Community discussions

Search found 96 matches

by dancms
Fri May 17, 2019 11:55 pm
Forum: General
Topic: CALEA intercept from Cisco CMTS
Replies: 0
Views: 204

CALEA intercept from Cisco CMTS

Is it possible for CALEA server to intercept from a Cisco CMTS?

From cisco:
cable intercept—Forwards copies of the traffic to and from a specific MAC address to a server at a specific IP address and UDP port.
PKT-SP-ESP-I01-991229 PacketCable Electronic Surveillance Specification

Thanks,
-dan
by dancms
Tue Nov 22, 2016 3:49 pm
Forum: General
Topic: Hotspot causing netflix services to fail
Replies: 7
Views: 1685

Re: Hotspot causing netflix services to fail

We had to abandon hotspot to resolve, never looked back (still using mikrotik).
by dancms
Fri Jul 03, 2015 2:06 am
Forum: General
Topic: Feature requests
Replies: 1160
Views: 208101

Re: Feature requests

Creates a little more clutter than needed but good work around. Much appreciated!
by dancms
Thu Jul 02, 2015 11:11 pm
Forum: General
Topic: Feature requests
Replies: 1160
Views: 208101

Re: Feature requests

Feature request:

Ability to specify boot-file-name on a per static lease basis. This would add much needed flexibility for rather than using the global setting at the 'ip dhcp-server networ' level where all clients receive the same file.
by dancms
Tue May 26, 2015 3:28 pm
Forum: General
Topic: DHCP Option 67 not populating bootfile-name bootp header
Replies: 10
Views: 4465

Re: DHCP Option 67 not populating bootfile-name bootp header

Also, I tested specifying bootfile-name at the network level and it works correctly - ip dhcp-server option print detail ;;;Example Network address=10.0.100.0/22 gateway=10.0.100.1 dns-server="" wins-server="" ntp-server="" caps-manager="" domain="domain.com" next-server=10.0.100.1 boot-file-name="f...
by dancms
Tue May 26, 2015 3:26 pm
Forum: General
Topic: DHCP Option 67 not populating bootfile-name bootp header
Replies: 10
Views: 4465

Re: DHCP Option 67 not populating bootfile-name bootp header

I'm on v6.28, and its working for some of my client device types as well. I'm running into issues where client devices don't request option 67 but I need to send to them anyways. I mainly wanted to point out there is a difference between how mikrotik handles option 67 when it comes to the bootfile-n...
by dancms
Tue May 26, 2015 2:54 pm
Forum: General
Topic: DHCP Option 67 not populating bootfile-name bootp header
Replies: 10
Views: 4465

DHCP Option 67 not populating bootfile-name bootp header

When specifying dhcp-option 67 (bootfile-name), the bootfile-name packet header in the DHCP offer sent from the mikrotik is not populated: ip dhcp-server lease print detail ;;; Example Lease address=10.0.100.2 mac-address=xx:xx:xx:xx:xx:xx lease-time=5m dhcp-option="bootfile" ip dhcp-server option p...
by dancms
Fri Aug 15, 2014 12:24 am
Forum: General
Topic: ARP not expiring
Replies: 2
Views: 620

Re: ARP not expiring

Yep, I will be upgrading in off hours, but I wanted to post in case someone had seen this before.

There is also ipsec policies for the networks on this router, just mentioning in case that is influencing arp behavior.

Thanks,
by dancms
Thu Aug 14, 2014 9:13 pm
Forum: General
Topic: ARP not expiring
Replies: 2
Views: 620

ARP not expiring

I'm having an issue with ARP not expiring - User A (mac-address aa:aa:aa:aa:aa:aa) connects and gets a lease of 5 minutes per radius from Pool A (IP 172.17.46.35). User then registers to gain access to network. Client renews lease (due to 5min lease time) and gets new lease from Pool B per radius (I...
by dancms
Thu Dec 19, 2013 5:25 pm
Forum: General
Topic: IPSec Keepalive
Replies: 3
Views: 2983

Re: IPSec Keepalive

I was able to work around this with a monitor script that flushes SA when detected down.

Another thing im noticing is im getting duplicate installed-sa for the same peer on both ends, tunnel never drops.

What is causing the duplicates? Is this normal behavior?

Thanks -
by dancms
Thu Dec 19, 2013 12:05 am
Forum: General
Topic: IPSec Keepalive
Replies: 3
Views: 2983

Re: IPSec Keepalive

I tested ping keepalive and it works. However, if I reboot mikrotik on one side of the tunnel (site A) to simulate a failure this is the behavior - While site A is down, site B removes active SA per deed peer detection. When site A comes back onlne, and once keepalive ping triggers on site B, tunnel...
by dancms
Mon Dec 16, 2013 11:43 pm
Forum: General
Topic: IPSec Keepalive
Replies: 3
Views: 2983

IPSec Keepalive

Is there a keepalive function for IPSec policies?

I have a tunnel setup, after lifetime if there is no traffic the tunnel drops until a connection is attempted to an IP on the other peer.

I need to make the tunnel persistant even when no traffic is present.

Any input appreciated.
by dancms
Sat Dec 14, 2013 7:37 am
Forum: Scripting
Topic: PHP API example issue
Replies: 2
Views: 984

Re: PHP API example issue

At the time I was on an older version but after upgrade was still having issues with namespaces.

I was able to get the miktoik4net client to work and that was my preferred choice as my app is written in .net anyways.

Thanks for the response, it is appreciated.
by dancms
Thu Dec 05, 2013 6:30 pm
Forum: Scripting
Topic: API problem with VB.net Example
Replies: 8
Views: 4019

Re: API problem with VB.net Example

Fixed - Formatting of propertylist items and filter items are set by mikrotik4net api client and it also adds the 'print' statement. Example query using vb.net with added filter query: Using session As New TikSession(TikConnectorType.Api) Dim filter As New TikConnectorQueryFilterDictionary filter.Ad...
by dancms
Wed Dec 04, 2013 7:55 pm
Forum: Scripting
Topic: PHP API example issue
Replies: 2
Views: 984

PHP API example issue

Im using the find mac-address example found on this page - http://wiki.mikrotik.com/wiki/API_PHP_package Only thing changed was the require_once line. I receive this error when loading the page - Parse error: parse error, expecting `T_CONSTANT_ENCAPSED_STRING' or `'('' in C:\Inetpub\wwwroot\mac.php ...
by dancms
Wed Dec 04, 2013 4:56 pm
Forum: Scripting
Topic: API problem with VB.net Example
Replies: 8
Views: 4019

Re: API problem with VB.net Example

Here is the code: Using session As New TikSession(TikConnectorType.Api) session.Open("mikrotikip", "user", "password") Dim api As Connector.Api.IApiConnector = session.Connector Dim params As New Dictionary(Of String, String) params.Add(".proplist", "mac-address") params.Add("?address", "x.x.x.x") D...
by dancms
Wed Dec 04, 2013 3:16 pm
Forum: Scripting
Topic: API problem with VB.net Example
Replies: 8
Views: 4019

Re: API problem with VB.net Example

That's how I'm sending it from my program. The output I pasted was from the debug when executing the code. Maybe I'm not invoking the right function ExecuteReader() from the miktotik4tik class. Anyone have experience with this API implementation? Thanks for pointing out the correct API commands so I...
by dancms
Wed Dec 04, 2013 7:15 am
Forum: Scripting
Topic: API problem with VB.net Example
Replies: 8
Views: 4019

Re: API problem with VB.net Example

Getting closer but still have errors: Target returns error. COMMAND: /ip/arp/print =.proplist=mac-address =?address=x.x.x.x ERRORS: =message=unknown parameter RESPONSE: !trap =message=unknown parameter !done Can someone verify my syntax for API commands are correct? (ip address is commented out) I d...
by dancms
Tue Dec 03, 2013 9:57 pm
Forum: Scripting
Topic: API problem with VB.net Example
Replies: 8
Views: 4019

Re: API problem with VB.net Example

How would you pass an argument to an example like the above using vb.net, since where is not a valid api command?

/ip/add/print/where comment="somecomment"
by dancms
Mon Nov 25, 2013 8:59 pm
Forum: General
Topic: mikrotik + freeradius + dhcp + simple queue
Replies: 4
Views: 1902

Re: mikrotik + freeradius + dhcp + simple queue

Did you figure out the issue? I have experienced issues with it as well.
by dancms
Fri Sep 13, 2013 1:27 am
Forum: General
Topic: NAT across VPN tunnel
Replies: 3
Views: 771

Re: NAT across VPN tunnel

Do I just use src and dst nat rules? What would be the procedure to translate one side? Side a 10.0.0.0/24 Side b 192.168.0.0/24 Want to make side b appear to side a as 10.0.1.0/24 I've had no success in doing so. I have been specifying the nat range 10.0.1.0/24 in IPSec policy on both endpoints and...
by dancms
Mon Sep 09, 2013 9:13 pm
Forum: General
Topic: NAT across VPN tunnel
Replies: 3
Views: 771

NAT across VPN tunnel

I have a remote network I need to NAT across VPN tunnel as the network conflicts with another VPN at the central site.

I have tried adding src and dst nat rules but doesn't seem to do the trick.

Is this possible?
by dancms
Mon Aug 26, 2013 11:49 pm
Forum: General
Topic: Hotspot causing netflix services to fail
Replies: 7
Views: 1685

Re: Hotspot causing netflix services to fail

Yes, PS3 and Xbox - both have browsers and all functions work fine, except the behavior with netflix as a result of some sort of recent change on the console or netflix app.
by dancms
Mon Aug 26, 2013 11:23 pm
Forum: General
Topic: Hotspot causing netflix services to fail
Replies: 7
Views: 1685

Hotspot causing netflix services to fail

I am assuming netflix / has made some sort of application change that has caused this but would like to see if anyone has input- We have large hotspot deployments in which users connect game consoles to the service and stream netflix. Up until recently ~2-3 months there have been no issues. I have c...
by dancms
Sat Jul 20, 2013 5:10 pm
Forum: General
Topic: Hotspot and multiple IP's per MAC
Replies: 15
Views: 6853

Re: Hotspot and multiple IP's per MAC

There are a couple ways to 'get around' this issue. I say get around because it still happens from time to time in certain cases and I have not sought to identify them as its difficult to replicate. Fix 1, use switches that support private vlans (as Cisco calls them). This isolates users from each o...
by dancms
Mon Oct 29, 2012 4:33 pm
Forum: General
Topic: Calea - specify path with case-name
Replies: 1
Views: 413

Re: Calea - specify path with case-name

Still haven't had any luck,

Any Ideas out there?
by dancms
Wed Oct 24, 2012 11:49 pm
Forum: General
Topic: Calea - specify path with case-name
Replies: 1
Views: 413

Calea - specify path with case-name

How do you save calea intercept to a specific directory? tool calea add action=pcap intercept-port=5555 case-id=100 intercept-ip=ipaddress case-name=sata2/calea This creates a foler on the system disk called calea-admin, but no data is found in it or the path specified. File print 5 sata2 disk 6 cal...
by dancms
Thu Apr 26, 2012 11:41 pm
Forum: General
Topic: Hotspot and multiple IP's per MAC
Replies: 15
Views: 6853

Re: Hotspot and multiple IP's per MAC

Disabling the address pool doesnt help, this is just the hotspot universal client. My problem was a result of the same "inserting (invalid) arp / hotspot entries" as a result of ICMP redirects. Having had my ICMP redirect block in place on my cisco switch for some time now, the problem has not re-ap...
by dancms
Mon Mar 05, 2012 9:59 pm
Forum: General
Topic: Firewall rules with hotspot
Replies: 5
Views: 819

Re: Firewall rules with hotspot

To elaborate, trying to block these packets from being seen / processed by hotspot.

No matter what chain I put them in, hotspot still see's them.

I made sure the rule was placed in front of the dynamic rules as well.
by dancms
Mon Mar 05, 2012 7:04 pm
Forum: General
Topic: Firewall rules with hotspot
Replies: 5
Views: 819

Re: Firewall rules with hotspot

Trying to block ICMP type 5 messages:

Cisco ACL example that works:
access-list 100 deny icmp any any redirect

I have tried :

chain=input protocol=icmp type=5:0-255 action=drop
chain=forward protocol=icmp type=5:0-255 action=drop
by dancms
Mon Mar 05, 2012 4:31 pm
Forum: General
Topic: Firewall rules with hotspot
Replies: 5
Views: 819

Re: Firewall rules with hotspot

I have not had any luck with my rule, I can block successfully on a switch the mikrotik plugs into. I have tried input and forward, any other ideas?
by dancms
Fri Mar 02, 2012 10:14 pm
Forum: General
Topic: Firewall rules with hotspot
Replies: 5
Views: 819

Firewall rules with hotspot

I would like to block certain types of inbound traffic on my hotspot interface, as soon as it enters the router before any hotspot processing etc takes place.

What chain would I use for these rules? Any other catches? I have tried a few ideas with no luck.

Thanks!
by dancms
Fri Mar 02, 2012 9:47 pm
Forum: General
Topic: Hotspot and multiple IP's per MAC
Replies: 15
Views: 6853

Re: Hotspot and multiple IP's per MAC

Our users have several different types of routers, belkin, dlink, netgear, cisco/linksys. I have verified that blocking ICMP redirects has fixed the problem in a lab environment. I was unsuccessful in blocking this traffic with the mikrotik firewall, although I'm sure it can be done. I setup an acce...
by dancms
Thu Mar 01, 2012 9:52 pm
Forum: General
Topic: Hotspot and multiple IP's per MAC
Replies: 15
Views: 6853

Re: Hotspot and multiple IP's per MAC

The ICMP redirects are triggered by SSDP messages from other devices. Still tracking the source, I presume a router / routers plugged in backwards are the root cause of the issue.
by dancms
Thu Mar 01, 2012 9:15 pm
Forum: General
Topic: Hotspot and multiple IP's per MAC
Replies: 15
Views: 6853

Re: Hotspot and multiple IP's per MAC

I have been battling the problem non stop and have some information I found today. When doing a packet capture between a users router and the mikrotik hotspot, I see a ton of ICMP redirects that are sourced from the users router. Each of the destination IP's in the redirect shows up as the other IP'...
by dancms
Mon Feb 20, 2012 5:03 pm
Forum: General
Topic: Hotspot and multiple IP's per MAC
Replies: 15
Views: 6853

Re: Hotspot and multiple IP's per MAC

Any guidance on this? I seem to find several old posts reguarding the same problem but never a resolution.

I also have several public IP's showing up in the host table, I have not found any posts that explain what causes this.

Any direction is appreciated.
by dancms
Tue Jan 31, 2012 9:23 pm
Forum: General
Topic: Hotspot and multiple IP's per MAC
Replies: 15
Views: 6853

Hotspot and multiple IP's per MAC

I am running hotspot and keep running into an issue with multiple IP's per MAC, current setting is 1 but when increaded the same issue is seen. ip hotspot host print 0 DA xx:xx:xx:B2:06:91 10.123.0.40 10.123.0.40 auth-hotspot 1 H xx:xx:xx:B2:06:91 10.123.2.198 10.123.2.198 auth-hotspot This device c...
by dancms
Wed Dec 14, 2011 3:32 am
Forum: General
Topic: Hotspot with external login page - re-authenticate user
Replies: 6
Views: 3549

Re: Hotspot with external login page - re-authenticate user

Im not using the php page, my external app uses ASP/VB. I wasnt sure what needed done at the router level to enable https. I will take a look at the php example and try to implement the same into my app. Any other suggestions are welcome.

Thanks again for the direction!
by dancms
Wed Dec 14, 2011 12:10 am
Forum: General
Topic: Hotspot with external login page - re-authenticate user
Replies: 6
Views: 3549

Re: Hotspot with external login page - re-authenticate user

Thanks for the reply! My issue was the login-type ( i had only specified mac) After specifing the type as mac,http-pap it worked. Which method is a better way of performing the login, url redirect or post method? My next step is to add encryption. I have not been able to locate information on doing ...
by dancms
Tue Dec 13, 2011 11:55 pm
Forum: General
Topic: Hotspot with external login page - re-authenticate user
Replies: 6
Views: 3549

Re: Hotspot with external login page - re-authenticate user

I removed the ip, host is just intended as a place holder for the real ip or fqdn for example purposes.
by dancms
Tue Dec 13, 2011 9:55 pm
Forum: General
Topic: Hotspot with external login page - re-authenticate user
Replies: 6
Views: 3549

Hotspot with external login page - re-authenticate user

I have setup an external hotspot login page and everything works nicely until I send login information back to mikrotik. After the login information is sent back I keep getting redirected back to the login page. Only way to 're-authenticate' agianst radius - is to release and renew IP address on cli...
by dancms
Wed Jul 27, 2011 10:28 pm
Forum: General
Topic: Add DHCP leases to address-list
Replies: 6
Views: 7045

Add DHCP leases to address-list

I have seen some posts but still dont have a clear answer, is it possible to add dhcp leases dynamically to an address list with RADIUS or any other method?

Once again, straight DHCP, no hotspot, no pppoe.

Thanks!

-dan
by dancms
Mon Sep 13, 2010 10:17 pm
Forum: General
Topic: IPsec multiple src-address from single SA
Replies: 0
Views: 523

IPsec multiple src-address from single SA

I have a router (router A) with two networks behind it and need to create ipsec tunnel to another router (router B): Router A Network A 10.1.1.0/24 Network B 172.16.20.0/24 Router B Network 10.0.0.0/24 This is what I have tried and it doesnt work. ip ipsec peer print: address=b.b.b.b/32:500 auth-met...
by dancms
Fri Aug 27, 2010 6:05 pm
Forum: General
Topic: Framed-Route in v4.11
Replies: 8
Views: 2790

Re: Framed-Route in v4.11

Per Mikrotik - Framed-Route is not supported in DHCP-Server .
by dancms
Fri Aug 13, 2010 9:04 pm
Forum: General
Topic: Framed-Route in v4.11
Replies: 8
Views: 2790

Re: Framed-Route in v4.11

I opened a ticket, I will keep trying things in the mean time. I appreciate your help!

Thanks!
by dancms
Fri Aug 13, 2010 8:47 pm
Forum: General
Topic: Framed-Route in v4.11
Replies: 8
Views: 2790

Re: Framed-Route in v4.11

No go either:

00:43:00 radius,debug,packet Framed-IP-Address = 10.100.100.2
00:43:00 radius,debug,packet MT-Rate-Limit = "256k/1M"
00:43:00 radius,debug,packet Framed-Route = "10.200.200.0/30 10.100.100.2 1"
00:43:00 radius,debug,packet Session-Timeout = 172800
by dancms
Fri Aug 13, 2010 8:36 pm
Forum: General
Topic: Framed-Route in v4.11
Replies: 8
Views: 2790

Re: Framed-Route in v4.11

Thanks for the quick reply, I though I had used framed-route on an older version like I had specified before, but I changed to the following: 00:36:04 radius,debug,packet Framed-IP-Address = 10.100.100.2 00:36:04 radius,debug,packet MT-Rate-Limit = "256k/1M" 00:36:04 radius,debug,packet Framed-Route...
by dancms
Fri Aug 13, 2010 8:03 pm
Forum: General
Topic: Framed-Route in v4.11
Replies: 8
Views: 2790

Framed-Route in v4.11

Having issues with framed-route working, tried in 4.6 and upgraded to 4.11 same issue: 00:00:57 radius,debug,packet Framed-IP-Address = 10.100.100.2 00:00:57 radius,debug,packet MT-Rate-Limit = "256k/1M" 00:00:57 radius,debug,packet Framed-Route = "10.200.200.0/30" 00:00:57 radius,debug,packet Sessi...
by dancms
Tue Jun 08, 2010 9:31 pm
Forum: Scripting
Topic: Deleting queue rules
Replies: 2
Views: 486

Re: Deleting queue rules

Excellent, Thanks!
by dancms
Tue Jun 08, 2010 8:50 pm
Forum: Scripting
Topic: Deleting queue rules
Replies: 2
Views: 486

Deleting queue rules

I need to delete a group of rules, this used to work but does not in new versions:
queue simple print

(returns 30 rules)

:for i from 0 to 30 do {/queue simple remove $i}

What do I need to change ?

Thanks
-dan
by dancms
Mon May 10, 2010 9:31 pm
Forum: General
Topic: Display MAC address to user
Replies: 1
Views: 430

Display MAC address to user

I would like to display the users MAC address in a browser by redirecting users to locally stored HTML that returns the mac variable.

This works very easily with Hotspot by adding:

$(mac)

However, I would like to do this without using the hotspot service.

Anyway to display?

Thanks,
by dancms
Tue Apr 27, 2010 10:02 pm
Forum: General
Topic: DHCP - forcing clients to get a new IP
Replies: 9
Views: 8654

Re: DHCP - forcing clients to get a new IP

I had the same problem, with both IP and rate-limit changes with my dhcp leases. I fixed by sending Session-Timeout attribute to mikrotik from radius server for each user. Value of timeout is in seconds. Once the timeout was reached, both IP and rate-limit rule was changed. All this does is override...
by dancms
Tue Apr 27, 2010 9:52 pm
Forum: General
Topic: DHCP and RADIUS - attribute changes
Replies: 2
Views: 765

Re: DHCP and RADIUS - attribute changes

Fixed.

Have to set Session-Timeout attribute to have mikrotik check radius attributes at renewal time.

From what I see, the lease-time in DHCP-server config does not check attributes for changes.
by dancms
Tue Apr 27, 2010 9:15 pm
Forum: General
Topic: DHCP and RADIUS - attribute changes
Replies: 2
Views: 765

DHCP and RADIUS - attribute changes

I am running dhcp with radius enabled :

I am using radius attributes to set IP address and rate limit.

When client renews lease, changes to IP address and rate limit made on radius server are not reflected.

What do I need to do to make this work?

Thanks,

-dan
by dancms
Fri Apr 23, 2010 10:42 pm
Forum: General
Topic: Radius DHCP Authenticaion
Replies: 7
Views: 1213

Re: Radius DHCP Authenticaion

I talked to IEA software, the software does support this function, and it will fix my issue.

Thanks
by dancms
Fri Apr 23, 2010 6:15 pm
Forum: General
Topic: Radius DHCP Authenticaion
Replies: 7
Views: 1213

Re: Radius DHCP Authenticaion

Yeah, that would work, but I dont think my radius server supports it. Using RadiusNT by IEA software.

There is no way to do this with the mikrotik itsself?

Thanks,
by dancms
Fri Apr 23, 2010 7:12 am
Forum: General
Topic: Radius DHCP Authenticaion
Replies: 7
Views: 1213

Re: Radius DHCP Authenticaion

That's the problem, if a user is not in radius, they don't get an ip because ips are given to only those in radius.

How do I assign an ip to a user that's not in radius?

thanks,
by dancms
Tue Apr 20, 2010 8:09 pm
Forum: General
Topic: Radius DHCP Authenticaion
Replies: 7
Views: 1213

Re: Radius DHCP Authenticaion

It would be awesome if I could do this > 0 name="dhcp-1" interface=ether2 lease-time=1d address-pool=network-1 authoritative=no use-radius=yes 1 name="dhcp-2" interface=ether2 lease-time=1d address-pool=network-2 authoritative=after-10sec-delay use-radius=no This would do what I need it to do, but i...
by dancms
Tue Apr 20, 2010 6:15 pm
Forum: General
Topic: Radius DHCP Authenticaion
Replies: 7
Views: 1213

Radius DHCP Authenticaion

I am running RADIUS DHCP Authentication and would like to redirect un-authenticated users to a web site. Meaning - I would like un-authenticated users to obtain an IP from a separate IP pool. I do not want to do this using the Hotspot service. Eventhough thats what I described. Is there a way to do ...
by dancms
Fri Apr 09, 2010 8:23 pm
Forum: General
Topic: Support
Replies: 3
Views: 434

Re: Support

Well, I didnt get a reply, but I was able to get someone on the phone.

Sorry for the rant, just frustrating sometimes when you are trying to get something done.

Anyways...my immediate need is taken care of :)

Thanks
by dancms
Thu Apr 08, 2010 11:05 pm
Forum: General
Topic: Support
Replies: 3
Views: 434

Support

Is there a US support channel availible for mikrotik? I have serveral licence issues and cannot get a response from mikrotik. My most recent was 30 min ago. I purchased a key, the transaction was confirmed and now no new key has showed up. If I buy another one and get charged for two, I will never g...
by dancms
Mon Jan 25, 2010 7:26 pm
Forum: General
Topic: NetInstall
Replies: 1
Views: 327

NetInstall

I am not able to extract netinstall from the zip file posted to the downloads page.

Is there somewhere else I can get it from?

Thanks,
by dancms
Thu Dec 10, 2009 6:31 pm
Forum: General
Topic: NAT with multiple IP's
Replies: 2
Views: 3994

Re: NAT with multiple IP's

Worked very well. Thanks!
by dancms
Wed Dec 09, 2009 11:15 pm
Forum: General
Topic: NAT with multiple IP's
Replies: 2
Views: 3994

NAT with multiple IP's

Is there a way to masqurade an IP range to 'multiple' public IP's, with a round robin like behavior?

Example:
local network on LAN interface
10.0.0.0/21

External IP's assigned on WAN interface
10.1.0.1
10.1.0.2

How does the mikrotik decide what IP to masq to? does it use both?

Thanks,
by dancms
Tue Dec 08, 2009 4:31 pm
Forum: General
Topic: PPPoE server MTU
Replies: 3
Views: 2045

Re: PPPoE server MTU

Alright, I have done so and have had good luck so far. What about the connections that dont take the default value, what causes this to happen? Example: I connected a device that was hard set to 1492, mikrotik was set to 1492 and the pppoe-interface on the mikrotik shows 1488 for that connection. Th...
by dancms
Sat Nov 28, 2009 4:45 am
Forum: General
Topic: PPPoE server MTU
Replies: 3
Views: 2045

PPPoE server MTU

Looking at my PPPoE server and notice the MTU verys accross the active connections. I see this when looking at the output of: int pppoe-server print det and int print Most are all 1480, but some others are, 1476, 1466, 1454 What is the reason for this and why is the apparent default 1480 instead of ...
by dancms
Tue Feb 24, 2009 6:34 pm
Forum: General
Topic: Question about PCQ Example
Replies: 4
Views: 743

Re: Question about PCQ Example

Also when applying my mangle rules, I dont want to mark all traffic, I would like to mark based on an ip range, or better yet an address list.

Can someone give an example of how to mark packets based on an address list?

Thanks,
by dancms
Tue Feb 24, 2009 5:45 pm
Forum: General
Topic: Question about PCQ Example
Replies: 4
Views: 743

Re: Question about PCQ Example

Ok, thats exacly what I don't want,

Is there a way to do the same thing but make no referance to how much bandwidth is availible?

I assume this is controlled by the global-in / global-out settings ?
by dancms
Tue Feb 24, 2009 5:23 pm
Forum: General
Topic: Question about PCQ Example
Replies: 4
Views: 743

Question about PCQ Example

Question reguarding the following Wiki PCQ example: http://wiki.mikrotik.com/wiki/PCQ_Examples I would like to know what "equalize" bandwidth between multiple users means? -------- I am looking for a solution that sets max-limit for users on a per IP basis, (as this example does because its based on...
by dancms
Mon Jan 19, 2009 10:10 pm
Forum: General
Topic: PPPoE "authentication interval"
Replies: 3
Views: 576

Re: PPPoE "authentication interval"

Can you pont me in a more specific direction? Do I need to look at the "Disconnect-Messages" portion?

Does this feature require additional configuration of my radius server?

Thanks,
by dancms
Mon Jan 19, 2009 9:44 pm
Forum: General
Topic: PPPoE "authentication interval"
Replies: 3
Views: 576

PPPoE "authentication interval"

Is there a way for an active pppoe connection to be checked for authorization at a specified time interval? Example, I connect with my pppoe client, 10 minutes later my account is disabled. I am still connected since I was previously authenticated. I would like to implement a "re-authentication" int...
by dancms
Fri Jan 16, 2009 10:23 pm
Forum: General
Topic: Mikrotik-Rate-Limit Attribute
Replies: 17
Views: 18447

Re: Mikrotik-Rate-Limit Attribute

Got It! When I defined the attribute, there is a value called "AttributeType" 0 = string 1 = 32 bit integer I had this set to "1" which was looking at the "value" field when I setup the attribute for the user. Changing this to "0" fixed it. The correct "string" 128k/256k is now being recieved by mik...
by dancms
Fri Jan 16, 2009 10:11 pm
Forum: General
Topic: Mikrotik-Rate-Limit Attribute
Replies: 17
Views: 18447

Re: Mikrotik-Rate-Limit Attribute

Something else I noticed: In my radius database, in the attribute entry config for the user there are two areas to enter the "data" or the "value" for that attribute. Data meaning a STRING Value meaning an interger The "0" is the "value" being sent. Radius send: Mikrotik-Rate-Limit = 0 Mikrotik reci...
by dancms
Fri Jan 16, 2009 9:55 pm
Forum: General
Topic: Mikrotik-Rate-Limit Attribute
Replies: 17
Views: 18447

Re: Mikrotik-Rate-Limit Attribute

Mikrotik-Rate-Limit is set to 128k/25k in radius user config. Looks like a radius server issue- Output from radius server: radrecv: Request from host 10.0.0.1 (testnetworkPrivate) code=Auth Request(1), id=14, length=175 User-Service = Framed-User Framed-Protocol = PPP NAS-Port = 15 NAS-Port-Type = E...
by dancms
Fri Jan 16, 2009 7:39 pm
Forum: General
Topic: Mikrotik-Rate-Limit Attribute
Replies: 17
Views: 18447

Re: Mikrotik-Rate-Limit Attribute

I thought it was odd that it displays MT-Rate-Limit and not Mikrotik-Rate-Limit

Im sure that has something to do with my issue.

Using RadiusNT enterprise here.
by dancms
Thu Jan 15, 2009 10:36 pm
Forum: General
Topic: Mikrotik-Rate-Limit Attribute
Replies: 17
Views: 18447

Re: Mikrotik-Rate-Limit Attribute

Still the same result.
by dancms
Wed Jan 14, 2009 11:09 pm
Forum: General
Topic: Mikrotik-Rate-Limit Attribute
Replies: 17
Views: 18447

Re: Mikrotik-Rate-Limit Attribute

Tried on an older version and same results.
by dancms
Wed Jan 14, 2009 4:57 pm
Forum: General
Topic: Mikrotik-Rate-Limit Attribute
Replies: 17
Views: 18447

Re: Mikrotik-Rate-Limit Attribute

ROS version 3.18

The Mikrotik-Rate-Limit attribute is in the radius server attribute list.
by dancms
Tue Jan 13, 2009 9:57 pm
Forum: General
Topic: Mikrotik-Rate-Limit Attribute
Replies: 17
Views: 18447

Mikrotik-Rate-Limit Attribute

I have the Mikrotik-Rate-Limit attribute set in radius and my mikrotik log displays the following:

radius,debug,packet MT-Rate-Limit = 0x00000000

The format I used in my radius server is:

128k/256k

Am I missing something?


Thanks,
by dancms
Wed Jan 07, 2009 7:20 pm
Forum: General
Topic: PPPoE and Transparent bridge
Replies: 1
Views: 681

PPPoE and Transparent bridge

I am trying to run pppoe server on mikrotik with two bridged interfaces (WAN , LAN) with gateway upstream.

pool 10.0.0.100 -10.0.0.254

upstream gateway 10.0.0.1

Do I have to make any changes to ppp / pppoe-server server to make this work with the bridged interfaces?

Thanks,
by dancms
Tue Jul 22, 2008 9:55 pm
Forum: RouterBOARD hardware
Topic: Router board / V3 issues
Replies: 2
Views: 1030

Re: Router board / V3 issues

Wireles card is a: EMP-3602 or EMP-8602, cant remember which -

wireless interface print shows: interface-type=Atheros AR5413

Is this card supported? could this be the problem?

Thanks,
-Dan
by dancms
Tue Jul 22, 2008 5:16 pm
Forum: RouterBOARD hardware
Topic: Version 2.9 on RB333
Replies: 1
Views: 794

Version 2.9 on RB333

Can I run version 2.9 on an rb333? Where can I download it for this model?
by dancms
Mon Jul 21, 2008 9:12 pm
Forum: RouterBOARD hardware
Topic: Router board / V3 issues
Replies: 2
Views: 1030

Router board / V3 issues

I currently have some RB333 boards in service running v3 and am experiencing slow page loads / high latency etc on these. Setup is: 1 ethernet 1 wireless adaptor (EMP-3602) bridged. No firewall rules. No other functions. If I use a RB532, v2.9 and wireless adaptor (NL-2511MP Plus). No issues at all....
by dancms
Thu Jun 19, 2008 1:59 am
Forum: General
Topic: Simple queue not working V3
Replies: 4
Views: 693

Re: Simple queue not working V3

Thanks!
by dancms
Wed Jun 18, 2008 8:04 pm
Forum: General
Topic: Simple queue not working V3
Replies: 4
Views: 693

Re: Simple queue not working V3

How do I do that?

thanks,
by dancms
Wed Jun 18, 2008 12:02 am
Forum: General
Topic: Simple queue not working V3
Replies: 4
Views: 693

Simple queue not working V3

My setup is: ether1 and ether2 are bridged, ether1 is WAN ether2 is my client side. The following worked fine untill I upgraded to version 3. Now it does not have any affect. name="queue1" target-addresses=10.0.0.2/32 dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=8 queue=de...
by dancms
Thu Apr 24, 2008 4:53 pm
Forum: Scripting
Topic: Queue script problem with version 3
Replies: 1
Views: 813

Queue script problem with version 3

This script works fine in versions previous to version 3.

:for i from=2 to=254 do={/queue simple add target-address=(10.0.0. . $i . "/32") max-limit=256000/1000000}

When running this script in v3 I get this error:

value of target-address must have ip address before '/'

Any Ideas?

Thanks,
by dancms
Wed Jan 23, 2008 8:18 pm
Forum: Wireless Networking
Topic: authorization lifetime
Replies: 1
Views: 658

authorization lifetime

Where can I set the lifetime of a radius authorization?

Radius authenticates client, after x time mikrotik sends new request to radius server.

Thanks,
by dancms
Mon May 14, 2007 10:34 pm
Forum: General
Topic: Bandwith shaping with mangle and address lists problems
Replies: 9
Views: 2015

Could you explain futher what these rules are doing. I have been trying to do something simular but dont follow 100%.

Thanks,
by dancms
Mon May 14, 2007 7:17 pm
Forum: General
Topic: Parent queue help
Replies: 12
Views: 1876

Parent queue help

when adding a queue in /queue tree it asks for a parent queue.

"global-in" and "global-out"

What exactly are these and how do you change the values of them?

Is it possible to create a custom parent queue?

Thanks,
by dancms
Thu May 10, 2007 11:40 pm
Forum: General
Topic: Bandwidth shaping among several users
Replies: 6
Views: 1248

Any ideas?
by dancms
Tue May 08, 2007 5:18 pm
Forum: General
Topic: Bandwidth shaping among several users
Replies: 6
Views: 1248

Will this work then? ip firewall mangle add chain=prerouting action=mark-packet new-packet-mark=SHAPE-1 passthrough=no address-list=IP-RANGE-1 /queue type add name="PCQ_download" kind=pcq pcq-rate=64000 pcq-classifier=dst-address /queue type add name="PCQ_upload" kind=pcq pcq-rate=32000 pcq-classifi...
by dancms
Mon May 07, 2007 11:31 pm
Forum: General
Topic: Bandwidth shaping among several users
Replies: 6
Views: 1248

Lets say I need to shape ip's 10.0.0.30 through 10.0.0.254. When creating a rule I have to use x.x.x.x/24 . This shapes 254 addresses. Then I need to create exclutions somehow for the first 30 ip's I do not want shaped. Is there a way to specify an ip range instead of an subnet? 10.0.0.30-10.0.0.254...
by dancms
Fri May 04, 2007 12:06 am
Forum: General
Topic: Bandwidth shaping among several users
Replies: 6
Views: 1248

Bandwidth shaping among several users

I have tried the PCQ setup that is in the documentation: http://wiki.mikrotik.com/wiki/PCQ_Examples I have had trouble with this so I have had to setup simple queues for my network. On one segment I have over 2900 simple queues setup for clients and is getting hard to manage due to the number of ip'...
by dancms
Tue Jan 02, 2007 10:07 pm
Forum: General
Topic: QOS help
Replies: 2
Views: 768

SIP
by dancms
Tue Jan 02, 2007 6:14 pm
Forum: General
Topic: QOS help
Replies: 2
Views: 768

QOS help

I need to configure QOS on Mikrotik to put priority on all voip traffic going through the box.

Voice packets entering the (lan) are taged with DSCP 46 (ef)

How can I accomplish this?

Thanks,