New Features in MikroTik You May Have Missed

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
when everyone I'm sure everyone can hear me okay if you can't well how would you know so I'm David Savage I'm going to give you a talk today on new features and updates in retirees before we start I don't know how long this presentation is gonna go on for I've already if I if I do go over the time apologies to Highness these are coming up next but I've already spoken to him about it and I'm sure we are fine so I'll just go in till either they finish or either if in each or they check me out one of the two just very quickly a little bit about my critic essay my critic essay is an independent network specialist company we're not owned by or affiliated to my critic Latvia in any sense except that we are official training and support partners for my critic as are a number of other training and and other companies what we specialize in is pretty much all forms of wireless and wired networking technologies we offer high-speed point-to-point links carry independent backbone services high availability SaaS and then also general network management and configuration services if you need any any kind of expert consultant to assist you on your network or anything else involved in mikrotik then with you guys the only thing we don't do as a might mention that we saw Hardware since there are already many many great companies that that do that at very competitive prices a little bit about myself I'm a micro tech certified trainer and consultant I well don't really solely manage wireless networks myself anymore but I run a company that that does just that I have many many years of experience in the IT field I've been using micro tech pretty much since its inception and I teach general networking and micro to agree to reverse so I use the product every day both in the office out in the field loads of both technical and practical knowledge on the products I think I'm a pretty good candidate for giving you these updates on on what's new so what is this presentation all about well as you probably know if you've used the product my critique is under constant development they are always bringing out new fuchsias and always bringing up bringing out updates to existing features nothing nothing more fun than giving a training class telling everyone how mikrotik conjured do you this and then finding out it does exactly that because they've pulled out in the last update so I mean I guess on my side a little bit of extra reading on the changelog wouldn't work every now and then but it's also always nice to have a little bit of a surprise so it is difficult to keep up with new features and improvements that have been made to current features so I hope to change a bit of that and bring you up to date with just some of the new features this is nowhere close to all of them like it's been probably the whole day just telling you about features you probably haven't heard about that yet but I just put in a few interesting ones and hopefully you'll you'll gain some additional knowledge from that afterwards they will hopefully be time for a little bit of question and answer I have to warn you ahead of time if there are any questions I don't know the answer to all I'm going to tell you is it'll be fixed in version 7 so just to kick off with a few issues I have presented some of them as a kind of problem and solution type of scenario so the first issue is the previous version of Route OS backup was vulnerable in terms of the way it encrypted the backup file so I mean I even saw it get on to the point where there were websites you could go online upload a copy of your backup file and it would retrieve usernames and passwords out of that so a a clear security risk there and that has been fixed since reuters version 6.13 so since 6 1.13 the backup is now encrypted with rc4 if that's what you would like to do and the backup file will be encrypted by default if you are logged in with the user that has a password so if you're logged in as the default admin account with no password you create a backup file no encryption will happen on that file because it uses the password itself as part of the encryption so but if you are logged in with a user that has a password then by default that user password will be used for the backup encryption so you can see the backup files encrypted by default there are a few options there if you just look at the the graphic at the bottom so as well as been able to specify the name you can either leave the password field blank which will encrypt it with your current login password or you can specify an alternative password if you don't want to have to tell somebody else what what the password is needed to restore that backup optionally you can use the don't encrypt option at the bottom of course that would be dangerous if your backup file contains in usernames and passwords that might then be exposed inside the file however if this was a backup that you were sending to somebody else and there was no sensitive information inside then by all means you can use the the don't encrypt option which will allow to be restored on the other end with no with no additional password in order to restore the backup on the other side either you must be logged in as the same user who created the backup or when you restore the backup you will specify the password file and that would run through the restore process in the in the normal there where that you would expect then another issue that you might come across is you might want to give end-users some kind of a some level of access to the route or RS device after all I mean they have bought the device even though you might be managing it they might want to see various parameters that are installed however you don't necessarily want them to want to expose them to the full complexity of the retiree system since I mean that could be quite daunting for somebody who's completely new to the system so one option you can use is if you run the web fake system which is of course route or os's web management system then you're able to apply an overlay or a skin to the web fake system in order to expose less of the route OS management I'll just run it quickly through the steps that would be required in order to use the web fig with skins step one then would be to login to the web web interface with an admin account and then you can select the web fig option you'll see I've highlighted it with a with the red box at the at the top once you're in the web fig system then you'll see down the side there is a design skin menu that you're able to choose once you choose the design skin menu you'll see the layout of the menu will change now you can see I have this checkboxes next to all of the current menus as well as for each current menu for each of the sub menus you can select options as you as you please so what I can now do is select and deselect any items that I want to I can also rename items so you can see instead of calling it Wireless I can now call it Wi-Fi or if there's anything else you want to perhaps rename for whatever reason you're able to do that so you can run through every single component of every single menu and select and deselect that as as is required then so again you can see just in interfaces for example I can even draw down in finer detail to select and deselect whatever whatever it is I want to once you're done with that you'll see there's a spot there to specify a new name for the custom skin that you just created and then you're able to save that skin under a different file name if you interested that will appear as a JSON file under the skins directory of your of your existing you Travis Drive so if you go to your retro base file system you'll see there'll be a skins subfolder and any schemes that you create will appear in that subfolder it is then possible to copy that skin from that Ritter transfer to any other route you want to and that skin will be an available option on any other route in your in your network once you have created your custom skin it's then a matter of gain to system users and in the users selecting the group's sub tab you can see then from the group sub tab on the right hand side I have created a very limited access user specifically I've only given that user read and web access what I need to make you aware of right from the beginning is that the skin only applies to you the web interface so if you create a user that also has wind box rights and the user uses wind box access the reader that will have access to all the interfaces so that skin won't apply in wind box mode so it does make sense to limit that particular login down to just specifically web access mode and read access is of course required for any kind of access to the river at all so that's the minimum level of affirmations you'll you'll need to give in addition to that where it says skin at the bottom you'll see I've specified the the web skin that I'd created earlier on so that's how we apply that skin to that particular group of users once I've created the the new group the next step is to create a new user and you can see I've created a user just called web and I've assigned him to the to the web limited group if you if you want to optionally as with any other user you can limit the range of ips that data can't maybe may be used from so once I've created my group I've created the user that belongs to that group and of course in the group I've specified the limited skin I can now log in with that new limited user and as you can see it's given him a very very strictly limited view few things I've changed instead of saying Wireless I've now called it Wi-Fi under interfaces you can see here I've limited to only interface and Ethernet and an additional to that given him a very very limited submenu so for example in the Tools menu I could limit him to just doing ping and traceroute but I want to allow bandwidth test or flood ping as an example I can I can those completely so that the user is not exposed to those menus at all one of the great features of retreads which has always been a very powerful management option is the ability to manage the reader directly by its MAC address so that's that's always been a fairly big deal for me in fact is you can access the reader with no compatible set of IPs between your your device and the reader itself the limitations for that there has always been that you need to be directly connected to the router so either you plugged straight into a reader if the port or you plugged into a switch that's plugged into the router or you connected to the readers or one of the readers W line interfaces whatever it comes down to you'll need a direct layer to connection to that device if the reader is located across several other readers in the layer three traditional routed network then you won't be able to see that reader by its MAC address yeah that's a very common limitation a great solution to that though is to run the Roman system which is the routing management overlay Network what Roman does is effectively establishes an independent mac layer peer discovery system and also data forwarding network so the Roman system is completely independently established it doesn't care whether you run in layer 2 layer 3 or anything else as long as all of your readers are connected to each other in some way they can set up the Roman service between them so a completely independent management layer that doesn't depend on any other protocol at all so it's completely both in protocol in order to allow Roman on your network there's a couple of steps you need to follow first of all inside Toulon Roman you need to enable the service so you can see at the top there I've clicked on enable you can optionally specify an ID parameter the ID will look like a MAC address so if you want to number your route is from all zero 1 up to whatever number you're able to do that alternatively if you don't specify an ID it will just take the MAC address of you if the one port or I suppose if it's now if the one port which ever is the first available port and install that as the as the ID instead you can see there the current ID was just whatever I had on the on the eighth one port at that time you can leave the secret blank in which case it will set up a sort of plaintext Roman connection between devices otherwise if you want to ensure that your device cannot roam on with anything outside of your network which might be another fairly obvious danger you can specify a Roman secret so that will just use md5 between Reuters and ensure that they are only connected to other authorized rooters and devices in addition to that by default Roman will run on all ports however there is a ports button down the bottom so I hope everyone and that's I can also see how can any point to one side at a time there's a ports button and inside there you can specify the behavior for specific ports so you can allow and disallow specific ports from using the Roman service you can also set up independent secrets on a per port basis if that's what you need to do so if you just look at a standard set up if I went to I'm just going to bring my my boom box over here when to normal Reuter Cody neighbors and you can see the only neighbor that coming up there is the access point that we're that we're all currently connected to so instead of doing that what I can do is once I have the room on service running on all my devices I can use connect to roam on to connect to my network and expose all of them instead now I hope this demonstration is going to work I'm not connected to my network at all from my laptop currently so this laptop is connected to the Hilton's guest Wi-Fi system and you know there is there's nothing there whatsoever so just to show you the power of Rome on I'm going to connect to a realtor that's currently at my house it is on a public IP address and I'm allowing wind box into it externally and I've done it just to illustrate you how powerful the Roman system is so I'm going to do here is just run over to my managed Reuters I'm going to select the route that's in my garage and I'm not going to say connect to Rome on so this is over the Internet independently establishing a layered connection to my network and then exposing all my devices via violate ooh okay so you'll see I can click on any one of them click on connect and that is not connecting by a MAC address across the internet to a reader inside my network ok see I can do interfaces check out anything I want on the router manage it in in any way that I that I want to so I think the obvious questions around Ramon is is around security you know isn't this very insecure or anything like that so just to set your mind at ease on that first of all in order to connect to the room on service you need to have the Roman permission as part of your user so if I can just connect to a a and other route in my network so you'll see under under system users and groups if I open up any group there is a Roman permission so the Roman permission must be supplied to that user in order to allow them to connect to the Roman service in addition to that as well as having the Roman access right you need a valid username and password for that reader just to connect to the Roman service once you've connected to the Roman servers and all your other readers are exposed to connect to any of those Reuters you also need a valid username and password for that so I don't think Roman adds or subtracts any level of security from your system it's just a different way to expose your Reuters for for management purposes the only way anyone could connect to Roman is if they had the username and password for Reuter and if they had that I think your problems are a lot bigger than somebody connecting to the Roman service okay you got far bigger Misha's in your network there okay so I asked just an illustration again of connecting to the to the Roman service when to bring up to date then on a few new developments on the on the wireless side of things and that's mainly around the WPS application and also the very very new experimental env2 sync mode which is one of the things that's been being exciting me quite a bit but on later versions of rigorous you may or may not have notice if you if you look at new products like the the web ACS the cap devices most of the low desktop rooters you might have notice the WPS button either on the side or on the front sometimes you change duty with the reset button so if you see something that says re s / WPS on the front that is the WPS and reset button so it works is while the reader is powered off and if you hold the button down while powering it on that will enable the reset mode so that will reset the the Rooter if the Rooter is powered on then that acts as a WPS button instead so while the Ritter is powered on WPS murder will be enabled when you when you press the button so the WPS system is just a convenient way to allow access to your Reuters Wi-Fi ap without having to supply a password to ever wants to connect to the system the way it works is with any mobile device laptop phone or whatever that supports WPS the device will attempt to connect the router you will push the WPS button on the front of the router that will turn on WPS mode for up to two minutes or up until a client connects to you the system once the device connects WPS mode is then disabled and to connect any additional devices you will press the WPS button again the battery needs to be pushed each time a client needs to connect that will allow the client authentication without having to physically give somebody your your Wi-Fi password which could be could be quite convenient then retrieves devices might have as I said a WPS button on the actual device if they do not have a button on the device they would also have a virtual WPS button in wind bucks so if you go to win box and your wireless interface you'll see a WPS accept button you can use that button to also activate WPS mode you can also from inside wind box set how you want the WPS mode to work so you can disable the physical button if you want to and a lot of WPS only through wind box or alternatively you can disable the WPS access completely so that's completely up to you how you want to manage that next I want to examine is the in-stream version to you or or env2 protocol the first of all just a little bit of history if any of you have used my critiques wireless device especially in any kind of outdoor scenario you've no doubt use the env2 system so in stream version 2 is based on TDMA which is time division multiple access and what env2 does is tries to solve some of the problems that are inherent with the area 2.11 system and we're only talking about things like the hidden node problem act timeout problems and a number of other issues especially in outdoor and long distance point-to-point and point to multi-point environments any 2.11 is essentially a contention based system so all clients connected to an editor that live in AP essentially fight it out with each other to try to gain time to the access point in v2 turns that around by allowing the AP to specify exactly when clients may send or receive data so what it does is takes a time slot usually two milliseconds do is that up into 512 different slots and then tells each client when they may transmit and receive so each client knows exactly where their time slots are and what they're allowed to do of course if a client doesn't need to send or receive it can hand that back to the access point and the access point can reassign that out to clients that are currently using data also has a lot of other interesting features such as both in quality of service and a number of other improvements to both point to point and point to multi-point environments it's not that I don't wanna go into env2 itself too deeply I mean it's already been around for a while I'm sure a lot of you are using on using it on the network what I do want to cover is a very new feature which is env2 ap synchronization so since I think it was version six point forty point three my critic introduced a a brand new feature it's still a little bit experimental so just be warned that you you may have unpredictable results but I have tested out a few times with with a fair amount of success and what this does is it lets multiple my critic env2 ApS especially at the same location coexist with each other in it in a better fashion by trying to reduce interference between devices so what it does is effectively synchronizes env2 across all the different access point devices connected to or in in the same physical location and in that way allows you to a cut down drastically on interference between devices and if you want to you can even use the same frequency on all the devices at the same time since each device will synchronize its ending with each and it each other device we will never have a situation where two devices are trying to transmit on the same frequency at the at the same time in order to do env2 synchronization you need to select a a master access point and you need to choose your mode as env2 sync master perhaps what I can do is just log on to one of the devices in my network this is just a NSX TAC that once again at my house see I do a lot of experimentation from there so we're going to wireless and select WLAN one just going to go to the env2 env2 tab well I'm not too concerned about the password it's not it's not that big a deal so you see I've got mode here which is dynamic downlink fixed downlink sync master and sync slave so if I select sync master I'll get it down in Croatian just a second I can select sync master a sync secret which is what you'll need to provide on all the slaves in order for them to connect to each other and then on each of the slave mode devices which are on the same physical network you will need to select sync slave so what that will do is each of the slave access points will sync themselves to the sync master and they'll then start syncing their transmissions to and from each other ok I think what I especially like about this is unlike a and other systems whose names I won't mention there is no need for any kind of GPS device so there's no special GPS edition of it or anything like that this will work across any mikrotik router with wireless just upgraded to the latest version of route OS and it's available for you get one of the great things about I'm a critic new things is making everything backwards compatible through all the previous versions so that will allow them to sync with each other another very interesting feature is the ability to specify a downlink ratio so by default env2 sets a ratio of 50/50 so roughly half the time slots are dedicated to sending data the other half is dedicated to receiving data but now with the new feature you can specify a ratio and you can buy off as you can bias the downlink or uplink in any way that you want to so if you want to dedicate more bandwidth to download or more bandits to upload you're able to do that or another very common situation is you might have a connection where you know because of because there's less interference on one side than the other you're done that is much better than your upload but you need more synchronous type of data so you can bias maybe 60% to the download if that is poorer and it allow the access point to spend more time on the downlink ratio rather than uplink so you can manipulate that in in any way that you know that you want to if you just want to use the downlink and downlink bias you can select either dynamic or fixed downlink fixed downlink fixes it at a specific amount dynamic tries to determine when it the connection is overloaded and then try this tries to dynamically shift it in any particular direction so I've just put a little demonstration here this is exactly that link that I've just shown you so to give an idea of the situation it's a route board a 60 on each side the link distance is roughly 2 kilometers and you can see by default worth the downlink ratio set on on 5050 if you look at the band from that side you can see it's roughly so it's about 66 and 55 up and down so not too far out of alignment I mean it's you can see I've done just on a UDP full duplex test to demonstrate how that how that works so again about you know 100 and 120 megabits per second in terms of aggregate aggregate data so what I've been done is just switched it around a bit and try to bias it in in one direction so on the next slide you can see I've set the downlink ratio to 80 and you can see the transmit has now jumped up immensely so I'm running 120 Plus on the transmitted and around 13 on the on the receive so it hasn't changed the overall amount of bandwidth I have available sending that 120 130 mega the second region however it's spent more time on one of the directions so perhaps if you run in your wireless in some kind of CCTV environment where you need more done then then upload speed might be quite useful to have something like that or as I said in situations where your download is much better than your upload and you want to provide more time slots to the upload portion of the link you're also able to do that moving or violent Wireless just want to talk a little bit about VPN systems if you are running my critic as a VPN server first of all my critic makes a great VPN server and it supports pretty much every type of VPN technology that's out there so you've got alttp PPTP sstp Open VPN you know all the options are are available to you first of all the generally speaking most people use PPTP and alttp because that's supported across a huge number of platforms so every single device out there that has access to VPN technology will be able to use one one of those two one of the problems there is they still use the very very old MP PE 128 standard of encryption that's the Microsoft point-to-point encryption standard at 128 bits very very old encryption quite easily crackable and not very secure by by modern day standards the alternative to use in that is of course you could use either open VPN or sstp the secure socket tunneling protocol so those are are based on TLS transport layer security or a number of other encryption methods much much stronger authentication and encryption methods however the problem with both of those is if you're if either your server or your client is not running mikrotik you will require client and server certificates so that's an additional layer of administration you need the certificates on each side they need to be verified they need to be installed and and so on an interest in alternative then is to use the lttp service but enable IPSec encryption which is now available on newer versions of average OS so we talked to the presentation before me talked a little bit about IPSec and how its you know supports hardware acceleration on certain platforms and various other advantages of using it so IPSec is essentially a set of protocols that secures communication at the at the IP level so I mean it was originally developed alongside ipv6 but also back ported to to ipv4 along the way what it does is provides encryption to the IP protocol for both v4 and v6 connections the great thing about IPSec is it's an extensible protocol in other words it can be upgraded and changed all the way so this constant development on it constantly provement on it better forms of encryption better ways of initiating connections and so on so we're constantly seeing updates to the system if you watch the metric change log you'll see with every few releases there's improvements to the internet key exchange system and other improve is your IPSec that happened along the way so as vulnerabilities are identified they can be patched changed improved on and and fixed along the way so getting back to l2tp with mikrotik you can now specify IPSec as part of your lttp system so this is great for what we would term road warrior connections in other words remote devices mobile devices laptops mobile phones or whatever you like connecting to your alttp server so when you specify your lttp server you can are enable it and as part of it you can specify that it should use the IPSec protocol you have three options there for use IPSec either no which means don't support it at all you have yes which means allow IPSec but also allow connections that don't have IPSec enabled or you can have required which means only allow incoming connections that also use IPSec once you've enabled that requirement pretty much any client that supports VPN will have an l2tp with IPSec type of option so you can see I have enabled IPSec I've set an IPSec secret and I just took a screenshot from my Samsung phone you can see where when I went to add VPN one of the options was l2tp IPSec with PSK this case appreciate key that means a pass would all need to be will need to be supplied specify the server specify the lttp secret specify the IPSec secret and that will initiate the lttp connection and then run IPSec for much better encryption standards over that you'll also see in the right-hand side corner if you're running mikrotik as the lttp client there may critical 2gb client also supports native IPSec as as part of the set up so that's great in terms of allowing incoming connections into your network and also encrypting them with a far stronger form of encryption what's even more exciting there is my critic has also updated all of their simple tunnel types by simple tunnels I mean tunnels that don't have any form of authentication and before this didn't have any encryption so as far as IP and IP g re and IO IP and that applies both to the v4 and the v6 versions then are all support the ability to be encrypted with IPSec as well so to do that you would set your tunnel up in the normal way specify your local and remote address just note usually with something like yo IP you wouldn't have to specify a local address however if you are using it with IPSec then local address and remote must be specified since the IPSec encryption has to happen between a source and a destination endpoints it's going to be required all that I need to do then to enable the IPSec service is just specify the IPSec secret as long as that matches on both sides the tunnel will be initiated IPSec will be initiated across the tunnel and everything running through the tunnel will be encrypted as well and just if you wondering about performance I've only few tests I've run I've seen no discernible difference between a standard IO IP tunnel and one that's encrypted with IPSec so there's virtually no performance deficit through through using a system like that while we're on the subject of VPNs and dial-up pipe connections if you are running my critic with any kind of client that is given you a dynamic IP address so that would be a DHCP or a pppoe client then a very common problem is tracking what your live IP address is installed on that reader since of course that address may change from time to time and very often does you'll want to be able to keep track on that so past solutions included running some sort of dynamic DNS client but that would usually need to run on some other device inside your network or whether it be a Linux based in DNS or Windows based in DNS client there are also some scripted solutions available to run in DNS on the mikrotik router but then of course you need a a dns account with add in DNS or wherever it might be an alternative to that now is to use the IP cloud service so IP cloud is a free service from mikrotik that will translate your public outgoing IP into a dynamic DNS name hosted on the on the military cloud service since the name is taken from the root of serial number it provides a very predictable way of figuring out what that name is going to be they can see on my on my router I have enabled the the dynamic DNS client by going to IP cloud you can also optionally if you want to use it to update the time on your router so it will geolocate your your region and then try to update the time the time in that way and you'll see if you look at the in its name the DNS name is the serial number of the router dot s n dot mine it name dotnet ya it'll update it if there is live IP on the router it'll run through with no problem if the router does not have a live IP it will still work however it will give you a warning back telling you the connection was initiated from a private IP but the update came from a live IP so clearly there's some that involved in that network somewhere along the way and you might need to put in some reverse net entries in order to get that live IP back to back to the router in terms of the firewall few changes made to the file that I'd like to point out as well and that is mainly address list by DNS name and also improved methods for forehead and addresses how am i doing on time I'm still good I was objecting so we're okay a very common previous problem with mikrotik is what happens if you want to apply a firewall rule but to AD in its name so previous solutions might include having something like a layer seven filter rule which is workable however a layer seven rule takes up a lot of viable resources so you're really going to stretch your CPU out by having any kind of rule that examining layer seven or application layer layer data so with later versions of mikrotik it now directly supports having dns names inside firewall address lists so instead of instead of specifying and address this name and an IP address you can all specify the list name and a dns name the route will then do a dynamic look up on that dns name and use that to dynamically populate your address list inside your address lists to address this tab the address list will be refreshed according to whatever TTL has provided from upstream so if it gets the address with the TTL of three days or whatever it is then every three days it will ensure that it goes out and refreshes that that address from time to time the other great thing is if you have domains with multiple servers or multiple IP addresses it will update with all of those addresses at the same time you can see here as an example I've specified Netflix calm as the address that I that I want to track and that in fact has come back worth multiple sir has come back with all the all the Netflix domains and it will continually update that according to whatever TTL was supplied by the by the Netflix DNS servers another very common feature used if I was adding either source or destination addresses to an address list so previously you had the option to add it to turn address list and it would add it as a dynamic entry further on down the line the option was also included to add it as a dynamic entry but with the timeout value so you could add it in for whatever you might want chain seconds 30 seconds or whatever it might be if that has since been updated to give you even even more options so you'll see now when you update or when you add an address you have an option of specifying a specific timeout value so I could put in say 30 seconds otherwise I can put specify a nun dynamic so what that will do is add a dynamic address list entry but with no timeout value which means it will stay there for as long as the router is booted up the other option which is quite nice is the nun static mode and what that will do is it will add that address in but as a static entry so if the router is rebooted in future then that address will remain behind yes if you're using it to try to track some addresses even if somebody reboots the writter along the way or it loses power whatever it might be you won't lose access to to those addresses in in anyway yeah that's all I thought I had time for if there are any questions on any of that please ask away yeah no questions they run happening well yes hi correct yeah sorry now there might have been some confusion it's exactly as you said you have multiple access points on a common site and you're trying to reduce interference between those access points and sync their communications with each other so that is how it works yeah correct between access points yes yeah it doesn't matter it just looks at this it just checks the secret and syncs them yeah yes so sorry here a question first yeah potentially yes that could happen if they if they have connectivity to each other please go ahead so I don't know what you mean about alttp doesn't work on windows yeah the only the difference is on windows you need to go through the wizard but then go back and edit the link manually and then you have access to all the options so it still has all the options just it's a manual process rather than a quick setup there is yeah it definitely is sorry had a comment or question Wow so what does env2 sync used to communicate with the other ApS is it on the wireless layer or does it need the ethernet back channel and you say that there's no GPS required which the GPS was you know we will know what product that's full but that's useful for mostly for timing synchronization you get a very high accurate clock source from GPS so what's used as a clock source does anybody know for for synchronizing the access points okay I don't know the answer to that as I said it's all quite an experimental feature and there's not too much information I don't know if any of the guys from my critic are able to give us any answers yet but I suspect you need somebody from the development team to to answer questions like that okay what about you just hit most in slave mode and does that just use like the neighbors discovery those do they all need to be on the same l2 as far as I've seen they're needed on the same LTE network yeah so we need some kind of physical connection between each other in order to do that and with point-to-multipoint connections on a in we were able to connect clients further than 25 kilometers away but with all the IC devices you can do a point-to-point further than 24 but the moment you do a point-to-multipoint it doesn't allow it further than 25 kilometers any answers on why there is a not actually aware of any limitation like that so yeah unfortunately that's not something I'm able to comment on at all just never ever come across it as as an issue yet admittedly I'm not running any point to multiple clients at 25 kilometer distances it's fortunately not come up as an issue for me but it will be fixed in version 7 and the Russian sound is coming anything else okay thank you very much I hope it's been informative and [Applause] there's the next presentation by harnessing
Info
Channel: MikroTik
Views: 8,677
Rating: undefined out of 5
Keywords: mikrotik, routerboard, routeros, latvia
Id: RSNTTCnWa5s
Channel Id: undefined
Length: 47min 54sec (2874 seconds)
Published: Fri Dec 01 2017
Related Videos
Most underused and overused RouterOS tools and features
MikroTik
27K
Common MikroTik WiFi mistakes and how to avoid them
MikroTik
82K
MikroTips: managing many access points with CAPsMAN
MikroTik
25K
Special Lecture: F-22 Flight Controls
MIT OpenCourseWare
2.1M
Top Ten RouterOS HowTo Questions
MikroTik
4K
đź“—MikroTik MTCNA - Firewall Principles (Forward,Input,Output)
The Network Berg
1.7K
AlphaGo - The Movie | Full award-winning documentary
DeepMind
28M
I Built This From A 1972 Popular Mechanics Magazine Plan. Does It Work?
Fireball Tool
2.1M
Spitfire Mk1 to Mk24 | How Spitfires kept getting better
Imperial War Museums
851K
The REAL story About the Crash that Killed Concorde! | Air France flight 4590
Mentour Pilot
4.2M
Diving deep into RouterOS: Switching
MikroTik
21K
Solid State Batteries - Autumn 2021 mass production in Japan. Is it FINALLY happening?
Just Have a Think
1.2M
Radar Detect and DFS on MikroTik
MikroTik
21K
MikroTik - 7 Things you need to know!
The Network Berg
36K
Getting Started: MikroTik Firewall
The Network Berg
24K
MikroTik Tutorial 1 - Getting Started Basic Configuration
TKSJa
881K
TIMELAPSE OF THE FUTURE: A Journey to the End of Time (4K)
melodysheep
76M
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.