|
So.. Netbox 5 (Mikrotik RB911G-5HPacD-NB NetBox-5). PoE AF 48v or Passive 24v?!!! I've got one of these and been powering it with the included Mikrotik Gigabit PoE injector. I got a new PoE switch and wanted to power all my stuff with it. Problem is I cannot for the life of me figure out if this Netbox 5 is 48v AF or 24v passive. The Mikrotik manual says it is 8-30v Passive: https://mikrotik.com/product/RB911G-5HPacD-NB Yet the actual PoE injector has a light, says its input voltage is same as output: https://mikrotik.com/product/RBGPOE Somehow I thought that you couldn't do Gigabit with passive PoE.. probably mistaken. [edit] I looked at the power supply in question and it appears to be 24v output. I guess this is a passive PoE adapter?! [edit2] Say I accidentally hook a passive 24v device to a PoE 48v AF switch. Wont the switch figure out it isn't AF and not power it? redeyes fucked around with this message at 23:04 on Aug 14, 2018 |
#
?
Aug 14, 2018 23:00
|
|
|
|
| # ? May 22, 2024 05:00 |
|
|
Depending on the PoE power device and the router/AP, it could do nothing, or it could fry the passive device. Who knows. Theoretically no, but why chance it?
|
|
#
?
Aug 14, 2018 23:16
|
|
|
Most Mikrotik stuff isn't 802.3af/at PoE, it's all passive. This might let you power it from a PoE switch https://store.ubnt.com/collections/accessories/products/instant-802-3af-indoor-gigabit-poe-converter
|
|
#
?
Aug 14, 2018 23:16
|
|
|
Thanks for that info. I did some testing with some older Ubiquiti devices, one being 24v passive, the other 48AF. I tried hooking the 24v passive into a Auto/AF Port and it did not power it, and did not kill it. Then I realized my new switch which is the Ubiquiti Edgeswitch 16 PoE has both 24v passive AND 48v AF. So I set one port to 24v passive and then hooked a normal 48v PoE AP to it, it did not kill it nor power it. So it appears I can't really gently caress my stuff up. It's kinda nice because I have a mixture of passive 24v and 48v AF devices on my network. My goal was to get rid of the 10 power injectors which do security cameras, APs, and also routers.
|
|
#
?
Aug 15, 2018 00:23
|
|
|
Hope your distributor is stocked https://eng.lsm.lv/article/economy/economy/big-fire-at-mikrotik-warehouse.a289329/
|
|
#
?
Aug 21, 2018 14:18
|
|
|
I was just doing some config stuff in Winbox and noticed my DHCPv6 Client is broken or something. It does pull a v6 address correctly, assigns that to a pool but the entire Winbox line for that client is in RED (error or ?) If i disable and reenable it it will not throw any errors in the log file. I've no idea if it is a problem I should fix.
|
|
#
?
Aug 23, 2018 16:13
|
|
|
The latest WIP firmware finally enables HW crypto acceleration on the RB3100 
|
|
#
?
Aug 24, 2018 20:10
|
|
|
I decided to do a firmware update and clear/redo on my older RB951G-2HnD. To my surprise all the IPv6 and firewall stuff is now in the default config. It's got some pretty interesting rules I hadn't seen before. Pretty cool!
|
|
#
?
Aug 24, 2018 20:29
|
|
|
I just want RouterOS in cases designed by pretty much anybody else. The hEX range are pretty cool, as are the CCRs, but the smaller rackmount Routerboards look and feel like one-off electronics hobby projects.
|
|
#
?
Aug 24, 2018 20:51
|
|
|
The RB3011 feels like it is filled with helium and has horrible build quality. Good thing it's racked and no one can tell.. ;_; [edit] I nearly returned the thing because the power jack kept falling out the back until I realized you have to ram it full force into the hole. redeyes fucked around with this message at 16:10 on Aug 25, 2018 |
|
#
?
Aug 24, 2018 20:53
|
|
|
Thanks Ants posted:I just want RouterOS in cases designed by pretty much anybody else. The hEX range are pretty cool, as are the CCRs, but the smaller rackmount Routerboards look and feel like one-off electronics hobby projects. They take the existing board and make a case for it, so the layout is dumb. Console port in the back of my RB2011 etc. Remember when the original RB2011 power plug was inside the case? If you had to fish the cord through a small space, like idk 1U, you had to open the case to unplug it.
|
|
#
?
Aug 25, 2018 14:47
|
|
|
I've just replaced my Mikrotik with a PFsense box (I have 100/100 fiber) and before I was unable to max out my upload most of the time, maybe got 60-70mbps and chalked it up to my ISP. Now with PFsense I get 110/110 even any time of the day which leads me to believe somehow the Mikrotik was limiting my bandwidth. Thing is the Mikrotik has a 700mhz single core processor and was showing at most %60 CPU usage with me running speed tests. What gives?
redeyes fucked around with this message at 20:34 on Aug 29, 2018 |
|
#
?
Aug 29, 2018 20:32
|
|
|
redeyes posted:I've just replaced my Mikrotik with a PFsense box (I have 100/100 fiber) and before I was unable to max out my upload most of the time, maybe got 60-70mbps and chalked it up to my ISP. Now with PFsense I get 110/110 even any time of the day which leads me to believe somehow the Mikrotik was limiting my bandwidth. Thing is the Mikrotik has a 700mhz single core processor and was showing at most %60 CPU usage with me running speed tests. What gives? What model? How many rules did you have? Did you enable fast path? etc. Hardware from a few years ago with a complicated rule setup probably easily overwhelm the device even at modest bandwidth. I had to upgrade to a newer RB configuration when I got my 150 in because it would cap out with anything fancy going on, which, of course, is why I bought the drat thing in the first place.
|
|
#
?
Aug 29, 2018 20:58
|
|
|
It's the RB951G-2HND. I only really had normal firewall rules, default IPv6 with 3 forwards and 2 forwards for IPv4. That is it! I don't really know if fastpath was on or off but I can check.
|
|
#
?
Aug 30, 2018 02:57
|
|
|
Last I checked the fastpath stuff didn't work with IPv6. You could reset the thing to factory defaults on a current version of RouterOS to rule out your configuration.
|
|
#
?
Aug 30, 2018 05:08
|
|
|
thebigcow posted:Last I checked the fastpath stuff didn't work with IPv6. Thats actually what I did to arrive at that 50-60% usage number.
|
|
#
?
Aug 30, 2018 15:55
|
|
|
Weird. It's the same CPU as the RB2011 and those are good for ~300mb/s before fastpath.
|
|
#
?
Aug 31, 2018 00:00
|
|
|
Finally looks like wireless spec isn't way down the list on MikroTik's home office equipment https://mikrotik.com/product/rb4011igs_5hacq2hnd_in
|
|
#
?
Sep 10, 2018 15:23
|
|
|
I keep hearing RouterOS doesn't take advantage of multicore CPUs well or at all, it's still single threaded ITYOOL 2018, is this true or something made up by an ER-X fanboy?
|
|
#
?
Sep 11, 2018 02:24
|
|
|
Binary Badger posted:I keep hearing RouterOS doesn't take advantage of multicore CPUs well or at all, it's still single threaded ITYOOL 2018, is this true or something made up by an ER-X fanboy? My CCR-1072s reboot themselves with more than like 2-3 BGP peers doing full routes because the BGP process is single threaded and gets overwhelmed.
|
|
#
?
Sep 11, 2018 03:21
|
|
|
I check in on their forums now and again, lots of features are being delayed until RouterOS 7, and RouterOS 7 is complete vapourware. Apparently they can’t actually use a lot of the 802.11ac features of the radios either, as the OS doesn’t support it.
|
|
#
?
Sep 11, 2018 07:08
|
|
|
I've seen people talking about how certain features will be introduced in RouterOS 7 in forums going back to like 2014 or earlier. Definitely vaporware.
|
|
#
?
Sep 11, 2018 14:02
|
|
|
So what’s their future then ?
|
|
#
?
Sep 11, 2018 15:32
|
|
|
Partycat posted:So what’s their future then ? A big warehouse fire and a fat insurance payout.
|
|
#
?
Sep 12, 2018 13:37
|
|
|
Third world ISPs and WISPs that are also their market right now.
|
|
#
?
Sep 12, 2018 13:56
|
|
|
Methylethylaldehyde posted:A big warehouse fire and a fat insurance payout. 
|
|
#
?
Sep 12, 2018 16:33
|
|
|
My ISP does carrier grade NAT and has their network configured like poop. I can run Winbox on a computer connected directly to the ISP and it finds their CCR1016 Cloud Core router. *sigh* And the firmware is older, from last year. Oh boy.
|
|
#
?
Sep 12, 2018 17:38
|
|
|
redeyes posted:My ISP does carrier grade NAT and has their network configured like poop. I can run Winbox on a computer connected directly to the ISP and it finds their CCR1016 Cloud Core router. *sigh* Name and shame imo
|
|
#
?
Sep 12, 2018 17:56
|
|
|
Pendent posted:Name and shame imo It's a local fiber ISP. Nothing anyone else will have to deal with but it's this place: https://kitcarson.com/internet
|
|
#
?
Sep 12, 2018 17:57
|
|
|
One of the providers we've started using supplies Mikrotik routers as the CPE which I assume means they also use them elsewhere.
|
|
#
?
Sep 12, 2018 18:03
|
|
|
redeyes posted:My ISP does carrier grade NAT and has their network configured like poop. I can run Winbox on a computer connected directly to the ISP and it finds their CCR1016 Cloud Core router. *sigh* Jesus christ. I use a consumer-grade, non-Wifi Mikrotik device connected to a cable modem for internet access. I'm not a networking guru, but I keep it up to date as best I can and have done basic things like disabling remote administration etc. etc. I also don't use WinBox, but instead use the web interface for administration connected via a desktop & ethernet cable. Does anyone in this thread feel this use case is not recommended due to the various security issues I see that are constantly cropping up in the past year? I have a few NAT routers & switches connected to it and the device has improved my internet speeds and latency in various applications immensely. Is there a go-to guide on hardening the default configs of various Mikrotik devices? My own personal security/privacy is no more important than any other random person, but my main concern is unwittingly participating in malicious DDoS attacks and enabling various other evil poo poo due to my ignorance.
|
|
#
?
Sep 12, 2018 18:03
|
|
|
Just don't allow management from the WAN and pretty much all the recent Mikrotik problems go away. Either wait until you get home before logging onto the thing, or use a VPN.
|
|
#
?
Sep 12, 2018 18:07
|
|
|
im depressed lol posted:Jesus christ. I use a consumer-grade, non-Wifi Mikrotik device connected to a cable modem for internet access. I'm not a networking guru, but I keep it up to date as best I can and have done basic things like disabling remote administration etc. etc. I also don't use WinBox, but instead use the web interface for administration connected via a desktop & ethernet cable. As far as I know, if you keep the firmware updated you should be good. If you skipped updates from like mid 2017 to mid 2018 there were patches that definitely prevented those DDoS exploits. I just switched from Mikrotik as my main router to PFsense because I wanted to try something different.
|
|
#
?
Sep 12, 2018 18:10
|
|
|
I've been on top of keeping the OS and the firmware up to date, but maybe a PfSense box would be a cool little project to try and tackle. Thanks for the advice/re-assurance.
|
|
#
?
Sep 12, 2018 18:12
|
|
|
redeyes posted:My ISP does carrier grade NAT and has their network configured like poop. I can run Winbox on a computer connected directly to the ISP and it finds their CCR1016 Cloud Core router. *sigh* I had this same issue with either Level3 or Windstream, I can't remember which. This was like 4 years ago. For shame.
|
|
#
?
Sep 12, 2018 21:24
|
|
|
im depressed lol posted:Jesus christ. I use a consumer-grade, non-Wifi Mikrotik device connected to a cable modem for internet access. I'm not a networking guru, but I keep it up to date as best I can and have done basic things like disabling remote administration etc. etc. I also don't use WinBox, but instead use the web interface for administration connected via a desktop & ethernet cable. No, I haven’t heard of any major issues outside of vpnfilter , but that’s also because of the exposure and proliferation. The Linkskey and Dink-Link devices probably have severe issues but you don’t hear about them, and can’t do much.
|
|
#
?
Sep 12, 2018 23:11
|
|
|
GnarlyCharlie4u posted:I had this same issue with either Level3 or Windstream, I can't remember which. This was like 4 years ago. For shame. Windstream was like joker ISP so yeah if there’s someone who would have done that I’d say them. Level3 seemed professional at least.
|
|
#
?
Sep 12, 2018 23:12
|
|
|
Partycat posted:Windstream was like joker ISP so yeah if there’s someone who would have done that I’d say them. Level3 seemed professional at least. Fun fact: we had them both as "redundant" ISPs in case one failed we would have the other. Windstream was using level3 for their last mile anyway so every time poo poo hit the fan with L3, we were hosed anyway.
|
|
#
?
Sep 12, 2018 23:16
|
|
|
So it looks like they've decided to update the bugfix branch from 6.40.9 to 6.42.9. Anyone here brave enough to have already updated? Any issues with bridge/switch config migrations?
|
|
#
?
Oct 3, 2018 17:42
|
|
|
|
| # ? May 22, 2024 05:00 |
|
|
Did you guys see this: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14847 Feels like a constant stream of obnoxious exploits these days. This one fortunately doesn't appear to apply if you're using the winbox service to restrict access at least.
|
|
#
?
Oct 3, 2018 18:10
|
|