MikroTik

biomesh

Since you don't have any firewall rules enabled, I would disable remote access to dns.

/ip dns
set allow-remote-requests=no servers=172.16.10.10

biomesh

You might want to drop the power levels on the APs so the clients don't try to roam as much.

biomesh

I would suggest using unique local addresses vs link-local addresses at this point if you need to add a static address. It would be the fd00::/8 range.

biomesh

If you are getting supout.rif's, you should email that to mikrotik support (support[at]mikrotik.com:) - since this is a user based support forum, it does not help us. You can post your device's config export (/export) so we can see what could be the issue. I would start by emailing support directly ...

biomesh

You will have to provide more details - ROS version, post your config, etc. Myself and plenty others use a CCR1009 with no memory leak issues, so this must be a version/config issue.

biomesh

I have seen this, but it has never been an issue for me since I do not use quickset for this device.

If you have an urgent issue or would like something addressed by MikroTik, you should email support.

biomesh

The RB3011 series uses an ARM processor, which is still a work in progress. You are better off just using another CCR1009 model or better.

biomesh

Why not just use one of the other ccr1009 models?

They do have a passive cooling model which is probably the closest upgrade. The other two models (passive or active cooling) cost more and have extra features.

biomesh

Mine looks accurate - make sure you have updated firmware (/system routerboard upgrade). I am on firmware 3.27. /system health print cpu-overtemp-check: yes cpu-overtemp-threshold: 100C cpu-overtemp-startup-delay: 1m voltage: 23.7V current: 611mA temperature: 38C cpu-temperature: 45C power-consumpti...

biomesh

I may not be an expert, in what you are trying to do, but it sounds like you expect the router to be a voip SBC. These are specialized devices for voip which can handle the load you are giving them which also include some firewalling capabilities. The SIP ALG in most routers are very basic and shoul...

biomesh

Most of these configs that have been posted are for a standard docsis 3 modem, not one of the business gateways. The gateways have their own quirks and most of the time lots of bugs. Unless you need static IPs, I would ditch the gateway and buy your own modem.

biomesh

Here is my config. I changed the interface names to match yours. This also includes my firewall settings. /ipv6 address add address=::1 from-pool=comcast_ipv6 interface=bridge /ipv6 dhcp-client add add-default-route=yes interface= pool-name=comcast_ipv6 prefix-hint=::/60 request=address,prefix use-p...

biomesh

Juanvi, you can use the vmware provided tool vmware-vdiskmanager for the pre deployment resizing.

biomesh

Looks good - Now I am just waiting for the licensing to be enabled for purchase. Will there be any way to convert prepaid standard keys (level 4/5/6) to a CHR equivalent license?

biomesh

The 2011 should be able to handle up to ~200 Mbps depending on the config. The 6141 should really have not bearing on this, with the exception of what type of service you have with comcast. If you have residential, you will only get 1 IPv4 address, but you can get multiple IPv6 prefixes (limited by ...

biomesh

You don't need the /128 address to work with comcast. You will need to make sure you assign an address to your internal interface and you should set up ND too. Here is my IPv6 config that I have been using with comcast for probably a year. /ipv6 address add address=::1 from-pool=comcast_ipv6 interfa...

biomesh

You hit the cpu limit for nat/conntrack for this device. A ccr or RB1100AHx2 would be the device you would need to get gigabit speeds.

You might just want to let the at&t router do the nat unless you want to spend $350-$425 on a new MT router.

biomesh

Some good changes here, including the new "ip cloud" menu
What exactly is the point of "ip cloud" when you cannot remember your dns name?

If you have your own domain, just create cname records that point to your serial number dynamic dns records hosted by mikrotik.

biomesh

As for IPX, NCP (which is the only common protocol that was used with IPX/SPX) had TCP/IP support added almost 20 years ago.

biomesh

Here are my queues. They give voip traffic the highest priority, any regular traffic the next highest priority and crashplan traffic the lowest priority. You would need to adjust to your environment (limit, max-limit, parent, etc) /queue type set 0 pfifo-limit=500 add kind=pcq name=pcq-crashplan-upl...

biomesh

You would have to add a mangle rule to mark the packets like /ip firewall mangle add action=mark-packet chain=postrouting comment=crashplan dscp=2 new-packet-mark=crashplan passthrough=no You would then just need to set up queues to make the traffic low priority. The issue with QOS on windows is tha...

biomesh

Looks like you got a CPU bump as well. By default it have 300 mhz but you can overclock to 400 mhz. I have a few of the original ones, and you can only set them to 360 MHz (default) or 240 MHz. For a while, they had 400/300 and I think 240 options, but due to some stability issues with the original...

biomesh

Looks like you got a CPU bump as well.

biomesh

Comcast provides an ipv4 address on all connections and ipv6 on most. The person you talked to was incorrect. You need to reset the cable modem so that it will see the mac address of the new router. Residential comcast connections only provide one ipv4 address and it is restricted by the cable modem...

biomesh

Most likely it is a gateway device, not just a modem. It does a 1 to 1 NAT for the static IPs. I would check the settings on it to disable all firewall rules and ICMP handling so that way the 450G will see the traffic.

biomesh

https://www.wireshark.org/docs/wsug_html_chunked/ChCapInterfaceRemoteSection.html The Remote Packet Capture Protocol service must first be running on the target platform before Wireshark can connect to it. The easiest way is to install WinPcap from http://www.winpcap.org/install/default.htm on the ...

biomesh

If you have a request for a different implementation, it would be best to include the different options that would work better for you.
Personally, tzsp had worked fine for my needs.

Sent from my Nexus 7 using Tapatalk

biomesh

You can do this already.

http://wiki.mikrotik.com/wiki/Ethereal/Wireshark

Follow the directions in the wiki and set the display filter in wireshark to tzsp.

Sent from my Nexus 7 using Tapatalk

biomesh

Product presentation: http://mum.mikrotik.com/presentations/IT14/it14.pdf New brochure with mAP and others: http://download2.mikrotik.com/2014-Q1.pdf Why reduce NAND on RB850Gx2 compared to RB450G ?? JF. I hope the 400Mhz in the brochure is a typo. The MUM presentation lists the CPU as 500MHz. The ...

biomesh

The ones that pcunite mentioned are good along with anveo.com

Sent from my Nexus 7 using Tapatalk

biomesh

Dial on demand does not work on the RC that was released briefly this morning. A L2TP (and sstp) client that worked in previous releases (6.6 and earlier including 5.x) would not start. The interface did work if dial on demand was deactivated and was started manually.

biomesh

According to the brochures, the 12 core CCR devices have 512 mb of nand and the 36 core versions have 1gb of nand.

Sent from my Nexus 7 using Tapatalk 4

biomesh

I also did some testing with the sniffer. From what I see, if you have a lease, but release, and the router tries to renew, Comcast sends two advertisements back, the /60 you asked for, and your existing lease, in my case, a /64. What it does is set preference for the leases, the /60 you asked for ...

biomesh

Interesting. I actually was thinking about running a sniffer on it to see. The guy @ comcast I'm working with indicates their systems should accept a release, specifically I'll quote him as saying, "I can delete that PD for you, your client isn’t doing a full release\renew.. I see this a lot..", so...

biomesh

Fragmenting packets will always put an extra load on the system. UDP is also stateless. Can you set your application that generates the traffic to use a max size that will not cause the fragmentation to occur?

biomesh

Interesting. I actually was thinking about running a sniffer on it to see. The guy @ comcast I'm working with indicates their systems should accept a release, specifically I'll quote him as saying, "I can delete that PD for you, your client isn’t doing a full release\renew.. I see this a lot..", so...

biomesh

I have considered that, but frankly disabling IPv6 till the lease expires is a sorry excuse for a workaround to the router not releasing the lease properly. I expect the person I'm working with will be able to get it taken care of sometime tomorrow, and if not I'll try disabling IPv6. If you look a...

biomesh

If this is Comcast, just disable the client for four days then re-enable it. This worked for me since their lease time is four days.

Sent from my Nexus 7 using Tapatalk 4

biomesh

It was added in 6.5 and currently it is not in the wiki or changelogs.

biomesh

It looks like when the find command returns without data, it is evaluated as 0 so it would print the address on the interface with index 0.

It happens at least on 6.6 and 6.7 - I didn't test on any earlier 6.x versions. It works as expected on 5.25.

Looks like a bug to me.

biomesh

Looking at your router - the default gateway is unreachable.

Not sure if there is anything you can do - comcast will provide a /60-/64 prefix as well as a /128 for the external wan interface. It could be that your provider is doing something different than comcast.

biomesh

Have you tried a ping -6 ipv6.Google.com to see if that works?
You don't have to have a DNS server on ipv6 to actually resolve aaaa records.
Disable your firewall rules temporarily to see if things start to work then.

Sent from my SAMSUNG-SGH-I747 using Tapatalk

biomesh

Of course thank you for your effort on this :) Yea use peer DNS is default on the client. I played with it all again, still not handing out DNS. So does that mean the ISP is not handing out a IPv6 DNS server IP ? The DHCPv6 client does not seem to have a status that shows if it got DNS from the ISP...

biomesh

My script should work - it works on a few devices I have here.

As for DNS, you can set the option

use-peer-dns=yes

on the dhcp-client command.

biomesh

Try this first (adjust the interface to match your internal interface name)

/ipv6 address add from-pool=ipv6_pool interface=ether2 advertise=yes

This is using the method Janisk mentioned.

biomesh

If you have comcast (or another provider that supports prefixes larger than a /64) then you can add the prefix-hint option to the /ipv6 dhcp-client command like /ipv6 dhcp-client add add-default-route=yes interface=external pool-name=ipv6_pool prefix-hint=::/60 This option was added in ROS 6.5 and c...

biomesh

It was for personal preference, (to use a ::1/64 address as the router address) but I found that if I did use the from-pool option and removed that address, it also removed the pool. This is not good since it was a /60 pool handing out /64 prefixes. I will stick with my setup for now. I am running R...

biomesh

Try something like /ipv6 dhcp-client add add-default-route=yes interface=external pool-name=ipv6_pool /ipv6 firewall filter add chain=input connection-state=established add chain=input connection-state=related add chain=input dst-port=546 in-interface=external protocol=udp src-port=547 add action=dr...

biomesh

This was added in 6.5. The option is prefix-hint for the /ipv6 dhcp-client option. It is command line only at this point.

/ipv6 dhcp-client
add add-default-route=yes interface=external pool-name=ipv6_pool prefix-hint=::/60

Sent from my Nexus 7 using Tapatalk 4

biomesh

You need to have a "drop the rest" rule on both the input and forward chains.

biomesh

The screen shots look okay. What do your ipv6 routes look like?

biomesh

nope. mt 750gl is powerfull enough.

Do you get the same results through the 750gl without the bonding enabled?

If you are just doing routing, the 750gl might be able to handle this(not sure), but with the firewall enabled, I doubt it.

biomesh

Upgraded my 450G from 6.4 to 6.5 with no issues.

biomesh

10 mbit is very conservative. You can handle 30mbit easily with a basic config 951-2n which is less powerful then the 750GL. I think it depends if you use queues, proxy, etc which will use more cpu. The more complex you get, the less bandwidth the hardware will be able to handle. This bandwidth we a...

biomesh

I would change your content criteria and perhaps see if any traffic will work over your vpn connection. If you remove the content option and set the src-address to just one IP address, see if you can get it to work. This would just mean you need a better way to identify the traffic.

biomesh

Here is the wiki sample /ip firewall mangle add chain=prerouting src-address=192.168.150.0/24 content=facebook action=mark-routing new-routing-mark=Through_VPN /interface pptp-client add connect-to=My VPN Connection allow=pap,chap,mschap1,mschap2 name="My VPN" user=Reza Moghadam password=Reza Moghad...

biomesh

You should make sure your vpn connection works before trying the PBR. From your first post, it looks like you just copied from the wiki - which is just an example. You will need to replace a lot of information in the example with your VPN IP address, credentials, along with your subnet, packet marki...

biomesh

I received both with mine. You might want to check with your distributor if you did not get yours.

Sent from my Nexus 7 using Tapatalk 4

biomesh

I would take a backup of your config and run with the default rules that come with the device when using quickset. See if/how the performance differs.

biomesh

Are there plans to allow for different IPv6 DNS servers for each DHCP server network? With the way the feature is implemented right now, you cannot hand out only the address of your local caching nameserver(s). You could add the local nameservers to the list of the servers used as forwarders by the ...

biomesh

i dont want to use 3des, thats the point of this, the performance blows on that windows also supports aes-128 sha1, by default which im being told has much better performance i need this to work under aes 128, not 3des i already had that working The phase I encryption is only for the keys being pas...

biomesh

Change /ip ipsec peer add enc-algorithm=aes-128 generate-policy=yes hash-algorithm=sha1 \ nat-traversal=yes secret=1234 to /ip ipsec peer add exchange-mode=main-l2tp enc-algorithm=3des generate-policy=yes hash-algorithm=sha1 \ nat-traversal=yes secret=1234 This is only for phase I of the l2tp connec...

biomesh

Looks like you are missing a proposal. Try something like the following: /ip ipsec proposal set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=\ aes-128 lifetime=30m name=default pfs-group=none /ip ipsec peer add address=0.0.0.0/0 auth-method=pre-shared-key dh-group=modp1024 di...

biomesh

What is your l2tp Server max mru set to? You might want to try 1420 instead of 1460. Post your config if it didn't help.

biomesh

Forget DHCPv6, in RouterOS it only supports prefixes so far, not individual addresses. To see RAs on Windows, you can use some packet capture tool, e.g. Wireshark with "icmpv6.type==134" filter.

Edit: And since you can't use DHCPv6, you definitely want managed-address-configuration=no.

Good catch

biomesh

Yes I want to use DHCPv6 for my clients. In your config you had nd disabled=yes. My intention is simple. I want my clients to get IPV6 address so that they can browse over IPv6 web addresses. Which config should I follow? You misread my config - my default ND entry is disabled. I have a separate ND...

biomesh

Yes I want to use DHCPv6 for my clients. In your config you had nd disabled=yes. My intention is simple. I want my clients to get IPV6 address so that they can browse over IPv6 web addresses. Which config should I follow? You misread my config - my default ND entry is disabled. I have a separate ND...

biomesh

Still DHCPv6 not working on clients. My New Config: /ipv6 dhcp-server add address-pool=pool1 authoritative=after-2sec-delay disabled=no interface=\ LAN lease-time=3d name=server1 /ipv6 pool add name=pool1 prefix=2001:470:19:1292::/64 prefix-length=64 /ipv6 address add address=2001:470:18:1292::2/64...

biomesh

Try this: /ipv6 address add address=2001:470:18:1292::2/64 advertise=no interface=IPV6 add address=2001:470:19:1292::1/64 interface=LAN /ipv6 nd set [ find default=yes ] disabled=yes add advertise-dns=yes interface=LAN managed-address-configuration=yes mtu=1480 other-configuration=yes ra-delay=5s \ ...

biomesh

I followed your config, but no luck. Please see my changed config [admin@MikroTik] /ipv6 address> print Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local # ADDRESS FROM-POOL INTERFACE ADVERTISE 0 G 2001:470:18:1292::2/64 IPV6 no 1 G 2001:470:19:1292::1/64 WAN no 2 DL fe80::c...

biomesh

After the 5.25 update I got the following message and had to delete/reimport my certificates (and update the sstp server): 15:49:21 sstp,error server certificate change failed: could not load private key (6) 15:49:31 sstp,error server certificate change failed: could not load private key (6) No othe...

biomesh

You should have two default routes. One using policy based routing for your internal interfaces, one for your external interface. The wan interface will have the address from your ISP, and this will have the default route without the policy based routing. All of the ISP local traffic will be routed ...

biomesh

You might get more replies if this were in english. But if you want to force specific traffic to go over the pptp connection, you might want to look at the following: http://wiki.mikrotik.com/wiki/Policy_Base_Routing /ip firewall Mangle add chain=prerouting src-address=10.64.83.0/24 action=mark-rout...

biomesh

Then blame your distributor - in all official announcements MT informed that this is "pre-production batch for those who wanna try it before full production" You can't have RouterOS v5 , cause this is completely new CPU architecture that didn't exist before v6 Taken from : http://routerboard.com/CC...

biomesh

I don't think that this device was designed to only be an AP only. It is being sold as a small office or home router and AP. The specs on this device are sufficient for most small buildings with limited wireless device access and moderate internet speeds. I have had one of these providing 16/3 inter...

biomesh

I would start off by specifying the wireless protocol to 802.11 and most likely you will also want to set the encryption to aes rather than tkip. I also don't see your ssid in the export, but that could be due to the unspecified protocol.

Sent from my Nexus 7 using Tapatalk HD

biomesh

I think the ideal solution would be SAML v2 service provider support on the ros devices so that way you could authenticate against any trusted SAML v2 identity provider. You would have to configure the trust relationship so unknown users would not be an issue.

biomesh

I use the AnyConnect client with no issues. You will most likely need to look at the vpn client logs as well as the client config and configured routes(while it is connected) to determine if some of the vpn client settings conflict with your network configuration.

biomesh

I thought every port needed an IP?

No, the ports can be slaved or bridged - so if every device is on one network, your internal ports only need one address. The wan port would also need one as well.

biomesh

What is wrong with this setup? I do get an IP address and the system time is updated so I know have some contact with the outside world but I cant surf the web? # feb/06/2013 15:31:33 by RouterOS 5.22 # software id = TQBA-3U8S # /interface ethernet set 2 name=WAN set 3 name=LAN set 4 master-port=LA...

biomesh

I have an Rb951-2n (with L4 license) that states it is upgradable to 7.x.

I would guess that it also would be upgradable to 7.x (due to the timeframe the hardware was released) but someone else with a RB2011L-RM should be able to verify for you.

biomesh

Once you netinstall it switch to port 2-5 then use winbox(via the mac) to configure it. When you set the IP via netinstall it sets that IP on port 1 which normally has all of the services firewalled.

biomesh

Can you try the tests again, connecting to the same speedtest server for all three tests?

biomesh

It looks like he added static A entries with html code.

To the original poster: DNS is only a name to ip address translation protocol - it has nothing to do with http, etc other than web browsers, etc use both protocols.

biomesh

IMO, ATA functionality cannot be implemented easily without a good deal of work. I would suggest Obihai or Grandstream devices and just use tftp/ftp/http provisioning to manage the devices for your customers.

biomesh

Works as expected on a 751G - I would have to agree with Chupaka and make sure the permissions are correct. If you are using an API to send these commands, they are probably being interpreted as being interactive. I would try to send the commands via the script interface. This could be done via a rs...

biomesh

I can try on a 751G tomorrow.

Sent from my Nexus 7 using Tapatalk 2

biomesh

/system reboot in 5.21 requires interactive confirmation as does /system upgrade /system auto-upgrade requires interactive password Using ROS scripting you cannot respond to these requests, rendering all scripts that use these commands useless. The right way to fix the problem is eliminate the inte...

biomesh

What does it mean?: *) dns - fix empty response; I'm asking about it, because I have problems with MikroTik DNS long time. Maybe this fil will repair it, but what do You mean "empty response"?? Please MikroTik - what does this mean? My guess is that it is related to the truncated flag with udp DNS ...

biomesh

Sorry, not BIND, but dhcpd from isc.org. Bind is the dns server and dhcpd is the DHCP server. That was my typo.

The DHCP server from isc.org would only be used to hand out the DHCP option to the clients, not the actual addresses (if you want to use autoconfig).

biomesh

You are getting the address via RA and I don't think that the windows ipv6 stack supports dns configuration except via static or DHCP, which is not available in the ROS implementation. (I use bind). You don't have to have ipv6 addressable dns servers, but it does help if you want full ipv6 support. ...

biomesh

This will probably work for you: /interface 6to4 add comment="HE IPv6 Tunnel" disabled=no local-address=78.130.165.174 mtu=\ 1280 name=sit1 remote-address=216.66.84.46 /ipv6 pool add name=clients prefix=2001:470:1f15:69c::/64 prefix-length=64 /ipv6 address add address=2001:470:1f14:69c::2/64 adverti...

biomesh

Have you tried to set the preferred source on the 10.34.33.0/24 subnet to 10.34.17.44?

Could there also be a routing issue on the router at 10.34.17.62? It should of course be able to respond to pings, but might not route between subnets properly.

biomesh

/tool e-mail set address=173.194.77.108 from=mikrotik@mydomain.net password=emailpwd port=587 starttls=yes user=user@gmail.com /tool e-mail send to="user@gmail.com" body="Router email" subject="$[/system identity get name] $[/system clock get time] $[/system clock get date] Alert" from="mikrotik@myd...

biomesh

I had the basic rate symptom - would not really call it an issue with a few cell phones where the Tx rate would stay at the basic rate. I just set configured supported and basic data rates to be 24 Mbps and up and the devices have no problems connecting at full N rates now.

biomesh

you cant have the same /16 on two different interfaces. the local machine will not send the traffic to the router for anything on that 192.168.x.x because it thinks its local. a machine will arp for anything in its own subnet instead of sending it to the default gateway. OK this makes sense, howeve...

biomesh

Have you tried different masks? A /16 assumes everything is on the same physical network - which a bridge or a simple switch can handle.

From your example /24 masks would be more appropriate.

An export from your device can also help others see what your configure is.

biomesh

I see around 8.3 sector writes per second (on average). This is around 500 writes per hour. This 751G is used only as a basic AP for about 4-5 clients. I have not seen the high flash utilization yet, but this is more utilization than my 450G with graphing enabled.

biomesh

The CA public key will be required by the client. On the server, you will need the certificate public & private key including the public key trustchain up to the CA. This might not help too much though - you are better off looking at the wiki for more detailed directions. http://wiki.mikrotik.com/wi...

biomesh

The quick guide does mention that the RB951-2n does have usb, so that should be removed from the PDF.

I have been using the RB951-2n as a bridged AP for a few days and it has been running very well using 5.18.

biomesh

I installed the optional package. http://wiki.mikrotik.com/wiki/Manual:System/Time DOES NOT tell how to set the clock using the NTP client. If you configure and enable the ntp client it will set the time on the device: /system ntp client set enabled=yes mode=unicast primary-ntp=216.66.0.142 seconda...

biomesh

I have no idea if this will work, but have you tried to change the value under /system identity ?

biomesh

That is just letting you choose which address to connect to - your mikrotik device has an IPv4 and IPv6 address bound. Just choose one - they both go to the same device.

biomesh

How much of your cache is in use? Mine is very low and I don't see the issue you are seeing - been running the batch file for two hours. The config is /ip dns export set allow-remote-requests=yes cache-max-ttl=1w cache-size=4096KiB \ max-udp-packet-size=4096 servers=208.67.222.222,208.67.220.220 /ip...

biomesh

Not sure what version of vmware you are using but ros works great on vmware workstation 8. I am guessing the latest versions of esxi work too.

Sent from my BlackBerry 9800 using Tapatalk

biomesh

If an official update is available I would like to know what it is.

biomesh

A backup file won't help - you will need to provide either
(preferred - if you are on ROS 5.12 or later)

/export compact file=export

or

/export file=export

Attach the export.rsc that is created back to this thread.

biomesh

I'm not sure if it is possible, but set a higher delay between posts for users with a very low number of posts. Once they reach a threshold that a spammer wouldn't ever reach (or wait for) then remove the delay.

biomesh

AV in a router is pointless - if someone wanted to bypass network AV they could just encrypt the data or session. This is just the first and most obvious reason - there are plenty more.

biomesh

By image, he means the virtual machine you install the license on. Just be sure to back up the virtual machine so that way if the virtual machine/virtual disk is corrupt in some way you can just revert back to the original state.

biomesh

little confused, the !outside is supposed to be what? *not* my internet connection interfaces? Yes, my external interface is labeled outside. I only intercept traffic that does not originate from my external interface and the source address would not be equal to your dns server. If those 2 conditio...

biomesh

little confused, the !outside is supposed to be what? *not* my internet connection interfaces? Yes, my external interface is labeled outside. I only intercept traffic that does not originate from my external interface and the source address would not be equal to your dns server. If those 2 conditio...

biomesh

Hello, I've been recently trying to "intercept" my clients DNS traffic and redirect it to our internal DNS server. (I know someones going to ask why, we have limited outgoing bandwidth, and we would like to try protecting our customers from malicious DNS hijackers, or at the very least stop the pro...

biomesh

You might want to look down a few threads to see that this has already been mentioned and that there are plenty of workarounds until there is an official fix.

biomesh

http://www.kb.cert.org/vuls/id/800113

after DNS scan from namebench(google app.) ....:: what is this?

Thanks

Just ran a scan against my RB450G with 5.15 and did not see that result. What options were enabled in namebench?

biomesh

Without an interval set the task will run once. If you want this automated, an API connection to the routers to either reboot them manually or add/delete the reboot schedule is probably the easiest way.

biomesh

If you want to delegate the pool to the inside, there is not necessary the need to assign a IPv6 to the outside interface - the link local address would do. So if using DHCPv6 you should set it up with a pool name without initializing the pool... /ipv6 dhcp-client add interface=ext-if pool-name=ipv...

biomesh

I did some testing and the linksys/cisco consumer level device will request a prefix and an address. The address is assigned on the external interface and the prefix is assigned and advertises on the local network (with $PREFIX:: being the default lan gateway). Right now the routeros dhcpv6 client i...

biomesh

I have to do some testing, but there might be a bug. You should be able to allocate addresses from the pool that is assigned via the dhcpv6 client, but the pool is not accessible via the cli via preliminary testing. It is accessible via the gui. You can assign the default prefix to the wan address ...

biomesh

I have to do some testing, but there might be a bug. You should be able to allocate addresses from the pool that is assigned via the dhcpv6 client, but the pool is not accessible via the cli via preliminary testing. It is accessible via the gui. You can assign the default prefix to the wan address b...

biomesh

You won't need a dhcpv6 server for this - just a dhcpv6 client(the pool option is there in case you do get a larger allocation like a /48 and need to handle your own delegation). Your wan interface will get the /64 allocation then you will advertise that /64 using (RAs/ND) on your internal network. ...

biomesh

You can just leave the word "compact" out of the command. You will end up with more data to validate but the format will be the same.

biomesh

Make sure you are using at least version 5.12 and then run

/export compact file=backup

The data in the file is plain text.

biomesh

I too have had terrible ethernet compatibility issues with the RB493G. Linksys PAP2T dual line VOIP phone adapters for example auto-negotiage 10 Mbps FDX , I have an old laptop that will only work at 10 Mbps HDX and requires autonegociate off or else it doesn't even register a link. I had to put a ...

biomesh

Could this be it?

http://wiki.mikrotik.com/wiki/Manual:Wi ... devices.3F

biomesh

AUTH failure means you used the wrong password. Make sure your username is the full email address "user@gmail.com" and double check your password. If you still have errors, you might want to change your gmail password to make sure if complies with their new standards and perhaps leave out any specia...

biomesh

Not a cisco person, but if the voip devices just need to communicate with each other, you should just be able to change the default gw of each device to the RB750. The RB750 will route traffic between voip devices. If all devices on the network need to connect to the voip devices on both subnets, yo...

biomesh

Are the voip devices connected directly to the 750G or are they connected to a switch?

Can any other device on the 10.7.0 network connect to 10.7.3.x network via 10.7.0.1 as a default gw?

biomesh

That looks okay to me. Make sure no NAT or firewall rules are enabled. If you want them added later - test connectivity without them first then add rules slowly and test often. If this is an internal network - no nat or firewall rules will be needed.

biomesh

Are you using the GUI or the CLI?

If you are using the GUI - fill in every option - server(smtp.gmail.com), port(587), user(gmail email address), password, tls (checked), to, from, subject, and body.

The GUI interface doesn't always inherit the email values.

biomesh

Try: /ip address add address=10.7.0.4/24 disabled=no interface=ether1 network=10.7.0.0 /ip address add address=10.7.3.1/24 disabled=no interface=ether2 network=10.7.3.0 /ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.7.0.1 scope=30 target-scope=10 Make sure your VOIP switches p...

biomesh

If the 750G is the router between subnets, you don't need any nat or firewall for routing. If you assign each interface an address, you will get a "dynamic" static route added. i.e. /ip address add address=10.7.0.2/24 disabled=no interface=ether2 network=10.7.0.0 /ip address add address=10.7.3.2/24 ...

biomesh

Have you tried the config without masquerading?

Have you tried torch or the packet sniffer to look at traffic between subnets? Lan traces can help identify issues you normally see.

biomesh

You are probably missing the port or setting tls=yes.... here is an example: /tool e-mail set address=173.194.77.108 from=mikrotik@your-domain.com password=gmailpwd port=587 user=username@gmail.com /tool e-mail send to=\"username@gmail.com\" body=\"email\" subject=\"\$[/system identity get name] \$[...

biomesh

/ip firewall nat add action=dst-nat chain=dstnat disabled=no src-address=x.x.x.204 to-addresses=192.168.30.220 or if you only have one IP address, just use the interface(where the external interface is named 'outside'): /ip firewall nat add action=dst-nat chain=dstnat disabled=no in-interface=outsi...

biomesh

You might want to check the Cpu speed to make sure it wasn't set to 100MHz instead of 680MHz.

biomesh

If you look at your configuration you have not specified the master port even though you have labeled them as slaves.

biomesh

Can you provide an "/interface export" to let us know how your interfaces are configured?

biomesh

If your log rule matches your drop rule place it before the drop rule. You will also need to create a new logging rule (for the "firewall" topic) that will tell the system which action to take with the messages. I.e. if you have a syslog server, create a new logging action that points to syslog. The...

Search found 139 matches