MikroTik

plankanater

I noticed all the documentation says only 10G ethernet.. but on the stats on it says Number of 1G/2.5G/5G/10G Ethernet ports - 1. Trying to confirm it can do 2.5G

plankanater

I also would be interested in this. If there is a way to implement arp throttling that would be amazing.

plankanater

The link is just using 1500mtu normal layer 3 MTU.

plankanater

We used to set up a EoIP tunnel and set the MTU to 1500 as per the wiki. Recently tunnels have been getting around 30 to 40Mbps of TCP throughput and full UDP throughput. As soon as I hit the up carrot on the MTU setting and the tunnel goes back to 1458, I am able to get full speeds. I think this mi...

plankanater

You will want to use the mikrotik ethernet adaptors.

And yes.. had a huge argument with their support because they do not advertise that the 1G port is not useable. It is only for management. "You have to look at the block diagram".

plankanater

7.4 upnp not working.. getting moderate nat on xbox live. Rolled back to 6.46.1 and got open nat.

plankanater

Had to add an accept gre firewall rule at the very top to get tunnels to establish and use packets bigger then 1458.

plankanater

SFP+ on 4011 broken. Please pull the update. I have had two switches go offline due to this update.

plankanater

Dude is pulling SNMP from a 48 port Edge Switch. It seems to only display the last 63 interfaces (8 through 71) For some reason when it is building the list is shows interfaces 1 and start building then the higher it goes it deletes interface 1 through 7 I dont know if it is a limit of the number of...

plankanater

Ah, that makes sense.

plankanater

I have a Samsung NVMe M.2 512GB drive. Putting it into the M.2 slot on the new CCR1036 shows the drive and I am able to format it. Putting the same drive into the 1100AHx4 Dude Edition does not read the drive. I have tried both slots, with and without the factor 60g M2 Drive.

Any Ideas?

plankanater

Does anyone have a good walk through on how to get fast net Mon working?

plankanater

We are looking at that. We were just trying to figure out if NTOP can do it instead, since we already run NTOP.

plankanater

Does anyone know how to use ntop to stop a DDOS? We have ntop setup and it is working perfectly. Alerts work also, but i would like to be able to trigger a mikrotik to add the IP that has the alert to be added to the BGP - Networks tab of a mikrotik. Alerts for working https://www.ntop.org/guides/nt...

plankanater

Do we know if it can be implemented in v6 or does it need a newer kernel?

plankanater

would love BGP information sent via SNMP

plankanater

+1 from me. Any chance getting it in version 6?

plankanater

I got this to work by checking the box "BGP" under "Protocols"

plankanater

“Set in Next Hop for IPv6” route filter does not appear to be working. “Set in Nexthop” on IPv4 works but not IPv6. I am running 6.43.4 on a CCR1036-8G-2S+

plankanater

We have over 10 edge routers. We are switching to route reflectors because a full mesh is too taxing on the 1072s. Turning up more peers also wont help share the BGP routers when the OSPF routes override the BGP. For now I have "Redistribute OSPF" into bgp then filtered the crap out of the...

plankanater

I need the Edge router to prefer the OSPF because I do not want to route traffic through the reflector.

plankanater

Why not use one public AS for your edge routers (presumably doing BGP with the outside world), and a private AS for the access routers, and eBGP between them? Then you don't need route reflection. Or do the access routers need to peer with customers over the public AS? This is the same issue you de...

plankanater

I am having this issue with IPv4. Because OSPF overrides the BGP routes (making them not active) the router will not reflect the BGP routes. How do i fix this? Is it a v7 thing? I have Client to Client Reflection turned on, I have tried enabling "Redistribute other BGP" nothing seems to ma...

plankanater

Correct.. the access routers are also running bgo for customers to peer with.

I also have a total of 8 upstream peers and 3 downstream. That's why I am building the route reflectors. To improve scaling.

plankanater

I have edge routers and access routers peering with a route reflector. My access routers run OSPF to all my edge routers. The route reflector holds my public networks but the access routers hold the actual blocks. For the example of the issue i am having i will use block 200.200.200.0/24 as an examp...

plankanater

Was going to dig this up again. It would be nice if under "history actions" it showed the user name of who did the action.

plankanater

It seems to be fixed in 6.43.3

plankanater

Ok so i defaulted the switch running 6.43 and it let me enable and disable the forward invalid vlans. so it must be something in the config. interface ethernet set [ find default-name=ether1 ] name="1 - N 5.2" speed=100Mbps set [ find default-name=ether2 ] name="2 - East 5.2" spe...

plankanater

This appears to be an issue with the new firmware. Exported my config and put it on a 6.42 router and it worked and let me turn off the foward invalid. I then updated to 6.43, the box was still unchecked. After trying to recheck the box it gives me the same error. "Couldn't change Switch Settin...

plankanater

I have set up a CRS112 with vlans using the switch menu. I am trying to then turn off "Forward Invalid VLAN" so that vlan 1 will no longer work through the bridge. I uncheck the box and hit apply and it responds with "Couldn't change Switch Settings - cpu flow control not supported (6...

plankanater

The EM model is out of stock. We are running full table bgp. While I know the 2 gig is ships with is enough to load a full table, we still want to upgrade.

plankanater

We are looking at upgrading the memory on a CCR1036-8G-2S+. I have looked but to do not see anything about what memory is recommended. I noticed the 1072 comes with ECC ram, is that what is recommended? Should we use ECC ram to upgrade the 1036? Or just regular memory?

plankanater

Response from support Hello, You should enable Rx Flow Control on SFP+ ports where S+RJ10 modules are inserted to prevent packet overflow because on the host side CCR1036 and S+RJ10 establishes 10G link but the module itself can also negotiate lower link speeds as 5G, 2.5G, 1G, 100M, 10M. I will tes...

plankanater

I have a S+RJ10 in a CCR1036-8G-2S+ it is linking to a 2.5G metro link. The metro link registers 2.5G on the Ethernet port but the CCR says 10G under interface and status. Traffic is also sporadic and acts like there is a duplex mismatch.

plankanater

We run BGP with about 4 peers at each router. Has been some what stable. Issue is I can not afford the downtime to reboot every new firmware that comes out. Plus with the frequency of releases I would not have a long enough up-time for the issue to repeat itself. Every support ticket we open gets hi...

plankanater

What OSPF bugs are there? Can you post a link?

This is one I posted about a while ago. Not huge, just causes me to not be able to have the same IP at different routers. Was told would be fixed in version 7.
viewtopic.php?f=14&t=113706

plankanater

Pausing the Queue has the same effect. Looks like it hiccups all forwarding traffic for a brief moment.

plankanater

It looks like removing queues causes traffic through the router to take a hit. Tested on a different router and when removing a 300M queue, traffic went from 300M down to about 20M then back up to 350M

plankanater

So, it has been running smooth for quite a while on 6.40.4. Then today I went in and removed a simple queue that was put in place for a DDoS attack. As soon as it removed the rule I was kicked out of the winbox and all OSPF neighbors dropped and router did not renegotiate OSPF until the router was w...

plankanater

I want it to drop the private as anywhere in line.

So should it be more like this

add action=discard bgp-as-path="^_(6451[2-9]|645[2-9][0-9]|64[6-9][0-9]{2}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])_*" chain=XO_In

plankanater

So i changed the rule to add action=discard bgp-as-path="^(6451[2-9]|645[2-9][0-9]|64[6-9][0-9]{2}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])_*" chain=XO_In It is still letting the route in but just dropping the private as off of the as path 0 ADb dst-address=191.243.72.0/24 gateway=70.34.19...

plankanater

So this is the rule I have entered in. add action=discard bgp-as-path="^(6451[2-9]|645[2-9][0-9]|64[6-9][0-9]{2}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]).*" chain=XO_In But is still seems to be letting some things in, for example 0 ADb dst-address=191.243.72.0/24 gateway=207.238.201.5 gate...

plankanater

How would I write the 4-byte ASNs in regular expression?

plankanater

Is there a way in filters to block all private ASN (64512 to 65535) inbound?

plankanater

I am setting up Traffic Flow. All the walk-through's say to enable it on all ports, but will this duplicate the traffic going through the router in the forward chain?

I have tried it on all and on just the up-link ports but did not see any major difference in traffic.

Thanks.

plankanater

Mikrotik knows about the issue. I opened a support ticket and their answer is to downgrade. If that is their answer I stunned as to why they have not pulled the 2.5 firmware file.

plankanater

Setting up UPNP always fixes the strict nat settings for me.

plankanater

What router model and what ports are you using? From your video it looked like a 1072. You are not using the Ethernet port are you? If you are viewtopic.php?f=3&t=125361

plankanater

The module will work. The reason they are all telling you to plug into ether 1 is because the quickset and default configs, configure ether 1 as the WAN port. Use the SFP port as you LAN not WAN then you can use Quickset. That would be the simplest setup. You can make the SFP a WAN port but there is...

plankanater

Bring back Dude web page. And allow ability to give different users access to different network maps.

plankanater

Yeah, I know that works but I am not sure why they would leave a firmware posted with such a major bug that they are aware of. At least without posting the 2.4 firmware online with instructions to upgrade to that first.

plankanater

Can we get a fix for the password issue or can you post 2.4 back online. It has made it so I can not roll out any new switches.

plankanater

So it seems to learn the password when you change it.

Because changing the password makes you put in the old password.

But you are able to log in without a password.

plankanater

Mine looks like total lockups. I am running on 6.40.1 and it has not locked up yet. Being a core router its hard to justify rebooting cores every 2 weeks for firmware.

plankanater

Response from Mikrotik Hello, Please check the block diagram: https://i.mt.lv/routerboard/files/CCR1072-150831130622.png ether1 is connected to a PCIe controller and it was designed that way since ether1 was only intended to be used as a management port. rx-overflow counter is increasing when you ha...

plankanater

One thing I have also noticed is that Fast Path counters are counting on all ports but the Ether1 on the CCR1072

plankanater

I have 3 different CCR1072 all of them are getting RX overflow and RX control counters accumulating and all have .5% packet loss on the circuit. All the routers are moving under 300M on the ether1. No other ports in any of my other Cloud Cores or Routers have the RX overflow accumulating. Are the Et...

plankanater

Below is a photo and the terminal command "interface Ethernet print detail" Winbox says 1gig - Airfiber says 1000M moving 120Megs of traffic. We are noticing a lot of RX overflow packets. I think this is a result of the mikrotik thinking the link is 100M Any Advice? 0 R name="ether 1 ...

plankanater

It appears to have been a layer 2 issue with the fiber carrier.

plankanater

Submitted a ticket yesterday morning. I have not heard anything yet. I am trying to also do port isolation on the CRS326. I figured these would be the same as their CRS125 series.

plankanater

So i assume these only do ingress limiting? I will be returning them I guess.

plankanater

So i assume these only do ingress limiting? I will be returning them I guess.

plankanater

Every other tunnel i have I can ping 1500 bytes.. Except this one tunnel. It actually looks like it is not letting the packets fragment.

plankanater

I can ping with 1500 bytes outside of the tunnel, but inside I cannot. Even without don't fragment checked. I'm stumped on this one.. I run eoip tunnels lots of places.. I will see if I can get the circuit setup to pass jumbo frames. Maybe something layer 2 is blocking it

I am also using ipv4 not 6

plankanater

Should I open a ticket? It says the switch can "apply bandwidth limitation" but it doesn't seem to be able to do that.

plankanater

Should I open a ticket and submit .sup files?

plankanater

Is this something that I need to feature Request.

plankanater

Is there a way in the Dude to log different user actions. Someone added a network map and it states "network map added" It there a way it could say "Username added ... " or "username ... deleted device"? I already have dude logging turned on in the Logging section of th...

plankanater

Below is a capture of all 4 tunnel settings. Between A and B work but between B and C do not. I have tried between B and C with and without a defined local address. Because it is working between A and B i assume it is an issue with the settings in router C but I have rebuilt it and triple checked ev...

plankanater

I have done that. And from tunnel A to B it has fixed it, from tunnel B to C I am still unable to get the 1500

plankanater

I have a router in the middle with 2 EoIP tunnels running to two different sites. Lets say Site A,B,and C. Both A and C have a tunnel back to B. I have set up the config for the EoIP tunnel the same on all router with the exception of the tunnel ID and IP addresses. When pinging from A to B I can pi...

plankanater

We have begun using Oxidize. It pulls the backups, its free, and gives us revisions.

It would be a really nice feature that if a device was added to the dude it automatically pulls a backup.

plankanater

Any idea when Bandwidth limitation will be added for the egress? I have about 10 of these switches I want to use but need to be able to have bandwidth control.

plankanater

I see ingress rate limiting but where can I find Egress Rate Limiting?

plankanater

This is on a mikrotik router that is using the routerOS to graph an interface. It is an actual physical interface.

plankanater

When a connection is lost to a device we get these massive traffic spikes in any links from that device, that go ridiculously high.It makes the graphs all distorted. Is there a way to avoid this.

Inkedchart.png

plankanater

What hardware are you using?

plankanater

It is actually locking up both BGP and OSPF. Almost like it is dropping all forwarding.

plankanater

So we moved to an x86 the a Samsung solid state drive and have not had any issues.

I believe i have a little egg on my face because it seems to have been the drive speeds.

plankanater

Thanks for the replies, mikrotik didnt notify me about your posts. The network is set up as a triangle, with each router having 10 gig to the other two routers. With this we run OSPF. Then we BGP peer between the loop-backs and put on multihop. That way it can failover if a link were to go offline. ...

plankanater

I have 3 CCR1072-1G-8S+ located in 3 different cores all running BGP to providers and running BGP between them. Over the last month all 3 have locked up at different intervals. Traffic passes through the router but all BGP stops working. They require manually logging in and rebooting them. Was runni...

plankanater

My bgp is working correctly it works perfect. My issue is that if Core 1, 2, and 3, are all online but I loose connection to core 3 from my other two cores. Core 3 continues to announcing its /20 network out to the internet, this it the same /20 that the other cores announce, so inbound traffic hits...

plankanater

I have 3 cores built in a triangle. They all iBGP with each other. I have a /20 that we announce out the cores to our up stream carriers. Pretty standard. My issues arises that if I loose connectivity to a core or if it locks up and needs rebooted, my /20 is still being announced out the carriers on...

plankanater

Is there also a way to assign passwords and NTP etc. config to an adopted CAP?

plankanater

I have a map2nd. I hold the button boot into CAP mode and adopt through caps man. Everything works awesome. Only problem is when I reboot the mAP it reverts back to router mode. If i log in into the mAP and click ok, it saves its config. Is there a way it can hold its config without having to log in...

plankanater

I tried rolling back to 6.38 and 6.36 and it is still doing it.

plankanater

I have tried a vertical machine, an x86 with two separate hard drives, a 3011 with a usb 3.0 flash drive, and a cloud core with an external hard drive.

All receive the error.

What do I need to do to get this working? I cant imaging it has all been the hard drives.

plankanater

The disk is writable.

plankanater

I am having the same issue on a CHR. I has drives that should easily be able to write to the database. Running 6.39.1. It starts compounding. it started complaining about not being able to write about 20 megs. Now it is complaining about 131 megs it can not write. Any disk should be able to handle a...

plankanater

Accidentally posted twice. Could not delete.

plankanater

Has anyone figured out the best route to go for this?

Did you install a client on windows? Or did you install like an ASA to handle the vpn?

plankanater

This is also occurring with RB250GS running Dude 6.38.3

plankanater

I upgraded my Dude from Version 4.3 to 6.38.3. SNMP to an edge switch worked in 4.3 but not in 6.38.3 If I do tools then SNMP walk, it shows a bunch of data like it is working properly but I can not pull the interfaces and nothing comes up under the device then SNMP. Same thing happens with a 250GS....

plankanater

I have had other issues where changing routes or changing from a /30 to /29 or vise versa, the mirotik will not update the routes until rebooted or routes are removed and added again. I understand consolidating routes is not a massive issue but the way we are trying to null routes across multiple ro...

plankanater

Response from Mikrotik is that is is a known problem.

plankanater

I have reproduced this in the lab. I took two 750r2 and ran a basic setup. The same thing is happening. I have the following config on router 1 /ip route add distance=1 dst-address=192.168.252.0/24 gateway=192.168.1.25 add distance=1 dst-address=192.168.252.0/30 gateway=192.168.1.25 add distance=1 d...

plankanater

Just a side note. I have done the same test using ubiquiti edge routers and the the ospf works properly. The routers rebroadcast both the .0/30 and the .0/22 and even a .0/24 where the mikrotik seems to consolidate them.

plankanater

So I have noticed something when it comes to OSPF broadcasting routes. When the router has a larger block it stops broadcasting out smaller blocks on the same IP address. For example, The router has 192.168.252.0/24 pointing to 192.168.1.25 which is reachable via ether1 If I then add a 192.168.252.0...

plankanater

Is the new dude able to pull backups or export the configs from mikrotiks that it can log into?

plankanater

A seperate bridge per vlan can get a little messy if you are running a lot of vlans.

plankanater

I have a weird issue that occurs when I pull vlans off a bridge. For example, if I have Ports 1 & 2 & 3 on bridge 1, because I want them to be trunk ports. I then take vlan 6 and pull it off the bridge, then bridge vlan6 with port 5 with brigdevlan6 I get a weird traffic flood. Any traffic t...

plankanater

I have an issue where OSPF randomly started bouncing on a fiber link. It has been up and running for over 2 years when all of a sudden we started getting Hello timer mismatches. I triple checked the settings and logs and nothing had changed. To fix this problem I added encryption to the link turned ...

plankanater

Serial ports work. But I have had issues with the techs onsite not having serial cables. I have only ran into a situation where it would have been helpful once or twice. But when I did need it, it would have saved me about an hour each time.

Thanks,
Mike

plankanater

Ran into an issue where having an undo button on the LED screen would have saved me a lot of time.

Just a thought.

plankanater

These rules seem to let DHCP back feed up port one to any other switches I have in port 1. Is there a way to block dhcp out on port one but let it in port one?

plankanater

All, The Cloud Router Switch is very nice. Being able to do mac based vlans or protocol vlans is an awesome feature that requires a certain level of complexity. However, the vlan implementation when trying to do simple tagging and untagging or trunk ports is, well, just the worst. Even with examples...

plankanater

Is there a way to block customer facing DHCP? For example - I want to have DHCP originating from the router on port 24 being handed out to the other ports. If someone plugs in a router wrong, I do not want it back feeding into the switches. I am using a cloud router switch with all the ports slaves ...

plankanater

We use the dude. I love it. But I do not know of a way to have it automate backups. That is what I am most concerned about.

plankanater

Is there a software, something like aircontrol 2 from unifi that will connect to mikrotik routers, show status, cpu maybe, pull backups and such?

It is really nice having an automated system just running.

plankanater

Seems to be an issue with 750up. I have upgraded two of them to 6.31 they take the upgrade but as soon as i log into them they lock up and go offline. I power cycle them and they pass traffic, then as soon as I log into them it locks up again. By lock up I mean no ping, no mac ping, no passing traf...

plankanater

Seems to be an issue with 750up. I have upgraded two of them to 6.31 they take the upgrade but as soon as i log into them they lock up and go offline. I power cycle them and they pass traffic, then as soon as I log into them it locks up again. By lock up I mean no ping, no mac ping, no passing traff...

plankanater

I have a basic switch running. It has no vlans and nothing special in the config. All i did was put an IP address on it. The switch seems to lock up when the xbox one goes into sleep mode. During sleep mode, the port switches between 10full and 10half. Then when the xbox turns on it returns to 100fu...

plankanater

It appears that somewhere around RC10 that SwitchOS devices are no longer able to be discovered. They still can be scene with the discovery tool on 2.2.18 but not with 3.0 rc12. The first time I noticed this was with RC10.

plankanater

When doing established and related do not put an interface, do all established and related.

If you accept all new connections then you will allow all connections.

The rules posted above should work

plankanater

You would have to write a rule accepting all new traffic from vlan 10, and another rule allowing all established, and all related traffic. Then below that put a rule that drops all new traffic in interface vlan 20 and out interface vlan 10.

plankanater

Hi,

You can assign a /30 network on the the Lan sides of each router. For example router one will have 10.0.0.1/30, router two 10.0.0.2/30. Assign the IP address to the LAN interfaces (the bridge that contains the EOIP tunnel). Then simply ping the other router on the 10.0.0.x if it pings, it works.

plankanater

The best way to get around strict Nat on a Xbox is to enable upnp. It is under the IP list. Once you enable it you will have to enter in the Outside and inside interfaces. We run hot-spots with hundreds of Xboxes behind a single router. Programming static Nat rules would be a nightmare. Upnp is the ...

plankanater

But doesn't the xbox360 support upnp ??
Just configure upnp to open up the 'natted' network.

Yes, Turn on UPNP and wave strict nat warnings bye bye.

Note. UPNP will not help if you are double nated and upstream router is not open.

plankanater

I was looking through an old router 6.9 and noticed that under IP firewall and there is a "Dynamic" check box. I assume this is for putting in a dns name and then checking to see if it changes. For example facebook.com then it would update. However this has been removed in any other versio...

plankanater

Sorry,

It is running 6.24 and is firmware 3.21

plankanater

I have a CCR1009-8G-1S-1S+ that looses link on ports 1-4 at the same time, we have swapped out the router and the second one does it as well. As you can see below it appears to be something with the switchchip causing the ports to flap. jan/12 09:27:01 interface,info 1 - Uplink link down jan/12 09:2...

plankanater

Still loosing interfaces in /Interface Bridge Filters. It will take the interface in the rule then after about 3 seconds after hitting apply it will minimize the interface field on the general page. If I reopen the field it is still, but re-minimizes as soon as OK, or Apply is hit. So the ability to...

plankanater

Bug on this new interface.
Bridge filters with in/out interface simply "disappear" from winbox but still appears on console.

+1

plankanater

I have noticed on certain models of router loose their Overall - RX - and - TX are just blank on the Ethernet interfaces. RB433AH, RB493AH, and RB493 are all ones I am seeing as loosing these stats. They are still gone in 6.9

plankanater

Are you plugging into port 5? A defaulted router is only accessible through port 5.

plankanater

I posted this on Beginner Basics then didn't get a response and realized it might be too advanced. I have a mikrotik with a config that takes 2 vlans off of a bridge and untags them onto a port using another bridge. My config is outlined below. I do rate-limiting by packet marking the ports of the b...

plankanater

Any help anyone?

plankanater

Did you put the hairpin rule in before the router was live and programmed? It is my guess that it has to be done at the very begging before having the router live. I fixed the issue by going back to 5.25. So I dont know what is going on with it.

plankanater

My firewall rules are actually empty. The only reason I tell it to use firewall rules is because thats the only way I can get the queue tree to notice the packet marks.

plankanater

I have a mikrotik with a config that takes 2 vlans off of a bridge and untags them onto a port using another bridge. My config is outlined below. I do rate-limiting by packet marking the ports of the bridges. My issue is if I check the "use ip firewall" in the bridge setting the router qui...

plankanater

I have that rule in the router and it is set at as rule 0, i have also tried setting it as the last src nat in the list and rebooted each time. I turned on logging of traffic and I dont see the servers even hitting the router. I rolled back to 5.26 and everything started working again. Not sure what...

plankanater

Found this topic and moved over to there.

http://forum.mikrotik.com/viewtopic.php ... 41#p386641

plankanater

Same issue. I have a public ip subnet lets say 8.8.8.1-8.8.8.20 these are assigned to a mikrotik. The mikrotik then has a private ip range of 192.168.1.xx. The publics are dstnat to the privates with the same ending number. So. 8.8.8.1 is nated to 192.168.1.1 and so forth we also have a srcnat for 1...

plankanater

I did a srcnat with src address 192.168.1.0/24 to dst address 192.168.1.0/24 and masquerade and it still does not seem to be working. I tried putting it at the top of the list and it still doesn't work.

plankanater

I have a public ip subnet lets say 8.8.8.1-8.8.8.20 these are assigned to a mikrotik. The mikrotik then has a private ip range of 192.168.1.xx. The publics are dstnat to the privates with the same ending number. So. 8.8.8.1 is nated to 192.168.1.1 and so forth we also have a srcnat for 192.168.1.1 t...

plankanater

@plankanater
Disable 'policy' permission for this user.

HTH,

Worked! Awesome, thanks.

plankanater

I have found a major security glitch in the webfig. Basically I have user with read - write access but I only allow them to have access into the IP - Hotspot tabs and the tools, nothing else. I want them to be able to log users off and kick macs out of the host list. I do not allow them winbox or ac...

plankanater

Thanks! That is good to know.

plankanater

Found an issue in 6.0 on a CCR where we had a SrcNat below a masquerade rule. It wasn't getting hits which is because it was below. I moved it up for the customer into position 0 and it still was not getting hits. Actually required a reboot of the router to take effect. Just a small bug but caused u...

plankanater

Where can I find the RouterBoard Firmware change log. The wiki one appears to no longer be to date.

plankanater

source nat appears to have quit working after upgrading to RC12. the following rule quit working. action=src-nat chain=srcnat src-address=10.22.91.192 to-addresses=\ ###.###.###.### <---Public IP The rule above does not get any hits and it is placed at 0. However action=log chain=srcnat out-interfac...

plankanater

I upgraded to version 6.0 RC11 and I am still having the issues.

plankanater

I am having the same problem. I am trying to do queues on ip address on the bridge. I need "use ip firewall" to be checked in-order to see the address. As soon as I turn it on random traffic starts to drop, some pings drop, other vlan traffic drops, its just random. I added rules in the fi...

plankanater

Normis,
did you have more details about
- improved performance for eoip, especially on multi core, especialli in 1100AHx2 ?

thanks

Rodolfo

Can anyone shine some light on this? Is it a significant increase? What limits/improvements should we see on lower end routers like two 450G's?

plankanater

Yeah I agree and it is a shame. I'm starting to look for a replacement but nothing is as polished as the dude.

plankanater

Upgrading to 6.0 made it work!

plankanater

I am currently using a switch but i wanted to use a mikrotik for diagnostic and speed-test purposes.

plankanater

I have two ports on a mikrotik port 1 has vlan 1 vlan 2 and vlan 3 coming into it. Vlan 1 is management vlan 2 needs to be untagged on port 2 vlan 3 needs to pass through port 2 I have vlan 2 on interface1 then bridged with port 2 and that works great The problem is I can not figure out how to also ...

plankanater

Any luck anybody?

plankanater

I am trying to set up a router with two point to point connections. They are hand offs running vlans. P2P A uses VLAN 1X P2P B uses native VLAN Both connections pass through VLAN 3X Basicly what i am trying to do is have ports 6-9 go out port 10 over P2P B have ports 2-4 untag VLAN 1X go out port 1 ...

plankanater

Turning on packet sniffer does get them to stop accumulating.
Basically with 6.0 there is an improvement on the mikrotik seeing the unknown packets?

plankanater

I am also getting rx drops on vlans that i was not getting with version 5.22

Does version 6 just do a better job of showing rx drops or is something really wrong?

plankanater

Still getting drops on RC4 firmware on both a 750G and a 750UP.

plankanater

Still getting rxdrops on 750 routers bridges. Showing 13000 drops in just 10 min. Was not getting the drops when i was on 5.22.

plankanater

Woow... Normis. You answer like a auto-answer. :D I mean that I want RouterOS (Maybe only routerboards) detects layer2 network loop. Now RouterOS doesn`t alert or do action when loop occurs. It just tries to process all packets and CPU increases to 100%. Did you ever find a solution to this problem?

plankanater

Upgraded to V.6RC2 on my RB750G and I am now getting Rx drops on my LAN Bridge. Downgraded to 5.21 and they stopped. Just letting you guys know.

plankanater

Have firewall rules to block facebook. I have the following config /ip firewall connection tracking set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \ tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout=\ 10s tcp-last-ack-timeout=10s tcp-syn-received-...

plankanater

Has there been any improvement on this? we are seeing the same issue using RB450G's at two locations connecting over EOIP to a RB493AH. All the addresses for all the sites are held on the 493. Pinging the external interface (not over EOIP) we get 3-5ms but going over eoip we get 30-60ms.

plankanater

Does anyone know a way to do a direct replication of the dude to a second server held offsite, I want to have the dude automatically replicate its self to another computer.

plankanater

Thanks for the response,

I do not believe that is the problem because the addresses assigned to location B are in the middle of the sub-net at 160 but i can ping things on either side of that IP at location A. so i can ping .254 as well as .5.

I am at a loss of ideas.

plankanater

Weird problem here. I am using EoIP to connect two locations together and that connection is working fine. I can ping poing A from point B and point b from point a. I have people that pptp into point A and they can reach everything at point A but it can not reach anything at point B. It wont even pi...

plankanater

I installed the dude client on 3 different 400 series routerboards. rb450G, rb493 and rb493AH. In my main dude server I added each as a Agent and they do not connect. If I remove the password then the server connects to the agent with out a problem, but as soon as i add a password it does not connec...

plankanater

roughly 100Mbps with fiber like packet throughput.

plankanater

I do dns relay through the router which those rules seem to stop

Turning off relay and pushing public dns through fixes this problem

Also i would like for the individual subnets to be able to ping their individual gateway for trouble shooting purposes.

plankanater

Working great! Thank you. This config restricts connections between ip on the individual LANs is there another rule I can add that would keep one subnet from reaching the other subnets gateway ie. computer 1 = 192.168.1.4 computer 2 = 192.168.2.4 How I have it now computer 1 can not talk to computer...

plankanater

Config Basically I am making one router 130 separate routers. So on the router will be configured with 130 different /24 subnets (192.168.0.0/24 - 192.168.130.0/24) Router will be the gate way for each subnet (192.168.0.1/24 -192.168.130.1/24) dhcp servers for each subnet pushing out about 20 addres...

plankanater

add action=reject chain=forward comment="Drop traffic between LAN interfaces/subnets" disabled=no \ dst-address-list=PrivateSubnets in-interface=!WAN reject-with=icmp-admin-prohibited PrivateSubnets list has all of your LAN subnets. How would I set up the nat in order to add that to the d...

plankanater

Basically I want each subnet to be able to get to the internet and to anything else on their /24 subnet, but not talk to any other /24 subnet.

plankanater

This completely dropped all traffic to the gateway including DNS and DHCP basically making it unusable.

I have also tried disabling arp on interfaces but this also stops all pings in and out

plankanater

Added firewall rule chain=forward Src Address 192.168.1.0/24 Dst Address (everything but checked) 192.168.1.0/24 Action Drop It drops packets to items on the different subnets but not to the subnets gateway (router). To drop those I put in the same rule just Chain=input. This has limited it to 2 rul...

plankanater

Doing that drops all connections completely. It keeps those subnets from reaching the internet.

plankanater

RB800 I am going to put 130 different subnets on vlans than push the subnets and dhcp through switches. 192.168.1.1 - 192.168.131.1 I do not want any of the subnets to talk to each other. Is there a way to do this with out making firewall rules for each subnet? I feel like 300+ firewall rules may bo...

Search found 172 matches