Community discussions

MUM Europe 2020

Search found 920 matches

by sten
Fri Nov 16, 2018 3:44 pm
Forum: Forwarding Protocols
Topic: rp-filter=loose, including default-route or no?
Replies: 3
Views: 1844

Re: rp-filter=loose, including default-route or no?

I believe that loose mode include default route. I believe you are right. After testing i found that Loose mode with default-route in route table means no real rp-filtering is done. It is possible that it goes through the motions but will always find a route and so will always allow it. How useful ...
by sten
Wed Nov 14, 2018 6:10 pm
Forum: Forwarding Protocols
Topic: rp-filter=loose, including default-route or no?
Replies: 3
Views: 1844

Re: rp-filter=loose, including default-route or no?

I believe that loose mode include default route.
This is exactly why i'm asking. Hoping someone with definitive knowledge will chime in.
by sten
Tue Nov 13, 2018 1:47 pm
Forum: Forwarding Protocols
Topic: rp-filter=loose, including default-route or no?
Replies: 3
Views: 1844

rp-filter=loose, including default-route or no?

I am terribly sorry if this has been answered before, but i could not find an answer via search or google. Documentation on wiki lacking answer. / ip settings rp-filter=loose Does that match on default-route (0.0.0.0/0) also or only more specific routes? RFC3704 allows for two different "loose" vari...
by sten
Tue Jan 09, 2018 8:02 pm
Forum: Forwarding Protocols
Topic: IS-IS
Replies: 44
Views: 14403

Re: IS-IS

Please add support for IS-IS as it is far superior to OSPF (including how it handles tree changes). It would also make configuring large routed networks be far less of a headache.
by sten
Sat Oct 28, 2017 4:24 pm
Forum: General
Topic: Winbox hangs after error notice displayed
Replies: 1
Views: 426

Re: Winbox hangs after error notice displayed

Is there really no fix for this issue?
by sten
Mon Oct 16, 2017 6:03 pm
Forum: General
Topic: Winbox hangs after error notice displayed
Replies: 1
Views: 426

Winbox hangs after error notice displayed

I am running Windows 10 x64 and consistently i have an issue with latest winbox.exe. If i connect to a routeros device and the username+password is wrong, it will say "Invalid username and password" -- WHICH IS CORRECT -- but it won't let me click anywhere to close the winbox session. Winbox keeps r...
by sten
Mon Jun 19, 2017 9:00 pm
Forum: Forwarding Protocols
Topic: Create BGP Peer within VRF
Replies: 8
Views: 4396

Re: Create BGP Peer within VRF

Might be a tad late but the loopback address isn't part of backbone in your compact config, which it needs, including any subnets that connect the routers.
by sten
Mon Jun 19, 2017 7:11 pm
Forum: Forwarding Protocols
Topic: MPLS - massive throughput difference on CHR when using explicit nulls
Replies: 58
Views: 9639

Re: MPLS - massive throughput difference on CHR when using explicit nulls

Without explicit nulls, are any labels actually applied when it's so few hops in the link? Perhaps some fragmentation is occurring? You could try smaller packets while bandwidth testing or do a proper packet capture to see.
by sten
Mon Oct 12, 2015 2:57 pm
Forum: Forwarding Protocols
Topic: how/where to define next hop ip address for traceroute
Replies: 12
Views: 5148

Re: how/where to define next hop ip address for traceroute

Your NAT is messed up is my best guess.
by sten
Sun Nov 02, 2014 7:39 pm
Forum: Wireless Networking
Topic: Low TCP throughput SXt5HPACD
Replies: 16
Views: 2369

Re: Low TCP throughput SXt5HPACD

Try reducing signal strength, depending on the radio chipset, -46 is a bit too strong for most radios. Your radios might want to be at -56 instead. Yes there is such a thing as too strong.
by sten
Sun Nov 02, 2014 7:35 pm
Forum: Wireless Networking
Topic: High number of packet/sec highly affects whole sector
Replies: 11
Views: 2337

Re: High number of packet/sec highly affects whole sector

Limit maximum upload speed to hinder sending traffic that would be otherwise thrown away when reaching where you normally limit bandwidth (i.e. pppoe server). Make sure you properly size queue type so you don't create high latency. Then for the specific answer to your question, use a firewall rule i...
by sten
Tue Feb 25, 2014 6:15 am
Forum: Wireless Networking
Topic: nv2 multilink problem
Replies: 94
Views: 27852

Re: nv2 multilink problem

802.11n aggregation is in addition to nv2 aggregation. At least it used to be (it's been a year since i last tweaked a wireless link).
by sten
Fri Feb 21, 2014 4:03 pm
Forum: Scripting
Topic: Functions and function parameters
Replies: 38
Views: 24664

Re: Functions and function parameters

Finally something to improve the scripting, but do you plan to implement JIT compilation of the scripts or some other means to lower the CPU utilization as well? It is needed because the scripting engine on ROS is killing the system performance - it is too simple to implement a script that is doing...
by sten
Fri Feb 21, 2014 12:22 pm
Forum: Wireless Networking
Topic: nv2 multilink problem
Replies: 94
Views: 27852

Re: nv2 multilink problem

Seems to me that you guys are running into issues with TCP. Are you perhaps running Nv2 aggregation AND 802.11n aggregation?
by sten
Fri Feb 21, 2014 11:58 am
Forum: General
Topic: [request] CoA for PPPoE/PPTP
Replies: 34
Views: 12672

Re: [request] CoA for PPPoE/PPTP

Could someone please describe exactly how such a feature is used?
What are you trying to achieve or replace with built-in feature?
by sten
Mon Jun 24, 2013 11:06 am
Forum: Forwarding Protocols
Topic: how/where to define next hop ip address for traceroute
Replies: 12
Views: 5148

Re: how/where to define next hop ip address for traceroute

I Think everybody is understanding me wrong.
Really? Have you tried?
/ routing filters to change pref-src. HINT: it specifies preferred source address to use for any new connection, including traceroute.
by sten
Sun Jun 23, 2013 8:45 pm
Forum: Forwarding Protocols
Topic: how/where to define next hop ip address for traceroute
Replies: 12
Views: 5148

Re: how/where to define next hop ip address for traceroute

/routing filter rules will allow you to change pref-src on dynamic routes quite easily.
by sten
Thu Jul 19, 2012 3:25 pm
Forum: Forwarding Protocols
Topic: mpls latency question
Replies: 10
Views: 2946

Re: mpls latency question

You can reliably use ICMP echo's but not any traceroute feature reliably.
I suspect the UBNT gear is causing your problems but it's very hard to say.
We have not been able to reliably use UBNT gear for MPLS transports.
by sten
Tue Jun 19, 2012 10:00 am
Forum: Forwarding Protocols
Topic: EoMPLS/VPLS ....!!!!
Replies: 12
Views: 4613

Re: EoMPLS/VPLS ....!!!!

MPLS labelled packets should not adhere to L3 MTU setting on the /interface. It should only adhere to /mpls/interface MTU.
by sten
Mon May 21, 2012 9:58 pm
Forum: Wireless Networking
Topic: XR5 in routerboard in the 5.4-5.7GHz bands...
Replies: 4
Views: 1089

Re: XR5 in routerboard in the 5.4-5.7GHz bands...

Take a look at the center frequency for your antennas.
by sten
Mon May 21, 2012 9:35 pm
Forum: Wireless Networking
Topic: NV2 and virtual AP
Replies: 2
Views: 1039

Re: NV2 and virtual AP

I found no up to date info related to NV2 and virtual AP. Does the current (5.16) ROS support virtual AP over NV2 interface? I did some test I had was not able to connect the client to the virtual NV2 (client using wireless-protocol=any). Virtual AP in only available when using 802.11. Actually it ...
by sten
Mon May 21, 2012 9:14 pm
Forum: Wireless Networking
Topic: Interface HTB - hidden buffer
Replies: 44
Views: 12860

Re: Interface HTB - hidden buffer

Your post about TICK rate is quite interesting. It can be like that, it would be logical. But if the tick rate is 150 ticks per second, that means it collects packets every 7 ms, the average delay should be 3.5ms. But on empty wireless link you get 1ms. So are there more ticks per second? 1000? Not...
by sten
Mon May 21, 2012 11:08 am
Forum: Wireless Networking
Topic: SSIDs -- same or different?
Replies: 11
Views: 2872

Re: SSIDs -- same or different?

You'll wan't to always know which tower your CPE's are connected to. Always. Roaming is not really looking for a better TX signal, so it might roam to an AP that barely receives the CPE but CPE may hear AP really well. It will stay there and won't roam to the better TX path (where RX may be lower). ...
by sten
Mon May 21, 2012 10:54 am
Forum: Wireless Networking
Topic: Export all the configuration as the script...
Replies: 3
Views: 4521

Re: Export all the configuration as the script...

This is one of those few things that are pretty decently covered in the manual.
:export file=mybackup
And you'll have a mybackup.rsc in the /file area.
by sten
Sun May 20, 2012 6:24 am
Forum: Wireless Networking
Topic: Interface HTB - hidden buffer
Replies: 44
Views: 12860

Re: Interface HTB - hidden buffer

Oh most definitely. 128 ms is a loong time when i need a network that is below 60 ms. HTB queues, as suggested, can't even help me as MPLS frames as HTB only affects IP. What would be *really* nice is a more unified and adaptive queue system. A queuing system that where you specified a queue length ...
by sten
Sun May 20, 2012 5:47 am
Forum: General
Topic: RouterOS sends RST bit for no apparent reason
Replies: 5
Views: 2250

Re: RouterOS sends RST bit for no apparent reason

an export of the configuration would be nice, could be a clue in there.
by sten
Fri May 18, 2012 5:00 am
Forum: General
Topic: PPTP: Bad performance over Mikrotik, works fine with windows
Replies: 7
Views: 4699

Re: PPTP: Bad performance over Mikrotik, works fine with win

Is the PPTP tunnel using MPPE128-Stateful encryption?
by sten
Fri May 18, 2012 4:57 am
Forum: Forwarding Protocols
Topic: ospf filter over a interface
Replies: 1
Views: 854

Re: ospf filter over a interface

not sure why you don't just make sure they have different OSPF costs, and thus have one favored over the other.
But you don't give any useful details.
by sten
Thu May 17, 2012 12:09 pm
Forum: Wireless Networking
Topic: Interface HTB - hidden buffer
Replies: 44
Views: 12860

Re: Interface HTB - hidden buffer

I don't know if it was discussed. But coming from kernel development. Packets that are queued in kernel ARE processed in chunks. That is the TICK rate of the kernel. Low speed CPU's in a non-RTOS scenario are really only useable (performance wise) when this tick is at a low rate, while better comput...
by sten
Wed May 09, 2012 8:27 am
Forum: Wireless Networking
Topic: Calculating throughput
Replies: 2
Views: 820

Re: Calculating throughput

One bad client can (and often will) use up most of the air time on an AP in form of retransmissions.
Make sure you are not using distance=dynamic with 802.11 mode as that will only make such problems much bigger.
by sten
Sun May 06, 2012 8:44 am
Forum: Forwarding Protocols
Topic: fragmentation
Replies: 3
Views: 1468

Re: fragmentation

Have you tried stacking vlans over and over, putting an IP on the innermost vlan and ping large packets to the router on the other side through the VPLS? It would require a similar setup on the other side to get a response though. This works around the IP MTU quirks in RouterOS and you can add as ma...
by sten
Sat May 05, 2012 2:43 am
Forum: Forwarding Protocols
Topic: fragmentation
Replies: 3
Views: 1468

Re: fragmentation

Not really, it will still appear to work even if
:mpls interface
have an MTU that is set too high. It will just break when you send a labelled packet which is too big for a router (:mpls interface) or interface (:interface) in LSP.
by sten
Sat May 05, 2012 2:34 am
Forum: Forwarding Protocols
Topic: VPLS Tunnel between different areas
Replies: 5
Views: 2278

Re: VPLS Tunnel between different areas

Give your routers loopback ip addresses in a different subnet than your link addresses.
by sten
Fri May 04, 2012 3:58 am
Forum: Forwarding Protocols
Topic: ospf solution
Replies: 6
Views: 2840

Re: ospf solution

Isn't this what BFD is supposed to be for?
by sten
Fri May 04, 2012 3:48 am
Forum: Wireless Networking
Topic: station-wds,station-bridge or station w/MPLS forPtMP 802.1g?
Replies: 6
Views: 2284

Re: station-wds,station-bridge or station w/MPLS forPtMP 802

The radios use ap-bridge & dynamic wds, and all backbone interfaces are bridged. (Customer-facing interfaces are on different subnets, served DHCP by the local AP, etc.) Be careful of doing dynamic things with your links, the dynamic stuff should rather be on Layer 3 The problem is, in ROS 5.x and ...
by sten
Wed May 02, 2012 7:35 am
Forum: Wireless Networking
Topic: 802.11n - Bandwidth usage favors AP to station, make fair?
Replies: 1
Views: 1176

Re: 802.11n - Bandwidth usage favors AP to station, make fai

If you consider how the protocols operate, there will probably always be a slight favor for the AP in terms of bandwidth.
However, signal quality can make it look like the opposite is true.
by sten
Wed May 02, 2012 7:27 am
Forum: Wireless Networking
Topic: station-wds,station-bridge or station w/MPLS forPtMP 802.1g?
Replies: 6
Views: 2284

Re: station-wds,station-bridge or station w/MPLS forPtMP 802

Absolute least amount of per packet overhead is basic station mode (it sends IP packets without ethernet header) whereas any other mode will send additional ethernet header. it is possible to use station mode with mpls when the station side is acting as a router but additional ethernet header is mos...
by sten
Fri Mar 30, 2012 9:42 pm
Forum: The Dude
Topic: Dude 4.0 beta4??
Replies: 39
Views: 24800

Re: Dude 4.0 beta4??

Oh yes, i forgot that one. - It's ideal if the dude log in to monitor using it's own username and password (which both fields are hidden for none-"full" group dude user), while each dude user had a winbox/ssh/telnet username and password (which can be modified by the user or administrator (full grou...
by sten
Fri Mar 30, 2012 5:39 am
Forum: Wireless Networking
Topic: UDP packet loss using nstreme on long links
Replies: 3
Views: 1379

Re: UDP packet loss using nstreme on long links

TCP uses TCP's own mechanism to slow down. UDP test has to emulate this by always increasing rate until packet loss.
Otherwise the transmitting side would transmit faster than the link can handle (e.g. 100 Mbit/s over a 30 Mbit/s pipe)
by sten
Fri Mar 30, 2012 5:07 am
Forum: The Dude
Topic: Dude 4.0 beta4??
Replies: 39
Views: 24800

Re: Dude 4.0 beta4??

- Better caching of snmp queries (smarter or better control over caching), e.g. i don't need to fetch the hostname more than once every 5 minutes, why is it queried more? - Being able to group multiple get requests into one larger UDP frame(!!!!) - More functions that can convert values (for example...
by sten
Tue Mar 27, 2012 4:27 am
Forum: Forwarding Protocols
Topic: Considering bandwith utilization in routing protocol cost
Replies: 1
Views: 1161

Re: Considering bandwith utilization in routing protocol cos

I don't think there are any doing unequal cost balancing, not even sure BGP will do it (unless you do it manually). The closest reference that i can think of is using the firewall and somehow do the balancing from there. If you on the other hand go with an MPLS infrastructure with VRF's but i think ...
by sten
Sun Mar 18, 2012 2:30 pm
Forum: Forwarding Protocols
Topic: Speed to loopback IP
Replies: 3
Views: 1577

Re: Speed to loopback IP

I found a similar issue regarding the loopback. If you ping the loopback and nearest ip on the unit where the loopback resides, the ping times are higher on the loopback ip than the interface ip. Especially noticeable when there is a slower link speed (like wireless) between you (it's like the ping ...
by sten
Mon Feb 27, 2012 11:11 am
Forum: The Dude
Topic: Custom Device Types not saving...
Replies: 2
Views: 1279

Re: Custom Device Types not saving...

Verify file/folder permissions. Also using copy-from when creating device types will (always?) result in disappearing device types.
by sten
Sat Feb 18, 2012 11:04 pm
Forum: Wireless Networking
Topic: wmm-support, yeah, but does it interfere?
Replies: 7
Views: 5117

Re: wmm-support, yeah, but does it interfere?

Will wireless-protocol=any on the CPE's work with NV2, Nstreme or 802.11 AP?
It would dramatically reduce re-association time for the CPE's.
by sten
Thu Feb 09, 2012 2:01 am
Forum: Wireless Networking
Topic: frame-lifetime, say what?
Replies: 2
Views: 2919

Re: frame-lifetime, say what?

Aha, so it's in X times 10 milliseconds, very good to know. This answers my question and really helps me in writing a CPE setup script.
by sten
Wed Feb 08, 2012 7:48 am
Forum: Wireless Networking
Topic: wmm-support, yeah, but does it interfere?
Replies: 7
Views: 5117

Re: wmm-support, yeah, but does it interfere?

Thank you! I currently have to make a CPE script that does settings that are compatible with both 802.11, nstreme and NV2
by sten
Wed Feb 08, 2012 1:28 am
Forum: Wireless Networking
Topic: wmm-support, yeah, but does it interfere?
Replies: 7
Views: 5117

wmm-support, yeah, but does it interfere?

If i enable wmm-support=enabled, would this interfere with NV2 or NSTREME when i move my AP's over to these settings?
by sten
Wed Feb 08, 2012 1:26 am
Forum: Wireless Networking
Topic: frame-lifetime, say what?
Replies: 2
Views: 2919

frame-lifetime, say what?

frame-lifetime (integer [0..4294967295]; Default: 0) Discard frames that have been queued for sending longer than frame-lifetime. By default, when value of this property is 0, frames are discarded only after connection is closed. What time measurement is this considered? Milliseconds? Microseconds? ...
by sten
Thu Feb 02, 2012 2:48 am
Forum: Wireless Networking
Topic: Broadcast storm
Replies: 5
Views: 2570

Re: Broadcast storm

For a fee i could, but i'm in the middle of restructuring an ISP's network right now, so i don't know if i could give it my full attention.
by sten
Tue Jan 31, 2012 12:22 am
Forum: Wireless Networking
Topic: Broadcast storm
Replies: 5
Views: 2570

Re: Broadcast storm

yes, don't bridge between your network and the customers lans....
e.g. route between all entry points to your network.
by sten
Tue Jan 31, 2012 12:18 am
Forum: Wireless Networking
Topic: VLAN on Virtual AP
Replies: 1
Views: 1081

Re: VLAN on Virtual AP

compact exports could be useful.
you may have done the vlan's wrong in relationship with the bridge. hard to say without more information.
by sten
Tue Jan 31, 2012 12:15 am
Forum: Wireless Networking
Topic: Mikrotik cpe is hacked?
Replies: 3
Views: 1223

Re: Mikrotik cpe is hacked?

socks proxy may be enabled on the cpe.
by sten
Tue Jan 31, 2012 12:11 am
Forum: Wireless Networking
Topic: PtP bridging, bridge - station-bridge vs station-wds
Replies: 3
Views: 3135

Re: PtP bridging, bridge - station-bridge vs station-wds

station-wds is used for true bridging because of shortcomings in the 802.11 protocol. I'd recommend this one between two lans. station-bridge is used for bridging a single computer behind a mikrotik cpe radio. It's limited by the protocols that it will successfully bridge and how many lan side compu...
by sten
Mon Jan 30, 2012 11:59 pm
Forum: Wireless Networking
Topic: socks connection authentication
Replies: 1
Views: 795

Re: socks connection authentication

i think it's SOCKS 4 (that's what i set in putty when using this feature). No authentication but a good access-list can go a long way.
by sten
Mon Jan 30, 2012 11:39 pm
Forum: Wireless Networking
Topic: Blocked Client Causing High Latencies or Spikes
Replies: 4
Views: 1079

Re: Blocked Client Causing High Latencies or Spikes

I have a similar problem. My AP stops responding altogether on ether1 and on the clients end logs show 'authentication timeout'. Would enabling wpa fix this or does mac auth come first? @sten : would hide ssid work? surely that feature is only to hide from people. ie if i guessed the ssid and the a...
by sten
Tue Nov 22, 2011 12:44 am
Forum: Forwarding Protocols
Topic: Optimal BGP Hold timer Over Wireless
Replies: 1
Views: 2595

Re: Optimal BGP Hold timer Over Wireless

It is possible that there are too many recursive routes for the hardware in question. Try using filters to set inbound/outgoing next hop addresses that resolves to interface addresses and see if the load is reduced. Recursive routes are a bit hard to explain but it is essentially routes that is foun...
by sten
Thu Nov 10, 2011 10:45 am
Forum: Forwarding Protocols
Topic: Memory Leak with BGP?
Replies: 31
Views: 9149

Re: Memory Leak with BGP?

Turn SNMP off on the router and you should see the memory leak change dramatically.
I haven't had the energy to pursue this with support@
by sten
Thu Nov 03, 2011 11:31 am
Forum: Forwarding Protocols
Topic: IPSec VRF support
Replies: 1
Views: 1193

Re: IPSec VRF support

Not in a VRF safe way, as far as i know.
I recommend doing IPSec before the packets enters the VRF (or after the packets leave the VRF).
by sten
Thu Nov 03, 2011 11:24 am
Forum: Forwarding Protocols
Topic: IPv6 recursive nexthops via iBGP
Replies: 108
Views: 24760

Re: IPv6 recursive nexthops via iBGP

You can't announce anything with link local addresses in them, they are after all, link local.
Use non link-locals for routing (even for gateway).
by sten
Thu Nov 03, 2011 11:14 am
Forum: Forwarding Protocols
Topic: BGP Route Advertisments - issues
Replies: 2
Views: 955

Re: BGP Route Advertisments - issues

Perhaps the Cisco is announcing the subnet back to the mikrotik?
by sten
Mon Sep 26, 2011 12:05 am
Forum: Forwarding Protocols
Topic: BGP w/ Cogent
Replies: 12
Views: 4351

Re: BGP w/ Cogent

Why are you using loopbacks for eBGP between providers (loopbacks are typically used in iBGP configuration)? On a basic older Xeon x86 box i can receive the entire internet routing table x2 in matter of seconds (5 - 15 or so for both to be fully resolved and loaded). One of those are from Cogent. Ar...
by sten
Sat Sep 24, 2011 7:31 pm
Forum: General
Topic: Internet is slow when many users login
Replies: 9
Views: 2003

Re: Internet is slow when many users login

If i was you, I would question my assumptions.
Perhaps you could consult someone who can debug it locally?
by sten
Tue Sep 13, 2011 3:53 pm
Forum: General
Topic: Internet is slow when many users login
Replies: 9
Views: 2003

Re: Internet is slow when many users login

When you say ADSL you are implying two things;

Low upload capacity and if you reach close to the maximum upload capacity it will indirectly affect your download speed.

ADSL modems usually have very small CPU's that can't handle too many packets per second.
by sten
Tue Sep 13, 2011 3:06 pm
Forum: General
Topic: pppoe-client distance
Replies: 7
Views: 4065

Re: pppoe-client distance

No, that routing-test package has long since become the normal routing package. (That was posted in 2007 when regular package didn't have that kind of functionality).
The regular package will do just fine.
by sten
Mon Mar 28, 2011 9:07 am
Forum: Forwarding Protocols
Topic: Point-to-point (/31) addresses
Replies: 64
Views: 42455

Re: Point-to-point (/31) addresses

I can't think of a reason why it wouldn't work right. Of course with /31 or /32 route's might require a different configuration than /30 subnets.
I'm pretty pleased MikroTik has added more flexible support/functionality. Their artificial software limitations used to be pretty close to ridicules.
by sten
Sat Jan 15, 2011 9:06 pm
Forum: Wireless Networking
Topic: High Ping and timeout's
Replies: 12
Views: 3931

Re: High Ping and timeout's

It is possible that something interferes on the band at night.
It could just as easily be another 802.11 radio though that suddenly sees a lot of traffic at night (as someone comes home).
by sten
Tue Dec 14, 2010 6:06 am
Forum: Forwarding Protocols
Topic: BGP VPLS flicking in and out of running
Replies: 1
Views: 775

Re: BGP VPLS flicking in and out of running

Perhaps you should packet dump the BGP sessions?
by sten
Tue Dec 14, 2010 5:57 am
Forum: Forwarding Protocols
Topic: How can i add more VPN server for customer who same ip range
Replies: 1
Views: 949

Re: How can i add more VPN server for customer who same ip r

OSPF could work, but then you would need OSPF on the ISP Main router as well. If that's not yours to control then perhaps using proxy-arp based solution instead. Proxy-arp is found as an option in the main window of the (ethernet) interface in question. Normally ARP is set to "enabled", but it can b...
by sten
Tue Dec 14, 2010 5:45 am
Forum: General
Topic: filter DHCP requests
Replies: 16
Views: 14714

Re: filter DHCP requests

Uhm, are you trying to block traffic going through the router, in the input chain? You don't specify if the DHCP server is on the mikrotik router itself or is a different unit all together. EDIT: I guess i needed to reread it all :) If DHCP service on router is using BPF (Berkley Packet Filter) inte...
by sten
Mon Dec 06, 2010 10:30 pm
Forum: Wireless Networking
Topic: Blocked Client Causing High Latencies or Spikes
Replies: 4
Views: 1079

Re: Blocked Client Causing High Latencies or Spikes

Have you tried using "hide ssid" option?
Then they shouldn't connect until they know the SSID for sure.
I agree that this is not right, the driver should have been optimized to discard packets as early as possible.
by sten
Sun Nov 21, 2010 1:39 am
Forum: Wireless Networking
Topic: Potential bug - G only AP will still accept a 1 MB client
Replies: 4
Views: 1526

Re: Potential bug - G only AP will still accept a 1 MB clien

I see the problem you are having. I think, it's probably one of those implementation quirks. I agree it should have been filtered by the driver. Tried removing all 11b supported/basic rates? You could make MikroTik aware of it. If it's a closed network then perhaps use hidden SSID? It'll stop random...
by sten
Fri Jan 22, 2010 4:22 am
Forum: Forwarding Protocols
Topic: MPLS and VLAN help
Replies: 3
Views: 1528

Re: MPLS and VLAN help

Just a guess but it could be that MPLS MTU setting is lower than the resulting MPLS packets (which leads to fragmentation of the MPLS packets).
by sten
Thu Oct 01, 2009 8:01 pm
Forum: Forwarding Protocols
Topic: Connection tracking with BGP?
Replies: 4
Views: 1118

Re: Connection tracking with BGP?

Why is this necessary?
by sten
Sun Jul 12, 2009 5:58 am
Forum: Forwarding Protocols
Topic: Point-to-point (/31) addresses
Replies: 64
Views: 42455

Re: Point-to-point (/31) addresses

For point-to-point interfaces this is a non-issue all together. For a point-to-point interfaces there is no such thing as a subnet or subnet mask. Only IP addresses on both sides. It is perfectly legal for tunnel terminator to only have one IP on the loopback which every ptp tunnel sees as the "serv...
by sten
Mon Feb 23, 2009 8:03 pm
Forum: Scripting
Topic: Update DNS Script
Replies: 3
Views: 2363

Re: Update DNS Script

I'm not familiar with that webproxy problem but I haven't proxied/cached web traffic since 2002. Ok, things seem a little clearer (i think). Your webproxy performance is suffering because of slow DNS resolution. Correct? I don't know if you already tried this but.... Assuming you have plenty of RAM ...
by sten
Mon Feb 23, 2009 12:47 pm
Forum: Scripting
Topic: denied new user to login to pppoe & pptp server
Replies: 1
Views: 765

Re: denied new user to login to pppoe & pptp server

I'm pretty sure a routeros script won't do this.
How about doing the bandwidth monitoring via SNMP and the authentication rejection from your RADIUS server?
by sten
Mon Feb 23, 2009 12:41 pm
Forum: Scripting
Topic: Update DNS Script
Replies: 3
Views: 2363

Re: Update DNS Script

I imagine that to be the most broken and inefficient way to do DNS forwarding. However you might have good reasons, other than efficiency and correctness. Any reason why BIND or something similar can't be configured to do the same? With an open-source solution you could even modify the DNS server co...
by sten
Mon Feb 23, 2009 12:20 pm
Forum: RouterBOARD hardware
Topic: Access to a remote serial port
Replies: 12
Views: 7431

Re: Access to a remote serial port

Have you tried;

/ port set serial0 dtr=on rts=off

or something similar?
by sten
Thu Nov 20, 2008 5:44 pm
Forum: General
Topic: Flash disk writes
Replies: 7
Views: 4180

Re: Flash disk writes

Just to be precise; its' only the number of block erase operations performed on a single block that affects it's reliability, so if a single sector is rewritten too many times then the whole block (multiple sectors) is usually worn out too. These values aren't available to read in routeros. Flash me...
by sten
Thu Nov 20, 2008 11:31 am
Forum: General
Topic: 802.1q vlan Q in Q, MTU & Eoip
Replies: 3
Views: 5292

Re: 802.1q vlan Q in Q, MTU & Eoip

You must configure the outer vlan on the RB's interfaces and bridge between the vlan interfaces. Make sure you do not bridge the parent interfaces (the physical ones). It worked for me on 3.13 on RB411 using that specific method. I think the driver/NIC does not open for larger than vlan packets (and...
by sten
Wed Oct 22, 2008 9:01 pm
Forum: General
Topic: EOIP speed
Replies: 1
Views: 952

Re: EOIP speed

The tunnel (outer) packets get fragmented when the tunneled (inner) packets, including tunnel overhead, results in outer packets that are larger than wan side MTU. Try adjusting TCP MSS on packets passing through the EoIP tunnel to something like 1300 and do a TCP transfer *through* the router (don'...
by sten
Sat Sep 27, 2008 9:40 am
Forum: Wireless Networking
Topic: Wireless encription use - poll ! :)
Replies: 7
Views: 1403

Re: Wireless encription use - poll ! :)

Definitely.

WPA is a fairly recent addition to RouterOS and it wasn't that long ago that it was unstable.
RouterOS based networks back then had to either go with RC4 (*shudder*) or AES-CCM fixed key encryption.
by sten
Thu Sep 25, 2008 4:13 am
Forum: Wireless Networking
Topic: Wireless encription use - poll ! :)
Replies: 7
Views: 1403

Re: Wireless encription use - poll ! :)

What about fixed key AES-CCM?
by sten
Thu Sep 25, 2008 3:53 am
Forum: General
Topic: How to limit PPPoE connection request attack?
Replies: 35
Views: 10331

Re: How to limit PPPoE connection request attack?

I have to agree with both "josefranco" and "omidkosari" Basic discovery throttling should be available. Anything else could easily lead to unintentional DoS and pretty severe performance problems. I mean, what if the discovery requests are sent with a spoofed src-mac-address at a very high rate and ...
by sten
Tue Sep 09, 2008 5:24 am
Forum: General
Topic: How to limit PPPoE connection request attack?
Replies: 35
Views: 10331

Re: How to limit PPPoE connection request attack?

Such a feature would be neat. However, you can't have per minute mac-queues. Consider a flood of 100.000 requests with random src-mac-addresses? Instead you would need a global queue that only responds to $X number of unique PPPoE-Discovery requests per second. Something along the lines of: * Make a...
by sten
Mon May 12, 2008 3:53 pm
Forum: Scripting
Topic: Variable Variable... But.. In Mikrotik..??
Replies: 2
Views: 1039

Re: Variable Variable... But.. In Mikrotik..??

Hello.. I Have A Problem.. I Can't Set a Variable Variable in Mikrotik RouterOS.. Variable Variable Is translated as.. The Result of The First Variable is The Name of The Second Variable.. eg with PHP: $a = "Hello"; $$a = "What's Up"; ( This Is The Same To Put [ $Hello = "What's Up" ]... But I have...
by sten
Fri Mar 07, 2008 9:12 pm
Forum: General
Topic: firewall feature suggestion
Replies: 4
Views: 1890

Re: firewall feature suggestion

On other platforms the same has been implemented by doing a route lookup on source address and comparing packet in-interface with route out-interface.
I too want to see such a feature. 1 rule to end all locally spoofing. It would be awesome!
by sten
Sat Mar 01, 2008 10:49 pm
Forum: General
Topic: ack prioritization
Replies: 11
Views: 5601

Re: ack prioritization

I'm not sure i understand you entirely.
You don't need connection marks only packet marks.

PS: 40 byte tcp packets with ack flag set are tcp packets without tcp options (SACK, window scaling, timestamps).
by sten
Thu Feb 28, 2008 12:36 pm
Forum: General
Topic: ack prioritization
Replies: 11
Views: 5601

Re: ack prioritization

Correct TCP ACK prioritization is currently not possible with RouterOS. It won't let you accurately match tcp ack packets with zero data length. Perhaps you could ask support@ for it? A few versions had "u32" support which would have let us match those packets accurately but they removed that support.
by sten
Mon Feb 25, 2008 10:28 pm
Forum: General
Topic: Checking route via terminal on BGP MT having 300k routes
Replies: 7
Views: 1492

Re: Checking route via terminal on BGP MT having 300k routes

What about?
/ ip route print from=[ /ip route find dst-address 193.88.22.32/27 ]
by sten
Wed Feb 13, 2008 2:04 pm
Forum: General
Topic: License question regarding 3.x and dynamic routing protocols
Replies: 2
Views: 725

License question regarding 3.x and dynamic routing protocols

According to http://www.mikrotik.com/pricelist.php?sect=1 there are are new license limitations on dynamic routing protocols.
However, i am a little bit confused.
Does it permit running BGP on RB (MIPS/PPC) or will BGP only run on x86 hardware?
by sten
Sun Dec 30, 2007 11:35 pm
Forum: Wireless Networking
Topic: WDS network with Dude Monitoring - Slow performance
Replies: 6
Views: 1208

Re: WDS network with Dude Monitoring - Slow performance

Last time i tried Dude (which was quite some time ago) it was too aggressive about gathering data. On a bridged LAN it would cause *alot* of ARP requests, which by function will be sent at the basic-rate (typically 6 mbit unless otherwise configured). When it comes to network monitoring one has to b...
by sten
Fri Dec 28, 2007 6:43 pm
Forum: Wireless Networking
Topic: Nstreme Problems!
Replies: 19
Views: 2651

Re: Nstreme Problems!

Are you trying to use Compression by any chance?
by sten
Wed Dec 26, 2007 10:13 pm
Forum: Beginner Basics
Topic: Radius with PoD and numeric username on pppoe
Replies: 3
Views: 1347

Re: Radius with PoD and numeric username on pppoe

wireshark for BSD/Linux/Windows/Solaris (http://www.wireshark.org) is one example.
by sten
Tue Dec 25, 2007 6:25 am
Forum: Scripting
Topic: Scripts do not have access to global variables when schedule
Replies: 3
Views: 1225

Re: Scripts do not have access to global variables when schedule

I don't think you have to use :global definition before using the variable.
Try removing the line that says ":global MYTEST" (which by 2.9.x definition would also unset $MYTEST)
by sten
Tue Dec 25, 2007 6:24 am
Forum: Scripting
Topic: How To choose The Best Channel ??
Replies: 5
Views: 2113

Re: How To choose The Best Channel ??

notice how noise-floor changes between each time you reset/reconfigure a wireless interface.
by sten
Tue Dec 25, 2007 6:22 am
Forum: Scripting
Topic: Scripting.. missing :unset command
Replies: 4
Views: 2675

Re: Scripting.. missing :unset command

Manual should be updated then! :o http://www.mikrotik.com/testdocs/ros/2.9/system/scripting.php Btw, because of wrong documentation i got into this error: :local myvar :foreach i in=1 do={ :set myvar hello } :put ( [:typeof $myvar] . $myvar ) nil What i thought i was doing: - Declare a local variab...
by sten
Tue Dec 25, 2007 4:50 am
Forum: Beginner Basics
Topic: Radius with PoD and numeric username on pppoe
Replies: 3
Views: 1347

Re: Radius with PoD and numeric username on pppoe

You are saying that usernames that are strictly numbers wont work in PoD? What program do you use to send the PoD and with what additional parameters do you use to execute it? You might want to do a packet dump of the PoD attempts and see what the difference is between a working PoD and not working ...
by sten
Sun Dec 23, 2007 2:05 am
Forum: General
Topic: L2TP bug ?
Replies: 2
Views: 1333

Re: L2TP bug ?

The -1 postfix means that according to the l2tp terminator, a user by the same username is already logged in.
You can't have two users with the same username logged in at the same time AND use routes or static IPs.
by sten
Sun Dec 23, 2007 2:02 am
Forum: General
Topic: PPPoE - connection limit
Replies: 1
Views: 605

Re: PPPoE - connection limit

Dunno, i think i remember tully saying that the limit was raised, in a forum post.
However, getting more than 2000 on decent hardware that will run routeros is somewhat problematic.
Especially if you are going to do bandwidth-limiting on those pppoe tunnels.
by sten
Sun Dec 23, 2007 2:00 am
Forum: General
Topic: BGP and OSPF
Replies: 14
Views: 2090

Re: BGP and OSPF

I suspect that BGP in 2.9.50 (on x86) still has some memory issues. Basically what i think is happening is that the bgp process eats more memory as the bgp links are broken and reconnected.
I mean, it works, it just might need a reset every now and again.
by sten
Thu Dec 20, 2007 11:47 am
Forum: General
Topic: Bridging Novell Networking
Replies: 4
Views: 809

Re: Bridging Novell Networking

Try permitting 802.3 traffic also.
by sten
Thu Dec 20, 2007 11:32 am
Forum: General
Topic: PPP Firewalling
Replies: 9
Views: 2793

Re: PPP Firewalling

You need to add a rule that unconditionally jumps to a change called 'ppp' in the 'forward' chain so that your rules become effective.
/ ip firewall filter add chain=forward action=jump jump-target=ppp
by sten
Thu Dec 13, 2007 10:49 pm
Forum: General
Topic: MPLS/VPLS
Replies: 3
Views: 1918

MPLS/VPLS

What's new in 3.0rc12:

*) added support for MPLS & VPLS;


Where in terminal do i find these features? Does anyone know?
by sten
Mon Dec 10, 2007 3:44 am
Forum: Wireless Networking
Topic: Polling function?
Replies: 5
Views: 1693

Re: Polling function?

Polling doesn't work without nstreme.
It is enabled by default for convenience.
It really should have been grayed while nstreme was disabled but to each his own.
by sten
Wed Nov 21, 2007 8:28 am
Forum: General
Topic: PPPoE and CPU load, since 2.9.3x, up to 2.9.44
Replies: 20
Views: 3439

Re: PPPoE and CPU load, since 2.9.3x, up to 2.9.44

There is a race condition in the setup (adding queues etc) of the session, not the authentication.
This problem will appear as soon as there is a lot of hardware triggered load and people connecting and reconnecting often.
Even if you only use RADIUS.
by sten
Tue Nov 13, 2007 6:39 pm
Forum: Beginner Basics
Topic: optimal Framer Limit setting
Replies: 1
Views: 1694

Re: optimal Framer Limit setting

The one that gives best performance :)
by sten
Tue Nov 13, 2007 6:26 pm
Forum: Beginner Basics
Topic: EoIP Bridge not works between RB333 and Mikrotik OS2.9 PC
Replies: 1
Views: 998

Re: EoIP Bridge not works between RB333 and Mikrotik OS2.9 PC

I think you should contact support@mikrotik.com, this might be a software bug.
by sten
Sat Oct 20, 2007 12:41 am
Forum: General
Topic: EoIP behind nat
Replies: 2
Views: 1783

Re: EoIP behind nat

EoIP inside L2TP can.
by sten
Fri Oct 12, 2007 10:24 pm
Forum: Wireless Networking
Topic: IPSEC Speed degredation
Replies: 3
Views: 728

Re: IPSEC Speed degredation

Also remember that the Cisco PIX506e is *sloooooow*.

Cleartext performance: 20 Mb/s
56-bit DES vpn: 20 Mb/s
168-bit DES (3DES) vpn: 16 Mb/s

And remember those are lab figures.
It's only a 300 Mhz celeron.
by sten
Fri Oct 12, 2007 7:41 pm
Forum: Wireless Networking
Topic: AP CPE modulation miss match
Replies: 1
Views: 593

Re: AP CPE modulation miss match

I have

routeros stations in v2.9 and newer does not respect the basic-rate indicator of the AP.

It just means the stations will always broad-/multi-cast on 6 Mbps but unicast on announced/local supported-rates.

This is unlike v2.8 behavior.
by sten
Fri Oct 12, 2007 7:28 pm
Forum: Wireless Networking
Topic: IPSEC Speed degredation
Replies: 3
Views: 728

Re: IPSEC Speed degredation

mtu related problem inside the tunnel?
by sten
Sat Oct 06, 2007 3:04 pm
Forum: Wireless Networking
Topic: Difference between basic and supported rates?
Replies: 7
Views: 9188

Re: Difference between basic and supported rates?

basic-rate is used for broadcast and multicast packets (which are not ACKed and therefore must be sent at an reliable rate). basic-rate is also used for association and beacons. supported-rates are simply used for unicast packets (which are ACKed) for each basic-rate there must be a supported-rate b...
by sten
Wed Oct 03, 2007 6:47 pm
Forum: General
Topic: BGP aggregates
Replies: 2
Views: 612

Re: BGP aggregates

I have found that bgp aggregates only work on incoming and not outgoing in 2.9.46
by sten
Sun Sep 30, 2007 4:07 am
Forum: Scripting
Topic: need script advance ping based
Replies: 6
Views: 1539

Re: need script advance ping based

First add the scripts to handle the up and down events. / system script add name=netup source={ :log info ( $nethost . " is up" ) } / system script add name=netdown source={ :log info ( $nethost . " is down" ) } Then add netwatch hosts like this :foreach host in=192.168.1.2,192.168.1.3,192.168.1.4 d...
by sten
Sun Sep 30, 2007 3:58 am
Forum: Scripting
Topic: Global variables whose names are formed in a for each loop
Replies: 2
Views: 950

Re: Global variables whose names are formed in a for each loop

Unfortunately the syntax/script interpreter seems to be pretty much one- or two-pass The closest i have come to accomplishing this feature is to generating a / system script and then executing it. An "eval" type instruction would have been very useful for these cases. Perhaps you could use "arrays" ...
by sten
Fri Sep 21, 2007 4:44 pm
Forum: General
Topic: Uptime Challenge!
Replies: 25
Views: 13707

Re: Uptime Challenge!

490days.gif
by sten
Tue Sep 18, 2007 7:02 pm
Forum: General
Topic: CPE config
Replies: 4
Views: 793

Re: CPE config

my advice is; never ever *ever* bridge customer networks onto yours.
by sten
Tue Sep 18, 2007 6:57 pm
Forum: General
Topic: Uptime Challenge!
Replies: 25
Views: 13707

Re: Uptime Challenge!

9246hours.GIF
9199hours.GIF
the same people who said the latest version is best?

this was 2.8.26 btw
by sten
Tue Sep 18, 2007 12:30 pm
Forum: General
Topic: PPPoE dynamic mangle rules are broken
Replies: 10
Views: 7799

Re: PPPoE dynamic mangle rules are broken

In that case, are you sure you need to adjust mss?
by sten
Tue Sep 18, 2007 11:48 am
Forum: General
Topic: PPPoE dynamic mangle rules are broken
Replies: 10
Views: 7799

Re: PPPoE dynamic mangle rules are broken

Your example only adjusts mss one way. Do you adjust mss on the client end as well?
by sten
Sat Sep 15, 2007 2:49 am
Forum: General
Topic: PPPoE dynamic mangle rules are broken
Replies: 10
Views: 7799

Re: PPPoE dynamic mangle rules are broken

This is much more easer to do with just simple reducing MTU and MRU on the server to the proper value. Default change-mss rules are usable in 99% of situations, other 1% is for complex setup, where combination of VPN is used you need something different, so in this case you have to create setup man...
by sten
Sat Sep 15, 2007 2:30 am
Forum: General
Topic: Bridge Forwarding Table via SNMP
Replies: 1
Views: 637

Re: Bridge Forwarding Table via SNMP

It was available in 2.8.x but was removed for unknown reason in 2.9.x
Ask support@ ?
by sten
Tue Sep 11, 2007 5:41 pm
Forum: RouterBOARD hardware
Topic: RB133 Hardware I/O lines available under ROS
Replies: 3
Views: 1271

Re: RB133 Hardware I/O lines available under ROS

fan connectors?
by sten
Tue Sep 04, 2007 12:55 pm
Forum: General
Topic: Heavy Loaded PPPoE Server Troubles
Replies: 3
Views: 1367

Re: Heavy Loaded PPPoE Server Troubles

Another issue is after running for a month or so the router starts flashing in the logs PPPoE license limit exceded and will not accept anymore connections. It does this even though its licensed for 500 PPPoE connections and we are under that at the time. When it does this the entire router becomes...
by sten
Sun Sep 02, 2007 4:28 pm
Forum: General
Topic: Masquerade and filter connection-state
Replies: 7
Views: 1087

Re: Masquerade and filter connection-state

it is the connection tracking timeout values that cause it.
your typical windows/bsd/linux tcp stack have fairly conservative timeout values compared to the routeros defaults.
by sten
Wed Aug 29, 2007 6:00 pm
Forum: Wireless Networking
Topic: Can`t pass a vlan over the air.
Replies: 3
Views: 1034

Re: Can`t pass a vlan over the air.

have you tried putting vlan interface on wds interface?
dont include ether or wlan interface in bridge, only vlan interfaces (otherwise the bridging code intercepts the vlan packets before the vlan code does)
by sten
Tue Aug 28, 2007 7:00 pm
Forum: General
Topic: RB133 and ethernet problem
Replies: 2
Views: 588

Re: RB133 and ethernet problem

i think i read something about it in the bios changelog

http://www.routerboard.com

should have bios files for you, if not, look in / system routerboard in "Terminal".
by sten
Sun Aug 26, 2007 2:15 am
Forum: General
Topic: RB532A Throughput (cross posted on the RouterBoard Forum)
Replies: 2
Views: 764

Re: RB532A Throughput (cross posted on the RouterBoard Forum)

Hi Everyone At the link below, the effective throughput for various RouterBoard products is published. http://www.routerboard.com/pdf/results_18may2007.pdf For the RB500, the following figures are quoted for Routing with Connection Tracking: RB500 with packet size 512 = 58,54MBit/s RB500 with packe...
by sten
Sun Aug 26, 2007 2:03 am
Forum: General
Topic: PPPoE and CPU load, since 2.9.3x, up to 2.9.44
Replies: 20
Views: 3439

Re: PPPoE and CPU load, since 2.9.3x, up to 2.9.44

I don't know if this helps much, but the authentication issue has been a problem since forever on 2.9.x (not 2.8.x, 2.8.x was slow but solid) It just turned much worse after 2.9.25 when they changed the way they synchronize the login procedures. http://forum.mikrotik.com/viewtopic.php?f=2&t=15387 Th...
by sten
Sun Aug 26, 2007 12:29 am
Forum: General
Topic: Heavy Loaded PPPoE Server Troubles
Replies: 3
Views: 1367

Re: Heavy Loaded PPPoE Server Troubles

Is anyone else out there using MIkrotik to handle a large number of PPPoE clients? 300+ users? Our router is a Supermicro motherboard with P4 and 512Mb ram. We actually have 2 PPPoE routers built like this and they both are giving us trouble. We have mostly Canopy CPE modems. We use Mikrotik as the...
by sten
Mon Aug 20, 2007 8:29 pm
Forum: General
Topic: Split UpStream & Downstream
Replies: 14
Views: 2250

Re: Split UpStream & Downstream

Let's hope they have, and if they have, then simply ask them to add your subnet(s) to their ingress filters.
Always filter the source address of your customers (it will help you sleep at night).
by sten
Wed Aug 15, 2007 1:30 am
Forum: General
Topic: Hack? External ip coming into VPN, then to Internal IP
Replies: 1
Views: 813

Re: Hack? External ip coming into VPN, then to Internal IP

there could be some reasons for this;

* misconfigured port forwarding on router 'B'.
* spoofed packets from an internal host on location 'B'
by sten
Mon Aug 06, 2007 8:58 pm
Forum: General
Topic: RouterOS, Jumbo Frames and MTU (??)
Replies: 1
Views: 1182

Re: RouterOS, Jumbo Frames and MTU (??)

doubt it
they seem to have an aversion against fragmented netbuf's (????)
perhaps this will come in 3.0 as the netbuf handling is bound to be improved.
by sten
Tue Jul 24, 2007 10:46 pm
Forum: General
Topic: nth error in 2.9.44 but not in 2.9.43
Replies: 1
Views: 796

Re: nth error in 2.9.44 but not in 2.9.43

Send this to support@
There has been numerous similar issues throughout times. I guess it's a mishap when they consolidate code (code reuse).
by sten
Tue Jul 24, 2007 6:27 pm
Forum: Wireless Networking
Topic: Fixing Datarate at AP
Replies: 7
Views: 1059

Re: Fixing Datarate at AP

The problem is whether you have to lower the 48 M clients too. You basically have to, if all is to share the same data rate. To lower speed on the AP you set 1 supported rate and 1 basic rate. If using 'B/G' mode you will probably have to setup atleast 2 supported rates and 2 basic-rates (depending ...
by sten
Mon Jul 23, 2007 11:57 pm
Forum: Wireless Networking
Topic: Fixing Datarate at AP
Replies: 7
Views: 1059

Re: Fixing Datarate at AP

many of us dedicate a physical AP card for those with lower signal qualities but that has it's own challenges.
by sten
Mon Jul 23, 2007 11:47 pm
Forum: General
Topic: Split UpStream & Downstream
Replies: 14
Views: 2250

Re: Split UpStream & Downstream

if the FO would allow your customer subnet through their source-filters (or if they are too ignorant to have any), you should be able to do this without any active routing protocols. Then you would just need to do default route one way and let the returning traffic come the other way. If you NAT you...
by sten
Sat Jul 07, 2007 1:50 am
Forum: Wireless Networking
Topic: Mikrotik Access Point and ARP problem ...
Replies: 5
Views: 1319

Re: Mikrotik Access Point and ARP problem ...

sounds like you are using 'watch-address' and someone else has borrowed your AP's IP address, thus rebooting every 5 minutes (default).
by sten
Tue Jul 03, 2007 11:43 am
Forum: General
Topic: Missing something...just not seeing it
Replies: 6
Views: 1167

Re: Missing something...just not seeing it

it was unduly harsh. i apologize. try adding the IP adresses you want to bypass the proxy to an address-list called (e.g. bypass-list). then change the redirection rule to: /ip firewall nat add chain=dstnat protocol=tcp dst-port=80 src-address-list=!bypass-list action=dst-nat to-addresses=externalpr...
by sten
Mon Jul 02, 2007 5:01 pm
Forum: General
Topic: Missing something...just not seeing it
Replies: 6
Views: 1167

Re: Missing something...just not seeing it

:shock:
that would be impossible since you unconditionally redirect all tcp port 80 traffic to the proxy.
*DuH*
by sten
Mon Jul 02, 2007 9:36 am
Forum: General
Topic: Can this be done with MikroTik? (tough question on bridging)
Replies: 18
Views: 2534

Re: Can this be done with MikroTik? (tough question on bridging)

Perhaps I've missed something so please tell me how you can conclude that STP would fix this?

And to answer your question; I based my statement on the 802.1d bridge specification.
by sten
Fri Jun 29, 2007 7:24 pm
Forum: General
Topic: Can this be done with MikroTik? (tough question on bridging)
Replies: 18
Views: 2534

Re: Can this be done with MikroTik? (tough question on bridging)

that is essentially impossible to do on L2, unless you bridge L2 over EoIP and let the L3 routing handle the bonding.
Why not use DHCP Forwarding?
by sten
Mon Jun 25, 2007 12:02 am
Forum: General
Topic: Can this be done with MikroTik? (tough question on bridging)
Replies: 18
Views: 2534

Re: Can this be done with MikroTik? (tough question on bridging)

The answer to the first question: That is impossible with any normal bridge and any such solution would require custom coding which would be prone to a lot of issues. A L2 network can normally only have one operational link between two places. Any additional links must be muted (disabled/blocked/pre...
by sten
Sun Jun 24, 2007 10:37 pm
Forum: General
Topic: bridge vlan and same ethernet without vlan
Replies: 13
Views: 13292

Re: bridge vlan and same ethernet without vlan

because the bridge code would see the vlan tagged packets before the vlan specific code does?
meaning no untagging would be done and bridging based only on destination mac-address would occur.
by sten
Wed Jun 20, 2007 7:04 pm
Forum: General
Topic: Nat Table Size
Replies: 2
Views: 1101

Re: Nat Table Size

/ ip firewall connection tracking print

Look for "max-entries"
by sten
Mon Jun 18, 2007 12:09 pm
Forum: Wireless Networking
Topic: manually setting ack-timeout value
Replies: 43
Views: 15480

Re: manually setting ack-timeout value

i suggest you google and rtfm the subject.
by sten
Thu Jun 14, 2007 7:01 pm
Forum: Wireless Networking
Topic: manually setting ack-timeout value
Replies: 43
Views: 15480

Re: manually setting ack-timeout value

under nstreme it is not necessary to set ack timeout. just leave it as dynamic.
by sten
Wed Jun 13, 2007 6:01 pm
Forum: Wireless Networking
Topic: Security with Compression on Atheros cards
Replies: 3
Views: 885

Re: Security with Compression on Atheros cards

to believe compression serves the same purpose as encryption is false. just because it looks garbled, does not make mean it is not easily reversible. In fact compression is designed to be easily decoded. since this also appears to be an adaptive form of compression, the sender will include informati...
by sten
Wed Jun 13, 2007 1:02 am
Forum: Wireless Networking
Topic: manually setting ack-timeout value
Replies: 43
Views: 15480

Re: manually setting ack-timeout value

no, as long as ack-timeout=dynamic was set.
by sten
Wed Jun 13, 2007 12:06 am
Forum: Wireless Networking
Topic: manually setting ack-timeout value
Replies: 43
Views: 15480

Re: manually setting ack-timeout value

if this AP interface has ack-timeout=dynamic then there is probably a bug in that version.
by sten
Tue Jun 12, 2007 10:24 pm
Forum: Wireless Networking
Topic: manually setting ack-timeout value
Replies: 43
Views: 15480

Re: manually setting ack-timeout value

PRISM does not support setting ACK timeouts AFAIK. But if ack-timeout does not show up on Atheros based ack-timeout=default then there might be an explanation for it. Please do a; / interface wireless info print / interface wireless registration print stats just remove last-ip and radio-name if you ...
by sten
Tue Jun 12, 2007 9:24 pm
Forum: Wireless Networking
Topic: manually setting ack-timeout value
Replies: 43
Views: 15480

Re: manually setting ack-timeout value

ACK timing applies to *all* non-proprietary 802.11 (a/b/g/n) except under certain WMM modes.

When you *set* the ack-timeout then ack-timeout wont be displayed under "status".
It will only be displayed when ack-timeout=dynamic

I've never used PRISM in an AP.
by sten
Tue Jun 12, 2007 3:43 pm
Forum: RouterBOARD hardware
Topic: Ethernet Failure on RB532
Replies: 8
Views: 1978

Re: Ethernet Failure on RB532

Normally a changelog reflects all changes between versions.
This does not apply in the case of MikroTik.
They change lots of things without informing you.
Just get used to it.
by sten
Mon Jun 11, 2007 4:21 pm
Forum: Wireless Networking
Topic: SR2 re-associate problem
Replies: 163
Views: 15850

Re: SR2 re-associate problem

Yes, if the choices were "Long" or "Short" but in routeros, you also have the choice of "Both" which may have an inadvertent effect.
by sten
Mon Jun 11, 2007 3:35 pm
Forum: General
Topic: Installing RouterOS on a WRAP
Replies: 26
Views: 5282

Re: Installing RouterOS on a WRAP

some CF cards have broken controllers or work just plain slow under PIO.
Sandisk 128MB ones as an example.

Gibberish at the login prompt is that routeros defaults to 9600 for the login prompt.
It is actually easier to change the baud in the WRAP BIOS to 9600 for simpler access.
by sten
Mon Jun 11, 2007 8:37 am
Forum: Wireless Networking
Topic: SR2 re-associate problem
Replies: 163
Views: 15850

Re: SR2 re-associate problem

Could you send me the captures as well?

netslist@gmail.com
by sten
Mon Jun 11, 2007 7:53 am
Forum: Wireless Networking
Topic: SR2 re-associate problem
Replies: 163
Views: 15850

Re: SR2 re-associate problem

has anyone tried setting preamble=long on these units?
by sten
Mon Jun 11, 2007 1:10 am
Forum: Wireless Networking
Topic: SR2 re-associate problem
Replies: 163
Views: 15850

Re: SR2 re-associate problem

Sten, The ACK timing shows to be 30us on my end when I log into one of my towers with a 2511 card on the AP. I guess that is what the Prism card AP forces the client cards to when associating. That seems kind of short considering I have one customer on this tower who is 13.85 miles from the tower. ...
by sten
Sun Jun 10, 2007 6:25 am
Forum: Wireless Networking
Topic: manually setting ack-timeout value
Replies: 43
Views: 15480

Re: manually setting ack-timeout value

ack-timeout=dynamic is only meant to be used during installation of a link. i'm sure you could script something, but; what would you regard your maximum to be? why didn't you set it to that value in the first place? how will you enforce the client side ack-timeout? without ack-timeout setting on cli...
by sten
Sun Jun 10, 2007 6:25 am
Forum: Wireless Networking
Topic: SR2 re-associate problem
Replies: 163
Views: 15850

Re: SR2 re-associate problem

illiniwireless: ACK must be set on both sides. what is the hardcoded ACK timeout in that senao 2511? there *has* to be an ACK timeout (otherwise nothing works) and it's usually set to something equivalent of up to 3km (although most indoor APs these days ship with up to 300m for performance). give u...
by sten
Sat Jun 09, 2007 1:19 am
Forum: Wireless Networking
Topic: manually setting ack-timeout value
Replies: 43
Views: 15480

Re: manually setting ack-timeout value

I have been following this problem for quite a while and have been waiting for a solution before really launching several new AP's. Let me make sure I understand you. You are saying that if we set the Ack-Timeout to a fixed amount, say 53 or something like that, maybe up to 80 then this whole probl...
by sten
Fri Jun 08, 2007 7:28 pm
Forum: Wireless Networking
Topic: SR2 re-associate problem
Replies: 163
Views: 15850

Re: SR2 re-associate problem

by sten
Fri Jun 08, 2007 7:25 pm
Forum: Wireless Networking
Topic: manually setting ack-timeout value
Replies: 43
Views: 15480

Re: manually setting ack-timeout value

to clarify. ack-timeout=dynamic did not work on the AP which was routeros. the PLC/PRISM antenna had no concept of dynamic ack timeout. And since the AP calculated the ACK timeout by gradually decrease ACK timeout during association, it usually failed miserably. Might be wrong, it's been 3 years! Ju...
by sten
Fri Jun 08, 2007 2:51 am
Forum: Wireless Networking
Topic: manually setting ack-timeout value
Replies: 43
Views: 15480

Re: manually setting ack-timeout value

well yes. dynamic-ack only works against Atheros, AFAIK I sort of worked on a PRISM based PLC client antenna a couple of years ago and back then dynamic ack (on routeros) never worked for the PRISM chips. It had random results. We had to calculate the max distance by hand to be able to connect PRISM...
by sten
Thu Jun 07, 2007 5:10 pm
Forum: Wireless Networking
Topic: manually setting ack-timeout value
Replies: 43
Views: 15480

Re: manually setting ack-timeout value

basically;
If ACK packets where on the link layer, it would not have mattered, but ACKs are on L2.
by sten
Thu Jun 07, 2007 2:08 pm
Forum: Wireless Networking
Topic: manually setting ack-timeout value
Replies: 43
Views: 15480

Re: manually setting ack-timeout value

try this; we have wireless router A connected to wireless router B via a 10 km 802.11a (20mhz) link. set the ack timeout on both sides. then change the link to "turbo" (40mhz) mode. (it still should work) then change ack timeout to dynamic, read the ack-timeouts and set the new ack-timeout values to...
by sten
Thu Jun 07, 2007 2:24 am
Forum: Wireless Networking
Topic: antenna-mode=rxa-txb fixes low signal strength problem
Replies: 4
Views: 1302

Re: antenna-mode=rxa-txb fixes low signal strength problem

unfortunately, no.
that would be a PRISM chipset (+firmware) limitation :P
by sten
Wed Jun 06, 2007 10:57 pm
Forum: RouterBOARD hardware
Topic: Ethernet Failure on RB532
Replies: 8
Views: 1978

Re: Ethernet Failure on RB532

did you also upgrade BIOS?
ethernet ports can easily break. static, overload, bad wiring, etc etc.

also, try setting it to 10mbit/halfduplex on both sides. does that help?
cables can break too (9 out 10 problems on a network is due to bad cabling).
difficult to diagnose, easy to overlook.
by sten
Wed Jun 06, 2007 10:55 pm
Forum: Wireless Networking
Topic: Dynamic VLAN tagging per-client + RADIUS
Replies: 1
Views: 875

Re: Dynamic VLAN tagging per-client + RADIUS

no such support in routeros, AFAIK.
by sten
Wed Jun 06, 2007 10:54 pm
Forum: Wireless Networking
Topic: antenna-mode=rxa-txb fixes low signal strength problem
Replies: 4
Views: 1302

Re: antenna-mode=rxa-txb fixes low signal strength problem

sounds like you blew the little widget that chooses which input port to listen to. CM9? On PRISM chips, most chores are performed by the firmware. On Atheros chips, most chores are performed by the host. PRISM will bug the host system less but the Atheros is by far the most flexible. If you are refe...
by sten
Wed Jun 06, 2007 10:26 pm
Forum: Wireless Networking
Topic: manually setting ack-timeout value
Replies: 43
Views: 15480

Re: manually setting ack-timeout value

ack timeout is calculated on each association when ack-timeout=dynamic. A little bit of packet loss can leave it at an unreasonable high ack-timeout, giving really poor performance. ack-timeout=dynamic is meant to be used when you initially setup the link and should be fixed at the suggested ack-tim...
by sten
Wed Jun 06, 2007 10:21 pm
Forum: Wireless Networking
Topic: Security with Compression on Atheros cards
Replies: 3
Views: 885

Re: Security with Compression on Atheros cards

Ask Atheros, the limitation is in the chipset.
The same logic that is used to encrypt can be used to compress instead.
by sten
Wed Jun 06, 2007 10:10 pm
Forum: General
Topic: MTU setting on wanpmc
Replies: 6
Views: 1216

Re: MTU setting on wanpmc

the same was done for wireless (atheros) mtu. bad assumption or bug workaround i guess.
by sten
Wed Jun 06, 2007 9:58 pm
Forum: General
Topic: MSS bugs ?
Replies: 2
Views: 956

Re: MSS bugs ?

* The rule that matches by "out-interface" should be in "postrouting" instead of forward. Locally generated TCP packets seem not to have correct MSS. Those don't go through "forward", but they could be addressed at "postrouting". When you think about it, the local router already knows the correct M...
by sten
Wed Jun 06, 2007 7:48 pm
Forum: Beginner Basics
Topic: All my clients computers show ip conflict
Replies: 7
Views: 2835

Re: All my clients computers show ip conflict

when interfaces are members of bridge and you want to use proxy-arp you must put all ip's on bridge interface and only enable proxy-arp on bridge interface. otherwise the proxy-arp feature gets (rightfully) confused.
by sten
Sun Jun 03, 2007 1:14 pm
Forum: General
Topic: MTU Problems
Replies: 19
Views: 5367

Re: MTU Problems

well, none. a route loop mistake involving that router and you'll have a packet storm that wont subside until the router reboots from the stress. i'm not as worried about the detrimental effects of traceroute as much as i'm worried about what would happen if the wrong interface (local interface) no ...
by sten
Sun Jun 03, 2007 12:22 am
Forum: General
Topic: MTU Problems
Replies: 19
Views: 5367

Re: MTU Problems

those mss rules are my rules! from an earlier post! :)

except for the ttl rule, i think the ttl one might too easily lead to ttl loops.
by sten
Thu May 31, 2007 11:16 am
Forum: Wireless Networking
Topic: rouge CPE kill alls cleints
Replies: 25
Views: 4325

Re: rouge CPE kill alls cleints

This paper might help. Perhaps you should do some wireless sniffing to see whether this happens to you?
http://www.huwico.hu/~kodmon/cikk/firmware_attack.pdf

Other than that, try searching google for "802.11 DoS"
by sten
Thu May 31, 2007 11:02 am
Forum: General
Topic: bridge filter
Replies: 10
Views: 2356

Re: bridge filter

remove those rules and add this one and you'll have the desired effect; (paste in terminal) / interface bridge filter add chain=forward in-interface=!ether1 out-interface=!ether1 action=drop The logic of that rule is as follows: If packet is neither entering ether1 (i.e wlan1) nor exiting ether1 (i....
by sten
Wed May 30, 2007 9:42 am
Forum: General
Topic: bridge filter
Replies: 10
Views: 2356

Re: bridge filter

aside from the rules i already know about, it says nothing.
you *are* aware of the "Print Screen" keys function in windows, right?
Try this in terminal:

/ interface bridge filter export

Which interface is your upstream?
by sten
Sun May 27, 2007 6:30 pm
Forum: General
Topic: routing
Replies: 6
Views: 1254

Re: routing

Well cisco's default to having proxy-arp enabled.
Add the larger network to one ethernet and enable proxy-arp (arp = proxy-arp)
Add the smaller network to a second ethernet.
should be equivalent.
by sten
Sat May 26, 2007 3:54 pm
Forum: General
Topic: bridge filter
Replies: 10
Views: 2356

Re: bridge filter

export your bridge filter rules?
probably you can reduce the bridge member<->bridge member rules into a single rule.
by sten
Thu May 24, 2007 6:48 pm
Forum: Wireless Networking
Topic: Force RIP?
Replies: 1
Views: 621

AFAIK: RIP passively receives route announcements every X (usually 30) seconds. RIP cannot "go out and get routes". Some implementations that uses multicast will send additional announcements when an IGMP membership query arrives. You might want to take a look at OSPF or BGP for a more responsive ro...
by sten
Thu May 24, 2007 6:19 pm
Forum: Wireless Networking
Topic: How to block other routers?
Replies: 9
Views: 1284

then i guess you can use bridge filters and default-forwarding=no to control the traffic...
by sten
Thu May 24, 2007 2:18 pm
Forum: Wireless Networking
Topic: How to block other routers?
Replies: 9
Views: 1284

Not without you telling me more about the network and how it all hooks together.
by sten
Thu May 24, 2007 12:00 pm
Forum: General
Topic: IBGP issues with 2.9.39 up
Replies: 3
Views: 747

I didn't say multihop. I have no trouble with iBGP but i do not use it on a very large scale.
by sten
Wed May 23, 2007 1:04 pm
Forum: Wireless Networking
Topic: How to block other routers?
Replies: 9
Views: 1284

by giving each customer their own L2 network.
by sten
Tue May 22, 2007 9:09 pm
Forum: General
Topic: [SOLVED] Too much firewall connections!?! WTF?
Replies: 15
Views: 4106

It really does look like a worm. Try Avast! or something similar.
*or* just turn off your laptop and let your other users through.

Just out of curiosity, what kind of hardware is the router?
by sten
Tue May 22, 2007 7:10 pm
Forum: Wireless Networking
Topic: rouge CPE kill alls cleints
Replies: 25
Views: 4325

Are all those PRISM stations running latest PRISM firmware?
Do you have any way of excluding the problem being the PRISM stations not wanting to connect to the AP?
Have you tried a faster basic rate? Could be that they timeout while trying to associate.
by sten
Mon May 21, 2007 6:05 pm
Forum: General
Topic: [SOLVED] Too much firewall connections!?! WTF?
Replies: 15
Views: 4106

Re: Too much firewall connections!?! WTF?

/ip firewall nat add chain=srcnat src-address=192.168.2.0/24 action=masquerade
nat chain is wrong.
/ ip firewall nat add chain=src-nat src-address=192.168.2.0/24 out-interface=ether1 action=masquerade 
change "ether1" to your public interface.
by sten
Mon May 21, 2007 4:22 pm
Forum: General
Topic: install mikrotik on wrap .2e via netinstall
Replies: 8
Views: 6204

Thank you! Much appreciated.
by sten
Sun May 20, 2007 1:38 am
Forum: General
Topic: Installing RouterOS on a WRAP
Replies: 26
Views: 5282

Boot any BSD or recent Linux on it and you should have no problems.
The WRAP is a pretty cool product even though it is getting relatively old. It's only real Achilles heal is the DMA problems.
by sten
Sun May 20, 2007 1:21 am
Forum: General
Topic: IBGP issues with 2.9.39 up
Replies: 3
Views: 747

make sure no peer depends on default route to be reachable.
by sten
Fri May 18, 2007 9:29 pm
Forum: Wireless Networking
Topic: upgrade from 2.8.28 to 2.9.42 ??
Replies: 4
Views: 1035

I recently upgraded from v2.8.26 to v2.9.26 and then over to 2.9.42 a week later, remotely. This was on RB230 APs. I had no trouble doing it and I don't foresee any trouble.
by sten
Fri May 18, 2007 9:21 pm
Forum: General
Topic: install mikrotik on wrap .2e via netinstall
Replies: 8
Views: 6204

What were your steps to compile the PXE support module correctly?
by sten
Thu May 17, 2007 2:18 am
Forum: General
Topic: cpu-frequency
Replies: 9
Views: 1722

/ system routerboard settings set cpu-frequency=330MHz
<powercycle one time>
/ system routerboard settings keep-frequency

I wrote a script that does all the work, but you still have to wait for someone to either pull the plug or for the router to crash.
by sten
Tue May 15, 2007 11:47 am
Forum: General
Topic: NAT: conflict w/ multiple clients useing same source port
Replies: 4
Views: 1581

It's a problem that also breaks L2TP through NAT but is common in most NAT "engines". In your case, if it is feasible, I'd mark the udp packets with a connection mark for each host and src-nat each mark to a different port range. IMHO current behavior is not really flexible.
by sten
Mon May 14, 2007 6:37 pm
Forum: General
Topic: pppoe-client distance
Replies: 7
Views: 4065

It can be done dynamically with routing-test you can use the filters which will be applied to dynamic-in and/or connected-in.
by sten
Fri May 11, 2007 8:14 pm
Forum: General
Topic: SNTP
Replies: 4
Views: 1920

this is just a guess, but to me it sounds like windows 2003 doesn't permit just anyone to get the servers time since time is very important during kerberos authentication (for AD). maybe only registered machines in the windows domain gets to read it?
by sten
Fri May 11, 2007 4:25 pm
Forum: General
Topic: bridge filter
Replies: 10
Views: 2356

perhaps you used the bridge ip as default gateway for some of the users? if traffic is routed and gateway ip is a bridge member, then the traffic will show up in "input" bridge filter chain.
by sten
Fri May 11, 2007 1:32 pm
Forum: General
Topic: MTU MSS PPPoE Citrix... problem?
Replies: 7
Views: 3117

not entirely correct you really should adjust mss but you can't use the change-tcp-mss= feature. you are then left with the option of doing it manually. adding a clamp-to-pmtu rule in forward mangle rule will only adjust mss one way. for it to work you need to use it on both ends of the pppoe sessio...
by sten
Thu May 10, 2007 2:46 pm
Forum: General
Topic: MTU MSS PPPoE Citrix... problem?
Replies: 7
Views: 3117

change-tcp-mss unconditionally alters mss. let me give you a short example. USER--(1480)--NAS--(1500)--{inet}--(1500)--FW--(1400)--WWW USER sends TCP syn with mss of 1460 NAS sets mss to 1440 FW adjusts mss to 1360 WWW replies with TCP syn+ack with mss of 1360 NAS set mss unconditionally to 1440 USE...
by sten
Wed May 09, 2007 1:06 pm
Forum: General
Topic: Per port rate limiting
Replies: 13
Views: 7330

sergejs: are you saying that if i set my lan (ether1) interface to tx-rate=1000 rx-rate=1000, it won't be slower than my usual 100Mbit/s?
by sten
Wed May 09, 2007 1:01 pm
Forum: General
Topic: MTU MSS PPPoE Citrix... problem?
Replies: 7
Views: 3117

if you use the ppp profile feature to adjust the mss, you need to know that it is broken. Next, Cisco PIX firewalls running one of the later versions of software will drop packets with tcp mss unconditionally adjusted.
by sten
Tue May 08, 2007 10:31 am
Forum: RouterBOARD hardware
Topic: Broadcast routing (router mode)
Replies: 7
Views: 4433

Re: Broadcast routing (router mode)

Hi, Is there any possibility MT to route broadcast traffic (255.255.255.255), from one IF nework to other IF network (in router mode) ? I have a server that is hosted in one net, use broadcast to announce itself, but clients are in other netowrk. I can't use bridge mode because of other configurati...
by sten
Mon May 07, 2007 2:52 pm
Forum: General
Topic: netwach
Replies: 5
Views: 1021

try adding the letter "s" behind your interval numer.

also you need to set a count= limit, otherwise ping will never exit and you will never know how many times the remote host responded.
by sten
Mon May 07, 2007 12:23 am
Forum: General
Topic: netwach
Replies: 5
Views: 1021

netwatch can't use mac-addresses (AFAIK!) why not use a scheduler+script that uses something akin to :if ( [ / ping 10.0.0.1 arp-interface=wan ] = 0 ) do={ :put offline } else={ :put online } of course replace "10.0.0.1" with the ip you want to ping and "wan" with whatever interface that ip is found...
by sten
Sun May 06, 2007 5:43 am
Forum: Scripting
Topic: BGP Failover script
Replies: 1
Views: 1291

if using routing-test;

:foreach p in=[ / routing bgp peer find ] do={ :put [ / routing bgp peer get $p state ] }

but is it really needed to announce that network using a network statement? what if you just announced the entire network from the iBGP's or use "aggregate" ?
by sten
Tue May 01, 2007 12:51 am
Forum: General
Topic: MTU Problems
Replies: 19
Views: 5367

that can be a million things.
by sten
Mon Apr 30, 2007 2:21 pm
Forum: General
Topic: MTU Problems
Replies: 19
Views: 5367

Re: MTU Problems

Using the Change TCP MSS NEVER worked correctly for us.. and the ONLY way I ever got it to work was to put a Single Static mangle rule in the firewall setting MSS to 1452. I've looked at the stuff that change TCP MSS does in the PPPoE client, it makes 2 dynamic rules, 1 on incoming on the pppoe int...
by sten
Sun Apr 29, 2007 3:14 pm
Forum: RouterBOARD hardware
Topic: 100% CPU Load on 2.9.42 ???
Replies: 4
Views: 1587

also run check-installation to see whether some component has been damaged. it is not very likely but freak accidents happen. if something is damaged then just "downgrade" to the same version which reinstalls the files. as an example i've had the snmp module crashing on me due to data corruption (ba...
by sten
Sun Apr 29, 2007 2:20 pm
Forum: Scripting
Topic: CLEAR Command
Replies: 4
Views: 9132

click on the upper left icon and you'll see the option "reset terminal" (in windows).
by sten
Fri Apr 27, 2007 7:45 pm
Forum: Scripting
Topic: PPPoE Script after login
Replies: 3
Views: 1710

nope, but such a feature would be seriously helpful for me too!

perhaps in your case you could add permanent queue on top of the queue list and use packet marking in mangle to mark local traffic. of course, if it must be on a per user basis then this probably wouldn't do much good.
by sten
Fri Apr 27, 2007 7:42 pm
Forum: Scripting
Topic: Telling which ethernet a user is connected?
Replies: 1
Views: 1089

this would be useful for me too
by sten
Fri Apr 27, 2007 7:41 pm
Forum: Scripting
Topic: CLEAR Command
Replies: 4
Views: 9132

nope, but if you use putty or securecrt, you have the option there.
by sten
Fri Apr 27, 2007 6:46 pm
Forum: General
Topic: ppoe disconnect and connect automaticly
Replies: 2
Views: 842

maybe someone can help. but you wont know that unless you post the necessary information. more information is better than less. if you dont know what to post, then post as much as you can possibly can.
by sten
Wed Apr 25, 2007 7:28 pm
Forum: General
Topic: MPLS - what will you use it for?
Replies: 3
Views: 1698

traffic engineering.
by sten
Tue Apr 17, 2007 3:14 pm
Forum: General
Topic: Help me plzz.... :(
Replies: 5
Views: 1337

Limit the customer traffic before it can reach the proxy?
by sten
Sat Apr 14, 2007 12:42 am
Forum: General
Topic: Help me plzz.... :(
Replies: 5
Views: 1337

Limit the customer traffic before it can reach the proxy?
by sten
Sat Apr 14, 2007 12:25 am
Forum: General
Topic: WDS Bridge, PPPoE, PTMP Wireless, and VLANs oh my!
Replies: 4
Views: 1707

Yes, I mean packet duplication based on the nature of a bridge. Do you have that much broadcast traffic on your network? After all, non-broadcast traffic should not be 'duplicated' but just send out on the (bridge member) interface on which the destination MAC can be reached... --Tom That is assumi...
by sten
Fri Apr 13, 2007 8:15 pm
Forum: General
Topic: WDS Bridge, PPPoE, PTMP Wireless, and VLANs oh my!
Replies: 4
Views: 1707

Do you use wds between CPE's and AP2?

And by packet duplication, do you mean packets are duplicated in error or in the nature of bridges?
by sten
Tue Apr 10, 2007 1:30 am
Forum: Wireless Networking
Topic: AA:AA:03:00:00:00 - strange log entr
Replies: 5
Views: 2177

short or long preamble?
by sten
Fri Apr 06, 2007 11:23 pm
Forum: Wireless Networking
Topic: rb133c as wireless ptp bridge?
Replies: 4
Views: 1151

Level 3 will do a single point to point (mode=bridge instead of ap-bridge).
by sten
Thu Apr 05, 2007 3:23 pm
Forum: General
Topic: Hack Attempt using Bandwidth Test ??
Replies: 4
Views: 2584

It would be nice to have an action in system logging which would allow a script to be run to check the last log entry and allow a script to add the address to the address list as a restricted address and allow us to block. "Good security" implies you do the opposite. Only permit certain addresses a...
by sten
Tue Apr 03, 2007 10:55 pm
Forum: General
Topic: Channel reuse on the same site
Replies: 9
Views: 3389

Have you guys considered that synchronizing channel usage would also reduce throughput. But using different polarity would definitely open a window opportunity. How would it reduce throughput? By "it" you mean changing polarity or trying to synchronize transmission? Polarity usage is greatly depend...
by sten
Tue Apr 03, 2007 6:34 pm
Forum: General
Topic: Channel reuse on the same site
Replies: 9
Views: 3389

Have you guys considered that synchronizing channel usage would also reduce throughput. But using different polarity would definitely open a window opportunity.
by sten
Tue Apr 03, 2007 5:15 pm
Forum: General
Topic: Channel reuse on the same site
Replies: 9
Views: 3389

Have you guys considered that synchronizing channel usage would also reduce throughput. But using different polarity would definitely open a window opportunity.
by sten
Tue Apr 03, 2007 5:14 pm
Forum: General
Topic: Channel reuse on the same site
Replies: 9
Views: 3389

Have you guys considered that synchronizing channel usage would also reduce throughput. But using different polarity would definitely open a window opportunity.
by sten
Tue Apr 03, 2007 5:09 pm
Forum: General
Topic: RAM Support
Replies: 10
Views: 1888

even 80386 SX ? :lol:
by sten
Tue Apr 03, 2007 4:41 pm
Forum: RouterBOARD hardware
Topic: Boot RouterOS from CF on 532
Replies: 9
Views: 2074

Is proxy-cache using a microdrive in CF the intended use for the CF under routeros?
by sten
Mon Apr 02, 2007 9:43 pm
Forum: General
Topic: MikroTik VLAN Bridging Help
Replies: 31
Views: 4043

you do not need proxy-arp to "surf the internet" but it might come handy to reach neighboring vlans. proxy-arp can be avoided if you use /32 net masks on the hosts.
by sten
Mon Apr 02, 2007 8:05 pm
Forum: General
Topic: MikroTik VLAN Bridging Help
Replies: 31
Views: 4043

define "it".

surfe? sure
connect to your neighbor? not without host subnet mask change.

perhaps you'd want to hire someone with basic ipv4 knowledge to verify this for you?
by sten
Mon Apr 02, 2007 6:22 pm
Forum: General
Topic: MikroTik VLAN Bridging Help
Replies: 31
Views: 4043

Sten, did you actually try this and it worked? Slightly different setup. Is it the proxy-arp that makes it work? Not really. My question is, why does the loopback device have a mask of /32 and what would happen if is were to be /24? No particular difference in effect for what you are trying to achi...
by sten
Mon Apr 02, 2007 3:28 pm
Forum: General
Topic: MikroTik VLAN Bridging Help
Replies: 31
Views: 4043

My example shows how to use interfaces as gateways for routes. Except in routeros 2.9 you cannot use an interface name as a "gateway" for the routes, you need to add an IP address and then use that IP address as the identifier for the interface. In routeros 3.0 this whole setup would probably be muc...
by sten
Mon Apr 02, 2007 3:38 am
Forum: General
Topic: MikroTik VLAN Bridging Help
Replies: 31
Views: 4043

of course proper configuration is absolutely necessary. i was saying "assume a clean router" to point out that this example shouldn't be superimposed on just any established configuration without some consideration.
basically i was giving a minimal demonstration of concept.
by sten
Sun Apr 01, 2007 8:09 pm
Forum: General
Topic: MikroTik VLAN Bridging Help
Replies: 31
Views: 4043

imagine a clean router and your public ip subnet is 123.0.0.0/24 / int bridge add name=loopback / ip address add address=123.0.0.1/32 interface=loopback / int vlan add name=vlan2 vlan-id=2 interface=ether2 arp=proxy-arp / int vlan add name=vlan3 vlan-id=3 interface=ether2 arp=proxy-arp / int vlan ad...
by sten
Fri Mar 30, 2007 5:53 pm
Forum: General
Topic: MikroTik VLAN Bridging Help
Replies: 31
Views: 4043

Standing at that cross-road eh? In the long run you would probably be better off with the waste of IP addresses. But why don't you at least try proxy arping and host routes instead of messing up your vlan structure? That way your vlans wouldn't leak. EDIT: You might actually not have to do proxy-arp...
by sten
Fri Mar 30, 2007 5:35 pm
Forum: General
Topic: vpn problems
Replies: 8
Views: 1395

Cool script, i'm sure it will help someone who searches the archives in the future. Scripts are sometimes necessary to add more intelligence in a network. I would probably have used / tool netwatch and increased the interval (in case of random packet loss). Setting pptp-client's disabled=no (even if...
by sten
Fri Mar 30, 2007 4:19 pm
Forum: General
Topic: vpn problems
Replies: 8
Views: 1395

sounds like a NAT or firewall timeout in between your routeros and the windows 2003 server.
by sten
Wed Mar 28, 2007 9:21 pm
Forum: Wireless Networking
Topic: Wireless disconnects at 9pm?
Replies: 9
Views: 1703

Try setting 'periodic-calibration' = 'enabled' on both ends.
by sten
Sun Mar 18, 2007 8:26 am
Forum: General
Topic: BETA Testing and Feature Suggestions for next routeros
Replies: 329
Views: 76620

MTU above 1500 on the many 10/100 Base-TX cards that are out there. RealTek and NSC DP83816 (used on RB230's) as examples. It would help greatly for eliminating fragmentation when using EoIP and such, and it makes 1500 byte PPPoE tunnels possible. More information available in SNMP. Support for IPSe...
by sten
Wed Mar 14, 2007 7:19 pm
Forum: General
Topic: 2.9.40 and serious EOIP issue
Replies: 3
Views: 1059

Try enabling connection tracking and see if that helps.
by sten
Sun Mar 11, 2007 4:59 am
Forum: General
Topic: layer 2 traceroute
Replies: 3
Views: 1535

consult the manufacturer of those switches. something like that would have to be proprietary.
by sten
Mon Mar 05, 2007 9:47 am
Forum: General
Topic: PPPoE Big Problem.
Replies: 16
Views: 2793

I'm not sure you are talking about the same ghosts as (at least) i am. The ghosts i am referring to are stalled/broken pppoe connections that never go away automatically. And in some cases cannot be removed unless rebooting. They are presumably caused by synchronization/locking issues caused by the ...
by sten
Mon Mar 05, 2007 8:33 am
Forum: General
Topic: PPPoE Big Problem.
Replies: 16
Views: 2793

Yes, RADIUS wont solve ghosts, only different version will.

I mentioned RADIUS to go above the artificial limit of 400 users on versions later than 2.9.24
by sten
Fri Mar 02, 2007 5:01 pm
Forum: General
Topic: PPPoE Big Problem.
Replies: 16
Views: 2793

The ghost issue has been especially apparent in all versions after v2.9.24. Although some ghosts can appear in v2.9.24, they are rare and often due to certain conditions. You need either to use v2.9.24 or use a very recent one. (Note: The recent versions cant handle more than 400 '/ ppp secret' user...
by sten
Thu Mar 01, 2007 7:31 am
Forum: General
Topic: bridge vlan and same ethernet without vlan
Replies: 13
Views: 13292

It is possible to tag vlans over WDS. Just make the WDS interface the VLAN parent interface. You might want to use a different bridge interface pr vlan-id. It is also possible to bridge vlan tagged packets without configuring a single vlan interface on the unit.