After the initial setup gave me trouble, I switched to using WDS, and it seems to be working good.
If there's a better alternative for daisy-chaining radios to increase range, let me know. We might use it someday.
Thanks
I'm dealing with Grooves, like the 52HPn. In the past, I've used NV2 bridges, where one of the grooves was in "ap bridge" mode, and the other was in "station bridge" mode. This worked great. Recently, I've run into a situation where the distance is too great, and there are too ma...
I have a Mikrotik script that, when first run, creates a scheduler that will run it automatically every 30 seconds. The code that creates the scheduler is fairly basic right now: :if ([/len [/system scheduler find name=my_scheduler]] = 0) \ do={ /system scheduler add name=my_scheduler \ policy=ftp,r...
I have a MikroTik router with a computer behind it. As a test, I use the computer to upload a 6 MB file. The Mikrotik router is configured with Traffic Flow in v9 mode, to send flows to our server. Running on RouterOS 6.46.4, this is the flow info for the upload (non-mac-address fields excluded): ia...
I'm on RouterOS 6.48. My script looks like this: :local myhash ({ "var"=""; }) /put "Before:" /put $myhash :set ($myhash->"var") "value" /put "After:" /put $myhash The first time I run my script, the output is: Before: var= After: var=value...
Thanks for the photo! As far as I can tell from the photo, and the block diagram, the 2 white cables are the 2.4 GHz, and are attached to the R11E miniPCIe card, while the 4 black cables are the 5GHz, and attach to the board directly. Does that sound right? What I'm wondering is what kind of connect...
We are looking at the RB4011 . It looks great, except that we need the antennas to be detachable, so that we can attach our own, much larger, external antennas. The unit will be indoors, while our external, outdoor antennas will be outdoors. It's hard to tell if the antennas on the RB4011 are detach...
Block Diagrams! Perfect!
Exactly what I was looking for. After you mentioned it, a quick search shows that every mikrotik's device page comes has a block diagram for it.
I had no idea.
I need a router that supports both 2.4 GHz and 5 GHz at the same time. I'll create a wireless network using 2.4 GHz, and a separate, unrelated network using the 5 GHz. I know some routers support both 2.4 GHz and 5 GHz, but not at the same time. How can I tell when a router does both, instead of jus...
I didn't say you have to update every time there's one available - I said that every time you perform an update, which idlemind suggested we do on every device under our control, you risk thousands of dollars of damage (per device) if something goes wrong. I promise you I am not exaggerating when I ...
Ok - thanks mkx - I think I follow what you are trying to say. Unfortunately, I ran some more tests, and the results are not consistent with that. I have 2 devices I tested on: hEX lite (RouterBOARD 750r2) MIPSBE RouterOS v6.46.4 RB1100AHx2 POWERPC RouterOS v6.46.4 Both are configured with a LAN bri...
We have hundreds of Mikrotik devices deployed all over North America. Every time you do a RouterOS update: You suffer downtime, which in our case, costs thousands of dollars Risk something going wrong, and the device not coming back online after a reboot, requiring a field tech to be dispatched, cos...
I'm using RouterOS 6.46.4. I enabled Traffic Flow, and added several interfaces to be monitored, including a bridge, but soon noticed that my collector wasn't getting any traffic on the bridge's network. I had to add the individual interfaces that are in the bridge in order for the collector to see ...
Ran into this problem recently too. For anyone that comes across this, here's the solution, as it's not well-documented. I'm using RouterOS v6.46.4. To setup Option 160, do this: /ip dhcp-server option add code=160 name="Captive Portal" value="'https://my.server.com/some/page'" N...
Running RouterOS 6.43.7. In IP --> Settings, I have an "ARP Timeout" value of 00:00:30. If I have a device connected to the router, and I unplug it, it takes several minutes for that ARP entry to disappear from the ARP table. Is this a bug, or am I missing something? Edit: If I delete the ...
I am using the latest version of Winbox (v3.20) to connect to a remote router running RouterOS 6.45.7. I'm trying this on 2 computers: one running Fedora, and one running Windows 10. The 2 computers are on the same network. The one running Fedora, which is using Wine to run Winbox, connects to the r...
RouterOS 6.43.7 made changes to Netflow, which now shows the Source MAC of the devices on the LAN.
There's no destination MAC for returning traffic, but you have the LAN IP of the LAN device, so it should be easy enough to create an in-memory map of LANIP<-->MAC on the Netflow collector.
I have a Router setup with RouterOS 6.38. It has a LAN Bridge that all the LAN ports are a part of, and a WAN interface. NAT, DHCP server on LAN - pretty basic setup. Enabling Traffic Flow, I can see that both in IPFIX mode, and Netflow v9 mode, the exported data has a destinationMacAddress and a po...
Thanks. I haven't tried the Python part of it yet, but the collector seems to be working well with Mikrotik's Netflow V9. I should be able to use that. Netflow V9 is not super efficient though, as it sends me a ton of fields I don't care about. IPFIX is nicer, as you can specify the fields you want....
I'm trying to analyze the raw NetFlow data coming from a Mikrotik using Python. The Mikrotik is configured to send IPFIX data to my machine. It looks like one of the few available pieces of code that can analyze IPFIX data is found in PyPi: https://pypi.org/project/ipfix/#description I'm having trou...
The users don't work for our company. They are our customers. We can tell them "if you're using our service, it's going to have some restrictions". We can't terminate anyone. The best we can do is terminate our services, and if we do that, then we don't have a customer, which is shooting o...
Haha. Exact requirements. Good one. All verbal. All loosely defined. After I build it, if he doesn't like it, he'll make me change it. Like I said - we need to be able to throttle speed based on category. Category being netflix, social media, youtube, etc. His words. We have a network appliance that...
As far as I can tell, neither MOAB, nor https://axiomcyber.com/shield/ has anything to do with traffic shaping. They block traffic to and from dangerous IPs. My use case has nothing to do with security. I need to rate limit (not block) traffic based on category. Also, I'm dealing with domain names -...
As far as I know, using the tls-host rule would require me to create 2 million firewall rules, as there are 2 million hosts I'd be checking for. At least a few thousand, if I narrow it down to only certain categories I care about. I'm fairly certain if every single packet going through a mikrotik ha...
I have HTTP and HTTPS traffic on my LAN going to the internet. I need to be able to look at the domain the traffic is destined to, and compare it to a list of domains to determine if the traffic is social media, or business, or porn, or something else. Based on what category it's in, I then want to ...
When a hotspot user wants to buy more time, they get to this page: https://USER_MANAGER/user/SOMETHING and login. When they do that, they see this: Screen Shot 2018-11-26 at 1.37.49 PM.png Are these customizable at all? I looked in the User Manager's files/, and the only thing I see is the umfiles f...
This was a 493AH.
A different 493AH running RouterOS 6.39.2 didn't seem to have the same issue.
Updating the problem device to 6.40 (the next version, as there is no 6.39.4) seemed to fix the issue.
Sounds like a bug with 6.39.3.
I'm using RouterOS 6.39.3, and when I create a dynamic address list with something like: /ip firewall address-list add list=test address=1.2.3.4 timeout=00:40:00 The address list entry shows up, but automatically gets deleted within a few seconds. Sometimes, it takes a minute, or up to 5 minutes. It...
Bloody safari! I did a search in my safari browser on that page for ssl. Turns out it only showed me words that started with ssl! Anything separated by a - or a _ was considered a new word, so it found some ssl packages, but not the main openssl package! I totally missed it. Trying it now. It instal...
i think you can get the ssl packages directly from the openwrt website, available with each release example https://archive.openwrt.org/chaos_calmer/15.05/ar71xx/mikrotik/packages/ The release we are working with is Attitude Adjustment (12.09), so I guess the repo for that would be: https://archive...
This may already be covered at some point in the previous 8 pages of this thread, but this has been my experience over the past 24 hours trying to get Python running in Metarouter on RB493AH: Working Image: http://openwrt.wk.cz/trunk/mr-mips/openwrt-mr-mips-rootfs-31411-basic.tar.gz RouterOS Version...
Interesting... It seems like I actually ran into that yesterday. I think I was using http://openwrt.wk.cz/trunk/mr-mips/openwrt-mr-mips-rootfs-31079.tar.gz. It worked for a bit, and then my RB493 started booting up, and then losing power after a few seconds and rebooting. My 493 wasn't new - it was ...
hi guys. I work for a company that heavily uses mikrotiks, and as one of the only software developers that works for my company, I've written tons of code using the mikrotik scripting language. Unfortunately, it is by far the worst programming/scripting language I have ever had the displeasure of wo...
We have a site with very limited bandwidth (10 Mbps download/1 Mbps upload), and dozens of users. The main router on site is a mikrotik. We want to have the mikrotik distribute the bandwidth evenly to every user, in such a way that if there's only one active user, he gets the entire 10Mbps/1Mbps, bu...
We have a mikrotik device where the Hotspot feature is turned on by a script. As soon as Hotspot is turned on, it creates a bunch of firewall filter rules at the top, ahead of every other firewall rule. Is there any way to have a firewall filter rule that always comes BEFORE all the dynamic filter r...
I sent an email to Mikrotik Support, and this is what they told me: the time DPD waits for each packet is directly linked to the max-failures setting. If you set max-failures to 1, it will wait 1 second, once. If you set max-failures to 3, it will wait 3 seconds for each packet, 3 times If you set m...
I am dealing with an IPsec tunnel over a satellite network. One thing I keep seeing in the logs is that Dead Peer Detection keeps dropping the tunnel because it doesn't get a reply. I see this every few hours. I suspect that this may be caused by Dead Peer Detection not waiting long enough to hear a...
I'm not using MikroTik's OpenVPN server - I just have OpenVPN traffic going through the mikrotik router.
There's no way to identify the OpenVPN traffic with firewall rules?
I need to have both HTTPS and OpenVPN traffic going to a mikrotik router, both on port 443. Can I have the MikroTik redirect HTTPS traffic to my web server (ex. 192.168.6.70) and OpenVPN traffic to my OpenVPN server (ex. 192.168.6.75)? Can the MikroTik tell the difference between OpenVPN and HTTPS o...
After several hours of messing with it, this is what I found: Since we told the bridge to pass all layer 2 traffic through the firewall rules, Winbox traffic, even when it's using the MAC address to connect will pass through the firewall rules. This means you need firewall rules to allow MNDP and Ma...
I did a packet capture on the Mikrotik, and another one on the client. It looks like the client is seeing responses from the DNS server (8.8.8.8 in my case) that aren't actually coming from the DNS server. The mikrotik packet capture shows proper DNS responses that give answers to the DNS queries th...
I tried 2 more things: Under Bridge --> Settings, I disabled "Allow Fast Path". According to this page , "Fast path allows to forward packets without additional processing in the Linux kernel". Sounds like a way to bypass the firewall rules that make hotspot work, which I probabl...
It looks like none of the firewall rules that are dynamically created when hotspot is enabled were being hit until I went to Bridge --> Settings and set "Use IP Firewall" to on. Now, it kind of sort of works - it redirects clients to the hotspot login page for some web requests, but not ot...
If it's a feature that works as long as you haven't touched anything else, but breaks down if you look at your router the wrong way without any indication after that, it's a pretty crappy feature and should be removed. At the very least, if you modify something that breaks it from functioning proper...
If I have an RB751 with all 5 ethernet ports, and the wifi interface part of the same bridge, so that the entire thing is acting as one switch and wireless access point, can I setup hotspot on it?
Or does hotspot need to be on a router?