Adding a +1 to this. Have been running 7.10rc1 for 8 days and the fault occurred again. Will update now to 7.10rc4 Nah, no change with this, am on v7.10rc6 I noticed this time that after disabling and re-enabling the two wifi interfaces, as a device would momentarily connect then drop the interface...
Anyone else now got an issue where devices will fail to connect to wifi while complaining that the saved password is incorrect? Suddenly everything reconnects after restarting the router.
More progress: Removed the wifi interface on the 952 from the bridge and set the dhcp client to the wifi interface. Suddenly everything is working again albeit no bridge from the wifi on the 951 to the lan ports. I'm trying to avoid natting through it. I did notice that the last ip on the 952 for th...
Thanks for the reply, will do. Curiously the 2.4ghz channel on the ax^2 stops putting out dhcp on that interface to any device that connects when the 952 connects to it, and the 952 has an otherwise blank config. No proxy arp, dhcp client only, all ports bridged. I spent an age trying to work out wh...
I have a an ax^2 with a few issues. I've got it running the wifi ok and (most) devices can connect on 2.4/5ghz. Will an old RB951-2n be able to connect to it? What suggested settings would be recommended to allow that? I've been able to connect the two devices but keep finding that the dhcp client o...
I came across this issue a wee while back. Problem was a single Android mobile phone kept generating this error on a Mikrotik AP while other devices were fine. Cause was another Mikrotik connected to the AP but with a very low signal.
Problem with SSTP. RB2011 here. I have 22 clients connecting to various services from their homes using SSTP with cert. After upgrading to v6.40.4 I'm able to establish the connection, but for example - I can't RDP to Windows PCs. I can't ping any internal address from my IP pool. After downgrade t...
you could do something like a scheduled check of ( [ /interface wireless registration-table find where mac-address=$"mac_alert" ] ) and /tool fetch $"url_alert"
Hotspot also has an on login/on logout script function in the user profile
Winbox via MAC is last resort only. Yes to your question. You'll have more luck if you turn off the uptime/memory etc and close all sub-windows. Turn off load previous session It's as if communicating via mac cannot handle the data flow required and it just times out - especially for example on the ...
perhaps as a default and based on above comments, present the two bands as two radios in the quick set, but provide a tick box for band steering that puts them on the one ssid with whatever steering method applied.
That's the idea, but you may not want to blindly kick them off if the signal on the other frequency is worse again. The AP needs to know if a connecting device is dual-band. This could already be done by with a script that builds a list of MAC address of connecting devices that if at any stage they ...
I'd like to see band steering done in the device through some sort of access list rules. This would allow you to set the steering based on signal strength etc
Input is for data sent to the router Output is for data generated by the router Forward is for data generated by devices communicating through the router. For your pptp service you only need to accept input for pptp traffic, which you have claimed to have done already - this will be enough. PPTP is ...
What are you seeing in your log when you try to connect? Are any of the drop firewall rules generating traffic (packets/bytes) when you try to connect?
http://wiki.mikrotik.com/wiki/Manual:Interface/PPTP PPTP traffic uses TCP port 1723 and IP protocol GRE (Generic Routing Encapsulation, IP protocol ID 47), as assigned by the Internet Assigned Numbers Authority (IANA). PPTP can be used with most firewalls and routers by enabling traffic destined for...
Upgrade your routerOs to 5.10 or higher to fix this bug. What's new in 5.10 (2011-Dec-09 11:49): *) snmp - provide extended interface statistics when availabe; *) dhcpv6 client - use link-scoped multicast address; *) dhcp client - renew dhcp lease on ethernet link up event; *) ipv6 gre tunnel added...
It seems like a nice Router. Having RouterOS with such a low price is tempting which leads me to buy this very soon. But before buying it, I wanted to ask few questions from those who have it already: 1. My main purpose for buying it is using "hot spot" functionality. I saw npk packages a...
I don't want to use an ipv6 dhcp server on my lan as ipv6 is already working fine with stateless. The border router is currently creating a pool from this, and this works to the LAN devices. I am dynamically being assigned a prefix which changes without notice (ie, when the wan connection drops) is ...
the gateway router gets an ipv6 /56 by dhcp which is dynamically assigned by my isp. it changes when/if the connection drops. LAN devices that are connected directly to this gateway are getting ipv6 via ND - all is well there. I'm not sure how to get ipv6 onto the bridge, which is a second Mikrotik....
As the subject, is that even possible? Currently I have ipv6 working on this network, but I'm having trouble getting ipv6 to work on this bridge. IPv6 is provided by the ISP with DHCP, then the router feeds IPv6 to the LAN with ND. Devices connected to the LAN via the bridge get correct IPv6 address...
The mikrotik (d)ynamically adds a dhcp v6 server to the interface of the connecting clients. I see in ND neighbour discovery (prefixes tab), the clients are getting IPv6 addresses but they're red.
"create l2tp tunnel with ipv6 enabled" - already have l2tp working via ipv4 "Set up dhcp-pd-cleint (ipv6 dhcp-client) assign ip address from the pool you get populated by PD-client to the local interface" - where is the ipv6 server? I already have an ipv6 client on my wan interf...
I currently get IPv6 via dhcp from my ISP and provide IPv6 to my local interfaces with pd. What's needed to have a connecting l2tp client be given an IPv6 address by pd also? I've tried the obvious but I must be missing something.
http://blogs.technet.com/b/networking/archive/2010/09/08/network-location-awareness-nla-and-how-it-relates-to-windows-firewall-profiles.aspx short version (depending on your network): the MAC address of the gateway. I believe windows does a DNS lookup to test for connectivity. If there's a DNS serve...
Welcome to Android. The later versions of their OS may do as you've indicated. Older devices -- which cannot be updated will never have a fix. You need to have instructions provided when they are provided with a login which is no good if your connecting customers are only learning about the hotspot ...
what firewall rule is allowing the traffic? Do you have proper rules ending with block all other input and forward traffic? The only traffic that should be allowed to traverse to an unauthenticated hotspot user is https, http and DNS. You can do IP over DNS so you need checks in place to block this....
Not all devices do this. Apple devices and windows machines will try accessing a website after connecting to a network. If the site doesn't come up as expected, it displays your redirected login page. Windows has a pop-up that additional details may be required. So ensure the issue isn't being cause...
I actually prefer what is provided in the book "RouterOS by Example":it has the usual dropping invalid and accepting input from trusted networks then it accepts established, then only accepts NEW forwards from the trusted network, then related forwards then established forwards, finally dr...
Bit of an odd one: begin creating a drop rule. Before saving it with OK or Apply, give it a comment and click OK to close the comment entry. You'll see it immediately creates an Accept rule. It correctly changes after hitting OK or Apply to close the already created rule.
Just updated an RB951-2n and all the firewall filter rules were gone. They all came back on a second restart :) Most likely you just had to wait a while, until the list populated i did give it some time, was looking at what backups i had and even i tested a filter rule. the firewall rules were 100%...
Just updated an RB951-2n and all the firewall filter rules were gone. They all came back on a second restart :) Most likely you just had to wait a while, until the list populated i did give it some time, was looking at what backups i had and even i tested a filter rule. the firewall rules were 100%...
All router boards and os's that I've used in the last several years, CPE classes mind you. CPU usage I'll have to check but never noticed anything untoward in graphs over time. I'll have to check for exact figure.
Sounds like he's trying to enter the motherboards bios setup but ROS is booting, then displaying that message -- del might not be the bios setup key for that motherboard or it's not being pressed early enough after power up
I ended up doing exactly that, and had already enabled ND.
I noticed when setting it to ::/64 it repopulates the address and the IP address has a status of G - I haven't tried it yet but I trust that it will update on the next reboot
OK, turned off ND broadcast on all, left it on on the LAN interface and its working: Ethernet adapter Ethernet: Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : xyzz:xyzz:xyzz:x01:abcd:eeee:bbbb:yyyy Temporary IPv6 Address. . . . . . : xyzz:xyzz:xyzz:x01:zzzz:zzzz:eeee:yyyy Lin...
So, it looks like ipv6 is working fine n dandy on the Mikrotik. I get an ipv6 address of xyzz:xyzz:xyzz:x00::/56 so added an ip of xyzz:xyzz:xyzz:x01::/64 to the LAN interface. No idea if that's the right thing to do, but it works as far as the Mikrotik is concerned (i'm firewalling it off in betwee...
So, for some time now I've had a Mikrotik running in place of my ISP provided CPE which works great. Basic configuration for IPv4 is vlan10 tagged dhcp client on ether1 to get an internet connection (WAN), wireless and ether3 bridged as a LAN interface on which sits a dhcp server with NAT enabled - ...
Has anyone tried doing this with scripting? Say for example, every time a device connects to the 5Ghz interface, add an access list rule that denies it from authenticating with the 2Ghz interface. Unfortunately, amongst other side effects, I suspect that this would result in every connection droppin...
/log print shows current time (time of log in) as 07:xx:xx /system clock shows time of 19:xx:xx Timezone (pacific/auckland), GMT Offset (+12), SNTP Client and dates on newly created files are all correct. Checked with another Mikrotik device on an earlier release and it shows the log times as being ...
Yes, it means they're alive or at least responding to that scan function. See: http://wiki.mikrotik.com/wiki/Manual:IP/Neighbor_discovery - anything that shows up from the "MNDP button" scan has neighbor discovery enabled on the interface shared between you and the Mikrotik. If you can't r...
likely a firewall or service setting, if the list you're talking about is the "..." scan button. the list at the bottom of the window are ones you've clicked save for. can you connect via its web interface?
Setting any IP service to be available from 192.168.101.0/28 is blocking that service altogether, even when when trying to access it from that network (255.255.255.240) It works as expected when setting it to another /24 network, limiting access to that network only. I noticed that when I entered th...
You can create a rule with times and days of the week easily. To toggle it every 10 days, use the scheduler function to disable/enable the rule every/after 240 hours
Not sure exactly what you're after but you could add that address to the board however the data won't be broadcasted over wireless, if that's what you're trying to achieve. You need a physical layer for data flow
Would be worth investigating the impact of that change. For example you should have done so already but check again that hotspot users can't get access to internal resources. Worth adding a rule to deny it anyway, at least for logging/counting any attempts
run the hotspot on a bridge, then on this bridge include an interface that terminates your vpn along with the interface of the intended hotspot (ie wlan)
the vpn must take all traffic from what your logging in from
I'm doing my MTCNA next week and it was suggested to purchase the popular routeros by example book. I had looked at buying the boom in the past but reviews of the book suggested it was very simplistic whereas I was after something with a bit more teeth. After the suggestion I purchased it anyway and...
You'll need to "think outside the box" to achieve this, eg disable trial user function and on the login screen publish an account that is restricted down. You can then control the account better.
Is there a requirement that you're specifying the email settings everytime that you're running that script? Take the line out for /tool email, you only need to do it once.
i get similar when using the winbox console. when reaching the end of a line sometimes it doesn't seem to LF and you end up typing back over the same line. probably a known issue, has done it for years.
... for setting for example VLAN tagging on the WAN port, which is a requirement here (tag as 10). It seems if you use the quickset to configure a router and then attempt to edit the configuration to add a vlan afterwards it just doesn't work. The router needs to be reset to default and the vlan etc...
^ this. i was supposed to have asked it in my first post
you need to test that the device or interface that receives the request from the world can route back to the intended server (and that replies go back as expected)
Add a rule to the mikrotik at 88.1 to passthrough any traffic that matches any such connection coming in and also watch its counters. Also add the two reply columns in winbox so you can see how it's natting the connection.
I was thinking about this the other day where I have a addresses added to block-lists due to whatever reason. This would make manual monitoring much easier and allow you to see addresses that stay on the list as their timeout keeps refreshing
can you clarify that a bit more? is the traffic coming FROM that IP, from 1308 to you at :80? (edit, actually, i'm assuming you have an infected machine talking to that ip) use shieldsup to scan your address (google it) plenty of guides out there about firewalling. firewall should be set to allow lo...
*bump* How can I ensure that any QoS tagging that this router does gets passed through? If I find the router always connecting with a particular IP for VoIP (ie during a call) how would I manually tag it? Perhaps I worded this wrong ... the ISP's router may or may not have 'tagged' the traffic but i...
My ISP has provided me with a somewhat rubbish router however it's required if I want a phone connection so I've managed to place an rb433 between the fibre ONT box and the ISP's router. Setup is basically as follows: ONT -> ether1 VoIP Router WAN port -> ether2 LAN -> ether3 vlan added to ether1 ta...
Yes, rather than creating a new topic for one that has already been created and "works fine" isn't much info and doesn't mention anything about any improvement.
How do you know "the link" is 20mb? I'm guessing that whatever is reporting that is showing you have a duplex link at 10mbit/s so you can 'push' 10mbit while also 'pulling' 10mbit, making 20.
Found the cause: Each mikrotik has a wifi vlan which I'd used the same MAC on ... have done this with 5 mikrotiks already and didn't see this issue after testing each one for a week, mind you there have been new OS updates since then ... oops. I was hoping to have wifi devices see the same mac addre...
Two Mikrotiks wont ping each other - how can I diagnose this? After rebooting the one that has usermanager running on it I can ping between the two for a few minutes then it stops. Rebooting the client doesn't. Other devices/mikrotiks can ping either mikrotik without issue so there must be something...
"access denied at this time" - still getting this and I can't for the life of me resolve it. I believe this is related to the user profile somehow but even after removing users and profiles and adding them from scratch I can't get past this error when tying to connect to the hotspot. using...
*bump* thank janisk, this has worked well. Each connecting device doesn't need to be added if the mac address is left blank. Once set up in this fashion, under wireless tables/access list the MAC address is listed as <-> so it applies to all. Ticking off the current day and clicking apply while conn...
:( more issues ... still haven't found how to create a valid profile. notice that when adding a restriction, old restrictions appear, such as one with a date/time range that i'd set previously and deleted but there are no limitations on it - only the date/time range. clicking to save the profile doe...
getting closer to sorting this, i think. I got a different error: "access denied at this time" and couldn't for the life of me figure out what was causing that (check time zone, date/time etc - am using ntp and time is correct). I then trashed both the test user and the profile, created a ...
I've setup an rb433 by following this page: http://wiki.mikrotik.com/wiki/User_Manager/Hotspot_Example The problem I have is that when attempting to log in via wifi, I get the error: hotspot info debug wifitest (192.168.30.99): trying to login by http-chap hotspot info debug wifitest (192.168.30.99)...
^ thanks for that /tool fetch url="http://automation.whatismyip.com/######.asp" mode=http; global getIP [/file get ######.asp contents]; global currentIP if ($getIP != $currentIP) do={ /tool e-mail send to="thenexus@ihug.co.nz" subject="address" body=[$getIP]; :set curr...
ok, I've spent an age reading that page and trying different things but for the life of me I can't work out how to read a file. Closest I can find is /file print detail where name="file.ext" from http://wiki.mikrotik.com/wiki/Manual:System/File as it at least echos amongst other detail &qu...
pptp will auth, mikrotik can ping local and remote address, pptp client can ping mikrotik but the LAN can't. Also I have a problem where if the mikrotik isn't a dhcp client of the adsl router then pptp passthrough doesn't seem to work