MikroTik

vasilevkirill

OK You understood me wrong Well let's say you have 100 access points. one of them died (the second point, since its MAC address is the second highest), you bought another from a new batch and its MAC address is more than all the others, do you have to redo all IP addresses? Do not get attached to th...

vasilevkirill

Hello I think you have chosen the wrong approach to solving the problem. Let's try to reason you have 10 access points, the first of them is the MAC address *AA: 05, you somehow give it the first IP address as the lowest MAC address, but what if the access point appears in the future with the addres...

vasilevkirill

hi
use script in ppp profile on-up variable caller-id

vasilevkirill

hi
You need to make the first request to get all records
/ip/route/print
?dst-address=172.16.99.1/32

Next for all .id set new bgp-compunity
/ip/route/set
=.id=$id
=bgp-compunity=0:88

use for testing https://github.com/vasilevkirill/RouterOSAPIGUI

vasilevkirill

Using scripts is not a good idea. I would consider two solutions: 1. Create a rule in the firewall for port 1723 in the input chain in time. 2. If you have exceptions for any tunnels, then for them I created a separate profile, added a interface-list and all the same with a firewall enabled or disab...

vasilevkirill

hi,
this simple GUI for testing RouterOS API, based in web browser.
need running binary and open http://localhost:8081
source https://github.com/vasilevkirill/RouterOSAPIGUI
binary for all platforms https://github.com/vasilevkirill/Router ... I/releases

vasilevkirill

hi
in new version WinBox use encryption, maybe you problem MTU? calculate MSS, or clear df bit.

vasilevkirill

Hi, I would be interested to see such functionality in the address lists. /ip firewall address-list add list=hosts address=192.168.0.0/16 wildcard=255.255.10-20.255 Only networks will be third octet is in the range of 10-20 /ip firewall address-list add list=hosts address=192.168.0.0/16 wildcard=255...

vasilevkirill

not enough information...

Check that the date and time are correct on the routers.

vasilevkirill

hi
What are your problems?

check the following
correct time and date on each router.
availability of certificate CA on each router.
The certificate must be trusted.

vasilevkirill

hi i use this construction /interface list add name=ISP_1 add name=ISP_2 add include=ISP_1,ISP_2 name=ISP /interface list member add interface=ether1 list=ISP_1 add interface=vrrp-mts-ISP1 list=ISP_1 add interface=vrrp-rt-ISP2 list=ISP_2 add interface=ether2 list=ISP_2 I used list ISP for firewall r...

vasilevkirill

hi
pptp - insecure
EoIP - it's best to use it when you need to get one broadcast domain between, and between the routers there is an Internet network.

If I understand you correctly, then you will be approached by the VPLS as the fastest tunnel

vasilevkirill

It is certainly possible, you need tow sets of Loopbacks. TE tunnels and BGP peers on each set. Then set up BGP VPLS and filter out one of RT NLRIs in routing filters for each peer. Here is a step by step setup example: https://wiki.mikrotik.com/wiki/Manual:Multiple_TE_VPLS this example. real my ne...

vasilevkirill

Yes for testing.
change in the EoIP MTU and L2MTU such as on the VPLS tunnel

vasilevkirill

Use Filter https://wiki.mikrotik.com/wiki/Manual:Routing/Routing_filters Use regexp if first as use regexp = ^(6451[2-9]|645[2-9][0-9]|64[6-9][0-9]{2}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]).* /routing filter add bgp-as-path="^(6451[2-9]|645[2-9][0-9]|64[6-9][0-9]{2}|65[0-4][0-9]{2}|655[0-2][0...

vasilevkirill

hi
disable mpls
add EoIP tunnel instead VPLS and test again
and change MTU and L2MTU as well as VPLS tunnel

vasilevkirill

hi. OSPF + BGP between loopback addresses BGP= only l2vpn (VPLS) I need to make two VPLS tunnels (two clients) between R1 and R5 link R1-R3-R4-R5 and the link R1-R2-R5 https://image.ibb.co/hjQHpb/1111.png I know that it's impossible to do in RouterOS simple. There is an option to raise two TE tunnel...

vasilevkirill

pls
show
/ip firewall nat export

vasilevkirill

Hi
Priority only used in OSPF protocol for selected DR and BDR.
Your network uses Link-Link
DR and BDR respectively do not need.
Use the point-to-point network type and set up the Hello and the Dead interval

What are your losses on the channel and delay?

vasilevkirill

Use a separate profile for each of the clients.
Use On Down

vasilevkirill

vasilevkirill

vasilevkirill

Hello,
We need to change PPTP server 1723 port for another one - 2001 for example.
Is there any possibility in RouterOS or any workaround solution?
Thanks a lot!

try using NAT redirect

vasilevkirill

hi I have the following templates [admin@number543.lab.mikrotik.me] > ip ipsec policy print detail Flags: T - template, X - disabled, D - dynamic, I - inactive, * - default 0 TX* group=default src-address=::/0 dst-address=::/0 protocol=all proposal=default template=yes 1 T group=gre src-address=192....

vasilevkirill

The trial included mikrotik if you can create a dynamic user. if the user will go to the link $(link-login-only)?dst=$(link-orig-esc)&username=T-$(mac-esc) . I want to include a trial mode, but does not allow the authorization of the link. This is done so that the user does not do automatic regi...

vasilevkirill

How can I create a dynamic user hotspot, besides web

$(link-login-only)? dst = $ (link-orig-esc) & amp; username = T - $ (mac-esc)

I am willing to use all the options for ssh, api, snmp, except web

vasilevkirill

Вы либо что то недоговариваете, либо вы не знаете чего вы хотите.
по ваше правилу вы собираетесь парсить весь трафик, не конктратизируя ТСP или UDP какие порты dst. А также action, просто accept?

vasilevkirill

Чтобы понимать конкретно чтовы хотите сделать, покажите на примере. "правило студию"

vasilevkirill

sorry for my English!

Access Point CAP ~ 600
maximum peak hours ~ 1000-2000 clients

CAPSMANAGER - all traffic will take place centrally via the CCR

vasilevkirill

Hi, I have two Router CCR1016 (master and backup) It is necessary for them to connect about 500 access points, and to let the traffic through CCR1016! Question: whether testing high stress? and the number of customers? since there will be about one thousand. ---- hotspot You must install 40 servers ...

vasilevkirill

What exactly are you trying to filter?

-------
Покажите правило которым вы хотите отфильтровать пакет, а также объясните что хотите поймать!

vasilevkirill

at the level of L1 exactly all right?
If no EtherChanel use links that no loss?

convolution configuration on both routers.

Try mode = 802.3ad
see also CPU load

vasilevkirill

If you are using a master port, vlan must be taken from the master port.

you are sure that the VLAN to mikrotik comes.?
1. Turn off the vlan interface.
2. With the other hand will generate traffic vlan
3.c using torch tagget see if there is traffic on the interface

vasilevkirill

If you do not use NAT can use ECMP, but he would not give a fair division of the channel.

vasilevkirill

little data.

Show tracert to 8.8.8.8 to the router
Show tracert to 8.8.8.8 to the PC

vasilevkirill

hello Where do you see the packages are not market? Usually in the filter to drop invalid packets do you have? Show log after the addition of such a rule add action=jump chain=forward connection-mark=HTTP jump-target=C1 packet-mark=!HTTP_P add action=log chain=C1 log-prefix=NOT_MARKET_HTTP_CONNETCT ...

vasilevkirill

If I understand you correctly, you can use EoIP
http://wiki.mikrotik.com/wiki/Manual:Interface/EoIP

vasilevkirill

rule performed on a single connection, respectively, in the same rule can not be traced four attempts to connect.

vasilevkirill

will send a letter to mikrotik.rif

I just wonder how will this be supported?
I will send an update? or as something differently?

vasilevkirill

You can create two ports on the proxy
and marking all incoming traffic to pass and then according to the src-address. redirect to the correct port of the proxy.
then let all outbound traffic to port 8080 and send the label with the gateway pointing to it labeled. "routing mark"

vasilevkirill

ok but if I have 50 routers?
or do you want to say that the support?

vasilevkirill

the easiest is to delete the route 0.0.0.0 / 0
and
add two gateways to the default route

[vasilevkirill@MikroTik] > ip route add dst-address=0.0.0.0/0
gateway=10.10.10.1,10.10.20.1

vasilevkirill

for example
You can explicitly specify the mac address in the rule ppoe server

vasilevkirill

You need to add the reverse route

rb750
172.20.1.0/24 --> pptp server 2820
192.168.0.0/24 --> pptp server 2820

draytek 2820
10.20.1.0/24 --> pptp client rb750
172.20.1.0/24 --> pptp client 2700

draytek 2700
10.20.1.0/24 --> pptp server 2820
192.168.0.0/24 --> pptp server 2820

vasilevkirill

there should be no problem!
but if these appear, you can create a virtual interface.

vasilevkirill

Thanks to Mikrotik support the phantoms have dissapeared. Now there's a new interface lte1 with apn, user and password parameters. Better way to configure, no need of old kind serial ports... Testing with D-Link pendrive DWM-156 works the old way with ppp-client and usbX port, so watch-out the way ...

vasilevkirill

Check also topic http://forum.mikrotik.com/viewtopic.php?f=3&t=62044

I have the same issue. It seems there should be a new interface ?

I saw this post, but I have 50 pieces of modems and routers.
each time will have to write a letter to the mikrotik?

vasilevkirill

I saw this post, but I have 50 pieces of modems and routers.
each time will have to write a letter to the mikrotik?

vasilevkirill

hi RB751G-2HnD I use huawei hilink e353 [admin@MikroTik] /system resource> print uptime: 12h7m31s version: 5.16 free-memory: 47804KiB total-memory: 62192KiB cpu: MIPS 24Kc V7.4 cpu-count: 1 cpu-frequency: 400MHz cpu-load: 2% free-hdd-space: 30160KiB total-hdd-space: 61440KiB write-sect-since-reboot:...

Search found 49 matches