Community discussions

MikroTik App

Search found 348 matches

  • 1
  • 2
by alex_rhys-hurn
Tue Dec 12, 2023 3:43 pm
Forum: Forwarding Protocols
Topic: ROS 7.12.1 BGP Peer not initiaing connects or responding to connections
Replies: 1
Views: 1317

ROS 7.12.1 BGP Peer not initiaing connects or responding to connections

Hi, Before I open a ticket with Mikrotik can anybody see if I have done something wrong in below config? PROBLEM The TeamCYMRU_V4 Peer does not initiate connections neither does it respond to the connections coming in from TeamCYMRU. Peer never comes up. The other two peers to my upstreams are worki...
by alex_rhys-hurn
Fri Dec 01, 2023 3:27 pm
Forum: Forwarding Protocols
Topic: IXP only traffic
Replies: 7
Views: 1869

Re: IXP only traffic

Your post about communities was very illuminating for me, but reading the myManga post further, he is trying to handle a failover scenario as well. The reality is that if your IXP goes down (I know what happened to the DC you use the other night BTW) then the routes you send to your customers will n...
by alex_rhys-hurn
Sat Nov 11, 2023 12:55 pm
Forum: Forwarding Protocols
Topic: Need Help with v7 ROS BGP multihome failover
Replies: 3
Views: 1568

Re: Need Help with v7 ROS BGP multihome failover

Hi, Assuming you are doing two bgp feeds on a single router, you may use WEIGHT attribute. On your incoming filter for your primary feed set BGP WEIGHT to something like 10, as long as this is higher than the other feed it will be marked as primary Then on the outgoing filter of your secondary prepe...
by alex_rhys-hurn
Sat Nov 11, 2023 12:51 pm
Forum: Forwarding Protocols
Topic: IS-IS
Replies: 134
Views: 52489

Re: IS-IS

This page was updated along with 7.12 release:
IS-IS Screenshot 2023-11-11 134903.png
by alex_rhys-hurn
Sat Nov 11, 2023 12:45 pm
Forum: Forwarding Protocols
Topic: BGP on V7 using a Vultr Instance
Replies: 1
Views: 1356

Re: BGP on V7 using a Vultr Instance

Does your BGP config use any Multihop peers? I am asking because I am having trouble with BGP Multihop in v 7.11.2

Otherwise we would need more info from you to be able to help.

Alex
by alex_rhys-hurn
Sat Nov 11, 2023 12:43 pm
Forum: Forwarding Protocols
Topic: BGP Dual WAN setup with remote and local site ROS7
Replies: 1
Views: 1303

Re: BGP Dual WAN setup with remote and local site ROS7

Hi,

We will need more information. There are many ways to make failover.

Pls make a small drawing of your network, and share the configs.

Do you have a dedicated link between the data centre and the main site? If you do you could run IBGP over that.

Alex
by alex_rhys-hurn
Fri Nov 10, 2023 12:02 pm
Forum: Forwarding Protocols
Topic: ROS 7.11.2 BGP Team CYMRU multihop wont connect
Replies: 0
Views: 2131

ROS 7.11.2 BGP Team CYMRU multihop wont connect

Hi, I am trying to peer with Team CYMRU Full bogons list using BGP Multihop from my loopback address, using CHR with ROS 7.11.2 I can see connections from TeamCYMRU in firewall attempting to connect to me. There is no session listed in BGP sessions table for this peer. All other peers which are not ...
by alex_rhys-hurn
Sun Nov 05, 2023 6:18 pm
Forum: Forwarding Protocols
Topic: RPKI & BGP: Is it computationally expensive to set comments on BGP routes?
Replies: 4
Views: 1417

Re: RPKI & BGP: Is it computationally expensive to set comments on BGP routes?

Yes, it's obviously computationally expensive. Who the hell else even does this?
Abrasive much?

Not everybody has the complete and advanced knowledge and skills that you so obviously have.

I was taught that the only stupid question was the one I didn't ask, but I am obviously wrong there.
by alex_rhys-hurn
Sun Nov 05, 2023 6:13 pm
Forum: Forwarding Protocols
Topic: RPKI & BGP: Is it computationally expensive to set comments on BGP routes?
Replies: 4
Views: 1417

Re: RPKI & BGP: Is it computationally expensive to set comments on BGP routes?

Hi Irrwitzer, I didn't know that was possible, is why I wasn't doing that. Thank you so much for pointing me in the right direction. All the best, Alex Hi, why don't you just use the existing flags in Router OS to filter those prefixes? /routing/route/print where rpki=valid /routing/route/print wher...
by alex_rhys-hurn
Sat Nov 04, 2023 10:14 pm
Forum: Forwarding Protocols
Topic: RPKI & BGP: Is it computationally expensive to set comments on BGP routes?
Replies: 4
Views: 1417

RPKI & BGP: Is it computationally expensive to set comments on BGP routes?

Hi all, I have two full bgp feeds and have been deploying rpki. I have things working. In an attempt to really see the effects of my RPKI work in the routing table I have set comments on the routes received in the filters as below: 16 chain=RPKI rule="rpki-verify RPKI" 17 chain=RPKI rule=&...
by alex_rhys-hurn
Mon Oct 30, 2023 2:33 pm
Forum: Forwarding Protocols
Topic: BGP: Whats the difference between these two commands?
Replies: 8
Views: 1781

Re: BGP: Whats the difference between these two commands?

The plot thickens, from a point of view on what to put in the Looking Glass command. If you put a specific single ip address for the first command then it makes sense. So my take is the second one should be used when looking for routes inside a prefix, and the first when looking for paths for a spec...
by alex_rhys-hurn
Mon Oct 30, 2023 1:26 pm
Forum: Forwarding Protocols
Topic: BGP: Whats the difference between these two commands?
Replies: 8
Views: 1781

Re: BGP: Whats the difference between these two commands?

Thank you.

I have been using the second one all along. Came across the first one as its how https://github.com/gmazoyer/looking-glass/tree/main does it.

The first one is showing disabled routes as well, which makes no sense.

I will carry on with the second.

Best,
by alex_rhys-hurn
Mon Oct 30, 2023 9:20 am
Forum: Forwarding Protocols
Topic: IS-IS
Replies: 134
Views: 52489

Re: IS-IS

Also see: ip/route/print where .dead bgp comment distance gateway is-is pref-src static vrf-interface .id bgp-mpls-vpn connect dst-address hw-offloaded local-address rip suppress-hw-offload .nextid blackhole dhcp dynamic immediate-gw modem routing-table target-scope active check-gateway disabled ecm...
by alex_rhys-hurn
Mon Oct 30, 2023 9:17 am
Forum: Forwarding Protocols
Topic: ROS 7.11.2 CHR BGP not Multithreaded and V. Slow
Replies: 16
Views: 3054

Re: ROS 7.11.2 CHR BGP not Multithreaded and V. Slow

Before this thread got hijacked and taken off topic, I did learn some things about managing the processes. It seems to me that the various processes are all camping on 1 CPU rather than spreading over whatever CPUs are in the system. Many thanks to @chechito for pointing me towards Affinity, and the...
by alex_rhys-hurn
Mon Oct 30, 2023 8:30 am
Forum: Forwarding Protocols
Topic: BGP: Whats the difference between these two commands?
Replies: 8
Views: 1781

BGP: Whats the difference between these two commands?

Hi, I execute a couple of commands: ip route print where "160.119.216.0/22" in dst-address yields: Flags: D - DYNAMIC; I - INACTIVE, A - ACTIVE; b - BGP, d - DHCP Columns: DST-ADDRESS, GATEWAY, DISTANCE DST-ADDRESS GATEWAY DISTANCE DIb 0.0.0.0/0 105.27.96.1 20 DIb 0.0.0.0/0 41.209.53.49 20...
by alex_rhys-hurn
Fri Oct 13, 2023 10:42 pm
Forum: Forwarding Protocols
Topic: ROS 7.11.2 CHR BGP not Multithreaded and V. Slow
Replies: 16
Views: 3054

ROS 7.11.2 CHR BGP not Multithreaded and V. Slow

Hi, I have CHR running on ESXI with 4 x CPU and 4gb RAM. Single BGP Full table form 1 ISP. This router is VERY VERY slow to perform any sort of route recalculation, and only One CPU shows any real load. I was under the impression that BGP is multithreded in v7. Screen shot showsthe CPU load after I ...
by alex_rhys-hurn
Fri Sep 01, 2023 5:06 pm
Forum: The Dude
Topic: [SOLVED] modern Dude maps icons / symbols
Replies: 0
Views: 3192

[SOLVED] modern Dude maps icons / symbols

Hi, I find that the Affinity Symbol Set by ecceman on Github to be a useful and attractive set of symbols and icons for Dude maps. These are free 2D Symbol sets for computer network diagrams. You can use them in Viso / Draw.io and GNS3 too. Get them here. I am not affiliated with ecceman but enjoyed...
by alex_rhys-hurn
Tue May 23, 2023 3:37 pm
Forum: Scripting
Topic: Script to change second octect of IP Address in Address List
Replies: 5
Views: 1982

Re: Script to change second octect of IP Address in Address List

Hi, Thanks for the feedback, and guidance to look for importing from lists and a concept to how to manage them. Apart from changing: :local addresses {"1.1.1.1"="some_comment"; "2.2.2.2"="a_different_comment"} to :local addresses {"10.x.y.z/32"="...
by alex_rhys-hurn
Tue May 23, 2023 1:19 pm
Forum: Scripting
Topic: Script to change second octect of IP Address in Address List
Replies: 5
Views: 1982

Re: Script to change second octect of IP Address in Address List

Hi, many thanks for reply, and apologies for lack of clarity. That script was kindly written by the Unimus team, and is a mikrotik script that will either when run within Mikrotik or in this case when executed by unimus will create the address list rtr-admins and apply the ip addresses and comments ...
by alex_rhys-hurn
Tue May 23, 2023 11:53 am
Forum: Scripting
Topic: Script to change second octect of IP Address in Address List
Replies: 5
Views: 1982

Script to change second octect of IP Address in Address List

Hi everyone, I am not very good at scripting, but am clear what I want. I hope somebody can help, or point me in a better direction. I am using unimus to manage mikrotik devices. I have mikrotiks at 4 different sites: Site1 10.1.x.y Site2 10.2.x.y Site3: 10.3.x.y Site4 10.11.x.y What I would like is...
by alex_rhys-hurn
Tue Aug 11, 2020 9:44 pm
Forum: RouterOS beta
Topic: Memory Requirements
Replies: 6
Views: 3984

Re: Memory Requirements

I just upgraded a hEX (16mb disk and 256mb ram) to v 7.1beta1 by changing the check for updates button and switching channel to development.

No problems (at least with the upgrade).
by alex_rhys-hurn
Tue Aug 11, 2020 9:31 pm
Forum: RouterOS beta
Topic: 100% CPU on hEX with 7.1beta1 and no config
Replies: 1
Views: 1596

Re: 100% CPU on hEX with 7.1beta1 and no config

EDIT: There is more to this: "Uptime is now 4 hours and the cpu is still pegged at 100% by unclassified services." Actually it seems like /tool profile is lying, or maybe /system resource monitor is lying. Below screen shot shows Tools Profile showing 100% use but /sys resoure monitor show...
by alex_rhys-hurn
Tue Aug 11, 2020 5:31 pm
Forum: RouterOS beta
Topic: 100% CPU on hEX with 7.1beta1 and no config
Replies: 1
Views: 1596

100% CPU on hEX with 7.1beta1 and no config

Hi All, Just an FYI here (and I have sent supout to support@mikrotik). EDIT to Comply with reporting bugs rules: Previous verison: 6.47.1 How to reproduce: Click tools profile, select all and then press start. Reproducibility: Always Extra info: /export and screenshots below. This is a hEX with defc...
by alex_rhys-hurn
Sun Jun 14, 2020 4:15 pm
Forum: Announcements
Topic: v6.47 [stable] is released!
Replies: 348
Views: 171961

Re: v6.47 [stable] is released!

To clarify, things that will trigger this include: enable/disable a bgp peer. Refresh a peer, resend routes, adjust a route filter, or make a new route filter, or drag and drop a route filter. Simply clicking enable on an already enabled route filter will do it too. Also a large number of route cha...
by alex_rhys-hurn
Wed Jun 10, 2020 4:23 pm
Forum: Forwarding Protocols
Topic: [SOLVED] BGP Route Filters match-chain not working
Replies: 5
Views: 2810

[SOLVED] Re: BGP Route Filters match-chain not working

Dear Both,

Thank you for clarifying. My problems are now solved and my filters are working as I wanted.

All the best,

Alex
by alex_rhys-hurn
Tue Jun 09, 2020 7:21 pm
Forum: Forwarding Protocols
Topic: [SOLVED] BGP Route Filters match-chain not working
Replies: 5
Views: 2810

Re: BGP Route Filters match-chain not working

@alex it does not work that way. match-chain is the name of the chain which is used to evaluate the route. If the chain accepts the route, 'match-chain' property produces a true match Hi, Thanks so much for spotting my mistake. I dont follow you though, and cant see where I have gone wrong. You say...
by alex_rhys-hurn
Sun Jun 07, 2020 12:31 pm
Forum: Announcements
Topic: v6.47 [stable] is released!
Replies: 348
Views: 171961

Re: v6.47 [stable] is released!

I don't experience this problem, but it can be helpful to know that winbox connections immediately fail when there is no valid route for the traffic. I.e. unlike the classical recommendation for TCP where an "unreachable" condition during the connection setup would be handled quickly but ...
by alex_rhys-hurn
Sat Jun 06, 2020 12:13 pm
Forum: Announcements
Topic: v6.47 [stable] is released!
Replies: 348
Views: 171961

Re: v6.47 [stable] is released!

Hi all, As I prepare the supout files and open a support ticket, I want to update you on my experience. EDIT: Supout.rif submitted by mail. I upgraded to 6.47 on a CHR which acts as a test BGP router, it collects routes and we test filters with it. The experience was not good. everything works norma...
by alex_rhys-hurn
Sat Jun 06, 2020 10:41 am
Forum: Forwarding Protocols
Topic: [SOLVED] BGP Route Filters match-chain not working
Replies: 5
Views: 2810

[SOLVED] BGP Route Filters match-chain not working

Hi Everyone, I have just connected to an internet exchange point, and am building my routing filters. In order to make it manageable I want to use includes instead of jumps, so I am trying out the match-chain feature of routing filters, but I cannot make it work, why? Here is what the filter looks l...
by alex_rhys-hurn
Sun Jun 16, 2019 8:32 pm
Forum: Virtualization
Topic: The CPU has been disabled by the guest operating system
Replies: 32
Views: 16502

Re: The CPU has been disabled by the guest operating system

Hi, I recommend taking a look at your vswitch and physical switch architecture. Be clear about your trunks and any spanning tree issues. Try out the options with promiscuous mode on the vswitches, and esp on the physcial host interfaces. Make sure to use VMXNET3 interfaces and drivers. Understand cl...
by alex_rhys-hurn
Sun Jun 16, 2019 7:42 pm
Forum: General
Topic: Measure aggregate ipv4 vs ipv6 volume through router
Replies: 2
Views: 1237

Measure aggregate ipv4 vs ipv6 volume through router

Hi Everyone, I would like to measure and graph the volume of ipv4 and ipv6 traffic through the router. I would even like a command something like: /interface monitor-traffic aggregate type=ipv6 and /interface monitor-traffic aggregate type=ipv4 Can anybody give me some hints to achieve this? All the...
by alex_rhys-hurn
Sun May 19, 2019 11:57 am
Forum: SwOS
Topic: SWOS or ROUTEROS: Confused
Replies: 3
Views: 21644

SWOS or ROUTEROS: Confused

Hi, For the CRS317 I am confused. SHould I run SWOS or ROUTEROS? My application is a strictly switching application, no L3 stuff needed except for management. I ask because it seems that even in RouterOS the CRS317 can still deliver HW based features at full speed. Your advice much appreciated. Alex
by alex_rhys-hurn
Sun May 19, 2019 11:54 am
Forum: RouterBOARD hardware
Topic: Feature Request: CRS317
Replies: 1
Views: 1127

Feature Request: CRS317

Hello,

According to the attached Marvell Prestera datasheet the chipset can support VXLAN.
marvell-switching-prestera-98dx83xx-product-brief-2016-12.pdf
Please can you add VXLAN support to CRS317

Thanks,

Alex

PS This has been submitted to support@mikrotik.com
by alex_rhys-hurn
Sun May 19, 2019 11:48 am
Forum: RouterBOARD hardware
Topic: Switch specifications for CRS range.
Replies: 0
Views: 890

Switch specifications for CRS range.

Hi All, I find the way that Mikrotik describes its switching products on the website geared to routers and not switches. E.g. this URL: https://mikrotik.com/product/crs317_1g_16s_rm Compare this to the switch data sheets from other vendors: Cisco 2960: https://www.cisco.com/c/en/us/products/collater...
by alex_rhys-hurn
Sun May 19, 2019 11:31 am
Forum: RouterBOARD hardware
Topic: Airflow CRS317-1G-16S+RM
Replies: 2
Views: 1943

Airflow CRS317-1G-16S+RM

Hello, I refer to CRS317-1G-16S+RM for use as top of rack switching and ISCSI switching in the data centre. My Colo provider REQUIRES as MANDATORY Front to back airflow. This means that fans should pull the air from the front of the rack and push it oput of the back to maintain proper hot / cold ais...
by alex_rhys-hurn
Wed Aug 22, 2018 11:18 pm
Forum: Forwarding Protocols
Topic: [SOLVED] IBGP over OSPF Single POP ISP Problems
Replies: 2
Views: 1974

Re: [SOLVED] IBGP over OSPF Single POP ISP Problems

Hi, I have solved my issues. This post: https://forum.mikrotik.com/viewtopic.php?t=97491 sorted it out. Few things: 1: I had routing loops due to default route problems in ibgp, moving default routing to ospf sorted it. 2: Then I ran in to the issue where Mikrotik will not bring the default route fr...
by alex_rhys-hurn
Tue Aug 21, 2018 11:55 am
Forum: Forwarding Protocols
Topic: [SOLVED] IBGP over OSPF Single POP ISP Problems
Replies: 2
Views: 1974

[SOLVED] IBGP over OSPF Single POP ISP Problems

Hi Guys, I am having trouble, and hope you guys can help. Thanks in advance. I am building a network following a design for a POP which I saw at a peering meeting recently (I am sure you are familliar with it). We are a single POP now, but will add more as we go. POP-Topology.png All devices are mik...
by alex_rhys-hurn
Mon Aug 13, 2018 9:50 pm
Forum: Forwarding Protocols
Topic: eBGP and iBGP config with OSPF for internal [SOLVED]
Replies: 9
Views: 6895

Re: eBGP and iBGP config with OSPF for internal [SOLVED]

"You need to set the update-source to be the IP of the loopback interface on the iBGP peers."

Yup. Its 4 years, on and the advice is as good as ever!

This one saved me.

Karma
by alex_rhys-hurn
Fri Jun 29, 2018 5:39 pm
Forum: RouterBOARD hardware
Topic: CHR on Vmware esxi 5.5 Max Interfaces
Replies: 1
Views: 1203

SOLVED CHR on Vmware esxi 5.5 Max Interfaces

UPDATE:

When we had the problem this was on a VM with a single CPU socket with a Single CPU Core.

Adding an additional CPU Socket has allowed us to add 10 VMXNET3 interfaces with no IRQ issues anymore.

Consider this solved.

Thanks,

Alex
by alex_rhys-hurn
Fri Jun 29, 2018 4:35 pm
Forum: RouterBOARD hardware
Topic: CHR on Vmware esxi 5.5 Max Interfaces
Replies: 1
Views: 1203

CHR on Vmware esxi 5.5 Max Interfaces

Hello, Please can someone tell me the max number of interfaces CHR can accept from the vmware host. CHR 6.42.3 Vmware esxi 5.5 We added 5 VMXNET3 interfaces and everything is fine. Then we added a 6th interface and the CHR would automatically reboot with an IRQ error and then just boot loop. We remo...
by alex_rhys-hurn
Sat Mar 10, 2018 11:07 am
Forum: General
Topic: Slingshot APT [SOLVED]
Replies: 44
Views: 42067

Re: Slingshot APT, RouterOS spying software [SOLVED]

Hi, I am in Kenya, and have deployments of a few hundred devices, though most of them sit inside private MPLS WANs. As far as I know we have not been exposed to this. How do I know if I have? By reading the Kaspersky report, it seems that even if I sort out the router, the issue still remains on any...
by alex_rhys-hurn
Sat Mar 04, 2017 2:58 pm
Forum: General
Topic: RBLHG-5nD. What is the maximum length of CAT5e cable
Replies: 2
Views: 822

Re: RE: RBLHG-5nD. What is the maximum length of CAT5e cable

Hi I need to install RBLHG-5nD - LHG5 (https://mikrotik.com/product/RBLHG-5nD) on a bulding where I need to install 150ft (45m) of CAT 5e indoor cable (Schneider). The power adapator that is supplied in this product is 24v. Do you think this will have enough power to power the antenna for a 3 miles...
by alex_rhys-hurn
Sun Jun 12, 2016 1:33 pm
Forum: General
Topic: Inbound 1:1 static NAT failover
Replies: 2
Views: 1127

Inbound 1:1 static NAT failover

Hi Everyone, I have the following network - see image. I have failover between two ISP working perfectly using check-gateway and default route cost. I have 1 mailserver with 1:1 static NAT to ISP1 the primary. So my internal IP NATS to a static External IP from ISP1 What  I want to achieve, is when ...
by alex_rhys-hurn
Sat Jun 11, 2016 11:57 am
Forum: General
Topic: Mikrotik ha, anyone tried this?
Replies: 5
Views: 3914

Mikrotik ha, anyone tried this?

Hello,

https://github.com/svlsResearch/ha-mikrotik

The link above was suggested to me in another post on vrrp in this forum.

Has anyone tried it out?

Alex
by alex_rhys-hurn
Wed Jun 25, 2014 7:24 pm
Forum: General
Topic: winbox trouble only over one ISP
Replies: 6
Views: 2607

Re: winbox trouble only over one ISP

Thanks again for your help. Here is the output of my mangle rules: /ip firewall mangle> pr detail Flags: X - disabled, I - invalid, D - dynamic 0 chain=forward action=change-mss new-mss=1300 passthrough=yes tcp-flags=syn protocol=tcp tcp-mss=!0-1300 [admin@MikroTik] /ip firewall mangle> Dont ask me ...
by alex_rhys-hurn
Wed Jun 25, 2014 6:32 pm
Forum: General
Topic: winbox trouble only over one ISP
Replies: 6
Views: 2607

Re: winbox trouble only over one ISP

Pinging through the other ISP gives me a maximum size of 1472, and winbox is working with that.

Also I notice for the link which does not work with winbox, when I use winbox with that link but through an IPSEC Tunnel winbox works fine.

Alex
by alex_rhys-hurn
Wed Jun 25, 2014 6:30 pm
Forum: General
Topic: winbox trouble only over one ISP
Replies: 6
Views: 2607

Re: winbox trouble only over one ISP

Hi, Many thanks for your reply. My pings: ping 8.8.8.8 -l 1452 Pinging 8.8.8.8 with 1452 bytes of data: Reply from 8.8.8.8: bytes=64 (sent 1452) time=151ms TTL=44 So the largest I can send is 1452 anything larger wont work. Its a PPPoE Dial up passive fibre optic ISP link. Mikrotik makes two dynamic...
by alex_rhys-hurn
Wed Jun 25, 2014 3:26 pm
Forum: General
Topic: winbox trouble only over one ISP
Replies: 6
Views: 2607

winbox trouble only over one ISP

Hi folks, We manage many Mikrotik Routers for many customers. We access them remotely over the internet using winbox, ssh and webmin. In some cases we also access them via winbox over an IPIP/IPSEC tunnel. Here is my problem, when I use winbox over my ISP called JTL the winbox session will login and...
by alex_rhys-hurn
Mon Feb 24, 2014 7:55 am
Forum: General
Topic: Poor mans config sync: vrrp
Replies: 7
Views: 5208

Re: Poor mans config sync: vrrp

Hi there, Thanks everyone for the thoughts. Regarding the point where the filter table would be empty when tables flushed, I see your concern, and it is valid. In theory this would only happen on the passive/inactive vrrp partner which has no / little traffic passing through. I can picture some nast...
by alex_rhys-hurn
Fri Feb 21, 2014 1:42 pm
Forum: General
Topic: Poor mans config sync: vrrp
Replies: 7
Views: 5208

Poor mans config sync: vrrp

Hello! I would like to ask the advice and tips of all you gurus out there. We have two ccr routers in VRRP setup. The config is fairly static except for firewall rules which we work on quite a bit. My thoughts, and I am asking you guys if I am mad / wasting my time to try this, is to built a script ...
by alex_rhys-hurn
Thu Dec 05, 2013 2:03 pm
Forum: Forwarding Protocols
Topic: need advice on multi-wan multi-office vpn
Replies: 7
Views: 4382

Re: need advice on multi-wan multi-office vpn

Tomaskir, We meet again!. Yes, I have looked at your video and am in the process of trialling it, as it should solve some of the complexity of rolling out new sites. Very nice design. We are currently doing this on 75 Branches, and your solution addresses a number of scalability problems. Best, Alex
by alex_rhys-hurn
Thu Dec 05, 2013 9:53 am
Forum: Forwarding Protocols
Topic: need advice on multi-wan multi-office vpn
Replies: 7
Views: 4382

Re: need advice on multi-wan multi-office vpn

Hello, I would suggest that you remove the bonding and move over to OSPF ECMP (Equal cost multipathing). I dont tend to use the EOIP Tunnels because they are proprietary to Mikrotik, and so we do this with IPIP Tunnels. So; step 1, build IPIP Tunnel between the offices, two tunnels each branch offic...
by alex_rhys-hurn
Mon Nov 25, 2013 6:43 pm
Forum: General
Topic: VPLS, EThernet Trunk (vlan trunk) and bridges
Replies: 7
Views: 5244

Re: VPLS, EThernet Trunk (vlan trunk) and bridges

Just to finish off the discussion.

Do you have any thoughts towards encrypting the vpls tunnel with IPSec?

Alex
by alex_rhys-hurn
Mon Nov 25, 2013 6:19 pm
Forum: General
Topic: VPLS, EThernet Trunk (vlan trunk) and bridges
Replies: 7
Views: 5244

Re: VPLS, EThernet Trunk (vlan trunk) and bridges

Just read about your question re bridging vlans straight to leased line. We have tried this before, and have also tried simply plugging the leased line ethernet in to the switch, this resulted in immediate phone calls from the service provider complaining about bpdu and other stuff. They have subseq...
by alex_rhys-hurn
Mon Nov 25, 2013 6:14 pm
Forum: General
Topic: VPLS, EThernet Trunk (vlan trunk) and bridges
Replies: 7
Views: 5244

Re: VPLS, EThernet Trunk (vlan trunk) and bridges

Tomaskir, Thanks so much for your quick reply and for taking the time to clarify mtu. We use the VPLS tunnels a lot in another application without the tagged ethernet PW Type so we are familiar with the MTU issue. Our leased line provider gives us jumbo frame capability, and its a pure ethernet link...
by alex_rhys-hurn
Mon Nov 25, 2013 5:45 pm
Forum: General
Topic: VPLS, EThernet Trunk (vlan trunk) and bridges
Replies: 7
Views: 5244

VPLS, EThernet Trunk (vlan trunk) and bridges

Hello, According to the RouterOS Manual, under Vlan: "As VLAN works on OSI Layer 2, it can be used just as any other network interface without any restrictions. VLAN successfully passes through regular Ethernet bridges." And according to 802.1q a VLAN ID is inserted in the ethernet header ...
by alex_rhys-hurn
Wed Nov 20, 2013 7:44 am
Forum: General
Topic: DHCP Server Capacity - what limit in ROS for leases & server
Replies: 3
Views: 1797

Re: DHCP Server Capacity - what limit in ROS for leases & se

Hi,

Thanks for the response, its good to know that my design will fly on this hardware.

So, do you know the theoretical limits for RouterOS as far as DHCP goes, or is it just hardware limited. I cant find anything in the licensing that points to limits.

Many thanks,

Alex
by alex_rhys-hurn
Mon Nov 18, 2013 8:45 am
Forum: General
Topic: DHCP Server Capacity - what limit in ROS for leases & server
Replies: 3
Views: 1797

DHCP Server Capacity - what limit in ROS for leases & server

Hello everyone, My network design is: 1 RB1100AH acting as branch edge router. I have 40 Interdepartmental vlans (PCI-DSS requirements) and each one needs a DHCP Server, giving out a /23 to each vlan with MAC Authentication via Userman. My questions are: What is the limit of number of DHCP Servers o...
by alex_rhys-hurn
Thu Nov 07, 2013 2:33 pm
Forum: General
Topic: WAN interface usage is higher than LAN interface usage
Replies: 10
Views: 6376

Re: WAN interface usage is higher than LAN interface usage

Hi, Please be sure that /ip proxy enabled=no and also /ip dns allow-remote-requests = no. FInally if you really dont have the above enabled / firewalled, then I have seen this in one other scenario, and this was provider related. Here goes: The design was where an ISP had provided their own POP in a...
by alex_rhys-hurn
Wed Nov 06, 2013 5:12 pm
Forum: General
Topic: WAN interface usage is higher than LAN interface usage
Replies: 10
Views: 6376

Re: WAN interface usage is higher than LAN interface usage

Hello, In my experience, this situation is almost always caused by lack of or incorrect firewall configuration. Many people consider that the use of NAT is firewalling. It is not. The source of this traffic is often that either or both the DNS server and/or web proxy are enabled on the router, but n...
by alex_rhys-hurn
Sun Sep 29, 2013 4:09 pm
Forum: General
Topic: Site to Site tunnel... how ?
Replies: 7
Views: 2676

Re: Site to Site tunnel... how ?

I cant see why an ipip tunnel is anymore difficult than a GRE tunnel or EoIP Tunnel. Regarding the second option of using IPSec alone, that situation I find often confuses people more, as opposed to simply encrypting the tunnel with only one set of IPsec policy and then using simple routing tables t...
by alex_rhys-hurn
Fri Sep 27, 2013 1:24 pm
Forum: General
Topic: Site to Site tunnel... how ?
Replies: 7
Views: 2676

Re: Site to Site tunnel... how ?

I would not suggest pptp in this situation. You have 2 real choices, eoip or ipip. eoip is proprietary to Mikrotik and IPIP is standards compliant and will work with other devices like cisco. (I know there are other options, but I am considering this a good basic starting point for newbies). SImply ...
by alex_rhys-hurn
Thu Sep 26, 2013 9:29 am
Forum: General
Topic: PCC + Bandwidth Control for VPN Concentrator
Replies: 0
Views: 1077

PCC + Bandwidth Control for VPN Concentrator

Hello everyone, I hope you can give me some ideas on this. Our network is 3 ISPs (15 megabits each) load balanced with PCC. We have a VPN Concentrator (Cisco ASA 5510) that is Routed through internally, and has a public IP from each ISP. Our Internal nets 10.0.0.0/8 are natted on the Load Balancer. ...
by alex_rhys-hurn
Mon Sep 02, 2013 9:45 am
Forum: General
Topic: Connect through L2TP
Replies: 13
Views: 3539

Re: Connect through L2TP

Hi,

Sorry about the missing link. Here it is:

http://mum.mikrotik.com/presentations/HR13/kirnak.pdf

In fact I liked it so much we are now trialling it in my own network as we get familiar with the solution for our clients. Previously we have been making static tunnels and IPSec Policy.
by alex_rhys-hurn
Wed Aug 28, 2013 11:56 am
Forum: General
Topic: Trainers: Come to Kenya and teach us!
Replies: 1
Views: 1221

Re: Trainers: Come to Kenya and teach us!

Hello,

I just thought I would update you all and say that some trainers came to Kenya and now we are trained and certified! Yippee!

Alex
by alex_rhys-hurn
Wed Aug 28, 2013 11:52 am
Forum: General
Topic: how to block https for facebook.com
Replies: 33
Views: 84986

Re: how to block https for facebook.com

So, to show how easy it is really here is the setup in full: First the Layer & Protocol: /ip firewall layer7-protocol add name=Facebook_URL regexp="^.*(facebook).*\$" Then the Firewall Rule: /ip firewall filter add chain=forward comment="Block Facebook" layer7-protocol=facebo...
by alex_rhys-hurn
Wed Aug 28, 2013 11:18 am
Forum: General
Topic: how to block https for facebook.com
Replies: 33
Views: 84986

Re: how to block https for facebook.com

Hello, I think you may be confusing the term "firewall" with "UTM" or Unified Threat Management. Mikrotik is not a UTM platform. For that you need to look at Checkpoint UTM, Untangle or the like. Personally I dont think that making a layer7 protocol and firewall rule difficult of...
by alex_rhys-hurn
Wed Aug 28, 2013 1:34 am
Forum: General
Topic: Connect through L2TP
Replies: 13
Views: 3539

Re: Connect through L2TP

You might be interested in this video at MUM about using l2tp with ipsec to achieve scalable vpn solution for both site to site and dial up road warrior scenarios.

If I have understood your need properly.
by alex_rhys-hurn
Wed Aug 28, 2013 1:29 am
Forum: General
Topic: how to block https for facebook.com
Replies: 33
Views: 84986

Re: how to block https for facebook.com

Wow. Really old thread. Sorry i posted.....
by alex_rhys-hurn
Wed Aug 28, 2013 1:26 am
Forum: General
Topic: how to block https for facebook.com
Replies: 33
Views: 84986

Re: how to block https for facebook.com

The way we do this is to use a layer 7 regular expression to block any url with facebook in it. First make layer 7 protocol with this as the value: ^.*(facebook).*$ Then make a firewall rule to drop that layer 7 protocol. This can be very harsh and even prevent you resolving and pinging facebook as ...
by alex_rhys-hurn
Mon Jun 24, 2013 5:06 pm
Forum: General
Topic: RouterOS 6.1 released
Replies: 198
Views: 74837

Re: RouterOS 6.1 released

The best way to manage logs in Mikrotik - and frankly just about anything - is to export them via Syslog to a Dude server. You can then filter/sort/export them to your hearts content. Go one step further an deploy SIEM if you wish to do correlation etc... http://communities.alienvault.com/ I havent ...
by alex_rhys-hurn
Sun Oct 14, 2012 8:56 am
Forum: General
Topic: URGENT!!! PLS HELP!!!!!!!
Replies: 8
Views: 1906

Re: URGENT!!! PLS HELP!!!!!!!

Hi!

Do you have web proxy enabled?

I have seen exactly this when you enable web proxy but dont protect it with firewall. Then somebody finds your open web proxy and uses it for their own nefarious needs!

Turn off web proxy and see of that helps.

Alex
by alex_rhys-hurn
Tue Sep 25, 2012 11:53 am
Forum: General
Topic: Trainers: Come to Kenya and teach us!
Replies: 1
Views: 1221

Trainers: Come to Kenya and teach us!

Hello Mikrotik Trainers, We have been using Mikrotik for a long time now, and have a team of proffessionals who are very comfortable with it. Our team already has CCNA CCNP and the like, but we would now like to certify our team in Mikrotik. This message is to all trainers who would be able to visit...
by alex_rhys-hurn
Thu Aug 02, 2012 5:32 pm
Forum: General
Topic: HELP, CPU MIKROTIK 100%
Replies: 6
Views: 2224

Re: HELP, CPU MIKROTIK 100%

Did you try the suggested upgrade?
by alex_rhys-hurn
Wed Aug 01, 2012 3:43 pm
Forum: General
Topic: Hardware antivirus
Replies: 10
Views: 3286

Re: Hardware antivirus

So, lets try something like this: 1: Connect ISP to ether1 of RB1200 2: Connect LAN1 (Unfiltered Internet users LAN) to ether2 of RB1200, and connect this to an UNTAGGED port of the managed switch that has VLAN1 membership 3: Connect LAN2 (Filtered Internet users LAN) to ether3 of RB1200, and connec...
by alex_rhys-hurn
Wed Aug 01, 2012 3:27 pm
Forum: General
Topic: Hardware antivirus
Replies: 10
Views: 3286

Re: Hardware antivirus

OK, let me make a new network design for you. Do you have manageable switches that can do vlans? Do you mind if you have client PC on completely separate vlans? E.g. computers with unfiltered access to internet on one vlan, and client computers with filtered internet on another vlan? We may need to ...
by alex_rhys-hurn
Wed Aug 01, 2012 11:08 am
Forum: General
Topic: HELP, CPU MIKROTIK 100%
Replies: 6
Views: 2224

Re: HELP, CPU MIKROTIK 100%

Whh version of routeros and which hardware are you using?

This has been seen a couple of times in some recent releases.

I suggest you upgrade your firmware, and also send a supout.rif to support@mikrotik.comi
by alex_rhys-hurn
Wed Aug 01, 2012 10:48 am
Forum: General
Topic: Hardware antivirus
Replies: 10
Views: 3286

Re: Hardware antivirus

According to http://www.pandasecurity.com/homeusers/ ... idIdioma=2 the gatedefender can be configured to router mode.

The design above should work in router mode.

Can you try that?
by alex_rhys-hurn
Wed Aug 01, 2012 8:26 am
Forum: General
Topic: Hardware antivirus
Replies: 10
Views: 3286

Re: Hardware antivirus

So gatedefender is transparent bridge?

If so then we need to change ip addressing....

Explain more about the gatedefender please, i am not familiar with it.
by alex_rhys-hurn
Tue Jul 31, 2012 1:33 pm
Forum: General
Topic: Hardware antivirus
Replies: 10
Views: 3286

Re: Hardware antivirus

Hassibi is right. Something like this should work: Connect your ISP to ether1 of your RB1200 then connect your LAN to ether2 of your RB1200, and set up your firewall rules and NAT as you require. Make sure that your whole network is working properly at this stage BEFORE inserting the Panda. Then con...
by alex_rhys-hurn
Wed Jul 18, 2012 12:10 am
Forum: General
Topic: IPSec VPN Set-up between Dual WAN & Single WAN for Fail-Over
Replies: 17
Views: 26083

Re: IPSec VPN Set-up between Dual WAN & Single WAN for Fail-

distance

please paste some configs. I may be able to spot something....
by alex_rhys-hurn
Sun Jul 15, 2012 5:48 pm
Forum: General
Topic: IPSec VPN Set-up between Dual WAN & Single WAN for Fail-Over
Replies: 17
Views: 26083

Re: IPSec VPN Set-up between Dual WAN & Single WAN for Fail-

We do this all the time. It sounds like your routing costs are not quite right yet. Make static routes for each lan network but with different costs, remember to always start with the most basic setup and build from there. So ipip tunnel to hq has route cost of 1 on the main isp link and ipip tunnel...
by alex_rhys-hurn
Sat Jul 07, 2012 7:50 pm
Forum: General
Topic: IPSec VPN Set-up between Dual WAN & Single WAN for Fail-Over
Replies: 17
Views: 26083

Re: IPSec VPN Set-up between Dual WAN & Single WAN for Fail-

The way I would do this is as follows: Create two IP IP tunnels, one for each isp. Then get your routing and everything working properly. Once you have the complete system working as you want, THEN do the IPSec. You are only going to create IPSec for the tunnel itself. You dont need to make IPSec po...
by alex_rhys-hurn
Sun May 13, 2012 11:54 am
Forum: General
Topic: static dhcp leases and ip bindings
Replies: 3
Views: 1775

Re: static dhcp leases and ip bindings

By reading the wanual on http://wiki.mikrotik.com/wiki/Manual:IP ... ver#Leases

BUt other wise:

IP>DHCP SERVER> LEASES and then highlight the lease you want to make static, and click the make static button in the toolbar.

Good Luck.

Alex
by alex_rhys-hurn
Sun Mar 25, 2012 7:11 pm
Forum: Beginner Basics
Topic: Help Needed in My Mikrotik 2.9.27
Replies: 2
Views: 1594

Re: Help Needed in My Mikrotik 2.9.27

2.9.27? Really? That is too old.

That software needs to be upgraded. All upgrades are free from mikrotik if you have a legitimate license, and there are new features/drivers there that you need!

Alex
by alex_rhys-hurn
Fri Mar 09, 2012 8:49 pm
Forum: General
Topic: How do I calculate the TOTAL number of packets per second
Replies: 3
Views: 2146

Re: How do I calculate the TOTAL number of packets per secon

Hi Martin,

Thanks for that. Its exactly what I wanted to see.

So, presumably then, if I add rx-packets-per-second to the tx-packets-per-second I will now get the totat packets handled by that router. Is that correct?

Alex
by alex_rhys-hurn
Wed Mar 07, 2012 5:51 pm
Forum: General
Topic: How do I calculate the TOTAL number of packets per second
Replies: 3
Views: 2146

How do I calculate the TOTAL number of packets per second

Hi Folks, I have an RB1000 and we use all 4 Physical interfaces, and there are many sub interfaces as well. Can anyone tell me how to work out what the total aggregate packets per second that the CPU is dealing with? I am trying to justify the RB1000 over a Cisco 2940 and the cisco website seems to ...
by alex_rhys-hurn
Mon Jan 23, 2012 8:47 pm
Forum: General
Topic: Getting through with Solarwinds
Replies: 3
Views: 3292

Re: Getting through with Solarwinds

Hi, If its over the internet, then youre thinking of using VPN tunnels is bang on. To be honest its the best way to do it any way. We do exactly what you are wanting to do all the time and it works well. In short: 1: Create an Ethernet over IP Tunnel or an IP IP Tunnel between you and your remote si...
by alex_rhys-hurn
Sun Jan 22, 2012 4:02 pm
Forum: General
Topic: firewall Sequence
Replies: 2
Views: 1080

Re: firewall Sequence

The answer is, of course, it depends.

Where exactly in the packets journey are you looking?

Read this, it will answer your question:

http://wiki.mikrotik.com/wiki/Manual:Packet_Flow

Alex
by alex_rhys-hurn
Sun Jan 22, 2012 3:59 pm
Forum: General
Topic: Why bother having SMB server?
Replies: 19
Views: 5021

Re: Why bother having SMB server?

Kindis, Thanks for the reply, I didnt really understand what you are getting at. I come from the traditional position with network devices. For e.g. a server should be a server and a router should be a router. As far as feature sets for a router go I would have thought that SNORTt / IDS / IPS would ...
by alex_rhys-hurn
Sun Jan 22, 2012 7:43 am
Forum: General
Topic: Getting through with Solarwinds
Replies: 3
Views: 3292

Re: Getting through with Solarwinds

If you can possibly manage it, dont use NAT. Simplest routing is static routing, and this in my opinion is simpler than NaTting. If you you do want to persist with NAT, then I suggest at the remote end you use multiple Alias / Secondary IP addresses on the WAN interface. Then set up 1:1 Static NAT, ...
by alex_rhys-hurn
Sun Jan 22, 2012 7:20 am
Forum: General
Topic: Why bother having SMB server?
Replies: 19
Views: 5021

Why bother having SMB server?

Hi Folks,

I know can be rather old fashioned, and presumably the SMB feature was widely requested, so Mikrotik thought they would include it.

But i dont understand why anybody would want it on a router?

What am I missing?

Alex
by alex_rhys-hurn
Wed Jan 18, 2012 9:29 pm
Forum: General
Topic: best loadbalance
Replies: 5
Views: 1265

Re: best loadbalance

Your problem lies in dns and routes because you have not followed my hints above.
by alex_rhys-hurn
Wed Jan 18, 2012 7:20 pm
Forum: General
Topic: best loadbalance
Replies: 5
Views: 1265

Re: best loadbalance

Read the manuals, and search elsewhere on this forum.

This topic is well covered.

But because I have too much time on my hands here is a hint: PCC, Static Router Check Gateway and OpenDNS or Google Public DNS

Alex
by alex_rhys-hurn
Wed Jan 18, 2012 7:08 pm
Forum: General
Topic: Apple.tv problems
Replies: 5
Views: 1965

Re: Apple.tv problems

You might be interested in taking a look at the latest Edition of the QOS scripts from Butch evans if you are not already a QOS pro.

His latest set has an option for setting speed options for streaming video.

Alex
by alex_rhys-hurn
Sat Jan 14, 2012 8:30 am
Forum: General
Topic: Apple.tv problems
Replies: 5
Views: 1965

Re: Apple.tv problems

Are you doing any QOS stuff in your network?

Can you look at the queues and torch the interfaces and see what traffic is going on when he reports this problem?
by alex_rhys-hurn
Sun Nov 20, 2011 8:45 am
Forum: General
Topic: RB751U and Huawei E169
Replies: 7
Views: 2050

Re: RB751U and Huawei E169

As you said the modem worked before in a Mikrotik (was it the same one?) Then all I can suggest is a factory default reset.

Failing that a netinstall of the router, maybe the driver is corrupt and not updating properly.

Is the modem connected to the USB directly or via a USB cable.
by alex_rhys-hurn
Sat Nov 19, 2011 6:09 pm
Forum: General
Topic: RB751U and Huawei E169
Replies: 7
Views: 2050

Re: RB751U and Huawei E169

Hmmm... 5.7 never gave me any problems. Maybe try a /system reset-configuration and try again.

Alex
by alex_rhys-hurn
Sat Nov 19, 2011 4:24 pm
Forum: General
Topic: RB751U and Huawei E169
Replies: 7
Views: 2050

Re: RB751U and Huawei E169

Whenever I have had those problems an upgrade of routeros has solved it.

What version are you using?

Alex
by alex_rhys-hurn
Sat Nov 19, 2011 4:21 pm
Forum: General
Topic: Connecting two sites over internet and hardware selection Qs
Replies: 5
Views: 1811

Re: Connecting two sites over internet and hardware selectio

I have just seen the RB751U-2Hnd

That looks like a good machine. Everything integrated.

And you can add a 3G modem for backup internet link.

Alex
by alex_rhys-hurn
Sat Nov 19, 2011 9:28 am
Forum: General
Topic: Connecting two sites over internet and hardware selection Qs
Replies: 5
Views: 1811

Re: Connecting two sites over internet and hardware selectio

Hi,

It seems that the RB493G is your only real choice to get wifi and enough ports to switch with.

I would suggest an RB493G with indoor case, an RB52N Wireless card with two indoor antennas.

Alex
by alex_rhys-hurn
Fri Nov 18, 2011 12:25 pm
Forum: General
Topic: Connecting two sites over internet and hardware selection Qs
Replies: 5
Views: 1811

Re: Connecting two sites over internet and hardware selectio

For the tunnel I suggest making an IP/IP tunnel between the two sites and then encrypting it with ipsec. This will then allow you to use any form of routing between the two sites. We use this in an enterprise environment and it its very reliable and keeps the ipsec policy configuration very simple. ...
by alex_rhys-hurn
Fri Oct 14, 2011 3:13 pm
Forum: The Dude
Topic: export outages to csv
Replies: 4
Views: 4589

export outages to csv

Hello,

can anyone tell me if it is possible to export the outages information to csv?

I can do this almost all other tables in dude, but not this.

Alex
by alex_rhys-hurn
Sat Jul 30, 2011 8:54 pm
Forum: General
Topic: How do I set static routes for remote networks on IPSEC VPN
Replies: 3
Views: 2907

How do I set static routes for remote networks on IPSEC VPN

Hello Folks, I have read a bunch of stuff both on forum and on wiki, including http://wiki.mikrotik.com/wiki/Routing_through_remote_network_over_IPsec but cant seem to figure this out. The question in short, is how do you set static routes in routing tables for networks at the other side of a site t...
by alex_rhys-hurn
Tue Jul 05, 2011 10:49 pm
Forum: General
Topic: TACACS
Replies: 4
Views: 6992

Re: TACACS

And use Mikrotik User Manager.

This will not only handle your Mikrotik devices but also other network devices that can authenticate users with radius.
by alex_rhys-hurn
Wed Apr 27, 2011 9:12 pm
Forum: General
Topic: Solar power, have i got this right?
Replies: 3
Views: 1651

Re: Solar power, have i got this right?

Take a look at this on the Wiki.

http://wiki.mikrotik.com/wiki/Solar_Power_HOWTO

It should help, it has wiring diagrams and calculations and so on. Just read through.
by alex_rhys-hurn
Sun Apr 17, 2011 8:36 pm
Forum: General
Topic: Voice (VOIP) issues
Replies: 4
Views: 2803

Re: Voice (VOIP) issues

Sorry to bring up an old post, but did you ever make progress with this? I have a very similar problem.

RB100 Router, and Elastix PBX using SIP trunks to two different providers.
by alex_rhys-hurn
Fri Feb 18, 2011 4:04 pm
Forum: The User Manager
Topic: Userman help please. 4 timeouts after every reboot.
Replies: 3
Views: 2542

[SOLVED] Re: Userman help please. 4 timeouts after every reb

I know this is an old thread, but I wanted to mark it as solved for anyone else searching for this issue. I had EXACTLY the same problem, and this seems to be a bug/fault in the userman radius server when it is upgraded. My solution was to upgrade to the next release of routeros. My problem in short...
by alex_rhys-hurn
Tue Jul 13, 2010 6:27 pm
Forum: General
Topic: bridge vlan RB1000 and eci telecom switch - Problem
Replies: 1
Views: 979

Re: bridge vlan RB1000 and eci telecom switch - Problem

Ok,

It seems that what I am trying to do is not a wise / recommended thing.

I am told that you should not bridge VLANS that exist on the same physical interface. Can anyone tell me why this should not be the case?

Alex
by alex_rhys-hurn
Tue Jul 13, 2010 12:07 am
Forum: General
Topic: bridge vlan RB1000 and eci telecom switch - Problem
Replies: 1
Views: 979

bridge vlan RB1000 and eci telecom switch - Problem

Hey Folks, Looking for some help here. I have an RB1000 with two WAN providers, each is providing me with VLANS to my branches. One WAN provider is working perfectly with a routed network. The second WAN provider uses ECI telecom (an Israeli manufacturer) for their Nationwide Fibre network. I receiv...
by alex_rhys-hurn
Sat May 08, 2010 11:44 am
Forum: General
Topic: pcc load balancing and mail servers with nat
Replies: 2
Views: 1549

Re: pcc load balancing and mail servers with nat

Hi fewi,

Thanks for your input. Its helped me.

In fact I had not done my mangle PCC rules properly and so I followed this post by you which sorted me out.
http://forum.mikrotik.com/viewtopic.php?f=2&t=36232&start=0
Thanks again,

Alex
by alex_rhys-hurn
Thu May 06, 2010 8:19 pm
Forum: General
Topic: pcc load balancing and mail servers with nat
Replies: 2
Views: 1549

pcc load balancing and mail servers with nat

Hello, I have looked around the forums and the closest thing I have found that starts me on ly solution is here: http://forum.mikrotik.com/viewtopic.php?f=7&t=30482&hilit=pcc+nat My situation. 2 ISP Links, 2mb up and 2mb down each. each ISP terminates with a /30 on my RB 433 and then additio...
by alex_rhys-hurn
Thu Apr 29, 2010 8:10 am
Forum: Beginner Basics
Topic: Load Balancing over two modems??
Replies: 24
Views: 6583

Re: Load Balancing over two modems??

Depending on how your provider deploys the Iburst modems, I usually find that the Check-Gateway ping command to test if a link is up or down does not work well if at all. The reason for this is that the gateway for the Mikrotik is the Iburst modem itself, and that is only the length of a 1m patch co...
by alex_rhys-hurn
Wed Apr 28, 2010 7:18 pm
Forum: Beginner Basics
Topic: A message of thanks to Mikrotik and Greg Sowell
Replies: 4
Views: 1976

A message of thanks to Mikrotik and Greg Sowell

Dear Folks at Mikrotik and Gregsowell.com I just wanted to give thanks for a great product and to greg for a good set of tutorials that helped me put together a solution for my client. Here is the story. My client (a Bank) has 9 Sites nationwide they were all using Cisco 2800 Series routers to inter...
by alex_rhys-hurn
Mon Apr 26, 2010 7:24 pm
Forum: The User Manager
Topic: Using UserManager as RADIUS for other AP
Replies: 28
Views: 51566

Re: Using UserManager as RADIUS for other AP

I Agree that this would be a very good addition:

+1 Vote
by alex_rhys-hurn
Mon Apr 26, 2010 7:22 pm
Forum: General
Topic: EAP-TTLS PAP authontication
Replies: 5
Views: 4230

Re: EAP-TTLS PAP authontication

:oops: :oops: http://forum.mikrotik.com/posting.php?mode=smilies&f=2# I would like to apologise for not searching the forums properly. The very next thread I looked at says that userman cannot do what I want. Here is the post: http://forum.mikrotik.com/viewtopic.php?f=10&t=23625&hilit=ea...
by alex_rhys-hurn
Mon Apr 26, 2010 7:14 pm
Forum: General
Topic: EAP-TTLS PAP authontication
Replies: 5
Views: 4230

Re: EAP-TTLS PAP authontication

Hi Folks, Can I use Mikrotik Userman to manage EAP authentication for my companies laptops for wireless purposes using non-mikrotik wireless access points (I should add that the AP's have a radius client and industry standard EAP features)? Uldis says yes with "A" RADIUS server but he is n...
by alex_rhys-hurn
Thu Apr 08, 2010 11:25 pm
Forum: The User Manager
Topic: Userman as central database for controlling login to winbox
Replies: 0
Views: 1361

Userman as central database for controlling login to winbox

Hello, I have user manager working well to control users that need to connect to winbox (and other login methods) to manage routers. My client has many sysadmins (and 15 routers) that work in shifts, and so it makes sense to control their login rights and passwords centrally. This is also important ...
by alex_rhys-hurn
Fri Apr 02, 2010 1:43 pm
Forum: Forwarding Protocols
Topic: BGP Noob: balance and failover on WAN not ISP
Replies: 7
Views: 4588

Re: BGP Noob: balance and failover on WAN not ISP

OK, I read you load and clear.

My head is now in to this. It hadnt occurred to me that I could create extra paths by creating tunnels or vlans.

I am going to try that! Thanks.

Alex
by alex_rhys-hurn
Fri Apr 02, 2010 11:47 am
Forum: Forwarding Protocols
Topic: BGP Noob: balance and failover on WAN not ISP
Replies: 7
Views: 4588

Re: BGP Noob: balance and failover on WAN not ISP

Hi Roadrunner, Thanks for the info. Of course I forgot about ECMP.... How well will this work on links that do not have the same bandwidth? One provider gives me a 10mbit cloud (bandwidth is shared by all sites in the cloud and the other is giving dedicated bandwidths per site, and they all vary. Th...
by alex_rhys-hurn
Thu Apr 01, 2010 10:03 pm
Forum: Forwarding Protocols
Topic: BGP Noob: balance and failover on WAN not ISP
Replies: 7
Views: 4588

BGP Noob: balance and failover on WAN not ISP

Hello, I am new to BGP but not OSPF and Mikrotik. I would like a few tips from the BGP pros out there if you dont mind. OSPF will do failover but not load balance with failover, so I want to use BGP. The BGP Failover and load balancing that I have seen in the forums so far relate to interfacing with...
by alex_rhys-hurn
Thu Apr 01, 2010 9:29 pm
Forum: General
Topic: Static to OSPF migration advice please
Replies: 4
Views: 1339

Re: Static to OSPF migration advice please

Cheers techguy!

Nice drink in your hand! Enjoy!
by alex_rhys-hurn
Thu Apr 01, 2010 1:38 pm
Forum: General
Topic: Static to OSPF migration advice please
Replies: 4
Views: 1339

Re: Static to OSPF migration advice please

Ok, Cool. Thanks for the quick reply.

Now My plan is complete and I am going to start this. What a way to spend easter weekend.

Wish me luck!
by alex_rhys-hurn
Thu Apr 01, 2010 12:50 pm
Forum: General
Topic: Static to OSPF migration advice please
Replies: 4
Views: 1339

Static to OSPF migration advice please

Hi Folks, I have a customer network that is nationwide. 7 sites around the country interconnected with a Layer 2 MPLS Cloud. This WAN is currently using static routing, and all is well. For failover reasons I wish to change the static routing to OSPF dynamic routing. My question is, can I bring up O...
by alex_rhys-hurn
Fri Mar 19, 2010 7:39 pm
Forum: General
Topic: Feature Request: Central AP controller with POE on RB1100
Replies: 2
Views: 1342

Feature Request: Central AP controller with POE on RB1100

Hello, I hope this is the right place to post this. I dont see a SwitchOS forum yet. I would like to request the following functionality, especially now that Mikrotik has released a Switch Product. 1: That the RB1100 Switch could be used to control several lightweight Access Points, as a central con...
by alex_rhys-hurn
Thu Oct 29, 2009 8:24 pm
Forum: General
Topic: How to graph second disk use
Replies: 2
Views: 895

Re: How to graph second disk use

I want to be able to graph the disk used by the Web Cache. I guess its not a really big deal, but if I can graph primary disk use then why not secondary? In my case the primary disk use is fairly static as it holds the RouterOS, some backup files and some scripts.... But I have set my Web Proxy Cach...
by alex_rhys-hurn
Wed Oct 28, 2009 6:49 pm
Forum: General
Topic: How to graph second disk use
Replies: 2
Views: 895

How to graph second disk use

Hi Folks, I apologise if this has been answered elsewhere. I have looked but not found any info. My Mikrotik x86 is in use as a web proxy. I have created a second store on a second disk that acts as the storage location for the web cache. My problem is that I wish to graph disk usage but the mikroti...
by alex_rhys-hurn
Thu Oct 15, 2009 12:02 pm
Forum: General
Topic: mikrotik t-shirts
Replies: 40
Views: 14933

Re: mikrotik t-shirts

however, in my defense this is an indicator of how dark it is in the dark continent of africa...

We just dont have the culture shown in that video.

Or maybe I am just an old fart already!
by alex_rhys-hurn
Thu Oct 15, 2009 11:59 am
Forum: General
Topic: mikrotik t-shirts
Replies: 40
Views: 14933

Re: mikrotik t-shirts

Eish... Sorry man...

I obviously missed the point there!

Keep up the good work!

Alex
by alex_rhys-hurn
Wed Oct 14, 2009 8:34 pm
Forum: General
Topic: mikrotik t-shirts
Replies: 40
Views: 14933

Re: mikrotik t-shirts

http://www.cafepress.com/mikrotik.407774243

The phrasing of the quote on the t-shirt above is not correct.

It reads "All your Route Are Belong to You"

It should read something like:

All Routes Are Yours
www.mikrotik.com
by alex_rhys-hurn
Wed Oct 14, 2009 8:06 pm
Forum: General
Topic: proxylizer vmware image: mysql.pipe permissions
Replies: 1
Views: 1879

proxylizer vmware image: mysql.pipe permissions

Hey folks, Been trying to make this vmware appliance work. The time I have spent repairing it I probably should have spent installing it on my own distro. Ho Hum! I am down to my final problem. In /home/proxylizer there sits a file called mysql.pipe If this file has wrong permissions then you will s...
by alex_rhys-hurn
Wed Jul 01, 2009 9:06 am
Forum: General
Topic: RouterOS and SMP (multi-core and multi-cpu) crashes
Replies: 39
Views: 17329

Re: RouterOS and SMP (multi-core and multi-cpu) crashes

Ah! Its Denis Burgess flogging his wares again. Denis, before you go around making those comments take a little time to understand where the people are coming from. Here in Africa (kenya in my case) it is not possible to buy your products. Yes I could import one and have it DHL over here but import ...
by alex_rhys-hurn
Thu Jun 25, 2009 9:22 am
Forum: General
Topic: RouterOS and SMP (multi-core and multi-cpu) crashes
Replies: 39
Views: 17329

Re: RouterOS and SMP (multi-core and multi-cpu) crashes

No I have not specifically run those tests on the machine. Its an interesting point though. The specifica machine I have in mind was installed in production as a mikrotik core router in 2006 with RouterOS version 2.9.something, and we have been progressively upgrading it since then, whilst always ke...
by alex_rhys-hurn
Thu Jun 18, 2009 4:25 pm
Forum: General
Topic: SCSI SUPPORT - WORKAROUNDS??
Replies: 5
Views: 1496

Re: SCSI SUPPORT - WORKAROUNDS??

This workaround turned out ot be less than simple for me. Vmware ESXi 4 only runs on 64bit hardware. My server is of course only 32 bit hardware, and so I am still stuck with running Vyatta as my Virtualised router platform with Vmware ESXi 3.5 Lets see if I can persuade those with the purse strings...
by alex_rhys-hurn
Tue Jun 16, 2009 3:44 pm
Forum: General
Topic: RouterOS and SMP (multi-core and multi-cpu) crashes
Replies: 39
Views: 17329

Re: RouterOS and SMP (multi-core and multi-cpu) crashes

I can confirm that with an NEC Express server, Pentium 4 with Hyper Threading that any version of Routers os greater than 3.11 will lock up hard when HOTSPOT is enabled. If I disable that package then the machine runs fine, Vlans and Queues work ok. Enable the hotspot package and the machine locks h...
by alex_rhys-hurn
Mon May 18, 2009 4:24 pm
Forum: Wireless Networking
Topic: How do you protect towers from theft and vandalism?
Replies: 4
Views: 1763

Re: How do you protect towers from theft and vandalism?

OK, next time I go to one of my hi-sites I'll take a snap.

You'll have to wait a few days....

Alex
by alex_rhys-hurn
Sun May 17, 2009 11:40 pm
Forum: Wireless Networking
Topic: How do you protect towers from theft and vandalism?
Replies: 4
Views: 1763

Re: How do you protect towers from theft and vandalism?

Here in Kenya this is what we do: The highsites tend to be lattice towers of about 25-30 meters. The lattice tower is guyed. 1: After the tower is up, build a chainlink fence around the entire base encompassing also the guy wire footings. On top of this we put coiled razor wire. the kind they used i...
by alex_rhys-hurn
Fri May 08, 2009 4:44 pm
Forum: General
Topic: Hotspot custom queue
Replies: 2
Views: 2094

Re: Hotspot custom queue

This may not be exactly what you are trying to achieve. But this example from the WIKI has worked amazingly for me. The clever part is how the guy to thought this up really thought about the problem came up with a suggestion and then used the mikrotik to deploy. The principle is based on the AMOUNT ...
by alex_rhys-hurn
Fri May 08, 2009 4:39 pm
Forum: General
Topic: hello to all mikrotik supplier
Replies: 4
Views: 1266

Re: hello to all mikrotik supplier

Or you can get a fibre to copper media converter and plug it in like this:

------FIBRE----MEDIA CONVERTER----CAT6 PATCH CORD-----ROUTERBOARD

Media converters are pretty cheap nowadays.
by alex_rhys-hurn
Wed May 06, 2009 5:12 pm
Forum: Beginner Basics
Topic: Creating VLAN's for different NAT'd users
Replies: 12
Views: 5545

Re: Creating VLAN's for different NAT'd users

Hey there... Just back from the bush for a few days.... Awesome trip. Cant seem to send you a private message as am not authorised to do so ..... So I suggest you visit my website and the hit contact us button to send me the email. I will then reply direct and we should be in touch. Best, Alex www.i...
by alex_rhys-hurn
Mon May 04, 2009 7:38 am
Forum: Beginner Basics
Topic: Creating VLAN's for different NAT'd users
Replies: 12
Views: 5545

Re: Creating VLAN's for different NAT'd users

Also if you are new to Mikrotik take note of the Wiki. Here is the wiki article on NAT: http://wiki.mikrotik.com/wiki/NAT_Tutorial And yes, I know what you mean by the price of Cisco in Africa. Although the longer I spend with Mikrotik the less I find myself missing Cisco products.... Cheers! Alex
by alex_rhys-hurn
Mon May 04, 2009 7:32 am
Forum: Beginner Basics
Topic: Creating VLAN's for different NAT'd users
Replies: 12
Views: 5545

Re: Creating VLAN's for different NAT'd users

Let me try to address your issue about NAT which is where we started I think: 1: Ideally you should always attempt to route a public IP direct to the customers CPE or router. This is best practice. Obviously with only a /24 of public IP addresses you wouldnt want to waste IP addresses as you route t...
by alex_rhys-hurn
Mon May 04, 2009 7:10 am
Forum: Beginner Basics
Topic: Easy Wisp Network Design?
Replies: 5
Views: 5697

Re: Easy Wisp Network Design?

As for the nanostation, I do find it an effective CPE, and it works great with the MT Base Stations I have. Still you cant beat the manageability of the Mikrotik gear. The option to use Nstreme right up to the CPE and also compression are great. The NS2 and NS5 come prebuilt and ready to go in a tin...
by alex_rhys-hurn
Sun May 03, 2009 4:35 pm
Forum: Beginner Basics
Topic: Easy Wisp Network Design?
Replies: 5
Views: 5697

Re: Easy Wisp Network Design?

You raise some interesting points. In my opinion you should always seek to have an entirely routed network and seek to deliver Public IP addresses to your clients. To save on public IP addresses you can subnet them and route those public IP subnets over your private IP network. For e.g. you allocate...
by alex_rhys-hurn
Wed Mar 04, 2009 7:28 am
Forum: General
Topic: Different Queuing structure for simple queues.
Replies: 8
Views: 3604

Re: Different Queuing structure for simple queues.

I suppose that we should really be discussing like this: Mikrotik Usermanager is creating dynamic simple queues. This would apply to PPPoe users as well as hotspot users. Also the hotspot usermanager with user profile is creating these simple queues. How does the queue tree interact with these simpl...
by alex_rhys-hurn
Tue Mar 03, 2009 7:09 pm
Forum: General
Topic: Different Queuing structure for simple queues.
Replies: 8
Views: 3604

Re: Different Queuing structure for simple queues.

Hi, I am also using the login scripts when a hotspot user logs in to move the static scripts above the dynamic ones. Its works fine, although as you say ALL the queues stall for a miniscule amount of time. I personally would like it if things were done the way you suggest but I have another question...
by alex_rhys-hurn
Mon Feb 23, 2009 2:43 pm
Forum: General
Topic: Compatibility with Vmware ESXi
Replies: 1
Views: 918

Compatibility with Vmware ESXi

I would like to see SCSI disk drivers introduced in the X86 version of RouterOS so that I can run it on my blazing fast (and free Vmware ESXi Hypervizor.

Rgds

Alex
by alex_rhys-hurn
Thu Feb 19, 2009 10:09 am
Forum: General
Topic: USB device on Vmware ESX
Replies: 2
Views: 1628

Re: USB device on Vmware ESX

Why could you not boot the thing from ESXi with a USB stick?

I am going to try it now....
by alex_rhys-hurn
Thu Feb 12, 2009 9:03 am
Forum: General
Topic: USB device on Vmware ESX
Replies: 2
Views: 1628

USB device on Vmware ESX

It MAY be possible to boot a USB disk that is pre-installed with Mikrotik ROS with vmware esx. I am working on it and will revert. Has anyone else managed yet?

Rgds

Alex
by alex_rhys-hurn
Sat Jan 24, 2009 9:27 pm
Forum: RouterBOARD hardware
Topic: SOLVED Solar Power Solution for RB433
Replies: 42
Views: 20415

Re: SOLVED Solar Power Solution for RB433

@ LaSolitaire I am afraid that I have never seen snow in my life, so you are asking me to do something that I have no knowledge of.. Why dont you add a section in there? It is a wiki and you can make your own changes. Your work would really improve the article. The basic stuff applies just as much t...
by alex_rhys-hurn
Wed Jan 21, 2009 2:55 pm
Forum: RouterBOARD hardware
Topic: SOLVED Solar Power Solution for RB433
Replies: 42
Views: 20415

Re: SOLVED Solar Power Solution for RB433

Why not use 3 x 6volt batteries in series to give you 18volts and run it from there? I guess the main worry is the charging voltage huh? I would be interested to hear about your regulator. I can get here some 24-12 volt reducing dc-dc regulators and some others that reduce from 12 to 3-6-9- volts. B...
by alex_rhys-hurn
Mon Jan 19, 2009 8:08 pm
Forum: RouterBOARD hardware
Topic: SOLVED Solar Power Solution for RB433
Replies: 42
Views: 20415

Re: SOLVED Solar Power Solution for RB433

The one I got for 100 USD is the Steca PR1010 which is a 12/24 volt 10 amp unit with lcd screen and bunch of monitoring functions. I dont know the model you suggest.

But then everything in Kenya is a rip off these days... ho. hum.
by alex_rhys-hurn
Mon Jan 19, 2009 4:21 pm
Forum: General
Topic: Proxylizer Proxy log analysis for RouterOS Web Proxy
Replies: 7
Views: 5809

Re: Proxylizer Proxy log analysis for RouterOS Web Proxy

Thanks for the reply.

I am waiting with excitement.

Cheers!

Alex
by alex_rhys-hurn
Mon Jan 19, 2009 9:01 am
Forum: RouterBOARD hardware
Topic: SOLVED Solar Power Solution for RB433
Replies: 42
Views: 20415

Re: SOLVED Solar Power Solution for RB433

Hey jp... Busted.... you caught me out. The photos ARE actually of a 12v system. Its a different site than originally used in the article...... BTW for others I started using a really cheap Chinese charge controller, and it was fine, but an accidental shorting of the load side caused me to go and bu...
by alex_rhys-hurn
Sun Jan 18, 2009 10:22 am
Forum: General
Topic: Open question for profesional WISPS
Replies: 11
Views: 2635

Re: Open question for profesional WISPS

In Kenya we can get bandwidth from the wholesalers either on an MPLS Fiber network or via Fixed Wirless Links for terrestrial. Generally the wireless links are delivered through Alvarion or Motorola Canopy equipment. Vsat is how ALL bandwidth enters the country at the moment. Bandwidth is limited he...
by alex_rhys-hurn
Sat Jan 17, 2009 11:24 pm
Forum: General
Topic: Proxylizer Proxy log analysis for RouterOS Web Proxy
Replies: 7
Views: 5809

Proxylizer Proxy log analysis for RouterOS Web Proxy

Hey folks, This url http://wiki.mikrotik.com/wiki/Proxylizer/Introduction and this URL http://wiki.mikrotik.com/wiki/Proxylizer/Getting_Started#Download gives details about a Mikrotik Software for analyzing the logs of Mikrotik Web Proxy Service. Has anyone used it or seen it yet? Search in forums t...
by alex_rhys-hurn
Mon Jan 05, 2009 3:11 pm
Forum: The Dude
Topic: invalid oid after upgrade from 3.0 rc3 to 3.0
Replies: 8
Views: 2658

SOLVED: invalid oid after upgrade from 3.0 rc3 to 3.0

So the reinstall of Dude has worked.

I removed the dude package, then downloaded it afresh from the mikrotik website, and installed it again.

My network maps are now working properly.

Regards

Alex
by alex_rhys-hurn
Mon Jan 05, 2009 9:44 am
Forum: The Dude
Topic: invalid oid after upgrade from 3.0 rc3 to 3.0
Replies: 8
Views: 2658

Re: invalid oid after upgrade from 3.0 rc3 to 3.0

Just working this through with the guys at Mikrotik. Running the command /system check-installation gives the following output, which confirms my feeling that it was missing mibs and images. So, I am going to remove the Dude package and then re-install it. Hopefully then check-installation will come...
by alex_rhys-hurn
Mon Jan 05, 2009 8:54 am
Forum: The Dude
Topic: invalid oid after upgrade from 3.0 rc3 to 3.0
Replies: 8
Views: 2658

Re: invalid oid after upgrade from 3.0 rc3 to 3.0

I have now submitted a support request to Mikrotik.

It looks to me like the MIBS for SNMP are missing and also the SVG files that make the graphics work are missing too....

Is this a bug?

Rgds

Alex
by alex_rhys-hurn
Mon Dec 29, 2008 9:50 am
Forum: The Dude
Topic: invalid oid after upgrade from 3.0 rc3 to 3.0
Replies: 8
Views: 2658

Re: invalid oid after upgrade from 3.0 rc3 to 3.0

Yes, cmon guys. Somebody out there must be able to help us with this....
by alex_rhys-hurn
Wed Dec 24, 2008 4:33 pm
Forum: Beginner Basics
Topic: Log file analyzer
Replies: 3
Views: 9834

Re: Log file analyzer

For the SYSLOG feature I am using the dude feature which was introduced in the v3.x of routeros software so that it can run as a service on the router itself. You can also run this software on a separate server elsewhere in your network. Then you may send the log data from the mikrotik router to the...
by alex_rhys-hurn
Wed Dec 24, 2008 11:56 am
Forum: General
Topic: Separate masquerades for separate networks
Replies: 3
Views: 1247

Re: Separate masquerades for separate networks

You can do what you want with the SRCNAT & DSTNAT rules in the IP>FIREWALL>NAT menus. SRCNAT rules are used to make traffic FROM a subnet appear to come FROM a public IP. DSTNAT rules are used to make traffic TO a public IP be sent to a specific Private IP. AKA Port forwarding. Or IP Alias. So P...
by alex_rhys-hurn
Wed Dec 24, 2008 10:34 am
Forum: General
Topic: X86 clock issue
Replies: 12
Views: 3241

Re: X86 clock issue

Ok, well thats an angle that I hadnt thought about. Let me fiddle.

Although the machine was detecting and booting from the USB stick, but just kernel panicking after a few seconds. (when about 50% of the dots have zoomed by.)

Cheers!

Alex
by alex_rhys-hurn
Wed Dec 24, 2008 7:17 am
Forum: General
Topic: X86 clock issue
Replies: 12
Views: 3241

Re: X86 clock issue

The server was an HP ML110 g5 series machine.

This machine comes with a riser slot for the Lights out card, but the card is not present. I dont know if that means that there is still some chipset on the mobo or if there is nothing present at all.....

Rgds

Alex
by alex_rhys-hurn
Tue Dec 23, 2008 7:20 pm
Forum: General
Topic: Sample Hotspot Page - Sticky Please
Replies: 369
Views: 358052

Re: Sample Hotspot Page - Sticky Please

@virus,

You're joking right? Virus-group? that is the name of your isp? With a hotmail address.

Neat Marketing plan.....
by alex_rhys-hurn
Tue Dec 23, 2008 7:16 pm
Forum: General
Topic: X86 clock issue
Replies: 12
Views: 3241

Re: X86 clock issue

I have seen the USB boot problem on the HP ML110 Server series....

USB Boot then just tries to load a kernel panics and dies...... This form a 32MB usb stick
by alex_rhys-hurn
Tue Dec 23, 2008 1:32 pm
Forum: The Dude
Topic: invalid oid after upgrade from 3.0 rc3 to 3.0
Replies: 8
Views: 2658

Re: invalid oid after upgrade from 3.0 rc3 to 3.0

So, by the fact that I have the invalid oid error as well as apparently missing svg files for the icon images for devices, is it possible that these are a: either not present in the package or b: deleted / corupted when the install was done. I Should explain that this machine has been progressively ...
by alex_rhys-hurn
Tue Dec 23, 2008 1:26 pm
Forum: The Dude
Topic: invalid oid after upgrade from 3.0 rc3 to 3.0
Replies: 8
Views: 2658

Re: invalid oid after upgrade from 3.0 rc3 to 3.0

I have this exact same problem. Note that it only occurs when I connect to my remote Dude server running ROuterOS 3.17 and the independant Dude 3.0 package. If I use the Dude client 3.o on my pc and connect to local server then things show up ok. Any tips? I also note that when trying to edit a devi...
by alex_rhys-hurn
Sat Dec 06, 2008 2:19 pm
Forum: General
Topic: Mikrotik transparent bridge with Hotspot : HowTo?
Replies: 2
Views: 1681

Re: Mikrotik transparent bridge with Hotspot : HowTo?

Did you manage to do this? It is exactly what I want to do.

Cheers,

Alex
by alex_rhys-hurn
Sat Nov 22, 2008 9:50 pm
Forum: RouterBOARD hardware
Topic: SOLVED Solar Power Solution for RB433
Replies: 42
Views: 20415

Re: SOLVED Solar Power Solution for RB433

I have created a wiki article to document the process of making a solar power system. Hopefully this will help others.

The article is found here: http://wiki.mikrotik.com/wiki/Solar_Power_HOWTO
by alex_rhys-hurn
Tue Nov 18, 2008 5:25 pm
Forum: RouterBOARD hardware
Topic: SOLVED Solar Power Solution for RB433
Replies: 42
Views: 20415

Re: SOLVED Solar Power Solution for RB433

Great update gerard. A great tip. It is similar to the first problem I have seen on my new test rig. Only in reverse. My test rig is running the newer boards, Crossroads and RB433 (which I designed it for), but my older RB532 wont power at all. This is because when the voltage drops below 25V the RB...
by alex_rhys-hurn
Mon Nov 17, 2008 11:56 pm
Forum: RouterBOARD hardware
Topic: SOLVED Solar Power Solution for RB433
Replies: 42
Views: 20415

Re: Solar Power Solution for RB433 (Solved)

Hi There, Well, its been an interesting few days learning about this. to this end I have started writing a wiki article to try and document my lessons for others. http://wiki.mikrotik.com/wiki/Solar_Power_HOWTO Thank you for clarifying the 12v point. I see what you are getting at. I decided not to u...
by alex_rhys-hurn
Mon Nov 17, 2008 11:40 pm
Forum: General
Topic: More ways to earn free licenses!
Replies: 162
Views: 84162

Re: More ways to earn free licenses!

Dear Normis, Please review the new Wiki Article here: http://wiki.mikrotik.com/wiki/Solar_Power_HOWTO This wiki article servers to explain how to design and build a solar power system to power a RouterBoard Base Station. I trust it is useful and might earn me a license? Best regards to all, Alex
by alex_rhys-hurn
Mon Nov 17, 2008 6:58 pm
Forum: RouterBOARD hardware
Topic: SOLVED Solar Power Solution for RB433
Replies: 42
Views: 20415

Re: Solar Power Solution for RB433

HEy Folks, Thanks for the tips. I have now bought the follwoing: 1 x 100Watt 24 Volt Panel 1 x 15Amp 24Volt Charge / Load Controller with Low Voltage Disconnect 2 x 44Ah Low Maintenance Deep Cycle Batteries Funnily enough two 40 watt 12 Volt panels cost the same as 1 100 Watt 24 Volt Panel. About 40...
by alex_rhys-hurn
Sun Nov 16, 2008 9:21 pm
Forum: RouterBOARD hardware
Topic: SOLVED Solar Power Solution for RB433
Replies: 42
Views: 20415

Re: Solar Power Solution for RB433

Thanks for the reply.

Please can you explain why this is necessary?

I used two or three different websites to calculate this and they all seemed to agree.

Perhaps I should point out that I am located on the equator in kenya.

Regards,

Alex
by alex_rhys-hurn
Sun Nov 16, 2008 3:13 pm
Forum: RouterBOARD hardware
Topic: SOLVED Solar Power Solution for RB433
Replies: 42
Views: 20415

SOLVED Solar Power Solution for RB433

Hey Folks,

I am planning to power my hi-sites with Solar Power. Will my solution shown below work?

EDIT: Also refer to the new Wiki Article addressing this topic for more info: http://wiki.mikrotik.com/wiki/Solar_Power_HOWTO
Base Station Solar Power.jpg
by alex_rhys-hurn
Sat Nov 01, 2008 7:47 am
Forum: Beginner Basics
Topic: Newbie - Limiting Connections
Replies: 24
Views: 6053

Re: Newbie - Limiting Connections

Hi, Been on safari..... Can you please open a new terminal window from winbox, and enter this command (just paste it from here): /export file=tower-a Then open the files window and drag the file tower-a to your desktop, and then open this file innotepad and paste it as code in to this forum posting....
by alex_rhys-hurn
Thu Oct 30, 2008 7:35 pm
Forum: General
Topic: Mikrotik Antennas spec sheets needed
Replies: 1
Views: 899

Mikrotik Antennas spec sheets needed

Hi Folks, My local mikrotik dealer sells me antennas that are aparently mikrotik genuine. Does anybody know if mikrotik sells such things? I cant find any refference on the mikrotik or routerboard websites. You know the ones, the antennas normally used to come with the RB2018 and RB KAO packages. I ...
by alex_rhys-hurn
Wed Oct 29, 2008 8:24 pm
Forum: The User Manager
Topic: Possible bug: Usermanager mac auth and user prefix
Replies: 3
Views: 1651

Re: Possible bug: Usermanager mac auth and user prefix

Hi Sergejs,

Thanks for the response. Saves me fighting with it any more.

I know this is the most hated question, but is there any timeframe for new userman? Say first quater next year?

Forgive me for asking....

Rgds

ALex
by alex_rhys-hurn
Wed Oct 29, 2008 3:04 pm
Forum: The User Manager
Topic: Possible bug: Usermanager mac auth and user prefix
Replies: 3
Views: 1651

Possible bug: Usermanager mac auth and user prefix

Hey folks, Trying to figure out if I have found a bug in usermanager or if I am doing something wrong. I have defined a user prefix for one of my customers who has a hotspot of their own in my network and they use my central user manager deployment which has two or three cybercafes operating off it....
by alex_rhys-hurn
Fri Oct 17, 2008 9:01 am
Forum: General
Topic: Is possible these configuration?
Replies: 4
Views: 1300

Re: Is possible these configuration?

Yes of course.

In fact all you do is set the deault gateway for the asterisk to be the link to the dedicated ISP and the default gateway for the LAN ip phones to the mikrotik router that handles all other traffic.
by alex_rhys-hurn
Thu Oct 16, 2008 10:22 pm
Forum: General
Topic: How to increase the bandwidth and signal power
Replies: 13
Views: 9123

Re: How to increase the bandwidth and signal power

I use the Mikrotik AP and nanostation combination too. I have fallen in to a trap quite often on the nanostations. They often default to having the built in antenna to work in Horizontal Polarization. Be sure to set this to vertical in the advanced page of the web interface. Also note that there are...
by alex_rhys-hurn
Thu Oct 16, 2008 10:04 pm
Forum: General
Topic: Is possible these configuration?
Replies: 4
Views: 1300

Re: Is possible these configuration?

This should be totally straight forward to achieve with routeros. I guess I should ask you how many ports you have on your router? You will probably want to use policy based routing to make this work nicely. Check in the wiki for an example. I should add though that my own asterisk server worked muc...
by alex_rhys-hurn
Thu Oct 16, 2008 9:48 pm
Forum: General
Topic: Sample Hotspot Page - Sticky Please
Replies: 369
Views: 358052

Re: Sample Hotspot Page - Sticky Please

Here is a simpler HTML based one. I just edited the login page that comes with mikrotik hotspot.

I am a networks guy and not a creative or HTML coder.

Tell me what you think. Its fast and simple.
Hotgossip Hotspot Login Page.jpg
by alex_rhys-hurn
Wed Oct 15, 2008 11:21 pm
Forum: Beginner Basics
Topic: Newbie - Limiting Connections
Replies: 24
Views: 6053

Re: Newbie - Limiting Connections

Ok, I understand you fully. You need to do the work on tower A. First use the IP> FIREWALL> MANGLE menus to mark the traffic that is going from A to B and then a different rule to makr traffic that is going from B to A. and then two more different sets of rules to mark traffic going from A to Intern...
by alex_rhys-hurn
Wed Oct 08, 2008 12:22 am
Forum: Beginner Basics
Topic: Newbie - Limiting Connections
Replies: 24
Views: 6053

Re: Newbie - Limiting Connections

An important point to understand about the mikrotik is something called Packet Flow. Read about it here: http://www.mikrotik.com/testdocs/ros/3.0/qos/flow.php This is all about how the traffic passes through the router and therefore how you can apply controls or manipulate that traffic. So, yes, if ...
by alex_rhys-hurn
Tue Oct 07, 2008 11:08 am
Forum: General
Topic: QoS
Replies: 6
Views: 3911

Re: QoS

Hi Bledar,

There is a lot of information on themikrotik wiki for you to start with.

Try these:
http://wiki.mikrotik.com/wiki/Category:QoS

Also there is a hidden wiki article on voip here:

http://wiki.mikrotik.com/wiki/Voip

Especially the second one.
by alex_rhys-hurn
Sat Sep 13, 2008 6:14 pm
Forum: Wireless Networking
Topic: Intel 2200BG
Replies: 3
Views: 2367

Re: Intel 2200BG

Well given that Intel now offers an opensource set of drivers and they work well with Linux systems, cant see why they shouldnt be allowed to work and the drivers included. On the other hand the intel mini PCI wifi cards usually only have a power output in the region of 50 miliwatts. Not much for an...
by alex_rhys-hurn
Sat Sep 13, 2008 6:11 pm
Forum: Wireless Networking
Topic: Help with AP units ??
Replies: 9
Views: 2214

Re: Help with AP units ??

please put this command in to your mikrotik ap: /interface wireless print And paste the output here. We need some specific infor to help you. Dont forget that some mikrotik wireless features are not compatible with other makes of hard ware. Nstreme is one and I have had problems with compression too...
by alex_rhys-hurn
Sat Sep 13, 2008 6:03 pm
Forum: Beginner Basics
Topic: Newbie - Limiting Connections
Replies: 24
Views: 6053

Re: Newbie - Limiting Connections

have you had any joy with the queues?

Yeah there is always loads of terminology changes with different platforms...

You will find that queues on mikrotik are far more flexible and power ful than what mono can offer you.
by alex_rhys-hurn
Fri Sep 12, 2008 7:26 am
Forum: Beginner Basics
Topic: Newbie - Limiting Connections
Replies: 24
Views: 6053

Re: Newbie - Limiting Connections

As a by the way, this is one of the many reasons why its useful to try to design and build your network in a routed manner rather than a bridged one.

A future tip for you.

It definitely seems to me that you have all of the equipment and software in place to do what you want to do.
by alex_rhys-hurn
Fri Sep 12, 2008 7:25 am
Forum: Beginner Basics
Topic: Newbie - Limiting Connections
Replies: 24
Views: 6053

Re: Newbie - Limiting Connections

No I said that it should run on the TOWER 3 as per your drawing. NOT your core router. Remember that in RouterOS 3 the bridge mode can have the firewall applied to it and so you can run mangl on the traffic that passes through. I say tower 3 because that is a point that the traffic must pass through...
by alex_rhys-hurn
Thu Sep 11, 2008 11:43 pm
Forum: General
Topic: logging trafic
Replies: 13
Views: 2164

Re: logging trafic

Chupaka,

I hear what you say about the netflow, but maybe with such a stupid law they makeit worse by saying that if you take a 100% netflow you are infringing on peoples privacy by logging ALL data!

You never know.

Move to africa, we dont have laws.... ;)
by alex_rhys-hurn
Thu Sep 11, 2008 9:49 pm
Forum: Beginner Basics
Topic: Newbie - Limiting Connections
Replies: 24
Views: 6053

Re: Newbie - Limiting Connections

I dont know how many of these you are going to want to do but perhaps a way of doing this is to do your controls on tower3 where all the traffic mast pass. You should be able to set up mangle rules to mark the traffic to and from the customers sites. Then apply a simple queue to the marked packets. ...
by alex_rhys-hurn
Thu Sep 11, 2008 7:38 pm
Forum: The Dude
Topic: has anyone tried to install rc2 on ros x86 v3.10?
Replies: 10
Views: 2848

Re: has anyone tried to install rc2 on ros x86 v3.10?

Ok, so following the suggestion to look at the log file (and I deserve a fine for not thinking of that myself, sorry) the log file says the following: system warning: omitting package dude-3.0rc2: newer package dude-3.13 is already installed So there is some problem there. Any ideas? Can I just rena...
by alex_rhys-hurn
Wed Sep 10, 2008 8:27 am
Forum: The Dude
Topic: has anyone tried to install rc2 on ros x86 v3.10?
Replies: 10
Views: 2848

Re: has anyone tried to install rc2 on ros x86 v3.10?

Hello. Still not working. I upgraded my x86 to ROs 3.13. Then FTP the file dude-3.0rc2.npk to the router. Checked that the file size was the same on the router and on my desktop. Then rebooted the router. It doesnt install. Then I re-downloaded the dude file again to make sure its a good one and tri...
by alex_rhys-hurn
Tue Sep 09, 2008 6:34 pm
Forum: The Dude
Topic: has anyone tried to install rc2 on ros x86 v3.10?
Replies: 10
Views: 2848

Re: has anyone tried to install rc2 on ros x86 v3.10?

!! So what is the point of a routeros independant version of Dude if it doesnt run on all routeros.... I can upgrade my router to 3.11 but not beyond at this point until I am sure that the multiple processor and queue issues that were in 3.12 have been solved. Have they been solved in 3.13? Regards ...
by alex_rhys-hurn
Tue Sep 09, 2008 3:34 pm
Forum: The Dude
Topic: has anyone tried to install rc2 on ros x86 v3.10?
Replies: 10
Views: 2848

has anyone tried to install rc2 on ros x86 v3.10?

I downloaded the routeros independant package from the website, ftp it to my core router on x86 and then reboot the system...

no deal. the package does not install.

Can anyone tell me how to do it?

BEst,

Alex
by alex_rhys-hurn
Mon Sep 08, 2008 9:23 pm
Forum: The User Manager
Topic: A hotspot logout button?
Replies: 18
Views: 59187

Re: A hotspot logout button?

Hi Normis.

Ok, I understand your point about making the pages more unreliable in an iframe and consuming router resources.....

YOu mention a desktop shortcut to logout? How/what exactly do you mean? What would the entries in the shortcut consist of?

Regards,

Alex
by alex_rhys-hurn
Mon Sep 08, 2008 9:21 pm
Forum: The User Manager
Topic: How to stop usermanager from creating queues
Replies: 3
Views: 2393

Re: How to stop usermanager from creating queues

Hi sergejs, Thanlk you for your response. As per my other post see below for the resolved issue: I have resolved my issue, and this was a real head slapper for me..... I was "disabling"the rate-limit in usermanager by setting values to 0 which of course in router os means that the queue sh...
by alex_rhys-hurn
Mon Sep 08, 2008 9:19 pm
Forum: The User Manager
Topic: !!!Usermanage Limits not working!!! Urgent
Replies: 12
Views: 5196

Re: !!!Usermanage Limits not working!!! Urgent

I have resolved my issue, and this was a real head slapper for me..... I was "disabling"the rate-limit in usermanager by setting values to 0 which of course in router os means that the queue should be created and then set to unlimited..... doh.... Sorry guys. Anyway, simply deleting all te...
by alex_rhys-hurn
Mon Sep 08, 2008 9:14 pm
Forum: Beginner Basics
Topic: Newbie - Limiting Connections
Replies: 24
Views: 6053

Re: Newbie - Limiting Connections

Are you doing any user authentication or some such? Also do you have default forward set on your AP's? Some diagram of how your network will help. For example depending on how you route or bridge data will help us to understand if the traffic MUST go through a central point in your network. So, if t...
by alex_rhys-hurn
Sun Sep 07, 2008 9:28 pm
Forum: General
Topic: high priority
Replies: 14
Views: 4555

Re: high priority

@NickOlsen Just looking through your QOS example. I pasted it in to a testbed router I have. Can I just ask what the theory is behind you setting a MaxLimit o f1900k on your upload_wan1 parent queue in the queue tree? I assume that this is the capacity you have from your ISP, but why set it on the u...
by alex_rhys-hurn
Sun Sep 07, 2008 7:16 pm
Forum: Beginner Basics
Topic: 10Base2 with 3Com 3c905B
Replies: 5
Views: 1648

Re: 10Base2 with 3Com 3c905B

Cool! I like to play with stuff too.... Well if the tick is set in the auto-negotiation then it should be enabled. I see that you have it ticked and it still says disabled.... hmmm... Perhaps instead of trying to auto negotiate you could set and force each end of the link to the speed and duplex you...
by alex_rhys-hurn
Sun Sep 07, 2008 2:10 pm
Forum: General
Topic: explain how to test QOS
Replies: 2
Views: 1703

Re: explain how to test QOS

Hey butch, thanks for the reply. I normally use qcheck and Iperf to do my traffic generation. I particularly like Iperf as I can set some TOS to the packets. My problem really comes in to examining the configs in the mikrotik....... ... doh... In writing this I have just answered my own question. Wh...
by alex_rhys-hurn
Sat Sep 06, 2008 11:39 pm
Forum: Beginner Basics
Topic: Newbie - Limiting Connections
Replies: 24
Views: 6053

Re: Newbie - Limiting Connections

Hello, I am trying to understand what you want. As I understand it you want your customers to be able to send traffic between their two locations in your own network at a speed you set for them, and that this speed will be different to what they get to the internet is that right? In other words thei...
by alex_rhys-hurn
Sat Sep 06, 2008 11:10 pm
Forum: General
Topic: explain how to test QOS
Replies: 2
Views: 1703

explain how to test QOS

Hi Folks, Like many of us I am playing with queues (tree & simple) to achieve QOS solutions on RouterOS. I have built many configs in my lab environment using examples from the wiki, manual and peoples comments here in the forum. My question is this: Can anyone explain to me some good tricks and...
by alex_rhys-hurn
Sat Sep 06, 2008 10:56 pm
Forum: Beginner Basics
Topic: 10Base2 with 3Com 3c905B
Replies: 5
Views: 1648

Re: 10Base2 with 3Com 3c905B

Sorry to ask the obvious, but I trust that you are using the correct impedance coax tpieces and terminators... you cant just plug the coaxt to the BNC... Forgive me if you know this.... just asking.... You shouldnt have to switch the card from 10baset to 10base2 it should do a link negotiation prope...
by alex_rhys-hurn
Sat Sep 06, 2008 10:50 pm
Forum: Beginner Basics
Topic: How to limit P2P traffice for all my users
Replies: 5
Views: 5190

Re: How to limit P2P traffice for all my users

Hi beny30 I see that you have just joined. Welcome to one of the most productive and quick responding forums on the net (in my opinion). However, do please be careful asking the question you have asked. It has been asked so many times that all the info can be found here in the forum by searching and...
by alex_rhys-hurn
Fri Sep 05, 2008 8:37 pm
Forum: The User Manager
Topic: A hotspot logout button?
Replies: 18
Views: 59187

Re: A hotspot logout button?

There must be a way to do this with clever html stuff... Can mikrotik not automagically render the users webpages in to an Iframe or something, so that the time counter and logout button remain in a small bar at the top. An example of this would be how google does the image search. When you click an...
by alex_rhys-hurn
Fri Sep 05, 2008 7:52 pm
Forum: The User Manager
Topic: How to stop usermanager from creating queues
Replies: 3
Views: 2393

How to stop usermanager from creating queues

All I want is simple. I want to get usermanager to do two things and only two things. 1: Allocate an IP address to the hotspot user 2: Authenticate the hotspot user either by voucher or mac address I do NOT want to do any traffic shaping, limits caps or such. Therefore I DO NOT want userman to creat...
by alex_rhys-hurn
Fri Sep 05, 2008 9:13 am
Forum: The User Manager
Topic: Interfacing User Manager with CRM
Replies: 4
Views: 4130

Re: Interfacing User Manager with CRM

So is this possible with Sugar CRM? Sugar CRM is tightly integrated to our Trixbox IP PBX and now we would like to take that info and tie it with userman.

Rgds

alex
by alex_rhys-hurn
Fri Sep 05, 2008 8:29 am
Forum: The User Manager
Topic: !!!Usermanage Limits not working!!! Urgent
Replies: 12
Views: 5196

Re: !!!Usermanage Limits not working!!! Urgent

This is the same problem that I am having. Now, making static simple queues with usermanager has caused me a problem. When I use userman to autehnticate my customers it creates a dynamic queue. I dont want that. I want userman to allocate an IP address and to authenticate the users and thats all. I ...
by alex_rhys-hurn
Wed Jul 16, 2008 9:37 am
Forum: General
Topic: Static DNS and local webserver problem ...
Replies: 9
Views: 6416

Re: Static DNS and local webserver problem ...

Hey bwana! I created those rules with winbox. Winbox shows the entries as 0.0.0.0/0 but in the CLI it shows them as 0.0.0.0-255.255.255.255 So I removed them and recreated them using the CLI and it still behaves the same way. I will send some stuff to support, but I will have to plan a maintenance p...
by alex_rhys-hurn
Wed Jul 16, 2008 8:32 am
Forum: General
Topic: Static DNS and local webserver problem ...
Replies: 9
Views: 6416

Re: Static DNS and local webserver problem ...

Hi Giepie Well, this is totally dumbfounding me. When ever I put the following rules in to place my x86 Router reboots instantly, starts up and then reboots itself again. Over and over. The funny thing is that it only does this with the LAN cables plugged in. If I take them out, the router runs, and...
by alex_rhys-hurn
Tue Jul 15, 2008 1:33 pm
Forum: General
Topic: Static DNS and local webserver problem ...
Replies: 9
Views: 6416

Re: Static DNS and local webserver problem ...

Hi! I am playing with this, but am not sure which ip address that should be in the src-address field with the NOT (!) feature. I have three interfaces: ether1 - to internet, public interface ether2 - to WISP network (customers) ether3 - Management network in my office. A assume that I should have th...
by alex_rhys-hurn
Sun Jul 13, 2008 7:10 pm
Forum: General
Topic: Need simpler Hotspot setup
Replies: 4
Views: 1363

Re: Need simpler Hotspot setup

So I think I want something similar to this.

Hotspot without NAT. is that possible with mikrotik?
by alex_rhys-hurn
Sun Jul 13, 2008 7:04 pm
Forum: General
Topic: Forwarding static IP over natted network.
Replies: 7
Views: 2575

Re: Forwarding static IP over natted network.

I just have to re-iterate that the NAT rules on the gateway are key to getting this right. you must make sure that your NAT rules do not toiuch any of the public ip subnets that you have. Here is an example of my NAT rules. nat rules.png Here is the whole routing table. You can see that there are no...
by alex_rhys-hurn
Sun Jul 13, 2008 6:50 pm
Forum: General
Topic: Forwarding static IP over natted network.
Replies: 7
Views: 2575

Re: Forwarding static IP over natted network.

OK, So lets say we have three IP ranges. 10.0.0.0/24 for customers who do not require a public IP, and in this example as a small WISP we are going to use this subnet as our management network too. So, all our AP' s backhauls and so on will use these IP addresses. This is configured on ether 2 which...
by alex_rhys-hurn
Sat Jul 12, 2008 10:59 pm
Forum: Wireless Networking
Topic: Next gen wireless card poll
Replies: 57
Views: 29572

Re: Next gen wireless card poll

I prefer SMA for loss reasons and because the anntenas I can get here are SMA.

So for me:

1 x Ufl for posterities sake and 1 x SMA.
by alex_rhys-hurn
Sat Jul 12, 2008 10:55 pm
Forum: General
Topic: Static DNS and local webserver problem ...
Replies: 9
Views: 6416

Re: Static DNS and local webserver problem ...

Can you also achieve the same thing by setting the primary DNS server for the router to itself and then the secondary to your ISP DNS server? Then get your DHCP clients to set their primary DNS server to the router? Does that not also mean you are caching your DNS requests as well as serving the sta...
by alex_rhys-hurn
Sat Jul 12, 2008 10:51 pm
Forum: General
Topic: Best way to manage a large network
Replies: 3
Views: 1446

Re: Best way to manage a large network

As Chupaka says try the Dude. Also you can use any industry standard SNMP management system to monitor your systems. A common way to do this is to use the MRTG or Cacti Graphong Tools to query all your devices and then display the graphs as you need. These can get quite complex and allow you not onl...
by alex_rhys-hurn
Sat Jul 12, 2008 10:44 pm
Forum: General
Topic: Forwarding static IP over natted network.
Replies: 7
Views: 2575

Re: Forwarding static IP over natted network.

Forgive the lecture if you know this stuff... But this background has helped me build better networks by avoiding use of NAT where ever possible. NAT is evil because the hosts that are behind routers that are running NAT do not have end to end connectivity. NAT was developed inthe 90' s to try to co...
by alex_rhys-hurn
Sat Jul 12, 2008 5:49 pm
Forum: General
Topic: Dos Attack Filter
Replies: 3
Views: 1715

Re: Dos Attack Filter

Dont forget to block the ports suggested in both the FORWARD and INPUT chains.

The INPUT chain to protect the router itself and the FORWARD chain to stop the traffic passing through the router.

Regards

Alex
by alex_rhys-hurn
Sat Jul 12, 2008 5:31 pm
Forum: General
Topic: Forwarding static IP over natted network.
Replies: 7
Views: 2575

Re: Forwarding static IP over natted network.

Hi! I needed to basically the same thing: Refer to this post to see how the guys helped me out. It worked really well. http://forum.mikrotik.com/viewtopic.php?f=2&t=22671 The thing that worries me is that you show that you are doing NAT twice! Is there any reason for that? NAT is evil as it is a...
by alex_rhys-hurn
Sun Jun 08, 2008 11:53 pm
Forum: General
Topic: virtualization
Replies: 60
Views: 28045

Re: virtualization

gmsmstr I guess this is one application example: x86 Hardware base. RouterOS is installed, and then inside the Xen hypervisor there, we install CentOS 5 with a squid proxy setup. Maybe that is a way to get a nice R-OS and Proxy server mix going. Might get around some of the issues that folks have wi...
by alex_rhys-hurn
Fri May 09, 2008 5:29 pm
Forum: General
Topic: Proxy ROS v3.7 & v3.8.
Replies: 28
Views: 4614

Re: Proxy ROS v3.7 & v3.8.

Hey there.... Dont be sad! I am sure some solution can be made.... Can I suggest for testing purposes that we work our way back to where we can get a stable setting. I would suggest that you try the following in this order: 1: Make the proxy settings completely default and then test to see if that r...
by alex_rhys-hurn
Fri May 09, 2008 12:46 pm
Forum: General
Topic: Proxy ROS v3.7 & v3.8.
Replies: 28
Views: 4614

Re: Proxy ROS v3.7 & v3.8.

What makes you think that the proxy is causing this?

Are you sure that if you leave the proxy off, that the interfaces stay in the list all the time?

How long does it run for before the interfaces fail?

What hardware platform are you running on?
by alex_rhys-hurn
Thu May 08, 2008 10:30 pm
Forum: General
Topic: Proxy ROS v3.7 & v3.8.
Replies: 28
Views: 4614

Re: Proxy ROS v3.7 & v3.8 ....SUCKS !!!

Here is my advice. Whilst Router OS itself has been around for some years and has now evolved to verison 3, the web proxy feature is actually brand new (in version 3.x) and in my opinion only in version 0.01. Mikrotik chose to completely re-write FROM SCRATCH the web proxy feature. This means that i...
by alex_rhys-hurn
Tue May 06, 2008 11:04 pm
Forum: General
Topic: How can I route public IP's to my clients without 1:1 NAT?
Replies: 15
Views: 6578

route public IP's to my clients without 1:1 NAT: RESOLVED

Ok, thanks for all the tips folks. Actually turned out to be much simpler than I thought. I used a static route version, exactly as galaxynet suggested. Next step is to go and learn OSPF... One thing I learned to watch out for is how NAT is handled. Up until a basic masquerade rule for all traffic s...
by alex_rhys-hurn
Fri May 02, 2008 6:13 pm
Forum: Beginner Basics
Topic: Is marked packet routable with non-Mikrotik routers ?
Replies: 11
Views: 3053

Re: Is marked packet routable with non-Mikrotik routers ?

But Mikrotik is a form of a linux router..... if you take out the linux router that is already there you can still tell the bosses that its a linux router... you can even put it on the same hardware. Anyway, I suggest you make an EOIP tunnel between the two mikrotiks, and then you can do a number fo...
by alex_rhys-hurn
Fri May 02, 2008 8:04 am
Forum: Beginner Basics
Topic: 1:1 mapping
Replies: 7
Views: 4153

Re: 1:1 mapping

One small thing to note here. If you are doing a combination of 1:1 mapping on your network and just regular NAT for users who dont need a public ip address, you need to be careful that you do your src-nat properly. Things will "sort" of work if you have the basic masquerade rule for your ...
by alex_rhys-hurn
Tue Apr 29, 2008 6:00 pm
Forum: General
Topic: QoS
Replies: 6
Views: 3911

Re: QoS

Ok, if you want more help on this why dont you describe here what you are trying to achieve then together we build a config to help you. That way we both work together. two heads better than one right?
by alex_rhys-hurn
Fri Apr 25, 2008 1:07 am
Forum: Wireless Networking
Topic: 240Km link with RB532 @ 20Mbits
Replies: 62
Views: 45885

Re: 240Km link with RB532 @ 20Mbits

I have used 30dbi antennas and the best trick I could work out was this: Make a long (like 1.5 meter) T shaped wooden bracket, that can hook over the front of the antenna. This works great for panel and dish antennae. Yagis you can point any way. You then hook (somehow, you have to be creative for t...
by alex_rhys-hurn
Fri Apr 25, 2008 12:49 am
Forum: Wireless Networking
Topic: Wireless disconnection messages explained!
Replies: 86
Views: 175686

Re: Wireless disconnection messages explained!

webformix, I have just spent a happy day dealing with exactly the errors you list. We solved permanently by changing channels. We were getting interference from a nearby wifi base station. We found this with was happening with both Dlink DWL2100 AP in ap client mode and Mikrotik with R52 wifi cards....
by alex_rhys-hurn
Fri Apr 25, 2008 12:32 am
Forum: General
Topic: QoS
Replies: 6
Views: 3911

Re: QoS

Hi, I think you have over simplified your question. Mikrotik ROuterOS is a comprehensive set of tools, and the software will do EXACTLY what you tell it to do with your traffic. So, the short answer to your question is yes. The long answer is that it depends on what other things you are doing with y...
by alex_rhys-hurn
Sat Apr 19, 2008 11:11 pm
Forum: General
Topic: Graphing
Replies: 12
Views: 4768

Re: Graphing

Hi Yusuf, The graphing issue..... The problem with graphing dynamic queues (hotspot sessions) with MRTG or CACTI or Dude or any other snmp based graphig tool is this: Each time the customer logs on a session is created. Say session number 1. When the user logs off, this session is closed. Next time ...
by alex_rhys-hurn
Tue Mar 25, 2008 7:32 am
Forum: General
Topic: Bandwidth Control/Traffic Shaping Combing Multiple Interface
Replies: 6
Views: 2089

Re: Bandwidth Control/Traffic Shaping Combing Multiple Interface

Yes, galaxynet is correct, here is a very rough logical example of what can be done (and IS being done by many mikrotik users): Note that the numbers dont necessarily add up or anything, it is just a rough example to show the sort of logic you need to apply to working with routeros. You may see diff...
by alex_rhys-hurn
Tue Mar 25, 2008 6:28 am
Forum: General
Topic: How can I route public IP's to my clients without 1:1 NAT?
Replies: 15
Views: 6578

Re: How can I route public IP's to my clients without 1:1 NAT?

Hi, It is a routed network and is based on what I want to achieve with the network that I already have. It is a real life scenario that I want to achieve, right now the Customer routers all have statis private IP's and I want to change that to static publics, as my mini ISP grows I want to try and d...
by alex_rhys-hurn
Thu Mar 20, 2008 10:59 pm
Forum: General
Topic: How can I route public IP's to my clients without 1:1 NAT?
Replies: 15
Views: 6578

How can I route public IP's to my clients without 1:1 NAT?

Hi Folks, I really, really want to achieve the scenario where my network infrastructure (AP's CPE's switches backhauls and other gear) uses private IP's for their operation and managemnet and then over that infrastructure I route a public IP (or subnet like a /30) to my customers router. I am curren...
by alex_rhys-hurn
Thu Mar 20, 2008 8:24 pm
Forum: General
Topic: Bandwidth Control/Traffic Shaping Combing Multiple Interface
Replies: 6
Views: 2089

Re: Bandwidth Control/Traffic Shaping Combing Multiple Interface

hi catkins. Welcome to the world of mikrotik. Also congratulations for walking headlong in to the same thing that I am many others have found when posting in this forum. When you say that the post that was given is not an answer, I can understand your position. In fact that post does contain enough ...
by alex_rhys-hurn
Tue Mar 04, 2008 10:48 pm
Forum: General
Topic: Queue Tree: traffic shaping: 4 Questions
Replies: 0
Views: 759

Queue Tree: traffic shaping: 4 Questions

Hey Folks, Still trying to get my traffic shaper working well. Its objective is to assign priority to traffic NOT to limit speed. I simply want to say that SIP traffic has a higher priority than HTTP traffic. I have successfully mangled the traffic to mark it. I have a queue tree as per this image: ...
by alex_rhys-hurn
Sat Feb 23, 2008 1:57 pm
Forum: General
Topic: LoadBalancing on MikroTik V3
Replies: 24
Views: 5673

Re: LoadBalancing on MikroTik V3

Hi guys, I have been in your position before and have worked through to learn all the lessons the hard way. You have these options for load balancing: ECMP Round Robin Policy Based Routing Part of the problem for you and for me is that your internet supplies are not matched. 1 is a high latency vsat...
by alex_rhys-hurn
Tue Feb 05, 2008 9:11 pm
Forum: RouterBOARD hardware
Topic: RB133: ROS 3.1 Switch feature not working
Replies: 0
Views: 1054

RB133: ROS 3.1 Switch feature not working

Hey folks, I have enable the switch function on my RB133 as follows: ether1 no changes made ether2 as a slave to ether1 ether3 as a slave to ether1 ether1 and wlan2 are members of bridge1 When I do this devices on each ether interface can ping each other, but cannot ping anything on any other interf...
by alex_rhys-hurn
Fri Jan 25, 2008 7:24 am
Forum: General
Topic: RouterOS v3.1 Released - Wireless disconnection issue solved
Replies: 13
Views: 3110

Re: RouterOS v3.1 Released - Wireless disconnection issue solved

I am asking about the wireless disconnection problem.

The problem I had was something about a key update problem.....
by alex_rhys-hurn
Thu Jan 24, 2008 10:26 pm
Forum: General
Topic: RouterOS v3.1 Released - Wireless disconnection issue solved
Replies: 13
Views: 3110

Re: RouterOS v3.1 Released - Wireless disconnection issue solved

What exactly ws the problem that is observed? I have a disconnect problem but am not sure of it is the one resolved here....
by alex_rhys-hurn
Mon Jan 21, 2008 7:10 am
Forum: General
Topic: BIG BUG in ROUTEROS
Replies: 7
Views: 2128

Re: BIG BUG in ROUTEROS

please post your configuration so we can help you.

Must be a config problem as Mine is still working great after two years!
by alex_rhys-hurn
Fri Jan 18, 2008 8:40 pm
Forum: General
Topic: LinkStar and iDirect in MiKroTik
Replies: 7
Views: 2039

Re: LinkStar and iDirect in MiKroTik

Hmmm. I never heard of asymmetric route. What is that? How do you implement in MT?

Let me go and google now.

Rgds

Alex
by alex_rhys-hurn
Fri Jan 18, 2008 3:43 pm
Forum: General
Topic: P2P connections stay established with drop rule.
Replies: 10
Views: 2767

Re: P2P connections stay established with drop rule.

all subsequent connections should be dropped, yes. However existing connections in my experience are not always dropped. AS far as I can tell this is due to the connection tracking not expiring sessions for the default time which is quite long. You may have more luck by switching off conntrack reboo...
  • 1
  • 2