My hap ac2 is running on 6.43rc5 since last week but yet to retest the speed. Some user still experience poor performance on 2.4GHz band according to mikrotik forum postings.


You can block the manual IP assignment by setting the interface ARP option to reply-only and also enable Add ARP for Leases in DHCP server option. It won't prevent the device from accessing other IP on the same subnet though.

i tried that before didnt get it work, maybe i should look into it again, maybe i did wrong back then

btw,

i have Unifi 30
is it normal having queues enabled slows down my speedtest.net result significantly? it stuck around 10-16Mbps,

but normal browsing, http downloads, streaming, utorrent, all still fast like normal at 30+Mbps, except doing speedtests

if i use speedtest.net, i get 10-16Mbps and response kinda slower

if use tm speedtest, sometime pop up error say firewall rules blocked it

when I enable back fasttrack (which also invalidate all queues), then speedtest back to normal


did i do something wrong at firewall rules and queue that affect it?

I'll post my routeros firewall rules screen later tonight when i back home.

This post has been edited by squall0833: May 4 2018, 04:01 PM

My RB450G behave weirdly i think need to netinstall the device been running more than 10 years . Some sort of memory issues and can't upload files into it

Today i switch the device with HAP Lite AC

Upload



Download



Speedtest



Yesterday help my client to netinstall RB750GL :-) manage to restore it from bootloop via netinstall





This post has been edited by MX510: May 20 2018, 11:52 AM

Hi to all the Sifu.

I want to have the following setup but not quite understand how Mikrotik Vlan works. A little bit background for why I have this ideal. I stay in double storey. Currently my setup is just using RB2011 with 2 Bridges without vlan and work fine. I would like to add another RB960PGS to cascade my traffic to 2nd floor. I know how vlan works and I have experience in Cisco and Juniper product. I just couldn't figure out how mikrotik vlan works.

What I will do if I have Cisco product is, I will configure InterVlan and DHCP run on 1 router and set 1 trunk port in switch and run L2 vlan. Done.

I try about the same concept in Mikrotik but it just fail.

To all the sifu, any ideal?

Below is the Network Topo. Could really get the visio stencil for my model



Thanks in advance.

it works the same way using tagged and untagged vlans. You have to take care to note at which level as mikrotik gives you the option to vlan via CPU or switch chip (if device has it). To routers like mikrotik, a vlan is simply an interface, so if you attach a vlan to a port, you set your rules to the vlan rather than the port as that vlan is basically your new port.

hersa_wex Not sure if you saw my post on the previous page. It's a working setup with trunk and access ports. Not exactly what you specified but just rinse & repeat to get what you want.

https://forum.lowyat.net/index.php?showtopi...post&p=88573740

This post has been edited by soonwai: Jun 11 2018, 01:31 AM

Hi sifus, need some helps on integrating mikrotik with hotel PMS. Anyone here has done that before? thank you

This post has been edited by fasxion: Jul 5 2018, 12:45 PM

PMS? Ah, I think have to ask my girlfriend. I think first better define "integrating". Easiest form of integration is to connect an ethernet cable from the Mikrotik to your hotel's switch.

Any SiFu,

For my side, i got Local, unifi and WAN2 mean got 2 income Internet.
Local: 192.168.18.0/24
unifi:xxxx
WAN2: 192.168.2.1/24

So i want my CCTV ip 192.168.18.254 just only access by unifi connection(dont want WAN2 cnnection because it cannot port forwarding)
got any suggestion on this.

Looking at it simply, just port forward from your UniFi to your CCTV. When connecting to the CCTV, ensure that you use the IP address of UniFi.

ok, like my WAN2 isp cannot go facebook website, just only Unifi can access it, so how can manage my this PC 192.168.18.101 can use unifi connection?this is my second question. the problem is my pc keep using WAN2 connection

How's your dual WAN set up? It depends on that, few ways to do it. For example, you can specify a PC to only use one of the WANs, using source IP. Or anything connecting to a certain website to always go through the same WAN, say, using destination IP.

Basically, qualify the connection, mark it and then route to one of the WANs based on that mark.

You can use Firewall Masquerade to mark the connection to desired line, eg "Only WAN1". You need to use Address Lists for this.


Take a look at this script*, change [WAN2 INTERFACE] according to your setup:

/ip firewall mangle
add action=accept chain=prerouting disabled=no in-interface=pppoe-out1
add action=accept chain=prerouting disabled=no in-interface=[WAN2 INTERFACE]

add action=mark-connection chain=prerouting disabled=no dst-address-type=!local new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=both-addresses:1/0 src-address-list="Only WAN1"
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local new-connection-mark=wan2_conn passthrough=yes per-connection-classifier=both-addresses:1/0 src-address-list="Only WAN2"

add action=mark-routing chain=prerouting connection-mark=wan1_conn disabled=no new-routing-mark=to_wan1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan2_conn disabled=no new-routing-mark=to_wan2 passthrough=yes


/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out1
add action=masquerade chain=srcnat disabled=no out-interface=[WAN2 INTERFACE]

/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=to_wan1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=[WAN2 INTERFACE] routing-mark=to_wan2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=[WAN2 INTERFACE] scope=30 target-scope=10

/ip firewall address-list
add address=192.168.18.1-192.168.18.10 list="Only WAN1"
add address=192.168.18.11-192.168.18.100 list="Only WAN2"


*For your reference only, not tested by me as my setup uses 3 pppoe connection, not 1 pppoe and 1 wan like yours.

This post has been edited by izhamsatria: Jul 7 2018, 05:42 PM

OKOK, i try now thank Guys

Thank is Work

Another one question is "Only WAN2" modem down, so got script to switch Only WAN2 auto connect to "PPPOE unifi"? like (failover)???

This post has been edited by ssplayboy: Jul 8 2018, 04:12 PM

I don't think so, since u specify which ip address uses which WAN.

oh ok

Wait, I've been thinking. Give this a shot.

/ip firewall mangle
add action=accept chain=prerouting disabled=no in-interface=pppoe-out1
add action=accept chain=prerouting disabled=no in-interface=[WAN2 INTERFACE]

add action=mark-connection chain=prerouting disabled=no dst-address-type=!local new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=both-addresses:1/0 src-address-list="CCTV"
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=both-addresses:2/0 src-address-list="Internet"
add action=mark-connection chain=prerouting disabled=no dst-address-type=!local new-connection-mark=wan2_conn passthrough=yes per-connection-classifier=both-addresses:2/1 src-address-list="Internet"

add action=mark-routing chain=prerouting connection-mark=wan1_conn disabled=no new-routing-mark=to_wan1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan2_conn disabled=no new-routing-mark=to_wan2 passthrough=yes

/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=pppoe-out1
add action=masquerade chain=srcnat disabled=no out-interface=[WAN2 INTERFACE]

/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=to_wan1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=[WAN2 INTERFACE] routing-mark=to_wan2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=[WAN2 INTERFACE] scope=30 target-scope=10

/ip firewall address-list
add address=192.168.18.2-192.168.18.254 list="Internet"
add address=192.168.18.254 list="CCTV"

"Internet" address list will have some sort of fail over in-case any wan disconnects.
Again, untested and might not work.

[quote=izhamsatria,Jul 9 2018, 12:32 AM]
Wait, I've been thinking. Give this a shot.

Oh, okok

Hi, is Mikrotik hAP ac2 a good upgrade to the RB250GS (I think this is what I have, and have been using it for close to 5 years already)

Thinking of getting one in anticipation to the 800Mbps upgrade by Unifi.

Thanks in advance.