I haven't seen that problem in the USA. When my modem gets rebooted, the connection restores cleanly when the DSL modem is back online. Are you running the latest firmware on your DSL modem? Also, turn on the PPPoE debugging logs - see what the errors when it can't reconnect are. It may shed some li...
Simple. You don't put any IP addresses or services on the PPPoE interface. ether1 goes to your network, has your IPs, has the PPPoE IP space routed to it. ether2 points to the clients. It has one service running on it: a PPPoE server. No IP addresses, nothing. If someone doesn't authenticate with PP...
There's been a handful of threads discussing the lack of PPPoA support in RouterOS - mostly from the American side of the pond, DSL users, grumbling about the lack of PPPoA support. I can't say this will work with all DSL providers, since I only have one to test with, but I was able to get my Mikrot...
What conditions are you going to be operating under? The Routerboards have been quite solid down to well below zero in most people's experience. What size enclosure do you have, what devices are in it, what kind of insulation is available, what are expected high & low ambient temperatures, etc. ...
Ehm... Not really so much a "tool" as "interns." I have a particular antenna/pigtail combo that reliably provides a -50db signal from our office AP when on the bench oriented properly. "Plug the CM9 into the routerboard. Attach the pigtail to antenna port A. Power the board ...
What about them? Going through them? Going above them? You haven't really provided enough detail for anyone to give you a useful reply. What are you trying to do? And... most likely, the best way to find out would be to go and try it onsite. Rebar spacing differs, concrete construction/thickness/mat...
The 2.4 and 5ghz frequencies are high enough that the traces in the card work as an antenna. That, plus the UFL connector, is enough to 'spray' enough signal that you can connect them on the bench next to each other. 900mhz is a lower frequency, requires longer antenna lengths, and does not "sp...
First, make sure you're using routing-test instead of routing - there are some differences. System->Packages, enable routing-test, disable routing, reboot, add the OSPF stuff again. If you're still having problems, make a supout.rif & send it to support@mikrotik.com & give them information. ...
I would not suggest using a 112 as anything but a very simple AP. It doesn't have the memory to handle anything complex like PPPoE or Hotspot, and is rather fragile with OSPF running. 16MB RAM doesn't go very far, and if the free memory falls much below 1500k free, you'll start getting lockups or er...
What serial speed are you using? Right after "starting services..." is when RouterOS, if it decides to do so, will switch the serial port speed. On the RB532s, it's 115000 the entire time, but on RB200 series systems, I would have to switch serial speeds if I wanted to talk to it after thi...
NetEnforcer is used in addition to the MT - it's not a router, it just does a great job of monitoring traffic flow through it & limiting things. You can do the limiting/prioritization with MT gear, but the graphs/charts it creates are just incredible. They're expensive - several thousand $$ or m...
i need reports like these: --> Bandwidth usage in realtime (total and per IP and/or per MAC) --> Bandwidth usage for a period of time (per hour, per day, per month; total and per IP and/or per MAC) --> Total data trasfered (in, out & total) per ip, mac, group of ips --> Used ports (local & ...
Huh. I've never heard collateral used in that context before. I suppose the implied message with the sales stuff I wrote up is that a cheaper (Linksys, DLink, etc) router can't do most of that. For a home user, there's typically no need for a fancy router. If it's 3 computers accessing the internet,...
What is a [Your Router Name Here]? A [Your Router Name Here] is an incredibly flexible, high performance router that can help your business thrive. It's an industrial grade product - it's not like a cheap home router that causes more problems than it solves. In fact, our entire network at [Business]...
From the router, can you ping the DNS servers? From the router, can you ping domain names (as in, does the router do proper DNS lookups itsself)? What are the client DNS servers set to? Can the client systems ping the DNS servers? If so, can they do DNS lookups? If you set the DNS server on the rout...
I've been trying to get OSPF working over wireless links, and it works... sometimes. I'm running 2.9.27 on all the routers, and it works most of the time, but then fails and won't reconnect. I'm trying to generate supout.rif files for the support guys, but the systems seem to reliably crash when try...
What specific wireless cards are you using? With 5 wireless cards, even if they're CM9 or such, I'd be concerned about power consumption. I'm not exactly sure what the onboard DC converter can provide to the mini PCI slots, but I do know that more than 2 SR-series cards is too much for a RB500 serie...
I've got a CM9 & an SR9 in the same box. The CM9 is normally disabled because I don't have an antenna on it yet. I enabled it & watched the noise floor on the SR9. I didn't see any difference with the CM9 enabled/disabled. I don't know for sure if this proves anything, but it doesn't look li...
What are you looking to do? What's your environment? Starting a rural WISP with a single DSL feed and private IPs (NAT'd) when you have free access to silos/grain elevators in exchange for internet access isn't that expensive. Starting a multihomed business class ISP in a dense urban environment wit...
I've spent quite a while sorting out how to prevent lightening from taking out our switch ports. It got really, really old being up during every storm, ready to swap cables. We've finally found a solution that seems to work, and has weathered several very severe storms without frying any ports now. ...
Many things work properly when restoring a backup. IP addresses, routes, firewall rules, queues, etc. The major thing that doesn't work properly is the interfaces, especially wireless. You'll need to reconfigure the interfaces & assign IPs to each interface, but this is usually a lot easier than...
You want to use an IP phone connection to drive multiple analog phone-type devices? You'll need a FXS/FXO card for this to work - it creates the dial tone & such. I'm not sure if MT supports this or not - I've always seen Asterisk used for this. I'm not sure if this helps or not - I'm a bit fuzz...
At one location, I have an old piece of unused networking gear (livingston pm2). Super reliable in every way. Private IP number on it. Plugged into AC power without UPS. Primary purpose is so I can ping it. Monitoring it with nagios lets me know when the power is out. That's disturbingly simple/rel...
Is there an easy way to use the serial port on a RB532 to monitor AC voltage status? Some of our sites are at locations with iffy AC power. Things like having a window air conditioner on the same circuit that overloads things when it gets too hot out, etc. We're working around these, slowly, but in ...
Quick update: I've been running with the reversed link (the Trango-end is now the SU) for over a day, with some pretty heavy traffic sent through it, and everything is holding up just fine, no disconnects. I think this has it resolved, at least for now. I am using NStreme with the link - maybe the T...
Well, I just tried swapping the AP/SU units (reversing the link, it's just a point to point link), and it seems to be somewhat better. I'll see how it works like this for a while.
Interesting. I have a Trango near the SR9 link, but it's supposedly pretty far off channel-wise (924 vs 907). I'll try dropping that out & seeing what happens.
If you're troubleshooting EoIP connection issues, especially if they're really odd connect/non-connect issues, check your NAT settings. I've spent far too much time on and off over the past 2-3 months trying to troubleshoot EoIP issues. It's a really nasty network I'm running over, with multiple VPN...
The link has improved, but I still get periods where it "flaps" - disconnects due to "excessive data loss", reconnects, apparently tries to hammer packets through the link, disconnects, reconnects, repeats. For a LONG time.
Hm. The OSPF default route bug might explain some issues I was having a few weeks ago with OSPF & the default route not redistributing properly. I'll get this tested tomorrow (yay holiday, I can dink with the network during daystar hours & not annoy too many people), and see if it's fixed. -...
Do you have visual contact? What is the distance of the link? To you have full tx-power? Try to change channel :wink: No visual contact, but a Trango link was reasonably happy on it until recently, when it started glitching out - which is why I'm suspecting interference. Range is 3.5mi or so, tx po...
We just got the antennas tuned for a SR9 link between two spots. We're running roughly -71/-69 for signal strength, with a -81 noise floor, in the 10mhz band. I've got 5-6Mbit through when bandwidth testing. However, as soon as I start to flow "real" traffic through it, the link gets glitc...
Long story short, I need to do a remote OS reinstall on a router that's several thousand miles away, and I don't have a local Windows machine to do the netboot with. I've been trying for the better part of the afternoon to use an EoIP tunnel between two routers to do a netinstall, and it doesn't see...
Yes, there is a way to do a remote test of Hotspot. It involves bridges & EoIP. Create a bridge, with the local Hotspot interface on it. Add an EoIP tunnel to the remote "test" router & add it in the bridge. On the remote router, bridge the EoIP tunnel with the appropriate port. Th...
I'm working on setting up a demo of some stuff, and it would be useful to allow someone to VPN into a router, and then "see" the hotspot pages as though they were an unauthorized client (and then register, authorize, etc). Is there a way to do this?
Could you chain 4 batteries together to get a 48v source & try it that way?
Pushing 2 400mW radios on 12v involves a good bit of amperage going down the cable, and I wouldn't be surprised at all if the voltage drop was enough to keep things from working properly.
Sacramento! I used to live there! The short answer is FreeRADIUS on Linux. Be aware that you'll want to download the Mikrotik 'dictionary' file to replace the stock FreeRADIUS one - without this, some of the RADIUS attributes won't get passed around because FreeRADIUS won't know what they are. The l...
The parameter you are looking for is "Framed-Pool". This one allows you to send the name of the ip pool to use to your RouterOS machine in an Access-Accept message.
I'm not sure if my approach is the proper way of doing this, so I'm going to describe what I'm trying to do, what my current plan is, and we can go from there. I'm moving our ISP network over to entirely PPPoE/RADIUS for address assignment. This ties in with our management system (http://www.ispbrai...
If your in snooping or scan mode don't all current associations get put on hold because it can't do both at once? Are you thinking of using a second card thats always in snoop mode ? I don't know your answer but I wasn't sure if you knew the above info. Yes, I'm aware of that. There would be a sepa...
I know most threads involving EoIP end with "Use WDS, it's faster/better." However, I'm setting up a network with multiple Hotspots in an area, off different access points with antennas pointing different directions. The APs will not (theoretically) see each other wirelessly, but will be w...
When using snooper, the "stations" mode allows you to see the signal strength of stations that aren't associated with your AP. Is there a way to leave a radio in snooper mode & monitor the data remotely, using SNMP or such? I can write the SSH parser if needed, but if there's an easier...
Bumping a somewhat old thread with information: The issue here is the scan list. With superchannel enabled, the number of frequencies you can broadcast is significantly larger than the default scan list. The scan list essentially says, "Look for radios in this frequency range." It can be [...
What about the antenna connector? Maybe you've got it hooked to B and it's set to A (AP or SU side possibly)? The A connector will send a strong enough signal to be slightly amplified by the pigtail and antenna, and will work in a short range, but further away the signal loss will be too great. The...
Well, my experience with superchannel on 2.8, is that you need to specify like this: 5725-5805 I've tried that format, I've also tried just specifying the channel that things are on, I've tried comma separated values of a few channels. Did you make sure that all the other settings match (NStreme, W...
I'm out of ideas. I'm supporting a deployment of a number of RouterOS based wireless nodes overseas. They were equipped with the Custom Frequency Select module, are a mix of RB200 & RB500 systems, and all have CM9 radios. Before they shipped, I preconfigured them, established links between them,...
I've finally traced the root of the problems I've been having with NFS/SMB speed to the Mikrotik router. Our office is behind a masquerade NAT, and while HTTP connections to a public server are quite fast, SMB/NFS connections are fairly slow. I'm not doing any shaping that should be touching these c...
Look in the manual for VPN examples. In a nutshell, you'll want to set up a PPTP server. In the default-encrypted profile, select your IP pool for the local & remote addresses. Set up the PPP users (or authenticate against RADIUS), and they should be able to connect in. If the IP pool they conne...
BitTorrent is rough to filter, because it's so many connections at once.
You should just be able to use the P2P mangle rule to mark packets, and set up a queue tree entry to set them to priority 8 (low priority), and restrict them to a given bandwidth. That's what we do on our network.
I suggest running RADIUS in debug mode (for freeradius it's freeradius -X) to see exactly what the Mikrotik is passing to the RADIUS server. You should be able to determine the problem from there - at least with freeradius, the debug mode is VERY verbose.
Mikrotik guys, this is a serious issue. The only solution I've found is to reboot our routers every week and a half or two weeks, which kicks off 200+ hotspot users at one of our locations. I've set up cookie logins so it's not *as* annoying, but there's something seriously wrong here. Multiple peop...
Here are some graphs from some of our systems. This is NOT NORMAL. http://devserver.cramerit.net/files/cpu-month-1.png http://devserver.cramerit.net/files/cpu-month-2.png I've sent in supout.rif files, and was told to upgrade to 2.9.5 and see if it persisted, but it seems that someone here has 2.9.5...
Both of our 2.9 routers are having issues with CPU usage ramping up to 100% over the course of several weeks. One is running Hotspot, the other is just serving as a router/VPN server. I'm running 2.9.3 on the Hotspot router, and 2.9rc7 on the "plain routing" router. Both seem to be doing t...
The way I do it is to enable PPPoE on a Hotspot protected interface. The router has already been configured for internet access, and the PPPoE server just uses the default IP pool. PPPoE is mostly used for XBox/PS2 game consoles, because they don't have a web browser that can be used to log in norma...
I can point you in the general direction of what to do from Winbox. I can't give you straight terminal steps. Click "PPP" along the left. Click "PPPoE Server" Add a new PPPoE server on the appropriate interface Click the "Secrets" tab on the top Click "AAA" En...
2.9.2 did fix the issue, at least part of it. I can now ping the devices behind the router, but I still can't seem to actually connect to them - connections on port 80 just immediately close. So I'm thinking they're not HS-authenticated.
Actually there was also an issue with multi-addressed interfaces, arp and hotspot that i discovered today and... wow! today the released 2.9.2 that fixes it! Did you read my mind?
I'm sure I'm not the only person to have this problem, as I found some threads related to it, and there were no good solutions. Our network has a Hotspot segment handling a number of users within an apartment complex. There are also quite a few managed switches handling this network segment (large c...
.... and add 128MB RAM 10x Or at least a way to do it. I've had some other projects that would have been ideal for a Routerboard 500, but was unable to use them because of the memory limits. 64 meg is the bare minimum for what I'd need, and if there was a board with 128 meg onboard, they would beco...
The problem is actually with someone using Vonage - a VoIP solution. Their laptop doesn't get logged in until they open the web browser, and as such their VoIP stuff doesn't work when they're home all the time.
Under 2.8, we had no problems with this. Hotspot users with laptops could wander off, come back, and remain logged in. Under 2.9, they seem to get logged out. The log message says something along the lines of "Hotspot user logged out; lost DHCP lease." I've tried setting the DHCP leases to...
I've looked through the SNMP results returned, and I haven't found anything that looks promising. What I'm trying to do: Our management system for our ISP interfaces nicely with WANRouters to collect stats. I'd like to be able to collect & report on traffic transfered on a per-IP basis. I can ha...
Trying to figure this one out, or if it's even possible. I have a Mikrotik with a public IP address. It runs NAT, and behind it there's another Mikrotik. Is there a way to forward Winbox through the Mikrotik so I can use Winbox on both routers? If I forward port 8129 (?) I can't access the first one...
Have you confirmed that they're being sent from the RADIUS server? I suggest using the radtest utility (if you're running on Linux) to check. Also, if you're using 2.9, the Rate-Limit attribute is MUCH more flexible, and works with Hotspot/PPPoE/pretty much everything. I suggest grabbing the Mikroti...
We just had the exact same issue, same symptoms, same fix (reboot the router). supout.rif file has been sent to support, so hopefully there will be something useful in it.
It appears that Rate-Limit does NOT work with Hotspot in 2.9rc4 yet. I installed 2.9 on a development router, fed it some attributes, and watched. The queue was created with Ascend-Data-Rate & Ascend-Xmit-Rate properly, but nothing was created with Rate-Limit. *sigh* I was really hoping this wou...
I've searched, and I haven't found a firm answer as to Rate-Limit & Hotspot under 2.8.27. I've confirmed that the Rate-Limit attribute is being returned (both from watching the FreeRadius output and running radtest), but I don't see any queues created when a Hotspot user logs in. I know that Hot...
Installed on a Via based router box with Atheros card, and I get the following errors when trying to ping the wireless IP: 92 bytes from 10.0.1.1: Dest Unreachable, Bad Code: 9 Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 0054 c392 0 0000 40 01 a018 10.0.1.254 10.0.1.1 //EDIT: I just downgrad...
From the PDF: print - shows all information that's accessible from particular command level. Thus, /system clock print shows system date and time, /ip route print shows all routes etc. If there's a list of items in current level and they are not read-only, i.e. you can change/remove them (example of...
My old script still isn't working, but I was able to create something that worked with autoexpect and then trim it down to work. #!/usr/bin/expect -f spawn ssh 1.2.3.4 -l admin expect "admin@1.2.3.4's password: " send -- "password\r" expect " > " send -- "system re...
Try to end the commands that you send with \r instead of \n just like you do when you send the password. --Tom Eh, yea. Should have specified above. I've tried \n, \r, \r\n, \n\r, pretty much everything I can think of. Just to confirm, I should be able to see the output coming back when I run the c...
I've tried quite a few expect scripts to remotely work on our Mikrotiks, and they seem to be avoiding sending data. #!/usr/bin/expect # spawn /usr/bin/ssh 1.2.3.4 -l admin expect -re "password:" send "password\r" # expect ">" send "system resource print\n" sle...
I have a Via 533mhz Mikrotik handling Hotspot for about 100 users on a decent bandwidth network. CPU usage has been hovering between 50% & 75%, depending on time of day. It seems this is rather high - is there any way to tell what specific functionality is taking up the CPU time (a 'top' command...
*twitches* Unhashing a RADIUS database after a Mikrotik reboot is not on my list of "fun things to do." One of our Mikrotiks just crashed. It's running 2.8.26 and handling a good number of Hotspot clients (95 or so). Hotspot died, Winbox couldn't connect, the admin web page couldn't connec...
I forgot to mention - we're also marking HTTP traffic, and P2P-IN traffic, both of which are working properly. It's just marking outbound P2P traffic that doesn't seem to be working.
We've just switched a large group of users over to hotspot, and the P2P limiting no longer works properly. The P2P traffic limiting was working fine with the old setup (just DHCP & routed addresses), with P2P traffic being flow-marked and limited in the queue trees. Now that Hotspot is being use...
Is there any chance of having an older (2.8 style) Hotspot module available for 2.9, to use DHCP-POOL methods & such? While the new method is easy to use, it seems that it removes some of the more advanced functionality.
I downgraded to 2.8.26 and was having the same problems, but I discovered that I had a bunch of old hotspot rules in the firewall. After clearing out ALL the hotspot related stuff in the firewall tables, and recreating the rules with the Hotspot setup wizard, things worked properly in enabled-addres...
Error: Empty Flow (or something along those lines), check your PPP settings. If PPP has been set up to use a local or remote IP pool that no longer exists, you'll have this problem.
(added because I didn't find any results when I searched for this error earlier)
It seems that with the Hotspot setup in 2.9, only web traffic is getting passed - SMTP, IRC, etc. all get blocked (connection failed from the client system). Is this normal? It's not quite what I was expecting... Also, it appears the address changing mode has been removed. This will be used for reas...
I've been messing around with HotSpot & Ascend-Data-Rate. Ascend-Data-Rate works properly when it's the only attribute - limits speeds to the requested value. However, when I have Ascend-Data-Rate and Ascend-Xmit-Rate both in place, the values are reversed. Xmit controls the download speed, and ...
Looks like I found a solution. If I don't have an address pool available to the PPP service, a PPPoE login fails with "Server did not assign an IP address." Assigning an address pool to Hotspot but not PPP will let you do this - and then you assign a static IP to a user with PPPoE. -=Russ=-
I'm working on a project, and I need to know if there is a way to enable/disable PPPoE logins via RADIUS attributes. HotSpot will always be enabled, but I would like a select list of individuals to be able to use PPPoE. All users are authenticated against a freeradius server, so it would have to be ...