LAG on SwOS

https://wiki.mikrotik.com/wiki/SwOS/CSS326#LAG

Each individual port can be configured as Passive LACP, Active LACP or a Static LAG port.

Property	Description
Mode (default: passive)	Specify LACP packet exchange mode or Static LAG mode on ports: Passive: Place port in listening state, use LACP only when it's contrary port uses active LACP mode Active: Prefer to start LACP regardless contrary port mode Static: Set port in a Static LAG mode

Property	Description
Group	Specify a Static LAG group
Trunk (read only)	Represents group number port belongs to.
Partner (read only)	Represents partner mac-address.

 https://forum.mikrotik.com/viewtopic.php?t=126149

Hello, why are you configuring LAG ports as static? and the second one, to configure a LAG with SwOS it's like a LACP so it has some modes where those switches can negotiate the LAG port:

Passive: Place port in listening state, use LACP only when it's countrary port uses active LACP mode
Active: Prefer to start LACP regardless countrary port mode
Static: Place port in LACP mode=on

So if you want to configure a LACP link you need to get this combinations on both sides:
Active - Active
Active - Passive
On - On

https://forum.mikrotik.com/viewtopic.php?t=138066

You can do and should do lacp
This is exactly what you need, 2 links combined for reliability and redundance.
Rstp has nothing to do with this.

Lacp well there is not much to configure, it is missing long and short timeouts but thats it, there is very little configuration. Just make sure that one of sides is in active mode, or set both to active.

Static team or static lag is same as lacp, but you have to define ports, specific ports on which team is made.

For me, lacp and static teaming are not working at all on my server 2016 box with 3 nics...

MikroTik Routers and Wireless - Products: Groove 52

• CPE - Short for "Customer Premises Equipment", this term is used to mean a "wireless station". It connects to a (wireless) network, like your computer would, but doesn't create its own (like an access point).
• Home AP - Simple access point. One SSID, no VLANs, etc.
• PTP Bridge - Used for setting up a "Point to Point" link. Tends to be used to extend a single network to another site that doesn't have a cable running to it.
• WISP AP - "Professional" access point ("WISP" is "Wireless Internet Service Provider", I think). It can serve multiple SSIDs at once, has VLAN support (to have each SSID be its own, isolated network, maybe with firewalling and routing between them), and other advanced things.https://forum.mikrotik.com/viewtopic.php?t=87961

WinBox is much more convenient than using WebFig.

Reset

Buttons and Jumpers

 • RouterOS reset jumper hole (no direct access, board has removed from case) – resets RouterOS software to defaults. Must short circuit the metallic sides of the hole (with a screwdriver, for example) and boot the device. Hold screwdriver in place until RouterOS configuration is cleared.

 • RouterBOOT reset button (access through the plastic door) has two functions: 

1. Power On , Hold Reset Button
2. at 10 sec release hold button
3. at 20 sec , beep sound x 1
4. at 48 sec , beep sound x 2 
5. can ping 192.168.88.1

用呢個 (boot , 5粒 Wifi 閃完 幾下即放手 ) 

o Hold this button during boot time until LED light starts flashing, release the button to reset RouterOS configuration (same result as with reset hole)

唔好去錯呢個 Netinstall Mode

 o Hold this button during boot time longer, until LED turns off, then release it to make the device look for Netinstall servers.

https://forum.mikrotik.com/viewtopic.php?t=110735


HOME AP Basic :

Local Network

• IP address: Mostly can stay at the default 192.168.88.1 unless your router is behind another router. To avoid IP conflict, change to 192.168.89.1 or similar
• Netmask: In most situations can leave 255.255.255.0
• Bridge all LAN ports: Allows your devices to communicate to each other, even if, say, your TV is connected via ethernet LAN cable, but your PC is connected via WiFi.
• DHCP server: Normally, you would want automatic IP address configuration in your home network, so leave the DHCP settings ON and on their defaults.
• NAT: Turn this off ONLY if your ISP has provided a public IP address for both the router and also the local network. If not, leave NAT on.

https://wiki.mikrotik.com/wiki/Manual:Quickset

Configuring WEP with (40bit) static key

Create new WEP security profile named “wep_profile”:

[admin@MikroTik] /interface wireless security-profiles> add name=wep_profile \
mode=static-keys-required static-algo-1=40bit-wep static-key-1=1234123412 static-transmit-key=key-1

Statically configured WEP keys:

Different algorithms require different length of keys:

• 40bit-wep (static-key-1) - 10 hexadecimal digits (40 bits). If key is longer, only first 40 bits are used.
• 104bit-wep (static-key-2) - 26 hexadecimal digits (104 bits). If key is longer, only first 104 bits are used.
• tkip (static-key-3)- At least 64 hexadecimal digits (256 bits).
• aes-ccm (static-key-3)- At least 32 hexadecimal digits (128 bits).

Key must contain even number of hexadecimal digits.

https://wiki.mikrotik.com/wiki/Testwiki/Advanced_MikroTik_Wireless_networks

https://forum.mikrotik.com/viewtopic.php?t=69909

mikrotik couldn't remove security profile not permitted

[Solved] User Group permission mismatch ?! - MikroTik

Question: 

I need set user without rights to policy option like user add or delete etc. 
Why this user cannot change own password. 
Mikrotik show form with password fields and after klick Apply i get info:

Code: Select all

Couldn`t change Change Password - not permitted (9) 

Ans: 
Enable 'password' policy for this user group.