MikroTik

mozerd

started using the CCR1009-7G-1C-1S+PC and from the description it seemed to me that combo port should be used as WAN from ISP, but I can't figure out how to set it up so that the connection from my ISP would come to that combo port so that I can use the remaining ethernet 1-7? You should be able to...

mozerd

Ccr1009 has atheros 8237 switch chip that according to the manual supports hw offload when dhcp snooping,igmp snooping,vlan filtering and mstp are off... so why i dont see hw offload enabled ?

The new generation of CCR Routers do not any switch chip ..... That is. FYI

mozerd

I will certainly try again, and report back. It is 3.10pm South African time now and I have been at it since early (no success so far), so my brain is jelly at the moment. It should not be as hard as you seem to be experiencing. Can you describe how the chain of gear you are using is connected? I.e...

mozerd

Information and capabilities for the Audience Mesh is very sparse .... specs looks interesting but not interesting enough for me to make a trial investment without much further usability information. MikroTik should show off some real world application to demonstrate Audience Mesh properly.

mozerd

In other words, what is the real concern you are attempting to articulate but being too vague about it?? Hi anav Audience TriBand Mesh is a brand new product so its too early for any concerns. I do not use MikroTik wireless for ANY of my clients --- I only use Ubiquiti wireless AP's for custom inst...

mozerd

Question is not clear. The Audience runs standard RouterOS. It supports ipv6 just like any other MikroTik device.

Can you please show some Winbox screen shots of Audience in action and RouterOS interaction with ipv6 enabled wireless clients.

mozerd

How does the Audience Tri-band mesh AP support ipv6?

mozerd

6.45.3

*) rb4011 - fixed SFP+ interface linking (introduced in v6.45.2);

Fixed? I do not believe its fixed based on the experience in the Following thread"
MikroTik RB4011 SFP+ GPON

How disappointing and unprofessional!

mozerd

By the way just because the word GURU is next to my name it doesn't mean I know jack sheite.

You may not know jack sheite BUT IMO you're one very smart hombre

mozerd

It will be another load of fun if we ever decide that we actually want direct communication. Because unless something changed, recommendation for default router config (home devices and such) was to block new incoming connections from internet. So you will have devices all with public addresses, bu...

mozerd

A long time ago, there was the sound of perfecting ipv6 modules in the forum. It has been nearly six or seven years in an instant, and many functions are still lacking. ipv6 nat, policy route, routing mark, and many other functions are completely absent. I tried opnsense, pfsense and vyos, edgeos, ...

mozerd

:

• PWR-LINE PRO

Download the newsletter here:
https://download2.mikrotik.com/news/news_90.pdf

Most Power-Line adapters made by the competition are sold in packages that contain 2 adapters.
Its not clear to me if the PWR-LINE PRO package contains 1 or 2 adapters --- please clarify.

mozerd

6.45.3

*) rb4011 - fixed SFP+ interface linking (introduced in v6.45.2);

Very strange that no official announcement on the Forum and when using Winbox "Check for updates" only 6.45.2 displays.

mozerd

But my bad luck at this time was not gone. After downgrading both firmware and RouterOS to the previous version my router still refused to obtain the ip-address from the ISP via DHCP. I got in touch with the ISP support and they checked that the switch port my RB is connected to is set properly (ne...

mozerd

TL;DR: There is a fault with the RB4011 supporting communication with some gigabit or gigabit-like SFPs (see forum comments about interface not working after upgrading firmware). Once resolved, the brochure page should more correctly say 'The RB4011 does not support Passive DAC modules or dumb SFP ...

mozerd

No. An interface is the module that you put into your SFP/SFP+ cage, not the cage itself. The specification of the cage itself is (almost) purely mechanical. And my understanding is that both host software and host hardware must be compatible with the type of transceiver you want to use. It appears...

mozerd

SFP/SFP+ are Network INTERFACES and these network interfaces should work much like any other network interface. THAT is the whole point . The small form-factor pluggable (SFP) is a compact, hot-pluggable network interface module used for both telecommunication and data communications applications. ....

mozerd

EPON SFP VS. GPON SFP
http://www.fiber-optic-components.com/e ... n-sfp.html

IMO, smarten up MikroTik!

mozerd

MORE Info on FTTH -- in Canada Bell uses GPON for FTTH and that means <<<< ---- >>>> point to multi point . Standard SFP/SFP+ modules are point to point. Plus there needs to be a processor in the GPON SFP to encapsulate the Ethernet frames into the GPON frames. The issue is that Standard modules don...

mozerd

@Error0x29A, thanK you —— so MikroTik used an ineffective chipset to drive the SFP+ cage .... I will no longer recommend this product and in fact I will discourage others from acquiring/using this POS.

mozerd

Same thread here .. https://forum.mikrotik.com/viewtopic.php?t=140806 The thread you linked to has some similarities BUT it is NOT the same. Its quite apparent that RouterOS and SFP[+] cages [interfaces] do not interact with consistency across all MikroTik routerboards --- and THAT is a real shame ...

mozerd

HUAWEI MA5671A SFP >>> This is a GPON SFP module

Why does the HUAWEI MA5671A SFP module WORK in the MikroTik RB2011 SFP port but does not work in the MikroTik RB4011 SFP+ port?

mozerd

SFP+ interface compatibility settings with SFP optical transceivers SFP+ interface compatibility settings with SFP optical transceivers For MikroTik devices with SFP+ interface that support both 10G and 1G link rate following settings are needed to be set on both linked devices for required interfa...

mozerd

Latvia is a small country in northern part of Europe. Latvia is part of the European Union, Eurozone, EEZ and Schengen. The Latvian language and culture is unique and share nothing in common with Russia. For a part of the 20th century, Latvia was forcefully occupied by the Soviet regime, but this m...

mozerd

(a) What is Mikrotik target group? Business or consumers. (b) What is making Mikrotik unique, why pick Mikrotik instead of Cicso? (c) Do Mikrotik have any limitations? If any, what can MicroTik do too improve? (a) tech savvy people (b) a superb value proposition that is -- so far -- unmatched by an...

mozerd

While Mikrotik has it's share of problems with proper operation of different SFP modules (even with basic things, such as reading diagnostic values like temperature, Tx & Rx power, ...) I don't think its the problem in hardware implementation of SFP ... SFP interface is well standardized. But then ...

mozerd

And such "intelligent" SFP modules need some support from router which router might not know how to provide. Due to this GPON by Bell might not work any better on Routerboards when they move to 10Gbps sync rate. Thanks @mkx ...... so what you're saying is that due to MikroTik's SFP[+] implementatio...

mozerd

You appear to be confusing Active vs. Passive optical networks with Active vs. Passive SFP+ modules: All optical SFP[+] modules themselves are active as they contain electronics to convert between optical and electrical signals. Only direct attach cables (DAC) can be active or passive - active cabl...

mozerd

So David, are you saying that in the near future we may be able to connect the RB4011 directly to the incoming fibre line from the street and bypass the ONT? I know the technician spent some time configuring the ONT to the account settings on their database (so they talk to each other). How would y...

mozerd

Something is definitely wrong with your RB4011 ... try one more process of running netinstall-6.45.1 .... this will eliminate any form of corruption in the NAND memory and reinstall ROS -- then proceed with your Copper SFP as WAN link to see if that works -- it should and if it does not then I would...

mozerd

My apologies I misunderstood. Is you Cable Gateway in Bridge mode? The power levels are excellent and your RoS code looks good to me. Confirm that your Ethernet cable is good.very strange that you’re not getting the throughput ..... perhaps a defective port, try another port. Also make sure to shutd...

mozerd

I ended having to swap the cisco device back in. Having tried every permutation of interfaces, MSS clamping, doing packet captures (shed loads of DUP ACKs)

If you sincerely want to be helped you need to answer some of the questions asked -- which questions you have chosen to avoid.

mozerd

Current: DOWNLOAD 12.09 Mbps UPLOAD 36.14 Mbps Virgin Media<->Vodafone IE Previous: DOWNLOAD 341.11 Mbps UPLOAD 35.96 Mbps Virgin Media<->IP Telecom router-pdn-export.rsc Some questions: I will assume that your WAN connection is Fiber from Virgin Media -- so is the Cisco GigE SFP module white-liste...

mozerd

This is what happens when you dont regulate industry and companies play these stupid games. Make a standard and follow it. The standards are there and they are being strictly enforced ... and I believe that MikroTik adhere to the standards .... the problem is how the PON providers choose to impleme...

mozerd

Has anyone tried to login into the SFP and using shell commands to change the rate to see if it connects to RB4011 at 1Gb? @Error0x29A, YES you make excellent points. I have not not tried to login into the SFP .... did not know that could be done because Root is locked on RoS ??? In Canada Bell pro...

mozerd

As I wrote in another post, Russian users have no problems using GPON modules with theirs RB4011. Perhaps not all GPON models are supported but GPON SFP Sticks from Zisa OP151S and D-Link DPN-100 are reported as working https://translate.google.com/translate?sl=auto&tl=en&u=http%3A%2F%2Fforum.ru-bo...

mozerd

Strange. Users in Russia have no problems using SFP modules with RB4011 like D-Link DPN-100 or Zisa OP151S. They are sourced from T&W Shenzhen Electronics. Easily recognizable by firmware starting as TW2362H-CDxx In Canada, Bell company provides at least 2 Nokia and 1 Huawei to their customers. Are...

mozerd

Mozerd just to be clear with the SFP port and that is there is nothing wrong with using that port downstream on your network when matched/mated with the right components, not everybody or every situation assumes the sfp port is upstream to the provider??? the whole point of SFP [+] port is to conne...

mozerd

Services - PPPoE, SQM QoS cake?, ipv6 tunnelbroker, upnp and ability to add/ customize further. What to consider? Option 1: New router with built in wifi? Option 2: New router only + Tenda AC18 as wifi access point? Option 3: New router + new wifi access point? Some are suggesting the RB4011 and Ye...

mozerd

Hi all, i'm not very skilled in networking except that i know some basics. Anyway, i set FW rule to drop incoming connections from this IP 141.98.80.115 But everyday i see in the logs that this IP is trying to get access to my router. A FYI; MOAB has IP 141.98.80.115 listed as an attacker .... IP L...

mozerd

Similar networks can be already made by using our devices, as explained by Attila Bologh in MUM Hungary 2019
https://mum.mikrotik.com/presentations/ ... 506180.pdf

EXCELLENT presentation by Attila Bologh -- business opportunities galore --- very entrepreneurial.

mozerd

Yes, I also would like and official response regarding this subject as some of my clients are based in the US and subject to US Gov directives.

mozerd

But don't misrepresent the reason for your price doubling.

No misrepresentation ... my bandwidth costs have doubled so based on that I decided I would double the price for a subscription. Thanks for your interest in my business affairs .. to me you pe1chl sound like a Socialists/communist.

mozerd

(and I don't think you have many other costs, as the data sources you use are free and you are using this forum to get your advertising for free) 65% of my business for MOAB is derived from systems my organization builds for people and sold into my local marketplace and the USA .... 5% is derived f...

mozerd

What was the cost before the price hike? What is the percentage increase and why is the increase necessary? What was the cost before the price hike? US $60 per year What is the percentage increase and why is the increase necessary? percentage increase is 100% .... my bandwidth costs have doubled so...

mozerd

NOTICE of MOAB subscription price change:

For new users and effective June 1, 2019 annual subscription cost will now be USD $120 ....

Existing users will be subject to the price increase upon renewal of service.

mozerd

Celebrating 1 billion hits ON A DAILY BASIS >>>> based on 600 Tik Routers using MOAB. Thanks to all my users.

mozerd

Notice of CHANGE to subscription model. OLD method: Annual Subscription was based on your Mikrotik Serial number New method: Annual subscription will now be based on your WAN IP Address ... For organizations that have multiple TIKs --- serial number subscriptions will change to account number subscr...

mozerd

RB760iGS (hEX S) with the SFP being cooled.

@msatter pray tell how do you cool the SFP on your hEXs ... got a pic?

mozerd

Our trusty Putty has been updated to version 0.71. A time ago a vulnerability was discovered and through the EU-funded bounty program a few more were shared. The latest version can be downloaded from: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html Change log: https://www.chiark.gree...

mozerd

DID you KNOW that MOAB designed to protect YOUR network for amply provisioned MikroTik Routers AND for memory constrained MikroTik Routers include FireHOL-Level1 block list And within firehol_level1 among the 628 million ip addresses covered includes 100% of spamhaus_edrop and 100% of spamhaus_drop...

mozerd

You should enable DHCP VLAN on your phone: https://www.grandstream.com/sites/default/files/Resources/VLAN_Guide.pdf Or configure the VLAN manually. MikroTik does not currently support LLDP-MED which is necessary for communicating voice VLAN ID to phones. This normally isn't a huge problem since mos...

mozerd

Based on March 12, 2019 Check out Change History for FireHOL_Level2 level2changes.GIF Based on March 12, 2019 Check out Country Map Covered by FireHOL_Level2 countrymapl2.GIF MOAB includes firehol_level2 in its blacklist for MikroTik Routers having a minimum of 1 GB of RAM Did you know that MOAB inc...

mozerd

Don't ever go back to QuickSet. It's not meant to deal with advanced setups such as yours (which includes VLANs). AMEN ! amen and another AMEN. IMO QuickSet should NOT exist for Routers branded MikroTik .... for dummyTik yes or if QuickSet is used with a CAVEAT that ALL advanced functionality is no...

mozerd

Huge spike

fireHOL_level2.GIF

Notice the huge spike in attacks March 5 to TODAY

MOAB includes firehol_level2 in its blacklist for MikroTik Routers having a minimum of 1 GB of RAM

PREREQUISITES First

mozerd

voipBL protects against VoIP Fraud and minimizing abuse for network that have publicly accessible PBX's

If you spend the time to actually READ through link below you actually will see very interesting information.
Evolution of voipbl

voipTIK

PREREQUISITES First

mozerd

UPDATE Effective March 15, 2019 for memory constrained MikroTik routers like the hEX and hAPac2 wsiptik.rsc will now be integrated into mtiptik.rsc and that will eliminate approximately 550 duplicate ip addresses. for well provisioned MikroTik routers including the CHR and the x86 wsiptik.rsc is bei...

mozerd

The firewall was set up. What do you mean? Is there remote access to ports 80 and/or 8291 to your router? (the default firewall does not allow that, but maybe after your setup it does) In almost EVERY MikroTik Router I have been asked to remotely install MOAB the Firewall was reconfigured from defa...

mozerd

UPDATE I am in the process of creating a MikroTik specific blacklist for VoIP and specifically aimed to protect against VoIP Fraud and minimizing abuse for network that have publicly accessible PBX's I currently have one prospective client who is trialing this blacklist and providing me with very g...

mozerd

Mozerd, any country where devices are manufactured are suspect and anywhere along the distribution chain (incoming or outgoing from-to a country). I am not sure where MT devices are actually made (chips, CB, assembled etc) but I have my doubts that the Latvian govt has an NSA or Red Army equivalent...

mozerd

I don't mind if someone opens the lid and peaks inside, its a good way to find out if a. chips on board have nefarious firmware attached............ (That the vendor may not know about if bought abroad, notice I didnt say China). Why would any VENDOR including MikroTik trust anything involving comp...

mozerd

don't ever use VID=1 in any setup and always have frames tagged in LAN infrastructure ... untagged should only live on access points (wires outside active LAN infrastructure perimeter and wireless SSIDs). I'm sticking to these rules and I don't have any problems whatsoever (neither conceptual nor r...

mozerd

, if traffic doesnt match a rule I have (for a specific purpose), then off with its head!! Yes I AGREE :-) I for one do not fully comprehend under what circumstances I would want to use connection-state=new ::: I have never had a situation where I've needed to use that directive ... do I need more ...

mozerd

@pcunite
very NICE [excellent] work

Not sure if the following is a typo or otherwise

the rsc file called switch one comment line has:

Because weird, we "also" add the Bridge

So do you mean wired or actually weird

mozerd

I like the following:
https://creately.com/lp/network-diagram-software-online

and if you use Google Chrome for a browser the app is PERFECT IMO.

mozerd

Very glad that YOU found the .OOPSY. ... rock on !!!

mozerd

Mozerd, you are looking at the wrong user manual LOL. https://wiki.mikrotik.com/wiki/SwOS/CSS106 Is the correct one. Once you hae the correct UG in front of you, my elegant non-picture post will be much clearer (if you can write scripts, this is not complicated) By the way I did open up the Obi202,...

mozerd

Can you please post pictures of your SWOS TABS as follows:
1. VLAN menu
2. VLANs menu

Your response to my question is far too complicated for me

I like pictures better.
The following pictures is what I am after:

mozerd

Okay I reviewed all my settings. I now have trunk port1, port 2 is going to unmanaged switch, port 3 vlanxx going to vidcam hub, port4 vlanyy to voip modem, and port5 vlanzz going to NAS. I have configured ports 3,4,5 identically only difference being vlan number. Ports 3 and 5 work great but port ...

mozerd

Well, that's bad that simple things like VLANs relies on ISP. Or maybe it's ok and I just don't understand it well :D Anyway thank you very much! 99% of the general public do not have the ability to configure subnets [vlans are a form of subnets] ..... so most isp take the easy raod and jsut provid...

mozerd

Hum... why not deliver via BGP and on site do blackhole routes with routing filters? it would not rape the storages and cpu at all. you could account the bgp peers with the 60 bucks and secure it with vpn and just use ibgp. a client can secure its router by some deny rules. for example to net let y...

mozerd

Up until now most ISP’s that I am familure with will not provide a static ipv6 .... and if there are exceptions I am certainly not aware of those ISP. So for the time being check with your isp and find out if they will allocate more than one /64 ... tell them that you run 2 subnets they may accomade...

mozerd

My ISP Rogers dishes out multiple /64 plus other options like /56 although that may have changed recently. for a long time I was using /64 and assigning to each subnet or vlan. With Ubiguiti Routers its very easy to do that utilizing a commands like: set interfaces ethernet eth0 dhcpv6-pd pd 0 inter...

mozerd

Thank you! I'm getting /64 prefix via DHCP client.
I tried your config but second command gives me error "pool exhausted - no more addresses left". Why?

I have no idea why.

Who is your ISP?

Can you please post your Config
/export hide-sensitive file=spixxyconfig terse

mozerd

Following is my config for ipv6 based on my ISP proving me with a prefix /56 /ipv6 address add from-pool=rogers-ipv6 interface=vlan10 /ipv6 address add from-pool=rogers-ipv6 interface=vlan20 /ipv6 address add from-pool=rogers-ipv6 interface=vlan40 /ipv6 dhcp-client add add-default-route=yes comment=...

mozerd

Just a reminder in case the casual lurker is interested THAT MOAB blocks over 600 MILLION IP Addresses of known perpetrator's [ the Bad Guys ] … that's over SIX HUNDRED MILLION …. In other words, MOAB blocks more than 16% (SIXTEEN PERCENT!!!) of all ipv4 routable addresses :) @Chupaka To be precise...

mozerd

Just a reminder in case the casual lurker is interested THAT
MOAB blocks over 600 MILLION IP Addresses of known perpetrator's [the Bad Guys] … that's over SIX HUNDRED MILLION …. no other blacklist for MikroTik specific gear does that to the best of my knowledge.

PREREQUISITES First

mozerd

Mozerd can you clarify if this functionality is for providers or for the end users? I use VoIP at home and my service is never interrupted and thus was wondering??? aimed to protect against VoIP Fraud and minimizing abuse for network that have publicly accessible PBX's Primarily for providers who h...

mozerd

UPDATE I am in the process of creating a MikroTik specific blacklist for VoIP and specifically aimed to protect against VoIP Fraud and minimizing abuse for network that have publicly accessible PBX's I currently have one prospective client who is trialing this blacklist and providing me with very go...

mozerd

Deleted due to OP believes it to be unconstructive -- My Apologies.

mozerd

DELETED because OP believes its not constructive … My Apologies.

mozerd

UPDATE FYI Effective immediately I will no longer be providing MOAB for RB4011 devices. The RB4011 uses NAND memory == MOAB write/reads 4,300 times over a period of 365 days which may be deleterious to the RB4011 Router's life span MOAB will only be supported on MikroTik Routers that utilize USB me...

mozerd

The RB4011iGS+RM acting as your Router and the CRS328 acting as your Switch I believe would provide you with 1 Gbps symmetrical throughput. And Yes -- GPON SFP connecting directly to the fiber network would be the approach I definatly would recommend. You may need to do some reconfiguration of the R...

mozerd

죄송합니다.이 포럼은 영어로되어 있습니다. RouterOS v7이 개발 중에 있습니다. CHR에서 x86 버전의 현재 한계를 해결하기 위해 노력하는 것이 좋습니다.

나는 유창한 한국어를 할 줄도 몰랐다. 당신은 진정한 다재다능한 예술가입니다! :-디

Вавилонская башня

mozerd

@francoislepage Very nice report. ! for one do not believe that you can get to 1Gbps using your config with the CRS328 ... I believe that the CRS317 could do it using your config test bed. My overview is simply based on comparing the Test Results published by MikroTik for the respective devices.I do...

mozerd

Yea, check Overlaps of firehol_level1 with other IP
http://iplists.firehol.org

mozerd

Yeah, hope they plan to do something about it or create a more manageable/flexible solution in the future. How many lines (give or take) is the end result? I'm wondering since I'm interested to use the Spamhaus drop/edrop "real-time" lists. Will the total aggregate work on a CCR do you think? My CC...

mozerd

Any thoughts about a secure way to update the address list online that doesn't take forever ? The wipe and clean method is highly insecure because the lengthy import times that is direct related to the huge import volumes. Btw, what lists are you using from FireHOL ( iplists.firehol.org ) ? Untill ...

mozerd

Is there any way to use some kind of "dynamic" ip address lookup within the firewall (with eg DNSBL check) in the instead of using the build-in static address lists? The objective is to move out all the static address lists to a server since they've grown to big for RoS. Background to my question i...

mozerd

Sorry for Offtopic but I have to:

Welcome reiniss2!
And congrats on your first reply - it is perfect.
In the future, don't let random users annoy you. There are plenty of us, who truly appreciate great support!

+1
Yes 100% and Welcome reiniss2!

mozerd

UPDATE FYI Effective immediately I will no longer be providing MOAB for RB4011 devices. The RB4011 uses NAND memory == MOAB write/reads 4,300 times over a period of 365 days which may be deleterious to the RB4011 Router's life span MOAB will only be supported on MikroTik Routers that utilize USB mem...

mozerd

A little birdie whispered into my ear that March is a welcoming month full of surprises.

mozerd

What's the real status of said port? One thing that might cause observed behaviour: when a PC goes to power saving mode (either sleep or even off, but with WOL enabled), the ether port stays active but it might well switch down to 10Mbps mode ... saves some energy while it still can receive WOL pac...

mozerd

I also observed that ether3 is flapping consistently ??? [haloSW@haloSW] > log print where message~"ether3" 00:38:28 bridge,info hardware offloading activated on bridge "bridge" ports: ether3 05:55:57 interface,info ether3 link up (speed 10M, full duplex) 06:01:02 interface,info ether3 link down 06:...

mozerd

Check the ether ports MAC addresses ... most probably one of MACs listed belongs to the bridge (and hence to MGMT interface) while the other MAC address belongs to another ether port ... it's worth to examine as to why it actually announces its own MAC to the world ... proper bridge member ports sh...

mozerd

If CRS' IP config is on MGMT interface, then I don't have any idea about why you can't connect via ssh to the port you've set instead of standard port 22 ... @mkx You [me and the goal post] will be pleased to learn that configuring the IP on MGMT interface does NOW work and both my pc devices can S...

mozerd

When IP Address is set to bridge from my wired and wireless PC I can ping the Switch address

bridge.GIF

ping_bridge.GIF

When IP Address is set on MGMT Interface from my wired and wireless PC ping the switch Address fails

mozerd

If CRS' IP config is on MGMT interface, then I don't have any idea about why you can't connect via ssh to the port you've set instead of standard port 22 ... mkx, thank for all your efforts to help. I am rarely stumped but this one does it. :-) what I want to accomplish should be a breeze to config...

mozerd

OK, CCR's firewall denies most of inter-VLAN connectivity. When CRS' address is set on MGMT ... where is your PC connected? To ether3 of CRS as mentioned in one of your early posts or ether8 from a later post? Is ether3 (ether8) still configured with pvid=10? How do IP settings on PC, plugged to et...

mozerd

When I change MGMT IP from bridge to Interface Winbox works but SSH does not. Do you use IP address in winbox to connect or MAC address? If IP address, are you trying winbox and ssh from same PC? Do you have any FW rules defined? In Winbox I use MAC Addy. Currently I have no FW rules defined in the...

mozerd

No, in your case you need to start using the MGMT interface. It is L2 interface, untagged "on the side" where you're about to use it (e.g. as member of LAN interface list which would allow you to use MAC winbox from a PC which is member of VLAN 10). mkx, on the switch I do not have any 'list' defin...

mozerd

I find the following somewhat confusing: Taken from the Wiki In case VLAN filtering is used and access from trunk and/or access ports with untagged traffic is desired To allow untagged traffic to access the router/switch, start by creating an IP address on the bridge interface. /ip address add addre...

mozerd

If you want to have management access via IP over VLAN 10, you have to configure IP stuff in /ip address etc. on interface=MGMT (not on interface=bridge as it is now). To have access via IP from other VLANs it's probably best to configure firewall (both on switch and router) accordingly, connectivi...

mozerd

[1] On my wired PC that connected to ether8 of the switch I only have access using Winbox no access using SSH. [2] On my wireless laptop no access to Winbox or SSH using PVID 10 regardless of the fact that the Laptop is in the same subnet. [3] Using PVID 1 the wireless laptop and wired PC have Winbo...

mozerd

So that's where (CCR) you need to do your routing: define vlan10 on eth7 (if needed) and route / nat as normal My CCR1007 is working jsut fine :-) Thanks sebastia So after I fixed the port pvid issue reported earlier I now have regained access to the Internet. Sure would like to know why it is that...

mozerd

I would advise to isolate mgmt network... But if you insist ;-): where do you do your routing? what is your "uplink" / trunk? There is no routing here (rightfully so) add bridge=bridge tagged=bridge,ether24,ether23,ether22 untagged=ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10 vlan-ids=1...

mozerd

OOPS just noticed that after switch reboot all my Port PVID settings are lost. ???? Stay Tuned.

mozerd

Lost internet, from which device?

From the PC I use to manage the switch and Router. The PC resides on van10.

mozerd

Prior to making the 2 suggested changes Internet was accessable So Managemet Port now works but access to Internet does not Following is updated config # jan/02/1970 06:08:51 by RouterOS 6.43.8 # software id = 6K0L-9RGW # # model = CRS326-24G-2S+ # serial number = xxxxxxxxxxxx /interface bridge add ...

mozerd

[EDIT] Now from my PC I can access the Switch via SSH and Winbox. but I am no longer able to access the Internet.

mozerd

ssh service enabled? on right port, from config "set ssh port=xxxxx"

also the user needs right to ssh. and user can be limited to a range, check that too

Thank You. Yep SSH service is enable with the correct port -- . Will check permissions....

mozerd

Hey You need to create a vlan interface on bridge with vid=10. This will be the interface by which you'll access the crs from vlan10. Currently the switch is accessible through: eth1, 2, 22, 23, 24, sfp1 & 2 (untagged) Thanks @sebastia So I did the following: /interface vlan add interface=bridge na...

mozerd

Just got this Switch and I am having some difficulty understanding how to get a management port working. following is my configuration using RouterOS currently configured as a Switch with a number of VLANs; # jan/05/1970 13:41:53 by RouterOS 6.43.8 # software id = 6K0L-9RGW # # model = CRS326-24G-2S...

mozerd

Free Trial Period end at midnight Monday December 31, 2018.
No New Year miracle had happened =(

Miracles

are expensive to dish out .. very best wishes!

mozerd

MOAB 14 day FREE TRIAL Period now available to MOAB FIRST Time users . Effective immediately a 10 day MOAB FREE Trial Period is available to MOAB First Time Users who want to trial MOAB prior to purchasing a subscription - MOAB First Time Users must request the MOAB Free Trial Period with a Yes or N...

mozerd

Free Trial Period end at midnight Monday December 31, 2018 . To continue with MOAB without service disruption, your subscription payment must be made by end of of Day today otherwise Free Trial Account will be deleted at 5 minutes past midnight. Subscription payment of USD$120 via PayPal Link . Tha...

mozerd

Unfortunately the MikroTik SFP+ port on the 4011 router cannot sync at 2.5 Gbps. It can sync at 1 Gbps or 10 Gbps.

mozerd

Seriously? Somebody needs better sleep, I think. ........... ...................... .................. Your wishlist is for something completely different. The PWR Line is for your smart radiator thermostat that needs to access the hub, or for your childs old iPhone 4, so that they get notification...

mozerd

Then it's either wrong configurations or faulty units. I thought there was something wrong with the firmware. I was on 2.8, now downgraded to 2.7 just in case. I will test it and see but probably will have to wait 6-10 days. [edit] oops my mistake ... the unit I purchased is the CRS326 and not the ...

mozerd

Thx, I'll send you email a bit later. I'm wondering just because there's no Serial Number in CHR, so it doesn't meet your prerequisites

@Chupaka
How is MOAB working for your CHR implementation? Looking forward to your constructive feedback.

Wishing ALL a Blessed Christmas ...

mozerd

Short question: is it possible (and how) to create IPv6 subnets with address prefixes out of a given (larger) address pool?. Yes it is possible, I am doing this with 3 vlans and it works perfectly. My ISP gives me a /56 Following is my ipv6 code that perhaps can help you get there. /ipv6 address ad...

mozerd

That would be a wise move in my estimation.

Yep, the HK server will be moved to Singapore within the next hour just confirmed.

mozerd

UPDATE: MOAB must be having an impact because the Chines RED Army is trying very hard to crack my MOAB hosting sites. The following IP 222.186.23.24 is hammering my webhost but so far I have not had any complaints of service unavailability. This 222.186.23.24 adresss belongs to: CHINANET-JS CHINANET...

mozerd

+1

+2

mozerd

We have made a table view comparison matrix for some products. Let me know what you think, what's missing and what's not working:
https://mikrotik.com/products/matrix

(tip: use the full screen link)

Outstanding, very nice to see and work with and agree with @msatter suggestion.

mozerd

I don't know what 4K you think you have, but normally even barely compressed 4K content is at 50-60Mbit bitrate. As to the OP, we need more info about your device and the exact issue as you observe it. @normis, @bugsy stated that he has the MikroTik CRS109-8G-1S-2HnD-IN I want to buy something that...

mozerd

Is there a good reason to get a CCR1009 over a 4011 ? The price is quite different. Thanks again. To answer your question you need to define your requirements. I prefer the CCR1009 because it has the power I need ... but it may be overkill for your needs .... tell us what you want to use the gear f...

mozerd

Even a CRS series device should be able to pass those 113MBit.
-Chris

Chris , just to clarify @Bugsy stated 113MB ... to me that is equivalent to 904 Mbps

mozerd

I should have said assume not know. I'm sorry. So there is nothing I can do? As said if I connect the PC directly to the modem right now I get 113.5 MB/s in real life performance without issues and over the mikrotik the speed stops raising fast around 100 MB/s and sometimes reaches 107 but usually ...

mozerd

In terminal run the following:

/system logging
add topics=wireless,debug action=memory

this will provide you much greater detail and perhaps a clue as to why this is happening that you may be able to fix. Just be paitent in watching the logs..

Wireless Debug Logs

mozerd

We are working on that for v7

This appeared on my radar screen THIS AM with the moniker of UFO ... NORAD sent 3 F18 jets to try and intercept but failed to catch the phantom OS.

mozerd

I'm interested in testing this for my home. Do you offer like a 30 day trial?

Check out
viewtopic.php?f=2&t=137632#p697948
for answer to your question.

mozerd

OK I solved the issue by adding the MAC Addy to the Wireless ACL to disallow further communications from the UNKNOWN Source -- this effectively stopped the log entries.

FYI, the wireless debug was a big help in coming to this resolution.

mozerd

This usually means the client is using the wrong WPA2 key.

All known clients have no problem connecting or staying connected ...

mozerd

The hAPac2 is located at a Client site. The SSID being utilized is unique. In searching the forum I observed that lots of people are complaining about the same issue with other MikroTik wireless models and a few suggestions. I will try some of the suggestions and hope that some of those will fix the...

mozerd

On the hAPac2 hotspot is disable and using default firewall .... firmware 6.43.7 Logs are filling up [in the hundreds one every 20 seconds] with the following: 10:A2:DE:EF:5D:88@wlan1: connected, signal strength -45 10:A2:DE:Ef:5D:88@wlan1: disconnected, unicast key exchange timeout Question: how to...

mozerd

there is a "system-id" in
Code: Select all
/system license

Thank you vecernik87, for the CHR system-id would work for me.

mozerd

I'm wondering just because there's no Serial Number in CHR, so it doesn't meet your prerequisites :) OK, I can create a unique serial number for your CHR instance and tie that to your IP address assuming your WAN IP is static. If you are using multiple WANs per CHR then you'll need to ID the IP's [...

mozerd

Can MOAB be used on CHRs? I have no experience with MikroTik CHR. -- I do not see why it could not be used. But if you would like to test it out I would be happy to accommodate. The key component is how much available RAM memory is available and storage requirement like USB memory stick or SSD. Che...

mozerd

UPDATE MOAB has grown in size For well provisioned MikroTik Routers like the CCR's etc MOAB is now close to 3 MB For all other MikroTik Routers much like the hEX and the hAPac2 MOAB is now 1..1 MB The reason : a very dramatic increase in attacks coming out of Russia, China, Pakistan, Poland, Iran, a...

mozerd

Based on many requests I have received via email the following is now in effect for MikroTik Community Forum participants From today [November 15, 2018] and until December 31, 2018 MikroTik users who contact me at mozerd@itexpertoncall.com and qualify by providing the prerequisite information can us...

mozerd

At this stage it would be interesting to find out if RouterOS would solve your problem ... Why don't you give it a try and see what happens? Very good question. Our company paid a lot for this products and they MUST work as advertised and we don't get paid for beta-testing by Mikrotik. I'm totally ...

mozerd

At least you have the options of using RouterOS. On my 260GS models its only SwOS :-((((((( emoji- crying, emoji - hitting myself in the head with a bat for buying them Will it solve our problems? RouterOS is good in CRS317 or it's hardware problem? At this stage it would be interesting to find out...

mozerd

Anyone? Mikrotik team ? I thought it was a support forum... Perhaps MikroTik Support will see your post and respond but I suggest that if you want quicker action contact Mikrotik Support via an emai and they will open a ticket and respond to your info. I do not currently use MikroTik switches so I ...

mozerd

UPDATE EFFECTIVE November 12, 2018 MOAB will also work on MikroTik Routers that do not incorporate USB memory storage. So for example MikroTik Routers models like the RB4011 using NAND flash memory will now work with MOAB or any MikroTik RouterBoard that utilize SSD storage will also be able to have...

mozerd

Why a Firewall and what about NAT ?

mozerd

I see some complaining about MS-CHAPv2 support in Winbox. We like the MS-CHAPv2 support for Winbox because it allows us to no longer have to store the passwords unencrypted on the authentication server, so I hope it is retained in some way. We do not wish to go back to regular CHAP in our case. Agr...

mozerd

The hacker, who goes by the name of Alexey and says he works as a server administrator, claims to have disinfected over 100,000 MikroTik routers already. https://www.zdnet.com/google-amp/article/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers/ Owners being angry at him should th...

mozerd

A FYI update All Free Trial slots have now all been taken up. The MOAB server is currently consuming 2.6 GB of bandwidth daily based on 441 participants. MOAB 1 for well provisioned Routers has grown in size to 1.8MB due to a fairly dramatic increase in criminal activity cumming out of Russia and I...

mozerd

A reminder for all MOAB users, EST is now in effect.

If you set your MikroTik router to some time server no adjustments needs to be done.

MOAB's default is based on the following

mozerd

they should not yes, but i have this issue and also they will be upper of dynamic rules in raw tab If you rules order has changed without your knowledge it means your system is compromised. I suggest that you NETINSTAL and start fresh. we have several ccr and all of them has same issue so its not r...

mozerd

they should not yes, but i have this issue and also they will be upper of dynamic rules in raw tab

If you rules order has changed without your knowledge it means your system is compromised. I suggest that you NETINSTAL and start fresh.

mozerd

Problem is SOLVED It seems that my MOAB blacklist and the RAW firewall rule was the issue. Deleted the rule and created the drop rule for the blacklist under IP Filter and that solved the VPN issue. Using RAW has significant implications -- some of which I obviously did not comprehend --very glad I ...

mozerd

So how do you know that the fault is with RouterOS 6.43.x and not with iOS 12? If you try a device with iOS 11 still on it, does it do the same thing? What happens if you try to use the VPN over Wi-Fi instead of over Rogers LTE? -- Nathan Very good questions @NathanA. I am trying to get my hands on...

mozerd

Do you have this network configured on your vlan interfaces? 2604:5580...? No . I have absoluteness no idea where this address is coming from and am very surprised by an ipv6 response to a ipv4 ping query - I have not had a ipv6 response to an ipv4 ping before. The NAS sits on VLAN10 and the NAS is...

mozerd

And where is your IPv6 config on routerboard? Thanks for looking @Anumrak. ipv6 config follows: # mar/15/2018 07:29:49 by RouterOS 6.42rc43 # software id = 1TLQ-B555 # # model = CCR1009-7G-1C-1S+ # serial number = noyb /ipv6 address add from-pool=rogers-ipv6 interface=vlan10 /ipv6 address add from-...

mozerd

Showing strange ping response from iPhone and IOS 12 ... and I have zero idea who that ipv6 address belongs to

mozerd

IPsec mode-config code follows: # oct/03/2018 08:35:40 by RouterOS 6.44beta14 # software id = 1TLQ-B555 # # model = CCR1009-7G-1C-1S+ # serial number = noyb /ip ipsec mode-config set [ find default=yes ] name=request-only responder=no add address-pool=ipsec-RW address-prefix-length=24 name=RW-cfg sp...

mozerd

Showing example ipv4 address BUT Host is in ipv6 address plus the IPv6 address shown is wrong.???

iphoneIPsec.jpg

mozerd

One year ago I configured my CCR1009 using IPsec using mode config. This VPN has been working flawlessly On my iPhone6 I have an app called File Explorer that I use to access my files residing on my NAS. This has been working very nicely for the longest time. Since using Firmware 6.43.2 my File Expl...

mozerd

Found a LOG problem with an IPv6 DHCP-CLIENT . The log says there was an error adding the dynamic prefix pool, but it actually is created correctly. Cosmetic problem? dhcp,error failed to add ipv6 pool MYPOOL: ok ..... ....... Yes, I have a similar issue:with the current release 6.43 dhcp,error fai...

mozerd

MikroTik support have confirmed that: All MikroTik devices with SFP+ ports can establish 1G and 10G link speeds. Only exception is S+RJ10 module which establishes 10G to the host device and can negotiate 10/100/1000/2.5G/5G/10G speed with its link partner. Unfortunately, none of current MikroTik pro...

mozerd

To add to my opening post my preferred conectivity method would be as follows: Key Information is : BELL's ONT/SFP syncs at 2.5G ....the transceiver is made by ALCATEL-LUCENT Use the CCR1072 and connect the Bell supplied patch cable and the GPON ONT SFP into one of the SFP+ ports on the MikroTik Rou...

mozerd

Does anyone know if the subject switch SFP+ port will SYNC at 2.5G? Recently I was asked to reconfigure a network for a client that is having Bell Canada FTTH 1.5G/940M service installed . Apparently BELL's ONT/SFP syncs at 2.5G for this service and I want to use MikroTik gear .... I do happen to kn...

mozerd

Can anyone from MikroTik provide ETA when the 4096 character file size limitation will be lifted?

Using Fetch and Scripting to add IP Address Lists

This file size limitation seems rather ridiculous in today's RouterOS gear.

mozerd

+1
I have been using wireguard on the Ubiquiti EdgeRouter-Lite and WOW in a site to site scenario -- amazing vpn performance.
I definitely would encourage MikroTik to take a very serious look at this.

mozerd

Absolutely great THREAD.-- Thanks to: @Jotne @sindy IMO, @k6ccc approach is the one that I would encourage most to follow -- in that way YOU are maximizing value and performance consistently. I use routers EXCLUSIVELY as routers and switches as switches. Each port of my routers is either a single LA...

mozerd

A FYI update All Free Trial slots have now all been taken up. The MOAB server is currently consuming 2.6 GB of bandwidth daily based on 441 participants. MOAB 1 for well provisioned Routers has grown in size to 1.8MB due to a fairly dramatic increase in criminal activity cumming out of Russia and Ir...

mozerd

For People wonderring whats coverred by MOAB as of August 16, 2018 --- following provides the deep breath of Scope MOAB1 (a) includes: bambenek_c2 dshield feodo fullbogons spamhaus_drop spamhaus_edrop sslbl zeus_badips ransomware_rw 6,453 subnets, 636,272,205 unique IPs Included for: memory constrai...

mozerd

You don't include any detail on how your blacklists are created or maintained, what the source sample is to determine which sites should be blacklisted, etc. So why exactly would someone decide to pay you $60/year for a service with no specifications of what the service is? Especially when there ar...

mozerd

Stupid question, why a RAW and Filter drop rule? Can't there be 1 rule in RAW which kills everything on the list? That question is answered in the prerequisites link which I will reproduce here for you with a little more detail. :D The Firewall rule for MOAB2 must be placed in IP Firewall Filter an...

mozerd

Couple of other things I noticed: Downloads are protected by HTTP-Auth, so your initial setting script contain username and password to access the data As I was worried earlier, the list is really distributed as RSC full of commands to add entries. This might be more optimized by distributing simpl...

mozerd

i am tried many ways to clear the user activity history.... but nothing found ?? if anyone knows the HOW TO CLEAR THE SYSTEM>HISTORY?

In terminal type
console clear-history

mozerd

FYI update -- I still have 7 slots open for the Free Trial Period that expires September 30, 2018 If you want to participate in the free trial then PLEASE review the MOAB prerequisites link and send me an email with the information requested. If you have any questions post them here. My email addres...

mozerd

@mozerd: 2) I see. If you ever get any benchmark (simple iperf test with {transmitter}--{device under test}---{receiver} layout would be great), let us know. Or - if you want - I am willing to do this and share my findings. I understand you offered free trial for local users. I am not really intere...

mozerd

1) Can you clear up a little bit how does user/owner of router handle security - i.e. limiting your RSC to not create new users, open ports etc? Downloading 3rd party RSC can cause unpredictable and serious issues as it can completely rule the device. If it is really just blacklist, you can distrib...

mozerd

A number of users have contacted me via email and requested that I make the prerequisites a little clearer to under stand. I now have done that so please check the link again. and thanks to ALL for the feedback. Updated Prerequisites

mozerd

As of today August 6, 2018 12 users have signed up for the free trial period that expires on September 30, 2018

So I have 8 remaing slots open.

If you have any Questions I will be happy to answer in THIS thread.

mozerd

The prerequisites for the MOAB service

mozerd

FYI, so far 8 users have subscribed to the Free Trial period that expires on September 30 2018, so only 12 spots still available.

mozerd

Pokornik, I am not able to respond to your request because your address has been identified as a spammer by sorbs.net

mozerd

I am launching a Blacklist service for MikroTik Routers called MOAB .-- the service costs US $60 per year and payable via PayPal. I am offering 20 users from the MikroTik community a chance to try out this service free of charge up to September 30, 2018 If you want to be part of this free trial peri...

mozerd

Your report is incorrect - it's NOT a BUG :). It's good, normal behaviour. 1. :len - returns not a "file size", but a "size of the variable". 2. /file find... - returns an ARRAY of POINTERS to files that match the "find" criteria. In your case /file find name=""... returns one pointer - so the leng...

mozerd

[brook@brookcity] > /file print # NAME TYPE SIZE CREATION-TIME 0 skins directory dec/31/1969 20:00:03 1 disk1 disk jan/01/1970 20:00:15 2 auto-before-reset.backup backup 11.7KiB jan/01/1970 20:07:05 3 pub directory feb/09/2018 17:31:42 4 disk2 disk may/13/2018 21:56:51 5 disk2/wsipdiff.txt .txt fil...

mozerd

When the road splits, they by default take the left one, because it's better or whatever. But you want them to use both, so a little before the split, you make a stand and give out cards with "left" and "right" written on them to those who you think should take specific way. Then at the split you p...

mozerd

That is the most ridiculous piece of advice I have heard today (I just woke up). If mikrotik wifi doesnt work with apple phones, I am returning all this junk!!! Android phones are a haven for malware and crap.................... ewwwww I feel infected just thinking of android phones. Lots of issues...

mozerd

if it senses a change Netwtch can issue the following directive that forces the Obi to re-register: /ip firewall connection remove where connection-type=sip or connection-type=sip2 @moserd, how exactly does the above force the OBi (or any other SIP CPE) to re-register? What that script command defi...

mozerd

There are two real world instances which I do not reguarly detect. One if the ISP was actually unavailable (rare). Two if the ISP changes my public WANIP (probably more often but I am not able to discern when this happens). My concern in the latter case is that the gateway I HAD TO manually enter i...

mozerd

I disagree I see no solution offered that is practical and would work for me. I am much better off going to the modem vendor, obihai and seeing if I can modify the reset timing built within the modem. Obi configs are completely open and you can change any parameter you wish too .... if you use ObiT...

mozerd

Wow 62 views and no comments and I know some of you knew better but not mentioning any cough cough (sindy, czfan) names. But the issue is amazingly described here in what I would call the post of the decade!! https://forum.mikrotik.com/posting.php?mode=reply&f=2&t=129048 The issue is resolved using...

mozerd

Hmm I will have to change routers and see. What if name was removed? Do I have to delete a rule and remake for it to function? This is all unwritten and not visible and thus a missing link in OS that needs cleaning up. good questions that I have no answers for. Your unbridled testing enthusiasm lea...

mozerd

Well you said that you created those rules under a different name ... so now change to that named account and see what happens

mozerd

Take ownership of the rules and see if that changes the behavior ..... i have not seen the behavior you describe so I cannot comment on why this may be happening.

mozerd

Turn scripting engin OFF /system logging disable 0 Turn scripting engin ON /system logging enable 0; If certain scripts get triggered prematurely then there could be a level of command confusion:-) so if a script is fired and another script gets also fired at the same time its possible that logging ...

mozerd

Confirm that in the rule you want to track you have log=yes

loging goes to nand by default .... loging goes to other like disk1 etc, based on how you’ve configured it

In winbox under system logging you can determine where it goes .... have a look

mozerd

Ok I have identified the CULPRIT ..... ITS the prefix / .... leaving that off seems to provide far better consistency
So name=disk2/ is the way to go ..... is that documented somewhere ???

mozerd

Following is some terminal test that show the inconsistent results -- in this case the value of diff is >0 [gate1@citybrook] > :if ([:len [/file find name=/disk2/diff.txt]] != 0) do={:put "system script run job5"} [gate1@citybrook] > :if ([:len [/file find name=/disk2/diff.txt]] >= 0) do={:put "syst...

mozerd

unfortunately over time the script does NOT perform consistently and I am hopeful that a MT guru can perhaps explain why . :if ([:len [/file find name=/disk2/diff.txt]] > 0) do={:system script run job5) Initial tests via terminal indicated that the script worked but after insertion into scheduler t...

mozerd

This seems to work. ..... no error in terminal .... will do some more testing when the value is greater than 0 :if ([:len [/file find name=/disk2/diff.txt]] > 0) do={:system script run job} Yes , I can confirm that this script works ..... excellent !!! Credit goes to @changeip for the idea in the fo...

mozerd

I want to run an update to my address list. The following code is the idea that tI would like to place in Scheduler to run a script: import os file_path = r"/disk2/adiff.txt" if os.stat(file_path).st_size > 0: /system script run this_script else: do nothing Anyone know how to code this so that it wo...

Search found 259 matches