Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us $3,400 per month for bandwidth bills alone, and since we don't believe in shoving popup ads to our registered users, we try to make the money back through forum registrations.
«56 »
  • Post
  • Reply
Partycat
Oct 25, 2004

Rule Number Dos:
A lot of you maggot people are gonna see some things that you're not used to seein'. I'm talking about nudies! That's right! Botticelli may show a titty or two and Michelangelo may show a mans willy dong long prong... but you are not, I repeat, you are not to titter !

Plaster Town Cop

I am going to set up some PCQ based queue trees to break up a wan link for user fairness - Iím seeing some comment that if I just donít set a limit on user queues it will just divide bandwidth evenly ?

Is there a reason to screw with the queue strategy ?

Any comment on performance hit with pcq instead of basic ?

Adbot
ADBOT LOVES YOU

PUBLIC TOILET
Jun 13, 2009



Not sure if anyone else has seen this issue, but with the new 3.15 version of Winbox, if I use that to login to my hAP AC, the open windows are all corrupted looking until you move them. Reverting to 3.14 corrects this graphical issue.

redeyes
Sep 14, 2002
I LOVE THE WHITE STRIPES!

Thanks for the heads up.

thebigcow
Jan 3, 2001

Bully!

Anyone have experience with CAPsMAN?

I'm putting an AP in an office that doesn't have one so it seemed like a good time to learn it, but then I started reading the wiki page and my eyes glazed over. It's just a simple WPA2-PSK setup for crap internet.

redeyes
Sep 14, 2002
I LOVE THE WHITE STRIPES!

I thought CAPsMAN is for multiple AP management?

thebigcow
Jan 3, 2001

Bully!

redeyes posted:

I thought CAPsMAN is for multiple AP management?

It is, and I may have more in the future.

thebigcow
Jan 3, 2001

Bully!

Kind of wished I had used CAPsMAN because of shenanigans.

The cAP ac is neat. The big button in the middle turns the LEDs on and off. I was able to power it off the 10/100 POE port on an RB2011 if I forced POE on, but used the gigabit injector instead.

I swear those cabinets weren't there before and a measuring tape works as a fish tape for a couple feet of wall.

Thanks Ants
May 21, 2004

Bless You Ants, Blants



Fun Shoe

You can script the button as well

That Dang Lizard
Jul 13, 2016

what; an idiomt


I'm fairly new at the MikroTik game, can anyone advise the implications of having one ethernet interface with multiple IP addresses vs. one ethernet interface with multiple VLAN interfaces, each with its own IP address.

This is for a CHR install under MS Hyper-V (to be a cAPsMAN controller), and getting VLAN trunking on our failover cluster looks hard (or at least non-trivial enough to concern my boss), so I was wondering if that will mess up the fastpath/fasttrack forwarding (we're still waiting for the testing AP to arrive to play with, but the APs will probably be responsible for forwarding their own traffic - this is more in case we ever want all traffic going through the cAPsMAN server in future for some reason).

falz
Jan 29, 2005

01100110 01100001 01101100 01111010


One has vlan tags on the ips, the other doesn't.

Partycat
Oct 25, 2004

Rule Number Dos:
A lot of you maggot people are gonna see some things that you're not used to seein'. I'm talking about nudies! That's right! Botticelli may show a titty or two and Michelangelo may show a mans willy dong long prong... but you are not, I repeat, you are not to titter !

Plaster Town Cop

So for a router-on-a-stick type setup, you'd create a bridge with the untagged VLAN PVID on it, add the Ethernet/whatever interface to it directly , also PVID to the bridge's PVID, then you can add VLAN interfaces to other VLANs and connect them to the bridge, then add the VLANs tagged to the bridge to expose them to the Ethernet port?

I've been having an interesting time trying to get my head around this, seems pretty simple and yet I get it where it all stops working until I flap an interface or something, seems like I'm doing it wrong.

e: yeah okay this works fine, just set the VLAN interface as an untagged member of the bridge, and stack on whatever you want. The bridge is actually probably unnecessary for a single phy. Took me a minute to get that the DHCP server is not intelligent enough to understand giaddr = network and that works.

PCQs donít right now with rate = 0 and max limit set nothing happens .

Partycat fucked around with this message at Jul 3, 2018 around 02:00

That Dang Lizard
Jul 13, 2016

what; an idiomt


falz posted:

One has vlan tags on the ips, the other doesn't.

Cheers, I was hoping it would be that simple.

PUBLIC TOILET
Jun 13, 2009



PUBLIC TOILET posted:

Not sure if anyone else has seen this issue, but with the new 3.15 version of Winbox, if I use that to login to my hAP AC, the open windows are all corrupted looking until you move them. Reverting to 3.14 corrects this graphical issue.

FWIW this bug is *still* present in v3.16.

Partycat
Oct 25, 2004

Rule Number Dos:
A lot of you maggot people are gonna see some things that you're not used to seein'. I'm talking about nudies! That's right! Botticelli may show a titty or two and Michelangelo may show a mans willy dong long prong... but you are not, I repeat, you are not to titter !

Plaster Town Cop

I had that happen at one point but I was not able to reproduce it reliably - after I deleted my session and started over it was fine .

EssOEss
Oct 23, 2006
128-bit approved

What's the sensible minimum set of "nothing incoming except when I say so" firewall rules to use? I see examples in the MT wiki and forums that are all over the place. For example, some have rules like "block incoming traffic from public network interface that has a private source IP address" or just "drop if connection type is invalid" - what actual benefit do such rules have? Do I need more than "allow incoming if established/related + drop everything else"?

Adbot
ADBOT LOVES YOU

PUBLIC TOILET
Jun 13, 2009



EssOEss posted:

What's the sensible minimum set of "nothing incoming except when I say so" firewall rules to use? I see examples in the MT wiki and forums that are all over the place. For example, some have rules like "block incoming traffic from public network interface that has a private source IP address" or just "drop if connection type is invalid" - what actual benefit do such rules have? Do I need more than "allow incoming if established/related + drop everything else"?

Honestly, I just use a variation of this:

https://www.manitonetworks.com/netw...outer-hardening

Been working well for years now.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
«56 »