Community discussions

MikroTik App

Search found 23 matches

by serafin
Tue Apr 06, 2021 6:27 pm
Forum: The User Manager
Topic: UserManager & multiple SSIDs
Replies: 0
Views: 622

UserManager & multiple SSIDs

Hi, I have CAPsMAN managing multiple cAPs with 3 SSIDs. Each SSID has separate security policy/password. Now I want to use UserManager to have unique passwords per user. I did so for single SSID where within access rules I query radius for access credentials in UserManager as described here: https:/...
by serafin
Mon Nov 02, 2020 11:50 pm
Forum: General
Topic: CRS125 & managemenent interface in tagged vlan
Replies: 2
Views: 341

Re: CRS125 & managemenent interface in tagged vlan

Bingo! - adding switch-cpu in egress-vlan-tag rule solves the probelm.

with trunk & adding ports to the bridge - this is CRS125, here ports have to be in the bridge to trunk them...
by serafin
Sun Nov 01, 2020 7:19 pm
Forum: General
Topic: CRS125 & managemenent interface in tagged vlan
Replies: 2
Views: 341

CRS125 & managemenent interface in tagged vlan

Hi, I have CRS125-24G-1S device and can't reach it via IP address from one of the tagged VLANs received via trunk port. Let me describe my config - maybe somebody can spot where I made an error I have bridge defined as in all examples in the wiki: /interface bridge add name=bridge1 protocol-mode=non...
by serafin
Fri Mar 29, 2019 8:34 am
Forum: The User Manager
Topic: Wi-Fi mac auth produces no valid profile error
Replies: 2
Views: 2644

Re: Wi-Fi mac auth produces no valid profile error

thanks for this post, it works for me as well this way.

Where to report gap in wiki?

S.
by serafin
Fri Mar 29, 2019 8:33 am
Forum: The User Manager
Topic: no valid profile found for user for mac-authorization for CAPsMAN
Replies: 1
Views: 2407

Re: no valid profile found for user for mac-authorization for CAPsMAN

Issue described in here: viewtopic.php?f=10&t=142882

as well as solution - to add default profile before adding user

Ser@fin
by serafin
Fri Mar 29, 2019 1:19 am
Forum: The User Manager
Topic: no valid profile found for user for mac-authorization for CAPsMAN
Replies: 1
Views: 2407

no valid profile found for user for mac-authorization for CAPsMAN

Hi I'm trying to test config with one central router and a few antena managed with CAPsMAN. CAPsMAN stuff works well up to the moment when I start limiting access based on User Manager database. I have entry in /caps-man access-list: add action=query-radius interface=XXX-1-2 while I'm trying to esta...
by serafin
Sat Aug 25, 2018 12:00 am
Forum: General
Topic: Windows 7/10 & L2TP connection issue
Replies: 5
Views: 2941

Windows 7/10 & L2TP connection issue

It took me today quite a long time to found a solution to the issue with establishing VPN connectivity from Windows 7/10 to MikroTik router using L2TP/IPSEC protocol, so I'm sharing solution. Configuration description: - 2011 router with RouterOS v6.42.7 behind NAT & with DNAT set up for being a...
by serafin
Fri Aug 17, 2018 12:09 am
Forum: General
Topic: SSTP vpn & PPP authentication via radius
Replies: 4
Views: 3939

Re: SSTP vpn & PPP authentication via radius

Hi

sorry for not replying earlier, just come across this old post. Do you still need help?

Ser@fin
by serafin
Tue Jun 05, 2018 12:46 am
Forum: General
Topic: HA with RB750
Replies: 3
Views: 781

Re: HA with RB750

Hello, I don't know if I'll give you the best option. To do a dynamically failover between two sites I would recommend you to set up GRE+IPSec tunnels. Using this you will be able to let the OSPF take care of your routes. But if you do not use OSPF, have you tried use "check-ping" option ...
by serafin
Tue Jun 05, 2018 12:36 am
Forum: General
Topic: CRS questions about MAC authorization and DHCP spoofing
Replies: 1
Views: 544

Re: CRS questions about MAC authorization and DHCP snooping

after some investigation: re 2: still no success for DHCP snooping configuration but two options to address issues with malicious DHCP server in L2 segment: - Protocol Level Isolation described here: https://wiki.mikrotik.com/wiki/Manual:CRS1xx/2xx_series_switches_examples#Protocol_Level_Isolation -...
by serafin
Mon Jun 04, 2018 1:58 pm
Forum: General
Topic: CRS questions about MAC authorization and DHCP spoofing
Replies: 1
Views: 544

CRS questions about MAC authorization and DHCP spoofing

Hi,

does anybody know if/how it is possible to:

1. authorize MAC address of the connected computer based on RADIUS reply and then assign port to specific VLAN?

2. detect DHCP snooping on specific port and take an action based on that (ie disable port)

thanks in advance
Ser@fin
by serafin
Wed Nov 30, 2016 12:13 am
Forum: General
Topic: SSTP vpn & PPP authentication via radius
Replies: 4
Views: 3939

Re: SSTP vpn & PPP authentication via radius

thanks for your reply - my situation is slightly different as I have FreeRADIUS with LDAP backend for AAA however your screenshots gave me a hint and now SSTP works like a charm. I had an issue with LDAP/MS-CHAP attributes translation which was actually not used in case of OpenVPN. I have working RA...
by serafin
Mon Nov 28, 2016 10:37 pm
Forum: General
Topic: SSTP vpn & PPP authentication via radius
Replies: 4
Views: 3939

SSTP vpn & PPP authentication via radius

Hi, I have CCR1016-12G with recent 6.37.1 RouterOS. I have OpenVPN server configured there with Radius authentication - everything works perfectly well. Now I'd like to add SSTP vpn server and I'm getting: sstp,ppp,error : user <user> authentication failed . When I tried to define <user> in /ppp sec...
by serafin
Fri Jan 29, 2016 12:47 am
Forum: General
Topic: LDAP integration
Replies: 8
Views: 26240

Re: LDAP integration

The biggest challenge to LDAP integration is writing your translations from LDAP-speak into RADIUS attributes. The best thing to do would be to configure your user groups in RADIUS as you see fit, and then use LDAP for password authentication and group membership. Basically, the RADIUS server retre...
by serafin
Fri Jan 29, 2016 12:40 am
Forum: General
Topic: DHCP + radius = connection timeout
Replies: 0
Views: 463

DHCP + radius = connection timeout

Hi, I have CCR with RouterOS version 6.33.3 with radius server configured there for DHCP & PPP. Radius server has two different instances listening for those services, but everything is available on one server without any firewall. For PPP everything works perfectly well, I can login via various...
by serafin
Wed Dec 10, 2014 10:15 pm
Forum: General
Topic: changelog
Replies: 1
Views: 726

changelog

Hi

is thare any general changelog for all releases in version 6 available? I can't find it neither on website nor on wiki.
What I can find is changelog for one particular version only

for those who ask why - to asses what tests I need to do after upgrade from 6.12 to 6.23

thanks
Ser@fin
by serafin
Thu May 10, 2012 11:16 pm
Forum: General
Topic: issues with SSTP backup
Replies: 2
Views: 769

Re: issues with SSTP backup

I haven't encountered any issues with SSTP after upgrade. I have constant VPN connection via SSTR from 9 RouterBoards and several from Windows 7.

In the matter of certificates - I still need to test it after upgrade

thanks
Ser@fin
by serafin
Tue May 08, 2012 11:28 pm
Forum: General
Topic: issues with SSTP backup
Replies: 2
Views: 769

issues with SSTP backup

Hi I have noticed strange behaviour while I made backup of my configuration with SSTP server and certificates. After restoring it on second device SSTP configuration was off and certificates were not migrated is it bug or maybe a feature? tested on two RB1200 with RouterOS 5.8 and 5.11 thanks Ser@fin
by serafin
Sat Jan 21, 2012 11:07 am
Forum: The User Manager
Topic: no valid profile found for user <mac address>
Replies: 3
Views: 9635

Re: no valid profile found for user <mac address>

Can you please give some more detail ... I am stil having similar problems.. Log: radius,debug,packet Reply-Message = "no valid profile found" Any advice where to start debuging. I am trying to setup PPPoE server with radius.. I have created profile in User Manager and it solved the probl...
by serafin
Wed Dec 28, 2011 12:14 pm
Forum: The User Manager
Topic: no valid profile found for user <mac address>
Replies: 3
Views: 9635

Re: no valid profile found for user <mac address>

self response, for further reference

it appeared that I haven't configured profile for customer properly (/tools user-manager profiles), however it was not enough.
I tested version 5.11 and I was not able to assign profile for the user from command line, I needed do so via web interface.

Ser@fin
by serafin
Wed Nov 16, 2011 12:10 am
Forum: The User Manager
Topic: no valid profile found for user <mac address>
Replies: 3
Views: 9635

no valid profile found for user <mac address>

Hi I'm trying to prepare POC for DHCP management using User-Manager. I took Mikrotik v5.8 installed in VirtualBox and made the configuration as below: /tool user-manager profile add name=dhcp name-for-users="" override-shared-users=off price=0 starts-at=now validity=521w3d /tool user-manag...
by serafin
Tue Nov 15, 2011 12:12 am
Forum: General
Topic: why mangle rure doesn't process traffic?
Replies: 2
Views: 752

Re: why mangle rure doesn't process traffic?

I thought the answer was very simple...
thanks, it works

cheers
by serafin
Mon Nov 14, 2011 9:17 pm
Forum: General
Topic: why mangle rure doesn't process traffic?
Replies: 2
Views: 752

why mangle rure doesn't process traffic?

Hello I suspect that mangle in RouterOS version 5.8 have some features I don't know about, could you please help me? I have the following addresses assigned to my interfaces at RB1200: 0 213.xx.xxx.xxx/28 213.xx.xxx.xxx ether1 1 83.xx.xxx.xxx/29 83.xx.xxx.xxx ether2 2 10.8.4.254/24 10.8.4.0 ether9 t...