Community discussions

Search found 426 matches

  • 1
  • 2
by blake
Mon Dec 08, 2014 9:07 am
Forum: Forwarding Protocols
Topic: Redistribute routes tagged with a special BGP community
Replies: 13
Views: 2678

Re: Redistribute routes tagged with a special BGP community

Is your Equinix peer in the same BGP instance?

Do you mind posting the config of both neighbor sessions, and associated filters?
by blake
Sun Dec 07, 2014 11:13 pm
Forum: Forwarding Protocols
Topic: Redistribute routes tagged with a special BGP community
Replies: 13
Views: 2678

Re: Redistribute routes tagged with a special BGP community

Could you post the configuration for the neighbors you are redistributing this to?
by blake
Tue Sep 24, 2013 7:55 pm
Forum: Forwarding Protocols
Topic: BGP: AS_TRANS (AS23456)
Replies: 2
Views: 1790

Re: BGP: AS_TRANS (AS23456)

Nothing needs to be done. Configure your router with your 4-byte ASN. Your peer will configure the session toward you with remote-as=23456. You will use their regular AS in remote-as=. BGP will bring up the session, and your upstream will see your AS as the 4-byte transitional ASN. The rest of the w...
by blake
Thu Oct 25, 2012 11:01 am
Forum: General
Topic: Radius manager servicing multiple locations
Replies: 7
Views: 2412

Re: Radius manager servicing multiple locations

My problem is that, how do I tell the RB's to only route the radius authentication traffic over the PPTP tunnel(ports 1812/1813)? Just create a static route for your RADIUS server's IP (ie 192.168.1.5), and point it to the VPN gateway. /ip route add dst-address=<radius IP>/32 gateway=<PPTP tunnel's...
by blake
Thu Oct 25, 2012 10:53 am
Forum: Forwarding Protocols
Topic: BGP and routing filter improvement suggestions
Replies: 58
Views: 16761

Re: BGP and routing filter improvement suggestions

Why don't you guys try this? :)
/ip route print where bgp and 177.66.x00.1 in dst-address
You're welcome. ;-)
by blake
Sun Oct 21, 2012 11:28 pm
Forum: General
Topic: RADIUS and DHCP PASSWORD
Replies: 13
Views: 3583

Re: RADIUS and DHCP PASSWORD

Got one more slight problem. DHCp is authing and assigning correct pool fine. But when the hotspot authenticates however because it sees Framed-Pool it assigns another IP on hotspot to-address so two IPs are used!! Do you know if there is a rule like above that can omit the radreply Framed-Pool whe...
by blake
Wed Oct 10, 2012 8:15 am
Forum: General
Topic: RADIUS and DHCP PASSWORD
Replies: 13
Views: 3583

Re: RADIUS and DHCP PASSWORD

So can I just clarify that your saying Freeradius can be setup to send access-accept when getting a dhcp request even if NAS is not sending password? Can I just be clear what your saying can be setup only to authorize a DHCP request as it's important the hotspot continues to have same auth method a...
by blake
Sat Oct 06, 2012 7:15 am
Forum: General
Topic: RADIUS and DHCP PASSWORD
Replies: 13
Views: 3583

Re: RADIUS and DHCP PASSWORD

Yes, MikroTik's DHCP server does not send the User-Password attribute. If your configurations requires a password then you can easily set it in the RADIUS server. Here's how to do it if you're using FreeRADIUS:
authorize {
  update request {
    User-Password = "%{User-Name}"
  }
}
by blake
Wed Sep 12, 2012 11:56 am
Forum: Wireless Networking
Topic: WISP Radius accounting for minutes/Traffic
Replies: 1
Views: 910

Re: WISP Radius accounting for minutes/Traffic

You can use RADIUS to instruct the NAS to disconnect a user after either of these values. Look the following link for more info.

http://wiki.mikrotik.com/wiki/Manual:RADIUS_Client
by blake
Wed Sep 12, 2012 11:40 am
Forum: Wireless Networking
Topic: Radius server for EAP-Passthrough
Replies: 1
Views: 1069

Re: Radius server for EAP-Passthrough

FreeRADIUS.

I am using this with EAP-PEAP. Works perfectly.
by blake
Wed Sep 12, 2012 11:36 am
Forum: General
Topic: WPA2-EAP setup, Radius client radius,debug no radius server
Replies: 2
Views: 2069

Re: WPA2-EAP setup, Radius client radius,debug no radius se

How are you setting up the RADIUS server?
/radius
add service=wireless address=<some ip> secret=mySecret
?
by blake
Fri Jul 13, 2012 7:30 pm
Forum: Forwarding Protocols
Topic: Routing customer's own IPs via BGP. Possible?
Replies: 1
Views: 926

Re: Routing customer's own IPs via BGP. Possible?

Two ways. Both require you to have an autonomous system number (ASN). 1. Setup a BGP session with the customer and let them advertise their IP prefixes into your AS. Contact your upstream provider(s) and request they add this ASN & prefix to their filters for your connection. Explain to them that th...
by blake
Tue Jun 19, 2012 7:56 pm
Forum: Forwarding Protocols
Topic: EoMPLS/VPLS ....!!!!
Replies: 12
Views: 4440

Re: EoMPLS/VPLS ....!!!!

Adjust the l2mtu parameter on the Ethernet port to something higher than 1500. The RB1100AHx2 supports a maximum l2mtu of 9498.
/interface ethernet set ether1 l2mtu=9498
by blake
Fri May 11, 2012 7:37 pm
Forum: Forwarding Protocols
Topic: BGP Advertisement Issue
Replies: 5
Views: 1772

Re: BGP Advertisement Issue

Look into Route reflector option. it will pass the learned routes to the next router. No, this is not needed. Route reflectors are only used to 'reflect' routes to other routers in the same AS. You would never enable route reflector functionality with an upstream peer. swapwnet, could you please po...
by blake
Tue Apr 24, 2012 12:18 am
Forum: RouterBOARD hardware
Topic: Cluster of CloudCores or ASR9K ?
Replies: 1
Views: 888

Re: Cluster of CloudCores or ASR9K ?

CloudCore is brand new, unproven hardware. Who knows how long it'll take to get the bugs worked out. 100G? Buy the ASR9K if it'll handle your workload. I would imagine if you're buying that bandwidth capacity that you have a large amount of revenue, and will be able to pay it off in a reasonable amo...
by blake
Mon Apr 16, 2012 8:06 pm
Forum: Forwarding Protocols
Topic: MT MPLS Capabilities
Replies: 13
Views: 3282

Re: MT MPLS Capabilities

He's asking if MikroTik will pass MPLS packets that encapsulate a non-IP packet.

Cisco - Any Transport over MPLS (AToM).

I'm curious about this as well. I have Cisco & MikroTik equipment to test this. I just need to find time to build the lab.
by blake
Mon Mar 26, 2012 11:40 am
Forum: Forwarding Protocols
Topic: Cogent BGP: how to change forwarding-nexthop for loopback?
Replies: 3
Views: 1762

Re: Cogent BGP: how to change forwarding-nexthop for loopbac

Apply an inbound route filter to your BGP multi-hop session which changes the next-hop of received routes to that of their router on the /30. Something like this. /routing filter add chain=cogent-in set-nexthop=a.a.a.a / routing bgp peer add name=cogent-a remote-address=a.a.a.a remote-as=174 multiho...
by blake
Tue Feb 28, 2012 8:06 am
Forum: Forwarding Protocols
Topic: ip route print and large route tables
Replies: 3
Views: 1296

Re: ip route print and large route tables

/ip route print where static
by blake
Mon Feb 27, 2012 11:07 am
Forum: Forwarding Protocols
Topic: BGP Route Reflectors, how to properly configure??
Replies: 19
Views: 10512

Re: BGP Route Reflectors, how to properly configure??

# Route Reflector
/routing bgp instance
set default client-to-client-reflection=yes

/routing bgp peer
set peer1 route-reflect=yes
# Clients
/routing bgp instance
set default client-to-client-reflection=no

/routing bgp peer
set route-reflector route-reflect=no
by blake
Wed Feb 08, 2012 9:33 pm
Forum: General
Topic: How to announce client IP address space under our ASN?
Replies: 10
Views: 3114

Re: How to announce client IP address space under our ASN?

Are you advertising the prefix with 'synchronize=no' under /routing bgp network?
by blake
Tue Jan 31, 2012 10:16 am
Forum: Scripting
Topic: Find the Address-List to which an IP is assigned
Replies: 5
Views: 6845

Re: Find the Address-List to which an IP is assigned

:put [/ip firewall address-list get value-name=list [find address=192.168.x.x]]
by blake
Fri Jan 27, 2012 12:53 pm
Forum: Virtualization
Topic: Graphing
Replies: 1
Views: 1556

Re: Graphing

There are graphing programs available outside of MikroTik which can graph at 1 minute intervals, although its resource intensive with a large number of hosts & thus usually avoided. The graphs are not 100% accurate because they're averages of data over a 5 min polling period, but they give a fairly ...
by blake
Wed Jan 25, 2012 12:10 am
Forum: Beginner Basics
Topic: VLAN To Internet Access
Replies: 5
Views: 5430

Re: VLAN To Internet Access

/ip firewall filter
add chain=forward action=drop in-interface=vlan_network out-interface=!internet
by blake
Mon Jan 23, 2012 6:14 am
Forum: General
Topic: SXT 5HnD
Replies: 1
Views: 700

Re: SXT 5HnD

Escribir en Inglés, por favor. Este sitio es un foro sólo Inglés.
by blake
Sun Jan 22, 2012 12:05 am
Forum: Forwarding Protocols
Topic: Jumbo frame support...
Replies: 6
Views: 8558

Re: Jumbo frame support...

Yes.. if i issue the following command... ping 192.168.88.1 -t -l 5000, does it mean i am pinging with 5000 size of packet? It means you are pinging with 5000 bytes of just ICMP payload. Add 8 bytes for the ICMP header, and 20 bytes for the IP header and that'll put you at 5028 bytes. This value of...
by blake
Thu Jan 19, 2012 7:06 pm
Forum: General
Topic: recomendations for a switch for core of network
Replies: 2
Views: 672

Re: recomendations for a switch for core of network

Cisco Catalyst 3750.
by blake
Fri Dec 23, 2011 11:11 pm
Forum: Wireless Networking
Topic: SXT mac telnet strange issue
Replies: 8
Views: 2572

Re: SXT mac telnet strange issue

I'm using SXT clients with WDS interfaces in a bridge & I was having this problem. I had to MAC telnet to the SXT's ether1 MAC instead of its wlan1 MAC.
by blake
Thu Dec 22, 2011 10:41 pm
Forum: General
Topic: Bridge Port Settings - Edge
Replies: 1
Views: 2814

Re: Bridge Port Settings - Edge

Ports may be configured as edge ports if they are attached to a LAN that has no other bridges attached. These edge ports transition directly to the forwarding state. RSTP still continues to monitor the port for BPDUs in case a bridge is connected. Source: Wikipedia: Spanning Tree Protocol #RSTP Ope...
by blake
Thu Dec 22, 2011 6:41 am
Forum: Beginner Basics
Topic: SXT point to Multipoint connection with separate VLAN
Replies: 4
Views: 5098

Re: SXT point to Multipoint connection with separate VLAN

Utilize static WDS interfaces and add those interfaces into a bridge with the VLAN interface. Here's what I do. AP: /interface vlan add interface=ether1 disabled=no name=vlan10 vlan-id=10 add interface=ether1 disabled=no name=vlan11 vlan-id=11 /interface bridge add name=bridge10 comment="VLAN 10 Bri...
by blake
Sat Dec 17, 2011 12:33 am
Forum: Wireless Networking
Topic: Best way to separate CPE management & subscriber traffic?
Replies: 1
Views: 529

Best way to separate CPE management & subscriber traffic?

I'm looking to get some input regarding the best method for separating CPE management & subscriber traffic in a bridged environment. What I'm trying to achieve: RFC1918 address on CPE for management, segmented from customer traffic. Customer traffic bridged onto VLAN at AP. Low complexity provisioni...
by blake
Thu Dec 15, 2011 5:41 am
Forum: Beginner Basics
Topic: Routing decision question
Replies: 2
Views: 796

Re: Routing decision question

It goes to the input chain because the dst-address is an IP that is local to the router.

You haven't described your topology in great detail. But, I would assume you're looking for this. http://wiki.mikrotik.com/wiki/Hairpin_NAT
by blake
Wed Nov 30, 2011 10:26 pm
Forum: General
Topic: RouterOS v5.9 released
Replies: 166
Views: 41852

Re: RouterOS v5.9 released

My only concern is that this came from Amazon Cloud (Frankfurt) and not from Latvia even if I select Latvia. They likely just chose the Latvian download location as a way to test Amazon distribution. I assume if it works well they will remove all of the country-specific download locations and just ...
by blake
Mon Nov 21, 2011 9:19 am
Forum: Forwarding Protocols
Topic: SOLVED - OSPF - 2 Default routes...
Replies: 9
Views: 2730

Re: SOLVED - OSPF - 2 Default routes...

Possibly, this had nothing to do with it and just the change restarted the OSPF process on the cisco and that restart fixed the issue. I think it had nothing to do with it. I have multiple Cisco's, all using 'passive-interface default' in the OSPF configs, and the MikroTik's will still lose the def...
by blake
Fri Nov 11, 2011 8:34 pm
Forum: Forwarding Protocols
Topic: VRFs - pinging all interfaces on router problem
Replies: 2
Views: 1279

Re: VRFs - pinging all interfaces on router problem

Firewall filters are the only solution right now. I believe your customers should only be able to ping interfaces local to their PE router which are in other VRF's. I haven't tested it lately, but that's the behavior I recall when I tested VRF's on MikroTik.
by blake
Tue Nov 08, 2011 1:28 am
Forum: General
Topic: Simple routing question
Replies: 9
Views: 1050

Re: Simple routing question

Are the clients on the 192.0.0.0/24 subnet receiving 192.0.0.1 as a default gateway? If so, this should work.

Also, best practice is to use RFC1918 addresses for internal use instead of picking random IP's.
by blake
Mon Nov 07, 2011 11:49 pm
Forum: Forwarding Protocols
Topic: OSPF Type 5 LSA flooding but not added to route table?
Replies: 14
Views: 6097

Re: OSPF Type 5 LSA flooding but not added to route table?

When the issue occurs, this particular redistributed static route is the only route that doesn't come up. The native OSPF networks and the other redistributed connected/static (about a half dozen from this router) do come up properly. The only difference between this route and the others is that it...
by blake
Sat Nov 05, 2011 6:53 am
Forum: Forwarding Protocols
Topic: Disappearing Default Route in OSPF
Replies: 10
Views: 5682

Re: Disappearing Default Route in OSPF

Does anyone have any update on this? I have routers running 4.11, 5.4, 5.7, and 5.8 which all experience this.
by blake
Sat Nov 05, 2011 6:42 am
Forum: General
Topic: Problem with BGP routing
Replies: 2
Views: 531

Re: Problem with BGP routing

Post your current BGP configs on each router. That would assist us in finding your error.
by blake
Thu Nov 03, 2011 4:49 pm
Forum: Forwarding Protocols
Topic: loopback interface
Replies: 8
Views: 36867

Re: loopback interface

OSPF router ID should not be changed after the OSPF process has been started. OSPF router ID change resets all OSPF adjacencies, resulting in temporary router outage. The router also has to originate new copies of all its LSAs with the new router ID. Stale copies of the LSAs originated by the “old”...
by blake
Wed Nov 02, 2011 10:00 am
Forum: Forwarding Protocols
Topic: loopback interface
Replies: 8
Views: 36867

Re: loopback interface

Just create a bridge interface with zero member ports. The interface will always be active and thus will function as a regular loopback interface. This is the only way to emulate a loopback using RouterOS.
/interface bridge add name=loopback0
by blake
Sun Oct 02, 2011 8:46 am
Forum: Wireless Networking
Topic: Which interface in bridge? wds/wlan or both?
Replies: 2
Views: 484

Re: Which interface in bridge? wds/wlan or both?

I do not put the actual wlan interfaces into the bridge. I only add the client WDS interfaces, and the VLAN interface I want to bridge the clients onto.
by blake
Wed Sep 14, 2011 12:40 am
Forum: Scripting
Topic: Network/CPE Management System (Finally in development!!!)
Replies: 12
Views: 4408

Re: Network/CPE Management System (Finally in development!!!

Yup, did that. I guess you never received it.
by blake
Tue Sep 13, 2011 8:13 pm
Forum: Scripting
Topic: Network/CPE Management System (Finally in development!!!)
Replies: 12
Views: 4408

Re: Network/CPE Management System (Finally in development!!!

I emailed you. Have you replied? I haven't seen it.
by blake
Thu Sep 08, 2011 4:01 am
Forum: Scripting
Topic: Network/CPE Management System (Finally in development!!!)
Replies: 12
Views: 4408

Re: Network/CPE Management System (Finally in development!!!

PHP for front end. Any particular web development framework? and some sneaky back end scripting, linux based. I'm curious to know the reason for this. I may be interested in assisting, depending on current time constraints. PM me on the UBNT forums. I'm registered there under the same username.
by blake
Wed Sep 07, 2011 11:29 am
Forum: Scripting
Topic: Network/CPE Management System (Finally in development!!!)
Replies: 12
Views: 4408

Re: Network/CPE Management System (Finally in development!!!

What language is it begin written in, and for what platforms (Windows or Unix)?
by blake
Sun Sep 04, 2011 6:19 am
Forum: General
Topic: Question for ISP's, how do you assign static IP's?
Replies: 4
Views: 975

Re: Question for ISP's, how do you assign static IP's?

what is SM? :)
Subscriber module.

Customers on our legacy gear receive a single IP from a shared /24 on a 'static IP VLAN'. All of our fixed WiMAX customers receive a /29 or greater on their own dedicated VLAN.
by blake
Thu Sep 01, 2011 6:59 am
Forum: General
Topic: Anyone running BGP with high throughput on a 1000 or 1100?
Replies: 3
Views: 509

Re: Anyone running BGP with high throughput on a 1000 or 110

Rack 2 needs some wiring attention. :-)
by blake
Thu Aug 25, 2011 6:33 am
Forum: Forwarding Protocols
Topic: BGP Confederation - far-ends announcements not being seen
Replies: 5
Views: 1287

Re: BGP Confederation - far-ends announcements not being see

You're right, its only needed on AS2.

Can you post your BGP peer and filter configs?
by blake
Thu Aug 25, 2011 5:41 am
Forum: Forwarding Protocols
Topic: BGP Confederation - far-ends announcements not being seen
Replies: 5
Views: 1287

Re: BGP Confederation - far-ends announcements not being see

AS 1
/routing bgp instance
set 0 confederation-peers=2,3

AS 2
/routing bgp instance
set 0 confederation-peers=1,3

etc…
by blake
Thu Aug 11, 2011 5:42 am
Forum: General
Topic: Trunking and Redundant links
Replies: 2
Views: 986

Re: Trunking and Redundant links

You need Spanning Tree Protocol. http://wiki.mikrotik.com/wiki/Manual:Interface/Bridge Assuming your Ethernet ports are all members of a bridge on the MT's, then you could do something like this: ## MikroNOC ## /interface bridge set 0 protocol-mode=rstp priority=0 ## Router A ## /interface bridge se...
by blake
Thu Aug 11, 2011 3:39 am
Forum: Forwarding Protocols
Topic: OSPF network connecting to internet
Replies: 4
Views: 863

Re: OSPF network connecting to internet

Correct.
by blake
Wed Aug 10, 2011 2:08 pm
Forum: Forwarding Protocols
Topic: OSPF network connecting to internet
Replies: 4
Views: 863

Re: OSPF network connecting to internet

On the router which connects to the internet:
/routing ospf instance
set default distribute-default=if-installed-as-type-1
It will broadcast a default route to the other OSPF routers as long as it also has a default route in its own routing table.
by blake
Wed Aug 10, 2011 5:24 am
Forum: Beginner Basics
Topic: Trying to help a small community...
Replies: 3
Views: 724

Re: Trying to help a small community...

My issue is that I have limited WAN experience. If I get issued a block of IP's from my service provider, how do I setup the Mikrotiks to pass those public IP's out to each location just as a normal ISP would do? MCT is correct in that this is really no different than private IP management. Operati...
by blake
Fri Aug 05, 2011 9:43 am
Forum: Beginner Basics
Topic: MIKROTIK REVERSE PROXY VS APACHE MOD_PROXY
Replies: 1
Views: 1669

Re: MIKROTIK REVERSE PROXY VS APACHE MOD_PROXY

MikroTik was not designed for this. First and foremost it is a router operating system. Everything else is just interesting additions.

Look at Squid, nginx, or Varnish Cache. They're designed for that type of application.
by blake
Thu Aug 04, 2011 4:55 am
Forum: General
Topic: Mikrotic - Border Router
Replies: 8
Views: 2549

Re: Mikrotic - Border Router

Great, thank you for that.

Yes, a 2800 series will not handle full BGP with three providers. If you stick with Cisco you may get away with a 7200 with a NPE-G1.

But, since you want to use MiroTik…go with the MikroNOC.
by blake
Wed Aug 03, 2011 6:02 pm
Forum: General
Topic: Mikrotic - Border Router
Replies: 8
Views: 2549

Re: Mikrotic - Border Router

we have 3 internet feeds from 3 different providers, with full BGP, and AS That quote led me to believe you were receiving full tables from three different providers. Please let us know which equipment you have. You given us the exact product you want to migrate to (MikroNOC 7500 1U), but not what ...
by blake
Tue Aug 02, 2011 7:03 pm
Forum: General
Topic: VLANs - mixed Cisco/Mikrotik
Replies: 6
Views: 3450

Re: VLANs - mixed Cisco/Mikrotik

use transparent bridge on all rb750 and rb433, and configure STP (rstp) on routers and switches (for backup), its much simply than use many vlans in your schema.
[sarcasm] Right! Because separating traffic at layer 2 is such a bad idea. [/sarcasm]
by blake
Sun Jul 31, 2011 9:23 am
Forum: General
Topic: Mikrotic - Border Router
Replies: 8
Views: 2549

Re: Mikrotic - Border Router

Regarding load balancing, MikroTik's BGP implementation can't do anything outside of what the BGP protocol can do. You need to tune your inbound and outbound traffic with standard controls such as BGP local pref, weight, AS path prepending, communities, etc. Quite a few people use MikroTik as a bord...
by blake
Thu Jul 21, 2011 7:37 am
Forum: General
Topic: AIRMUX and RADWIN
Replies: 15
Views: 5638

Re: AIRMUX and RADWIN

when the whole world is using 802.xx how come RAD has its own proprietory software for radio? The same reason MikroTik implements its proprietary Nv2 protocol, and Ubiquiti has Airmax. The IEEE 802 actually encompasses a large number of "…standards dealing with local area networks and metropolitan ...
by blake
Wed Jul 20, 2011 3:13 am
Forum: Forwarding Protocols
Topic: BGP and Route Reflection
Replies: 4
Views: 1929

Re: BGP and Route Reflection

If that statement is true, please explain why at http://wiki.mikrotik.com/wiki/BGP_based_VPLS R5 could act as the route reflector if R1 and R2 are not connected directly to it? Or am I missing something??? The routers do not have to be physically connected, or on the same Ethernet segment. R1 and R...
by blake
Tue Jul 19, 2011 6:14 pm
Forum: General
Topic: AIRMUX and RADWIN
Replies: 15
Views: 5638

Re: AIRMUX and RADWIN

Yes, one is made by RAD Data and the other is Radwin. ste is right, they are carrier class radios. We use Airmux-200 and Airmux-400 radios extensively in customer point-to-point applications for IP & TDM backhaul. Like any product they have an occasional bug, but not as many as other products I've u...
by blake
Tue Jul 19, 2011 9:09 am
Forum: Beginner Basics
Topic: PPPoE , Hotspot, Leased Line on same Interface
Replies: 3
Views: 666

Re: PPPoE , Hotspot, Leased Line on same Interface

Setup VLANs on ether6…one for each service you want to offer. You will need a VLAN capable switch and/or network access equipment.
by blake
Mon Jul 18, 2011 12:28 pm
Forum: Beginner Basics
Topic: Port 443
Replies: 2
Views: 867

Re: Port 443

by blake
Mon Jul 18, 2011 10:06 am
Forum: Beginner Basics
Topic: MPLS transparent bridge not working in v5.5 anymore
Replies: 6
Views: 1447

Re: MPLS transparent bridge not working in v5.5 anymore

Could you describe in more detail what is not working? Perform some debugging and narrow it down to a certain issue.
by blake
Mon Jul 18, 2011 9:29 am
Forum: RouterBOARD hardware
Topic: RB750GL and packets over 1500bytes
Replies: 8
Views: 1565

Re: RB750GL and packets over 1500bytes

Are you adjusting the l2-mtu parameter, or just mtu?
by blake
Mon Jul 18, 2011 9:27 am
Forum: Scripting
Topic: route failover
Replies: 3
Views: 768

Re: route failover

by blake
Sat Jul 16, 2011 8:44 am
Forum: Beginner Basics
Topic: DHCP server and DHCP relay help plz
Replies: 3
Views: 1547

Re: DHCP server and DHCP relay help plz

You need to configure the MikroTik to acknowledge the relay as a valid relay source. If your DHCP server instance is zero and the ethernet-to-coax gateway's IP is 192.0.2.1, then you can do this: /ip dhcp-server set 0 relay=192.0.2.1 Refer to this for more information. http://wiki.mikrotik.com/wiki/...
by blake
Wed Jul 06, 2011 1:54 am
Forum: General
Topic: Download: Legacy or Stable version ?
Replies: 7
Views: 3869

Re: Download: Legacy or Stable version ?

How do I downgrade it to a lower version (i.e. 4.17) ?
http://wiki.mikrotik.com/wiki/Manual:Ro ... owngrading
by blake
Tue Jul 05, 2011 7:56 am
Forum: General
Topic: Download: Legacy or Stable version ?
Replies: 7
Views: 3869

Re: Download: Legacy or Stable version ?

Quite a number of people on these forums consider the stable to be rather unstable for certain features. If you poke around the forums you'll see there are various bugs present in the stable release which are to be resolved in subsequent versions. 4.17 on the other hand seems to be the most stable o...
by blake
Sun Jul 03, 2011 11:02 pm
Forum: Forwarding Protocols
Topic: Adding / Appeding bgp community to static or connected route
Replies: 5
Views: 1389

Re: Adding / Appeding bgp community to static or connected r

/routing filter add chain=bgp-static-out action=accept prefix=68.142.0.0/19 prefix-length=19-24 add chain=bgp-local-out protocol=static match-chain=bgp-static-out set-bgp-communities=11280:115 add chain=bgp-out locally-originated-bgp=yes invert-match=no action=jump jump-target=bgp-local-out add cha...
by blake
Sun Jul 03, 2011 9:25 pm
Forum: Forwarding Protocols
Topic: Another Question about Routing Filters...
Replies: 2
Views: 524

Re: Another Question about Routing Filters...

In your code they are OR. In the following they are AND.
/routing filter add chain=tnn-out bgp-communities=11280:661,11280:662 invert-match=no action=accept set-bgp-prepend=1
As far as I know there is not a more efficient way to write those rules.
by blake
Wed Jun 29, 2011 11:43 am
Forum: General
Topic: RouterOS 5.5 Released
Replies: 47
Views: 12118

Re: RouterOS 5.5 Released

this is a known problem on RB493G, you can rename the ports back to what you want, only the names have changed.
Thanks for confirming this as a known bug. I tried swapping out a RB493AH with a 493G and ran into this. I'm glad it wasn't just me.
by blake
Mon Jun 27, 2011 12:00 pm
Forum: Forwarding Protocols
Topic: SOLVED - OSPF - 2 Default routes...
Replies: 9
Views: 2730

Re: OSPF - 2 Default routes...

Even better…just enable OSPF on interfaces you DO want to run it on. :)
router ospf 1
 passive-interface default
 no passive-interface FastEthernet2/3
 no passive-interface FastEthernet4/5
by blake
Sat Jun 25, 2011 4:12 am
Forum: General
Topic: Static route to dinamic interface (PPP)
Replies: 2
Views: 478

Re: Static route to dinamic interface (PPP)

Look at the Framed-Route attribute.

http://wiki.mikrotik.com/wiki/Manual:RADIUS_Client
by blake
Wed Jun 22, 2011 8:35 am
Forum: Forwarding Protocols
Topic: BGP ANNOUNCEMENT
Replies: 6
Views: 1247

Re: BGP ANNOUNCEMENT

If you never heard a network like /22 netmask although you have extensive Cisco experience, look the following. I know what a /22 is. I'm saying I've never seen network 0.0.0.0 mask 255.255.252.0 in a config, but I have seen actual blocks listed like network 209.145.204.0 mask 255.255.252.0 . If yo...
by blake
Sun Jun 19, 2011 1:20 pm
Forum: Scripting
Topic: What can the onboard web server process
Replies: 1
Views: 562

Re: What can the onboard web server process

No, it cannot. It can only handle simple HTML. You'll have to use an external web server if you want to support dynamic programming languages.
by blake
Sun Jun 19, 2011 1:19 pm
Forum: Beginner Basics
Topic: Poor mans MPLS/VPLS?
Replies: 4
Views: 872

Re: Poor mans MPLS/VPLS?

I guess what I'm after is a set of devices to 'plug' into the 'Internet' to provide 'tunnelling'
This statement is what made me suggest EoIP. It doesn't sound like he owns all of the backhaul. If not, he can't run MPLS across another provider's network. EoIP will have to do.
by blake
Sat Jun 18, 2011 1:55 am
Forum: General
Topic: RB450G in sealed outdoor case in the Desert heat
Replies: 5
Views: 1326

Re: RB450G in sealed outdoor case in the Desert heat

Where in southern CA? I'm in Yuma, Arizona. We have service throughout California's Imperial Valley…right in southern CA.
by blake
Sat Jun 18, 2011 1:54 am
Forum: General
Topic: OSPF Ignoring Link State Acknowledgment..
Replies: 9
Views: 3462

Re: OSPF Ignoring Link State Acknowledgment..

Hi,

I don't want to be a bother, but do you think you would have time to contact me this evening or next week? Should only be a few minutes. I'm just curious what you were seeing, and what you did to fix it.

Thanks.
by blake
Fri Jun 17, 2011 7:47 pm
Forum: Beginner Basics
Topic: Poor mans MPLS/VPLS?
Replies: 4
Views: 872

Re: Poor mans MPLS/VPLS?

You may want to look at MikroTik's Ethernet-over-IP.
by blake
Fri Jun 17, 2011 10:31 am
Forum: Forwarding Protocols
Topic: BGP ANNOUNCEMENT
Replies: 6
Views: 1247

Re: BGP ANNOUNCEMENT

I believe I'm speaking for fewi as well as myself, but we have extensive Cisco experience and have not seen a network statement such as that. From the syntax it would appear to match any network you want to advertise as long as its a /22. Interesting, but again I've never seen it in operation. I'll ...
by blake
Wed Jun 15, 2011 2:27 am
Forum: General
Topic: RB450G in sealed outdoor case in the Desert heat
Replies: 5
Views: 1326

Re: RB450G in sealed outdoor case in the Desert heat

I'm also in the desert, and I have a few MikroTik access points up on towers which are operating without issue. Things get pretty hot around here, but so far not hot enough to damage equipment. I'll let you know if that changes. ;-)
by blake
Wed Jun 15, 2011 2:24 am
Forum: Beginner Basics
Topic: Bandwidth Test - Other Users
Replies: 2
Views: 2158

Re: Bandwidth Test - Other Users

Looks like you can just add them to the 'test' group. http://wiki.mikrotik.com/wiki/Manual:Router_AAA#User_Groups /user add name=customer1 group=test password=changeme Since you're not permitting local, telnet, or SSH logins it should just limit them to performing bandwidth test none of the other to...
by blake
Tue Jun 14, 2011 7:18 pm
Forum: Forwarding Protocols
Topic: bgp upload issue
Replies: 9
Views: 1693

Re: bgp upload issue

Could you do a 'print detail' on some of those routes so we can see the BGP weight and metrics between the two links? Also please put the output into a [ code ] block. http://forum.mikrotik.com/viewtopic.php?f=13&t=45259
by blake
Tue Jun 14, 2011 6:01 pm
Forum: Forwarding Protocols
Topic: bgp upload issue
Replies: 9
Views: 1693

Re: bgp upload issue

Are you receiving the same routes from both external peers? Are they sending you a default route, partial table, full table, or full w/ default route?

Also, you may want to read this. http://wiki.mikrotik.com/wiki/Manual:IP ... .29_routes
by blake
Tue Jun 14, 2011 5:42 am
Forum: General
Topic: OSPF Ignoring Link State Acknowledgment..
Replies: 9
Views: 3462

Re: OSPF Ignoring Link State Acknowledgment..

We use Trango units for our bigger wireless links. For some reason through cli the trango showed to have the correct default gateway but through the gui it had the wrong one. I was originally doing the troubleshooting from the office so I could only get to the trango unit through telnet on the rout...
by blake
Mon Jun 13, 2011 5:17 pm
Forum: General
Topic: My thoughts for v6
Replies: 51
Views: 11897

Re: My thoughts for v6

Unless you don't mind cloning your MAC addresses over other hardware…then simply running that command is fine.

Most of us enjoy unique MAC's in our network though.
by blake
Mon Jun 13, 2011 10:38 am
Forum: General
Topic: My thoughts for v6
Replies: 51
Views: 11897

Re: My thoughts for v6

sorry for the offtop, any example?.. thanks
Several posts above yours have already covered this…
by blake
Sun Jun 12, 2011 11:13 pm
Forum: Wireless Networking
Topic: I need Wimax
Replies: 2
Views: 850

Re: I need Wimax

What are you looking for that makes existing products unreasonable? I operate WiMAX products from several different vendors, and can likely offer comments on products you're looking at.
by blake
Sun Jun 12, 2011 3:25 am
Forum: General
Topic: My thoughts for v6
Replies: 51
Views: 11897

Re: My thoughts for v6

I thoroughly enjoyed reading the above post, and I wholeheartedly agree.
by blake
Wed Jun 08, 2011 7:45 am
Forum: General
Topic: DHCP Server Multiple Interfaces
Replies: 5
Views: 9014

Re: DHCP Server Multiple Interfaces

It allows you to take layer 3 interfaces in RouterOS and bridge them at layer 2 so that they emulate a layer 2 environment. If you're still confused, read this: TCP/IP Guide: Understanding The OSI Reference Model.

Hope this helps.
by blake
Wed Jun 08, 2011 7:30 am
Forum: General
Topic: DHCP Server Multiple Interfaces
Replies: 5
Views: 9014

Re: DHCP Server Multiple Interfaces

I'm not sure why you need to use the bridge interfaces. The configuration below should work. /ip address add interface=ether1 address=192.168.1.1/24 add interface=ether2 address=192.168.2.1/24 /ip pool add name=pool1 ranges=192.168.1.10-192.168.1.254 add name=pool2 ranges=192.168.2.10-192.168.2.254 ...
by blake
Tue Jun 07, 2011 9:16 pm
Forum: Beginner Basics
Topic: routeros simulator
Replies: 2
Views: 17216

Re: routeros simulator

You could use MetaROUTER for your simulations. I've used it for the exact thing, and it works fairly well.
by blake
Wed Jun 01, 2011 3:12 am
Forum: General
Topic: Integrating Facebook Connect with Hotspot Login / Authent ..
Replies: 132
Views: 274259

Re: Integrating Facebook Connect with Hotspot Login / Authen

the procedure that fewi describes indicates that this is to be done externally, so if one of you can write a solution and post on the wiki, you will receive a license and everyone will have the solution they wanted.
Level 6 license? 8)
by blake
Tue May 31, 2011 9:03 am
Forum: General
Topic: Thundercache
Replies: 20
Views: 8701

Re: Thundercache

what's thundercache?
http://www.thundercache.org/
Hi, I want know if in future, thundercache will be used inside mikrotik. Tank you.
Probably not.
by blake
Thu May 26, 2011 11:48 am
Forum: Forwarding Protocols
Topic: tcp-md5-key to cisco
Replies: 2
Views: 2062

Re: tcp-md5-key to cisco

If your password has special characters then try removing any back or forward slashes or exclamation points. I have a password containing the following symbols and it works fine between ROS 4.11 and IOS 12.0S.

#}(>&:,; (special characters from my password)
by blake
Fri May 20, 2011 8:02 am
Forum: Beginner Basics
Topic: need to retain a list of MAC Addresses on wlan1
Replies: 9
Views: 1760

Re: need to retain a list of MAC Addresses on wlan1

I would continue to look at '/log'. That's the only way I know to view devices attempting to connect, but which are denied.
by blake
Fri May 20, 2011 3:24 am
Forum: Beginner Basics
Topic: need to retain a list of MAC Addresses on wlan1
Replies: 9
Views: 1760

Re: need to retain a list of MAC Addresses on wlan1

It sounds like you want access-list, not connect-list.

Connect lists for controlling which AP's a subscriber unit attempts to register with, not which subscribers an AP will allow to register.
by blake
Fri May 20, 2011 3:20 am
Forum: Beginner Basics
Topic: Mikronoc 2200 router upgrade
Replies: 2
Views: 804

Re: Mikronoc 2200 router upgrade

The MikroNoc 2200 is not a MirkoTik product. It is a Axiomtek NA-820 x86 machine which is re-sold under different brand names (MikroNoc, PowerRouter, etc) by various companies with RouterOS pre-installed. Refer to this post for more info. The correct packages you want to download are the x86 packages.
by blake
Thu May 19, 2011 11:33 pm
Forum: RouterBOARD hardware
Topic: Picking the right hardware to replace Cisco hardware..?
Replies: 5
Views: 1176

Re: Picking the right hardware to replace Cisco hardware..?

If I'm not planning on doing an VLAN sorts of things for now and have a fairly simplistic network topology, then perhaps that's OK?.. With that in mind can I assume I'll not be tickling any of the oddities here and still get fast wire-line switching/routing? You will be able to achieve gigabit, wir...
by blake
Thu May 19, 2011 6:19 pm
Forum: Forwarding Protocols
Topic: Pxe Boot over multiple subnets
Replies: 4
Views: 2772

Re: Pxe Boot over multiple subnets

/ip dhcp-server network there you can add same next-server option, and do not need to do that through /ip dhcp-server option menu.
Good to know. Thanks!
by blake
Thu May 19, 2011 10:59 am
Forum: Forwarding Protocols
Topic: how to limit VPN user access to one server?
Replies: 12
Views: 20048

Re: how to limit VPN user access to one server?

hi blake, thanks for the reply.. for this "add chain=pptp-filter-in action=accept dst-address=1.1.1.1 protocol=tcp dst-port=21", how do i add chain=pptp-filter-in? because i only can find "forward, input, output" When you run that command it will create the chain 'pptp-filter-in' since it does not ...
by blake
Thu May 19, 2011 3:47 am
Forum: General
Topic: IP assignment via RADIUS and PPPoE
Replies: 5
Views: 1195

Re: IP assignment via RADIUS and PPPoE

Where do I route this /24 to, and where do the individual /32's originate from? You don't specifically have to route the /24 anywhere. Your edge router will obviously receive the block from the ISP, and internally you would just fill your IGP (OSPF, or BGP) with the /32's. As you grow your network ...
by blake
Thu May 19, 2011 3:21 am
Forum: Forwarding Protocols
Topic: Pxe Boot over multiple subnets
Replies: 4
Views: 2772

Re: Pxe Boot over multiple subnets

Assuming dhcp2 is for the 192.168.2.0/24 subnet /ip dhcp-server set dhcp2 bootp-support=dynamic /ip dhcp-server option add name=pxe-server code=66 value=192.168.0.2 /ip dhcp-server network set [find address="192.168.2.0/24"] dhcp-option=pxe-server Haven't tested this. But option 66 should be BOOTP '...
by blake
Thu May 19, 2011 2:19 am
Forum: Forwarding Protocols
Topic: BGP Peer-groups with Cisco
Replies: 4
Views: 2928

Re: BGP Peer-groups with Cisco

Syntactically there is no equivalent in MikroTik. If you at least want to create peers with a standard config you could probably do something like this. /routing bgp peer # Templates add disabled=yes remote-address=127.0.0.1 remote-as=11111 update-source=loopback0 name=ibgp-template out-filter=inter...
by blake
Wed May 18, 2011 10:17 pm
Forum: Forwarding Protocols
Topic: how to limit VPN user access to one server?
Replies: 12
Views: 20048

Re: how to limit VPN user access to one server?

You could use dynamic PPP filters to achieve this. /ip firewall filter add chain=pptp-filter-in action=accept dst-address=1.1.1.1 protocol=tcp dst-port=21 add chain=pptp-filter-in action=drop add chain=pptp-filter-out action=drop add chain=forward action=jump jump-target=ppp /ppp profile add name=fi...
by blake
Wed May 18, 2011 1:03 am
Forum: General
Topic: Bridge Filters - Allow VLAN, Block IP
Replies: 5
Views: 4004

Re: Bridge Filters - Allow VLAN, Block IP

Unfortunately I haven't found a way to keep broadcast off of a VPLS tunnel. I guess it wouldn't be broadcast if it couldn't go everywhere on a single layer 2 domain.

If you don't want broadcasts on a backhaul, route.
by blake
Wed May 18, 2011 12:58 am
Forum: General
Topic: Need help (config Mikrotik - WEB-Proxy)
Replies: 1
Views: 922

Re: Need help (config Mikrotik - WEB-Proxy)

You want email to use a web proxy? Doesn't work. What exactly are you trying to achieve? Who is your email provider? Most providers allow you to use the SMTP Alternate Submission port of 587. You can take packets originally destined to your ISP's email servers on port 25, and rewrite them to port 58...
by blake
Tue May 17, 2011 9:35 pm
Forum: RouterBOARD hardware
Topic: Picking the right hardware to replace Cisco hardware..?
Replies: 5
Views: 1176

Re: Picking the right hardware to replace Cisco hardware..?

Some things I'd like to improve upon if a switch to another platform is done :D : Increase routing speeds from FastEthernet (10/100) to Gigabit MikroTik will only offer gigabit, wireline forwarding if you use the Switch Chip feature. Using this feature limits the things you can do with each host. F...
by blake
Tue May 17, 2011 9:06 pm
Forum: General
Topic: [solved] freeradius + aaa + assign users to groups
Replies: 9
Views: 8785

Re: freeradius + aaa + assign users to groups

I used the above config with ROS 4.x. Haven't tried it with 5.x. Is that what you are using?
do i need to have anything in radusergroup table ?
You don't need anything. It's optional based on your return params.
by blake
Tue May 17, 2011 8:59 pm
Forum: General
Topic: [solved] freeradius + aaa + assign users to groups
Replies: 9
Views: 8785

Re: freeradius + aaa + assign users to groups

The 'radusergroup' table is only used inside FreeRADIUS for assigning RADIUS users to 'RADIUS groups', and then returning a set of replies to said group. ie: radcheck id | username | attribute | op | value ----+-------------------+---------------+----+------------------- 67 | 00:15:6D:33:0B:48 | Use...
by blake
Tue May 17, 2011 12:53 am
Forum: Wireless Networking
Topic: Router OS 5.0 X86 Hotspot wrong IP address
Replies: 9
Views: 1582

Re: Router OS 5.0 X86 Hotspot wrong IP address

Do you have a DHCP server running on that interface? It should grab an address from that DHCP server pool.
by blake
Mon May 16, 2011 10:11 am
Forum: Beginner Basics
Topic: Configuring Fiber Routing
Replies: 4
Views: 2869

Re: Configuring Fiber Routing

It doesn't look like they're routing you that block. Here's some truncated traceroutes from my point of view. Traceroute to 24.153.244.26 19 gig3-0-0.austtxrdc-p-rtr01.texas.rr.com (24.93.60.152) 101.857 ms 87.066 ms 99.997 ms 20 gig2-0-0.snantx6000-pe-rtr01.texas.rr.com (24.93.60.150) 98.381 ms 89....
by blake
Mon May 16, 2011 1:50 am
Forum: Wireless Networking
Topic: Router OS 5.0 X86 Hotspot wrong IP address
Replies: 9
Views: 1582

Re: Router OS 5.0 X86 Hotspot wrong IP address

http://wiki.mikrotik.com/wiki/Manual:Ho ... an_Address

One-to-one NAT can be disabled by un-setting the address-pool parameter under /ip hotspot. ie:
/ip hotspot set 0 address-pool=none
by blake
Mon May 16, 2011 1:35 am
Forum: General
Topic: Bridge Filters - Allow VLAN, Block IP
Replies: 5
Views: 4004

Re: Bridge Filters - Allow VLAN, Block IP

I really need to have complete, normal, straight routing of L3 traffic while maintaining the ability to bridge VLAN traffic. Can anyone help with this?
A tunnel is probably your best bet. VPLS, or otherwise.
by blake
Sun May 15, 2011 6:35 am
Forum: Beginner Basics
Topic: Help with my 450G
Replies: 7
Views: 1101

Re: Help with my 450G

/interface ethernet set ether3,ether4,ether5 master-port=ether2
by blake
Sat May 14, 2011 2:37 am
Forum: General
Topic: Crazy routing problem.
Replies: 16
Views: 1297

Re: Crazy routing problem.

Is there any way you could post your entire configs? Its difficult to see what may be the problem with the information we've seen so far.

You could contact me outside of this site via telephone if you wish. I'm also currently in the #mikrotik chat on irc.freenode.net if you want to PM me there.
by blake
Sat May 14, 2011 2:22 am
Forum: General
Topic: Crazy routing problem.
Replies: 16
Views: 1297

Re: Crazy routing problem.

You're right. It is needed for NAT. I quickly skimmed your post and suggested that since you seemed to express an interest in disabling that. Here is the dump on those commands: /ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=38.119.60.69 scope=30 target-scope=10 add comment="Coms...
by blake
Sat May 14, 2011 1:21 am
Forum: General
Topic: Crazy routing problem.
Replies: 16
Views: 1297

Re: Crazy routing problem.

/ip firewall connection tracking set enabled=no
Have you done that on the router?
by blake
Fri May 13, 2011 6:57 pm
Forum: Beginner Basics
Topic: pppoe problem
Replies: 1
Views: 398

Re: pppoe problem

/interface pppoe-server server set 0 service-name=<Unique name> http://wiki.mikrotik.com/wiki/Manual:Interface/PPPoE#PPPoE_Server_Setup_.28Access_Concentrator.29 I believe that will prevent the other ISP's clients from attempting to use your server. You'll have to set the service-name parameter on ...
by blake
Fri May 13, 2011 5:57 pm
Forum: Beginner Basics
Topic: need help...Cisco to mikrotik comand
Replies: 1
Views: 1368

Re: need help...Cisco to mikrotik comand

/interface ethernet set ether1 arp=enabled auto-negotiation=yes set ether2 arp=enabled auto-negotiation=yes /ip address add interface=ether1 address=yyy.yyy.yyy.yyy/CIDR add interface=ether2 address=xxx.xxx.xxx.xxx/CIDR /ip firewall filter add action=accept chain=inside-inbound protocol=icmp add ac...
by blake
Fri May 13, 2011 1:27 am
Forum: Forwarding Protocols
Topic: Remote Asterisk Extension Issues
Replies: 4
Views: 1722

Re: Remote Asterisk Extension Issues

I'm in there now. Should be around for another hour or so.
by blake
Fri May 13, 2011 1:26 am
Forum: General
Topic: Crazy routing problem.
Replies: 16
Views: 1297

Re: Crazy routing problem.

What about on B2…could you show me the output of
/ip route print where 38.119.61.0 in dst-address
/ip route export
Also, you said if you start a ping from a host connected off of B3 then the traceroutes into the 38.119.61.0/25 subnet magically start working?
by blake
Thu May 12, 2011 11:53 pm
Forum: Forwarding Protocols
Topic: Routing problem
Replies: 3
Views: 1233

Re: Routing problem

What is the source IP address of your Juniper when performing traceroutes? Is that IP being advertised via BGP? Could you post the following info?
/ip address export
/ip route print
/routing bgp export
Thanks.
by blake
Thu May 12, 2011 11:52 pm
Forum: General
Topic: Crazy routing problem.
Replies: 16
Views: 1297

Re: Crazy routing problem.

Could you post the following information?
/ip address export
/ip route export
/ip firewall filter export
by blake
Thu May 12, 2011 11:48 pm
Forum: Forwarding Protocols
Topic: Remote Asterisk Extension Issues
Replies: 4
Views: 1722

Re: Remote Asterisk Extension Issues

There's probably something missing in the information you've provided. I can't see why this wouldn't work, but maybe with a bit more interactive debugging we could solve this.

Do you ever visit the #mikrotik IRC channel on irc.freenode.net?
by blake
Thu May 12, 2011 11:50 am
Forum: RouterBOARD hardware
Topic: RouterOS downgrade problem of RouterBOARD 750G
Replies: 2
Views: 2618

Re: RouterOS downgrade problem of RouterBOARD 750G

Upload the packages. Then…
/system package downgrade
by blake
Thu May 12, 2011 11:46 am
Forum: Beginner Basics
Topic: Help with my 450G
Replies: 7
Views: 1101

Re: Help with my 450G

A software bridge will not have the same port-to-port forwarding performance as using the switch chip. You do not want to use a software bridge with our simple network setup.

Just do this on ports 3-5.
/interface ethernet set master-port=ether2
Put the DHCP server on ether2.
by blake
Tue May 10, 2011 11:11 pm
Forum: General
Topic: MT 5.2 bridged vlan's dhcp trouble
Replies: 16
Views: 4158

Re: MT 5.2 bridged vlan's dhcp trouble

Can you describe your topology in a bit more detail? Is the MT trunking those VLANs into a switch, or connecting directly to VLAN-aware devices on lan1?
by blake
Tue May 10, 2011 2:00 am
Forum: General
Topic: MT 5.2 bridged vlan's dhcp trouble
Replies: 16
Views: 4158

Re: MT 5.2 bridged vlan's dhcp trouble

Could you please provide more information? Post the output of:
/interface bridge export
/interface vlan print
/interface dhcp-server print
/ip address print
Thanks.
by blake
Sat May 07, 2011 10:56 pm
Forum: General
Topic: using OpenDNS
Replies: 3
Views: 810

Re: using OpenDNS

Where do I enter the main DNS settings? In IP > DNS, or DHCP Server? other? You enter it under the OpenDNS servers under '/ip dns'. All DNS requests from hotspot users (even to outside IPs) are captured and redirected to RouterOS's local DNS daemon. Insert OpenDNS servers under '/ip dns' to ensure ...
by blake
Sat May 07, 2011 10:45 pm
Forum: General
Topic: Can you route mark Vonage.
Replies: 5
Views: 685

Re: Can you route mark Vonage.

Hello, we have 4 ISP links and we would like to route all traffic going to Vonage down one link? /ip firewall mangle add chain=prerouting passthrough=yes action=mark-connection new-connection-mark=voip dst-port=5060-5061 protocol=tcp add chain=prerouting passthrough=yes action=mark-connection new-c...
by blake
Sat May 07, 2011 10:30 pm
Forum: General
Topic: Remote Asterisk Extension Issues
Replies: 8
Views: 1158

Re: Remote Asterisk Extension Issues

Are the packets hitting a drop filter somewhere? Could you show us your logs?
by blake
Sat May 07, 2011 10:21 pm
Forum: General
Topic: Question for certified consultants
Replies: 4
Views: 728

Re: Question for certified consultants

I'm not a MikroTik certified consultant, but I am a consultant. Maybe your questions weren't answered because they're not very clear. How often do you apply for paid help? Are you asking how often consultants solicit the help of other consultants in order to complete a job? For me, never. Then again...
by blake
Sat May 07, 2011 7:04 am
Forum: General
Topic: VLAN sub-if MAC
Replies: 7
Views: 740

Re: VLAN sub-if MAC

Yes, this is normal. The same thing happens with Cisco equipment. There's no need to be concerned since each interface is on its own broadcast domain, and thus there's no conflict.
by blake
Sat May 07, 2011 4:45 am
Forum: General
Topic: RouterBOARD 750 not handing out DHCP leases anymore
Replies: 1
Views: 611

Re: RouterBOARD 750 not handing out DHCP leases anymore

What RouterOS version are you running? I saw this on ROS 4.6. ROS 4.7 resolved that issue.
fixed mac address handling on RB750, some specific arp requests did not work
http://www.mikrotik.com/download/CHANGELOG_4
by blake
Fri May 06, 2011 8:49 am
Forum: General
Topic: Upgrade went wrong
Replies: 2
Views: 401

Re: Upgrade went wrong

Do you have physical access to the router? Could you show us the output of '/ip address print', '/ip route print', and '/ip firewall nat print' ?

Also '/ip firewall mangle print'.
by blake
Tue May 03, 2011 10:03 am
Forum: Beginner Basics
Topic: Undo changes
Replies: 1
Views: 1436

Re: Undo changes

http://wiki.mikrotik.com/wiki/Manual:Console#Safe_Mode

RouterOS 5.0rc6 added Safe Mode to Winbox.
by blake
Tue May 03, 2011 1:18 am
Forum: General
Topic: In need of a consultant
Replies: 4
Views: 747

Re: In need of a consultant

That's quite a distance. Where are you located?
by blake
Thu Apr 28, 2011 1:30 am
Forum: RouterBOARD hardware
Topic: RB1100 random chrashing
Replies: 4
Views: 1099

Re: RB1100 random chrashing

I had issues with MetaROUTER on my RB1100. Disabled it entirely and things work well. I would definitely recommend trying that.
by blake
Mon Apr 25, 2011 6:11 am
Forum: Forwarding Protocols
Topic: MPLS on existing network.
Replies: 3
Views: 1060

Re: MPLS on existing network.

So, If I understand correctly. The L2MTU setting is how you tell mikrotik the mtu of the underlying link? L2MTU is how you configure the largest layer 2 packet size an interface will accept, minus the Ethernet header. The first picture in that link explains fairly well. You could possibly look at i...
by blake
Sun Apr 24, 2011 5:40 am
Forum: Forwarding Protocols
Topic: MPLS on existing network.
Replies: 3
Views: 1060

Re: MPLS on existing network.

What did we miss about MPLS that made this go haywire? MTU . Assuming each packet only has a single MPLS label (4 bytes) then all of your intermediary devices need to be able to support at a minimum 1504 byte packet sizes at layer 2. On MikroTik you need to adjust the l2mtu parameter, and Cisco its...
by blake
Fri Apr 22, 2011 7:54 am
Forum: General
Topic: 2011 - MUM USA
Replies: 3
Views: 428

Re: 2011 - MUM USA

My 2nd choice would be Las Vegas but then late Fall or early Winter.
Las Vegas would work well for me. :-)
by blake
Mon Apr 18, 2011 9:00 pm
Forum: Wireless Networking
Topic: Interface HTB - hidden buffer
Replies: 44
Views: 12545

Re: Interface HTB - hidden buffer

Right. I was talking about about lowering tx queue length as being the solution the specific problem you're seeing with packets being queued below ROS when the interface is saturated.

I agree other algorithms are still needed at layer 3 to signal early network congestion (RED w/ ECN, SFB, etc).
by blake
Mon Apr 18, 2011 12:31 am
Forum: Wireless Networking
Topic: Interface HTB - hidden buffer
Replies: 44
Views: 12545

Re: Interface HTB - hidden buffer

I understand you are experiencing delays due to hardware queues. This is still bufferbloat. Lowering the size of the hardware TX queues is a solution for Ethernet interfaces. The bufferbloat devs are hard at work on various 802.11 drivers to help reduce the effect of bufferbloat on those types of in...
by blake
Fri Apr 15, 2011 5:07 pm
Forum: General
Topic: Please help me sxt-5d 4.16 to 5.9 problems
Replies: 8
Views: 1866

Re: Please help me sxt-5d 4.16 to 5.9 problems

The solution is Update method through the program (FileZilla 3.2.3 win32.zip) type of the types of programs (FTP). On a technical level, the issue was probably related to you incorrectly uploading the files in ASCII instead of BINARY format. An intelligent program like FileZilla will detect the typ...
by blake
Thu Apr 14, 2011 7:21 pm
Forum: Wireless Networking
Topic: Interface HTB - hidden buffer
Replies: 44
Views: 12545

Re: Interface HTB - hidden buffer

Allright, I've looked into this book: Cisco - routing and switching (http://www.ciscopress.com/bookstore/product.asp?isbn=1587201968) and I found a page where they say that devices use also a hardware queue, and the description fits exactly. What your experiencing is Bufferbloat ( What is bufferblo...
by blake
Wed Apr 13, 2011 10:24 am
Forum: Beginner Basics
Topic: Question regarding DNS and DDNS
Replies: 4
Views: 707

Re: Question regarding DNS and DDNS

http://wiki.mikrotik.com/wiki/Dynamic_D ... angeIP.com

I modified that script to work with my local BIND server. Works well.
by blake
Wed Apr 13, 2011 10:20 am
Forum: General
Topic: Please help me sxt-5d 4.16 to 5.9 problems
Replies: 8
Views: 1866

Re: Please help me sxt-5d 4.16 to 5.9 problems

Is there another way, return the update version v4.17
http://wiki.mikrotik.com/wiki/Manual:Netinstall
by blake
Tue Apr 12, 2011 11:24 am
Forum: General
Topic: Problems getting MAC-Auth working with Radius and SQL
Replies: 4
Views: 758

Re: Problems getting MAC-Auth working with Radius and SQL

How can we terminate the session when we delete the user from our database?
http://wiki.freeradius.org/Disconnect_Messages

I use this method and it works fine. The disconnect message must be originated from the RADIUS server though. It cannot come from an outside server.
by blake
Tue Apr 12, 2011 8:07 am
Forum: General
Topic: Wisp
Replies: 1
Views: 391

Re: Wisp

MikroTik: How to Start a Wireless ISP
http://www.dslreports.com/faq/wisp/2_How_to_start

You should also consider hiring a consultant if you are unable to understand some of the fundamentals provided in above links.
by blake
Tue Apr 12, 2011 7:59 am
Forum: Beginner Basics
Topic: Firewall connection-state=invalid
Replies: 5
Views: 5863

Re: Firewall connection-state=invalid

[Connection-state] interprets the connection tracking analysis data for a particular packet: established - a packet which belongs to an existing connection invalid - a packet which could not be identified for some reason new - a packet which begins a new connection related - a packet which is relat...
by blake
Tue Apr 12, 2011 7:54 am
Forum: Beginner Basics
Topic: Print Firewall connection result
Replies: 4
Views: 673

Re: Print Firewall connection result

Please explain me what means [0-9]? Is it possible to print (see) it using WinBox? First off, the tilde ( ~ ) signifies that you want to match the value dst-address against a regular expression . http://wiki.mikrotik.com/wiki/Manual:Scripting#Other_Operators The [0-9] says that you want the regex t...
by blake
Mon Apr 11, 2011 10:14 am
Forum: Beginner Basics
Topic: Print Firewall connection result
Replies: 4
Views: 673

Re: Print Firewall connection result

/ip firewall connection
print where protocol="tcp" dst-address~"172.0.0.[0-9]+:110"
by blake
Sun Apr 03, 2011 2:38 pm
Forum: General
Topic: a result of the telnet/api with php
Replies: 2
Views: 502

Re: a result of the telnet/api with php

Send this API command and store the results in a variable.
/ip/firewall/filter/print =stats =.proplist=bytes
http://wiki.mikrotik.com/wiki/API_PHP_class
by blake
Mon Mar 28, 2011 7:51 pm
Forum: Beginner Basics
Topic: Difference between Software versions
Replies: 2
Views: 491

Re: Difference between Software versions

They're for different processor types.
by blake
Mon Mar 28, 2011 3:59 am
Forum: Forwarding Protocols
Topic: Redirect without hotspot
Replies: 3
Views: 1490

Re: Redirect without hotspot

How about this? /ip firewall nat add chain=dstnat src-address=192.168.1.83 protocol=tcp dst-port=80 action=redirect to-ports=8080 /ip proxy set enabled=yes port=8080 /ip proxy access add dst-port=80 action=allow dst-host="188.132.227.1" add dst-port=80 action=deny redirect-to="188.132.227.1" You'll ...
by blake
Mon Mar 28, 2011 3:50 am
Forum: Forwarding Protocols
Topic: [BGP] How to connect two bgp networks ...
Replies: 7
Views: 1503

Re: [BGP] How to connect two bgp networks ...

How, I could make R4 to advertise R5 and R6 networks to R3 with AS path "4" instead of "4 5 1"? If all of the routers in 'network 2' are under a common administration then it seems what you're describing is BGP Confederations . If you are, I can show you how to do it in MikroTik. If not, then I don...
by blake
Sat Mar 26, 2011 12:24 pm
Forum: Forwarding Protocols
Topic: RB1000 & BGP
Replies: 2
Views: 695

Re: RB1000 & BGP

our experience has been that it doesn't do all that well. If you turn off basically everything else (conntrack, queues, firewall) it will get by with 2 peers probably. It takes a long time to converge. we ended up moving to a powerouter 732
So, basically just an x86 box.
by blake
Sat Mar 26, 2011 12:18 pm
Forum: General
Topic: Hiring someone to conif my 493AH with a squid Server
Replies: 7
Views: 732

Re: Hiring someone to conif my 493AH with a squid Server

Well I have objects being saved to the hard drive the cache file grows in size but I do not get any hits when I return to the same site over and over it is all misses. Nothing gets taken from the cache it keeps going back to the source (ie:the internet) It is like it is caching all the objects etc....
by blake
Sat Mar 26, 2011 1:02 am
Forum: General
Topic: Hiring someone to conif my 493AH with a squid Server
Replies: 7
Views: 732

Re: Hiring someone to conif my 493AH with a squid Server

What problems are you having? I have some experience working with your desired setup.
by blake
Fri Mar 11, 2011 10:14 pm
Forum: General
Topic: In need of programming assistance
Replies: 1
Views: 299

Re: In need of programming assistance

There's an API which is accessible on all routers via TCP/IP. There's an example Python client on the wiki.
by blake
Tue Mar 08, 2011 9:36 am
Forum: General
Topic: Subnet Dividing
Replies: 3
Views: 563

Re: Subnet Dividing

http://www.techrepublic.com/article/ip- ... sy/6089187

192.0.2.0/30
192.0.2.4/30
192.0.2.8/30
192.0.2.12/30

That's all you'll get subnetting into multiple /30s.
by blake
Tue Mar 01, 2011 12:25 am
Forum: Beginner Basics
Topic: IP Packing
Replies: 1
Views: 539

Re: IP Packing

by blake
Wed Feb 23, 2011 7:49 am
Forum: Virtualization
Topic: How to connect metarouters
Replies: 1
Views: 1577

Re: How to connect metarouters

You can't connect them directly together, but you can do it through a bridge on the host. /interface bridge add name=vm-bridge /metarouter add name=mr0 add name=mr1 /metarouter interface add virtual-machine=mr0 type=static static-interface=ether1 add virtual-machine=mr0 type=dynamic dynamic-bridge=v...
by blake
Sun Feb 20, 2011 7:30 pm
Forum: Forwarding Protocols
Topic: hypothetical semi-merge of two networks
Replies: 2
Views: 937

Re: hypothetical semi-merge of two networks

VLAN s are one way to do it . It'll allow you to separate your clients traffic at layer 2, and then handle all layer 3 routing independent of each other. If you have a large bridged network you'll just have to build the VLANs out in your switches from your core to your access layer. If you're using...
by blake
Mon Feb 14, 2011 10:35 pm
Forum: Forwarding Protocols
Topic: Load balancing?
Replies: 6
Views: 1872

Re: Load balancing?

You could do something like this to handle inbound BGP redundancy. http://www.vyatta.org/forum/viewtopic.php?p=4213&sid=0b9f48079b1388c4fb722704ac6221ae And here's a sample config to implement that config in MikroTik. ### Router 1 ### /interface vrrp add interface=ether1 name=vrrp1 vrid=1 priority=2...
by blake
Mon Feb 14, 2011 10:29 pm
Forum: Forwarding Protocols
Topic: Problem in route filters
Replies: 2
Views: 1055

Re: Problem in route filters

Could you post your filter rules?

Also, you may just need to refresh or re-send your routes after a filter update.
/routing bgp peer resend-all
/routing bgp peer refresh-all
You can also perform refresh and resend a single peer basis by using 'resend <peer name or number>'
by blake
Mon Feb 14, 2011 11:09 am
Forum: General
Topic: cache youtube
Replies: 11
Views: 5330

Re: cache youtube

how can cache the youtube's video ?????
Check out VideoCache which is a piece of software that needs to be used in conjunction with Squid.
by blake
Fri Feb 11, 2011 11:58 pm
Forum: Forwarding Protocols
Topic: squid proxy
Replies: 2
Views: 1181

Re: squid proxy

/ip proxy
set parent-proxy=192.121.122.3 parent-proxy-port=3128
You should put the proxy and client computers on different IP subnets. What physical or virtual interface you configure for those segments is up to you.
by blake
Fri Feb 11, 2011 12:06 am
Forum: Beginner Basics
Topic: dhcp-client on vif
Replies: 6
Views: 2511

Re: dhcp-client on vif

Do you have any bridge filter or IP firewall rules active on your WAN port? If so, could you please share those? The virtual-ethernet pseudo interfaces are designed to operate exclusively with Metarouter instances. They cannot function as standalone interfaces. Here's the documentation you requested...
by blake
Thu Feb 10, 2011 7:43 am
Forum: Beginner Basics
Topic: dhcp-client on vif
Replies: 6
Views: 2511

Re: dhcp-client on vif

I found a way to do this but it limits you to only two DHCP clients / obtainable IPs (one for the bridge, one for the physical interface), and the requests cannot come from the same MAC address. Generate a fake MAC by creating an EoIP interface, copy the MAC address, then delete the interface. /inte...
by blake
Thu Feb 10, 2011 7:28 am
Forum: Wireless Networking
Topic: R52hn with airmax sector antenna
Replies: 6
Views: 3163

Re: R52hn with airmax sector antenna

please confirm me that is this antenna work fine with R52hn ?
They work great. I have several 2G-16-90's on R52HN's and R52N's. No issues.
by blake
Tue Feb 08, 2011 10:20 pm
Forum: Forwarding Protocols
Topic: Load balancing?
Replies: 6
Views: 1872

Re: Load balancing?

Which router is going to speaking BGP? Will your provider let you create BGP peering sessions from all three routers?

Refer to this thread regarding redundant PPPoE. You'll have to route separate customer IP blocks to each PPPoE AC.
by blake
Tue Feb 08, 2011 10:08 pm
Forum: Beginner Basics
Topic: Reset TX and RX bytes
Replies: 8
Views: 3713

Re: Reset TX and RX bytes

From the CLI.
reset-counters <interface name>
by blake
Tue Feb 08, 2011 6:49 pm
Forum: General
Topic: Multicast PIM-SM routing and RP
Replies: 3
Views: 667

Re: Multicast PIM-SM routing and RP

Also it is recommended to disable IGMP snooping on switches.
Why? IGMP Snooping ensures efficient delivery of multicast data at layer 2.
by blake
Tue Feb 08, 2011 1:12 am
Forum: Forwarding Protocols
Topic: Load balancing?
Replies: 6
Views: 1872

Re: Load balancing?

How many routers are you planning to have speaking BGP with your upstream? Depending on your network design you could "load balance" or manually distribute PPPoE sessions between multiple routers. That would at least eliminate a single point of failure on the aggregation side. Could you post a diagr...
by blake
Sun Feb 06, 2011 11:30 pm
Forum: Wireless Networking
Topic: E1 Transmition Via MikroTik Wireless
Replies: 7
Views: 1469

Re: E1 Transmition Via MikroTik Wireless

TDMoIP, and the IPmux you mention would imply RAD products…something he said he does not want to use.
by blake
Sun Feb 06, 2011 10:03 am
Forum: Wireless Networking
Topic: E1 Transmition Via MikroTik Wireless
Replies: 7
Views: 1469

Re: E1 Transmition Via MikroTik Wireless

Yes, I did not get any proper answer and I sent it again.
I want to do it on MikroTik, not any other brands.
So then I assume you want to transport it as native TDM. You can't do that using MikroTik, but I already told you that once.
by blake
Thu Feb 03, 2011 11:00 am
Forum: Forwarding Protocols
Topic: mikrotik hotspot + asterisk
Replies: 3
Views: 1291

Re: mikrotik hotspot + asterisk

/ip hotspot ip-binding
add server=<server name> address=<Asterisk.IP> typed=bypassed
by blake
Thu Feb 03, 2011 10:57 am
Forum: General
Topic: Missing frequencies
Replies: 7
Views: 1008

Re: Missing frequencies

/interface wireless set wlan1 frequency-mode=superchannel
by blake
Mon Jan 31, 2011 12:48 pm
Forum: Wireless Networking
Topic: E1 Transmition Via MikroTik Wireless
Replies: 1
Views: 616

Re: E1 Transmition Via MikroTik Wireless

Transport the data as Ethernet, or actual E1 framing transported via wireless? If the latter, my may want to look into a RAD Airmux-200.
by blake
Wed Jan 26, 2011 1:34 am
Forum: Beginner Basics
Topic: Time Constraint to internet
Replies: 5
Views: 1088

Re: Time Constraint to internet

Correct. It will allow Internet from midnight to 6am, then disallow any further access outside of that timeframe.
by blake
Sun Jan 23, 2011 3:51 am
Forum: Beginner Basics
Topic: Time Constraint to internet
Replies: 5
Views: 1088

Re: Time Constraint to internet

/ip firewall filter
add chain=forward action=accept time=0s-6h,sun,mon,tue,wed,thu,fri out-interface=internet
add chain=forward action=drop out-interface=internet
You probably want to enable NTP client on your router so your local time is accurate.
by blake
Sat Jan 22, 2011 9:59 pm
Forum: General
Topic: Unlimited some services or dst-ip after login (hotspot)
Replies: 5
Views: 1436

Re: Unlimited some services or dst-ip after login (hotspot)

/ip firewall nat add chain=pre-hotspot action=accept
dst-address-type=!local hotspot=auth
Maybe this? Credit should go to fewi.
by blake
Sat Jan 22, 2011 9:57 pm
Forum: General
Topic: VLAN Issue - Yet Again
Replies: 3
Views: 690

Re: VLAN Issue - Yet Again

How could this be done on an unmanaged switch?
You can't. Buy a managed switch. Refurbished Cisco's are cheap. In fact, I have a number of 3500XL's and 2900XL's I'm looking to get rid of.… :)
by blake
Sat Jan 22, 2011 1:31 am
Forum: Forwarding Protocols
Topic: Newbie BGP Problems
Replies: 5
Views: 904

Re: Newbie BGP Problems

Are you doing '/tool traceroute src-address=10.10.10.2 10.10.10.1' ?

What's the routing table from the first box look like?
by blake
Fri Jan 21, 2011 10:17 pm
Forum: General
Topic: Switch group with VLAN on master interface
Replies: 1
Views: 507

Re: Switch group with VLAN on master interface

Unfortunately, no.

The switch chips simply switch VLAN tags. They do not allow layer 3 / routed interfaces to be inserted into the switch by simply adding the VLAN atop the Master Port. MikroTik does not currently have the ability to function as a regular layer 3 switch.
by blake
Thu Jan 20, 2011 3:51 am
Forum: General
Topic: Mikrotik setup with Squid+TProxy
Replies: 9
Views: 2611

Re: Mikrotik setup with Squid+TProxy

You should only need / require TProxy in when using public IPs to customers. Since you're not using public IPs I don't see any reason to use TProxy. Just redirect them with dst-nat and define 'http_port 3129 transparent' (or something similar) for the Squid listening port. NAT Squid across the ADSL ...
by blake
Wed Jan 19, 2011 1:32 am
Forum: General
Topic: default static route causing routing loop
Replies: 2
Views: 1099

Re: default static route causing routing loop

/ip route add dst-address=3.3.3.0/24 type=unreachable distance=254
by blake
Fri Jan 14, 2011 4:33 pm
Forum: Forwarding Protocols
Topic: OSPF Setup and working, couple of questions about COST
Replies: 1
Views: 648

Re: OSPF Setup and working, couple of questions about COST

Could you draw a quick diagram to explain in more detail? Are the routers all plugging into two separate switches on either interface?
by blake
Fri Jan 14, 2011 8:52 am
Forum: Forwarding Protocols
Topic: VRF and NAT Masquerade
Replies: 7
Views: 3441

Re: VRF and NAT Masquerade

I take it you're following this tutorial?

http://wiki.mikrotik.com/wiki/Internet_ ... F_with_NAT
by blake
Wed Jan 12, 2011 12:34 pm
Forum: Forwarding Protocols
Topic: OSPF issue thru IP Tunnel
Replies: 1
Views: 1466

Re: OSPF issue thru IP Tunnel

Sounds like you may be experiencing the problem described in the following links.

http://forum.mikrotik.com/viewtopic.php?t=31819&f=2
http://www.mail-archive.com/mikrotik@ma ... 04772.html
by blake
Wed Jan 12, 2011 11:48 am
Forum: General
Topic: Excluding host from getting proxied?
Replies: 7
Views: 845

Re: Excluding host from getting proxied?

There is no such feature in the standard ROS firewall filter facilities. Although, you could use this script which describes how you can use scripting to enable the use of hostnames in firewall rules.
by blake
Wed Jan 12, 2011 9:29 am
Forum: Forwarding Protocols
Topic: analog cisco sh ip bgp x.x.x.x
Replies: 7
Views: 1404

Re: analog cisco sh ip bgp x.x.x.x

/ip route print detail where 90.189.192.1 in dst-address and bgp
by blake
Fri Jan 07, 2011 11:31 am
Forum: General
Topic: How to make a transparent bridge between a local LAN and VPN
Replies: 2
Views: 824

Re: How to make a transparent bridge between a local LAN and

Create a separate VLAN / routed port for the industrial machines and enable proxy-arp on the interface. Terminate your VPN into ROS like normal. Do not put it into a bridge.

Should work fine.
by blake
Fri Jan 07, 2011 12:49 am
Forum: Scripting
Topic: cannot update root of zone with "/tool dns-update"
Replies: 3
Views: 816

Re: cannot update root of zone with "/tool dns-update"

You could just CNAME mydomain.ch to gw.mydomain.ch.
by blake
Thu Jan 06, 2011 1:38 am
Forum: General
Topic: v5rc7 released
Replies: 95
Views: 16321

Re: v5rc7 released

ppp-scaner ... Scan what for ???
To find all of the Access Concentrators present on the broadcast domain.
by blake
Wed Jan 05, 2011 9:52 am
Forum: Beginner Basics
Topic: Port forwarding to specific multiple IP's
Replies: 16
Views: 7734

Re: Port forwarding to specific multiple IP's

Are you wanting to access a single IP (dst-address) and forward a single port (dst-port) to multiple internal IPs (to-addresses)? If so, that's not possible. You could forward multiple dst-address' to different to-addresses, or different dst-ports to separate to-addresses. ie: # Different dst-addres...
by blake
Wed Jan 05, 2011 5:31 am
Forum: General
Topic: Switch chip rules and delivering packets to VLAN interfaces
Replies: 5
Views: 5166

Re: Switch chip rules and delivering packets to VLAN interfa

Yes, I tried implementing this exact type of configuration. MikroTik does not support it. The best way around it is to use an external router. I've thought about trying to loop two ports back to back, so… ether1 as VLAN trunk connected to ether2 which is a master port…although I've never really gott...
by blake
Wed Jan 05, 2011 4:07 am
Forum: Beginner Basics
Topic: Advice on a new RouterOS WISP test project
Replies: 9
Views: 1427

Re: Advice on a new RouterOS WISP test project

I'm looking at a question a bit like this but I'm looking at Vlans rather than pppoe as it seems to be the new flavour of the month. From what I can tell about Linux and vlans I'll end up with a few advantages and a simpler system to manage. PPPoE offers user authentication and some data privacy (?...
by blake
Tue Jan 04, 2011 2:14 am
Forum: Forwarding Protocols
Topic: BGP configuration problems?
Replies: 6
Views: 1408

Re: BGP configuration problems?

I can help you understand some BGP fundamentals if you want. Feel free to give me a call at the number below.
by blake
Mon Jan 03, 2011 11:24 pm
Forum: Forwarding Protocols
Topic: BGP configuration problems?
Replies: 6
Views: 1408

Re: BGP configuration problems?

Hi, I'm curious, why are you running separate BGP instances for your iBGP and eBGP peers? You can terminate both on the same BGP instance. What exactly did the traffic do when the South router's eBGP peer dropped? I see you're sending default routes between the two routers, so your traffic should ha...
by blake
Thu Dec 30, 2010 10:33 am
Forum: General
Topic: IPv6 TODO
Replies: 54
Views: 10062

Re: IPv6 TODO

IPv6 DHCP stateless configuration & prefix assignment
You probably mean stateful address allocation.

Any plans to support MPLS 6PE?
by blake
Thu Dec 30, 2010 10:07 am
Forum: General
Topic: FORUM SECURITY request
Replies: 8
Views: 1339

Re: FORUM SECURITY request

I don't think PHPBB supports this.
Look under 'Cookie Secure.'
http://www.phpbb.com/support/documentat ... er_cookies

And Server Protocol…
http://www.phpbb.com/support/documentat ... r_settings
by blake
Thu Dec 23, 2010 10:37 am
Forum: Beginner Basics
Topic: pptp and radius
Replies: 2
Views: 404

Re: pptp and radius

Do you have a local-address defined for your PPTP's '/ppp profile' ?

Mind pasting the output of '/ppp profile export' and '/interface pptp-server server export' ?
by blake
Wed Dec 22, 2010 11:34 pm
Forum: Scripting
Topic: Is it possible to have a catch of command execution?
Replies: 4
Views: 942

Re: Is it possible to have a catch of command execution?

Currently there is no built in catch.
Is there any timeframe on the implementation of this? Back you 2009 you mentioned this feature would be added in later releases.
by blake
Wed Dec 22, 2010 11:34 pm
Forum: Scripting
Topic: Is it possible to have a catch of command execution?
Replies: 4
Views: 942

Re: Is it possible to have a catch of command execution?

Currently there is no built in catch.
Is there any timeframe on the implementation of this? Back you 2009 you mentioned this feature would be added in later releases.
by blake
Wed Dec 22, 2010 5:30 am
Forum: Wireless Networking
Topic: OSPF backbon and number of APs
Replies: 12
Views: 2042

Re: OSPF backbon and number of APs

Loopback address has no practical application here is why. Like you said, there has to be at least one link working (connection wire/wireless) to the device. So, you have interface with ip to connect. You don't need any loopback interface etc. since there has to be at least one virtual or physical ...
by blake
Tue Dec 21, 2010 5:44 am
Forum: General
Topic: PPPoE Server Pool
Replies: 4
Views: 1038

Re: PPPoE Server Pool

Yes, it is possible to put multiple PPPoE AC's onto the same subnet. The client will issue its PADI and receive PADO responses from both AC's, but will connect only to the server who's reply it sees first (assuming the PADO service-name's are the same).
by blake
Fri Dec 17, 2010 2:15 pm
Forum: Scripting
Topic: Script to change AP Freq - PAID
Replies: 1
Views: 663

Re: Script to change AP Freq - PAID

/interface wireless set wlan1 dfs-mode=no-radar-detect
http://wiki.mikrotik.com/wiki/Manual:In ... s#dfs-mode
by blake
Fri Dec 17, 2010 2:08 pm
Forum: Beginner Basics
Topic: 8am to 5 pm only
Replies: 2
Views: 614

Re: 8am to 5 pm only

Or
/ip firewall filter
add chain=forward action=accept out-interface=ether1 time=8h-17h,sun,mon,tue,wed,thu,fri,sat
add chain=forward action=drop out-interface=ether1 comment="Block traffic if outside permitted time range"
by blake
Fri Dec 17, 2010 2:02 pm
Forum: General
Topic: TTL exceeded in transit
Replies: 2
Views: 4414

Re: TTL exceeded in transit

This is proper traceroute behavior. Read below for more info.
How does traceroute work?
by blake
Tue Dec 14, 2010 10:01 am
Forum: General
Topic: pool ip Vs set of IPs
Replies: 2
Views: 516

Re: pool ip Vs set of IPs

I have Mikrotik RouterOS v4.14 with hotspot DHCP have the same pool Hotspot doesn't need a separate pool unless you specifically intend to make use of the Universal Client feature. /ip hotspot universal is the same as using /ip hotspot address-pool= . I notice that in pool you can have range of IPs...
by blake
Mon Dec 13, 2010 8:23 am
Forum: Wireless Networking
Topic: SIP protocol help
Replies: 1
Views: 761

Re: SIP protocol help

Run a packet capture using Wireshark or the MikroTik Packet Sniffer and capture traffic coming out of the MagicJack. Some VoIP boxes set DSCP values on SIP and RTP traffic. If the MagicJack is doing this then you could write a rule to match all packets with that particular DCSP value then exempt it ...
by blake
Wed Dec 08, 2010 7:04 pm
Forum: General
Topic: How to Block port 25
Replies: 2
Views: 1534

Re: How to Block port 25

/ip firewall address-list
add list=smtp-whitelist address=192.0.2.1

/ip firewall filter
add chain=forward action=accept dst-port=25 src-address-list=smtp-whitelist
add chain=forward action=drop dst-port=25
by blake
Thu Dec 02, 2010 7:40 am
Forum: Forwarding Protocols
Topic: OSPF with MD5: Invalid sequence number
Replies: 8
Views: 3894

Re: OSPF with MD5: Invalid sequence number

I believe this is a known issue. I had this problem with ROS 4.13 running MD5 auth'd OSPF with several Cisco IOS 12.2 and 12.4 devices. Downgraded ROS back to 4.11 and its been stable.
by blake
Thu Dec 02, 2010 12:07 am
Forum: General
Topic: What is "prefered source" equivalent on cisco?
Replies: 5
Views: 2053

Re: What is "prefered source" equivalent on cisco?

AFAIK there's no equivalent to 'preferred-source', although you can ping from a different source address. The command syntax is different depending on the IOS version. IOS 12.4 ping 192.0.2.1 source 80.x.x.1 IOS 12.1 switch1#ping Protocol [ip]: Target IP address: 192.0.2.1 Repeat count [5]: Datagram...
by blake
Tue Nov 30, 2010 11:35 pm
Forum: General
Topic: Features I would like to see in Winbox - RouterOS
Replies: 3
Views: 1693

Re: Features I would like to see in Winbox - RouterOS

#3) Here's a workaround used by another user. http://forum.mikrotik.com/viewtopic.php ... 18#p175918

#4) Available in wireless access-lists.
by blake
Mon Nov 29, 2010 10:18 am
Forum: Scripting
Topic: show ip route x.x.x.x
Replies: 11
Views: 18987

Re: show ip route x.x.x.x

From the PM for Karma. Thank you. Times a thousand. Never knew. You're welcome. I recently found that little gem while trying to help a user on a mailing list with this exact problem. It was a little 'hard' to find because the in keyword doesn't syntax highlight as it does in 'where dst-address in ...
by blake
Mon Nov 29, 2010 6:17 am
Forum: Scripting
Topic: show ip route x.x.x.x
Replies: 11
Views: 18987

Re: show ip route x.x.x.x

/ip route print where 192.0.2.10 in dst-address
Works in 4.9 and up for me.
by blake
Fri Nov 26, 2010 11:10 am
Forum: General
Topic: How do you set up a miikrotik router as a simple AP?
Replies: 5
Views: 1648

Re: How do you set up a miikrotik router as a simple AP?

Use this. Change the IP address to something within your local subnet, and outside of your ADSL router's DHCP scope. /interface wireless set wlan1 mode=ap-bridge ssid="OpenWiFi" frequency=2412 band="2.4ghz-b/g" disabled=no /interface bridge add name=bridge1 /interface bridge port add bridge=bridge1 ...
by blake
Thu Nov 25, 2010 9:18 pm
Forum: RouterBOARD hardware
Topic: Web Proxy on RB1100?
Replies: 6
Views: 5776

Re: Web Proxy on RB1100?

It would be best to add an SD card and use that as the proxy store. Adding more RAM may be valuable as your utilization may go up when enabling that feature. It should be the 512mb built-in memory. Not sure where its physically located. Its been a while since I've opened my 1100.
by blake
Thu Nov 25, 2010 8:55 pm
Forum: General
Topic: How do you set up a miikrotik router as a simple AP?
Replies: 5
Views: 1648

Re: How do you set up a miikrotik router as a simple AP?

Is it an ADSL router, or modem? Does it already provide NAT? If you're looking to just add wireless to an existing NATed network then you don't need most of that config. If you're looking to terminate the PPPoE session from your ISP directly on your MikroTik then you do require additional configurat...
by blake
Thu Nov 25, 2010 1:21 pm
Forum: General
Topic: How do you set up a miikrotik router as a simple AP?
Replies: 5
Views: 1648

Re: How do you set up a miikrotik router as a simple AP?

/interface wireless set wlan1 mode=ap-bridge ssid="OpenWiFi" frequency=2412 band="2.4ghz-b/g" disabled=no /ip address add interface=wlan1 address=192.168.1.1/24 /ip pool add name=wifi-dhcp ranges=192.168.1.10-192.168.1.254 /ip dhcp-server add name=dhcp1 interface=wlan1 address-pool=wifi-dhcp author...
by blake
Tue Nov 23, 2010 7:29 pm
Forum: RouterBOARD hardware
Topic: Growing out of RB433AH? RB for border router.
Replies: 7
Views: 2362

Re: Growing out of RB433AH? RB for border router.

PPC is more powerful than a MIPS processor. And my apologies. I posted that link to the OSPF setup in haste. This is a much better link.

http://wiki.mikrotik.com/wiki/Dual_Setup_with_OSPF

You adjust which link is TX and RX by modifying the OSPF interface cost on each side of the link.
by blake
Tue Nov 23, 2010 7:37 am
Forum: Forwarding Protocols
Topic: Intranet connectivity
Replies: 3
Views: 1188

Re: Intranet connectivity

You can scale the IPSec implementation to more offices much easier than you can EoIP. I would recommend that approach.
by blake
Mon Nov 22, 2010 10:47 pm
Forum: Forwarding Protocols
Topic: Intranet connectivity
Replies: 3
Views: 1188

Re: Intranet connectivity

Depends on how you want them connected. Routed (IPSec) or Bridged (EoIP over PPTP). http://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Site_to_Site_IpSec_Tunnel http://www.mikrotik.com/documentation/manual_2.7/Interface/EoIP.html I realize that documentation is for an older ROS release, but it details ho...
by blake
Mon Nov 22, 2010 7:21 pm
Forum: RouterBOARD hardware
Topic: Growing out of RB433AH? RB for border router.
Replies: 7
Views: 2362

Re: Growing out of RB433AH? RB for border router.

ROS 4.11 seems fairly stable to me. I'm running it on a number of units without issue. Switch to Queue Tree instead of Simple Queue. It offers better performance. http://mum.mikrotik.com/presentations/CZ09/QoS_Megis.pdf http://forum.mikrotik.com/viewtopic.php?f=13&t=43829 It may be possible to optim...
by blake
Wed Nov 17, 2010 9:33 am
Forum: Forwarding Protocols
Topic: Missing MPLS Features
Replies: 7
Views: 2052

Re: Missing MPLS Features

Agreed. MPLS IPv6 support and BGP for label distribution would be nice.

Are there any other ways to directly fund development of these features outside of simply purchasing more RouterBoards and requesting a feature be included?
by blake
Wed Nov 17, 2010 7:35 am
Forum: General
Topic: CPU Usage on RB1000 High
Replies: 4
Views: 892

Re: CPU Usage on RB1000 High

MikrotikRouter.com and Link Technologies are the same company. Same product. They're just selling an Axiomtek NA-820. Look at this thread for more info. http://forum.mikrotik.com/viewtopic.php?p=224823#p224823 I'm not sure what the other companies use to make their products. If you're looking for th...
by blake
Tue Nov 16, 2010 10:55 pm
Forum: General
Topic: bridge filter
Replies: 6
Views: 905

Re: bridge filter

Sure. That would be a first step. Assuming you only have a single bridge on each RB you'll want to run '/interface bridge set 0 protocol-mode=rstp priority=4096' on 10.255.1.1, then '/interface bridge set 0 protocol-mode=rstp' on the others. You may want to go into Safe Mode before you run those com...
by blake
Tue Nov 16, 2010 5:22 pm
Forum: General
Topic: bridge filter
Replies: 6
Views: 905

Re: bridge filter

I could've sworn I had posted a reply here. So, all of the orange devices are RouterBOARDS? I don't imagine your bridge configuration is anything complex; that setup should work. You may want to enable spannning tree on the RB's just so they have a correct 'view' of the network topology and avoid bl...
by blake
Mon Nov 15, 2010 5:03 pm
Forum: General
Topic: Do not send RST/ACK on closed port
Replies: 8
Views: 2335

Re: Do not send RST/ACK on closed port

Hi,

This does not emulate FreeBSD 100%, but you're wanting action=drop instead of action=reject in your firewall filter rules. This will not send a RST in response to a closed port.
by blake
Mon Nov 15, 2010 1:41 am
Forum: General
Topic: Methods to use VPN as default GW
Replies: 8
Views: 1723

Re: Methods to use VPN as default GW

Yes.
by blake
Sun Nov 14, 2010 10:37 pm
Forum: General
Topic: bridge filter
Replies: 6
Views: 905

Re: bridge filter

Could you post a diagram of how your network is constructed? What ROS version are you running, and is spanning tree enabled on these bridges? STP or RSTP?
by blake
Fri Nov 12, 2010 4:32 pm
Forum: General
Topic: Spanning Tree not working
Replies: 2
Views: 1204

Re: Spanning Tree not working

Hi, When you monitor the bridge interface does it say 'root-bridge: yes'? If so, there's no root port because the RB493 is the root bridge of the spanning tree network. The other switches 'automagically' know the upstream links are root ports because a device higher up in the chain (root bridge) is ...
by blake
Thu Nov 11, 2010 6:22 pm
Forum: General
Topic: Advice from ISP's
Replies: 9
Views: 1442

Re: Advice from ISP's

DHCP Relay strictly centralizes your address pool management. You would route separate subnets to each tower and have the DHCP leases all be issued from a centralized server. Refer to the links below for more information on how relays function. http://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Relay#Exam...
  • 1
  • 2