Community discussions

MUM Europe 2020

Search found 230 matches

by scotthammersley
Fri Jul 14, 2017 6:43 pm
Forum: Forwarding Protocols
Topic: Bgp hold time error issue
Replies: 2
Views: 1017

Re: Bgp hold time error issue

What RouterOS version and hardware?
by scotthammersley
Fri Jul 14, 2017 6:18 pm
Forum: General
Topic: Traceroute through IPsec tunnel issue
Replies: 6
Views: 3302

Re: Traceroute through IPsec tunnel issue

Are you creating a Tunnel or are you using Transport for the IPSEC policy's? There is a difference in behaviour depending on which option you went with and how you configured the IPSEC policies. A little to much to explain here, but you can read up on the differences and it may shed some light for y...
by scotthammersley
Fri Jul 14, 2017 6:14 pm
Forum: General
Topic: PPPoE Auth over VPN(PPTP)
Replies: 1
Views: 406

Re: PPPoE Auth over VPN(PPTP)

Not with a PPTP tunnel no, it will not forward L2 packets as it is not a L2 tunneling protocol. Now, I am not suggesting you do this but you could create an EoIP over PPTP, which then will allow PPPoE to traverse. All you are doing though is creating tunnels for the sake of tunnels. What is the purp...
by scotthammersley
Fri Jul 14, 2017 6:11 pm
Forum: General
Topic: how to set vlans to see each other
Replies: 1
Views: 389

Re: how to set vlans to see each other

Why would you want to do that? Are you trying to route between the Vlans or specifically 'bridge' the two vlans together?
by scotthammersley
Fri Jul 14, 2017 6:10 pm
Forum: General
Topic: force route to LAN IP through specific interface
Replies: 1
Views: 725

Re: force route to LAN IP through specific interface

Auto-Isolate is specifically for Spanning Tree, so this would not do you anything at all. You could write a mangle rule specifically targeting a dst address from a src address and route it in another routing table. Even including the specific port if needed, so that only traffic sourced from 192.168...
by scotthammersley
Fri Jul 14, 2017 6:03 pm
Forum: General
Topic: Routing help - network to mikrotik to mikrotik to internet- VoIP
Replies: 1
Views: 294

Re: Routing help - network to mikrotik to mikrotik to internet- VoIP

If you only want to route VoIP packets a certain way you would need to use a separate routing table. Create mangle rules to identify and mark the VoIP packets, which in turn are then marked for another routing table. Then in the /ip routes table, create a new route for the VoIP packets and select th...
by scotthammersley
Fri Jul 14, 2017 5:59 pm
Forum: General
Topic: Hotspot System questions
Replies: 1
Views: 399

Re: Hotspot System questions

- Sometimes the RB3011 reboots but I don't know why -> Any idea how to analyse this? Create a supout.rif on reboot, then forward to MikroTik for analysis - I've installed the DUDE on the same RB but it's not connecting to the ROS. Maybe the Firewall rules are blockin but to which interface do I need...
by scotthammersley
Fri Jul 14, 2017 5:55 pm
Forum: General
Topic: Routing subnet from PPPoE to LAN
Replies: 3
Views: 800

Re: Routing subnet from PPPoE to LAN

As long as the ISP is routing a subnet to your device, you should be able to configure ether3 with that subnet. For example... Your Device (MikroTik) PPPoE WAN address is 1.1.1.2/32 and gateway configured for the ISP, the ISP is routing a subnet to you of 2.2.2.0/27 to 1.1.1.2. Ether 3 of your Mikro...
by scotthammersley
Fri Jul 14, 2017 5:48 pm
Forum: General
Topic: Will PCQ save me?
Replies: 2
Views: 506

Re: Will PCQ save me?

PCQ looks at classifiers and the overall bucket size configured (in your case 100M). It will then share this bucket bandwidth between all the classifiers that it sees equally per stream. So, technically as long as you classify the identifiers correctly, your users should get an equal piece of the pi...
by scotthammersley
Fri Jul 14, 2017 5:39 pm
Forum: Beginner Basics
Topic: Priority
Replies: 3
Views: 565

Re: Priority

Mangle rules and queues, using L7 Regex. But be careful, L7 rules will tax the CPU and could cause you resource issues down the line.
by scotthammersley
Fri Jul 14, 2017 5:37 pm
Forum: Beginner Basics
Topic: possible to limit bandwidth per user not per device in Hotspot?
Replies: 6
Views: 1891

Re: possible to limit bandwidth per user not per device in Hotspot?

If you know the MAC's of the devices tied to the user, you would have to write specific queue rules to limit each MAC/Device. There is no specific way to aggregate the users devices into one rule when you are using the hotspot configuration to apply a dynamic rule, that I know of. Maybe a script cou...
by scotthammersley
Fri Jul 14, 2017 5:33 pm
Forum: General
Topic: Prioritize traffic from openvpn
Replies: 1
Views: 399

Re: Prioritize traffic from openvpn

You could mark the connections based on src and dst, then mark packets based on those connections. You would also need a general bucket rule set to catch all other traffic (or use the no-mark in the queue config). At that point, once they are marked, depending on how you want to handle those packets...
by scotthammersley
Mon Feb 27, 2017 6:50 pm
Forum: General
Topic: Problems mangeling voip-traffic
Replies: 2
Views: 494

Re: Problems mangeling voip-traffic

Would need to see the full configuration of the mangle tree and queue configuration. I would suggest marking the connections first based on the applicable source and destination IP's/ports. Once you have the connections marked correctly in the list, you then mark the packets based on those connectio...
by scotthammersley
Mon Feb 27, 2017 6:43 pm
Forum: General
Topic: VLAN
Replies: 4
Views: 565

Re: VLAN

Please post your current configuration of the RB450 and if possible the switch.
by scotthammersley
Fri Feb 24, 2017 8:58 pm
Forum: Forwarding Protocols
Topic: PPTP Client to bridge
Replies: 1
Views: 2201

Re: PPTP Client to bridge

This could possibly be solved by just routing over the PPTP connection to the far end resources. Say your PPTP subnet is 10.10.10.0/24, you would add this: /ip route add dst-address=10.10.10.0/24 gateway=10.0.2.32 (or could possibly use interface name if you create a binding for it). Depending on wh...
by scotthammersley
Thu Feb 23, 2017 6:05 pm
Forum: General
Topic: Is there a function to detect failed DNS Resolution from an ISP
Replies: 1
Views: 252

Re: Is there a function to detect failed DNS Resolution from an ISP

Scripting would be your answer, so yes, in MikroTik it is possible.
by scotthammersley
Thu Feb 23, 2017 6:00 pm
Forum: General
Topic: Firewall rules
Replies: 9
Views: 1117

Re: Firewall rules

While you cant completely hide an SSID from someone that really wants to find it, you can write a wireless ACL to either only allow certain wireless clients to connect based on their MAC. Something like this: /interface wireless access-list add interface=wlan1 mac-address=00:00:00:00:00:01 vlan-mode...
by scotthammersley
Wed Feb 22, 2017 7:40 pm
Forum: General
Topic: Firewall rules
Replies: 9
Views: 1117

Re: Firewall rules

You could possibly use Wireless ACL's to control the attempted devices.
by scotthammersley
Wed Feb 22, 2017 6:03 pm
Forum: General
Topic: Nat rules dst from out to out
Replies: 1
Views: 395

Re: Nat rules dst from out to out

chain=dstnat action=dst-nat to-addresses=213.128.9.224 to-ports=80 protocol=tcp dst-port=443 log=no log-prefix="" -----> this says anything recieved on any interface destined for TCP 443 will be forwarded to itself on port 80. Absolutely will not work. What is the IP of the device you are trying to ...
by scotthammersley
Wed Feb 22, 2017 5:46 pm
Forum: Wireless Networking
Topic: Automatic login to HotSpot in Trial mode
Replies: 3
Views: 3208

Re: Automatic login to HotSpot in Trial mode

Yes, you need to alter/create your own login.html that basically takes the login parameters with a meta refresh to the hotspot. Basically something like this would need to be placed inside login.html (this is part of the hotspot file system withing routeros); <html> <head> <meta http-equiv="refresh"...
by scotthammersley
Wed Feb 22, 2017 5:39 pm
Forum: Scripting
Topic: API Hotspot Login with multiple RADIUS
Replies: 5
Views: 1926

Re: API Hotspot Login with multiple RADIUS

If you have more than one RADIUS server defined in the configuration, LAC's will always try to authenticate to the first in the list. Only if the RADIUS request timesout will it attempt the next server. So, you need to make sure that the server you are querying is the one you need to test against. D...
by scotthammersley
Wed Feb 22, 2017 5:29 pm
Forum: Wireless Networking
Topic: Get MAC address of an IP Bindings user
Replies: 4
Views: 1834

Re: Get MAC address of an IP Bindings user

Do you mean userman instead of CAPSMAN? If you do indeed mean userman, you would be able to define the client LAC identifier responding to the authentication requests (that forwards it to your AAA Server). This would allow you to know which client was authenticating to which system. If not, you are ...
by scotthammersley
Wed Feb 22, 2017 5:24 pm
Forum: General
Topic: Tunneling into PPTP
Replies: 2
Views: 496

Re: Tunneling into PPTP

I assume what your asking for is the PPTP configuration on your MT client? Have you got the VPN concentrator already configured and ready to accept the PPTP connection from the MT?
by scotthammersley
Wed Feb 22, 2017 5:20 pm
Forum: Forwarding Protocols
Topic: PIM problem
Replies: 2
Views: 666

Re: PIM problem

Can you post the pertinent configuration for review? There are a number of possibilities that could be causing your issue.

Thanks,
by scotthammersley
Tue Jan 12, 2016 7:16 pm
Forum: Forwarding Protocols
Topic: 3 Telco Links BGP in 1 core Router ?
Replies: 11
Views: 1984

Re: 3 Telco Links BGP in 1 core Router ?

Do you have a need to take full BGP tables from your ISP's? If all you are looking to do is advertise your networks for upstream reliability, then you could take all three into one CCR 1009 without injected routes (only default) from them. Or you could write some inbound filters to split the tables ...
by scotthammersley
Wed Sep 03, 2014 7:28 pm
Forum: General
Topic: settings on eoip tunnels
Replies: 2
Views: 2381

Re: clamp-tcp-mss settings on eoip tunnels

EoIP MTU really should be set around 1530, generally because they frag and de-frag packets on each side. PPPoE would decrement the available packet size and normally we find that setting the PPPoE MTU to around 1460 is good.
by scotthammersley
Wed Sep 03, 2014 7:24 pm
Forum: General
Topic: Bridge for Link failover?
Replies: 1
Views: 746

Re: Bridge for Link failover?

Use RSTP within a bridge interface.
by scotthammersley
Wed Sep 03, 2014 7:21 pm
Forum: General
Topic: Can I configure VPLS between two routers as one static IP?
Replies: 2
Views: 853

Re: Can I configure VPLS between two routers as one static I

VPLS is normally used as an MPLS VPN. Unless you use the BGP VPLS function. It is possible to use and configure both ends that use dynamic IP's, just requires more in depth configuration and extra tunneling.
by scotthammersley
Wed Sep 03, 2014 7:19 pm
Forum: General
Topic: Hotspot redirection on login error
Replies: 2
Views: 912

Re: Hotspot redirection on login error

You could possibly create your own captive portal and redirect all users to it rather than letting the MT do the portal. This would give you more flexibility and control of how users are redirected and authenticated.
by scotthammersley
Wed Sep 03, 2014 7:16 pm
Forum: SwOS
Topic: poe budget 260gsp
Replies: 5
Views: 3583

Re: poe budget 260gsp

A lot depends on the input voltage being supplied to the 260. Are you using a PoE injector? Or is it powered by a PoE switch etc?
by scotthammersley
Wed Sep 03, 2014 7:13 pm
Forum: General
Topic: Issues routing and firewall with CRS-125
Replies: 2
Views: 831

Re: Issues routing and firewall with CRS-125

Have you set these up with a Bridge interface?
by scotthammersley
Wed Jun 04, 2014 1:24 pm
Forum: General
Topic: CCR1006-12G, Hotspot ok, Hotspot + VPN server ???
Replies: 1
Views: 712

Re: CCR1006-12G, Hotspot ok, Hotspot + VPN server ???

Can you post your settings?
by scotthammersley
Mon Jun 02, 2014 8:06 pm
Forum: General
Topic: PPP and Hotspot.... Same IP Range
Replies: 4
Views: 946

Re: PPP and Hotspot.... Same IP Range

Do you have a bridge configured for the PPP interfaces?
by scotthammersley
Mon Jun 02, 2014 8:05 pm
Forum: Beginner Basics
Topic: please how to block websites.
Replies: 4
Views: 1581

Re: please how to block websites.

In the dst-address of the firewall rule.
by scotthammersley
Mon Jun 02, 2014 8:04 pm
Forum: General
Topic: Howto on setup a Mikrotik RouterOS with Suricata as IDS
Replies: 3
Views: 2013

Re: Howto on setup a Mikrotik RouterOS with Suricata as IDS

Understood, would be nice to post to the MikroTik Wiki also though and help to contribute. Just a thought.
by scotthammersley
Mon Jun 02, 2014 8:02 pm
Forum: General
Topic: PPPoE innernet on CCR
Replies: 5
Views: 1672

Re: PPPoE innernet on CCR

I know MikroTik is continually adding more multithread processes with each release. PPPoE may just be one of those that have not made it yet. But I could be wrong.
by scotthammersley
Mon Jun 02, 2014 7:59 pm
Forum: Beginner Basics
Topic: Quick Set: AP Mode
Replies: 7
Views: 2848

Re: Quick Set: AP Mode

Quickset is fine if you are looking to get a basic config onto the box without extra fluff.

To the issue of loosing connectivity once you apply, have you tried connecting via MAC?
by scotthammersley
Mon Jun 02, 2014 7:57 pm
Forum: Scripting
Topic: DDOS detection script?
Replies: 8
Views: 10331

Re: DDOS detection script?

That Wiki is relevant to stopping DDOS at the router itself. However he is looking to dynamically update his BGP black hole list.

Again though, both examples show how to identify traffic and place into an address list. You just need to script a way of adding them into your BGP lists.
by scotthammersley
Mon Jun 02, 2014 7:55 pm
Forum: General
Topic: RDP problem
Replies: 8
Views: 2277

Re: RDP problem

No problem, glad we could try to help.
by scotthammersley
Mon Jun 02, 2014 7:54 pm
Forum: General
Topic: port forwarding
Replies: 5
Views: 1385

Re: port forwarding

Jarda, Doesnt matter whether its a "Public IP" or not. That just defines whether the traffic can be possibly routed over the net. I can use a "public IP" and still keep it internal if we wish. So that statement is really null and void. What he is trying to do is basic NAT. To that point though, that...
by scotthammersley
Mon Jun 02, 2014 7:51 pm
Forum: General
Topic: walled garden for https
Replies: 3
Views: 1307

Re: walled garden for https

Change the proxy rule to include both port 80 and 443. This will catch most https traffic.
by scotthammersley
Mon Jun 02, 2014 7:47 pm
Forum: Wireless Networking
Topic: DHCP MESSAGES
Replies: 2
Views: 999

Re: DHCP MESSAGES

Use the packet capture tool, this will be like using Wireshark. You can save the capture and open with Wireshark too.
by scotthammersley
Mon Jun 02, 2014 5:08 pm
Forum: General
Topic: port forwarding
Replies: 5
Views: 1385

Re: port forwarding

Disable the firewall rules, then test again.
by scotthammersley
Mon Jun 02, 2014 4:53 pm
Forum: General
Topic: RB750 VLAN and Internet
Replies: 1
Views: 540

Re: RB750 VLAN and Internet

Yes you can. Add the vlan interface to the phyiscal. If you have the same vlan id on two different ports, you can create a bridge to tie them together if needed.
by scotthammersley
Sun Jun 01, 2014 7:39 pm
Forum: Wireless Networking
Topic: receive level
Replies: 4
Views: 1318

Re: receive level

Someone may correct me, but, if your SNR is relative to around -65 to -70, you should have a clean signal. There are other factors to this, but generally speaking you dont want the link to hot either.
by scotthammersley
Sun Jun 01, 2014 7:37 pm
Forum: Beginner Basics
Topic: Quick Set: AP Mode
Replies: 7
Views: 2848

Re: Quick Set: AP Mode

Are you directly connected to the device when you use the QuickSet feature?
by scotthammersley
Sun Jun 01, 2014 7:36 pm
Forum: General
Topic: Howto on setup a Mikrotik RouterOS with Suricata as IDS
Replies: 3
Views: 2013

Re: Howto on setup a Mikrotik RouterOS with Suricata as IDS

Why not post this on the Wiki? People search the MikroTik Wiki also.
by scotthammersley
Sun Jun 01, 2014 7:35 pm
Forum: Beginner Basics
Topic: Is it a Fault Mickrotix RB750
Replies: 3
Views: 745

Re: Is it a Fault Mickrotix RB750

No problem.
by scotthammersley
Sun Jun 01, 2014 7:33 pm
Forum: Wireless Networking
Topic: Bandwidth limitation on CPE
Replies: 10
Views: 3629

Re: Bandwidth limitation on CPE

Gotcha.

What RouterOS version are you using?
by scotthammersley
Sun Jun 01, 2014 7:31 pm
Forum: The Dude
Topic: Get statistics online/offline time?
Replies: 3
Views: 2015

Re: Get statistics online/offline time?

Probably would need to use an 3rd party monitoring program like Solarwinds, WhatsUP etc, even maybe the dude.
by scotthammersley
Sun Jun 01, 2014 7:30 pm
Forum: General
Topic: Random ip block from my router
Replies: 3
Views: 907

Re: Random ip block from my router

Good to hear you figured it out.
by scotthammersley
Sun Jun 01, 2014 7:25 pm
Forum: Scripting
Topic: DDOS detection script?
Replies: 8
Views: 10331

Re: DDOS detection script?

Yes, I understand that, but you need a way of identifying the traffic first, which is the mangle rule I gave you. Once you identify the offender, then you can script to add to the BGP advertise filter list.

I just added the firewall rule in as an extra precaution.
by scotthammersley
Sat May 31, 2014 6:50 pm
Forum: General
Topic: IPSec with DNS Name
Replies: 1
Views: 596

Re: IPSec with DNS Name

Would be nice to be able to use DNS names no matter where in the configuration.
by scotthammersley
Sat May 31, 2014 6:49 pm
Forum: Beginner Basics
Topic: Proper way to configure
Replies: 1
Views: 630

Re: Proper way to configure

Add a static Mgmt IP to the 911 in the same subnet, this will allow you to manage it through the other devices.
by scotthammersley
Sat May 31, 2014 6:47 pm
Forum: Scripting
Topic: DDOS detection script?
Replies: 8
Views: 10331

Re: DDOS detection script?

Why would you not write a mangle and firewall rule that limits (and adds to an address list) the connection count to any once source on your WAN interface that exceeds a give value? Something like this maybe: /ip firewall mangle add action=add-src-to-address-list address-list=High_Connections chain=...
by scotthammersley
Sat May 31, 2014 6:35 pm
Forum: General
Topic: PPP and Hotspot.... Same IP Range
Replies: 4
Views: 946

Re: PPP and Hotspot.... Same IP Range

Are you setting the rate limit in the profile of the PPP connection?
by scotthammersley
Sat May 31, 2014 6:33 pm
Forum: Beginner Basics
Topic: Redirect HTTP HTTPS traffic to SQUID
Replies: 5
Views: 10468

Re: Redirect HTTP HTTPS traffic to SQUID

Glad to be able to help.
by scotthammersley
Fri May 30, 2014 9:34 pm
Forum: Beginner Basics
Topic: CRS226 v6.13
Replies: 1
Views: 514

Re: CRS226 v6.13

Afraid not, have not encountered that specific issue yet. Doesn't mean I wont though ;-)
by scotthammersley
Fri May 30, 2014 9:32 pm
Forum: Forwarding Protocols
Topic: TE Tunnels not routing data
Replies: 1
Views: 917

Re: TE Tunnels not routing data

If you are using OSPF to redistribute your loopbacks, I would definetly use the /32 loop IP's for the tunnels. Need to see your config regarding the TE tunnels though.
by scotthammersley
Fri May 30, 2014 9:30 pm
Forum: Wireless Networking
Topic: Can't connect to single Virtual AP
Replies: 7
Views: 2278

Re: Can't connect to single Virtual AP

Are you using all seperate wireless cards?
by scotthammersley
Fri May 30, 2014 9:26 pm
Forum: Beginner Basics
Topic: router configuration
Replies: 3
Views: 721

Re: router configuration

Or use the Quick Set feature.
by scotthammersley
Fri May 30, 2014 8:51 pm
Forum: General
Topic: v6.13 cloning of RB750GL routers
Replies: 8
Views: 1608

Re: v6.13 cloning of RB750GL routers

One thing to try is to do a full system reset-configuration without defaults, then try that. It may be that its seeing the default pool and throwing the error.
by scotthammersley
Fri May 30, 2014 6:59 pm
Forum: General
Topic: Random ip block from my router
Replies: 3
Views: 907

Re: Random ip block from my router

Can you post your config?
by scotthammersley
Fri May 30, 2014 6:48 pm
Forum: General
Topic: UPS package
Replies: 1
Views: 658

Re: UPS package

I verified that that ups package is there on 6.10. You will need the "all-packages" download not the upgrade npk. If you don't have it, you may want to upgrade your router so you can download it from the website. Alternatively, you may want to talk to you vendor and see if they can provide it for you.
by scotthammersley
Fri May 30, 2014 6:42 pm
Forum: General
Topic: SNMP traffic not detected in firewall
Replies: 2
Views: 822

Re: SNMP traffic not detected in firewall

Yes, there is another to troubleshoot it. Create a VPN to the router and re-test. That will take the ISP out of the equation.
by scotthammersley
Fri May 30, 2014 6:37 pm
Forum: General
Topic: ovpn clients cannot access RB router
Replies: 2
Views: 596

Re: ovpn clients cannot access RB router

Can you post your settings? Please, include a network diagram.
by scotthammersley
Fri May 30, 2014 6:35 pm
Forum: The Dude
Topic: Dude on ROS - Execute script on router
Replies: 1
Views: 2117

Re: Dude on ROS - Execute script on router

Yes, you can use an html file on the router, or anywhere else for that matter, to have some text. That text gets updated upon some event. You will need to script the router to read that file periodically and then execute the command. This is basically how the DynDNS script works if you would like to...
by scotthammersley
Fri May 30, 2014 6:31 pm
Forum: Beginner Basics
Topic: dualwan
Replies: 1
Views: 442

Re: dualwan

You will have to use PBR with some way of triggering it such as traffic monitor. This is something that we can help you with, if your interested.
by scotthammersley
Fri May 30, 2014 6:29 pm
Forum: Beginner Basics
Topic: Configuring DVR through Mikrotik CCR 1026-24g
Replies: 1
Views: 816

Re: Configuring DVR through Mikrotik CCR 1026-24g

Can you post a network diagram? Can you accomplish your goals if you are using 1:1 NAT? That might make the configuration a little simpler.
by scotthammersley
Fri May 30, 2014 6:25 pm
Forum: Beginner Basics
Topic: Host Unreachable over OpenVPN
Replies: 1
Views: 1792

Re: Host Unreachable over OpenVPN

Can you ping for the client and back to the server and visa versa? What does a trace route show? Do you have proxy-arp enabled?
by scotthammersley
Fri May 30, 2014 6:20 pm
Forum: General
Topic: Went from 5.26 to 6.12 and backup/rsc emails stopped coming
Replies: 1
Views: 494

Re: Went from 5.26 to 6.12 and backup/rsc emails stopped com

There have been alot of changes in between those versions, can you post the settings you are trying to use currently?
by scotthammersley
Fri May 30, 2014 6:17 pm
Forum: Beginner Basics
Topic: mikrotik --> squid help again
Replies: 1
Views: 551

Re: mikrotik --> squid help again

If you are trying to make it a transparent proxy for the users, you are going to have to use Policy Based Routing or turn on the router's proxy on and re-direct it to the squid. If you would like some help with this, we would be more than happy to help you. Please, give us a call at 1-855-MikroTik.
by scotthammersley
Fri May 30, 2014 6:12 pm
Forum: General
Topic: stencil visio updated
Replies: 4
Views: 13398

Re: stencil visio updated

Thank you!
by scotthammersley
Fri May 30, 2014 6:09 pm
Forum: The Dude
Topic: Get statistics online/offline time?
Replies: 3
Views: 2015

Re: Get statistics online/offline time?

You can use SNMP to monitor the uptime.
by scotthammersley
Fri May 30, 2014 6:05 pm
Forum: Beginner Basics
Topic: dual wan failover with traffic monitor script
Replies: 1
Views: 889

Re: dual wan failover with traffic monitor script

All of your traffic will naturally flow out your default gateway, which I assume is the 8.8.8.8 route? To use the 2nd WAN, you will have to identify the traffic to go out the 2nd WAN and direct it through that gateway. There are many ways to do this such as ECMP, PCC, PBR, ect. Using Mangle to mark ...
by scotthammersley
Fri May 30, 2014 5:47 pm
Forum: The Dude
Topic: DUDE ON CLOUD CORE ROUTER
Replies: 2
Views: 2595

Re: DUDE ON CLOUD CORE ROUTER

That's correct; at the present time you can not run the Dude on the CCR series. It may be advantageous to use another RouterBoard, bridged to your WAN, to monitor your network.
by scotthammersley
Fri May 30, 2014 5:24 pm
Forum: Beginner Basics
Topic: please how to block websites.
Replies: 4
Views: 1581

Re: please how to block websites.

To block website by FQDN you really need to use either L7 Firewall rules or as I see you trying to do, use a web proxy.

Try reading this:http://wiki.mikrotik.com/wiki/Manual:IP/Proxy
Or this: http://wiki.mikrotik.com/wiki/How_To_Block_Facebook
by scotthammersley
Fri May 30, 2014 5:21 pm
Forum: General
Topic: how to disable ipsec encryption ??
Replies: 4
Views: 1515

Re: how to disable ipsec encryption ??

If you dont need/want encryption, IPSEC is not the right tunnel mechanism. You should use something like pptp or EoIP instead.
by scotthammersley
Fri May 30, 2014 5:20 pm
Forum: Beginner Basics
Topic: router configuration
Replies: 3
Views: 721

Re: router configuration

Thats a loaded question. How do you want to configure it, and have you searched the Wiki's first?
by scotthammersley
Fri May 30, 2014 5:15 pm
Forum: General
Topic: How does the web proxy authentication work?
Replies: 2
Views: 1514

Re: How does the web proxy authentication work?

It can be used in conjunction with the hotspot function. It is configured in the server profile of the hotspot to use the proxy. You can set individual user accounts to use different profiles that allow certain access.
by scotthammersley
Fri May 30, 2014 4:26 pm
Forum: General
Topic: Bridge between 2 ethernet ports problem
Replies: 3
Views: 670

Re: Bridge between 2 ethernet ports problem

Yep, i wasn't sure, but I did some google fooing and figured it out. Your right though, it is a feature that is really missing. ISP and IPTV deployers will look over RouterOS as a CPE purely for that reason. Shame, hopefully we can get MikroTik to implement soon.
by scotthammersley
Fri May 30, 2014 12:49 am
Forum: General
Topic: Bridge between 2 ethernet ports problem
Replies: 3
Views: 670

Re: Bridge between 2 ethernet ports problem

RouterOS supports multicast and IGMP. Looking to refresh my memory now whether snooping is there.
by scotthammersley
Fri May 30, 2014 12:45 am
Forum: Beginner Basics
Topic: bandwidth base load balancing
Replies: 3
Views: 1276

Re: bandwidth base load balancing

Mark the packets after the connection, then mark routing.
by scotthammersley
Fri May 30, 2014 12:42 am
Forum: General
Topic: PPPoE innernet on CCR
Replies: 5
Views: 1672

Re: PPPoE innernet on CCR

What software version are you running?
by scotthammersley
Fri May 30, 2014 12:41 am
Forum: General
Topic: Login failure via local
Replies: 2
Views: 813

Re: Login failure via local

Do you have any type of USB LTE modems or something along those lines installed on the CPE?
by scotthammersley
Fri May 30, 2014 12:39 am
Forum: General
Topic: configuration load balancing and fail over RB751U-2HnD
Replies: 1
Views: 1069

Re: configuration load balancing and fail over RB751U-2HnD

You are marking the connections, however I would mark the packets that belong to those connections. Then on your routing mark rules use the packet marks instead of connection mark.
by scotthammersley
Fri May 30, 2014 12:37 am
Forum: Scripting
Topic: Running a command (script) on firewall rule.
Replies: 3
Views: 1363

Re: Running a command (script) on firewall rule.

Possibly write a script that telnets to the RDP port of that PC. That might possibly wake them up. Trick is writing the kickoff.
by scotthammersley
Fri May 30, 2014 12:33 am
Forum: Beginner Basics
Topic: mikrotik proxy clinent
Replies: 1
Views: 570

Re: mikrotik proxy clinent

Absolutely:

Take a look here: http://wiki.mikrotik.com/wiki/Manual:IP/Proxy
by scotthammersley
Fri May 30, 2014 12:31 am
Forum: Beginner Basics
Topic: Redirect HTTP HTTPS traffic to SQUID
Replies: 5
Views: 10468

Re: Redirect HTTP HTTPS traffic to SQUID

This should work for you. /ip firewall address-list add address=192.168.100.1-192.168.100.50 list=Defined /ip firewall mangle add action=mark-routing src-address-list=Defined chain=prerouting dst-port=443 new-routing-mark=https protocol=tcp /ip firewall nat add chain=srcnat dst-port=443 protocol=tcp...
by scotthammersley
Thu May 29, 2014 3:52 pm
Forum: Beginner Basics
Topic: Is it a Fault Mickrotix RB750
Replies: 3
Views: 745

Re: Is it a Fault Mickrotix RB750

It sounds like you have a hardware problem, but just to be sure have you tried replacing the cable, using a different Ethernet port, or changing your port settings to 10M Half duplex? If so, that router may just be bad.
by scotthammersley
Thu May 29, 2014 3:49 pm
Forum: General
Topic: after update router, OVPN can't access router
Replies: 5
Views: 1211

Re: after update router, OVPN can't access router

There were alot of changes, bugs, and fixes between those versions. If you want to use 6.13, you are going to have to re-validate the entire scenario from scratch.
by scotthammersley
Thu May 29, 2014 3:44 pm
Forum: Forwarding Protocols
Topic: 2 routers and one GW for Clients
Replies: 1
Views: 800

Re: 2 routers and one GW for Clients

You can use Netwatch with VRRP to identify the failed conditions you are looking for.
by scotthammersley
Thu May 29, 2014 12:46 am
Forum: General
Topic: VERSION 6.13
Replies: 1
Views: 537

Re: VERSION 6.13

Dont quite understand what you are asking. What version did you updgrade from again?
by scotthammersley
Thu May 29, 2014 12:21 am
Forum: Wireless Networking
Topic: Bandwidth limitation on CPE
Replies: 10
Views: 3629

Re: Bandwidth limitation on CPE

rborz, you are correct in stating that it should be controlled as close to the edge as possible. Although, without the SXT acting as the AC for the clients, it becomes a little more of a manual process im afraid. One place to start is to come up with a common schema for QoS at the edge. Maybe someth...
by scotthammersley
Thu May 29, 2014 12:13 am
Forum: Beginner Basics
Topic: First time setting up openVPN
Replies: 13
Views: 3087

Re: First time setting up openVPN

You need to create a certificate template first.

Its a little more intuitive if you use winbox instead of CLI.

Go to system, certificates. Create new (press red + sign) , fill in the info. Add it, then select from the window and press the 'create certicate request'.
by scotthammersley
Wed May 28, 2014 11:43 pm
Forum: Beginner Basics
Topic: Mikrotik RB750 2 Wan Dynamic ip Unable to Load Balance
Replies: 4
Views: 1916

Re: Mikrotik RB750 2 Wan Dynamic ip Unable to Load Balance

Just realized from your image that you dont have a second default static configured, in any case, it would need to be in its own routing mark so that packets that get mangled through the firewall follow that route.
by scotthammersley
Wed May 28, 2014 11:41 pm
Forum: Beginner Basics
Topic: Mikrotik RB750 2 Wan Dynamic ip Unable to Load Balance
Replies: 4
Views: 1916

Re: Mikrotik RB750 2 Wan Dynamic ip Unable to Load Balance

Doesnt look like you have set your other static route to be in the routing mark you are mangling. Wont work until then because currently both static defaults have the same AD.
by scotthammersley
Wed May 28, 2014 11:37 pm
Forum: Beginner Basics
Topic: First time setting up openVPN
Replies: 13
Views: 3087

Re: First time setting up openVPN

If you open your file browser in Winbox, do you see a file created with the .pem extension?
by scotthammersley
Wed May 28, 2014 10:25 pm
Forum: General
Topic: v6.13 cloning of RB750GL routers
Replies: 8
Views: 1608

Re: v6.13 cloning of RB750GL routers

I dont believe you missed anything. I can not say I have had reliable import/export in any instance without having to go through and scrub out errors. I normally save the template that works and just create from it, rather than exporting then changing. If you have made changes to the running config,...
by scotthammersley
Wed May 28, 2014 9:59 pm
Forum: General
Topic: Hotspot and Google Analytics
Replies: 7
Views: 2064

Re: Hotspot and Google Analytics

Correct me if I am wrong, but the google analytics scriptlet is Java based, I am not sure RouterOS can support. Even if you allowed it through the walled garden I think you would still run into problems.

Someone please correct me if different.
by scotthammersley
Wed May 28, 2014 9:56 pm
Forum: RouterBOARD hardware
Topic: CCR1009-8G-1S-1S+ and UPS over serial
Replies: 6
Views: 2260

Re: CCR1009-8G-1S-1S+ and UPS over serial

How is the UPS configured? Static IP, DHCP etc?
by scotthammersley
Wed May 28, 2014 9:55 pm
Forum: Beginner Basics
Topic: openvpn only certificate match how configure?
Replies: 8
Views: 1663

Re: openvpn only certificate match how configure?

As Barkas and I have suggested, I think your only option is to use a dummy set unfortunately.
by scotthammersley
Wed May 28, 2014 9:54 pm
Forum: General
Topic: RDP problem
Replies: 8
Views: 2277

Re: RDP problem

Post your NAT rules and I will take a look. Though without access to the remote config, it will be hard to decipher.
by scotthammersley
Wed May 28, 2014 9:53 pm
Forum: Wireless Networking
Topic: 200+ megabit over 55 kilometers
Replies: 9
Views: 2609

Re: 200+ megabit over 55 kilometers

Thats a good question, will need to research that now you asked.
by scotthammersley
Wed May 28, 2014 9:51 pm
Forum: Beginner Basics
Topic: gre port forwarding
Replies: 4
Views: 1668

Re: gre port forwarding

Good deal. Glad you figured it out.
by scotthammersley
Tue May 27, 2014 10:50 pm
Forum: General
Topic: Looking for NMS Program
Replies: 1
Views: 600

Re: Looking for NMS Program

WhatsUp
Solarwinds
The Dude
Google.
by scotthammersley
Tue May 27, 2014 10:49 pm
Forum: Beginner Basics
Topic: MAC address wildcard
Replies: 1
Views: 1058

Re: MAC address wildcard

Are you looking at adding this to the bridge firewall? Secondly, I dont think you can add as a wild card unfortunetly.
by scotthammersley
Tue May 27, 2014 10:33 pm
Forum: General
Topic: port forward debug
Replies: 9
Views: 1824

Re: port forward debug

Try disabling the default firewall rules, they normally block all access to the input chain of the router on ether-1. If that works for you, build a comprehensive firewall filter set to suit your needs.
by scotthammersley
Tue May 27, 2014 7:59 pm
Forum: The User Manager
Topic: Bandwith test does not provide packet lost when it finish
Replies: 6
Views: 1776

Re: Bandwith test does not provide packet lost when it finis

So you are pushing 40Mbps each direction, but what is the size of the pipe you are traversing?
by scotthammersley
Tue May 27, 2014 7:56 pm
Forum: General
Topic: RDP problem
Replies: 8
Views: 2277

Re: RDP problem

I would be looking at the return src nats, make sure the RDP client and server are being returned with the same src address.
by scotthammersley
Tue May 27, 2014 7:08 pm
Forum: Scripting
Topic: How to config a FailOver on Mikrotik RB750GL
Replies: 1
Views: 898

Re: How to config a FailOver on Mikrotik RB750GL

There is a nifty little function in RouterOS called 'Netwatch'. This allows you to script on instances.
by scotthammersley
Tue May 27, 2014 7:06 pm
Forum: Beginner Basics
Topic: Hotspot radius question
Replies: 4
Views: 1009

Re: Hotspot radius question

If i understand your question correctly, are you looking for some sort of active/backup Usermanager setup?
by scotthammersley
Tue May 27, 2014 7:04 pm
Forum: General
Topic: Mikrotik support for Radius attributes
Replies: 2
Views: 984

Re: Mikrotik support for Radius attributes

Yes using UserManager. You can configure UserMan to control wireless user access as you are wanting.
by scotthammersley
Tue May 27, 2014 7:01 pm
Forum: General
Topic: MTU Problem
Replies: 1
Views: 545

Re: MTU Problem

Yes, that will work.

Because you are decrementing the frame size by 4bytes for each vlan tag, plus the extra for PPPoE.

I would actually suggest lowering it a little more, we have always found 1440~ works best.
by scotthammersley
Tue May 27, 2014 6:58 pm
Forum: Beginner Basics
Topic: gre port forwarding
Replies: 4
Views: 1668

Re: gre port forwarding

try this:

/ip firewall nat
add action=dst-nat chain=dstnat comment="GRE Forwarding" disabled=no protocol=gre dst-address="YourGatewayAddress" to-addresses="YourInternalAddress"
by scotthammersley
Tue May 27, 2014 6:52 pm
Forum: General
Topic: RouterOS default configuration
Replies: 8
Views: 966

Re: RouterOS default configuration

You really need to add a rule that specifically allows your API server to talk to the MT, not the whole world.

Place this before the default configuration of the firewall.

/ip firewall filter
add chain=input action=accept in-interface=ether1-gateway src-address="YOUR_API_SERVER_IP"
by scotthammersley
Tue May 27, 2014 6:47 pm
Forum: Wireless Networking
Topic: 200+ megabit over 55 kilometers
Replies: 9
Views: 2609

Re: 200+ megabit over 55 kilometers

What hardware are we talking about? Frequency, licensed/unlicensed, etc...
by scotthammersley
Tue May 27, 2014 6:20 pm
Forum: Wireless Networking
Topic: PtMP examples, please!
Replies: 3
Views: 1618

Re: PtMP examples, please!

We (IPArchiTechs) are working on an extensive set of Wiki articles that we plan to post in due time, both on the MT Wiki and our website.
by scotthammersley
Tue May 27, 2014 6:17 pm
Forum: Beginner Basics
Topic: openvpn only certificate match how configure?
Replies: 8
Views: 1663

Re: openvpn only certificate match how configure?

Unfortunetly RouterOS implementation of OVPN does not support the exclusion of username/password. Some get around this by using a dummy set across their clients.

Sorry that its not what you want to hear.
by scotthammersley
Tue May 27, 2014 6:15 pm
Forum: Beginner Basics
Topic: Dual Lan Setup - block access between lans minus 1 server
Replies: 3
Views: 1126

Re: Dual Lan Setup - block access between lans minus 1 serve

How did this work out for you, were you able to try it out?
by scotthammersley
Tue May 27, 2014 6:14 pm
Forum: General
Topic: port forward debug
Replies: 9
Views: 1824

Re: port forward debug

Are the default firewall rules still configured on the router?
by scotthammersley
Tue May 27, 2014 6:09 pm
Forum: Beginner Basics
Topic: Startup questions
Replies: 3
Views: 952

Re: Startup questions

Great, no problem.
by scotthammersley
Fri May 23, 2014 7:03 pm
Forum: General
Topic: feature request - Web Proxy Rule Src\Dst Address List
Replies: 1
Views: 621

Re: feature request - Web Proxy Rule Src\Dst Address List

=1 Yes, that feature would be very useful!
by scotthammersley
Fri May 23, 2014 6:57 pm
Forum: General
Topic: Ping Loss Issues to RB911 board via a RB750UP
Replies: 2
Views: 595

Re: Ping Loss Issues to RB911 board via a RB750UP

It is probably one of a few different things. It could be the settings... you can post your settings to get another set of eyes on it. It could be hardware failure. Have you tested each of the ports to verify they can handle the traffic? Also, test it with lower speed setting like 10M half duplex. H...
by scotthammersley
Fri May 23, 2014 6:51 pm
Forum: General
Topic: Automatic Failover & Internet Access blocking - Mikrotik
Replies: 1
Views: 484

Re: Automatic Failover & Internet Access blocking - Mikrotik

Do you have check gateway by ping set in your routes? That will keep you from having to switch the routes over manually. As far as blocking the others users, you can use the web proxy feature in conjunction with the firewall. Check out the manual on web proxy. You are going to permit the traffic for...
by scotthammersley
Fri May 23, 2014 6:21 pm
Forum: General
Topic: i have problem with redirect in proxy rule
Replies: 1
Views: 2036

Re: i have problem with redirect in proxy rule

Take a look at how they are doing it on this thread:
http://forum.mikrotik.com/viewtopic.php?f=7&t=80925
by scotthammersley
Fri May 23, 2014 6:02 pm
Forum: Beginner Basics
Topic: New to Cloudcore and looking for pointers
Replies: 1
Views: 565

Re: New to Cloudcore and looking for pointers

Functionally there is no difference in the way you Network a CCR from a RB411. Other than different interfaces and horsepower, Im not sure how to point you in the right direction.
by scotthammersley
Fri May 23, 2014 5:06 pm
Forum: General
Topic: Stability
Replies: 5
Views: 984

Re: Stability

Your welcome to your opinion. However, working with a large array of vendor hardware including MikroTik, bugs are apart of life. Yes, 6.x has introduced quite a lot of bugs that Mikrotik has had to address, but nothing compares the Cisco Nexus platform. Upgrade early and often is the mantra with tha...
by scotthammersley
Fri May 23, 2014 4:51 pm
Forum: General
Topic: MAC based connectivity without PPPoE dialing?!
Replies: 3
Views: 493

Re: MAC based connectivity without PPPoE dialing?!

You can use the Hotspot setup function and it will create the IP Pools for you. Then set up UserManager, RADIUS, and configure the hotspot to auth to RADIUS.
by scotthammersley
Fri May 23, 2014 2:35 am
Forum: Beginner Basics
Topic: LAN & Wireless DHCP and filtering by mac
Replies: 1
Views: 656

Re: LAN & Wireless DHCP and filtering by mac

Why don't you just use two different SSIDs. Create a VAP of WLAN1 and separate the traffic that way?
by scotthammersley
Fri May 23, 2014 1:55 am
Forum: Beginner Basics
Topic: Packet loss issues.
Replies: 1
Views: 1173

Re: Packet loss issues.

Yes, that is possible. You will want to check out the wiki on queues http://wiki.mikrotik.com/wiki/Manual:Queue. Simple Queues is probably where you want to start. There are also several videos on tiktube and youtube that show how to setup the queues.
by scotthammersley
Fri May 23, 2014 1:35 am
Forum: General
Topic: 3 VLAN + 2 SSID + trunk
Replies: 1
Views: 1284

Re: 3 VLAN + 2 SSID + trunk

To "Trunk" them and the VLAN and the Ethernet ports to a bridge. That will allow them to pass through to the next device.
by scotthammersley
Fri May 23, 2014 1:33 am
Forum: General
Topic: RB750GL newbie - RouterOS vs OpenWRT
Replies: 1
Views: 1244

Re: RB750GL newbie - RouterOS vs OpenWRT

The real question is, what are you more comfortable with? If DD-WRT is something you are comfortable with and it will handle your needs, then that is the right choice for you. I use Mikrotik at work and at home because it what I am the most comfortable with and I think it has the best feature set fo...
by scotthammersley
Fri May 23, 2014 1:27 am
Forum: General
Topic: Mikrotik Dhcp server and cmts provisioning
Replies: 1
Views: 1010

Re: Mikrotik Dhcp server and cmts provisioning

Can you post your config?
by scotthammersley
Fri May 23, 2014 1:26 am
Forum: The User Manager
Topic: Alternative payment method ??? Paysafecard ???
Replies: 2
Views: 2081

Re: Alternative payment method ??? Paysafecard ???

Paypal and Authorize.net are the only payment gateways that you can use with Usermanager. However, if you use another RADIUS platform you can use whichever payment gateways that they support.
by scotthammersley
Fri May 23, 2014 12:47 am
Forum: Beginner Basics
Topic: What is the latest network logging setup?
Replies: 1
Views: 576

Re: What is the latest network logging setup?

I'm not really sure what they experienced in that thread, but the Dude does work. There are bugs here and there, but overall it works pretty well. For the money, it works great. However, you said you wanted to see what sites your users are accessing...try traffic flow. There are some free Traffic Fl...
by scotthammersley
Fri May 23, 2014 12:40 am
Forum: General
Topic: OpenVPN Help
Replies: 1
Views: 712

Re: OpenVPN Help

Were you able to solve this problem or do you still need help with it?
by scotthammersley
Fri May 23, 2014 12:29 am
Forum: Beginner Basics
Topic: How to rename interface and move cable from eth10 to eth2
Replies: 10
Views: 1609

Re: How to rename interface and move cable from eth10 to eth

Moving the cable is really not as intimidating as it may seem. You are only gong to have a handful of references to the actual interface.
by scotthammersley
Fri May 23, 2014 12:26 am
Forum: General
Topic: Stability
Replies: 5
Views: 984

Re: Stability

Its true that bugs can be frustrating, but you said something that I want to comment on. I owe almost all of my routing and network knowledge to messing with these routers Having used a large array of vendor's products, I can promise you that bugs are just as common everywhere else. The fact of the ...
by scotthammersley
Fri May 23, 2014 12:17 am
Forum: General
Topic: port forward debug
Replies: 9
Views: 1824

Re: port forward debug

Is the public IP address that you are trying to NAT on the router itself? So when I client goto that address, the address should reside on the router and it gets NAT to the private IP.
by scotthammersley
Thu May 22, 2014 10:51 pm
Forum: RouterBOARD hardware
Topic: SFP module
Replies: 100
Views: 58115

Re: SFP module

Normis, we have had a few inquiries into whether MikroTik will develop any QSFP+ 40G SFP modules. Whether or not the unit can sustain the transfer, a growing number of DataCenters are looking to deploy as Top Of Rack solutions. However, many are going with newer BladeCenter chassis that they wish to...
by scotthammersley
Thu May 22, 2014 10:40 pm
Forum: RouterBOARD hardware
Topic: RB911g-5hpnd ethernet Gb
Replies: 2
Views: 608

Re: RB911g-5hpnd ethernet Gb

What is the device on the other side of the link?
by scotthammersley
Thu May 22, 2014 10:33 pm
Forum: RouterBOARD hardware
Topic: RB911g-5hpnd ethernet Gb
Replies: 2
Views: 608

Re: RB911g-5hpnd ethernet Gb

Does it work at 100M?
by scotthammersley
Thu May 22, 2014 10:32 pm
Forum: Wireless Networking
Topic: Device disconnecting, "can't handle all stations"
Replies: 1
Views: 677

Re: Device disconnecting, "can't handle all stations"

It looks like there is a security mis-match. Can you post the settings from both devices?
by scotthammersley
Thu May 22, 2014 10:29 pm
Forum: General
Topic: Problem stopping DNS mirror attack with Firewall
Replies: 1
Views: 750

Re: Problem stopping DNS mirror attack with Firewall

Here is how we solve that problem. First, you have to make exceptions for the valid DNS requests (both ways). Then you have to identify the rest of the DNS traffic and block all of it. If you are still having trouble with it, call us at 1-855-MikroTik and we can help you with that.
by scotthammersley
Thu May 22, 2014 10:24 pm
Forum: General
Topic: Dual Frequency, Channel, Operation Internal AP
Replies: 1
Views: 773

Re: Dual Frequency, Channel, Operation Internal AP

With all wireless products that tx/rx on multiple bands at the same time, there must be at least two wireless cards. Each wireless cards needs to be configured separately. Even when you do see it in product xyz, there are multiple wireless cards.
by scotthammersley
Thu May 22, 2014 10:21 pm
Forum: General
Topic: Linux like interface config
Replies: 1
Views: 578

Re: Linux like interface config

The reality is, that would help some, but make things more difficult for others. If you want a persistent interface, use the Bridge to create a "loopback." Point all of your settings to the Bridge Interface. Then all you will have to do is change the ports in the bridge.
by scotthammersley
Thu May 22, 2014 10:16 pm
Forum: Wireless Networking
Topic: HotSpoto Limited Connection
Replies: 5
Views: 1658

Re: HotSpoto Limited Connection

You can try a couple of things. First make sure that nothing is interrupting the connectivity of the hosts to the hotspot. Then try bypassing then hosts and see if they get online. If there are still not online at that point, you know its not the hotspot and that its some other type of networking is...
by scotthammersley
Thu May 22, 2014 10:11 pm
Forum: Beginner Basics
Topic: openvpn only certificate match how configure?
Replies: 8
Views: 1663

Re: openvpn only certificate match how configure?

You have to use a username and password with MikroTik OVPN solutions. You can use this Wiki page as a guide:

http://wiki.mikrotik.com/wiki/OpenVPN_C ... ep_by_Step
by scotthammersley
Thu May 22, 2014 10:07 pm
Forum: Wireless Networking
Topic: Connecting 2 points using SXT Lite2, 150m apart
Replies: 2
Views: 1180

Re: Connecting 2 points using SXT Lite2, 150m apart

Have you created a bridge with both the WLAN and Ethernet interfaces in the bridge? Can you post your settings?
by scotthammersley
Thu May 22, 2014 10:06 pm
Forum: RouterBOARD hardware
Topic: RB951U/G on 5Ghz or dual band
Replies: 2
Views: 1168

Re: RB951U/G on 5Ghz or dual band

Several of the vendors have pre-built 5GHz solutions which are similar although a little more expensive.
by scotthammersley
Thu May 22, 2014 10:03 pm
Forum: RouterBOARD hardware
Topic: Urgent Help,any copy of Linux for board RB230
Replies: 2
Views: 740

Re: Urgent Help,any copy of Linux for board RB230

Are you using PhyDiskWrite.exe?
by scotthammersley
Thu May 22, 2014 10:01 pm
Forum: RouterBOARD hardware
Topic: Urgent Help,any copy of Linux for board RB230
Replies: 2
Views: 740

Re: Urgent Help,any copy of Linux for board RB230

How are you writing the file to the CF card?
by scotthammersley
Thu May 22, 2014 9:59 pm
Forum: General
Topic: Can't reach management subnets on routers using HOTSPOT
Replies: 1
Views: 407

Re: Can't reach management subnets on routers using HOTSPOT

The binding for the subnet should look like this:
/ip hotspot ip-binding
add address=10.10.10.0/24 type=bypassed
Can you post what your's look like?
by scotthammersley
Thu May 22, 2014 9:52 pm
Forum: Wireless Networking
Topic: RB951G-2HnD 802.11n issue
Replies: 7
Views: 3081

Re: RB951G-2HnD 802.11n issue

In MikroTik, that setting is referred to as HT Guard Interval and its on the HT tab. If you are still having problems, post your wireless settings.
by scotthammersley
Thu May 22, 2014 5:58 pm
Forum: General
Topic: Hotspot - User Manager Error 400: Session Expired
Replies: 2
Views: 1107

Re: Hotspot - User Manager Error 400: Session Expired

Check your cookie settings in your broswer.
by scotthammersley
Thu May 22, 2014 5:48 pm
Forum: General
Topic: MAC based connectivity without PPPoE dialing?!
Replies: 3
Views: 493

Re: MAC based connectivity without PPPoE dialing?!

Are you looking for a controlled environment that works with a Layer 2 network, MAC Auth and bandwidth control?

Then you are looking at a hotspot function coupled with UserManager. This will give you the DHCP control and RADIUS authentication that controls users as you are looking for.
by scotthammersley
Thu May 22, 2014 5:46 pm
Forum: General
Topic: gateway route issue in multiple bgps load balance
Replies: 2
Views: 606

Re: gateway route issue in multiple bgps load balance

Probably need to do some BGP local preference on the outgoing advertisements. Also, ensure you are NAT'ing to the correct subnet to the correct peer so that return traffic is always destined back through that peer. Would need to see the mangle rules that are marking your traffic for the policy routi...
by scotthammersley
Thu May 22, 2014 5:41 pm
Forum: General
Topic: NAT insert x-forwarder http header
Replies: 1
Views: 799

Re: NAT insert x-forwarder http header

Thats a good question. Obviously TCP proxies and load balancers do that to preserve source, but I am not sure whether that is possible in RouterOS. More I think about it, the answer is probably no.
by scotthammersley
Thu May 22, 2014 5:38 pm
Forum: General
Topic: Policy routing: src-nat reply packet need policy routed
Replies: 3
Views: 576

Re: Policy routing: packet replied from pppeo need policy ro

You need to mark the connection and packets before you mark routing. Something like this: add action=mark-packet chain=prerouting comment=inProxyRoute dst-address=192.168.0.0/24 in-interface=pppoe-out new-packet-mark=inProxyRoute add action=mark-routing chain=prerouting comment=inProxyRoute packet-m...
by scotthammersley
Wed May 21, 2014 11:58 pm
Forum: General
Topic: Networking Issue
Replies: 1
Views: 439

Re: Networking Issue

Maybe, yes, depending on your configuration. You probably dont need to be NAT'ing on the LAN side of the Hotspot. The Hotspot will do that anyway.
by scotthammersley
Wed May 21, 2014 11:56 pm
Forum: General
Topic: ISP WITH WAN AND LAN (subnet)
Replies: 2
Views: 828

Re: ISP WITH WAN AND LAN (subnet)

Are you wanting to do a many to many NAT using the Public space you were provided?
by scotthammersley
Wed May 21, 2014 11:53 pm
Forum: General
Topic: Firewall Configuration
Replies: 1
Views: 441

Re: Firewall Configuration

Depends on which chain you use. I would also set the incoming interface and outgoing interface.
by scotthammersley
Wed May 21, 2014 11:51 pm
Forum: Beginner Basics
Topic: PPTP connection
Replies: 1
Views: 843

Re: PPTP connection

Firstly, looks like a routing problem from first glance.

Secondly, PPTP is not a recommended encryption engine. The hash algorithms are easily hacked. I would suggest using something like IPSEC if you need "secure" communication.
by scotthammersley
Wed May 21, 2014 11:49 pm
Forum: General
Topic: How does the work? SxT 5HPnD
Replies: 2
Views: 424

Re: How does the work? SxT 5HPnD

Good question, no idea. Not sure your question really suited for this forum.
by scotthammersley
Wed May 21, 2014 11:47 pm
Forum: Beginner Basics
Topic: Just Starting - NEED HELP
Replies: 1
Views: 507

Re: Just Starting - NEED HELP

Are you asking for The Dude help? Or general network question?
by scotthammersley
Wed May 21, 2014 11:45 pm
Forum: Beginner Basics
Topic: What RouterBoard should I be using?
Replies: 5
Views: 1003

Re: What RouterBoard should I be using?

I would be looking at either the Cloud Core Router or Cloud Core Switch.

However though, L7 application firewalling is very CPU intensive. You might want to consider something like a Barracuda firewall etc, which is specifically designed for such control. Just a suggestion.
by scotthammersley
Wed May 21, 2014 11:41 pm
Forum: RouterBOARD hardware
Topic: mikrotik routerboard 751u-2hnd
Replies: 1
Views: 494

Re: mikrotik routerboard 751u-2hnd

Use the quickset option to connect to the wireless device and make sure you bridge the wireless network to LAN.
by scotthammersley
Wed May 21, 2014 11:40 pm
Forum: General
Topic: CRS 100% CPU Unclassified
Replies: 2
Views: 2556

Re: CRS 100% CPU Unclassified

What version of RouterOS are you using?
by scotthammersley
Wed May 21, 2014 11:38 pm
Forum: General
Topic: P2P traffic from another network help me Load balancing
Replies: 1
Views: 405

Re: P2P traffic from another network help me Load balancing

Dst based routing can force all traffic destined to the p2p peer across the needed link. Make sure you are NAT'ing out that particular interface to ensure the traffic returns correctly.
by scotthammersley
Wed May 21, 2014 11:33 pm
Forum: General
Topic: Load balance two ISP in seperate locations
Replies: 3
Views: 718

Re: Load balance two ISP in seperate locations

Without not knowing much more than you have described, possibly using OSPF and ECMP to the gateway.
by scotthammersley
Wed May 21, 2014 11:31 pm
Forum: General
Topic: Slow Browsing
Replies: 1
Views: 409

Re: Slow Browsing

What version of RouterOS are you running? Was the unit configured with the QuickSet function?
by scotthammersley
Wed May 21, 2014 11:30 pm
Forum: General
Topic: Bandwidth-Based Load Balancing
Replies: 1
Views: 656

Re: Bandwidth-Based Load Balancing

That's a very vague question with an even broader answer set.

There are a multitude of ways to load balance in RouterOS, one persons view isn't always the other persons poison either.
by scotthammersley
Wed May 21, 2014 11:26 pm
Forum: Beginner Basics
Topic: CRS226-24G-2S+ How to choose Master Port
Replies: 3
Views: 795

Re: CRS226-24G-2S+ How to choose Master Port

You can WinBox to the MAC address if you loose connection. Also, good point to start using the "SAFE MODE" option, will save you having to factory reset because of an oopsie.
by scotthammersley
Wed May 21, 2014 11:23 pm
Forum: RouterBOARD hardware
Topic: CCR-1036-12G-4S and 1000T SFPs
Replies: 5
Views: 1494

Re: CCR-1036-12G-4S and 1000T SFPs

Technically, because RouterOS does not validate the chipset of the SFP's, any SFP should work albeit some better than others.

Are you using a 4 pair Ethernet cable or 2 pair? Just thought Id ask, its always possible. 2 pair definetly wont work with a copper SFP.
by scotthammersley
Wed May 21, 2014 11:15 pm
Forum: General
Topic: Hide webfig logo
Replies: 14
Views: 3747

Re: Hide webfig logo

Well, if you need this done relatively soon, your best option is to contact a reseller or vendor that can do as you need. I do not know the pricing of what it would cost, but I dont think you are looking at thousands.
by scotthammersley
Wed May 21, 2014 11:02 pm
Forum: Beginner Basics
Topic: need help to Exclude skype from firewall
Replies: 9
Views: 2650

Re: need help to Exclude skype from firewall

You can try this: place this rule towards the top of the rule set: /ip firewall filter add chain=forward comment="accept and bypass established connections" protocol=tcp \ connection-state=established src-address-list=Processing action=jump jump-target=trust-established place this rule at the BOTTOM...
by scotthammersley
Wed May 21, 2014 10:51 pm
Forum: General
Topic: Low Cost 4x SFP
Replies: 3
Views: 808

Re: Low Cost 4x SFP

Not sure you will find anything less expensive other than used of eBay maybe.
by scotthammersley
Wed May 21, 2014 10:46 pm
Forum: Scripting
Topic: Firewall PHP Api
Replies: 6
Views: 2041

Re: Firewall PHP Api

Glad to hear you got it working.
by scotthammersley
Wed May 21, 2014 10:44 pm
Forum: General
Topic: EoIP over PPtP tunnel no dhcp ip address receiving
Replies: 8
Views: 2759

Re: EoIP over PPtP tunnel no dhcp ip address receiving

I would suggest using IPSEC to encrypt the tunnel endpoints. You could build that as a hard tunnel, but I would suggest then using the EoIP tunnel for physical route points.
by scotthammersley
Tue May 20, 2014 11:51 pm
Forum: General
Topic: rename interface
Replies: 1
Views: 1410

Re: rename interface

Two ways:

Log in through Winbox and open the interface. You can change the name pretty easily there.

2nd Way:

show interfaces to see the line number of the interface you wish to change, then...

/interface set "LINENUMBER" name="WHATEVER"
by scotthammersley
Tue May 20, 2014 11:47 pm
Forum: Scripting
Topic: How to Remote Private IP as a Public IP
Replies: 5
Views: 4901

Re: How to Remote Private IP as a Public IP

Assume your server is 10.0.0.1, and your ISP Public IP is 64.64.64.100. The following rule would NAT the public to the private. /ip firewall nat add action=dst-nat chain=dstnat comment="Gaming Server In" disabled=no dst-address=64.64.64.100 to-addresses=10.0.0.1 add action=src-nat chain=srcnat comme...
by scotthammersley
Tue May 20, 2014 11:32 pm
Forum: RouterBOARD hardware
Topic: CCR-1036-12G-4S and 1000T SFPs
Replies: 5
Views: 1494

Re: CCR-1036-12G-4S and 1000T SFPs

Did you try hard coding speed and duplex on the 750 interface?
by scotthammersley
Tue May 20, 2014 11:27 pm
Forum: General
Topic: How to control multiple remote networks with PPTP-VPN
Replies: 1
Views: 482

Re: How to control multiple remote networks with PPTP-VPN

Short answer is yes.

A couple of route statements in your home router and the correct route statements in the two subnet endpoints.
by scotthammersley
Tue May 20, 2014 11:23 pm
Forum: General
Topic: PPPoE on VLAN
Replies: 1
Views: 586

Re: PPPoE on VLAN

From first glance, it appears you are bridging both ether1 and Vlan100 together. I would say remove the bridge, and let the MT route the traffic as you probably intended it to. Whats probably happening is, if you have bridged them together, the Layer 3 boundary for the two subnets has no routing poi...
by scotthammersley
Tue May 20, 2014 10:55 pm
Forum: General
Topic: DHCP client problem
Replies: 1
Views: 561

Re: DHCP client problem

Release will let the IP go without requesting a new address until the DHCP timers expire.

Renew will, well, renew the IP in one fail swoop.

I dont believe there is a specific timeout for DHCP client config in RouterOS. You are probably stuck with a script using scheduler.
by scotthammersley
Tue May 20, 2014 10:53 pm
Forum: General
Topic: PPTP tunneling with multiple routes
Replies: 1
Views: 570

Re: PPTP tunneling with multiple routes

One way would be to add the route in the route table itself. Pointing to the PPTP interface, maybe something like:

/ip route add dst-address=192.168.30.0/24 gateway="PPTP INTERFACE or IP"
by scotthammersley
Tue May 20, 2014 10:40 pm
Forum: General
Topic: EoIP over PPtP tunnel no dhcp ip address receiving
Replies: 8
Views: 2759

Re: EoIP over PPtP tunnel no dhcp ip address receiving

Why use the PPtP endpoints at all? You will not benefit from building the EoIP ontop, and as you already mentioned, MTU is degraded also.

Are you looking for encryption with the EoIP tunnels?
by scotthammersley
Tue May 20, 2014 10:34 pm
Forum: General
Topic: DUAL WAN with failover
Replies: 2
Views: 556

Re: DUAL WAN with failover

You could use mangle rules to identify the specific traffic to place into routing marks. Then use the routing table to forward out specific gateways.
by scotthammersley
Tue May 20, 2014 10:32 pm
Forum: Beginner Basics
Topic: CRS226-24G-2S+ How to choose Master Port
Replies: 3
Views: 795

Re: CRS226-24G-2S+ How to choose Master Port

I would set the master to whichever interface you apply the Layer3 config too.

Or you could bridge the interfaces together to create one logical segment and remove the master-slave relationship.
by scotthammersley
Tue May 20, 2014 10:28 pm
Forum: Scripting
Topic: Firewall PHP Api
Replies: 6
Views: 2041

Re: Firewall PHP Api

Are you trying to disable the port or enable it?

You say disable, which implies turn off? Is this correct?

If so, you need to set the following ("disabled"=>"no") to ("disabled"=>"yes").
by scotthammersley
Tue May 20, 2014 10:26 pm
Forum: General
Topic: strange Traffic issue
Replies: 2
Views: 412

Re: strange Traffic issue

Are you implying all customers are connected to the same physical AP and that some get their allotted bandwidth and some dont?

If so, there may be other physical issues at the AP level. I would not assume the issue is with the CCR/config.
by scotthammersley
Tue May 20, 2014 10:24 pm
Forum: General
Topic: Bonding , bridging, vlans
Replies: 1
Views: 576

Re: Bonding , bridging, vlans

Are the ports you are trying the LAG apart of a bridge span?

Why use arp-ip-target?

One general observation would be that LACP would break if apart of seperate Layer2 domain, so check for slave interfaces, bridges etc.
by scotthammersley
Tue May 20, 2014 10:20 pm
Forum: Beginner Basics
Topic: Dual Lan Setup - block access between lans minus 1 server
Replies: 3
Views: 1126

Re: Dual Lan Setup - block access between lans minus 1 serve

Simplest way because you know the AP's need to talk to the controller only, is to block access from anything other than the AP's destined to that LAN. Such as: /ip firewall address add name=AP address=192.168.10.251 add name=AP address=192.168.10.252 add name=AP address=192.168.10.253 /ip firewall f...
by scotthammersley
Tue May 20, 2014 9:59 pm
Forum: General
Topic: Low Cost 4x SFP
Replies: 3
Views: 808

Re: Low Cost 4x SFP

Im assuming this is for an x86 platform. If so, have you checked out Hot Lava? They had pretty decent priced expansion cards for x86 systems using RouterOS.

http://www.hotlavasystems.com/
by scotthammersley
Tue May 20, 2014 9:54 pm
Forum: Beginner Basics
Topic: Startup questions
Replies: 3
Views: 952

Re: Startup questions

To allow only SSH and SSL on your WAN interface (must change the interface to your WAN): Also a good practice to use SAFE MODE when adding firewall rules. In winbox click the button at the top left side. For CLI, CTRL+X. **This will block everything except tcp/22 and tcp/443 destined for the router ...
by scotthammersley
Tue May 20, 2014 9:33 pm
Forum: General
Topic: Hardware questions
Replies: 1
Views: 416

Re: Hardware questions

CRS has two 10G SFP+ ports, I dont think they are 1G compatible though. CRS226-24G-2S+IN. Other than that I am not aware of another product. At least that has been released.
by scotthammersley
Tue May 20, 2014 9:29 pm
Forum: General
Topic: RB1200 Bricked after update to 6.13?
Replies: 6
Views: 1204

Re: RB1200 Bricked after update to 6.13?

If memory serves, you can only Netinstall when connected physically to port 8, I believe. It may be port 10. Either way, did you try using one of the two mentioned ports when Netinstalling?
by scotthammersley
Tue May 20, 2014 9:27 pm
Forum: Beginner Basics
Topic: need help to Exclude skype from firewall
Replies: 9
Views: 2650

Re: need help to Exclude skype from firewall

Can you post your existing rule set please.
by scotthammersley
Tue May 20, 2014 9:15 pm
Forum: Beginner Basics
Topic: need help to Exclude skype from firewall
Replies: 9
Views: 2650

Re: need help to Exclude skype from firewall

Layer 7 application firewalling is very labor intensive to the CPU and memory. If you have a lot of rules to process, your slowness is possibly due to over consumption of resources. One possible fix is trying to build a new chain containing the skype file transfer protocol, or allowing already estab...
by scotthammersley
Tue May 20, 2014 5:52 pm
Forum: General
Topic: NAT on PPtP
Replies: 1
Views: 498

Re: NAT on PPtP

Can you post your setup?
by scotthammersley
Tue May 20, 2014 5:46 pm
Forum: The Dude
Topic: Dude - Email notification through Gmail on Windows - via mailsend.
Replies: 37
Views: 20577

Re: Email notification through Gmail on Windows - via mailse

That's a great idea! You should post this on the Wiki as well.
by scotthammersley
Tue May 20, 2014 5:44 pm
Forum: General
Topic: Hide webfig logo
Replies: 14
Views: 3747

Re: Hide webfig logo

RouterOS can be white labeled. MikroTik reserves this as a privilege for various partners, vendors, ect. There are several people who can do this for you if you reach out to them.
by scotthammersley
Tue May 20, 2014 5:40 pm
Forum: The User Manager
Topic: Userman Login Failure
Replies: 3
Views: 1263

Re: Userman Login Failure

It sounds like you probably have not upgraded the Userman package? If that is the case, then upgrade the package to the same version as the OS, and then you should be able to access it again.
by scotthammersley
Tue May 20, 2014 5:38 pm
Forum: General
Topic: Radius / Hotspot / CoA / Subnets
Replies: 3
Views: 898

Re: Radius / Hotspot / CoA / Subnets

Yes, that is all possible. You can do that with Usermanager as well as several other RADIUS platforms in conjunction with RotuerOS.
by scotthammersley
Mon May 19, 2014 11:33 pm
Forum: General
Topic: 6.12 bug - lost bridge config
Replies: 1
Views: 384

Re: 6.12 bug - lost bridge config

Use netinstall and reload the router image and then reload the correct settings from an .rsc file or by manually but not a back-up file. That will probably clear up the problem.
by scotthammersley
Mon May 19, 2014 11:30 pm
Forum: General
Topic: Basic static routes and PPTP question
Replies: 1
Views: 523

Re: Basic static routes and PPTP question

If all three routers are MikroTik, then all you need is a simple tunnel, no proxy-arp and no bridging. Route the traffic just like the VPN was an Ethernet cable (i.e add dst=x.x.x.x/x gateway=(the IP address on the other side of the tunnel). You will need routes in all three routers for all of the s...
by scotthammersley
Mon May 19, 2014 11:23 pm
Forum: General
Topic: wrong tx power calculation and change on DFS activation?
Replies: 1
Views: 628

Re: wrong tx power calculation and change on DFS activation?

I don't believe DFS in taken into consideration for the auto power adjustment, just the country, band, and antenna gain. Try setting the power manually or adjusting the antenna gain to account for the difference.
by scotthammersley
Mon May 19, 2014 11:16 pm
Forum: Wireless Networking
Topic: ht-basic-mcs and ht-supported-mcs best setting
Replies: 1
Views: 9582

Re: ht-basic-mcs and ht-supported-mcs best setting

"Basic Rates" are the rates that the communication between the station and the AP occur at. This is true for all 802.11 modes and the principal behind it is the same for all modes. The station and AP are communicating about how the rest of the data is going to be sent via the "basic rates". If they ...
by scotthammersley
Mon May 19, 2014 10:57 pm
Forum: General
Topic: WP WinBox Lite - How to use SSL to connect to the MikroTik?
Replies: 2
Views: 1408

Re: WP WinBox Lite - How to use SSL to connect to the MikroT

Is there a reason you can't use the external IP of the router? Yes, you can use SSH to connect with.
by scotthammersley
Mon May 19, 2014 10:52 pm
Forum: General
Topic: pass public ip to another router
Replies: 1
Views: 402

Re: pass public ip to another router

Here is an example of a WISP delivering public IPs via EOIP. This is something that you may want to look at and adapt to your scenario.

http://wiki.mikrotik.com/wiki/WISP_Deli ... _Rick_Frey
by scotthammersley
Mon May 19, 2014 10:47 pm
Forum: Beginner Basics
Topic: How can I remove a chain from filter options?
Replies: 4
Views: 943

Re: How can I remove a chain from filter options?

If everything has been removed which referenced the old chains, then just reboot and they go away.
by scotthammersley
Mon May 19, 2014 10:44 pm
Forum: General
Topic: IPsec failover
Replies: 2
Views: 1555

Re: IPsec failover

Is just as simple in RouterOS to peer to two external devices, just go to IP -IPSEC -Peers and create two instances. As far as failover is concerned, that may look at little different depending on how you are setting this up and how you want it to failover. If you can do it with route distance, that...
by scotthammersley
Mon May 19, 2014 10:39 pm
Forum: Beginner Basics
Topic: RB951Ui SMB not share
Replies: 7
Views: 5079

Re: RB951Ui SMB not share

Is the share supposed to be connected to the windows machine or to the router?
by scotthammersley
Mon May 19, 2014 10:30 pm
Forum: General
Topic: queue trees, combining two output interfaces.
Replies: 3
Views: 522

Re: queue trees, combining two output interfaces.

To understand the question, we probably need a little more info. How are going to identify the traffic? Can you post a simple diagram with IP addresses?
by scotthammersley
Mon May 19, 2014 8:44 pm
Forum: Wireless Networking
Topic: Chromecast is unable to connect
Replies: 9
Views: 7422

Re: Chromecast is unable to connect

Is it working for you now?
by scotthammersley
Sat May 17, 2014 11:46 pm
Forum: Wireless Networking
Topic: received disassoc sending station leaving (8)
Replies: 63
Views: 42703

Re: received disassoc sending station leaving (8)

There are several reasons why it might be doing that, but to give any suggestions, we will need to know a little about your setup. Can you post your wireless settings from both the AP and the client?
by scotthammersley
Sat May 17, 2014 11:14 pm
Forum: General
Topic: VPN connect - feature request
Replies: 4
Views: 2671

Re: VPN connect - feature request

Are you using the "Check Gateway" feature? If that doesn't solve the problem, then post your config because that is an easy problem to fix.
by scotthammersley
Sat May 17, 2014 11:08 pm
Forum: Wireless Networking
Topic: PtMP examples, please!
Replies: 3
Views: 1618

Re: PtMP examples, please!

If you need some Questions and Answer time about wireless you can call 1-855-MikroTik. If you would like to do some reading, here are the two best links to start with:

http://wiki.mikrotik.com/wiki/Manual:Interface/Wireless
http://wiki.mikrotik.com/wiki/Manual:Wireless_FAQ
by scotthammersley
Sat May 17, 2014 11:01 pm
Forum: General
Topic: two time-zone at UM
Replies: 2
Views: 430

Re: two time-zone at UM

There are two because the routers connecting to the RADIUS server may be in a different time zone.
by scotthammersley
Sat May 17, 2014 10:58 pm
Forum: General
Topic: External dhcp server over Vlan
Replies: 1
Views: 644

Re: External dhcp server over Vlan

Can you post a network diagram that shows what you are trying do? Please, include IPs, gateways, and VLANs.
by scotthammersley
Fri Feb 22, 2013 9:10 pm
Forum: Forwarding Protocols
Topic: help need...regarding ROUTING FILTER
Replies: 2
Views: 775

Re: help need...regarding ROUTING FILTER

Try this:

You will need to get the line number from a print.

/routing filter unset (line number) set-bgp-prepend-path
by scotthammersley
Fri Feb 22, 2013 8:29 pm
Forum: Forwarding Protocols
Topic: VPLS 1500 MTU working then stops
Replies: 62
Views: 20268

Re: VPLS 1500 MTU working then stops

Depends on what type of throughput testing your doing. Any TCP traffic will be chopped into a maximum 1400 byte packet, which increases the bandwidth needed due to TCP's congestion mechanisms and such.

UDP however, no.
by scotthammersley
Fri Feb 22, 2013 8:25 pm
Forum: General
Topic: ppp0 TCPMSS
Replies: 1
Views: 638

Re: ppp0 TCPMSS

/ip firewall mangle add chain=forward in-interface=ether1 tcp-flags=syn action=change-mss new-mss=1400

Set the in-interface to the appropriate port you want.

Hope this helps.
by scotthammersley
Fri Feb 22, 2013 8:17 pm
Forum: General
Topic: deny access to my lan when connect to vpn
Replies: 1
Views: 1565

Re: deny access to my lan when connect to vpn

A couple of simple firewall rules would work. src-address would be VPN client IP or Subnet, dst-address would be the subnet you dont want them to talk to once connected through the VPN. /ip firewall filter add chain=input src-address=X.X.X.X action=drop ------This Stops Access To The MikroTik /ip fi...
by scotthammersley
Fri Feb 22, 2013 8:11 pm
Forum: General
Topic: PPPoE server problems
Replies: 1
Views: 1206

Re: PPPoE server problems

Looks like the RADIUS response is not sending the correct authorization parameters to enable LCP to establish in the build stage of PPP. Check your RADIUS config. I run Cisco 7201's and ASR's for PPPoE BRAS and also MikroTik, the two profiles for each are extremely different. Would need to see what ...
by scotthammersley
Fri Feb 22, 2013 8:06 pm
Forum: Beginner Basics
Topic: load balancing mikrotik pppoe client ?
Replies: 1
Views: 647

Re: load balancing mikrotik pppoe client ?

Use the PCC mangle functionality and routing marks. Define traffic, mark it, route it, and let the MikroTik do its magic.

There are plenty of wiki articles on the use and implementation of this...

Heres one:

http://wiki.mikrotik.com/wiki/Manual:PCC
by scotthammersley
Fri Feb 22, 2013 8:01 pm
Forum: General
Topic: Random lockups on core router
Replies: 6
Views: 988

Re: Random lockups on core router

Are you a flat network? Any type of Layer 2 segregation at all? What does the ARP table look like? Possibly unintentional routing loop and or excessive broadcast traffic tanking the CPU's. Have you ran a '/tool profile' to see where the resources are being allocated? Is it always the same subnet/s t...
by scotthammersley
Fri Feb 22, 2013 7:51 pm
Forum: Beginner Basics
Topic: Windows PPTP server and Mikrotik PPTP client
Replies: 2
Views: 1877

Re: Windows PPTP server and Mikrotik PPTP client

Unless I misunderstood your requirements, you should not need to mangle in order to route across your VPN. Configure the Win2k PPTP server to dynamically add the endpoint route (10.x.x.x) when the connection is established (This should be available on creation if I remember right, its been a while)....