Community discussions

Search found 160 matches

by coylh
Fri May 11, 2018 10:18 pm
Forum: General
Topic: Ping Knock
Replies: 20
Views: 2777

Re: Ping Knock

I envy you the quality of the networks between which you move, I would be afraid to send just a single packet per size because it could be lost :-) Even with the timeout as provided, the penalty of a lost packet is only that you must wait one minute. You're also free to change the timing to a small...
by coylh
Fri Apr 27, 2018 7:46 pm
Forum: General
Topic: Ping Knock
Replies: 20
Views: 2777

Re: Ping Knock

Very client friendly concept. However, I don't understand why all the different "action=return" rules and the ordering in the knock section. I was attempting to get specific behavior. It appears that some of the knock strategies accept the port sequence with any number of incorrectly guessed ports ...
by coylh
Fri Apr 27, 2018 7:29 pm
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 272
Views: 45522

Re: v6.42.1 [current]

It looks like netwatch is in the advanced-tools package.
by coylh
Wed Apr 25, 2018 10:01 pm
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 272
Views: 45522

Re: v6.42.1 [current]

I'm seeing two things:

1. ssh keys are being regenerated as part of the upgrade.
2. Looks like netwatch is gone. Was this planned, or part of vulnerability mitigation?
by coylh
Wed Apr 25, 2018 7:05 pm
Forum: General
Topic: Ping Knock
Replies: 20
Views: 2777

Ping Knock

With the management protocol vulnerabilities, there's been an interest in port knocking. I've been playing around with an alternative using icmp packet sizes as the key. I call it Ping Knocking. # Choose some random ping packet sizes of at least 100 as a knock sequence. # Add 28 to the size in the f...
by coylh
Sat Apr 07, 2018 10:24 pm
Forum: General
Topic: Out of disk space - upgrading hAP Lite from v6.35 to v6.35.2
Replies: 20
Views: 10273

Re: Out of disk space - upgrading hAP Lite from v6.35 to v6.35.2

Or buy products with a respectable amount of flash... 16MB is embarrassing. It's like running your network with floppy disks.
by coylh
Wed Sep 27, 2017 8:30 pm
Forum: RouterBOARD hardware
Topic: CRS317-1G-16S+RM
Replies: 4
Views: 1462

CRS317-1G-16S+RM

The new 10G switches look interesting, until I read that they have only 16 Megabytes of flash. I really like the partitioning feature. It's useful. But this new trend of starving the device of flash is really a turn-off; it makes partitioning useless. I can understand trying to cut costs on a low en...
by coylh
Mon Jul 10, 2017 10:07 pm
Forum: General
Topic: Mark packets on one router so another one can use the marks?
Replies: 7
Views: 1298

Re: Mark packets on one router so another one can use the marks?

You can use DSCP markings if you want. If you choose values unused by your QOS scheme, it won't interfere.
by coylh
Tue Mar 21, 2017 1:15 am
Forum: General
Topic: Vlans in switch chip for CCR
Replies: 3
Views: 700

Re: Vlans in switch chip for CCR

The new version doesn't have a switch chip: "No switch-chip - the device now features only fully independent Ethernet ports each with a direct connection to the CPU, allowing to overcome previous shared 1Gbit limitation from switch-chip ports and utilize full potential of CPU processing power on tho...
by coylh
Sat Mar 11, 2017 3:30 am
Forum: Wireless Networking
Topic: POINT TO MULTI POINT-SECTOR ANTENNA
Replies: 10
Views: 1509

Re: POINT TO MULTI POINT-SECTOR ANTENNA

It depends on the locations. Do your wireless clients move? Can you use directional antennas on the clients? You need to have a three dimensional picture in your mind of the radiation patterns of each antenna in your system. For example, if your base station is using an omni antenna, most of your po...
by coylh
Sat Mar 11, 2017 3:21 am
Forum: Wireless Networking
Topic: CAPSMAN + Apple iPhone = no ip from CAPSMAN DHCP server
Replies: 1
Views: 891

Re: CAPSMAN + Apple iPhone = no ip from CAPSMAN DHCP server

You should run the latest RC firmware on the WAP AC.
by coylh
Sat Mar 11, 2017 3:13 am
Forum: General
Topic: Connecting a Verizon 4GLTE to Router
Replies: 2
Views: 612

Re: Connecting a Verizon 4GLTE to Router

I would be very cautious about this type of connection. Verizon may change their system on a whim and suddenly you will find your connectivity gone. Support will be uninterested in troubleshooting your homebrew custom linux Microtock hardware. The safest strategy is where the internet connection ter...
by coylh
Wed Mar 08, 2017 2:01 am
Forum: RouterBOARD hardware
Topic: Which device for long range (1-2 km) wifi?
Replies: 4
Views: 1695

Re: Which device for long range (1-2 km) wifi?

You'll want something like this: Internet -50m- PtP))) ---2km--- (((PtP -50m- AP))) -50m- (((WirelessClient

Your wireless clients (tablets, laptops, etc) will have very short range (possibly a single room, depending on building construction).
by coylh
Sat Feb 25, 2017 7:57 pm
Forum: Wireless Networking
Topic: wAP ac and CapsMan - how to use both radios with predefined channels?
Replies: 5
Views: 1614

Re: wAP ac and CapsMan - how to use both radios with predefined channels?

/caps-man channel add extension-channel=disabled frequency=2412 name=ch1-2412 add extension-channel=disabled frequency=2417 name=ch2-2417 add extension-channel=disabled frequency=2422 name=ch3-2422 add extension-channel=disabled frequency=2427 name=ch4-2427 add extension-channel=disabled frequency=...
by coylh
Wed Jan 11, 2017 3:54 am
Forum: Wireless Networking
Topic: Bad connection only in channel 6.
Replies: 4
Views: 1212

Re: Bad connection only in channel 6.

What's new in 6.39rc4 (2016-Dec-30 07:16): !) ppp - completely rewritten internal fragmentation algorithm (when MRRU is used), optimized for multicore; *) capsman - added CAP discovery interface list support; *) ethernet - renamed "rx-lose" to "rx-loss" in ethernet statistics; *) health - report fa...
by coylh
Wed Jan 04, 2017 2:15 am
Forum: Announcements
Topic: v6.39rc [release candidate] is released
Replies: 391
Views: 82247

Re: v6.39rc [release candidate] is released

I hope this one: http://forum.mikrotik.com/viewtopic.php?f=7&t=115180 I'll try the RC and see if it helps. Hi Guys, Can I please have more info on *) wAP ac - improved 2.4GHz wireless performance; e.g. under what situations is performance "improved" ? I ask as we have had issues with the wAP AC's 2....
by coylh
Tue Dec 27, 2016 3:58 pm
Forum: Wireless Networking
Topic: Bad connection only in channel 6.
Replies: 4
Views: 1212

Re: Bad connection only in channel 6.

I have had the same problem. Support says it will be fixed in a future release.
by coylh
Mon Nov 28, 2016 11:25 am
Forum: General
Topic: $1000 REWARD CCR1036 w/ vlans traffic dropping for a second
Replies: 5
Views: 1041

Re: $1000 REWARD CCR1036 w/ vlans traffic dropping for a second

How is the switch configured?
by coylh
Fri Nov 11, 2016 6:03 am
Forum: General
Topic: Weird 129.0.0.x IPs ?
Replies: 30
Views: 4587

Re: Weird 129.0.0.x IPs ?

This happens on the CCR ROS 6.36.3, but not on a 450G with the same version.
by coylh
Fri Nov 11, 2016 5:52 am
Forum: General
Topic: Weird 129.0.0.x IPs ?
Replies: 30
Views: 4587

Re: Weird 129.0.0.x IPs ?

I'm getting the 129 addresses in captures too. It looks like the packets are being damaged or the record of the packet is damaged. I have 172.16.*.* devices talking, and wireshark will show the source address as 129.0.0.*.
by coylh
Tue Sep 20, 2016 1:59 am
Forum: General
Topic: How do you print logs from an SD Card on the CLI?
Replies: 6
Views: 962

Re: How do you print logs from an SD Card on the CLI?

This would be a good feature request. There should be a 'more' type command available from the command line to view logs, backups, or other files stored on the device.
by coylh
Tue Aug 30, 2016 9:44 pm
Forum: RouterBOARD hardware
Topic: wAP AC PoE Compatibility - No Gigabit
Replies: 4
Views: 1276

Re: wAP AC PoE Compatibility - No Gigabit

I'm interested in the results. It's been a struggle to get gigabit dual-band POE access points from Mikrotik, and I'm hoping the WAP AC breaks through this historical barrier.
by coylh
Fri Jul 29, 2016 3:20 am
Forum: RouterBOARD hardware
Topic: Beware of CCR1009-8G-1S-1S+
Replies: 9
Views: 3124

Re: Beware of CCR1009-8G-1S-1S+

Also, I now have about 40 of this model and haven't had any problems.
by coylh
Fri Jul 22, 2016 10:39 am
Forum: Wireless Networking
Topic: CapsMan Scaling (Router)
Replies: 1
Views: 577

Re: CapsMan Scaling (Router)

I don't have much experience with capsman. But I think about things this way: 1. Systems that tunnel user traffic back to the controller don't scale. So, modern systems just use the controller for command and control. This makes the workload of a controller minimal. 2. Mikrotik only makes two produc...
by coylh
Tue Jul 12, 2016 2:12 am
Forum: RouterBOARD hardware
Topic: Advice needed in choosing the right Mikrotik device
Replies: 33
Views: 4319

Re: Advice needed in choosing the right Mikrotik device

Definitelly avoid RB3011 or at least wait, let's say, 6 months to know the reality of this device:
Yes, it works but...
- Partition does not work.
I found that partition still doesn't work yesterday.
by coylh
Wed Jun 15, 2016 12:03 am
Forum: RouterBOARD hardware
Topic: 10G SFP+ and linux
Replies: 2
Views: 789

10G SFP+ and linux

Has anyone tried using http://routerboard.com/Splus85DLC03D on Linux?  How is the driver support?
by coylh
Sat Jun 11, 2016 5:24 am
Forum: Wireless Networking
Topic: capsman dual radios, dual band
Replies: 6
Views: 2060

Re: capsman dual radios, dual band

I don't think so. Each radio matches my first provision rule. Each radio is a R52nM type that can be 2.4 or 5Ghz. I think this would not be a problem in an access point that has dedicated band radios. The trouble is that these cards are too flexible. ;-)
by coylh
Sat Jun 11, 2016 1:31 am
Forum: Wireless Networking
Topic: capsman dual radios, dual band
Replies: 6
Views: 2060

Re: capsman dual radios, dual band

Hi uldis.  Yes, that works.  Though, it means hard coding each radio's mac address into the system, which takes the convenience out of the process.  For an installation of my size it means 150 provisioning rules.  I think it would be useful to consider a regex field for the default interface name (s...
by coylh
Fri Jun 10, 2016 1:18 am
Forum: Wireless Networking
Topic: capsman dual radios, dual band
Replies: 6
Views: 2060

capsman dual radios, dual band

Does capsman allow provisioning radios with the concept of "first radio" and "second radio"? I'm using a RB with two dual-band cards (in the sense that they can each either use 2.4 or 5). I can create two provisioning rules: one for 2.4 and another for 5Ghz. But, both radios in the RB get configured...
by coylh
Wed Jun 01, 2016 10:04 pm
Forum: RouterBOARD hardware
Topic: Need SFP for long link compatable with Mikrotik CCR
Replies: 2
Views: 771

Re: Need SFP for long link compatable with Mikrotik CCR

I've been using MRV modules for up to 90km stably on CCR for a couple years. They might have some 120s.
by coylh
Wed Jun 01, 2016 9:54 pm
Forum: General
Topic: non-contiguous netmask in firewall
Replies: 3
Views: 530

Re: non-contiguous netmask in firewall

I can't get a routerboard to accept non-contiguous (255.100.0.0 or 255.0.255.0). It's a bad idea anyway; your ip scheme will be crazy, just for acl convenience.
by coylh
Fri Mar 25, 2016 8:42 am
Forum: Announcements
Topic: Winbox3.4 released!
Replies: 54
Views: 19294

Re:

http://forum.mikrotik.com/viewtopic.php?f=2&t=105802 Was discussed already. Not a very satisfying discussion. From what I can see, there's no protection involved at all when downloading winbox.exe from the Mikrotik site. How many of these do you want to check? [ ] Unsigned executable [ ] Downloaded...
by coylh
Thu Mar 10, 2016 4:51 am
Forum: Announcements
Topic: Winbox3.2 released!
Replies: 59
Views: 11521

Re: Winbox3.2 released!

Where can I find the MD5 (or other) checksum for the Winbox3.2 download?
by coylh
Tue Mar 08, 2016 8:46 am
Forum: RouterBOARD hardware
Topic: Several 802.3af POE ports for CCTV and Mikrotik AP in the same equipment ?
Replies: 4
Views: 1105

Re: Several 802.3af POE ports for CCTV and Mikrotik AP in the same equipment ?

Not sure quite what you're looking for. The access points that I've seen really want all the power af can provide--there isn't much left over for a camera. If you just want a switch to provide power, there are many of those. But, not from Mikrotik.
by coylh
Wed Mar 02, 2016 4:35 am
Forum: General
Topic: PRTG sensors monitoring Mikrotik RB2011 interfaces
Replies: 3
Views: 3197

Re: PRTG sensors monitoring Mikrotik RB2011 interfaces

Using PRTG SNMP traffic counters is pretty straightforward for me. Just select which interfaces you're interested in.
prtg.PNG
by coylh
Mon Feb 29, 2016 5:54 am
Forum: Announcements
Topic: Winbox3.1 released!
Replies: 50
Views: 26464

Re: Winbox3.1 released!

What is the winbox3.1 checksum?
by coylh
Fri Feb 26, 2016 12:36 pm
Forum: RouterBOARD hardware
Topic: Work temperature for RB450G
Replies: 4
Views: 2522

Re: Work temperature for RB450G

      voltage: 11.3V
  temperature: 48C
by coylh
Fri Jan 15, 2016 2:33 am
Forum: Announcements
Topic: v6.33.5 [current] is released!
Replies: 120
Views: 34006

Re: v6.33.5 [current] is released!

Wildcards are not supported in certificate CN.
Is this a change from previous versions? I use a wildcard certificate for SSTP on 6.30.
by coylh
Thu Dec 31, 2015 12:41 am
Forum: General
Topic: Backdoor passwords in VPN/Firewalls
Replies: 3
Views: 1324

Backdoor passwords in VPN/Firewalls

https://threatpost.com/juniper-backdoor ... ic/115685/

It's a good reminder.

Speaking of security... Mikrotik could make some improvements to the web site and forum by turning on TLS. Unencrypted firmware and checksum downloads (not to mention forum logins) will eventually be abused.
by coylh
Thu Aug 27, 2015 8:16 am
Forum: General
Topic: SSTP does not work correctly
Replies: 2
Views: 506

Re: SSTP does not work correctly

You could try turning on logging for sstp and see what the log says.
by coylh
Wed Aug 26, 2015 1:42 am
Forum: General
Topic: Diagnosing performance/throughput issues
Replies: 3
Views: 699

Re: Diagnosing performance/throughput issues

Packet capture at different points and see if the traces tell you anything interesting. I'd start with what a client sees when talking to the Internet.
by coylh
Wed Aug 26, 2015 1:32 am
Forum: General
Topic: Configurable solution to automatically backup Mikrotik's routinely?
Replies: 2
Views: 1043

Re: Configurable solution to automatically backup Mikrotik's routinely?

If you're willing to load each routerboard with a ssh key, you can use a simple batch script and puTTY on a Windows machine. Load the key into pagent and then run the script on occasion. @echo off SET PLINK=..\plink.exe SET PSCP=..\pscp.exe SET USER=admin SET CONFIGDIRECTORY="C:\mikrotik" FOR /f "de...
by coylh
Wed Aug 19, 2015 10:59 am
Forum: The Dude
Topic: Notification The Dude Speak 4.0
Replies: 3
Views: 2189

Re: Notification The Dude Speak 4.0

Que? :D
by coylh
Wed Aug 19, 2015 9:49 am
Forum: General
Topic: Looking for a network sniffer - please advise
Replies: 3
Views: 556

Re: Looking for a network sniffer - please advise

Would the two switch chips in 2011 or 493G work? I don't think I've tried running two mirrors.
by coylh
Mon Aug 17, 2015 1:26 am
Forum: General
Topic: L2TP IPsec VPN client with certificates
Replies: 2
Views: 3473

Re: L2TP IPsec VPN client with certificates

Check that the router's date/time is correct.
by coylh
Tue Aug 11, 2015 1:55 am
Forum: General
Topic: Port forwarding HTTPS traffic
Replies: 10
Views: 5134

Re: Port forwarding HTTPS traffic

It's better to mentally separate NAT and Security. NAT doesn't protect the router itself, so you'll want to add filtering regardless of how good NAT is at protecting your internal computers. You may also find that you don't use NAT when moving to IP6. And, for larger networks, you may want security ...
by coylh
Fri Aug 07, 2015 7:05 am
Forum: Beginner Basics
Topic: Point to Internal DNS server
Replies: 9
Views: 2155

Re: Point to Internal DNS server

What is the scenario where a loop happens? I'm using something similar, but without protection from the router's own lookups (by ip): /ip firewall nat add action=dst-nat chain=dstnat dst-address=!192.168.0.1 dst-port=53 in-interface=ether1-lan protocol=udp to-addresses=192.168.0.1 to-ports=53 add ac...
by coylh
Fri Aug 07, 2015 6:30 am
Forum: RouterBOARD hardware
Topic: CCR IPSec performance
Replies: 40
Views: 15443

Re: CCR IPSec performance

I wouldn't use CCR for more than 100Mb/s IPSEC VPN currently.
by coylh
Thu Aug 06, 2015 2:20 am
Forum: General
Topic: SSTP certificate error
Replies: 1
Views: 403

Re: SSTP certificate error

Which video?
by coylh
Thu Aug 06, 2015 1:32 am
Forum: General
Topic: SSTP VPN with Win7 'verify client certificate'
Replies: 11
Views: 5304

Re: SSTP VPN with Win7 'verify client certificate'

Sounds like its a certificate version issue: https://social.technet.microsoft.com/Fo ... networking
by coylh
Thu Aug 06, 2015 12:47 am
Forum: General
Topic: SSTP
Replies: 1
Views: 1116

Re: SSTP

I got the same error, but was able to make it work by manually specifying "Local computer" when importing the CA into the client (Win7).
by coylh
Wed Jul 01, 2015 4:22 am
Forum: RouterBOARD hardware
Topic: all CCR crashed
Replies: 40
Views: 8067

Re: all CCR crashed

I have 28 tile devices running NTP (and no routing protocols), versions are between 6.22 and 6.29.1. All crashed, though 25 of them rebooted themselves via watchdog timer. 3 needed power cycling.
by coylh
Wed Jul 01, 2015 3:37 am
Forum: RouterBOARD hardware
Topic: all CCR crashed
Replies: 40
Views: 8067

Re: all CCR crashed

I also had all CCRs reboot themselves by watchdog at 17:00 PST (probably after locking up). Even the one running 6.29.1 crashed. :-x

Really disappointing.
by coylh
Tue Jun 30, 2015 10:45 pm
Forum: Announcements
Topic: v6.29 released
Replies: 193
Views: 49612

Re: v6.29 released

I also still encounter the problem where routerboard devices still don't connect to Cisco switches reliably after a reboot. Each time I upgrade my network I get one or two routers that forget they have a lan connection. The interface is enabled, but not "running". Disabling and re-enabling the inter...
by coylh
Sat Jun 27, 2015 7:01 am
Forum: Announcements
Topic: v6.29 released
Replies: 193
Views: 49612

Re: v6.29 released

Just tried 6.25 to 6.29.1 upgrade (via system packages download) on CCR-1036-12G-4S, and it started crashing a couple times per minute. I was able to see some output on the console: resetting_chip.png The only error is on the console is "Resetting chip and restarting." In the system log there is "Sy...
by coylh
Mon Jun 01, 2015 6:47 am
Forum: General
Topic: Statistics on DHCP and DNS?
Replies: 2
Views: 755

Re: Statistics on DHCP and DNS?

I use syslog to accumulate the dhcp logs of multiple routers. You'll need to configure the router to send dhcp assignments to the syslog server: /system logging action add bsd-syslog=yes name=dhcp remote=1.2.3.4 syslog-facility=local4 \ syslog-severity=info target=remote /system logging add action=d...
by coylh
Wed May 06, 2015 7:07 pm
Forum: Scripting
Topic: how to get current active ip&mac list?
Replies: 6
Views: 766

Re: how to get current active ip&mac list?

I think you'd need to script torch.
by coylh
Wed May 06, 2015 7:02 pm
Forum: General
Topic: Identify downloard larger than 10MB and routing it to another WAN connection
Replies: 4
Views: 640

Re: Identify downloard larger than 10MB and routing it to another WAN connection

I don't know of a way to determine in advance the size of a download. What are you actually trying to accomplish?
by coylh
Wed May 06, 2015 6:55 pm
Forum: The Dude
Topic: Beginner to 'The Dude', need some advice for mapping topology
Replies: 2
Views: 3048

Re: Beginner to 'The Dude', need some advice for mapping topology

You'll need to read about the different layers in a network. In particular, the difference between layer 2 and 3. When you want to discover devices in a network, you (or the tool you're using) will use a method of detecting those devices. For example, at layer 3 your tool might send a message to eac...
by coylh
Fri Apr 24, 2015 4:19 am
Forum: General
Topic: Setup Sugestion - Replicate over 50 units of an franchising restaurant.
Replies: 3
Views: 580

Re: Setup Sugestion - Replicate over 50 units of an franchising restaurant.

Some things to consider... 1. Why use the cheapest routerboard to run the restaurant? 2. Where will you plug in more devices (additional APs, cameras, etc)? 3. A device that can remotely reboot equipment is very handy. A device that can reboot your modem when it locks up is even better (ping test to...
by coylh
Thu Mar 26, 2015 6:41 pm
Forum: Beginner Basics
Topic: I Love My Mikrotik But....
Replies: 5
Views: 1241

Re: I Love My Mikrotik But....

PRTG is free for limited use.
by coylh
Fri Mar 06, 2015 2:06 am
Forum: RouterBOARD hardware
Topic: Using Mikrotik as Business Network
Replies: 7
Views: 3440

Re: Using Mikrotik as Business Network

In general, I would look at 3650 or 2960 for switching, and Mikrotik for routing. It depends a lot on what you actually do with the switches (are they near, do you stack them, which features are in place, etc...). You also may want to check the quality of the copper cabling when moving to gigabit.
by coylh
Fri Mar 06, 2015 1:55 am
Forum: The Dude
Topic: The Dude is dead. Move on.
Replies: 106
Views: 36456

Re: The Dude is dead. Move on.

dude.png
The Dude Abides...
by coylh
Sat Feb 28, 2015 5:13 am
Forum: General
Topic: CCR1009 or RB1100AHx2 for EoIP+IPSec
Replies: 17
Views: 7752

Re: CCR1009 or RB1100AHx2 for EoIP+IPSec

Ok, I hooked up a couple 1100AHx2 with more or less the same configuration as the CCR pair. I'm able to get around 800Mb/s EoIP + IPSEC. The downside of the better performance is that the dual CPU/irq is maxed out. I think running the routerboards at 90%+ is going to cause system stability problems,...
by coylh
Fri Feb 27, 2015 1:58 am
Forum: General
Topic: CCR1009 or RB1100AHx2 for EoIP+IPSec
Replies: 17
Views: 7752

Re: CCR1009 or RB1100AHx2 for EoIP+IPSec

eoip+ipsec single thread is about 135Mb/s. With this test tool, I consider it normal to be unable to saturate a link with a single tcp stream though, regardless of the tunnel configuration.
by coylh
Thu Feb 26, 2015 9:12 am
Forum: General
Topic: CCR1009 or RB1100AHx2 for EoIP+IPSec
Replies: 17
Views: 7752

Re: CCR1009 or RB1100AHx2 for EoIP+IPSec

Yes, I believe I've set this up. I haven't tried this configuration before, so you'll want to look at the config with some skepticism. Still, I see the SA byte counters moving, so it looks like the traffic is crossing both the EOIP tunnel and the IPSEC. Here's one side: # feb/24/2015 20:34:11 by Rou...
by coylh
Thu Feb 26, 2015 6:39 am
Forum: General
Topic: CCR1009 or RB1100AHx2 for EoIP+IPSec
Replies: 17
Views: 7752

Re: CCR1009 or RB1100AHx2 for EoIP+IPSec

I did a lot of testing this evening. I'm not getting extremely consistent results, but I was able to get around 500Mb/s on a CCR1036 to CCR1009 link. Both were using 6.27 with updated firmware. The only good results were with aes-256-cbc. I notice that "in-state-sequence-errors" are very high though...
by coylh
Thu Feb 12, 2015 1:08 pm
Forum: General
Topic: individually rate limit every IP in a network
Replies: 6
Views: 1379

Re: individually rate limit every IP in a network

Something similar? /queue type set 5 pcq-burst-rate=768k pcq-burst-threshold=128k pcq-burst-time=3s pcq-limit=256 pcq-rate=256k pcq-total-limit=4096 set 6 pcq-burst-rate=2500k pcq-burst-threshold=1M pcq-burst-time=5s pcq-limit=256 pcq-rate=1500k pcq-total-limit=4096 /queue simple add max-limit=10M/1...
by coylh
Sun Feb 08, 2015 11:22 pm
Forum: General
Topic: CCR, CRS replacing my Cisco Core? I'm trying.
Replies: 5
Views: 1378

Re: CCR, CRS replacing my Cisco Core? I'm trying.

They don't agree on spanning tree, but for simple scenarios it can work. I swapped my small cisco core for CCR recently.
by coylh
Mon Jan 26, 2015 10:44 am
Forum: The Dude
Topic: The Dude and RoS6.25+
Replies: 7
Views: 4490

Re: The Dude and RoS6.25+

packages.PNG
This happens for me with 6.24 also. Dude no longer sees the packages for devices that have been upgraded to 6.24 and 6.25. Trying to upgrade a 6.24 device to 6.25 via the Dude gives an error of "packages unknown". Normally this upgrade process is pretty reliable.
by coylh
Mon Jan 12, 2015 9:16 pm
Forum: General
Topic: feature request: mac-address-lists
Replies: 5
Views: 1792

Re: feature request: mac-address-lists

Yes, would be useful.
by coylh
Thu Jan 08, 2015 5:09 am
Forum: General
Topic: NTP Client not working in version 6.24
Replies: 10
Views: 3133

Re: NTP Client not working in version 6.24

Mine works (RB450G) though I'm using the ntp package.
by coylh
Thu Jan 08, 2015 4:14 am
Forum: The Dude
Topic: The Dude is dead. Move on.
Replies: 106
Views: 36456

Re: The Dude is dead. Move on.

by coylh
Thu Jan 08, 2015 3:49 am
Forum: The User Manager
Topic: problem in assigning profile to users
Replies: 2
Views: 1008

Re: problem in assigning profile to users

Which command do you use?
by coylh
Thu Jan 08, 2015 3:48 am
Forum: The User Manager
Topic: User Manager as Radius server for remote devices logins
Replies: 2
Views: 1743

Re: User Manager as Radius server for remote devices logins

I would like to know if my Linksys access point can be setup with WPA-2 Enterprise while pointing to my Mikrotik Router [User Manager - Radius Server] for authentication.
Unfortunately, I don't think this works. You could use Freeradius.
by coylh
Thu Jan 08, 2015 3:45 am
Forum: The User Manager
Topic: Don't use Userman.
Replies: 4
Views: 1450

Re: Don't use Userman.

I had some problems with it initially (basically locking the disk read-only and needing a reboot), but it's been stable for perhaps a year now. I only use it for routerboard logins though (like tacacs). I do recommend running userman on a separate device that does nothing else.
by coylh
Thu Jan 08, 2015 3:20 am
Forum: General
Topic: routerboot 3.21 changelog
Replies: 3
Views: 988

routerboot 3.21 changelog

Hi. It looks like firmware 3.21 is shipped with ROS 6.24 (on ccr) but I don't see this reflected in the changelog: http://wiki.mikrotik.com/wiki/RouterBOOT_changelog
by coylh
Thu Dec 18, 2014 3:28 am
Forum: General
Topic: Limit bandwith to simulate slow internet connections
Replies: 2
Views: 977

Re: Limit bandwith to simulate slow internet connections

I recommend reading http://shop.oreilly.com/product/0636920028048.do for a good discussion on bandwidth vs latency vs page load times. The short answer is that latency is a prime concern. You can use a Mikrotk router to test a variety of bandwidth settings, but it won't work well for modifying laten...
by coylh
Thu Dec 18, 2014 3:14 am
Forum: General
Topic: DMCA complaints and PTP filter
Replies: 3
Views: 856

Re: DMCA complaints and PTP filter

I use a combination of firewall filter and the "P2P" category of a dns blocking service:

See http://forum.mikrotik.com/viewtopic.php ... 62#p428165 and https://www.safedns.com/order-safedns-online.

It's not a perfect solution, but has worked well in practice.
by coylh
Fri Dec 12, 2014 10:09 am
Forum: Beginner Basics
Topic: New to MikroTik: understanding a simple exported config
Replies: 2
Views: 761

Re: New to MikroTik: understanding a simple exported config

1. It's a way of referencing an interface. In other words, "find the interface that was originally called blah, and assign a comment to it."

2. The second set of comments apply to neighbor discovery rules. You could remove the comments.
by coylh
Thu Dec 11, 2014 6:23 am
Forum: General
Topic: Botnet - Brute Force Rules Help, Please
Replies: 10
Views: 2337

Re: Botnet - Brute Force Rules Help, Please

Use ssh keys and ignore the login attempts.
by coylh
Thu Dec 11, 2014 6:16 am
Forum: General
Topic: Change all my custemors cpe WPA key
Replies: 8
Views: 1178

Re: Change all my custemors cpe WPA key

I use something like this, for issuing commands to a number of routers. It requires that you have established key based ssh logins (putty/pagent). @echo off SET PLINK=C:\plink.exe SET USER=admin FOR %%HOST IN ( router1.example.com router2.example.com ) DO ( echo. echo %%HOST %PLINK% -ssh -agent %USE...
by coylh
Thu Dec 11, 2014 6:04 am
Forum: RouterBOARD hardware
Topic: mAP 802.3af support
Replies: 47
Views: 21516

Re: mAP 802.3af support

The current product catalog (http://download2.mikrotik.com/2014-Q3Q4.pdf) still claims 802.3 POE compatibility:
map.PNG
by coylh
Thu Dec 11, 2014 5:58 am
Forum: RouterBOARD hardware
Topic: Request: Dual Band WiFi in Consumer Routers
Replies: 23
Views: 7223

Re: Request: Dual Band WiFi in Consumer Routers

Yeah, it works. If you don't have a case, you can use a plastic bag. This provides additional space to store extra spooled cable. :lol:
dualband ap with poe.jpg
by coylh
Mon Dec 08, 2014 9:19 am
Forum: RouterBOARD hardware
Topic: Request: Dual Band WiFi in Consumer Routers
Replies: 23
Views: 7223

Re: Request: Dual Band WiFi in Consumer Routers

My assumption is that the indoor wireless enterprise market is not a priority. I would guess this is because of the WISP heritage. It's difficult to assemble an indoor mikrotik access point that meets normal expectations (poe, gigabit, 2x2 dual band, central management). You could put together somet...
by coylh
Wed Nov 26, 2014 1:43 am
Forum: General
Topic: 2xCCR-1036-12G-4S - slow TCP throughput?
Replies: 3
Views: 998

Re: 2xCCR-1036-12G-4S - slow TCP throughput?

TCP is subject to more variables. Test with iperf from a client inside to a location outside.
by coylh
Wed Nov 19, 2014 11:04 pm
Forum: General
Topic: connection tracking and ICMP
Replies: 1
Views: 1455

Re: connection tracking and ICMP

I noticed something similar. A repeating ping will keep the icmp "connection" alive in connection tracking, and actually increase the timeout. Where I would expect the timeout to count down, it actually goes up. I watched this rise to ten minutes of timeout. Stop the ping, and the connection disappe...
by coylh
Wed Nov 19, 2014 10:53 pm
Forum: RouterBOARD hardware
Topic: Routerboards 2.4Ghz and 5Ghz wifi max chains
Replies: 6
Views: 3910

Re: Routerboards 2.4Ghz and 5Ghz wifi max chains

Buy two radios: http://routerboard.com/R52Hn Buy four antennas: http://routerboard.com/ACSWIM One radio will operate at 2.4 and the other radio at 5Ghz. You'll need a third-party enclosure to cleanly mount all four antennas. Also, keep in mind that the radio cards/cables add length and height to the...
by coylh
Wed Nov 19, 2014 2:58 am
Forum: General
Topic: Correct Firewall Rule for DNS
Replies: 4
Views: 5974

Re: Correct Firewall Rule for DNS

Something like this... allow from lan, drop everything else.

Don't just copy/paste though. :)
/ip firewall filter
add chain=input dst-port=53 in-interface=ether1-lan protocol=udp
add chain=input dst-port=53 in-interface=ether1-lan protocol=tcp
#add action=drop chain=input
by coylh
Tue Nov 18, 2014 12:48 am
Forum: RouterBOARD hardware
Topic: Routerboards 2.4Ghz and 5Ghz wifi max chains
Replies: 6
Views: 3910

Re: Routerboards 2.4Ghz and 5Ghz wifi max chains

Hi. I would use one of these (http://routerboard.com/RB493G) as a board for experimentation. Two caveats: the Mikrotik case only has three holes for antennas, and the usb ports are not powered. If you can work with those two limitations, it's an excellent and flexible piece of hardware you can use t...
by coylh
Sat Nov 15, 2014 3:53 am
Forum: RouterBOARD hardware
Topic: Beware of CCR1009-8G-1S-1S+
Replies: 9
Views: 3124

Re: Beware of CCR1009-8G-1S-1S+

There have been some other posts about dead CCRs. I have been anxious about this, since I have 9 of this model in production. So far though, no serious problems.
by coylh
Sat Nov 08, 2014 6:47 pm
Forum: RouterBOARD hardware
Topic: CCR link flap on uncabled port
Replies: 3
Views: 1002

Re: CCR link flap on uncabled port

I updated from 6.19 to 6.21.1/3.19 and haven't seen the port flapping in the past day or so. Yay!
by coylh
Wed Oct 29, 2014 9:42 pm
Forum: General
Topic: v6.20 released!
Replies: 146
Views: 58715

Re: v6.20 released!

I found this:
in 6.20 does not show the correct values ​​for the data rates and current transmit power
I've run into something similar.
by coylh
Wed Oct 29, 2014 6:17 pm
Forum: RouterBOARD hardware
Topic: CCR link flap on uncabled port
Replies: 3
Views: 1002

CCR link flap on uncabled port

Hi. I'm seeing a port go up an down over and over again. The especially odd thing is that there is no cable plugged into this port (port 8 on CCR1009-8G-1S-1S+ running 6.19/3.18). This is the only one of eight deployed CCR1009's to do this for me.
by coylh
Fri Oct 17, 2014 2:58 am
Forum: RouterBOARD hardware
Topic: mAP 802.3af support
Replies: 47
Views: 21516

Re: mAP 802.3af support

I tried Cisco 2960S (at) and Cisco 3750G (af only).
by coylh
Thu Oct 16, 2014 3:53 am
Forum: RouterBOARD hardware
Topic: mAP 802.3af support
Replies: 47
Views: 21516

Re: mAP 802.3af support

RBSXTG-5HPacD 802.11at POE doesn't work either.
by coylh
Fri Oct 03, 2014 1:10 am
Forum: General
Topic: mAP 2n PoE not working with Cisco Switches
Replies: 2
Views: 1134

Re: mAP 2n PoE not working with Cisco Switches

It doesn't appear to work with any POE switch: http://forum.mikrotik.com/viewtopic.php?f=3&t=88451
by coylh
Thu Oct 02, 2014 6:18 am
Forum: RouterBOARD hardware
Topic: Is there something wrong with ccr1009-8g-1s-1s+ ?
Replies: 21
Views: 6679

Re: Is there something wrong with ccr1009-8g-1s-1s+ ?

I have four 1009's, two 1016's, and nine 1036's in use so far. I've got another 20 1009's waiting for deployment, so we'll see what happens.
by coylh
Thu Oct 02, 2014 3:26 am
Forum: General
Topic: Add Right Click Lock Firewall Rule
Replies: 5
Views: 886

Re: Add Right Click Lock Firewall Rule

How about "Are you sure?"
by coylh
Tue Sep 30, 2014 8:37 am
Forum: General
Topic: Help needed on line througput measurement
Replies: 5
Views: 1220

Re: Help needed on line througput measurement

If you are on an interface that is capable of 100Mb, you should see 100Mb of traffic when the interface is full. Basic interface stats don't understand a nuanced concept like throughput, which must take into account protocol layers. Try running speedtest.net on a client capable of receiving at least...
by coylh
Fri Sep 26, 2014 2:08 am
Forum: RouterBOARD hardware
Topic: mAP 802.3af support
Replies: 47
Views: 21516

Re: mAP 802.3af support

Nobody?
by coylh
Fri Sep 26, 2014 1:59 am
Forum: General
Topic: [FIXED] CCR1009-8G-1S-1S+ Port-Flapping/Ghost-Ports
Replies: 24
Views: 5365

Re: CCR1009-8G-1S-1S+ Port-Flapping/Ghost-Ports

It appears that turning off POE (power inline never) on the switchport connected to the Mikrotik provides some relief. Firmware problem? I don't recall seeing this kind of flapping before?
by coylh
Fri Sep 26, 2014 1:36 am
Forum: General
Topic: [FIXED] CCR1009-8G-1S-1S+ Port-Flapping/Ghost-Ports
Replies: 24
Views: 5365

Re: CCR1009-8G-1S-1S+ Port-Flapping/Ghost-Ports

I noticed I'm getting this with a RB450G (6.18/3.18) that is plugged into a Cisco 2960S. I have other locations with this same arrangement that don't flap.
by coylh
Tue Sep 16, 2014 3:36 am
Forum: RouterBOARD hardware
Topic: Requirement for solid wireless network around my home
Replies: 9
Views: 1892

Re: Requirement for solid wireless network around my home

It depends on the architecture, and the antenna used (which I don't see in the quote). It sounds like a large house, so I would think two access points is better.
by coylh
Tue Sep 16, 2014 3:28 am
Forum: RouterBOARD hardware
Topic: SFP+ single fibre
Replies: 3
Views: 1480

Re: SFP+ single fibre

I've been using MRV 1 gig bidirectional sfps.
by coylh
Tue Sep 16, 2014 3:25 am
Forum: RouterBOARD hardware
Topic: Feature Request: Stacking
Replies: 1
Views: 1052

Re: Feature Request: Stacking

Once you stack, you don't go back.
by coylh
Tue Sep 16, 2014 3:24 am
Forum: RouterBOARD hardware
Topic: 60KM SFP
Replies: 8
Views: 2391

Re: 60KM SFP

I've been using a couple MRV bidirectional models. Currently the longest link is about 90km.
by coylh
Tue Sep 16, 2014 3:17 am
Forum: RouterBOARD hardware
Topic: mAP 802.3af support
Replies: 47
Views: 21516

Re: mAP 802.3af support

Does this routerboard work with any switches? Robust standard POE is going to be important (cAP).
by coylh
Wed Aug 27, 2014 2:55 am
Forum: The User Manager
Topic: userman truncating long passwords for ssh authentication?
Replies: 0
Views: 948

userman truncating long passwords for ssh authentication?

I noticed on a new user in userman, that I could login via winbox but not via ssh client (putty). This was a login to the routerboard that was itself the radius server. When I shorted the password (from around 20 characters to 16 characters), I could then login via both winbox and ssh. It doesn't ap...
by coylh
Mon Aug 11, 2014 9:01 pm
Forum: General
Topic: Gaming QOS
Replies: 6
Views: 2642

Re: Gaming QOS

Is the connection just for gaming traffic, or is it shared with other types of traffic?
by coylh
Mon Aug 11, 2014 8:58 pm
Forum: General
Topic: CAPsMAN Weeping
Replies: 11
Views: 3993

Re: CAPsMAN Weeping

It's version 1.0. It's prudent to wait for version 3.0.

I'll be interested to see how the product is maturing in a couple years though.
by coylh
Mon Aug 11, 2014 8:51 pm
Forum: General
Topic: SOLVED! Winbox on Windows-7 using MAC Address doesn't work
Replies: 21
Views: 21985

Re: SOLVED! Winbox on Windows-7 using MAC Address doesn't w

I've always found that I have to disable all interfaces, except for the interface connected to the mikrotik, for layer 2 winbox to discover the routerboard.
by coylh
Sat Aug 09, 2014 3:04 am
Forum: General
Topic: winbox feature request
Replies: 2
Views: 847

Re: winbox feature request

Windows 7 64bit.
by coylh
Fri Aug 01, 2014 2:05 am
Forum: General
Topic: Replacing Cisco ASA5520 with CCR1016-12G
Replies: 18
Views: 3636

Re: Replacing Cisco ASA5520 with CCR1016-12G

I replaced a ASA 5505 (100mb/s) with a CCR when I upgraded to a gigabit connection. It works fine, but we weren't using any fancy features of the ASA.
by coylh
Fri Aug 01, 2014 2:01 am
Forum: The User Manager
Topic: User-manager + WPA2 Enterprise + LinkSys AP
Replies: 4
Views: 4162

Re: User-manager + WPA2 Enterprise + LinkSys AP

If I remember correctly, it doesn't work. You could use a different radius server.
by coylh
Fri Aug 01, 2014 1:55 am
Forum: General
Topic: winbox feature request
Replies: 2
Views: 847

winbox feature request

One of the issues I've had for a while, is that Winbox does not handle dual nic computers when connecting via layer 2. I must disable all irrelevant nics (including wifi) to force the discovery process to use the nic that is connected to a routerboard. I would prefer (if it's technically feasible) f...
by coylh
Fri Aug 01, 2014 1:23 am
Forum: RouterBOARD hardware
Topic: Anything else I can try with Cisco SFP GLC-T?
Replies: 3
Views: 2092

Re: Anything else I can try with Cisco SFP GLC-T?

There is some variation is parts. The two GLC-T parts I tried didn't work.
by coylh
Sat Jul 19, 2014 4:09 am
Forum: Wireless Networking
Topic: MikroTik Wireless systems is 802.3af support?
Replies: 11
Views: 3101

Re: MikroTik Wireless systems is 802.3af support?

When I tried this I was using a Cisco 3750 flavor switch. That project is long gone; at the time I was looking at indoor access points. I like a lot of the Mikrotik systems, but other vendors had much better support for the features I was looking for (completely reliable POE, fanless, dual-radio, ce...
by coylh
Sat Jul 19, 2014 2:59 am
Forum: General
Topic: v6.16/v6.17
Replies: 187
Views: 46599

Re: v6.16/v6.17

I really like the date/time recording feature!
time in log.PNG
by coylh
Sat Jul 19, 2014 2:20 am
Forum: General
Topic: v6.16/v6.17
Replies: 187
Views: 46599

Re: v6.16/v6.17

I'm getting an error, when upgrading via Dude. I also tried this on a device without wireless interfaces (RB450G).
upgrade failed.PNG
by coylh
Sat Jul 19, 2014 2:14 am
Forum: Wireless Networking
Topic: cannot find the WLAN interface
Replies: 12
Views: 1574

Re: cannot find the WLAN interface

I've gotten the same thing on a RB800. Sometimes after a reboot there are no wlan interfaces (even though the cards show up in Resources).
by coylh
Mon Jun 30, 2014 5:32 pm
Forum: General
Topic: v6.15 released
Replies: 302
Views: 103307

Re: v6.15 released

I installed 6.15 (dhcp, ntp, routing, security, system) on my first 1016 (CCR1016-12S-1S+). I notice the cores are much more "active". If I was graphing the cpu usage, it would be very spiky. On 1036's (6.11), the cores are usually idle. Not sure if this is a problem yet, but it looks odd for the sy...
by coylh
Fri Jun 27, 2014 1:01 am
Forum: General
Topic: Mikrotik RAIN
Replies: 4
Views: 1418

Re: Mikrotik RAIN

Take a look at http://www.talari.com/technology/

You can mirror packets across multiple wan links like raid1.
by coylh
Sun May 25, 2014 6:59 pm
Forum: General
Topic: How to Block torrent 100%? Only 2 lines. It is solved.
Replies: 63
Views: 93970

Re: How to Block torrent 100%? Only 2 lines. It is solved.

This has worked well for utorrent for me. /ip firewall mangle add action=add-src-to-address-list address-list=P2P address-list-timeout=12h chain=prerouting comment="Add src address to list if matches old p2p-all" p2p=all-p2p src-address=192.168.128.0/17 add action=add-src-to-address-list address-lis...
by coylh
Sun May 25, 2014 5:21 pm
Forum: Scripting
Topic: How to ***really*** block invalid TCP and UDP packet
Replies: 43
Views: 36205

Re: How to ***really*** block invalid TCP and UDP packet

Here's what I get after about a month.
by coylh
Tue Apr 29, 2014 8:30 am
Forum: RouterBOARD hardware
Topic: CCR1009-8G-1S-1S+ General info & Questions
Replies: 100
Views: 68924

Re: CCR1009-8G-1S-1S+ General info & Questions

How is the switch chip configured without a switch menu option?
by coylh
Fri Apr 18, 2014 7:25 am
Forum: General
Topic: Windows shortcut for winbox that opens routerboard??
Replies: 4
Views: 1340

Re: Windows shortcut for winbox that opens routerboard??

You could also try a local installation of Dude. If your list of routerboards is long, there are other benefits of using Dude.
by coylh
Fri Apr 18, 2014 7:15 am
Forum: The User Manager
Topic: Active Profile User Manager
Replies: 3
Views: 5137

Re: Active Profile User Manager

It works for me on 6.11.
by coylh
Fri Apr 18, 2014 7:13 am
Forum: General
Topic: export oddity
Replies: 3
Views: 709

Re: export oddity

I also don't see the user names included in a full export, even though I see the user names included in a more specific export. For example: [joe@router.example.com] /user> export # apr/17/2014 21:08:14 by RouterOS 6.11 # software id = XXXXXXXXX # /user add comment="system default user" group=full n...
by coylh
Wed Apr 16, 2014 3:35 am
Forum: Wireless Networking
Topic: MikroTik Wireless systems is 802.3af support?
Replies: 11
Views: 3101

Re: MikroTik Wireless systems is 802.3af support?

I wouldn't recommend using 802.3af for RB800. Ostensibly it supports this type of POE, but I didn't have any luck making it work reliably.
by coylh
Wed Apr 16, 2014 2:33 am
Forum: The User Manager
Topic: failed to commit transaction: disk I/O error
Replies: 10
Views: 5537

failed to commit transaction: disk I/O error

I started using the userman package this weekend on CCR1036-12G-4S-EM (6.11), and after only a few days it failed. I get the error "failed to commit transaction: disk I/O error". After this happened I get "failed to add log: unable to open database file". It looks like this has caused the disk to sw...
by coylh
Fri Apr 11, 2014 1:50 pm
Forum: General
Topic: export oddity
Replies: 3
Views: 709

Re: export oddity

It looks like the disabled status of a console port behaves similarly: [admin@router.example.com] /system console> print Flags: X - disabled, U - used, F - free # PORT TERM 0 X serial0 vt102 [admin@router.example.com] /system console> export # apr/11/2014 03:45:27 by RouterOS 6.11 # software id = XX...
by coylh
Fri Apr 11, 2014 9:23 am
Forum: General
Topic: export oddity
Replies: 3
Views: 709

export oddity

Hi. Why doesn't export reflect the configuration of the router? [admin@router.example.com] /ip neighbor discovery> print Flags: X - disabled # NAME 0 X ether1 1 X ether2 2 X ether3 3 X ether4 4 ether5 [admin@router.example.com] /ip neighbor discovery> export verbose # apr/10/2014 21:57:32 by RouterO...
by coylh
Fri Apr 11, 2014 8:40 am
Forum: General
Topic: [WINBOX] MultiTab
Replies: 19
Views: 3629

Re: [WINBOX] MultiTab

Use webfig if you want tabs.
by coylh
Fri Apr 11, 2014 8:37 am
Forum: General
Topic: Force reboot
Replies: 17
Views: 55889

Re: Force reboot

This command could use an improvement. I suggest:
/system reboot confirmation=no
by coylh
Thu Apr 03, 2014 4:22 am
Forum: General
Topic: SSH Brute Force
Replies: 3
Views: 1346

Re: SSH Brute Force

You could use a simple single port knock to avoid dumb ssh scanners filling up your log: /ip firewall filter add action=jump chain=input dst-port=22,12345 jump-target=SSH protocol=tcp add action=add-src-to-address-list address-list="SSH Allowed" address-list-timeout=1h chain=SSH dst-port=12345 proto...
by coylh
Sat Mar 22, 2014 2:28 am
Forum: RouterBOARD hardware
Topic: Anything else I can try with Cisco SFP GLC-T?
Replies: 3
Views: 2092

Re: Anything else I can try with Cisco SFP GLC-T?

I tried to do the same, and couldn't get it to work either.
by coylh
Wed Mar 19, 2014 10:34 pm
Forum: General
Topic: ccr port mirroring
Replies: 3
Views: 4279

Re: ccr port mirroring

It looks like you can achieve something similar in mangle. I haven't tried it. http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Mangle sniff-tzsp - send packet to a remote TZSP compatible system (such as Wireshark). Set remote target with sniff-target and sniff-target-port parameters (Wireshark reco...
by coylh
Sun Feb 16, 2014 6:49 pm
Forum: RouterBOARD hardware
Topic: usb serial console on CCR
Replies: 5
Views: 2062

Re: usb serial console on CCR

It's almost automatic. I just added the console port:
by coylh
Sun Feb 16, 2014 3:46 am
Forum: RouterBOARD hardware
Topic: usb serial console on CCR
Replies: 5
Views: 2062

usb serial console on CCR

This makes me happy. :D
by coylh
Tue Feb 11, 2014 3:03 am
Forum: RouterBOARD hardware
Topic: CCR - Traffic Interface Tab Issue
Replies: 4
Views: 898

Re: CCR - Traffic Interface Tab Issue

In my experience, this can happen when some of the traffic to or from your winbox client is being dropped. For example, during a bandwidth test you might not get any results to graph.
by coylh
Tue Oct 29, 2013 12:13 am
Forum: General
Topic: v6.2 ssh key import broken
Replies: 3
Views: 1111

Re: v6.2 ssh key import broken

6.5 fixed this for me. Thanks!
by coylh
Tue Oct 01, 2013 7:58 pm
Forum: RouterBOARD hardware
Topic: CCR1036-8G-2S+
Replies: 16
Views: 4014

Re: CCR1036-8G-2S+

by coylh
Mon Sep 30, 2013 11:42 pm
Forum: General
Topic: [SOLVED] Ethernet duplex BUG in 6.3
Replies: 14
Views: 4413

Re: [SOLVED] Ethernet duplex BUG in 6.3

Not sure if it's the same issue, but I'm experiencing an auto negotiation problem between a CCR and Cisco 2960S, upon boot up. Sometimes it negotiates, and sometimes there's no traffic. At the moment I have the Cisco side set for 1000 full, which functions.
by coylh
Thu Sep 12, 2013 6:57 pm
Forum: The Dude
Topic: Dude v4beta3 released
Replies: 253
Views: 99833

Re: Dude v4beta3 released

I discovered the Dude a few years ago (wanted a visual what's-up utility). This lead to looking at other Mikrotik products. I'm now at 60 routerboards and climbing...
by coylh
Wed Sep 11, 2013 11:28 pm
Forum: General
Topic: v6.2 ssh key import broken
Replies: 3
Views: 1111

Re: v6.2 ssh key import broken

I'm running into the same problem going from 6.0 to 6.3. Is a 1K key too short? It's not clear what the problem is from the error.
by coylh
Fri Mar 29, 2013 2:27 am
Forum: The Dude
Topic: Using the Dude to Remote Backup RouterOS Devices
Replies: 11
Views: 5206

Re: Using the Dude to Remote Backup RouterOS Devices

I load ssh keys onto the devices I want to backup, and then run a script like this one periodically. @echo off SET PLINK=C:\putty\plink.exe SET PSCP=C:\putty\pscp.exe SET BACKUPUSER=backup SET CONFIGDIRECTORY=C:\configuration\mikrotik FOR %%H IN ( router1.example.com router2.example.com router3.exam...
by coylh
Thu Aug 23, 2012 1:07 am
Forum: The Dude
Topic: ACKed devices
Replies: 1
Views: 1368

ACKed devices

If a device goes Down in the Dude (Red), I can mark it as acknowledged (Blue). When the device comes back up it changes back to Green. The problem I'm seeing is that were the device to go down a second time, it will become Blue again. It's as though the Dude still considers the problem acknowledged....
by coylh
Tue Aug 07, 2012 9:59 pm
Forum: RouterBOARD hardware
Topic: SFP module
Replies: 100
Views: 57236

Re: SFP module

LC singlemode bidirectional gigabit 10-60km operating range, with DOM.
by coylh
Sat Jul 28, 2012 4:08 am
Forum: General
Topic: RB1100AHx2 High CPU Usage
Replies: 2
Views: 968

Re: RB1100AHx2 High CPU Usage

Seems high. What are the drops from?

Image
by coylh
Fri May 18, 2012 11:48 pm
Forum: The Dude
Topic: a fantastic feature request for new dude
Replies: 8
Views: 2061

Re: a fantastic feature request for new dude

I'd like to see the Dude backup devices, or send commands to multiple devices. Something like CatTools, but built into Dude. The ability to mass upgrade devices is really useful.

I think the Dude is one of the best products, and am looking forward to the new version this year.
by coylh
Wed Nov 02, 2011 12:44 am
Forum: RouterBOARD hardware
Topic: WANTED Rackmount switch with SwOS from Mikrotik
Replies: 11
Views: 2022

Re: WANTED Rackmount switch with SwOS from Mikrotik

48 port RouterOS. Creating a second operating system/interface is a mistake IMHO (think CatOS).
by coylh
Thu Oct 06, 2011 10:36 pm
Forum: The Dude
Topic: Dude v3.6 on rb450G not working web on 81 port. ROS 5.0
Replies: 6
Views: 2669

Re: Dude v3.6 on rb450G not working web on 81 port. ROS 5.0

I have the same problem--latest Dude package and 5.6 on RB450G. Port 81 doesn't work, and there's no option to change the port or use ssl.