Enterprise Networking Mikrotik Routers (RouterBoard & RouterOS), User and owner discussion group
|
|
 Oct 31 2021, 06:58 PM
Show posts by this member only | IPv6 | Post
#2361
|
 
Senior Member
2,400 posts Joined: Jul 2009 From: /dev/null  
|
QUOTE(Gaara92 @ Oct 29 2021, 09:20 PM) Just bought the GPON on your link haha. Sebelum ni tak sempat beli, nanti nak follow guide flashing kat github. Try get 10G SFP like RB4011 / RB5009, it seem can force 2.5Gbps you can explore TM OLT from SFP: 
» Click to show Spoiler - click again to hide... « Gaara92 liked this post
|
|
|
|
|
|
Nov 1 2021, 12:45 AM
|
Senior Member
1,941 posts Joined: Jan 2003
|
QUOTE(asellus @ Oct 29 2021, 09:12 PM) So that WAN network doesn't have to waste CPU-switch 10Gbps link capacity. With RB4011, I put WAN interface on the SFP+ cage, and all Internet traffic has its own dedicated lane to the CPU (for routing et. al), before going to the two port-multipliers through their own dedicated 2.5Gb links. For RB5009, no matter if you use 2.5Gb port or the SFP+ for WAN interface, all raw Internet traffic will go through the 10Gbps link first for routing or other things before going through the 10Gbps link again to the switches. I can't see the dedicated full-duplex 10Gbps Switch<->CPU has disadvantages on RB5011.RB4011 block diagram consists of 2.5 + 2.5 + 10Gbps connecting to CPU so technically it's only 5 Gbps max transfer speed provided you are transferring from SFP+ -> SW1 (2.5Gbps) + SW2 (2.5Gbps)... assuming SFP+ is used for WAN, you'll be using 1Gbps at max... With SFP+ transfer at full 1Gbps speed, still... you have a spare 9Gbps compare to 2.5+2.5 in RB4011. I personally think RB5011 have a better network flow. This post has been edited by thankyou: Nov 1 2021, 12:49 AM |
|
|
Nov 1 2021, 11:49 PM
|
Junior Member
612 posts Joined: Mar 2008
|
QUOTE(thankyou @ Nov 1 2021, 12:45 AM) I can't see the dedicated full-duplex 10Gbps Switch<->CPU has disadvantages on RB5011. You mean RB5009, there is no RB5011 haha. Anyhow the chart showing that packets flow is more promising on the latest RB5009RB4011 block diagram consists of 2.5 + 2.5 + 10Gbps connecting to CPU so technically it's only 5 Gbps max transfer speed provided you are transferring from SFP+ -> SW1 (2.5Gbps) + SW2 (2.5Gbps)... assuming SFP+ is used for WAN, you'll be using 1Gbps at max... With SFP+ transfer at full 1Gbps speed, still... you have a spare 9Gbps compare to 2.5+2.5 in RB4011. I personally think RB5011 have a better network flow. |
|
|
Nov 2 2021, 12:39 AM
|
|
Senior Member
1,941 posts Joined: Jan 2003
|
QUOTE(Gaara92 @ Nov 1 2021, 11:49 PM) You mean RB5009, there is no RB5011 haha. Anyhow the chart showing that packets flow is more promising on the latest RB5009 Oh yea! thank you for the correction! |
|
|
Nov 2 2021, 03:13 PM
|
Junior Member
565 posts Joined: Oct 2007 From: MARS
|
anyone can guide how to make setup pihole as DNS server in mikrotik device ?
|
|
|
Nov 2 2021, 04:00 PM
|
Senior Member
1,882 posts Joined: Sep 2017
|
QUOTE(wong_86 @ Nov 2 2021, 03:13 PM) anyone can guide how to make setup pihole as DNS server in mikrotik device ? U mean u want to change the DHCP DNS setting or setup the pihole DNS service on Mikrotik router? |
|
|
|
|
|
Nov 2 2021, 04:22 PM
|
|
Junior Member
565 posts Joined: Oct 2007 From: MARS
|
QUOTE(go626201 @ Nov 2 2021, 04:00 PM) U mean u want to change the DHCP DNS setting or setup the pihole DNS service on Mikrotik router? I already set pihole IP in DHCP server but unable to resolve address, i stuck in firewall there, try route all DNS service to Pihole to resolve.This post has been edited by wong_86: Nov 2 2021, 04:22 PM |
|
|
Nov 2 2021, 04:27 PM
|
|
Junior Member
612 posts Joined: Mar 2008
|
QUOTE(wong_86 @ Nov 2 2021, 04:22 PM) I already set pihole IP in DHCP server but unable to resolve address, i stuck in firewall there, try route all DNS service to Pihole to resolve. try exporting your firewall configuration and paste it here. Use this command on mikrotik terminalCODE /ip firewall filter export hide-sensitive CODE /ip firewall nat export hide-sensitive |
|
|
Nov 2 2021, 04:42 PM
|
|
Junior Member
565 posts Joined: Oct 2007 From: MARS
|
QUOTE(Gaara92 @ Nov 2 2021, 04:27 PM) try exporting your firewall configuration and paste it here. Use this command on mikrotik terminal CODE /ip firewall filter export hide-sensitive CODE /ip firewall nat export hide-sensitive CODE [admin@MikroTik] > /ip firewall filter export hide-sensitive # nov/02/2021 14:45:25 by RouterOS 6.49 # software id = 17RT-CD2Q # # model = RBD52G-5HacD2HnD # serial number = /ip firewall filter add action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untracked add action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalid add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp add action=accept chain=input comment=\ "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1 add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LAN add action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsec add action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsec add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related add action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untracked add action=drop chain=forward comment="defconf: drop invalid" connection-state=\ invalid add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \ connection-nat-state=!dstnat connection-state=new in-interface-list=WAN CODE /ip firewall nat # no interface add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface=Unifi add action=dst-nat chain=dstnat dst-address=!192.168.88.253 dst-port=53 protocol=udp src-address=!192.168.88.253 to-addresses=192.168.88.253 add action=dst-nat chain=dstnat dst-address=!192.168.88.253 dst-port=53 protocol=tcp src-address=!192.168.88.253 to-addresses=192.168.88.253 add action=masquerade chain=srcnat dst-address=192.168.88.253 dst-port=53 protocol=udp src-address=192.168.88.0/24 add action=masquerade chain=srcnat dst-address=192.168.88.253 dst-port=53 protocol=tcp src-address=192.168.88.0/24 192.168.88.253 is Pihole IP This post has been edited by wong_86: Nov 2 2021, 04:44 PM |
|
|
Nov 2 2021, 05:39 PM
|
|
Junior Member
612 posts Joined: Mar 2008
|
CODE add action=dst-nat chain=dstnat dst-address=!192.168.88.253 dst-port=53 protocol=udp src-address=!192.168.88.253 to-addresses=192.168.88.253 add action=dst-nat chain=dstnat dst-address=!192.168.88.253 dst-port=53 protocol=tcp src-address=!192.168.88.253 to-addresses=192.168.88.253 add action=masquerade chain=srcnat dst-address=192.168.88.253 dst-port=53 protocol=udp src-address=192.168.88.0/24 add action=masquerade chain=srcnat dst-address=192.168.88.253 dst-port=53 protocol=tcp src-address=192.168.88.0/24 these 4 lines change it to: CODE add action=dst-nat chain=dstnat dst-port=53 protocol=udp src-address=!192.168.88.253 to-addresses=192.168.88.253 to-ports=53 add action=dst-nat chain=dstnat dst-port=53 protocol=tcp src-address=!192.168.88.253 to-addresses=192.168.88.253 to-ports=53 add action=masquerade chain=srcnat dst-address=192.168.88.253 dst-port=53 protocol=udp src-address=!192.168.88.253 add action=masquerade chain=srcnat dst-address=192.168.88.253 dst-port=53 protocol=tcp src-address=!192.168.88.253 Your dst-nat dont need to put dst address, just needed the source and to-address. This post has been edited by Gaara92: Nov 2 2021, 05:45 PM |
|
|
Nov 4 2021, 05:59 PM
Show posts by this member only | IPv6 | Post
#2371
|
|
Junior Member
818 posts Joined: Jul 2008 From: Kota Kinabalu <-> Kuala Lumpur
|
anyone know where i can buy touch screen replacement for rb2011UiAS-2HnD-IN locally?
|
|
|
Nov 5 2021, 04:56 PM
|
Senior Member
1,635 posts Joined: May 2005
|
Hi Sifu, I used to use pfsense for more that 10 years. But I am going to turn off my VM to reduce energy usage.
Please recommend me an entry-level of Mikrotik router to achieve function below. I am subscribing to 300Mbps Tm UniFi. 1. Site-to-Site VPN to Surfshark with destination route for certain websites via the VPN tunnel. 2. Road warrior VPN, prefer OpenVPN/Wireguard. 3. Block access to certain websites at certain hour. 4. Working well with TP-Link Deco X20 AP Mode. 5. VLAN separation for IoT/Security devices. Thank you.  |
|
|
Nov 5 2021, 05:33 PM
|
|
Senior Member
1,882 posts Joined: Sep 2017
|
QUOTE(loonsave @ Nov 5 2021, 04:56 PM) Hi Sifu, I used to use pfsense for more that 10 years. But I am going to turn off my VM to reduce energy usage. hAP ac2 (Disable Wifi function) should be enough for your usage. (hEX should also suitable but CPU will be a bit weaker)Please recommend me an entry-level of Mikrotik router to achieve function below. I am subscribing to 300Mbps Tm UniFi. 1. Site-to-Site VPN to Surfshark with destination route for certain websites via the VPN tunnel. 2. Road warrior VPN, prefer OpenVPN/Wireguard. 3. Block access to certain websites at certain hour. 4. Working well with TP-Link Deco X20 AP Mode. 5. VLAN separation for IoT/Security devices. Thank you. |
|
|
|
|
|
Nov 6 2021, 10:22 AM
|
|
Senior Member
1,635 posts Joined: May 2005
|
QUOTE(go626201 @ Nov 5 2021, 05:33 PM) hAP ac2 (Disable Wifi function) should be enough for your usage. (hEX should also suitable but CPU will be a bit weaker) Thank you. I will have a look at the recommended model. |
|
|
Nov 6 2021, 10:52 PM
|
|
Junior Member
612 posts Joined: Mar 2008
|
QUOTE(loonsave @ Nov 5 2021, 04:56 PM) Hi Sifu, I used to use pfsense for more that 10 years. But I am going to turn off my VM to reduce energy usage. What is your budget? If below rm1k then get the latest new model RB5009 equipped with 10Gbps SFP+ FTW. Otherwise you can get a hEX S, or hAP ac2 or hAP ac3. But it would be a waste since you already got your own Deco AP, get an RB5009 instead it is using native RouterOS v7 already and support WireGuard and ZeroTier also! Please recommend me an entry-level of Mikrotik router to achieve function below. I am subscribing to 300Mbps Tm UniFi. 1. Site-to-Site VPN to Surfshark with destination route for certain websites via the VPN tunnel. 2. Road warrior VPN, prefer OpenVPN/Wireguard. 3. Block access to certain websites at certain hour. 4. Working well with TP-Link Deco X20 AP Mode. 5. VLAN separation for IoT/Security devices. Thank you.  |
|
|
Nov 6 2021, 11:22 PM
|
|
Senior Member
1,882 posts Joined: Sep 2017
|
QUOTE(Gaara92 @ Nov 6 2021, 10:52 PM) What is your budget? If below rm1k then get the latest new model RB5009 equipped with 10Gbps SFP+ FTW. Otherwise you can get a hEX S, or hAP ac2 or hAP ac3. But it would be a waste since you already got your own Deco AP, get an RB5009 instead it is using native RouterOS v7 already and support WireGuard and ZeroTier also! Currently ROS7 still at beta stage... IPv6- DHCPv6 PD not working for Unifi. Better wait for 6month later to get ROS7 only device...So i suggest in current state and for his requirements just get a device that cost about RM300 is enough for now since it is his first time to join Mikrotik. |
|
|
Nov 7 2021, 12:15 AM
|
|
Junior Member
612 posts Joined: Mar 2008
|
QUOTE(go626201 @ Nov 6 2021, 11:22 PM) Currently ROS7 still at beta stage... IPv6- DHCPv6 PD not working for Unifi. Better wait for 6month later to get ROS7 only device... Why would you use DHCPv6? Isn't unifi provide IPv6 using stateless SLAAC mode?So i suggest in current state and for his requirements just get a device that cost about RM300 is enough for now since it is his first time to join Mikrotik. |
|
|
Nov 7 2021, 12:49 AM
|
|
Senior Member
1,882 posts Joined: Sep 2017
|
QUOTE(Gaara92 @ Nov 7 2021, 12:15 AM) Why would you use DHCPv6? Isn't unifi provide IPv6 using stateless SLAAC mode? Emm actually i not sure,i just follow soonwai 's tutorial to use IPv6 on ROS6,but currently the same way on ROS7 is not working,waiting Mikrotik to fix it. |
|
|
Nov 7 2021, 11:47 AM
|
|
Senior Member
1,635 posts Joined: May 2005
|
QUOTE(Gaara92 @ Nov 6 2021, 10:52 PM) What is your budget? If below rm1k then get the latest new model RB5009 equipped with 10Gbps SFP+ FTW. Otherwise you can get a hEX S, or hAP ac2 or hAP ac3. But it would be a waste since you already got your own Deco AP, get an RB5009 instead it is using native RouterOS v7 already and support WireGuard and ZeroTier also! My budget below RM400. I will check hAP ac2/ac3. Thank you. |
|
|
Nov 7 2021, 12:38 PM
Show posts by this member only | IPv6 | Post
#2380
|
All Stars
11,459 posts Joined: Oct 2007 From: KL
|
QUOTE(go626201 @ Nov 7 2021, 12:49 AM) Emm actually i not sure,i just follow soonwai 's tutorial to use IPv6 on ROS6,but currently the same way on ROS7 is not working,waiting Mikrotik to fix it. Getting RB5009 soon. Later I check how to configure IPv6 or why it doesn’t work. I also follow the guides previously posted. |
| Change to: |  0.0201sec
 0.81
 6 queries
 GZIP Disabled
Time is now: 21st December 2025 - 07:38 PM |
Quote