MikroTik

rooin

Not that this helps, but let it be known I am experiencing issues between all Mikrotik gear. My environment was seeing extensive package loss in a CCR2004-16G-2S+ to a pair of CRS354s in a 2x2 MLAG configuration. When I changed my configuration to a single interface the packet loss has gone away. Su...

rooin

Anyone else experienced issues when using LACP bonding on CCR2004-16G-2S+ hardware? Today we started experiencing intermittent connectivity/routing issues on the CCR2004. As the usual culprit of its issues has been the 2x2 LACP to MLAG connection it has with the pair of CRS354s. I disabled that and ...

rooin

Oh this one is interesting. There isn't even a cable plugged into ether1 but at 4:20a today the port came up some how...

ghost_connecting.png

So that's fun.

rooin

I wanted to provide an update. I did opt to go with the CCR2004-16P-2S+ as the core routing device. It is connected via 2x2 LACP to a MLAG configuration on the pair of CRS354-48Gs. An to put it kindly, things are stable as long as I don't touch it. As its recommended L3-HWO is disabled when you make...

rooin

No need to disable HW offload on any interfaces. If client feels it needs help from router (e.g. because destination of packet is not within same subnet), then client sends packet with MAC address of router. If CRS is acting as a router, then frame will be targeting CRS' own MAC address (of the bri...

rooin

Inter-VLAN traffic passes normal firewall rules. The settings "use-ip-firewall=yes" and "use-ip-firewall-for-vlan=yes" force using firewall filters for traffic passing bridge inside L2 network (either all-untagged LAN for the former setting or intra-VLAN for the kater setting). ...

rooin

I don't see a inter-VLAN DOS attempt taking place, but I guess its always possible. For new connections to be first checked against firewall with L3 Offload enabled, and achieve VLAN isolation do I need to enable IP Firewall VLAN on the bridge? /interface/bridge/settings use-ip-firewall=yes use-ip-f...

rooin

I would prefer sooner than later. I guess I felt that basic L2/L3 would be okay to run on v7 currently and the distributer who sold me the hardware agreed. It wasn't until after I got it and did some more digging into the configuration options that I started to wonder if I even need the CCR2004. At ...

rooin

I wouldn't use a CRS for that. Also, what are the links between those 4 locations? 2x 100Mb private fiber 1x 1Gb private fiber Do you have a fully L2 connection between those locations without any restrictions? If using external providers for these links, a lot of them have mac limits in place. Yes...

rooin

Yeah I am aware an not surprised by the way my traffic is traversing the switches. I was just adding insight to OP's question about what traffic can travers the PEER interface. In a scenario where two clients are MLAG to the same pair of switches its unlikely to see much PEER link traffic, however i...

rooin

So I am in a situation where I am trying to figure out the best way to re-configure core network routing. Currently using some old HPE kit to handle that and I have a CCR2004-16G and CRS354-48G both currently running v7. I need to perform basic L3 inter-VLAN routing of ~1Gb/s, averaging much less th...

rooin

From the tests I carried out assuming an optimal network condition, where all the ports are UP, the traffic passes through the bonding interfaces, without therefore asking the peer port. The traffic on the peer port passes when the client must necessarily do so from the peer port to reach the desti...

rooin

You don't test a Switch by testing into it, you test across/through it. You are going to see lower performance on a switch CPU as its not designed for that purpose. I stumbled upon your post because I am looking for reasons why I am seeing spikes as high as 40% CPU on my CRS354-48G when I am connect...

rooin

The 2004 setup is a very simple setup with VLANs and out on the same device. Well except for there is more than one way to configure VLAN on Mikrotik hardware. Instead of speed issues I experienced complete stop in routing/access via bridge. The very next morning my CCR2004 became unresponsive and ...

rooin

ffries - Would you mind sharing your VLAN method on your CCR2004? I recently purchased and installed 7.1.1 an have found with my current configuration I am able to successfully hit wire speed 1Gbps routing at roughly 20% CPU or less on average. That is using bridged VLAN filtering and routing across...

rooin

Searching for other information on the CCR2004 I stumbled upon your unanswered post, an since I have been dealing with the 2004 myself recently I will try an help you get things straightened out. If you are isolating ether4 in vlan20 with pvid, you need to create a vlan interface 20 (with IP), attac...

rooin

Default agent! Oi, for some reason after the update my default agent was switched from "server" to the "RB750GR3". Which was the reason for the message I was getting. Winbox > Dude > Server configuration > Default Agent: Server Everything has returned to normal. Hope this can hel...

rooin

Updating to 6.38.5 is yielding same result as 6.38.3.
Tried disable of dude and re-enable no change.

Does anyone have any ideas for me?

No other changes to the network has occurred. Single subnet connected via same procurve switch.

rooin

Recently purchased a RB750r3 for running newer version of dude, I have been using 4.0B3 for a very long time and wanted to check out new development. Upgraded from 6.38.1 to 6.38.3 today and now most of my devices are not polling. Mixture of RouterOS devices and basic PING with snmp. Less than 50 de...

rooin

Exactly. The basic switching is perfectly fine, and I would settle for the 4k frames if I could do bonding without bridging over the CPU. Its disappointing that the basic features like this don't work as expected. This switch should be plenty for a basic home network. So, the use of the RB2011 make...

rooin

As stated in the Wiki: " IEEE802.3ad and IEEE802.1ax compatible Link Aggregation Control Protocol is not supported yet". Hopefully we get that in the near future. You can try balance-xor between Mikrotik devices I remember I did it once. http://wiki.mikrotik.com/wiki/Manual:CRS_examples#T...

rooin

I came looking for this very answer. Trying to hookup a Synology NAS on a 2 int bond. I think we are still waiting on better LACP/Bond support. I have come to find after purchasing the CRS125 that it still lacks a lot of support of basic switch features. Can't do bonding until it can be accomplished...

rooin

Not quite sure I see a point to that.

rooin

No change. chain=srcnat action=masquerade protocol=tcp src-address=192.168.1.0/24 dst-address=192.168.1.xxx dst-port=80 Still get the momentary "Looking for..." "Connecting to..." an time out. I see no counters hit either in the inbound WAN dst-nat or the internal hairpin rule.

rooin

Your dest-nat rules look fine to me. chain=dstnat action=dst-nat to-addresses=192.168.1.xxx to-ports=80 protocol=tcp dst-address=[WAN IP] in-interface=PPPoE-WAN1 dst-port=80 I specify my WAN inbound as I only want port 80 requests from that WAN to be directed, the others can be dropped. The above ru...

rooin

So I think I have things mostly working at this point. Bonded speed seems to be there, secure sites not broken (that I've found) an outside world can get to the website. 1 ;;; Connection Marks chain=prerouting action=mark-connection new-connection-mark=PPPoE_conn passthrough=yes in-interface=PPPoE-W...

rooin

No, any inbound HTTP request originating from the internet would be pointed to my DSL (static IP), I want all requests back to it to return on the same connection to prevent issues. But this would also go for game hosting that could happen on either WAN an be dynamic by its nature, but for the durat...

rooin

Well I know my website will be limited to the DSL connection, which is fine with me, its a light website anyway. However I wish to allow the NAS that its on to still span its internet requests (from my network) across both WAN connections. I can't lock its LAN IP into a routed group WAN configuratio...

rooin

An update to all this, that I am still working out bugs and issues an really have been trying to put the final grasp on some of these configuration options. I'm going to post a small book here an hope that someone can turn on my lightbulb an get me on my way. When having to deal with Mangle chains I...

rooin

Although I'm not completely sure how the new, established an related prerouting mangles change how the traffic is handled, perhaps you want to give them a go? I was getting traffic on both WAN's but it just didn't feel right. An the issue where I had to keep logging into this site made me realize it...

rooin

Currently using the following, so far so good. chain=input action=mark-connection new-connection-mark=PPPoE_conn passthrough=yes in-interface=PPPoE chain=input action=mark-connection new-connection-mark=ether8_conn passthrough=yes in-interface=ether8 chain=output action=mark-routing new-routing-mark...

rooin

Found another mangle rule set that doesn't use the ones we have in question but has more to it otherwise... I think I might give this a shot as things are not working properly for me currently. I keep getting intermittent connection issues, where just retrying my request its fine. /ip firewall mangl...

rooin

You are using a very similar setup.
Guess we will have to await someone who can explain the significance of the destination routes for addresses we do not have.
Hopefully we will both be enlightened by someone who can shed some light on this.

rooin

I'm also finding something is configured wrong as I have to keep logging to try an submit my post on this forum.
However my bank website seems to work without issue.

rooin

Double check the mangle rules It is my understanding that you just add additional PCC rules marked with the appropriate connection. Make sure your PCC is adjusted with each new additional rule an that its assigned to mark the connection you want more usage from. In the examples I've found giving mor...

rooin

I ended up just going UDP/BSD. So far it's been just fine, but I'm also not logging to a location outside of my network.

rooin

Is there a planned RB2011LS-RM or RB2011US-RM?

The indoor case is very nice, but would like Rackmount option.

rooin

900 should work. I would use the Xagyl XC900M which is a great 900 card. It cuts down the noise floor and is powerfull. I am replacing my XR9 cards with them. Looks like xagyl is also a bit less expensive... Still though... spending $600+ on this entire setup just because you can't afford internet....

rooin

Yeah, this is just a local Residential neighborhood. I would just pay to get internet service into my mothers home, but I can't afford that in the long run. She can't afford internet with recently being forced to stop working, so this is my only shot. I was thinking 900mhz would be required. I have ...

rooin

I'm looking to complete the link shown in the image. It's planned to be a Bridged link from my home to my Mothers to provide her internet access. I'm looking for hardware suggestions that will penetrate the trees. Unfortunately I don't have the means to get over the top of them. http://www.ry-cor.co...

rooin

I've still not been able to get the Mikrotik to log to a TCP server instead of UDP.

Anyone else have any ideas?

rooin

Here is a more challenging question -

Is there a way to log to a TCP enabled Syslog server instead of UDP?

rooin

I have run into a issue of running out of Routable IP addresses on a Open WiFi network with Hotspot. Currently anyone can connect to the hotspot, but only users with valid login can access web. Random devices that connect are eating up IP spaces for valid customers. I've tried changing the DHCP serv...

rooin

The NAS is tested to perform up to 197mb/s speeds under the right configuration. But way it sounds I wouldn't get near that performance on this Mikrotik board. Which answered my question, since its processed its not a switched speed. Leaving the single GigE link faster over all on this model. Thanks...

rooin

I am looking to take this script a step further.

Could someone explain to me how I would write a script that checks for unauthorized hotspot hosts and removes them only if they have been idle for x amount of time?

Version 4.5.

Thanks in advanced.

rooin

No feed back on this?

rooin

Few questions in regards to bonding & data rate performance on the RB750G. I recently purchased the router with ideas in my head for supporting different features on my home network that I've long wanted. One being 802.3ad support for my home file server. I have a synology NAS that supports 802....

Search found 47 matches