+1 would make for way better security

I have an interface that id like to set to reply only for arp, but we have some static addresses on there that could potentially change devices, is there any way to do an arp-ping every so often to check the Mac that returns that ip and put it into the arp table?

I am working with a mikrotik dhcp server with static arp on the router, and option 82 on the edge. However when dhcp adds the mac to the arp table its the mac of the dhcp relay. What would be causing this?

After some more research it appears this may be a function of the ubiquiti dhcp relay sending a request for the reply as well.

All, I am having a bit of a problem, to start, the network is pretty simple(its a testing environment) its a router(rb3011)plugged into a switch, a ubiquiti ptmp AP (LAP-AC), 2 client stations(ns5-ac-gen2) and client clients (in this case raspberry PIs) behind each of them. I enabled option 82 on th...

Thank you! See it was something stupid and glaringly obvious.

I am trying to set up a management vlan on a CRS326, I want untagged traffic coming in on port ether1 to be able to access the management vlan of 100, with an ip of 192.168.86.5. I set the pvid of ether1 to 100, added vlan100 to the bridge vlan table, created the vlan and added the bridge to the vla...

Does anyone know what the radius attributes MIKROTIK_DHCP_OPTION_PARAM_STR1 and MIKROTIK_DHCP_OPTION_PARAM_STR2 are? there is nothing that references them aside from the dictionary that I have been able to find. Id imagine it is for specifying DHCP options, but I dont see how to use it.

I am using dhcp with radius authentication to add queues to a router that is part of a vrrp setup. If the main router fails, i would like to have the queues be synchronized(ideally as one is added on the primary, the second one also gets it). Is there a good way to do this? Is there other items i sh...

The mangle rule pointed me in the right direction

It was being blocked by the default drop all !LAN. The connection comes in on localhost (which should be obvious, but I was to close to it haha)

I see it referenced in the release announcement(6.47), and see a question asked with no answer in the announcement thread(6.47.3), why was flashfig removed from netinstall 6.47+?

I am trying to use an ssh tunnel to my router, then open winbox using that tunnel, however i cant seem to get ssh tunnels to work properly. I enabled ssh forwarding in both directions, but that didnt seem help. is there a listen address configured anywhere for winbox? I added an allow rule to the fi...

You need to understand that when you provide a configure script, that script has to do all of the configuration. It will be run instead of, not after the normal configuration script. You need to add the further configuration you require to bring up the device and make it able to connect the acs. Li...

All, I am having a hell of a time with my first script. Its extremely basic and just setting the acs url There is likely something i have missed that i clearly need, the entirety of the "script" is just: /tr069-client set acs-url="https://acs.mydomain.com:7547" I netinstall route...

1. how long did it take the progress bar to reach 100% when flashing the 6.47.1? Was it one to two seconds or longer? 2. what happens if you power off the device, hold the reset button (right next to the power connector), connect the power back and keep holding that button until the usr LED starts ...

I was trying to install a custom script through netinstall on a hap ac2 and it did not seem to go according to plan. I can not get into the router. I took a default config from another hap ac2 i have (/system default-configuration print) and putting that into an rsc file and loading that, that still...

When I first loaded a Let's Encrypt certificate in to a MikroTik (CCR1009-8G-1S) I kept getting the following message in the log: got CRL with bad signature, issued by :DST Root CA X3::Digital Signature Trust Co.::: I don't know if this relates to your problem (I've never used GenieACS) but the fix...

I am running GenieACS with a Lets-Encrypt cert thinking that the Mikrotik router would be able to pull any necessary CA and CRL down from the web. However every time I try to connect I get . How can I rectify this?

Default items cannot be renamed or deleted.
If you want your custom instances then add new ones and disable default.

Is there any reasoning behind this? It seems counter intuitive.

Is there a way to delete or rename the default BGP Instance? I have tried through webfig, winbox, and ssh with no luck. Is there a reason that this is locked out?

You can use something like fetch url="http://icanhazip.com"

That will return your current public ip.

So I understand the point of QinQ and how it would isolate the network, but I don't understand how to implement it at the core. Cpe would encapsulate the traffic in the C-tag, the AP would encapsulate the S-tag, the packet would traverse our network to the core, where the tags would be stripped (tha...

I can't seem to find any info aside from using the netinstall program for windows, is it possible to tftp boot a mikrotik router (ideally by holding the mode button) and giving it a server address via dhcp? Alternatively is there a similar way of loading a config without having to log into the route...

I am using a small script to fetch a url that has a ? in it. In the terminal Id need to use the \ to escape and not dump the help file, do i need to do this in the script as well?