Mikrotik Routers (RouterBoard & RouterOS)

Lowyat.NET forums

Lowyat.NET Kopitiam Garage Sales

Lowyat.NET Rules and Regulations FAQ Help Search Members

Welcome Guest ( Log In | Register )

Lowyat.NET -> Networks and Broadband

Bump Topic Add Reply RSS Feed

176 Pages « < 117 118 119 120 > » Bottom

Outline · [ Standard ] · Linear+

Enterprise Networking Mikrotik Routers (RouterBoard & RouterOS), User and owner discussion group

views

Gaara92	Oct 29 2021, 09:00 PM Show posts by this member only \| Post #2351
Herald Junior Member 612 posts Joined: Mar 2008	QUOTE(asellus @ Oct 22 2021, 12:05 AM) If the SFP+ cage or the 2.5G Ethernet port are directly connected to the CPU (the CPU supports them), then I would have bought it. Therefore, my plan is to just upgrade RB4011iGS to routerOS 7 when it become final. what is the advantages of having the higher speed port connected to the cpu itself? I have seen the comparison in the video it says the performance is doubled compared to rb4011?
Card PM	Report Top Like Quote Reply

asellus	Oct 29 2021, 09:12 PM Show posts by this member only \| Post #2352
#gompusas Elite 4,541 posts Joined: Jan 2003 From: BSRPPG51 Access Concentrator	QUOTE(Gaara92 @ Oct 29 2021, 09:00 PM) what is the advantages of having the higher speed port connected to the cpu itself? I have seen the comparison in the video it says the performance is doubled compared to rb4011? So that WAN network doesn't have to waste CPU-switch 10Gbps link capacity. With RB4011, I put WAN interface on the SFP+ cage, and all Internet traffic has its own dedicated lane to the CPU (for routing et. al), before going to the two port-multipliers through their own dedicated 2.5Gb links. For RB5009, no matter if you use 2.5Gb port or the SFP+ for WAN interface, all raw Internet traffic will go through the 10Gbps link first for routing or other things before going through the 10Gbps link again to the switches.
Card PM	Report Top Like Quote Reply

Gaara92	Oct 29 2021, 09:16 PM Show posts by this member only \| Post #2353
Herald Junior Member 612 posts Joined: Mar 2008	QUOTE(asellus @ Oct 29 2021, 09:12 PM) So that WAN network doesn't have to waste CPU-switch 10Gbps link capacity. With RB4011, I put WAN interface on the SFP+ cage, and all Internet traffic has its own dedicated lane to the CPU (for routing et. al), before going to the two port-multipliers through their own dedicated 2.5Gb links. For RB5009, no matter if you use 2.5Gb port or the SFP+ for WAN interface, all raw Internet traffic will go through the 10Gbps link first for routing or other things before going through the 10Gbps link again to the switches. I think they make the cpu to utilize the container package as v7 can have containers run on it. Otherwise why would the did not put any load on the cpu?
Card PM	Report Top Like Quote Reply

Gaara92	Oct 29 2021, 09:20 PM Show posts by this member only \| Post #2354
Herald Junior Member 612 posts Joined: Mar 2008	QUOTE(Anime4000 @ Oct 23 2021, 03:26 PM) I see, if doing home server should be enough, since switch chip run at 10Gb and GPON ONU SFP Stick run at 1Gb. I been trying EdgeRouter 12 and RB3011UiAS, I prefer Mikrotik way to setting networking, also, when set PPPoE MTU to 1500 bytes, IPv6 on ER12 quite broken, currently my ER12 1500 bytes on IPv4 & 1492 bytes on IPv6, for Mikrotik, 1500 bytes on both IPv4 and IPv6. Just bought the GPON on your link haha. Sebelum ni tak sempat beli, nanti nak follow guide flashing kat github. Anime4000 and afif92 liked this post
Card PM	Report Top Like Quote Reply

Jjuggler	Oct 30 2021, 02:34 PM Show posts by this member only \| Post #2355
Narcissistic Genius Senior Member 1,343 posts Joined: Dec 2016	Migrated from ASUS to MikroTik. This is my second time purchasing the same model, RB750Gr3. Well, since I am using 100Mbps package, I start with the cheapest gear first. Happy with my purchase. As for the WAP, I settled down with Ubiquiti's UAP-AC-Lite, and currently waiting the unit to arrive. Both units purchased from subtlc, and the product page of both units are as follows: UAP-AC-Lite & RB750Gr3
Card PM	Report Top Like Quote Reply

simon82	Oct 30 2021, 06:06 PM Show posts by this member only \| Post #2356
On my way Senior Member 567 posts Joined: Nov 2004	I just bought a used gr3... for beginners, it quite hard to do all the settings... so many functions available.. anyway... i tried to use vpn client in one of my pc... the downloading speed is horrible... is there a way to improve the performance of vpn... I saw in the vpn connection details... it stated IKEv2 protocol... my internet is 300mbps D/50mbps U and is getting 1-5MB download speed...
Card PM	Report Top Like Quote Reply

Selectt	Oct 30 2021, 08:52 PM Show posts by this member only \| IPv6 \| Post #2357
wattttt!! Senior Member 1,712 posts Joined: Aug 2009	what enterprise feature for this device that is important for SME?
Card PM	Report Top Like Quote Reply

Gaara92	Oct 31 2021, 12:42 AM Show posts by this member only \| Post #2358
Herald Junior Member 612 posts Joined: Mar 2008	QUOTE(simon82 @ Oct 30 2021, 06:06 PM) I just bought a used gr3... for beginners, it quite hard to do all the settings... so many functions available.. anyway... i tried to use vpn client in one of my pc... the downloading speed is horrible... is there a way to improve the performance of vpn... I saw in the vpn connection details... it stated IKEv2 protocol... my internet is 300mbps D/50mbps U and is getting 1-5MB download speed... recheck your configuration. I have been using L2TP/IPsec over 100Mbps unifi plan so far I got full speed.
Card PM	Report Top Like Quote Reply

Gaara92	Oct 31 2021, 12:44 AM Show posts by this member only \| Post #2359
Herald Junior Member 612 posts Joined: Mar 2008	QUOTE(Selectt @ Oct 30 2021, 08:52 PM) what enterprise feature for this device that is important for SME? Most of it you can set VLAN, VPN server and clients, some scripting for remote or monitoring. You can do eveything in Mikrotik, even the latest beta version 7 you can run docker container. Anime4000 and Selectt liked this post
Card PM	Report Top Like Quote Reply

simon82	Oct 31 2021, 11:14 AM Show posts by this member only \| Post #2360
On my way Senior Member 567 posts Joined: Nov 2004	QUOTE(Gaara92 @ Oct 31 2021, 12:42 AM) recheck your configuration. I have been using L2TP/IPsec over 100Mbps unifi plan so far I got full speed. kindly advise that to check...
Card PM	Report Top Like Quote Reply

Anime4000	Oct 31 2021, 06:58 PM Show posts by this member only \| IPv6 \| Post #2361
Look at all my stars!! Senior Member 2,400 posts Joined: Jul 2009 From: /dev/null	QUOTE(Gaara92 @ Oct 29 2021, 09:20 PM) Just bought the GPON on your link haha. Sebelum ni tak sempat beli, nanti nak follow guide flashing kat github. Try get 10G SFP like RB4011 / RB5009, it seem can force 2.5Gbps you can explore TM OLT from SFP: » Click to show Spoiler - click again to hide... « CODE LUT address: 0x000c (1K LUT) L2 Unicast table: MACAddress Spa Fid Age Vid State Ext Hash 00:00:00:01:00:02 3 0 1 0 Static 0 SVL CtagIf Auth DaBlock SaBlock Arp Dis Dis Dis Dis Dis LUT address: 0x00fc (1K LUT) L2 Unicast table: MACAddress Spa Fid Age Vid State Ext Hash 00:00:5E:00:01:60 2 0 6 500 Auto 0 SVL CtagIf Auth DaBlock SaBlock Arp En Dis Dis Dis Dis LUT address: 0x0258 (1K LUT) L2 Unicast table: MACAddress Spa Fid Age Vid State Ext Hash 04:33:89:FE:8F:59 3 0 1 0 Static 0 SVL CtagIf Auth DaBlock SaBlock Arp Dis Dis Dis Dis Dis LUT address: 0x0264 (1K LUT) L2 Unicast table: MACAddress Spa Fid Age Vid State Ext Hash 00:15:5D:C0:FF:EE 0 0 7 621 Auto 0 SVL CtagIf Auth DaBlock SaBlock Arp En Dis Dis Dis Dis LUT address: 0x029c (1K LUT) L2 Unicast table: MACAddress Spa Fid Age Vid State Ext Hash F0:1C:2D:22:87:C3 2 0 7 600 Auto 0 SVL CtagIf Auth DaBlock SaBlock Arp En Dis Dis Dis Dis LUT address: 0x03a9 (1K LUT) L2 Unicast table: MACAddress Spa Fid Age Vid State Ext Hash 00:00:5E:00:01:B5 2 0 7 621 Auto 0 SVL CtagIf Auth DaBlock SaBlock Arp En Dis Dis Dis Dis Gaara92 liked this post
Card PM	Report Top Like Quote Reply

thankyou	Nov 1 2021, 12:45 AM Show posts by this member only \| Post #2362
Regular Senior Member 1,941 posts Joined: Jan 2003	QUOTE(asellus @ Oct 29 2021, 09:12 PM) So that WAN network doesn't have to waste CPU-switch 10Gbps link capacity. With RB4011, I put WAN interface on the SFP+ cage, and all Internet traffic has its own dedicated lane to the CPU (for routing et. al), before going to the two port-multipliers through their own dedicated 2.5Gb links. For RB5009, no matter if you use 2.5Gb port or the SFP+ for WAN interface, all raw Internet traffic will go through the 10Gbps link first for routing or other things before going through the 10Gbps link again to the switches. I can't see the dedicated full-duplex 10Gbps Switch<->CPU has disadvantages on RB5011. RB4011 block diagram consists of 2.5 + 2.5 + 10Gbps connecting to CPU so technically it's only 5 Gbps max transfer speed provided you are transferring from SFP+ -> SW1 (2.5Gbps) + SW2 (2.5Gbps)... assuming SFP+ is used for WAN, you'll be using 1Gbps at max... With SFP+ transfer at full 1Gbps speed, still... you have a spare 9Gbps compare to 2.5+2.5 in RB4011. I personally think RB5011 have a better network flow. This post has been edited by thankyou: Nov 1 2021, 12:49 AM
Card PM	Report Top Like Quote Reply

Gaara92	Nov 1 2021, 11:49 PM Show posts by this member only \| Post #2363
Herald Junior Member 612 posts Joined: Mar 2008	QUOTE(thankyou @ Nov 1 2021, 12:45 AM) I can't see the dedicated full-duplex 10Gbps Switch<->CPU has disadvantages on RB5011. RB4011 block diagram consists of 2.5 + 2.5 + 10Gbps connecting to CPU so technically it's only 5 Gbps max transfer speed provided you are transferring from SFP+ -> SW1 (2.5Gbps) + SW2 (2.5Gbps)... assuming SFP+ is used for WAN, you'll be using 1Gbps at max... With SFP+ transfer at full 1Gbps speed, still... you have a spare 9Gbps compare to 2.5+2.5 in RB4011. I personally think RB5011 have a better network flow. You mean RB5009, there is no RB5011 haha. Anyhow the chart showing that packets flow is more promising on the latest RB5009
Card PM	Report Top Like Quote Reply

thankyou	Nov 2 2021, 12:39 AM Show posts by this member only \| Post #2364
Regular Senior Member 1,941 posts Joined: Jan 2003	QUOTE(Gaara92 @ Nov 1 2021, 11:49 PM) You mean RB5009, there is no RB5011 haha. Anyhow the chart showing that packets flow is more promising on the latest RB5009 Oh yea! thank you for the correction!
Card PM	Report Top Like Quote Reply

wong_86	Nov 2 2021, 03:13 PM Show posts by this member only \| Post #2365
DUDE Junior Member 565 posts Joined: Oct 2007 From: MARS	anyone can guide how to make setup pihole as DNS server in mikrotik device ?
Card PM	Report Top Like Quote Reply

go626201	Nov 2 2021, 04:00 PM Show posts by this member only \| Post #2366
Regular Senior Member 1,882 posts Joined: Sep 2017	QUOTE(wong_86 @ Nov 2 2021, 03:13 PM) anyone can guide how to make setup pihole as DNS server in mikrotik device ? U mean u want to change the DHCP DNS setting or setup the pihole DNS service on Mikrotik router?
Card PM	Report Top Like Quote Reply

wong_86	Nov 2 2021, 04:22 PM Show posts by this member only \| Post #2367
DUDE Junior Member 565 posts Joined: Oct 2007 From: MARS	QUOTE(go626201 @ Nov 2 2021, 04:00 PM) U mean u want to change the DHCP DNS setting or setup the pihole DNS service on Mikrotik router? I already set pihole IP in DHCP server but unable to resolve address, i stuck in firewall there, try route all DNS service to Pihole to resolve. This post has been edited by wong_86: Nov 2 2021, 04:22 PM
Card PM	Report Top Like Quote Reply

Gaara92	Nov 2 2021, 04:27 PM Show posts by this member only \| Post #2368
Herald Junior Member 612 posts Joined: Mar 2008	QUOTE(wong_86 @ Nov 2 2021, 04:22 PM) I already set pihole IP in DHCP server but unable to resolve address, i stuck in firewall there, try route all DNS service to Pihole to resolve. try exporting your firewall configuration and paste it here. Use this command on mikrotik terminal CODE /ip firewall filter export hide-sensitive CODE /ip firewall nat export hide-sensitive
Card PM	Report Top Like Quote Reply

wong_86	Nov 2 2021, 04:42 PM Show posts by this member only \| Post #2369
DUDE Junior Member 565 posts Joined: Oct 2007 From: MARS	QUOTE(Gaara92 @ Nov 2 2021, 04:27 PM) try exporting your firewall configuration and paste it here. Use this command on mikrotik terminal CODE /ip firewall filter export hide-sensitive CODE /ip firewall nat export hide-sensitive CODE [admin@MikroTik] > /ip firewall filter export hide-sensitive # nov/02/2021 14:45:25 by RouterOS 6.49 # software id = 17RT-CD2Q # # model = RBD52G-5HacD2HnD # serial number = /ip firewall filter add action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untracked add action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalid add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp add action=accept chain=input comment=\ "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1 add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LAN add action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsec add action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsec add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related add action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untracked add action=drop chain=forward comment="defconf: drop invalid" connection-state=\ invalid add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \ connection-nat-state=!dstnat connection-state=new in-interface-list=WAN CODE /ip firewall nat # no interface add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface=Unifi add action=dst-nat chain=dstnat dst-address=!192.168.88.253 dst-port=53 protocol=udp src-address=!192.168.88.253 to-addresses=192.168.88.253 add action=dst-nat chain=dstnat dst-address=!192.168.88.253 dst-port=53 protocol=tcp src-address=!192.168.88.253 to-addresses=192.168.88.253 add action=masquerade chain=srcnat dst-address=192.168.88.253 dst-port=53 protocol=udp src-address=192.168.88.0/24 add action=masquerade chain=srcnat dst-address=192.168.88.253 dst-port=53 protocol=tcp src-address=192.168.88.0/24 192.168.88.253 is Pihole IP This post has been edited by wong_86: Nov 2 2021, 04:44 PM
Card PM	Report Top Like Quote Reply

Gaara92	Nov 2 2021, 05:39 PM Show posts by this member only \| Post #2370
Herald Junior Member 612 posts Joined: Mar 2008	CODE add action=dst-nat chain=dstnat dst-address=!192.168.88.253 dst-port=53 protocol=udp src-address=!192.168.88.253 to-addresses=192.168.88.253 add action=dst-nat chain=dstnat dst-address=!192.168.88.253 dst-port=53 protocol=tcp src-address=!192.168.88.253 to-addresses=192.168.88.253 add action=masquerade chain=srcnat dst-address=192.168.88.253 dst-port=53 protocol=udp src-address=192.168.88.0/24 add action=masquerade chain=srcnat dst-address=192.168.88.253 dst-port=53 protocol=tcp src-address=192.168.88.0/24 these 4 lines change it to: CODE add action=dst-nat chain=dstnat dst-port=53 protocol=udp src-address=!192.168.88.253 to-addresses=192.168.88.253 to-ports=53 add action=dst-nat chain=dstnat dst-port=53 protocol=tcp src-address=!192.168.88.253 to-addresses=192.168.88.253 to-ports=53 add action=masquerade chain=srcnat dst-address=192.168.88.253 dst-port=53 protocol=udp src-address=!192.168.88.253 add action=masquerade chain=srcnat dst-address=192.168.88.253 dst-port=53 protocol=tcp src-address=!192.168.88.253 Your dst-nat dont need to put dst address, just needed the source and to-address. This post has been edited by Gaara92: Nov 2 2021, 05:45 PM
Card PM	Report Top Like Quote Reply

« Next Oldest · Networks and Broadband · Next Newest »

176 Pages « < 117 118 119 120 > » Top

Add Reply Options

Change to:

0.0230sec

1.57

6 queries

GZIP Disabled
Time is now: 24th December 2025 - 05:13 PM

All Rights Reserved © 2002- 2025 Vijandren Ramadass (~unite against racism~)

Removal Request

Powered by Invision Power Board © 2025 IPS, Inc.