming with Mikrotik Hotspot
Replies: 6
Views: 675

Re: Seamless Wi-Fi Roaming with Mikrotik Hotspot

You will need newer equipment for that. The new devices that support 802.11k/r/v can do roaming without re-authenticating, but the older devices cannot and it will not be added. However, even with this roaming you still can run into the situation where a user re-authenticates because their device be...
by pe1chl
Thu Oct 26, 2023 6:43 pm
Forum: General
Topic: l2tp tunnel that was working suddenly stops
Replies: 2
Views: 584

Re: l2tp tunnel that was working suddenly stops

Are these to another MikroTik router that you manage, or to some outside VPN service?
by pe1chl
Thu Oct 26, 2023 5:02 pm
Forum: General
Topic: How to upgrade to 2.5GbE + RB4011iGS+RM suitable?
Replies: 2
Views: 554

Re: How to upgrade to 2.5GbE + RB4011iGS+RM suitable?

In such cases it depends on what you actually expect. When a single client has to be able to setup a single connection and it has to be 2.5 Gbps the options are far more limited than when you expect 1 Gbps to each client but several clients together can add up to 2.5 Gbps. Also, you will almost alwa...
by pe1chl
Thu Oct 26, 2023 4:56 pm
Forum: General
Topic: Second gateway for specific computer
Replies: 2
Views: 500

Re: Second gateway for specific computer

Hi there, On a MikroTik CCR1016-12S-11S+ which runs RouterOS 7.6 I need to configure a second gateway only for a specific computer from my network. Currently I have tried several things I read in the Forums, but none of them worked. I tried Mangle prerouting as well, but without luck. Other posts w...
by pe1chl
Thu Oct 26, 2023 1:54 pm
Forum: RouterBOARD hardware
Topic: 4011
Replies: 2
Views: 717

Re: 4011

It is not that clear cut. When you have a card from another manufacturer with a chipset that is also used in other MikroTik devices, it can just work.
In fact I have suggested that this may be a solution to have both 2 GHz and 5 GHz WiFi with wifiwave2 on the 4011.
by pe1chl
Thu Oct 26, 2023 11:21 am
Forum: General
Topic: Locked out of CCR1009-7G-1C-PC router, possibly hacked
Replies: 4
Views: 833

Re: Locked out of CCR1009-7G-1C-PC router, possibly hacked

It is really very common that when first using netinstall (or when using it while in distress) one simply cannot get it to work. Besides the mistake that you made in this case, it generally is a picky program that will fail on many system configurations. It is always advisable to do a rehearsal of a...
by pe1chl
Thu Oct 26, 2023 11:18 am
Forum: Beginner Basics
Topic: Question about temperature, 62 C 0 63 C
Replies: 11
Views: 1922

Re: Question about temperature, 62 C 0 63 C

The "cpu temperature" is a temperature measured on the CPU chip itself, and it is always quite a lot higher than any temperature you would measure with a sensor on the board or on the outside of the package. 62c is not unreasonably high. That being said, it never hurts to have some additio...
by pe1chl
Thu Oct 26, 2023 11:13 am
Forum: General
Topic: Safe to Remove Antennas?
Replies: 3
Views: 806

Re: Safe to Remove Antennas?

50 ohm terminators with the appropriate connector type should do the job.
Real ones are expensive, but suitable ones for this purpose can be obtained for cheap on Aliexpress.
by pe1chl
Thu Oct 26, 2023 11:11 am
Forum: General
Topic: 5009reboot fails
Replies: 4
Views: 784

Re: 5009reboot fails

What is the config on that router? I am observing the same thing on my RB4011, but by now I have found what causes it: I have added the package rose-storage and I have added a "disk" that is a mount of an external fileserver. This makes reboot getting stuck. So when you do something simila...
by pe1chl
Wed Oct 25, 2023 9:13 pm
Forum: General
Topic: Static route not showing in export
Replies: 9
Views: 1007

Re: Static route not showing in export

In my router running v7.12rc it certainly is present in the export. And it was before as well.
by pe1chl
Wed Oct 25, 2023 6:21 pm
Forum: General
Topic: Simple Web Server to Host Simple Files [SOLVED]
Replies: 12
Views: 1423

Re: Simple Web Server to Host Simple Files [SOLVED]

You can also add a simple web server on a computer (your preferred flavor of OS), or even a RaspBerry Pi on the LAN and port forward via NAT so it can be reached from the Internet. The question started with: I have an VPS that has MikroTik CHR installed on it. So to do it that way he would have to ...
by pe1chl
Wed Oct 25, 2023 5:45 pm
Forum: RouterBOARD hardware
Topic: hAPax2 RAM size 1GB or 128MB ?
Replies: 18
Views: 1915

Re: hAPax2 RAM size 1GB or 128MB ?

The rackmounted versions had the displays on the front. Sure, when you bought an RB2011 for desktop use it had the display on the top and that was inconvenient when you wanted to put it on a shelf in a rack, but the rackmounted RB2011 had no such issue. Same for the CCR devices from that time. Of co...
by pe1chl
Wed Oct 25, 2023 1:28 pm
Forum: General
Topic: Forum moderation volunteers
Replies: 214
Views: 25266

Re: Forum moderation volunteers

Read also the title: "My Youtube Video player has blocked"

There is no trace of anything related to MikroTik.
Ok exercise for you: see this recent new posting: viewtopic.php?t=200911
There is no trace of anything related to MikroTik.
Should it be deleted?
by pe1chl
Wed Oct 25, 2023 12:58 pm
Forum: General
Topic: Forum moderation volunteers
Replies: 214
Views: 25266

Re: Forum moderation volunteers

Is it so difficult to read, even for a moderator?? I am talking about the initial question. It does not mention an Adblocker. How is the first question inappropriate for this forum, as rextended wrote: "For me the mistake is not immediately deleting the post, instead of replying." I don't ...
by pe1chl
Wed Oct 25, 2023 12:39 pm
Forum: General
Topic: Forum moderation volunteers
Replies: 214
Views: 25266

Re: Forum moderation volunteers

Question and the first answer had no connection to Mikrotik even beeing asked for more details. I don't agree with that!! The first question was clearly from a person with limited knowledge of English, and was about a problem that could be related to his router. Maybe he (or the admin of the router...
by pe1chl
Wed Oct 25, 2023 12:34 pm
Forum: General
Topic: Static route not showing in export
Replies: 9
Views: 1007

Re: Static route not showing in export

Aha I see. In v6 it was S in cli as well, and in v7 it is s in cli but S in winbox.
Stupid, I would say...

Again, what RouterOS version do you have?
by pe1chl
Wed Oct 25, 2023 12:31 pm
Forum: Beginner Basics
Topic: bridge port received packet with own address - probably loop [SOLVED]
Replies: 7
Views: 1058

Re: bridge port received packet with own address - probably loop [SOLVED]

That will likely solve it, as long as you do not paste that export back again. Alternatively you can try changing (or just removing) the MAC address settings seen in the config. That will make them fall back to defaults which are the device-unique MAC addresses assigned during manufacturing. Then yo...
by pe1chl
Wed Oct 25, 2023 12:28 pm
Forum: General
Topic: Firewall kicked me out after 30mins - no clue why
Replies: 8
Views: 973

Re: Firewall kicked me out after 30mins - no clue why

Hmm and what rule would you add for that?
I am legit curious, I'd like to understand where I went wrong and how I could fix it.
Thank you.
You have not shown us your full firewall configuration yet, so how should we know???
Show the result of a /ip firewall export
by pe1chl
Wed Oct 25, 2023 12:26 pm
Forum: General
Topic: Forum moderation volunteers
Replies: 214
Views: 25266

Re: Forum moderation volunteers

In these cases that is difficult to infer from the first question. Almost all questions on this forum initially are vague, do not include any context, and require additional posts to get that info. At that time it may become obvious that the question is not related to any MikroTik software or hardwa...
by pe1chl
Wed Oct 25, 2023 12:23 pm
Forum: General
Topic: Ipsec tunnel with only one public ip - it is possible?
Replies: 5
Views: 783

Re: Ipsec tunnel with only one public ip - it is possible?

Thanks, sounds very promising .... is there any guide or manual how to achieve that ?
https://help.mikrotik.com/docs/display/ROS/L2TP
by pe1chl
Wed Oct 25, 2023 12:21 pm
Forum: Announcements
Topic: v7.12rc is released!
Replies: 225
Views: 84018

Re: v7.12rc is released!

So what seems to be the problem in ROS is that on shutdown/reboot sequence, NFS server doesn't get stopped. Hence exported disk partition still shows usage and unmounting it hangs. Yes, that is what I wrote is my guess as well. In this case it seems the NFS client won't stop because it gets no repl...
by pe1chl
Wed Oct 25, 2023 12:16 pm
Forum: RouterBOARD hardware
Topic: hAPax2 RAM size 1GB or 128MB ?
Replies: 18
Views: 1915

Re: hAPax2 RAM size 1GB or 128MB ?

I think the availability of interfaces on the different MikroTik models mainly depends on the chips they use in them. For each new model a chip (SoC) is selected and it offers some different types of interfaces. Adding a new interface type that is not directly supported by the SoC would mean extra s...
by pe1chl
Tue Oct 24, 2023 8:11 pm
Forum: General
Topic: Mikrotik Car Charger
Replies: 4
Views: 775

Re: Mikrotik Car Charger

Well, you are asking for a charger and "we" are not aware of any MikroTik product that has a rechargable battery.
So it is a bit unclear what you want to charge.
by pe1chl
Tue Oct 24, 2023 8:10 pm
Forum: General
Topic: Firewall kicked me out after 30mins - no clue why
Replies: 8
Views: 973

Re: Firewall kicked me out after 30mins - no clue why

The reason that it breaks is that the rules you made do not accept input that is a reply to outgoing connects, like the update of DDNS.
But also other things would go wrong, like query of DNS or download of upgrades.
by pe1chl
Tue Oct 24, 2023 8:07 pm
Forum: Beginner Basics
Topic: bridge port received packet with own address - probably loop [SOLVED]
Replies: 7
Views: 1058

Re: bridge port received packet with own address - probably loop [SOLVED]

Looking at the MAC addresses, you probably restored a backup from another device?
by pe1chl
Tue Oct 24, 2023 8:06 pm
Forum: General
Topic: Static route not showing in export
Replies: 9
Views: 1007

Re: Static route not showing in export

Static routes have "AS" flag. I don't know what the s flag is for.
What RouterOS version do you have?
by pe1chl
Tue Oct 24, 2023 8:03 pm
Forum: Beginner Basics
Topic: Connected device uptime question.
Replies: 3
Views: 591

Re: Connected device uptime question.

Of course it depends on what the connected device is. When it is a MikroTik device you can also see the uptime in IP->Neighbors.
And it depends on your requirements. When you want to know if it had recently connected you can use the "Last Seen" field in the leases.
by pe1chl
Tue Oct 24, 2023 8:01 pm
Forum: General
Topic: Ipsec tunnel with only one public ip - it is possible?
Replies: 5
Views: 783

Re: Ipsec tunnel with only one public ip - it is possible?

At least when using L2TP/IPsec you do not need any special tricks.
Put the L2TP server on the site with the public IP and connect it from the other site. That one can even have a dynamic IP.
by pe1chl
Tue Oct 24, 2023 4:57 pm
Forum: General
Topic: LHG 5 ac
Replies: 6
Views: 1041

Re: LHG 5 ac

Maybe they have a warehouse full of old LHG 5 and no more LHG 5 ac in stock, then they would have to produce it again? The architecture of the LHG 5 ac is similar to the hAP ac2 and its limited 16 MB flash is becoming a problem with RouterOS v7. So maybe at some time we will see a LHG 5 ax to replac...
by pe1chl
Tue Oct 24, 2023 4:52 pm
Forum: General
Topic: RB 2011 100% CPU Usage
Replies: 4
Views: 1006

Re: RB 2011 100% CPU Usage

Also first check that when the load is 100% there is not a lot of wireguard traffic.
by pe1chl
Tue Oct 24, 2023 4:50 pm
Forum: RouterBOARD hardware
Topic: hAPax2 RAM size 1GB or 128MB ?
Replies: 18
Views: 1915

Re: hAPax2 RAM size 1GB or 128MB ?

If I recall, AC2 or cap AC had such an occurrence (128 vs 256 Mb RAM), no ? Yes, I think this really happened :-( My ac2 has only 128 MB RAM. I think in that case the website always said 128 MB RAM but some users found that they bought a device that in reality had 256 MB RAM, then they bought more ...
by pe1chl
Tue Oct 24, 2023 4:45 pm
Forum: Beginner Basics
Topic: My Youtube Video player has blocked
Replies: 6
Views: 1166

Re: My Youtube Video player has blocked

When I use Adblocker my YouTube video player has stopped.
You got the wrong forum. It is a forum about MikroTik routers. You should write to forum about your Adblocker software.
Or Youtube. Youtube has started banning users that use an Adblocker.
by pe1chl
Tue Oct 24, 2023 1:51 pm
Forum: Announcements
Topic: v7.12rc is released!
Replies: 225
Views: 84018

Re: v7.12rc is released!

This time I manually rebooted the router before trying to install the update, and the reboot was hanging. Just like the update is hanging when I try it after some uptime. Could it be caused by rose-storage? I have an NFS mount (the router mounts a share from an NFS server). I could imagine that thi...
by pe1chl
Tue Oct 24, 2023 12:13 pm
Forum: General
Topic: DHCP alert - valid server required if DHCP server on same device?
Replies: 3
Views: 1048

Re: DHCP alert - valid server required if DHCP server on same device?

Hello, does the DHCP server of RouterOS on the same device have to be specified as a valid server for the DHCP alert (/ip dhcp-server alert valid-server=), or is it automatically treated as a "valid server"? No, it is not required. Just enabling that function will find other DHCP servers ...
by pe1chl
Tue Oct 24, 2023 12:12 pm
Forum: General
Topic: LHG 5 ac
Replies: 6
Views: 1041

Re: LHG 5 ac

Maybe most buyers preferred the extra link margin for AC use that an XL provides... I do have an LHG 5 ac but it sits unused in storage because I did not notice that it does not support 10 MHz bandwidth, which we use. So now I use a LHG XL HP5 instead (of course on normal power). When you want bette...
by pe1chl
Tue Oct 24, 2023 11:47 am
Forum: Beginner Basics
Topic: Mikrotik AWS to Mikrotik Home Tunnel bad performance
Replies: 13
Views: 1376

Re: Mikrotik AWS to Mikrotik Home Tunnel bad performance

Buy a new router. E.g. an RB5009.
by pe1chl
Mon Oct 23, 2023 3:49 pm
Forum: Announcements
Topic: v7.12rc is released!
Replies: 225
Views: 84018

Re: v7.12rc is released!

Well, in general I agree with that, but not in the case of netinstall. That is just a badly designed/implemented program.
by pe1chl
Mon Oct 23, 2023 2:23 pm
Forum: Beginner Basics
Topic: Mikrotik AWS to Mikrotik Home Tunnel bad performance
Replies: 13
Views: 1376

Re: Mikrotik AWS to Mikrotik Home Tunnel bad performance

But the 20Mb for SSTP over 1G uplink does seem like it's MTU related
Actually 20Mb is about the upper bound for all encrypting tunnels on the 2011. Only plain tunnels (GRE, IPIP) without encryption exceed that.
by pe1chl
Sun Oct 22, 2023 12:10 pm
Forum: General
Topic: Detect internet stopped working
Replies: 31
Views: 2245

Re: Detect internet stopped working

Yes, best solution every time is to disable "detect internet", it provides no useful function. It is easy enough to maintain the WAN and LAN interface lists manually. Yeah, I am only using it because for some reason I can't make the router use a route with a distance higher than the main ...
by pe1chl
Sun Oct 22, 2023 12:07 pm
Forum: Announcements
Topic: v7.11.2 [stable] is released!
Replies: 348
Views: 151060

Re: v7.11.2 [stable] is released!

Hi,
one of my CRS328-24P-4S+ don't know about PoE on interfaces 9-24, however PoE on theese ports still works...

Same model, with same RoS version, but different device this problem haven't.
Did you restore a "backup" file from another device on that one?
by pe1chl
Sun Oct 22, 2023 12:04 pm
Forum: General
Topic: Default drop rule
Replies: 5
Views: 856

Re: Default drop rule

Cofiguration is relatively complex to post and contains too many private details to remove... talking about ~150 rules or so. Allow-all is great as soho firewall default, but generally shouldn't be a croproate practice... Of course. I do not like the default config either, although it is already mu...
by pe1chl
Sat Oct 21, 2023 11:21 am
Forum: Beginner Basics
Topic: Mikrotik AWS to Mikrotik Home Tunnel bad performance
Replies: 13
Views: 1376

Re: Mikrotik AWS to Mikrotik Home Tunnel bad performance

SSTP client on my home Mikrotik router
What is the model of your home MikroTik router?
Did you disable "fasttrack"?
by pe1chl
Sat Oct 21, 2023 11:18 am
Forum: General
Topic: Default drop rule
Replies: 5
Views: 856

Re: Default drop rule

You need to understand that the default firewall installed by RouterOS (on models that have a default configuration) operates on the principle that undesired traffic is blocked and at the end of the list there is an implicit "default accept". The structure of the rules is dependent on that...
by pe1chl
Sat Oct 21, 2023 11:15 am
Forum: General
Topic: Detect internet stopped working
Replies: 31
Views: 2245

Re: Detect internet stopped working

Yes, best solution every time is to disable "detect internet", it provides no useful function.
It is easy enough to maintain the WAN and LAN interface lists manually.
by pe1chl
Sat Oct 21, 2023 11:12 am
Forum: Beginner Basics
Topic: Seperate lan subnets
Replies: 10
Views: 1212

Re: Seperate lan subnets

Forward chain From subnet or interface To subnet or interface Action drop Repeat for all combinations. That is actually a bad solution. It does not scale, when you have 5 interfaces there are already 20 combinations. Better: add each interface to an interface list. There already exists the interfac...
by pe1chl
Fri Oct 20, 2023 7:09 pm
Forum: Beginner Basics
Topic: Debug Basics
Replies: 12
Views: 1061

Re: Debug Basics

I explained what is available in RouterOS. What he knows from other platforms is not available. No need to discuss that any further. I should say once you understand the packet flow (at least in general) in RouterOS it is not required to trace the entire flow, you immediately know which rules the pa...
by pe1chl
Fri Oct 20, 2023 6:41 pm
Forum: Beginner Basics
Topic: Debug Basics
Replies: 12
Views: 1061

Re: Debug Basics

The packet flow can be found here: https://wiki.mikrotik.com/wiki/Manual:Packet_Flow
At any point in the flow where there is a [| |] box you can insert a log rule.
by pe1chl
Fri Oct 20, 2023 5:00 pm
Forum: Beginner Basics
Topic: Debug Basics
Replies: 12
Views: 1061

Re: Debug Basics

You can add a log option to a rule in the firewall to log when it matches, or you can add an extra "log" rule with the appropriate matching criteria (in this case an address, but it can be anything) and when it matches it will log the appropriate message. The default logging configuration ...
by pe1chl
Fri Oct 20, 2023 10:46 am
Forum: Announcements
Topic: v7.12rc is released!
Replies: 225
Views: 84018

Re: v7.12rc is released!

Upgrading from v6.9x to 7.12rc2 all bgp, mpls, ospf settimg all missing. Thx What did you expect...just upgrade and continue? You just moved to a new major version! Well, in normal situations it would convert them during the upgrade. If that happened and if it works correctly depends on details of ...
by pe1chl
Thu Oct 19, 2023 11:25 pm
Forum: Beginner Basics
Topic: RTP Counter In Queue Trees
Replies: 7
Views: 824

Re: RTP Counter In Queue Trees

Why waste time on protocol recognition when you can just use the DSCP values that any reasonable SIP application already sets?
by pe1chl
Thu Oct 19, 2023 3:49 pm
Forum: Announcements
Topic: v7.12rc is released!
Replies: 225
Views: 84018

Re: v7.12rc is released!

Yes, that is a common issue with IPsec. People configure "more secure" IPsec settings (PFS, 256 bits, DH with long keys) and then it only works between routers but not with commonly used client devices... Worst is that it requires ongoing research to know what settings are supported in eac...
by pe1chl
Thu Oct 19, 2023 3:47 pm
Forum: General
Topic: DNSSEC
Replies: 43
Views: 22734

Re: DNSSEC

When going to the trouble of setting up a container with a good DNS resolver, I would not rely on the behavior of the existing DNS resolver in RouterOS. Let the container make its own queries and if necessary use RouterOS only to NAT them to the outside world, not to resolve them. You can then confi...
by pe1chl
Wed Oct 18, 2023 2:46 pm
Forum: Announcements
Topic: v7.12rc is released!
Replies: 225
Views: 84018

Re: v7.12rc is released!

I confirm that (on 7.12rc1) the Bridge VLAN "Current tagged" column incorrectly lists the wlan interfaces. I have added them both to Tagged for several VLANs, but wlan2 does not appear correctly in "Current tagged" even when a client is connected that uses the VLAN (RADIUS assign...
by pe1chl
Tue Oct 17, 2023 11:51 pm
Forum: Announcements
Topic: v7.12rc is released!
Replies: 225
Views: 84018

Re: v7.12rc is released!

Is the router ever going to do downloads (for upgrade) over IPv6?? The download server has an IPv6 record but RouterOS does not request it...
by pe1chl
Tue Oct 17, 2023 12:22 pm
Forum: General
Topic: open port vs forward port
Replies: 3
Views: 787

Re: open port vs forward port

Yes, many devices list "open port requirements" for access they want TO the internet. But in most default configurations of routers with connection-tracking firewall (like MikroTik), ALL ports are already open outbound. So there is nothing you need to change on the router. It is unfortunat...
by pe1chl
Tue Oct 17, 2023 12:19 pm
Forum: General
Topic: IP and IK rating
Replies: 2
Views: 566

Re: IP and IK rating

You need to ask such questions to sales or on the support site, not here on the community forum.
by pe1chl
Tue Oct 17, 2023 12:17 pm
Forum: General
Topic: Is this an attack?
Replies: 5
Views: 768

Re: Is this an attack?

Make the firewall setup so that everything that is not required is blocked.
In fact that is what the default firewall setup does.
No need to add such rules for specific ports, only add rules for things you want open.
by pe1chl
Mon Oct 16, 2023 9:26 pm
Forum: General
Topic: MikroTik RouterOS and CDP support
Replies: 5
Views: 1003

Re: MikroTik RouterOS and CDP support

Did you already check if RouterOS performs the functions you need?
by pe1chl
Mon Oct 16, 2023 3:44 pm
Forum: Forwarding Protocols
Topic: ROS 7.11.2 CHR BGP not Multithreaded and V. Slow
Replies: 16
Views: 1748

Re: ROS 7.11.2 CHR BGP not Multithreaded and V. Slow

I don't think you can/should do RPKI validation on a single-peer endpoint. Leave that to your upstream ISP. They can do all the route selection for you and send you only a default route.
by pe1chl
Mon Oct 16, 2023 11:06 am
Forum: RouterBOARD hardware
Topic: Search for new mikrotik router
Replies: 11
Views: 1585

Re: Search for new mikrotik router

It depends on the internal structure of your small home. I have a similar small appartment but straight through the middle there is a concrete wall (part of the structure of the building), while all other walls are plasterboard. I do require two WiFi devices for reasonable coverage. Otherwise the si...
by pe1chl
Sat Oct 14, 2023 10:31 pm
Forum: General
Topic: DHCP Client lease expired
Replies: 7
Views: 809

Re: DHCP Client lease expired

When you have more than one DHCP client of course you should set the default route distance differently in each of them, and probably setup two route tables and a script to insert a default route in the second table, and routing rules or mangling. I would not think it would cause the issue that you ...
by pe1chl
Sat Oct 14, 2023 10:27 pm
Forum: Forwarding Protocols
Topic: ROS 7.11.2 CHR BGP not Multithreaded and V. Slow
Replies: 16
Views: 1748

Re: ROS 7.11.2 CHR BGP not Multithreaded and V. Slow

I don't see how any of that would be an advantage when having only one peer.
by pe1chl
Sat Oct 14, 2023 3:31 pm
Forum: Forwarding Protocols
Topic: ROS 7.11.2 CHR BGP not Multithreaded and V. Slow
Replies: 16
Views: 1748

Re: ROS 7.11.2 CHR BGP not Multithreaded and V. Slow

BGP can run multithreaded (see posting above), but when you have only 1 peer there is nothing to gain that way.
Is this only a test? Or else, why would you run full-table BGP with only 1 peer?
Ask the ISP to send you only a default route...
by pe1chl
Sat Oct 14, 2023 3:23 pm
Forum: General
Topic: Invalid value in Connection Bytes in webfig
Replies: 3
Views: 580

Re: Invalid value in Connection Bytes in webfig

I don't think that will be fixed... v6 is no longer maintained except for security issues, and this seems to be a niche problem.
by pe1chl
Sat Oct 14, 2023 3:22 pm
Forum: General
Topic: DHCP Client lease expired
Replies: 7
Views: 809

Re: DHCP Client lease expired

Maybe you have put those ports in a bridge? make sure each of them is not member of any bridge.
by pe1chl
Fri Oct 13, 2023 10:25 pm
Forum: General
Topic: RouterOS 6.49.1 vs 7.11.2 IPSEC NAT problem
Replies: 5
Views: 779

Re: RouterOS 6.49.1 vs 7.11.2 IPSEC NAT problem

Forgot to mention it was a binary backup, not an exported config
You copied a binary backup to another router? that cannot be done. It is accepted, but it causes weird issues.
by pe1chl
Fri Oct 13, 2023 10:23 pm
Forum: General
Topic: RB 2011 100% CPU Usage
Replies: 4
Views: 1006

Re: RB 2011 100% CPU Usage

20 Mbit/s is enough to fully load a 2011 when it has to encrypt/decrypt the traffic.
Unless you show the config export, nobody can help you with a solution.
by pe1chl
Fri Oct 13, 2023 10:20 pm
Forum: General
Topic: L2 vs L3
Replies: 4
Views: 897

Re: L2 vs L3

As mkx indicates, the difference comes when routing, which is why MikroTik can justify the moniker "Cloud Router Switch." Yes, it's a router, and it's a switch. This line of products are better at switching than routing, but the fact that your CRS series switch can also route packets betw...
by pe1chl
Fri Oct 13, 2023 7:47 pm
Forum: RouterBOARD hardware
Topic: Search for new mikrotik router
Replies: 11
Views: 1585

Re: Search for new mikrotik router

RB4011 series - amazingly powerful routers
The 4011 is a bit of a dead end. Cannot support BOTH 2.4/5 GHz WiFi AND new WiFi driver. Not recommended for new purchase.
by pe1chl
Fri Oct 13, 2023 5:20 pm
Forum: Scripting
Topic: Remove disk from /files
Replies: 10
Views: 962

Re: Remove disk from /files

Fine!
by pe1chl
Fri Oct 13, 2023 12:05 pm
Forum: Beginner Basics
Topic: Problem Upgrading from 6.49 lt to 7.11
Replies: 3
Views: 909

Re: Problem Upgrading from 6.49 lt to 7.11

He is already on upgrade channel (see the question) so that is not it. I think a more likely reason for it failing is that the flash is probably almost full. The hAP ac2 has a chronic lack of space. I have one running 7.12rc1 and it has only 1000kB free out of the total 16M (16000kB). It may be bett...
by pe1chl
Fri Oct 13, 2023 11:01 am
Forum: Scripting
Topic: Remove disk from /files
Replies: 10
Views: 962

Re: Remove disk from /files

To have it solved you will first have to reproduce it on v7, as v6 is no longer maintained except for security issues.
I think it has been improved in v7. You can now assign a name to a disk yourself and it will stick to that disk.
by pe1chl
Thu Oct 12, 2023 9:23 pm
Forum: General
Topic: Command to save config on the terminal
Replies: 2
Views: 574

Re: Command to save config on the terminal

Everything you configure in the terminal is immediately saved.
It is not like in some other routers that you configure things only in memory and then have to "write" that to flash.
by pe1chl
Thu Oct 12, 2023 9:21 pm
Forum: Scripting
Topic: Remove disk from /files
Replies: 10
Views: 962

Re: Remove disk from /files

One would expect, just like in Linux, to have a checkmark to select automatic mounting on boot yes/no.
Other than that, I don't see an issue. Maybe you can schedule a job at boot to eject the disk when you do not want it to be mounted by default.
by pe1chl
Thu Oct 12, 2023 11:04 am
Forum: General
Topic: MikroTik RouterOS and CDP support
Replies: 5
Views: 1003

Re: MikroTik RouterOS and CDP support

You need to find that out yourself, because I do not know what "full CDP support" means.
by pe1chl
Wed Oct 11, 2023 6:17 pm
Forum: Forwarding Protocols
Topic: BGP prepend filters - Can I prepend input with own AS?
Replies: 5
Views: 924

Re: BGP prepend filters - Can I prepend input with own AS?

Because BGP adds its own ASN only when sending routes to remote peers (so prepending own as is possible only in output). By adding local as in input you are deliberately "saying" that those routes are looped, you might as well just reject the routes. No, the purpose of prepending own AS o...
by pe1chl
Wed Oct 11, 2023 12:31 pm
Forum: General
Topic: MikroTik RouterOS and CDP support
Replies: 5
Views: 1003

Re: MikroTik RouterOS and CDP support

Look in "/ip neighbor" and its settings, there is some rudimentary support there.
by pe1chl
Wed Oct 11, 2023 11:12 am
Forum: RouterOS beta
Topic: BGP - Prefix Count
Replies: 9
Views: 2036

Re: BGP - Prefix Count

Maybe you can use this script to show you prefix counts on commandline: /system script add comment="print BGP prefix count" dont-require-permissions=no name=\ bgp-prefixes owner=admin policy=read source="/routing/bgp/session {\r\ \n :global prefixes ({});\r\ \n :global active ({});\r\...
by pe1chl
Tue Oct 10, 2023 2:17 pm
Forum: RouterOS beta
Topic: BGP - Prefix Count
Replies: 9
Views: 2036

Re: BGP - Prefix Count

Hello Mat I have exactly the same problem with version 7.11.2 I'm a bit disappointed that Mikrotik hasn't replied to you since June 2023, It's inconceivable to me... Well, this forum is mainly for inter-user communication. When you want a reply from support and/or some chance your topic gets put on...
by pe1chl
Tue Oct 10, 2023 2:14 pm
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM: Which port is sfp-sfpplus2?
Replies: 2
Views: 686

Re: CRS328-24P-4S+RM: Which port is sfp-sfpplus2?

I would think the bottom is 1 and the top is 2.
That is also the way our new CCR2004 is numbered (I did not expect it because for other manufacturers the top is the lower numbered port)
by pe1chl
Sun Oct 08, 2023 11:51 am
Forum: Wireless Networking
Topic: "lost connection, no beacons received"
Replies: 53
Views: 5317

Re: "lost connection, no beacons received"

Please don't pollute the topic with unrelated things!
by pe1chl
Sat Oct 07, 2023 3:44 pm
Forum: Beginner Basics
Topic: Configure VLAN access to specific devices [SOLVED]
Replies: 6
Views: 2089

Re: Configure VLAN access to specific devices [SOLVED]

Yes. But only in the old WiFi drivers and not in the new wifiwave2. So let's first check which one you use.
Edit: seems to be possible now as well, but I do not know how as I do not use that myself.
by pe1chl
Sat Oct 07, 2023 11:06 am
Forum: Announcements
Topic: v7.12rc is released!
Replies: 225
Views: 84018

Re: v7.12rc is released!

And can you assign the VLAN to each client separately using RADIUS (via user-manager)? That was possible in the old WiFi.
by pe1chl
Sat Oct 07, 2023 11:01 am
Forum: General
Topic: Tool to migrate/convert *.cfg.rsc between different devices
Replies: 10
Views: 1067

Re: Tool to migrate/convert *.cfg.rsc between different devices

Hint: use the "/export show-sensitive terse" command (especially the "terse" parameter) when you want easier handling in a text editor or script. I don't use it because my Perl script first performs the equivalent action on "non-terse" exports, but it can save some work...
by pe1chl
Fri Oct 06, 2023 4:52 pm
Forum: Announcements
Topic: v7.12rc is released!
Replies: 225
Views: 84018

Re: v7.12rc is released!

This time I manually rebooted the router before trying to install the update, and the reboot was hanging. Just like the update is hanging when I try it after some uptime. Could it be caused by rose-storage? I have an NFS mount (the router mounts a share from an NFS server). I could imagine that this...
by pe1chl
Fri Oct 06, 2023 4:46 pm
Forum: General
Topic: Tool to migrate/convert *.cfg.rsc between different devices
Replies: 10
Views: 1067

Re: Tool to migrate/convert *.cfg.rsc between different devices

Except that it isn't true... the features of routers differ, and adaptations are required in the export file to be able to import it on another one.
by pe1chl
Fri Oct 06, 2023 11:55 am
Forum: General
Topic: Tool to migrate/convert *.cfg.rsc between different devices
Replies: 10
Views: 1067

Re: Tool to migrate/convert *.cfg.rsc between different devices

I have never seen it... You are right, migration of config in MikroTik routers is a bit of a problem. It is not possible to do it using .backup files, but the backup restore procedure does not check that and happily messes up the device. And the load of .rsc files also is problematic. The import com...
by pe1chl
Thu Oct 05, 2023 4:42 pm
Forum: Announcements
Topic: v7.12beta [testing] is released!
Replies: 263
Views: 116564

Re: v7.12beta [testing] is released!

For example: Cloudflare tunnel cannot be started because the returned (argotunnel.com) domain record does not contain an SOA record. Interesting that you found an actual problem resulting from that behavior. But did you really confirm it to be the reason? As you mentioned I encountered a problem wi...
by pe1chl
Thu Oct 05, 2023 3:13 pm
Forum: General
Topic: The predicted demise of "tls-host=" firewall filters is near!
Replies: 21
Views: 1676

Re: The predicted demise of "tls-host=" firewall filters is near!

Sorry, why should it? The purpose of the use-application-dns.net domain was to tell Firefox in a network that the network admin does not want the users to use DoH. The domain is registered on internet and one is supposed to override that in a local static entry with an NXDOMAIN response. I even ask...
by pe1chl
Thu Oct 05, 2023 11:14 am
Forum: General
Topic: The predicted demise of "tls-host=" firewall filters is near!
Replies: 21
Views: 1676

Re: The predicted demise of "tls-host=" firewall filters is near!

Or just block based on IP or IP address ranges. Just like always because for years we knew this was coming. The problem is that you cannot block services that run on large CDN or other server farms like Google's in that way. When you even can find all addresses used by Youtube, you may find that th...
by pe1chl
Thu Oct 05, 2023 11:12 am
Forum: General
Topic: The predicted demise of "tls-host=" firewall filters is near!
Replies: 21
Views: 1676

Re: The predicted demise of "tls-host=" firewall filters is near!

Funny topic. You guys want firefox to be more secure and less secure at the same time :) Well, the issue is that "secure" can have different definitions depending on the viewpoint. The people at Firefox (and some vocal organizations) consider it "secure" when only the end-user c...
by pe1chl
Wed Oct 04, 2023 12:45 pm
Forum: General
Topic: The predicted demise of "tls-host=" firewall filters is near!
Replies: 21
Views: 1676

The predicted demise of "tls-host=" firewall filters is near!

Firefox has now started rolling out the implementation of Encrypted Client Hello (ECH) to their users: https://blog.mozilla.org/en/products/firefox/encrypted-hello/ This will mean that using firewall filters that use tls-host= (or L7 filters that try to do the same thing) to "block certain webs...
by pe1chl
Wed Oct 04, 2023 11:19 am
Forum: Announcements
Topic: v7.12beta [testing] is released!
Replies: 263
Views: 116564

Re: v7.12beta [testing] is released!

Frankly I would prefer when features like SMB or PROXY were just removed from RouterOS... get a NAS!
by pe1chl
Mon Oct 02, 2023 2:34 pm
Forum: General
Topic: Can't access Bitbucket.org through Mikrotik
Replies: 1
Views: 449

Re: Can't access Bitbucket.org through Mikrotik

Such problems are normally a combination of MTU issues and badly configured firewall (not necessarily your firewall, can just as well be at bitbucket.org).
by pe1chl
Sun Oct 01, 2023 11:31 pm
Forum: Beginner Basics
Topic: Cannot connect to the internet with PPOE with vlan
Replies: 3
Views: 630

Re: Cannot connect to the internet with PPOE with vlan

/interface vlan
add interface=ether1 mtu=1492 name=EboxVlan vlan-id=40
That is wrong. mtu should not be set to 1492 there. Remove that.
by pe1chl
Sun Oct 01, 2023 10:01 pm
Forum: Forwarding Protocols
Topic: GRE over IPsec
Replies: 13
Views: 1551

Re: GRE over IPsec

I don't understand you either. Maybe you are difficult to understand.
by pe1chl
Sun Oct 01, 2023 2:37 pm
Forum: Forwarding Protocols
Topic: GRE over IPsec
Replies: 13
Views: 1551

Re: GRE over IPsec

What protocols best fit to securely connect same networks over public network?
GRE/IPsec is a good choice. That is completely unrelated to your first question.
by pe1chl
Sun Oct 01, 2023 2:37 pm
Forum: Forwarding Protocols
Topic: GRE over IPsec
Replies: 13
Views: 1551

Re: GRE over IPsec

Transport Mode
It will be transport mode when both endpoints directly have a public IP address.
When there is NAT in front of the MikroTik router at one end, it will be tunnel mode (because IPsec transport mode does not support NAT).
by pe1chl
Sun Oct 01, 2023 2:18 pm
Forum: General
Topic: Recomandation router with good wifi
Replies: 16
Views: 1408

Re: Recomandation router with good wifi

A friend asked for a recommendation, he is interested only in wifi strength and quality, so the number of ports is not important, but to recommend something similar is an overkill. Of course you also need to consider if you want to recommend MikroTik to your friend, or if that is just overkill. Whe...
by pe1chl
Sat Sep 30, 2023 4:02 pm
Forum: General
Topic: Feature requests
Replies: 1644
Views: 528910

Re: Feature requests

Make a ticket on the customer support portal at https://help.mikrotik.com/servicedesk
by pe1chl
Fri Sep 29, 2023 7:44 pm
Forum: Scripting
Topic: Frustrated trying to create a script
Replies: 14
Views: 1343

Re: Frustrated trying to create a script

Also, I would warn against trying to do too much in a single expression. At some point it just won't work and there are no ways to debug it. It is safest to move some calculated value into a variable first before using it inside another expression, and also best to use the . string concat operator i...
by pe1chl
Fri Sep 29, 2023 12:03 pm
Forum: RouterOS beta
Topic: BGP Filter bgp-as-path reject
Replies: 7
Views: 3409

Re: BGP Filter bgp-as-path reject

As I wrote above (at a time when all of this simply did not work due to bugs, that have been fixed now) there is a "bgp-input-remote-as" you can use for that.
by pe1chl
Thu Sep 28, 2023 7:52 pm
Forum: General
Topic: Export, Print, Get...everything?
Replies: 9
Views: 807

Re: Export, Print, Get...everything?

When you want to generate a mail with the data YOU find interesting, you can do it.
But probably your requirements are quite unique, so it would not be reasonable to have a standard facility for that.
Print what you want and mail it.
by pe1chl
Wed Sep 27, 2023 11:04 am
Forum: SwOS
Topic: SwOS Lite v2.17 packet loss issue
Replies: 15
Views: 2070

Re: SwOS Lite v2.17 packet loss issue

What happened with fixed speed and duplex?
by pe1chl
Tue Sep 26, 2023 11:39 pm
Forum: The User Manager
Topic: Radius - Unknown User (dhcp)
Replies: 5
Views: 3143

Re: Radius - Unknown User (dhcp)

I don't think it can be solved with scripting. What we need is a default user entry (that matches any username that is not explicitly in the table). Or even better: the possibility to specify username as a regexp, so you can add entries that match e.g MAC addresses with some OUI or (with some effort...
by pe1chl
Tue Sep 26, 2023 8:47 pm
Forum: Announcements
Topic: v7.12beta [testing] is released!
Replies: 263
Views: 116564

Re: v7.12beta [testing] is released!

"/log [/user/get XXX password]"
For how many years now has this not been working? It was years before the end of v6 that passwords were no longer retrievable (only stored encrypted)...
by pe1chl
Tue Sep 26, 2023 8:31 pm
Forum: Announcements
Topic: v7.12beta [testing] is released!
Replies: 263
Views: 116564

Re: v7.12beta [testing] is released!

@MT: please check all of YOUR SFP(+) models on compatibility with a new ROS version! It seems that SFP support is the "rocket science" of today. Unlike in their early days, rockets today often work on the first try and failures are quite rare. SFP changes usually fail every time (somethin...
by pe1chl
Tue Sep 26, 2023 8:29 pm
Forum: The User Manager
Topic: First time configuring User manager
Replies: 22
Views: 2238

Re: First time configuring User manager

The firewall rule needs an extra parameter in-interface-list=LAN or in-interface-list=!WAN or similar, so that it won't accept RADIUS traffic from internet. As I mentioned before, it is extremely sad that there is no possibility in user-manager to have a "default user" that determines what...
by pe1chl
Tue Sep 26, 2023 5:10 pm
Forum: The User Manager
Topic: First time configuring User manager
Replies: 22
Views: 2238

Re: First time configuring User manager

Yes, you get the VLAN you assign to the user as a tagged VLAN on the bridge, so when you want to do anything with it you need to create a VLAN subinterface on the bridge and configure DHCP on it. And firewall rules. As I mentioned, I use it with a PSK on the wireless. The only reason I use the user-...
by pe1chl
Mon Sep 25, 2023 8:12 pm
Forum: SwOS
Topic: SwOS Lite v2.17 packet loss issue
Replies: 15
Views: 2070

Re: SwOS Lite v2.17 packet loss issue

Check if the trunk is configured for autonegotiation and if so, try to set fixed speed and Full Duplex at each end.
by pe1chl
Mon Sep 25, 2023 7:37 pm
Forum: The User Manager
Topic: First time configuring User manager
Replies: 22
Views: 2238

Re: First time configuring User manager

Of course you need to configure it so that the VLANs actually work. I did not check that in the config, but you would need a DHCP server on each VLAN etc. I still do have a (common) WPA2-PSK password on the SSID, that makes it "secure". Without password it will indicate insecure. And of co...
by pe1chl
Mon Sep 25, 2023 4:22 pm
Forum: Beginner Basics
Topic: IPv6 routing basics
Replies: 10
Views: 923

Re: IPv6 routing basics

For such a config, router A must have static routes for the subnets connected to router B, or autorouting must be setup to distribute these.
by pe1chl
Mon Sep 25, 2023 4:01 pm
Forum: Beginner Basics
Topic: IPv6 routing basics
Replies: 10
Views: 923

Re: IPv6 routing basics

Yes, of course. Unless you use multiple routing tables.
by pe1chl
Mon Sep 25, 2023 3:18 pm
Forum: General
Topic: discover mac address
Replies: 1
Views: 492

Re: discover mac address

It depends. When that device somehow tries to obtain info via the network, e.g. DHCP client, IP Cloud client using default route, etc it may be possible to find it by doing packet trace on the port on mikrotik1 where mikrotik2 is connected.
by pe1chl
Mon Sep 25, 2023 3:14 pm
Forum: General
Topic: Sending syslog to a remote over TLS?
Replies: 3
Views: 694

Re: Sending syslog to a remote over TLS?

In the meantime you may work around your problem by setting up a VPN to your syslog host and sending the traffic over that.
by pe1chl
Mon Sep 25, 2023 3:11 pm
Forum: Beginner Basics
Topic: IPv6 routing basics
Replies: 10
Views: 923

Re: IPv6 routing basics

A problem still stands which is I can't ping interfaces of a same router together even though the ipv6/setting/set forward is set to yes. (e.g ether4 and ether3 of the router can't ping each other) What is the problem?? should I add some routes? but I thought by default they're connected Yes you ma...
by pe1chl
Mon Sep 25, 2023 12:29 pm
Forum: Beginner Basics
Topic: IPv6 routing basics
Replies: 10
Views: 923

Re: IPv6 routing basics

When you want to connect two routers using 2 cables, e.g. for redundancy or load sharing, you need to configure a "bonding" interface with those ethernet ports as member, and configure the address on the bonding interface.
by pe1chl
Mon Sep 25, 2023 11:10 am
Forum: The User Manager
Topic: First time configuring User manager
Replies: 22
Views: 2238

Re: First time configuring User manager

The problem is not the MAC address, the problem is that the RADIUS server does not answer your query.
So you need to fix that first. Try to use the router LAN address instead of 127.0.0.1
Make sure the input rules of the firewall don't block RADIUS (UDP port 1812-1813,3799)
by pe1chl
Sun Sep 24, 2023 10:49 pm
Forum: The User Manager
Topic: First time configuring User manager
Replies: 22
Views: 2238

Re: First time configuring User manager

When you get no reply from the RADIUS server, usually the secret is wrong between them. You have no secret configured in the radius server and user-manager, maybe that is mandatory (I do not know, I do have it). Also I do not use 127.0.0.1 but the IP of the router on the LAN, but that should not be ...
by pe1chl
Sun Sep 24, 2023 12:51 pm
Forum: The User Manager
Topic: First time configuring User manager
Replies: 22
Views: 2238

Re: First time configuring User manager

Under /system logging enable debug for wireless and radius (all topics) and you can see exactly what is happening. (open the log window) I keep logging for wireless enabled so I can see the devices joining the network performing the authentication. Logging for radius I have disabled during normal us...
by pe1chl
Sat Sep 23, 2023 10:50 pm
Forum: Announcements
Topic: v7.11.2 [stable] is released!
Replies: 348
Views: 151060

Re: v7.11.2 [stable] is released!

RAM shortage (where firmware is stored during the upgrade) is common problem on those smaller smips devices, you must make sure you have at least 7.7MB free RAM available (winbox/system/resources) before upgrade, unfortunately this doesn't help you now I guess... No, those small smips devices do NO...
by pe1chl
Sat Sep 23, 2023 10:46 pm
Forum: The User Manager
Topic: First time configuring User manager
Replies: 22
Views: 2238

Re: First time configuring User manager

I don't have any wifiwave2 devices so I can't comment...
by pe1chl
Fri Sep 22, 2023 7:06 pm
Forum: General
Topic: MAC change on VLAN subinterface [SOLVED]
Replies: 5
Views: 633

Re: MAC change on VLAN subinterface [SOLVED]

When you need to change the VLAN MAC, of course it will change when you change the parent ethernet interface MAC.
Of course the MAC on the untagged VLAN and all other VLANs will change as well, but that likely does not matter.
by pe1chl
Fri Sep 22, 2023 6:59 pm
Forum: General
Topic: Should moderators redact sensitive info, and how much?
Replies: 49
Views: 2685

Re: Should moderators redact sensitive info, and how much?

Why should a newcomer on a forum know less than a person with hundreds of posts ? I learned what a public IP is and about sensitivity at school then university, years before setting up my first home network, I worked with sensitive data for years before writing a single post here and touching a Mik...
by pe1chl
Fri Sep 22, 2023 6:10 pm
Forum: The User Manager
Topic: First time configuring User manager
Replies: 22
Views: 2238

Re: First time configuring User manager

You need to enable "MAC authentication" in your wireless security profile, select a MAC format, MAC "as username", and add "usernames" that are the MAC addresses of the devices you want to accept (in that same format). The users have no password. To assign a VLAN to the...
by pe1chl
Fri Sep 22, 2023 4:53 pm
Forum: Announcements
Topic: v7.11.2 [stable] is released!
Replies: 348
Views: 151060

Re: v7.11.2 [stable] is released!

First inform you about what "stable" means before you base your expectations on it. That prevents disappointment. To be fair, regardless of what "stable" means I'd expect firmware updates _not_ to brick my devices. Yes, but so do we expect for "testing" or "develo...
by pe1chl
Fri Sep 22, 2023 2:25 pm
Forum: Announcements
Topic: v7.11.2 [stable] is released!
Replies: 348
Views: 151060

Re: v7.11.2 [stable] is released!

not what I expected on "stable" tree.
First inform you about what "stable" means before you base your expectations on it. That prevents disappointment.
by pe1chl
Wed Sep 20, 2023 5:20 pm
Forum: General
Topic: Webfig Enhancement
Replies: 23
Views: 5688

Re: Webfig Enhancement

I only used CLI to export/import large sections of configuration
Welcome brother, sorry you hear your escape attempt failed.
What does this message mean? Please delete it.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 39