MikroTik

ebreyit

I see docs are now up on the Things Network

https://www.thethingsnetwork.org/docs/g ... /mikrotik/

Just note that RouterOS LoRa support is limited to MikroTik LoRa card, we don't support 3rd party LoRa cards.

ebreyit

https://www.msdist.co.uk/mikrotik/wirel ... ct-Details

ebreyit

I like that you've finally gone with a clover leaf power connector rather than a country specific plug, makes for easy use in all countries without a specific socket version. Puzzled why you left out RouterOS, as mentioned it has so many possibilities. My wish list for future expansion on this would...

ebreyit

Previous info I have posted on the topic here https://forum.mikrotik.com/viewtopic.php?t=119226#p587497 I have used this with a number of YouView boxes on TalkTalk and BT. It might be that your missing the Multicast group IP's rule in your firewall. Post you full config from an export here instead o...

ebreyit

viewtopic.php?f=2&t=146240
&
https://www.thethingsnetwork.org/forum/ ... eway/23612

[/quote]

so where is more info about the pic....
[/quote]

ebreyit

Might be good to see a unit come out with GPS built in as well, plus maybe an extra mPCIe slot which could support LTE or additional WiFi (e.g. 5GHz) That would be very useful for shorter term/ad hoc deployments and other scenarios. The GPS would ensure the IOT network would always know the correct ...

ebreyit

How many caps have you got connected..? /ip address add address=192.168.111.1/24 interface=ether2 network=192.168.111.0 That should be on bridge1 as ether2 is a bridge port Try using bridge split horizon instead of bridge firewall to isolate ports. Any bridge port with a split horizon can only commu...

ebreyit

Hi, Drop your config here so we can take a look to see what's going on. It might be that on that specific AP clients can't see each other, but, it's able to see other clients on the same L2 segment (clients on other AP's) if bridge horizon or another form of isolation is not employed. This can happe...

ebreyit

I've just contacted one of my distributors regarding availability and delivery in the UK. I was told that this product won't be coming to the UK as Mikrotik have no interest in marketing this product in the UK. Can someone from Mikrotik please confirm if this is the case? I've repeatedly asked for ...

ebreyit

Here's some info that I've found Going to order one of the SmartCafe and ACOSJ Cards once the supplier has some in to try and will post the results. Would be nice if Mikrotik could provide some more information such as any cards they've tested along with any Java Card/GlobalPlatform minimum version ...

ebreyit

server CPU supports AES-NI? Xeon D-1541 ( https://ark.intel.com/products/91199/Intel-Xeon-Processor-D-1541-12M-Cache-2_10-GHz ) ESXI extension pass-through is not disabled Image attached of CPU-Z running on a guest in the same Host showing the AES-NI Also I'm assuming that if GCM has been hardware ...

ebreyit

Please post config here

One possible omission is forgetting to add a NAT rule

ebreyit

Im seeing this also. ESXI V6 CHR RouterOS 6.42.4 If I set the proposal to aes-256 gcm I get the hardware flag and CPU stays low If I set it to aes-256 cbc or ctr then there is no hardware flag and CPU rises. Has anyone seen aes-265 ctr or cbc work on a CHR...? I'd like to get it running as I have a ...

ebreyit

Provided the netmetals are set to AP Bridge and Station Bridge it will be transparent and VLAN's will cross it fine.

ebreyit

I've had this happen on quite a few upgrades, especially going from 6.3x to 6.4x firmwares.

On some I've been able to downgrade, then re-upgrade has work correctly.

Cleanest fix is netinstall though.,

ebreyit

Are the cable modems just operating in bridge mode..? with the Mikrotik connecting to the internet using PPPoE. Essentially the Cable modems could all be connected to the Switch, each one given a different vlan and then all trunked over one physical ethernet to the Mikrotik. You would only then need...

ebreyit

yes i kinda understand now and yes its wifi-based . there are a lot of routers that you can't connect to when your MAC is changed it will always say that the wifi password is wrong even if its right. can we use that feature in Nano station ? it will be like the best thing to stop spoofing I think y...

ebreyit

Hi, Try to describe in more detail the sort of setup/configuration you imagine. Mikrotik gear in most cases works fine with other vendors depending on what your trying to achieve. The 'lite' AP's only have a level 3 license, so unless you upgrade them to level 4 they can only be used as PtP bridges ...

ebreyit

I'm not sure a band aid based on a response from here is going to solve your problem. If this is causing you real issues, you need to spend some time thinking about your current strategy and do some research on a number of possible solutions to the security and accountability issues you are facing. ...

ebreyit

How many clients
How far will the furthest client be from the pole
how far is each pole from each other
client bandwidth expectations
available bandwidth in your backhaul

the more information you give, the better informed the answer will be as there are so many variables and choices

ebreyit

Disable client forwarding on WiFi networks and use bridge horizon

ebreyit

Is there an issue with how it's configured now..?

ebreyit

Are you sure it's a DNS issue not clients trying to access https sites..? What's the exact message you see on the client devices.

ebreyit

Use address lists and firewall rules, many examples in the forum

ebreyit

Access for hotspot is based on Mac address and the only one the mikrotik can see is the WAN mac of the other routers.

If you need them to have unique access then they need to be on the layer 2 network created by the Mikrotik hotspot

ebreyit

Admin ports should not be directly open via Public IP.

Either use port knocking or a VPN to manage the router from the Internet

ebreyit

As suggested, users get wise to enabling BitTorrent encryption etc which will make layer 7 efforts far less or completely in-effective, savvy users may even start to use VPN to hide the traffic You're better off approaching this from a QoS point of view, prioritising certain traffic leaving bulk tra...

ebreyit

Use Firewall Address List to drop traffic, not layer 7

viewtopic.php?f=13&t=71370&p=617829#p617829

ebreyit

Firewall address list supports domain names and dynamically adds IP entry to same address list. Provided you use the Mikrotik as the DNS server it will always server up the same IP address/s of the specified domains and subsequently drop the traffic Add address to block as follows ip firewall addres...

ebreyit

Assign the Addresses to the respective ports

Create a DHCP server on each port to distribute addresses in the relevant range

Create a firewall rule to drop traffic from each lan trying to access the other.

ebreyit

ShadeOfSpirit sounds spot on to me. If the Alfa is acting as a router with NAT enabled then the Hotspot is only seeing the mac address of the Alfa device and allows Internet access to all traffic coming from that mac. I use this trick myself when away from home using one of the smaller RouterBoard d...

ebreyit

Also do a trace route to 8.8.8.8 from the pc and post results here

ebreyit

Export your config and drop a copy here.

Also do a tracert/traceroute from your PC to the VPN's IP and post the results here

ebreyit

This is a bit rough and ready and may contain mistakes but should point you in the right direction. This is also not the only way it could be done and may not be the best Add IP addresses you want to route via the VPN to an address list /ip firewall address-list add address=192.168.88.254 list=OutVp...

ebreyit

If it's able to connect to a 2.4GHz network then it's not an SXT lite 5..

ebreyit

It might be how you have srcnat set up and/or whether the server at the other side knows how to route back to your lan IP (192.168.88.254) If the packets from your local lan (192.168.88.254) are only natted when they leave your router for the internet (0.0.0.0/0 or it's interface) then your lan IP w...

ebreyit

If not already enabled add pppoe and ppp in system>logging to show more information about the connection attempt. If that doesn't show enough add debug. Hopefully that will give more of a clue as to the cause of the issue

ebreyit

Use routing marks.

Mark the traffic intended for the IP of the remote VPN endpoint such that in the routing table you route it via the intended WAN connection (The LTE Connection)

ebreyit

Firewall address list supports domain names and dynamically adds IP entry to same address list. Provided you use the Mikrotik as the DNS server it will always server up the same IP address/s of the specified domains and subsequently drop the traffic Add address as follows ip firewall address-list ad...

ebreyit

My advice is don't leave SQL open to the Internet, even if you change the port it'll still be found and brute force login attempts will continue.

If you need remote access to the SQL server use a vpn

ebreyit

Some of the domains for windows update can be found @ https://technet.microsoft.com/en-gb/library/bb693717.aspx You can add these to address list in the firewall and use that to mark packets. You would probably also need to use the Layer 7 approach you're also looking into to catch the new inter PC ...

ebreyit

FlashFig is available for Mass config. https://wiki.mikrotik.com/wiki/Manual:Flashfig your issue might be the fact that factory reset reverts back to Mikrotik default not your own th.ough

ebreyit

If you want them isolated why put them on the same bridge..?

ebreyit

+1 for rest

I think you'd probably find a lot more developers taking interest in producing apps and integrations for Miktorik products if implemented

ebreyit

ebreyit - Client is not changed within this version. maybe you did by accident change something in QuickSet? I don't use quickset. original version 6.39.1 upgrade to 6.39.2 via system > packages on reboot pppoe-client was there but contained no settings as If I had just gone to create new one Other...

ebreyit

I just popped this on a ccr1009 and it removed all the settings from my main pppoe client interface preventing it from connecting to the internet.

ebreyit

EOIP will provide the required Layer 2. Push some data through once it's all up to make sure it's configured properly as EOIP is stateless.

The EOIP links should show up as available slaves under bonding in the interface menu of Winbox

Then try a mode like balance-rr.

ebreyit

Bonding requires a layer 2 connection. L2TP/IPSEC is providing a layer 3 connection

ebreyit

Export the configs for both routers and post them here so that we can see what's going on.

ebreyit

Here's some info from https://community.bt.com/t5/YouView-Boxes/Extra-IPTV-channels-working-on-Mikrotik-750G-router-a-short/td-p/1137730 Although it's for a different set top box the principal is the same with other services. I've used it successfully myself to connect IPTV STB's to ISP's Multicast ...

ebreyit

Many of the RouterBoards have USB so you can pop in a 3G or LTE modem. The Hap ac lite and the Hap ac both have USB ports and would fit the bill. Just check compatibility first and make sure you're running a recent RouterOS version. Mikrotik also produces an SXT LTE ( https://routerboard.com/RBSXTLT...

ebreyit

Do a packet capture of the connections as the PPPoE is initiating in both circumstances and start a conversation with your ISP.

ebreyit

How much traffic / bandwidth do you see the link using..?

Personally I'd prefer Mikrotik both sides

ebreyit

Some very interesting articles by one chap on this subject worth reading. http://www.sniffwifi.com/2010/12/setting-data-rates-just-dont-do-it.html http://www.sniffwifi.com/2012/04/phones-on-wlan.html http://www.sniffwifi.com/2012/11/back-to-basics-again.html http://www.sniffwifi.com/2013/03/roam-lik...

ebreyit

Has anyone taken a look at NetData. http://netdata.firehol.org/ https://github.com/firehol/netdata/wiki/snmp.node.js Have got a version running on my Asustor NAS and it looks nice. When I get a chance I might try popping it on a system and using the SNMP Data Collector to query some Mikrotik gear.

ebreyit

Which Routerboard device have you purchased

ebreyit

missing dude-6.35rc2.npk

Also getting this when trying to update CCR from system \ packages in winbox 3.1

ebreyit

Is there anything else I can send you to be able to track this down? If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash. Think they get everything they need f...

ebreyit

It's a tough one, but, there are some good comments in the thread so far. Have to agree that you need to fully understand the network topology and configuration before you go messing (from end to end). It's a ball ache of a job but the more info you have before you start to alter anything the less l...

ebreyit

Try to find out if it's possible to login via a URL (with token or encoded credentials as part of the URL)

ebreyit

Try disabling the LCD.

ebreyit

Following work from the guys at Mikrotik I can confirm that RFC4638 1500MTU via PPPoE on standard UK FTTC connections is now working with 6.34rc9 Tested on CCR1009, SXT SA5, and a RB2011 so far with ECI B-FOCuS, and Huawei HG612 Modems (as supplied by OpenReach, unmodified) Tested on 4 Entanet accou...

ebreyit

Hi, Can you post an export of your config and a diagram of your network so that it will be easier to see what's gong on. I use an ISP for a number of clients that gives out /56 IPv6 and have been using a mixture of mipsbe and CCR's without issue for some time. Usually break it up into 256 /64's to k...

ebreyit

Dense deployments are tricky things. As bad as this turned out, hopefully you've manage to learn a lot and made some good observations. Key points (some as mentioned above): 2.4G has only 3 non-overlaping channels 1 - 6 - 11 (some countries you may also get 14 but it's close to 11) In the UK we have...

ebreyit

Reviving this one as more vendors are adding this now. can Mikrotik add 802.11r, 802.11k and 802.11v to CAPsMan https://support.apple.com/en-gb/HT202628 https://documentation.meraki.com/MR/WiFi_Basics_and_Best_Practices/802.11k_and_802.11r_Overview http://www.cisco.com/c/en/us/td/docs/wireless/contr...

ebreyit

+1 for IGMP snooping

ebreyit

Sounds very similar to the issue mikrotik devices had with the UK's openreach FTTC modems.

Not sure if it was a hardware or firmware fix from mikrotik to fix in the end though.

Might be worth inquiring.

ebreyit

is a tunnel to/from the radius server/network not possible...?

ebreyit

Torrent link http://www.mikrotik.com/download/routeros-ALL-6.30.torrent is ready ...but no seeders, yet... Seeding away merrily now from my Kimsufi box We don't even list the torrent on the download page, so fixes were not applied to it. Please download from our homepage Why the move away from Torr...

ebreyit

Easiest way is to connect TP-Link to a different port on the RB2011. Create a separate lan on that port with it's own IP subnet and DHCP server, set relevant NAT/masqarading rules etc to allow internet access. The finally either set a blackhole rule in routing or use the firewall to prevent the 2nd ...

ebreyit

Hi, Also try disabling MRRU then playing with the MTU, MRU settings again. I've come across a few PPPoE connections where having it enabled caused havoc or the connection just didn't plain work, the second I disabled it and restarted the PPPoE session things just fell into place. It may not work for...

ebreyit

Pop a Kodi (Formerly XBMC) box somewhere with loads of content on it (all scraped with TheMovieDB or TVDB etc etc) , enable upnp then get remote MT boxes setup same as you have just done and they will see the remote Kodi server (once you add it as a UPnp source) and be able to stream content from it...

ebreyit

Hi,
Export your current config (from both ends), post them here and I'll take a look.

This setup also works great with UPnP/DNLA across remote links once you get it going, provided you have sufficient Upload capacity at the source.

ebreyit

Can you export your router config and post it here. it will make it easier to see what's going on.

ebreyit

+1 for indoor and outdoor

ebreyit

Leaky feeder cable will grab the interference from all around and also will make all the clients to share one ap radio. This is not enough advantageous according to my opinion. That depends entirely on what the OP intends to use it for and the number of active clients he wishes to serve. Either RBM...

ebreyit

What about Leaky Feeder Cable (http://en.wikipedia.org/wiki/Leaky_feeder)

ebreyit

Client or Wireless isolation only prevents stations (clients) on the same AP from communicating with each other, it does nothing to protect devices downstream of the AP, i.e. wireless clients/stations connected to other AP's or the rest of your network infrastructure. In wisp deployments PPPoE is em...

ebreyit

Hi, The Mikrotik cannot be used to bind two unrelated ISP's into a single aggregate connection. Options: 2 (or more) connections from the same ISP who are able to provide an MLPPP PPPoE connection. This would provide a sum total of all the available bandwidth. http://wiki.mikrotik.com/wiki/Manual:ML...

ebreyit

Wireless protocol is exclusive, per radio. RB921UAGS has only 1 Radio

You have to choose which one to use. 802.11, NV2, Nstream etc.

If set to nv2-nstreme-802.11 then it sticks to which ever gets connected first

ebreyit

Pipped me to the post czolo

ebreyit

http://wiki.mikrotik.com/wiki/Manual:Cu ... ng_Hotspot

ebreyit

Hi RazorMK, use the following, making sure that where I have set ether1 you set it to the interface where you connect to your isp. /ip firewall mangle add action=change-mss chain=forward new-mss=1400 in-interface=ether1 protocol=tcp tcp-flags=syn tcp-mss=1401-65535 add action=change-mss chain=forwar...

ebreyit

I use the logging function to email when a user logs into the routerboard. Setup email, in the tools menu, the under logging create a new action, type email. Then, add a new logging rule. Topic: Account, Action 'Your new emailing action' Now try logging in from winbox and you should receive an email.

ebreyit

Even though you're not on PPPoE, MTU could still be the issue somewhere. As a check, get the IP for the server you're failing to connect to and ping from the router with just the normal settings. Provided you get a reply you can proceed by setting the packet size to 1500 and check the 'Don't Fragmen...

ebreyit

Can you export a copy of your current config (pop it in a code block on here) and perhaps a diagram or two showing us what you have, followed by what you would like. That will make it easier for others to provide feedback and comment on your proposal.

ebreyit

Create an access point on a Mikrotik router. Connect you phone and use the Youtube app.
Meanwhile, use torch and/or the packet sniffer (in conjunction with https://www.wireshark.org/) to analyze the traffic.
That should give you plenty of information to get on with trying to block it.

ebreyit

Please don't multipost the same question in multiple forums. it all becomes very fragmented otherwise

Please post here your full config output from Export (in a code block for easier reading), that will make it easier for people to feedback on your actual configuration.

ebreyit

Hi,
Please export your config so that your exact setup can be seen.

ebreyit

Hi,
Please post an export of your config so that we can see the exact setup.

ebreyit

Most likely an MTU issue. I suggest adding the MTU/MSS Rules manually Alter the 'TCP MSS' and 'New TCP MSS' values accordingly till you can find the highest value that works all the time, I suggest no higher than 1492 though. IP Firewall Mangle 2 New Rules Rule No. 1 General Tab Chain: Forward Proto...

ebreyit

I can also confirm there is a noticeable drop in CPU if the LCD is disabled.

ebreyit

Have you thought about HomePlug AV as a solution to placing AP's in remote locations within the property without additional wiring. Use PiggyBack HomePlug units if you can get them (better filtering) and consider using the newer AV2 units which utilise mimo to get the best speeds (or stability with ...

ebreyit

Have a look through these articles

http://shop.duxtel.com.au/article_info. ... cles_id=46

http://shop.duxtel.com.au/article_info. ... cles_id=51

http://shop.duxtel.com.au/article_info. ... cles_id=44

ebreyit

How many people can fit in a room...? Neither question is able to bring forth a meaningful answer without further information. Even then, Mikrotik places no limits on how many clients can connect to an AP, but, just because you could connect hundreds doesn't means that's workable either. I read a ni...

ebreyit

Policy Based Routing is what your after

http://wiki.mikrotik.com/wiki/Policy_Base_Routing Gives an example, just ignore the content idetifier and mark the packets/connection based on IP/port

ebreyit

Hi, I've found that if one of the connections is not stable it can cause issues. Make sure you're using a scheduled script to check for a dead PPPoE session such as the following, as the unstable connection may cause the connection to grind to a halt without causing a full disconnection. I typically...

ebreyit

Hi, If the current modem/routers don't work well as bridges then I would suggest that you get some modems that do work well as PPPoE bridges, e.g. the Vigor 120 for ADSL and maybe a Huawei HG612 or similar for the VDSL (can also do ADSL if you just get two of these). Trying to DMZ the the connection...

ebreyit

i confirm the same sstp bug! http://forum.mikrotik.com/viewtopic.php?f=2&t=78816&p=465171#p465042 I can also confirm issue with windows 8.1 sstp vpn clients following upgrade to 6.25. Error 619 reported by windows vpn client when trying to connect. Immediate downgrade back to 6.24 solved th...

ebreyit

Differences in Winbox. In case you haven't noticed yet Winbox 3b3 isn't showing all of the new features added in the latest ROS, but they are visible in The older Winbox. In the link below you can see two screen shots I've sent to Mikrotik support (Ticket#2015010966000616) showing bits like Cap Nam...

ebreyit

Hi kosztyua,
Can you paste in both of your configs here (export from cli) so that we can have a look at the whole picture.
Might just be something simple, I've often spent time ripping my hair out on things like this only to discover a subtle change is all that's required.

ebreyit

Hi,
Your diagram is a little ambiguous. are you using one or more CAPsMANs (CAP Managers)...?

ebreyit

Hi All, No script required, Access list will achieve what you are looking for. Checkout this post http://forum.mikrotik.com/viewtopic.php?f=1&t=91002&start=50#p459889 Important thing to remember is that you MUST have an accept rule to enter the client into the ACL so that you can control aut...

ebreyit

Hi All, No script required, Access list will achieve what you are looking for. Checkout this post http://forum.mikrotik.com/viewtopic.php?f=1&t=91002&start=50#p459889 Important thing to remember is that you MUST have an accept rule to enter the client into the ACL so that you can control aut...

ebreyit

Hi, The firewall is an ordered list of rules. to allow some traffic but block all else you will need to create specific 'allow' rules (specifying source and or destination by IP for example) higher up the list, followed immediately by your 'drop' rule. I would create these rules at the branches so t...

ebreyit

Differences in Winbox. In case you haven't noticed yet Winbox 3b3 isn't showing all of the new features added in the latest ROS, but they are visible in The older Winbox. In the link below you can see two screen shots I've sent to Mikrotik support (Ticket#2015010966000616) showing bits like Cap Nami...

ebreyit

I am also now experiencing the issue with Winbox3 Beta 3 where in on Windows 7 64 machines I see the list of discovered decives, but no form fields. This just started int he last few days, and affects more than one machine. No changes on machines save for the last round of Windows Updates. https://...

ebreyit

That's not an easy question to answer. Theoretically hundreds of clients could be registered but that does't mean it would be functional. regardless of chosen vendors equipment, factors such as antenna (both ends), los or lack of, fresnel zones, interference, neibouring wifi installations, distance ...

ebreyit

Try the http://routerboard.com/RB951Ui-2HnD

It has a good price / performance balance

600MHz CPU (overclockable to 750MHz) and 128MB of RAM

On an 8Mbit connection it should be more than enough

ebreyit

Hi, What countries are those interested in bonding in and what/who are your isp's..? If you are using the same isp and connecting with PPPoE then ask about MlPPP as Router OS has support for aggregating links through this. http://wiki.mikrotik.com/wiki/Manual:MLPPP_over_single_and_multiple_links Oth...

ebreyit

Checkout http://wiki.mikrotik.com/wiki/Manual:Interface/PPTP

Especially Connecting Remote Clients.

ebreyit

Hi, Which port are you plugging the unifi into on the 2011. I've had problems with a few pieces of equipment (openreach VDSL Modems mostly) which flap on the gigabit ports (1-5) but are solid on the 10/100 ports (6-10). Also have you tried making ports 2 and 6 masters for 3-5 and 7-10 respectivley, ...

ebreyit

Great, that should work for you once switched as the list operates top to bottom.

re

i have access rule but it was secend, i change to first accept and then reject and check.

thx

bleblas

ebreyit

Hi bleblas, If that is your only access list rule then it's not complete. As per the wiki and my code example you need to include an accepting rule first so that the client is included in the connected clients ACL, once there it can then be controlled by further rules which will disconnect clients w...

ebreyit

Hi bleblas My experience is that if set correctly Access List will disconnect an existing client if signal drop below threshold if set correctly as per Wiki You should be seeing log entries stating that a client has disconnected, signal too weak! I then see it immediately register on the next AP (if...

ebreyit

In multi-AP installations I've also been using the following to assist in nudging clients onto AP's whilst moving around. In most scenarios it works great. Some applications might suffer from the sudden drop off though (VOIP). Streaming has worked fine for me whilst jumping from one AP to another. P...

ebreyit

Definitely working well 6.15 - 6.19. Not upgraded to 6.20 yet. Have the same CCR running site to site between a ccr and various other mikrotiks and site to client with windows 7, 8 and 8.1

ebreyit

Hi aresmt, I think what Jarda is getting at, is that you need to provide a narrower scope of variables before you can expect a realistic answer, otherwise the question is to open and ambiguous to gain useful answers. Do you expect each client to utilise 100-200Mbps each, or, is that to be the max ba...

ebreyit

Recently trying to setup a CCR to connect to an ISP using Fully Bridged PPPoE utilising a Draytek Vigor 130. Issue: Even with all the vlan options turned off the Vigor seems to be tagging the PPPoE with VLAN ID 0 Findings: As the PADO comes back tagged with VLAN ID 0 it (the CCR) refuses to see the ...

Search found 119 matches