Community discussions

Search found 423 matches

  • 1
  • 2
by aacable
Wed Sep 11, 2019 9:46 am
Forum: Scripting
Topic: Script to monitor temperature
Replies: 11
Views: 3653

Re: Script to monitor temperature

I know this post is well over a year old, but since no one has responded to it I thought I would. This is a reply to aacable. These are a few sample scripts I created that looks for the system temperature on a MikroTik, logs the current temp, and sends an alert at different temperature checkpoints....
by aacable
Tue Jul 23, 2019 7:52 am
Forum: Announcements
Topic: v6.45.2 [stable] is released!
Replies: 206
Views: 35983

Re: v6.45.2 [stable] is released!

[ Changes in this release: *) bonding - fixed bonding running status after reboot when using other bonds as slave interfaces (introduced in v6.45); *) interface - fixed missing PWR-LINE section on PL7411-2nD and PL6411-2nD (introduced v6.44); *) ipsec - allow peer argument only for "encrypt" polici...
by aacable
Mon Jun 24, 2019 7:15 am
Forum: General
Topic: how to bypass radius accounting with FastTrack !?
Replies: 1
Views: 232

Re: how to bypass radius accounting with FastTrack !?

I am not sure if FASTTRACK can help you as I have never tested it. Just to share another idea , At my friend ISP he had 10 TB of media sharing servers which users uses to download different sharing data which was also counted in users monthly internet traffic report. therefore we used intervlan rout...
by aacable
Wed Apr 10, 2019 12:02 pm
Forum: Scripting
Topic: Get single IP from interface which have multiple IP' assigned [SOLVED]
Replies: 3
Views: 429

Re: Get single IP from interface which have multiple IP' assigned [SOLVED]

whole issue is, that your [find interface="xxx"] returns an array of interfaces.. All you need to do is pick one /ip address get [:pick [find interface="ether6"] 0] address] or if you want to test it in console, simply :put [/ip address get [:pick [find interface="ether6"] 0] address]] :put [/ip ad...
by aacable
Wed Apr 10, 2019 12:01 pm
Forum: Scripting
Topic: Where can I find the IP address ...
Replies: 30
Views: 9995

Re: Where can I find the IP address ...

Basic way of getting the an interface's IP address is just to use this:

ros code

:put [/ip address get [:pick [/ip address find interface="Wan"] 0] address][/code]
Replace "Wan" with whatever the interface's name is.
This saved my day as well. Thank you
by aacable
Wed Apr 10, 2019 10:31 am
Forum: Scripting
Topic: Get single IP from interface which have multiple IP' assigned [SOLVED]
Replies: 3
Views: 429

Get single IP from interface which have multiple IP' assigned [SOLVED]

I have a interface which have multiple IP's assigned. like
ether6: 1.1.1.1
ether6: 2.1.1.1

How can I get all IPs in single variable. like VAR="1.1.1.1 2.1.1.1" or if possible just single ip ?
 /ip address get [find interface="ether6"] address
& I get this error
invalid internal item number
by aacable
Tue Jul 10, 2018 6:05 pm
Forum: Scripting
Topic: get full name from ppp active users
Replies: 0
Views: 295

get full name from ppp active users

Scenario: When I issue /ppp active print Result: 1 R USER1... pppoe 60:E3:27:FE:F8:77 110.38.229.206 3h38m23s 2 R USER2 pppoe 18:D6:C7:FB:52:CF 110.38.229.205 3h38m23s 3 USER3 pppoe 18:D6:C7:FB:52:CF 110.38.229.205 3h38m23s 1) For some users (long name) it shows dots (as showed in USER1 example abov...
by aacable
Sat May 12, 2018 12:27 pm
Forum: General
Topic: mikrotik - pppoe client delay connection [SOLVED]
Replies: 9
Views: 2552

Re: mikrotik - pppoe client delay connection

Solved. When I lower the RADIUS TIMEOUT value from 3000 ms to 500-700 ms and the problem got solved. The user is now able to connect instantly or within 5 seconds. I used this value at almost all other systems but this particular one, radius timeout value works only if under 700 ms no matter ier is ...
by aacable
Sun Apr 15, 2018 10:49 am
Forum: General
Topic: mikrotik - pppoe client delay connection [SOLVED]
Replies: 9
Views: 2552

Re: mikrotik - pppoe client delay connection

I tried every setting possible but still having problem that some times users connect instantly, but most of times it gets stucks on dialing for long time and then connect. Ok yesterday I tried following. create pppoe server on another port on CCR, connect test client pc directly to this port. Ran t...
by aacable
Fri Apr 13, 2018 7:53 am
Forum: General
Topic: mikrotik - pppoe client delay connection [SOLVED]
Replies: 9
Views: 2552

Re: mikrotik - pppoe client delay connection

@blajah
this RB is in production with 2000 active users, therefore running torch and look for specific user is quite hard.

@Anumrak
PAP/CHAP are selected.
Compression is on DEFAULT. I will disable it.

I will change compression setting and will let u know.
by aacable
Sun Apr 08, 2018 8:38 pm
Forum: General
Topic: mikrotik - pppoe client delay connection [SOLVED]
Replies: 9
Views: 2552

Re: mikrotik - pppoe client delay connection

I got it form your first post. Like i said, it could be some broadcast limit. And for reconnection, maybe you have old sessions still up? I dont see any error in mikrotik. infact I feel that mikrotik is not receiving the PADI requests , since its live network with around 2k users so i cannot enable...
by aacable
Sun Apr 08, 2018 12:03 pm
Forum: General
Topic: mikrotik - pppoe client delay connection [SOLVED]
Replies: 9
Views: 2552

Re: mikrotik - pppoe client delay connection

Mikrotik CCR 1036 - V 6.41.3
There is no Filter/NAT/Mangle rule. All users gets public ip and route to upstream ISP.
Problem is most times when users dial/redial they gets long pause on dialing seems they are unable to find the PPPoE Server.
by aacable
Sat Apr 07, 2018 9:46 am
Forum: Beginner Basics
Topic: High CPU usage.
Replies: 12
Views: 6335

Re: High CPU usage.

in one case I found a script that was running continuously caused high cpu usage.
by aacable
Sat Apr 07, 2018 9:40 am
Forum: General
Topic: Problem critical PPPoE server (ppp/active connections) High CPU!!!
Replies: 3
Views: 574

Re: Problem critical PPPoE server (ppp/active connections) High CPU!!!

Hi, We have a server pppoe + radius (dma manager) with 2300 active connections. The problem is when 30~50 fail to ppp/active connection ( fail electric in sector, reboot OLT device ) then CPU usage of server high to 60%~80% and ppp/active connections fall to 500!! This is a critical problem! please...
by aacable
Wed Apr 04, 2018 9:48 am
Forum: General
Topic: mikrotik - pppoe client delay connection [SOLVED]
Replies: 9
Views: 2552

mikrotik - pppoe client delay connection [SOLVED]

I have one Mikrotik Routerboard with 6.41.3 firmware. VLAN for multiple areas are configured in Cisco 3560 Gigabit switches and TRUNK is connected with CCR. PPPoE Server with proper settings is configured for each vlan. RB resources are OK, no heating , CPU usage 3 to 4 % max , PING from users PC (a...
by aacable
Thu Mar 29, 2018 7:43 am
Forum: General
Topic: High CPU on CCR1072 every pppoe-client go down
Replies: 13
Views: 1624

Re: High CPU on CCR1072 every pppoe-client go down

I agree, It has sense, I don't think that 5 nat entrys can be the problem. Then there is not configuration solution since connection tracking can not be removed (in my case), and only Mikotik can improve this problem, it I think. Sorry for being unclear. The issue is related to NAT in terms that if...
by aacable
Tue Mar 27, 2018 1:58 pm
Forum: General
Topic: High CPU on CCR1072 every pppoe-client go down
Replies: 13
Views: 1624

Re: High CPU on CCR1072 every pppoe-client go down

Only If you have high number of ppp clients & you are doing NATTING as well, then I would recommend you to do NATTING on different router. Example: Mark connection for private ip users, and then route them to 2nd router which will do the NATTING. also add reverse route in 2nd router so that it can s...
by aacable
Sat Mar 03, 2018 6:18 pm
Forum: Scripting
Topic: Script to monitor temperature
Replies: 11
Views: 3653

Re: Script to monitor temperature

Seems Good. I would like to provide some feedback on the script. Let's say what if we schedule it to run every 5 minutes? It will run, & do following - Check temperature, compare it with threshold value , if condition true, LOG & Send SMS Alert. Now after 5 minutes , the script executes again, & do ...
by aacable
Mon Feb 12, 2018 10:29 am
Forum: Scripting
Topic: 6 wan pcc way script #help
Replies: 1
Views: 425

Re: 6 wan pcc way script #help

seems ok, are you having any issue in it ? describe details.
by aacable
Mon Feb 12, 2018 10:24 am
Forum: Scripting
Topic: Script to especific user
Replies: 1
Views: 368

Re: Script to especific user

although its a strange requirement :) but any way, try below ... # Set variable with account name example ADMIN that is required for check :local MYUSER "admin"; # Print Script ... :log warning "Start Check Login for $MYUSER user ..."; # Get count number to see if MYUSER have open session :local i [...
by aacable
Tue Jan 30, 2018 7:49 pm
Forum: General
Topic: Blocking UDP attack in Mikrotik not working
Replies: 14
Views: 1887

Re: Blocking UDP attack in Mikrotik not working

In very old days I faced similar issue, & I have one Linux base Transparent Bridge which was placed between the ISA Server & the Clients for MAC - IP filtering. With some tuning, I placed it between ISA & Internet & it filtered all unnecessary ports / flooding & block it from reaching ISA which save...
by aacable
Wed Jan 17, 2018 1:49 pm
Forum: General
Topic: Freeradius Restrict User Auth Request Based on VLAN
Replies: 3
Views: 415

Re: Freeradius Restrict User Auth Request Based on VLAN

Ok I was able to sort it. if ("%{sql: select vlanid from users where username = '%{User-Name}'}" != "%{NAS-Port-Id}") { update reply { Reply-Message = 'You are not allowed to connect from this VLAN' } update control { Auth-Type := "Reject" } } It's added under Authorized Section. Will write in detai...
by aacable
Wed Jan 17, 2018 1:00 pm
Forum: General
Topic: Freeradius Restrict User Auth Request Based on VLAN
Replies: 3
Views: 415

Re: Freeradius Restrict User Auth Request Based on VLAN

Ok I added this in RADCHECK table. NAS-Port-Id == VLAN2 & it seems to be working fine. Is there any way I can customized the radreply if user gets rejected dueto incorrect VLAN (for log purposes) ------------------------ Example of one module I have that checks for Invalid MAC. checkval{ reject = 1 ...
by aacable
Wed Jan 17, 2018 11:52 am
Forum: General
Topic: Freeradius Restrict User Auth Request Based on VLAN
Replies: 3
Views: 415

Freeradius Restrict User Auth Request Based on VLAN

Scenario: We have One Mikrotik CCR as NAS (pppoe) and Freeradius as billing. Multiple area's are connect to Mikrotik via Cisco switch & VLAN are configured for each port. We have few reseller/frenchise managers, like Dealer-A, Dealer-B. They can create there own users in freeradius using frontend GU...
by aacable
Sat Jan 13, 2018 3:20 pm
Forum: General
Topic: High CPU load when PPPoE sessions disconnects
Replies: 52
Views: 9082

Re: High CPU load when PPPoE sessions disconnects

@cicserver

I would suggest to mark private ip series and then make a route so they should ROUTE to 2nd router, where NAT will happen. you may need to create reverse route on 2nd router as well so communications between subnet works fine,
by aacable
Sat Jan 13, 2018 8:19 am
Forum: General
Topic: countless / free traffic from a network for PPPoE users
Replies: 6
Views: 1181

Re: countless / free traffic from a network for PPPoE users

Hi friends I have some download servers at my office .I want it when my users download or upload from that servers , MikroTik don't calculate traffic from it . it mean my users have free traffic to that servers . How can be do that ? is there anyway to do it from mikrotik ? My accounting is Freerad...
by aacable
Tue Nov 21, 2017 6:44 am
Forum: General
Topic: Monthly Stats for WAN interface only?
Replies: 4
Views: 699

Re: Monthly Stats for WAN interface only?

OR you can use scripting method as well to acquire data usage of particular wan interface using filter rules approach. you can save the data in txt file in mikrotik and configure it to email on every 1st of month and then reset counters.
by aacable
Tue Nov 21, 2017 6:26 am
Forum: Scripting
Topic: Combining two Internet connections to increase the speed
Replies: 2
Views: 4201

Re: Combining two Internet connections to increase the speed

Hey guys I have 2 internet connections the first is 4 MB and the second is 2MB I wanna merge them to be 6 MB Technically you cannot MERGE them without the ISP support. All you can do is to LOAD balance your requests between those 2 internet links using PCC technique in mikrotik. Mikrotik Wiki & Goo...
by aacable
Tue Nov 21, 2017 6:23 am
Forum: Scripting
Topic: Disabling IP addresses via Script
Replies: 1
Views: 332

Re: Disabling IP addresses via Script

If you would have posted the reason why you need it would much easier to answer you accordingly. any way try this.just example /ip address :if ([get [find comment="ether1_wan_ip_1"] disabled] = false) do={ disable [find comment="ether1_wan_ip_1"] enable [find comment="ether1_wan_ip_2"] } else={ :if ...
by aacable
Thu Nov 16, 2017 8:41 am
Forum: General
Topic: SNMP with Dma Radius Manager
Replies: 6
Views: 1366

Re: SNMP with Dma Radius Manager

The SNMP feature in radiusmanager hasn't worked since Ubiquiti 5.5.x firmware.

I contacted Victor to see if he could work on it but unfortunately, he said he did not have time to fix it so who knows if it'll ever work again.
how I can contact victor ?
Viktor:
support@dmasoftlab.com
by aacable
Tue Nov 14, 2017 6:50 am
Forum: General
Topic: How to prevent more than 1 authentication when using RADIUS?
Replies: 1
Views: 282

Re: How to prevent more than 1 authentication when using RADIUS?

It all really depends on how your radius server is configured. What type of radius server you are using? On free-radius, there is a parameter named 'simultanous-use' Example: Simultaneous-Use := 1 Also Uncomment simul_count_query to enable simultaneous use checking in dialup.conf Google for more
by aacable
Fri Nov 10, 2017 9:40 am
Forum: General
Topic: Freeradius Sim-Use not working with Mikrotik Hotspot
Replies: 5
Views: 945

Re: Freeradius Sim-Use not working with Mikrotik Hotspot

For good results you should not query NAS for user status.
All should be done by freeradius/mysql :)
by aacable
Wed Nov 08, 2017 11:55 am
Forum: General
Topic: Freeradius Sim-Use not working with Mikrotik Hotspot
Replies: 5
Views: 945

Re: Freeradius Sim-Use not working with Mikrotik Hotspot

NOTE: If you are using SQL, For sim-use i had to disable (comment) the “radutmp” entry in /etc/freeradius/sites-enabled/default .
ACCOUNTING SECTION
SESSION SECTION
by aacable
Tue Oct 24, 2017 2:29 pm
Forum: General
Topic: Facebook Images not appear
Replies: 2
Views: 413

Re: Facebook Images not appear

as per my tiny knowledge, It's probably due to one of following ... DNS issues (Most common one) MTU problem (seen this issue at a network where many wifi routers were installed and the new TENDA brand was giving such issues) Packet is blocked or lost at any point / HOPS (less chances) for #1 , make...
by aacable
Thu Oct 19, 2017 2:56 pm
Forum: General
Topic: Cisco InterVlan Routing with Mikrotik
Replies: 6
Views: 846

Re: Cisco InterVlan Routing with Mikrotik

I don't have professional skills, But may be it can help some one ..link...
by aacable
Thu Oct 19, 2017 12:55 pm
Forum: General
Topic: Cisco InterVlan Routing with Mikrotik
Replies: 6
Views: 846

Re: Cisco InterVlan Routing with Mikrotik

What I said: make sure the Cisco does NOT provide a default gateway in its DHCP reply, but sends a specific route, in your case this can be a route for 192.168.2.0/23 This can be done using DHCP options. Perhaps a practice example might be more feasible. to further elaborate pe1chl , see following ...
by aacable
Thu Oct 19, 2017 10:19 am
Forum: General
Topic: bypass mikrotik router for local ftp sharing
Replies: 1
Views: 732

Re: bypass mikrotik router for local ftp sharing

Look for Cisco Intervlan Routing. It will solve your problem.
Make default gateway of clients to there respective vlan interface ip, and enable ip routing in it. this way client will communicate with each other directly using there local ips.
by aacable
Wed Oct 11, 2017 11:25 am
Forum: Scripting
Topic: Script to fetch Gateway IP
Replies: 5
Views: 1822

Re: Script to fetch Gateway IP

If pppoe-outX [name of pppoe dialer] is being dialed from the RB itself, then why you are trying to hardcode the gateway IP, Just create Static Route with 'ppoe-outX' [name of pppoe dialer] as gateway. /ip route add check-gateway=ping comment="DSL1 Default ROUTE" distance=1 dst-address=0.0.0.0/0 gat...
by aacable
Fri Oct 06, 2017 7:19 am
Forum: Scripting
Topic: Script for pinging IP in WAN
Replies: 1
Views: 10620

Re: Script for pinging IP in WAN

you are almost there, Use variables, they have amazing use in the script :) One working example: :local HOST "8.8.8.8" :local PINGCOUNT "30" :local INT "sfp1" :local DELAY "3s" :local sub1 ([/system identity get name]) :local sub2 ([/system clock get time]) :local sub3 ([/system clock get date]) :lo...
by aacable
Tue Oct 03, 2017 2:21 pm
Forum: General
Topic: Uptime Challenge!
Replies: 25
Views: 13384

Re: Uptime Challenge!

If security is no problem then the uptime is nice. But if you make updates than you can't see this uptimes in Mikrotik because you need a reboot after you upload a new version. & upgrading is very frequent in the ROS ;) , specially with the new 6.x breed, we see fixbug/upgrade releases very quickly...
by aacable
Tue Oct 03, 2017 2:14 pm
Forum: Beginner Basics
Topic: PCC load Balancing Session out problem on some websites
Replies: 1
Views: 920

Re: PCC load Balancing Session out problem on some websites

Have you tried changing both-addresses-and-ports to src-address ? As Described here Example#1: src-address Use src-address as classifier, this way you will get rid of problems like https/broken link, streaming issues etc (dueot ip changing on each request) . Load balancing using this PCC technique (...
by aacable
Mon Oct 02, 2017 2:30 pm
Forum: General
Topic: High CPU load when PPPoE sessions disconnects
Replies: 52
Views: 9082

Re: High CPU load when PPPoE sessions disconnects

So if you have the same issue, then the solution should also be the same: viewtopic.php?p=620765#p620765
Noted. I saw that later. Will test it.
by aacable
Mon Oct 02, 2017 1:39 pm
Forum: General
Topic: High CPU load when PPPoE sessions disconnects
Replies: 52
Views: 9082

Re: High CPU load when PPPoE sessions disconnects

Yes Masquerade and Routing both in one box.
Scenario is something like below ...
4 wan dsl links configured with PCC using SRC-ADDRESS approach. for specific group of users.
1 wan link for public ip users routing. for users with public ips.
by aacable
Mon Oct 02, 2017 10:05 am
Forum: General
Topic: High CPU load when PPPoE sessions disconnects
Replies: 52
Views: 9082

Re: High CPU load when PPPoE sessions disconnects

Facing same issue here as well. using following RB's (with 6.40.3)
RB3011xxx
CCR1016
CCR1036
by aacable
Mon Sep 11, 2017 1:21 pm
Forum: Beginner Basics
Topic: Backup Link
Replies: 3
Views: 862

Re: Backup Link

You would set two static routes. First route will point to your first ISP and will be exactly what you use today. The second router will have a higher administrative distance, set it for say 150, and traffic will only follow the second route when the first one goes down. Primary Link distance = 1 B...
by aacable
Wed Aug 30, 2017 6:53 am
Forum: Beginner Basics
Topic: Dual WAN failover
Replies: 5
Views: 4212

Re: Dual WAN failover

I am having troubles with Dual WAN fail-over, and I'm hoping someone has a simple solution. In my testing environment I have WAN1 going to Ether1 and WAN2 at Ether2. Routes are configured as they should and while testing we see two different results based on the method of testing. If we simply disa...
by aacable
Mon Aug 28, 2017 2:05 pm
Forum: Beginner Basics
Topic: Dual WAN failover
Replies: 5
Views: 4212

Re: Dual WAN failover

Better to go with the scripting method which you can customize as per your requirements. Monitor at least 2 internet hosts via script, if mikrotik fail to get reply from both, then consider the link down and activate second link by changing its route. (& send email alert about the link down event). ...
by aacable
Mon Aug 28, 2017 1:29 pm
Forum: Beginner Basics
Topic: Dual WAN failover
Replies: 5
Views: 4212

Re: Dual WAN failover

There are few ways to to achieve the task. 1# You can create two static routes (in route section), 1st pppoe with Distance Value set to 1 , and 2nd for the 4g router link distance set to 2 . This way if wan1 (pppoe) fails, the traffic will auto route to wan2 4g router link which have distance value ...
by aacable
Mon Aug 28, 2017 11:32 am
Forum: Beginner Basics
Topic: WOL (Rule/Script?)
Replies: 8
Views: 1532

Re: WOL (Rule/Script?)

Setup Global Variables, store the UP/DOWN results in those variables, Query the variables results from the Environment, & act upon it as per requirements. You can do Multiple IF statement Matching , some thing like (you can further stretch it) :local dsl1 [/system script environment get [/system scr...
by aacable
Fri Aug 18, 2017 12:30 pm
Forum: General
Topic: 2 WAN PPPOE LOAD BALANCER
Replies: 5
Views: 6301

Re: 2 WAN PPPOE LOAD BALANCER

Sample config is using SRC-ADDRESS as classifier. In src-address approach, the source address of a client will always be the same, so all traffic from a particular client will always match the same PCC matcher, and will always be put on the same link therefore there will be no issue of IP changing a...
by aacable
Fri Aug 18, 2017 8:59 am
Forum: General
Topic: 2 WAN PPPOE LOAD BALANCER
Replies: 5
Views: 6301

Re: 2 WAN PPPOE LOAD BALANCER

You can have only DEFAULT route active at a time. Route in Blue shows that they are available but will not be used as ACTIVE gateway (until previous active route with lowest distance value is not available) If you have multiple default routes available , then the route with lowest distance value wil...
by aacable
Fri Aug 18, 2017 6:50 am
Forum: Announcements
Topic: v6.40.1 [current]
Replies: 74
Views: 23109

Re: v6.40.1 [current]

6.40.1: error handling file while sending mikrotik backup file via GMAIL smtp.
Fixed it by
:local backupfile "$sub1 mt_config_backup.backup"
by aacable
Tue Aug 08, 2017 2:11 pm
Forum: Beginner Basics
Topic: question mark in URL in CLI
Replies: 3
Views: 880

Re: question mark in URL in CLI

Just to add one more example. If you want to send SMS using Kannel based SMS http gateway, you can use following.
/tool fetch url="http://KANNEL_GW_IP:13013/cgi-bin/sendsms\?username=kannel&password=KANNELPASSWORD&to=923333021909&text=TEST+MSGS"
by aacable
Tue Aug 08, 2017 1:38 pm
Forum: Scripting
Topic: Improvments for WAN-Backup Script
Replies: 4
Views: 886

Re: Improvments for WAN-Backup Script

why not monitor at least 2 different hosts to get accurate result ? better to use some script with scheduler to get better & customized results. you can modify this scrtip/scheduler to suite your need. like once shifting is done to B, then it should not move back to A untill it detect no link with B.
by aacable
Tue Aug 08, 2017 12:58 pm
Forum: Beginner Basics
Topic: switch route automatically if preffered is not reachable
Replies: 5
Views: 1494

Re: switch route automatically if preffered is not reachable

as @pe1chl suggested, you should have at least two/three hosts for monitoring before any fail over is done, just to avoid any false alarm. I always prefer scripting method because its more reliable, can give you pretty much accurate results, can perform various interesting bizzare functions like sen...
by aacable
Tue Aug 08, 2017 12:48 pm
Forum: Beginner Basics
Topic: use two ISP simulatenously
Replies: 10
Views: 4951

Re: use two ISP simulatenously

PCC is common (sort of auto) method of doing Load Balancing among various wan links you may have. It provides variety of methods to do the load balancing, like based on Source / Destination IP, Ports etc. Fail over is a bit tricky part depends on the network scenario. Example: If you have DSL links ...
by aacable
Thu Jul 06, 2017 7:30 am
Forum: General
Topic: 2 Public Static IP's - 3 Lans - Routing [SOLVED]
Replies: 2
Views: 397

Re: 2 Public Static IP's - 3 Lans - Routing [SOLVED]

In my company I have 2 internet links, each with /29 pool. I have lots of local servers which are routed via different public ips for different functions. You can use simple src-nat rules to route traffic from specific local system via specific public ip. Example: /ip firewall nat add action=src-nat...
by aacable
Thu Jul 06, 2017 7:27 am
Forum: General
Topic: Need consultation help from experts
Replies: 2
Views: 503

Re: Need consultation help from experts

Hardware selection is a part of network design & it really depends on your planning.You didn't mentioned about the amount bandwidth that Mikrotik will be handling plus number of users, queuing / other fire-walling/rules etc? I guess for general, RB3011 would be enough for you. I posted its performan...
by aacable
Thu Jun 22, 2017 9:34 am
Forum: Beginner Basics
Topic: Port Forwarding Woes :(
Replies: 8
Views: 1070

Re: Port Forwarding Woes :(

Sometimes, few common ports are silently blocked by the upstream providers,
Try PAT, Example forward port 55510 to your local server ip - port 3389
by aacable
Thu Jun 22, 2017 9:10 am
Forum: Beginner Basics
Topic: local server without speed limte
Replies: 1
Views: 231

Re: local server without speed limte

It's simple. First Mark the traffic in Mangle Section , Going to 192.168.1.110/x , then create Queue allowing unlimited (or controlled) speed to these marked packets. When you create Queue you can add comments on it so that its easier to remember why you created this queue, plus you can then take ac...
by aacable
Sat Jun 10, 2017 8:35 am
Forum: General
Topic: Feature requests
Replies: 1160
Views: 208330

Re: Feature requests

'Unmetered Content' / to bypass local servers from radius accounting.
by aacable
Wed Jun 07, 2017 11:34 am
Forum: Scripting
Topic: get gateway in variable
Replies: 1
Views: 662

Re: get gateway in variable

Is gateway dynamic or static? If you add comment to your default gateway like "DEFAULT_ROUTE" then you can easily get and store it in variable. I used int fail voer script which emails/sms me the details along with the gateway dynamically. :local GW [/ip route get [find comment="DEFAULT_ROUTE"] gate...
by aacable
Wed May 17, 2017 7:58 am
Forum: General
Topic: Blocking youtube is stoping GDRIVE
Replies: 22
Views: 12531

Re: Blocking youtube is stoping GDRIVE

Yes the IP addressees are shared by various services, so blocking 1, caused 2nd one to blocked too.
by aacable
Wed May 10, 2017 6:24 am
Forum: General
Topic: Netwatch with interface or routing table
Replies: 5
Views: 4069

Re: Netwatch with interface or routing table

customized results requires customized solution :) Stop using netwatch. instead go with script method. it has utmost power and you can get about any result you want. If you have 3 wan links, then you should have at least 2 monitoring host (e.g 8.8.8.8 or 1.2.3.4 likewise) per wan to monitor. means c...
by aacable
Tue Feb 28, 2017 9:10 am
Forum: Scripting
Topic: [Script] Dial PPPoE until a Certain IP Range is Obtained
Replies: 6
Views: 2746

Re: [Script] Dial PPPoE until a Certain IP Range is Obtained

That's useful in many situation :)
by aacable
Wed Feb 01, 2017 6:45 am
Forum: Scripting
Topic: Script to convert dynamic to static address list
Replies: 6
Views: 2496

Re: Script to convert dynamic to static address list

Comment and disabling are not supported on dynamics, use that is more simple: I understand why disable log, but hardcode it inside is wrong, can interfer with other script or function... :local list :local address :log info "Dynamic to static conversion started" /ip firewall address-list :foreach a...
by aacable
Tue Dec 20, 2016 6:43 am
Forum: General
Topic: Blocking youtube is stoping GDRIVE
Replies: 22
Views: 12531

Re: Blocking youtube is stoping GDRIVE

Updated! thx
by aacable
Thu Dec 15, 2016 12:27 pm
Forum: General
Topic: Blocking youtube is stoping GDRIVE
Replies: 22
Views: 12531

Re: Blocking youtube is stoping GDRIVE

The DNS method is the most suitable way. but going with this method, you must FORCE all users to use your mikrotik dns as there primary dns server, you can make a simple nat rule to redirect dns traffic to your local mikrotik dns service. One working Example i implemented at some Ghana School & loca...
by aacable
Thu Dec 15, 2016 10:09 am
Forum: General
Topic: OID for RADIUS client monitoring?
Replies: 2
Views: 574

Re: OID for RADIUS client monitoring?

@magnavox As per my limited knowledge, there is no such OID to query timeout value from Mikrotik Radius Client Status. If you explain why you require it then possibly someone may suggest some workaround to get it :) In the past I used bash script (which make SSH connection to mikrotik using password...
by aacable
Mon Jul 04, 2016 8:21 am
Forum: Scripting
Topic: Customer have a power for change his password
Replies: 7
Views: 991

Re: Customer have a power for change his password

How can I give the customer the power to change its own password through Hotspot Page Sent from my SM-N900 using Tapatalk Have you try this? its php page with AP support which user can use to change password. It works without Userman. https://aacable.wordpress.com/2014/02/10/hotspot-user-change-pas...
by aacable
Tue Jun 21, 2016 10:56 am
Forum: Scripting
Topic: API Broken for DMA Radiusmanager
Replies: 4
Views: 2940

Re: API Broken for DMA Radiusmanager

Hello Mikrotik, we are using plenty Mikrotik PPPoE Concentrators integrated with DMA's Radiusmanagers. Seems since a while, the API Integration between DMA and Mikrotik doesnt work anymore. DMA Support is saying, the API on Routeroard 6.x version is broken and we should downgrade to 5.x. We cannot ...
by aacable
Mon Jun 06, 2016 2:36 pm
Forum: Scripting
Topic: SMS PING ALERT
Replies: 2
Views: 3392

Re: SMS PING ALERT

ping to what? you can use netwatch tool and configure up n down scripts as required. or use separate scripts for more customized control and send sms as required. Few scripts for your reference. Script#1, to send alert when WAN goes down. # WAN 1 Monitor Script for mikrotik by using two internet hos...
by aacable
Thu Jun 02, 2016 3:02 pm
Forum: Scripting
Topic: IP Pool Statistics
Replies: 15
Views: 16494

Re: IP Pool Statistics

Sorry to wakeup this very old thread. Recently an OP required a customized solution to get alerts and record for the Mikrotik DHCP pool usage stats dynamically by Linux base bash scripting. I used this script and tried to took it to the next level. the bash script on Ubuntu , remotely executes this ...
by aacable
Thu May 26, 2016 12:16 pm
Forum: Beginner Basics
Topic: Got unassign IP's
Replies: 6
Views: 594

Re: Got unassign IP's

@Zero

Sir Zero thank you for give me an answer i put my leases time is 2d 10:00:00 you thing sir this is cos the problem why i got unassign IP's sir?
as zero suggested, either increase pool length OR [preferably] make lease time lesser. I usually configure 6 hours which is suitable IMHO.
by aacable
Tue May 17, 2016 7:27 am
Forum: General
Topic: Failover work with 8.8.8.8
Replies: 10
Views: 3897

Re: Failover work with 8.8.8.8

you can use black hole approach in route section to make sure ping to x.x.x.x goes via specific wan link ONLY. just an idea to share
https://aacable.wordpress.com/2015/09/1 ... -approach/
by aacable
Mon May 16, 2016 7:29 am
Forum: General
Topic: Mikrotik as syslog server
Replies: 5
Views: 3014

Re: Mikrotik as syslog server

The best option would be to use External syslog server which can be highly customized according to your requirements. you can do filtering as well, create separte log files for each server or each topic level. Dude is fine too for basic logging. Following are few suggestions. https://aacable.wordpre...
by aacable
Thu May 05, 2016 2:28 pm
Forum: General
Topic: Mikrotik SMTP problem
Replies: 0
Views: 366

Mikrotik SMTP problem

Mikrotik is configured in basic simple mode. No firewall/filter/mangle rule. Just one basic NAT rule only. ether1 = wan (connected with DSL modem) ether2 = lan (connected with user switch) Clients (MAC MAIL OS X) behind mikrotik are unable to send emails via remote smtp server. Very rare it works, b...
by aacable
Mon May 02, 2016 3:10 pm
Forum: Beginner Basics
Topic: Is it possible to restrict a VPN user to a certain IP address
Replies: 2
Views: 1731

Re: Is it possible to restrict a VPN user to a certain IP address

I have a scenario I am trying to configure where I need to restrict a customer to only 1 IP address inside our network. This customer will be connecting via VPN and I am not sure how to do this. The task can be achieved with variety of ways. Among many, One is described below ... When the remote us...
by aacable
Mon May 02, 2016 3:04 pm
Forum: Beginner Basics
Topic: Time quota to access some sites
Replies: 1
Views: 519

Re: Time quota to access some sites

With some 'workaround' you can do it. First make an address list which should have target web site ip addresses (it can be a bit tricky but you can use already available scripts that fetches ip addresses from the dns cache on a scheduled basis & add it to the specific address list) and then make a f...
by aacable
Wed Apr 20, 2016 9:51 am
Forum: Scripting
Topic: Failover with email notification
Replies: 4
Views: 3451

Re: Failover with email notification

What will happen if the Ping to that specific host fails due to ISP blockage, or for any reason , the host is down , the script will give FALSE results. add at least (minimum) two hosts for monitoring. Example. Make a Scheduled script that checks for multiple hosts and act accordingly.Ping host1 / h...
by aacable
Tue Apr 19, 2016 9:59 am
Forum: Scripting
Topic: restart pppoe when getting private IP
Replies: 1
Views: 1152

Re: restart pppoe when getting private IP

Try following. # Script to find if wan link have private ip and act accordingly, # Tested with Mikrotik ROS 5.20 Version # 19-APR-2016 / Syed Jahanzaib # Set your WAN Interface name , i have added pppoe-out1 , change it as required :local WANINTERFACE :set WANINTERFACE pppoe-out1 # Find Public IP fr...
by aacable
Mon Apr 04, 2016 11:53 am
Forum: Scripting
Topic: Multiple IF Statement match and action accordingly
Replies: 4
Views: 2878

Re: Multiple IF Statement match and action accordingly

How can i match two statements and if BOTH equals to xxx, act accordingly. Example: If variable 1 and Variable 2 values in environment are equal to DOWN, then execute script. I search forum and google, but found only one statement match examples. Try this. :local var1 [/system script environment ge...
by aacable
Sat Mar 26, 2016 7:24 am
Forum: General
Topic: help regarding Mikrotik-Total-Limit ?
Replies: 19
Views: 6929

Re: help regarding Mikrotik-Total-Limit ?

never mind. i managed to make it work with the COA :D
https://aacable.wordpress.com/2016/03/2 ... oa-part-2/.
by aacable
Wed Mar 16, 2016 11:13 am
Forum: General
Topic: help regarding Mikrotik-Total-Limit ?
Replies: 19
Views: 6929

Re: help regarding Mikrotik-Total-Limit ?

I am trying to get the Mikrotik-Total-Limit to disconnect the user when that Hotspot User has reached a specified limit. I have used the sqlcounter to calculate the users total data usage with the query. sqlcounter totalbytecounter { counter-name = Mikrotik-Total-Limit check-name = Mikrotik-Total-L...
by aacable
Wed Mar 16, 2016 8:31 am
Forum: General
Topic: Need help to setup Mikrotik with Freeradius/Mysql, freeside billing!
Replies: 2
Views: 605

Re: Need help to setup Mikrotik with Freeradius/Mysql, freeside billing!

I dont hold much expertise on the mikrotik or freeradius subject, but still I am willing to contribute My two cents :) Following is a collection of my own R&D , its not very professional, not impressive, but still it may help new comers. On the Internet, information is very scattered on the related ...
by aacable
Wed Mar 16, 2016 8:28 am
Forum: General
Topic: quota limit with freeradius
Replies: 1
Views: 4404

Re: quota limit with freeradius

configure volume QUOTA limit , e.g 100MB for user. I tried to take various examples from the google/forum but none of it worked. can some one please post some working examples of the counters and tips please? Try following: [I have used it in Ubuntu Freeradius 2.x with Mikrotik 5.x] QUOTA LIMIT FOR...
by aacable
Fri Mar 04, 2016 12:13 pm
Forum: General
Topic: PCQ base Tree for whole subnet
Replies: 1
Views: 756

PCQ base Tree for whole subnet

I am using following code to prioritize marked traffic. but it is being done for single client. what If I want to use it for per user basis for whole subnet? /ip firewall mangle # Mark HTTP 80Traffic Connections/Packets add action=mark-connection chain=forward comment="Zaib-Desktop - Mark HTTP Port ...
by aacable
Wed Jan 27, 2016 7:52 am
Forum: Beginner Basics
Topic: Marking Youtube Traffic
Replies: 8
Views: 7256

Re: Marking Youtube Traffic

Try
/ip firewall layer7-protocol
add name=VIDEO-L7 regexp="^.*(youtube.com).*\\\$"
by aacable
Mon Jan 11, 2016 11:58 am
Forum: Beginner Basics
Topic: hotspot login by mac still show login page
Replies: 2
Views: 1678

Re: hotspot login by mac still show login page

Hi, I am using hotspot and linux base freeradius billing system. I have enabled login by mac and created users in radius with mac address. Problem is that when user tries to browse internet, he still see login page for first time, and in mikrotik logs, i can see user logged in by mac successfully. ...
by aacable
Thu Dec 10, 2015 7:19 am
Forum: General
Topic: Mikrotik temperature template
Replies: 6
Views: 2381

Re: Mikrotik temperature template

MRTG is the core of almost every graphing application. you can install it on windows or Preferably Linux (if you want to unleash this beast true powers) I dunt have rb1100 version , but for CCR following is working. try with this https://aacable.wordpress.com/2013/10/31/monitoring-mikrotik-with-linu...
by aacable
Wed Dec 09, 2015 10:57 am
Forum: General
Topic: Mikrotik temperature template
Replies: 6
Views: 2381

Re: Mikrotik temperature template

Does anybody have template for temperature, voltage, consumption for rb1100ahx2?
are you looking for cacti or mrtg?
by aacable
Wed Dec 09, 2015 9:45 am
Forum: Scripting
Topic: Changeip update not working any more
Replies: 19
Views: 4737

Re: Changeip update not working any more

Thank you very much for your help! But sadly that does not work for me. The same error is displayed "DDNS: sendig update; connect error; script error: connect error" SS: http://s12.postimg.org/bt6zwc17d/winbd.jpg This script also is trying to connect to 204.16.170.40 and this does not work any more...
by aacable
Tue Dec 08, 2015 7:19 am
Forum: Scripting
Topic: Changeip update not working any more
Replies: 19
Views: 4737

Re: Changeip update not working any more

Here is the changeip DDNS script i am using. so far its working fine as of 8th-dec-2015. (I am using it on few 5.20 x86 versions, and mostly at 6.33.x versions) :local ddnsuser "DDNS_USER_ID@hotmail.com" :local ddnspass "DDNS_PASS" :local ddnshost "MYDDNSHOSTNAME.dns1.us" :local ddnsinterface "pppoe...
by aacable
Thu Nov 26, 2015 10:12 am
Forum: The Dude
Topic: Dude Switch Port Monitor with Media converter always show up
Replies: 4
Views: 1510

Re: Dude Switch Port Monitor with Media converter always show up

@lebowski The other end (unmanageable switch) is not under our control, we only provide there users dhcp and internet connectivity. so we cannot force them to always make any device powered on 24x7. our bad. But maybe this is the only way ? @siscom Most of them are normal fiber to cat5 media convert...
by aacable
Tue Nov 24, 2015 7:59 am
Forum: The Dude
Topic: Dude Switch Port Monitor with Media converter always show up
Replies: 4
Views: 1510

Dude Switch Port Monitor with Media converter always show up

Greetings, I have configured DUDE to monitor my Cisco 3750 ports. Distribution layout is as follows. switch.png Now problem is that some times area1 or area2 un-managebale switch goes off, but the dude shows cisco 3750 port always UP because its connected with the media converter port which always r...
by aacable
Fri Nov 20, 2015 8:05 am
Forum: The Dude
Topic: Dude Device Appearence > Shape SIZE
Replies: 2
Views: 1408

Re: Dude Device Appearence > Shape SIZE

The size of the background shape is determined by the size of what it contains. In the example you have shown I would reduce the font size of the text to make the containing shape smaller. unfortunately even with the smaller and few text, its size doesnt shrink less. I was hoping to customize the s...
by aacable
Thu Nov 12, 2015 12:48 pm
Forum: The Dude
Topic: Dude Device Appearence > Shape SIZE
Replies: 2
Views: 1408

Dude Device Appearence > Shape SIZE

in Dude , I have several devices. How can I adjust the size of triangle SHAPE to lower size?

As showed in the image below ...
1.PNG
by aacable
Thu Nov 05, 2015 7:39 am
Forum: Scripting
Topic: Script to turn on/off WHO CAN HELP ME ???????????????????????????????????
Replies: 6
Views: 712

Re: Script to turn on/off WHO CAN HELP ME ???????????????????????????????????

Try this:
:global selector "on";
:if ($selector = "on") do={
:log warning "Selector is ON"
} else={:log error "Selector is OFF";}
}
and let me know if it works,
by aacable
Thu Oct 15, 2015 9:58 am
Forum: Scripting
Topic: howto supress confirmation for reboot via script
Replies: 1
Views: 1994

Re: howto supress confirmation for reboot via script

I was in the same situation few days before (on 5.x series) The workaround I used was following 1- Create simple script name 'reboot-mt-on-demand' with following contents /system scheduler enable reboot-mt-on-demand 2- Create an scheduler with following command (by default it will be disabled all th...
by aacable
Mon Oct 12, 2015 7:27 am
Forum: Scripting
Topic: script to get mikrotik health report via sms or scheduled on daily basis?
Replies: 1
Views: 881

Re: script to get mikrotik health report via sms or scheduled on daily basis?

Something like this? mikrotik status updated script via sms.PNG There are several ways, specially if you have any Linux base box attached, you can create highly customized report for sms or email. Following script is for standalone Mikrotik routerboard ( ccr ) with usb modem attached with it. You ca...
by aacable
Wed Oct 07, 2015 2:16 pm
Forum: Scripting
Topic: schedule pptp profile
Replies: 2
Views: 802

Re: schedule pptp profile

- There are several ways to accomplish this. - Where are users created? in local mikrotik secrets or userman or external billing ? - If users are created locally in mikrotik, then there are no builtin way to limit any specific profile. however you can create a script which can disable all users with...
by aacable
Wed Oct 07, 2015 12:58 pm
Forum: Beginner Basics
Topic: How do I setup Dual WAN and Web Filtering?
Replies: 14
Views: 93517

Re: How do I setup Dual WAN and Web Filtering?

hello gays .... i have a question please:
Kindly clarify :lol:
by aacable
Mon Sep 14, 2015 1:16 pm
Forum: Scripting
Topic: print specific value from command output
Replies: 1
Views: 2127

Re: print specific value from command output

Try following
:put [get 0 value-name=address]
It will print the value 1.2.3.4 only. (considering you have only single radius configured and its value is 0, other wise if you have multi radius mentioned you can use the number like 1,2,3, etc accordingly)
8)
by aacable
Tue Jul 28, 2015 11:01 am
Forum: General
Topic: Mikrotik temperature template
Replies: 6
Views: 2381

Re: Mikrotik temperature template

Just to add some more ... CFG files for Linux MRTG ... ### MIKROTIK CPU load ### Target[10.0.0.1_cpu]: 1.3.6.1.2.1.25.3.3.1.2.1&1.3.6.1.2.1.25.3.3.1.2.1:public@10.0.0.1 AbsMax[10.0.0.1_cpu]: 100 MaxBytes[10.0.0.1_cpu]: 100 Title[10.0.0.1_cpu]: MIKROTIK CPU load PageTop[10.0.0.1_cpu]: <H1>MIKROTIK CP...
by aacable
Mon Jun 15, 2015 12:15 pm
Forum: Scripting
Topic: Display router downtime by script
Replies: 7
Views: 1481

Re: Display router downtime by script

actually what i want is to see the last tie when was router ok. so something like lastseen value and the current one on RB. so i can calculate difference for how long the RB was down. I don't know much about Routeros Scripting, but by seeing this link, http://wiki.mikrotik.com/wiki/Send_email_about...
by aacable
Sun Jun 14, 2015 11:41 am
Forum: Scripting
Topic: Display router downtime by script
Replies: 7
Views: 1481

Re: Display router downtime by script

How can I print Specific Environment value only? Example I have script which updates an environemtn variable with current date time, now i want to print this variable only (without other details. for example if i try to get value from varibale it shows 3 lines and then in logs it doens't show any t...
by aacable
Tue Jun 09, 2015 11:10 am
Forum: Scripting
Topic: Browsing & Downloading
Replies: 8
Views: 2258

Re: Browsing & Downloading

from the router perspective, Technically there is no difference in downloading vs browsing. Router sees it as packets. However you you can adopt few tricks to overcome the situation. - Mark specific type of contents like .zip or .flv and create queue accordingly - In mangle section, you can use conn...
by aacable
Tue Jun 09, 2015 9:07 am
Forum: Scripting
Topic: how to get the daily usage of internet per user?
Replies: 2
Views: 642

Re: how to get the daily usage of internet per user?

how can i find that which user is absorbing more bandwidth? how can i generate the report of user's bandwidth usage? You didn't provide any information on your network how users are connected to your NAS? other info? To make this task easier, you should use any RADIUS billing system which keeps tra...
by aacable
Tue Jun 09, 2015 9:01 am
Forum: Scripting
Topic: Print users count on specific or all vlan interface
Replies: 2
Views: 736

Re: Print users count on specific or all vlan interface

I don't know of any short route to print vlan users via CLI. I have no expertise in mikrotik, But you can follow this route which I made for a client and it's working very good with much more control :) Some thing like 1.jpg https://aacable.wordpress.com/2015/05/22/give-your-hardware-some-freedom-of...
by aacable
Sun May 24, 2015 2:55 pm
Forum: Scripting
Topic: Sharing an idea for sms reporting in mikrotik/linux
Replies: 3
Views: 830

Re: Sharing an idea for sms reporting in mikrotik/linux

Another idea to reboot mikrotik or Linux or any device via SMS but with a layer of security by providing password or code too. Its basic idea, but can be enhanced or modified to suite any one's requirement. https://aacable.wordpress.com/2015/05/12/sharing-ideas-mikrotik-with-kannelplaysms/ Screensho...
by aacable
Fri May 22, 2015 10:14 am
Forum: Scripting
Topic: Sharing an idea for sms reporting in mikrotik/linux
Replies: 3
Views: 830

Sharing an idea for sms reporting in mikrotik/linux

Just to share my idea. Its a bit immature, but its working good as a quick way to get information via SMS. 8) The task was to send an sms with specific keyword to playSMS server, and it should then SSH to Mikrotik, and get some information (as described in the script) and send back that info (after ...
by aacable
Thu May 14, 2015 10:15 am
Forum: The User Manager
Topic: Sharing some Thoughts ... Mikrotik Account Renewal with SMS
Replies: 0
Views: 957

Sharing some Thoughts ... Mikrotik Account Renewal with SMS

Just sharing an old idea. User Manager Account Renewal with SMS using KANNEL/playSMS mt - code found.png Please note that I took User Manager as an example and uses some low and un secure scripting method. (I have no experience in creating good scripts either in linux or mikrotik, so LOT of room for...
by aacable
Fri Apr 03, 2015 6:59 am
Forum: General
Topic: Mikrotik connectivity with Cisco ASA VPN
Replies: 0
Views: 343

Mikrotik connectivity with Cisco ASA VPN

Hi, I have a requirement. at some remote site Cisco ASA is running, they have provided us with vpn client dialer which we uses from our windows base PC to connect to there site. Now i want to connect my mikroitk to there ASA . I have no control over there ASA and they have not provided us much detai...
by aacable
Thu Apr 02, 2015 10:15 am
Forum: Scripting
Topic: number of pppoe active connections
Replies: 1
Views: 1222

Re: number of pppoe active connections

You should focus on solving the issue, rather then going for workarounds
any how you may try this, schedule it
{
    :local pppcount [/ppp active print count-only];
    :if ($pppcount < 1) do={
:log error "No User Found, Rebooting Router after 10 seconds of delay..."
delay 10
/sys reboot
    }
}
by aacable
Thu Feb 26, 2015 8:39 am
Forum: Beginner Basics
Topic: Disable Internet at Certain hours !!
Replies: 19
Views: 14111

Re: Disable Internet at Certain hours !!

There are always different and 'doable' methods to accomplish any task. If you want to block multiple IP addresses and series, then better to create an address list, and then block/allow this address in the Filter rule. As showed in the example below ... /ip firewall address-list add address=172.16....
by aacable
Fri Jan 09, 2015 12:56 pm
Forum: Scripting
Topic: Script required for change wan ip
Replies: 9
Views: 2600

Re: Script required for change wan ip

@cicserver the solution you are looking for is not very mature. Either you should try some tunneling to hide the traffic so that ISP cannot detect it, or contact ISP for some proper solution. In the meanwhile try this.Following script is for for 8 Public IP's. # Script Starts here ... Tested with Mi...
by aacable
Mon Jan 05, 2015 8:36 am
Forum: Scripting
Topic: DYNDNS script FIREWALL RULES
Replies: 3
Views: 1828

Re: DYNDNS script FIREWALL RULES

Hi, I had the forward rules only for related and establiched. Now it works. I added: add action=accept chain=input comment="allow established connections" \ connection-state=established disabled=no add action=accept chain=input comment="allow related connections" \ connection-state=related disabled...
by aacable
Thu Jan 01, 2015 8:01 am
Forum: General
Topic: howto block hotspot shield
Replies: 5
Views: 3609

Re: howto block hotspot shield

HOTSPOT SHIELD is a bit tricky to block. but with some filter rules to block its destination (which are in thousands and few ports) I managed to block (Its still in test phases but its blocking the hotspot shield 99% 8) Read this. https://aacable.wordpress.com/2014/12/31/blocking-hotspot-shield-in-m...
by aacable
Tue Dec 02, 2014 11:53 am
Forum: RouterBOARD hardware
Topic: CCR1036-8G-2S+ SFP Problems
Replies: 48
Views: 38193

Re: CCR1036-8G-2S+ SFP Problems

Suffering with same issue.
I have ccr1036-12g-4s with sfp modules, setting up to 1g link manually set the LINK to OK. but no data pass. Tried every suggestion mentioned here and at forums, but no luck.
by aacable
Mon Dec 01, 2014 7:22 am
Forum: General
Topic: PPPOE , unauthorized user login
Replies: 2
Views: 710

Re: PPPOE , unauthorized user login

Dears I need help how can I enable unauthorized user to login even its not exist in SECRET or billing or radius , I need to accept the pppoe session and give him an separated IP POOL to give him instruction to fill his account , I not need for expire users , I Have it , but i need for unauthorized ...
by aacable
Mon Dec 01, 2014 7:15 am
Forum: Beginner Basics
Topic: Block hotspot user timebased
Replies: 2
Views: 1007

Re: Block hotspot user timebased

You cannot do it with builtin hotspot or with user manager. You have to create a script and schedule it to disable the user account on Monday 2am and then another script which will enable the account on 10am. Something like following... Script-1 to disable user test Script-2 to disable user test /sy...
by aacable
Mon Nov 17, 2014 9:41 am
Forum: Beginner Basics
Topic: Set expiration date of PPP Secret
Replies: 3
Views: 1608

Re: Set expiration date of PPP Secret

The proper method would be to use Radius. Mikrotik have builtin mini radius service called USER MANAGER, which is fairly good billing system and you can create customized profiles, expiration dates, quota limit etc. For account in PPP/SECRET section dont have any expiry limit by default. but if expi...
by aacable
Mon Nov 17, 2014 9:17 am
Forum: Beginner Basics
Topic: Mikrotik as VPN client
Replies: 5
Views: 11565

Re: Mikrotik as VPN client

Its all about proper static routes at each router and clients. Make sure to masquerade (source) client traffic going for internet requests on WAN interface only. You dont need any PROXY ARP at any end. clients should see each other with there source ip if proper routing is configured. something like...
by aacable
Mon Nov 17, 2014 9:04 am
Forum: Beginner Basics
Topic: HOW TO MAKE MY DATE AND TIME REMAIN CURRENT
Replies: 2
Views: 905

Re: HOW TO MAKE MY DATE AND TIME REMAIN CURRENT

Mikrotik ROUTERBOARDS have no battery backed system clock. You must configure NTP to get time from TIME Servers automatically via internet to get correct time after a reboot. /system ntp client set enabled=yes primary-ntp=59.106.180.168 secondary-ntp=62.201.215.14 You may want to read following as w...
by aacable
Thu Sep 25, 2014 10:11 am
Forum: General
Topic: MRTG Not reporting accurately
Replies: 5
Views: 1408

Re: MRTG Not reporting accurately

Hi, I recently reinstalled mrtg onto a new server and set it up to monitor the traffic for our CCR edge router running ros 6.19. I used the cfgmaker to create the config file, and having reviewed it I am happy that it is monitoring the correct interfaces. The problem is that there is a magnitude of...
by aacable
Thu Sep 25, 2014 10:02 am
Forum: Beginner Basics
Topic: Porting Cisco config to Mikrotik.
Replies: 4
Views: 1435

Re: Porting Cisco config to Mikrotik.

I recently migrated from Cisco ASA 5510 Firewall/Router config to Mikrotik. Cisco was running /29 Public pool and had 2 ISPs for failover. I did all the config from scratch in Mikrotik and tried to make it as much simple as it could, configured two ISP's. Fail over is done with customized multi host...
by aacable
Thu Sep 25, 2014 9:52 am
Forum: General
Topic: Radius Hotspot Issue
Replies: 2
Views: 682

Re: Radius Hotspot Issue

I have deployed many DMA installations. There is no performance difference for bandwidth using DMA , userman or whatever radius you uses. Its upto your NAS/Mikrotik who maintain bandwidth management. DMA is just a radius, it can send bandwidth attributes, rest is done by your NAS,Mikrotik. and yes D...
by aacable
Wed Sep 17, 2014 11:38 am
Forum: Beginner Basics
Topic: Which Routerboard should I buy?
Replies: 10
Views: 1722

Re: Which Routerboard should I buy?

I have 20 computers, two internet connections(adsl2+ with routers came from ISP) Basically I want the games to use the one internet connection and everything else the other. Actually what you are looking for is TRAFFIC BASE ROUTING . you should read this nice article with practical examples http://...
by aacable
Wed Sep 17, 2014 11:28 am
Forum: Beginner Basics
Topic: accessing mikrotik everywhere using dynamic dns
Replies: 8
Views: 1960

Re: accessing mikrotik everywhere using dynamic dns

Modem web interface is also operated on port 80 by default, so it will open the modem page. Better to change mikrotik web service port to some other port example 1234 and forward this port from the modem to mikrotik, and then you can access it like http://ddnsname:1234 (you can also use PAT port add...
by aacable
Wed May 21, 2014 6:10 am
Forum: Beginner Basics
Topic: log: excessive or late collision, link duplex mismatch ????
Replies: 24
Views: 47311

Re: log: excessive or late collision, link duplex mismatch

I faced this issue in 6.11/6.12/6.13 on rb1100ahx2 few days back at wisp operator. I tried EVERY POSSIBLE method available in the mikrotik forum and at Google, but no use. Although this error was not effecting any communication but the wisp operator was getting annoyed by seeing these errors and rel...
by aacable
Fri May 16, 2014 8:33 am
Forum: Beginner Basics
Topic: RB1100AHx2 as Internet Gateway
Replies: 4
Views: 2174

Re: RB1100AHx2 as Internet Gateway

Good Day everyone I'm in need of assistance and believe this is the place to get it. :) This is what I need to do. 1. Configure this unit to relay all traffic from the backbone Wifi system onto the Internet through gateway A.A.A.225 2. Configure a port to relay all smtp traffic over gateway B.B.B.3...
by aacable
Wed Apr 30, 2014 11:01 am
Forum: General
Topic: help in cache
Replies: 4
Views: 917

Re: help in cache

maybe something like this ? First Mark Cached Contents by MANGLE Rule. /ip firewall mangle add action=mark-packet chain=output comment="CACHE HIT" disabled=no dscp=4 \ new-packet-mark=cache-hits passthrough=no Now if you are using mikoritk 5.x , Create an Queue Tree which will send cache-hits packet...
by aacable
Fri Apr 25, 2014 7:13 am
Forum: General
Topic: Display Maintenance Message To Users
Replies: 8
Views: 4167

Re: Display Maintenance Message To Users

******************* For aacable only: Hint: STOP using third party source for check.... Think if one time Google stop service for maintenance on 8.8.8.8 rextended: Yes you are absolutely right I posted just a very basic and simple solution that one can use to get get a very basic idea on hwo it can...
by aacable
Thu Apr 24, 2014 2:34 pm
Forum: Beginner Basics
Topic: Redierect hotspot expired users to an information page
Replies: 9
Views: 3762

Re: Redierect hotspot expired users to an information page

it works well but i noticed something like a bug.
https connection aren't blocked or redirected, such as facebook and google.
anyone who have faced this issue or have a solution ?
You can simply create a Filter Rule to block the https port 443 for the expired users ip pool.
by aacable
Thu Apr 24, 2014 1:44 pm
Forum: General
Topic: redirect www.facebook.com to payment reminders??
Replies: 1
Views: 794

Re: redirect www.facebook.com to payment reminders??

this is because it may be using HTTPS (as now a days HTTPS is default with FB) What you can do is to create a destination address lsit with fb ip's, and then using a simple dst-nat redirect rule for this dst-list, you can redirect to your non payment ad page. you can also create a script that can ca...
by aacable
Thu Apr 24, 2014 1:40 pm
Forum: Beginner Basics
Topic: Advertise Webpage on PPPoE
Replies: 3
Views: 950

Re: Advertise Webpage on PPPoE

In HOTSPOT its possible to redirect user to your web page after successful login, but I suspect that its not possible with the default pppoe dialer at client. I would like to know if it can be achieved with some mangle/firewall rule :D However if any customize sort of dialer is distributed at user e...
by aacable
Thu Apr 24, 2014 1:37 pm
Forum: Beginner Basics
Topic: 2 wan pcc problem
Replies: 23
Views: 4254

Re: 2 wan pcc problem

you are using web proxy too on the pcc box ?
also there is a mistake in your IP Address config for WAN2.
add address=5.5.5.200/24 network=192.168.2.0 broadcast=192.168.2.255 interface=WAN2
by aacable
Thu Apr 24, 2014 1:33 pm
Forum: Beginner Basics
Topic: Able to connect to internet before PPPoE authentication
Replies: 2
Views: 652

Re: Able to connect to internet before PPPoE authentication

Dear All, I am able to connect to internet before PPPoE authentication. Can you please let me know why? Anything to do with firewall rules? Thanks Sibychan This is because of default OPEN masquerade/nat rule you may have. create a new ip pool in IP>POOL (Make sure its different then the dhcp pool, ...
by aacable
Tue Apr 15, 2014 6:09 am
Forum: Scripting
Topic: Disable PPPoE Dialer if the Ethernet Cable is not connected
Replies: 6
Views: 2384

Re: Disable PPPoE Dialer if the Ethernet Cable is not connec

Dear danz9370, You got me all wrong. I didn't meant to criticize any one's work here. By " Nice one " really means Good one, Keep up the good work. I Thought in English, "nice one" means "nice one, good one" :lol: I appreciate your spirit of sharing, also Rextended did good job by improving it. BTW,...
by aacable
Sat Mar 22, 2014 5:13 pm
Forum: The User Manager
Topic: UserManager benchmarks
Replies: 4
Views: 1730

Re: UserManager benchmarks

I talk about my experience. User Manager on x86 machine (ROS 6.10) 4523 Users [No HotSpot, only for PPPoE authentication, currently 4128 active] on a x86 machine /system resource> print uptime: 7w1d4h37m29s version: 6.10 build-time: Feb/12/2014 13:46:18 free-memory: 1727.0MiB total-memory: 1894.1Mi...
by aacable
Mon Mar 17, 2014 11:50 am
Forum: The Dude
Topic: What is the ideal hardware/software Dude setup?
Replies: 5
Views: 4857

Re: What is the ideal hardware/software Dude setup?

I am using Dude from past few years using various hardware including Pentium 4, Corei7, and at my company I am using 4.0 beta3 in ESXI base guest , reserved 2GB RAM and 2 cores. Monitoring about 500+ targets with customized probes, alerts, and other scripts on various triggers. Working perfect :lol:...
by aacable
Wed Mar 12, 2014 10:06 am
Forum: Scripting
Topic: Allow multiple devices per user but not simultaneous
Replies: 5
Views: 2907

Re: Allow multiple devices per user but not simultaneous

From previous experience, this will cause a "login war" between clients and complaints to you. Best to deny second login attempt with RADIUS. Imagine Dad and Mom in the living room logged in and watching a Netflix movie. Just as the movie reaches its climax, Junior in the bedroom connects and logs ...
by aacable
Wed Mar 12, 2014 6:11 am
Forum: Scripting
Topic: Radius server offline - enable ppp secrets!
Replies: 6
Views: 2201

Re: Radius server offline - enable ppp secrets!

Using radius server with pppoe and have set the clients with ppp secret disabled but if radius server goes offline clients cannot authenticate, so I would like to use netwatch to monitor the IP address of radius server and if unreachable to run script to enable ppp client secrets , any advice is mo...
by aacable
Wed Mar 12, 2014 6:00 am
Forum: General
Topic: company page Open as home page
Replies: 4
Views: 1056

Re: company page Open as home page

Howto Redirect User to your selected site after successful Login If you want that after successful login to hotspot , user must be redirected to your advertisement web site / any other web, then You will need to replace a variable on the hotspot/login.html document on the mikrotik router. You must ...
by aacable
Sat Mar 08, 2014 1:17 pm
Forum: General
Topic: Netwatch script
Replies: 13
Views: 2261

Re: Netwatch script

Although scripts can help you in getting out of the box solution, but still i suggest you to go with DUDE, it can do much more in a more sophisticated way with details logging , SMS / Email / Voice and other customized actions, Also Mikrotik DUDE is a FREE Centralized Network Monitoring/Management s...
by aacable
Sat Mar 08, 2014 1:08 pm
Forum: Beginner Basics
Topic: how can i get ride of illegal login !? via telnet or ssh
Replies: 2
Views: 1038

Re: how can i get ride of illegal login !? via telnet or ssh

the best way and recommended method is to DISABLE all services which are not in used. Specially TELNET/SSH/FTP/API/WWW make sure you change default port in all services, protect your router by firewall rules, another approach is to create mangle rules which keep check on ssh/telnet services and if i...
by aacable
Fri Mar 07, 2014 1:59 pm
Forum: General
Topic: Display Maintenance Message To Users
Replies: 8
Views: 4167

Re: Display Maintenance Message To Users

Yes this is possible ! Simply create a NAT rule that redirects http port 80 requests to your local/external proxy service which deny all requests and redirect to local web server page which shows the MAINTENANCE PAGE. Now create a NETWATCH rule that can keep monitoring any reliable HOST on internet ...
by aacable
Thu Mar 06, 2014 7:59 pm
Forum: Scripting
Topic: Allow multiple devices per user but not simultaneous
Replies: 5
Views: 2907

Re: Allow multiple devices per user but not simultaneous

you can try this [add it in hotspot user profile ON LOGIN SCRIPT] it will automatically remove first logged in user automatically , if the same id is logged in from 2nd computer. :local uname $user; :local usercount 0; :local usertime "00:00:00"; :local kickable; :local maxuser 2; :foreach i in=[/ip...
by aacable
Wed Feb 26, 2014 5:54 am
Forum: Scripting
Topic: [SOLVED] Script to export users from PPP to Userman
Replies: 5
Views: 3248

Re: [SOLVED] Script to export users from PPP to Userman

post few lines of your text file here, and maybe , using scripting or simple search and replace in text file, you can restore the users.
by aacable
Tue Feb 25, 2014 8:37 am
Forum: Scripting
Topic: Cache Hits Control
Replies: 2
Views: 1022

Re: Cache Hits Control

Create a PCQ base simple queue to restrict cache hit packets delivery to users on per ip basis (/32)
by aacable
Thu Feb 20, 2014 5:34 am
Forum: The User Manager
Topic: Day/Night Bandwidth Configure in User Manager
Replies: 9
Views: 7073

Re: Day/Night Bandwidth Configure in User Manager

COA messages are not supported by PPPoE at MikroTik RouterOS. Only DM messages are supported for PPPoE. (Change on the fly is supported in HOTSPOT however) You can use following script and schedule it to run two times at 00:00:00 & 13:00:00 It will disconnect all active users and when they will reco...
by aacable
Sat Feb 15, 2014 4:48 pm
Forum: General
Topic: How To Limit P2P Using Simple Queue And Layer 7 ?
Replies: 4
Views: 7014

Re: How To Limit P2P Using Simple Queue And Layer 7 ?

Hmmm If I understand your query correctly, then let me give you an workaround. I used it at few networks and it worked like a charm. Maybe someone else have better solution. The workaround for this issue is to create a script that moves this static queue name “ p2p download ” to 0 (top number) whene...
by aacable
Thu Feb 13, 2014 8:49 am
Forum: General
Topic: Winbox Security: Password Stored in clear text format
Replies: 5
Views: 38363

Re: Winbox Security: Password Stored in clear text format

Yes, this is true. Do not "save" passwords on a PC where you are not the only user. We are working on a new Winbox where you will be able to set a master password, that will encrypt your passwords.
Good news NORMIS, & waiting for new WINBOX ... :)
by aacable
Thu Feb 13, 2014 8:30 am
Forum: General
Topic: Winbox Security: Password Stored in clear text format
Replies: 5
Views: 38363

Winbox Security: Password Stored in clear text format

I know its not recommended to save the password in mikrotik WINBOX (as password are stored in clear text form in winbox.cfg in local pc user profile), But we HUMANS love being lazy enough or with weak memory sometimes prefer to save the password and the management PC and sometimes this PC is also sh...
by aacable
Fri Feb 07, 2014 7:26 am
Forum: Beginner Basics
Topic: proxy: how to block a specific url sub-directory?
Replies: 3
Views: 1281

Re: proxy: how to block a specific url sub-directory?

Try
/ip proxy access
add action=deny disabled=no dst-port="" path=/badsite/
OR
/ip proxy access
add action=deny disabled=no dst-host=yourdomain.com.pk dst-port="" path=/badsite/
by aacable
Fri Feb 07, 2014 6:25 am
Forum: General
Topic: [solved by aacable ] help with squid i can't show user ip
Replies: 13
Views: 3268

Re: help with squid i can't show user ip in squid

Its time to post your network layout, perhaps a network diagram and your mikrotik config in order to get pin point directions.
/ip fi nat ex
/ip fi man ex
/ip route ex
by aacable
Fri Feb 07, 2014 5:40 am
Forum: General
Topic: [solved by aacable ] help with squid i can't show user ip
Replies: 13
Views: 3268

Re: help with squid i can't show user ip in squid

If your squid have two interfaces, one for Mikrotik, and second for WAN, then you have to create as additional route on SQUID Box for user subnet pointing to mikrotik so that SQUID can see user original ip instead of mikrotik. Something like following. route add -net 172.16.0.0 netmask 255.255.0.0 g...
by aacable
Thu Feb 06, 2014 12:40 pm
Forum: Beginner Basics
Topic: MikroTik Training Books
Replies: 3
Views: 3863

Re: MikroTik Training Books

Try this one.
http://learnmikrotik.com/index.php?opti ... cle&id=151

Not much advance, but it's still worthy to have it along with other training materials.
by aacable
Thu Feb 06, 2014 11:08 am
Forum: Scripting
Topic: E-mail and scripting quesiton..
Replies: 14
Views: 5979

Re: E-mail and scripting quesiton..

Just to add a little contribution. I tried following, and it worked too ... Sends Email Alert of ROGUE DHCP using GMAIL ID :local CurrentTime [/system clock get time]; :local hostname [/system identity get name] :global date [/system clock get date] :local int "$interface" :local addr "$address" :lo...
by aacable
Thu Feb 06, 2014 7:15 am
Forum: Beginner Basics
Topic: using hotspot to limit users to time of day & specific ports
Replies: 3
Views: 1260

Re: using hotspot to limit users to time of day & specific p

Hello all! Please, can I use hotspot to limit users to specific time of the day? Also, can I use hostspot to limit users to specific ports - so that some users will only be able to use email clients to receive mails. Thanks! To control time, You can use either Firewall Rules combination along with ...
by aacable
Thu Feb 06, 2014 6:59 am
Forum: General
Topic: How to see Ethernet Port Uptime?
Replies: 19
Views: 8620

Re: How to see Ethernet Port Uptime?

It would be great if Mikrotik include PORT uptime that can be viewed with comamnd/gui or pulled via snmp query too :D Currently I am monitoring Cisco Switch/ASA and Mikrotik Port status using Mikrotik 'DUDE'. I have customized it according to my need like if main feed link is down, it sends sms and ...
by aacable
Wed Feb 05, 2014 7:41 am
Forum: General
Topic: Need Help Load Balancing 1100 AHX2
Replies: 12
Views: 1663

Re: Need Help Load Balancing 1100 AHX2

PCC is not very good with the un equal link, however you can add additional pcc rules to balance it at some extent. try this. http://wiki.mikrotik.com/wiki/Manual:PCC#Quick_Start_for_Impatient http://aacable.wordpress.com/2011/07/27/mikrotik-dual-wan-load-balancing-using-pcc-method-complete-script-b...
by aacable
Mon Feb 03, 2014 5:54 am
Forum: General
Topic: Centralize Mikrotik Scripts
Replies: 13
Views: 4518

Re: Centralize Mikrotik Scripts

Make sure not to add any empty space or empty line. simple flat entries with no spaces.
I have tested with 5.20 several times, and working gr8.
[update: even i tested with empty spaces and it worked fine]
by aacable
Mon Feb 03, 2014 5:15 am
Forum: General
Topic: DMS Radius Manager 4. Simple Question
Replies: 10
Views: 4155

Re: DMS Radius Manager 4. Simple Question

Hi Does anyone know how to force self-register user to first pay for the month before he/she will be allowed to log in and use the internet.? Cause right now new users register and right away they can use the internet without paying. I dont want users to verified the registration that is not needed...
by aacable
Fri Jan 31, 2014 9:22 pm
Forum: General
Topic: Squid for caching file hardware requirement?
Replies: 2
Views: 1414

Re: Squid for caching file hardware requirement?

Two words: Memory & Disk CPU or MP have its importance in its own domain, but IMHO memory and disks priority comes above. as nowa days Multi core cpu is very common. More Memory, Better performance. (I have even seen squid eating 288GB of box maxing out on full load :D) More disk Spindles you have, ...
by aacable
Fri Jan 31, 2014 1:26 pm
Forum: Beginner Basics
Topic: block skype
Replies: 6
Views: 8544

Re: block skype

COUNTER STRIKE Counter strike uses TCP prot 27015 by default. But at some palces, CS admins uses different port, You can monitor its usage by TORCH tool too. To block the default port of CS, use the following code ... /ip firewall filter add chain=input action=drop dst-port=27015 protocol=tcp add c...
by aacable
Thu Jan 30, 2014 9:02 am
Forum: Beginner Basics
Topic: disable users by scripting
Replies: 6
Views: 6745

Re: disable users by scripting

OR you can use this too if you want to read user names via text file and act accordingly. :global content [/file get [/file find name=data.txt] contents] ; :global contentLen [ :len $content ] ; :global lineEnd 0; :global line ""; :global lastEnd 0; :do { :set lineEnd [:find $content "\r\n" $lastEnd...
by aacable
Thu Jan 30, 2014 8:08 am
Forum: General
Topic: Centralize Mikrotik Scripts
Replies: 13
Views: 4518

Re: Centralize Mikrotik Scripts

That is awsome news. Are you willing to share a working script so i could accomplish that task, i would really appreciate it. I've been trying to import, export and download files using mikrotik script's, but i'm not getting the job done. I belive that it would be easier to have a central manual fi...
by aacable
Thu Jan 30, 2014 7:01 am
Forum: Beginner Basics
Topic: disable users by scripting
Replies: 6
Views: 6745

Re: disable users by scripting

how can i disable some of my hotspot users from 06:00 till 23:00 and enable them from 23:00 till 06:00??? You have to create two scripts , one for disabling users at 06:00, and second for enabling them at 23:00 hrs, and schedule them as per required timings. DISABLE Script name: disable-users # Set...
by aacable
Wed Jan 29, 2014 4:11 pm
Forum: Beginner Basics
Topic: Bandwidth monitoring
Replies: 6
Views: 7682

Re: Bandwidth monitoring

If you want some free solution, then design your own using Linux base MRTG, but it do requires Manual handwork, or more suitably it should be called artwork ;) Try this. http://aacable.wordpress.com/2013/10/31/monitoring-mikrotik-with-linux-base-mrtg/ another but wordpress coding ruined it a lot :( ...
by aacable
Wed Jan 29, 2014 11:11 am
Forum: General
Topic: Centralize Mikrotik Scripts
Replies: 13
Views: 4518

Re: Centralize Mikrotik Scripts

You can make a script for this purpose and schedule it to all of your routers to run it daily at specific timings. via this script, all routers will pull the walled garden list from central FTP server (you can update it as you required) and then it will remove old entries, and update new one accordi...
by aacable
Tue Jan 28, 2014 11:49 am
Forum: General
Topic: RouterOS & Squid (RB450)
Replies: 3
Views: 947

Re: RouterOS & Squid (RB450)

you can redirect http traffic from your rb450 box to squid using dst-nat rule, squid can be configured with single lan interface too, just define default gateway of Squid pointing to Mikrotik. and in mikrotik create a NAT rule rule to allow traffic from the squid to be masqueraded. many examples on ...
by aacable
Tue Jan 28, 2014 10:12 am
Forum: Beginner Basics
Topic: How to create vpn with dynamic ip
Replies: 6
Views: 6008

Re: How to create vpn with dynamic ip

At the minimum , You can use Mikrotik RB750 series, and then configure Dynamic DNS script and connect via name.
Follow this guide, method can vary but logic usually remain same , always :lol:

http://aacable.wordpress.com/2012/03/30 ... ynamicdns/
by aacable
Tue Jan 21, 2014 10:41 am
Forum: The User Manager
Topic: How to share radius server between 2 mikrotik
Replies: 1
Views: 1143

Re: How to share radius server between 2 mikrotik

- at Router A, configure User Manager as you normally do.

- at Router B, simply add RADIUS client and add Router A ip , shared secret, & also increase the timeout value to 2 Seconds (or 2000 ms).

- Make sure you don't have FIREWALL filter rules to block radius traffic in between A/B
by aacable
Mon Dec 16, 2013 11:29 am
Forum: Beginner Basics
Topic: Hotspot advice
Replies: 6
Views: 1235

Re: Hotspot advice

I dont' know if it works for you or not, In the past I also implemented this for an small network who only needed the advertised page of there network, (rest of internet works after dialing using pppoe) in DHCP server, I added default gateway and dns pointing to that simple rb750, where I redirected...
by aacable
Mon Dec 16, 2013 6:43 am
Forum: General
Topic: First "ROUTEROS" Book Published
Replies: 47
Views: 14289

Re: First "ROUTEROS" Book Published

I can surely recommend Stephen Discher's book "RouterOS by Example". Its informative and well organized with many working examples. Although it doesn't cover 100% of mikrotik, but surely its something that I would always like to keep with me as a reference book.
Level: Beginner to Medium.
by aacable
Thu Dec 12, 2013 1:39 pm
Forum: General
Topic: How to configure the router to work as a bandwidth manager
Replies: 1
Views: 602

Re: How to configure the router to work as a bandwidth manag

Its depend how your router is configured. If its gateway then simple queues can help you. OR you can create a transparent bridge and insert it between your gateway and clients, and create Queues to restrict bandwidth or traffic passing from it :lol: You can use this transparent bridge as a transpare...
by aacable
Wed Dec 04, 2013 5:58 am
Forum: Beginner Basics
Topic: Blocking Hotspot Shield
Replies: 4
Views: 1653

Re: Blocking Hotspot Shield

I have tried my Level Best, but unable to block hotspot shield :)
by aacable
Mon Nov 25, 2013 12:42 pm
Forum: Beginner Basics
Topic: Auto Fail Over Option with Mikto TIk
Replies: 4
Views: 1335

Re: Auto Fail Over Option with Mikto TIk

How your ISPs are conencted to your mikrotik router?
ADSL? bridge? gateway?
have you tried this?
http://aacable.wordpress.com/2013/04/12 ... r-scripts/
by aacable
Sun Nov 24, 2013 11:46 am
Forum: General
Topic: Favorite solution for user management and billing
Replies: 3
Views: 1052

Re: Favorite solution for user management and billing

I use Radius Manager , quite cheap and works pretty good with tons of features.

Live demo here.
http://radmandemo.dmasoftlab.com/admin.php
by aacable
Fri Nov 22, 2013 8:54 am
Forum: Forwarding Protocols
Topic: One Mikrotik two public address for Mail Server and Internet
Replies: 2
Views: 971

Re: One Mikrotik two public address for Mail Server and Inte

hi, scenario: 2 Public IP in one subnet. How to configure router to use one public IP for internet activity and Guest Networks, and use second public IP for Mail server ? I will not ask you series of questions how your network is configured at a moment, but you should read this first. http://aacabl...
by aacable
Thu Nov 21, 2013 5:58 am
Forum: Beginner Basics
Topic: How to limit the quantity, not the speed?
Replies: 10
Views: 2768

Re: How to limit the quantity, not the speed?

You can download Mikrotik RotuerOS from
http://download2.mikrotik.com/routeros/ ... ik-6.6.iso

Without License , It have 24 Hours running life, so you can test it easily.
by aacable
Mon Nov 18, 2013 2:27 pm
Forum: Beginner Basics
Topic: How to limit the quantity, not the speed?
Replies: 10
Views: 2768

Re: How to limit the quantity, not the speed?

There are lot of easy to use guides and videos for setting up user man.
try some of these OR google for more.

http://aacable.wordpress.com/2011/08/09 ... ng-system/
http://www.wifitech.com.pk/mikrotik-use ... h-hotspot/
by aacable
Sun Nov 17, 2013 6:46 pm
Forum: Beginner Basics
Topic: How to limit the quantity, not the speed?
Replies: 10
Views: 2768

Re: How to limit the quantity, not the speed?

Thanks for your reply. I've looked at the wiki and it seems too complicated for me. However, I've found this: http://aacable.wordpress.com/tag/mikrotik-quota-base-service/ Is it possible to install Radius Manager in RouterOS and if yes, is it too complicated ? This looks easy "point and click" solu...
by aacable
Sat Nov 16, 2013 6:53 pm
Forum: The User Manager
Topic: One authentication server and many Internet service sources
Replies: 7
Views: 1787

Re: One authentication server and many Internet service sour

I will write some short references on how to connect all remote NASes to central pptp server to facilitate with central radius server,
by aacable
Tue Nov 12, 2013 11:18 am
Forum: Beginner Basics
Topic: Network diagram software
Replies: 7
Views: 2634

Re: Network diagram software

I use EDRAW MAX. Very good for designing simple to complex diagram of network and about every thing :)
by aacable
Mon Nov 11, 2013 9:15 am
Forum: The User Manager
Topic: One authentication server and many Internet service sources
Replies: 7
Views: 1787

Re: One authentication server and many Internet service sour

Simply add any pptp server, I used main Mikrotik as a pptp server too, then all branches imply use vpn dialer to dialin to this central pptp server, this way they all connect to this network virtually on same LAN. you dont need any special device to perform this task. Email me your network scenario,...
by aacable
Mon Nov 11, 2013 8:05 am
Forum: The User Manager
Topic: One authentication server and many Internet service sources
Replies: 7
Views: 1787

Re: One authentication server and many Internet service sour

I have deployed few scenarios with centralized authentication server for whole region, and branches network gets auth data from the central server.
and yes central server must have STATIC ip

having a central pptp server and connect all nases with it is a good idea for security purposes.
by aacable
Sun Nov 10, 2013 3:58 pm
Forum: The User Manager
Topic: One authentication server and many Internet service sources
Replies: 7
Views: 1787

Re: One authentication server and many Internet service sour

Create a Central PPTP server on your router-board where you have configured your USERMAN, Then simply using simple pptp client dialer from your remote NAS to connect to this central pptp server. This way all your remote Nases will be virtually on same network just for authentication purposes. and re...
by aacable
Sat Nov 02, 2013 2:30 pm
Forum: The Dude
Topic: SMS send by Dude
Replies: 8
Views: 5493

Re: SMS send by Dude

I want to do something like that. Dude starts using putty and I connect via ssh to mikrotik by which I can send text messages. In "execute on server" I wrote something like this: "putty user@ip-pw pass" How can I now add the following command to have been made ​​for the above machine: /tool sms sen...
by aacable
Sat Nov 02, 2013 10:11 am
Forum: Beginner Basics
Topic: sms script for ppp
Replies: 3
Views: 748

Re: sms script for ppp

you can send your message with variables something like

:cmd secret script ppp-disable var=john

but as far as I know, for some bug or reasons, variable are not processing / understood at mt level.
maybe some one else shed some light here :lol:
by aacable
Fri Nov 01, 2013 5:46 am
Forum: General
Topic: Radius server dependancy
Replies: 1
Views: 476

Re: Radius server dependancy

Hello! We have a few RB751U's, with hotspot + radius setup, now we're trying to figure out how we can disconnect all the radius-authed users, if the radius server for whatever reason is unreachable.. Any ideas or suggestions ? Can you provide more detail on the task and existing scenario? specially...
by aacable
Wed Oct 30, 2013 7:46 am
Forum: General
Topic: MikroTik + Squid
Replies: 1
Views: 504

Re: MikroTik + Squid

hello dear, kindly suggest me the way that i would use squid proxy with mikrotik in a way that if my squid server shutdown due to electricity failure or any other reason my traffic would by pass automatically directly to WAN and on returning back (getting on ) the squid server it start caching agai...
by aacable
Wed Oct 30, 2013 7:40 am
Forum: Beginner Basics
Topic: Squid with mikrotik router
Replies: 2
Views: 1817

Re: Squid with mikrotik router

Squid MUST be connected with mikrotik to isolate it from the user LAN, not to switch. for example: Mikrotik LAN1 = User LAN 10.0.0.x LAN2 = WAN 1.2.3.x LAN3 = to SQUID 192.168.1.x then use dst-nat method to route port 80 request to squidip:port That's it :) add chain=dstnat src_address=xxx.xxx.xxx.x...
by aacable
Sat Oct 26, 2013 8:23 am
Forum: Beginner Basics
Topic: How to exclude traffic limit from LAN
Replies: 3
Views: 2149

Re: How to exclude traffic limit from LAN

When user will access resources, which is not on its own subnet, will be considered as OUTSIDE or OTHER network and all filters/queues will be applied to that traffic. The simple solution is to mark traffic from/to that network subnet and then create a simple queue that allow unlimited bandwidth or ...
by aacable
Sat Oct 19, 2013 2:18 pm
Forum: General
Topic: PCC load balancing - one IP should always use just one GW
Replies: 8
Views: 1953

Re: PCC load balancing - one IP should always use just one G

Hi all, If someone could help me with this one I would really appreciate. I need one IP in my LAN to use all the time just one gateway (provider) and not both providers I have, how to accomplish this? Please in examples, I will not be able to do something with theory. What I've tried to do and didn...
by aacable
Sat Oct 19, 2013 2:12 pm
Forum: Beginner Basics
Topic: squid proxy_with_mikrotik_not_work
Replies: 1
Views: 679

Re: squid proxy_with_mikrotik_not_work

Try this from user end try to ping SQUID box, You wont get reply from it. Because SQUID have no info for that particular user subnet. Simply add a route in squid for user subnet. Some thing like below . . . route add -net 172.16.0.0 netmask 255.255.0.0 gw 192.168.2.1 dev eth0 adjust the 172.16.0.0 u...
by aacable
Fri Sep 27, 2013 3:49 pm
Forum: Beginner Basics
Topic: Request for Mikrotik Team, ability to cache Youtube?
Replies: 26
Views: 9522

Re: Request for Mikrotik Team, ability to cache Youtube?

With Mikrotik Webproxy, its not possible to do the caching of dynamic contents, cdn videos. To accomplish this task you have to add SQUID proxy server, and route all http traffic from mikrotik to squid. Then configure squid 2.7 stable9 with storeurl url rewrite. I wrote an easy guide regarding squid...
by aacable
Wed Sep 04, 2013 4:29 pm
Forum: The Dude
Topic: Dude v4beta3 released
Replies: 253
Views: 99912

Re: Dude v4beta3 released

+1
Please upgrade DUDE. The world is moving too fast, and dude is far behind :(
by aacable
Wed Jul 10, 2013 12:31 pm
Forum: The User Manager
Topic: Activate Hotspot Local user after UM user is expired???
Replies: 2
Views: 1589

Re: Activate Hotspot Local user after UM user is expired???

Not possible, via UM. Once the user account is expired, there is no mechanism in UM that can enable the local user. Perhaps with some scripting , maybe its possible. But I am not sure.

What is the goal exactly behind this idea? If you share it , maybe someone will give you any workaround.
by aacable
Wed Jul 10, 2013 7:14 am
Forum: Beginner Basics
Topic: Tutorial for 2 ISP with failover
Replies: 2
Views: 1294

Re: Tutorial for 2 ISP with failover

If you want some short notes , read following

http://aacable.wordpress.com/2013/04/12 ... r-scripts/
by aacable
Thu Jul 04, 2013 11:33 am
Forum: General
Topic: Is it possible to config failover with only one int(WAN)?
Replies: 5
Views: 1076

Re: Is it possible to config failover with only one int(WAN)

Good to know that but how exactly, Is it multi homing? This can be done in variety of ways. For example one way could be that you insert both WAN links in single switch, and then connect this Switch with mikrotik WAN. In Mikrotik , you can add secondary IP address on the WAN interface, means WAN in...
by aacable
Tue Jun 18, 2013 1:01 pm
Forum: The User Manager
Topic: Mikrotik User manager Prepaid Billing System with Hotspot co
Replies: 3
Views: 7592

Re: Mikrotik User manager Prepaid Billing System with Hotspo

Use the LAN ip address in "ip address" box,
for example, if you have configured 192.168.0.1 in the Mikrotk LAN ip, then use the same here.
Same applies to Mikrotik Radius Section.
by aacable
Wed Jun 12, 2013 6:11 am
Forum: Beginner Basics
Topic: which one is the best hotspot server or pppoe server
Replies: 11
Views: 3608

Re: which one is the best hotspot server or pppoe server

RB1100 supports fairly good amount of concurrent connections with queues, firewall etc. I have heard from people that have around more then 300 concurrent connections without any issue on RB1100.
by aacable
Tue Jun 11, 2013 6:48 am
Forum: Beginner Basics
Topic: which one is the best hotspot server or pppoe server
Replies: 11
Views: 3608

Re: which one is the best hotspot server or pppoe server

Actually its common, because Queue limits ICMP packets too. If you are just worries because of high latency to mikrotik, simply create a queue that allow some access bandwidth just to ICMP protocol.

http://aacable.wordpress.com/2011/12/07 ... -priority/
by aacable
Mon Jun 10, 2013 8:16 pm
Forum: General
Topic: Remote Radius Authentication Help
Replies: 2
Views: 851

Re: Remote Radius Authentication Help

I have done such configuration for few mini ISP's and WISP's. Its very simple. Either add PPTP Server on your main Mikrotik, OR Install a central PPtP server in NOC where your RM is also located, Connect all your remote Mikrotik's to the central PPtP server with PPtP connections. The central PPtP se...
by aacable
Thu Jun 06, 2013 9:33 am
Forum: General
Topic: Cache Flow 500 Appliance
Replies: 7
Views: 2711

Re: Cache Flow 500 Appliance

Hello guys, I would like to know if you could help me on this one!!! I just received a Bluecoat CacheFlow 500 appliance, super cool!!!, I assume I need a policy based routing rule in order to get this working, could you please help me? I plan to connect this appliance directly to a Routerboard 1200...
by aacable
Mon Jun 03, 2013 7:34 am
Forum: General
Topic: Best Topology for hotspot extension
Replies: 2
Views: 765

Re: Best Topology for hotspot extension

Information you gave is not sufficient.
If you further explain about your goals in brief, I am sure you will get helpful replies.
by aacable
Fri May 31, 2013 9:50 am
Forum: General
Topic: Hotspot + External radius, High latency.. low throughput?
Replies: 7
Views: 1572

Re: Hotspot + External radius, High latency.. low throughput

Dear folks, I'm going through a weird problem. I'm using RB1100AHx2 with hotspot setup. And using external radius server for AAA. Everything works fine with 2-3 users authenticated. But, as more users login. The latency goes very high. for example, 8.8.8.8 goes to 600-700ms, while in general it goe...
by aacable
Fri May 31, 2013 9:38 am
Forum: Beginner Basics
Topic: which one is the best hotspot server or pppoe server
Replies: 11
Views: 3608

Re: which one is the best hotspot server or pppoe server

Don't' ask what is better for your network , Do some research , then compare them, then try to use them in lab environment or with very few users, then judge on your own. Only you can be the best one who can decide what is better for your network. I will not comment on 'Simple DHCP', as its not wort...
by aacable
Fri May 31, 2013 9:33 am
Forum: General
Topic: Radius Manager
Replies: 6
Views: 2927

Re: Radius Manager

can anyone help me install radius manager? im using ubuntu 12.04 LTS for its installation, are all installation the same even when version are not the same?? need help please. i already send email to dmasoftlab requesting for installation guid buit didnt get any reply. can anyone share a link or yo...
by aacable
Wed May 29, 2013 12:05 pm
Forum: The User Manager
Topic: Expired hotspot users loosing profiles
Replies: 2
Views: 2049

Re: Expired hotspot users loosing profiles

I dont think its possible at a moment.
by aacable
Wed May 29, 2013 11:39 am
Forum: The User Manager
Topic: USER MANAGER FOR 5000 Users - Need Help
Replies: 5
Views: 3430

Re: USER MANAGER FOR 5000 Users - Need Help

Regarding Radius Server, I will not recommend to use USER MANAGER. userman is good but not for this amount of users and it have few bugs too.

Go with some 3rd party radius server like DMASOFTLAB Radius Manager.
by aacable
Thu May 23, 2013 8:36 am
Forum: Wireless Networking
Topic: PCC not work with hotspot
Replies: 3
Views: 1357

Re: PCC not work with hotspot

Are you trying to configure PCC and hotspot on the same box ?
by aacable
Wed May 22, 2013 11:08 am
Forum: Beginner Basics
Topic: How do I enable proxy setting for a specific network?
Replies: 3
Views: 2320

Re: How do I enable proxy setting for a specific network?

There are many different ways to achieve this. You can transparently inspect DNS requests. you can NOT transparently inspect https traffic - it's encrypted. Another method for blocking facebook with a mikrotik is to block at the DNS level. Enable DNS server on the mikrotik, add invalid entries for f...
by aacable
Mon May 20, 2013 11:12 am
Forum: General
Topic: Load balancing?
Replies: 1
Views: 489

Re: Load balancing?

It depends on what classifier you are using, for example if you are using both addresses and ports as the classifier, While this will randomize things the most and in theory give you the most fair allocation of bandwidth, BUT there is also a good chance that it will break certain things like banking...
by aacable
Mon May 20, 2013 11:03 am
Forum: Beginner Basics
Topic: Load balancing
Replies: 3
Views: 1121

Re: Load balancing

Hello world !!! I have some problems with my load balancing script based on the script taken from http://www.adeelkml.tk. My version : ether3 : local interface / 89.xxx.yyy.zzz : pppoe-dsl /89.xxx.yyy.zzz+1 : pppoe-dsl2 /ip firewall mangle add action=mark-connection chain=prerouting comment=XXX con...
by aacable
Thu May 16, 2013 7:59 am
Forum: Beginner Basics
Topic: How do I enable proxy setting for a specific network?
Replies: 3
Views: 2320

Re: How do I enable proxy setting for a specific network?

Setup Transparent Proxy by adding NAT rule (which redirects port 80 to proxy) , and in src-address, enter your desired IP range e.g 192.168.0.1-192.168.0.255 that need to be redirected. This way only specific ip range will be redirected to local proxy and other requests will go directly. Example: /i...
by aacable
Wed May 15, 2013 7:02 am
Forum: General
Topic: Hotspot + Squid3 = No real user name/IP on Sarg
Replies: 3
Views: 1192

Re: Hotspot + Squid3 = No real user name/IP on Sarg

you can also edit previous nat rule too.
by aacable
Tue May 14, 2013 7:29 am
Forum: General
Topic: Hotspot + Squid3 = No real user name/IP on Sarg
Replies: 3
Views: 1192

Re: Hotspot + Squid3 = No real user name/IP on Sarg

# In your default masquerade rule, select WAN nic in OUT Interface (So it may not NAT all request going to squid interface) # At squid, you must create a route so squid should know about the user subnet. It also depends on how your squid is configured. For example if it have two interface , 1 for la...
by aacable
Sat May 11, 2013 10:20 am
Forum: Beginner Basics
Topic: Full Speed From Squid
Replies: 1
Views: 838

Re: Full Speed From Squid

By using ZPH directives in squid, you can mark cache content, so that it can later pick by Mikrotik .
Read the following for examples.
http://aacable.wordpress.com/2011/07/21 ... t-traffic/
by aacable
Thu May 09, 2013 6:17 am
Forum: General
Topic: What is the best software for monitoring Mikrotik Traffic
Replies: 5
Views: 6530

Re: What is the best software for monitoring Mikrotik Traffi

Try DUDE. its very good in monitoring live network. for example: http://aacable.wordpress.com/2012/07/02/the-dude-show-us-your-map-series/ Thank You for the suggestion and the link, I will look into that also since it would be nice to have a live compliment to ntop, my main problem usually is that ...
by aacable
Wed May 08, 2013 7:23 am
Forum: Scripting
Topic: i want help about Loadbalance Failover i have 2 isp
Replies: 1
Views: 553

Re: i want help about Loadbalance Failover i have 2 isp

You can do it using route section, or via using scripts. Which ever suites your network requirements.
Try this.
http://aacable.wordpress.com/tag/mikrotik-fail-over/
by aacable
Wed May 08, 2013 7:05 am
Forum: General
Topic: What is the best software for monitoring Mikrotik Traffic
Replies: 5
Views: 6530

Re: What is the best software for monitoring Mikrotik Traffi

Try DUDE. its very good in monitoring live network.
for example:

http://aacable.wordpress.com/2012/07/02 ... ap-series/
by aacable
Fri May 03, 2013 9:02 pm
Forum: Beginner Basics
Topic: send a notification to client connecting with AP wirelessly
Replies: 1
Views: 794

Re: send a notification to client connecting with AP wireles

What do you exactly mean by personally ? if you mean "Hi there, do you want to buy me a cup of coffee " or "Oh no :shock: ! MARS ROVER have found Aliens ", then surely I am not aware if mikrotik can perform this function :lol: , better to use some chat application like VYPRESS, or other to send gene...
by aacable
Thu May 02, 2013 11:00 am
Forum: Beginner Basics
Topic: what is best mikrotik router board that have hotspot facilty
Replies: 10
Views: 5694

Re: what is best mikrotik router board that have hotspot fac

It would be better if you post your requirements here and someone will suggest you RB model as per requirements.
by aacable
Thu May 02, 2013 9:28 am
Forum: General
Topic: Problem with PCC LoadBalancing
Replies: 6
Views: 1006

Re: Problem with PCC LoadBalancing

Have you verified you DSL line quality separately by putting it directly to PC and then do some test downloads and check the results? If the lines are ok and you are able to download at full capacity on each WAN in testing, then do this for testing. Install IDM in your test PC, and download multiple...
by aacable
Thu May 02, 2013 9:25 am
Forum: General
Topic: loadbalancing not working at all. plz help
Replies: 4
Views: 559

Re: loadbalancing not working at all. plz help

Just add hotspot=auth in every pcc rules and it will work like a charm. For example . . . /ip fi man add action=mark-connection chain=prerouting disabled=no dst-address-type=!local hotspot=auth in-interface=LAN new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses-an...
by aacable
Wed May 01, 2013 9:46 am
Forum: Beginner Basics
Topic: what is best mikrotik router board that have hotspot facilty
Replies: 10
Views: 5694

Re: what is best mikrotik router board that have hotspot fac

Which Routerboard is suitable for you, It depends on several factors, like number of users, Firewall / Queuing method and network topology. As per your requirement, I am sure even a RB750/G would be enough for you. Every Mirkotik Routerboard and its x86 (PC base) version have Hotspot package include...
by aacable
Thu Apr 25, 2013 10:53 am
Forum: General
Topic: 20 WAN Load Balancing
Replies: 2
Views: 736

Re: 20 WAN Load Balancing

Depend on the requirement, 20 WAN PCC works, if you are using both-address-and-ports approach, this will randomize things the most and in theory give you the most fair allocation of bandwidth, BUT there is also a good chance that it will break certain things like few forums, secure sites, streaming ...
by aacable
Thu Apr 25, 2013 10:48 am
Forum: General
Topic: Need help to rout youtube traffic
Replies: 3
Views: 665

Re: Need help to rout youtube traffic

Thanks joshaven for helping me.
if possible u give me any example configuration so that is easy to understand for me
Hmm try this one.

http://aacable.wordpress.com/2011/06/04 ... ink-trick/
http://adminsline.wordpress.com/2012/08 ... k-youtube/
by aacable
Wed Apr 17, 2013 9:22 am
Forum: Scripting
Topic: "Official" 2 WAN Failover Script not working
Replies: 45
Views: 56526

Re: "Official" 2 WAN Failover Script not working

After carefully watching the script in action for a couple minutes, I've found that it DOES work, BUT, it does not automatically revert back to ISP1 when it's reachable again, instead it will stay on ISP2 until it goes down, then only revert back to ISP1. I noticed that the script increases the rou...
by aacable
Fri Apr 05, 2013 1:28 pm
Forum: Beginner Basics
Topic: How do I setup Dual WAN and Web Filtering?
Replies: 14
Views: 93517

Re: How do I setup Dual WAN and Web Filtering?

Try src-address as your pcc classifier , hopefully it will solve few issues at your end :) Failover doesn' with the script you are using if you pull out WAN cable (which is conencted from your WAN device to ISP). However if you turn off wan device for example dsl router, then surely it will not send...
by aacable
Mon Apr 01, 2013 7:06 am
Forum: General
Topic: Monitor Service provider
Replies: 1
Views: 398

Re: Monitor Service provider

Consumption is based on usage and load. If there is no one or very low number of users on the network , then the link wont be consumed much. How you are going to monitor this , ISP end issue or not enough network load at your end :) ? You can track it by doing heavy downloading of big files at vario...
by aacable
Sun Mar 31, 2013 8:53 am
Forum: Virtualization
Topic: ESxi5 and Mikrotik 5.20
Replies: 11
Views: 5692

Re: ESxi5 and Mikrotik 5.20

I have used mikrotik in virtualized environment and found it good. My experience is that it perform good with multi core cpu's.
by aacable
Mon Mar 25, 2013 12:28 pm
Forum: General
Topic: how to assign public ip to my pppoe users !
Replies: 1
Views: 527

Re: how to assign public ip to my pppoe users !

First of all you have to ask your ISP to provide you public ip pool (obtain ip pool as per your users quantity), then ask them to route it you. Create a new pool with public ip address range (that is given by your ISP) and in PPPoe profile create new or edit existing profile by giving remote address...
by aacable
Mon Mar 25, 2013 12:14 pm
Forum: Beginner Basics
Topic: How do I setup Dual WAN and Web Filtering?
Replies: 14
Views: 93517

Re: How do I setup Dual WAN and Web Filtering?

Guys, I need setup a MikroTik 751U-2HnD (Wi-Fi) router to accomplish following tasks: 1. Dual WAN bonding/merging/at least load balancing. 2. Failover setup. 3. Web content filtering / websites block. 4. Data sharing and printing over LAN and WLAN. Attached are network design/layout and setting fil...
by aacable
Mon Mar 11, 2013 7:38 am
Forum: Virtualization
Topic: virtualizing Mikrotik + squid + Radius in one ESXi
Replies: 6
Views: 3977

Re: virtualizing Mikrotik + squid + Radius in one ESXi

Try adding Hard drive as IDE in vm guest.
by aacable
Thu Mar 07, 2013 5:47 am
Forum: General
Topic: MT on ESXi as a gateway ?!
Replies: 4
Views: 1141

Re: MT on ESXi as a gateway ?!

I have deployed Mikrotik+SQUID+Radius Server in one box at various cable.network and so far I am pleased with the results. If you use some modern hardware with dual processors with multiple cores , gigabit connectivity, and with raid supported storage, you will be fine for virtualizing multiple OS i...
by aacable
Thu Mar 07, 2013 5:37 am
Forum: General
Topic: Retrieve "forgotten password" Radius Manager via SMS
Replies: 3
Views: 2851

Re: SMS text message for "lost password" Radius Manager

I have deployed DMASOFTLAB radius manager at various networks which have this option. If a user forget his password, he can retrieve it by clicking on FORGOT PASSWORD link, After submitting the mobile number, user will receive a code on his mobile number (If he have defined valid number while regist...
by aacable
Wed Feb 27, 2013 7:23 am
Forum: Virtualization
Topic: ESxi5 and Mikrotik 5.20
Replies: 11
Views: 5692

Re: ESxi5 and Mikrotik 5.20

You can't claim its a bug in ESXi , perhaps a configuration mistake probably :) ESXi works good with about every OS I have tested. Specially Microsoft/Mikrotik/Linux , I have deployed may scenarios with Mikrotik / Squid Proxy and Radius Manager in one Server with ESXi Virtualization technology and a...
by aacable
Wed Feb 27, 2013 7:18 am
Forum: Scripting
Topic: Flood detection with RADIUS (dmasoftlab)
Replies: 2
Views: 1494

Re: Flood detection with RADIUS (dmasoftlab)

First of all you have to detect what kind of flooding is running on your network. Without knowing the nature of flood, it would be hard to pin point any issue. You have to protect your mikrotik routerOS with secure scripts, close all un necessary services like ssh , api, http etc. run TORCH and see ...
by aacable
Wed Feb 20, 2013 5:18 pm
Forum: General
Topic: A RADIUS system I am working on
Replies: 7
Views: 2012

Re: A RADIUS system I am working on

Hi, Thanks for the feedback. Actually that feature is there, I forgot to mention. A cronjob runs on daily basis and send email to the User and to the entity (Dealer, Sub-Dealer) that user belongs to. 1) Notification should be sent to ACTIVE users only. It should not send sms to already expired/disa...
by aacable
Wed Feb 20, 2013 5:14 pm
Forum: General
Topic: How to block access to websites to some users
Replies: 5
Views: 2026

Re: How to block access to websites to some users

Hi, I have a Router OS 5.20 installed. 1. I would like to know how to block some users to access some websites and others access. 2. My Router OS is configured Dynamic to all IP, how can I change that and give some IP static? Thanks The proper way to do URL filtering is to configure web proxy and f...
by aacable
Wed Feb 20, 2013 5:12 pm
Forum: General
Topic: URGENT ADMINS L6 licence issue on x86 system
Replies: 6
Views: 753

Re: URGENT ADMINS L6 licence issue on x86 system

no one here to help me?? The better way to get support regarding license is to email support@mikrotik, only they can help you in this regard as they are the authority to modify any licenses :) However Email me , possibly I can give you an workaround which will work just right, its a workaround only...
by aacable
Wed Dec 12, 2012 5:50 am
Forum: Virtualization
Topic: virtualizing Mikrotik + squid + Radius in one ESXi
Replies: 6
Views: 3977

Re: virtualizing Mikrotik + squid + Radius in one ESXi

If good modern hardware is used, and software is configured correctly, then there will be no difference in most cases. I have used 3 machines (1-Mikrotik + 2-Squid + 3-Radius )in one virtual server and tested few results and found it better then RB in most cases. Specially the The hardware I used wa...
  • 1
  • 2