Enterprise Networking Mikrotik Routers (RouterBoard & RouterOS), User and owner discussion group
|
|
 Jul 11 2016, 07:51 PM
Return to original view | Post
#181
|
 
All Stars
11,458 posts Joined: Oct 2007 From: KL  
|
QUOTE(mamakap @ Jul 10 2016, 07:01 AM) Just ordered hEX RB750Gr2, anyone can point out where to get the latest setting firewall with Unifi? KLSeet website basic firewall setup is a bit outdated. Check the Mikrotik forums. There are ongoing discussions about essential firewall rules there. I have no idea what's the best thing thing to do. I use a variation of klseet since that's what I started with. Added/removed rules over the years. Now it's just one big mess.   |
|
|
|
|
|
Jan 20 2017, 10:26 PM
Return to original view | IPv6 | Post
#182
|
|
All Stars
11,458 posts Joined: Oct 2007 From: KL
|
QUOTE(wanttotree @ Jan 19 2017, 09:28 PM) my status still stuck at 'searching'. is there any other setting i should look into? Do not request address, just prefix will do. If you turn on logging for dhcp, you'll it hanging at ia_na (requesting ipv6 address from TM) with no response from TM's DHCP.  This post has been edited by soonwai: Jan 20 2017, 10:46 PM |
|
|
Jan 20 2017, 11:00 PM
Return to original view | Post
#183
|
|
All Stars
11,458 posts Joined: Oct 2007 From: KL
|
QUOTE(wanttotree @ Jan 20 2017, 10:45 PM) Wow thats simple. Should i reboot? Or it will obtain an address right away? No other steps sir? No need to reboot. You should see your prefix already after applying the changes in /ipv6 address.If not check /ipv6 nd. This is mine: CODE 0 * interface=bridge-local ra-interval=3m20s-10m ra-delay=3s mtu=1480 reachable-time=unspecified retransmit-interval=unspecified ra-lifetime=30m hop-limit=unspecified advertise-mac-address=yes advertise-dns=yes managed-address-configuration=no other-configuration=no I might have missed something but I think that's about it. It's been awhile since I last used ipv6. I normally have it disabled. Oooh, CCR, respect, mate.  This post has been edited by soonwai: Jan 20 2017, 11:23 PM |
|
|
Jan 25 2017, 09:49 PM
Return to original view | Post
#184
|
|
All Stars
11,458 posts Joined: Oct 2007 From: KL
|
QUOTE(wanttotree @ Jan 25 2017, 10:09 AM) 2 days ago i subbed to expressvpn to connect to mikrotik l2tp client. Got it connected easy. I am able to access netflix through their server in LA, i am having mixed feelings with the speed though. Getting around 9-10mbps down through the l2tp. So i went ahead connect the exact same server through l2tp on my mac and what i saw was bittersweet. It hit 25mbps easily and climb up to 44mbps almost saturating my unifi line. I am running 9core ccr, but i cant hit more than 15mbps through it. Need some advice from sifus here please. Just shooting in the dark here, not much exp with VPNs but what are your MRU & MTU values? It could be fragmentation. Any recommended values from ExpressVPN. I've believe RouterOS is only capable of running 1 tunnel on 1 core. Even then it shouldn't be as slow as 15mbps. |
|
|
Feb 1 2017, 04:53 PM
Return to original view | Post
#185
|
|
All Stars
11,458 posts Joined: Oct 2007 From: KL
|
QUOTE(wanttotree @ Jan 25 2017, 10:36 PM) Yes u are right sir. 15 is way too slow. I did lower mtu to 1270 last night i finally break 20mbps. Turns out i can only reach up to 40-44mbps only using openvpn thru udp. Which only can be done on my mac/pc. We all know mikrotik doesnt support that(sad). Dont know why l2tp is slower, i retried l2tp thru mac client and i can never go higher than 20mbps. So it was not the mikrotik problem(at least not l2tp). Anyway, i am wishing for openvpn udp full support in ros 7. Thank you bro @soonwai for yr help. Mikrotik forum is surprisingly not as supportive as i thought it would, thanx again lowyat. Cheers. Have you tried keeping MTU at default and lowering MRU? |
|
|
Feb 9 2017, 02:12 AM
Return to original view | Post
#186
|
|
All Stars
11,458 posts Joined: Oct 2007 From: KL
|
shengz My home's RB2011UAS is almost 4yrs old (bought Apr 2013), 800k writes, still OK. At one time I had it logging to a syslog server. A few months ago I set it to log to a USB thumbdrive. Yeah, I was worried about the nand also.
I have deployed about 50 RBs in various roles and except for 2 PSUs, none have died yet. Fingers crossed. |
|
|
|
|
|
Feb 10 2017, 12:26 AM
Return to original view | Post
#187
|
|
All Stars
11,458 posts Joined: Oct 2007 From: KL
|
QUOTE(Chongky @ Feb 9 2017, 10:38 PM) Hi, all, What Mikrotik? What video? What provider? WiFi or LAN? What speedtest result? What's your config?I have an issue with my Mikrotik. When watching video online, the streaming will lag. What's the setting I need to set ? Thanks. I had a similar prob once. It was due to too many Mangle rules in Firewall. Maybe that's your prob too. |
|
|
Feb 11 2017, 12:13 AM
Return to original view | Post
#188
|
|
All Stars
11,458 posts Joined: Oct 2007 From: KL
|
chongky Speedtest is good means not the router's problem already. Something wrong with TM (routes, congestion, sharks, etc...). I'm facing slow iTunes downloads. Let me try FB and see if I have the same prob. Sorry, no idea about Outlook/Exchange.
FB for me seems OK (videos and all) iTunes going at 1-2mbps (small b) Steam OK Torrent OK Battle.net OK This post has been edited by soonwai: Feb 11 2017, 03:00 AM |
|
|
Feb 12 2017, 10:02 PM
Return to original view | Post
#189
|
|
All Stars
11,458 posts Joined: Oct 2007 From: KL
|
QUOTE(wanttotree @ Jan 20 2017, 07:53 PM) okay cool. will try to reboot and see if it works, got bored last night and i experiment with configuring my hypptv port so i can traffic internet on the same port. so now i can get hypptv and internet through one port(smart switch on the other end). i did this because i only want to pull one ethernet upstairs for tv inside my bedroom and extend my wired internet upstairs! which was around 50meters. happy with the result. =) wanttotree, I'm doing the same thing. I only pulled 1 cable during renovation and was using HomePlugs for HyppTV. That was before I discovered Mikrotik routers. Got rid of the homeplugs and trunked vlan 1 & 600 from my RB upstairs (my modem is upstairs) to my RB downstairs. I was just wondering how you are doing the vlan trunking. Are you using vlans and bridges? I'm using this method. Or are you doing it in the switch config on the RB.To be honest, I'm not sure if I'm doing the right way but it works so far. QUOTE(sikentut @ Feb 12 2017, 07:55 PM) guys,I have been trying to configure(using soonwai's and klseet's guide) my Mikrotik for ipv6 using Unifi but it keeps saying that the status is searching.Some help would really be appreciated Are you requesting both address and prefix? If so just prefix will do. If that doesn't help, post your config so we can have a look. Also confirm that ipv6 is already available in your area?QUOTE(Shengz @ Feb 12 2017, 02:00 PM) Guys, the usb port can support 2 usb modem? Or have to use powered usb hub? Hard to say but probably not for 2 modems. It really depends on how much power they need and how much the RB supplies. I don't think Mikrotik publishes this data but if they follow USB 2.0 specs then it should 500mA. At 5V, thats 2.5w.This post has been edited by soonwai: Feb 12 2017, 10:31 PM |
|
|
Feb 13 2017, 12:40 AM
Return to original view | Post
#190
|
|
All Stars
11,458 posts Joined: Oct 2007 From: KL
|
QUOTE(sikentut @ Feb 12 2017, 11:32 PM) Thanks soonwai, OK, let me try. Based on your screenshots:I've put my web fig settings below but am really scratching my head on where I went wrong here.I played around with the prefix bit but still nothing successful 1. For DHCPv6 Client, request only Prefix. (Try this and check ipv6 address and see if you get anything) 2. What's this screenshot? I'm using 6.38.1 so things might look different. 3. Disable the DHCPv6 server, Mikrotik's DHCPv6 Server only hands out prefixes and not addresses so it's of no use to the PCs in your lan. Your devices will get their IPv6 address via RA. 4. For ND, Neighbour Discovery, no need for "Interfaces: All", just your bridge-local is enough. And enable Advertise DNS. Do #1 first and see that you are assigned a Prefix from TM before going further. This post has been edited by soonwai: Feb 13 2017, 12:43 AM |
|
|
Feb 13 2017, 10:57 AM
Return to original view | Post
#191
|
|
All Stars
11,458 posts Joined: Oct 2007 From: KL
|
QUOTE(sikentut @ Feb 13 2017, 10:44 AM) I am on Unifi and have been using IPv6 since using Asus RT-N56U. Havent been able to figure out IPv6 on Mikrotik It shouldn't be this difficult. One more thing to check. Your UniFi PPPoE Client's Profile should have "Use IPv6: Yes". Or maybe post a "/export compact" then we can have a look. Don't forget to remove any credentials from the export.QUOTE(Shengz @ Feb 13 2017, 10:25 AM) Couldn't find any info how much do the devices draw the voltage either. Am asking because my multi plugs on the wall sockets are so full, and voltage regulator is on the multi plug, and few more multi plugs on the regulator. All fully occupied currently. I seriously worry about short circuit. I know what you mean. Same thing here. My daughter says I'm playing Minecraft with all the power blocks. QUOTE(Shengz) your modem support ipv6? Like mine, old adsl modem doesn't support, so no ipv6 for me. Thinking about this, the modem shouldn't matter right? I mean it's just a bridge. This post has been edited by soonwai: Feb 13 2017, 10:58 AM |
|
|
Feb 13 2017, 11:33 AM
Return to original view | Post
#192
|
|
All Stars
11,458 posts Joined: Oct 2007 From: KL
|
QUOTE(sikentut @ Feb 13 2017, 11:25 AM) 1.Am back to square one Your UniFi PPPoE Client's Profile have "Use IPv6: Yes"?Requesting merely prefix doesnt make it work ... Turn on logging for DHCP and see if there're any useful messages. Always possible that it's a prob with 6.39 RC, maybe you found a bug. |
|
|
Feb 13 2017, 02:06 PM
Return to original view | Post
#193
|
|
All Stars
11,458 posts Joined: Oct 2007 From: KL
|
QUOTE(sikentut @ Feb 13 2017, 12:00 PM) My client profile has IPv6 enabled Just had a quick look and looks OK to me.I have placed my settings at https://zerobin.net/?4010e0fb244dac68#vYnqT...uzmfdhvTLis4is= In /ipv6 address. do you get a local-link address for your pppoe client interface (Unifi in your case)? Like this: CODE 6 DL fe80::12/64 unifi no " I didn't check the firewall rules. You have a lot of them. Could be something in there. Try disabling all filters for ipv4 and ipv6 and see what happens. If that doesn't help, I'm out of ideas. This post has been edited by soonwai: Feb 13 2017, 02:06 PM |
|
|
|
|
|
Feb 13 2017, 02:17 PM
Return to original view | Post
#194
|
|
All Stars
11,458 posts Joined: Oct 2007 From: KL
|
sikentut Ignore my previous post and try this. Add this rule in /ipv6 firewall filter. Make sure it's before the Drop Input rule that you already have.
CODE /ipv6 firewall filter add action=accept chain=input dst-port=546 in-interface=unifi protocol=udp src-address=fe80::/16 This post has been edited by soonwai: Feb 13 2017, 02:21 PM |
|
|
Feb 13 2017, 06:34 PM
Return to original view | Post
#195
|
|
All Stars
11,458 posts Joined: Oct 2007 From: KL
|
QUOTE(sikentut @ Feb 13 2017, 03:14 PM) Thank you Soonwai.It works perfectly! No problem. Glad it worked. For those who might be interested, the above rule accepts traffic to port 546 which is the DHCP client port. Without that rule, traffic to the input chain is dropped by the catch-all input chain drop rule and the dhcpv6-client never sees any reply. This post has been edited by soonwai: Feb 14 2017, 06:08 AM |
|
|
Feb 15 2017, 02:51 PM
Return to original view | Post
#196
|
|
All Stars
11,458 posts Joined: Oct 2007 From: KL
|
I've been spending much time trying to wrap my head around VLANs and I still don't fully grasp everything yet.
Anyway I've got BTU <--> RB2011#1 <--vlan trunk--> RB2001#2 --> HyppTV. RB2011#1 = Router and AP RB2011#2 = Switch and AP 1. Up to now, I've been trunking HyppTV (vlan600) and LAN traffic (vlan1) from one RB to the other. I'm using VLANs and bridges. OK, this works. 2. Last night, I configured RB2001#2 to use the switch chip for the vlans instead of bridges. This works too but I had to put my LAN onto vlan50. Couldn't get it to work with vlan1. So now I'm trunking vlan600 and vlan50. This works too. 3. Next I want to use the switch chip on the main router RB2011#1 to handle the vlans. Stuck on this at the moment. I'm so stuck I don't even know what questions to ask yet so I'll just leave this here for now. This post has been edited by soonwai: Feb 16 2017, 01:13 AM |
|
|
Feb 16 2017, 01:52 AM
Return to original view | Post
#197
|
|
All Stars
11,458 posts Joined: Oct 2007 From: KL
|
I'm still working on RB2011#2, the vlan switching works but having probs getting wlan working. Hopefully someone can help.
Everything is working using the switch chip. <---vlan600/vlan50 trunk (ether1)---> RB2011#2 <--> (ether2 PC) (ether5 Hypptv) Below is my config: » Click to show Spoiler - click again to hide... « I'm trying to figure out how to setup wlan1 which is also on vlan50. 1. I've tried following this: http://www.breekeenbeen.nl/2014/12/11/mikr...thout-bridging/ There's a section in it that explains how to add wlan1 but it doesn't work. wlan1 does not see my dhcp server on vlan50. It's for the CRS but concepts should be the same right? Anyway I tried it and this is the additional code. CODE /interface vlan add name=vlan50 interface=ether1 vlan-id=50 /interface bridge add name=bridge-vlan50 /interface bridge port add bridge=bridge-vlan50 interface=vlan50 /interface bridge port add bridge=bridge-vlan50 interface=wlan1 I also tried creating the vlan50 on the bridge, didn't work. 2. Next I undid the above and tried to bridge ether1 and wlan1. CODE /interface bridge add name=bridge1 /interface bridge port add bridge=bridge1 interface=wlan1 add bridge=bridge1 interface=ether1 This lagi worse. As soon as I add ether1 to the bridge. All traffic stops. HyppTV stops, PC no more internet. Any ideas? This post has been edited by soonwai: Feb 16 2017, 01:55 AM |
|
|
Feb 17 2017, 05:57 PM
Return to original view | Post
#198
|
|
All Stars
11,458 posts Joined: Oct 2007 From: KL
|
rioven Thanks for the suggestion. Haven't had time to try it yet. Probably do so tonight.
I have another question. My simple switched vlan config is already working for vlan 50 (LAN traffic) and vlan 600 (HyppTV). Working config is below. Just ether1, 2 & 5, switched vlans 50 & 600, no wlans or bridges yet. CODE /interface ethernet set [ find default-name=ether2 ] master-port=ether1 set [ find default-name=ether5 ] master-port=ether1 set [ find default-name=sfp1 ] disabled=yes /interface ethernet switch vlan # vlan 50 LAN # vlan 600 IPTV add independent-learning=no ports=ether1,ether5 switch=switch1 vlan-id=600 add independent-learning=no ports=ether1,ether2,switch1-cpu switch=switch1 vlan-id=50 /interface ethernet switch port #ether1 vlan 50 600 Trunk Port set 1 vlan-header=add-if-missing vlan-mode=secure #ether2 vlan 50 Access Port set 2 default-vlan-id=50 vlan-header=always-strip vlan-mode=secure #ether5 vlan 600 Access Port set 5 default-vlan-id=600 vlan-header=always-strip vlan-mode=secure #eswitch1-cpu vlan 50 set 11 default-vlan-id=50 vlan-mode=secure ether1 is the trunk port for vlan 50 and vlan 600 ether2 is the access port for vlan 50 (My Mac is here) ether5 is the access port for vlan 600 (The IPTV set-top box) *vlan 50 is my LAN traffic and vlan 600 is IPTV. Both vlans are coming from another RB. So later I want to add wlan1. I thought I'd start by creating a bridge. After that I added ether1 to the bridge. CODE /interface bridge add name=bridge1 /interface bridge port add bridge=bridge1 interface=ether1 As soon as I add ether1 as a port, everything stops working ie: all traffic for ether1, 2 & 5 stops. My question is why does all traffic stop when I add ether1 as a port to that bridge? What am I doing wrong? This post has been edited by soonwai: Feb 17 2017, 06:00 PM |
|
|
Feb 19 2017, 07:18 PM
Return to original view | IPv6 | Post
#199
|
|
All Stars
11,458 posts Joined: Oct 2007 From: KL
|
If anyone feels bored with their Routerboards, check out:
https://lede-project.org Custom firmware for Mikrotik RBs based on OpenWRT. Also available for other router makes. This post has been edited by soonwai: Feb 19 2017, 08:29 PM |
|
|
Feb 20 2017, 01:13 AM
Return to original view | Post
#200
|
|
All Stars
11,458 posts Joined: Oct 2007 From: KL
|
QUOTE(rioven @ Feb 18 2017, 05:46 PM) I'm still out of idea why the traffic stops when bridge wlan and ether1 (so im leave this part until i got better idea..sorry). anyway let me know if any progress of wlan, did use tag solve the problem or not Hi rioven, the problem with the bridge traffic stopping seems to be due to STP changes in 6.38. I'm using 6.38.1. Quite a few posts on the Mikrotik forums about it. I think 6.39RC solves it but I haven't tried yet. QUOTE(rioven @ Feb 16 2017, 02:42 AM) Might not best solutions, but it may work (this is at wlan1 setting, wireless tab) I have to keep wlan1 untagged. If I tag it as 50, it doesn't work. If No Tag then it works. wlan1 is a port in bridge-vlan50.change "vlan mode=use tag, vlan-id=50" QUOTE /ip dhcp-client I removed this. I don't need an IP address on the RB#2 anyway. Before I removed it, I did some testing, the DHCP client works only on ether1 and not on bridge-vlan50 nor on vlan50.add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=ether1<--not sure will grab ip from ether1, if change to vlan50..maybe QUOTE /interface bridge add name=bridge1 Haven't tested the switch1-cpu but current config switch1-cpu is working so I just leave it be for now./interface bridge port add bridge=bridge1 interface=wlan1 add bridge=bridge1 interface=ether1 # switch1-cpu set 11 default-vlan-id=50 vlan-mode=secure<--this config, im not that sure, i maybe change vlan-mode=check and remove default-vlan-id edit: change to better answer, twice |
| Change to: |  0.0275sec
 0.42
 7 queries
 GZIP Disabled
Time is now: 8th December 2025 - 09:24 AM |
Quote