The Mikrotik RouterOS config, tips and tricks thread

mass_debater

Kenny Powers wrote: »

Thanks thats for the spam blocker I didn't spot that changed them to 100, its just my home router is there even any need for it?

looks like bridge-local should also be ether1-gateway

This rule add chain=forward action=drop seems to be blocking everything now

It's the syn flood protection, set it to at least 100. As it's the input chain its from all interfaces and could interfere with your own devices. Another way to do this is just to limit the connections passing through the router

add action=drop chain=forward comment="tcp connection limit" connection-limit=100,32 protocol=tcp tcp-flags=syn

The forward filter chain protects the devices on your lan, the drop will block all traffic passing through the router, shouldn't be there. You would be better add the following instead, see basic examples of protecting the router and customer here
http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Filter

Kenny Powers

Thanks for that ill do a bit more reading and start again, I just need something n=basic for home use the one on the first page is probably good enough

mass_debater

The first integrated dual band 802.11ac Mikrotik is available any day now. It's only 35 quid and has some amazing specs. I'm going to pre order

Triple-chain wireless 2.4 GHz
Triple-chain wireless 5 GHz
720 MHz CPU
128 MB of RAM
Five Gigabit Ethernet ports
SFP cage
Passive PoE output on port 5
USB port for 3G/4G modem

http://www.cdr.pl/download
http://www.ip-sa.com.pl/rb962uigs-5hact2hnt-p-2053.html

mass_debater

The first integrated dual band 802.11ac Mikrotik is available any day now. It's only 35 quid and has some amazing specs. I'm going to pre order

Triple-chain wireless 2.4 GHz
Triple-chain wireless 5 GHz
720 MHz CPU
128 MB of RAM
Five Gigabit Ethernet ports
SFP cage
Passive PoE output on port 5
USB port for 3G/4G modem

http://www.cdr.pl/download
http://www.ip-sa.com.pl/rb962uigs-5hact2hnt-p-2053.html

Kevin!

hAP ac and hAP ac lite are both available to purchase now

hAP AC
http://routerboard.com/RB962UiGS-5HacT2HnT

hap AC lite
http://routerboard.com/RB952Ui-5ac2nD

Kenny Powers

mass_debater wrote: »

The first integrated dual band 802.11ac Mikrotik is available any day now. It's only 35 quid and has some amazing specs. I'm going to pre order

Triple-chain wireless 2.4 GHz
Triple-chain wireless 5 GHz
720 MHz CPU
128 MB of RAM
Five Gigabit Ethernet ports
SFP cage
Passive PoE output on port 5
USB port for 3G/4G modem

http://www.cdr.pl/download
http://www.ip-sa.com.pl/rb962uigs-5hact2hnt-p-2053.html

Where are you seeing these for 35e?

I see it now which store is best to order from? Has anyone paid by bank transfer?

Also does anyone no if they have the same 1000mW WiFi Transmitter

mass_debater

Kenny Powers wrote: »

Where are you seeing these for 35e?

I see it now which store is best to order from? Has anyone paid by bank transfer?

Also does anyone no if they have the same 1000mW WiFi Transmitter

This is the one you want. Price was wrong and changed as soon as there was stock
http://www.ip-sa.com.pl/rb962uigs-5hact2hnt-p-2053.html

Kenny Powers

mass_debater wrote: »

This is the one you want. Price was wrong and changed as soon as there was stock
http://www.ip-sa.com.pl/rb962uigs-5hact2hnt-p-2053.html

Good man any idea what power these are I can't find anything?

The cheaper one doesn't look bad either as a wifi point?

mass_debater

Kenny Powers wrote: »

Good man any idea what power these are I can't find anything?

The cheaper one doesn't look bad either as a wifi point?

The 2.4Ghz will be the same 1000mW radio but you really want to be using 5Ghz to get the benefits of 802.11ac. 5Ghz doesn't has half the range of 2.4 and doesn't penetrate obstacles like block walls very well. I have my house setup with a 5Ghz AP behind the TV for the best speeds in the room I use most.

Kenny Powers

mass_debater wrote: »

The 2.4Ghz will be the same 1000mW radio but you really want to be using 5Ghz to get the benefits of 802.11ac. 5Ghz doesn't has half the range of 2.4 and doesn't penetrate obstacles like block walls very well. I have my house setup with a 5Ghz AP behind the TV for the best speeds in the room I use most.

Sweet does the cheaper one have the same radio do you know?

Have you bought from the company's above? Is it safe enough do a back transfer? Which would you use first?

Thanks

mass_debater

Kenny Powers wrote: »

Sweet does the cheaper one have the same radio do you know?

Have you bought from the company's above? Is it safe enough do a back transfer? Which would you use first?

Thanks

No, the cheaper one has different weaker radios

AfricanTech

Hello all

Complete newby here.

Does anyone have a simple script that will disconnect you from your Internet Service Provider (PPOE) and then reconnect you, that can be scheduled to run on a daily basis?

My ISP has a "non metered" window between 00h00 and 06h00, but it's not guaranteed to kick in on 00h00 (it may kick in as much as an hour later) unless you disconnect and reconnect.

Any help hugely appreciated.

mass_debater

A scheduled reboot will at a second past 12 will do it. Try this.
/system scheduler
add name="reboot router daily" on-event="/system reboot" start-date=jan/01/1970 start-time=00:00:01 interval=1d comment="" disabled=no

AfricanTech

Thanks. I managed to work out how to do it without actually rebooting the router.

---

What the script basically does is to force a reconnect at a given time once a day.

Write the script in 2 steps.

First create the script

/system script add name=scriptForcedDslReconnect source=""

than open it in the editor and add the actual code

/system script edit 0

value-name:source

After this an editor window will open. Copy and paste following lines:

/interface pppoe-client set [find name="DSLConnection"] disabled=yes
/interface pppoe-client set [find name="DSLConnection"] disabled=no
/log info message="DSLConnection forced reconnect. Done!"

and press

CRTL-O

You can now check if all is correct with (everything should be colored in the script)

/system script print

Now we only need to add it to the scheduler

/system scheduler add name=schedulerForcedDslReconnect start-time=00:05:00 interval=24h on-event=scriptForcedDslReconnect

And done, it will disconnect and reconnect every day at 00h05.

mass_debater

Right, I've decided to order 2 of the brand new Mikrotik wAP ac to change my home setup, ordering next week. I plan on disabling wireless on my RB951 and continuing to use it as router only and moving it to my cabinet in the attic. The APs are one for the landing upstairs, the second for behind the TV in the sitting room, the room we use most.
http://routerboard.com/RBwAPG-5HacT2HnD
http://www.ip-sa.com.pl/rbwapg-5hact2hnd-p-2079.html

I'll be using the Mikrotik Capsman access point controller which I've been reading amazing reports about. It's very like the Ubiquiti zero handoff, all APs use the same channel and are seen by the end user device as one Mac address, the controller controls authentication and the roam of the devices from AP to AP. With this setup I can easily deploy more APs in future, I'll possibly add more wAPs to cover the kitchen and garden at a later date, I can add one in each room if needed, it's good preparation for IOT.
http://wiki.mikrotik.com/wiki/Manual:CAPsMAN

mass_debater

Slight change of plan. I took advantage of the sterling rate and snapped up a Mikrotik cloud router switch from the UK. The switch on it's own was €190 delivered from interprojekt, but was only £132 sterling delivered from UK which is €160 atm so i saved €30 on a single switch. I still need 2x wAP AC but that can wait until next month.
https://istore.liberty-izone.com/shopexd.asp?id=26

Kenny Powers

Anyone know what rule I need to use to stop access to my upc modem (in bridge mode) admin page. It's on a different subnet but can still be accessed.

Kenny Powers

Is there a way to trigger a wol script when a VPN user connects?

mass_debater

Kenny Powers wrote: »

Is there a way to trigger a wol script when a VPN user connects?

Not easy but would be pretty simple to issue a command if you use ssh

mass_debater

My Mikrotik wAP ac's got delivered yesterday and I got Capsman configured last night on my Mikrotik CRS (Cloud Router Switch) and the APs connected. I had a few small issues but nothing serious. It took a bit of googling to figure I had to download the cm2 package on the CRS even though I already had all the configurable options in Winbox for Capsman.

Once you get your Capsman configuration setup with datapath (bridge-local on the CRS), channel and security you can setup a provision to push this config to individual (using it's radio Mac) or all APs (using 00:00:00:00:00:00) that are set to CAP mode and set to communicate with it. Configuring the CAP is literally 2 lines of code, telling it to run in CAP mode and the address of the Capsman. The config I'm pushing uses the same channel on both APs, the APs then appear as local interfaces on the CRS, Capsman handles all local forwarding.

On 5GHz ac roaming is completely flawless, I get a single high ping when roaming from one to the other. Roaming will depend on the client but any device I have that has ac works perfect. I have an aggressive access list rule forcing devices to look for a new AP when their signal drops below -80 which works well. Speeds are what I expected and on par to what I had before using an Eir F2000

I have very few devices that need roaming on 2GHz, my wifes One Plus X and my sons Nexus 4. My wife has said she has had one or two dropouts but I suspect I need to reduce the tx power as 2GHz is much more powerful than 5GHz and you can pick up both APs under -80 most places. Speeds are not that great, the 2GHz radio is maxing at about 30Mbit.

Capsman is nearly there, it's functioning well and with a few more updates and performance tweaks could be brilliant for a corporate network to quickly deploy new APs or change settings on all. I realise this is a little overkill for a home setup, but I'm in the business and it's in my interest understand this. I'd certainly recommend Capsman over Ubiquiti Zero handoff which I had plenty of issues with, also Ubiquiti has no 802.11ac product that supports zero handoff.

B1r0

Hi.

Where can I buy the "hAP ac" wireless router?
https://routerboard.com/RB962UiGS-5HacT2HnT


I found an ebay listing, but I'd rather buy in Ireland if the price is not much higher.

Anyone that has tried it yet?

Thanks

The high horse brigade

B1r0 wrote: »

Hi.

Where can I buy the "hAP ac" wireless router?
https://routerboard.com/RB962UiGS-5HacT2HnT


I found an ebay listing, but I'd rather buy in Ireland if the price is not much higher.

Anyone that has tried it yet?

Thanks

Here you go
https://www.irishwireless.net/rb962uigs-5hact2hnt?search=Hap%20ac

B1r0

The high horse brigade wrote: »

Here you go
https://www.irishwireless.net/rb962uigs-5hact2hnt?search=Hap%20ac

Thanks!
Too bad it asks 20 euro for shipment.

Happy new year!

Sniipe

any idea if the "hAP ac" has much extra on RB951G-2HND? I'm curious if I could possibly do away with my 2 RB951G-2HND's and get a single hAP ac.

[edit]
I had a look:
Processor difference. hAP AC is 720mhz as opposed to 600mhz.
Same RAM, same # ports.
hAP AC has AC .
hAP AC consumes over twice as much watts.
5Ghz + 2.4Ghz as opposed to 2.4ghz.
[/edit]

The high horse brigade

Sniipe wrote: »

any idea if the "hAP ac" has much extra on RB951G-2HND? I'm curious if I could possibly do away with my 2 RB951G-2HND's and get a single hAP ac.

[edit]
I had a look:
Processor difference. hAP AC is 720mhz as opposed to 600mhz.
Same RAM, same # ports.
hAP AC has AC .
hAP AC consumes over twice as much watts.
5Ghz + 2.4Ghz as opposed to 2.4ghz.
[/edit]

Yeah, it's a nice jump and gives you dual band 802.11a.c. and sfp port.

Be aware that the range on 5ghz is short, half the coverage of 2ghz, it struggles to penetrate walls. I'm using 2x wAP ACs for seamless 5ghz coverage in my house but am only using one 2ghz radio as its coverage is ok and only 3 devices use it (not mine) everything else has 5ghz

Sniipe

The high horse brigade wrote: »

Be aware that the range on 5ghz is short, half the coverage of 2ghz,

Thanks for the heads up.

Sniipe

I upgraded my upc modem to a VM hub 3.0. I switched it to modem only mode. It then connects to my mikrotik. I expected it to be a seamless changeover. Anyway internet doesn't work through my mikrotik router. Was there something else I needed to do?

The high horse brigade

Sniipe wrote: »

I upgraded my upc modem to a VM hub 3.0. I switched it to modem only mode. It then connects to my mikrotik. I expected it to be a seamless changeover. Anyway internet doesn't work through my mikrotik router. Was there something else I needed to do?

Is a DHCP client set on the Wan interface and is it getting a ip address?

gctest50

The handy cia guide to mikrotikory infection updatings



Bosca rewted :

V2.312/12/2011

•All implants updated to include support for beacon jitter and compresssed beacons.

•Beacon code was significantly re-worked as part of the beacon jitter and compression features.

The hope is that this also fixes the non-parsable characters that sometimes are sent by MikroTik implants (i.e. "spillage").

•Secure shell functionality was added to the following supported platforms: ◦MikroTik (all)

The high horse brigade

Official response
https://forum.mikrotik.com/viewtopic.php?f=21&t=119308&p=587512#p587512