Community discussions

Search found 599 matches

  • 1
  • 2
by jp
Fri Nov 23, 2018 4:56 pm
Forum: Beginner Basics
Topic: firewall forward drop rule not working between LAN IPs [SOLVED]
Replies: 10
Views: 1159

Re: firewall forward drop rule not working between LAN IPs [SOLVED]

Your IP addresses should go to bridge1 and bridge99 rather than the physical interfaces.
You will also need a rule in the opposite direction. It is possible to set things up like you have so that access is only in one direction.
by jp
Tue Sep 11, 2018 9:42 pm
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 148
Views: 28760

Re: v6.43 [current] is released!

*) ssh - disconnect all active connections when device gets rebooted or turned off;
This is awesome! Thank you
by jp
Wed Jun 13, 2018 3:53 am
Forum: Announcements
Topic: VPNfilter official statement
Replies: 191
Views: 77541

Re: VPNfilter official statement

Add the bandwidth test ports and this is what we do and it works. Good post. FWIW, I use the following related best practices when I set up a router that has a public-facing interface: reset all configuration settings, uncheck 'keep default settings' Disable all non-essential services: telnet http h...
by jp
Tue Jan 16, 2018 11:57 pm
Forum: General
Topic: tool kid-control
Replies: 42
Views: 13030

Re: tool kid-control

Much appreciated Normis. I think this could help us bring Mikrotik more into the residential market, where it's mostly mikrotik==business for us at the moment. Regarding using mac address instead of IP would not solve anything.. Many devices can produce a random mac address for security purposes. If...
by jp
Wed Jan 10, 2018 5:03 am
Forum: Scripting
Topic: Child bedtime control - scripts
Replies: 3
Views: 1531

Re: Child bedtime control - scripts

There is a new "tool kid-control" feature just added which I will try out shortly... Currently the children's devices have fixed dhcp leases with "make static" Then in queue simple, I have: add max-limit=1k/1k name=Ipod target=10.0.54.201/32 time=20h-6h,sun,mon,tue,wed,thu,fri,sat add max-limit=1k/1...
by jp
Tue Jan 09, 2018 10:45 pm
Forum: General
Topic: double or triple NAT is bad?
Replies: 13
Views: 6075

Re: double or triple NAT is bad?

It may work fine for a hundred users, but if you had thousands of users, chances are a certain amount of them would have some sort of infection and use up all sorts of port/connections, creating intermittent problems or overloading a weak router.
by jp
Tue Jan 09, 2018 10:38 pm
Forum: General
Topic: tool kid-control
Replies: 42
Views: 13030

Re: tool kid-control

It's been updated in the wiki!
by jp
Thu Jan 04, 2018 10:05 pm
Forum: General
Topic: Why I am not using WinBox!
Replies: 24
Views: 2568

Re: Why I am not using WinBox!

I mostly use ssh to do things mikrotik. Something like a firewall rule, in the CLI it's a copy & paste one-liner from a template. In Winbox, it's click on multiple things to get to the right section of the firewall, then open a box and put a bunch of things in a bunch of different tabs requiring pho...
by jp
Fri Dec 29, 2017 7:07 pm
Forum: General
Topic: tool kid-control
Replies: 42
Views: 13030

tool kid-control

Found it playing with command line completion in the CLI of 6.41

Nothing in search results or official documentation.

I'm very interested. Anyone played with it or have further documentation?
by jp
Fri Jun 30, 2017 2:34 am
Forum: RouterBOARD hardware
Topic: suggestion for CRS212-1G-10S-1S+IN or other small sfp switch
Replies: 2
Views: 520

suggestion for CRS212-1G-10S-1S+IN or other small sfp switch

All that empty space on the rackmount bracket... Great place for some holes to allow us to mount some standardized fiber patch accessories. Just imagining it here, didn't make any holes. It'd probably cost an extra $1 to do at the time of manufacture.
IMG_20170629_170635.jpg
by jp
Wed Jul 29, 2015 6:11 pm
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 188022

Re: Cloud Hosted Router

Very nice.

I already use routerOS x86 on a virtual machine with kvm/virtualmin.
Virtual routerOS is a good firewall/router for virtual machines.
by jp
Mon Jul 20, 2015 5:29 pm
Forum: General
Topic: Feature Request - Notes
Replies: 9
Views: 860

Re: Feature Request - Notes

Google docs.

Then if a router gets fried or is unreachable, you still have your notes.
by jp
Tue Jul 07, 2015 7:26 pm
Forum: RouterBOARD hardware
Topic: Seeking Hardware Recommendation?
Replies: 4
Views: 847

Re: Seeking Hardware Recommendation?

With that MT switch, you can assign ports to a "master port"; this essentially allows having multiple virtual switches. You'd assign a few ports for IPTV to one master switch port, and some servers and other stuff to another switch port master, and you'd be sort of running two virtual switches. No i...
by jp
Wed May 27, 2015 10:35 pm
Forum: Forwarding Protocols
Topic: Stop traffic between Ethernet ports
Replies: 4
Views: 1005

Re: Stop traffic between Ethernet ports

I have done this to make ether2 only able to send traffic through ether1 (gateway). Glad to hear other options.

/ip firewall filter add action=reject chain=forward in-interface=ether2 out-interface=!ether1
by jp
Sun Jan 18, 2015 3:24 pm
Forum: General
Topic: NTP vulnerabilities
Replies: 2
Views: 620

NTP vulnerabilities

NTP vuln is pretty widespread with many vendors, but how each responds to it is what separates the men from the boys. The 6.25 rc changelog says it fixes NTP vulnerabilities. Does that mean all previous versions have vulnerabilities? Please share more. An ideal thing for MT to do would be say "this ...
by jp
Mon Jan 12, 2015 6:41 pm
Forum: General
Topic: Hacked & Need Help!
Replies: 6
Views: 1461

Re: Hacked & Need Help!

If he has a backup of the ROS VM that could be restored/rolled back.
If the hacker is still using it and connecting insecurely, he could sniff the traffic to get the password.
by jp
Sat Jan 10, 2015 2:57 pm
Forum: General
Topic: Looking for wireless solution Mikrotik / Ubiquiti
Replies: 11
Views: 1849

Re: Looking for wireless solution Mikrotik / Ubiquiti

I have an rb2011 for a wired router(dhcp server, firewall, gateway) and use Unifi for APs. It's a good combination. Keep in mind you need a unifi controller.
Upta camp, I have the wireless rb2011 for router+wifi and it's good but I haven't tried multiple mikrotiks for roaming.
by jp
Mon Dec 29, 2014 9:45 pm
Forum: General
Topic: switch feature and torch ; grrr...
Replies: 4
Views: 1071

Re: switch feature and torch ; grrr...

Thanks Neilson; I was able to mirror the master port to a cpu port and view the master port (thus everything on switch) in torch, but it didn't work for me to mirror an individual port to the CPU. Better than nothing but still room for improvement.
by jp
Mon Dec 29, 2014 9:42 pm
Forum: Announcements
Topic: 6.24 released
Replies: 91
Views: 34897

Re: 6.24 released

How important is the NTP security update as it pertains to RouterOS? http://support.ntp.org/bin/view/Main/SecurityNotice says three of the issues are crypto related, and one is a normal nasty buffer overflow. I'm guessing the crypto ones don't apply to normal RouterOS, but the buffer overflow could ...
by jp
Mon Dec 29, 2014 6:41 pm
Forum: General
Topic: switch feature and torch ; grrr...
Replies: 4
Views: 1071

switch feature and torch ; grrr...

What I've read from the forum search is "can't do it" as torch only captures traffic going through the CPU. This is kinda dumb; I just want it to work and if it takes a performance hit running torch, I'm OK with that. Torch is a very important tool. Yet switch chips are a very important performance ...
by jp
Fri Dec 12, 2014 6:21 pm
Forum: General
Topic: Botnet - Brute Force Rules Help, Please
Replies: 10
Views: 2340

Re: Botnet - Brute Force Rules Help, Please

Using keys doesn't stop attempts, just stops login error messages. The ideal thing is not to expose management access to the whole Internet. Block everything with the input chain, then allow it from the netblocks/static IP/vpn IP you want to have such access. All this tarpitting stuff, while it work...
by jp
Sat Nov 01, 2014 11:11 pm
Forum: RouterBOARD hardware
Topic: FTC fiber to copper converter
Replies: 22
Views: 8003

Re: FTC fiber to copper converter

It would be cool. The market is mature for dumb converters I think.
by jp
Tue Oct 28, 2014 3:01 pm
Forum: Announcements
Topic: Newsletter 62
Replies: 32
Views: 24476

Re: Newsletter 62

That new fiber media converter looks interesting. I'd like to see one with the SFP and patch cable installed. Looks like not much room for slack or fastening the drop cable. I'd really like it if that had even some basic management/remote abilities. I'm sure it'll all happen in good time, but I'm im...
by jp
Wed Oct 22, 2014 4:00 pm
Forum: General
Topic: CRS VLANs problems ? or incorrect usage.
Replies: 2
Views: 1107

Re: CRS VLANs problems ? or incorrect usage.

You have to add the switch1-cpu to the ports list so it can participate. This is not in the instructions.
by jp
Fri Oct 17, 2014 1:52 am
Forum: General
Topic: How to solve a D-Link problem. Not what you think...
Replies: 3
Views: 677

Re: How to solve a D-Link problem. Not what you think...

In the rural US, we use bullets and gunpowder on junk IT equipment.
by jp
Fri Oct 17, 2014 12:34 am
Forum: General
Topic: CRS lacp trunking and ethernet linkage
Replies: 0
Views: 863

CRS lacp trunking and ethernet linkage

I am connecting a CRS125-24G-1S with 6.20 to a HP procurve 2626 with H.10.74 using two ethernet cables as lacp trunk ports. (basically dual ethernet uplink) 1+2 are the switch trunk going to 21+22 on the HP. Two tagged VLANs go over the switch trunk. Basic everyday datacenter stuff extending vlans t...
by jp
Mon Oct 13, 2014 11:41 pm
Forum: RouterBOARD hardware
Topic: multiple power input
Replies: 2
Views: 943

multiple power input

I am using the rb2011 series routers and CRS125-24G-1S-RM switches. Can these be powered at the same time by the POE in and the DC power jack? Sort of as redundant power?

I'm not going to try it and fry one if it went wrong :-) so I'll ask.
by jp
Fri Sep 05, 2014 10:45 pm
Forum: RouterBOARD hardware
Topic: Cloud Router Switch LACP
Replies: 6
Views: 6943

Re: Cloud Router Switch LACP

Anyone using this? http://wiki.mikrotik.com/wiki/Manual:CRS_examples#Trunking says "IEEE802.3ad and IEEE802.1ax compatible Link Aggregation Control Protocol is not supported yet" http://wiki.mikrotik.com/wiki/Manual:CRS_features#Trunking says "The Trunking in the Cloud Router Switches provides IEEE8...
by jp
Fri Aug 15, 2014 12:37 am
Forum: General
Topic: v6.18
Replies: 109
Views: 29732

Re: v6.18

Looks fine in Winbox.
by jp
Thu Aug 14, 2014 7:30 pm
Forum: General
Topic: v6.18
Replies: 109
Views: 29732

Re: v6.18

"can't get there from here" is a saying we have... It's on another network, but I can ssh via a jump point. I'll check it later.
by jp
Thu Aug 14, 2014 6:46 pm
Forum: General
Topic: v6.18
Replies: 109
Views: 29732

Re: v6.18

But it's not a deleted item, it's an active item.
Also what is the benefit of using the internal #?
by jp
Thu Aug 14, 2014 5:00 pm
Forum: General
Topic: v6.18
Replies: 109
Views: 29732

Re: v6.18

Appreciate the NTP changes.

Seeing something strange on ip neigbhor though on this 6.18 x86 install
Don't know what *f0000 is but perhaps a programming error
by jp
Mon Aug 04, 2014 7:30 pm
Forum: General
Topic: switch chip firewalling
Replies: 1
Views: 612

switch chip firewalling

Studying up on this feature in hopes it could be used to stop spoofing without slowing the CPU. The idea is allow traffic to or from that has src or dst of x.x.x.x/x and dump everything not legit. Lotsa compromised customer linksys wirelessrouters spoofing dns and all sorts of crap. Would the first ...
by jp
Fri Oct 25, 2013 11:06 pm
Forum: General
Topic: Tool: Realtime per IP traffic monitor for home/office
Replies: 289
Views: 304969

Re: Tool: Realtime per IP traffic monitor for home/office

Neat looking tool, does the munin plugin connect to the mikrotik or the windows box running your software? I've downloaded and am playing with it.
by jp
Tue Jul 16, 2013 4:33 pm
Forum: RouterBOARD hardware
Topic: 2011 power plug - thank you Mikrotik
Replies: 12
Views: 4661

Re: 2011 power plug - thank you Mikrotik

I like the change too. Thanks!

I received a batch of 2011rm's about a month ago with the changed power plug.
by jp
Mon Jun 03, 2013 8:59 pm
Forum: General
Topic: DDOS Attack, Need some input from the Pros!
Replies: 5
Views: 2001

Re: DDOS Attack, Need some input from the Pros!

You might have something on your network causing you to get ddos'd. Like an IRC server or hacked something. Look for things to clean up in your yard to prevent being a target.
by jp
Fri May 17, 2013 5:23 am
Forum: General
Topic: v5.25 released
Replies: 52
Views: 16478

Re: v5.25 released

[admin@111lucia] /system ntp client> set enabled=yes [admin@111lucia] /system ntp client> set primary-ntp=0.north-america.pool.ntp.org invalid value for argument ipv6-address [admin@111lucia] /system ntp client> Here's a bug... it doesn't like the hostname starting with 0 and misinterprets it as an...
by jp
Wed May 15, 2013 11:30 pm
Forum: General
Topic: CPE Badge / Logo where to get them
Replies: 11
Views: 1572

Re: CPE Badge / Logo where to get them

I don't know about EU, but in the US, people put clear stickers in their car's back window to advertise their alma mater. We had some made up for our equipment. I guess you'd call them custom college decals or something. They came on a roll of 500 or some large number like that.
by jp
Thu May 09, 2013 6:20 pm
Forum: General
Topic: www.mikrotik.com
Replies: 9
Views: 1267

Re: www.mikrotik.com

It used to go down regularly to herald in a version of routeros.
by jp
Fri Apr 26, 2013 6:07 pm
Forum: Forwarding Protocols
Topic: BGP setup
Replies: 1
Views: 982

Re: BGP for dummies

A static default route takes preference over a BGP default route as statics have a lower distance.

http://www.techrepublic.com/blog/networ ... router/784
by jp
Mon Apr 22, 2013 6:11 pm
Forum: General
Topic: Can a routerboard be used to be a serial cable over IP?
Replies: 1
Views: 453

Re: Can a routerboard be used to be a serial cable over IP?

Lantronix is better known for this sort of thing. Usually one end is a virtual serial port, but they might make something serial-ethernet-serial.
by jp
Wed Apr 10, 2013 6:52 pm
Forum: General
Topic: Security Issue - FTP port accessible with crafted packets
Replies: 6
Views: 1273

Re: Security Issue - FTP port accessible with crafted packet

I have firewall rules for blocking by default. RouterOS would do well to have a more secure default config. A block everything input rule would cover that. Then people could add their specific remote access allows. A wizard configuration option could make it easy to securely setup. Juniper routers f...
by jp
Wed Apr 10, 2013 6:22 pm
Forum: Virtualization
Topic: using routeros as a virtual router
Replies: 1
Views: 2476

using routeros as a virtual router

I setup a centos machine running kvm & cloudmin for hosting a virtual router and a bunch of virtual linux machines. The normal ethernet interface sets up as a bridge (br0) which is the uplink for the hypervisor and MT router VM. Add a second bridge interface (br1) to the kvm hypervisor. The second b...
by jp
Wed Mar 20, 2013 6:44 pm
Forum: RouterBOARD hardware
Topic: Hardware of RouterBoard vs PC
Replies: 7
Views: 4575

Re: Hardware of RouterBoard vs PC

Never tried IPCOP. My idea of gaming on a PC is different than most. It's things like Spider, Freecell, shisen-sho/mahjong, [and words with friends if I want to use my mind.]
If I had a 100mbps home connection, I'd probably get a rb2011, don't know how that compares to the 450g.
by jp
Wed Mar 13, 2013 3:24 pm
Forum: General
Topic: warning to MT
Replies: 0
Views: 440

warning to MT

Don't get all jealous of ubiquiti's new community forum interface

This right here is much more pleasant software forum to use.
by jp
Wed Mar 13, 2013 3:22 pm
Forum: General
Topic: libssh2 x routeros problem
Replies: 3
Views: 640

Re: libssh2 x routeros problem

It's great to learn C, but it'd be better to focus the learning on things you can debug with various methods (encryption makes it harder) and have open source throughout, so you can add debugging code to what it's talking to for instance. I use a higher level of programming; a bash script with scp t...
by jp
Wed Mar 13, 2013 3:17 pm
Forum: RouterBOARD hardware
Topic: Hardware of RouterBoard vs PC
Replies: 7
Views: 4575

Re: Hardware of RouterBoard vs PC

For a core router, a modern PC takes it up another level, from mostly adequate to slight overkill. Lotsa bang for the buck. If you've got 50 customers, an rb450g is very suitable. If you've got thousands, a PC is more suitable. More ram and processor mean faster/better BGP when dealing with big upst...
by jp
Thu Feb 21, 2013 1:08 am
Forum: General
Topic: basic port foward easily achieved by cheap routers. NOTonMT
Replies: 11
Views: 1533

Re: basic port foward easily achieved by cheap routers. NOTo

created that rule missing only the external ip as in the example 69.69.69.69
That could be why it's doesn't work.
by jp
Wed Feb 20, 2013 7:05 pm
Forum: General
Topic: 5.24 released!
Replies: 161
Views: 44257

Re: 5.24 released!

Every time something is omitted from the changelog, a kitten dies.
by jp
Mon Feb 18, 2013 5:18 pm
Forum: General
Topic: Network Under Attack. (DDoS)
Replies: 4
Views: 1328

Re: Network Under Attack. (DDoS)

portscan your customer being attacked. They probably have an IRC server running or something like that without their knowledge. You'll do everyone a favor by identifying it and having them clean it up.
by jp
Wed Dec 12, 2012 11:46 pm
Forum: RouterBOARD hardware
Topic: RB2011UAS-RM Horrible front/label design!!!
Replies: 14
Views: 4529

Re: RB2011UAS-RM Horrible front/label design!!!

Rackmount is supposed to be quality stuff. People who specify rackmount don't mind spending the extra for quality presentation.
by jp
Thu Dec 06, 2012 5:38 pm
Forum: RouterBOARD hardware
Topic: 2011 power cord retainer
Replies: 34
Views: 6410

Re: 2011 power cord retainer

That's a nice little adapter that would be better than the present choice. My idea for the ziptie thing based based on something like http://www.juniper.net/techpubs/software/junos-es/junos-es92/junos-es-jseries-hardware-guide/connecting-power.html http://jason.philbrook.us/~jp/mis/20121205_132731.j...
by jp
Wed Dec 05, 2012 8:19 pm
Forum: RouterBOARD hardware
Topic: 2011 power cord retainer
Replies: 34
Views: 6410

Re: 2011 power cord retainer

Rubbing power cord is nearly impossible unless router sits in very shaky environment. And even then it would take a LOT of time to rub through to reach bare wire. Can the same logic be applied to a 120/240v power breaker panel? We use bushings/grommets on that. I realize 24vdc isn't dangerous for e...
by jp
Wed Dec 05, 2012 5:57 pm
Forum: RouterBOARD hardware
Topic: 2011 power cord retainer
Replies: 34
Views: 6410

2011 power cord retainer

The 2011 power jack is inside the case and the barrel is held in by the case. I'm concerned though about the power cord rubbing/wearing against the metal case as their is no grommet. Is this a fair concern? I'll be able to pull it where I use POE, but I'm cautious to use it elsewhere for now. http:/...
by jp
Fri Nov 02, 2012 5:57 pm
Forum: RouterBOARD hardware
Topic: SFP module
Replies: 100
Views: 57255

Re: SFP module

Probably never since RBs are ethernet routers and not TDM equipment.
by jp
Tue Oct 23, 2012 8:59 pm
Forum: General
Topic: RB 1100 lock service SSH OS V. 5.20
Replies: 9
Views: 2401

Re: RB 1100 lock service SSH OS V. 5.20 and x86.

I have the same problem (no PPPoE, but over 150 PPTP users, 10-20 simultaneously active). 2-3 days uptime everything is OK, then terminal and ssh stop working. What most amazed me, I wanted to generate supout file to attach to support mail, and just after clicking "Make supout.rif" in Winbox everyt...
by jp
Tue Oct 23, 2012 8:44 pm
Forum: RouterBOARD hardware
Topic: SFP module
Replies: 100
Views: 57255

Re: SFP module

Why the cry for a 100mbps SFP when 1gbps ones are so similar in cost?

I've used "wave splitter" and calix 1gig SFPs in the 2011-ls successfully so far. Don't have a ton of different SFPs to play with.
by jp
Wed Jun 13, 2012 4:33 pm
Forum: General
Topic: Feature Request: Please support enterprise virtualization.
Replies: 16
Views: 2985

Re: Feature Request: Please support enterprise virtualizatio

if you use XEN full virtualization RotuerOS works there as a guest OS, same goes for VMware virtual guests. Ok, so you think I should replace my whole platform with another one because one of the large virtualization platforms suck in your eyes, or what? Seriously, I yet have to see XEN used in an ...
by jp
Wed Jun 13, 2012 4:27 pm
Forum: RouterBOARD hardware
Topic: RB951-2n and Metal now shipping
Replies: 69
Views: 26503

Re: RB951-2n and Metal now shipping

I think we're forgetting how gain is attained in antennas. For an indoor AP, you want uniform coverage in all directions (which decreases the db rating). High gain is going to lose up and down radiation or coverage.
by jp
Mon Jun 11, 2012 5:42 pm
Forum: RouterBOARD hardware
Topic: SFP module
Replies: 100
Views: 57255

Re: SFP module

Spend you time an energy to make an RB1200 without TX-Ports and only SFP slots. There is no product with a good price in the market. Like^2. That would rock bigtime. It'd be a nice concentrator for fttx connections and campus networks. Any sort of diagnostic or monitoring features would be apprecia...
by jp
Mon Jun 11, 2012 5:32 pm
Forum: General
Topic: Feature Request: Please support enterprise virtualization.
Replies: 16
Views: 2985

Re: Feature Request: Please support enterprise virtualizatio

RouterOS works fine as a regular x86 OS virtualized; I use it in xen. My understanding of their support for virtualization was to provide a special version that would work for paravirtualization, where the underlying CPU didn't need to specifically support actual virtualization.
by jp
Mon Jun 11, 2012 3:45 pm
Forum: General
Topic: upgrade v.3.25 to 5.17
Replies: 7
Views: 1937

Re: upgrade v.3.25 to 5.17

I'd update to 3.30, do a "license update" in winbox, reboot, upgrade to 4.17, do a license update again, and it's then ready to take 5.17. You may be able to go right to 4.17 and do a license update; I haven't tried.
by jp
Sat May 05, 2012 12:33 am
Forum: General
Topic: v5.15 released!
Replies: 150
Views: 29462

Re: v5.15 released!

Thank You MT staff

The "set always-allow-password-login=" addition to SSH is much appreciated.

(so ssh in 5.x works like all previous versions and most linux machines allowing both password and key based access)
by jp
Fri Jan 27, 2012 7:20 pm
Forum: Virtualization
Topic: xen+x86 when?
Replies: 16
Views: 6151

Re: xen+x86 when?

You can still use another linux distribution as the xen "hypervisor" and routeros as virtual machines.
by jp
Tue Dec 20, 2011 6:38 pm
Forum: Wireless Networking
Topic: Solar power and batteries.
Replies: 32
Views: 12414

Re: Solar power and batteries.

I've done quite a bit of reading on solar power for WISP projects. I was wondering if anyone here is running solar, what they've got running off of it and how long it lasts. I think the info I have is based on a completely different climate than we have. The highest power usage I have today is 27W,...
by jp
Tue Nov 22, 2011 4:14 pm
Forum: RouterBOARD hardware
Topic: old RB cases
Replies: 1
Views: 530

old RB cases

I'm accumulating a good collection of old cases, mostly 532 cases right now as those rbs are retired for faster/newer models.

Are there any plans to make RBs of the same form factor, as a "drop-in" faster/better/newer replacement?

Looks like the 4xx/3xx form factor is living on pretty well.
by jp
Tue Aug 16, 2011 7:34 pm
Forum: General
Topic: v5.5 bug: after ssh-keys password login via ssh is blocked
Replies: 18
Views: 4837

Re: v5.5 bug: after ssh-keys password login via ssh is block

It's kinda foolish to block password ssh login (when keys are used), but still allow telnet and ftp access out-of-the-box if better-than-password security is indeed the goal. Since I can't scp a file, I'll ftp it instead. It's a worthwhile option, but shouldn't replace the way it's been done. I use ...
by jp
Thu Aug 11, 2011 11:35 pm
Forum: General
Topic: v5.5 bug: after ssh-keys password login via ssh is blocked
Replies: 18
Views: 4837

Re: v5.5 bug: after ssh-keys password login via ssh is block

I'm using 5.6 and noticed similar ssh problems. Setting up a rb750GL which comes with 5.2ish, I can not use SCP to update the firmware. Have to use FTP. This is regardless of wheter admin has a password assigned yet. Updated to 5.6 and see the SSH problems discussed here. I don't use the older versi...
by jp
Wed Oct 06, 2010 9:20 pm
Forum: Wireless Networking
Topic: Help me beat the competitor
Replies: 16
Views: 2445

Re: Help me beat the competitor

We use MT, Alvarion, Trango, UBNT, Solectek, and Radwin. The MT interface is nicer than radwin. Radwin has a nasty windows program you use to configure stuff. I like the cross platform configuration MT offers. Radwin is indeed quality hardware. No question. Radwin also does synchronization, MT doesn...
by jp
Tue Sep 21, 2010 10:51 pm
Forum: General
Topic: Mounting RB433's to Wall
Replies: 3
Views: 725

Re: Mounting RB433's to Wall

You can back off the side case screws, put a paperclip behind the screw and wall mount it via the paper clip. Electrical spade connectors on the side screws would be another mounting method. RUn a wire between the two sides and hang it like a picture.
by jp
Thu Sep 16, 2010 5:21 pm
Forum: General
Topic: Setting up a simple vpn
Replies: 2
Views: 704

Re: Setting up a simple vpn

You will have to setup a static route on the MT to the main site's WAN IP through that site's ISP provided gateway IP. Then the PPTP or whatever VPN can connect. Then you set your default gateway and DNS server settings on the MT to use the main site's 192. number.
by jp
Thu Sep 16, 2010 5:17 pm
Forum: General
Topic: Using RouterOS as a "full" DNS server
Replies: 4
Views: 1159

Re: Using RouterOS as a "full" DNS server

Install a regular linux distribution (like centos or opensuse) and put webmin on it. webmin is a simple rpm package that provides a real nice interface to bind and many otherwise difficult software programs.
by jp
Tue Aug 31, 2010 8:32 pm
Forum: General
Topic: Relaying FM
Replies: 9
Views: 1071

Re: Relaying FM

Not sure about NZ, but radio stations in the US regularly rebroadcast into areas using different licensed frequencies. You must be licensed of course to do that, and it would probably require radio station permissions or oversight to avoid copyright issues of reproducing/rebroadcasting copyright mat...
by jp
Mon Jul 19, 2010 5:46 pm
Forum: General
Topic: bridge vs switch
Replies: 5
Views: 2900

Re: bridge vs switch

If you are exceeding that many mac addresses on an ethernet network, you best be looking at dividing up the network. Not because of the MT, but for various practical reasons that are difficult to explain.
by jp
Fri Apr 30, 2010 5:49 pm
Forum: General
Topic: MikroTik RouterOS version 4.9 released!
Replies: 32
Views: 11245

Re: MikroTik RouterOS version 4.9 released!

Hmmm, it seems Mikrotik wants to sell us quickly new licenses :? They are actually slowing down a little bit thankfully. You can see the pace tempered a little in 2009 onwards. I'd rather have a handful of mostly good releases compared to a rushed release made of duct tape, string and mystery meat....
by jp
Sun Apr 25, 2010 4:08 am
Forum: RouterBOARD hardware
Topic: Nvidia IOn
Replies: 10
Views: 1835

Re: Nvidia IOn

Saving 30 watts saves me $40/yr for electricity, and probably $20/yr for airconditioning electricity. All my electric bills add up to about $2k/month, so I conserve electricity whenever possible. At remote sites, I tend to use RBs as they are more power efficient than normal PC hardware. Newer PCs t...
by jp
Thu Apr 22, 2010 6:13 pm
Forum: RouterBOARD hardware
Topic: Nvidia IOn
Replies: 10
Views: 1835

Re: Nvidia IOn

I tried it with a zotac ion atom 230 system, 2gb ram. It's theoretically plenty powerful. It ended up running opensuse as my home workstation instead with it's nice built in nvidia graphics and DVI out and a little more RAM. This was about 30-50 days ago. I put a ocz ssd in it for workstation use. W...
by jp
Mon Apr 05, 2010 5:47 pm
Forum: General
Topic: RB800 + Big Outdoor Case(CA/OTU) + 4xUbnt XR5 = temp issues?
Replies: 61
Views: 11459

Re: RB800 + Big Outdoor Case(CA/OTU) + 4xUbnt XR5 = temp iss

With those holes in the bottom, don't be suprised if you find a wasp or bee nest inside the box.
by jp
Wed Mar 31, 2010 5:50 pm
Forum: RouterBOARD hardware
Topic: rb600 power or voltage monitor
Replies: 3
Views: 1491

Re: rb600 power or voltage monitor

Run a cheap ethernet switch/hub off the non-battery-backed outlet on the UPS. Put a patch cable between the switch/hub and an unused ethernet port on your RB. Monitor the status of the ethernet port in the SNMP system of your choice. Power on = ethernet up, power off = ethernet down.
by jp
Tue Mar 23, 2010 6:51 pm
Forum: Wireless Networking
Topic: sr9 vs xr9 for new deployment?
Replies: 13
Views: 1583

Re: sr9 vs xr9 for new deployment?

We've had bad luck with both sr9 and xr9 being on the same tower as other 900 gear. Alvarion BA-II 900 hopping; some interference somewhat affected performance of sr9, didn't try xr9 Alvarion VL900; seriously affected both sr9 and xr9 such that they were very unreliable. I imagine canopy would be a ...
by jp
Tue Mar 09, 2010 9:30 pm
Forum: RouterBOARD hardware
Topic: Point to Point Backhaul solution
Replies: 6
Views: 1167

Re: Point to Point Backhaul solution

I wouldn't expect any more out of a rb133. 433ah for everything would provide you a lot more speed.
by jp
Tue Mar 09, 2010 4:48 am
Forum: RouterBOARD hardware
Topic: 411ar voltage monitor
Replies: 4
Views: 770

Re: 411ar voltage monitor

http://routerboard.com/pricelist.php?showProduct=47

says the 411ar has a voltage monitor.
by jp
Sat Mar 06, 2010 12:13 am
Forum: Wireless Networking
Topic: Mikrotik STILL has no working 802.11N - Did they give up?
Replies: 30
Views: 6123

Re: Mikrotik STILL has no working 802.11N - Did they give up?

We like MT for G links, but haven't had good experiences with N links. We tried to do an N link, but to use the MT N card, we had to upgrade to a routerOS version that hosed the ethernet ports on the 433ah! The wireless portion didn't work any better than a 54mb G link, so we ended the test so we co...
by jp
Wed Mar 03, 2010 6:58 pm
Forum: General
Topic: SSH keys.. Am I missing something?
Replies: 6
Views: 1758

Re: SSH keys.. Am I missing something?

You should not have to add a key to your linux shell or specify -i keyfile name on your ssh client. Here's how I do it. jp@travelmug:~/.ssh> ls -la total 124 drwx------ 2 jp users 4096 2010-03-03 11:55 . drwxr-xr-x 59 jp users 12288 2010-03-02 18:02 .. rw------- 1 jp users 668 2008-03-04 21:01 id_ds...
by jp
Fri Feb 12, 2010 10:25 pm
Forum: General
Topic: Feature Request: OpenVPN [ovpn] udp tunnels
Replies: 250
Views: 90582

Re: Feature Request: OpenVPN [ovpn] udp tunnels

I run OpenVPN on a separate linux box, and it rocks. Performance, features, multiplatfom ease of use are quite good.
by jp
Fri Feb 05, 2010 10:37 pm
Forum: RouterBOARD hardware
Topic: 411ar voltage monitor
Replies: 4
Views: 770

411ar voltage monitor

I've tried 3.30 and 4.5 which says voltage 0.0v in winbox and no output from the cli.

This is with power jack or POE.

Any suggestions?
by jp
Fri Jan 08, 2010 9:18 pm
Forum: RouterBOARD hardware
Topic: word to the wise - cold and rb750
Replies: 18
Views: 3432

Re: word to the wise - cold and rb750

Sweet; I'll have to try the rb800 sometime then!

For the 750, I used the standard supplied power supply. I'll try one close to home with some bubble wrap around the shell sometime.
by jp
Wed Jan 06, 2010 8:15 pm
Forum: RouterBOARD hardware
Topic: word to the wise - cold and rb750
Replies: 18
Views: 3432

Re: word to the wise - cold and rb750

The lack of published temp rating and the initial experiences have created by concern. Thanks for the testing. They did work in the cold, just not as reliably as needed for us. Unless you test a dozen of them for a month at a time in the cold, running traffic, I don't think lab testing will show the...
by jp
Mon Jan 04, 2010 5:59 pm
Forum: RouterBOARD hardware
Topic: word to the wise - cold and rb750
Replies: 18
Views: 3432

Re: word to the wise - cold and rb750

They are not shiny white like a mac. They are sort of a satin finish white, like an old microsoft keyboard or mouse. I've got a few indoors that are working great. The problem ones have been in metal 1x1x2 foot outdoor cabinets (outdoors of course). Ethernet status stays 10/100 according to the back...
by jp
Sat Jan 02, 2010 8:04 pm
Forum: RouterBOARD hardware
Topic: word to the wise - cold and rb750
Replies: 18
Views: 3432

word to the wise - cold and rb750

Don't let your RB750 go below 32f (0c). 750g seems to handle colder temps fine.

We've swapped out 3 of 5 750's we've installed in outdoor cabinets because they can't take the cold. Have not had a single issue with the 750g, and we are swapping out the remainder of 750s that might see cold weather.
by jp
Thu Dec 31, 2009 11:22 pm
Forum: Wireless Networking
Topic: Helicopter install pre-assembled solar powered MikroTik
Replies: 8
Views: 1938

Re: Helicopter install pre-assembled solar powered MikroTik

Montana, with a 433ah, you could monitor it.

I haven't used a helicopter yet, but we have some sites that we can only access by boat or plane. We use a mix of private boat arrangments, public ferrys, and a local flying service.
by jp
Wed Dec 30, 2009 4:16 am
Forum: Wireless Networking
Topic: more radio power, could compensate coax length?
Replies: 9
Views: 1553

Re: more radio power, could compensate coax length?

There's not much redeeming good for LMR 900 as a general purpose cable. It doesn't do 5.8. The connectors are very expensive and unfriendly.The cable is fairly expensive. So far all my needs have been met with LMR400, 600 and POE.
by jp
Sun Dec 27, 2009 6:33 pm
Forum: General
Topic: Help, my ISP cut my adsl because I have a ethernet.
Replies: 5
Views: 701

Re: Help, my ISP cut my adsl because I have a ethernet.

Can you use a different service tier or switch ISPs?
by jp
Sat Dec 26, 2009 11:16 pm
Forum: Wireless Networking
Topic: more radio power, could compensate coax length?
Replies: 9
Views: 1553

Re: more radio power, could compensate coax length?

Upsize to LMR600 if you wish to reduce cable loss.
by jp
Fri Dec 25, 2009 5:12 am
Forum: General
Topic: Merry Xmas all MT users
Replies: 8
Views: 850

Re: Merry Xmas all MT users

Merry Christmas and happy new year from the coast of Maine.

Image
by jp
Fri Dec 18, 2009 12:17 am
Forum: General
Topic: v3.X uptime challenge
Replies: 55
Views: 12165

Re: v3.X uptime challenge

UPS can't hold it, the power is down for approx. 3 hours per day...
Consider the Tripplite APS with a deep cycle 8d boat/truck battery
by jp
Thu Dec 17, 2009 4:40 pm
Forum: RouterBOARD hardware
Topic: 750 temp rating
Replies: 0
Views: 447

750 temp rating

I've noticed the 750G has a temperature rating on the brochure, and the normal 750 has no published rating. Temps are starting to drop, and I'm both curious and concerned.
by jp
Thu Dec 17, 2009 12:13 am
Forum: RouterBOARD hardware
Topic: ethernet problem on 433H
Replies: 9
Views: 1618

Re: ethernet problem on 433H

I keep all the old copies of routerOS, as I know the new versions are often russian roulette.
by jp
Thu Dec 10, 2009 9:15 pm
Forum: RouterBOARD hardware
Topic: ethernet problem on 433H
Replies: 9
Views: 1618

Re: ethernet problem on 433H

We had the same problem with 4.3 on the 433ah. ether2 and ether3 wouldn't stay working. Interface status is correct, but won't pass any data. Downgrading to 4.2 fixed it. I have only used 4.x on this one RB, and I did it so I could try the r52n card.
by jp
Wed Nov 25, 2009 5:03 pm
Forum: Forwarding Protocols
Topic: static route versus direct connected.
Replies: 1
Views: 1188

static route versus direct connected.

This is in 3.30 using the normal routing package. I would expect an interface route would take preference over a static route; that's the way it works in about every other router out there. In this example, routerOS failed to do that. I enabled an ethernet vlan interface that had been disabled (basi...
by jp
Wed Nov 25, 2009 6:18 am
Forum: General
Topic: How to code a script to power-off or power-on a server?
Replies: 5
Views: 3367

Re: How to code a script to power-off or power-on a server?

If you're looking to save power, use a routerboard instead of a computer. There are routerboards suited for most applications now.
by jp
Wed Nov 25, 2009 5:35 am
Forum: General
Topic: Router OS x86 switching capacity
Replies: 7
Views: 1955

Re: Router OS x86 switching capacity

How about using a switch to switch, and a router to route, instead of using something called Router OS to switch?

You can get away with crossing over on the lower end, but when things get demanding, it requires choosing the best products for the job.
by jp
Fri Nov 20, 2009 5:14 pm
Forum: General
Topic: arp timeout
Replies: 0
Views: 554

arp timeout

I just had a case of a broadcasting problem because a router using 2.9.51 didn't stop transmitting when the destination host on the lan disappeared. A host was receiving a UDP stream, the host disappeared, but the traffic kept coming in. The traffic ended up broadcasting instead of unicasting for so...
by jp
Thu Nov 05, 2009 5:48 am
Forum: Forwarding Protocols
Topic: BGP stopped working in 4.2
Replies: 11
Views: 2087

Re: BGP stopped working in 4.2

You can use AS path prepending to make incoming traffic have a slight preference for the less prepended link. You probably won't be able to get 50/50, but it helps some. More drastically, you can break your netblock in two, and advertise the big netblock out the connection that is too full, and adve...
by jp
Sun Nov 01, 2009 11:17 pm
Forum: RouterBOARD hardware
Topic: 28v Over-voltage protection - Just say NO!
Replies: 11
Views: 3150

Re: 28v Over-voltage protection - Just say NO!

MT publishes the voltage ranges for the equipment, you know the voltage ranges of the solar systems YOU built, and despite them being different you did it anyways, and it was either unreliable or you needed a voltage regulator. You deploying gear have gotta learn to respect the voltage limits of equ...
by jp
Tue Oct 27, 2009 3:53 am
Forum: General
Topic: v3.X uptime challenge
Replies: 55
Views: 12165

Re: v3.X uptime challenge

A few of mine. Most are more up to date than this.

2.9.51 31w2d11h32m22s
3.22 31w4d7h46m52s
2.9.51 37w4d4h34m52s
2.9.51 38w5d10h47m52s
2.9.51 46w5d5h19m58s
2.9.51 47w5d10h51m44s
2.9.51 50w2d3h35m50s
2.9.51 56w5d6h22m12s
2.9.51 5w6d23h36m49s
2.9.51 62w3d19h8m16s
by jp
Fri Oct 23, 2009 5:00 am
Forum: General
Topic: multiple XR9 in a RB433
Replies: 3
Views: 612

Re: multiple XR9 in a RB433

I've put 2 XR2's and a cm9 in a 433ah or xr2+xr5+cm9. I think the cm9 is in the middle. It's a much smaller card.
by jp
Fri Oct 23, 2009 4:59 am
Forum: General
Topic: Wish: RB1000 more ports, SFP-Ports
Replies: 24
Views: 3387

Re: Wish: RB1000 more ports, SFP-Ports

For more ports and SFPs, you could use a managed switch with the RB. You'd be limited to whatever speed link you have between the switch and the RB, but you'd get the port quantity and selection you want.
by jp
Wed Oct 14, 2009 2:00 pm
Forum: General
Topic: v3.27 bug: ssh port forwarding is not working
Replies: 76
Views: 13278

Re: v3.27 bug: ssh port forwarding is not working

I would say it's more secure than port forwarding+firewalling as MT suggest as an alternative. First, we use firewall with ssh, (which I think should default with MT), so I can compare SSH with port forwarding+firewalling with respect to security. Essentially, the goal could be done with either SSH ...
by jp
Mon Oct 12, 2009 4:04 pm
Forum: RouterBOARD hardware
Topic: RB750 PoE on all ports Mod
Replies: 52
Views: 30974

Re: RB750 PoE on all ports Mod

Very nice. If an RB has an extra ethernet port and ethernet status LEDs, and this model of RB lets you turn ports on and off, you could use an ethernet port's status LED to power up/power down something with your circuit. Put a loopback plug into the ethernet port (transmit connected to receive), an...
by jp
Sat Oct 10, 2009 4:55 pm
Forum: Wireless Networking
Topic: PTP 46.7 KM
Replies: 5
Views: 1229

Re: PTP 46.7 KM

Terrain Navigator will do it for $99. It's worth having.

http://maptech.mytopo.com/land/index.cf ... N=47876756
by jp
Sat Oct 10, 2009 4:52 pm
Forum: Wireless Networking
Topic: WISP project - VOIP - Contention question...
Replies: 7
Views: 1494

Re: WISP project - VOIP - Contention question...

http://www.zytrax.com/tech/protocols/voip_rates.htm Study the stuff this link shows. Your data rates are quite a bit off. With g711, your packet overhead is worth refiguring. With the smaller "more efficient" compressions schemes, the packet overhead exceeds the actual bandwidth needed. I have measu...
by jp
Thu Oct 01, 2009 5:36 pm
Forum: RouterBOARD hardware
Topic: Running out of bandwidth - Ideas?
Replies: 11
Views: 2353

Re: Running out of bandwidth - Ideas?

We looked at the UBNT gear but it has a major bottleneck. The specs claim that the eth is only 100mbit. Rather odd as they advertise higher speeds than that. Could be a typo but the bleeding edge aspect is an issue. It also cannot support bonding easily. For this one link, expensive is not a massiv...
by jp
Wed Sep 30, 2009 10:48 pm
Forum: RouterBOARD hardware
Topic: Running out of bandwidth - Ideas?
Replies: 11
Views: 2353

Re: Running out of bandwidth - Ideas?

We've got a solectek excel that can do 100+mbps in 20mhz of 5.8 with dual pol dishes. Other ISPs suggest radwin 2000 for similar performance and better frequency options including 5.4. These are likely N/mimo based but tested and polished. ubnt has a new product with similar capacity for a lot less ...
by jp
Mon Sep 28, 2009 10:37 pm
Forum: Wireless Networking
Topic: Hotspot 'Why" Question
Replies: 2
Views: 646

Re: Hotspot 'Why" Question

You can use the trial access option in hotspot, and it should automatically comment out the login information on the login/acceptable use page. You still have to have license level 4 or better even though you don't have actual named users.
by jp
Mon Sep 28, 2009 8:24 pm
Forum: General
Topic: Fiber Converter/Switch
Replies: 13
Views: 2476

Re: Fiber Converter/Switch

We use fiber converters from www.versatek.com, transition networks, and trendnet (available at newegg). Just pick something that works for the fiber type (sm/mm) and distance involved. Too high a power output is not desirable for a short fiber link.
by jp
Sun Sep 13, 2009 10:27 pm
Forum: Wireless Networking
Topic: AP with 3 Omni Antennas
Replies: 8
Views: 1161

Re: AP with 3 Omni Antennas

You need sectors. Omnis receive interference from all directions. 3 120 sectors would be much better, and provide more gain too.
by jp
Fri Sep 04, 2009 4:34 am
Forum: Wireless Networking
Topic: a humble request!!!!!
Replies: 12
Views: 1570

Re: a humble request!!!!!

Why do you want it to show the distance? So you don't have to draw a line between two points in google earth to see a distance?

Alvarion's implementation is very accurate. UBNT and trango are less accurate.

If MT used it, I'd want them to do more than just display it.
by jp
Mon Aug 24, 2009 6:22 pm
Forum: General
Topic: Feature request: WPAD
Replies: 4
Views: 2703

Re: Feature request: WPAD

http://video.google.com/videoplay?docid ... 0866123044

After this, I would not suggest depending on wpad for anything. Utilizing it in MT would either mean you're a cracker or a fool.
by jp
Wed Aug 19, 2009 5:45 pm
Forum: General
Topic: Hotspot via EoIP
Replies: 14
Views: 1773

Re: Hotspot via EoIP

Your various access points could syslog to a central location so you could track where people are signing in. Mac address of the customer would match from the logs to the hotspot tables.
by jp
Wed Aug 19, 2009 5:36 pm
Forum: Wireless Networking
Topic: Alternative to 900 MHz sectors
Replies: 13
Views: 2188

Re: Alternative to 900 MHz sectors

It's worth a step up from Superpass for 900mhz. Pacwireless or MTI will provide a superior signal of 3-4 higher DB than superpass for a given advertised gain and pattern. Otherwise, superpass isn't a bad 900mhz antenna.
by jp
Tue Aug 18, 2009 8:57 pm
Forum: General
Topic: v3.27 bug: ssh port forwarding is not working
Replies: 76
Views: 13278

Re: v3.27 bug: ssh port forwarding is not working

I use this between linux hosts for secure remote database access. (Lets a local database client access a remote database as if it were local) Never thought to use it with Mikrotiks for the purposes described, but it could indeed be handy! I could concur this sort of change should be in the changelog...
by jp
Tue Aug 11, 2009 5:57 pm
Forum: Wireless Networking
Topic: Alternative to 900 MHz sectors
Replies: 13
Views: 2188

Re: Alternative to 900 MHz sectors

I would advise getting the good hoz sector or omni despite the cost. The antennas are a very important part of the link. At 900mhz a clean pattern is very important, and you need the good antennas to get that. This reduces noise and increases gain. If you use a bad antenna at the AP you will end up ...
by jp
Fri Aug 07, 2009 4:54 pm
Forum: RouterBOARD hardware
Topic: 24 Port Routerboard-based Managed Switch
Replies: 2
Views: 1018

Re: 24 Port Routerboard-based Managed Switch

Option 2 works great. We use procurve switches (available new and used) with Mikrotik VLANs all the time.
by jp
Mon Aug 03, 2009 8:29 pm
Forum: General
Topic: Newsletter #17
Replies: 23
Views: 5072

Re: Newsletter #17

[admin@111Lucia] /file> /tool wol 00:19:DB:62:7B:FB is what I do. Nothing gets captured when I sniff according to the following setup: [admin@111Lucia] /file> /tool sniffer export # aug/03/2009 13:20:30 by RouterOS 3.25 # software id = Z6DV-8JR8 # /tool sniffer set file-limit=1000 file-name=wolcap ...
by jp
Tue Jul 28, 2009 11:34 pm
Forum: General
Topic: Feature Request: Permanent Notes
Replies: 4
Views: 930

Re: Feature Request: Permanent Notes

This isn't a router function. This is a business/management software function. John and Carl need a wiki to note their changes on if it is important to share them. They might also need a system to automatically backup the configurations for reference or rollback. They also need to communicate with e...
by jp
Tue Jul 21, 2009 6:26 pm
Forum: General
Topic: 3.27 and Webbox
Replies: 7
Views: 1255

Re: 3.27 and Webbox

I saw today one of my techs use webbox to check wireless settings. It said 2.4b/g which was incorrect. Winbox said 5ghz-10mhz which was correct. This was a 532 with 3.27.
by jp
Mon Jul 20, 2009 7:51 pm
Forum: Wireless Networking
Topic: Solving 20km wireless link issues
Replies: 147
Views: 102127

Re: New 20km link, weird interference.

The signal strength is the signal strength, regardless of interference. Interference changes the SNR, and interference isn't so easy to reliably measure. I would suggest pigtails, cables, feedhorn changing/swapping, etc... We've seen feedhorns go bad on grids and dishes where the signal is usually w...
by jp
Wed Jul 15, 2009 4:44 pm
Forum: General
Topic: interace speeds and snmp
Replies: 1
Views: 1100

interace speeds and snmp

I have an rb433ah running 3.24 and can't graph the true speeds through the box with mrtg/snmp. I think it comes down to this. RouterOS isn't sending accurate interface max speeds via snmp. jp@mocha:~> snmpwalk -v1 -cxxxxx xxxxx |more SNMPv2-MIB::sysDescr.0 = STRING: router SNMPv2-MIB::sysObjectID.0 ...
by jp
Fri Jul 10, 2009 1:32 am
Forum: General
Topic: Primitive WISP Redesign
Replies: 20
Views: 3641

Re: Primitive WISP Redesign

You are correct, they cannot generate broadcast traffic when behind the CPE, but if they plugged a machine in front of it they can easily cause you significant problems. Imagine if they plug your access port in to a switch with no spanning tree and create a broadcast storm, or if they maliciously i...
by jp
Thu Jul 09, 2009 12:55 am
Forum: RouterBOARD hardware
Topic: Need help on UPS battery monitoring for routerboards
Replies: 31
Views: 8984

Re: Need help on UPS battery monitoring for routerboards

Google's translator helps, russian to english.

The price was 240 hrn, which appears to be 30-40 $ US according to XE.com's conversion.

I'd like to able to order one of those....
by jp
Wed Jul 08, 2009 10:29 pm
Forum: General
Topic: CPU usage
Replies: 1
Views: 313

CPU usage

I've got a 433 running 90-100% cpu most of the time. It's pushing about 20mbps of Internet traffic. It's got a couple mange/queuetree items to prioritize VOIP, and that's about it. It's got 1 wireless nstreme interface, and utilizes one of the ethernet interfaces for 2 vlans. Would I see any more sp...
by jp
Tue Jul 07, 2009 5:04 pm
Forum: General
Topic: Primitive WISP Redesign
Replies: 20
Views: 3641

Re: Primitive WISP Redesign

If you have 1000 customers on one switched network, you will have problems. With that setup, I would move wireless sites to separated routed networks one at a time. You could have a MT router at the core, with vlans dedicated to each site. Each site's switch would untag the vlans. I don't do DHCP fo...
by jp
Tue Jun 23, 2009 4:08 am
Forum: RouterBOARD hardware
Topic: RouterBoard in CNC-Milled aluminium case
Replies: 15
Views: 2759

Re: RouterBoard in CNC-Milled aluminium case

I'd pay $200 each for a few. It's alot like an Alvarion case, and Alvarion radios cost a lot more, and they have good cases. I don't like the pac wireless cases. The other option is a larger generic nema rated box, which isn't practical to install/de-install in all tower situations. A modest high qu...
by jp
Mon Jun 22, 2009 5:57 pm
Forum: General
Topic: Radio description field
Replies: 3
Views: 834

Re: Radio description field

ciambot, you need a customer database to keep track of this sort of thing. Then you can use a variety of radio brands and styles and keep track of those sort of things. It's also good to store variables about the customer incase their radio fails and they need new equipment programmed, or other spec...
by jp
Sun Jun 21, 2009 2:18 am
Forum: General
Topic: Can we PLEASE leave the menu orders ALONE?
Replies: 30
Views: 5212

Re: Can we PLEASE leave the menu orders ALONE?

While you're sprucing up the interface, I'd suggest making the wireless interface window a little shorter in advanced mode for better netbook/small window compatibility. Thanks!
by jp
Tue Jun 16, 2009 5:13 pm
Forum: General
Topic: Feature request: winbox for non windows clients
Replies: 6
Views: 1242

Re: Feature request: winbox for non windows clients

Works great here too.

I have a command alias wb to start a new winbox login:
alias wb='wine ~/Desktop/winbox.exe &'

wine-1.1.9-1.11.1
openSUSE 11.1 (x86_64)
by jp
Tue Jun 16, 2009 5:10 pm
Forum: General
Topic: Can we PLEASE leave the menu orders ALONE?
Replies: 30
Views: 5212

Re: Can we PLEASE leave the menu orders ALONE?

MT; thanks for those GUI changes. I really appreciate things being adjusted to accommodate netbooks. Three of our four last laptop purchases at our company were netbooks. I use one because it's light, cheap, and has better battery life than cheap big laptops. I'm sure pretty much every company is ei...
by jp
Wed Jun 10, 2009 5:50 pm
Forum: Wireless Networking
Topic: Mikrotik vs Alvarion subscribers per sector
Replies: 2
Views: 1329

Re: Mikrotik vs Alvarion subscribers per sector

In the US, you would not be able to use 5.4-5-7 with MT, but the technologies apply to any frequency VL and MT work in. The VL gear has some nstreme like capabilities (packet combining options, etc..). I have no idea how many customers you can have on a MT sector with nstreme. You would need nstreme...
by jp
Wed Jun 10, 2009 4:57 pm
Forum: General
Topic: Newsletter #17
Replies: 23
Views: 5072

Re: Newsletter #17

Doesn't work for me yet. Here is a 3.24 433. MikroTik RouterOS 3.24 (c) 1999-2009 http://www.mikrotik.com/ Property of Midcoast Internet Solutions 2075948277 or www.midcoast.com Unauthorized access will be prosecuted. All Access is logged. [admin@111Lucia] > ip address print Flags: X - disabled, I -...
by jp
Wed Jun 03, 2009 8:41 pm
Forum: RouterBOARD hardware
Topic: RB411AR How to Power On Without Antenna
Replies: 11
Views: 4279

Re: RB411AR How to Power On Without Antenna

This is the first I've heard of the product. I would like if MT told more about it's radio's capabilities
by jp
Thu May 28, 2009 6:38 pm
Forum: Wireless Networking
Topic: vpol and hpol same freq. @ 900Mhz
Replies: 4
Views: 786

Re: vpol and hpol same freq. @ 900Mhz

With the low gain on 900mhz antennas and the propogration of the signal through everything, it is really tough to reuse the frequency within miles. I suppose it might be possible with a syncd system like canopy, but the speed wouldn't be great.
by jp
Sat May 23, 2009 4:56 am
Forum: General
Topic: Understanding VLANs. Questions w/diagram.
Replies: 1
Views: 763

Re: Understanding VLANs. Questions w/diagram.

If those rack mount things in your diagram are managed switches, there is no need for mikrotik at all, except to route traffic between the VLAN networks. To see what gets sent across the link needlessly, run torch on a remote MT participating in the vlan or a PC running ethereal. Chapter 9 of this H...
by jp
Tue May 19, 2009 8:32 pm
Forum: General
Topic: Best way to copy across a 20GB xen image
Replies: 6
Views: 871

Re: Best way to copy across a 20GB xen image

You should be able to send it right from the centos machine using scp to the destination, without an intermediate windows system for copying the files.
by jp
Fri Apr 24, 2009 4:43 pm
Forum: RouterBOARD hardware
Topic: sigwatch
Replies: 0
Views: 394

sigwatch

I was disappointed to learn it's not available on RB hardware. Is there anything similar for RBs? I basically want to determine the logic status of a single on/off signal and have it be logged by the MT. Ethernet hooked up to a relay (use a dpdt relay to connect transmit to receive and make the port...
by jp
Fri Apr 24, 2009 3:02 am
Forum: General
Topic: Newsletter #17
Replies: 23
Views: 5072

Re: Newsletter #17

Thanks for the WOL; I look forward to it!
by jp
Thu Apr 16, 2009 4:06 pm
Forum: General
Topic: RB1000 vs L3 switch routing performance
Replies: 3
Views: 2064

Re: RB1000 vs L3 switch routing performance

My understand of l3 switches is that most of the affordable ones do not have the means to handle a full internet bgp routing table. They'd be fine for internal BGP if they even do BGP. They would probably not be calea compatible too, apart from port mirroring to a router, which is important for US p...
by jp
Thu Apr 09, 2009 6:48 pm
Forum: General
Topic: Limit SSH user access only by "SSH Key": it's possible?
Replies: 6
Views: 803

Re: Limit SSH user access only by "SSH Key": it's possible?

Just don't share the password, and they won't be able to use it.
by jp
Mon Apr 06, 2009 4:52 am
Forum: Wireless Networking
Topic: Identifying the type of Radio being used in a MT?
Replies: 5
Views: 838

Re: Identifying the type of Radio being used in a MT?

It is difficult to figure out antenna and location details as well. Use the comments fields for radio card, antenna type and polarity, and location.

Tom
I keep a mysql database of this information (and other useful related details)
by jp
Sat Apr 04, 2009 11:06 pm
Forum: Wireless Networking
Topic: Identifying the type of Radio being used in a MT?
Replies: 5
Views: 838

Re: Identifying the type of Radio being used in a MT?

system resource pci print detail
will give a few clues as well.
by jp
Mon Mar 23, 2009 11:01 pm
Forum: Beginner Basics
Topic: ubiquiti roter station and mikrotik
Replies: 6
Views: 2446

Re: ubiquiti roter station and mikrotik

433ah comes with l5 license for $150.
ub rs =69, l5 license = 95. I can't do math, but that's more than $150.
by jp
Thu Mar 19, 2009 7:32 pm
Forum: Forwarding Protocols
Topic: 3.22 routing test bgp prepending
Replies: 3
Views: 2730

3.22 routing test bgp prepending

I am having a problem figuring out as-path prepending using the 3.22 routing test now that it's in there. I actually made a filter that worked with the local-pref option, and added the set bgp prepend path, and as soon as I did that, both bgp peers went down, even though the filter is only applied t...
by jp
Mon Mar 16, 2009 6:00 pm
Forum: Wireless Networking
Topic: snmp to AP interface
Replies: 0
Views: 370

snmp to AP interface

I can not get information via SNMP regarding a wireless interface once it has been changed to "ap-bridge" from station. This is with both 3.17 and 3.22. How can I get SSID, frequency, etc.. via SNMP from my APs? I would also like to get the band choice, but that doesn't appear as an OID. jp@huehuete...
by jp
Sun Mar 15, 2009 2:43 am
Forum: General
Topic: SSHv2 MikroTik to Cisco device
Replies: 3
Views: 1429

Re: SSHv2 MikroTik to Cisco device

I don't think the ssh client in routeros has been ssh2 for quite a while if ever.

Most of our linux servers installed in the past 5 years don't allow sshv1 by default. This means I have not been able to ssh from routeros to linux servers for the most part.
by jp
Thu Mar 12, 2009 4:08 pm
Forum: General
Topic: Getting hardware support added to RouterOS
Replies: 7
Views: 1087

Re: Getting hardware support added to RouterOS

ADSL is probably the most common type of broadband Internet connection, and MT is commonly used to interface networks to Internet connections. So it would seem like a handy thing and popular things to support. However, I like having my choice of DSL modems. We're a DSL provider, and no DSL modem wor...
by jp
Sat Feb 28, 2009 8:42 pm
Forum: General
Topic: Auras and EM Radiation
Replies: 1
Views: 409

Re: Auras and EM Radiation

Scan him with a spectrum analyzer. just like they do with the metal detector wand at the airport.

Perhaps he's wearing electronics that are faulty (cell phone, ipod, watch, etc..)

If it's a static issue, make some clothing out of used antistatic bags.
by jp
Fri Feb 20, 2009 6:12 am
Forum: RouterBOARD hardware
Topic: sticker request
Replies: 8
Views: 2024

Re: sticker request

Lets ignore the complexity of a wireless system for a moment. Let's say I bought and deploy a rb433 as an ethernet router and put it in a black aluminum indoor case like would be commonly sold with the mikrotiks. The 433 has the FCC logo printed on the circuit board, implying some sort of approval. ...
by jp
Tue Feb 17, 2009 12:09 am
Forum: General
Topic: bgp question
Replies: 2
Views: 432

bgp question

What does the "Default originate" checkbox do in winbox? I see nothing for it in the CLI.

I am looking to have MT "b" running BGP receive a default route from it's peer "a". What BGP option does that in MT?
Is it setup in the A router's peer "b" settings or the b routers peer "a" settings?

Thanks!
by jp
Mon Feb 16, 2009 6:23 pm
Forum: RouterBOARD hardware
Topic: sticker request
Replies: 8
Views: 2024

sticker request

I do appreciate the stickers with the model numbers and mac addresses that come with the RBs. It would be useful for the US market to have the FCC ID printed on the sticker as well. Radio cards I buy such as the CM9 come with a sticker showing the FCC ID number, and I put that sticker on the RB case...
by jp
Mon Feb 16, 2009 6:16 pm
Forum: RouterBOARD hardware
Topic: RB 450 - Dual power input?
Replies: 7
Views: 1312

Re: RB 450 - Dual power input?

I would think anything after the rectifier would be able to be paralleled. If you still must isolate each power supply from each other a simple diode after the power supply would work to prevent backflow. Every solar panel has this, so that solar panels don't discharge your batteries at night.
by jp
Sun Feb 15, 2009 5:34 am
Forum: Wireless Networking
Topic: Crown Castle / CCI
Replies: 4
Views: 593

Re: Crown Castle / CCI

It varies hugely. I have not dealed with Crown Castle, but I understand them to be a run of the mill tower ownership / management business. We have cell phone towers in the area that the owners aren't interested in dealing unless its closer to 1000/mo, and of course that does not interest me either....
by jp
Wed Feb 11, 2009 3:28 pm
Forum: General
Topic: Sample Hotspot Page - Sticky Please
Replies: 438
Views: 307619

Re: Sample Hotspot Page - Sticky Please

Nice Mikrotik hotspot ad in Linux Journal! Though you are a foreign company so you probably wouldn't get in trouble for it, you should gain written copyright permission before using others' images in commercial advertising. My hotspot screenshot was on there. I won't complain, because it's essential...
by jp
Sun Feb 08, 2009 1:08 am
Forum: General
Topic: BGP routing - how can I manually weight a route?
Replies: 4
Views: 745

Re: BGP routing - how can I manually weight a route?

You could also advertise the route one direction with it's normal size subnet and the preferred direction with 2 half-sized subnets that mean the same thing. More precise subnets always take preference.
by jp
Tue Feb 03, 2009 9:45 pm
Forum: General
Topic: Metarouter and Xen? Which is which?
Replies: 12
Views: 2963

Re: Metarouter and Xen? Which is which?

At the wireless ISP client site * set up two isolated routers and set the wireless control only for the router controlled by the WISP while the Ethernet side router is fully under the clients control At multiclient sites (such as office buildings) * in locations serving multiple clients by Ethernet...
by jp
Sun Feb 01, 2009 4:17 am
Forum: Wireless Networking
Topic: Wireless over water
Replies: 23
Views: 3418

Re: Wireless over water

You probably need to get further back from the shore for the link endpoints. When radios are near the water, tidal reflection are serious. Move both ends back 1/4 mile from the shore, and things will not fluctuate as much. Go for all the antenna gain you can get as well. see the attached file for my...
by jp
Tue Jan 27, 2009 11:50 pm
Forum: General
Topic: ROS version in snmp
Replies: 8
Views: 1682

Re: ROS version in snmp

This is what I gather and how from my mts. #!/bin/bash MYCMD="mysql -B -N -h 127.0.0.1 -u root -s -pxxxxxxxxxxxxxxxxxx -e " for IP in `$MYCMD " use mt; select ip from router;"` ; do VER=`snmpget -r2 -v1 -c public -Ovq $IP .1.3.6.1.4.1.14988.1.1.4.4.0 |cut -d" " -f1|sed -e "s/\"//g"` NAME=`snmpget -r...
by jp
Sun Jan 25, 2009 2:58 pm
Forum: RouterBOARD hardware
Topic: SOLVED Solar Power Solution for RB433
Replies: 42
Views: 15354

Re: SOLVED Solar Power Solution for RB433

Your WIKI docs is very interesting, but you should extend it about winter situation. You use your sollution in hot area. But what will happend in winter in cold areas (-25 degrees of Celsia)? And with snow on it? Dont forget that baterry should operate from +12 to +25 degreese of Celsia. Batteries ...
by jp
Sun Jan 25, 2009 2:55 pm
Forum: General
Topic: Production router running BGP - want to install routing-test
Replies: 2
Views: 497

Re: Production router running BGP - want to install routing-test

If you have a PC with a CPU supporting virtualization, you could install 5 copies of router-OS on it using xen with a linux domain-0.
by jp
Sun Jan 25, 2009 2:51 pm
Forum: General
Topic: sftp
Replies: 3
Views: 2057

Re: sftp

Not really box-to-box, but you can scp from your server or workstation to mikrotiks. If you have ssh keys installed, it can do it without passwords.
by jp
Fri Jan 23, 2009 7:01 pm
Forum: General
Topic: Routeros as xen guest to linux host
Replies: 7
Views: 2477

Re: Routeros as xen guest to linux host

Well, you'll have to upgrade your computer then, (Or convince MT to recompile with the xen kernel to support paravirtualization)
by jp
Fri Jan 23, 2009 4:44 am
Forum: General
Topic: Routeros as xen guest to linux host
Replies: 7
Views: 2477

Re: Routeros as xen guest to linux host

specify the iso a a boot file, and have a virtual disk file also for the destination. After it's installed, remove the iso from the configuration file to free up loop devices. here is one config we use. xenserver1:/etc/xen/vm # cat mt-hotspot name="mt-hotspot" ostype="other" uuid="d8491ebf-cb1b-d1a9...
by jp
Wed Jan 21, 2009 6:57 pm
Forum: General
Topic: export feature request
Replies: 0
Views: 535

export feature request

I would like export to have the option to eliminate the \ line breaks and put the command all on one line. I have backups of all my MT's configs via export and it would make it easy to search configs for specific configuration details. It would also be nice to have the option of having the full path...
by jp
Mon Jan 19, 2009 3:28 pm
Forum: Wireless Networking
Topic: Small throughput ~2Mb on link 6km. but in bw test it 7Mb/8Mb
Replies: 2
Views: 526

Re: Small throughput ~2Mb on link 6km. but in bw test it 7Mb/8Mb

Bandwidth test it again using smaller packets. The bandwidth is probably being gained through full sized packets. You may need nstreme to consolidate the packets. Regular wifi protocol is not efficient for small packets (such as used by voip and other chatty internet apps.) Also research why you are...
by jp
Mon Jan 19, 2009 5:31 am
Forum: RouterBOARD hardware
Topic: SOLVED Solar Power Solution for RB433
Replies: 42
Views: 15354

Re: SOLVED Solar Power Solution for RB433

I have created a wiki article to document the process of making a solar power system. Hopefully this will help others. The article is found here: http://wiki.mikrotik.com/wiki/Solar_Power_HOWTO The photos of the batteries in the wiki article appear to be a 12v setup (parallel 12v batteries). Otherw...
by jp
Thu Jan 15, 2009 10:20 pm
Forum: RouterBOARD hardware
Topic: RB433 extremal temperature test 8)
Replies: 8
Views: 2615

Re: RB433 extremal temperature test 8)

We were lucky and it only got to -2f this morning (-19c). People in the northern part of our state really got extreme cold. Happens every winter for a couple of spells.

http://www.bangornews.com/detail/97248.html
by jp
Tue Jan 13, 2009 8:33 pm
Forum: RouterBOARD hardware
Topic: long uptime on a rb112
Replies: 1
Views: 525

Re: long uptime on a rb112

I've got some PC based ones at 37 and 41 weeks; when I updated them to 2.9.51, and a 3.10 PC going for 28 weeks.
by jp
Mon Jan 12, 2009 3:43 am
Forum: General
Topic: usb anywhere, usb over TCP
Replies: 1
Views: 741

Re: usb anywhere, usb over TCP

If routerboard started coming with USB ports, I suspect this would be a popular request. I'd use it instantly for camera control both for cheap webcams and digital SLRs, mobile relaying of GPS information back to a central network location, allowing commodity USB thumb scanners to remotely authentic...
by jp
Mon Jan 12, 2009 3:34 am
Forum: General
Topic: ICE on antennas
Replies: 6
Views: 1033

Re: ICE on antennas

I haven't used those radios but I certainly wouldn't if they stopped working below -30c! Most of my gear utilizing radio cards is indoor, but that can be pretty cold too as those tower sites are unheated. I've got CM9 and SR5 cards in -30c occasionally without problem. BTW, if windchill is -40, the ...
by jp
Mon Jan 12, 2009 3:25 am
Forum: General
Topic: Monitoring battery voltage on solar panels
Replies: 13
Views: 5531

Re: Monitoring battery voltage on solar panels

The AH has the system health monitor which shows voltage.
by jp
Tue Jan 06, 2009 4:07 pm
Forum: Wireless Networking
Topic: is it relaible?
Replies: 13
Views: 1321

Re: is it relaible?

5.8ghz is reliable. We have used it with Alvarion VL and Trango gear for many years. I would suggest a sector antenna at the AP. 5.8 has greater freespace loss and the sector gain can make up for that. The omnis for 5.8 are also kinda fussy; they work OK on a pole at short height, but don't work so ...
by jp
Tue Jan 06, 2009 5:52 am
Forum: General
Topic: PPTP connection drops when user has Linksys wireless router
Replies: 26
Views: 11830

Re: PPTP connection drops when user has Linksys wireless router

I would make sure connection tracking is on in your MT. We've seen pptp and ipsec stop working or never start if connection tracking isn't enabled. pptp is a connection oriented link, and ipsec needs it because it causes fragmentation. I would update right to the latest MT OS for testing; you'd prob...
by jp
Mon Jan 05, 2009 10:50 pm
Forum: General
Topic: centos on xen
Replies: 2
Views: 568

Re: centos on xen

How about setting xen up on centos instead. If you're looking for a decent OS for a hypervisor/domain0/host, I'd suggest opensuse 11.0. I have run centos and routeros as a guest on that.
by jp
Sun Jan 04, 2009 3:01 pm
Forum: General
Topic: Any plans for the future of Mikrotik and the Broadband 2.0
Replies: 38
Views: 3727

Re: Any plans for the future of Mikrotik and the Broadband 2.0

From Mikrotik, I was looking for standard routerboards like the RB152 or RB453 or RB493 where the RJ45 ports are replaced entirely by Fibre Optic Tranceivers, which would make more sense for applications like us. Granted, they would be more expensive, but they would be at least cheaper than the alt...
by jp
Sat Jan 03, 2009 11:32 pm
Forum: General
Topic: Any plans for the future of Mikrotik and the Broadband 2.0
Replies: 38
Views: 3727

Re: Any plans for the future of Mikrotik and the Broadband 2.0

Most of the TV over fiber is analog, unlike let say IPTV where the led/laser is putting out simple digital on/off. You can have digital TV over it, but they just take the RF signal off coax and convert it to light and send it over the fiber. The expensive CPE converts it back to RF for your TV tuner...
by jp
Wed Dec 31, 2008 4:35 pm
Forum: General
Topic: Any plans for the future of Mikrotik and the Broadband 2.0
Replies: 38
Views: 3727

Re: Any plans for the future of Mikrotik and the Broadband 2.0

Sorry, mesh isn't comparable to fiber's capabilities.
by jp
Thu Dec 25, 2008 4:07 am
Forum: Wireless Networking
Topic: PacWireless 3 Foot dual polarity Dish Certification?
Replies: 8
Views: 2115

Re: PacWireless 3 Foot dual polarity Dish Certification?

There is almost no port-to-port isolation. The elements in the feedhorn are pretty close to each other and nothing except for a polarity change a tiny distance separate them from each other. We use the dual feed antennas for redundancy. If a cable gets damaged or fails, we switch polarities and are ...
by jp
Thu Dec 25, 2008 3:59 am
Forum: Wireless Networking
Topic: interferance reduction
Replies: 20
Views: 2722

Re: interferance reduction

The Alvarion fhss 2.4 uses 1mhz channels, and has about 23 unique hopping sequences (meaning you can have 23 different radios that avoid most self-interference via their hopping algorithms.) We've had more than a dozen radios at a site without interference. The 1 mhz gets 3mbit of wireless rate (abo...
by jp
Wed Dec 24, 2008 4:14 am
Forum: General
Topic: Feature Req: Extend SNMP to make more attributes available
Replies: 2
Views: 939

Re: Feature Req: Extend SNMP to make more attributes available

frequency is available by snmp. For stuff not yet in snmp, I've been using ssh with keys to get the data. Here is a script I use to keep our inventory database of mikrotiks up to date. jp@mocha:~> more /usr/local/mis/bin/db.update.mt #!/bin/bash MYCMD="mysql -B -N -h 127.0.0.1 -u root -s -pxxxxxxxxx...
by jp
Wed Dec 24, 2008 3:22 am
Forum: Wireless Networking
Topic: interferance reduction
Replies: 20
Views: 2722

Re: interferance reduction

hi all we r facing problems with channal interferance with all channals in 2.4 cuz we have like 50 wifi ommni in the same regien so.. how can i reduce the interferance? is the signal filter good for this problem or enything else?? thnak u all What are you using for an antenna at your AP? We can pic...
by jp
Wed Dec 24, 2008 3:21 am
Forum: Wireless Networking
Topic: PacWireless 3 Foot dual polarity Dish Certification?
Replies: 8
Views: 2115

Re: PacWireless 3 Foot dual polarity Dish Certification?

Pacwireless had a bad run of feedhorns for the 5.8ghz 2' solid dishes. I think it was last winter or something, I'm not sure. We've bought some since then and they are all good. They replaced the ones we had problems with.
by jp
Sun Dec 21, 2008 2:37 am
Forum: Wireless Networking
Topic: Nstreme ptp help
Replies: 40
Views: 9083

Re: Nstreme ptp help

I don't believe you can use WDS with Nstreme.
by jp
Sat Dec 20, 2008 5:07 am
Forum: General
Topic: TFTP
Replies: 33
Views: 14287

Re: TFTP

1: yes
2: updating firmware on remote switches, radios, cameras, phones
3: some pxe boot serving capabilties, perhaps the tftp server could relay files from a remote specified webserver if it doesn't store files locally?
by jp
Wed Dec 17, 2008 11:27 pm
Forum: General
Topic: Input voltage readout
Replies: 3
Views: 693

Re: Input voltage readout

Use a 433ah or 333 it's under system health print or .1.3.6.1.4.1.14988.1.1.3.8.0
by jp
Mon Dec 15, 2008 11:23 pm
Forum: General
Topic: bgp license level
Replies: 9
Views: 1307

Re: bgp license level

Yes, thank you!
by jp
Sat Dec 13, 2008 7:14 pm
Forum: Wireless Networking
Topic: AM I insane ? WIMAX and NLOS !
Replies: 4
Views: 1919

Re: AM I insane ? WIMAX and NLOS !

NLOS has been a marketing buzzword every since OFDM came to market; probably before that. It is mostly meaningless. Alvarion is very conservative in the marketing, so it's surprising they use the term. Probably there are no trees where their Israeli HQ is. OFDM does a little better than non-OFDM (tr...
by jp
Sat Dec 13, 2008 7:10 pm
Forum: Wireless Networking
Topic: CPE, share ur thoughts
Replies: 7
Views: 1458

Re: CPE, share ur thoughts

It doesn't matter whether the customers need stable links; you need stable links. Otherwise you will hit a certain size and you'll spend all your staff resources answering unnecessary phone calls, troubleshooting substandard radio equipment, and messing around with preventable problems, preventing y...
by jp
Sat Dec 13, 2008 1:17 pm
Forum: General
Topic: RANT - Configuration management: .backup is a joke
Replies: 34
Views: 6923

Re: RANT - Configuration management: .backup is a joke

Thats the exact purpose of this thread. I want to be able to completely reset, reconfigure and upgrade in one hit WITHOUT having local access. Would a "/system reset-configuration file=name.rsc" do what you want? It would reset, and then apply the config in the RSC file so that your CPE could conne...
by jp
Tue Dec 09, 2008 3:41 am
Forum: Wireless Networking
Topic: SR9 Questions
Replies: 8
Views: 1661

Re: SR9 Questions

I have found SR9 to be more susceptible to interference and finicky than 900mhz systems like Trango or Alvarion. We tried two links with it, and gave up in favor of Trango and Alvarion. If you have LOS, you should use a higher frequency. 900 is highly susceptible to variable service for a variety of...
by jp
Fri Nov 28, 2008 3:34 pm
Forum: General
Topic: RouterOS new manual topics
Replies: 4
Views: 4897

Re: RouterOS new manual topics

Looks to be a good improvement over previous documentation. Keep up that good work there.
by jp
Fri Nov 28, 2008 3:08 am
Forum: General
Topic: ssh remote commands.
Replies: 0
Views: 485

ssh remote commands.

I am using ssh keys to log in remotely with no password to the routeros cli. On 2.9.51, executing a remote command causes a login failure, but it still works. This problem is not exhibited in the 3.x routeros. ssh admin@10.1.6.1 logs me in with no password being asked, and logs no error. ssh admin@1...
by jp
Fri Nov 28, 2008 1:35 am
Forum: General
Topic: bgp license level
Replies: 9
Views: 1307

Re: bgp license level

hehe, I wasn't suggesting that this was a problem that needed fixing. Adjusting the wiki would be my suggestion for the fix.
by jp
Sun Nov 23, 2008 2:33 pm
Forum: Wireless Networking
Topic: Successful 5.4Ghz DFS deployment in the US?
Replies: 1
Views: 763

Re: Successful 5.4Ghz DFS deployment in the US?

The US DSF is different than other country's DFS requirements. Some vendors call it DFS-II. I haven't tried it.
by jp
Thu Nov 20, 2008 11:10 pm
Forum: RouterBOARD hardware
Topic: redundant power supply platform
Replies: 5
Views: 1439

Re: redundant power supply platform

Anything DC powered, you can hook multiple power supplies in parallel. Nothing fancy needed. Two power supplies and the loads wired to a bus style connection for example. If a power supply loses power, the load increases on the remaining. You can't really do that so well with AC, as you start mixing...
by jp
Thu Nov 20, 2008 11:08 pm
Forum: RouterBOARD hardware
Topic: FCC certification
Replies: 3
Views: 1567

Re: FCC certification

Look for the fcc symbol on the routerboards. It seems to be present on all the newer ones. I think the 532 might not have been. Then get an FCC approved radio card. What antennas are approved are determined by the radio card's testing/approval. At least that's my understanding. Then it should be pro...
by jp
Thu Nov 20, 2008 4:31 am
Forum: General
Topic: How to make a 16 or 24 port MT L-3 Switch
Replies: 10
Views: 1751

Re: How to make a 16 or 24 port MT L-3 Switch

link a 433ah with a HP procurve 2524 or like managed switch. On the switch: Setup 23 vlans starting with vlan id 2, set port 1 to be tagged for all the vlans. Set ports 2-24 to be untagged for their respective matching vlan ids. On the MT Setup all the vlan subinterfaces (one for each id), on the et...
by jp
Tue Nov 18, 2008 5:08 pm
Forum: Wireless Networking
Topic: tower demolition
Replies: 2
Views: 855

Re: tower demolition

You climb them just like a ladder. Each flat part of a zigzag crossbracing is a step. Then you clip in for safety when you work with a fall arrest harness. It is a lot more sturdy than a ladder. They don't sway much, certainly a bit more than a more massive tower, but it's quite sturdy. Here is a ph...
by jp
Mon Nov 17, 2008 8:20 pm
Forum: RouterBOARD hardware
Topic: SOLVED Solar Power Solution for RB433
Replies: 42
Views: 15354

Re: Solar Power Solution for RB433

Well, every need is a little different, but I needed to be able to run a 12v inverter. 24v under charging conditions can exceed 24v by a fair amount and I did not want to put too much voltage into the RB. My rb is only 2' from the batteries, if you have a long poe cable run, it would likely be a low...
by jp
Mon Nov 17, 2008 5:18 pm
Forum: General
Topic: Feature Request
Replies: 2
Views: 848

Re: Feature Request

Another feature request...

I would like to be able to import multiple ssh keys with one file.
by jp
Mon Nov 17, 2008 4:53 pm
Forum: RouterBOARD hardware
Topic: SOLVED Solar Power Solution for RB433
Replies: 42
Views: 15354

Re: Solar Power Solution for RB433

I would use larger panels too. Things change quickly with the Internet and you'll want to add more radio cards or a different routerboard at some point in the future without having to redesign the whole system. If the cable run isn't too long, I'd prefer a 12v system.
by jp
Mon Nov 17, 2008 4:40 pm
Forum: Wireless Networking
Topic: XR 5 on INTEL Platform based on Atom technology
Replies: 4
Views: 1207

Re: XR 5 on INTEL Platform based on Atom technology

I have heard some of them come with an odd ethernet which requires a non-stock driver. If that is the case, you'd have to pick between ethernet or wireless on the 1 pci slot. Keep us posted. I am interested in them too.
by jp
Sun Nov 16, 2008 5:46 am
Forum: Wireless Networking
Topic: tower demolition
Replies: 2
Views: 855

tower demolition

a fun afternoon on the hill to share with you. We had an old 95' tower (probably 100' with 5' in the ground) that is 50+ years old and we took it down. I wanted to use thermite as I didn't want to be near the guy point when it let go, but I ended up needing to cut through a turnbuckle with a power t...
by jp
Sat Nov 15, 2008 6:48 pm
Forum: General
Topic: filenaming
Replies: 1
Views: 412

filenaming

What are the limitations on filenames in routeros?

I have figured out I can't have dots in the files except as a filename extension. What else is not permissible? Or What is permissible? Thanks!
by jp
Sat Nov 15, 2008 3:51 pm
Forum: General
Topic: problem : one network adapter and many mac-address
Replies: 2
Views: 559

Re: problem : one network adapter and many mac-address

Here you only have one mac address with multiple real IPs. It appears to be a senao based on the mac address. Almost anything can have multiple IPs.
by jp
Tue Nov 11, 2008 5:54 pm
Forum: General
Topic: full squid feature with GUI in mikrotik will be great
Replies: 32
Views: 6837

Re: full squid feature with GUI in mikrotik will be great

If you want a higher end/higher featured squid box, you have to put the work into it. If the linux part is too much trouble, try a different linux distribution or learn more linux stuff. I've got two linux boxes running squid that are much more reliable than a typical MT. Webmin can handle squid too...
by jp
Sat Nov 08, 2008 3:27 pm
Forum: General
Topic: Virtualization RouterOs
Replies: 50
Views: 4997

Re: Virtualization RouterOs

I specify the disks used to be the x86 installation ISO, then the second disk is to create a 250MB file for a virtual disk. After installation, you can remove the ISO from the configuration. For upgrades, ftp the new file to the virtual machine like any other MT. To move it to another host, move the...
by jp
Fri Nov 07, 2008 10:06 pm
Forum: General
Topic: 2 DSL Lines 1 RB
Replies: 2
Views: 659

Re: 2 DSL Lines 1 RB

Set up sector antennas and 2 RBs, one for each DSL line.
by jp
Fri Nov 07, 2008 9:56 pm
Forum: General
Topic: Flash disk writes
Replies: 7
Views: 4033

Re: Flash disk writes

Must be the graphing that's causing all the writes. (I don't use that personally). We have 10 year old ciscos that use flash memory. I've got an EEEpc that uses flash as a hard drive. I've got bunches of mikrotik flash-on-ide-connectors that are working fine for 3 or so years now. There are many man...
by jp
Fri Nov 07, 2008 9:49 pm
Forum: General
Topic: bgp documentation
Replies: 1
Views: 502

bgp documentation

I would like to do more with BGP.

There is no documentation for BGP on v3 docs. The 2.9 docs are fairly sparse, and the wiki is good, but doesn't cover much.

I am mostly interested in the undocumented things like confederation settings. Also what does the synchronize option do in networks?

Thanks!
by jp
Thu Nov 06, 2008 5:10 am
Forum: General
Topic: bgp license level
Replies: 9
Views: 1307

bgp license level

What license levels are needed for BGP usage? For x86 and for RBs? Thanks! The chart on your webpage doesn't seem accurate to me.
by jp
Thu Nov 06, 2008 3:23 am
Forum: RouterBOARD hardware
Topic: 802.11n
Replies: 26
Views: 12621

Re: 802.11n

N is an option in the band settings now. Not sure what that means exactly.
by jp
Sun Nov 02, 2008 1:40 am
Forum: General
Topic: Dns & Cache Problems
Replies: 4
Views: 2932

Re: Dns & Cache Problems

At that volume you should be using a squid cache and DNS such as bind running on it's own linux machine.
by jp
Sat Nov 01, 2008 7:54 pm
Forum: General
Topic: 3.15 Hotspot bug
Replies: 9
Views: 1441

Re: 3.15 Hotspot bug

My current hotspot problem is that all of a sudden, hosts in the walled gardened stopped being allowed. IPs added to the walled garden are fine, but that won't do, as paypal has many IPs. Customers could not get to the usermanager IP stuff till I added in an IP range to permit that!. This problem wa...
by jp
Sat Nov 01, 2008 5:42 pm
Forum: General
Topic: 3.15 Hotspot bug
Replies: 9
Views: 1441

Re: 3.15 Hotspot bug

What versions were working prior to 3.15. We're seeing some hotspot problems too. We fixed one user by turning off their phishing filter.
by jp
Wed Oct 29, 2008 4:15 pm
Forum: General
Topic: Feature Request: Better Release Practises!
Replies: 18
Views: 4425

Re: Feature Request: Better Release Practises!

I'm pretty cautious too. I have 74 MTs that I know of, and some are a couple hours travel, or intermittent access by $200 boat or plane trips depending on weather. I avoid at all cost putting a MT on a tower where it might be difficult or expensive to get a climber. I'll put in hundreds of dollars o...
by jp
Tue Oct 28, 2008 9:35 pm
Forum: General
Topic: ip neighbor improvements
Replies: 0
Views: 734

ip neighbor improvements

I'd like wireless interfaces to have ip neighbor discovery active by default. I don't understand why it would be disabled for that and enabled for ethernet. It would also be good in /ip neighbor discovery for you to use enabled=yes/no instead of discovery=yes/no like most of the other places where y...
by jp
Mon Oct 27, 2008 3:39 am
Forum: General
Topic: Virtualization RouterOs
Replies: 50
Views: 4997

Re: Virtualization RouterOs

I can make Router OS but after I can not connect to it, I would like to have the same interfaces line in Router Host, also in Router Guest in order to copy my current configuration in Guest, and to run. I also plan to install a linux system and than put squid on it to make it web proxy for my clien...
by jp
Sat Oct 25, 2008 10:58 pm
Forum: General
Topic: Virtualization RouterOs
Replies: 50
Views: 4997

Re: Virtualization RouterOs

I'd suggest starting with a good host if you want to get familiar with virtualization. Novell's been doing it longer than most linux vendors and it's getting fairly polished. Here it is in OpenSuSE 11.0. Installation options: http://www.midcoast.com/~jp/vm1.png Virtual machines running and MT consol...
by jp
Fri Oct 17, 2008 4:35 am
Forum: RouterBOARD hardware
Topic: ros 3.15 is out
Replies: 15
Views: 3014

Re: ros 3.15 is out

Thanks for the traceroute fix!
by jp
Fri Oct 10, 2008 4:13 am
Forum: General
Topic: Giant packets
Replies: 3
Views: 873

Re: Giant packets

The error count is a count of all the errors including the giant packets. A giant packet is a packet larger than the max bytes a vlan tagged ethernet packet should be (1522 bytes), or 1518 for a non vlan packet. HP fingerpoints to an ethernet NIC or driver issue. http://www.hp.com/rnd/library/troubl...
by jp
Thu Oct 09, 2008 12:25 am
Forum: General
Topic: Giant packets
Replies: 3
Views: 873

Giant packets

We have a 433 that is creating giant packets from ether2. It is running 3.11 presently and have not had reason to upgrade. The giant packets appear 3-4 per minute and it's probably passing 10-15 mbps. ether1 is not producing any giants. I wonder if it's caused by vlans or ethernet drivers? I have no...
by jp
Thu Sep 25, 2008 9:25 pm
Forum: General
Topic: More ways to earn free licenses!
Replies: 162
Views: 73815

Re: More ways to earn free licenses!

DNS problem with 3.14rc1 and 3.14. It does not disable the use of dns in the traceroute command [admin@oht] /ip dns> /tool traceroute 10.0.0.1 use-dns=no ADDRESS STATUS 1 ether3v3a11.cup.mt.midcoast.com 6ms 2ms 2ms 2 dns.midcoast.com 1ms 1ms 3ms [admin@oht] /ip dns> /tool traceroute 10.0.0.1 use-dns...
by jp
Thu Sep 25, 2008 3:56 am
Forum: RouterBOARD hardware
Topic: Temperature on Routerboard 433
Replies: 8
Views: 1831

Re: Temperature on Routerboard 433

Use one of these to control power to an ethernet hub/switch connected to a spare MT ethernet port. When your MT ethernet port goes up/down, you know the temperature has met it's threshold.

http://www.lowes.com/lowes/lkn?action=p ... lpage=none
by jp
Sun Sep 21, 2008 12:55 am
Forum: General
Topic: Virtualization RouterOs
Replies: 50
Views: 4997

Re: Virtualization RouterOs

Can anyone tell me what application they found any virtualization useful for ROS? Variable storage space is my #1, in case I ever need to capture lots of data for calea. I also have an MT hotspot/userman controller as a virtual. I've also used virtualization to play around with routerOS and making ...
by jp
Sun Sep 21, 2008 12:50 am
Forum: General
Topic: Bandwidth problems.
Replies: 14
Views: 1552

Re: Bandwidth problems.

I know, but it's kinda laughable when you're right next to a 100KW FM station. Their off-band emissions are quite a lot more that 5w! Any ideas on my BW problem? If you're being overwhelmed by off-band emissions, an amp is only going to add to the problem. I'm at a radio station site and I have no ...
by jp
Fri Sep 19, 2008 5:14 am
Forum: General
Topic: Sample Hotspot Page - Sticky Please
Replies: 438
Views: 307619

Re: Sample Hotspot Page - Sticky Please

Image
by jp
Fri Sep 19, 2008 5:11 am
Forum: General
Topic: Hardware for high bandwidth 1.5km 5Ghz Nstreme link?
Replies: 14
Views: 2485

Re: Hardware for high bandwidth 1.5km 5Ghz Nstreme link?

You need connection tracking if you have any customers using VPNs.
by jp
Mon Sep 15, 2008 5:27 pm
Forum: RouterBOARD hardware
Topic: rb433 wireless disappearing
Replies: 4
Views: 1355

Re: rb433 wireless disappearing

Thanks for investigating! I am using 2.16 routerboard booting firmware. The card that didn't work in the middle slot is now working fine in a different slot. Must be a bad minicpi slot or something. It's permanently installed now, so I won't mess with it or swap it out any further. It was just kinda...
by jp
Fri Sep 12, 2008 7:20 pm
Forum: RouterBOARD hardware
Topic: rb433 wireless disappearing
Replies: 4
Views: 1355

Re: rb433 wireless disappearing

Just tried it with a 6amp power supply, no dice. Got someone going up the tower now for testing it with fewer cards. update: Wireless does not work with a card in the middle minipci slot. 2 cards and no wireless if the middle slot is used. Any combination of wireless cards is OK as long as the middl...
by jp
Fri Sep 12, 2008 6:56 pm
Forum: RouterBOARD hardware
Topic: rb433 wireless disappearing
Replies: 4
Views: 1355

rb433 wireless disappearing

I have a problem where once the system was installed on the 70' tower, the radio cards disappeared. It has a 24v POE (poe-24i) power supply that can supply 800ma and it worked fine at my desk. The radios appear under the listing of pci devices but not under interfaces. Various recent routeros versio...
by jp
Thu Sep 11, 2008 10:05 pm
Forum: RouterBOARD hardware
Topic: Ethernet fail after lightning? A possible fix...
Replies: 14
Views: 6247

Re: Ethernet fail after lightning? A possible fix...

regarding your problem with cabling/harmonics. If you use shielded cable, you'll likely be OK. I know what you mean; I have lots of utp cat5 in my house, and as I add devices, I get more and more noisy frequencies in my VHF radios while scanning. At my towersite, every cat5 is shielded, and we have ...
by jp
Wed Sep 10, 2008 4:37 am
Forum: Wireless Networking
Topic: Using Virtual AP takes long time to connect?
Replies: 3
Views: 1031

Re: Using Virtual AP takes long time to connect?

I've successfully done an AP with both the master being wpa2/psk and the virtual being open, and the master being open and the virtual being wpa2/psk. I've used MT, NS2, Laptop in this situation.
by jp
Tue Sep 09, 2008 10:04 pm
Forum: General
Topic: MicroTik RouterOS 3.13 SNMP write vulnirability
Replies: 37
Views: 12275

Re: MicroTik RouterOS 3.13 SNMP write vulnirability

I hope it's indeed a dud and would welcome others to do further testing or documenting. If it's real, I'd be really upset that mikrotik isn't prepared for something 99% similar to the stupid bug in february. to clarify again - there is no exploit or vulnerability. you can simply change the identity...
by jp
Sun Sep 07, 2008 4:00 am
Forum: General
Topic: MicroTik RouterOS 3.13 SNMP write vulnirability
Replies: 37
Views: 12275

Re: MicroTik RouterOS 3.13 SNMP write vulnirability

Don't worry. This exploit is not malicious or harmful, just proof of concept code. This is feauture, not a bug in the clear way=) BTW you can specify hardguessing snmp community and filter requests with L7 filter: /ip firewall layer7-protocol add comment="snmp-set request filter by shados" name="sn...
by jp
Sat Sep 06, 2008 2:57 pm
Forum: General
Topic: Intel Atom board D945GCLF fot MT
Replies: 27
Views: 5547

Re: Intel Atom board D945GCLF fot MT

It's not that... Intel is usually the bearer of boringness and compatibility for corporate desktops. This new board/chip is cheap and innovative (for it's purposes) and competes with VIA. I think it's actually a desktop board being repurposed for our uses which is typically the realm of embedded boa...
by jp
Sat Sep 06, 2008 2:53 pm
Forum: General
Topic: MicroTik RouterOS 3.13 SNMP write vulnirability
Replies: 37
Views: 12275

Re: MicroTik RouterOS 3.13 SNMP write vulnirability

Wiki would be good. Keep in mind that this program successfully spoofs IPs, so your rule should not rely on source IPs.
by jp
Sat Sep 06, 2008 5:24 am
Forum: General
Topic: MicroTik RouterOS 3.13 SNMP write vulnirability
Replies: 37
Views: 12275

Re: MicroTik RouterOS 3.13 SNMP write vulnirability

This appears to be 99% similar (and from the same author) as the successful MicroTik RouterOS <=3.2 SNMPd snmp-set DoS exploit of february of this year. The 3.2 bug did work great. I did not get it to work on 3.13 or 2.9.51 though. I did not have any effect. I captured it's work against a 3.13 route...
  • 1
  • 2