Community discussions

Search found 212 matches

by rjickity
Tue Jan 08, 2019 8:49 am
Forum: RouterBOARD hardware
Topic: RB4011 wireless performance?
Replies: 26
Views: 3066

Re: RB4011 wireless performance?

How many AP's do you plan to install? aside from a singular AP performance, it's probably more relevant to assess the controller function and features along with the radio performance. The controller function and features along with the client compatibility unfortunately go hard against mtk enterpri...
by rjickity
Mon Jul 23, 2018 1:26 am
Forum: General
Topic: new vulnerability? [SOLVED]
Replies: 5
Views: 2520

Re: new vulnerability? [SOLVED]

Yes this is the with box vulnerability from April. You must patch to current as it was fixed in 6.42.1 About 26 hours ago i had a router exploited and it left the same traces (socks enabled, filter rule position 0 allowing winbox, script fetching that PHP file on schedule). it seems very much like s...
by rjickity
Mon May 15, 2017 9:46 am
Forum: General
Topic: IP Cloud clock drift
Replies: 3
Views: 475

IP Cloud clock drift

/ip cloud appears to be getting clock drift. noticed it on some routers: With IP cloud: /system clock print time: 06:51:41 date: may/15/2017 time-zone-autodetect: no time-zone-name: manual gmt-offset: +00:00 dst-active: no Approx 8 minutes ahead of time Add sntp configuration to an ntp.org pool and ...
by rjickity
Fri Sep 30, 2016 1:51 pm
Forum: Announcements
Topic: v6.38rc [release candidate] is released
Replies: 331
Views: 73451

Re: v6.38rc [release candidate] is released

STP and LLDP, look out !
by rjickity
Thu Dec 10, 2015 2:46 am
Forum: Virtualization
Topic: Cloud Hosted Router
Replies: 583
Views: 183987

Re: Cloud Hosted Router

Instead fixing bugs, Mikrotik trying to sale the air. I use RouterOS as ESXi guest for over 3 years without stupid 1Mbit limitations. CHR is essentially fixing bugs and broadening platforms for the x86 architecture. If you want more bandwidth then pay the extremely cheap price it costs to do so (wh...
by rjickity
Sun Sep 06, 2015 11:24 am
Forum: RouterBOARD hardware
Topic: hAP lite housing
Replies: 21
Views: 3848

Re: hAP lite housing

I think this design is fine for home users, they expect small pretty devices that don't stick out in the home. For smb/pro a redesigned casing for hAP AC and other mid range products have wall mount capability and focus on functionality over aesthetics. The current casings are a bit dated but realis...
by rjickity
Fri Sep 04, 2015 3:35 pm
Forum: RouterBOARD hardware
Topic: hAP lite housing
Replies: 21
Views: 3848

hAP lite housing

Looks like the enclosure has been redesigned:

http://routerboard.com/RB941-2nD-TC

Looks much nicer, more consumer. Is the plan to roll out this new look and feel across all models?
by rjickity
Wed Jun 10, 2015 3:59 pm
Forum: General
Topic: ASIC based Spanning Tree
Replies: 3
Views: 993

Re: ASIC based Spanning Tree

fair call i guess, possibly not the best worded. The theory of utilizing the switching hardware to execute stp remains the same. there needs to be a an option which doesn't incorporate a software bridge
by rjickity
Mon Jun 08, 2015 3:22 pm
Forum: General
Topic: ASIC based Spanning Tree
Replies: 3
Views: 993

ASIC based Spanning Tree

Is there any reason why mikrotik doesn't expose at least RSTP in their switch chips? all of their switch products are severely hindered by lack of spanning tree. RSTP is needed at a minimum in order to even have the mikrotik switch lineup as a true option. From what i see almost every chip in use su...
by rjickity
Mon Jun 08, 2015 2:34 am
Forum: Beginner Basics
Topic: Configuration Troubles on CCR / CRS / CRS (LACP, Masterport, VLANs)
Replies: 4
Views: 1959

Re: Configuration Troubles on CCR / CRS / CRS (LACP, Masterport, VLANs)

yes that seems correct for the trunking, can you see the load balancing happening on the crs ports in the trunk now ? you want to do it on both sides of the link (like you have).

The master port is fine, it just tells the ports where the grouping is on the asic for switching.
by rjickity
Sun Jun 07, 2015 6:54 pm
Forum: Beginner Basics
Topic: Configuration Troubles on CCR / CRS / CRS (LACP, Masterport, VLANs)
Replies: 4
Views: 1959

Re: Configuration Troubles on CCR / CRS / CRS (LACP, Masterport, VLANs)

First things first, you'll want to move away from LACP in the mikrotik world, their switches dont support it in hardware. So you'll want something like this for your trunks: CRS: /interface ethernet set ether3 master-port=ether2 set ether4 master-port=ether2 /interface ethernet switch trunk add name...
by rjickity
Thu May 21, 2015 3:44 pm
Forum: RouterBOARD hardware
Topic: RB1100x2 Reboots
Replies: 9
Views: 1200

Re: RB1100x2 Reboots

i had one reboot consecutively 5 times out of no where a few weeks ago. same situation, on UPS with no power events and logs shows the same. running 6.27. Still no idea what happened and support files show nothing.
by rjickity
Mon May 18, 2015 1:54 am
Forum: Forwarding Protocols
Topic: Bonding Two ADSL Lines over VPN
Replies: 11
Views: 3331

Your bonding interface is treated as your wan now. You will need to use your server side router for egress. So you should set your default route with the server side IP as your gateway. Make sure you don't have defaults on each connection, add in a specific route for each connection -> server so tha...
by rjickity
Fri May 15, 2015 3:36 pm
Forum: Forwarding Protocols
Topic: Bonding Two ADSL Lines over VPN
Replies: 11
Views: 3331

Re: Bonding Two ADSL Lines over VPN

from your diagram, if it's just for IP traffic, you would be able to acheive this by: 1. ipsec transport on each connection to the server peer 2. eoip tunnel on connection, accross each ipsec sa 3. create bonding interface with the eoip tunnels as members This should get you the result with a bit of...
by rjickity
Sun May 10, 2015 4:50 am
Forum: General
Topic: IPSec Connection Issue [Mikrotik<->FortGate]
Replies: 4
Views: 5366

Sorry I don't quite understand. Your ipsec policy will be what defines your traffic for encryption (SRC and DST addressing which from your initial policy is a single host on the MikroTik side and a small subnet on the fortigate side). When you say you cannot access from the WAN I would think that's ...
by rjickity
Sun May 10, 2015 4:44 am
Forum: Beginner Basics
Topic: VPN for 11 sites
Replies: 18
Views: 2399

You need to create direct tunnels between client 1 and client 2 in addition to client1 to main site, client2 to main site etc. This way client1-client2 traffic doesn't traverse the main site.
by rjickity
Fri Apr 17, 2015 4:27 pm
Forum: Wireless Networking
Topic: PTP bridge link in home
Replies: 4
Views: 750

Re: PTP bridge link in home

as strange as this might seem, i have done this exact thing a while ago due to not having the ability to run cabling within the house. 200Mbit throughput was not hard to obtain through the cement slab and piping etc. this was with a rb711 and antenna and a rb493G with a 52Hn card in 5Ghz. It perform...
by rjickity
Fri Apr 17, 2015 4:09 pm
Forum: Beginner Basics
Topic: VPN for 11 sites
Replies: 18
Views: 2399

Re: VPN for 11 sites

Go direct client to client. not hub and spoke. Work with multiple tunnels, to create a mesh

In cisco land (even vyos now) DMVPN would be the answer, in mkt land - you deal with a lot of configuration for a similar outcome.
by rjickity
Wed Apr 15, 2015 2:35 pm
Forum: General
Topic: v6.28 will be released this week!
Replies: 72
Views: 18511

Re: v6.28 will be released this week!

have their been any .ac related fixes in 6.28 ?

also is there a wireless-cm2 package for 6.28 ?

edit: romon is very interesting, i like the proxy winbox functionality with romon + new winbox. I can see how this could be quite powerful, i hope its heavily developed
by rjickity
Wed Jan 28, 2015 1:51 pm
Forum: General
Topic: IpSec VPN between MT / AZURE
Replies: 8
Views: 3929

Re: IpSec VPN between MT / AZURE

hi aeg, sorry for the late reply.

if you haven't figured out already - azure does not like ping. do not use it as diagnostic as it is always dropped.

check your sa's and make sure your byte counts are increasing and test out another protocol like ssh or rdp to your vm instance.
by rjickity
Wed Jan 21, 2015 3:02 pm
Forum: RouterBOARD hardware
Topic: IPsec performance of various models
Replies: 10
Views: 2966

Re: IPsec performance of various models

Depends on the type of tunnel....and encyption settings. Under optimal real world cobditions Single tunnel site to site... tcp nat'd/tunnel mode or ipip over ipsec/transport mode: 2011= 20Mbps ...give or take 850= 40-50Mbps 1100= 400Mbps CCR Series = 150Mbps With a 'normal' natt'd setup with 15 or ...
by rjickity
Wed Dec 17, 2014 4:47 pm
Forum: General
Topic: IpSec VPN between MT / AZURE
Replies: 8
Views: 3929

Re: IpSec VPN between MT / AZURE

mikrotik isn't technically supported by azure ;) i just grab the prebuilt cisco configs from the generator, apply your ios=ros translation skills. Here's a sanatised snip from a working azure setup i've got running for a traditional site-to-site tunnel: /ip ipsec proposal add disabled=yes enc-algori...
by rjickity
Wed Sep 03, 2014 5:14 am
Forum: RouterBOARD hardware
Topic: New hardware - mAP
Replies: 153
Views: 49578

Re: New hardware - mAP

i have 2x mAP's here but the 802.3af must be magic as it hasn't worked on any of my cisco 3560's... powers via passive no problems but definitely no dice from 802.3af switch edit: looks like its not just me http://forum.mikrotik.com/viewtopic.php?f=3&t=88451&p=445434&hilit=map+mode#p445434 well gues...
by rjickity
Sat Aug 30, 2014 12:17 pm
Forum: General
Topic: v6.19 released
Replies: 256
Views: 92403

Re: v6.19 released

i've just noticed new vlan options in the wireless interface: /interface wireless vlan-id and vlan-mode quite handy, just out of curiosity does it use the atheros chip or is this something the CPU does (a.k.a "/interface vlan") and will this affect card -> client tagging as well as card -> CPU ? edi...
by rjickity
Mon Aug 18, 2014 5:21 pm
Forum: General
Topic: PPoE Fail over from Non Mikrotik Router AKA cisco 881
Replies: 3
Views: 881

Re: PPoE Fail over from Non Mikrotik Router AKA cisco 881

What sort of failure on the Cisco are you trying to accommodate ? It seems very bizzare this situation as surely the 881 won't just break for no reason. The only thing I can think of without absolute crazy scripting is vrrp for the 2 units and on the MKT have an master-up script to enable pppoe inte...
by rjickity
Thu Aug 14, 2014 6:52 pm
Forum: General
Topic: CCR cannot perform routing
Replies: 9
Views: 1252

Re: CCR cannot perform routing

Sounds like maybe you forgot srcnat masquerading for your wan connection. Put your config up here and ppl will be able to assist
by rjickity
Thu Jun 05, 2014 3:28 am
Forum: General
Topic: How block OS Windows
Replies: 39
Views: 7592

Re: How block OS Windows

Any purely firewall/edge solution will be flawed for this. for a network based solution you would need to look at something like NAP/NAC with 802.1x switches. Hopefully there's a windows server on the network at least? otherwise you're going to be up for some expensive ci$co gear. Depending on how m...
by rjickity
Wed Jun 04, 2014 2:38 pm
Forum: General
Topic: How block OS Windows
Replies: 39
Views: 7592

Re: How block OS Windows

While you can't really do it directly you could put in some measures to detect. 1. Log windows-like activity such as NetBIOS discovery and add the SRC addresses To a list which you then drop. 2. Use layer 7 and interrogate http headers to find the OS ? Both are far from precise and clutching at stra...
by rjickity
Wed Jun 04, 2014 5:54 am
Forum: Wireless Networking
Topic: CAPs Manager
Replies: 165
Views: 55565

Re: CAPs Manager

I cant seem to have any caps on 40Mhz, each time i configure 40Mhz in 2.4 or 5ghz the cap interfaces report "-unsupported channel". If i swap the 2ghz channel config to 20Mhz it establishes straight away. /caps-man channel add band=5ghz-a/n/ac name=5ghz width=40 add band=2ghz-onlyn name=2ghz width=2...
by rjickity
Thu May 01, 2014 4:56 pm
Forum: General
Topic: SSTP and Windows Radius Server
Replies: 2
Views: 1897

Re: SSTP and Windows Radius Server

Check your encryption settings.

MikroTik - you profiles (match what you have in windows, mostly likely set encryption to 'required')

Windows - check you NPS network policy that it is matching and ensure you have supported encryption methods in there
by rjickity
Fri Mar 07, 2014 12:56 pm
Forum: Wireless Networking
Topic: Do fog affect wireless signal connectivity?
Replies: 15
Views: 4417

Re: Do fog affect wireless signal connectivity?

can you place a mast somewhere offside of the wind farm ?

you could maybe put an omni on each turbine in a mesh config and hand off to a side mast which can then give a fixed ptp to the office 5km away
by rjickity
Wed Feb 19, 2014 6:49 am
Forum: Wireless Networking
Topic: Mikrotik Wireless Controller
Replies: 54
Views: 16950

Re: Mikrotik Wireless Controller

nice article, looks very promising. when can we start beta testing ?? :D
by rjickity
Wed Feb 05, 2014 1:27 pm
Forum: Beginner Basics
Topic: I'm in WAAAAAY over my head
Replies: 6
Views: 1588

Re: I'm in WAAAAAY over my head

have you added the dhcp client to ether1 where you are plugging into the modem?
by rjickity
Wed Feb 05, 2014 1:25 pm
Forum: General
Topic: RB1100 Drops packets when Queue Tree enabled ?
Replies: 21
Views: 5996

Re: RB1100 Drops packets when Queue Tree enabled ?

Zod do you see this in 6.9 still ? i am not able to upgrade the 1100's i have at the moment so i cannot check
by rjickity
Wed Feb 05, 2014 12:36 pm
Forum: RouterBOARD hardware
Topic: IPsec RB for 20Mbps symmetric?
Replies: 2
Views: 1022

Re: IPsec RB for 20Mbps symmetric?

RB1100AHx2 is your best bet. this will give you 800Mbps of ipsec and still room to move. Any of the ccr will also work and any modern x86 will also be fine. They seem like big steps but really all over the MIPS series just fall short of meeting that criteria once you load it up with a half decent fi...
by rjickity
Fri Jan 24, 2014 2:56 am
Forum: Beginner Basics
Topic: Routerboard just dont want to work | Wireless speed issue
Replies: 10
Views: 1981

Re: Routerboard just dont want to work

ah, i just read the device you have RB911G-5HPnD.

you will not be able to do a ap-bridge unfortunately with the standard mikrotik license given
by rjickity
Thu Jan 23, 2014 9:45 am
Forum: Beginner Basics
Topic: Routerboard just dont want to work | Wireless speed issue
Replies: 10
Views: 1981

Re: Routerboard just dont want to work

change wireless mode to ap-bridge
/interface wireless
set 0 mode=ap-bridge
by rjickity
Wed Jan 22, 2014 9:05 am
Forum: Beginner Basics
Topic: Need help replacing a Fortigate with MikroTik
Replies: 5
Views: 1960

Re: Need help replacing a Fortigate with MikroTik

that would be under your /ip firewall filter and you'd want to deal with it on the forward chain. bear in mind that filter foward happens after nat so IP addressing will be the translated address
by rjickity
Tue Jan 21, 2014 10:07 am
Forum: Beginner Basics
Topic: Routerboard just dont want to work | Wireless speed issue
Replies: 10
Views: 1981

Re: Routerboard just dont want to work

port your '/export compact' from the routerboard. this should give us an idea. chances are you may just need to create a bridge interface, add the wlan1 and ether1 to the bridge interface and then move your IP address and DHCP server to the bridge interface instead of the ether1. This is all assumpt...
by rjickity
Tue Jan 21, 2014 8:29 am
Forum: Beginner Basics
Topic: I'm in WAAAAAY over my head
Replies: 6
Views: 1588

Re: I'm in WAAAAAY over my head

Hey Mike, Lets start by confirming if you have internet or not. Have you managed to connect it up and get internet access? if you can could you please post an "/export compact" from the router. This can be done through telnet, ssh or via winbox or webfig by clicking on "New Terminal" and typing the ...
by rjickity
Wed Jan 08, 2014 12:39 pm
Forum: Beginner Basics
Topic: Do I really have to lose a port?
Replies: 9
Views: 2864

Re: Do I really have to lose a port?

I think i see the wiki example you refer to: A 'master' port will be the port through which the RouterOS will communicate to all ports in the group. Interfaces for which the 'master' port is specified become inactive - no traffic is received on them and no traffic can be sent out. source: http://wik...
by rjickity
Thu Dec 05, 2013 6:40 am
Forum: RouterBOARD hardware
Topic: RB1200 IPsec latency
Replies: 17
Views: 4151

Re: RB1200 IPsec latency

Unfortunately I only have an RB2011 available for the otherside at the moment. 95-105Mbit TCP both direction forwarding is achieved before i max out the rb2011uias to 100% CPU. The RB1200 maintains 40% usage at this point. You could probably safely assume at least 200Mbps i guess, just bear in mind ...
by rjickity
Tue Dec 03, 2013 4:16 pm
Forum: RouterBOARD hardware
Topic: RB1200 IPsec latency
Replies: 17
Views: 4151

Re: RB1200 IPsec latency

For what it is worth to anyone, I recently decommissioned a RB1200 and did some lab testing on this issue. on ROS 6.7 and firmware 3.10 the IPSec latency issue does not present when using the following enc algorithms in the proposal: Blowfish Twofish Camellia - 128 Camellia - 192 Camellia - 256 All ...
by rjickity
Wed Nov 27, 2013 12:05 pm
Forum: General
Topic: RB1100 Drops packets when Queue Tree enabled ?
Replies: 21
Views: 5996

Re: RB1100 Drops packets when Queue Tree enabled ?

i can confirm i'm seeing this on rb1100ahx2 with queue trees also.

getting between 1-5/1000 drops with tree's enabled. disable the trees and its fine.

ROS 6.6 and routerboot 3.02
by rjickity
Mon Nov 11, 2013 3:09 am
Forum: General
Topic: Switching with RouterOS / CRS Questions
Replies: 81
Views: 43035

Re: Switching with RouterOS / CRS Questions

I think Omega's comments are a good place to start. The tagging functionality should be straight forward on the CRS, a simple GUI window with Tag, Untag, Forbid options would be good. Alot of vendors have straight forward illustrations of this (HP, Dell and many others). Some key features I would li...
by rjickity
Sat Oct 26, 2013 4:51 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: V7 soon ?
Replies: 20
Views: 7626

Re: V7 soon ?

No not really. Lets let mikrotik focus on jobs for routers instead. Like routing, qos and security and their old favourite wireless

Sent from my GT-I9100 using Tapatalk now Free
by rjickity
Sat Oct 26, 2013 4:34 pm
Forum: General
Topic: SSTP: recvd too small packet
Replies: 33
Views: 11406

Re: SSTP: recvd too small packet

Petterg. I'm using sstp and radius for auth and 8.1 clients are connecting fine (after registry fix)

Sent from my GT-I9100 using Tapatalk now Free
by rjickity
Sat Oct 26, 2013 4:31 pm
Forum: RouterBOARD hardware
Topic: CRS vs Router
Replies: 10
Views: 5557

Re: CRS vs Router

Or what would be cool is to see the new 'special switch menu' thats mentioned on the crs product page

Sent from my GT-I9100 using Tapatalk now Free
by rjickity
Sat Oct 26, 2013 4:23 pm
Forum: RouterBOARD hardware
Topic: CRS vs Router
Replies: 10
Views: 5557

Re: CRS vs Router

Id have to agree with barkas on this. Normis, if you have 2 switch groups with different subnets on each group. Will traffic pass on the switch at wire speed between subnets ?

Sent from my GT-I9100 using Tapatalk now Free
by rjickity
Sun Oct 13, 2013 8:34 am
Forum: RouterBOARD hardware
Topic: IF RB493G speed not so fast check here :)
Replies: 2
Views: 824

Re: RB493G speed not so fast.

For things like a nas it is best to use switch chip where appropriate. Do this by specifying the master port in the interface ethernet settings and do not use a bridge interface. You will easily get 1Gbit.

Sent from my GT-I9100 using Tapatalk now Free