Community discussions

Search found 107 matches

by proximus
Sat Jul 13, 2019 4:02 pm
Forum: General
Topic: help to set ipv6 / 48
Replies: 14
Views: 970

Re: help to set ipv6 / 48

The /48 is a block of addresses. First step will be to use an IPv6 Subnetting Calculator to obtain the /64 network segments. One of the /64's should then be used for the LAN interface and computers on that segment.

After you have the addressing sorted out, post the config if still having problems.
by proximus
Mon Jul 01, 2019 2:42 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 55252

Re: v6.45.1 [stable] is released!

i upgrade my RB433AH after that...i couldn't access with current user and password and with admin???? . My observation is that after a reboot, the first login attempt fails ... subsequent logins are successful. This behavior has been reproducible after every reboot, of the single device I'm testing...
by proximus
Thu Jun 27, 2019 10:00 pm
Forum: General
Topic: IPv6 DHCP Server Not Leasing IP
Replies: 11
Views: 3907

Re: IPv6 DHCP Server Not Leasing IP

So that means you can create a DHCPv6 Server and Bindings and Pool and so on, but it's not working at all yet? So the UI is here but no functions behind implemented? The current DHCPv6 server is for handing out prefixes to other routers (DHCP-PD) .... not host addresses. Refer back to post #2, #4. ...
by proximus
Tue May 28, 2019 9:25 pm
Forum: General
Topic: igmp vs icmp
Replies: 1
Views: 164

Re: igmp vs icmp

icmpv6 (protocol 58) is an option in the IPv6 firewall configuration. (Protocol 1 is IPv4 ICMP ... not v6)

IPv6 is dependent on ICMPv6 and should not be blocked, unless you really understand which types can be.
by proximus
Thu Apr 11, 2019 11:30 pm
Forum: Beginner Basics
Topic: Usermanager with RB450gx2
Replies: 3
Views: 248

Re: Usermanager with RB450gx2

Hi please i need help here, i recently accuired an RB450gx2 router, upgraded it to 6.44 OS.
Just to double check .... This is an x2 and not a RB450Gx4? While the x2 is PPC, the x4 is ARM and it would be a different package.
by proximus
Mon Apr 01, 2019 12:49 am
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 37913

Re: UKNOF 43 CVE

Dumb question, have you validated that this is remotely exploitable outside of a contained lab? . That is certainly a critical question that needs to be answered and understood. The extraordinary amount of "pre-show publicity" has lead many to form strong opinions and responses before the full fact...
by proximus
Thu Mar 28, 2019 10:01 pm
Forum: General
Topic: Running IPv6 on Mikrotik? You're out of business in 12 days time
Replies: 32
Views: 14648

Re: Running IPv6 on Mikrotik? You're out of business in 12 days time

Facts still have to matter. The narrative, response and criticism over this issue has gotten way ahead of the information available. Specially crafted packet / memory exhaustion issues (or any other vulnerability) are nothing new to even the largest network equipment manufacturers. They can be dealt...
by proximus
Tue Mar 05, 2019 2:20 pm
Forum: General
Topic: DHCPv6 Prefix Request Response not happening. How to Trace Debug?
Replies: 9
Views: 567

Re: DHCPv6 Prefix Request Response not happening. How to Trace Debug?

Do not configure anything under "/ipv6 pool" ... only set the pool name in the "/ipv6 dhcp-client" configuration.
by proximus
Sat Feb 23, 2019 5:33 pm
Forum: General
Topic: Mikrotik Cloud Backup
Replies: 1
Views: 388

Re: Mikrotik Cloud Backup


1. For cloud configurations
Copy the code below and paste it into the new terminal

/ ip cloud set ddns-enabled = yes
/ ip cloud set update-time = yes
FWIW ... These two setting are not required to be enabled, for cloud backup to work.
by proximus
Mon Feb 18, 2019 8:58 pm
Forum: Beginner Basics
Topic: hAP ac no Internet on LAN
Replies: 4
Views: 300

Re: hAP ac no Internet on LAN

Include a "in-interface=<Your WAN Interface>" parameter. As it is, the destination 443 rule is catching all 443 traffic.
by proximus
Sun Feb 17, 2019 5:04 pm
Forum: Wireless Networking
Topic: Problem with 5GHz frequency - CAPsMAN
Replies: 7
Views: 1002

Re: Problem with 5GHz frequency - CAPsMAN

Since you are provisioning based on hw-supported-modes, I would suggest removing the radio-mac, to get to a more basic config. Are you sure about "control-channel-width=40mhz-turbo" being supported? That may be the source of the no supported channel error. I don't have 4011's to verify. Just elimina...
by proximus
Sun Feb 17, 2019 3:36 pm
Forum: Wireless Networking
Topic: Problem with 5GHz frequency - CAPsMAN
Replies: 7
Views: 1002

Re: Problem with 5GHz frequency - CAPsMAN

I am suspecting that the second provisioning rule should not have the same Radio MAC address as the one that is being used by the 2.4GHz but I do not know what exactly to input as a Radio MAC address. Correct. The CAPsMAN "Radio" tab will show you the radio MAC's for each CAP. If you are not sure w...
by proximus
Sun Feb 10, 2019 7:00 pm
Forum: Beginner Basics
Topic: hAP ac as router only?
Replies: 7
Views: 470

Re: hAP ac as router only?

"direct-input power jack (5.5 mm outside and 2 mm inside, female, pin positive plug) accepts 11-57 V DC."
https://i.mt.lv/cdn/rb_files/1539835625hAP-ac-qg.pdf
by proximus
Sun Feb 03, 2019 7:35 pm
Forum: General
Topic: IPv6 on second VLAN
Replies: 19
Views: 1292

Re: IPv6 on second VLAN

What do you mean by own DHCP server? Like on another machine or what? Or are those commands you posted enough? DHCPv6 server on another machine to provide host addresses. MT's DHCPv6 server does not do host addressing (wish it did!!!) What I posted changes the flags in the Router Advertisement. Tha...
by proximus
Sun Feb 03, 2019 5:36 pm
Forum: General
Topic: IPv6 on second VLAN
Replies: 19
Views: 1292

Re: IPv6 on second VLAN

That error is because SLACC (IPv6 auto config) requires a /64, therefore the error. If you run your own IPv6 DHCP server (or static addresses), you can set advertise=no and may be able to use the /72. Doing this requires settings in ND to advertise the Managed flag. The basic config for not using SL...
by proximus
Sun Feb 03, 2019 3:01 pm
Forum: General
Topic: IPv6 on second VLAN
Replies: 19
Views: 1292

Re: IPv6 on second VLAN

Thank you! I'm getting /64 prefix via DHCP client. I tried your config but second command gives me error "pool exhausted - no more addresses left". Why? Because your pool is a single /64 ... once it is assigned to bridge_vlan10, the pool is exhausted. If your ISP is able to provide you with a /56 o...
by proximus
Thu Jan 17, 2019 10:08 pm
Forum: Beginner Basics
Topic: How to shut down Router before Power Off?
Replies: 19
Views: 2129

Re: How to shut down Router before Power Off?

Normis has commented on shutdown before .... "Shutdown command is not required, it is quite safe to just unplug it." https://forum.mikrotik.com/viewtopic.php?f=3&t=102453&p=518983&hilit=shutdown#p518983 "I have never seen a MikroTik router that has had problems because of improper shutdown. I person...
by proximus
Sat Jan 12, 2019 4:33 am
Forum: General
Topic: hAP ac2 - port knocking doesn't work (kind of)
Replies: 7
Views: 501

Re: hAP ac2 - port knocking doesn't work (kind of)

/ip firewall filter add action=fasttrack-connection chain=forward comment="FastTrack (no-mark connections)" connection-mark=no-mark connection-state=established,related add action=accept chain=forward comment="Accept Established / Related" connection-state=established,related,untracked add action=d...
by proximus
Fri Jan 11, 2019 11:32 pm
Forum: General
Topic: hAP ac2 - port knocking doesn't work (kind of)
Replies: 7
Views: 501

Re: hAP ac2 - port knocking doesn't work (kind of)

I just tried all your scenarios on a RB450Gx4 ( which is also an ARM platform ) running 6.43.8 and they all work. But, FWIW, my knock rules are in reverse order from yours. Meaning it would make your configuration look like: add action=accept chain=input comment="SSH with port knocking" dst-port=xxx...
by proximus
Sun Dec 23, 2018 3:30 pm
Forum: Beginner Basics
Topic: Configure RB3011 to work with Comcast SB6183
Replies: 5
Views: 415

Re: Configure RB3011 to work with Comcast SB6183

Any Mikrotik router will work with any DOCSIS modem on Comcast. You don't need static IP. The router will obtain IPv4/IPv6 addresses via DHCP. IPv4 is just plain vanilla DHCP. IPv6 is a bit more specific. Here is an example of what I use: /ipv6 dhcp-client add add-default-route=yes comment="WAN Cabl...
by proximus
Wed Nov 21, 2018 4:20 pm
Forum: General
Topic: IPV6 Why is my PC get a long list of IPV6 gateway address through Mikrotik DHCP
Replies: 3
Views: 344

Re: IPV6 Why is my PC get a long list of IPV6 gateway address through Mikrotik DHCP

Why is my PC get a long list of IPV6 gateway address through Mikrotik DHCP
.
The premise of the original question is not correct. IPv6 gateways are not obtained via DHCP. They are learned from IPv6 Router Advertisements (RA). So, the source is not MikroTik DHCP.
by proximus
Thu Nov 08, 2018 5:18 am
Forum: General
Topic: IPv6 Prefix Problem with Windows Server DHCPv6
Replies: 1
Views: 274

Re: IPv6 Prefix Problem with Windows Server DHCPv6

Normal behavior.

See this: https://serverfault.com/questions/91847 ... -in-ubuntu

Also, when I look at my iOS devices and Mac's, their DHCPv6 assigned IPv6 addresses all show /128.
by proximus
Thu Oct 04, 2018 3:38 pm
Forum: General
Topic: IPv6 SLAAC, Router Solicitation
Replies: 8
Views: 688

Re: IPv6 SLAAC, Router Solicitation

If all you want to do is disable to use of SLAAC and IPv6 on specific hosts, would it not be much easier to just disable IPv6 SLAAC at the OS level on the desired hosts? Just seems like you are taking the much harder approach that will probably result in unintended consequences. From what I've found...
by proximus
Thu Oct 04, 2018 3:02 pm
Forum: General
Topic: IPv6 SLAAC, Router Solicitation
Replies: 8
Views: 688

Re: IPv6 SLAAC, Router Solicitation

I tried to set up the network in such a way as to block the announcements from the mikrotik (inside mikrotik) to the multicast listeners, but in this case SLAAC does not work at all. For the curious ... why would you want to do this in a SLAAC environment anyway? The intended function of Router Sol...
by proximus
Fri Sep 14, 2018 2:20 pm
Forum: General
Topic: Can't Log in After Upgrade
Replies: 21
Views: 3104

Re: Can't Log in After Upgrade

Winbox 3.18 just released.
viewtopic.php?f=21&t=139189

Have you tried that version?
by proximus
Sun Sep 09, 2018 11:09 pm
Forum: General
Topic: Transferring L4 license from dead rb411 to new rb411
Replies: 8
Views: 666

Re: Transferring L4 license from dead rb411 to new rb411

The RB411 DOES NOT come with L4 license. It comes with L3 license. Look here: https://mikrotik.com/product/RB411

I still need and answer to my question.
The product you referenced has been discontinued. The CURRENT RB411 variants come with L4 license.
by proximus
Fri Sep 07, 2018 8:13 pm
Forum: General
Topic: RB450Gx4 WAN throughput decreases
Replies: 7
Views: 810

Re: RB450Gx4 WAN throughput decreases

@proximus - It appears the WebFig issues is resolved in the release candidate. I prefer to stay with the stable release, but since this is a SOHO device and I don't have any Windows clients I had to upgrade to rc66. Seems to have resolved the WebFig issue. Just FYI, since you are new to MT ... If y...
by proximus
Fri Sep 07, 2018 6:11 pm
Forum: RouterBOARD hardware
Topic: RB450Gx4 "kernel not found or data is corrupted", re-install OS didn't help
Replies: 12
Views: 1441

Re: RB450Gx4 "kernel not found or data is corrupted", re-install OS didn't help

, but it seems as though RouterBOOT can memorize the offset of the kernel on the boot partition and in certain circumstances continue to attempt to load the kernel from that offset even if it isn't located there anymore. Nathan ... Question for ya .... If you have created a primary and fallback par...
by proximus
Fri Sep 07, 2018 3:34 pm
Forum: General
Topic: RB450Gx4 WAN throughput decreases
Replies: 7
Views: 810

Re: RB450Gx4 WAN throughput decreases

New Issue: WebFig freezing appears to be related to using the logout in WebFig. Whenever I logout of WebFig it throws an error in red on the main landing page. Then I can't log back into WebFig until I power cycle. Great that the throughput issue has been resolved. For the WebFig problem, I would s...
by proximus
Fri Sep 07, 2018 2:43 am
Forum: General
Topic: Transferring L4 license from dead rb411 to new rb411
Replies: 8
Views: 666

Re: Transferring L4 license from dead rb411 to new rb411

Just browsing the product line ... all current RB411 models come with a L4 license. So, maybe non-issue?
by proximus
Fri Sep 07, 2018 2:31 am
Forum: General
Topic: RB450Gx4 WAN throughput decreases
Replies: 7
Views: 810

Re: RB450Gx4 WAN throughput decreases

IP > Address default LAN address is set to ether2 instead of bridge0. Is this correct? Interfaces ether 2 - 5 are in bridge and in the switch. How can I verify the interfaces are using the switch chip and not software bridging? If 2 -5 are in the Bridge, the IP address should be on the Bridge. The ...
by proximus
Sun Sep 02, 2018 5:30 pm
Forum: General
Topic: Import config on RouerOS 6.42.7 stops [SOLVED]
Replies: 12
Views: 872

Re: Import config on RouerOS 6.42.7 stops [SOLVED]

Copy-and-paste into terminal one section at a time. Also .. Do each section in Safe Mode. Once that section is successfully entered, exit Safe Mode to save it. Then do the next section. That way you don't have to start from scratch each time, if it blows up. And you'll know exactly where the proble...
by proximus
Sun Sep 02, 2018 5:04 pm
Forum: General
Topic: Import config on RouerOS 6.42.7 stops [SOLVED]
Replies: 12
Views: 872

Re: Import config on RouerOS 6.42.7 stops [SOLVED]

Copy-and-paste into terminal one section at a time.
by proximus
Fri Aug 31, 2018 3:50 pm
Forum: General
Topic: Switch Chip on CRS106-1C-5S
Replies: 19
Views: 1455

Re: Switch Chip on CRS106-1C-5S

The last step in the guide is to add:
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports=
https://wiki.mikrotik.com/wiki/Manual:C ... figuration

I don't see that in your config.
by proximus
Thu Aug 30, 2018 7:28 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 354
Views: 60852

Re: RB4011

Expected Delivery: October 2018

Hum
by proximus
Thu Aug 30, 2018 6:25 pm
Forum: RouterBOARD hardware
Topic: Suggestion: release routers with preinstalled Factory Software from Bugfix release chain
Replies: 6
Views: 607

Re: Suggestion: release routers with preinstalled Factory Software from Bugfix release chain

The Bugfix release chain may not have the hardware support for the latest models. That is probably why you cannot downgrade lower than the minimum release, as in your other thread.
by proximus
Thu Aug 30, 2018 3:26 pm
Forum: Beginner Basics
Topic: Locked Out of Mikrotik
Replies: 29
Views: 2844

Re: Locked Out of Mikrotik

Are you using WinBox on a Windows VM?

Asking because I have not been able to make MAC connections work from a Windows VM on Fusion. Have to use WinBox directly on the Mac OS X host system.
by proximus
Wed Aug 29, 2018 4:27 am
Forum: General
Topic: P2P missing on my new RB1100AHx4
Replies: 13
Views: 1173

Re: P2P missing on my new RB1100AHx4

It was blocking, it was showing next to the filter how much traffic it was blocking,
See this: viewtopic.php?f=21&t=121196&p=596405&hi ... is#p596278

It would be wrong to keep it when it wasn't doing anything. False sense of security.
by proximus
Sat Aug 25, 2018 10:20 pm
Forum: General
Topic: bridge vlan setup (new way) [SOLVED]
Replies: 45
Views: 15260

Re: bridge vlan setup (new way) [SOLVED]

Keep in mind that if you enable VLAN filtering on bridge (and without that VLANs essentially don't work), you loose HW offload and every packet passes CPU. This kills performance on slower routerboards, such as RG951G. I advise you to configure your Powerbox pro in the old way by using /interface e...
by proximus
Thu Aug 23, 2018 11:27 pm
Forum: RouterBOARD hardware
Topic: Hap ac2 vs. Hex S
Replies: 8
Views: 6041

Re: Hap ac2 vs. Hex S

Is the Hap ac2 the same board as the RB450Gx4 just without the wireless module? The key difference, other than the wireless, is that the RB450Gx4 has more memory, more and different type of storage, as well as microSD slot. I replaced my RB750Gr3 with a RB450Gx4 for the much larger NAND storage, wh...
by proximus
Wed Aug 22, 2018 11:03 pm
Forum: Beginner Basics
Topic: Slightly Unrelated Problem [SOLVED]
Replies: 7
Views: 468

Re: Slightly Unrelated Problem [SOLVED]

The M20 running DD-WRT .... do you want that to be a wireless access point only? Then I suspect DD-WRT has an option to place it in Bridge Mode. Then give it a static IP address / gateway / DNS ... and you are done.
by proximus
Wed Aug 22, 2018 10:36 pm
Forum: Beginner Basics
Topic: Slightly Unrelated Problem [SOLVED]
Replies: 7
Views: 468

Re: Slightly Unrelated Problem [SOLVED]

Does the M20 have the appropriate default route pointing to the MT?
Is the problem with IP subnets on the M20 not getting out? If so, then does the MT have routes for these subnets pointing back to the M20?
by proximus
Wed Aug 22, 2018 10:11 pm
Forum: Beginner Basics
Topic: No internet [SOLVED]
Replies: 6
Views: 497

Re: No internet [SOLVED]

Does your modem hand out DHCP or did you forget to setup a PPPoE-Client on the Mikrotik? Yes i believe so, i did manage to fix the problem by unplugging the modem. Not sure why a modem would require MAC addresses to match but it does. So the cable companies can charge you for additional IP addresse...
by proximus
Tue Aug 21, 2018 3:43 pm
Forum: Beginner Basics
Topic: No internet [SOLVED]
Replies: 6
Views: 497

Re: No internet [SOLVED]

This a cable modem? When you change the attached device, you need to either clone the MAC from the current one, or just reboot the modem.
by proximus
Sun Aug 19, 2018 4:59 pm
Forum: General
Topic: CRS Egress Tag Removal
Replies: 5
Views: 525

Re: CRS Egress Tag Removal

Current (6.41+) CRS documentation is to configure CRS1xx/CRS2xx VLANs via the switch menu. CRS3xx on the bridge menu. https://wiki.mikrotik.com/wiki/Manual:CRS_Router Also, this thread with MT input discusses the VLAN filtering differences. https://forum.mikrotik.com/viewtopic.php?t=133129 I wish MT...
by proximus
Fri Aug 10, 2018 3:47 pm
Forum: Beginner Basics
Topic: Open Ports
Replies: 7
Views: 741

Re: Open Ports

That's not a valid scan. Avast is intercepting the nmap scan and reporting open ports, but almost all of them are not on the router .. they are local to the host.

The "proxy" ones are self evident. Another example .. tcp/563 is the Avast service itself. Google and see what the others are.
by proximus
Thu Aug 09, 2018 6:15 pm
Forum: Beginner Basics
Topic: Issue with NAT and internal Subnets
Replies: 6
Views: 523

Re: Issue with NAT and internal Subnets

Given the issue as you describe it, give this a try ....
add action=masquerade chain=srcnat comment="masquerade LAN->WAN" out-interface-list=WAN src-address-type=!multicast 
by proximus
Sat Aug 04, 2018 3:36 pm
Forum: Beginner Basics
Topic: Where can i see all used IPv6 configured via advert
Replies: 1
Views: 330

Re: Where can i see all used IPv6 configured via advert

IPv6 --> Neighbors https://wiki.mikrotik.com/wiki/Manual:IPv6/Neighbors The hosts are auto configuring the IPv6 address via SLACC. The address used will change often if the host has Privacy Extensions on (which is most likely the case). Note that the DHCPv6 server in the MT currently only supports P...
by proximus
Thu Aug 03, 2017 5:07 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 120022

Re: v6.41rc [release candidate] is released! New bridge implementation!

LED's on RB2011 were working again on rc7. With rc9, there are on solid (with link), no activity blinking.