MikroTik RBD52G-5HacD2HnD-TC hAP ac²

Incearca si cu pachete mici , 32...64 K si vezi ce zice

OK, de trei ori, dar niste viteze de transfer ... cat?

Cand o sa ajung la un laptop o sa pun si cifre, dar cred ca dupa Craciun.

@ndor, daca mai ai niste idei de teste, imi poti spune, doar transferul de fisiere mi-a venit pe moment.

ndor, on 22 decembrie 2018 - 18:45, said:

Ce sa zica, il îngenunchează Nu prea isi au rostul in real life pachete asa de mici, doar atunci cand vrei sa compari  ce pot 2 routere.
Atasat un extras pentru un home network cu 15 clienti ce fac de toate: torrenti, live stream, games, dwld, youtube, netflix, name it, pt o idee ce inseamna % pachete de 64k.

(fiber.purple.lan) #show interface ethernet 0/1
Total Packets Received (Octets)................ 474584599795
Packets Received 64 Octets..................... 733467143
Packets Received 65-127 Octets................. 371700706
Packets Received 128-255 Octets................ 9954859
Packets Received 256-511 Octets................ 6909596
Packets Received 512-1023 Octets............... 5989076
Packets Received 1024-1518 Octets.............. 263100793
Packets Received > 1518 Octets................. 0
Total Packets Transmitted (Octets)............. 4941266759575
Packets Transmitted 64 Octets.................. 17671999
Packets Transmitted 65-127 Octets.............. 71947157
Packets Transmitted 128-255 Octets............. 7715776
Packets Transmitted 256-511 Octets............. 7173014
Packets Transmitted 512-1023 Octets............ 15678156
Packets Transmitted 1024-1518 Octets........... 3305656640
Packets Transmitted > 1518 Octets.............. 0
Load Interval.................................. 5
Bits Per Second Received....................... 3796520
Bits Per Second Transmitted.................... 156243536
Packets Per Second Received.................... 3337
Packets Per Second Transmitted................. 13355
Time Since Counters Last Cleared............... 15 day 13 hr 38 min 13 sec

Edited by ogo, 22 December 2018 - 21:31.

Stiu ca-l ingenunchiaza   Ideea era ca daca rezista la alea , nu e cazul sa-si faca probleme de restul .
Ca idee de testat. Foloseste Jperf-ul . Setezi marimea pachetelor , numarul de stream-uri , pentru inceput , min.10 , pentru wireless AC poti pune si 20 si vezi ce spune .O sa ai un grafic .
In felul asta poti "tuna" routerul cum vrei . Este o metoda cat se poate de profi pentru ca tu vei testa exclusiv echipamentul local si nu reteaua providerului ca in cazul unui speedtest.net .Singurul dezavantaj ar fi ca ai nevoie de doua calculatoare care sa tina fara probleme traficul .
- https://netbeez.net/...w-to-use-jperf/
- https://turbofuture....put-Using-JPerf

Super, mersi pentru pont. Acum, pentru streaming video pachetele sunt mai mici sau mai mari? Eu pentru asta folosesc in mare.

Revin cu o intrebare, am incercat sa activez IPsec si L2TP IPsec dar in momentul in care activez in PEERS campul de L2TP, nu ma mai pot conecta cu IPsec plain. Daca dezactivez campul L2TP, ma pot conecta cu IPsec plain. Sa inteleg ca merg ori pe o varianta ori pe cealalta?

Totodata in WinBox am campurile din poza marcate cu rosu.

[ https://i.postimg.cc/bwqX53QX/2018-12-23-002924.png - Pentru incarcare in pagina (embed) Click aici ]

Nu inteleg de ce primesc "This entry is unreachable"...

Am incercat sa adaug peer-ul respectiv folosind comanda:

/ip ipsec peer add address=0.0.0.0/0 exchange-mode=main-l2tp nat-traversal=yes generate-policy=port-override secret="secret" enc-algorithm=aes-128,3des

Dar imi da eroare

expected end of command (line 1 column 62)

Drept urmare, am adaugat eu manual din Winbox acel peer, bineinteles, nu am toate optiunile din comanda, parte din ele le-am gasit in tabul PEER PROFILES facand un nou profil. Cumva s-au schimbat treburile in 6.43.7 si linia de comanda de mai sus nu mai corespunde?

Revin cu o intrebare: in tabelul Firewall, ce reprezinta acel trafic/numar de pachete?
Reprezinta numarul de pachete blocate de catre router?
Ce interes are oare acea camera video sa se conecteze la internet?

Edited by joystick, 31 December 2018 - 10:53.

Reprezinta nr de pachete ce au trecut/activat regula respectiva (au avut ca sursa ip camerei si ca destinatie chain fwd).
Se poate vedea si din cli:

/ip firewall filter print stats

Pai tcpdump si vezi ce vrea de la internet (ce ip/port vrea sa acceseze). Parca e ceva de genul /tool sniffer in mikrotik.

joystick, on 31 decembrie 2018 - 10:53, said:

Volumul de trafic se masoara in Bytes sau Bits iar traficul de date ajunge in router sub forma de pachete. Acel numar de pachete e folosit mai mult de provideri/fabricanti ca unitate de masura in specificatiile tehnice la viteza procesare, bla, bla ... pentru noi utilizatorii simpli conteaza "volumul" .
Unele camere se conecteaza la net sa-si actualizeze ceasul, altele au diverse servicii in cloud (ddns, storage, remote acces....). Daca e camera ta, ar trebui sa verifici setarile si sa-i dezactivezi serviciile care nu le folosesti

Acum intrebarea mea: pot crea o retea pt. guest cu acest router ? Vreau sa dau acces doar la net pt. un alt ssid dar fara acces in lan, si bineinteles alt ssid cu acces full pt. familie.

Da. Ai nevoie de 2 vlan-uri in cazul tau. Recomand sa blochezi in vlan-ul fara acces in lan si client isolation pt “musafirii” tai.

Mulțumesc...
@cibi...vezi ca pusesem eu niște tutoriale mai devreme... Găsești acolo cum sa izolezi clientii din WinBox. Clibe prea mult ptr mine.

Tot legat de wifi guest, am gasit un review pt. modelul hAP ac (pare un model un pic mai vechi, cred) iar in interfata WinBox prezentata avea meniu dedicat pt. wireless guest:
minutul 20:00 - [ https://www.youtube-nocookie.com/embed/doXTmb6fdqk?feature=oembed - Pentru incarcare in pagina (embed) Click aici ]
Sa inteleg ca difera asa mult meniurile iar la acest model hAP ac2 nu mai exista acel meniu dedicat ? Nu ma deranjeaza sa ma si documentez un pic cum se face manual, dar eram curios pt. ca am vazut meniul explicit acolo.

In alta ordine de idei, stie cineva daca la acel model hAP AC portul SFP de fibra poate fi folosit cu fibra RDS ? La mine RDS-ul vine cu fibra pana in casa si parca as vrea sa scap de convertor si ruterul lor acum cand am vazut portul SFP.
Scuze pt. intrebarile de noob, dar eram fan Asus pana au retras suportul opensource la al meu AC56U si acum am descoperit Mikrotikul

Cibi101, on 01 ianuarie 2019 - 17:07, said:

Iar incepem cu prostia asta? Raspunsul este NU de fiecare data.

Meniurile sunt aceleasi, softul este acelasi DAR uneori cu o versiune mai noua de soft, se mai fac aranjamente/permutari/combinari prin meniuri. De aceea, tutorialele mai vechi nu mai corespund pas cu pas.

Cel putin asta am observat eu.

Referitor la guest network, eu nu am facut nimic deosebit, doar am activat reteaua de guest din quick config. Am testat apoi sa vad daca pot accesa share-urile mele pe reteaua guest si nu erau accesibile. Mai mult nu am testat pentru ca nu am avut timp.

PS: Ieri la Senetic erau 20+ bucati hap ac2 pe stoc, dupa ce acum cateva zile nu era nimic pe stoc. Astazi vad ca stocul este epuizat deja. Sa inteleg ca a inceput lumea sa treaca pe MK? )
PPS: La multi ani tuturor!

Edited by JohnnyUSA, 01 January 2019 - 18:01.

Stocul senetic nu e doar pentru Romania cred ca din Polonia acopera cam tot ce inseamna Europa de Est/Balcani.

Bun, m-a cam terminat chestia asta cu VLAN-uri.

Ce am avut: o retea 192.168.0.0/24 (routerul avand ip-ul 192.168.0.1).

Am creat un VLAN cu ID-ul 10, am adaugat in ea o interfata wifi (virtuala) si am creat un server DHCP (192.168.10.0/24). Am creat un bridge la care am adaugat VLAN10 si WLAN10.
Am creat un VLAN cu ID-ul 20, am adaugat in ea o interfata wifi (virtuala), portul 5 al routerului (am un hassio acolo pe raspberry pi) si am creat un server DHCP (192.168.20.0/24). Am creat un alt bridge la care am adaugat VLAN20 si WLAN20.

Probleme/intrebari:

1. in serverul DHCP ce DNS ar trebui sa pun? Ma refer la DHCPurile ptr VLAN. 192.168.10.1/192.168.20.1/192.168.0.1 nu ajuta pentru ca nu am internet. Totusi, merge cu 8.8.8.8.

2. Din Vlan-uri pot sa dau ping in router dar nu ma pot conecta la el. Ceva gresesc. merge sa ma conectez la router doar de pe wlan1 care este interfata principala (sub care am creat alte 2 WLAN-uri). Este cumva faptul ce celelalte 2 interfete sunt legate la bridge 10 si bridge 20?
3. Am mutat toate porturile eth2,3,4 in VLAN 10. Acum vine partea frumoasa. In bridge original, a ramas doar wlan1 (interfata master). Din pacate nu pot sa mai accesez internetul deloc decat daca ma conectez la wlan10 sau wlan20
4. am asociat portul 2 interfetei default “bridge” si acum totul a revenit la normal, dar evident, nu mai funtioneaza vlan10. Ce gresesc?


Daca cineva are chef sa arunce o privire...ar fi suuper .


linia asta am modificat-o la punctul 4.
add bridge=bridge comment=defconf interface=ether2   , in sensul ca am schimbat bridge in brigge_vlan10

Multumesc.

[admin@MikroTik] > export compact hide-sensitive
# jan/01/2019 21:22:53 by RouterOS 6.43.7
# software id = 4LJ9-06RT
#
# model = RBD52G-5HacD2HnD
# serial number = 8FDE0*****
/interface bridge
add admin-mac=B8:69:F4:2F:**** auto-mac=no comment=defconf name=bridge
add name=bridge_vlan10
add name=bridge_vlan20
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-out1 use-peer-dns=yes user=\
	BV16376*****
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX disabled=no distance=\
	indoors frequency=auto mode=ap-bridge ssid=ReteaAcasaMK wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX distance=indoors \
	frequency=auto mode=ap-bridge ssid=MikroTik-2FA7D2 wireless-protocol=802.11
add disabled=no keepalive-frames=disabled mac-address=BA:69:F4:*****2 master-interface=wlan1 \
	multicast-buffering=disabled name=WLAN10 ssid=ReteaAcasaMKVlan10 vlan-id=10 vlan-mode=use-tag \
	wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/interface vlan
add interface=WLAN10 name=VLAN10 vlan-id=10
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys \
	supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys \
	name=IoT supplicant-identity=""
/interface wireless
add disabled=no keepalive-frames=disabled mac-address=BA:69:F4:2***** master-interface=wlan1 \
	multicast-buffering=disabled name=WLAN20 security-profile=IoT ssid=ReteaAcasaIoT vlan-id=20 \
	vlan-mode=use-tag wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/interface vlan
add interface=WLAN20 name=VLAN20 vlan-id=20
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp ranges=192.168.0.10-192.168.0.254
add name=dhcp_pool1 ranges=192.168.20.2-192.168.20.254
add name=dhcp_pool2 ranges=192.168.10.2-192.168.10.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
add address-pool=dhcp_pool1 disabled=no interface=bridge_vlan20 lease-time=1m name=dhcp1
add address-pool=dhcp_pool2 disabled=no interface=bridge_vlan10 lease-time=1m name=dhcp2
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge_vlan10 comment=defconf interface=ether3
add bridge=bridge_vlan10 comment=defconf interface=ether4
add bridge=bridge_vlan20 comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
add bridge=bridge_vlan20 interface=WLAN20
add bridge=bridge_vlan20 interface=VLAN20
add bridge=bridge_vlan10 interface=WLAN10
add bridge=bridge_vlan10 interface=VLAN10
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-out1 list=WAN
/ip address
add address=192.168.0.1/24 comment=defconf interface=ether2 network=192.168.0.0
add address=192.168.20.1/24 interface=bridge_vlan20 network=192.168.20.0
add address=192.168.10.1/24 interface=bridge_vlan10 network=192.168.10.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1
/ip dhcp-server lease
add address=192.168.0.253 client-id=1:cc:5d:4***** comment=NSA310 mac-address=\
	CC:5D:4E***** server=defconf
************************************************
/ip dhcp-server network
add address=192.168.0.0/24 comment=defconf dns-server=8.8.8.8 gateway=192.168.0.1 netmask=24
add address=192.168.10.0/24 dns-server=193.231.252.1 gateway=192.168.10.1
add address=192.168.20.0/24 dns-server=8.8.8.8 gateway=192.168.20.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.0.1 name=router.lan
/ip firewall filter
add action=drop chain=forward comment="Dropp access din 192.168.20.0/24 in 192.168.0.0/24" \
	disabled=yes dst-address=192.168.0.0/24 src-address=192.168.20.0/24
add action=drop chain=forward comment="Blocare Gateway MI" dst-address=!192.168.0.0/24 \
	src-mac-address=78:11:DC:B2:81:A9
add action=drop chain=forward comment="Blocare Internet Camera 720P" dst-address=!192.168.0.0/24 \
	src-address=192.168.0.19 src-mac-address=00:12:15:28:FE:DC
add action=drop chain=forward comment="Blocare Broadlink retea locala" disabled=yes dst-address=\
	192.168.0.0/24 src-address=192.168.0.159 src-mac-address=34:EA:34:F4:32:3C
add action=accept chain=input comment="defconf: accept established,related,untracked" \
	connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=\
	!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=\
	established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" \
	connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf:  drop all from WAN not DSTNATed" \
	connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none \
	out-interface-list=WAN
/system clock
set time-zone-name=Europe/Bucharest
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

Și ca să continui... Switch-ul managed din retea (tp link) ce ip ar trebui sa aiba ptr configurare?

Oare ar trebui sa fac o schema cu ce vreau sa iasa la sfarsit?