Community discussions

Search found 463 matches

  • 1
  • 2
by dgnevans
Tue Apr 24, 2018 10:57 am
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 158627

Re: Advisory: Vulnerability exploiting the Winbox port

When can we expect the fixed BUGFIX. still waiting on that.
by dgnevans
Tue Apr 17, 2018 12:40 pm
Forum: General
Topic: Simple Queues not detecting upload packets
Replies: 4
Views: 461

Re: Simple Queues not detecting upload packets

Instead of targeting the interface try and target the ip range connected to that interface. ie 192.168.1.0/24
by dgnevans
Mon Jan 08, 2018 9:43 pm
Forum: General
Topic: SSH STRONG-CRYPTO
Replies: 0
Views: 651

SSH STRONG-CRYPTO

Under Ip ssh I set Stron-crypto=Enable and set host-key-size=2048 I then regenerated my host key. According to the literature this is meant to disable MD5. When I logon using ssh it tells me there is a new key I can save and accept. (MD5) If I run a check using SSH test it shows issues. I would like...
by dgnevans
Mon Oct 02, 2017 1:48 pm
Forum: Beginner Basics
Topic: PCQ & Rate Equalizing
Replies: 2
Views: 563

Re: PCQ & Rate Equalizing

/queue simple add dst=192.168.0.0/16 name="LAN Traffic" queue=ethernet-default/ethernet-default target=192.168.0.0/16 add max-limit=10M/10M name=WAN queue=pcq-upload-default/pcq-download-default target =192.168.0.0/16 add limit-at=3M/3M max-limit=10M/10M name="Server" parent=WAN priority=1/1 queue=...
by dgnevans
Tue Sep 26, 2017 2:01 pm
Forum: General
Topic: queue tree - how to split bandwidth and enable borrows and lends of unused bandwidth
Replies: 1
Views: 503

Re: queue tree - how to split bandwidth and enable borrows and lends of unused bandwidth

Looking at the literature you would put the limit-at rate to the max you would want them to have during the day so a CIR of 100M then you would put max limit at 200M. the parent for all these queues also needs to have the max limit for the whole link. it will then use unused bandwidth from one locat...
by dgnevans
Mon Sep 25, 2017 11:49 am
Forum: General
Topic: One simple queue consume all cpu
Replies: 27
Views: 3594

Re: One simple queue consume all cpu

As you have said if you looking for an integrated solution then the HAP AC is the highest model. You could use a seperate AP and router. Or the other options you could do the Speed control on your wan router. This is where I do the most then it will take 25% of load off your Hap ac for simple queues...
by dgnevans
Fri Sep 22, 2017 10:39 am
Forum: General
Topic: One simple queue consume all cpu
Replies: 27
Views: 3594

Re: One simple queue consume all cpu

these smaller routers use large amount of CPU for networking and ethernet especially when bridge involved. the rules only account for a few percent. you may need to look at a higher model to get greater throughput. I am using the 1100ah x2 for inter vlan router and works well.
by dgnevans
Wed Sep 20, 2017 5:46 pm
Forum: General
Topic: One simple queue consume all cpu
Replies: 27
Views: 3594

Re: One simple queue consume all cpu

I tried running iperf between 2 computers on my network. getting maximum 500 mbits no matter what settings I changed. CPU usage would sit between 70 and 90% without simple queues. This is not an indication of bandwidth as I tried them on the same switch and behing the router. same results. This appe...
by dgnevans
Wed Sep 20, 2017 11:42 am
Forum: General
Topic: One simple queue consume all cpu
Replies: 27
Views: 3594

Re: One simple queue consume all cpu

So my understanding is this. You want to have LAN and WIFI for your emplyees or colleagues and then a guest WiFi for just guests. I would use Ether1 for the Wan port or the link to the 10.10 network. I would then configure 2 bridges.1 Bridge for LAN and 1 bridge for Guest_Wifi I would then apply the...
by dgnevans
Wed Sep 20, 2017 11:27 am
Forum: General
Topic: One simple queue consume all cpu
Replies: 27
Views: 3594

Re: One simple queue consume all cpu

/interface ethernet set [ find default-name=ether1 ] comment=WAN mac-address=E4:8D:8C:50:80:BD set [ find default-name=ether2 ] arp=proxy-arp mac-address=E4:8D:8C:50:80:BE set [ find default-name=ether3 ] mac-address=E4:8D:8C:50:80:BF master-port=ether2 set [ find default-name=ether4 ] mac-address=...
by dgnevans
Tue Sep 19, 2017 3:22 pm
Forum: General
Topic: One simple queue consume all cpu
Replies: 27
Views: 3594

Re: One simple queue consume all cpu

Have you inherited this config from someone or did you set it up? there are some questions I have. By the looks of it you have 2 bridges. #1 called bridge #2 called bridge-nik these have multiple interfaces added to them. #1 Bridge you have 2 ip addresses applied to this interface and 2 dhcp servers...
by dgnevans
Tue Sep 19, 2017 1:47 pm
Forum: General
Topic: One simple queue consume all cpu
Replies: 27
Views: 3594

Re: One simple queue consume all cpu

On my network changing those settings offers no improvement in performance. however having flow control on and changing those settings slows my network down by +- 10%. I would remove flow control from the interfaces. ok so simple queues are easy then. /queue simple add dst=10.10.0.0.0/16 name=LAN qu...
by dgnevans
Tue Sep 19, 2017 12:39 pm
Forum: General
Topic: One simple queue consume all cpu
Replies: 27
Views: 3594

Re: One simple queue consume all cpu

Hi Olegon So first thing we trying to do is locate which queue is causing the CPU to go high. Is it the Interface queues or is it the simple queues. To do this I would: - restore the Interface queues back to default. - remove all simple queues. - run tests monitoring cpu usage Once you have done thi...
by dgnevans
Mon Sep 18, 2017 11:07 pm
Forum: General
Topic: One simple queue consume all cpu
Replies: 27
Views: 3594

Re: One simple queue consume all cpu

I have never had to change interface queues to get better performance on an interface. There is also no need to unlimit all traffic to your first hop gateway. remove that queue. then limit it to the one queue. make this queue more specific dont put in onto an interface rather limit it by target ip a...
by dgnevans
Mon Sep 18, 2017 5:26 pm
Forum: General
Topic: One simple queue consume all cpu
Replies: 27
Views: 3594

Re: One simple queue consume all cpu

What is this for. /queue interface set oops queue=default-big set wan queue=default-big I do not see any default-big queues in your queue-types and I have not seen these as a default on any of my routers. suggest you restore these back only-hardware-queue and test. second thing /queue simple add dst...
by dgnevans
Thu Sep 14, 2017 8:19 pm
Forum: Beginner Basics
Topic: Router won't route LAN to WAN! Totally stumped [SOLVED]
Replies: 29
Views: 3797

Re: Router won't route LAN to WAN! Totally stumped [SOLVED]

if you ping an ip address such as your wan gateway from your lan computers do you get a response.
by dgnevans
Thu Sep 14, 2017 4:33 pm
Forum: General
Topic: Slow routing with a CCR1009
Replies: 11
Views: 1694

Re: Slow routing with a CCR1009

How are you connecting from the ISP to the mikrotik? This could be a speed / duplex mismatch. Recently had this issue where ISP handed off 100m duplex but equipment advertised 100m half duplex. Secondly depending on what hardware they are using to hand off to you there is another potential issue. I ...
by dgnevans
Wed Sep 13, 2017 3:17 pm
Forum: Beginner Basics
Topic: Router won't route LAN to WAN! Totally stumped [SOLVED]
Replies: 29
Views: 3797

Re: Router won't route LAN to WAN! Totally stumped [SOLVED]

What arp are you using on the bridge?
by dgnevans
Tue Sep 12, 2017 9:23 am
Forum: General
Topic: One simple queue consume all cpu
Replies: 27
Views: 3594

Re: One simple queue consume all cpu

A single simple queue should not effect add that load to your device. there is something else in your configuration that is causing this. can you do a export /hide sensitive and block out any information you dont want seen then we can go through config.
by dgnevans
Sun Sep 10, 2017 10:45 pm
Forum: General
Topic: One simple queue consume all cpu
Replies: 27
Views: 3594

Re: One simple queue consume all cpu

I believe if you apply simple queue or firewall rules fast track is disabled. Based on what you had in the begining you can try these rules. Depending on what you trying to do. add dst=0.0.0.0/0 name=unlimited priority=1/1 queue=pcq-upload-default/pcq-download-default target=10.10.0.2/32 add dst=0.0...
by dgnevans
Sun Sep 10, 2017 10:56 am
Forum: General
Topic: One simple queue consume all cpu
Replies: 27
Views: 3594

Re: One simple queue consume all cpu

Can you advise what speed you would like to limit you lan ips to and what your total bandwidth available is. I presume the address in your first rule is th one you would like to be unlimited.
by dgnevans
Sun Sep 10, 2017 10:29 am
Forum: Beginner Basics
Topic: Cisco Dynamic NAT Conversion [SOLVED]
Replies: 1
Views: 400

Re: Cisco Dynamic NAT Conversion [SOLVED]

add action=src-nat chain=srcnat dst-address=0.0.0.0/0 src-address=192.168.50.1/24 to-addresses=180.200.247.68
Dst-adress not always necessary.
by dgnevans
Fri Sep 08, 2017 1:55 pm
Forum: Beginner Basics
Topic: Dual wan setup troubles
Replies: 40
Views: 5416

Re: Dual wan setup troubles

Confirm you have routes on both sides on the Tunnel and you can access the server from your lan currently.
by dgnevans
Fri Sep 08, 2017 1:26 pm
Forum: Beginner Basics
Topic: Dual wan setup troubles
Replies: 40
Views: 5416

Re: Dual wan setup troubles

Zuku can you explain exactly what you are wanting to do with this line
add action=dst-nat chain=dstnat dst-address=87.X.X.153 dst-port=3315 protocol=tcp to-addresses=192.168.3.38 to-ports=22

is 87.X.X.153 an ip address within the range of you wan addresses. Is 192.168.3.38 on your lan?
by dgnevans
Thu Sep 07, 2017 11:54 am
Forum: Beginner Basics
Topic: Dual wan setup troubles
Replies: 40
Views: 5416

Re: Dual wan setup troubles

/ip settings set accept-source-route=yes allow-fast-path=no route-cache=no rp-filter=loose tcp-syncookies=yes /ip firewall nat add action=masquerade chain=srcnat comment="Srcnat WAN1" dst-address=0.0.0.0/0 out-interface=sfp1 add action=masquerade chain=srcnat comment="Srcnat WAN2" dst-address=0.0.0...
by dgnevans
Thu Sep 07, 2017 9:50 am
Forum: Beginner Basics
Topic: Dual wan setup troubles
Replies: 40
Views: 5416

Re: Dual wan setup troubles

I have not been through all you mangle rules but on your routes there is an issue. Under mangle rules you have marked traffic as to_WAN1 and to_WAN2. in your ip route add disabled=yes distance=1 gateway=x.x.x.245 routing-mark=from_WAN2 add disabled=yes distance=1 gateway=x.x.x.57 routing-mark=to_WAN...
by dgnevans
Wed Sep 06, 2017 4:39 pm
Forum: The Dude
Topic: Airfiber bandwidth and the Dude
Replies: 9
Views: 1334

Re: Airfiber bandwidth and the Dude

I will be a couple of weeks. Have you tried to load MIB into the dude from the site.
by dgnevans
Wed Sep 06, 2017 4:25 pm
Forum: Beginner Basics
Topic: Dual wan setup troubles
Replies: 40
Views: 5416

Re: Dual wan setup troubles

Can you do an export of your ip route as well.
by dgnevans
Wed Sep 06, 2017 3:26 pm
Forum: General
Topic: DHCP relay problem
Replies: 9
Views: 2436

Re: DHCP relay problem

In my experience there is no need to add local-address= to the dhcp relay. it works well without this. I am using a similar setup for all my vlans. Secondly there should be no reason for the mentioned srcnat rule. What are you trying to achieve with this.
by dgnevans
Wed Sep 06, 2017 11:22 am
Forum: The Dude
Topic: Airfiber bandwidth and the Dude
Replies: 9
Views: 1334

Re: Airfiber bandwidth and the Dude

I was researching this further as I am about to install a UBNT airfibre 5 ghz. On their download website https://www.ubnt.com/download/airfiber/default/default/airfiber-af-24af-24hd-firmware-v40 If you click on the firmware you are running for your airfibre there is an option to download the MIB. yo...
by dgnevans
Wed Sep 06, 2017 11:17 am
Forum: RouterBOARD hardware
Topic: RB3011 enough for a small company?
Replies: 3
Views: 740

Re: RB3011 enough for a small company?

I have used an RB 750 for a small company in the past without any issues for testing purposes. I have seen them used for a small Wisp. It worked fine but once you start adding more complex firewall and queues it quickly becomes under powered. Now when I am getting ready to install something for a sm...
by dgnevans
Sun Sep 03, 2017 10:34 pm
Forum: General
Topic: CCR 0.3%+ packet loss whenever above 5% CPU
Replies: 26
Views: 3524

Re: CCR 0.3%+ packet loss whenever above 5% CPU

Recently I had an issue where I found I needed to disable IP Route Cache under ip settings.routers would hang for no reason with mutiple ospf adjacency changes. Ip route cache normally sitting on between 90 to 400 would quickly climb and cpu usage would be high. it would then lock up. I have since t...
by dgnevans
Thu Aug 31, 2017 1:12 pm
Forum: The Dude
Topic: Airfiber bandwidth and the Dude
Replies: 9
Views: 1334

Re: Airfiber bandwidth and the Dude

I am using the dude and can view traffic either through the ethernet or through the sub interface of ubnt powerbeam 5 ac. works well. Using SNMP v2
by dgnevans
Thu Aug 31, 2017 12:21 pm
Forum: Beginner Basics
Topic: Site to Site VPN (on both sides same ip subnet)
Replies: 17
Views: 6439

Re: Site to Site VPN (on both sides same ip subnet)

You would need the subnets to be seperate. If they are exactly the same there is no way to know where the traffic needs to be routed. you would either need to migrate to a different subnet or split the subnet.
by dgnevans
Mon Aug 21, 2017 3:40 pm
Forum: General
Topic: WHAT DO YOU USE FOR PERFORMANCE MONITORING?
Replies: 9
Views: 1700

Re: WHAT DO YOU USE FOR PERFORMANCE MONITORING?

I am using SNMP on all my servers and network devices. I monitor all my routers through this as well. All through the DUDE. Works well so far can see throughput on uplinks cpu usage, ram, etc
by dgnevans
Mon Aug 21, 2017 9:36 am
Forum: Beginner Basics
Topic: Port forwarding issue [SOLVED]
Replies: 20
Views: 1946

Re: Port forwarding issue [SOLVED]

Instead of the first 4 for srcnat/masquerade rules I would put in. add action=masquerade chain=srcnat comment="Masq WAN ADSL" dst-address=0.0.0.0/0 out-interface=ADSL src-address=10.0.16.0/20 This will cover both your vlans. There is no need to srcnat 192.168 traffic as that is not from your interna...
by dgnevans
Mon Aug 21, 2017 12:48 am
Forum: Beginner Basics
Topic: Port forwarding issue [SOLVED]
Replies: 20
Views: 1946

Re: Port forwarding issue [SOLVED]

The second thing you need to look at is you src-nat or masquerade rules. As I can see it you have 2 internet connections WAN and ADSL. you then have your to LAN connections. for SRC-nat or masquerade to work properly you need to match traffic to the connection. so on your masquerade you would normal...
by dgnevans
Mon Aug 21, 2017 12:13 am
Forum: Beginner Basics
Topic: Port forwarding issue [SOLVED]
Replies: 20
Views: 1946

Re: Port forwarding issue [SOLVED]

In-interface for dst-nat should be the interface that the ip address you have listed is assigned to. So when you out on the internet trying to access an internal server on that port you would use the public ip and the port. The interface you hit from the internet should be the one in the dst-nat in-...
by dgnevans
Sun Aug 20, 2017 10:02 pm
Forum: Beginner Basics
Topic: Port forwarding issue [SOLVED]
Replies: 20
Views: 1946

Re: Port forwarding issue [SOLVED]

It appears you dstnat rule has an in interface of internet but the public ip is on interface ADSL. I suggest you change the in interface to ADSL.
by dgnevans
Fri Aug 18, 2017 12:19 am
Forum: Beginner Basics
Topic: Route IP / subnet down ipsec tunnel
Replies: 11
Views: 2294

Re: Route IP / subnet down ipsec tunnel

If you were using ipip or GRE over ipsec you would be able to create routes like you are used to using. When you are using IPSEC in tunnel mode you create an ipsec policy and a nat statement that matches how you would like the traffic to flow. see https://wiki.mikrotik.com/wiki/Routing_through_remot...
by dgnevans
Thu Aug 17, 2017 9:56 pm
Forum: RouterBOARD hardware
Topic: GRE tunnel performance?
Replies: 4
Views: 2107

Re: GRE tunnel performance?

viewtopic.php?t=87892
I cannot find the forum post that discusses a fix to a re-ordering problem on tunnels using mutli-core. I believe it is resolved.
by dgnevans
Thu Aug 17, 2017 9:34 pm
Forum: Beginner Basics
Topic: Route IP / subnet down ipsec tunnel
Replies: 11
Views: 2294

Re: Route IP / subnet down ipsec tunnel

Do the servers ips fall within either of the subnets for your ipsec nat statement.
by dgnevans
Thu Aug 17, 2017 7:12 pm
Forum: Beginner Basics
Topic: Route IP / subnet down ipsec tunnel
Replies: 11
Views: 2294

Re: Route IP / subnet down ipsec tunnel

If you are running IPSEC only then then you should have nat statements in place. Can you post those.
by dgnevans
Thu Aug 17, 2017 12:25 pm
Forum: General
Topic: IPsec Mirotik-Cisco - Routes
Replies: 2
Views: 493

Re: IPsec Mirotik-Cisco - Routes

from what you have posted you have created an IPIP tunnel between the two sites. and then you are encapsulating all traffic passing through this tunnel using ipsec. from what I can see you have not put an IP address on each of the tunnel interfaces or created the routes for traffic to pass through t...
by dgnevans
Thu Aug 17, 2017 12:13 pm
Forum: Beginner Basics
Topic: Route IP / subnet down ipsec tunnel
Replies: 11
Views: 2294

Re: Route IP / subnet down ipsec tunnel

Are you using an IPSEC tunnel or IPSEC over GRE? What routes do you currently have in place to allow traffic to pass over the VPN.
by dgnevans
Wed Aug 16, 2017 9:56 pm
Forum: Beginner Basics
Topic: routing issues
Replies: 6
Views: 666

Re: routing issues

add chain=srcnat comment=office1 dst-address=10.20.0.0/16 src-address=10.19.0.0/16 what is the purpose of this in your nat. Can you post your ipip tunnels config for each side hiding config. Advise what IP's you using for the remote and local side of each tunnel. Post routes you using to pass traff...
by dgnevans
Sun Aug 13, 2017 9:20 pm
Forum: Forwarding Protocols
Topic: ip route cache BUG
Replies: 34
Views: 10777

Re: ip route cache BUG

My routers with OSPF max at around 154 - 200 routes cached with ip route cache disabled. How many devices do you have on either side sharing ospf routes.
by dgnevans
Sun Aug 13, 2017 8:50 pm
Forum: Forwarding Protocols
Topic: ip route cache BUG
Replies: 34
Views: 10777

Re: ip route cache BUG

Recently I experience this issue on the ccr 1009 7G and the ccr 1009 8G. I had a number of tunnels flapping due to service providers instabilities. I am running OSPF so that routes come back in and out automatically. The cache grows quickly when this happens and the router stops responding on all po...
by dgnevans
Mon Jul 10, 2017 9:38 pm
Forum: The Dude
Topic: The DUDE v6.38.7 bugfix
Replies: 4
Views: 850

Re: The DUDE v6.38.7 bugfix

in wiki there is instruction how to recover db.
in my case i usually stop dude before update (it helps to prevent such error)
THanks for the suggestions. I will do that next time before updating. I used the wiki to repair the database.
Thanks
by dgnevans
Mon Jul 10, 2017 9:38 pm
Forum: The Dude
Topic: The DUDE v6.38.7 bugfix
Replies: 4
Views: 850

Re: The DUDE v6.38.7 bugfix

in wiki there is instruction how to recover db.
in my case i usually stop dude before update (it helps to prevent such error)
THanks for the suggestions. I will do that next time before updating. I used the wiki to repair the database.
Thanks
by dgnevans
Mon Jul 10, 2017 7:44 pm
Forum: The Dude
Topic: The DUDE v6.38.7 bugfix
Replies: 4
Views: 850

The DUDE v6.38.7 bugfix

I recently upgrade my ccr 1009-8G-1S-1S+ from v6.37.5 bugfix to v6.38.8 bugfix. on doing so I get an error a few minutes after the router booted 20:42:34 echo: dude,critical db failure: database disk image is malformed . I can create a new db and it works fine. I have tried backing up the database a...
by dgnevans
Sat Jul 08, 2017 10:38 pm
Forum: Announcements
Topic: v6.38.7 [bugfix] is released!
Replies: 26
Views: 17843

Re: v6.38.7 [bugfix] is released!

I upgraded my ccr 1009-8G-1S-1S+ to the new bugfix. all works well expect the dude for some reason since upgrade the database appears mal-formed. dude,critical db failure: database disk image is malformed I have tried to backup database and restore. does the same thing. I would prefer not to recreat...
by dgnevans
Thu May 11, 2017 1:28 pm
Forum: General
Topic: Simple Queues with Parents - queue order
Replies: 7
Views: 3911

Re: Simple Queues with Parents - queue order

I would generate 1 parent queue for internal 1 parent queue for external. If you have mutiple wans you can rethink that. I would the create the queues with the more specific queues ie a queue for a server at the top of the child queues placing the broader queues at the bottom. ie if I need lan traff...
by dgnevans
Wed May 10, 2017 11:25 pm
Forum: General
Topic: Simple Queues with Parents - queue order
Replies: 7
Views: 3911

Re: Simple Queues with Parents - queue order

Your targets and destinations are to broad. as you have done your child queues needs to be above the parent queue. the next issue you have is the parent queues are operating in order and so if you move 5 below 6 . rule 6 being so broad means it matches all the traffic and so child queue is no longer...
by dgnevans
Wed May 10, 2017 12:45 pm
Forum: General
Topic: Simple Queues with Parents - queue order
Replies: 7
Views: 3911

Re: Simple Queues with Parents - queue order

Can you do an export of your queues so we can see what exactly you had set. What I have found is your parent queue needs to be below the queues that are its children. but it does not matter if there are other queues above it that are not linked to the parent queue. The second thing that I found is t...
by dgnevans
Sat May 06, 2017 5:02 pm
Forum: General
Topic: Huge performance drop with mangle + queue tree rules, CPU 50% max
Replies: 22
Views: 4453

Re: Huge performance drop with mangle + queue tree rules, CPU 50% max

what is the port 1723 dstnat rule for. Surely you dont need to dstnat to your router. I have much more in my firewall and nat than you have on a HAP lite never see CPU going above 10% total with simple queues. never see any issues. I would look out for an error here or a loop or some sort of attack
by dgnevans
Fri May 05, 2017 1:32 pm
Forum: General
Topic: Huge performance drop with mangle + queue tree rules, CPU 50% max
Replies: 22
Views: 4453

Re: Huge performance drop with mangle + queue tree rules, CPU 50% max

Can you post your nat and mangle rules.
by dgnevans
Thu May 04, 2017 7:59 pm
Forum: General
Topic: Huge performance drop with mangle + queue tree rules, CPU 50% max
Replies: 22
Views: 4453

Re: Huge performance drop with mangle + queue tree rules, CPU 50% max

are you not under some sort of attack. I find it weird your router is hitting 28% on firewall as well as queues. confirm how many clients you have running off this. can you do export on your firewall.
by dgnevans
Tue May 02, 2017 4:01 pm
Forum: General
Topic: Huge performance drop with mangle + queue tree rules, CPU 50% max
Replies: 22
Views: 4453

Re: Huge performance drop with mangle + queue tree rules, CPU 50% max

Keep us posted. But it would be good to see what the cpu usage is per core and also see the profile of which resource is using the cpu. I am yet to get my CPU usage above 14%. The dude uses 100% of one core which pushes my total usage up to 14% acround 9 cores. Queues and queue tree have not gone ab...
by dgnevans
Tue May 02, 2017 3:32 pm
Forum: General
Topic: Huge performance drop with mangle + queue tree rules, CPU 50% max
Replies: 22
Views: 4453

Re: Huge performance drop with mangle + queue tree rules, CPU 50% max

Can you click on system -- >settings ---> resources Then click on CPU and run your test again. You will see this will show each of the CPU cores and you can see if one is maxing out. You can then click Tools Profile to see the name of the process that is using all your resources. I believe that only...
by dgnevans
Mon Apr 24, 2017 9:18 am
Forum: General
Topic: Simple Queue
Replies: 1
Views: 323

Re: Simple Queue

create a simple queue for those users and place above the other simple queues
by dgnevans
Sun Apr 23, 2017 10:26 pm
Forum: General
Topic: Any knows compatibility issues of CCR1072 with vlan passing through cisco switches ?
Replies: 3
Views: 490

Re: Any knows compatibility issues of CCR1072 with vlan passing through cisco switches ?

Can you show interface exports for both the cisco and mikrotik devices.
by dgnevans
Thu Apr 20, 2017 9:35 pm
Forum: General
Topic: Mirotik speed Limit
Replies: 2
Views: 366

Re: Mirotik speed Limit

can you explain further. you can use simple queues with PCQ.
by dgnevans
Thu Apr 20, 2017 10:49 am
Forum: General
Topic: rogue traffic
Replies: 3
Views: 447

Re: rogue traffic

next time it happens try running the torch showing protocols and port. you could have been under some sort of attack or suffering from a faulty device on your network.
by dgnevans
Thu Apr 13, 2017 1:19 pm
Forum: General
Topic: routed segments traffic pass through backbone router
Replies: 10
Views: 969

Re: routed segments traffic pass through backbone router

what I have done is moved away from the servers being on the backbone vlan and placed them behind there own router. this means as you say the router is aware of where to send traffic so that traffic that is destined to the internet is sent through backbone router otherwise all other traffic is sent ...
by dgnevans
Wed Apr 12, 2017 4:17 pm
Forum: General
Topic: routed segments traffic pass through backbone router
Replies: 10
Views: 969

Re: routed segments traffic pass through backbone router

I installed a router and pass a vlan to the switch the servers were connected to. Then moved each server over to the new vlan. Took a couple of days but well worth it in the long run. ICMP redirects are unreliable so this was the best solution. I had though about this in the past but did not realize...
by dgnevans
Wed Apr 05, 2017 4:50 pm
Forum: General
Topic: routed segments traffic pass through backbone router
Replies: 10
Views: 969

Re: routed segments traffic pass through backbone router

Yes I am looking at that as an option moving servers into own segment to make traffic flow more direct. for now I am trying to see why redirect is not working as it should.
by dgnevans
Wed Apr 05, 2017 4:48 pm
Forum: RouterBOARD hardware
Topic: ccr 1036 not getting more then 1G connection
Replies: 34
Views: 2294

Re: ccr 1036 not getting more then 1G connection

Removing the wan interface from bridge probably will not effect queue cpu usage. But it adds its own cpu usage.Simple queues can use mutiple CPU. I am unsure if this is the same with tree queue. As the thread I read was a while ago and it was Normis who said that Simple queues had been optimised for...
by dgnevans
Wed Apr 05, 2017 1:22 pm
Forum: General
Topic: routed segments traffic pass through backbone router
Replies: 10
Views: 969

Re: routed segments traffic pass through backbone router

It appears that hosts on backbone are not receiving ICMP redirects as a result traffic goes directly from one segment to the host. but to return back to that host it passes through the backbone router. http://www.cisco.com/c/dam/en/us/support/docs/ip/routing-information-protocol-rip/13714-43-01.gif ...
by dgnevans
Tue Apr 04, 2017 11:58 pm
Forum: General
Topic: routed segments traffic pass through backbone router
Replies: 10
Views: 969

Re: routed segments traffic pass through backbone router

Additional information if I upload to a device on backbone from one of the segments traffic does not hit backbone router. Only when I download from server. So traffic from backbone to segment passes through backbone router to segment router. I would have thought only the initial communication would ...
by dgnevans
Tue Apr 04, 2017 10:34 pm
Forum: General
Topic: routed segments traffic pass through backbone router
Replies: 10
Views: 969

routed segments traffic pass through backbone router

I have a weird issue I cannot explain. I only picked it up because I was experimenting with queues to see if I could improve performance. I have my bacbone vlan 172.17.0.0/24. This has all my servers backup etc. Backbone Router 172.17.0.1. I then have three segments. I have a router at each segment ...
by dgnevans
Tue Apr 04, 2017 10:26 pm
Forum: RouterBOARD hardware
Topic: ccr 1036 not getting more then 1G connection
Replies: 34
Views: 2294

Re: ccr 1036 not getting more then 1G connection

Just to confirm you have removed the wan interface from the bridge. What is the highest throughput you can get when running a test? Remember that running a bridge is going to icrease processor usage as well. Can you post /tool/profile screen shot. I ran a test today changing my queue from simple to ...
by dgnevans
Tue Apr 04, 2017 10:53 am
Forum: Beginner Basics
Topic: PCQ and Queue Tree
Replies: 3
Views: 1867

Re: PCQ and Queue Tree

You can do everything you are saying with simple queues.
Just create a simple queue for full bandwidth above the simple queues for general users. Put the target ip as the ip address of the users that need full bandwidth. put a , between mutiple address'. Use PCQupload and download as the queue type.
by dgnevans
Mon Apr 03, 2017 8:15 pm
Forum: Beginner Basics
Topic: What happened?
Replies: 2
Views: 367

Re: What happened?

are you using any firewalls and address lists to block traffic.
by dgnevans
Mon Apr 03, 2017 6:22 pm
Forum: RouterBOARD hardware
Topic: ccr 1036 not getting more then 1G connection
Replies: 34
Views: 2294

Re: ccr 1036 not getting more then 1G connection

Easy way to explain a bridge is a software switch. without knowing what the original config was intended it is hard to say why the ports were bridged.
by dgnevans
Mon Apr 03, 2017 6:06 pm
Forum: RouterBOARD hardware
Topic: ccr 1036 not getting more then 1G connection
Replies: 34
Views: 2294

Re: ccr 1036 not getting more then 1G connection

You dont need to remove the bridge straight away. If you log in using winbox it would be easier. start with your Nat rules. change the out interface for srcnat from WAN to WAN-Out and on dstnat change in interface WAN to WAN-OUT. Then you would need to do same in mangle, and firewall. once you have ...
by dgnevans
Mon Apr 03, 2017 5:53 pm
Forum: RouterBOARD hardware
Topic: ccr 1036 not getting more then 1G connection
Replies: 34
Views: 2294

Re: ccr 1036 not getting more then 1G connection

Ok then I would remove the wan interface from the bridge. as you have a SFP + port connected to Gbit ports making a software bridge. This could be the bottle neck. Secondly you only need to have 3 simple queue rules. 2 rules for the day/night for your free users and a script for that. If the CPU usa...
by dgnevans
Mon Apr 03, 2017 5:44 pm
Forum: RouterBOARD hardware
Topic: ccr 1036 not getting more then 1G connection
Replies: 34
Views: 2294

Re: ccr 1036 not getting more then 1G connection

In your original post you had put 3 connections 4 g 512 M & 512 M are the 2 512M just backup links?
by dgnevans
Mon Apr 03, 2017 5:30 pm
Forum: RouterBOARD hardware
Topic: ccr 1036 not getting more then 1G connection
Replies: 34
Views: 2294

Re: ccr 1036 not getting more then 1G connection

Are the 2 links the 512 links through the same isp.
by dgnevans
Mon Apr 03, 2017 3:14 pm
Forum: RouterBOARD hardware
Topic: ccr 1036 not getting more then 1G connection
Replies: 34
Views: 2294

Re: ccr 1036 not getting more then 1G connection

Is traffic flowing through all 3 links currently?
by dgnevans
Mon Apr 03, 2017 12:01 pm
Forum: Forwarding Protocols
Topic: OSFP route types
Replies: 1
Views: 354

Re: OSFP route types

Below brief explanation. Routes are shown as such because of how they are learned. Output Fields Prefix—Destination of the route. Path Type—How the route was learned: Inter—Interarea route Ext1—External type 1 route Ext2—External type 2 route Intra—Intra-area route Route Type—The type of router from...
by dgnevans
Mon Apr 03, 2017 9:43 am
Forum: RouterBOARD hardware
Topic: ccr 1036 not getting more then 1G connection
Replies: 34
Views: 2294

Re: ccr 1036 not getting more then 1G connection

Looking at your config, What is the purpose of bridging your wan interfaces?
With the traffic you have you have 2 seperate vlans. Free Wifi and Office wifi. Are all users with the vlans treated the same as far as bandwidth? do the speeds alter at different times of the day or night?
by dgnevans
Sun Apr 02, 2017 9:33 pm
Forum: RouterBOARD hardware
Topic: ccr 1036 not getting more then 1G connection
Replies: 34
Views: 2294

Re: ccr 1036 not getting more then 1G connection

You can do an export of your config then we can see if there is anything that may be wrong or better ways to do it. I don think there is any reason to use simple queue and queue tree together.
by dgnevans
Sun Apr 02, 2017 5:20 pm
Forum: RouterBOARD hardware
Topic: ccr 1036 not getting more then 1G connection
Replies: 34
Views: 2294

Re: ccr 1036 not getting more then 1G connection

Queues will become CPU intensive as you get more clients and they become more complicated. The more connection tracking required will require more cpu and you will also require more ram. i have 300 plus users on a ccr1009 never see usage for queues go aboce 1 % second site with similar setup around ...
by dgnevans
Sun Apr 02, 2017 4:46 pm
Forum: RouterBOARD hardware
Topic: ccr 1036 not getting more then 1G connection
Replies: 34
Views: 2294

Re: ccr 1036 not getting more then 1G connection

I cannot see any configuration errors. confirm what was the processor usage when you were using simple queues? dud you est your throughput with simple queues and you new queue types?
by dgnevans
Sun Apr 02, 2017 4:16 pm
Forum: RouterBOARD hardware
Topic: ccr 1036 not getting more then 1G connection
Replies: 34
Views: 2294

Re: ccr 1036 not getting more then 1G connection

can you post your queue config.
by dgnevans
Sun Apr 02, 2017 11:25 am
Forum: RouterBOARD hardware
Topic: ccr 1036 not getting more then 1G connection
Replies: 34
Views: 2294

Re: ccr 1036 not getting more then 1G connection

if you increase the value to higher than 50 it will reduce the number of concurrent users from 5000 down. I believe the cpu reduce should be lower than that with using queue trees. During a peak time use the profile tool to view which process is causing high cpu usage.
by dgnevans
Wed Mar 29, 2017 1:12 pm
Forum: General
Topic: Forum functions
Replies: 5
Views: 546

Re: Forum functions

Nothing is ever that simple.....
by dgnevans
Wed Mar 29, 2017 12:28 pm
Forum: General
Topic: Forum functions
Replies: 5
Views: 546

Forum functions

I am not sure how many people agree or what others thoughts are on this. It would be nice if there was a way to mark a Topic Solved or Resolved and mark either the post or posts that assisted the forum user in resolving the issue. There could be a point given to the post that gives the correct answe...
by dgnevans
Wed Mar 29, 2017 9:07 am
Forum: Beginner Basics
Topic: No internet on Mikrotik
Replies: 19
Views: 2650

Re: No internet on Mikrotik

can you post your firewall rules
by dgnevans
Tue Mar 28, 2017 8:31 pm
Forum: General
Topic: Speed loss
Replies: 9
Views: 1415

Re: Speed loss

I have been checking through literature and it looks like the LHG will give you around 90 mbps in one direction. As such the 30 - 40 you getting duplex is not bad. here is a link to some tests viewtopic.php?t=111703
by dgnevans
Tue Mar 28, 2017 1:00 pm
Forum: General
Topic: 50% bandwidth loss RB2011UiAS
Replies: 18
Views: 2135

Re: 50% bandwidth loss RB2011UiAS

Are you running any queues? have you tried to remove the port you connect to from the bridge and run test outside the bridge?
by dgnevans
Tue Mar 28, 2017 12:52 pm
Forum: Beginner Basics
Topic: No internet on Mikrotik
Replies: 19
Views: 2650

Re: No internet on Mikrotik

If you would like to run a ping test to say 8.8.8.8 from your router. from within winbox you can select the advanced tab. Where Src address is you can type in the wan ip of the interface you would like to test from. and run the test. When you have mutiple WAN ports. You can send traffic out differen...
by dgnevans
Tue Mar 28, 2017 10:56 am
Forum: Beginner Basics
Topic: No internet on Mikrotik
Replies: 19
Views: 2650

Re: No internet on Mikrotik

When running tests you can choose out interface and address traffic is coming from for instance from ping. PCC would allow you to set controls saying what traffic goes out which wan.
by dgnevans
Tue Mar 28, 2017 10:43 am
Forum: General
Topic: Speed loss
Replies: 9
Views: 1415

Re: Speed loss

PtP auto negotiated at 100 full duplex, speed test ran with 1 session receive only

Thanks
Mark
The ethernet may have negotiated to 100 full duplex but the wireless interface may be half duplex. can you post the model of equipment you are using for your ptp link.

Thanks
by dgnevans
Mon Mar 27, 2017 3:23 pm
Forum: Beginner Basics
Topic: No internet on Mikrotik
Replies: 19
Views: 2650

Re: No internet on Mikrotik

Can you post updated output after the changes you made earlier.
by dgnevans
Sun Mar 26, 2017 8:53 pm
Forum: General
Topic: Speed loss
Replies: 9
Views: 1415

Re: Speed loss

Is ptp Full duplex 100mbps. when runing tests are you pushing traffic in both directions.
by dgnevans
Sun Mar 26, 2017 8:50 pm
Forum: General
Topic: Just got my new CCR1009-7G-1C-PC
Replies: 24
Views: 3895

Re: Just got my new CCR1009-7G-1C-PC

Are both switchs on the same lan/segment or are they using different ip. If they on different segment use different port .
by dgnevans
Sun Mar 26, 2017 8:48 pm
Forum: Beginner Basics
Topic: No internet on Mikrotik
Replies: 19
Views: 2650

Re: No internet on Mikrotik

2 192.168.11.1/24 192.168.11.0 XXXX 1 A S 0.0.0.0/0 192.168.11.1 1 Thanks. Your IP address number 2 and default route number 1 are the same address. this means you pointing default traffic out back at the router. Check this config.
by dgnevans
Thu Mar 23, 2017 8:01 pm
Forum: Beginner Basics
Topic: LAN Speed
Replies: 8
Views: 1224

Re: LAN Speed

In winbox drag you lan rule to top of list position 0. Above pc-bdcom-1
by dgnevans
Thu Mar 23, 2017 3:59 pm
Forum: Beginner Basics
Topic: LAN Speed
Replies: 8
Views: 1224

Re: LAN Speed

Please make sure the rule send to you appears in position 0

please show result of
queue simple print
Also confirm if you view the statistics of the rule you are seeing traffic passing through it.
by dgnevans
Thu Mar 23, 2017 8:33 am
Forum: Beginner Basics
Topic: No internet on Mikrotik
Replies: 19
Views: 2650

Re: No internet on Mikrotik

Which is your wan ip address. do you have mutiple wan ip's
by dgnevans
Wed Mar 22, 2017 8:11 pm
Forum: Beginner Basics
Topic: LAN Speed
Replies: 8
Views: 1224

Re: LAN Speed

/queue simple
add dst=192.168.0.0/16 max-limit=1G/1G name=LAN queue=ethernet-default/ethernet-default target=192.168.0.0/16
the reason you having issues is your limits are being imposed on you lan traffic. place this rule above all your other rules and simple queues are applied in order.
by dgnevans
Wed Mar 22, 2017 4:57 pm
Forum: Beginner Basics
Topic: LAN Speed
Replies: 8
Views: 1224

Re: LAN Speed

Are you running Simple queues or qos.
by dgnevans
Wed Mar 22, 2017 4:42 pm
Forum: General
Topic: [Solved] PCQ Rate and Simple Queue - Per IP Shaping Problem
Replies: 21
Views: 12860

Re: PCQ Rate and Simple Queue - Per IP Shaping Problem

I have used this shaping on the RB 750 about 4 years ago. Rb 1100ahx2 and the ccr1009 without any issues. If I get my hands on the hap or hap lite will run a test and see if I can replicate. This is definately not normal. May be worth while sending to support with a supout.rif so they can comment.
by dgnevans
Wed Mar 22, 2017 3:14 pm
Forum: Beginner Basics
Topic: No internet on Mikrotik
Replies: 19
Views: 2650

Re: No internet on Mikrotik

Are you able to ping an ip address from the mikrotik ie 8.8.8.8
by dgnevans
Wed Mar 22, 2017 2:38 pm
Forum: Beginner Basics
Topic: No internet on Mikrotik
Replies: 19
Views: 2650

Re: No internet on Mikrotik

So just to confirm from your post. Your servers and devices can browse internet from behind the mikrotik router but you cannot ping from the mikrotik out to the internet.
by dgnevans
Wed Mar 22, 2017 2:16 pm
Forum: General
Topic: Failover
Replies: 5
Views: 777

Re: Failover

There is no need for extra IP's you just creating tunnels between the two points and applying a lan ip most likely /30 to the tunnels. then OSPF does the rest. No need for scripts or anything.
by dgnevans
Wed Mar 22, 2017 12:51 pm
Forum: General
Topic: [Solved] PCQ Rate and Simple Queue - Per IP Shaping Problem
Replies: 21
Views: 12860

Re: PCQ Rate and Simple Queue - Per IP Shaping Problem

I would try a different firmware to ensure this is not a firmware bug.
by dgnevans
Tue Mar 21, 2017 9:28 pm
Forum: General
Topic: [Solved] PCQ Rate and Simple Queue - Per IP Shaping Problem
Replies: 21
Views: 12860

Re: PCQ Rate and Simple Queue - Per IP Shaping Problem

lets look at config see what could be issue.
by dgnevans
Tue Mar 21, 2017 9:18 pm
Forum: General
Topic: Failover
Replies: 5
Views: 777

Re: Failover

Create 2 tunnels one for each wan. Use OSPF to failover between the two tunnels.
by dgnevans
Tue Mar 21, 2017 9:03 pm
Forum: General
Topic: [Solved] PCQ Rate and Simple Queue - Per IP Shaping Problem
Replies: 21
Views: 12860

Re: PCQ Rate and Simple Queue - Per IP Shaping Problem

Have you insured fast track is disabled onthe HAP. from my research you should not have an issue running simple queues on this router as it is available under the licence. there is something running preventing it from working as it should. you can post export of config if you get a chance just hide ...
by dgnevans
Tue Mar 21, 2017 8:42 pm
Forum: General
Topic: [Solved] PCQ Rate and Simple Queue - Per IP Shaping Problem
Replies: 21
Views: 12860

Re: PCQ Rate and Simple Queue - Per IP Shaping Problem

I dont believe there is a limitation as to which of the mikrotik routers can run PCQ.What firmware version are you running? Just to confirm when you run you test without PCQ what speed are you getting per computer?
Also what is the wan port speed if you view your ethernet status
by dgnevans
Tue Mar 21, 2017 8:07 pm
Forum: General
Topic: [Solved] PCQ Rate and Simple Queue - Per IP Shaping Problem
Replies: 21
Views: 12860

Re: PCQ Rate and Simple Queue - Per IP Shaping Problem

Try these settings. once you have this workign ask questions on what you would like to understand more on then we can assist further or provide explanation. /queue type add kind=pcq name=pcq-down-10M pcq-classifier=dst-address pcq-rate=10M pcq-total-limit=2000KiB add kind=pcq name=pcq-upload-3M pcq-...
by dgnevans
Tue Mar 21, 2017 12:05 pm
Forum: General
Topic: [Solved] PCQ Rate and Simple Queue - Per IP Shaping Problem
Replies: 21
Views: 12860

Re: PCQ Rate and Simple Queue - Per IP Shaping Problem

Can you confirm what your total upload and download is. What maximum you would like to have to each IP. how many users you expect to have connected at any given time.
by dgnevans
Mon Mar 20, 2017 3:46 pm
Forum: General
Topic: 1016-12G with Trunk to Cisco 3560
Replies: 2
Views: 319

Re: 1016-12G with Trunk to Cisco 3560

Yes you can setup any port on mikrotik router as a trunk port and add mutiple vlans to that interface. for example
/interface vlan
add comment=Backbone interface=ether1 name=vlan10 vlan-id=10
/ip address
add address=192.168.10.10/23 interface=vlan10 network=192.168.10.0
by dgnevans
Sun Mar 19, 2017 10:27 am
Forum: Forwarding Protocols
Topic: OSPF setup
Replies: 34
Views: 4697

Re: OSPF setup

I added this rule to my firewall to allow ospf
add action=accept chain=input comment=OSPF dst-address=224.0.0.5
by dgnevans
Fri Mar 17, 2017 10:06 pm
Forum: RouterBOARD hardware
Topic: ccr 1036 not getting more then 1G connection
Replies: 34
Views: 2294

Re: ccr 1036 not getting more then 1G connection

I would try adjust settings in pcq type before editing radius config. Have a look at this link we discussed some of your questions here let me know if you have more viewtopic.php?f=2&t=119005
by dgnevans
Thu Mar 16, 2017 11:42 am
Forum: RouterBOARD hardware
Topic: ccr 1036 not getting more then 1G connection
Replies: 34
Views: 2294

Re: ccr 1036 not getting more then 1G connection

How many concurrent users do you have connected. can you export your queue types and advise which ones you are using. Are you using predominantly simple queues or queue trees. Your PCQ configuration in queue type will be important as you would need to adjust the total-limit for the number of concurr...
by dgnevans
Thu Mar 16, 2017 11:26 am
Forum: Beginner Basics
Topic: problem bandwidth using pcq [SOLVED]
Replies: 1
Views: 223

Re: problem bandwidth using pcq [SOLVED]

Is each Division under its own subnet or vlan. You can go two routes. 1. using simple queues. create a simple queue for each division with the pcq limits download and upload as required(pcq-limits set under queue type) then create a parent queue for the total bandwidth available. 2. use queue trees ...
by dgnevans
Wed Mar 15, 2017 8:13 am
Forum: General
Topic: Traffic Shaping with 6 Remote Sites
Replies: 17
Views: 1180

Re: Traffic Shaping with 6 Remote Sites

No Problem we have all done this once before. For future when copying a config from one router to another try using the export method. Glad its working.
by dgnevans
Tue Mar 14, 2017 8:17 pm
Forum: RouterBOARD hardware
Topic: DHCP Server Invalid with base configuration
Replies: 5
Views: 1816

Re: DHCP Server Invalid with base configuration

you have not applied an IP address to the port you are running the dhcp server. apply an IP address on the same network then the dhcp should become valid
by dgnevans
Tue Mar 14, 2017 7:40 pm
Forum: General
Topic: Traffic Shaping with 6 Remote Sites
Replies: 17
Views: 1180

Re: Traffic Shaping with 6 Remote Sites

confirm this is not happening with all your other routers connected using at&t links just when you connect MA_VLAN. did you copy the config from 1 router to the other. could there be a possible duplicate mac address on your network. it would not show up on the routers. to check view each of the inte...
by dgnevans
Tue Mar 14, 2017 7:29 pm
Forum: General
Topic: Traffic Shaping with 6 Remote Sites
Replies: 17
Views: 1180

Re: Traffic Shaping with 6 Remote Sites

Are you running any bridges on your routers. if so try disabling rstp on the bridge. this could cause some issues. Secondly during the times of the issues are you seeing anything abnormal reported in the logs?
by dgnevans
Tue Mar 14, 2017 7:21 pm
Forum: General
Topic: PQC Simple Queues [SOLVED]
Replies: 5
Views: 806

Re: PQC Simple Queues [SOLVED]

remember when you doing your calculations you then need to make sure you have enough ram. Lets say PCQ-TOTAL-LIMIT=x RAM required = x*(2000Byte+200Byte) (2000Byte buffer for 1 packet. 200 Byte service data for 1 packet) Ram required = 51100KiB*2.2 = 112420 Kib = <112.4 MB Ram required if you have 10...
by dgnevans
Tue Mar 14, 2017 5:01 pm
Forum: Beginner Basics
Topic: 3 vlan network 3 dhcp servers RB3011
Replies: 10
Views: 1890

Re: 3 vlan network 3 dhcp servers RB3011

if you apply the ip address to the port ether 5 and apply the dhcp pool to that port you should get conectivity. it just depends what you are wanting to do.
by dgnevans
Tue Mar 14, 2017 4:58 pm
Forum: General
Topic: PQC Simple Queues [SOLVED]
Replies: 5
Views: 806

Re: PQC Simple Queues [SOLVED]

Firstly instead of limiting traffic on the port change the target to the lan subnet ie 192.168.88.0/24. Secondly put the max-limit of your upload and download to the speeds that you are getting from the service provider so that your PCQ has a reference to work from. Lastly create a simple queue abov...
by dgnevans
Tue Mar 14, 2017 12:59 pm
Forum: General
Topic: VLAN Trunk, Access Ports, Native Vlan
Replies: 3
Views: 4368

Re: VLAN Trunk, Access Ports, Native Vlan

Create a bridge for each VLAN ie VLAN 20 bridge and VLAN 30 Bridge. Then add VLAN 20 and ether 4 to VLAN 20 bridge. do the same for vlan 30.
by dgnevans
Tue Mar 14, 2017 12:48 pm
Forum: General
Topic: Traffic Shaping with 6 Remote Sites
Replies: 17
Views: 1180

Re: Traffic Shaping with 6 Remote Sites

It seems there is an issue with the remote sites. as It only happens when you add MA_VLAN router to the network. Are you sure you do not have a duplicate adress on the network or a loop somewhere from MA_VLAN.
by dgnevans
Mon Mar 13, 2017 7:18 pm
Forum: General
Topic: telnet blacklist function?
Replies: 1
Views: 349

Re: telnet blacklist function?

Have a look at these. Start by securing your router. https://wiki.mikrotik.com/wiki/Securing_your_router If you have dns services running https://wiki.mikrotik.com/wiki/DoS_attack_protection finally if you still need telnet you can adjust this config changing the port number https://wiki.mikrotik.co...
by dgnevans
Mon Mar 13, 2017 8:17 am
Forum: General
Topic: Traffic Shaping with 6 Remote Sites
Replies: 17
Views: 1180

Re: Traffic Shaping with 6 Remote Sites

As this is working with your old link this looks more likely to be a problem with AT&T new link. I suggest you start there before we look at making any changes to your config. What is the maximum throughput you have to the end points for intervlan routing. If is 1 gig between all sites and the centr...
by dgnevans
Sun Mar 12, 2017 8:27 pm
Forum: General
Topic: DHCP relay problem
Replies: 9
Views: 2436

Re: DHCP relay problem

can you show the configuration for the vlans and the local ip applied on the vlan interface as well as the dhcp relay settings.
by dgnevans
Fri Mar 10, 2017 9:29 pm
Forum: Beginner Basics
Topic: 3 vlan network 3 dhcp servers RB3011
Replies: 10
Views: 1890

Re: 3 vlan network 3 dhcp servers RB3011

When you connect directly to a port you have applied a vlan you will not get an ip as the traffic is on the vlan as you have applied the ip to that vlan and the dhcp to that vlan which is tagged and your computer does not see the tagged traffic. Your switch has a trunk port which has that vlan allow...
by dgnevans
Fri Mar 10, 2017 8:21 pm
Forum: RouterBOARD hardware
Topic: CCR1009-7G-1C-1S+ combi port incompatibility with UBNT FiberPoe
Replies: 3
Views: 680

Re: CCR1009-7G-1C-1S+ combi port incompatibility with UBNT FiberPoe

Are you connecting any Ethernet cables at same time as combo. Remember the combo is linked to Ethernet port so you can use 1 or other
by dgnevans
Fri Mar 10, 2017 6:17 pm
Forum: RouterBOARD hardware
Topic: CCR1009-7G-1C-1S+ combi port incompatibility with UBNT FiberPoe
Replies: 3
Views: 680

Re: CCR1009-7G-1C-1S+ combi port incompatibility with UBNT FiberPoe

are you running the same firmware version on both. Have you updated the airfibre firmware.
by dgnevans
Fri Mar 10, 2017 6:11 pm
Forum: RouterBOARD hardware
Topic: CCR1009 Freeze ****HELP****
Replies: 1
Views: 340

Re: CCR1009 Freeze ****HELP****

What firmware you running? do you have a public IP facing the outside world. post config.
by dgnevans
Fri Mar 10, 2017 4:25 pm
Forum: General
Topic: Slow website loading when filter is applied
Replies: 9
Views: 1655

Re: Slow website loading when filter is applied

try adding tcp extablised and related rules above the drop rule.
add action=accept chain=forward comment="TCP Established" connection-state=established protocol=tcp
add action=accept chain=forward comment="Allow connections originating from Lan" connection-state=related protocol=tcp
by dgnevans
Thu Mar 09, 2017 10:43 pm
Forum: Beginner Basics
Topic: Two indepenedent LANs to see their peers
Replies: 30
Views: 1817

Re: Two indepenedent LANs to see their peers

It depends on what firewall rules you have etc etc. if the firewall rules allow both vlans out the connection it can be as simple as setting a second route 0.0.0.0/0 through the opposing router with a distance of 2. You can then setup check gateway on default route. you could also configure ospf and...
by dgnevans
Thu Mar 09, 2017 7:32 pm
Forum: General
Topic: Speed Limit per connection over EoIP Tunnel
Replies: 4
Views: 644

Re: Speed Limit per connection over EoIP Tunnel

are you running any simple queues or queue trees.
by dgnevans
Thu Mar 09, 2017 4:46 pm
Forum: Forwarding Protocols
Topic: 802.3ad bonding to Cisco Switch
Replies: 6
Views: 3248

Re: 802.3ad bonding to Cisco Switch

thats when I do my best work. Just replicating it the next day when I am awake is a bit of an issue.
by dgnevans
Thu Mar 09, 2017 4:22 pm
Forum: Forwarding Protocols
Topic: 802.3ad bonding to Cisco Switch
Replies: 6
Views: 3248

Re: 802.3ad bonding to Cisco Switch

Sorry I saw I miss-read your post that is why I deleted mine. When I re-read it I realized you had figured that out already and you have confirmed that.
by dgnevans
Thu Mar 09, 2017 4:19 pm
Forum: Forwarding Protocols
Topic: 802.3ad bonding to Cisco Switch
Replies: 6
Views: 3248

Re: 802.3ad bonding to Cisco Switch

Do you not need to put Channel-group 1 mode active on interfaces for them to advertise.
by dgnevans
Thu Mar 09, 2017 2:09 pm
Forum: Beginner Basics
Topic: Pls help in Firewall Rules
Replies: 3
Views: 372

Re: Pls help in Firewall Rules

Generally you want to create rules that prevent attacks from the outside on your wan interface. then depending on how you want to do things you can as has been said have less or more rules. There is no reason to protect 1 lan vlan from another. you want to protect your lan vlans from the outside wor...
by dgnevans
Thu Mar 09, 2017 9:21 am
Forum: General
Topic: Traffic Shaping with 6 Remote Sites
Replies: 17
Views: 1180

Re: Traffic Shaping with 6 Remote Sites

/queue simple add max-limit=1G/1G name=WAN queue=synchronous-default/synchronous-default target=10.96.64.0/18 add max-limit=1G/1G add name="LAN" parent=WAN queue=pcq-upload-default/pcq-download-default target=10.96.80.0/21 add max-limit=100M/100M add name="BKS_VLAN" parent=WAN queue=pcq-upload-defa...
by dgnevans
Wed Mar 08, 2017 10:03 pm
Forum: General
Topic: Traffic Shaping with 6 Remote Sites
Replies: 17
Views: 1180

Re: Traffic Shaping with 6 Remote Sites

I have checked your configs and have 1 question. You have only a few queues. unless you are planning to have more queues why are you using mangle and queue trees. I understand the benefits when you processing large number of queues but your setup appears very simple and perform as well with a simple...
by dgnevans
Tue Mar 07, 2017 10:48 pm
Forum: General
Topic: Slow ping rate to directly connected device
Replies: 4
Views: 514

Re: Slow ping rate to directly connected device

are you runnning any simple queues or other configs on your mikrotik. please provide export or mikrotik.
by dgnevans
Tue Mar 07, 2017 10:44 pm
Forum: General
Topic: Slow website loading when filter is applied
Replies: 9
Views: 1655

Re: Slow website loading when filter is applied

try adding
protocol=tcp dst-port="80, 443"
to your first rule
by dgnevans
Tue Mar 07, 2017 10:12 pm
Forum: General
Topic: DNS server stop working from time to time
Replies: 6
Views: 1867

Re: DNS server stop working from time to time

Are you runsning any interfaces with dhcp client on them there is a similar issue reported by a number of users where by dhcp client dns causes the issue. they found turning off that dns resolved the issue. I am using the ccr1009 for the past 8 months as dns without issue.
by dgnevans
Tue Mar 07, 2017 8:39 pm
Forum: General
Topic: Slow ping rate to directly connected device
Replies: 4
Views: 514

Re: Slow ping rate to directly connected device

AS you say the internet is normal when connected directly to router. If this is the case you need to look at the devices connected to the router. switches, wireless acess points. look at the interface connected to your lan and ensure there no errors.
by dgnevans
Tue Mar 07, 2017 6:28 pm
Forum: Beginner Basics
Topic: Can´t see neighbor router
Replies: 7
Views: 1492

Re: Can´t see neighbor router

YOu need to create firewall rules (forward) on each router allowing communication between LANS. eg add action=accept chain=forward comment="LAN Traffic" dst-address=192.168.88.0/24 src-address=192.168.0.0/24 add action=accept chain=forward comment="LAN Traffic" dst-address=192.168.0.0/24 src-address...
by dgnevans
Tue Mar 07, 2017 4:30 pm
Forum: Beginner Basics
Topic: Two indepenedent LANs to see their peers
Replies: 30
Views: 1817

Re: Two indepenedent LANs to see their peers

YOu could try changing from Station on Rb433 wlan2 to station-pseudobridge and see if that has an affect. Alternatively you could setup netwatch to ping a device on the otherside to see if that keeps link alive.
by dgnevans
Tue Mar 07, 2017 8:07 am
Forum: Beginner Basics
Topic: DNS Cache - Broken (6.38.3 + RC) [SOLVED!]
Replies: 15
Views: 2110

Re: DNS Cache - Broken (6.38.3 + RC) [SOLVED!]

I suspected something like that but did not mention it because I did not see anything in your export.
by dgnevans
Mon Mar 06, 2017 11:39 pm
Forum: Beginner Basics
Topic: DNS Cache - Broken (6.38.3 + RC) [SOLVED!]
Replies: 15
Views: 2110

Re: DNS Cache - Broken (6.38.3 + RC)

the only other thing i can think of is to try is to add a firewall rule . allowing all traffic from lan to lan add action=accept chain=input comment="LAN Traffic" dst-address=192.168.35.0/24 src-address=192.168.35.0/24 add action=accept chain=output comment="LAN Traffic" dst-address=192.168.35.0/24 ...
by dgnevans
Mon Mar 06, 2017 10:52 pm
Forum: Beginner Basics
Topic: DNS Cache - Broken (6.38.3 + RC) [SOLVED!]
Replies: 15
Views: 2110

Re: DNS Cache - Broken (6.38.3 + RC)

have you tried removing the static entry from dns. have you tested with another device ie linux, switch or any other operating system just to narrow it down.
by dgnevans
Mon Mar 06, 2017 10:36 pm
Forum: Beginner Basics
Topic: DNS Cache - Broken (6.38.3 + RC) [SOLVED!]
Replies: 15
Views: 2110

Re: DNS Cache - Broken (6.38.3 + RC)

in your dhcp have you set the domain suffix.in some point they suggest the adding of the suffix for local domain. I dont see how this would affect things but may be worth looking at.
by dgnevans
Mon Mar 06, 2017 9:59 pm
Forum: Beginner Basics
Topic: DNS Cache - Broken (6.38.3 + RC) [SOLVED!]
Replies: 15
Views: 2110

Re: DNS Cache - Broken (6.38.3 + RC)

can you torch the port. show protocol udp and port 53 see what is hitting it. Just confirm you connected directly. I have tried to replicate your results but so far have failed. Only difference I have from your setup is I am runnig the bugfix version.
by dgnevans
Mon Mar 06, 2017 9:16 pm
Forum: Beginner Basics
Topic: DNS Cache - Broken (6.38.3 + RC) [SOLVED!]
Replies: 15
Views: 2110

Re: DNS Cache - Broken (6.38.3 + RC)

Could this be an issue with the mangle and nat statements. have you tried disabling your mangle rule marking tracffic. and changing your nat rule to a basic rule like add action=masquerade chain=srcnat comment="Masq WAN" dst-address=0.0.0.0/0 out-interface=wan src-address=192.168.35.0/24 change wan ...
by dgnevans
Mon Mar 06, 2017 8:24 pm
Forum: Beginner Basics
Topic: DNS Cache - Broken (6.38.3 + RC) [SOLVED!]
Replies: 15
Views: 2110

Re: DNS Cache - Broken (6.38.3 + RC)

Looks like your firewall might be the issue. Try disable firewall rules and test again.
by dgnevans
Mon Mar 06, 2017 6:48 pm
Forum: Beginner Basics
Topic: Two indepenedent LANs to see their peers
Replies: 30
Views: 1817

Re: Two indepenedent LANs to see their peers

Ok I hope i have it now. you have RB750GR3 LAN A------ RB912 AP WLAN1 ----- RB433 WLAN2 STATION ------ RB433 LAN B From my understanding and if I am wrong correct me. RB750 GR3 10.10.10.1 connects to RB912 and gives out dhcp. WLAN 2 on RB433 connects as a station to RB912. If so instead of havind dh...
by dgnevans
Mon Mar 06, 2017 12:39 pm
Forum: Beginner Basics
Topic: Mikrotik Multi-NAT problem
Replies: 5
Views: 699

Re: Mikrotik Multi-NAT problem

I wouldnt use mangle unless there are specific requirements. as this is a very simple forwarding 1 external ip to 1 internal server there should be no need for mangle and that would use resources that are not required. rather keep it simple
by dgnevans
Mon Mar 06, 2017 12:14 pm
Forum: Wireless Networking
Topic: Help me: Ptmp Problem
Replies: 7
Views: 669

Re: Help me: Ptmp Problem

You need to confirm that your radio is connected either to the horizontal or vertical connector on the back of the antenna. If it is horizontally polarised you will need to rotate your SXT into the horizontal polarisation position.
by dgnevans
Mon Mar 06, 2017 8:46 am
Forum: Beginner Basics
Topic: Two indepenedent LANs to see their peers
Replies: 30
Views: 1817

Re: Two indepenedent LANs to see their peers

The things I am seeing and I might be reading this wrong. RB912 is acting as a router instead of a AP (wireless-bridge) to resolve this you would need to remove dhcp from the bridge. Bridge the wireless and Ethernet port that connects to the switch and main router. On Wlan2 you would need to remove ...
by dgnevans
Mon Mar 06, 2017 8:26 am
Forum: Forwarding Protocols
Topic: OSPF setup
Replies: 34
Views: 4697

Re: OSPF setup

Please can you
routing ospf export
from each router and then tell us what the ip address of each router is on the side that is connected to the switch and main router.
by dgnevans
Sun Mar 05, 2017 6:30 pm
Forum: Wireless Networking
Topic: Help me: Ptmp Problem
Replies: 7
Views: 669

Re: Help me: Ptmp Problem

Which model UBiquit secotr are you using. This could be a frequency mistmatch issue for the sector antenna
by dgnevans
Sun Mar 05, 2017 6:20 pm
Forum: Beginner Basics
Topic: Mikrotik Multi-NAT problem
Replies: 5
Views: 699

Re: Mikrotik Multi-NAT problem

If I look at your Nat this is how I would do it. /ip firewall nat add action=src-nat chain=srcnat comment=Web_Server1 out-interface=WAN src-address=192.168.1.5 to-addresses=72.xxx.xxx.121 add action=src-nat chain=srcnat comment=Mail_Server out-interface=WAN src-address=192.168.1.4 to-addresses=72.xx...
by dgnevans
Sun Mar 05, 2017 5:58 pm
Forum: Wireless Networking
Topic: 3 second link drop problem
Replies: 3
Views: 450

Re: 3 second link drop problem

Are you using a bridge port with RSTP enabled. This can cause some issues.
by dgnevans
Sun Mar 05, 2017 2:59 pm
Forum: Forwarding Protocols
Topic: OSPF setup
Replies: 34
Views: 4697

Re: OSPF setup

In my experience you need to have a network under ospf network that covers the inter connectivity between routers. then on each of the routers you should put the network that is behind that router that you would like to share. from what I can see you have missing networks on the routers. https://wik...
by dgnevans
Sat Mar 04, 2017 9:15 pm
Forum: General
Topic: Help with Simple Queues
Replies: 2
Views: 377

Re: Help with Simple Queues

The issue you have is you are limiting all your users to a total bandwidth of 1 M up and 2 M down. Create queue type PCQ upload 1 M and PCQ download 2 M. Then change your queue to limit with the PCQ as the queue type. Create a parent queue for both your queues of 2 M up 16 M down. Make sure parent q...
by dgnevans
Sat Mar 04, 2017 10:40 am
Forum: Forwarding Protocols
Topic: OSPF setup
Replies: 34
Views: 4697

Re: OSPF setup

I dont see your network under
/routing ospf network
you need to add the networks to the area in order for ospf to work.
by dgnevans
Fri Mar 03, 2017 9:49 pm
Forum: Forwarding Protocols
Topic: OSPF setup
Replies: 34
Views: 4697

Re: OSPF setup

Yes you can run pay on same router.
by dgnevans
Fri Mar 03, 2017 9:46 pm
Forum: Forwarding Protocols
Topic: OSPF + Simple Queue on Head Router Issue
Replies: 3
Views: 414

Re: OSPF + Simple Queue on Head Router Issue

Can you show export of your queues and queue type on r1
Also confirm you not running faster on r1
by dgnevans
Fri Mar 03, 2017 7:24 am
Forum: Forwarding Protocols
Topic: OSPF + Simple Queue on Head Router Issue
Replies: 3
Views: 414

Re: OSPF + Simple Queue on Head Router Issue

Can you post results
queues export
just confirm there is no natting between routers on lan side. Also cinfurm yiu not running any firewall rules on r2 and r3
by dgnevans
Fri Mar 03, 2017 7:19 am
Forum: General
Topic: Cisco replacement
Replies: 6
Views: 734

Re: Cisco replacement

I made this move a few years ago and haven't looked back. The 1009 is a good choice for both stability and allowing your client to grow their network in the future. The nice thing is at that price your client could have one sitting on the shelf in case of a problem. There are a lot of features you m...
by dgnevans
Thu Mar 02, 2017 8:47 pm
Forum: Beginner Basics
Topic: It does not work TRUNK connection between the CISCO 2950 and CCR1009
Replies: 4
Views: 556

Re: It does not work TRUNK connection between the CISCO 2950 and CCR1009

What Vlans have you added to the cisco. What Vlans are allowed on that port.
sho vlan
by dgnevans
Thu Mar 02, 2017 8:35 pm
Forum: General
Topic: PCQ Advice
Replies: 10
Views: 1130

Re: PCQ Advice

Basically depending on what you set your limit on. Right now it is set to 50 KiB which is the size of each PCQ-queue. you mutiply that by the number of individual queues you require (concurrent users you expect to have connected) ie 80 which gives you the pcq-total-limit= 4000KiB . you then need to ...
by dgnevans
Thu Mar 02, 2017 10:53 am
Forum: General
Topic: PCQ Advice
Replies: 10
Views: 1130

Re: PCQ Advice

The dropped packets happen when the users queue is full ie they are exceeding there allocated bandwidth. TCP detects these losses and will re-transmit that packet. A certain amount of packet loss is required to reduce throughput or throttling the connection. Without the dropping of packets you would...
by dgnevans
Thu Mar 02, 2017 9:22 am
Forum: General
Topic: PCQ Advice
Replies: 10
Views: 1130

Re: PCQ Advice

/queue type add kind=pcq name=pcq-upload-1M pcq-classifier=src-address pcq-rate=1M pcq-total-limit=4000KiB add kind=pcq name=pcq-down-1M pcq-burst-time=8s pcq-classifier=dst-address pcq-rate=1M pcq-total-limit=4000KiB /queue simple add max-limit=10M/10M name=Subnet queue=pcq-upload-1M/pcq-down-1M t...
by dgnevans
Thu Mar 02, 2017 8:09 am
Forum: General
Topic: PCQ Advice
Replies: 10
Views: 1130

Re: PCQ Advice

Are you limiting each user to a certain speed. or to the 10 mbps total is the max a user can get.
by dgnevans
Wed Mar 01, 2017 9:03 pm
Forum: Beginner Basics
Topic: Firewall: Deny all except one host
Replies: 5
Views: 1414

Re: Firewall: Deny all except one host

Firewall rules work in order. the easiest way to view this is to look through winbox or print the rules. Make sure the allow rule is above the deny rule otherwise the rule will not work.
by dgnevans
Wed Mar 01, 2017 8:07 pm
Forum: Beginner Basics
Topic: Firewall: Deny all except one host
Replies: 5
Views: 1414

Re: Firewall: Deny all except one host

add chain=forward action=allow src-address=xx.xx.xx.xx dst-address=192.168.0.0/24
change xx.xx.xx.xx to the ip address of the computer you would like to access your network. Place this rule above you deny rule.
by dgnevans
Wed Mar 01, 2017 9:21 am
Forum: General
Topic: Limiting Max bandwidth per user in a queue
Replies: 5
Views: 4274

Re: Limiting Max bandwidth per user in a queue

4000KB is per queue ie simple queue. So if each users individual queue = 50KB you can have a maximum of 80 users downloading or uploading at one time. So the 10 users all downloading a file each will be limited to 10% of the 5 mbps +- 500kbps each. Once a user fills there individual queue of 50KB pa...
by dgnevans
Wed Mar 01, 2017 6:07 am
Forum: General
Topic: Limiting Max bandwidth per user in a queue
Replies: 5
Views: 4274

Re: Limiting Max bandwidth per user in a queue

Dont confuse pcq-total-limit to the simple queue total limit. pcq-total-limit refers to the Total queue size of all sub-streams (in kilobytes) Each queue is 50 KB by default I set the total queue at 4000 KB this means that there can be up to 80 queues before the Queue limit is reached and packets ar...
by dgnevans
Wed Mar 01, 2017 4:47 am
Forum: General
Topic: Limiting Max bandwidth per user in a queue
Replies: 5
Views: 4274

Re: Limiting Max bandwidth per user in a queue

You can create queue types pcq and set upload and download limits. Apply these to your simple queues. Set the max limit for the queue to 5mb up down. /queue type add kind=pcq name=pcq-upload-1M pcq-classifier=src-address pcq-rate=1M pcq-total-limit=4000KiB add kind=pcq name=pcq-down-1M pcq-burst-tim...
by dgnevans
Tue Feb 28, 2017 10:03 pm
Forum: General
Topic: Vlan in Mikrotik and Cisco Environment
Replies: 10
Views: 989

Re: Vlan in Mikrotik and Cisco Environment

Awesome. glad you up.
by dgnevans
Tue Feb 28, 2017 9:14 pm
Forum: General
Topic: Vlan in Mikrotik and Cisco Environment
Replies: 10
Views: 989

Re: Vlan in Mikrotik and Cisco Environment

MikroTik Gig 0/3 70 R MikroTik wan1 MikroTik Gig 0/2 92 R MikroTik ether1 ZainNET Gig 0/1 111 R MikroTik vlan2 ZainNET Gig 0/1 111 R MikroTik vlan1 ZainNET Gig 0/1 111 R MikroTik LAN-1 Looking at the output of the cisco there is an issue with router 2 Mikrotik. It is not showing the vlans. Check th...
by dgnevans
Tue Feb 28, 2017 4:40 pm
Forum: General
Topic: Create bandwidth profiles with mangle and queues
Replies: 5
Views: 3096

Re: Create bandwidth profiles with mangle and queues

You can program this using the mangle rules as you suggested or you can go the route of setting up all your clients within one subnet for each speed and have a priority for that rule. It depends how you have configured everyone so far. I prefer the simple queues because there is less resource overhe...
by dgnevans
Tue Feb 28, 2017 4:15 pm
Forum: Beginner Basics
Topic: Two indepenedent LANs to see their peers
Replies: 30
Views: 1817

Re: Two indepenedent LANs to see their peers

Thanks
Maybe remove your security keys from that export.
Can you confirm that the lan port on the 912 and the wireless port on the 912 are bridged?
by dgnevans
Tue Feb 28, 2017 1:02 pm
Forum: Beginner Basics
Topic: Two indepenedent LANs to see their peers
Replies: 30
Views: 1817

Re: Two indepenedent LANs to see their peers

Can you post the export of your 912. There is no reason to masquerade the traffic between the two networks as long as you have routes on each router so they know where to send traffic..
by dgnevans
Tue Feb 28, 2017 12:46 pm
Forum: General
Topic: Vlan in Mikrotik and Cisco Environment
Replies: 10
Views: 989

Re: Vlan in Mikrotik and Cisco Environment

Ok Great. Now on each of your routers can you post results from
interface export
also post results for sho cdp neigh on the switch
by dgnevans
Tue Feb 28, 2017 8:12 am
Forum: Beginner Basics
Topic: Two indepenedent LANs to see their peers
Replies: 30
Views: 1817

Re: Two indepenedent LANs to see their peers

What it sounds like is your traffic is being natted on the one router. Can you post your nat rules from each router.
by dgnevans
Mon Feb 27, 2017 10:46 pm
Forum: General
Topic: Traffic Shaping with 6 Remote Sites
Replies: 17
Views: 1180

Re: Traffic Shaping with 6 Remote Sites

drop the dst from your queue and target your whole subnet going out.
10.96.80.0/17

ie
add  max-limit=1G/1G name=TOTAL priority=1/1 queue=default/default \ target=10.96.80.0/17
by dgnevans
Mon Feb 27, 2017 10:37 pm
Forum: Beginner Basics
Topic: Two indepenedent LANs to see their peers
Replies: 30
Views: 1817

Re: Two indepenedent LANs to see their peers

Are you running any firewall rules on your routers that are preventing inter lan communications.
by dgnevans
Mon Feb 27, 2017 10:29 pm
Forum: General
Topic: Vlan in Mikrotik and Cisco Environment
Replies: 10
Views: 989

Re: Vlan in Mikrotik and Cisco Environment

please post results for
show interfaces gi0/1 trunk
Right now you dont appear to have any vlans allowed on thost trunk ports.
by dgnevans
Mon Feb 27, 2017 4:04 pm
Forum: Beginner Basics
Topic: Two indepenedent LANs to see their peers
Replies: 30
Views: 1817

Re: Two indepenedent LANs to see their peers

No Idont want you to change 912 to a station. Station is used as the client to connect to another AP.
Can you run a traceroute from each of your routers to the other router via the lan port and post the results.
by dgnevans
Mon Feb 27, 2017 3:30 pm
Forum: General
Topic: Cloud Core Router Throttling Traffic
Replies: 2
Views: 415

Re: Cloud Core Router Throttling Traffic

Could you do an export and post config hiding external ips and names etc.
What is the CPU usage like when this happens.
How many queues are you running?
How are you providing connectivity to your customers. Through fibre, wireless?
by dgnevans
Mon Feb 27, 2017 3:23 pm
Forum: General
Topic: Vlan in Mikrotik and Cisco Environment
Replies: 10
Views: 989

Re: Vlan in Mikrotik and Cisco Environment

can you run Sho vlan on the cisco switch so we can see what vlans you are passing through the GI0/1 and GI0/2 Right now you showing only native vlan.

Int range gi0/1-2
switchport trunk allowed vlan add 20,30

That should get you going.
by dgnevans
Mon Feb 27, 2017 8:52 am
Forum: Beginner Basics
Topic: Two indepenedent LANs to see their peers
Replies: 30
Views: 1817

Re: Two indepenedent LANs to see their peers

Can you change Wlan2 to a station on the rb433 and test. I was going to suggest that you put route to 192 network on the RB912. But as it is just acting as an AP this should not be required.
by dgnevans
Mon Feb 27, 2017 8:20 am
Forum: General
Topic: Create bandwidth profiles with mangle and queues
Replies: 5
Views: 3096

Re: Create bandwidth profiles with mangle and queues

YOu can create a PCQ with with the limit of 2 Mbps per second for both upload and download and pcq limit of 4mbps for both upload and download. Then create simple queues for either whole subnets or inidividula clients. Make all these simple queues have a parent. Place the parent at the bottom. And p...
by dgnevans
Sun Feb 26, 2017 9:40 pm
Forum: General
Topic: need more dhcp adresses for the hotspot function
Replies: 6
Views: 704

Re: need more dhcp adresses for the hotspot function

Rather than making your subnet larger to allow so many addresses which would cause you a huge amount of issues why dont you reduce your lease time. There is no way you will have 254 concurrent connections. If you look at the maximum amount of time a client may stay connected for and adjust your leas...
by dgnevans
Sun Feb 26, 2017 9:20 pm
Forum: Beginner Basics
Topic: Two indepenedent LANs to see their peers
Replies: 30
Views: 1817

Re: Two indepenedent LANs to see their peers

Does RB 912 have the routes to the necessary networks on it as well.
by dgnevans
Sun Feb 26, 2017 9:09 am
Forum: General
Topic: Weird issue with network scanning
Replies: 4
Views: 338

Re: Weird issue with network scanning

IT all depends whether you using hostname or ip address to establish communications to your server from your scanners.
by dgnevans
Sat Feb 25, 2017 10:01 pm
Forum: General
Topic: QoS not working
Replies: 15
Views: 1243

Re: QoS not working

I would try disable the queues create a test parent queue and a test child queue and run test. I have seen a number of people who have had an issue similar to this and have had to remove and recreate the rules exactly as they were and it resolves the issue. as far as order if your parent queue is ab...
by dgnevans
Sat Feb 25, 2017 9:40 pm
Forum: General
Topic: QoS not working
Replies: 15
Views: 1243

Re: QoS not working

Traffic will move through the queues in order from 0 ----> . Once a queue is met it should not pass to other queue. When you put the parent queue above sometimes it works but it behaves with a certain irregularity for instance if I move my parent queue to the top. Only half my queues will be followe...
by dgnevans
Sat Feb 25, 2017 9:28 pm
Forum: General
Topic: QoS not working
Replies: 15
Views: 1243

Re: QoS not working

your parent queue should be below the child queues.

you can easily view traffic of each one using tcp accounting and sniffer service.
by dgnevans
Sat Feb 25, 2017 9:23 pm
Forum: General
Topic: QoS not working
Replies: 15
Views: 1243

Re: QoS not working

confirm ifyou print in order is this at the bottom of the list.
by dgnevans
Sat Feb 25, 2017 9:22 pm
Forum: Beginner Basics
Topic: Configure Cisco wap 371ak9 with Mikrotik RB1100
Replies: 4
Views: 412

Re: Configure Cisco wap 371ak9 with Mikrotik RB1100

looking at your config there is one big issue standing out. you have mutiple dhcp pools and dhcp servers all operating in the same bride. I would suggest removing them all and creating 1 that covers what you are wanting to do. Second thing. Once you have completed the changes plug a computer into th...
by dgnevans
Sat Feb 25, 2017 9:16 pm
Forum: General
Topic: QoS not working
Replies: 15
Views: 1243

Re: QoS not working

Which queue is at the top. Make sure you parent queues target covers the whole subnet of your clients.
by dgnevans
Sat Feb 25, 2017 1:56 pm
Forum: General
Topic: QoS not working
Replies: 15
Views: 1243

Re: QoS not working

Confirm you have taken working config and loaded it onto another router just changing the ip's . you need to make sure you copy the queue types as well. Personally I would use PCQ to limit each client and just have one rule that covers the client subnets. make sure you parent rule at the bottom of a...
by dgnevans
Sat Feb 25, 2017 1:48 pm
Forum: Beginner Basics
Topic: Configure Cisco wap 371ak9 with Mikrotik RB1100
Replies: 4
Views: 412

Re: Configure Cisco APS ithayaj Mikrotik RB1100

Can you advise what ports you connecting the AP's to the 1100. Also post export of config from RB1100
by dgnevans
Fri Feb 24, 2017 10:39 pm
Forum: General
Topic: Traffic shaping
Replies: 3
Views: 1064

Re: Traffic shaping

Try add dst=192.168.2.0/24 name="LAN1-LAN2" queue=ethernet-default/ethernet-default target=192.168.1.0/24 add dst=192.168.1.0/24 name="LAN2-LAN1" queue=ethernet-default/ethernet-default target=192.168.2.0/24 add name="LAN2-INTERNET" max-limit=1M/1M queue=pcq-upload-default/pcq-download-default targe...
by dgnevans
Fri Feb 24, 2017 10:19 pm
Forum: General
Topic: Dual WAN FTP Proble
Replies: 9
Views: 1052

Re: Dual WAN FTP Proble

Can you try disable your PCC rules as these could be marking traffic incorrectly ie incoming traffic will not go out the same connection it came in on because the traffic is being marked before it reaches other rules. add action=accept chain=prerouting dst-address=10.52.1.0/24 in-interface=Local add...
by dgnevans
Fri Feb 24, 2017 8:32 pm
Forum: Beginner Basics
Topic: Can´t see neighbor router
Replies: 7
Views: 1492

Re: Can´t see neighbor router

YOu are missing a route back. Please post routes from both routers.
by dgnevans
Fri Feb 24, 2017 8:28 pm
Forum: Forwarding Protocols
Topic: OSPF setup
Replies: 34
Views: 4697

Re: OSPF setup

are the lan ports connected to the switch and ptp links in the same lan as the lan ports of the AP's. can you share a bit more information about you setup. We understand your router lan connects to the switch but need to know further information so we can give you an example.
by dgnevans
Fri Feb 24, 2017 8:17 pm
Forum: General
Topic: Dual WAN FTP Proble
Replies: 9
Views: 1052

Re: Dual WAN FTP Proble

Please post your updated nat mangle and routes.
by dgnevans
Thu Feb 23, 2017 10:45 pm
Forum: General
Topic: Leaseline (Fibre Ethernet)
Replies: 6
Views: 655

Re: Leaseline (Fibre Ethernet)

If the cisco 1921 is just handling forwarding of traffic it may well be able to perform at 500 mbps and possibly faster, but the start adding any access-listsm, nat, qos or other services the speed will drop off quicky. A couple of years ago I worked out hat the most I could expect to get NAT+ACL+Tu...
by dgnevans
Thu Feb 23, 2017 4:23 pm
Forum: General
Topic: Help on router
Replies: 3
Views: 551

Re: Help on router

I would go with the CCR1009-8G-1S-1S+ Dual power supply for Redundancy. Greater throughput and will allow you to expand in the future if you require. Remember you dont install what you need now. You plan ahead. The 1100ahx2 is great. What if you need at add tunnels, encryption, simple queues, mutipl...
by dgnevans
Thu Feb 23, 2017 11:02 am
Forum: Wireless Networking
Topic: speed issues - what I am doing wrong?
Replies: 26
Views: 3344

Re: speed issues - what I am doing wrong?

Is you 3COM a managed switch? is there any configuration running on it. For LAN traffic between home lan and server there is no need of it to hit the router 2011. I am still suspecting some form of QOS or queue issue in place. I suspect the issue is between the 2011 router and the switch from the te...
by dgnevans
Wed Feb 22, 2017 8:12 pm
Forum: Wireless Networking
Topic: speed issues - what I am doing wrong?
Replies: 26
Views: 3344

Re: speed issues - what I am doing wrong?

your firewall may block btest. remember you should enter a username and password for btest.
by dgnevans
Wed Feb 22, 2017 6:56 pm
Forum: Wireless Networking
Topic: speed issues - what I am doing wrong?
Replies: 26
Views: 3344

Re: speed issues - what I am doing wrong?

no worries we know how that feels.
If you run Btest to router 2011 what results are you getting? Secondly what are your ping times to your main router from the house?
by dgnevans
Wed Feb 22, 2017 6:48 pm
Forum: Forwarding Protocols
Topic: OSPF networks
Replies: 9
Views: 891

Re: OSPF networks

good news.
by dgnevans
Wed Feb 22, 2017 4:58 pm
Forum: Forwarding Protocols
Topic: OSPF networks
Replies: 9
Views: 891

Re: OSPF networks

If you would like 192.168.250.248/29 not to appear on router 1 you need move this network on router to into it's own area so that it is not passed as a backbone area would be. If you would like 192.168.100.128/25 not to appear on router 2 you should not put it in area1 as you defined area 1 on both ...
by dgnevans
Wed Feb 22, 2017 3:05 pm
Forum: Forwarding Protocols
Topic: OSPF networks
Replies: 9
Views: 891

Re: OSPF networks

What is listed under OSPF Networks ?
by dgnevans
Tue Feb 21, 2017 8:32 pm
Forum: General
Topic: Leaseline (Fibre Ethernet)
Replies: 6
Views: 655

Re: Leaseline (Fibre Ethernet)

Rb 1100ahx2
Ccr1009 8g-1s-1s+
by dgnevans
Tue Feb 21, 2017 8:23 pm
Forum: Wireless Networking
Topic: VLAN on wireless and RoutersOS
Replies: 2
Views: 314

Re: VLAN on wireless and RoutersOS

You would normally configure you wireless link in wds mode. Below is link to similar topic
http://forum.mikrotik.com/viewtopic.php?t=70603
by dgnevans
Tue Feb 21, 2017 8:01 pm
Forum: General
Topic: Catching Sat-IP
Replies: 5
Views: 609

Re: Catching Sat-IP

Use simple queue and put receiver rule above other with a higher priority
by dgnevans
Tue Feb 21, 2017 3:05 pm
Forum: General
Topic: Dual WAN FTP Proble
Replies: 9
Views: 1052

Re: Dual WAN FTP Proble

Check your mangle rules. It should I believe look like this. Your mangle was missing forward chain. Remember the order is important prerouting - input - forward - output /ip firewall mangle add action=mark-routing chain=prerouting connection-mark=WAN1_conn \ in-interface=Local new-routing-mark=to_WA...
by dgnevans
Tue Feb 21, 2017 11:53 am
Forum: General
Topic: queue rules for IPTV
Replies: 2
Views: 1667

Re: queue rules for IPTV

are there static IP's for the IP'TV's if you have static ips for them you can create simple queues and use the target as the IP's you know. That way all traffic from and to those devices will get priority.
by dgnevans
Tue Feb 21, 2017 9:27 am
Forum: Forwarding Protocols
Topic: Unable to ping google from LAN to WAN
Replies: 4
Views: 1090

Re: Unable to ping google from LAN to WAN

What operating system is your server running? Linux often uses arp ping by default and depending on your firewall you are probably blocking that.
Start by disabling your firewall and the run your tests. Then re-enable the firewall. you may need to modify your firewall adding some rulles.
by dgnevans
Mon Feb 20, 2017 9:18 pm
Forum: Beginner Basics
Topic: Assign LAN port to WAN
Replies: 10
Views: 2071

Re: Assign LAN port to WAN

You can either add two ports to the switch or add two ports to a bridge. if you add ports to bridge assign ip for router to bridge port. plug wan connection into one of the 2 ports and server into other. configure gateway of wan on server and default route on router.
by dgnevans
Mon Feb 20, 2017 8:40 pm
Forum: Beginner Basics
Topic: Assign LAN port to WAN
Replies: 10
Views: 2071

Re: Assign LAN port to WAN

What model mikrotik are you using?
by dgnevans
Mon Feb 20, 2017 8:32 pm
Forum: Beginner Basics
Topic: Assign LAN port to WAN
Replies: 10
Views: 2071

Re: Assign LAN port to WAN

Create a bridge between 2 ports.
by dgnevans
Mon Feb 20, 2017 7:57 pm
Forum: General
Topic: Mikrotik & Lightning
Replies: 13
Views: 1173

Re: Mikrotik & Lightning

adding salt and ash improves conductivity as well. if you can dig to better soil or bring in better soil from surrounding area putting below and above earth mat
by dgnevans
Mon Feb 20, 2017 7:53 pm
Forum: Beginner Basics
Topic: Assign LAN port to WAN
Replies: 10
Views: 2071

Re: Assign LAN port to WAN

have a look at this
http://forum.mikrotik.com/viewtopic.php?f=2&t=52997
srcnat should do it for you. if you can give a basic diagram with how you would like it to work we can help a bit further.
by dgnevans
Mon Feb 20, 2017 7:46 pm
Forum: General
Topic: Mikrotik & Lightning
Replies: 13
Views: 1173

Re: Mikrotik & Lightning

different terminology same thing. What soil you on . Kalahari sands.
by dgnevans
Mon Feb 20, 2017 7:37 pm
Forum: General
Topic: Mikrotik & Lightning
Replies: 13
Views: 1173

Re: Mikrotik & Lightning

I dont have any pictures on hand . we normally use an old elextrical cable 25mm2 strip off the shielding and make our own. Bury it +- 2 meters down and then drive a earth rod down further. Bond the mat and earth rod together run a 25 mm2 cable from that earth distribution point where we bond all ear...
by dgnevans
Mon Feb 20, 2017 7:26 pm
Forum: Beginner Basics
Topic: Assign LAN port to WAN
Replies: 10
Views: 2071

Re: Assign LAN port to WAN

This can all be done with nat.
by dgnevans
Mon Feb 20, 2017 7:24 pm
Forum: General
Topic: Mikrotik & Lightning
Replies: 13
Views: 1173

Re: Mikrotik & Lightning

3 x Big earth mat near base of tower/ connect tower earth and building earth as well as utility earth together so you dont get potential difference between them/. lighning arrestors on everything that come from outside. you cant guarantee but you can reduce losses.
by dgnevans
Mon Feb 20, 2017 2:59 pm
Forum: General
Topic: remove double nat
Replies: 3
Views: 577

Re: remove double nat

There are a number of ways you can do this. You could setup dhcp on your main router and then bridge your lan port on your AP's to your wireless. Number 2 setup static routes for each lan behind the wireless on the main router and then remove nat. This would require you to change the lan address beh...
by dgnevans
Mon Feb 20, 2017 2:31 pm
Forum: General
Topic: Limit both: Each Ip and at the same time the whole subnet
Replies: 3
Views: 332

Re: Limit both: Each Ip and at the same time the whole subnet

In winbox the parent queue needs to be below all the other queues as queues are run in order. ie if queue 0 is for a different lan segment or vlan and your traffic does not match that it will go down the queues until your traffic is matched. So if you have a queue that matches your traffic at the to...
by dgnevans
Sun Feb 19, 2017 7:35 am
Forum: General
Topic: Limit both: Each Ip and at the same time the whole subnet
Replies: 3
Views: 332

Re: Limit both: Each Ip and at the same time the whole subnet

Create a pcq upload for 512k and pcq download for 3M then create simple queue with a Mac limit of 10M download and 1M upload put the target as you 192.168.10.0/24
by dgnevans
Fri Feb 17, 2017 8:33 pm
Forum: General
Topic: Detect Attack
Replies: 12
Views: 2380

Re: Detect Attack

I agree protecting your router from input attacks directly to the router is important.
by dgnevans
Fri Feb 17, 2017 5:37 pm
Forum: General
Topic: Detect Attack
Replies: 12
Views: 2380

Re: Detect Attack

are you allowing remote dns requests
by dgnevans
Fri Feb 17, 2017 5:28 pm
Forum: Wireless Networking
Topic: speed issues - what I am doing wrong?
Replies: 26
Views: 3344

Re: speed issues - what I am doing wrong?

the other thing to do is run a traceroute to google.com and see how it goes out to make sure it follows the paths it should
by dgnevans
Fri Feb 17, 2017 5:25 pm
Forum: Wireless Networking
Topic: speed issues - what I am doing wrong?
Replies: 26
Views: 3344

Re: speed issues - what I am doing wrong?

I am going to highlight the ones I dont believe are needed in red you can disable and see that they are not before deleting the ones you have put useless I guess next to are needed because they tell that particular router where to find the other lan without it you have to go to the start router or r...
by dgnevans
Fri Feb 17, 2017 3:28 pm
Forum: Wireless Networking
Topic: speed issues - what I am doing wrong?
Replies: 26
Views: 3344

Re: speed issues - what I am doing wrong?

1 10.4.4.1/30 10.4.4.0 eth0 <<< THAT'S A SURPRISE TO ME. i THOUGHT 10.4.4.1 TO BE THE AIR0 i/F ADDDRESS! 10.4.4.1 is the ip address 10.4.4.0 is the subnet id or network id 1 ADC 10.4.4.0/30 10.4.4.1 bridge1 0 <<<I don't understand this dynamic rule. Already have a static rule to the homeside of the...
by dgnevans
Fri Feb 17, 2017 2:36 pm
Forum: Wireless Networking
Topic: speed issues - what I am doing wrong?
Replies: 26
Views: 3344

Re: speed issues - what I am doing wrong?

So do you have static routes on each of the sxt's as well as the 2011 pointing to all the lans you require access to? AS you are routing between mutiple routers 2 x sxts and 1x 2011 to get out to the internet it could be something as simple as the default route you pointed at from home is going a ro...
by dgnevans
Fri Feb 17, 2017 2:16 pm
Forum: General
Topic: Limit Bandwith in a CCR1036 interface
Replies: 13
Views: 1354

Re: Limit Bandwith in a CCR1036 interface

I uncheck allow fastpath to be on the safe side.
by dgnevans
Fri Feb 17, 2017 12:54 pm
Forum: Announcements
Topic: Winbox 3.11 released!
Replies: 94
Views: 283642

Re: Winbox 3.11 released!

ip accounting
is working again from within winbox
by dgnevans
Fri Feb 17, 2017 12:43 pm
Forum: General
Topic: Limit Bandwith in a CCR1036 interface
Replies: 13
Views: 1354

Re: Limit Bandwith in a CCR1036 interface

Make sure you disable fast path for this to work as fast path bypasses simple queues.
  • 1
  • 2