Community discussions

Search found 3801 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 77
by changeip
Tue Oct 16, 2018 5:00 am
Forum: General
Topic: PCQ Getting Confused?
Replies: 0
Views: 51

PCQ Getting Confused?

Im running into a situation where I think the PCQ engine is just crapping out ... does anyone else see this behavior on busy routers? Disabling all the queues and then reenabling them will make them work again for a while. It's almost like there is a limit to how many subqueues can be created before...
by changeip
Wed Sep 05, 2018 11:48 pm
Forum: General
Topic: Import config on RouerOS 6.42.7 stops [SOLVED]
Replies: 12
Views: 461

Re: Import config on RouerOS 6.42.7 stops [SOLVED]

im sure you are getting disconnected when you put that interface into the bridge. Wrap the entire script with { } and it wont execute until the last line is pasted in ... sometimes that helps.
by changeip
Fri May 25, 2018 5:30 am
Forum: General
Topic: LHG 60 project in Hawaii
Replies: 97
Views: 15197

Re: LHG 60 project in Hawaii

can anyone ship these? Ill buy 5-10 right now.
by changeip
Tue May 22, 2018 5:22 pm
Forum: General
Topic: LHG 60 project in Hawaii
Replies: 97
Views: 15197

Re: LHG 60 project in Hawaii

where can these be bought? I dont see anyone carrying them yet...
by changeip
Fri May 04, 2018 12:53 am
Forum: Forwarding Protocols
Topic: OSPF full to down for no reason?
Replies: 23
Views: 1244

Re: OSPF full to down for no reason?

PTP on ospf type? You dont have that. try to switch to broadcast or nbma.
by changeip
Fri Apr 27, 2018 1:31 am
Forum: General
Topic: Urgent feature request: Bind IP services to a specific IP / Interface
Replies: 4
Views: 328

Re: Urgent feature request: Bind IP services to a specific IP / Interface

YES! Binding SNMP to a single IP so it always replies from that same IP would be super nice.
by changeip
Tue Apr 24, 2018 10:06 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 118378

Re: Advisory: Vulnerability exploiting the Winbox port

there is no input firewall on RAW. only prerouting and output.
by changeip
Tue Apr 24, 2018 9:10 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 118378

Re: Advisory: Vulnerability exploiting the Winbox port

with hundreds of routers that do not enable connection-tracking whats the best RAW firewall rules to protect a router. Has anyone got a template they can share? We cannot enable any rules in the services / ip firewall filter otherwise packet fragments are not passed.
by changeip
Tue Apr 10, 2018 2:46 am
Forum: Forwarding Protocols
Topic: BGP wierdness?
Replies: 5
Views: 507

Re: BGP wierdness?

Butche - nice to see you again (over the forums hehe) I have run into this exact problem and am super happy you posted that link - its exactly what I need to do here because ospf just ain't cutting it. I want to read up more on this solution and see if it will help me out. Do you have more than one ...
by changeip
Wed Mar 28, 2018 7:05 pm
Forum: Announcements
Topic: Urgent security advisory
Replies: 110
Views: 71556

Re: Urgent security advisory

is there a known 8291 vulnerability or just 80?
by changeip
Sat Mar 24, 2018 12:01 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Urgent request from Mikrotik ... Please
Replies: 24
Views: 2152

Re: Urgent request from Mikrotik ... Please

how about you create web portal where users can setup the variables, and then your router fetches them and installs the config / variables.

he's basically asking for environment variable per user security probably.
by changeip
Sat Mar 03, 2018 2:58 am
Forum: RouterOS v6 RC and v7 BETA
Topic: New router OS
Replies: 45
Views: 7599

Re: New router OS

how about a 2500$ cloud core than can queue more than the $350 version? HTB is limited to single CPU / interface and that just kills it for us.
by changeip
Sat Feb 17, 2018 7:39 am
Forum: General
Topic: CCR 0.3%+ packet loss whenever above 5% CPU
Replies: 26
Views: 2163

Re: CCR 0.3%+ packet loss whenever above 5% CPU

/ip settings
set icmp-rate-limit=0

then see if there is still packet loss...
by changeip
Sun Dec 31, 2017 4:46 am
Forum: General
Topic: Queue Tree / PCQ on CCR72
Replies: 5
Views: 704

Re: Queue Tree / PCQ on CCR72

6.41 release thank you. I created 4 vlans and duplicated queues under each and that really helped. problems though ... i cant tell all 4 interfaces how much bandwidth the parent really has. sometimes the parent (real) interface still grabs all the traffic (no-mark) even though none of the traffic is...
by changeip
Fri Dec 29, 2017 1:22 am
Forum: General
Topic: Queue Tree / PCQ on CCR72
Replies: 5
Views: 704

Re: Queue Tree / PCQ on CCR72

In this forum post I see MacGuiver states you can split things up by subnet, which I tried in queue tree, but they still all end up under same parent. Just so I understand, I need more interfaces not just queue entries right?

viewtopic.php?p=621530#p621530
by changeip
Fri Dec 29, 2017 1:20 am
Forum: General
Topic: Queue Tree / PCQ on CCR72
Replies: 5
Views: 704

Re: Queue Tree / PCQ on CCR72

pcq.png
by changeip
Fri Dec 29, 2017 1:13 am
Forum: General
Topic: Queue Tree / PCQ on CCR72
Replies: 5
Views: 704

Queue Tree / PCQ on CCR72

We are struggling with PCQ's on our network getting overloaded and things just slow down ... having a really hard time figuring out why. Until today - I read this and wonder if this is related: Queue Tree and CCR ● Currently (RouterOS v6.11) only one CPU core can take packets out from one HTB tree ●...
by changeip
Mon Dec 04, 2017 6:20 pm
Forum: General
Topic: SNMP doesn't work with asymmetric routes?
Replies: 31
Views: 5858

Re: SNMP doesn't work with asymmetric routes?

I should say - with ospf you have a loopback on each router - use that as the pref-source one that dynamic route.
by changeip
Mon Dec 04, 2017 6:11 pm
Forum: General
Topic: SNMP doesn't work with asymmetric routes?
Replies: 31
Views: 5858

Re: SNMP doesn't work with asymmetric routes?

you can use routing prefix filters to add pref-source for the one route back to your snmp monitoring station. its a hack but forces traffic leaving the router to use the pref-source you specified.
by changeip
Thu Oct 12, 2017 3:09 am
Forum: Forwarding Protocols
Topic: OSPF stuck at Init State
Replies: 3
Views: 716

Re: OSPF stuck at Init State

if you leave them alone for up to 10 minutes do they finally figure things out or do you always have to "jiggle" it?
by changeip
Thu Oct 12, 2017 3:05 am
Forum: Scripting
Topic: OSPF state problems
Replies: 2
Views: 912

Re: OSPF state problems

OSPF issues has plagued recent versions of RouterOS.
Do you know which version you started seeing this problem? Any reason why you don't roll back? I have been using 6.38.7 with no known ospf issues...

Thanks for the info, I will be cautious on upgrades now...

Sam
by changeip
Thu Oct 12, 2017 3:00 am
Forum: Announcements
Topic: v6.40.4 [current]
Replies: 103
Views: 19503

Re: v6.40.4 [current]

Has the "ospf - fixed OSPF v2 and v3 neighbor election" included in rc been added silently?
No, it is not in this version yet.
Which version was this introduced? I have like 500 routers running ospf and don't want to run into it : )
by changeip
Tue May 30, 2017 6:19 pm
Forum: General
Topic: Serial connection: garbled output: spaces?
Replies: 4
Views: 508

Re: Serial connection: garbled output: spaces?

this looks like color codes for vt100 or something ... try a different terminal emulator?
by changeip
Sat May 06, 2017 1:39 am
Forum: General
Topic: Print command - how to show the entire list of results?
Replies: 3
Views: 397

Re: Print command - how to show the entire list of results?

/ip route print without-paging where gateway=x.x.x.x
by changeip
Tue Apr 25, 2017 9:28 am
Forum: General
Topic: ATT Microcell Port Forwarding difficulties
Replies: 15
Views: 2111

Re: ATT Microcell Port Forwarding difficulties

It has to do with packet fragments not making it. I finally was able to track this down by running a packet capture at the very first router closest to the customer, and then running one successively each hop out and figuring out where things broke. It came to the first router that had connection-tr...
by changeip
Fri Apr 21, 2017 11:02 am
Forum: RouterBOARD hardware
Topic: 960PGS availability
Replies: 7
Views: 884

Re: 960PGS availability

excellent - can you hold some for me? also, did you get the 960pgs-pb (outdoor)? I want 10 of each if possible.
by changeip
Wed Apr 12, 2017 8:11 pm
Forum: General
Topic: Rare peaks in RouterOS graphs
Replies: 11
Views: 813

Re: Rare peaks in RouterOS graphs

Time is changing on the router?
by changeip
Thu Apr 06, 2017 1:04 am
Forum: RouterBOARD hardware
Topic: 960PGS availability
Replies: 7
Views: 884

960PGS availability

Where are these at? I can't find any anywhere!

Sam
by changeip
Tue Feb 21, 2017 11:32 pm
Forum: Forwarding Protocols
Topic: OSPF dropping default route
Replies: 3
Views: 467

Re: OSPF dropping default route

i think this is limitation of mikrotik ospf. i run into this a lot where default gateway disappears even though its in LSA. disabling and reenabling the default route fixes it, but is not automatic by any means. i wish mikrotik would fix it.
by changeip
Tue Feb 21, 2017 11:29 pm
Forum: General
Topic: Powerbox deletes script on reset - 6.38.1
Replies: 3
Views: 426

Re: Powerbox deletes script on reset - 6.38.1

your r1.rsc is stored on ram disk, not flash disk so its lost after reboot. put it into the flash folder to keep it persistent.
by changeip
Sat Feb 18, 2017 6:18 am
Forum: General
Topic: Yet another "dhcp,warning offering lease without success" issue
Replies: 38
Views: 9110

Re: Yet another "dhcp,warning offering lease without success" issue

the hundreds of times ive seen this its always been because of a faulty cable by the remote side thats asking for dhcp. maybe in your case the response is not making it back to the requestor for other reasons, but usually because the cable is faulty.
by changeip
Fri Jan 27, 2017 11:34 pm
Forum: General
Topic: Help on ARP
Replies: 6
Views: 643

Re: Help on ARP

just use ip scan in mikrotik to flood the network.
by changeip
Fri Jan 13, 2017 6:06 am
Forum: Wireless Networking
Topic: spectral-scan saved file format?
Replies: 18
Views: 2919

Re: spectral-scan saved file format?

can you send format of file to me?
by changeip
Mon Dec 05, 2016 12:25 am
Forum: Scripting
Topic: how to print a list of names?
Replies: 2
Views: 443

Re: how to print a list of names?

:foreach i in=[ip firewall filter find where action=reject] do={:put [/ip firewall filter get $i content]}

from memory, not tested, but should give you a direction to go in.
by changeip
Tue Nov 22, 2016 12:36 am
Forum: General
Topic: ATT Microcell Port Forwarding difficulties
Replies: 15
Views: 2111

Re: ATT Microcell Port Forwarding difficulties

You have to allow fragments to pass ... or turn off connection-tracking so its ignored.
by changeip
Mon Nov 07, 2016 6:37 pm
Forum: Forwarding Protocols
Topic: OSPF - loopback interface
Replies: 23
Views: 3669

Re: OSPF - loopback interface

its necessary. If your router-id /ospf lives on a physical interface that gets unplugged now that IP isn't announced anymore. On a loopback it is always "up".
by changeip
Fri Sep 30, 2016 7:12 pm
Forum: Beginner Basics
Topic: find / where + export
Replies: 3
Views: 622

Re: find / where + export

this used to work and they removed it. . .
by changeip
Wed Sep 28, 2016 6:22 pm
Forum: General
Topic: ATT Microcell Port Forwarding difficulties
Replies: 15
Views: 2111

Re: ATT Microcell Port Forwarding difficulties

You guys didn't understand. If you have firewall rules at all - even a single one that has nothing to do with ATT microcells - and connection tracking is off it will break fragmented packets. You cannot have a single firewall rule if you disable connection tracking and wish to have att microcells or...
by changeip
Tue Sep 27, 2016 6:39 pm
Forum: General
Topic: ATT Microcell Port Forwarding difficulties
Replies: 15
Views: 2111

Re: ATT Microcell Port Forwarding difficulties

When we turned on any firewall rules on our mikrotik routed network it broke all the microcells. Esentially this started blocking fragmented packets therefore breaking the ipsec tunnels. Turning off all firewall rules fixed it. Not sure why Mikrotik starts disallowing fragmented packets once firewal...
by changeip
Thu Aug 18, 2016 9:59 pm
Forum: Announcements
Topic: SwOS version 1.17 released
Replies: 14
Views: 5347

Re: SwOS version 1.17 released

use a hex router with all 5 ports switched ... way better than a 260gs.
by changeip
Fri Aug 12, 2016 5:24 am
Forum: The Dude
Topic: Export Map interval
Replies: 13
Views: 2012

Re: Export Map interval

yes, at the moment i cannot switch to new dude because all external access has been removed. Such a shame. Please add some type of API / HTTP / etc so that we can query things from other systems.
by changeip
Wed Aug 10, 2016 7:31 am
Forum: General
Topic: Router replying to requests on SUBNET address
Replies: 0
Views: 304

Router replying to requests on SUBNET address

Why does RouterOS reply to packets destined for the subnet or broadcast address (first and last address in subnet)? This just started in newer releases - but I do not know which one. I believe 6.19 did not have this problem. RouterOS box has 192.168.1.1/24 on it. From another machine you can snmpwal...
by changeip
Fri Aug 05, 2016 8:01 pm
Forum: General
Topic: San Diego
Replies: 4
Views: 507

San Diego

Anyone in San Diego on these forums? Looking for resources to hire.

Sam
by changeip
Fri Jun 03, 2016 5:37 am
Forum: Forwarding Protocols
Topic: OSPF losing routes randomly
Replies: 19
Views: 2065

Re: OSPF losing routes randomly

netgear gray (not the blue line) switches have this feature and break things unless you disable the storm control features. took me a long time to track it down.
by changeip
Thu May 26, 2016 7:37 pm
Forum: General
Topic: PowerBox help
Replies: 3
Views: 500

Re: PowerBox help

/interface ethernet poe settings
set ether1-poe-in-long-cable=yes

That should be changed to default I think.
by changeip
Thu May 26, 2016 7:30 pm
Forum: General
Topic: IP Fragments and firewall rules
Replies: 6
Views: 1120

Re: IP Fragments and firewall rules

add chain=input/forward protocol=tcp fragment=yes action=accept
this sounds correct and usable, however wouldn't the implicit rule at the end of the chain just accept them anyhow?
by changeip
Thu May 26, 2016 3:11 am
Forum: General
Topic: IP Fragments and firewall rules
Replies: 6
Views: 1120

Re: IP Fragments and firewall rules

I dont want any connection-tracking, it slows things down. I am not enabling anything needing conn-track in the firewall and I for sure do not want packet reassembly. Is there no way to just route fragments as is? We have 1.5gbps of traffic and I for sure do not want to enable connection tracking on...
by changeip
Tue May 24, 2016 6:54 am
Forum: General
Topic: IP Fragments and firewall rules
Replies: 6
Views: 1120

IP Fragments and firewall rules

I have hundreds of routers - all with connection tracking disabled. I want to enter a single firewall rule to just drop dst tcp/80. As soon as I enable _any_ firewall rules routers start dropping fragmented packets. (microcell / femto's break) How can I allow fragmented packets to pass uninhibited a...
by changeip
Wed May 18, 2016 6:56 am
Forum: General
Topic: Ethernet and wireless bandwidth differences
Replies: 1
Views: 577

Re: Ethernet and wireless bandwidth differences

google quic sessions? udp https ... run torch and see what it is.
by changeip
Tue May 10, 2016 6:05 am
Forum: General
Topic: Put a camera in the same VPN network
Replies: 6
Views: 671

Re: Put a camera in the same VPN network

proxy arp is not on by default. if you can't send a 255.255.255.255 broadcast and see it traverse to the other side then it will not work. You need to be on the same broadcast domain / lan segment which means you need an eoip tunnel or proxy-arp. the other end of a vpn tunnel is not part of the same...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 77