Community discussions

Search found 15 matches

by NetflashTechnical
Mon Aug 20, 2018 5:42 pm
Forum: General
Topic: PSA: bandwidth-test Brute Force attempts
Replies: 2
Views: 466

PSA: bandwidth-test Brute Force attempts

So it looks like someone has gotten wise to Mikrotik's having bandwidth-test enabled by default and pretty much every public IP-facing Mikrotik we have has logs looking like this now: https://i.imgur.com/mpH1dXu.png Upside: Getting more targeted attacks against Mikrotiks means they're becoming just ...
by NetflashTechnical
Thu Jun 28, 2018 10:49 pm
Forum: Announcements
Topic: v6.42.5 [current]
Replies: 124
Views: 22039

Re: v6.42.5 [current]

Still can't turn off flooding options on dynamic bridge members :(
Should be an option to blanket deny or blanket accept for a given bridge, then allow static port settings to override.
FloodingL2TP.PNG
by NetflashTechnical
Thu Mar 29, 2018 6:14 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 94745

Re: v6.42rc [release candidate] is released!

With the Unknown Unicast/Multicast Flood disable button being added in to the bridgeports, is there a way we can get that added to PPP profiles similar to bridge/bridge priority/cost/horizon? OR have a bridge-wide default option for it to be either on or off? I'd rather it DIDN'T default to "on" htt...
by NetflashTechnical
Fri Mar 09, 2018 5:27 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 94745

Re: v6.42rc [release candidate] is released!

What's new in 6.42rc39 (2018-Mar-07 07:01): *) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts; *) bridge - added per-port learning options; *) bridge - added support for static hosts; *) bridge - fixed reliability on software bridges when used on ...
by NetflashTechnical
Thu Feb 15, 2018 12:54 am
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 94745

Re: v6.42rc [release candidate] is released!

Is IGMP snooping fixed in rc24 or in 6.41.2?

Got yelled at last time so I've left it off for now :-)
Response to my ticket to support@ is that they plan on addressing it in 6.42 eventually, but it doesn't look like it's been touched yet
by NetflashTechnical
Mon Feb 05, 2018 6:43 pm
Forum: Announcements
Topic: v6.41.1 [current]
Replies: 106
Views: 14975

Re: v6.41.1 [current]

NetflashTechnical - Please generate supout file on your router while you see such behavior and send this file to support@mikrotik.com
Done! In fact, several supouts attached to it even :)

Ticket#2018020522004918
by NetflashTechnical
Sat Feb 03, 2018 12:57 am
Forum: Announcements
Topic: v6.41.1 [current]
Replies: 106
Views: 14975

Re: v6.41.1 [current]

Issue of flooding all bridge ports with IGMP Snooping on stream change (ie channel surfing, flood lasts about 1-2 sec) or interface removal (ie dynamic interface leaves bridge, flood lasts 60+ sec) still exists on this version. How to easily replicate: Method a) Put multiple interfaces on the IGMP-S...
by NetflashTechnical
Thu Jan 11, 2018 4:12 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: [6.41rc52] IGMP Snooping Flood Issues
Replies: 16
Views: 3972

Re: [6.41rc52] IGMP Snooping Flood Issues

In normal operation IGMP snooping blocks traffics if equipment didn't get IGMP join or report through the interface. In my opinion Mikrotik only blocks if it's in the MDB table.
100% Spot On what I'm thinking as well!
by NetflashTechnical
Thu Jan 04, 2018 9:06 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: [6.41rc52] IGMP Snooping Flood Issues
Replies: 16
Views: 3972

Re: [6.41rc52] IGMP Snooping Flood Issues

Issue persists in 6.41 final. Also tried with a CRS226-24G-2S+RM, same problem when using hardware offloading. Basically makes Mikrotiks useless for IGMP snooping, if someone flips channels too rapidly I can saturate every 1G interface on the switch in a matter of seconds. :| EDIT: I think I've got ...
by NetflashTechnical
Fri Dec 01, 2017 12:00 am
Forum: RouterOS v6 RC and v7 BETA
Topic: [6.41rc52] IGMP Snooping Flood Issues
Replies: 16
Views: 3972

Re: [6.41rc52] IGMP Snooping Flood Issues

Ohhh, good to know! It might be related to which CPU/chipset is doing the snoopin' because the 2011's use mipsbe... or at least the specific implementation of it for that chipset. Were you doing hardware offloading for the bridge on your CRS? I see the same problem on a CRS-125-1S-2HnD using 6.41 rc...
by NetflashTechnical
Thu Nov 30, 2017 5:11 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: [6.41rc52] IGMP Snooping Flood Issues
Replies: 16
Views: 3972

Re: [6.41rc52] IGMP Snooping Flood Issues

Update: Issue persists on 6.41rc56
by NetflashTechnical
Thu Nov 23, 2017 11:13 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: [6.41rc52] IGMP Snooping Flood Issues
Replies: 16
Views: 3972

Re: [6.41rc52] IGMP Snooping Flood Issues

Nadda?

Better question then: Is immediate leave implemented? I think that might solve this issue... maybe?
by NetflashTechnical
Mon Nov 20, 2017 10:06 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: [6.41rc52] IGMP Snooping Flood Issues
Replies: 16
Views: 3972

[6.41rc52] IGMP Snooping Flood Issues

I've run into an interesting issue with IGMP Snooping while testing on a 6.41rc52 bridge. It looks like when someone is channel surfing or when a port suddenly drops from the bridge, it then floods that stream to all channels for anywhere between 2 and 20 seconds. this can get excessive really quick...
by NetflashTechnical
Mon Nov 09, 2015 7:58 pm
Forum: Announcements
Topic: 6.33 version released!
Replies: 140
Views: 33666

Re: 6.33 version released!

Ok, LNS Support! Does that include LAC support? It'd be nice to aggregate all our line edge routers to central powerhouse routers for PPPoE, and ideally if we can do separate domains it would let us set up a reseller network through our infrastructure!
by NetflashTechnical
Sat Nov 07, 2015 12:39 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request - LAC/LNS functionality
Replies: 128
Views: 36626

Re: Feature Request - LAC/LNS functionality

I want our Mikrotik line edge routers to connect customer PPPoE requests back to our primary Cisco LNS (which is a massive powerhouse of a router) for PPPoE termination, ie LAC mode. I'm going to give it a test next week, but in the meantime does anyone else have LAC connectivity outbound working?