Community discussions

MUM Europe 2020

Search found 35 matches

by inSaNo
Fri Apr 03, 2015 4:36 pm
Forum: General
Topic: CRS125 slow VLAN performance
Replies: 5
Views: 1970

Re: CRS125 slow VLAN performance

Well.. it's marketed as "the perfect soho router" blah blah.. http://routerboard.com/CRS125-24G-1S-IN So I'm expecting just that.. I've been using another CRS125 as a Layer2 Switch only, which works fine indeed. The thing is. I haven't been able to pinpoint where the problem is. When testing the CPU...
by inSaNo
Fri Apr 03, 2015 2:54 pm
Forum: General
Topic: CRS125 slow VLAN performance
Replies: 5
Views: 1970

CRS125 slow VLAN performance

Hi all, I recently acquired a CRS125 to replace my RB2011 and I've been configuring it, but I'm running into very slow performance between VLAN's. I've been testing a with the MikroTik bandwidth tool, and it's odd that receiving traffic is extremely slow 1700Kb/sec, while sending is possible at 70Mb...
by inSaNo
Mon May 13, 2013 11:00 pm
Forum: Beginner Basics
Topic: Public subnet routing on CCR1016
Replies: 14
Views: 2726

Re: Public subnet routing on CCR1016

I'm still not clear what the upstream's expectation is. If you are just connecting into their /24 broadcast network via two switch ports then you *could* bridge two interfaces on the CCR and place your IPs on the bridge interface - *but* you would need to check what spanning tree protocol is workin...
by inSaNo
Sun May 12, 2013 11:41 pm
Forum: Beginner Basics
Topic: Public subnet routing on CCR1016
Replies: 14
Views: 2726

Re: Public subnet routing on CCR1016

Were you trying to add another IP in the same /24 as add address=xx.xx.xx.192/24 interface=ether1 network=xx.xx.xx.0 to ether2? Yes It isn't really clear what the upstream is providing, but if they are just handing you out addresses on a /24 with multiple connections to their switch infrastructure ...
by inSaNo
Wed May 08, 2013 4:34 pm
Forum: Beginner Basics
Topic: Public subnet routing on CCR1016
Replies: 14
Views: 2726

Re: Public subnet routing on CCR1016

Ok, This is the current config.. A bit anonymised for security # may/08/2013 15:24:18 by RouterOS 6.0rc14 /interface bridge add l2mtu=1590 name=access-level-1 add l2mtu=1590 name=trust-level-1 /ip hotspot user profile set [ find default=yes ] idle-timeout=none keepalive-timeout=2m /ip ipsec proposal...
by inSaNo
Tue May 07, 2013 10:00 pm
Forum: Beginner Basics
Topic: Public subnet routing on CCR1016
Replies: 14
Views: 2726

Re: Public subnet routing on CCR1016

nobody? :(
by inSaNo
Mon May 06, 2013 5:00 pm
Forum: Beginner Basics
Topic: Public subnet routing on CCR1016
Replies: 14
Views: 2726

Re: Public subnet routing on CCR1016

Strange: I've just tried to add a new public address to ether2 of the router so that I can plugin the second uplink cable that our provider has supplied. But after adding the address to ether2 all connectivity was lost. I had to go into the datacenter and remove that address to make it working again...
by inSaNo
Mon May 06, 2013 4:55 pm
Forum: Beginner Basics
Topic: RB2011UAS-2HnD-IN no more local LAN?
Replies: 9
Views: 2438

Re: RB2011UAS-2HnD-IN no more local LAN?

I had to open the chassis of the RB2011. And there is a hole just behind the reset button on the board. Just put a screwdriver head in it plugin the power. Hold the screwdriver for like 10 seconds or so, and the unit will be reset.
by inSaNo
Thu May 02, 2013 4:59 pm
Forum: Beginner Basics
Topic: Public subnet routing on CCR1016
Replies: 14
Views: 2726

Re: Public subnet routing on CCR1016

ok! tnx :)
by inSaNo
Wed May 01, 2013 6:06 pm
Forum: Beginner Basics
Topic: Public subnet routing on CCR1016
Replies: 14
Views: 2726

Re: Public subnet routing on CCR1016

Ok, then I think I'll go for option 1 also..
But can I assign all my Public IP's to ether1?

And how does one manage the outgoing traffic?
Can I use masquerading per private IP?
by inSaNo
Wed May 01, 2013 5:38 pm
Forum: Beginner Basics
Topic: Public subnet routing on CCR1016
Replies: 14
Views: 2726

Re: Public subnet routing on CCR1016

I've just received a sheet with the specs. It's actually just 8 IP's in the providers /24 subnet.. Currently I've got two bridges, one public, and one local. With the first of the 8 public-addresses assigned to the CCR1016. The first 6 ether ports are on the public bridge, the 7th until 12th port ar...
by inSaNo
Wed May 01, 2013 3:29 pm
Forum: Beginner Basics
Topic: Public subnet routing on CCR1016
Replies: 14
Views: 2726

Public subnet routing on CCR1016

Hi all, I'm still learning MikroTik and I've got a question which I haven't been able to answer correctly myself. So I'm looking for some help. I've got a brand new CCR1016 for a colocation setup. We're getting a /29 public range, which gives us 8 Public IP's. It will be available through 1Gbit ethe...
by inSaNo
Fri Apr 26, 2013 11:21 pm
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1021024

Re: CLOUD CORE ROUTER

Today I've ordered a CCR1016-12G (via my local reseller) for one of my customers.
I can't wait to get my hands on it.. I'll be implementing it at a new colocation site. :D
by inSaNo
Sat Apr 06, 2013 4:13 pm
Forum: Beginner Basics
Topic: Beginner needs help on: Mikrotik RB2011UAS-2HnD-in
Replies: 19
Views: 11761

Re: Beginner needs help on: Mikrotik RB2011UAS-2HnD-in

I'll try to clarify my setup.. I haven't been messing around with switch configuration. 1) connect the genexis fiber-to-ether thing to ether1 on the mikrotik. 2) create two VLAN's on ether1: /interface vlan add arp=enabled disabled=no interface=ether1-gateway l2mtu=1594 mtu=1500 name=vlan4 use-servi...
by inSaNo
Sat Apr 06, 2013 3:44 pm
Forum: Beginner Basics
Topic: RB2011UAS-2HnD-IN no more local LAN?
Replies: 9
Views: 2438

Re: RB2011UAS-2HnD-IN no more local LAN?

And now i've got all the rest of the config back in again.. and made some backups. :lol:
This thread can be closed.. I'm happy again.
by inSaNo
Sat Apr 06, 2013 1:39 pm
Forum: Beginner Basics
Topic: RB2011UAS-2HnD-IN no more local LAN?
Replies: 9
Views: 2438

Re: RB2011UAS-2HnD-IN no more local LAN?

You are absolutely right!
 
0   ;;; default configuration
     192.168.88.1/24    192.168.88.0    wlan1
And i've learned the hard way.. :(

Going to change it to bridge-local now. :D
by inSaNo
Fri Apr 05, 2013 1:28 pm
Forum: Beginner Basics
Topic: RB2011UAS-2HnD-IN no more local LAN?
Replies: 9
Views: 2438

Re: RB2011UAS-2HnD-IN no more local LAN?

Sadly, I didn't have a recent copy of my config.. Now my L2TP IPSEC doesn't work anymore. I had written down the configuration and put those back in, but still no IPSEC.. I get the following in the log: 01:16:28 ipsec,debug,packet such policy does not already exist: 62.140.xx.xx/32[0] 80.61.xx.xx/32...
by inSaNo
Fri Apr 05, 2013 12:11 pm
Forum: Beginner Basics
Topic: RB2011UAS-2HnD-IN no more local LAN?
Replies: 9
Views: 2438

Re: RB2011UAS-2HnD-IN no more local LAN?

Ok, after some more googling and trying things out I found out that the unit has to be reset by short circuiting a hole.. And not just by pressing the button.. Strange.. Now the thing is back in stock mode, and i've restored a backup configuration so I've got connectivity again..! The backup is some...
by inSaNo
Fri Apr 05, 2013 9:52 am
Forum: Beginner Basics
Topic: RB2011UAS-2HnD-IN no more local LAN?
Replies: 9
Views: 2438

RB2011UAS-2HnD-IN no more local LAN?

Hi all, My MikroTik RB2011UAS-2HnD-IN has been running for a while now, without any issues. Only the Wifi isn't really what I'd expect, so yesterday I installed my Airport Extreme again and turned off the wifi in the Mikrotik. This normally should not be a problem? Well, since then my Mikrotik is un...
by inSaNo
Tue Dec 04, 2012 4:48 pm
Forum: General
Topic: [Solved] L2TP/IPSec with Android
Replies: 61
Views: 63759

Re: [Solved] L2TP/IPSec with Android

is it possible to set default DNS search suffix with /ppp profile?
by inSaNo
Tue Dec 04, 2012 3:49 pm
Forum: General
Topic: [Solved] L2TP/IPSec with Android
Replies: 61
Views: 63759

Re: [Solved] L2TP/IPSec with Android

[admin@MikroTik] > ip firewal filter exp com # jan/02/1970 23:06:34 by RouterOS 5.20 # software id = VSCX-GZXH # /ip firewall filter add chain=forward dst-address=192.186.88.11 dst-port=22 in-interface=pppoe-kpn protocol=tcp add chain=input in-interface=bridge-local src-address=192.168.0.0/16 add c...
by inSaNo
Tue Dec 04, 2012 3:26 pm
Forum: General
Topic: [Solved] L2TP/IPSec with Android
Replies: 61
Views: 63759

Re: [Solved] L2TP/IPSec with Android

I almost have it working.. I can see packets with tcpdump on the "target" system coming in from the L2TP client and return packets going back to my "remote-address". But they never arrive at the client?
So somewhere is still a filter which kills it? But almost everything is on ACCEPT?
by inSaNo
Tue Dec 04, 2012 12:38 pm
Forum: General
Topic: [Solved] L2TP/IPSec with Android
Replies: 61
Views: 63759

Re: L2TP/IPSec with Android

Routes are set correctly by the client.. It seems that packets can get to the router, but can't get out of the router.
in my /ppp profile i have set: bridge=bridge-local is this correct? Or can I do without?
by inSaNo
Tue Dec 04, 2012 12:14 pm
Forum: General
Topic: [Solved] L2TP/IPSec with Android
Replies: 61
Views: 63759

Re: L2TP/IPSec with Android

Ok, i found it.. I had removed "remote-address=l2tp-pool" earlier.. but that was wrong.. After resetting that option the tunnel is working. ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280 inet 192.168.88.205 --> 192.168.88.200 netmask 0xffffff00 So thats good.. but now how to connect to ...
by inSaNo
Tue Dec 04, 2012 12:05 pm
Forum: General
Topic: [Solved] L2TP/IPSec with Android
Replies: 61
Views: 63759

Re: L2TP/IPSec with Android

I've flushed SA's and disabled/enabled the peer, still no go. Here is l2tp server log for the last try: I've changed the real client IP with <client-IP> 19:14:53 l2tp,debug,packet rcvd control message from <client-IP>:54373 19:14:53 l2tp,debug,packet tunnel-id=0, session-id=0, ns=0, nr=0 19:14:53 l2...
by inSaNo
Tue Dec 04, 2012 11:44 am
Forum: General
Topic: [Solved] L2TP/IPSec with Android
Replies: 61
Views: 63759

Re: L2TP/IPSec with Android

Ok, the change had some effect.. I see that it's generating a policy for the traffic.. Whole lot of output generated but still the connection can't be established at the end.. Do I need to restart router again for this? Or is there still something else wrong? Output on my Macbook Air (L2TP Client) D...
by inSaNo
Tue Dec 04, 2012 11:37 am
Forum: General
Topic: [Solved] L2TP/IPSec with Android
Replies: 61
Views: 63759

Re: L2TP/IPSec with Android

Did you set nat-traversal=yes and try with that? Also, try to connect from the inside of your LAN, to see if that works or not.
I don't recall.. But I could test it now.. Where do I set that option?

--edit--
ah, found the option: /ip ipsec peer

Going to set it now and try.
by inSaNo
Mon Dec 03, 2012 11:23 pm
Forum: General
Topic: [Solved] L2TP/IPSec with Android
Replies: 61
Views: 63759

Re: L2TP/IPSec with Android

The client was behind NAT but not at my local network. (some external location) There is only one WAN connection on the router.. (a PPPoE interface) These are the firewall filters as needed: 4 chain=input action=accept protocol=udp dst-port=4500 5 chain=input action=accept protocol=udp dst-port=1701...
by inSaNo
Mon Dec 03, 2012 4:53 pm
Forum: General
Topic: [Solved] L2TP/IPSec with Android
Replies: 61
Views: 63759

Re: L2TP/IPSec with Android

I've rebooted the router, and more things happen, but still no connection.. The output generated while connecting is very long and no real clues (to me) on what's going wrong. So which part to post here? :shock: Small portion of what happens.: 00:04:02 ipsec,debug,packet ========== 00:04:02 ipsec,de...
by inSaNo
Mon Dec 03, 2012 11:13 am
Forum: General
Topic: [Solved] L2TP/IPSec with Android
Replies: 61
Views: 63759

Re: L2TP/IPSec with Android

[admin@MikroTik] > ip ipsec peer print Flags: X - disabled 0 address=0.0.0.0/0 port=500 auth-method=pre-shared-key secret="XXXXXXX" generate-policy=yes exchange-mode=main-l2tp send-initial-contact=no nat-traversal=no my-id-user-fqdn="" hash-algorithm=sha1 enc-algorithm=3des dh-group=modp1024 lifeti...
by inSaNo
Sun Dec 02, 2012 11:24 am
Forum: General
Topic: [Solved] L2TP/IPSec with Android
Replies: 61
Views: 63759

Re: L2TP/IPSec with Android

Alright, got it working completly now. Works with the Android, iPhone and Win 7 L2TP/IPSec clients flawlessly. In case someone finds this thread later on, here is the working config: /ppp profile add name=L2TP local-address=10.0.31.1 remote-address=l2tp-pool address-list=L2TP_Clients /ip pool add n...
by inSaNo
Thu Nov 29, 2012 9:44 am
Forum: Beginner Basics
Topic: Beginner needs help on: Mikrotik RB2011UAS-2HnD-in
Replies: 19
Views: 11761

Re: Beginner needs help on: Mikrotik RB2011UAS-2HnD-in

Hmm thats odd.. I have mine connected on ether1 but it's set at 100Mbit. Also did you set the time correctly? In my configuration that was the deal breaker for me.. pppoe didn't connect at first, but when I set the time and date correctly it was fixed. Good that it's running now, but it shouldn't be...
by inSaNo
Sun Nov 25, 2012 2:29 pm
Forum: Beginner Basics
Topic: Beginner needs help on: Mikrotik RB2011UAS-2HnD-in
Replies: 19
Views: 11761

Re: Beginner needs help on: Mikrotik RB2011UAS-2HnD-in

Yes, KPN Glasvezel indeed, my earlier post with all the information one needs to configure it was just approved by the moderators. :D
by inSaNo
Sat Nov 24, 2012 12:31 am
Forum: Beginner Basics
Topic: Beginner needs help on: Mikrotik RB2011UAS-2HnD-in
Replies: 19
Views: 11761

Re: Beginner needs help on: Mikrotik RB2011UAS-2HnD-in

Today I've gotten a lot further with some "outside" help.. :D (tnx Peter!) I'll post what I did to make it work so that others (beginners) like me can benefit of this knowledge. This applies for dutch fiber connection like KPN, Xs4all etc.. First create two vlan interfaces on ether1-gateway (or what...
by inSaNo
Fri Nov 23, 2012 10:13 am
Forum: Beginner Basics
Topic: Beginner needs help on: Mikrotik RB2011UAS-2HnD-in
Replies: 19
Views: 11761

Beginner needs help on: Mikrotik RB2011UAS-2HnD-in

Hi all, I've recently purchased a Mikrotik RB2011UAS-2HnD-in to replace the ZTE H220N provided by my ISP. The ZTE has almost no configurable options since the ISP has completely locked it down. I have some Cisco/Foundry networking experience, but configuring this Mikrotik is proving a bit difficult....