Community discussions

Search found 51 matches

  • 1
  • 2
by TheCiscoGuy
Thu Apr 11, 2019 4:44 am
Forum: General
Topic: Arp reply Only Issue - Complete/DHCP flags are not set on the ARP table
Replies: 5
Views: 377

Re: Arp reply Only Issue - Complete/DHCP flags are not set on the ARP table

I will set up a lab and test tonight on 6.44.1 and see if I can replicate the issue. I believe the arp is timing out and is only refreshed during the lease renewal. Typically, the DHCP lease is valid for 24 hours (default) and the arp timeout is 4 hours (default). I wonder if you reduce the dhcp lea...
by TheCiscoGuy
Thu Apr 11, 2019 12:23 am
Forum: Forwarding Protocols
Topic: Putting all routers on lo [SOLVED]
Replies: 2
Views: 434

Re: Putting all routers on lo [SOLVED]

It would work so long as each router has access to the same L2 broadcast domain. The bridge interface would run STP and would prevent any switching loops, the problem is the OSPF process would need to be a broadcast type which would cause a DR/BDR election. There would be a number of concerns I woul...
by TheCiscoGuy
Thu Apr 11, 2019 12:12 am
Forum: Forwarding Protocols
Topic: VLAN - best practice?
Replies: 9
Views: 1115

Re: VLAN - best practice?

Due to the nature of bridges, I always put the vlans on the physical interfaces then create a bridge for each vlan, I don't rely on the bridges switch logic for vlan filtering (and I believe it is disabled by default anyways). That method is only for the CCR platforms though which is why I asked.
by TheCiscoGuy
Wed Apr 10, 2019 5:13 am
Forum: General
Topic: ACK number block
Replies: 2
Views: 230

Re: ACK number block

Maybe I miss understand the question, but since there is nothing to acknowledge on an embryonic TCP session, the ack number should always be 0 at the start of the handshake
by TheCiscoGuy
Wed Apr 10, 2019 4:31 am
Forum: General
Topic: Issues with internal traffic not getting NATed
Replies: 21
Views: 1029

Re: Issues with internal traffic not getting NATed

It is not recommended to use masquerade when using multiple WAN interfaces for failover. It is recommended to use src-nat instead. This is related to the way the connections table is built (and purged) when using a masquerade. If you have a packet capture of the traffic to evaluate that would be nic...
by TheCiscoGuy
Wed Apr 10, 2019 4:24 am
Forum: Beginner Basics
Topic: Bridge interface not showing traffic [SOLVED]
Replies: 18
Views: 1200

Re: Bridge interface not showing traffic [SOLVED]

Honestly this sounds like a misconfiguration. It seems that you are trying to use the CCR in the same manner as a traditional routerboard style device. Can you provide your configuration?
by TheCiscoGuy
Wed Apr 10, 2019 12:28 am
Forum: Forwarding Protocols
Topic: BFD shows as down, not transmitting
Replies: 2
Views: 451

Re: BFD shows as down, not transmitting

Can you check to ensure there is an ARP and route entry for 103.xxx.yyy.21
by TheCiscoGuy
Wed Apr 10, 2019 12:24 am
Forum: Forwarding Protocols
Topic: VLR and MP-BGP
Replies: 1
Views: 352

Re: VLR and MP-BGP

Well, the mikrotik CRS can do all of those features, but please note that the CRS line is more a switch than a router, when configured for routing a large performance drop will be taken. I would recommend looking at the manual though and if you need the performance (10GE and beyond) look at the CCR ...
by TheCiscoGuy
Wed Apr 10, 2019 12:15 am
Forum: Forwarding Protocols
Topic: OSPF(v2 andv3) nssa: only one role translator?
Replies: 2
Views: 323

Re: OSPF(v2 andv3) nssa: only one role translator?

One thing to note, if you are (judging by the diagram provided) using OSPF for dynamic routing to the CE and wish to use OSPF NSSA to effectively inject a default route to the CE, a better option would be either to create a new OSPF process which only advertises a default or even better use BGP
by TheCiscoGuy
Wed Apr 10, 2019 12:13 am
Forum: Forwarding Protocols
Topic: OSPF(v2 andv3) nssa: only one role translator?
Replies: 2
Views: 323

Re: OSPF(v2 andv3) nssa: only one role translator?

According to RFC 3101, Sectio 3.1 there is a concern by the author that multiple NSSA borders performing LSA-7 to LSA-5 translations would cause excessive numbers of type 7 translations resulting in increasing the LSDB unnecessarily. It does not say that the act of prohibiting multiple translators i...
by TheCiscoGuy
Wed Apr 10, 2019 12:03 am
Forum: Forwarding Protocols
Topic: Redundancy between two interface in the same Router
Replies: 1
Views: 393

Re: Redundancy between two interface in the same Router

There are a few ways to do this, I will try to explain a few from easiest to most difficult: 1. Floating Static Create a default route to ISP1 with a default distance (1) Create a default to ISP2 with an increased disance (>= 2) This method will ensure the lowest distance route will be injected firs...
by TheCiscoGuy
Tue Apr 09, 2019 11:53 pm
Forum: Forwarding Protocols
Topic: OSPF - Single to Multi Advise
Replies: 1
Views: 335

Re: OSPF - Single to Multi Advise

Multiple area OSPF gives some advantages in large scale deployments, or in some scenarios where multiple branch offices exist. I don't think your network as described would benefit unless you are experiencing convergence issues.
by TheCiscoGuy
Tue Apr 09, 2019 11:45 pm
Forum: Forwarding Protocols
Topic: BGP Filter Cisco/Mikrotik
Replies: 1
Views: 318

Re: BGP Filter Cisco/Mikrotik

Short answer to a long explanation is that yes you can filter on Cisco and Mikrotik and share communities between them. I would reference the following from the mikrotik manual: https://wiki.mikrotik.com/wiki/Manual:Routing/Routing_filters This walks you through the various attributes you can change...
by TheCiscoGuy
Tue Apr 09, 2019 11:35 pm
Forum: Forwarding Protocols
Topic: VLAN - best practice?
Replies: 9
Views: 1115

Re: VLAN - best practice?

What device model is this on?
by TheCiscoGuy
Mon Jan 14, 2019 6:31 pm
Forum: Forwarding Protocols
Topic: pppoe with ospf [SOLVED]
Replies: 4
Views: 571

Re: pppoe with ospf [SOLVED]

You shouldn't route your customers services via ospf. Use iBGP. Since he is currently using static routes, he is not pulling the entire routing table and will not likely overrun the prefix limit with ospf. The question at hand was functional and without further information you can not make the stat...
by TheCiscoGuy
Mon Jan 14, 2019 10:53 am
Forum: Forwarding Protocols
Topic: pppoe with ospf [SOLVED]
Replies: 4
Views: 571

Re: pppoe with ospf [SOLVED]

PPPoE is a layer 2 protocol, so long as your OSPF instance is configured properly and your BNG/RAS/Concentrator can route to the OSPF infrastructure (and vice versa) then yes.
by TheCiscoGuy
Mon Jan 14, 2019 10:50 am
Forum: Forwarding Protocols
Topic: Change default OSPF area
Replies: 5
Views: 496

Re: Change default OSPF area

You wanted to have 2 instances running in the same area? Or you wanted the same area id used for different instances? Basically, the named area "backbone" is more like an alias, the cli does not check to ensure that there is instance separation for the alias. You can use area 0 (0.0.0.0) and call it...
by TheCiscoGuy
Mon Jan 14, 2019 10:37 am
Forum: Forwarding Protocols
Topic: 6.4x OpenVPN + OSPF trouble
Replies: 8
Views: 2094

Re: 6.4x OpenVPN + OSPF trouble

Just a thought, but there are 2 modes to set openvpn to, ethernet and ip. the ip setting creates a tun interface and will not allow the multicast to forward, ethernet on the otherhand creates a tap which does. If you are in ip mode, try setting the network-type to nbma and specify the peers, or chan...
by TheCiscoGuy
Mon Jan 14, 2019 10:25 am
Forum: Forwarding Protocols
Topic: Export BGP Filter
Replies: 5
Views: 512

Re: Export BGP Filter

Can you provide the routing table, export on the filter from the IX router "IX-OUT", and provide the destination you are attempting to traceroute to
by TheCiscoGuy
Mon Jan 14, 2019 10:12 am
Forum: Forwarding Protocols
Topic: OSPF and default routes. [SOLVED]
Replies: 3
Views: 551

Re: OSPF and default routes. [SOLVED]

There are 2 concepts you can use: 1. distribute default Install a default static route (or receive one from your upstream provider via DHCP/PPP etc) Modify the OSPF instance on the R0 router to include the following: /routing ospf instance distribute-default=if-installed-as-type1 default (assuming y...
by TheCiscoGuy
Mon Jan 14, 2019 9:47 am
Forum: Forwarding Protocols
Topic: iBGP and eBGP
Replies: 3
Views: 583

Re: iBGP and eBGP

Firstly, lets define terms, there is distance and cost. The distance is a priority value of sorts associated with the protocol, the cost is a value associated with path selection within the protocol. You are 2/3s correct with respect to the values: 1. iBGP = 200 2. eBGP = 20 3. OSPF = 110 These valu...
by TheCiscoGuy
Mon Jan 07, 2019 9:42 am
Forum: Forwarding Protocols
Topic: OSPF Database error
Replies: 10
Views: 1022

Re: OSPF Database error

This exactly matches a client issue I had a while ago. Is this a UBNT link? Try changing the OSPF network type on both sides to point-to-point. Please note, this will drop the adjacency so if you do not have redundancy to connect to the far side without this link, do the remote side first. If this i...
by TheCiscoGuy
Sun Jan 06, 2019 10:31 am
Forum: Forwarding Protocols
Topic: OSPF without area 0
Replies: 13
Views: 2143

Re: OSPF without area 0

FYI, if all routers belong to the same area, it does not need to be area 0 (backbone). It is not recommended to use OSPF in this way mostly because you may run into scaling issues in the future. You should always ask should you not can you. I would put all routers in the backbone and be done with it...
by TheCiscoGuy
Sun Jan 06, 2019 10:30 am
Forum: Forwarding Protocols
Topic: OSPF without area 0
Replies: 13
Views: 2143

Re: OSPF without area 0

* messed up *
by TheCiscoGuy
Sun Jan 06, 2019 5:31 am
Forum: Forwarding Protocols
Topic: OSPF Database error
Replies: 10
Views: 1022

Re: OSPF Database error

Can you show the same information on 172.17.36.21, I want to see if there is a network type mismatch on that segment
by TheCiscoGuy
Sun Jan 06, 2019 5:10 am
Forum: Forwarding Protocols
Topic: BGP ignores local pref
Replies: 4
Views: 711

Re: BGP ignores local pref

I wonder if they just flipped the rule or something in the code, very odd. I wonder if this exist on the other families in the same way (ie ipv6 unicast or l2vpn) or just the vpnv4....in any event this seems like it needs a bug report filed
by TheCiscoGuy
Sun Jan 06, 2019 4:58 am
Forum: Forwarding Protocols
Topic: BGP/OSPF interaction weiredness (simple lab setup)
Replies: 5
Views: 565

Re: BGP/OSPF interaction weiredness (simple lab setup)

Can you provide the bgp config for router 2
by TheCiscoGuy
Sun Jan 06, 2019 4:43 am
Forum: General
Topic: Feature Request - Layer2 bonding hash policy modification to include MPLS label
Replies: 0
Views: 266

Feature Request - Layer2 bonding hash policy modification to include MPLS label

The following is a simple diagram of the network in question LSR -> Mikrotik CRS-305 -> 2 x 1G uW bonded -> Mikrotik CRS 305 -> LSR The topology includes 2 1Gbps microwaves connected using a bond on 305's, the LSRs are connected via 10G to the 305. The goal is to increase throughput past 1G between ...
by TheCiscoGuy
Sat Jan 05, 2019 7:59 am
Forum: Forwarding Protocols
Topic: BGP ignores local pref
Replies: 4
Views: 711

Re: BGP ignores local pref

Very complete detailed explanation of the problem, can't thank you enough for that. These routes are being learned from the same BGP instance correct?
by TheCiscoGuy
Sat Jan 05, 2019 7:51 am
Forum: Forwarding Protocols
Topic: public network lose connection with public server
Replies: 1
Views: 326

Re: public network lose connection with public server

I would like to dig around on this a bit, I have a few ideas. You are indicating that the customer has a server which uses PPP to communicate to a server you host, when the customer experiences a service interruption, the PPP session does not establish? Or it does establish but the communication is ...
by TheCiscoGuy
Sat Jan 05, 2019 7:38 am
Forum: Forwarding Protocols
Topic: Device IP alias with VPN
Replies: 1
Views: 338

Re: Device IP alias with VPN

This is due to either a firewall on one of the router boards or on the server itself. If you can ping from one local subnet to a remote subnet then routing is functioning and your issue exists higher up on the OSI model (IE Layer4)
by TheCiscoGuy
Sat Jan 05, 2019 7:35 am
Forum: Forwarding Protocols
Topic: Real IP Static Route is Not Active in ccr1009-7g-1c-1s+
Replies: 2
Views: 456

Re: Real IP Static Route is Not Active in ccr1009-7g-1c-1s+

Does the gateway have a valid arp entry? Also, show the routing table for more info
by TheCiscoGuy
Sat Jan 05, 2019 3:55 am
Forum: Forwarding Protocols
Topic: Please help me get my ARK server working
Replies: 1
Views: 327

Re: Please help me get my ARK server working

permit your protocol and ports required for the game in the filter section of the firewall, make sure the new rule is at the top of the list
by TheCiscoGuy
Sat Jan 05, 2019 3:39 am
Forum: Forwarding Protocols
Topic: BGP Over GRE-- HOLD Timer Expired Subcode Zero
Replies: 8
Views: 961

Re: BGP Over GRE-- HOLD Timer Expired Subcode Zero

Can you export your firewall settings just for clarification on both devices? You are right, router A is not receiving keepalives from router b starting the clock on the dead timer
by TheCiscoGuy
Sat Jan 05, 2019 3:34 am
Forum: Forwarding Protocols
Topic: RIPV2 over PPTP problems
Replies: 1
Views: 322

Re: RIPV2 over PPTP problems

I don't think PPTP supports multicast
by TheCiscoGuy
Sat Jan 05, 2019 3:10 am
Forum: Forwarding Protocols
Topic: BGP practice
Replies: 14
Views: 1652

Re: BGP practice

First check with a looking glass to make sure you are prepending the prefix from the perspective of the internet enough. Some peerings require more than a few times to get the desired effect. The second thing you could do is just change the local preference on the default being advertised via ISP2 t...
by TheCiscoGuy
Sat Jan 05, 2019 3:04 am
Forum: Forwarding Protocols
Topic: OSPF Database error
Replies: 10
Views: 1022

Re: OSPF Database error

Also check the remote side priority, since network statement is broadcast, I bet you are having a DR issue. You can post the remote side configuration here so we can all take a look. If the priority is set to a non-default value, try setting it to the default. Also, how many OSPF speakers are on thi...
by TheCiscoGuy
Sat Jan 05, 2019 2:56 am
Forum: Forwarding Protocols
Topic: MPLS with OSPF unable to get Router 2 to work with Internet
Replies: 11
Views: 711

Re: MPLS with OSPF unable to get Router 2 to work with Internet

Can you provide the output of the following from both routers in question:
/ip route print detail
/mpls forwarding-table print detail
/ip address print detail
/ip firewall export
by TheCiscoGuy
Fri Jan 04, 2019 7:58 pm
Forum: Beginner Basics
Topic: Combine 2 ISP and use IP Public
Replies: 3
Views: 360

Re: Combine 2 ISP and use IP Public

Have a look at these documents for reference https://wiki.mikrotik.com/wiki/Manual:PCC PCC allows for connections to flow across multiple WAN interfaces Here is the document for configuring VLANs https://wiki.mikrotik.com/wiki/Manual:Interface/VLAN If you are not familiar with Mikrotik platforms, or...
by TheCiscoGuy
Fri Jan 04, 2019 7:50 pm
Forum: RouterOS v7
Topic: Feature Request: OSPF Cost Changes Without Adjacency Loss
Replies: 10
Views: 3043

Re: Feature Request: OSPF Cost Changes Without Adjacency Loss

Problem still exists, more-over it restarts the BFD session too. This is a pretty lazy way of handling a simple cost change.....mikrotik please add a feature request to the development cycle. I hope it doesn't come back to the RouterOS7 unicorn.....
by TheCiscoGuy
Mon Sep 03, 2018 7:42 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request: TACACS/TACACS+
Replies: 35
Views: 8088

Re: Feature Request: TACACS/TACACS+

At least disable the local users if AAA is configured and reachable. TACACS would be nice, but the current radius is functional, just doesnt disable local accounts.
by TheCiscoGuy
Mon Sep 03, 2018 6:36 pm
Forum: Beginner Basics
Topic: Hap MINI Configuration
Replies: 2
Views: 332

Re: Hap MINI Configuration

Which interface into the hap are you connected (ensure you are NOT connected to the INTERNET interface)
by TheCiscoGuy
Mon Sep 03, 2018 8:24 am
Forum: General
Topic: Strange Routing Issue
Replies: 6
Views: 599

Re: Strange Routing Issue

Interesting signature, action is permit log=yes, however, torch was one of the first tools I used to diagnose the issue and it showed traffic (as expected) from the inbound interface, but nothing on the egress. I am setting up a similar, simplified, scenario in GNS3 this week and will continue to te...
by TheCiscoGuy
Sun Sep 02, 2018 5:47 pm
Forum: General
Topic: SSH CLI Failed
Replies: 1
Views: 230

Re: SSH CLI Failed

Use set instead of edit when making changes to commands if you are having issues with your emulator. There are times I have to use my mobile to assist clients, and I use JuiceSSH
by TheCiscoGuy
Sat Sep 01, 2018 8:59 pm
Forum: General
Topic: Strange Routing Issue
Replies: 6
Views: 599

Re: Strange Routing Issue

I have attached the output of log files showing that this traffic passes prerouting, forward, and postrouting rules and the inbound/outbound interfaces are correct (redacted) 10:55:25 firewall,info prerouting: in:ether6.2000 out:(unknown 0), src-mac X:X:X:X:X:X, proto TCP (SYN), X.X.1.9:12345->X.X.2...
by TheCiscoGuy
Sat Sep 01, 2018 8:51 pm
Forum: General
Topic: Strange Routing Issue
Replies: 6
Views: 599

Strange Routing Issue

- A Site Core router (CCR-1036) acts as a PE for the EIT VRF with 1 peer (CCR-1016). A second BGP instance is configured to facilitate the route advertisement from the CE, that instance is a member of the EIT vrf and is sending default information (if exists) - The site router is configured to redis...
by TheCiscoGuy
Sat Sep 01, 2018 8:15 pm
Forum: General
Topic: remotely manage MT's
Replies: 4
Views: 684

Re: remotely manage MT's

If you have a full mikrotik routed topology between the remote CPE's and the router that hosts them, then I would look into RoMon. It provides a layer 2 interface hosted from the edge mikrotik. You would then be able to open a winbox session from the site router to the CPE device. It does require di...
by TheCiscoGuy
Wed Aug 15, 2018 11:53 pm
Forum: RouterBOARD hardware
Topic: S+RJ10 and Jumbo Frames
Replies: 10
Views: 2749

Re: S+RJ10 and Jumbo Frames

+1, why would jumbo frames not be supported on a 10G capable interface....
by TheCiscoGuy
Fri Jun 22, 2018 8:57 am
Forum: Forwarding Protocols
Topic: VRF Management
Replies: 5
Views: 1740

Re: VRF Management

You can do some very hack-ish trick with mangle rules to get it to work. Unfortunately thats how I have to do it, but Mikrotik has stated numerous times in the forums that this will likely not be a feature in RouterOS v6, which is upsetting. It would be nice to have vrf aware services like aaa (taca...
by TheCiscoGuy
Fri Jun 22, 2018 8:54 am
Forum: Forwarding Protocols
Topic: Routing between two Networks
Replies: 1
Views: 411

Re: Routing between two Networks

In the wiki section, there is an entry to setup an IPSec tunnel. Your Cisco RV320 will support what is called a site-to-site (or lan-to-lan) VPN. You can limit the vpn to a single IP on one side and the WAN2 LAN segment on the other, then filter via firewall filter rules. https://wiki.mikrotik.com/w...
  • 1
  • 2