MikroTik

aitsecurity

hi Which is the best of the best Queue Type for VPN links, my VPN are Site to Site. I am using now "RED" and work better of FIFO, but in you experience which is better for VPN links another question is about traffic for MSSQL in VPN, i can browser fast the directories and download files , ...

aitsecurity

Whole idea is agregating all avaliable traffic to single logical link without changing source ip adress. Best would be using some kind of Ethernet-trunk/-channel. That would recommend of course an adequate switch at the ISP-side too. the usual way is (OSPF-) ECMP, but this is working at the IP-laye...

aitsecurity

How about specifying a different IP address on the 3rd interface and adding both IP's of your outgoing interfaces as gateways? This should alternate connections between the two IP's If I make: IP addresses 192.168.0.1/24 - Local 10.5.8.1/24 - Local 195.10.10.200 - Public1 195.10.10.201 - Public2 Ro...

aitsecurity

if a MK is a router the interfaces is a broadcast domain, and you try put two interface in the same broadcast domain. how make a rule for routes ? you can´t do this best regards Hello, I have two ethernet interfaces with different Ip from the same subnetwork ether1 - 10.1.1.2/24 ether2 - 10.1.1.3/24...

aitsecurity

hi! you can give the topology of you network ? is very strange the problem. Hey Guys, I have just tried connecting an RB153 board running 2.9.39 to an existing network running RIP v2. It gets the updates, but the routes time out after 3 minutes, and are dropped from the table. If i remove the RIP ne...

aitsecurity

you give a topology of you network, or explain better this. Problem is the Box must have a trigger saying if WAN1 down supply IP from WAN2 and if WAN2 down supply IP from WAN1. If all WAN's UP I'm fine with only dishing out IP's from either or. Alternativly/Ideally If all WAN's are up just round rob...

aitsecurity

hi, i need to do some streaming video tests and was wondering if anyone knows of a way on MT to generate or add latency...i know how to limit bandwdith but for some of these tests i need higher latency (70ms or above) and it would be nice to simulate some packet loss.. i know, a somewhat strange re...

aitsecurity

[quote="keletiferi"]Hi,

I have 2 x 18Mbit wireless link. But I need 1 x 36Mbit. Sometimes
first link is need 22Mbit, but nother link work on 9Mbit.
Is it possible?

Thanks,

KF.[/quote

sorry no undestand, you can put more info, of you network ?

aitsecurity

Cloudy is fine. In some cases it's better than clear air, since still clear air gets stratified and ducting causes performance drops.

Do make sure things are well grounded and protected from lightning, since clouds carry electricity.

Thanks very much really jp

Best Regards
AITsecurity
Venezuela

aitsecurity

HI! people what you thinks about this question. i want work in 5.x Ghz for make a link of 40 kms, but, one site is in the mountain and have always clouds. in you experience you have problem with clouds ? in this mountain never is clear always have clouds. other people have links there, but no wifi. ...

aitsecurity

1) What is the version of your HotSpot router ? 2) If you have enabled 'Universal client' on HotSpot server, than 'arp' should be enabled for HotSpot interface. http://www.mikrotik.com/testdocs/ros/2.9/ip/hotspot.php?permalink=0.07739637305699482 the version is 2.9.32 and the interface the ARP is e...

aitsecurity

look this please, this in the FAQ of airbridge CPE Is airBridge series a transparent device ? Yes, using older firmware 0.09.10, airBridge is transparent bridge with single Mac support. With the newer firmware installed starting ver 0.01.04, it support multiple Macs and is not a transparent device a...

aitsecurity

1) What kind of the client authentication is enabled on HotSpot ? 2) What do you mean by, >>but, the user can login in this MAC-address, and in other Computer >>MAc-address. ? HI sergejs, ok, the authentication is chap only in the profile of server hotspot, and try explain, if the user example, log...

aitsecurity

HI in /ip hotspot user mac-address talk about this mac-address (MAC address; default: 00:00:00:00:00:00) - static MAC address. If not 00:00:00:00:00:00, client is allowed to login only from that MAC address I have this scenary, Server with Routeros and running Hotspot and put the MAC-address in /ip ...

aitsecurity

because this is a mikrotik specific forum, i have to say that the cheapest CPE is RB112 + R52

ok, but, how i can buy in Venezuela, or in EE.UU because is very hard buy Mikrotik Radios for South America.

Thanks in Advance

aitsecurity

HI! somebody can tell me, a good device example Edimax, indoor, AP this device, i can change from AP to client-bridge, i want a CPE low cost, the good CPE with internal antenna, is very good solution, example tranzeo, smartbridges Mikrotik ,etc, but in my country is to high the price, because have c...

aitsecurity

My appologies, this reply was more for those helping that were familiar with what i was going to try (read several of my previous posts) I put a piece of number 8 wire up the side of the antenna and about six inches above the top. and secured it to the side of the antenna all the way down to the su...

aitsecurity

Well, as an update, I did just as mwi and gerard suggested, and have now been up for more than 30 days on that tower! for that tower.. that is a record! I did not put the pom pom on mine, but if it looks to be needed in the future I will. Thanks for all your advice! also thanks for the pics on the ...

aitsecurity

Check this out! This is how I figured out how to send protocols to each gateway! http://wiki.mikrotik.com/wiki/Load_Balancing_over_Multiple_Gateways thanks for you time for anwser, i go to the url and see, this is for balance two network segment. with two ISP or gateway, very great. in the example ...

aitsecurity

Add 'action=routing-mark new-routing-mark=1234' to the HTTP, FTP,DNS traffic. Add alternative gateway as 'ip route gateway=x.x.x.x routing-mark=1234'. Sergejs thanks very much for you anwsers and time. i try it, i want put the p2p and ftp traffic to satellite, and the normal traffic to E1 Best rega...

aitsecurity

HI!

i have two ISP, and i want pass all traffic FTP, HTTP, DNS, to the first ISP.

i know how mark the packets, etc, but i don´t know how to redirect the this traffic to specific Gateway.

thanks in Advanced

aitsecurity

Jparsons, Give it a try!! 75days uptime through several T-storms! Best piece of copper wire I ever installed. Will try to get you some pics in a few days as I will be climbing silo to add 900mhz to the mix.
Any cure for the broke cm9's????

yes please give a photos

thanks in advance

aitsecurity

Don't forgett most g products have much less output power so if distance is high you
are better with 802.11b than g. Don't use mixed mode use either g or b only!!

thanks very much everybody for you anwsers ..

ok, i can use 802.11b but for more concurrent users the 802.11g is the option.

aitsecurity

dear all is there any way to speed up the cache? 10x in advanced you are use webproxy or a external proxy example squid o ISA server. i am asking, because i don´t know the webproxy in MK go to slow when have 3 Gb in cache, clean and rebuilding the webproxy cache, and run fast the users if you have ...

aitsecurity

HI! my customers and typical people ask me about security in wireless. this typical people only know the mac filters ,etc i put two scenary one is authenticate the users with VPN and encrypted the wireless network the other is use the HotSpot, in MK i want to know you opinion or historys about secur...

aitsecurity

We haven't much of users. Estimate 25-30 user in hotspot user side. Mikrotik Internet side Bandwidth 2Mbit..(G.HDSL) Concurrent user count up to 15 as i saw before. However i watch trafic when we made this tests. And mostly Internet side trafic is not exceed 500kb before test. During web bw tests u...

aitsecurity

Hi, With several days we tried to measure hotspot users internet bandwith. However we have some problem on hotspot side. Our configuration shown below Hotpot Client ----> Wireless/wired -->Mikrotik--->Speedtest machine We use several scripts two of them from http://www.auditmypc.com/speedtest.asp H...

aitsecurity

If you're using routerboards as your AP's though, and you've got connection tracking turned on, you've still got a vested interest in keeping P2P traffic away from those machines. There is a noticable performance hit when the AP has to track thousands of attempted connections instead of a hundred o...

aitsecurity

I DONT KNOW, but the people http://ipp2p.org/ and l7-filter, maybe can stop the new ARES encrypted. if yes, i can think Mikrotik study it, and detect the ARES and stop it. really, my customers Wisp, need this. this customers try to change Mk to other solutions, i want use Mikrotik for this Wisp. Bes...

aitsecurity

I don't know about the law suit, because i use Trendnet TW-503PI, and it was always replaced under warranty, although reseller was suspicios what are we doing to those cards :) So, anyway: Pacific Wireless should be informed about this problem, because it's a MAJOR problem, not some minor bug. Ther...

aitsecurity

yes, very often problem with Omni antennas, because, as I understood, they collect statical electricity, until radio gets blown. I've got card blowned almost every week. I also thought that there is no solution for this problem, but in fact solution was quite simple. I took few meters of cord (wide...

aitsecurity

Talked with them just a few minutes ago.. seems there is a defect in the mfg of the antenna, and I was told to RMA them. So if anyone else is experiencing this, you might contact pacwireless, or your distributer regarding this. He told me they were going to rework the product and wasn't sure when t...

aitsecurity

I be try to make a link to 1.3 Km and i cant connect two sedes. Iwas try with SR2 an RB532 and nothing because two cell Radio base make noise and catch my signal. and the espectrum is very saturate in this area. I was try with SR5 and the radios can see the SSID, i configured with NStreme. Another ...

aitsecurity

30-40 users should be no problem. the problem would be sharing those 1mbit

ok thanks for you anwsers, but which is better for Wisp 802.11b or 802.11g

imagine i have full bandwith infinite

aitsecurity

hi simple question in you opinion if i have to the cloud to internet 1 Mbps and share to my users. if i have AP in 802.11b how many handle concurrent CPE and if the AP in mix in 802.11b and 802.11g, how many i can handle concurrent users. no worry about 1 Mbps share, suppose i have more bandwitdh to...

aitsecurity

but, in horizontal, the perfomance speed is 2mbps, with vertical go up to 3.5 mbps due to the fact that power lines are horizontal ? the problem no is the power lines, is the tower for power lines, the tower is big, and when put the antennas in horizontal, the wave go vertical and shock more with t...

aitsecurity

which polarization would you use? Horizontal or verikal? It is a control tower with sector aerials. look this test in real world, for little link of 2.810 meters the Point A to 200 meters have a towers of power lines Big towers, and the zone fresnel is no perfect. in point A have a 26 dBm AP, with ...

aitsecurity

What I like about connection users through PPPoE is that automatic subnet is created for user, so he cannot see anything on the network except router, and all his connections must go through the router. That allows using client isolation on AP (which is a must for any open access network) I run sma...

aitsecurity

Hi people, i found 2 new methods to do hotspot vulnerable called NSTX and ICMPTX... here I share it so that they are opening the eyes. Mikrotik guys, what can say about this? are knowing this? is Mikrotik Hotspot vulnerable to this? :?: NSTX (IP-over-DNS) HOWTO http://thomer.com/howtos/nstx.html IC...

aitsecurity

If i use a web cache and assign for a user datatransfer limit ... is that limit applied to stuff downloaded from webcache?

HI

is you give example to the customer a simple queue 256 kbps , when use the webcache this user download the website in cache in 256 kbps.

best regards

aitsecurity

HI! i have this topology MK Router branch office -----WIFI link 3 kms ----- MK Router remote office the DHCP server is running in windows 2003, with ISA, in Office. in the remote office, i need the DHCP server in branch OFFICE give IP to the PC in remote office. look, this is special, because, in th...

aitsecurity

we try to use horizontal whenever we can (even our sectors) it's less common for people to use to it tends to have less interference. in addition we've made numerous backhaul links that have dual radio links, one horizontal and one vertical(some with dual pole radiowaves dishes, some with multiple ...

aitsecurity

we try to use horizontal whenever we can (even our sectors) it's less common for people to use to it tends to have less interference. in addition we've made numerous backhaul links that have dual radio links, one horizontal and one vertical(some with dual pole radiowaves dishes, some with multiple ...

aitsecurity

Hi, i think your signal is too high at each end , swamping the input of the radios , turn the tx-power way down and check the signal and throughput again. mmmm i think the same, but look this. in the AP ear the CPE with -0 dBm, and in the CPE ear the AP with -25 dBm, look this, in the CPE he no ass...

aitsecurity

HI what is better for make a little link 3 kms, i have two antenna hyperlink 19 dBi grid, and the other hyperlink 24 dbi grid. i make the link in horizontal polarization, but the throughput have peak of 500 kbps. the AP ear the client with -0 dBm, and the client ear the AP with -21 dBm. the link is ...

aitsecurity

Winbox closely resembles console command structure. As the console commands are more readable and less verbose than winbox screenshots, the manual will always discuss console. thanks for you anwsers, but, you know, the MK is good solution for make a Wisp, but no everybody work easy with commands, e...

aitsecurity

HI

my customers use the winbox, and they wants a manual of winbox

the routeros manual is only in commands, the customers like it, but need the manual of winbox too

Best regards
Daniel W

aitsecurity

HI!

i have customer, and this customers want a command or something for print the winbox,

i know, i can use the button screenprint in the keyboard, and paste in word, but the customer want print directly of winbox.

Best regards

aitsecurity

Hi! i have question, i try make a link of 2.8 kms, in the site A have a 200 mts, a electricity distribution plant, only see tower and high lines voltages. in the point A have a AP with 26 dBm and 19 dBi antenna hyperlink grid. in the point B have a CPE with 17.5 dBm and internal antenna of 13 dBi. o...

aitsecurity

Are there any more P2P formats that can't be limited and should be dropped?

i try sometime stop ares, the news version of ares is encrypted, and mk no stop, the other p2p yes,

i am thinking need time for study or sniff the ares,

the old version of ares, mk can stop

best regars

aitsecurity

Thanks for the reply aitsecurty. Interesting, I rarely setup DNS from the terminal other than the primary and secondary, and have actually never noticed the ttl setting in there. I'll give this a shot and see what happens. I appreciate the suggestion :) Mikrotik, why is the cache-max-ttl setting no...

aitsecurity

the solve this for example /ip dns set cache-max-ttl=30m Has anyone noticed this? I'm running a number of hotspots with 2.9 (various versions) where the hotspot redirects DNS to the DNS cache. After a long period of uptime ( > 60 days) logins to the router become slow, the CPU starts to spike, the C...

aitsecurity

HI! example i have 3 cyber with 22 PC in total, and 20 home user customers for internet, and the satellite give burst to 1024 kbps i have squid (webproxy Mikrotik), and Dns cache. but bercafull, with Cache dns, i have to much trafic, (cyber), to Dns, and my Dns go to full quickly. i change this para...

aitsecurity

if you want limit coonections for one host than you enter /32 if you wnt limit whole network then use /24 but remember if you limit whole network, that one user of netowrk can use all available conenctions and other ppl on that network would not be able to use network at all. and no you cannot dete...

aitsecurity

my scenary: have a little Wisp, with normal user (home user, one PC), and SOHO, cyber or office with 10 or more PC now, if apply this rule /ip firewall filter add action=drop connection-limit=5,32 protocol=tcp tcp-flags=syn, chain=forward this rule limits to 6 conections for each user i will have pr...

aitsecurity

MT Doesn't support duel processors... Things to keep in mind: - web proxies will take a massive hit on CPU / Memory - high traffic loads will take a massive hit on CPU / Memory - BGP/OSPF (potentially) could hit Memory But yea, all users are blind as far as processes goes... a 'top' would be VERY u...

aitsecurity

you can drop it. encrypted traffic can be dropped just like all other p2p traffic. we already detected how this encrypted traffic looks and updated our p2p detection mechanism: /ip firewall filter add chain=forward p2p=all-p2p action=drop ok thanks i was used this rule work very fine but not with A...

aitsecurity

HI

i want to know how many user concurrent can handle with MK

i want to use VPN PPTP in Pentium 4 with 1G Ram

i make the rules for my user wireless, can only give internet when the user is in VPN, and work very great .

Best Regards

aitsecurity

Hi I have trouble with p2p encrypted connection becouse i can't limit bandwitch in queres and I want only drop encrypted p2p not all p2p connections. How do that:)? Any ideas:)? Thank's Tom good question i want stop ARES p2p, i am thinking you can sniffers the encrypted p2p and if you see a concurr...

aitsecurity

Maybe the "How to buy" link on MTs homepage would be of help? :-) http://www.mikrotik.com/1howtobuy.html Otherwise, if you're ordering enough boxes you could order directly from MT... last time I ordered the minimum was USD1000 for a direct order /Jörgen thanks for you anwser, i want buy ...

aitsecurity

Hi i have one Mk in CPU 100%, i will change the webproxy "size of cache in hardisk" i assume the problem is there, because the webproxy try make free space . How i do, for see the process of CPU in Mk, in linux is the command "Top", in Mswindows " the task manager" you ...

aitsecurity

Yes I'm using PCI cards on windows xp, but I've the same problem on customers that are using access points instead of pci cards. How can I disable the WZC??? For default I uncheck the option in Properties of Wireless conection on Windows... are there another way to resolve this problem??? well i us...

aitsecurity

Hi

i want buy the (RB/RPO) MikroTik 5GHz OUTDOOR Client Package

where i can buy in EE.UU

Best Regards

aitsecurity

Hello ! I was marking ACK packet, but I don't no how I must do this :) chain=forward src-address=192.168.0.0/24 protocol=tcp tcp-flags=ack packet-size=0-70 action=mark-connection new-connection-mark=ack_conn passthrough=yes chain=forward protocol=tcp tcp-flags=ack connection-mark=ack_conn packet-si...

aitsecurity

Are your customers using WinXP and 802.11 cards to connect to the wireless network? If so, once they are connected, disable WinXP's WZC (Wireless Zero Configuration). You can get a load of information on WinXP problems with WiFi connections with a search engine. We had to abondon PPPoE on our acces...

aitsecurity

HI! i am thinking this if you have in squid (Mikrotik), a 80 Gb HD, and use this for cache websites, is to big, when a user go to example http://www.google.com the webproxy need search in very big disk. i know the algorithm in squid BUT!!! now, in you experience which is the magic number for webprox...

aitsecurity

Hi, i am trying to set up a secure connection to manage my routers via winbox. The connection from winbox itself is not secure and the pass and user can be compromised. Which any possibility have i to protect my connection to router. i am connecting allways over an ethernet interface. i have not mu...

aitsecurity

I'm not sure if I understand your question...how many WiMax base stations? As I said before, we had varied results within 1 km inside and behind buildings with a single base station. As with most wireless deployments, each location will be somewhat unique, so results could be much better or much wo...

aitsecurity

I'm not sure if I understand your question...how many WiMax base stations? As I said before, we had varied results within 1 km inside and behind buildings with a single base station. As with most wireless deployments, each location will be somewhat unique, so results could be much better or much wo...

aitsecurity

It came up to 36Meg link for a while but now it's jumping up and down and falling all the way back to 6Meg. Is the speed falling when the link is idle, or when you're pumping traffic through it? For what ever reason, it's normal for those cards to drop the speed when they aren't doing anything. Pri...

aitsecurity

We have tested some WiMAX gear from Airspan (ASMAX) operating in the 3.5GHz band with a single 8 or 10dB omni (don't recall which it was). We had diversity disabled (attenuated) and the transmit power on the primary was 33dBm. We were getting about 1km NLOS in an urban environment (inside buildings...

aitsecurity

The rb-112 is screwed to the back panel metal to metal. The n-type conectors also touch to the metal case. The case is isolated for the most part execept for the two bolts that go from case to tower but there is a lot of paint so i doubt the is any real conductivity between the case and tower. The ...

aitsecurity

Can't seem to get it working. I put proxy-arp on ether2, gave it an IP of 192.168.100.2. Gave my pptp client an local ip of 192.168.100.20 and remote of 192.168.100.21 with a route of 192.168.100.2. Connects to the pptp, cannot ping or do anything with the 192.168.100.0/24 subnet. maybe NOOOO!! exa...

aitsecurity

Are there any Wi-Max miniPCI adapters such as the ( http://www.wavesat.com/products/mini-pci.html ) for which support is available or planned? Wimax, i am thinking is the name for marketing, wimax 802.16 need the same L.O.S, and use license bands :-( only for very big WISP, who pay the regulatory ,...

aitsecurity

Hi Guys, I am trying to implement a setup using VRRP. RouterOS is 2.9.21. First I went straight away to using VRRP with VLANs and Bridges implementation but that failed straight away. So I decided to test VRRP to its basics. When I did so, I was getting the following result: 1. Pinging Dynamic IP w...

aitsecurity

Ok, I set up the pptp server and I set up my computer to connect. It works, gives me a address of 192.168.100.21 and server address of 192.168.100.20. However I cannot access the inside of that routers network (192.168.100.0) even with proxy-arp on both interfaces. ok, put in: secrets name: you log...

aitsecurity

I have a main office machine I wish to use to get into the local side of all my router boxes. How to I setup a vpn connection to them, so I can connect to each one individually when I need it and get on the local side of the router?

what do you want VPN roaming, or VPN site to site

aitsecurity

HI i see this http://www.smyth.net/tower2a.jpg, and i have a question for you, you no have problem with connector type N in the box, the connectors have contact with the metal of the BOX, i am thinking you can loss db there. What you think about this, maybe the BOX work a Antenna or parcial antenna ...

aitsecurity

HI if i can use for my Wisp, the VPN for connection the CPE to AP, i will very happy, i no want use WEP or WPA ,etc the idea is, only filter in the AP with Mac address list, and in the side of customer, (the customer use a PCI card 802.11) can connect easy to my AP he only need the SSID. and run the...

aitsecurity

hi what you think about this 192.168.1.107 TCP_DENIED/400 1511 NONE error:unsupported-request- method - NONE/- text/html 17:42:52 web-proxy,debug,packet 1143049372.446 1 192.168.1.107 TCP_DENIED/400 1511 NONE error:unsupported-request- method - NONE/- text/html 17:42:52 web-proxy,debug,packet 114304...

aitsecurity

HI! my MK is a transparent webproxy, work fine, but, one user on my network need, go to the website for example http://site.ebrary.com directly, and i want this user no use the service webproxy for go to this website in other words, no cache this domain. i am thinking need a rule in /ip webproxy cac...

aitsecurity

Hello guys ! If I want to make a full nat for 1000 users (we have plenty of global ip's), then how should I do this the smart way (like the NAT on 2003-server). I perfectly understand the netmap-feature, but adding 1000 /32 adresses doesn't seem to be smart... And no, we do not want to expose our q...

aitsecurity

Code: Select all
if firewall filter add chain=forward src-address=bad.user.ip action=drop
I am new in this, do I have to use the terminal to this, or where ??

yes if do you want,

aitsecurity

Hi i have 4 Mikrotik server, work very great. but look this 16:17:34 system,error,critical login failure for user 68.148.82.16:18762\r Remote-IP: via winbox 16:17:37 system,error,critical login failure for user 70.146.162.3:25069\r Remote-IP: via winbox 16:17:44 system,error,critical login failure f...

Search found 84 matches