MikroTik - Search

Chiverel

I must have read Wiki more carefully, the issue was in headers values, those arecommaseparated

Content-Type:application/json,Accept:*/*

Seems to be working after that fix

Chiverel

Hi, I want to upload some data from ROS 7 to Azure Tables via API and SAS tokens, but I'm facing an issue. First of all the curl/postman sample works fine: curl --location --request POST 'https://instance.table.core.windows.net/tablename?SAS' \ --header 'Content-Type: application/json' \ --data-raw ...

Chiverel

Hi, I'm running rb4011 with ros 7.5 and can see DNS requests each 10 seconds that look like this local query: #240257 phase1. A I don't understand what is that, but what I've done: did traffic capture on the local interfaces and it doesn't look this request is coming from the local devices. My RB ac...

Chiverel

I see issues with DoH 1.1.1.1 and certificate validation (clickable image in high res), rb4011

Chiverel

Btw, if you check the packet flow diagram, you'll see that traffic enters bridge as vlan and leaves bridge accordingly.

Chiverel

Thank you for the valuable input. That's a reasonable bullet regarding untagged bridge. But I'm not quite sure for the physical interface being a part of the list. Let's assume one of the ports is trunk or hybrid, carrying multiple VLANs that don't serve the same purpose, e.g. restricted and public....

Chiverel

Hi, I'm playing around with the "Use IP firewall for VLAN" and can't really understand how to give it a cleaner look. Here's the fairly easy test setup: * single bridge with 2 access ports * both vlan and bridge belong to the same interface list Test # jan/01/2002 02:10:36 by RouterOS 6.45...

Chiverel

Hi, I have issues with assigning fixed IPs using static entries in DHCP lease table for my device. Setup is following: - MT border router (with DHCP server) has a trunk port carrying 3 vlans to the other MT device acting as AP + providing access port to the one vlan. - AP has 3 vlans with dhcp clien...

Chiverel

There's a chance that you have packets with TTL=1. If you have them, you can increase TTL using mangle.

I recall it was explicitlymentioned for VLCwhen tried to configure my setup.

Checkthis exampleas well, it has nearly yours case.

Chiverel

Think of port-knocking implementation (it's really flexible and it's only you who decide how paranoid you are to complicate the procedure) or similar techniques. Router would automatically add your IP into white list and you'll be able to connect afterwards. Other attempts for the direct connection ...

Chiverel

viewtopic.php?f=13&t=135405

Chiverel

You're right that that rule does nothing, except adding entries in the log. I added that to see whether mcast packets are actually hitting the forward chain and that's all. That dirty solution is a bit easier that traffic sniffing and basically did what I wanted. I tested VLC solution some time ago ...

Chiverel

Get ready for the next long read without the happy end :( We're stepping into the area where I’m really a noob. And the discussion doesn’t really match a Basic setup as mentioned in the topic. I didn’t expect this kind of details here. We clarified how discovery is done, but I’ll repeat again briefl...

Chiverel

An update from my side. I just was curious that we both face discovery delays with QNAP devices. Mine is an entry level TS-253A btw. So I decided to postpone deep packet inspection and add another DLNA server on my network that is equivalent of your VLAN10. So I just enabled DLNA server on Win10 hos...

Chiverel

And the negative impact of decreasing polling periods (if that's the deal) would lead to increasing traffic in your network that is quite unwanted in many cases. It shouldn't be an issue when you have a small amount of devices, but is worth to mention.

Chiverel

I have the same issue with timing. When I'm connected via VPN on Android or Windows, then there is a significant delay in DLNA discovery in 75% of cases I'd say. It takes from about 10 seconds up to 2 minutes or so. This is why I wanted you to check network packets, rather then just running "ne...

Chiverel

This is damn tricky part. Here how I do it: - vlan10 has 192.168.10.58 that is my QNAP - Ovpn-Bridge has Android device connected over OpenVPN-TAP adapter (L2) and has active IP address 192.168.11.14 - Start packet sniffer on vlan10 /tool sniffer set filter-interface=vid10-home-1G filter-ip-protocol...

Chiverel

I'm not really sure, but it could be a TTL issue on some packets. Sonos could send packets with higher TTL than other devices, thus it's packets are really forwarded. Not the mangle rules I've posted in my first posts. Adjust these and ensure it covers only required interface lists /ip firewall mang...

Chiverel

Ok, now I can see your 172.16.40.100 device connected to the same RP and group 239.255.255.250 that your media server and other working clients use. Upstream and downstream are also detected properly. This makes me think PIM is configured fine and the problem could be elsewhere, except the log would...

Chiverel

Btw, when I'm connected over vpn, i don't see my nas in the network environment as well. But it appears in windows media player after some time when refresh period completes. It could be up to couple of minutes. The same thing with vlc. It's important to set connection as private in order to use DLN...

Chiverel

You can use "slick upnp" app an android to see DLNA devices. It works awesome. I have the opposite question. When you run that sniffer tool in vlan10, do you see messages from vlan40? Are there any errors or warnings in mikrotik log with PIM topic? Could you share your PIM details again af...

Chiverel

Nice input. When you connect your windows host to VLAN40, can it see your Qnap NAS? For example you launch standard windows media player, can you see Twonky? It usually appears like the "HDHome..." entry on the image below https://blogs.serioustek.net/wp-content/uploads/2013/06/hdhr3.PNG I...

Chiverel

I'm not a specialist as well. But have been investigating PIM a bit. I do see that you have 2 RPs configured. I assume that in your setup there should be only 1 RP which is 172.16.30.1. Could you post your /routing pim export In addition you need to allow SSDP traffic from your VLAN40 similar to wha...

Chiverel

Hi, what does following command say? /routing pim mfc print detail There should be an entry with following values: - proper group (I suppose it should be 239.255.255.250) - VLAN10 as upstream interface - VLAN40 as downstream interface Do you have an RP defined? Can you see your devices IPs joined th...

Chiverel

The answer for the 1st question was my stupid mistake. OpenVPN interface had the same local address as the Bridge, to what it is connected. It seems like that IP is removed from PIM upon tunnel disconnect, this is why route to Bridge was removed and did not appear in MFC. I've changed local address ...

Chiverel

Hi, next test scenario from me (image is clickable). http://i.piccy.info/i9/e0ff43d642682aa5eec73977cf43fe7f/1529675599/9564/1245766/PIM_setup_500.jpg http://i.piccy.info/a3/2018-06-22-13-53/i9-12432911/500x171-r/i.gif Router A is a wireless bridge. All ports and wireless adapter are bridged. Bridge...

Chiverel

Igmp-proxy or PIM may be helpful.wiki

Chiverel

There was some glitch with that RB. I've checked upnp replies from router even when disabled external interface or upnp completely. Reply contained information about 2 WANConnectionDevices. One of those had that vlan address as an external IP. It seems like some process got stuck and haven't receive...

Chiverel

Ok, thanks for the hint. I'll try to reproduce the case on another device and provide supout from that box. I'm a bit unsure to send such data from my main router.

Chiverel

Thanks for a quick reply.
规则是完全相同的方式创建的。使用vlanIP and in-interface. Basically I was going the opposite way: I had both bridge and vlan in the Upnp -> internal interfaces; then disabled bridge there and that didn't improve the situation.

Chiverel

Hi, I face a problem with dynamic Upnp rules created by my RB2011 running Ros6.42.3. Setup is following: Upnp is on eth2 is a wan port; it is the only external inteface in upnp settings there is a bridge, containing VLAN and a number of ports. Setup is working properly (lan, internet access etc), 19...

Chiverel

Improvements Distribute static multicast routes to the networks where you suppose to have media servers. Thus, you don’t need to add routes manually. This can be done using DHCP option 121 and the following helper . /ip dhcp-server option add code=121 name=cons-mcast-routes value=0x04e0c0a80001 add...

Chiverel

Please skip this message if you’re not interested in some kind of TLDR manual. We start from a scenario where nothing must be done. Map device has 1 bridge with 2 interfaces, DHCP server and that’s it. Just to ensure that there are no problems on the producer and consumer devices. Schema (clickable)...

Chiverel

Hi there. This time I’m trying to understand PIM-SM implementation on Mikrotik device. I post the basic working configuration right here. And for those who is curious, I’ll share more details in the further posts. Hopefully this config would save somebody time. I wasn’t able to directly find answers...

Chiverel

As long as you use one or the other, they will be hardware switched. But you can use a software bridge and it would be fine as long as you're not expecting maximum bandwidth.

Exactly

Chiverel

You won't be able to fully switch your 8 remaining ports, because there are 2 physical switches in this RB. There are for sure some workarounds. I've written recently some investigations here . And regarding gateways. I assume it should be possible to add default routes via different interfaces usin...

Chiverel

我不是sure why it is not accepting the dhcp-server rules for office_server and POS_server ?????????????? Because your ports are added into bridge. /interface ethernet set [ find default-name=ether1 ] name=eth1_WAN set [ find default-name=ether2 ] name=eth2_kontor set [ find default-name=ether3 ]...

Chiverel

It looks like you've assigned several IP networks to the same WorkBridge. /ip dhcp-server add address-pool=dhcp-WorkLAN disabled=no interface=WorkBridge name=Work_Server add address-pool=dhcp-GuestLAN disabled=no interface=eth3_gjest name=Guest_Server #failure: server or relay with such interface al...

Chiverel

You could also implement aport-knockingthat adds your current IP address in the VPN white list for some time, and thus even VPN connection could be allowed to a certain addresses within predefined amount of time.

Chiverel

You could use "ip firewall raw" in the prerouting chain instead of "ip firewall filter". In this case packets are not processed by connection tracking and then unwanted traffic would consume less CPU. And instead of creating 2 rules for src and dst port, you can use Any port and ...

Chiverel

@CZFan, Thanks for your comments. 1. If you plan to Switch all ports, then yes. Since I'm planning to use eth2 as WAN, eth9 as Management and eth1+eth10 as reserved so far, and those ports won't be a part of a Home bridge. I don't see the point of enabling HW offload there. With the current setup I ...

Chiverel

也许我的经验会帮助别人,因为遮阳帽c is not really active. Summary of testing VLANs with HW offloading with the following config: VLAN 10: access ports eth3, eth4; trunk eth5; DHCP 192.168.10.0/27 VLAN 20: access ports eth7, eth8; trunk eth6; DHCP 192.168.20.0/27 Here’s a picture (cli...

Chiverel

And the last one . Let's imagine: I have a named Bridge-1G with DHCP with ether3-5 VLAN 10 are is assigned on a switch VLANs just like above ( ether3-5, sw1-cpu ) I decide to extend my VLAN=10 on the switch2. So my actions are either: Add Bridge-100M without DHCP, add ether6-ether10; Add same ports...

Chiverel

I'll dare to bump this old thread. I'm trying to understand vlans and essential topic seems to be just a right place. There's a bunch of information on older ROS configuration. But I don't have solid knowledge for that and have problems in adjusting those configs into hew HW offload bridges/vlan/swi...

Chiverel

Thanks, I'm already moving this direction. I've splitted up LAN and WLAN from the single bridge and assigned IP addresses from different segments today. That caused adding static routes between segments to ensure clients will be able to communicate from LAN to WLAN and vice versa. Additional trick w...

Chiverel

Thank you for reply. Yes, I thought about that, but I don't like that idea, since DHCP server is attached to Bridge and I don't know what addresses are assigned to Wi-Fi, wired or even VPN users. Such situation spawns the problem with new devices. I'd like to avoid adjusting IP address lists constan...

Chiverel

Hi, I'm using RB2011 and I'm quite satisfied with it. I'd like to get a bit more of the router and try to implement QoS, but the whole picture doesn't appear in my head yet. I'd be happy in case you could share your experience here. I have several bridges currently: - Home network: ether1—ether7 + w...

Search found 47 matches