Community discussions

MikroTik App

Search found 100 matches

by Toby7
Fri Apr 19, 2019 3:59 pm
Forum: General
Topic: Debugging NTP issue with packet sniffer [SOLVED]
Replies: 4
Views: 1035

Re: Debugging NTP issue with packet sniffer [SOLVED]

You won't belive what causes this issue :shock: :shock: :shock: It were two HP switches! One HP 1810-24G and another HP 1820-24G. There is a feature called "Storm Control" and "Auto DoS". Both were enabled. Disabling it solves the issue, all NTP Clients are working now! WTF.... I have been investing...
by Toby7
Mon Apr 08, 2019 11:07 pm
Forum: General
Topic: Debugging NTP issue with packet sniffer [SOLVED]
Replies: 4
Views: 1035

Re: Debugging NTP issue with packet sniffer [SOLVED]

Thanks for your reply. Well I see leaving NTP Packets on my Win10 machine with target IP main router with NTP Server(192.168.0.254). On the router I have set this log rule and I can see arriving NTP packets but not from the win10 machine (192.168.0.110). As mentioned ping and everything else is work...
by Toby7
Fri Apr 05, 2019 8:36 pm
Forum: General
Topic: Debugging NTP issue with packet sniffer [SOLVED]
Replies: 4
Views: 1035

Debugging NTP issue with packet sniffer [SOLVED]

Hi, I am struggling with an NTP issue since a long time and I am not able to solve it. I have an main router RB3011 which is connected to the internet by PPPoE/VDSL. It receives its time by an external NTP Server. This works like a charm, the NTP client says sychronized. Now I want to distribute thi...
by Toby7
Fri Sep 14, 2018 4:13 pm
Forum: General
Topic: VLAN, Bridge, HW Offload and Trunk Ports [SOLVED]
Replies: 12
Views: 6454

Re: VLAN, Bridge, HW Offload and Trunk Ports [SOLVED]

Great it works! Thanks a lot! I struggled a lot with this new vlan/bridge and hardware offloading stuff, it a steep learning curve :( Maybe the mikrotik guys should add such a config to the wiki, I think a lot of people are having issues here.. /interface bridge add fast-forward=no name=bridge1 prot...
by Toby7
Fri Sep 14, 2018 3:05 pm
Forum: General
Topic: VLAN, Bridge, HW Offload and Trunk Ports [SOLVED]
Replies: 12
Views: 6454

Re: VLAN, Bridge, HW Offload and Trunk Ports [SOLVED]

if you want to use hw offloading, put every port in coresponding bridge, configure each port in switch chip as secure including switch chip. Every VLAN that needs to reach the router must be configured in switch vlan. leave one port extra for management until everything works! So now every VLAN get...
by Toby7
Fri Sep 14, 2018 1:54 pm
Forum: General
Topic: VLAN, Bridge, HW Offload and Trunk Ports [SOLVED]
Replies: 12
Views: 6454

Re: VLAN, Bridge, HW Offload and Trunk Ports [SOLVED]

You have to add switch-cpu to the list of ports in switch vla for VLAN id 100 ... or else switch chip doesn't communicate it with bridge. This part is missing from config you posted above. I have added them meanwhile as you said but DHCP does not get an IP address /interface bridge add fast-forward...
by Toby7
Thu Sep 13, 2018 11:41 pm
Forum: General
Topic: VLAN, Bridge, HW Offload and Trunk Ports [SOLVED]
Replies: 12
Views: 6454

Re: VLAN, Bridge, HW Offload and Trunk Ports [SOLVED]

Hm a bridge with disabled VLAN filtering does not have a PVID. Or am I misunderstanding something? You simply cannot set them. Now I have added a vlan100 interface on my bridge. A dhcp client on this interface does not get an IP address. It should work because VLAN id 100 is attached to switch1cpu i...
by Toby7
Thu Sep 13, 2018 10:54 pm
Forum: General
Topic: VLAN, Bridge, HW Offload and Trunk Ports [SOLVED]
Replies: 12
Views: 6454

Re: VLAN, Bridge, HW Offload and Trunk Ports [SOLVED]

Well I have already considered changing my homenet vlan to something else than 1 for all devices. But this is a lot for work to do :( I would like to find another solution/explanation Another issue, I have just noticed that my vlan100 is not forwarded to the router on the stick on ether2. There a DH...
by Toby7
Thu Sep 13, 2018 10:31 pm
Forum: General
Topic: VLAN, Bridge, HW Offload and Trunk Ports [SOLVED]
Replies: 12
Views: 6454

VLAN, Bridge, HW Offload and Trunk Ports [SOLVED]

Hi, I am using a RB750 GL with ROS 6.43. ether1 is a trunk port with Vlan 1/100/200/300/400/500. ether2 should be a tagged trunk "out" so all the vlans from trunk ether1 are switched to ether2. ether3-5 are untagged and should not be the focus of the question. Here is my config: /interface bridge ad...
by Toby7
Wed Sep 05, 2018 11:29 pm
Forum: General
Topic: Import config on RouerOS 6.42.7 stops [SOLVED]
Replies: 12
Views: 1761

Re: Import config on RouerOS 6.42.7 stops [SOLVED]

Thanks a lot for your information!
by Toby7
Tue Sep 04, 2018 5:12 pm
Forum: General
Topic: Import config on RouerOS 6.42.7 stops [SOLVED]
Replies: 12
Views: 1761

Re: Import config on RouerOS 6.42.7 stops [SOLVED]

OK importing the backup was successful. So far so good. The wiki recommends to do a netinstall when "device is not working properly". Well I did so and my issues regarding winbox still persist. https://wiki.mikrotik.com/wiki/Manual:Netinstall So is importing the config as backup the better way to do...
by Toby7
Sun Sep 02, 2018 6:56 pm
Forum: General
Topic: Import config on RouerOS 6.42.7 stops [SOLVED]
Replies: 12
Views: 1761

Re: Import config on RouerOS 6.42.7 stops [SOLVED]

good idea :D
by Toby7
Sun Sep 02, 2018 5:09 pm
Forum: General
Topic: Import config on RouerOS 6.42.7 stops [SOLVED]
Replies: 12
Views: 1761

Re: Import config on RouerOS 6.42.7 stops [SOLVED]

I will try it but its no good solution for being in hurry when you have to replace an existing router :lol:
by Toby7
Sun Sep 02, 2018 4:57 pm
Forum: General
Topic: Import config on RouerOS 6.42.7 stops [SOLVED]
Replies: 12
Views: 1761

Re: Import config on RouerOS 6.42.7 stops [SOLVED]

Well I have a binary backup but I thought it is better to just import the config so that any side effects regarding configuration are gone. For me a import script is like setting up the device from the beginning. For me a device independent script should be more reliable in case of disaster recovery...
by Toby7
Sun Sep 02, 2018 4:22 pm
Forum: General
Topic: Import config on RouerOS 6.42.7 stops [SOLVED]
Replies: 12
Views: 1761

Import config on RouerOS 6.42.7 stops [SOLVED]

Hi, I have problems importing an RouterOS configuration from ROS 6.42.7. This config was running on a RB750GL and there I saw some strange errors so I wanted to reinstall the router from sratch. At first I did a "export compact" to save the config. Then I used netinstall to reinstall the RouterOS 6....
by Toby7
Fri Aug 17, 2018 11:32 am
Forum: General
Topic: Winbox on Win10: Devices with RouterOS > 6.40 not showing up any more
Replies: 0
Views: 402

Winbox on Win10: Devices with RouterOS > 6.40 not showing up any more

Hi, I am using the latest WinBox 3.17 on Windows 10 and I have a lot of trouble that neigbor discovery inside Winbox ist not working like expected. My network contains several devices using ROS 6.40 and 6.42.6. All recently upgraded devices(6.42.6) are invisble from Winbox. I can ping them and conne...
by Toby7
Wed Aug 08, 2018 7:15 pm
Forum: General
Topic: Upgrade from 6.40 to 6.42.6: wAP ac not found in neighbor list in winbox
Replies: 4
Views: 1164

Re: Upgrade from 6.40 to 6.42.6: wAP ac not found in neighbor list in winbox

So meanwhile I did upgrade my second device a RB750GL, situation is the same. Everything is working except the winbox discovery?!
@Mikrotik
Are you aware of some bug in this area?


I don't want to factory reset all my devices and install from default settings again :shock:
by Toby7
Fri Aug 03, 2018 11:33 am
Forum: General
Topic: Upgrade from 6.40 to 6.42.6: wAP ac not found in neighbor list in winbox
Replies: 4
Views: 1164

Re: Upgrade from 6.40 to 6.42.6: wAP ac not found in neighbor list in winbox

I have done a second reboot without success.
Even recreation of the interface list does not help :(

It's just the "/Tools / MAC Server / MAC Winbox Server" which controls the neighbor visibility right?
by Toby7
Tue Jul 31, 2018 9:15 pm
Forum: General
Topic: Upgrade from 6.40 to 6.42.6: wAP ac not found in neighbor list in winbox
Replies: 4
Views: 1164

Re: Upgrade from 6.40 to 6.42.6: wAP ac not found in neighbor list in winbox

were there any changes related to this topic in the past firmware releases?
by Toby7
Sat Jul 28, 2018 5:27 pm
Forum: General
Topic: Upgrade from 6.40 to 6.42.6: wAP ac not found in neighbor list in winbox
Replies: 4
Views: 1164

Upgrade from 6.40 to 6.42.6: wAP ac not found in neighbor list in winbox

Hi, I am running an wAP ac in a capsman setup. It was running perfect with router os 6.40, I was able to see the device in the winbox search list and could connect to it. Some days ago I did an upgrade to router os version 6.42.6. Afterwards everything was working except the neighbour discovery. Whe...
by Toby7
Fri Dec 15, 2017 7:16 pm
Forum: Beginner Basics
Topic: wAP AC in CAP mode: no ping to 8.8.8.8
Replies: 2
Views: 789

Re: wAP AC in CAP mode: no ping to 8.8.8.8

Thanks a lot this was the issue. But it is very bad usability that the IP address is getting accepted even without the "/24" suffix....
by Toby7
Wed Dec 13, 2017 11:43 pm
Forum: Beginner Basics
Topic: wAP AC in CAP mode: no ping to 8.8.8.8
Replies: 2
Views: 789

wAP AC in CAP mode: no ping to 8.8.8.8

Hi, I have a wAP AC controlled by a CAPsMAN. It is connected to a VLAN trunk containing VLAN 1,100,200,300,400 and 500. The wireless stuff regarding the capsman works so far very well. But I have a problem pinging the internet (8.8.8.8) and getting internet access from the mikrotik device. I want to...
by Toby7
Fri Feb 10, 2017 11:58 pm
Forum: Beginner Basics
Topic: EOIP over IPSEC TWO RB750
Replies: 21
Views: 13871

Re: EOIP over IPSEC TWO RB750

If you are sure firewall is not stopping any packets then enable IPSec in the logs and see what is happening.


Sent from my iPhone using Tapatalk
If I do that I see this "phase1 negotiation failed due to time up..." error coming all 30 seconds.... Hm I will verify the firewall rules tomorrow.
by Toby7
Fri Feb 10, 2017 1:10 pm
Forum: Beginner Basics
Topic: EOIP over IPSEC TWO RB750
Replies: 21
Views: 13871

Re: EOIP over IPSEC TWO RB750

Hmmm, ok well you have the basics right it seems. I did some looking around and found this link which may help - http://forum.mikrotik.com/viewtopic.php?t=88033 I wonder if you have some peer settings left over from earlier attempts. Try the following and see if it helps... 1. Disable IPSEC in the ...
by Toby7
Tue Feb 07, 2017 10:56 pm
Forum: General
Topic: EoIP with IPsec: phase1 negotiation failed due to time up
Replies: 1
Views: 4519

Re: EoIP with IPsec: phase1 negotiation failed due to time up

Meanwhile I can say that it works with wired ethernet. In contrast when the EoIP Remote Address is connect by Wifi the tunnel fails. I did move both ends of the EoIP tunnel to the same network so that there is no firewall in between. The wifi is connected in station mode to a caps managed network......
by Toby7
Thu Feb 02, 2017 7:34 pm
Forum: General
Topic: NTP Server/Client problems
Replies: 0
Views: 1102

NTP Server/Client problems

Hi, again I have to start a topic about a NTP Server and Client issue. It really drives me crazy because I have spent days to find the problem but I cannot get it working. There is a RB3011(192.168.0.254) which acts as a NTP Server in my local net 192.168.0.0/24. Here is the NTP server export(ROS 6....
by Toby7
Sun Jan 29, 2017 7:37 pm
Forum: General
Topic: EoIP with IPsec: phase1 negotiation failed due to time up
Replies: 1
Views: 4519

EoIP with IPsec: phase1 negotiation failed due to time up

Hi, I want to set up an encrypted EoIP connection between an mAP2n and my RB3011. The RB3011(IPs are 10.0.128.254 and 192.158.0.254) is a central router with several subnets attached, on of them is 10.0.128.0/24. The mAP2n is connected to the RB3011 by wireless connection(CAPsMan). It is configured ...
by Toby7
Sat Dec 17, 2016 6:32 pm
Forum: General
Topic: Wireless bridge in CAPsMAN network
Replies: 4
Views: 1586

Re: Wireless bridge in CAPsMAN network

Currently I am testing the wireless bridge feature with EoIP. But I do have some trouble... Here is the setup: <=======EoIP Tunnel IPv4======>bridge eth1 and eth2 <====ethernet cable====> devices CoreRouter <==== wireless link====> mAP2n 192.168.0.254(ether2) 192.168.0.205 (wlan) The EoIP tunnel bet...
by Toby7
Mon Dec 12, 2016 10:11 pm
Forum: General
Topic: Wireless bridge in CAPsMAN network
Replies: 4
Views: 1586

Re: Wireless bridge in CAPsMAN network

Here is a config script which sets the level to kick a client at -80dBm. Run this on the CAPsMAN controller router, not on any of the CAPs. Obviously the exact level chosen is up to you, but I find that -80dBm is not a bad starting position for experimentation. /caps-man access-list add action=acce...
by Toby7
Mon Dec 12, 2016 10:10 pm
Forum: General
Topic: VLAN trunk port with switch chip
Replies: 18
Views: 7200

Re: VLAN trunk port with switch chip

I must say I dont understand exactly what you mean. I thought that your trunk port will always be up (ether1) and setting address on interface ether1 solves your problem. .. but if it works for you then use your approach. Well if setting the IP address on ether1 directly works in the same way than ...
by Toby7
Sun Dec 11, 2016 7:22 pm
Forum: General
Topic: Wireless bridge in CAPsMAN network
Replies: 4
Views: 1586

Re: Wireless bridge in CAPsMAN network

This link here says you should not do that whenever possible: http://wiki.mikrotik.com/wiki/Manual:Wi ... eudobridge
I would feel better if there is another alternative. :D
by Toby7
Sun Dec 11, 2016 3:32 pm
Forum: General
Topic: Wireless bridge in CAPsMAN network
Replies: 4
Views: 1586

Wireless bridge in CAPsMAN network

Hi, my current network setup contains a 192.168.0.0/24 network which has two CAPs devices running which are managed by a CAPsMAN (192.168.0.254). Now I want to add an mAP2n which provides a wireless bridge for two devices which are connected to them by ether1 and ether2. What is most stuitable techn...
by Toby7
Sun Dec 11, 2016 3:15 pm
Forum: General
Topic: VLAN trunk port with switch chip
Replies: 18
Views: 7200

Re: VLAN trunk port with switch chip

The reason for setting my management IP on a vlan interface on the trunk port is that this trunk port is always up an running, thus I can connect to my switch. If I use an untagged port for that which is not always up and running I cannot connect to my device.
by Toby7
Sat Dec 10, 2016 5:30 pm
Forum: General
Topic: VLAN trunk port with switch chip
Replies: 18
Views: 7200

Re: VLAN trunk port with switch chip

I dont understand what you mean exactly. Your ports ether1 and ether2 are configured the same (i dont see any rules.. if you have them delete them and try). I dont have so much expierience in CAPsMAN setups.. but set default VLAN ID to 0 in switch - port. You havent specified it..Maybe this is prob...
by Toby7
Wed Dec 07, 2016 9:09 pm
Forum: General
Topic: VLAN trunk port with switch chip
Replies: 18
Views: 7200

Re: VLAN trunk port with switch chip

Here is my config for now: /interface ethernet set [ find default-name=ether1 ] name=ether1_trunk set [ find default-name=ether2 ] master-port=ether1_trunk name=\ ether2_trunk_out set [ find default-name=ether3 ] master-port=ether1_trunk name=\ ether3_Heimnetz set [ find default-name=ether4 ] master...
by Toby7
Thu Dec 01, 2016 10:35 pm
Forum: General
Topic: VLAN trunk port with switch chip
Replies: 18
Views: 7200

Re: VLAN trunk port with switch chip

Thanks a lot for your efforts! I will continue with this topic on monday because I am on vacation until sunday.... Hopefully I can make it work :)
by Toby7
Tue Nov 29, 2016 7:32 pm
Forum: General
Topic: VLAN trunk port with switch chip
Replies: 18
Views: 7200

Re: VLAN trunk port with switch chip

This is very strange, I did configure my management IP like described here http://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Management_IP_Configuration and it does not work. I do even see the MAC address belonging to the IP I want to ping in the /switch host table. But looking at the ARP li...
by Toby7
Mon Nov 28, 2016 10:01 pm
Forum: General
Topic: VLAN trunk port with switch chip
Replies: 18
Views: 7200

Re: VLAN trunk port with switch chip

Well that depends on the point of view. A programmer knows that good named variable is self-explanatory, the same is with interface names. etherX in a dropdown menu does not tell me whats this interface for... But enough off topic, I want to solve my VLAN problem :)
by Toby7
Mon Nov 28, 2016 7:44 pm
Forum: General
Topic: VLAN trunk port with switch chip
Replies: 18
Views: 7200

Re: VLAN trunk port with switch chip

I think VLAN1 on Procurve is "native" VLAN. native VLAN on RouterOS is VLAN 0. So set it to VLAN0. But I am transferring the native VLAN 1 as a normal tagged VLAN towards the MikroTik. So in my opinion the correct VLAN ID is important? All the traffic coming in in ether1 is tagged VLAN traffic. Als...
by Toby7
Sun Nov 27, 2016 3:17 pm
Forum: General
Topic: VLAN trunk port with switch chip
Replies: 18
Views: 7200

VLAN trunk port with switch chip

Hi, I have trouble with my RB750GL used in a VLAN network configuration. There are 6 VLANs (ID 1, 100, 200, 300, 400, 500) which should be handled by this routerboard with its internal switch chip. So I want to do native switching without any (software)bridges. ether1 is configured as a tagged trunk...
by Toby7
Sat Oct 22, 2016 10:40 pm
Forum: General
Topic: IPv6 ND: Transparent link between Capsman AP and mAP2n
Replies: 0
Views: 431

IPv6 ND: Transparent link between Capsman AP and mAP2n

Hi, I want to connect a VoIP device to the existing IPv6 network. This device should receive a IPv6 address by using stateless auto config. Basically this works if I connect the VoIP device to the local LAN interfaces of the RB3011. The wireless network is configured as CAP interface runnning in acc...
by Toby7
Mon Oct 17, 2016 11:14 pm
Forum: General
Topic: VoIP and NAT, no connection
Replies: 5
Views: 3486

Re: VoIP and NAT, no connection

Meanwhile I did som further investigation of the issue. The software StarTrinity SIPTester is able to register the SIP number on my local PC. The I tried to get PhonerLite running but it could not even register the SIP number. The strange thing here is that I do not see outgoing UDP packets on my WA...
by Toby7
Sun Oct 16, 2016 6:04 pm
Forum: General
Topic: VoIP and NAT, no connection
Replies: 5
Views: 3486

VoIP and NAT, no connection

Hi, I am very frustrated with the problems I have with my Mikrotik Router and VoIP. The RB3011 hast connected a Vigor V120 modem which is used for setting up the internet connection. There is src NAT as well as some firewall rules. Now I wanted to use VoIP by sipgate behind the NAT in my home networ...
by Toby7
Mon Oct 03, 2016 10:19 pm
Forum: General
Topic: PPPoE IPv6 address / Dual stack
Replies: 1
Views: 1147

PPPoE IPv6 address / Dual stack

Hi, my local ISP provides a dual stack configuration for my internet access by ADSL. I wann test this but I am not able to get a IPv6 address. The PPPoE connection is running fine and there I get a valid IPv4 address. Now the question is how to a IPv6 address? I set up an DHCPv6 Client on the PPPoE ...
by Toby7
Tue Sep 06, 2016 4:10 pm
Forum: General
Topic: Slow browsing, DNS issues
Replies: 6
Views: 3673

Re: Slow browsing, DNS issues

The rules were taken from here: http://wiki.mikrotik.com/wiki/Tips_and_Tricks_for_Beginners_and_Experienced_Users_of_RouterOS#Firewall You are right the make no sense for me too if I have an closer look. Now I did it in that way you said, it is more comprehensible to me: chain=input action=accept co...
by Toby7
Mon Sep 05, 2016 2:24 pm
Forum: General
Topic: Slow browsing, DNS issues
Replies: 6
Views: 3673

Re: Slow browsing, DNS issues

Its just sporadic and just some sites. I read a lot of problems like that in the forum but I have no idea what to do. I could use the google dns in DHCP DNS settings then I would override my ROS DNS cache, correct? But i dont' wanna do that because I like the idea of cached DNS....
by Toby7
Mon Sep 05, 2016 2:09 pm
Forum: General
Topic: Slow browsing, DNS issues
Replies: 6
Views: 3673

Re: Slow browsing, DNS issues

ROS is 6.37rc27.... Yes DNS cache on ROS is used. Here are the results: Final benchmark results, sorted by nameserver performance: (average cached name retrieval speed, fastest to slowest) 192.168. 0.254 | Min | Avg | Max |Std.Dev|Reliab%| ----------------+-------+-------+-------+-------+-------+ + ...
by Toby7
Mon Sep 05, 2016 1:37 pm
Forum: General
Topic: Slow browsing, DNS issues
Replies: 6
Views: 3673

Slow browsing, DNS issues

Hi, on my RB3011 I face some issues with every client that browsing is slow. I am using the DNS server that my ISP assigns by PPPoE "using peer dns". When I open a site sometimes its working quite fast another time the "small circle" in a firefox tab is spinning and the website does not appear... It...
by Toby7
Mon Sep 05, 2016 1:19 pm
Forum: General
Topic: Multiple Subnets, blocking access among them, best practice?
Replies: 2
Views: 528

Re: Multiple Subnets, blocking access among them, best practice?

Ah thats a quite good idea, I will try that....
by Toby7
Sun Sep 04, 2016 5:39 pm
Forum: General
Topic: Multiple Subnets, blocking access among them, best practice?
Replies: 2
Views: 528

Multiple Subnets, blocking access among them, best practice?

Hi, I have several different subnets attached to my RB3011 which controls my home network. The question now is how do control access among the subnets in a suitable way. Currently there is one PPPoE WAN connection which has a srcnat and some firewall rules. At the beginning the dynamically created r...
by Toby7
Sun Sep 04, 2016 4:40 pm
Forum: General
Topic: [Solved] PPPoE Client: Cannot connect, PADO with unknown host-uniq, dropping
Replies: 1
Views: 1376

Re: PPPoE Client: Cannot connect, PADO with unknown host-uniq, dropping

After upgrading to 6.37 rc27 and enabling pap authentication it works...
by Toby7
Sun Sep 04, 2016 4:38 pm
Forum: General
Topic: [Solved] ROS 6.36: NTP Client not working
Replies: 3
Views: 1296

Re: ROS 6.36: NTP Client not working

Problem is solve now. It seems that the FritzBox was blocking this traffic somehow. Now I use bridged modem connected to the RB3011 and it works...
by Toby7
Thu Sep 01, 2016 11:04 pm
Forum: General
Topic: [Solved] PPPoE Client: Cannot connect, PADO with unknown host-uniq, dropping
Replies: 1
Views: 1376

[Solved] PPPoE Client: Cannot connect, PADO with unknown host-uniq, dropping

Hi, I am trying to setup a PPPoE client connection to my ISP over a VDSL line. My router is a RB3011UiAS connected to a Draytek Vigor V130 running in bridged mode. The V130 is synchronized with the other endpoint and does show me a running VDSL line on the physical layer. When I setup the PPPoE conn...
by Toby7
Thu Aug 25, 2016 5:23 pm
Forum: General
Topic: [Solved] ROS 6.36: NTP Client not working
Replies: 3
Views: 1296

Re: ROS 6.36: NTP Client not working

@Mikrotik
I am reading of a lot of NTP issues in RouterOS. Are you still investigating this issue or do you see it as solved? Currently I don't know how to debug this problem further. Should I send a Supout.rif?
by Toby7
Tue Aug 23, 2016 8:56 pm
Forum: General
Topic: [Solved] ROS 6.36: NTP Client not working
Replies: 3
Views: 1296

[Solved] ROS 6.36: NTP Client not working

Hi, I am trying to get my NTP Client running on two different Mikrotik devices but non of them work. Both have ROS 6.36, one device is a mAP, the other one a RB3011. The mAP uses Tool/SNTP Client with NTP Server "0.de.pool.ntp.org" which resolves in IP 148.251.68.100. After doing apply nothing is ge...
by Toby7
Sun Feb 09, 2014 4:58 pm
Forum: General
Topic: Problem on WAN failover without scripting
Replies: 4
Views: 2315

Problem on WAN failover without scripting

Hi all, I am trying to do a WAN failover for my home network without any scripts/netwatch. My setup is adopted from this tutorial: http://wiki.mikrotik.com/wiki/Advanced_Routing_Failover_without_Scripting#Basic_Setup There are two separate ADSL connections for failover. If I enable/disable the route...
by Toby7
Thu Jan 30, 2014 1:09 am
Forum: RouterBOARD hardware
Topic: Port flapping Sextant G5-HnD
Replies: 6
Views: 2049

Re: Port flapping Sextant G5-HnD

How do I recognize the newer ones? Mine has a solid metal connector like the one on the picture three posts above. But back to my never ending story. I did test another PoE injector from a Mikrotik BaseBox2(RB912UAG-2HPnD-OUT). Result was the same, port flapping all the time. Later on my buggy Sexta...
by Toby7
Mon Jan 27, 2014 5:20 pm
Forum: RouterBOARD hardware
Topic: Port flapping Sextant G5-HnD
Replies: 6
Views: 2049

Re: Port flapping Sextant G5-HnD

Yes I use them. Are they buggy? Which one do you recommend?
by Toby7
Mon Jan 27, 2014 12:51 am
Forum: RouterBOARD hardware
Topic: Port flapping Sextant G5-HnD
Replies: 6
Views: 2049

Re: Port flapping Sextant G5-HnD

Yes it has shielded connectors(CAT6). The same type of patch cable is in use on the other sextant on the PtP. This one works well...
But nevertheless I can give it a try...
What about the PoE injector? May that be the cause of failure?
by Toby7
Sun Jan 26, 2014 5:15 pm
Forum: RouterBOARD hardware
Topic: Port flapping Sextant G5-HnD
Replies: 6
Views: 2049

Port flapping Sextant G5-HnD

Hello all, I have a big problem with the famous port flapping in RouterOS. My installation consists of two Sextant G5-HnD, one of them is connected via Ethernet to an RB750GL the other one to a RB751U-2HnD. Only of the Sextants is making problems. Between the RB751U-2HnD and the error prone Sextant ...
by Toby7
Wed Jan 15, 2014 12:07 am
Forum: General
Topic: 2 WAN interfaces: Force WAN ping to go the "outside way"
Replies: 3
Views: 2055

Re: 2 WAN interfaces: Force WAN ping to go the "outside way"

In the last time I thougth about that problem again. It must be a kind of privilege problem. Because the pppoe connection creates a DAC route this DAC route is always preferred as over them my target IP can be reached(target IP is the external visible IP from the pppoe connection). Even routing mark...
by Toby7
Tue Jan 14, 2014 10:02 pm
Forum: General
Topic: Firewall filter rules and nmap scan results
Replies: 12
Views: 4426

Re: Firewall filter rules and nmap scan results

Another input from my side. The pppoe connection is done over a Draytek Vigor 120v2 ADSL modem. Has this device something to do with the open ports?
by Toby7
Mon Jan 13, 2014 1:16 am
Forum: General
Topic: Firewall filter rules and nmap scan results
Replies: 12
Views: 4426

Re: Firewall filter rules and nmap scan results

The namp -sT test now show a different result:

PORT STATE SERVICE
25/tcp open smtp
80/tcp open http
110/tcp open pop3
143/tcp open imap
993/tcp open imaps
8080/tcp open http-proxy

Less open ports but still now explanation for them... No changes were made to routing-marks etc. :(
by Toby7
Sat Jan 11, 2014 9:18 pm
Forum: General
Topic: Firewall filter rules and nmap scan results
Replies: 12
Views: 4426

Re: Firewall filter rules and nmap scan results

I'll give a try again tomorrow. Normally the open ports are still visible... Hm strange if routing marks affect open firewall ports.
May there be a bug in nmap causing supposedly open ports which are invisible?
by Toby7
Thu Jan 09, 2014 7:18 pm
Forum: General
Topic: Firewall filter rules and nmap scan results
Replies: 12
Views: 4426

Re: Firewall filter rules and nmap scan results

nmap command is nmap -sT as you said. /ip address print # ADDRESS NETWORK INTERFACE 0 192.168.0.254/24 192.168.0.0 ether2_homenet 1 192.168.128.254/24 192.168.128.0 ether3_telekom 2 10.0.128.254/24 10.0.128.0 vlan100_ether5 3 10.0.192.254/24 10.0.192.0 vlan200_ether5 4 D 192.168.179.21/24 192.168.17...
by Toby7
Wed Jan 08, 2014 6:12 pm
Forum: RouterBOARD hardware
Topic: Which router for later 802.11ac upgrade?
Replies: 3
Views: 1809

Re: Which router for later 802.11ac upgrade?

Good to hear that my decision was correct :) Now I just need two omni antennas. Are there variants with higher vertical beam width? Standard is 16°...
My signal should reach the users also near the antennas.
by Toby7
Tue Jan 07, 2014 7:29 pm
Forum: RouterBOARD hardware
Topic: Which router for later 802.11ac upgrade?
Replies: 3
Views: 1809

Which router for later 802.11ac upgrade?

Hi all, I need to expand wireless network with a new outdoor router. Because currently no 802.11ac router frim mikrotik is available I'd like to buy a board which I can upgrade later. Later on when the 802.11ac radios are available upgrading with miniPCIe card could do the job? What do you think? As...
by Toby7
Tue Jan 07, 2014 1:08 am
Forum: General
Topic: Firewall filter rules and nmap scan results
Replies: 12
Views: 4426

Re: Firewall filter rules and nmap scan results

Here are the exports: /interface print # NAME TYPE MTU L2MTU MAX-L2MTU MAC-ADDRESS 0 R ether1_fritzbox ether 1500 1598 4074 00:0C:42:C1:F9:9D 1 R ether2_homenet ether 1500 1598 4074 00:0C:42:C1:F9:9E 2 R ether3_telekom ether 1500 1598 4074 00:0C:42:C1:F9:9F 3 R ether4_modem_telekom ether 1500 1598 4...
by Toby7
Sun Jan 05, 2014 5:10 pm
Forum: General
Topic: 2 WAN interfaces: Force WAN ping to go the "outside way"
Replies: 3
Views: 2055

Re: 2 WAN interfaces: Force WAN ping to go the "outside way"

So the mangle rules work properly, I see the increasing counter. But still there is only one hop to the destination IP. The route is added in the correct table. Now if I disable the route the result is still the same. It seems to me like the routing doesn't work... But If I set the routing mark for ...
by Toby7
Sun Jan 05, 2014 4:22 pm
Forum: General
Topic: Firewall filter rules and nmap scan results
Replies: 12
Views: 4426

Re: Firewall filter rules and nmap scan results

No there are just the firewall --> service ports enabled. I thought they should be a kind of nat helper which you better do no disable. The scan goes toward the local adress of the pppoe client. According to my knowledge this is the WAN IP? I used android tethering(mobile network) as internet connec...
by Toby7
Sat Jan 04, 2014 4:37 pm
Forum: General
Topic: Firewall filter rules and nmap scan results
Replies: 12
Views: 4426

Firewall filter rules and nmap scan results

Hello, I am currently working on my firewall improvements. There is a PPPoE connection to my ISP. My router is configured as source nat with filter rules. Currently I have only the basic filter rules which are recommended in the book "Router OS by example". 0 ;;; ### chain=input action=drop connecti...
by Toby7
Fri Jan 03, 2014 6:23 pm
Forum: General
Topic: 2 WAN interfaces: Force WAN ping to go the "outside way"
Replies: 3
Views: 2055

2 WAN interfaces: Force WAN ping to go the "outside way"

Hi all, I have an setup with two WAN connections. Each subnet has its own WAN interface. The PPPoE-TelekomDSL WAN interface is a PPPoE connection from the central RB750GL router. It is the WAN interface for the Telekom subnet. The second WAN interface is a gateway router(192.168.0.240) doing its own...
by Toby7
Thu Sep 19, 2013 11:35 pm
Forum: General
Topic: Mikrotik Open Ports with nmap
Replies: 10
Views: 4958

Re: Mikrotik Open Ports with nmap

Sorry for my late answer... The topic is still not solved so I am glad to help. Here is my NAT rule: chain=srcnat action=masquerade src-address=192.168.128.0/24 out-interface=PPPoE-TelekomDSL Filter rules: chain=input action=accept src-address-list=TelekomDSL_Subnet in-interface=PPPoE-TelekomDSL cha...
by Toby7
Thu Sep 12, 2013 10:07 pm
Forum: General
Topic: Mikrotik Open Ports with nmap
Replies: 10
Views: 4958

Re: Mikrotik Open Ports with nmap

Meanwhile I did another research on this topic. Even if I drop all packets on th input and forward chain on this specific pppoe interface, the ports are still open?!
What's wrong here :?
There is an source nat setup on this port but that should not matter..
by Toby7
Tue Sep 10, 2013 10:04 pm
Forum: General
Topic: Mikrotik Open Ports with nmap
Replies: 10
Views: 4958

Re: Mikrotik Open Ports with nmap

So far I have this 'input' rules: /ip firewall filter chain=input action=accept src-address-list=TelekomDSL_Subnet in-interface=PPPoE-TelekomDSL chain=input action=accept src-address-list=TelekomDSL_Subnet in-interface=ether3_telekom chain=input action=accept connection-state=established in-interfac...
by Toby7
Tue Sep 10, 2013 9:28 pm
Forum: General
Topic: Mikrotik Open Ports with nmap
Replies: 10
Views: 4958

Re: Mikrotik Open Ports with nmap

Yes you are right I am responsible for the firewall. This is the reason why I want to learn this behaviour with IP services...... What's the use of those settings in IP Services when the ports are visible nevertheless?! I did allow access on the IP services only from the local lan, but nmap shows me...
by Toby7
Mon Sep 09, 2013 7:10 pm
Forum: General
Topic: Mikrotik Open Ports with nmap
Replies: 10
Views: 4958

Mikrotik Open Ports with nmap

Hello, as I have configured a firewall for my PPoE DSL connection I did some research on them with nmap. There were some opcisco-en ports: ssh cisco-sccp http and two others which I don't remember at the moment. To my astonishment the ssh and http port seem to correlate with enabling/disabling the "...
by Toby7
Tue Sep 03, 2013 6:39 pm
Forum: General
Topic: New Packet flow diagram
Replies: 103
Views: 76971

Re: New Packet flow diagram

One addon from my point of view: I would like to have colours in the picture, they make the boxes much more clearer! :)
PDF is also a good point. Please publish a vector graphics inside the PDF so that we can enjoy a real wallpaper :D

Thank you!
by Toby7
Fri Aug 02, 2013 12:34 am
Forum: General
Topic: Ping PPPoE WAN Connection from Internet
Replies: 7
Views: 4301

Re: Ping PPPoE WAN Connection from Internet

Ok I solved my problem :D Looks like there was a missing backroute in combination with a missing mangle rule. When I mark the incoming packets of the PPPoE connection with a routing mark the external ping was successful. But then suddenly the ping from my subnet to internet failed. Another static ro...
by Toby7
Wed Jul 31, 2013 11:21 pm
Forum: General
Topic: Ping PPPoE WAN Connection from Internet
Replies: 7
Views: 4301

Re: Ping PPPoE WAN Connection from Internet

Are you trying to ping your WAN ip from your lan side? Neither my mobile phone nor my second DSL wan connection are working. I use the tools/ping command with out interface ether2. There is a second router connected which acts as gateway for the second wan connection. Tracert shows me the way it go...
by Toby7
Wed Jul 31, 2013 11:06 pm
Forum: General
Topic: Ping PPPoE WAN Connection from Internet
Replies: 7
Views: 4301

Re: Ping PPPoE WAN Connection from Internet

Hm when I see the rules everything seems very clear and easy :) But it doesn't work.
The strange in my situation is that the torch command only sees the incoming icmp, no outgoing?!
by Toby7
Wed Jul 31, 2013 10:01 pm
Forum: General
Topic: Ping PPPoE WAN Connection from Internet
Replies: 7
Views: 4301

Ping PPPoE WAN Connection from Internet

Hi, my RB750GL is connected to the ISP by a normal PPPoE connection. This works and I get an external IP. The LAN side consists of one internal subnet(192.168.128.0/24) which should get internet accees through the PPPoE gateway. Currently the only client gets internet access without problems. In ord...
by Toby7
Fri Nov 09, 2012 12:20 am
Forum: RouterBOARD hardware
Topic: Poor mechanical design of SEXTANT G-5HnD
Replies: 28
Views: 8342

Re: Poor mechanical design of SEXTANT G-5HnD

Hi Support Team,

I have written an E-Mail to http://www.mikrotik-shop.de / FMS Internet-Service already 4 days ago without any response. :?
Can you please get in contact with them? A certified MikroTik shop should provide a better service to customers....

Toby
by Toby7
Mon Nov 05, 2012 11:37 pm
Forum: RouterBOARD hardware
Topic: Poor mechanical design of SEXTANT G-5HnD
Replies: 28
Views: 8342

Re: Poor mechanical design of SEXTANT G-5HnD

Ok I have written an email to the reseller yesterday. Maybe I get an answer tomorrow...
by Toby7
Sun Nov 04, 2012 2:39 pm
Forum: RouterBOARD hardware
Topic: Poor mechanical design of SEXTANT G-5HnD
Replies: 28
Views: 8342

Re: Poor mechanical design of SEXTANT G-5HnD

There is a lot of fix to this issu, but MT should look into the real problem here. REALLY poor, cheep design. We send all our broken sextant back to distrubutor. The fix to sxt with bended input is nice, but sextant rj45 is really bad. Sometimes, to have a device as cheep as possible, is not the wa...
by Toby7
Sat Nov 03, 2012 8:48 pm
Forum: RouterBOARD hardware
Topic: Poor mechanical design of SEXTANT G-5HnD
Replies: 28
Views: 8342

Re: Poor mechanical design of SEXTANT G-5HnD

I meant the body housing :D Ok I got the PCB lying in front of me. Soldering seams to be easy? :? The small pins are close together... I will try soldering tomorrow. After that I will fix this ethernet jack with additional hot glue.
by Toby7
Sat Nov 03, 2012 8:19 pm
Forum: RouterBOARD hardware
Topic: Poor mechanical design of SEXTANT G-5HnD
Replies: 28
Views: 8342

Re: Poor mechanical design of SEXTANT G-5HnD

Are you using a booted cable? We have never had any problem but we don't put boots on our cables.

You could also very easily resolder the ethernet port back on.
Yes it is a normal CAT 6 patchcable. Without those protection I think there are no problems.
How can I open the case without damage?
by Toby7
Sat Nov 03, 2012 8:02 pm
Forum: RouterBOARD hardware
Topic: Poor mechanical design of SEXTANT G-5HnD
Replies: 28
Views: 8342

Re: Poor mechanical design of SEXTANT G-5HnD

Why bend it 90° twice? As I mentioned, we have installed these with thick outdoor FTP cables without any problems, just straight from the cable hole into the ethernet jack. Raid drop loop, cable reserve and everything else is then outside of the enclosure. While I agree that the mounting of the jac...
by Toby7
Sat Nov 03, 2012 7:24 pm
Forum: RouterBOARD hardware
Topic: Poor mechanical design of SEXTANT G-5HnD
Replies: 28
Views: 8342

Re: Poor mechanical design of SEXTANT G-5HnD

Of course I know the hole for the cable and I did use it :) The problem here is NOT how to get the cable out of the body housing but how to close the cover. A normal ethernet jack with bend protection is 35mm in length and then you have to add the minimum bend radius of the cable. In my case this wa...
by Toby7
Sat Nov 03, 2012 4:30 pm
Forum: RouterBOARD hardware
Topic: Poor mechanical design of SEXTANT G-5HnD
Replies: 28
Views: 8342

Poor mechanical design of SEXTANT G-5HnD

Hi MikroTik Support, a few hours ago I wanted to install two SEXTANT G-5HnD for a wireless PtP link. The configuration in a test setup was not the problem, but while installing them I nearly got all two devices bricked! The problem is the very bad mechanical design of the ethernet connectors which a...
by Toby7
Fri Oct 26, 2012 7:42 pm
Forum: Forwarding Protocols
Topic: VLAN in MPLS/VPLS over Wireless Link
Replies: 4
Views: 6270

Re: VLAN in MPLS/VPLS over Wireless Link

Thank you a lot it is working now. But I am not sure whether the MPLS MTU is correct? I did set it to 1530....
Can I check with torch whether fragmentation is active?
by Toby7
Fri Oct 19, 2012 10:52 pm
Forum: Forwarding Protocols
Topic: VLAN in MPLS/VPLS over Wireless Link
Replies: 4
Views: 6270

VLAN in MPLS/VPLS over Wireless Link

Hello MikroTik friends, I have a setup with a wireless link which transfers several VLANs. This link is done by two Sextant G-5HnD using Nv2 protocol, one unit operates in "ap bridge" mode the other in "station" mode. Until now the link is working well, but I am not sure how to transfer four VLANs o...
by Toby7
Tue Oct 02, 2012 11:27 pm
Forum: General
Topic: Mangle Routing to GW in same subnet
Replies: 0
Views: 647

Mangle Routing to GW in same subnet

Hi, here is my little routing problem. I have the RB750GL connected to subnet(192.168.128.0/24) on interface three. Finally there are three devices in the subnet: ISP Telekom DSL modem 192.168.128.240 VM Win XP 192.168.128.90 RB750GL port 3 192.168.128.254 The mikrotik device works as a dhcp server ...
by Toby7
Sun Jan 08, 2012 2:42 pm
Forum: General
Topic: Routing between two subnets
Replies: 11
Views: 23580

Re: Routing between two subnets

Ok the export process was successfull and yes the file has many lines :D But while trying different things I recognized that ping is possible but only to client 192.168.128.90 which is connected to ether3. The second device in subnet 192.168.128.0/24 is the DSL Router 192.168.128.240 (ISP 2). This o...
by Toby7
Sat Jan 07, 2012 11:41 am
Forum: General
Topic: Routing between two subnets
Replies: 11
Views: 23580

Re: Routing between two subnets

DHCP and DNS, nothing else.
Is there a possibility to export the complete configuration and edit them manually via notepad? In other words I delete everything not set by me...

Doing a complete reset would mean a lot of work :(
by Toby7
Sat Jan 07, 2012 1:31 am
Forum: General
Topic: Routing between two subnets
Replies: 11
Views: 23580

Re: Routing between two subnets

It is a problem of ICMP :shock:
The webinterface of a device in the 192.168.128.0/24 subnet is reachable!!!
by Toby7
Sat Jan 07, 2012 1:25 am
Forum: General
Topic: Routing between two subnets
Replies: 11
Views: 23580

Re: Routing between two subnets

what you need is static route for your ISP1 dsl router for subnet 2 (192.168.128.0/24) with gateway 192.168.0.254 otherwise ISP1 dsl router don't know return path for your subnet 2 I did set this route. But apart from that I should be able to ping between clients in two different subnet without usi...
by Toby7
Fri Jan 06, 2012 6:40 pm
Forum: General
Topic: Routing between two subnets
Replies: 11
Views: 23580

Re: Routing between two subnets

I see incoming icmp from ether2(192.168.0.0/24) but not outgoing on ether3(192.168.128.0/24) for destination 192.168.128.240.

Routerboard seems to swallow the packets!
by Toby7
Fri Jan 06, 2012 6:27 pm
Forum: General
Topic: Routing between two subnets
Replies: 11
Views: 23580

Re: Routing between two subnets

"/ip firewall nat print" gives an empty output.
Yes I can ping google, 192.168.0.240 as well as 192.168.128.240.

Very confusing to me! Do I need static routes in the clients? The default gatewy from DHCP(x.x.x.254) must be enough?!
by Toby7
Fri Jan 06, 2012 3:04 pm
Forum: General
Topic: Routing between two subnets
Replies: 11
Views: 23580

Routing between two subnets

Hallo together, here is my current situation: Subnet 1 - 192.168.0.0/24 connected to RB750GL via ether2 with IP 192.168.0.254 Subnet 1 has an Gigabit Switch with other clients, this Switch is connected to RB750GL with ether2. Subnet 1 has a DSL Router for Internet access (IP 192.168.0.240) by ISP 1....