Community discussions

Search found 212 matches

by rjickity
Tue Jan 08, 2019 8:49 am
Forum: RouterBOARD hardware
Topic: RB4011 wireless performance?
Replies: 26
Views: 3715

Re: RB4011 wireless performance?

How many AP's do you plan to install? aside from a singular AP performance, it's probably more relevant to assess the controller function and features along with the radio performance. The controller function and features along with the client compatibility unfortunately go hard against mtk enterpri...
by rjickity
Mon Jul 23, 2018 1:26 am
Forum: General
Topic: new vulnerability? [SOLVED]
Replies: 5
Views: 2588

Re: new vulnerability? [SOLVED]

Yes this is the with box vulnerability from April. You must patch to current as it was fixed in 6.42.1 About 26 hours ago i had a router exploited and it left the same traces (socks enabled, filter rule position 0 allowing winbox, script fetching that PHP file on schedule). it seems very much like s...
by rjickity
Mon May 15, 2017 9:46 am
Forum: General
Topic: IP Cloud clock drift
Replies: 3
Views: 514

IP Cloud clock drift

/ip cloud appears to be getting clock drift. noticed it on some routers: With IP cloud: /system clock print time: 06:51:41 date: may/15/2017 time-zone-autodetect: no time-zone-name: manual gmt-offset: +00:00 dst-active: no Approx 8 minutes ahead of time Add sntp configuration to an ntp.org pool and ...
by rjickity
Fri Sep 30, 2016 1:51 pm
Forum: Announcements
Topic: v6.38rc [release candidate] is released
Replies: 331
Views: 75204

Re: v6.38rc [release candidate] is released

STP and LLDP, look out !
by rjickity
Thu Dec 10, 2015 2:46 am
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 188144

Re: Cloud Hosted Router

Instead fixing bugs, Mikrotik trying to sale the air. I use RouterOS as ESXi guest for over 3 years without stupid 1Mbit limitations. CHR is essentially fixing bugs and broadening platforms for the x86 architecture. If you want more bandwidth then pay the extremely cheap price it costs to do so (wh...
by rjickity
Sun Sep 06, 2015 11:24 am
Forum: RouterBOARD hardware
Topic: hAP lite housing
Replies: 21
Views: 3989

Re: hAP lite housing

I think this design is fine for home users, they expect small pretty devices that don't stick out in the home. For smb/pro a redesigned casing for hAP AC and other mid range products have wall mount capability and focus on functionality over aesthetics. The current casings are a bit dated but realis...
by rjickity
Fri Sep 04, 2015 3:35 pm
Forum: RouterBOARD hardware
Topic: hAP lite housing
Replies: 21
Views: 3989

hAP lite housing

Looks like the enclosure has been redesigned:

http://routerboard.com/RB941-2nD-TC

Looks much nicer, more consumer. Is the plan to roll out this new look and feel across all models?
by rjickity
Wed Jun 10, 2015 3:59 pm
Forum: General
Topic: ASIC based Spanning Tree
Replies: 3
Views: 1043

Re: ASIC based Spanning Tree

fair call i guess, possibly not the best worded. The theory of utilizing the switching hardware to execute stp remains the same. there needs to be a an option which doesn't incorporate a software bridge
by rjickity
Mon Jun 08, 2015 3:22 pm
Forum: General
Topic: ASIC based Spanning Tree
Replies: 3
Views: 1043

ASIC based Spanning Tree

Is there any reason why mikrotik doesn't expose at least RSTP in their switch chips? all of their switch products are severely hindered by lack of spanning tree. RSTP is needed at a minimum in order to even have the mikrotik switch lineup as a true option. From what i see almost every chip in use su...
by rjickity
Mon Jun 08, 2015 2:34 am
Forum: Beginner Basics
Topic: Configuration Troubles on CCR / CRS / CRS (LACP, Masterport, VLANs)
Replies: 4
Views: 2005

Re: Configuration Troubles on CCR / CRS / CRS (LACP, Masterport, VLANs)

yes that seems correct for the trunking, can you see the load balancing happening on the crs ports in the trunk now ? you want to do it on both sides of the link (like you have).

The master port is fine, it just tells the ports where the grouping is on the asic for switching.
by rjickity
Sun Jun 07, 2015 6:54 pm
Forum: Beginner Basics
Topic: Configuration Troubles on CCR / CRS / CRS (LACP, Masterport, VLANs)
Replies: 4
Views: 2005

Re: Configuration Troubles on CCR / CRS / CRS (LACP, Masterport, VLANs)

First things first, you'll want to move away from LACP in the mikrotik world, their switches dont support it in hardware. So you'll want something like this for your trunks: CRS: /interface ethernet set ether3 master-port=ether2 set ether4 master-port=ether2 /interface ethernet switch trunk add name...
by rjickity
Thu May 21, 2015 3:44 pm
Forum: RouterBOARD hardware
Topic: RB1100x2 Reboots
Replies: 9
Views: 1249

Re: RB1100x2 Reboots

i had one reboot consecutively 5 times out of no where a few weeks ago. same situation, on UPS with no power events and logs shows the same. running 6.27. Still no idea what happened and support files show nothing.
by rjickity
Mon May 18, 2015 1:54 am
Forum: Forwarding Protocols
Topic: Bonding Two ADSL Lines over VPN
Replies: 11
Views: 3467

Your bonding interface is treated as your wan now. You will need to use your server side router for egress. So you should set your default route with the server side IP as your gateway. Make sure you don't have defaults on each connection, add in a specific route for each connection -> server so tha...
by rjickity
Fri May 15, 2015 3:36 pm
Forum: Forwarding Protocols
Topic: Bonding Two ADSL Lines over VPN
Replies: 11
Views: 3467

Re: Bonding Two ADSL Lines over VPN

from your diagram, if it's just for IP traffic, you would be able to acheive this by: 1. ipsec transport on each connection to the server peer 2. eoip tunnel on connection, accross each ipsec sa 3. create bonding interface with the eoip tunnels as members This should get you the result with a bit of...
by rjickity
Sun May 10, 2015 4:50 am
Forum: General
Topic: IPSec Connection Issue [Mikrotik<->FortGate]
Replies: 4
Views: 5483

Sorry I don't quite understand. Your ipsec policy will be what defines your traffic for encryption (SRC and DST addressing which from your initial policy is a single host on the MikroTik side and a small subnet on the fortigate side). When you say you cannot access from the WAN I would think that's ...
by rjickity
Sun May 10, 2015 4:44 am
Forum: Beginner Basics
Topic: VPN for 11 sites
Replies: 18
Views: 2502

You need to create direct tunnels between client 1 and client 2 in addition to client1 to main site, client2 to main site etc. This way client1-client2 traffic doesn't traverse the main site.
by rjickity
Fri Apr 17, 2015 4:27 pm
Forum: Wireless Networking
Topic: PTP bridge link in home
Replies: 4
Views: 777

Re: PTP bridge link in home

as strange as this might seem, i have done this exact thing a while ago due to not having the ability to run cabling within the house. 200Mbit throughput was not hard to obtain through the cement slab and piping etc. this was with a rb711 and antenna and a rb493G with a 52Hn card in 5Ghz. It perform...
by rjickity
Fri Apr 17, 2015 4:09 pm
Forum: Beginner Basics
Topic: VPN for 11 sites
Replies: 18
Views: 2502

Re: VPN for 11 sites

Go direct client to client. not hub and spoke. Work with multiple tunnels, to create a mesh

In cisco land (even vyos now) DMVPN would be the answer, in mkt land - you deal with a lot of configuration for a similar outcome.
by rjickity
Wed Apr 15, 2015 2:35 pm
Forum: General
Topic: v6.28 will be released this week!
Replies: 72
Views: 19021

Re: v6.28 will be released this week!

have their been any .ac related fixes in 6.28 ?

also is there a wireless-cm2 package for 6.28 ?

edit: romon is very interesting, i like the proxy winbox functionality with romon + new winbox. I can see how this could be quite powerful, i hope its heavily developed
by rjickity
Wed Jan 28, 2015 1:51 pm
Forum: General
Topic: IpSec VPN between MT / AZURE
Replies: 8
Views: 4023

Re: IpSec VPN between MT / AZURE

hi aeg, sorry for the late reply.

if you haven't figured out already - azure does not like ping. do not use it as diagnostic as it is always dropped.

check your sa's and make sure your byte counts are increasing and test out another protocol like ssh or rdp to your vm instance.
by rjickity
Wed Jan 21, 2015 3:02 pm
Forum: RouterBOARD hardware
Topic: IPsec performance of various models
Replies: 10
Views: 3044

Re: IPsec performance of various models

Depends on the type of tunnel....and encyption settings. Under optimal real world cobditions Single tunnel site to site... tcp nat'd/tunnel mode or ipip over ipsec/transport mode: 2011= 20Mbps ...give or take 850= 40-50Mbps 1100= 400Mbps CCR Series = 150Mbps With a 'normal' natt'd setup with 15 or ...
by rjickity
Wed Dec 17, 2014 4:47 pm
Forum: General
Topic: IpSec VPN between MT / AZURE
Replies: 8
Views: 4023

Re: IpSec VPN between MT / AZURE

mikrotik isn't technically supported by azure ;) i just grab the prebuilt cisco configs from the generator, apply your ios=ros translation skills. Here's a sanatised snip from a working azure setup i've got running for a traditional site-to-site tunnel: /ip ipsec proposal add disabled=yes enc-algori...
by rjickity
Wed Sep 03, 2014 5:14 am
Forum: RouterBOARD hardware
Topic: New hardware - mAP
Replies: 154
Views: 51314

Re: New hardware - mAP

i have 2x mAP's here but the 802.3af must be magic as it hasn't worked on any of my cisco 3560's... powers via passive no problems but definitely no dice from 802.3af switch edit: looks like its not just me http://forum.mikrotik.com/viewtopic.php?f=3&t=88451&p=445434&hilit=map+mode#p445434 well gues...
by rjickity
Sat Aug 30, 2014 12:17 pm
Forum: General
Topic: v6.19 released
Replies: 256
Views: 93511

Re: v6.19 released

i've just noticed new vlan options in the wireless interface: /interface wireless vlan-id and vlan-mode quite handy, just out of curiosity does it use the atheros chip or is this something the CPU does (a.k.a "/interface vlan") and will this affect card -> client tagging as well as card -> CPU ? edi...
by rjickity
Mon Aug 18, 2014 5:21 pm
Forum: General
Topic: PPoE Fail over from Non Mikrotik Router AKA cisco 881
Replies: 3
Views: 911

Re: PPoE Fail over from Non Mikrotik Router AKA cisco 881

What sort of failure on the Cisco are you trying to accommodate ? It seems very bizzare this situation as surely the 881 won't just break for no reason. The only thing I can think of without absolute crazy scripting is vrrp for the 2 units and on the MKT have an master-up script to enable pppoe inte...
by rjickity
Thu Aug 14, 2014 6:52 pm
Forum: General
Topic: CCR cannot perform routing
Replies: 9
Views: 1319

Re: CCR cannot perform routing

Sounds like maybe you forgot srcnat masquerading for your wan connection. Put your config up here and ppl will be able to assist
by rjickity
Thu Jun 05, 2014 3:28 am
Forum: General
Topic: How block OS Windows
Replies: 39
Views: 7736

Re: How block OS Windows

Any purely firewall/edge solution will be flawed for this. for a network based solution you would need to look at something like NAP/NAC with 802.1x switches. Hopefully there's a windows server on the network at least? otherwise you're going to be up for some expensive ci$co gear. Depending on how m...
by rjickity
Wed Jun 04, 2014 2:38 pm
Forum: General
Topic: How block OS Windows
Replies: 39
Views: 7736

Re: How block OS Windows

While you can't really do it directly you could put in some measures to detect. 1. Log windows-like activity such as NetBIOS discovery and add the SRC addresses To a list which you then drop. 2. Use layer 7 and interrogate http headers to find the OS ? Both are far from precise and clutching at stra...
by rjickity
Wed Jun 04, 2014 5:54 am
Forum: Wireless Networking
Topic: CAPs Manager
Replies: 165
Views: 56567

Re: CAPs Manager

I cant seem to have any caps on 40Mhz, each time i configure 40Mhz in 2.4 or 5ghz the cap interfaces report "-unsupported channel". If i swap the 2ghz channel config to 20Mhz it establishes straight away. /caps-man channel add band=5ghz-a/n/ac name=5ghz width=40 add band=2ghz-onlyn name=2ghz width=2...
by rjickity
Thu May 01, 2014 4:56 pm
Forum: General
Topic: SSTP and Windows Radius Server
Replies: 2
Views: 1946

Re: SSTP and Windows Radius Server

Check your encryption settings.

MikroTik - you profiles (match what you have in windows, mostly likely set encryption to 'required')

Windows - check you NPS network policy that it is matching and ensure you have supported encryption methods in there
by rjickity
Fri Mar 07, 2014 12:56 pm
Forum: Wireless Networking
Topic: Do fog affect wireless signal connectivity?
Replies: 15
Views: 4563

Re: Do fog affect wireless signal connectivity?

can you place a mast somewhere offside of the wind farm ?

you could maybe put an omni on each turbine in a mesh config and hand off to a side mast which can then give a fixed ptp to the office 5km away
by rjickity
Wed Feb 19, 2014 6:49 am
Forum: Wireless Networking
Topic: Mikrotik Wireless Controller
Replies: 54
Views: 17171

Re: Mikrotik Wireless Controller

nice article, looks very promising. when can we start beta testing ?? :D
by rjickity
Wed Feb 05, 2014 1:27 pm
Forum: Beginner Basics
Topic: I'm in WAAAAAY over my head
Replies: 6
Views: 1629

Re: I'm in WAAAAAY over my head

have you added the dhcp client to ether1 where you are plugging into the modem?
by rjickity
Wed Feb 05, 2014 1:25 pm
Forum: General
Topic: RB1100 Drops packets when Queue Tree enabled ?
Replies: 21
Views: 6127

Re: RB1100 Drops packets when Queue Tree enabled ?

Zod do you see this in 6.9 still ? i am not able to upgrade the 1100's i have at the moment so i cannot check
by rjickity
Wed Feb 05, 2014 12:36 pm
Forum: RouterBOARD hardware
Topic: IPsec RB for 20Mbps symmetric?
Replies: 2
Views: 1055

Re: IPsec RB for 20Mbps symmetric?

RB1100AHx2 is your best bet. this will give you 800Mbps of ipsec and still room to move. Any of the ccr will also work and any modern x86 will also be fine. They seem like big steps but really all over the MIPS series just fall short of meeting that criteria once you load it up with a half decent fi...
by rjickity
Fri Jan 24, 2014 2:56 am
Forum: Beginner Basics
Topic: Routerboard just dont want to work | Wireless speed issue
Replies: 10
Views: 2032

Re: Routerboard just dont want to work

ah, i just read the device you have RB911G-5HPnD.

you will not be able to do a ap-bridge unfortunately with the standard mikrotik license given
by rjickity
Thu Jan 23, 2014 9:45 am
Forum: Beginner Basics
Topic: Routerboard just dont want to work | Wireless speed issue
Replies: 10
Views: 2032

Re: Routerboard just dont want to work

change wireless mode to ap-bridge
/interface wireless
set 0 mode=ap-bridge
by rjickity
Wed Jan 22, 2014 9:05 am
Forum: Beginner Basics
Topic: Need help replacing a Fortigate with MikroTik
Replies: 5
Views: 2003

Re: Need help replacing a Fortigate with MikroTik

that would be under your /ip firewall filter and you'd want to deal with it on the forward chain. bear in mind that filter foward happens after nat so IP addressing will be the translated address
by rjickity
Tue Jan 21, 2014 10:07 am
Forum: Beginner Basics
Topic: Routerboard just dont want to work | Wireless speed issue
Replies: 10
Views: 2032

Re: Routerboard just dont want to work

port your '/export compact' from the routerboard. this should give us an idea. chances are you may just need to create a bridge interface, add the wlan1 and ether1 to the bridge interface and then move your IP address and DHCP server to the bridge interface instead of the ether1. This is all assumpt...
by rjickity
Tue Jan 21, 2014 8:29 am
Forum: Beginner Basics
Topic: I'm in WAAAAAY over my head
Replies: 6
Views: 1629

Re: I'm in WAAAAAY over my head

Hey Mike, Lets start by confirming if you have internet or not. Have you managed to connect it up and get internet access? if you can could you please post an "/export compact" from the router. This can be done through telnet, ssh or via winbox or webfig by clicking on "New Terminal" and typing the ...
by rjickity
Wed Jan 08, 2014 12:39 pm
Forum: Beginner Basics
Topic: Do I really have to lose a port?
Replies: 9
Views: 2944

Re: Do I really have to lose a port?

I think i see the wiki example you refer to: A 'master' port will be the port through which the RouterOS will communicate to all ports in the group. Interfaces for which the 'master' port is specified become inactive - no traffic is received on them and no traffic can be sent out. source: http://wik...
by rjickity
Thu Dec 05, 2013 6:40 am
Forum: RouterBOARD hardware
Topic: RB1200 IPsec latency
Replies: 17
Views: 4231

Re: RB1200 IPsec latency

Unfortunately I only have an RB2011 available for the otherside at the moment. 95-105Mbit TCP both direction forwarding is achieved before i max out the rb2011uias to 100% CPU. The RB1200 maintains 40% usage at this point. You could probably safely assume at least 200Mbps i guess, just bear in mind ...
by rjickity
Tue Dec 03, 2013 4:16 pm
Forum: RouterBOARD hardware
Topic: RB1200 IPsec latency
Replies: 17
Views: 4231

Re: RB1200 IPsec latency

For what it is worth to anyone, I recently decommissioned a RB1200 and did some lab testing on this issue. on ROS 6.7 and firmware 3.10 the IPSec latency issue does not present when using the following enc algorithms in the proposal: Blowfish Twofish Camellia - 128 Camellia - 192 Camellia - 256 All ...
by rjickity
Wed Nov 27, 2013 12:05 pm
Forum: General
Topic: RB1100 Drops packets when Queue Tree enabled ?
Replies: 21
Views: 6127

Re: RB1100 Drops packets when Queue Tree enabled ?

i can confirm i'm seeing this on rb1100ahx2 with queue trees also.

getting between 1-5/1000 drops with tree's enabled. disable the trees and its fine.

ROS 6.6 and routerboot 3.02
by rjickity
Mon Nov 11, 2013 3:09 am
Forum: General
Topic: Switching with RouterOS / CRS Questions
Replies: 81
Views: 43593

Re: Switching with RouterOS / CRS Questions

I think Omega's comments are a good place to start. The tagging functionality should be straight forward on the CRS, a simple GUI window with Tag, Untag, Forbid options would be good. Alot of vendors have straight forward illustrations of this (HP, Dell and many others). Some key features I would li...
by rjickity
Sat Oct 26, 2013 4:51 pm
Forum: General
Topic: V7 soon ?
Replies: 20
Views: 7793

Re: V7 soon ?

No not really. Lets let mikrotik focus on jobs for routers instead. Like routing, qos and security and their old favourite wireless

Sent from my GT-I9100 using Tapatalk now Free
by rjickity
Sat Oct 26, 2013 4:34 pm
Forum: General
Topic: SSTP: recvd too small packet
Replies: 33
Views: 11592

Re: SSTP: recvd too small packet

Petterg. I'm using sstp and radius for auth and 8.1 clients are connecting fine (after registry fix)

Sent from my GT-I9100 using Tapatalk now Free
by rjickity
Sat Oct 26, 2013 4:31 pm
Forum: RouterBOARD hardware
Topic: CRS vs Router
Replies: 10
Views: 5746

Re: CRS vs Router

Or what would be cool is to see the new 'special switch menu' thats mentioned on the crs product page

Sent from my GT-I9100 using Tapatalk now Free
by rjickity
Sat Oct 26, 2013 4:23 pm
Forum: RouterBOARD hardware
Topic: CRS vs Router
Replies: 10
Views: 5746

Re: CRS vs Router

Id have to agree with barkas on this. Normis, if you have 2 switch groups with different subnets on each group. Will traffic pass on the switch at wire speed between subnets ?

Sent from my GT-I9100 using Tapatalk now Free
by rjickity
Sun Oct 13, 2013 8:34 am
Forum: RouterBOARD hardware
Topic: IF RB493G speed not so fast check here :)
Replies: 2
Views: 847

Re: RB493G speed not so fast.

For things like a nas it is best to use switch chip where appropriate. Do this by specifying the master port in the interface ethernet settings and do not use a bridge interface. You will easily get 1Gbit.

Sent from my GT-I9100 using Tapatalk now Free
by rjickity
Wed Oct 09, 2013 3:50 pm
Forum: General
Topic: Need help to validate offices
Replies: 3
Views: 782

Re: Need help to validate offices

Hi Ibersystems, Unfortuantely i dont believe mikrotik would do this out of the box. the ideal way would be to do it via a 802.1x port based authentication with vlan assignment. I have some alternatives floating through my head at the moment that could potentially be done with mikrotik though..... wh...
by rjickity
Wed Oct 02, 2013 4:29 pm
Forum: General
Topic: Bought a RB750GL instead of a switch
Replies: 4
Views: 1130

Re: Bought a RB750GL instead of a switch

yep, dont use a bridge interface. set all ports to master of one. e.g.
/interface ethernet
set 1 master-port=ether1
set 2 master-port=ether1
set 3 master-port=ether1
set 4 master-port=ether1
this will use the switch chip instead of the cpu
by rjickity
Mon Sep 23, 2013 6:54 am
Forum: General
Topic: SSTP: recvd too small packet
Replies: 33
Views: 11592

Re: SSTP: recvd too small packet

Our Windows 8.1 clients also needed this registry addition to fix this one.
by rjickity
Wed Sep 04, 2013 1:54 am
Forum: Forwarding Protocols
Topic: Merge 2 DSL Lines and Give High Speed to your clients
Replies: 29
Views: 27242

Re: Merge 2 DSL Lines and Give High Speed to your clients

The pcc method on the wiki is suitable. Having a mobile service rather than ethernet doesn't make much difference, your wans would probably be ppp rather than ether.

Sent from my GT-I9100 using Tapatalk 2
by rjickity
Tue Sep 03, 2013 11:35 am
Forum: Forwarding Protocols
Topic: Merge 2 DSL Lines and Give High Speed to your clients
Replies: 29
Views: 27242

Re: Merge 2 DSL Lines and Give High Speed to your clients

Yes

Sent from my GT-I9100 using Tapatalk 2
by rjickity
Tue Sep 03, 2013 11:32 am
Forum: Wireless Networking
Topic: a M2M router with Mikrotik Boards
Replies: 13
Views: 3145

Re: a M2M router with Mikrotik Boards

How does the 'direct connection' along with dynamic addresses work exactly. Some part of that connection must be a known in order to make it direct surely (if its dynamic addresses rputed then that's a pretty average service). If that's the case id look at making a scheduled script on each side to u...
by rjickity
Fri Aug 30, 2013 12:47 pm
Forum: Beginner Basics
Topic: Site-to-site VPN
Replies: 3
Views: 17768

Re: Site-to-site VPN

There are many ways to do this. When you know how your internet will be connected (eg ppp) then tell us. you'll need to confirm ip addressing at each site too, subnets and exisiting ip's for routers etc

Sent from my GT-I9100 using Tapatalk 2
by rjickity
Fri Aug 23, 2013 1:36 pm
Forum: General
Topic: IPSec not Working
Replies: 6
Views: 7005

Re: IPSec not Working

Do you have any hosts on those lans or is this a lab. No sa at all would indicate ipsec isn't seeing any interesting traffic to encrypt.

Ensure while testing you ping with src-address specified with its lan side ip address.

Sent from my GT-I9100 using Tapatalk 2
by rjickity
Tue Aug 20, 2013 4:52 am
Forum: General
Topic: Will RB1200 support FastPath? Wiki says it won't
Replies: 4
Views: 1221

Re: Will RB1200 support FastPath? Wiki says it won't

Hi,

Is fastpath support on rb1200 yet? or are there plans to make it work yet...
by rjickity
Fri Jul 19, 2013 2:54 pm
Forum: General
Topic: Bridging WLAN and ETHER properly
Replies: 9
Views: 1874

Re: Bridging WLAN and ETHER properly

Want to post your config mike ? it may assist
by rjickity
Sat Jul 13, 2013 8:09 pm
Forum: General
Topic: vlans between access points
Replies: 7
Views: 1123

Re: vlans between access points

Is the traffic coming out of the switch tagged ? If so create vlan interface on the 751 interfacr connecting to the switch with vlan id 50 and then add it to the bridge with the wlan

Sent from my GT-I9100 using Tapatalk 2
by rjickity
Wed Jul 10, 2013 12:21 pm
Forum: Beginner Basics
Topic: IPSec vs IPIP over IPSec for Site To Site?
Replies: 3
Views: 2066

Re: IPSec vs IPIP over IPSec for Site To Site?

Routing :-)

And stability...

Sent from my GT-I9100 using Tapatalk 2
by rjickity
Thu Jul 04, 2013 2:45 pm
Forum: General
Topic: 10 Wan Ports
Replies: 6
Views: 1179

Re: 10 Wan Ports

spot on. example. switch: port1 - vlan 101 - mode access/untagged port2 - vlan 102 - mode access/untagged port3 - vlan 103 - mode access/untagged port4 - vlan 104 - mode access/untagged port5 - vlan 105 - mode access/untagged port6 - vlan 106 - mode access/untagged port7 - vlan 107 - mode access/unt...
by rjickity
Thu Jul 04, 2013 2:30 pm
Forum: Beginner Basics
Topic: Wan interface forward
Replies: 14
Views: 2769

Re: Wan interface forward

pop your /export compact in here and we'll take a look
by rjickity
Thu Jul 04, 2013 12:16 pm
Forum: Beginner Basics
Topic: 2 ISP, 2 networks, full failover
Replies: 6
Views: 1327

Re: 2 ISP, 2 networks, full failover

One router and 2 wans ? Use mangle and routing marks. Pcc is good for this

Sent from my GT-I9100 using Tapatalk 2
by rjickity
Thu Jul 04, 2013 12:31 am
Forum: Beginner Basics
Topic: Wan interface forward
Replies: 14
Views: 2769

Re: Wan interface forward

What sort of subnet did they give you ? To get a public ip you could create a bridge int. Add the wan interface to that, setup your dhcp client for your internet connection (assuming this is how you need to do it)on the bridge. Then just add the interface your settop box is connected to into that sa...
by rjickity
Thu Jul 04, 2013 12:25 am
Forum: Beginner Basics
Topic: 2 ISP, 2 networks, full failover
Replies: 6
Views: 1327

Re: 2 ISP, 2 networks, full failover

Ospf ecmp for your wans. And you could do vrrp for your lans. You'd most likely need to change a bit of config for this though, like bringing the lan networks to both routers

Sent from my GT-I9100 using Tapatalk 2
by rjickity
Wed Jul 03, 2013 1:17 am
Forum: Forwarding Protocols
Topic: Download and upload two separate links??
Replies: 14
Views: 4498

Re: Download and upload two separate links??

You could setup a bond across the connections to realise more speed or you could put opposite routes on each side. E.g. Side a - radio1 route Side b - radio2 route That way each side will route out diferent radios. You can also add in a secondary route on each side to the other radio with a higher c...
by rjickity
Tue Jun 18, 2013 3:48 am
Forum: Beginner Basics
Topic: pppoe over vlan
Replies: 1
Views: 2697

Re: pppoe over vlan

you should be able to simply create the vlan interface on ether1 (that goes to the AP) and then create pppoe client on the vlan interface. Then on ether 2 create the LAN. or you could create a bridge and add ether2 and the wlan1 if you want to provide local wifi also.
by rjickity
Thu Jun 13, 2013 4:54 pm
Forum: RouterBOARD hardware
Topic: RB411UAHR with Sierra Wireless MC7710
Replies: 6
Views: 2773

Re: RB411UAHR with Sierra Wireless MC7710

my lte interface existed when the modem was installed (i believe it prepopulates since around ros 5.14 or so). modem set to use direct ip and a dhcp client on the lte1 interface. i'm not too sure what could be the problem, maybe post your /export and we can take a look ? silly question but its the s...
by rjickity
Thu Jun 13, 2013 3:39 pm
Forum: RouterBOARD hardware
Topic: RB411UAHR with Sierra Wireless MC7710
Replies: 6
Views: 2773

Re: RB411UAHR with Sierra Wireless MC7710

Nope, i dont use the aux antenna. your signal is great, i dont think that is the problem. What does your cpu look like when you're pushing it ? /system resource print uptime: 2w12h20m19s version: 5.21 free-memory: 19108KiB total-memory: 29696KiB cpu: MIPS 24Kc V7.4 cpu-count: 1 cpu-frequency: 300MHz...
by rjickity
Thu Jun 13, 2013 12:07 pm
Forum: General
Topic: 10 Wan Ports
Replies: 6
Views: 1179

Re: 10 Wan Ports

On the switch connect each adsl service to an access port each on their own vlan. Then Vlan trunk from switch to router.

Sent from my GT-I9100 using Tapatalk 2
by rjickity
Tue Jun 11, 2013 4:43 pm
Forum: RouterBOARD hardware
Topic: [SOLVED] RB951G-2HnD randomly reboots or stops responding
Replies: 5
Views: 2295

Re: New RB951G-2HnD randomly reboots or stops responding

I had similar strange behaviour with a 951G but mine also eventually became unresponsive.

A netinstall to v6 appeared to have fixed it

Sent from my GT-I9100 using Tapatalk 2
by rjickity
Tue Jun 11, 2013 2:58 am
Forum: Wireless Networking
Topic: Can you get 300Mbps WiFi connection to your router?
Replies: 5
Views: 2873

Re: Can you get 300Mbps WiFi connection to your router?

Apple mac only does 40mhz on 5Ghz band by default

Sent from my GT-I9100 using Tapatalk 2
by rjickity
Wed Jun 05, 2013 4:45 pm
Forum: RouterBOARD hardware
Topic: RB411UAHR with Sierra Wireless MC7710
Replies: 6
Views: 2773

Re: RB411UAHR with Sierra Wireless MC7710

i'm using an rb411U and mc7710, I get a throughput of approx 30-35Mb/s with signal-strengh: -69 dBm on my carrier.
by rjickity
Wed May 15, 2013 5:18 am
Forum: RouterBOARD hardware
Topic: Published Hardware Performance
Replies: 1
Views: 570

Published Hardware Performance

Is there an area that has all RB models performance metrics? routerboard.com has some devices populated (with v6.0rc5 on most) but it would be nice to have all the current models with both stable and testing ROS metrics. Does it already exist? if not, can it :) ? it would help when selecting appropr...
by rjickity
Wed May 15, 2013 3:43 am
Forum: Beginner Basics
Topic: Slave Ports + Firewall
Replies: 2
Views: 823

Re: Slave Ports + Firewall

Yes, although maybe (depending on the rb model and types of mangle rules) switch rules could assist you

Sent from my GT-I9100 using Tapatalk 2
by rjickity
Tue May 14, 2013 6:24 pm
Forum: Wireless Networking
Topic: serial data transfer
Replies: 3
Views: 793

Re: serial data transfer

something like Westermo EDW-100 should work. that particular device can be paired with another and do a direct point to point conversion. So you would have : [ SERIAL INTERFACE ] ---[ Serial Convertor A ]-- ( Mikrotik PTP Wireless Link ) ---[ Serial Convertor B ]--- [ SERIAL INTERFACE ] Just ensure ...
by rjickity
Tue May 07, 2013 12:20 pm
Forum: Beginner Basics
Topic: Who can i bypass proxy when i use local webserver
Replies: 3
Views: 1774

Re: Who can i bypass proxy when i use local webserver

maybe move clients to the routerboard dns which then uses google dns, then you can add records.



here's the hairpin nat: http://wiki.mikrotik.com/wiki/Hairpin_NAT
by rjickity
Mon May 06, 2013 12:23 pm
Forum: Beginner Basics
Topic: Who can i bypass proxy when i use local webserver
Replies: 3
Views: 1774

Re: Who can i bypass proxy when i use local webserver

Do you run internal dns ? One way would be to add a records for the dns name with the internal ip.

The other way would be to.create hairpin nat

Sent from my GT-I9100 using Tapatalk 2
by rjickity
Thu May 02, 2013 6:17 pm
Forum: RouterBOARD hardware
Topic: RouterBoard 2011uas 2hnd dual wan with 30 users
Replies: 4
Views: 1523

Re: RouterBoard 2011uas 2hnd dual wan with 30 users

Let us know the type of load balancing you want or are trying to achieve/your current config and we'll see how we can be of assistance.
by rjickity
Thu May 02, 2013 11:27 am
Forum: Beginner Basics
Topic: Load Balancing + VOIP
Replies: 2
Views: 1219

Re: Load Balancing + VOIP

Do you want it in the balancing group ? If so add it into mangle just like the others and increment appropriately. Then to preference your voip you'll want to just classify the traffic (maybe port or port +destination, voip phone ips, dscp markings) what ever works for you. Then just mark that class...
by rjickity
Mon Apr 29, 2013 12:28 pm
Forum: Wireless Networking
Topic: serial data transfer
Replies: 3
Views: 793

Re: serial data transfer

Use serial servers. It'll convert serial to ip for you

Sent from my GT-I9100 using Tapatalk 2
by rjickity
Fri Apr 26, 2013 12:10 pm
Forum: RouterBOARD hardware
Topic: RouterBoard 2011uas 2hnd dual wan with 30 users
Replies: 4
Views: 1523

Re: RouterBoard 2011uas 2hnd dual wan with 30 users

I have a 751G with a similar kind of setup and using PCC loadbalancing without issues. RB2011 will be more than enough
by rjickity
Tue Apr 23, 2013 5:03 pm
Forum: General
Topic: Bridge everything except one specific VLAN
Replies: 4
Views: 698

Re: Bridge everything except one specific VLAN

Create the vlan interfaces on each physical int. Then add them all to the bridge as ports

Sent from my GT-I9100 using Tapatalk 2
by rjickity
Sat Apr 20, 2013 5:44 pm
Forum: General
Topic: Exchange behind the Routerboard: queue is full
Replies: 18
Views: 5904

Re: Exchange behind the Routerboard: queue is full

how is your DNS setup on the dns/exchange server? if it was 'correct' then there should be no reliance upon your router for DNS. do not use the router and set your dns forwarders with the IP's your ISP has provided you and that will be all.
by rjickity
Sat Apr 20, 2013 7:23 am
Forum: General
Topic: Exchange behind the Routerboard: queue is full
Replies: 18
Views: 5904

Re: Exchange behind the Routerboard: queue is full

Id recommend pinpoint zones on your dns for exchange resources combined with removing your nat hairpin config on the routerboard. The source of the current issue would be (as mentioned before) your masquerade rules. This is assuming your dns is 100% configured correctly, this assumes the lancoms did...
by rjickity
Mon Apr 15, 2013 3:34 pm
Forum: General
Topic: VPN for VOIP
Replies: 13
Views: 3523

Re: VPN for VOIP

Samir494. It depends on what his pbx's are. Alot will not encrypt SIP so you cannot say that infact if you look at SIP it is very much human readable and very much insecure by nature. To the OP - PPTP should be operating fine, I would suggest you get a trace of a call (wireshark the host or packet s...
by rjickity
Mon Apr 15, 2013 1:06 pm
Forum: General
Topic: Troublshooting network outage
Replies: 4
Views: 598

Re: Troublshooting network outage

If you have syslog then make log rules on all chains on your interface connecting the network to the remote syslog. (Or you could set a log action to disk but make sure you don't leave that on) At least you should get SOMETHING from the event telling you what the culprit is. Sent from my GT-I9100 us...
by rjickity
Mon Apr 15, 2013 12:25 pm
Forum: General
Topic: Give to local device public ip address (without nat)
Replies: 7
Views: 1107

Re: Give to local device public ip address (without nat)

Take a subnet out of your range, create a vlan(assuming you are using a switch) address the vlan and then add your hosts to that vlan with an address in the subnet you made and a gateway of your router address you put on the vlan interface. A standard '3 leg perimeter' firewall type setup Sent from ...
by rjickity
Mon Apr 15, 2013 2:52 am
Forum: General
Topic: Troublshooting network outage
Replies: 4
Views: 598

Re: Troublshooting network outage

Have you set logging ?

Maybe schedule a log rule going to a syslog server so you can see the exact activity

Sent from my GT-I9100 using Tapatalk 2
by rjickity
Tue Apr 09, 2013 12:17 pm
Forum: General
Topic: Cisco lan-to-lan IPSEC tunnel
Replies: 29
Views: 14151

Re: Cisco lan-to-lan IPSEC tunnel

hope this helps some people in future Hi rjickity, Thanks for sharing your experience on the forum. How is your tunnel stability? Do you see traffic stops to pass after some times? Do you use any scheduler/script regarding IPSEC? hi otgooneo, no i have never manually intervened on this link, last d...
by rjickity
Mon Apr 08, 2013 5:01 pm
Forum: General
Topic: Cisco lan-to-lan IPSEC tunnel
Replies: 29
Views: 14151

Re: Cisco lan-to-lan IPSEC tunnel

I'm not sure if it means much but I've got tunnels running flawlessly for >1year using IPsec over a tunnel interface. I generally use ipip for cisco <-> mikrotik. Helpful too because then you can route through it also. here is a sanitised config example. 1.1.1.1 represents the mkt public IP and 2.2....
by rjickity
Sat Apr 06, 2013 1:57 pm
Forum: Beginner Basics
Topic: Considering getting the CCR1036-12G-4S
Replies: 14
Views: 1718

Re: Considering getting the CCR1036-12G-4S

The vigors you use are pretty good for performance and compatability. Generally depending on the line rate most of the basic modems/routers work fine. Tplink 8817's are probably one of the best value as their cost next to nothing but rates >15mbit constantly on these units I've seen them crash. Chec...
by rjickity
Sat Apr 06, 2013 8:56 am
Forum: Beginner Basics
Topic: Considering getting the CCR1036-12G-4S
Replies: 14
Views: 1718

Re: Considering getting the CCR1036-12G-4S

I have a similar network but also doing ipsec tunnel. I have a few more routed networks directly attached.

I'm doing about 30 filter rules and about 20 mangles along with 4 queue trees. I use an rb1200 doing this and it rarely >20% cpu

Sent from my GT-I9100 using Tapatalk 2
by rjickity
Fri Apr 05, 2013 1:18 pm
Forum: RouterBOARD hardware
Topic: Raspberry Pi buffering video problem on RB750GL
Replies: 14
Views: 5622

Re: Raspberry Pi buffering video problem on RB750GL

Is it switching or on a bridge ? If bridge then set the master/slave to use the switch chip

Sent from my GT-I9100 using Tapatalk 2
by rjickity
Tue Apr 02, 2013 12:55 pm
Forum: General
Topic: Port forwarding driving me insane!
Replies: 19
Views: 2542

Re: Port forwarding driving me insane!

try this settings: Action=dstnat Chain=dstnat Dst. Address="your public ip here" Protocol=6(tcp) To Addresses="your camera local ip" Dst. Port=8080 In Interface="your gateway here" Thanks starwinX. The only problem I can see with this is I don not have a static public IP address. What should I put ...
by rjickity
Sat Mar 30, 2013 3:36 pm
Forum: Beginner Basics
Topic: Getting started with RB500
Replies: 8
Views: 1475

Re: Getting started with RB500

I have no idea what version would work best but I would suggest using as new as it will accept. If it is for only your home network I would recommend just updating and see how you go, you will retain your configuration but even if you don't or you lose it for some other reasob- It wont hurt you to r...
by rjickity
Sat Mar 30, 2013 5:26 am
Forum: Beginner Basics
Topic: Getting started with RB500
Replies: 8
Views: 1475

Re: Getting started with RB500

Hey leon, how is it that you want to do it. There's a few key steps to this activity 1. Identify what you're wanting to manipulate (e.g. host based traffic? Maybe use ip address) 2. Classify the identified traffic (/ip firewall mangle) 3. Do something with the traffic (speed limiting ? You'll want t...
by rjickity
Sun Mar 24, 2013 1:37 pm
Forum: General
Topic: Port forwarding driving me insane!
Replies: 19
Views: 2542

Re: Port forwarding driving me insane!

Your filter rule should be on the forward chain. Change that and see. If it still does not work please post all your /ip firewall export

Sent from my GT-I9100 using Tapatalk 2
by rjickity
Fri Mar 08, 2013 12:36 pm
Forum: General
Topic: CPU on Mikrotiks at 100%
Replies: 11
Views: 1784

Re: CPU on Mikrotiks at 100%

I also see this when uploading update files. Under profile it shows the flash process maxxing it out.

Same ros versions. Models Rb751,493G,951

Sent from my GT-I9100 using Tapatalk 2
by rjickity
Sun Mar 03, 2013 2:34 pm
Forum: General
Topic: Firewall on same subnet
Replies: 11
Views: 2197

Re: Firewall on same subnet

The best option is a vlan access map on the switch.

I guess if you must use a router then you could bridge ports on the router and connect the printer via that bridged port, you could then control traffic via the bridge....

Sent from my GT-I9100 using Tapatalk 2
by rjickity
Thu Feb 21, 2013 2:55 pm
Forum: General
Topic: basic port foward easily achieved by cheap routers. NOTonMT
Replies: 11
Views: 1535

Re: basic port foward easily achieved by cheap routers. NOTo

Supply the in-interface like advised above and it will work.

If it doesn't, show us /ip firewall filter export compact

Without more info you wont get much help
by rjickity
Thu Feb 21, 2013 2:35 pm
Forum: Wireless Networking
Topic: Mikrotik Wireless Controller
Replies: 54
Views: 17171

Re: Mikrotik Wireless Controller

wow, fantastic. will definitely be checking this out when it becomes available :D
by rjickity
Wed Feb 13, 2013 10:36 am
Forum: General
Topic: Is this max for Microtik?
Replies: 8
Views: 1249

Re: Is this max for Microtik?

the cpu on the bonding router appears to be max, why not try a more powerful unit and see how your speeds go then? maybe a 951/2011. I'd imagine you may be able to squeeze a little more :D
by rjickity
Wed Feb 06, 2013 1:00 pm
Forum: RouterBOARD hardware
Topic: RB260GS
Replies: 23
Views: 8566

RB260GS

New switch? no way...

http://routerboard.com/RB260GS

It has a SFP cage which could be nice, does this mean mikrotik are actually pursuing SwOS now? :D
by rjickity
Thu Jan 24, 2013 3:13 pm
Forum: General
Topic: Switch chip features
Replies: 4
Views: 835

Re: Switch chip features

hi kirshteins thank you but my question is, can we utilize these features ? as it is now as an example, if i'm hardware switching on an RB2011UAS-2HnD on ports 1-5 and i create a switching loop it does not stop this. Now those ports use the Atheros 8327 chip according to the router, which has full s...
by rjickity
Wed Jan 23, 2013 1:34 am
Forum: General
Topic: Switch chip features
Replies: 4
Views: 835

Re: Switch chip features

Thanks, I realise that :smile: my question was can more features from the switching chip be made available.

Sent from my GT-I9100 using Tapatalk 2
by rjickity
Mon Jan 21, 2013 3:17 am
Forum: General
Topic: Switch chip features
Replies: 4
Views: 835

Switch chip features

Is there a way to get more switch chip features in the rb's. I noticed that there does not appear to be spanning-tree capabilities available on the switch chip via routeros
by rjickity
Wed Jan 16, 2013 12:46 pm
Forum: RouterBOARD hardware
Topic: Dual band indoor AP
Replies: 7
Views: 3401

Re: Dual band indoor AP

a dual radio ap with a 'corporate' look is definitely missing and would be great to have. something like a RB952G? it would be nice :)

3x3 or 3x4 MIMO would be nice also :D
by rjickity
Mon Jan 14, 2013 3:25 am
Forum: Beginner Basics
Topic: Trunking Vlans to VMWare (Block VLAN->VLAN traffic)
Replies: 13
Views: 1877

Re: Trunking Vlans to VMWare (Block VLAN->VLAN traffic)

You must add a firewall filter on the forward chain to that interface to stop your traffic then

Sent from my GT-I9100 using Tapatalk
by rjickity
Wed Jan 02, 2013 6:33 am
Forum: Beginner Basics
Topic: Converting my Cisco config
Replies: 3
Views: 1271

Re: Converting my Cisco config

Yes, create a bridge in replacement for your vlans and you can achieve the same as you have on that switch. E.g. BRIDGE1=vlan10 then add any ports that needs to be on that segment onto that bridge interface. The routed port on that switch is simple, just address an interface on the ccr. Sent from my...
by rjickity
Wed Dec 19, 2012 6:01 am
Forum: General
Topic: DHCP relay across sites
Replies: 0
Views: 387

DHCP relay across sites

Hi, We have a site connected to another via IPIP tunnel with a /30. I have tried to setup a dhcp helper/relay and doesn't appear to work. ROS v5.21 site1-10.4.8.0/24 | tunnel | site2-10.4.2.0/24 The dhcp server is setup in site 2 and the relay is configured as follows: /ip dhcp-relay add dhcp-server...
by rjickity
Mon Dec 03, 2012 10:40 am
Forum: General
Topic: Exchange NAT
Replies: 1
Views: 502

Re: Exchange NAT

You will need another nat rule for outbound out the other ip. Currently id say its hitting your masquerade rule..

If you provide your current nat rules we can assist if you're stuck.

Sent from my GT-I9100 using Tapatalk 2
by rjickity
Wed Nov 28, 2012 7:52 am
Forum: RouterBOARD hardware
Topic: Poor gigabit on RB/493G
Replies: 7
Views: 2143

Re: Poor gigabit on RB/493G

Remove the ethernet ports from the bridge and set the master port on each one. Remember also there's 2 switch chips on that unit making 2 switch port groups.
I have a 493G and get full Gbit on the ports via the switch.

Sent from my GT-I9100 using Tapatalk 2
by rjickity
Mon Nov 19, 2012 11:53 am
Forum: General
Topic: Segregated LANs, 1 Trunk
Replies: 4
Views: 2315

Re: Segregated LANs, 1 Trunk

you could alternatively use a gre tunnel or some form of vpn if it suits you better? You can achieve the same result. The mkt is able to do quite alot of them. Pptp server is probably the easiest to do.

Sent from my GT-I9100 using Tapatalk 2
by rjickity
Mon Nov 19, 2012 6:12 am
Forum: General
Topic: Segregated LANs, 1 Trunk
Replies: 4
Views: 2315

Re: Segregated LANs, 1 Trunk

If you have a vlan switch yes. -Create vlan interface on lan2 interface -Create a bridge interface -Add vlan and lan1 interface to bridge. -Relocate ip and dhcp to bridge instead of lan1 physical interface. -add vlan id to switch -tag vlan on port connecting switch to lan2 physical interface -assign...
by rjickity
Sat Nov 17, 2012 6:20 pm
Forum: RouterBOARD hardware
Topic: RB2011UAS-2HnD-IN wireless performance
Replies: 0
Views: 640

RB2011UAS-2HnD-IN wireless performance

has anyone got one of these that could provide some wireless performance stats? i'm wondering if it performs better than the 751G.

The main thing I am interested in is sustained throughput numbers from the router -> client (laptop).
by rjickity
Mon Nov 12, 2012 1:53 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1015679

Re: CLOUD CORE ROUTER

I saw the 36 core router at the mum. It was 99% CPU and consuming ~49 watts iirc
by rjickity
Fri Nov 09, 2012 1:28 pm
Forum: General
Topic: Radius Local User Login no radius server found
Replies: 0
Views: 625

Radius Local User Login no radius server found

Hi, I cannot get local authentication to my RouterOS devices working. I have radius setup for wireless and ppp which are working fine. The radius server is also serving cisco devices fine. My config: /radius add address=10.4.8.1 comment=radius domain=xxxx secret=xxxx service=ppp,login src-address=10...
by rjickity
Fri Nov 09, 2012 2:42 am
Forum: RouterBOARD hardware
Topic: sick of rb711-series boards...
Replies: 21
Views: 3787

Re: sick of rb711-series boards...

Have you gone over the script ? Sounds like that's the step in your process that is failing...
by rjickity
Fri Oct 19, 2012 11:58 am
Forum: Beginner Basics
Topic: I'm in over my head
Replies: 3
Views: 936

Re: I'm in over my head

You'll need to add in an accept for gre in there too on the pptp range
by rjickity
Thu Oct 18, 2012 11:10 am
Forum: General
Topic: Priority and VPLS
Replies: 5
Views: 915

Re: Priority and VPLS

I'm looking for information on the MPLS MTU limitations but i cannot find anything definitive. so with control word disabled i can achieve 1526 which will give me what i need. Correct me if i'm wrong but with SXT's i will not have an issue with MTU if i need to go >1526 (source: http://wiki.mikrotik...
by rjickity
Thu Oct 18, 2012 5:11 am
Forum: RouterBOARD hardware
Topic: RB44Ge
Replies: 9
Views: 4321

Re: RB44Ge

you'll be hard pressed. the card was created with the purpose of routerOS in mind. You would be better off getting a card from another vendor for your windows 7 machine
by rjickity
Thu Oct 18, 2012 1:01 am
Forum: General
Topic: Priority and VPLS
Replies: 5
Views: 915

Re: Priority and VPLS

i'm not using eoip on this. My comment "VPLS over EoIP" was said as in i have chosen to use VPLS over using EoIP. sorry for the confusion :)
by rjickity
Wed Oct 17, 2012 5:24 pm
Forum: General
Topic: Priority and VPLS
Replies: 5
Views: 915

Priority and VPLS

I have a question on the method to perform the following. 2 sites, connected via wireless bridge. I am considering VPLS over EoIP to go onto the link. The purpose is to encapsulate all vlans into it and pass across the link to come out the other side retaining their respective VLAN ID's. Illustratio...
by rjickity
Wed Oct 17, 2012 2:34 pm
Forum: RouterBOARD hardware
Topic: RB44Ge
Replies: 9
Views: 4321

Re: RB44Ge

indeed, as does many *nix. problem is that the OP has windows 7
by rjickity
Wed Oct 17, 2012 2:37 am
Forum: RouterBOARD hardware
Topic: RB44Ge
Replies: 9
Views: 4321

Re: RB44Ge

I believe he is looking for teaming software for the network card.

I do not know of any software for these chips to achieve this. You would want to do it by the OS and win7 doesn't have it natively

Sent from my GT-I9100 using Tapatalk 2
by rjickity
Wed Oct 10, 2012 2:23 pm
Forum: General
Topic: softphone traffic prioritize
Replies: 6
Views: 1125

Re: softphone traffic prioritize

Hmmmm, there's many ways. its a common discussion amongst mikrotik ppl

wiki article is here with some methods: http://wiki.mikrotik.com/wiki/Voip

and then the forum discussion: http://forum.mikrotik.com/viewtopic.php?f=2&t=62958
by rjickity
Wed Oct 10, 2012 1:31 pm
Forum: General
Topic: softphone traffic prioritize
Replies: 6
Views: 1125

Re: softphone traffic prioritize

From you -> provider If you're using windows: -Mark the packets for the softphone application with a DSCP marking (windows QoS scheduler policy). This can be done via group policy or local computer Policy. Computer Configuration -> Windows Settings -> Policy Based QoS -> <insert policy, specify exe...
by rjickity
Tue Sep 25, 2012 2:51 am
Forum: Beginner Basics
Topic: MS RRAS + MikroTik DHCP
Replies: 1
Views: 719

Re: MS RRAS + MikroTik DHCP

what are the subnets involved (vpn, servers etc)

Also what is the client ip details for the vpn interface once connected.
by rjickity
Mon Sep 24, 2012 4:42 am
Forum: General
Topic: ROS v5.20 won't boot from SSD
Replies: 5
Views: 1628

Re: ROS v5.20 won't boot from SSD

the drive needs to be seen as IDE.

in your bios ensure your sata mode is IDE or Legacy and not AHCI.

Cheers
by rjickity
Sat Sep 22, 2012 12:29 pm
Forum: Wireless Networking
Topic: Problem with mikrotik and IOS6
Replies: 46
Views: 39339

Re: Problem with mikrotik and IOS6

Yesterday our office apple users upgraded, we have 4 io6 devices that i know of (ipad 3, iphone 4, iphone 4s and iphone 5) connecting to 751G no problem (aside from ios6 uploading location information to amazon web servers at ~600kbps, but that's another story...)
by rjickity
Sat Sep 22, 2012 8:38 am
Forum: General
Topic: RouterOS v6 release candidate 1
Replies: 96
Views: 30031

Re: RouterOS v6 release candidate 1

Is mikrotik going to update all the documentation for their devices with ROS 6 throughput data when its final? Also could we get the new products in your comparison matrix ? http://routerboard.com/pdf/RouterBOARD_Price_Performance_Comparison.pdf edit: i see they have updated the throughput results a...
by rjickity
Sat Sep 22, 2012 8:02 am
Forum: Scripting
Topic: RB751 usb modem problem
Replies: 1
Views: 1136

Re: RB751 usb modem problem

did you get any further with this or submit it to mikrotik? i'm interested to see if this device can work with mikrotik.
by rjickity
Fri Sep 21, 2012 4:13 pm
Forum: General
Topic: Feature Request: IPSEC Improvements
Replies: 60
Views: 15704

Re: Feature Request: IPSEC Improvements

Yes absolutely.

VTI +1
XAuth +1
by rjickity
Thu Sep 20, 2012 11:45 am
Forum: Beginner Basics
Topic: vmware dmz help
Replies: 3
Views: 696

Re: vmware dmz help

sure thing, if you post some details of the network and your config i'll be happy to help where I can.
by rjickity
Thu Sep 20, 2012 3:10 am
Forum: General
Topic: Can RouterOS do Broadband Bonding / WAN Virtualization ?
Replies: 8
Views: 3327

Re: Can RouterOS do Broadband Bonding / WAN Virtualization ?

I've done this using eoip tunnels. In my exp there was about 10-15% bandwidth lost while doing it but I found more value in using PCC (not to mention the costs for the remote end were higher than additional connections at the primary site). Sure it doesn't help the single stream but in the end that ...
by rjickity
Fri Sep 14, 2012 12:50 pm
Forum: Beginner Basics
Topic: vmware dmz help
Replies: 3
Views: 696

Re: vmware dmz help

I would suggest to not dst-nat to esx directly as there is no point aside from management.

I would create a vlan interface on the mikrotik to esx and then add a network to the vswitch appropriately.

Then you could route publicly or create an internal subnet for dmz and use dst-nat. Upto you
by rjickity
Thu Sep 13, 2012 4:08 am
Forum: General
Topic: What do you all think of the EdgeRouter?
Replies: 21
Views: 3457

Re: What do you all think of the EdgeRouter?

I dont think it's going to change the world... UBNT are directly targeting enterprise and unfortunately they still have a long way to go to get in there (same with mikrotik). The edgerouters look pretty good but it would be interesting to see how they perform when they are put into a normal multipur...
by rjickity
Mon Sep 10, 2012 9:14 am
Forum: General
Topic: PCQ with priority - mangle causing timeouts
Replies: 1
Views: 1154

Re: PCQ with priority - mangle causing timeouts

for anyone that may have a similar issue in future. I worked through this with mikrotik support (thanks janis :) ) and it turned out that it was the dynamic mangle rules (change mss) created from my pppoe-out connection causing the problem. The problem only seemed to present itself to the akamaiedge...
by rjickity
Thu Sep 06, 2012 12:30 pm
Forum: General
Topic: Winbox dead in Windows 8
Replies: 13
Views: 8032

Re: Winbox dead in Windows 8

The normal uac firewall exception didn't seem to hold for my windows 8. After manually adding the application in on my firewall profiles it work.

Disable the firewall and l check winbox again to see if that's affecting you
by rjickity
Wed Sep 05, 2012 3:55 pm
Forum: General
Topic: Happy with your purchase?
Replies: 32
Views: 5002

Re: Happy with your purchase?

I have been 'playing around' with mikrotik for a few years, mainly at home. In this time it sparked enough curiosity topursue it more. In the past year and a bit i have taken them more seriously and spent alot of time learning them more and have started deploying them in alot of my customer sites. M...
by rjickity
Mon Sep 03, 2012 10:48 am
Forum: General
Topic: Correct local address for PPTP profile
Replies: 1
Views: 623

Re: Correct local address for PPTP profile

yes thats fine but ensure you have proxy-arp enabled if you do it this way

ether 2 in this example is your local interface
/interface ethernet set ether2 arp=proxy-arp
by rjickity
Wed Aug 29, 2012 2:23 pm
Forum: Beginner Basics
Topic: Basic port forwarding not working
Replies: 2
Views: 2243

Re: Basic port forwarding not workin

did you manually type in the chain name on those? the chain should be dstnat and not dst-nat. Try this and see if the counter increments when you attempt to connect
add action=dst-nat chain=dstnat disabled=no dst-port=3307 in-interface=pppoe-arnet protocol=tcp to-addresses=192.168.73.105
by rjickity
Wed Aug 29, 2012 3:45 am
Forum: General
Topic: Firewall scheduler question...
Replies: 3
Views: 878

Re: Firewall scheduler question...

I use 2 filter rules (one on each side of your time window) with a src-address list currently. Assuming you want the other hosts on the network to function. I imagine another way you could do it is a filter rule to accept marked packets and then a deny all after that. Then 2 mangle rules to mark the...
by rjickity
Mon Aug 27, 2012 2:50 pm
Forum: General
Topic: PCQ with priority - mangle causing timeouts
Replies: 1
Views: 1154

PCQ with priority - mangle causing timeouts

I have a router connected to the internet via pppoe-client over a bridge ADSL modem. I have setup pcq queues and prioritised them following the pcq article however users on the LAN experience webpages timeing out/partially loading when the mangle rules are active. If i disable the mangle, all flows ...
by rjickity
Tue Aug 14, 2012 4:57 pm
Forum: Beginner Basics
Topic: 493G Bricked
Replies: 2
Views: 566

Re: 493G Bricked

make sure you set the console connection to the correct settings: 115200bit/s, 8 data bits, 1 stop bit, no parity, flow control=none by default. what it boot and see what happens. my 493G has failed 5 times in total, each time with a Kernel panic (even if i wasn't upgrading) since about 5.16 and its...
by rjickity
Tue Aug 14, 2012 4:50 pm
Forum: General
Topic: RB1200 Packetloss issue
Replies: 13
Views: 3775

Re: RB1200 Packetloss issue

would be nice if they do, will be good to have 10 ports on the units :P
by rjickity
Mon Aug 13, 2012 3:35 pm
Forum: General
Topic: LLQ required
Replies: 66
Views: 17136

Re: LLQ required

+1 here :)
by rjickity
Sat Jul 28, 2012 1:54 pm
Forum: General
Topic: IPSec Connection Issue [Mikrotik<->FortGate]
Replies: 4
Views: 5483

Re: IPSec Connection Issue [Mikrotik<->FortGate]

double check your secrets. If it is complex secret, attempt a simple 'abc123' and see what happens. If it still occurs debug both and see what they are seeing.

Sent from my GT-I9100 using Tapatalk 2
by rjickity
Wed Jul 25, 2012 6:37 am
Forum: Scripting
Topic: Net lockdown script?
Replies: 1
Views: 574

Re: Net lockdown script?

You can apply time windows to firewall entries. This with packet marking of relevant traffic is quite useful

Sent from my GT-I9100 using Tapatalk 2
by rjickity
Mon Jul 23, 2012 11:36 am
Forum: General
Topic: IpSec with cisco problem!
Replies: 9
Views: 1115

Re: IpSec with cisco problem!

I use ipsec encryption over ip-ip tunnel from a RB1200 to a 7301. Too many problems with tunnel mode
by rjickity
Thu Jul 19, 2012 5:41 pm
Forum: General
Topic: v5.19 released
Replies: 57
Views: 21331

Re: v5.19 released

Please update changelog. 5.19 include 2.41 http://wiki.mikrotik.com/wiki/RouterBOOT_changelog No NV2 changes? We have still problem with disconnect... :( not for all devices. RouterBOOT upgrade is issued per-device, not universally for all. Is there a way we can see the changelog for 2.41 ? for us ...
by rjickity
Wed Jul 18, 2012 2:52 pm
Forum: General
Topic: Firewall Rules using host name
Replies: 4
Views: 3282

Re: Firewall Rules using host name

what's the purpose of using it by hostname ?

Are you dns loadbalancing or are your servers filtering on http headers ? Or is it something else
by rjickity
Mon Jul 09, 2012 12:37 pm
Forum: General
Topic: Curiosity: What does Mikrotik use internally?
Replies: 5
Views: 1121

Curiosity: What does Mikrotik use internally?

Hi Mikrotik (or normis :) ),

I'm just curious, what network devices do you use internally in your company office/datacenter? Not including testing, random rb's on desks.

What runs on the company network ?
by rjickity
Mon Jul 09, 2012 12:28 pm
Forum: General
Topic: 3 line MLPPP working; but speed issue
Replies: 29
Views: 5207

Re: 3 line MLPPP working; but speed issue

I've not had the pleasure of having mlppp but i'd check a few things. 1. have you tested throughput on just one of the lines ? 2. what is your cpu usage like on the router? 3. Are you sure that server is has the capability to put out that throughput ? maybe try a few concurrent services from varying...
by rjickity
Mon Jun 25, 2012 2:57 pm
Forum: General
Topic: How to access RB750GL remote webaccess
Replies: 4
Views: 762

Re: How to access RB750GL remote webaccess

ensure the service is active.
/ip service enable www
set your firewall to allow it, ether1 as an example in this case (tip: maybe restrict by source ip for extra security)
add chain=input comment="Allow Web" dst-port=80 in-interface=ether1 protocol=tcp
make sure you have a strong password !
by rjickity
Wed May 23, 2012 4:58 pm
Forum: General
Topic: Upgrade RB1200 from 5.11 to 5.16 Any known Issues?
Replies: 2
Views: 572

Re: Upgrade RB1200 from 5.11 to 5.16 Any known Issues?

I'm running 2 in production on 5.16. No problems have been noticed here...
by rjickity
Mon Apr 23, 2012 1:00 pm
Forum: Beginner Basics
Topic: Port forwarding impossible
Replies: 30
Views: 3860

Re: Port forwarding impossible

@ditonet

you're correct, my mistake. at times i forget mikrotiks packet flow...

@dod84

specifying the in-interface should be all you need. Could you provide an /ip address print and also show the server ip configuration ?
by rjickity
Sun Apr 22, 2012 6:01 pm
Forum: Beginner Basics
Topic: Port forwarding impossible
Replies: 30
Views: 3860

Re: Port forwarding impossible

You need to add that port into your ip firewall filter config. It is being dropped before nat
by rjickity
Thu Apr 19, 2012 12:58 pm
Forum: General
Topic: Intervlan routing between 2 VLAN in mikrotik
Replies: 3
Views: 7669

Re: Intervlan routing between 2 VLAN in mikrotik

Can you show the bridge configuration ?

your vlan2 isn't in a running state
by rjickity
Tue Apr 17, 2012 5:03 pm
Forum: General
Topic: IPSec VPN latency issues
Replies: 5
Views: 1506

Re: IPSec VPN latency issues

It is worth trying other ports on this unit:

http://forum.mikrotik.com/viewtopic.php?f=2&t=60436
by rjickity
Tue Apr 17, 2012 8:18 am
Forum: General
Topic: IPSec VPN latency issues
Replies: 5
Views: 1506

Re: IPSec VPN latency issues

What ethernet ports are you using for your wan on the RB1200 ? i was having latency problems with mine which was running on ether10. after i changed it over to ether5 it no longer occured
by rjickity
Mon Apr 16, 2012 8:59 am
Forum: General
Topic: EoIP and Bonding behind nat
Replies: 2
Views: 1572

Re: EoIP and Bonding behind nat

/ip address add address=10.4.8.254/24 comment="LAN bridge" interface=ether1 add address=x.x.x.x/30 comment="bridge to ESX" interface=Bridge-ESX add address=10.4.0.3/31 comment="Tunnel to QV1" interface=tun1 add address=10.5.0.254/32 comment="LAB 1 Network" interface=LAB1 network=10.5.0.0 add addres...
by rjickity
Sat Apr 14, 2012 11:21 am
Forum: RouterBOARD hardware
Topic: RB751U-2HnD - poor wireless performance & problems
Replies: 113
Views: 114080

Re: RB751U-2HnD - poor wireless performance & problems

I have just tested on the same frequency with the same hosts on a tplink 1043nd and the throughput was a pretty consistent ~100mbps with 1-3ms latency for 10+ minutes.

This unit was half the price of the 751u and has gig interfaces :-( I may have to just use that instead and shelf the 751u
by rjickity
Sat Apr 14, 2012 10:10 am
Forum: RouterBOARD hardware
Topic: RB751U-2HnD - poor wireless performance & problems
Replies: 113
Views: 114080

Re: RB751U-2HnD - poor wireless performance & problems

im also experiencing poor performance. i have been testing all different configurations on this, this unit was meant to be a simple access point in a home environment indoors. It was put in purely to stream media from the lan to wireless clients and it has failed. I have a bridge with ether1 and wla...
by rjickity
Fri Apr 13, 2012 3:28 am
Forum: General
Topic: what happened to pptp and l2tp
Replies: 2
Views: 391

Re: what happened to pptp and l2tp

when you upgraded, ensure you installed/activated the ppp and security packages. check under /system packages print for the status of them
by rjickity
Thu Apr 12, 2012 4:03 pm
Forum: General
Topic: EoIP and Bonding behind nat
Replies: 2
Views: 1572

EoIP and Bonding behind nat

Hi, I have the following: SiteA RB1200 with the following pppoe connections over DSL from the same provider wan1 - pppoe1 over ether 5 wan2 - pppoe2 over ether 6 wan3 - pppoe3 over ether 7 lan - ether1 SiteB x86 mikrotik sitting in a DMZ with 1:1 nat wan - ether1 (private IP with public address natt...
by rjickity
Fri Mar 30, 2012 6:08 pm
Forum: General
Topic: ether2 doesn't talk with ether1
Replies: 2
Views: 626

Re: ether2 doesn't talk with ether1

Your networks are probably fine. Dont specify the interface on the general tab.

click on advanced and set your src-address (in your case 192.168.2.1) and then perform the ping.
by rjickity
Fri Mar 30, 2012 12:51 pm
Forum: SwOS
Topic: Mikrotik switch with more ports
Replies: 18
Views: 13079

Re: Mikrotik switch with more ports

For us to sell more Mikrotik Switches we would need to see: ... - 802.3af POE on the 8/24 port models to power phones For us I believe this would be completely necessary, if it is PoE and it isn't 802.3af then they will never be successful in smb->corporate. Along with this they would need to suppo...
by rjickity
Thu Mar 29, 2012 11:59 am
Forum: Beginner Basics
Topic: 2 simple queues, one is wrong direction ?
Replies: 1
Views: 449

Re: 2 simple queues, one is wrong direction ?

does anyone have any idea why this would occur?
by rjickity
Mon Mar 26, 2012 7:56 am
Forum: Beginner Basics
Topic: 2 simple queues, one is wrong direction ?
Replies: 1
Views: 449

2 simple queues, one is wrong direction ?

Hi, I have the following queues that i've put in as i have a pair of bridged modems that seem to crash when data is sent through faster than their dsl connection is (assuming a bad buffer or something) so i wanted to force the buffer on my mikrotik instead, i've set the bandwidth according to the AD...
by rjickity
Fri Mar 23, 2012 11:55 am
Forum: General
Topic: RB1200 Packetloss issue
Replies: 13
Views: 3775

Re: RB1200 Packetloss issue

I have 2 RB1200's and the port 9 and 10 both see erratic packet behaviour. despite upgrades i have just decided to not use these ports on these units.
by rjickity
Thu Mar 22, 2012 4:14 pm
Forum: General
Topic: IPsec not coming back after link failure
Replies: 1
Views: 260

IPsec not coming back after link failure

Hi, I have a rb1200 router it is laid out like so: dsl modem --- eth9 --- pppoeclient This provides internet. I have an ip tunnel to another site and ipsec encapsulation running over that. If the pppoe client drops, the tunnel drops however it doesn't come back up. If i flush the SA's it still does ...
by rjickity
Fri Feb 24, 2012 10:26 am
Forum: RouterBOARD hardware
Topic: More 3g routers
Replies: 3
Views: 800

Re: More 3g routers

I could however i'm looking at some a little more industrial type, something that can be mounted in a rack to be more specific, it is for a project where it will be moved in the rack to various locations along with a bevy of other equipment. Each of the places will have various access methods though...
by rjickity
Thu Feb 23, 2012 3:49 pm
Forum: RouterBOARD hardware
Topic: More 3g routers
Replies: 3
Views: 800

More 3g routers

Are there any plans for more router with builtin 3g ? the 411UAHR is great but it would be good to have an RB with another ethernet interface or maybe 5 with a switch chip.
by rjickity
Wed Feb 22, 2012 3:28 pm
Forum: General
Topic: IPSEC road warrior config help
Replies: 8
Views: 2974

Re: IPSEC road warrior config help

Could you post your config ? i've not had any success with roadwarrior ipsec on mt either.
by rjickity
Sun Feb 05, 2012 10:24 am
Forum: Forwarding Protocols
Topic: OSPF routes unreachable
Replies: 1
Views: 1203

OSPF routes unreachable

Hi folks, We're running into a strange problem of OSPF-learnt routes being marked as unreachable in the routing table. Our goal is to setup basic redundant connectivity for a branch office using two Internet connections and OSPF over IPSec/IPIP tunnels. In the data centre we have a Cisco 7301 runnin...
by rjickity
Mon Jan 30, 2012 2:30 pm
Forum: Beginner Basics
Topic: RB493G as ordinary router
Replies: 5
Views: 2504

Re: RB493G as ordinary router

Create a new bridge, and assign both the wlan and the master port for the switch chip (eth2 as a default for an example) It's important to remember the RB493G has 2 switch chips, so you will have 2 groups of switching: Switch1 Eth2,eth3,eth4,eth5 Switch2 Eth1,eth6,eth7,eth8,eth9 Setup your ethernet ...
by rjickity
Mon Jan 30, 2012 9:00 am
Forum: Beginner Basics
Topic: RB493G as ordinary router
Replies: 5
Views: 2504

Re: RB493G as ordinary router

Irootsk,

you'll need to create a bridge interface for your wifi <-> LAN ports. The ports should already be switched out of the box from memory.

If you are still having problems maybe send through an /export compact and post it up here
by rjickity
Fri Jan 27, 2012 12:33 pm
Forum: General
Topic: New installed RB450G with VDSL 50/10MBit no traffic possible
Replies: 4
Views: 3269

Re: New installed RB450G with VDSL 50/10MBit no traffic poss

the example screenshot from the vodafone unit seems like it could be a QinQ tagging on the VDSL router.

Once the PPPoE is established you could torch the interface and see if it is getting frames with another VLAN ID maybe ?
by rjickity
Thu Jan 26, 2012 5:03 am
Forum: General
Topic: v5.12 released
Replies: 144
Views: 25214

Re: v5.12 released

Cannot UPGRADE RB493G to v5.12 from v5.11 NOPE >>> as you can see the *.npk files ACTUALLY was not on the SD card, they are on the MAIN rboard... And I tell you why - after rebooting it attempted the upgrade - BUT NOW >>>> after rebooted the RB, (and also even upgraded the bios FW again after sever...
by rjickity
Sat Jan 21, 2012 6:54 am
Forum: General
Topic: SIP problem
Replies: 2
Views: 1839

Re: SIP problem

How is this network laid out ? All of these devices have different ips.

Try just the MikroTik with your sip reg ports specified in the services section (in your case 5075,5076.

Sent from my GT-I9100 using Tapatalk
by rjickity
Wed Jan 18, 2012 4:40 pm
Forum: Wireless Networking
Topic: WDS interface activity
Replies: 1
Views: 600

Re: WDS interface activity

If i switch to 5ghz-A only i do not see this behaviour.
by rjickity
Wed Jan 18, 2012 3:15 pm
Forum: Wireless Networking
Topic: WDS interface activity
Replies: 1
Views: 600

WDS interface activity

Hi All, I'm new to the wifi links on mikrotik so i'm hoping for a bit of light on this. I'm attempting to create a transparent WDS bridge and i'm having throughput issues. I've created a WDS link by creating the following: AP1 - Omnitik /interface wireless set 0 adaptive-noise-immunity=none allow-sh...
by rjickity
Tue Jan 17, 2012 5:15 am
Forum: RouterBOARD hardware
Topic: RB493G Crash - Kernel Panic
Replies: 2
Views: 3871

Re: RB493G Crash - Kernel Panic

i remember seeing quite a few bad blocks (5% ?) before this unit crashed. should i format the nand to try and fix the bad blocks ?
by rjickity
Mon Jan 16, 2012 3:51 pm
Forum: RouterBOARD hardware
Topic: RB493G Crash - Kernel Panic
Replies: 2
Views: 3871

RB493G Crash - Kernel Panic

Hi, I've had a RB 493G for about a year now and this is the third time this has happened. For no apparent reason after running for ~3 months the RB dies and never comes back. connecting a console i see: RouterBOOT booter 2.38 RouterBoard 493G CPU frequency: 680 MHz Memory size: 256 MB Press any key ...
by rjickity
Sun Jan 15, 2012 8:06 am
Forum: General
Topic: ROS 5.11 IPSEC issue - Will establish tunnel but no traffic
Replies: 4
Views: 648

Re: ROS 5.11 IPSEC issue - Will establish tunnel but no traf

Need config from both sides:

-Interfaces
-Firewall rules
-IPsec config
-Routing table
by rjickity
Fri Jan 13, 2012 7:43 am
Forum: SwOS
Topic: Future of SwOS products?
Replies: 8
Views: 4835

Re: Future of SwOS products?

Do we have any indication of the future of SwOS ? it seems as though it has been left in the dark
by rjickity
Fri Jan 13, 2012 7:42 am
Forum: General
Topic: ROS 5.11 IPSEC issue - Will establish tunnel but no traffic
Replies: 4
Views: 648

Re: ROS 5.11 IPSEC issue - Will establish tunnel but no traf

are you able to provide a config export to us?
by rjickity
Wed Jan 11, 2012 3:34 am
Forum: RouterBOARD hardware
Topic: Routerboard SXT Ethernet port and enclosure
Replies: 2
Views: 733

Re: Routerboard SXT Ethernet port and enclosure

Also are the units made from a UV resistant plastic? I have a few that are going to be deployed in country Australia.
by rjickity
Tue Jan 10, 2012 6:05 am
Forum: General
Topic: Mikrotik dropping connections
Replies: 0
Views: 392

Mikrotik dropping connections

Hi All, I have a rb750g and it appears to be dropping tcp connections. It was operating fine up until about a week or so ago (no changes were done). It was running ros 5.8 but i upgraded to 5.11 and the problem still persists. I have: -DSL modem bridged on ether1 -ppp running over that -ether2 lan T...
by rjickity
Mon Jan 09, 2012 2:04 pm
Forum: RouterBOARD hardware
Topic: Routerboard SXT Ethernet port and enclosure
Replies: 2
Views: 733

Routerboard SXT Ethernet port and enclosure

This is a great little unit but i was wondering if anyone finds the proximity from the ethernet port to the latch cover a little frustrating ? Just a bit of design feedback. It's so tight that you cant use any prefabbed cables as they usually have rubber guarding of some sort on the pair so you have...
by rjickity
Mon Jan 09, 2012 1:15 pm
Forum: General
Topic: Pre routing and multi wan and ipsec
Replies: 1
Views: 667

Re: Pre routing and multi wan and ipsec

for anyone that is interested, i worked around this by excluding the other subnets, defined in the destination path in the mangle selection: 86 ;;; Mark prerouting - PPP2 chain=prerouting action=mark-routing new-routing-mark=Route-PPP2 passthrough=yes src-address=10.4.8.0/24 dst-address=!10.4.0.0/21
by rjickity
Thu Jan 05, 2012 10:50 am
Forum: General
Topic: Pre routing and multi wan and ipsec
Replies: 1
Views: 667

Pre routing and multi wan and ipsec

Hi, I'm trying to route a specific subnet out a particular interface, however when i do it routes everything and forgets about the other routes to a subnet via an ip tunnel. Local subnet = 10.4.8.0 Remote subnets = 10.4.0.0/21 WAN = ppp2 I mark the packets with the following add action=mark-routing ...
by rjickity
Thu Jan 05, 2012 10:35 am
Forum: General
Topic: Erratic latency RB1200 and IPsec multi wan
Replies: 1
Views: 474

Re: Erratic latency RB1200 and IPsec multi wan

update:
I upgraded to ros 5.11 and the latency problems aren't apparent anymore.

Now I need to figure out the routing problem, still cant see why it's happening.
by rjickity
Thu Jan 05, 2012 8:08 am
Forum: General
Topic: Erratic latency RB1200 and IPsec multi wan
Replies: 1
Views: 474

Erratic latency RB1200 and IPsec multi wan

Hi, I have a RB1200 with v5.7 with the following configuration: eth10 - DSL modem ppp1 - over this interface to ISP1 eth9 - DSL modem ppp2 - over this interface to ISP2 eth1 - LAN I have been running with this for approx 2.5 months without a problem with minimal traffic going over ppp2/eth9 (10-20kb...
by rjickity
Fri Dec 30, 2011 7:34 am
Forum: The Dude
Topic: Define alternative Winbox port
Replies: 10
Views: 8011

Re: Define alternative Winbox port

is there any way to define an alternative port for this yet?

I have a few customers with multiple mikrotiks natt'd behind a single IP across various port ranges, being able to set this in the dude software would make managing them so much easier !
by rjickity
Mon Dec 19, 2011 1:12 pm
Forum: General
Topic: Historical RouterOS
Replies: 4
Views: 657

Re: Historical RouterOS

Thank you mario, very helpful :)
by rjickity
Fri Dec 16, 2011 4:42 pm
Forum: General
Topic: Historical RouterOS
Replies: 4
Views: 657

Historical RouterOS

Hey Guys,

Is there a way to obtain previous versions of RouterOS ? This would be quite handy for roll back purposes.
by rjickity
Thu Nov 10, 2011 3:35 pm
Forum: RouterBOARD hardware
Topic: Aggregate PDU for mikrotik
Replies: 0
Views: 370

Aggregate PDU for mikrotik

It would be great if there was an option to provide PoE injection to multiple devices from a single power source. If you are powering 5+ devices from a central location having multiple transformers and injectors its begins to get unruly. Rack mount would be a bonus ! I would use a PoE switches howev...
by rjickity
Thu Nov 10, 2011 3:23 pm
Forum: SwOS
Topic: 16/32/48 ports
Replies: 51
Views: 20168

Re: 16/32/48 ports

I will buy a higher density switch definately! A rackmount 24 port switch would be perfect

just make sure you have ample ASIC's mikrotik ;)
by rjickity
Thu May 26, 2011 9:22 am
Forum: RouterBOARD hardware
Topic: New Products
Replies: 188
Views: 28698

Re: New Products

My RB1200's have been sent out today. I can't wait to test them out !
Does anyone have a link to the pdf of the new products? The ones in this thread are not currently working for me.
by rjickity
Tue Dec 21, 2010 3:48 pm
Forum: Beginner Basics
Topic: PPPoE client, bridged modem and switched routerboard ports
Replies: 4
Views: 1481

Re: PPPoE client, bridged modem and switched routerboard por

The issue was with incorrect password :( so it was my fault.... shameful... I didn't realize until i ran a ping and reestablished the connection, there was an icmp reply of admin prohibited followed by timeouts. It was only at this point i realised... The ISP provides a 'playpen' for incorrect crede...
by rjickity
Mon Dec 20, 2010 3:14 am
Forum: Beginner Basics
Topic: PPPoE client, bridged modem and switched routerboard ports
Replies: 4
Views: 1481

Re: PPPoE client, bridged modem and switched routerboard por

-My switch is currently setup that way (im only using ports 2-5 for the moment on this routerboard) -The logical bridge interface has ether2 assigned to it. -I haven't tried assigning the physical interface for the PPPoE connection, although on my other routerboard i use the bridge interface and it ...
by rjickity
Sun Dec 19, 2010 6:30 pm
Forum: Beginner Basics
Topic: PPPoE client, bridged modem and switched routerboard ports
Replies: 4
Views: 1481

PPPoE client, bridged modem and switched routerboard ports

I have a routerboard 493G and it doesn't seem to be routing over my PPPoE connection. I have: ADSL modem (bridged) ----- RB493G Ether2 Server1-------------------- RB493G Ether3 - slave to ether2 server2-------------------- RB493G Ether4 - slave to ether2 server3-------------------- RB493G Ether5 - s...
by rjickity
Sun Dec 19, 2010 6:11 am
Forum: RouterBOARD hardware
Topic: RB493G features and first impressions
Replies: 37
Views: 14292

Re: RB493G features and first impressions

I thought as much, its a bit misleading as it's suggests that's it's the system temperature. I took a heat reading directly from the CPU and i was getting 39 degrees but routerOS was telling me 49 degrees. Granted it is via the base of the heatsink so it wouldn't be 100% on the money, but it wouldn'...
by rjickity
Thu Dec 16, 2010 8:28 am
Forum: RouterBOARD hardware
Topic: RB493G features and first impressions
Replies: 37
Views: 14292

Re: RB493G features and first impressions

I just got my board ! i love the form factor of routerboards :) one thing i too have noticed is the temperature sensor is reporting 48 degrees and it is currrently open in a room that is currently 20 degrees. seems excessive. i'll be measuring the board temps with my IR thermo when i get home to con...
by rjickity
Wed Dec 01, 2010 8:18 am
Forum: RouterBOARD hardware
Topic: RB493G features and first impressions
Replies: 37
Views: 14292

Re: RB493G features and first impressions

Any suggestions on where i can get a hold of this unit ? I've been holding out since it was announced but have no idea who is stocking them. I'm located in Aus so generally i have to order from overseas anyway....

Edit: Also does anyone have any info on power consumption of these units ?
by rjickity
Mon Jul 19, 2010 5:10 pm
Forum: General
Topic: RB750G Nat and SSH
Replies: 4
Views: 2983

Re: RB750G Nat and SSH

wow ok...

i removed the to-port and it is working/continuing to work. I'll keep trying to replicate it, if i specify the to-port than it breaks straight away :/
by rjickity
Sat Jul 17, 2010 10:59 am
Forum: General
Topic: RB750G Nat and SSH
Replies: 4
Views: 2983

RB750G Nat and SSH

Hi All, I've just discovered mikrotik and routeros so i am very new to them. My friend highly recommended them. I've been a cisco + linux guy for a while now so routeros feels very nice to use. I have a very obscure problem with my setup. I am trying to simply creat a nat rule for a host on my LAN f...