You will thank me for that...
I haven't tried it on routeros but I'm sure it will work.
Please use rundeck.. amazing opensource product to execute commands and scripts.
AMT.
As far as i know there is no firewall while using fastpath. And fasttrack is not working without nat.
So if you are using just a bridge and need performance use no firewall with fastpath.
Hi All. Can someone please share configuration for the following scenario. I have a circuit that uses vlan 903. (tagged) There are 10 vlans that i wish to use on this circuit. I would like to do QinQ using the hardware switch. So on each side of the link there is a trunk port with vlans 200 to 210 w...
Hi All.
I have searched in the furom and i waa unable to find a clear answer for that.
Does power saving with capsman actually working?
Currently my device does not go to sleep. Many Thanks
Hi All,
Is that possible to use FastTrack over bridge without NAT?
I'm unable to get it working with 6.32.4 counters remain zero on the dummy rule and ip settings. while fastrack rule and normal rule has the same counter.
You should diabale those nics in the observium.
You can filter nics in the config.php file.
But first look at the observium modules maybe you can disable ppp something.
Hi All, Maybe you can assist me to understund some issues with capsman. I have a CCR 1036 running a capsman and about 15 MAP2N. All is running 6.33.3. First of all I wish to understund why some caps interfaces are not running. # NAME TYPE ACTUAL-MTU L2MTU MAX-L2MTU MAC-ADDRESS 0 RS ether1 ether 1500...
I have done it before using a lot of Hardware. Switch using LACP and 4 routeros devices and another switch with LACP at the remote site.
But the bandwidth is per mac so double bandwidth from different macs.
I'm currently doing that using pfsense.
Two firewalls using carp(vrrp) and sync the state table.
The magic is that the gre source and destination should use the carp ip.
Works like a champ for two years on dozen of installs.
To make it short don't use smb over wan.
It's a protcol which is waiting for samba acks (not tcp acks).
The only way that i know to uae samba over high latency wan is traffic acceleration.
It change the tcp to udp transparently.
I'm using capsman with a lot of caps and I thought it beacuse of the roaimg between caps.
Now I can see the packets that prevent the device going to sleep.
Too bad it like this the capsman and caps are so great.
Hi All. I wanted to ask for an lldp feature in Mikrorik. Today i decided to install lldp on all of my linux servers and VMs so now every capable lldp switch is showing me the physical port mapping which is amazing. I know many have asked this before but now i can see the true benefits of it. Also th...
It depends. First thing you should consider that 6500 doing hardware nat. Mikrotik I doing a software nat. Mikrotik limitations are as follow. 1. Maximum tcp throughput is 1gb thia is the maximum that each core can handle. 2. Latency is higher. Good stuff. The visual side is amazing compared to Cisc...
I think you should start with basic. Verify speed and duplex on all ports monitor cpu usage and look for interface errors. Next step try to isolate the the issue with iperf. Send a udp stream of 100Mb and look at the winboxes during that time so you will be able to see that 100Mb is entering the rou...
I would say you should give it a try it depends on your needs. Mikrotik qos for example is amazing compared to Cisco.
Also the visibility in Mikrotik is something you don't have using Cisco.
Enjoy
Hi All. Maybe there is a simple way to achive the following . Im using a ccr as a core lan switch in order to have control on the connections and traffic between all of my switches. So all ports on the same bridge firewall is marking conections and packets. I would like to have the same queues on al...
It's working very well while the Mikrotik is doing routing but for some reason I'm unable to view the data while using a bridge.
The data is in the accounting on the router side.
Is there any spaecail config?
Hi All. I have a bursty traffic above the max bandwidth. Can I use a large queue and allow the traffic to be buffered? For example the total bandwidth of the circuit is 10Mb and there are fractions of a second when the application sends 50Mb. All is UDP. Can I leave max limit empty and the magic wil...
as usual buildings are with walls (even from concrete) so concrete with steel arming are killers of wifi coverage. i think 3 RB951, each on separate floors will fit to your needs for the start Thank You, Should I use the wifi as bridge to centeral router? or should each one will do nat or even rout...
Hi All, This is my first time designing wireless for the office. The usage is for Internet access only . Authentication will be just password and some encryption. The office size is 3 floors 600 square meters (each floor). I would like that people will move easily and stay connected. Total number of...
I would suggest you to monitor the the cpu usage per core, please telnet/ssh and type /system resource monitor
Do you see any correlation between the latency to even one core using 100%?
I would suggest you to consider two isp links at each site each connection connected to a different Mikrotik device (total 4 Mikrotiks) each couple will create eoip over ipsec. Now connect them both to a switch at each end and let the spanning tree do its magic. Or even better create a lagg between ...
I have to admit the ccr series is not stable enough.
We use arround 20 devices and every month or so we have a few watchdog reboot.
Its getting better after each upgrade but its not something that you can trust unfortunately.
Lets give it a try.
Have you enabled the firewall on the bridge?
Have you created packet marks with the firewall?
After you will see the counters climbing in the firewall mangle create quee tree.
And it should work keep in mind that you are limiting only the outgoing interface.
For the first time, i got problems using CCR. This is my first CCR, not using sfp, so it might be related to my problem. I changed a RB1000 to a CCR. The purpus of the router, is to make VPLS tunnels from a IC With another ISP. Setup is easy : ether1 -Cisco(l2 link in to site) ether2 - misc mikroti...
It looks scarry at first while the router is not booting. Here is the formal answer..... This is expected, as the unit receives information via console, and perceives this as the "press any key" message at startup, and then enters RouterBOOT menu. To change this, enter RouterBOOT setup, an...
Thanks. There is something strange in the title of the product a layer 3 switch. From wikipedia The only difference between a layer 3 switch and router is the way the administrator creates the physical implementation. Also, traditional routers use microprocessors to make forwarding decisions, and th...
HI All, Just got my first CRS. it looks very promising, the LCD is a nice thing to have on a switch instead of a name label and IP also the port infor is great. And it is silent as well:D One thing I'm not sure is where is the layer 3 switching? should I configure IP the normal way, once I do that I...
The enterprise market is waiting for a layer 2 10G switch 48 port in the price range of sub 2K$. It should have minimal options like igmp snooping and QOS.
I think its a great time for mikrotik to get into the enterprise market.
I would be very happy if Mikrotik will hear the users. Mikrotik has great peace of software that currently wasted. I'm asking myself why say no for the money? Also I tried to ask Mikrotik a few changes that I'm willing to pay for in RouterOS and the Dude. Guess what. the answer was no. I wish I had ...
Hi All, I'm trying to configure a layer 2 firewall on RB1100. While everything is working well beside that I have to open rules both way in order to accomplish connection. For example. Port 1 connected to a pc 192.168.0.1 Port 2 connected to a pc 192.168.0.2 Port 1 and 2 are bridge1 In order to ping...
Hi All. I would like to isolate group of servers inside a LAN without changing ip address or using a vlans. All should be done by a layer 2 filtering. I would like to create a bridge of 5 interfaces. The security model should be as follow. 1. All interfaces should have access to servers on on eth1. ...
I would suggest you to use a cheap server like dell R210 for your core.
The RB1100x2 is working very well at maximum of 300MB depends on your traffic type and number of sessions.
If you will use RB1100x2 follow the IPSec manual it's very important to get good performance.
Good luck.
Hi All,
I would like to print the CDP neighbors list on a device label.
While running snmpwalk I can see the data but it's spreads over a few OID's.
Does anyone has an idea on how to accomplish that?
Hi All, I would suggest to add a compression option on the connection option. During the test I have noticed that monitoring 200 servers uses around 1Mbits between Dude and the Agent. While doing the same test over SSH tunnel with compression the traffic use less than 200Kbps. I think its very easy ...
Hi All, After a lot of tests and help from Mikrotik support (Thanks). I found that the most important part is to configure the CPU affinity on the RouterBoard. Without that the performance is poor. Also there is one open issue while using tcp iperf or Mikrotik bandwidth application from a pc to pc w...
Hi All, Maybe someone has faced this issue before. I have 2X RB-1100X2AH ver 5.14 and another two X86 running 5.14 as well. Each pair connected with IPSEC and Eoip which creates two different L2 links over LACP. The two pairs connected using a single GigE connection. This gives me a load balancing a...
Hi All, I'm using a few Mikrotik routers all is working great. There are a few things that I'm not sure regarding the switch. 1. What can I do with switch rules? Copy to CPU or redirect to CPU 2. Master port it's a must? I can use the port even when it's a master port 3. Is there any way to sniff da...
Looking for dude agent on Linux? I'm using Dude 4 beta 3 using openvz vm running under wine. It does not run as a service but it's start automatically. Working very very well. My main server and dozen agents running like that. It's very easy to deploy just backup and restore the openvz part This ope...
Hi All, Sometimes I would like to add a condition to a Link label. I would like to write a text in the label when the Interface.InBitRate = 0. The reason for that is that when having an Ethernet circuit that cross other equipment in the way. it will not show as down if the circuit is connect to the ...
This is very problematic.
I have no idea what is the cause, Since Ive restored the db all is up but with less 300 devices
I'm not adding devices..
This issue is critical.
I hope we will find it fast..
Many thanks
Thanks you for that. I would Be happy to see the following. 1. Adding and removing probes from a few devices at once. 2. I think that the database should be readable somehow for example my dude started to show pings probes as down but the pings graphs are alive on 400 devices from 1000+ I have no id...
Thank You, Very strange things. While using EOIP testing with iperf tcp test. once Im able to get 300Mb and the second time 100Mb, its happening each time. once 300 once 100 once 300 once 100. Also while copying file over ssh I'm not able to cross 6MB per second. Any Idea? Update I have made some ip...
Thank you.
I will give it a try, sorry for asking but I would like to achieve the max performance.
What will be the fastest encryption algorithem?
I appriciate the help.
Thank You,
Can you please recommend what will be the best performance throughput setup in order to create layer 2 vpn?
How can I make sure I'm using the hardware encryption?
Hi All, I have two RB 1100X2 and I would like to create Layer 2 VPN. While trying to do that with EOIP over IPSEC it looks like its working I can reach 400Mb. While trying to do the same using VPLS I can get to 800+mb but I noticed that the traffic is not encrypted.( While Sniffing the WAN port). Is...
Hi All, :shock: After running a Dude for a few weeks with 1000+ devices. Something very strange happened about 800 devices are down/partially down because ping probe timeout. The servers uses 10 agents all running on WINE. The ping graphs are working correctly. In trying to solve it backup and resto...
Hi All, I was wondering maybe you have some experience on how to monitor wan links. (Up or Down) The links I need to monitor are layer 2. The problem is that usually the physical interface will stay up and the link will be down at the carrier network so both ends of link will be up. The best visual ...
Hi All, The latency probe is working well. For some reason I'm unable to use this probe using a remote agent, the ping is made from the local Dude server and not the agent. Maybe someone has an idea on how to accomplish the following: Adding a latency number to a link (Maybe even color it on high va...
Thanks fbsdmon
That's exactly what I was looking for. I was able to add it in the device appearance and it working perfect.
One last thing is how do I add this to the tool?
What should be the tool syntax
Thanks Again.
Hi All, Maybe you have an idea on how to accomplish that. I have servers that the ip address of them is 1.140.X.X while the IPMI ip of those servers is 192.140.X.X. I wonder if its possible to create a tool that will open https://192.140.X.X without configuring this IP on each server. If I understan...
Thank you.
I found the problem it's a bug in version 4 beta3.
In 3.5 it's working.
The strange part that it's working after upgrade as well.
So all I needed to do is install 3.5 and upgrade to 4.
Hi All, I'm currently using dude 4 beta 3 and it's rocks :D . After spending a few hours trying o display batch file output value under the device appearance I decided to write this post. Does anyone able to succeed in displaying execute function of any exe/batch file under device appreance? I'm all...
Hi All, I'm adding a latency function to the appearance of a server. Ping time= [array_element(ping(device_property("FirstAddress")),0] The problem is that this is done from the local dude server and not from the agent. So I see two options here. 1. Use the ping probe value and display it ...