MikroTik

docmarius

I can not receive RIP multicast announcements via ipip tunnels anymore on 6.45.3.
The UPD port 520 packets via tunnel don't even hit the firewall.

Downgrading to 6.45.2 restores full functionality (no configuration change).

Hw iis tile RB1009

docmarius

I have a basebox 2. While other brands of PCIe modems work as expected, I neve managed to get it started with a RB11e-LTE International version. It never passes reading the serial number on the modem. Support has no solution, so that information is correct. In a RBM33, the modem works perfectly.

docmarius

Those are only comments in your export and will be ignored... There are some default template entries in IPsec which the system probably expects NOT to be missing (e.g. the default policy template, default proposal, default group, default profile, default mode-profile), and can not be normally delet...

docmarius

How exactly did you try to filter the RIP messages? RIP uses the 'Prefix Lists' for incoming/outgoing messages, not the 'Filters'. Note that filtering is done in order of the filters (sort by #). Also take care, the prefix length needs to be matched, too. e.g. to filter everything from 10.1.1.0/24, ...

docmarius

Riccochet did that in the late 1990's and early 2000's somehow successfully.
But at some point you hit a speed limit due to internal interference and multiple hop latency. Think of something like 1/8'th of a P2P link.

docmarius

Between physical ports you can not exceed 1Gbps/port and direction, because the ports are 1Gbps :-). The CPU ports have a total forwarding capability of 2 Gbps in each direction... So, cross the switch groups you could get somewhere between 1Gbps with no other load and 400Mbps on full switch load (a...

docmarius

Hmmm, after about one day, on my CCR1009, all static routes configured for connected PPtP and SSTP clients (I have no other types to check) disappeared, and connectivity to the client's subnets was lost. Disconnecting the clients and allowing them to reconnect restored the routes... As if those rout...

docmarius

*) discovery - detect proper slave interface on bounded interfaces; If this means reporting the neighbor on each interface of the bond, then it works as expected. It is just not correct, since the neighbor should appear only once because it is a single logical interface. And some of them show the I...

docmarius

That has a perfect good reason: DST-NAT is a prerouting feature, which is located on the ingress path of the router (because the redirected packets need to be properly routed to the correct destinations). It is impossible to apply it on an an output, postrouting or forward chain, which have their ro...

docmarius

Updated my RBM33G with a RB11E-LTE.
- Modem firmware update - OK
- New LTE additions like cell info - OK
Everything working as expected.

docmarius

Or replace the hap ac lite with something supporting 802.3af/at, which is cheaper than buying a $400 switch, and throw out an existing $250 one? The AF adapter solution comes with a price tag at around 30$. A RBPOE adapter costs $5 and allows, if needed, POE for the hAP, from a separate power supply...

docmarius

That means that either one, or both devices don't play according to standards. But there could be a workaround: place a passive POE injector at the hap end, without powering it, or even power the hap via that injector. It has a separating transformer inside, that will prevent DC to flow between the ...

docmarius

You can not downgrade below the ROS factory version, in this case 6.39. Unless MT has some workaround.

docmarius

I assume you refer to 802.3af/at as POE+. In this case, the power supplied by a POE+ switch is negotiated, meaning that it will not supply power to devices which are not able to negotiate it according to that standard (like the hap lite). So it is safe to assume that you can connect your hap lite to...

docmarius

2 PPPoE connection work happily together. To force a specific interface for L2TP connection, you could use routing marks. In your main table you have one default gateway, on your secondary (marked) routing table, the other gateway. Mark your L2TP outgoing traffic in the output chain as needed and it...

docmarius

There are no untagged "vlans" on an interface, only THE untagged vlan (singular, only one, assimilated to vlan 1). For a packet to make use of vlans, it has to have vlan info in it, and that info is called a tag. A port could be virtually associated to a vlan by the router or switch, so that its tra...

docmarius

I think there is a confusion going on here. On one hand, it does not report the discovered info to an interface. It reports it to RouterOS, and you need to use Winbox/Webfig/API to read that information. So, unless your users have access to your router, they can not see the list. On the other hand, ...

docmarius

dB readings work the other way around. The bigger the number, the weaker the signal (37 dB is more than 2 times stronger than 41 dB).
Try to lower the power on the AP to get the client around 50 dB...

docmarius

I converted a network to static routing for similar reasons... Everything worked fine from minutes to days (rarely, but yes), and then it just stopped. Disabling an enabling a OSPF instance resurrects the whole stuff for some time. One thing I noticed was the following: One of my subnets was fragmen...

docmarius

That's what happens when you put restrictions on people: Le Chatelier's principle. The system changes to escape the constrain.
I would look for the "hacker" on the inside. But if they are your employees, this could rather trigger personnel fluctuations instead of increased productivity.

docmarius

Yes, you are right. It has nothing to do with ROS. As Sob said, it's probably a preparation for later actions. Sorry for the bump in.
But an actual PE release for Winbox could be a nice step

docmarius

What are you talking about? What are USB U3 programs? Please stop posting such posts. U3 is a portable execution medium developed some years ago, and pushed by Sandisk. It allows the installation of a PE (Portable executable) on an USB stick which creates an automatic launch environment in Windows,...

docmarius

I have a UFiber UF-SM-1G-S pair between a CCR1009-7G-1C-1S+ and a 260GS (CSS106-5G-1S). It work as expected.

docmarius

True, I wanted to learn it, and I keep the complicated things for my job :-). So running a few streams is easier to follow, like one streamed transponder, and it should scale knowledge wise. But I think the topic here was a home setup, not IGMP snooping, which is quite new in the MTK world (since 6....

docmarius

Please don't test IGMP snooping still doesn't work. ... Believe me, I read the forums, since 4.17, that's some 8 years... But you ask "don't test IGMP snooping". That's what I am talking about. What is the logic behind this? If YOU don't want to test, that's your own problem. If someone else does, ...

docmarius

Still no joy for RG11e-LTE with RB912UAG

docmarius

ITs possible to force a device to specific power level. But remember - in noisy environment - You will also amplify the noice. Now this needs a little explanation since it makes no sense. IMHO the noise gets amplified on supplemental Rx amplification, not on Tx, where only the S/N ratio gets booste...

docmarius

Maybe instead of bragging, you could inform Mikrotik about the issue so it could be solved?
Write a mail to support, open a ticket, describe the issue in detail, provide hacking means, methods and descriptions to them. This is not solvable in an user forum.

docmarius

Are you talking about client or server connections? It's problematic to give you an advice without detailed information.
If you are the client, first ask your ISP about this.

docmarius

If everyone would adhere to the principle "block all and allow only what you need", which is considered best practice, none of these discussions would be necessary. Start with: - allow all from (management) LAN - allow established/related - drop all and work your way up from there on an "as needed" ...

docmarius

You can freeze the torch window content by pressing "Stop", at least in winbox.
But that "copy" is needed.
And the same goes for the log.

docmarius

I think the easiest way is to describe bridges as software switches, allowing you to "switch" between its assigned ports (interfaces). Some could be ethernet interfaces and SFP ports, which allow the help of a real hardware switch chip if available (and this is named hardware offload), others could ...

docmarius

If you have different subnets for your computers, browsing via SMB is not possible across those subnets, because broadcasts packets are not forwarded.
To achieve this, you need a WINS server and register all clients to it.

docmarius

... As a comparison the ubnt edgeswitches, even the older rough models do provide 24/48 options being set manually. Now this is new. On my Edgeswitches I only have POE+ (802.11af/at) and 24V passive. No 48V passive option. Maybe you mean the defunct ToughSwitch Pro, which only supported passive PoE...

docmarius

AFAIk, You need to use RA for address hand-out. The ROS DHCPv6 only hands out prefixes for PD, not individual addresses.
https://wiki.mikrotik.com/wiki/Setting_up_DHCPv6

docmarius

192.168.0.255 is the broadcast address of network 192.168.0.0/24...
Disabling neighbor discovery is easy: on newer than 6.41 ROS go to IP->Neighbors, click "Discovery Settings" and select "none" from the dropdown box.

docmarius

From your description, you only placed a SIM card in its slot. What LTE modem did you put into the miniPCI express slot?

docmarius

Can't you just use 2x1G SFP (not SFP+) MM fiber transceivers for this task?
SFP fiber transceivers are usually cheaper than RJ45 modules., SFP+ slots also accept SFP devices.

docmarius

The 260gs is a switch, running SwOS, the 1100 is a router running ROS. So there is no way to migrate your config: - the switch has only a single IP for administrative purposes, not multiple interface with individual IPs - the switch ca not run dhcp servers - the switch can not do NAT (masquerade) - ...

docmarius

...Please advise when will the iOS one be available for use?

You mean the Apple or the Cisco IOS?

docmarius

Except the fact that it would break the standard restricting a broadcast domain to its own subnet, this could be a useful feature.
It would enable e.g. workgroup/SMB browsing across subnets without using a WINS server. But this tends to become kind of obsolete.

docmarius

@Muhammadilyasmunir: Don't you think you should open another topic because your problem is not related to the one discussed here?

docmarius

According to CEPT it is ok for indoor use.

http://www.erodocdb.dk/Docs/doc98/offic ... 1483EU.pdf

Check points 74/75 in the annex.

docmarius

What do the counters on these rules say? action=accept chain=forward out-interface=LAN src-address=10.1.0.0/24 action=accept chain=forward dst-address=10.1.0.0/24 in-interface=LAN Any traffic going on? Optionally try add action=accept chain=forward protocol=icmp so all icmp is allowed for the beginn...

docmarius

Only a few, but that is not the issue. The issue is you asking us not to test a feature because it does not work for you. How do you expect to raise feedback if we do not test it? Just wait for someone at MT to fix something they do not know is broken? The idea is to test it as much as we can, and s...

docmarius

Exactly. In the ports section there is this remote access option that allows you to create a virtual serial port over TCP/IP on a remote machine and attach your router's local serial port to it. AFAIK, drivers exist for Windows (3-rd party) and Linux (socat is your friend )... (check RFC2217) You ca...

docmarius

Good point. You need the proper routes on the client machine, or use the VPN as the default gateway.

docmarius

There is also an option to create a virtual serial port over TCP/IP (Ports->Remote Access). You could send the raw NMEA stream to a remote machine for processing.

docmarius

A basebox2 offers you a similar board, L4 license , outdoor housing, mount, power supply and PoE injector at a decent price, and a potential upgrade later because of the mini PCIe slot (e.g. a second Wifi interface or a LTE/3G modem). All you need is 2 of the presented antennas. Wouldn't this be a b...

docmarius

A pair of cheap pair of 3km single fiber transceivers and a fiber should do a better job at a lower price.

Search found 1210 matches