Community discussions

Search found 260 matches

by barkas
Wed Jul 17, 2019 9:05 pm
Forum: General
Topic: VLAN within a VLAN
Replies: 5
Views: 418

Re: VLAN within a VLAN

You could also try to run l2vpn over mpls through that link.
by barkas
Tue Mar 05, 2019 9:36 pm
Forum: General
Topic: Radical change coming for home and small business networking
Replies: 37
Views: 2574

Re: Radical change coming for home and small business networking

Have you drunk their koolaid?
by barkas
Sun Mar 18, 2018 12:17 am
Forum: General
Topic: Router OS cant boot up after latest update
Replies: 3
Views: 616

Re: Router OS cant boot up after latest update

For some reason mikrotik routers sometimes go into a boot loop after an update. I wish they'd fix that.
by barkas
Fri Nov 03, 2017 9:03 pm
Forum: Wireless Networking
Topic: Using Mikrotek at a backpackers hostel
Replies: 5
Views: 655

Re: Using Mikrotek at a backpackers hostel

For non professionals I highly recommend ubiquiti networks, perhaps unifi.

Mikrotik really is more for the network engineer.
by barkas
Thu Aug 31, 2017 8:15 pm
Forum: RouterBOARD hardware
Topic: 10G switch with RJ45?
Replies: 13
Views: 4746

Re: RE: Re: 10G switch with RJ45?

TP-Link T1700G-28TQ?
I'm not interested in 1G ports. Already have couple of such switches.
I want to upgrade my network to 10G.

I was thinking about buying CRS317-1G-16S+RM but idea of having
so many copper SFP+ modules makes me cringe.
As far as I have seen so far, there are no t-sfp+ modules.
by barkas
Mon Jul 17, 2017 10:32 pm
Forum: RouterOS v7
Topic: Features Request: NAT64 + DNS64
Replies: 20
Views: 4434

Re: RE: Re: Features Request: NAT64 + DNS64

Mikrotik recommended SSTP when I asked about this at MUM. I haven't played with it yet, but this appears to be more profile-driven than just a basic IPIP6 tunnel would be. If you're using Mikrotik as the SSTP server, then this will not help much because it won't be able to perform DS-Lite NAT64 (no...
by barkas
Mon Jul 17, 2017 10:31 pm
Forum: General
Topic: Any advantages of stateless firewall on RouterOS?
Replies: 4
Views: 789

Re: Any advantages of stateless firewall on RouterOS?

In redundant setups, statefulness might not be wanted since state tables are not replicated.
Also, performance.
by barkas
Fri Jul 07, 2017 6:48 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: ETA v8
Replies: 21
Views: 3969

Re: RE: Re: ETA v8

1GB for just one BGP feed :shock: that's a lot.
Just wait till you see some of the L3VPN/L2VPN NLRI on a service provider on a route reflector. It's far more than that.....
Full table doesn't fit in 1GB anymore.
by barkas
Wed Dec 28, 2016 12:03 am
Forum: General
Topic: Advanced IPSec Configuration
Replies: 6
Views: 1042

Re: Advanced IPSec Configuration

Maybe use l2tp/ipsec?
Then you can assign configurations based on ppp profiles.
by barkas
Wed Dec 28, 2016 12:03 am
Forum: General
Topic: Advanced IPSec Configuration
Replies: 6
Views: 1042

Re: Advanced IPSec Configuration

Maybe use l2tp/ipsec?
Then you can assign configurations based on ppp profiles.
by barkas
Fri Dec 23, 2016 10:51 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request: TACACS/TACACS+
Replies: 35
Views: 8059

Re: Feature Request: TACACS/TACACS+

Tacacs is the proper solution for network device user management.

I would very much like to have that, too.
by barkas
Mon Dec 05, 2016 10:30 pm
Forum: General
Topic: Move from public to private addressing
Replies: 11
Views: 1207

Re: Move from public to private addressing

Public addresses doesn't necessarily mean reachable from the Internet and is as such not an evil in itself.
by barkas
Thu Nov 17, 2016 10:03 pm
Forum: General
Topic: VLANs strategy, router + swicth configuration
Replies: 3
Views: 709

Re: VLANs strategy, router + swicth configuration

Trunking should work, but mikrotik switches are a pain to configure.
Which brings me to question 2: no, because the switches work differently from the routers, to be precise, switched ports work differently.

Another thing, are you sure about the way your qos doesn't work?
by barkas
Fri Sep 16, 2016 8:33 am
Forum: Beginner Basics
Topic: Windows 10 updates killing my network
Replies: 6
Views: 6674

Re: Windows 10 updates killing my network

Wsus
by barkas
Fri Sep 02, 2016 9:29 am
Forum: Forwarding Protocols
Topic: RouterOS IPv6 NAT?
Replies: 4
Views: 1686

Re: RouterOS IPv6 NAT?

Prefix translation please.
by barkas
Tue Aug 09, 2016 11:59 pm
Forum: General
Topic: Scientific Explanation needed for DHCP renew needed!
Replies: 6
Views: 827

Re: Scientific Explanation needed for DHCP renew needed!

If you answer that you know whose ip that was, best be absolutely sure.

So, you can not be sure, since you have no logs and the lease expired at least once.
by barkas
Mon Jul 25, 2016 9:09 am
Forum: Scripting
Topic: Layer 7 Regex for Bank websites
Replies: 3
Views: 1258

Re: Layer 7 Regex for Bank websites

Everybody uses 2048 bit rsa keys at the moment.
by barkas
Thu Jul 21, 2016 11:00 pm
Forum: RouterBOARD hardware
Topic: CCR, "enterprise ready", seriously???
Replies: 35
Views: 5648

Re: RE: Re: CCR, "enterprise ready", seriously???

All about risk management. Four letters... VRRP. Sent from my SM-G920I using Tapatalk VRRP is great for edge routers, but not for core routers.  MT really needs to implement a different type of clustering that supports state synchronization for seamless failover without dropping connections.  Then,...
by barkas
Sun Jul 17, 2016 10:56 am
Forum: RouterBOARD hardware
Topic: Small switch big performance
Replies: 14
Views: 2407

Re: Small switch big performance

So you're looking for a 24 port router? Good luck with that.

Better buy a solid 24 port switch (like tp-link Jetstream or cisco sg300) and combine that with a router.
by barkas
Sun Jul 17, 2016 8:55 am
Forum: General
Topic: Not enough disk space to perform update
Replies: 15
Views: 9500

Re: Not enough disk space to perform update

According to Normis, you have to use the other package download with individual packages and install those instead.
by barkas
Sat Jul 16, 2016 9:14 pm
Forum: General
Topic: IPTV who should pay?
Replies: 46
Views: 3725

Re: RE: Re: IPTV who should pay?

You have your views Chaos, and I respect that,  but you are being a bit naive to think that your every move is not already being spied on.  As it happens the STB's are the next big target for the piracy police so I dont think it is something we will have worry about much longer. The only thing you ...
by barkas
Tue Jul 05, 2016 12:30 am
Forum: General
Topic: VPN Over IPv6 ? How?
Replies: 7
Views: 1215

Re: RE: Re: VPN Over IPv6 ? How?

Your question has little meaning without more detail.  What kind of environment is this?  What is the purpose...are you trying to tunnel your internal network to an IPV6 broker because your ISP only provides IPv4 at this time?  Or just trying to set up a VPN server to listen on an IPv6 address?  No...
by barkas
Fri Jul 01, 2016 10:46 am
Forum: General
Topic: "Protect" some of the network devices. How?
Replies: 3
Views: 664

Re: "Protect" some of the network devices. How?

Good network design with subnets is the answer here.
by barkas
Fri Jul 01, 2016 10:45 am
Forum: Announcements
Topic: v6.36rc [release candidate] is released, wireless-fp package is discontinued!
Replies: 295
Views: 64142

Re: RE: Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

bajodel - This is different fix for other issue.
I got it, so I must wait.. ;-)
Please.. answer..  when do you plan to make partitions work on RB3011/ARM ?
Please
by barkas
Thu Apr 14, 2016 5:31 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: PAP for Winbox Radius Logins
Replies: 7
Views: 2630

PAP for Winbox Radius Logins

Please make winbox logins with radius as a backend not CHAP-only. CHAP seems like a good idea at first, until you have to severely compromise password security on the radius server by storing all passwords in cleartext. Also, usage of two factor authentication is not possible with CHAP. So please en...
by barkas
Mon Apr 11, 2016 9:39 am
Forum: Beginner Basics
Topic: RouterOS v6.34.1 and UDPLite
Replies: 22
Views: 3599

AW: RouterOS v6.34.1 and UDPLite

If there is a problem with this packet, I can't see it.

I suggest disabling hw checksums on the capturing system. Our just check if the content of the packet is OK.
by barkas
Mon Apr 04, 2016 3:39 pm
Forum: General
Topic: DNS server in ISP network
Replies: 4
Views: 1244

AW: DNS server in ISP network

Can't really go wrong with bind.
by barkas
Sun Mar 27, 2016 10:05 am
Forum: RouterBOARD hardware
Topic: hAP ac (and some other new rotuers) too small flash
Replies: 53
Views: 12544

AW: hAP ac (and some other new rotuers) too small flash

I don't buy mikrotik because I want to be able to do less stuff with the device. It's just a silly decision to limit the hardware in that way.
by barkas
Fri Mar 25, 2016 1:38 am
Forum: Wireless Networking
Topic: Consumer XXX gigabit routers vs MikroTik how do they compare?
Replies: 5
Views: 5183

AW: Consumer XXX gigabit routers vs MikroTik how do they compare?

They do use the hardware features of the socs though, unlike mikrotik.

So faster, but not as capable. Otoh if you need a faster mikrotik, there are options.
by barkas
Fri Mar 25, 2016 1:35 am
Forum: RouterOS v7
Topic: Feature request: AES-NI instruction set for x86 RouterOS
Replies: 15
Views: 4429

AW: Re: Feature request: AES-NI instruction set for x86 RouterOS

but dat "accelerations" severely compromise security. its improve things bout 5x-12x times on most modern (AES-NI aware) x86 chips but at that cost ... think about that: there is no "free cheese/beer" in real world and "improvements" that let CPU do things 10x faster(we're talking bout 95W-178W CPU...
by barkas
Tue Mar 22, 2016 8:58 am
Forum: General
Topic: IPv6 Advice
Replies: 6
Views: 798

AW: IPv6 Advice

Most of those using bcp should be able to transport v6.
by barkas
Tue Mar 15, 2016 12:24 am
Forum: General
Topic: Urgent help please!!
Replies: 4
Views: 744

AW: Urgent help please!!

Netinstall loses the configuration. Hence you being able to login afterwards.
by barkas
Tue Mar 08, 2016 10:47 pm
Forum: General
Topic: Rb3011 issues
Replies: 0
Views: 497

Rb3011 issues

Latest firmware.

Partitioning doesn't work.
It also doesn't hold time, even with active ntp it loses sync after a while.
by barkas
Mon Mar 07, 2016 9:08 pm
Forum: RouterBOARD hardware
Topic: Hardware recommendation
Replies: 6
Views: 1267

AW: Hardware recommendation

Rb3011 if you are brave ;) .
by barkas
Wed Mar 02, 2016 9:01 pm
Forum: RouterBOARD hardware
Topic: SFP+ Multimode module recommandation
Replies: 3
Views: 1331

AW: SFP+ Multimode module recommandation

That is extreme range for 10G mm.
by barkas
Sat Feb 27, 2016 8:24 am
Forum: General
Topic: MikroTik IPSEC Site-2-site to Sonicwall : specifications
Replies: 3
Views: 1826

AW: MikroTik IPSEC Site-2-site to Sonicwall : specifications

If you have multiple subnets in your tunnel, the policy has to be set to encrypt=unique, I found out yesterday.
by barkas
Tue Feb 16, 2016 8:52 am
Forum: Beginner Basics
Topic: Is forward chain firewall rules necessary?
Replies: 5
Views: 1323

AW: Is forward chain firewall rules necessary?

Nat is not supposed to protect anything.
by barkas
Mon Feb 15, 2016 9:24 am
Forum: General
Topic: RouterOS backup, any tester here ?
Replies: 6
Views: 1522

AW: RouterOS backup, any tester here ?

There is mikrotik support in rancid, BTW.
by barkas
Sun Feb 14, 2016 10:59 pm
Forum: RouterBOARD hardware
Topic: Hardware for Fiber based LAN
Replies: 18
Views: 1922

AW: Hardware for Fiber based LAN

Note that there are no 10ge copper sfps.
by barkas
Sun Feb 14, 2016 7:33 pm
Forum: Beginner Basics
Topic: Configuration export is not complete
Replies: 3
Views: 585

AW: Configuration export is not complete

I haven't had that problem, you should take it up with mikrotik support.
by barkas
Sun Feb 14, 2016 5:42 pm
Forum: Beginner Basics
Topic: Configuration export is not complete
Replies: 3
Views: 585

AW: Configuration export is not complete

User accounts for example, on purpose. Please elaborate.
by barkas
Sat Feb 13, 2016 9:03 pm
Forum: RouterBOARD hardware
Topic: HAP AC
Replies: 540
Views: 132644

AW: Re: HAP AC

metaROUTER is another thing that is very questionable on SOHO routers. Is it? Mikrotik Routers are the Swiss army knives of networking, so little flash seriously cramps my style. I will not buy any mikrotik device with 16mb flash, either privately or professionally. Because of that at work we are b...
by barkas
Sun Feb 07, 2016 10:16 am
Forum: General
Topic: Firewall ICMP Rule
Replies: 23
Views: 27189

AW: Firewall ICMP Rule

Good point, I can't remember. I shall have to go over that again. The RFC I used is 4890. EDIT: I don't think your ICMPv6 codes are quite right (as were mine, btw, I think I mixed it up with ICMPv4). So here's the new version (I have no IPv6 atm, so I default drop on forward): /ipv6 firewall address...
by barkas
Sun Feb 07, 2016 12:27 am
Forum: General
Topic: Firewall ICMP Rule
Replies: 23
Views: 27189

AW: Firewall ICMP Rule

There is an RFC for that out there, BTW. Because if you block some of that stuff, v6 will stop working at all. Here's my working ruleset for v6, it pretty much implements said rfc: /ipv6 firewall address-list add address=fe80::/64 list=link-local /ipv6 firewall filter add chain=establishedaccept con...
by barkas
Sat Feb 06, 2016 11:47 pm
Forum: Beginner Basics
Topic: Securing APs For Real
Replies: 16
Views: 1622

AW: Securing APs For Real

I don't think you can do anything against attackers with physical access to the device.
by barkas
Sat Feb 06, 2016 8:36 pm
Forum: Beginner Basics
Topic: Connecting MikroTik through a DSL (provider modem) line
Replies: 3
Views: 669

AW: Re: Connecting MikroTik through a DSL (provider modem) line

Hello, We have a FritzBox router (from T-Home) in out firm that uses a DSL line to connect through PPPoE. Now behind it we use a MiktoTik CRS125-24G-1S-2HnD-IN that gets a connection through LAN from the First router. Our servers aren't functioning properly in terms of port-forwarding. Is it possib...
by barkas
Sat Feb 06, 2016 8:30 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: NTP Server must be saved as domain name (and resolved every time sync performed)
Replies: 13
Views: 3171

AW: Re: NTP Server must be saved as domain name (and resolved every time sync performed)

i think It's an administrator decision which servers he trust and how he want them to be specified - by name or by ip. Sure, but the NTP server does not support selecting servers by name and neither does it support resolving DNS on every poll. That is because an NTP server tries to lock the clock a...
by barkas
Wed Dec 23, 2015 10:27 am
Forum: Forwarding Protocols
Topic: OSPFv3 with a UBNT edgerouter?
Replies: 7
Views: 2379

AW: OSPFv3 with a UBNT edgerouter?

I couldn't get any routing protocol to work reliably between ubnt and MikroTik. I blame ubnt.
by barkas
Tue Dec 22, 2015 11:19 am
Forum: The User Manager
Topic: how connect two router board to the same radius server by internet
Replies: 2
Views: 1424

AW: how connect two router board to the same radius server by internet

I don't think you really want to do authentication via radius over the Internet.