Community discussions

Search found 529 matches

  • 1
  • 2
by lambert
Thu Sep 19, 2019 11:44 am
Forum: Scripting
Topic: Policy required to re-"provision" CAPs.
Replies: 4
Views: 511

Policy required to re-"provision" CAPs.

I have a customer who wants to kill the guest network at certain times of the day. My script to disable the guest network does: /caps-man provisioning set 0 slave-configurations="" /caps-man remote-cap provision [find] The only difference in the enable script is that it sets the slave-configurations...
by lambert
Fri Sep 13, 2019 9:42 am
Forum: Wireless Networking
Topic: CAPsMAN with GUEST in non dhcp environment
Replies: 2
Views: 405

Re: CAPsMAN with GUEST in non dhcp environment

Add a bridge interface and tie DHCP to that? I guess it depends on your CAPsMAN datapath forwarding. If it's local, you can run your DHCP server on the CAP. If it's remote, you'll need DHCP on something with L2 connectivity to the CAPsMAN device's bridge.
by lambert
Fri Sep 13, 2019 8:50 am
Forum: RouterBOARD hardware
Topic: Hardware bandwidth limitation? [SOLVED]
Replies: 16
Views: 1568

Re: Hardware bandwidth limitation? [SOLVED]

Setting flow-control to off seems to have solved it... I have no idea why it wasn't off, is off the default? Flow control is supposed to be a good thing, if you have a limited speed (less than ethernet line rate), limited buffer depth device between you and the next hop. Whether that works out or n...
by lambert
Thu Jun 20, 2019 11:04 pm
Forum: Forwarding Protocols
Topic: OSPF 60GHz and 5GHz with two hex
Replies: 5
Views: 874

Re: OSPF 60GHz and 5GHz

Thank you. I tried but did not work. There are errors in interface names that I have corrected but are not working again. Did you bridge the radio devices? You are not giving any indication as to what did not work for you. agstek provided a config example that can be tested with ethernet replacing ...
by lambert
Sun May 05, 2019 10:11 am
Forum: General
Topic: Change default configuration
Replies: 3
Views: 345

Re: Change default configuration

Configure the router the way you want. Export and download the config. Then, put it in via netinstall.
by lambert
Sun May 05, 2019 10:07 am
Forum: General
Topic: CRS328-4C-20S-4S+ and FiberStore SFP-FE-BX SFPs
Replies: 0
Views: 218

CRS328-4C-20S-4S+ and FiberStore SFP-FE-BX SFPs

I have two CRS328-4C-20S-4S+ and the contractor supplied FiberStore SFP-FE-BX SFPs for hooking up a small neighborhood. There are RB960PGS routers on the other end. When we first hooked these up across the fiber, they auto-negotiated at 100M-full but passed no traffic. We set the SFP modules to 1Gbp...
by lambert
Wed May 01, 2019 11:49 pm
Forum: Forwarding Protocols
Topic: vpn
Replies: 4
Views: 725

Re: vpn

At the second site, configure your L2TP connection not to install a default route crossing the VPN.
by lambert
Wed May 01, 2019 11:41 pm
Forum: RouterBOARD hardware
Topic: i need to replace some devices RB 435G, 433AH and 433G , but with what device?
Replies: 2
Views: 521

Re: i need to replace some devices RB 435G, 433AH and 433G , but with what device?

That probably depends on what you are using those devices to do.
by lambert
Wed May 01, 2019 10:46 pm
Forum: General
Topic: CCR1072 vs Oem İ9-9900K
Replies: 13
Views: 1230

Re: CCR1072 vs Oem İ9-9900K

If doing BGP, before RouterOS 7, you want an X86 box. It doesn't have to be top of the line.

The x86 boxes will run circles around the CCR for single threaded tasks. The CCR will be fine for tasks that can be split across multiple cores.
by lambert
Mon Nov 19, 2018 7:01 pm
Forum: General
Topic: How do you use ssh agent forwarding on the routeros ssh client?
Replies: 9
Views: 916

Re: How do you use ssh agent forwarding on the routeros ssh client?

If you don't want to wait, VPNs, with as much crypto as SSH, are available now. I have run VPNs inside VPNs to get inside multiple layers of firewalls.
by lambert
Fri Nov 16, 2018 1:37 am
Forum: General
Topic: How do you use ssh agent forwarding on the routeros ssh client?
Replies: 9
Views: 916

Re: How do you use ssh agent forwarding on the routeros ssh client?

It is not an option. The options are: /ip ssh set Change properties of one or several items. always-allow-password-login -- allow password login when public key authorization is configured forwarding-enabled -- allows clients to connect to remote ports from server host-key-size -- RSA key size when ...
by lambert
Tue Nov 13, 2018 12:50 am
Forum: Beginner Basics
Topic: DHCP issue [SOLVED]
Replies: 9
Views: 881

Re: DHCP issue [SOLVED]

The two things which are most likely are:

1 ) Your WAN interface is bridged with your LAN.

2 ) Your ISP's WiFi has the same SSID/password configured and your devices are sometimes connecting to it directly.

With the config, we'll know.
by lambert
Tue Nov 13, 2018 12:35 am
Forum: General
Topic: Can't communication with Tristar 60 MPPT through 493ah
Replies: 10
Views: 1987

Re: Can't communication with Tristar 60 MPPT through 493ah

Thanks!

We'll check on that in the spring / early summer when we have access to the sites again.
by lambert
Thu Nov 08, 2018 9:54 pm
Forum: Beginner Basics
Topic: Issues after upgrading
Replies: 3
Views: 396

Re: Issues after upgrading

Having the DHCP server and LAN IP bound to the bridge rather than the old master port is a great idea. Also, if you haven't given the router a second reboot after the upgrade, you might want to try that. Occasionally it seems to take two reboots for the new config to take effect after and upgrade of...
by lambert
Thu Nov 08, 2018 9:34 pm
Forum: General
Topic: Can't communication with Tristar 60 MPPT through 493ah
Replies: 10
Views: 1987

Re: Can't communication with Tristar 60 MPPT through 493ah

We have issues with MPPT controllers falling offline when connected to Netonix switches. We can usually bounce the port on the Netonix and bring them back online for a while. We've begun to leave junk switches between the Netonix and the MPPTs. I don't think the ethernet chips in the MPPTs have been...
by lambert
Mon Sep 10, 2018 6:04 am
Forum: General
Topic: SNMP issue... [SOLVED]
Replies: 3
Views: 922

Re: SNMP issue... [SOLVED]

Hello.. Im graphing with mrtg some routers and some CPE, a couple of days ago, snmp stopped working on 3 routers, so i tought it was a routing issue since i was changing some stuff, but both devices, the mrtg server and the router are able to ssh, ping, etc.. just snmp does not work, even if i try ...
by lambert
Tue Jul 17, 2018 4:38 pm
Forum: General
Topic: Mikrotik Package not installing
Replies: 8
Views: 4328

Re: Mikrotik Package not installing

What does the log say immediately after reboot?
by lambert
Wed Jul 11, 2018 7:48 am
Forum: Scripting
Topic: Making a GUEST WiFI Schedule in Script
Replies: 3
Views: 453

Re: Making a scheduler...

I'm not sure what you're trying to do. Maybe it needs to be this complicated. I would create a separate schedule for each day which sets $GST=1 at the start each time period and another schedule setting $GST=0 at the end of the time period. If necessary, the schedule can flip the value of the variab...
by lambert
Sun Jul 08, 2018 9:12 pm
Forum: Wireless Networking
Topic: How to identify wireless network settings
Replies: 5
Views: 892

Re: How to identify wireless network settings

Number one rule: Start at the defaults.
Number two rule: Change the minimum necessary.

It works for a lot of things, not just RouterOS, not even just computers.

I am happy to hear that you got it working!
by lambert
Wed Jul 04, 2018 5:57 am
Forum: Wireless Networking
Topic: How to identify wireless network settings
Replies: 5
Views: 892

Re: How to identify wireless network settings

Ask the network admin what settings to use. or Look at the Windows laptop's wireless connection properties for that SSID. or Try trial and error, but scientifically. Just changing a lot of options leads to frustration. Start with a new wireless security profile, not one you've been playing with. Con...
by lambert
Mon May 28, 2018 3:57 pm
Forum: Forwarding Protocols
Topic: OSPF bug? with multiple IPs on interface sending hellos with wrong IP
Replies: 3
Views: 637

Re: OSPF bug? with multiple IPs on interface sending hellos with wrong IP

Thank you for taking the time to respond, mrz. However, that was my point. The router is not configured to run OSPF on 10.115.0.1/24. I apologize if that was not clear enough in my original post. The 10.115.0.1 IP is not covered by either of the two Routing OSPF Networks subnets. No subnet of 10.0.0...
by lambert
Fri May 25, 2018 10:47 pm
Forum: General
Topic: Anyone else getting flooded by this forum?
Replies: 11
Views: 1069

Re: Anyone else getting flooded by this forum?

I have also noticed this change in behaviour. I'm not subscribed to popular topics, so I'm not exactly flooded with messages. It did surprise me when I got two or three notifications for the same topic before I had time to go look at the topic.
by lambert
Fri May 25, 2018 10:41 pm
Forum: Forwarding Protocols
Topic: OSPF bug? with multiple IPs on interface sending hellos with wrong IP
Replies: 3
Views: 637

OSPF bug? with multiple IPs on interface sending hellos with wrong IP

I had an issue with a 6.40.8 HAP ac lite talking to a Ubiquiti EdgeRouter Pro 1.8.5 via a Netonix switch. The mikrotik was seeing hellos from the ER-Pro. The ER-Pro was not seeing the hellos from the Mikrotik. OSPF logging wasn't helping on the Mikrotik. I enabled "debug ospf" on the ER-Pro. Nothing...
by lambert
Mon Apr 23, 2018 9:51 am
Forum: General
Topic: IPsec tunnel CentOS to MikroTik
Replies: 7
Views: 1457

Re: IPsec tunnel CentOS to MikroTik

Tried 6.42. Same results.
by lambert
Sat Apr 21, 2018 9:54 am
Forum: General
Topic: IPsec tunnel CentOS to MikroTik
Replies: 7
Views: 1457

Re: IPsec tunnel CentOS to MikroTik

My policy was set to encrypt/require/esp/tunnel. I have now changed that to encrypt/require/ah/no tunnel. The logs look very similar to me. I don't get it. /ip ipsec proposal set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-128-cbc,3des add auth-algorithms=sha1,md5 enc-algorithms=aes-128-cbc,...
by lambert
Fri Apr 20, 2018 7:58 am
Forum: General
Topic: kid-control ideas
Replies: 9
Views: 1484

Re: kid-control ideas

For an end user wanting kid control, you may want to look into https://www.mcpnetworks.us/ . They seem to be transitioning to more ISP level business. They may still let you get setup on their program. It's a cloud portal for the end user which then programs the MikroTik router. You may be able to u...
by lambert
Fri Apr 20, 2018 2:31 am
Forum: General
Topic: IPsec tunnel CentOS to MikroTik
Replies: 7
Views: 1457

Re: IPsec tunnel CentOS to MikroTik

Here is the MikroTIk's debug log. I've manipulated everything I can think of on the 'Tik. It just doesn't change the result. I am obviously missing something. A clue by four to the head would be appreciated. 18:16:12 ipsec,debug proposal #1: 8 transform 18:16:12 ipsec,debug got the local address fro...
by lambert
Fri Apr 13, 2018 12:46 pm
Forum: General
Topic: IPsec tunnel CentOS to MikroTik
Replies: 7
Views: 1457

IPsec tunnel CentOS to MikroTik

I've been trying to get CentOS 7 to connect to RouterOS 6.40.7 for a couple of days now. Phase 1 works. Phase 2 never links up. If I intentionally change the DH Group or the lifetime, the centos box complains about them not matching. I don't see what is not matching up. Maybe it's an actual bug in C...
by lambert
Fri Apr 13, 2018 12:13 pm
Forum: General
Topic: Any plans to make cross-platform WinBox?
Replies: 33
Views: 2981

Re: Any plans to make cross-platform WinBox?

I find parts of this discussion funny since Webfig is practically a web version of Winbox as it is. You can even call up a windowed terminal in Webfig! Can you paste code snippets into WebFig's terminal? It doesn't work for me. I'm working in an all Mac shop, has been for decades. There is some con...
by lambert
Tue Apr 10, 2018 10:00 pm
Forum: Forwarding Protocols
Topic: What L2-VPN should be used?
Replies: 11
Views: 1099

Re: What L2-VPN should be used?

Insufficient requirements listed. "Which VPN is best?" is likely to a religious question. Many people could be harmed in the overheated arguments about that. It's the same as "vi" vs "emacs". If you can fully explain what you are trying to accomplish (who should be able to communicate with who and w...
by lambert
Tue Mar 06, 2018 7:12 am
Forum: Beginner Basics
Topic: Add Static Queue AFTER dynamic Queues
Replies: 5
Views: 606

Re: Add Static Queue AFTER dynamic Queues

That's why my idea was
0  do nothing queue
.. dynamic queues
.. dynamic queues
N static queue you wanted from the beginning
by lambert
Mon Mar 05, 2018 7:34 pm
Forum: Beginner Basics
Topic: Add Static Queue AFTER dynamic Queues
Replies: 5
Views: 606

Re: Add Static Queue AFTER dynamic Queues

Without looking at it, conceptually you could create a static placeholder queue which does nothing at 0. Then your static everything else queue. Dynamic rules would be added after 0.

Maybe? Its just a wild guess without time to research.
by lambert
Mon Mar 05, 2018 7:20 pm
Forum: Wireless Networking
Topic: WISP - Network Designer Wanted
Replies: 6
Views: 770

Re: WISP - Network Designer Wanted

Maybe give us some way to contact you?
by lambert
Sun Mar 04, 2018 11:19 pm
Forum: Beginner Basics
Topic: "Internet bandwidth" VS "Youtube bandwidth"
Replies: 12
Views: 1412

Re: "Internet bandwidth" VS "Youtube bandwidth"

If the resellers' business model is the same as yours, their mikrotiks will need a similar configuration. As you use it you may find that your mangle and queue rules need some adjustment. Just keep in mind the source and destination of the traffic you are attempting to affect and you'll have a good ...
by lambert
Sun Mar 04, 2018 5:44 am
Forum: Beginner Basics
Topic: "Internet bandwidth" VS "Youtube bandwidth"
Replies: 12
Views: 1412

Re: "Internet bandwidth" VS "Youtube bandwidth"

Looks good at a glance. Is it working for you? The screenshots do not show full detail. If it is working, great! If you need help in the future, exports from the terminal will help others understand exactly what is configured. Just search and replace sensitive items with unique variable names. It's ...
by lambert
Sat Mar 03, 2018 4:35 pm
Forum: Beginner Basics
Topic: "Internet bandwidth" VS "Youtube bandwidth"
Replies: 12
Views: 1412

Re: "Internet bandwidth" VS "Youtube bandwidth"

#lambert. Q1: I did add all the youtube IPs in "/ip firewall address list" but do I have to add all those addresses in "/ip addresses"? No. Not as far as I understand your problem description. '/ip addresses ' is for IPs which are used for routing through or access to your router. That includes 180...
by lambert
Sat Mar 03, 2018 8:29 am
Forum: Beginner Basics
Topic: "Internet bandwidth" VS "Youtube bandwidth"
Replies: 12
Views: 1412

Re: "Internet bandwidth" VS "Youtube bandwidth"

Possible answers. I may have mis-interpreted the questions. Q1) /ip firewall address-list add name=youtube address=IP1, repeat for all youtube IPs? Q2) Same as for internet but with dst-address-list=youtube? Q3) Two sets of queues, one for bandwidth one for youtube? Q4) Same as 3 but with changes to...
by lambert
Fri Mar 02, 2018 4:05 am
Forum: RouterBOARD hardware
Topic: Mikrotik Switch - 48 Port
Replies: 11
Views: 4993

Re: Mikrotik Switch - 48 Port

Probably not. I was in one of those funny moods. You know? Like most days. :D
by lambert
Thu Mar 01, 2018 12:19 am
Forum: RouterBOARD hardware
Topic: RB1100AHx4 vs CCR1009 as PPPoE server
Replies: 6
Views: 1513

Re: RB1100AHx4 vs CCR1009 as PPPoE server

I do not know. The RB1000AHx4 is new enough that I doubt many people have tried similar configurations with them yet. You might want to get two of them for one of the places currently using a single CCR1009 and see what happens. If they work out, take the CCR1009 to one of the other places that need...
by lambert
Tue Feb 27, 2018 3:11 am
Forum: RouterBOARD hardware
Topic: RB1100AHx4 latency spikes
Replies: 18
Views: 1686

Re: RB1100AHx4 latency spikes

That's cool. It's still a single switch. Splitting is still a possible win.
by lambert
Mon Feb 26, 2018 11:55 pm
Forum: RouterBOARD hardware
Topic: RB1100AHx4 latency spikes
Replies: 18
Views: 1686

Re: RB1100AHx4 latency spikes

Move the big connection to port 13. See if latency remains and if they still line up. It's a pain, but 1 and 2 are on the same switch chip. Depending on what is in ports 3, 4, and 5, that 1Gbps connection to the CPU may be overloaded.
by lambert
Mon Feb 26, 2018 8:08 pm
Forum: RouterBOARD hardware
Topic: RB750Gr3 temperature
Replies: 4
Views: 979

Re: RB750Gr3 temperature

Same location? Not stacked? Same airflow opportunities?

If same location, swap positions. See if heat follows device or position.
by lambert
Mon Feb 26, 2018 7:51 pm
Forum: RouterBOARD hardware
Topic: Mikrotik Switch - 48 Port
Replies: 11
Views: 4993

Re: Mikrotik Switch - 48 Port

There is a 48 port switch. It just takes up 2 U. You have to order it as three pieces and do some self assembly. There are only two part numbers. 2 - https://mikrotik.com/product/crs328_24p_4s_rm 1 - https://mikrotik.com/product/SplusDA0001 Or are you really just asking for a 1u - 48 port switch? Yo...
by lambert
Mon Feb 26, 2018 7:38 pm
Forum: RouterBOARD hardware
Topic: RB1100AHx4 latency spikes
Replies: 18
Views: 1686

Re: RB1100AHx4 latency spikes

Which ports are you using for the connections? Are they both on the same switch chip? While I have no personal experience with the x4, the older RB1100AH and AHx2 units had recommendations for using multiple independent ports rather than the switched port groups. Perhaps the x4 also requires care in...
by lambert
Mon Feb 26, 2018 7:27 pm
Forum: General
Topic: default offering lease without success
Replies: 15
Views: 4331

Re: default offering lease without success

I think he mainly wants to get rid of this type of message: default offering lease 192.168.22.209 for CC:35:40:04:38:1B to BC:8C:CD:46:15:F4 without success The info,!dhcp would get rid of the lease renewal messages which he also wants to hide. There may be other info level messages he wants to keep...
by lambert
Mon Jan 15, 2018 1:02 am
Forum: Beginner Basics
Topic: Forwarding Traffic
Replies: 2
Views: 392

Re: Forwarding Traffic

I think the keyword you want is DMZ.

https://wiki.mikrotik.com/wiki/NAT_Tutorial
by lambert
Mon Jan 15, 2018 12:46 am
Forum: General
Topic: Need some advice...
Replies: 5
Views: 507

Re: Need some advice...

rb2011, 20Mbps encrypted traffic. as to number of tunnels, someone would have to try it and see. The CPU in the 2011s are not exactly super powerful.
by lambert
Mon Jan 15, 2018 12:27 am
Forum: General
Topic: Looking for a successor to the RB110AH
Replies: 4
Views: 434

Re: Looking for a successor to the RB110AH

BTW, all three have IPsec encryption offload. They may let you drop the additional pfSense box if you want. No reason you have to drop the pfSense box. I like pfSense.
by lambert
Mon Jan 15, 2018 12:24 am
Forum: General
Topic: Looking for a successor to the RB110AH
Replies: 4
Views: 434

Re: Looking for a successor to the RB110AH

Three good options. All will do 1Gbps throughput via copper interfaces, some have fiber. Upgraded version of what you already have, no USB. I do not see fans in the gallery images: https://mikrotik.com/product/rb1100ahx4 Fanless with up to 1Gbps fiber interface: https://mikrotik.com/product/CCR1009-...
by lambert
Mon Jan 15, 2018 12:03 am
Forum: The User Manager
Topic: need assistant
Replies: 2
Views: 556

Re: need assistant

/ip firewall nat add chain=src-nat src-address=192.168.10.1 out-interface=ether1 action=masquerade Please note, I did not fire up a login to a MikroTik to test the above syntax. That rule may need a fix or two. That rule intends to give exactly one private IP of 192.168.10.1 access to the Internet ...
by lambert
Sun Jan 14, 2018 2:12 am
Forum: General
Topic: default offering lease without success
Replies: 15
Views: 4331

Re: default offering lease without success

That appears to be a Samsung MAC address "BC:8C:CD:46:15:F4". Maybe you know which device on your network might have a samsung manufactured interface? Does 192.168.223.85 have a web interface? It sounds a bit like an AP or range extender which may be trying, unsuccessfully, to ARP "NAT" the original...
by lambert
Fri Nov 17, 2017 4:13 am
Forum: Wireless Networking
Topic: RB951G-2HnD - Apple devices not connecting
Replies: 12
Views: 3775

Re: RB951G-2HnD - Apple devices not connecting

Did you happen to turn on the EAP options in your security profile? I've seen Apple devices not connect when someone made that mistake. The Android and other devices still worked as long as PSK was also enabled. That may not apply to newer versions of Android and such.
by lambert
Tue Nov 07, 2017 5:09 pm
Forum: General
Topic: RESOLVED -simple queue without packets drop on ccr1036 v6.18
Replies: 9
Views: 3855

Re: RESOLVED -simple queue without packets drop on ccr1036 v6.18

A queue which is passing traffic at close to the max limit speed will drop packets. You did not provide any information about your configuration. We cannot know the cause of your dropped packets. We can only guess. You may want to start your own topic. Tell us everything about the hardware, your que...
by lambert
Fri Sep 29, 2017 7:50 pm
Forum: Wireless Networking
Topic: Wireless Access List Not Dropping Clients with Weak Signal
Replies: 4
Views: 1207

Re: Wireless Access List Not Dropping Clients with Weak Signal

I think the signal level access-list entry is only evaluated at connect time. It works that way with Ubiquiti's "threshold" setting also. I think if you want to kick weak signal clients, you will have to write a script to parse their current signal levels and kick them if below some threshold, proba...
by lambert
Sat Sep 16, 2017 5:06 am
Forum: Beginner Basics
Topic: Some ethernet devices won't lease from DHCP ?
Replies: 6
Views: 768

Re: Some ethernet devices won't lease from DHCP ?

Have you tried moving the Linux boxes to a different port on the bridge?
by lambert
Wed Sep 13, 2017 7:22 am
Forum: Beginner Basics
Topic: DHCP stays in "Offered" state for 2 wireless devices - Logitech Squeezeboxes
Replies: 7
Views: 1011

Re: DHCP stays in "Offered" state for 2 wireless devices - Logitech Squeezeboxes

Now it would be fun to export the working config and compare it detail for detail with the non-working config to find what the root cause was. :-)
by lambert
Mon Sep 11, 2017 4:36 am
Forum: General
Topic: VPN Address List
Replies: 5
Views: 1689

Re: VPN Address List

I don't see anything wrong without loading it into an actual router. I don't do a lot of policy based routing. I may just be missing something obvious. You might try coming up with a couple of benign test websites which only use one IP address and use it consistently. Add one to each list and show u...
by lambert
Mon Sep 11, 2017 4:19 am
Forum: Beginner Basics
Topic: DHCP stays in "Offered" state for 2 wireless devices - Logitech Squeezeboxes
Replies: 7
Views: 1011

Re: DHCP stays in "Offered" state for 2 wireless devices - Logitech Squeezeboxes

You didn't show us your access-list which puts the device into the correct VLAN. Another thought: Do all static leases have the always-broadcast=yes option? It is not a default option so could be something which is "different". add address=192.168.52.27 always-broadcast=yes comment=IOT-Media-Squeeze...
by lambert
Sun Sep 10, 2017 10:19 am
Forum: Beginner Basics
Topic: Is there way to upgrade?
Replies: 5
Views: 579

Re: Is there way to upgrade?

Upgrading RouterOS is done under System --> Packages. Like Windows, or OS X on your PC / Mac. The firmware you are looking at under System --> RouterBoard is equivalent to the BIOS on your PC. That doesn't get updated so often. After you update RouterOS under System --> Packages and reboot, it may o...
by lambert
Sun Sep 10, 2017 10:12 am
Forum: General
Topic: VPN Address List
Replies: 5
Views: 1689

Re: VPN Address List

Please, show your work. We cannot divine the answer without seeing your rules.
by lambert
Sun Sep 10, 2017 10:03 am
Forum: Beginner Basics
Topic: DHCP stays in "Offered" state for 2 wireless devices - Logitech Squeezeboxes
Replies: 7
Views: 1011

Re: DHCP stays in "Offered" state for 2 wireless devices - Logitech Squeezeboxes

If you're using access-lists, to put things into VLANs, we may need to see the access-lists. Other times I see things like this, I'm not using ACLs, it is due to packet loss from the router (dhcp server) and the client device. Sometimes it's wireless loss, sometimes it's a bad ethernet cable on the ...
by lambert
Sun Sep 10, 2017 12:35 am
Forum: Beginner Basics
Topic: Understanding DHCP on Mikrotik [SOLVED]
Replies: 7
Views: 1118

Re: Understanding DHCP on Mikrotik [SOLVED]

Is your server on a loopback type bridge? In other words, are there any real interfaces connected to the DHCP server's interface?

I wish MikroTik would give us the ability to source UDP services from specific IPs / interfaces. This would help with SNMP also.
by lambert
Sat Sep 09, 2017 9:26 pm
Forum: Beginner Basics
Topic: Brand New to MikroTik
Replies: 5
Views: 1178

Re: Brand New to MikroTik

One possibility that I was thinking about: I'm going to have a web-accessible CalDAV calendar on the Synology for church events which anyone can view and which authorized users can access to enter events. Can you think of any way of integrating this with the Wi-fi system, either through RouterOS, t...
by lambert
Thu Sep 07, 2017 9:03 pm
Forum: General
Topic: Mikrotik as L2TP/IPSEC Client
Replies: 1
Views: 1538

Re: Mikrotik as L2TP/IPSEC Client

What does the log on your MikroTik say? Add more logging for IPsec and L2TP topics under System -> Logging. If you accept L2TP/IPSec connections to your MikroTik for your own use, make a new PPP profile which is used for outbound connections which doesn't have anything in the Local or remote IP fiel...
by lambert
Thu Sep 07, 2017 8:45 pm
Forum: The Dude
Topic: Mikrotik SNMP ifspeed variables
Replies: 2
Views: 638

Re: Mikrotik SNMP ifspeed variables

Show the ifTable.ifEntry.ifDescr for the same .1, .2, or .3 indexes to find out what RouterOS is showing you.
by lambert
Thu Sep 07, 2017 6:49 am
Forum: Beginner Basics
Topic: Brand New to MikroTik
Replies: 5
Views: 1178

Re: Brand New to MikroTik

Doing all of this on a new to you platform is going to involve a steep learning curve. That's great if you have the time. If you know how to do all of this with something else, you may want to go that direction, even if it costs more. If you have to learn how to do this for any platform you might us...
by lambert
Mon Aug 28, 2017 7:49 pm
Forum: General
Topic: Issue with VPN connecting behind router
Replies: 7
Views: 906

Re: Issue with VPN connecting behind router

Lambert, been trying to make the new mangle rule work. I basically copied the original rule exactly, except modified it around the IP structure for the "dial-in" VPN. It does not work. Here is what I have: <Mangle Rule> {General} Chain: prerouting Src: 192.168.15.0/24 Dst: ! 192.168.15.0/24 (I thin...
by lambert
Sat Aug 26, 2017 8:49 am
Forum: General
Topic: Issue with VPN connecting behind router
Replies: 7
Views: 906

Re: Issue with VPN connecting behind router

Add another mangle rule which doesn't mark anything but does not passthrough before that rule. It should match the same src address, AND the dst address of your office LAN. Or, you can just add the dst-address of your Office LAN to the PureVPN rule and negate it by checking the box in front of the a...
by lambert
Sat Aug 26, 2017 8:41 am
Forum: General
Topic: IPSec Client in Mikrotik problem
Replies: 1
Views: 397

Re: IPSec Client in Mikrotik problem

All of my users use the Windows built-in IPSec/L2TP client. I don't know if Windows has a pure IPSec client. The checkpoint software may default some options to be checkpoint specific. I have no experience with them. You have to make sure your client's settings, whatever vendor made your client, mat...
by lambert
Wed May 10, 2017 2:47 am
Forum: General
Topic: Which one is use fewer CPU load ??
Replies: 3
Views: 514

Re: Which one is use fewer CPU load ??

NAT will be less load on the CCR. Doing DNS on the CCR will be less load on your DNS server hardware. I am not a fan of using the MikroTiks as cacheing name servers. I've seen some oddities that went away when I stopped using the MikroTik cacheing name service for 50 - 200 user pools of customers. I...
by lambert
Wed May 10, 2017 2:33 am
Forum: General
Topic: Flapping IPSEC VPN Between Mikrotik and VyOS
Replies: 3
Views: 1349

Re: Flapping IPSEC VPN Between Mikrotik and VyOS

Just as a test, I would increase or decrease your lifetime settings. See if the interval of "outages" changes. I have a router which connects via IPSec to an unknown vendor IPSec router with lifetime of 8 hours. That one drops a few ICMP packets approximately every 8 hours. My monitoring is a schedu...
by lambert
Fri Mar 10, 2017 11:42 pm
Forum: General
Topic: PPPoE Server Issue
Replies: 5
Views: 577

Re: PPPoE Server Issue

Look for dynamic Simple Queue entries for the PPPoE users. If they exist, for what speeds are they set? Look at the IP fIrewall Mangle rules and make sure the MSS rules are dynamically inserted at the top, or very nearly, of the list. I have some PPPoE clients but the fastest plan they can have is 1...
by lambert
Thu Mar 09, 2017 10:23 pm
Forum: General
Topic: PPPoE Server Issue
Replies: 5
Views: 577

Re: PPPoE Server Issue

Firmware version?
by lambert
Thu Feb 09, 2017 7:02 pm
Forum: General
Topic: Strangeness with devices losing one-way comm with network?
Replies: 30
Views: 1993

Re: Strangeness with devices losing one-way comm with network?

It may be that some device needed its ARP table cleared after switching to WDS due to the MAC address translation which the bridge uses when not in WDS mode. I would try making sure lease times are short, like 10 minutes maximum. Then while at the other building, probably after business hours , conv...
by lambert
Tue Feb 07, 2017 9:27 pm
Forum: General
Topic: Strangeness with devices losing one-way comm with network?
Replies: 30
Views: 1993

Re: Strangeness with devices losing one-way comm with network?

Your bridge is not in a "transparent" mode. Look through Engenious documentation for how to make the bridge fully transparent.
by lambert
Mon Feb 06, 2017 10:44 am
Forum: General
Topic: SNMP doesn't work with asymmetric routes?
Replies: 32
Views: 7345

Re: SNMP doesn't work with asymmetric routes?

At all sites, I monitor the IP on the lan-bridge bridge. If there is a second router at a tower, it is connected via that bridge. onsite laptops also plug into a lan-bridge interface if a tech is onsite. It's pretty close to being a loopback interface. I've also tried a actual /32 on a dedicated loo...
by lambert
Mon Feb 06, 2017 10:10 am
Forum: General
Topic: Strangeness with devices losing one-way comm with network?
Replies: 30
Views: 1993

Re: Strangeness with devices losing one-way comm with network?

Look at the ARP table on the router for the bridge and other devices at the other building. Are they the mac addresses all different? There may be several IPs showing as having the same MAC address. Also look at the log on the router for anything unusual, maybe loops or something. When you replaced ...
by lambert
Mon Feb 06, 2017 9:45 am
Forum: Wireless Networking
Topic: basic help in wireless network needed
Replies: 1
Views: 439

Re: basic help in wireless network needed

Jajeblonsky, That's not helpful. People have to start learning somewhere. This does not appear to be a large corporate network. dieterjava, While plugged in to the MikroTik, can you ping both of the Lite-beam devices that make up the second wireless link? Do all four Lite-beam devices have WDS enabl...
by lambert
Mon Feb 06, 2017 8:50 am
Forum: General
Topic: Mikrotik Package not installing
Replies: 8
Views: 4328

Re: Mikrotik Package not installing

Is the package file still in the files listing after the reboot? What architecture is the router? mipsbe, tile, powerpc, x86? For what architecture was the package file built? Uploading packages for the wrong architecture is probably the most common reason for problems like this. Corrupt uploads are...
by lambert
Mon Feb 06, 2017 8:32 am
Forum: General
Topic: Strangeness with devices losing one-way comm with network?
Replies: 30
Views: 1993

Re: Strangeness with devices losing one-way comm with network?

Your description does not sound like "one-way comm". This sounds like loss of connectivity between the remote bridge and the remote router. From your description, it is difficult to divine where the problem is. You glossed over a few details. Lets make sure we have the logical layout right. Router1 ...
by lambert
Sat Feb 04, 2017 8:19 am
Forum: General
Topic: SNMP doesn't work with asymmetric routes?
Replies: 32
Views: 7345

Re: SNMP doesn't work with asymmetric routes?

that is a feature not a bug. SNMP was specially altered to respond on the same interface it received request on. And response source is request destination. Hence, some suggested workarounds do work, like monitoring outgoing interface ip address or creating a tunnel and monitoring through the tunne...
by lambert
Fri Feb 03, 2017 12:07 am
Forum: Scripting
Topic: I need script mange bandwith on two lan
Replies: 2
Views: 452

Re: I need script mange bandwith on two lan

http://wiki.mikrotik.com/wiki/Manual:Queue

You want two simple queues.

max limit should be 10M for each
limit at should be 6 or 4 depending on your match criteria.
by lambert
Fri Oct 21, 2016 9:59 pm
Forum: Wireless Networking
Topic: mikrotik access point / controlling on the time of wireless authentication
Replies: 20
Views: 3332

Re: mikrotik access point / controlling on the time of wireless authentication

As a workaround, you could setup a script which enables and disables "/interface wireless access-list" rules to allow or reject users. Then run the appropriate script at the appropriate time. The key parts would look something like: /interface wireless access-list enable [find comment~"daytimeuser"]...
by lambert
Tue Aug 30, 2016 8:10 am
Forum: Beginner Basics
Topic: MRTG dynamic PPPoE or PPTP interface
Replies: 21
Views: 3880

Re: MRTG dynamic PPPoE or PPTP interface

I'm working on this today....

Target[username]: \<pppoe-username\@udomain.net>:community@router.domain.net

seems to work.
by lambert
Thu Apr 07, 2016 6:53 pm
Forum: General
Topic: SOLVED - L2TP IPSEC stoped working after Upgrade to 6.18
Replies: 19
Views: 65554

Re: SOLVED - L2TP IPSEC stoped working after Upgrade to 6.18

jaytcsd, you should create a new topic for your similar symptom but completely unrelated question. This topic is about upgrades from anything before 6.18 to 6.18 or later. 6.33 to 6.34.2 did not change the behavior of the IPsec stack in the way that 6.17 to 6.18 did. Therefore, you have a new and in...
by lambert
Fri Apr 01, 2016 1:28 am
Forum: General
Topic: Public IP for each pppoe server
Replies: 8
Views: 873

Re: Public IP for each pppoe server

Use different pools for each PPPoE server. They can be in the same overall supernet if you like, as long as the ranges don't overlap. In-interface matching won't work because each client is on his own PPP interface. You might be able to assign a MikroTik-Address-List via RADIUS based on which PPPoE ...
by lambert
Wed Mar 30, 2016 8:24 am
Forum: General
Topic: fcs error on new CCR1009
Replies: 12
Views: 6972

Re: fcs error on new CCR1009

FCS on the same second of every minute, whether that's every 30 seconds or every 60 seconds, may be an AirFiber thing. The AF developers may have identified the issue and be fixing it in the next firmware. I see most FCS errors on port 8 of my CCR1009 routers. That is the PoE in port. I have a hypot...
by lambert
Tue Mar 08, 2016 11:03 pm
Forum: General
Topic: Feature Request TR-069 CPE
Replies: 82
Views: 24995

Re: Feature Request TR-069 CPE

Not really. Some of ISPs do DSL and WIreless or DOCSIS Cable and Wireless or even just got sick of dealing with customer issues and moved to using TR-069 managed in home devices for the customer. Some ISPs are deploying LTE equipment. At my company, we don't use MikroTik for outdoor wireless. We do ...
by lambert
Tue Mar 08, 2016 5:46 pm
Forum: General
Topic: Feature Request TR-069 CPE
Replies: 82
Views: 24995

Re: Feature Request TR-069 CPE

Afternoon all,
Has there been any movement on this? We are dying to use TR-069 on MT, it would solve pretty much all our provisioning issues!

Hope this happens sooner rather than later.
Normis asked which TR-069 ACS everyone is using. Would you mind listing what you use?
by lambert
Tue Mar 08, 2016 5:41 pm
Forum: RouterBOARD hardware
Topic: ccr 1036 stop working
Replies: 6
Views: 1588

Re: ccr 1036 stop working

Open a support ticket with MikroTik. Email support@MikroTik.com what you describe is not normal.
by lambert
Mon Mar 07, 2016 11:27 pm
Forum: RouterBOARD hardware
Topic: Looking for cause of Ethernet issues CCR1009-8G-1S-1S+PC
Replies: 4
Views: 1087

Re: Looking for cause of Ethernet issues CCR1009-8G-1S-1S+PC

Thank you for the feedback. I have three AF24 links. This is the one ethernet of 6 giving me issues. It is also the longest cable so that may have something to do with it. Good thought on the "PoE in" being a difference between ether8 and all other ports. I think I will reconfigure to use ether5, si...
by lambert
Mon Mar 07, 2016 10:26 pm
Forum: RouterBOARD hardware
Topic: Looking for cause of Ethernet issues CCR1009-8G-1S-1S+PC
Replies: 4
Views: 1087

Re: Looking for cause of Ethernet issues CCR1009-8G-1S-1S+PC

That's the CPU temp. The board temp shows 10 C lower at the moment.
by lambert
Mon Mar 07, 2016 8:58 pm
Forum: RouterBOARD hardware
Topic: Looking for cause of Ethernet issues CCR1009-8G-1S-1S+PC
Replies: 4
Views: 1087

Looking for cause of Ethernet issues CCR1009-8G-1S-1S+PC

I may have multiple issues at this site. I get FCS errors on ether8 24 hours per day, but not all the time. The most immediate problem is the inability to operate at 1 Gbps on ether8 in the afternoon. I don't know what is causing ether8 on one of my units to drop connection and renegotiate at 100Mbp...
by lambert
Mon Mar 07, 2016 8:15 pm
Forum: RouterBOARD hardware
Topic: ccr 1036 stop working
Replies: 6
Views: 1588

Re: ccr 1036 stop working

As a data point, I've not seen this behavior with my five CCR1036 units on various firmware revisions. "RouterOS CCR1036-12G-4S",""6.30.4"" "RouterOS CCR1036-12G-4S",""6.18"" "RouterOS CCR1036-12G-4S",""6.24"" "RouterOS CCR1036-12G-4S",""6.30.4"" "RouterOS CCR1036-12G-4S",""6.32.3"" What are the con...
by lambert
Mon Mar 07, 2016 9:53 am
Forum: RouterBOARD hardware
Topic: Underclock or disable processors on CCR1036-8G-2S+
Replies: 17
Views: 2030

Re: Underclock or disable processors on CCR1036-8G-2S+

Have you asked support@mikrotik.com about this yet? If they respond, please let us know what options they give you. I would like to hear about a setting for significantly reducing the heat from my passively cooled 10% CPU utilization CCR1009s in small metal cabinets outside. I do not think the optio...
by lambert
Wed Mar 02, 2016 1:25 pm
Forum: General
Topic: Port flapping (ether6 link down/up) on RB3011UiAS-RM
Replies: 29
Views: 14590

Re: Port flapping (ether6 link down/up) on RB3011UiAS-RM

Sometimes MikroTik notices issues posted on the forums. Usually not. It would be best to email support@mikrotik.com about this issue and be sure to include a supout file collected while the port is flapping.
by lambert
Tue Mar 01, 2016 11:19 am
Forum: General
Topic: troughput problem CCR1036-12G-4S
Replies: 4
Views: 694

Re: troughput problem CCR1036-12G-4S

AirFiber which, AF24, AF5, AF5x? I've never had to hard set the speeds on an AF to CCR ethernet link. Sometimes you have to fix the tower grounding and make a new cable that will actually negotiate at 1000Mbps/Full-duplex. Every negotiation issue we've had was curable by getting the ethernet and gro...
by lambert
Sun Feb 21, 2016 9:13 am
Forum: General
Topic: Duplicate PPPoE client's
Replies: 5
Views: 1075

Re: Duplicate PPPoE client's

Different MAC addresses, different hosts. One PPPoE session per host. Not one PPPoE session per username.

Or maybe you want to explain your perceived issue more completely?
by lambert
Sun Feb 21, 2016 8:40 am
Forum: Beginner Basics
Topic: Flush DHCP leases on a power cycle
Replies: 4
Views: 1698

Re: Flush DHCP leases on a power cycle

WinBox, IP DHCP server, DHCP config, Store Leases on disk -> Never.

CLI:
>/ip dhcp-server config set store-leases-disk=never
That should do what you are requesting.
by lambert
Sat Feb 20, 2016 1:38 am
Forum: Beginner Basics
Topic: 3 buildings 1 internet
Replies: 16
Views: 1367

Re: 3 buildings 1 internet

The mynetname.net option works for me. I just connected to a client's router on the other side of the country using their IP cloud address. Make sure you've enabled IP cloud. Of course if you have a static IP out there, you can always just put that into your VPN client. I'm glad you have it working....
by lambert
Fri Feb 19, 2016 7:18 pm
Forum: Beginner Basics
Topic: 3 buildings 1 internet
Replies: 16
Views: 1367

Re: 3 buildings 1 internet

That's a good possibility for why they had the extra rb2011s. We can still keep it a flat network and use the rb2011s. Just turn the second and third rb2011s to bridge mode. Make sure the sfp interface uses, or *is* the master port used by the 5 gigabit copper ports. We don't want any "gateway" port...
by lambert
Fri Feb 19, 2016 12:03 am
Forum: Beginner Basics
Topic: 3 buildings 1 internet
Replies: 16
Views: 1367

Re: 3 buildings 1 internet

Unfortunately, MikroTik's default config is different for various hardware models. I don't have any of the CRS2xx series devices. I'm not sure what their default config is. I would guess you want your switches in quickset "bridge" mode. If that doesn't immediately work, double click each interface a...
by lambert
Tue Feb 16, 2016 11:43 pm
Forum: Beginner Basics
Topic: reset routerboard 2011uas-2hnd-in via reset button
Replies: 9
Views: 1455

Re: reset routerboard 2011uas-2hnd-in via reset button

Looks like you installed individual packages rather than the bundle package. I'd download the 6.32.4 bundle http://download2.mikrotik.com/routeros/ ... 6.32.4.npk, not the extra/all packages zip file from the download page, ftp/scp/drag&drop it onto the Mikrotik and reboot.
by lambert
Tue Feb 16, 2016 11:17 pm
Forum: Beginner Basics
Topic: reset routerboard 2011uas-2hnd-in via reset button
Replies: 9
Views: 1455

Re: reset routerboard 2011uas-2hnd-in via reset button

Did you disable the advanced-routing package?
by lambert
Tue Feb 16, 2016 11:02 pm
Forum: Beginner Basics
Topic: 3 buildings 1 internet
Replies: 16
Views: 1367

Re: 3 buildings 1 internet

It looks like someone set out to build a Rube Goldberg network, then said, "the heck with it", and bridged the whole thing without bothering to clean up the mess. https://www.rubegoldberg.com I'd dump the bath water and not worry about if the baby is still in the tub. What a mess. You're fastest fix...
by lambert
Tue Feb 16, 2016 10:10 pm
Forum: Beginner Basics
Topic: 3 buildings 1 internet
Replies: 16
Views: 1367

Re: 3 buildings 1 internet

You may need to change your password for your noip account......
by lambert
Tue Feb 16, 2016 10:04 pm
Forum: Beginner Basics
Topic: 3 buildings 1 internet
Replies: 16
Views: 1367

Re: 3 buildings 1 internet

http://wiki.mikrotik.com/wiki/Manual:Configuration_Management Don't bother with "backup" files. Use the export. It's safer. The commands in the export will closely match the menu structure of Winbox. You can read the file and look at winbox to help you learn the commands. The export is plain text. ...
by lambert
Tue Feb 16, 2016 9:37 pm
Forum: RouterBOARD hardware
Topic: CCR1009 simple queue, what can I expect?
Replies: 3
Views: 717

Re: CCR1009 simple queue, what can I expect?

I don't have experience with that configuration. I have CCR1009 handling an address list based queue tree setup handling traffic for about 180 clients, 8 firewall rules in the forward chain, 2 nat rules (not heavily utilized), 90 mangle rules, and 30 PCQ queues under each of 5 parent interfaces. Onl...
by lambert
Tue Feb 16, 2016 9:07 pm
Forum: Beginner Basics
Topic: 3 buildings 1 internet
Replies: 16
Views: 1367

Re: 3 buildings 1 internet

If you want some real help, you will need to post the RouterBoard configs. We have no idea how it is configured from your message. We just have a general idea which cable is plugged into which device. We don't even know which ports are used to make the connections. Your network diagram seems to leav...
by lambert
Tue Feb 16, 2016 7:13 pm
Forum: RouterBOARD hardware
Topic: CCR1009 simple queue, what can I expect?
Replies: 3
Views: 717

Re: CCR1009 simple queue, what can I expect?

http://routerboard.com/CCR1009-8G-1S-PC

Look at the Performance Test Results for examples with 25 simple queues.
by lambert
Tue Feb 16, 2016 9:13 am
Forum: General
Topic: ip routed
Replies: 2
Views: 422

Re: ip routed

In your NAT settings, you might try adding an accept rule for src-address of pppoe interface IP range to dst-address of DMZ interface IP range. That will bypass the other NAT rules.
by lambert
Tue Feb 16, 2016 8:36 am
Forum: RouterBOARD hardware
Topic: Hardware for Fiber based LAN
Replies: 18
Views: 1983

Re: Hardware for Fiber based LAN

What is cost effective doesn't matter if you want to play, and gain experience, with fiber. Do whatever you want. I know a farmer with 40Gbps fiber in his barn, because he wanted to play. If you can afford to play, there are worse ways to "waste" your money. He translated play into business over the...
by lambert
Tue Feb 16, 2016 1:44 am
Forum: Beginner Basics
Topic: Implementing vlan in Different Ways
Replies: 5
Views: 644

Re: Implementing vlan in Different Ways

IIRC, you cannot add VLAN tags to a bridge interface. So the second configuration is not an option.

Edit: I apparently recalled incorrectly. Sorry folks. Should have kept my keyboard shut.
by lambert
Tue Feb 16, 2016 1:39 am
Forum: Beginner Basics
Topic: How do I get the same IP addresses the ethernet ports to match the IP address of the router?
Replies: 2
Views: 838

Re: How do I get the same IP addresses the ethernet ports to match the IP address of the router?

Create a bridge interface on the CCR1009. Add all of the ethernet interfaces you want in the same address space to that bridge. Move the 192.168.1.1/24 IP to the bridge interface. You can use the switch chip on the first 4 ports to merge them into the same address space using the master-port=ether1 ...
by lambert
Tue Feb 16, 2016 1:30 am
Forum: General
Topic: vlan trunking
Replies: 2
Views: 511

Re: vlan trunking

The MikroTik switch configuration methodology in RouterOS is second in frustration quotient only to an HP switch I dealt with 10 years ago. MikroTik could at least make a wizard in WinBox which could allow you to select tagged and untagged radio buttons per defined VLAN and generate the arcane code ...
by lambert
Wed Feb 10, 2016 10:41 am
Forum: General
Topic: Best billing/radius software to work with MikroTik
Replies: 4
Views: 1533

Re: Best billing/radius software to work with MikroTik

I'm not really sure I've interpreted your question properly. It seems to me that you asked about billing software then went on to talk about AAA, http://searchsecurity.techtarget.com/definition/authentication-authorization-and-accounting , tools. Billing and AAA like RADIUS should be able to be deco...
by lambert
Wed Feb 10, 2016 1:00 am
Forum: General
Topic: Queues for PPPoE client on same bridge with DHCP clients
Replies: 1
Views: 768

Re: Queues for PPPoE client on same bridge with DHCP clients

Janis replied to my support ticket request. He confirmed my suspicions. In case you have many interfaces in one direction you need to use "Global" HTB instead. That exactly the reason it was introduced, but you will have to mark upload and download with separate marks. You can use dynamic address li...
by lambert
Tue Feb 09, 2016 11:01 pm
Forum: RouterBOARD hardware
Topic: HAP AC
Replies: 540
Views: 134489

Re: HAP AC

SORRY ... quick shot... just saw it in the table!!! Wireless standards 802.11a/n/ac all good ;) hAP AC on the routerboard.com the website says... The hAP ac is our most universal home or office wireless device. It is a dual band device with Gigabit ports that allow the full advantages of 802.11ac t...
by lambert
Tue Feb 09, 2016 10:46 pm
Forum: General
Topic: Port flapping (ether6 link down/up) on RB3011UiAS-RM
Replies: 29
Views: 14590

Re: Port flapping (ether6 link down/up) on RB3011UiAS-RM

I've seen things like this on three x86 boxes. I only have three x86 MikroTiks. I have not seen it on any of my RouterBoard devices. I have more than 100 multi-ethernet RouterBoards. It seems to happen to my units most often after what I assume was a power brownout. I have always seen it after a sto...
by lambert
Fri Feb 05, 2016 12:10 am
Forum: RouterBOARD hardware
Topic: Replace UBNT Toughswitch with RouterOS Device????
Replies: 16
Views: 1853

Re: Replace UBNT Toughswitch with RouterOS Device????

So, this thread should have been labeled as a feature request?

I think we've all been reading it as a design help or tech help request.
by lambert
Thu Feb 04, 2016 11:21 pm
Forum: RouterBOARD hardware
Topic: Replace UBNT Toughswitch with RouterOS Device????
Replies: 16
Views: 1853

Re: Replace UBNT Toughswitch with RouterOS Device????

3 options, A) Use a MikroTik with enough ports to do the routing you want + a mid-span PoE injector. The mid-span can be individual single-port injectors or multi-port. Optionally, the mid-span can be manageable. A1) Use multiple MikroTik 750UP type devices and don't put more watts on any individual...
by lambert
Thu Feb 04, 2016 12:03 am
Forum: General
Topic: Help with freeRADIUS and PPTP authentication?
Replies: 6
Views: 3483

Re: Help with freeRADIUS and PPTP authentication?

Actually reading the radius debug output shows that you do not have a password for joshp in a format which is compatible with MS-CHAP. It even tells you it needs a "Cleartext-Password". So configure your users file to provide a "Cleartext-Password" value pair or configure your PPTP server to only al...
by lambert
Wed Feb 03, 2016 11:46 pm
Forum: RouterBOARD hardware
Topic: Replace UBNT Toughswitch with RouterOS Device????
Replies: 16
Views: 1853

Re: Replace UBNT Toughswitch with RouterOS Device????

Did you enable long-cable mode on the 750UP? That seems to come up as the solution to a lot of users' 750UP questions when the 750UP is powered via PoE anyway.
/int ethernet poe settings set ether1-poe-in-long-cable=yes
by lambert
Sun Jan 17, 2016 9:58 am
Forum: Beginner Basics
Topic: PPPoE failed on RB951-2n (constantly connect and disconnect)
Replies: 12
Views: 3323

Re: PPPoE failed on RB951-2n (constantly connect and disconnect)

da89ni says it works as desired with the Ethernet plugged into his laptop. From the phrasing, I believe that means the same cable was used in both setups. That would tend to rule out the modem and the cable. Given that interpretation of the original post, I suspect configuration, software bug, or ba...
by lambert
Sat Jan 16, 2016 9:51 pm
Forum: Beginner Basics
Topic: PPPoE failed on RB951-2n (constantly connect and disconnect)
Replies: 12
Views: 3323

Re: PPPoE failed on RB951-2n (constantly connect and disconnect)

Why is your ether1 interface going up and down? Is it supposed to link at 10Mbps? Or should it be 100Mbps?

Did you enable the "Dial on Demand" option in the PPPoE client interface? If so, unset it.
by lambert
Sat Jan 16, 2016 9:13 pm
Forum: General
Topic: Problem with Bridge on CRS125-24G-1S
Replies: 6
Views: 1036

Re: Problem with Bridge on CRS125-24G-1S

What about the traffic do you wish to "manage" per interface? I suspect you can manage as well with the port in switch mode. This device, with all ports bridged, will likely pass around 100 - 200 Mbps of traffic, total. The CPU is not particularly powerful. You will likely be more happy with the res...
by lambert
Sat Jan 16, 2016 9:00 pm
Forum: General
Topic: Queues for PPPoE client on same bridge with DHCP clients
Replies: 1
Views: 768

Queues for PPPoE client on same bridge with DHCP clients

I have 70+ tower routers setup with DHCP on a bridge for AccessPoints. I am working to convert this to PPPoE so that we can have the usual accounting tools provided by PPP/RADIUS. It make sense to me that my existing queue tree setup is not going to match download traffic in my existing queue tree w...
by lambert
Sat Jan 16, 2016 12:28 am
Forum: Scripting
Topic: PPPoE Active Discovery Initialization (PADI)
Replies: 3
Views: 885

Re: PPPoE Active Discovery Initialization (PADI)

I don't understand exactly why you would want to do something like this. However, you may be able to accomplish this with a scheduler entry to run at reboot. Have the script it runs disable the secondary interface then "delay" 10 to 60 seconds, whatever you need, before enabling the interface again....
by lambert
Sat Jan 16, 2016 12:19 am
Forum: Beginner Basics
Topic: Upload limit not working when using PPPoE client and queues
Replies: 1
Views: 545

Re: Upload limit not working when using PPPoE client and queues

Please show us:

/queue export

/int export

maybe even

/ip export

This is going to be some specific little detail. Your English is pretty good, but configuration snippets are more exact than English, even when spoken by natives. :-)
by lambert
Tue Jan 12, 2016 12:10 am
Forum: General
Topic: Best routerboard device for PPPoE server
Replies: 2
Views: 961

Re: Best routerboard device for PPPoE server

Without personal experience, If the CCR isn't cutting it for you, the only option with similar performance capabilities would be x86. You didn't say how many PPPoE clients or what the total bandwidth was. You didn't even tell us what your symptoms are. Maybe you have a low enough load that a RB3011 ...
by lambert
Sat Jan 09, 2016 9:25 am
Forum: Wireless Networking
Topic: how to start troubleshooting slow wireless connection (iPhone<->2011UAS-2HnD)
Replies: 1
Views: 1081

Re: how to start troubleshooting slow wireless connection (iPhone<->2011UAS-2HnD)

Your router has two radio chains.

I do not have an iPhone. My Samsung Galaxy S4 only has one radio chain. If your iPhone is like my Samsung, that is why your iPhone shows half the speed of your laptop which has two (or more) radio chains.
by lambert
Thu Jan 07, 2016 8:03 pm
Forum: General
Topic: Tx/Rx rate rate of ethernet interafaces suddenly drops to zero and then resumes to actual traffic
Replies: 3
Views: 1728

Re: Tx/Rx rate rate of ethernet interafaces suddenly drops to zero and then resumes to actual traffic

It's just a statistics gathering/display anomaly. It's been brought up several times in the forums. It may not be the easiest symptom to search for in the forum.
by lambert
Thu Jan 07, 2016 10:03 am
Forum: General
Topic: packet loss on 6.32.3 on CCR, okay on 6.30.4
Replies: 0
Views: 1080

packet loss on 6.32.3 on CCR, okay on 6.30.4

Either I'm not coming up with the right search terms or no one has this issue. A few weeks ago, I upgraded my main backbone of tower routers to 6.32.3 from 6.18 and 6.27. Everything looked okay. We were passing traffic at about the same level as before. Yea! We started getting a few complaints from ...
by lambert
Thu Oct 22, 2015 9:49 am
Forum: Scripting
Topic: hotspot specific user log-in
Replies: 3
Views: 746

Re: hotspot specific user log-in

It is good to have the positive feedback. Thanks.
by lambert
Sat Aug 01, 2015 7:45 am
Forum: Beginner Basics
Topic: Need Help!!
Replies: 1
Views: 354

Re: Need Help!! [limiting access between subnets]

Add to your reading list: http://wiki.mikrotik.com/wiki/Manual:IP/Address http://wiki.mikrotik.com/wiki/Manual:IP/Firewall You will want to configure the IP addresses on the appropriate interfaces. Then you will want to add firewall rules to the forward chain permitting traffic from each subnet to t...
by lambert
Sat Aug 01, 2015 7:18 am
Forum: General
Topic: Wireless Access Point preference
Replies: 3
Views: 642

Re: Wireless Access Point preference

Different SSID per sector or only per tower? 2 ideas: Number 1: Set all of the connect list entries to disabled. Write a script to 1. scan for APs 2. determine which one has the strongest signal 3. set the appropriate connect list entry to enabled Maybe? Number 2: Setting the signal level to your mi...
by lambert
Sat Aug 01, 2015 6:31 am
Forum: General
Topic: PPPoE Server with Radius - connection timeout - Router Os
Replies: 1
Views: 573

Re: PPPoE Server with Radius - connection timeout - Router Os

What does the RADIUS server say about it?
by lambert
Sat Aug 01, 2015 6:01 am
Forum: General
Topic: drop rule above fasttrack rule not working
Replies: 1
Views: 504

Re: drop rule above fasttrack rule not working

I read http://wiki.mikrotik.com/wiki/Manual:Fast_Path#IPv4_FastTrack_handler to mean that once a connection has been fasttracked it will bypass all firewall rules until the connection is terminated. I don't know if you can take a connection out of the fasttrack by killing the connection in ip firewa...
by lambert
Sat Aug 01, 2015 5:51 am
Forum: General
Topic: RB911G-5HPacD performance?
Replies: 1
Views: 313

Re: RB911G-5HPacD performance?

Wireless performance depends on environmental factors such as free space path loss and obstruction path loss and gain of attached antenna and loss of attached coaxial cable at each end. For ideal 802.11 AC throughputs with various channel widths, search the web for terms along those lines. Wikipedia...
by lambert
Sat Aug 01, 2015 5:28 am
Forum: General
Topic: Seeing BGP/OSPF Traffic in Queue Tree
Replies: 3
Views: 1108

Re: Seeing BGP/OSPF Traffic in Queue Tree

I'm tagging BGP/OSPF traffic in the firewall with mangle rules. I show the counters increasing on the mangle rules showing the traffic is tagged. However, in queue tree, I'm looking for the tagged packets, but getting nothing. Mangle Rules <snip> Queue Tree /queue tree add burst-limit=0 burst-thres...
by lambert
Sat Aug 01, 2015 5:07 am
Forum: General
Topic: RouterOS API
Replies: 7
Views: 893

Re: RouterOS API

Did you try reading the wiki page (linked in your post) which documents use of that particular API implementation. For what you want, focus toward example 3. But read the whole thing. boen_robot seems to be a nice guy, or robot, (it is hard to tell on the Internet :D ) and helps with a lot of API qu...
by lambert
Sat Aug 01, 2015 5:01 am
Forum: The User Manager
Topic: multiple address list
Replies: 1
Views: 1129

Re: multiple address list

What does your IP nat rule look like? Does it NAT based on src-address? Does that src-address cover all of the subnets? You didn't give us much information about your setup. Hopefully you have addresses in 192.168.3.0/24 and 192.168.4.0/24 on the inside interface of your router and your devices are ...
by lambert
Sat Aug 01, 2015 2:05 am
Forum: Beginner Basics
Topic: 2 subnets in same network with 2 DHCP servers, possible?
Replies: 6
Views: 1585

Re: 2 subnets in same network with 2 DHCP servers, possible?

I don't see a problem with your original request. Just run ethernet from the WAN interface of the upstairs MikroTik to an empty port on the downstairs MikroTik. Run the upstairs mikrotik in the default config of a home or soho AP. Change the LAN IPs if you want so long as the IPs are different than ...
by lambert
Thu Jul 30, 2015 11:02 am
Forum: Wireless Networking
Topic: Switch for the BTS end ?
Replies: 1
Views: 421

Re: Switch for the BTS end ?

Many MikroTik routers have groups of switched ports. You could use any of them which also has an SFP slot for this task. The RB2011 and the CRS series come to mind. The RB260GS or RB260GSP are also options from MikroTik. They run SwitchOS rather than RouterOS. Or, you can get a switch from some othe...
by lambert
Thu Jul 30, 2015 10:52 am
Forum: Scripting
Topic: hotspot specific user log-in
Replies: 3
Views: 746

Re: hotspot specific user log-in

Without having tried it myself... It looks like you could build an /ip hotspot user profile specifically for that user, then set the user with "specialusername" to have that profile. Winbox shows script edit fields for "On Login" and "On Logout" in the IP hotspot User Profile settings. Like I say, n...
by lambert
Thu Jul 30, 2015 10:17 am
Forum: General
Topic: Hotspot where "free trial" is 1mbps/512kbps and authenticated gets >3mbps/1mbps?
Replies: 2
Views: 492

Re: Hotspot where "free trial" is 1mbps/512kbps and authenticated gets >3mbps/1mbps?

I'm trying the non-streaming plan doing an automatic login using a hotspot user and plaintext password in the login link. It seems to work. <a href="$(link-login-only)?dst=$(link-orig-esc)&username=defaultguest&password=defaultguest"> The code box wants to word-wrap at a hyphen on my screen. I suspe...
by lambert
Tue Jul 28, 2015 12:03 am
Forum: General
Topic: Hotspot where "free trial" is 1mbps/512kbps and authenticated gets >3mbps/1mbps?
Replies: 2
Views: 492

Hotspot where "free trial" is 1mbps/512kbps and authenticated gets >3mbps/1mbps?

I'm trying to meet a customer's requirements of giving wifi guests the option of WiFi at slow speeds (e-mail and basic web capable) for free or signing up for streaming capable speeds via a credit card / RADIUS. I've been looking for examples for a few hours and don't see something similar. If anyon...
by lambert
Wed Jul 08, 2015 2:47 am
Forum: RouterBOARD hardware
Topic: Seeking Hardware Recommendation?
Replies: 4
Views: 851

Re: Seeking Hardware Recommendation?

You didn't tell us how much bandwidth you have coming in. Do you want to handle VPN connections from outside? You said you want to get rid of the TDS router. But you also said you cannot get rid of the TDS router and keep your video service. You would need input from someone who knows the TDS system...
by lambert
Wed Jul 08, 2015 2:32 am
Forum: General
Topic: Bandwidth management on the fly
Replies: 1
Views: 466

Re: Bandwidth management on the fly

How do you decide to rate limit them? What queueing method are you using?
by lambert
Sun Jul 05, 2015 8:26 am
Forum: General
Topic: BGP with CCR1009 ?
Replies: 5
Views: 760

Re: BGP with CCR1009 ?

That is completely up to your choice of network architecture design, and budget. It is considered good practice to have one router do the eBGP and other routers handle the IGP. But that is not strictly required. Whether you use one router or two to handle the eBGP peers, is up to you. Two routers ei...
by lambert
Sun Jul 05, 2015 8:00 am
Forum: General
Topic: BGP with CCR1009 ?
Replies: 5
Views: 760

Re: BGP with CCR1009 ?

That depends on your tolerance to slow BGP table loads. *I* would use what I have and if BGP table loads are too painful for *my* environment, grab an x86 router. You have to make your own decision... :-) Even a Pentium 4 would likely have faster BGP table loads. A decent i7, in a network appliance ...
by lambert
Sun Jul 05, 2015 7:47 am
Forum: General
Topic: BGP with CCR1009 ?
Replies: 5
Views: 760

Re: BGP with CCR1009 ?

CPU wise for handling the throughput, the CCR1009 should be able to handle it in its sleep. BGP wise, if you are taking full routes from both providers, it will likely take some time to get the routes downloaded and integrated. It's a single threaded process at this time so only one core is used. A ...
by lambert
Wed Jul 01, 2015 10:42 am
Forum: General
Topic: Leap Second insertion
Replies: 7
Views: 1555

Re: Leap Second insertion

We only have a handful of CCRs, 1036 and 1009. 6.18, 6.24, and 6.27.

No lockups.

The RouterOS NTP client, in unicast mode, is pointed at 2 of our FreeBSD servers which are synced to pool.ntp.org.
by lambert
Fri May 15, 2015 1:57 am
Forum: RouterBOARD hardware
Topic: RB2011UAS-2HnD-IN Questions Topic
Replies: 215
Views: 92477

Re: RB2011UAS-2HnD-IN Questions Topic

first i've setup an basic setup for notebook and xbox(360/ONE) in the web utility. wireless connections are all stable and good, however on the 1Gbit port of the Routerboard it totally collapse the connection when i want to advertise only on 1Gbit full duplex. (the 1Gbit port is literally going off...
by lambert
Fri May 15, 2015 1:18 am
Forum: RouterBOARD hardware
Topic: RB2011UAS-2HnD-IN Questions Topic
Replies: 215
Views: 92477

Re: RB2011UAS-2HnD-IN Questions Topic

How many active users does this hardware (Rb2011) handle simuntaneously without any Hic-ups or system crashes? How many vehicles can be carried on a ferry without tipping over? It depends. Are some vehicles buses and some vehicles "Smart" cars? How many of each exactly? How many are motorcycles? Ho...
by lambert
Wed May 13, 2015 9:35 pm
Forum: RouterBOARD hardware
Topic: Need more CPU and 10 eth ports - which device to choose?
Replies: 12
Views: 1459

Re: Need more CPU and 10 eth ports - which device to choose?

Oh and the RB1100AHx2 is a 5 port router with two 4 port switches.
by lambert
Wed May 13, 2015 9:33 pm
Forum: RouterBOARD hardware
Topic: Need more CPU and 10 eth ports - which device to choose?
Replies: 12
Views: 1459

Re: Need more CPU and 10 eth ports - which device to choose?

I would not worry about number of ports on the router unless you need that many WAN connections, or have a lot of isolated internal LAN subnets. You need WAN and LAN connections on the new router. Continue to use your existing CRS as a switch. If you have multiple internal LANs that need to be route...
by lambert
Tue May 12, 2015 6:10 pm
Forum: General
Topic: Help! PPPoE and Static same interface
Replies: 15
Views: 3402

Re: Help! PPPoE and Static same interface

Hi all, I am trying to find out how to make a connection similar to the one I have at the moment but I want to improve the network to RouterOS. I bought a CRS109 and want to make it my default router at home. I have a bridge that brings ADSL as a PPPoE, but I would like to still access this bridge'...
by lambert
Thu Apr 30, 2015 10:02 pm
Forum: General
Topic: nonat in mikrotik
Replies: 1
Views: 492

Re: nonat in mikrotik

That would go something like: /ip firewall address-list add list=nonat address=nonatIP /ip firewall address-list add list=nonat address=nonatsubnet/prefix comment="if desired, document here" /ip firewall nat chain=src-nat src-address-list=nonat action=accept /ip firewall nat chain=src-nat src-addres...
by lambert
Thu Apr 23, 2015 7:12 am
Forum: General
Topic: Torrent
Replies: 43
Views: 10004

Re: Torrent

normis, I modified your script slightly. It should work on *BSD and Mac OS X/Darwin without having to install extra software and everywhere else with wget. Tested on FreeBSD and MacOS X. #!/usr/bin/env sh ARCH=$(uname -s) case $ARCH in FreeBSD) GETIT="fetch -q"; OUT="-o -"; ;; *BSD|Darwin) GETIT="ft...
by lambert
Wed Apr 15, 2015 3:23 pm
Forum: Beginner Basics
Topic: In-network websites unreachable
Replies: 9
Views: 1097

Re: In-network websites unreachable

That depends on the specifics of what RouterOS version and how you configured everything.
by lambert
Wed Apr 15, 2015 3:19 pm
Forum: Scripting
Topic: script for only e.g. facebook
Replies: 3
Views: 815

Re: script for only e.g. facebook

block 443
by lambert
Wed Apr 15, 2015 8:04 am
Forum: Scripting
Topic: script for only e.g. facebook
Replies: 3
Views: 815

Re: script for only e.g. facebook

Maybe you could use an access rule with the web proxy which is transparently applied only for your "certain group of users" however you decide to identify them?

http://wiki.mikrotik.com/wiki/Manual:IP/Proxy
by lambert
Wed Apr 15, 2015 7:59 am
Forum: Beginner Basics
Topic: In-network websites unreachable
Replies: 9
Views: 1097

Re: In-network websites unreachable

It might be MTU issues. Do large pings work? Does SSH hang when you move a lot of data through the connection?
by lambert
Sat Apr 04, 2015 9:53 am
Forum: General
Topic: Is QuickSet a threat with pppoe?
Replies: 10
Views: 1026

Re: Is QuickSet a threat with pppoe?

I am new to Mikrotik and ROS and I'm currently using ROS 6.27 with a RB951Ui-2HnD. My ISP uses pppoe for authentication and I used QuickSet with the "HomeAP"-Setting. When taking a look at firewall rules the device is open to the whole world. After half an hour, I got 200 failed logins in the log v...
by lambert
Fri Apr 03, 2015 7:43 pm
Forum: Forwarding Protocols
Topic: Making BGP Changes
Replies: 11
Views: 1241

Re: Making BGP Changes

For outbound traffic, probably. Do it at 2AM anyway. If you are advertising routes to your provider, (Why would you run BGP if you're not?), then the routes you are advertising will probably go away until the BGP session rebuilds. That will most likely make your static default route immaterial from ...
by lambert
Thu Mar 26, 2015 8:07 pm
Forum: General
Topic: Router Suggestion
Replies: 3
Views: 640

Re: Router Suggestion

Well, without knowing your WAN speeds I have to say "get the RB1100AHx2." If you have more than 100Mbps total, you will likely run out of power with the RB2011 series.
by lambert
Thu Mar 26, 2015 7:37 pm
Forum: General
Topic: 1 year uptime on CCR1036-12G-4S
Replies: 7
Views: 1277

Re: 1 year uptime on CCR1036-12G-4S

The CCRs need some reports of good uptimes under load to counter the bad "press" they deservedly received when first released. I see some people who wrote off the CCR line entirely back in the pre-6.7 days. These people haven't noticed that most issues appear to be fixed, for many, not all and maybe...
by lambert
Thu Mar 26, 2015 1:51 am
Forum: General
Topic: 1 year uptime on CCR1036-12G-4S
Replies: 7
Views: 1277

Re: 1 year uptime on CCR1036-12G-4S

Thought I would share this for you all, from one of our CCR's... Would you mind telling us what functions this router is fulfilling? BGP, OSPF, Queue Trees, NTP server ......? I had 270+ days on my BGP(1 peer, partial routes)/OSPF/50 firewall rules/20 vlans/occasional L2TP/IPsec server/500Mbps CCR1...
by lambert
Sat Mar 14, 2015 12:31 am
Forum: Beginner Basics
Topic: What about EIGRP at Mikrotik
Replies: 7
Views: 2216

Re: What about EIGRP at Mikrotik

The protocol is not supported on RouterOS. You will want to use RIP, OSPF, or iBGP.
by lambert
Fri Mar 13, 2015 3:39 am
Forum: General
Topic: Terminating outdoor cable inside
Replies: 1
Views: 429

Re: Terminating outdoor cable inside

Sounds like a plan if your install budget can handle it. There have got to be less expensive cat6 surface mount parts. If you don't feel strongly about having the entry point stuck down, you could go with something like : http://www.deepsurplus.com/Network-Structured-Wiring/Ethernet-CAT5e-Inline-Ada...
by lambert
Thu Mar 12, 2015 6:20 pm
Forum: General
Topic: Router Suggestion
Replies: 3
Views: 640

Re: Router Suggestion

WAN speeds?

Off-site VPN clients? If yes, what type of VPN?

Rate limiting or traffic prioritization for internal users?
by lambert
Thu Mar 12, 2015 4:59 pm
Forum: General
Topic: _HUGE_ Packet loss on CRS125 :(((
Replies: 66
Views: 8998

Re: _HUGE_ Packet loss on CRS125 :(((

I have no opinion on whether or not this will help your issue. Have you tried http://forum.mikrotik.com/viewtopic.php?t=92711#p463429.
by lambert
Thu Mar 12, 2015 12:01 am
Forum: General
Topic: Billing software with Radius support
Replies: 3
Views: 1367

Re: Billing software with Radius support

If you are a typical Wireless ISP, off the top of my head: http://freeside.biz/freeside http://wispmon.com http://powercode.com http://visp.net http://azotel.com http://ispbilling.com http://billmax.com There are probably other options. If you just want to do hotspot billing, there are other package...
by lambert
Tue Mar 03, 2015 2:06 am
Forum: General
Topic: RouterOS DHCP + Freeradius - Queues
Replies: 19
Views: 4984

Re: RouterOS DHCP + Freeradius - Queues

That fixes a problem which was introduced after 6.18.
by lambert
Wed Feb 18, 2015 5:56 am
Forum: Beginner Basics
Topic: When auto updating, Error connection timed out
Replies: 29
Views: 17454

Re: When auto updating, Error connection timed out

While all management traffic works to my RouterOS devices and I can ping and SSH to the general Internet from the RouterOS devices, the auto update checker timed out until I added the state checking rules to the firewall's input chain. Maybe it is using FTP underneath. I didn't dig into why it would...
by lambert
Mon Feb 16, 2015 11:17 pm
Forum: General
Topic: _HUGE_ Packet loss on CRS125 :(((
Replies: 66
Views: 8998

Re: _HUGE_ Packet loss on CRS125 :(((

Do you have any packet loss with -i 0.01? Do you have any packet loss with -s 1472? The CPU on the CRS is small. Watch cpu utilization while you run the ping command. You are doing a serious flood ping with your existing ping command. Your existing size is forcing it to send 7 packets over the wire ...
by lambert
Mon Feb 16, 2015 7:11 pm
Forum: General
Topic: Need help: DHCP on VLAN bridge not working, works on just an interface?
Replies: 11
Views: 7733

Re: Need help: DHCP on VLAN bridge not working, works on just an interface?

/interface bridge port add bridge=bridge-vlan21 port=ether4-vlan21
by lambert
Mon Feb 16, 2015 7:03 pm
Forum: General
Topic: Router and 2 AP
Replies: 2
Views: 520

Re: Router and 2 AP

Please start by reading the pages linked from here: http://wiki.mikrotik.com/wiki/Category:Wireless

If you still have trouble, come back and ask us about the specific item which is giving you trouble.
by lambert
Mon Feb 16, 2015 6:55 pm
Forum: General
Topic: freeradius+dhcp with mikrotik - no netmask and gateway
Replies: 5
Views: 2359

Re: freeradius+dhcp with mikrotik - no netmask and gateway

Hello.. i'm try this case too .. but still no running. please let me know the detail ... You tried which way? There are two scenarios described before your post and we cannot tell to which message you are referring. Please describe your setup, tell us what version of RouterOS you are using, and sho...
by lambert
Fri Jan 23, 2015 10:38 am
Forum: General
Topic: Issue with DHCP and PPPoE servers on the same bridge?
Replies: 0
Views: 328

Issue with DHCP and PPPoE servers on the same bridge?

We have a WISP with several towers. There are multiple APs per tower. All of the APs are in one bridge with port horizon and / or bridge filters to keep the users from speaking to one another. We use DHCP + RADIUS auth to hand IPs to the customer. It works. But we are missing the accounting records ...
by lambert
Mon Jan 19, 2015 8:06 am
Forum: Beginner Basics
Topic: rb850gx2 speed problem
Replies: 7
Views: 1350

Re: rb850gx2 speed problem

I would start by putting the passthrough=no rules immediately following the rules which create the connections marks they look for. I think you will spend less time comparing traffic for each possible condition before short circuiting out of the loop. Then, look for the set of rules which see the mo...
by lambert
Fri Jan 16, 2015 9:40 am
Forum: Wireless Networking
Topic: Contention Ratio calculation
Replies: 1
Views: 1549

Re: Contention Ratio calculation

I think there have been several conversations on this forum on this topic. You might want to use the search function.
by lambert
Tue Dec 30, 2014 10:20 am
Forum: General
Topic: Ditch ubiquiti and come to mikrotik?
Replies: 39
Views: 7501

Re: Ditch ubiquiti and come to mikrotik?

i'll go in there and run a cable around the perimeter of my office temporarily to test...... as which i'm sure you and the others that mentioned doing so are correct. so, for each device that talks to the ap, cut the rate in two and divide by the number of connected devices? starting with say 144, ...
by lambert
Tue Dec 30, 2014 10:14 am
Forum: General
Topic: Ditch ubiquiti and come to mikrotik?
Replies: 39
Views: 7501

Re: Ditch ubiquiti and come to mikrotik?

Possibly because the AP is screaming. Possibly because of other noise. Do you have both chains enabled on the AP? 40 MHz, 1 chain = 144mbps.
by lambert
Tue Dec 30, 2014 9:41 am
Forum: General
Topic: Ditch ubiquiti and come to mikrotik?
Replies: 39
Views: 7501

Re: Ditch ubiquiti and come to mikrotik?

- the 15GB vid is at least 2hrs. in length. so that should be a paltry 125MB/minute or 2.08MB/sec (16.66Mbit/sec). That should be easily achieved, even on the lesser 144Mbit connection....... right? 144Mbps air rate yields approximately 72Mbps of data throughput. Now, with two devices talking to ea...
by lambert
Thu Dec 11, 2014 1:37 am
Forum: General
Topic: l2tp keepalive?
Replies: 5
Views: 1338

Re: l2tp keepalive?

Did you change the keepalive setting on both sides?

I have not done the research, but you can, to know if the keepalive value is negotiated to the smallest acceptable value between L2TP peers or not.
by lambert
Thu Nov 27, 2014 2:31 am
Forum: General
Topic: Wisp Routing or Bridging
Replies: 3
Views: 1631

Re: Wisp Routing or Bridging

RTFW. If you have specific questions after reading the fine wiki, http://wiki.MikroTik.com/, someone may be able to offer assistance.
by lambert
Wed Nov 26, 2014 10:00 pm
Forum: General
Topic: I need skilled eyes on my config
Replies: 2
Views: 641

Re: I need skilled eyes on my config

This thread has a similar question to yours. You have to define VLANs as sub-interfaces of their master interfaces. Then you use bridges including the VLAN interfaces into the appropriate grouping.

http://forum.mikrotik.com/viewtopic.php ... 88#p457425
by lambert
Wed Nov 26, 2014 9:11 pm
Forum: General
Topic: How much Bandwidth is required? [WISP]
Replies: 16
Views: 3788

Re: How much Bandwidth is required? [WISP]

Given my pricey bandwidth upstream, I can see this topic changing to "How so I conserve bandwidth" and "How do I make my service seem fast". Web cache (squid) is one way. But this is only for httptraffic. Qos is also another important tool (i.e. Give priority to http  and VoIP). Any other 'tricks...
by lambert
Tue Nov 25, 2014 1:16 am
Forum: General
Topic: WISP Project
Replies: 8
Views: 2939

Re: WISP Project

Yeah, that diagram is generally how I would do it. Make sure the AP 10.1.2.2 is configured with default forward turned off. If you have more than one AP, keep them in separate networks or use bridge filters or port horizon settings to keep traffic from coming in on one IP and going back out to a cli...
by lambert
Tue Nov 25, 2014 12:05 am
Forum: General
Topic: How much Bandwidth is required? [WISP]
Replies: 16
Views: 3788

Re: How much Bandwidth is required? [WISP]

It depends. I have towers with 30 clients which use 60Mbps during peak hours. I have towers with 50 clients which use 12Mbps during peak hours. It depends on the customers. Younger clients tend to use more bandwidth than older clients. Wealthier clients tend to use more bandwidth than less wealthy c...
by lambert
Mon Nov 24, 2014 11:40 pm
Forum: General
Topic: Wisp Routing or Bridging
Replies: 3
Views: 1631

Re: Wisp Routing or Bridging

Routing. Always. You can setup VLANs from each AP back to the CCR1036 if you don't want to put a router at each tower. That will keep you from having one huge broadcast domain. If you run PPPoE on the CCR, you will be okay, as long as the back-hauls are managed via a separate VLAN than is used to tr...
by lambert
Mon Nov 24, 2014 11:22 pm
Forum: General
Topic: Remote Syslog Issue in CCR1036 & 450G
Replies: 7
Views: 1989

Re: Remote Syslog Issue in CCR1036 & 450G

Yes, i am able to ping from both routers and kiwi syslog to routers also , even i tried to upgrade and downgrade the versions but same issue repeated. check out the images and .rsc of non working and working Please, do not make gratuitous changes such as changing the version of RouterOS. Let us deb...
by lambert
Sat Nov 22, 2014 8:06 am
Forum: General
Topic: My Internet provider have a "connections limit"..
Replies: 12
Views: 2746

Re: My Internet provider have a "connections limit"..

What kind of connection limit? Session time limit? Bytes transferred limit? Simultaneous TCP connection limit? Something else? You have to actually get around to telling us exactly what the problem is for us to be able to offer suggestions. When plisken asked for more information, you told us the sa...
by lambert
Fri Nov 21, 2014 9:18 am
Forum: General
Topic: WISP Project
Replies: 8
Views: 2939

Re: WISP Project

"Don't bridge networks" which means don't build a network of 100's of clients across several towers all in the same broadcast domain. Bridging your backhauls makes the configuration of the radios simpler. It makes them more like a long ethernet cable between towers. It is not wrong to do it the way ...
by lambert
Fri Nov 21, 2014 8:35 am
Forum: Beginner Basics
Topic: Mikrotik RB2011 UniFi 2 SSID and Local Network
Replies: 6
Views: 3286

Re: Mikrotik RB2011 UniFi 2 SSID and Local Network

I think the mikrotik way is to create vlans 200 and 300 on each of the UniFi ethernet interfaces, then put each VLAN interface in into the appropriate bridge. /interface vlan add interface=ether3 name=E03_V200 vlan-id=200 add interface=ether3 name=E03_V300 vlan-id=300 add interface=ether4 name=E04_V...
by lambert
Fri Nov 21, 2014 6:12 am
Forum: General
Topic: Remote Syslog Issue in CCR1036 & 450G
Replies: 7
Views: 1989

Re: Remote Syslog Issue in CCR1036 & 450G

Actually, he didn't follow instructions at all... I asked for exports in case there is something which set or unset which is one of the many RouterOS configuration parameters which do not show in the results of a print command. Also, I guess we are supposed to take his word for it that the non-worki...
by lambert
Fri Nov 21, 2014 5:58 am
Forum: General
Topic: Linking a Public IP with a Private IP
Replies: 6
Views: 1403

Re: Linking a Public IP with a Private IP

It doesn't work... :( I still cant figure it out why.
So, show us what you tried so we can help figure out what went wrong. Most of us don't read minds around here.
by lambert
Thu Nov 20, 2014 9:06 am
Forum: General
Topic: CSR125-25G Not Loading Previous Sessions
Replies: 6
Views: 1061

Re: CSR125-25G Not Loading Previous Sessions

I think the corruption tends to happen when a session was not closed cleanly. Like when I get ready to leave and close the lid on the laptop without logging out. It doesn't happen all the time, probably not even 2% of the time. But, quite often across all models of my 70 or so devices. The other alt...
by lambert
Thu Nov 20, 2014 9:00 am
Forum: General
Topic: Remote Syslog Issue in CCR1036 & 450G
Replies: 7
Views: 1989

Re: Remote Syslog Issue in CCR1036 & 450G

Show from a working router the results of /system syslog export.

Show from a non-working router the results of /system syslog export.

Ensure the IP addresses from both routers are permitted to talk to the Kiwi server on the syslog port.
by lambert
Thu Nov 20, 2014 8:55 am
Forum: General
Topic: CSR125-25G Not Loading Previous Sessions
Replies: 6
Views: 1061

Re: CSR125-25G Not Loading Previous Sessions

I would begin by assuming that the winbox settings which are saved for this device are corrupt. Corruption of saved layout is something which happens all the time. Log in without "Load Previous Session" checked. Log out. Log in with "Load Previous Session" checked. Make changes. Log out. Cross your ...
by lambert
Mon Nov 17, 2014 9:55 pm
Forum: Beginner Basics
Topic: Firewall rule
Replies: 7
Views: 1720

Re: Firewall rule

That one rule will not prevent traffic from the ether2 LAN getting to the ether1 LAN. You would have to write another rule with the in and out interfaces flipped to do that, if that is what you want.
by lambert
Fri Nov 14, 2014 8:52 pm
Forum: General
Topic: DHCP issue
Replies: 4
Views: 1057

Re: DHCP issue

I've seen this when there was packet loss between the wireless CPE and the AP.
by lambert
Fri Nov 14, 2014 7:29 pm
Forum: General
Topic: RouterOS DHCP + Freeradius - Queues
Replies: 19
Views: 4984

Re: RouterOS DHCP + Freeradius - Queues

Okay, that makes sense and explains why we do not have a problem. On our network, every user is in an address-list. You might want to make a feature request of MikroTik to use the session-timeout as an address-list timeout. But it would still be there until timeout expired even if you force the devi...
by lambert
Fri Nov 14, 2014 6:41 am
Forum: General
Topic: WISP Project
Replies: 8
Views: 2939

Re: WISP Project

It's simple enough. Static routes are always simple. If you are going to add more sites, you will eventually want to add a dynamic routing protocol to the mix. I'm not sure if you made a typographical error putting 10.10.3.0/24 on two interfaces on the tower router or if that device is a switch. Are...
by lambert
Fri Nov 14, 2014 6:04 am
Forum: RouterBOARD hardware
Topic: CRS125-24G-1S-2HnD-IN - What kind of throughput will I get?
Replies: 4
Views: 1635

Re: CRS125-24G-1S-2HnD-IN - What kind of throughput will I g

If you want to link the switches together, you may want to look at using 10G Ethernet over fiber with different MikroTik switches. http://routerboard.com/CRS210-8G-2SplusIN or http://routerboard.com/CRS226-24G-2SplusIN or if you have a 19" rack: http://routerboard.com/CRS226-24G-2SplusRM There is no...
by lambert
Fri Nov 14, 2014 5:27 am
Forum: Beginner Basics
Topic: Firewall rule
Replies: 7
Views: 1720

Re: Firewall rule

So, you want PC1 to talk to RouterBoard 1 only and PC2 to talk to RouterBoard 2 only? And network1 is, for example, 192.168.1.0/24 and network2 is 192.168.2.0/24? Is that what you mean? if so, you just need something like this on routerboard 2 assuming PC2's IP is 192.168.2.12. Untested and typed in...
by lambert
Fri Nov 14, 2014 4:46 am
Forum: General
Topic: IPsec Disconnects
Replies: 3
Views: 1871

Re: IPsec Disconnects

I have the same problem. I'm just posting a me too here so you know you're not alone.

http://forum.mikrotik.com/viewtopic.php?f=2&t=88389
by lambert
Fri Nov 14, 2014 4:04 am
Forum: General
Topic: New forum look & feel
Replies: 64
Views: 8446

Re: New forum look & feel

The "View unread posts" is not gone - it's at the "Forum" menu on top, renamed to "View new posts" ("unread" is implied). It is gone. "View unread posts" and "View new posts" are 2 totally different functions. "unread" is NOT implied, as "View new posts" shows posts already red. Ah. I see what you ...
by lambert
Thu Nov 13, 2014 11:56 pm
Forum: General
Topic: RouterOS DHCP + Freeradius - Queues
Replies: 19
Views: 4984

Re: RouterOS DHCP + Freeradius - Queues

by lambert
Thu Nov 13, 2014 11:42 pm
Forum: General
Topic: RouterOS DHCP + Freeradius - Queues
Replies: 19
Views: 4984

Re: RouterOS DHCP + Freeradius - Queues

What reply attributes are you returning? It works for us all day every day. Below are the attributes we use for everyone. Customers with static IP addresses also get a Framed-IP attribute from the radreply table. mysql> select * from radgroupreply where groupname = "1MbCustomers"; +-----+-----------...
by lambert
Wed Nov 05, 2014 9:41 am
Forum: General
Topic: Not able to connect to device by IP after resetting
Replies: 3
Views: 626

Re: Not able to connect to device by IP after resetting

I think that is the default config for the RB1100AHx2.

The higher end devices seem to ship with a default which is less crowded. The SOHO devices ship with the more complete configuration to make them behave more like a typical consumer device out of the box.
by lambert
Wed Nov 05, 2014 9:03 am
Forum: Beginner Basics
Topic: Problems with mikrotik pppoe/freeradius/sql authentication
Replies: 5
Views: 2754

Re: Problems with mikrotik pppoe/freeradius/sql authenticati

You are doing things which are more complicated than most forum members get into. The forum members who know what you are doing tend to be busy doing these things and don't always have time to help out. The radiusd -X snippet you posted shows FreeRADIUS handling an accounting packet received from 10...
by lambert
Wed Nov 05, 2014 5:51 am
Forum: General
Topic: FreeRadius limits
Replies: 2
Views: 856

Re: FreeRadius limits

Are you getting accounting data from the MikroTik to FreeRADIUS?
by lambert
Wed Nov 05, 2014 5:36 am
Forum: General
Topic: Slower download and upload
Replies: 4
Views: 826

Re: Slower download and upload

It sounds like it may be time for an upgrade to an RB850Gx2. Unless you want to go crazy and upgrade to a rack mount unit, CCR or RB1100AH.
by lambert
Wed Nov 05, 2014 5:24 am
Forum: Beginner Basics
Topic: router was rebooted without proper shutdown
Replies: 2
Views: 777

Re: router was rebooted without proper shutdown

It can't hurt to do a clean shutdown. It would also give the router a chance to write DHCP lease information and graph information and other things safely to flash rather than loosing the last 5 minutes to an hour worth of data. We don't worry about it. I graph data via SNMP from my monitoring serve...
by lambert
Wed Nov 05, 2014 5:18 am
Forum: General
Topic: Why is RB133 supported by RouterOS v6 while RB133C isn't?
Replies: 5
Views: 1851

Re: Why is RB133 supported by RouterOS v6 while RB133C isn't

Because the RB133C is missing things... I think you answered your own question. :)
by lambert
Wed Nov 05, 2014 5:17 am
Forum: Beginner Basics
Topic: Can websites accessed without a proxy be logged?
Replies: 1
Views: 498

Re: Can websites accessed without a proxy be logged?

You can log it without actually caching the website content. But the easiest way I can think of would involve enabling the web proxy without a cache and adding an access rule to permit and log. You might be able to do it with a Layer 7 filter rule matching only new connection requests to outside IPs...
by lambert
Wed Nov 05, 2014 5:10 am
Forum: General
Topic: CRS-125-24G-1S keeps disconnecting
Replies: 5
Views: 1047

Re: CRS-125-24G-1S keeps disconnecting

I was surprised when I lost connection to the CRS I was configuring today while changing the comment on the port to which I was connected. Not a big deal, just don't change the interface to which you are MAC connected. I don't remember that happening with other models. I may not have paid enough att...
by lambert
Tue Nov 04, 2014 10:56 pm
Forum: General
Topic: RouterOS DHCP + Freeradius - Queues
Replies: 19
Views: 4984

Re: RouterOS DHCP + Freeradius - Queues

With Session-Timeout set to 3600 seconds, the mikrotik re-authenticates them every hour and they get their new MikroTik-Access-List value to change to their new plan speed within an hour of the plan being changed in the database. They can force a renewal before their current lease expires if they a...
by lambert
Tue Nov 04, 2014 10:48 pm
Forum: General
Topic: RouterOS DHCP + Freeradius - Queues
Replies: 19
Views: 4984

Re: RouterOS DHCP + Freeradius - Queues

I am trying to do shaiping via DHCP and got the same issue. I think there is an issue in DHCP processing on Mikrotik side. If station send request first time mikrotik has no lease and correctly sends requests to RADIUS. If station disconnects and resends DHCP request or makes renewal leases, Miroti...
by lambert
Tue Nov 04, 2014 10:06 pm
Forum: Beginner Basics
Topic: ipsec
Replies: 8
Views: 1579

Re: ipsec

What is the solution to help me First, tell us what the problem is. Is the remote IP one of your VPN clients attempting to connect to the VPN server? If so, they are failing to connect for some reason. Enable IPSec debugging. Find out what the error was. If the remote IP is not one of your users at...
by lambert
Tue Nov 04, 2014 2:01 am
Forum: General
Topic: Process logging 100% CPU
Replies: 5
Views: 1066

Re: Process logging 100% CPU

Can you get it to export the configuration via telnet or SSH connection? It may not export the entire config you may want to only '/ip firewall export' If you can, are there any firewall rules which log packets? If so, try to disable the rule. If not just disable all entries under /system logging. /...
by lambert
Tue Nov 04, 2014 1:55 am
Forum: General
Topic: CRS-125-24G-1S keeps disconnecting
Replies: 5
Views: 1047

Re: CRS-125-24G-1S keeps disconnecting

Are you connecting via MAC address or via IP address?

What is the physical networking between your computer and the CRS?

Does is disconnect you if you are not changing things? What things are you changing? Do they affect the link between your computer and the CRS?
by lambert
Tue Nov 04, 2014 1:42 am
Forum: Wireless Networking
Topic: Low TCP throughput SXt5HPACD
Replies: 16
Views: 2272

Re: Low TCP throughput SXt5HPACD

day 3 working on this and still can't get above 170mbs. CCQ unstable and modulation keeps bouncing to different rates. Anyone else got these working stable? Did you scan for other 5.8GHz device which might be operating in the area? Not yours, devices belonging to other people. 80MHz of clean spectr...
by lambert
Tue Nov 04, 2014 1:05 am
Forum: Wireless Networking
Topic: cAP-2n
Replies: 2
Views: 5902

Re: cAP-2n

My cAP-2n just arrived today. Powered it up and set my laptop to 192.168.88.224/24 and hit 192.168.88.1. Awesome, now I'm in. The address acquisition was on static and the ip stated 0.0.0.0 so I changed it to automatic. Plugged the cAP-2n into my RB750 and I am unable to see the cAP-2n from the RB7...
by lambert
Mon Oct 27, 2014 5:15 pm
Forum: Beginner Basics
Topic: Dual Chain
Replies: 12
Views: 4385

Re: Dual Chain

Just to be sure we've answered your first questions without requiring any physics. (You had three questions): Dual chains means faster wireless throughput. Second question: In RouterOS, there are two checkboxes under the wireless interface configuration to enable or disable each chain. Third questio...
by lambert
Mon Oct 27, 2014 5:08 pm
Forum: Beginner Basics
Topic: Dual Chain
Replies: 12
Views: 4385

Re: Dual Chain

You are overthinking it. As an appliance operator, you get to check the bullet points. Side A has two chains? Check Side B has two chains? Check Side A has X dBi of antenna gain? Check Side B has X dBi of antenna gain? Check (where X is equal or greater than what you already have installed.) Install...
by lambert
Sat Oct 25, 2014 5:06 am
Forum: Beginner Basics
Topic: Dual Chain
Replies: 12
Views: 4385

Re: Dual Chain

4. there is one channel for both polarities. We can answer specific questions such as these. We usually don't have time to write a curriculum of study to take someone from zero to knowledgeable practitioner. Search engines, with the right query terms, are more time effective. I apologize if that see...
by lambert
Fri Oct 24, 2014 6:33 am
Forum: Beginner Basics
Topic: Dual Chain
Replies: 12
Views: 4385

Re: Dual Chain

by lambert
Sat Oct 11, 2014 8:24 am
Forum: General
Topic: Block all sites except 3 websites on guest network.
Replies: 1
Views: 476

Re: Block all sites except 3 websites on guest network.

Begin with http://wiki.mikrotik.com/wiki/Manual:IP/Proxy . Specifically: http://wiki.mikrotik.com/wiki/Manual:IP/Proxy#Proxy_based_firewall_.E2.80.93_Access_List Allow the three sites (it may be necessary to allow some sites on which those sites depend). Block everything else. If they are your sites...
by lambert
Tue Sep 30, 2014 8:36 am
Forum: General
Topic: Remove dude from RB493G - is there a way to?
Replies: 6
Views: 1409

Re: Remove dude from RB493G - is there a way to?

Good deal. Glad you got it working.

On which OS are you running VirtualBox? Just curious.
by lambert
Tue Sep 30, 2014 12:25 am
Forum: The Dude
Topic: Recommended Replacement Network Monitoring System??
Replies: 20
Views: 8013

Re: Recommended Replacement Network Monitoring System??

Nagios, PNP, NagioSQL, cacti, mrtg, ...
by lambert
Mon Sep 29, 2014 10:58 pm
Forum: Wireless Networking
Topic: 5500 - 5700Mhz
Replies: 6
Views: 1745

Re: 5500 - 5700Mhz

Those frequencies are allowed IF the device has been certified to comply with the rules and configured correctly and you are not interfering with any licensed user of that spectrum. MikroTik has not had the devices certified. Therefore it is illegal to use MikroTik devices on those frequencies in th...
by lambert
Thu Sep 25, 2014 3:07 am
Forum: Wireless Networking
Topic: Yet another WiFi connectivity issues
Replies: 7
Views: 1215

Re: Yet another WiFi connectivity issues

I agree it looks like 'rather wireless than mikrotik' issue, since beside wireless i really like the platform itself and it works well. If, and i say IF, AP per room considered, any suggestions what gear in particular would/could do the job? Lets say i want to go a little futureproof mode, and hand...
by lambert
Wed Sep 24, 2014 11:42 am
Forum: Wireless Networking
Topic: Yet another WiFi connectivity issues
Replies: 7
Views: 1215

Re: Yet another WiFi connectivity issues

The wireless bandwith varies - depending on the activity, whether it is internet traffic (8 mbps for now - I know it's not a lot :P) or internal traffic (filesharing). Testing indoors/dynamic didn't really make a difference forme. The SSID's are not hidden and the combination with primary wifi and ...
by lambert
Wed Sep 24, 2014 6:43 am
Forum: Wireless Networking
Topic: Yet another WiFi connectivity issues
Replies: 7
Views: 1215

Re: Yet another WiFi connectivity issues

What is the CPU utilization of the RB2011? The bandwidth flowing across the wireless interface? Other interfaces? My thinking is that it could be too busy to get to the group key renegotiation in time. Just a wild guess based on no real data. I don't do much MikroTik wireless. Have you tried setting...
by lambert
Tue Sep 23, 2014 11:59 pm
Forum: General
Topic: Remove dude from RB493G - is there a way to?
Replies: 6
Views: 1409

Re: Remove dude from RB493G - is there a way to?

Figure out why netinstall isn't working.

Have you disabled the firewall on your windows computer?
by lambert
Tue Sep 23, 2014 10:06 pm
Forum: RouterBOARD hardware
Topic: I need a recomandation
Replies: 8
Views: 1305

Re: I need a recomandation

If the budget allows, a CCR1009 might have more future-proofing.

The RB1100AHx2 is probably enough for now. But, it is old tech when the CCRs are new tech. You can see old tech as well tested or on its way out.

The choice would come down to budget and individual preference.
by lambert
Tue Sep 23, 2014 9:57 pm
Forum: RouterBOARD hardware
Topic: suggestion for a 5 gig router after testing ccr 1036
Replies: 12
Views: 2255

Re: suggestion for a 5 gig router after testing ccr 1036

/ip firewall filter add action=drop chain=forward comment="zeus drop" connection-state=new dst-address-list=zeus add action=add-src-to-address-list address-list=level1 address-list-timeout=1m chain=input connection-state=new dst-port=22,23 protocol=tcp add action=add-src-to-address-list address-lis...
by lambert
Mon Sep 22, 2014 10:45 pm
Forum: RouterBOARD hardware
Topic: suggestion for a 5 gig router after testing ccr 1036
Replies: 12
Views: 2255

Re: suggestion for a 5 gig router after testing ccr 1036

Joe asked for : /ip firewall export The reason he asked for that is that it is entirely possible for you to write the rules you described in such a way as to spin your CPU for every packet or only when necessary. You can change IP addresses in the rules for privacy, but showing us exactly what the r...
by lambert
Mon Sep 22, 2014 10:27 pm
Forum: RouterBOARD hardware
Topic: RB1100ahx2 redundant powering
Replies: 15
Views: 4578

Re: RB1100ahx2 redundant powering

What is the amp rating of the new UBNT PoE units? What is the amp rating of the old PoE units? I really expect the amp rating to make more difference than half a volt between 22 and 23 VDC. Unfortunately, I do not see power requirements for the RB1100AHx2 on routerboard.com. My RB1100AHx2 running 5....
  • 1
  • 2