Community discussions

MikroTik App

Search found 1223 matches

by docmarius
Tue Dec 07, 2021 10:30 pm
Forum: Announcements
Topic: v7.1 is released!
Replies: 785
Views: 223021

Re: v7.1 is released!

Bug: Increasing RIP route timeout, garbage collector and update interval in Routing->Rip->Instance has no effect (unless they are not defined in seconds as I assume)... Setting GC e.g. to 1200 will still wipe out routes after 3 minutes. Wish: Add suppress HW offload option to RIP interface template.
by docmarius
Mon Nov 02, 2020 11:53 am
Forum: RouterBOARD hardware
Topic: M33G M.2 Sata Support
Replies: 12
Views: 8707

Re: M33G M.2 Sata Support

Kioxia KBG40ZNS256G works as expected in my RBM33 (ext3 with Dude running using it for the data directory).
The only problem was it being short, which I solved by cutting a piece of plastic (a single sided PCB in my case) to hold it down in place with the original screw.
by docmarius
Tue Aug 04, 2020 11:45 pm
Forum: RouterBOARD hardware
Topic: 100m Fixed rates on sfp for CCR2004?
Replies: 5
Views: 2486

Re: 100m Fixed rates on sfp for CCR2004?

Actually, the CCR1009-7G-1C series supports 100M fiber links on the combo port. But I think these are the only MT devices doing so.
by docmarius
Thu Jul 30, 2020 11:52 pm
Forum: Announcements
Topic: v6.47.1 [stable] is released!
Replies: 146
Views: 94674

Re: v6.47.1 [stable] is released!

It seems there is an issue with multicast routing in the the last 2 releases of ROS (on a CCR-1009). PIM, after working for ages with my multicast setup (upstream on a vlan, clients on a regular bridge) stopped working in 6.47. IGMP proxy was still working ok and I switched to it. But after upgradin...
by docmarius
Wed Jun 10, 2020 5:49 pm
Forum: General
Topic: EOIP Tunnel to Linux
Replies: 1
Views: 3799

Re: EOIP Tunnel to Linux

Yes, it is possible, and there is a compileable user space daemon available. But for the "best" solution you have possible other options, depending on your use case. For internal use, in a secure network, you can use other simple tunelling protocols, like IPIP (if you only need IPv4 traffi...
by docmarius
Wed Jun 10, 2020 2:04 am
Forum: General
Topic: IPv6 addresses can not be deleted [SOLVED]
Replies: 6
Views: 8900

Re: IPv6 addresses can not be deleted [SOLVED]

An export - delete configuration - import (in pieces) did the trick. But I still think this is an actual bug and should be addressed.
by docmarius
Tue Jun 09, 2020 5:12 am
Forum: General
Topic: IPv6 addresses can not be deleted [SOLVED]
Replies: 6
Views: 8900

IPv6 addresses can not be deleted [SOLVED]

I have a strange issue: I had some HE IPv6 addresses used in the past, which worked as expected. I added them to several pools and assigned them to different interfaces. Now I deleted those assignments and pools. Everything is fine, just after a reboot, the old addresses appear again, this time with...
by docmarius
Thu Dec 05, 2019 12:01 am
Forum: Announcements
Topic: v6.46 [stable] is released!
Replies: 113
Views: 68625

Re: v6.46 [stable] is released!

It seems the inability to get a full Dude installation comes from the fact that 'dude/files/default' is hidden (and is automatically hidden by the dude process).
by docmarius
Thu Oct 10, 2019 10:04 pm
Forum: Beginner Basics
Topic: EOIP tunneling and routing for Radio over IP
Replies: 14
Views: 4488

Re: EOIP tunneling and routing for Radio over IP

Wow, that's an interesting topic... Some questions: - Do you really need EOIP (L2 level connectivity) or would a TCP/IP tunneling also do? - Do you need a secured/encrypted connection or could a regular firewall do the job? Because, depending on the answer on these questions, there could other solut...
by docmarius
Sat Sep 14, 2019 1:08 pm
Forum: RouterBOARD hardware
Topic: CCR1009-7G-1C-1S+PC microSD not recognized
Replies: 2
Views: 2863

Re: CCR1009-7G-1C-1S+PC microSD not recognized

I needed to reboot my CCR1009-7G-1C-1S+ with the card plugged, before the microSD was properly recognized. No issues since, running the dude on it.
by docmarius
Sat Sep 14, 2019 12:59 pm
Forum: General
Topic: GRE dont-fragment - inherit from where? [SOLVED]
Replies: 7
Views: 4849

Re: GRE dont-fragment - inherit from where? [SOLVED]

Sorry, that was a bad wording... I meant the interface by which the connection was made through...
by docmarius
Tue Sep 10, 2019 9:58 am
Forum: General
Topic: GRE dont-fragment - inherit from where? [SOLVED]
Replies: 7
Views: 4849

Re: GRE dont-fragment - inherit from where? [SOLVED]

I'm pretty sure it means the parent device' setting if there is one, otherwise yes.
by docmarius
Sat Sep 07, 2019 8:52 pm
Forum: Wireless Networking
Topic: LHG 60 clone from ubiquti
Replies: 13
Views: 5330

Re: LHG 60 clone from ubiquti

... i don't really understand however, why they have this on a P2P unit. you can easily have TDD media access on a P2P just by using wireless synchronisation. the GPS based stuff only excels in multipoint scenarios... GPS sells. It is one of the "magic bullets". And maybe they are plannin...
by docmarius
Sat Sep 07, 2019 8:43 pm
Forum: General
Topic: Seeing 3rd party Mikrotik's SW version
Replies: 4
Views: 2472

Re: Seeing 3rd party Mikrotik's SW version

What you want is security through obscurity. This is a bad idea, giving you a false sense of added safety, which is not the case. Probing and exploiting a vulnerability is fast, and doesn't rely on those details to select a target. You should set up your network in such a way that it should not matt...
by docmarius
Sat Sep 07, 2019 8:19 pm
Forum: General
Topic: Undocumented ethernet protocol???
Replies: 2
Views: 1493

Re: Undocumented ethernet protocol???

Probably some experimental stuff. AA55 is binary 1010101001010101 - so this is used to get alternating 1/0 bits which makes development/testing even more probable...
But as r00t has written, if it doesn't bother anyone...
by docmarius
Sun Sep 01, 2019 7:29 pm
Forum: Beginner Basics
Topic: layer 7 protocols is not working
Replies: 3
Views: 3133

Re: layer 7 protocols is not working

And your "useful user article" is where?

This is a place to publish your articles. Please put question in the appropriate sections.
by docmarius
Thu Aug 29, 2019 9:07 pm
Forum: Announcements
Topic: v6.45.5 [stable] is released!
Replies: 53
Views: 49065

Re: v6.45.5 [stable] is released!

The bug preventing multicast RIP announcements over IPIP tunnels in 6.45.3 is solved. Not in the changelog, but anyway, tnx...
by docmarius
Tue Aug 06, 2019 10:17 pm
Forum: Announcements
Topic: v6.45.3 [stable] is released!
Replies: 90
Views: 60589

Re: v6.45.3 [stable] is released!

I can not receive RIP multicast announcements via ipip tunnels anymore on 6.45.3.
The UPD port 520 packets via tunnel don't even hit the firewall.

Downgrading to 6.45.2 restores full functionality (no configuration change).

Hw iis tile RB1009
by docmarius
Wed Jun 12, 2019 12:01 am
Forum: RouterBOARD hardware
Topic: r11e-lte + basebox2 [SOLVED]
Replies: 10
Views: 4438

Re: r11e-lte + basebox2 [SOLVED]

I have a basebox 2. While other brands of PCIe modems work as expected, I neve managed to get it started with a RB11e-LTE International version. It never passes reading the serial number on the modem. Support has no solution, so that information is correct. In a RBM33, the modem works perfectly.
by docmarius
Thu May 09, 2019 9:38 am
Forum: Announcements
Topic: v6.44.3 [stable] is released!
Replies: 122
Views: 72801

Re: v6.44.3 [stable] is released!

Those are only comments in your export and will be ignored... There are some default template entries in IPsec which the system probably expects NOT to be missing (e.g. the default policy template, default proposal, default group, default profile, default mode-profile), and can not be normally delet...
by docmarius
Thu May 02, 2019 7:02 am
Forum: Forwarding Protocols
Topic: Blocking/Allowing Subnets RIP
Replies: 2
Views: 2780

Re: Blocking/Allowing Subnets RIP

How exactly did you try to filter the RIP messages? RIP uses the 'Prefix Lists' for incoming/outgoing messages, not the 'Filters'. Note that filtering is done in order of the filters (sort by #). Also take care, the prefix length needs to be matched, too. e.g. to filter everything from 10.1.1.0/24, ...
by docmarius
Fri Apr 26, 2019 5:38 pm
Forum: Wireless Networking
Topic: Great news: Terragraph
Replies: 12
Views: 5173

Re: Great news: Terragraph

Riccochet did that in the late 1990's and early 2000's somehow successfully.
But at some point you hit a speed limit due to internal interference and multiple hop latency. Think of something like 1/8'th of a P2P link.
by docmarius
Thu Mar 07, 2019 12:09 am
Forum: RouterBOARD hardware
Topic: RB3011 Switching Performance with Hardware Offloading
Replies: 13
Views: 16866

Re: RB3011 Switching Performance with Hardware Offloading

Between physical ports you can not exceed 1Gbps/port and direction, because the ports are 1Gbps :-). The CPU ports have a total forwarding capability of 2 Gbps in each direction... So, cross the switch groups you could get somewhere between 1Gbps with no other load and 400Mbps on full switch load (a...
by docmarius
Fri Mar 01, 2019 2:20 am
Forum: Announcements
Topic: v6.44 [stable] is released!
Replies: 218
Views: 96030

Re: v6.44 [stable] is released!

Hmmm, after about one day, on my CCR1009, all static routes configured for connected PPtP and SSTP clients (I have no other types to check) disappeared, and connectivity to the client's subnets was lost. Disconnecting the clients and allowing them to reconnect restored the routes... As if those rout...
by docmarius
Thu Feb 28, 2019 1:36 am
Forum: Announcements
Topic: v6.44 [stable] is released!
Replies: 218
Views: 96030

Re: v6.44 [stable] is released!

*) discovery - detect proper slave interface on bounded interfaces; If this means reporting the neighbor on each interface of the bond, then it works as expected. It is just not correct, since the neighbor should appear only once because it is a single logical interface. And some of them show the I...
by docmarius
Mon Feb 18, 2019 12:51 am
Forum: General
Topic: Firewall on Mikrotik box outbound connection?
Replies: 9
Views: 1940

Re: Firewall on Mikrotik box outbound connection?

That has a perfect good reason: DST-NAT is a prerouting feature, which is located on the ingress path of the router (because the redirected packets need to be properly routed to the correct destinations). It is impossible to apply it on an an output, postrouting or forward chain, which have their ro...
by docmarius
Sun Feb 17, 2019 2:37 am
Forum: Announcements
Topic: v6.44rc [testing] is released!
Replies: 67
Views: 37128

Re: v6.44rc [testing] is released!

Updated my RBM33G with a RB11E-LTE.
- Modem firmware update - OK
- New LTE additions like cell info - OK
Everything working as expected. :D
by docmarius
Wed Dec 26, 2018 4:20 pm
Forum: RouterBOARD hardware
Topic: Connect hap ac lite to poe+ switch
Replies: 9
Views: 3446

Re: Connect hap ac lite to poe+ switch

Or replace the hap ac lite with something supporting 802.3af/at, which is cheaper than buying a $400 switch, and throw out an existing $250 one? The AF adapter solution comes with a price tag at around 30$. A RBPOE adapter costs $5 and allows, if needed, POE for the hAP, from a separate power supply...
by docmarius
Thu Dec 20, 2018 8:55 pm
Forum: RouterBOARD hardware
Topic: Connect hap ac lite to poe+ switch
Replies: 9
Views: 3446

Re: Connect hap ac lite to poe+ switch

That means that either one, or both devices don't play according to standards. But there could be a workaround: place a passive POE injector at the hap end, without powering it, or even power the hap via that injector. It has a separating transformer inside, that will prevent DC to flow between the ...
by docmarius
Thu Dec 20, 2018 8:52 pm
Forum: General
Topic: Impossible to downgrade from ROS 6.42.7
Replies: 7
Views: 3242

Re: Impossible to downgrade from ROS 6.42.7

You can not downgrade below the ROS factory version, in this case 6.39. Unless MT has some workaround.
by docmarius
Thu Dec 20, 2018 8:45 pm
Forum: RouterBOARD hardware
Topic: Connect hap ac lite to poe+ switch
Replies: 9
Views: 3446

Re: Connect hap ac lite to poe+ switch

I assume you refer to 802.3af/at as POE+. In this case, the power supplied by a POE+ switch is negotiated, meaning that it will not supply power to devices which are not able to negotiate it according to that standard (like the hap lite). So it is safe to assume that you can connect your hap lite to...
by docmarius
Sun Nov 25, 2018 3:52 am
Forum: Beginner Basics
Topic: 2 PPPOE Connections to be Active Simultaneously
Replies: 17
Views: 6456

Re: 2 PPPOE Connections to be Active Simultaneously

2 PPPoE connection work happily together. To force a specific interface for L2TP connection, you could use routing marks. In your main table you have one default gateway, on your secondary (marked) routing table, the other gateway. Mark your L2TP outgoing traffic in the output chain as needed and it...
by docmarius
Fri Nov 23, 2018 2:36 am
Forum: SwOS
Topic: 2 untagged VLAN same interface
Replies: 11
Views: 5688

Re: 2 untagged VLAN same interface

There are no untagged "vlans" on an interface, only THE untagged vlan (singular, only one, assimilated to vlan 1). For a packet to make use of vlans, it has to have vlan info in it, and that info is called a tag. A port could be virtually associated to a vlan by the router or switch, so th...
by docmarius
Mon Nov 12, 2018 9:28 am
Forum: General
Topic: IP Neighbor Discovery
Replies: 12
Views: 7600

Re: IP Neighbor Discovery

I think there is a confusion going on here. On one hand, it does not report the discovered info to an interface. It reports it to RouterOS, and you need to use Winbox/Webfig/API to read that information. So, unless your users have access to your router, they can not see the list. On the other hand, ...
by docmarius
Sun Nov 04, 2018 10:28 am
Forum: Wireless Networking
Topic: 40 Km wireless link problem [SOLVED]
Replies: 6
Views: 2673

Re: 40 Km wireless link problem [SOLVED]

dB readings work the other way around. The bigger the number, the weaker the signal (37 dB is more than 2 times stronger than 41 dB).
Try to lower the power on the AP to get the client around 50 dB...
by docmarius
Fri Oct 12, 2018 6:59 pm
Forum: Forwarding Protocols
Topic: OSFP Keeps Losing Routes!!! [SOLVED]
Replies: 11
Views: 7606

Re: OSFP Keeps Losing Routes!!! [SOLVED]

I converted a network to static routing for similar reasons... Everything worked fine from minutes to days (rarely, but yes), and then it just stopped. Disabling an enabling a OSPF instance resurrects the whole stuff for some time. One thing I noticed was the following: One of my subnets was fragmen...
by docmarius
Fri Oct 12, 2018 6:39 pm
Forum: General
Topic: Can my ISP access my Mikrotik Router and make changes?
Replies: 7
Views: 2520

Re: Can my ISP access my Mikrotik Router and make changes?

That's what happens when you put restrictions on people: Le Chatelier's principle. The system changes to escape the constrain.
I would look for the "hacker" on the inside. But if they are your employees, this could rather trigger personnel fluctuations instead of increased productivity.
by docmarius
Fri Oct 12, 2018 6:08 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 168446

Re: v6.44beta [testing] is released!

Yes, you are right. It has nothing to do with ROS. As Sob said, it's probably a preparation for later actions. Sorry for the bump in.
But an actual PE release for Winbox could be a nice step :-)
by docmarius
Fri Oct 12, 2018 9:16 am
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 168446

Re: v6 44beta testing is released

What are you talking about? What are USB U3 programs? Please stop posting such posts. U3 is a portable execution medium developed some years ago, and pushed by Sandisk. It allows the installation of a PE (Portable executable) on an USB stick which creates an automatic launch environment in Windows,...
by docmarius
Thu Jul 12, 2018 11:52 pm
Forum: General
Topic: Anyone using Ubiquiti branded SFP transceivers in your Mikrotik routers?
Replies: 4
Views: 5012

Re: Anyone using Ubiquiti branded SFP transceivers in your Mikrotik routers?

I have a UFiber UF-SM-1G-S pair between a CCR1009-7G-1C-1S+ and a 260GS (CSS106-5G-1S). It work as expected.
by docmarius
Wed Jul 04, 2018 2:13 am
Forum: Beginner Basics
Topic: Router config for IPTV (non-VLAN)
Replies: 18
Views: 22562

Re: Router config for IPTV (non-VLAN)

True, I wanted to learn it, and I keep the complicated things for my job :-). So running a few streams is easier to follow, like one streamed transponder, and it should scale knowledge wise. But I think the topic here was a home setup, not IGMP snooping, which is quite new in the MTK world (since 6....
by docmarius
Wed Jul 04, 2018 1:40 am
Forum: Beginner Basics
Topic: Router config for IPTV (non-VLAN)
Replies: 18
Views: 22562

Re: Router config for IPTV (non-VLAN)

Please don't test IGMP snooping still doesn't work. ... Believe me, I read the forums, since 4.17, that's some 8 years... But you ask "don't test IGMP snooping". That's what I am talking about. What is the logic behind this? If YOU don't want to test, that's your own problem. If someone e...
by docmarius
Wed Jun 27, 2018 8:57 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 557
Views: 221416

Re: v6.43rc [release candidate] is released!

Still no joy for RG11e-LTE with RB912UAG :-(
by docmarius
Mon Jun 18, 2018 9:37 pm
Forum: Wireless Networking
Topic: Connecting QRT5 ac and LGH5 on a 16Km link? Is it possible?
Replies: 8
Views: 2609

Re: Connecting QRT5 ac and LGH5 on a 16Km link? Is it possible?

ITs possible to force a device to specific power level. But remember - in noisy environment - You will also amplify the noice. Now this needs a little explanation since it makes no sense. IMHO the noise gets amplified on supplemental Rx amplification, not on Tx, where only the S/N ratio gets booste...
by docmarius
Thu Jun 07, 2018 11:46 pm
Forum: Announcements
Topic: MikroTik News June 2018 (Issue #83)
Replies: 44
Views: 32526

Re: MikroTik News June 2018 (Issue #83)

Maybe instead of bragging, you could inform Mikrotik about the issue so it could be solved?
Write a mail to support, open a ticket, describe the issue in detail, provide hacking means, methods and descriptions to them. This is not solvable in an user forum.
by docmarius
Sun Jun 03, 2018 4:09 pm
Forum: General
Topic: PPP establisht but no Rx traffic
Replies: 2
Views: 1298

Re: PPP establisht but no Rx traffic

Are you talking about client or server connections? It's problematic to give you an advice without detailed information.
If you are the client, first ask your ISP about this.
by docmarius
Sun Jun 03, 2018 3:53 pm
Forum: Announcements
Topic: VPNfilter official statement
Replies: 190
Views: 145544

Re: VPNfilter official statement

If everyone would adhere to the principle "block all and allow only what you need", which is considered best practice, none of these discussions would be necessary. Start with: - allow all from (management) LAN - allow established/related - drop all and work your way up from there on an &q...
by docmarius
Sat Jun 02, 2018 3:42 pm
Forum: General
Topic: Feature request: Do not block highlighting/selecting torch table contents
Replies: 5
Views: 2554

Re: Feature request: Do not block highlighting/selecting torch table contents

You can freeze the torch window content by pressing "Stop", at least in winbox.
But that "copy" is needed.
And the same goes for the log.
by docmarius
Tue May 29, 2018 2:44 pm
Forum: Beginner Basics
Topic: what is a bridge for in a basic home LAN?
Replies: 3
Views: 1461

Re: what is a bridge for in a basic home LAN?

I think the easiest way is to describe bridges as software switches, allowing you to "switch" between its assigned ports (interfaces). Some could be ethernet interfaces and SFP ports, which allow the help of a real hardware switch chip if available (and this is named hardware offload), oth...
by docmarius
Mon May 21, 2018 10:28 pm
Forum: General
Topic: why mikroitk Donot Cross File sharing traffic
Replies: 7
Views: 2750

Re: why mikroitk Donot Cross File sharing traffic

If you have different subnets for your computers, browsing via SMB is not possible across those subnets, because broadcasts packets are not forwarded.
To achieve this, you need a WINS server and register all clients to it.
by docmarius
Sun May 20, 2018 1:31 pm
Forum: SwOS
Topic: CRS328-24P-4S+RM forced POE missing voltage option defaults to 24V, 48V not selectable
Replies: 4
Views: 4747

Re: CRS328-24P-4S+RM forced POE missing voltage option defaults to 24V, 48V not selectable

... As a comparison the ubnt edgeswitches, even the older rough models do provide 24/48 options being set manually. Now this is new. On my Edgeswitches I only have POE+ (802.11af/at) and 24V passive. No 48V passive option. Maybe you mean the defunct ToughSwitch Pro, which only supported passive PoE...
by docmarius
Sun May 20, 2018 1:24 pm
Forum: General
Topic: IPv6 DHCP Server Not Leasing IP
Replies: 13
Views: 13321

Re: IPv6 DHCP Server Setup

AFAIk, You need to use RA for address hand-out. The ROS DHCPv6 only hands out prefixes for PD, not individual addresses.
https://wiki.mikrotik.com/wiki/Setting_up_DHCPv6
by docmarius
Sun May 20, 2018 12:11 am
Forum: Beginner Basics
Topic: What To Do - Port 5678?
Replies: 1
Views: 2411

Re: What To Do - Port 5678?

192.168.0.255 is the broadcast address of network 192.168.0.0/24...
Disabling neighbor discovery is easy: on newer than 6.41 ROS go to IP->Neighbors, click "Discovery Settings" and select "none" from the dropdown box.
by docmarius
Fri May 18, 2018 11:33 pm
Forum: Wireless Networking
Topic: BaseBox2 LTE problems
Replies: 2
Views: 1437

Re: BaseBox2 LTE problems

From your description, you only placed a SIM card in its slot. What LTE modem did you put into the miniPCI express slot?
by docmarius
Fri May 18, 2018 11:04 pm
Forum: General
Topic: SFP signal too strong
Replies: 9
Views: 6501

Re: SFP signal too strong

Can't you just use 2x1G SFP (not SFP+) MM fiber transceivers for this task?
SFP fiber transceivers are usually cheaper than RJ45 modules., SFP+ slots also accept SFP devices.
by docmarius
Sun May 13, 2018 9:51 pm
Forum: SwOS
Topic: config rb260gs i cant import by rb1100
Replies: 1
Views: 2568

Re: config rb260gs i cant import by rb1100

The 260gs is a switch, running SwOS, the 1100 is a router running ROS. So there is no way to migrate your config: - the switch has only a single IP for administrative purposes, not multiple interface with individual IPs - the switch ca not run dhcp servers - the switch can not do NAT (masquerade) - ...
by docmarius
Wed May 09, 2018 7:52 pm
Forum: Announcements
Topic: MikroTik smartphone app (ex Tik-App)
Replies: 487
Views: 269850

Re: Tik App, MikroTik android utility ALPHA test

...Please advise when will the iOS one be available for use?
You mean the Apple or the Cisco IOS?
by docmarius
Fri May 04, 2018 8:57 am
Forum: Beginner Basics
Topic: Forwarding broadcast traffic between two networks
Replies: 13
Views: 7606

Re: Forwarding broadcast traffic between two networks

Except the fact that it would break the standard restricting a broadcast domain to its own subnet, this could be a useful feature.
It would enable e.g. workgroup/SMB browsing across subnets without using a WINS server. But this tends to become kind of obsolete.
by docmarius
Thu May 03, 2018 6:33 pm
Forum: General
Topic: ccr1009 missing bad blocks and total sectors writes
Replies: 9
Views: 3854

Re: ccr1009 missing bad blocks and total sectors writes

@Muhammadilyasmunir: Don't you think you should open another topic because your problem is not related to the one discussed here?
by docmarius
Wed May 02, 2018 9:12 am
Forum: RouterBOARD hardware
Topic: Hardware for RF Link 10-15 meter
Replies: 6
Views: 1895

Re: Hardware for RF Link 10-15 meter

According to CEPT it is ok for indoor use.

http://www.erodocdb.dk/Docs/doc98/offic ... 1483EU.pdf

Check points 74/75 in the annex.
by docmarius
Tue May 01, 2018 10:22 pm
Forum: Beginner Basics
Topic: VPN client acces to LAN pc
Replies: 7
Views: 8093

Re: VPN client acces to LAN pc

What do the counters on these rules say? action=accept chain=forward out-interface=LAN src-address=10.1.0.0/24 action=accept chain=forward dst-address=10.1.0.0/24 in-interface=LAN Any traffic going on? Optionally try add action=accept chain=forward protocol=icmp so all icmp is allowed for the beginn...
by docmarius
Tue May 01, 2018 10:13 pm
Forum: Beginner Basics
Topic: Router config for IPTV (non-VLAN)
Replies: 18
Views: 22562

Re: Router config for IPTV (non-VLAN)

Only a few, but that is not the issue. The issue is you asking us not to test a feature because it does not work for you. How do you expect to raise feedback if we do not test it? Just wait for someone at MT to fix something they do not know is broken? The idea is to test it as much as we can, and s...
by docmarius
Sun Apr 29, 2018 1:09 pm
Forum: RouterBOARD hardware
Topic: Routerboard with 3G and GPS
Replies: 17
Views: 6971

Re: Routerboard with 3G and GPS

Exactly. In the ports section there is this remote access option that allows you to create a virtual serial port over TCP/IP on a remote machine and attach your router's local serial port to it. AFAIK, drivers exist for Windows (3-rd party) and Linux (socat is your friend )... (check RFC2217) You ca...
by docmarius
Sun Apr 29, 2018 12:59 pm
Forum: Beginner Basics
Topic: VPN client acces to LAN pc
Replies: 7
Views: 8093

Re: VPN client acces to LAN pc

Good point. You need the proper routes on the client machine, or use the VPN as the default gateway.
by docmarius
Sat Apr 28, 2018 3:07 pm
Forum: RouterBOARD hardware
Topic: Routerboard with 3G and GPS
Replies: 17
Views: 6971

Re: Routerboard with 3G and GPS

There is also an option to create a virtual serial port over TCP/IP (Ports->Remote Access). You could send the raw NMEA stream to a remote machine for processing.
by docmarius
Sat Apr 28, 2018 2:53 pm
Forum: RouterBOARD hardware
Topic: RB911G-2HPnD + StationBox S + 2x Dipole Antenna
Replies: 11
Views: 3015

Re: RB911G-2HPnD + StationBox S + 2x Dipole Antenna

A basebox2 offers you a similar board, L4 license , outdoor housing, mount, power supply and PoE injector at a decent price, and a potential upgrade later because of the mini PCIe slot (e.g. a second Wifi interface or a LTE/3G modem). All you need is 2 of the presented antennas. Wouldn't this be a b...
by docmarius
Sat Apr 28, 2018 2:44 pm
Forum: RouterBOARD hardware
Topic: Copper link longer than 100 meters
Replies: 16
Views: 3970

Re: Copper link longer than 100 meters

A pair of cheap pair of 3km single fiber transceivers and a fiber should do a better job at a lower price.
by docmarius
Sat Apr 28, 2018 2:32 pm
Forum: Beginner Basics
Topic: VPN client acces to LAN pc
Replies: 7
Views: 8093

Re: VPN client acces to LAN pc

NAT/Masquerade 10.0.0.x users to your 192.168.1.x interface address.
Most desktop machine firewalls (especially Windows) expect all others to be on the same LAN to access their services.
And make sure to have forward rules in both directions between the two networks.
by docmarius
Fri Apr 27, 2018 7:00 pm
Forum: Beginner Basics
Topic: Router config for IPTV (non-VLAN)
Replies: 18
Views: 22562

Re: Router config for IPTV (non-VLAN)

Please don't test IGMP snooping still doesn't work.
Why not test it? Just because it does not work on your setup?
I have it enabled on a hex and seems to do its job as expected.
by docmarius
Thu Apr 19, 2018 12:09 am
Forum: RouterBOARD hardware
Topic: RBM11G + R11e-LTE
Replies: 18
Views: 9291

Re: RBM11G + R11e-LTE

Tnx Normis. I did. I have issues with it on a RB912 Basebox2 board and a brand new R11e, that's why I asked. [Ticket#2018041522001201]
by docmarius
Wed Apr 18, 2018 9:27 am
Forum: RouterBOARD hardware
Topic: RBM11G + R11e-LTE
Replies: 18
Views: 9291

Re: RBM11G + R11e-LTE

Upgraded also the Firmware of the R11e-LTE from v007 to v008...
Some details on how you got/did that update?
by docmarius
Mon Apr 16, 2018 8:15 am
Forum: RouterBOARD hardware
Topic: R11e-LTE Detailed Information
Replies: 5
Views: 2639

Re: R11e-LTE Detailed Information

For 3rd party uses of the R11e-LTE, could you at least provide the AT commands disabling the unsolicited status/progress messages?
These may be interfering with chatscript. e.g. after a AT+CFUN=1 the modem puts out a lot of responses, including some of them after the "OK" response.
by docmarius
Sun Apr 15, 2018 8:49 pm
Forum: Beginner Basics
Topic: Microtik R11e-LTE-US set up
Replies: 8
Views: 17833

Re: Microtik R11e-LTE-US set up

[support ticket sent Ticket#2018041522001201] Rant: It is lovely to sell a device that does not work with your own products, and sell it without providing a user manual, and here I mean a documented AT command set. So that at leas we can use these LTE modems in other devices, because we payed money ...
by docmarius
Sat Apr 14, 2018 9:31 pm
Forum: General
Topic: romon behind unifi switches no discovery
Replies: 2
Views: 1469

Re: romon behind unifi switches no discovery

Because unifi switches drop some BPDUs. On the EdgeSwitch, this can be disabled. Can not tell if this is possible on unifi (aparently not).
This thread discusses exactly this issue:
https://community.ubnt.com/t5/EdgeSwitc ... -p/1313979
by docmarius
Sat Apr 14, 2018 9:25 pm
Forum: Beginner Basics
Topic: MRTG dynamic PPPoE or PPTP interface
Replies: 21
Views: 7598

Re: MRTG dynamic PPPoE or PPTP interface

If you use the interface number, that's faster. But then this number changes if the interface goes down and up again, depending on the system.
If it stays the same, you can use something like 3:public@192.168.1.1: (you need to find it via a snmp walk...)
by docmarius
Sat Apr 14, 2018 3:57 pm
Forum: Beginner Basics
Topic: MRTG dynamic PPPoE or PPTP interface
Replies: 21
Views: 7598

Re: MRTG dynamic PPPoE or PPTP interface

Adapt fields to yout needs... Interface name (ppoe_interface in the example), IP's(interface is assumed on 192.168.1.1), speeds. localhost_11 is just a label and needs to be unique in the config. Target[localhost_11]: #pppoe_interface:public@192.168.1.1: SetEnv[localhost_11]: MRTG_INT_IP="192.1...
by docmarius
Sat Apr 14, 2018 10:29 am
Forum: Beginner Basics
Topic: Microtik R11e-LTE-US set up
Replies: 8
Views: 17833

Re: Microtik R11e-LTE-US set up

Same thing on this side, too (RB11e-LTE, non-US): Couldn't start - modem is not configured yet (6) In interface/status I get: http://www.yo2loj.ro/files/LTE_failed.jpg RB is 912UAG-2HPnD (BaseBox 2) Tried on ROS 6.40.7 and 6.41.4 Installed the extra LTE package. No change. I tried to set "ignor...
by docmarius
Mon Apr 09, 2018 9:15 pm
Forum: RouterBOARD hardware
Topic: Router with 2 WLAN cards.
Replies: 6
Views: 2982

Re: Router with 2 WLAN cards.

And there is another option: You can run a virtual AP on an interface while doing a WDS connection at the same time... The downside is it has to be on the same channel.
by docmarius
Mon Apr 09, 2018 9:05 pm
Forum: RouterBOARD hardware
Topic: Router with 2 WLAN cards.
Replies: 6
Views: 2982

Re: Router with 2 WLAN cards.

All variants based on the RB9x2 boards (NetMetal, BaseBox) can be upgraded to 2 WLANS by adding a second mini PCIe wlan card.
You can also order the board itself (RB912, RB922, RB953, maybe even RB433 - depending on your needs) and build your own custom design...
by docmarius
Mon Apr 09, 2018 6:26 pm
Forum: Wireless Networking
Topic: LAN IP Telephony on Mikrotik? Voice VLAN?
Replies: 2
Views: 2228

Re: LAN IP Telephony on Mikrotik? Voice VLAN?

I provision a Nortel phone via TFTP from the router. Works flawless.
by docmarius
Mon Apr 09, 2018 6:10 pm
Forum: General
Topic: VLAN-AP
Replies: 4
Views: 1257

Re: VLAN-AP

There are unsolved issues with the DHCP server on VLANs and bridges in 6.41.x.
Downgrade to the bugfix version (6.40.7) and everything will probably work flawless.
by docmarius
Sat Mar 24, 2018 1:01 pm
Forum: General
Topic: VPN on RouterOS 6.36.1 [SOLVED]
Replies: 5
Views: 2591

Re: VPN on RouterOS 6.36.1 [SOLVED]

The assigned mask is actually correct. The network mask tells your network interface which IPs are DIRECTLY connected to that interface. Since a VPN has only 2 directly connected endpoints, this gets shown by 1 endpoint getting a IP/32, the other endpoint being its gateway IP. If you put that IP int...
by docmarius
Tue Mar 20, 2018 8:46 am
Forum: Beginner Basics
Topic: VLAN in ROS 6.41 - need help!
Replies: 2
Views: 1084

Re: VLAN in ROS 6.41 - need help!

There is also 6.40.6 - The old paradigm but with bugsfixes. This should work 1:1.
by docmarius
Sun Mar 18, 2018 1:51 am
Forum: General
Topic: Urgent request from Mikrotik ... Please
Replies: 24
Views: 7046

Re: Urgent request from Mikrotik ... Please

The reason i said that is doe to the fact that, at the moment, any stored configuration is static, with a few exceptions in the address lists. That means that variables names are resolved to their values when set (and not on use). e.g. for a route using a dns name for its gateway, that will be resol...
by docmarius
Sun Mar 18, 2018 12:49 am
Forum: General
Topic: Urgent request from Mikrotik ... Please
Replies: 24
Views: 7046

Re: Urgent request from Mikrotik ... Please

Yes, you are right. Maybe that should be changed :-)
e.g. to have the ability to place some $GLOBAL_VARIABLE_NAME as command parameters.
It works in CLI as a one time substitution, but it would be nice to have it dynamic. Unfortunately this seems IMHO to need a radical core redesign...
by docmarius
Sun Mar 18, 2018 12:44 am
Forum: General
Topic: Urgent request from Mikrotik ... Please
Replies: 24
Views: 7046

Re: Urgent request from Mikrotik ... Please

Have a script initializing the needed variables on startup is not enough?
This would give you a solution to your problem and leave Ros uncluttered for users not needing that.
by docmarius
Sat Mar 17, 2018 7:47 pm
Forum: RouterBOARD hardware
Topic: hAP ac² - more RAM than in HW specification [SOLVED]
Replies: 63
Views: 47312

Re: hAP ac² - more RAM than in HW specification [SOLVED]

Where is it written that you should have 256M of RAM? You got a 233Mb chip, live with it :lol:
by docmarius
Tue Mar 13, 2018 12:48 am
Forum: Announcements
Topic: v6.41.3 [current]
Replies: 139
Views: 57002

Re: v6.41.3 [current]

docmarius - Are you referring to one of the fixes in 6.42rc version or some other problem which you have resolved/reported to support? I had issues with the DHCP server not handing out addresses after some time of proper functioning in 6.41.2 if the interface is a bridge. This was reported by some ...
by docmarius
Mon Mar 12, 2018 8:35 pm
Forum: Announcements
Topic: v6.41.3 [current]
Replies: 139
Views: 57002

Re: v6.41.3 [current]

Any fix for the DHCP server stopping on bridge after some time?
by docmarius
Thu Mar 01, 2018 9:00 am
Forum: Announcements
Topic: v6.41.2 [current]
Replies: 124
Views: 51977

Re: v6.41.2 [current]

On my CCR1009 this version is unstable. After an unpredictable time, the DHCP server stops responding, and routing seems to go amok (routes are there, but it is like connection tracking is not working). A reboot restores functionality for a time (from minutes up to a day). Downgrading to 6.40.6 &quo...
by docmarius
Wed Feb 28, 2018 6:24 pm
Forum: Announcements
Topic: Future of LTE products, user feedback requested
Replies: 208
Views: 101187

Re: Future of LTE products, user feedback requested

Since IoT is a big topic at the moment, maybe a look on LTE CAT M1/NB1 is interesting (U-Blox has some nice modules like the Sara R410M with promises for global band coverage...). And regarding 2G/3G, please be aware that while the US drops 3G, the general deployment of LTE in the EU has been postpo...
by docmarius
Tue Feb 20, 2018 8:50 am
Forum: Announcements
Topic: v6.41.2 [current]
Replies: 124
Views: 51977

Re: v6.41.2 [current]

...
Current Tx Power 2GHz - empty
...
FYI: 0 dBm does not mean "empty"/zero power. It is a valid value and means 1 mW. Still odd though, if it changed by itself.
by docmarius
Thu Feb 15, 2018 8:12 pm
Forum: General
Topic: After removing user, its ssh-keys are not removed together
Replies: 12
Views: 3374

Re: After removing user, its ssh-keys are not removed together

Ok. That makes sense. So actually key remove on user delete is a valid option. Tnx.
by docmarius
Wed Feb 14, 2018 9:39 pm
Forum: The Dude
Topic: Bug in RouterOS DHCP leases tab
Replies: 1
Views: 1426

Bug in RouterOS DHCP leases tab

There is a bug in the DHCP lease list in the RouterOS device setting tabs. All DHCP leases are grayed out and show an X (disabled) in front of them, even though they are up and running on the devices. Dude is 6.41.2 running on a CCR1009-7G-1C-1S+ (Can not check earlier versions since i just found it...
by docmarius
Wed Feb 14, 2018 8:45 pm
Forum: General
Topic: After removing user, its ssh-keys are not removed together
Replies: 12
Views: 3374

Re: After removing user, its ssh-keys are not removed together

Let me just put some questions: - Since you added the keys in a separate step, how do you expect you the router to guess you want to remove them or not together with the user? Just because you assigned them to a user at a later time? What if you want some key shared between multiple users? - What if...
by docmarius
Thu Feb 08, 2018 8:48 pm
Forum: Announcements
Topic: v6.41.1 [current]
Replies: 104
Views: 32176

Re: v6.41.1 [current]

I can confirm the DHCP behavior described by Splash. Having a DHCP server on a (SW only - CCR1009) bridge interface stops the DHCP server from handing out leases, with all just in the waiting state. Adding accept firewall rules for UDP port 67 on the input chain for the needed interfaces gets it up ...
by docmarius
Wed Dec 27, 2017 10:34 pm
Forum: Forwarding Protocols
Topic: RIP routers without next hop
Replies: 20
Views: 5772

Re: RIP routers without next hop

For ROS to install a RIP route via multicast, the source address of the RIP packets need to be inside the subnet of the interface they are received on. e.g. Interface: 192.168.1.0/24 from 192.168.1.5: 10.1.2.0/255.255.255.0 will install the route but from 192.168.2.5: 10.1.2.0/255.255.255.0 will not...
by docmarius
Sat Dec 23, 2017 2:57 pm
Forum: Announcements
Topic: v6.41 [current]
Replies: 304
Views: 138887

Re: v6.41 [current]

After the conversion on my CCR1009, the DHCP server failed to work if connected to a bridge interface (it worked dough on a single vlan interface). For static IP hosts, everything seemed running normal. I traced this back to the fact that STP/RSTP was not enabled. After enabling, it worked as expect...
by docmarius
Fri Dec 22, 2017 8:00 pm
Forum: Announcements
Topic: v6.41 [current]
Replies: 304
Views: 138887

Re: v6.41 [current]

Found a first anomaly:
Neighbor discovery does not work with the generated 'discover', 'mac-winbox' or 'mactel' interface lists. Other lists seem to work.
After list deletion and recreation by hand, it works.
by docmarius
Wed Dec 20, 2017 9:09 am
Forum: Beginner Basics
Topic: GPON between two MikroTik's
Replies: 7
Views: 2854

Re: GPON between two MikroTik's

It is not that simple. First, you can ONLY substitute an GPON ONT, not someting else like a GEPON ONT or regular fiber connections. Second, your provider needs to register your module to his OLT (central equipment) instead of the one provided to you. They will probably refuse it. Third, you will loo...
by docmarius
Wed Dec 20, 2017 8:43 am
Forum: RouterBOARD hardware
Topic: Does anyone have a block diagram for the CSS326-24G-2S+ ? [SOLVED]
Replies: 4
Views: 2943

Re: Does anyone have a block diagram for the CSS326-24G-2S+? [SOLVED]

Exactly. Only the media interfaces are grouped by the fact that they use octal interface chips. The actual switching is done in the central switch chip and the hole thing works at wirespeed and there is no data shortcut inside those PHYs. Everything still flows through the MII buses to the switch ch...
by docmarius
Tue Dec 19, 2017 3:44 am
Forum: RouterBOARD hardware
Topic: Does anyone have a block diagram for the CSS326-24G-2S+ ? [SOLVED]
Replies: 4
Views: 2943

Re: Does anyone have a block diagram for the CSS326-24G-2S+? [SOLVED]

I think you misread those diagrams. It is not a controller for each port group. It is a octal PHY (physical interface transceivers to MII converters, 8x1Gb eth to 2x4Gb MII in this case) for each group, and it has no user relevance unless one gets blown out and knocks out the whole group. The contro...
by docmarius
Mon Dec 18, 2017 2:13 pm
Forum: Beginner Basics
Topic: CCR1009-7G-1C-1S+PC basic setup
Replies: 7
Views: 4915

Re: CCR1009-7G-1C-1S+PC basic setup

In addition to the IP address problem, you have 2 supplemental issues. 1. NAT is wrong, you need only do nat for the WAN interface: /ip firewall nat add action=masquerade chain=srcnat out-interface=ether1 2. You need a default route for your uplink using an ip address not an interface name (IF names...
by docmarius
Mon Dec 11, 2017 6:25 pm
Forum: General
Topic: SFP signal too strong
Replies: 9
Views: 6501

Re: SFP signal too strong

If texmeshtexas already has the 100m SM fiber in place, that could be a problem, since the module you mentioned is MM. I have SM modules running on short MM OM4 fibers (10 m), but never tried the other way around (and this could be a problem because of the much smaller aperture on the SM fiber and t...
by docmarius
Mon Dec 11, 2017 5:58 pm
Forum: Beginner Basics
Topic: denied winbox/dude message
Replies: 7
Views: 30235

Re: denied winbox/dude message

You just need to add a firewall filter rule on chain input, incoming port WAN (use the proper name from you system), protocol 6 (tcp) port 8291. /ip firewall filter add action=drop chain=input comment="Winbox on WAN" in-interface=WAN dst-port=8291 protocol=tcp But the best approach on the ...
by docmarius
Mon Dec 11, 2017 9:26 am
Forum: General
Topic: SFP signal too strong
Replies: 9
Views: 6501

Re: SFP signal too strong

There are attenuators on the market.
Just an example:
https://www.fs.com/c/optical-attenuator ... ors#matrix
by docmarius
Mon Dec 11, 2017 9:16 am
Forum: Beginner Basics
Topic: denied winbox/dude message
Replies: 7
Views: 30235

Re: denied winbox/dude message

You should assume any connection on any open port possible on your system, because you can not control what people do on the internet. Actually you should expect them to do it and there is nothing you can do except secure your equipment (e.g. closing ports you don't need, restricting access to certa...
by docmarius
Sat Dec 09, 2017 2:39 pm
Forum: Virtualization
Topic: btest 127.0.0.1 CHR verses CRS326-24G-2S+ (which is faster ?)
Replies: 19
Views: 5957

Re: btest 127.0.0.1 CHR verses CRS326-24G-2S+ (which is faster ?)

... First time powered up just know. No changes made to configuration. Winbox - Hit "OK" when powered up & MAC connected. New Terminal - typed in "tool bandwidth-test direction=transmit interval=00:00:05 protocol=udp user=admin address=127.0.0.1 duration=20" ... Tom, It's no...
by docmarius
Sat Dec 09, 2017 1:58 pm
Forum: Beginner Basics
Topic: New Router PPPOE is dead?
Replies: 2
Views: 1020

Re: New Router PPPOE is dead?

I can confirm, RDS needs the service name to be empty.
by docmarius
Tue Dec 05, 2017 7:48 pm
Forum: General
Topic: Replacement for 1100AHx2
Replies: 5
Views: 1734

Re: Replacement for 1100AHx2

A CCR, e.g. CCR1009-7G-1C-1S+ would also do if you need less than 9 copper Gb interfaces. A big boost and you get a nice LCD, too.
by docmarius
Mon Dec 04, 2017 3:28 pm
Forum: RouterBOARD hardware
Topic: Why people pair UBNT APs with MikroTik routers?
Replies: 56
Views: 52937

Re: Why people pair UBNT APs with MikroTik routers?

I have not seen the new model for real, but the old cAP looks like a fire sensor. And sorry, but this one looks at first glance like an air intake of a ventilator with all those holes or dots. But anyway, much better than the old ones :-).


.
by docmarius
Mon Dec 04, 2017 1:11 am
Forum: RouterBOARD hardware
Topic: Why people pair UBNT APs with MikroTik routers?
Replies: 56
Views: 52937

Re: Why people pair UBNT APs with MikroTik routers?

I've chosen Unifi APs (first LR and then later AC Pro) primary for their looks when mounted on the wall. cAPs and wAPs are just ugly.
And sadly, MT has nothing to offer on the PoE switch side that comes near to ES and US (yet, I hope)...
by docmarius
Mon Dec 04, 2017 12:34 am
Forum: Virtualization
Topic: btest 127.0.0.1 CHR verses CRS326-24G-2S+ (which is faster ?)
Replies: 19
Views: 5957

Re: btest 127.0.0.1 CHR verses CRS326-24G-2S+ (which is faster ?)

... The "R" in CRS326-24G-2S+ stands for "Router" ... Tom, I think that's not entirely correct and out of context: CRS stands for Cloud Router Switch, meaning a switch for the "cloud router". It si not "cloud router and switch". The routing capabilities are j...
by docmarius
Sun Dec 03, 2017 11:55 pm
Forum: General
Topic: coexistence between Tunnel Broker and native IPv6
Replies: 3
Views: 1255

Re: coexistence between Tunnel Broker and native IPv6

I have exactly the same use case: I want to use a HE provided gateway with a server, and a native dynamic IPv6 subnet from my ISP for the actual LAN. A no go for the moment due to missing routing tables for IPv6 (marks are there, but of no use).
by docmarius
Sun Dec 03, 2017 11:42 pm
Forum: General
Topic: Mikrotik caching DNS and 0x20 bit encoding
Replies: 8
Views: 2567

Re: Mikrotik caching DNS and 0x20 bit encoding

Tnx. Cyril for the explanation. Now I got it, and have to support your suggestion.
But I think that has also to be implemented for ROS DNS lookup functions, not only for the cache.

+1
by docmarius
Thu Nov 30, 2017 7:47 pm
Forum: General
Topic: Mikrotik caching DNS and 0x20 bit encoding
Replies: 8
Views: 2567

Re: Mikrotik caching DNS and 0x20 bit encoding

Now i got really curious about this :-) So what you are saying is that MT's DNS is actually case sensitive when it should not? Let's get an example. Let's say we have: Test.com A 1.2.3.4 Mail.Test.com A 1.2.3.4 1.2.3.4 IN PTR Mail.Test.com Test.com MX 10 Mail.Test.com 1 - a DNS request for Test.com ...
by docmarius
Thu Nov 30, 2017 7:18 pm
Forum: General
Topic: ARP strangeness
Replies: 8
Views: 3542

Re: ARP strangeness

This same src/dest MAC request I assume it is done to update MAC tables and switching tables in potential switches on the network. Or some other more obscure reason on devices which do ARP sniffing...
by docmarius
Thu Nov 30, 2017 6:50 pm
Forum: Beginner Basics
Topic: Pro's & Cons GRE-IPIP-EoIP
Replies: 5
Views: 7070

Re: Pro's & Cons GRE-IPIP-EoIP

It depends only on your needs. GRE actually can transport whatever you want. And EoIP is also GRE, with the addition of 2 bytes in the header defining a tunnel ID, so one can run more than one tunnel between 2 endpoints, and it transports ethernet frames only. The actual overhead for GRE is 22 to 26...
by docmarius
Thu Nov 30, 2017 6:33 pm
Forum: Beginner Basics
Topic: RBM11G LTE not visible
Replies: 1
Views: 1031

Re: RBM11G LTE not visible

Have you tried going to System->Routerboard->USB and select "Mini PCIe" instead of "USB Type A"?
by docmarius
Thu Nov 30, 2017 12:20 pm
Forum: General
Topic: Mikrotik caching DNS and 0x20 bit encoding
Replies: 8
Views: 2567

Re: Mikrotik caching DNS and 0x20 bit encoding

Yes, right. I actually forgot about MX checks.
But then again, shouldn't the mail system be case insensitive on the MX check?
Of course, if the DNS returns the MX as written in the zone, this would be great.
by docmarius
Sat Nov 25, 2017 10:02 am
Forum: General
Topic: Mikrotik caching DNS and 0x20 bit encoding
Replies: 8
Views: 2567

Re: Mikrotik caching DNS and 0x20 bit encoding

Domain name lookups according to RFC4343 are case insensitive, and in DNS replies the capitalization MAY be kept but must be ignored by the client. https://tools.ietf.org/html/rfc4343 Since this affects reverse DNS and CNAMES only (address resolution responses being in dotted quad format), I would a...
by docmarius
Thu Nov 23, 2017 8:07 am
Forum: Beginner Basics
Topic: Ubuntu File Server Port Forwarding NAT Rule not working
Replies: 4
Views: 1986

Re: Ubuntu File Server Port Forwarding NAT Rule not working

Have you rebooted the router after setting that forward? Or deleted the connection list? Because of connection tracking, a NAT rule doesn't kick in immediately if there is an existing tracked connection on that port, from a previous connection attempt, until that initial it times out (which sometime...
by docmarius
Sun Nov 19, 2017 12:19 pm
Forum: General
Topic: can't access some resources vpn
Replies: 5
Views: 1526

Re: can't access some resources vpn

If you use a different subnet on your tunnel and your PBX there could be an issue. For added security, it is possible that the PBX does not accept management connections from hosts outside its LAN. In this case you need to set up some src-nat/masquerading on the LAN port, so that the PBX sees your c...
by docmarius
Sun Nov 19, 2017 3:20 am
Forum: General
Topic: Classless Static Route for PPTP
Replies: 3
Views: 1317

Re: Classless Static Route for PPTP

Doesn't a classic
/ip route add gateway=<pptp interface name>
work?
by docmarius
Sat Nov 18, 2017 11:30 am
Forum: General
Topic: Classless Static Route for PPTP
Replies: 3
Views: 1317

Re: Classless Static Route for PPTP

AFAIK all the routing is classless in ROS, since you are free to use whatever netmask you like on any IP. The same goes for the implemented routing protocols except RIP v1.
Anyway, not implementing classless routes on any modern router makes it completely obsolete and a joke, not a router :-)
by docmarius
Sat Nov 18, 2017 11:26 am
Forum: SwOS
Topic: rb260gs throughput question [SOLVED]
Replies: 1
Views: 10584

Re: rb260gs throughput question [SOLVED]

Switching always happens at wire speed, so you can count on the 1000mbps no matter what.
by docmarius
Sat Nov 18, 2017 11:23 am
Forum: General
Topic: Mikrotik forum customer support - is it exist??
Replies: 6
Views: 1650

Re: Mikrotik forum customer support - is it exist??

For official Mikrotik support you need to contact support@mikrotik.com.
Although MT people mingle with the crowds on this forum and support us, it is not the official channel.
by docmarius
Sat Nov 18, 2017 1:41 am
Forum: General
Topic: Vlan on 6.41RC need help to understand how it works.
Replies: 11
Views: 3497

Re: Vlan on 6.41RC need help to understand how it works.

... In menu Interfaces -> VLAN vlan2-> VLAN ID:2 -> Interface:bridge2 ... You need to add vlan2 to interface eth4, not to the bridge! The interfaces hierarchy: eth1 - untagged/no vlan eth2 - untagged/no vlan eth3 - untagged/no vlan eth4 - untagged/no vlan | -- vlan2 tagged/vlan id 2 the bridges: br...
by docmarius
Fri Nov 17, 2017 10:42 pm
Forum: RouterBOARD hardware
Topic: More info about mUPS
Replies: 53
Views: 15145

Re: More info about mUPS

@Naglya Put a diode on the wire, so that there is only current flowing from the batteries:

mUPS --------|<------- battery
by docmarius
Fri Nov 17, 2017 8:45 am
Forum: General
Topic: Vlan on 6.41RC need help to understand how it works.
Replies: 11
Views: 3497

Re: Vlan on 6.41RC need help to understand how it works.

Maybe it is to simple :-) - add a VLAN interface with VLAN ID 2 to eth4, call it vlan2 - create 2 bridges - add ports eth2 and eth4 to bridge1 - add ports eth3 and vlan2 to bridge2 done. To allow routing, treat each bridge as your actual inside interfaces: - configure eth1 to your liking (dhcp) - as...
by docmarius
Fri Nov 17, 2017 12:36 am
Forum: Forwarding Protocols
Topic: IPv6 from internet to IPv4 in local net
Replies: 7
Views: 7862

Re: IPv6 from internet to IPv4 in local net

For this to happen, you will need to run some kind of proxy. Since there is no such thing available on MT, you need a machine on your network to do it (even a Pi would work, using e.g. haproxy). I use such a setup to give IPv6 access to IPv4/TCP only services without issues. BTW, a port of haproxy w...
by docmarius
Fri Nov 17, 2017 12:31 am
Forum: General
Topic: What dynamic DNS are you using and why? (Free or not)
Replies: 12
Views: 5781

Re: What dynamic DNS are you using and why? (Free or not)

Hurricane Electric, he.net.
DNS is free for a reasonable amount of domains, has an easy management and setup interface, and it even provides the update scripts for Mikrotik.
And you could also get an IPv6 tunnel for free.
by docmarius
Tue Nov 14, 2017 8:57 pm
Forum: Beginner Basics
Topic: Multicast Stream Forwarding
Replies: 2
Views: 1244

Re: Multicast Stream Forwarding

The constant streaming idea is referring to stream once the receiving device subscribed to a multicast group. Before that, the stream has no meaning for it and is just consuming bandwidth on that network segment. And of course the multicast source needs to be capable to deliver a constant stream to ...
by docmarius
Mon Nov 13, 2017 9:23 pm
Forum: RouterBOARD hardware
Topic: RB1100AHx4
Replies: 10
Views: 3682

Re: RB1100AHx4

But there is a switch menu on the LHG 5, which has only a single ethernet port and no switch chip :lol:
I assume it is a glitch. Anyway, I understand that the functionalities of the switch menu will be migrated into the bridge part starting with 6.41.
by docmarius
Mon Nov 13, 2017 9:07 pm
Forum: General
Topic: upgrade to 6.40.5 and reboot, all backup files have been lost
Replies: 3
Views: 1243

Re: upgrade to 6.40.5 and reboot, all backup files have been lost

On the newer 16M flash devices, if you do not write your files into the flash folder, they will be erased on reboot, since the file root is a ram drive.
You can do this in winbox after doing the backup in the file window, by drag and drop of the file onto the flash folder.
by docmarius
Mon Nov 13, 2017 8:55 am
Forum: Beginner Basics
Topic: Switch Chip Fun (Vlan 0 issue)
Replies: 9
Views: 4327

Re: Switch Chip Fun (Vlan 0 issue)

Default untagged VLAN is 1, not 0. VLAN 0 is an invalid VLAN ID. VLAN identifier (VID): a 12-bit field specifying the VLAN to which the frame belongs. The hexadecimal values of 0x000 and 0xFFF are reserved. All other values may be used as VLAN identifiers, allowing up to 4,094 VLANs. The reserved va...
by docmarius
Sun Nov 12, 2017 8:16 pm
Forum: Announcements
Topic: v6.40.5 [current]
Replies: 82
Views: 42264

Re: v6.40.5 [current]

deleted.
by docmarius
Sun Nov 12, 2017 1:08 am
Forum: RouterBOARD hardware
Topic: New CPU - new product RB750Gr3 - RB750G family - now mmips
Replies: 180
Views: 97737

Re: New CPU - new product RB750Gr3 - RB750G family - now mmips

Why wireless package is inserted into main, when device dont support wireless? its funny.
Because you might want to use CAPsMAN on the device? So it is actually not that funny.
by docmarius
Sat Nov 11, 2017 2:40 pm
Forum: General
Topic: mark packet in a switch possible?
Replies: 5
Views: 1662

Re: mark packet in a switch possible?

Marking packets and connections is an router internal feature and have no consequences "on the wire". IPv4 TOS/DSCP fields on the other hand could be used. But for this to happen, I think the Phone itself needs to be able to set the TOS/DSCP field, since it is a L3 feature, while switches ...
by docmarius
Sat Nov 11, 2017 2:19 pm
Forum: General
Topic: EoIP tunnel hops
Replies: 4
Views: 1540

Re: EoIP tunnel hops

To trace the tunnel hops and to be visible to the tunnel traffic, this would mean that ALL routers along the way need to support EoIP, unpack the packet inside, decrease its TTL, repack it and send it to the destination. To expect something like this is hilarious at best, and totally inefficient. If...
by docmarius
Fri Nov 10, 2017 9:06 pm
Forum: Announcements
Topic: v6.40.5 [current]
Replies: 82
Views: 42264

Re: v6.40.5 [current]

Also my report:
CCR1009-1C-7G-1S-1S+ including Dude on SD, 922UAGS-5HPacD (NetMetal5) + R11e-5Hnd, LHG5, 960PGS (hEX POE), OmniTIK UPA-5HnD, 921GS-5HPacD r2 (mANTBox), 951G-2HnD, 450G, 750GL and 911G-5HPnD (QRT5)
all upgraded from 6.40.4 without incidents.
by docmarius
Wed Nov 08, 2017 1:24 am
Forum: General
Topic: May TFTP server have some problem on CCR
Replies: 1
Views: 2419

Re: May TFTP server have some problem on CCR

Your requested file name and real file name is not 'yes' as shown in your tftp configuration.
So in order to get "tftp 192.168.102.1 GET Drums1.raw" working, you need:
/ip tftp
add real-filename=disk1/Drums1.raw req-filename=Drums1.raw
by docmarius
Sun Nov 05, 2017 11:26 pm
Forum: Beginner Basics
Topic: hap AC external HDD question
Replies: 12
Views: 6610

Re: hap AC external HDD question

According to the product description yes, it can. Assuming your TV supports DLNA, of course.
The router doesn't need to support anything. Just put the TV together with the NAS on your local LAN. No need for routing between them (actually DLNA UPNP discovery will not work if you do routing).
by docmarius
Sun Nov 05, 2017 4:20 pm
Forum: General
Topic: How do we filter torrent now?
Replies: 19
Views: 5645

Re: How do we filter torrent now?

And of course, all of you realize that not every torrent download is illegal. It is just a protocol, nothing more. Even some software distributions and updates are offered as torrents (e.g. Debian). The content may be illegal, but so is the content of any download. So IMHO, while blocking an offendi...
by docmarius
Thu Nov 02, 2017 1:55 pm
Forum: Beginner Basics
Topic: hap AC external HDD question
Replies: 12
Views: 6610

Re: hap AC external HDD question

That actually depends on your TV. You could get some small Linux board supporting e.g. SATA (Cubieboards are an example), or at least USB (Raspberry) and share the content either via some network file system (NFS, SAMBA - your TV needs to support this), or put some DLNA server on this device (e.g. T...
by docmarius
Wed Nov 01, 2017 5:45 pm
Forum: General
Topic: Article about new "Reaper" or "loTroop" Botnet
Replies: 5
Views: 2410

Re: Article about new "Reaper" or "loTroop" Botnet; lists Mikrotik as vulnerable

The only conclusion I draw from that table is that MT equipment his NOT involved. At least this is what those "-" signs suggest. The mere fact that it appears in that table just shows that MT is important enough to be mentioned, not that it is vulnerable.
by docmarius
Tue Oct 31, 2017 6:07 pm
Forum: Beginner Basics
Topic: GPON between two MikroTik's
Replies: 7
Views: 2854

Re: GPON between two MikroTik's

The GPON system is meant to connect multiple clients to a central provider using a single optical connection and passive splitters. It uses a time division approach to multiplex the user traffic to achieve this. You need to have a central equipment (called OLT) providing the central management syste...
by docmarius
Sun Oct 29, 2017 11:19 pm
Forum: Wireless Networking
Topic: Quickly varying wireless communication rates
Replies: 5
Views: 2172

Re: Quickly varying wireless communication rates

Also remember that multicast are sent at 6Mbps if multicast helper is not set to full.
by docmarius
Tue Oct 17, 2017 8:49 pm
Forum: Forwarding Protocols
Topic: MPLS over IPIP tunnels
Replies: 5
Views: 2992

Re: MPLS over IPIP tunnels

Eoip also uses GRE, just with an additional 2 byte addon in the header (the tunnel ID). This allows multiple eoip tunnels between the same hosts, while there is only a single GRE tunnel possible between them.
by docmarius
Fri Oct 13, 2017 9:15 am
Forum: The Dude
Topic: Dude server-Linux standalone server?
Replies: 3
Views: 2311

Re: Dude server-Linux standalone server?

You can run a CHR ROS image in a virtual machine. It supports the Dude server and will not interfere (unless configured to do so :lol: ).
by docmarius
Wed Oct 11, 2017 7:06 pm
Forum: Announcements
Topic: v6.40.4 [current]
Replies: 103
Views: 44816

Re: v6.40.4 [current]

Except the loss of the user name in one pptp server binding on tile (out of 10), everything went smooth on NetMetal, LHGs, hEX POE and Omnitik and others.
by docmarius
Sun Oct 08, 2017 12:19 pm
Forum: General
Topic: SBC and 1100 Routerboard
Replies: 5
Views: 2390

Re: SBC and 1100 Routerboard

If SBC should mean Single Board Computer, then yes, according to the pictures it is built on a single board.
If you actually mean SoC (System on a Chip), then no, the QorIQ P2020 has external RAM and Flash, with a dual core e500v2 architecture on chip.

Why is this relevant?
by docmarius
Sat Sep 30, 2017 9:44 pm
Forum: General
Topic: Traceroute poetry
Replies: 1
Views: 959

Traceroute poetry

Image
by docmarius
Mon Sep 11, 2017 12:29 am
Forum: SwOS
Topic: RB260GS install ROS [SOLVED]
Replies: 1
Views: 11143

Re: RB260GS install ROS [SOLVED]

Actually, the answer is right in the product description: It is just a SWITCH.
by docmarius
Sat Sep 09, 2017 12:57 am
Forum: General
Topic: S-85DLC05D vs S-35LC20D
Replies: 3
Views: 1590

Re: S-85DLC05D vs S-35LC20D

There certainly is no 35LC20D with a 850nm laser, so you probably have either a wrong identification, or a defective part... Best direct this issue to support.
by docmarius
Fri Sep 08, 2017 1:29 pm
Forum: General
Topic: S-85DLC05D vs S-35LC20D
Replies: 3
Views: 1590

Re: S-85DLC05D vs S-35LC20D

No, you can not. Both fiber modules need to use the same optical wave length and the same fiber type. So if you choose a 85/05 SFP, it uses 850nm laser on a multimode fiber (OM3 or OM4) and uses 2 fiber strands (dual LC connector) for a 500m distance. The 35LC is a single mode transceiver that works...
by docmarius
Tue Aug 22, 2017 2:01 am
Forum: Beginner Basics
Topic: How to use RB951 as a switch/network-hub(old word)
Replies: 9
Views: 3454

Re: How to use RB951 as a switch/network-hub(old word)

The device is a switch already out of the box. Ports 2-5 are switched. Just plug your cables into ports 2-5 and it will work as a switch. thanks for the reply, i've plugged in the ISP cable on ether1 and the tenda on ether5 ( i haven't configured anything my self, all were default settings came wit...
by docmarius
Sun Aug 20, 2017 5:58 pm
Forum: SwOS
Topic: SwOS vs RouterOS considering switch-only functionality
Replies: 3
Views: 4402

Re: SwOS vs RouterOS considering switch-only functionality

I would expect the reverse situation: ROS will provide full functionality, with additional SW supported functions, while SWOS will be a kind of "light" OS providing more basic HW supported switching-only functions, with a more easy to use management interface.
by docmarius
Sun Aug 20, 2017 5:40 pm
Forum: General
Topic: How to stop ma scanners
Replies: 17
Views: 4148

Re: How to stop ma scanners

You have to understand that radio waves are not selectively addressed and can be received by anyone in the range of that AP, and there is no way around this. Everyone can sniff an AP's full traffic, no matter what (and some time the client's traffic, too, but this is not relevant in this discussion)...
by docmarius
Sun Aug 20, 2017 1:01 am
Forum: General
Topic: How to stop ma scanners
Replies: 17
Views: 4148

Re: How to stop ma scanners

the question here is why should it must be that easy to discover the clients mac addresses by hackers so that they can copy them ???????? there must be away that we could hide them from everybody That's how an open system is supposed to work: Open. And there is no way to hide them as long the syste...
by docmarius
Fri Aug 18, 2017 10:06 pm
Forum: SwOS
Topic: SWOS to ROS
Replies: 7
Views: 5959

Re: SWOS to ROS

Please define "powerful". Usually devices having switch chips inside run at wire speed. You can not get more switching power than that. It depends on what features you need in your particular case. Hybrid devices provide some additional switching and routing functions, too. But don't expec...
by docmarius
Sun Aug 13, 2017 6:34 am
Forum: Announcements
Topic: v6.40.1 [current]
Replies: 74
Views: 38418

Re: v6.40.1 [current]

Another issue (CCR1009):
After the update from 6.39.2, one of my PPTP server binding entries lost the user name set for it.
Correction by hand solved it. All other similar entries where fine.
by docmarius
Tue Aug 08, 2017 2:21 pm
Forum: Beginner Basics
Topic: Port forwarding with change of source address
Replies: 6
Views: 5919

Re: Port forwarding with change of source address

Yes, add a src-nat rule on the internal interface with the matching you like. Take care that after dst-nat, the dst address is not the original one anymore, it is the one you set in dst-nat. So if you have e.g. public IP 1.2.3.4, incoming connection from 2.3.4.5 and a dst-nat to 192.168.1.2, on the ...
by docmarius
Tue Aug 08, 2017 1:03 pm
Forum: Beginner Basics
Topic: Port forwarding with change of source address
Replies: 6
Views: 5919

Re: Port forwarding with change of source address

You can always do a src-nat on the outgoing interface (in your case the internal interface) on a specific packet, which happens as the last step before sending it out to the network. How you decide on which one, depends on what you want. You could use ip matching, connection or packet marks, your im...
by docmarius
Tue Aug 01, 2017 11:16 pm
Forum: General
Topic: Default Config w Mac-Telnet disabled - Change Needed?
Replies: 8
Views: 5802

Re: Default Config w Mac-Telnet disabled - Change Needed?

Or a better fix, maybe adding setting where if the physical reset button on the router is held for 15 or 20 seconds during power up, then the RB resets to /sys reset-config no-defaults=yes (ie longer than the standard 5s press which resets to def. config) - this is something we as admins can easily...
by docmarius
Tue Aug 01, 2017 10:21 pm
Forum: General
Topic: Default Config w Mac-Telnet disabled - Change Needed?
Replies: 8
Views: 5802

Re: Default Config w Mac-Telnet disabled - Change Needed?

Don't you think that the need to keep not so proficient users safe from possible security breaches outweighs your need for commodity on device deployment? On the other hand, the need to do a preliminary bench pre-configuration before deployment to the customer (a simple reset without default config ...
by docmarius
Tue Aug 01, 2017 6:55 pm
Forum: General
Topic: Forum Home Button redirect to RB1100Dx4
Replies: 3
Views: 1492

Re: Forum Home Button redirect to RB1100Dx4

But why? It is a user forum, as you always say, not a dedicated RB1100AHx4 Dude Edition advertisement site for that page to be the home page.
And we already have MT hardware, and are informed about it, so we are no target for those advertisements anyway.
by docmarius
Sat Jul 22, 2017 11:46 pm
Forum: Beginner Basics
Topic: RB1100AH with local webserver
Replies: 9
Views: 3608

Re: RB1100AH with local webserver

I think there could be a misunderstanding here. By local server you mean a machime on your local network or a way to run a webserver on the router? While a local machine on the network can be reached by using simple dst-nat (a.k.a. port forwarding), seting up a web server with php on the router itse...
by docmarius
Sun Jul 16, 2017 11:15 am
Forum: RouterBOARD hardware
Topic: RB1100AHx4 Dude Edition
Replies: 52
Views: 19923

Re: RB1100AHx4 Dude Edition

And then again, in our case one could unsolder the flash chips, scrape the top layes and do a destructive reading cell by cell :D But seriously,, movig data between devices usually involves a read/write/delete operation, not moving the device itself. I know its just semantics but it dazzled me when ...
by docmarius
Sun Jul 16, 2017 12:06 am
Forum: RouterBOARD hardware
Topic: RB1100AHx4 Dude Edition
Replies: 52
Views: 19923

Re: RB1100AHx4 Dude Edition

That is if you want to physical move the data.
Physically move the disk, not the data....
by docmarius
Sat Jul 15, 2017 11:59 pm
Forum: RouterBOARD hardware
Topic: RB1100AHx4 Dude Edition
Replies: 52
Views: 19923

Re: RB1100AHx4 Dude Edition

fat32 if you need to move data between the router and a PC. What's the logic behind this? The router has to read the file into RAM and send it, and the other way around on writing. And this has nothig to do with the undelying file system. So unless you want to move that SSD physically to a Windows ...
by docmarius
Fri Jul 14, 2017 5:44 pm
Forum: General
Topic: RB1100Ahx2 Offering lease problem, and whiteout success
Replies: 2
Views: 1383

Re: RB1100Ahx2 Offering lease problem, and whiteout success

If you run your DHCP server on a bridge, try to disable STP/RSTP on that bridge...
by docmarius
Sun Jul 09, 2017 4:12 am
Forum: RouterBOARD hardware
Topic: Cloud Core Router/Switch
Replies: 4
Views: 1672

Re: Cloud Core Router/Switch

The switch will work flawless with your 2011. And of course you will be able to upgrade to 10Gbps later. The only issue is that you will need 1Gbps SFPs for a start, since the 2011 doesn't support 10G modules (assuming you want to use the SFP port for the link. If not, a copper link will do fine unt...
by docmarius
Tue Jul 04, 2017 7:49 pm
Forum: Beginner Basics
Topic: How to remove the "mark routing"? [SOLVED]
Replies: 1
Views: 7411

Re: How to remove the "mark routing"? [SOLVED]

Delete all your connections in /ip firewall connections or restart your router.
by docmarius
Sat Jul 01, 2017 1:12 am
Forum: RouterBOARD hardware
Topic: RB1100AHx4
Replies: 10
Views: 3682

Re: RB1100AHx4

If you need official information on a specific topic you should mail support@mikrotik.com. Maybe they have an answer for you. But somehow I suspect the data ports are still there in a possible non-dude version since a M2 SSD or SATA device could serve other purposes, too, so its only the M2 card tha...
by docmarius
Sat Jul 01, 2017 1:00 am
Forum: RouterBOARD hardware
Topic: RB1100AHx4
Replies: 10
Views: 3682

Re: RB1100AHx4

You can actually disable/uninstall the dude on the "dude version" and optional plug out the SSD, you know?
Good luck with the new Edge Pro 4 if that's what you like better. Since this is a user forum nobody is holding a grunge at you but isn't impressed either.
by docmarius
Fri Jun 30, 2017 1:40 am
Forum: General
Topic: Decline of Mikrotik?
Replies: 102
Views: 42461

Re: Decline of Mikrotik?

i doubt consumers would have that option to run mikrotik alongside a PC running linux. That's true, but on the other hand, I doubt consumers need all those full services. They actually need minimal but sufficient service support for regular tasks. Advanced services are out of the "consumer&quo...
by docmarius
Thu Jun 29, 2017 5:09 pm
Forum: General
Topic: Decline of Mikrotik?
Replies: 102
Views: 42461

Re: Decline of Mikrotik?

i know, but when i say important i mean you wouldnt be able to function without it. You dont need DNS for routing to work but you cant live without it either. You can't live without it on your network, but you certainly can live without it on your router. And this is an important distinction, meani...
by docmarius
Wed Jun 28, 2017 1:01 am
Forum: Wireless Networking
Topic: News about the future of mikrotik
Replies: 7
Views: 2231

Re: News about the future of mikrotik

Ok, now it's clear. The issue I am pointing out is the fact that TDMA implementations solve the hidden client problem and give a better throughput, under the condition to have a clean channel. If 2 different wireless protocols are co-located on a channel, they will just interfere and there's nothing...
by docmarius
Tue Jun 27, 2017 2:29 am
Forum: Wireless Networking
Topic: News about the future of mikrotik
Replies: 7
Views: 2231

Re: News about the future of mikrotik

Even if I agree on your points, I have to ask: who is "we" and "all Google users" ? I am a Google user an no one asked for my opinion. And I don't remember electing a representative to speak for me, as a Google user, in this forum. Probably the same goes for the other some 1 bill...
by docmarius
Sat Jun 24, 2017 3:53 pm
Forum: General
Topic: Forum: Home link
Replies: 3
Views: 1226

Forum: Home link

Really, could you please stop changing the forum "Home" link to something else than the forum home? That link is exactly for that, to reach the forum's home, and is used for that specific goal in virtual any phpBB forum on this planet. To be substituted with the 1100AHx4 specs, which proba...
by docmarius
Mon Jun 19, 2017 10:43 pm
Forum: RouterBOARD hardware
Topic: Require information about electronic component of RB1100AHx2 [SOLVED]
Replies: 10
Views: 4163

Re: Require information about electronic component of RB1100AHx2 [SOLVED]

It might be an inductor (3.9 uH) but if the noise is the only problem I wouldn't be worrying much about it. https://www.eevblog.com/forum/projects/hissing-inductor-cores/ After seeing the picture, it is certainly a 3.9 uH inductor, and that module looks like a switching DC/DC converter... Check on ...
by docmarius
Sat Jun 17, 2017 9:38 am
Forum: RouterBOARD hardware
Topic: Powerful Wave 2 routers - when to expect?
Replies: 2
Views: 1645

Re: Powerful Wave 2 routers - when to expect?

They probably will be released together with ROS 7 :lol:
by docmarius
Sat Jun 17, 2017 9:01 am
Forum: RouterBOARD hardware
Topic: Require information about electronic component of RB1100AHx2 [SOLVED]
Replies: 10
Views: 4163

Re: Require information about electronic component of RB1100AHx2 [SOLVED]

From the notation, that is a 3.9 Ohm resistor.
by docmarius
Sat Jun 17, 2017 8:41 am
Forum: RouterBOARD hardware
Topic: RB3011UIAS-RM
Replies: 4
Views: 1480

Re: RB3011UIAS-RM

If I understand correctly, this board features POE in. If this is on eth1 and is blown so that there is a current leak through the POE circuitry on that port, connecting a cable to peripherals that create a short circuit between the POE pins will get the power supply to overload and the router to sh...
by docmarius
Sun Jun 11, 2017 5:47 pm
Forum: General
Topic: How to Preference IPv4 over IPv6 on dual stack router on Mikrotik RouterOS?
Replies: 20
Views: 5653

Re: How to Preference IPv4 over IPv6 on dual stack router on Mikrotik RouterOS?

How to Preference IPv4 over IPv6 on Dual stack ... That you have to set in your client machine. The router will serve both IPv4 and IPv6 if asked for it, with no discrimination. There is no such thing as a protocol "preference" concept in a router. The client decides what to ask for, not ...
by docmarius
Sat Jun 10, 2017 11:46 pm
Forum: General
Topic: 192.168.60.0/32 - what this strange route mean?
Replies: 8
Views: 2602

Re: 192.168.60.0/32 - what this strange route mean?

since in vanilla linux nothing like this exists Yes it does. Have you ever issued a command like "ip route list table local" ? You will find a /32 host route for each network, interface and broadcast address of all the IPs assigned to your interfaces. Just that /32 routes in Linux don't h...
by docmarius
Tue May 23, 2017 8:25 am
Forum: General
Topic: Strange problem
Replies: 1
Views: 1155

Re: Strange problem

This is someone trying to access a FTP directory, non-existent or without permissions using your web proxy.
by docmarius
Fri May 19, 2017 9:43 am
Forum: RouterBOARD hardware
Topic: Ubnt's new SFPs - do they work with CCR/Hex?
Replies: 3
Views: 2377

Re: Ubnt's new SFPs - do they work with CCR/Hex?

I have UF-SM-1G-S (3km BiDi) working flawless on my CCR1009-7G-1C-1S+ in the combo port connected to an old gen. RB260GSP.
It does NOT work in the SFP+ slot though (module is recognized, but no link).
by docmarius
Tue May 16, 2017 11:52 am
Forum: Scripting
Topic: Super Mario Theme
Replies: 49
Views: 66069

Re: Super Mario Theme

Make router racks great again :lol:
by docmarius
Mon May 01, 2017 2:54 am
Forum: General
Topic: 0 items out of 8
Replies: 4
Views: 1546

Re: 0 items out of 8

Those lists are the result of filtering the interface list.
So the 8 is your total number of interfaces, of which 0 are ppp.
by docmarius
Wed Apr 26, 2017 7:21 pm
Forum: RouterBOARD hardware
Topic: 48 Port Switches
Replies: 16
Views: 9039

Re: 48 Port Switches

Is the 24 port CRS with PoE not enough for you guys?

What is the aversion to running in 2 CRS226's and sticking an SFP+ direct cable between them?
Where's the PoE out in the CRS226?

Anyway, MT announced the CRS328-24P-4S+RM at the MUM, with 802.3af/at. Time will tell.
by docmarius
Tue Apr 18, 2017 2:24 pm
Forum: RouterBOARD hardware
Topic: hapAC poe in not working
Replies: 9
Views: 7598

Re: hapAC poe in not working

Exactly. It accepts 802.3af and puts out passive PoE.
by docmarius
Tue Apr 18, 2017 2:18 pm
Forum: General
Topic: Redirect traffic going to a dst-port to another port
Replies: 8
Views: 3133

Re: Redirect traffic going to a dst-port to another port

Having a web server, isn't it easier to set up virtual hosts on it and proxy www2.example.com to the destination you want by the web server? Even a page that just redirects to port 3000 would do. Then you only need to forward port 3000 to server:3000 on your router using simple port forward. Your cl...
by docmarius
Tue Apr 18, 2017 8:01 am
Forum: Beginner Basics
Topic: app loadbalancing
Replies: 6
Views: 1942

Re: app loadbalancing

Hmmm, you are right, since there is no outgoing interface matching. I think I just had a bad idea :? but something like this could work: if1 (10.0.0.1) ------- server1 (10.0.0.2) - virtual (192.168.2.1) if2 (10.0.1.1) ------- server2 (10.0.1.2) - virtual (192.168.2.1) Check gateway by ping on 10.0.0...
by docmarius
Tue Apr 18, 2017 6:51 am
Forum: Beginner Basics
Topic: app loadbalancing
Replies: 6
Views: 1942

Re: app loadbalancing

LE: Disregard the text below. Bad idea/it won't work. You can put your servers on a separate link with different subnet and assign 2 IPs to each, so you will need to reach e.g. 192.168.2.1 via 10.0.0.1. 192.168.3.1 via 10.0.0.2. In this case you would need to add a static route, which has the optio...
by docmarius
Tue Apr 18, 2017 6:18 am
Forum: RouterBOARD hardware
Topic: hapAC poe in not working
Replies: 9
Views: 7598

Re: hapAC poe in not working

It is not only an voltage and power issue. With 802.2af/at, the device negotiates its power level, following a specific protocol. With passive PoE, it just gets power over the pairs 4-5 and 7-8 (24V in most of the MT and UBNT devices). Because the device does not do power negotiation, your switch wi...
by docmarius
Mon Apr 17, 2017 8:41 am
Forum: RouterBOARD hardware
Topic: hapAC poe in not working
Replies: 9
Views: 7598

Re: hapAC poe in not working

Your switch provides 802.3at/af PoE, the hAP expects passive PoE, so it will no work. One option would be to use https://routerboard.com/RBGPOE-CON-HP. Or return your switch if possible and get one that supports 24V passive PoE like the ES-24. If 5 ports are enough, you can use the RB260GSP. Mikroti...
by docmarius
Sun Apr 16, 2017 1:05 pm
Forum: General
Topic: RB1100 - Merge switch2 and switch1 using VLANs
Replies: 5
Views: 2541

Re: RB1100 - Merge switch2 and switch1 using VLANs

Take the untagged port out of the switch, and put it in a bridge with the VLAN port. (In your example let's say VLAN10 hanging on ether4 and ether6 itself). On receive, you need to see a VLAN interface as a filter, extracting tagged traffic from the parent interface (the VLAN traffic will not be see...
by docmarius
Sun Apr 16, 2017 2:13 am
Forum: Scripting
Topic: Very long time to execute simple script, why??
Replies: 2
Views: 1362

Re: Very long time to execute simple script, why??

[/ip arp print count-only where mac-address=$Mac] actually runs through your complete MAC list. So each iteration actually has 3000 reads through your router's command interpretor. If we assume 1 msec each this will give you 3 seconds/iteration. For a total of 3000 iterations, you will get 2.5 hours...
by docmarius
Sun Apr 16, 2017 1:52 am
Forum: General
Topic: RB1100 - Merge switch2 and switch1 using VLANs
Replies: 5
Views: 2541

Re: RB1100 - Merge switch2 and switch1 using VLANs

Put a VLAN interface of VLAN 10 on each of the mentioned ports, and place those 2 VLAN interfaces in a bridge.
by docmarius
Thu Apr 13, 2017 10:44 pm
Forum: RouterBOARD hardware
Topic: passive POE standard?
Replies: 5
Views: 3566

Re: passive POE standard?

If you respect the ethernet interface design, then nothing will pop.
Grounding something that is not supposed to be grounded is a bad idea...
by docmarius
Sun Apr 02, 2017 1:25 pm
Forum: General
Topic: Question about speed between switches
Replies: 7
Views: 1875

Re: Question about speed between switches

https://i.mt.lv/routerboard/files/Block-RB1100AHx2.pdf I would put the NAS on ports 11-12-13. And each server on different switches. The one with the lower speed requirements on the same switch with the uplink. Or better yet, get a CCR-1009-1C-7G-1S where it doesn't matter since there are no switch ...
by docmarius
Sun Apr 02, 2017 12:23 pm
Forum: The Dude
Topic: snmp problem whit RB260GS
Replies: 4
Views: 2757

Re: snmp problem whit RB260GS

You need to wait some time for the snmp is read out and appear in the device snmp tab.
by docmarius
Sun Apr 02, 2017 10:02 am
Forum: General
Topic: RB110AHx2 Switch
Replies: 3
Views: 1456

Re: RB110AHx2 Switch

I thing it is normal and was always that way and there is nothing wrong.
The fact that is "supposed" to be the other way around is just a simple assumption made by ourselves based on logical expectations.
by docmarius
Fri Mar 31, 2017 4:38 pm
Forum: Announcements
Topic: MUM Europe 2017 Live!
Replies: 64
Views: 25078

Re: MUM Europe 2017 Live!

Actually impressive :-)
by docmarius
Mon Mar 20, 2017 8:53 am
Forum: The Dude
Topic: TOOL/WINBOX Disappeared from LIST
Replies: 16
Views: 9166

Re: TOOL/WINBOX Disappeared from LIST

You can add it under Devices->Types to the "Mikro Tik Device". Then it will show up for all devices having that type.
by docmarius
Mon Mar 20, 2017 8:16 am
Forum: General
Topic: ICMP problem
Replies: 5
Views: 1747

Re: ICMP problem

By creating these blocking rules you actually preventing responses to those requests (you see it is working since there is no Tx flow on your interface). But it will never block incoming traffic hitting and saturating your incoming interface, which is physically impossible, and there is nothing YOU ...
by docmarius
Sun Mar 19, 2017 6:08 pm
Forum: General
Topic: Not showing the origin IP
Replies: 9
Views: 2465

Re: Not showing the origin IP

That has a simple explanation. There are lingering connection tracking connections which are not deleted when you change your firewall rules, especially when changing dst-nat stuff.
Rebooting clears those connections...
by docmarius
Sun Mar 19, 2017 6:00 pm
Forum: Beginner Basics
Topic: NAT Loopback, for all ports.
Replies: 8
Views: 9940

Re: NAT Loopback, for all ports.

Using the DNS will still not solve the issue. Let's say you have some ports used by the router (e.g. ssh access, or VPN terminations), a DVR on one internal IP and a web server on another. To which internal IP should the host name be "masqueraded" via DNS? In neither case will all port for...
by docmarius
Sun Mar 19, 2017 5:40 pm
Forum: Beginner Basics
Topic: NAT Loopback, for all ports.
Replies: 8
Views: 9940

Re: NAT Loopback, for all ports.

Could you please give some links to read about it? No, this is my personal reasoning, and I have not written it down. But you could check out the packet flow for IPv4: https://wiki.mikrotik.com/wiki/Manual:Packet_Flow To be more precise what I am talking about regarding port forward. Instead of usi...
by docmarius
Sun Mar 19, 2017 10:49 am
Forum: General
Topic: Not showing the origin IP
Replies: 9
Views: 2465

Re: Not showing the origin IP

All outgoing traffic, including the one passing dnat will obey the srcnat chain. So the issue is this rule: /ip firewall nat add action=masquerade chain=srcnat comment="Maskarada WAN" This will do srcnat on ALL interfaces. You need to do this only on WAN: /ip firewall nat add action=masque...
by docmarius
Sun Mar 19, 2017 10:32 am
Forum: Beginner Basics
Topic: NAT Loopback, for all ports.
Replies: 8
Views: 9940

Re: NAT Loopback, for all ports.

The old setup was working because your provider's router was doing the loopback. There is no single rule to reroute incoming traffic through the prerouting chain of your WAN, so that DNAT rules are obeyed. The solution could be to rewrite those DNAT and input rules, so they don't use interfaces on t...
by docmarius
Sun Mar 19, 2017 1:08 am
Forum: General
Topic: Not showing the origin IP
Replies: 9
Views: 2465

Re: Not showing the origin IP

Could you post your firewall configuration?
by docmarius
Sun Mar 19, 2017 12:58 am
Forum: General
Topic: Not showing the origin IP
Replies: 9
Views: 2465

Re: Not showing the origin IP

Nothing is wrong. You probably have SNAT/Masquerade enabled on the LAN interface.
by docmarius
Sat Mar 18, 2017 4:09 pm
Forum: RouterBOARD hardware
Topic: Questions about gbic module
Replies: 1
Views: 823

Re: Questions about gbic module

I have mine working with a 1m SM patch in such configuration for more than 1 year without issues.

And please delete your other identical post.
by docmarius
Sat Mar 18, 2017 4:06 pm
Forum: General
Topic: How to open my network winbox from outside
Replies: 1
Views: 991

Re: How to open my network winbox from outside

Installing a firewall rule with destination port 8291 and input interface your wan interface will do it.
But that is not a very bright idea because of the plain text authentication...
I would use a VPN access (even PPtP with mppe128 would do) and access winbox over that VPN adding a layer of security.
by docmarius
Sat Mar 18, 2017 3:52 pm
Forum: General
Topic: alarm port with Mikrotik
Replies: 12
Views: 3685

Re: alarm port with Mikrotik

Port forwarding via DNAT is controlled by the "Forward" chain after actual DNAT, not by "Input", so something like this would be correct: /ip firewall filter add action=accept chain=forward comment="Accept external port to be forwarded #tcp" dst-address=192.168.1.2 dst-...
by docmarius
Fri Mar 17, 2017 8:58 am
Forum: Beginner Basics
Topic: Hairpin behind modem
Replies: 6
Views: 1501

Re: Hairpin behind modem

I think here you have a reverse path issue. The cctv tries to send you a stream originating on the cctv and does not have proper IPs and routes to your client, which is not covered by connection tracking. The probable cause is improper or missing NAT somewhere. You need to except the client to cctv ...
by docmarius
Fri Mar 17, 2017 8:40 am
Forum: Beginner Basics
Topic: Default Mikrotik Firewall config (RouterOS 6.38.5)
Replies: 6
Views: 8841

Re: Default Mikrotik Firewall config (RouterOS 6.38.5)

The last input drop rule is appropriate only if you use eth1 as the WAN interface.
If you add a PPPoE or similar interface (meaning you do not have the default config anymore), you need to drop that interface instead of eth1.
The same is true for the last forward drop rule.
by docmarius
Fri Mar 17, 2017 8:22 am
Forum: Beginner Basics
Topic: Hairpin behind modem
Replies: 6
Views: 1501

Re: Hairpin behind modem

Put a dst-nat rule on your LAN interface with destination your public IP to do port forwarding exactly like your WAN. e.g. for port 8080, assuming 192.168.1.1 is your internal server, on WAN you would have: /ip firewall nat add action=dst-nat chain=dstnat dst-port=8080 in-interface=wan protocol=tcp ...
by docmarius
Thu Mar 16, 2017 10:38 pm
Forum: SwOS
Topic: Bricked two RB260s upgrading to SwOS 1.17
Replies: 6
Views: 3989

Re: Bricked two RB260s upgrading to SwOS 1.17

Since you had 1.15 on them, it is an old hardware version. 1.17 should work.
by docmarius
Thu Mar 16, 2017 10:33 pm
Forum: RouterBOARD hardware
Topic: RB960PGS - SFP + 5 Lan
Replies: 3
Views: 2013

Re: RB960PGS - SFP + 5 Lan

If you have your device in an closed enclosure and powered up, it will never go to -30 degrees, since it produces some heat.
So it will probably have no issues.
by docmarius
Thu Mar 16, 2017 9:57 pm
Forum: General
Topic: Yet another "dhcp,warning offering lease without success" issue
Replies: 38
Views: 27646

Re: Yet another "dhcp,warning offering lease without success" issue

I had issues with latter ROS versions stirring up multicast/broadcast traffic with RSTP enabled in connection with third party switches. Disabling STP/RSTP on the bridge may help...
by docmarius
Thu Mar 16, 2017 9:49 pm
Forum: Beginner Basics
Topic: Bridge two VLANS
Replies: 6
Views: 1956

Re: Bridge two VLANS

You can move a lot more than that... Bridging + 1Gbps NAT full speed takes at most 10% processor power on my 1009.
by docmarius
Thu Mar 16, 2017 9:40 pm
Forum: Beginner Basics
Topic: Bridge two VLANS
Replies: 6
Views: 1956

Re: Bridge two VLANS

You can check bridging performance on each router model, but bridging is not CPU intensive and most gigabit models are capable of it.
But I would recommend at least a 850Gx2 or a 3011, since it will allow Gbit performance on NAT if needed.
by docmarius
Thu Mar 16, 2017 9:36 pm
Forum: Beginner Basics
Topic: 2 WAN, 1 LAN failover config issues
Replies: 1
Views: 819

Re: 2 WAN, 1 LAN failover config issues

Could you be a little more explicit about what you are trying to do? Connected routes will always have dynamic routes with distance 0, since they allow direct subnet access. You can override them by creating routes with higher specificity (bigger netmasks). e.g. eth2 is 192.168.1.0/24, connected. If...
by docmarius
Thu Mar 16, 2017 9:27 pm
Forum: Beginner Basics
Topic: PPTP vpn to Windows server inside my network
Replies: 7
Views: 8399

Re: PPTP vpn to Windows server inside my network

Don't forget to forward ip protocol 47, too... 1723 is only the control port, the actual data transport happens over GRE.
Helpers may not work properly over NAT, so manual forwarding may be needed.
by docmarius
Thu Mar 16, 2017 9:24 pm
Forum: Beginner Basics
Topic: Pre PCC Routing
Replies: 2
Views: 977

Re: Pre PCC Routing

Routing marks are your friend...
Mark the proper connections and packets and enforce them to use a single gateway interface in a separate routing table.
Or use a VRF if the client may be isolated.
by docmarius
Thu Mar 16, 2017 9:17 pm
Forum: Beginner Basics
Topic: Reroute traffic
Replies: 5
Views: 1580

Re: Reroute traffic

Simply put, to access a IP resource directly, it MUST be in the same subnet as the partner or pass a gateway (NAT or not).
So you can either put the PC in 10.0.0.0/8, or add a 172.x.x.x address to the server interface, in the same subnet as the PC.
Otherwise, packets will need to pass the router.
by docmarius
Thu Mar 16, 2017 8:40 pm
Forum: Beginner Basics
Topic: dst-nat in NAT doesn't appear to be working
Replies: 5
Views: 1629

Re: dst-nat in NAT doesn't appear to be working

Did you flush your connections under Ip/Firewall/Connections by selecting all and deleting them, or by rebooting the router? TCP connections have a high persistence and connection tracking takes precedence in front of DSTNAT. Another thing: If ether2 is part of a bridge, you should use the bridge in...
by docmarius
Fri Mar 10, 2017 9:28 am
Forum: SwOS
Topic: Problem to CSS326-24G-2S+RM
Replies: 5
Views: 5303

Re: Problem to CSS326-24G-2S+RM

As with all modern switches, each port negotiates its own speed, without affecting the others.
So you can have mixed 10M/100M/1G (and 10G via SFP+ which also connects directly to the switch chip).
by docmarius
Fri Mar 10, 2017 9:06 am
Forum: General
Topic: CCR vs CRS
Replies: 7
Views: 13791

Re: CCR vs CRS

Semantics and word topic is important. CCR - Cloud Core Router: A ROUTER for the "cloud core". CRS - Cloud Router Switch: A SWITCH for the "cloud router" as defined above. So actually "Cloud" is kind of meaningless and just a hot marketing word, but the rest defines the...
by docmarius
Tue Mar 07, 2017 6:13 pm
Forum: Announcements
Topic: The Dude, v6.38 [current] release.
Replies: 77
Views: 38953

Re: The Dude, v6.38 [current] release.

The last stand-alone version was 4.0beta3, build date 2012-06-13.
Unfortunately I can not provide you with a download link, as it seem not to be available in the download archive.
A google search for 'dude-install-4.0beta3.zip' may help.
by docmarius
Wed Mar 01, 2017 8:13 pm
Forum: Announcements
Topic: The Dude, v6.38 [current] release.
Replies: 77
Views: 38953

Re: The Dude, v6.38 [current] release.

You could use '/dude export-db backup-file=blabla.tgz' in CLI and then copy the file.
by docmarius
Mon Feb 27, 2017 11:55 pm
Forum: General
Topic: /interface list implementation
Replies: 4
Views: 2917

Re: /interface list implementation

I just created that 394 address IPIP interface list and placed 5 drop rules in my firewall using the list.
I can not see any significant performance degradation or higher processor load on my CCR 1009.
Maybe a slower router could show more...
by docmarius
Mon Feb 27, 2017 10:19 pm
Forum: General
Topic: How to force RouterOS to not use more specific routes
Replies: 1
Views: 925

Re: How to force RouterOS to not use more specific routes

BGP allows you to assign an instance to a routing table or to use a VRF. By placing the 'general' routes in a specific routing table, you could force lookups via that table instead of the main table (by using either routing marks or routing rules).
by docmarius
Mon Feb 27, 2017 10:07 pm
Forum: Beginner Basics
Topic: Bridge Concept
Replies: 4
Views: 1840

Re: Bridge Concept

Yes, I think that statement is correct. Regarding ARP, not only will the bridge receive ARP packets from both segments, it will, unless no filtering is enabled, forward the ARP packets between the 2 segments. So an ARP request on LAN 1 will actually reach LAN2 (and the other way around, of course). ...
by docmarius
Sun Feb 26, 2017 10:42 pm
Forum: Beginner Basics
Topic: Bridge Concept
Replies: 4
Views: 1840

Re: Bridge Concept

To your first question... I think if one starts to see a bridge as a switch, more precisely a 2 port switch in your example, the functions become clear: 2 collision domains (a thing of the past since we all use switches in our networks and not hubs), and a single broadcast domain for the 2 LANs. So ...
by docmarius
Sun Feb 26, 2017 10:16 pm
Forum: RouterBOARD hardware
Topic: MUM Europe 2017: new hardware incoming!
Replies: 86
Views: 30352

Re: MUM Europe 2017: new hardware incoming?

Wishful thinking?
by docmarius
Sun Feb 26, 2017 9:54 pm
Forum: Beginner Basics
Topic: WOL from WAN
Replies: 20
Views: 18850

Re: WOL from WAN

The NIC actually doesn't care about the MAC, it evaluates only the packet content. So it just has to reach the physical interface, and for this it has to use a ethernet broadcast or multicast MAC address, to trick the switch to send it on all interfaces, since the real MAC can not be obtained via AR...
by docmarius
Sun Feb 26, 2017 1:28 pm
Forum: Beginner Basics
Topic: WOL from WAN
Replies: 20
Views: 18850

Re: WOL from WAN

WOL packets can also be sent as directed UDP packets, since only its data content is evaluated by the target NIC which scans for the following content: 6 bytes 0xFF followed by 16 repetitions of the target MAC (102 bytes). Length can be more than that and the sequence doesn't need to start at the be...
by docmarius
Fri Feb 24, 2017 9:07 am
Forum: General
Topic: How can I see the mac address connected directly to switch port
Replies: 4
Views: 8748

Re: How can I see the mac address connected directly to switch port

Torch can also be your friend here...
by docmarius
Fri Feb 24, 2017 9:03 am
Forum: Beginner Basics
Topic: Converter USB to LAN
Replies: 1
Views: 993

Re: Converter USB to LAN

An ethernet to USB converter will add an ethernet port to a device with USB ports, not an USB port to a device with ethernet ports to provide some kind of remote USB functions. So no, it will not work as you want it to.
by docmarius
Wed Feb 22, 2017 8:31 am
Forum: General
Topic: What is the Dynamic servers of NTP-Client?
Replies: 6
Views: 3958

Re: What is the Dynamic servers of NTP-Client?

Yes, I assume. If you use a ROS device as your DHCP server, you have a dedicated field for the NTP server in your network entry under DHCP Server/Networks. On other systems, it varies.
I think if the DHCP server offers the option, the ROS client will use them automagically.
by docmarius
Tue Feb 21, 2017 8:10 am
Forum: General
Topic: What is the Dynamic servers of NTP-Client?
Replies: 6
Views: 3958

Re: What is the Dynamic servers of NTP-Client?

AFAIK those are servers which the router gets via DHCP (option 42).
by docmarius
Sat Feb 18, 2017 4:27 pm
Forum: General
Topic: IP Tunnel question
Replies: 5
Views: 1563

Re: IP Tunnel question

An alternative would be to use sstp. Since it uses the https port, it would pass most modems and ISP firewalls.
You would need to generate 2 certificates and a common ca, but otherwise it works great in such circumstances.
by docmarius
Mon Feb 13, 2017 6:02 pm
Forum: SwOS
Topic: IP Address, by DHCP
Replies: 6
Views: 2868

Re: IP Address, by DHCP

The answer is "No". No address via DHCP.
by docmarius
Wed Feb 08, 2017 9:08 am
Forum: RouterBOARD hardware
Topic: 1 Gbit/s connection, need router upgrade?
Replies: 21
Views: 10431

Re: 1 Gbit/s connection, need router upgrade?

FYI: I just upgraded my RB1100AHx2 to a CCR1009-7G-1C-1S+ on a 1000/500 connection (dual wan, a lot of filters, 300+ tunnels, thousands of routes, NAT, no fasttrack...). The 1100 did some 900Mbps at 70% top processor load, while the 1009 gets 925Mbps at 7% load tops. So I would say both can do the j...