Community discussions

MikroTik App

Search found 27 matches

by jamesw
Wed Oct 23, 2019 1:40 am
Forum: General
Topic: Cisco NAT outside to Mikrotik NAT rule
Replies: 3
Views: 686

Re: Cisco NAT outside to Mikrotik NAT rule

The ISP's controller is a slightly odd set up, in that it's sitting behind IP 203.203.203.60 but configured to identify itself as 103.103.103.60. So, I tell my AP to join a controller at 203.203.203.60. It talks to the controller fine, but because the controller identifies itself as 103.103.103.60, ...
by jamesw
Wed Oct 23, 2019 1:08 am
Forum: General
Topic: Cisco NAT outside to Mikrotik NAT rule
Replies: 3
Views: 686

Cisco NAT outside to Mikrotik NAT rule

I'm trying to have a Cisco AP in my lab connect to a remote controller hosted by our ISP for testing. I've been advised by my ISP that I need to use the following rule in order for it to work correctly, but this is intended for a Cisco IOS device: ip nat outside source static 103.103.103.60 203.203....
by jamesw
Sun Jul 28, 2019 3:42 pm
Forum: General
Topic: IPSEC / Xauth on Mikrotik problem
Replies: 5
Views: 944

Re: IPSEC / Xauth on Mikrotik problem

Actually, turns out I was using the wrong PSK! Doh!
by jamesw
Wed Jul 24, 2019 11:12 am
Forum: General
Topic: IPSEC / Xauth on Mikrotik problem
Replies: 5
Views: 944

Re: IPSEC / Xauth on Mikrotik problem

Anyone able to help or give me a steer?

Thanks!
by jamesw
Tue Jul 23, 2019 1:47 pm
Forum: General
Topic: IPSEC / Xauth on Mikrotik problem
Replies: 5
Views: 944

Re: IPSEC / Xauth on Mikrotik problem

Would any additional logs help? Just tying to make some progress on this :)

Thanks in advance

J
by jamesw
Mon Jul 22, 2019 2:32 pm
Forum: General
Topic: IPSEC / Xauth on Mikrotik problem
Replies: 5
Views: 944

IPSEC / Xauth on Mikrotik problem

RouterOS 6.45.2 I'm having trouble getting macOS and Android devices to connect to our VPN server hosted by the Mikrotik 110AHx2 in our office. It works fine for Windows and Ubuntu using the Shrew VPN software. The same appears in te logs for both Android and macOS clients (using their built-in VPN ...
by jamesw
Wed Jul 03, 2019 2:23 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 118757

Re: v6.45.1 [stable] is released!

We are also facing the same issue with Hotspot / RADIUS authentication broken because the Password that is send to RADIUS is garbage/corrupt.

This is affecting 1000+ customers to a big issue.

Case raised; ticket #2019070322005393

Thanks for any help.

James
by jamesw
Wed Mar 20, 2019 10:40 pm
Forum: General
Topic: Need help routing public subnet IP to internal server
Replies: 22
Views: 1250

Re: Need help routing public subnet IP to internal server

Great explanations guys. Really appreciate the informative replies.

James
by jamesw
Wed Mar 20, 2019 2:55 pm
Forum: General
Topic: Need help routing public subnet IP to internal server
Replies: 22
Views: 1250

Re: Need help routing public subnet IP to internal server

Yep, I added a drop rule and then some specific forward rules for what I want open externally. Thanks!
by jamesw
Wed Mar 20, 2019 1:32 pm
Forum: General
Topic: Need help routing public subnet IP to internal server
Replies: 22
Views: 1250

Re: Need help routing public subnet IP to internal server

Strangely, in my testing, I removed those rules completely and the server still have access behind the assigned public IP, so seems it lets everything through. Guess I need to drop all and then allow just what I need through... Weird as I thought it wouldn't work at all without the following: add ac...
by jamesw
Wed Mar 20, 2019 12:34 pm
Forum: General
Topic: Need help routing public subnet IP to internal server
Replies: 22
Views: 1250

Re: Need help routing public subnet IP to internal server

Its working now - not sure why but ARP is just set to the default "enabled" instead of proxy-arp.

Sob and co, thanks for the help.

Last question - can I still limit the inbound traffic to the public IP using the MT firewall or is everything just "passed through" to the server now?

Thanks

James
by jamesw
Wed Mar 20, 2019 9:53 am
Forum: General
Topic: Need help routing public subnet IP to internal server
Replies: 22
Views: 1250

Re: Need help routing public subnet IP to internal server

Indeed. With proxy-arp on its working, but without it's not. I'd like to avoid having to use proxy-arp if I can as it shouldn't be required I think?

Thanks
by jamesw
Wed Mar 20, 2019 1:01 am
Forum: General
Topic: Need help routing public subnet IP to internal server
Replies: 22
Views: 1250

Re: Need help routing public subnet IP to internal server

Thanks So without adding some dummy ip to the ether9 interface and then using this ip as the gateway on the server nothing would be routed, correct? I tried what you said but it still doesnt work without enabling proxy arp on ether9. Once I get this working, can I still use input firewall rules to b...
by jamesw
Tue Mar 19, 2019 10:18 pm
Forum: General
Topic: Need help routing public subnet IP to internal server
Replies: 22
Views: 1250

Re: Need help routing public subnet IP to internal server

I enabled proxy-arp on ether9 and it now works. But should I need to do this? Is this strictly required? Does it introduce any issues?

Thanks
by jamesw
Tue Mar 19, 2019 9:52 pm
Forum: General
Topic: Need help routing public subnet IP to internal server
Replies: 22
Views: 1250

Re: Need help routing public subnet IP to internal server

The torch tool shows a ping i am running to 2.1.1.1 (real ip 62.252.x.x in screenshot) from outside is being sent to ether9 and it appears it is responding but the ping fails, so, is it a firewall issue where traffic from ether9 cant go back out, like some nat or forward rule?
by jamesw
Tue Mar 19, 2019 9:31 pm
Forum: General
Topic: Need help routing public subnet IP to internal server
Replies: 22
Views: 1250

Re: Need help routing public subnet IP to internal server

Heh.

Managed to add it by removing the /32 from the network, so its just 2.2.2.1 but still not working.

The server at 2.2.2.1 plugged in to ether9 cant get any Internet. ping to 8.8.8.8 shows request timed out...
by jamesw
Tue Mar 19, 2019 7:45 pm
Forum: General
Topic: Need help routing public subnet IP to internal server
Replies: 22
Views: 1250

Re: Need help routing public subnet IP to internal server

Doesn't like it:

/ip address> add address=1.1.1.1/32 network=2.2.2.1/32 interface=ether9
invalid value for argument network
by jamesw
Tue Mar 19, 2019 7:40 pm
Forum: General
Topic: Need help routing public subnet IP to internal server
Replies: 22
Views: 1250

Re: Need help routing public subnet IP to internal server

Thanks. Even though I have 1.1.1.1 assigned as the ether5 static WAN IP already?

Thanks
by jamesw
Tue Mar 19, 2019 7:24 pm
Forum: General
Topic: Need help routing public subnet IP to internal server
Replies: 22
Views: 1250

Re: Need help routing public subnet IP to internal server

I had a look at that along with many other posts but it wasn't clear of the final outcome and how it should be configured. Ideally I just want to map an IP from my routed subnet directly to a physical server plugged in to ether9 - no PPPoE in this case or NAT/IP tunnels. Is that possible?

Thanks
by jamesw
Tue Mar 19, 2019 6:33 pm
Forum: General
Topic: Need help routing public subnet IP to internal server
Replies: 22
Views: 1250

Need help routing public subnet IP to internal server

I've spent all day trying to get this to work, and still struggling, even though its a simple task. What I want is to use a public IP from my routed subnet directly on a server inside my network (without NAT). Current setup is: The ISP provides the following over the connection (IP's changed): Stati...
by jamesw
Wed Jul 05, 2017 1:48 pm
Forum: General
Topic: VLAN Trunk issue with CRS-125 and RB100AHx2
Replies: 9
Views: 1240

Re: VLAN Trunk issue with CRS-125 and RB100AHx2

Another question... if I am only using 1 port as the trunk port on the RB1100AHx2, is eth10 (part of switch1) faster/better than just using eth11/12/13 which are directly connected to the CPU?

Would there be any benefit?

Thanks
by jamesw
Wed Jul 05, 2017 1:11 pm
Forum: General
Topic: VLAN Trunk issue with CRS-125 and RB100AHx2
Replies: 9
Views: 1240

Re: VLAN Trunk issue with CRS-125 and RB100AHx2

Setting egress is not enough. When you switch to "vlan" tab (the first to the left of "eg. vlan tag"- as on the last image you send), what can you see there? Actually, your points made me check something. On the uplink siwtch, I only had "sfp1" as an egress vlan. So, although it passed vlan ID's do...
by jamesw
Wed Jul 05, 2017 12:36 pm
Forum: General
Topic: VLAN Trunk issue with CRS-125 and RB100AHx2
Replies: 9
Views: 1240

Re: VLAN Trunk issue with CRS-125 and RB100AHx2

You need to configure a port you plugged your AP to as a trunk port for vlan 10, 30 and 40 (I'm assuming this will be a port on one of your 14 switches). Since your vlans are working OK with a cable connection I'm assuming your uplink switch and RB and configured correctly. I thought setting the eg...
by jamesw
Wed Jul 05, 2017 11:54 am
Forum: General
Topic: VLAN Trunk issue with CRS-125 and RB100AHx2
Replies: 9
Views: 1240

Re: VLAN Trunk issue with CRS-125 and RB100AHx2

Hi, Did you add eth9-meraki... port to relevant VLANs (Vlan tab on your Image 2)? On the CRS125 switch its plugged in to, or the RB1100? I have eth9-meraki listed in the egress table, so it should just pass those VLAN IDs to SFP1 (which connects to ether10 on the RB), and then the DHCP server on th...
by jamesw
Wed Jul 05, 2017 10:04 am
Forum: General
Topic: VLAN Trunk issue with CRS-125 and RB100AHx2
Replies: 9
Views: 1240

Re: VLAN Trunk issue with CRS-125 and RB100AHx2

Really hoping for some help so I can kick-start our network :) I'm sure its just a setting or tweak required. Or, is there just no way at all without using a bridge? (I am only using a single trunk port on the RB - eth10), so don't really want to have a bridge with one port and force software routin...
by jamesw
Tue Jul 04, 2017 4:52 pm
Forum: General
Topic: VLAN Trunk issue with CRS-125 and RB100AHx2
Replies: 9
Views: 1240

Re: VLAN Trunk issue with CRS-125 and RB100AHx2

Image 4 (Topology) attached
by jamesw
Tue Jul 04, 2017 3:25 pm
Forum: General
Topic: VLAN Trunk issue with CRS-125 and RB100AHx2
Replies: 9
Views: 1240

VLAN Trunk issue with CRS-125 and RB100AHx2

Hi guys. I'm coming up against an issue but I've exhausted my understanding on the topic. Basically, we have 14 x CRS125 switches all handing traffic from the patch panels. We set most of the ports on these switches to VLAN 10 using the Ingress VLAN table. We also have a couple of ports on each swit...