Community discussions

Search found 223 matches

by Mplsguy
Mon Oct 16, 2017 11:19 am
Forum: Announcements
Topic: RouterOS (v6.39.3, v6.40.4, v6.41rc) NOT affected by WPA2 vulnerabilities
Replies: 58
Views: 87693

Re: RouterOS NOT affected by WPA2 vulnerabilities

Basically, is it OK to understand Routerboard with AP function as target? If you are using the CAPsMAN function with Rotuerboard without AP function, is this Routerboard also applicable? Actually it is station mode device that is primary target and needs to be fixed. RouterOS APs in AP mode (either...
by Mplsguy
Thu Aug 31, 2017 1:06 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request : Wireless Private Passphrase as a Match in Access-List [SOLVED]
Replies: 5
Views: 626

Re: Feature Request : Wireless Private Passphrase as a Match in Access-List [SOLVED]

AP does not "check" the passphrase, because client never sends it to AP. AP uses known passphrase in calculations and by means of those checks if client knows the same passphrase. Basically 802.11 PSK is an algorithm that allows both parties to confirm that other party (and this applies to both - AP...
by Mplsguy
Fri Feb 12, 2016 12:35 pm
Forum: Forwarding Protocols
Topic: VPLS NOT USING TE TUNNELS
Replies: 26
Views: 3302

Re: VPLS NOT USING TE TUNNELS

If the route to the TE endpoint is via the TE tunnel then surely the TE will would never be established as the route to the TE endpoint would be unreachable? Not necessarily - like I said, if you use at least partially specified path for TE tunnel, any router in path does not need to have route to ...
by Mplsguy
Thu Feb 11, 2016 9:37 pm
Forum: Forwarding Protocols
Topic: VPLS NOT USING TE TUNNELS
Replies: 26
Views: 3302

Re: VPLS NOT USING TE TUNNELS

Well, targeted LDP will use whatever transport to remote peer is available - routed or LSP. For VPLS to use TE, VPLS endpoint address must match that of TE endpoint. For targeted LDP to also use TE tunnel you would need VPLS endpoint address to which targeted LDP session will be established be route...
by Mplsguy
Wed Feb 10, 2016 9:27 pm
Forum: Forwarding Protocols
Topic: VPLS NOT USING TE TUNNELS
Replies: 26
Views: 3302

Re: VPLS NOT USING TE TUNNELS

No, this is not necessary, endpoints will happily use TCP/UDP over regular IP for LDP session.
by Mplsguy
Tue Feb 09, 2016 12:40 pm
Forum: Forwarding Protocols
Topic: VPLS NOT USING TE TUNNELS
Replies: 26
Views: 3302

Re: VPLS NOT USING TE TUNNELS

LDP uses UDP as its transport. There are 2 modes for LDP - regular, where LDP speaker sends multicast hellos on its interfaces and establishes sessions with directly attached neighbors, and targeted LDP - where LDP speaker sends hellos to specific IP address and establishes session with LDP speaker ...
by Mplsguy
Mon Feb 08, 2016 6:27 pm
Forum: Forwarding Protocols
Topic: VPLS NOT USING TE TUNNELS
Replies: 26
Views: 3302

Re: VPLS NOT USING TE TUNNELS

VPLS uses LSP to remote address. It can either be matching TE tunnel (with same address) or LSP established by LDP - gateway from most specific route to remote address has advertised label. So the answer to your question is - yes, remote address of VPLS must match that of TE tunnel for VPLS to use t...
by Mplsguy
Sat Feb 06, 2016 11:23 am
Forum: Forwarding Protocols
Topic: VPLS NOT USING TE TUNNELS
Replies: 26
Views: 3302

Re: VPLS NOT USING TE TUNNELS

No, you just enable LDP, without interfaces. Adding LDP interfaces means that router will start sending multicast hellos on that interface. VPLS uses targeted LDP - it sends hellos to specific IP address.
by Mplsguy
Thu Feb 04, 2016 3:39 pm
Forum: Forwarding Protocols
Topic: VPLS NOT USING TE TUNNELS
Replies: 26
Views: 3302

Re: VPLS NOT USING TE TUNNELS

You are correct - the rest of network wont see or care about VPLS, but tunnel endpoints need to exchange labels, so that each knows what label other uses for particular tunnel, so if you use LDP for VPLS signalling, LDP must be enabled only on endpoints not on all routers in path.
by Mplsguy
Thu Feb 04, 2016 11:10 am
Forum: Forwarding Protocols
Topic: VPLS NOT USING TE TUNNELS
Replies: 26
Views: 3302

Re: VPLS NOT USING TE TUNNELS

Unfortunately VPLS needs a way to exchange tunnel labels with remote peer. The only more simple way would be to manage labels manually - allocate label for VPLS interface on each router and enter it in remote peer manually. If there is serious enough reason why you need such a feature, we can consid...
by Mplsguy
Wed Feb 03, 2016 5:57 pm
Forum: Forwarding Protocols
Topic: VPLS NOT USING TE TUNNELS
Replies: 26
Views: 3302

Re: VPLS NOT USING TE TUNNELS

Indeed you can have VPLS tunnel working over LSP established by TE. The thing is that for "simple" VPLS tunnel you need LDP (it works in "targeted" mode, no need to add interfaces) to establish VPLS itself. If you do BGP based VPLS you can work w/o LDP.
by Mplsguy
Wed Feb 03, 2016 5:54 pm
Forum: Wireless Networking
Topic: Replacing CAPsMAN
Replies: 4
Views: 1839

Re: Replacing CAPsMAN

Unfortunately importing CA certificate with ability to sign certificates was not possible, like you explain. This was disabled deliberately so that user does not start signing certificates with CA on multiple devices that would produce conflicting sequence numbers. This has been relaxed so that you ...
by Mplsguy
Wed Feb 03, 2016 12:05 pm
Forum: Forwarding Protocols
Topic: mpls/vpls on static routing
Replies: 7
Views: 2757

Re: mpls/vpls on static routing

With default configuration LDP does not distribute binding for default route, so if you do not have more specific to your VPLS endpoint, it will not work - I suspect this is the problem in the original report. Note that using default route for reaching VPLS endpoint and distributing binding for defa...
by Mplsguy
Fri Jan 29, 2016 3:23 pm
Forum: Forwarding Protocols
Topic: MPLS - Forwarding table incorrect
Replies: 10
Views: 1682

Re: MPLS - Forwarding table incorrect

As far as I understand, labels are correct. Pay attention to 'G' in appropriate local binding on CCR2 - it says that this is binding for "gateway route": 5 ADG 2.2.2.0/29 19 41.79.23.1:0 Route to 2.2.2.0/29 has gateway: /ip route add dst-address=2.2.2.0/29 gateway=1.1.1.2 So CCR2 can actually label ...
by Mplsguy
Thu Nov 26, 2015 4:08 pm
Forum: Wireless Networking
Topic: Replacing CAPsMAN
Replies: 4
Views: 1839

Re: Replacing CAPsMAN

Auto-generated CA certificate on CAPsMAN is quick and dirty way to get you up and running with certificates. It would be better to implement more advanced PKI for devices in your authority, e.g: - generate root CA certificate, keep it somewhere safe, not on any CAPsMAN - issue CA certificate signed ...
by Mplsguy
Wed Sep 04, 2013 9:50 am
Forum: General
Topic: How to Packet Sniff over UDP (TZSP Protocol)... !?
Replies: 7
Views: 6014

Re: How to Packet Sniff over UDP (TZSP Protocol)... !?

Just forget about padding and fragmentation, the capture you see has nothing to do with this (even more - according to TZSP spec any tagged fields, including padding, can NOT follow TAG_END). Everything is really simple, please study relevant specs carefully - TZSP, Ethernet, IP. You can use Wiresha...
by Mplsguy
Tue Sep 03, 2013 2:50 pm
Forum: General
Topic: How to Packet Sniff over UDP (TZSP Protocol)... !?
Replies: 7
Views: 6014

Re: How to Packet Sniff over UDP (TZSP Protocol)... !?

As you see from TZSP header, encapsulation type is ethernet (0x00 0x01), so what follows TZSP header is ethernet packet that starts with ethernet header. These 0s are ethernet source and destination addresses. This can happen (ethernet source and destination set to all 0s) when sniffing on all inter...
by Mplsguy
Tue Dec 06, 2011 10:07 pm
Forum: Wireless Networking
Topic: nv2 cell radius
Replies: 3
Views: 3109

Re: nv2 cell radius

nv2-cell-radius setting does not affect what distance is detected for every particular client, therefore it is completely normal that detected distance (as reported on client and also in AP registration table for every connected client) stays the same no matter what this setting is set to. This sett...
by Mplsguy
Fri Dec 02, 2011 10:08 pm
Forum: Wireless Networking
Topic: ampdu priorities
Replies: 8
Views: 19526

Re: ampdu priorities

Just to clarify - ht-ampdu-priorities setting only specifies frame priorities for which AMPDU usage will get negotiated, it does not itself enable any assigning of priorities (classifying) and does not make interface act in different way on packets with different priorities, just as explained in: ht...
by Mplsguy
Wed Aug 31, 2011 11:09 am
Forum: Forwarding Protocols
Topic: VPLS Tunnel between different areas
Replies: 5
Views: 1903

Re: VPLS Tunnel between different areas

Probably MPLS LSP is "broken" on area border router. There is no limitation for VPLS to work between routers in different areas - actually MPLS (and therefore VPLS) does not care what IGP is used to exchange routes. What matters is that there must be "complete" MPLS LSP between VPLS endpoints and us...
by Mplsguy
Fri Jul 01, 2011 11:22 am
Forum: Forwarding Protocols
Topic: L3 mpls vpn between cisco 7600 and mikrotik
Replies: 2
Views: 1496

Re: L3 mpls vpn between cisco 7600 and mikrotik

Please explain your setup in more detail and post config of devices (addresses, routes, routing protocol config) and traceroute results. In classic VPNv4 setup CE devices do not need VRFs (VRF is necessary only on PE routers), CE devices only need "main" routing table where routes are added either s...
by Mplsguy
Wed Jun 29, 2011 9:42 am
Forum: Wireless Networking
Topic: Wireless NV2 messages explanation please!!!
Replies: 30
Views: 4748

Re: Wireless NV2 messages explanation please!!!

Would this now mean that if I set my client to NV2 only this message dissapears and at the same time the scanning process for the protocols is skipped and client has an even faster change to connect to NV2 AP? (After all, AP is both with SSID and mac in the ´connect-to´ list, freq. scans is set for...
by Mplsguy
Tue Jun 28, 2011 11:13 pm
Forum: Wireless Networking
Topic: Wireless NV2 messages explanation please!!!
Replies: 30
Views: 4748

Re: Wireless NV2 messages explanation please!!!

What does the “ MT: no ” mean? This is cosmetic, it will say "yes" only for 802.11&nstreme routeros APs. Why “ uses TDMA, skip ”? Off course the AP uses TDAM (=NV2), so why “skip”? This is more tricky. I guess you have "wireless-protocol=nv2-nstreme-802.11" on client. Here is what happens - station...
by Mplsguy
Wed Jun 22, 2011 8:55 am
Forum: Forwarding Protocols
Topic: LDP flapping after changing wireless BH link.
Replies: 4
Views: 1485

Re: LDP flapping after changing wireless BH link.

If LDP adjacency is maintained fine with targeted hellos, I would say that your link is having trouble forwarding multicast packets (LDP hellos). You can check that with sniffer.
by Mplsguy
Fri Jun 10, 2011 8:47 am
Forum: Wireless Networking
Topic: NV2 Timing related disconnects
Replies: 47
Views: 6767

Re: NV2 Timing related disconnects

Ok, thanks. Never too old to learn. So for hardening the connection it is no use. Is there any difference in choosing either the SSID classifier or the mac address in the ´connect-to´ lists? Maybe a wise idea to use both the classifiers in one ´connect-to´ rule? Pro's and con's of each of these 3 o...
by Mplsguy
Fri Jun 10, 2011 12:22 am
Forum: Wireless Networking
Topic: NV2 Timing related disconnects
Replies: 47
Views: 6767

Re: NV2 Timing related disconnects

I set for each AP a ´connect-to´ rule with in one its SSID and the other the mac address. So for 2 AP's you'll get 4 rules. Reason: If you use mac address only and you need to change the radio of the AP (because it is broken), clients won't connect to new radio. You'll have to visit each of them. (...
by Mplsguy
Thu Jun 09, 2011 10:38 pm
Forum: Forwarding Protocols
Topic: VPLS NOT USING TE TUNNELS
Replies: 26
Views: 3302

Re: VPLS NOT USING TE TUNNELS

Well, all kinds of VPLS work over TE tunnels. Actually VPLS tunnels prefer LSP established with TE over LSP established with LDP. In your situation most likely the problem is that in order to do VPLS tunnel label exchange for Cisco BGP VPLS and static VPLS, you actually need LDP, but not for establi...
by Mplsguy
Wed Jun 01, 2011 11:52 pm
Forum: Wireless Networking
Topic: ARQ in NV2 versus Ack in 802.11 legacy
Replies: 2
Views: 7347

Re: ARQ in NV2 versus Ack in 802.11 legacy

From terminology standpoint ACK in 802.11 is also ARQ mechanism. In every protocol ARQ is used to achieve reliable data transmission, so the purpose is the same. The main difference between ARQ mechanism in nstreme/nv2 and 802.11 is that 802.11 basically uses Stop-and-wait ARQ , while nstreme/nv2 us...
by Mplsguy
Wed May 18, 2011 12:22 am
Forum: Wireless Networking
Topic: Explaination of NV2 register table readings please..
Replies: 8
Views: 2348

Re: Explaination of NV2 register table readings please..

tdma-timing-offset is proportional to distance, so there is no "ideal" reading - it is approximately two times the propagation delay. AP measures this so that it can tell clients what offset to use for their transmissions - clients then subtract this offset from their target transmission time such t...
by Mplsguy
Fri Apr 22, 2011 10:19 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Transitioning station pseudobridge CPE's to NV2.
Replies: 3
Views: 1339

Re: Transitioning station pseudobridge CPE's to NV2.

5.x version supports station-bridge mode also for 802.11 & nstreme protocols. So you can transition in really simple way: - upgrade all devices to 5.x - on AP enable "bridge-mode", set wireless-protocol=802.11 (assuming you use 802.11) - on all clients set mode=station-bridge and wireless-protocol=a...
by Mplsguy
Fri Apr 01, 2011 10:35 am
Forum: Forwarding Protocols
Topic: Cisco BGP Vpls - MIkrotik - cisco7604
Replies: 6
Views: 3864

Re: Cisco BGP Vpls - MIkrotik - cisco7604

Well, I can agree that RouterOS usage of term VPLS might be confusing, especially if looking from cisco perspective. In RouterOS "VPLS interface" (entity appearing in "/interface vpls" that you can use as any other network interface in your router) is what is known as "pseudowire". There are a few w...
by Mplsguy
Fri Mar 25, 2011 1:35 am
Forum: Wireless Networking
Topic: data rates / basic rates setting best practise
Replies: 10
Views: 9301

Re: data rates / basic rates setting best practise

With basic rates AP says what rates every device in network must support, it simply does not accept clients that do not support all basic rates. supported rates - rates at which particular device can transmit/receive. Actual rate set used between two devices contains all rates that are in common in ...
by Mplsguy
Fri Jan 28, 2011 6:02 pm
Forum: Forwarding Protocols
Topic: Cisco BGP Vpls - MIkrotik - cisco7604
Replies: 6
Views: 3864

Re: Cisco BGP Vpls - MIkrotik - cisco7604

cisco-bgp-vpls implementation was indeed tested with cisco 7609. Unluckily that does not mean that it will interoperate with particular cisco router and/or IOS version. I suggest you: - enable more mpls/ldp/l2vpn debugs on cisco to help diagnose the problem - send souput file to support, made after ...
by Mplsguy
Fri Dec 31, 2010 1:55 pm
Forum: Forwarding Protocols
Topic: refresh time and k factor for MPLS
Replies: 6
Views: 1753

Re: refresh time and k factor for MPLS

You can configure k-factor and refresh-time in "/mpls traffic-eng interface" menu. Basically these parameters control how often RSVP Path and Resv messages are sent out the particular interface. You can think of it as of hello interval for OSPF. The basic idea is - refresh-time specifies how often m...
by Mplsguy
Sat Aug 07, 2010 8:24 am
Forum: RouterOS v6 RC and v7 BETA
Topic: New wireless protocol: Nv2 in v5.0beta5
Replies: 217
Views: 73226

Re: New wireless protocol: Nv2 in v5.0beta5

There are no explicit limits for scan-list length, but still it is better to keep it shorter - the shorter it is, the faster full scan will complete. Indeed there is a problem with nv2 and long scan-lists that will be fixed in next version. Take into account that scan for nv2 networks takes approxim...
by Mplsguy
Thu Jul 29, 2010 8:11 pm
Forum: Forwarding Protocols
Topic: MPLS neighbourg disconnects
Replies: 3
Views: 1121

Re: MPLS neighbourg disconnects

By "managed to get it more stable" do you mean that neighbor is not "flapping" any more? This seems to be issue somehow related to OSPF. It would be very handy if you sent a few supout files to support, made with some time interval, e.g. 5min (so that some number of flaps would have happened). Refer...
by Mplsguy
Sat Jul 24, 2010 6:01 am
Forum: RouterOS v6 RC and v7 BETA
Topic: New wireless protocol: Nv2 in v5.0beta5
Replies: 217
Views: 73226

Re: New wireless protocol: Nv2 in v5.0beta5

nv2 is not compatible with Airmax. nv2 is supported for all Atheros cards, except old AR5211 based, so in order to try it out it is not required to have 11n cards - just upgrade, set wireless-protocol=any on station (this will enable station to look for whatever protocol AP that is available with ap...
by Mplsguy
Thu Jul 22, 2010 2:01 pm
Forum: Forwarding Protocols
Topic: VPLS RouterOS <-> JUNOS BGP signalling problem
Replies: 17
Views: 5403

Re: VPLS RouterOS <-> JUNOS BGP signalling problem

Please contact support (refer to this topic) with info on what type of RBs you use and what ROS version, hopefully you will get testing package in the nearest future (today or tomorrow).
by Mplsguy
Wed Jul 21, 2010 11:34 pm
Forum: Forwarding Protocols
Topic: VPLS RouterOS <-> JUNOS BGP signalling problem
Replies: 17
Views: 5403

Re: VPLS RouterOS <-> JUNOS BGP signalling problem

Your help will be most handy when these features get implemented - you will be welcome to test them :). As to the interoperability testing - there has been plenty of testing with Cisco equipment, different models. I must say that there were also number of problems that had to be addressed, especiall...
by Mplsguy
Tue Jul 20, 2010 7:06 pm
Forum: Forwarding Protocols
Topic: VPLS RouterOS <-> JUNOS BGP signalling problem
Replies: 17
Views: 5403

Re: VPLS RouterOS <-> JUNOS BGP signalling problem

I am sorry to say that, but this particular "problem" has not been fixed yet due to scarce resources - it is noted and on TODO list for next batch of MPLS improvements. Probably loud and clear demand for this feature may boost its priority, but anyway - thanks for the reports. Any other reports/wish...
by Mplsguy
Mon Jul 19, 2010 11:30 am
Forum: Forwarding Protocols
Topic: MPLS MTU between 433AH and 411A
Replies: 3
Views: 927

Re: MPLS MTU between 433AH and 411A

Like I said - you have to take into account l2mtus of links that are involved in MPLS network - links over which MPLS packets are sent, no matter what MPLS application you are using, be it "simple" MPLS forwarding of IP packets or VPLS. If you intend to forward MPLS traffic (with VPLS inside it) ove...
by Mplsguy
Fri Jul 16, 2010 5:58 pm
Forum: Forwarding Protocols
Topic: MPLS MTU between 433AH and 411A
Replies: 3
Views: 927

Re: MPLS MTU between 433AH and 411A

If you have your VPLS tunnel going only over wireless link (which is the case in wiki example), you do not have to worry about ethernet l2mtu - only l2mtu-s you care about are for interfaces that are involved in actual VPLS tunnel. And wireless has big enough l2mtu by default. Wiki example actually ...
by Mplsguy
Wed Jul 14, 2010 1:15 pm
Forum: Forwarding Protocols
Topic: MPLS LDP neighbor problem
Replies: 3
Views: 2396

Re: MPLS LDP neighbor problem

Does this flapping happen constantly or only occasionally? Anyway, I suggest you send supout files of both - AP and client to support with reference to this topic.
by Mplsguy
Tue Jul 13, 2010 7:59 am
Forum: Forwarding Protocols
Topic: Help with MPLS please
Replies: 8
Views: 3126

Re: Help with MPLS please

From your config I understand that you are trying to establish 2 vpls tunnels, one between station1 and AP and second between station2 and AP. Is that correct? In this case please post VPLS config on AP also. Additionally - there are no any LDP bindings on station 2. This tells that most likely you ...
by Mplsguy
Thu Jul 08, 2010 10:56 pm
Forum: Forwarding Protocols
Topic: TE Tunnel and Load sharing or load distribution
Replies: 2
Views: 1334

Re: TE Tunnel and Load sharing or load distribution

I guess you should create as many VPLS tunnels as necessary and then use bonding for load sharing/balancing - instead of bridging ethernet with VPLS tunnel, bridge ethernet with bonding interface. Then add VPLS tunnels that traverse different paths as slaves to bonding interface.
by Mplsguy
Thu Jul 08, 2010 4:19 pm
Forum: Forwarding Protocols
Topic: Help with MPLS please
Replies: 8
Views: 3126

Re: Help with MPLS please

please post output of the following commands on all involved devices:

/ip address print
/ip route print
/mpls local-bindings print
/mpls remote-bindings print
/interface vpls print
by Mplsguy
Mon Jul 05, 2010 10:56 am
Forum: Forwarding Protocols
Topic: te tunnel and multiple VPLS interfaces
Replies: 3
Views: 2080

Re: te tunnel and multiple VPLS interfaces

If you have a number of core and provider edge routers with multiple customers at each PE is it possible to specify which TE tunnel for an individual VPLS tunnel to traverse over? I'll attach a graphic to better explain my question... You can add multiple "loopback" addresses to each router, establ...
by Mplsguy
Tue Jun 29, 2010 11:15 pm
Forum: Forwarding Protocols
Topic: vpls issue-tunnel is up but no data transfer
Replies: 5
Views: 1052

Re: vpls issue-tunnel is up but no data transfer

but if use following scenario no issue host a --ether--router a--->wlan----wlan<---routerb---ether--host b It seems you do not have proper MPLS LSP established between VPLS endpoints (I guess so because it works when endpoints are directly attached). Make sure that you have LDP or TE properly confi...
by Mplsguy
Fri Jun 11, 2010 5:30 pm
Forum: Forwarding Protocols
Topic: Challenging Question regarding QinQ !!!
Replies: 11
Views: 4295

Re: Challenging Question regarding QinQ !!!

Any particular reason why you do not create "QinQ VLAN" directly on VPLS interface?
Kind of:
   / vlan1 - bridge(vlan1) - vlan1 \
eth- vlan2 - bridge(vlan2) - vlan2 - QinQvlan - VPLS
   \ vlan3 - bridge(vlan3) - vlan3 /
by Mplsguy
Thu Jun 10, 2010 12:17 pm
Forum: Forwarding Protocols
Topic: VPLS - Difference between Raw Ethernet and Tagged ?
Replies: 2
Views: 1549

Re: VPLS - Difference between Raw Ethernet and Tagged ?

Actually from RouterOS point of view there is no difference in operation for these modes (except specifying appropriate mode during PW establishment), because VLAN tagging/untagging actions described in RFC 4448 must be configured manually using bridges and VLANs. Tagged mode was added because there...