I've plugged the CF card in, loaded up NetInstall, clicked on the drive, and nothing really has happened, all the software-id/key/save config fields are disabled.
I've dug up a flash disk with an ancient install of Mikrotik 2.9rc1 on it. No-one here can remember the password from back then. I don't suppose I can do a Net Install or something on it to reset the password and regain the use of the license?
A quick and dirty rule of thumb.... Allow for 2mhz per user. IE: we have 266 mhz boards that we run as AC's. When a site gets to 120 users we put in another board and run them in parallel - if we let the site get to 150 without adding an extra board then we see it start to slow down. We also have a ...
G'day all. I'm sad to report that we still suffer from the user limit reached problem The site has only 170 users on it, and it used to happen frequently enough that we decided to upgrade licenses to the 500 user license... It's still happening at 500 users. Can't see anything perticularily wrong wi...
You can't "get 3" it has to be from the find command... example :local nat-interface [/ip firewall nat get [/ip firewall nat find src-address=192.168.2.0/24] out-interface ] To be real specific I've gone so far as to use comments /ip firewall nat print /ip firewall nat set 3 comment="...
Done (Was done a while ago, but I forgot to come back and show it off) /system scheduler add name=PPPoEDown on-event={:foreach i in=[/interface pppoe-server server find] do={/interface pppoe-server server disable $i}} start-time=startup /tool netwatch add host=[:resolve your.radius.server.com] up-sc...
G'day folks. We're having an ongoing problem with our Mikrotik devices. While I give Mikrotik credit for trying to fix it, it's still an on-going issue for us. Essentially we have 200 customers hanging off our AC's (PPPoE Server) and are using dynamic routing throughout our network. The problem aris...
We use pc-engines wrap boards for our AC's, there's between 10 and 200 clients per AC. Unfortunatly sharing of the script is out... They won't even let me share photos of our data center, and really all it is is a bunch of black boxes in racks I can point you here http://search.cpan.org/author/GAAS/...
Traffic-flow is no good for me, it doesn't give me the names of the interfaces/usernames of the people connected. However, I have managed to make threshold 99999 and it does seem to count 99998 in tests (I've never seen it use the other one). I collect my ip accounting data every 5 minutes, store it...
G'day. I'm not sure this is specific to PPPoE, it could also affect hotspot. I'm sending the reply-message attribute back with my radius resposne packets. Mikrotik is ignoring it completely. It would be good if mikrotik could 1. Show the reply message in the logs 2. Pass the reply message on to the ...
Here, this basic script should produce a rrd and a graph for every user on PPPoE. First you need to install Net::SNMP and RRD::Simple Under linux this is as simple as # cpan Net::SNMP # cpan RRD::Simple #!/usr/bin/perl ############################################################################## # ...
You might have to set up an rrdgraph and snmp script on a remote machine.
Part of the reason the graph resets is becaues every time a user connects they (in essence) get a different identifier - it's a little more complex then that, but that's the basics.
G'day folks. We have a small problem with our users, and some a-retentive people out there. It's not Mikrotik's fault, but our users are sending out fragmented flags (It's managements fault, something about lowest bidder), Is there a way I can re-assemble these fragmented packets on a Mikrotik befor...
G'day folks. I've set up some mangle rules, but they're not working as expected / ip firewall mangle add chain=prerouting dst-address=202.168.47.17 protocol=udp dst-port=5060-5080 \ action=mark-connection new-connection-mark=voip-con passthrough=yes \ comment="" disabled=no add chain=prero...
I get this issue with 95 users. If to many try to connect simultaniously it locks up the PPPoE Stuff. I downgrade to 2.9.30 and the problem goes away The problem I have with 2.9.30 (I've had it since 2.9.18) is that some times for no known reason the router will show the 95 users on in /ppp active p...
G'day folks. I'd love to have the failure reason show up in log. IE: On Access-Reject I send the Reply-Message, it'd be real nice to have that reply message show up in logs other then 'authentication failed (6)' eg. 'authentication failed (Account has been disabled)' 'authentication failed (Username...
There are two ways to do this. One is have firewall chains that progressively change list that an ip address is in - it works reasonably well, but I believe this results in a CF disk write for every change (works out 3-4 writes per ip) - Unfortunatly this one only counts rapid succession of reconnec...
Heya's Where did the CF-Install image go? Please don't suggest using the net install - I can't, I have no windows systems to run the netinstall server on, and it does not function under wine (Unless I'm sudo'ed to root, but what kind of insane ninny would run windows software with root perms on linu...
G'day. I've got dude set up and running. I can consistently replicate this crash. Add an address list, call it 'Customers' Add to the address list the following blocks: 125.254.2.0/24 125.254.10.0/24 202.168.40.0/24 202.168.57.0/24 202.191.8.0/22 Initiate a device discovery scan. Scan networks: 172....
G'day folks I'm running Mikrotik 2.9.18 and I'm trying to get /ip proxy to log I've done /system logging add topics=web-proxy action=memory for testing but the /ip proxy doesn't show anything up. If I disable /ip proxy and enable /ip web-proxy (I have them both on the same port) the logs work fine. ...
Set up a remote syslog server in windows/linux, turn on /ip web-proxy and set it up as a transparent proxy. then add your remote syslog server to system logging. You will then have logs on a machine that can be parsed,a nd done with what ever you want... 13:59:40 web-proxy,debug,packet 1143777580.33...
: Auto block after 3 new connection attempts in a 5 minute window (give or take) I use the top one at work when I ssh from home, it very rarely causes me a problem First sample will allow you to protect a gateway machine and all the routable clients behind it. /ip firewall filter add chain=AutoFirew...
G'day folks First of all, I'd like to say thank you! for putting in this feature... Now, just a little suggestion (not a nag or anything) But wouldn't it rock (translation: be great) if you could retrieve the pub key from a radius server? then I wouldn't have to go manually configure my dsa key on 5...
While I'm not sure if it's recommended or not. I've done this - using 2.9.11 I'm running hotspot and pppoe on the same wlan interface (thus the same ssid - which was important) Radius has radius accounting packets that can inform your radius server how long the user was on, and how much they've down...
If you don't have any DOTs in your hotspot name, try renaming it...
For us "hotspot" was always slow and sometimes didn't even work... but "hot.spot" worked fine, it was something to do with the way windows was trying to use the search domain.
G'day Is there a better way to remove active users from hotspot & ppp? At the moment I've wrtten a script to log in with ssh, list and remove user manually (like a human would have to) - this is run when someone hits the 'delete' button on our administration system Can I do it with radius? or sn...
G'day there. I've got a rather.. complicated setup... long story short in the image below you see that I have a wireless network that's fed into an ethernet port at our provider. I then have availible to me a natted dsl link that we use for the office. http://www.users.on.net/~freman/images/tunnel.p...
G'day there. Is it a valid practice to use the 0 and 255 addresses from a /24 on point ot point links? They are after all valid addresses in a /23 they're not even network/broadcast addresses The entire network is routed so... I can't personaly see why I can't, but if there's a technical reason as t...
I've got a handful of customers hooked up with PPPoE over wireless to my routers... sort of like... [Customer][C-Router][Radio] ------> [Radio][Mikrotik][Backbone] I have no idea which flavour of voip they intend to run.... what is the best way of prioritizing voip? I can't possibly rely on QOS flag...
I'm sorry, but... is there any real reason while you're routing across the wireless link when you can bridge across it? No need for natting or anything of the sort, I mean... from where I'm sitting that's what it looks like you're trying to do. /interface bridge add /interface bridge port print /int...
Ok, further testing has found... All settings work well until you change the mac address of the wireless interface and reboot, after that the wireless interface gets completely trashed. Example configuration -> Fresh install /interface print /interface set ether1 disabled=no /interface set wlan1 dis...
G'day there We upgraded from 2.8.23 to 2.9beta12 to gain access to preamble settings and the ability to change mac addresses... which all worked GREAT... Except when we turn of the AP/Router and turn it back on, it returns to the way it was configured in 2.8.23 (but with the 2.9beta12 software insta...
Yes, such a tool would be very usefull, but without a better look I can't tell you what is missing. We build these things in the office then send them out with radio techs to install them, they need the ability to perform alignments and the likes but often try to "tweak" the setup and usua...
You should set the network address exactly the same as the remote point IP address for point-to-point links. The right netmask in this case is /32. If you don't specify a the routerid it will automaticly discover/allocate one. router-id (IP address; default: 0.0.0.0) - OSPF Router ID. If not specif...
Ok, I'm not entirely sure what's going on here... I've got 2 mikrotiks communicating across an Atheros 5.8ghz link using WDS... I can ping both devices but OSPF refuses to talk. Can anyone help, attached is my configuration MikrotikA / ip address add address=172.16.12.1/32 network=172.16.12.2 broadc...
Ok, I'm just about through all the testing and R&D I need from this before I go to the boss and tell him to buy 30 licences (the 24 hour trial period is good for testing - this made mikrotk a preferable option - Thank you!) Is it possible to change the interface mac address? It's the only thing ...
Ah, thanks, yes I'm positive that will work just as well... Ok folks, here you go, a script to add and remove ip's from mangle that checks to see if it needs to add/remove before adding/removing Wack it in an interval job and it can check for comming and going of people AddToMangle :foreach i in=[in...
Is there any way to manipulate strings with mikrotik scripting?
IE: I've got "192.168.0.8/32" as a string from /ip firewall mangle src-address but now I want to compare it with /ip address (use it with /ip address find address=$xx)
G'day tehre, the manual has confused me (again), generaly it's well done, but on occasions you need an example and it doesn't provide one. Can someone provide a full example of using radius attibute Filter-Id including what ever needs to be done to the mikrotik box to make it work. I'm trying to fin...
G'day there... I've got a situation where a router in the field is failing and I want to replace it, I have another one with exact same hardware configuration (well, exact in except mac addresses). How can I copy the configuration from the device in the field, to the device here in the office so it ...
Is there any quick way to get a list of connected PPPoE Sessions?
I've thought about scripting a program to telnet in and get the information I need, but it is slow, is there a quick way to get a list of connected sessions say, through the api that winbox uses?
There should be an option IN winpoet that allows you to specify the service name (assuming you have configured it on your ACs) http://www.carricksolutions.com/pppoe.php http://www.carricksolutions.com/pppoe/windowspppoe.php And a quick search on google should give you everything you need, including ...
I've been able to find how to do source routing for a single IP address, is it possible to do source routing for a block? IE: 192.168.0.0/128 goes to gateway a, but 192.168.0.128/128 goes to gateway b?
Edit: Nevermind, I'm a smacktard for not looking hard enough
G'day there... I know I've been asking phenomenally difficult questions (if not impossible) And as a result, they don't get answered :oops: Anyway. I'm using radius and pppoe. Is there anyway I can script it so that when a user connects it adds an ip address to the ether1 then add a couple of firewa...
G'day there. Is it possible to authenticate PPPoE against (and account on) more then one radius server? We have 3 different offices, each with their own independant database and radius server (we do this for security, and statistical reasons (franchises)). Can I tell the rOS to check all 3 servers f...