Enterprise Networking Mikrotik Routers (RouterBoard & RouterOS), User and owner discussion group
|
|
 Apr 4 2018, 08:00 PM
Return to original view | Post
#281
|
 
All Stars
11,456 posts Joined: Oct 2007 From: KL  
|
QUOTE(System Error Message @ Apr 4 2018, 03:34 AM) TM Unifi have IPV6 already? So we can have both IPV4 and IPV6 public addresses? Yeah, quite long already, since 3/4 years ago or thereabouts. |
|
|
|
|
|
Apr 12 2018, 06:45 PM
Return to original view | IPv6 | Post
#282
|
|
All Stars
11,456 posts Joined: Oct 2007 From: KL
|
QUOTE(iXora.ix @ Apr 12 2018, 10:54 AM) Hi guys, I need opinion to setup the hypp tv. I got rb3011(upstair handling pppoe) and spare rd750(downstairs to receive hypp tv). My question is can this two do vlan trunk? So both internet and vlan600 connection can pass-through using single cable, and from 750 i can output to normal internet and also vlan600 for hypp tv. In a hurry, so let me know if anything is not clear.Need advice, thanks. CODE # apr/12/2018 18:26:28 by RouterOS 6.42rc52 # model = RouterBOARD 750G r3 /interface bridge add admin-mac=xxxxxxxx auto-mac=no comment=defconf name=bridge1 vlan-filtering=yes /interface bridge port add bridge=bridge1 interface=ether2 pvid=50 add bridge=bridge1 interface=ether3-trunk1 add bridge=bridge1 interface=ether5-wan1 add bridge=bridge1 interface=bonding1 pvid=50 /interface bridge vlan add bridge=bridge1 tagged=ether3-trunk1,bridge1 untagged=ether2,bonding1 vlan-ids=50 add bridge=bridge1 tagged=ether5-wan1,ether3-trunk1,bridge1 vlan-ids=600 This is the bridge config on my main router, where Unifi is coming into. My VLANs: vlan600 for HyppTV. vlan50 for LAN traffic. There're 2 more vlans but can be ignored so I removed them from the above config. I don't have any untagged traffic. Most important: ether3-trunk1 is the trunk to my RB2011UAS downstairs. (trunk for vlan50 and vlan600) ether5-wan1 is connected to the BTU. ether2 is connected to a switch. (vlan50) ether1 and ether4 are bonded to another Mikrotik. Can ignore this. (vlan50) Downstairs, for the router on the other end of the trunk, you configure something similar to the above. CODE # apr/12/2018 18:40:00 by RouterOS 6.42rc52 # model = 2011UAS-2HnD /interface bridge add admin-mac=xxxxxxxx auto-mac=no name=bridge1 protocol-mode=none /interface bridge port add bridge=bridge1 interface=wlan1 add bridge=bridge1 interface=ether1 add bridge=bridge1 interface=ether6 add bridge=bridge1 interface=ether2 add bridge=bridge1 interface=ether5 add bridge=bridge1 interface=ether7 /interface ethernet switch port set 1 vlan-header=add-if-missing vlan-mode=secure set 2 default-vlan-id=50 vlan-header=always-strip vlan-mode=secure set 3 vlan-mode=secure set 5 default-vlan-id=600 vlan-header=always-strip vlan-mode=secure set 11 default-vlan-id=50 vlan-mode=secure /interface ethernet switch vlan add independent-learning=no ports=ether1,ether5 switch=switch1 vlan-id=600 add independent-learning=no ports=ether1,ether2,switch1-cpu switch=switch1 vlan-id=50 Mine is like this. For educational purposes, my RB2011 is configured using the switch chip. So may bit a bit confusing. It still is to me.  Maybe easier if you just configure using bridge and vlans like the first router. Note: Not sure 100% if all this is the optimal way but it works. This post has been edited by soonwai: Apr 12 2018, 06:54 PM |
|
|
Apr 12 2018, 10:59 PM
Return to original view | Post
#283
|
|
All Stars
11,456 posts Joined: Oct 2007 From: KL
|
QUOTE(iXora.ix @ Apr 12 2018, 10:02 PM) » Click to show Spoiler - click again to hide... « Thank you so much for the guide. I shall do it and revert back to you if anything.  Out of curiosity, what is thisfunction for? CODE add admin-mac=xxxxxxxx and and /interface ethernet switch port set 1 vlan-header=add-if-missing vlan-mode=secure set 2 default-vlan-id=50 vlan-header=always-strip vlan-mode=secure set 3 vlan-mode=secure set 5 default-vlan-id=600 vlan-header=always-strip vlan-mode=secure set 11 default-vlan-id=50 vlan-mode=secure CODE [RB2011UAS SL7] /interface ethernet switch port> print Flags: I - invalid # NAME SWITCH VLAN-MODE VLAN-HEADER DEFAULT-VLAN-ID 0 sfp1 switch1 disabled leave-as-is auto 1 ether1 switch1 secure add-if-missing auto 2 ether2 switch1 secure always-strip 50 3 ether3 switch1 secure leave-as-is auto 4 ether4 switch1 disabled leave-as-is auto 5 ether5 switch1 secure always-strip 600 6 ether6 switch2 disabled leave-as-is 0 7 ether7 switch2 disabled leave-as-is 0 8 ether8 switch2 disabled leave-as-is 0 9 ether9 switch2 disabled leave-as-is 0 10 ether10 switch2 disabled leave-as-is 0 11 switch1-cpu switch1 secure leave-as-is 50 12 switch2-cpu switch2 disabled leave-as-is 0 The RB2011 has 2 separate switches hence switch1-cpu & switch2-cpu. This post has been edited by soonwai: Apr 12 2018, 11:00 PM |
|
|
Apr 23 2018, 07:14 PM
Return to original view | Post
#284
|
|
All Stars
11,456 posts Joined: Oct 2007 From: KL
|
Advisory: Vulnerability exploiting the Winbox port
https://forum.mikrotik.com/viewtopic.php?f=21&t=133533 This is bad. For those who have Winbox open. Time to switch to Asus. |
|
|
Apr 23 2018, 08:16 PM
Return to original view | IPv6 | Post
#285
|
|
All Stars
11,456 posts Joined: Oct 2007 From: KL
|
QUOTE(XPS @ Apr 23 2018, 07:29 PM) And lose all your ability to customise on Mikrotik? No lah, kidding of course. Last week flashed Tomato on my old RT-N16. Been meaning to try it out. It looks so pretty. ... |
|
|
Apr 23 2018, 09:52 PM
Return to original view | Post
#286
|
|
All Stars
11,456 posts Joined: Oct 2007 From: KL
|
QUOTE(soonwai @ Apr 23 2018, 07:14 PM) Advisory: Vulnerability exploiting the Winbox port Vulnerability fixed (hopefully) in just released v6.42.1 and v6.43rc4.https://forum.mikrotik.com/viewtopic.php?f=21&t=133533 This is bad. For those who have Winbox open. Time to switch to Asus. This post has been edited by soonwai: Apr 23 2018, 10:05 PM |
|
|
|
|
|
Jun 11 2018, 01:31 AM
Return to original view | Post
#287
|
|
All Stars
11,456 posts Joined: Oct 2007 From: KL
|
hersa_wex Not sure if you saw my post on the previous page. It's a working setup with trunk and access ports. Not exactly what you specified but just rinse & repeat to get what you want.
https://forum.lowyat.net/index.php?showtopi...post&p=88573740 This post has been edited by soonwai: Jun 11 2018, 01:31 AM |
|
|
Jul 5 2018, 01:17 PM
Return to original view | Post
#288
|
|
All Stars
11,456 posts Joined: Oct 2007 From: KL
|
QUOTE(fasxion @ Jul 5 2018, 12:45 PM) Hi sifus, need some helps on integrating mikrotik with hotel PMS. Anyone here has done that before? thank you PMS? Ah, I think have to ask my girlfriend. I think first better define "integrating". Easiest form of integration is to connect an ethernet cable from the Mikrotik to your hotel's switch. |
|
|
Jul 7 2018, 02:34 PM
Return to original view | Post
#289
|
|
All Stars
11,456 posts Joined: Oct 2007 From: KL
|
QUOTE(ssplayboy @ Jul 7 2018, 02:25 PM) Any SiFu, Looking at it simply, just port forward from your UniFi to your CCTV. When connecting to the CCTV, ensure that you use the IP address of UniFi.For my side, i got Local, unifi and WAN2 mean got 2 income Internet. Local: 192.168.18.0/24 unifi:xxxx WAN2: 192.168.2.1/24 So i want my CCTV ip 192.168.18.254 just only access by unifi connection(dont want WAN2 cnnection because it cannot port forwarding) got any suggestion on this. |
|
|
Jul 7 2018, 05:00 PM
Return to original view | Post
#290
|
|
All Stars
11,456 posts Joined: Oct 2007 From: KL
|
QUOTE(ssplayboy @ Jul 7 2018, 04:46 PM) ok, like my WAN2 isp cannot go facebook website, just only Unifi can access it, so how can manage my this PC 192.168.18.101 can use unifi connection?this is my second question. the problem is my pc keep using WAN2 connection How's your dual WAN set up? It depends on that, few ways to do it. For example, you can specify a PC to only use one of the WANs, using source IP. Or anything connecting to a certain website to always go through the same WAN, say, using destination IP. Basically, qualify the connection, mark it and then route to one of the WANs based on that mark. |
|
|
Jul 13 2018, 08:37 AM
Return to original view | IPv6 | Post
#291
|
|
All Stars
11,456 posts Joined: Oct 2007 From: KL
|
QUOTE(tolaktakjatuh @ Jul 12 2018, 05:38 PM) Im using Archer C7 with Openwrt right now, and the 5Ghz band is having some issues with DL speed, thinking getting a better router. i wonder if hap ac2 would be an upgrade? Wifi specs alone, the C7 is better. It's has 3 wifi chains (3x3 MIMO.) The hAP AC2 is dual stream (2x2 MIMO.) Mikrotik 3-stream products are the hAP AC and one of the wAPs. I forgot which one. I think wAP AC.Unfortunately Mikrotik tends not to be on the cutting edge when it comes to home wifi routers. I remember a few years ago complaining a lot about my RB751U-2HnD. The hAP AC Lite which is the only AC from Mikrotik that I've tried is quite good. No complains and it's cheap but it's only single stream for 5Ghz and low power. |
|
|
Jul 14 2018, 04:13 PM
Return to original view | IPv6 | Post
#292
|
|
All Stars
11,456 posts Joined: Oct 2007 From: KL
|
QUOTE(cyberic @ Jul 14 2018, 12:54 PM) I’m using rb750gl, thinking about upgrade to hex or hex s. Partly for free unifi upgrade 500Mbps upgrade and for newer hardware 😅 I get mine from Sublime Telecom on lelong or Jalan Kucing. Synchroweb also quite good prices. Now got sale some more but older models, I think tomorrow last day.Where do you guys buy the Mikrotiks? Anyone to recommend? Also, anyone using hex s? Do you need the SFP in the Hex S? Do note that the SFP in the Hex S goes up to 1.25Gbps only. |
|
|
Jul 14 2018, 06:01 PM
Return to original view | Post
#293
|
|
All Stars
11,456 posts Joined: Oct 2007 From: KL
|
QUOTE(cyberic @ Jul 14 2018, 05:06 PM) I only found Hex S from sublime Telekom. I don’t need SFP now. Black box and possibility of using hardware vpn when needed are the reason for me to choose S over normal Hex. Different only RM20. OK lah, RM20 only. Did you ask the price of the 1.25Gbps optical or copper SFP module? Maybe one day, wishful thinking, TM will allow us to our own GPON module.Maybe get new ac WiFi router as AP later. |
|
|
|
|
|
Jul 15 2018, 01:13 PM
Return to original view | IPv6 | Post
#294
|
|
All Stars
11,456 posts Joined: Oct 2007 From: KL
|
QUOTE(rizvanrp @ Jul 15 2018, 01:02 PM) Just ordered a CCR1009 from Sublime in anticipation of the 800Mbps upgrade. Will probably be selling off my old RB750Gr3 for cheap if anyone is interested in getting one Woohoo, CCR, very nice.   PM me best price for the RG750Gr3, please. COD? Klang Valley? |
|
|
Jul 20 2018, 12:30 AM
Return to original view | IPv6 | Post
#295
|
|
All Stars
11,456 posts Joined: Oct 2007 From: KL
|
QUOTE(welwitchia @ Jul 19 2018, 12:22 PM) Hi, got my RB750GrGr3 and followed the instructions at https://wiki.mikrotik.com/wiki/Mikrotik_and...y_arpee/soonwai That's normal, you'll only see the vlans under their respective interfaces in Winbox. Just a display difference between Webfig and Winbox.to set it up. WebFig is version v6.38.7 I noticed that the 2 VLANs that I created is not "displayed" under ether1. Is this normal? Thx |
|
|
Jul 20 2018, 06:55 PM
Return to original view | Post
#296
|
|
All Stars
11,456 posts Joined: Oct 2007 From: KL
|
QUOTE(charymsylyn @ Jul 15 2018, 09:38 PM) Sublime is now on Lazada, buying from Lazada is better if you're using CC plus you can sometimes use vouchers. Their Lelong prices are cheaper but there is a surcharge when using CC which usually makes it more expensive than Lazada. Sure thing, no problem. Can’t wait for my upgrade too. Finally can stress the hEX. I only just found out myself but Synchroweb had the hEX on Raya sale for RM202. Ended on July 15 though.Synchroweb online store pricing is usually higher than Sublime. Why I'm commenting on this? You previously helped me with IPv6 setup on my ac lite and I now need something with GigE ports to support my coming 500Mbps speeds. I decided on ac2 since the lack of 3rd wifi stream wouldn't really be too big issue with 500Mbps. I need to read up on single cable VLAN tagging as I only have single cable from ac2 to my HyppTV box and AP. I thank you in advance for being generous when helping me next week.  |
|
|
Jul 20 2018, 09:34 PM
Return to original view | Post
#297
|
|
All Stars
11,456 posts Joined: Oct 2007 From: KL
|
Anyone want to try?
https://forums.servethehome.com/index.php?t...nnectx-2.19186/ 10G ethernet over Cat5E (using ConnectX-2 PCIE cards, Mikrotik S+RJ10 transceiver and Mikrotik S+ switch.) One of the tests: QUOTE ConnectX-2/S+RJ10 <-> 50 ft Cat6 UTP patch cable <-> wall jack <-> ~40 ft. Cat5e UTP cable (in wall) <-> patch panel <-> 3 ft Cat6 UTP patch cable <-> Mikrotik CSS326/S+RJ10 here I am running 50ft patch cable to a different wall jack with longer Cat5e run to the patch panel 10 Gb/s link was established, iperf reported ~9100-9200 Mbits/sec throughput. I think it's amazing. This will be good for people like me where re-cabling existing Cat5e is not really an option. |
|
|
Jul 20 2018, 10:46 PM
Return to original view | Post
#298
|
|
All Stars
11,456 posts Joined: Oct 2007 From: KL
|
QUOTE(rizvanrp @ Jul 16 2018, 03:44 AM)   Thanks for meeting up. And watch out for the "RB750Gr3. Will it blend?" video soon. |
|
|
Jul 31 2018, 02:16 PM
Return to original view | Post
#299
|
|
All Stars
11,456 posts Joined: Oct 2007 From: KL
|
QUOTE(OKLY @ Jul 20 2018, 09:44 PM) While reading more on this, I found out there is also another diagram for "enabled switching". I'm confused, in a typical TM Unifi setup, it will work like the "disabled switching" diagram? I may be wrong but with Mikrotik’s new bridge implementation, it’s dynamic. You can have ether4 and ether5 as in diagram 1, non-switched and ether1,2 and 3 switched as in diagram 2, simultaneously. Just ensure that HW switching is enabled for both bridge and ports.  This post has been edited by soonwai: Jul 31 2018, 02:17 PM |
|
|
Jul 31 2018, 02:34 PM
Return to original view | Post
#300
|
|
All Stars
11,456 posts Joined: Oct 2007 From: KL
|
QUOTE(charymsylyn @ Jul 25 2018, 10:37 PM) Hi soonwai, Sorry, I haven’t had time to really answer this. I just do the easy one first.After several resets to fix many mistakes and unexpected behaviours, I finally got my ac2 to the point where it's functioning identical to what my ac lite used to do, which is the main router for the APs and Unifi TV STB. I've gone through your old post (https://forum.lowyat.net/index.php?showtopic=2040480&st=1580&p=88573740&#entry88573740) but the scenario you have isn't identical to mine and I trying to brain what needs to be changed.  My plan is to combine both IPTV and normal internet output from ac2 ether1 and input to ac lite ether5. STB connects to ether4. ether1-3 and wifi for normal internet traffic. Admin mac address can be any randomly generated mac address? So for my ac2, below would be correct (my ether2 goes to BTU) settings? Thank you very much again! CODE /interface bridge add admin-mac=E9:65:B4:C2:1E:00 auto-mac=no name=STBInternet vlan-filtering=yes ... ... admin-mac for a bridge must be one of the ports in the bridge. If you’re not sure, remove admin-mac=xxx and just use auto-mac=yes. ROS will choose the first available port. The reason I set admin-mac is because when it’s on auto-mac, the MAC address of the bridges changes sometimes. Mikrotik support says auto-mac will choose the first available port in the bridge and it can be any of the ports. As for my example for the vlan trunk. I use 2 different methods. On the first router, I used vlans and bridges. On the 2nd router I used the switch features. This is just me messing around and for educational purposes. You don’t have to follow exactly. What I recommend is just use vlan and bridges for both routers to establish the trunk. Essentially the vlan, bridge, ports config for router1 is the same for router2. More or less lah, the ports might be different. |
| Change to: |  0.0259sec
 0.58
 7 queries
 GZIP Disabled
Time is now: 4th December 2025 - 01:33 PM |
Quote