MikroTik

G00dm4n

I am interested if in near future we will have something as UUID on config lines and log state of those. This may provide possibilities for future modular setup where admin can add and remove bunch of rules with activating some module or the things can be managed automatically by event or condition....

G00dm4n

Hi Gents, I am thinking... can we have something like ports list or services lists (some services use more than one port). The point is this values can be used in scripting or so. The best option will be list that can be loaded with predefined variables and option to be changed or possibility to add...

G00dm4n

Hi guys! I have a bit peculiar question, but just recently I have realized that my CCR2004-12S-2XS do not have any USB. Not that is too much of a problem nut I was thinking to run PiHole or AdGuardHome in docker there or at least some proxy /reverse proxy service. Planning this I would like to have ...

G00dm4n

Still no NGFW functions... this is causes serious client drift to Sophos/pfSense/Fortigate....
Can this be fixed???

G00dm4n

Does MT have any plans to create a loadable modules or snippets that can do DPI with TLS 1.2/1.3 screening and something like list of predefined App and Services patterns that can be used to do quicker FW filtering???

G00dm4n

Hi Guys,

I do not know if I do something wrong but I cant get to graphs & webfig (even this) on my CCR1009 after upgraded to 7.1b4.
Does any one have similar issues?

G00dm4n

Hey guys, I see a lot of things can be run over Raspberry Pi. Why not provide options for plugin module which can use some Raspberry Pi for additional options like DPI, additional compute power for traffic analyse or more advanced scripting which corresponds with RouterOS scripts? This may give chan...

G00dm4n

Up (+1) :-)
Yeah I have moved from CRS210 to CRS610 and was surprised by the SwOS.
I would love to see 310/410 or etc (with maybe more than 2 SFP+)...
Also will be happy if I see 610 with RouterOS.

G00dm4n

Can we expect in the future something more serious as SSL and DPI implementation in the future? Also will be good if there's a service for providing verified filtering lists. I am using currently L7-filtering + ADBlock script + DNS static addresses + Umbrella DNS. I come across this as see L7 filter...

G00dm4n

... you don't need to replace the CRS2xx right now, it is enough to configure the VLAN handling on the switch chip. The right choice depends on the comparison of the price of your time to the price of the new switches. Time is always priceless! You can earn money, but not time. But if you get more ...

G00dm4n

Huh, Sorry fellas! I have felt victim on my own disinformation - i have forget to look the specs of CCR210-8G-2S+. They do not support HW offload for VLANs and this is what was affecting the performance. There a way this to be partially avoided with Switch chip configuration, but this will bring fut...

G00dm4n

If the PC and the NAS discussed above are normally in different IP subnets, it means that the traffic between them must run through the CCR in order to be routed. If the two devices are normally in the same IP subnet, you could connect the switches to each other directly (and only one of them to th...

G00dm4n

What I was actually interested in was the other part of my post - whether the PC to NAS traffic is bridged via the CCR (or possibly even routed through it if the PC gets its IP from a DHCP server) or whether it can bypass it when the PC and the NAS are connected to different CRS. Consider CCR is De...

G00dm4n

This is not a bridge port.......... /interface bridge port add bridge=bridge-LAN interface=ether3 add bridge=bridge-LAN interface=ether4 add bridge=bridge-LAN interface=ether5 add bridge=bridge-LAN interface=ether6 add bridge=bridge-LAN interface=ether7 add bridge=bridge-LAN interface=ether8 add br...

G00dm4n

What is not clear from your OP (at least to me) is the L2 and L3 topology. Since you wrote now that the PC can be connected to the same CRS like the NAS, I assume the PC and the NAS are in the same subnet and (V)LAN, so the traffic between the two is a pure L2 one (need not be routed by the CCR), p...

G00dm4n

You might want to post your config on the crs210 devices. If you are hitting the cpu, then that would explain the ~300Mbps cap. Yeah I was looking for this too. But I did not changed the config of those devices for a year. Here it is: # jan/04/2021 16:00:18 by RouterOS 6.47.4 # model = CRS210-8G-2S...

G00dm4n

I think before my systems was on 6.46.5, but since this all start with try to move to 7.1 beta... i moved to most updated stable firmware after the beta have failed. Maybe worth downgrading back there. The test shows that when my PC is on same switch with the NAS (CRS328) then I can achieve 112-114M...

G00dm4n

Hi Gents, Seems I have strange issue which to be started after I'd upgraded to 6.48. I have small home network containing CCR1009-7G-1C, 2x CRS210-8G-2S+ and CRS 328P-4S+. The CCR is the main router and GW. Anyway - worth mentioning all links are 1Gb or 10Gb. The CCR provides internet to all through...

G00dm4n

Did you manage it?
Do you still need some help?

G00dm4n

Well,
I have changed the SFPs with Mikrotik ones but I still cannot set them to work on 100MB.
This makes connecting some legacy devices problematic and seems to be an issue - not all legacy devices can be changed due our liking.
Please advice if there's solution for this issue.

Regards, G00dm4n

G00dm4n

What about this solution? :
viewtopic.php?t=126351#p689180

It's so-so... solves the issue but in peculiar way.

G00dm4n

and sorry I couldn't resist ... let be god a G00dm4n Well I really did not check TR069. And probably more similar products exist. I think MT wants to grow, and have only open source solution which have to be tuned is not enough. Logical answer for this is the CAPsMAN itself - could be used just ano...

G00dm4n

Hi gents, I was looking some of the competitive products and think Mikrotik have an amazing configuration provisioning tool - CAPsMAN. But maybe this can be extended in the future with abilities to provision configuration to any available Mikrotik device - switch, router, firewall and APs. Yes this ...

G00dm4n

I finally have CCR 2004 in my hands and did some tests. The device is pretty neat and really silent while working with load up to 10%. The fans not running at all and just sometimes they go for few seconds. Noise is under 36dbm. Maybe have to check in more hot environment and higher load. There's ot...

G00dm4n

First of all - sorry for your troubles. As a fellow admin - I can feel your pain. How we can help you without knowing your switch configuration and setup? What is connected, how, what brand stays from other side of the link. Can you give more details and send the config? There are issues even betwee...

G00dm4n

Hi Gents, I've tried to use Cisco GLC-T SFP's with the new CCR 2004 and faced some issues. The Cisco GLC-T are compatible with Mikrotik routers (I have read it somewhere) and they should be able to work on 10/100/1000. No issue if I set them to 1Gb or use it with auto and 1G link, but they not work ...

G00dm4n

Thanks,

I will do some testing when I have time.
In this funny times I have been summoned to join with my team.
After listening that we will start probably at September or so I was requested to join in few days.
Have to put on hold some of my projects for a while.
Will reply ASAP.

G00dm4n

Hi TomFisk, I see your point. Maybe you can help me to do step-by-step list what and how to use your methid with SELKS. As you pointed additional components in SELKS really add lot of load. I am also interested to use minimum install - just Suricata + necessary interfaces so this can be implemented ...

G00dm4n

Hi guys, I find here some info for using Suricata IDS/IPS with Mikrotik. I also found there's a good build from Stamus Networks who is good and stable - SELKS. Can someone post more straight and updated manual of using Microtik together with SELKS5 or SELKS6 RC1. I prefer we get straight to latest -...

G00dm4n

Thanks archerious!
I was just thinking if worth upgrading CCR1009 to CCR2004.
With this noise data I can think if will fit in my place and if I would have any noise to deal with.
This is really helpful info.
I hope Mikrotik to start adding this info too.

Best regards!

G00dm4n

Hi Gents,

Just asking if anyone of you can share some info for the noise factor of some of the routers.
First and most I am interested of the newest CCR2004.
Also will be good if someone post for CCR1016, 1036 and 1072.
Thanks in advance.

G00dm4n

I was doing some tests and face same issues.
The question is when will be issued next version/build

G00dm4n

Hi Gentleman, I think is time to put some effort over such basic functionality as portswitch port security. In general this is what mac-learning+mac-binding+interface-set can do together and in addition have to recognize associated MAC address in the table by the originated interface. Well I know th...

G00dm4n

Hi MutluIT (hope I recognise proper spelling), I know what is the backside of the port security by MAC and that this identity can be easily changed. However is basic security future in the enterprise networking - mostly because there other measures preventing changing the MAC and monitoring connecti...

G00dm4n

Hi Gents,
Sorry for this maybe stupid question but while i was dealing with request to set something I could not find something as a port security and limitation of MAC addresses per interface.
Can you guide me if I am missing something?

G00dm4n

Hi Gents, I am thinking if there are some chances of creating option similar to CAPsMAN which can propagate specific configurations via profiles to MT routers/switches in the network on its initial boot. My idea is that if this can be done its possible to have central configuration with files for ea...

G00dm4n

We would like to know our customer wishes and use cases on what kind of future LTE technology would be interested in? 1. Which LTE Category you are interested in most - CAT6, CAT7, CAT9, CAT11, CAT12, CAT16 or some other? 2. Which LTE bands and which Carrier Aggregation combinations should be suppor...

Search found 37 matches

Future for posibility of moidular setings

Any way to have defined PORTS/SERVICES List?

USB or M2 to CCR2004-12s-2xs

Re: Newsletter 104

NGFW App and SVC filtering?

Re: v7.1beta4 [development] is released!

CCR possibility for plugin card based on Raspberry Pi

Re: Successor to CRS210-8G-2S+ desktop switch?

Firewall filtering with L7 or DPI for certain content

Re: LAN speed issue

Re: LAN speed issue

Re: LAN speed issue

Re: LAN speed issue

Re: LAN speed issue

Re: LAN speed issue

Re: LAN speed issue

Re: LAN speed issue

LAN speed issue

Re: V.7 MULTIWAN from 2 LTE routers

Re: CCR 2004 compatibility with SFP 10/100/1000 modules.

Re: Future request - port security & mac-binding & mac limit

Re: Future request - Configuration propagation similar to CAPsMAN

CAPsMAN2 maybe we can have NETsMAN in the future

Re: CCR 2004 and other models fan noise

Re: Stop making customers lab rats

CCR 2004 compatibility with SFP 10/100/1000 modules.

Re: Suricata IDS/IPS integration with Mikrotik (now with OSSEC)

Re: Suricata IDS/IPS integration with Mikrotik (now with OSSEC)

Re: Suricata IDS/IPS integration with Mikrotik (now with OSSEC)

Re: CCR 2004 and other models fan noise

CCR 2004 and other models fan noise

Re: Modem doesn't work in LtAP LTE6 kit

Future request - port security & mac-binding & mac limit

Re: Do we have something like port security available???

Do we have something like port security available???

Future request - Configuration propagation similar to CAPsMAN

Re: Future of LTE products, user feedback requested