Community discussions

MikroTik App

Search found 310 matches

  • 1
  • 2
by troy
Tue Jun 23, 2020 1:04 pm
Forum: Announcements
Topic: Winbox v3.24 released!
Replies: 106
Views: 56464

Re: Winbox v3.24 released!

Having an issue with zoom settings in both 32 and 64 bit versions after upgrading from 3.20 to 3.24. I saw something in the change log about fixing zoom settings in 3.22, but honestly, I never had an issue until upgrading past that version. No matter what I do, Winbox will not save my zoom settings ...
by troy
Thu Jan 23, 2020 9:32 pm
Forum: General
Topic: Winbox Security: Password Stored in clear text format
Replies: 8
Views: 42073

Re: Winbox Security: Password Stored in clear text format

Hey Normis... it's been 6 years. Any word on adding some security to Winbox?
by troy
Mon Dec 30, 2019 2:38 pm
Forum: General
Topic: Dual Stack PCQ?
Replies: 5
Views: 1324

Re: Dual Stack PCQ?

Been a couple years... not even so much as a whisper from MT?

Surely we're not the only ISP needing dual stack PCQ. With a little over 1000 wireless subs, it's way too labor intensive to handle bandwidth on the CPE or with individual queues.
by troy
Wed Dec 04, 2019 11:07 pm
Forum: Forwarding Protocols
Topic: OSPF did a thing...
Replies: 4
Views: 2184

Re: OSPF did a thing...

That's kind of my guess to.

As for limited info... you see what I see. Restarting the process on R1 resolved the issue and I'm unable to reproduce it to get a debug log, so there's that.
by troy
Mon Dec 02, 2019 4:57 am
Forum: Forwarding Protocols
Topic: OSPF did a thing...
Replies: 4
Views: 2184

Re: OSPF did a thing...

Router 2 (CCR1009-7G-1C-1S+):: /routing ospf instance set [ find default=yes ] redistribute-connected=as-type-1 redistribute-static=as-type-1 router-id=172.23.0.2 /routing ospf network add area=backbone network=123.45.67.90/30 ... dec/01 21:01:44 route,ospf,info OSPFv2 neighbor 172.23.0.1: state cha...
by troy
Mon Dec 02, 2019 4:55 am
Forum: Forwarding Protocols
Topic: OSPF did a thing...
Replies: 4
Views: 2184

OSPF did a thing...

So, OSPF did a thing. Not really understanding it. Nothing useful in the logs. Routers are connected by a 1M ethernet patch cable. Both running 6.44.5. Both have uptime of 130 days. OSPF config is about as simple as it gets and is unchanged in the 4-5 years these routers (and their predecessors) hav...
by troy
Mon Nov 18, 2019 6:28 pm
Forum: General
Topic: 2.5G Networking?
Replies: 2
Views: 693

Re: 2.5G Networking?

160 views, no replies. Does nobody know about 2.5G network support?
by troy
Fri Nov 15, 2019 6:32 pm
Forum: General
Topic: 2.5G Networking?
Replies: 2
Views: 693

2.5G Networking?

So, I'm seeing that ROS has some new options, but I'm having trouble making sense out of them and also getting them to work. /interface ethernet> set 3 advertise= 10M-full 10M-half 100M-full 100M-half 1000M-full 1000M-half 2500M-full 5000M-full 10000M-full /interface ethernet> set 3 speed= 1Gbps 10G...
by troy
Tue Apr 09, 2019 1:54 pm
Forum: Announcements
Topic: v6.43.14 [long-term] is released!
Replies: 29
Views: 14227

Re: v6.43.14 [long-term] is released!

DHCP issue confirmed on 1036-8G-2S+

No issues on 1009-7G-1C-1S+

Tried to pull a SUP file on the 1036's but it hung at 1%.

Hundreds of leases on those 1036's... this is not going to be fun.

MT, what's going on here?
by troy
Wed Jan 17, 2018 6:52 pm
Forum: General
Topic: [ASK] multi DHCP servers for failover purpose
Replies: 6
Views: 5049

Re: [ASK] multi DHCP servers for failover purpose

Great little script for that... appreciate it!

pe1chl, it's necessary because many of us make the leases static for IP assignment, rate limiting, or address-list assignments. Probably other reasons too...
by troy
Fri Dec 29, 2017 5:56 pm
Forum: General
Topic: Dual Stack PCQ?
Replies: 5
Views: 1324

Re: Dual Stack PCQ?

Over 200 views in the last 6 months, and still no answer? Surely we're not the only MT-based ISP in the world that wants to roll out IPv6... All the information is there... it just needs to be put together! The IPv4 DHCP servers has a MAC address that could easily be associated with the PCQ bucket, ...
by troy
Tue Oct 03, 2017 10:38 pm
Forum: RouterBOARD hardware
Topic: CCR-1036-8G-2+ Crashing!
Replies: 3
Views: 1214

Re: CCR-1036-8G-2+ Crashing!

Finally got my hands on the unit... The PSU is pushing 24.2V. The router itself will not power up. Very weak sounding beep every few seconds. Serial console gives me the "Press any key.." message repeatedly. Some times I can get to the menu, sometimes I can't. Guess it's a goner. Anyone know if it's...
by troy
Sun Oct 01, 2017 11:14 pm
Forum: RouterBOARD hardware
Topic: CCR-1036-8G-2+ Crashing!
Replies: 3
Views: 1214

Re: CCR-1036-8G-2+ Crashing!

Eeks! [me@myrouter] > sys health pr fan-mode: auto use-fan: main active-fan: main use-fan2: main active-fan2: main cpu-overtemp-check: yes cpu-overtemp-threshold: 100C cpu-overtemp-startup-delay: 1m voltage: 16.2V current: 2771mA temperature: 36C cpu-temperature: 56C power-consumption: 44.9W fan1-sp...
by troy
Sun Oct 01, 2017 6:03 pm
Forum: RouterBOARD hardware
Topic: CCR-1036-8G-2+ Crashing!
Replies: 3
Views: 1214

CCR-1036-8G-2+ Crashing!

Router started crashing this past week. Tried to update firmware to 6.38.7 and 6.40.3. During download, router crashed. Tried again, download finished, router rebooted, but would not update. Tried 3 more times, router crashed part way through download. Replacement on the way, but will be Tuesday bef...
by troy
Thu Jun 22, 2017 8:05 pm
Forum: Forwarding Protocols
Topic: MPLS/VPLS Public Statics
Replies: 5
Views: 1423

Re: MPLS/VPLS Public Statics

Thanks for your reply Troy. It was very helpful. I'm still a little confused but it's coming together. I had a few questions about your config on the end point /mpls ldp interface add interface=ether1 add interface=ether2 add interface=sfp1 /interface bridge port add bridge=LAN_Bridge horizon=1 int...
by troy
Thu Jun 22, 2017 3:09 am
Forum: General
Topic: Scan but no ARP?
Replies: 2
Views: 977

Re: Scan but no ARP?

What's the overall issue? Connectivity issues? I guess you can say that. ROS is refusing to see that one IP address in the middle of the subnet. It can see every other IP address I put on the target host, just not that one. So given a /28 subnet, .0 is the network address, .15 is the broadcast addr...
by troy
Wed Jun 21, 2017 12:26 am
Forum: General
Topic: Scan but no ARP?
Replies: 2
Views: 977

Scan but no ARP?

CCR1036-8G-2S+, 6.36.3. No, we'll not be updating it for something this stupid. Trying to add a host on the subnet. It can see every other host on the subnet, every other host can see it. The address does not show up in the arp table, though every other address in the subnet does, even those not bei...
by troy
Fri Jun 02, 2017 5:59 pm
Forum: Forwarding Protocols
Topic: Making a static route
Replies: 1
Views: 675

Re: Making a static route

Did you read the manual? It's pretty basic stuff.

https://wiki.mikrotik.com/wiki/Manual:IP/Route
/ip route add dst-address=192.168.200.0/24 gateway=172.16.147.40
by troy
Thu Jun 01, 2017 9:10 pm
Forum: Forwarding Protocols
Topic: MPLS/VPLS Public Statics
Replies: 5
Views: 1423

Re: MPLS/VPLS Public Statics

+1 on a diagram, but from the configs you posted, you've got a ways to go. It would also help if you were to use [code/] tags to make your configs more readable. In your VPLS config, you need to specify a unique vpls-id for each tunnel and generally speaking, endpoints do not need to connect to each...
by troy
Thu Jun 01, 2017 7:06 pm
Forum: General
Topic: Dual Stack PCQ?
Replies: 5
Views: 1324

Re: Dual Stack PCQ?

BUMP... 77 views, no replies.

Surely I'm not the only one looking for this solution and surely someone has figured it out by now.

We would really prefer not to ditch PCQ, but we need a way to ensure that we can still manage bandwidth for our dual-stack customers.

Thanks!
by troy
Tue May 30, 2017 8:35 pm
Forum: General
Topic: Dual Stack PCQ?
Replies: 5
Views: 1324

Dual Stack PCQ?

Getting ready to roll out IPv6 and trying to figure out bandwidth bandwidth. How does one go about associating a customer's IPv4 address with their IPv6 prefix so that their bandwidth still lands in the same PCQ queue?
by troy
Thu Feb 11, 2016 8:41 pm
Forum: General
Topic: Public-Mikrotik-Bandwidth-Test-Server(s)
Replies: 645
Views: 571588

Re: Public-Mikrotik-Bandwidth-Test-Server

Tom, This couldn't come at a better time. We're getting ready to turn up a new 1Gbe connection, and it will be very nice to actually be able to test it. For the firewall, here are 2 simple rules that will limit the number of tests that can be performed /ip firewall filter add action=reject chain=inp...
by troy
Thu Feb 11, 2016 8:27 pm
Forum: RouterBOARD hardware
Topic: Can't find a CCR1072-8G-8S-4S+ or similar
Replies: 2
Views: 973

Can't find a CCR1072-8G-8S-4S+ or similar

Working on upgrading one of our core stacks, and am a bit frustrated because I can't seem to find a CCR1072-8G-8S-4S+ anywhere. Any plans for it or something similar?

Looks like we'll be going with the 1G-8S+, though it's not exactly what we're looking for at this time.
by troy
Wed Feb 10, 2016 10:24 pm
Forum: General
Topic: Public-Mikrotik-Bandwidth-Test-Server(s)
Replies: 645
Views: 571588

Re: Public-Mikrotik-Bandwidth-Test-Server

Very cool. Testing Seattle(?) to Virginia: [me@myrouter] > tool bandwidth-test 207.32.195.2 ... direction=receive remote-tx-speed=200M duration=30 status: done testing duration: 31s rx-current: 199.9Mbps rx-10-second-average: 199.9Mbps rx-total-average: 199.9Mbps lost-packets: 0 random-data: no dire...
by troy
Thu Feb 04, 2016 1:44 am
Forum: General
Topic: Multiple feature requests for firewall
Replies: 8
Views: 1903

Re: Multiple feature requests for firewall

Not really an ASA guy, per se, though I have a couple and find some of the features of the ASA very nice to work with. As for the whole protocol stuff, I'm just going on what I find when searching google for "iptables address list," which comes back with several results, all of which suggest that it...
by troy
Wed Feb 03, 2016 5:21 pm
Forum: General
Topic: Multiple feature requests for firewall
Replies: 8
Views: 1903

Re: Multiple feature requests for firewall

When you say "underlying code," I presume that you're talking about the kernel? In that case, s/any/all: [!] -p, --protocol protocol The protocol of the rule or of the packet to check. The specified protocol can be one of tcp, udp, udplite, icmp, icmpv6,esp, ah, sctp, mh or the special keyword "all"...
by troy
Wed Feb 03, 2016 3:07 am
Forum: General
Topic: Microtik CCR1009 w/UniFi AC PRO AP - tagged VLANs and mutli DHCP issue
Replies: 3
Views: 930

Re: Microtik CCR1009 w/UniFi AC PRO AP - tagged VLANs and mutli DHCP issue

By putting everything into a bridge, you're combining the two VLANs and the parent interface into a single broadcast domain, which is exactly the opposite of what you want. Drop the bridge, and you're there.
by troy
Tue Feb 02, 2016 7:41 pm
Forum: General
Topic: Multiple feature requests for firewall
Replies: 8
Views: 1903

Re: Multiple feature requests for firewall

I knew I had more than just those, but these are just to make a config more readable. Feature #3: Support adding an address list to an address list. /ip firewall address-list add list=ThisNet address=192.168.0.0/24 add list=ThatNet address=192.168.1.0/24 add list=AllNets address-list=ThisNet add lis...
by troy
Tue Feb 02, 2016 5:08 pm
Forum: General
Topic: Multiple feature requests for firewall
Replies: 8
Views: 1903

Multiple feature requests for firewall

First request should be dead simple. Add a parameter so we can add comments when adding an address to an address list: /ip firewall filter add action=add-src-to-address-list address-list=blacklist address-list-comment="SSH Brute Force" \ address-list-timeout=1w chain=ssh ... Second, would be a tool ...
by troy
Sun Jan 31, 2016 2:01 am
Forum: Forwarding Protocols
Topic: Disabling interface causes routing to crash?
Replies: 3
Views: 1051

Re: Disabling interface causes routing to crash?

Zero, my thoughts exactly. Honestly though, I don't remember if I disabled the interface, or deleted it (it was a VLAN). However, it did this twice. The first time, I didn't disable or delete, I moved the vlan from one trunk port to another, expecting a fraction of a split-second interruption while ...
by troy
Tue Jan 26, 2016 1:43 am
Forum: General
Topic: No IPv6 route?
Replies: 1
Views: 568

No IPv6 route?

Trying to learn how IPv6 works, and as long as I stick with MT, it's going pretty well. I have a /64 and a /48 from the Tunnel Broker. I configured the /64 on my MT router: /ipv6 address add address=2001:470:7:beef::2 advertise=no interface=sit1 add address=2001:470:dead::1 interface=LAN /ipv6 firew...
by troy
Tue Jan 26, 2016 1:01 am
Forum: Forwarding Protocols
Topic: Disabling interface causes routing to crash?
Replies: 3
Views: 1051

Disabling interface causes routing to crash?

Had a test router (RB450G) attached to a CCR1036-12G-4S. BGP up and running, working as pretty as you please. Needed to turn it off to check something else, so I disabled the interface on the CCR. This caused the routing process to crash. Only option was to reboot the CCR, which took about 4x longer...
by troy
Thu Jan 21, 2016 5:27 pm
Forum: General
Topic: Need a sanity check on a queue tree
Replies: 1
Views: 1020

Need a sanity check on a queue tree

I've been building queue trees for ages, but I'm second guessing myself on this one, perhaps because it seems too simple to work as expected. Total bandwidth is 50/10. On the SIP queues, I'm not 100% sure if I need to specify bandwidth at all. I'm thinking that if the sum of the other queues has a l...
by troy
Fri Sep 25, 2015 5:42 pm
Forum: General
Topic: Bandwidth not exceeding 75Mbit/s through Queue Tree & PCQ
Replies: 4
Views: 1566

Re: Bandwidth not exceeding 75Mbit/s through Queue Tree & PCQ

Not sure where you're headed with that, but the wireless link is half duplex, just like what most people here are using. It's from another vendor, but that's beside the point. It's been a long time since testing an unloaded link, but I want to say it was pushing right at 180 in each direction tested...
by troy
Thu Sep 24, 2015 11:51 pm
Forum: General
Topic: Bandwidth not exceeding 75Mbit/s through Queue Tree & PCQ
Replies: 4
Views: 1566

Bandwidth not exceeding 75Mbit/s through Queue Tree & PCQ

A quick network diagram: http://i.imgur.com/0G28KLW.png Queue tree (below) is on CCR2. We did some testing both inside and outside the queue tree. Inside the queue tree, tests to CCR3 max out at 140Mbit/s, exactly where it should be. Outside the queue tree, bandwidth maxes out at about 160Mbit/s. Th...
by troy
Fri Aug 07, 2015 2:32 pm
Forum: General
Topic: I'm an idiot, but so is the TCP/IP stack
Replies: 4
Views: 865

Re: I'm an idiot, but so is the TCP/IP stack

You are right, it is working as expected, it's selecting the first matching address on the interface. The unpredictable part, is that we have no way of knowing or controlling which address is/was bound first at boot time. Presumably it's in whatever order the config has been written, but we have no ...
by troy
Fri Aug 07, 2015 3:03 am
Forum: General
Topic: I'm an idiot, but so is the TCP/IP stack
Replies: 4
Views: 865

I'm an idiot, but so is the TCP/IP stack

I had to temporarily create an overlapping subnet (yes, yes, I know...) until the DHCP server cycles through. I have the following addresses on a single interface: 12.34.56.1/24 12.34.56.241/28 When sending an ARP request for 12.34.56.242, it's asking for a reply to 12.34.56.1, which some devices wi...
by troy
Fri Jul 10, 2015 10:22 pm
Forum: General
Topic: SNMP Timeout
Replies: 1
Views: 1085

SNMP Timeout

Been getting a lot of SNMP timeouts lately. FreeBSD/Nagios has been up and running for 60 days. Mikrotik CCR has been up and running for 42 weeks (nope, no updates for a long time). Today, we keep getting alarms that SNMP is timing out. I try it from the command line, and I get this: $ snmpwalk -v2c...
by troy
Mon Jun 01, 2015 4:07 pm
Forum: General
Topic: dhcp server not saving address list information
Replies: 2
Views: 705

Re: dhcp server not saving address list information

Yeah, not everyone is willing to upgrade at the drop of a hat. With that said, the issue with the DHCP server saving the dynamic address list information has been resolved in subsequent firmware releases. And yeah, I know not everything gets documented in the changelog. This is probably one of the o...
by troy
Tue May 12, 2015 10:58 pm
Forum: General
Topic: dhcp server not saving address list information
Replies: 2
Views: 705

dhcp server not saving address list information

Trying to prepare a network for the eventual migration to Radius authentication, but I'm running into a problem with the DHCP server saving address list information with static leases. [admin@CCR] > /ip dhcp-server lease print Flags: X - disabled, R - radius, D - dynamic, B - blocked # ADDRESS MAC-A...
by troy
Tue May 12, 2015 10:50 pm
Forum: Forwarding Protocols
Topic: VPLS stops working 1-way
Replies: 6
Views: 2197

Re: VPLS stops working 1-way

I've not found a solution to this yet, but I've also not had this particular issue come up. It does sound, however, like you're having a much different problem. You might want to start a new thread and post the output from the following commands from R2 (the one in the middle): /ip export /mpls expo...
by troy
Wed Apr 22, 2015 4:10 pm
Forum: General
Topic: packet sniffer stops unexpectedly
Replies: 0
Views: 470

packet sniffer stops unexpectedly

So, I've been using the packet sniffer and Wireshark much more over the last few months. It's a great combination to see what's going on in the network. However, I keep running into an issue where the packet sniffer stops unexpectedly. I do not know if it stops sniffing, stops streaming, or both. Th...
by troy
Mon Apr 20, 2015 7:16 pm
Forum: Forwarding Protocols
Topic: VPLS stops working 1-way
Replies: 6
Views: 2197

Re: VPLS stops working 1-way

Here's a quick diagram of the part of the network that is affected. There is a VPLS tunnel between the Gateway and each site carrying VLAN traffic. The smallest link, the RB433 between YORK and PTLO is only used if other links break. http://i.imgur.com/rsLM66H.png Packet sniffing is a good idea, how...
by troy
Mon Apr 20, 2015 7:07 pm
Forum: General
Topic: cannot access certain websites
Replies: 2
Views: 970

Re: cannot access certain websites

Please post your PCC configuration. /ip mangle export compact If you're using address and ports as the classifier, it will break HTTPS which doesn't like having sessions coming in from multiple IP addresses, which will happen since the browser will open multiple connections to the server, each with ...
by troy
Mon Apr 20, 2015 7:02 pm
Forum: General
Topic: RB Configuration
Replies: 1
Views: 546

Re: RB Configuration

You probably want to check out PCC, which will load balance your traffic reasonably well (the more traffic, the better the balancing).

To ensure that certain devices always use a specific WAN, mark their connections before the PCC rules.
by troy
Mon Apr 20, 2015 6:57 pm
Forum: Forwarding Protocols
Topic: VLANs over P2P Ubiquiti Wireless Link
Replies: 2
Views: 1108

Re: VLANs over P2P Ubiquiti Wireless Link

Try configuring static IP addresses and see if you can pass traffic. If so, the problem is with your DHCP server. Ensure that the Rockes have WDS Transparent Bridge enabled. Without this, the MAC addresses get rewritten and that can cause issues with DHCP. For more help, please post the IP configura...
by troy
Mon Apr 20, 2015 6:48 pm
Forum: Wireless Networking
Topic: Which product should I choose
Replies: 4
Views: 922

Re: Which product should I choose

For the outdoor PTP link, consider the 5Ghz SXT to get away from the noise of 2.4Ghz. Do your calculations, if your distance is further than the SXT can handle, then buy the radios and appropriately sized antennas separately. For the indoor APs, consider the cAP 2n and the CRS125 as the switch. I've...
by troy
Mon Apr 20, 2015 3:36 pm
Forum: Beginner Basics
Topic: CCR cant RDP to virtual maxhines
Replies: 1
Views: 616

Re: CCR cant RDP to virtual maxhines

gradash, Run torch to see if you see the RDP traffic going in and out on the appropriate interfaces. You can also run the packet sniffer on the CCR and stream to Wireshark (filter: udp port 37008). This may enable you to see what's going on. It would be helpful to see the MT config. Export your IP c...
by troy
Mon Apr 20, 2015 2:30 pm
Forum: Wireless Networking
Topic: VLANs and Virtual AP's
Replies: 30
Views: 44071

Re: VLANs and Virtual AP's

cmanciu, Until and/or unless Serge comes back to tell us how to do this with the bridge firewall, I think you're stuck doing it the other way. So, you have your VAPs created, the only thing left is to bridge them to your VLANs. /interface wireless add master-interface=wlan1 name=wlan1.10 ssid=ssid10...
by troy
Mon Apr 20, 2015 1:27 am
Forum: Forwarding Protocols
Topic: VPLS stops working 1-way
Replies: 6
Views: 2197

Re: VPLS stops working 1-way

One or two of those tunnels might be passing through a RB435G, so 1520. Most of the PTP links are UBNT Rockets with the MTU set to 1600. It's not an MTU issue, full 1500 byte packets pass without issue. The issue here, is that the traffic just up and stops flowing in one direction (Tx from a CCR-103...
by troy
Sat Apr 18, 2015 6:37 pm
Forum: Forwarding Protocols
Topic: VPLS stops working 1-way
Replies: 6
Views: 2197

VPLS stops working 1-way

Well, color me stupid. I forgot (again) to get a supout before "fixing" it. We have 13 VPLS tunnels, some of which are misbehaving. in that they will stop transmitting in one direction. Bouncing the offending interface will resolve the issue. No reboots, reconfigurations, or other interventions are ...
by troy
Wed Apr 01, 2015 8:50 pm
Forum: Wireless Networking
Topic: VLANs and Virtual AP's
Replies: 30
Views: 44071

Re: VLANs and Virtual AP's

cmanciu, I went looking for information on how to use bridge nat to assign a new VLAN id, but it does not appear to be possible. Perhaps sergejs can come back and provide us with a working example. I think Tom provided similar scenario, but interesting way to accomplish your scenario would be: - cre...
by troy
Thu Feb 26, 2015 9:46 pm
Forum: General
Topic: Help understanding ipsec
Replies: 3
Views: 1181

Re: Help understanding ipsec

Feklar, Thanks! I actually got this done in a lab environment as you were responding! I think I was getting hung up by trying to do too much at one time , being afraid to muck up a production network, and being too stubborn and lazy by not setting up a lab to begin with. Anyways, once I got the NET-...
by troy
Wed Feb 25, 2015 10:27 pm
Forum: General
Topic: Help understanding ipsec
Replies: 3
Views: 1181

Help understanding ipsec

I'm probably being really dense about this, but there's something about IPSEC that I'm just not understanding. I can't even seem to figure it out enough to ask the right question, so here goes... How do I replace this GRE tunnel with an IPSEC policy? http://i.imgur.com/uHfquAy.png The remote side is...
by troy
Wed Feb 11, 2015 5:18 pm
Forum: General
Topic: Zabbix Template
Replies: 17
Views: 25290

Re: Zabbix Template

Definately not using this myself anymore, but I'm not sure where the extra lines could be coming from. The only thing the script should be spitting out is an integer value: printf("%d\n",$return); The newlines are probably coming from PHP and how it's handling the script, or possibly due to some ext...
by troy
Wed Feb 04, 2015 6:39 pm
Forum: General
Topic: "Mangement" process with high CPU usage
Replies: 0
Views: 663

"Mangement" process with high CPU usage

Anyone know what, exactly, the management process includes? I have a RB1100 (single core) doing NAT routing and PCQ in a Queue Tree for about 400 users sharing 75Mbit/s. The CPU load will hover at around 80-90% for hours during prime time. The Queue and Firewall processes each run at 5-10%. We are r...
by troy
Thu Nov 20, 2014 12:55 pm
Forum: General
Topic: Zabbix Template
Replies: 17
Views: 25290

Re: Zabbix Template

Masi, I kinda gave up on Zabbix for the time being. In fact, I've not looked at it for quite some time. However, the error you report sounds like a problem with the mtStatus script, which has absolutely no error checking and only a very minimum of data manipulation. It's also only used for getting s...
by troy
Mon Oct 13, 2014 8:03 pm
Forum: General
Topic: Critique on DNS blacklist
Replies: 0
Views: 850

Critique on DNS blacklist

Based on the wonderful work by other users in automatically blocking SSH and FTP brute force attacks, here's a short config I came up with to block DNS attacks. I'm not sure yet what the rate should be, but it did manage to halt an amplification attack in just a few seconds. add action=drop chain=fo...
by troy
Sun Oct 12, 2014 5:46 pm
Forum: Wireless Networking
Topic: VLANs and Virtual AP's
Replies: 30
Views: 44071

Re: VLANs and Virtual AP's

I can ping 192.168.10.2 but no one can connect to wifi on wlan2. In 'bridge->ports' window wlan2 marked as a disabled port. Why? Where is my mistake? Please help me to solve this problem!!! Inactive interfaces will be marked as disabled in the bridge. Ethernet ports are inactive and disabled in the...
by troy
Mon Sep 29, 2014 5:36 pm
Forum: Wireless Networking
Topic: RB Metal AP stability
Replies: 26
Views: 12226

Re: RB Metal AP stability

Wow! 16 months later, we have a solution?

Too bad we ditched virtually all our MT wireless stuff in favor of the other guys. Still rocking the MT routers though, way more than I care to count!
by troy
Mon Sep 29, 2014 5:26 pm
Forum: Wireless Networking
Topic: VLANs and Virtual AP's
Replies: 30
Views: 44071

Re: VLANs and Virtual AP's

Following up... I just took over a network that has a number of MT routers (CCR and RB1100) that are configured with the VLANs directly on the ethernet interfaces. It seems to work just fine. I guess the person who set it up had a magic touch. It's scary though. One such interface is currently passi...
by troy
Mon Sep 29, 2014 5:15 pm
Forum: Virtualization
Topic: 10G support on VMware?
Replies: 9
Views: 5335

Re: 10G support on VMware?

Not to detract from VMWare, which I use on a few networks, but having support for Hyper-V would also be a welcome enhancement.
by troy
Mon Sep 29, 2014 5:12 pm
Forum: Virtualization
Topic: Microsoft Hyper-V and RouterOS X86 6.19
Replies: 5
Views: 5081

Re: Microsoft Hyper-V and RouterOS X86 6.19

Janisk, Can you tell us if you're working on adding support for Hyper-V? IMO, MT could do some really cool things in terms of switching and routing in the virtual network. Take a look at what Cisco is doing with their Nexus 1000v product, it is pretty amazing. I don't know if MT could ever compete a...
by troy
Mon Jul 21, 2014 2:53 am
Forum: General
Topic: Job Position in NYC
Replies: 1
Views: 878

Re: Job Position in NYC

Wow, from the job description and the info on your site, it looks like an amazing opportunity. Too bad I'm looking to get out of this town of 10,000 to something even more rural. NYC just ain't for me. :)
by troy
Tue Jul 15, 2014 6:27 pm
Forum: Wireless Networking
Topic: Connect 2.4Ghz Grid Antenna to 5Ghz RB433
Replies: 20
Views: 3778

Re: Connect 2.4Ghz Grid Antenna to 5Ghz RB433

@Jarda, I never said I would recommend it, just that it would work (however poorly).

@plisken, you're right, the SWR is too high, but didn't not consider that this would damage the radio, was only thinking from a tuning aspect.
by troy
Mon Jul 14, 2014 10:02 pm
Forum: General
Topic: Looking for a suggestion for a x86 SBC for RouterOS
Replies: 10
Views: 2496

Re: Looking for a suggestion for a x86 SBC for RouterOS

Not sure what you mean by "USB based," but there are several ATOM systems that would work. Some have dual ethernet ports, some will require adding an interface card. You may also want to take a look at the APU or ALIX boards from PC Engines. For lower power applications, you probably want to avoid x...
by troy
Mon Jul 14, 2014 9:28 pm
Forum: Wireless Networking
Topic: Connect 2.4Ghz Grid Antenna to 5Ghz RB433
Replies: 20
Views: 3778

Re: Connect 2.4Ghz Grid Antenna to 5Ghz RB433

FWIW, I had a tower climber do this on accident. The signal was was considerably lower than expected, but the link did work. Electrically speaking, the antenna will work (it puts the appropriate load on the transmitter), but you will never get the performance you would otherwise expect to get, as it...
by troy
Mon Jul 14, 2014 9:22 pm
Forum: General
Topic: Router Login with Multiple Radius Servers
Replies: 1
Views: 873

Re: Router Login with Multiple Radius Servers

AFAIK, this is not possible in ROS. What you want to to do, is configure your radius server to pass the authentication to a secondary (set of) server(s) if the user uses a realm that is not local.
by troy
Mon Jul 14, 2014 9:00 pm
Forum: General
Topic: Internet Settings
Replies: 1
Views: 808

Re: Internet Settings

Given the diagram you provided, you should never have to change the route on anything other than the 750 at either of the remote sites (every computer, printer, and other device at each site should be using the local RB750 as the default route. The better option, would be to implement OSPF. Each rou...
by troy
Wed Jun 25, 2014 2:38 am
Forum: RouterBOARD hardware
Topic: 24 ports Mikrotik SFP switch
Replies: 4
Views: 4815

Re: 24 ports Mikrotik SFP switch

I don't know if I was the first to ask for such a beast... but I asked about it close to 2 years ago. I'd also like to see a model with integrated optics for single-mode, single-strand, and auto-sensing Bi-Directional auto-sensing 100/1000 support (the optics exist... Genexis has a CPE with it). I'd...
by troy
Tue Jun 24, 2014 4:59 pm
Forum: General
Topic: CCR1036 working in 48VCC
Replies: 1
Views: 534

Re: CCR1036 working in 48VCC

Looks like the CCR uses up to 60W @ 24v. So, get a 3amp (or higher) DC-DC converter to step down to 24v and you're golden. It may be a good idea to use an inline fuse rated for 3 to 5 amps.
by troy
Tue Jun 24, 2014 4:47 pm
Forum: General
Topic: Strange log messages
Replies: 4
Views: 1083

Re: Strange log messages

Grrr... my eyes glazed over and I missed it. There is indeed a log rule that was added where it didn't belong in the middle of another ruleset.

Thanks guys.
by troy
Tue Jun 24, 2014 3:59 pm
Forum: General
Topic: Strange log messages
Replies: 4
Views: 1083

Strange log messages

Some time in the last few weeks, the log on a CCR running 6.5 started getting filled with some strange entries. No configuration changes in either the system logging or firewall have been made, yet these messages started filling up the log: 08:37:57 firewall,info FTP forward: in:ether11 out:ether3, ...
by troy
Sat May 31, 2014 5:51 am
Forum: General
Topic: Zabbix Template
Replies: 17
Views: 25290

Re: Zabbix Template

Yeah, that api file needs to be in the same directory for the script I threw together. You can put it anywhere you want if you edit the script... php includes/requires are pretty easy to change. As for the dependency thing, I looked at it, and it's overly complex. A host dependency needs to be a sim...
by troy
Thu May 22, 2014 1:44 am
Forum: General
Topic: Zabbix Template
Replies: 17
Views: 25290

Re: Zabbix Template

Sorry for the very late reply... Zabbix has landed on my back burner. It's awesome at what it does, but there are 2 serious limitations that I can't live with right now. The Android apps all suck and Zabbix doesn't currently support host dependencies (if a device goes down and takes 20 more with it,...
by troy
Wed Mar 26, 2014 6:56 pm
Forum: Wireless Networking
Topic: Port Forwarding - RDP - Did it correct but still not working
Replies: 1
Views: 1033

Re: Port Forwarding - RDP - Did it correct but still not wor

Did you verify that you can connect from the local network?

Also, I do not see the dst-address specified in your NAT rule. It's been a while, but I'm thinking this is required.

Also, have you watched the nat rule to see if the counter increases when it gets hit?
by troy
Wed Mar 26, 2014 6:27 pm
Forum: Wireless Networking
Topic: Small WISP Design and Advice Needed
Replies: 2
Views: 1879

Re: Small WISP Design and Advice Needed

If that's the extent of your network, it sounds like a good start. For the backhaul, you can certainly use the nanobeam. You can also use Mikrotik's SXT to keep the network homogeneous. If you need to shoot a long distance, consider using 2' or 3' dishes. There are tons of link budget calculators ou...
by troy
Wed Mar 26, 2014 5:49 pm
Forum: Beginner Basics
Topic: Two public IP on WAN interface
Replies: 6
Views: 3849

Re: Two public IP on WAN interface

Yeah, when adding additional IP addresses in the same subnet, it's best practice to use a /32 mask. Addresses in multiple subnets should not require this. It could be something funky with your ISP, but I couldn't tell you for sure. Both of the obvious configurations are failing, not sure what else t...
by troy
Wed Mar 26, 2014 5:35 pm
Forum: General
Topic: Single interface VLAN trunk issues
Replies: 10
Views: 2790

Re: Single interface VLAN trunk issues

Having multiple VLANs and even routing between them on a single interface isn't a configuration problem. It is common and it does work. What I'm saying is that it can lead to performance problems. Some hardware can handle this better than other hardware. Routing or bridging traffic back to the same ...
by troy
Sun Mar 23, 2014 8:15 pm
Forum: Beginner Basics
Topic: How to start with RB2011UiAS-2HnD ?
Replies: 1
Views: 691

Re: How to start with RB2011UiAS-2HnD ?

Can you share what you've tried so far?

You say you're comfortable with PCC rules. This is all that's needed to spread the load across the 3 DSL connections. Following the steps in the manual, you should be able to have it up and running in just a few minutes.
by troy
Sun Mar 23, 2014 7:49 pm
Forum: General
Topic: Single interface VLAN trunk issues
Replies: 10
Views: 2790

Re: Single interface VLAN trunk issues

I don't understand either. While the 450 shouldn't have any problem pushing that much data in a hairpin configuration, the performance should be the same either way. The fact that it does fail some sites in the hairpin configuration is odd. Either way though, its a good idea to only ever allow traff...
by troy
Fri Mar 21, 2014 10:47 pm
Forum: General
Topic: Single interface VLAN trunk issues
Replies: 10
Views: 2790

Re: Single interface VLAN trunk issues

Sorry about that. I must have misunderstood. It sounded like you went from 115Mbit/s to 30Mbit/s with the hairpin configuration and went back to normal when you removed that configuration. After re-reading, I think you're saying that with the hairpin configuration (still a damned odd way to set it u...
by troy
Fri Mar 21, 2014 4:19 pm
Forum: The Dude
Topic: Massive devices configuration update
Replies: 1
Views: 1890

Re: Massive devices configuration update

Hello everyone,
Is there a method in Dude to update the configuration of massive device at one time?

Thanks
Firmware update? Yes, this is covered in the manual.

Configuration update? No. There have been various scripts (expect, perl, other?) posted to do this though.
by troy
Fri Mar 21, 2014 4:15 pm
Forum: General
Topic: Single interface VLAN trunk issues
Replies: 10
Views: 2790

Re: Single interface VLAN trunk issues

Yes... you're doing a hairpin on ether1. This is NOT a good idea for high bandwidth usage. You'll run into the same limitation if you try to use any combination of ports other than Ether1. Ports 2-5 are on a switch chip and share a single interface to the CPU. In short, you pretty much have to use E...
by troy
Fri Mar 21, 2014 4:09 pm
Forum: General
Topic: Firewall and DNS issue
Replies: 1
Views: 619

Re: Firewall and DNS issue

If it's clear HTTP, you can do this with a Layer-7 filter rule. Add firewall filters to allow DNS requests (UDP & TCP), add another rule to allow your URL, and finally add a rule to block everything else. Another way to do this, is to use the Hotspot service and configure a walled garden allowing yo...
by troy
Fri Mar 21, 2014 4:03 pm
Forum: General
Topic: Can anyone explain please !?
Replies: 2
Views: 852

Re: Can anyone explain please !?

Fun fun fun... my 3rd reply this morning regarding Policy Based Routing . As for only allowing DHCP assigned users access to the Internet, you'll want to modify your NAT rule so that it only allows from those specific source addresses: /ip firewall address-list add address=192.168.22.0/24 list=LAN1 ...
by troy
Fri Mar 21, 2014 3:52 pm
Forum: Beginner Basics
Topic: Two public IP on WAN interface
Replies: 6
Views: 3849

Re: Two public IP on WAN interface

Ok, if you can do this with straight IP tables on Linux, you can do this with MT (which is still Linux). You just have to learn the abstraction layers that MT put on top. So, both IP addresses are from the same provider. You probably don't have to worry about the actual GW then. The provider already...
by troy
Fri Mar 21, 2014 3:43 pm
Forum: Forwarding Protocols
Topic: 2 Gateway with one ISP
Replies: 3
Views: 2461

Re: 2 Gateway with one ISP

Yes, you can have multiple gateways. Check out the wiki article on Policy Based Routing . I use this to properly route traffic for customers on an open-access network belonging to multiple providers. I would probably need to see a detailed description or a diagram showing the desired traffic flow to...
by troy
Fri Mar 21, 2014 3:36 pm
Forum: Wireless Networking
Topic: Metal5SHPn 1x1 MIMO, how can?
Replies: 1
Views: 840

Re: Metal5SHPn 1x1 MIMO, how can?

Pretty sure that was an editorial oversight in the brochure, though it's a pedantic distinction that really shouldn't bother you any more than someone failing to call a rectangle a square when it is, indeed, square. MIMO, being part of the 802.11n spec calls for the support of spatial diversity (MIM...
by troy
Fri Mar 21, 2014 2:58 pm
Forum: General
Topic: Install ntp server package
Replies: 1
Views: 19026

Re: Install ntp server package

Yeah, get ntp-6.7-XXXX.npk.

Addon packages should match the version of ROS you currently have installed.

If the package still fails to install after rebooting, check the log to see why.

-Troy
by troy
Fri Mar 21, 2014 2:55 pm
Forum: Forwarding Protocols
Topic: 2 Gateway with one ISP
Replies: 3
Views: 2461

Re: 2 Gateway with one ISP

Sounds like you read the manual regarding source nat . If you had read a little more, you would have seen the section on destination nat and 1:1 nat . So, you use src-nat for the outgoing traffic, dst-nat for incoming traffic. If you use both src-nat and dst-nat together, you'll have a 1:1 mapping t...
by troy
Fri Mar 21, 2014 2:47 pm
Forum: Beginner Basics
Topic: Two public IP on WAN interface
Replies: 6
Views: 3849

Re: Two public IP on WAN interface

Based on what you describe, the GW devices are separate devices and you do not have any sort of a routing protocol set up or available. An odd setup for sure, but it should work with the addition of some routing marks: /ip firewall mangle add action=mark-routing chain=prerouting comment="To GW1" new...
by troy
Thu Mar 20, 2014 5:59 pm
Forum: RouterBOARD hardware
Topic: CRS125-24G-1S-RM Brand NEW Cloud Router SWITCH
Replies: 13
Views: 13809

Re: CRS125-24G-1S-RM Brand NEW Cloud Router SWITCH

troy: this is a real SWITCH with routerOS features addon. Why the hell do you need more then a gbps connection to the CPU (what cannot handle more than few hundred megs)? Think about a managed gigabit switch plus a dual port mikrotik router - in one box (ok it offers more, but not expect too much.....
by troy
Tue Mar 18, 2014 9:17 pm
Forum: RouterBOARD hardware
Topic: CRS125-24G-1S-RM Brand NEW Cloud Router SWITCH
Replies: 13
Views: 13809

Re: CRS125-24G-1S-RM Brand NEW Cloud Router SWITCH

Finally got to see one... Initial impressions... AWESOME job on: 1) Console port (still need to try this with my crisco cable) 2) Ears - Can turn them 90* to mount unit to a wall or board Not so much on the PSU... external wall wart? Really? Why not use an internal PSU like you did on the CCR and RB...
by troy
Thu Feb 06, 2014 7:22 pm
Forum: Beginner Basics
Topic: load balancing between two ISPs
Replies: 2
Views: 945

Re: load balancing between two ISPs

by troy
Thu Feb 06, 2014 7:19 pm
Forum: Wireless Networking
Topic: create PTP network for 3km
Replies: 7
Views: 2423

Re: create PTP network for 3km

If you're just straight routing (with NAT)... ether1 for the Internet, ether2-9 for the LAN, the 750 should be able to handle several hundred users.

If you need to do bandwidth management, use PCQ and Queue Tree. Though Simple Queues in ROS6 might be efficient enough.
by troy
Tue Feb 04, 2014 11:00 pm
Forum: General
Topic: Standard ISP Firewall practices
Replies: 1
Views: 1053

Re: Standard ISP Firewall practices

Check out this recent thread . If your customers are fully exposed, there are some ports that you might want to block to offer some basic protection. Generally speaking, blocking all inbound traffic to ports <1025 would be reasonable for residential customers. Business/enterprise customers might not...
by troy
Tue Feb 04, 2014 8:58 pm
Forum: Wireless Networking
Topic: Wireless help needed
Replies: 6
Views: 1857

Re: Wireless help needed

802.11 is a half-duplex spec. With 802.11n MCS7 @ 40Mhz, you have a max rate of 150. Coding at 5/6, you get 125Mbit/s maximum throughput at Layer 2. Depending on the Layer 3 overhead and other traffic, the best you'll be able to do in practice, is 90-100Mbit/s. With one wireless and one wired device...
by troy
Tue Feb 04, 2014 8:24 pm
Forum: Wireless Networking
Topic: create PTP network for 3km
Replies: 7
Views: 2423

Re: create PTP network for 3km

For the PTP between the two locations, you'll want a pair of RouterBoard SXT radios. On the AP side (in the village), the equipment selection gets a little more complicated. If the AP will be centrally located and easily visible to everyone, you can use something like the OmniTik. If you need to set...
by troy
Sat Feb 01, 2014 5:25 pm
Forum: General
Topic: Cloud Router Switch Uplink
Replies: 18
Views: 6215

Re: Cloud Router Switch Uplink

We'll have to let the boys from MT chime in on this one. At a glance though, it would appear that the problem isn't so much with the software, as it is with the hardware. As a Layer2 switch, the CRS should perform just as well, if not better, than any other $200 switch. If the switch chip supports i...
by troy
Sat Feb 01, 2014 4:55 pm
Forum: RouterBOARD hardware
Topic: CCR1036-12g ARP\MAC issues on ETH ports
Replies: 4
Views: 1909

Re: CCR1036-12g ARP\MAC issues on ETH ports

Honestly, it very well could be an issue with ROS on the CCR. I wouldn't know without sticking my head in your network. A similar problem I've had, is where I would use the ip discovery tool to scan a connected subnet, and had a cisco 3700 send arp replies for every single address. The ARP table on ...
by troy
Sat Feb 01, 2014 4:45 pm
Forum: Beginner Basics
Topic: Why two tree queues under wan ?
Replies: 3
Views: 1200

Re: Why two tree queues under wan ?

You'd have to ask the authors of the configs you're looking at. All-Bandwidth should be just that... a queue for all bandwidth. In my experience, you will want to set this to slightly below your actual bandwidth from your provider so everything has some breathing room. This should be a parent for an...
by troy
Sat Feb 01, 2014 4:35 pm
Forum: Scripting
Topic: Script to autochange SSID when not internet
Replies: 6
Views: 4266

Re: Script to autochange SSID when not internet

yes... isp1-ssid would be the value to change.

You can set multiple paramaters at the same time... ssid=FOO security-profile=BAR

Good luck!
by troy
Sun Jan 26, 2014 5:38 am
Forum: Forwarding Protocols
Topic: server access to specified ip
Replies: 1
Views: 753

Re: server access to specified ip

Sounds like you need to implement some bandwidth management. Without knowing your exact traffic patterns and needs, I wouldn't know how to advise you on this, but the WIKI has some pretty decent examples that should get you started. Also search for a PCQ/QOS script.. there's a few floating around ou...
by troy
Sun Jan 26, 2014 5:33 am
Forum: Beginner Basics
Topic: snmp from WAN/ether1 firewall config?
Replies: 2
Views: 3153

Re: snmp from WAN/ether1 firewall config?

I hate to ask, but did you reboot after enabling snmp? For some idiot reason, ROS seems to need this sometimes (always?).
by troy
Sun Jan 26, 2014 5:32 am
Forum: Beginner Basics
Topic: Why two tree queues under wan ?
Replies: 3
Views: 1200

Re: Why two tree queues under wan ?

In the example you posted, there are 2 queues, each at 4M for a total of 8M. This allows VOIP some dedicated bandwidth, though the example isn't a very effecient way to do it. The better way, would be to create a parent to hold all the bandwidth, then several children to divy that bandwidth up. You ...
by troy
Sun Jan 26, 2014 5:22 am
Forum: Beginner Basics
Topic: PPPOE 1GB - LAN to WAN throughput
Replies: 5
Views: 5342

Re: PPPOE 1GB - LAN to WAN throughput

I'm amazed that you're getting 200Mbit/s, pretty impressive for MIPS. Aside from the CPU, the 2011 suffers from all the GigE interfaces being on a single switch chip with a single GigE lane into the CPU. Trying to route full GigE traffic through it will fail miserably (as you've discovered). I'm not...
by troy
Sat Jan 25, 2014 5:38 pm
Forum: Beginner Basics
Topic: 5 static IP's but dynamic PPPOE Connection
Replies: 4
Views: 2774

Re: 5 static IP's but dynamic PPPOE Connection

Not necessarily. If you have the full subnet routed to you, you can bind all 8 addresses to a loopback and go from there... If your subnet is 11.22.33.8/29: /int bridge add name=lo0 /ip address add address=11.22.33.8/32 interface=lo0 /ping 8.8.8.8 src-address=11.22.33.8 Assuming that you pass this t...
by troy
Fri Jan 24, 2014 11:36 pm
Forum: General
Topic: Set custom DL-UL bandwith rates
Replies: 3
Views: 941

Re: Set custom DL-UL bandwith rates

Terminal or winbox..

You can create one simple queue per user, which can be pretty high maintenance.

You can also create a queue tree with PCQ.

Both are pretty well documented in the wiki.
by troy
Fri Jan 24, 2014 10:49 pm
Forum: RouterBOARD hardware
Topic: Ethernet port problem ?
Replies: 3
Views: 1138

Re: Ethernet port problem ?

Tick the other 4 boxes in the torch. See if you can get some more information out of it.

Can you confirm with your provider that this traffic is real?

Also, if you have another routerbaord, stick it between the CCR and DSL modem as a bridge so you can get an 'outside' view of the situation.
by troy
Fri Jan 24, 2014 10:45 pm
Forum: General
Topic: WAN as Uplink
Replies: 1
Views: 1136

Re: WAN as Uplink

In order to make this work, you need to have all 4 connections from the same provider and your provider must agree to only send traffic to you on 3 of the 4 connections. The problem? When you connect via WAN1, your connection has the IP address for WAN1, and the other side of that connection will on...
by troy
Fri Jan 24, 2014 10:31 pm
Forum: Beginner Basics
Topic: VLAN trunking - my personal hell-on-earth
Replies: 1
Views: 1587

Re: VLAN trunking - my personal hell-on-earth

Baby steps my friend... baby steps. Because of the way ROS does it's network abstractions, the config gets very complex very quick. Quite often, it's easier to just open it up a bit, then put restrictions when/where necessary. For your internet, this is pretty basic. Just add the address/route/dns p...
by troy
Fri Jan 24, 2014 10:08 pm
Forum: Beginner Basics
Topic: VLAN issue with Bridge
Replies: 1
Views: 777

Re: VLAN issue with Bridge

Please provide the following output:

/interface export compact
/ip address export compact


Maybe more later, but this should get us going.
by troy
Fri Jan 24, 2014 10:01 pm
Forum: Scripting
Topic: Script to autochange SSID when not internet
Replies: 6
Views: 4266

Re: Script to autochange SSID when not internet

It sounds like the wireless is your internet connection, and if one goes down, you want to change to a different connection. Assuming I understand you correctly, this bit of untested code should get you going: :if ([/ping altavista.com count=1] = 0) do={ :log Internet down, switching providers :loca...
by troy
Fri Jan 24, 2014 9:40 pm
Forum: Beginner Basics
Topic: How to see wifi network speeds
Replies: 2
Views: 1422

Re: How to see wifi network speeds

Not sure what part of the webgui that screenshot came from, but check under wireless > registration.

Also from winbox (wireless > registration table), you can see it like this:

Image
by troy
Fri Jan 24, 2014 9:33 pm
Forum: Beginner Basics
Topic: Second WAN routing not working
Replies: 2
Views: 1799

Re: Second WAN routing not working

You forgot to share ip routing with us.

/ip routing export compact
by troy
Fri Jan 24, 2014 9:30 pm
Forum: General
Topic: /tool fetch missing???
Replies: 1
Views: 656

Re: /tool fetch missing???

Don't know for sure, but I think fetch is in the advanced-tools package. Do you have that installed and active?
by troy
Fri Jan 24, 2014 9:25 pm
Forum: Beginner Basics
Topic: VLAN configuration
Replies: 3
Views: 1427

Re: VLAN configuration

The MT config should work. As for the bridge/no bridge discussion. If you only need tagged traffic, you don't need a bridge. If, however, you also need untagged traffic, you will need to use a bridge. Either way, it doesn't hurt anything to use a bridge. Here's a config: /interface bridge add name=b...
by troy
Fri Jan 24, 2014 9:20 pm
Forum: General
Topic: Future request: Rebuild queues limits
Replies: 1
Views: 877

Re: Future request: Rebuild queues limits

It would be cool to have time-of-day queues supported with a radius attribute. Unfortunately, I doubt it will get much traction with the boys at MT. There are a few ways to cope with this. First, if the service is DHCP, setting a max time won't cause any interuption to service. PPPoE is a different ...
by troy
Fri Jan 24, 2014 9:15 pm
Forum: Forwarding Protocols
Topic: mpls package, do I need it ?
Replies: 2
Views: 1469

Re: mpls package, do I need it ?

If you don't need MPLS/VPLS for anything, then yes, you can remove it. IMO, it really doesn't hurt anything to leave all the default packages. I used to be a bit of a nazi about removing unused packages, but with 100's of devices, it got to be a little annoying, especially when it was time to actual...
by troy
Fri Jan 24, 2014 9:10 pm
Forum: Beginner Basics
Topic: 5 static IP's but dynamic PPPOE Connection
Replies: 4
Views: 2774

Re: 5 static IP's but dynamic PPPOE Connection

Simon, Create static routes to those 1200's to use one of your static IP addresses as the preferred source: /ip route add dst-address=123.45.67.89 preferred-source=98.76.54.32 gateway=pppoe-out Now, when connecting to the 1200's at work, the connection will come from whichever static IP you choose t...
by troy
Fri Jan 24, 2014 8:39 pm
Forum: RouterBOARD hardware
Topic: CCR1036-12g ARP\MAC issues on ETH ports
Replies: 4
Views: 1909

Re: CCR1036-12g ARP\MAC issues on ETH ports

Sounds to me, like you have a mis-behaving device somewhere that's replying to ARP requests it shouldn't be replying to.

Find the MAC address that you're having a problem with, and you've found your culprit.
by troy
Fri Jan 24, 2014 8:35 pm
Forum: General
Topic: Block Local network computer from seeing eachother
Replies: 1
Views: 1894

Re: Block Local network computer from seeing eachother

You're not crazy at all. This is called client isolation and works very well. There are several ways to implement it, but we'd need to see a network diagram to do more than help you understand the concepts. ROS, at it's core, is a pretty flexible and robust platform. However, there are some limits, ...
by troy
Fri Jan 24, 2014 8:20 pm
Forum: Beginner Basics
Topic: Using different routers for download and streaming.
Replies: 2
Views: 639

Re: Using different routers for download and streaming.

If you can tell us how to determine if something is downloading or streaming, we can probably help you :) So... you have 1 ISP, 2 connections, and 100 clients. How are you distributing bandwidth between those 2 connections now? What's the purpose of putting a 2nd router on one of them? IMO, you woul...
by troy
Fri Jan 24, 2014 8:09 pm
Forum: RouterBOARD hardware
Topic: Ethernet port problem ?
Replies: 3
Views: 1138

Re: Ethernet port problem ?

What's attached to that port?

Have you tried running torch to see what the traffic is?
by troy
Fri Jan 24, 2014 8:05 pm
Forum: Beginner Basics
Topic: Help With Defining Route
Replies: 3
Views: 921

Re: Help With Defining Route

You need to do some policy based routing ... /ip firewall mangle add chain=prerouting src-address=192.168.90.0/24 action=mark-routing new-routing-mark=To_Fortinet /ip route add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=To-Fortinet You can also use a firewall filter to ensure that no tra...
by troy
Tue Jan 07, 2014 5:56 pm
Forum: Wireless Networking
Topic: firewall solution for wisp
Replies: 4
Views: 2691

Re: firewall solution for wisp

Your question is so broad, it would take a book to answer it. There are a lot of books out there, take your pick! In terms of hardware and/or OS, this is a MT forum, so I would assume that you have ROS running on a RB of some sort... perfectly suited for a basic firewall appliance. Onto the configur...
by troy
Tue Jan 07, 2014 5:08 pm
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1040183

Re: CLOUD CORE ROUTER

I had an interesting experience with a CCR yesterday. Went to hook up a UPS (APC SU3000RMXL) to the serial console. Uploaded the UPS package and rebooted the CCR to install it. The CCR got stuck with "routerboot configuration" displayed on the screen (first useful thing I've seen with that dumb litt...
by troy
Tue Jan 07, 2014 5:03 pm
Forum: Beginner Basics
Topic: RouterOS V6.7 which best way to do traffic shapping
Replies: 1
Views: 669

Re: RouterOS V6.7 which best way to do traffic shapping

For simple bandwidth sharing and congestion avoidance, PCQ would be your best bet. We use this in a queue tree with a single parent to provide multiple classes of bandwidth (1/3/6/etc...).

The wiki article provides a great start, and you can find some specific examples here in the forum.
by troy
Mon Dec 30, 2013 10:45 pm
Forum: General
Topic: PPPoE for customers?
Replies: 1
Views: 804

Re: PPPoE for customers?

I like to think that PPPoE needs to die completely, but for residential services, it does offer a nice feature set that's hard to duplicate using other management options: *) Limit each user to a single connection to the network. *) Radius accounting can let you know how much data each subscriber is...
by troy
Mon Dec 30, 2013 10:31 pm
Forum: General
Topic: I want to change FirePro RouterOS 4.3
Replies: 5
Views: 1644

Re: I want to change FirePro RouterOS 4.3

"Firepro" is just a branded version of MT ROS. You can upgrade it the same as any routerboard. If you use netinstall, you can go straight to 6.7. Otherwise, upgrade to 4.17 => 5.26 => 6.7. Be sure to check and update the firmware along the way. You might also need to update the license before/after ...
by troy
Mon Dec 30, 2013 9:53 pm
Forum: Beginner Basics
Topic: Just a NAT device, nothing more - RB2011L-in
Replies: 6
Views: 1359

Re: Just a NAT device, nothing more - RB2011L-in

Here's a thread with a similar setup that might help:

http://forum.mikrotik.com/viewtopic.php?f=2&t=79253
by troy
Fri Dec 13, 2013 4:59 pm
Forum: RouterBOARD hardware
Topic: grounding newbie question
Replies: 3
Views: 1862

Re: grounding newbie question

The answer to your question is no. Grounding does not increase the chances of a lightning strike. It increases the chances of SURVIVING a lightning strike. The problem, is that your equipment already has a path to ground (antenna/enclosure -> electronics -> cat-5 -> poe -> switch/router -> UPS -> po...
by troy
Thu Dec 12, 2013 2:18 pm
Forum: Wireless Networking
Topic: Link Distance
Replies: 16
Views: 3888

Re: Link Distance

Ryan, There's another possibility that I just stumbled on while checking routerboard.com for something else. The RB912UAG-5HPnD has a radio that will cover that distance. One added bonus to this, is that it also has a slot for a 3G modem, which can provide either out-of-band management or possibly b...
by troy
Thu Dec 12, 2013 6:03 am
Forum: Beginner Basics
Topic: Communication problem with my gateway provider?
Replies: 4
Views: 1116

Re: Communication problem with my gateway provider?

Not required, no.. but very typical. If this is a point-to-point connection, the theory goes that it can be unnumbered, but doing it that way makes it hard to troubleshoot. From wWhat you described, it sounds like the provider is keeping the /24 captive (where the gateway address is actually on thei...
by troy
Thu Dec 12, 2013 1:23 am
Forum: Wireless Networking
Topic: Link Distance
Replies: 16
Views: 3888

Re: Link Distance

That would be it. Honestly though, if the folks at MT get pissed, so be it. They know as well as anyone that they do not have a product in the same class as the RocketM5-Ti. It can easily do the 37km link and should come very close to 180Mbit/s throughput. I have set up a few links using the DBii F5...
by troy
Wed Dec 11, 2013 11:26 pm
Forum: Beginner Basics
Topic: Ubiquiti behind Mikrotik
Replies: 14
Views: 3208

Re: Ubiquiti behind Mikrotik

heh.. yeah, I see it now. It does indeed smack of an MTU problem. Ping with full sized packets and figure out which devices will need some extra room.
by troy
Wed Dec 11, 2013 10:51 pm
Forum: Wireless Networking
Topic: Link Distance
Replies: 16
Views: 3888

Re: Link Distance

Roadie, you've been in the game long enough to know exactly what company and which of their products I'm referring to. I will not mention it here because I don't want to piss off the Latvian Mafia! Here's a hint though... its named for a type of metal that's often used in body part replacements, gol...
by troy
Wed Dec 11, 2013 10:41 pm
Forum: Beginner Basics
Topic: Communication problem with my gateway provider?
Replies: 4
Views: 1116

Re: Communication problem with my gateway provider?

You do not need BGP for this, your ISP should know better. Tell them that you need to bring the /24 inside your network, and that you would like them to route it to you over a different /30 subnet. If they are a relatively small ISP, they may not want to break out a /30 for the job. In this case, yo...
by troy
Wed Dec 11, 2013 10:17 pm
Forum: Scripting
Topic: DNSDynamic Update Script
Replies: 4
Views: 5149

Re: DNSDynamic Update Script

Wow, that is a really long complicated script... but, I don't need all those email notifications and stuff. Crazy stuff! Here's how I do it, short and simple: # ## Script by Troy ## ## I don't remember what's stolen and what's original... use at your own risk # :global currentIP; :local tmpIP [/ip a...
by troy
Wed Dec 11, 2013 9:50 pm
Forum: Wireless Networking
Topic: Link Distance
Replies: 16
Views: 3888

Re: Link Distance

To get a reliable link, you'll need 3' dishes. The Metal 5SHPn or R5SHPn mPCI card would be your best bet for radios. If you need more than about 80Mbit/s of actual throughput, you'll need to use a 2x2 radio and antenna. Unfortunately, MT does not have a product that will do this at this time, but t...
by troy
Wed Dec 11, 2013 9:41 pm
Forum: Beginner Basics
Topic: Ubiquiti behind Mikrotik
Replies: 14
Views: 3208

Re: Ubiquiti behind Mikrotik

Green? Red? where... I don't see a picture. You say you can ping... what size packets? Try a 1500 byte packet and see what happens... my guess is that you have an MTU issue somewhere along the way, most likely with one of the UBNT devices, which is limited to 1500 bytes out of the box. Raise the MTU...
by troy
Wed Dec 11, 2013 9:33 pm
Forum: RouterBOARD hardware
Topic: Normis: Any plan to support 100Mbps SFP transceivers in RB?
Replies: 2
Views: 1055

Re: Normis: Any plan to support 100Mbps SFP transceivers in

100Mbit/s SFP FTW!!!

Seriously, I know of at least one product out there that has auto-sensing 100/1000 optics. I don't know of an SFP that does this, but it is possible to do, and it would be a great addition to the MT product line.
by troy
Wed Dec 11, 2013 8:35 pm
Forum: Forwarding Protocols
Topic: TWO bgp peers and load balancing
Replies: 1
Views: 1057

Re: TWO bgp peers and load balancing

Welcome to BGP, a weird and mysterious world where it's normal to have asynchronous routes between any two points on the 'net. There is nothing you can do with BGP to control your outbound traffic (except maybe to place filters on the advertisements you accept). For your inbound traffic, prepending ...
by troy
Wed Dec 11, 2013 4:09 pm
Forum: General
Topic: static routing and NAT configurations
Replies: 2
Views: 1366

Re: static routing and NAT configurations

Your config is pretty straight forward, though the NAT rules appear to be a little confused. Under /ip addresses, add your addressed to your desired interfaces. Under /ip routes, add your routes The 20.20.20 and 30.30.30 addresses... are these the actual addresses assigned to you by your provider? A...
by troy
Tue Dec 10, 2013 11:41 pm
Forum: General
Topic: Help with 1 to 1 NAT or Netmap
Replies: 2
Views: 2161

Re: Help with 1 to 1 NAT or Netmap

26 ;;; default configuration chain=srcnat action=masquerade to-addresses=0.0.0.0 src-address-list=!10.10.4.7 out-interface=ether5 61 ;;; LCTN.k12 Mail Server chain=srcnat action=src-nat to-addresses=publicIP src-address=10.10.4.7 62 ;;; LCTN.k12 Mail server chain=dstnat action=dst-nat to-addresses=...
by troy
Sun Dec 01, 2013 11:53 pm
Forum: General
Topic: failover with 3 ISP without balancing
Replies: 3
Views: 1737

Re: failover with 3 ISP without balancing

Yes, with static routes, I believe this would be the only way. To disable a gateway, you'll need to use the check-gateway option. Without a valid GW IP, this won't work, and the route will not fail over to the next gateway. RouterOS will not let you set the distance on a route installed by the dhcp ...
by troy
Thu Nov 28, 2013 10:24 pm
Forum: General
Topic: Firewall Problem{NAT Router in gameranger}
Replies: 12
Views: 13844

Re: Firewall Problem{NAT Router in gameranger}

A quick google search shows that Gameranger needs a NAT rule or UPNP . Your best bet, would probably to turn on and configure UPNP . Port forwarding is also an option, but if you receive a dynamic IP from your ISP, you'll need to update the nat rule any time your IP changes. Stick with UPNP, its alm...
by troy
Wed Nov 27, 2013 2:12 pm
Forum: General
Topic: Bandwidth Management & QOS - Is it possible?
Replies: 12
Views: 6454

Re: Bandwidth Management & QOS - Is it possible?

As indicated in the OP, I am.

Was your earlier reply based on an earlier version?
by troy
Wed Nov 27, 2013 2:06 pm
Forum: General
Topic: How do I setup router for public/29 address space
Replies: 8
Views: 4733

Re: How do I setup router for public/29 address space

Troubleshooting... what fun! The extra latency wasn't likely due to the 2011 itself as much as the network config. Post your actual config: /ip address export compact /ip route export compact /ip firewall export compact Also a few traces: /tool traceroute 8.8.8.8 /tool traceroute 8.8.8.8 src-address...
by troy
Wed Nov 27, 2013 1:23 am
Forum: General
Topic: Bandwidth Management & QOS - Is it possible?
Replies: 12
Views: 6454

Re: Bandwidth Management & QOS - Is it possible?

Thanks for taking a look man, I do appreciate it, but I've already been there. Following the link, which takes you to this page , you can find exactly one diagram that shows Simple Queues, and has a description stating that this is how it works in ROS6. http://wiki.mikrotik.com/images/2/24/Packetflo...
by troy
Tue Nov 26, 2013 12:54 am
Forum: Wireless Networking
Topic: How many concurrent wireless users can support?
Replies: 18
Views: 25059

Re: How many concurrent wireless users can support?

If you want to support up to 100 users and have something usable, you'll probably want to set up 3 access points throughout the building. Personally, I'd do more, but using more than 3 APs in close quarters can cause problems that you may not want to cope with. For a MT solution, I'd get the RB750UP...
by troy
Mon Nov 25, 2013 11:47 pm
Forum: Scripting
Topic: learn how to Shape Download Traffic only & leave Browsing
Replies: 24
Views: 17771

Re: learn how to Shape Download Traffic only & leave Browsin

Curious.. It's been a while since I've dug into the HTTP protocol, but aren't there some headers that you could key in on? IMO, the best, first test, would be Content-Length (if we could actually use the number from the string). Small files could be let through, with medium and large files being que...
by troy
Mon Nov 25, 2013 9:06 pm
Forum: General
Topic: How do I setup router for public/29 address space
Replies: 8
Views: 4733

Re: How do I setup router for public/29 address space

Well, it's not really all that silly from a customer perspective, it just gives you an extra address to use. As a provider though, it is silly, they're wasting an IP unnecessarily. Comcast does this as well, a customer with a subnet assignment also gets a static IP outside that subnet. What's infuri...
by troy
Mon Nov 25, 2013 6:57 pm
Forum: General
Topic: How do I setup router for public/29 address space
Replies: 8
Views: 4733

Re: How do I setup router for public/29 address space

How silly of your provider to give you a static address (/32) that's not already in your static subnet, but that's beside the point, and it gives you 9 static IPs to work with instead of just 8. You get your route from the PPPoE session, so that's taken care of. Now, just put your subnet on your DMZ...
by troy
Mon Nov 25, 2013 6:20 pm
Forum: Beginner Basics
Topic: Block all ports but 80 and 1723
Replies: 7
Views: 28930

Re: Block all ports but 80 and 1723

add chain=forward action=accept protocol=tcp dst-port 3389 in-interface=VPN comment="Allow RDP via VPN" If you don't mind a suggestion... take some time to review the basic firewall documentation in the wiki. Also search for various firewall scripts out there. IMO, firewalls are typically used to pr...
by troy
Mon Nov 25, 2013 5:38 pm
Forum: General
Topic: Simple Queue Question....
Replies: 2
Views: 859

Re: Simple Queue Question....

At the moment, you're probably best off with PCQ and Queue Tree. Create a PCQ for your server to reserve the bandwidth, then create a separate PCQ for your workstations. In the Queue Tree, create 2 parent queues (upload & download), then create 2 children for each (server & workstation). What will h...
by troy
Mon Nov 25, 2013 5:10 pm
Forum: General
Topic: Zabbix Template
Replies: 17
Views: 25290

Zabbix Template

I had heard about zabbix quite some time ago, but never seemed to find the time to tackle the learning curve. This past weekend, I decided it was time, so I did and I'd like to share the results with you. This template is incomplete at best, but so far, it's doing what I need it to do. I'm open to r...
by troy
Sat Nov 23, 2013 7:40 pm
Forum: General
Topic: SNMP - Different OIDs on different boards...
Replies: 0
Views: 419

SNMP - Different OIDs on different boards...

Ok, in the past, I've just accepted this, but as I'm wanting to monitor more and more devices, it's starting to get really annoying. I checked a few different devices for ifDescr.1 CCR = sfp1 RB1100 = Ether12 RB435 = Ether1 RB1200 = Ether10 This is so random... can we get some degree of predictabili...
by troy
Fri Nov 22, 2013 2:34 am
Forum: General
Topic: failover with 3 ISP without balancing
Replies: 3
Views: 1737

Re: failover with 3 ISP without balancing

No script necessary. /ip route add check-gateway=ping distance=10 gateway=10.1.1.1 add check-gateway=ping distance=20 gateway=10.2.2.1 add check-gateway=ping distance=30 gateway=10.3.3.1 /ip firewall nat add chain=srcnat chain=srcnat out-interface=WAN1 to-addresses=10.1.1.2 add chain=srcnat chain=sr...
by troy
Thu Nov 21, 2013 10:05 pm
Forum: General
Topic: Cloud Router Switch Uplink
Replies: 18
Views: 6215

Re: Cloud Router Switch Uplink

Late to the discussion, but rather than a filter on the bridge, I'd put all the ports in the bridge with a horizon=2, with the uplink having a horizon=1. All hosts can communicate to the upstream, but not to the side. According to the block diagram , the CRS has all 24 ports + SFP on a single switch...
by troy
Thu Nov 21, 2013 6:00 pm
Forum: General
Topic: Bandwidth Management & QOS - Is it possible?
Replies: 12
Views: 6454

Re: Bandwidth Management & QOS - Is it possible?

I don't have the expertise to go into depth about QOS (yet), but DNS is a pretty critical service. Everything else depends on it. For the same reason, ICMP and certain types/sizes of TCP packets should have super-high priority. When you want to pull up a web page, even a few hundred milliseconds can...
by troy
Thu Nov 21, 2013 1:17 am
Forum: General
Topic: Bandwidth Management & QOS - Is it possible?
Replies: 12
Views: 6454

Re: Bandwidth Management & QOS - Is it possible?

WhoKnew, I'd imagine that the address list you're asking about, is a catch-all list that includes the IPs and/or subnets all his clients are on. This is how I do it, anyways... list for all subnets on the network, different lists for different nat pools, list for different bandwidth classes, list fo...
by troy
Wed Nov 20, 2013 9:19 pm
Forum: General
Topic: Bandwidth Management & QOS - Is it possible?
Replies: 12
Views: 6454

Re: Bandwidth Management & QOS - Is it possible?

Seriously, I'm lost... not sure why all this isn't working. Here, I mangle. It works and works great. (there are actually some other rules that catch unlisted addresses and gives them a default packet-mark) /ip firewall mangle add action=mark-packet chain=prerouting in-interface=LAN_Bridge new-packe...
by troy
Sat Nov 16, 2013 4:00 pm
Forum: General
Topic: Bandwidth Management & QOS - Is it possible?
Replies: 12
Views: 6454

Bandwidth Management & QOS - Is it possible?

For bandwidth management, we've been using a Queue Tree with PCQ. We have 3 different bandwidth packages, and each user (by IP) is in an appropriate address list. The parent queue limits bandwidth to 40/8 (off a Comcast 50/10 connection). With peak usage at just under 30M, this has been working awes...
by troy
Tue Nov 05, 2013 11:16 pm
Forum: General
Topic: CCR1036-12G-4S / ROS 6.5 / Weirdness
Replies: 0
Views: 529

CCR1036-12G-4S / ROS 6.5 / Weirdness

I've been beating my head on this one for hours. Time to give up and go home. [admin@MikroTik] > ip address add address=xx.yyy.170.50/30 interface=ether1 [admin@MikroTik] > ping xx.yyy.170.49 HOST SIZE TTL TIME STATUS xx.yyy.170.49 56 255 2ms xx.yyy.170.49 56 255 2ms xx.yyy.170.49 56 255 2ms sent=3 ...
by troy
Fri Jul 05, 2013 10:22 pm
Forum: Wireless Networking
Topic: Metal2SHPn WLAN dies
Replies: 2
Views: 877

Re: Metal2SHPn WLAN dies

Check out my thread on this. MT is aware, and I'm hoping that more people will report their failing units.

Check tool/profile and see if the wireless process is at about 50% CPU, generate a SUPOUT file and send it to MT.

http://forum.mikrotik.com/viewtopic.php?f=7&t=74191
by troy
Thu Jul 04, 2013 7:34 pm
Forum: Wireless Networking
Topic: RB Metal AP stability
Replies: 26
Views: 12226

Re: RB Metal AP stability

We finally replaced our Metals with 433/R2SHPn combos, which is about 3x the cost, but is working great. I finally did get a response from MT about the metals. Uldis said the supout shows the it was unable transmit and unable to reset. He's thinking that changing the adaptive-noise-immunity might wo...
by troy
Thu Jul 04, 2013 7:04 pm
Forum: Wireless Networking
Topic: RB Metal AP stability
Replies: 26
Views: 12226

Re: RB Metal AP stability

Hi Metal is a very good equipment , but in my opinion you used it in wrong place !! Metal is 31 dbm high power radio , perfect for long range and long distance but not good for hotspot or multipoint links. Metal has only 400 mhz CPU and 64 MB ram. you should use use a board with powerful cpu and ra...
by troy
Wed Jun 26, 2013 5:10 pm
Forum: Wireless Networking
Topic: Mikrotik Groove as a AP
Replies: 2
Views: 1471

Re: Mikrotik Groove as a AP

The metal and the groove are different units. Not sure what you're actually working with, but I have a pair of Metals that are experiencing the same behavior. I've had a ticket open with MT for a couple weeks now, but am getting no response from them. I started a new thread about this here: http://f...
by troy
Wed Jun 26, 2013 5:06 pm
Forum: General
Topic: help with mangle rules...
Replies: 3
Views: 1145

Re: help with mangle rules...

Looking at the screenshot, the mangle rule to mark the connection is getting no hits. Something in the previous 45 rules is preventing this mangle rule from doing it's job.
by troy
Wed Jun 26, 2013 4:50 pm
Forum: Wireless Networking
Topic: RB Metal AP stability
Replies: 26
Views: 12226

RB Metal AP stability

All, I've got a site with 3 Metal 2.4Ghz Access Points. All 3 were running 5.25 with 3.07 firmware. They're attached to 15db sector antennas. One unit has 17 clients, another has 9, the 3rd is empty at the moment. The wireless process on these units is locking up at 50% CPU, dropping all clients and...
by troy
Wed Jun 26, 2013 4:01 pm
Forum: Forwarding Protocols
Topic: ISP Router Configuration
Replies: 1
Views: 3011

Re: ISP Router Configuration

Without knowing what the topology looks like under that dark cloud, it's hard to tell you the best solution. You can do the 1:1 NAT as you suggested, but there are other ways that might be preferable. If your infrastructure is in place using RFC address space, you can do this by putting a /32 on eac...
by troy
Tue Jun 18, 2013 11:08 pm
Forum: General
Topic: Load balancing over 2 gateways & multiple subnets on rb1100
Replies: 4
Views: 2486

Re: Load balancing over 2 gateways & multiple subnets on rb1

The wiki article uses 1 LAN and 2 WAN connections. You can do any number of internal/external interfaces you want, just add more mangle rules. On the LAN side, you might be able to get around this by specifying src-address-list instead of the in-interface. We have a /29 on one WAN and a /28 on the o...
by troy
Wed Jun 12, 2013 1:39 am
Forum: General
Topic: Bandwidth Test and NAT?
Replies: 2
Views: 1843

Re: Bandwidth Test and NAT?

Almost another year later, and not a single response? Really?
by troy
Sun Jun 09, 2013 7:03 pm
Forum: Wireless Networking
Topic: High Density Tower Config
Replies: 3
Views: 1387

High Density Tower Config

I'm looking at a tower with 6 sectors at 10Mhz each (3v/3h). Here's some stats on one of those sectors, the others look similar. There is a total of about 170 subscribers right now. 802.11g - 4.5/9/18/24/27 (10mhz rates) 30 Clients (3@18, 5@24, 22@27) 18.9Mbit/s interface potential (based on associa...
by troy
Thu Jun 06, 2013 6:25 am
Forum: General
Topic: Load balancing over 2 gateways & multiple subnets on rb1100
Replies: 4
Views: 2486

Re: Load balancing over 2 gateways & multiple subnets on rb1

First, on the RB1100, consider using ports 11 and 12 for your upstream connections. Due to the architecture of the board, you'll almost certainly get better performance. Second, to answer your question on the load balancing, check out the wiki article on pcc . It works very well, I have a site fed b...
by troy
Thu Jun 06, 2013 4:03 am
Forum: Wireless Networking
Topic: A/N and B/G/N radios with manually configured data rates
Replies: 3
Views: 1788

Re: A/N and B/G/N radios with manually configured data rates

Thanks for that. Will test this as soon as I have a chance. Have a great mix of clients to test against, and want to squeeze every bit I can out of my APs.

-Troy
by troy
Tue Jun 04, 2013 6:13 am
Forum: General
Topic: pcq-burst-time broken?
Replies: 0
Views: 534

pcq-burst-time broken?

Testing PCQ/Simple Queues on ROS 6.0 on RB1100AH /queue type add kind=pcq name=pcq-test pcq-burst-rate=6M pcq-burst-threshold=1M \ pcq-burst-time=2m pcq-classifier=src-address pcq-dst-address6-mask=64 \ pcq-rate=2M pcq-src-address6-mask=64 /queue simple add name=test-down packet-marks=test_down queu...
by troy
Fri May 10, 2013 4:26 pm
Forum: Wireless Networking
Topic: A/N and B/G/N radios with manually configured data rates
Replies: 3
Views: 1788

A/N and B/G/N radios with manually configured data rates

All, In the past, I've been able to configure A and G radios with custom data rates that drastically improved performance. In this set up, I would disable all the 'B' rates, 6Mb and 9Mb rates and set the basic rate to 12Mb. With the new 802.11n radios, I can still do this as long as I set the radios...
by troy
Tue Jan 08, 2013 1:35 pm
Forum: Virtualization
Topic: Metarouter stability on RB800, RB1100, RB1100AH
Replies: 42
Views: 14786

Re: Metarouter stability on RB800, RB1100, RB1100AH

Ugh... I hate necro-posting, but it's related... RB1100AH ROS 5.18. Have a metarouter running for testing certain network functions (not doing any real work). Have had 3 lockups in the last 6 months or so. Several other RB1100 and RB1100AH running without a hiccup. Ethernet interfaces are still up (...
by troy
Mon Jan 07, 2013 11:38 pm
Forum: Wireless Networking
Topic: Wireless issue between RB711UA-2HnD and RB711-2HnD
Replies: 1
Views: 718

Wireless issue between RB711UA-2HnD and RB711-2HnD

All, I'm having an issue with a RB711UA-2HnD. Clients can associate, even up to about a -55/-57 and -56/-58, but the data rate is coming in at 1M/1M. As soon as I ping the CPE, the rates will increase to 5.5, 6, 6.5 or something. Pings look OK. As soon as I put a load on it (500 byte packets), the c...
by troy
Thu Sep 13, 2012 6:37 pm
Forum: Wireless Networking
Topic: Restricting customer to single device on the network
Replies: 5
Views: 1386

Re: Restricting customer to single device on the network

That's where I'm at right now, but don't want to get stuck in a position where a customer has to call in any time they want to change their equipment. To put this into perspective, when I connect a device to my cable modem from Comcast, it works. If I attach multiple devices via a switch, only the f...
by troy
Thu Sep 13, 2012 3:12 pm
Forum: Wireless Networking
Topic: Wireless Model
Replies: 5
Views: 1676

Re: Wireless Model

The system/antenna you choose will make little difference. 2.4/5.8 will not make a huge difference either when it comes to providing access to laptops and other consumer devices. They all have a limited range. I mention the groove only because it's a very low cost solution and available in either L3...
by troy
Wed Sep 12, 2012 9:12 pm
Forum: General
Topic: What do you all think of the EdgeRouter?
Replies: 21
Views: 4066

Re: What do you all think of the EdgeRouter?

I think I'll wait for the 'counterfeits' to flood the market before I buy any. :lol:
by troy
Wed Sep 12, 2012 8:44 pm
Forum: General
Topic: Check IP and Update
Replies: 5
Views: 1346

Re: Check IP and Update

This part of the script is what updates the NAT rules: :foreach rule in=[/ip firewall nat find dst-address=$currentIP] do={ /ip firewall nat set $rule dst-address=$myIP; } To update an address list, you'll need to rewrite this to find and update appropriate entries in your address list. It will not ...
by troy
Wed Sep 12, 2012 8:20 pm
Forum: Wireless Networking
Topic: Wireless Model
Replies: 5
Views: 1676

Re: Wireless Model

The GrooveA combined with a 5db omni antenna would probably be the least expensive to start with, but any MT device with a Level-4 license will work. 400m is too much for a laptop though. You'll be lucky to get 40m indoors and 90m outdoors. In an outdoor network, a laptop might see an AP from 2-3km ...
by troy
Wed Sep 12, 2012 6:09 pm
Forum: General
Topic: Check IP and Update
Replies: 5
Views: 1346

Re: Check IP and Update

This should get you started... :global currentIP; :local tmpIP [/ip address get [find interface="WAN"] address]; :local myIP [:pick $tmpIP 0 [:find $tmpIP "/"]]; :if ($myIP != $currentIP) do={ :log info "WAN IP address changed from $currentIP to $myIP" :foreach rule in=[/ip firewall nat find dst-add...
by troy
Wed Sep 12, 2012 6:04 pm
Forum: Beginner Basics
Topic: Load balancing with pcc + queue trees ?
Replies: 9
Views: 10888

Re: Load balancing with pcc + queue trees ?

I struggled with this as well and came up with a very similar solution. I added some mangle rules to bypass the PCC to mark connections/routes for clients that had a static 1:1 NAT. Next up, how would we integrate QOS into this? I'd like to prioritize ssh/telnet, gaming, web, mail, and other sets. I...
by troy
Tue Sep 11, 2012 5:24 pm
Forum: Wireless Networking
Topic: Restricting customer to single device on the network
Replies: 5
Views: 1386

Re: Restricting customer to single device on the network

I'm not sure I follow the logic of that suggestion. Setting ttl=1 will break legit customers running a router and using a single connection to the network, while still allowing bad users to attach multiple devices behind the bridge. Good: L3GW -> * -> AP -> CPE -> Customer Router -> (I don't care) B...
by troy
Tue Sep 11, 2012 12:02 am
Forum: Wireless Networking
Topic: Restricting customer to single device on the network
Replies: 5
Views: 1386

Restricting customer to single device on the network

I'm desperately trying to find a way to prevent customers from attaching multiple devices directly to my network, but I'm not having much luck. I thought that station-pseudobridge mode would do the trick, and while it's close, this is still not a suitable solution for my purposes, as I can still see...
by troy
Fri Aug 31, 2012 4:37 pm
Forum: Beginner Basics
Topic: Can't change newly set password.
Replies: 8
Views: 2208

Re: Can't change newly set password.

If you can't use the /password command, just set it directly through /user set 0 password=
by troy
Fri Aug 31, 2012 4:05 pm
Forum: Beginner Basics
Topic: MAC filtering
Replies: 3
Views: 932

Re: MAC filtering

+1 To expand on this, I'd like to see a robust suite of Layer 2 management tools. In my situation, I'd like to be able to limit a client connection to a single MAC address on any interface (on the AP, on a per-connection basis). I'd also like to see a Layer 2 address lists and an analog for PCQ, whi...
by troy
Mon Aug 27, 2012 5:12 pm
Forum: Scripting
Topic: Dyndns.org script, now to remove all log info ?
Replies: 19
Views: 7484

Re: Dyndns.org script, now to remove all log info ?

As far as I know, yes. A query to an outside server would be about the only way to do it.

Does the Siemens not have support for dynamic DNS?

Have you considered using OpenWRT on it? With this, you can have a shell and write any sort of script you want to do anything you need.
by troy
Thu Aug 23, 2012 4:28 pm
Forum: Scripting
Topic: Dyndns.org script, now to remove all log info ?
Replies: 19
Views: 7484

Re: Dyndns.org script, now to remove all log info ?

i think you didnt understand original poster correctly - he removed all ":log" commands, but command "/tool fetch" produces log entry that cant be removed. so log still gets filled with those "fetch: file temp.txt created" messages. Preventing the fetch from creating a log entry would be something ...
by troy
Tue Aug 07, 2012 12:54 pm
Forum: Beginner Basics
Topic: MK problem with routing
Replies: 2
Views: 815

Re: MK problem with routing

Hi, I have a problem with routing to the internet. Can you help me solved my problem? [xxx@MikroTik] /ip address> print Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK INTERFACE 0 ;;; 192.168.1.1/32 255.255.255.0 Vnitrni 1 ;;; INTERNET 10.5.127.202/32 255.255.255.252 01_Vnejsi I can...
by troy
Sun Aug 05, 2012 2:40 am
Forum: General
Topic: Dynamic PCQ?
Replies: 0
Views: 480

Dynamic PCQ?

I'm trying to figure out if it would be possible to get user bandwidth information from radius (via DHCP) so that the router can add the client's IP to an appropriate address list, which in turn would be used by mangle in order to get the client into the proper PCQ. I know I can use the mikrotik-rat...
by troy
Mon Jul 09, 2012 12:58 pm
Forum: General
Topic: QT & PCQ - Flatline at wrong speed
Replies: 0
Views: 412

QT & PCQ - Flatline at wrong speed

I have the following queue tree in place: /queue tree add max-limit=14M name=total_down parent=global-out add max-limit=1536k name=total_up parent=global-out add name=Silver_Upload packet-mark=Silver_Upload parent=total_up queue=pcq_silver_up add name=Silver_Download packet-mark=Silver_Download pare...
by troy
Sat Jun 16, 2012 5:50 pm
Forum: General
Topic: torch stops automatically.
Replies: 1
Views: 663

Re: torch stops automatically.

Did you ever get an answer to this? I've run torch for hours in the past, but now it stops after just a few seconds. I'm looking at a RB493AH with ROS 5.15.
by troy
Sat May 19, 2012 3:35 am
Forum: General
Topic: queue tree whitout any limit, just priority.
Replies: 14
Views: 2365

Re: queue tree whitout any limit, just priority.

The stuff posted on that page works great as-is, but the OP was asking about being able to do it without first defining the amount of bandwidth available on the link. In other words, he doesn't care how much bandwidth is being used, but he wants to give different priorities to different types of tra...
by troy
Fri May 18, 2012 2:56 pm
Forum: RouterBOARD hardware
Topic: SFP module
Replies: 101
Views: 63095

Re: SFP module

Some of you have mentioned getting dirt cheap SFPs. Anyone care to share their sources?

Thanks,

-Troy
by troy
Tue May 15, 2012 6:31 pm
Forum: RouterBOARD hardware
Topic: SFP module
Replies: 101
Views: 63095

Re: SFP module

I would love to test. I have a variety of 155M SFPs that are itching to get used.

Who's got the 2011 in the US? I want one, and I want it today (well, tomorrow with next-day shipping).

-Troy

EDIT: nevermind... apparently, we're still waiting for FCC approval
by troy
Tue May 15, 2012 4:02 pm
Forum: RouterBOARD hardware
Topic: Request - Cloud Edge Router
Replies: 2
Views: 1136

Request - Cloud Edge Router

OK, I know this forum is 100% unofficial, but I thought I'd drop this here anyways... We all know MT is working on their Cloud Core Router, which looks pretty impressive on paper. I can't wait to see this thing in action. Now, how about engineering a customer edge router, with 24 100Mbit/s ports (SF...
by troy
Thu Mar 01, 2012 7:57 pm
Forum: RouterBOARD hardware
Topic: ETA on RB2011?
Replies: 39
Views: 9949

Re: ETA on RB2011?

Now it's March...
by troy
Wed Feb 15, 2012 6:58 pm
Forum: General
Topic: v5.13 released
Replies: 64
Views: 9582

Re: v5.13 released

Happen to have a RB751 sitting on my desk this morning, so I thought I'd play with SMB and see if I couldn't figure it out. Unfortunately, ROS says my drive is invalid. Weird, it works great under Windows 7 and Ubuntu 11.10. MT, if you're going to add SMB support for home users, you probably need to...
by troy
Wed Feb 15, 2012 5:55 pm
Forum: General
Topic: Bridge Issue/Question
Replies: 5
Views: 1523

Re: Bridge Issue/Question

You show ether3 in the bridge group, which conflicts with the desired configuration you posted. An oversight, I'm sure. Onto the bridge... this gets fun. When you add an IP address to an interface, it belongs to that interface. However, if you then stick that interface into a bridge group, the IP ad...
by troy
Wed Feb 15, 2012 5:37 pm
Forum: Wireless Networking
Topic: VLANs and Virtual AP's
Replies: 30
Views: 44071

Re: VLANs and Virtual AP's

I've pulled my hair out more than once when trying to attach multiple vlan interfaces to a physical interface. I gave up and put the vlans on a bridge instead. Here's a model that should get you going: vlan_bridge.png vlan100 and vlan200 are attached to the lan_bridge, then included as ports in thei...
by troy
Wed Feb 15, 2012 4:38 pm
Forum: Scripting
Topic: Dyndns.org script, now to remove all log info ?
Replies: 19
Views: 7484

Re: Dyndns.org script, now to remove all log info ?

My IP is pretty stable, so that html file only gets re-written a few times a year. It's annoying to see it, but not a huge issue for me. Try something like this in the script to remove it: /file remove [/file find name~"update.php.*"] That's a very simple match, adjust the regex to suit your needs.
by troy
Tue Feb 14, 2012 8:15 pm
Forum: RouterBOARD hardware
Topic: RB1200 ROS 5.12 bootloader 2.38 issue.
Replies: 6
Views: 2583

Re: RB1200 ROS 5.12 bootloader 2.38 issue.

I have one RB1200 exhibiting this same behavior. I had to yank the power when I did the initial upgrade in the office (5.3 or 5.4?). I discounted it as a fluke. Then after deployment, I did a remote upgrade to 5.7 and ended up having to drive out to yank the power. It's now on 5.7 for the last 120 d...
by troy
Tue Feb 14, 2012 4:03 pm
Forum: General
Topic: Export compact (new in v5.12)
Replies: 76
Views: 37420

Re: Export compact (new in v5.12)

2) why the current default of unicast is not good enough, also, NTP server on the RouterOS defaults to unicast mode and additional modes (broadcast, multicast and manycast) can be enabled in addition to unicast. So now the only thing that you have to do is to set up ntp-client to get the time, enab...
by troy
Mon Feb 13, 2012 9:32 pm
Forum: General
Topic: Export compact (new in v5.12)
Replies: 76
Views: 37420

Re: Export compact (new in v5.12)

2 items i noticed...

DNS and NTP settings are not being marked as dynamic when they're set by dhcp-client, and are therefore included in a compact export.

This goes off topic, but while I'm talking about setting NTP via DHCP, it might be a good idea if the client was enabled and set to broadcast (
by troy
Tue Feb 07, 2012 6:23 pm
Forum: Wireless Networking
Topic: Vlans over wireless
Replies: 3
Views: 3180

Re: Vlans over wireless

Wow, what a great time to start using the export compact :)

I can't help, but I'm curious... what wireless protocol are you using (802.11/nv2/nstreme?), what are the signal levels, and what does the log say about the wireless disconnects?
by troy
Mon Feb 06, 2012 6:47 pm
Forum: Forwarding Protocols
Topic: Problem with Bridge or VPLS?
Replies: 1
Views: 1266

Problem with Bridge or VPLS?

Ok, so I set up my new network... looks like this: network extension.png R1/2/3/4 = RB1200 w/ROS 5.12 AP1/2/3 = RB435 w/ROS 5.12 R1 config: /interface bridge add name=vlan_bridge protocol=rstp /interface bridge port add bridge=vlan_bridge interface=ether6 horizon=1 add bridge=vlan_bridge interface=v...
by troy
Mon Feb 06, 2012 5:01 pm
Forum: Beginner Basics
Topic: Timing
Replies: 7
Views: 1168

Re: Timing

When you add that rule, where does it appear?

Rule #185 is permitting this client's traffic, if your rule to block traffic appears after, it won't be seen since the traffic has already been accepted.
by troy
Mon Feb 06, 2012 4:54 pm
Forum: General
Topic: Export compact (new in v5.12)
Replies: 76
Views: 37420

Re: Export compact (new in v5.12)

MT Guys: Thank you so much for the compact exports. Much easier to see what's what! How about a feature in The Dude to manage configurations? If The Dude senses that a router's config has changed, have it automatically pull that config and store it. Put a tftp client in ROS so that we can save a con...
by troy
Sun Feb 05, 2012 6:47 pm
Forum: Beginner Basics
Topic: Forcing Users to use your DHCP Only but not the Servers
Replies: 6
Views: 1110

Re: Forcing Users to use your DHCP Only but not the Servers

Just to add my 2 cents... Starting with a /24, I'll generally allocate the top /25 (.128-.254) as a DHCP pool (I use clean subnets to make things easier when building address lists or matching IPs). The bottom /25 will be reserved for servers, routers, switches, access points, phones, printers, etc....
by troy
Sun Feb 05, 2012 6:35 pm
Forum: Beginner Basics
Topic: MikroTik - uTorrent behing NAT does not work
Replies: 9
Views: 9278

Re: MikroTik - uTorrent behing NAT does not work

Dunno what solution you found, but here's my setup:
/ip upnp
set allow-disable-external-interface=no enabled=yes
/ip upnp interfaces
add interface=wan type=external
add interface=lan type=internal
I get lots and lots of dynamic nat rules from utorrent and other applications. Works a treat!
by troy
Fri Feb 03, 2012 7:39 pm
Forum: Beginner Basics
Topic: how
Replies: 3
Views: 870

Re: how

Assuming that tplink's WDS implementation is compatible with MT's implementation, then all you should need to do, is enable WDS on the MT.
/int wireless set 0 wds-mode=dynamic wds-default-bridge=bridge1
Good luck!
by troy
Wed Feb 01, 2012 12:17 am
Forum: General
Topic: 62.149.12.108
Replies: 6
Views: 1063

Re: 62.149.12.108

I'm glad you found the source. However, I gotta ask... how is this customer routing his internal addresses over your network? He should be doing his own NAT. On your NAT router, add a filter to only allow those subnets that you've set up for customer access. On my network, I have hundreds of subnets...
by troy
Tue Jan 31, 2012 7:57 pm
Forum: General
Topic: 62.149.12.108
Replies: 6
Views: 1063

Re: 62.149.12.108

Do you see those same IP addresses if you run torch on your wireless interface?

Try putting an address on ether1, such as 192.168.1.250/24, and see if you can ping those addresses or at least get their associated MAC addresses.
by troy
Tue Jan 31, 2012 7:17 pm
Forum: General
Topic: 62.149.12.108
Replies: 6
Views: 1063

Re: 62.149.12.108

You need to provide quite a bit more information, start with this:

/interface print
/ip address print
/ip route print

The arp table might also help:

/ip arp print
by troy
Tue Jan 31, 2012 3:22 pm
Forum: Scripting
Topic: Dyndns.org script, now to remove all log info ?
Replies: 19
Views: 7484

Re: Dyndns.org script, now to remove all log info ?

Run it every 5 seconds, 5 minutes, or 5 hours... don't fetch unless the IP has changed. Here's the script I use and run every 5 minutes. The current IP is stored and used to compare next time the script is run. :global currentIP; :local tmpIP [/ip address get [find interface="WAN"] address]; :local ...
by troy
Mon Jan 30, 2012 10:27 pm
Forum: General
Topic: masq with a /32 address?
Replies: 5
Views: 1041

Re: masq with a /32 address?

Well, here's what I did, and it works! First, /32 routing... I found this post , which explains how to do it. The beauty on this, is that I can utilize a /28 (or whatever sized network) in multiple locations, as the shortest prefix is always preferred. So, on my gateway: /ip address add address=12.3...
by troy
Fri Jan 13, 2012 10:45 pm
Forum: General
Topic: Am I the first to blow up a RB1200 or RB435?
Replies: 2
Views: 699

Re: Am I the first to blow up a RB1200 or RB435?

Hi, The best we have found so far for passive gigabit are the following - Link - http://www.l-com.com/item.aspx?id=31857 From the pic, it seems that your patch cords are not grounded/shielded. As far as I know you need to have the whole path grounded otherwise you shall surely have ESD problems. Rg...
by troy
Fri Jan 13, 2012 4:50 pm
Forum: General
Topic: Am I the first to blow up a RB1200 or RB435?
Replies: 2
Views: 699

Am I the first to blow up a RB1200 or RB435?

Wow, not often we see lightning in January, but we got it. I won't even go into how frustrating it is that it happened less than 2 weeks after going live. Here's the RB1200 and GigE injector: scorched.png I can't say for certain, but it looks like the strike was on the 435, blew out the 1200 and som...
by troy
Sat Dec 31, 2011 5:33 pm
Forum: General
Topic: RB1200 Throughput
Replies: 1
Views: 1552

RB1200 Throughput

All, We're finishing up a new install with 5 licensed links using the RB1200 at each site. From Site to Site, RB1200 bandwidth test caps out at 170Mbit/s. I don't yet know if this is a limit on the RB itself or if it's a limitation on the DragonWave systems. Honestly though, I never did try a bandwi...
by troy
Fri Dec 30, 2011 8:14 pm
Forum: General
Topic: masq with a /32 address?
Replies: 5
Views: 1041

masq with a /32 address?

All, In order to conserve IP addresses (we have very few), I'd like to find a way to get masq working on a /32 address. With initial testing, if I put a /32 address on a loopback (bridge), all incoming stuff, including dst-nat works great, but I've been unable to get masq to work. I can't seem to fi...
by troy
Thu Dec 15, 2011 10:12 pm
Forum: Forwarding Protocols
Topic: OSPF not working after reboot
Replies: 2
Views: 993

Re: OSPF not working after reboot

Nope, it's just the one on a /30 PtP link
by troy
Thu Dec 01, 2011 11:30 pm
Forum: Forwarding Protocols
Topic: OSPF not working after reboot
Replies: 2
Views: 993

OSPF not working after reboot

I have 2 routers, both running 5.9. This particular problem though, has been around since at least 4.11 or so. This problem is only happening between these two units and I'm unable to reproduce it anywhere else. PTP, SR5, 38km, nv2, -54db, AP/Station modes. When the station reboots (for any reason),...
by troy
Tue Nov 22, 2011 1:00 pm
Forum: General
Topic: UPS Monitoring
Replies: 18
Views: 3008

Re: UPS Monitoring

Yeah, I've looked at those. The problem, is that the wiki tells me that I can monitor it directly using an appropriate serial cable.
by troy
Fri Nov 18, 2011 11:19 pm
Forum: RouterBOARD hardware
Topic: ETA on RB2011?
Replies: 39
Views: 9949

ETA on RB2011?

I'm curious to know the ETA on the 2011. We're very interested in deploying this as the CPE on our FTTH project, and likely as an option for customers on the wireless side of the house.

Thanks,

-Troy
by troy
Fri Nov 18, 2011 10:20 pm
Forum: General
Topic: UPS Monitoring
Replies: 18
Views: 3008

UPS Monitoring

According to the manual, I should be able to monitor any SmartUPS or BackUPS PRO. Using a RB1200 w/ROS 5.8, I tested against the SC450RM1U using the serial cable provided by APC. This worked perfectly. I tested a 2nd UPS, the SMT1000RM2U, which comes with a serial cable that's DB9 to RJ45. I've had ...
by troy
Wed Oct 26, 2011 4:46 pm
Forum: General
Topic: Mikrotik + Radius + Security
Replies: 2
Views: 1919

Re: Mikrotik + Radius + Security

Ah, the old CHAP vs PAP argument. Unfortunately, there's no easy answer to this one, but for discussions, Google is your friend. With CHAP, you are as secure as the machine storing the passwords. A clear-text password is never present at any portion of your network, so it can never be sniffed. Howev...
by troy
Tue Oct 18, 2011 6:21 pm
Forum: Beginner Basics
Topic: System time set
Replies: 5
Views: 826

Re: System time set

No problem. Routerboards do not have a real time clock. You need to configure your time servers under system/sntp.
by troy
Fri Sep 23, 2011 3:35 pm
Forum: Beginner Basics
Topic: Get to dyndns hostname from lan
Replies: 6
Views: 1130

Re: Get to dyndns hostname from lan

Pog,

Are you sure name resolution is the problem? Check out the wiki article on hairpin nat.

http://wiki.mikrotik.com/wiki/Hairpin_NAT
by troy
Fri Sep 23, 2011 3:05 pm
Forum: General
Topic: Feature Request - Winbox Button
Replies: 9
Views: 3559

Re: Feature Request - Winbox Button

no, Dude can't connect winbox to a router inside some private network, also the terminal doesn't work that way. The Dude "Tools' are just shortcuts to the Winbox or Terminal program, with the IP address that you specified in the device settings. Normis, I KNOW that The Dude cannot connect winbox to...
by troy
Thu Sep 22, 2011 5:43 pm
Forum: General
Topic: Feature Request - Winbox Button
Replies: 9
Views: 3559

Re: Feature Request - Winbox Button

if you can port-forward dude, why can't you do the same for winbox? I'm not sure I follow. Sure, I can forward port 8291 to one of my MT boxes... now, what do I do about the other 98 units I might need to access? Tell me, how does 'Terminal' work through The Dude? I can right-click on any MT device...
by troy
Fri Sep 16, 2011 5:11 pm
Forum: General
Topic: RouterOS v5.7 released
Replies: 227
Views: 72509

Re: RouterOS v5.7 released

Are you still considering improvements in VLAN management in both the switch and bridge? Ticket#2011072966000478 I've nearly convinced everyone here that we don't need to spend big money on Cisco switches when MT will do the trick, but not being able to restrict VLAN trunking without creating 2 rule...
by troy
Fri Sep 02, 2011 6:05 pm
Forum: General
Topic: Feature Request - Winbox Button
Replies: 9
Views: 3559

Re: Feature Request - Winbox Button

these tools are ran within the winbox. while other winbox cannot be ran inside other one. So, the best option is to use the Dude, if you require management over large network. just install server somewhere, make network map (you do not have to actually have to have a lot of probes to monitor someht...
by troy
Mon Aug 15, 2011 5:53 pm
Forum: Forwarding Protocols
Topic: Troy's Adventures in MPLS, VPLS, and BGP
Replies: 8
Views: 4119

Re: BGP VPLS - tunnels not running

If you still have to enable LDP on every interface on every router, then what's the advantage of BGP? I can add LDP tunnels as easily as BGP tunnels, and LDP tunnels eliminate the 3rd party interaction with the BGP routing process. So, what's the advantage of BGP again? Since BGP VPLS deals with au...
by troy
Sun Aug 14, 2011 1:26 am
Forum: Forwarding Protocols
Topic: Troy's Adventures in MPLS, VPLS, and BGP
Replies: 8
Views: 4119

Re: Troy's Adventures in MPLS, VPLS, and BGP

Well, I tried to do a little more work on this before calling it a day, but when I tried to add ether1 to the LDP interface on 2 different routers, it kept coming up as invalid. I'm seriously at a loss as to what's going on here, and I can't exactly wipe out the config on these units, as they both h...
by troy
Sat Aug 13, 2011 11:23 pm
Forum: Forwarding Protocols
Topic: Troy's Adventures in MPLS, VPLS, and BGP
Replies: 8
Views: 4119

Ok, so I'm just going to keep talking to myself. The problem, it seems, is that the system mtu on the switch was set to 1500. I raised it to 1600, and we're good to go. I'm not sure I understand why this makes a difference, as I'm not using MPLS, VPLS, or any of that crud to communicate with the rou...
by troy
Fri Aug 12, 2011 4:03 pm
Forum: Forwarding Protocols
Topic: Troy's Adventures in MPLS, VPLS, and BGP
Replies: 8
Views: 4119

Re: BGP VPLS - tunnels not running

A couple questions on this... If you still have to enable LDP on every interface on every router, then what's the advantage of BGP? I can add LDP tunnels as easily as BGP tunnels, and LDP tunnels eliminate the 3rd party interaction with the BGP routing process. So, what's the advantage of BGP again?...
by troy
Thu Aug 11, 2011 9:26 pm
Forum: Forwarding Protocols
Topic: Troy's Adventures in MPLS, VPLS, and BGP
Replies: 8
Views: 4119

Re: BGP VPLS - tunnels not running

How about MPLS and LDP? Do you have full MPLS connectivity and label exchange between your routers? I'm not sure what you mean by "full MPLS connectivity." Every router on my network has MPLS installed. As for the LDP, I don't want LDP, I'm using BGP (see the name of the thread). The BGP VPLS tunne...
by troy
Wed Aug 03, 2011 7:56 pm
Forum: Forwarding Protocols
Topic: Troy's Adventures in MPLS, VPLS, and BGP
Replies: 8
Views: 4119

Troy's Adventures in MPLS, VPLS, and BGP

Title says it all. I got the BGP up and running as per the docs in the wiki, the dynamic vpls tunnels are created and added to the bridge, but they never get to a running state. Here's the gory details: RB1200 > RB435 > RB435 > RB1200 (all running ROS 5.5 and all connections are GigE) IP addresses o...
by troy
Tue Aug 02, 2011 3:55 pm
Forum: General
Topic: VLAN Trunking on RB1200
Replies: 2
Views: 1108

Re: VLAN Trunking on RB1200

I'd really like to hear thoughts from others on this... now, I know that a vlan-per-customer is not a very good way to design a network, but it's what I was given and what I have to work with. Hello Troy, You can configure bridge. Accept the traffic that need to be forwarded through certain ports an...
by troy
Thu Jul 28, 2011 10:28 pm
Forum: General
Topic: VLAN Trunking on RB1200
Replies: 2
Views: 1108

VLAN Trunking on RB1200

Just got my RB1200 and attempting to get it set up for VLAN trunking, but I'm having trouble translating my cisco configuration to MT. For example, I need this at one site: Ether1 - VLAN 1200-1379 (backhaul connection) Ether2 - VLAN 1200-1260 (local access point) Ether3 - VLAN 1200-1260 (local acces...
by troy
Mon Jul 25, 2011 7:18 pm
Forum: General
Topic: Help finding source of packet loss
Replies: 1
Views: 562

Help finding source of packet loss

I'm having trouble tracking down the source of some intermittent packet loss on one part of my network over the past few days (it's been solid for the last several months). 3 RB532A running ROS 5.5, 2 Cisco switches, with wireless (5ghz/nv2) between R1 and R2 (station-bridge mode). C1 > R1 > R2 > C2...
by troy
Wed Jul 20, 2011 7:50 pm
Forum: Forwarding Protocols
Topic: OSPF NBMA
Replies: 2
Views: 1227

Re: OSPF NBMA

5.5 on both sides.. Now for the weird thing... for S&G, I disabled and re-enabled the OSPF instance, and the routes propagated as expected. Now, I can understand restarting OSPF... to a point. That point, is that the change from broadcast to nmba was made on both routers, but I only had to restart o...
by troy
Tue Jul 19, 2011 9:49 pm
Forum: Forwarding Protocols
Topic: OSPF NBMA
Replies: 2
Views: 1227

OSPF NBMA

I'm having a problem with OSPF 12:01:10 route,ospf,info Database Description packet has init bit set in middle of an exchange Station-Bridge side: 12:01:10 route,ospf,info OSPFv2 neighbor 172.17.84.217: state change from Full to Down This is happening several times a day. I tried changing the interf...
  • 1
  • 2