Community discussions

Search found 1648 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 33
by macgaiver
Fri Aug 17, 2018 2:46 pm
Forum: General
Topic: Why Fast Path not active?
Replies: 4
Views: 347

Re: Why Fast Path not active?

Fastpath is just a foundation, that you need to use fasttrack.
by macgaiver
Thu Aug 16, 2018 3:15 pm
Forum: General
Topic: I've closed all service ports by mistake [SOLVED]
Replies: 4
Views: 227

Re: I've closed all service ports by mistake [SOLVED]

Yes, and there are no way to save config as disabled services are part of configuration.
https://wiki.mikrotik.com/wiki/Manual:Netinstall
by macgaiver
Tue Aug 14, 2018 4:11 pm
Forum: Announcements
Topic: WPA2 preshared key brute force attack
Replies: 16
Views: 3196

Re: WPA2 preshared key brute force attack

What's new in 6.43rc56 (2018-Aug-13 11:13):
...
*) wireless - added option to disable PMKID for WPA2 (CLI only);
...
So far all devices i tried connects just fine.
by macgaiver
Tue Aug 14, 2018 4:09 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 498
Views: 66264

Re: v6.43rc [release candidate] is released!

*) wireless - added option to disable PMKID for WPA2 (CLI only);
All my everyday devices still connects just fine.
by macgaiver
Tue Aug 14, 2018 1:25 pm
Forum: General
Topic: Vulnerability CVE-2018-5390
Replies: 6
Views: 836

Re: Vulnerability CVE-2018-5390

Just a side note - it is way too easy to create those CVE-2018-xxxx entries.. Anyone stubborn enough can do it, even without any actual knowledge of the subject, i think this should be restricted to companies only, for example MikroTik should do it itself.
by macgaiver
Tue Aug 07, 2018 12:41 pm
Forum: General
Topic: 100% CPU CCR1072 due DDoS - How to improve?
Replies: 16
Views: 576

Re: 100% CPU CCR1072 due DDoS - How to improve?

close port 80 from outside use.
by macgaiver
Thu Aug 02, 2018 6:40 pm
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 75
Views: 5247

Re: LHG 60G experience

FYI 6.43rc51:

*) w60g - added distance measurement feature;
*) w60g - fixed random disconnects;
*) w60g - improved MCS rate detection process;
*) w60g - improved MTU change handling;
*) w60g - properly close connection with station on disconnect;
by macgaiver
Wed Jul 25, 2018 8:47 am
Forum: General
Topic: Fasttrack only working in one direction?
Replies: 2
Views: 124

Re: Fasttrack only working in one direction?

does the parent receiving interface support fastpath?
by macgaiver
Tue Jul 24, 2018 5:58 pm
Forum: General
Topic: PCC Load Balancing 2 ADSL and forcing traffic from 1 IP to a specific ADSL
Replies: 17
Views: 444

Re: PCC Load Balancing 2 ADSL and forcing traffic from 1 IP to a specific ADSL

without 2) your PCC will override your mark-connection rule for particular IP.
by macgaiver
Tue Jul 24, 2018 3:55 pm
Forum: General
Topic: PCC Load Balancing 2 ADSL and forcing traffic from 1 IP to a specific ADSL
Replies: 17
Views: 444

Re: PCC Load Balancing 2 ADSL and forcing traffic from 1 IP to a specific ADSL

1) implementation is little bit off, first 2 rules should be in prerouting chain not in input chain, like in manual example: https://wiki.mikrotik.com/wiki/Manual:PCC#Application_Example_-_Load_Balancing 2) on your connection-mark rules you do not have check, if that connections hasn't been already ...
by macgaiver
Thu Jul 19, 2018 5:28 pm
Forum: General
Topic: CRS328-24P-4S+ RouterOS upgrade [SOLVED]
Replies: 4
Views: 245

Re: CRS328-24P-4S+ RouterOS upgrade [SOLVED]

Try manually drag and drop packets to winbox file menu, AFAIK on boards with flash memory upgrade packets for upgrade will be stored in the memory not flash.
by macgaiver
Tue Jul 17, 2018 10:53 am
Forum: Wireless Networking
Topic: Secondary-channel?
Replies: 6
Views: 345

Re: Secondary-channel?

hmm, 80Mhz+80Mhz (wave2), sound like something accidentally or intentionally slipped out about some unannounced, soon to be released hardware.
Exited!!! :D
by macgaiver
Wed Jul 04, 2018 3:15 pm
Forum: Beginner Basics
Topic: Date of last software downgrade
Replies: 6
Views: 312

Re: Date of last software downgrade

If factory version is the same as installed version you can't downgrade, board might not work on lower version, some feature or some part was not supported.

I wonder, what is this mistical version that your ISP supports and what they doesn't. And why? :)
by macgaiver
Tue Jun 05, 2018 12:22 pm
Forum: Announcements
Topic: MikroTik News June 2018 (Issue #83)
Replies: 43
Views: 8676

Re: MikroTik News June 2018 (Issue #83)

Sadly hAP ac² missed the upgrade. :(
i think, at this moment in time you can squeeze only as much as they did in that form factor.
by macgaiver
Wed May 30, 2018 3:55 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 498
Views: 66264

Re: v6.43rc [release candidate] is released!

Version 6.43rc21 has been released. *) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address; *) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only); *) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only); Things, j...
by macgaiver
Wed May 30, 2018 7:57 am
Forum: General
Topic: PCC loadbalace and Failover not correct. [SOLVED]
Replies: 3
Views: 176

Re: PCC loadbalace and Failover not correct. [SOLVED]

1) your implementation doesn't correspond with best practice example in manual 2) this is per address-pair load balancing (almost same as per connection load balancing), one connection can use only one gateway, so you will never be able to get speedtest aggregated on all 7 WANs - you need something ...
by macgaiver
Tue Apr 24, 2018 4:33 pm
Forum: Announcements
Topic: Significant improvement for 60 GHz solutions
Replies: 41
Views: 8828

Re: Significant improvement for 60 GHz solutions

@strods: does this apply to all units, since the beginning of product distributions or is it limited only to some HW version? I know it has been reached by SW modification and phase array patterns, just want to be sure it is not HW dependent. Thank you. Topic is clearly about software improvements
by macgaiver
Thu Mar 29, 2018 5:26 pm
Forum: General
Topic: RouterOS making unaccounted outbound winbox connections [SOLVED]
Replies: 60
Views: 12071

Re: RouterOS making unaccounted outbound winbox connections [SOLVED]

So far my testing show that only mipsbe devices are getting exploited. Anyone notice other architectures affected?

Also all of the devices actually required reboot to get the exploit part going, from what i read here i had idea that everything will happen straight away...
by macgaiver
Tue Mar 27, 2018 12:54 pm
Forum: General
Topic: RouterOS making unaccounted outbound winbox connections [SOLVED]
Replies: 60
Views: 12071

Re: RouterOS making unaccounted outbound winbox connections [SOLVED]

@macgaiver Isn't your proposal going hand-in-hand with the new sex trafficking law :-) ? https://www.wired.com/story/how-a-controversial-new-sex-trafficking-law-will-change-the-web/ I'm on the other side of the World, in here torrents and other file sharing is still at large, so some if not most re...
by macgaiver
Mon Mar 26, 2018 3:54 pm
Forum: General
Topic: RouterOS making unaccounted outbound winbox connections [SOLVED]
Replies: 60
Views: 12071

Re: RouterOS making unaccounted outbound winbox connections [SOLVED]

Don't you have a point in the user agreement, if they use Internet for illegal activities you have the right to disconnect them?

Allow only mikrotik.com domain for them until they have upgraded, and just redirect them to warning page that explains what is the problem.
Works like a charm here.
by macgaiver
Wed Mar 21, 2018 2:16 pm
Forum: RouterBOARD hardware
Topic: Can the CRS317 do LAG in hardware yet?
Replies: 3
Views: 297

Re: Can the CRS317 do LAG in hardware yet?

Thanks. I was trying to avoid using an 'rc' version in production. Can you give any clue as to when 6.42 will be released? When all the new features will be tested and confirmed, you should try it out on your test network, before 6.42 comes out. or else there is a big chance that in your setup some...
by macgaiver
Wed Mar 21, 2018 11:18 am
Forum: General
Topic: Queue tree problm
Replies: 14
Views: 538

Re: Queue tree problm

limit-at is guarantied traffic - it so guarantied that it "ignores" priority, parent's max limits etc. - it is just given to that queue. If some available bandwidth remains then queues will fight it out using priority.
by macgaiver
Wed Mar 21, 2018 10:41 am
Forum: RouterBOARD hardware
Topic: CSS326-24G-2S+RM and S-85DLC05D [SOLVED]
Replies: 1
Views: 219

Re: CSS326-24G-2S+RM and S-85DLC05D [SOLVED]

Yes! it is compatible with both.

in software you can also determine it by default interface names:

"sfp-sfpplus1" support both, "sfpplus1" is only SFP+ and "sfp1" is regular SFP.

as far as i can remember only CCR1016 had 10G only SFP+ port, other MikroTik devices usually support both speeds
by macgaiver
Tue Mar 20, 2018 3:21 pm
Forum: RouterBOARD hardware
Topic: hAP ac² - more RAM than in HW specification [SOLVED]
Replies: 50
Views: 6132

Re: hAP ac² - more RAM than in HW specification [SOLVED]

Please, insert in to Part Number a release code, p.e:
- release 1 with 128MB
- release 2 with 256MB

Like a RB750r2 and RB750Gr3....
Because they are different hardware.
Sure and double your effort with all the certifications all around the world... no thanks.
by macgaiver
Mon Mar 19, 2018 4:05 pm
Forum: RouterBOARD hardware
Topic: hAP ac² - more RAM than in HW specification [SOLVED]
Replies: 50
Views: 6132

Re: hAP ac² - more RAM than in HW specification [SOLVED]

I think you over-complicate things, sometimes it happens that during the manufacturing, some parts didn't arrive on time, doesn't pass the QC, or simply become unavailable. In those cases it is much more reasonable to use other, maybe even more expensive parts, than stop manufacturing process. These...
by macgaiver
Tue Mar 13, 2018 2:31 pm
Forum: General
Topic: 1Gb Bottleneck on a 10Gb SFP+ on CCR1072
Replies: 7
Views: 657

Re: 1Gb Bottleneck on a 10Gb SFP+ on CCR1072

Bandwidth test is limited to single CPU core, it can't generate more than ~2Gbps and even then with many connections.
by macgaiver
Tue Mar 13, 2018 1:35 pm
Forum: General
Topic: 1Gb Bottleneck on a 10Gb SFP+ on CCR1072
Replies: 7
Views: 657

Re: 1Gb Bottleneck on a 10Gb SFP+ on CCR1072

There are only one way to test 10Gbps connection in house: https://wiki.mikrotik.com/wiki/Manual:Performance_Testing_with_Traffic_Generator any external single connection tests like speedtest.com etc, because of round trip time will be limited to sub 1Gbps speeds anyway. There are only two ways to g...
by macgaiver
Thu Feb 08, 2018 12:50 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: "restrict upgrade from RouterOS older than v5.16" ?
Replies: 8
Views: 448

Re: "restrict upgrade from RouterOS older than v5.16" ?

When version gap is so large, you are better out with full Netinstall and configuration from 0 anyway.
by macgaiver
Tue Jan 23, 2018 6:03 pm
Forum: General
Topic: Help with No track Raw rule
Replies: 1
Views: 417

Re: Help with No track Raw rule

I usually do this
1) action=accept all traffic that needs NAT ( usually it is only traffic from local private subnets) in RAW table (it will send traffic to connection tracking - even if it is disabled)
2) disable connection tracking
3) build stateless firewall
by macgaiver
Tue Jan 23, 2018 2:54 pm
Forum: General
Topic: selective accept before fasttrack does not disable fasttrack, what am I doing wrong? [SOLVED]
Replies: 3
Views: 235

Re: selective accept before fasttrack does not disable fasttrack, what am I doing wrong? [SOLVED]

Are you talking about dynamic one? or static one? Dynamic is not actually a rule it is just a placeholder to indicate that some of the packets doesn't get to your firewall at all as they are fasttracked. you need to find action=fasttrack-connection rule and place your rules before it. then you need ...
by macgaiver
Wed Jan 10, 2018 2:05 pm
Forum: Announcements
Topic: v6.41 [current]
Replies: 304
Views: 53809

Re: v6.41 [current]

Just want to say good job on the HW offload functions. I managed to get this onto my "old" RB750 which sits on my desk at work and the offload makes a huge difference from 1 interface to another so hopefully this amazing performance increase scales up to far larger switches. CPU usage was also down...
by macgaiver
Mon Dec 18, 2017 10:41 am
Forum: Wireless Networking
Topic: Can't change country
Replies: 9
Views: 740

Re: Can't change country

Just a hint :) - Netinstall, have a nice feature to un-check "keep old configuration " and "Apply default config" option ;)
by macgaiver
Thu Dec 14, 2017 4:52 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: [exploit-db.com] MikroTik 6.40.5 ICMP - Denial of Service
Replies: 16
Views: 2352

Re: [exploit-db.com] MikroTik 6.40.5 ICMP - Denial of Service

I'm sorry, for jumping in, but there are few points i would like to contribute. 1) There are 2 kinds of routers out there - a) hardware accelerated - limited number of features, but @ wire speed b) regular processing - many features, limited CPU and RAM processing resoursces Fasttrack is software fe...
by macgaiver
Wed Dec 13, 2017 12:49 pm
Forum: General
Topic: TCP Port NAT log
Replies: 1
Views: 161

Re: TCP Port NAT log

UDP/443 is Google QUIC protocol
https://en.wikipedia.org/wiki/QUIC
by macgaiver
Fri Dec 08, 2017 8:08 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Interface packet Drops on an octacore xeon with intel nics
Replies: 31
Views: 13379

Re: Interface packet Drops on an octacore xeon with intel ni

What about Tx Drops ? OMG that was 5 years old post :) TX drop is much more rare, imagine you have 1Gbps and 100Mbps interfaces on your router and you are trying to receive 200Mbps on Gbps interface and send it out on 100Mbps interface, 1Gpbs will have no problem receiving 200Mbps, and at that poin...
by macgaiver
Wed Dec 06, 2017 7:13 am
Forum: General
Topic: Fasttrack & queue tree non-global queues
Replies: 4
Views: 884

Re: Fasttrack & queue tree non-global queues

AS manual stated - firewall rules (including your packet marks) are skipped, only mark you can use is default "no-mark"
by macgaiver
Mon Nov 27, 2017 7:58 am
Forum: General
Topic: Simple queue drop question
Replies: 18
Views: 1039

Re: Simple queue drop question

p2p option was capturing lots of false positives, so it was removed, i suggest to get rid of any configuration that uses those options.
by macgaiver
Tue Oct 17, 2017 1:20 pm
Forum: General
Topic: Did Fasttrack break with recent updates?
Replies: 6
Views: 729

Re: Did Fasttrack break with recent updates?

Routing mark doesn't work on fasttracked traffic, it need to be excluded from the fasttrack-connection rule.
by macgaiver
Tue Oct 17, 2017 12:23 pm
Forum: Announcements
Topic: RouterOS (v6.39.3, v6.40.4, v6.41rc) NOT affected by WPA2 vulnerabilities
Replies: 58
Views: 91701

Re: RouterOS (v6.39.3, v6.40.4, v6.41rc) NOT affected by WPA2 vulnerabilities

802.11/nstreme client (all station modes)
So all client that use nstreme in station-bridge mode need to be upgraded too??
Thanks
Sorry, but "all station modes" mean "all station modes" :)
by macgaiver
Tue Oct 03, 2017 5:58 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: CCR 100% on all cores, Queue tree -PCQ
Replies: 5
Views: 2189

Re: CCR 100% on all cores, Queue tree -PCQ

Separate your local network in separate smaller subnets, and have queue for each subnet.
by macgaiver
Thu Sep 14, 2017 5:20 pm
Forum: Announcements
Topic: Newsletter 78 with 1GBPS WIRELESS PRODUCT ANNOUNCEMENT!
Replies: 109
Views: 23838

Re: Newsletter 78 with 1GBPS WIRELESS PRODUCT ANNOUNCEMENT!

I would really prefer if you did not announce the prices ... Local distributors here are selling Mikrotik gear way times more expensive, for example RB1100AHX4 is currently 570$ or 475$ before taxes, so it is pretty announcing to find out that we are being robbed like that, it is better just not to...
by macgaiver
Thu Sep 14, 2017 4:28 pm
Forum: Announcements
Topic: Newsletter 78 with 1GBPS WIRELESS PRODUCT ANNOUNCEMENT!
Replies: 109
Views: 23838

Re: Newsletter 78 with 1GBPS WIRELESS PRODUCT ANNOUNCEMENT!

Wow some awesome new products :) The S+RJ10 SFP module is pretty interesting for the price.I remember buying a ProLabs one , for about 10 times the price last year. Indeed!!! Just to be sure - MT didn't you forget to add one digit ("1", "2" or even "3") in front of S+RJ10 "$65" price??? I got pair ...
by macgaiver
Tue Sep 05, 2017 2:56 pm
Forum: RouterBOARD hardware
Topic: 10G switch with RJ45?
Replies: 13
Views: 2404

Re: 10G switch with RJ45?

I think only thing that is missing is (100M/1G/2.5G/5G/10GBASE-T) RJ45 SFP+ module, then we can use any SFP+ only device.
by macgaiver
Tue Aug 29, 2017 3:30 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 100927

Re: v6.41rc [release candidate] is released! New bridge implementation!

What's new in 6.41rc20 (2017-Aug-29 06:41):
uuuu, winbox support for new bridge implementation....
by macgaiver
Tue Aug 22, 2017 8:22 am
Forum: General
Topic: EoIP tunnel not getting 1500 MTU [SOLVED]
Replies: 13
Views: 2437

Re: EoIP tunnel not getting 1500 MTU [SOLVED]

Set MTU on your EOIP tunnels interfaces to 1500.
by macgaiver
Wed Aug 16, 2017 12:16 pm
Forum: General
Topic: RB1200 NAT performance (throughput)
Replies: 10
Views: 1234

Re: RB1200 NAT performance (throughput)

Hello guys! I manage a RB1200 router, and since it has all GigE ports I assumed it has enough routing capacity for them. But once we upgraded our WAN link to 500 Mbps, RB1200 started hitting the CPU peak (100%) at approximately 200 Mbps. I tested the same link with Apple AirPort (a home router!) - ...
by macgaiver
Tue Aug 15, 2017 1:22 pm
Forum: Announcements
Topic: FastTrack - New feature in 6.29
Replies: 236
Views: 119910

Re: FastTrack - New feature in 6.29

New ISSUE: Fasttrack causes errors with IPTV HLS. If is used Fasttrack , IPTV does not Work.... in all versions.of RoS vhere is it What do you mean by "IPTV HLS"? can you be more precise? i have no issues with my IPTV and Fastpath? If you use Fasttrack then this traffic is NATed?? There are not eno...
by macgaiver
Thu Aug 03, 2017 3:55 pm
Forum: Announcements
Topic: Wireless link calculator updated
Replies: 67
Views: 18076

Re: Wireless link calculator updated

1) Manual height override for both points (or mast height)

2) on the sea don't allow to go into negative height :)

3) allow to place link on left-mouse click, so you don't have to search where did you left your link previously :)
by macgaiver
Mon Jul 31, 2017 9:13 am
Forum: RouterBOARD hardware
Topic: RB1100AHx4 vs CCR series for core/distribution?
Replies: 10
Views: 2528

Re: RB1100AHx4 vs CCR series for core/distribution?

Ok, let's start again. Blank standard RB1100AHx4 routers. Router1 - port 6 (IP address: 10.0.0.1/30) connected to Router 2 - port 6 (IP address: 10.0.0.2/30), Cat6 patch. Nothing else configured. Router 1 -> Tools -> BTest Server -> Enabled Router 2 -> Tools -> Bandwidth Test -> Test to: 10.0.0.1 (...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 33