Community discussions

MUM Europe 2020

Search found 36 matches

by Discus
Tue Oct 01, 2013 6:39 pm
Forum: Forwarding Protocols
Topic: Mikrotik DHCP server on Cisco Switches
Replies: 5
Views: 2261

Re: Mikrotik DHCP server on Cisco Switches

Incidentally, if you want the equivalent of a "native" VLAN, don't put any tag on the Mikrotik port, just assign the relevant IP for that "native" subnet to the relevant Ethernet port (and make it "native" on the Cisco).
by Discus
Tue Oct 01, 2013 6:37 pm
Forum: Forwarding Protocols
Topic: Mikrotik DHCP server on Cisco Switches
Replies: 5
Views: 2261

Re: Mikrotik DHCP server on Cisco Switches

You only need DHCP relay if you're wanting to use an external (to the router) DHCP server. With Mikrotik, define your pool(s), put a DHCP server instance on each VLAN interface and assign pools and other details to it. In your case, you want 10 pools, one for each /24. Create 10 VLAN interfaces (wit...
by Discus
Tue Oct 01, 2013 6:30 pm
Forum: General
Topic: BW TEST not go more than 1G with TCP
Replies: 6
Views: 1589

Re: BW TEST not go more than 1G with TCP

I believe to be effective, you're supposed to run the test from an external device to an external device through the device under test (i.e. to measure throughput on your CCR, you need a bandwidth test server and client connected through the CCR, rather than testing to/from the CCR itself to your ma...
by Discus
Mon Sep 30, 2013 5:56 pm
Forum: General
Topic: [Feature Request] - Support RFC6164
Replies: 5
Views: 2009

Re: [Feature Request] - Support RFC6164

Maxstel - a /128 in ipv4 is the same as a /32 in ipv4 - it's effectively a single host "subnet" - you can't use it for a p2p network (but it works OK as a loopback IP for management purposes).
Unfortunately Janisk's answer didn't really help much. :)
by Discus
Fri Jul 19, 2013 8:59 pm
Forum: Wireless Networking
Topic: intermittent management-protection failure
Replies: 2
Views: 1948

Re: intermittent management-protection failure

I tried NV2; this has been stable but I lose about 20mbit/s throughput (testing to a speedtest mini instance on the other side of the link) compared with nstreme (30mb/s vs 50mb/s)
by Discus
Mon Jul 15, 2013 3:15 pm
Forum: Wireless Networking
Topic: intermittent management-protection failure
Replies: 2
Views: 1948

intermittent management-protection failure

I have had a wireless link running across a road for several years now (rock solid for the most part). Recently, it's been occasionally disconnecting, seemingly at random. After upgrading to the latest RouterOS version (5.25 from 5.4) it's become extremely flaky. On looking at the logs of the two de...
by Discus
Tue Dec 18, 2012 1:09 pm
Forum: Beginner Basics
Topic: IP Camera Port forwarding
Replies: 25
Views: 22091

Re: IP Camera Port forwarding

I think you have your to-addresses and dst-address backwards? If we assume the WAN address you'd like to have ports forwarded to the camera is 192.168.1.117 and the camera's assigned LAN IP address is 192.168.88.51, a rule like: chain=dstnat action=dst-nat to-addresses=192.168.1.114 to-ports=6080 pr...
by Discus
Tue Dec 18, 2012 12:50 pm
Forum: General
Topic: [Feature Request] - Support RFC6164
Replies: 5
Views: 2009

[Feature Request] - Support RFC6164

In an increasingly IPv6 world, it would be useful if Mikrotik fully supported ipv6 subnet masks longer than /64. This generally requires the ability to disable subnet-router anycast , which does not seem to be the case in RouterOS (at least not in v5.x; I haven't seen v6 yet, and I doubt it is there...
by Discus
Tue Dec 18, 2012 12:19 pm
Forum: General
Topic: ipv6 subnet-router anycast - how to disable?
Replies: 6
Views: 2606

Re: ipv6 subnet-router anycast - how to disable?

The relevant RFC is http://tools.ietf.org/html/rfc6164 is there an ETA on support for this?

It helps to mitigate significant attacks such as neighbour cache exhaustion (e.g.).
by Discus
Tue Dec 18, 2012 12:05 pm
Forum: General
Topic: ipv6 subnet-router anycast - how to disable?
Replies: 6
Views: 2606

Re: ipv6 subnet-router anycast - how to disable?

Incidentally, the Best Current Operational Practices ( according to IPBCOP ) suggest that whilst /64 should be allocated to PtP links, masks should be /127 to avoid various issues ( point B, page 4 of doc ). This would suggest Mikrotik ought to look at implementing the option of disabling subnet-rou...
by Discus
Tue Dec 18, 2012 11:43 am
Forum: Wireless Networking
Topic: wireless bandwidth problem
Replies: 3
Views: 1067

Re: wireless bandwidth problem

How are you testing throughput? If you're using the built-in mikrotik bandwidth tests, note that you should not ideally be testing to and from routers/links you're interested in, but to things on the other side (i.e. you should have a bandwidth test server and client on "the other side" of A, B and ...
by Discus
Tue Dec 18, 2012 11:36 am
Forum: Wireless Networking
Topic: What should i choose, a grid or flatpanel?
Replies: 6
Views: 1021

Re: What should i choose, a grid or flatpanel?

If you'd like to learn (a lot) more about wireless networking, http://wndw.net/download.html is an excellent resource, and some versions are available in Indonesian.

Good luck!
by Discus
Tue Dec 18, 2012 11:35 am
Forum: Wireless Networking
Topic: What should i choose, a grid or flatpanel?
Replies: 6
Views: 1021

Re: What should i choose, a grid or flatpanel?

1) it depends (on things you don't say in the post, like how "noisy" it is there, how good the LOS is, etc. etc. etc. etc.) 2) you can try any combination of antennae, as long as the polarisation is the same; if you have the panel and other antenna lying around, try it out; if performance is unaccep...
by Discus
Tue Dec 18, 2012 11:29 am
Forum: Wireless Networking
Topic: IP plug and play
Replies: 4
Views: 1267

Re: IP plug and play

I can't imagine that Zyxel magically over-rides the client's DHCP mode; they must be doing some sort of (symmetric) NAT on such devices. This is more or less what I was talking about in the second paragraph - it's certainly possible to do this. I suspect you may have to run some scripts to get this ...
by Discus
Tue Dec 18, 2012 10:58 am
Forum: General
Topic: ipv6 subnet-router anycast - how to disable?
Replies: 6
Views: 2606

Re: ipv6 subnet-router anycast - how to disable?

Thanks janisk, I think we'll get our ISP to change the router subnet, it seems the better option. :) Having a /48, we're not exactly short on space just yet...
by Discus
Tue Dec 18, 2012 10:20 am
Forum: General
Topic: Howto tunnel hotspot traffic directly to internet router
Replies: 3
Views: 1162

Re: Howto tunnel hotspot traffic directly to internet router

No problem, glad it worked out for you :)
by Discus
Thu Dec 06, 2012 12:13 pm
Forum: General
Topic: sntp problem - I don't get the time.....
Replies: 6
Views: 1191

Re: sntp problem - I don't get the time.....

time.nist.gov is used by far too many people* -it's possible it fell over under load. If you specifically want a NIST server, try one of the others at http://tf.nist.gov/tf-cgi/servers.cgi but pool.ntp.org is an extremely good idea. Also, you can try the more fully featured NTP Client/Server RouterO...
by Discus
Thu Dec 06, 2012 11:49 am
Forum: General
Topic: sntp problem - I don't get the time.....
Replies: 6
Views: 1191

Re: sntp problem - I don't get the time.....

Have you tried a different NTP server? It's generally a good idea to set up a secondary as well.

http://pool.ntp.org has plenty of candidates you can try :)

Failing that, and assuming you have internet connectivity from that router, I can only suggest power-cycling the unit in question.
by Discus
Thu Dec 06, 2012 11:44 am
Forum: RouterBOARD hardware
Topic: Analog Telephone Adapter (ATA) for RB?
Replies: 5
Views: 2306

Re: Analog Telephone Adapter (ATA) for RB?

I've not seen any Mikrotik specific stuff, but you could always use a 3rd party ATA and appropriate configs in your CPEs to pass traffic back to your VOIP server at the datacentre. If you need something more complex than a simple phone extension, then you'll probably need more complex devices; these...
by Discus
Thu Dec 06, 2012 11:33 am
Forum: General
Topic: Looking Glass Type Software for RouterOS Request
Replies: 2
Views: 963

Re: Looking Glass Type Software for RouterOS Request

I've scarcely any BGP experience, but I imagine you can set up e.g. a PC-based quagga server as a route reflector (or otherwise "sucking"/copying/cloning its routes from your Mikrotik) or similar and then use lookingglass on that? That way the quagga server "knows" the same info as your router, but ...
by Discus
Thu Dec 06, 2012 11:25 am
Forum: General
Topic: Dynamic mapping of Private IPs to Public IPs
Replies: 1
Views: 608

Re: Dynamic mapping of Private IPs to Public IPs

There may be a Miktotik way of doing this, but this sounds very much like a job for a separate RADIUS server. Another option, since you have lots and lots of private address space, is that you can simply create another DHCP pool for the other users, and add new ones as your userbase outgrows the sub...
by Discus
Thu Dec 06, 2012 11:19 am
Forum: Beginner Basics
Topic: static routing question
Replies: 2
Views: 656

Re: static routing question

Use src and dst nat rules to translate between the public and private addresses on your gateway router (I assume the public address is routed to your gateway router). e.g. in Winbox, IP>Firewall>NAT + Chain: Srcnat Src Address: <private> Action: src-nat To Addresses <public> OK + dstnat dst address:...
by Discus
Thu Dec 06, 2012 11:07 am
Forum: RouterBOARD hardware
Topic: RB450G DHCP Subnet Mask
Replies: 1
Views: 1986

Re: RB450G DHCP Subnet Mask

IP>DHCP>Networks double click on the DHCP network you want to change change the netmask. it's generally a good idea to change the address in the same place too - so if you're e.g. splitting a /24 into two /25s, make the netmask 25 (or 255.255.128) and the Address x.x.x.x/25 click OK. Changes only ta...
by Discus
Thu Dec 06, 2012 11:03 am
Forum: Wireless Networking
Topic: IP plug and play
Replies: 4
Views: 1267

Re: IP plug and play

As long as that IP address doesn't conflict with another, it should be OK as long as your firewall rules allow it. I am of course assuming that the static IP addresses are something you know in advance (i.e. you use DHCP to hand out addresses from e.g. the bottom half of 192.168.1.0/24 and staticall...
by Discus
Thu Dec 06, 2012 10:54 am
Forum: General
Topic: sntp problem - I don't get the time.....
Replies: 6
Views: 1191

Re: sntp problem - I don't get the time.....

Are there perhaps any firewalls in the way?
by Discus
Thu Dec 06, 2012 10:47 am
Forum: Beginner Basics
Topic: Two separate networks on one device
Replies: 4
Views: 2281

Re: Two separate networks on one device

To be sure you get all the traffic, you'll be better off with firewall rules; I generally find that routerboards (being routers) merrily pass packets between connected VLANs, which most switches (being L2 devices) don't do. Simply specify some firewall reject/drop rules in the forward chain with the...
by Discus
Thu Dec 06, 2012 10:36 am
Forum: General
Topic: Howto tunnel hotspot traffic directly to internet router
Replies: 3
Views: 1162

Re: Howto tunnel hotspot traffic directly to internet router

A possible solution to this is to simply drop/reject all traffic from 10.1.1.0/24 to 192.168.1.0/24 (IP>Firewall; you'll need a forward chain rule) - make sure you first allow connections to 192.168.1.1, otherwise they'll get no internet.
by Discus
Tue Dec 04, 2012 9:55 am
Forum: RouterBOARD hardware
Topic: RB450 Capacitors problem?
Replies: 120
Views: 42213

Re: RB450 Capacitors problem?

Not sure exactly when I bought this RB750, but it's the second one to fail (at around 6am yesterday) in the exact same place in the network.
On reading this thread, I've swapped out the 24V adaptor that was powering it to a 12V for the replacement RB750. Fun start to a Monday morning...
by Discus
Fri Nov 09, 2012 10:09 am
Forum: General
Topic: ipv6 subnet-router anycast - how to disable?
Replies: 6
Views: 2606

Re: ipv6 subnet-router anycast - how to disable?

*bump* ?
by Discus
Thu Oct 25, 2012 12:14 pm
Forum: General
Topic: Download limit for websites like youtube, rapidshare etc.
Replies: 3
Views: 3430

Re: Download limit for websites like youtube, rapidshare etc

It works by examining the packets for Layer7 traffic containing "videoplayback" (which youtube uses) and then assigning packet marks based on this which are then used in the queues to limit traffic. You may find (if you have space/computer lying about the place) that squid offers more power for this...
by Discus
Wed Oct 24, 2012 11:56 am
Forum: General
Topic: ipv6 subnet-router anycast - how to disable?
Replies: 6
Views: 2606

ipv6 subnet-router anycast - how to disable?

Our upstream ISP has asked us to use a /125 ipv6 subnet for the point-to-point link (ethernet) between our border router and their router. However, I can't get packets to flow from our network beyond their gateway IP on that /125. A friend with more IPv6 experience suggests any ipv6 link less than a...
by Discus
Sat Jul 30, 2011 2:31 pm
Forum: General
Topic: VLANs - mixed Cisco/Mikrotik
Replies: 6
Views: 3533

Re: VLANs - mixed Cisco/Mikrotik

fewi - Many, many thanks for your invaluable advice! I figured out why a lot of the inter-router VLAN traffic was broken. Some idiot forgot to allow VLAN 2 on the trunk between the 3750 and the core RB1000... Oops...! Anyway, your proposed network makes a lot more sense, so I'm going that route! I'm...
by Discus
Fri Jul 29, 2011 7:32 pm
Forum: General
Topic: VLANs - mixed Cisco/Mikrotik
Replies: 6
Views: 3533

VLANs - mixed Cisco/Mikrotik

Hi there, I've been scratching my head and pounding it on the desk in frustration for the past little while. I have read the VLAN wiki entry numerous times and it hasn't (yet) lead to a lightbulb moment! I'm trying to split 2 sections of a network off from the rest with a couple of VLANs in a mixed ...
by Discus
Wed Feb 09, 2011 12:39 pm
Forum: General
Topic: how to block https://www.facebook.com
Replies: 23
Views: 34593

Re: how to block https://www.facebook.com

On *very* crude method of blocking facebook is to drop all packets containing facebook - in chain forward, put facebook into the content field under Advanced in winbox IP>firewall filter rules. Use Action reject with icmp host prohibited.
by Discus
Fri Nov 13, 2009 2:08 pm
Forum: General
Topic: Networking redundancy
Replies: 1
Views: 941

Networking redundancy

Hi there, I've currently got two different sites, one has managed switching infrastructure and the other not. In the unmanaged environment (Building 1&2), there are 2 ways to get to the main "campus" (building 3) - a MikroTik wireless link, or a Speedstream SDSL link. Obviously, the Mikrotik link is...