Community discussions

Search found 39 matches

by jml
Wed Nov 12, 2014 8:41 pm
Forum: General
Topic: Anyone using a PowerRouter v3?
Replies: 8
Views: 1571

Re: Anyone using a PowerRouter v3?

I haven't tried netinstall yet.
I'll give that a go as well.
by jml
Wed Nov 12, 2014 2:49 pm
Forum: General
Topic: New CCR1009-8G-1S-1S+ switch1 interfaces flapping
Replies: 1
Views: 611

Re: New CCR1009-8G-1S-1S+ switch1 interfaces flapping

Seems like lots of people have reported issues with 6.21 - you may want to downgrade to 6.20 or 6.19 and see if that fixes your issue.
by jml
Tue Nov 11, 2014 7:11 pm
Forum: General
Topic: Anyone using a PowerRouter v3?
Replies: 8
Views: 1571

Re: Anyone using a PowerRouter v3?

Also if anyone has used the MW-RM1300-i7 - Routermaxx 8 Port Gigabit Core i7 Router I would like to hear about it as well.
by jml
Tue Nov 11, 2014 4:21 pm
Forum: General
Topic: Anyone using a PowerRouter v3?
Replies: 8
Views: 1571

Re: Anyone using a PowerRouter v3?

Ticket#2014100166000455
by jml
Tue Nov 11, 2014 4:00 pm
Forum: General
Topic: Anyone using a PowerRouter v3?
Replies: 8
Views: 1571

Re: Anyone using a PowerRouter v3?

Your reply from your support guys was that it was 'defective RAM' which I found hard to believe since I had 2 units that supposedly had 'defective RAM'.
Also, testing the RAM myself with Memtest86 revealed no errors.
by jml
Tue Nov 11, 2014 3:34 pm
Forum: General
Topic: Anyone using a PowerRouter v3?
Replies: 8
Views: 1571

Anyone using a PowerRouter v3?

Hi, I was wondering if anyone was using a PowerRouter v3 and could give me an idea on how its performance/reliability has been. We had an utter fiasco trying to use a CCR with 2 full BGP feeds and about 200Mb+ of traffic (constant kernel panics) so we are looking for a replacement piece of hardware....
by jml
Wed Oct 08, 2014 2:48 pm
Forum: RouterBOARD hardware
Topic: VOIP call has no audio
Replies: 2
Views: 1457

Re: VOIP call has no audio

Is your grandstream behind NAT?
Have you done a trace to see where the grandstream is sending RTP packets?
by jml
Wed Oct 08, 2014 2:45 pm
Forum: RouterBOARD hardware
Topic: CCR1036 Bad RAM - 2 units so far
Replies: 8
Views: 1395

Re: CCR1036 Bad RAM - 2 units so far

Petzl,
Contact mikrotik support and have them test the RAM of your CCR.
They will need remote access and they will need to reboot the router a couple of times.
by jml
Tue Oct 07, 2014 4:19 pm
Forum: RouterBOARD hardware
Topic: CCR1036 Bad RAM - 2 units so far
Replies: 8
Views: 1395

Re: CCR1036 Bad RAM - 2 units so far

For reference this is ticket 2014100166000455
by jml
Tue Oct 07, 2014 3:11 pm
Forum: RouterBOARD hardware
Topic: CCR1036 Bad RAM - 2 units so far
Replies: 8
Views: 1395

Re: CCR1036 Bad RAM - 2 units so far

Because your support team has told me both units have had RAM issues after both units started crashing and I gave them remote access. I'm getting a 3rd unit today (different vendor). But now I need to test it for RAM issues because I don't want to install a 3rd unit that is going to crash again. I w...
by jml
Tue Oct 07, 2014 2:53 pm
Forum: RouterBOARD hardware
Topic: CCR1036 Bad RAM - 2 units so far
Replies: 8
Views: 1395

Re: CCR1036 Bad RAM - 2 units so far

Well the problem is one of these units is in production (replacing the previous unit). So I've got to pray now that it doesn't crash and take down our 200+ customers during the day. I've already had to disable one of our BGP sessions because that makes it crash quicker (assuming due to higher memory...
by jml
Tue Oct 07, 2014 2:42 pm
Forum: RouterBOARD hardware
Topic: CCR1036 Bad RAM - 2 units so far
Replies: 8
Views: 1395

CCR1036 Bad RAM - 2 units so far

I've now had two CCR1036 units diagnosed by Mikrotik with bad RAM. Has anyone else seen this? I know both were bought from Flytec Computers. I guess I'm going to have to put the SODIMMs in a laptop and run memtest86 whenever I get a new one? Mikrotik support won't tell me how to run the test they us...
by jml
Mon Oct 06, 2014 11:55 pm
Forum: RouterBOARD hardware
Topic: DO NOT USE CCR1036 WITH 2 BGP SESSIONS
Replies: 6
Views: 1774

DO NOT USE CCR1036 WITH 2 BGP SESSIONS

Just so someone else doesn't go through what I've gone through the past couple days... CCR1036 with 2 full table BGP sessions and a bunch of static routes and OSPF has crashed multiple times. First CCR was looked at by Mikrotik and they said it had bad RAM. Replaced it with a second CCR. Second CCR ...
by jml
Wed Oct 01, 2014 2:51 pm
Forum: RouterBOARD hardware
Topic: System rebooted because of kernel failure
Replies: 29
Views: 22851

Re: System rebooted because of kernel failure

Just had this happen to me with 6.13 on a CCR1036...after about 90 days of uptime. However crashes started happening every 5 minutes. Upgraded to 6.19, been up 8 hours so far with no issues. We will see what happens when the traffic picks up today, but frankly I'm nervous. I will be sending the supo...
by jml
Fri Aug 08, 2014 6:20 am
Forum: RouterBOARD hardware
Topic: CCR IPSec performance
Replies: 40
Views: 15484

CCR IPSec performance

Does anyone have stats on the CCRs for IPSec throughput?

Thanks.
by jml
Wed Jul 23, 2014 9:04 pm
Forum: General
Topic: RouterOS 6.11 - dropping UDP flows?
Replies: 8
Views: 1265

Re: RouterOS 6.11 - dropping UDP flows?

Apparently it has something to do with the Mikrotik SIP helper. Disabling it allowed the packets to flow.
Does anyone know what the SIP Helper is actually doing?
by jml
Wed Jul 23, 2014 5:41 pm
Forum: General
Topic: RouterOS 6.11 - dropping UDP flows?
Replies: 8
Views: 1265

Re: RouterOS 6.11 - dropping UDP flows?

Cisco 79xx phones now send outbound packets from 50000+ for "extra security".
Since I'm the VoIP provider, yes I do accept SIP packets coming from those ports :)

But the fact of the matter is, the Mikrotik shouldn't care that the packets originate from ports 50000+ unless I tell it to care.
by jml
Wed Jul 23, 2014 4:27 pm
Forum: General
Topic: RouterOS 6.11 - dropping UDP flows?
Replies: 8
Views: 1265

Re: RouterOS 6.11 - dropping UDP flows?

What do you mean ports 32768-65535 are "used for NAT"?
What if I have traffic that comes across the Mikrotik on those ports? It just dumps it?
Normally I do not have NAT running (there were no NAT rules installed before I tried the src-nat rule - this is a building router and does not NAT).

-- James
by jml
Wed Jul 23, 2014 2:52 pm
Forum: General
Topic: RouterOS 6.11 - dropping UDP flows?
Replies: 8
Views: 1265

Re: RouterOS 6.11 - dropping UDP flows?

It appears as though the Mikrotik does not like high UDP ports (50000+)...
If I src-nat the ports down to the 10000-20000 range, it seems to pass the traffic ok.

WTF!
by jml
Wed Jul 23, 2014 2:43 pm
Forum: General
Topic: RouterOS 6.11 - dropping UDP flows?
Replies: 8
Views: 1265

Re: RouterOS 6.11 - dropping UDP flows?

This is actually a new Cisco 7942 phone (we typically use the 5xx series).
I cannot control the outbound high ports (50000+). The phone automatically uses those ports.
by jml
Wed Jul 23, 2014 6:06 am
Forum: General
Topic: RouterOS 6.11 - dropping UDP flows?
Replies: 8
Views: 1265

RouterOS 6.11 - dropping UDP flows?

Hi, I have a RB2011 running 6.11 with a very simple routing setup. On this network there are VoIP phones, all of which work fine, except for a new phone which was just recently added. I've traced the problem to the Mikrotik router not forwarding the UDP packets from the phone (it will forward maybe ...
by jml
Tue Feb 25, 2014 12:49 am
Forum: General
Topic: Help with 802.3ad Bonding (only 1 link being used)
Replies: 1
Views: 1371

Help with 802.3ad Bonding (only 1 link being used)

Hi, I've set up bonding between 2 Mikrotiks using 802.3ad (I can't use balance-rr because I intend on using VoIP across this). However, I can't seem to get 2 independent speedtests to use both bonded links. I've got the Mikrotiks set up as follows: M1 (10.10.1.2/24) <----> M2 (10.10.1.1/24 (ether5) ...
by jml
Fri Jan 24, 2014 8:43 pm
Forum: General
Topic: Help with NATed VPN Config
Replies: 3
Views: 789

Re: Help with NATed VPN Config

Here are the relevant parts of the Cisco config I need to translate to Mikrotik: crypto isakmp policy 5 encr aes authentication pre-share group 2 lifetime 28800 crypto isakmp key xxxxxxx address yyy.yyy.yyy.yyy crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac ! crypto map PSM2 20 ipse...
by jml
Fri Jan 24, 2014 7:48 pm
Forum: General
Topic: Help with NATed VPN Config
Replies: 3
Views: 789

Re: Help with NATed VPN Config

I'm sorry I wasn't that clear. I do not control the far side of the VPN connection. It is fixed at 192.168.5.96/27 as the network that is presented. They require that IPs on my side are 172.16.169.0/24 for communicating across the VPN. The actual client's LAN is 192.168.1.0/24 and it cannot be re-IP...
by jml
Fri Jan 24, 2014 4:40 am
Forum: General
Topic: Help with NATed VPN Config
Replies: 3
Views: 789

Help with NATed VPN Config

Hi, I'm translating a VPN config from Cisco to Mikrotik. This VPN setup is a little different in that the LAN IPs need to be NATed to a specific IP range for the VPN tunnel. I was looking for a little help on setting that part up properly. The LAN IP range is 192.168.1.0/24 The valid VPN range is 17...
by jml
Mon Dec 09, 2013 2:35 pm
Forum: RouterBOARD hardware
Topic: S-31DLC20D GBIC compatible with Cisco3750?
Replies: 3
Views: 2023

S-31DLC20D GBIC compatible with Cisco3750?

Hi guys,
I was wondering if anyone has tried a S-31DLC20D GBIC in a Cisco 3750 Catalyst and had success.
We are going to be transitioning to Mikrotik HW on this particular switch, but I need a fiber circuit up ASAP and I really don't want to spend hundreds on a GBIC that's Cisco only.
by jml
Tue Oct 22, 2013 7:49 pm
Forum: General
Topic: VPN Help - Hub and Spoke w/ Aggregate subnet
Replies: 1
Views: 933

Re: VPN Help - Hub and Spoke w/ Aggregate subnet

It seems I might need an ipsec policy with action none for the local subnet. I've used the following but I still am not having any success: 1 src-address=192.168.88.0/24 src-port=any dst-address=192.168.88.0/24 dst-port=any protocol=all action=none level=use ipsec-protocols=esp tunnel=yes sa-src-add...
by jml
Tue Oct 22, 2013 7:44 pm
Forum: General
Topic: IPsec with multiple subnets on both sides
Replies: 3
Views: 6110

Re: IPsec with multiple subnets on both sides

Did you ever get the none IPSec policies working?
I'm trying to do a similar thing...
by jml
Tue Oct 22, 2013 7:22 pm
Forum: General
Topic: VPN Help - Hub and Spoke w/ Aggregate subnet
Replies: 1
Views: 933

VPN Help - Hub and Spoke w/ Aggregate subnet

Hi, I have a Fortigate 60D acting has a VPN concentrator and hub, and I have several sites that I want to be able to talk to each other using IPSec VPNs. In order to not have to maintain separate VPN tunnels for each, I've set the VPNs up so that the destination selector is an aggregate subnet, 192....
by jml
Fri Oct 18, 2013 5:17 pm
Forum: General
Topic: Hub and Spoke Ipsec VPN Help
Replies: 1
Views: 800

Re: Hub and Spoke Ipsec VPN Help

Any ideas on this?
This seems like incorrect VPN behavior, since traffic appears to not be being routed back to the source machine from the router itself.

Thanks.
by jml
Thu Oct 17, 2013 4:03 am
Forum: General
Topic: Hub and Spoke Ipsec VPN Help
Replies: 1
Views: 800

Hub and Spoke Ipsec VPN Help

Hi, I'm trying to set up a hub and spoke VPN between 3 sites with a Fortigate Concentrator as the hub. I can establish a VPN tunnel from my spoke at 192.168.1.0/24 using an aggregate subnet of 192.168.0.0/16 (all my other sites are in that block). However, once the VPN tunnel is up, there is no long...
by jml
Sat Aug 31, 2013 9:49 pm
Forum: General
Topic: Problem with simple RB750 Configuration
Replies: 9
Views: 2215

Re: Problem with simple RB750 Configuration

Yup, static IPs.
The correct gateway was verified on the tenant's router..
by jml
Sat Aug 31, 2013 7:02 pm
Forum: General
Topic: Problem with simple RB750 Configuration
Replies: 9
Views: 2215

Re: Problem with simple RB750 Configuration

A tenant with IP xxx.xxx.186.43 could not reach the internet, nor could I ping that IP except from the router SSH interface. Here is /ip route print [admin@MikroTik-13400] /ip route> print Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B -...
by jml
Sat Aug 31, 2013 6:48 pm
Forum: General
Topic: Problem with simple RB750 Configuration
Replies: 9
Views: 2215

Re: Problem with simple RB750 Configuration

Please see the pasted configuration:

I have xxx.xxx.186.41/29 assigned to the bridge
I have cleared all firewall rules
The ISP is routing xxx.xxx.186.40/29 to xxx.xxx.187.230 (assigned to ether1)

The very strange part was that I was able to ping the xxx.xxx.186.41 address fine.
by jml
Sat Aug 31, 2013 6:05 pm
Forum: General
Topic: Problem with simple RB750 Configuration
Replies: 9
Views: 2215

Re: Problem with simple RB750 Configuration

Yes. I unslave all the ports and assign them to a bridge because I need to implement queues for bandwidth control.
However, I still can't figure out why packets aren't forwarded from ether1 <-> bridge.
by jml
Sat Aug 31, 2013 4:39 pm
Forum: General
Topic: Problem with simple RB750 Configuration
Replies: 9
Views: 2215

Problem with simple RB750 Configuration

Hi, I'm trying to configure a RB750 with this simple configuration: Ether1 is connected by /30 to a radio uplink back to the rest of the network and the internet Ether2 (and also 3-5 once this is working) will be connected on a bridge that will provide connectivity to tenants. A /29 address will be ...
by jml
Fri May 31, 2013 4:17 pm
Forum: General
Topic: RB750UP - cannot access web interface from Port 1?
Replies: 8
Views: 1241

Re: RB750UP - cannot access web interface from Port 1?

Yup there's default firewall rules that block everything on port 1.
Disabling the rules causes it to work.
Duh!

Thanks.
by jml
Thu May 30, 2013 7:38 pm
Forum: General
Topic: RB750UP - cannot access web interface from Port 1?
Replies: 8
Views: 1241

RB750UP - cannot access web interface from Port 1?

Hi, So I've read that port 1 is configured on a 750UP as a "WAN" interface. Is it possible to access the web interface from this port? I don't know if I need firewall rules to explicitly allow it or if there is a setting somewhere..? I'm not hooking port 1 up to a DSL modem, but instead its connecte...
by jml
Wed May 15, 2013 3:25 am
Forum: Beginner Basics
Topic: Slave Ports + Firewall
Replies: 2
Views: 823

Slave Ports + Firewall

Hi, I have half the ports of my RouterBoard configured as slave ports to port 2, which is configured with the main network of the router (x.x.x.x.49/29). I've noticed that if I have a device running on any of the slave ports, none of the mangle firewall rules seem to pick up any packets. If a config...