I have a network of: (10.1.1.0/24)----[10.1.1.1=ROUTER-A=10.1.2.125]-----(10.1.2,3,4.0/24)[.1=ROUTER-B=] Where Router A has Router B as it's gateway. If a host on 10.1.1.0/24 pings a host on 10.1.3.0/24 the first ping gets a reply, everything after fails. Looking into it more, after the first ping R...
Is there any chance that Ethernet support for GRE will be added? Otherwise there really is no good way to provide failover to a customer that is using our native IP space between us and another provider.
I understand that EoIP WAS stateless, but 5.x seems to have added a keepalive field. I had it set to 00:00:10 on both sides, if I take it down the interface always stays running.
Appears that the GRE tunnels can not be bridged though.
Also, the keepalive on EoIP does nothing! Doesn't matter what I set it to the interface will stay up, any idea when either of these issues will be resolved?
Hello all, I am trying to do what I originally thought was a simple setup, but has quickly not become the case. We have a customer we want to ensure 100% uptime. They have a connection to our network and a connection to another ISPs network. On our network we gave them a static lease, on the other n...
I am trying to write a script to log into a remote host (not mikrotik) and issue some commands. Specifically I am trying to ssh (or telnet, or snmp) into a tripp lite ups and reboot the ups. Has anyone here done this before or have any suggestions? The problem is I can't complete the login sequence ...
Apparently in ROSv5 (5.2 is what I am currently on) the SNMP server will respond from the IP address of the nearest interface. Previous versions of ROS do not function this way and it is causing issues with my firewall rules. Has anyone else encountered this and is there any fix on the horizon? Than...
Ah, so unless I set the max-limit there is no way this will work; that was my suspicion. This creates a real issue with using priority because I don't know what the wireless interface is at. Sure most of the time the bridge runs at 30mbps, but if there is inclement weather or something it may drop t...
Does a max limit need to be set to effectively prioritize traffic? I am currently using: /queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \ max-limit=0 name=qos_m1w parent="ether2[m1w]" priority=1 add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit...
I had a router burn out and put in a new one that is running v4 (was at v.3.25). I always put a kill rule at the end of my simple queues to keep unauthorized traffic off. Now as soon as I enable the kill queue it kills all traffic on my router. The kill queue is just a catchall (ie. dist_net/24 limi...
Add default route fixes the route problem, but now it doesn't write to the LCD. I was thinking it may be because it doesn't write to the lcd until packets are sent its way?
I have used the ppp hack and it injects an invalid route into my routing table everytime it runs. That is no good, it was causing massive packet loss. Any ideas on a workaround for this? I was thinking maybe bridge the terminal session to telnet and then accessing it via telnet, but I have no idea h...
I use radius for everything I do not want to be creating profiles for every user. I found that queue-trees seem to override simple queues. I am experimenting with this setup: <code> /ip firewall mangle add action=mark-connection chain=forward comment="" disabled=no \ dst-address-list=internal new-co...
I am using queue dynamically created via either dhcp-mac or pppoe. In either 2.9 or 3 is there a way to have a queue sit "on-top" of the dynamic queues that gets hit first? (ie. so that I could have 10M queue to any internal-infrastructure, and then drop them down to their regular internet amount fo...
I usually set up my queues so that I have a list of all the clients queue to whatever. Then my infrastructure ips queue to unlimited then a kill rule. I upgraded some routers to 3.14 now and the infrastructure is now limited down to the kill rule (1kbps). Is there a better way to do this? (I do not ...
We have a rb532r5 (399mhz) board with a rb564 daughterboard (using 5 ethernet interfaces total) running 2.9.48. The whole router pushes 10mb TOPS, typically no more than 7mb and it is sitting at 100% CPU usage the majority of the tim. Even in the early AM it is at 100% (when traffic is next to nothi...
I didnt really need anything fancy, just something to allow users to dial in for a backup dial-up service, and maybe for a tower to dial out to a central server in case a link drops out or something?
A while ago I disabled the dhcp server for a bit and then re-enabled it, and then it kept erroring saying "queue already existing" or something like that (as I use DHCP -RADIUS) So I removed all of the queues and that problem went away, but now I am having the problem of it is not recreating many of...
I have tried several different strings to no avail, the radius server does send it out but MT doesnt react? Any ideas? I have tried: 10.1.50.72/29 10.1.50.70 1 2 -1 3 400 10.1.50.72/29 0.0.0.0 1 2 -1 3 400 10.1.50.72/29 0.0.0.0 1 10.1.50.72/29 10.1.50.70 1 10.1.50.72/29 10.1.50.70 10.1.50.72/29 0.0....
ForePoint I want to be able to add routes to the router dynamically. IE. if the user is going to get a /29 routed to them I would add say a 10.1.1.0/24 to the router and then hand the user 10.1.1.16/29. If the user's router's address is 10.2.2.100 then I want to route 10.1.1.16/29 to 10.2.2.100 so t...
Hello all, I am changing the interface costs within /routing ospf interfaces and the distance on the routes is not changing whatsoever, is there some intermediate setting I am missing?
Hello all, I am trying to forward two ports to a single internal machine, but the mikrotik router gets its ip dynamically, so I have to use masquerade. Currently I have: 1 chain=srcnat out-interface=wlan1 src-address=192.168.1.0/24 action=masquerade 2 X chain=srcnat src-address=192.168.1.215 action=...
we already support protocol IGMP for IP Multicast (compliance with RFC 2236) Support IP Multicast with use Protocol Independent Multicast (PIM) and Sparse and Dense Mode (compliance with RFC 2362, 3973) are being developed. I am very excited about this!!! Will it be ready in v3? How is IGMP current...
yep, i put that first so i could see it it actually makes any difference with the rules, but I cant really tell the difference between it and not having it.
I want to have my users sharing the available bandwidth to the internet so that no one user can stop all the other users from using the network when one user is downloading a file. I also want to prioritize the traffic as shown (icmp, voip, http, other, p2p). I have the following config: 6 name="dow...
Is ros3 going to be capable of routing multicast traffic with pim-sm and be able to be a igmp capable router? This is of the utmost importance to us currently, otherwise I have to convert everything over to cisco(and i really do not want to do that!!!).
i do not want to have to use hotspot, just straight dhcp with radius backend. I just need some way of saying if user not found do attributes x whether it be in freeradius or mikrotik?
I am trying to setup everything so that if the user/mac is not in the freeradius table then mikrotik dhcp will stick the user/mac in pool xxx rather than flat out denying them access, any ideas on how to do this?
i accomplished this a different way because i dont like hotspot. I have each user in defined to a certain ip pool depending on their status, ie payed or not. for no pays i have firewall rules that redirect all traffic in pool nopay to xxx.
can m3p be enabled just on wireless links --> ie. only the bridges compress and decompress the packets, so it doesnt needs to be touched in the router?
should it look something more like this for a t1? 0 name="http" parent=master packet-mark=http limit-at=0 queue=default priority=3 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s 1 name="voip" parent=master packet-mark=voip limit-at=0 queue=default priority=2 max-limit=0 burst-limit=0 burs...
ah, thats good to know. My end goal is to have setup like: if in raddb as normal group --> give it appropriate attributes if in raddb as a nopay --> make all the traffic go to page nopay if not in raddb --> make all traffic go to page register mac For dhcp/radius i had gottent his working by setting...
How can I use snmp to check the kb/s traffic of an interface in mt? the oid of 10 & 16 is supposedly bytes in & out but this seems to be an ever incrementing value, and not a per second value? This seems like others would have asked before but I couldnt find any references on the forums?
i got mark-id working with: 0 chain=prerouting action=jump jump-target=hotspot 1 D chain=hotspot src-address=10.1.60.75 action=mark-packet new-packet-mark=test123 passthrough=yes 2 D chain=hotspot dst-address=10.1.60.75 action=mark-packet new-packet-mark=test123 passthrough=yes only problem now is t...
ah, so set this in radius. I was thinking of this. only problem i had was that I wanted to use the radius for wireless auth and i cant have radius reporting back positive no matter what for that, but then i though i could run 2 different radius servers on different ports and just have dhcp run on po...
I looked in hotspot aaa and hotspot gateway and saw no examples even mentioning filter-id or what to do with a user after they have been denied. unless i am missing another page?
I have been playing with hotspot all tonight, and it seems Filter-Id might be a good option, but whenever I do it, mikrotik creates the correct mangle rule, but nothing falls under it, ie. even with traffic being used nothing is marked. Also hotspot just seems far too in-depth for what i am doing as...
It doesnt seem to work in 'wireless' only dhcp, ppp, and hotspot.
Dhcp would be fine, but i need some way to say if the user is not in the radius database put in poola and forward to pagea or just plain old forward to pagea, i think hotspot can do this, but it seems like massive overkill.
How are other people doing this? What I am trying to do is set it up so that people who are unauthorized will be thrown in pool unauth and then the firewall rule xxx will direct all their traffict to page yyy.
I am going to use Radius to check for DHCP attributes and I would like to have the clients in the ip pool "unauth" if their mac is not found in the radius db. Is there a way to setup a default ip pool for stuff to fall into if no other attribute is assigned to it?
Is this all I would need or is there other configurations I need elsewhere that to make the traffic prioritized. I tried to testing by making icmp priority 1, voip 2, etc... And loaded my line to full and then tried to ping stuff and was still getting the same high numbers as if I had no prioritizin...
I am finally to the point where queueing individual users is no longer the only solution necessary. I would like to start prioritizing traffic from my main router. I am using mikrotik as my main router and all traffic is going through it. I would like traffic priority to go in the following order: v...
so finally there is a t1 card that is in production AND works in mikrotik? amazing! How stable is it? and like jarosoup asked, can you configure it from the command line?
if i did a max connection limit of 30 per ip, what happens when a user is downloading with 30 p2p connections, and then tries to open a web browser? it wont let any traffic go right? or will it kill one of the old connections, and open the new one?
I am getting mixed reports on the forums on the stability of bgp. I am about to get my ASN and would really like to have BGP working soon, is this something that I can do with MT?
I want to do load balancing over my 2x t1s with it.
savage, humm thats true i didnt think of that, if my pipe is full it really doesnt matter what gets through first.
on the other hand, many times i have a queue for each part of my network, and then my external bandwidth isnt being maxed, it is my internal bandwidth.
i am trying to setup a system where all http traffic is prioritized over other traffic. so far what i have is: [xxx] ip firewall mangle> print Flags: X - disabled, I - invalid, D - dynamic 0 X chain=input protocol=tcp src-port=80 action=mark-connection new-connection-mark=http_conn passthrough=yes 1...
i have 91 clients on the proxy says it, which at least imo is not that much. so i should be safe for a good while. when do you think it is best to switch to a dedicated machine?
Is there a rule at hand that says you need so many MB of RAM per GB of cache size? right now i have a 5GB cache with 150MB RAM dedicated to cache. just wondering.
i ended up getting it working. i dont know if it was a bug, or if i opened a winbox window and clicked the wrong thing but my user had been set to 0.0.0.0/32 which wouldnt let me login. once i was plugged in with a physical keyboard i found it after looking around for a bit. thanks for the help, and...
much much worse problem now. i lost all power, my battery backup DID NOT kick in, shut down the whole system. I booted the router back up and now for any username/password i try it says incorrect username/password from both ssh and winbox (the only login methods i have enabled) is there some way to ...
I can no longer login to my mt server via ssh, it loads halfway, but then it never shows a command line for me to type anything. Under active users it shows a about 15 sessions, all real and from me, but i closed them a long time ago, some are from over 6 days ago. Is there any way to log out these ...
Does the mt cache server cache downloads? It does not seem to as everytime i download the same file from the internet it uses internet bandwidth, and apparently doesnt just transfer from the mt server? is there a way to enable this?
wow that is complex, i really dont see any time limits or anything in there but i dont know where to look? What if all I really want to do is make http connections change priority. so if the http connection runs for 5s or less it gets priority 1 and for 5s-60s priority 2 and greater than 60s priorit...
now that i think about it, it might actually be better to prioritize based on connection time? so that is the connection is less than 5s than make it highest and a little less for each bit of time over 5s it is.
I am having users who are downloading large files and then it fills their simple queue(which is all i currently have setup) and then they fill up my entire main line. I cant drop their rates because then downloads AND web would go slower. Is there a way I can make each connection be managed. IE. con...
and i mean something automatic. like, client with mac x connects, so the mt ap checks in radius if client x is allowed, and what Rate-Limit is for that client and creates a simple queue. is this doable?
no my network looks like: [client]---[cpe])))))[ap]----[router]-----[bridge])))))[bridge]-----[router]----[internet] although for any given cpe it goes through several more: [router]-----[bridge])))))[bridge]-----[router] parts until it get to the final router on the internet. each router has public...
what exactly does a smartjack card do then? cause i remember specifically them installing it, i thought it was just something so that they could test the line more easily, does it actually condition the line too?
it is seperate, my network is entirely routed, so it is on its own(private) /24. I tried giving things bandwidth queus by wireless mac authenticate, but nothing happened?
5148, took a LONG time for me to figure out that you cant do it via telnet, ssh OR winbox and you have to be physically typing it in at the computer. maybe try this?
i have a 5148 running on 2.9.18 and its working fine. mine also shows two interfaces, i had to configure the first one via cmd line and just disabled the second one. works fine for me.
lol, ya, i was seriously contemplating doing that, but figured i didnt want to spend 2 hours per, totalling dozens of hours, to walk them through figuring out what their mac is.
I took on a new tower with alot of new customers already hooked up to it. The guy who I took it over from gave me the MACs of all the Wireless CPEs (mostly senao nl2611). I have a system setup that lets everyone who dhcps in check the mac to a radius server and then it sends back bandwidth queue att...
oh no, i have the dhcp lease set at 3 days, and even that is shorter than what ill set it for in production. i just wanted it to update the bandwidth which it is doing.
and i just tested it out and for future reference. setting the timeout to 60 or whatever you want DOES NOT affect the clients, at least not in 2.9.15. It automatically updates their queue if necessary, and doesnt kill the lease or anything, making it one of the absolutely coolest things ever!
well really it would be 1d but i need to test it, so i wanted to set it to 60s just for testing purposes. I want to kill their bandwidth if say they are a certain amount of time late in payment or something. the dhcp clients should just re-auth right?
I am trying to make the MT router recheck radius for new attributes every day or hour or however often i want so that it updates whatever in the router(using DHCP). I have tried several different attributes, but none of them seem to make it update.
i luckily got a sangoma card, tech said same thing, they wanted to work with mikrotik on newer cards, but nothing came of it. the card i do have works awesomely! I really really hope they update the t1 stuff, cause thats one of the most useful parts of RouterOS imo.
every client has a queue, i would like EVERYONE, as in every single queue to share a single queue of say 256k for p2p traffic. so that at no time on my network is more than 256k of t1 being used for p2p.
Is it possible to limit p2p connections with simple queues on 2.9? It shows up but then the user still gets all their bandwidth + the amount in the p2p queue. for example if queue list looks like: p2p 64kbps user 256kbps then the user p2p just downloads at 256+64, thus defeating the purpose. How can...
What kindof throughput can i expect for two wraps(233 or 266mhz/ 64mb or 128mb of ram) with 1 sr5 per wrap in WDS? i know on rb532 i can get ~23mb, but due to unavailability of rbxxx i must use wraps.
i found the problem, their was an almost microscopic piece of something in the jack of the nic. i thought gigabit used all 4 pair, since it uses all 4 pair, is there different wiring standards other than 568a/b for it, or do those work equally well? also i guess there wont be any poe for gigabit.
It would appear that you cannot make changed during when the interface is enabled, however if you disable it, then make changes, then enable it, it will work. Also, you cannot enable it through winbox it would seem.
No matter what I do this gigabit intel nic(pro1000mt) will not associate at 1000 in 2.8.28 on one computer specifically for me. In any other computer it works just find. Anyone have this problem before, any solutions?
is it possible to have mt check the mac of the user and then compare that to user accounts stored in a radius server for what to set the users queue to?
i had 2xintel desktop pro1000mt adapters routing between 2 networks. the mt server was a 900mhz duron with 384mb ram. i had 2 linux boxes, 1 on each network and ran iperf between them. i got 380mbps HDX throughput, mt winbox reported ~400mbps per interface, which is 800mbps total. at first i was con...
is telnet/ssh the only way to do this? i currently have a php script that telnets in and it takes 60 seconds to issue a command. the other thing is how do you get data back out from mikrotik, the first couple line are easy, but what about when you need to press the down key? is perl going to be alot...
Is there a way i can manage simple queues remotely, ideally through mysql/radius. but any method would work that a program can access and edit/delete/add queues.
when i say manage, i mean a piece of software can do it, not winbox or telnet.
you could use heat pipes on a pentium m/athlon mobile, then have the ends of the heatpipes sticking out the box(caulk the hole well), then have outdoor rated fans blowing on the exposed heatpipe tips. itll still run hot, but it may run. if you try it let me know how it goes, i never did it before. a...
i want to write a php web interface for setting up users queues. what would be the best way to do this? write a php script to telnet in and then just issue commands?
to be able to create, modify and delete queues. i want to make a universal management program for my network that manages mail, mikrotik, website everything. make my job alot easier.
how long are you planning on having these cards, right now i dont quite need them, and need the money for my t1 bill. u gonna have them in a month or so?
i assume they are full 1544(aka 1536)
are they a csu/dsu as well, i dont need any other equip do i?
what is the model number i wanted to look it up and see what i can find on it.
i just meant where could i purchase them from, like what store?
i checked techdata and the other usual sources, and nothing.
how much they usually go for?
right now i have a netopia r5300(?) router in front of mikrotik, this router i got off ebay, and it seems to crash once every 6 months, and mikrotik about every 4 or 5. i would like to eliminate one source of crashing(and allow me to not have to waste my ips subnetting) and eliminate the router. how...
left bandwidth test running for the last 3 hours, stays exactly at 27mbps, with no more than 500k variance. i think it may be cpu limited on my windows machine running the bandwidth test, whenvever i open an app, it drops by at least 15mbps, and once finished loading goes back to 27. @27mbps(UDP/Hal...
i tried out some bridging today, with wds it maxes out at abou 15mbps UDP probably get more in the field, as they are close here, and their antennas are point away from each other, will have to see. on nstreme i couldnt even get them to bridge, the two mikrotiks could talk to each other, and one wor...
anyone tried "heatpipe" technology, alot of new expensive cpu heatsink have a copper tube filled with a liquid , and the liquid evaporates from the bottom, rises, loses heat, and then falls back to do it all over again.?
amd less stable -bah!; in my experience amd is much more stable, all my servers, linux+mt run amd. never had a crash. the people i know using intel have lockups always! and as far as heat. AMD is much much much cooler, using similar heatsinks and frequencies, amd runs around 20degrees farenheit cool...
i checked them out many times now, i cant find the problem here is the routing tables: router main: # DST-ADDRESS G GATEWAY DISTANCE INTERFACE 0 S 0.0.0.0/0 r 208.48.32.193 1 ext 1 DC 208.48.32.192/26 r 0.0.0.0 0 ext 2 Do 10.2.3.0/24 r 10.1.50.70 110 core 3 Do 10.2.2.0/24 r 10.1.100.25 110 iswan 4 I...
I currently have ospf setup on a network that looks like this: ..............................internet ..................................| ..................................|(internet ips) .............................[main router] .........(10.1.50.1/24)/...............\(10.1.100.1/24) ................
i need mikrotik to do these 5 things:
cache
bridge
nat
bandwidth control
firewall
now i know i can make it do them all, but i am having trouble getting it to do both bridging and nating on the same interfaces(2 nics) is this possible?
awesome! that was the problem, replace it with a cheap dlink 100mbps card and now it works perfect. i will soon be installing mikrotik on my actual server(this is on my testing server now), and then i will be using intel pro/1000 cards.
i have 2 bridged both are ethernet. one is an rl-8169(gigabit card, but running at full duplex 100) and the other is the onboard one on an ECS K7S5A motherboard. other system specs are 512 pc2100ddr. 80gb hd, AMD Athlon 1700+
i have setup and redone mt 3 times now, and each time the same result, the bridge works for about 45 seconds and then it just stops, the mt server still responds to pings, but wont pass data through. any ideas?