Community discussions

MikroTik App

Search found 585 matches

  • 1
  • 2
by AlainCasault
Sun Apr 19, 2020 11:32 pm
Forum: General
Topic: Bootstrap requests
Replies: 1
Views: 2314

Re: Bootstrap requests

Hello Piotr I have the exact same issue with my CRS-125 at the same ROS version. I have no DHCP-client setup on that router. After having read other posts, II found that I have an "Alert" rule setup in my DHCP server. After disabling it, voilà! No more false requests. So much trouble because I was p...
by AlainCasault
Thu Feb 27, 2020 3:13 pm
Forum: Announcements
Topic: Winbox v3.21 released!
Replies: 55
Views: 14733

Re: Winbox v3.21 released!

Log entry DPI issue already fixed in internal build.
This is great!
When can we expect a release?

Cheers,

AC
by AlainCasault
Thu Feb 27, 2020 4:47 am
Forum: Announcements
Topic: Winbox v3.21 released!
Replies: 55
Views: 14733

Re: Winbox v3.21 released!

Log window (only!) is totally unreadable because the top and bottom of every line is sheared off. a fix for log window is needed before this can be used in production. Furthermore, /log print in Terminal is also useless because scrolling back Terminal screen to anything before the final contents re...
by AlainCasault
Wed Nov 27, 2019 3:54 pm
Forum: Wireless Networking
Topic: I tried to set a device as wireless AP but it doesnt work :(
Replies: 6
Views: 1326

Re: I tried to set a device as wireless AP but it doesnt work :(

Did you add ether1 to the bridge?

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Wed Nov 27, 2019 3:39 pm
Forum: Wireless Networking
Topic: I tried to set a device as wireless AP but it doesnt work :(
Replies: 6
Views: 1326

Re: I tried to set a device as wireless AP but it doesnt work :(

Hello, I'll be assuming that there's only one subnet for all devices. You can configure your AP as a basic L2 device. Add ether1 to the bridge. Make sure it's address (bridge1) is on your routers subnet and doesn't clash with another. No dhcp client or firewall on AP. Should be ok. Sent from my cell...
by AlainCasault
Sat Nov 23, 2019 8:51 pm
Forum: General
Topic: Block a huge list of IP-addresses [SOLVED]
Replies: 17
Views: 1851

Re: Block a huge list of IP-addresses [SOLVED]

Hello,

Perhaps you could tell us more about the issue. Why you want to do it.

But quickly, you could create a IP address list (in the IP firewall section) and create a firewall rule that blocks that list.

Cheers,


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Mon Nov 11, 2019 7:48 pm
Forum: General
Topic: Un dispositivo Varias IP
Replies: 19
Views: 2341

Re: Un dispositivo Varias IP

@AlainCasault, out of curiosity, are you aware that there is not just a single sign language but many of them, historically linked to countries and/or nations of origin? So which one do you "technically not speak" :) ? (as for me, I know none). Yes I'm aware. It's probably worst than all the "offic...
by AlainCasault
Sun Nov 10, 2019 11:09 pm
Forum: General
Topic: Un dispositivo Varias IP
Replies: 19
Views: 2341

Re: Un dispositivo Varias IP

@Alain, which is the third language that you speak ... if I may ask? Sacrement you want to know his third skill set, He is a maudit francais The answer is obvious osti de tabarnak... (The cursing tongue of course) Every quebecer has a colourful palette when provoked. ;-) Honestly Anav, I find your ...
by AlainCasault
Sun Nov 10, 2019 11:05 pm
Forum: General
Topic: Un dispositivo Varias IP
Replies: 19
Views: 2341

Re: Un dispositivo Varias IP

@Alain, which is the third language that you speak ... if I may ask?
You may ask... (Quoting James T. Kirk ). Sign language.

So technically speaking, I don't "speak" it. :D

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Sun Nov 10, 2019 4:31 pm
Forum: General
Topic: Un dispositivo Varias IP
Replies: 19
Views: 2341

Re: Un dispositivo Varias IP

The idea behind "English only" is that we can all learn from each other. As much as I would looooove to speak many languages, I only speak two fluently m, a third one with some difficulty and a collection of words in various languages that can me friends I social situations. There are many FB groups...
by AlainCasault
Sun Nov 10, 2019 3:37 pm
Forum: Wireless Networking
Topic: Chromecast is not discoverable on second AP
Replies: 10
Views: 2464

Re: Chromecast is not discoverable on second AP

Thank you Alain for your response. I guess Chromecast and bose speakers use the same technology to advertise themselves!
How did you overcome the issue in your case?
I took the easy way out. Add pe1chi suggested, same subnet. ;)

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Sun Nov 10, 2019 5:23 am
Forum: Wireless Networking
Topic: Chromecast is not discoverable on second AP
Replies: 10
Views: 2464

Re: Chromecast is not discoverable on second AP

I'm not any expect of chromecasts, but I'm guessing that the discovery part is purely layer 2.

When I'm on a different vlan of the same AP, I can't discover the CC or my Bose speaker for that matter.


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Nov 08, 2019 11:41 pm
Forum: Beginner Basics
Topic: Cannot redirect port to a specific ip
Replies: 5
Views: 894

Re: Cannot redirect port to a specific ip

Cool. Glad to be of help. :)

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Nov 08, 2019 7:44 pm
Forum: Wireless Networking
Topic: Reboot capsman clients after RouterOS update
Replies: 1
Views: 1198

Re: Reboot capsman clients after RouterOS update

Hello,

I'd like it to be a one reboot thing, but the second reboot is required for the firmware update.

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Nov 08, 2019 3:19 pm
Forum: Beginner Basics
Topic: help with block program
Replies: 2
Views: 523

Re: help with block program

That could be a tricky task depending on the app to bock. For example, I'd love to block Facebook messenger, but that's tcp/443. Good luck with that. You could look at a layer 7 approach, but it'll take some research on your part, much testing and a lot of router CPU. Sent from my cell phone. Sorry ...
by AlainCasault
Fri Nov 08, 2019 1:32 am
Forum: RouterOS v7 BETA
Topic: Poll: who wants to have a better /export ?
Replies: 17
Views: 4227

Re: Poll: who wants to have a better /export ?

Now I feel silly because I hadn't seen the poll on my cell phone. Nice job!!!!
by AlainCasault
Thu Nov 07, 2019 8:45 pm
Forum: Beginner Basics
Topic: Cannot redirect port to a specific ip
Replies: 5
Views: 894

Re: Cannot redirect port to a specific ip

If you suspect Synology problem, test on the same LAN. If it doesn't work, then you found it. I haven't read all of your export but make sure your firewall accepts the redirected traffic. I've seen many people think that a simple dst-nat is an implicit accept through the FW. Cheers, Sent from my cel...
by AlainCasault
Thu Nov 07, 2019 2:39 pm
Forum: RouterOS v7 BETA
Topic: Poll: who wants to have a better /export ?
Replies: 17
Views: 4227

Re: Poll: who wants to have a better /export ?

Hello

Can you tell us what you have in mind?

My needs may be different from yours but export suits my needs.

Regards,

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Tue Nov 05, 2019 8:58 pm
Forum: General
Topic: Feature request: exporting configuration sould be password protected
Replies: 6
Views: 1056

Re: Feature request: exporting configuration sould be password protected

You can also use an application like Encrypto that does a great job. It's available on Mac and Windows.


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Wed Oct 23, 2019 7:44 pm
Forum: General
Topic: Changing Country on locked device
Replies: 4
Views: 961

Re: Changing Country on locked device

During the Markham MUM last month, I asked MikroTik to ship INT routers to Canada since we can use dfs channels PROVIDED we respect the Industry Canada rules as shown in the regulations document. My employer buys Aruba "rest of World" APs and its ok, because of our compliance to IC (and the threat o...
by AlainCasault
Tue Oct 22, 2019 4:07 pm
Forum: Wireless Networking
Topic: Correct antenna-gain setting on Mikrotik Hardware [SOLVED]
Replies: 38
Views: 12644

Re: Correct antenna-gain setting on Mikrotik Hardware [SOLVED]

As antennas in small RBs, for example, are usually 2dBi, your AP will be 2dBm stronger than allowed in your country.

Setting antenna gain at a non 0 value will tell the router to subtract that gain to stay with country regulation.

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Oct 18, 2019 9:20 pm
Forum: General
Topic: tool kid-control
Replies: 58
Views: 20799

Re: tool kid-control

it would be nice to add time quota per kid instead of fixed time intervals
+1

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Wed Oct 16, 2019 9:08 pm
Forum: RouterBOARD hardware
Topic: hardware idea for a multiport switch
Replies: 59
Views: 25294

Re: hardware idea for a multiport switch

I had suggested in a previous similar post to build a chassis with blades. Could be switch blades, routing blades, whatever port configuration/speed. Could even have a fan blade, just in case. Hot swappable power supplies. One blade is old? A faster one comes out? No problem, swap it. That would ad...
by AlainCasault
Wed Oct 16, 2019 8:58 pm
Forum: RouterBOARD hardware
Topic: hardware idea for a multiport switch
Replies: 59
Views: 25294

Re: hardware idea for a multiport switch

I had suggested in a previous similar post to build a chassis with blades. Could be switch blades, routing blades, whatever port configuration/speed. Could even have a fan blade, just in case. Hot swappable power supplies. One blade is old? A faster one comes out? No problem, swap it. Just make a fa...
by AlainCasault
Wed Oct 16, 2019 8:50 pm
Forum: Beginner Basics
Topic: Branding Maker for Trainer
Replies: 7
Views: 1141

Re: Branding Maker for Trainer

I asked for it a few years back and got it, no issue.

I "branded" my 2011 that now shows my text logo on the LCD.

Cheers,

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Tue Oct 15, 2019 6:07 pm
Forum: General
Topic: Can't delete Dude files on CHR
Replies: 6
Views: 1040

Re: Can't delete Dude files on CHR

Follow up on this issue. As I didn't have much experience with CHR licenses, I found out how to generate a new one without wasting the old one. I created a new CHR and used its software ID to generate a temporary P1 license. I then reassigned the old (permanent) P1 license to the temporary one, thus...
by AlainCasault
Sun Oct 13, 2019 12:19 am
Forum: General
Topic: Can't delete Dude files on CHR
Replies: 6
Views: 1040

Re: Can't delete Dude files on CHR

Thanks all. I had deleted the Dude, but to no avail. As I'm not a Hyper-V expert, didn't think of expanding the disk. I tried reinstalling using ISO file, but by then, I had done too much damage. Just used another P1 license :D Mounting the Hyper-V disks didn't do much either, but it's something I'l...
by AlainCasault
Sat Oct 12, 2019 8:20 pm
Forum: General
Topic: Can't delete Dude files on CHR
Replies: 6
Views: 1040

Re: Can't delete Dude files on CHR

Hello MKX,

Will try and let you know. But it makes sense.

AC
by AlainCasault
Fri Oct 11, 2019 10:25 pm
Forum: General
Topic: Can't delete Dude files on CHR
Replies: 6
Views: 1040

Can't delete Dude files on CHR

Hello guys, I'm running 6.45.6 on Hyper-V (Winodws 10 Pro). I ran The Dude on it for a while and stopped it. Now, I can't seem to delete the leftover files under /Dude and there's only 1% of my file system left (out of the original 95MB!!!). I've read through the forum, but as it's a CHR, I can't Ne...
by AlainCasault
Thu Sep 05, 2019 9:35 pm
Forum: RouterBOARD hardware
Topic: CPU usage upto 90%
Replies: 2
Views: 1455

Re: CPU usage upto 90%

Hello, You may have many issues. If you look at the specs, you'll notice that the setup will influence performance. L7 filters, if any, load the CPU. I suggest that you start with /tools - profiles to see which service is using up the CPU and report back your findings. Also include your config for a...
by AlainCasault
Thu Sep 05, 2019 6:24 pm
Forum: Wireless Networking
Topic: Cap interface down/up [SOLVED]
Replies: 3
Views: 962

Re: Cap interface down/up [SOLVED]

Hello,

Well, we see that too. Is there a question?

Regards


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Wed Aug 21, 2019 5:31 pm
Forum: Beginner Basics
Topic: Simple NAT between networks
Replies: 5
Views: 1160

Re: Simple NAT between networks

Hello

If all of this is on the same router, why would you need anything firewall wise to make it work?

Ali subnets are reachable by default unless you have something blocking traffic.

So yes, as suggested, post your config please

Regards,


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Wed Aug 14, 2019 5:49 pm
Forum: Wireless Networking
Topic: Bridge port received packet with own address as source, probably loop
Replies: 52
Views: 52264

Re: Bridge port received packet with own address as source, probably loop

Hello I had this issue a while back but forgot how I solved it. I have a software vlan setup with 8 VLANs, one of which is a Telco only vlan. If memory serves, I only kept the associated bridge of that vlan as a neighbour enabled interface, along with physical interfaces. Cheers, Sent from my cell p...
by AlainCasault
Tue Aug 13, 2019 8:50 pm
Forum: General
Topic: HELP !! Install Probems
Replies: 2
Views: 605

Re: HELP !! Install Probems

Hello

Please include an export of your config.

2.8 is over 10 years old if not more. Are you really talking about RouterOS??

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Mon Aug 12, 2019 7:48 pm
Forum: General
Topic: Allow traffic between isolated subnets? [SOLVED]
Replies: 10
Views: 2365

Re: Allow traffic between isolated subnets? [SOLVED]

Hy

A good trick is to create a bogus rule that only logs forwarded traffic and see where traffic dies. When your bogus rule stops logging, the previous one is the culprit.

Cheers

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Sat Aug 10, 2019 5:04 pm
Forum: Beginner Basics
Topic: Tools\ Btest Server
Replies: 2
Views: 600

Re: Tools\ Btest Server

Hello Bob

Yes, that's the server. What is your exact question??

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Tue Aug 06, 2019 8:31 pm
Forum: General
Topic: to delete
Replies: 2
Views: 550

Re: MT PPTP Client host not pinging remote lan

Hello

Does your PPTP server have all routes to come back to the PPTP client?

Both routers need all routes to the other router.

Best regards


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Thu Jul 25, 2019 2:48 pm
Forum: Wireless Networking
Topic: 2GHz WiFi 40MHz width best channel
Replies: 7
Views: 1718

Re: 2GHz WiFi 40MHz width best channel

Also, with three channels, you get better non overlapping coverage.

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Thu Jul 25, 2019 2:45 pm
Forum: Wireless Networking
Topic: 2GHz WiFi 40MHz width best channel
Replies: 7
Views: 1718

Re: 2GHz WiFi 40MHz width best channel

Good practice is to use 1-6-11 at 20Mhz. Also, 802.11 stipulates that any ap at 40Mhz WILL fall back to 20 if it causes problems to others.


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Wed Jul 24, 2019 7:51 pm
Forum: Wireless Networking
Topic: CAPsMAN 5GHz data rates problem
Replies: 2
Views: 858

Re: CAPsMAN 5GHz data rates problem

Hello,

As per 802.11 standard...
add authentication-types=wpa-psk,wpa2-psk comment=EnterRealmOfWOOWiFi encryption=tkip \
    name=security1 passphrase=EnterRealmOfWOOWiFi
tkip WILL limit you to 54Mbps, regardless of what else you have set up. Use different encryption.

Cheers,

AC
by AlainCasault
Wed Jul 24, 2019 7:44 pm
Forum: Wireless Networking
Topic: Locked US frequencies on MT products
Replies: 1
Views: 504

Re: Locked US frequencies on MT products

Hello,

I'm wondering the same thing.

We use Aruba Network APs, and they CAN use DFS channels. Maybe it's a misinterpretation of regulations, I don't know. But it would be great to regain use of those channels.

Cheers,

AC
by AlainCasault
Wed Jul 24, 2019 7:30 pm
Forum: General
Topic: Can’t Ping Hosts Inside Network in Site-to-Site VPN and VLANs
Replies: 1
Views: 277

Re: Can’t Ping Hosts Inside Network in Site-to-Site VPN and VLANs

Salut François, It's kinda hard to see without a diagram or ROS code. I have a three-site network, each with their own VLANs (8 per site), but routed between them. My WAN is fully meshed and routed using OSPF (the VPN interfaces are L2TP/IPSec). I have full visibility of all hosts (provided firewall...
by AlainCasault
Mon Jul 15, 2019 12:18 pm
Forum: Wireless Networking
Topic: Wireless scanner results - what does /DP mean?
Replies: 4
Views: 1879

Re: Wireless scanner results - what does /DP mean?

As a general rule of thumb, when you hold your cursor over any flag (in WinBox) it'll tell you what they mean.


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Sat Jun 08, 2019 11:11 pm
Forum: General
Topic: Strange Mangle situation - Download fighting Upload [SOLVED]
Replies: 22
Views: 2586

Re: Strange Mangle situation - Download fighting Upload [SOLVED]

Hy I'm also confused. How can CZFan's example work? The mangle uses src-address-list, meaning "Download" traffic from a bunch of IPs. How can those packet marks be used in Queue trees for uploads? ... the mangle uses src-address-list, for the device starting the connection, in this case it was a pc...
by AlainCasault
Sat Jun 08, 2019 12:45 am
Forum: General
Topic: Strange Mangle situation - Download fighting Upload [SOLVED]
Replies: 22
Views: 2586

Re: Strange Mangle situation - Download fighting Upload [SOLVED]

Hy I'm also confused. How can CZFan's example work? The mangle uses src-address-list, meaning "Download" traffic from a bunch of IPs. How can those packet marks be used in Queue trees for uploads? I found this which may help Chipburn. https://mum.mikrotik.com/presentations/CZ09/QoS_Megis.pdf My setu...
by AlainCasault
Fri Jun 07, 2019 6:39 pm
Forum: General
Topic: Strange Mangle situation - Download fighting Upload [SOLVED]
Replies: 22
Views: 2586

Re: Strange Mangle situation - Download fighting Upload [SOLVED]

Oooor! Just dawned on me. Try checking passthrough for the connection marking rule. Can't remember if the mark connection action allows for further processing.

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Jun 07, 2019 5:43 pm
Forum: Wireless Networking
Topic: How create virtual ap without mac access list
Replies: 2
Views: 602

Re: How create virtual ap without mac access list

Hello, In the access-list tab entries, you can specify the interface that "this entry" will apply for. So if you want to allow mac AA:BB: etc. as a guest only, you'll specify interface "vap1". At the end, don't forget to add a catch-all entry with no mac address, no interface and deny connections. S...
by AlainCasault
Fri Jun 07, 2019 5:32 pm
Forum: General
Topic: Strange Mangle situation - Download fighting Upload [SOLVED]
Replies: 22
Views: 2586

Re: Strange Mangle situation - Download fighting Upload [SOLVED]

Hello, As a debugging tool, I would suggest you check "log" and add meaningful log prefixes. You may get a hint as to which mangle rules are used (and when) and you'll see which interfaces are used also. To compare, I went about it the easy (and bad) way of only doing packet marking (no prior connec...
by AlainCasault
Fri Jun 07, 2019 12:39 am
Forum: Beginner Basics
Topic: Fix my mess please.
Replies: 15
Views: 1447

Re: Fix my mess please.

Here's an export of my very basic config along with basic details. __________________________________ ROUTER A /interface ipip[ add name=ipip-tunnel1 remote-address=172.16.2.203 /ip address add address=10.1.1.1 interface=ipip-tunnel1 network=10.2.2.2 /ip dhcp-client add dhcp-options=clientid,hostnam...
by AlainCasault
Wed Jun 05, 2019 1:06 am
Forum: Beginner Basics
Topic: Fix my mess please.
Replies: 15
Views: 1447

Re: Fix my mess please.

So tell me if im doing this right. On the router A, in the route list, i need to put 1.1.1.1 instead of ipip-tunnel. Not sure if im doing this correctly, because when i do this, gateway becomes "unreachable". But i believe the problem is as you say in my routes. OK! Now that I've got my head out of...
by AlainCasault
Wed Jun 05, 2019 12:57 am
Forum: Beginner Basics
Topic: Fix my mess please.
Replies: 15
Views: 1447

Re: Fix my mess please.

Damn! I had this TOTALY confused with another (and totaly unrelated) issue... My bad!!! Thank @MKS for setting me straight. /interface bridge add name=LAN /interface ipip add name=ipip-tunnel1 remote-address=172.16.2.203 /ip address add address=10.1.1.1/24 interface=LAN network=10.1.1.0 add address=...
by AlainCasault
Tue Jun 04, 2019 11:38 pm
Forum: Beginner Basics
Topic: Fix my mess please.
Replies: 15
Views: 1447

Re: Fix my mess please.

Never use an interface as gateway, always an IP address. What's wrong with using interface as gateway if interface is a point-to-point type of interface? Works for non broadcast technologies like x.25, Frame relay. Works for any PtP link, such as IPIP or PPPoE: /ip address print Flags: X - disabled...
by AlainCasault
Tue Jun 04, 2019 9:26 pm
Forum: Beginner Basics
Topic: Fix my mess please.
Replies: 15
Views: 1447

Re: Fix my mess please.

Never use an interface as gateway, always an IP address.

What's wrong with using interface as gateway if interface is a point-to-point type of interface?
Works for non broadcast technologies like x.25, Frame relay.

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Tue Jun 04, 2019 5:55 pm
Forum: Beginner Basics
Topic: Fix my mess please.
Replies: 15
Views: 1447

Re: Fix my mess please.

Eventually, use dynamic routing. Avoids the hassle of static routing.


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Tue Jun 04, 2019 5:53 pm
Forum: Beginner Basics
Topic: Fix my mess please.
Replies: 15
Views: 1447

Re: Fix my mess please.

Hello,

One big thing that jumps up is your routing. Never use an interface as gateway, always an IP address.

So on router A, use the IP if B's tunnel to each B's LAN.

Cheers



Sent from my cell phone. Sorry for the errors.

by AlainCasault
Sun Jun 02, 2019 11:11 pm
Forum: General
Topic: Ping Knock
Replies: 20
Views: 4157

Re: Ping Knock

@sindy,

Thanks for the feedback. I'll run some tests and will report my findings on the trouble ticket.

Best regards,

AC
by AlainCasault
Sat Jun 01, 2019 9:21 pm
Forum: General
Topic: Ping Knock
Replies: 20
Views: 4157

Re: Ping Knock

Thanks for getting back to me so fast. I'm not using that field. As I inspect the conntrack table, I see my ICMP connection there for 10 secs even though my ping only sent one packet. This is why my other pings are not seen by the other filters as the routeur thinks it's still the same connection. I...
by AlainCasault
Sat Jun 01, 2019 8:07 pm
Forum: General
Topic: Ping Knock
Replies: 20
Views: 4157

Re: Ping Knock

Hy all, I know I'm rehashing an old post, but this issue has me stumped. I have done the same thing for demo purposes for the longest time. I'm doing this again this morning and it doesn't work. A bit of troubleshooting and I realize that the ICMP-TIMEOUT in conntracking is the issue. If I reduce th...
by AlainCasault
Sat Jun 01, 2019 2:23 am
Forum: Beginner Basics
Topic: Setup WAN port, multiple public address [SOLVED]
Replies: 8
Views: 974

Re: Setup WAN port, multiple public address [SOLVED]

And the netmask. You have 65000 IP addresses?

Sent from my cell phone. Sorry for the errors.
It is ISP network not mine I am only customer....
Then, as a client, I'd be worried ;-)

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri May 31, 2019 7:23 pm
Forum: Beginner Basics
Topic: Setup WAN port, multiple public address [SOLVED]
Replies: 8
Views: 974

Re: Setup WAN port, multiple public address [SOLVED]

And the netmask. You have 65000 IP addresses?

Sent from my cell phone. Sorry for the errors.
Mon Dieu !!!!!
or in Quebec
Ostie de tabarnak
Get an IPAD LOL.............
No all Apple products. Android!! See what Apple did to your French :D

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Thu May 30, 2019 4:29 pm
Forum: Beginner Basics
Topic: Setup WAN port, multiple public address [SOLVED]
Replies: 8
Views: 974

Re: Setup WAN port, multiple public address [SOLVED]

And the netmask. You have 65000 IP addresses?

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Wed May 29, 2019 1:22 am
Forum: Announcements
Topic: v6.44.3 [stable] is released!
Replies: 123
Views: 41733

Re: v6.44.3 [stable] is released!

We are trying to upgrade to 6.44.3 from 6.29. I can download the file and it is in the files window. It will not install. I have tried to reboot 5 or 6 times and still nothing. Any advice? Look at the log. It should tell you why. Usually, you've chosen files for the wrong architecture. Sent from my...
by AlainCasault
Tue May 28, 2019 9:35 pm
Forum: Beginner Basics
Topic: How to reserve IP in mikrotik hex poe lite [SOLVED]
Replies: 7
Views: 919

Re: How to reserve IP in mikrotik hex poe lite [SOLVED]

Hello If I understood you correctly, the DVRs have hardcoded IP addresses. In that case, I would just click the add button, use all 0's for the mac and input the reserved IP's on the IP address field. That way, those two addresses will never be handed out. Sent from my cell phone. Sorry for the erro...
by AlainCasault
Tue May 28, 2019 6:12 pm
Forum: General
Topic: How to create group of address lists?
Replies: 7
Views: 2768

Re: How to create group of address lists?

I like your plan. a. there are no hackers in france and germany (FACT) b. there are no computers in france and germany that can be hacked and controlled by Bots (FACT) c. allowing access to winbox by external IPs is very safe (FACT). FACT Foundation for the Advancement of Cardiac Therapies, In (whe...
by AlainCasault
Fri May 03, 2019 5:43 pm
Forum: Scripting
Topic: Script initiate Winbox windows?
Replies: 3
Views: 756

Re: Script initiate Winbox windows?

I know it's not your question, but maybe a raspberry pi? I have one with scripts for availability (netwatch replacement), and iperf to test my queue trees. I "cron"ed the availability script but I could create a web page from which to launch the queue testing script... Hum, that's actually an intere...
by AlainCasault
Thu May 02, 2019 1:26 am
Forum: Scripting
Topic: Script initiate Winbox windows?
Replies: 3
Views: 756

Re: Script initiate Winbox windows?

Hello Joe I'm not a script guru, so I'll send you elsewhere. Have you considered creating a limited skin (only for web interface though) and only show the tools you wants to be made available? It's a somewhat lengthy process, but it could help you. You'll need to create user accounts with limited ac...
by AlainCasault
Thu Apr 11, 2019 2:59 pm
Forum: General
Topic: CPU Utilization reaches 100%
Replies: 3
Views: 624

Re: CPU Utilization reaches 100%

So I'm guessing you're doing a lot of queuing :D As ROS is software with no specialized ASICs, the more features one configures, the more hits the CPU takes. Check MUM presentations to see if there are suggestions about optimizing queues. There are presentations that talk about the load layer 7 filt...
by AlainCasault
Wed Apr 10, 2019 8:47 pm
Forum: General
Topic: CPU Utilization reaches 100%
Replies: 3
Views: 624

Re: CPU Utilization reaches 100%

Hello,

Your issue is something special because, indeed, the stats are good.

Have you tried to use Tools->Profil? That'll give you a hint.
by AlainCasault
Wed Apr 10, 2019 5:02 pm
Forum: General
Topic: Telnet function not working anymore since several versions
Replies: 5
Views: 736

Re: Telnet function not working anymore since several versions

Hello,

Thinks to check...

Has telnet been disabled in IP->SERVICES?
Has the user been modified to refuse telnet access?

Cheers
by AlainCasault
Wed Apr 10, 2019 4:10 pm
Forum: Beginner Basics
Topic: Any ideas how to block andriod/ios app in mikrotik router???
Replies: 3
Views: 1397

Re: Any ideas how to block andriod/ios app in mikrotik router???

You don't use the firewall to block an app, you block communications based on protocol and port number, as you know. But!!!! Maybe you could sniff the communications and see if the app has a signature (look that up on MikroTik's website. Later 7 signatures). You might get more success there but if n...
by AlainCasault
Wed Apr 10, 2019 4:04 pm
Forum: General
Topic: RB4011 Fail to netinstall
Replies: 2
Views: 618

Re: RB4011 Fail to netinstall

Or maybe personal firewall. I've seen this before. And always disable unused interfaces on the laptop. That also has been an issue.

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Wed Apr 10, 2019 3:56 pm
Forum: Beginner Basics
Topic: alternative to scheduler
Replies: 5
Views: 656

Re: alternative to scheduler

Actually, you could use netmonitor.... I think that's what it's called.

Once you reach a threshold, either in our out, the script is run.

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Apr 05, 2019 9:17 pm
Forum: General
Topic: RB4011iGS not in Winbox Neighbors tab
Replies: 1
Views: 364

Re: RB4011iGS not in Winbox Neighbors tab

Hello

Check your ip-neighbour-settings

Then interface list

Maybe the port you're connected to doesn't send mndp anymore.

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Apr 05, 2019 9:15 pm
Forum: General
Topic: Infected Routerboard sending SPAM
Replies: 7
Views: 935

Re: Infected Routerboard sending SPAM

Hello,

Netinstall and start from scratch.


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Apr 05, 2019 9:13 pm
Forum: General
Topic: Debugging NTP issue with packet sniffer [SOLVED]
Replies: 4
Views: 866

Re: Debugging NTP issue with packet sniffer [SOLVED]

Hello If you want to see ntp traffic, add a firewall rule with: Chain=input Protocol=UDP Dst.port=123 Action=log Make sure it's on top and you'll see everything for ntp. Add the proper in interface to see only internal requests. I'm not in front of a router, but check to see if your ntp server has m...
by AlainCasault
Fri Apr 05, 2019 8:15 pm
Forum: Wireless Networking
Topic: How to list devices around mk?
Replies: 5
Views: 863

Re: How to list devices around mk?

Whichever tool you use, I suggest NOT using your AP as it'll drop current clients. Your kids won't like you ;)

Use a spare router.

Ahs yes, snooper is good IMHO and gives a loooot of information.

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Apr 05, 2019 7:55 pm
Forum: General
Topic: Mangle rules, can we have content wildcards
Replies: 1
Views: 418

Re: Mangle rules, can we have content wildcards

Hello, I'd say no. I do that to block those very same sites and as you can tell, there are no common strings between youtube and googlevideo :D Go with 2 rules. Be careful though; wanting to block the YouTube app, I wound up blocking other sites. Still not sure how or why !!??!?! Sent from my cell p...
by AlainCasault
Fri Apr 05, 2019 7:45 pm
Forum: General
Topic: how to close all UDP ports on mikrotik?
Replies: 3
Views: 813

Re: how to close all UDP ports on mikrotik?

To piggy back on rich1's comment, do it for only THAT host

Shouldn't be hard to find the guilty party. If you don't know who's doing it, add a forward rule that only logs UDP outbound.

Cheers


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Apr 05, 2019 7:42 pm
Forum: General
Topic: Block DropBox with firewall
Replies: 2
Views: 870

Re: Block DropBox with firewall

Try the tls-host field in a mangle rule. It works for me blocking other sites like Netflix.

And you can use the same marking in simple queues to rate limit.

Cheers,

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Apr 05, 2019 7:35 pm
Forum: Beginner Basics
Topic: Can someone help identify this router..
Replies: 8
Views: 1307

Re: Can someone help identify this router..

At any rate, once you find out the model, go on routerboard.com, search for end of life models and the specs should be there.

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Apr 05, 2019 7:33 pm
Forum: Beginner Basics
Topic: Can someone help identify this router..
Replies: 8
Views: 1307

Re: Can someone help identify this router..

Hello

Don't you have physical access?

The sticker under should have all the details.

Regards,


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Apr 05, 2019 3:15 pm
Forum: Wireless Networking
Topic: Band and AP steering
Replies: 1
Views: 588

Re: Band and AP steering

I haven't seen if it's possible but would looooove to make that work.

I have devices that regularly select a weaker AP then the users complain of slow Internet access (your network sucks...) :D



Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Apr 05, 2019 2:54 pm
Forum: General
Topic: microtik L2TP server and microtik Client
Replies: 1
Views: 354

Re: microtik L2TP server and microtik Client

Hello SUD Please see this regarding licence questions: https://wiki.mikrotik.com/wiki/Manual:License As for only 5 tunnels working, there shouldn't be any issues with having more. It would be good if you posted your config and any error message you may have on your logs. Cheers, Sent from my cell ph...
by AlainCasault
Mon Apr 01, 2019 4:00 pm
Forum: Wireless Networking
Topic: 34km link low CCQ
Replies: 13
Views: 1929

Re: 34km link low CCQ

Use that mikrotik protocol thing
NV2 ;)

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Mar 29, 2019 6:56 pm
Forum: Wireless Networking
Topic: 34km link low CCQ
Replies: 13
Views: 1929

Re: 34km link low CCQ

Did not see much channel usage for this frequency in the snooper, freq usage or scan. What option is Greenfield. I am currently researching it.
It's an expression meaning that you don't mix modes (a/n/ac) but rather stick with just one (ac).


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Thu Mar 28, 2019 11:25 pm
Forum: Wireless Networking
Topic: 34km link low CCQ
Replies: 13
Views: 1929

Re: 34km link low CCQ

Have you tried the built-in tools to analyze the RF (scan, shopper)?

Have you also tried seeing it up as Greenfield, not a/n/AC?

Otherwise, signal levels are good... Snr good...



Sent from my cell phone. Sorry for the errors.

by AlainCasault
Wed Mar 27, 2019 2:04 pm
Forum: Beginner Basics
Topic: winbox on linux with firewall active
Replies: 3
Views: 649

Re: winbox on linux with firewall active

Actually, the way I'm reading this, his MAC-WINBOX is being blocked.

You should allow udp src.port 5678 so that the return traffic is allowed.

You should then see your routers.

Regards,


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Tue Mar 26, 2019 3:06 pm
Forum: Beginner Basics
Topic: Connecting two routers in two buildings with cable
Replies: 8
Views: 1082

Re: Connecting two routers in two buildings with cable

I'd go with OSPF and let everything sort itself our ;)

Take a look at https://alaincasault.com/ca/posts/, the post named. "Redundant WAN links".

When the failure is in the ISP's infrastructure, the regular "check gateway" doesn't help much.

Cheers,


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Tue Mar 19, 2019 12:40 am
Forum: Scripting
Topic: How to really make backups (by script) ?
Replies: 15
Views: 2045

Re: How to really make backups (by script) ?

True!

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Mon Mar 18, 2019 8:20 pm
Forum: Scripting
Topic: How to really make backups (by script) ?
Replies: 15
Views: 2045

Re: How to really make backups (by script) ?

The binary backup will let you restore a perfect/complete copy of the config of the original router (A) on the new router(B). It will work. But DO reset the MACs, either manually or through a script as suggested. Obviously, it should NOT be done if the original router (A) is still running as you'll ...
by AlainCasault
Fri Mar 15, 2019 5:29 pm
Forum: Beginner Basics
Topic: Mikrotik as HUB (configuration)
Replies: 17
Views: 2236

Re: Mikrotik as HUB (configuration)

Ok, got it. Still can't do hub in MikroTik. Do a switch as was suggested before using a bridge. From within the router, you can launch a packet sniffer (in tools menu) which is wireshark compatible (make sure to name the file .pcap). You'll have to play with it as I don't remember if the bridge will...
by AlainCasault
Thu Mar 14, 2019 9:14 pm
Forum: Beginner Basics
Topic: Mikrotik as HUB (configuration)
Replies: 17
Views: 2236

Re: Mikrotik as HUB (configuration)

Because I have to simulate something like that in laboratories. Maybe as a bridge to do it, that it would be similar? I'm not sure you know what you require if you think that a hub and a switch are similar. Can you explain what you need to achieve? That could help us understand. Sent from my cell p...
by AlainCasault
Wed Mar 13, 2019 8:56 pm
Forum: Beginner Basics
Topic: Mikrotik as HUB (configuration)
Replies: 17
Views: 2236

Re: Mikrotik as HUB (configuration)

More to the point: why do you want a hub?

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Tue Mar 12, 2019 4:17 pm
Forum: Scripting
Topic: How to really make backups (by script) ?
Replies: 15
Views: 2045

Re: How to really make backups (by script) ?

Hello, This topic has been documented MANY times. But, yes, you CAN restore a binary backup of one device to another of SAME model. But: * Make sure they're both running the same version of OS * Reset each interface's MAC address. Voilà! As far as running and storing backups, that too has been docum...
by AlainCasault
Tue Mar 12, 2019 3:49 pm
Forum: Beginner Basics
Topic: Connecting two routers in two buildings with cable
Replies: 8
Views: 1082

Re: Connecting two routers in two buildings with cable

Hello, I'm assuming that the /16s are just to summarize local subnets and you don't have such a big network. Otherwise, break the subnet down to smaller ones (like /24). Also, I'd probably go with fiber regardless since your working with two buildings. Fiber will insulate you from grounding issues, ...
by AlainCasault
Mon Mar 11, 2019 7:59 pm
Forum: Beginner Basics
Topic: Help with new Vlan Setup
Replies: 8
Views: 637

Re: Help with new Vlan Setup

Also, try this.

I think this is what you're going for.

https://wiki.mikrotik.com/wiki/Manual:S ... p_Features

Cheers,
by AlainCasault
Mon Mar 11, 2019 7:30 pm
Forum: Beginner Basics
Topic: Help with new Vlan Setup
Replies: 8
Views: 637

Re: Help with new Vlan Setup

Hello, I know what you mean as I have a Unifi also. I basically took the IP address of my Telco devices' subnet and its associated DHCP server and moved them to the trunk bridge. The Unifi is connected to a trunk port, but because the IP was set to the trunk bridge, that subnet became untagged. Of c...
by AlainCasault
Fri Mar 08, 2019 9:33 pm
Forum: General
Topic: Viewing network traffic question
Replies: 7
Views: 817

Re: Viewing network traffic question

Hello Nazralte, 1st thing to do is make sure your catch-all rules log traffic reaching them. As you indicate not being so good w/ firewalls, I'll give you more information, hoping I'm not treating you like a child ;) Catch-all rules just drop and log whatever was not processed by the previous rules,...
by AlainCasault
Fri Mar 08, 2019 8:31 pm
Forum: Beginner Basics
Topic: Routing CCR 1036 and CRS 317
Replies: 2
Views: 427

Re: Routing CCR 1036 and CRS 317

Hello, For starters, your devices should have a static IP address, not get one from a server. Otherwise, how do you plan on doing proper management with dynamic IP addresses? Secondly, I suggest you post a diagram you what you wish to acheive and your devices current configuration. You're asking for...
by AlainCasault
Fri Mar 08, 2019 5:59 pm
Forum: General
Topic: Winbox disconnects after few seconds
Replies: 4
Views: 994

Re: Winbox disconnects after few seconds

Hy again!! If you can winbox but not webfig, check that the IP Service for TCP 80 is not disabled. Could be that simple. :| If you use "bridge" mode (and it's not a typo), then your problem could lay there. I'm not in front of a router right now, but you should be set as AP-bridge mode, and I THIIII...
by AlainCasault
Fri Mar 08, 2019 3:15 pm
Forum: General
Topic: Winbox disconnects after few seconds
Replies: 4
Views: 994

Re: Winbox disconnects after few seconds

Hello

Are you connecting using an IP address or a mac address?

If it's the MAC, yes you may loose connectivity often. Use a IP as soon as possible.

Regards

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Mar 08, 2019 3:10 pm
Forum: Wireless Networking
Topic: Configuring a Single SSID WLAN with Two wAP AC (RBwAPG-5HacT2HnD-US) and one hEX (RB750Gr3)
Replies: 6
Views: 800

Re: Configuring a Single SSID WLAN with Two wAP AC (RBwAPG-5HacT2HnD-US) and one hEX (RB750Gr3)

Thanks for both replies! One additional question, I've read that a WDS mode has to be enabled in the routers and that both routers must be bridged into a single Wireless interface. Is that right? Thanks again. Hello No need for wds. And keep the setup as simple as possible. The APs' Wi-Fi card shou...
by AlainCasault
Thu Feb 28, 2019 4:12 pm
Forum: Beginner Basics
Topic: Bandwidth separation for VoIP
Replies: 5
Views: 638

Re: Bandwidth separation for VoIP

Hello

Packet marking is the first step. You'll move on to queue trees where you'll use the packet marks.

Check the url I gave you for a real step by step.

Cheers

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Wed Feb 27, 2019 4:40 pm
Forum: Beginner Basics
Topic: Bandwidth separation for VoIP
Replies: 5
Views: 638

Re: Bandwidth separation for VoIP

Hello, What I wrote was meant as a general guideline, so it's possible it may not apply to your setup. But the caracteristics part still applies. Unless you know how an application behaves (protocol, port, DST IP address, anything that can help to identify it), it's going to be hard to do bandwidth ...
by AlainCasault
Wed Feb 27, 2019 2:33 pm
Forum: Beginner Basics
Topic: Bandwidth separation for VoIP
Replies: 5
Views: 638

Re: Bandwidth separation for VoIP

Hello, The hard part is to categorize your traffic. That is to says that you need to know as many "traits" as possible. As an example, I have VoIP phones on three dedicated subnets (three sites) and my PBXs on another. That becomes easy to do QoS between all subnets. My PBXs connect to my SIP trunk ...
by AlainCasault
Wed Feb 27, 2019 2:07 pm
Forum: Wireless Networking
Topic: 20Mhz or 20Mhz/40Mhz above,below which correct fot access point ?
Replies: 2
Views: 1050

Re: 20Mhz or 20Mhz/40Mhz above,below which correct fot access point ?

Hello, Since you don't mention it, I'll start of with 2,4GHz. The choice of 20 or 40 MHz depends on your neighbors. If there's a lot of 2,4GHz around you, stick with 20MHZ as the AP will revert from 40 to 20 if it detects interference. If you can go to 40MHz, then scan what's around you and select a...
by AlainCasault
Fri Feb 22, 2019 9:54 pm
Forum: Beginner Basics
Topic: How to connect from android app Mikrotik to RB2011?
Replies: 6
Views: 767

Re: How to connect from android app Mikrotik to RB2011?

I don't recommend using the app from the WAN side, for many reasons (mainly security) other than its just in beta. However if you can open a VPN to home and then use the APP as though you were on the LAN, that may be a different story) Am I hearing an echo here? ;) Sent from my cell phone. Sorry fo...
by AlainCasault
Fri Feb 22, 2019 5:45 pm
Forum: General
Topic: Simple L2TP/IPSEC roadwarrior
Replies: 1
Views: 1738

Re: Simple L2TP/IPSEC roadwarrior

Hello A gateway of 0.0.0.0? That can't be good. You're probably missing stuff in your ppp profile. Post your ppp setup. /ppp export. I have this basic setup and it works great. Is your tunnel coming up? I'm guessing yes if you're getting an address. Sent from my cell phone. Sorry for the errors.
by AlainCasault
Fri Feb 22, 2019 2:52 pm
Forum: Beginner Basics
Topic: How to connect from android app Mikrotik to RB2011?
Replies: 6
Views: 767

Re: How to connect from android app Mikrotik to RB2011?

Hello Pablo, I'm glad you solved your issue but did you realize you created a new one? It's not a good idea to open WinBox on your WAN port. It's a major security risk. You'd need better off doing at least port knocking first or, better yet, VPN to your router before managing it. Regards, Sent from ...
by AlainCasault
Wed Jan 30, 2019 8:14 pm
Forum: Beginner Basics
Topic: Text based backup!!!cannot load [SOLVED]
Replies: 12
Views: 1184

Re: Text based backup!!!cannot load [SOLVED]

You're better off with export files. True, but with export files it also isn't easy, as I described above. It would be much easier when those minor changes were made... Of course we all understand that you cannot import an export from a 10-port router into a 5-port router without some manual action...
by AlainCasault
Wed Jan 30, 2019 5:36 pm
Forum: Beginner Basics
Topic: Text based backup!!!cannot load [SOLVED]
Replies: 12
Views: 1184

Re: Text based backup!!!cannot load [SOLVED]

Doing a binary restore is "officially" meant for the same device, we all know this. It'll work ok on two devices of same model, as long as you reset the MAC address of all physical interfaces. Doing this on two routers of different models is asking for trouble and is NOT recommended. You're better o...
by AlainCasault
Tue Jan 29, 2019 6:09 pm
Forum: Beginner Basics
Topic: Text based backup!!!cannot load [SOLVED]
Replies: 12
Views: 1184

Re: Text based backup!!!cannot load [SOLVED]

Hello, I'm assuming that you're rebooting AND loading the rev file at startup. I've found that if you add a 15 second delay at the top of the script file, it solves the case. Also: When transferring an export from one model to an other, it's good practice to edit the file (to remove unwanted configs...
by AlainCasault
Mon Jan 28, 2019 3:27 pm
Forum: Wireless Networking
Topic: Looking for a mikrotik router Model that supports DNAT
Replies: 8
Views: 1044

Re: Looking for a mikrotik router Model that supports DNAT

Hello

All MikroTik devices support dnat.

Cheers

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Jan 25, 2019 4:50 pm
Forum: Beginner Basics
Topic: How to use a simultaneous RBMetalG-52SHPacn
Replies: 1
Views: 367

Re: How to use a simultaneous RBMetalG-52SHPacn

Hello

That model only has one radio with the frequency software selectable.

When in doubt, always refer to the specs. https://mikrotik.com/product/RBMetalG-52SHPacn

Cheers,
by AlainCasault
Fri Jan 25, 2019 4:21 pm
Forum: General
Topic: Feature request: Make Quickset to be separate package
Replies: 29
Views: 6494

Re: Feature request: Make Quickset to be separate package

The solution he posted involved changing the skin in the web interface. It does not work in winbox.
Click on "Design Skin" and remove the checkmark in front of Quick Set, then save it as default.
Ah! OK, thanks,

Would have loved a WinBox solution also. Oh well. :)
by AlainCasault
Fri Jan 25, 2019 3:29 pm
Forum: General
Topic: Feature request: Make Quickset to be separate package
Replies: 29
Views: 6494

Re: Feature request: Make Quickset to be separate package

How do you imagine that would work? The home user needs QuickSet by default, he will not download and install it before he knows how RouterOS works. And removing QuickSet is already possible: Screenshot 2016-02-22 09.59.45.png Hello Normis, Could you please repost how to remove Qucikset? I'm affrai...
by AlainCasault
Fri Jan 25, 2019 2:36 pm
Forum: Beginner Basics
Topic: Block Password Error
Replies: 6
Views: 761

Re: Block Password Error

I would have added the last line near the top of the list, not at the bottom.
I'd also say to not bother with "dst-port=8291 protocol=tcp " on the drop filter. You got there, I'll block "everything" you do!

:)
by AlainCasault
Fri Jan 25, 2019 2:34 pm
Forum: Beginner Basics
Topic: Block Password Error
Replies: 6
Views: 761

Re: Block Password Error

Thanks Pegasus for that code. Very nice! I would suggest that if these attempts come from inside, contact the person behind the computer and have a talk with him/her. Remind him/her of company policies on hacking and the potential risks to his/her job. If it's home, block the kid's access for a day ...
by AlainCasault
Fri Jan 25, 2019 2:23 pm
Forum: General
Topic: Access VPN clients from LAN
Replies: 7
Views: 830

Re: Access VPN clients from LAN

I don't see much that could block return traffic (LAN to VPN). Do PCs on VPN have active firewall? I've seen that often where people would go head scratching because of that. I don't think masquerading VPN users helps much since the global masquerade filter will take care of that. I sugget filters t...
by AlainCasault
Fri Jan 25, 2019 2:03 pm
Forum: General
Topic: Access VPN clients from LAN
Replies: 7
Views: 830

Re: Access VPN clients from LAN

I saw that you created an IP POOL to assign ip addresses to your VPN clients. You don't need to since all your ppp secrets have an address defined. Keep the pool only if you create secrets that don't have a predefined address, but change the range so that assigned addresses don't clash with hard cod...
by AlainCasault
Fri Jan 25, 2019 2:21 am
Forum: General
Topic: Access VPN clients from LAN
Replies: 7
Views: 830

Re: Access VPN clients from LAN

Hmmm Your secrets specify IP addresses found the the IP Pool pptp-vpn. Just change the profile to NOT have an IP Pool since all your users have hardcoded IPs. Can LAN ping VPN and vice versa? comments /ip firewall filter add action=accept chain=input comment="Allow WinBox from MAIN LAN" dst-port=829...
by AlainCasault
Thu Jan 24, 2019 9:56 pm
Forum: General
Topic: Address list in allowed addresses
Replies: 6
Views: 767

Re: Address list in allowed addresses

TIP : If you don't see it in a pull-down menu after its creation, you can't use it. Address-list is in the firewall section, and is usable only for firewall configs. The idea is interesting though!! Cheers, In some cases I have allowed addresses in an address list, in those cases I have to write th...
by AlainCasault
Thu Jan 24, 2019 9:36 pm
Forum: Wireless Networking
Topic: Turn down Tx power
Replies: 20
Views: 2870

Re: Turn down Tx power

As you support older standards, you may have a negative effect on overall performance as Wi-Fi will enter protected mode to accomodate everybody. But wouldn't it only do that if a device tried to connect with b? So if there are no older devices trying to connect, wouldn't it just run normally, and ...
by AlainCasault
Thu Jan 24, 2019 9:10 pm
Forum: General
Topic: Access VPN clients from LAN
Replies: 7
Views: 830

Re: Access VPN clients from LAN

Hello,

show us output of "export /hide-sensitive".

Thank you
by AlainCasault
Thu Jan 24, 2019 8:56 pm
Forum: General
Topic: Address list in allowed addresses
Replies: 6
Views: 767

Re: Address list in allowed addresses

TIP: If you don't see it in a pull-down menu after its creation, you can't use it.

Address-list is in the firewall section, and is usable only for firewall configs. The idea is interesting though!!

Cheers,
by AlainCasault
Thu Jan 24, 2019 8:49 pm
Forum: Wireless Networking
Topic: Use computer as internet gateway
Replies: 5
Views: 634

Re: Use computer as internet gateway

Hello Vertigo220,

Does your model have a USB connector? If you connect your phone to it and tell the phone to share its connexion through USB, then a LTE interface will appear in the RB2011. Then you can use it as a real WAN port.

Cheers,
by AlainCasault
Thu Jan 24, 2019 5:25 pm
Forum: General
Topic: Ipcloud two Mikrotik
Replies: 9
Views: 1040

Re: Ipcloud two Mikrotik

It's more a question of having an open port to exploit, two in your case.

And with a VPN, you can have proper routing and all your tools will work as if at home (or at the office).
by AlainCasault
Thu Jan 24, 2019 5:15 pm
Forum: General
Topic: New connection but not SYN
Replies: 8
Views: 943

Re: New connection but not SYN

Hello, This is my ( very basic ) suggestion. It'll be your job to translate it to ROS ;) ==1== chain=intput in-interface=ether1 connection-state=established, related action=accept ==2== chain=forward in-interface=ether1 connection-state=established, related action=accept ==3== chain=intput in-interf...
by AlainCasault
Thu Jan 24, 2019 4:21 pm
Forum: General
Topic: RB 3011 Ethernet ping question [SOLVED]
Replies: 3
Views: 880

Re: RB 3011 Ethernet ping question [SOLVED]

Hello, Many things may cause this like large data transfers, CPU spikes (whatever the cause). Hard to tell from just a screen capture, but I wouldn't worry for a glitch like that. Thing is to know your network and what is normal for you. This is called baselining. If you expect (through regular veri...
by AlainCasault
Thu Jan 24, 2019 4:04 pm
Forum: Wireless Networking
Topic: Wireless connection issue: loop on the same AP
Replies: 3
Views: 684

Re: Wireless connection issue: loop on the same AP

Hello Michael, I think you answered your own question :) If I understand you: * Station has a connect-list entry to the SSID * Station is MikroTik device, since you use connect-list entries * AP1 does not have access-list entry for station * AP2 has access-list entry for station Since AP1 refuses "s...
by AlainCasault
Thu Jan 24, 2019 3:50 pm
Forum: Wireless Networking
Topic: Turn down Tx power
Replies: 20
Views: 2870

Re: Turn down Tx power

...
Also, when I reply in this forum, others will read it over time. So, I provide the most correct settings I know, not merely answering your exact question.
Great philosophy!! +1
by AlainCasault
Thu Jan 24, 2019 3:50 pm
Forum: Wireless Networking
Topic: Turn down Tx power
Replies: 20
Views: 2870

Re: Turn down Tx power

I know b is old, but unless it's a security issue, which I don't see why it would be, I don't really see the harm in leaving it for compatibility with older devices. That said, I highly doubt I would ever actually need it, and so I also don't see any harm in disabling it; I was just curious if ther...
by AlainCasault
Wed Jan 23, 2019 8:00 pm
Forum: Beginner Basics
Topic: how do I connect to my bridge?
Replies: 9
Views: 750

Re: how do I connect to my bridge?

But will MNDP work? That was his problem, the "not discovering routers"...
Not sure what MNDP stands for ... but Winbox displays routers and MAC Winbox connection works in Linux and wine if that is the question.
Mikrotik neighbor discovery protocol, like Cisco's CDP.

You answered. Thanks!!
by AlainCasault
Wed Jan 23, 2019 5:38 pm
Forum: General
Topic: 6.43.8 vulnerability or hack?
Replies: 31
Views: 9934

Re: 6.43.8 vulnerability or hack?

Side remark/question here: 1.) instead of netinstall (need to press that button, set IP on the computer), is a down grade and then an upgrade of ROS equivalent to netinstall and erases all internal memory safely? 2.) I assume once you have a clean router, if you use a "backup" taken on an infected ...
by AlainCasault
Wed Jan 23, 2019 5:33 pm
Forum: Wireless Networking
Topic: How to for a guest network that can't access the internal network
Replies: 22
Views: 2237

Re: How to for a guest network that can't access the internal network

Is there not a simple step by step guide that contains all the steps that is also compatible with the current OS? I cannot follow this with one step here, another step there, and some steps that are not compatible with my OS. Hello, The URL and examples shown by Baragoon will work. Yes, the URL has...
by AlainCasault
Wed Jan 23, 2019 5:26 pm
Forum: Beginner Basics
Topic: how do I connect to my bridge?
Replies: 9
Views: 750

Re: how do I connect to my bridge?

Yep, Linux. (and OSX/macos).

You can run winbox in both using wine.

But will MNDP work? That was his problem, the "not discovering routers"...
by AlainCasault
Wed Jan 23, 2019 4:40 pm
Forum: Beginner Basics
Topic: Blocking adult site
Replies: 4
Views: 1210

Re: Blocking adult site

Hello, It is complicated given everything is https now. But I built an Layer7 config using keywords like "porn", "xxx", etc. I use the layer 7 to block DNS requests containing those key words. But now that there are talks about secured DNS, even that will get complicated. Be aware that you should te...
by AlainCasault
Wed Jan 23, 2019 3:07 pm
Forum: General
Topic: CAPsMAN with virtual AP on VLAN - No connectivity
Replies: 10
Views: 1249

Re: CAPsMAN with virtual AP on VLAN - No connectivity

Hello MKX, Aaaah, the joy of offline discutions. Argh, it'd be so much easier "live". Oh well! So, I got it that lowercase=vlan interface (vlan101port) and UPPERCASE=bridge. But I'm still confused as to what you're saying (post #2) since if vlan101port (vlan interface) is assigned to a bridge, I sti...
by AlainCasault
Wed Jan 23, 2019 1:06 pm
Forum: General
Topic: CAPsMAN with virtual AP on VLAN - No connectivity
Replies: 10
Views: 1249

Re: CAPsMAN with virtual AP on VLAN - No connectivity

As a bonus, here's my (partial) working setup for CAPsMAN. /caps-man channel add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \ frequency=2412,2437,2462 name=channels-tous-n add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \ frequency=2412 name=cha...
by AlainCasault
Wed Jan 23, 2019 1:03 pm
Forum: General
Topic: CAPsMAN with virtual AP on VLAN - No connectivity
Replies: 10
Views: 1249

Re: CAPsMAN with virtual AP on VLAN - No connectivity

As VAPs are setup as tagged, all traffic artiving at bridge VLAN101 is tagged. For L3 configuration that's not acceptable, only untagged traffic is fine. And vlan interfaces do proper tagging/untagging: /interface vlan add name=vlan101port interface=VLAN101 and move IP configuration from VLAN101 to...
by AlainCasault
Wed Jan 23, 2019 3:26 am
Forum: Beginner Basics
Topic: how do I connect to my bridge?
Replies: 9
Views: 750

Re: how do I connect to my bridge?

Piece of advice: activate RoMON On all devices. You'll find your devices no matter what. It would have been better for you if you could have used WinBox.

Glad it worked for you :)

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Wed Jan 23, 2019 1:49 am
Forum: Beginner Basics
Topic: one port only internet, no lan [SOLVED]
Replies: 20
Views: 2540

Re: one port only internet, no lan [SOLVED]

Sounds like a guest port to me. Put it on a separate subnet and allow it access only to non private addresses (through the use of address lists to keep it clean and short).

But anav is correct, I may be out of context. Let me know.


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Wed Jan 23, 2019 1:45 am
Forum: Beginner Basics
Topic: how do I connect to my bridge?
Replies: 9
Views: 750

Re: how do I connect to my bridge?

Hello Normally, you should have an IP address (on hap) on the same subnet of the port the hap is connected to. Otherwise, you can't connect. Since you can't use winbox, I'm assuming you have a Linux box, yes? Create a bridge on the hap, slave Wi-Fi and ether ports to it, assign address to bridge, an...
by AlainCasault
Wed Jan 23, 2019 1:36 am
Forum: General
Topic: CAPsMAN with virtual AP on VLAN - No connectivity
Replies: 10
Views: 1249

Re: CAPsMAN with virtual AP on VLAN - No connectivity

As VAPs are setup as tagged, all traffic artiving at bridge VLAN101 is tagged. For L3 configuration that's not acceptable, only untagged traffic is fine. And vlan interfaces do proper tagging/untagging: /interface vlan add name=vlan101port interface=VLAN101 and move IP configuration from VLAN101 to...
by AlainCasault
Fri Jan 18, 2019 12:06 am
Forum: Announcements
Topic: Photos of towers and masts
Replies: 71
Views: 27359

Re: Photos of towers and masts

Inside rack :)
The grasshopper is only one hop away ;)

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Jan 18, 2019 12:03 am
Forum: General
Topic: The time and date refuses to be set properly
Replies: 5
Views: 581

Re: The time and date refuses to be set properly

Have you tried to disable IP CLOUD and set up SYSTEM CLOCK for the correct time zone?

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Thu Jan 17, 2019 10:57 pm
Forum: Beginner Basics
Topic: Can ping router, but cannot ping or connect to WAN
Replies: 31
Views: 3617

Re: Can ping router, but cannot ping or connect to WAN

What I dont see is on the /ip dhcp server-network, a typical reference to dns??? I do not remember what the IP dhcp client shows for normal config export. Good point! Checked options should be show on an export, although I'm not in front of my computer to validate. Even if dns allows remote request...
by AlainCasault
Thu Jan 17, 2019 10:53 pm
Forum: Beginner Basics
Topic: Can ping router, but cannot ping or connect to WAN
Replies: 31
Views: 3617

Re: Can ping router, but cannot ping or connect to WAN

I think it has to do with your dhcp client. It's not creating a default route. What make you think that? I've a hAP lite running DHCP client on WAN and config as shown in export is exactly the same as in OP. It does create dynamic route entries, shown only using print command. You were talking abou...
by AlainCasault
Thu Jan 17, 2019 8:07 pm
Forum: Beginner Basics
Topic: Can ping router, but cannot ping or connect to WAN
Replies: 31
Views: 3617

Re: Can ping router, but cannot ping or connect to WAN

I think it has to do with your dhcp client. It's not creating a default route.

Cheers,

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Thu Jan 17, 2019 8:02 pm
Forum: Beginner Basics
Topic: How to shut down Router before Power Off?
Replies: 19
Views: 7782

Re: How to shut down Router before Power Off?

Hello, Excuse my ignorance, but why would we want to shutdown the router at the end of the day? It's Linux based, not Windows :D Kidding aside, maybe you're dealing with an issue I don't know about... Please let me know. If one wants to clear memory (???), then perhaps you could simply schedule a re...
by AlainCasault
Thu Jan 17, 2019 11:59 am
Forum: Wireless Networking
Topic: How to for a guest network that can't access the internal network
Replies: 22
Views: 2237

Re: How to for a guest network that can't access the internal network

Ya, since the names can be changed, it can be confusing. Use wlan1 or 2.

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Wed Jan 16, 2019 8:15 pm
Forum: General
Topic: Which Router should i buy for a small web hosting company?
Replies: 6
Views: 878

Re: Which Router should i buy for a small web hosting company?


Finally, my mother told me never to trust a man driving in a red car sporting a beard. ;-)
LOL!!!!!

Joking aside, you're right on the money.


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Wed Jan 16, 2019 3:18 pm
Forum: Wireless Networking
Topic: How to for a guest network that can't access the internal network
Replies: 22
Views: 2237

Re: How to for a guest network that can't access the internal network

Is there not a simple step by step guide that contains all the steps that is also compatible with the current OS? I cannot follow this with one step here, another step there, and some steps that are not compatible with my OS. Hello, The URL and examples shown by Baragoon will work. Yes, the URL has...
by AlainCasault
Mon Jan 14, 2019 4:53 pm
Forum: General
Topic: SSH WAN port first time
Replies: 3
Views: 570

Re: SSH WAN port first time

Hello,

This may seem obvious but make sure you don't leave ssh open too long and that your router is at the latest os.

For extra protection (sounds like a condom ad), allow ssh only from a specific IP address.

Cheers,



Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Jan 11, 2019 9:31 pm
Forum: General
Topic: DHCP Setup on two ports
Replies: 7
Views: 897

Re: DHCP Setup on two ports

My comment was purely on form and manner, if it wasn't obvious enough...

Next time, report my post and let a real moderator tell me what to do.
by AlainCasault
Fri Jan 11, 2019 6:23 pm
Forum: General
Topic: DHCP Setup on two ports
Replies: 7
Views: 897

Re: DHCP Setup on two ports

Well, you are rude and you're not very understanding. If you read the original question: request is to setup two different dhcp server configuraiton for two ports which are seemingly in same bridge configuration. What's so hard to understand? If you're not willing to help, then don't bother others ...
by AlainCasault
Fri Jan 11, 2019 5:57 pm
Forum: General
Topic: DHCP Setup on two ports
Replies: 7
Views: 897

Re: DHCP Setup on two ports

Its not possible to add the dhcp server on a bridged interface because those ports are logically connected like on a switch. That means the dhcp service on slave interface (ether6) would also listen on slave interface (ether7). That results into the problem that the service cannot distinguish from ...
by AlainCasault
Thu Jan 10, 2019 8:30 pm
Forum: Wireless Networking
Topic: Backhaul speeds - N only / AC only or mixed mode
Replies: 3
Views: 852

Re: Backhaul speeds - N only / AC only or mixed mode

Hello, I didn't think that mixed mode will do anything with rain fade. It will help you support older clients, which I did not want (for me). If I read you properly, it's your infrastructure. I'd go Greenfield, meaning pure N and pure AC. Yes, mixed mode allows older clients to connect but it also s...
by AlainCasault
Thu Jan 10, 2019 7:34 pm
Forum: General
Topic: DHCP Setup on two ports
Replies: 7
Views: 897

Re: DHCP Setup on two ports

Hello, I'm afraid your question is all over the place. Dhcp, traffic flow... I'll answer the dhcp question: assign your dhcp server to the bridge hosting the two ports. As the router is saying, you can't assign the server to a port inside a bridge. Cheers, Sent from my cell phone. Sorry for the erro...
by AlainCasault
Wed Dec 19, 2018 5:07 pm
Forum: Beginner Basics
Topic: Router doesn't show in Winbox "Neighbors" list [SOLVED]
Replies: 5
Views: 3804

Re: Router doesn't show in Winbox "Neighbors" list [SOLVED]

Hello Olaf, I haven't seen the WAN LAN naming convention that you mention. I personally would not like it as I find it very confusing to make a quick corelation between WAN and etherX. Many of my students do that (rename interfaces). Instead, I encourage them to use comments. There are no ports labe...
by AlainCasault
Tue Dec 18, 2018 6:06 pm
Forum: General
Topic: NETINSTALL: bind tftp general failed
Replies: 3
Views: 1937

Re: NETINSTALL: bind tftp general failed

I ran into the same issue last year Alain caused by a conflict with the same TFTP server and it took me a while to figure it out. Felt silly afterwards. I think it happens to everyone from time to time.
;)

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Tue Dec 18, 2018 6:21 am
Forum: General
Topic: NETINSTALL: bind tftp general failed
Replies: 3
Views: 1937

Re: NETINSTALL: bind tftp general failed

I forgot,

Run netstat -abno (as admin) to see what process or application uses which ports / protocols.

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Tue Dec 18, 2018 2:52 am
Forum: General
Topic: NETINSTALL: bind tftp general failed
Replies: 3
Views: 1937

NETINSTALL: bind tftp general failed

Hello all, ====General FYI==== I got this error that says: Bind tftp general failed: One occurence of each port / address allowed (10048) when I was using Netinstall. I realy needed it as my client's router got hacked. I checked the forum posts, to no avail. You know what nerves will do when tired a...
by AlainCasault
Thu Dec 13, 2018 6:12 pm
Forum: General
Topic: Which types of ports would you like to see for a high speed router
Replies: 172
Views: 33360

Re: Which types of ports would you like to see for a high speed router

Given that there are switch chips and encryption chip, how about other types of specialized ASICs to further offload the cpu and give the boxes better performance. A firewall chip perhaps?? Sent from my cell phone. Sorry for the errors. Switch chips typically have ACL capabilities built-in. Limited...
by AlainCasault
Thu Dec 13, 2018 3:12 pm
Forum: General
Topic: Which types of ports would you like to see for a high speed router
Replies: 172
Views: 33360

Re: Which types of ports would you like to see for a high speed router

Given that there are switch chips and encryption chip, how about other types of specialized ASICs to further offload the cpu and give the boxes better performance.

A firewall chip perhaps??


Sent from my cell phone. Sorry for the errors.

by AlainCasault
Sat Dec 01, 2018 6:54 pm
Forum: Wireless Networking
Topic: Why Mikrotik isn't improving its wireless like Ubiquiti and Cambium?
Replies: 5
Views: 1255

Re: Why Mikrotik isn't improving its wireless like Ubiquiti and Cambium?

I would say the outdoor stuff is much more expensive to design test and certify???? Not sure about certification. Each device has to be tested under it's model number/name, even if they all use the same chip set. Wouldn't make much sense to try to save money there. Maybe design and testing is a dif...
by AlainCasault
Sat Dec 01, 2018 4:25 am
Forum: General
Topic: Address Lists in Firewal rules
Replies: 16
Views: 1707

Re: Address Lists in Firewal rules

I agree with Anav. Order SHOULD be irrelevent. "Grad that address list and use it to check for a match".

I couldn't care less about order. Imagine the hassle of redoing the entire list if there's an order issue?? Hope you guys are good with Excel and sorting :D

Major bug if it's the case.
by AlainCasault
Fri Nov 30, 2018 4:14 pm
Forum: General
Topic: Block VPN access to VLAN
Replies: 11
Views: 1088

Re: Block VPN access to VLAN

Hello,

Layer 3 VPNs can be filtered easy enough with regular filters. Just intercept forward traffic between both subnets and voilà!

A good example is L2TP over IPSec.

Regards

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Nov 30, 2018 4:08 pm
Forum: General
Topic: Address Lists in Firewal rules
Replies: 16
Views: 1707

Re: Address Lists in Firewal rules

Edit; firewall lists work great, so no, no problems there and your understanding is good.

Sent from my cell phone. Sorry for the errors.

by AlainCasault
Fri Nov 30, 2018 4:07 pm
Forum: General
Topic: Address Lists in Firewal rules
Replies: 16
Views: 1707

Re: Address Lists in Firewal rules

Hello, If it works for one, it should work for all, unless you forgot to add an address in your list, which you would have spotted fast enough. A common problem that I see often in my classes is computer's personal firewall. Disable it and redo your tests. Make sure also that you have a rule that al...
by AlainCasault
Thu Nov 29, 2018 2:58 pm
Forum: General
Topic: Backup/ Restore issue and duplicating Ethernet MAC address [SOLVED]
Replies: 4
Views: 2181

Re: Backup/ Restore issue and duplicating Ethernet MAC address [SOLVED]

Those functions are not in the menu, that is true. Just open a CLI window and: /export file=filename As I suggested before, edit your file before importing it to the new router. You could, technically, restore a binary backup to the new router (if same model), but you'd need to go through ALL physic...
by AlainCasault
Sat Nov 24, 2018 6:31 pm
Forum: Beginner Basics
Topic: 2 PPPOE Connections to be Active Simultaneously
Replies: 17
Views: 1537

Re: 2 PPPOE Connections to be Active Simultaneously

Hello Anav, I think the idea behind the "elephant" expression was just that it's human nature to get easily discouraged when faced with a big task. But, if we approach it in a step-by-step manner, nothing is insurmountable. I understand that the "ant" expression is meant to secure people when faced ...
by AlainCasault
Fri Nov 23, 2018 1:09 pm
Forum: Beginner Basics
Topic: 2 PPPOE Connections to be Active Simultaneously
Replies: 17
Views: 1537

Re: 2 PPPOE Connections to be Active Simultaneously

Like my MikroTik trainer once said: "How do you eat an elephant? One bite at a time." Doing something complicated remotely is not recommended practice. Go local if you can. I would establish one link and make sure it's stable. Work from there after. The first thing you absolutely need to learn and p...
by AlainCasault
Thu Nov 22, 2018 7:23 pm
Forum: Beginner Basics
Topic: 2 PPPOE Connections to be Active Simultaneously
Replies: 17
Views: 1537

Re: 2 PPPOE Connections to be Active Simultaneously

Alain has a lots of designations so he must be on the right track!! ;-)
Me blushing :D
by AlainCasault
Thu Nov 22, 2018 6:22 pm
Forum: Beginner Basics
Topic: client connect to wifi in other room - why [SOLVED]
Replies: 9
Views: 1360

Re: client connect to wifi in other room - why [SOLVED]

Quick suggestions: Band: Use only 11n unless you have old clients to support. Channel width: Use only 20MHz. Period! 40MHz in 2,4GHz is very bad practice!!! Will cause interference. Frequency: Make sure that 2412 is free (or not too busy)... Always stay with 1,6,11 for channels (non overlaping). WPS...
by AlainCasault
Thu Nov 22, 2018 5:08 pm
Forum: Beginner Basics
Topic: 2 PPPOE Connections to be Active Simultaneously
Replies: 17
Views: 1537

Re: 2 PPPOE Connections to be Active Simultaneously

Hello Duke, Quick answer: Yes, it can be done. Longer answer: It'll depend on what traffic needs to go where. You could manually create a static route while you tell the pppoe clients not to add a default route. The (2) gateway field values (yes, you'll add a 2nd) of that static route would be the I...
by AlainCasault
Thu Nov 22, 2018 3:48 pm
Forum: Beginner Basics
Topic: 2 PPPOE Connections to be Active Simultaneously
Replies: 17
Views: 1537

Re: 2 PPPOE Connections to be Active Simultaneously

Hello Duke I don't see why the second pppoe should go down when the first is up. Are your isp's two separate providers? The only thing I see from your description is the distance value. I'm assuming you're taking about the distance parameter in dhcp-client (or routing in general). If so, it's normal...
by AlainCasault
Thu Nov 22, 2018 3:41 pm
Forum: Beginner Basics
Topic: client connect to wifi in other room - why [SOLVED]
Replies: 9
Views: 1360

Re: client connect to wifi in other room - why [SOLVED]

You haven't said anything about your parameters. Are tx power and antenna gain properly setup? A quick and dirty trick is to close and restart Wi-Fi on your laptop once in your room. If your laptop has a tendency to be a sticky client, this usually solves the issue. As mentioned above, roaming is a ...
by AlainCasault
Wed Nov 21, 2018 4:12 pm
Forum: Beginner Basics
Topic: client connect to wifi in other room - why [SOLVED]
Replies: 9
Views: 1360

Re: client connect to wifi in other room - why [SOLVED]

Hello, CAPsMAN should handle this for you. Otherwise you can always set a rule in the connection list to deny a certain signal strength from connecting to the AP. You can find this under Wireless > Connect List (Winbox) or /interface wireless connect-list Hello Do not use connect list. This is to t...
by AlainCasault
Wed Nov 21, 2018 4:08 am
Forum: Beginner Basics
Topic: DHCP showing Red
Replies: 9
Views: 4318

Re: DHCP showing Red

Hello

A DHCP server is red if it's assigned to a slaved interface (I.e. ether port under a bridge) but it doesn't look like it.

I'll Go with Anav's idea: I'm seeing the bridge and ether5 in the same interface list; not sure...

Envoyé de mon LG-H873 en utilisant Tapatalk

by AlainCasault
Wed Nov 14, 2018 7:21 pm
Forum: General
Topic: Static IP on single interface which is member of a bridge
Replies: 3
Views: 661

Re: Static IP on single interface which is member of a bridge

Hello

You can't assign an address to a slaved port.

You'll have to review your design.

Cheers,


Sent from Tapatalk

by AlainCasault
Wed Nov 14, 2018 2:59 pm
Forum: General
Topic: secure winbox port access only by wan ip
Replies: 16
Views: 3165

Re: secure winbox port access only by wan ip

Winbox is to control the router and the router setup. It should not be done via WAN connection (direct), it should be done with a VPN or at the very minimum the Port Knocking technique. Theese are okay if you are using just a few mikrotiks. But when you get plenty of them in different places around...
by AlainCasault
Sat Nov 10, 2018 11:20 pm
Forum: General
Topic: secure winbox port access only by wan ip
Replies: 16
Views: 3165

Re: secure winbox port access only by wan ip

To begin with, remove the value entered with "/ip services set winbox address=X.X.X.X/Y". That's just plain bad! Even if you're coming in from other offices, don't see it as coming in through the WAN port. You're coming in through a point-to-point link (L2TP/IPSEC, which is great) from an other LAN ...
by AlainCasault
Sat Nov 10, 2018 8:36 pm
Forum: General
Topic: secure winbox port access only by wan ip
Replies: 16
Views: 3165

Re: secure winbox port access only by wan ip

Hello,

Do you realize that by giving your public IP address, you basically invited everybody to test your security?

Make sure you have a strong firewall and have secured your router.

Best regards,


Sent from Tapatalk

by AlainCasault
Fri Nov 09, 2018 4:50 am
Forum: Beginner Basics
Topic: The winbox is hard to use
Replies: 12
Views: 1766

Re: The winbox is hard to use

Hi guys, i want to know how do you use winbox, because i think it's really hard to use. For example: 1.can't move the sub window out of the main window. 2.can't minimal the sub window. So when opening many sub windows, it's hard to find the window which you want. Anyone else has good idea to operat...
by AlainCasault
Sat Nov 03, 2018 2:57 pm
Forum: General
Topic: rules order in raw firewall change
Replies: 11
Views: 1158

Re: rules order in raw firewall change

they should not yes, but i have this issue and also they will be upper of dynamic rules in raw tab
Are you sure they aren't just sorted?
Agreed. I do that sometime by mistake. Just click on the sequencial numbers column and it should be ok.


Sent from Tapatalk

by AlainCasault
Thu Nov 01, 2018 10:55 pm
Forum: General
Topic: Two subnets, one mine one foreign
Replies: 5
Views: 793

Re: Two subnets, one mine one foreign

Hello Mareka, Ya, I think I get you. In this case, create TWO bridges and have 2 EOIP tunnels, one inside each bridge. You don't even have to have IP addresses on your MTK. Well, maybe one for management. Use 0.0/24 if this is your network. So, in general (this in an example only. adapt it to your n...
by AlainCasault
Thu Nov 01, 2018 7:37 pm
Forum: General
Topic: Two subnets, one mine one foreign
Replies: 5
Views: 793

Re: Two subnets, one mine one foreign

Hello, No offence but your setup is... Special. One layer 2 network, remote DHCP, two addresses per computer, no GW for 80.0/24, DHCP assigned address to the bridge and one manually... You're probably having issues with your computers as well as with your mk setup. I know you said that the reason is...
by AlainCasault
Wed Oct 31, 2018 12:50 pm
Forum: Scripting
Topic: Netwatch WAN failover with dynamic gateway [SOLVED]
Replies: 6
Views: 4589

Re: Netwatch WAN failover with dynamic gateway [SOLVED]

Well, this sucks. How can you have something solid when your provider changes stuff. It's the first time I hear about a setup like that. I wanted to suggest this : https://alaincasault.com/ca/posts But that setup won't do it either since the default gateway will change on you. Use my idea of renewi...
by AlainCasault
Tue Oct 30, 2018 4:30 pm
Forum: General
Topic: admin user accidentaly deleted
Replies: 4
Views: 819

Re: admin user accidentaly deleted

As I said, can't be done without another full admin.


Sent from Tapatalk

by AlainCasault
Mon Oct 29, 2018 4:11 am
Forum: General
Topic: admin user accidentaly deleted
Replies: 4
Views: 819

Re: admin user accidentaly deleted

Hello

Thing is, you can't delete admin unless you already have an account with full rights. Just recreate admin, give it a password and it's over :)

Regards,

Sent from my tablet with Tapatalk. Sorry for my typos.

by AlainCasault
Sun Oct 28, 2018 11:55 pm
Forum: General
Topic: Winbox layout
Replies: 3
Views: 703

Re: Winbox layout

Hello,

GUI editing is available only for webfig, although this would be great for winbox.

Regards,

Sent from Tapatalk

by AlainCasault
Sun Oct 28, 2018 8:06 pm
Forum: General
Topic: RB962UiGS-5HacT2HnT upgrade not working
Replies: 4
Views: 957

Re: RB962UiGS-5HacT2HnT upgrade not working

Hy

Doing know why, but have you tried netinstall to recover the router?

Sent from Tapatalk

by AlainCasault
Fri Oct 26, 2018 3:25 am
Forum: Scripting
Topic: Netwatch WAN failover with dynamic gateway [SOLVED]
Replies: 6
Views: 4589

Re: Netwatch WAN failover with dynamic gateway [SOLVED]

Well, this sucks. How can you have something solid when your provider changes stuff. It's the first time I hear about a setup like that. I wanted to suggest this : https://alaincasault.com/ca/posts But that setup won't do it either since the default gateway will change on you. Use my idea of renewin...
by AlainCasault
Thu Oct 25, 2018 8:25 pm
Forum: Scripting
Topic: Netwatch WAN failover with dynamic gateway [SOLVED]
Replies: 6
Views: 4589

Re: Netwatch WAN failover with dynamic gateway [SOLVED]

Hello

I guess you could script a dhcp client renewal and schedule it every so often, frequency is up to you.

I'm not a scripting expert, so I won't suggest one ;) but I'm pretty sure it would be ok.

Regards,


Sent from Tapatalk

by AlainCasault
Thu Oct 25, 2018 4:31 pm
Forum: General
Topic: firewall [SOLVED]
Replies: 5
Views: 1082

Re: firewall [SOLVED]

Also!!

Assume your router is hacked. Netinstall it to be safe.

The netinstall procedure will format everything and you'll start clean.

Sent from Tapatalk

by AlainCasault
Thu Oct 25, 2018 4:28 pm
Forum: General
Topic: firewall [SOLVED]
Replies: 5
Views: 1082

Re: firewall [SOLVED]

Hello Most definitely! As off now, anybody can telnet/ssh/winbox into your router. Your current rule only prevents traffic going into your lan. I suggest you take the default config of a basic RB model and study it. The firewall is fairly basic and offers real protection. Best regards, Sent from Tap...
by AlainCasault
Wed Oct 24, 2018 5:08 pm
Forum: Wireless Networking
Topic: Connect 2 locations 80m apart with obstacles
Replies: 6
Views: 1379

Re: Connect 2 locations 80m apart with obstacles

Hello

You can try if you want, but I'm sure you will get serious signal loss.

All that you mentioned have serious effect on RF and wals might include some metal studs that'll make it worst.

Regards,

Sent from my tablet with Tapatalk. Sorry for my typos.

by AlainCasault
Wed Oct 24, 2018 3:09 pm
Forum: General
Topic: firewall [SOLVED]
Replies: 5
Views: 1082

Re: firewall [SOLVED]

Hello,

No rules? Your router is an open bar for hackers. Why do you do that?

Forget everything, netinstall and start over.

Sent from my tablet with Tapatalk. Sorry for my typos.

by AlainCasault
Wed Oct 24, 2018 2:19 pm
Forum: Beginner Basics
Topic: Windows Firewall and Sub-Network question
Replies: 6
Views: 1128

Re: Windows Firewall and Sub-Network question

Hello,

By default, all devices in the same router can communicate with each other if you don't have firewall rules blocking anything.

You answered you own question. It works when you disable the Windows firewall. I don't see what else you need??

Regards,


Sent from Tapatalk

by AlainCasault
Tue Oct 23, 2018 6:09 am
Forum: General
Topic: 31 subnet - Not finding an answer to default gateway.
Replies: 17
Views: 3954

Re: 31 subnet - Not finding an answer to default gateway.

I also read that it wasn't supported, but I also read multiple times, that it can be made to work with an IP of /32, but this hasn't worked for me either. Tom Hello, I've read somewhere (forum, wiki???) that MikroTik does not support /31 :( Try a few searches on the forum to validate this. Regards,...
by AlainCasault
Tue Oct 23, 2018 2:00 am
Forum: General
Topic: 31 subnet - Not finding an answer to default gateway.
Replies: 17
Views: 3954

Re: 31 subnet - Not finding an answer to default gateway.

Hello,

I've read somewhere (forum, wiki???) that MikroTik does not support /31 :(

Try a few searches on the forum to validate this.

Regards,

Sent from Tapatalk

by AlainCasault
Fri Oct 19, 2018 5:38 pm
Forum: General
Topic: Mejor opcion de MIKROTIK para 3000 abonados
Replies: 7
Views: 1470

Re: Mejor opcion de MIKROTIK para 3000 abonados

We accept other language only on case the other the English translation is in the post simultaneously. This is just only English forum. If someone cannot speak English enough, he would be welcomed on any other mikrotik related forum that accepts his language. Unfortunately he will not be able to se...
by AlainCasault
Tue Oct 16, 2018 9:42 pm
Forum: Beginner Basics
Topic: which is faster a many entries in the firewall or one with ip list
Replies: 2
Views: 505

Re: which is faster a many entries in the firewall or one with ip list

Hello,

It's better on CPU to have one fw filter using an address list.

Cheers,


Sent from Tapatalk

by AlainCasault
Fri Oct 12, 2018 3:21 pm
Forum: General
Topic: Can't change username on ROS 6.43 [SOLVED]
Replies: 21
Views: 5472

Re: Can't change username on ROS 6.43 [SOLVED]

Thanks guys! I want to create a HotSpot and need to be sure that system will be "Hacker resistant" ( sure i know that if some one really want to hack a system it will be done...) I have already blocked all pings from Hotspot network at firewall filter and so on ... I like your choice of word, "resi...
by AlainCasault
Fri Oct 12, 2018 3:17 pm
Forum: Beginner Basics
Topic: Routing between subnets without bridge
Replies: 5
Views: 987

Re: Routing between subnets without bridge

Oh, by the way, when asked for your config, you should do:

Export hide-sensitive file=nameoffile

Regards,


Sent from Tapatalk

by AlainCasault
Fri Oct 12, 2018 3:15 pm
Forum: Beginner Basics
Topic: Routing between subnets without bridge
Replies: 5
Views: 987

Re: Routing between subnets without bridge

There's no need to put wlan1 in a bridge as it is a standalone interface. @OP, remove wlan1 from bridge. Like I said, I've seen bizarre results when stuff was disabled rather than deleted (may not be the case here but just in case). Otherwise, the print results look good. Also, if you have master-sl...
by AlainCasault
Thu Oct 11, 2018 10:01 pm
Forum: Beginner Basics
Topic: Routing between subnets without bridge
Replies: 5
Views: 987

Re: Routing between subnets without bridge

Hello, You should export your config. It would be easier. I'm guessing here, so... Make sure wlan1 is deleted from the bridge, not just disabled. I've seen weird results with stuff being disabled. Make sure wlan1 had an ip address from a distinct subnet Create a dhcp-server assigned to wlan1 Test Wi...
by AlainCasault
Thu Oct 11, 2018 9:49 pm
Forum: General
Topic: Can't change username on ROS 6.43 [SOLVED]
Replies: 21
Views: 5472

Re: Can't change username on ROS 6.43 [SOLVED]

@man: You can always create completely new user and disable/delete original "admin".
+1

I agree. Deleting "admin", even if it has a pwd from hell is that much more secure.


Sent from Tapatalk

by AlainCasault
Tue Oct 09, 2018 5:29 am
Forum: General
Topic: my router is under attack
Replies: 11
Views: 2575

Re: my router is under attack

Dude, that's what I suggested a week ago.

Regards,


Sent from Tapatalk

by AlainCasault
Sun Oct 07, 2018 2:45 pm
Forum: General
Topic: Unable to get full gigabit speed on RB750Gr3
Replies: 33
Views: 8404

Re: Unable to get full gigabit speed on RB750Gr3

I would agree with R1CH here. I just tested mine with a 120Mbps link and my CPU can peak up to 35%, although my firewall is a bit more elaborate, but I have minimal bridges. If you compare the hEX with a RB3011, the 3011 his about 2x more powerful while the RB4011 is roughly 7x more powerful (than t...
by AlainCasault
Sat Oct 06, 2018 7:25 pm
Forum: General
Topic: Unable to get full gigabit speed on RB750Gr3
Replies: 33
Views: 8404

Re: Unable to get full gigabit speed on RB750Gr3

Hello,

Based on your setup, you may get less than gig. If you look at the gr3 specs, you'll see that with filters and bridges, throughput goes down depending on packet size.

Regards

Sent from Tapatalk

by AlainCasault
Fri Oct 05, 2018 1:14 am
Forum: General
Topic: upgrade to stable [solved]
Replies: 3
Views: 633

Re: upgrade to stable

Hello,

You can upgrade directly to a stable version. Of you want to downgrade, drag and drop the files, and while in system packages, click on Downgrade.

I wouldn't downgrade unless you have a specific reason. Just go to the latest stable version.

Cheers,


Sent from Tapatalk

by AlainCasault
Tue Oct 02, 2018 8:01 pm
Forum: General
Topic: I think my routerboard has been compromised
Replies: 5
Views: 727

Re: I think my routerboard has been compromised

Try also disabling the firewall. Damned thing always puts students in hot water during labs ;)

Sent from Tapatalk

by AlainCasault
Tue Oct 02, 2018 4:03 pm
Forum: General
Topic: I think my routerboard has been compromised
Replies: 5
Views: 727

Re: I think my routerboard has been compromised

Hello,

Netinstall can be difficult some times. Have you disabled the unused network interfaces on your computer before starting netinstall?

It might help.

Regards,


Sent from Tapatalk

by AlainCasault
Tue Oct 02, 2018 3:54 pm
Forum: General
Topic: Btest on Windows - what to use instead ?
Replies: 1
Views: 475

Re: Btest on Windows - what to use instead ?

Hello, I use iperf between devices for a better performance measure. I've long since stopped using anything that requires interacting with a router since it adds an extra load on the CPU and affects the results. I let routers route and leave the testing to computers. With the Windows (as well as Lin...
by AlainCasault
Mon Oct 01, 2018 3:28 am
Forum: Beginner Basics
Topic: router without gateway to internet
Replies: 4
Views: 729

Re: router without gateway to internet

Hello, I think you are over-thinking this. First, why the computer in the middle? Connect to router to wireless and be done with it. If required, buy a router with a wireless interface. The computer is just an extra point of failure. If the wired part is only for internal stuff, add firewall rules t...
by AlainCasault
Mon Oct 01, 2018 3:14 am
Forum: General
Topic: my router is under attack
Replies: 11
Views: 2575

Re: my router is under attack

Netinstall an upgrade and restart from scratch :(

Sent from Tapatalk

by AlainCasault
Mon Oct 01, 2018 3:12 am
Forum: General
Topic: Infected 6.38.5 Clients Upgrade fails to load
Replies: 7
Views: 936

Re: Infected 6.38.5 Clients Upgrade fails to load

I guess your search was too precise. Had you tried "MikroTik infected" , you would have gotten much more.

Regards,


Sent from Tapatalk

by AlainCasault
Sun Sep 30, 2018 5:44 pm
Forum: General
Topic: Infected 6.38.5 Clients Upgrade fails to load
Replies: 7
Views: 936

Re: Infected 6.38.5 Clients Upgrade fails to load

Hello,

At any rate, problems regarding infected routers have been discussed many times.

Please netinstall, change the detault admin account to something else and change the password.

Validate also that you have proper firewall filters.

Regards,

Sent from Tapatalk

by AlainCasault
Fri Sep 28, 2018 4:02 pm
Forum: Beginner Basics
Topic: DHCP Subnetmask /32
Replies: 6
Views: 1296

Re: DHCP Subnetmask /32

@AlainCasault: Yes, but in this case you never learn how things works… ;)
Wrong. You can still examine and change anything later. Only instead of finding all dead ends, you have good working starting point.

+1
by AlainCasault
Thu Sep 27, 2018 9:52 pm
Forum: Beginner Basics
Topic: Can't connect to Mikrotik from outside
Replies: 9
Views: 3681

Re: Can't connect to Mikrotik from outside

Just one comment.

Make sure you know what you're doing before doing that.

You might (will) be in a word of pain opening winbox to the internet.

Regards,


Sent from Tapatalk

by AlainCasault
Thu Sep 27, 2018 9:49 pm
Forum: Beginner Basics
Topic: DHCP Subnetmask /32
Replies: 6
Views: 1296

Re: DHCP Subnetmask /32

Which is why I always tell my students to use the DHCP-SETUP button instead of doing it manually. Too error prone.

Regards

Sent from Tapatalk

by AlainCasault
Thu Sep 27, 2018 9:46 pm
Forum: General
Topic: my router is under attack
Replies: 11
Views: 2575

Re: my router is under attack

I agree with Jotne and would go one step further. If you must access remotely, I hope it's always from the same place!! If not, you're asking for trouble ;) If so, modify the firewall rule so as to accept tenet / ssh from the ip of the place you're accessing the router from. If the router from where...
by AlainCasault
Wed Sep 26, 2018 8:48 pm
Forum: RouterBOARD hardware
Topic: Hardware offload on sfp port in hEX S mmips
Replies: 11
Views: 2192

Re: Hardware offload on sfp port in hEX S mmips

Hello

Please be aware that this is a user forum. If you want to address MikroTik, I would suggest you write support@mikrotik.com

Regards,


Sent from Tapatalk

by AlainCasault
Wed Sep 26, 2018 3:55 pm
Forum: Wireless Networking
Topic: Is “Wap” support mesh?
Replies: 1
Views: 541

Re: Is “Wap” support mesh?

Hello,

Yes. Mesh is a config that is not hardware specific. You can do it in all Wi-Fi models.

Regards,


Sent from Tapatalk

by AlainCasault
Tue Sep 25, 2018 9:54 pm
Forum: General
Topic: Problem update RB2011
Replies: 4
Views: 749

Re: Problem update RB2011

Weird...

Maybe a good backup / export, then netinstall.

Nothing out of the ordinary in your config, like scripts you never did?


Sent from Tapatalk

by AlainCasault
Tue Sep 25, 2018 4:59 pm
Forum: General
Topic: Problem update RB2011
Replies: 4
Views: 749

Re: Problem update RB2011

Hello Maybe you did but have you tried removing the extra packages instead of just disabling them? Are you using the packages of the right architecture for the upgrade? Usually, when upgrade fails, it's because you're using the wrong files or an older version. Are there messages in log after reboot?...
by AlainCasault
Mon Sep 24, 2018 3:38 pm
Forum: General
Topic: Bridge problems.
Replies: 4
Views: 639

Re: Bridge problems.

Hello

You should never put an address on a slave interface, like ether1 in your case.

If you're using static routing, then the suggestion of adding a default route might be good to try.

Regards,

Sent from my tablet with Tapatalk. Sorry for my typos.

by AlainCasault
Mon Sep 24, 2018 3:09 pm
Forum: Beginner Basics
Topic: Setting internet bandwidth limitation on CRS125-24G-1S-RM
Replies: 4
Views: 626

Re: Setting internet bandwidth limitation on CRS125-24G-1S-RM

Hello

Take a look at simple queues.

They are... Simple... To setup ;)

Regards,

Sent from my tablet with Tapatalk. Sorry for my typos.

by AlainCasault
Mon Sep 24, 2018 3:05 pm
Forum: General
Topic: RB 450G - Trunk For PC
Replies: 1
Views: 343

Re: RB 450G - Trunk For PC

Hello Your question seems like a server issue more than a router issue. If you only have one gateway on the server then the subnets in the server without the gateway will never properly send replies. Why do you need three addresses? Just use one and let the router do its job. Trunking won't do more ...
by AlainCasault
Mon Sep 24, 2018 3:04 am
Forum: Beginner Basics
Topic: 2 Networks on 1 interface
Replies: 4
Views: 768

Re: 2 Networks on 1 interface

Good day, I have a newbie question. I have a RB750. How can i access our Local Area Webpage (192.168.1.119)? 0 A S 0.0.0.0/0 192.168.1.1 1 1 S 0.0.0.0/0 192.168.254.254 1 2 A S 0.0.0.0/0 192.168.1.1 1 3 S 0.0.0.0/0 192.168.254.254 2 4 ADC 192.168.1.0/24 192.168.1.2 ether1 0 5 S 192.168.1.0/24 192.1...
by AlainCasault
Mon Sep 24, 2018 3:00 am
Forum: Beginner Basics
Topic: 2 Networks on 1 interface
Replies: 4
Views: 768

Re: 2 Networks on 1 interface

salut, j'ai un petit soucis comment faire un simple queu avec les limites pour un debutant Hello, This forum is meant to be English only. You'll get warned if you don't respect this rule (j'en sais quelque chose!). Also, your question is totally off topic. Start a new post. Thanks Sent from Tapatalk
by AlainCasault
Sun Sep 23, 2018 9:18 pm
Forum: Beginner Basics
Topic: CAPsMAN Access List Question [SOLVED]
Replies: 4
Views: 959

Re: CAPsMAN Access List Question [SOLVED]

Forgot,

Mac address field left blank.

Sent from Tapatalk

by AlainCasault
Sun Sep 23, 2018 9:17 pm
Forum: Beginner Basics
Topic: CAPsMAN Access List Question [SOLVED]
Replies: 4
Views: 959

Re: CAPsMAN Access List Question [SOLVED]

Hello

Your last access list entry should have the action of reject. If not accepted above, then you don't come in. ;)

Sent from Tapatalk

by AlainCasault
Sat Sep 22, 2018 11:48 pm
Forum: General
Topic: two pppoe servers in the same network
Replies: 6
Views: 1566

Re: two pppoe servers in the same network

I would agree with mducharme. Pppoe clients connect to whatever server answers first. You need to use service-name I'm afraid.

Sent from my tablet with Tapatalk. Sorry for my typos.

by AlainCasault
Sat Sep 22, 2018 11:41 pm
Forum: General
Topic: optimize FW rule by using connection-state=new ?
Replies: 6
Views: 952

Re: optimize FW rule by using connection-state=new ?

If it's in the same filter, I don't think that one more matcher (new) will make a difference. And I don't think you'll miss anything with that. If you want to use it, maybe do new AND invalid in the same filter. What I would suggest is to allow what needs to be allowed such as "related-established" ...
by AlainCasault
Sat Sep 22, 2018 11:29 pm
Forum: General
Topic: restore back to identical devices never works :(
Replies: 28
Views: 2591

Re: restore back to identical devices never works :(

At the very leat, we should be able to import a backup into another device of same model and RoS/bootloader version. Certificates, users and all. I think that is working. But in practice it is not enough. E.g. I have 2 installs of CCR1009-8G-1S-1S+ which when broken is no longer available and would...
by AlainCasault
Sat Sep 22, 2018 6:48 pm
Forum: General
Topic: restore back to identical devices never works :(
Replies: 28
Views: 2591

Re: restore back to identical devices never works :(

I totaly agree with you; it is "Official" policy, but... There's always a but :) If you restore a binary backup of A on B ( provided both are the same model. And I would STRONGLY advise to have them of same ROS and Firmware also ), this should work. Thing is, you'll have the MACs of A on B. I hope I...
by AlainCasault
Sat Sep 22, 2018 6:03 pm
Forum: General
Topic: restore back to identical devices never works :(
Replies: 28
Views: 2591

Re: restore back to identical devices never works :(

At the very leat, we should be able to import a backup into another device of same model and RoS/bootloader version. Certificates, users and all. Like I said, you can do that provided you reset the MACs. Not ideal, I agree, but workable. For the MACs, a simple "cleanup" script should make it that m...
by AlainCasault
Fri Sep 21, 2018 9:28 pm
Forum: General
Topic: routerOS licence ? [SOLVED]
Replies: 7
Views: 896

Re: routerOS licence ? [SOLVED]

Comes...

Oups, took too long to reply ;)

Sent from Tapatalk

by AlainCasault
Fri Sep 21, 2018 9:27 pm
Forum: General
Topic: routerOS licence ? [SOLVED]
Replies: 7
Views: 896

Re: routerOS licence ? [SOLVED]

Any mikrotik hardware chimes with its license. You only need to buy for x86 or chr.

Cheers

Sent from Tapatalk

by AlainCasault
Fri Sep 21, 2018 8:15 pm
Forum: General
Topic: restore back to identical devices never works :(
Replies: 28
Views: 2591

Re: restore back to identical devices never works :(

Well, restore from A to B can work IF you reset the MAC address of ALL physical interfaces. Also, if you have an address in a bridge, make sure that it's pointing to a real MAC, not the one in the backup that doesn't exist anymore.

Cheers

Sent from Tapatalk

by AlainCasault
Fri Sep 21, 2018 4:21 pm
Forum: General
Topic: Change login password
Replies: 1
Views: 386

Re: Change login password

I'm afraid there's no way of doing it. Interrupting the boot process will let you set some low level parameters, but nothing else. Try to negotiate with the former employee, good luck with that. I would suggest you review your config backup strategy, which you probably decided to do by now :( You co...
by AlainCasault
Thu Sep 20, 2018 3:37 pm
Forum: General
Topic: After upgrade firmware 6.40.5, Can't change admin's group to full
Replies: 6
Views: 1159

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

What's the point in responding to this 7 month old post?
Especially as a lot of water how flowed under various RouterOS bridges since then.
What's the point of being unpleasant? Why do you care?

Sent from my tablet with Tapatalk. Sorry for my typos.

by AlainCasault
Wed Sep 19, 2018 8:02 pm
Forum: General
Topic: After upgrade firmware 6.40.5, Can't change admin's group to full
Replies: 6
Views: 1159

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

And don't forget to add firewall filters!!!
by AlainCasault
Wed Sep 19, 2018 8:00 pm
Forum: General
Topic: Can't change username on ROS 6.43 [SOLVED]
Replies: 21
Views: 5472

Re: Can't change username on ROS 6.43 [SOLVED]

Make a new user, then re-login. There are big security changes in last versions, rename is no longer possible. Hello Normis, Can you explain what this change addresses, what security recommendation is met. I'm not a security expert, so I don't get it. "Create/Delete" ends up with the same result as...
by AlainCasault
Wed Sep 19, 2018 7:54 pm
Forum: General
Topic: After upgrade firmware 6.40.5, Can't change admin's group to full
Replies: 6
Views: 1159

Re: After upgrade firmware 6.40.5, Can't change admin's group to full

Chances are, you have to netinstall and reconfigure :(
Once finished, change the admin PWD right away?
by AlainCasault
Thu Sep 06, 2018 8:32 pm
Forum: General
Topic: Securing my Rb3011 under attack - SOLVED
Replies: 3
Views: 566

Re: Securing my Rb3011 under attack

Hello, As you're doing your firewall, use "SAFE" mode (top left of winbox). This will remove your new config entries from the moment safe mode was activated until the moment you locked yourself out (should it happen). Yes, you will lose all that work but at least you won't have to drive the 400km. S...
by AlainCasault
Wed Sep 05, 2018 9:20 pm
Forum: Wireless Networking
Topic: Message "does not allow station-bridge" when client cannot connect to capsman
Replies: 4
Views: 1086

Re: Message "does not allow station-bridge" when client cannot connect to capsman

I'm not sure what you mean. What's in station mode? The remote router?

If so, the remote router it's meant to be an AP, and nothing else. Once configured as a capsman client, you can't configure the wifi radio unless it's from the capsman.

Regards

Sent from Tapatalk

  • 1
  • 2