Community discussions

MikroTik App
 
Estiaan
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 94
Joined: Tue Jul 19, 2011 10:15 am

Help with OSPF Simple network!

Fri Jun 29, 2012 5:33 pm

Map.jpeg
Ive got an Large Bridged network, with an single broadcast domain (192.168.3.0/24)
Ive got about 10 towers, and around 150 clients.with an average usage of around 10mbps.
all my clients connects to my towers using pppoe, and radiusmanager asigning private ip's to each client.
Up to now all is working fine, but I am seeing an decreasing in available bandwidth between towers, as I add more towers.
Now I know I should be running an routed network, and I have tried twice to set it up, with no luck.

Ive got the following ip-list for a few of my towers, to setup OSPF on. But I cannot afford any downtime.
Office<>Madeira
wlan:192.168.4.129/30

Madeira<>Office
wlan:192.168.4.130/30
ether:192.168.4.1/29

Madeira<>Queenstown
ether:192.168.4.2/29
wlan(Mapasa): 192.168.4.133/30
wlan(Queenstown/Lupnouw): 192.168.4.145/30

Madeira Backbone
ether:192.168.4.3/29

MapasaClients:
wlan(Madeira): 192.168.4.134/30
ether: 192.168.4.9/29

Mapasa Backbone:
ether: 192.168.4.10/29
wlan(Cofinvapa): 192.168.4.137/30


Cofinvapa
wlan(Mapasa): 192.168.4.138/30
wlan(CofinTown): 192.168.4.141/30

CofinTown:
wlan(Cofinvapa): 192.168.4.142/30

Queenstown/Lupnouw:
wlan: 192.168.4.146/30


192.168.4.0/29 - Madeira Lan
192.168.4.8/29 - Mapasa LAN
192.168.4.16/29

192.168.4.128/30 - office<>Madeira
192.168.4.132/30 - Madeira-Mapasa
192.168.4.136/30 - Mapasa-Cofinvapa
192.168.4.140/30 - Cofinvapa-CofinTown
192.168.4.144/30 - Madeira-Lupnouw
192.168.4.148/30 -

As soon as I add all these addresses and disable the bridges, I lock myself out of the network, and cause downtime. OSPF is then enabled.

If I setup OSPF correctly, how will my clients get an private IP to 0.0.0.0/0?

Attached is my network diagram. :D
Map.jpeg
You do not have the required permissions to view the files attached to this post.
 
syadnom
Forum Veteran
Forum Veteran
Posts: 794
Joined: Thu Jan 27, 2011 7:29 am

Help with OSPF Simple network!

Fri Jun 29, 2012 6:42 pm

Create a vlan at each site, add a unique subnet to each vlan that can be aggregated (10.10.1.0/24,10.10.2.0/24 or whatever). Create an ospf backbone area at your core, then create a nssa area. Add the nssa to each site. Add the local subnet (10.10.x.0/24) to that area. Set identity on each sites router to its ip. Now the Vlans should be a routed network with ospf. Migrate each ap in turn to the vlan. This leaves the large bridged network in place to avoid down time. Once everything is migrated to the vlan, you can remove the bridges.
 
Estiaan
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 94
Joined: Tue Jul 19, 2011 10:15 am

Re: Help with OSPF Simple network!

Sat Jun 30, 2012 11:39 am

When you say create an vlan, what do you do with wireless links, do you create an tunnel?
 
n21roadie
Forum Guru
Forum Guru
Posts: 1949
Joined: Fri Aug 07, 2009 10:36 pm
Location: Limerick,Ireland

Re: Help with OSPF Simple network!

Sat Jun 30, 2012 3:22 pm

I am running ospf and routed network and is working very good however not sure about your comment "..but I am seeing an decreasing in available bandwidth between towers, as I add more towers..."

I don't have a static IP address for AP wlan also I don't have a static wlan ip address for CPE's , it's assigned dynamically from AP pppoe server ip pool.

I would suggest you setup a test using your bridged setup an AP and test cpe on this test AP and check change over

AP config;assuming you are using pppoe ip pool -example ; 10.110.2.1-10.110.2.200, ether ip address=192.168.4.1/30
OSPF;
/routing ospf network
add area=backbone disabled=no network=192.168.4.0/30
add area=pppoe disabled=no network=10.110.2.0/24

/routing ospf area
set [ find default=yes ] area-id=0.0.0.0 disabled=no instance=default name=\
backbone type=default
add area-id=10.100.2.1 default-cost=1 disabled=no inject-summary-lsas=yes \
instance=default name=pppoe type=stub

DNS ="network gateway"

/ip address
add address=192.168.4.1/30 disabled=no interface=ether1 network=192.168.4.0/30

Note there is no static ip address for wlan, I use a different pppoe Ip pool range for each tower,


For each PTP router, example;
Ip address ether=192.168.4.10/30 wlan=192.168.4.13/30

Ospf = just add network
/routing ospf network
add area=backbone disabled=no network=192.168.4.8/30
add area=backbone disabled=no network=192.168.4.12/30

DNS ="network gateway"

Changing over from bridged you have to plan each move carefully, always have a 2nd route to access each AP (i.e. CPE) and being able to add/modify/delete setting from mac-telnet access is a must know how. never delete a setting just disable that way when you mac-telnet in you just re-enable it.
 
Estiaan
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 94
Joined: Tue Jul 19, 2011 10:15 am

Re: Help with OSPF Simple network!

Sun Jul 01, 2012 12:38 pm

Thanks n21

So I cannot change all the IP addresses using 192.168.4.0/24

ex
Tower 1
wlan01 - 192.168.4.1/24
eth01 - 192.168.4.2/24

Tower 2
wlan01 - 192.168.4.3/24
eth01 - 192.168.4.4/24

Where tower 1 connects to tower 2 using - wlan01?
 
n21roadie
Forum Guru
Forum Guru
Posts: 1949
Joined: Fri Aug 07, 2009 10:36 pm
Location: Limerick,Ireland

Re: Help with OSPF Simple network!

Sun Jul 01, 2012 2:09 pm

Thanks n21

So I cannot change all the IP addresses using 192.168.4.0/24

ex
Tower 1
wlan01 - 192.168.4.1/24
eth01 - 192.168.4.2/24

Tower 2
wlan01 - 192.168.4.3/24
eth01 - 192.168.4.4/24

Where tower 1 connects to tower 2 using - wlan01?
Yes you can, but I would suggest using /30 and know i understand where your concern about reduced bandwidth when linking from each tower,

/routing ospf network
add area=backbone disabled=no network=192.168.4.3/30
add area=backbone disabled=no network=192.168.8.3/30
add area=pppoe disabled=no network=10.110.2.0/24

/ip address
add address=192.168.4.5/30 disabled=no interface=ether1 network=192.168.4.0/30
add address=192.168.4.9/30 disabled=no interface=wlan1 network=192.168.8.0/30
 
Estiaan
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 94
Joined: Tue Jul 19, 2011 10:15 am

Re: Help with OSPF Simple network!

Sun Jul 01, 2012 2:13 pm

Can I setup this while on an bridged network? Where wlan01 and eth01 is in a DMZ bridge?

Can I setup one address ex 192.168.4.5/30 for a bridge running (eth1, eth2 and eth3)
 
n21roadie
Forum Guru
Forum Guru
Posts: 1949
Joined: Fri Aug 07, 2009 10:36 pm
Location: Limerick,Ireland

Re: Help with OSPF Simple network!

Sun Jul 01, 2012 3:11 pm

Can I setup this while on an bridged network? Where wlan01 and eth01 is in a DMZ bridge?

Can I setup one address ex 192.168.4.5/30 for a bridge running (eth1, eth2 and eth3)
I am not sure but the main object is not to lose network connectivity while changing over, AP's you can use an CPE, PTP make sure you have Wlan ip address, plan your moves ,
(1) Sketch out each PTP router with /30 setting, ospf, dns, ip addresses,
(2) Ap's as above with /24 different IP address and subnets for PPPoE,
(2) make out code for each router with these setting, you could run on each router these setting but maybe have them disabled=yes
(3) As you should have network connectivity if you use a different IP address and subnets for PPPoE use a CPE to login to AP, mac-telnet from AP to PTP and so on,
(4) Setup a test router with current setting and check change over proceedure,
(5) If the new configuration is setup on each router but disabled then it should be a matter of having for each router the original code used but this time "disabled=no" and code to delete bridge and disable any other routing setting used for old ip's /24 addresses, the router should come back on if new setting are correctly setup.

Why not post config for one router (as usual remove any passwords, etc) and then maybe other users could suggest additional steps to follow for this.
 
Estiaan
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 94
Joined: Tue Jul 19, 2011 10:15 am

Re: Help with OSPF Simple network!

Sun Jul 01, 2012 8:32 pm

This is my one towers config

/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
disabled=no forward-delay=15s l2mtu=1526 max-message-age=20s mtu=1500 \
name=bridge1 priority=0x8000 protocol-mode=none transmit-hold-count=6
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes \
disabled=no forward-delay=15s l2mtu=65535 max-message-age=20s mtu=1500 \
name="Clients Bridge" priority=0x8000 protocol-mode=none \
transmit-hold-count=6
/interface ethernet
set 0 arp=enabled auto-negotiation=yes disabled=no full-duplex=yes l2mtu=1526 \
mac-address=00:0C:42:CA:15:0D mtu=1500 name=ether1 speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1522 mac-address=00:0C:42:CA:15:0E \
master-port=none mtu=1500 name=ether2 speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited \
disabled=no full-duplex=yes l2mtu=1522 mac-address=00:0C:42:CA:15:0F \
master-port=none mtu=1500 name=ether3 speed=100Mbps
/interface ethernet switch
set 0 mirror-source=none mirror-target=none name=switch1
/interface wireless security-profiles
set [ find default=yes ] authentication-types="" eap-methods=passthrough \
group-ciphers="" group-key-update=5m interim-update=0s \
management-protection=disabled management-protection-key="" mode=none \
name=default radius-eap-accounting=no radius-mac-accounting=no \
radius-mac-authentication=no radius-mac-caching=disabled \
radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username \
static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=\
none static-key-0="" static-key-1="" static-key-2="" static-key-3="" \
static-sta-private-algo=none static-sta-private-key="" \
static-transmit-key=key-0 supplicant-identity=MikroTik tls-certificate=\
none tls-mode=no-certificates unicast-ciphers="" wpa-pre-shared-key="" \
wpa2-pre-shared-key=""
/interface wireless
set 0 adaptive-noise-immunity=none allow-sharedkey=no antenna-gain=0 area="" \
arp=enabled band=5ghz-a/n basic-rates-a/g=\
6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps basic-rates-b=1Mbps \
bridge-mode=enabled channel-width=20/40mhz-ht-above compression=no \
country="south africa" default-ap-tx-limit=0 default-authentication=no \
default-client-tx-limit=0 default-forwarding=no dfs-mode=none \
disable-running-check=no disabled=no disconnect-timeout=3s distance=\
dynamic frame-lifetime=0 frequency=5560 frequency-mode=superchannel \
frequency-offset=0 hide-ssid=no ht-ampdu-priorities=0,1 ht-amsdu-limit=\
8192 ht-amsdu-threshold=8192 ht-basic-mcs="mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,m\
cs-5,mcs-6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14,mcs-15" \
ht-guard-interval=any ht-rxchains=0 ht-supported-mcs="mcs-0,mcs-1,mcs-2,mc\
s-3,mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14\
,mcs-15,mcs-16,mcs-17,mcs-18,mcs-19,mcs-20,mcs-21,mcs-22,mcs-23" \
ht-txchains=0 hw-fragmentation-threshold=disabled hw-protection-mode=none \
hw-protection-threshold=0 hw-retries=7 l2mtu=2290 mac-address=\
00:0C:42:6C:81:ED max-station-count=2007 mode=ap-bridge mtu=1500 name=\
wlan1 noise-floor-threshold=default nv2-cell-radius=10 \
nv2-noise-floor-offset=default nv2-preshared-key="" nv2-qos=default \
nv2-queue-count=2 nv2-security=disabled on-fail-retry-time=100ms \
periodic-calibration=default periodic-calibration-interval=60 \
preamble-mode=both proprietary-extensions=post-2.9.25 radio-name=\
"Madeira Uplink" rate-selection=advanced rate-set=configured scan-list=\
default security-profile=default ssid=Lcom station-bridge-clone-mac=\
00:00:00:00:00:00 supported-rates-a/g=\
6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps supported-rates-b=\
1Mbps,2Mbps,5.5Mbps,11Mbps tdma-period-size=2 tx-power-mode=default \
update-stats-interval=disabled wds-cost-range=50-150 wds-default-bridge=\
none wds-default-cost=100 wds-ignore-ssid=no wds-mode=disabled \
wireless-protocol=nv2-nstreme-802.11 wmm-support=disabled
add area="" arp=enabled bridge-mode=enabled default-ap-tx-limit=0 \
default-authentication=no default-client-tx-limit=0 default-forwarding=no \
disable-running-check=no disabled=no hide-ssid=no l2mtu=2290 mac-address=\
02:0C:42:6C:81:ED master-interface=wlan1 max-station-count=2007 mtu=1500 \
name=Clients proprietary-extensions=post-2.9.25 security-profile=default \
ssid="Lcom AP T" update-stats-interval=disabled wds-cost-range=0 \
wds-default-bridge=none wds-default-cost=0 wds-ignore-ssid=no wds-mode=\
disabled wmm-support=disabled
/interface wireless manual-tx-power-table
set wlan1 manual-tx-powers="1Mbps:17,2Mbps:17,5.5Mbps:17,11Mbps:17,6Mbps:17,9M\
bps:17,12Mbps:17,18Mbps:17,24Mbps:17,36Mbps:17,48Mbps:17,54Mbps:17,HT20-0:\
17,HT20-1:17,HT20-2:17,HT20-3:17,HT20-4:17,HT20-5:17,HT20-6:17,HT20-7:17,H\
T40-0:17,HT40-1:17,HT40-2:17,HT40-3:17,HT40-4:17,HT40-5:17,HT40-6:17,HT40-\
7:17"
/interface wireless nstreme
set wlan1 disable-csma=no enable-nstreme=no enable-polling=yes framer-limit=\
3200 framer-policy=exact-size
/ip hotspot profile
set [ find default=yes ] dns-name="" hotspot-address=0.0.0.0 html-directory=\
hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=\
cookie,http-chap name=default rate-limit="" smtp-server=0.0.0.0 \
split-user-domain=no use-radius=no
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m name=default \
shared-users=1 status-autorefresh=1m transparent-proxy=no
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=3des \
lifetime=30m name=default pfs-group=modp1024
/ip pool
add name=Local ranges=10.7.1.2-10.7.1.254
add name=Remote ranges=10.6.1.1-10.6.1.15
/port
set 0 baud-rate=auto data-bits=8 flow-control=none name=serial0 parity=none \
stop-bits=1
/ppp profile
set 0 change-tcp-mss=yes dns-server=192.168.3.240 local-address=Local name=\
default only-one=default remote-address=Remote use-compression=default \
use-encryption=default use-ipv6=yes use-mpls=default use-vj-compression=\
default
set 1 change-tcp-mss=yes dns-server=192.168.3.240 local-address=Local name=\
default-encryption only-one=default remote-address=Remote \
use-compression=default use-encryption=yes use-ipv6=yes use-mpls=default \
use-vj-compression=default
/queue type
set 0 kind=pfifo name=default pfifo-limit=50
set 1 kind=pfifo name=ethernet-default pfifo-limit=50
set 2 kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set 3 kind=red name=synchronous-default red-avg-packet=1000 red-burst=20 \
red-limit=60 red-max-threshold=50 red-min-threshold=10
set 4 kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
set 5 kind=none name=only-hardware-queue
set 6 kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default
set 7 kind=pfifo name=default-small pfifo-limit=10
/routing bgp instance
set default as=65530 client-to-client-reflection=yes disabled=no \
ignore-as-path-len=no name=default out-filter="" redistribute-connected=\
no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no \
redistribute-static=no router-id=0.0.0.0 routing-table=""
/routing ospf instance
set [ find default=yes ] disabled=no distribute-default=\
if-installed-as-type-1 in-filter=ospf-in metric-bgp=auto \
metric-connected=20 metric-default=1 metric-other-ospf=auto metric-rip=20 \
metric-static=20 name=default out-filter=ospf-out redistribute-bgp=no \
redistribute-connected=as-type-1 redistribute-other-ospf=no \
redistribute-rip=no redistribute-static=as-type-1 router-id=0.0.0.0
/routing ospf area
set [ find default=yes ] area-id=0.0.0.0 disabled=no instance=default name=\
backbone type=default
/routing ospf-v3 instance
set [ find default=yes ] disabled=no distribute-default=never metric-bgp=auto \
metric-connected=20 metric-default=1 metric-other-ospf=auto metric-rip=20 \
metric-static=20 name=default redistribute-bgp=no redistribute-connected=\
no redistribute-other-ospf=no redistribute-rip=no redistribute-static=no \
router-id=0.0.0.0
/routing ospf-v3 area
set [ find default=yes ] area-id=0.0.0.0 disabled=no instance=default name=\
backbone type=default
/snmp community
set [ find default=yes ] address=0.0.0.0/0 authentication-password="" \
authentication-protocol=MD5 encryption-password="" encryption-protocol=\
DES name=public read-access=yes security=none write-access=no
/system logging action
set 0 memory-lines=100 memory-stop-on-full=no name=memory target=memory
set 1 disk-file-count=2 disk-file-name=log disk-lines-per-file=100 \
disk-stop-on-full=no name=disk target=disk
set 2 name=echo remember=yes target=echo
set 3 bsd-syslog=no name=remote remote=:: remote-port=514 src-address=0.0.0.0 \
syslog-facility=daemon syslog-severity=auto target=remote
/user group
set read name=read policy="local,telnet,ssh,reboot,read,test,winbox,password,w\
eb,sniff,sensitive,api,!ftp,!write,!policy" skin=default
set write name=write policy="local,telnet,ssh,reboot,read,write,test,winbox,pa\
ssword,web,sniff,sensitive,api,!ftp,!policy" skin=default
set full name=full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,\
winbox,password,web,sniff,sensitive,api" skin=default
/interface bridge port
add bridge=bridge1 disabled=no edge=auto external-fdb=auto horizon=none \
interface=ether1 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge1 disabled=no edge=auto external-fdb=auto horizon=none \
interface=wlan1 path-cost=10 point-to-point=auto priority=0x80
add bridge="Clients Bridge" disabled=no edge=auto external-fdb=auto horizon=\
none interface=Clients path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge1 disabled=no edge=auto external-fdb=auto horizon=none \
interface=ether2 path-cost=10 point-to-point=auto priority=0x80
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=\
no
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=\
default-encryption enabled=no max-mru=1460 max-mtu=1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=\
default enabled=no keepalive-timeout=60 mac-address=FE:A7:4D:15:79:A6 \
max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pppoe-server server
add authentication=pap,chap,mschap1,mschap2 default-profile=default disabled=\
no interface="Clients Bridge" keepalive-timeout=10 max-mru=1480 max-mtu=\
1480 max-sessions=0 mrru=disabled one-session-per-host=yes service-name=\
service1
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption \
enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/interface sstp-server server
set authentication=pap,chap,mschap1,mschap2 certificate=none default-profile=\
default enabled=no keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=\
disabled port=443 verify-client-certificate=no
/interface wireless access-list
add ap-tx-limit=0 authentication=yes client-tx-limit=0 disabled=no \
forwarding=yes interface=all mac-address=00:21:A4:31:2E:B8 \
management-protection-key="" private-algo=none private-key="" \
private-pre-shared-key="" signal-range=-120..120
add ap-tx-limit=0 authentication=yes client-tx-limit=0 disabled=no \
forwarding=yes interface=all mac-address=00:0C:42:9F:FB:2C \
management-protection-key="" private-algo=none private-key="" \
private-pre-shared-key="" signal-range=-120..120
add ap-tx-limit=0 authentication=yes client-tx-limit=0 disabled=no \
forwarding=yes interface=all mac-address=00:0C:42:8D:FB:49 \
management-protection-key="" private-algo=none private-key="" \
private-pre-shared-key="" signal-range=-120..120
add ap-tx-limit=0 authentication=yes client-tx-limit=0 disabled=no \
forwarding=yes interface=all mac-address=00:0C:42:6C:0E:68 \
management-protection-key="" private-algo=none private-key="" \
private-pre-shared-key="" signal-range=-120..120
add ap-tx-limit=0 authentication=yes client-tx-limit=0 disabled=no \
forwarding=yes interface=all mac-address=00:21:A4:31:2E:97 \
management-protection-key="" private-algo=none private-key="" \
private-pre-shared-key="" signal-range=-120..120
add ap-tx-limit=0 authentication=yes client-tx-limit=0 disabled=no \
forwarding=yes interface=all mac-address=00:0C:42:8E:42:13 \
management-protection-key="" private-algo=none private-key="" \
private-pre-shared-key="" signal-range=-120..120
/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=\
00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300 \
frames-per-second=25 receive-all=no ssid-all=no
/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name="" memory-limit=10 \
multiple-channels=no only-headers=no receive-errors=no streaming-enabled=\
no streaming-max-rate=0 streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=192.168.3.89/24 disabled=no interface=bridge1 network=192.168.3.0
add address=192.168.4.130/30 disabled=no interface=wlan1 network=\
192.168.4.128
add address=192.168.4.3/29 disabled=no interface=ether1 network=192.168.4.0
/ip dhcp-server config
set store-leases-disk=5m
/ip dns
set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB \
max-udp-packet-size=512 servers=""
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall nat
add action=masquerade chain=srcnat disabled=no
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip neighbor discovery
set wlan1 disabled=yes
set ether1 disabled=no
set ether2 disabled=no
set ether3 disabled=no
set bridge1 disabled=no
set Clients disabled=no
set "Clients Bridge" disabled=no
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 \
cache-on-disk=no enabled=no max-cache-size=none max-client-connections=\
600 max-fresh-time=3d max-server-connections=600 parent-proxy=0.0.0.0 \
parent-proxy-port=0 port=8080 serialize-connections=no src-address=\
0.0.0.0
/ip route
add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=192.168.3.240 scope=\
30 target-scope=10
add disabled=no distance=1 dst-address=10.10.15.0/24 gateway=192.168.3.78 \
scope=30 target-scope=10
add disabled=yes distance=1 dst-address=192.168.3.240/32 gateway=\
192.168.10.90 scope=30 target-scope=10
add disabled=no distance=1 dst-address=192.168.4.1/32 gateway=192.168.4.130 \
scope=30 target-scope=10
add disabled=no distance=1 dst-address=192.168.4.16/29 gateway=192.168.4.4 \
scope=30 target-scope=10
/ip service
set telnet address="" disabled=no port=23
set ftp address="" disabled=no port=21
set www address="" disabled=no port=80
set ssh address="" disabled=no port=22
set www-ssl address="" certificate=none disabled=yes port=443
set api address="" disabled=no port=8728
set winbox address="" disabled=no port=8291
/ip smb
set allow-guests=yes comment=MikrotikSMB domain=MSHOME enabled=no interfaces=\
all
/ip smb shares
set [ find default=yes ] comment="default share" directory=/pub disabled=no \
max-sessions=10 name=pub
/ip smb users
set [ find default=yes ] disabled=no name=guest password="" read-only=yes
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no \
inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
/ipv6 nd
set [ find default=yes ] advertise-dns=no advertise-mac-address=yes disabled=\
no hop-limit=unspecified interface=all managed-address-configuration=no \
mtu=unspecified other-configuration=no ra-delay=3s ra-interval=3m20s-10m \
ra-lifetime=30m reachable-time=unspecified retransmit-interval=\
unspecified
/ipv6 nd prefix default
set autonomous=yes preferred-lifetime=1w valid-lifetime=4w2d
/mpls
set dynamic-label-range=16-1048575 propagate-ttl=yes
/mpls interface
set [ find default=yes ] disabled=no interface=all mpls-mtu=1508
/mpls ldp
set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no \
lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0 \
use-explicit-null=no
/port firmware
set directory=firmware
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/queue interface
set wlan1 queue=only-hardware-queue
set ether1 queue=ethernet-default
set ether2 queue=ethernet-default
set ether3 queue=ethernet-default
set Clients queue=wireless-default
/radius
add accounting-backup=no accounting-port=1813 address=192.168.3.251 \
authentication-port=1812 called-id="" disabled=no domain="" realm="" \
secret=Passw0rd service=ppp,login,hotspot,wireless,dhcp timeout=2s
/radius incoming
set accept=yes port=1700
/routing bfd interface
set [ find default=yes ] disabled=no interface=all interval=0.2s min-rx=0.2s \
multiplier=5
/routing igmp-proxy
set query-interval=2m5s query-response-interval=10s quick-leave=no
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m \
gateway-selection=no-gateway origination-interval=5s preferred-gateway=\
0.0.0.0 timeout=1m ttl=50
/routing ospf network
add area=backbone disabled=no network=192.168.4.128/30
add area=backbone disabled=no network=192.168.4.0/29
add area=backbone disabled=no network=192.168.4.16/29
add area=backbone disabled=no network=192.168.4.132/30
/routing pim
set switch-to-spt=yes switch-to-spt-bytes=0 switch-to-spt-interval=1m40s
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
redistribute-connected=no redistribute-ospf=no redistribute-static=no \
routing-table=main timeout-timer=3m update-timer=30s
/routing rip interface
add authentication=none authentication-key="" disabled=no in-prefix-list="" \
interface=wlan1 key-chain="" out-prefix-list="" passive=no receive=v1-2 \
send=v1-2
/routing rip network
add disabled=no network=192.168.3.0/24
/routing ripng
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1 \
metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no \
redistribute-connected=no redistribute-ospf=no redistribute-static=no \
timeout-timer=3m update-timer=30s
/snmp
set contact="" enabled=yes engine-id="" location="" trap-community=public \
trap-generators=start-trap trap-target="" trap-version=2
/system clock
set time-zone-name=Africa/Johannesburg
/system clock manual
set dst-delta=+00:00 dst-end="jan/01/1970 00:00:00" dst-start=\
"jan/01/1970 00:00:00" time-zone=+00:00
/system console
set [ find port=serial0 ] disabled=no port=serial0 term=vt102
/system gps
set channel=0 enabled=no set-system-time=no
/system health
set fan-mode=auto use-fan=main
/system identity
set name="Madeira Uplink"
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set bridge1 disabled=yes display-time=5s
set ether3 disabled=yes display-time=5s
set ether2 disabled=yes display-time=5s
set "Clients Bridge" disabled=yes display-time=5s
set ether1 disabled=yes display-time=5s
set wlan1 disabled=yes display-time=5s
set Clients disabled=yes display-time=5s
/system logging
set 0 action=memory disabled=no prefix="" topics=info
set 1 action=memory disabled=no prefix="" topics=error
set 2 action=memory disabled=no prefix="" topics=warning
set 3 action=echo disabled=no prefix="" topics=critical
/system note
set note="" show-at-login=yes
/system ntp client
set enabled=yes mode=unicast primary-ntp=192.168.3.90 secondary-ntp=0.0.0.0
/system ntp server
set broadcast=no broadcast-addresses="" enabled=no manycast=yes multicast=no
/system resource irq
set 0 cpu=auto
set 1 cpu=auto
set 2 cpu=auto
set 3 cpu=auto
set 4 cpu=auto
set 5 cpu=auto
/system routerboard settings
set baud-rate=115200 boot-delay=2s boot-device=nand-if-fail-then-ethernet \
boot-protocol=bootp cpu-frequency=300MHz enable-jumper-reset=yes \
enter-setup-on=any-key force-backup-booter=no silent-boot=no
/system scheduler
add disabled=yes interval=1d name=Reboot on-event="/system reboot" policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
start-date=feb/22/2012 start-time=03:00:00
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=\
0.0.0.0 user=""
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=\
none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=\
100
/tool e-mail
set address=0.0.0.0 from=<> password="" port=25 user=""
/tool graphing
set page-refresh=300 store-every=5min
/tool mac-server
set [ find default=yes ] disabled=no interface=all
/tool mac-server mac-winbox
set [ find default=yes ] disabled=no interface=all
/tool mac-server ping
set enabled=yes
/tool sms
set allowed-number="" channel=0 keep-max-sms=0 receive-enabled=no secret=""
/tool sniffer
set file-limit=1000KiB file-name="" filter-ip-address="" filter-ip-protocol=\
"" filter-mac-address="" filter-mac-protocol="" filter-port="" \
filter-stream=yes interface=all memory-limit=100KiB memory-scroll=yes \
only-headers=no streaming-enabled=no streaming-server=0.0.0.0
/tool traffic-generator
set latency-distribution-scale=10 test-id=0
/tool user-manager customer
add backup-allowed=yes disabled=no login=admin parent=admin password="" \
paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no \
permissions=owner signup-allowed=no time-zone=-00:00
/user aaa
set accounting=yes default-group=read exclude-groups="" interim-update=0s \
use-radius=no



So Im am going to use the following IP

/routing ospf network
add area=backbone disabled=no network=192.168.4.128/30
add area=backbone disabled=no network=192.168.4.0/29
add area=backbone disabled=no network=192.168.4.16/29
add area=backbone disabled=no network=192.168.4.132/30


Where I use /29 for ether networks
and /30 for PTP wireless Networks
 
Estiaan
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 94
Joined: Tue Jul 19, 2011 10:15 am

Re: Help with OSPF Simple network!

Sun Jul 01, 2012 8:36 pm

What I do see tho is, I am busy setting up all the new IP's and some of my routerboards picks up Neighbours. most of them don't pick up anything, even if I add the network is /ospf networks

Bridging is still enabled so you can ping each new 192.168.4.0 addresses
 
n21roadie
Forum Guru
Forum Guru
Posts: 1949
Joined: Fri Aug 07, 2009 10:36 pm
Location: Limerick,Ireland

Re: Help with OSPF Simple network!

Sun Jul 01, 2012 11:34 pm

Ok - I have done a quick comparsion (yours in green) with one of my AP's which has pppoe server, and is Wlan linking to another AP, what is "local" ip pool range used for.



/ip pool
add name=Local ranges=10.7.1.2-10.7.1.254
add name=Remote ranges=10.6.1.1-10.6.1.15


/ip pool
add name=pppoe-pool ranges=10.110.2.2-10.110.2.200



/ppp profile
set 0 change-tcp-mss=yes dns-server=192.168.3.240 local-address=Local name=\
default only-one=default remote-address=Remote use-compression=default \
use-encryption=default use-ipv6=yes use-mpls=default use-vj-compression=\
default
set 1 change-tcp-mss=yes dns-server=192.168.3.240 local-address=Local name=\
default-encryption only-one=default remote-address=Remote \
use-compression=default use-encryption=yes use-ipv6=yes use-mpls=default \
use-vj-compression=default



/ppp profile
set 0 change-tcp-mss=yes name=default only-one=default use-compression=\
default use-encryption=default use-mpls=default use-vj-compression=\
default
add change-tcp-mss=yes local-address=10.110.2.1 name=Standard_Package \
only-one=default rate-limit=128k/1M remote-address=pppoe-pool \
use-compression=default use-encryption=default use-mpls=default \
use-vj-compression=default
add change-tcp-mss=yes local-address=10.110.2.1 name=Standard2M only-one=\
default rate-limit=256k/2M remote-address=pppoe-pool use-compression=\
default use-encryption=default use-mpls=default use-vj-compression=\
default
add change-tcp-mss=yes local-address=10.110.2.1 name=Standard3M only-one=\
default rate-limit=384k/3M remote-address=pppoe-pool use-compression=\
default use-encryption=default use-mpls=default use-vj-compression=\
default
add change-tcp-mss=yes local-address=10.110.2.1 name=4Mtest only-one=default \
rate-limit=4M/4M remote-address=pppoe-pool use-compression=default \
use-encryption=default use-mpls=default use-vj-compression=default
set 5 change-tcp-mss=yes name=default-encryption only-one=default \
use-compression=default use-encryption=yes use-mpls=default \
use-vj-compression=default


/interface pppoe-server server
add authentication=pap,chap,mschap1,mschap2 default-profile=default disabled=\
no interface="Clients Bridge" keepalive-timeout=10 max-mru=1480 max-mtu=\
1480 max-sessions=0 mrru=disabled one-session-per-host=yes service-name=\
service1


/interface pppoe-server server
add authentication=pap,chap,mschap1,mschap2 default-profile=\
default-encryption disabled=no interface=wlan1 keepalive-timeout=10 \
max-mru=1480 max-mtu=1480 max-sessions=0 mrru=disabled \
one-session-per-host=no service-name=service1



/ip dns
set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB \
max-udp-packet-size=512 servers=""


/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
max-udp-packet-size=512 servers=10.150.0.1,10.150.0.34



/ppp secret
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=\
Client_301 password=XXXXXXXXX profile=Standard_Package routes="" service=pppoe
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=\
Client_302 password=XXXXXXXXX profile=Standard_Package routes="" service=pppoe
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=\
Client_303 password=XXXXXXXXX profile=Standard_Package routes="" \
service=pppoe



/ip address
add address=192.168.3.89/24 disabled=no interface=bridge1 network=192.168.3.0
add address=192.168.4.130/30 disabled=no interface=wlan1 network=\
192.168.4.128
add address=192.168.4.3/29 disabled=no interface=ether1 network=192.168.4.0


/ip address
add address=10.150.0.132/28 disabled=no interface=ether1 network=10.150.0.128
add address=10.150.0.149/30 disabled=no interface=wlan1 network=10.150.0.148


/routing ospf area
set [ find default=yes ] area-id=0.0.0.0 disabled=no instance=default name=\
backbone type=default


/routing ospf area
set [ find default=yes ] area-id=0.0.0.0 disabled=no instance=default name=\
backbone type=default
add area-id=10.110.2.1 default-cost=1 disabled=no inject-summary-lsas=yes \
instance=default name=pppoe type=stub


/routing ospf network
add area=backbone disabled=no network=192.168.4.128/30
add area=backbone disabled=no network=192.168.4.0/29
add area=backbone disabled=no network=192.168.4.16/29
add area=backbone disabled=no network=192.168.4.132/30

/routing ospf network
add area=backbone disabled=no network=10.150.0.128/28
add area=pppoe disabled=no network=10.110.2.0/24
add area=backbone disabled=no network=10.150.0.148/30
 
Estiaan
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 94
Joined: Tue Jul 19, 2011 10:15 am

Re: Help with OSPF Simple network!

Mon Jul 02, 2012 4:36 pm

/routing ospf network
add area=backbone disabled=no network=192.168.4.128/30
add area=backbone disabled=no network=192.168.4.0/29
add area=backbone disabled=no network=192.168.4.16/29
add area=backbone disabled=no network=192.168.4.132/30

/routing ospf network
add area=backbone disabled=no network=10.150.0.128/28
add area=pppoe disabled=no network=10.110.2.0/24
add area=backbone disabled=no network=10.150.0.148/30
Your /ospf network, do you add every Towers IP and subnet in on /ospf network ?
Like I did at the top?

I set up most of this according like yours, and some of the towers pics up neighbours, others doesnt? can it be because of the bridge still in place?
 
n21roadie
Forum Guru
Forum Guru
Posts: 1949
Joined: Fri Aug 07, 2009 10:36 pm
Location: Limerick,Ireland

Re: Help with OSPF Simple network!

Mon Jul 02, 2012 5:36 pm

......

Your /ospf network, do you add every Towers IP and subnet in on /ospf network ?
Like I did at the top?

I set up most of this according like yours, and some of the towers pics up neighbours, others doesnt? can it be because of the bridge still in place?
Yes you add each /30 network address of which each interface ip address are in to ospf network,
For a PTP with Ether to Wlan - you have 2 X /30 in /routing ospf network,
For PPPoE AP you have 2 X /30 in /routing ospf network (1 x for ether, 1 x pppoe )
For Ptp off a AP you have 3 X /30 in /routing ospf network (1 x for ether, 1 x pppoe, 1 x wlan)

With AP sectors you could have a /29 and use a dumb network switch to combine the AP sectors back to one MT router

for example

wlan of PTP1
/ip address
add address=192.168.4.129/30 disabled=no interface=wlan1 network=192.168.4.128
/routing ospf network
add area=backbone disabled=no network=192.168.4.128/30


Wlan of PTP2
/ip address
add address=192.168.4.130/30 disabled=no interface=wlan1 network=192.168.4.128
/routing ospf network
add area=backbone disabled=no network=192.168.4.128/30


I notice
/ip neighbor discovery
set wlan1 disabled=yes

Try
set wlan1 disabled=no
 
Estiaan
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 94
Joined: Tue Jul 19, 2011 10:15 am

Re: Help with OSPF Simple network!

Mon Jul 02, 2012 6:15 pm

Sofar i got it working nicely, last question.

For my PPPOE server that hands out addresses - 10.5.60.1-10.5.60.254 can I setup OSPF Network as 10.5.60.0/24 ?
 
Estiaan
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 94
Joined: Tue Jul 19, 2011 10:15 am

Re: Help with OSPF Simple network!

Mon Jul 02, 2012 8:58 pm

Ok evreything is in place, no more bridges at all, all the routers are reacheable.

1 last problem, Whenever I take my PTP link AP-Bridge > Station. All the routers becomes unreachable.

It only works on Station Bridge mode. OSPF picks up all the neighbours. and Internet is working on all the towers.

Still the bandwidth is not what it should be, and Im guessing its because of the station bridge mode..
 
n21roadie
Forum Guru
Forum Guru
Posts: 1949
Joined: Fri Aug 07, 2009 10:36 pm
Location: Limerick,Ireland

Re: Help with OSPF Simple network!

Mon Jul 02, 2012 9:05 pm

Sofar i got it working nicely, last question.

For my PPPOE server that hands out addresses - 10.5.60.1-10.5.60.254 can I setup OSPF Network as 10.5.60.0/24 ?
/ip pool
add name=pppoe-pool ranges=10.5.60.2-10.5.60.200

/ppp profile
set 0 change-tcp-mss=yes name=default only-one=default use-compression=\
default use-encryption=default use-mpls=default use-vj-compression=\
default
add change-tcp-mss=yes local-address=10.5.60.1 name=Standard_Package \
only-one=default rate-limit=128k/1M remote-address=pppoe-pool \
use-compression=default use-encryption=default use-mpls=default \
use-vj-compression=default

Note 10.5.60.1 is reserved for AP ppp profile which also sets bandwidth limits for the pppoe client,
also I use just 199 dynamic ip pppoe address from 201 to 254 for static which I put on the dude for monitoring,

If you are happy with the help given a positive Krama would help.
 
n21roadie
Forum Guru
Forum Guru
Posts: 1949
Joined: Fri Aug 07, 2009 10:36 pm
Location: Limerick,Ireland

Re: Help with OSPF Simple network!

Mon Jul 02, 2012 9:11 pm

Ok evreything is in place, no more bridges at all, all the routers are reacheable.

1 last problem, Whenever I take my PTP link AP-Bridge > Station. All the routers becomes unreachable.

It only works on Station Bridge mode. OSPF picks up all the neighbours. and Internet is working on all the towers.

Still the bandwidth is not what it should be, and Im guessing its because of the station bridge mode..
Check Ip address's + ospf network setting + dns setting on both sides of the PTP and bridge is fully disabled
 
Estiaan
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 94
Joined: Tue Jul 19, 2011 10:15 am

Re: Help with OSPF Simple network!

Mon Jul 02, 2012 9:17 pm

Check Ip address's + ospf network setting + dns setting on both sides of the PTP and bridge is fully disabled
The only thing still in a bridge is the 3 ether's In (DMZ) Which the IP is on the Bridge.

I can Ping the AP Bridge > Station After it connects, But I cannot ping any board further than that link

Check this aswell Please

http://forum.mikrotik.com/viewtopic.php?f=2&t=63307
 
Estiaan
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 94
Joined: Tue Jul 19, 2011 10:15 am

Re: Help with OSPF Simple network!

Tue Jul 03, 2012 5:08 pm

Hi n21

Ive got a last question

Everything is sorted now, and Routing is working perfect.

I had a few customers that I mangled their packets, and added them to a specific routing mark, to go through a different line

the router where my adsl line is goin to is 192.168.4.34/29

then I got another ADSL Modem (not mikrotik) 192.168.3.37/29

But my towers, which is 3 hops further cannot ping 192.168.3.37, and is unreachable, My Mikrotik board (4.34/29) can ping it.
How can I make all the further Hops see that ADSL Router? It runs on the same wireless link as the rest.
 
n21roadie
Forum Guru
Forum Guru
Posts: 1949
Joined: Fri Aug 07, 2009 10:36 pm
Location: Limerick,Ireland

Re: Help with OSPF Simple network!

Wed Jul 04, 2012 12:43 am

Could you bridge the DSL routers and use a mikrotik router to setup ISP pppoe + then load balance both DSL routers, masquerade the public ip's to pppoe, mangle and then point all dns setting back to this router, also with pppoe setting it has "use peer dns" which the client cpe will get its dns from AP pppoe and the AP + ptps get their dns from load balancer, I double NAT (Load balancer + Client CPE) which some may not approve of but it works for me.
 
Estiaan
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 94
Joined: Tue Jul 19, 2011 10:15 am

Re: Help with OSPF Simple network!

Tue Jul 10, 2012 11:22 am

Hi n21

I cannot bridge the adsl Router, my ISP, does not allow me to log in to that router at all, There must be another way for that router to be reachable all over the network?

Who is online

Users browsing this forum: No registered users and 21 guests