Community discussions

MUM Europe 2020

Search found 17 matches

by harjeetv
Fri Dec 20, 2019 4:18 am
Forum: Beginner Basics
Topic: Hotspot bypass unreachable from other interface
Replies: 1
Views: 438

Re: Hotspot bypass unreachable from other interface

anyone ? can help in this ? someone must have gone through this issue.
by harjeetv
Fri Dec 20, 2019 4:15 am
Forum: Forwarding Protocols
Topic: Routing Issue : Redirect Host(New nexthop: Gateway IP)
Replies: 12
Views: 1321

Re: Routing Issue : Redirect Host(New nexthop: Gateway IP)

Sorry for the delayed response, was out of office. In real network, the server 192.168.0.11 is a Radius Server (Linux Machine) and 192.168.0.70 is a client which gets authenticated by the radius server.
by harjeetv
Sun Dec 15, 2019 1:12 pm
Forum: Forwarding Protocols
Topic: Routing Issue : Redirect Host(New nexthop: Gateway IP)
Replies: 12
Views: 1321

Re: Routing Issue : Redirect Host(New nexthop: Gateway IP)

The Server 192.168.0.11 is able to reach/connect Host 192.168.0.70 without any issues. But my concern is what changes shall i make to make the routing proper as this is just the scenario in the LAB. But don't wan't these things to happen when configured for the clients.
by harjeetv
Fri Dec 13, 2019 6:34 pm
Forum: Forwarding Protocols
Topic: Routing Issue : Redirect Host(New nexthop: Gateway IP)
Replies: 12
Views: 1321

Re: Routing Issue : Redirect Host(New nexthop: Gateway IP)

The host is linux and right now i am not near it. Accessing it from phone. Traceroute shows 3 hops
  • 192.168.0.1
  • 192.168.0.5
  • 192.168.0.70
by harjeetv
Fri Dec 13, 2019 6:13 pm
Forum: Forwarding Protocols
Topic: Routing Issue : Redirect Host(New nexthop: Gateway IP)
Replies: 12
Views: 1321

Re: Routing Issue : Redirect Host(New nexthop: Gateway IP)

These were public ip's, changed to private before posting. But the setup is routed like this. Thank you for the diagram. Are all of these ip addresses for real, or just example ones you're providing us with? The x.x.0.5 router should be routing a different ip scheme behind it like 192.168. 88 .0. Ot...
by harjeetv
Fri Dec 13, 2019 6:09 pm
Forum: Forwarding Protocols
Topic: Routing Issue : Redirect Host(New nexthop: Gateway IP)
Replies: 12
Views: 1321

Re: Routing Issue : Redirect Host(New nexthop: Gateway IP)

This clears the doubt. It would also be resulting in latency and unnecessary load. What should have been done for optimal route setting. As these were limited public ips (changed to private before posting), came up with this scheme. Although not good, but also learning with mistakes. Not really a dr...
by harjeetv
Fri Dec 13, 2019 5:33 pm
Forum: Forwarding Protocols
Topic: Routing Issue : Redirect Host(New nexthop: Gateway IP)
Replies: 12
Views: 1321

Routing Issue : Redirect Host(New nexthop: Gateway IP)

Hi, There seem to be some configuration / routing issue in our setup. Our setup is as follows: router --> switch --> router --> server/host network diagram.jpg Problem is when i try to ping from Server 192.168.0.11 to Host 192.168.0.70, i get the following ICMP response: # ping 192.168.0.70 PING 192...
by harjeetv
Fri Dec 13, 2019 5:22 am
Forum: Beginner Basics
Topic: Hotspot bypass unreachable from other interface
Replies: 1
Views: 438

Hotspot bypass unreachable from other interface

Hi, We have a setup like below (public IP's changed): Mikrotik 1 --> Switch --> Mikrotik 2 --> Clients Mikrotik 1 settings 1. IP Pool 192.168.0.1/28 configured on LAN 2. IP Pool 172.16.0.224/27 routed to Mikrotik 2 3. IP Pool 172.16.1.1/24 routed to Mikrotik 2 4. IP Pool 172.16.2.1/24 routed to Mikr...
by harjeetv
Sun Dec 01, 2019 6:14 am
Forum: Forwarding Protocols
Topic: icmp reply redirect host (new next hop [gatewayIP]
Replies: 5
Views: 11016

Re: icmp reply redirect host (new next hop [gatewayIP]

Sorry to bump an old thread, but i am also in the same situation. Can you please post the solution again as it is not available anymore.
by harjeetv
Sat Oct 12, 2019 6:43 pm
Forum: General
Topic: CCR1009-8G-1S-1S+ Hotspot High CPU Usage
Replies: 4
Views: 798

Re: CCR1009-8G-1S-1S+ Hotspot High CPU Usage

I had sorted the firewall rules, even removed all once to check if the CPU goes down, but there was not much change. Next i tried with CCR 1036 and the CPU was 15-20%. It seems that CCR 1009 can handle 750-850 Hotspot queues with CPU < 70% and no performance issues. Note: I had put a load of up to 1...
by harjeetv
Wed Oct 09, 2019 7:20 pm
Forum: General
Topic: CCR1009-8G-1S-1S+ Hotspot High CPU Usage
Replies: 4
Views: 798

Re: CCR1009-8G-1S-1S+ Hotspot High CPU Usage

Moved these rules to the top /ip firewall filter add action=drop chain=input comment="Drop Invalid connections" connection-state=invalid add action=accept chain=input comment="Allow Established connections" connection-state=established add action=accept chain=input comment="Accept Related connection...
by harjeetv
Wed Oct 09, 2019 6:52 pm
Forum: General
Topic: CCR1009-8G-1S-1S+ Hotspot High CPU Usage
Replies: 4
Views: 798

CCR1009-8G-1S-1S+ Hotspot High CPU Usage

Hi, Today i tried shifting clients from some other vendor NAS to ccr1009 with about 1200 users / 1G Traffic and the CPU went 100%. All it does is authentication + queue. NAT is done on other router behind this ccr1009. Queue process takes about 45%-50% CPU Firewall process takes about 25%-30% CPU Ne...
by harjeetv
Tue Oct 08, 2019 8:01 am
Forum: General
Topic: Hotspot allow addresslist and drop rest [SOLVED]
Replies: 6
Views: 918

Re: Hotspot allow addresslist and drop rest [SOLVED]

Great, didn't knew there was a regular(not bypass) option too, will test using this. Thanks

HI,

You can do it in IP>>Hotspot>IP-Binding.

In this section you can achieve your requirement.

let me know.!!

http://laxmidharnetworking.blogspot.com ... tspot.html
by harjeetv
Tue Oct 08, 2019 5:56 am
Forum: General
Topic: Hotspot allow addresslist and drop rest [SOLVED]
Replies: 6
Views: 918

Re: Hotspot allow addresslist and drop rest [SOLVED]

There must be a way. I don't want the Client IP's to pass through router and then reject with radius server. Instead i want to reject in the router interface itself.
by harjeetv
Mon Oct 07, 2019 2:51 pm
Forum: General
Topic: Hotspot allow addresslist and drop rest [SOLVED]
Replies: 6
Views: 918

Re: Hotspot allow addresslist and drop rest [SOLVED]

Try in mangle on prerouting chain...
/ip firewall mangle
add action=drop chain=prerouting in-interface=ether5 log=yes log-prefix="Dropped " src-address-list="!ether5 allowed ip"
But Firewall Mangle does not have action=drop
by harjeetv
Mon Oct 07, 2019 2:29 pm
Forum: General
Topic: Hotspot allow addresslist and drop rest [SOLVED]
Replies: 6
Views: 918

Hotspot allow addresslist and drop rest [SOLVED]

Hi, I have been trying to allow only certain ip pool for hotspot authentication and drop all other for single ethernet port. configuration is as follows: /ip firewall address-list add address=172.16.118.64/26 comment="Ether 5 Allowed Client IP's" list="ether5 allowed ip" /ip firewall filter (this ru...
by harjeetv
Tue Jan 23, 2018 3:55 pm
Forum: General
Topic: Mikrotik - Lan Routing
Replies: 0
Views: 234

Mikrotik - Lan Routing

Hi, I have been working on lan routes with 3 mikrotik CCR-1009 and a switch and i just got stuck in between. R1: Lan 192.168.0.1/28 connected to a switch /ip route add distance=1 dst-address=192.168.0.16/30 gateway=192.168.0.6 add distance=1 dst-address=192.168.0.20/30 gateway=192.168.0.7 R2: /ip ad...