Community discussions

Search found 1032 matches

by Anumrak
Thu Oct 17, 2019 5:47 pm
Forum: Beginner Basics
Topic: IPv6 how to use it right
Replies: 37
Views: 2116

Re: IPv6 how to use it right

Static ipv6 is present ... Many first wave ip6 routers from tplink have such interface newest has ipv6 dhcp/slaac auto option but i dont have it to test ... 80 procent ipv6 real routers has such interface that im described old ipv6 Support. Ive test emulator it works for me. There is no none addres...
by Anumrak
Thu Oct 17, 2019 4:40 pm
Forum: Beginner Basics
Topic: IPv6 how to use it right
Replies: 37
Views: 2116

Re: IPv6 how to use it right

There is no such option https://emulator.tp-link.com/Archer_C7/Index.htm (hardware version v1) and tplink 940v3 such interface and 840n
Looks like this emulator is broken. You have to have an option to add any static address here. Try another router with ipv6 support just for test.
by Anumrak
Thu Oct 17, 2019 4:19 pm
Forum: Beginner Basics
Topic: IPSec Tunnel with specific encryption Domain [SOLVED]
Replies: 4
Views: 237

Re: IPSec Tunnel with specific encryption Domain [SOLVED]

I meant that, for example, you have 172.17.0.0/24 LAN with router's IP 172.17.0.1 on 1st side and 172.17.1.0/24 LAN with router's IP 172.17.1.1. So you have to add static routes beween these two subnets like: ip route add dst-address=172.17.1.0/24 gateway=192.168.250.2 distance=1 add dst-address=172...
by Anumrak
Thu Oct 17, 2019 3:51 pm
Forum: Beginner Basics
Topic: IPv6 how to use it right
Replies: 37
Views: 2116

Re: IPv6 how to use it right

I cant write here anything ... Just defaults :: If write here ip of mikrotik at vlan100 it gives an error 51000 at change it back to :: Okay. LAN is OK. Try to choose delegated prefix on WAN interface? You have to receive IPv6 address and gateway address from Tik via router advertisment message. WA...
by Anumrak
Thu Oct 17, 2019 3:40 pm
Forum: Forwarding Protocols
Topic: OSPF - distribute static route to selective neighbor instead of all neighbors
Replies: 3
Views: 172

Re: OSPF - distribute static route to selective neighbor instead of all neighbors

I don't believe it's possible (Mikrotik or not) to implement filters per neighbor in OSPF...

Use BGP. That's one way to solve your issues.
It's not about filter per neighbor, it's about filtering subnets in LSA in inbound direction.
by Anumrak
Thu Oct 17, 2019 3:30 pm
Forum: Forwarding Protocols
Topic: OSPF - distribute static route to selective neighbor instead of all neighbors
Replies: 3
Views: 172

Re: OSPF - distribute static route to selective neighbor instead of all neighbors

Hey. In office B try to use ospf-in filter like:

/routing filter add chain=ospf-in prefix=192.168.11.0/24 action=discard

This way you can receive this subnet in office A only.
by Anumrak
Thu Oct 17, 2019 3:12 pm
Forum: Beginner Basics
Topic: IPv6 how to use it right
Replies: 37
Views: 2116

Re: IPv6 how to use it right

And what routes do you have on TP-Link router to Mikrotik side?
by Anumrak
Thu Oct 17, 2019 2:27 pm
Forum: Beginner Basics
Topic: IPv6 how to use it right
Replies: 37
Views: 2116

Re: IPv6 how to use it right

Yes.
Can you ping ipv6 address of your ISP from your router? Can you ping 2001:4860:4860::8888 from your router?
by Anumrak
Thu Oct 17, 2019 2:15 pm
Forum: Beginner Basics
Topic: IPv6 how to use it right
Replies: 37
Views: 2116

Re: IPv6 how to use it right

Ive bind [*]2a01:xx:xxxx:1000::73 to WAN of Client Router at vlan 100 2a01:xx:xxxx:1000::1 Mikrotik Router vlan100 2a01:xx:xxxx:1001::/64 to LAN of client Router i've add Static Router 2a01:xx:xxxx:1001::/64 gateway vlan100 Mikrotik can ping 2a01:xx:xxxx:1000::73 for 1-2 min then timeout .... but C...
by Anumrak
Wed Oct 16, 2019 5:25 pm
Forum: General
Topic: VPN L2TP site to client windows
Replies: 1
Views: 64

Re: VPN L2TP site to client windows

Hosts and gateway on the same subnet? If yes, allow icmp requests to host machines and make sure that you not source natting their replies. If no - add a route to 192.168.0.200 host's subnet on the client side.
by Anumrak
Wed Oct 16, 2019 5:13 pm
Forum: General
Topic: Weird IP Spoofing Ddos Attack [Need Help]
Replies: 2
Views: 162

Re: Weird IP Spoofing Ddos Attack [Need Help]

The only one idea is eBGP peering with several ISP + firewall box from cyber security company with license including their support. There is no way you can reflect or stop UDP DDoS with Tik whatever box.
by Anumrak
Wed Oct 16, 2019 5:04 pm
Forum: Beginner Basics
Topic: IPv6 how to use it right
Replies: 37
Views: 2116

Re: IPv6 how to use it right

And yeah, Ripper, if you will configure same /64 subnet on WAN and LAN sides, it'd be the same as 195.100.50.0/29 on WAN and 195.100.50.0/29 on LAN: your router won't route your traffic to same network via different interfaces, so grab /64 subnet from /60 "special ptp prefix" and grab /56 except tha...
by Anumrak
Wed Oct 16, 2019 3:35 pm
Forum: Beginner Basics
Topic: IPSec Tunnel with specific encryption Domain [SOLVED]
Replies: 4
Views: 237

Re: IPSec Tunnel with specific encryption Domain [SOLVED]

Hey. Yes, you can. Just add static routes from each side and create action=accept NAT rules for local address space before normal source nat rule.
by Anumrak
Wed Oct 16, 2019 2:20 pm
Forum: Beginner Basics
Topic: IPv6 how to use it right
Replies: 37
Views: 2116

Re: IPv6 how to use it right

IPv6 is native IP rpotocol for Windows OS, IPv4 is secondary one. My advice is this one for your clients: https://wiki.mikrotik.com/wiki/Manual:H ... e_for_Home

Otherwise - static routing which is pain in the ass...
by Anumrak
Wed Oct 16, 2019 2:15 pm
Forum: General
Topic: [help] Cannot ping pptp client
Replies: 1
Views: 131

Re: [help] Cannot ping pptp client

Hey. Try not to NAT pptp clients private addresses with upper NAT rules with accept action. Also check your firewall filter rules before main forwarding rule.
by Anumrak
Wed Oct 16, 2019 1:54 pm
Forum: Beginner Basics
Topic: Routing on one interface do not work
Replies: 1
Views: 134

Re: Routing on one interface do not work

Hey. Just add a bridge interface and assign each ethenet interface to it to determine tagged and untagged traffic.

Read more here https://wiki.mikrotik.com/wiki/Manual:S ... s_Ports.29 and here https://wiki.mikrotik.com/wiki/Manual:Bridge_VLAN_Table
by Anumrak
Wed Oct 16, 2019 1:30 pm
Forum: Beginner Basics
Topic: IPv6 how to use it right
Replies: 37
Views: 2116

Re: IPv6 how to use it right

It's not really practical to give to users prefixes for static configuration. Try to find newest firmware for TP-Link routers with IPv6 SLAAC config.
by Anumrak
Wed Oct 16, 2019 11:00 am
Forum: Wireless Networking
Topic: Best practices for "guest" wireless networks
Replies: 3
Views: 503

Re: Best practices for "guest" wireless networks

Also DHCP server with dynamic arp bindings to each host with arp reply only function on wifi interface.
by Anumrak
Wed Oct 16, 2019 10:55 am
Forum: Beginner Basics
Topic: IPv6 how to use it right
Replies: 37
Views: 2116

Re: IPv6 how to use it right

At many TP-link routers 1-2 year old with ipv6 support no SLAAC option just DHCPv6, PPPoE, Tunnel 6to4 and STATIC IP... So as I've understand I have to declarate /56 for each end user router ? As I don’t have SLAAC option at router I have to use Static V6 ip configuration I've enter IPv6 Address: I...
by Anumrak
Mon Oct 14, 2019 5:02 pm
Forum: Beginner Basics
Topic: port forward not working for me
Replies: 9
Views: 453

Re: port forward not working for me

its a remote site so users needs site2site vpn and security needs port forward to access alarm from iphone on wan i dont think that i am using "same dst port in the same two ports but different hosts." host 1= port 1234 host 2= port 2345 add action=dst-nat chain=dstnat disabled=no dst-port=1234 in-...
by Anumrak
Mon Oct 14, 2019 3:45 pm
Forum: Beginner Basics
Topic: port forward not working for me
Replies: 9
Views: 453

Re: port forward not working for me

I think problem is that you try to establish second TCP session with different destination port. And you need the same as the first one. And why you using NAT while you using openvpn? Just make static route from source to destination on your Tik without NAT. You can't dst NAT same dst port in the sa...
by Anumrak
Mon Oct 14, 2019 3:33 pm
Forum: Beginner Basics
Topic: port forward not working for me
Replies: 9
Views: 453

Re: port forward not working for me

Can you ping both of them from a gateway?
by Anumrak
Mon Oct 14, 2019 3:30 pm
Forum: General
Topic: VPN cant be established - Mikrotik using internal IP
Replies: 1
Views: 144

Re: VPN cant be established - Mikrotik using internal IP

Hey. Use DynDNS service to map your global IP to static DNS A record. Or just remember your global IP and establish connection by IP without DNS at all. And dstNAT layer 4 ports from modem to Tik of course.
by Anumrak
Mon Oct 14, 2019 3:17 pm
Forum: Beginner Basics
Topic: port forward not working for me
Replies: 9
Views: 453

Re: port forward not working for me

Both hosts are PCs?
by Anumrak
Fri Oct 11, 2019 3:02 pm
Forum: Beginner Basics
Topic: IPv6 how to use it right
Replies: 37
Views: 2116

Re: IPv6 how to use it right

That's what I mentioned as second option. :)
I thought you talk about TP-Link's LAN, not uplink. Topic starter talked about his LAN.
by Anumrak
Fri Oct 11, 2019 2:58 pm
Forum: Beginner Basics
Topic: IPv6 how to use it right
Replies: 37
Views: 2116

Re: IPv6 how to use it right

But how does TP-Link get prefix from upstream?
Router won't receive the prefix, but he can route /48 with /64 static net that ISP have to provide.
by Anumrak
Fri Oct 11, 2019 2:21 pm
Forum: Beginner Basics
Topic: IPv6 how to use it right
Replies: 37
Views: 2116

Re: IPv6 how to use it right

Hey. TP-Link router have to support IPv6 SLAAC with RFC4941, so your windows and Linux machine does. You dont need dhcpv6 server.
by Anumrak
Thu Oct 10, 2019 1:19 pm
Forum: General
Topic: Allow access to devices from other network
Replies: 8
Views: 1551

Re: Allow access to devices from other network

Hey. Just configure a static routing on device behind WAN port. Also make sure that you have reverse route on hAP router.
by Anumrak
Thu Oct 10, 2019 10:58 am
Forum: General
Topic: Slow connection via mikrotik
Replies: 17
Views: 2121

Re: Slow connection via mikrotik

What you got on IP layer? Print here ping and traceroute diagnostics from your PC to 8.8.8.8 with Tik in the middle.
by Anumrak
Tue Oct 08, 2019 5:07 pm
Forum: General
Topic: intervlan routing
Replies: 13
Views: 1134

Re: intervlan routing

70 and 40 mb/sec are running simultaneously or by one?
by Anumrak
Tue Oct 08, 2019 4:43 pm
Forum: General
Topic: intervlan routing
Replies: 13
Views: 1134

Re: intervlan routing

Every red line = 1000MF. LACP = 4Gb/s. ISP 100 Mb/s upload and 20Mb/s send.
I 'm using UTP5e.
Okay. You mean 100 mb/sec upload and 20 mb/sec download? 100 from you to Internet and 20 from Internet to customers?
by Anumrak
Tue Oct 08, 2019 3:32 pm
Forum: General
Topic: intervlan routing
Replies: 13
Views: 1134

Re: intervlan routing

What is your ISP link bandwidth?
What is your LACP Link bandwidth between Swicth and Tik? Which links of which media do you use in this bundle? Do you have some phy errors between any of links in a bundle?
by Anumrak
Tue Oct 08, 2019 3:20 pm
Forum: Beginner Basics
Topic: Dual Wan config on my router
Replies: 18
Views: 1991

Re: Dual Wan config on my router

Hey. Why you want 2 LAN IPs for your WANs? Just use your single LAN for both WAN with different route distance, and create address list, for example "WAN", to add both interfaces there and use source NAT with masquerade action for your LAN. That's it.
by Anumrak
Tue Oct 08, 2019 3:15 pm
Forum: General
Topic: Slow connection via mikrotik
Replies: 17
Views: 2121

Re: Slow connection via mikrotik

Hello. Everyone I'm new here. I have a hard time with mikrotik model: RB2011UiAS-2HnD I Have a router with internet connection (8Mb). We set configure to have internet using the mikrotik as DHCP, DNS, hotspot on the router internet is speed, but through mikrotik (connected alone), it's disappointin...
by Anumrak
Tue Oct 08, 2019 3:12 pm
Forum: General
Topic: intervlan routing
Replies: 13
Views: 1134

Re: intervlan routing

I made intervlan routing ( to only one host): add action=masquerade chain=srcnat disabled=yes dst-address=10.1.4.21 \ src-address=10.1.64.0/18 add action=masquerade chain=srcnat disabled=yes dst-address=10.1.4.21 \ src-address=10.1.128.0/18 add action=masquerade chain=srcnat disabled=yes dst-addres...
by Anumrak
Tue Oct 08, 2019 3:07 pm
Forum: Beginner Basics
Topic: ISP Setup
Replies: 9
Views: 1059

Re: ISP Setup

You should keep DHCP Server hardware in centralized place far away from each branch. Use L3 only of branch routers and use "ip helpers" to redirect dhcp discover packets from your clients. PADI can be terminated on branch routers.
by Anumrak
Tue Oct 08, 2019 2:57 pm
Forum: General
Topic: Router's default Address after Custom Configured [SOLVED]
Replies: 2
Views: 674

Re: Router's default Address after Custom Configured [SOLVED]

Hey. It's DNS flood from outside, perhaps from your ISP. So just disable your DNS "allow-remote-requests" option. If it's already disabled, then relax. Every router in the world drops so many trash you can't imagine.
by Anumrak
Tue Oct 08, 2019 2:50 pm
Forum: Beginner Basics
Topic: Connect Many Router
Replies: 1
Views: 167

Re: Connect Many Router

Hey. And why office 1 is up and running? What's the difference between 1 and 2?
by Anumrak
Mon Oct 07, 2019 5:14 pm
Forum: Forwarding Protocols
Topic: MPLS bug?
Replies: 4
Views: 941

Re: MPLS bug?

Hey. Did you fix this? If yes, then how? If no, have you tried OSPF process reset?
by Anumrak
Thu Sep 12, 2019 5:10 pm
Forum: General
Topic: Redundant routers/switches
Replies: 11
Views: 1000

Re: Redundant routers/switches

You have to use VRRP on sw1 and sw2 via sw3 to track uplinks from sw1 to sw3 and from sw2 to sw3.
by Anumrak
Thu Sep 12, 2019 5:03 pm
Forum: Beginner Basics
Topic: How to change source IP to destination network
Replies: 8
Views: 1035

Re: How to change source IP to destination network

This is what I tried:
/ip firewall nat
add action=src-nat chain=srcnat dst-address=172.21.0.0/24 to-addresses=172.21.2.33
But this does not seem to work. Is this the right way to accomplish this? How do I test this?
Also, specify outbound interface to understand what you are doing.
by Anumrak
Thu Sep 12, 2019 4:38 pm
Forum: Beginner Basics
Topic: 2nd WAN issue, unable to ping internet from Mikrotik itself [SOLVED]
Replies: 6
Views: 667

Re: 2nd WAN issue, unable to ping internet from Mikrotik itself [SOLVED]

Does the address of router is up to NAT rules?
by Anumrak
Thu Sep 12, 2019 4:32 pm
Forum: General
Topic: Experiencing this issue
Replies: 1
Views: 232

Re: Experiencing this issue

You can resolve this issue with experiments! :) Unplug all cables and plug them one by one to find the problem interface. If you inside card damaged after lightning hit, there is nothing you can do about it.
by Anumrak
Thu Sep 12, 2019 4:30 pm
Forum: General
Topic: Load Balance and IP Public
Replies: 2
Views: 442

Re: Load Balance and IP Public

Follow your routing tables and firewall filters.
by Anumrak
Thu Sep 12, 2019 4:22 pm
Forum: Scripting
Topic: Know connected MAC-Adress
Replies: 8
Views: 905

Re: Know connected MAC-Adress

Hi, I have a microtik router that gives DHCP and I would like to know the MAC of connected devices. The following script tells me if a device is connected to the microtic by Wlan: :local iPhone [/int wire reg find mac-address="A8:9C:ED:CD:F8:12"]; But I want to know dhcp clients. In IP / ARP I can ...
by Anumrak
Thu Sep 12, 2019 4:18 pm
Forum: General
Topic: Redundant routers/switches
Replies: 11
Views: 1000

Re: Redundant routers/switches

There is nothing to be confused about, use VRRP :)
by Anumrak
Thu Sep 12, 2019 4:12 pm
Forum: Beginner Basics
Topic: Router on a Stick
Replies: 6
Views: 718

Re: Router on a Stick

Hey. What address space in a LAN network are you using for Internet access? Private ones with NAT function or global ones?
by Anumrak
Thu Sep 12, 2019 4:09 pm
Forum: Beginner Basics
Topic: IPv6 not working with a static /48 prefix
Replies: 7
Views: 769

Re: IPv6 not working with a static /48 prefix

Hey. You should set your default route to ISP's global address, not link-local.

And yeah, you better obtain static /48 prefix from them. Not by dhcpv6.
by Anumrak
Mon Sep 09, 2019 5:52 pm
Forum: Beginner Basics
Topic: BGP and advertising
Replies: 1
Views: 190

Re: BGP and advertising

Hey. Try to use "deny all" rule in output filter.
by Anumrak
Mon Sep 09, 2019 5:40 pm
Forum: Beginner Basics
Topic: 1 router for 3 networks
Replies: 1
Views: 255

Re: 1 router for 3 networks

Hey. Without VLANs, one interface - one ip network - one dhcp server. You can bind several ethernet interfaces to one network, but not vice versa(only if your switch support 802.1Q protocol and you know how to configure the switch and the main mikrotik router). Your Wi-Fi repeater or router connecte...
by Anumrak
Mon Sep 09, 2019 5:29 pm
Forum: Beginner Basics
Topic: Unable to ping/trace from lan
Replies: 7
Views: 666

Re: Unable to ping/trace from lan

How about to disable your PC firewall for a short period of time and try again?
by Anumrak
Mon Sep 09, 2019 5:23 pm
Forum: General
Topic: BGP-safety issue
Replies: 2
Views: 517

Re: BGP-safety issue

Can confirm this behavior. I would go a bit further and ask for the out filter to be required when configuring a new peer.
Nice suggestion.

MichaelHallager, does this behavior occur in a 6.44.5?
by Anumrak
Thu Sep 05, 2019 8:51 am
Forum: General
Topic: dhcp1 offering lease!
Replies: 2
Views: 377

Re: dhcp1 offering lease!

Hey. The client can't receive IP address from your dhcp server for some reason. B0:48:7A:BF:C5:C5 is TP-link hardware, possibly router, but I'm not sure. Your goal is: 1) Understand what is this hardware near you or your house; 2) Which interface of Mikrotik router dhcp client want to receive IP add...
by Anumrak
Fri Aug 23, 2019 3:34 pm
Forum: Forwarding Protocols
Topic: OSPF Network Statement [SOLVED]
Replies: 3
Views: 572

Re: OSPF Network Statement [SOLVED]

Hey. It will send only network based advertisments.
by Anumrak
Fri Aug 23, 2019 3:31 pm
Forum: Forwarding Protocols
Topic: OSPF down problem
Replies: 11
Views: 1539

Re: OSPF down problem

Hey. Check your router-id's on all routers. Are they unique?
by Anumrak
Wed Aug 21, 2019 11:53 am
Forum: General
Topic: New to mikrotik, forward chain help needed
Replies: 3
Views: 449

Re: New to mikrotik, forward chain help needed

Hey. Default firewall filter for ipv4 and for ipv6 are pretty safe. You can backup your config to your PC, then do this https://wiki.mikrotik.com/wiki/Manual:Reset copy filter rules to notepad, recover your config, understand the logic of these rules and insert rules you need.
by Anumrak
Wed Aug 21, 2019 11:45 am
Forum: General
Topic: Playstation NAT issues on 6.45.3
Replies: 3
Views: 535

Re: Playstation NAT issues on 6.45.3

Hey

1) Do you have globaly routable IP address from your ISP? Not from 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0./12, 192.168.0.0/16 ranges.
2) I would manually configure destination NAT rules.
by Anumrak
Tue Aug 20, 2019 5:58 pm
Forum: General
Topic: IPv6 accept-ra bug
Replies: 2
Views: 549

Re: IPv6 accept-ra bug

I have a few RB951G's which act as APs/bridges (not routers). They have this configuration: /ipv6 settings set accept-router-advertisements=yes forward=no This kind of works, because the devices indeed accept RAs and self-assign IPv6 addresses and default routes, but there are two problems with it:...
by Anumrak
Mon Aug 12, 2019 5:35 pm
Forum: General
Topic: Allow traffic between isolated subnets? [SOLVED]
Replies: 8
Views: 711

Re: Allow traffic between isolated subnets? [SOLVED]

Hey. If you will shut the drop rule off, will the traffic forward between networks? If no, try to check the firewalls on PCs, if yes - try to set the input interface in upper rule.
by Anumrak
Fri Aug 09, 2019 5:49 pm
Forum: Beginner Basics
Topic: IPv6 Tunneling
Replies: 5
Views: 623

Re: IPv6 Tunneling

Hello, Thanks for the reply Yeah I just notice it since My IPv6 will only work when the router still enables the IPv4 address. Are there any references that I can read about this matter? books or papers? IPv4 connectivity as a box and your brand new IPv6 addresses as a items in the box. No box, no ...
by Anumrak
Fri Aug 09, 2019 5:16 pm
Forum: General
Topic: Routing users on MikroTik
Replies: 1
Views: 250

Re: Routing users on MikroTik

On one MikroTik router, I want to divide my users to two groups and assign each group to a separate network (two networks). How do I do that? Any Suggestion ? Thank you. Via one ethernet interface with vlan 2 and 3 networks 192.168.0.0/24 and 192.168.1.0/24 Via 2 interfaces same networks, but witho...
by Anumrak
Fri Aug 09, 2019 5:00 pm
Forum: General
Topic: Port forward for a PPTP VPN user
Replies: 2
Views: 322

Re: Port forward for a PPTP VPN user

Heya All! How do I open a port for a PPTP vpn user? I tried different solution online but it didn't worked. I mean that PPTP VPN user can use a service on that port. Local Address: 192.168.1.251 Remote Address: 192.168.1.250 Target Port: 7268 Thanks! Hey. Can you rephrase a sentance? PPTP server li...
by Anumrak
Wed Jul 17, 2019 10:33 am
Forum: Forwarding Protocols
Topic: OSPF Interface all passive
Replies: 9
Views: 1258

Re: OSPF Interface all passive

Not as easy when you have a few hundred vlans. Not bad to script but would be nice to have a simple checkbox to automatically have all interfaces as passive and then add the ones you want. /routing ospf interfaces add interface=all area=backbone passive=yes Exactly :) https://wiki.mikrotik.com/wiki...
by Anumrak
Tue Jul 16, 2019 11:06 am
Forum: Forwarding Protocols
Topic: OSPF Interface all passive
Replies: 9
Views: 1258

Re: OSPF Interface all passive

I wish there was a simple way to mark all instances as passive except the ones we add manually.
Its easy enough with winbox software as a GUI.
by Anumrak
Tue Jul 16, 2019 11:01 am
Forum: Announcements
Topic: v6.44.5 [long-term] is released!
Replies: 97
Views: 33669

Re: v6.44.5 [long-term] is released!

I wish the "long-term" channel would only have releases with bugfixes and security fixes, not a bunch of new features and underlying changes that need to be tested before I can apply the update to fix a security vulnerability. IMO, "long-term" channel should stay in 6.43.x branch and just receive f...
by Anumrak
Mon Jul 15, 2019 4:25 pm
Forum: Forwarding Protocols
Topic: PPPoE over VPLS Tunnel - Client Ping mac server pppoe but it does not connect
Replies: 6
Views: 675

Re: PPPoE over VPLS Tunnel - Client Ping mac server pppoe but it does not connect

When you do ping, its travel via IP protocols with ospf support. Try to look at your mpls LSP to your pppoe server.
by Anumrak
Mon Jul 15, 2019 4:18 pm
Forum: Announcements
Topic: v6.44.5 [long-term] is released!
Replies: 97
Views: 33669

Re: v6.44.5 [long-term] is released!

I wish the "long-term" channel would only have releases with bugfixes and security fixes, not a bunch of new features and underlying changes that need to be tested before I can apply the update to fix a security vulnerability. IMO, "long-term" channel should stay in 6.43.x branch and just receive f...
by Anumrak
Thu Jul 11, 2019 5:38 pm
Forum: Beginner Basics
Topic: Network isolation using VRF?
Replies: 8
Views: 761

Re: Network isolation using VRF?

I ended up just making a routing rule that drops between both networks.

Seems to me the cleanest way to do this.
or just firewall drop rule(s)

but in general, I agree.
by Anumrak
Thu Jul 11, 2019 4:09 pm
Forum: Announcements
Topic: v6.44.5 [long-term] is released!
Replies: 97
Views: 33669

Re: v6.44.5 [long-term] is released!

Installed with a first attempt on hAP lite without any problem unlike 6.45.1.
by Anumrak
Wed Jul 03, 2019 8:15 pm
Forum: General
Topic: PPPoE Session packets being broadcast?? [SOLVED]
Replies: 40
Views: 2277

Re: PPPoE Session packets being broadcast?? [SOLVED]

1) It will help alot, especially if both clients in the same broadcast domain. They could interact with one another directly. It's not about direction of traffic. It's about misconfiguration of topic starter and abusing the "network hole" by someone in same vlan. I'm not sure we talk about the same...
by Anumrak
Wed Jul 03, 2019 4:23 pm
Forum: General
Topic: PPPoE Session packets being broadcast?? [SOLVED]
Replies: 40
Views: 2277

Re: PPPoE Session packets being broadcast?? [SOLVED]

My two cents: the target PPPoE client device doesn't send anything in its uplink direction so the ISP gear starts to broadcast frames for it after the record for that MAC in its forwarding table expires (this normally takes minutes after it has seen the last frame with client's MAC as source), wher...
by Anumrak
Wed Jul 03, 2019 3:43 pm
Forum: General
Topic: Hairpin NAT not working as expected
Replies: 5
Views: 750

Re: Hairpin NAT not working as expected

For hairpin NAT you need 3 rules, not just one. Common rule for Internet interface with destiantion nat from public to private for inbound interface Destination nat from public to private with your source for inbound local interface Masquerade nat from your source to private destination for outbound...
by Anumrak
Wed Jul 03, 2019 11:39 am
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 69896

Re: v6.45.1 [stable] is released!

spacex - We will look into this problem; Anumrak - Yes, hAP lite and similar routers are designed to run RouterOS bundle package and can be upgraded without any problems, as long as you do not store anything else on your router that might fill up the storage. If there is not enough space on the dis...
by Anumrak
Tue Jul 02, 2019 5:19 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 69896

Re: v6.45.1 [stable] is released!

Hey. What about low capacity of space in hAP lite? Watever I did, it says not enough space. Every time.
Try uninstall additional packages, then update. After update install packages.
This is abnormal behavior. I'll wait for a fix for this.
by Anumrak
Tue Jul 02, 2019 2:34 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 69896

Re: v6.45.1 [stable] is released!

Everyone who is experiencing problems with Winbox authorization - we will release a new Winbox loader with a fix for this problem as soon as possible. We are very sorry for any inconvenience caused. Hey. What about low capacity of space in hAP lite? Watever I did, it says not enough space. Every ti...
by Anumrak
Tue Jul 02, 2019 9:46 am
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 69896

Re: v6.45.1 [stable] is released!

Impossile to upgrade hAP lite. Please fix this. All unnecessary features were disabled. It's not working.
by Anumrak
Thu Jun 27, 2019 3:34 pm
Forum: Forwarding Protocols
Topic: OSPF Interface all passive
Replies: 9
Views: 1258

Re: OSPF Interface all passive

When setting ospf interface "all" as passive is it normal that state is "Down" 1 P interface=all cost=10 priority=1 authentication=none authentication-key="" authentication-key-id=1 network-type=broadcast instance-id=0 retransmit-interval=5s transmit-delay=1s hello-interval=10s dead-interval=40s us...
by Anumrak
Thu Jun 27, 2019 9:49 am
Forum: General
Topic: Mikrotik DHCP with redundant links.
Replies: 4
Views: 532

Re: Mikrotik DHCP with redundant links.

Hey. You can practice with HSRP in Cisco Packet Tracer. And with VRRP in MikroTik world. There is nothing to practice both vrrp and hasrp brings in to the same problem thats why i dont want to put dhcp on L3 switches on cisco both vrrp and hsrp is supported. What problem do you have with it?
by Anumrak
Thu Jun 27, 2019 9:41 am
Forum: General
Topic: IPv6 DHCP Server Not Leasing IP
Replies: 11
Views: 4985

Re: IPv6 DHCP Server Not Leasing IP

Should this work now in RouterOS v6.44.3? It's not working for me. I get an /48 range from Hurrican Electric ipv6 Tunnel. Everything works, but not the DHCP Server. I have set the address advertise=yes. But the firewall shows in the logs that there is no other traffic than ICMP. No DHCP traffic or ...
by Anumrak
Thu Jun 27, 2019 9:31 am
Forum: Forwarding Protocols
Topic: OSPF Loopback + MPLS Loopback
Replies: 7
Views: 1221

Re: OSPF Loopback + MPLS Loopback

To have two loopback addresses on a router (ospf + mpls) or will the ospf loopback do for mpls?
You need only one loopback address. You might need second one for second ospf process, but in correct network design you don't need second one.
by Anumrak
Wed Jun 26, 2019 5:06 pm
Forum: Forwarding Protocols
Topic: Combination of Static Routing and Dynamic!
Replies: 3
Views: 431

Re: Combination of Static Routing and Dynamic!

@Anumrak Thanks for your reply! On re-reading my question I will have to rephrase, Static routing for L2 bridged and Dynamic for OSPF, I want the options that if static routing is unreachable that OSPF dynamic routing will take over until static is reachable? Of course! =) Just manage administrativ...
by Anumrak
Wed Jun 26, 2019 3:03 pm
Forum: General
Topic: PPPoE Session packets being broadcast?? [SOLVED]
Replies: 40
Views: 2277

Re: PPPoE Session packets being broadcast?? [SOLVED]

Now I think I get it. I think the only way it's possible in ISP network is mac address learning of legit client on your ether1 port. Somehow. or it's a bug in ROS that allows you to see PADI frames with 8863 ethernet protocol numbers like 8864. Few months ago I saw a bug that prevent to watch data w...
by Anumrak
Wed Jun 26, 2019 2:02 pm
Forum: Forwarding Protocols
Topic: Combination of Static Routing and Dynamic!
Replies: 3
Views: 431

Re: Combination of Static Routing and Dynamic!

Of ourse it can. it's all about administrative distance of a static route over ad dynamic one. For example, AD of OSPF is 110 and exernal EIGRP has 170. You can "win" both with only 1 to increment. For example you can manage reserve static route for ospf with 111 and 171 with eigrp.
by Anumrak
Wed Jun 26, 2019 1:24 pm
Forum: General
Topic: PPPoE Session packets being broadcast?? [SOLVED]
Replies: 40
Views: 2277

Re: PPPoE Session packets being broadcast?? [SOLVED]

PPP frames inside ethernet providing unique layer 2 tunnel based on unicast frames on session level. Why torch should show you destination IP, when PPP tunnel operates only with mac address? Not sure I understand your post, is your question directed at me? Well yeah. I thought you didn't get why ds...
by Anumrak
Tue Jun 25, 2019 7:20 pm
Forum: General
Topic: PPPoE Session packets being broadcast?? [SOLVED]
Replies: 40
Views: 2277

Re: PPPoE Session packets being broadcast?? [SOLVED]

PPP frames inside ethernet providing unique layer 2 tunnel based on unicast frames on session level. Why torch should show you destination IP, when PPP tunnel operates only with mac address?
by Anumrak
Tue Jun 25, 2019 5:14 pm
Forum: General
Topic: Mikrotik DHCP with redundant links.
Replies: 4
Views: 532

Re: Mikrotik DHCP with redundant links.

Hey. You can practice with HSRP in Cisco Packet Tracer. And with VRRP in MikroTik world.
by Anumrak
Thu May 30, 2019 5:39 pm
Forum: General
Topic: Zen Internet IPv6 example?
Replies: 1
Views: 198

Re: Zen Internet IPv6 example?

Hey. Have you seen info on Mikrotik wiki?
by Anumrak
Wed May 29, 2019 5:36 pm
Forum: Beginner Basics
Topic: Blocking a mac address from getting internet [SOLVED]
Replies: 4
Views: 437

Re: Blocking a mac address from getting internet [SOLVED]

IP > Firewall uses IP addresses, not MAC addresses. If you want to block a MAC address the interface will have to be in a bridge, then use Bridge > Filter The ! means NOT - for example !192.168.1.42 means 'any address except 192.168.1.42' Actually, IP - Firewall - Filter can block mac addresses, al...
by Anumrak
Wed May 15, 2019 2:01 pm
Forum: Beginner Basics
Topic: Direct specific content through VPN
Replies: 4
Views: 329

Re: Direct specific content through VPN

Hey. It is better by IP addresses, because you deal with a router, not specific hardware. Content is a layer 7, so it can be done, but it's very hard to do on a CPU. You should google for topics "layer 7 filtering/marking on mikrotik".
by Anumrak
Wed May 15, 2019 1:58 pm
Forum: Beginner Basics
Topic: Bruteforce login prevention doesn't work
Replies: 1
Views: 220

Re: Bruteforce login prevention doesn't work

Hey. Are you sure that all 5 rules added to your firewall section in right order? Like drop, blcklst, s3,2,1. Drop on the top and the stage 1 on the bottom.
by Anumrak
Wed May 15, 2019 11:38 am
Forum: Beginner Basics
Topic: A little help to configure a NAT
Replies: 3
Views: 332

Re: A little help to configure a NAT

Why just don't use VRRP or VRRP+OSPF?
by Anumrak
Wed May 15, 2019 11:29 am
Forum: Beginner Basics
Topic: VPN PPTP Passthrough Problem
Replies: 4
Views: 532

Re: VPN PPTP Passthrough Problem

Hello, i have a rather simple setup here with a Mikrotik router, and a SBS 2008 with a PPTP vpn server. I'm trying to get pptp vpn passthrough to work, but it doesn't seem to work. Port 1723 forwarding seems to work, but data doesn't seem to pass through. I've seen many references to a PPTP helper,...
by Anumrak
Wed May 15, 2019 11:26 am
Forum: General
Topic: facebook and instagram problem..
Replies: 1
Views: 169

Re: facebook and instagram problem..

Aaaand...a tech diag?
by Anumrak
Wed May 15, 2019 11:18 am
Forum: General
Topic: dst-nat with changing port
Replies: 20
Views: 1108

Re: dst-nat with changing port

We're all here to help ;)
by Anumrak
Wed May 15, 2019 11:12 am
Forum: Beginner Basics
Topic: Open all ports on all devises [SOLVED]
Replies: 6
Views: 562

Re: Open all ports on all devises [SOLVED]

It does not work that way. A NAT forwards to a target IP. However in most situations, if the game is talking to a server somewhere else, the client initiates the connection and the router will forward responses to the IP that originated the request. No special setup is normally required. If you are...
by Anumrak
Wed May 15, 2019 10:48 am
Forum: General
Topic: dst-nat with changing port
Replies: 20
Views: 1108

Re: dst-nat with changing port

You should check availability of your changed port from outside, for example, on some web site that can check it. If it closed then your ISP just filtering unknown ports. Also you have to have a global unique IP address, not from private range.
by Anumrak
Wed May 15, 2019 10:08 am
Forum: Beginner Basics
Topic: [solved] VLAN-subnet over 3 devices / routing? switching?
Replies: 3
Views: 314

Re: VLAN-subnet over 3 devices / routing? switching?

Hey. If your routers are far from each other, then maybe you will need EoIP + OSPF. You can use iBGP too, but you really need to think first, why do you need that. In order to reach other host on layer 2, all you need is create vlan interface and tag it with appropriate vlan, also choose correct eth...
by Anumrak
Wed May 15, 2019 10:00 am
Forum: General
Topic: RB750GR3 for a 30 PCs Gaming event?
Replies: 10
Views: 625

Re: RB750GR3 for a 30 PCs Gaming event?

Nope, Gr3 won't do. Since you want ot balance, you'll need to skip FastTrack. Without it gr3 won't be able to cope with bandwidth.

You need more power. 4011 will do for example
I don't get why you think hEX won't handle it.
by Anumrak
Tue Apr 30, 2019 2:00 pm
Forum: Beginner Basics
Topic: Gateway Issue
Replies: 1
Views: 176

Re: Gateway Issue

by Anumrak
Fri Apr 26, 2019 5:02 pm
Forum: Forwarding Protocols
Topic: MPLS does not mark anything in the table
Replies: 3
Views: 472

Re: MPLS does not mark anything in the table

Did you enable mpls on interfaces?
by Anumrak
Fri Apr 26, 2019 4:27 pm
Forum: Beginner Basics
Topic: Forward traffic to another router
Replies: 4
Views: 340

Re: Forward traffic to another router

I don't understand how you directly connect 1.10 and 1."something" on server second interface. Because your router doesn't have any 1.0 ip address on ether4 interface. And second note - server from 2.0 network can not interact with 1.0 without a route(specific or default one). You need fix this thing.
by Anumrak
Fri Apr 26, 2019 3:53 pm
Forum: Beginner Basics
Topic: Forward traffic to another router
Replies: 4
Views: 340

Re: Forward traffic to another router

Hey. Paste your ipv4 route list here pls :)

Does your pfSense server have a default route?
by Anumrak
Fri Apr 26, 2019 3:49 pm
Forum: General
Topic: WinBox memory consumption
Replies: 1
Views: 213

Re: WinBox memory consumption

:O have to check out my consumption :)
by Anumrak
Tue Apr 23, 2019 3:46 pm
Forum: General
Topic: Ping IPSEC host from router
Replies: 20
Views: 1050

Re: Ping IPSEC host from router

What about accept nat rule for your host in the tunnel before main src-nat rule? That would be one way to solve it; the other one, consistent with the approach already used, is to add an action=notrack dst-address-list=corp_nets rule also to chain=output of /ip firewall raw . The explanation is tha...
by Anumrak
Tue Apr 23, 2019 1:59 pm
Forum: General
Topic: Ping IPSEC host from router
Replies: 20
Views: 1050

Re: Ping IPSEC host from router

Hey. What about accept nat rule for your host in the tunnel before main src-nat rule? You are nating your requests into global IP address.
by Anumrak
Tue Apr 23, 2019 1:29 pm
Forum: General
Topic: Ping Loss at line 9
Replies: 6
Views: 590

Re: Ping Loss at line 9

Thank you for your reply. However you say that data flows much faster through them than in them, does this include pings that are passed through the routers to later routers but with higher latencies that persist to the end of the traceroute. Are real packets suffering the same latency? Gamers are ...
by Anumrak
Tue Apr 23, 2019 9:40 am
Forum: Beginner Basics
Topic: IPSec tunnel failing
Replies: 7
Views: 489

Re: IPSec tunnel failing

What IP address do you get from your ISP? Is it from private range or global? Or from 100.64.0.0/12? And yeah can you simply ping another router? Or can you ping yourself from other side?
by Anumrak
Fri Apr 19, 2019 11:33 am
Forum: Beginner Basics
Topic: IPSec tunnel failing
Replies: 7
Views: 489

Re: IPSec tunnel failing

Hello group! I am a new RouterOS user, and I’ve inherented a mess that I am unable to resolve. I have two routers that are unable to establish a connection: 6.44(Mauá) and 6.43(ceclim). I’ve successfully created vpn tunnels between Maua and Draytek routers at three other sites. Can someone help me ...
by Anumrak
Fri Apr 19, 2019 11:31 am
Forum: General
Topic: RB750gr3 rebooting
Replies: 1
Views: 239

Re: RB750gr3 rebooting

This is not normal behavior. Change it back for a new one.
by Anumrak
Fri Apr 12, 2019 2:00 pm
Forum: Beginner Basics
Topic: Share interent connection
Replies: 6
Views: 429

Re: Share interent connection

Thank you, yes my ISP is ok with that, I need to know how to set up the RB750, in order to achieve this.
Google for "mikrotik bridge configuration with vlans".
by Anumrak
Thu Apr 11, 2019 5:14 pm
Forum: General
Topic: How to manual set IPv6 link-local address on interface?
Replies: 4
Views: 437

Re: How to manual set IPv6 link-local address on interface?

Hello, my ISP assigned me an IPv6 /48 prefix. For routing the ISP instructed me to assign the link-local address "fe80::<prefix>" to my wan interface and to setup default route to "fe80::1" through wan interface. My problem: I cannot set the link-local address on my wan interface, i always get the ...
by Anumrak
Thu Apr 11, 2019 5:02 pm
Forum: General
Topic: Why can my /30 subnet can talk to other subnets?
Replies: 5
Views: 501

Re: /30 subnet can talk to other subnets

You have to set up /ip firewall filter rules which will block unwanted connections. By default your router is happily routing packets according to it's configuration. Other than that, your setup is flawed on L2 (ethernet) level. Right now your subnets are not physically separated. If you really wan...
by Anumrak
Thu Apr 11, 2019 3:25 pm
Forum: Beginner Basics
Topic: Share interent connection
Replies: 6
Views: 429

Re: Share interent connection

Thank you for the reply. I am however a newby, and do not follow. Please help in easy terms to accomplish. Thank you. Hennie If your goal is to provide 2 different accounts from your internet provider, then you can use bridge function to make traffic flow to your tenant. You will have first account...
by Anumrak
Thu Apr 11, 2019 3:23 pm
Forum: Beginner Basics
Topic: Router for my new home!
Replies: 14
Views: 1170

Re: Router for my new home!

by Anumrak
Thu Apr 11, 2019 3:14 pm
Forum: Beginner Basics
Topic: Share interent connection
Replies: 6
Views: 429

Re: Share interent connection

Hey. You can't share one PPPoE session between people inside LAN. Way you can do is to bridge PPPoE traffic of second account with different VLANs from your ISP switch through your first router to another one and terminate VLAN tag on it and then, terminate PPPoE traffic. Or you can terminate only V...
by Anumrak
Fri Apr 05, 2019 9:59 am
Forum: Beginner Basics
Topic: Can't access Internet from LAN devices
Replies: 4
Views: 433

Re: Can't access Internet from LAN devices

I'm working of our first all MikroTik network deployment and went with a CCR1016-12S-1S+ software v6.44.2 for the router I'm having trouble with gaining access to the internet from the LAN connected devices The Router is connected to the ISP and can ping 8.8.8.8 LAN devices are receiving IP from th...
by Anumrak
Wed Feb 27, 2019 10:32 am
Forum: General
Topic: pppoe falls constantly
Replies: 2
Views: 513

Re: pppoe falls constantly

Make sure that compression is off in your ppp profile you using for your customers.
by Anumrak
Thu Jan 17, 2019 9:09 am
Forum: General
Topic: RB951G-2HnD MTU problem [SOLVED]
Replies: 14
Views: 883

Re: RB951G-2HnD MTU problem [SOLVED]

There is also L2 MTU on interfaces. You should try to change this one.
by Anumrak
Mon Jan 14, 2019 3:23 pm
Forum: General
Topic: Change C
Replies: 1
Views: 206

Re: Change C

Of course. Just read more about filtering

https://wiki.mikrotik.com/wiki/Manual:S ... ng_Filters
by Anumrak
Mon Jan 14, 2019 3:13 pm
Forum: General
Topic: Cisco + Mikrotik + QinQ
Replies: 2
Views: 314

Re: Cisco + Mikrotik + QinQ

just google it.
by Anumrak
Mon Jan 14, 2019 12:13 pm
Forum: Forwarding Protocols
Topic: pppoe with ospf [SOLVED]
Replies: 4
Views: 693

Re: pppoe with ospf [SOLVED]

You shouldn't route your customers services via ospf. Use iBGP.
by Anumrak
Mon Jan 14, 2019 12:12 pm
Forum: Forwarding Protocols
Topic: Change default OSPF area
Replies: 5
Views: 603

Re: Change default OSPF area

You wanted to have 2 instances running in the same area? Or you wanted the same area id used for different instances? Basically, the named area "backbone" is more like an alias, the cli does not check to ensure that there is instance separation for the alias. You can use area 0 (0.0.0.0) and call i...
by Anumrak
Thu Jan 10, 2019 12:10 pm
Forum: Forwarding Protocols
Topic: Change default OSPF area
Replies: 5
Views: 603

Re: Change default OSPF area

You can edit instance with decimal values. And you can set area name with letters and area-id with decimal values in IP address form Example: routing ospf instance set 0 router-id=3.3.3.3 routing ospf network add network=10.0.0.4/30 area=backbone routing ospf network add network=10.0.0.8/30 area=bac...
by Anumrak
Thu Jan 10, 2019 11:59 am
Forum: Forwarding Protocols
Topic: OSPF load balancing
Replies: 8
Views: 1133

Re: OSPF load balancing

Hi Ape, I also have pppoe server running on each routers interfaces except the ether 1 is it gonna effect that pppoe and do i have to add those pppoe(public ips) to the networks for ospf too? thanks It depends entirely on your architectural solution. I would not drive client services through ospf. ...
by Anumrak
Thu Jan 10, 2019 11:38 am
Forum: General
Topic: IPV6 to remote site over IPV4 VPN
Replies: 4
Views: 682

Re: IPV6 to remote site over IPV4 VPN

Just wanted to bump this. I have been playing around on and off as I have time but still have not figured out how to get this configured. Cheers! It's all about simple routing. Set /126 or /64 net between offices through the tunnel from /48 prefix for example. Then, through that small ptp prefix yo...
by Anumrak
Thu Jan 10, 2019 11:34 am
Forum: General
Topic: Hairpin NAT not working on RouterOS 6 line WAN load balancing
Replies: 8
Views: 652

Re: Hairpin NAT not working on RouterOS 6 line WAN load balancing

Can anyone support me this problem. Thank you! For me doesnt work without this rule also add action=masquerade chain=srcnat comment=HAIRPIN dst-address=192.168.1.0/24 out-interface=LAN src-address=192.168.1.0/24 Change ips and out interface to match your network. He have this rule already add actio...
by Anumrak
Thu Jan 10, 2019 11:07 am
Forum: General
Topic: Hairpin NAT not working on RouterOS 6 line WAN load balancing
Replies: 8
Views: 652

Re: Hairpin NAT not working on RouterOS 6 line WAN load balancing

Can anyone support me this problem. Thank you! For me doesnt work without this rule also add action=masquerade chain=srcnat comment=HAIRPIN dst-address=192.168.1.0/24 out-interface=LAN src-address=192.168.1.0/24 Change ips and out interface to match your network. He have this rule already add actio...
by Anumrak
Thu Jan 10, 2019 11:05 am
Forum: General
Topic: Hairpin NAT not working on RouterOS 6 line WAN load balancing
Replies: 8
Views: 652

Re: Hairpin NAT not working on RouterOS 6 line WAN load balancing

Hey. If all your rules are identical, maybe your PCs has some firewall rules that blocking your traffic? Like CHAM CONG T2 and CHAM CONG T3.
by Anumrak
Wed Dec 26, 2018 8:34 am
Forum: General
Topic: Two Networks, one gateway
Replies: 7
Views: 504

Re: Two Networks, one gateway

Do you realize that default route should be found at the host in broadcast domain?
by Anumrak
Fri Dec 07, 2018 12:09 pm
Forum: General
Topic: how ros work with multi cores
Replies: 1
Views: 240

Re: how ros work with multi cores

1 task per core. That's how.
by Anumrak
Tue Dec 04, 2018 1:17 pm
Forum: General
Topic: IPV6 IP Dinamic Link Deleted
Replies: 1
Views: 247

Re: IPV6 IP Dinamic Link Deleted

Try to disable and enable that interface.
by Anumrak
Mon Dec 03, 2018 4:05 pm
Forum: Forwarding Protocols
Topic: MPLS-TE traffic don't flow over TE
Replies: 2
Views: 521

Re: MPLS-TE traffic don't flow over TE

Hey. Try to check your timeout of switching between primary and secondary. And second one: do you have full LDP connectivity via both paths?
by Anumrak
Mon Dec 03, 2018 3:57 pm
Forum: General
Topic: Static route not working
Replies: 8
Views: 596

Re: Static route not working

Hi,

Can you please specify how. It will be really helpful.
via your script. Netwatch can't select an interface.
by Anumrak
Mon Dec 03, 2018 3:05 pm
Forum: General
Topic: Static route not working
Replies: 8
Views: 596

Re: Static route not working

That happens because of default route of gateway2ip I suppose. In order to force ping your host through gateway1ip, assign an interface option from which you ping.

For example, ping 8.8.8.8 interface=gateway1ip
by Anumrak
Fri Nov 30, 2018 3:02 pm
Forum: Wireless Networking
Topic: WAP with IPv6
Replies: 8
Views: 784

Re: WAP with IPv6

Try to ping closest host from server with ICMPv6.
by Anumrak
Thu Nov 29, 2018 4:42 pm
Forum: Wireless Networking
Topic: WAP with IPv6
Replies: 8
Views: 784

Re: WAP with IPv6

I have already tried this example but I don't have LLA on the required interface wlan1 as described in the example: "We also have link local address on the interface which is created automatically for every IPv6 capable interface." Does it mean that my wlan1 interface as well as both ether1 and eth...
by Anumrak
Thu Nov 29, 2018 12:14 pm
Forum: Wireless Networking
Topic: WAP with IPv6
Replies: 8
Views: 784

Re: WAP with IPv6

I have already tried this example but I don't have LLA on the required interface wlan1 as described in the example: "We also have link local address on the interface which is created automatically for every IPv6 capable interface." Does it mean that my wlan1 interface as well as both ether1 and eth...
by Anumrak
Thu Nov 29, 2018 12:05 pm
Forum: Forwarding Protocols
Topic: Which area for PPPoE Server ? [SOLVED]
Replies: 28
Views: 3112

Re: Which area for PPPoE Server ? [SOLVED]

Happy to help :)
by Anumrak
Wed Nov 28, 2018 3:34 pm
Forum: Forwarding Protocols
Topic: help me with BGP
Replies: 8
Views: 888

Re: help me with BGP

/routing bgp peer
add name=AS41601 remote-address=10.100.100.2 remote-as=41601 ttl=default
Why peer IP is 10.100.100.2? Why not 89.255.65.67?

Do you have direct peering between your iBGP routers?
by Anumrak
Wed Nov 28, 2018 1:46 pm
Forum: General
Topic: Need Help PPP
Replies: 1
Views: 180

Re: Need Help PPP

Hey. As I can see, you using NAT and also you have global IP address on your WAN interface. If so, then you just need to create one destination nat rule to this single host with /32 mask. But don't forget to configure your VM from inside in order to deny any conenctions from VM source IP to your LAN...
by Anumrak
Wed Nov 28, 2018 12:21 pm
Forum: Forwarding Protocols
Topic: Which area for PPPoE Server ? [SOLVED]
Replies: 28
Views: 3112

Re: Which area for PPPoE Server ? [SOLVED]

I divided area1 which is had 170 device and more than 70 router ospf installed. to 4 different area but now I faced with new problem :=) I used area ranges for summarize network.. and now I couldn't find how I will summarize them again, because I use 3 diffident /24 ip range and all of them at diff...
by Anumrak
Wed Nov 28, 2018 10:32 am
Forum: Forwarding Protocols
Topic: MPLS MTU Calculations
Replies: 19
Views: 3268

Re: MPLS MTU Calculations

What is the correct MTU for this setup pleace?
How do I check in Wireshark that the packages are not fragmented ?
Thank you very much for this explanation
I think that mpls packet will be dropped simple because there is no fragmentation offset in it's header. Just same as ppp.
by Anumrak
Tue Nov 27, 2018 4:20 pm
Forum: Beginner Basics
Topic: Firewall rule effectiveness
Replies: 4
Views: 488

Re: Firewall rule effectiveness

Everything that is not allowed from above is forbidden by drop rule - that's where you can see the operation of the counter.
by Anumrak
Tue Nov 27, 2018 4:16 pm
Forum: Forwarding Protocols
Topic: help me with BGP
Replies: 8
Views: 888

Re: help me with BGP

In order to forward updates between iBGP peers, they have to be fully meshed by TCP sessions. Are they fully meshed? In order to prevent full routing list from .68, create routing filter with the first rule accept 0.0.0.0/0 and second rule to discard anything. I don't quit clear that you written "t...
by Anumrak
Tue Nov 27, 2018 4:13 pm
Forum: Forwarding Protocols
Topic: Which area for PPPoE Server ? [SOLVED]
Replies: 28
Views: 3112

Re: Which area for PPPoE Server ? [SOLVED]

It depends how often your network changing thier routes and links. If pretty often - 70 routers is bad idea. If not often at all - let it be. routes not changing on this routers to much but I will divide them to multi area at backbone router as your suggest, if you look the diagram that I shared on...
by Anumrak
Tue Nov 27, 2018 4:07 pm
Forum: Beginner Basics
Topic: NAT internal address to external
Replies: 8
Views: 608

Re: NAT internal address to external

I have already this rule in NAT: chain=srcnat action=masquerade src-address=10.240.xx.0/26 I need this: If someone hits this address (external) : 10.xx.xx.242:8080, the router leads the request to the internal (LAN) address: 10.240.xx.21:8080, through WAN1 interface. Should I use src-nat or dst-nat...
by Anumrak
Tue Nov 27, 2018 12:36 pm
Forum: Beginner Basics
Topic: NAT internal address to external
Replies: 8
Views: 608

Re: NAT internal address to external

I have already this rule in NAT:
chain=srcnat action=masquerade src-address=10.240.xx.0/26
Yeah, but this is not enough as you can see.
by Anumrak
Tue Nov 27, 2018 12:21 pm
Forum: Forwarding Protocols
Topic: MPLS MTU Calculations
Replies: 19
Views: 3268

Re: MPLS MTU Calculations

Control word is additional 4 bytes
https://wiki.mikrotik.com/wiki/Manual:V ... _CW_Format
Oh, I see. I didn't use it, that's why I didn't see it in dump. Thanks.
by Anumrak
Tue Nov 27, 2018 12:16 pm
Forum: Beginner Basics
Topic: NAT internal address to external
Replies: 8
Views: 608

Re: NAT internal address to external

Hey. Maybe like this: /ip firewall address-list add list=LAN1 address=10.240.xx.0-10.240.xx.63 ip firewall nat add action=src-nat chain=srcnat src-address-list=LAN1 dst-address=specific or 0.0.0.0/0 to-addresses=10.xx.xx.251 out-interface=WAN1 add action=src-nat chain=srcnat src-address=10.240.xx.21...
by Anumrak
Tue Nov 27, 2018 11:59 am
Forum: Forwarding Protocols
Topic: MPLS MTU Calculations
Replies: 19
Views: 3268

Re: MPLS MTU Calculations

+ control word (if it is enabled)
It's a part of mpls header, isn't it?
by Anumrak
Tue Nov 27, 2018 11:57 am
Forum: Forwarding Protocols
Topic: Which area for PPPoE Server ? [SOLVED]
Replies: 28
Views: 3112

Re: Which area for PPPoE Server ? [SOLVED]

It depends how often your network changing thier routes and links. If pretty often - 70 routers is bad idea. If not often at all - let it be. routes not changing on this routers to much but I will divide them to multi area at backbone router as your suggest, if you look the diagram that I shared on...
by Anumrak
Tue Nov 27, 2018 10:28 am
Forum: Forwarding Protocols
Topic: MPLS MTU Calculations
Replies: 19
Views: 3268

Re: MPLS MTU Calculations

1472 is IP interface MTU. Question about a picture of topic starter: why there is two mpls header + vpls header(???) In wireshark first mpls header is label of LDP protocol and second of pseudowire of vpls interface, why third label called vpls? vpls traffic contains only two mpls header 4 bytes eac...
by Anumrak
Tue Nov 27, 2018 8:56 am
Forum: Forwarding Protocols
Topic: Which area for PPPoE Server ? [SOLVED]
Replies: 28
Views: 3112

Re: Which area for PPPoE Server ? [SOLVED]

It depends how often your network changing thier routes and links. If pretty often - 70 routers is bad idea. If not often at all - let it be. Also you have to assign DR and BDR in your area manually as most "strongest" routers.
by Anumrak
Mon Nov 26, 2018 4:29 pm
Forum: Forwarding Protocols
Topic: help me with BGP
Replies: 8
Views: 888

Re: help me with BGP

In order to forward updates between iBGP peers, they have to be fully meshed by TCP sessions. Are they fully meshed?

In order to prevent full routing list from .68, create routing filter with the first rule accept 0.0.0.0/0 and second rule to discard anything.
by Anumrak
Mon Nov 26, 2018 4:25 pm
Forum: Forwarding Protocols
Topic: Manual Multiple_TE_VPLS on the wiki
Replies: 3
Views: 535

Re: Manual Multiple_TE_VPLS on the wiki

Thanks for your reply but it don't work.
BGP is also not established.
First of all you should fully connected ospf domain(in single area), then establish bgp. Start with that.
by Anumrak
Mon Nov 26, 2018 4:18 pm
Forum: Forwarding Protocols
Topic: Which area for PPPoE Server ? [SOLVED]
Replies: 28
Views: 3112

Re: Which area for PPPoE Server ? [SOLVED]

Of course you can if it's stub. If it's has no exit to any other places except backbone. Also if area1 has only one uplink, you can use totally stub area, to loose all specific routes. thanks Anumrak, how many router can be one area in ospf, is there any limitation ? cause I changed this area1 to s...
by Anumrak
Mon Nov 26, 2018 1:57 pm
Forum: Forwarding Protocols
Topic: VPLS and Customer VLANS
Replies: 2
Views: 712

Re: VPLS and Customer VLANS

Well, you can encapsulate customers vlans into yours one and strip the header off of yours vlan at other end of vpls tunnel. Then all traffic inside will flow into interface, which belongs to the corresponding vlan interface with vpls interface inside your bridge. Try this one.
by Anumrak
Mon Nov 26, 2018 12:46 pm
Forum: Forwarding Protocols
Topic: Which area for PPPoE Server ? [SOLVED]
Replies: 28
Views: 3112

Re: Which area for PPPoE Server ? [SOLVED]

Of course you can if it's stub. If it's has no exit to any other places except backbone. Also if area1 has only one uplink, you can use totally stub area, to loose all specific routes.
by Anumrak
Fri Nov 23, 2018 2:43 pm
Forum: Beginner Basics
Topic: Triggering DNS updates when WAN link fails or recovers
Replies: 2
Views: 289

Re: Triggering DNS updates when WAN link fails or recovers

Write a script which will compare your IP of dns record (dynamic address in address list) with address of your interface. If they're differs, run a ddns script. This advanced routing with routing marks too crowded.
by Anumrak
Fri Nov 23, 2018 11:55 am
Forum: General
Topic: IP Routes with "DS" Flags?
Replies: 5
Views: 1417

Re: IP Routes with "DS" Flags?

I believe it means that route was received not by user(dynamic) and it has some static routes(static). Sort of a pun :)
by Anumrak
Wed Nov 21, 2018 10:28 am
Forum: General
Topic: 1500 L3 MTU on a Mikrotik PPPoE Server
Replies: 4
Views: 620

Re: 1500 L3 MTU on a Mikrotik PPPoE Server

Hello everyone, I've done a fair bit of reading on the forum but I'm struggling to get a concrete answer I'm trying to get 1500 L3 MTU on a PPPoE session. The service supports 1508 baby jumbo frames, I only ever get as high as 1492. [admin@pppoe] /interface pppoe-server> print detail Flags: X - dis...
by Anumrak
Wed Nov 14, 2018 3:28 pm
Forum: Forwarding Protocols
Topic: rp-filter=loose, including default-route or no?
Replies: 3
Views: 1434

Re: rp-filter=loose, including default-route or no?

RP-filter is security feature AFAIK. And it's looking at source address and best specific route for it in order to process this packet. strict - Strict mode as defined in RFC3704 Strict Reverse Path. Each incoming packet is tested against the FIB and if the interface is not the best reverse path the...
by Anumrak
Wed Nov 14, 2018 3:24 pm
Forum: General
Topic: Additional WAN IP's for PPPoE clients
Replies: 3
Views: 360

Re: Additional WAN IP's for PPPoE clients

Why can't you using static routing to /32 host in routing table when pppoe-client connects to your server?
by Anumrak
Wed Nov 14, 2018 3:19 pm
Forum: General
Topic: DHCP disappears
Replies: 7
Views: 711

Re: DHCP disappears

DHCP server works on interface(virtual or hardware). If that link is down - dhcp server will go down too. Search for logs with interface down.
by Anumrak
Wed Nov 14, 2018 3:11 pm
Forum: Forwarding Protocols
Topic: BGP Aggregates
Replies: 2
Views: 559

Re: BGP Aggregates

Don't forget to add output filter to your peer. Actualy it's pretty simple to aggregate routes from igp.
by Anumrak
Tue Nov 13, 2018 2:05 pm
Forum: Beginner Basics
Topic: Network Isolation (again)
Replies: 6
Views: 786

Re: Network Isolation (again)

If your network is routable - yes. If its flows on layer 2 - then no.
by Anumrak
Fri Nov 09, 2018 3:00 pm
Forum: Forwarding Protocols
Topic: OSPF cost problem
Replies: 4
Views: 688

Re: OSPF cost problem

Can you see the route from 252 to 86 in routing table with cost of 40? 10 + 30.
by Anumrak
Wed Nov 07, 2018 11:58 am
Forum: Forwarding Protocols
Topic: OSPF cost problem
Replies: 4
Views: 688

Re: OSPF cost problem

How is look like your routing table and LSDB of 254 and 252 routers?
by Anumrak
Thu Nov 01, 2018 11:04 am
Forum: Beginner Basics
Topic: NAT in PPPoe
Replies: 3
Views: 582

Re: NAT in PPPoe

If you used NAT for acceess to AP, you need create a specific NAT rule before masq rule.
by Anumrak
Wed Oct 31, 2018 4:12 pm
Forum: Beginner Basics
Topic: NAT in PPPoe
Replies: 3
Views: 582

Re: NAT in PPPoe

Just use PPPoE interface for masquerading like out-interface, that's it. It must be done on the edge router to your ISP.
by Anumrak
Wed Oct 31, 2018 8:52 am
Forum: Beginner Basics
Topic: Hairpin NAT
Replies: 3
Views: 682

Re: Hairpin NAT

You don't need a firewall rules to control NAT. Just use correct NAT rules, that's it.
by Anumrak
Tue Oct 30, 2018 4:26 pm
Forum: General
Topic: admin user accidentaly deleted
Replies: 4
Views: 556

Re: admin user accidentaly deleted

Hello

Thing is, you can't delete admin unless you already have an account with full rights. Just recreate admin, give it a password and it's over :)

Regards,

Sent from my tablet with Tapatalk. Sorry for my typos.
I believe he is admin user and he just deleted himself.
by Anumrak
Tue Oct 30, 2018 1:23 pm
Forum: General
Topic: EoIP MTU for pppoe server tunnel
Replies: 15
Views: 2295

Re: EoIP MTU for pppoe server tunnel

On every lower OSI layer MTU have to have higher value than layer before for a size that depends of carrier's protocol. For ex: On layer 4 we have 1452 bytes of data max(for TCP) On layer 3 - 1472 bytes(1452+TCP(20)) On layer 2 - 1492 bytes(1472+IP(20)) On EoIP layer - 1510 bytes(1492+Ethernet(14)+G...
by Anumrak
Mon Oct 29, 2018 12:20 pm
Forum: General
Topic: LOOP problem
Replies: 7
Views: 1148

Re: LOOP problem

Maybe someone in your lan add a hub to extend ports capacity and plug it in the switch? :)
by Anumrak
Mon Oct 15, 2018 3:18 pm
Forum: Forwarding Protocols
Topic: Which area for PPPoE Server ? [SOLVED]
Replies: 28
Views: 3112

Re: Which area for PPPoE Server ? [SOLVED]

It can be done on ASBR router in order to realease cusomer's ppp tunnels traffic from your AS right to the Internet.
by Anumrak
Fri Oct 12, 2018 1:44 pm
Forum: Beginner Basics
Topic: Move from dhcp to static by client
Replies: 2
Views: 333

Re: Move from dhcp to static by client

You can "cut" his IP address into a subnet 192.168.1.48/28(very generous) for his interface or create a static route into his interface to his /32 address 192.168.1.155 via your gateway IP(like Cisco unnumbered addresses). Or you can recreate dhcp pool without his 155 address.

Otherwise - no.
by Anumrak
Thu Oct 11, 2018 4:59 pm
Forum: Wireless Networking
Topic: Wlan disable/enable [SOLVED]
Replies: 2
Views: 349

Re: Wlan disable/enable [SOLVED]

Of course. With simple script and scheduler.

https://wiki.mikrotik.com/wiki/Manual%3 ... /Scheduler
by Anumrak
Thu Oct 11, 2018 4:55 pm
Forum: General
Topic: rb941 PPPoE Set Up 'waiting for packets'
Replies: 4
Views: 1246

Re: rb941 PPPoE Set Up 'waiting for packets'

Screenshot pls.
by Anumrak
Thu Oct 11, 2018 4:35 pm
Forum: Beginner Basics
Topic: Is my firewall configured safely? (Again..)
Replies: 2
Views: 343

Re: Is my firewall configured safely? (Again..)

You should compare default FW rules with yours. If you have some "security holes" add def rules to yours. If not, you should enable fast track cause of large number of rules( give processor a break).
by Anumrak
Thu Oct 11, 2018 4:25 pm
Forum: General
Topic: IKEv2 VPN and IPv6-tunneled-in-IPv6 - is this supported?
Replies: 2
Views: 334

Re: IKEv2 VPN and IPv6-tunneled-in-IPv6 - is this supported?

Maybe you're looking for Cisco's ipv6 encapsulation with GRE header? You can add ipv6 in ipv6 by this method I think.
by Anumrak
Thu Oct 11, 2018 12:35 pm
Forum: General
Topic: GNS3!! VPLS between CISCO & MIkrotik, VC shows up but cant ping
Replies: 16
Views: 883

Re: GNS3!! VPLS between CISCO & MIkrotik, VC shows up but cant ping

Not sure why Mikrotik Side MAC coming up with Default VLAN 1 where it should come with TAG 100. Please help me solve this issue You should have interface vlan 100 binded to vpls interface. Also you have to create a bridge which has to contain pure ethernet port and vlan interface. With this config ...
by Anumrak
Thu Oct 11, 2018 12:32 pm
Forum: General
Topic: [Feature Request] Winbox username is sent in plain text
Replies: 10
Views: 984

Re: [Feature Request] Winbox username is sent in plain text

Winbox uses a variant of SRP to establish a secure, encrypted communication channel. Username is sent in plain text as part of identity verification process to deny possible MITM attacks. The password is not and never was sent in plain text. https://en.wikipedia.org/wiki/Secure_Remote_Password_prot...
by Anumrak
Thu Oct 11, 2018 11:47 am
Forum: General
Topic: GNS3!! VPLS between CISCO & MIkrotik, VC shows up but cant ping
Replies: 16
Views: 883

Re: GNS3!! VPLS between CISCO & MIkrotik, VC shows up but cant ping

Here is what switch mac table look like at Mikrotik Side: Ethernetswitch-2> mac Port Mac VLAN Ethernet0 00:50:79:66:68:00 100 Ethernet1 00:50:79:66:68:01 100 Ethernet0 00:0c:29:bc:db:73 100 Ethernet0 00:0c:29:bc:db:73 1 Ethernet0 02:81:c5:ac:52:6e 100 At CISCO Side::: Ethernetswitch-1> mac Port Mac...
by Anumrak
Thu Oct 11, 2018 9:11 am
Forum: General
Topic: [Feature Request] Winbox username is sent in plain text
Replies: 10
Views: 984

Re: [Feature Request] Winbox username is sent in plain text

Whaaaaaaa

But what about encrypting mode in winbox?? It's not working now??
by Anumrak
Thu Oct 11, 2018 9:09 am
Forum: Beginner Basics
Topic: PPTP VPN Protection
Replies: 9
Views: 917

Re: PPTP VPN Protection

Or not occasional :D
by Anumrak
Thu Oct 11, 2018 8:59 am
Forum: General
Topic: Problem with 6to4 inside PPPoE [SOLVED]
Replies: 15
Views: 1171

Re: Problem with 6to4 inside PPPoE [SOLVED]

Solved!

I no longer need workarounds, and can confirm that for me HE tunnels work allright:

after a firmware upgrade of my HGU from _n43 to _n53 now myHE tunnel works like a charm!
Hurray! :)
by Anumrak
Wed Oct 10, 2018 4:24 pm
Forum: General
Topic: Problem with 6to4 inside PPPoE [SOLVED]
Replies: 15
Views: 1171

Re: Problem with 6to4 inside PPPoE [SOLVED]

Why you don't want to make HE tunnel mtu lower than pppoe tunnel mtu? Where have you got the idea that I don't want? When PPPoE tunnel MTU is 1492, 6to4 tunnel MTU is 1472, 20 bytes smaller when PPPoE tunnel MTU is 1480 (what MikroTik negotiates), 6to4 tunnel MTU is 1460... 20 bytes smaller again a...
by Anumrak
Wed Oct 10, 2018 4:18 pm
Forum: General
Topic: Mikrotik routing issue with PPPOE
Replies: 13
Views: 1071

Re: Mikrotik routing issue with PPPOE

Your smart tv has to have net driver. It has to assign IP with dhcp client.
by Anumrak
Wed Oct 10, 2018 2:18 pm
Forum: General
Topic: GNS3!! VPLS between CISCO & MIkrotik, VC shows up but cant ping
Replies: 16
Views: 883

Re: GNS3!! VPLS between CISCO & MIkrotik, VC shows up but cant ping

Do you have same mtu on LSR links?
by Anumrak
Wed Oct 10, 2018 1:43 pm
Forum: Beginner Basics
Topic: PPTP VPN Protection
Replies: 9
Views: 917

Re: PPTP VPN Protection

Hey. Just google for networks your ISP'es uses and add them in source address list. With second rule you can drop any input traffic. Should I add provider's networks to the first rule in src adr list? Explain me plz how it would work. How can i block this IP address which i sent in the logs, for ex...
by Anumrak
Wed Oct 10, 2018 1:41 pm
Forum: General
Topic: Problem with 6to4 inside PPPoE [SOLVED]
Replies: 15
Views: 1171

Re: Problem with 6to4 inside PPPoE [SOLVED]

Why you don't want to make HE tunnel mtu lower than pppoe tunnel mtu?
by Anumrak
Wed Oct 10, 2018 10:22 am
Forum: Beginner Basics
Topic: PPTP VPN Protection
Replies: 9
Views: 917

Re: PPTP VPN Protection

Hey. Just google for networks your ISP'es uses and add them in source address list. With second rule you can drop any input traffic.
by Anumrak
Wed Oct 10, 2018 9:17 am
Forum: General
Topic: GNS3!! VPLS between CISCO & MIkrotik, VC shows up but cant ping
Replies: 16
Views: 883

Re: GNS3!! VPLS between CISCO & MIkrotik, VC shows up but cant ping

Yes both side has 100 vlan.
And second answer?
by Anumrak
Wed Oct 10, 2018 8:37 am
Forum: General
Topic: Problem with 6to4 inside PPPoE [SOLVED]
Replies: 15
Views: 1171

Re: Problem with 6to4 inside PPPoE [SOLVED]

But I have tried auto, 1500 (upping my L2 MTU), 1492, 1488, 1480 (which is the one that gets selected when I say "auto"). PPPoE default is 1492, 6to4 substracts 20 (that is why “auto” is 1480=1500-20), so you should at least try 1472. And specify it on both ends - yours and in HE settings as well. ...
by Anumrak
Tue Oct 09, 2018 5:35 pm
Forum: General
Topic: Bridging VPN Protocol with minimal overhead
Replies: 3
Views: 420

Re: Bridging VPN Protocol with minimal overhead

Hi Anumrak, Thanks for the response, ok if we have established that EoIP is the way to go, has anyone had success in increasing the throughput by changing MTUs / L2 MTUs ? I would really like to squeeze the maximum possible out of the link. much like this guy is doing: https://www.youtube.com/watch...
by Anumrak
Tue Oct 09, 2018 5:11 pm
Forum: General
Topic: Problem with 6to4 inside PPPoE [SOLVED]
Replies: 15
Views: 1171

Re: Problem with 6to4 inside PPPoE [SOLVED]

Why you using ethernet interface for pppoe traffic, when your transport is ISP vlan? If you meant that in your ISP infra exists vlan, you don't need worry about it, cause ISP had to pop up his l2 mtu on all his switches. VLANs are only visible in the "outer" side, when I mirror the fibre into one o...
by Anumrak
Tue Oct 09, 2018 5:06 pm
Forum: Announcements
Topic: URGENT security reminder
Replies: 84
Views: 35016

Re: URGENT security reminder

Poor lazy bums.
by Anumrak
Tue Oct 09, 2018 3:13 pm
Forum: General
Topic: Problem with 6to4 inside PPPoE [SOLVED]
Replies: 15
Views: 1171

Re: Problem with 6to4 inside PPPoE [SOLVED]

Why you using ethernet interface for pppoe traffic, when your transport is ISP vlan? If you meant that in your ISP infra exists vlan, you don't need worry about it, cause ISP had to pop up his l2 mtu on all his switches.
by Anumrak
Tue Oct 09, 2018 2:57 pm
Forum: General
Topic: VLAN project. Need help
Replies: 6
Views: 702

Re: VLAN project. Need help

Thanks Anumrak.

Do you know another method? both routers have firmware version 6.43
I heard, but I didn't go into details. Search in Tik's wiki. It just tagging ports via ports in bridge I think.
by Anumrak
Tue Oct 09, 2018 2:47 pm
Forum: General
Topic: VLAN project. Need help
Replies: 6
Views: 702

Re: VLAN project. Need help

Hey. Second one.
by Anumrak
Tue Oct 09, 2018 2:37 pm
Forum: General
Topic: GNS3!! VPLS between CISCO & MIkrotik, VC shows up but cant ping
Replies: 16
Views: 883

Re: GNS3!! VPLS between CISCO & MIkrotik, VC shows up but cant ping

Do you have simmetric vlan on both sides? Do you terminate vlan traffic in sub interface or in service instance in Cisco router?
by Anumrak
Tue Oct 09, 2018 1:39 pm
Forum: General
Topic: L2TP not working via WAN
Replies: 3
Views: 347

Re: L2TP not working via WAN

If you did drop your link, probably it was a NATed IP of your ISP :)
by Anumrak
Tue Oct 09, 2018 1:37 pm
Forum: General
Topic: Getting Error with IPSEC Configuration [SOLVED]
Replies: 3
Views: 525

Re: Getting Error with IPSEC Configuration [SOLVED]

14:56:04 ipsec searching for policy for selector: 172.16.20.2 <=> 10.10.131.212
14:56:04 ipsec policy not found
14:56:04 ipsec failed to get proposal for responder.

Make sure policies are the same on both sides. DH group and encryption method.
by Anumrak
Tue Oct 09, 2018 11:59 am
Forum: General
Topic: L2TP not working via WAN
Replies: 3
Views: 347

Re: L2TP now working via WAN

Hey. It depends how you're going to manage this conenction:
Do you have global IP from ISP? Do you using pure L2TP without IPsec?
by Anumrak
Tue Oct 09, 2018 9:45 am
Forum: General
Topic: Problem with 6to4 inside PPPoE [SOLVED]
Replies: 15
Views: 1171

Re: Problem with 6to4 inside PPPoE [SOLVED]

Hey. Interesting situation. Can I see your PPPoE client config without sens. data and 6to4 tunnel config?
by Anumrak
Mon Oct 08, 2018 5:19 pm
Forum: General
Topic: Bridging VPN Protocol with minimal overhead
Replies: 3
Views: 420

Re: Bridging VPN Protocol with minimal overhead

Hi all MT fans out there. I'm wondering if anyone else has gotten themselves into a prodicament where one needs to pass L2 traffic over L3 (due to MAC limits etc) and found that certain VPN's have different results. Currently I am accomplishing the goal with EoIP, but I can't help but think there i...
by Anumrak
Mon Oct 08, 2018 5:16 pm
Forum: Beginner Basics
Topic: Policy Base Routing not working [SOLVED]
Replies: 7
Views: 627

Re: Policy Base Routing not working [SOLVED]

Figure out I had rp_filter set to strict so it won't work, if I set rp_filter to loose then it will work correctly, but I had no idea why rp_filter=strict will work for static route but not policy routing. Because you have better interface for your packets with source address of your directly conne...
by Anumrak
Mon Oct 08, 2018 4:51 pm
Forum: Beginner Basics
Topic: Policy Base Routing not working [SOLVED]
Replies: 7
Views: 627

Re: Policy Base Routing not working [SOLVED]

Figure out I had rp_filter set to strict so it won't work, if I set rp_filter to loose then it will work correctly, but I had no idea why rp_filter=strict will work for static route but not policy routing. Because you have better interface for your packets with source address of your directly conne...
by Anumrak
Mon Oct 08, 2018 4:44 pm
Forum: General
Topic: GNS3!! VPLS between CISCO & MIkrotik, VC shows up but cant ping
Replies: 16
Views: 883

Re: GNS3!! VPLS between CISCO & MIkrotik, VC shows up but cant ping

Yes i did, P2#sh mpls l2transport vc Local intf Local circuit Dest address VC ID Status ------------- -------------------- --------------- ---------- ---------- Gi2/0.100 Eth VLAN 100 172.16.0.5 100 UP [admin@MT-01] /interface vpls> monitor 0 remote-label: 28 local-label: 38 remote-status: transpor...
by Anumrak
Mon Oct 08, 2018 3:57 pm
Forum: General
Topic: GNS3!! VPLS between CISCO & MIkrotik, VC shows up but cant ping
Replies: 16
Views: 883

Re: GNS3!! VPLS between CISCO & MIkrotik, VC shows up but cant ping

Did you bridged cusomers ports and vlan interfaces together on both sides?
by Anumrak
Mon Oct 08, 2018 3:34 pm
Forum: Beginner Basics
Topic: Not allowing one certain IP address to see the rest of the network
Replies: 14
Views: 903

Re: Not allowing one certain IP address to see the rest of the network

Well, it was talked about L3 communication in the same subnet on the same L2 domain. Which technically makes it L2 communication. So link-local traffic (i.e. in the same subnet) will not hit the router L3-wise. And L2-wise only if the router is used as a bridge that has to be passed for this commun...
by Anumrak
Mon Oct 08, 2018 3:20 pm
Forum: Beginner Basics
Topic: Not allowing one certain IP address to see the rest of the network
Replies: 14
Views: 903

Re: Not allowing one certain IP address to see the rest of the network

It will. Beacause destination address won't be router's IP. It will be router's mac, but not IP. It won't. And the router's MAC is not in the game at all. This will only work if the laptop in question is connected to the router directly (w/o a switch in between) and if "Use IP firewall" is active u...
by Anumrak
Mon Oct 08, 2018 3:12 pm
Forum: General
Topic: Mikrotik routing issue with PPPOE
Replies: 13
Views: 1071

Re: Mikrotik routing issue with PPPOE

Thank a lot. Will try to solve it with ISP or some custom routes. My question covered.
I'm sorry, I did a stupid mistake. You should bridge your uplink port to ISP and downlink port to your IPTV set top box equipment. Your STB should get IP from ISP, not your router.
by Anumrak
Mon Oct 08, 2018 2:19 pm
Forum: Forwarding Protocols
Topic: BGP + MPLS
Replies: 5
Views: 787

Re: BGP + MPLS

First of all, do filtering in bgp routes only, not in OSPF. Second, disable IGP synchronization in BGP:
/routing bgp network synchronize=no. It means that bgp won't compare his routing info with IGP routing table.
by Anumrak
Mon Oct 08, 2018 2:10 pm
Forum: Beginner Basics
Topic: Not allowing one certain IP address to see the rest of the network
Replies: 14
Views: 903

Re: Not allowing one certain IP address to see the rest of the network

Hey. Just set src-address as your laptop and set dst-address as a prohibited network. or you can set firewall rule like this: /ip firewall filter add action= accept chain=forward dst-address= !192.168.0.0/24 src-address=192.168.0.22 P.S.: don't forget to lift this rule up above common forward rule....
by Anumrak
Mon Oct 08, 2018 1:59 pm
Forum: General
Topic: GNS3!! VPLS between CISCO & MIkrotik, VC shows up but cant ping
Replies: 16
Views: 883

Re: GNS3!! VPLS between CISCO & MIkrotik, VC shows up but cant ping

You can't ping hosts between each other or what?
by Anumrak
Fri Oct 05, 2018 3:53 pm
Forum: General
Topic: PingLoss at line 9
Replies: 1
Views: 241

Re: PingLoss at line 9

by Anumrak
Fri Oct 05, 2018 3:45 pm
Forum: General
Topic: Ping Loss at line 9
Replies: 6
Views: 590

Re: Ping Loss at line 9

Don't forget that chassis routers of ISP's have separated control plane and forwarding plane. These routers in trace don't have to answer to you with shortest time stamp, because ICMP being answered on their CPU's. Data flows much faster through them than in them.
by Anumrak
Fri Oct 05, 2018 3:39 pm
Forum: General
Topic: IPsec Mode Config and iPhone6 [SOLVED]
Replies: 11
Views: 1057

Re: IPsec Mode Config and iPhone6 [SOLVED]

Do you have this network configured on your vlan interfaces? 2604:5580...?
by Anumrak
Fri Oct 05, 2018 3:14 pm
Forum: General
Topic: NAT 2 LANs over 2 WANs w/o breaking internal routing
Replies: 10
Views: 736

Re: NAT 2 LANs over 2 WANs w/o breaking internal routing

Do you mean something like this. 155.xxx.xxx.xxx out-interface ether1 and the rest out-interface ether2? /ip address # 1:1 NAT IPs from expensive ISP add address=154.xxx.xxx.2/xx interface=Lo0 network=154.xxx.xxx.xxx add address=154.xxx.xxx.3/xx interface=Lo0 network=154.xxx.xxx.xxx add address=154...
by Anumrak
Fri Oct 05, 2018 2:26 pm
Forum: General
Topic: NAT 2 LANs over 2 WANs w/o breaking internal routing
Replies: 10
Views: 736

Re: NAT 2 LANs over 2 WANs w/o breaking internal routing

I think because of constrained NAT rules.
by Anumrak
Fri Oct 05, 2018 2:21 pm
Forum: Beginner Basics
Topic: Not allowing one certain IP address to see the rest of the network
Replies: 14
Views: 903

Re: Not allowing one certain IP address to see the rest of the network

And... how can i Limit only this one particular MAC address to connect to the WLAN network?

korg
For WLAN you have wireless access list which allowes to connect only macs you want.
by Anumrak
Fri Oct 05, 2018 1:28 pm
Forum: General
Topic: IPsec Mode Config and iPhone6 [SOLVED]
Replies: 11
Views: 1057

Re: IPsec Mode Config [SOLVED]

IPsec mode-config code follows: # oct/03/2018 08:35:40 by RouterOS 6.44beta14 # software id = 1TLQ-B555 # # model = CCR1009-7G-1C-1S+ # serial number = noyb /ip ipsec mode-config set [ find default=yes ] name=request-only responder=no add address-pool=ipsec-RW address-prefix-length=24 name=RW-cfg s...
by Anumrak
Fri Oct 05, 2018 1:23 pm
Forum: Beginner Basics
Topic: Nat 1:1 with two networks
Replies: 1
Views: 220

Re: Nat 1:1 with two networks

by Anumrak
Fri Oct 05, 2018 1:16 pm
Forum: Beginner Basics
Topic: Not allowing one certain IP address to see the rest of the network
Replies: 14
Views: 903

Re: Not allowing one certain IP address to see the rest of the network

Hey. Just set src-address as your laptop and set dst-address as a prohibited network. or you can set firewall rule like this: /ip firewall filter add action= accept chain=forward dst-address= !192.168.0.0/24 src-address=192.168.0.22 P.S.: don't forget to lift this rule up above common forward rule.
by Anumrak
Fri Oct 05, 2018 1:10 pm
Forum: General
Topic: NAT 2 LANs over 2 WANs w/o breaking internal routing
Replies: 10
Views: 736

Re: NAT 2 LANs over 2 WANs w/o breaking internal routing

If the first config breaks LANs connectivity, maybe you should remove your mangle rules and that's it?
by Anumrak
Fri Oct 05, 2018 12:49 pm
Forum: General
Topic: Mikrotik routing issue with PPPOE
Replies: 13
Views: 1071

Re: Mikrotik routing issue with PPPOE

Normally it looks like following.
https://photos.app.goo.gl/4cg9RtkVm58DqpX57
After NAK IP lost - no visual difference
Your ISP made a mistake. He shouldn't give you default route as IPTV ISP.
by Anumrak
Thu Oct 04, 2018 5:20 pm
Forum: General
Topic: NAT failed.
Replies: 2
Views: 223

Re: NAT failed.

Hi forum. I have some questions about my setup. I'm using CCR1016-12S router. Below are some information: Address list Address Network Interface x.x.x.20/29 x.x.x.8 SFP1 x.x.x.22/29 x.x.x.8 VRRP-OUT x.x.x.183/27 x.x.x.192 BOND-IN x.x.x.185/27 x.x.x.192 VRRP-IN For my filter rules in firewall, i con...
by Anumrak
Wed Oct 03, 2018 4:03 pm
Forum: Beginner Basics
Topic: Need YouTube CIDR/Netmask
Replies: 8
Views: 886

Re: Need YouTube CIDR/Netmask

Or he can use tls-host property in firewall filter in forward chain: tls-host (string; Default: ) Allows to match https traffic based on TLS SNI hostname. Accepts GLOB syntax for wildcard matching. Note that matcher will not be able to match hostname if TLS handshake frame is fragmented into multipl...
by Anumrak
Wed Oct 03, 2018 4:00 pm
Forum: General
Topic: Mikrotik routing issue with PPPOE
Replies: 13
Views: 1071

Re: Mikrotik routing issue with PPPOE

How is looks like your route list after receiving IPs from PPPoE and DHCP server?
by Anumrak
Wed Oct 03, 2018 3:49 pm
Forum: General
Topic: IPv6 SLAAC, Router Solicitation
Replies: 8
Views: 794

Re: IPv6 SLAAC, Router Solicitation

Yes. Solicitation sends by the client to router from client src mac to link local multicast address. After router receives this frame, it will sends advertisement from it's unicast src address to unicast destination mac address of client. After user populate it's nd base, it will "talk" with router ...
by Anumrak
Wed Oct 03, 2018 2:21 pm
Forum: General
Topic: Mikrotik routing issue with PPPOE
Replies: 13
Views: 1071

Re: Mikrotik routing issue with PPPOE

What for you need network from dhcp server?
What for you need network from pppoe server?
by Anumrak
Wed Oct 03, 2018 2:15 pm
Forum: General
Topic: Stuck ARP entries with Virtual Machines
Replies: 5
Views: 354

Re: Stuck ARP entries with Virtual Machines

Hi Anumrak!

I don't know if I understand correctly your question but all the hosts ara connected trough the Dell Switch.

I will swap this switch for a new one with 10Gb ports, but when it happens the arp table on the switch are always ok!

Thanks!
Cool :)
by Anumrak
Wed Oct 03, 2018 2:11 pm
Forum: Forwarding Protocols
Topic: BGP + MPLS
Replies: 5
Views: 787

Re: BGP + MPLS

Ok I will do that thank you.

In regards to the static routes for the loopbacks; should they be used or removed and rely on ospf to create the table or keep them with arp check and a distance of eg. 255?
They better be reachable via OSPF advertisments for redundancy.
by Anumrak
Wed Oct 03, 2018 2:09 pm
Forum: General
Topic: IPv6 SLAAC, Router Solicitation
Replies: 8
Views: 794

Re: IPv6 SLAAC, Router Solicitation

It's unicast NDP message from router to client.
by Anumrak
Wed Oct 03, 2018 1:50 pm
Forum: Beginner Basics
Topic: Need YouTube CIDR/Netmask
Replies: 8
Views: 886

Re: Need YouTube CIDR/Netmask

Type in Windows command line: nslookup youtube.com
by Anumrak
Wed Oct 03, 2018 10:11 am
Forum: Forwarding Protocols
Topic: BGP + MPLS
Replies: 5
Views: 787

Re: BGP + MPLS

MPLS works only with link-state protocols enabled(In Brisbane 1 it's disabled). So, first of all, enable OSPF, then make sure LDP works correctly, and only then try to troubleshoot your MP-BGP.
by Anumrak
Tue Oct 02, 2018 5:14 pm
Forum: General
Topic: Stuck ARP entries with Virtual Machines
Replies: 5
Views: 354

Re: Stuck ARP entries with Virtual Machines

Does it happens without connection to RB?
by Anumrak
Tue Oct 02, 2018 5:08 pm
Forum: Beginner Basics
Topic: port forwarding not working
Replies: 5
Views: 402

Re: port forwarding not working

What exactly ip address do you receive from ISP? If you behind his NAT, port forwarding won't work.
by Anumrak
Tue Oct 02, 2018 5:05 pm
Forum: General
Topic: Site to site GRE over IPSec
Replies: 2
Views: 314

Re: Site to site GRE over IPSec

With public IPs it is very simple to connect gre over IPsec between 2 sites. Also it has to be simple to manage manual ipsec configuration with pure gre tunnel.
by Anumrak
Tue Oct 02, 2018 2:46 pm
Forum: Beginner Basics
Topic: Bonding 2 WAN
Replies: 5
Views: 2104

Re: Bonding 2 WAN

Hello, also a beginner question. I was searching for combining 2 WAN from ISP to get more available bandwith in total. I found many articles and tried also some of them. But all ended in "Load Balancing" and not "Bonding". Is there any article that describes the aggregation of both WAN? What I need...
by Anumrak
Tue Oct 02, 2018 2:39 pm
Forum: General
Topic: Internet Speed(20M) + Youtube Speed(30M) = Youtube(50M)
Replies: 4
Views: 517

Re: Internet Speed(20M) + Youtube Speed(30M) = Youtube(50M)

How and where your Internet speed and youtube cache are limited?
by Anumrak
Tue Oct 02, 2018 10:08 am
Forum: Beginner Basics
Topic: port forwarding not working
Replies: 5
Views: 402

Re: port forwarding not working

Wrong interface:
add action=dst-nat chain=dstnat dst-port=9000 in-interface=BR-bob \
log=yes log-prefix=dst-nat protocol=tcp to-addresses=192.168.1.51 \
to-ports=9000

BR-bob should be pppoe-out1-centutylink.
by Anumrak
Mon Oct 01, 2018 7:34 pm
Forum: Scripting
Topic: Smart Swithing
Replies: 2
Views: 836

Re: Smart Swithing

https://wiki.mikrotik.com/wiki/ECMP_load_balancing_with_masquerade#Routing You can use asymmetric bandwidth links also - for example one link is 2Mbps other 10Mbps. Just use this command to make load balancing 1:5 / ip route add dst-address=0.0.0.0/0 gateway=10.111.0.1,10.112.0.1,10.112.0.1,10.112.0...
by Anumrak
Mon Oct 01, 2018 5:14 pm
Forum: Forwarding Protocols
Topic: OSPF Multiarea scenario and redistribuite-connected
Replies: 10
Views: 1019

Re: OSPF Multiarea scenario and redistribuite-connected

You wrong about this: "so traffic chose the "worst" path because OSPF always prefer inter-area path instead of intra-area path and don't consider costs of interfaces."

https://cciethebeginning.wordpress.com/ ... ing-rules/