Community discussions

MikroTik App

Search found 49 matches

by tihovsky
Wed Jan 24, 2024 10:29 pm
Forum: Beginner Basics
Topic: NTP Time server
Replies: 7
Views: 928

Re: NTP Time server

Most devices allow only unicast NTP server use, so try to use the address of the router as the NTP time server IP for test. Also try to define accept rule in Ip Firewall Filter, input chain, protocol UDP, destination-port 123, and in-interface to whichever is router LAN interface. This should make t...
by tihovsky
Wed Jan 24, 2024 10:08 pm
Forum: Forwarding Protocols
Topic: Tie route to specific interface
Replies: 1
Views: 367

Tie route to specific interface

We have Mikrotik v.7.11.2 router with two uplink ports eth1 and eth2 and DHCP Client active on each interface, both connected to the same ISP. ISP DHCP server assigns different IPv4/32 address to each interface, but provides single gateway IPv4 for both interfaces. Effect is that only one of the int...
by tihovsky
Wed Dec 06, 2023 6:41 pm
Forum: Wireless Networking
Topic: CAPsMAN / CAP Queue
Replies: 1
Views: 2959

Re: CAPsMAN / CAP Queue

I know this is replying to old post but just to make sure this is sorted enable use-ip-firewall and use-ip-firewall-for-vlans on the Capsman bridge,
per this thread viewtopic.php?t=151296
by tihovsky
Sat Oct 21, 2023 5:46 pm
Forum: General
Topic: Default drop rule
Replies: 5
Views: 1247

Re: Default drop rule

Cofiguration is relatively complex to post and contains too many private details to remove... talking about ~150 rules or so. Allow-all is great as soho firewall default, but generally shouldn't be a croproate practice... When I actvate default deny- all as the last rule in firewall forward chain, i...
by tihovsky
Sat Oct 21, 2023 12:44 am
Forum: General
Topic: Default drop rule
Replies: 5
Views: 1247

Default drop rule

Running in circles for couple of hours, I have two routers ... first one does inter-VLAN routing and another one handles Internet access (NAT, hotspot, etc.). On the inter-VLAN router I setup allow and deny rules in forward chain so to handle local routing for different VLANs/Subnets, but would like...
by tihovsky
Sat Oct 21, 2023 12:35 am
Forum: General
Topic: VRRP and IGMP over EOIP tunnel as Group Authority - error VRRP Group is not ready!
Replies: 4
Views: 792

Re: VRRP and IGMP over EOIP tunnel as Group Authority - error VRRP Group is not ready!

Thank you, I will need to setup a bench test for this as I cannot play on the production anymore. Netwatch type of script to check unicast and (de)activate VRRP address for secondary router would be an easy way out, but I would rather solve it using standard VRRP features. Will update here as soon a...
by tihovsky
Thu Oct 19, 2023 1:27 pm
Forum: General
Topic: VRRP and IGMP over EOIP tunnel as Group Authority - error VRRP Group is not ready!
Replies: 4
Views: 792

Re: VRRP and IGMP over EOIP tunnel as Group Authority - error VRRP Group is not ready!

Yes the VRRP outside of a group that functions over EOIP tunnel through VLAN functions normally. Regular VRRPS through VLANs don't. When VRRP over EOIP through VLAN is selected to be the group master for all other non functioning VRRPs then I recieve error message in the subject of this email, displ...
by tihovsky
Thu Oct 19, 2023 4:47 am
Forum: General
Topic: VRRP and IGMP over EOIP tunnel as Group Authority - error VRRP Group is not ready!
Replies: 4
Views: 792

VRRP and IGMP over EOIP tunnel as Group Authority - error VRRP Group is not ready!

Trying to setup VRRP between two routers, interconnected through two switches, all running Mikrotik v7.11.2. Interfaces between each are bonded but without forced MAC. Topology logically looks like this with bonded interface: R1----SW1----SW2----R2 Physically it is like this: R1===SW1===SW2===R2 Bot...
by tihovsky
Mon Oct 09, 2023 1:15 pm
Forum: General
Topic: Adding local IP of the login failure to the log
Replies: 1
Views: 502

Re: Adding local IP of the login failure to the log

Possible solution is to make a firewall input rule with tcp port 8291 or 161 as the destination and rule action to add destination address to the IP list for enough time to be checked. This will add the local address of tried winbox/snmp connections to the list so could be used to troubleshoot and f...
by tihovsky
Mon Oct 09, 2023 1:05 pm
Forum: General
Topic: Adding local IP of the login failure to the log
Replies: 1
Views: 502

Adding local IP of the login failure to the log

Using Dude with many devices in differnet maps creates issue where it is hard to identify a device in dude with wrong or no password entered. This is causing repetitive errors in the device log and damaging NAND as this is erorr/critical type of logging event. In order to ease identifying of the loc...
by tihovsky
Thu Aug 31, 2023 12:27 pm
Forum: RouterOS beta
Topic: Capsman export commands order
Replies: 2
Views: 2728

Re: Capsman export commands order

Wanted to reiterate prior to submitting a bug request as the issue is still present in 7.11 where the order of Capsman export/import seems wrong. Exporting Capsman settings using the command: /caps-man export file=ExportCapsman.rsc show-sensitive exports data into .rsc file, with the following order...
by tihovsky
Sat May 27, 2023 9:09 am
Forum: Wireless Networking
Topic: RB960PGS + Sierra EM7455 LTE Modem failed
Replies: 1
Views: 1801

Re: RB960PGS + Sierra EM7455 LTE Modem failed

I didn't use that same exact hex and modem, but usually there is no need for additional settings. Just APN for SIM card if required, SIM in proper slot if multiple slots exist, etc. some tricks here: https://wiki.mikrotik.com/wiki/Manual:Interface/LTE#User_at-chat_command I just had a same thing &qu...
by tihovsky
Wed May 24, 2023 6:54 pm
Forum: Announcements
Topic: v7.9.1 [stable] is released!
Replies: 59
Views: 18190

Re: v7.9.1 [stable] is released!

I have relatively complex and redundant network and noticed already since 7.8 up until 7.9.1 I have some issues with RSTP bringing ports down. Happens twice or three times a week and logging only contains local interface > Bridge RX looped packet MAC of the local admin brdge MAC and then main router...
by tihovsky
Thu May 18, 2023 12:36 am
Forum: General
Topic: SFP / Rate Select?
Replies: 5
Views: 8398

Re: SFP / Rate Select?

Just to add to this old post, this was later documented as compatibility issue of SFP and the switch, but I didn't re-check if it was also fixed in the meantime. Learning would be be to check compatibility prior and have both switch and SFP in production at least for a year prior to purchase so any ...
by tihovsky
Thu May 18, 2023 12:30 am
Forum: Beginner Basics
Topic: Neighbour Discovery
Replies: 7
Views: 1531

Re: Neighbour Discovery

Thank you all for help on this. As an update, disabling MNDP on all edge switches stopped LinkRunner to identify and display wrong ports ... which was the main concern. NetAlly LinkRunner AT is on the latest FW version so no options there to upgrade or change to what I investigated. I hope this help...
by tihovsky
Sat May 13, 2023 11:29 pm
Forum: Forwarding Protocols
Topic: IPTV and other multicast streams
Replies: 0
Views: 1985

IPTV and other multicast streams

We are using IPTV from 3 different sources on LAN, some music and microphone sources etc. in one implementation so I have 3 different VLANs that need to transport multicast. Right now I have some strange issues with occasional 15 sec. breaks in sound and broadcasting instead of multicasting traffic....
by tihovsky
Sat May 13, 2023 10:18 pm
Forum: General
Topic: IPTV and IGMP proxy
Replies: 3
Views: 2747

Re: IPTV and IGMP proxy

To what I can understand from theory, activate IGMP spoofing on the router LAN interface bridge, with Multicast Querier also activated on the router. Also activate IGMP spoofing on the switch and "Fast Leave" on all related ports: 1. On switch port towards IPTV 2. On router port to which y...
by tihovsky
Sat May 13, 2023 10:00 pm
Forum: General
Topic: Step by Step tutorial on Enabling Dynamic VLANs using CAPsMAN and the new User Manager on ROS7
Replies: 19
Views: 8971

Re: Step by Step tutorial on Enabling Dynamic VLANs using CAPsMAN and the new User Manager on ROS7

As an update I believe Capsman limits in documentation should be updated with the findings below after Mikrotik staff reviews to confirm. All related to 7.8. So I noticed a single CCR1036 is not enough to handle 250 dual band APs with 4 SSIDs on each with three of those having ~600 clients with Caps...
by tihovsky
Tue Apr 18, 2023 12:24 pm
Forum: General
Topic: Prioritization without queue limits
Replies: 0
Views: 262

Prioritization without queue limits

Hi there, Using using satellite connection with guaranteed CIR, but often achieving MIR which is double speed to CIR. So I am looking into any way that I can prioritize certain traffic type (mangle marking) over other traffic when achieving MIR since connection is quite expensive. However, any queui...
by tihovsky
Wed Mar 29, 2023 11:37 pm
Forum: General
Topic: High CPU use on switches
Replies: 0
Views: 439

High CPU use on switches

We have put in production a number of CRS354-48P-4S+2Q+RM for the edge layer. Each of them is connected between using QSFP links as some form of edge stacking. Then we SFP+ from each "stack member" to the core layer consisting of a ring of 4 x CRS326-24S+2Q+RM forming a core loop interconn...
by tihovsky
Sun Mar 26, 2023 6:42 pm
Forum: Beginner Basics
Topic: Neighbour Discovery
Replies: 7
Views: 1531

Re: Neighbour Discovery

OK for now I am still waiting to get to the "impossible to find" port, where I would need to test all possibilities in which case I will try documenting them here. So far I manage through the system of elimination (one way or the other), but with 42 pcs of CRS354-48P-4S+2Q+ to implement an...
by tihovsky
Sun Mar 26, 2023 6:30 pm
Forum: General
Topic: Step by Step tutorial on Enabling Dynamic VLANs using CAPsMAN and the new User Manager on ROS7
Replies: 19
Views: 8971

Re: Step by Step tutorial on Enabling Dynamic VLANs using CAPsMAN and the new User Manager on ROS7

Well if I had more time I could probably write thos scripts, but due to project delivery now is not the best of times :) Wouldn't be an issue if this was documented somewhere so we don't run into such issues too late in the project but I couldn't find that info. What I noticed that I managed to add ...
by tihovsky
Sat Mar 25, 2023 5:02 pm
Forum: Beginner Basics
Topic: Neighbour Discovery
Replies: 7
Views: 1531

Neighbour Discovery

IP Neighbours list is fine to identify all connected neighbors, but Mikrotik displays VLAN or VRRP under the interface column and not the actual ethernet port to which particular device is attached as with 7.8. I might be missing something here but also NetScout attached to the ethernet ports behave...
by tihovsky
Sat Mar 25, 2023 4:50 pm
Forum: General
Topic: Step by Step tutorial on Enabling Dynamic VLANs using CAPsMAN and the new User Manager on ROS7
Replies: 19
Views: 8971

Re: Step by Step tutorial on Enabling Dynamic VLANs using CAPsMAN and the new User Manager on ROS7

Apologies for reopening this old thread, but it seems that still even today on 7.8 Capsman dynamic VLANs work only if I manually add all Capsman WiFi interfaces into the bridge VLAN, where I want to redirect clients using Access List by specifying VLAN mode as tagged and specifying that bridged VLAN...
by tihovsky
Sat Mar 25, 2023 4:35 pm
Forum: RouterOS beta
Topic: Capsman export commands order
Replies: 2
Views: 2728

Capsman export commands order

Noticed on 7.8 that Capsman export creates script with wrong order of the commands, so automated importing to backup Capsman doesn't work properly. As a bypass export can be done in pieces step by step and imported in the same manner, but just to note that this worked on the last version 6 prior to ...
by tihovsky
Wed Dec 07, 2022 12:29 am
Forum: General
Topic: TFTP server bug?
Replies: 1
Views: 806

TFTP server bug?

On 7.6 setup TFTP server rule, but tftp client reports connection timeout when try to download the file after couple of retries. - Client is windows10, with MS tftp and also tried WinAgents TFTP Client version 2.0b by Tandem Systems, Ltd. but still the same. - TFTP rule is OK as otherwise error is d...
by tihovsky
Wed Nov 30, 2022 8:23 pm
Forum: Wireless Networking
Topic: Capsman to push bridge VLAN to CAPs [SOLVED]
Replies: 4
Views: 936

Re: Capsman to push bridge VLAN to CAPs [SOLVED]

... however, now I am unable to set bridge VLANs anymore to ethernet ports, like it worked earlier. We use mostly HAP AC as CAP and it has eth1 as trunk port carrying all VLANs, but eth2-4 & SFP are used to connect other equipment in different VLANs as either tagged or untagged ports. How to ach...
by tihovsky
Mon Nov 28, 2022 5:39 pm
Forum: Wireless Networking
Topic: Capsman to push bridge VLAN to CAPs [SOLVED]
Replies: 4
Views: 936

Re: Capsman to push bridge VLAN to CAPs [SOLVED]

Set the cAP bridge vlan-filtering=no, any tagged VLANs arriving via eth1 will be available to the dynamic wlan interfaces.
Thank you, works as described.
by tihovsky
Mon Nov 28, 2022 3:31 pm
Forum: Wireless Networking
Topic: Capsman to push bridge VLAN to CAPs [SOLVED]
Replies: 4
Views: 936

Capsman to push bridge VLAN to CAPs [SOLVED]

We use Capsman local forwarding and have three VLANs/SSIDs to push to many CAPs. Bridge VLANs are pushed normally to CAPs from Capsman, together with tagged WiFi interfaces as Dynamic. However, this is just part of the required setup since "bridgeLocal" and "eth1" don't get pushe...
by tihovsky
Fri Nov 25, 2022 1:02 am
Forum: General
Topic: Winbox copy table contents to the clipboard
Replies: 4
Views: 1094

Re: Winbox copy table contents to the clipboard

Yes, I get what you mean and I do believe both copy options should be implemented. Of course that's my advice and for what's it worth ... but this is something I'm repetitively bumping into, so my guess was I'm not alone :) I do see table tabbed data copying as a "low hanging fruit", which...
by tihovsky
Thu Nov 24, 2022 3:17 pm
Forum: General
Topic: Winbox copy table contents to the clipboard
Replies: 4
Views: 1094

Re: Winbox copy table contents to the clipboard

I learned that maintaining primary and secondary backup router in production is much easier with daily export/import scripts copied over FTP or SSH. To make it more reliable you can split export/imports into multiple parts, so to allow partial import in case of particular issue of single section con...
by tihovsky
Wed Nov 23, 2022 12:44 pm
Forum: General
Topic: Winbox copy table contents to the clipboard
Replies: 4
Views: 1094

Winbox copy table contents to the clipboard

Winbox is getting better by the day, but seems I am still missing a function to copy contents of the table (or selected rows) to the clipboard. Yes, I can export config to a file or copy terminal contents but in both cases I need to filter and cleanse it afterwards manually. Often I want just to cop...
by tihovsky
Sun Nov 06, 2022 10:13 am
Forum: Announcements
Topic: MikroTik Devices Controller
Replies: 332
Views: 234661

Re: MikroTik Devices Controller

Rather than reinventing the wheel with own protocols, I would recommend using standard management protocols as much as possible. Possibly by extending Dude or maybe building it as a superset to Capsman, but with Radius, SSH, SFTP for encrypted file copy and similar. Either way, should be optional to...
by tihovsky
Sun Nov 06, 2022 9:11 am
Forum: RouterOS beta
Topic: DHCP lease Ping, Mac Ping, Wake on LAN...
Replies: 0
Views: 2057

DHCP lease Ping, Mac Ping, Wake on LAN...

When you get a chance I would like to propose adding Ping, Mac ping and Wake on LAN buttons in Winbox DHCP lease details window, to the right side of General and Active tabs.
Additionally Telnet and SSH would be handy to have there, but above would definitely be useful.

Thanks!
by tihovsky
Fri Jul 08, 2022 5:59 pm
Forum: General
Topic: SFP / Rate Select?
Replies: 5
Views: 8398

Re: SFP / Rate Select?

Hi all I have the following hardware: - 2x CRS328-24P-4S+ running 6.47.9 (long-term) manufactured Feb/08/2021 12:48:33 and routerboard on 6.47.9 - 5x SFP+ are Vendor Part Number: XS+31LC10D, Vendor revision 1.0, Manufacturing Date: 21-04-08 - 2x Using SM fiber cable FC-SM-300 by Ubiquiti Networks wh...
by tihovsky
Thu Nov 04, 2021 7:24 pm
Forum: General
Topic: CHALLENGE!! (Create a dynamic QOS that deprioritizes)
Replies: 52
Views: 13638

Re: CHALLENGE!! (Create a dynamic QOS that deprioritizes)

Unce upon a time I was unable to use bursts on PCQ when I tried to implement something similar. They simply were not functioning as expected during tests as what I can still recall. So is it official that bursting is not supported combined with PCQ? Can you please point to where that is stated by Mi...
by tihovsky
Thu Nov 04, 2021 5:08 pm
Forum: Scripting
Topic: QOS Dynamic simple queue, MAC address list, files & DB
Replies: 1
Views: 3951

QOS Dynamic simple queue, MAC address list, files & DB

Working on some stuff so wanted to check, is there any way in RouterOS to: - create a dynamic simple queue (dynamic, as in having flag = "D", meaning it doesn't get saved to the flash)? DHCP static lease creates such queues when "limit" is defined in the lease, but I am not sure ...
by tihovsky
Fri Nov 08, 2019 4:04 pm
Forum: General
Topic: What is the affect of Total Queue Type in a Simple Queue
Replies: 2
Views: 3774

Re: What is the affect of Total Queue Type in a Simple Queue

Not sure if you resolved this in the meantime, but let me try to help. Having you to manage 2500 simple queues and CCR processor handle them is not exactly optimal way, so I would like to recommend you to check PCQ queue type. It also enables limiting bandwidth by IP (if required by setting "ra...
by tihovsky
Thu Nov 07, 2019 3:37 pm
Forum: General
Topic: Winbox copy paste to Excel/Text file
Replies: 0
Views: 1755

Winbox copy paste to Excel/Text file

Dear support, I noticed today again that winbox doesn't have copy/paste functionality for tables. Primarily would be useful for hotspot hosts, dhcp leases, firewall ip lists, but in fact would be appreciated to add copy function to any table displayed in Winbox. Not sure why this is already not done...
by tihovsky
Fri Oct 25, 2019 11:05 pm
Forum: The Dude
Topic: How to check NTP service ?
Replies: 2
Views: 4234

Re: How to check NTP service ?

Does anyone still have NTP-probe.png image? Seems not available on the forum anymore...
by tihovsky
Sat Mar 16, 2019 6:44 pm
Forum: Announcements
Topic: February Newsletter #87
Replies: 65
Views: 47092

Re: February Newsletter #87

One use case for InterCell would be on the ships in international waters so to eliminate phones doing excessive sync and cloud backups over satellite uplink. Most phones are set not to do such traffic while in roaming so this would eliminate need to block such traffic. Hope this starts to add on ide...
by tihovsky
Sat Mar 16, 2019 12:55 am
Forum: Scripting
Topic: Some missing features
Replies: 0
Views: 1166

Some missing features

Posting this in scripting as it mainly relates to that though not exclusively. First of all, all the best to whole team and congrats on excellent software and hardware produced for years now! Did lots of projects using Mikrotiks and I still cannot remember anything that makes me so happy as learning...
by tihovsky
Fri Aug 31, 2012 9:47 am
Forum: Wireless Networking
Topic: Using Mikrotik as 2G/3G/4G router for the river boat
Replies: 6
Views: 5579

Re: Using Mikrotik as 2G/3G/4G router for the river boat

Yes, basically it would be Netherlands, Belgium, France, Switzerland, Germany, Austria, Hungary, Croatia, Serbia, Romania, Bulgaria, Greece, Turkey, Albania, Montenegro, Italy, preferably also Russia & Egypt. So all GSM network types GPRS, EDGE, UMTS, HSDPA, HUSPA, HSDPA+, LTE, and frequencies o...
by tihovsky
Mon Aug 20, 2012 8:20 pm
Forum: Wireless Networking
Topic: Using Mikrotik as 2G/3G/4G router for the river boat
Replies: 6
Views: 5579

Re: Using Mikrotik as 2G/3G/4G router for the river boat

Would I also be able to limit on what reduced-privilege user can do in Mikrotik GUI?
Like for example just check the connection status, and connect/disconnect when needed?

Thanks,
Tihovsky
by tihovsky
Mon Aug 20, 2012 8:17 pm
Forum: Forwarding Protocols
Topic: Connect multiple homes into MPLS network
Replies: 7
Views: 11655

Re: Connect multiple homes into MPLS network

Thank you both for help, really appreciated. Funny how couple of IT buzzwords open up tons of materials to go through. For now I will try with dd-wrt/Openwrt using tinc or opencloud. Guess speed of encryption will be enough for what I need. Please update if you hear some update about this in RouterO...
by tihovsky
Mon Aug 20, 2012 12:13 am
Forum: Forwarding Protocols
Topic: Connect multiple homes into MPLS network
Replies: 7
Views: 11655

Re: Connect multiple homes into MPLS network

I realized shortening prior post would help, so here it goes... WANT: I want to buy 5 Mikrotik routers to connect 5 sites into some sort of secure/encrypted network between them. Each site should be able to access every other site through direct encrypted route/tunnel running over Internet. This wou...
by tihovsky
Sun Aug 19, 2012 11:38 pm
Forum: Wireless Networking
Topic: Using Mikrotik as 2G/3G/4G router for the river boat
Replies: 6
Views: 5579

Re: Using Mikrotik as 2G/3G/4G router for the river boat

Thanks for the answer. It should work like you propose, but some people told me that not too many Mikrotik compatible PCIe modems work well with all mobile networks. Apparently "Sierra wireless is fine, unlike all the others", but I didn't receive more details other than that vague stateme...
by tihovsky
Mon Aug 13, 2012 11:56 pm
Forum: Forwarding Protocols
Topic: Connect multiple homes into MPLS network
Replies: 7
Views: 11655

Connect multiple homes into MPLS network

Hi all, I am unsucesfully looking for a solution to simple problem for an extended period of time, so I realized it is better to ask for some help at this point. Basically I have 5 locations (homes) with PPPOE authentication DSL Internet connections provided by local ISPs without fixed IPv4 addresse...
by tihovsky
Mon Aug 13, 2012 11:26 pm
Forum: Wireless Networking
Topic: Using Mikrotik as 2G/3G/4G router for the river boat
Replies: 6
Views: 5579

Using Mikrotik as 2G/3G/4G router for the river boat

Hi all, I would like to use Mikrotik router for connecting river boat to the Internet over any available mobile networks. Mobile modem should support GPRS/EDGE/UMTS/HSDPA/HUSPA/HSPA+ and LTE on European frequency bands. Ship traverses 11 countries, so it would be single SIM in constant roaming (sing...