Mikrotik Routers (RouterBoard & RouterOS)

Lowyat.NET forums

Lowyat.NET Kopitiam Garage Sales

Lowyat.NET Rules and Regulations FAQ Help Search Members

Welcome Guest ( Log In | Register )

Lowyat.NET -> Networks and Broadband

Bump Topic Add Reply RSS Feed

175 Pages « < 151 152 153 154 155 > » Bottom

Outline · [ Standard ] · Linear+

Enterprise Networking Mikrotik Routers (RouterBoard & RouterOS), User and owner discussion group

views

go626201	Jan 7 2024, 08:20 PM Show posts by this member only \| Post #3041
Regular Senior Member 1,882 posts Joined: Sep 2017	QUOTE(soonwai @ Jan 7 2024, 04:44 PM) Ya, RB5009 no problem. I usually run my Mikrotiks without Fasttrack anyway. https://ipv6.speedtest.net That ipv6.speedtest.net does not mean speedtest with ipv6 only. This link is 100% same to speedtest.net. But it is possible that speedtest with ipv6 on speedtest.net,some speedtest server is ipv6 enabled(Which mean ipv4 and ipv6 dns resolve with same hostname or server) so if the hostname is resolve to ipv6,then it is speedtest with ipv6. And when ipv6 is disabled,it will speedtest with ipv4. The fastest way to speedtest with ipv6,is disable your ipv4 on your device and run speedtest on those ipv6 supported site. Like speed.cloudflare.com is supported. Later if i found any ipv6 speedtest site can hit more than 600mbps with unifi,then i will post here. Edited: I had setup a ipv6 only speedtest server on my next week expiring 10G SG vps. Feel free to speedtest with it. (If ipv6 is not enabled,then u might not be able to access the site) http://v6test.mywebping.com/ Just now i tried can hit full speed without any issue. (Device RB5009 + 2.5G PC) Please don't spam too many time speedtest on it,thanks. With Queue- Without Queue- Time need +8hour (2.30am) This post has been edited by go626201: Jan 8 2024, 02:31 AM hasmidzul_jojo liked this post
Card PM	Report Top Like Quote Reply

hasmidzul_jojo	Jan 7 2024, 09:22 PM Show posts by this member only \| IPv6 \| Post #3042
Getting Started Junior Member 203 posts Joined: Feb 2008	QUOTE(Quanta @ Jan 7 2024, 07:59 PM) is your ping time without any queue tree? No nothing.no queue tree,no queue whats so ever. All default config, only input for wireguard,ddns and force client to use DOH.
Card PM	Report Top Like Quote Reply

kwss	Jan 7 2024, 09:24 PM Show posts by this member only \| IPv6 \| Post #3043
Regular Senior Member 1,207 posts Joined: Aug 2018	QUOTE(Quanta @ Jan 7 2024, 01:52 PM) Did you enable or use anything in Queue? If not, can you post your Tools > Profile when your CPU usage is 100%? On your Address List, they are all non-routable because outside of 2000::/3. Just drop them with route table, it's the highest performance method of doing it. Except the documentation prefix which is a bogon anyway, you can just blackhole it with one extra route table entry. Just curious what's the reason you added untracked to an accept rule? Cannot see your full ruleset but seems like they are repeated twice? This post has been edited by kwss: Jan 7 2024, 09:51 PM
Card PM	Report Top Like Quote Reply

kwss	Jan 7 2024, 09:27 PM Show posts by this member only \| IPv6 \| Post #3044
Regular Senior Member 1,207 posts Joined: Aug 2018	QUOTE(maxiscool @ Jan 7 2024, 08:13 PM) I see. Attached. Can you explain more about your iptv and vlan10 why they are done like that?
Card PM	Report Top Like Quote Reply

maxiscool	Jan 7 2024, 09:43 PM Show posts by this member only \| Post #3045
Casual Junior Member 379 posts Joined: Jan 2003	QUOTE(kwss @ Jan 7 2024, 09:27 PM) Can you explain more about your iptv and vlan10 why they are done like that? iptv basically following this guide for Unifi IPTV 600 Vlan 10 for "guest" network, no LAN access. This post has been edited by maxiscool: Jan 7 2024, 09:47 PM
Card PM	Report Top Like Quote Reply

kwss	Jan 7 2024, 09:54 PM Show posts by this member only \| Post #3046
Regular Senior Member 1,207 posts Joined: Aug 2018	QUOTE(maxiscool @ Jan 7 2024, 09:43 PM) iptv basically following this guide for Unifi IPTV 600 Vlan 10 for "guest" network, no LAN access. OK, I am quite sure you duplicated them and did it wrong. Maybe that triggered a bug in RouterOS. Example: You bridge vlan500 into your main bridge. So yes, something broken in Layer 2 like I said earlier. Can you make the column wider and screenshot again? I want to see the whole thing. And if you don't mind, each of the bridge setting. This part need to redo and I think your Layer 2 problem will be solved, no need to netinstall
Card PM	Report Top Like Quote Reply

maxiscool	Jan 7 2024, 10:10 PM Show posts by this member only \| Post #3047
Casual Junior Member 379 posts Joined: Jan 2003	QUOTE(kwss @ Jan 7 2024, 09:54 PM) OK, I am quite sure you duplicated them and did it wrong. Maybe that triggered a bug in RouterOS. Example: You bridge vlan500 into your main bridge. So yes, something broken in Layer 2 like I said earlier. Can you make the column wider and screenshot again? I want to see the whole thing. And if you don't mind, each of the bridge setting. This part need to redo and I think your Layer 2 problem will be solved, no need to netinstall See if this can see the settings CODE /interface bridge port add bridge=bridge comment=defconf ingress-filtering=no interface=ether2-master internal-path-cost=10 path-cost=10 add bridge=bridge comment=defconf hw=no ingress-filtering=no interface=sfp1 internal-path-cost=10 path-cost=10 add bridge=bridge comment=defconf ingress-filtering=no interface=wlan1 internal-path-cost=10 path-cost=10 add bridge=bridge comment=defconf ingress-filtering=no interface=wlan2 internal-path-cost=10 path-cost=10 add bridge=UniFi-IPTV ingress-filtering=no interface=vlan.600-TrunkPort5 internal-path-cost=10 path-cost=10 add bridge=UniFi-IPTV hw=no ingress-filtering=no interface=ether5 internal-path-cost=10 path-cost=10 add bridge=bridge ingress-filtering=no interface=vlan.500-TrunkPort5 internal-path-cost=10 path-cost=10 add bridge=UniFi-IPTV ingress-filtering=no interface=vlan.600 internal-path-cost=10 path-cost=10 add bridge=bridge ingress-filtering=no interface=ether3 internal-path-cost=10 path-cost=10 add bridge=bridge ingress-filtering=no interface=ether4 internal-path-cost=10 path-cost=10 add bridge=bridge.vlan10 ingress-filtering=no interface=wlan3 internal-path-cost=10 path-cost=10 add bridge=bridge.vlan10 ingress-filtering=no interface=vlan.10-TrunkPort5 internal-path-cost=10 multicast-router=disabled path-cost=10 add bridge=bridge.vlan10 ingress-filtering=no interface=vlan.10-Guest internal-path-cost=10 multicast-router=disabled path-cost=10 add bridge=bridge.vlan10 interface=vlan.10-TrunkPort4 internal-path-cost=10 path-cost=10
Card PM	Report Top Like Quote Reply

kwss	Jan 8 2024, 12:57 AM Show posts by this member only \| Post #3048
Regular Senior Member 1,207 posts Joined: Aug 2018	QUOTE(maxiscool @ Jan 7 2024, 10:10 PM) See if this can see the settings CODE /interface bridge port add bridge=bridge comment=defconf ingress-filtering=no interface=ether2-master internal-path-cost=10 path-cost=10 add bridge=bridge comment=defconf hw=no ingress-filtering=no interface=sfp1 internal-path-cost=10 path-cost=10 add bridge=bridge comment=defconf ingress-filtering=no interface=wlan1 internal-path-cost=10 path-cost=10 add bridge=bridge comment=defconf ingress-filtering=no interface=wlan2 internal-path-cost=10 path-cost=10 add bridge=UniFi-IPTV ingress-filtering=no interface=vlan.600-TrunkPort5 internal-path-cost=10 path-cost=10 add bridge=UniFi-IPTV hw=no ingress-filtering=no interface=ether5 internal-path-cost=10 path-cost=10 add bridge=bridge ingress-filtering=no interface=vlan.500-TrunkPort5 internal-path-cost=10 path-cost=10 add bridge=UniFi-IPTV ingress-filtering=no interface=vlan.600 internal-path-cost=10 path-cost=10 add bridge=bridge ingress-filtering=no interface=ether3 internal-path-cost=10 path-cost=10 add bridge=bridge ingress-filtering=no interface=ether4 internal-path-cost=10 path-cost=10 add bridge=bridge.vlan10 ingress-filtering=no interface=wlan3 internal-path-cost=10 path-cost=10 add bridge=bridge.vlan10 ingress-filtering=no interface=vlan.10-TrunkPort5 internal-path-cost=10 multicast-router=disabled path-cost=10 add bridge=bridge.vlan10 ingress-filtering=no interface=vlan.10-Guest internal-path-cost=10 multicast-router=disabled path-cost=10 add bridge=bridge.vlan10 interface=vlan.10-TrunkPort4 internal-path-cost=10 path-cost=10 Yea this is useful. However I am still missing some context. Can please export me the whole /interface ? I need to know how your port is physically connected as well as your vlan mapping This post has been edited by kwss: Jan 8 2024, 01:02 AM
Card PM	Report Top Like Quote Reply

maxiscool	Jan 8 2024, 07:43 AM Show posts by this member only \| Post #3049
Casual Junior Member 379 posts Joined: Jan 2003	QUOTE(kwss @ Jan 8 2024, 12:57 AM) Yea this is useful. However I am still missing some context. Can please export me the whole /interface ? I need to know how your port is physically connected as well as your vlan mapping I will share the export later. This is how it is connected. This post has been edited by maxiscool: Jan 8 2024, 07:30 PM
Card PM	Report Top Like Quote Reply

Quanta	Jan 8 2024, 08:05 AM Show posts by this member only \| IPv6 \| Post #3050
Idiot member Senior Member 1,425 posts Joined: Jan 2003 From: Pearl 14000 + Kayangan 01000	QUOTE(kwss @ Jan 7 2024, 09:24 PM) Did you enable or use anything in Queue? If not, can you post your Tools > Profile when your CPU usage is 100%? On your Address List, they are all non-routable because outside of 2000::/3. Just drop them with route table, it's the highest performance method of doing it. Except the documentation prefix which is a bogon anyway, you can just blackhole it with one extra route table entry. Just curious what's the reason you added untracked to an accept rule? Cannot see your full ruleset but seems like they are repeated twice? 1. Queue - yes enabled queue tree CODE Flags: X - disabled, I - invalid 0 name="queue-upload" parent=fromHSBB_IN packet-mark=no-mark limit-at=91M queue=fq-code1 priority=8 max-limit=100M burst-limit=101M burst-threshold=97M burst-time=5s bucket-size=0.1 1 X name="queue-download" parent=bridge packet-mark=no-mark limit-at=310M queue=fq-code1 priority=8 max-limit=350M burst-limit=400M burst-threshold=320M burst-time=8s bucket-size=0.01 2. Tools> Profile CODE [@MikroTik-TDM] > tool/profile Columns: NAME, USAGE NAME USAGE www 0.3% ethernet 0.1% console 0.5% dns 0.3% networking 19% radv 0% management 1.7% ssl 0.3% dhcp 0.2% profiling 0.1% queuing 0.3% bridging 0.8% unclassified 6% total 29.6% 3. Address list from IPV6 4. Filter Rules are default, never add additional rules.
Card PM	Report Top Like Quote Reply

kwss	Jan 8 2024, 10:01 AM Show posts by this member only \| IPv6 \| Post #3051
Regular Senior Member 1,207 posts Joined: Aug 2018	QUOTE(Quanta @ Jan 8 2024, 08:05 AM) 1. Queue - yes enabled queue tree CODE Flags: X - disabled, I - invalid 0 name="queue-upload" parent=fromHSBB_IN packet-mark=no-mark limit-at=91M queue=fq-code1 priority=8 max-limit=100M burst-limit=101M burst-threshold=97M burst-time=5s bucket-size=0.1 1 X name="queue-download" parent=bridge packet-mark=no-mark limit-at=310M queue=fq-code1 priority=8 max-limit=350M burst-limit=400M burst-threshold=320M burst-time=8s bucket-size=0.01 2. Tools> Profile CODE [@MikroTik-TDM] > tool/profile Columns: NAME, USAGE NAME USAGE www 0.3% ethernet 0.1% console 0.5% dns 0.3% networking 19% radv 0% management 1.7% ssl 0.3% dhcp 0.2% profiling 0.1% queuing 0.3% bridging 0.8% unclassified 6% total 29.6% 3. Address list from IPV6 4. Filter Rules are default, never add additional rules. Do you get higher speed if you disable all your Simple Queue and Queue Tree? This post has been edited by kwss: Jan 8 2024, 10:04 AM
Card PM	Report Top Like Quote Reply

Quanta	Jan 8 2024, 10:04 AM Show posts by this member only \| Post #3052
Idiot member Senior Member 1,425 posts Joined: Jan 2003 From: Pearl 14000 + Kayangan 01000	QUOTE(kwss @ Jan 8 2024, 10:01 AM) Do you get higher speed if you disable all your Queue? same lingering around 300-350Mbps after disabling all filter rules, address lists
Card PM	Report Top Like Quote Reply

kwss	Jan 8 2024, 10:06 AM Show posts by this member only \| IPv6 \| Post #3053
Regular Senior Member 1,207 posts Joined: Aug 2018	QUOTE(Quanta @ Jan 8 2024, 10:04 AM) same lingering around 300-350Mbps after disabling all filter rules, address lists I updated my post after you post. I mean Simple Queue and Queue Tree. I am no longer seeing firewall anywhere in the Profile and it's not using 100% CPU anymore
Card PM	Report Top Like Quote Reply

OlgaC4	Jan 8 2024, 10:14 AM Show posts by this member only \| Post #3054
Look at all my stars!! Senior Member 5,292 posts Joined: Nov 2006	Some old mikrotik device does have bug when update to the latest Ros.
Card PM	Report Top Like Quote Reply

kwss	Jan 8 2024, 10:14 AM Show posts by this member only \| IPv6 \| Post #3055
Regular Senior Member 1,207 posts Joined: Aug 2018	QUOTE(maxiscool @ Jan 8 2024, 07:43 AM) I will share the export later. This is how it is connected. Can I have the export of /interface? I am trying to make sense of your diagram. Where you connect your IPTV? Can I have the reason why you want to trunk 500 and 600 into your switch if your Unifi comes in from Port 1 and your router actually does the PPPoE and all?
Card PM	Report Top Like Quote Reply

maxiscool	Jan 8 2024, 07:40 PM Show posts by this member only \| Post #3056
Casual Junior Member 379 posts Joined: Jan 2003	QUOTE(kwss @ Jan 8 2024, 10:14 AM) Can I have the export of /interface? I am trying to make sense of your diagram. Where you connect your IPTV? Can I have the reason why you want to trunk 500 and 600 into your switch if your Unifi comes in from Port 1 and your router actually does the PPPoE and all? Update the diagram. The 500 actually is just for trunk the Internet to the switch, Unifi TV box is connected to the switch that is why 500 & 600 is trunk See if this is what you looking for? CODE /interface bridge add name=UniFi-IPTV port-cost-mode=short add admin-mac=XX:XX:XX:XX:XX:XX auto-mac=no comment=defconf name=bridge \ port-cost-mode=short add name=bridge.vlan10 port-cost-mode=short /interface ethernet set [ find default-name=ether2 ] name=ether2-master /interface vlan add interface=ether4 name=vlan.10-TrunkPort4 vlan-id=10 add interface=ether5 name=vlan.10-TrunkPort5 vlan-id=10 add interface=ether1 name=vlan.500 vlan-id=500 add interface=ether5 name=vlan.500-TrunkPort5 vlan-id=500 add interface=ether1 name=vlan.600 vlan-id=600 add interface=ether5 name=vlan.600-TrunkPort5 vlan-id=600 /interface pppoe-client add add-default-route=yes default-route-distance=0 disabled=no interface=vlan.500 name=UniFi-Internet user=username@unifi
Card PM	Report Top Like Quote Reply

kwss	Jan 9 2024, 03:28 AM Show posts by this member only \| Post #3057
Regular Senior Member 1,207 posts Joined: Aug 2018	QUOTE(maxiscool @ Jan 8 2024, 07:40 PM) Update the diagram. The 500 actually is just for trunk the Internet to the switch, Unifi TV box is connected to the switch that is why 500 & 600 is trunk See if this is what you looking for? CODE /interface bridge add name=UniFi-IPTV port-cost-mode=short add admin-mac=XX:XX:XX:XX:XX:XX auto-mac=no comment=defconf name=bridge \ port-cost-mode=short add name=bridge.vlan10 port-cost-mode=short /interface ethernet set [ find default-name=ether2 ] name=ether2-master /interface vlan add interface=ether4 name=vlan.10-TrunkPort4 vlan-id=10 add interface=ether5 name=vlan.10-TrunkPort5 vlan-id=10 add interface=ether1 name=vlan.500 vlan-id=500 add interface=ether5 name=vlan.500-TrunkPort5 vlan-id=500 add interface=ether1 name=vlan.600 vlan-id=600 add interface=ether5 name=vlan.600-TrunkPort5 vlan-id=600 /interface pppoe-client add add-default-route=yes default-route-distance=0 disabled=no interface=vlan.500 name=UniFi-Internet user=username@unifi OK, I have to give you the credit for hacking things together when what you described won't work in the first place. I also want to rant how shitty Mikrotik config is. They are a hard to read and untangle. Nokia and Juniper are great. Cisco is already kind of bad but Mikrotik is at the bottom of all. Let's go into the errors you made. You bridge IPTV into the native VLAN on port 5. You also bridge it to VLAN 600 on port 5. So all the BUM traffic flow twice into port 5 to your switch. Since IPTV hijaack your native VLAN on the port to your switch, you will never get Internet... ever! On top of that you have traffic flooding twice into the port towards your switch. You proceed to hack around the situation by bridging VLAN 500 into your main bridge. Now you trunk VLAN 500 into your switch and you get Internet. But what you just did is bridge the interface meant for PPPoE into your main VLAN. Now everything meant for your local network get sent to TM. All the traffic end up in the PPPoE interface, get sent to VLAN 500, and loopback into your LAN, get sent to PPPoE interface again. Over and over again. So from here onward, do you want to take this as an exercise and fix it yourself? Or I point to you what to modify?
Card PM	Report Top Like Quote Reply

maxiscool	Jan 9 2024, 06:16 AM Show posts by this member only \| Post #3058
Casual Junior Member 379 posts Joined: Jan 2003	QUOTE(kwss @ Jan 9 2024, 03:28 AM) OK, I have to give you the credit for hacking things together when what you described won't work in the first place. I also want to rant how shitty Mikrotik config is. They are a hard to read and untangle. Nokia and Juniper are great. Cisco is already kind of bad but Mikrotik is at the bottom of all. Let's go into the errors you made. You bridge IPTV into the native VLAN on port 5. You also bridge it to VLAN 600 on port 5. So all the BUM traffic flow twice into port 5 to your switch. Since IPTV hijaack your native VLAN on the port to your switch, you will never get Internet... ever! On top of that you have traffic flooding twice into the port towards your switch. You proceed to hack around the situation by bridging VLAN 500 into your main bridge. Now you trunk VLAN 500 into your switch and you get Internet. But what you just did is bridge the interface meant for PPPoE into your main VLAN. Now everything meant for your local network get sent to TM. All the traffic end up in the PPPoE interface, get sent to VLAN 500, and loopback into your LAN, get sent to PPPoE interface again. Over and over again. So from here onward, do you want to take this as an exercise and fix it yourself? Or I point to you what to modify? Yeah, could you please help to change things for the right way?
Card PM	Report Top Like Quote Reply

kwss	Jan 9 2024, 09:51 AM Show posts by this member only \| Post #3059
Regular Senior Member 1,207 posts Joined: Aug 2018	QUOTE(maxiscool @ Jan 9 2024, 06:16 AM) Yeah, could you please help to change things for the right way? In Bridge > Ports, remove "UniFi-IPTV" bridge with interface "ether5". In Bridge > Ports, remove "bridge" with interface "vlan.500-TrunkPort5". Add bridge=bridge with interface=ether5. In Interfaces > VLAN. Remove "vlan.500-TrunkPort5". In your switch, remove vlan 500. You Internet now should works on untagged interface. Finally review all your "bridge.vlan10". I don't know if they are intended but some have changed ingress-filtering and multicast-router disabled. I did not lab this out but it should work.
Card PM	Report Top Like Quote Reply

soonwai	Jan 9 2024, 01:00 PM Show posts by this member only \| IPv6 \| Post #3060
 All Stars 11,455 posts Joined: Oct 2007 From: KL	QUOTE(maxiscool @ Jan 8 2024, 07:40 PM) Update the diagram. The 500 actually is just for trunk the Internet to the switch, Unifi TV box is connected to the switch that is why 500 & 600 is trunk See if this is what you looking for? ... Cool. Your setup same as mine. Except I use number 50 for LAN. Had to trunk UnifiTV cause I only put in one cable to the living room. This post has been edited by soonwai: Jan 9 2024, 01:02 PM
Card PM	Report Top Like Quote Reply

« Next Oldest · Networks and Broadband · Next Newest »

175 Pages « < 151 152 153 154 155 > » Top

Add Reply Options

Change to:

0.0204sec

0.40

6 queries

GZIP Disabled
Time is now: 29th November 2025 - 08:30 PM

All Rights Reserved © 2002- 2025 Vijandren Ramadass (~unite against racism~)

Removal Request

Powered by Invision Power Board © 2025 IPS, Inc.