Community discussions

Search found 553 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 12
by AlainCasault
Wed Aug 14, 2019 5:49 pm
Forum: Wireless Networking
Topic: Bridge port received packet with own address as source, probably loop
Replies: 43
Views: 36640

Re: Bridge port received packet with own address as source, probably loop

Hello I had this issue a while back but forgot how I solved it. I have a software vlan setup with 8 VLANs, one of which is a Telco only vlan. If memory serves, I only kept the associated bridge of that vlan as a neighbour enabled interface, along with physical interfaces. Cheers, Sent from my cell p...
by AlainCasault
Tue Aug 13, 2019 8:50 pm
Forum: General
Topic: HELP !! Install Probems
Replies: 2
Views: 299

Re: HELP !! Install Probems

Hello

Please include an export of your config.

2.8 is over 10 years old if not more. Are you really talking about RouterOS??

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Mon Aug 12, 2019 7:48 pm
Forum: General
Topic: Allow traffic between isolated subnets? [SOLVED]
Replies: 8
Views: 566

Re: Allow traffic between isolated subnets? [SOLVED]

Hy

A good trick is to create a bogus rule that only logs forwarded traffic and see where traffic dies. When your bogus rule stops logging, the previous one is the culprit.

Cheers

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Sat Aug 10, 2019 5:04 pm
Forum: Beginner Basics
Topic: Tools\ Btest Server
Replies: 2
Views: 239

Re: Tools\ Btest Server

Hello Bob

Yes, that's the server. What is your exact question??

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Tue Aug 06, 2019 8:31 pm
Forum: General
Topic: to delete
Replies: 2
Views: 327

Re: MT PPTP Client host not pinging remote lan

Hello

Does your PPTP server have all routes to come back to the PPTP client?

Both routers need all routes to the other router.

Best regards


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Thu Jul 25, 2019 2:48 pm
Forum: Wireless Networking
Topic: 2GHz WiFi 40MHz width best channel
Replies: 7
Views: 528

Re: 2GHz WiFi 40MHz width best channel

Also, with three channels, you get better non overlapping coverage.

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Thu Jul 25, 2019 2:45 pm
Forum: Wireless Networking
Topic: 2GHz WiFi 40MHz width best channel
Replies: 7
Views: 528

Re: 2GHz WiFi 40MHz width best channel

Good practice is to use 1-6-11 at 20Mhz. Also, 802.11 stipulates that any ap at 40Mhz WILL fall back to 20 if it causes problems to others.


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Wed Jul 24, 2019 7:51 pm
Forum: Wireless Networking
Topic: CAPsMAN 5GHz data rates problem
Replies: 2
Views: 372

Re: CAPsMAN 5GHz data rates problem

Hello,

As per 802.11 standard...
add authentication-types=wpa-psk,wpa2-psk comment=EnterRealmOfWOOWiFi encryption=tkip \
    name=security1 passphrase=EnterRealmOfWOOWiFi
tkip WILL limit you to 54Mbps, regardless of what else you have set up. Use different encryption.

Cheers,

AC
by AlainCasault
Wed Jul 24, 2019 7:44 pm
Forum: Wireless Networking
Topic: Locked US frequencies on MT products
Replies: 1
Views: 180

Re: Locked US frequencies on MT products

Hello,

I'm wondering the same thing.

We use Aruba Network APs, and they CAN use DFS channels. Maybe it's a misinterpretation of regulations, I don't know. But it would be great to regain use of those channels.

Cheers,

AC
by AlainCasault
Wed Jul 24, 2019 7:30 pm
Forum: General
Topic: Can’t Ping Hosts Inside Network in Site-to-Site VPN and VLANs
Replies: 1
Views: 107

Re: Can’t Ping Hosts Inside Network in Site-to-Site VPN and VLANs

Salut François, It's kinda hard to see without a diagram or ROS code. I have a three-site network, each with their own VLANs (8 per site), but routed between them. My WAN is fully meshed and routed using OSPF (the VPN interfaces are L2TP/IPSec). I have full visibility of all hosts (provided firewall...
by AlainCasault
Mon Jul 15, 2019 12:18 pm
Forum: Wireless Networking
Topic: Wireless scanner results - what does /DP mean?
Replies: 4
Views: 1176

Re: Wireless scanner results - what does /DP mean?

As a general rule of thumb, when you hold your cursor over any flag (in WinBox) it'll tell you what they mean.


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Sat Jun 08, 2019 11:11 pm
Forum: General
Topic: Strange Mangle situation - Download fighting Upload [SOLVED]
Replies: 22
Views: 1060

Re: Strange Mangle situation - Download fighting Upload [SOLVED]

Hy I'm also confused. How can CZFan's example work? The mangle uses src-address-list, meaning "Download" traffic from a bunch of IPs. How can those packet marks be used in Queue trees for uploads? ... the mangle uses src-address-list, for the device starting the connection, in this case it was a pc...
by AlainCasault
Sat Jun 08, 2019 12:45 am
Forum: General
Topic: Strange Mangle situation - Download fighting Upload [SOLVED]
Replies: 22
Views: 1060

Re: Strange Mangle situation - Download fighting Upload [SOLVED]

Hy I'm also confused. How can CZFan's example work? The mangle uses src-address-list, meaning "Download" traffic from a bunch of IPs. How can those packet marks be used in Queue trees for uploads? I found this which may help Chipburn. https://mum.mikrotik.com/presentations/CZ09/QoS_Megis.pdf My setu...
by AlainCasault
Fri Jun 07, 2019 6:39 pm
Forum: General
Topic: Strange Mangle situation - Download fighting Upload [SOLVED]
Replies: 22
Views: 1060

Re: Strange Mangle situation - Download fighting Upload [SOLVED]

Oooor! Just dawned on me. Try checking passthrough for the connection marking rule. Can't remember if the mark connection action allows for further processing.

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Jun 07, 2019 5:43 pm
Forum: Wireless Networking
Topic: How create virtual ap without mac access list
Replies: 2
Views: 243

Re: How create virtual ap without mac access list

Hello, In the access-list tab entries, you can specify the interface that "this entry" will apply for. So if you want to allow mac AA:BB: etc. as a guest only, you'll specify interface "vap1". At the end, don't forget to add a catch-all entry with no mac address, no interface and deny connections. S...
by AlainCasault
Fri Jun 07, 2019 5:32 pm
Forum: General
Topic: Strange Mangle situation - Download fighting Upload [SOLVED]
Replies: 22
Views: 1060

Re: Strange Mangle situation - Download fighting Upload [SOLVED]

Hello, As a debugging tool, I would suggest you check "log" and add meaningful log prefixes. You may get a hint as to which mangle rules are used (and when) and you'll see which interfaces are used also. To compare, I went about it the easy (and bad) way of only doing packet marking (no prior connec...
by AlainCasault
Fri Jun 07, 2019 12:39 am
Forum: Beginner Basics
Topic: Fix my mess please.
Replies: 15
Views: 849

Re: Fix my mess please.

Here's an export of my very basic config along with basic details. __________________________________ ROUTER A /interface ipip[ add name=ipip-tunnel1 remote-address=172.16.2.203 /ip address add address=10.1.1.1 interface=ipip-tunnel1 network=10.2.2.2 /ip dhcp-client add dhcp-options=clientid,hostnam...
by AlainCasault
Wed Jun 05, 2019 1:06 am
Forum: Beginner Basics
Topic: Fix my mess please.
Replies: 15
Views: 849

Re: Fix my mess please.

So tell me if im doing this right. On the router A, in the route list, i need to put 1.1.1.1 instead of ipip-tunnel. Not sure if im doing this correctly, because when i do this, gateway becomes "unreachable". But i believe the problem is as you say in my routes. OK! Now that I've got my head out of...
by AlainCasault
Wed Jun 05, 2019 12:57 am
Forum: Beginner Basics
Topic: Fix my mess please.
Replies: 15
Views: 849

Re: Fix my mess please.

Damn! I had this TOTALY confused with another (and totaly unrelated) issue... My bad!!! Thank @MKS for setting me straight. /interface bridge add name=LAN /interface ipip add name=ipip-tunnel1 remote-address=172.16.2.203 /ip address add address=10.1.1.1/24 interface=LAN network=10.1.1.0 add address=...
by AlainCasault
Tue Jun 04, 2019 11:38 pm
Forum: Beginner Basics
Topic: Fix my mess please.
Replies: 15
Views: 849

Re: Fix my mess please.

Never use an interface as gateway, always an IP address. What's wrong with using interface as gateway if interface is a point-to-point type of interface? Works for non broadcast technologies like x.25, Frame relay. Works for any PtP link, such as IPIP or PPPoE: /ip address print Flags: X - disabled...
by AlainCasault
Tue Jun 04, 2019 9:26 pm
Forum: Beginner Basics
Topic: Fix my mess please.
Replies: 15
Views: 849

Re: Fix my mess please.

Never use an interface as gateway, always an IP address.

What's wrong with using interface as gateway if interface is a point-to-point type of interface?
Works for non broadcast technologies like x.25, Frame relay.

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Tue Jun 04, 2019 5:55 pm
Forum: Beginner Basics
Topic: Fix my mess please.
Replies: 15
Views: 849

Re: Fix my mess please.

Eventually, use dynamic routing. Avoids the hassle of static routing.


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Tue Jun 04, 2019 5:53 pm
Forum: Beginner Basics
Topic: Fix my mess please.
Replies: 15
Views: 849

Re: Fix my mess please.

Hello,

One big thing that jumps up is your routing. Never use an interface as gateway, always an IP address.

So on router A, use the IP if B's tunnel to each B's LAN.

Cheers



Sent from my cell phone. Sorry for the errors.

by AlainCasault
Sun Jun 02, 2019 11:11 pm
Forum: General
Topic: Ping Knock
Replies: 20
Views: 2447

Re: Ping Knock

@sindy,

Thanks for the feedback. I'll run some tests and will report my findings on the trouble ticket.

Best regards,

AC
by AlainCasault
Sat Jun 01, 2019 9:21 pm
Forum: General
Topic: Ping Knock
Replies: 20
Views: 2447

Re: Ping Knock

Thanks for getting back to me so fast. I'm not using that field. As I inspect the conntrack table, I see my ICMP connection there for 10 secs even though my ping only sent one packet. This is why my other pings are not seen by the other filters as the routeur thinks it's still the same connection. I...
by AlainCasault
Sat Jun 01, 2019 8:07 pm
Forum: General
Topic: Ping Knock
Replies: 20
Views: 2447

Re: Ping Knock

Hy all, I know I'm rehashing an old post, but this issue has me stumped. I have done the same thing for demo purposes for the longest time. I'm doing this again this morning and it doesn't work. A bit of troubleshooting and I realize that the ICMP-TIMEOUT in conntracking is the issue. If I reduce th...
by AlainCasault
Sat Jun 01, 2019 2:23 am
Forum: Beginner Basics
Topic: Setup WAN port, multiple public address [SOLVED]
Replies: 8
Views: 490

Re: Setup WAN port, multiple public address [SOLVED]

And the netmask. You have 65000 IP addresses?

Sent from my cell phone. Sorry for the errors.
It is ISP network not mine I am only customer....
Then, as a client, I'd be worried ;-)

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri May 31, 2019 7:23 pm
Forum: Beginner Basics
Topic: Setup WAN port, multiple public address [SOLVED]
Replies: 8
Views: 490

Re: Setup WAN port, multiple public address [SOLVED]

And the netmask. You have 65000 IP addresses?

Sent from my cell phone. Sorry for the errors.
Mon Dieu !!!!!
or in Quebec
Ostie de tabarnak
Get an IPAD LOL.............
No all Apple products. Android!! See what Apple did to your French :D

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Thu May 30, 2019 4:29 pm
Forum: Beginner Basics
Topic: Setup WAN port, multiple public address [SOLVED]
Replies: 8
Views: 490

Re: Setup WAN port, multiple public address [SOLVED]

And the netmask. You have 65000 IP addresses?

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Wed May 29, 2019 1:22 am
Forum: Announcements
Topic: v6.44.3 [stable] is released!
Replies: 123
Views: 29996

Re: v6.44.3 [stable] is released!

We are trying to upgrade to 6.44.3 from 6.29. I can download the file and it is in the files window. It will not install. I have tried to reboot 5 or 6 times and still nothing. Any advice? Look at the log. It should tell you why. Usually, you've chosen files for the wrong architecture. Sent from my...
by AlainCasault
Tue May 28, 2019 9:35 pm
Forum: Beginner Basics
Topic: How to reserve IP in mikrotik hex poe lite [SOLVED]
Replies: 7
Views: 408

Re: How to reserve IP in mikrotik hex poe lite [SOLVED]

Hello If I understood you correctly, the DVRs have hardcoded IP addresses. In that case, I would just click the add button, use all 0's for the mac and input the reserved IP's on the IP address field. That way, those two addresses will never be handed out. Sent from my cell phone. Sorry for the erro...
by AlainCasault
Tue May 28, 2019 6:12 pm
Forum: General
Topic: How to create group of address lists?
Replies: 7
Views: 463

Re: How to create group of address lists?

I like your plan. a. there are no hackers in france and germany (FACT) b. there are no computers in france and germany that can be hacked and controlled by Bots (FACT) c. allowing access to winbox by external IPs is very safe (FACT). FACT Foundation for the Advancement of Cardiac Therapies, In (whe...
by AlainCasault
Fri May 03, 2019 5:43 pm
Forum: Scripting
Topic: Script initiate Winbox windows?
Replies: 3
Views: 307

Re: Script initiate Winbox windows?

I know it's not your question, but maybe a raspberry pi? I have one with scripts for availability (netwatch replacement), and iperf to test my queue trees. I "cron"ed the availability script but I could create a web page from which to launch the queue testing script... Hum, that's actually an intere...
by AlainCasault
Thu May 02, 2019 1:26 am
Forum: Scripting
Topic: Script initiate Winbox windows?
Replies: 3
Views: 307

Re: Script initiate Winbox windows?

Hello Joe I'm not a script guru, so I'll send you elsewhere. Have you considered creating a limited skin (only for web interface though) and only show the tools you wants to be made available? It's a somewhat lengthy process, but it could help you. You'll need to create user accounts with limited ac...
by AlainCasault
Thu Apr 11, 2019 2:59 pm
Forum: General
Topic: CPU Utilization reaches 100%
Replies: 3
Views: 384

Re: CPU Utilization reaches 100%

So I'm guessing you're doing a lot of queuing :D As ROS is software with no specialized ASICs, the more features one configures, the more hits the CPU takes. Check MUM presentations to see if there are suggestions about optimizing queues. There are presentations that talk about the load layer 7 filt...
by AlainCasault
Wed Apr 10, 2019 8:47 pm
Forum: General
Topic: CPU Utilization reaches 100%
Replies: 3
Views: 384

Re: CPU Utilization reaches 100%

Hello,

Your issue is something special because, indeed, the stats are good.

Have you tried to use Tools->Profil? That'll give you a hint.
by AlainCasault
Wed Apr 10, 2019 5:02 pm
Forum: General
Topic: Telnet function not working anymore since several versions
Replies: 5
Views: 358

Re: Telnet function not working anymore since several versions

Hello,

Thinks to check...

Has telnet been disabled in IP->SERVICES?
Has the user been modified to refuse telnet access?

Cheers
by AlainCasault
Wed Apr 10, 2019 4:10 pm
Forum: Beginner Basics
Topic: Any ideas how to block andriod/ios app in mikrotik router???
Replies: 1
Views: 210

Re: Any ideas how to block andriod/ios app in mikrotik router???

You don't use the firewall to block an app, you block communications based on protocol and port number, as you know. But!!!! Maybe you could sniff the communications and see if the app has a signature (look that up on MikroTik's website. Later 7 signatures). You might get more success there but if n...
by AlainCasault
Wed Apr 10, 2019 4:04 pm
Forum: General
Topic: RB4011 Fail to netinstall
Replies: 2
Views: 273

Re: RB4011 Fail to netinstall

Or maybe personal firewall. I've seen this before. And always disable unused interfaces on the laptop. That also has been an issue.

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Wed Apr 10, 2019 3:56 pm
Forum: Beginner Basics
Topic: alternative to scheduler
Replies: 5
Views: 334

Re: alternative to scheduler

Actually, you could use netmonitor.... I think that's what it's called.

Once you reach a threshold, either in our out, the script is run.

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Apr 05, 2019 9:17 pm
Forum: General
Topic: RB4011iGS not in Winbox Neighbors tab
Replies: 1
Views: 176

Re: RB4011iGS not in Winbox Neighbors tab

Hello

Check your ip-neighbour-settings

Then interface list

Maybe the port you're connected to doesn't send mndp anymore.

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Apr 05, 2019 9:15 pm
Forum: General
Topic: Infected Routerboard sending SPAM
Replies: 7
Views: 613

Re: Infected Routerboard sending SPAM

Hello,

Netinstall and start from scratch.


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Apr 05, 2019 9:13 pm
Forum: General
Topic: Debugging NTP issue with packet sniffer [SOLVED]
Replies: 4
Views: 391

Re: Debugging NTP issue with packet sniffer [SOLVED]

Hello If you want to see ntp traffic, add a firewall rule with: Chain=input Protocol=UDP Dst.port=123 Action=log Make sure it's on top and you'll see everything for ntp. Add the proper in interface to see only internal requests. I'm not in front of a router, but check to see if your ntp server has m...
by AlainCasault
Fri Apr 05, 2019 8:15 pm
Forum: Wireless Networking
Topic: How to list devices around mk?
Replies: 5
Views: 433

Re: How to list devices around mk?

Whichever tool you use, I suggest NOT using your AP as it'll drop current clients. Your kids won't like you ;)

Use a spare router.

Ahs yes, snooper is good IMHO and gives a loooot of information.

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Apr 05, 2019 7:55 pm
Forum: General
Topic: Mangle rules, can we have content wildcards
Replies: 1
Views: 211

Re: Mangle rules, can we have content wildcards

Hello, I'd say no. I do that to block those very same sites and as you can tell, there are no common strings between youtube and googlevideo :D Go with 2 rules. Be careful though; wanting to block the YouTube app, I wound up blocking other sites. Still not sure how or why !!??!?! Sent from my cell p...
by AlainCasault
Fri Apr 05, 2019 7:45 pm
Forum: General
Topic: how to close all UDP ports on mikrotik?
Replies: 3
Views: 425

Re: how to close all UDP ports on mikrotik?

To piggy back on rich1's comment, do it for only THAT host

Shouldn't be hard to find the guilty party. If you don't know who's doing it, add a forward rule that only logs UDP outbound.

Cheers


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Apr 05, 2019 7:42 pm
Forum: General
Topic: Block DropBox with firewall
Replies: 2
Views: 387

Re: Block DropBox with firewall

Try the tls-host field in a mangle rule. It works for me blocking other sites like Netflix.

And you can use the same marking in simple queues to rate limit.

Cheers,

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Apr 05, 2019 7:35 pm
Forum: Beginner Basics
Topic: Can someone help identify this router..
Replies: 8
Views: 707

Re: Can someone help identify this router..

At any rate, once you find out the model, go on routerboard.com, search for end of life models and the specs should be there.

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Apr 05, 2019 7:33 pm
Forum: Beginner Basics
Topic: Can someone help identify this router..
Replies: 8
Views: 707

Re: Can someone help identify this router..

Hello

Don't you have physical access?

The sticker under should have all the details.

Regards,


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Apr 05, 2019 3:15 pm
Forum: Wireless Networking
Topic: Band and AP steering
Replies: 1
Views: 269

Re: Band and AP steering

I haven't seen if it's possible but would looooove to make that work.

I have devices that regularly select a weaker AP then the users complain of slow Internet access (your network sucks...) :D



Sent from my cell phone. Sorry for the errors.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 12