Community discussions

MikroTik App

Search found 320 matches

  • 1
  • 2
by troy
Mon Mar 11, 2024 7:25 pm
Forum: Scripting
Topic: /tool/fetch - 6.x vs 7.x
Replies: 2
Views: 422

/tool/fetch - 6.x vs 7.x

Trying to send messages to Teams. Should be easy enough, no? Well, not so much. This exact command runs perfectly fine in ROS 7.14, but not in 6.49 /tool fetch http-method=post http-header-field="Content-Type: application/json" http-data="{\"text\": \"Test Message\"...
by troy
Fri Jan 12, 2024 9:14 pm
Forum: Scripting
Topic: fetch vs curl [SOLVED]
Replies: 2
Views: 860

Re: fetch vs curl [SOLVED]

I'm BLIND!

Thank you.
by troy
Fri Jan 12, 2024 4:34 pm
Forum: Scripting
Topic: fetch vs curl [SOLVED]
Replies: 2
Views: 860

fetch vs curl [SOLVED]

Trying to write a script, specifically to hit a webhook on MS Teams. Fetch from both ROS6 and ROS7 result in a "400 Bad Request" from the web server, while curl works just fine. [admin@mikrotik] > tool fetch http-method=post mode=https http-header-field="Content: application/json"...
by troy
Fri Jun 16, 2023 4:07 pm
Forum: Forwarding Protocols
Topic: VRF Shenanigans (need help with VRF Lite)
Replies: 5
Views: 2210

Re: VRF Shenanigans (need help with VRF Lite)

hello troy, maybe this wiki can help you? https://wiki.mikrotik.com/wiki/Manual:Internet_access_from_VRF That's where I started. Of course ROS7 is a bit different, but here's where I'm at: [admin@Core] > /ip route pr where active=yes Flags: D - DYNAMIC; A - ACTIVE; c, s, y - BGP-MPLS-VPN Columns: D...
by troy
Thu Jun 15, 2023 5:54 pm
Forum: Forwarding Protocols
Topic: VRF Shenanigans (need help with VRF Lite)
Replies: 5
Views: 2210

Re: VRF Shenanigans (need help with VRF Lite)

Not sure what you're asking about the 'core.' It's just a router (CCR1036, soon to be replaced with a CCR2004) that serves as a L3 gateway for both fiber and wireless subscribers. Currently, we're not using VRF at all, just basic policy based routing, which works, but requires a bit of work in the f...
by troy
Wed Jun 14, 2023 10:33 pm
Forum: Forwarding Protocols
Topic: VRF Shenanigans (need help with VRF Lite)
Replies: 5
Views: 2210

VRF Shenanigans (need help with VRF Lite)

I'm trying to rebuild a router that currently uses PBR with a TON of firewall filter and mangle rules to use VRF instead. The situation I'm working with, is an open access network. The network operator gets it's Internet access from the participating providers. Each provider needs to be in it's own ...
by troy
Fri Oct 21, 2022 10:58 pm
Forum: Forwarding Protocols
Topic: BGP route filter "dst in address_list" exact prefix match question
Replies: 15
Views: 4309

Re: BGP route filter "dst in address_list" exact prefix match question

This is one of the dumber things MT did with ROS7. 192.168.234.0/24 is *IN* 192.168.232/21 and should therefore match perfectly. Would also be useful for BOGON filtering. If you're using 172.28.0.0/16 for your internal management network, it's *IN* 172.16.0.0/12 and should match just like it would i...
by troy
Wed Sep 21, 2022 4:57 pm
Forum: Forwarding Protocols
Topic: 7.5 filter rule shenanigans
Replies: 0
Views: 1238

7.5 filter rule shenanigans

Not sure if this is ROS7 or just CHR, but what's going on? I'm working on filter rules for BGP (transit, customer, peer, internal, etc), and from time to time, it all goes to hell when I re-order the rules. Issuing a bunch of /undo commands usually fixes it, but sometimes, the CPU goes to100% and lo...
by troy
Tue Sep 20, 2022 6:28 pm
Forum: Forwarding Protocols
Topic: ROS7 - Set BGP Communities in /ip/route ?
Replies: 5
Views: 5075

Re: ROS7 - Set BGP Communities in /ip/route ?

MRZ, I would agree that setting bgp attributes for non-bgp route doesn't make sense, but if a filter is using the community to decide whether or not to advertise a route, then being able to set the community in the local routing table makes perfect sense. In ROS6, if I want to create a local route a...
by troy
Tue Sep 20, 2022 5:20 pm
Forum: Forwarding Protocols
Topic: ROS7 - Set BGP Communities in /ip/route ?
Replies: 5
Views: 5075

ROS7 - Set BGP Communities in /ip/route ?

In ROS6, one could set bgp-communities in /ip route. How does one do this in ROS7? My config gets clobbered when upgrading in the lab and makes me quite fearful to do it in production. ROS6: /ip route add bgp-communities=555:400 distance=250 dst-address=10.20.30.0/24 type=blackhole After upgrade to ...
by troy
Tue Jun 23, 2020 1:04 pm
Forum: Announcements
Topic: Winbox v3.24 released!
Replies: 103
Views: 89040

Re: Winbox v3.24 released!

Having an issue with zoom settings in both 32 and 64 bit versions after upgrading from 3.20 to 3.24. I saw something in the change log about fixing zoom settings in 3.22, but honestly, I never had an issue until upgrading past that version. No matter what I do, Winbox will not save my zoom settings ...
by troy
Thu Jan 23, 2020 9:32 pm
Forum: General
Topic: Winbox Security: Password Stored in clear text format
Replies: 8
Views: 50258

Re: Winbox Security: Password Stored in clear text format

Hey Normis... it's been 6 years. Any word on adding some security to Winbox?
by troy
Mon Dec 30, 2019 2:38 pm
Forum: General
Topic: Dual Stack PCQ?
Replies: 5
Views: 2085

Re: Dual Stack PCQ?

Been a couple years... not even so much as a whisper from MT?

Surely we're not the only ISP needing dual stack PCQ. With a little over 1000 wireless subs, it's way too labor intensive to handle bandwidth on the CPE or with individual queues.
by troy
Wed Dec 04, 2019 11:07 pm
Forum: Forwarding Protocols
Topic: OSPF did a thing...
Replies: 4
Views: 3669

Re: OSPF did a thing...

That's kind of my guess to.

As for limited info... you see what I see. Restarting the process on R1 resolved the issue and I'm unable to reproduce it to get a debug log, so there's that.
by troy
Mon Dec 02, 2019 4:57 am
Forum: Forwarding Protocols
Topic: OSPF did a thing...
Replies: 4
Views: 3669

Re: OSPF did a thing...

Router 2 (CCR1009-7G-1C-1S+):: /routing ospf instance set [ find default=yes ] redistribute-connected=as-type-1 redistribute-static=as-type-1 router-id=172.23.0.2 /routing ospf network add area=backbone network=123.45.67.90/30 ... dec/01 21:01:44 route,ospf,info OSPFv2 neighbor 172.23.0.1: state cha...
by troy
Mon Dec 02, 2019 4:55 am
Forum: Forwarding Protocols
Topic: OSPF did a thing...
Replies: 4
Views: 3669

OSPF did a thing...

So, OSPF did a thing. Not really understanding it. Nothing useful in the logs. Routers are connected by a 1M ethernet patch cable. Both running 6.44.5. Both have uptime of 130 days. OSPF config is about as simple as it gets and is unchanged in the 4-5 years these routers (and their predecessors) hav...
by troy
Mon Nov 18, 2019 6:28 pm
Forum: General
Topic: 2.5G Networking?
Replies: 2
Views: 1378

Re: 2.5G Networking?

160 views, no replies. Does nobody know about 2.5G network support?
by troy
Fri Nov 15, 2019 6:32 pm
Forum: General
Topic: 2.5G Networking?
Replies: 2
Views: 1378

2.5G Networking?

So, I'm seeing that ROS has some new options, but I'm having trouble making sense out of them and also getting them to work. /interface ethernet> set 3 advertise= 10M-full 10M-half 100M-full 100M-half 1000M-full 1000M-half 2500M-full 5000M-full 10000M-full /interface ethernet> set 3 speed= 1Gbps 10G...
by troy
Tue Apr 09, 2019 1:54 pm
Forum: Announcements
Topic: v6.43.14 [long-term] is released!
Replies: 29
Views: 24958

Re: v6.43.14 [long-term] is released!

DHCP issue confirmed on 1036-8G-2S+

No issues on 1009-7G-1C-1S+

Tried to pull a SUP file on the 1036's but it hung at 1%.

Hundreds of leases on those 1036's... this is not going to be fun.

MT, what's going on here?
by troy
Wed Jan 17, 2018 6:52 pm
Forum: General
Topic: [ASK] multi DHCP servers for failover purpose
Replies: 7
Views: 9234

Re: [ASK] multi DHCP servers for failover purpose

Great little script for that... appreciate it!

pe1chl, it's necessary because many of us make the leases static for IP assignment, rate limiting, or address-list assignments. Probably other reasons too...
by troy
Fri Dec 29, 2017 5:56 pm
Forum: General
Topic: Dual Stack PCQ?
Replies: 5
Views: 2085

Re: Dual Stack PCQ?

Over 200 views in the last 6 months, and still no answer? Surely we're not the only MT-based ISP in the world that wants to roll out IPv6... All the information is there... it just needs to be put together! The IPv4 DHCP servers has a MAC address that could easily be associated with the PCQ bucket, ...
by troy
Tue Oct 03, 2017 10:38 pm
Forum: RouterBOARD hardware
Topic: CCR-1036-8G-2+ Crashing!
Replies: 3
Views: 1927

Re: CCR-1036-8G-2+ Crashing!

Finally got my hands on the unit... The PSU is pushing 24.2V. The router itself will not power up. Very weak sounding beep every few seconds. Serial console gives me the "Press any key.." message repeatedly. Some times I can get to the menu, sometimes I can't. Guess it's a goner. Anyone kn...
by troy
Sun Oct 01, 2017 11:14 pm
Forum: RouterBOARD hardware
Topic: CCR-1036-8G-2+ Crashing!
Replies: 3
Views: 1927

Re: CCR-1036-8G-2+ Crashing!

Eeks! [me@myrouter] > sys health pr fan-mode: auto use-fan: main active-fan: main use-fan2: main active-fan2: main cpu-overtemp-check: yes cpu-overtemp-threshold: 100C cpu-overtemp-startup-delay: 1m voltage: 16.2V current: 2771mA temperature: 36C cpu-temperature: 56C power-consumption: 44.9W fan1-sp...
by troy
Sun Oct 01, 2017 6:03 pm
Forum: RouterBOARD hardware
Topic: CCR-1036-8G-2+ Crashing!
Replies: 3
Views: 1927

CCR-1036-8G-2+ Crashing!

Router started crashing this past week. Tried to update firmware to 6.38.7 and 6.40.3. During download, router crashed. Tried again, download finished, router rebooted, but would not update. Tried 3 more times, router crashed part way through download. Replacement on the way, but will be Tuesday bef...
by troy
Thu Jun 22, 2017 8:05 pm
Forum: Forwarding Protocols
Topic: MPLS/VPLS Public Statics
Replies: 5
Views: 2250

Re: MPLS/VPLS Public Statics

Thanks for your reply Troy. It was very helpful. I'm still a little confused but it's coming together. I had a few questions about your config on the end point /mpls ldp interface add interface=ether1 add interface=ether2 add interface=sfp1 /interface bridge port add bridge=LAN_Bridge horizon=1 int...
by troy
Thu Jun 22, 2017 3:09 am
Forum: General
Topic: Scan but no ARP?
Replies: 2
Views: 1747

Re: Scan but no ARP?

What's the overall issue? Connectivity issues? I guess you can say that. ROS is refusing to see that one IP address in the middle of the subnet. It can see every other IP address I put on the target host, just not that one. So given a /28 subnet, .0 is the network address, .15 is the broadcast addr...
by troy
Wed Jun 21, 2017 12:26 am
Forum: General
Topic: Scan but no ARP?
Replies: 2
Views: 1747

Scan but no ARP?

CCR1036-8G-2S+, 6.36.3. No, we'll not be updating it for something this stupid. Trying to add a host on the subnet. It can see every other host on the subnet, every other host can see it. The address does not show up in the arp table, though every other address in the subnet does, even those not bei...
by troy
Fri Jun 02, 2017 5:59 pm
Forum: Forwarding Protocols
Topic: Making a static route
Replies: 1
Views: 1127

Re: Making a static route

Did you read the manual? It's pretty basic stuff.

https://wiki.mikrotik.com/wiki/Manual:IP/Route
/ip route add dst-address=192.168.200.0/24 gateway=172.16.147.40
by troy
Thu Jun 01, 2017 9:10 pm
Forum: Forwarding Protocols
Topic: MPLS/VPLS Public Statics
Replies: 5
Views: 2250

Re: MPLS/VPLS Public Statics

+1 on a diagram, but from the configs you posted, you've got a ways to go. It would also help if you were to use [code/] tags to make your configs more readable. In your VPLS config, you need to specify a unique vpls-id for each tunnel and generally speaking, endpoints do not need to connect to each...
by troy
Thu Jun 01, 2017 7:06 pm
Forum: General
Topic: Dual Stack PCQ?
Replies: 5
Views: 2085

Re: Dual Stack PCQ?

BUMP... 77 views, no replies.

Surely I'm not the only one looking for this solution and surely someone has figured it out by now.

We would really prefer not to ditch PCQ, but we need a way to ensure that we can still manage bandwidth for our dual-stack customers.

Thanks!
by troy
Tue May 30, 2017 8:35 pm
Forum: General
Topic: Dual Stack PCQ?
Replies: 5
Views: 2085

Dual Stack PCQ?

Getting ready to roll out IPv6 and trying to figure out bandwidth bandwidth. How does one go about associating a customer's IPv4 address with their IPv6 prefix so that their bandwidth still lands in the same PCQ queue?
by troy
Thu Feb 11, 2016 8:41 pm
Forum: General
Topic: Public-Mikrotik-Bandwidth-Test-Server(s)
Replies: 1009
Views: 1119860

Re: Public-Mikrotik-Bandwidth-Test-Server

Tom, This couldn't come at a better time. We're getting ready to turn up a new 1Gbe connection, and it will be very nice to actually be able to test it. For the firewall, here are 2 simple rules that will limit the number of tests that can be performed /ip firewall filter add action=reject chain=inp...
by troy
Thu Feb 11, 2016 8:27 pm
Forum: RouterBOARD hardware
Topic: Can't find a CCR1072-8G-8S-4S+ or similar
Replies: 2
Views: 1392

Can't find a CCR1072-8G-8S-4S+ or similar

Working on upgrading one of our core stacks, and am a bit frustrated because I can't seem to find a CCR1072-8G-8S-4S+ anywhere. Any plans for it or something similar?

Looks like we'll be going with the 1G-8S+, though it's not exactly what we're looking for at this time.
by troy
Wed Feb 10, 2016 10:24 pm
Forum: General
Topic: Public-Mikrotik-Bandwidth-Test-Server(s)
Replies: 1009
Views: 1119860

Re: Public-Mikrotik-Bandwidth-Test-Server

Very cool. Testing Seattle(?) to Virginia: [me@myrouter] > tool bandwidth-test 207.32.195.2 ... direction=receive remote-tx-speed=200M duration=30 status: done testing duration: 31s rx-current: 199.9Mbps rx-10-second-average: 199.9Mbps rx-total-average: 199.9Mbps lost-packets: 0 random-data: no dire...
by troy
Thu Feb 04, 2016 1:44 am
Forum: General
Topic: Multiple feature requests for firewall
Replies: 8
Views: 2724

Re: Multiple feature requests for firewall

Not really an ASA guy, per se, though I have a couple and find some of the features of the ASA very nice to work with. As for the whole protocol stuff, I'm just going on what I find when searching google for "iptables address list," which comes back with several results, all of which sugge...
by troy
Wed Feb 03, 2016 5:21 pm
Forum: General
Topic: Multiple feature requests for firewall
Replies: 8
Views: 2724

Re: Multiple feature requests for firewall

When you say "underlying code," I presume that you're talking about the kernel? In that case, s/any/all: [!] -p, --protocol protocol The protocol of the rule or of the packet to check. The specified protocol can be one of tcp, udp, udplite, icmp, icmpv6,esp, ah, sctp, mh or the special key...
by troy
Wed Feb 03, 2016 3:07 am
Forum: General
Topic: Microtik CCR1009 w/UniFi AC PRO AP - tagged VLANs and mutli DHCP issue
Replies: 3
Views: 1354

Re: Microtik CCR1009 w/UniFi AC PRO AP - tagged VLANs and mutli DHCP issue

By putting everything into a bridge, you're combining the two VLANs and the parent interface into a single broadcast domain, which is exactly the opposite of what you want. Drop the bridge, and you're there.
by troy
Tue Feb 02, 2016 7:41 pm
Forum: General
Topic: Multiple feature requests for firewall
Replies: 8
Views: 2724

Re: Multiple feature requests for firewall

I knew I had more than just those, but these are just to make a config more readable. Feature #3: Support adding an address list to an address list. /ip firewall address-list add list=ThisNet address=192.168.0.0/24 add list=ThatNet address=192.168.1.0/24 add list=AllNets address-list=ThisNet add lis...
by troy
Tue Feb 02, 2016 5:08 pm
Forum: General
Topic: Multiple feature requests for firewall
Replies: 8
Views: 2724

Multiple feature requests for firewall

First request should be dead simple. Add a parameter so we can add comments when adding an address to an address list: /ip firewall filter add action=add-src-to-address-list address-list=blacklist address-list-comment="SSH Brute Force" \ address-list-timeout=1w chain=ssh ... Second, would ...
by troy
Sun Jan 31, 2016 2:01 am
Forum: Forwarding Protocols
Topic: Disabling interface causes routing to crash?
Replies: 3
Views: 1578

Re: Disabling interface causes routing to crash?

Zero, my thoughts exactly. Honestly though, I don't remember if I disabled the interface, or deleted it (it was a VLAN). However, it did this twice. The first time, I didn't disable or delete, I moved the vlan from one trunk port to another, expecting a fraction of a split-second interruption while ...
by troy
Tue Jan 26, 2016 1:43 am
Forum: General
Topic: No IPv6 route?
Replies: 1
Views: 1021

No IPv6 route?

Trying to learn how IPv6 works, and as long as I stick with MT, it's going pretty well. I have a /64 and a /48 from the Tunnel Broker. I configured the /64 on my MT router: /ipv6 address add address=2001:470:7:beef::2 advertise=no interface=sit1 add address=2001:470:dead::1 interface=LAN /ipv6 firew...
by troy
Tue Jan 26, 2016 1:01 am
Forum: Forwarding Protocols
Topic: Disabling interface causes routing to crash?
Replies: 3
Views: 1578

Disabling interface causes routing to crash?

Had a test router (RB450G) attached to a CCR1036-12G-4S. BGP up and running, working as pretty as you please. Needed to turn it off to check something else, so I disabled the interface on the CCR. This caused the routing process to crash. Only option was to reboot the CCR, which took about 4x longer...
by troy
Thu Jan 21, 2016 5:27 pm
Forum: General
Topic: Need a sanity check on a queue tree
Replies: 1
Views: 1405

Need a sanity check on a queue tree

I've been building queue trees for ages, but I'm second guessing myself on this one, perhaps because it seems too simple to work as expected. Total bandwidth is 50/10. On the SIP queues, I'm not 100% sure if I need to specify bandwidth at all. I'm thinking that if the sum of the other queues has a l...
by troy
Fri Sep 25, 2015 5:42 pm
Forum: General
Topic: Bandwidth not exceeding 75Mbit/s through Queue Tree & PCQ
Replies: 4
Views: 2180

Re: Bandwidth not exceeding 75Mbit/s through Queue Tree & PCQ

Not sure where you're headed with that, but the wireless link is half duplex, just like what most people here are using. It's from another vendor, but that's beside the point. It's been a long time since testing an unloaded link, but I want to say it was pushing right at 180 in each direction tested...
by troy
Thu Sep 24, 2015 11:51 pm
Forum: General
Topic: Bandwidth not exceeding 75Mbit/s through Queue Tree & PCQ
Replies: 4
Views: 2180

Bandwidth not exceeding 75Mbit/s through Queue Tree & PCQ

A quick network diagram: http://i.imgur.com/0G28KLW.png Queue tree (below) is on CCR2. We did some testing both inside and outside the queue tree. Inside the queue tree, tests to CCR3 max out at 140Mbit/s, exactly where it should be. Outside the queue tree, bandwidth maxes out at about 160Mbit/s. Th...
by troy
Fri Aug 07, 2015 2:32 pm
Forum: General
Topic: I'm an idiot, but so is the TCP/IP stack
Replies: 4
Views: 1303

Re: I'm an idiot, but so is the TCP/IP stack

You are right, it is working as expected, it's selecting the first matching address on the interface. The unpredictable part, is that we have no way of knowing or controlling which address is/was bound first at boot time. Presumably it's in whatever order the config has been written, but we have no ...
by troy
Fri Aug 07, 2015 3:03 am
Forum: General
Topic: I'm an idiot, but so is the TCP/IP stack
Replies: 4
Views: 1303

I'm an idiot, but so is the TCP/IP stack

I had to temporarily create an overlapping subnet (yes, yes, I know...) until the DHCP server cycles through. I have the following addresses on a single interface: 12.34.56.1/24 12.34.56.241/28 When sending an ARP request for 12.34.56.242, it's asking for a reply to 12.34.56.1, which some devices wi...
by troy
Fri Jul 10, 2015 10:22 pm
Forum: General
Topic: SNMP Timeout
Replies: 1
Views: 1505

SNMP Timeout

Been getting a lot of SNMP timeouts lately. FreeBSD/Nagios has been up and running for 60 days. Mikrotik CCR has been up and running for 42 weeks (nope, no updates for a long time). Today, we keep getting alarms that SNMP is timing out. I try it from the command line, and I get this: $ snmpwalk -v2c...
by troy
Mon Jun 01, 2015 4:07 pm
Forum: General
Topic: dhcp server not saving address list information
Replies: 2
Views: 1000

Re: dhcp server not saving address list information

Yeah, not everyone is willing to upgrade at the drop of a hat. With that said, the issue with the DHCP server saving the dynamic address list information has been resolved in subsequent firmware releases. And yeah, I know not everything gets documented in the changelog. This is probably one of the o...
by troy
Tue May 12, 2015 10:58 pm
Forum: General
Topic: dhcp server not saving address list information
Replies: 2
Views: 1000

dhcp server not saving address list information

Trying to prepare a network for the eventual migration to Radius authentication, but I'm running into a problem with the DHCP server saving address list information with static leases. [admin@CCR] > /ip dhcp-server lease print Flags: X - disabled, R - radius, D - dynamic, B - blocked # ADDRESS MAC-A...
by troy
Tue May 12, 2015 10:50 pm
Forum: Forwarding Protocols
Topic: VPLS stops working 1-way
Replies: 6
Views: 3303

Re: VPLS stops working 1-way

I've not found a solution to this yet, but I've also not had this particular issue come up. It does sound, however, like you're having a much different problem. You might want to start a new thread and post the output from the following commands from R2 (the one in the middle): /ip export /mpls expo...
by troy
Wed Apr 22, 2015 4:10 pm
Forum: General
Topic: packet sniffer stops unexpectedly
Replies: 0
Views: 716

packet sniffer stops unexpectedly

So, I've been using the packet sniffer and Wireshark much more over the last few months. It's a great combination to see what's going on in the network. However, I keep running into an issue where the packet sniffer stops unexpectedly. I do not know if it stops sniffing, stops streaming, or both. Th...
by troy
Mon Apr 20, 2015 7:16 pm
Forum: Forwarding Protocols
Topic: VPLS stops working 1-way
Replies: 6
Views: 3303

Re: VPLS stops working 1-way

Here's a quick diagram of the part of the network that is affected. There is a VPLS tunnel between the Gateway and each site carrying VLAN traffic. The smallest link, the RB433 between YORK and PTLO is only used if other links break. http://i.imgur.com/rsLM66H.png Packet sniffing is a good idea, how...
by troy
Mon Apr 20, 2015 7:07 pm
Forum: General
Topic: cannot access certain websites
Replies: 2
Views: 1363

Re: cannot access certain websites

Please post your PCC configuration. /ip mangle export compact If you're using address and ports as the classifier, it will break HTTPS which doesn't like having sessions coming in from multiple IP addresses, which will happen since the browser will open multiple connections to the server, each with ...
by troy
Mon Apr 20, 2015 7:02 pm
Forum: General
Topic: RB Configuration
Replies: 1
Views: 833

Re: RB Configuration

You probably want to check out PCC, which will load balance your traffic reasonably well (the more traffic, the better the balancing).

To ensure that certain devices always use a specific WAN, mark their connections before the PCC rules.
by troy
Mon Apr 20, 2015 6:57 pm
Forum: Forwarding Protocols
Topic: VLANs over P2P Ubiquiti Wireless Link
Replies: 2
Views: 1532

Re: VLANs over P2P Ubiquiti Wireless Link

Try configuring static IP addresses and see if you can pass traffic. If so, the problem is with your DHCP server. Ensure that the Rockes have WDS Transparent Bridge enabled. Without this, the MAC addresses get rewritten and that can cause issues with DHCP. For more help, please post the IP configura...
by troy
Mon Apr 20, 2015 6:48 pm
Forum: Wireless Networking
Topic: Which product should I choose
Replies: 4
Views: 1271

Re: Which product should I choose

For the outdoor PTP link, consider the 5Ghz SXT to get away from the noise of 2.4Ghz. Do your calculations, if your distance is further than the SXT can handle, then buy the radios and appropriately sized antennas separately. For the indoor APs, consider the cAP 2n and the CRS125 as the switch. I've...
by troy
Mon Apr 20, 2015 3:36 pm
Forum: Beginner Basics
Topic: CCR cant RDP to virtual maxhines
Replies: 1
Views: 955

Re: CCR cant RDP to virtual maxhines

gradash, Run torch to see if you see the RDP traffic going in and out on the appropriate interfaces. You can also run the packet sniffer on the CCR and stream to Wireshark (filter: udp port 37008). This may enable you to see what's going on. It would be helpful to see the MT config. Export your IP c...
by troy
Mon Apr 20, 2015 2:30 pm
Forum: Wireless Networking
Topic: VLANs and Virtual AP's
Replies: 30
Views: 48024

Re: VLANs and Virtual AP's

cmanciu, Until and/or unless Serge comes back to tell us how to do this with the bridge firewall, I think you're stuck doing it the other way. So, you have your VAPs created, the only thing left is to bridge them to your VLANs. /interface wireless add master-interface=wlan1 name=wlan1.10 ssid=ssid10...
by troy
Mon Apr 20, 2015 1:27 am
Forum: Forwarding Protocols
Topic: VPLS stops working 1-way
Replies: 6
Views: 3303

Re: VPLS stops working 1-way

One or two of those tunnels might be passing through a RB435G, so 1520. Most of the PTP links are UBNT Rockets with the MTU set to 1600. It's not an MTU issue, full 1500 byte packets pass without issue. The issue here, is that the traffic just up and stops flowing in one direction (Tx from a CCR-103...
by troy
Sat Apr 18, 2015 6:37 pm
Forum: Forwarding Protocols
Topic: VPLS stops working 1-way
Replies: 6
Views: 3303

VPLS stops working 1-way

Well, color me stupid. I forgot (again) to get a supout before "fixing" it. We have 13 VPLS tunnels, some of which are misbehaving. in that they will stop transmitting in one direction. Bouncing the offending interface will resolve the issue. No reboots, reconfigurations, or other interven...
by troy
Wed Apr 01, 2015 8:50 pm
Forum: Wireless Networking
Topic: VLANs and Virtual AP's
Replies: 30
Views: 48024

Re: VLANs and Virtual AP's

cmanciu, I went looking for information on how to use bridge nat to assign a new VLAN id, but it does not appear to be possible. Perhaps sergejs can come back and provide us with a working example. I think Tom provided similar scenario, but interesting way to accomplish your scenario would be: - cre...
by troy
Thu Feb 26, 2015 9:46 pm
Forum: General
Topic: Help understanding ipsec
Replies: 3
Views: 1722

Re: Help understanding ipsec

Feklar, Thanks! I actually got this done in a lab environment as you were responding! I think I was getting hung up by trying to do too much at one time , being afraid to muck up a production network, and being too stubborn and lazy by not setting up a lab to begin with. Anyways, once I got the NET-...
by troy
Wed Feb 25, 2015 10:27 pm
Forum: General
Topic: Help understanding ipsec
Replies: 3
Views: 1722

Help understanding ipsec

I'm probably being really dense about this, but there's something about IPSEC that I'm just not understanding. I can't even seem to figure it out enough to ask the right question, so here goes... How do I replace this GRE tunnel with an IPSEC policy? http://i.imgur.com/uHfquAy.png The remote side is...
by troy
Wed Feb 11, 2015 5:18 pm
Forum: General
Topic: Zabbix Template
Replies: 17
Views: 28498

Re: Zabbix Template

Definately not using this myself anymore, but I'm not sure where the extra lines could be coming from. The only thing the script should be spitting out is an integer value: printf("%d\n",$return); The newlines are probably coming from PHP and how it's handling the script, or possibly due t...
by troy
Wed Feb 04, 2015 6:39 pm
Forum: General
Topic: "Mangement" process with high CPU usage
Replies: 0
Views: 899

"Mangement" process with high CPU usage

Anyone know what, exactly, the management process includes? I have a RB1100 (single core) doing NAT routing and PCQ in a Queue Tree for about 400 users sharing 75Mbit/s. The CPU load will hover at around 80-90% for hours during prime time. The Queue and Firewall processes each run at 5-10%. We are r...
by troy
Thu Nov 20, 2014 12:55 pm
Forum: General
Topic: Zabbix Template
Replies: 17
Views: 28498

Re: Zabbix Template

Masi, I kinda gave up on Zabbix for the time being. In fact, I've not looked at it for quite some time. However, the error you report sounds like a problem with the mtStatus script, which has absolutely no error checking and only a very minimum of data manipulation. It's also only used for getting s...
by troy
Mon Oct 13, 2014 8:03 pm
Forum: General
Topic: Critique on DNS blacklist
Replies: 0
Views: 1141

Critique on DNS blacklist

Based on the wonderful work by other users in automatically blocking SSH and FTP brute force attacks, here's a short config I came up with to block DNS attacks. I'm not sure yet what the rate should be, but it did manage to halt an amplification attack in just a few seconds. add action=drop chain=fo...
by troy
Sun Oct 12, 2014 5:46 pm
Forum: Wireless Networking
Topic: VLANs and Virtual AP's
Replies: 30
Views: 48024

Re: VLANs and Virtual AP's

I can ping 192.168.10.2 but no one can connect to wifi on wlan2. In 'bridge->ports' window wlan2 marked as a disabled port. Why? Where is my mistake? Please help me to solve this problem!!! Inactive interfaces will be marked as disabled in the bridge. Ethernet ports are inactive and disabled in the...
by troy
Mon Sep 29, 2014 5:36 pm
Forum: Wireless Networking
Topic: RB Metal AP stability
Replies: 26
Views: 14254

Re: RB Metal AP stability

Wow! 16 months later, we have a solution?

Too bad we ditched virtually all our MT wireless stuff in favor of the other guys. Still rocking the MT routers though, way more than I care to count!
by troy
Mon Sep 29, 2014 5:26 pm
Forum: Wireless Networking
Topic: VLANs and Virtual AP's
Replies: 30
Views: 48024

Re: VLANs and Virtual AP's

Following up... I just took over a network that has a number of MT routers (CCR and RB1100) that are configured with the VLANs directly on the ethernet interfaces. It seems to work just fine. I guess the person who set it up had a magic touch. It's scary though. One such interface is currently passi...
by troy
Mon Sep 29, 2014 5:15 pm
Forum: Virtualization
Topic: 10G support on VMware?
Replies: 9
Views: 6502

Re: 10G support on VMware?

Not to detract from VMWare, which I use on a few networks, but having support for Hyper-V would also be a welcome enhancement.
by troy
Mon Sep 29, 2014 5:12 pm
Forum: Virtualization
Topic: Microsoft Hyper-V and RouterOS X86 6.19
Replies: 5
Views: 5800

Re: Microsoft Hyper-V and RouterOS X86 6.19

Janisk, Can you tell us if you're working on adding support for Hyper-V? IMO, MT could do some really cool things in terms of switching and routing in the virtual network. Take a look at what Cisco is doing with their Nexus 1000v product, it is pretty amazing. I don't know if MT could ever compete a...
by troy
Mon Jul 21, 2014 2:53 am
Forum: General
Topic: Job Position in NYC
Replies: 1
Views: 1244

Re: Job Position in NYC

Wow, from the job description and the info on your site, it looks like an amazing opportunity. Too bad I'm looking to get out of this town of 10,000 to something even more rural. NYC just ain't for me. :)
by troy
Tue Jul 15, 2014 6:27 pm
Forum: Wireless Networking
Topic: Connect 2.4Ghz Grid Antenna to 5Ghz RB433
Replies: 20
Views: 4905

Re: Connect 2.4Ghz Grid Antenna to 5Ghz RB433

@Jarda, I never said I would recommend it, just that it would work (however poorly).

@plisken, you're right, the SWR is too high, but didn't not consider that this would damage the radio, was only thinking from a tuning aspect.
by troy
Mon Jul 14, 2014 10:02 pm
Forum: General
Topic: Looking for a suggestion for a x86 SBC for RouterOS
Replies: 10
Views: 3595

Re: Looking for a suggestion for a x86 SBC for RouterOS

Not sure what you mean by "USB based," but there are several ATOM systems that would work. Some have dual ethernet ports, some will require adding an interface card. You may also want to take a look at the APU or ALIX boards from PC Engines. For lower power applications, you probably want ...
by troy
Mon Jul 14, 2014 9:28 pm
Forum: Wireless Networking
Topic: Connect 2.4Ghz Grid Antenna to 5Ghz RB433
Replies: 20
Views: 4905

Re: Connect 2.4Ghz Grid Antenna to 5Ghz RB433

FWIW, I had a tower climber do this on accident. The signal was was considerably lower than expected, but the link did work. Electrically speaking, the antenna will work (it puts the appropriate load on the transmitter), but you will never get the performance you would otherwise expect to get, as it...
by troy
Mon Jul 14, 2014 9:22 pm
Forum: General
Topic: Router Login with Multiple Radius Servers
Replies: 1
Views: 1240

Re: Router Login with Multiple Radius Servers

AFAIK, this is not possible in ROS. What you want to to do, is configure your radius server to pass the authentication to a secondary (set of) server(s) if the user uses a realm that is not local.
by troy
Mon Jul 14, 2014 9:00 pm
Forum: General
Topic: Internet Settings
Replies: 1
Views: 1152

Re: Internet Settings

Given the diagram you provided, you should never have to change the route on anything other than the 750 at either of the remote sites (every computer, printer, and other device at each site should be using the local RB750 as the default route. The better option, would be to implement OSPF. Each rou...
by troy
Wed Jun 25, 2014 2:38 am
Forum: RouterBOARD hardware
Topic: 24 ports Mikrotik SFP switch
Replies: 4
Views: 5373

Re: 24 ports Mikrotik SFP switch

I don't know if I was the first to ask for such a beast... but I asked about it close to 2 years ago. I'd also like to see a model with integrated optics for single-mode, single-strand, and auto-sensing Bi-Directional auto-sensing 100/1000 support (the optics exist... Genexis has a CPE with it). I'd...
by troy
Tue Jun 24, 2014 4:59 pm
Forum: General
Topic: CCR1036 working in 48VCC
Replies: 1
Views: 832

Re: CCR1036 working in 48VCC

Looks like the CCR uses up to 60W @ 24v. So, get a 3amp (or higher) DC-DC converter to step down to 24v and you're golden. It may be a good idea to use an inline fuse rated for 3 to 5 amps.
by troy
Tue Jun 24, 2014 4:47 pm
Forum: General
Topic: Strange log messages
Replies: 4
Views: 1744

Re: Strange log messages

Grrr... my eyes glazed over and I missed it. There is indeed a log rule that was added where it didn't belong in the middle of another ruleset.

Thanks guys.
by troy
Tue Jun 24, 2014 3:59 pm
Forum: General
Topic: Strange log messages
Replies: 4
Views: 1744

Strange log messages

Some time in the last few weeks, the log on a CCR running 6.5 started getting filled with some strange entries. No configuration changes in either the system logging or firewall have been made, yet these messages started filling up the log: 08:37:57 firewall,info FTP forward: in:ether11 out:ether3, ...
by troy
Sat May 31, 2014 5:51 am
Forum: General
Topic: Zabbix Template
Replies: 17
Views: 28498

Re: Zabbix Template

Yeah, that api file needs to be in the same directory for the script I threw together. You can put it anywhere you want if you edit the script... php includes/requires are pretty easy to change. As for the dependency thing, I looked at it, and it's overly complex. A host dependency needs to be a sim...
by troy
Thu May 22, 2014 1:44 am
Forum: General
Topic: Zabbix Template
Replies: 17
Views: 28498

Re: Zabbix Template

Sorry for the very late reply... Zabbix has landed on my back burner. It's awesome at what it does, but there are 2 serious limitations that I can't live with right now. The Android apps all suck and Zabbix doesn't currently support host dependencies (if a device goes down and takes 20 more with it,...
by troy
Wed Mar 26, 2014 6:56 pm
Forum: Wireless Networking
Topic: Port Forwarding - RDP - Did it correct but still not working
Replies: 1
Views: 1296

Re: Port Forwarding - RDP - Did it correct but still not wor

Did you verify that you can connect from the local network?

Also, I do not see the dst-address specified in your NAT rule. It's been a while, but I'm thinking this is required.

Also, have you watched the nat rule to see if the counter increases when it gets hit?
by troy
Wed Mar 26, 2014 6:27 pm
Forum: Wireless Networking
Topic: Small WISP Design and Advice Needed
Replies: 2
Views: 2284

Re: Small WISP Design and Advice Needed

If that's the extent of your network, it sounds like a good start. For the backhaul, you can certainly use the nanobeam. You can also use Mikrotik's SXT to keep the network homogeneous. If you need to shoot a long distance, consider using 2' or 3' dishes. There are tons of link budget calculators ou...
by troy
Wed Mar 26, 2014 5:49 pm
Forum: Beginner Basics
Topic: Two public IP on WAN interface
Replies: 6
Views: 5141

Re: Two public IP on WAN interface

Yeah, when adding additional IP addresses in the same subnet, it's best practice to use a /32 mask. Addresses in multiple subnets should not require this. It could be something funky with your ISP, but I couldn't tell you for sure. Both of the obvious configurations are failing, not sure what else t...
by troy
Wed Mar 26, 2014 5:35 pm
Forum: General
Topic: Single interface VLAN trunk issues
Replies: 10
Views: 3617

Re: Single interface VLAN trunk issues

Having multiple VLANs and even routing between them on a single interface isn't a configuration problem. It is common and it does work. What I'm saying is that it can lead to performance problems. Some hardware can handle this better than other hardware. Routing or bridging traffic back to the same ...
by troy
Sun Mar 23, 2014 8:15 pm
Forum: Beginner Basics
Topic: How to start with RB2011UiAS-2HnD ?
Replies: 1
Views: 987

Re: How to start with RB2011UiAS-2HnD ?

Can you share what you've tried so far?

You say you're comfortable with PCC rules. This is all that's needed to spread the load across the 3 DSL connections. Following the steps in the manual, you should be able to have it up and running in just a few minutes.
by troy
Sun Mar 23, 2014 7:49 pm
Forum: General
Topic: Single interface VLAN trunk issues
Replies: 10
Views: 3617

Re: Single interface VLAN trunk issues

I don't understand either. While the 450 shouldn't have any problem pushing that much data in a hairpin configuration, the performance should be the same either way. The fact that it does fail some sites in the hairpin configuration is odd. Either way though, its a good idea to only ever allow traff...
by troy
Fri Mar 21, 2014 10:47 pm
Forum: General
Topic: Single interface VLAN trunk issues
Replies: 10
Views: 3617

Re: Single interface VLAN trunk issues

Sorry about that. I must have misunderstood. It sounded like you went from 115Mbit/s to 30Mbit/s with the hairpin configuration and went back to normal when you removed that configuration. After re-reading, I think you're saying that with the hairpin configuration (still a damned odd way to set it u...
by troy
Fri Mar 21, 2014 4:19 pm
Forum: The Dude
Topic: Massive devices configuration update
Replies: 1
Views: 2250

Re: Massive devices configuration update

Hello everyone,
Is there a method in Dude to update the configuration of massive device at one time?

Thanks
Firmware update? Yes, this is covered in the manual.

Configuration update? No. There have been various scripts (expect, perl, other?) posted to do this though.
by troy
Fri Mar 21, 2014 4:15 pm
Forum: General
Topic: Single interface VLAN trunk issues
Replies: 10
Views: 3617

Re: Single interface VLAN trunk issues

Yes... you're doing a hairpin on ether1. This is NOT a good idea for high bandwidth usage. You'll run into the same limitation if you try to use any combination of ports other than Ether1. Ports 2-5 are on a switch chip and share a single interface to the CPU. In short, you pretty much have to use E...
by troy
Fri Mar 21, 2014 4:09 pm
Forum: General
Topic: Firewall and DNS issue
Replies: 1
Views: 935

Re: Firewall and DNS issue

If it's clear HTTP, you can do this with a Layer-7 filter rule. Add firewall filters to allow DNS requests (UDP & TCP), add another rule to allow your URL, and finally add a rule to block everything else. Another way to do this, is to use the Hotspot service and configure a walled garden allowin...
by troy
Fri Mar 21, 2014 4:03 pm
Forum: General
Topic: Can anyone explain please !?
Replies: 2
Views: 1205

Re: Can anyone explain please !?

Fun fun fun... my 3rd reply this morning regarding Policy Based Routing . As for only allowing DHCP assigned users access to the Internet, you'll want to modify your NAT rule so that it only allows from those specific source addresses: /ip firewall address-list add address=192.168.22.0/24 list=LAN1 ...
by troy
Fri Mar 21, 2014 3:52 pm
Forum: Beginner Basics
Topic: Two public IP on WAN interface
Replies: 6
Views: 5141

Re: Two public IP on WAN interface

Ok, if you can do this with straight IP tables on Linux, you can do this with MT (which is still Linux). You just have to learn the abstraction layers that MT put on top. So, both IP addresses are from the same provider. You probably don't have to worry about the actual GW then. The provider already...
by troy
Fri Mar 21, 2014 3:43 pm
Forum: Forwarding Protocols
Topic: 2 Gateway with one ISP
Replies: 3
Views: 2881

Re: 2 Gateway with one ISP

Yes, you can have multiple gateways. Check out the wiki article on Policy Based Routing . I use this to properly route traffic for customers on an open-access network belonging to multiple providers. I would probably need to see a detailed description or a diagram showing the desired traffic flow to...
by troy
Fri Mar 21, 2014 3:36 pm
Forum: Wireless Networking
Topic: Metal5SHPn 1x1 MIMO, how can?
Replies: 1
Views: 1145

Re: Metal5SHPn 1x1 MIMO, how can?

Pretty sure that was an editorial oversight in the brochure, though it's a pedantic distinction that really shouldn't bother you any more than someone failing to call a rectangle a square when it is, indeed, square. MIMO, being part of the 802.11n spec calls for the support of spatial diversity (MIM...
by troy
Fri Mar 21, 2014 2:58 pm
Forum: General
Topic: Install ntp server package
Replies: 1
Views: 25044

Re: Install ntp server package

Yeah, get ntp-6.7-XXXX.npk.

Addon packages should match the version of ROS you currently have installed.

If the package still fails to install after rebooting, check the log to see why.

-Troy
by troy
Fri Mar 21, 2014 2:55 pm
Forum: Forwarding Protocols
Topic: 2 Gateway with one ISP
Replies: 3
Views: 2881

Re: 2 Gateway with one ISP

Sounds like you read the manual regarding source nat . If you had read a little more, you would have seen the section on destination nat and 1:1 nat . So, you use src-nat for the outgoing traffic, dst-nat for incoming traffic. If you use both src-nat and dst-nat together, you'll have a 1:1 mapping t...
by troy
Fri Mar 21, 2014 2:47 pm
Forum: Beginner Basics
Topic: Two public IP on WAN interface
Replies: 6
Views: 5141

Re: Two public IP on WAN interface

Based on what you describe, the GW devices are separate devices and you do not have any sort of a routing protocol set up or available. An odd setup for sure, but it should work with the addition of some routing marks: /ip firewall mangle add action=mark-routing chain=prerouting comment="To GW1...
by troy
Thu Mar 20, 2014 5:59 pm
Forum: RouterBOARD hardware
Topic: CRS125-24G-1S-RM Brand NEW Cloud Router SWITCH
Replies: 13
Views: 15779

Re: CRS125-24G-1S-RM Brand NEW Cloud Router SWITCH

troy: this is a real SWITCH with routerOS features addon. Why the hell do you need more then a gbps connection to the CPU (what cannot handle more than few hundred megs)? Think about a managed gigabit switch plus a dual port mikrotik router - in one box (ok it offers more, but not expect too much.....
by troy
Tue Mar 18, 2014 9:17 pm
Forum: RouterBOARD hardware
Topic: CRS125-24G-1S-RM Brand NEW Cloud Router SWITCH
Replies: 13
Views: 15779

Re: CRS125-24G-1S-RM Brand NEW Cloud Router SWITCH

Finally got to see one... Initial impressions... AWESOME job on: 1) Console port (still need to try this with my crisco cable) 2) Ears - Can turn them 90* to mount unit to a wall or board Not so much on the PSU... external wall wart? Really? Why not use an internal PSU like you did on the CCR and RB...
by troy
Thu Feb 06, 2014 7:22 pm
Forum: Beginner Basics
Topic: load balancing between two ISPs
Replies: 2
Views: 1364

Re: load balancing between two ISPs

by troy
Thu Feb 06, 2014 7:19 pm
Forum: Wireless Networking
Topic: create PTP network for 3km
Replies: 7
Views: 3356

Re: create PTP network for 3km

If you're just straight routing (with NAT)... ether1 for the Internet, ether2-9 for the LAN, the 750 should be able to handle several hundred users.

If you need to do bandwidth management, use PCQ and Queue Tree. Though Simple Queues in ROS6 might be efficient enough.
by troy
Tue Feb 04, 2014 11:00 pm
Forum: General
Topic: Standard ISP Firewall practices
Replies: 1
Views: 1452

Re: Standard ISP Firewall practices

Check out this recent thread . If your customers are fully exposed, there are some ports that you might want to block to offer some basic protection. Generally speaking, blocking all inbound traffic to ports <1025 would be reasonable for residential customers. Business/enterprise customers might not...
by troy
Tue Feb 04, 2014 8:58 pm
Forum: Wireless Networking
Topic: Wireless help needed
Replies: 6
Views: 2273

Re: Wireless help needed

802.11 is a half-duplex spec. With 802.11n MCS7 @ 40Mhz, you have a max rate of 150. Coding at 5/6, you get 125Mbit/s maximum throughput at Layer 2. Depending on the Layer 3 overhead and other traffic, the best you'll be able to do in practice, is 90-100Mbit/s. With one wireless and one wired device...
by troy
Tue Feb 04, 2014 8:24 pm
Forum: Wireless Networking
Topic: create PTP network for 3km
Replies: 7
Views: 3356

Re: create PTP network for 3km

For the PTP between the two locations, you'll want a pair of RouterBoard SXT radios. On the AP side (in the village), the equipment selection gets a little more complicated. If the AP will be centrally located and easily visible to everyone, you can use something like the OmniTik. If you need to set...
by troy
Sat Feb 01, 2014 5:25 pm
Forum: General
Topic: Cloud Router Switch Uplink
Replies: 18
Views: 8807

Re: Cloud Router Switch Uplink

We'll have to let the boys from MT chime in on this one. At a glance though, it would appear that the problem isn't so much with the software, as it is with the hardware. As a Layer2 switch, the CRS should perform just as well, if not better, than any other $200 switch. If the switch chip supports i...
by troy
Sat Feb 01, 2014 4:55 pm
Forum: RouterBOARD hardware
Topic: CCR1036-12g ARP\MAC issues on ETH ports
Replies: 4
Views: 2435

Re: CCR1036-12g ARP\MAC issues on ETH ports

Honestly, it very well could be an issue with ROS on the CCR. I wouldn't know without sticking my head in your network. A similar problem I've had, is where I would use the ip discovery tool to scan a connected subnet, and had a cisco 3700 send arp replies for every single address. The ARP table on ...
by troy
Sat Feb 01, 2014 4:45 pm
Forum: Beginner Basics
Topic: Why two tree queues under wan ?
Replies: 3
Views: 1641

Re: Why two tree queues under wan ?

You'd have to ask the authors of the configs you're looking at. All-Bandwidth should be just that... a queue for all bandwidth. In my experience, you will want to set this to slightly below your actual bandwidth from your provider so everything has some breathing room. This should be a parent for an...
by troy
Sat Feb 01, 2014 4:35 pm
Forum: Scripting
Topic: Script to autochange SSID when not internet
Replies: 6
Views: 5503

Re: Script to autochange SSID when not internet

yes... isp1-ssid would be the value to change.

You can set multiple paramaters at the same time... ssid=FOO security-profile=BAR

Good luck!
by troy
Sun Jan 26, 2014 5:38 am
Forum: Forwarding Protocols
Topic: server access to specified ip
Replies: 1
Views: 1131

Re: server access to specified ip

Sounds like you need to implement some bandwidth management. Without knowing your exact traffic patterns and needs, I wouldn't know how to advise you on this, but the WIKI has some pretty decent examples that should get you started. Also search for a PCQ/QOS script.. there's a few floating around ou...
by troy
Sun Jan 26, 2014 5:33 am
Forum: Beginner Basics
Topic: snmp from WAN/ether1 firewall config?
Replies: 2
Views: 4543

Re: snmp from WAN/ether1 firewall config?

I hate to ask, but did you reboot after enabling snmp? For some idiot reason, ROS seems to need this sometimes (always?).
by troy
Sun Jan 26, 2014 5:32 am
Forum: Beginner Basics
Topic: Why two tree queues under wan ?
Replies: 3
Views: 1641

Re: Why two tree queues under wan ?

In the example you posted, there are 2 queues, each at 4M for a total of 8M. This allows VOIP some dedicated bandwidth, though the example isn't a very effecient way to do it. The better way, would be to create a parent to hold all the bandwidth, then several children to divy that bandwidth up. You ...
by troy
Sun Jan 26, 2014 5:22 am
Forum: Beginner Basics
Topic: PPPOE 1GB - LAN to WAN throughput
Replies: 5
Views: 6390

Re: PPPOE 1GB - LAN to WAN throughput

I'm amazed that you're getting 200Mbit/s, pretty impressive for MIPS. Aside from the CPU, the 2011 suffers from all the GigE interfaces being on a single switch chip with a single GigE lane into the CPU. Trying to route full GigE traffic through it will fail miserably (as you've discovered). I'm not...
by troy
Sat Jan 25, 2014 5:38 pm
Forum: Beginner Basics
Topic: 5 static IP's but dynamic PPPOE Connection
Replies: 4
Views: 3533

Re: 5 static IP's but dynamic PPPOE Connection

Not necessarily. If you have the full subnet routed to you, you can bind all 8 addresses to a loopback and go from there... If your subnet is 11.22.33.8/29: /int bridge add name=lo0 /ip address add address=11.22.33.8/32 interface=lo0 /ping 8.8.8.8 src-address=11.22.33.8 Assuming that you pass this t...
by troy
Fri Jan 24, 2014 11:36 pm
Forum: General
Topic: Set custom DL-UL bandwith rates
Replies: 3
Views: 1430

Re: Set custom DL-UL bandwith rates

Terminal or winbox..

You can create one simple queue per user, which can be pretty high maintenance.

You can also create a queue tree with PCQ.

Both are pretty well documented in the wiki.
by troy
Fri Jan 24, 2014 10:49 pm
Forum: RouterBOARD hardware
Topic: Ethernet port problem ?
Replies: 3
Views: 1560

Re: Ethernet port problem ?

Tick the other 4 boxes in the torch. See if you can get some more information out of it.

Can you confirm with your provider that this traffic is real?

Also, if you have another routerbaord, stick it between the CCR and DSL modem as a bridge so you can get an 'outside' view of the situation.
by troy
Fri Jan 24, 2014 10:45 pm
Forum: General
Topic: WAN as Uplink
Replies: 1
Views: 1422

Re: WAN as Uplink

In order to make this work, you need to have all 4 connections from the same provider and your provider must agree to only send traffic to you on 3 of the 4 connections. The problem? When you connect via WAN1, your connection has the IP address for WAN1, and the other side of that connection will on...
by troy
Fri Jan 24, 2014 10:31 pm
Forum: Beginner Basics
Topic: VLAN trunking - my personal hell-on-earth
Replies: 1
Views: 1861

Re: VLAN trunking - my personal hell-on-earth

Baby steps my friend... baby steps. Because of the way ROS does it's network abstractions, the config gets very complex very quick. Quite often, it's easier to just open it up a bit, then put restrictions when/where necessary. For your internet, this is pretty basic. Just add the address/route/dns p...
by troy
Fri Jan 24, 2014 10:08 pm
Forum: Beginner Basics
Topic: VLAN issue with Bridge
Replies: 1
Views: 1068

Re: VLAN issue with Bridge

Please provide the following output:

/interface export compact
/ip address export compact


Maybe more later, but this should get us going.
by troy
Fri Jan 24, 2014 10:01 pm
Forum: Scripting
Topic: Script to autochange SSID when not internet
Replies: 6
Views: 5503

Re: Script to autochange SSID when not internet

It sounds like the wireless is your internet connection, and if one goes down, you want to change to a different connection. Assuming I understand you correctly, this bit of untested code should get you going: :if ([/ping altavista.com count=1] = 0) do={ :log Internet down, switching providers :loca...
by troy
Fri Jan 24, 2014 9:40 pm
Forum: Beginner Basics
Topic: How to see wifi network speeds
Replies: 2
Views: 2115

Re: How to see wifi network speeds

Not sure what part of the webgui that screenshot came from, but check under wireless > registration.

Also from winbox (wireless > registration table), you can see it like this:

Image
by troy
Fri Jan 24, 2014 9:33 pm
Forum: Beginner Basics
Topic: Second WAN routing not working
Replies: 2
Views: 2230

Re: Second WAN routing not working

You forgot to share ip routing with us.

/ip routing export compact
by troy
Fri Jan 24, 2014 9:30 pm
Forum: General
Topic: /tool fetch missing???
Replies: 1
Views: 1031

Re: /tool fetch missing???

Don't know for sure, but I think fetch is in the advanced-tools package. Do you have that installed and active?
by troy
Fri Jan 24, 2014 9:25 pm
Forum: Beginner Basics
Topic: VLAN configuration
Replies: 3
Views: 1845

Re: VLAN configuration

The MT config should work. As for the bridge/no bridge discussion. If you only need tagged traffic, you don't need a bridge. If, however, you also need untagged traffic, you will need to use a bridge. Either way, it doesn't hurt anything to use a bridge. Here's a config: /interface bridge add name=b...
by troy
Fri Jan 24, 2014 9:20 pm
Forum: General
Topic: Future request: Rebuild queues limits
Replies: 1
Views: 1266

Re: Future request: Rebuild queues limits

It would be cool to have time-of-day queues supported with a radius attribute. Unfortunately, I doubt it will get much traction with the boys at MT. There are a few ways to cope with this. First, if the service is DHCP, setting a max time won't cause any interuption to service. PPPoE is a different ...
by troy
Fri Jan 24, 2014 9:15 pm
Forum: Forwarding Protocols
Topic: mpls package, do I need it ?
Replies: 2
Views: 2230

Re: mpls package, do I need it ?

If you don't need MPLS/VPLS for anything, then yes, you can remove it. IMO, it really doesn't hurt anything to leave all the default packages. I used to be a bit of a nazi about removing unused packages, but with 100's of devices, it got to be a little annoying, especially when it was time to actual...
by troy
Fri Jan 24, 2014 9:10 pm
Forum: Beginner Basics
Topic: 5 static IP's but dynamic PPPOE Connection
Replies: 4
Views: 3533

Re: 5 static IP's but dynamic PPPOE Connection

Simon, Create static routes to those 1200's to use one of your static IP addresses as the preferred source: /ip route add dst-address=123.45.67.89 preferred-source=98.76.54.32 gateway=pppoe-out Now, when connecting to the 1200's at work, the connection will come from whichever static IP you choose t...
by troy
Fri Jan 24, 2014 8:39 pm
Forum: RouterBOARD hardware
Topic: CCR1036-12g ARP\MAC issues on ETH ports
Replies: 4
Views: 2435

Re: CCR1036-12g ARP\MAC issues on ETH ports

Sounds to me, like you have a mis-behaving device somewhere that's replying to ARP requests it shouldn't be replying to.

Find the MAC address that you're having a problem with, and you've found your culprit.
by troy
Fri Jan 24, 2014 8:35 pm
Forum: General
Topic: Block Local network computer from seeing eachother
Replies: 1
Views: 2681

Re: Block Local network computer from seeing eachother

You're not crazy at all. This is called client isolation and works very well. There are several ways to implement it, but we'd need to see a network diagram to do more than help you understand the concepts. ROS, at it's core, is a pretty flexible and robust platform. However, there are some limits, ...
by troy
Fri Jan 24, 2014 8:20 pm
Forum: Beginner Basics
Topic: Using different routers for download and streaming.
Replies: 2
Views: 1042

Re: Using different routers for download and streaming.

If you can tell us how to determine if something is downloading or streaming, we can probably help you :) So... you have 1 ISP, 2 connections, and 100 clients. How are you distributing bandwidth between those 2 connections now? What's the purpose of putting a 2nd router on one of them? IMO, you woul...
by troy
Fri Jan 24, 2014 8:09 pm
Forum: RouterBOARD hardware
Topic: Ethernet port problem ?
Replies: 3
Views: 1560

Re: Ethernet port problem ?

What's attached to that port?

Have you tried running torch to see what the traffic is?
by troy
Fri Jan 24, 2014 8:05 pm
Forum: Beginner Basics
Topic: Help With Defining Route
Replies: 3
Views: 1328

Re: Help With Defining Route

You need to do some policy based routing ... /ip firewall mangle add chain=prerouting src-address=192.168.90.0/24 action=mark-routing new-routing-mark=To_Fortinet /ip route add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=To-Fortinet You can also use a firewall filter to ensure that no tra...
by troy
Tue Jan 07, 2014 5:56 pm
Forum: Wireless Networking
Topic: firewall solution for wisp
Replies: 4
Views: 3441

Re: firewall solution for wisp

Your question is so broad, it would take a book to answer it. There are a lot of books out there, take your pick! In terms of hardware and/or OS, this is a MT forum, so I would assume that you have ROS running on a RB of some sort... perfectly suited for a basic firewall appliance. Onto the configur...
by troy
Tue Jan 07, 2014 5:08 pm
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1373
Views: 1186522

Re: CLOUD CORE ROUTER

I had an interesting experience with a CCR yesterday. Went to hook up a UPS (APC SU3000RMXL) to the serial console. Uploaded the UPS package and rebooted the CCR to install it. The CCR got stuck with "routerboot configuration" displayed on the screen (first useful thing I've seen with that...
by troy
Tue Jan 07, 2014 5:03 pm
Forum: Beginner Basics
Topic: RouterOS V6.7 which best way to do traffic shapping
Replies: 1
Views: 930

Re: RouterOS V6.7 which best way to do traffic shapping

For simple bandwidth sharing and congestion avoidance, PCQ would be your best bet. We use this in a queue tree with a single parent to provide multiple classes of bandwidth (1/3/6/etc...).

The wiki article provides a great start, and you can find some specific examples here in the forum.
by troy
Mon Dec 30, 2013 10:45 pm
Forum: General
Topic: PPPoE for customers?
Replies: 1
Views: 1126

Re: PPPoE for customers?

I like to think that PPPoE needs to die completely, but for residential services, it does offer a nice feature set that's hard to duplicate using other management options: *) Limit each user to a single connection to the network. *) Radius accounting can let you know how much data each subscriber is...
by troy
Mon Dec 30, 2013 10:31 pm
Forum: General
Topic: I want to change FirePro RouterOS 4.3
Replies: 5
Views: 2323

Re: I want to change FirePro RouterOS 4.3

"Firepro" is just a branded version of MT ROS. You can upgrade it the same as any routerboard. If you use netinstall, you can go straight to 6.7. Otherwise, upgrade to 4.17 => 5.26 => 6.7. Be sure to check and update the firmware along the way. You might also need to update the license bef...
by troy
Mon Dec 30, 2013 9:53 pm
Forum: Beginner Basics
Topic: Just a NAT device, nothing more - RB2011L-in
Replies: 6
Views: 1724

Re: Just a NAT device, nothing more - RB2011L-in

Here's a thread with a similar setup that might help:

http://forum.mikrotik.com/viewtopic.php?f=2&t=79253
by troy
Fri Dec 13, 2013 4:59 pm
Forum: RouterBOARD hardware
Topic: grounding newbie question
Replies: 3
Views: 2839

Re: grounding newbie question

The answer to your question is no. Grounding does not increase the chances of a lightning strike. It increases the chances of SURVIVING a lightning strike. The problem, is that your equipment already has a path to ground (antenna/enclosure -> electronics -> cat-5 -> poe -> switch/router -> UPS -> po...
by troy
Thu Dec 12, 2013 2:18 pm
Forum: Wireless Networking
Topic: Link Distance
Replies: 16
Views: 5193

Re: Link Distance

Ryan, There's another possibility that I just stumbled on while checking routerboard.com for something else. The RB912UAG-5HPnD has a radio that will cover that distance. One added bonus to this, is that it also has a slot for a 3G modem, which can provide either out-of-band management or possibly b...
by troy
Thu Dec 12, 2013 6:03 am
Forum: Beginner Basics
Topic: Communication problem with my gateway provider?
Replies: 4
Views: 1554

Re: Communication problem with my gateway provider?

Not required, no.. but very typical. If this is a point-to-point connection, the theory goes that it can be unnumbered, but doing it that way makes it hard to troubleshoot. From wWhat you described, it sounds like the provider is keeping the /24 captive (where the gateway address is actually on thei...
by troy
Thu Dec 12, 2013 1:23 am
Forum: Wireless Networking
Topic: Link Distance
Replies: 16
Views: 5193

Re: Link Distance

That would be it. Honestly though, if the folks at MT get pissed, so be it. They know as well as anyone that they do not have a product in the same class as the RocketM5-Ti. It can easily do the 37km link and should come very close to 180Mbit/s throughput. I have set up a few links using the DBii F5...
by troy
Wed Dec 11, 2013 11:26 pm
Forum: Beginner Basics
Topic: Ubiquiti behind Mikrotik
Replies: 14
Views: 4202

Re: Ubiquiti behind Mikrotik

heh.. yeah, I see it now. It does indeed smack of an MTU problem. Ping with full sized packets and figure out which devices will need some extra room.
by troy
Wed Dec 11, 2013 10:51 pm
Forum: Wireless Networking
Topic: Link Distance
Replies: 16
Views: 5193

Re: Link Distance

Roadie, you've been in the game long enough to know exactly what company and which of their products I'm referring to. I will not mention it here because I don't want to piss off the Latvian Mafia! Here's a hint though... its named for a type of metal that's often used in body part replacements, gol...
by troy
Wed Dec 11, 2013 10:41 pm
Forum: Beginner Basics
Topic: Communication problem with my gateway provider?
Replies: 4
Views: 1554

Re: Communication problem with my gateway provider?

You do not need BGP for this, your ISP should know better. Tell them that you need to bring the /24 inside your network, and that you would like them to route it to you over a different /30 subnet. If they are a relatively small ISP, they may not want to break out a /30 for the job. In this case, yo...
by troy
Wed Dec 11, 2013 10:17 pm
Forum: Scripting
Topic: DNSDynamic Update Script
Replies: 4
Views: 6905

Re: DNSDynamic Update Script

Wow, that is a really long complicated script... but, I don't need all those email notifications and stuff. Crazy stuff! Here's how I do it, short and simple: # ## Script by Troy ## ## I don't remember what's stolen and what's original... use at your own risk # :global currentIP; :local tmpIP [/ip a...
by troy
Wed Dec 11, 2013 9:50 pm
Forum: Wireless Networking
Topic: Link Distance
Replies: 16
Views: 5193

Re: Link Distance

To get a reliable link, you'll need 3' dishes. The Metal 5SHPn or R5SHPn mPCI card would be your best bet for radios. If you need more than about 80Mbit/s of actual throughput, you'll need to use a 2x2 radio and antenna. Unfortunately, MT does not have a product that will do this at this time, but t...
by troy
Wed Dec 11, 2013 9:41 pm
Forum: Beginner Basics
Topic: Ubiquiti behind Mikrotik
Replies: 14
Views: 4202

Re: Ubiquiti behind Mikrotik

Green? Red? where... I don't see a picture. You say you can ping... what size packets? Try a 1500 byte packet and see what happens... my guess is that you have an MTU issue somewhere along the way, most likely with one of the UBNT devices, which is limited to 1500 bytes out of the box. Raise the MTU...
by troy
Wed Dec 11, 2013 9:33 pm
Forum: RouterBOARD hardware
Topic: Normis: Any plan to support 100Mbps SFP transceivers in RB?
Replies: 2
Views: 1484

Re: Normis: Any plan to support 100Mbps SFP transceivers in

100Mbit/s SFP FTW!!!

Seriously, I know of at least one product out there that has auto-sensing 100/1000 optics. I don't know of an SFP that does this, but it is possible to do, and it would be a great addition to the MT product line.
by troy
Wed Dec 11, 2013 8:35 pm
Forum: Forwarding Protocols
Topic: TWO bgp peers and load balancing
Replies: 1
Views: 1415

Re: TWO bgp peers and load balancing

Welcome to BGP, a weird and mysterious world where it's normal to have asynchronous routes between any two points on the 'net. There is nothing you can do with BGP to control your outbound traffic (except maybe to place filters on the advertisements you accept). For your inbound traffic, prepending ...
by troy
Wed Dec 11, 2013 4:09 pm
Forum: General
Topic: static routing and NAT configurations
Replies: 2
Views: 1970

Re: static routing and NAT configurations

Your config is pretty straight forward, though the NAT rules appear to be a little confused. Under /ip addresses, add your addressed to your desired interfaces. Under /ip routes, add your routes The 20.20.20 and 30.30.30 addresses... are these the actual addresses assigned to you by your provider? A...
by troy
Tue Dec 10, 2013 11:41 pm
Forum: General
Topic: Help with 1 to 1 NAT or Netmap
Replies: 2
Views: 2622

Re: Help with 1 to 1 NAT or Netmap

26 ;;; default configuration chain=srcnat action=masquerade to-addresses=0.0.0.0 src-address-list=!10.10.4.7 out-interface=ether5 61 ;;; LCTN.k12 Mail Server chain=srcnat action=src-nat to-addresses=publicIP src-address=10.10.4.7 62 ;;; LCTN.k12 Mail server chain=dstnat action=dst-nat to-addresses=...
by troy
Sun Dec 01, 2013 11:53 pm
Forum: General
Topic: failover with 3 ISP without balancing
Replies: 3
Views: 2286

Re: failover with 3 ISP without balancing

Yes, with static routes, I believe this would be the only way. To disable a gateway, you'll need to use the check-gateway option. Without a valid GW IP, this won't work, and the route will not fail over to the next gateway. RouterOS will not let you set the distance on a route installed by the dhcp ...
by troy
Thu Nov 28, 2013 10:24 pm
Forum: General
Topic: Firewall Problem{NAT Router in gameranger}
Replies: 12
Views: 16496

Re: Firewall Problem{NAT Router in gameranger}

A quick google search shows that Gameranger needs a NAT rule or UPNP . Your best bet, would probably to turn on and configure UPNP . Port forwarding is also an option, but if you receive a dynamic IP from your ISP, you'll need to update the nat rule any time your IP changes. Stick with UPNP, its alm...
by troy
Wed Nov 27, 2013 2:12 pm
Forum: General
Topic: Bandwidth Management & QOS - Is it possible?
Replies: 12
Views: 8017

Re: Bandwidth Management & QOS - Is it possible?

As indicated in the OP, I am.

Was your earlier reply based on an earlier version?
by troy
Wed Nov 27, 2013 2:06 pm
Forum: General
Topic: How do I setup router for public/29 address space
Replies: 8
Views: 6043

Re: How do I setup router for public/29 address space

Troubleshooting... what fun! The extra latency wasn't likely due to the 2011 itself as much as the network config. Post your actual config: /ip address export compact /ip route export compact /ip firewall export compact Also a few traces: /tool traceroute 8.8.8.8 /tool traceroute 8.8.8.8 src-address...
by troy
Wed Nov 27, 2013 1:23 am
Forum: General
Topic: Bandwidth Management & QOS - Is it possible?
Replies: 12
Views: 8017

Re: Bandwidth Management & QOS - Is it possible?

Thanks for taking a look man, I do appreciate it, but I've already been there. Following the link, which takes you to this page , you can find exactly one diagram that shows Simple Queues, and has a description stating that this is how it works in ROS6. http://wiki.mikrotik.com/images/2/24/Packetflo...
by troy
Tue Nov 26, 2013 12:54 am
Forum: Wireless Networking
Topic: How many concurrent wireless users can support?
Replies: 22
Views: 39992

Re: How many concurrent wireless users can support?

If you want to support up to 100 users and have something usable, you'll probably want to set up 3 access points throughout the building. Personally, I'd do more, but using more than 3 APs in close quarters can cause problems that you may not want to cope with. For a MT solution, I'd get the RB750UP...
by troy
Mon Nov 25, 2013 11:47 pm
Forum: Scripting
Topic: learn how to Shape Download Traffic only & leave Browsing
Replies: 24
Views: 19814

Re: learn how to Shape Download Traffic only & leave Browsin

Curious.. It's been a while since I've dug into the HTTP protocol, but aren't there some headers that you could key in on? IMO, the best, first test, would be Content-Length (if we could actually use the number from the string). Small files could be let through, with medium and large files being que...
by troy
Mon Nov 25, 2013 9:06 pm
Forum: General
Topic: How do I setup router for public/29 address space
Replies: 8
Views: 6043

Re: How do I setup router for public/29 address space

Well, it's not really all that silly from a customer perspective, it just gives you an extra address to use. As a provider though, it is silly, they're wasting an IP unnecessarily. Comcast does this as well, a customer with a subnet assignment also gets a static IP outside that subnet. What's infuri...
by troy
Mon Nov 25, 2013 6:57 pm
Forum: General
Topic: How do I setup router for public/29 address space
Replies: 8
Views: 6043

Re: How do I setup router for public/29 address space

How silly of your provider to give you a static address (/32) that's not already in your static subnet, but that's beside the point, and it gives you 9 static IPs to work with instead of just 8. You get your route from the PPPoE session, so that's taken care of. Now, just put your subnet on your DMZ...
by troy
Mon Nov 25, 2013 6:20 pm
Forum: Beginner Basics
Topic: Block all ports but 80 and 1723
Replies: 7
Views: 34551

Re: Block all ports but 80 and 1723

add chain=forward action=accept protocol=tcp dst-port 3389 in-interface=VPN comment="Allow RDP via VPN" If you don't mind a suggestion... take some time to review the basic firewall documentation in the wiki. Also search for various firewall scripts out there. IMO, firewalls are typically ...
by troy
Mon Nov 25, 2013 5:38 pm
Forum: General
Topic: Simple Queue Question....
Replies: 2
Views: 1163

Re: Simple Queue Question....

At the moment, you're probably best off with PCQ and Queue Tree. Create a PCQ for your server to reserve the bandwidth, then create a separate PCQ for your workstations. In the Queue Tree, create 2 parent queues (upload & download), then create 2 children for each (server & workstation). Wha...
by troy
Mon Nov 25, 2013 5:10 pm
Forum: General
Topic: Zabbix Template
Replies: 17
Views: 28498

Zabbix Template

I had heard about zabbix quite some time ago, but never seemed to find the time to tackle the learning curve. This past weekend, I decided it was time, so I did and I'd like to share the results with you. This template is incomplete at best, but so far, it's doing what I need it to do. I'm open to r...
by troy
Sat Nov 23, 2013 7:40 pm
Forum: General
Topic: SNMP - Different OIDs on different boards...
Replies: 1
Views: 949

SNMP - Different OIDs on different boards...

Ok, in the past, I've just accepted this, but as I'm wanting to monitor more and more devices, it's starting to get really annoying. I checked a few different devices for ifDescr.1 CCR = sfp1 RB1100 = Ether12 RB435 = Ether1 RB1200 = Ether10 This is so random... can we get some degree of predictabili...
by troy
Fri Nov 22, 2013 2:34 am
Forum: General
Topic: failover with 3 ISP without balancing
Replies: 3
Views: 2286

Re: failover with 3 ISP without balancing

No script necessary. /ip route add check-gateway=ping distance=10 gateway=10.1.1.1 add check-gateway=ping distance=20 gateway=10.2.2.1 add check-gateway=ping distance=30 gateway=10.3.3.1 /ip firewall nat add chain=srcnat chain=srcnat out-interface=WAN1 to-addresses=10.1.1.2 add chain=srcnat chain=sr...
by troy
Thu Nov 21, 2013 10:05 pm
Forum: General
Topic: Cloud Router Switch Uplink
Replies: 18
Views: 8807

Re: Cloud Router Switch Uplink

Late to the discussion, but rather than a filter on the bridge, I'd put all the ports in the bridge with a horizon=2, with the uplink having a horizon=1. All hosts can communicate to the upstream, but not to the side. According to the block diagram , the CRS has all 24 ports + SFP on a single switch...
by troy
Thu Nov 21, 2013 6:00 pm
Forum: General
Topic: Bandwidth Management & QOS - Is it possible?
Replies: 12
Views: 8017

Re: Bandwidth Management & QOS - Is it possible?

I don't have the expertise to go into depth about QOS (yet), but DNS is a pretty critical service. Everything else depends on it. For the same reason, ICMP and certain types/sizes of TCP packets should have super-high priority. When you want to pull up a web page, even a few hundred milliseconds can...
by troy
Thu Nov 21, 2013 1:17 am
Forum: General
Topic: Bandwidth Management & QOS - Is it possible?
Replies: 12
Views: 8017

Re: Bandwidth Management & QOS - Is it possible?

WhoKnew, I'd imagine that the address list you're asking about, is a catch-all list that includes the IPs and/or subnets all his clients are on. This is how I do it, anyways... list for all subnets on the network, different lists for different nat pools, list for different bandwidth classes, list fo...
by troy
Wed Nov 20, 2013 9:19 pm
Forum: General
Topic: Bandwidth Management & QOS - Is it possible?
Replies: 12
Views: 8017

Re: Bandwidth Management & QOS - Is it possible?

Seriously, I'm lost... not sure why all this isn't working. Here, I mangle. It works and works great. (there are actually some other rules that catch unlisted addresses and gives them a default packet-mark) /ip firewall mangle add action=mark-packet chain=prerouting in-interface=LAN_Bridge new-packe...
by troy
Sat Nov 16, 2013 4:00 pm
Forum: General
Topic: Bandwidth Management & QOS - Is it possible?
Replies: 12
Views: 8017

Bandwidth Management & QOS - Is it possible?

For bandwidth management, we've been using a Queue Tree with PCQ. We have 3 different bandwidth packages, and each user (by IP) is in an appropriate address list. The parent queue limits bandwidth to 40/8 (off a Comcast 50/10 connection). With peak usage at just under 30M, this has been working awes...
by troy
Tue Nov 05, 2013 11:16 pm
Forum: General
Topic: CCR1036-12G-4S / ROS 6.5 / Weirdness
Replies: 0
Views: 761

CCR1036-12G-4S / ROS 6.5 / Weirdness

I've been beating my head on this one for hours. Time to give up and go home. [admin@MikroTik] > ip address add address=xx.yyy.170.50/30 interface=ether1 [admin@MikroTik] > ping xx.yyy.170.49 HOST SIZE TTL TIME STATUS xx.yyy.170.49 56 255 2ms xx.yyy.170.49 56 255 2ms xx.yyy.170.49 56 255 2ms sent=3 ...
by troy
Fri Jul 05, 2013 10:22 pm
Forum: Wireless Networking
Topic: Metal2SHPn WLAN dies
Replies: 2
Views: 1337

Re: Metal2SHPn WLAN dies

Check out my thread on this. MT is aware, and I'm hoping that more people will report their failing units.

Check tool/profile and see if the wireless process is at about 50% CPU, generate a SUPOUT file and send it to MT.

http://forum.mikrotik.com/viewtopic.php?f=7&t=74191
by troy
Thu Jul 04, 2013 7:34 pm
Forum: Wireless Networking
Topic: RB Metal AP stability
Replies: 26
Views: 14254

Re: RB Metal AP stability

We finally replaced our Metals with 433/R2SHPn combos, which is about 3x the cost, but is working great. I finally did get a response from MT about the metals. Uldis said the supout shows the it was unable transmit and unable to reset. He's thinking that changing the adaptive-noise-immunity might wo...
by troy
Thu Jul 04, 2013 7:04 pm
Forum: Wireless Networking
Topic: RB Metal AP stability
Replies: 26
Views: 14254

Re: RB Metal AP stability

Hi Metal is a very good equipment , but in my opinion you used it in wrong place !! Metal is 31 dbm high power radio , perfect for long range and long distance but not good for hotspot or multipoint links. Metal has only 400 mhz CPU and 64 MB ram. you should use use a board with powerful cpu and ra...
by troy
Wed Jun 26, 2013 5:10 pm
Forum: Wireless Networking
Topic: Mikrotik Groove as a AP
Replies: 2
Views: 1924

Re: Mikrotik Groove as a AP

The metal and the groove are different units. Not sure what you're actually working with, but I have a pair of Metals that are experiencing the same behavior. I've had a ticket open with MT for a couple weeks now, but am getting no response from them. I started a new thread about this here: http://f...
by troy
Wed Jun 26, 2013 5:06 pm
Forum: General
Topic: help with mangle rules...
Replies: 3
Views: 1526

Re: help with mangle rules...

Looking at the screenshot, the mangle rule to mark the connection is getting no hits. Something in the previous 45 rules is preventing this mangle rule from doing it's job.
by troy
Wed Jun 26, 2013 4:50 pm
Forum: Wireless Networking
Topic: RB Metal AP stability
Replies: 26
Views: 14254

RB Metal AP stability

All, I've got a site with 3 Metal 2.4Ghz Access Points. All 3 were running 5.25 with 3.07 firmware. They're attached to 15db sector antennas. One unit has 17 clients, another has 9, the 3rd is empty at the moment. The wireless process on these units is locking up at 50% CPU, dropping all clients and...
by troy
Wed Jun 26, 2013 4:01 pm
Forum: Forwarding Protocols
Topic: ISP Router Configuration
Replies: 1
Views: 3423

Re: ISP Router Configuration

Without knowing what the topology looks like under that dark cloud, it's hard to tell you the best solution. You can do the 1:1 NAT as you suggested, but there are other ways that might be preferable. If your infrastructure is in place using RFC address space, you can do this by putting a /32 on eac...
by troy
Tue Jun 18, 2013 11:08 pm
Forum: General
Topic: Load balancing over 2 gateways & multiple subnets on rb1100
Replies: 4
Views: 2995

Re: Load balancing over 2 gateways & multiple subnets on rb1

The wiki article uses 1 LAN and 2 WAN connections. You can do any number of internal/external interfaces you want, just add more mangle rules. On the LAN side, you might be able to get around this by specifying src-address-list instead of the in-interface. We have a /29 on one WAN and a /28 on the o...
by troy
Wed Jun 12, 2013 1:39 am
Forum: General
Topic: Bandwidth Test and NAT?
Replies: 2
Views: 2593

Re: Bandwidth Test and NAT?

Almost another year later, and not a single response? Really?
by troy
Sun Jun 09, 2013 7:03 pm
Forum: Wireless Networking
Topic: High Density Tower Config
Replies: 3
Views: 2098

High Density Tower Config

I'm looking at a tower with 6 sectors at 10Mhz each (3v/3h). Here's some stats on one of those sectors, the others look similar. There is a total of about 170 subscribers right now. 802.11g - 4.5/9/18/24/27 (10mhz rates) 30 Clients (3@18, 5@24, 22@27) 18.9Mbit/s interface potential (based on associa...
by troy
Thu Jun 06, 2013 6:25 am
Forum: General
Topic: Load balancing over 2 gateways & multiple subnets on rb1100
Replies: 4
Views: 2995

Re: Load balancing over 2 gateways & multiple subnets on rb1

First, on the RB1100, consider using ports 11 and 12 for your upstream connections. Due to the architecture of the board, you'll almost certainly get better performance. Second, to answer your question on the load balancing, check out the wiki article on pcc . It works very well, I have a site fed b...
by troy
Thu Jun 06, 2013 4:03 am
Forum: Wireless Networking
Topic: A/N and B/G/N radios with manually configured data rates
Replies: 3
Views: 2285

Re: A/N and B/G/N radios with manually configured data rates

Thanks for that. Will test this as soon as I have a chance. Have a great mix of clients to test against, and want to squeeze every bit I can out of my APs.

-Troy
by troy
Tue Jun 04, 2013 6:13 am
Forum: General
Topic: pcq-burst-time broken?
Replies: 0
Views: 758

pcq-burst-time broken?

Testing PCQ/Simple Queues on ROS 6.0 on RB1100AH /queue type add kind=pcq name=pcq-test pcq-burst-rate=6M pcq-burst-threshold=1M \ pcq-burst-time=2m pcq-classifier=src-address pcq-dst-address6-mask=64 \ pcq-rate=2M pcq-src-address6-mask=64 /queue simple add name=test-down packet-marks=test_down queu...
by troy
Fri May 10, 2013 4:26 pm
Forum: Wireless Networking
Topic: A/N and B/G/N radios with manually configured data rates
Replies: 3
Views: 2285

A/N and B/G/N radios with manually configured data rates

All, In the past, I've been able to configure A and G radios with custom data rates that drastically improved performance. In this set up, I would disable all the 'B' rates, 6Mb and 9Mb rates and set the basic rate to 12Mb. With the new 802.11n radios, I can still do this as long as I set the radios...
by troy
Tue Jan 08, 2013 1:35 pm
Forum: Virtualization
Topic: Metarouter stability on RB800, RB1100, RB1100AH
Replies: 42
Views: 16989

Re: Metarouter stability on RB800, RB1100, RB1100AH

Ugh... I hate necro-posting, but it's related... RB1100AH ROS 5.18. Have a metarouter running for testing certain network functions (not doing any real work). Have had 3 lockups in the last 6 months or so. Several other RB1100 and RB1100AH running without a hiccup. Ethernet interfaces are still up (...
by troy
Mon Jan 07, 2013 11:38 pm
Forum: Wireless Networking
Topic: Wireless issue between RB711UA-2HnD and RB711-2HnD
Replies: 1
Views: 995

Wireless issue between RB711UA-2HnD and RB711-2HnD

All, I'm having an issue with a RB711UA-2HnD. Clients can associate, even up to about a -55/-57 and -56/-58, but the data rate is coming in at 1M/1M. As soon as I ping the CPE, the rates will increase to 5.5, 6, 6.5 or something. Pings look OK. As soon as I put a load on it (500 byte packets), the c...
by troy
Thu Sep 13, 2012 6:37 pm
Forum: Wireless Networking
Topic: Restricting customer to single device on the network
Replies: 5
Views: 2038

Re: Restricting customer to single device on the network

That's where I'm at right now, but don't want to get stuck in a position where a customer has to call in any time they want to change their equipment. To put this into perspective, when I connect a device to my cable modem from Comcast, it works. If I attach multiple devices via a switch, only the f...
by troy
Thu Sep 13, 2012 3:12 pm
Forum: Wireless Networking
Topic: Wireless Model
Replies: 5
Views: 2241

Re: Wireless Model

The system/antenna you choose will make little difference. 2.4/5.8 will not make a huge difference either when it comes to providing access to laptops and other consumer devices. They all have a limited range. I mention the groove only because it's a very low cost solution and available in either L3...
by troy
Wed Sep 12, 2012 9:12 pm
Forum: General
Topic: What do you all think of the EdgeRouter?
Replies: 21
Views: 5570

Re: What do you all think of the EdgeRouter?

I think I'll wait for the 'counterfeits' to flood the market before I buy any. :lol:
by troy
Wed Sep 12, 2012 8:44 pm
Forum: General
Topic: Check IP and Update
Replies: 5
Views: 1940

Re: Check IP and Update

This part of the script is what updates the NAT rules: :foreach rule in=[/ip firewall nat find dst-address=$currentIP] do={ /ip firewall nat set $rule dst-address=$myIP; } To update an address list, you'll need to rewrite this to find and update appropriate entries in your address list. It will not ...
by troy
Wed Sep 12, 2012 8:20 pm
Forum: Wireless Networking
Topic: Wireless Model
Replies: 5
Views: 2241

Re: Wireless Model

The GrooveA combined with a 5db omni antenna would probably be the least expensive to start with, but any MT device with a Level-4 license will work. 400m is too much for a laptop though. You'll be lucky to get 40m indoors and 90m outdoors. In an outdoor network, a laptop might see an AP from 2-3km ...
by troy
Wed Sep 12, 2012 6:09 pm
Forum: General
Topic: Check IP and Update
Replies: 5
Views: 1940

Re: Check IP and Update

This should get you started... :global currentIP; :local tmpIP [/ip address get [find interface="WAN"] address]; :local myIP [:pick $tmpIP 0 [:find $tmpIP "/"]]; :if ($myIP != $currentIP) do={ :log info "WAN IP address changed from $currentIP to $myIP" :foreach rule in=...
by troy
Wed Sep 12, 2012 6:04 pm
Forum: Beginner Basics
Topic: Load balancing with pcc + queue trees ?
Replies: 9
Views: 13292

Re: Load balancing with pcc + queue trees ?

I struggled with this as well and came up with a very similar solution. I added some mangle rules to bypass the PCC to mark connections/routes for clients that had a static 1:1 NAT. Next up, how would we integrate QOS into this? I'd like to prioritize ssh/telnet, gaming, web, mail, and other sets. I...
by troy
Tue Sep 11, 2012 5:24 pm
Forum: Wireless Networking
Topic: Restricting customer to single device on the network
Replies: 5
Views: 2038

Re: Restricting customer to single device on the network

I'm not sure I follow the logic of that suggestion. Setting ttl=1 will break legit customers running a router and using a single connection to the network, while still allowing bad users to attach multiple devices behind the bridge. Good: L3GW -> * -> AP -> CPE -> Customer Router -> (I don't care) B...
by troy
Tue Sep 11, 2012 12:02 am
Forum: Wireless Networking
Topic: Restricting customer to single device on the network
Replies: 5
Views: 2038

Restricting customer to single device on the network

I'm desperately trying to find a way to prevent customers from attaching multiple devices directly to my network, but I'm not having much luck. I thought that station-pseudobridge mode would do the trick, and while it's close, this is still not a suitable solution for my purposes, as I can still see...
by troy
Fri Aug 31, 2012 4:37 pm
Forum: Beginner Basics
Topic: Can't change newly set password.
Replies: 8
Views: 5934

Re: Can't change newly set password.

If you can't use the /password command, just set it directly through /user set 0 password=
by troy
Fri Aug 31, 2012 4:05 pm
Forum: Beginner Basics
Topic: MAC filtering
Replies: 3
Views: 1380

Re: MAC filtering

+1 To expand on this, I'd like to see a robust suite of Layer 2 management tools. In my situation, I'd like to be able to limit a client connection to a single MAC address on any interface (on the AP, on a per-connection basis). I'd also like to see a Layer 2 address lists and an analog for PCQ, whi...
by troy
Mon Aug 27, 2012 5:12 pm
Forum: Scripting
Topic: Dyndns.org script, now to remove all log info ?
Replies: 19
Views: 9997

Re: Dyndns.org script, now to remove all log info ?

As far as I know, yes. A query to an outside server would be about the only way to do it.

Does the Siemens not have support for dynamic DNS?

Have you considered using OpenWRT on it? With this, you can have a shell and write any sort of script you want to do anything you need.
by troy
Thu Aug 23, 2012 4:28 pm
Forum: Scripting
Topic: Dyndns.org script, now to remove all log info ?
Replies: 19
Views: 9997

Re: Dyndns.org script, now to remove all log info ?

i think you didnt understand original poster correctly - he removed all ":log" commands, but command "/tool fetch" produces log entry that cant be removed. so log still gets filled with those "fetch: file temp.txt created" messages. Preventing the fetch from creating a...
by troy
Tue Aug 07, 2012 12:54 pm
Forum: Beginner Basics
Topic: MK problem with routing
Replies: 2
Views: 1178

Re: MK problem with routing

Hi, I have a problem with routing to the internet. Can you help me solved my problem? [xxx@MikroTik] /ip address> print Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK INTERFACE 0 ;;; 192.168.1.1/32 255.255.255.0 Vnitrni 1 ;;; INTERNET 10.5.127.202/32 255.255.255.252 01_Vnejsi I can...
by troy
Sun Aug 05, 2012 2:40 am
Forum: General
Topic: Dynamic PCQ?
Replies: 0
Views: 680

Dynamic PCQ?

I'm trying to figure out if it would be possible to get user bandwidth information from radius (via DHCP) so that the router can add the client's IP to an appropriate address list, which in turn would be used by mangle in order to get the client into the proper PCQ. I know I can use the mikrotik-rat...
by troy
Mon Jul 09, 2012 12:58 pm
Forum: General
Topic: QT & PCQ - Flatline at wrong speed
Replies: 0
Views: 614

QT & PCQ - Flatline at wrong speed

I have the following queue tree in place: /queue tree add max-limit=14M name=total_down parent=global-out add max-limit=1536k name=total_up parent=global-out add name=Silver_Upload packet-mark=Silver_Upload parent=total_up queue=pcq_silver_up add name=Silver_Download packet-mark=Silver_Download pare...
by troy
Sat Jun 16, 2012 5:50 pm
Forum: General
Topic: torch stops automatically.
Replies: 1
Views: 1020

Re: torch stops automatically.

Did you ever get an answer to this? I've run torch for hours in the past, but now it stops after just a few seconds. I'm looking at a RB493AH with ROS 5.15.
by troy
Sat May 19, 2012 3:35 am
Forum: General
Topic: queue tree whitout any limit, just priority.
Replies: 14
Views: 3599

Re: queue tree whitout any limit, just priority.

The stuff posted on that page works great as-is, but the OP was asking about being able to do it without first defining the amount of bandwidth available on the link. In other words, he doesn't care how much bandwidth is being used, but he wants to give different priorities to different types of tra...
by troy
Fri May 18, 2012 2:56 pm
Forum: RouterBOARD hardware
Topic: SFP module
Replies: 101
Views: 75338

Re: SFP module

Some of you have mentioned getting dirt cheap SFPs. Anyone care to share their sources?

Thanks,

-Troy
by troy
Tue May 15, 2012 6:31 pm
Forum: RouterBOARD hardware
Topic: SFP module
Replies: 101
Views: 75338

Re: SFP module

I would love to test. I have a variety of 155M SFPs that are itching to get used.

Who's got the 2011 in the US? I want one, and I want it today (well, tomorrow with next-day shipping).

-Troy

EDIT: nevermind... apparently, we're still waiting for FCC approval
by troy
Tue May 15, 2012 4:02 pm
Forum: RouterBOARD hardware
Topic: Request - Cloud Edge Router
Replies: 2
Views: 1598

Request - Cloud Edge Router

OK, I know this forum is 100% unofficial, but I thought I'd drop this here anyways... We all know MT is working on their Cloud Core Router, which looks pretty impressive on paper. I can't wait to see this thing in action. Now, how about engineering a customer edge router, with 24 100Mbit/s ports (SF...
by troy
Thu Mar 01, 2012 7:57 pm
Forum: RouterBOARD hardware
Topic: ETA on RB2011?
Replies: 39
Views: 12652

Re: ETA on RB2011?

Now it's March...
by troy
Wed Feb 15, 2012 6:58 pm
Forum: General
Topic: v5.13 released
Replies: 64
Views: 13511

Re: v5.13 released

Happen to have a RB751 sitting on my desk this morning, so I thought I'd play with SMB and see if I couldn't figure it out. Unfortunately, ROS says my drive is invalid. Weird, it works great under Windows 7 and Ubuntu 11.10. MT, if you're going to add SMB support for home users, you probably need to...
by troy
Wed Feb 15, 2012 5:55 pm
Forum: General
Topic: Bridge Issue/Question
Replies: 5
Views: 2021

Re: Bridge Issue/Question

You show ether3 in the bridge group, which conflicts with the desired configuration you posted. An oversight, I'm sure. Onto the bridge... this gets fun. When you add an IP address to an interface, it belongs to that interface. However, if you then stick that interface into a bridge group, the IP ad...
by troy
Wed Feb 15, 2012 5:37 pm
Forum: Wireless Networking
Topic: VLANs and Virtual AP's
Replies: 30
Views: 48024

Re: VLANs and Virtual AP's

I've pulled my hair out more than once when trying to attach multiple vlan interfaces to a physical interface. I gave up and put the vlans on a bridge instead. Here's a model that should get you going: vlan_bridge.png vlan100 and vlan200 are attached to the lan_bridge, then included as ports in thei...
by troy
Wed Feb 15, 2012 4:38 pm
Forum: Scripting
Topic: Dyndns.org script, now to remove all log info ?
Replies: 19
Views: 9997

Re: Dyndns.org script, now to remove all log info ?

My IP is pretty stable, so that html file only gets re-written a few times a year. It's annoying to see it, but not a huge issue for me. Try something like this in the script to remove it: /file remove [/file find name~"update.php.*"] That's a very simple match, adjust the regex to suit yo...
by troy
Tue Feb 14, 2012 8:15 pm
Forum: RouterBOARD hardware
Topic: RB1200 ROS 5.12 bootloader 2.38 issue.
Replies: 6
Views: 3445

Re: RB1200 ROS 5.12 bootloader 2.38 issue.

I have one RB1200 exhibiting this same behavior. I had to yank the power when I did the initial upgrade in the office (5.3 or 5.4?). I discounted it as a fluke. Then after deployment, I did a remote upgrade to 5.7 and ended up having to drive out to yank the power. It's now on 5.7 for the last 120 d...
by troy
Tue Feb 14, 2012 4:03 pm
Forum: General
Topic: Export compact (new in v5.12)
Replies: 76
Views: 42405

Re: Export compact (new in v5.12)

2) why the current default of unicast is not good enough, also, NTP server on the RouterOS defaults to unicast mode and additional modes (broadcast, multicast and manycast) can be enabled in addition to unicast. So now the only thing that you have to do is to set up ntp-client to get the time, enab...
by troy
Mon Feb 13, 2012 9:32 pm
Forum: General
Topic: Export compact (new in v5.12)
Replies: 76
Views: 42405

Re: Export compact (new in v5.12)

2 items i noticed...

DNS and NTP settings are not being marked as dynamic when they're set by dhcp-client, and are therefore included in a compact export.

This goes off topic, but while I'm talking about setting NTP via DHCP, it might be a good idea if the client was enabled and set to broadcast (
by troy
Tue Feb 07, 2012 6:23 pm
Forum: Wireless Networking
Topic: Vlans over wireless
Replies: 3
Views: 3809

Re: Vlans over wireless

Wow, what a great time to start using the export compact :)

I can't help, but I'm curious... what wireless protocol are you using (802.11/nv2/nstreme?), what are the signal levels, and what does the log say about the wireless disconnects?
by troy
Mon Feb 06, 2012 6:47 pm
Forum: Forwarding Protocols
Topic: Problem with Bridge or VPLS?
Replies: 1
Views: 1723

Problem with Bridge or VPLS?

Ok, so I set up my new network... looks like this: network extension.png R1/2/3/4 = RB1200 w/ROS 5.12 AP1/2/3 = RB435 w/ROS 5.12 R1 config: /interface bridge add name=vlan_bridge protocol=rstp /interface bridge port add bridge=vlan_bridge interface=ether6 horizon=1 add bridge=vlan_bridge interface=v...
by troy
Mon Feb 06, 2012 5:01 pm
Forum: Beginner Basics
Topic: Timing
Replies: 7
Views: 1628

Re: Timing

When you add that rule, where does it appear?

Rule #185 is permitting this client's traffic, if your rule to block traffic appears after, it won't be seen since the traffic has already been accepted.
by troy
Mon Feb 06, 2012 4:54 pm
Forum: General
Topic: Export compact (new in v5.12)
Replies: 76
Views: 42405

Re: Export compact (new in v5.12)

MT Guys: Thank you so much for the compact exports. Much easier to see what's what! How about a feature in The Dude to manage configurations? If The Dude senses that a router's config has changed, have it automatically pull that config and store it. Put a tftp client in ROS so that we can save a con...
by troy
Sun Feb 05, 2012 6:47 pm
Forum: Beginner Basics
Topic: Forcing Users to use your DHCP Only but not the Servers
Replies: 6
Views: 1647

Re: Forcing Users to use your DHCP Only but not the Servers

Just to add my 2 cents... Starting with a /24, I'll generally allocate the top /25 (.128-.254) as a DHCP pool (I use clean subnets to make things easier when building address lists or matching IPs). The bottom /25 will be reserved for servers, routers, switches, access points, phones, printers, etc....
by troy
Sun Feb 05, 2012 6:35 pm
Forum: Beginner Basics
Topic: MikroTik - uTorrent behing NAT does not work
Replies: 9
Views: 11644

Re: MikroTik - uTorrent behing NAT does not work

Dunno what solution you found, but here's my setup:
/ip upnp
set allow-disable-external-interface=no enabled=yes
/ip upnp interfaces
add interface=wan type=external
add interface=lan type=internal
I get lots and lots of dynamic nat rules from utorrent and other applications. Works a treat!
by troy
Fri Feb 03, 2012 7:39 pm
Forum: Beginner Basics
Topic: how
Replies: 3
Views: 1385

Re: how

Assuming that tplink's WDS implementation is compatible with MT's implementation, then all you should need to do, is enable WDS on the MT.
/int wireless set 0 wds-mode=dynamic wds-default-bridge=bridge1
Good luck!
by troy
Wed Feb 01, 2012 12:17 am
Forum: General
Topic: 62.149.12.108
Replies: 6
Views: 1595

Re: 62.149.12.108

I'm glad you found the source. However, I gotta ask... how is this customer routing his internal addresses over your network? He should be doing his own NAT. On your NAT router, add a filter to only allow those subnets that you've set up for customer access. On my network, I have hundreds of subnets...
by troy
Tue Jan 31, 2012 7:57 pm
Forum: General
Topic: 62.149.12.108
Replies: 6
Views: 1595

Re: 62.149.12.108

Do you see those same IP addresses if you run torch on your wireless interface?

Try putting an address on ether1, such as 192.168.1.250/24, and see if you can ping those addresses or at least get their associated MAC addresses.
by troy
Tue Jan 31, 2012 7:17 pm
Forum: General
Topic: 62.149.12.108
Replies: 6
Views: 1595

Re: 62.149.12.108

You need to provide quite a bit more information, start with this:

/interface print
/ip address print
/ip route print

The arp table might also help:

/ip arp print
by troy
Tue Jan 31, 2012 3:22 pm
Forum: Scripting
Topic: Dyndns.org script, now to remove all log info ?
Replies: 19
Views: 9997

Re: Dyndns.org script, now to remove all log info ?

Run it every 5 seconds, 5 minutes, or 5 hours... don't fetch unless the IP has changed. Here's the script I use and run every 5 minutes. The current IP is stored and used to compare next time the script is run. :global currentIP; :local tmpIP [/ip address get [find interface="WAN"] address...
by troy
Mon Jan 30, 2012 10:27 pm
Forum: General
Topic: masq with a /32 address?
Replies: 5
Views: 1760

Re: masq with a /32 address?

Well, here's what I did, and it works! First, /32 routing... I found this post , which explains how to do it. The beauty on this, is that I can utilize a /28 (or whatever sized network) in multiple locations, as the shortest prefix is always preferred. So, on my gateway: /ip address add address=12.3...
by troy
Fri Jan 13, 2012 10:45 pm
Forum: General
Topic: Am I the first to blow up a RB1200 or RB435?
Replies: 2
Views: 1156

Re: Am I the first to blow up a RB1200 or RB435?

Hi, The best we have found so far for passive gigabit are the following - Link - http://www.l-com.com/item.aspx?id=31857 From the pic, it seems that your patch cords are not grounded/shielded. As far as I know you need to have the whole path grounded otherwise you shall surely have ESD problems. Rg...
by troy
Fri Jan 13, 2012 4:50 pm
Forum: General
Topic: Am I the first to blow up a RB1200 or RB435?
Replies: 2
Views: 1156

Am I the first to blow up a RB1200 or RB435?

Wow, not often we see lightning in January, but we got it. I won't even go into how frustrating it is that it happened less than 2 weeks after going live. Here's the RB1200 and GigE injector: scorched.png I can't say for certain, but it looks like the strike was on the 435, blew out the 1200 and som...
by troy
Sat Dec 31, 2011 5:33 pm
Forum: General
Topic: RB1200 Throughput
Replies: 1
Views: 1949

RB1200 Throughput

All, We're finishing up a new install with 5 licensed links using the RB1200 at each site. From Site to Site, RB1200 bandwidth test caps out at 170Mbit/s. I don't yet know if this is a limit on the RB itself or if it's a limitation on the DragonWave systems. Honestly though, I never did try a bandwi...
by troy
Fri Dec 30, 2011 8:14 pm
Forum: General
Topic: masq with a /32 address?
Replies: 5
Views: 1760

masq with a /32 address?

All, In order to conserve IP addresses (we have very few), I'd like to find a way to get masq working on a /32 address. With initial testing, if I put a /32 address on a loopback (bridge), all incoming stuff, including dst-nat works great, but I've been unable to get masq to work. I can't seem to fi...
by troy
Thu Dec 15, 2011 10:12 pm
Forum: Forwarding Protocols
Topic: OSPF not working after reboot
Replies: 2
Views: 1453

Re: OSPF not working after reboot

Nope, it's just the one on a /30 PtP link
by troy
Thu Dec 01, 2011 11:30 pm
Forum: Forwarding Protocols
Topic: OSPF not working after reboot
Replies: 2
Views: 1453

OSPF not working after reboot

I have 2 routers, both running 5.9. This particular problem though, has been around since at least 4.11 or so. This problem is only happening between these two units and I'm unable to reproduce it anywhere else. PTP, SR5, 38km, nv2, -54db, AP/Station modes. When the station reboots (for any reason),...
by troy
Tue Nov 22, 2011 1:00 pm
Forum: General
Topic: UPS Monitoring
Replies: 18
Views: 4316

Re: UPS Monitoring

Yeah, I've looked at those. The problem, is that the wiki tells me that I can monitor it directly using an appropriate serial cable.
by troy
Fri Nov 18, 2011 11:19 pm
Forum: RouterBOARD hardware
Topic: ETA on RB2011?
Replies: 39
Views: 12652

ETA on RB2011?

I'm curious to know the ETA on the 2011. We're very interested in deploying this as the CPE on our FTTH project, and likely as an option for customers on the wireless side of the house.

Thanks,

-Troy
by troy
Fri Nov 18, 2011 10:20 pm
Forum: General
Topic: UPS Monitoring
Replies: 18
Views: 4316

UPS Monitoring

According to the manual, I should be able to monitor any SmartUPS or BackUPS PRO. Using a RB1200 w/ROS 5.8, I tested against the SC450RM1U using the serial cable provided by APC. This worked perfectly. I tested a 2nd UPS, the SMT1000RM2U, which comes with a serial cable that's DB9 to RJ45. I've had ...
by troy
Wed Oct 26, 2011 4:46 pm
Forum: General
Topic: Mikrotik + Radius + Security
Replies: 2
Views: 2450

Re: Mikrotik + Radius + Security

Ah, the old CHAP vs PAP argument. Unfortunately, there's no easy answer to this one, but for discussions, Google is your friend. With CHAP, you are as secure as the machine storing the passwords. A clear-text password is never present at any portion of your network, so it can never be sniffed. Howev...
by troy
Tue Oct 18, 2011 6:21 pm
Forum: Beginner Basics
Topic: System time set
Replies: 5
Views: 1221

Re: System time set

No problem. Routerboards do not have a real time clock. You need to configure your time servers under system/sntp.
by troy
Fri Sep 23, 2011 3:35 pm
Forum: Beginner Basics
Topic: Get to dyndns hostname from lan
Replies: 6
Views: 1715

Re: Get to dyndns hostname from lan

Pog,

Are you sure name resolution is the problem? Check out the wiki article on hairpin nat.

http://wiki.mikrotik.com/wiki/Hairpin_NAT
by troy
Fri Sep 23, 2011 3:05 pm
Forum: General
Topic: Feature Request - Winbox Button
Replies: 9
Views: 4340

Re: Feature Request - Winbox Button

no, Dude can't connect winbox to a router inside some private network, also the terminal doesn't work that way. The Dude "Tools' are just shortcuts to the Winbox or Terminal program, with the IP address that you specified in the device settings. Normis, I KNOW that The Dude cannot connect winb...
by troy
Thu Sep 22, 2011 5:43 pm
Forum: General
Topic: Feature Request - Winbox Button
Replies: 9
Views: 4340

Re: Feature Request - Winbox Button

if you can port-forward dude, why can't you do the same for winbox? I'm not sure I follow. Sure, I can forward port 8291 to one of my MT boxes... now, what do I do about the other 98 units I might need to access? Tell me, how does 'Terminal' work through The Dude? I can right-click on any MT device...
by troy
Fri Sep 16, 2011 5:11 pm
Forum: General
Topic: RouterOS v5.7 released
Replies: 227
Views: 87104

Re: RouterOS v5.7 released

Are you still considering improvements in VLAN management in both the switch and bridge? Ticket#2011072966000478 I've nearly convinced everyone here that we don't need to spend big money on Cisco switches when MT will do the trick, but not being able to restrict VLAN trunking without creating 2 rule...
by troy
Fri Sep 02, 2011 6:05 pm
Forum: General
Topic: Feature Request - Winbox Button
Replies: 9
Views: 4340

Re: Feature Request - Winbox Button

these tools are ran within the winbox. while other winbox cannot be ran inside other one. So, the best option is to use the Dude, if you require management over large network. just install server somewhere, make network map (you do not have to actually have to have a lot of probes to monitor someht...
by troy
Mon Aug 15, 2011 5:53 pm
Forum: Forwarding Protocols
Topic: Troy's Adventures in MPLS, VPLS, and BGP
Replies: 8
Views: 5067

Re: BGP VPLS - tunnels not running

If you still have to enable LDP on every interface on every router, then what's the advantage of BGP? I can add LDP tunnels as easily as BGP tunnels, and LDP tunnels eliminate the 3rd party interaction with the BGP routing process. So, what's the advantage of BGP again? Since BGP VPLS deals with au...
  • 1
  • 2