Community discussions

Search found 972 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 20
by sebastia
Tue Jan 22, 2019 5:22 pm
Forum: Beginner Basics
Topic: Bridges across 4011
Replies: 14
Views: 466

Re: Bridges across 4011

Today We have chained 2 Mikrotics, one of them pretending to be ISP and the second one was my R1. In log of the 'fake ISP' the broadcast packet of my Mikrotik was clearly seen going from port 68 to 67, BUT the firewall counter stays on 0 packets. What I'm doing wrong? Accepted before this rule alre...
by sebastia
Tue Jan 22, 2019 5:12 pm
Forum: Beginner Basics
Topic: Bridges across 4011
Replies: 14
Views: 466

Re: Bridges across 4011

Yes it does...
Do you have a dhcp client? Try to firewall it completely in input for UDP...
by sebastia
Tue Jan 22, 2019 5:11 pm
Forum: General
Topic: firewall rules for WAN interface - DHCP firewall rules without effect
Replies: 3
Views: 208

Re: firewall rules for WAN interface - DHCP firewall rules without effect

Well, the firewall is L3, DHCP happens on L2 until the lease is ack'ed by the DHCP server. -Chris DHCP is over UDP, and CAN be firewalled and NEEDS to be allowed or it won't work... See https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol for protocol details In context of the original...
by sebastia
Tue Jan 22, 2019 2:17 pm
Forum: General
Topic: Mark the traffic for YouTube, Facebook, etc.
Replies: 22
Views: 1573

Re: Mark the traffic for YouTube, Facebook, etc.

Maybe google is using and additional dns structure. What ip's are being streamed from? which doman is that? You can contribute to the thread.
by sebastia
Tue Jan 22, 2019 12:10 pm
Forum: General
Topic: Misterious Ethernet problem
Replies: 12
Views: 653

Re: Misterious Ethernet problem

Cable sensing is something different than negotiation.
Cable sensing: which pairs to use for communication
negotiation: at what speed/ when

hence the suggestion to put switch in between to verify if that resolves the issue?
by sebastia
Tue Jan 22, 2019 10:18 am
Forum: Beginner Basics
Topic: QoS Tree VoIP problem
Replies: 8
Views: 249

Re: QoS Tree VoIP problem

Didn't verify it all, but for VOIP it should be fine. packets are marked on output and matching packet-mark is defined on queue for that output interface. As mentioned before, on the inbound (download) side, I would recommend to also do mangling & class-based queueing, but if you're happy for the mo...
by sebastia
Mon Jan 21, 2019 9:49 pm
Forum: Beginner Basics
Topic: VLAN Shenanigans
Replies: 13
Views: 464

Re: VLAN Shenanigans

bridge: in ports, just remove the interface, , and leave the current bridge for the rest as is.

No need for another bridge

then configure ip for that interface, create new pool and then create dhcp server config

firewall config indeed

that's it
by sebastia
Mon Jan 21, 2019 9:39 pm
Forum: Beginner Basics
Topic: QoS Tree VoIP problem
Replies: 8
Views: 249

Re: QoS Tree VoIP problem

1. that is better, it should point to pppoe

3. didn't encounter a "ppp-all" interface before, and it's not treated as a list "out-interface=all-ppp". Just to make sure I would use pppoe-out1 for now.
Once confirmed working, you can try with ppp-all, and verify.
by sebastia
Mon Jan 21, 2019 9:24 pm
Forum: General
Topic: Limiting per User Traffic with PCQ not working reliably on SXT LTE kit [SOLVED]
Replies: 11
Views: 379

Re: Limiting per User Traffic with PCQ not working reliably on SXT LTE kit [SOLVED]

Don't immediately see a reason. What's the ip? Is there any local traffic?
by sebastia
Mon Jan 21, 2019 2:46 pm
Forum: General
Topic: RB951Ui-2HnD+usb LTE - high ping/www timeouts while downloading files
Replies: 1
Views: 72

Re: RB951Ui-2HnD+usb LTE - high ping/www timeouts while downloading files

You're filling your pipe and buffer at ISP by downlaod, and ping and other traffic can't get through in timely fashion. You need to implement QoS. This can be done either by Simple Queues or by Queue Tree, depending on your exact needs. Have a look at https://wiki.mikrotik.com/wiki/Manual:Queue Some...
by sebastia
Mon Jan 21, 2019 2:12 pm
Forum: Beginner Basics
Topic: QoS Tree VoIP problem
Replies: 8
Views: 249

Re: QoS Tree VoIP problem

* "tree" You need one parent queue linked to an interface, with a number of child queues connected to that parent queue, ex: # e1_int is my interface to lan add max-limit=180M name=int parent=e1_int add name=int20 packet-mark=20 parent=int priority=2 add name=int30 packet-mark=30 parent=int priority...
by sebastia
Mon Jan 21, 2019 12:41 pm
Forum: Forwarding Protocols
Topic: Policy based routing problem
Replies: 5
Views: 184

Re: Policy based routing problem

Like so, for all local networks
/ip route rule
add dst-address=192.168.1.0/24 table=main
add dst-address=192.168.2.0/24 table=main
...
by sebastia
Mon Jan 21, 2019 11:44 am
Forum: Beginner Basics
Topic: QoS Tree VoIP problem
Replies: 8
Views: 249

Re: QoS Tree VoIP problem

Hey * your tree should be a tree, not a list! <some main queue linked to interface max=4M> <q1 priority=1> <q2 priority=2> .... Currently each queue can transmit at 4M...-> no QoS * you should also prioritise download, at least giving prio to VOIP * don't use "bucket-size=0" * "out-interface=all-ppp...
by sebastia
Mon Jan 21, 2019 11:32 am
Forum: Forwarding Protocols
Topic: Policy based routing problem
Replies: 5
Views: 184

Re: Policy based routing problem

Routes for directly connected networks are added to main table. Since currently all traffic FROM .3., .4. & .251. are resolved in WAN-DZ, which only knows about internet, routing fails for internal targets.

Add rules to route (before current ones) using main table when targeting internal networks.
by sebastia
Mon Jan 21, 2019 11:11 am
Forum: Virtualization
Topic: Mikrotik CHR speed performance problem
Replies: 16
Views: 1642

Re: Mikrotik CHR speed performance problem

A method to get more speed out of a very busy CHR router: On the physical computer , in the BIOS , disable hyper-threading & set for maximum performance. That's official Intel recommendation, if virtualization is used. HyperThreading does more harm than good, in this case. :D Isn't that mainly beca...
by sebastia
Mon Jan 21, 2019 11:08 am
Forum: Beginner Basics
Topic: VLAN Shenanigans
Replies: 13
Views: 464

Re: VLAN Shenanigans

If it's on a fix port, you wouldn't even need vlan. 1. separate the port from the bridge 2. assign new subnet to it (with if needed dhcp server config) 2bis: for dhcp config, you might want to use an external dns, so that internal ip's aren't leaked 3. in firewall filter:forward disallow connection ...
by sebastia
Mon Jan 21, 2019 1:28 am
Forum: Beginner Basics
Topic: Isolate Computer [SOLVED]
Replies: 2
Views: 129

Re: Isolate Computer [SOLVED]

Isn't this question same as here viewtopic.php?f=13&t=144286 ?
by sebastia
Mon Jan 21, 2019 1:17 am
Forum: Beginner Basics
Topic: VLAN Shenanigans
Replies: 13
Views: 464

Re: VLAN Shenanigans

On a fixed port?
by sebastia
Mon Jan 21, 2019 1:15 am
Forum: RouterBOARD hardware
Topic: increase value sectors write since reboot in ROS 6.36.2
Replies: 5
Views: 909

Re: increase value sectors write since reboot in ROS 6.36.2

Another ex: dhcp server persist to disk.

Best to go over full config, step by step, and disable anything not absolutely needed.
by sebastia
Sun Jan 20, 2019 6:19 pm
Forum: Beginner Basics
Topic: Bridges across 4011
Replies: 14
Views: 466

Re: Bridges across 4011

DHCP broadcast, request, etc is layer 2, firewall is layer 3 of OSI model
dhcp protocol is in UDP, based on IP, and using broadcast ip's when necessary.
See https://en.wikipedia.org/wiki/Dynamic_H ... n_Protocol
by sebastia
Sun Jan 20, 2019 6:15 pm
Forum: Beginner Basics
Topic: how to do Dynamic nat 100 private ip with /24 public ip
Replies: 10
Views: 363

Re: how to do Dynamic nat 100 private ip with /24 public ip

As already pointed out, al that is academical until @mukeshchaubey responds...
by sebastia
Sun Jan 20, 2019 6:12 pm
Forum: Beginner Basics
Topic: Bridges across 4011
Replies: 14
Views: 466

Re: Bridges across 4011

In dhcp protocol, server is on 67 client on 68, UDP. So what you should to is, allow outgoing (chain=output) to 67 and then allow "established & related" on inbound (chain=input). Connection tracking will take care of the rest. Did your config on primary router (connected to isp) change? If so post ...
by sebastia
Sun Jan 20, 2019 4:14 pm
Forum: Beginner Basics
Topic: how to do Dynamic nat 100 private ip with /24 public ip
Replies: 10
Views: 363

Re: how to do Dynamic nat 100 private ip with /24 public ip

Typically used when you have like lots of users / devices behind a NAT to prevent running out of port numbers (PAT) for a single IP NAT but not typically for 100 users/devices, never tested, but maybe:
There a wiki for that ;-) https://wiki.mikrotik.com/wiki/Manual:I ... :1_mapping
by sebastia
Sun Jan 20, 2019 2:25 pm
Forum: Forwarding Protocols
Topic: Policy based routing problem
Replies: 5
Views: 184

Re: Policy based routing problem

Hey

What is the output of "/ip route export compact"?
by sebastia
Sun Jan 20, 2019 2:07 pm
Forum: General
Topic: IPSEC ROAD WARRIOR Site-to-Site with mode configs - no ping from client to server side
Replies: 1
Views: 96

Re: IPSEC ROAD WARRIOR Site-to-Site with mode configs - no ping from client to server side

Could you post your configs for both ends ? /export hide-sensitive compact
by sebastia
Sun Jan 20, 2019 1:53 pm
Forum: Beginner Basics
Topic: VLAN Shenanigans
Replies: 13
Views: 464

Re: VLAN Shenanigans

How do you connect that computer to LAN? In other words what is your infrastructure? That's important.
by sebastia
Sun Jan 20, 2019 1:36 pm
Forum: Beginner Basics
Topic: Connection between 3dhcp
Replies: 5
Views: 268

Re: Connection between 3dhcp

@anav You should point out what need to be corrected / improved so that it doesn't seem like a cheap shot and because otherwise the final result of rebuild will be the same configuration... For example, you could have pointed out that: * as of version 6.41 of RouterOS, the recommendation is to use s...
by sebastia
Sat Jan 19, 2019 11:26 pm
Forum: Beginner Basics
Topic: LTE passthrough winbox issue
Replies: 1
Views: 73

Re: LTE passthrough winbox issue

Hi with passthrough, all packets from the bound host (based on associated mac) will be forwarded to lte device. So if you use same port to manage the lte device as the one receiving the "lte signal", connectivity will be lost indeed. Two options: * passthrough to a vlan, and have other main interfac...
by sebastia
Sat Jan 19, 2019 11:15 pm
Forum: General
Topic: Mikrotik per user bandwidth volume consumption report
Replies: 10
Views: 424

Re: Mikrotik per user bandwidth volume consumption report

Have a look at ip accounting. There are some limitations. If you need more freedom, maybe investigate the ip traffic flow
by sebastia
Sat Jan 19, 2019 11:12 pm
Forum: Beginner Basics
Topic: how to do Dynamic nat 100 private ip with /24 public ip
Replies: 10
Views: 363

Re: how to do Dynamic nat 100 private ip with /24 public ip

Hello

Not sure if I understand the question: you want to do natting from private ip's (100) to /24 public (253) ip's pool. Where is the challenge?
by sebastia
Sat Jan 19, 2019 2:08 pm
Forum: General
Topic: rb750Gr3 keeps rebooting
Replies: 14
Views: 474

Re: rb750Gr3 keeps rebooting

Try don't assume...
by sebastia
Sat Jan 19, 2019 1:48 pm
Forum: General
Topic: rb750Gr3 keeps rebooting
Replies: 14
Views: 474

Re: rb750Gr3 keeps rebooting

Hey

Quite unfortunate

Have you tried netinstall?
by sebastia
Sat Jan 19, 2019 1:46 pm
Forum: RouterBOARD hardware
Topic: port mirroring
Replies: 1
Views: 80

Re: port mirroring

Yes, on both switches (gig & fe), https://wiki.mikrotik.com/wiki/Manual:S ... troduction

And by the way: Welcome on the forum ;-)
by sebastia
Sat Jan 19, 2019 1:41 pm
Forum: General
Topic: Misterious Ethernet problem
Replies: 12
Views: 653

Re: Misterious Ethernet problem

Maybe it has to do with gigabit port autosensing for the used data cable pairs. Gigabit ports normally autosense which pairs of RJ45 are available and how they are used. This is why for example you don't need cross-over cables with gigabit. Could it be that the two ports sensing timings, on Tik & Uq...
by sebastia
Sat Jan 19, 2019 12:43 pm
Forum: Scripting
Topic: Update static route from dynamic route?
Replies: 2
Views: 113

Re: Update static route from dynamic route?

Hey

why not use the dhcp client script for that: when any ip data changes this script is executed https://wiki.mikrotik.com/wiki/Manual:I ... pt_example
by sebastia
Sat Jan 19, 2019 11:21 am
Forum: General
Topic: could not make socket
Replies: 5
Views: 203

Re: could not make socket

in general you don't need to use the src-address when pinging, Tik will select the appropriate one.

If you want to test client connectivity, then you need to test FROM client system, NOT the router.
by sebastia
Sat Jan 19, 2019 11:18 am
Forum: General
Topic: RouterOS MikroTik CSS326-24G-2S+RM VPN Slow
Replies: 4
Views: 275

Re: RouterOS MikroTik CSS326-24G-2S+RM VPN Slow

2011 is a dated model, without hardware offloading for vpn...It will not break any speed records

You might get a bit more out of it: check if you have the right MTU set, so that there is no packet fragmentation.
by sebastia
Sat Jan 19, 2019 1:00 am
Forum: General
Topic: Help with home networks
Replies: 4
Views: 219

Re: Help with home networks

central cmdb? ;-)
by sebastia
Sat Jan 19, 2019 12:52 am
Forum: General
Topic: Anybody ues AT&T Gigabit Fiber with Mikrotik RouterOS?
Replies: 8
Views: 565

Re: Anybody ues AT&T Gigabit Fiber with Mikrotik RouterOS?

/interface ethernet switch rule ...
unfortunately 4011 doesn't do that in hardware: https://wiki.mikrotik.com/wiki/Manual:S ... troduction

why not use a cheap Tik with better switch in front? (or instead of 4011 altogether...) ex hAP ac2
by sebastia
Sat Jan 19, 2019 12:20 am
Forum: Scripting
Topic: ppp and BGP script
Replies: 3
Views: 141

Re: ppp and BGP script

Wouldn't using a /27 be a compromise?
by sebastia
Fri Jan 18, 2019 11:15 pm
Forum: General
Topic: Mode button to run script
Replies: 1
Views: 128

Re: Mode button to run script

Yes, you can configure what event should trigger, https://wiki.mikrotik.com/wiki/Manual:R ... ode_button
by sebastia
Fri Jan 18, 2019 11:10 pm
Forum: Scripting
Topic: ppp and BGP script
Replies: 3
Views: 141

Re: ppp and BGP script

Be careful with that, see slide 16+ https://mum.mikrotik.com/presentations/ ... 948376.pdf
by sebastia
Fri Jan 18, 2019 11:07 pm
Forum: General
Topic: could not make socket
Replies: 5
Views: 203

Re: could not make socket

you don't have that ip locally assigned, hence ping fails

try .16.1 instead
by sebastia
Fri Jan 18, 2019 9:50 pm
Forum: General
Topic: could not make socket
Replies: 5
Views: 203

Re: could not make socket

what is the output of /ip address print ?
by sebastia
Fri Jan 18, 2019 8:54 pm
Forum: Beginner Basics
Topic: Can ping router, but cannot ping or connect to WAN
Replies: 31
Views: 855

Re: Can ping router, but cannot ping or connect to WAN

We got both (post 1 & 18), but they are conflicting...
by sebastia
Fri Jan 18, 2019 7:09 pm
Forum: SwOS
Topic: CCR and CSS setup questions
Replies: 4
Views: 241

Re: CCR and CSS setup questions

It does. And what you intent will do the job. And now the rest.

Forgot to mention: if you want to simulate networks / devices, you can do that with GNC3. There you can use CHR for free (limited in bandwidth)
by sebastia
Fri Jan 18, 2019 6:30 pm
Forum: General
Topic: restore to different hardware
Replies: 5
Views: 235

Re: restore to different hardware

Short answer: you can't. export / import is cli only. backup is available through GUI
by sebastia
Fri Jan 18, 2019 6:22 pm
Forum: SwOS
Topic: CCR and CSS setup questions
Replies: 4
Views: 241

Re: CCR and CSS setup questions

That's a fun assignment, if I were you I would ask the instructor what is meant by needs to be isolated from any other port . General wiki: https://wiki.mikrotik.com/wiki/Manual:TOC , you can search there by topic Vlan: https://wiki.mikrotik.com/wiki/Manual:Interface/VLAN https://wiki.mikrotik.com/w...
by sebastia
Fri Jan 18, 2019 2:46 pm
Forum: General
Topic: PPPoE client WAN and VPN connection
Replies: 5
Views: 257

Re: PPPoE client WAN and VPN connection

ether1 is your "alternative connection"?

It would be best if you split your lan & vpn. So different ranges for both.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 20