Hi all, We use the DHCPv4 Option 82 (Circuit ID) to RADIUS lookup functionality to authenticate most of our users. While DHCPv6 on MikroTik has had a lot of improvements lately, it doesn't appear that DHCPv6-PD requests use Option 18 (Interface-ID) when doing a RADIUS lookup. I've done packet captur...

Hi all,

The latest stable release, 6.45.9, includes the following note:
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;

Does anyone know if this fixes the issue covered in this thread? I don't have time to lab anything up for the moment to test.

Regards,
Philip

Try this on DHCP-Client:

special-classless - adds both classless route if received and default route (MS style)

This is only possible if you control the CPE, which is quite often not the case.

@maznu - While I agree that sending around this potentially dangerous information has risks, I think that you have proven that you're more interested in a fix than having every IPv6-enabled MikroTik device in the world start spontaneously rebooting. Many others here are in the same boat. To clarify,...

If you haven't already, I would strongly encourage those of you who discovered and reverse engineered these bugs to compare notes and check that they are in fact the same methods - the last thing we need is for MikroTik to release a fix for the original issue, and then find that those who reverse en...

The suggested temporary workaround also does not work if you have connection tracking disabled, as we do for some of our higher-throughput devices. I think that a key takeaway from this issue is that you shouldn't put all your eggs in one basket. Don't rely on any single vendor for your critical inf...

For those following, I emailed support and received the following response: As far as I can tell problem is reported and in TODO list, but when exactly it will be resolved I cannot tell. One of the best working hypervisors with least amount of problems is hyper-v, if this MPLS problem is really big ...

Are there any updates on this issue? In particular, have there been any improvements since RouterOS 6.42, which has a heap of hypervisor integration improvements?

Well, to be sure you should use current release (rc is desirable but not mandatory) - if it's already fixed, it should be backported, not fixed again

Fair point I'll lab it up and go from there.

Agreed, using the same RADIUS response value for those 2 behaviours seems like an unwanted "feature".

I'll lab it up and check the most recent bugfix release first to ensure it's still showing the same behaviour - I'm seeing it on 6.39.3, the last bugfix release.

We have a system where we authenticate DHCP clients based on DHCP option 82. This allows us to set a static IP for a service, which is not reliant on the CPE MAC or some other value which might change. On our RADIUS server, we have taken advantage of the Framed-Route value so that we can assign addi...

I may put up a new post about this, as the feature of the Mikrotik router assigning static routes towards the client and using the same RADIUS response value to tell the client to route those same subnets back upstream router seems like something you would never want... Huh?.. What feature?.. If yo...

Thanks mrz and Chupaka for your responses, that makes sense. I may put up a new post about this, as the feature of the Mikrotik router assigning static routes towards the client and using the same RADIUS response value to tell the client to route those same subnets back upstream router seems like so...

Can we get some clarification around this change? *) dhcpv4-server - fixed framed and classless route received from RADIUS server; We use RADIUS to assign additional subnets as static route to the DHCP client. We've seen that this breaks default routes on Mikrotik CPEs, as it forwards the values thr...

RouterOS 6.40.6 has been released as the latest bugfix, and includes the ability to set the source IP for SNMP responses. I haven't tested it yet, but have confirmed the options are there.

Thanks for the heads up, Joey, that's great news. It appears to have been released in 6.40, according to the changelog: *) snmp - added ability to set "src-address" So it's been available since 21 July 2017, for those happy to use the Current branch of releases. For me, I'll be waiting for...

Hi changeip, thanks for your response. As I mentioned, I used a routing filter to assign the preferred source to the routes, and it made no difference. I'm not using OSPF, only BGP. The Router ID for the BGP instance is the loopback address, which does not appear to have made any difference. Just an...

We have struggled with this issue too. We generally have a /32 IP address on a "loopback" bridge with no interfaces attached and use that for all monitoring, with BGP advertising the address, to handle the multiple paths around our network. The odd thing is, it does work on some devices, b...

I learnt a bit about the H3C stuff just yesterday... I had no idea how impressive the devices were! I'd love to have a play with some of them, but not sure I will have the chance any time soon. Unfortunately this means I'm not familiar enough with the device to be of much specific technical help, bu...

Thanks Lebowski, I won't waste time testing until there is a new version then. And I reckon The Dude would grow massively if it was released as open source... it's already so incredible, and does things that many expensive products don't. I can be patient for a release too though, because those expe...

Hi jerryeblades, We are monitoring aggregated links on Cisco Catalyst switches via The Dude. The ports are configured as etherchannel or LACP depending on the device on the other end of the link, and then we monitor the allocated channel number in The Dude. Here is an example of the Cisco port confi...

Thanks for taking the time to help and test, Lebowski. We get such great value out of The Dude, even though the powers that be would only be happy if we paid less for it... ie if we were paid to use it!! :) So in summary, you have confirmed that the behaviour I see is happening for you too, which me...

Sorry, this is all with read-only SNMP access, and the access level change I was describing is the user level in The Dude under the Admin section. I don't have SNMP write access on these devices at all, only read and only from specific IP addresses. As far as I know, this issue has existed from the ...

I have just tested a new, clean, local instance of The Dude, adding just 2 devices with a link between them, and adding an OID to the link tooltip. It shows up for full user, but not for read user. I might try install a beta of The Dude 4 later on and see if it shows the same behaviour. Is there any...

Hi Lebowski, thanks so much for your response. Sorry, I was aware of the 3rd parameter for being the return for a false condition on the if function, I explained the result without saying why I did it :) I did something like the function you suggested and got the equivalent of your "Couldn't re...

Hi all, I've done a lot of googling for this problem, but have not been able to find anything helpful. We use The Dude 3.6 to monitor, amongst other things, Cisco ADSL2+ routers. We have the tooltip for links set to show the ADSL2+ sync speed, but it only shows that info for admin, not for read user...