MikroTik

sup5

How is MPLS over GRE supposed to work anyways? MPLS relies on injecting labels between MAC and IP. That's why it is called Layer-2,5 sometimes. GRE-payload is IP only, so I don't see a possibility to transport MPLS labels to establish an LSP. However it will work with proprietary EoIP, which is some...

sup5

As long as there is no packetloss TCP will scale up the bandwidth even on high latency links.

But every tiny bit of packetloss on high latency links will kill throughput.

sup5

Try this on DHCP-Client:

special-classless - adds both classless route if received and default route (MS style)

sup5

Mikrotik has confirmed that this is an issue with neighbor discovery.
But since they assume that this is just a cosmetical issue, a time/date for a fix of this issue will be in the far future.

sup5

Hi All,

My RB2011 showing high CPU load 100% and when i check in tools - profile the DHCP process is consume CPU more than other process but the weird is no DHCP setup on my mikrotik, for reference i'm attaching the screenshot of my mikrotik dhcp cause cpu high.JPG

RouterOS Version 6.1? Really?

sup5

Already done.
All MACs are unique

sup5

I've got the same problem. STP definitively BLOCKs the Loop in my infrastructure. The message "bridge port received packet with own address as source address" disappears as soon as I disable neighbor discovery. So I suspect that either Neighbor discovery is broken, or that STP-Blocked Ports still tr...

sup5

I am sitting between the chairs with Mikrotik Hard- and Software: On the one hand I get an extremely flexible and cheap product. Also software updates are regulary and bugs are often resolvend in a manner of weeks (occurence of the bugfix in rc) On the other hand the quality of Hard- and Software se...

sup5

Upwards facing ports always are collecting dust.
And don't tell me everyone is putting dust-caps on unused ports...

sup5

How does the discussion about beta firmware relates to rf irradiation issues? The regulatory authority claimed (in my case) that some sort of bad/wrong rf besides the main signal is being radiated by the device. I think this kind of issue is not fixable with firmware. It seems to be an hardware rela...

sup5

I received a similar letter from the german regulatory authority (BNetzA), which says that the SXT-ac must not be sold, handed over or imported. The german letter referred to findings of the above mentioned spanish authority. I sent this german letter to MikroTik several weeks ago, but a statement o...

sup5

But still, it would be nice to investigate the issue the OP raised. Bugs always should be considered checking.

sup5

It would be nice to have the option NOT to restore or backup MAC-addresses on HW-interfaces (Ethernet and Wireless).
Restoring MAC-addresses of logical interfaces like bridges, EoIP, VPLS and the like is useful though.

sup5

3.Is it possible to use CAT.5E cable to link with 10GBASE-T? A: No. The standard bandwidth of CAT.5E is 100MHz, and CAT.5E is designed to transmit signals below 90M. 10 Gigabit signal transmission requires a CAT.6A patch cable. 10GBase-T will work even with Cat5e as long as the distances are short....

sup5

Uhm, none...

sup5

Maybe pulling one VLAN trough the slower link and two VLANs through the faster link.
Then make a 3x bonding out of all three VLANs.
That would make up for a 2:1 load balancing, which roughly meets the 50/32 ratio.

sup5

When an ARP entry is present in the ARP-table, one can surely assume that a given IP address is being used.

sup5

You might create a temporary workaround by setting up an EoIP or VPLS tunnel over the wirless link.

Both tunnel types support fragmentation and reassembly

sup5

you should probably try to segment your networks in order to increase security and stability.

It is not best practice to host more than 200 clients per broadcast domain.

sup5

I think, you got your subnet masks wrong.
VRRP-Interfaces always should be configured with /32

sup5

Please paste the wireless configuration as well as all used device types (AP and Stations) including their full product name.

sup5

It works, if you set it up properly:
viewtopic.php?f=2&t=122904

sup5

It seems they are missing galvanic isolation. Do you even electric? :) Galvanic isolation is broad term for anything what physically isolates two circuits while maintaining signal transmission between them. For example every gbit poe port must have galvanic isolation to separate power from signal w...

sup5

Mikrotik devices simply are NOT fully 802.11af/at compliant.

They might be compatible to some switches, yes.
But they lack the support of all requirements.

It seems they are missing galvanic isolation.

sup5

108.59.107.117.141.153 6C:3B:6B:75:8D:99 76.94.12.124.6.8 4C:5E:0C:7C:06:08 simply a DEC <-> HEX conversion. But I agree with you: There should be some kind of generic OID for PTP-links, because monitoring them is a PITA right now! Anyhow, you can try to change the MAC-Address of the WiFi-Interfaces...

sup5

Ignitnet 60 ghz solutions have the 5 GHz for backup I hope that MIkortik in near future develope a similar solution For that price, why not just put a second link with a couple of SXTsq Lite5? Because that means: 1) add another router (i.e. HexPoE) to each site to maintain the redundancy functional...

sup5

Antonsb I hope you are true

And I hope to see a version with integrated 5 Ghz backup
+1 Can't be to diffilcult

Seems to be already prepared in WAP60G and LHG60G. Just missing the Amplifiers and Internal Antennas.

sup5

Today I opened the WAP60G. It seems that 802.11ac Wave2 2x2 MIMO already has been prepared on the PCB in terms of missing amplifiers and antennas/connectors (labeled CH0 and CH1) for the 5GHz band. Have a look at the pictures below. So it could be possible, that we would get a future RB-LHG60G5HPacD...

sup5

Is there any chance to overcome 3000 meters?

sup5

I made quite good experiences using PLC stuff. If done right it works better than WiFi under certain circumstances. I once lived in a flat, where plain wifi was nearly impossible between rooms, due to overcrowded spectrum in 2.4 as well as 5 GHz bands. The only possiblity without putting in new netw...

sup5

PWR-Line devices don't work this way.

They work more like WiFi using OFDM. -> Many small QAM carriers.

HomeplugAV200 uses OFDM carriers between 2 and 32 MHz.
Newer HomeplugAV standards extend to 85 MHz or more.

Quality Brands will apply a PSD-mask to their devices to circumvent the 27 MHz ham band.

sup5

Hello, Question; With RouterOS 6.42 i saw w60g > status: MCS: 9/10/11. Now with RouterOS 6.42.1 i only see MCS: 8 or lower. Is this a bug of feature? jarod Seems to be a feature. http://rfmw.em.keysight.com/wireless/helpfiles/n7637/Content/Main/802.11ad%20Concepts.htm MCS8 is more than enough to ca...

sup5

That's the product specification.
Get another routerboard, if you need more speed than FastEthernet allows for.

I'd recommend the HAP ac.

sup5

Imagine, you're left with the non-DFS channels 36, 40, 44, and 48. But you want to setup a WiFi-System using 80MHz Channel Bonding. As simple as in the 20MHz-channels-setup you'll evenly distribute the four primary channels. But with 80MHz you have four options sharing the same Bonded-channel: Ceee,...

sup5

Just use the Keepalive-Feature.
A unreachable tunnel-endpoint results in a non-running Interface state.

sup5

I'd like to see a bare distance vs. throughput/MCS table in order to be able to estimate possible use cases.

sup5

You need to use SRC-NAT to rewrite any connection initiated from the router to one of the Public adresses of the route Subnet.
In order to save addresses, I would abuse the very first address of the prefix, which is unusable within standard ethernet (Network address)

sup5

So now you should find the cause within your network.
I suspect you've got multiple links to your internet gateway and forgot to configure a VLAN on one of the links

A simple STP-topology-change would never bring any services down, if the network was set up properly.

sup5

I guess, the 'station router' is a non Mikrotik-device?
Then you cannot achieve transparent bridging. Thus the MAC-adress of the clients will be MAC-NATed to the MAC-address of the 'station-router'

sup5

@webfixnow: It might be the case that the wap-60g alters your (R)STP Topology (you might have forgotten to configure a VLAN on a fromery blocked link). Set the STP Protocol-Mode on the bridge of both WAP-60G to "none" and try again. @Normis/Mikrotik: according to the default-configuration script thi...

sup5

As a general rule of thumb:

Always inform support about bugs. Do not rely on the forums.
Shrink the setup to the bare minimum in order to exhibit and reproduce the bug.
Add Diagrams and PCAPs etc.

Any bug I informed support about so far has been fixed.

sup5

Briefly explain, what you are trying to accomplish.

sup5

After a quick conversation with support, this issue was resolved within a few days in the latest release candidate:
What's new in 6.42rc35 (2018-Feb-26 10:46):
*) bridge - fixed MAC learning for VRRP interfaces on bridge;

sup5

Have a look here instead:
http://docsis.org/forum

sup5

I cannot contribute to this issue, but still I am curious:
What's the point in adding twelve LTE-Modems to a router?
Better coverage by using multiple ISPs?
Load distribution?

sup5

The Dude Client is broken after updating to 6.42rc24: Please wait while updating: "Bad http response from cloud" Where is the download for the windows-client? Edit: It seems like the Dude-Client tries to fetch this URL: https://upgrade.mikrotik.com/routeros/6.42rc24/dude-6.42rc24.tgz But it just thr...

sup5

you need to assign the ip-address of your loopback-bridge also to your ip-unnumbered interface: example loopback: address=1.2.3.4/32 network=1.2.3.4 ether1: address=1.2.3.4/32 network=5.6.7.8 this way arps asking for 5.6.7.8 will be sent out on ether1 if you want to route 2.3.4.5/24 to 5.6.7.8 add a...

sup5

Ran into this issue, too. Solved it by using a loop-cable on the router: ether1: ip-address of router vrrp1: slave of ether1 with virtual-ip address ether2: slave of the bridge containing all other needed ports exept of ether1 loop-cable between ether1 and ether2 Anyways. This is very undesirable! E...

sup5

HT MCS in .ac device is not adjustable

It is adjustable as soon as you downgrade the wireless band to 5GHz-A/N.

sup5

Will you also offer a Standalone CO-Module without the CPE-Module? Hallo Sub5, the the ALL4780 is a specific Bundle with Co and CPE inside the Box. Only Point-to-Point. Special Firmware who supporting max. 150MBPS. Only this CPE is working with the Slave CPE. THe ALL4781 is Standard VDSL for German...

sup5

These x86 Mikrotik Routers commonly are rebranded Axiomtek Network-Applicances eg.: http://www.axiomtek.com.tw/Download/Download/NA-820/NA-820.pdf http://www.axiomtek.com/Download/Spec/en-US/na550.pdf These arrive with their own quirks like occasional issues with Jumbo-Frames and MPLS-Fornwarding/De...

sup5

normis, i show you it by pictiures. [...] Suppliers of the Mikrotik say that such situation not only at me one. There might another problem: Why does your registration show a TX-power of around -35 dBm, while it only receives at about -70dBm? This is a loss of over 35dB (factor 5000)! Something see...

sup5

I think it will be needed to implement pseudo-interfaces in RouterOS. These pseudo-interfaces will be unremovable and greyed-out interfaces which connect the cpu with the switch-chip. [...] That is the bridge interface itself, isn't it? At least for bridges where there is only a single connected sw...

sup5

I think it will be needed to implement pseudo-interfaces in RouterOS. These pseudo-interfaces will be unremovable and greyed-out interfaces which connect the cpu with the switch-chip. This way we could: - monitor the amount of traffic traversing the CPU-port (i.e. to monitor oversubscription of the ...

sup5

I guess this will painfully raise the price to the level of its competitors like Cisco, HP, Extreme etc.

sup5

Since Mikrotik devices do not have hardware based traffic forwarding (ASIC / FPGA and the like) everything needs to be done in software. Thus control and forwarding are both handled by the CPU. This makes these devices so cheap. The only exceptions with hardware-acceleration are Layer-2 forwarding u...

sup5

Will you also offer a Standalone CO-Module without the CPE-Module?

sup5

That's the worst explanation of egress buffer overflow and port flapping I ever read. So at least this should be mitigatable by employing flow-control. A switch must *never* drop the Layer-1 connectivity, when having issues handling large loads of traffic. So this simply is a sign of resignation ove...

sup5

-73 respective -85 dBm receive levels are quite low. This explains the issues you got there.

sup5

Passing the data of the PC-port through the VPN of the phone is not supported by AVAYA, AFAIK.

sup5

If you ensure a consistent MPLS-MTU throughout your whole network, then any MTU should do. Mikrotik is doing fragmentation and reassembly automatically if the frame size needed by VPLS is exceeded. Traffic within VPLS will not notice it has been fragmented and reassembled. Thus you can transport any...

sup5

Has anybody got IPv6 dualstack with Prefix-delegation working with 1und1 and PPPoE?

sup5

Maybe it is Penultimate hop popping, which is interfering with hardware offload.

Try to place the CRS317 in the middle of five routers to prevent any label pushing or popping operations.

sup5

I don't understand what you mean. In my setup all customers share the same VLAN (Broadcast Domain, VPLS instance, whatever you might call it). Layer-2 isolation between all clients is strictly enforced throughout the whole network. The Standard Gateway is configured to arp:reply-only, the dhcp serve...

sup5

Why don't you want to log in? Because I am using plenty of devices to look into the forums. But I get logged off when using too much simultenous logins. Thus I almost ever hit the forum as anonymous. So anonymous user got less permissions now. Maybe we will turn on Active Topics, but this is not a ...

sup5

I am willing to try it nonetheless.
My vdsl-line has plenty of SNR (> 18 dB each direction) according to my current modem.

Can you recommend a (german) retailer that has this SFP in stock?

sup5

If you hand out /32 subnet mask with public IPv4, your customers can reach any other customer, just like handing out /24 subnet masks with local proxy arp. The only difference: local-proxy-arp is dangerous and ugly. /32 subnet masks are elegant and very handy :-) A lot of providers do this already. ...

sup5

You can skip that local-proxy-arp stuff (just use arp:reply-only) if you are willing to hand out 32-bit subnet-masks (255.255.255.255) to your clients via DHCP.
This way the only arp-request a client ever asks for is its default gateway.

Handing out 32-bit subnet-masks is quite common nowadays.

sup5

Another issue with a max. of 3 seconds radius timeout is this: When the NAS reboots or a bunch of users is handed over from one NAS to another (PPPoE failover scenarios), reauthentication of these users will take ages. So users will complain. The NAS kicks the users before the radius was able to rep...

sup5

Ok, you are too late! I received one...

Does it work with German T-Com VDSL?

sup5

The point is not wasting airtime.

5x SXTAClite will most likely exceed the 100mbps at the AC-base station.
Thus only there a Gigabit port will be needed.

A CPE device doesn't need a Gigabit port.

sup5

Oh, Mikrotik supports it.
Quite many (W)ISPs use it.

sup5

You don't seriously recommend using Windows 10 ?!? I do not recommend anything here. I just offered a possible solution to people already using Windows-10. This thread is not about discussing which OS might be good or bad. This works to some degree. It makes it more readable, but I would like large...

sup5

Have a look at this:
viewtopic.php?f=2&t=122904

Winbox fonts actually can be scaled.

sup5

wsAP ac lite

https://mum.mikrotik.com/presentations/EU17/2017-eu.pdf

So it seems you just have to wait a little bit...

sup5

It looks that all the pain with WinBox and high-dpi-screens is gone with the latest Update of Windows-10. Microsoft introduced a new scaling technique that will make WinBox look good at other than 96dpi/100% display scaling settings. Have a look at the images below. 1) right click two times on the W...

sup5

*) wireless - fixed registration table "signal-strength" reporting for chains when using nv2; The TX-Power value has been fixed. The RX-Power on Ch1 is still a copy of the value of Ch0 See the actual output of a wireless link. Red Colour: wrong Green Colour: corrrect Site A: [admin@LHG5] /interface...

sup5

DHCP Client on a slave interface also was very useful to trigger a DHCP renew on interface up/down event. This is necessary in various ARP-Guard/Dhcp-snooping situations.

This no longer is possible with the DHCP Client on the bridge.

sup5

IP addresses from the shared transition space are given out to end-users/customers in case the provider lacks public IPv4-addresses.
This is commonly referred as NAT444.

sup5

router cannot receive frames through it, not even BC or MC

Especially this feature is important.
When connecting customer sites via VPLS/EoIP our Routers are not affected anymore by a broadcast-storm caused by the customer, if we got such a 'pipe' feature.

sup5

It all depends on
- your country's regulations
- your RF neighborhood (eg. how much RF pollution already is present)
etc.

So your mileage may vary...

sup5

@jarda: After reading the posts again: Yeah, for such a short distance my proposal isn't relly important. It seems more 'academic'. @mistry7: I fully agree. Nowadays I always recommend LHG5 for any cheapish link. No matter how short the link might be. I only use SXTs if appearance, available space, ...

sup5

Polarisation is not the same as a radiation pattern. Just open the device and have a look by yourself. You'll see, why... The Radiation pattern of the SXT-SA5 is more wide and less tall than the radiation pattern of the SXT-5. Thus the rotation by 90° will make the beamwidth more narrow in the horiz...

sup5

You might want to turn the SXT-SA 90 degrees.
This will turn the Beamwidth from horizontal 90° to vertical 90°. This makes you PtP-link more interference resistant, because it is unlikely to have neighboring WiFi below or upwards...

sup5

The whole 802.11n and 802.11ac table is available here http://mcsindex.com/ quite comfortably. Note that all 802.11 rates are gross data rates. For 802.11n you need to reduce the gross data rate by two thirds to estimate the net data rate. The net data rate is half-duplex. (i.e. it is shared between...

sup5

There might be an alternative explanation:
Lots of switches apply negative power (eg. -48VDC)
This means the voltage applied to the RB2011 is reversed. Thus it switches off.

sup5

If you connect a RB2011 with eth1 to a PoE 802.3af/at enabled port, the RB2011 will go down. This is mostly because of overvoltage protection.
Tested on several Standard-PoE-Switches.

sup5

The oversubscription ratio highly depends on the type of customer you're facing and the max. bandwidth you're going to sell. Do you intend to create a residential internet connection or a walk-by hotspot? What's the typical age of your customers? Private or business customer? In big ISP networks you...

sup5

There might be a solution:

1) create an insanely big DHCP IP-Pool for your Hotspot Service like : 10.0.0.2 - 10.255.255.254
2) Reduce the lease-times to something like an hour or so.
3) Run the DHCP-Service on a Router with powerful CPU.
4) Apply Rate-Limiting to DHCP-Requests per AP or Client.

sup5

You might pull an EoIP-Tunnel trough the leased-line.
Then Tunnel the MPLS/VPLS through this EoIP-Tunnel.

The EoIP-Tunnel will enlarge the MTU by fragmenting and reassmbling the MPLS/VPLS frames.

sup5

I am not familiar with the Upiquity products. I just know that there is support for zero-handoff roaming.

Mikrotik Hotspot works as long as you establish a Layer-2 Connection between End-User and Hotspot Gateway.
This might include ordinary bridging, tunneling with EoIP/L2TP or MPLS/VPLS

sup5

I'd say this won't work, because of roaming issues (ie. handover issues) and interference issues

You might be better using Ubiquity's Zero-Handoff APs
or Meru's (now Fortinet) Seamless Roaming approach.

With Microcell architecure and without extended Roaming support you're lost here.

sup5

Don't use ROS 6.38.
It has a severe bug regarding MAC-address learing and thus floods all unicast traffic.
Simply get ROS 6.37.3 from the Firmware archive: http://download2.mikrotik.com/routeros/ ... 6.37.3.zip

Or alternatively install the latest 6.39rc

sup5

Important note!!! To avoid STP/RSTP compatibility issues with older RouterOS versions upgrade RouterOS on all routers in Layer2 networks with VLAN and STP/RSTP configurations. Is there a detailed description how (PV)(R)STP was handled prior ROS 6.38 versus it is being handled with ROS 6.38? There s...

sup5

Today I found a severe bug with 6.38:
It will not (or at least incompletely) learn MAC-Addresses on a bridge connected to the master-port of a switch.

This totally might explain these issues.

sup5

You might try to setup an EoIP-Tunnel to mimic the virtual link.

sup5

Are you saying that assigning 10.7.19.89/29 (the same IP address) to two different interfaces and having different hosts on these two interfaces in the same network is a perfectly valid configuration? [...] You think it's normal to have such a configuration? Such a configuration may be suitable und...

sup5

I love using overlapping subnets.
It sometimes eases deployments and avoids weird NAT-scenarios.
Also overlapping subnets can solve IPv4 shortage.
It is possible to route between mikrotik routers only wasting one public IPv4 address per Router....

sup5

show your config with and without EoIP added.

sup5

set an ADMIN-MAC to your Bridge.

sup5

I just added two external antennas to my HAP AC. It just needs a careful removal of the hot glue above the U.FL connectors of 2GHz-ch2 and 5GHz-ch2. First I warmed it up a bit to remove the U.FL connector of the internal antenna. Then I carefully pulled it from the PCB to make room for the external ...

sup5

If you want help, you need at least post some more information like a network diagram, configurations and the like.

sup5

check the voltage via system/health.

It might be the case that the supply voltage is dropping too much over long cable runs.

nv2 might be more energy intense than plain 802.11

sup5

I've got a CAPSMAN connected to the rest of the network with redundant links (eg.: ether1 192.168.1.1/30 & ether2 192.168.1.5/30). I want all CAPs to connect to the loopback IP-address of this CAPSMAN. (eg. bridge loopback 192.168.123.123/32) When I setup the CAP to connect to 192.168.123.123 it wil...

sup5

Currently I solve this issue by putting a static-item inbetween a link.

This allows for
- links with angles
- setting both ends of a link with interface (and stats)
- drawing more than one link between two devices.

sup5

Also set in dhcp-server "add arp for leases"

sup5

there seems to be a bug with the winbox. I see this bug with version 6.37.1 and version 6.38rc24 When I set the wireless band to 2GHz-G/N (to avoid using 802.11b rates) immediatelly the HT-MCS tab is hidden in winbox. I attached two screenshots to exhibit this issue. Here everything is ok: HT-MCS-bg...

sup5

You can try capturing these frames with the packet sniffer.
Then upload the file to this foum for investigation.

sup5

In general Link-Aggregation won't make a single connection faster than the native link speed of a single link. The only benefits of link-aggregation are redundancy and overall better throughput when serving multiple clients, because each client connection will be placed on one of the links. The only...

sup5

dcdorsey777, 1) how did you interconnect the 1000M and the 100M port? a) via a bridge-ports b) via the switch-chip using the master-port setting 2) did you try to toy around with various interface queue types and buffer depths? You might change from "hardware-only-queue" to pfifo or something else a...

sup5

Hi majbthrd, can you create a metarouter with two interfaces that simply forwards any traffic from interface one to interface two? That might be in form of a bridge, or even better like a kind of a virtual-wire: ie. transmitting each received frame from port 1 to port 2 and vice versa. This could he...

sup5

I'd love DNS Request routing. This means that the DNS-Service of RouterOS shall redirect its DNS-Request upon a certain rule set (eg. DNS prefix or suffix) to another DNS Server Example with Sophos UTM https://community.sophos.com/kb/de-de/123099 This feature would allow hierachical DNS-Setups with ...

sup5

as a last way one could setup a metarouter with a least three interfaces.
these three interfaces needs to be bridged within the metarouter.

then one can use the metarouter as virtual cable/switch. this will remove the need for an external switch.

I've tried this before. it works.

sup5

Actually this is possible.

example:
1) create a new bridge1
2) add ether1 (WAN) to bridge1
3) change the admin-mac of bridge1 to a different mac-address than ether1
4) add two ip-dhcp-clients, one each on ether1 and bridge1
that's it.

sup5

Although this doesn't help most people with this issue, the hAP AC (full, not lite) can do spectral scan w/AC. (Therefore it seems the lack of the function is something to do with the chip itself rather than whether it is AC or N) This only works with the 2.4 GHz WLAN interface. It doesn't work wit...

sup5

Whenever I try to torch or packet sniff on L2TP interfaces I get no output.
Any other interface type is working with torch or the packet sniffer.
Can anyone confirm this?

sup5

I've done this before. It works quite well.
You might also try to use L2TP...

sup5

In the past I also got the need to bridge bridges: I wanted to push two independent Layer-2 datastreams through one mikrotik device. Thus utilizing both incoming and both outgoing links simultanenously without blocking one of them. Ie.: Eth1 and eth2 on bridge1 Eth3 and eth4 on bridge2 Now I wanted ...

sup5

Does the camera support passive PoE?
Most cameras only support active PoE 802.3af at.

sup5

I do not think that switching will give a noticeable performance gain over bridging in this scenario. Each PPPoE Packet needs to be handled be the CPU anyways. Also there is no client to client communication on layer 2. Thus all traffic is being forwarded from clients to CPU. This wont change with s...

sup5

1) You are using unusual MTU values.
Just leave them default.
Ethernet = 1500
PPPoE = 1492

2) NEVER EVER assign an IP-address to your PPPoE server interface

3) Always use split horizon bridging!

4) what's the EoIP Tunnel for?

5) why BGP on this poor device?

sup5

post your configuration.
I doubt that PPPoE will max out at 20 Mbps with the CRS.
I ran PPPoE on boxes with lower performance successfully.

sup5

I am well aware of the fact that SCI presents a single AP to the client. I didn't want to make it too complicated. I am running several infrastructures with Meru and 802.11ac in SCI. It works damn well. Customers are very happy with it. A Meru representative never told about anything like dropping s...

sup5

Seamless roaming will only work prperly with these vendors Meru (now Fortinet) and Extricom. But use a single-channel infrastructure. Roaming is not anymore a decision of the client with these vendors. Also Ubiquity offers a seamless roaming mode, but this one is only recommended on low occupied noe...

sup5

These rules seem too complicated to me.

Just use horizon bridging instead. It will do what other vendors call Port Isolation or Private VLAN Edge.

sup5

You can use almost all features of SPB right now by simply implementing MPLS with VPLS and/or VRF.

So I doubt Mikrotik will ever introduce SPB, because a similar Layer 2/3 abstraction service already is available.

But introduction of IS-IS and MPLS-FRR would be very welcome.

sup5

One thing looks suspicious.
Since approx. two to three weeks no online shop I could find has MAPlite on stock.
But I remember they were available before this timeframe.

So I assume they all sent back their MAPs to Mikrotik for inspection.

sup5

Hi everyone, I am trying to setup IPSec encrypted EoIP Tunnels between remote peers. I want to use another than the default IPSec encryption scheme, so I changed the default Proposal: ip -> ipsec -> proposals -> default But the change is not being reflected within the dynamic created ipsec-peer for ...

sup5

You cannot simply 'drop' it. Bussiness class ethernet switches support a feature called Dynamic ARP Inspection, but it only works with dynamically assigned IP addresses (DHCP). Mikrotik doesn't offer DAI. But if a direct communication between the clients isn't necessary and all adresses are assigned...

sup5

I can only speak for Link Aggregation in general, I've not configured it with Mikrotik devices yet. pros: - it adds redundancy - it adds Bandwidth - it adds culumulative Bandwidth in the case of per packet loadbalancing (hashing mode xor) ie.: 2x1 Gbps == real 2Gbps negs: - it adds complexity - it u...

sup5

There still is no fix for the high DPI setting.
I got trunked lines all over the place with Windows-7 DPI set to 150% and Classic Theme.

sup5

Stacking of routing-switches (eg. layer-3 switches) is very common nowadays. All switches in a stack become a single logical device: You can span link-aggregation-groups (eg. bonding) across the units of a stack. Also routing does NOT require fancy techniques like VRRP; the stack only uses a single ...

sup5

User Isolation is the key here. (Horizon Bridging and Wireless isolation)

Just make sure there is no Layer-2 connectivity between the users.

sup5

show the output of
ip arp

sup5

If you really need seamless Wifi Roaming you need to choose another vendor: Meru Networks.
They use the "single channel architecture", which makes all access points appear as a single one to WiFi clients.
Roaming will happen in lesser than 50ms.

sup5

A switch doesn't need to learn ARP.

sup5

Seriously, I wouldn't use Mikrotik Routers and Switches in the Access Layer of a Business LAN Architecture. THere simply laking the features for these purposes. These are for example: - tagged and untagged VLAN on the same port in a mixed environmend - DHCP-Snooping, ARP-Guard, and other Port Securi...

sup5

Are there any plans to implement overwriting files via TFTP?

I try to provision VoIP-phones with RouterOS' DHCP/NTP/TFTP and these phones need to update/overwrite certain files.
But routerOS simply rejects these attemts with error code: 6

sup5

just get two gigabit poe-injectors from mikrotik.

then build four adapters to map wires like this:

1->4
2->5
3->7
6->8

this way you can transport 100mbps + passive poe over pairs 4/5 and 7/8

sup5

Thanks.

But keep in mind that this issue is not only related to UHD screens.
It is - correctly speaking - solely related to high dpi scaling.

Just imagine a administrator that is visually impaired and needs big fonts on a normal screen.

sup5

All programs I use are quite happy with my choice of 150% dpi. For sure I will NOT revert to 1920x1200 and 100% dpi just to make winbox look good. (If I would do so, the 4k screen would make no sense, eh?) UltraHD-Displays are pushing into the market for a year or so. You can now buy them for starti...

sup5

I am really sure

http://en.wikipedia.org/wiki/IBM_T220/T221_LCD_monitors

sup5

what settings have you applied in Windows that causes this?

I set the dpi-scaling to 150%
This is necessary since i use a 22.5 inch monitor with 3840x2400 pixels.

Just reverting the dpi-value back to 100% is NO option.

sup5

the new winbox version still is b0rked with high dpi settings (Windows-7):

Even the windows option to disable scaling with high dpi values didn't help.

sup5

looks like he is using radius accounting for local auth (ssh, telnet, winbox) and for pppoe. thus anyone with valid pppoe-credentials might be able to log into his router via ssh/telnet/winbox :-P. and if the radius only allows for one session at a time, the pppoe-session gets killed, when a ssh-log...

sup5

You're getting an IP-Address from the shared transition space 100.64.0.0/10, which is used of ISPs for CGN/LSN in order to avoid overlap with the RFC1918 address space. This means your connection to the internet is masqueraded (NATed). You simply cannot connect from the outside. You need to estabils...

sup5

Why does this ISP left open SNMP in the public network anyways?
Seems like a b0rk3d network design...

sup5

if you're using bridges then you should configure admin-macs.
maybe it helps.

sup5

just imagine that routing is no option here. just stay on the topic. also IP-adressing is not of concern here, cause it's simply Layer-2. if you want to connect two bridges in routeros the most simple solution is to add one usnused ethernet-port to each bridge and connect these two ports using a sho...

sup5

connecting two eoip-tunnel-interfaces within one router simply doesn't work. I already tried that. Currently Metarouter seems to be the only option to connect two bridges within one router. Some time ago I also needed to cennect two independent RSTP-bridges within one router for reasons of failover ...

sup5

normis, but what do you say about my findings?

sup5

I found out RouterOS 5.14 works stable with NSTREME on two chains,
where RouterOS 5.25 or 6.1 wont't work stable in the same situation.
Tested on several real life production links of varying distance and rf-"crowdiness".

sup5

Many of your signal levels are far too low. This results in low air rates for the affected clients, which will lower your total throughput for all clients in return. Aim for -65dB RX-level (CPE and Omni). Use mikrotik linkcalc to estimate needed TX-Power and Antenna-type. Try to never go below -70dB...

sup5

then make sure you isolate PPPoE and IP.

Put your PPPoE Service into a VLAN/VPLS/EoIP and NEVER assign ANY IP-Adress into this broadcast domain.

sup5

make the mac-address of your pppoe-bridge static by using 'admin-mac'

sup5

Just make sure to isolate all users. This way no firewalling is needed at all.
The process has several names:
- horizon bridging
- private vlan edge (PVE)
- port isolation
- disabled default forwarding (WLAN)

sup5

In Order to make vpls Work with ospf areas you need to ensure that you DON'T summarize the Routers loopback/ldp/Transport address.

sup5

In Order to make vpls Work with ospf areas you need to ensure that you DON'T summarize the Routers loopback/ldp/Transport address.

sup5

@csohns: how can this alternative Base configuration be installed with netinstall? I unsuccessfully looked many times for all documentation.

sup5

There is absolutely no problem with bridging and VPLS to transport PPPoE. you just need to do it right :) i concentrate hundreds of VPLS in a central location on one single bridge. Even using VLANs there is no issue at all. To prevent bad things from happen I just enabled horizon-bridging all the wa...

sup5

I've got a simililar problem with the RB2011 and a Zyxel IES-5005 DSLAM. I cannot connect the RB2011 to the DSLAM with fibre-optics. It won't even show a running interface. It didn't matter which RouterOS or which kind of SFP I used. (650nm, 1310nm, 1000M, 100M) The only solution to get a working li...

sup5

I cannot netinstall a remote system.

sup5

how can I downgrade my RB1200 from RouterOS 6.0rc2 to RouterOS 5.21?

When I load all needed packages of ROS 5.21 to files and do:
sys packages downgrade
the only thing that happenes is a reboot.

After the reboot I still see version 6.0rc2 running!

The firmware is 2.38.

sup5

why bothering setting up the hardware yourself?
try a ready to go network appliance:
http://www.axiomtek.com/products/ListPr ... ptype3=233

sup5

My experience is exactly the opposite: with a RB1100AH (no x2) I only was able to terminate approx 300PPPoE sessions. (Conntrack off and Fixed MTU mangle optimization already done!) More sessions would have maxed out the cpu. With a PC-based Router (Xeon Quad Core 3GHz) I am able to terminate approx...

sup5

just click through the DHCP-setup wizard.
after completion goto the dhcp-server settings and change the subnet-mask to 255.255.255.255
this way your clients effectively get a /32 address.

sup5

how will VPLS en/de-capsulation be treated by fastpath?

1) will all traffic passing through a router with VPLS tunnels configured be non-fastpath?
2) will only traffic through the VPLS-interface be non-fastpath?
3) will all traffic including the traffic of the VPLS-interface be fastpath?

sup5

you need to upgrade routerboot before you upgrade routeros.
you find it here:
system -> routerboard -> upgrade

if you already bricked your rb112/133 you can revive it by downgrading it to 5.6 with netinstall.
afterwards upgrade the bootloader, then upgrade routeros.

sup5

This is due to the nature of cheap wireless equipment such es nearly every wireless-LAN hardware. They simply use no band-filter before the signal reaches the antenna pre-amp. So the high level and out-of-band will make the antenna pre-amp tune down its gain in order not to over amplify the incoming...

sup5

you need to establish IBGP ir OSPF to announce the IP-Adresses between BGP-Router and your PPPoE-Serverss

sup5

@mrz;
could import file="file.rsc" modified in a such way
that it shows line numbers which failed to import?
Because currently it is nearly impossible to find the line which makes import throw an error.

sup5

use MPLS/VPLS instead.

sup5

how does MPLS fit in here?

sup5

for small deployments this device is ideal.

for large deployments a huge amount of rf interference is to be expected.

sup5

1) Avoid EoIP whenever possible! It affects CPU and Bandwidth badly. Even if the CPU-usage is low, there are weird issues with throughput. 2) Replace EoIP by VLANs and/or MPLS-VPLS 3) If you are forced to use EoIP, try to concentrate EoIP one one machine, while terminating PPPoE one the other machin...

sup5

more than 100m is out of spec for ethernet anyways no matter how good the cable might be.

sup5

yeah, binding the snmp-service of routeros to a loopback-interface (or bridge) would be awesome.

sup5

finally they made a long wish true:
an SXT with level4 license already included...

sup5

if you need a 26 Port GBE router you might consider this device for RouterOS
Axiomtek NA-550: http://axiomtek.com/products/ViewProduct.asp?view=928

sup5

for me, BFD doesn't work, too. It works once. But after changing BFD-timers BFD will stop transmitting packets, thus effectively knocking the reaction time down to the OSPF dead-interval. (Making BFD useless) Mikrotik please fix this. I was unable to reach shorter than 3 seconds downtime between two...

sup5

Sorry, but we do not offer SXT with L4 license. SXT is a device with a narrow beamwidth antenna, in practice, it is hard to connect multiple devices to one SXT. For an AP setup, I recomment OmniTIK instead. The beamwidth of the SXT is very well suited to supply several customers in a row. There are...

sup5

Yeah, I know this license table.

Anyhow:
Can I purchase SXTs with Level4 license already included?
(I don't want to purchase a level 4 license separately)

sup5

Yes. They changed a behaviour without ANY notice. Furthermore, from the table of the license levels, it is NOT clear, that VAP isn't allowed with license level 3! So I spent nearly two hours to find out, this 'issue' had been 'fixed'. So VAP is not possbile anymore with level 3. Can I purchase SXTs ...

sup5

We have not been able to reliably use UBNT gear for MPLS transports.

So I cannot use a UBNT Wireless transparent Bridge for MPLS labeld traffic?
(Like Nanobridge M5)

sup5

The license overview does NOT state, that VAPs are disallowed with License level 3. Please make that clear! Until today I thought, that the feature 'Wireless AP' was selectable by using 'ap-bridge' instead of 'bridge'. 'Virtual-AP' worked in any version until 5.15 for me. So this is very sad that I ...

sup5

I've got several SXTs which come with a Level 3 license. Now I want to connect two devices to the wireless interface by using virtual ap. This feature worked all the time for me, until RouterOS 5.15 appeared. [admin@SXT] /interface wireless> add name=wlan2 master-interface=wlan1 failure: license lev...

sup5

you are a victim of the port-flapping issue.

have you tried to upgrade the routerboot?
/sys routerboard upgrade

this fixed the port flapping for me in one case.

sup5

if you don't need both stations to be connected with the same SSID to the AP, then you might circumvent the Level3-restriction with a clever setup using VirtualAPs.
But please notice, that NV2 won't work with VirtualAP, so you'll be limited to 802.11 and NStreme wireless protocols.

sup5

I think it is more simple:
the MAC-Adress of the Brdige is being altered to the MAC-Adresse of the EoIP-Interface.
This makes all PPPoE-Clients force to talk to another MAC-Adress, which causes them to drop the connection.

A simple precaution is to always set a Admin-MAC on bridges.

sup5

you can even add VLAN-interfaces to a WDS-interface.
or add the VLAN-interfaces to the bridge where the WDS-Interface resides on.

however, vpls and eoip should not be used for just L2-bridging within one wireless link.

sup5

guys, why all that hassle? just apply vlan-interfaces to your wireless-interfaces like you would do it with your plain ethernet-interfaces. just make sure to use station-bridge on the client side. that's all. no virtual-ap, no wds, no eoip, no vpls! I use it on a regular basis and it makes no differ...

sup5

use station-bridge mode instead...

sup5

just use a dc-dc converter from -48vdc to 24vdc, which is fully isolated.
we always mix professional -48vdc equipment with mikrotik +24vdc equipment using such converters. never had any issue...

sup5

We found out that the PoE-Injectors included with the SXT were responsible for ethernet port flapping, too. http://www.mikrotik-store.eu/media/images/popup/RBPOE.png When we used shielded PoE-Injectors like these, the port flapping went away. http://www.mikrotik-shop.de/images/product_images/popup_i...

sup5

zervan,
which version of ROuterOS and which routerboot (firmware) did you use during your test?

sup5

Yesterday I found out, that a firmware upgrade (routerboot?) solved one of my port flapping issues. The ethernet link between a RB1200 and a RB-SXT always lost connectivity when I tried to push data through it. A firmware upgrade on both Rb1200 and RB-SXT solved this issue. But I don't know if it wi...

sup5

- ensure proper Layer2-Isolation of your customers
- only hand out /32 addresses with DHCP-hotspot.
- use arp: reply-only in conjuction with dhcp.

sup5

NV2 on RB113 and RB112 is possible with ROS 5.14. But you'll experience jitter and limited bandwidth (max. 10Mbps). Only install absolutely necessary packages and ensure to upgrade the firmware before you go to ROS 5.14. If you don't upgrade the Firmware before you upgrade to ROS 5.14 then you will ...

sup5

I try to setup a similar network using OSPF route summarization.
If a LSP has to be announced as /32 througout the whole network,
where is the sense in doing route summarization?

How can I just announce /32 loopback routes and still just summarize any /30 and /24 routes of a given area?

sup5

use 'ap-bridge' on your access-point
use 'station-bridge' on your clients

there is no need to mess around with WDS, EoIP or even VPLS.
They all add complicated configuration and in case of EoIP and VPLS unnecessary overhead.

Search found 322 matches