Community discussions

Search found 5930 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 20
by mrz
Tue Oct 15, 2019 11:09 am
Forum: Scripting
Topic: dynamic=no doesn't work in /ip route
Replies: 4
Views: 270

Re: dynamic=no doesn't work in /ip route

Works with find too:
[admin@p3_450] /ip route> :put [find  where !dynamic]      
*2;*1
[admin@p3_450] /ip route> :put [find  where !static]        
*401691fd
by mrz
Mon Oct 14, 2019 6:36 pm
Forum: Scripting
Topic: dynamic=no doesn't work in /ip route
Replies: 4
Views: 270

Re: dynamic=no doesn't work in /ip route

When route is not dynamic then "dynamic" parameter is not set wich is not equal to "no" Correct way is [admin@p3_450] /ip route> print where dynamic Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibi...
by mrz
Mon Oct 14, 2019 6:32 pm
Forum: Forwarding Protocols
Topic: Static MPLS configuration
Replies: 4
Views: 1322

Re: Static MPLS configuration

For static LDP bindings to work, you also need static routes in routing table: [admin@p3_450] /mpls local-bindings> print Flags: X - disabled, A - advertised, D - dynamic, L - local-route, G - gateway-route, e - egress # DST-ADDRESS LABEL PEERS 0 G 10.255.0.0/24 1000 1 G 10.255.1.0/24 1113 [admin@p3...
by mrz
Fri Oct 11, 2019 12:24 pm
Forum: Forwarding Protocols
Topic: BGP bug report
Replies: 1
Views: 432

Re: BGP bug report

On the right upper corner is a search
viewtopic.php?f=14&t=146206&p=719583
by mrz
Wed Oct 09, 2019 12:22 pm
Forum: Scripting
Topic: Login API pear2/Net_RouterOS 6.45.x
Replies: 4
Views: 738

Re: Login API pear2/Net_RouterOS 6.45.x

I do not see a problem you just try new login method and fall back if you receive ret, as shown in the python example:
https://wiki.mikrotik.com/wiki/Manual:A ... ple_client

See "login" function
by mrz
Fri Oct 04, 2019 5:17 pm
Forum: General
Topic: Winbox - 64bits
Replies: 1
Views: 446

Re: Winbox - 64bits

by mrz
Fri Oct 04, 2019 1:46 pm
Forum: Forwarding Protocols
Topic: Filters for +500 prefixes
Replies: 9
Views: 1389

Re: Filters for +500 prefixes

Similar feature is currently in development.
by mrz
Fri Oct 04, 2019 11:51 am
Forum: RouterOS v7 BETA
Topic: adding fib to vrf failed with timeout
Replies: 3
Views: 1089

Re: adding fib to vrf failed with timeout

Thank you for the report, at this moment VRFs are not implemented. Adding table to the vrf will simply crash the route.
by mrz
Thu Oct 03, 2019 2:22 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 70615

Re: RB4011

If you see unclassified process, generate supout file and send it to support.
by mrz
Mon Sep 30, 2019 10:31 am
Forum: Forwarding Protocols
Topic: PPP & VRF bug? [SOLVED]
Replies: 3
Views: 664

Re: VRF bug? [SOLVED]

PPP is not fully VRF aware. Workaround is to change table with route filters or use scripts to add routes manually to correct VRF.
by mrz
Fri Sep 27, 2019 7:30 pm
Forum: RouterOS v7 BETA
Topic: Cannot set routing-mark or table for routing rule
Replies: 3
Views: 1082

Re: Cannot set routing-mark or table for routing rule

Config is changed in v7
/routing table
add fib name=xx vrf=main
/ip route
add dst-address=8.8.8.8^xx gateway=10.155.101.1@main
/ip route rule 
add dst-address=1.1.1.1 action=lookup table=xx
by mrz
Fri Sep 27, 2019 6:17 pm
Forum: RouterOS v7 BETA
Topic: RouterOS v7.0beta2 bug fund
Replies: 9
Views: 1901

Re: RouterOS v7.0beta2 bug fund

- IPv4 route marking/rules appears to be dead Routing mark is configured differently, first you add the table and only then you can add routes to the table or use it in routing rules. /routing table add fib name=xx vrf=main /ip route add dst-address=8.8.8.8^xx gateway=10.155.101.1@main /ip route ru...
by mrz
Fri Sep 27, 2019 4:36 pm
Forum: RouterOS v7 BETA
Topic: RouterOS v7.0beta2 bug fund
Replies: 9
Views: 1901

Re: RouterOS v7.0beta2 bug fund

There is not much new because most of the new features were backported already to v6.
If you see trivial small bugs, list them here anyway
by mrz
Tue Sep 17, 2019 10:21 am
Forum: Scripting
Topic: Is QuickSet available via the API?
Replies: 1
Views: 292

Re: Is QuickSet available via the API?

No.
by mrz
Mon Sep 16, 2019 11:11 am
Forum: Beginner Basics
Topic: RB4011iGS+5HacQ2HnD-IN remove default config
Replies: 2
Views: 439

Re: RB4011iGS+5HacQ2HnD-IN remove default config

not related to v7beta, moved to basics.
by mrz
Thu Sep 12, 2019 11:09 am
Forum: RouterOS v7 BETA
Topic: Should OSPF work?
Replies: 3
Views: 1235

Re: Should OSPF work?

To run ospfv3 use following settings:

/routing ospf
instance add name=instance_v3 version=3
area add name=backbone_v3 instance=instance_v3
interface add network=%ether1 area=backbone_v3

But OSPFv3 might not work, thee are problems with LS Updates
by mrz
Tue Sep 10, 2019 6:59 pm
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 154934

Re: RouterOS v7.0 beta1 - when?

Recursive nexthops in v7 works without any scripts.
by mrz
Fri Sep 06, 2019 4:22 pm
Forum: General
Topic: RouterOS v7.0beta1 (ARM)
Replies: 194
Views: 35930

Re: RouterOS v7.0beta1 (ARM)

BGP currently disabled, stay tuned.
by mrz
Mon Sep 02, 2019 10:55 am
Forum: Scripting
Topic: Decimals ?
Replies: 5
Views: 1824

Re: Decimals ?

Yes only integers. Anywhere where you see decimal representation is actually a string.
by mrz
Thu Aug 29, 2019 10:52 am
Forum: Scripting
Topic: Running script via API does not set global variable
Replies: 3
Views: 373

Re: Running script via API does not set global variable

does it work with dont-require-permissions=yes?
by mrz
Wed Aug 28, 2019 12:54 pm
Forum: General
Topic: Error Terminal command symbol - $
Replies: 4
Views: 617

Re: Error Terminal command symbol - $

$ is a special char and must be escaped:
https://wiki.mikrotik.com/wiki/Manual:S ... _Sequences
by mrz
Thu Aug 22, 2019 11:54 am
Forum: Forwarding Protocols
Topic: BGP and more specific routes.
Replies: 10
Views: 1025

Re: BGP and more specific routes.

I might be mistaken, but by looking at your config, looks like you set /22 on sfp interface, and then divide clients in two subnets, by assigning on client side /23 subnets? This will also cause packet drops.
by mrz
Thu Aug 22, 2019 9:56 am
Forum: Forwarding Protocols
Topic: BGP and more specific routes.
Replies: 10
Views: 1025

Re: BGP and more specific routes.

Using interface name as gateway is invalid setup on broadcast networks. You can use it only on point to point interfaces, otherwise you will get those "mysterious" packet drops.
by mrz
Thu Aug 22, 2019 9:53 am
Forum: Forwarding Protocols
Topic: route ospf error -> Discarding packet: locally originated
Replies: 24
Views: 28062

Re: route ospf error -> Discarding packet: locally originated

Do you have connection tracking enabled?
by mrz
Tue Aug 20, 2019 11:36 am
Forum: Forwarding Protocols
Topic: Multicast Routing
Replies: 1
Views: 447

Re: Multicast Routing

by mrz
Fri Aug 09, 2019 5:20 pm
Forum: General
Topic: Mac telnet problem after upgrade... wrong password
Replies: 4
Views: 753

Re: Mac telnet problem after upgrade... wrong password

see my post above.
You will not be able to connect from old ROS versions to 6.45.3
by mrz
Tue Aug 06, 2019 11:27 am
Forum: Announcements
Topic: v6.45.3 [stable] is released!
Replies: 90
Views: 25387

Re: v6.45.3 [stable] is released!

It will not include peer, if you upgraded from version where policy was set without peer.
If you set peer after upgrade or added policy already in v6.45.3 then it will be exported.
by mrz
Thu Aug 01, 2019 12:46 pm
Forum: Forwarding Protocols
Topic: default route via TE Tunnel and OSPF
Replies: 4
Views: 599

Re: default route via TE Tunnel and OSPF

Well yes, you could use other routing protocol that does not listen on interface. For example BGP and set lower distance than OSPF routes.

Or try to change nexthop in routing filter for OSPF routes, but this would reliably work only on external routes.
by mrz
Thu Aug 01, 2019 11:06 am
Forum: Forwarding Protocols
Topic: default route via TE Tunnel and OSPF
Replies: 4
Views: 599

Re: default route via TE Tunnel and OSPF

Probably easiest way is to simply run OSPF on TE interface.
by mrz
Mon Jul 29, 2019 10:38 am
Forum: Scripting
Topic: mass-enable all of my vlan using script
Replies: 7
Views: 848

Re: mass-enable all of my vlan using script

/interface vlan enable [find]
by mrz
Fri Jul 26, 2019 3:01 pm
Forum: Forwarding Protocols
Topic: Route selection - What am I missing? [SOLVED]
Replies: 3
Views: 704

Re: Route selection - What am I missing? [SOLVED]

Will not be changed in current implementation, but there are plans to redo this part in new implementation on which we are working right now.
by mrz
Fri Jul 26, 2019 11:24 am
Forum: Scripting
Topic: 6.43 change in login process and API libraries?
Replies: 16
Views: 3939

Re: 6.43 change in login process and API libraries?

The reason is new password storage. To keep md5 we would need to store password in plain text on the router, which is not what we want. Do you use tenet over unsecure networks? I think not, most likely you will chose ssh instead. With api is the same, consider unsecure api as telnet, and api over ss...
by mrz
Thu Jul 25, 2019 6:46 pm
Forum: Forwarding Protocols
Topic: Some OSPF commands not working on V6.45.2
Replies: 4
Views: 635

Re: Some OSPF commands not working on V6.45.2

v6 is multi instance OSPF. From the manual:
"Since v3.17 it is possible to run multiple OSPF instances. General OSPF configuration now is moved to instances."
and
"For multi instance OSPF you have to use following command: /routing ospf instance print status"
by mrz
Thu Jul 25, 2019 5:58 pm
Forum: Forwarding Protocols
Topic: Route selection - What am I missing? [SOLVED]
Replies: 3
Views: 704

Re: Route selection - What am I missing? [SOLVED]

How route selection is made in v6 you will not get other BGP route active because BGP does not trigger best path selection algorithm in this situation. Order is as follows: * BGP elects best route from all received BGP routes using best path selection algorithm. * BGP marks the route as candidate ro...
by mrz
Thu Jul 25, 2019 5:00 pm
Forum: Scripting
Topic: Built in function library
Replies: 55
Views: 13821

Re: Built in function library

and how exactly it is related to scripting functions?
by mrz
Thu Jul 25, 2019 2:15 pm
Forum: General
Topic: How add prefix From Bgp peer to address-list
Replies: 4
Views: 435

Re: How add prefix From Bgp peer to address-list

At the moment there is no direct way. You could write a script which adds prefixes to address list, but that may lead to extensive CPU usage if BGP table is very large.
by mrz
Wed Jul 24, 2019 12:35 pm
Forum: General
Topic: Mac telnet problem after upgrade... wrong password
Replies: 4
Views: 753

Re: Mac telnet problem after upgrade... wrong password

Mac telnet will not work if you try to telnet to device with installed older RouterOS (with old user store)
by mrz
Wed Jul 24, 2019 11:43 am
Forum: Scripting
Topic: 6.43 change in login process and API libraries?
Replies: 16
Views: 3939

Re: 6.43 change in login process and API libraries?

Where traffic can be easily sniffed by 3rd parties you should establish secure connection anyway.
by mrz
Mon Jul 22, 2019 4:06 pm
Forum: Scripting
Topic: Still getting old API '=ret' on 6.45.1 [SOLVED]
Replies: 5
Views: 893

Re: Still getting old API '=ret' on 6.45.1 [SOLVED]

I don't think that API is returning =ret, it looks more like a bug in that C code.
To verify what exactly RouterOS is sending back run a packet sniffer.
by mrz
Fri Jul 19, 2019 2:05 pm
Forum: Forwarding Protocols
Topic: Can't establish LDP session between two Mikrotik routers
Replies: 7
Views: 750

Re: Can't establish LDP session between two Mikrotik routers

As I mentioned in my previous post. If you are adding interfaces which are part of the bridge, then LDP interface should be "bridge", not a slave.
by mrz
Thu Jul 18, 2019 2:23 pm
Forum: General
Topic: how to display Password of PPPOE user from a Mikrotik router?
Replies: 5
Views: 522

Re: how to display Password of PPPOE user from a Mikrotik router?

This menu is not supposed to show any passwords. Go to "secrets" tab if users are authenticated locally.
by mrz
Thu Jul 18, 2019 1:46 pm
Forum: Announcements
Topic: v6.46beta [testing] is released!
Replies: 107
Views: 39610

Re: v6.46beta [testing] is released!

And why it is wrong? Nexthop is the relay so MAC should be fro the relay. By the way adding ARP in relay setups is useless, since clients are not in the same broadcast domain.
by mrz
Thu Jul 18, 2019 1:40 pm
Forum: Forwarding Protocols
Topic: Can't establish LDP session between two Mikrotik routers
Replies: 7
Views: 750

Re: Can't establish LDP session between two Mikrotik routers

LDP interface configuration is invalid. Are those interfaces slaves? if yes then you need to add master.
by mrz
Wed Jul 17, 2019 2:30 pm
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 154934

Re: RouterOS v7.0 beta1 - when?

Will not run, you need one core per pixel.
by mrz
Mon Jul 15, 2019 3:59 pm
Forum: General
Topic: Loging not working with multiple topics?
Replies: 9
Views: 966

Re: Loging not working with multiple topics?

As I mentioned log message with topic "error AND warning AND info" does not exist in real world.
Just look at your log messages and see how topics are used, then you will understand.
by mrz
Mon Jul 15, 2019 3:34 pm
Forum: Forwarding Protocols
Topic: OSPF state changes on long Ethernet POE leads
Replies: 2
Views: 417

Re: OSPF state changes on long Ethernet POE leads

First you need to find out the reason for state changes. Is it a link flap?
by mrz
Mon Jul 15, 2019 3:04 pm
Forum: General
Topic: Loging not working with multiple topics?
Replies: 9
Views: 966

Re: Loging not working with multiple topics?

Not outdated, I do not see example with topics="error,warning,info"
/system logging add topics=ntp,debug,!packet
This is completely different of what you have configured.

Example in wiki will log all log entries with topics ntp AND debug AND NOT packet, in short NTP debug packets.
by mrz
Fri Jul 12, 2019 11:44 am
Forum: General
Topic: Loging not working with multiple topics?
Replies: 9
Views: 966

Re: Loging not working with multiple topics?

Not outdated, I do not see example with topics="error,warning,info"
by mrz
Thu Jul 11, 2019 5:42 pm
Forum: Scripting
Topic: bypass script errors/wrong commands
Replies: 15
Views: 1142

Re: bypass script errors/wrong commands

Most likely interface doe snot exist yet when you execute script at startup.
Add delay or loop that waits until interfaces appear.
by mrz
Thu Jul 11, 2019 1:20 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 70036

Re: v6.45.1 [stable] is released!

Anyone who had problems with OSPF (/routing ospf lsa print triggers busy loop) in this version please try 6.46beta9 if possible.
by mrz
Thu Jul 11, 2019 10:18 am
Forum: Scripting
Topic: bypass script errors/wrong commands
Replies: 15
Views: 1142

Re: bypass script errors/wrong commands

Basic example:
:global setPoe [:parse ":put \"set poe settings here\"!"];
:if ($poeExist = 1) do={
  $setPoe;
}
by mrz
Wed Jul 10, 2019 2:50 pm
Forum: Scripting
Topic: bypass script errors/wrong commands
Replies: 15
Views: 1142

Re: bypass script errors/wrong commands

It is a syntax error if parameter does not exist, and you cannot catch these errors at runtime.
One way is to use "parse" command to execute command line based on parameters, which check if poe should exist on this router.
by mrz
Wed Jul 10, 2019 12:31 pm
Forum: General
Topic: VRF route mark question
Replies: 1
Views: 206

Re: VRF route mark question

Routing mark names are local to your router, other devices in the network do not see VRF names.
by mrz
Tue Jul 09, 2019 3:43 pm
Forum: Beginner Basics
Topic: DHCP option by rule [SOLVED]
Replies: 4
Views: 556

Re: DHCP option by rule [SOLVED]

Or use vendor class id to give specific option sets based on ID client is sending.
by mrz
Tue Jul 09, 2019 12:54 pm
Forum: Beginner Basics
Topic: IPSec features in default configuration
Replies: 4
Views: 470

Re: IPSec features in default configuration

ipsec-policy=out,none menas that rule will NAT only those connections that are not matched by any ipsec policy.
by mrz
Tue Jul 09, 2019 10:44 am
Forum: General
Topic: Loging not working with multiple topics?
Replies: 9
Views: 966

Re: Loging not working with multiple topics?

logging expects that log entry will have all three of those topics. I have never seen log entry with topics, for example "info,warning,error,firewall" .
Logic is "info and warning and error"

If you want to log all three occurrences, then you need to add three separate rules.
by mrz
Mon Jul 08, 2019 7:02 pm
Forum: General
Topic: DNS wiki example not work. Why?
Replies: 3
Views: 297

Re: DNS wiki example not work. Why?

instead of "name" use "regexp" if you are adding regexp.
by mrz
Mon Jul 08, 2019 2:07 pm
Forum: RouterBOARD hardware
Topic: RB4011: wlan1 disabling itself
Replies: 260
Views: 33828

Re: RB4011: wlan1 disabling itself

Is your IPTV multicast or unicast?
by mrz
Mon Jul 08, 2019 10:57 am
Forum: Beginner Basics
Topic: /ip firewall NAT on bridge with use-ip-firewall not working
Replies: 4
Views: 464

Re: /ip firewall NAT on bridge with use-ip-firewall not working

If there is no IP address on an interface, then NAT cannot translate.
by mrz
Mon Jul 08, 2019 10:53 am
Forum: Beginner Basics
Topic: DHCPv6-client
Replies: 1
Views: 212

Re: DHCPv6-client

Are you sure that there is a DHCP server? Most likely provider is giving out stateless address and you do not need dhcp client to receive this address.
See description here:
https://wiki.mikrotik.com/wiki/Manual:I ... figuration
by mrz
Mon Jul 08, 2019 10:31 am
Forum: Beginner Basics
Topic: IPSec features in default configuration
Replies: 4
Views: 470

Re: IPSec features in default configuration

1. What ipsec-policy parameter do is described in the firewall manual: https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Filter#Properties 2. Now that you know what ipsec-policy means, read here why packets matching ipsec policy must not be NATed https://wiki.mikrotik.com/wiki/Manual:IP/IPsec#NAT_an...
by mrz
Mon Jul 08, 2019 10:18 am
Forum: Forwarding Protocols
Topic: DHCP relay over OSPF!!
Replies: 1
Views: 332

Re: DHCP relay over OSPF!!

It doesn't matter OSPF or static routing, as long as relay can reach the server.
by mrz
Fri Jul 05, 2019 6:26 pm
Forum: General
Topic: IPsec peer identity verification when using IKEv2 with RSA authentication
Replies: 1
Views: 246

Re: IPsec peer identity verification when using IKEv2 with RSA authentication

It verifies that client cert is signed by the same chain. There is no need to have client cert on the server.
by mrz
Thu Jul 04, 2019 1:13 pm
Forum: Announcements
Topic: Winbox v3.19 released!
Replies: 33
Views: 7096

Re: Winbox v3.19 released!

- drag and drop for me work only with direction from the desktop environment to the "wine winbox". The opposite direction (from winbox to the kde/xfce) not work for me. Try to copy files while logged using ip address, not mac address.
Right click on the file and choose "Download", problem solved.
by mrz
Thu Jul 04, 2019 1:02 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 70036

Re: v6.45.1 [stable] is released!

@arsalansiddiqui you need to fix your API wrapper so that login parameters are sent as described in the wiki.
Here is another topic
viewtopic.php?f=9&t=136475
by mrz
Wed Jul 03, 2019 12:18 pm
Forum: General
Topic: Block .exe from local network
Replies: 5
Views: 381

Re: Block .exe from local network

Proxy can be used to deny access to specific file types.
by mrz
Tue Jul 02, 2019 4:54 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 70036

Re: v6.45.1 [stable] is released!

In terms of connection tracking there will be always the one that initiates/creates (call it whatever you like) new connection. If remote device trying to initiate connection it should not be accepted by "establish/related" rule because connection does not exist yet. That is what happened before the...
by mrz
Tue Jul 02, 2019 4:12 pm
Forum: General
Topic: Packet sniffer size limit
Replies: 2
Views: 336

Re: Packet sniffer size limit

Limit is 10..4294967295 KiB
by mrz
Tue Jul 02, 2019 4:11 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 70036

Re: v6.45.1 [stable] is released!

As far as I understand you are trying to configure server. Server requires RADIUS server with EAP support. Locally on the router it is not supported.
by mrz
Tue Jul 02, 2019 3:57 pm
Forum: General
Topic: NordVpn and mikrotik?
Replies: 22
Views: 4166

Re: NordVpn and mikrotik?

Probably can be updated with a script if assigned IP has changed.
by mrz
Tue Jul 02, 2019 1:10 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 70036

Re: v6.45.1 [stable] is released!

It is wrong if initiator is remote router.
by mrz
Tue Jul 02, 2019 1:03 pm
Forum: General
Topic: Mikrotik API
Replies: 1
Views: 415

Re: Mikrotik API

Make sure you are using correct authentication method:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
by mrz
Tue Jul 02, 2019 1:01 pm
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 154934

Re: RouterOS v7.0 beta1 - when?

Right ... 5.1.11 released 17 Jun 2019 ...
by mrz
Tue Jul 02, 2019 12:50 pm
Forum: General
Topic: ROUTEROS V6 RC AND V7 BETA
Replies: 3
Views: 1032

Re: ROUTEROS V6 RC AND V7 BETA

No, FRR will not be integrated. We already working on new routing code that will outperform FRR in certain scenarios.
by mrz
Tue Jul 02, 2019 12:48 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 70036

Re: v6.45.1 [stable] is released!

!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator; Since this is "as initiator," can I assume this isn't supported for running as a roadwarrior config? If so, when is support for that coming, if at all? Road warrior client is always an i...
by mrz
Tue Jul 02, 2019 12:46 pm
Forum: Scripting
Topic: Mikrotik API call not working [SOLVED]
Replies: 24
Views: 3589

Re: Mikrotik API call not working [SOLVED]

I didn't trying to hype on that, but I strongly believe that another important notice about old-style API authentication deprecation starts with this release will be very pleased for many MikroTik users.
Thank you.
We will add note regarding API, too.
by mrz
Tue Jul 02, 2019 12:44 pm
Forum: Forwarding Protocols
Topic: BGP load-balance per-packet
Replies: 3
Views: 615

Re: BGP load-balance per-packet

True ECMP for BGP is currently unsupported, but if for example two links point to the same remote router, where you want to run BGP, then you can set up single multihop peer over ECMP.
See example here:
https://wiki.mikrotik.com/wiki/Manual:B ... interfaces
by mrz
Mon Jul 01, 2019 2:52 pm
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 154934

Re: RouterOS v7.0 beta1 - when?

If you are talking about SACK panic, then all Linux version starting from 2.6.29 are affected.
by mrz
Mon Jul 01, 2019 2:06 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 70036

Re: v6.45.1 [stable] is released!

What winbox version?
by mrz
Mon Jul 01, 2019 2:02 pm
Forum: Scripting
Topic: Mikrotik API call not working [SOLVED]
Replies: 24
Views: 3589

Re: Mikrotik API call not working [SOLVED]

Not true. See how it is done in our api example client:
https://wiki.mikrotik.com/wiki/Manual:A ... ple_client
by mrz
Mon Jul 01, 2019 1:06 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 70036

Re: v6.45.1 [stable] is released!

That is an option for RouterOS OVPN clients, for which this exact change apply. It has nothing to do with non-RouterOS OVPN client.
by mrz
Mon Jul 01, 2019 1:04 pm
Forum: Scripting
Topic: Mikrotik API call not working [SOLVED]
Replies: 24
Views: 3589

Re: Mikrotik API call not working [SOLVED]

Important note!!!
Due to removal of compatibility with old version passwords in this version...
...
!) user - removed insecure password storage;
...
by mrz
Mon Jul 01, 2019 1:00 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 70036

Re: v6.45.1 [stable] is released!

@roe1974 Simple:
verify-server-certificate=yes
by mrz
Mon Jul 01, 2019 12:54 pm
Forum: Scripting
Topic: Mikrotik API call not working [SOLVED]
Replies: 24
Views: 3589

Re: Mikrotik API call not working [SOLVED]

There is already important note due to removal of compatibility with old version passwords.
Third party software should have been fixed long time ago ,new authentication method was introduced back in May 2018.
by mrz
Mon Jul 01, 2019 12:27 pm
Forum: Scripting
Topic: Mikrotik API call not working [SOLVED]
Replies: 24
Views: 3589

Re: Mikrotik API call not working [SOLVED]

Yes, make sure you are using new authentication method.
by mrz
Mon Jul 01, 2019 9:58 am
Forum: Scripting
Topic: Mikrotik API call not working [SOLVED]
Replies: 24
Views: 3589

Re: Mikrotik API call not working [SOLVED]

Make sure your PHP code is using new authentication method:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
by mrz
Thu Jun 27, 2019 12:49 pm
Forum: Forwarding Protocols
Topic: OSPF Linux MikroTik
Replies: 4
Views: 960

Re: OSPF Linux MikroTik

NBMA should work if multicast is blocked. It is possible that provider is blocking not multicast, but OSPF.
by mrz
Fri Jun 21, 2019 4:40 pm
Forum: Scripting
Topic: Bug in script variables?
Replies: 7
Views: 556

Re: Bug in script variables?

Problem looks to be specific to your router: [admin@3C22-atombumba] > /ip dhcp-server lease print count-only where server~"DHCP-Pool-vlan1-Home" 18 [admin@3C22-atombumba] > /ip dhcp-server lease print count-only where server~"vlan1-Home" 18 [admin@3C22-atombumba] > /ip dhcp-server lease print count-...
by mrz
Fri Jun 21, 2019 4:34 pm
Forum: General
Topic: AccessPoint Router test video series - English subtitles
Replies: 4
Views: 448

Re: AccessPoint Router test video series - English subtitles

IPSEC results seems a bit off on all routers. What config you are using?
by mrz
Mon Jun 17, 2019 1:27 pm
Forum: General
Topic: DHCPv6 op 79 - Client Link-Layer Address Option
Replies: 2
Views: 316

Re: DHCPv6 op 79 - Client Link-Layer Address Option

Options looks useful and not very hard to implement.
by mrz
Fri Jun 14, 2019 1:22 pm
Forum: Scripting
Topic: :tobool not working as expected
Replies: 4
Views: 537

Re: :tobool not working as expected

Currently :tobool does not work at all. If you could list all values that you would like to convert then we can try to implement it.
by mrz
Fri Jun 14, 2019 12:43 pm
Forum: General
Topic: Feature request: Append values to configuration
Replies: 9
Views: 1474

Re: Feature request: Append values to configuration

Works for me, if in your script you try to add new interface to the VRF right after it is created, then make sure that you add some delay or check if interface exist. Interface may not appear right away if CPU has some load.
by mrz
Thu Jun 13, 2019 10:57 am
Forum: General
Topic: Feature request: Append values to configuration
Replies: 9
Views: 1474

Re: Feature request: Append values to configuration

Post /ip route vrf print output
by mrz
Wed Jun 12, 2019 10:10 am
Forum: General
Topic: Feature request: Append values to configuration
Replies: 9
Views: 1474

Re: Feature request: Append values to configuration

One of the interfaces you are trying to add does not exist, so you get an error.
by mrz
Tue Jun 11, 2019 5:05 pm
Forum: Forwarding Protocols
Topic: ❗️❓ UNSTABLE VPLS on Wireless networks
Replies: 13
Views: 1177

Re: ❗️❓ UNSTABLE VPLS on Wireless networks

Agree, check OSPF stability over particular wireless link.
by mrz
Mon Jun 10, 2019 2:44 pm
Forum: Scripting
Topic: how to get .id via python
Replies: 5
Views: 548

Re: how to get .id via python

thanks for your reply but I not looking for OID but rather .id test = api(cmd='/ip/firewall/address-list/print') id = api(cmd='/=.proplist=.id') brings: librouteros.exceptions.MultiTrapError: no such command or directory (=.proplist=.id), no such command Most likely you are doing message encoding w...
by mrz
Mon Jun 10, 2019 11:52 am
Forum: Scripting
Topic: how to get .id via python
Replies: 5
Views: 548

Re: how to get .id via python

To get only specific parameter via API use proplist, wiki has all the info you need:
https://wiki.mikrotik.com/wiki/Manual:A ... escription
And here is example:
https://wiki.mikrotik.com/wiki/Manual:API#OID
by mrz
Fri Jun 07, 2019 9:49 am
Forum: Forwarding Protocols
Topic: main diffrence between weight & local pref?
Replies: 5
Views: 615

Re: main diffrence between weight & local pref?

Maybe only with scripts.
by mrz
Thu Jun 06, 2019 5:22 pm
Forum: Forwarding Protocols
Topic: main diffrence between weight & local pref?
Replies: 5
Views: 615

Re: main diffrence between weight & local pref?

I do not think that cause of such a different performance is caused just by changing whether you set weight or pref-src. There is no significant difference between both in terms of performance. Total time can be affected which peer starts to load routes first and if these routes will be best routes ...
by mrz
Thu Jun 06, 2019 3:45 pm
Forum: Forwarding Protocols
Topic: main diffrence between weight & local pref?
Replies: 5
Views: 615

Re: main diffrence between weight & local pref?

The main difference is that local-pref can be advertised to remote peers, weight cannot. If you want to control selection only locally on single router then use weight.
Regarding performance I doubt that you will notice few second difference on total amount of time needed to process 4M routes.
by mrz
Wed Jun 05, 2019 11:24 am
Forum: General
Topic: Feature request: full crypto speedup for MT7621 chipset (e.g. hEX S)
Replies: 9
Views: 1103

Re: Feature request: full crypto speedup for MT7621 chipset (e.g. hEX S)

Currently there is specific reason for this. maybe in the future you will see HW encryption not only for IpSec.
by mrz
Wed Jun 05, 2019 11:20 am
Forum: Forwarding Protocols
Topic: route ospf error -> Discarding packet: locally originated
Replies: 24
Views: 28062

Re: route ospf error -> Discarding packet: locally originated

MT is saying it is not a problem of OSPF. Packet is sent back to the router by some device. Loop, switch is between is leaking vlan packets from other vlans, etc, etc... OSPF is just processing packets that it receives.
by mrz
Tue Jun 04, 2019 4:59 pm
Forum: Forwarding Protocols
Topic: How to Copy dynamic Route to another route table
Replies: 6
Views: 1592

Re: How to Copy dynamic Route to another route table

You can use VRFs to install to specific table and advertised from it.
by mrz
Tue Jun 04, 2019 4:57 pm
Forum: Forwarding Protocols
Topic: Mikrotik BGP Advertising Issue
Replies: 4
Views: 674

Re: Mikrotik BGP Advertising Issue

Advertisements menu shows only prefixes that are advertised to remote peers, not the ones received.
by mrz
Tue Jun 04, 2019 3:14 pm
Forum: General
Topic: prerouting download
Replies: 2
Views: 221

Re: prerouting download

Because typically you do not want to shape traffic, which destination is router itself, together with traffic to the local network. If you mark in forward or post routing it will ensure that you will not catch any input traffic.
by mrz
Fri May 17, 2019 5:12 pm
Forum: General
Topic: SSTP + Win7 + Self signed cert.
Replies: 6
Views: 419

Re: SSTP + Win7 + Self signed cert.

Windows client does not use client certificate. Only server side verification is happening.
by mrz
Tue May 14, 2019 11:56 am
Forum: Scripting
Topic: Built in function library
Replies: 55
Views: 13821

Re: Built in function library

You can replace any symbol in your application.
by mrz
Mon May 13, 2019 4:15 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 71366

Re: v6.45beta [testing] is released!

It does not depend on specific number. You can consider large as 10k+
by mrz
Thu May 09, 2019 10:52 am
Forum: Forwarding Protocols
Topic: RIP with multiple VRFs, multiple default gateways with different routing marks
Replies: 2
Views: 461

Re: RIP with multiple VRFs, multiple default gateways with different routing marks

You can't currently RIP works only with main table.
You should consider other routing protocol that is capable of running in other routing tables (OSPF, BGP)
by mrz
Thu May 02, 2019 4:53 pm
Forum: Scripting
Topic: Mikrotik API Integration via RAW TCP CLIENT Need help
Replies: 3
Views: 363

Re: Mikrotik API Integration via RAW TCP CLIENT Need help

No, example as per API documentation uses post 6.43 login method by default * on first attempt sends /login =name=xxx =password=yyy * if it returns !trap exit * if it returns "=ret", then fall back to pre 6.43 login method you can see this in "login" function. def login(self, username, pwd): for rep...
by mrz
Thu May 02, 2019 4:39 pm
Forum: General
Topic: Dynamic address lists security hole
Replies: 5
Views: 472

Re: Dynamic address lists security hole

Generate a supout file at the time when you have added dynamic 0.0.0.0/0 entry and send it to support.
by mrz
Thu May 02, 2019 3:15 pm
Forum: Scripting
Topic: Mikrotik API Integration via RAW TCP CLIENT Need help
Replies: 3
Views: 363

Re: Mikrotik API Integration via RAW TCP CLIENT Need help

There is a python example client that works with both pre and post 6.43 versions.

Look at the code, it will show exactly what you need to do
https://wiki.mikrotik.com/wiki/Manual:A ... ple_client
by mrz
Thu May 02, 2019 3:12 pm
Forum: Forwarding Protocols
Topic: [srcnat] strange entry = "!1000,32"
Replies: 2
Views: 537

Re: [srcnat] strange entry = "!1000,32"

This will match first 1000 connections per destination.
by mrz
Thu May 02, 2019 10:41 am
Forum: Forwarding Protocols
Topic: Mikrotik ECMP - how nexthop is calculated? Hashing?
Replies: 2
Views: 511

Re: Mikrotik ECMP - how nexthop is calculated? Hashing?

It uses hashing: Source Address, Destination Address, Protocol, Source Port, Destination Port

That is if you are talking about IPv4
by mrz
Thu May 02, 2019 10:28 am
Forum: General
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 250
Views: 90762

Re: Feature Request: OpenVPN [ovpn] udp tunnels

You must be from alternate future.
by mrz
Thu Apr 18, 2019 2:21 pm
Forum: Forwarding Protocols
Topic: OSPF type 0x09 error
Replies: 6
Views: 2199

Re: OSPF type 0x09 error

*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;

viewtopic.php?f=21&t=146087&p=727144#p727144
by mrz
Fri Apr 12, 2019 2:48 pm
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 40120

Re: UKNOF 43 CVE

Anyone who still had problems with small RAMs -> viewtopic.php?f=21&t=146087&p=726299#p726296
by mrz
Thu Apr 11, 2019 9:50 am
Forum: General
Topic: v6 RC and v7 BETA
Replies: 126
Views: 24488

Re: v6 RC and v7 BETA

Please clarify what is "proper IKEv2/IPSEC"?
by mrz
Mon Apr 08, 2019 1:17 pm
Forum: General
Topic: mikrotik scp/sftp client to transfer file between MT
Replies: 13
Views: 9578

Re: mikrotik scp/sftp client to transfer file between MT

mode option is deprecated, left for compatibility with older scripts.
Use url=sftp://
by mrz
Mon Apr 08, 2019 1:15 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 71366

Re: v6.45beta [testing] is released!

@eworm with url=sftp://xxx.xx/
by mrz
Fri Apr 05, 2019 11:31 am
Forum: General
Topic: IPV6 passthrough rules
Replies: 14
Views: 1721

Re: IPV6 passthrough rules

It is not going to work properly on RouterOS if you add addresses on different interfaces from the same subnet. The same applies to ipv4, too.
So in summary setup shown in Asus System Logs i snot possible on RouterOS.
by mrz
Thu Apr 04, 2019 5:21 pm
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 40120

Re: UKNOF 43 CVE

It is an upgrade problem because of no free space on the router, not related to this thread at all.
by mrz
Thu Apr 04, 2019 5:14 pm
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 40120

Re: UKNOF 43 CVE

Completely unrelated to the topic.
by mrz
Thu Apr 04, 2019 5:07 pm
Forum: General
Topic: IPV6 passthrough rules
Replies: 14
Views: 1721

Re: IPV6 passthrough rules

Ok then it is important to know what kind of configuration you had on Asus, by looking at asus config they allow you to choose between: native tunnel and static if it is native then you also have options to use dhcp-pd or static. All of this can be translated to routeros configuration if you know ex...
by mrz
Thu Apr 04, 2019 2:24 pm
Forum: General
Topic: IPV6 passthrough rules
Replies: 14
Views: 1721

Re: IPV6 passthrough rules

Passthrough most likely means that you need to bridge WAN and LAN port, so that client can directly get the address from provider.
What was the original config on the Asus router?
by mrz
Mon Apr 01, 2019 10:25 am
Forum: General
Topic: VPLS features
Replies: 2
Views: 532

Re: VPLS features

And please add MTU > 1500 for BGP VPLS
Already possible with pw-mtu
by mrz
Fri Mar 29, 2019 4:56 pm
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 40120

Re: UKNOF 43 CVE

It should be enough to limit on edge router, since it already limits to 2 new connections every second, unless routers further along the path have less than 100MB free ram, then probably you will need to limit even more on that specific router.
by mrz
Thu Mar 28, 2019 3:22 pm
Forum: General
Topic: Mikrotik: Change the default Powerbox config!
Replies: 16
Views: 1489

Re: Mikrotik: Change the default Powerbox config!

Power box is the same RB750P, so they share the same configuration. Since there were not a lot of complains, this configuration is being kept.
by mrz
Thu Mar 28, 2019 2:36 pm
Forum: General
Topic: Mikrotik: Change the default Powerbox config!
Replies: 16
Views: 1489

Re: Mikrotik: Change the default Powerbox config!

There is always possibility to set your own default config before putting it in the tower.
by mrz
Thu Mar 21, 2019 2:39 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 71366

Re: v6.45beta [testing] is released!

You can specify DHCP option set per DHCP network.
by mrz
Tue Mar 19, 2019 6:26 pm
Forum: Forwarding Protocols
Topic: Bgp filter for vpnv4 routes?
Replies: 3
Views: 461

Re: Bgp filter for vpnv4 routes?

Unfortunately no, you can match only RT.
by mrz
Tue Mar 19, 2019 12:30 pm
Forum: Forwarding Protocols
Topic: Bgp filter for vpnv4 routes?
Replies: 3
Views: 461

Re: Bgp filter for vpnv4 routes?

Add in/out filter chain in BGP VRF instance configuration and then on those chains you will be able to match by prefix.
by mrz
Mon Mar 18, 2019 2:28 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 71366

Re: v6.45beta [testing] is released!

In what scenario? If it's road warrior (typical when src is unknown or when src has dynamic IP) then policies should be already auto generated.
by mrz
Thu Mar 14, 2019 4:59 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 71366

Re: v6.45beta [testing] is released!

IKE2 rfc states the use of RSA.
What would be the client devices that support EC? Why exactly you need this?
by mrz
Thu Mar 14, 2019 2:54 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 71366

Re: v6.45beta [testing] is released!

EC certificates can be used only for www services. Ipsec does not support them.
by mrz
Thu Mar 14, 2019 10:01 am
Forum: Announcements
Topic: Statement on Vault 7 document release
Replies: 92
Views: 45633

Re: Statement on Vault 7 document release

upgrade ≠ reset configuration

On upgrade system files are replaced with new ones.
by mrz
Wed Mar 13, 2019 5:36 pm
Forum: Announcements
Topic: Statement on Vault 7 document release
Replies: 92
Views: 45633

Re: Statement on Vault 7 document release

I think there is a lot of confusion what "reset configuration" do, this command wipes all '''configuration''' and thats it. It does not rely on script that you are talking about. "Reset configuration" also has nothing to do with clearing linux file system, it is called "reset configuration" for a re...
by mrz
Wed Mar 13, 2019 3:54 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 71366

Re: v6.45beta [testing] is released!

check/ip dhcp-server vendor-class-id menu
by mrz
Tue Mar 12, 2019 5:36 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 71366

Re: v6.45beta [testing] is released!

@buset1974 not in v6
by mrz
Tue Mar 12, 2019 5:33 pm
Forum: Forwarding Protocols
Topic: nexthop unreachable via iBGP
Replies: 1
Views: 321

Re: nexthop unreachable via iBGP

Yes, that is correct, you need to run IGP inside your AS.
For simpler setups you could also use nexthop-choice=force-self in bgp peer settings.
by mrz
Mon Mar 11, 2019 9:17 am
Forum: Forwarding Protocols
Topic: PPTP problem - empty winbox [SOLVED]
Replies: 7
Views: 980

Re: PPTP problem - empty winbox [SOLVED]

MTU issue, set up mangle rules to reduce TCP MSS.
by mrz
Thu Mar 07, 2019 5:30 pm
Forum: Forwarding Protocols
Topic: BUG - 4-byte ASN and BGP Communities on Route Filters
Replies: 3
Views: 542

Re: BUG - 4-byte ASN and BGP Communities on Route Filters

RFC states community attribute length
https://tools.ietf.org/html/rfc1997

Upstream peer cannot use Community attribute for what you described. Either they are using large community attribute or different method.
by mrz
Thu Mar 07, 2019 4:31 pm
Forum: Forwarding Protocols
Topic: BUG - 4-byte ASN and BGP Communities on Route Filters
Replies: 3
Views: 542

Re: BUG - 4-byte ASN and BGP Communities on Route Filters

BGP community attribute is limited to 4bytes in total by the standard. Different parameter is needed, for example large BGP community,which you currently cannot set. It is planned to add in the future, but I cannot tell when exactly. BTW community is administrative value, it does not mean that commu...
by mrz
Thu Mar 07, 2019 2:02 pm
Forum: General
Topic: BUG – v.6.44 on ARM boxes RB3011 is losing IPSEC configuration
Replies: 7
Views: 829

Re: BUG – v.6.44 on ARM boxes RB3011 is losing IPSEC configuration

It is not the system files but configuration.
by mrz
Tue Mar 05, 2019 5:06 pm
Forum: Scripting
Topic: POST Request with fetch
Replies: 69
Views: 28106

Re: POST Request with fetch

http-header-field="Content-Type: application/json"
by mrz
Tue Mar 05, 2019 3:27 pm
Forum: Forwarding Protocols
Topic: EoIPv6 Tunnel flapping when used to route full BGP feed
Replies: 4
Views: 418

Re: EoIPv6 Tunnel flapping when used to route full BGP feed

dst=n:n:n:67::1 you should know the gateway to your ISP. It is impossible to guess from your provided config.
by mrz
Tue Mar 05, 2019 12:10 pm
Forum: General
Topic: About NULL in Layer7
Replies: 5
Views: 1101

Re: About NULL in Layer7

Unfortunately current regexp engine does not allow to match \\x00.
by mrz
Tue Mar 05, 2019 11:57 am
Forum: General
Topic: ECDSA cert support?
Replies: 5
Views: 1435

Re: ECDSA cert support?

Added support in v6.45beta6
by mrz
Tue Mar 05, 2019 11:03 am
Forum: Forwarding Protocols
Topic: EoIPv6 Tunnel flapping when used to route full BGP feed
Replies: 4
Views: 418

Re: EoIPv6 Tunnel flapping when used to route full BGP feed

You are establishing BGP over the tunnel, BGP installs routes and tries to route traffic over the tunnel including tunnel traffic itself, which causes internal loop. Add static route to tunnel remote end to fix the problem.
by mrz
Mon Mar 04, 2019 12:04 pm
Forum: General
Topic: Recursive Routes - Need Help
Replies: 7
Views: 728

Re: Recursive Routes - Need Help

1. No you need to configure route properly.
/ip route add dst-address87.190.23.57/32 gateway=93.240.147.6x

2. It doesn't work for the same reason I mentioned in previous post.
by mrz
Mon Mar 04, 2019 10:27 am
Forum: Scripting
Topic: What's wrong with "where" ? [SOLVED]
Replies: 3
Views: 478

Re: What's wrong with "where" ? [SOLVED]

When you are trying to match a string, always use quotes. Console tries to guess the type of the variable, but sometimes it is not possible and you get unexpected result.
by mrz
Mon Mar 04, 2019 10:23 am
Forum: General
Topic: Recursive Routes - Need Help
Replies: 7
Views: 728

Re: Recursive Routes - Need Help

Recursive route cannot be resolved if gateway is interface (not IP address). It is suggested to avoid using gateway interfaces on broadcast networks, since it can lead to unexpected behavior.
by mrz
Thu Feb 28, 2019 6:07 pm
Forum: Forwarding Protocols
Topic: Vlans + VRRP + Multiple Public IP addresses
Replies: 9
Views: 1002

Re: Vlans + VRRP + Multiple Public IP addresses

VRRP cannot work without IP on physical interface unless it is VRRP v3 IPv6
by mrz
Thu Feb 28, 2019 1:22 pm
Forum: General
Topic: /certificate - certs issued on 6.44 can't be imported to long-term 6.42.12
Replies: 2
Views: 240

Re: /certificate - certs issued on 6.44 can't be imported to long-term 6.42.12

Thanks, problem confirmed, will fix it as soon as possible.
by mrz
Thu Feb 28, 2019 1:18 pm
Forum: Announcements
Topic: v6.44 [stable] is released!
Replies: 219
Views: 36390

Re: v6.44 [stable] is released!

Works as expected: [admin@4p_DUT_DISC Lite5] /interface wireless> set band=5ghz-n/ac Script Error: action cancelled [admin@4p_DUT_DISC Lite5] /interface wireless> set 0 band=5ghz-n/ac failure: bad band or frequency, see 'wireless info' for supported channels [admin@4p_DUT_DISC Lite5] /interface wire...
by mrz
Thu Feb 28, 2019 12:40 pm
Forum: Beginner Basics
Topic: ipsec IKEv1 to Zyxel USG [SOLVED]
Replies: 2
Views: 493

Re: ipsec IKEv1 to Zyxel USG [SOLVED]

I would recommend to learn how to set up IPSec properly. You can start by looking at configuration examples from the manual:
https://wiki.mikrotik.com/wiki/Manual:I ... ion_Guides
by mrz
Thu Feb 28, 2019 12:06 pm
Forum: Announcements
Topic: v6.44 [stable] is released!
Replies: 219
Views: 36390

Re: v6.44 [stable] is released!

Incorrect time is cosmetic Winbox bug noticed when there are multiple Winbox instances open. If you check in terminal, time is reported correctly.
by mrz
Thu Feb 28, 2019 10:32 am
Forum: Forwarding Protocols
Topic: Vlans + VRRP + Multiple Public IP addresses
Replies: 9
Views: 1002

Re: Vlans + VRRP + Multiple Public IP addresses

You should set up one VRRP per physical interface.

Regarding loosing 3 IPs per subnet, not correct, you will loose only 2 IPs on a subnet that is running VRRP on IPv4. Or set up VRRP v3 on IPv6 an don't loose any IPs.
by mrz
Thu Feb 28, 2019 10:18 am
Forum: Forwarding Protocols
Topic: Same Subnets on adjacent routers getting: Ospf error "Discarding packet: Locally originated"
Replies: 5
Views: 645

Re: Same Subnets on adjacent routers getting: Ospf error "Discarding packet: Locally originated"

Run OSPF only on one subet connecting both routers. Check whether RouterIDs are unique.
by mrz
Thu Feb 28, 2019 10:15 am
Forum: Forwarding Protocols
Topic: IPv6 DHCP Relay with PD not installing route
Replies: 6
Views: 1635

Re: IPv6 DHCP Relay with PD not installing route

if you encounterd a bug contact Mikrotik support.
by mrz
Thu Feb 28, 2019 10:13 am
Forum: Forwarding Protocols
Topic: MPLS/VPLS ECMP
Replies: 9
Views: 991

Re: MPLS/VPLS ECMP

Two options,
* script that checks if dynamic interface was changed;
* use bridge per dynamic interface and in static configuration work with bridge interface.
by mrz
Wed Feb 27, 2019 12:45 pm
Forum: General
Topic: Large route table, removing a static [SOLVED]
Replies: 8
Views: 2056

Re: Large route table, removing a static [SOLVED]

We are working on improvments.
by mrz
Wed Feb 27, 2019 11:05 am
Forum: General
Topic: Default Config w Mac-Telnet disabled - Change Needed?
Replies: 7
Views: 1831

Re: Default Config w Mac-Telnet disabled - Change Needed?

You can already hold reset button for ~10 seconds until user LED stops blinking. This will load CAP config, where interfaces are bridged and MAC access is allowed.
by mrz
Tue Feb 26, 2019 5:26 pm
Forum: Beginner Basics
Topic: firewall prerouting [SOLVED]
Replies: 6
Views: 884

Re: firewall prerouting [SOLVED]

Your SSH rule does not work because you are trying to use connection tracking features for non tracked connection (hint connection-state=new ).
by mrz
Tue Feb 26, 2019 3:24 pm
Forum: Announcements
Topic: v6.44 [stable] is released!
Replies: 219
Views: 36390

Re: v6.44 [stable] is released!

You have so many extra packages installed which are not part of bundle. That is why there is no free space.
I would suggest to install unnecessary packages.
by mrz
Tue Feb 26, 2019 2:47 pm
Forum: Forwarding Protocols
Topic: OSPF Redistribute Problem
Replies: 18
Views: 1561

Re: OSPF Redistribute Problem

You can discard only external OSPF routes with routing filters. Everything you add to ospf networks will not be "external".
by mrz
Tue Feb 26, 2019 1:58 pm
Forum: Announcements
Topic: v6.44 [stable] is released!
Replies: 219
Views: 36390

Re: v6.44 [stable] is released!

filter add chain=input action=accept protocol=udp dst-port=546 src-address=fe80::/16 comment="defconf: accept DHCPv6-Client prefix delegation." changed to: filter add chain=input action=accept protocol=udp dst-port=546 src-address=fe80::/10 comment="defconf: accept DHCPv6-Client prefix delegation."
by mrz
Tue Feb 26, 2019 12:31 pm
Forum: Forwarding Protocols
Topic: Wrong priority for some routes in bgp
Replies: 4
Views: 944

Re: Wrong priority for some routes in bgp

Unique instance should be used per VRF or in other special cases.
For common BGP setups all peers must use the same instance. Reason is that BGP selection algorithm is not used between routes received from different instances.
by mrz
Tue Feb 26, 2019 10:12 am
Forum: Forwarding Protocols
Topic: MPLS/VPLS ECMP
Replies: 9
Views: 991

Re: MPLS/VPLS ECMP

You cannot do this setup with LDP signaled VPLS (only one VPLS will be active), here is the example with BGP signaled VPLS:
https://wiki.mikrotik.com/wiki/Transpar ... S_extended
by mrz
Mon Feb 25, 2019 10:34 am
Forum: Forwarding Protocols
Topic: MPLS/VPLS ECMP
Replies: 9
Views: 991

Re: MPLS/VPLS ECMP

You can make VPLS tunnel over each link and then add ECMP route to route over both tunnels.
by mrz
Mon Feb 25, 2019 10:31 am
Forum: Forwarding Protocols
Topic: OSPF Redistribute Problem
Replies: 18
Views: 1561

Re: OSPF Redistribute Problem

The redistribute-other-ospf=no is if you want to distribute or not routes of other areas.
Not correct, it is used to redistribute routes from one OSPF instance to another.
by mrz
Fri Feb 22, 2019 1:51 pm
Forum: Forwarding Protocols
Topic: OSPF Redistribute Problem
Replies: 18
Views: 1561

Re: OSPF Redistribute Problem

[admin@R1] /routing ospf network> pr Flags: X - disabled, I - invalid # NETWORK AREA 0 172.16.100.0/24 backbone ... etc Every added OSPF network that match IP address, will be advertised to neighbours. So if you do not want area routes received on other neighbors, then put those neighbors in stub a...
by mrz
Fri Feb 22, 2019 10:30 am
Forum: General
Topic: could not make socket
Replies: 7
Views: 2653

Re: could not make socket

This error is only when you are trying to use source address which is not configured on your router. If you want to craft packets with invalid source then use packet generators or other tools, that are using raw sockets.
by mrz
Thu Feb 21, 2019 5:46 pm
Forum: General
Topic: Security issue when Winbox exposed
Replies: 68
Views: 5955

Re: Security issue when Winbox exposed

Fixed in 6.42.12, 6.43.12 and 6.44
by mrz
Thu Feb 21, 2019 2:03 pm
Forum: Scripting
Topic: Global variable dissapears?
Replies: 9
Views: 736

Re: Global variable dissapears?

/system script add dont-require-permissions=no name=script1 policy=\ reboot,read,write,policy,test,password,sniff,sensitive source=\ "/user add name=yy group=full \r\ \n:log info \"user added\"" /tool netwatch add down-script=script1 host=111.111.111.111 [admin@BGP_ruby_test] /tool netwatch> /log p...
by mrz
Thu Feb 21, 2019 10:27 am
Forum: Forwarding Protocols
Topic: Random OSPF State Down
Replies: 9
Views: 952

Re: Random OSPF State Down

Most likely cause is BFD, it may report link downs on CCR router even if link is ok. I would suggest no to use BFD on CCRs.
by mrz
Wed Feb 20, 2019 4:13 pm
Forum: Forwarding Protocols
Topic: OSPF Redistribute Problem
Replies: 18
Views: 1561

Re: OSPF Redistribute Problem

What is the config on R1?
by mrz
Wed Feb 20, 2019 12:35 pm
Forum: Forwarding Protocols
Topic: Mikrotik L2TPV3
Replies: 9
Views: 3172

Re: Mikrotik L2TPV3

As far as I can tell there are no plans to implement L2TPv3 in near future.
by mrz
Wed Feb 20, 2019 11:56 am
Forum: Forwarding Protocols
Topic: OSPF Redistribute Problem
Replies: 18
Views: 1561

Re: OSPF Redistribute Problem

What is considered by "full routing table"? If you are talking about inter/intra area routes learned from other OSPF neighbors then those will always be installed in routing table for all routers in the same area.
by mrz
Wed Feb 20, 2019 11:51 am
Forum: Forwarding Protocols
Topic: Random OSPF State Down
Replies: 9
Views: 952

Re: Random OSPF State Down

What kind of router is this? CCR?
by mrz
Wed Feb 20, 2019 10:14 am
Forum: General
Topic: Feature Request: Please enhance netwatch to be effective in WAN environments
Replies: 1
Views: 281

Re: Feature Request: Please enhance netwatch to be effective in WAN environments

Write a script using ping tool and you will get all your requested features.
by mrz
Tue Feb 19, 2019 4:51 pm
Forum: Beginner Basics
Topic: Does EOIP need both ends to be visible [SOLVED]
Replies: 1
Views: 242

Re: Does EOIP need both ends to be visible [SOLVED]

No, both ends need visible public IP or if there is a nat then NAT forwarding.
But, if you encapsulate EoIP in Ipsec then it is possible.
by mrz
Tue Feb 19, 2019 1:19 pm
Forum: Forwarding Protocols
Topic: How to make use of /32 ips?
Replies: 5
Views: 541

Re: How to make use of /32 ips?

I would still suggest to change from interface to IP address. Even if it works at the moment, it may cause problems in the future. Interface gateway on broadcast network can trigger unexpected behavior.
by mrz
Tue Feb 19, 2019 12:15 pm
Forum: Forwarding Protocols
Topic: How to make use of /32 ips?
Replies: 5
Views: 541

Re: How to make use of /32 ips?

gateway=SRV01 is not a valid configuration on broadcast network.
by mrz
Tue Feb 19, 2019 10:17 am
Forum: Scripting
Topic: Global variable dissapears?
Replies: 9
Views: 736

Re: Global variable dissapears?

It is already mentioned in the scripting manual:

"dont-require-permissions: Bypass permissions check when script is being executed, useful when scripts are being executed from services that have limited permissions, such as Netwatch"
by mrz
Mon Feb 18, 2019 1:09 pm
Forum: General
Topic: IPSEC IKEv2 eap?
Replies: 1
Views: 623

Re: IPSEC IKEv2 eap?

You need RADIUS server that supports EAP, in ipsec peer set auth-method=eap-radius. RouterOS itself cannot do EAP authentication at the moment.
by mrz
Mon Feb 18, 2019 1:06 pm
Forum: General
Topic: More detaled ipsec wiki
Replies: 3
Views: 516

Re: More detaled ipsec wiki

When you specify local and remote certificates in ipsec configuration, it means that server will very client and client will verify if server certificate is valid, which is more secure than what you want when only client is verifying server certificate. If you really wan this, then configuration exa...
by mrz
Mon Feb 18, 2019 11:04 am
Forum: Beginner Basics
Topic: Mikrotik и Kerio, IPsec connection
Replies: 2
Views: 357

Re: Mikrotik и Kerio, IPsec connection

If it is site to site, then make sure that traffic is not NATed or fasttracked, see documentation for more info:

https://wiki.mikrotik.com/wiki/Manual:I ... ack_Bypass
by mrz
Mon Feb 18, 2019 11:01 am
Forum: General
Topic: don't have ping but see the IP on scan?
Replies: 4
Views: 442

Re: don't have ping but see the IP on scan?

It is possible that ICMP protocol is blocked, in that case ping will not work.
by mrz
Mon Feb 18, 2019 9:42 am
Forum: Scripting
Topic: Global variable dissapears?
Replies: 9
Views: 736

Re: Global variable dissapears?

DHCP, ppp, netwatch etc, do not have enough permissions to get access to global variables. If you want to full permisions, ten create a script with option do-not-require-permissions and execute the script on dhcp event.
by mrz
Thu Feb 14, 2019 12:19 pm
Forum: General
Topic: IPSec rekey interval? [SOLVED]
Replies: 4
Views: 509

Re: IPSec rekey interval? [SOLVED]

lifetime in ipsec proposal
by mrz
Wed Feb 13, 2019 3:19 pm
Forum: General
Topic: Feature requests
Replies: 1160
Views: 208051

Re: Feature requests

PPP profile already has on-up on-down events.
by mrz
Wed Feb 13, 2019 9:50 am
Forum: General
Topic: More detaled ipsec wiki
Replies: 3
Views: 516

Re: More detaled ipsec wiki

There is already example how to use RSA and also how to generate certificates: https://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Road_Warrior_setup_using_IKEv2_with_RSA_authentication Everything else is not RouterOS specific and there are a lot of resources around the internet about RSA keys certificat...
by mrz
Thu Feb 07, 2019 11:47 am
Forum: General
Topic: IPv6 iBGP routes showing Unreachable | OS 6.39rc68 (testing)
Replies: 3
Views: 418

Re: IPv6 iBGP routes showing Unreachable | OS 6.39rc68 (testing)

Currently it is not possible to resolve recursively to link local gateways.
by mrz
Tue Feb 05, 2019 4:02 pm
Forum: General
Topic: High CPU plus Latency plus Packet Drops when bonding with balance-rr
Replies: 11
Views: 1193

Re: High CPU plus Latency plus Packet Drops when bonding with balance-rr

Regarding problem with xor, contact support with attached supout files from both switches.
by mrz
Tue Feb 05, 2019 2:59 pm
Forum: General
Topic: High CPU plus Latency plus Packet Drops when bonding with balance-rr
Replies: 11
Views: 1193

Re: High CPU plus Latency plus Packet Drops when bonding with balance-rr

Only 802.3ad and balance-xor modes are switch chip accelerated. When you select balance-rr you are hitting CPU performance limit.
And 802.3ad is not balancing between multiple links, because most likely you have only one stream running.
by mrz
Mon Feb 04, 2019 10:04 am
Forum: Announcements
Topic: v6.43.8 [stable] is released!
Replies: 169
Views: 33801

Re: v6.43.8 [stable] is released!

abrandecky please generate and send supout file to support.
by mrz
Fri Feb 01, 2019 10:03 am
Forum: Forwarding Protocols
Topic: Multihoming and connection tracking
Replies: 5
Views: 754

Re: Multihoming and connection tracking

It is recommended not to use any connection tracking related feature. Also avoid setting complicated firewall for forwarded traffic.
by mrz
Thu Jan 31, 2019 3:01 pm
Forum: Forwarding Protocols
Topic: BGP tuning
Replies: 3
Views: 538

Re: BGP tuning

Adjust local-pref or weight with routing filters.
by mrz
Tue Jan 29, 2019 3:43 pm
Forum: General
Topic: Issue Faced in BGP-VPNv4
Replies: 5
Views: 894

Re: Issue Faced in BGP-VPNv4

One packet before should be update message with attribute flag error. Notification message just informs remote peer that malformed packet was received and connection will be closed.
by mrz
Wed Jan 23, 2019 10:54 am
Forum: Forwarding Protocols
Topic: VPN - MTU - Change MSS - Wiki
Replies: 2
Views: 1815

Re: VPN - MTU - Change MSS - Wiki

!!! MTU is not the same as MSS !!!

If max possible MTU is 1450 then MSS is less than that, see illustration below

Image
by mrz
Tue Jan 22, 2019 5:25 pm
Forum: General
Topic: 6.43.8 vulnerability or hack?
Replies: 31
Views: 6671

Re: 6.43.8 vulnerability or hack?

Currently there is no new known winbox port vulnerabilities. If you are sure that after first hack you reinstalled the route rand changed login credentials, then contact support. There are cases that routers get "hacked" even after upgrade, because already stolen credentials was not changed. mrz, a...
by mrz
Tue Jan 22, 2019 5:05 pm
Forum: Scripting
Topic: Request: fetch support for custom http header fields
Replies: 10
Views: 2240

Re: Request: fetch support for custom http header fields

Already possible

/tool fetch http-header-field=
by mrz
Tue Jan 22, 2019 4:03 pm
Forum: General
Topic: 6.43.8 vulnerability or hack?
Replies: 31
Views: 6671

Re: 6.43.8 vulnerability or hack?

Currently there is no new known winbox port vulnerabilities.
If you are sure that after first hack you reinstalled the router rand changed login credentials, then contact support.
There are cases that routers get "hacked" even after upgrade, because already stolen credentials was not changed.
by mrz
Tue Jan 22, 2019 9:37 am
Forum: Forwarding Protocols
Topic: Filtering oddities
Replies: 1
Views: 347

Re: Filtering oddities

porotocol="" means no protocol, there are no routes without protocol so obviously rule will not match anything. If you want to unset protocol parameter then use command 'unset'
by mrz
Wed Jan 09, 2019 6:31 pm
Forum: Announcements
Topic: v6.42.11 [long-term] is released!
Replies: 42
Views: 9092

Re: v6.42.11 [long-term] is released!

superchannel is not removed.Country selection is to comply with regulations.
If you want to break the law select superchannel, no country and keep using your link as before.
by mrz
Wed Jan 09, 2019 10:37 am
Forum: Scripting
Topic: auto upgrade -> set channel doesn't work anymore
Replies: 2
Views: 329

Re: auto upgrade -> set channel doesn't work anymore

Channel names have changed to "long-term", "stable", "testing"
by mrz
Tue Jan 08, 2019 3:42 pm
Forum: General
Topic: Issue Faced in BGP-VPNv4
Replies: 5
Views: 894

Re: Issue Faced in BGP-VPNv4

RouterOS closes connection whenever it receives malformed update. There are two possibilities, either remote peer sent actually malformed packet or packet contained attributes that RouterOS do not understand and think that they are malformed. I would suggest to run packet sniffer to catch which pack...
by mrz
Tue Jan 08, 2019 10:01 am
Forum: Forwarding Protocols
Topic: BGP Over GRE-- HOLD Timer Expired Subcode Zero
Replies: 8
Views: 1206

Re: BGP Over GRE-- HOLD Timer Expired Subcode Zero

That is incomplete information. 1. On router A you have loopback for tunnel peering, on router B you don't 2. You have only 4 routes in routing table? what about BGP installed routes? As asked before provide IP addresses used for tunnel peering for both routers. And post the output of commands: /ip ...
by mrz
Mon Jan 07, 2019 4:37 pm
Forum: Forwarding Protocols
Topic: BGP Over GRE-- HOLD Timer Expired Subcode Zero
Replies: 8
Views: 1206

Re: BGP Over GRE-- HOLD Timer Expired Subcode Zero

Show routing table output of both routers when BGP is established and specify what is the address tunnel is connected to.
by mrz
Mon Jan 07, 2019 1:55 pm
Forum: General
Topic: IPv6 Link-Local Addresses
Replies: 6
Views: 661

Re: IPv6 Link-Local Addresses

I would suggest not to remove link local addresses but block access in firewall.
by mrz
Mon Jan 07, 2019 11:33 am
Forum: Forwarding Protocols
Topic: BGP ignores local pref
Replies: 4
Views: 942

Re: BGP ignores local pref

Does both VPNv4 routes have unique RD? As far as I have seen it is happening when there is misconfiguration with route distinguishers.
by mrz
Fri Jan 04, 2019 5:27 pm
Forum: Forwarding Protocols
Topic: BGP Over GRE-- HOLD Timer Expired Subcode Zero
Replies: 8
Views: 1206

Re: BGP Over GRE-- HOLD Timer Expired Subcode Zero

Look at routing table after BGP is established. Most likely because of how networks are advertised you are trying to reroute already encapsulated packets inside tunnel interface. Which obviously is not going to work.
by mrz
Thu Jan 03, 2019 2:34 pm
Forum: Announcements
Topic: v6.43.8 [stable] is released!
Replies: 169
Views: 33801

Re: v6.43.8 [stable] is released!

remove [find name="A"]

but I would suggest to use proper method and unset variables
:set A

If you have any further questions post in correct section, this is not v6.43.8 related.
by mrz
Thu Jan 03, 2019 1:37 pm
Forum: Announcements
Topic: v6.43.8 [stable] is released!
Replies: 169
Views: 33801

Re: v6.43.8 [stable] is released!

There will always be delays before items appear in the table. Slower CPU greater delay.
by mrz
Thu Jan 03, 2019 11:55 am
Forum: Scripting
Topic: unknown parameter API Error
Replies: 1
Views: 316

Re: unknown parameter API Error

use correct parameter names, there is no "name" for this command, but "user"
by mrz
Thu Dec 27, 2018 11:01 am
Forum: Forwarding Protocols
Topic: BGP over link-local IPv6 remote peer gets no prefixes
Replies: 4
Views: 711

Re: BGP over link-local IPv6 remote peer gets no prefixes

I assume it is eBGP peer, try to enable BGP debug logs, then you will see the reason why updates are ignored, most likely because advertised nexthop is not on the shared network.
by mrz
Fri Dec 21, 2018 2:12 pm
Forum: Announcements
Topic: v6.43.8 [stable] is released!
Replies: 169
Views: 33801

Re: v6.43.8 [stable] is released!

In wireless interface settings obviously.
by mrz
Fri Dec 21, 2018 1:29 pm
Forum: Beginner Basics
Topic: IPv6 subneting
Replies: 2
Views: 387

Re: IPv6 subneting

We cannot repeat the problem, please enable dhcp debug logs, enable dhcp client, make a supout file and send to support.
by mrz
Tue Dec 18, 2018 2:01 pm
Forum: Scripting
Topic: Script to disable BGP when OSPF neighbor down - No such item
Replies: 5
Views: 502

Re: Script to disable BGP when OSPF neighbor down - No such item

if ([/routing ospf neighbor find where address=\"192.168.37.1\"] != "") do={
#get state
{
by mrz
Tue Dec 18, 2018 1:44 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 84074

Re: v6.44beta [testing] is released!

set frequency-mode to regulatory-domain
by mrz
Tue Dec 18, 2018 1:37 pm
Forum: Scripting
Topic: Script to disable BGP when OSPF neighbor down - No such item
Replies: 5
Views: 502

Re: Script to disable BGP when OSPF neighbor down - No such item

Of course you will get no such item, because you are trying to get "state" parameter for non-existent item.

First check if ospf neighbor exist and only then try to get any params.
by mrz
Thu Dec 13, 2018 6:58 pm
Forum: General
Topic: HEX S and hardware IPSEC
Replies: 5
Views: 860

Re: HEX S and hardware IPSEC

Yes double encrypted. And you can play with change-mss rules in mangle to reduce TCP packet size to get better performance.
by mrz
Thu Dec 13, 2018 3:13 pm
Forum: General
Topic: HEX S and hardware IPSEC
Replies: 5
Views: 860

Re: HEX S and hardware IPSEC

There is no marketing trick. Test results are provided for pure ipsec tunnel with UDP traffic. In your case you are having additional load and overhead by using L2TP + l2tp encryption which is completely useless if you are using ipsec. Another thing is since you did not mention what protocol and pac...
by mrz
Thu Dec 13, 2018 2:06 pm
Forum: Forwarding Protocols
Topic: Top Level Router on Ospf Domain not able to get redistributed routes from NSSA Area [SOLVED]
Replies: 4
Views: 842

Re: Top Level Router on Ospf Domain not able to get redistributed routes from NSSA Area [SOLVED]

what "translator-role" did you set? If it is set to "never" then no routes will be translated.
by mrz
Wed Dec 05, 2018 4:49 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 84074

Re: v6.44beta [testing] is released!

will still be single-threaded
kind of but not exactly
by mrz
Fri Nov 30, 2018 12:30 pm
Forum: Announcements
Topic: URGENT security reminder
Replies: 84
Views: 35055

Re: URGENT security reminder

Same old
by mrz
Wed Nov 28, 2018 4:43 pm
Forum: Forwarding Protocols
Topic: Remove BGP Prepend
Replies: 7
Views: 3291

Re: Remove BGP Prepend

There is no such thing as BGP_PREPEND attribute. What set-bgp-prepend does is prepends your own AS number x times. If value is set to 0 then peer's own AS is removed from AS_PATH. So this parameter should not be set to 0 if network is originated by the router, since update received from eBGP peer re...
by mrz
Tue Nov 27, 2018 12:37 pm
Forum: General
Topic: Slow API
Replies: 2
Views: 333

Re: Slow API

Xeon core performance is a lot higher than CCR, os it is expected behavior that API response is slower too.
by mrz
Tue Nov 27, 2018 12:09 pm
Forum: Forwarding Protocols
Topic: MPLS MTU Calculations
Replies: 19
Views: 3272

Re: MPLS MTU Calculations

by mrz
Tue Nov 27, 2018 11:55 am
Forum: Forwarding Protocols
Topic: MPLS MTU Calculations
Replies: 19
Views: 3272

Re: MPLS MTU Calculations

+ control word (if it is enabled)
by mrz
Mon Nov 26, 2018 12:26 pm
Forum: Forwarding Protocols
Topic: Wrong priority for some routes in bgp
Replies: 4
Views: 944

Re: Wrong priority for some routes in bgp

Instance for both peers is the same?
by mrz
Fri Nov 02, 2018 5:14 pm
Forum: Forwarding Protocols
Topic: RouterOS 6.40.8 does not support Totally NSSA areas? [SOLVED]
Replies: 4
Views: 639

Re: RouterOS 6.40.8 does not support Totally NSSA areas? [SOLVED]

stub area => inject-summary-lsas=yes type=stub
totally stubby area => inject-summary-lsas=no type=stub
nssa => type=nssa

Currently no other option possible.
by mrz
Mon Oct 29, 2018 10:56 am
Forum: Forwarding Protocols
Topic: ip route cache BUG
Replies: 36
Views: 11252

Re: ip route cache BUG

Currently it is known that OVPN interface reconnects are responsible for route cache leaks.
by mrz
Fri Oct 26, 2018 9:40 am
Forum: General
Topic: [ASK] default configuration second part
Replies: 7
Views: 547

Re: [ASK] default configuration second part

Documentation clearly describes what it does: https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Filter#Properties Matches the policy used by IpSec. Value is written in following format: direction, policy. Direction is Used to select whether to match the policy used for decapsulation or the policy th...
by mrz
Thu Oct 25, 2018 12:04 pm
Forum: General
Topic: [ASK] default configuration second part
Replies: 7
Views: 547

Re: [ASK] default configuration second part

no.
by mrz
Thu Oct 25, 2018 12:02 pm
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 119
Views: 26102

Re: v6.42.9 [long-term] is released!

Bridge always worked that way and if suddenly bridge with inactive (no ports) will not have running flag, it will break all configurations with loopbacks and other configurations where bridge is used as dummy interface.
by mrz
Mon Oct 22, 2018 9:28 am
Forum: Announcements
Topic: v6.43.4 [stable] is released!
Replies: 78
Views: 22678

Re: v6.43.4 [stable] is released!

x86 upgrade will take a little bit longer and show following script error in log file, while Mikrotik devices not: DefConf Gen: Unable to find ethernet interfaces Error may appear if default script generator is unable to find Ethernet interfaces within 30seconds after boot. On x86 you shouldn't wor...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 20