Thanks both for your thoughtful responses. It seems like my best options are: option 1 - easier, but less elegant --enable pap in addition to mac login and use an approach like 2frogs example snippet maclogin.html above in which external captive portal redirects user to a page on the Mikrotik hotspo...

Thanks @2frogs. This is the approach i was describing in my original post as: Enable "http PAP" in addition to "Mac" login in the hotspot profile. Have the external portal redirect the user back to /login.html?username=MAC&password=XXX on the Mikrotik after they have paid. Th...

@rdelacruz - that's along the lines of what I'm thinking. Thank you! @2frogs - the problem I have here is as follows: --on initially accessing the hotspot in an unauthenticated state, the user connects and tries to browse the internet. --the mikrotik makes a RADIUS Access-Request request and receive...

Thanks for the response! I agree that setting a 3-5 second login-timeout isn't ideal because of the high volume of RADIUS traffic generated. 5 minutes will be a bit annoying for someone who has paid for a data plan on the external captive portal and then has to wait as long as 5 minutes before it be...

I have implemented a Mikrotik hotspot with mac login and RADIUS authentication. My captive portal application is hosted externally, and I have customized login.html on the mikrotik to send the mac address and other details to the captive portal application. After the user performs an appropriate act...

I'd also really like confirmation on whether the latest bugfix ( 6.40.8 ) release has been patched for this vulnerability.

Thanks for the feedback. In this particular case, the number of queues i need is low...which is why I'm considering this option. For this scenario, I'm not actually interested in tracking per individual IP. I want to monitor a network which serves 3-5 different types of customers....and customers of...

I love the ability to use SNMP to monitor bytes-in / bytes-out of simple queues via SNMP. I'm considering using simple queues only for monitoring in a situation where I'm not actually using simple queues to manage bandwidth. I'm aware of netflow, but for my current needs this actually seems much sim...

RFCs 3925 and 2131 (https://tools.ietf.org/html/rfc2131) (https://tools.ietf.org/html/rfc3925) Allow for the use of DHCP clients to send client option 60 to identify the equipment or vendor type, and for the DHCP server to send different vendor specific information in option 43 back to clients based...

I have a fair amount of experience with Mikrotik's hotspot service - but I have an unusual requirement that I'm struggling to make work. I have a list of IP addresses for a special service, lets say 1.1.1.1, 2.2.2.2. I'd like to use the hotspot to control access *only* to these special service IPs. ...

Cool to hear it's been fixed. I'm running 6.36.4 (bugfix) rather than the latest rc because this is for production.

I'm glad this behavior will be changed! It's been like this for so long, I didn't know it was considered a bug.

Thanks @mrz, It seems like modifying an interface comment (under ip interfaces comment) also modifies ip neighbor discovery in the .rsc config. What I've generally seen is that, if i load a config that contains an interface comment under ip interfaces comment.....the corresponding ip neighbor discov...

When I make big changes to routers, I do a fair bit of external editing of .rsc configuration files and reloading of configs. I've always wondered: is it safe to omit the section "ip neighbor discovery" from the .rsc file when loading / restoring a config? I think from what I've seen, this...

Yes - this is what I thought, thank you for confirming pe1chl. Doing only "known port" analysis leaves out a lot of powerful tools to identify the protocols and applications being used.  For example bittorrent and other p2p protocols that don't stick to known ports will be identified by L7...

Thanks for the suggestions - I will try this. Can you comment on any performance difference between using tool sniffer for the streaming and using the mangle rule for this? Also - regarding traffic streaming vs netFlow....I think that the L7 analysis capabilities of ntopng are less if ntopng doesn't...

I just recently started using tools like ntop to do traffic analysis of the traffic flowing through my core router.  I had originally planned to use port mirroring, but by core router is a CCR1036 and I realized that without a switch chip, it is unable to perform port mirroring.  I found the recomme...

Thanks Arcee - Sometimes explaining things to others help you find problems yourself :) I think this was the issue, I did not realize that bandwidth-test was defaulting to udp. I actually realized that before reading your post....once I started setting protocol=tcp and seeing very similar results to...

Thanks for your reply Revelation: Those are helpful suggestions, unfortunately I've thought of and tried many/most of them. Regarding customer test device - The customer has done tests, and my tech has done tests on different devices. In particular, my tech's device is known good, and has successful...

Hello, I love the builtin bandwidth-test in mikrotik, and now that i have a mikrotik CHR in the cloud to test to, I'm very happy with my ability to remote test speeds. Customers love speedtest.net, of course. Have any of you run into situations when the two measure dramatically different things? I h...

If anyone else finds this question - I solved my problem through some assistance in the GNS3 forum: https://community.gns3.com/message/48849#48849 The version of qemu bundled with GNS3 1.3.10 on OSX was older (0.14.1). I installed a newer version of qemu via homebrew (qemu 2.3.0) and everything work...

I'm loving simulating Mikrotik networks in GNS3. I'm having a trouble simulating Mikrotiks with more than 8 interfaces. I am currently running Mikrotik's official cloud hosted router (CHR) image Cloud Hosted Router - MikroTik RouterOS I am running GNS 1.3.10 on MacOS with the bundled qemu 0.14.1-gns...

This is very cool! Great job Mikrotik for releasing this!

Has anyone tried running this on an AWS virtual machine? Are the kernel virtualization options required within this image?

+1 for this idea - I can think of a million versions of this. I would love to get a ROS box on AWS working...and yes, I would definitely buy the routerOS license to make it possible. A ROS AMI would be fantastic.

Ok, thanks! Will have to do some testing and see what I come up with. Currently, I'm having a related issue i don't understand. I have a physical interface with 2 VLAN interfaces. I made a simple queue structure like this: sfp1-queue: destination sfp1, target 0.0.0.0/0 --sfp1-vlan700-queue: destinat...

i think this can be useful for you http://wiki.mikrotik.com/wiki/Manual:HTB Thanks for the link....however this doesn't make any mention of the parameters total-max-limit and total-limit-at i was asking about. I also don't see any mention of *total* rate limiting that I was asking about. In other w...

Hello, I haven't found an answer to this anywhere so far. Hoping someone can help. I am very familiar with the user of limit-at and max-limit in simple queues. What I am trying to understand is how those settings relate to total-limit-at and total-max-limit settings. If I have a queue and parent que...

Hi all, I'm trying to get my head around the queuing changes in ROSv6. I've spent some time thinking about what I want to do, and I think I've got a plan. I'd like to run an approach by someone more knowledgable than I to get a second opinion. I'd like to implement two classes of service (business a...