MikroTik

melwong

wiki is always there.

http://en.wikipedia.org/wiki/Layer_2_Tunneling_Protocol

melwong

First off. Encryption is useless without Authentication. No matter how many nested layers of encryption you used. If you uses the same key in 3DES (3x56bit), its as good as a DES (56bit) which is child play for breaking it. And IPSec is a matured and proven one of the best authentication protocols i...

melwong

Thanks fewi. That firewall rule is exactly what I was looking for. And you are right about the VLAN as well. Thank You, Josh Thanks I learn something new today. Mikrotik is not exactly full VLAN support if what fewi said is true RouterOS fully implements 802.1q. The RouterOS device will by default ...

melwong

Thanks fewi. That firewall rule is exactly what I was looking for. And you are right about the VLAN as well. Thank You, Josh Thanks I learn something new today. Mikrotik is not exactly full VLAN support if what fewi said is true The RouterOS device will by default route traffic between all connecte...

melwong

Isn't VLAN is supposed to do that ?

Tagged different VLANs to all ports. They will be isolated if theres no routing. Layer 2 isolation.

Firewall rules which is similar to ACL in Cisco is the more complex but more complete way since it deals with traffic at layer 3.

melwong

I still prefer Routers with SFP port. If you use a dummy FO Converter, the interface state which is connected to your Copper interface MT will always be up if the fiber link is down. And you create a black hole over there. Unless you have a dynamic route over the link, or use keepalive monitoring on...

melwong

start from layer 1.

Change the cable. Change another one and if both cannot resolve it then its not cable.

Check if the cable placed near AC power lines and is it properly shielded.

Change the port for both routers if possible.

If cannot, try placing a L2 switch in between MT and Cisco Router.

melwong

melwong, you are using the wrong documentation. RouterOS v2.9 is old, if you use v3.23 then you should use this documentation link: http://wiki.mikrotik.com/wiki/Scripting http://wiki.mikrotik.com/wiki/Scripting-examples Hi Normis, Thanks a lot for the links. Really appreciated it. I am now explori...

melwong

Ok, i have confirm it as a bug in 3.24 sms inbox list.

Theres a missing null terminating item in the sms inbox list compare to other lists such as ip address list.

Please recommend a temporary workaround.

melwong

No you can't use console numbers at all. for example you can write

:foreach i in=[/tool sms inbox find] do={
:put [/tool sms inbox get $i text]
}

I have an issue on your given example. It always fail to print out the last item in the list. Any workarounds ?

melwong

No you can't use console numbers at all. for example you can write :foreach i in=[/tool sms inbox find] do={ :put [/tool sms inbox get $i text] } Hi mrz, Thanks a lot. I have found this Mikrotik script documentation http://www.mikrotik.com/testdocs/ros/2.9/system/scripting.php Wish this link could ...

melwong

In scripts you can't use id numbers displayed by console. Use find instead.

How do you use "find: for id numbers ? Pardon me because i am very new to the scripts. I do have some script programming experience.

Is it /tool sms inbox find 0 ?

Thanks

melwong

Hi,

I am figuring out what scripts can extract out the /tool sms inbox get

text messages.

I try /tool sms inbox get 0 text.....but fail.

melwong

Ok i have found the a workaround way. Apparently, when i enable reader-running to yes the first time, the configuration has sort of change. And i cannot reset it back to no. So i do a /system reset-configuration. Then i import my backup.rsc back and NOW everything is working fine. I can set and rese...

melwong

Just use: /tool sms set reader-running=no I have tried before posting this. It runs for a while and It gave me this error ...action timeout - try again. if error continues, please contact Mikrotik Support and a supout file (13) I suspect its a rights issue. I configure this as a admin user. But the...

melwong

Just use:
Code: Select all
/tool sms set reader-running=no

I have tried before posting this. It runs for a while and It gave me this error ...action timeout - try again. if error continues, please contact Mikrotik Support and a supout file (13)

melwong

Hi,

Once i enable read-running=yes.... to enable sms receiving, i cannot disable it to no anymore. How to disable it ?
Is this a bug ? i am using x86 pkg.

melwong

Hello all: I'm working on a tunnel between a MT (v2.9.50) and a Cisco Pix. The tunnel is sucessfully established and the Pix side can ping into an internal IP on the MT side. However, there is a necessity for the Pix side to telnet into an IP on the MT side and that is NOT working. I've checked all...

melwong

*bump*....anyone ?

MK IPSec configuration manual has too little info. Anyone can help ?

melwong

Hi, I am using Nortel Contivity IPSec tunnel to Mikrotik ..... So far, i am able to create peer to peer branch office tunnels. Can you enlighten me how to use Contivity as the responder and MK as the initiator ? And my current peer to peer connection is always on demand. Can MK create a "nail u...

melwong

Oh I have solve it myself. Nortel VPN and other enterprise VPN routers has too much features and parameters which are missing in MR. I have since fine tune the ISKAMP proposal interval and retry attempts in Nortel but which is missing in MR. And also reduce the idle timeout before a new SA is genera...

melwong

Hi, Wanted to know if RouterOS 3.22 support Peer to Peer IPSec tunnel ? I am trying to established a tunnel using MK on one side, the other side would be Nortel VPN Router. Unfortunately, the session can only last once and is initiated from Nortel VPN. MK has no options for me to set as a initiator ...

melwong

Yup.

I cannot access the IP->IPSec settings always.....

Make it a second menu for the second tier options. Add a scrollable window.

melwong

ADSL is always stated "up to" certain bandwidth.

Theres no SLA, QoS, etc.....

Be careful on that and your country cunning ISPs.

melwong

OSPF is real easy. Just add the network under the OSPF router ID. And it does not use route summarization unlike RIPv2. So you can add any class of network you like. Its that easy.

melwong

Yes you are right in a layer 2 way. Bridging is much faster in terms of PPS (packet per seconds) since it look at only the MAC address and not looking further into IP addresses for routing. But....and i emphasize again, But....the occurrences of traffic flooding and broadcast storms are so much high...

melwong

if you truly want to pass broadcasts and bridge the two networks you shouldnt place any IP address on the EoIP tunnel itself (other than its outside endpoints) and just bridge those interfaces to the LANs on each side. Both sides can then use the same subnets. 192.168.1.0/24 (LAN A)--->10.10.10.1/2...

melwong

I think i found the answer. The RIP is disable by default in MT. I enabled it and its works.

Most other routers do came with RIP default enabled. Time to explore more about MT routers and L3 switch.....

melwong

Hi, Thanks for you reply. I have try configuring IPIP using a pair of MT RB450. As for configuring routes..... I am confuse too. I apologize that i am CCNA and get quite use to adding static classless routes. How do i configure the equivalent in RouterOS v3.2 ? I am using winbox and i can only add I...

melwong

Hi,

Can anyone help please ?

I cannot create an EoIP tunnel without creating a bridge over it to let traffic flow thru.

Is it a necessity to create a bridge over EoIP ?

melwong

all the routing and bridging apply to these tunnels, it wont miraculously guess what you want to bridge with what. you have to configure it yourself. It is layer 2 tunnel. that is it, no magic involved Thanks. So i just use the same way of configuring a layer 3 tunnel to EoIP tunnel layer 2 ? Its e...

melwong

you have to set ip address of the other end of eoip tunnel and tunnel-id that is all if you want to establish eoip tunnel from A-------B then on A you have to set up ip address of B and vice versa on B when you create tunnel it is as if it is normal Ethernet interface. Yup. I tried that. But my pri...

melwong

No, bridge is not required for EoIP to function. And of course you will not be able to add one physical interface to multiple bridges. You can easily put in one bridge all EoIP tunnels and one physical interface. Or maybe I just misunderstood what you want to achieve. Hi Thanks for your reply. I fo...

melwong

There is no need to make VLANS to establish multiple EoIP tunnels as long as you specify unique tunnel-ids.

Hi,

But does EoIP tunnel need bridge to function ? Because i cannot add the real interface to another bridge if it has been added before. Thanks

melwong

Hi,

I have found a workaround way, but its ugly.

Create multiples VLANs under the real interface.

Under bridge mode, add the logical VLANs with their respective EoIP interface tunnel.

Is that the correct way to create a hub-and-spoke topology ?

melwong

Hi, I am trying to create a hub-spoke topology using EoIP. I have create 1 EoIP Point to point tunnel successfuly using Bridge to include both the real interface and EoIP interface. Is it necessary to run Bridge mode for the EoIP to established tunnel successfully ? As mentioned, in a Hub to Spoke t...

Search found 36 matches

Re: L2TP and ipsec overkill

Re: L2TP and ipsec overkill

Re: Port Isolation?

Re: Port Isolation?

Re: Port Isolation?

Re: Fiber Converter/Switch

Re: Ethernet duplex problems

Re: Help on script to extract SMS inbox text message

Re: Help on script to extract SMS inbox text message

Re: Help on script to extract SMS inbox text message

Re: Help on script to extract SMS inbox text message

Re: Help on script to extract SMS inbox text message

Help on script to extract SMS inbox text message

Re: SMS receiving now supported, can run scripts

Re: SMS receiving now supported, can run scripts

Re: SMS receiving now supported, can run scripts

Re: SMS receiving now supported, can run scripts

Re: VPN - Mikrotik-->Cisco Pix

Re: Can I specify an IPsec Initiator ID?

Re: Can I specify an IPsec Initiator ID?

Re: IPSec Peer to Peer

IPSec Peer to Peer

Re: Winbox window won't scale for small (netbook) displays

Re: Dual WAN (one for Internet and another for VOIP and backup)

Re: Network Planning/Routing Help

Re: Information Verification

Re: How to create multiple EoIP tunnels ?

Re: How to create multiple EoIP tunnels ?

Re: How to create multiple EoIP tunnels ?

Re: How to create multiple EoIP tunnels ?

Re: How to create multiple EoIP tunnels ?

Re: How to create multiple EoIP tunnels ?

Re: How to create multiple EoIP tunnels ?

Re: How to create multiple EoIP tunnels ?

Re: How to create multiple EoIP tunnels ?

How to create multiple EoIP tunnels ?