Community discussions

MikroTik App

Search found 168 matches

by MrYan
Fri Mar 15, 2024 11:35 pm
Forum: RouterBOARD hardware
Topic: Upgrade from RB750Gr3
Replies: 16
Views: 955

Re: Upgrade from RB750Gr3

Might regret the 5009 if they run into the issues with throughput the devices has (see viewtopic.php?t=182691 for example).
by MrYan
Fri Mar 15, 2024 11:29 pm
Forum: Virtualization
Topic: SR-IOV with CHR - What hypervisors are you using ?
Replies: 22
Views: 2067

Re: SR-IOV with CHR - What hypervisors are you using ?

Neither DPDK nor eBPF/XDP is in any way related to SR-IOV, which is a standard hardware-level technology for I/O virtualization offering bare-metal throughput. Additionally, ROS uses Linux kernel netfilter/nftables, not Berkeley Packet Filter or DPDK which are a bunch of user-land network drivers a...
by MrYan
Fri Mar 15, 2024 11:20 pm
Forum: General
Topic: Feature Request: address-list for /ip dns
Replies: 3
Views: 275

Re: Feature Request: address-list for /ip dns

The part I thought might be applicable was:
/ip dns static add address-list=mikrotik match-subdomain=yes name=mikrotik.com type=FWD
by MrYan
Wed Mar 13, 2024 10:18 pm
Forum: General
Topic: Feature Request: address-list for /ip dns
Replies: 3
Views: 275

Re: Feature Request: address-list for /ip dns

Is your use case different to what is outlined in viewtopic.php?p=952360#p952360?
by MrYan
Tue Mar 12, 2024 6:37 pm
Forum: Virtualization
Topic: SR-IOV with CHR - What hypervisors are you using ?
Replies: 22
Views: 2067

Re: SR-IOV with CHR - What hypervisors are you using ?

Performance improvement with SR-IOV VF or PCI Passthrough NIC isn't likely to be all that great. You'll bypass the hypervisor network stack (which will remove some performance bottleneck) but you'll still only have Linux networking in the CHR as it doesn't use acceleration technology such as DPDK or...
by MrYan
Wed Feb 28, 2024 9:58 pm
Forum: General
Topic: Ability to print interface traffic for logging
Replies: 5
Views: 912

Re: Ability to print interface traffic for logging

Let's hope the OP wasn't waiting 3+ years for an answer!
by MrYan
Wed Feb 28, 2024 9:56 pm
Forum: General
Topic: QinQ vlan bridge - help needed
Replies: 11
Views: 1035

Re: QinQ vlan bridge - help needed

You could put vlan-2 and vlan-8 into another bridge and run DHCP server on that second bridge. As only a single bridge can be hardware accelerated that might be an issue on some hardware. The CCR1036 won't be impacted as it doesn't have a switch chip. The CCR2116 does have a switch chip so performan...
by MrYan
Wed Feb 28, 2024 3:35 pm
Forum: General
Topic: QinQ vlan bridge - help needed
Replies: 11
Views: 1035

Re: QinQ vlan bridge - help needed

I'd have approached this a different way albeit likely it won't meet your intentions. Rather than pop VLAN 161 off before it gets to the bridge, I'd have added "SL LACP" into the bridge. Then add a vlan interface that decapsulates VLAN 161: /interface vlan add interface=bridge1 name=vlan-1...
by MrYan
Tue Feb 20, 2024 11:13 am
Forum: General
Topic: Possible L2 MTU issues with EoIP Tunnel and Bridge
Replies: 2
Views: 573

Re: Possible L2 MTU issues with EoIP Tunnel and Bridge

Did you ping with DF set when you got 1500 bytes through?
by MrYan
Sun Feb 11, 2024 9:10 pm
Forum: General
Topic: S-RJ01 - terribly unrelibable?
Replies: 4
Views: 424

Re: S-RJ01 - terribly unrelibable?

Mine runs very hot as well. That's the only issue I've noticed with it however.
by MrYan
Sat Feb 03, 2024 1:03 pm
Forum: General
Topic: [Discussion] MikroTik configuration abstraction complexity
Replies: 72
Views: 4463

Re: [Discussion] MikroTik configuration abstraction complexity

Why they never scaled up and take VC money like Juniper is beyond me. Look up founded date/year of Juniper and MikroTik, both started in the same era, one's rich, one's broke… One was so rich it sold out to HPE (who will ruin it). The other probably makes decent money for the founder/owner and staff.
by MrYan
Fri Dec 29, 2023 12:41 am
Forum: General
Topic: BGP peer goes down, no ACK for 60 minutes
Replies: 22
Views: 2818

Re: BGP peer goes down, no ACK for 60 minutes

I have 3 support tickets open and have had little response to them either.
by MrYan
Mon Dec 25, 2023 11:58 pm
Forum: General
Topic: [SOLVED] IPv6 policy routing with multiple routing tables - which gateway to use?
Replies: 9
Views: 1917

Re: IPv6 policy routing with multiple routing tables - which gateway to use?

Also, got a minor problem - it seems like that from a VRF it's not possible to reach any of the services on the router such as DNS, HTTP, etc (even on a non-VRF interface's IP) - inter-VRF routing is set up and machines on both sides (the VRF and the "main" routing table) can reach each o...
by MrYan
Tue Dec 12, 2023 6:04 pm
Forum: General
Topic: [SOLVED] IPv6 policy routing with multiple routing tables - which gateway to use?
Replies: 9
Views: 1917

Re: IPv6 policy routing with multiple routing tables - which gateway to use?

Create two VRFs (one for FR, the other for UK) and put the relevant interfaces into each one. You can then have a default route per VRF.
by MrYan
Mon Dec 11, 2023 5:46 pm
Forum: Announcements
Topic: v7.13rc [testing] is released!
Replies: 178
Views: 49138

Re: v7.13rc [testing] is released!

how is this a bug? The order doesn’t matter - at all.
There is also no equivalent brctl command to do that in linux.
Maybe or maybe not. I observed an issue with ordering of bridge ports on 7.12.1 - viewtopic.php?p=1041276
by MrYan
Mon Dec 11, 2023 12:12 pm
Forum: General
Topic: Bridge all ports on hAP AX^2
Replies: 7
Views: 1509

Re: Bridge all ports on hAP AX^2

Relevant configuration below. Yes, I know there will be comments about the problem being elsewhere and the whole configuration is required but I'll take my chances. Things work, so this is more a case of leaving some information in case others encounter the same problem. /interface bridge add admin-...
by MrYan
Mon Dec 11, 2023 10:46 am
Forum: General
Topic: Bridge all ports on hAP AX^2
Replies: 7
Views: 1509

Re: Bridge all ports on hAP AX^2

My query is to those who have a hAP ax^2 and have tried to bridge all ports. Non-working configuration was: Flags: X - DISABLED, I - INACTIVE Columns: INTERFACE, BRIDGE, HW, PVID, PRIORITY, PATH-COST, INTERNAL-PATH-COST, HORIZON # INTERFACE BRIDGE HW PVID PRIORITY PATH-COST INTERNAL-PATH-COST HORIZO...
by MrYan
Sun Dec 10, 2023 7:37 pm
Forum: General
Topic: Bridge all ports on hAP AX^2
Replies: 7
Views: 1509

Bridge all ports on hAP AX^2

The hAP ax^2 comes with ether1 as a WAN port and ether2-5 as LAN. I wanted to have all 5 ports in the bridge so I went ahead and added ether1 to the bridge. Didn't work, so I rebooted the router - which made no difference. What did get it working was to make ether1 the first entry in the bridge port...
by MrYan
Mon Dec 04, 2023 12:13 pm
Forum: General
Topic: Force ipv4 to use for some sites if it have ipv4 and ipv6 address (ipv6 sit tunnelbroker)
Replies: 4
Views: 1182

Re: Force ipv4 to use for some sites if it have ipv4 and ipv6 address (ipv6 sit tunnelbroker)

You could also block based on FQDN - for example: /ipv6 firewall address-list add list=block_site address=www.google.com /ipv6 firewall filter add chain=forward place-before=1 connection-state=new dst-address-list=block_site out-interface-list=WAN action=reject reject-with=icmp-admin-prohibited Does...
by MrYan
Wed Nov 29, 2023 11:28 pm
Forum: General
Topic: Strange switching behaviour for a packet with unknown MAC?
Replies: 4
Views: 1169

Re: Strange switching behaviour for a packet with unknown MAC?

If a switch receives a frame on a port it (passively) learns the source MAC address and caches it. However, if it needs to send to an unknown destination MAC address then it unicast forwards on all ports (https://en.wikipedia.org/wiki/Unicast_flood).
by MrYan
Sun Nov 19, 2023 6:35 pm
Forum: General
Topic: My RB750 is not show in network interface
Replies: 3
Views: 829

Re: My RB750 is not show in network interface

If it resets after a short time, it's likely some of the capacitors have bulged and gone bad.
by MrYan
Sun Nov 19, 2023 11:56 am
Forum: Announcements
Topic: v7.12.1 [stable] is released!
Replies: 252
Views: 90686

Re: v7.12 [stable] is released!

Unable to get hardware offloading working on a hAP ax3 (C53UiG+5HPaxD2HPaxD), any suggestions?
The IPQ-PPE switch isn't supported yet for L2HW offload.
by MrYan
Sat Nov 11, 2023 8:31 pm
Forum: Announcements
Topic: v7.12.1 [stable] is released!
Replies: 252
Views: 90686

Re: v7.12 [stable] is released!

"Noticed that on all of them I needed to reboot a second time to upgrade the routerboard firmware despite having "/system routerboard settings set auto-upgrade=yes" configured." This has always been required. All the auto-upgrade does is save you the effort of having to go in an...
by MrYan
Sat Nov 11, 2023 4:33 pm
Forum: General
Topic: Mellanox 40Gbp and 100Gb NIC cards issue RoS v7.11
Replies: 3
Views: 745

Re: Mellanox 40Gbp and 100Gb NIC cards issue RoS v7.11

Ok so more tests done..

Memory upgrade on servers to 78GB R420 and 96GB on R620...

somehow it increased the speeds as expected we are now getting 64Gbps aggregate troughput between servers
More RAM likely means more channels in use to the socket and so more memory bandwidth.
by MrYan
Sat Nov 11, 2023 4:28 pm
Forum: Announcements
Topic: v7.12.1 [stable] is released!
Replies: 252
Views: 90686

Re: v7.12 [stable] is released!

Upgrade from 7.11.2 seems to have gone okay on 2x hEX (RB750Gr3) and 1x hAP AX^2. Noticed that on all of them I needed to reboot a second time to upgrade the routerboard firmware despite having "/system routerboard settings set auto-upgrade=yes" configured. Like the extra logging for scrip...
by MrYan
Tue Nov 07, 2023 2:08 pm
Forum: Announcements
Topic: Newsletter #114 | September 2023
Replies: 72
Views: 13185

Re: Newsletter #114 | September 2023

I replied to support stating that the brochures didn't explicitly state non-contiguous intra-band CA was supported. I pointed out that for the R11e-LTE6 modem there was an explicit statement in the brochure that it only supported contiguous intra-band CA. The response was "In the case of R11e-L...
by MrYan
Tue Nov 07, 2023 10:34 am
Forum: Announcements
Topic: Newsletter #114 | September 2023
Replies: 72
Views: 13185

Re: Newsletter #114 | September 2023

I asked support (SUP-133576) the question about non-contiguous intra-band carrier aggregation on the FG621-EA modem. Their response was: Yes, these devices support intra-band CA. You can find out more in their brochures: https://i.mt.lv/cdn/product_files/hAPaxliteLTE6_230832.pdf https://i.mt.lv/cdn/...
by MrYan
Sat Nov 04, 2023 3:44 pm
Forum: Announcements
Topic: Newsletter #114 | September 2023
Replies: 72
Views: 13185

Re: Newsletter #114 | September 2023

Does the FG621-EA support non-contiguous intra-band carrier aggregation?
by MrYan
Fri Nov 03, 2023 3:40 pm
Forum: RouterBOARD hardware
Topic: Hap AX2 max CPU temp
Replies: 7
Views: 3988

Re: Hap AX2 max CPU temp

My AX2 has 55C when idle, is it okay?
Just checked, around 53C here.
Mine is also 53C in the UK. Co-incidence I hope, rather than a stuck temperature reading!
by MrYan
Sun Oct 29, 2023 10:29 am
Forum: Beginner Basics
Topic: Double tagged VLAN on WAN
Replies: 1
Views: 893

Re: Double tagged VLAN on WAN

Create a VRF with the VoIP VLAN interface and ether3 in it.
Add a default route in the VRF out the VoIP VLAN interface if not already there via DHCP.
Put VoIP VLAN interface in WAN interface list and ether3 in LAN interface list.
by MrYan
Thu Oct 26, 2023 6:54 pm
Forum: General
Topic: LTE passthrough configuration from *another* router
Replies: 2
Views: 1507

Re: LTE passthrough configuration from *another* router

Other brand devices may have a bridge mode which will allocate an IPv4 address via DHCP. Whether it'll work with IPv6 is down to their implementation.
by MrYan
Wed Oct 18, 2023 6:11 pm
Forum: General
Topic: Give to a specific static DHCP a specific DNS [SOLVED]
Replies: 7
Views: 1103

Re: Give to a specific static DHCP a specific DNS [SOLVED]

/ip dhcp-server option add code=6 name=Google value="'8.8.8.8'" and set this option to the desired dhcp static lease Thank you for your kind help, I've tried with 6 and it doesn't accept this value, are you sure it's 6? Thanks dnszh.jpg Put the Value (DNS server IP) in single quotes.
by MrYan
Sun Oct 08, 2023 10:48 am
Forum: Beginner Basics
Topic: ip pool used - column pool print "*A" or "*1" - what is it [SOLVED]
Replies: 3
Views: 1134

Re: ip pool used - column pool print "*A" or "*1" - what is it [SOLVED]

They are the internal identifiers for the pools that were deleted.
by MrYan
Sat Oct 07, 2023 12:48 pm
Forum: Beginner Basics
Topic: ip pool used - column pool print "*A" or "*1" - what is it [SOLVED]
Replies: 3
Views: 1134

Re: ip pool used - column pool print "*A" or "*1" - what is it [SOLVED]

You deleted the pools but there are still some addresses allocated.
by MrYan
Fri Sep 29, 2023 11:58 am
Forum: General
Topic: Why are there no production-grade L3 switches from MikroTik in 2023?
Replies: 26
Views: 4273

Re: Why are there no production-grade L3 switches from MikroTik in 2023?

Even if they made the hardware, the lack of paid software support would limit the market for MikroTik. No serious operator is going to run hardware with no realistic prospect of a fix in a timely manner.
by MrYan
Mon Aug 28, 2023 9:49 pm
Forum: General
Topic: Brought two HAP ax3, but different RAM memrories. What is your ax3's RAM size? [SOLVED]
Replies: 19
Views: 2110

Re: Brought two HAP ax3, but different RAM memrories. What is your ax3's RAM size? [SOLVED]

uptime: 1w3d22h33m12s version: 7.11 (stable) build-time: Aug/15/2023 06:33:51 factory-software: 7.5 free-memory: 594.4MiB total-memory: 928.0MiB cpu: ARM64 cpu-count: 4 cpu-frequency: 864MHz cpu-load: 0% free-hdd-space: 95.2MiB total-hdd-space: 128.5MiB write-sect-since-reboot: 1478 write-sect-tota...
by MrYan
Thu May 11, 2023 11:19 pm
Forum: General
Topic: ROS 7.9 IPSec defect
Replies: 24
Views: 4711

Re: ROS 7.9 IPSec defect

I have this problem with ProtonVPN. It worked before on 7.8 but not after upgrade to 7.9 on a hAP AX2. Now something has changed, but it looks to me like I need to have the whole certificate chain: From https://wiki.mikrotik.com/wiki/Manual:IP/IPsec: All EAP methods requires whole certificate chain ...
by MrYan
Fri May 05, 2023 10:50 pm
Forum: Announcements
Topic: v7.9 [stable] is released!
Replies: 242
Views: 53715

Re: v7.9 [stable] is released!

I am getting error "can't verify peer's certificate from store" again on the ipsec setup. I tried reupload the root CA again but no avail.
Same for me. Working ProtonVPN connection broke. Uploaded the root certificate again and still doesn't work.
by MrYan
Mon Apr 17, 2023 11:32 pm
Forum: General
Topic: Amazon Alexa Calls not working unless...
Replies: 10
Views: 923

Re: Amazon Alexa Calls not working unless...

If performance is good enough with it disabled, then yes - permanently disable the feature. thanks if I would like to better investigate and search the "error" where do you recommend start searching? Hard to say. You have an RB5009 and RouterOS 7 both of which have quirks. If it affects A...
by MrYan
Sat Apr 15, 2023 5:29 pm
Forum: General
Topic: Amazon Alexa Calls not working unless...
Replies: 10
Views: 923

Re: Amazon Alexa Calls not working unless...

Apparently yes. So the solution is to globally and permanently disable this feature?
If performance is good enough with it disabled, then yes - permanently disable the feature.
by MrYan
Sat Apr 15, 2023 12:31 am
Forum: General
Topic: Amazon Alexa Calls not working unless...
Replies: 10
Views: 923

Re: Amazon Alexa Calls not working unless...

Does it work if you configure "/ip/settings/set allow-fast-path=no"?
by MrYan
Sat Mar 18, 2023 6:01 pm
Forum: General
Topic: [Feature Request] 'configure replace'-like Proposal for ROS 7.x
Replies: 6
Views: 624

Re: [Feature Request] 'configure replace'-like Proposal for ROS 7.x

I like the proposal. It'd be a handy addition. Will it happen? Probably not unfortunately.
by MrYan
Mon Jan 23, 2023 9:32 pm
Forum: General
Topic: Memory leak after L2TP enble with RoS7.6
Replies: 1
Views: 323

Re: Memory leak after L2TP enble with RoS7.6

See a similar thing (although not with the same severity) on 7.7 on a hAP ax2 using an L2TP tunnel for Internet access:
monthly.gif
It's low bandwidth/throughput which might explain the slow leak.
by MrYan
Fri Dec 02, 2022 10:54 pm
Forum: Wireless Networking
Topic: hAP ax2 randomly drops WiFi SSIDs (both 2,4 and 5Ghz)
Replies: 127
Views: 24914

Re: hAP ax2 randomly drops WiFi SSIDs (both 2,4 and 5Ghz)

I also have random Wi-Fi drops on the hAP ax2 but in station mode. I've only seen it on 5 Ghz which made me think it was the AP to blame.

Could be that the drivers in ROS 7 are immature and not very stable at present.
by MrYan
Mon Aug 22, 2022 8:38 pm
Forum: General
Topic: Multiple DHCP pools on same interface filtered by mac address
Replies: 12
Views: 1036

Re: Multiple DHCP pools on same interface filtered by mac address

Do the Dahua devices have a unique Class-ID in DHCP requests? If so, you could use Vendor Classes - https://wiki.mikrotik.com/wiki/Manual:I ... or_Classes
by MrYan
Mon Aug 15, 2022 6:26 pm
Forum: General
Topic: Dumb firewall question
Replies: 12
Views: 1288

Re: Dumb firewall question

You could just have 2) and DROP INVALID without the other rules.
by MrYan
Fri Nov 12, 2021 11:15 am
Forum: Virtualization
Topic: Is it possible to create a script that updates the domain record every time the pppoe connection is established?
Replies: 2
Views: 4737

Re: Is it possible to create a script that updates the domain record every time the pppoe connection is established?

Couple of options:
Configure on-up in the PPP profile and then run a script using /tool/fetch to update DNS (if possible).
Use /ip/cloud to get a Mikrotik dns-name (SERIAL_NUMBER..sn.mynetname.net) and CNAME to that from your domain.

The latter is possibly the more reliable (and less work).
by MrYan
Tue Aug 31, 2021 9:27 pm
Forum: RouterOS beta
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 43348

Re: v7.1rc2 [development] is released!

Stats for firewall filter entries doesn't work from CLI: [user@MikroTik] > /ip/firewall/filter/print stats Flags: X, I - INVALID Columns: CHAIN, ACTION <SNIP> But does for NAT: [user@MikroTik] > /ip/firewall/nat/print stats Flags: X, I - INVALID Columns: CHAIN, ACTION, BYTES, PACKETS <SNIP> IPv6 doe...
by MrYan
Thu Jun 10, 2021 12:02 am
Forum: Scripting
Topic: Python SSH API for MikroTik devices
Replies: 5
Views: 3135

Re: Python SSH API for MikroTik devices

Your getters and setters are quite similar to Napalm (https://napalm.readthedocs.io/en/latest/base.html). You might want to see if there is some synergy between your work and theirs.
by MrYan
Thu Apr 01, 2021 4:03 pm
Forum: General
Topic: CRS404-96s-8q-rm data sheet
Replies: 2
Views: 1003

Re: CRS404-96s-8q-rm data sheet

LOL - What RouterOS version does it run? 9.0beta0.1?
by MrYan
Tue Oct 13, 2020 11:14 pm
Forum: RouterOS beta
Topic: CRS 3xx - L3 ASIC performance testing
Replies: 35
Views: 11803

Re: CRS 3xx - L3 ASIC performance testing

That is a typical case for CPU, where each packet causes an interrupt, which, in turn, adds performance overhead. ASIC doesn't care much about the packet count. This. In fact you did well to get 1 Mpps from a Linux box (Proxmox/KVM) without any tuning. CloudFlare had to put a lot of effort into tun...
by MrYan
Sun Sep 06, 2020 3:53 pm
Forum: General
Topic: IKEv2 SA killed after 5 seconds due to short DNS TTL (Surfshark)
Replies: 30
Views: 12655

Re: IKEv2 SA killed after 5 seconds due to short DNS TTL (Surfshark)

/ip firewall mangle
add action=change-mss chain=forward new-mss=1360 protocol=tcp tcp-flags=syn tcp-mss=1453-65535
Might be being slow on a Sunday, but why is there a difference between the new MSS of 1360 and 1453 for the old MSS?
by MrYan
Sat Jul 25, 2020 4:24 pm
Forum: General
Topic: CCR2004 - High CPU load?
Replies: 2
Views: 1709

Re: CCR2004 - High CPU load?

Is this normal? I see it only has 4 CPU's but surely a device with 12 SFP+ ports should be easily be able to handle much much more throughput? Worst case performance from https://mikrotik.com/product/ccr2004_1g_12s_2xs#fndtn-testresults is ~ 500 Mbps. However, I don't think you'll be running a cons...
by MrYan
Sun Jul 12, 2020 9:41 pm
Forum: RouterBOARD hardware
Topic: Mikrotik VDSL Router for UK
Replies: 4
Views: 3587

Re: Mikrotik VDSL Router for UK

Something like a Vigor 130 would be a decent bridge modem. Should work with BT on default settings. Just need the correct PPP client setting then.
by MrYan
Tue Jun 09, 2020 8:30 pm
Forum: Announcements
Topic: v6.47 [stable] is released!
Replies: 348
Views: 171213

Re: v6.47 [stable] is released!

Did try with 6.45.9 as well but that exhibited the same problem. As it says in the opening post: Please keep this forum topic strictly related to this particular RouterOS release. Okay, I mentioned another release but I was testing it with 6.47 (hence in this thread) so from a strict perspective yo...
by MrYan
Mon Jun 08, 2020 9:13 pm
Forum: Announcements
Topic: v6.47 [stable] is released!
Replies: 348
Views: 171213

Re: v6.47 [stable] is released!

Anyone have any issues with link on ether2 on RB4011? New device and I can only get link with slight down pressure on the cable on this port only. I think it's a mechanical issue but the port looks okay from visual inspection and the whole block of 5 ports I imagine is soldered to the board. Unlikel...
by MrYan
Fri Aug 03, 2018 11:21 pm
Forum: General
Topic: "crs317 - improved transmit performance between 10G and 1G ports"
Replies: 3
Views: 2011

Re: "crs317 - improved transmit performance between 10G and 1G ports"

Usually where there is a large mismatch in speed, the issue is down to lack of buffers. If you have packets arriving at 10 Gbps and need to send to a port that is only 1 Gbps you need to absorb the burst to stop TCP slowing down. If I had to guess, this would be the problem that was resolved (or mit...
by MrYan
Tue Feb 13, 2018 8:44 pm
Forum: General
Topic: Connection Tracking - Field Explanation
Replies: 6
Views: 4582

Re: Connection Tracking - Field Explanation

They are timeouts when no further packets are seen. Usually (with 2 way communication) the router would remove the UDP connection from the state table after the (default) 3 minutes of inactivity. With your new setting this would happen after 30 minutes. Beware of filling the connection table with en...
by MrYan
Fri Dec 22, 2017 8:08 pm
Forum: Announcements
Topic: v6.41 [current]
Replies: 304
Views: 138884

Re: v6.41 [current]

Upgrade on RB450G went smoothly. Changes to ethernet removing master-port, interface list adding default lists and then neighbour discovery and mac-server to use the lists.
by MrYan
Tue Oct 24, 2017 1:01 pm
Forum: Forwarding Protocols
Topic: Anybody knows some BGP Blackhole free service?
Replies: 2
Views: 998

Re: Anybody knows some BGP Blackhole free service?

Yeah, there is a definite cost to null routing > 500 Gbps of traffic.
by MrYan
Mon Jan 16, 2017 3:09 pm
Forum: Beginner Basics
Topic: Long output - how to paginate?
Replies: 4
Views: 1412

Re: Long output - how to paginate?

Some commands won't page (/log print & /export for example). Does this apply to all commands? What version of ROS are you running?
by MrYan
Mon Jan 16, 2017 11:56 am
Forum: Beginner Basics
Topic: Long output - how to paginate?
Replies: 4
Views: 1412

Re: Long output - how to paginate?

By default the CLI paginates - have you got some weird termtype set?
by MrYan
Mon Oct 17, 2016 9:49 am
Forum: General
Topic: CHR PPP MTU
Replies: 2
Views: 1107

Re: CHR PPP MTU

The behaviour of dropping MTU from 1500 to 1480 seems to be related to the Mikrotik sending a large LCP Echo packet and not getting a (valid) reply (see my posts here - http://forum.mikrotik.com/viewtopic.php?f=2&t=112520).
by MrYan
Mon Oct 03, 2016 11:37 am
Forum: Scripting
Topic: ppp profile scripts
Replies: 2
Views: 4654

Re: ppp profile scripts

isn't is $"remote-address"?
by MrYan
Mon Sep 26, 2016 2:39 pm
Forum: General
Topic: PPPoE and MTU > 1488
Replies: 7
Views: 5550

Re: PPPoE and MTU > 1488

Yeah, BT do support 1500 byte MTU. It's worked in the past - not sure when it stopped - I only noticed when I upgraded to 6.37 but was the same on downgrade. Most likely, BT have changed something in their network.
by MrYan
Mon Sep 26, 2016 9:53 am
Forum: General
Topic: PPPoE and MTU > 1488
Replies: 7
Views: 5550

Re: PPPoE and MTU > 1488

The VLAN insertion is done on the Vigor (not on the Mikrotik). I've tried with larger MTU (1520 which is the maximum the Vigor supports) with no change to behaviour. I'm sure you are correct - the path between me and the exchange is probably short 4 bytes (most likely a VLAN tag) but getting BT to d...
by MrYan
Sat Sep 24, 2016 2:56 pm
Forum: General
Topic: PPPoE and MTU > 1488
Replies: 7
Views: 5550

Re: PPPoE and MTU > 1488

The interface MTU on the Mikrotik and DSL modem (Vigor 130) is set to 1508 bytes so the path to the BRAS should be capable of sending > 1492 byte packets. I see in the PPPoE discovery that the Mikrotik advertises PPP-Max-Payload for RFC 4638 negotiation (05dc == 1500): Frame 1: 38 bytes on wire (304...
by MrYan
Fri Sep 23, 2016 2:16 pm
Forum: General
Topic: PPPoE and MTU > 1488
Replies: 7
Views: 5550

PPPoE and MTU > 1488

Upgraded to 6.37 this morning and noticed that even with max-mtu=1500 on the pppoe-client interface that the MTU changes to 1480 after between 3-5 seconds (seen using monitor command on interface). Thought it was a problem with 6.37 so downgraded back to 6.36.3 but that exhibited the same problem. T...
by MrYan
Tue Sep 20, 2016 12:15 pm
Forum: General
Topic: Terminal length?
Replies: 1
Views: 2132

Re: Terminal length?

Not without adding 'without-paging' to the end of each command to get no more messages.

You could try the '+hN' on the end of your username - http://wiki.mikrotik.com/wiki/Manual:Co ... in_process
by MrYan
Fri Jul 22, 2016 12:03 am
Forum: General
Topic: Replacing config without reboot
Replies: 5
Views: 2777

Re: Replacing config without reboot

I've looked into the "diff" option but it's non-trivial - IMHO you need to implement a full parser to do it. For example, if I send the configuration  /interface set loop comment="Test Comment"   what is the diff if the configuration is /interface bridge add name=loop mtu=2000 Yo...
by MrYan
Thu Jul 21, 2016 10:28 pm
Forum: General
Topic: Replacing config without reboot
Replies: 5
Views: 2777

Re: Replacing config without reboot

By replace, I mean clear the existing configuration and apply the new one (the equivalent of configure replace in IOS -  https://supportforums.cisco.com/document/29696/using-configure-replace-command ). My understanding is that the only way to do this would be /system reset-configuration with the ne...
by MrYan
Wed Jul 20, 2016 9:55 am
Forum: General
Topic: Replacing config without reboot
Replies: 5
Views: 2777

Replacing config without reboot

I'm working on some code (existing framework) that needs to merge and replace configuration on the router. The merge part is straightforward, but the replace part isn't AFAIK. I've read http://wiki.mikrotik.com/wiki/Manual:Configuration_Management and it offers no solutions. Does anyone have any cle...
by MrYan
Fri May 27, 2016 9:58 pm
Forum: General
Topic: IP Fragments and firewall rules
Replies: 6
Views: 3978

Re: IP Fragments and firewall rules

add chain=input/forward protocol=tcp fragment=yes action=accept
this sounds correct and usable, however wouldn't the implicit rule at the end of the chain just accept them anyhow?

I'd have thought so. I can't see anything that suggests the the implict ACCEPT doesn't accept fragments.
by MrYan
Thu May 26, 2016 2:43 pm
Forum: General
Topic: IP Fragments and firewall rules
Replies: 6
Views: 3978

Re: IP Fragments and firewall rules

add chain=input/forward protocol=tcp fragment=yes action=accept
by MrYan
Sun May 01, 2016 2:54 pm
Forum: General
Topic: IPv6 routes for interfaces in a IPv4 VRF
Replies: 3
Views: 2417

Re: IPv6 routes for interfaces in a IPv4 VRF

No.
by MrYan
Wed Dec 02, 2015 9:23 am
Forum: RouterBOARD hardware
Topic: ROS/SwOS on Whitebox Switches
Replies: 1
Views: 2005

Re: ROS/SwOS on Whitebox Switches

Should be easier if Mikrotik targetted something like the Switch Abstraction Interface (SAI) layer from Open Compute - http://www.opencompute.org/wiki/Network ... _Interface
by MrYan
Fri Sep 25, 2015 10:30 am
Forum: General
Topic: v6.33rc release candidate (final testing)
Replies: 202
Views: 64750

Re: v6.33rc release candidate

6.33rc15 will be released today.

*) pppoe - added support for MTU > 1492 on PPPoE;
Hi Strods, can you explain this?
I always used PPPoE at 1500Byte.
Hopefully they mean RFC4638 support.
by MrYan
Wed Sep 23, 2015 3:48 pm
Forum: General
Topic: Advice on bridged VLANs
Replies: 1
Views: 863

Re: Advice on bridged VLANs

I'd say it depends. If you want to bridge all VLANs from ether1 to ether5 then I'd put both interfaces into the bridge. If you want to be more selective than I'd add VLAN interfaces per port and create a bridge per VLAN. Also, unless you want to assign an IP address to the VLAN, I'd not bother creat...
by MrYan
Fri Sep 18, 2015 2:51 pm
Forum: General
Topic: Users connected via Mikrotik-Box can't access github.com? [SOLVED]
Replies: 7
Views: 2189

Re: Users connected via Mikrotik-Box can't access github.com? [SOLVED]

I suspect your problem is not the one you found on Google as that seems to be related to connecting to the Mikrotik itself via SSL and not problems with the Mikrotik forwarding SSL.

Usual problems with SSL is MTU size - can your users access any other SSL enabled sites (MS or eBay for example)?
by MrYan
Fri Sep 18, 2015 2:45 pm
Forum: RouterBOARD hardware
Topic: Real CCR1072 experience?
Replies: 52
Views: 16735

Re: Real CCR1072 experience?

If you put a 2 ms RTT (not unreasonable with a test port on each side of the DUT) into the calculator it gives a max throughput of ~ 58 Gbps at 1500/1460 bytes. Suggests that you don't need to tweak this at least. Might need to up the window size of the tester though (assuming it actually runs a TCP...
by MrYan
Fri Sep 18, 2015 1:36 pm
Forum: RouterBOARD hardware
Topic: Real CCR1072 experience?
Replies: 52
Views: 16735

Re: Real CCR1072 experience?

Described by whom please? I am writing as official representative of MikroTik now, that there is, and never was such limitation. http://forum.mikrotik.com/viewtopic.php?f=1&t=85698 http://forum.mikrotik.com/viewtopic.php?f=3&t=80057#p461377 http://forum.mikrotik.com/viewtopic.php?f=2&t=...
by MrYan
Fri Sep 18, 2015 11:21 am
Forum: RouterBOARD hardware
Topic: Real CCR1072 experience?
Replies: 52
Views: 16735

Re: Real CCR1072 experience?

The 1 Gbps limit was described as a per CPU forwarding limitation. To get 10 Gbps of throughput, you couldn't just send a single 10 Gbps TCP flow between two ports - you needed to aggregate 10x 1 Gbps TCP flows so that multiple CPUs could get involved in the forwarding to provide the aggregate 10 Gb...
by MrYan
Thu Jul 23, 2015 6:39 pm
Forum: Beginner Basics
Topic: Show NAT translation table
Replies: 5
Views: 19815

Re: Show NAT translation table

Latest RouterOS now shows the NAT status in the /ip firewall connections print output.
by MrYan
Sat Jun 27, 2015 8:43 pm
Forum: General
Topic: Huawei E8278s
Replies: 0
Views: 1611

Huawei E8278s

This dongle presents 4G PCUI (Serial interface) and NCM (Hilink) by default and it seems you can't get it to turn off the serial interface (SETPORT AT command). I also have a Huawei E3131 that presents the NCM/Hilink interface but no serial interface. The E3131 is seen as an LTE interface and works ...
by MrYan
Sat Jun 27, 2015 8:37 pm
Forum: General
Topic: USB 3G modem
Replies: 4
Views: 2680

Re: USB 3G modem

I've noticed that the E3131 in Hilink mode is seen as a LTE interface. This works well if you can live with the fact that the dongle NATs connections - the router doesn't get the external IP address but one allocated from 192.168.1.1 by the dongle.
by MrYan
Tue Jun 16, 2015 10:31 pm
Forum: Beginner Basics
Topic: Show NAT translation table
Replies: 5
Views: 19815

Re: Show NAT translation table

Use /ip firewall connection print detail - if the reply-src-address is different to dst-address (or reply-dst-address is different to src-address) then its NATing.
by MrYan
Sun Apr 26, 2015 4:08 pm
Forum: General
Topic: Sector writes
Replies: 11
Views: 4910

Re: Sector writes

Looks to me like its Winbox3 - I get 2 writes/second using winbox and 0 when using the CLI (via SSH).
by MrYan
Thu Jan 15, 2015 2:13 pm
Forum: General
Topic: Mikrotik Half Bridge PPPoE
Replies: 6
Views: 3971

Re: Mikrotik Half Bridge PPPoE

Poster wants PPP bridged over Ethernet not Ethernet bridged over PPP.
by MrYan
Wed Dec 17, 2014 12:13 pm
Forum: General
Topic: Support for PPPoE MTU > 1492 (via RFC4638 PPP-Max-Payload)
Replies: 19
Views: 8757

Re: Support for PPPoE MTU > 1492 (via RFC4638 PPP-Max-Payloa

In the UK, if your provider uses BT Wholesale you don't need RFC4638 (although it would be better if it were supported). You can negotiate an asymmetric MTU where its 1500 bytes into your router (from the Internet) and 1492 bytes out. This means that sites which filter ICMP Fragmentation Needed mess...
by MrYan
Wed Dec 17, 2014 11:07 am
Forum: General
Topic: RB751G/Router OS 61.9 with Sky Fibre
Replies: 2
Views: 1604

Re: RB751G/Router OS 61.9 with Sky Fibre

Plug the Mikrotik into the OpenReach modem then add configuration something like this: [admin@router] > /interface pppoe-client print detail Flags: X - disabled, R - running 0 R ;;; Sky Fibre name="pppoe-out1" max-mtu=1500 max-mru=1500 mrru=disabled interface=ether1 user="USER_NAME&qu...
by MrYan
Thu Dec 11, 2014 12:08 pm
Forum: Beginner Basics
Topic: Disable keepalives from GRE
Replies: 2
Views: 1437

Re: Disable keepalives from GRE

set number=X !keepalive
by MrYan
Mon Dec 01, 2014 5:21 pm
Forum: General
Topic: Problem with Huawei E3372 and RouterBOARD 951Ui 2HnD
Replies: 3
Views: 5706

Re: Problem with Huawei E3372 and RouterBOARD 951Ui 2HnD

I don't think you can do the initial change under RouterOS - you need to do it on a Windows/Linux box. Once its changed, it can be used on Mikrotik.
by MrYan
Thu Nov 27, 2014 12:33 pm
Forum: General
Topic: Problem with Huawei E3372 and RouterBOARD 951Ui 2HnD
Replies: 3
Views: 5706

Re: Problem with Huawei E3372 and RouterBOARD 951Ui 2HnD

Have you set it to modem mode? http://askubuntu.com/questions/381970/h ... modem-mode

On my E3131 I have both data-channel and info-channel set to 0.
by MrYan
Tue Nov 04, 2014 12:42 pm
Forum: General
Topic: Bug or feature? \00 in hostnames?
Replies: 7
Views: 3342

Re: Bug or feature? \00 in hostnames?

On mine the hostname file looks okay: [duck] Matt>od -c hostname 0000000 d s 1 1 0 j \n 0000007 [duck] Matt>od -c hosts 0000000 1 2 7 . 0 . 0 . 1 \t l o c a l h 0000020 o s t \n 1 9 2 . 1 6 8 . 1 4 4 . 0000040 8 \t d s 1 1 0 j \n \n \n \n \n \n \n \n 0000060 \n \n \n \n \n \n \n \n \n \n \n \n \n \n...
by MrYan
Tue Nov 04, 2014 11:55 am
Forum: General
Topic: Bug or feature? \00 in hostnames?
Replies: 7
Views: 3342

Re: Bug or feature? \00 in hostnames?

I see it with a Synology NAS as well. Don't recall if I saw it with Ubuntu Linux clients. I suspect that the host-name is the client identifier (option) which I don't think is a NULL terminated string. Chances are that the DHCP client is broken on embedded Linux devices.
by MrYan
Tue Oct 28, 2014 1:17 pm
Forum: General
Topic: PPPoE Public Routed subnet config
Replies: 5
Views: 2943

Re: PPPoE Public Routed subnet config

Just configure the public address with a /29 mask on another interface (Ethernet). The router will have the same IP address on two interfaces but will work. Causes issues with multicast but otherwise isn't normally a problem.


Matt.
by MrYan
Wed Oct 22, 2014 10:19 pm
Forum: Beginner Basics
Topic: PPPOE problems
Replies: 2
Views: 1165

Re: PPPOE problems

Delayed post?
by MrYan
Wed Oct 15, 2014 10:50 am
Forum: Beginner Basics
Topic: Firewall Mangle rule shows no traffic
Replies: 10
Views: 4186

Re: Firewall Mangle rule shows no traffic

I think your problem is the passthrough=no on the prerouting chain. Put the second part (to mark the packets) in the postrouting chain. You could also change the passthrough to be yes.

I'd also remove the port= part as its not required.
by MrYan
Mon Oct 13, 2014 5:21 pm
Forum: Beginner Basics
Topic: Firewall Mangle rule shows no traffic
Replies: 10
Views: 4186

Re: Firewall Mangle rule shows no traffic

Should it not be:
add action=mark-connection chain=prerouting comment=VPN \
    new-connection-mark=VPN port=1194 protocol=udp
add action=mark-packet chain=prerouting new-packet-mark=VPN connection-mark=VPN \
    passthrough=no

Matt.
by MrYan
Fri Sep 12, 2014 1:00 am
Forum: General
Topic: SSTP tunnel does not detect connection failure
Replies: 6
Views: 2263

Re: SSTP tunnel does not detect connection failure

AIUI, once enabled on the client, the server just responds to the relevant keep alive message.
by MrYan
Thu Sep 11, 2014 1:50 pm
Forum: General
Topic: SSTP tunnel does not detect connection failure
Replies: 6
Views: 2263

Re: SSTP tunnel does not detect connection failure

Do you have a keepalive-timeout set?
by MrYan
Tue Aug 26, 2014 6:11 pm
Forum: General
Topic: How filter output in /ip firewall connection print
Replies: 5
Views: 12325

Re: How filter output in /ip firewall connection print

I know that there's a way to filter the print output of a command and I use this regularly in the /ip route print output. But why it doesn't work on /ip firewall nat? For example when I try to filter out only the connections from a particular source address - it does not work, I've got empty output...
by MrYan
Fri Aug 01, 2014 1:03 pm
Forum: Wireless Networking
Topic: Planning of a inhouse wireless roaming network for a castle
Replies: 6
Views: 2361

Re: Planning of a inhouse wireless roaming network for a cas

If you have power (energy cables I assume is mains power) can you use power line for the backhaul for the access point?


Matt.
by MrYan
Tue Jul 22, 2014 11:19 am
Forum: General
Topic: ATTENTION, DISASTER! V.6.17
Replies: 57
Views: 21136

Re: ATTENTION, DISASTER! V.6.17

My 2011UAS-2HnD upgraded fine to 6.16 and then failed on upgrade (shortly after) to 6.17 with a message about loading kernel from NAND and then hanging. I got it going again using netinstall. No supout unfortunately.
by MrYan
Fri Jul 04, 2014 2:12 pm
Forum: General
Topic: USB 3G modem
Replies: 4
Views: 2680

Re: USB 3G modem

Hello:
Can anyone recommend me a USB 3G modem with connection for an external antenna for use with a router mikrotik RB951Ui-2HnD?
I have a Huawei E3131 that has an external connector. It needs some faffing about to get it into modem mode and didn't dial PPP until 6.15 but now works well.


Matt.
by MrYan
Mon Feb 17, 2014 11:16 pm
Forum: General
Topic: Feature Request TR-069 CPE
Replies: 87
Views: 51344

Re: Feature Request TR-069 CPE

Should be able to base something off this - http://freecwmp.org
by MrYan
Fri Jan 31, 2014 4:28 pm
Forum: General
Topic: 6.9 released!
Replies: 222
Views: 103458

Re: 6.9 released!

*) ppp - fixed ppp bridging (did not work since v6.6);
This is now working for me again. It would be nice however if the PPP interface added to the bridge didn't show as '(unknown)' in /interface bridge ports however. This did used to work a few version back.
by MrYan
Wed Jan 29, 2014 8:18 pm
Forum: General
Topic: v6.8 pre-release (RC)
Replies: 44
Views: 9087

Re: v 6.8 released

Looks like remote-ipv6-prefix on /ppp secret user doesn't get added to the /ipv6 route list. This worked on 6.7 (old PPP package).
by MrYan
Wed Jan 29, 2014 6:56 pm
Forum: General
Topic: v6.8 pre-release (RC)
Replies: 44
Views: 9087

Re: 6.8

Keep in mind that until v6.8 is present at download page, then it is pre-release version and one should use it with caution. Currently there might be issue with 3.11 RouterBOARD firmware and v6.8 (6.8rc1) version. Perhaps you should pull it so /system package upgrade doesn't download it then (just ...
by MrYan
Thu Jan 09, 2014 5:15 pm
Forum: General
Topic: Feature Request: Encrypted (secret) L2tp Client
Replies: 9
Views: 3618

Re: Feature Request: Encrypted (secret) L2tp Client

*) ipsec - new exchange mode (main-l2tp) for l2tp tunnel users to allow
FQDN as a peer ID with preshared key authorization in main mode;
That's a pre-shared key for IPsec - L2TP is just a wrapper in this case.


Matt.
by MrYan
Thu Jan 09, 2014 4:15 pm
Forum: General
Topic: Feature Request: Encrypted (secret) L2tp Client
Replies: 9
Views: 3618

Re: Feature Request: Encrypted (secret) L2tp Client

Since this is not a standard (if it is, let us know which), it seems your ISP is pushing for a specific brand product. I would object to this.
Isn't it this - http://tools.ietf.org/search/rfc2661#section-5.1.1?


Matt.
by MrYan
Thu Jan 09, 2014 3:04 pm
Forum: General
Topic: /ipv6 firewall filter print stats - RoS 6.7?
Replies: 1
Views: 955

Re: /ipv6 firewall filter print stats - RoS 6.7?

/ipv6 firewall filter print all stats

Why it's different I don't know.


Matt.
by MrYan
Fri Jan 03, 2014 2:33 am
Forum: General
Topic: Strange records in log when enabled SSTP VPN
Replies: 1
Views: 1273

Re: Strange records in log when enabled SSTP VPN

Someone scanning for HTTPS probably.
by MrYan
Fri Dec 13, 2013 12:54 pm
Forum: General
Topic: MTU ADSL
Replies: 4
Views: 1772

Re: MTU ADSL

by MrYan
Mon Nov 11, 2013 12:41 pm
Forum: General
Topic: RouterOS v6.6 released
Replies: 164
Views: 87884

Re: RouterOS v6.6 released

Upgraded a router to 6.6 and hit a problem with bridging Ethernet (BCP) over SSTP: 10:39:19 sstp,info <sstp-0>: waiting for call... 10:39:19 sstp,info sstp-in1: authenticated 10:39:19 sstp,info sstp-in1: connected 10:39:19 sstp,info,account door logged in, 0.0.0.0 10:39:19 sstp,error could not add b...
by MrYan
Wed Nov 06, 2013 2:26 pm
Forum: General
Topic: CRS: What makes this device "cloud"?
Replies: 6
Views: 2292

Re: CRS: What makes this device "cloud"?

Hype...
Well, marketing (but the same thing).
by MrYan
Fri Sep 27, 2013 3:25 pm
Forum: General
Topic: Mikrotik SSTP does not work with public VPN providers
Replies: 4
Views: 3042

Re: Mikrotik SSTP does not work with public VPN providers

Works on 6.4 to Strong VPN for me. Perhaps they are TLS 1.0 only.
by MrYan
Fri Sep 27, 2013 3:24 pm
Forum: Forwarding Protocols
Topic: Policy Base Routing problem
Replies: 10
Views: 6042

Re: Policy Base Routing problem

It may be because you need to mark all packets with the routing-mark and context= doesn't do this. Perhaps setting a connection-mark and then applying routing-mark based on this (in the outbound direction only) would help.


Matt.
by MrYan
Sun Sep 08, 2013 4:08 pm
Forum: General
Topic: 6.3 Released
Replies: 95
Views: 28872

Re: 6.3 Released

After upgrading from 6.0 to 6.2 all my INPUT firewall rules disappeared. Is this fixed in 6.3?
I had this also (from 6.1 to 6.2). When I upgraded to 6.3 the rules remained in place.


Matt.
by MrYan
Sat Aug 03, 2013 2:41 pm
Forum: General
Topic: v6.2 released
Replies: 247
Views: 111447

Re: v6.2 released

Looks like the added default-route-distance parameter doesn't set the distance for IPv6 default routes: [admin@mikrotik] /lcd> /ip route print Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit # DS...
by MrYan
Wed Jul 17, 2013 9:33 pm
Forum: General
Topic: [FIXED]firewall mangle broken in ROS V6.1??
Replies: 2
Views: 2008

Re: firewall mangle broken in ROS V6.1??

I have the same rule bar its a src-address-list and it works on 6.1 without any problems.
by MrYan
Wed Jul 03, 2013 5:34 pm
Forum: General
Topic: PPP mangle rules
Replies: 1
Views: 2120

PPP mangle rules

On of the changes made in the 6.0 release candidates was this: Only 2 change mss mangle rules are created for all ppp interfaces; I've just added a new PPP interface to a router that has 3 others and this is causing me problems. The initial 3 interfaces all have a 1500 byte MTU but the latest one ne...
by MrYan
Sat Jun 15, 2013 11:24 pm
Forum: General
Topic: Openflow and floodlight: static flow on ARP ether-type 0x806
Replies: 4
Views: 4171

Re: Openflow and floodlight: static flow on ARP ether-type 0

What do you mean they don't catch any flows when pinging? Are you saying you expect to see ARP for the relevant end-point but don't see it or that the ping doesn't work? If the latter, do you have a flow for ICMP?
by MrYan
Thu Jun 13, 2013 10:54 pm
Forum: General
Topic: RouterOS 6.1 released
Replies: 198
Views: 74648

Re: RouterOS 6.1 released

IPv6 link local address for bridge interface seems to be somehow broken. It was also on 6.0. Somehow it worked for the first reboot after upgrade, but the second reboot broke it. The link local address now gets assigned to (unknown) interface. # ADDRESS FROM-... INTERFACE ADV 3 DL fe80::d6ca:6dff:f...
by MrYan
Thu Jun 13, 2013 6:41 pm
Forum: General
Topic: Openflow and floodlight: static flow on ARP ether-type 0x806
Replies: 4
Views: 4171

Re: Openflow and floodlight: static flow on ARP ether-type 0

Do you see the flow in Floodlight?

What does /openflow flow print show?
by MrYan
Fri May 10, 2013 6:54 pm
Forum: General
Topic: Mikrotik + Open NMS
Replies: 1
Views: 2223

Re: Mikrotik + Open NMS

I have tried a test device but it didn't work well. The interface names were missing along with the corresponding IP addresses.
by MrYan
Wed Apr 03, 2013 12:06 pm
Forum: Forwarding Protocols
Topic: Openflow Problem on RB450G
Replies: 10
Views: 3995

Re: Openflow Problem on RB450G

If I disable the Forwarding module in Floodlight then no communication is possible. If the Forwarding module is enabled (the default with floodlightdefault.properties) then as mrz states the controller learns the topology and sets flows for the traffic automatically.
by MrYan
Tue Apr 02, 2013 11:57 am
Forum: Forwarding Protocols
Topic: Openflow Problem on RB450G
Replies: 10
Views: 3995

Re: Openflow Problem on RB450G

Using a mix of 750s and 450s I see statistics on my Floodlight instance (using 6.0rc11). I'm not sure if they are correct, but they are certainly there. I also see hosts on my network and can send traffic between them.
by MrYan
Thu Mar 28, 2013 5:06 pm
Forum: General
Topic: RouterOS v6rc12
Replies: 78
Views: 30347

Re: RouterOS v6rc12

I seem to be having issues with bridge interfaces and dynamic link local IPv6 addresses. They are generated but the interface shows as '(unknown)' in /ipv6 address print. This has the knock on effect of disabling IPv6 RA messages and so my client devices are not getting IPv6 addresses automatically....
by MrYan
Thu Feb 07, 2013 12:14 pm
Forum: General
Topic: PPPoE drops connections when Ethernet port bounces
Replies: 6
Views: 2762

Re: PPPoE drops connections when Ethernet port bounces

Does setting the port to edge=yes-discover help?


Matt.
Where do I set that?
On the bridge or the ethernet ports.
Bridge.
by MrYan
Tue Feb 05, 2013 12:31 pm
Forum: General
Topic: PPPoE drops connections when Ethernet port bounces
Replies: 6
Views: 2762

Re: PPPoE drops connections when Ethernet port bounces

Does setting the port to edge=yes-discover help?


Matt.
by MrYan
Sun Jan 13, 2013 5:47 pm
Forum: General
Topic: RouterOS breadth of features
Replies: 4
Views: 1464

Re: RouterOS breadth of features

Hello MrYan, Do you mean the pretty old packages from Debian Linux? The ones without hotfixes and any support, that can causes crashes and able to open bigger whole that can cause many other security problems? I didn't mean anything. I was asked a question and gave an answer to the best of my knowl...
by MrYan
Sun Jan 13, 2013 10:56 am
Forum: General
Topic: RouterOS breadth of features
Replies: 4
Views: 1464

Re: RouterOS breadth of features

The EdgeMax allows access to the underlying Debian Linux OS so you can run scripts there. However there is no scripting AFAIK in the CLI/GUI?
by MrYan
Fri Jan 11, 2013 3:50 pm
Forum: General
Topic: RouterOS breadth of features
Replies: 4
Views: 1464

RouterOS breadth of features

I've been playing with a device that has been suggested as a Mikrotik killer on these forums (EdgeMax) for a few days now and I have to say it's made me aware of just how much functionality there is in RouterOS that is taken for granted. My main use case is home CPE but even in this role RouterOS is...
by MrYan
Fri Jan 04, 2013 5:12 pm
Forum: General
Topic: XBOX 360 group connection issues
Replies: 13
Views: 4218

Re: XBOX 360 group connection issues

Ypu may not be able to implement it, but the following might help:

http://jakebillo.com/two-xboxes-one-rou ... or-tomato/
by MrYan
Mon Aug 20, 2012 12:23 pm
Forum: General
Topic: /interface ethernet export broken in 5.20?
Replies: 3
Views: 1469

Re: /interface ethernet export broken in 5.20?

[admin@router] > /interface ethernet export compact
# aug/20/2012 10:21:53 by RouterOS 5.20
# software id = WEY9-YK6I
#
/interface ethernet
set 0 comment=Modem
set 1 comment=Internal
set 2 master-port=ether2
set 3 arp=reply-only comment=Untrusted
set 4 comment=External
[admin@router] >
by MrYan
Wed Jun 27, 2012 1:58 pm
Forum: General
Topic: Static DHCP leases not working
Replies: 2
Views: 1103

Re: Static DHCP leases not working

I've not seen this on RB750, RB750UP or RB450 with ROS 5.{11-18} with both statics and pools configured under DHCP.


Matt.
by MrYan
Fri Jun 22, 2012 8:10 pm
Forum: General
Topic: v5.18 released
Replies: 92
Views: 34801

Re: v5.18 released

What's new in 5.18 (2012-Jun-21 17:20): *) dhcp ipv6 pd client - fixed ipv6 pool creation after reboot; Was the change meant to fix this? Flags: X - disabled # NAME VERSION SCHEDULED 0 system 5.18 17:50:57 dhcp,error creating ippool6 failed: prefix of two pools cannot overlap! (6) Matt.
by MrYan
Sat Jun 16, 2012 12:52 am
Forum: Beginner Basics
Topic: RB750 and bandwidth limit
Replies: 3
Views: 4835

Re: RB750 and bandwidth limit

I have a similar requirement, I need to limit traffic on one interface to 5M down. Are simple queues the right tool for this? In webfig the max target download speed seems to be 2M.
Just overtype the 2M with the value you want.


Matt.
by MrYan
Fri Jun 15, 2012 5:54 pm
Forum: General
Topic: Error ? "item changed"
Replies: 8
Views: 2101

Re: Error ? "item changed"

I came across the same problem recently. From what I can tell, these increased in frequency when I lowered my DHCP lease times. Some of the leases set an address-list and I think this is what is causing the message.
by MrYan
Wed Jun 06, 2012 12:18 pm
Forum: General
Topic: Tunnel over TCP - possible ?
Replies: 6
Views: 3751

Re: Tunnel over TCP - possible ?

Assuming support at both ends, then SSTP should do the trick (http://wiki.mikrotik.com/wiki/SSTP). You may however have unexpected performance issues as TCP will wait for retransmits and this may impact the traffic inside the tunnel.
by MrYan
Wed May 30, 2012 9:45 pm
Forum: General
Topic: RouterOS v5.17 released
Replies: 47
Views: 20831

Re: RouterOS v5.17 released

What's new in 5.17 (2012-May-28 12:34):
*) tool email - added starttls option;
Doesn't appear to be a checkbox in Winbox for the email STARTTLS option though it is in the command line.


Matt.
by MrYan
Fri May 11, 2012 9:54 am
Forum: RouterBOARD hardware
Topic: RB750UP + 3G USB = freezes completely
Replies: 31
Views: 20736

Re: RB750UP + 3G USB = freezes completely

The best information I can find on the 3G modem I have (ZTE MF626) is that it draws 100mA idle and maximum of 450mA however it doesn't break it down between 2G and 3G.

http://www.3gmodem.com.hk/ZTE/MF626.html


Matt.
by MrYan
Wed May 09, 2012 11:25 am
Forum: RouterBOARD hardware
Topic: RB750UP + 3G USB = freezes completely
Replies: 31
Views: 20736

Re: RB750UP + 3G USB = freezes completely

I've had a similar problem for the first time with my RB750UP and 3G modem. All the Ethernet LEDs were out so I had no connectivity to the device and had to power cycle it. It's been running for a couple of months without issue before this. No supout.rif file created automatically so I've generated ...
by MrYan
Thu Apr 26, 2012 11:39 pm
Forum: General
Topic: 3G Modem - Signal Strength?
Replies: 8
Views: 5134

Re: 3G Modem - Signal Strength?

The modem is a ZTE MF626 on 5.14 and I tested the command while the PPP session was up.
by MrYan
Thu Apr 26, 2012 9:32 pm
Forum: General
Topic: 3G Modem - Signal Strength?
Replies: 8
Views: 5134

Re: 3G Modem - Signal Strength?

I can get it using this command on my MT:

/interface ppp-client info <3G modem interface>
by MrYan
Mon Apr 16, 2012 11:21 am
Forum: General
Topic: Match 0.0.0.0/32 in address list?
Replies: 2
Views: 2588

Re: Match 0.0.0.0/32 in address list?

DHCP packets are not matched in firewall.
Can you clarify the answer - they obviously are matched as they match the log action and the second firewall entry that doesn't match on src-address-list - do you mean that they are not matched in the address-list?


Matt.
by MrYan
Sat Apr 14, 2012 3:45 pm
Forum: General
Topic: Match 0.0.0.0/32 in address list?
Replies: 2
Views: 2588

Match 0.0.0.0/32 in address list?

I have set up an address list for DHCPv4 with 0.0.0.0/32 in it as this is the source address for (initial) DHCP requests. I have a input filter that uses this address list but it doesn't seem to match: [admin@router] > /ip firewall address-list print where list =dhcp-clients_v4 Flags: X - disabled, ...
by MrYan
Sat Apr 14, 2012 3:29 pm
Forum: General
Topic: v6.0beta1 released!
Replies: 35
Views: 17379

Re: v6.0beta1 released!

still no "routing mark" in firewall ipv6. why? but i have upgraded my device to v6. :) And if you put an interface into a VRF under /ip route vrf it doesn't display the IPv6 route associated with the interface (as per my post here - http://forum.mikrotik.com/viewtopic.php?f=2&t=60574)...
by MrYan
Sun Apr 08, 2012 2:05 pm
Forum: Beginner Basics
Topic: No advertise based IPv6 address assignmets anymore?
Replies: 3
Views: 1128

Re: No advertise based IPv6 address assignmets anymore?

It works for me on 5.14 - what I have noticed however is that the default ra-interval is too long for Linux clients - I just set it to a lower value (15-20s) and that does the trick.


Matt.
by MrYan
Mon Mar 26, 2012 9:20 pm
Forum: General
Topic: IPv6 routes for interfaces in a IPv4 VRF
Replies: 3
Views: 2417

IPv6 routes for interfaces in a IPv4 VRF

Should have put in the version I tried this on - 5.14 I have an interface in a IPv4 VRF and the IPv4 routes are show with the correct routing mark and in the correct VRF. However, IPv6 routes on the same interface are not shown as /ipv6 route has no concept of the VRF. If I remove the interface from...
by MrYan
Fri Feb 17, 2012 11:54 am
Forum: General
Topic: v5.13 released
Replies: 64
Views: 13439

Re: v5.13 released

If you add ARP entries via DHCP and look at the result using /ip arp print then they are correctly marked as being allocated via DHCP - 'H' rather than 'D' (dynamic). However, Winbox and Webfig both show them incorrectly as 'D'. Not sure if this is 5.13 specific as I've only just enabled the feature.
by MrYan
Thu Jan 26, 2012 3:32 pm
Forum: General
Topic: Cannot see log via WebFig
Replies: 2
Views: 812

Re: Cannot see log via WebFig

I found changing from 'All' to 'Memory' seemed to help (it worked still when set back to 'All').
by MrYan
Thu Jan 12, 2012 11:12 pm
Forum: General
Topic: Logging multiple topics to remote syslog
Replies: 2
Views: 1610

Re: Logging multiple topics to remote syslog

Makes sense - thanks for taking the time to answer my question.
by MrYan
Thu Jan 12, 2012 12:28 pm
Forum: General
Topic: Logging multiple topics to remote syslog
Replies: 2
Views: 1610

Logging multiple topics to remote syslog

Any reason why this doesn't work: [admin@mikrotik] /system logging> print Flags: X - disabled, I - invalid # TOPICS ACTION PREFIX 0 info memory 1 error memory 2 warning memory 3 critical echo 4 info remote error warning critical But this does? [admin@mikrotik] /system logging> print Flags: X - disab...
by MrYan
Wed Dec 28, 2011 1:21 pm
Forum: Beginner Basics
Topic: How to set up RB750 for home asterisk server?
Replies: 2
Views: 2084

Re: How to set up RB750 for home asterisk server?

NAT SIP port (5060) as well from outside.
by MrYan
Wed Dec 14, 2011 10:08 pm
Forum: Forwarding Protocols
Topic: IGMP Proxy issue
Replies: 60
Views: 34848

Re: IGMP Proxy issue

I had similar problems and error messages until I ran /routing igmp-proxy interface print status and noticed that the source-ip-address for the upstream and downstream interfaces were the same. This was due to me having a 1.2.3.4/29 address on ether2 and also 1.2.3.4/32 on pptp-out1 (pseudo unnumber...
by MrYan
Mon Feb 21, 2011 5:11 pm
Forum: General
Topic: Mikrotik IPv6 addresses
Replies: 33
Views: 5850

Re: Mikrotik IPv6 addresses

Have the DNS records been pulled now? Prompt>telnet -6 forum.mikrotik.com telnet: could not resolve forum.mikrotik.com/telnet: No address associated with hostname Prompt>tracepath6 2a02:610:7501:1000::2 1?: [LOCALHOST] pmtu 1500 1: gw.banana.org.uk 0.616ms 1: gw.banana.org.uk 0.564ms 2: gw.banana.or...
by MrYan
Wed Oct 20, 2010 12:10 pm
Forum: General
Topic: DSL Fail over
Replies: 2
Views: 1051

Re: DSL Fail over

People report success with these - http://www.draytek.co.uk/products/vigor120.html
by MrYan
Sat Feb 27, 2010 6:15 pm
Forum: General
Topic: RouterOS v4.6 released
Replies: 80
Views: 17405

Re: RouterOS v4.6 released

Problems for me as well.

Firstly, the download from USA failed MD5 but the one from Latvia was okay.

Upgraded to 4.6 and lost the ability to bridge between a VLAN tagged interface and the internal switch on a RB750. Downgrade to 4.5 made it work again.