Community discussions

Search found 166 matches

by dasiu
Mon May 14, 2018 4:54 pm
Forum: Scripting
Topic: Script on 6.41RC - fetch not working
Replies: 3
Views: 352

Re: Script on 6.41RC - fetch not working

Have you tried running the "/tool fetch" command manually? Does it work? If not - can you put the output here?
by dasiu
Fri Apr 27, 2018 6:26 pm
Forum: Wireless Networking
Topic: Safe mode to move to new AP
Replies: 2
Views: 182

Re: Safe mode to move to new AP

No, there is no way to adjust the safe mode timeout. But you can write a script restoring the settings, and then scheduler running the script after 2 minutes from now, and then - just move to the new AP. If you are able to restore the connection with the new config - just log in and remove the sched...
by dasiu
Mon Apr 23, 2018 5:53 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 64765

Re: Advisory: Vulnerability exploiting the Winbox port

Normis (or other MikroTik people here) - can you, please, share the very important info: Is there a known attack / exploit you were informed about? Did you learn about this vulnerability from your own studies or from a "friendly" user? Or was someone already attacked, and it came during the analysi...
by dasiu
Mon Apr 09, 2018 3:59 pm
Forum: Wireless Networking
Topic: LHG 60G
Replies: 10
Views: 572

Re: LHG 60G

LHG2 = 29 $ / GHz LHG5AC = 18 $ / GHz LHG 60G = 2.40 $ / GHz So not expensive at all!!! :lol: :lol: :lol: Made my day! But apart of making fun - it's showing the correct way to compare them :). More true when you compare the $/MHz bandwidth (in 60G it's 2000 MHz channel bandwidth) or $ per total th...
by dasiu
Mon Apr 09, 2018 3:46 pm
Forum: Wireless Networking
Topic: CAPsMAN VLAN question [SOLVED]
Replies: 3
Views: 251

Re: CAPsMAN VLAN question [SOLVED]

Does anyone have an idea of what's wrong?
Your check is wrong :). When a wireless interface on a MikroTik is managed by CAPsMAN, the interface is not showing you the running settings. They can be seen on the CAPsMAN on the interface, only there.
by dasiu
Mon Apr 09, 2018 3:04 pm
Forum: Announcements
Topic: v6.41.4 [current]
Replies: 37
Views: 5311

Re: v6.41.4 [current]

Thanks! :)
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
- is it the same improvement, as in 6.41.3 (identical description), or yet a new improvement (improving it even more), or did the improvement in 6.41.3 didn't work? :)
by dasiu
Thu Mar 29, 2018 3:20 pm
Forum: General
Topic: Router + switch + ap all in one solution
Replies: 15
Views: 648

Re: Router + switch + ap all in one solution

Having 1 Gbps connection you either: 1. Use hAP ac2, having 5 gigabit ports and quite strong CPU and dual-band wifi with ac - which is usually enough for home use 2. Use sth. like RB3011 (10 Gbps ports, but 2 switch groups) or RB1100 (usually in your server room, not on your desk!) and additional du...
by dasiu
Tue Mar 27, 2018 2:09 pm
Forum: General
Topic: IPSec Strongswan configuration fails
Replies: 7
Views: 441

Re: IPSec Strongswan configuration fails

ilja , 1. On the policies list you can have actual "policies", and just "templates" - that are not working policies, just "bases" for dynamically creating policies, which match the other end's policies. 2. Your only "policy" (which is not a template) is disabled 3. Your IPSec peer has "generate-pol...
by dasiu
Thu Oct 19, 2017 12:31 pm
Forum: Announcements
Topic: RouterOS (v6.39.3, v6.40.4, v6.41rc) NOT affected by WPA2 vulnerabilities
Replies: 58
Views: 87701

Re: RouterOS (v6.39.3, v6.40.4, v6.41rc) NOT affected by WPA2 vulnerabilities

MikroTik Team, short question: If I have a wireless link on 802.11 protocol using Management Protection - can it be vulnerable to the attacks (before the upgrade)? Or does Management Protection already solve the problem (by not allowing the client, if Management Protection is "required", to connect ...
by dasiu
Fri Mar 28, 2014 12:20 pm
Forum: General
Topic: warning DHCP offering lease without success
Replies: 1
Views: 4346

Re: warning DHCP offering lease without success

Maybe the second one is connected via a wireless "station-pseudobridge" link, which means the NAT for MAC addresses?
by dasiu
Sat Mar 22, 2014 11:10 am
Forum: General
Topic: vLAN with Switch chips _ scenario-based solutions
Replies: 29
Views: 3959

Re: vLAN with Switch chips _ scenario-based solutions

Dasiu, now between "I understood" and "I'm able to apply it", there's a world :-) In your presentation you mention only one master port for a chip. How if I want to have two but only one with switch chip used for vlans? I currently have a RB450G (planning to switch for a 2011UiAS), can you tell me ...
by dasiu
Fri Mar 21, 2014 1:09 pm
Forum: General
Topic: vLAN with Switch chips _ scenario-based solutions
Replies: 29
Views: 3959

Re: vLAN with Switch chips _ scenario-based solutions

You can check my MUM presentation about the switch chip: http://mum.mikrotik.com/presentations/IT14/starnowski.pdf I read, re-read and re-re-read until I (think I) understood everything. Based on your presentation, I now assume that VLAN interface(s) aren't required at all to manage VLANs if switch...
by dasiu
Wed Mar 05, 2014 3:25 pm
Forum: General
Topic: MikroTik Training events and institutions around the world
Replies: 2
Views: 501

Re: MikroTik Training events and institutions around the wor

The trainings are organised by MikroTik certified Trainers. Each trainer can schedule a training in the system using his account - and it is automatically shown on the public schedule. So what you see - is the list of trainings that are scheduled by trainers - exactly they were "clicked in the syste...
by dasiu
Mon Mar 03, 2014 5:26 pm
Forum: General
Topic: how to set maximum clients per wifi interface
Replies: 1
Views: 388

Re: how to set maximum clients per wifi interface

/interface wireless set wlan1 max-station-count=10
by dasiu
Sat Mar 01, 2014 1:59 pm
Forum: General
Topic: Default setting of some routerboard series ackward
Replies: 8
Views: 1198

Re: Default setting of some routerboard series ackward

Usually the antenna is the gateway and that has to be connected in this default setup to ether1. But we actually want to use a PoE-out port. So we have to connect the antenna to ether5. But this is just a slave port in the LAN network. If not aware, problems all over.... I have access to about 5 di...
by dasiu
Fri Feb 28, 2014 11:45 am
Forum: General
Topic: vLAN with Switch chips _ scenario-based solutions
Replies: 29
Views: 3959

Re: vLAN with Switch chips _ scenario-based solutions

What do you mean by port1 = cpu port ?? If ether2 is the master port, then the cpu port of the switch chip is ether2 of router's CPU. I think that you're a bit confused with the terminology :). You can check my MUM presentation about the switch chip: http://mum.mikrotik.com/presentations/IT14/starno...
by dasiu
Sun Feb 23, 2014 2:26 pm
Forum: General
Topic: Mikrotik BGP Protocol configuration
Replies: 2
Views: 556

Re: Mikrotik BGP Protocol configuration

HI, I have an issue with mikrotik Rb-750 gigabyte, 5.11 v router board BGP configuration. My router using my both ISP connection for download and upload bandwidth while i monitor in interface but i want to use my 1st connection as primary cnnection and secondary mean 2nd isp connection as backup co...
by dasiu
Tue Feb 18, 2014 12:49 pm
Forum: General
Topic: AR8327
Replies: 8
Views: 5333

Re: AR8327

Any progress?
I will have a presentation on the next MUM (in 2 days), showing how easy it is :).
by dasiu
Sun Feb 16, 2014 1:26 am
Forum: RouterBOARD hardware
Topic: Making LCD useful.
Replies: 19
Views: 4518

Re: Making LCD useful.

A custom text field, that could be generated by a script - would be perfect :).
by dasiu
Tue Feb 04, 2014 9:31 am
Forum: General
Topic: CCR1036 PPPoE 1000+ clients 400+ Mbit/s degraded perfomance
Replies: 10
Views: 3596

Re: CCR1036 PPPoE 1000+ clients 400+ Mbit/s degraded perfoma

CPU load does not exceed 20-30% but the CCR cannot go beyond 400-500 mbit/s. How did you check the CPU load? Is it the average load (from /system resource), or max load per core (from /system resource cpu)? When the avg load is 30% - all cores can have 30%, but it's also possible that 20 cores have...
by dasiu
Mon Feb 03, 2014 12:30 pm
Forum: General
Topic: is there anyway to know password mistake?
Replies: 20
Views: 2724

Re: is there anyway to know password mistake?

You can: 1. Do a port redirection - dst-nat for ssh port to a server on a separate linux machine you have in your network for sniffing passwords (ex. a Raspberry Pi machine) for connections coming from an address list (and you just add the "suspicious" IP to the list - to be redirected to the fake s...
by dasiu
Tue Jan 28, 2014 8:54 pm
Forum: General
Topic: Quick hotspot question
Replies: 3
Views: 312

Re: Quick hotspot question

No... Slave interfaces shouldn't have IP addresses, any DHCP/hotspot servers, etc. You should set them on the bridge interface (master).
by dasiu
Mon Jan 27, 2014 9:47 am
Forum: General
Topic: exclude IP from webproxy rule
Replies: 2
Views: 1508

Re: exclude IP from webproxy rule

The "dstnat" chain is TOTALLY SEPARATE from "srcnat". It means, that it doesn't matter, if you place it before or after the srcnat rules. When the packet enters the router, all dstnat rules (in proper order) are applied, and later - before it leaves - the srcnat rules. If you don't want the packets ...
by dasiu
Sun Jan 26, 2014 12:04 pm
Forum: General
Topic: Trunk port on a CCR1036 router
Replies: 11
Views: 4967

Re: Trunk port on a CCR1036 router

So if I got you correct, the configuration should look like this: /interface bridge add name=br-vlan10 /interface bridge add name=br-vlan20 /interface bridge add name=br-vlan30 /interface vlan add interface=ether4 name=vlan10 vlan-id=10 add interface=ether4 name=vlan20 vlan-id=20 add interface=ethe...
by dasiu
Sun Jan 26, 2014 3:52 am
Forum: General
Topic: IPsec with no encryption ... why is the firewall involved?
Replies: 2
Views: 581

Re: IPsec with no encryption ... why is the firewall involve

1. Your /ip firewall nat - is empty right now?
2. Do you use l2tp? It creates dynamic change-mss rules in /ip firewall mangle.
3. What if you disable connection tracking?
4. Check "print dynamic" in /ip firewall filter, nat and mangle - everything empty?
by dasiu
Wed Jan 22, 2014 5:56 pm
Forum: General
Topic: SNMP oids
Replies: 2
Views: 898

Re: SNMP oids

Am i doing something wrong? I am able to fetch other (uptime, memory, cpu) resources, just not the wireless ones. Yes... RTFM - as some people say ;). The snmpwalk command performs a sequence of chained GETNEXT requests automatically. It is a work saving command. Rather than having to issue a serie...
by dasiu
Mon Jan 20, 2014 2:01 am
Forum: General
Topic: Monitor Traffic/Resolve IP Address to Hostnames
Replies: 2
Views: 1451

Re: Monitor Traffic/Resolve IP Address to Hostnames

1. Enable webproxy (/ip proxy set enabled=yes) 2. Let all HTTP traffic go through the webproxy (/ip firewall nat add chain=dstnat action=redirect dst-port=80 protocol=tcp to-port=8080) 3. Just log the "webproxy,!debug" - /system logging add topics=web-proxy,!debug action=... (disk, probably) - that'...
by dasiu
Sun Jan 19, 2014 1:08 am
Forum: General
Topic: Creating Route for Vlan to switch
Replies: 3
Views: 940

Re: Creating Route for Vlan to switch

I have a cisco switch that is connected directly to the mikrotik via ether2. and then it has a SFP port 1/0/25 that connects to a hp switch. [...] interface GigabitEthernet1/0/25 switchport trunk encapsulation dot1q switchport mode trunk What Cisco port is connected to the MikroTik's ether2? And wh...
by dasiu
Sun Jan 19, 2014 12:52 am
Forum: General
Topic: Src & Dst NAT In Same Time
Replies: 1
Views: 422

Re: Src & Dst NAT In Same Time

You simply configure it, it will work in the same time. You configure dst-nat rules in "dstnat" CHAIN, and src-nat rules in the "srcnat" CHAIN. Each IP packet goes through the dstnat chain after getting inside the router (before routing decision), and goes through srcnat chain before leaving the rou...
by dasiu
Wed Jan 30, 2013 1:09 am
Forum: Scripting
Topic: Ip hotspot active user = Ip Bindings
Replies: 4
Views: 6142

Re: Ip hotspot active user = Ip Bindings

:foreach user in=[/ip hotspot active find] do={ :local ip [/ip hotspot active get $user address]; :local mac [/ip hotspot active get $user mac-address]; :local username [/ip hotspot active get $user user]; :foreach binding in=[/ip hotspot ip-binding find address=$ip] do={ /ip hotspot ip-binding rem...
by dasiu
Mon May 07, 2012 3:29 pm
Forum: General
Topic: How to male bandwidth limimitation with miltiple VLAN`s
Replies: 1
Views: 460

Re: How to male bandwidth limimitation with miltiple VLAN`s

How to tag only those packets that come from the Internet to users and exclude inter VLAN traffic? You already did that :). /ip firewall mangle add action=mark-connection chain=forward disabled=no new-connection-mark=\ "vlan7 con-down" passthrough=yes src-address=192.168.7.0/24 add action=mark-pack...
by dasiu
Mon May 07, 2012 2:37 pm
Forum: General
Topic: How to change Graph storage location from disk to Micro SD ?
Replies: 1
Views: 989

Re: How to change Graph storage location from disk to Micro

THERE IS NO SUCH OPTION, YOU CANNOT DO THAT!

And please, don't shout...
by dasiu
Mon May 07, 2012 2:27 pm
Forum: RouterBOARD hardware
Topic: Is RB751G-2HnD performance enough?
Replies: 4
Views: 4767

Re: Is RB751G-2HnD performance enough?

1. Is RB751G-2HnD performance enough? I think it can be too weak for your requirements... see http://routerboard.com/RB751G-2HnD - and remember, that the tests are with simple routing (and conntrack=on), without any queues, tunnels etc. - and they are also CPU consuming. The best way would be to te...
by dasiu
Fri May 04, 2012 2:22 am
Forum: General
Topic: Maybe chewing bit too much
Replies: 4
Views: 576

Re: Maybe chewing bit too much

So it looks quite simple, if you are familiar with policy routing a bit :). I assume, that you have already created the static default route on the wan1 gateway's IP, and that it has greater distance (default=1) than the one from DHCP (default=0). Basically, now everything should go through wan2 (th...
by dasiu
Sat Apr 28, 2012 11:37 am
Forum: Wireless Networking
Topic: 802.11n 3x3 with 3SS
Replies: 7
Views: 2090

Re: 802.11n 3x3 with 3SS

Any plans for a triple polarization antenna? :twisted: In free space, for outdoor links (in Line Of Sight scenario) the spatial streams are different polarizations :). That's the only way to send/receive 2 different signals on the same frequency. And you can have only two orthogonal (totally differe...
by dasiu
Sat Apr 28, 2012 11:13 am
Forum: Beginner Basics
Topic: Managing AP in Hotspot bridge
Replies: 2
Views: 758

Re: Managing AP in Hotspot bridge

Run a PPTP server on the RB1200, connect to it from your computer or router where you actually are, and use the pptp-client interface as your default gateway (check the option when configuring PPTP client). Now you can simply connect to 172.*.*.*. Just remember, that the 172.*.* AP's need to have th...
by dasiu
Sat Apr 28, 2012 11:00 am
Forum: General
Topic: Hotspot and iphone/ipad autofill
Replies: 9
Views: 6956

Re: Hotspot and iphone/ipad autofill

Have you tried setting HTTP PAP instead of HTTP CHAP in hotspot server profile? Maybe your Apple devices get lost, when the CHAP is used, and the password sent by the browser is different than written by you (it's MD5 hashed by JavaScript). Maybe iOS refuses to remember the form data, as they were d...
by dasiu
Thu Apr 26, 2012 10:15 am
Forum: General
Topic: can someone please double-check my queues?
Replies: 1
Views: 433

Re: can someone please double-check my queues?

http://forum.mikrotik.com/viewtopic.php?f=2&t=54350&p=276863#p276863 - it is already here :). In a few words - the parents' queue types are IRRELEVANT :). In /queue tree (generally - HTB) only the children do the actual queueing (waiting room for packets), and the parents only count bandwidth for t...
by dasiu
Thu Apr 26, 2012 10:05 am
Forum: Scripting
Topic: Script to Disconnect All Active pppoe Users
Replies: 2
Views: 1666

Re: Script to Disconnect All Active pppoe Users

/ppp active remove [find] or - being strict: /ppp active remove [find service="pppoe"] Will I get carma for this? Or was it too trivial? ;) edit: How is it possible, that I saw the topic as "unreplied" few minutes ago (26 Apr 09:00 CEST) , while a response was "Posted: Wed Apr 25, 2012 5:49 pm"? Is...
by dasiu
Thu Apr 26, 2012 9:09 am
Forum: Beginner Basics
Topic: IP problem rb433l
Replies: 1
Views: 312

Re: IP problem rb433l

The default address 192.168.88.1 is configured only on ether1 ;).
by dasiu
Thu Apr 26, 2012 9:03 am
Forum: The Dude
Topic: The DUDE 100% CPU usage
Replies: 5
Views: 2757

Re: The DUDE 100% CPU usage

I use Dude server on a separate machine with MikroTik RouterOS - it monitors hundreds of machines, and the average cpu-load is always below 10% :).
by dasiu
Mon Apr 23, 2012 11:52 pm
Forum: The Dude
Topic: The DUDE 100% CPU usage
Replies: 5
Views: 2757

Re: The DUDE 100% CPU usage

Pretty obvious recommendation would be to use a newer version of Dude :).
by dasiu
Mon Apr 23, 2012 11:51 pm
Forum: General
Topic: Login by HTTP CHAP ?
Replies: 1
Views: 815

Re: Login by HTTP CHAP ?

Look into the HTML :). I don't have the files accessible now, so I can't check, but I'm pretty sure it's just a MD5 hash. And the idea is that you are not able to decrypt the password :). You can just check, if the hash is made using proper password and challenge string :).
by dasiu
Mon Feb 27, 2012 4:56 pm
Forum: General
Topic: FREE ROUTER!
Replies: 15
Views: 5829

Re: FREE ROUTER!

Is the special offer closed already? Or do you plan to prolong it? ;-)
by dasiu
Thu Feb 23, 2012 11:59 am
Forum: Forwarding Protocols
Topic: Help with OSPF
Replies: 3
Views: 1364

Re: Help with OSPF

Try changing default-distribute on every router to "if-installed-as-type-1" and remove all static routes to 0.0.0.0/0 :). Then check if it works. With "if-installed" router will not advertise a route it doesn't have, and with "type 1" the distance will change with every single hop - so the best path...
by dasiu
Wed Feb 22, 2012 12:02 am
Forum: General
Topic: daily limitation of upload traffic
Replies: 3
Views: 587

Re: daily limitation of upload traffic

http://forum.mikrotik.com/viewtopic.php?f=10&t=59306 - the solution was discussed here a week ago :). In hotspot you can specify uptime and you can specify amount of bytes sent/received/total :). So it's the same case (hotspot, limited user, and script that clears the counters every midnight).
by dasiu
Tue Feb 21, 2012 11:59 pm
Forum: Beginner Basics
Topic: Transparent Bridge with NAT?
Replies: 3
Views: 2067

Re: Transparent Bridge with NAT?

yes :)
by dasiu
Tue Feb 21, 2012 11:20 am
Forum: General
Topic: who can help me to set up something with Mikrotik.
Replies: 1
Views: 287

Re: who can help me to set up something with Mikrotik.

Well... It seems easy - with HOTSPOT :). I think it's what you are looking for. And also an external server with Radius and PHP and a database :). Each user can have his account, and the Radius server will inform MikroTik about limits for the user. If the limits are over, user will be redirected to ...
by dasiu
Tue Feb 21, 2012 10:43 am
Forum: Forwarding Protocols
Topic: Help with OSPF
Replies: 3
Views: 1364

Re: Help with OSPF

BGP with "redistribute connected"?? wow...

Could you show us the "/routing export" output from the core router? It will cover the BGP, OSPF and filters configuration - and will show us what is the configuration idea and what can be missing :).
by dasiu
Tue Feb 21, 2012 10:22 am
Forum: General
Topic: Hotspot e-mail login.
Replies: 2
Views: 727

Re: Hotspot e-mail login.

No, it's not possible :). But it should be easy with a simple server with RADIUS and PHP.