Community discussions

Search found 1083 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 22
by tomaskir
Thu Aug 16, 2018 12:23 pm
Forum: The Dude
Topic: Mass Password Change [SOLVED]
Replies: 2
Views: 102

Re: Mass Password Change [SOLVED]

With The Dude, there is no way to mass push config.

I recommend checking out Unimus - it will do this with a few clicks.
(create a Mass Config Push preset, select devices, push)

Otherwise, you can always script this yourself using TCL/Expect, or Python.
by tomaskir
Mon Aug 13, 2018 3:45 pm
Forum: General
Topic: Centralized Management
Replies: 4
Views: 284

Re: Centralized Management

Thanks for the feedback, we are always happy to hear what we can do better :) - Centralized Upgrade: Great, but it would be very helpful to see the current ROS-version of every device in the device-list We want to add this, but since we support 110+ vendors we need to properly implement this for all...
by tomaskir
Mon Aug 13, 2018 1:34 pm
Forum: General
Topic: Monitor wireless values
Replies: 2
Views: 142

Re: Monitor wireless values

Everything you want is in RouterOS wireless MIBs.
/interface wireless
print oid

Use SNMP to retrieve the data, and choose any of the available monitoring platforms to graph it :)
by tomaskir
Mon Aug 13, 2018 1:27 pm
Forum: General
Topic: Centralized Management
Replies: 4
Views: 284

Re: Centralized Management

Check out Unimus , it was built for exactly this. Here is a manual how to mass-upgrade RouterOS across the network: https://unimus.net/blog/network-wide-mikrotik-routeros-upgrade.html Here is an example of how to validate security (and if the network was hit be recent RouterOS exploits): https://uni...
by tomaskir
Tue Jul 24, 2018 6:28 pm
Forum: Virtualization
Topic: CHR 6.42.6+GNS3 = No RoMON
Replies: 1
Views: 184

Re: CHR 6.42.6+GNS3 = No RoMON

RoMON uses a MKT proprietary L2 protocol. The default simulated switches in GNS3 only forward Ethernet frames. This is why you are not able to use RoMON, or other non-standard L2 protocol in GNS. Work-around is not to use the GNS3 "switch" object to connect your simulated MKTs, but use something els...
by tomaskir
Sun Jul 22, 2018 2:30 pm
Forum: Wireless Networking
Topic: Wireless Wire MTU, stability
Replies: 5
Views: 446

Re: Wireless Wire MTU, stability

Sounds like a bug.
Definitely something MKT support should look at.

Did you send a ticket to support with a supout.rif yet?
by tomaskir
Sun Jul 22, 2018 12:47 pm
Forum: General
Topic: Intrusion shortly after sending support file
Replies: 8
Views: 1021

Re: Intrusion shortly after sending support file

1) What version of RouterOS was that router on?
2) Did you have Winbox open publicly on the default port?
by tomaskir
Wed Jul 11, 2018 2:55 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: LLDP
Replies: 122
Views: 35624

Re: LLDP

I think everyone in this thread appreciates VERY MUCH that LLDP is implemented at all. And I personally thank the MKT team a lot for this. But I think all of us here wish the work on LLDP would continue, since there is still a lot that can be improved. Also separation of LLDP from MNDP would probabl...
by tomaskir
Wed Jul 11, 2018 1:44 am
Forum: RouterOS v6 RC and v7 BETA
Topic: LLDP
Replies: 122
Views: 35624

Re: LLDP

Also no LLDP data is present in SNMP.

Another main use-case for LLDP is to have topology data available over SNMP, so monitoring and mapping software can use it to map the network.
by tomaskir
Sun Jul 08, 2018 5:35 pm
Forum: General
Topic: feature request, auto firewall nat rules [SOLVED]
Replies: 4
Views: 220

Re: feature request, auto firewall nat rules [SOLVED]

You can use this FW rule to accept all NATed connections:

Code: Select all

/ip firewall filter
add chain=forward connection-nat-state=dstnat action=accept
EDIT: damn, Sob beat me to it :(
by tomaskir
Mon Jul 02, 2018 4:58 pm
Forum: Announcements
Topic: Winbox v3.16 released!
Replies: 63
Views: 7079

Re: Winbox v3.16 released!

*) added back support for connecting to older RouterOS v6 versions;
Does this mean that Winbox is again able to download and execute DLLs received from external sources?
by tomaskir
Tue Jun 19, 2018 3:42 pm
Forum: General
Topic: Load custom default config when reset button pressed [SOLVED]
Replies: 1
Views: 123

Re: Load custom default config when reset button pressed [SOLVED]

You will have to use NetInstall to do this.
NetInstall has an option to apply a configuration.

That configuration will be applied as the default config.
(including if the board is reset through the reset button)
by tomaskir
Tue Jun 12, 2018 6:50 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: New IP cloud is coming.
Replies: 68
Views: 7034

Re: New IP cloud is coming.

Multi-WAN support for DDNS pretty please?
by tomaskir
Wed Jun 06, 2018 11:06 am
Forum: General
Topic: configuration for multiple routers
Replies: 3
Views: 237

Re: configuration for multiple routers

If you want an easier solution - try Unimus. It will do Mass Config Push for you, and you can have it setup in under 30 minutes. Changing NTP, or creating / modifying users on all MKTs in the network is a few clicks. Here is an example of how to do RouterOS upgrades: https://unimus.net/blog/network-...
by tomaskir
Mon May 21, 2018 8:24 pm
Forum: General
Topic: multi microtik management tool
Replies: 13
Views: 5295

Re: multi microtik management tool

Check out Unimus:
https://unimus.net/

It will do Mass Config Push, change detection, diffs, network-wide config search, etc.
You can easily upgrade RouterOS across the network.

Here is an article on network-wide RouterOS update:
https://unimus.net/blog/network-wide-mi ... grade.html
by tomaskir
Wed May 02, 2018 4:24 pm
Forum: The Dude
Topic: New Dude to Backup Routers
Replies: 23
Views: 2524

Re: New Dude to Backup Routers

Unimus is interesting, even though it IS paid (thanks Hammy). The dev is pretty responsive and he's including [starting to anyway] mechanisms for pushing commands/scripts to devices which is making it somewhat of a change-mgmt platform with some interesting possibilities. This would have been helpf...
by tomaskir
Mon Apr 30, 2018 4:00 pm
Forum: General
Topic: [Guide] Easy network-wide RouterOS upgrades
Replies: 1
Views: 223

[Guide] Easy network-wide RouterOS upgrades

Hi everyone, So with the latest RouterOS exploits, upgrading to a up-to-date RouterOS version is more important than ever. I wrote an article/how-to on an easy way to update RouterOS across your entire network. This article uses RouterOS Package Source feature to act as a local upgrade server. Unimu...
by tomaskir
Mon Apr 23, 2018 3:20 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 498
Views: 66265

Re: v6.43rc [release candidate] is released!

@strods
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);

Can you please elaborate on what this does?
by tomaskir
Fri Apr 20, 2018 2:36 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 498
Views: 66265

Re: v6.43rc [release candidate] is released!

Can the phy-rate and RSSI for 60G interfaces also be exposed over SNMP please?

Thanks!
by tomaskir
Mon Mar 19, 2018 1:38 pm
Forum: General
Topic: L2 MTU sizes - STILL confused
Replies: 11
Views: 877

Re: L2 MTU sizes - STILL confused

Slide 18 and 19 from my presentation on MPLS/VPLS/MTU covers this pretty well:
https://mum.mikrotik.com/presentations/US13/kirnak.pdf

I would also recommend actually watching / listening to the presentation, it covers it much more in depth:
https://youtu.be/Q8AF-Srulmk
by tomaskir
Fri Mar 16, 2018 11:46 am
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 69470

Re: v6.42rc [release candidate] is released!

Waiting time is not too long. This kind of implementation will satisfy the biggest part of the users so we decided to re-make this generate process. But what is the benefit - what was the original need to change this? Because from what I can see, this has only disadvantages. Making users wait when ...
by tomaskir
Thu Mar 15, 2018 8:20 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 69470

Re: v6.42rc [release candidate] is released!

*) ssh - generate SSH keys only on the first connect attempt instead of the first boot; Could you please comment on why this change was made? Is it not better to generate these at startup than to make an user wait the first time he connects? Specifically on older boards (with single-core 400MHz CPU...
by tomaskir
Tue Mar 13, 2018 12:36 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature request: "Service Group"
Replies: 12
Views: 3532

Re: Feature request: "Service Group"

As you can see, this post is all the way back from 2012.

There has been no change on this, which is sad.
There still is no way to define any groupings for protocols/ports/services in RouterOS.
by tomaskir
Tue Mar 06, 2018 1:10 pm
Forum: The Dude
Topic: Configuration Backup
Replies: 1
Views: 400

Re: Configuration Backup

You can't really have The Dude do any kind of backups / configuration management. If you want a solution that just works, check out Unimus . No need to configure anything on the routers. Takes about 15 minutes to deploy to manage a network of 1000 devices. (assuming you can mass-import devices) You ...
by tomaskir
Wed Feb 28, 2018 3:19 pm
Forum: Scripting
Topic: Mikrotik backup + upload to FTP /problem/
Replies: 8
Views: 581

Re: Mikrotik backup + upload to FTP /problem/

maybe someday .. mikrotik make some app for all that Great hardware offer, but poor support around maintenance Its easy when you have 1-10 mikrotik routers .. but 100+? As I mentioned in my previous post, you already have multiple solutions that exist that do this. Why should MikroTik write an appl...
by tomaskir
Tue Feb 27, 2018 5:55 pm
Forum: Scripting
Topic: Mikrotik backup + upload to FTP /problem/
Replies: 8
Views: 581

Re: Mikrotik backup + upload to FTP /problem/

I would suggest getting a proper config management solution. (that will do config backup, show changes in config ,etc.) You have multiple choices: Unimus - https://unimus.net/ Oxidized - https://github.com/ytti/oxidized Rancid - http://www.shrubbery.net/rancid/ etc. It will be easier to use, much mo...
by tomaskir
Mon Feb 19, 2018 12:10 am
Forum: Scripting
Topic: changing /system default-configuration script
Replies: 5
Views: 622

Re: changing /system default-configuration script

What is strange is that it is still the original script which is displayed in /system default-configuration. This is a well known "bug" that has been in ROS for many years. Is there a way to view this script inside routerOS ? (could be a good or bad thing since it may embed cleartext passwords) No ...
by tomaskir
Tue Jan 09, 2018 10:20 pm
Forum: General
Topic: Hiring a consultant for configuration support
Replies: 3
Views: 199

Re: Hiring a consultant for configuration support

MikroTik has an official consultant list you can use:
https://mikrotik.com/consultants

I think that might be a better source for knowledgeable MikroTik people than freelance websites.
by tomaskir
Mon Jan 08, 2018 2:26 pm
Forum: General
Topic: Mikrotik developer - Paid Config
Replies: 1
Views: 194

Re: Mikrotik developer - Paid Config

MikroTik has an official consultant list you can use:
https://mikrotik.com/consultants
by tomaskir
Sat Jan 06, 2018 3:38 am
Forum: Beginner Basics
Topic: NAT Loopback for beginner
Replies: 7
Views: 2282

Re: NAT Loopback for beginner

There is a very good article on the wiki that describes all you need to know:
https://wiki.mikrotik.com/wiki/Hairpin_NAT
by tomaskir
Sun Dec 31, 2017 12:12 am
Forum: General
Topic: High CPU load when PPPoE sessions disconnects
Replies: 39
Views: 3560

Re: High CPU load when PPPoE sessions disconnects

Any interface connecting/disconnecting - does not matter if dynamic or static.
by tomaskir
Sat Dec 30, 2017 6:46 pm
Forum: General
Topic: High CPU load when PPPoE sessions disconnects
Replies: 39
Views: 3560

Re: High CPU load when PPPoE sessions disconnects

It doesn't matter if the user has public or private IP, it's about interfaces. When interfaces connect/disconnect, with combination with NAT, it gives you high CPU usage. So simply eliminate NAT from that router. Have a separate router "in front" of the PPPoE concentrator, that NATs the traffic from...
by tomaskir
Sat Dec 30, 2017 4:01 pm
Forum: General
Topic: High CPU load when PPPoE sessions disconnects
Replies: 39
Views: 3560

Re: High CPU load when PPPoE sessions disconnects

Just DO NOT use NAT on any routers that have high number of connecting/disconnecting interfaces. Use basic networking principle of 'separation of concerns'. Each device in your network should be responsible for one function - don't mix too many things into one device. Place an additional router "in ...
by tomaskir
Fri Dec 29, 2017 4:17 pm
Forum: Beginner Basics
Topic: accept vs return in mangle
Replies: 2
Views: 289

Re: accept vs return in mangle

action=return is supposed to be used with custom chains - to return the packet to the original chain it came from (using the jump action). I am actually not sure what action=return does in one of the built-in chains. Documentation doesn't specify it either. If you want it to be not processed anymore...
by tomaskir
Wed Dec 27, 2017 4:18 am
Forum: Forwarding Protocols
Topic: MPLS MTU Calculations
Replies: 9
Views: 498

Re: MPLS MTU Calculations

Yes, but do not forget to properly calculate all other MTUs so MTU is sufficient on every layer.
by tomaskir
Wed Dec 27, 2017 1:54 am
Forum: Forwarding Protocols
Topic: MPLS MTU Calculations
Replies: 9
Views: 498

Re: MPLS MTU Calculations

It will work if MTU is sufficient, or higher.
I can be higher, that will not hurt.

But it MUST NOT be lower than required.
by tomaskir
Wed Dec 27, 2017 1:07 am
Forum: Forwarding Protocols
Topic: MPLS MTU Calculations
Replies: 9
Views: 498

Re: MPLS MTU Calculations

You need to calculate how much you need at every layer.
(like on slide 19 of the presentation)

If you have 4 tags, then you need to calculate that into the MPLS layer MTU, and MTUs on all underlying layers.
by tomaskir
Wed Dec 27, 2017 12:34 am
Forum: Forwarding Protocols
Topic: MPLS MTU Calculations
Replies: 9
Views: 498

Re: MPLS MTU Calculations

VPLS ID is the VPLS tag (it contains the tunnel ID).

A VPLS tag is just another type of MPLS tags - so also just 4 per VPLS tag.
by tomaskir
Tue Dec 26, 2017 11:10 pm
Forum: Forwarding Protocols
Topic: MPLS MTU Calculations
Replies: 9
Views: 498

Re: MPLS MTU Calculations

Check out this presentation for an in-depth discussion of MTU (and in particular in regards to MPLS/VPLS).

https://youtu.be/Q8AF-Srulmk
by tomaskir
Tue Dec 26, 2017 11:08 pm
Forum: Beginner Basics
Topic: Soft for autobackup many device
Replies: 2
Views: 182

Re: Soft for autobackup many device

Check out Unimus.
https://unimus.net/

It will do exactly what you want :)
by tomaskir
Mon Nov 27, 2017 2:26 pm
Forum: Beginner Basics
Topic: How to configure two Mikrotiks as a failover/backup [SOLVED]
Replies: 4
Views: 386

Re: How to configure two Mikrotiks as a failover/backup [SOLVED]

There is multiple ways to do this, depending on your network layout, and how other things connect to the 1100s.

You will most probably want to go with VRRP tho, judging by your post:
https://wiki.mikrotik.com/wiki/Manual:Interface/VRRP
by tomaskir
Sun Oct 22, 2017 1:45 am
Forum: Beginner Basics
Topic: New advice on Manual Firmware update - Wiki page outdated?
Replies: 1
Views: 538

Re: New advice on Manual Firmware update - Wiki page outdated?

Just download 'Main package', transfer to device, reboot device.

Make sure to download proper architecture, the 'System > Packages' table will tell you yours.
(for SXT, it's mipsbe)
by tomaskir
Thu Oct 19, 2017 12:56 pm
Forum: Beginner Basics
Topic: Dual WLAN + load balancing + redundancy?
Replies: 18
Views: 1215

Re: Dual WLAN + load balancing + redundancy?

All the things highlighted in your screenshot have different meanings, the 0 are fine. Highlighted rule 1 simply says there is no WAN->LAN traffic through wlan1. Highlighted rules 2 and 3 are 0 because the main load-balancing rule isn't routing any traffic through wlan2. You can see that in the conf...
by tomaskir
Wed Oct 18, 2017 4:29 pm
Forum: Beginner Basics
Topic: Dual WLAN + load balancing + redundancy?
Replies: 18
Views: 1215

Re: Dual WLAN + load balancing + redundancy?

As I mentioned previously, you will need to have the Traffic Monitor scripts in place to load balancing using bandwidth-based load-balancing. Refer to the presentation. Another note - do not use FastTrack with this. FastTrack on purpose doesn't let packets into Mangle (and multiple other RouterOS fa...
by tomaskir
Wed Oct 18, 2017 6:18 am
Forum: Beginner Basics
Topic: Dual WLAN + load balancing + redundancy?
Replies: 18
Views: 1215

Re: Dual WLAN + load balancing + redundancy?

1) Mangle miss-configuration Rule 10 - you are missing negation signs. "dst-address-type=!local" and "dst-address-list=!Connected" If you are doing bandwidth-based load-balancing, you will also need the Traffic Monitors which switch the routing mark on the main load-balancing Mangle rule. 2) Pings Y...
by tomaskir
Wed Oct 18, 2017 3:13 am
Forum: Beginner Basics
Topic: Dual WLAN + load balancing + redundancy?
Replies: 18
Views: 1215

Re: Dual WLAN + load balancing + redundancy?

That config is completely wrong, so no wonder it doesn't work :)

Implement proper Mangle as in either of the presentations, then test.
If it still doesn't work after, please post the Mangle export and what doesn't work.
by tomaskir
Wed Oct 18, 2017 12:06 am
Forum: Beginner Basics
Topic: Add firewall filter in top position
Replies: 3
Views: 275

Re: Add firewall filter in top position

Is this what you are looking for?
/ip firewall filter
add src-address-list=device.admins action=accept place-before=3
by tomaskir
Tue Oct 17, 2017 7:52 pm
Forum: Beginner Basics
Topic: Dual WLAN + load balancing + redundancy?
Replies: 18
Views: 1215

Re: Dual WLAN + load balancing + redundancy?

Most probably it's an issue in your Mangle config.

Please post your Mangle export.
by tomaskir
Tue Oct 17, 2017 9:56 am
Forum: Beginner Basics
Topic: Dual WLAN + load balancing + redundancy?
Replies: 18
Views: 1215

Re: Dual WLAN + load balancing + redundancy?

You will need to properly setup load balancing using Mangle.
Check out this presentation, it should cover what you need to know:
https://youtu.be/67Dna_ffCvc

Feel free to skip to around 6:30 - that's when the Mangle stuff starts.
by tomaskir
Mon Oct 16, 2017 10:02 pm
Forum: Announcements
Topic: RouterOS (v6.39.3, v6.40.4, v6.41rc) NOT affected by WPA2 vulnerabilities
Replies: 58
Views: 91701

Re: RouterOS NOT affected by WPA2 vulnerabilities

Good job on the fast announcement and staying on top of the vulnerabilities. Specially thanks for the additional per-protocol information and the clarification that was added after the initial post! (for people coming in later - the bottom half of MikroTiks post was added after official information ...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 22