MikroTik

cantanko

OK, so the plan is, without having to educate anyone, to say "can you look at <particular LED> and tell me if it's flashing". The reason being the ethernet LEDs on some devices appear to be fed from the switch chip, not the CPU, so the link LEDs can still flash without CPU involvement. The...

cantanko

The way the power supplies have been failing ensure that the supply becomes sufficiently noisy to cause the unit to lock up. The LEDs remain lit, but the processor is stopped. Changing the PSU clears the fault and returns the unit to service. Cycling the bad PSU brings power and some ethernet LEDs b...

cantanko

Hello, So we've recently happened across an issue whereby we need to display state to a user. Back in the olden days, you used to be able to do an :led command but not so for ages now. The issue I have is that, if you wish to toggle an LED in a blink, that's a set type=on and set type=off , both of ...

cantanko

I really hope the (real world) release of this hardware is what indicates the integration of ac-wave2 into RouterOS (edit: specifically CAPsMAN). Whilst having the wave2 package is great, having to make it a special case is a real pain.

Also, cAP AX^2 when?

cantanko

Same result except now edge event results in every switch in the region quits forwarding for a short while. The downstream propagation only happens if the switch has more than one path. Disable your alternate paths and the edge propagations go away. Wow, OK - I was only one switch deep at the time ...

cantanko

maybe You need to check if disabling bridge hardware offload solves they situation Disabling hardware acceleration has fixed the issue. I've raised an issue with Mikrotik support and they've duplicated it in their labs, with a comment of ..."we are looking forward to fixing it in the future Ro...

cantanko

Thank you! It all started with an RB750 about 15 years ago. Can't believe I actually get paid to fiddle with this stuff

cantanko

OK - so this has got to be a bug. No changes to config, MMIPS to MMIPS - works fine (and with hardware acceleration, which is a bonus). ARM32 to ARM32 - works fine. ARM32 to MMIPS - no workie. Endianness in a calc somewhere, or something more simple? The test rig is getting a little out-of-hand now....

cantanko

In recent versions of routeros 7 hex s received updates to run bridge vlan filtering by hardware, maybe You need to check if disabling bridge hardware offload solves they situation That's a great idea. I'd just found the chip feature compatibility matrix in the new documentation. I'd just figured t...

cantanko

Hi, which version of RouterOS are you running?? 7.3.1 as stated. Routerboard fIrmware is also updated on all devices. in your config i don't see your configured parameters of MSTP and bridge related to that As I say, I may have it wrong, but when defaults are enabled in 7.3.1, MSTP works fine simply...

cantanko

Hello, I have a weird issue with spanning tree on RouterOS 7.3.1: I have a bridge set up on a CRS328, and a bridge on an RB760iGS (hEX S). The CRS328 has ether1 linked to the RB760's ether1. CRS328 bridge: /interface bridge add frame-types=admit-only-vlan-tagged name=unibridge priority=0 protocol-mo...

cantanko

I have seen a similar thing - whilst it doesn't impact me to the same extent as your scenario, it is still annoying. TL;DR - found it was related to conntrack (although not sure my understanding of the entire packet processing model is sufficient to say this is the root cause) - flushing the conntra...

cantanko

Looked everywhere but in the Beta release notes

Many thanks for the heads-up Emils - that was steadily driving me nuts!

Cheers!

cantanko

Strangely, this appears to get worse with time - just ended up with eighteen SANs!

Fresh install of RouterOS CHR, no clue as to what's causing this...

cantanko

I was going to suggest checking "/system health print" for the bad block counter as it sounds like the flash is trash, but my CCR1016 is lacking that...

cantanko

Certificate shenanigans again, RouterOS 6.44.2 CHR. I start off with a completely empty certificate system: [me@myendpoint] /certificate> print Flags: K - private-key, D - dsa, L - crl, C - smart-card-key, A - authority, I - issued, R - revoked, E - expired, T - trusted # NAME COMMON-NAME SUBJECT-AL...

cantanko

Thank you for this - it's proven to be a very helpful chunk of code!

cantanko

This gels with something I found when I was doing some testing last night. I suspect the problem is that the various processes in RouterOS struggle to malloc() memory for various tasks, and it makes for a very painful experience. That description of malloc() after high memory pressure agrees with m...

cantanko

So what firmware do we need to install on what routers to prevent this ?

As of right now, 6.45beta23 AFAIK.

cantanko

People above you in this thread are saying that there should be separate terminology between denial of service (CPU high, out of memory, crash etc) and something that allows attacker to gain access to devices, steal credentials, install malware and read private data. You are shoving them both under...

cantanko

/ipv6 export file=hahahanoipv6foryou.rsc /system package disable [find name=ipv6] /system reboot Thankfully I'm in the position to do the above (and just have on my edge routers, in fact). I am nothing short of apoplectic that I've had to, however. Secretly hoping that either 6.44.1 was a fix for t...

cantanko

Hello, Typically when setting up a router I add the standard bunch of non-internet-routable RFC1918 / documentation range / "reserved for future use" address ranges as blackhole, prohibited or unreachable routes so that packets can't escape in an uncontrolled manner. It also means (in the ...

cantanko

Awesome - cheers!

cantanko

Hello, May be missing something obvious here, but when issuing a certificate on 6.44, I can no longer import them to a device running the 6.42.12 long-term branch. I notice the changelog does show that some things have changed with certificates in 6.44, but nothing that looked like it would break ba...

cantanko

Sorry for reviving an old thread, but again +1 for ACME / LetsEncrypt support. There is at least one router that's already supporting this approach, namely A&A's firebrick:

https://www.firebrick.co.uk/fb2900/

cantanko

Hello, I have a CRS-317-1G-16S+ and have been trying out compatibility between various SFP+ modules. We've got a handful of Finisar's FTLX8574D3BCV, but I can only get them to function at 1Gbit by forcing autonegotiation off on both ends. With autonegotiation on, I get: name: s13 status: no-link aut...

cantanko

You need to :put $userinput, not :put $read

cantanko

If you have any kind of feedback channel to HPE, I think they'd appreciate to learn this, it simply cannot be an intended behaviour. At least one of the switches involved has a valid support contract, so I'll stuff it in as a support ticket tomorrow. Given previous experience with HPE, I shall not ...

cantanko

Try adding the bridge w/o RSTP: Good call - that prevented the bridge pulling the switch over. Often the protective mechanism consists in shuting down a port if a BPDU (xSTP message) comes in through it when unexpected, i.e. if that port is deemed an edge one. What you describe (everything works un...

cantanko

I'm going to prefix this with "may have missed something obvious" and "I might be a complete idiot" as this all feels way to weird to be real, but here goes (it's a bit wordy - apoligies)... I've recently had some strange occurrences with HP switches and MT APs, specifically the ...

cantanko

Hello, Also seeing this on a wAP-2nD-r2 that was working just fine on 6.40.4, upgraded to 6.40.5 and now have this: 14:37:04 wireless,info 90:3A:E6:15:AE:C7@wlan: connected 14:37:09 wireless,info 90:3A:E6:15:AE:C7@wlan: disconnected, unicast key exchange timeout 14:40:11 wireless,info 90:3A:E6:15:AE...

cantanko

Not at all scientific, but I've had IPSec running on the bench between an RB1100AHx2 and an RB3011UiAS-RM using the following IPSec proposal: auth-algorithms=sha256 enc-algorithms=aes-256-cbc name=strongish pfs-group=modp4096 When traffic is passing with the RB3011 doing most of the encrypting, I se...

cantanko

Regarding the PPPoE breakage between 6.33 and 6.33.1, setting the max-mtu and max-mru to "auto" fixed it for me...

cantanko

Same issues with PPPoE client on CRS-1xx - can't test downgrading yet as need to go home to fix it

cantanko

Hello, As mentioned in this post for v6.5 , it would appear SSH out from a v6.7 RouterBoard to an SSH host with "ChallengeResponseAuthentication yes" (i.e. most default installs of SSH on any Linux host) still fails - it just times out. RouterOS to RouterOS is fine, just not to other SSH s...

cantanko

masquerade is only shorter way to tell router what to do.

Many thanks for the pointer - all working now

Had it in my head the two were discrete functions rather than one being a shortcut to the other...

Cheers,
Harry

cantanko

Cheers - I'll give that a go

Thanks,
Harry

cantanko

Well, the lack of responses here kind of mirrors my own attempts to get this to work: it would appear nigh on impossible to do what I've illustrated above. Is this so or am I missing something vital?

Cheers,
Harry

cantanko

Hello, I have an RB750 running RouterOS 4.6 and I have a question regarding Masquerading a couple of networks... My current setup is as follows: http://photos.disgruntledgoat.com/static/mtk/001.png I have a PPPoE connection to my ISP with a public address as my end point (illustrated as 253.12.13.14...

Search found 39 matches

Re: A way of toggling LEDs without making a flash write?

Re: A way of toggling LEDs without making a flash write?

A way of toggling LEDs without making a flash write?

Re: hAP ax² dual band Wi-Fi 6 (802.11ax)

Re: Strange MSTP behaviour, CRS328, RB760iGS, RBM33G, hAP AC^2 - MMIPS-specific? [SOLVED]

Re: Strange MSTP behaviour, CRS328, RB760iGS, RBM33G, hAP AC^2 - MMIPS-specific? [SOLVED]

Re: Strange MSTP behaviour, CRS328, RB760iGS, RBM33G, hAP AC^2 - MMIPS-specific? [SOLVED]

Re: Strange MSTP behaviour, CRS328, RB760iGS, RBM33G, hAP AC^2 - MMIPS-specific? [SOLVED]

Re: Strange MSTP behaviour, CRS328, RB760iGS, RBM33G, hAP AC^2 - MMIPS-specific? [SOLVED]

Re: Strange MSTP behaviour, CRS328, RB760iGS, RBM33G, hAP AC^2 - MMIPS-specific? [SOLVED]

Strange MSTP behaviour, CRS328, RB760iGS, RBM33G, hAP AC^2 - MMIPS-specific? [SOLVED]

Re: LTE failover just doesn't work properly

Re: /certificate - certs issued on 6.44.2 triple-up their subject-alt-names upon signing [SOLVED]

Re: /certificate - certs issued on 6.44.2 triple-up their subject-alt-names upon signing [SOLVED]

Re: Can't backup

/certificate - certs issued on 6.44.2 triple-up their subject-alt-names upon signing [SOLVED]

Re: PUSHOVER - ready MikroTik script to send messages

Re: UKNOF 43 CVE

Re: UKNOF 43 CVE

Re: UKNOF 43 CVE

Re: Running IPv6 on Mikrotik? You're out of business in 12 days time

Black hole routes and IPSec VPN scopes

Re: /certificate - certs issued on 6.44 can't be imported to long-term 6.42.12

/certificate - certs issued on 6.44 can't be imported to long-term 6.42.12

Re: Let's encrypt and Mikrotik

CRS-317-1G-16S+ and Finisar FTLX8574D3BCV SFP+ modules - anybody had these running at 10Gbit yet?

Re: Scripting - Asking user for input.

Re: HP 1810 weirdness with RouterOS vLANs and bridges [SOLVED]

Re: HP 1810 weirdness with RouterOS vLANs and bridges [SOLVED]

HP 1810 weirdness with RouterOS vLANs and bridges [SOLVED]

Re: BIG BUG- Unicast key exchange timeout

Re: RB3011UiAS-RM

Re: 6.33.1 version is released!

Re: 6.33.1 version is released!

Re: v6.7 released

Re: NAT / Masquerade question...

Re: NAT / Masquerade question...

Re: NAT / Masquerade question...

NAT / Masquerade question...