MikroTik

alfred998

I noticed yesterday that after an IP scan the table got filled with invalid entries for the whole range. It still doesn't explain why a computer would try to reach others, notably the ones that actually exist.

alfred998

Sleeping this over, I think the invalid entries come from IPs the computer knows about, but cant reach to find the MAC. So the question is what is telling the PC about the others and why is it trying to connect to them. Maybe SNMP trap, or Dude server. Each computer is only connected (because of por...

alfred998

The invalid entries appear on the PCs. Now that I checked, the ARP List on both the router (RB750) and dude (the other RB750) are fine. The cAP dont have any arp entry because their traffic is managed by the router. I also have firewall rules to drop traffic coming from the wifi except a few IPs (li...

alfred998

Just a remark while I try to digest the new information you gave me. it's CSS not CRS, so they have SwOS only.

So beside the mad device, are you saying that it's the router that is telling to computers about 00:00:00:00:00:00. ie they aren't receiving it directly from the mad device ?

alfred998

This is the configuration on the router # feb/20/2021 21:04:59 by RouterOS 6.47.9 # software id = XXXX-XXXX # # model = RB750Gr3 # serial number = ######## /interface bridge add name=gst-brg add arp=proxy-arp igmp-snooping=yes name=lim-brg add arp=proxy-arp igmp-snooping=yes name=loc-brg priority=0x...

alfred998

I dont know where to put this question because i am using all kind of mikrotik devices that might be involved. I noticed in Dude that my devices (which report through snmp) had invalid arp-s for different IPs and MAC XEROXCORP:00:00:00. The longer a device had stayed on, the more invalid arps. Xerox...

alfred998

I already have two configurations one main and one slave for guests. Do I need two more ?
ie SSID:
main 2.4
main 5
guest 2.4
guest 5

Or can I serve two configurations (2.4 and 5) in one SSID ?

alfred998

I have a RB750Gr3 running CAPsMAN and two cAP ac with a main and guest SSID. This is the configuration in CAPsMAN, but both SSID-s work on 2.4G only /caps-man configuration add datapath.bridge=guest-bridge mode=ap name=guest security.authentication-types=\ wpa-psk,wpa2-psk security.passphrase=passwo...

alfred998

I have been using port isolation for a while, but recently i was wondering about something.
IP scans dont show any equipment which are not allowed, but Wake on Lan via AnyDesk could still be communicating.
Can someone confirm if all traffic is blocked, or only certain layers ?

alfred998

I cant make many tests because I am not supposed to upload to this website, but if you check the old config there are no queues there. No filter rules at all either though. I think it shows the problem doesn't come from drops in filter rules. And whatever it is, fasttrack helps it through. I bet tha...

alfred998

Basically yes. If I remember correctly, back then I returned to the old Zyxel. Almost a year later I got a RB750Gr3 which had fasttrack enabled by default and I mostly left it alone except one or two tests with queues. Uploads to this website were fine so I blamed the old RB750, although I suspected...

alfred998

I just meant the filter rules, and actually there were none. This is the config at the time viewtopic.php?f=2&t=140978&p=695200#p695200. This was the old RB750 and the current one is RB750Gr3, but both should be able to handle it

alfred998

If I cant find the reason, I suppose I can fasttrack only the IP-s that use this website

alfred998

I thought about it later that I should have posted the firewall rules. These are the current ones: 0 D ;;; special dummy rule to show fasttrack counters chain=forward action=passthrough 1 chain=input action=accept connection-state=established,related,untracked 2 chain=input action=drop connection-st...

alfred998

I have a guest wireless on capsman with datapath=guest-bridge where I apply a bandwidth limit with simple queue : 0 name="WiFi Guests" target=guest-bridge parent=none packet-marks="" priority=8/8 queue=default-small/default-small limit-at=0/0 max-limit=4M/4M burst-limit=0/0 burst...

alfred998

Hi, absolutely not the LAN side. Both scans are from outside.
The drop rules didnt register much activity from the first location scans. They register a dozen packets when scanned from nmap client2

alfred998

Thanks, I am tending towards your explanation. I tried scanning from a nmap "client" No.2 and it doesn't show opened port 53. Sniffer on port 53 shows a lot of communication between ether1 and my ISP DNS (i removed if from the sanitized config), and 8.8.8.8, but I don't see any ether1:53. ...

alfred998

Someone locked this discussion https://forum.mikrotik.com/viewtopic.php?f=2&t=144952&p=808745#p808745 (silly if you ask me) So I will reiterate the issue here: Brand new router brought from the ISP, loaded default config and used Quick Set. Then added capsman and few small things. Sanitized ...

alfred998

Sorry but i have to concur with marko. Default config with drop 53 added : 0 ;;; defconf: accept established,related,untracked chain=input action=accept connection-state=established,related,untracked 1 ;;; drop udp 53 chain=input action=drop protocol=udp in-interface-list=WAN dst-port=53 2 ;;; drop ...

alfred998

I find these answers unsatisfactory and I will report to the highest forum authorities. Jokes aside, I have worked with Cisco VPN on the client side and issues like this never came about. I had access to their local network and was automatically disconnected after 30min idle. My WAN was routed norma...

alfred998

Hi, I had already found the Use default gateway on remote network, but i can do this in the PC I am testing the VPN. I can not ask every user to do it, they aren't that flexible.
Is there a way to set it on the VPN configuration on Mikrotik ?

alfred998

Yes, please do

alfred998

Hi, I wanted VPN connections to my router to drop after 15min idle and when this didn't happen, noticed that all traffic in the remote PC was being routed through VPN. Hence no idle. This how I set up the VPN profile : 1 name="l2tp-profile" local-address=192.168.2.1 remote-address=l2tp-poo...

alfred998

After observing this a bit longer, I think there is a memory leak in Dude. Dude RAM.png The first 12h after a reboot, RAM usage is almost constant. After that starts a sharp increase that tops at around 65% (of my 256MB) 2.5 days later. This happens when dude is active and is not affected by network...

alfred998

OK thanks, Would have been interesting to take a look

alfred998

Is the dude source code provided somewhere ?

alfred998

Actually this works fine. Since I set the slave config, i restarted the hEX and I see the guest network now

alfred998

I have a wAP ac and a cAP ac managed by CAPsMAN in hEX (RB750Gr3). In CAPsMAN I have two configs, conf1 with the main wireless for 2.4 and 5GHz, and conf2 for guest's network, but right now only conf1 is being used. Is there a way to serve two SSID's with CAPsMAN, without separating 2.4 and 5GHz ? /...

alfred998

Found it [oid("1.3.6.1.4.1.14988.1.1.3.11.0")]°C

alfred998

I am using dude and [oid("1.3.6.1.4.1.14988.1.1.3.10.0")]°C gives the temperature on ROS devices. My CSS326 with SWOS 2.10 does have a temp sensor but I am not sure SNMP reports it, or I cant fint its OID

alfred998

No as i said the RB750Gr3 normally uses around 40Mb of RAM without dude. Once dude is activated the router uses ~160MB of RAM out of its 256 total. Is this to be to be expected or is it my configuration ..

alfred998

Can someone confirm with his system. Most Mikrotik routers have far less than 256M RAM, so how would they manage..

alfred998

I have installed dude on an external sd card of a RB750Gr3 with 256MB of RAM. Normally the router has 217MB free but with dude enabled for a day or so, free RAM drops to 90-120MB. Is this to be expected ? There is one network map with ~20 devices, SNMP, 4-5 services each. Links are configured for ea...

alfred998

Yes, did that. I understand that devices take priority over link labels, but the links themselves, being simple lines, shouldn't cover labels where you can see the device network usage.

alfred998

I've placed several images in disk1/dude/files, and although they appear when connecting to dude with a full user, a read user cannot view them on the map. Actually i think the read user cannot view any images

alfred998

In my map the links (lines between computer and switch) cover label, so that I have to click on that specific link to see at what speed the computer is communicating. Is there a way do determine the showing order so label is above the link line ?

alfred998

Disabling fasttrack enabled made the queues effective: 7 X ;;; defconf: fasttrack chain=forward action=fasttrack-connection connection-state=established,related log=no log-prefix="" I also should have mentioned that while doing speed tests at 20/20M, the bandwidth reported at queue for tha...

alfred998

I am trying to configure bandwidth limits, but smth isn't working [admin@Mikrotik] > queue simple print Flags: X - disabled, I - invalid, D - dynamic 0 ;;; Test name="T-test" target=192.168.1.36/32 parent=none packet-marks="" priority=8/8 queue=default-small/default-small limit-a...

alfred998

Can I update my switch or I need to phone for specialist???

It's quite a simple procedure and takes 30 seconds. Still you should read carefully what has changed between your version and the new one, and if there are any known bugs that might be a problem to you in the new version.

alfred998

CSS326 Same issue as a few others here Current Installed Version 2.9 (built at Mon Jan 07 2019 12:05:03 GMT+0100 (Central European Standard Time)) Latest Available Version 2.9 (built at Mon Jan 14 2019 07:49:36 GMT+0100 (Central European Standard Time)) https://imgur.com/n6OJHu7 Tried manual upgrade...

alfred998

it's the latest, 6.44.2, RB750Gr3

alfred998

For some reason I still get stuck at status: connecting.. Maybe a configuration problem on my side ? https://i.imgur.com/zXEJlxa.png Same with 207.32.194.24 and both time out on ping although I havent tried a test in the last 24h This is my firewall config (newbie alert) /ip firewall filter add acti...

alfred998

Yes I was able to test with 207.32.194.24. I was asking about 87.121.0.45

alfred998

Is it still active ? i am getting stuck at 'connecting..'
Ping works

alfred998

Mystery solved, thanks.

(Mine has 64MB RAM and 128MB HDD, but the port speed shouldnt change)

alfred998

Hello, Behind it says RouterBoard 750, but not much else. The ports are 100Mbps, so I guess it is the RB750 (no letters). It also has 64MB RAM, MIPS 24Kc V7.4 @400MHz CPU, and 128MB HDD. Board Name is RB750. I searched in https://mikrotik.com/product/ using the 'archived' filter, but I dont see it h...

alfred998

Can you link any documentation for it, specs ? If you search for RB750 you find only newer models

alfred998

I've looked everywhere but dont seem to find documentation for this. Is the model simply RB750 ? RB750GL ? Would like to know if ports are 100/1000 [admin@MikroTik-01] > system resource print uptime: 13m version: 6.44.1 (stable) build-time: Mar/13/2019 08:38:51 free-memory: 42.4MiB total-memory: 64....

alfred998

I havent done many changes to the default config i think.. (pls let me know if you have any other suggestion after seeing the conf) # oct/30/2018 09:24:13 by RouterOS 6.43.2 # software id = IXVJ-8FF3 # # model = 750 # serial number = 467704CDB000 /interface bridge add name=bridge1 /interface etherne...

alfred998

Yes it is one of the clients in the LAN.

alfred998

My old Zyxel (NBG-416N) has no issues connecting to this particular website that uses a Comodo Multi Domain SSL certificate. But after I changed to MikroTik RB750, uploads to the platform were particularly slow, sometimes even failing with the message: Sorry, error occurred on uploading your file. [...

alfred998

Try setting the ether1 speed manually (not Auto Negotiation) in Interfaces/Ethernet/(ether1)/Ethernet, and do the same at the other side at whatever is connected to ether1

alfred998

I have a RouterBOARD 750, and I am unsure of the exact model. Is there a way to search for the model using the S/N ?

I also have lost the power supply so i cant turn it on for the moment.

alfred998

It's confirmed. The reason was a wrap around at 4GB because of a 32bit variable for the counters. In SwOS 2.8 it becomes 64bit and the counters make sense now.
This was really helpful.

alfred998

How do I use SNMP to connect to SwOS ?

I was on SwOS 2.0 until now, and just upgraded one of the switches to 2.8. I will report back if the counter goes indeed beyond 4GB now.

Thx to all, I didn't think this would be solved.

alfred998

I'm reading these two here. Not sure if they are 32/64-bit.
If there is a wrap around at 4GB, it could explain it completely. Is there another way to keep an eye on traffic using SwOS ?

Traffic-2.png

alfred998

I cant make heads or tails of the stats (Rx Bytes and Tx Bytes) I get from my two MikroTiks CSS326-24G-2S. At first I couldn't explain some of the traffic in several ports and started to keep a record. Then according to my records, the traffic in some of the ports decreased from one day to the other...

alfred998

I have two CSS326-24G-2S+ with SwOS 2.0 My first attempt (a test) to create a VLAN worked fine. In Sw1 under VLAN, I set Port 19 with Default VLAN ID 2 (VLAN Mode: Optional, VLAN Receive: Any, Force VLAN ID: Unchecked). Under VLANs, I set a new VLAN with ID 2 , no Port Isolation, no Learning, no Mir...

alfred998

Hello,

I have a CSS326-24G-2S+RM with SwOS 2.0 and would like to limit all ports at 90% of bandwidth maximum, but cant seem to find where is it done, or if it is possible ..

Search found 59 matches