Community discussions

Search found 1766 matches

by CelticComms
Sun Nov 08, 2015 3:46 pm
Forum: RouterBOARD hardware
Topic: RB2011UAS-2HnD-IN + GPON not GePON
Replies: 10
Views: 6647

Re: RB2011UAS-2HnD-IN + GPON not GePON

.... wondering if that could be avoided if Mikrotik provided means to clone the original ONU/ONT ID?
The profiles of the devices may also vary. For example, one Calix ONT family has various models with varying numbers of Ethernet and phone ports each of which can be provisioned separately.
by CelticComms
Sun Nov 08, 2015 12:47 am
Forum: RouterBOARD hardware
Topic: RB2011UAS-2HnD-IN + GPON not GePON
Replies: 10
Views: 6647

Re: RB2011UAS-2HnD-IN + GPON not GePON

Mikrotik just release SFP GPON ONU module http://mt.lv/gpon , it says it is complatible with any standard SFP module. There is one ISP whihc provide GPON service, might think about about switching ISP. I understand the enthusiasm but just be aware that if your ISP is large and is using equipment fr...
by CelticComms
Sun Nov 08, 2015 12:42 am
Forum: Announcements
Topic: Newsletter 68
Replies: 57
Views: 15743

Re: Newsletter 68 - GPON

I've got five Adtran TA 5000 head-end units (the big guys).
Don't let Alcatel Lucent hear you calling Adtran the big guys! :) Adtran haven't been doing so well lately. Even Calix is giving them a run for the money! Should mean good discounts!
by CelticComms
Sun Nov 08, 2015 12:29 am
Forum: RouterBOARD hardware
Topic: GEPON OLT with new mikrotik RB2011LS-IN - is it possible?
Replies: 84
Views: 52755

Re: GEPON OLT with new mikrotik RB2011LS-IN - is it possible?

good news :) in new 6.33 os mikrotik wants to support GPON - ONU with any routerboard with SFP port. http://download2.mikrotik.com/news/news_68.pdf I don't see any reason for it to be ROS 6.33 dependent. The SFP ONU handles the upstream ONU <> OLT protocols and upstream physical layer and then pres...
by CelticComms
Sat Nov 07, 2015 11:08 pm
Forum: Forwarding Protocols
Topic: new BGP Advertisements not going out
Replies: 5
Views: 1476

Re: new BGP Advertisements not going out

Can you reproduce the same issue if you set up an additional dummy/test BGP peer? Sometimes a fresh test build forces some an unnoticed issue to come to light on the production service.
by CelticComms
Tue Sep 22, 2015 11:58 am
Forum: General
Topic: Vlans and network broadcast
Replies: 7
Views: 1310

Re: Vlans and network broadcast

Each VLAN is its own broadcast domain so VLANs can actually help to determine where a broadcast storm is emanating from. If considering changes it would be worth considering how you control customer traffic as it ingresses into your backhaul network. Bridged networks can work very well but to remain...
by CelticComms
Tue Sep 22, 2015 11:40 am
Forum: Forwarding Protocols
Topic: OSPF Filter
Replies: 3
Views: 1016

Re: OSPF Filter

It is worth remembering that OSPF peers are not simply exchanging routes since they exchange link state information then use SPF to build the corresponding routes from their own perspective, thus some things are handled differently from BGP/EIGRP/RIP etc. .

What is the original aim?.
by CelticComms
Tue Sep 22, 2015 11:28 am
Forum: General
Topic: VPN forward to list of hosts only
Replies: 2
Views: 566

Re: VPN forward to list of hosts only

There are various ways of achieving this but you might make life easier on yourself by giving the client a static IP assignment and then using the static IP assignment to point them into a limited routing table.

Have a look at VRF and Routing Rules on the Wiki.
by CelticComms
Fri Jul 10, 2015 6:36 am
Forum: Forwarding Protocols
Topic: Ring network and OSPF
Replies: 5
Views: 1480

Re: Ring network and OSPF

The OP was about traffic movement during link failure that is exactly what a link state protocol such as OSPF is designed to handle. As posted, adjusting the interface/segment costs should allow OSPF to provide the desired failover routing.
by CelticComms
Fri Jul 03, 2015 4:21 am
Forum: Forwarding Protocols
Topic: VPLS TUNNEL PROBLEMS
Replies: 6
Views: 1592

Re: VPLS TUNNEL PROBLEMS

On your LDP interfaces try adding the transport address and specify the IP configured on that interface.
by CelticComms
Fri Jul 03, 2015 4:11 am
Forum: Forwarding Protocols
Topic: Problem with TWO ISPs in one device
Replies: 1
Views: 671

Re: Problem with TWO ISPs in one device

I suggest looking on the Wiki for an example of this type of config that marks connections so that you are not examining every packet at layer 3.

You haven't if you want port forwarding to work from any ISP to any server or just ISP 1 <> server 1 etc. but marking connections can achieve either.
by CelticComms
Fri Jul 03, 2015 4:04 am
Forum: Forwarding Protocols
Topic: Bridge buffering/behavior
Replies: 3
Views: 1003

Re: Bridge buffering/behavior

Do you see packet loss and/or latency increase through the path when it is under test?
by CelticComms
Fri Jul 03, 2015 4:02 am
Forum: Forwarding Protocols
Topic: OSPF use case
Replies: 6
Views: 1103

Re: OSPF use case

The diagram looks like a config that would work but whether it is the best choice really depends on several factors which are not stated. e.g. the nature of those links is unclear.
by CelticComms
Mon Jun 15, 2015 7:34 am
Forum: Forwarding Protocols
Topic: OSPF ISSUE ON ROUTER-OS 6.28 AND 6.29
Replies: 8
Views: 1649

Re: OSPF ISSUE ON ROUTER-OS 6.28 AND 6.29

I can see several ways in which OSPF will appear to stick at EX START with MTU issues.

The jump from 5.20 to 6.28/29 of ROS (not IOS) is quite a jump so I suggest that you:

a) use the identified work around
b) upload fuller configs for an examination of what is really going on
by CelticComms
Sun May 31, 2015 3:09 pm
Forum: Forwarding Protocols
Topic: VPLS/MPLS via ospf in wireless network
Replies: 31
Views: 5733

Re: VPLS/MPLS via ospf in wireless network

RouterOS calculates the packet size differently from a PC so it may well show 1500 byte packets unfragmented whereas a PC pinging on the same path would max out at 1472 due to the ICMP and IP headers.
by CelticComms
Sun May 31, 2015 2:44 pm
Forum: Forwarding Protocols
Topic: OSPF not work between 2 mikrotiks.
Replies: 5
Views: 1454

Re: OSPF not work between 2 mikrotiks.

Try uploading both configs from /export compact. A detailed description of the current neighbor status between the two units would also be helpful.
by CelticComms
Sun May 31, 2015 2:37 pm
Forum: Forwarding Protocols
Topic: BGP ... brain explosion
Replies: 6
Views: 1312

Re: BGP ... brain explosion

You mention one ISP being a backup. Are you only using that ISP during failure of the primary ISP? If so you could probably simplify matters.
by CelticComms
Thu Apr 30, 2015 10:17 pm
Forum: Forwarding Protocols
Topic: BGP RB1100
Replies: 2
Views: 750

Re: BGP RB1100

An RB1100 should be able to take two full BGP tables and advertise your own IP ranges upstream. The memory you have depends on the exact model. If buying a new unit for the job it is also worth considering an entry level CCR if the ports meet requirements.
by CelticComms
Thu Apr 30, 2015 10:11 pm
Forum: Forwarding Protocols
Topic: OSPF Help needed.
Replies: 3
Views: 1029

Re: OSPF Help needed.

Post your OSPF configs.
by CelticComms
Thu Apr 23, 2015 9:15 pm
Forum: Beginner Basics
Topic: [Advice] HE IPV6 Tunnel puts my router in bridge mode
Replies: 1
Views: 538

Re: [Advice] HE IPV6 Tunnel puts my router in bridge mode

The local address on the HE tunnel would typically be your public IP and you seem to have it set as an RFC1918 address at the moment.

It would probably be better to upload the full config - output of /export compact - for comment.
by CelticComms
Fri Apr 03, 2015 9:08 pm
Forum: Forwarding Protocols
Topic: Making BGP Changes
Replies: 11
Views: 1230

Re: Making BGP Changes

You mentioned "one of" your providers earlier. Are you not advertising your IP ranges on multiple providers?
by CelticComms
Fri Apr 03, 2015 6:42 am
Forum: Forwarding Protocols
Topic: Multihomed BGP configuration with VRRP?
Replies: 3
Views: 2198

Re: Multihomed BGP configuration with VRRP?

Other than the routes received from Level 3, what other routes are present on that left hand router? I'm asking because from your description it sounded as if that router is still passing traffic to Level 3 in the absence of a Level 3 BGP session. I suggest taking this as two issues - getting the ro...
by CelticComms
Fri Apr 03, 2015 5:25 am
Forum: Wireless Networking
Topic: NV2 speeds really bad with ver 6.27
Replies: 10
Views: 2056

Re: NV2 speeds really bad with ver 6.27

Clarification - are you suggesting it was better before 6.27?
by CelticComms
Fri Apr 03, 2015 5:22 am
Forum: Forwarding Protocols
Topic: why does prepend-path fails to work
Replies: 10
Views: 1456

Re: why does prepend-path fails to work

What's different is that they are aggregating paths in the process of making the VRF thus ignoring the information that they are receiving. The same is not true in the opposite direction. We are currently trying to determine if this is accidental or deliberate. The effect has been seen at multiple s...
by CelticComms
Fri Apr 03, 2015 5:08 am
Forum: General
Topic: Feature Request /31 Subnet
Replies: 29
Views: 10284

Re: Feature Request /31 Subnet

Implementing RFC3021 is long overdue.

I for one simply do not use the Mikrotik /32 method because IP designs should avoid depending on proprietary features when a perfectly good RFC is available, suitable and supported by multiple vendors.
by CelticComms
Fri Apr 03, 2015 2:18 am
Forum: Forwarding Protocols
Topic: why does prepend-path fails to work
Replies: 10
Views: 1456

Re: why does prepend-path fails to work

It is certainly the #1 rule when considering a single routing table, but if somebody decides to take all paths available from multiple sources and use policies to build a new virtual routing table from those sources - and then use that for actual routing decisions .... What they are doing suits thei...
by CelticComms
Fri Apr 03, 2015 1:40 am
Forum: Forwarding Protocols
Topic: why does prepend-path fails to work
Replies: 10
Views: 1456

Re: why does prepend-path fails to work

You can control exactly which upstream provider the egress/outbound traffic is sent to, but distant points which have multiple routes back to you can also choose which path to use. Other ASs may not consider the pre-pending in making that decision. What you might be able to try as an alternative is ...
by CelticComms
Fri Apr 03, 2015 12:00 am
Forum: Forwarding Protocols
Topic: MPLS VPLS as remedy for single point of failure in server room
Replies: 5
Views: 1180

Re: MPLS VPLS as remedy for single point of failure in server room

RouterOS can run MPLS at all sorts of speeds - depends on the hardware. You haven't mentioned how much traffic you are talking about so hard to comment but the device you mentioned is better thought of as a switch with a little CPU/layer 3 performance thrown in
by CelticComms
Thu Apr 02, 2015 11:51 pm
Forum: Forwarding Protocols
Topic: Making BGP Changes
Replies: 11
Views: 1230

Re: Making BGP Changes

If the explicit BGP routes disappear along with the BGP default route from the provider then assuming that: these routes were all pointing at the same upstream and, you have added a default route pointing at the same gateway, no other routes come into play and the default route you added is active t...
by CelticComms
Thu Apr 02, 2015 2:54 pm
Forum: Forwarding Protocols
Topic: MPLS VPLS as remedy for single point of failure in server room
Replies: 5
Views: 1180

Re: MPLS VPLS as remedy for single point of failure in server room

You mentioned performance and in a DC that could well be an issue. MPLS isn't being handled at the switch level so CPU performance will come into play.
by CelticComms
Wed Apr 01, 2015 3:44 pm
Forum: General
Topic: Suggest a model for medium office site-to-site IPSEC tunnel
Replies: 1
Views: 533

Re: Suggest a model for medium office site-to-site IPSEC tunnel

It would probably help people to respond if you put some numbers on the question since "a lot" is a relative term which is dependent on your perspective! e.g. What speeds are the actual WAN connections at each site? What percentage of the traffic is between the two sites rather than internet access?
by CelticComms
Wed Apr 01, 2015 2:52 pm
Forum: General
Topic: Load Balance with fail over
Replies: 1
Views: 450

Re: Load Balance with fail over

Have a look at load balancing using PCC:

http://wiki.mikrotik.com/wiki/Manual:PCC
by CelticComms
Mon Mar 30, 2015 2:33 am
Forum: Forwarding Protocols
Topic: OSPF across two possible routes
Replies: 2
Views: 691

Re: OSPF across two possible routes

If you allow interface entries to be created dynamically in OSPF then you don't get to control aspects of how the interface is configured for OSPF purposes. Creating a manual interface entry in OSPF allows you to set the path costs manually and also means that you can set the default interface entry...
by CelticComms
Mon Mar 30, 2015 1:06 am
Forum: General
Topic: Port 80 forwarding and port blocking
Replies: 3
Views: 2746

Re: Port 80 forwarding and port blocking

You need to add something like:

add chain=forward action=accept dst-address=10.30.1.70 protocol=tcp dst-port=80

The NAT entry on its own does not permit the traffic. You need to ensure that the traffic to the NATed destination can get through the forward chain.
by CelticComms
Mon Mar 30, 2015 1:02 am
Forum: Beginner Basics
Topic: Help with VLAN trunk and access ports on CRS.
Replies: 2
Views: 758

Re: Help with VLAN trunk and access ports on CRS.

Have you had a look at this CRS feature entry? http://wiki.mikrotik.com/wiki/Manual:CRS_features To have a group of ports use the switch features you need to set some ports to use one port as their "master". The master becomes the port through RouterOS sees that switch port group. To make trunk and ...
by CelticComms
Mon Mar 30, 2015 12:48 am
Forum: Forwarding Protocols
Topic: why does prepend-path fails to work
Replies: 10
Views: 1456

Re: why does prepend-path fails to work

It is not uncommon to find that prepending doesn't achieve everything that you want. The prepending is transparently apparent in the AS path so other other organisations may consider the AS path length as set, or may consider the multiple prepends as a single AS entry or they may use some entirely d...
by CelticComms
Fri Mar 20, 2015 7:05 pm
Forum: Forwarding Protocols
Topic: bridge to routed OSPF help
Replies: 4
Views: 864

Re: bridge to routed OSPF help

If you are allocating public IPs to customers (or plan to later) you might also want to consider using the routed network to support backhauls which can be used for central PPPoE etc. .
by CelticComms
Thu Mar 19, 2015 7:42 pm
Forum: Forwarding Protocols
Topic: route priority
Replies: 2
Views: 910

Re: route priority

It sounds as if you want to change the effective default route based on load on one upstream. Why not simply use both upstreams using one of the per connection methods?
by CelticComms
Thu Mar 19, 2015 7:34 pm
Forum: General
Topic: Securing/isolating ports to specific IP
Replies: 3
Views: 724

Re: Securing/isolating ports to specific IP

AH!
Nice seems to be exactly what im after.
I will try this and get back with the results.
Thanks :D
It will hopefully let you do what you want with using the CPE, thus at wire speed. :)
by CelticComms
Mon Mar 16, 2015 2:15 pm
Forum: General
Topic: Securing/isolating ports to specific IP
Replies: 3
Views: 724

Re: Securing/isolating ports to specific IP

Have a look at thw Switch ACL features on the CRS:

http://wiki.mikrotik.com/wiki/Manual:CRS_features#ACL
by CelticComms
Mon Mar 16, 2015 1:58 pm
Forum: Forwarding Protocols
Topic: Peering with an exchange
Replies: 2
Views: 2412

Re: Peering with an exchange

Peering rules/policies vary from one exchange to another. Policies on direct peering typically vary from exchange member to exchange member unless the exchange itself has a policy specified as a membership requirement. Since you posted this a few days ago I suggest that you update with current statu...
by CelticComms
Wed Mar 11, 2015 1:26 pm
Forum: Beginner Basics
Topic: Mikrotik router as Wireless access-point
Replies: 9
Views: 17135

Re: Mikrotik router as Wireless access-point

Check your wireless settings and/or upload them for comment. e.g. Which channel width are you using? Are you supporting B/G & N or just N?
by CelticComms
Tue Feb 17, 2015 10:26 pm
Forum: General
Topic: Need help: DHCP on VLAN bridge not working, works on just an interface?
Replies: 11
Views: 7693

Re: Need help: DHCP on VLAN bridge not working, works on just an interface?

Could you check the MAC address that the bridge is using and use admin MAC address to force it to a new value and see if that changes the symptoms?
by CelticComms
Tue Feb 17, 2015 5:22 am
Forum: General
Topic: Need help: DHCP on VLAN bridge not working, works on just an interface?
Replies: 11
Views: 7693

Re: Need help: DHCP on VLAN bridge not working, works on just an interface?

If you are still having the issue upload the output of /export compact .
by CelticComms
Mon Feb 16, 2015 4:20 pm
Forum: General
Topic: Need help: DHCP on VLAN bridge not working, works on just an interface?
Replies: 11
Views: 7693

Re: Need help: DHCP on VLAN bridge not working, works on just an interface?

Is the VLAN set to be a port on the bridge? The details show don't make that clear.
by CelticComms
Mon Feb 16, 2015 4:13 pm
Forum: General
Topic: Mikrotik with Multiple IP ranges
Replies: 2
Views: 608

Re: Mikrotik with Multiple IP ranges

Routing the second block to the router's address on the first block is a common way to achieve this, so if you are having problems it probably isn't down to the method.

Are you permitting traffic from the second block to be forwarded?
by CelticComms
Tue Feb 10, 2015 5:43 pm
Forum: Forwarding Protocols
Topic: 2 Upstreams without ASN
Replies: 8
Views: 1528

Re: 2 Upstreams without ASN

@CelticComms Thank you for reply. Will it help us having iBGP inside our network in order to set which router will go to which upstream? From what you have described so far I don't see any particular advantage to having BGP internally. It looks as if you have one cross-connect between to two main p...
by CelticComms
Thu Feb 05, 2015 7:04 pm
Forum: General
Topic: Creating a Private Transport Link that Bypasses Firewalls
Replies: 2
Views: 552

Re: Creating a Private Transport Link that Bypasses Firewalls

If the EoIP interface is bridged to an Ether port then the layer 2 traffic passing through that path will not use IP Firewall by default. However, that may bypass your bandwidth restrictions so the full solution may be more involved.
by CelticComms
Thu Feb 05, 2015 6:38 pm
Forum: Forwarding Protocols
Topic: Port forwarding apache
Replies: 1
Views: 900

Re: Port forwarding apache

Is the Apache server using the routerboard as its default gateway? If it is then you don't have to SRC NAT the traffic egressing to the LAN. To forward you generally need: 1) DST NAT rule 2) Allow traffic to DST NATed address in forward chain 3A)Target to be using routerboard as gateway (generally p...
by CelticComms
Thu Feb 05, 2015 6:30 pm
Forum: General
Topic: Website suddenly unreachable
Replies: 3
Views: 659

Re: Website suddenly unreachable

Can you check that the relevant server has a path back to the SDSL endpoint?
by CelticComms
Thu Feb 05, 2015 5:19 pm
Forum: General
Topic: CRS VLAN CONFIG
Replies: 5
Views: 930

Re: CRS VLAN CONFIG

Client side
ether1 belongs in vlan 10-12
.......
Please clarify - e.g. Do you mean that the clients are producing tagged traffic on multiple VLANs?
by CelticComms
Tue Feb 03, 2015 2:49 pm
Forum: Forwarding Protocols
Topic: 2 Upstreams without ASN
Replies: 8
Views: 1528

Re: 2 Upstreams without ASN

If you are NATing you can use the costs to ensure that costs are not exactly equal in the middle zone. You can certainly override the OSPF routes but if you do so you potentially also lose OSPF's self healing capabilities so caution is advised.
by CelticComms
Mon Feb 02, 2015 8:10 pm
Forum: Forwarding Protocols
Topic: 2 Upstreams without ASN
Replies: 8
Views: 1528

Re: 2 Upstreams without ASN

Are you using private IPs on your network and NATing to an ISP provided IP on egress from your network? If so then you could simply use OSPF to make clients use the upstream closest to them.
by CelticComms
Mon Feb 02, 2015 1:42 am
Forum: Forwarding Protocols
Topic: BGP Failover .....Help Needed
Replies: 2
Views: 1012

Re: BGP Failover .....Help Needed

BGP can certainly help to achieve automatic failover.

You haven't given any real details of your configuration so it is hard to give specific suggestions. How are the systems configured at present?
by CelticComms
Thu Jan 29, 2015 11:24 pm
Forum: Beginner Basics
Topic: RB2011 not segregating vlans properly
Replies: 3
Views: 1013

Re: RB2011 not segregating vlans properly

Have you looked at the switch chip VLAN functions? The switch chip can give you untagged access ports on (say) Ether 2-5 connected to one or more VLANs on a trunk port on (say) Ether 1 - and it does it at wire speed with no CPU impact. If you need the routerboard itself to access one or more of the ...
by CelticComms
Tue Jan 27, 2015 3:31 pm
Forum: General
Topic: Help me configure my router - 100$
Replies: 6
Views: 1066

Re: Help me configure my router - 100$

That unit does have (limited) routing capacity. Whether it can do the job really depends on the speed of the connection, nature of the traffic etc. . The WiFi "dropping" may not be a configuration issue - it may be environmental issues. You probably need to separate these problems out and tackle the...
by CelticComms
Tue Jan 27, 2015 3:06 pm
Forum: Forwarding Protocols
Topic: BGP Implementation
Replies: 17
Views: 2509

Re: BGP Implementation

I though that BGP would send the package to the peer, and then to the endpoint. No - routes determine the next hop not the full path. Each router in between makes its own decision. This is why providers typically provide a VRF that you can interact with via a routing process on the PE router for a ...
by CelticComms
Sun Jan 25, 2015 4:37 pm
Forum: Forwarding Protocols
Topic: OSPF Routing with Multiple Areas
Replies: 4
Views: 1574

Re: OSPF Routing with Multiple Areas

Try to be wary of jumping into virtual links early on - that may be a sign that the initial breakdown into areas is suspect. To design OSPF areas it is necessary to consider the dynamics of the network/IP addressing in addition to the basic router topology. e.g. is a particular router to be consider...
by CelticComms
Sat Jan 24, 2015 3:16 pm
Forum: Forwarding Protocols
Topic: OSPF Interfaces twitching like crazy in webfig
Replies: 2
Views: 639

Re: OSPF Interfaces twitching like crazy in webfig

Do you have multiple IP numbers on the interface?
by CelticComms
Sat Jan 24, 2015 12:09 am
Forum: Beginner Basics
Topic: I wanted to know how to redirect my public ip to local ip
Replies: 5
Views: 1102

Re: I wanted to know how to redirect my public ip to local i

Use IP Firewall NAT for both network address translation and port address translation:

http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT

Note that traffic must also be permitted to the DST NATed addresses/ports in the Forward chain of OP Firewall.
by CelticComms
Fri Jan 23, 2015 4:14 pm
Forum: Forwarding Protocols
Topic: Routing Issue - Can't ping gateway from other routers
Replies: 5
Views: 1587

Re: Routing Issue - Can't ping gateway from other routers

Possible issues: Is it possible that the upstream is filtering ICMP except from certain addresses? Which address is the ping originating from? Is it being forced to a specific value? Can you see the ping traffic egressing towards the gateway as expected? Can you ping external IPs such as Google DNS ...
by CelticComms
Fri Jan 23, 2015 3:42 pm
Forum: Forwarding Protocols
Topic: RouterOS 6.25: OSPF: MikroTik & Cisco: wrong AuthType field.
Replies: 5
Views: 1541

Re: RouterOS 6.25: OSPF: MikroTik & Cisco: wrong AuthType fi

Have a look at RFC 6549: https://tools.ietf.org/html/rfc6549 OSPFv3 has the instance ID in that byte location of the header. RFC 6549 proposes amending RFC 2328 such that the AuType field is shortened to 8 bits thus leaving space so that the instance ID can also be in the same location of the modifi...
by CelticComms
Tue Jan 20, 2015 4:24 pm
Forum: Forwarding Protocols
Topic: Forwarding to port 5000
Replies: 2
Views: 720

Re: Forwarding to port 5000

You also need to permit the traffic to the NATed address/ports in the forward chain of IP FIrewall.
by CelticComms
Mon Jan 19, 2015 11:25 pm
Forum: Forwarding Protocols
Topic: BGP Implementation
Replies: 17
Views: 2509

Re: BGP Implementation

OK - it so it sounds as if they have provided an L3 MPLS cloud but with no dynamic routing. Often on a multi-site L3 MPLS cloud the PE routers will exchange routing information with a customer owned router thus the MPLS cloud knows which sites are up and down and signals the same to the other sites....
by CelticComms
Mon Jan 19, 2015 10:18 pm
Forum: Forwarding Protocols
Topic: BGP Implementation
Replies: 17
Views: 2509

Re: BGP Implementation

How do the branch/head officxes determine which traffic is sent to the MPLS network. Are there static routes set?
by CelticComms
Mon Jan 19, 2015 6:40 pm
Forum: Forwarding Protocols
Topic: BGP Implementation
Replies: 17
Views: 2509

Re: BGP Implementation

OK - then can you describe exactly what the layer 3 situation is for Branch Office<>Head Office traffic - typical IP address arrangement and routing arrangement.
by CelticComms
Mon Jan 19, 2015 4:46 pm
Forum: Forwarding Protocols
Topic: BGP Implementation
Replies: 17
Views: 2509

Re: BGP Implementation

If the MPLS network was providing Layer 2 connectivity then OSPF adjacencies would simply work. Assuming that what you have is a Layer 3 network via MPLS are you exchanging routing information with the provider's PE routers? If not can you and which protocols can they support?
by CelticComms
Mon Jan 19, 2015 3:42 pm
Forum: Forwarding Protocols
Topic: BGP Implementation
Replies: 17
Views: 2509

Re: BGP Implementation

OK - so in reality how does the MPLS network present to you? In the diagram it shows as a /30 network to the branch. Did you ever confirm that the reason why adjacency could not be established was understood?
by CelticComms
Mon Jan 19, 2015 3:20 pm
Forum: Forwarding Protocols
Topic: BGP Implementation
Replies: 17
Views: 2509

Re: BGP Implementation

To avoid any confusion, could you clarify how the diagram above relates to the branch office / head office scenario in the original thread? From the original thread it seems that EoIP was only being used to address OSPF adjacency. Do you still have PPTP and MPLS links to each branch office? Which ne...
by CelticComms
Mon Jan 19, 2015 1:12 am
Forum: Forwarding Protocols
Topic: BGP Implementation
Replies: 17
Views: 2509

Re: BGP Implementation

BGP will indeed typically be slower to respond than OSPF using default settings. I lost track of your original thread but it seemed at that time that your application was very well suited to OSPF - given that it is a link-state protocol and your application essentially came down to link states. What...
by CelticComms
Wed Jan 14, 2015 3:14 pm
Forum: Beginner Basics
Topic: Vlans and Wireless connections to other buildings
Replies: 1
Views: 523

Re: Vlans and Wireless connections to other buildings

It might be easier to answer if you give specific examples of what you have configured and what isn't working.
by CelticComms
Wed Jan 14, 2015 3:10 pm
Forum: Forwarding Protocols
Topic: Conflicting bandwidth tests
Replies: 4
Views: 930

Re: Conflicting bandwidth tests

If possible, try to do the tests from both a point beyond A and a point beyond D. Involving the routers in generating or sinking TCP traffic affects the accuracy of the results.

Also do a comparison with UDP. Since UDP does not use windowing it should not be affected by latency etc.
by CelticComms
Tue Jan 13, 2015 7:16 am
Forum: Forwarding Protocols
Topic: BGP MED / Path Selection
Replies: 4
Views: 1240

Re: BGP MED / Path Selection

in this thread http://forum.mikrotik.com/viewtopic.php?f=14&t=70658 a mikrotik employee writes that MED is only taken into account when the neighboring AS in AS_PATH is equal. MED is an optional non-transitive attribute so it is not passed (say) from AS #1 by AS #2 to AS #3. Thus it would not reall...
by CelticComms
Tue Jan 13, 2015 7:02 am
Forum: Forwarding Protocols
Topic: Conflicting bandwidth tests
Replies: 4
Views: 930

Re: Conflicting bandwidth tests

What are the latency figures like on the various hops? How do those figures look under the loads described? Are you seeing packet drops under load?
by CelticComms
Mon Dec 29, 2014 4:52 pm
Forum: Forwarding Protocols
Topic: PBR and VRF
Replies: 3
Views: 1048

Re: PBR and VRF

It might be a good idea to express the question differently - it might be clearer then.
by CelticComms
Tue Dec 09, 2014 4:00 pm
Forum: General
Topic: How to redirect traffic from googledns to other dns provider
Replies: 6
Views: 1408

Re: How to redirect traffic from googledns to other dns prov

You have the src port in the rule - should be dst port. The client could use a variety of ports as the src port.
by CelticComms
Tue Dec 09, 2014 5:13 am
Forum: General
Topic: How to redirect traffic from googledns to other dns provider
Replies: 6
Views: 1408

Re: How to redirect traffic from googledns to other dns prov

Use destination NAT rules in IP Firewall.
by CelticComms
Tue Dec 09, 2014 5:10 am
Forum: Forwarding Protocols
Topic: Multiple WAN query
Replies: 1
Views: 561

Re: Multiple WAN query

You can probably use a mangle rule to force the traffic from one LAN IP to a particular ISP.
by CelticComms
Tue Dec 09, 2014 5:06 am
Forum: Forwarding Protocols
Topic: How to send out default route ospf when using full bgp?
Replies: 3
Views: 904

Re: How to send out default route ospf when using full bgp?

If using distribute-always also consider what you want to happen if the upstream fails - especially if there is only one upstream available at that location.
by CelticComms
Tue Dec 09, 2014 4:55 am
Forum: Forwarding Protocols
Topic: newbie! opening ports but now working
Replies: 4
Views: 700

Re: newbie! opening ports but now working

Make sure that you are also allowing the traffic in the forward chain. Adding DST NAT rules only does the DST NAT part of the job - the firewall also has to permit the traffic.
by CelticComms
Sat Nov 22, 2014 1:34 pm
Forum: Beginner Basics
Topic: Mikrotik RB2011 UniFi 2 SSID and Local Network
Replies: 6
Views: 3270

Re: Mikrotik RB2011 UniFi 2 SSID and Local Network

Have you looked at the switch chip functions on the RB2011? It looks as if some of those bridging operations could be carried out at wire speed using the switch.

http://wiki.mikrotik.com/wiki/Manual:Sw ... p_Features
by CelticComms
Mon Nov 10, 2014 7:19 am
Forum: General
Topic: How do I know what fiber a Mikrotik SFP will work with?
Replies: 7
Views: 2382

Re: How do I know what fiber a Mikrotik SFP will work with?

What distances are you considering and are you talking about patch cables or premises fibre?
by CelticComms
Sun Nov 09, 2014 8:03 pm
Forum: Forwarding Protocols
Topic: Redundancy Failover question
Replies: 10
Views: 3232

Re: Redundancy Failover question

That is certainly a possibility. You then have to decide how to deal with certain failure scenarios. e.g. If the power is pulled on R1 then obviously R2 should step up and become the primary IP on all those networks. On the other hand, do you want the possibility of a failure scenario where R2 becom...
by CelticComms
Fri Nov 07, 2014 9:06 am
Forum: General
Topic: NAT subnet rather than out-interface
Replies: 4
Views: 1065

Re: NAT subnet rather than out-interface

I think that you have the general idea. Say you have two RFC1918 networks on two different interfaces. You may want to SRC NAT traffic from them both when leaving via the ISP WAN interface but you may not want to SRC NAT traffic between them when the networks communicate with each other. In this cas...
by CelticComms
Tue Nov 04, 2014 10:13 pm
Forum: Wireless Networking
Topic: FYI: wireless in vlan - perversion config
Replies: 8
Views: 2036

Re: FYI: wireless in vlan - perversion config

You seem to have added VLAN 4 to the WLAN interface.

You should:

Enable VLAN 4 on the Switch CPU interface - it should be tagged.
Add a VLAN 4 interface to the Ether 2 interface.
Bridge the VLAN 4 interface created above to the WLAN interface using a bridge.
by CelticComms
Tue Nov 04, 2014 3:22 pm
Forum: Forwarding Protocols
Topic: Can't establish a BGP session
Replies: 2
Views: 1953

Re: Can't establish a BGP session

The device is attempting a BGP connection rather than "connected". If the connection succeeds it should move to status "Established".

Check the BGP peer details either end and check that the firewall is not blocking the connection.
by CelticComms
Wed Oct 29, 2014 5:41 pm
Forum: Wireless Networking
Topic: FYI: wireless in vlan - perversion config
Replies: 8
Views: 2036

Re: FYI: wireless in vlan - perversion config

You need to make sure in the switch settings that the VLAN is presented on the CPU interface - which will appear as Ether2 to ROS. If you have it appear as tagged on the CPU interface then use a VLAN interface on Ether2 to select the VLAN for bridging to the WLAN.
by CelticComms
Wed Oct 29, 2014 5:24 pm
Forum: Wireless Networking
Topic: FYI: wireless in vlan - perversion config
Replies: 8
Views: 2036

Re: FYI: wireless in vlan - perversion config

In your config Ether2 is the master. You can enable the VLAN on Ether2 and bridge it directly to the WLAN.
by CelticComms
Wed Oct 29, 2014 3:53 pm
Forum: Wireless Networking
Topic: FYI: wireless in vlan - perversion config
Replies: 8
Views: 2036

Re: FYI: wireless in vlan - perversion config

OK - but why not just bridge the WLAN interface to a VLAN4 interface on Ether2? You are still using a software bridge either way.
by CelticComms
Wed Oct 29, 2014 5:02 am
Forum: Beginner Basics
Topic: dstnat only going half way
Replies: 8
Views: 2058

Re: dstnat only going half way

The forward rule needs to include the IP/port after DST NAT. I think you have it with the correct IP but the pre-conversion port. Try changing the port to 80.
by CelticComms
Wed Oct 29, 2014 4:23 am
Forum: Forwarding Protocols
Topic: Traffic comming through wrong interface/route on BGP router
Replies: 2
Views: 1278

Re: Traffic comming through wrong interface/route on BGP rou

You are determining the outbound path based on the routes provided by the upstream but the return path depends on the effective routing applied at the upstream provider's router. The intermediate routers have no notion of "connections" so they simply follow their routing rules. It sounds as if the r...
by CelticComms
Tue Oct 21, 2014 9:47 pm
Forum: General
Topic: (Solved) URGENT something is blocking my LAN network
Replies: 4
Views: 809

Re: URGENT something is blocking my LAN network

Any unusual CPU load or WAN load? Any pattern connecting those who can connect and those who cannot?
by CelticComms
Tue Oct 21, 2014 8:49 pm
Forum: General
Topic: (Solved) URGENT something is blocking my LAN network
Replies: 4
Views: 809

Re: URGENT something is blocking my LAN network

Is the LAN interface showing an active link? Does torch show any activity?
by CelticComms
Tue Oct 21, 2014 5:12 pm
Forum: Beginner Basics
Topic: dstnat only going half way
Replies: 8
Views: 2058

Re: dstnat only going half way

It is not a new requirement. Perhaps you were not dropping forward chain traffic before.

Check the rule order and make sure that the permit rule is before the drop invalid connections rule.
by CelticComms
Tue Oct 21, 2014 2:21 pm
Forum: Beginner Basics
Topic: dstnat only going half way
Replies: 8
Views: 2058

Re: dstnat only going half way

That is the problem. In addition to the DST NAT rule you need to have a rule in the forward chain which permits the traffic to the DST NATed address. e.g. a rule which specifies the in-interface and the destination address/port (after DST NATing). Without that the traffic is blocked as an invalid co...
by CelticComms
Mon Oct 20, 2014 4:28 pm
Forum: Beginner Basics
Topic: dstnat only going half way
Replies: 8
Views: 2058

Re: dstnat only going half way

In addition to the destination NAT entries you need to make sure that you are allowing the traffic in the forward chain of IP Firewall.
by CelticComms
Sat Oct 18, 2014 5:21 am
Forum: General
Topic: Vlan trunk from CISCO to MT doesn't work
Replies: 6
Views: 1161

Re: Vlan 203 from CISCO to MT

I'm not sure what your config is now...... My last post was indicating that you should removea particular setting - not remove the VLAN itself. To present a standard 802.1Q frame you should have use-service-tag=no.
by CelticComms
Fri Oct 17, 2014 4:48 pm
Forum: Forwarding Protocols
Topic: OSPF over IP-Tunnel - How?
Replies: 1
Views: 1168

Re: OSPF over IP-Tunnel - How?

One example would be to use GRE interfaces at A & C. The IPsec tunnel can then secure the GRE traffic but the GRE interfaces allow you to create an A<>C subnet and even run routing protocols on the GRE interfaces.
by CelticComms
Wed Oct 15, 2014 5:32 pm
Forum: Forwarding Protocols
Topic: Is this scenario resolved with RIPv2?
Replies: 2
Views: 1003

Re: Is this scenario resolved with RIPv2?

You could use RIPv2 - you simply don't have a lot of control over route metrics since RIPv2 uses hop count. It also tends to converge rather slowly after a network disturbance.
by CelticComms
Tue Oct 14, 2014 5:59 am
Forum: General
Topic: Vlan trunk from CISCO to MT doesn't work
Replies: 6
Views: 1161

Re: Vlan 203 from CISCO to MT

Set use-service-tag=no or uncheck it in Winbox.
by CelticComms
Mon Oct 06, 2014 10:27 pm
Forum: Wireless Networking
Topic: 2 Ptp links and I lose half the bandwidth
Replies: 3
Views: 888

Re: 2 Ptp links and I lose half the bandwidth

What kind of test did you carry out? What was the source and target? TCP? UDP? Are the links full or duplex?
by CelticComms
Mon Oct 06, 2014 4:45 pm
Forum: RouterBOARD hardware
Topic: Cloud Core routers advice needed for hospital in Africa
Replies: 2
Views: 1021

Re: Cloud Core routers advice needed for hospital in Africa

Without expected traffic loads for the application(s) in use it is hard to say what is adequate. That being said, A 10G backbone seems reasonable. Some comments: Based on the average floor size implied by the figures the distance between the distribution switches and access switches may sometimes be...
by CelticComms
Sat Oct 04, 2014 6:39 am
Forum: General
Topic: Vlan trunk from CISCO to MT doesn't work
Replies: 6
Views: 1161

Re: Vlan 203 from CISCO to MT

Did the ISP tell you that your traffic will be on VLAN 203?
by CelticComms
Sat Oct 04, 2014 6:37 am
Forum: Forwarding Protocols
Topic: Multi-homed BGP - incoming using wrong path
Replies: 9
Views: 2201

Re: Multi-homed BGP - incoming using wrong path

Try using something like HE's BGP looking glass:

http://lg.he.net/
by CelticComms
Thu Oct 02, 2014 3:25 pm
Forum: Forwarding Protocols
Topic: Multi-homed BGP - incoming using wrong path
Replies: 9
Views: 2201

Re: Multi-homed BGP - incoming using wrong path

Did you check that the AS prepending was being seen correctly when you looked at routes from an external perspective?

AS prepending and MED are the most common tools for controlling inbound traffic sessions.
by CelticComms
Tue Sep 30, 2014 4:52 pm
Forum: Beginner Basics
Topic: Firewall rule killing PPTP server
Replies: 1
Views: 1925

Re: Firewall rule killing PPTP server

Permit inbound TCP to port 1723 and permit inbound protocol 47 (GRE). Adjust the rules to reflect your WAN as the in-interface and make sure these rules are above the drop all rule. You can add further selection criteria as appropriate (e.g. src address).
by CelticComms
Wed Sep 24, 2014 8:00 pm
Forum: Beginner Basics
Topic: RB1100 Configuration questions
Replies: 7
Views: 1417

Re: RB1100 Configuration questions

maybe this "switch 1 cpu" and "switch 2 cpu" are not related to port11 or port12, they are just "logical". Correct in the sense that they are not available externally. They represent the path between the switch chip and the CPU which is of course a physical path internally. Using those ports you ca...
by CelticComms
Wed Sep 24, 2014 7:34 pm
Forum: Beginner Basics
Topic: RB1100 Configuration questions
Replies: 7
Views: 1417

Re: RB1100 Configuration questions

But still can't tell from it what makes that 11 is related to switch1 and 12 to switch2.
What makes you think that they are?
by CelticComms
Wed Sep 24, 2014 4:16 pm
Forum: Beginner Basics
Topic: RB1100 Configuration questions
Replies: 7
Views: 1417

Re: RB1100 Configuration questions

1. See the description of switch-all-ports at: http://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features 2. The Switch CPU ports affect what traffic (e.g. which VLANs) are seen by the CPU. In effect the switches have 5 external ports plus the "port" that the CPU sees. 3. Ether 11 has a direct CPU pa...
by CelticComms
Tue Sep 23, 2014 2:05 pm
Forum: Beginner Basics
Topic: different Vlan Different subnet
Replies: 4
Views: 1009

Re: different Vlan Different subnet

On your Admin network you probably do not want use-service-tag=yes. Try switching that off.
by CelticComms
Mon Sep 22, 2014 3:56 pm
Forum: General
Topic: Im Being DDOSED
Replies: 8
Views: 1967

Re: Im Being DDOSED

If you detect the incomplete handshake and add the source address to an address list you can simply block those addresses for a time (days) so the future SYN attempts never get to the web server. Servers typically allocate resources when the connection starts so by blocking those requests the web se...
by CelticComms
Mon Sep 22, 2014 3:48 pm
Forum: General
Topic: [SOLVED] Need help configuring routing from WAN NAT
Replies: 12
Views: 2212

Re: Need help configuring routing from WAN NAT

Yes - when you access the camera from the local network it works. When you access from outside the PPPoE connection it doesn't - so you need to make the requests coming from the Internet via PPPoE look to the device at (3) as if the requests came from the 192.168.0.0/24 network. Make sure that you o...
by CelticComms
Mon Sep 22, 2014 2:19 pm
Forum: General
Topic: GW routing.
Replies: 5
Views: 936

Re: GW routing.

The exact method that you use will depend on how you are currently using those multiple ISPs - e.g. are you load balancing across those ISPs? If so you can use mangle rules to identify connections from the Exchange server as belonging to a specific ISP route.
by CelticComms
Mon Sep 22, 2014 1:57 am
Forum: General
Topic: Im Being DDOSED
Replies: 8
Views: 1967

Re: Im Being DDOSED

If you have already taken all the steps that you can at your end of the WAN connection then you may need your ISP / upstream to help. If you are already dropping the traffic as efficiently as possible and not doing anything which is assisting the attack then the attack needs to be dropped before it ...
by CelticComms
Sun Sep 21, 2014 7:56 pm
Forum: General
Topic: GW routing.
Replies: 5
Views: 936

Re: GW routing.

It isn't clear what you mean by "random". Do you have multiple WAN/ISP connections?
by CelticComms
Sun Sep 21, 2014 10:09 am
Forum: General
Topic: How to setup DHCP to use different DNS for different MAC
Replies: 3
Views: 3617

Re: How to setup DHCP to use different DNS for different MAC

Look in the leases - sounds like you already have a static lease for that MAC address.
by CelticComms
Sat Sep 20, 2014 10:50 pm
Forum: General
Topic: How to setup DHCP to use different DNS for different MAC
Replies: 3
Views: 3617

Re: How to setup DHCP to use different DNS for different MAC

First use the Leases tab in DHCP Server to set the "special" device to a static IP. Then copy your existing networks entry in the DHCP Server using Winbox. In the copy change the address to A.B.C.D/32 where AB>B>C>D is the static IP address for the "special" device. Now edit the DNS settings for the...
by CelticComms
Sat Sep 20, 2014 3:33 pm
Forum: Beginner Basics
Topic: different Vlan Different subnet
Replies: 4
Views: 1009

Re: different Vlan Different subnet

You can certainly have multiple DHCP servers in RouterOS. Upload your config.
by CelticComms
Sat Sep 20, 2014 3:30 pm
Forum: General
Topic: [SOLVED] Need help configuring routing from WAN NAT
Replies: 12
Views: 2212

Re: Need help configuring routing from WAN NAT

My comment was that traffic leaving the Mikrotik destined for 192.168.0.200 needs to be source NATed to use the RouterBoard's IP address on that segment connecting the RouterBoard to the TP-Link.
by CelticComms
Thu Sep 18, 2014 4:05 am
Forum: General
Topic: Mikrotik illegal in Canada?
Replies: 12
Views: 2817

Re: Mikrotik illegal in Canada?


Just stay with in the freq reguirements and power output, and who will ever know....
That assumes that the importer doesn't mind making false declarations at the point of import. Not a good long term plan!
by CelticComms
Tue Sep 16, 2014 8:12 pm
Forum: General
Topic: Limit incoming UDP bw
Replies: 3
Views: 752

Re: Limit incoming UDP bw

You can limit what you forward / pass on, but you can't easily limit what arrives at your ingress point without some kind of feedback mechanism or the assistance of your upstream providers.
by CelticComms
Tue Sep 16, 2014 3:28 pm
Forum: General
Topic: [SOLVED] Need help configuring routing from WAN NAT
Replies: 12
Views: 2212

Re: Need help configuring routing from NAT

In addition to using DST NAT to send the traffic to the remote system you probably need to use SRC NAT to make that traffic look as if it came from an address that the remote system knows how to reply to.
by CelticComms
Tue Sep 16, 2014 2:39 pm
Forum: General
Topic: RB433 (IC Plus 175C chip) - VLAN on eth1 not working
Replies: 9
Views: 1515

Re: RB433 (IC Plus 175C chip) - VLAN on eth1 not working

The same goes for any DHCP client. If you have the VLAN interface in a bridge apply the DHCP client to the bridge - not the VLAN directly.
by CelticComms
Mon Sep 15, 2014 8:37 pm
Forum: Forwarding Protocols
Topic: Public IP addresses to host behind a secondary router - BGP?
Replies: 4
Views: 1995

Re: Public IP addresses to host behind a secondary router -

Is your situation exactly as that old post - or are there significant differences?
by CelticComms
Mon Sep 15, 2014 8:00 pm
Forum: General
Topic: RB433 (IC Plus 175C chip) - VLAN on eth1 not working
Replies: 9
Views: 1515

Re: RB433 (IC Plus 175C chip) - VLAN on eth1 not working

You seem to have the management VLAN in a bridge. If you want to do that then apply the IP address to the management bridge. Otherwise remove the management VLAN from the bridge and leave the IP address on the VLAN interface itself.
by CelticComms
Mon Sep 15, 2014 4:58 pm
Forum: General
Topic: RB433 (IC Plus 175C chip) - VLAN on eth1 not working
Replies: 9
Views: 1515

Re: RB433 (IC Plus 175C chip) - VLAN on eth1 not working

Try posting the config (output from /export compact) so we can see what is going on.
by CelticComms
Mon Sep 15, 2014 2:41 pm
Forum: General
Topic: RB433 (IC Plus 175C chip) - VLAN on eth1 not working
Replies: 9
Views: 1515

Re: RB433 (IC Plus 175C chip) - VLAN on eth1 not working

Is Ether1 a port member of a bridge?
by CelticComms
Sat Sep 13, 2014 6:19 pm
Forum: Forwarding Protocols
Topic: Suggestions on how to implement redundant backbones
Replies: 4
Views: 1393

Re: Suggestions on how to implement redundant backbones

Given what you have said it seems that you will have to NAT the traffic to your backup ISP. Both gateways can advertise default routes but you can adjust the cost of the backup gateway's default route advertisement so that it only comes into play if the primary fails. The details depend on your topo...
by CelticComms
Sat Sep 13, 2014 4:13 pm
Forum: RouterBOARD hardware
Topic: FTC w/RouterOS?
Replies: 4
Views: 1490

Re: FTC w/RouterOS?

GE support?
Yes.
by CelticComms
Sat Sep 13, 2014 1:59 pm
Forum: RouterBOARD hardware
Topic: FTC w/RouterOS?
Replies: 4
Views: 1490

Re: FTC w/RouterOS?

It is a media converter - not a full layer 3 device - so the answer is no. It has an SFP slot and an Ethernet connector - and the case is waterproof.
by CelticComms
Fri Sep 12, 2014 4:25 pm
Forum: General
Topic: Mikrotik illegal in Canada?
Replies: 12
Views: 2817

Re: Mikrotik illegal in Canada?

I've had to deal with problems caused by this issue in the past (different manufacturer). Industry Canada certification / registration is indeed required for RF equipment sold in Canada. Sometimes the exact FCC test report can be used if it isn't over a year old - but the equipment still needs to go...
by CelticComms
Mon Sep 08, 2014 3:50 pm
Forum: Beginner Basics
Topic: Migrate CISCO 2800 to Mikrotik CCR1036-12G-4S
Replies: 3
Views: 1227

Re: Migrate CISCO 2800 to Mikrotik CCR1036-12G-4S

If all you need it to do is route then configuring interfaces with the WAN and LAN settings you describe and adding a default route to 0.0.0.0/0 via 189.87.255.185 will do that.
by CelticComms
Mon Sep 08, 2014 3:10 pm
Forum: Forwarding Protocols
Topic: In which area to put GW? Backbone o NSSA?
Replies: 7
Views: 1412

Re: In which area to put GW? Backbone o NSSA?

From your description you should just leave these devices in the backbone.
by CelticComms
Sun Sep 07, 2014 10:19 pm
Forum: Forwarding Protocols
Topic: Multihomming problem
Replies: 1
Views: 596

Re: Multihomming problem

What you describe would be true for packets coming from the router itself at 92.81.21.113 if those packets show a source IP of 92.81.21.113 which is an ARPable destination for your router. However packets from further afield will be subject to the normal routing rules.
by CelticComms
Sun Sep 07, 2014 4:51 pm
Forum: Forwarding Protocols
Topic: DVR Setup
Replies: 4
Views: 1700

Re: DVR Setup

Add a filter in IP / Firewall / Filters. It should be on the forward chain and specify the dst address / port as that of your DVR. Set the action to accept. You can also further limit the filter depending on what you want to allow.
by CelticComms
Sun Sep 07, 2014 2:40 pm
Forum: Forwarding Protocols
Topic: DVR Setup
Replies: 4
Views: 1700

Re: DVR Setup

You also need to allow the traffic to the DVR's address in the forward chain.
by CelticComms
Sat Sep 06, 2014 5:17 pm
Forum: Forwarding Protocols
Topic: In which area to put GW? Backbone o NSSA?
Replies: 7
Views: 1412

Re: In which area to put GW? Backbone o NSSA?

"Gateway" is a very generic term. Try to provide more information on your topology, host density, IP addressing structure etc. .
by CelticComms
Wed Sep 03, 2014 7:15 pm
Forum: Forwarding Protocols
Topic: Some sites not working
Replies: 8
Views: 1479

Re: Some sites not working

By second BGP router are you referring to the router at 10.12.130.254 which is also running OSPF? Did you set this system up or did somebody else? I suspect that somewhere you have entries for those "problem" networks and they are creating a routing loop. You should be able to determine the sources ...
by CelticComms
Wed Sep 03, 2014 5:25 am
Forum: Forwarding Protocols
Topic: Some sites not working
Replies: 8
Views: 1479

Re: Some sites not working

I suspect that at some point certain networks had static entries added and you are now seeing confusion caused by those entries being passed in iBGP. Check the second BGP router for any routing entries involving the affected networks.
by CelticComms
Tue Sep 02, 2014 10:41 pm
Forum: General
Topic: Forward all the port
Replies: 4
Views: 740

Re: Forward all the port

I suggest that you upload the IP Firewall settings - output from /export compact.
by CelticComms
Tue Sep 02, 2014 10:37 pm
Forum: Forwarding Protocols
Topic: Some sites not working
Replies: 8
Views: 1479

Re: Some sites not working

OK - but the clues as to why it is sending the traffic that way can be seen in the routing table.
by CelticComms
Tue Sep 02, 2014 9:47 pm
Forum: Forwarding Protocols
Topic: Some sites not working
Replies: 8
Views: 1479

Re: Some sites not working

Look at your routing tables on both these routers and determine by the BGP router is sending that traffic back to the internal router.
by CelticComms
Tue Sep 02, 2014 9:44 pm
Forum: General
Topic: Forward all the port
Replies: 4
Views: 740

Re: Forward all the port

Your layout isn't exactly clear. Where is the PPPoE server in relation to these items? PPPoE is PPP...over Ethernet. There needs to be a layer 2 path to the PPPoE server.
by CelticComms
Mon Sep 01, 2014 6:01 pm
Forum: Beginner Basics
Topic: how add pptp in IP services
Replies: 7
Views: 1323

Re: how add pptp in IP services

I don't think that the RouterOS PPTP implementation lets you change the ports on the PPTP service itself. Sometimes the ports are complied into the PPTP module. You could consider a NAT arrangement but I would check that the clients support different ports first - not all do.
by CelticComms
Sun Aug 31, 2014 8:12 pm
Forum: Beginner Basics
Topic: RC4 vs AES256-CBC for SSTP
Replies: 1
Views: 1132

Re: RC4 vs AES256-CBC for SSTP

RC4 is simple and fast but it has many issues and is often now regarded as insecure.
by CelticComms
Sun Aug 31, 2014 3:56 pm
Forum: Beginner Basics
Topic: how add pptp in IP services
Replies: 7
Views: 1323

Re: how add pptp in IP services

Thanks for reply but i mean the services ports
The ports are preset in the PPTP server. Were you looking for a way to move the PPTP server from the standard ports?
by CelticComms
Sun Aug 31, 2014 5:38 am
Forum: General
Topic: Two mailservers behind one routerboard with two public IPs
Replies: 3
Views: 1342

Re: Two mailservers behind one routerboard with two public I

If the servers are looking up the MX record for the domain(s) handled by the other server and getting the public IP you may be seeing an issue related to the need for hairpin NAT:

http://wiki.mikrotik.com/wiki/Hairpin_NAT
by CelticComms
Sun Aug 31, 2014 5:34 am
Forum: Beginner Basics
Topic: how add pptp in IP services
Replies: 7
Views: 1323

Re: how add pptp in IP services

To add a PPTP server on the RouterBoard? In Winbox you add it in the PPP menu.
by CelticComms
Fri Aug 29, 2014 2:45 pm
Forum: General
Topic: Port Forwarding done right?
Replies: 17
Views: 9802

Re: Port Forwarding done right?

What does the Plex unit have set as its default gateway?
by CelticComms
Fri Aug 29, 2014 5:51 am
Forum: General
Topic: Multiple utp pairs all together?
Replies: 1
Views: 716

Re: Multiple utp pairs all together?

There are plenty of CAT5/5e/6 cables with more than 4 pairs. Remember the 100m segment limit too.
by CelticComms
Fri Aug 29, 2014 5:46 am
Forum: General
Topic: Port Forwarding done right?
Replies: 17
Views: 9802

Re: Port Forwarding done right?

Try uploading the config - output from /export compact. It conveys a lot of info in less space than screenshots.
by CelticComms
Thu Aug 28, 2014 6:03 pm
Forum: General
Topic: Port Forwarding done right?
Replies: 17
Views: 9802

Re: Port Forwarding done right?

You want to make sure that traffic entering the WAN port is allowed to be forwarded to the internal private IP address / port that is the destination in your DST NAT rule.
by CelticComms
Thu Aug 28, 2014 2:54 pm
Forum: General
Topic: Port Forwarding done right?
Replies: 17
Views: 9802

Re: Port Forwarding done right?

Traffic to the DST NATed address also needs to be allowed in the forward chain. Try adding a specific accept rule for that traffic.

Your forward chain could also do with some attention to make it more secure.
by CelticComms
Thu Aug 28, 2014 2:48 pm
Forum: Forwarding Protocols
Topic: OSPF neighbourship flapping between 2-WAY and EXCHANGE state
Replies: 5
Views: 2572

Re: OSPF neighbourship flapping between 2-WAY and EXCHANGE s

Try updating ROS so both are at the same reasonably current version. Then upload the relevant configs.

Some combinations of earlier versions of ROS 6 seemed to be able to produce some odd OSPF conditions.
by CelticComms
Thu Aug 28, 2014 7:10 am
Forum: Beginner Basics
Topic: Accessing xyz.com:123 xyz.com:456 from inside the network
Replies: 10
Views: 1524

Re: Accessing xyz.com:123 xyz.com:456 from inside the networ

You do not have to use dst-address-type. In this case I suspect it is working because you didn't have the dst-address itself specified.

dst-address-type local means the address is allocated to one of the router's interfaces.
by CelticComms
Thu Aug 28, 2014 6:55 am
Forum: General
Topic: TCP connection
Replies: 1
Views: 465

Re: TCP connection

This is the attempted start of a PPTP session. No signs it completed.
by CelticComms
Wed Aug 27, 2014 6:09 pm
Forum: Beginner Basics
Topic: IP Forward
Replies: 1
Views: 652

Re: IP Forward

You also need to allow the traffic to your DST NAT destination in the forward chain of the firewall.
by CelticComms
Sun Aug 24, 2014 1:08 am
Forum: General
Topic: CRS 125-24G-1S Bridging
Replies: 1
Views: 460

Re: CRS 125-24G-1S Bridging

Are you sure that you want to bridge 18 ports? Using the switch chip would use a lot less CPU.

As regards the bridge/IP issue - can you upload the config?
by CelticComms
Sat Aug 23, 2014 10:39 pm
Forum: General
Topic: Assign Public IP
Replies: 6
Views: 1165

Re: Assign Public IP

What you can and cannot do depends on whether the /29s are presented on your WAN interface or routed to you via some other IP. If they are not routed but are presented directly on the link network you do need proxy arp. If they are routed to you then you can certainly allocate individual addresses t...
by CelticComms
Sat Aug 23, 2014 12:33 am
Forum: Forwarding Protocols
Topic: PPTP and OSPF issue
Replies: 7
Views: 2268

Re: PPTP and OSPF issue

Can you show the routing tables for both ends? I don't see the branch local network explicitly being advertised so assume you have some static routes involved in the routing process.
by CelticComms
Fri Aug 22, 2014 9:13 am
Forum: RouterBOARD hardware
Topic: The new top secret RBcAP2n
Replies: 13
Views: 6654

Re: The new top secret RBcAP2n

N

I am looking forward to hearing more from Normis at MUM. :)
If "more" concerns a dual-band version then +1..........
by CelticComms
Thu Aug 21, 2014 8:17 pm
Forum: Beginner Basics
Topic: Subnet/VLAN on sfp1 - RB2011
Replies: 2
Views: 938

Re: Subnet/VLAN on sfp1 - RB2011

Do you simply want a different subnet - or do you actually want a VLAN? You can create a different subnet on any interface simply by ensuring that the interface is not slaved and giving it its own IP/Mask. If you want a VLAN you can create a VLAN interface on the SFP port - then give it an IP/mask l...
by CelticComms
Wed Aug 20, 2014 10:10 pm
Forum: Beginner Basics
Topic: Multiple Local Addresses and DHCP
Replies: 1
Views: 443

Re: Multiple Local Addresses and DHCP

Try to provide more information regarding how these addresses/networks are configured. Perhaps output from /export compact. It isn't clear if you are using multiple interfaces or overlaying networks on a single interface.
by CelticComms
Wed Aug 20, 2014 6:32 pm
Forum: Forwarding Protocols
Topic: Change TTL of ping command
Replies: 14
Views: 10716

Re: Change TTL of ping command

With my suggestion, users cant ping only your routers and trace doesnt show internal routers because the firewall is in the input chain. they can ping external addresses. It will stop them being able to ping the internal routers directly but it will not stop those routers showing up in a typical tr...
by CelticComms
Wed Aug 20, 2014 3:02 pm
Forum: Beginner Basics
Topic: Is there any way to set priority to the ethernet ports?
Replies: 2
Views: 1155

Re: Is there any way to set priority to the ethernet ports?

Bridge port priority is used in spanning tree protocol - it is not a QOS setting.
by CelticComms
Tue Aug 19, 2014 7:59 am
Forum: General
Topic: VAP and VLAN Question
Replies: 5
Views: 979

Re: VAP and VLAN Question

RouterOS doesn't always make life easy if trying to bridge the interface that a VLAN is declared on.

On the 912s try placing the VLANs on the bridge that has Ether1 as a port (rather than on Ether1 itself) and see if the behavior is any different.
by CelticComms
Tue Aug 19, 2014 7:51 am
Forum: General
Topic: VLANS and switch ports
Replies: 2
Views: 629

Re: VLANS and switch ports

You would also assign those VLANs to the switch's CPU port so that the interface seen by RouterOS can see them.
by CelticComms
Mon Aug 18, 2014 4:55 pm
Forum: Beginner Basics
Topic: More Dual WAN questions from noobs
Replies: 11
Views: 2482

Re: More Dual WAN questions from noobs

Try using the ISP gateway addresses as the test addresses. You should always be able to ping those using the relevant ISP connections when they are available even if the default route for that ISP is not active.
by CelticComms
Mon Aug 18, 2014 3:41 pm
Forum: Beginner Basics
Topic: More Dual WAN questions from noobs
Replies: 11
Views: 2482

Re: More Dual WAN questions from noobs

If a script forces which interface to use then it can ping addresses using either ISP. However if you are pinging from a client the router will only be using the currently active ISP. If you ping the ISP gateways that traffic will go via the corresponding ISP interface because the routes to those li...
by CelticComms
Mon Aug 18, 2014 2:30 pm
Forum: General
Topic: Port Forwarding Advice Needed
Replies: 5
Views: 1131

Re: Port Forwarding Advice Needed

In addition to the DST NAT rules you would need to allow the traffic in the forward chain (IP Firewall / Filters).
by CelticComms
Mon Aug 18, 2014 1:47 pm
Forum: General
Topic: Destination NAT without Source IP Change
Replies: 1
Views: 520

Re: Destination NAT without Source IP Change

It sounds as if you also have source NAT/Masquerade affecting the traffic heading to the internal network. Try posting your NAT rules.
by CelticComms
Mon Aug 18, 2014 6:04 am
Forum: General
Topic: mark connection and packet. [need help]
Replies: 1
Views: 393

Re: mark connection and packet. [need help]

What have you tried?
by CelticComms
Sun Aug 17, 2014 11:39 pm
Forum: General
Topic: Researching Potential Office Firewall/Router Solutions
Replies: 34
Views: 3592

Re: Researching Potential Office Firewall/Router Solutions

It should be similar to the forward chain rules that you showed earlier but you want to use the internal IP for the dst-address - along with the port. You can also specify the WAN interface as the in-interface.

Are you using Winbox?
by CelticComms
Sun Aug 17, 2014 11:10 pm
Forum: General
Topic: Researching Potential Office Firewall/Router Solutions
Replies: 34
Views: 3592

Re: Researching Potential Office Firewall/Router Solutions

I did the below, and i tried it on my home router, but now my NAT rules are blocked by this new forward chain Correct - you also need to add forward rules to permit the DST NATed traffic. These should use the internal IP as one of the selective elements since DST NAT occurs before the forward chain.
by CelticComms
Sun Aug 17, 2014 10:59 pm
Forum: General
Topic: Researching Potential Office Firewall/Router Solutions
Replies: 34
Views: 3592

Re: Researching Potential Office Firewall/Router Solutions

A filter rule where you specify the in interface and out interface.
by CelticComms
Sun Aug 17, 2014 10:52 pm
Forum: General
Topic: Researching Potential Office Firewall/Router Solutions
Replies: 34
Views: 3592

Re: Researching Potential Office Firewall/Router Solutions

Right direction - but you would probably want to allow NEW connections LAN>WAN.
by CelticComms
Sun Aug 17, 2014 10:46 pm
Forum: General
Topic: Researching Potential Office Firewall/Router Solutions
Replies: 34
Views: 3592

Re: Researching Potential Office Firewall/Router Solutions

Yes you should control the forward chain too - even any cheap consumer router does so.
by CelticComms
Sun Aug 17, 2014 10:34 pm
Forum: General
Topic: Researching Potential Office Firewall/Router Solutions
Replies: 34
Views: 3592

Re: Researching Potential Office Firewall/Router Solutions

Examples: If one of the public IPs is used to connect to the router itself (say Winbox) then that traffic would go through the input chain. However,if for example you DST NATed the IP to an internal address then the traffic would go through the forward chain.
by CelticComms
Sun Aug 17, 2014 10:17 pm
Forum: General
Topic: Researching Potential Office Firewall/Router Solutions
Replies: 34
Views: 3592

Re: Researching Potential Office Firewall/Router Solutions

No - you don't have the function of the chains clear. Have a look at this and look at the chain descriptions.

http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Filter

The forward chain is traffic passing through the router. The input chain is for traffic destined for the router itself.
by CelticComms
Sun Aug 17, 2014 9:53 pm
Forum: General
Topic: Researching Potential Office Firewall/Router Solutions
Replies: 34
Views: 3592

Re: Researching Potential Office Firewall/Router Solutions

So yes I am blocking everything from coming in, ........
Not with the filter rules you showed above! The input chain only covers traffic to the router itself. At the moment the forward chain is pretty much open so for instance inbound WAN>LAN traffic is not being restricted.
by CelticComms
Sun Aug 17, 2014 8:03 pm
Forum: General
Topic: Vlan Interfaces Disappearing
Replies: 9
Views: 2380

Re: Vlan Interfaces Disappearing

I saw an odd behavior on VLANs on an earlier v6.xx at one point - I suggest that you update the ROS version and see if the problem disappears.
by CelticComms
Sun Aug 17, 2014 7:41 pm
Forum: General
Topic: Researching Potential Office Firewall/Router Solutions
Replies: 34
Views: 3592

Re: Researching Potential Office Firewall/Router Solutions

I think you are misunderstanding. At the moment the forward chain rules that you have in place means that the device is not behaving like a firewall - it is behaving pretty much like a router in that it will forward packets among ports with only one restriction regarding SMTP. A typical firewall con...
by CelticComms
Sun Aug 17, 2014 6:03 pm
Forum: General
Topic: Vlan Interfaces Disappearing
Replies: 9
Views: 2380

Re: Vlan Interfaces Disappearing

Are you looking in Winbox or at the command line?
by CelticComms
Sun Aug 17, 2014 4:36 pm
Forum: General
Topic: Proxy ARP question
Replies: 2
Views: 565

Re: Proxy ARP question

Will a Mikrotik router respond to ARP requests to an IP not directly connect if it has a route to that IP?
It will.
I have this requirement (I tested it in GNS3 with Cisco and it seems to work, not sure if this is by design or not).
It is by design.
by CelticComms
Sun Aug 17, 2014 3:50 pm
Forum: General
Topic: Researching Potential Office Firewall/Router Solutions
Replies: 34
Views: 3592

Re: Researching Potential Office Firewall/Router Solutions

When you look at the forward chain rule you would expect to see a drop rule at the end (lowest on the list). That rule is not qualified with any selection criteria - it just says action=drop. Thus only traffic which has been specifically identified to be accepted in earlier (higher) rules will be pe...
by CelticComms
Sun Aug 17, 2014 6:59 am
Forum: General
Topic: Researching Potential Office Firewall/Router Solutions
Replies: 34
Views: 3592

Re: Researching Potential Office Firewall/Router Solutions

If you want the device to be a firewall then your forward chain should start with a drop command and then only place accept rules for the traffic that you want to permit above that. Good to hear that the "boss" isn't wed to 1999 style network browsing. Now if you can just persuade him that the remot...
by CelticComms
Sun Aug 17, 2014 1:15 am
Forum: General
Topic: Researching Potential Office Firewall/Router Solutions
Replies: 34
Views: 3592

Re: Researching Potential Office Firewall/Router Solutions

on the boss house the EoIP end is on bridge with one ethernet or one VirtualAP. That would certainly be preferable - even better if we can lock that port to permitted client MAC addresses. If however the "office" has two servers then I would personally still advocate shortcuts & WINS and save the e...
by CelticComms
Sun Aug 17, 2014 12:52 am
Forum: General
Topic: Researching Potential Office Firewall/Router Solutions
Replies: 34
Views: 3592

Re: Researching Potential Office Firewall/Router Solutions

Taylor mentioned "as if he was connected", which usually doesn't imply access using IP addresses. From own experiences I can tell you, bosses want browsing, visible names in My Network and so on. The irony is that in networks small enough for such browsing to be useful it is fairly trivial to make ...
by CelticComms
Sat Aug 16, 2014 5:09 pm
Forum: General
Topic: Researching Potential Office Firewall/Router Solutions
Replies: 34
Views: 3592

Re: Researching Potential Office Firewall/Router Solutions

You all obviously discarded the most important request for Taylor's network: His boss has to be able to browse the network from home. That requires all machines to be on the same network so that windows can resolve machine names via SMB broadcasts. Browsing which will not work on MT anyway, because...
by CelticComms
Fri Aug 15, 2014 11:58 pm
Forum: General
Topic: Mikrotik tree queues adding latency
Replies: 2
Views: 913

Re: Mikrotik tree queues adding latency

Even if the queue limit isn't being triggered the system is still going through the motions of deciding which packet is next - and taking decisions about which traffic to include in the queue. How much change you will see depends on many factors and you have not really given enough detail to determi...
by CelticComms
Fri Aug 15, 2014 11:52 pm
Forum: General
Topic: Maximum number of NAT users / sessions
Replies: 9
Views: 10624

Re: Maximum number of NAT users / sessions

The socket pair (both ends of the communication) has to be unique for a session but not the socket at one end. Clearly, one IP and port number on one system can have multiple sessions provided that those sessions are terminated into different sockets at the far end.
by CelticComms
Fri Aug 15, 2014 9:57 pm
Forum: Scripting
Topic: i think i am hacked, my NAT goes down automatically
Replies: 7
Views: 1534

Re: i think i am hacked, my NAT goes down automatically

Look in the log and see if somebody has accessed the system.
by CelticComms
Fri Aug 15, 2014 4:26 pm
Forum: Wireless Networking
Topic: Wireless not compatable with WX670/WX680 payment terminals
Replies: 4
Views: 823

Re: Wireless not compatable with WX670/WX680 payment termina

The terminals may be using power saving mode - perhaps a compatibility issue there?
by CelticComms
Fri Aug 15, 2014 7:53 am
Forum: General
Topic: Researching Potential Office Firewall/Router Solutions
Replies: 34
Views: 3592

Re: Researching Potential Office Firewall/Router Solutions

Change one or both of the subnets and save a lot of grief. Having them the same will cause issues for all sorts of VPN gateways - not just RouterOS. The issues can sometimes be worked around - but best to simply avoid them.
by CelticComms
Fri Aug 15, 2014 7:15 am
Forum: Wireless Networking
Topic: Wireless not compatable with WX670/WX680 payment terminals
Replies: 4
Views: 823

Re: Wireless not compatable with WX670/WX680 payment termina

Random thought. Do you have the Mikrotik set to support B/G? Many old terminals do not support N.
by CelticComms
Fri Aug 15, 2014 7:00 am
Forum: General
Topic: CCR cannot perform routing
Replies: 9
Views: 1293

Re: CCR cannot perform routing

Do you have any filters set on the forward chain in /IP Firewall?
by CelticComms
Thu Aug 14, 2014 8:28 pm
Forum: General
Topic: 750UP bridge works local, not across network
Replies: 2
Views: 406

Re: 750UP bridge works local, not across network

It needs a default route to be reply to hosts which are not on its own subnet.

Note that using the switch chip where possible would use less CPU than bridging all ports.
by CelticComms
Thu Aug 14, 2014 4:12 pm
Forum: Beginner Basics
Topic: Bridging SSID to one VLAN on a trunk
Replies: 1
Views: 585

Re: Bridging SSID to one VLAN on a trunk

In your switch config add the necessary VLANs to the CPU port. You want the VLANs tagged at this point so use the same settings as for trunks. Then add VLAN interfaces to the to the port that RouterOS uses to communicate with the switch (master port). Now bridge each VLAN interface to the relevant W...
by CelticComms
Thu Aug 14, 2014 3:34 pm
Forum: Forwarding Protocols
Topic: Change TTL of ping command
Replies: 14
Views: 10716

Re: Change TTL of ping command

Yes you can change the TTL using a command like that. The TTL field helps avoid routing loops so manually changing it should only be done with a full understanding of the potential impact.
by CelticComms
Thu Aug 14, 2014 2:44 pm
Forum: Forwarding Protocols
Topic: Change TTL of ping command
Replies: 14
Views: 10716

Re: Change TTL of ping command

You can set TTL using mangle:

http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Mangle

You can set internal devices not to respond to ping or block ping though that presents its own issues.
by CelticComms
Thu Aug 14, 2014 7:19 am
Forum: General
Topic: RB2011 as two separate networks with separate gateways
Replies: 3
Views: 1260

Re: RB2011 as two separate networks with separate gateways

If you want two distinct routing environments consider assigning the interfaces into VRFs - or at least out the interfaces for the secondary group into a VRF.

http://wiki.mikrotik.com/wiki/Manual:Vi ... Forwarding
by CelticComms
Wed Aug 13, 2014 5:29 pm
Forum: Beginner Basics
Topic: More Dual WAN questions from noobs
Replies: 11
Views: 2482

Re: More Dual WAN questions from noobs

Typically you would ping the ISP gateway to test the link and if the ISP link networks have unique numbering you will avoid this problem since both connections will be active as far as their own link networks are concerned.
by CelticComms
Wed Aug 13, 2014 3:31 pm
Forum: Beginner Basics
Topic: 2 WAN Connections assigned to different PPPoE users
Replies: 2
Views: 484

Re: 2 WAN Connections assigned to different PPPoE users

The best way of doing it depends on what the split is between customers.

As an example, if you place one WAN connection in its own VRF you can then add policy routing rules to use that VRF's routing table for outbound requests from certain source IP addresses.
by CelticComms
Wed Aug 13, 2014 3:04 pm
Forum: General
Topic: CCR cannot perform routing
Replies: 9
Views: 1293

Re: CCR cannot perform routing

Are you using RFC1918 addresses on the LAN? If so, did you configure NAT?
by CelticComms
Tue Aug 12, 2014 4:54 pm
Forum: Beginner Basics
Topic: Copy IGMP from one local port to another
Replies: 2
Views: 551

Re: Copy IGMP from one local port to another

Use the IGMP proxy. You may need to down load the multicast package if you don't have it installed already.
by CelticComms
Tue Aug 12, 2014 8:56 am
Forum: General
Topic: RB2011UiAS V 6.18 Issues with Adtran 3884T & OSX/Windows
Replies: 3
Views: 616

Re: RB2011UiAS V 6.18 Issues with Adtran 3884T & OSX/Windows

Sadly, many of the overpriced and under-featured WAN providers do love to show that they are living in yesteryear by configuring their Adtran units to 100Mbps/FD. I would make a point of confirming exactly how the interface is configured before making any assumptions about the observed problems.
by CelticComms
Tue Aug 12, 2014 8:46 am
Forum: General
Topic: Assign public ip directly to Private Interface
Replies: 11
Views: 3153

Re: Assign public ip directly to Private Interface

........but do remember that the ISP expects to ARP for the the IP number on the WAN interface so the router will have to provide proxy-arp for the address on the WAN interface. The other niggle is that many consumer/small business routers want to have a nice neat WAN network with a subnet addressab...
by CelticComms
Mon Aug 11, 2014 6:05 pm
Forum: General
Topic: VPLS performance is lower than EoIP
Replies: 10
Views: 3212

Re: VPLS performance is lower than EoIP

My comment was directed at the RB1100AHx2 only.
by CelticComms
Mon Aug 11, 2014 3:43 pm
Forum: Beginner Basics
Topic: Share vlan on wifi and ether port
Replies: 8
Views: 1112

Re: Share vlan on wifi and ether port

If you want this to work on normal 802.11 services then create a VirtualAP and bridge that new VirtualAP to the required VLAN. Devices accessing the VirtualAP's SSID will then attach to the relevant VLAN.
by CelticComms
Mon Aug 11, 2014 2:22 pm
Forum: General
Topic: VPLS performance is lower than EoIP
Replies: 10
Views: 3212

Re: VPLS performance is lower than EoIP

Does it behave any differently if you use Ether 11 for the internal VPLS path rather than Ether 9? (Ether 8 & 9 share the same CPU port)
by CelticComms
Mon Aug 11, 2014 1:56 pm
Forum: Beginner Basics
Topic: Routing assistance required please
Replies: 4
Views: 757

Re: Routing assistance required please

Try uploading your config from /export compact and also your routing table.
by CelticComms
Mon Aug 11, 2014 1:52 pm
Forum: General
Topic: GRE Tunnel
Replies: 4
Views: 580

Re: GRE Tunnel

If a router is connected to 1.1.0.0/16 and also has a path to 1.1.0.0/16 via another host it is going to prefer the connected route. This is not GRE specific.
by CelticComms
Sun Aug 10, 2014 4:38 pm
Forum: Beginner Basics
Topic: Getting really frustrated....
Replies: 1
Views: 493

Re: Getting really frustrated....

Try uploading your current config - output from /export compact. If the RouterBoard includes a switch chip you have a combination of switch and router capability so there are many permutations available. In general, the router sees the traffic as presented on the CPU interface. If you want to access...
by CelticComms
Sun Aug 10, 2014 4:32 pm
Forum: General
Topic: GRE Tunnel
Replies: 4
Views: 580

Re: GRE Tunnel

These networks are the same network. Both are 1.1.0.0/16 .
by CelticComms
Sun Aug 10, 2014 1:19 am
Forum: General
Topic: RB2011 different subnets are pingable
Replies: 6
Views: 1243

Re: RB2011 different subnets are pingable

In this instance it seems that the router's primary role is that of a firewall. In such cases: A) Place a deny (drop) rule in the forward chain - no qualifications - it is intended to drop all forwarded traffic. B) Above the rule created in A) place a permit (accept) ruled for each forwarded path th...
by CelticComms
Sun Aug 10, 2014 1:10 am
Forum: General
Topic: Assign public ip directly to Private Interface
Replies: 11
Views: 3153

Re: Assign public ip directly to Private Interface

You haven't said if the /28 is presented as a /28 on your WAN link or routed to you via another link network. That plus information on what the network elements are between your main router and the customer's router would probably allow a better answer describing the options.
by CelticComms
Sat Aug 09, 2014 3:10 pm
Forum: General
Topic: VPLS performance is lower than EoIP
Replies: 10
Views: 3212

Re: VPLS performance is lower than EoIP

I suggest that you explain exactly what was tested and exactly how because I have seen the term RFC2544 used/abused in all sorts of ways!
by CelticComms
Fri Aug 08, 2014 3:35 pm
Forum: Beginner Basics
Topic: Routing assistance required please
Replies: 4
Views: 757

Re: Routing assistance required please

It sounds as if the route marking means that each IP group no longer sees the route to the other subnet. You can either add route rules so that lookups for certain subnets always occur in main or you can add routes to each subnet in the other VRFs.
by CelticComms
Thu Aug 07, 2014 6:50 am
Forum: General
Topic: VLANs on bridged Ethernet ports
Replies: 1
Views: 540

Re: VLANs on bridged Ethernet ports

I would use approach 1). On approach 2 you can run into some ROS specific issues which would need bridge filters to mitigate.

Of course if the device has a switch chip it would be far better to use the switch approach.
by CelticComms
Thu Aug 07, 2014 6:43 am
Forum: General
Topic: vlan
Replies: 1
Views: 549

Re: vlan

1. Tagg a vlan to each Interface - make a bridge, and put both vlan to bridge - no success
This approach will usually work since the VLAN interfaces present untagged traffic towards other ROS elements. Did you double check this approach?
by CelticComms
Wed Aug 06, 2014 8:09 pm
Forum: Forwarding Protocols
Topic: MPLS/VPLS Setup
Replies: 10
Views: 2175

Re: MPLS/VPLS Setup

When we take manual control over each interface, our OSPF doesn't work as we expect. This should be simple to fix. You my want to detail a question on this and upload some info. It should be easy to resolve and you would certainly want it resolved before starting on MPLS. Many of the "MPLS" issues ...
by CelticComms
Wed Aug 06, 2014 2:17 pm
Forum: Forwarding Protocols
Topic: OSPF routes in table trafic still going to default gateway
Replies: 6
Views: 1075

Re: OSPF routes in table trafic still going to default gatew

Do you have networks defined under OSPF or are you simply redistributing connected routes?
by CelticComms
Mon Aug 04, 2014 4:18 pm
Forum: Beginner Basics
Topic: RouterBOARD 100AHx2 Default IP Problems
Replies: 2
Views: 669

Re: RouterBOARD 100AHx2 Default IP Problems

If you are unclear on the IP settings try using Winbox on a PC and use the search feature. If it sees the router click on the *MAC* address and see if you can connect to it that way. MAC address connections are not reliable but may let you get on long enough to confirm/force the IP settings then ret...
by CelticComms
Mon Aug 04, 2014 4:14 pm
Forum: Wireless Networking
Topic: Router help needed
Replies: 2
Views: 694

Re: Router help needed

If the modem can be made to work (that thread suggests it can) then yes you can use RouterOS to share access to it just as you could use it to share access to any other WAN connection.
by CelticComms
Mon Aug 04, 2014 4:12 pm
Forum: Beginner Basics
Topic: Old tech, new router. Need simple list
Replies: 2
Views: 478

Re: Old tech, new router. Need simple list

Are the Cable/DSL services providing static IPs ... or dynamic IPs?
by CelticComms
Mon Aug 04, 2014 4:09 pm
Forum: General
Topic: Prioritize traffic for one subnet over another
Replies: 3
Views: 846

Re: Prioritize traffic for one subnet over another

Have a look at the information on queuing:

http://wiki.mikrotik.com/wiki/Manual:Queue
by CelticComms
Mon Aug 04, 2014 3:44 pm
Forum: Forwarding Protocols
Topic: OSPF routes in table trafic still going to default gateway
Replies: 6
Views: 1075

Re: OSPF routes in table trafic still going to default gatew

By default gateway I assume that you mean a static route entry to 0.0.0.0/0 on the CRS. You should not have to reduce the AD to make more explicit routes preferred. They should be preferred by virtue of being more explicit - more address bits match. Have you been experimenting with VRFs/policy rules...
by CelticComms
Tue Jul 29, 2014 5:18 am
Forum: General
Topic: two PPPoE links from ISP
Replies: 4
Views: 780

Re: two PPPoE links from ISP

Have a look at the following link:

http://wiki.mikrotik.com/wiki/Manual:PCC
by CelticComms
Mon Jul 28, 2014 10:23 pm
Forum: Forwarding Protocols
Topic: MPLS/VPLS Setup
Replies: 10
Views: 2175

Re: MPLS/VPLS Setup

Hey, thanks for the reply. We've looked at BFD which needs each interface to be configured under Interfaces. When we take manual control over each interface, our OSPF doesn't work as we expect. Can you clarify what you mean by this? Configuring interfaces is manually is common for several reasons i...
by CelticComms
Fri Jul 25, 2014 3:07 pm
Forum: General
Topic: Limit incoming UDP bw
Replies: 3
Views: 752

Re: Limit incoming UDP bw

With many sources there is no easy way of limiting the stream rate before it arrives at you. Of course you can then drop as much of it as you like. Some intelligent clients will adjust the rate being sent to them if they detect traffic being dropped but the details are implementation specific.
by CelticComms
Thu Jul 24, 2014 9:21 pm
Forum: Forwarding Protocols
Topic: Spanning Tree BPDU over VPLS
Replies: 12
Views: 2399

Re: Spanning Tree BPDU over VPLS

Which status message are you actually getting? The one you first posted is usually a native VLAN ID inconsistency.
by CelticComms
Mon Jul 21, 2014 1:44 pm
Forum: Forwarding Protocols
Topic: Spanning Tree BPDU over VPLS
Replies: 12
Views: 2399

Re: Spanning Tree BPDU over VPLS

What are the switchport settings on the switch ports?
by CelticComms
Sun Jul 20, 2014 10:57 pm
Forum: Forwarding Protocols
Topic: Spanning Tree BPDU over VPLS
Replies: 12
Views: 2399

Re: Spanning Tree BPDU over VPLS

Are you sure that you have ruled out native VLAN inconsistencies an all the relevant ports?
by CelticComms
Fri Jul 18, 2014 4:03 pm
Forum: Forwarding Protocols
Topic: WE NEED EIGRP
Replies: 21
Views: 9333

Re: WE NEED EIGRP

I think that it would be hard for Mikrotik to make EIGRP support a priority given the other demands that they have. EIGRP certainly has its uses and is alive and well in corporate networks but I suspect that Mikrotik would not implement it unless somebody produces an open stack for it. While there a...
by CelticComms
Fri Jul 18, 2014 3:12 pm
Forum: General
Topic: ip performance issue
Replies: 2
Views: 609

Re: ip performance issue

Of the items you mentioned, none stand out as causing lower MTUs. Is there a PPPoE interface or similar involved somewhere?
by CelticComms
Fri Jul 18, 2014 2:40 pm
Forum: Forwarding Protocols
Topic: Odd OSPF route selection
Replies: 7
Views: 1214

Re: Odd OSPF route selection

Check the settings for default route redistribution from both your WAN routers including the cost for the default route. From your screenshot the router attached to Ether 6 is offering a more attractive default route than the other router while the explicit routes offered by the router on Ether 1 ar...
by CelticComms
Fri Jul 18, 2014 7:22 am
Forum: Forwarding Protocols
Topic: BGP session over 31 bit subnet
Replies: 15
Views: 5594

Re: BGP session over 31 bit subnet

Unless it was slipped into a release without me noticing, RouterOS does not support Cisco/RFC style /31 addressing.
by CelticComms
Tue Jul 15, 2014 7:25 am
Forum: Beginner Basics
Topic: Cannot get VLANs working between two routers
Replies: 3
Views: 661

Re: Cannot get VLANs working between two routers

You would probably be better to export the config(s) using /export compact. Those snippets leave unanswered questions.
by CelticComms
Tue Jul 15, 2014 7:19 am
Forum: Forwarding Protocols
Topic: Passing OSPF messages through an IPSec Tunnel using GRE
Replies: 3
Views: 1173

Re: Passing OSPF messages through an IPSec Tunnel using GRE

You may find it easier to set the network type as point-to-point and set the neighbors statically under NBMA neighbors.
by CelticComms
Tue Jul 15, 2014 7:05 am
Forum: Forwarding Protocols
Topic: Odd OSPF route selection
Replies: 7
Views: 1214

Re: Odd OSPF route selection

What does the routing table look like on R2 and exactly what did you "weight"?
by CelticComms
Thu Jul 03, 2014 3:47 pm
Forum: Forwarding Protocols
Topic: Multiple public IP Access to server using RDP
Replies: 2
Views: 1175

Re: Multiple public IP Access to server using RDP

It isn't clear what the relationship is between the IPs on the servers and the IP on the router. What are the ip/mask allocations on each router interface. Which mode is the router operating in?
by CelticComms
Wed Jul 02, 2014 10:23 pm
Forum: Forwarding Protocols
Topic: OSPF taking wrong path despite cost (asymmetric)
Replies: 13
Views: 2321

Re: OSPF taking wrong path despite cost (asymmetric)

Is that on R3? Is there a reason not to use static IP assignments on that router?
by CelticComms
Wed Jul 02, 2014 5:24 am
Forum: Forwarding Protocols
Topic: OSPF taking wrong path despite cost (asymmetric)
Replies: 13
Views: 2321

Re: OSPF taking wrong path despite cost (asymmetric)

I would check the routing table at R3 and also the LSAs being received at R3.
by CelticComms
Sat Jun 28, 2014 2:22 pm
Forum: Forwarding Protocols
Topic: VPLS problems with cisco switches
Replies: 5
Views: 1412

Re: VPLS problems with cisco switches

Since you describe an issue which only shows up with significant traffic I would double check that the links are negotiating correctly. When Cisco switches don't manage to negotiate the speed/duplex they often drop to speed sensing in which case they might get the speed right but select half-duplex....
by CelticComms
Wed Jun 25, 2014 2:38 pm
Forum: General
Topic: Port Forwarding stuck on Send Sync
Replies: 4
Views: 1852

Re: Port Forwarding stuck on Send Sync

If you think that the NAT is correct and the Forward chain has an entry permitting the traffic then double check that the target device is actually returning traffic to the RouterOS system - e.g. what is the target's default gateway set to?