Community discussions

MUM Europe 2020

Search found 36 matches

by texmeshtexas
Mon May 27, 2019 8:10 pm
Forum: General
Topic: DNS and Radius random failures
Replies: 0
Views: 236

DNS and Radius random failures

Ok, This is a strange one and hard to reproduce. Symptom: PPPoE authentications are failing against our off site Radius server. We can reboot the router and everything is fine again. During investigation and while the router was in the state, I looked to see if there was a more current version of Ro...
by texmeshtexas
Mon May 27, 2019 8:06 pm
Forum: General
Topic: Mikrotik CCR 1072 Hang
Replies: 3
Views: 531

Re: Mikrotik CCR 1072 Hang

We have seen this also but not in a while. We reworked Firewall filter rules to get the CPU load down and it go more stable. Problem seems to be worse when the CPU load is highest. And using packet sniffer with Winbox drives the CPU up and can crash the system as well. Also it does seem more stable ...
by texmeshtexas
Mon Jan 21, 2019 3:36 am
Forum: General
Topic: CCR1072 crashes when running Packetsniff
Replies: 0
Views: 306

CCR1072 crashes when running Packetsniff

Has anyone else experience the CCR1072 running 6.43.8 and the previous couple releases, becoming unstable and crashing (total hang up requiring a power cycle to recover) when running packetsniff? A big clue is the CPU goes to 100% when running packet sniff. Even a sniff that results in a rather smal...
by texmeshtexas
Tue Aug 28, 2018 10:03 pm
Forum: Announcements
Topic: v6.42.7 [current] is released!
Replies: 159
Views: 32468

Re: v6.42.7 [current] is released!

6.42.7 BGP problem

we have 6.42.7 updated this morning.
I'm noticing that our BGP blackhole peer with our upstream is not sending withdrawal from the network list like it used to.

anyone else have issues with this?
by texmeshtexas
Fri Aug 17, 2018 3:30 pm
Forum: Forwarding Protocols
Topic: BGP black hole with large number of prefixes
Replies: 1
Views: 450

Re: BGP black hole with large number of prefixes

was able to determine its not the number of /32 prefixes, it was the script that looks at my address list and puts those addresses on the prefix list https://forum.mikrotik.com/viewtopic.php?f=9&t=115521&p=680382#p680382 I was running the script every 10sec but it takes over 2min for the script to r...
by texmeshtexas
Fri Aug 17, 2018 3:21 pm
Forum: Scripting
Topic: IP Firewall Address list to BGP Network. Useful for Blackhole.
Replies: 2
Views: 1175

Re: IP Firewall Address list to BGP Network. Useful for Blackhole.

GamerXP,

Tried your script, seems to work well.
Any reason it takes 2.5min to run on a CCR1072.
Adding 120 prefixes from my address list.
Does that seem right?
I can only run it every 5 min.

Greg
by texmeshtexas
Thu Aug 16, 2018 5:32 pm
Forum: Forwarding Protocols
Topic: BGP black hole with large number of prefixes
Replies: 1
Views: 450

BGP black hole with large number of prefixes

we seem to get hit by DDoS attacks to a large number of IPs at the same time. Some are assigned IPs and many are not. In any case, we want the ability to black hole several hundred IPs at once. Our upstream allows upto 200 at the moment. However, with 100 or so /32 prefixes on the Mikrotik (CCR1072 ...
by texmeshtexas
Sun Aug 12, 2018 8:25 am
Forum: General
Topic: TCP SYN Flood attack causing high cpu
Replies: 20
Views: 11013

Re: TCP SYN Flood attack causing high cpu

that first mangle rule /ip firewall> mangle print Flags: X - disabled, I - invalid, D - dynamic 0 chain=prerouting action=add-src-to-address-list tcp-flags=syn,rst protocol=tcp address-list=ddos-source address-list-timeout=6h in-interface=NETIX log=no log-prefix="" sure seems to put alot of addresse...
by texmeshtexas
Sat Jul 07, 2018 8:54 pm
Forum: General
Topic: Bridge Dst-Nat [SOLVED]
Replies: 2
Views: 569

Re: Bridge Dst-Nat [SOLVED]

dst-nat is performed as the frame or packet enters the 'Tik, so the mangle rule assigns the packet-mark to the packet too late, after it has already passed the dst-nat chain. So a single rule like /interface bridge nat chain=dstnat action=dst-nat to-dst-mac-address=FF:FF:FF:FF:FF:FF mac-protocol=ip...
by texmeshtexas
Fri Jul 06, 2018 5:06 pm
Forum: General
Topic: Bridge Dst-Nat [SOLVED]
Replies: 2
Views: 569

Bridge Dst-Nat [SOLVED]

I've got a phone server on our network that uses the subnet broadcast address to send info to the phones on the local subnet. However, its sending the packet to desitination MAC of the gateway router (MT 2011) and not FF:FF:FF:FF:FF:FF so the phones never see it as the switches forward the frame onl...
by texmeshtexas
Mon Jan 01, 2018 2:43 am
Forum: General
Topic: CPU load goes way up randomly CCR1072
Replies: 3
Views: 448

Re: CPU load goes way up randomly CCR1072

It could be but I dont see the traffic going up much.
I have a bunch of rules to detect if the traffic goes up to an unusual level and captures stuff into files assuming its a DDOS attach.
It could be a low volume attach designed to drive a Mikrotik crazy, I suppose.
by texmeshtexas
Sun Dec 31, 2017 10:18 pm
Forum: General
Topic: CPU load goes way up randomly CCR1072
Replies: 3
Views: 448

CPU load goes way up randomly CCR1072

We have a CCR1072 running 6.40.5 on the edge of our network. This router typically has 2.5-3Gbps of traffic running through it. Many fw rules and does NAT for customers on private addressing. about 1-2 times per month it randomly jumps into a mode where the CPU goes from the normal 7-8% up to 60% ra...
by texmeshtexas
Mon Dec 11, 2017 6:22 am
Forum: General
Topic: SFP signal too strong
Replies: 9
Views: 2284

SFP signal too strong

We have a CCR1072 running 6.40.5 with an S+31DLC10D SFP module to communicate with our upstream proider. Our upstream started getting receive errors over the last couple of weeks and its really climbing the last few days. ON our side we see Tx Power -4.483dBm Rx Power -3.951dBM Our upstream sees thi...
by texmeshtexas
Mon May 01, 2017 5:39 am
Forum: The Dude
Topic: The Dude client ACCESS VIOLATION on fresh install with Windows 10
Replies: 5
Views: 2156

Re: The Dude client ACCESS VIOLATION on fresh install with Windows 10

I see the same issue on Dude 6.38.5 and 6.39 Suddenly stopped woring on Win 7 client. Anyone know wha the solution is? 6.39 ACCESS VIOLATION at: 6da6c975 eip=6da6c975 eflags=10293 edi=0 esi=6dae06cf ebp=28f09c esp=28f040 eax=408f9c0c ebx=fffffffe ecx=0 edx=0 log: backtrace: 6da6cf8c 4d03ec 4d0428 4d...
by texmeshtexas
Mon Oct 05, 2015 2:51 am
Forum: Announcements
Topic: 6.32.2 released
Replies: 59
Views: 20568

Re: 6.32.2 released

There seems to be an issue with SNTP getting synced in this version. I use a script to periodically set my server IPs to us.pool.ntp.org and time.nist.gov script works fine but router simply wont sync any more after upgrading from 6.30 to 6.32.2. Well, turns out I forgot to do the Routerboad fw upd...
by texmeshtexas
Mon Oct 05, 2015 2:44 am
Forum: Announcements
Topic: 6.32.2 released
Replies: 59
Views: 20568

Re: 6.32.2 released

There seems to be an issue with SNTP getting synced in this version.
I use a script to periodically set my server IPs to us.pool.ntp.org and time.nist.gov
script works fine but router simply wont sync any more after upgrading from 6.30 to 6.32.2.
by texmeshtexas
Wed Jul 01, 2015 7:33 am
Forum: RouterBOARD hardware
Topic: all CCR crashed
Replies: 40
Views: 8254

Re: all CCR crashed

All our CCR's locked up right at 7pm CDT. 3 x86 units did not, MT493 units did not.
This is very strange.
by texmeshtexas
Wed Feb 11, 2015 6:07 am
Forum: General
Topic: HotSpot MAC Authentication
Replies: 0
Views: 439

HotSpot MAC Authentication

We are setting up Hotspot to authenticate the MAC of our CPEs. We do Not want users to get a splash page and “log in”. It needs to be automatic authentication to the Radius server. If the MAC is in the Radius server, then authentication should work. Sometimes the MAC/IP shows up on the Hosts list bu...
by texmeshtexas
Thu Sep 04, 2014 3:53 pm
Forum: General
Topic: fcs error?????
Replies: 13
Views: 47764

Re: fcs error?????

I believe this is part of the flow contol mechanism that was added to Ethernet interfaces in RouterOS 6.12+ Not a new concept in Ethernet but new to MT. I had this issue on one of my CCR1036 interfaces connected to a SAF backhaul. The SAF turns flow control on (no option to turn it off) and I had no...
by texmeshtexas
Wed Aug 13, 2014 5:40 am
Forum: Forwarding Protocols
Topic: OSPF in 6.18 not acting right
Replies: 1
Views: 871

OSPF in 6.18 not acting right

Customer were complaining about download speeds being terrible. Mostly around 1-1.5Mbps. No matter what their queues are set to. I have a computer at the a tower site so I was easily able to verify this. Also AirControl tests to CPEs confirmed. I think this is related to 6.18 as I upgraded over the ...
by texmeshtexas
Sat Mar 22, 2014 2:32 am
Forum: General
Topic: Syn flood protection
Replies: 3
Views: 2190

Re: Syn flood protection

I've found that this does not work. http://wiki.mikrotik.com/wiki/DoS_attack_protection /ip firewall filter add chain=forward protocol=tcp tcp-flags=syn connection-state=new \ action=jump jump-target=SYN-Protect comment="SYN Flood protect" disabled=yes /ip firewall filter add chain=SYN-Protect proto...
by texmeshtexas
Wed Nov 06, 2013 5:47 pm
Forum: Beginner Basics
Topic: Invalid connections
Replies: 6
Views: 2639

Re: Invalid connections

Each tower has a router that connects to one or more upstream towers and is the primary interface to the customers. There is one interface that is customer facing. the firewall filters are primarily to protect the infrastructure, not the customers. Most customers are on private addresses so we NAT a...
by texmeshtexas
Tue Nov 05, 2013 5:13 am
Forum: Beginner Basics
Topic: Invalid connections
Replies: 6
Views: 2639

Re: Invalid connections

Its rule 10 that causes all the trouble. # nov/ 4/2013 21:10:13 by RouterOS 6.5 # Flags: X - disabled, I - invalid, D - dynamic 0 ;;; Established input chain=input action=accept connection-state=established 1 ;;; Established forward chain=forward action=accept connection-state=established 2 ;;; Rela...
by texmeshtexas
Mon Nov 04, 2013 4:49 am
Forum: Beginner Basics
Topic: Invalid connections
Replies: 6
Views: 2639

Invalid connections

anyone having trouble with a Firewall filter rule like this add action=drop chain=forward comment="Drop Invalid Connections" connection-state=invalid This absolutely creates much trouble with my customers traffic. Seems to kill all sorts of valid traffic including my AirControl traffic to my APs and...
by texmeshtexas
Sun Jan 09, 2011 3:33 am
Forum: General
Topic: bandwidth test over 3rd party wireless
Replies: 5
Views: 799

Re: bandwidth test over 3rd party wireless

Just found a queue on the other side that was limiting the bandwidth.
Its good when I turn the queue off............how embarrassing!!.
by texmeshtexas
Sun Jan 09, 2011 3:13 am
Forum: General
Topic: bandwidth test over 3rd party wireless
Replies: 5
Views: 799

Re: bandwidth test over 3rd party wireless

Tried MTU of 1500 and 1460. No change. Testing to MT493AH. From the PC to the local MT493AH I get around 78-80Mbps each direction. To the remote MT493AH on the other side of the Motorola licensed MW link (100x100 full duplex) I get about 18x16Mbps. I know its not the link as the customer traffic run...
by texmeshtexas
Sun Jan 02, 2011 10:08 pm
Forum: General
Topic: bandwidth test over 3rd party wireless
Replies: 5
Views: 799

Re: bandwidth test over 3rd party wireless

yeah, but it also does it on the Motorola Licensed 100x100 full duplex link.
And I know the link supports >15-18Mbps data because at peak times, I see around 25-30Mbps customer traffic.
by texmeshtexas
Sat Jan 01, 2011 8:40 pm
Forum: General
Topic: bandwidth test over 3rd party wireless
Replies: 5
Views: 799

bandwidth test over 3rd party wireless

I use MT routers in various places in my networks. In areas where they are just routers (no wireless cards), when I run bandwidth test between two 493AH routers (both on V4.5) that are connected to the same HP switch, the speeds look great. But in 3 different places when I run across either a Ubnt l...
by texmeshtexas
Sun Sep 26, 2010 6:24 pm
Forum: General
Topic: feature request : ipsec with mode_cfg
Replies: 1
Views: 947

Re: feature request : ipsec with mode_cfg

Where you ever able to get the Shrewsoft VPN client to connect to ROS?
I've not very knowledgeable about IPsec setups so I need to know if it is possible.
If it does work, are there step-by-step directions somewhere?
by texmeshtexas
Tue Jun 22, 2010 3:22 am
Forum: General
Topic: Firewall Connection Tracking
Replies: 1
Views: 659

Firewall Connection Tracking

I'm applying firewall rules to a bridge and all seems to work well. Can anyone tell me what exactly the Connections tracking window is telling me. My default TCP Established Timeout is set to 1d 00:00:00. That seems too long. I just want to see how many active connections there are. What should I us...
by texmeshtexas
Tue Mar 30, 2010 6:18 pm
Forum: General
Topic: RouterOS v4.6 released
Replies: 80
Views: 12602

Re: RouterOS v4.6 released

Put v4.6 on my 750 and it would no longer talk to my Motorola PTP800.
Very strange as it would talk to my Ligowave device and my PC, just not the PTP800.
Had to abort 4.6 to get things working again.
by texmeshtexas
Thu Dec 03, 2009 11:14 pm
Forum: General
Topic: GPS recommendation
Replies: 4
Views: 737

Re: GPS recommendation

Well, maybe I asked the wrong question.
Does Mikrotik support GPS timing when configured as an AP?

If I have multiple AP's on a single tower, will this help reduce interference between them?
by texmeshtexas
Thu Dec 03, 2009 5:04 am
Forum: General
Topic: GPS recommendation
Replies: 4
Views: 737

GPS recommendation

I need to put 3 AP's on a tower with R52N running 2x2.
Will Mikrotik allow me to GPS sync to avoid interference between APs?

If so can someone tell me what USB based GPS unit I should use with my 433UAH?
by texmeshtexas
Sat Mar 21, 2009 6:22 am
Forum: The Dude
Topic: Notifications not being sent properly
Replies: 0
Views: 548

Notifications not being sent properly

I'm running Dude 3.1. When I test the notifications I get the proper syslog and event log entries but not all notifications are sent by email. I test by taking 5 devices down at the same time but I only get 2-3 email alerts and not all email addresses listed get the alert. Its a bit random as to who...
by texmeshtexas
Mon Dec 08, 2008 9:21 pm
Forum: The Dude
Topic: Vote for new DUDE features!
Replies: 117
Views: 47304

Re: Vote for new DUDE features!

Please add ability for syslog server to receive TCP syslog messages.
Some network appliances, such as Mobotix cameras, only send syslog messages using TCP.
by texmeshtexas
Sat Oct 11, 2008 11:21 pm
Forum: RouterBOARD hardware
Topic: Firewall
Replies: 1
Views: 956

Firewall

Does anyone now how to set up a SPI firewall feature on RouterOS 3.17?