Community discussions

Search found 32 matches

by pmurdock
Tue Oct 08, 2019 9:42 pm
Forum: General
Topic: DHCP Option 82 with Ubiquiti Radios
Replies: 2
Views: 715

Re: DHCP Option 82 with Ubiquiti Radios

I have this same problem.. As soon as DHCP82 is turned on, on the radio the client hardware past the AirMax AC radios can no longer pull DHCP addresses.. It doesn't seem to happen to all routers, but some routers seem to struggle with it.
by pmurdock
Tue Oct 08, 2019 5:22 pm
Forum: Forwarding Protocols
Topic: Core DHCP-RADIUS / MPLS/VPLS+VLAN
Replies: 2
Views: 706

Core DHCP-RADIUS / MPLS/VPLS+VLAN

Trying to conceptutally work this out. I have VPLS tunnels working to the CORE DHCP server.. RADIUS is working by DHCP auth to a freeradius 3.0 server. I would like to take this to the next level.. :) have RADIUS/DHCP hand out public ip's vs CGNAT ip's based on customer service level. At first I tho...
by pmurdock
Sun Sep 29, 2019 8:03 am
Forum: General
Topic: IPv6 & DHCP-PD server (offer different prefix sizes)
Replies: 0
Views: 273

IPv6 & DHCP-PD server (offer different prefix sizes)

Seems like we should be able to offer multiple prefix sizes so that DHCP-PD clients can put a prefix-hint and get either a /56, /60, or /64 (default).. How can we set this up? It looks like on Mikrotik 6.45.6 (latest) we can only assign one IPv6 pool to a dhcp server on an interface.. and we can onl...
by pmurdock
Sun Sep 01, 2019 10:03 pm
Forum: RouterBOARD hardware
Topic: CWDM (one side), SFP wavelength specific on other end [SOLVED]
Replies: 3
Views: 770

Re: CWDM (one side), SFP wavelength specific on other end [SOLVED]

For further light and knowledge concerning how to do the type of application where you are adding/dropping wavelengths at specific customers sites, you should use F-OADM and ROADM units. "O"pitcal "A"dd "D"rop "M"ultiplexer.. So while the Mikrotik CWDM can multiplex, it's not the prescribed way to d...
by pmurdock
Sat Aug 31, 2019 6:01 am
Forum: RouterBOARD hardware
Topic: CWDM (one side), SFP wavelength specific on other end [SOLVED]
Replies: 3
Views: 770

Re: CWDM (one side), SFP wavelength specific on other end [SOLVED]

Excellent description. Understood, and it makes sense.
by pmurdock
Fri Aug 30, 2019 5:17 pm
Forum: RouterBOARD hardware
Topic: CWDM (one side), SFP wavelength specific on other end [SOLVED]
Replies: 3
Views: 770

CWDM (one side), SFP wavelength specific on other end [SOLVED]

It seems like it would be possible to just use one CWDM mux (dual fiber) in the server room, and then if you daisy chain that fiber to multiple locations just pull off the specific wavelength using Mikrotik's wavelength specific SFP's.. Would that be a correct assessment? I see most diagrams needing...
by pmurdock
Sun Jul 28, 2019 1:22 am
Forum: General
Topic: DHCP Option 82 with Ubiquiti Radios
Replies: 2
Views: 715

Re: DHCP Option 82 with Ubiquiti Radios

Did you ever find a solution to this problem?

I have determined that the Mikrotik DHCP server fails to work if the Ubiquiti AP has DHCP option 82 on.
by pmurdock
Wed Jul 24, 2019 12:12 am
Forum: General
Topic: RSTP, when on lose ability to connect by IP to non root switch
Replies: 5
Views: 617

Re: RSTP, when on lose ability to connect by IP to non root switch

Indeed the 60GHz link is a Mikrotik and the 24GHz link is a Mimosa B24.. I don't see any fine control options for STP for the Mimosa, but I can defintely try those things on the Mikrotik 60GHz links.. I'll try and report back. I did notice that RSTP was ON, for the 60GHz links
by pmurdock
Tue Jul 23, 2019 4:30 pm
Forum: General
Topic: RSTP, when on lose ability to connect by IP to non root switch
Replies: 5
Views: 617

Re: RSTP, when on lose ability to connect by IP to non root switch

So - in my mind I think it is an issue with the ROOT BRIDGE not disabling the backup port.. see attached image. 1) In the image below of the ROOT BRIDGE (/interfaces bridge port print) list you can see the paired ports Remote Tower 2 (in our previous example) ether3-ptp-castle-24GHz ether5-ptp-castl...
by pmurdock
Tue Jul 23, 2019 1:39 am
Forum: General
Topic: RSTP, when on lose ability to connect by IP to non root switch
Replies: 5
Views: 617

Re: RSTP, when on lose ability to connect by IP to non root switch

thanks for the response. Some things to be clear about. 1) No VLAN's at all in this setup. 2) root and alternation ports are selected by the switches (non root switches) correctly based on path cost.. 3) pinging stops working INTERMITTENTLY to 10.0.1.10 or 10.0.1.133,etc any switch OTHER than the RO...
by pmurdock
Sat Jul 20, 2019 9:14 pm
Forum: General
Topic: RSTP, when on lose ability to connect by IP to non root switch
Replies: 5
Views: 617

RSTP, when on lose ability to connect by IP to non root switch

I have a scenario with two CRS326 switches that have a dual wireless connections (for redundancy). CRS326 #1 --> port 1 --> 60GHz PTP link --> port 1 --> CRS326 #2 root bridge --> port 2 --> 24GHZ PTP link --> port 2 CRS326 #1 and #2 have IP address on their bridge port (all ports of switches are on...
by pmurdock
Thu Jul 12, 2018 7:47 pm
Forum: Forwarding Protocols
Topic: OSPF overwrite static default-gateway. Possible ?
Replies: 29
Views: 5125

Re: OSPF overwrite static default-gateway. Possible ?

I can confirm this script works a treat.. I can't believe we're here 3 years later with no other viable resolution to the core problem.
by pmurdock
Sun May 21, 2017 9:28 pm
Forum: General
Topic: Internet Speed Test Vs Mikrotik Speed Test Issues
Replies: 2
Views: 917

Re: Internet Speed Test Vs Mikrotik Speed Test Issues

Try turning OFF fast path.. I have numerous rb2011's that for some reason work far better with it off.
by pmurdock
Sat May 20, 2017 4:55 am
Forum: General
Topic: Limit a firewall rule (http redirect) to once per day?
Replies: 1
Views: 313

Limit a firewall rule (http redirect) to once per day?

looking at ways to limit a firewall rule to be executed once per day or every 15 minutes, etc per an address-list.. In this case I want them redirected to a web page reminding them to make payment. I currently use web proxy and a dst-nat rule to accomplish this, but it stays on until I remove them f...
by pmurdock
Sun Jun 19, 2016 7:38 pm
Forum: Forwarding Protocols
Topic: OSPF - Dynamic Connected Route overriding imported OSPF Route - cannot change distance
Replies: 4
Views: 1028

Re: OSPF - Dynamic Connected Route overriding imported OSPF Route - cannot change distance

Ok.. so I haven't found an answer to the issue I have, but I did find a pretty good workaround.

Instead of having the servers on the same subnet that the router IP addresses were I put the servers on a separate subnet and that has solved the issue.
by pmurdock
Sat Jun 18, 2016 5:22 pm
Forum: Forwarding Protocols
Topic: OSPF - Dynamic Connected Route overriding imported OSPF Route - cannot change distance
Replies: 4
Views: 1028

Re: OSPF - Dynamic Connected Route overriding imported OSPF Route - cannot change distance

Ok. Now that I have the diagram up here is a more detailed explanation. PTP #1 goes down (I simply changed the ssid on the AP side so the interfaces are still up just no ip connectivity) Router #2 - routing table gets updated via OSPF and now it wants to send 0.0.0.0/0 traffic to 10.2.2.20.. ok BUT ...
by pmurdock
Sat Jun 18, 2016 5:15 pm
Forum: Forwarding Protocols
Topic: OSPF - Dynamic Connected Route overriding imported OSPF Route - cannot change distance
Replies: 4
Views: 1028

Re: OSPF - Dynamic Connected Route overriding imported OSPF Route - cannot change distance

Attached network diagram. Image uploading stll not working

See google drive link...
Network Diagram
by pmurdock
Sat Jun 18, 2016 5:14 pm
Forum: Forwarding Protocols
Topic: OSPF - Dynamic Connected Route overriding imported OSPF Route - cannot change distance
Replies: 4
Views: 1028

OSPF - Dynamic Connected Route overriding imported OSPF Route - cannot change distance

G'day, I have an OSPF network ring topology setup. I was testing path failover and from an OSPF perspective it works, however locally connected "DAC" routes with a lower Distance (distance of 0) are overriding the imported OSPF routes. I had made a sketch of the network, but for some reason the foru...
by pmurdock
Tue Nov 03, 2015 5:24 am
Forum: Scripting
Topic: how frequently ok to run script (run only on event?)
Replies: 1
Views: 801

how frequently ok to run script (run only on event?)

G'day, So as I understand it there is no way to run a particular script on any type of event (other than using say the LOG watching script). example - ospf primary gateway goes down, every router switches to route 2.. However - they need to switch DNS servers when this happens.. I've found no better...
by pmurdock
Sun Oct 11, 2015 6:03 am
Forum: General
Topic: ethernet ports overrunning - default interface queue (only-hardware-queue) not working well
Replies: 9
Views: 3034

Re: ethernet ports overrunning - default interface queue (only-hardware-queue) not working well

Ok.. did some further research on this.. One question that has come up is how does Mikrotik by default deal with IP packets with a DiffServ Class Select 1 DSCP of 0x08.. ie the lowest priority.. Turns out on my comcast all incoming IP packets are flagged with this DSCP priority of 0x08 whereas by de...
by pmurdock
Sun Oct 04, 2015 10:01 pm
Forum: General
Topic: ethernet ports overrunning - default interface queue (only-hardware-queue) not working well
Replies: 9
Views: 3034

Re: ethernet ports overrunning - default interface queue (only-hardware-queue) not working well

Ok.. so I moved WAN to ether5, and LAN is on SFP.. so we're not messing with any of the switch ports. still problems.. to make matters worse I put in linksys ea3500 and everything magically works.. What the heck is wrong with this CCR1009??? I also use an RB2011 - same problems.. so it's not a speci...
by pmurdock
Sun Oct 04, 2015 9:56 pm
Forum: General
Topic: Distributing IPV6 from a central router
Replies: 5
Views: 668

Re: Distributing IPV6 from a central router

You have to assign your LAN port an address and then it will start assigning IP's by RA.

add the ::/1 address and it will make your LAN port take whatever prefix has been delegated to you.

cheers!
Paul
by pmurdock
Sat Oct 03, 2015 12:50 am
Forum: General
Topic: ethernet ports overrunning - default interface queue (only-hardware-queue) not working well
Replies: 9
Views: 3034

Re: ethernet ports overrunning - default interface queue (only-hardware-queue) not working well

Good point. I just looked at the flow chart for the CCR1009 and I have WAN on port 1 and LAN on SFP port. I'll pop the WAN over to port 5 and see if that works better.
by pmurdock
Fri Oct 02, 2015 5:54 pm
Forum: General
Topic: ethernet ports overrunning - default interface queue (only-hardware-queue) not working well
Replies: 9
Views: 3034

Re: ethernet ports overrunning - default interface queue (only-hardware-queue) not working well

So I've been fiddling with this some more - and although changing to queue type to default-ethernet HELPS with slowness and erratic network behavior - it does not solve the problem. There are still a number of web sites that don't come up completely or streaming that doesn't start, etc.. any suggest...
by pmurdock
Fri Oct 02, 2015 4:29 pm
Forum: General
Topic: OpenVPN server and duplicate packets
Replies: 23
Views: 37316

Re: OpenVPN server and duplicate packets

I got Open VPN working

Couple things just to double check.

1) LZO compression off

2) tls-cipher DEFAULT option had to be set for my android clients
by pmurdock
Thu Oct 01, 2015 7:21 am
Forum: General
Topic: ethernet ports overrunning - default interface queue (only-hardware-queue) not working well
Replies: 9
Views: 3034

ethernet ports overrunning - default interface queue (only-hardware-queue) not working well

Man.. I've been struggling with a CCR1009-8G-1S-1S+PC. have a 300mbps connection.. users behind the router have been getting erratic connections - streaming has had problems, web sites partially come up, etc.. throughput is sometimes good, sometimes terrible. All very erratic.. and I think I've just...
by pmurdock
Tue Sep 22, 2015 8:07 pm
Forum: General
Topic: ip firewall - filter rules - connection not getting added to connection tracking.. possible bug? ospf/vpls network advan
Replies: 2
Views: 490

Re: ip firewall - filter rules - connection not getting added to connection tracking.. possible bug? ospf/vpls network a

Well this brings in an interesting dynamic because the LINK 1 is an MPLS/VPLS connection - but a routed one. I'm not so sure that connection tracking is only for NAT.. the nature of the tracking is I believe also useful for a stateful firewall - which is what I'm trying to accomplish - by tracking s...
by pmurdock
Mon Sep 21, 2015 1:16 am
Forum: General
Topic: ip firewall - filter rules - connection not getting added to connection tracking.. possible bug? ospf/vpls network advan
Replies: 2
Views: 490

ip firewall - filter rules - connection not getting added to connection tracking.. possible bug? ospf/vpls network advan

G'day All, I'm going to try to clearly explain the situations then you can tell me if I'm crazy or not. :) PC -------> Site 1 <--[link 1]---> Site 2 <--[link 2]-----> Site 3 <------- Device I don't want any subnets on site 3 reaching anything on site 2 or site 1. I do want site 1 and 2 to reach all ...
by pmurdock
Fri Apr 08, 2011 1:29 am
Forum: General
Topic: PCI Compliance - DNS server problems
Replies: 5
Views: 3699

Re: PCI Compliance - DNS server problems

Ok this problem has been solved - and the solution was interesting for me. I'll outline what was needed in order to pass the PCI compliance test. So as previously mentioned I was DROPPING packets coming in on the WAN port to port 53 - which was effective in stopping attacks from the WAN side --- HOW...
by pmurdock
Wed Apr 06, 2011 9:18 pm
Forum: General
Topic: PCI Compliance - DNS server problems
Replies: 5
Views: 3699

Re: PCI Compliance - DNS server problems

sorry - should have provided more details results for firewall - filter rules ether1-cox is the WAN-internet port Flags: X - disabled, I - invalid, D - dynamic 3 chain=input action=drop protocol=tcp in-interface=ether1-cox dst-port=53 4 chain=input action=drop protocol=udp in-interface=ether1-cox ds...
by pmurdock
Wed Apr 06, 2011 8:03 pm
Forum: General
Topic: PCI Compliance - DNS server problems
Replies: 5
Views: 3699

PCI Compliance - DNS server problems

Ok - so here's a curiousity - I have a routerboard 433 setup - and we have this company doing an audit of the system - they claim there are 2 critical errors with our setup (that they can see from the outside) they are both related to DNS issues 98.191.121.61 Medium domain (53/udp) DNS Server Cache ...
by pmurdock
Thu Oct 26, 2006 11:52 pm
Forum: General
Topic: Working ok - 2 WAN's - NAT works ok - routing issue?
Replies: 0
Views: 766

Working ok - 2 WAN's - NAT works ok - routing issue?

I have the following setup working - and it's great! ISP1 gateway - 10.0.0.1, ISP2 gateway - 10.0.1.1 ISP1 --> 10.0.0.2 \ prio 1 | --> Mikrotik (192.168.0.0/24) NATTED | (192.168.0.9 is a WEB SERVER - use dst-nat ISP2 --> 10.0.1.2 / forward port 80 to 192.168.0.9) prio 2 All internal LAN machines wo...