Community discussions

Search found 1068 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 22
by tomaskir
Wed May 02, 2018 4:24 pm
Forum: The Dude
Topic: New Dude to Backup Routers
Replies: 23
Views: 2132

Re: New Dude to Backup Routers

Unimus is interesting, even though it IS paid (thanks Hammy). The dev is pretty responsive and he's including [starting to anyway] mechanisms for pushing commands/scripts to devices which is making it somewhat of a change-mgmt platform with some interesting possibilities. This would have been helpf...
by tomaskir
Mon Apr 30, 2018 4:00 pm
Forum: General
Topic: [Guide] Easy network-wide RouterOS upgrades
Replies: 1
Views: 167

[Guide] Easy network-wide RouterOS upgrades

Hi everyone, So with the latest RouterOS exploits, upgrading to a up-to-date RouterOS version is more important than ever. I wrote an article/how-to on an easy way to update RouterOS across your entire network. This article uses RouterOS Package Source feature to act as a local upgrade server. Unimu...
by tomaskir
Mon Apr 23, 2018 3:20 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 117
Views: 17933

Re: v6.43rc [release candidate] is released!

@strods
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);

Can you please elaborate on what this does?
by tomaskir
Fri Apr 20, 2018 2:36 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 117
Views: 17933

Re: v6.43rc [release candidate] is released!

Can the phy-rate and RSSI for 60G interfaces also be exposed over SNMP please?

Thanks!
by tomaskir
Mon Mar 19, 2018 1:38 pm
Forum: General
Topic: L2 MTU sizes - STILL confused
Replies: 11
Views: 559

Re: L2 MTU sizes - STILL confused

Slide 18 and 19 from my presentation on MPLS/VPLS/MTU covers this pretty well:
https://mum.mikrotik.com/presentations/US13/kirnak.pdf

I would also recommend actually watching / listening to the presentation, it covers it much more in depth:
https://youtu.be/Q8AF-Srulmk
by tomaskir
Fri Mar 16, 2018 11:46 am
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 64578

Re: v6.42rc [release candidate] is released!

Waiting time is not too long. This kind of implementation will satisfy the biggest part of the users so we decided to re-make this generate process. But what is the benefit - what was the original need to change this? Because from what I can see, this has only disadvantages. Making users wait when ...
by tomaskir
Thu Mar 15, 2018 8:20 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 64578

Re: v6.42rc [release candidate] is released!

*) ssh - generate SSH keys only on the first connect attempt instead of the first boot; Could you please comment on why this change was made? Is it not better to generate these at startup than to make an user wait the first time he connects? Specifically on older boards (with single-core 400MHz CPU...
by tomaskir
Tue Mar 13, 2018 12:36 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature request: "Service Group"
Replies: 12
Views: 3375

Re: Feature request: "Service Group"

As you can see, this post is all the way back from 2012.

There has been no change on this, which is sad.
There still is no way to define any groupings for protocols/ports/services in RouterOS.
by tomaskir
Tue Mar 06, 2018 1:10 pm
Forum: The Dude
Topic: Configuration Backup
Replies: 1
Views: 296

Re: Configuration Backup

You can't really have The Dude do any kind of backups / configuration management. If you want a solution that just works, check out Unimus . No need to configure anything on the routers. Takes about 15 minutes to deploy to manage a network of 1000 devices. (assuming you can mass-import devices) You ...
by tomaskir
Wed Feb 28, 2018 3:19 pm
Forum: Scripting
Topic: Mikrotik backup + upload to FTP /problem/
Replies: 8
Views: 468

Re: Mikrotik backup + upload to FTP /problem/

maybe someday .. mikrotik make some app for all that Great hardware offer, but poor support around maintenance Its easy when you have 1-10 mikrotik routers .. but 100+? As I mentioned in my previous post, you already have multiple solutions that exist that do this. Why should MikroTik write an appl...
by tomaskir
Tue Feb 27, 2018 5:55 pm
Forum: Scripting
Topic: Mikrotik backup + upload to FTP /problem/
Replies: 8
Views: 468

Re: Mikrotik backup + upload to FTP /problem/

I would suggest getting a proper config management solution. (that will do config backup, show changes in config ,etc.) You have multiple choices: Unimus - https://unimus.net/ Oxidized - https://github.com/ytti/oxidized Rancid - http://www.shrubbery.net/rancid/ etc. It will be easier to use, much mo...
by tomaskir
Mon Feb 19, 2018 12:10 am
Forum: Scripting
Topic: changing /system default-configuration script
Replies: 4
Views: 356

Re: changing /system default-configuration script

What is strange is that it is still the original script which is displayed in /system default-configuration. This is a well known "bug" that has been in ROS for many years. Is there a way to view this script inside routerOS ? (could be a good or bad thing since it may embed cleartext passwords) No ...
by tomaskir
Tue Jan 09, 2018 10:20 pm
Forum: General
Topic: Hiring a consultant for configuration support
Replies: 3
Views: 159

Re: Hiring a consultant for configuration support

MikroTik has an official consultant list you can use:
https://mikrotik.com/consultants

I think that might be a better source for knowledgeable MikroTik people than freelance websites.
by tomaskir
Mon Jan 08, 2018 2:26 pm
Forum: General
Topic: Mikrotik developer - Paid Config
Replies: 1
Views: 166

Re: Mikrotik developer - Paid Config

MikroTik has an official consultant list you can use:
https://mikrotik.com/consultants
by tomaskir
Sat Jan 06, 2018 3:38 am
Forum: Beginner Basics
Topic: NAT Loopback for beginner
Replies: 7
Views: 1135

Re: NAT Loopback for beginner

There is a very good article on the wiki that describes all you need to know:
https://wiki.mikrotik.com/wiki/Hairpin_NAT
by tomaskir
Sun Dec 31, 2017 12:12 am
Forum: General
Topic: High CPU load when PPPoE sessions disconnects
Replies: 39
Views: 3046

Re: High CPU load when PPPoE sessions disconnects

Any interface connecting/disconnecting - does not matter if dynamic or static.
by tomaskir
Sat Dec 30, 2017 6:46 pm
Forum: General
Topic: High CPU load when PPPoE sessions disconnects
Replies: 39
Views: 3046

Re: High CPU load when PPPoE sessions disconnects

It doesn't matter if the user has public or private IP, it's about interfaces. When interfaces connect/disconnect, with combination with NAT, it gives you high CPU usage. So simply eliminate NAT from that router. Have a separate router "in front" of the PPPoE concentrator, that NATs the traffic from...
by tomaskir
Sat Dec 30, 2017 4:01 pm
Forum: General
Topic: High CPU load when PPPoE sessions disconnects
Replies: 39
Views: 3046

Re: High CPU load when PPPoE sessions disconnects

Just DO NOT use NAT on any routers that have high number of connecting/disconnecting interfaces. Use basic networking principle of 'separation of concerns'. Each device in your network should be responsible for one function - don't mix too many things into one device. Place an additional router "in ...
by tomaskir
Fri Dec 29, 2017 4:17 pm
Forum: Beginner Basics
Topic: accept vs return in mangle
Replies: 2
Views: 230

Re: accept vs return in mangle

action=return is supposed to be used with custom chains - to return the packet to the original chain it came from (using the jump action). I am actually not sure what action=return does in one of the built-in chains. Documentation doesn't specify it either. If you want it to be not processed anymore...
by tomaskir
Wed Dec 27, 2017 4:18 am
Forum: Forwarding Protocols
Topic: MPLS MTU Calculations
Replies: 9
Views: 385

Re: MPLS MTU Calculations

Yes, but do not forget to properly calculate all other MTUs so MTU is sufficient on every layer.
by tomaskir
Wed Dec 27, 2017 1:54 am
Forum: Forwarding Protocols
Topic: MPLS MTU Calculations
Replies: 9
Views: 385

Re: MPLS MTU Calculations

It will work if MTU is sufficient, or higher.
I can be higher, that will not hurt.

But it MUST NOT be lower than required.
by tomaskir
Wed Dec 27, 2017 1:07 am
Forum: Forwarding Protocols
Topic: MPLS MTU Calculations
Replies: 9
Views: 385

Re: MPLS MTU Calculations

You need to calculate how much you need at every layer.
(like on slide 19 of the presentation)

If you have 4 tags, then you need to calculate that into the MPLS layer MTU, and MTUs on all underlying layers.
by tomaskir
Wed Dec 27, 2017 12:34 am
Forum: Forwarding Protocols
Topic: MPLS MTU Calculations
Replies: 9
Views: 385

Re: MPLS MTU Calculations

VPLS ID is the VPLS tag (it contains the tunnel ID).

A VPLS tag is just another type of MPLS tags - so also just 4 per VPLS tag.
by tomaskir
Tue Dec 26, 2017 11:10 pm
Forum: Forwarding Protocols
Topic: MPLS MTU Calculations
Replies: 9
Views: 385

Re: MPLS MTU Calculations

Check out this presentation for an in-depth discussion of MTU (and in particular in regards to MPLS/VPLS).

https://youtu.be/Q8AF-Srulmk
by tomaskir
Tue Dec 26, 2017 11:08 pm
Forum: Beginner Basics
Topic: Soft for autobackup many device
Replies: 2
Views: 146

Re: Soft for autobackup many device

Check out Unimus.
https://unimus.net/

It will do exactly what you want :)
by tomaskir
Mon Nov 27, 2017 2:26 pm
Forum: Beginner Basics
Topic: How to configure two Mikrotiks as a failover/backup [SOLVED]
Replies: 4
Views: 338

Re: How to configure two Mikrotiks as a failover/backup [SOLVED]

There is multiple ways to do this, depending on your network layout, and how other things connect to the 1100s.

You will most probably want to go with VRRP tho, judging by your post:
https://wiki.mikrotik.com/wiki/Manual:Interface/VRRP
by tomaskir
Sun Oct 22, 2017 1:45 am
Forum: Beginner Basics
Topic: New advice on Manual Firmware update - Wiki page outdated?
Replies: 1
Views: 354

Re: New advice on Manual Firmware update - Wiki page outdated?

Just download 'Main package', transfer to device, reboot device.

Make sure to download proper architecture, the 'System > Packages' table will tell you yours.
(for SXT, it's mipsbe)
by tomaskir
Thu Oct 19, 2017 12:56 pm
Forum: Beginner Basics
Topic: Dual WLAN + load balancing + redundancy?
Replies: 18
Views: 1009

Re: Dual WLAN + load balancing + redundancy?

All the things highlighted in your screenshot have different meanings, the 0 are fine. Highlighted rule 1 simply says there is no WAN->LAN traffic through wlan1. Highlighted rules 2 and 3 are 0 because the main load-balancing rule isn't routing any traffic through wlan2. You can see that in the conf...
by tomaskir
Wed Oct 18, 2017 4:29 pm
Forum: Beginner Basics
Topic: Dual WLAN + load balancing + redundancy?
Replies: 18
Views: 1009

Re: Dual WLAN + load balancing + redundancy?

As I mentioned previously, you will need to have the Traffic Monitor scripts in place to load balancing using bandwidth-based load-balancing. Refer to the presentation. Another note - do not use FastTrack with this. FastTrack on purpose doesn't let packets into Mangle (and multiple other RouterOS fa...
by tomaskir
Wed Oct 18, 2017 6:18 am
Forum: Beginner Basics
Topic: Dual WLAN + load balancing + redundancy?
Replies: 18
Views: 1009

Re: Dual WLAN + load balancing + redundancy?

1) Mangle miss-configuration Rule 10 - you are missing negation signs. "dst-address-type=!local" and "dst-address-list=!Connected" If you are doing bandwidth-based load-balancing, you will also need the Traffic Monitors which switch the routing mark on the main load-balancing Mangle rule. 2) Pings Y...
by tomaskir
Wed Oct 18, 2017 3:13 am
Forum: Beginner Basics
Topic: Dual WLAN + load balancing + redundancy?
Replies: 18
Views: 1009

Re: Dual WLAN + load balancing + redundancy?

That config is completely wrong, so no wonder it doesn't work :)

Implement proper Mangle as in either of the presentations, then test.
If it still doesn't work after, please post the Mangle export and what doesn't work.
by tomaskir
Wed Oct 18, 2017 12:06 am
Forum: Beginner Basics
Topic: Add firewall filter in top position
Replies: 3
Views: 216

Re: Add firewall filter in top position

Is this what you are looking for?
/ip firewall filter
add src-address-list=device.admins action=accept place-before=3
by tomaskir
Tue Oct 17, 2017 7:52 pm
Forum: Beginner Basics
Topic: Dual WLAN + load balancing + redundancy?
Replies: 18
Views: 1009

Re: Dual WLAN + load balancing + redundancy?

Most probably it's an issue in your Mangle config.

Please post your Mangle export.
by tomaskir
Tue Oct 17, 2017 9:56 am
Forum: Beginner Basics
Topic: Dual WLAN + load balancing + redundancy?
Replies: 18
Views: 1009

Re: Dual WLAN + load balancing + redundancy?

You will need to properly setup load balancing using Mangle.
Check out this presentation, it should cover what you need to know:
https://youtu.be/67Dna_ffCvc

Feel free to skip to around 6:30 - that's when the Mangle stuff starts.
by tomaskir
Mon Oct 16, 2017 10:02 pm
Forum: Announcements
Topic: RouterOS (v6.39.3, v6.40.4, v6.41rc) NOT affected by WPA2 vulnerabilities
Replies: 58
Views: 87728

Re: RouterOS NOT affected by WPA2 vulnerabilities

Good job on the fast announcement and staying on top of the vulnerabilities. Specially thanks for the additional per-protocol information and the clarification that was added after the initial post! (for people coming in later - the bottom half of MikroTiks post was added after official information ...
by tomaskir
Sat Oct 14, 2017 6:10 pm
Forum: Beginner Basics
Topic: How to send a backup to email [SOLVED]
Replies: 13
Views: 649

Re: How to send a backup to email [SOLVED]

You can configure any of them to take a backup every 12h or 24h. Unimus is the simplest to setup, fastest to use, and has nice things like graphical diff (see changes between backups, or between devices), and a network-wide config search. (type in "vlan 1002" and see everywhere in your network that ...
by tomaskir
Sat Oct 14, 2017 5:00 pm
Forum: Beginner Basics
Topic: How to send a backup to email [SOLVED]
Replies: 13
Views: 649

Re: How to send a backup to email [SOLVED]

Sending backups to email is bad for multiple reasons.
Security, scalability, management (imagine you need to change the email address, or email credentials on 100 devices), etc.

You should look at a proper backup solution, such as Unimus, Rancid or Oxidized.
by tomaskir
Thu Oct 05, 2017 6:03 pm
Forum: General
Topic: snmp security... private or authorized?
Replies: 6
Views: 1326

Re: snmp security... private or authorized?

For SNMPv3: none - no hashing nor encryption authorized - hashing private - hashing and encryption So for none, you dont need hash or encryption password, just username. SNMPv3 with "none" security behaves much like SNMPv2c. Authorized will use SHA1 or MD5 (depending on your configuration) hash as t...
by tomaskir
Thu Oct 05, 2017 2:29 pm
Forum: General
Topic: 2 Internet Connections, one for Inbound and one for Outbound
Replies: 4
Views: 298

Re: 2 Internet Connections, one for Inbound and one for Outbound

You can have only one default route.
It can go either through WAN1, or WAN2.

As soon as you need some things to go through WAN1, and other things to go through WAN2, you need Mangle.
by tomaskir
Thu Oct 05, 2017 12:49 pm
Forum: General
Topic: 2 Internet Connections, one for Inbound and one for Outbound
Replies: 4
Views: 298

Re: 2 Internet Connections, one for Inbound and one for Outbound

You will need to configure Mangle properly, and handle WAN->Router marking.

Check out this presentation:
https://youtu.be/67Dna_ffCvc

Feel free to skip to around 6:30 - that's when the Mangle stuff starts.
by tomaskir
Wed Oct 04, 2017 11:38 pm
Forum: General
Topic: First 100Mbps WAN1, next 100Mbps WAN2
Replies: 4
Views: 326

Re: First 100Mbps WAN1, next 100Mbps WAN2

Great presentation, this is exactly what I needed. Thank you.

Is it possible for me to see the slides in this presentation? It would be a great help.
There is a link in the video description :)
by tomaskir
Wed Oct 04, 2017 3:04 pm
Forum: Beginner Basics
Topic: Rename interfaces [SOLVED]
Replies: 2
Views: 223

Re: Rename interfaces [SOLVED]

I personally consider leaving interface names as default as best practice.

Use comments to store descriptive information about an interface.
by tomaskir
Wed Oct 04, 2017 10:34 am
Forum: General
Topic: First 100Mbps WAN1, next 100Mbps WAN2
Replies: 4
Views: 326

Re: First 100Mbps WAN1, next 100Mbps WAN2

If you are looking for bandwidth-based load balancing, check out this presentation:
https://youtu.be/67Dna_ffCvc

Feel free to skip to around 6:30 - that's when the Mangle stuff starts.
by tomaskir
Tue Oct 03, 2017 6:10 pm
Forum: General
Topic: [hEX] 80 PPPoE session on RB750Gr3
Replies: 4
Views: 317

Re: [hEX] 80 PPPoE session on RB750Gr3

Then the hEX should be fine :)
by tomaskir
Tue Oct 03, 2017 5:22 pm
Forum: General
Topic: [hEX] 80 PPPoE session on RB750Gr3
Replies: 4
Views: 317

Re: [hEX] 80 PPPoE session on RB750Gr3

It depends.

How much traffic will it there be?

What other things will the box do?
(firewall, QoS, NAT, etc.)
by tomaskir
Mon Oct 02, 2017 7:29 pm
Forum: General
Topic: Wirless Signal Dissaper when iphone is locked
Replies: 3
Views: 291

Re: Wirless Signal Dissaper when iphone is locked

1) This is unrelated to MikroTik, or RouterOS. 2) It's common for smartphones to go into power saving when you lock them / put them into standby mode with the power button. Same for Galaxy S8, use power button to put it into standby, WiFi gets turned off. These are normal power-savings features. On ...
by tomaskir
Mon Oct 02, 2017 7:27 pm
Forum: General
Topic: more that 200 L2TP sessions for HEX (L4 license upgrade for routerbord) [SOLVED]
Replies: 1
Views: 241

Re: more that 200 L2TP sessions for HEX (L4 license upgrade for routerbord) [SOLVED]

Yes, the license limit is applicable to RouterBOARDs. So you will not be able to do more than 200 tunnels on a RouterBOARD with an L4 license. You can buy an L5 license, and apply it to the RB. There is no upgrade (you can't just pay the difference) in RouterOS licensing, so you need a new L5 licens...
by tomaskir
Mon Oct 02, 2017 7:24 pm
Forum: Beginner Basics
Topic: Dual WAN not responding to external telnet/WinBox requests
Replies: 11
Views: 632

Re: Dual WAN not responding to external telnet/WinBox requests

Sorry for the late reply, I finally had some time to look at your Mangle export today. 1) move the rules which handle WAN->ROS connections to the top. Before those prerouting rules. 2) do the input/output chain Mangle rules capture any traffic? That is, is the packet counter on all of them increasin...
by tomaskir
Thu Sep 28, 2017 4:49 pm
Forum: General
Topic: High CPU load when PPPoE sessions disconnects
Replies: 39
Views: 3046

Re: High CPU load when PPPoE sessions disconnects

If you are using Masquarade on the router, that is the problem. When using Masquarade, RouterOS has to do full connection tracking recalculation on EACH interface connect/disconnect. So if you have lots of PPPoE session connecting/disconnecting, connection tracking will constantly be recalculated wh...
by tomaskir
Thu Sep 21, 2017 3:32 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: List of IPSEC Speed, Encrypt Algo, Hash Algo, DH Group
Replies: 1
Views: 707

Re: List of IPSEC Speed, Encrypt Algo, Hash Algo, DH Group

We use this with our IPSec everywhere:
Phase 1: AES256, SHA512, MODP2048
Phase 2: AES128, SHA1, MODP2048

For us, this is a good balance of security/performance.

SHA1 in P2 could be improved on, but for our requirements, it's enough.
(since SHA1 collisions have been now peformed)
  • 1
  • 2
  • 3
  • 4
  • 5
  • 22