Community discussions

Search found 1026 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 21
by Caci99
Mon Aug 20, 2018 4:55 pm
Forum: Beginner Basics
Topic: Capsman and Virtual AP - how to setup?
Replies: 6
Views: 1712

Re: Capsman and Virtual AP - how to setup?

I think I got it guys. Started a new CAPsMAN from scratch for testing.
I think I had it wrong on defining slaves on provisioning configuration. Will test a bit more and let you know how things go.
by Caci99
Sat Aug 18, 2018 3:28 pm
Forum: Beginner Basics
Topic: Capsman and Virtual AP - how to setup?
Replies: 6
Views: 1712

Re: Capsman and Virtual AP - how to setup?

Config on CapsMan: /interface bridge add name=bridgeCAPS auto-mac=yes add name=bridgeGuest auto-mac=yes /interface bridge port add bridge=bridgeCAPS interface=ether2 add bridge=bridgeCAPS interface=ether3 add bridge=bridgeCAPS interface=ether4 add bridge=bridgeCAPS interface=ether5 /caps-man datapat...
by Caci99
Sat Aug 18, 2018 11:17 am
Forum: Beginner Basics
Topic: Capsman and Virtual AP - how to setup?
Replies: 6
Views: 1712

Re: Capsman and Virtual AP - how to setup?

Did you guys managed to get this done?
When I set Virtual AP to CAP they will cause the real wireless interfaces to be excluded and deactivated. I am trying this on Ceiling AC with Hex as Caps manager.
Basically by adding any virtual AP none of the interfaces will join Caps Manager
by Caci99
Wed Aug 15, 2018 10:27 pm
Forum: General
Topic: Routes with check-ping should only become active if they can ping the gateway
Replies: 9
Views: 495

Re: Routes with check-ping should only become active if they can ping the gateway

Either way is my request unreasonable? i.e. a route with check-ping should only become active if the gateway IP is ping-able? No, not unreasonable at all :). It should become active only if ping is successful. My suspicion though (since I haven't tested such a thing), is about the ethernet link. As...
by Caci99
Wed Aug 15, 2018 11:03 am
Forum: General
Topic: Routes with check-ping should only become active if they can ping the gateway
Replies: 9
Views: 495

Re: Routes with check-ping should only become active if they can ping the gateway

It is a seamless process, I have done many with desired result and no issues. That is why I recommend to start with a basic setup with only one host per link to check. Also, why should the interface of the modem go down? The modem might lose connection but the ethernet link should remain up. I suspe...
by Caci99
Tue Aug 14, 2018 1:30 pm
Forum: General
Topic: Routes with check-ping should only become active if they can ping the gateway
Replies: 9
Views: 495

Re: Routes with check-ping should only become active if they can ping the gateway

This is how I see it: add comment=CABLE distance=1 dst-address=208.67.222.222/32 gateway=67.253.120.1 scope=10 add distance=20 dst-address=208.67.222.222/32 type=blackhole add comment=CABLE distance=1 dst-address=1.1.1.1/32 gateway=67.253.120.1 scope=10 add distance=20 dst-address=1.1.1.1/32 type=bl...
by Caci99
Mon Aug 13, 2018 12:28 pm
Forum: General
Topic: Routes with check-ping should only become active if they can ping the gateway
Replies: 9
Views: 495

Re: Routes with check-ping should only become active if they can ping the gateway

On your first part of post, where you have the printed route table, there are 4 routes with destination 0.0.0.0/0 which are the routes to the internet. I don't see the rules for these on the second part where you have posted the export of the route table. From what I can see on the first part, you h...
by Caci99
Fri Aug 10, 2018 12:45 pm
Forum: General
Topic: Routes with check-ping should only become active if they can ping the gateway
Replies: 9
Views: 495

Re: Routes with check-ping should only become active if they can ping the gateway

Post your routing configuration, it is not easy to understand without looking at it.
I suspect you have defined interface as gateway instead of IP address.
by Caci99
Mon Jun 25, 2018 12:03 pm
Forum: SwOS
Topic: CSS326-24G-2S+ unable to upgrade
Replies: 10
Views: 2138

Re: CSS326-24G-2S+ unable to upgrade

For those who can not advance past version 2.4, I got word from support and they have introduced a dhcp client at version 2.5 so very probably the switch gets an ip address from dhcp server and no longer answers to the default ip. No I feel dumb :), I should have checked my dhcp server for new lease...
by Caci99
Fri Jun 22, 2018 12:43 pm
Forum: SwOS
Topic: CSS326-24G-2S+ unable to upgrade
Replies: 10
Views: 2138

Re: CSS326-24G-2S+ unable to upgrade

It is a strange problem indeed. I can upgrade up to 2.4, after that it is impossible to upgrade.
I will write to support a bit later and see what they have to say.
by Caci99
Tue Jun 19, 2018 4:47 pm
Forum: General
Topic: PPPoE or modem?
Replies: 5
Views: 267

Re: PPPoE or modem?

Try pinging to internet, that's where you'll have a worse jitter. Also, moving pppoe to mikrotik will help with that, modems CPU are not ideal, while the routerboard will definitely handle it better.
by Caci99
Tue Jun 19, 2018 10:38 am
Forum: General
Topic: PPPoE or modem?
Replies: 5
Views: 267

Re: PPPoE or modem?

If you are not noticing any drop in pppoe connection while it is configured on the mikrotik (after the wireless link) than your wireless link is pretty good. About the voice drops, those are very sensitive to latency and more to jitter. You need to monitor them and configure some QOS to optimize for...
by Caci99
Mon Jun 18, 2018 2:32 pm
Forum: General
Topic: PPPoE or modem?
Replies: 5
Views: 267

Re: PPPoE or modem?

Every time in such cases I recommend to put modem in bridge mode and let mikrotik handle the pppoe. There are two advantages at place, first you have only one NAT node, and secondly the processing power of routerboard is far better than that of a modem. PPPoE is senstive to the wireless, meaning any...
by Caci99
Mon May 21, 2018 2:43 pm
Forum: Announcements
Topic: v6.42.2 [current]
Replies: 65
Views: 10313

Re: v6.42.2 [current]

RouterOS version 6.42.2 has been released in public "current" channel! Before an upgrade: ... 3) Device has enough free storage space for all RouterOS packages to be downloaded. ... You might remove that warning about storage available, it is confusing for people I believe. There are routerboards w...
by Caci99
Mon Apr 23, 2018 1:41 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 124981

Re: Advisory: Vulnerability exploiting the Winbox port

How it works: The vulnerability allowed a special tool to connect to the Winbox port, and request the system user database file. They gain access on a file within the router, right? What kind of information is stored in there? You don't know what is stored in the system user database file ???? :lol...
by Caci99
Mon Apr 23, 2018 1:30 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 124981

Re: Advisory: Vulnerability exploiting the Winbox port

How it works: The vulnerability allowed a special tool to connect to the Winbox port, and request the system user database file.
They gain access on a file within the router, right? What kind of information is stored in there?
by Caci99
Mon Apr 23, 2018 1:23 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 124981

Re: Advisory: Vulnerability exploiting the Winbox port

I use firewall rules which will kick an IP address if login fails after three attempts. Will this method be sufficient to be protected from this vulnerability?

By the way, thank you for letting us know about it.
by Caci99
Mon Apr 16, 2018 8:05 pm
Forum: Announcements
Topic: Winbox 3.13 released!
Replies: 61
Views: 14394

Re: Winbox 3.13 released!

Moving the focus on the password field while you're browsing the managed list does not make sense to me. The purpose of having the managed list is to save the credentials of your own routers along with their addresses, so moving to the password to insert the password does not make sense, I already h...
by Caci99
Tue Mar 06, 2018 11:24 am
Forum: Announcements
Topic: Newsletter #81 (March 2018)
Replies: 23
Views: 9580

Re: Newsletter #81 (March 2018)

Caci99 - User Manager is a separate package which can be installed on your device running RouterOS. Support for MMIPS and ARM platforms was added in 6.42rc versions. You can now test it if you are willing to try out rc version and, of course, you will be able to use it also when 6.42 and later full...
by Caci99
Mon Mar 05, 2018 12:03 pm
Forum: Announcements
Topic: Newsletter #81 (March 2018)
Replies: 23
Views: 9580

Re: Newsletter #81 (March 2018)

UserManager can be run on ARM now. What ROS is needed to run it, or is it a separate package?
by Caci99
Mon Feb 12, 2018 10:32 am
Forum: Announcements
Topic: Winbox 3.12 released!
Replies: 55
Views: 32227

Re: Winbox 3.12 released!

Confirming. When you select an item in 'Managed' list, WinBox copies credentials to the text boxes in the top of window and moves focus to 'Password' field for some reason. That's not what I'm expecting :) Yep, I see it now after chupaka post what you guys meant. Winbox moves focus to password fiel...
by Caci99
Fri Feb 09, 2018 4:50 pm
Forum: Announcements
Topic: Winbox 3.12 released!
Replies: 55
Views: 32227

Re: Winbox 3.12 released!

i cant show it with video. please open winbox with many saved adresses. i have 48 items in my address book. mark one and try to scroll up-down with the mouse wheel. it does not. with 3.11 was possible.
Using Win7x86, it works for me
by Caci99
Mon Jan 29, 2018 10:59 pm
Forum: Announcements
Topic: Winbox 3.11 released!
Replies: 94
Views: 250928

Re: Winbox 3.11 released!

You clicked on the Note header to cause it to be sorted by Note. Click on the column header you want to use for sorting, you can sort on 2 different colums this way. This is indicated by the arrow in the column header. It is not that. The sorting on the Note column somehow is not behaving as it sho...
by Caci99
Mon Jan 29, 2018 8:59 pm
Forum: Announcements
Topic: Winbox 3.11 released!
Replies: 94
Views: 250928

Re: Winbox 3.11 released!

Having trouble since a couple of days ago sorting saved routers by "Note" column. Using winbox 3.11 on Win7, but being using it like this for a long time and did not have this issue. Now that I'm trying to add a new router and a note for it, will put it always last, unless I add a 0 before the note ...
by Caci99
Mon Dec 11, 2017 2:44 pm
Forum: General
Topic: netinstall doesnt work
Replies: 9
Views: 507

Re: netinstall doesnt work

Is there any other service running on PC which may block the port of Netinstall (I can't recall on which port Netinstall runs)? I have had this issue with Acronis Snap Deploy before. I have seen scenarios, not with netinstall but other cases, when auto-negotiation does not work as expected, so tryin...
by Caci99
Fri Dec 08, 2017 1:49 pm
Forum: Announcements
Topic: Winbox 3.11 released!
Replies: 94
Views: 250928

Re: Winbox 3.11 released!

Strangely enough, today the winbox 3.11 was reported as virus form Avira, containing traces of TR/AD.Swrort.absza. This has to be a false positive, I have being using winbox 3.11 since when it came out with the same antivirus protection. An update of Avira might have caused the problem.
by Caci99
Fri Nov 17, 2017 2:41 pm
Forum: General
Topic: DHCP client to be added at address list
Replies: 3
Views: 353

Re: DHCP client to be added at address list

Hey. Better make dhcp pool with IP's which in address-list range.
That won't cut it. Devices connecting to dhcp server are from different people with different rules to be applied. I can't put them all on the same pool, unless I can differentiate them by dhcp option
by Caci99
Fri Nov 17, 2017 1:40 pm
Forum: General
Topic: DHCP client to be added at address list
Replies: 3
Views: 353

DHCP client to be added at address list

Hello Is there a way to add a particular dhcp client at an address list? There is a script option at dhcp server to be run when client gets ip address, but how to make it run for a particular set of clients instead for all. Maybe using dhcp option? But I am not that familiar with those and how to ru...
by Caci99
Mon Oct 16, 2017 8:26 pm
Forum: Announcements
Topic: RouterOS (v6.39.3, v6.40.4, v6.41rc) NOT affected by WPA2 vulnerabilities
Replies: 58
Views: 94790

Re: RouterOS NOT affected by WPA2 vulnerabilities

It's important to note that this is a client vulnerability - patching your router / AP does not prevent the attack from working on connected devices. You need to update almost every device that has WPA2 support. Which means every device :) ( I guess every one secures wireless connection on WPA2) If...
by Caci99
Mon Oct 16, 2017 12:39 pm
Forum: Beginner Basics
Topic: how to monitor data plan in NS
Replies: 4
Views: 306

Re: how to monitor data plan in NS

okay the graphing tool does monitor data and kinda everything but only inside the router what goes in and what goes out. but it doesn't tell what and how much data went to let's say to nano station #1 or how much nano station #2 has uploaded . that what i want to monitor . To acquire data from Nano...
by Caci99
Mon Oct 16, 2017 12:36 pm
Forum: Announcements
Topic: RouterOS (v6.39.3, v6.40.4, v6.41rc) NOT affected by WPA2 vulnerabilities
Replies: 58
Views: 94790

Re: RouterOS NOT affected by WPA2 vulnerabilities

So what does this mean exactly in general? Can the password be stolen? How has Mikrotik fixed it, if it is the protocol itself who is vulnerable?
by Caci99
Sat Oct 14, 2017 1:13 pm
Forum: Beginner Basics
Topic: newbe question about two bridges
Replies: 1
Views: 221

Re: newbe question about two bridges

Try to configure it as any router and just do net mapping for IP = 10.2.3.55
https://wiki.mikrotik.com/wiki/Manual:I ... :1_mapping
You will assign two IP on the WAN interface, 10.2.3.253 and 10.2.3.55 and than do net mapping.
by Caci99
Sat Oct 14, 2017 1:01 pm
Forum: Beginner Basics
Topic: how to monitor data plan in NS
Replies: 4
Views: 306

Re: how to monitor data plan in NS

I don't know much about ubiquity devices but on mikrotik side you can activate the graphing tool built in the Router OS. Though with every reboot you will lose the graphing. If you don't want to lose the graphing data you can use dude to monitor it or NTOP. NTOP would need to activate traffic flow o...
by Caci99
Fri Sep 15, 2017 2:27 pm
Forum: Announcements
Topic: Newsletter 78 with 1GBPS WIRELESS PRODUCT ANNOUNCEMENT!
Replies: 109
Views: 24774

Re: Newsletter 78 with 1GBPS WIRELESS PRODUCT ANNOUNCEMENT!

Will the Woobm work as client device on desktops or laptops to connect them to an AP?
by Caci99
Wed Aug 16, 2017 12:21 pm
Forum: General
Topic: Router Compromised - Security flaw ?
Replies: 26
Views: 1781

Re: Router Compromised - Security flaw ?

I do usually add these rules on firewall filter, got them from wiki: add action=drop chain=forward comment="Drop invalid packets" \ connection-state=invalid disabled=no add action=drop chain=input comment="" connection-state=invalid disabled=no add action=drop chain=output comment="" connection-stat...
by Caci99
Wed Aug 16, 2017 11:13 am
Forum: General
Topic: Router Compromised - Security flaw ?
Replies: 26
Views: 1781

Re: Router Compromised - Security flaw ?

So, router was accessed using it's private IP, right? That means he knows port forwarding of core router. I bet he knows password too, how he does it's another story. In ten years I have worked with mikrotik, since ROS 2.9.x , I have never encountered a case where routerboard was compromised with ju...
by Caci99
Tue Aug 15, 2017 1:17 pm
Forum: General
Topic: Router Compromised - Security flaw ?
Replies: 26
Views: 1781

Re: Router Compromised - Security flaw ?

Are you reading logs from router memory? it can not save more than 100 lines, so maybe there are previous attacks which you can not see.
Also, look at this:
viewtopic.php?f=21&t=119308
by Caci99
Mon Jul 17, 2017 10:10 pm
Forum: General
Topic: Will PCQ still work even if computers are using a different DHCP server?
Replies: 1
Views: 187

Re: Will PCQ still work even if computers are using a different DHCP server?

As long as all of the traffic is passing through the router, PCQ will work.
It depends on how you have configured it.
by Caci99
Fri Jun 09, 2017 10:41 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Req: IKEv2 server and client
Replies: 291
Views: 66211

Re: Feature Req: IKEv2 server and client

When you set exchange-mode=ike2 :)
:lol: got it
by Caci99
Thu Jun 08, 2017 7:35 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Req: IKEv2 server and client
Replies: 291
Views: 66211

Re: Feature Req: IKEv2 server and client

Guys, a dumb question, but ... how can I understand if I'm using IKEv2 or not? :)
by Caci99
Wed May 17, 2017 2:17 pm
Forum: General
Topic: presentation :)
Replies: 3
Views: 280

Re: presentation :)

by Caci99
Sat Mar 18, 2017 2:02 pm
Forum: General
Topic: alarm port with Mikrotik
Replies: 12
Views: 1006

Re: alarm port with Mikrotik

Your mikrotik router is behind another router, so you are basically double nat-ing. The first router must have a nat config which sends the request to mikrotik IP 192.168.1.2 on port 33000. Is it so? Also, from your posted rules looks like the ones for this port are disabled. Have you enabled them w...
by Caci99
Sat Mar 18, 2017 1:44 pm
Forum: General
Topic: Assign daily bandwidth quota
Replies: 1
Views: 414

Re: Assign daily bandwidth quota

Take a look at this topic
viewtopic.php?f=13&t=87565&hilit=month+data+limit
It might be a good start what you are looking for.
by Caci99
Wed Feb 22, 2017 11:52 pm
Forum: General
Topic: https problem on hotspot
Replies: 97
Views: 81314

Re: https problem on hotspot

This is less and less of an issue these days, as most devices connecting to a hotspot are smart enough to automatically issue a regular http request and if it's redirected, present the user with the login page. Not at the moment though, there are still a lot of devices which don't do that, which gi...
by Caci99
Wed Feb 22, 2017 11:11 pm
Forum: General
Topic: https problem on hotspot
Replies: 97
Views: 81314

Re: https problem on hotspot

Hi Guys, Finally after long forum reading and googling, I am able to work with SSL and HTTPS sites. I will post all the details after few other test and post a video also if its a 100% success. Finger crossed. https://youtu.be/gth9SG_O8j0 That video didn't show that much how were you doing it. Can ...
by Caci99
Mon Feb 20, 2017 8:27 pm
Forum: General
Topic: https problem on hotspot
Replies: 97
Views: 81314

Re: https problem on hotspot

To start the SSL connection, doesn't the browser need first to connect to the server? By sending a request for connection, isn't it visible to the router on port 443 and as result redirected to hotspot login page? What am I missing here? When the client wants to connect to https://google.com, the c...
by Caci99
Mon Feb 20, 2017 4:31 pm
Forum: General
Topic: https problem on hotspot
Replies: 97
Views: 81314

Re: https problem on hotspot

I am a bit in the dark here.

To start the SSL connection, doesn't the browser need first to connect to the server? By sending a request for connection, isn't it visible to the router on port 443 and as result redirected to hotspot login page? What am I missing here?
by Caci99
Fri Feb 03, 2017 11:20 pm
Forum: General
Topic: Do any queue types respect Priority markings?
Replies: 26
Views: 2089

Re: Do any queue types respect Priority markings?

That is a lot of simple queues you would need to create for each customer. Mikrotik says that they have improved a lot the performance of simple queues, but I haven't tried it in real world since I am a lot more comfortable with queue tree. The good thing about queue tree is that all queues are tre...
by Caci99
Fri Feb 03, 2017 2:27 pm
Forum: General
Topic: Do any queue types respect Priority markings?
Replies: 26
Views: 2089

Re: Do any queue types respect Priority markings?

The good thing about queue tree is that all queues are treated at the same time, while with a simple queue the packet must check them all in their order until it matches the one which deals with it. To my knowledge, this is totally wrong. The current implementation if Simple Queues uses hash-table ...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 21