Community discussions

Search found 492 matches

  • 1
  • 2
by joegoldman
Thu Oct 17, 2019 4:55 am
Forum: Beginner Basics
Topic: mikrotik router date and time is false
Replies: 2
Views: 206

Re: mikrotik router date and time is false

System->Clock to set it manually
System->SNTP Client to set it up to talk to an NTP server to set it automatically.
by joegoldman
Tue Oct 15, 2019 12:37 am
Forum: RouterBOARD hardware
Topic: New High Performance Routers ! ?
Replies: 37
Views: 4444

Re: New High Performance Routers ! ?

I see that it wont be happening at all in the near future. I'd hazard a guess at something by mid-2020, we have QSFP switches now I'm expecting a companion router - and not tile, less cores, more power per core, based on Router OS 7.0 (perhaps even a high powered ARM device given the 7.0beta has be...
by joegoldman
Sat Oct 12, 2019 11:47 am
Forum: Scripting
Topic: Script out entire router configuration or just a section of it?
Replies: 4
Views: 460

Re: Script out entire router configuration or just a section of it?

Yes for templates I tend to set up a device how I like it and '/export' the entire config then go through it separately and turn certain things into variables with a config section up the top - so its easier and quicker to edit for different routers. I find you need to have a template version per de...
by joegoldman
Sun Sep 29, 2019 1:34 pm
Forum: Wireless Networking
Topic: CAPsMAN 5G and 2G network at same time
Replies: 11
Views: 1191

Re: CAPsMAN 5G and 2G network at same time

Same SSID and password, and let the client decide. There will be very limited cases where devices that wont prefer 5G will need 5G. If they are static devices (such as TV's) then you can ACL them onto 5G but ultimately if they are not bandwidth heavy then it won't really matter all that much.
by joegoldman
Tue Sep 24, 2019 2:48 am
Forum: RouterBOARD hardware
Topic: Recover from "No Default Configuration" System Reset
Replies: 17
Views: 1003

Re: Recover from "No Default Configuration" System Reset

you can also run winbox under wine with mac-winbox working OK - can be a bit iffy but it does work. Sometimes you have to wait for the device to go to link-local address (wont detect the router while still searching for IP) or just set a static IP. Once connection 'established' on your linux box, wi...
by joegoldman
Sun Sep 22, 2019 4:16 am
Forum: General
Topic: CRS 328 SFP+ Speed
Replies: 5
Views: 746

Re: CRS 328 SFP+ Speed

Theoretically - as long as the disks in the NAS etc can sustain 10gbps, then yes the switch will forward 10gbps as long as its properly configured to use the switch chip.

When it's using the switch chip, it will forward traffic at full wire speed.
by joegoldman
Sat Sep 21, 2019 4:51 pm
Forum: General
Topic: CRS 328 SFP+ Speed
Replies: 5
Views: 746

Re: CRS 328 SFP+ Speed

As ste is alluding to - the CRS is for switching, traffic generator would require the packets to hit the CPU and not be handled purely in switch chip. TO test speed of your CRS328 you would need something out another port to push to the CCR1009, so you are testing the CRS forwarding capability - whi...
by joegoldman
Wed Sep 18, 2019 2:52 am
Forum: General
Topic: CRS317-1G-16S+ Suddenly Stopped Hardware forwarding
Replies: 0
Views: 291

CRS317-1G-16S+ Suddenly Stopped Hardware forwarding

Hi Forum, Not sure if anyones seen this issue. I have a CRS317-1G-16S+ in production currently running 6.43.4. I have all running switchports in the bridge, with SFP+1 and SFP+2 in a Bonding interface, which is also in the bridge, and indicated hardware in the bridge port list for hardware offload. ...
by joegoldman
Fri Sep 13, 2019 4:37 am
Forum: Beginner Basics
Topic: Setting Mikrotik with Leased Line Topology
Replies: 8
Views: 626

Re: Setting Mikrotik with Leased Line Topology

I've steered you to the likely answer - give it a go and tell me if it works. If you are not understanding what I am explaining then perhaps this task is beyond your capabilities and you should hire someone to help you. My explanation explains why you would not be able to ping the web server from yo...
by joegoldman
Thu Sep 12, 2019 7:18 am
Forum: Beginner Basics
Topic: Setting Mikrotik with Leased Line Topology
Replies: 8
Views: 626

Re: Setting Mikrotik with Leased Line Topology

yep so .161 doesnt know how to get back to you, which likely means you are presenting as your internal IP 192.168.88.x. Like a normal internet connection, you'll need to NAT your connection out of that interface. /ip firewall nat add chain=srcnat action=masquerade out-interface=<whatever interface t...
by joegoldman
Thu Sep 12, 2019 6:52 am
Forum: Beginner Basics
Topic: Setting Mikrotik with Leased Line Topology
Replies: 8
Views: 626

Re: Setting Mikrotik with Leased Line Topology

You'll likely also have to set a NAT rule to src-nat (or masquerade) for traffic out that interface as well, so it will appear as coming from 10.10.10.162 (as their network likely does not have a route back to you for 192.168.88.0/24)
by joegoldman
Thu Sep 12, 2019 4:41 am
Forum: Wireless Networking
Topic: 420Mbps inside trafic
Replies: 2
Views: 461

Re: 420Mbps inside trafic

that is specifically the CAPsMAN tunneling protocol - not sure why so much data would be going through it if not doing rolling upgrade etc - having it on all interfaces like that makes me think a bridge or loop issue. Perhaps see if you can capture the traffic and load it up in wireshark so you can ...
by joegoldman
Thu Sep 05, 2019 2:57 pm
Forum: General
Topic: Netflow and AS
Replies: 1
Views: 282

Re: Netflow and AS

It's been requested for years and never made it in, not really sure what the technical hurdle to this is apart from perhaps too many expensive route table lookups to get that information (RIB vs FIB), think about how long it takes to search the route table sometimes compared to other routing OS's. O...
by joegoldman
Tue Sep 03, 2019 7:39 am
Forum: Scripting
Topic: Changing autorun.scr no longer works
Replies: 7
Views: 908

Re: Changing autorun.scr no longer works

This is a user forum - so yes wrong way to get an official answer. Email their support staff, support@mikrotik.com I believe is still the current one.
by joegoldman
Mon Aug 12, 2019 5:36 am
Forum: RouterBOARD hardware
Topic: CRS312, CRS326-24S+2Q+ MIPSBE CPU?
Replies: 5
Views: 903

Re: CRS312, CRS326-24S+2Q+ MIPSBE CPU?

I'm sure QSFP+ enabled routers (CCR2xxx) range will be in the pipeline, these switches are basically the introduction to them. A 1072 equivalent with 2x QSFP and 6+ SFP+ ports will be magical for core routing.
by joegoldman
Mon Aug 12, 2019 4:32 am
Forum: RouterBOARD hardware
Topic: CRS312, CRS326-24S+2Q+ MIPSBE CPU?
Replies: 5
Views: 903

Re: CRS312, CRS326-24S+2Q+ MIPSBE CPU?

These aren't marketed (or priced) as full L3 switches. Yes you can route ports to CPU and run some L3 functions, but it is not a fully featured / full wire rate L3 switch, so if thats what you want this product for then this product is not for you. You'd have to send in your recommendations to Mikro...
by joegoldman
Mon Aug 05, 2019 1:50 am
Forum: Forwarding Protocols
Topic: 'Mesh' Network MPLS design
Replies: 0
Views: 394

'Mesh' Network MPLS design

Hi Forum, Running a decentralised mesh style network, where we have 10-20 sites interconnected via PtP links in big and small loops. Each site terminates PPPoE services locally and installs the customer route in the route table via OSPF - this is working well so far. However I have been thinking of ...
by joegoldman
Mon Aug 05, 2019 1:40 am
Forum: General
Topic: MTU settings for provider network
Replies: 0
Views: 238

MTU settings for provider network

Hi Forum, Looking to know your thoughts on MTU settings for provider networks. We run a decentralised core style setup - a PtMP wireless network from multiple tours. Each tower has an RB1100AHx4 or an RB3011 at the bottom, these routers terminate all local PPPoE sessions and then run OSPF between th...
by joegoldman
Wed Jul 17, 2019 9:49 am
Forum: General
Topic: VLAN within a VLAN
Replies: 5
Views: 478

Re: VLAN within a VLAN

Yes Possible, its called Q-in-Q. On Mikrotik its more referred to as S-tag, which would be the outer tag. So you could potentially: VLAN100 - STag enabled VLAN101 - Parent Int VLAN100 VLAN102 - Parent Int VLAN100 etc but networks between you and remote need to support you tagging this way too, they ...
by joegoldman
Mon Jul 08, 2019 1:57 pm
Forum: General
Topic: CSS610-8P-2D+OUT availability
Replies: 3
Views: 399

Re: CSS610-8P-2D+OUT availability

Considering the only reference to that part number I can find is this one thread, you'll have to be more specific at what device your looking at. Do you have a link to the announcement for it?
by joegoldman
Mon Jul 08, 2019 12:56 am
Forum: General
Topic: RULE for BANKS
Replies: 15
Views: 874

Re: RULE for BANKS

Your request is way too ambitious and unlikely. The easiest way is to look at the different RIR's, and find banking organisations, then you will have their IP blocks. Not all banks are likely to have their own allocation though. Then you get those who host their user services front-end in a cloud li...
by joegoldman
Mon Jul 08, 2019 12:53 am
Forum: Forwarding Protocols
Topic: OSPF Force path for specific subnet
Replies: 6
Views: 667

Re: OSPF Force path for specific subnet

Static routes, with check-gateway = ping.

So if Link A is your defailt and you want a specific subnet to go via Link B, then static route with check gateway on Link B (or a netwatch script, which is just as simple), so if Link B dies that traffic goes back via Link A
by joegoldman
Sun Jul 07, 2019 11:16 am
Forum: SwOS
Topic: CSS326-24G-2S+RM POE
Replies: 1
Views: 439

Re: CSS326-24G-2S+RM POE

Your switches are likely 802.3at/af Active PoE type switches - which is a common standard that a lot of things use, including some models of mikrotiks. The CSS326 unfortunately only accepts 24v Passive PoE in. The pinout is different, and voltage is different. Some switches, specifically managed, ca...
by joegoldman
Thu Jul 04, 2019 2:32 pm
Forum: Beginner Basics
Topic: Advice | Recommendation for new router
Replies: 10
Views: 761

Re: Advice | Recommendation for new router

hAP ac / ac Pro if you want something smaller/cheaper

RB4011 if you want a beast of a router.
by joegoldman
Thu Jul 04, 2019 2:26 pm
Forum: Beginner Basics
Topic: admin password recovery
Replies: 6
Views: 591

Re: admin password recovery

Do you have any .backup files? I believe they contain user passwords in them that can be extracted. Other then that, its too new for the old password database hack, you might not have much choice but to factory reset and rebuild - and learn a lesson on having multiple accounts/passwords or complete ...
by joegoldman
Thu Jul 04, 2019 2:23 pm
Forum: Beginner Basics
Topic: How to setup Captive Portal on Mikrotik Router?
Replies: 1
Views: 216

Re: How to setup Captive Portal on Mikrotik Router?

https://wiki.mikrotik.com/wiki/Hotspot_server_setup

https://wiki.mikrotik.com/wiki/HotSpot_ ... login_page

Mikrotik doesnt host PHP pages natively, if you want a PHP page specifically you'll have to externally host it and have your hotspot configured to point to it (all info in those 2 links)
by joegoldman
Thu Jul 04, 2019 2:21 pm
Forum: General
Topic: Choice router for central speed test
Replies: 7
Views: 553

Re: Choice router for central speed test

RB1100AHx4 or RB3011 - they have faster cores vs the CCR range which have many slower cores. 1100 or 3011 shoul dbe OK for 100mbit throughput testing.
by joegoldman
Wed Jul 03, 2019 11:23 pm
Forum: General
Topic: unwanted change of source IP in my traffic
Replies: 6
Views: 420

Re: unwanted change of source IP in my traffic

add action=masquerade chain=srcnat
This piece right here will masquerade all traffic everywhere. Define this better or get rid of it.
by joegoldman
Wed Jul 03, 2019 1:58 am
Forum: Scripting
Topic: Script to disable Wlan when no user are logged on
Replies: 8
Views: 870

Re: Script to disable Wlan when no user are logged on

Well - if its allowing for business hours, you'd disable wifi once last person logs off after say 5-6pm, so it doesnt force them off at a set time in case they are working back, but then leave it off till predetermined time like 7am. All depends on the setup and intent but makes sense to an extent, ...
by joegoldman
Tue Jul 02, 2019 2:27 pm
Forum: RouterBOARD hardware
Topic: RB4011 Metal temperature is really hot
Replies: 46
Views: 6951

Re: RB4011 Metal temperature is really hot

you will need active cooling, so buy a model with active cooling (RB1100AHx4 would be my suggestion).
Be careful choosing device, both RB1100AHx4 models have passive cooling!
Hrmm i swear I remember fan holes on the back of 1100 case - maybe im thinking older model? My bad.
by joegoldman
Tue Jul 02, 2019 3:06 am
Forum: RouterBOARD hardware
Topic: RB4011 Metal temperature is really hot
Replies: 46
Views: 6951

Re: RB4011 Metal temperature is really hot

you need to buy hardware for the installation, not just for the specs. If you are working in hot environments with no natural airflow / air-con then you will need active cooling, so buy a model with active cooling (RB1100AHx4 would be my suggestion). There is more to product selection then just spec...
by joegoldman
Tue Jul 02, 2019 2:01 am
Forum: General
Topic: Customer Traffic through Multiple Queues
Replies: 1
Views: 207

Customer Traffic through Multiple Queues

Hi Forum, Having an interesting problem I'd like to try figure out. I use PPPoE on my network for subscribers, when they login they get a dynamic pppoe interface simple queue, lets say 10mbit. On the transit side, I'd only like them to get 5mbit But local resources able to get the full 10mbit. My id...
by joegoldman
Sun Jun 30, 2019 8:34 am
Forum: General
Topic: Out of the box problem with GUI
Replies: 3
Views: 479

Re: Out of the box problem with GUI

On the quickset page, after ticking address acquisition to be 'Automatic' you have to hit 'Apply Configuration' down the bottom right for it to stick. Then you can go into Webfig, go to ip->addresses to see the address asigned to you, or you can go ip->dhcp client to see the status of your dhcp requ...
by joegoldman
Thu Jun 27, 2019 12:56 am
Forum: General
Topic: Best Way to Isolate Bridges to Reach Each Other's IPs
Replies: 26
Views: 1491

Re: Best Way to Isolate Bridges to Reach Each Other's IPs

just easy forward rule, in-interface=a, out-interface=b action=drop, and vice versa, that way no traffic can go between a and b.
by joegoldman
Wed May 29, 2019 2:54 am
Forum: General
Topic: NBN FTTC TPG NCD + MT
Replies: 2
Views: 357

Re: NBN FTTC TPG NCD + MT

This is more a TPG thing then a NBN or even Mikrotik thing - so the post probably has little relevance here - might be a good post for the Australian Whirlpool forums or something. In particular though, your question of whether or not using your buddies username would give you more speed - the answe...
by joegoldman
Tue May 21, 2019 3:11 am
Forum: General
Topic: Very unusual situation Two bad CCRs in a row?
Replies: 1
Views: 243

Re: Very unusual situation Two bad CCRs in a row?

Its unlikely to be a hardware issue if 2 are doing it. 3011 and ccr1009 are fundamentally different in configurations of ports (switch vs routed etc etc) so there may be snafu's in the config. Post an /export hide-sensitive and mask any identifiable information, and explain which part exactly is not...
by joegoldman
Thu May 02, 2019 12:14 pm
Forum: Scripting
Topic: Script initiate Winbox windows?
Replies: 3
Views: 414

Re: Script initiate Winbox windows?

I prefer not to use webfig - I want it for myself too as super user - so dont want to be logging out / in all the time, and I dont think the skinning tool is flexible enough, as I want the same tool but in many different configs, mostly I want the ping and traceroute tool but with specified src-addr...
by joegoldman
Thu May 02, 2019 12:45 am
Forum: Scripting
Topic: Script initiate Winbox windows?
Replies: 3
Views: 414

Script initiate Winbox windows?

Hi *, I think I know the answer to this already (no) - but is there a way to make a script initiate a winbox GUI element? i.e. I run certain tests / traceroutes / pings etc with different VRF's or source IP's to test different parts of my network - it would be handy if I could 'pre-script' these so ...
by joegoldman
Wed May 01, 2019 2:11 pm
Forum: Forwarding Protocols
Topic: Create BGP communities [SOLVED]
Replies: 3
Views: 755

Re: Create BGP communities [SOLVED]

yes, you dont 'create' communities, routes are tagged with community strings. So when you receive routes from a downstream peer, then when distributing upstream you use route filters community option to decide what to do with them, i.e. can block all routes with community 111:222 or whatever you cho...
by joegoldman
Tue Apr 30, 2019 2:14 am
Forum: General
Topic: implementation of bgp filters on ipv6 tab
Replies: 2
Views: 264

Re: implementation of bgp filters on ipv6 tab

On routing filters, use Address Family option (IP or IPv6) to apply that filter to only one type of address, so you dont catch v4 and v6 together.
by joegoldman
Tue Apr 23, 2019 9:28 pm
Forum: Forwarding Protocols
Topic: Your experience with larger/diverse Area0 OSPF networks?
Replies: 19
Views: 1437

Re: Your experience with larger/diverse Area0 OSPF networks?

At only 7 sites in and 250 routes, we are already looking for a new solution before we grow out of control. There are a few options considering. Unfortunately OSPF will always need to be part of it, but thinking of moving OSPF to Loopback propagation only, and MPLS for customer routes. This can have...
by joegoldman
Mon Apr 22, 2019 11:30 am
Forum: Forwarding Protocols
Topic: OSPF LOOP [SOLVED]
Replies: 2
Views: 609

Re: OSPF LOOP [SOLVED]

So is it mesh or is it ring? If ring network like you describe (but then add in x-connects between them), are you bridging the interfaces so all routers appear on 1 broadcast domain? If so then this would cause your issue. You may need to turn of OSPF broadcast stuff and to a PtMP style connection b...
by joegoldman
Mon Apr 22, 2019 11:26 am
Forum: General
Topic: Port Knocking, avoid scan-caused false positives?
Replies: 17
Views: 934

Re: Port Knocking, avoid scan-caused false positives?

I would think to do it different. If they are doing a huge port scan, then maybe a rule where if dst-port = 5999,6001,6999,7001 then add to list portscanner then on your portknocking do src-address-list!=portscanner This should cover scanners going up and down the list, and covers you for hitting 70...
by joegoldman
Mon Apr 22, 2019 11:22 am
Forum: General
Topic: Walled Garden fbcdn.net
Replies: 4
Views: 576

Re: Walled Garden fbcdn.net

It's because your rule is the first rule - and explicitly drops all https traffic. The rule that allows the walled garden values likely comes after that. paste your /ip firewall filter export and we may be able to tell you the best place to pop the rule. Walled garden setup already restricts user br...
by joegoldman
Mon Apr 22, 2019 9:43 am
Forum: General
Topic: Feature Request : Browser on Winbox
Replies: 11
Views: 10529

Re: Feature Request : Browser on Winbox

Or you can have port forwards - with firewall rule to stop certain IP's, or just enable the NAT while you are working on it etc etc. I go a step further and have port-knock on my devices that puts my current WAN IP in an address-ilst that is allowed to access NAT rules to access wireless gear behind...
by joegoldman
Mon Apr 22, 2019 4:14 am
Forum: General
Topic: How are hardware ports associated with names
Replies: 5
Views: 617

Re: How are hardware ports associated with names

There is an attribute attached to the interface, more-so hidden in the details "default-name" (do an /interface print detail) - this will refer to the hard port as labelled, i.e. ether1 would be port1. This is a quick last resort, its not quick and easy information to grab. I tend to name my ports k...
by joegoldman
Fri Apr 19, 2019 12:40 am
Forum: Beginner Basics
Topic: 0.0.0.253 ip
Replies: 10
Views: 857

Re: 0.0.0.253 ip

post your config (/export hide-sensitive) in code tags and we may be able to help.
by joegoldman
Tue Apr 16, 2019 3:10 am
Forum: General
Topic: who can I hire to get a export to work as an import an a clone [SOLVED]
Replies: 7
Views: 556

Re: who can I hire to get a export to work as an import an a clone [SOLVED]

the all-packages .zip files seem to work so you could download your architecture that way and then just upload the relevant packages that you have installed, bit of a round-a-bout way to do it though.
by joegoldman
Sat Apr 13, 2019 11:43 am
Forum: General
Topic: Mikrotik IP Cloud vs P2P
Replies: 8
Views: 592

Re: Mikrotik IP Cloud vs P2P

IPv6 is still a second class citizen overall - I found many services where my IPv6 would take over but it would take a worse route or have a degraded service because someone somewhere in the path didnt put as much effort into their traffic engineering for IPv6 as they did IPv4, as IPv4 is the mainst...
by joegoldman
Mon Apr 08, 2019 8:23 am
Forum: General
Topic: Why can my /30 subnet can talk to other subnets?
Replies: 5
Views: 504

Re: /30 subnet can talk to other subnets

It is because your clients and your router know where to look for each other. In a /24, they would talk directly as they are same broadcast domain, but in your example they are sending traffic to the router, and the router knows 'hey i know how to get to IP x' so routes it, no issue. Best thing to d...
by joegoldman
Wed Apr 03, 2019 1:48 pm
Forum: General
Topic: PPP Secrets - DNS Server
Replies: 3
Views: 330

Re: PPP Secrets - DNS Server

Yes you could use the On Up and On Down scripting tool in ppp profiles, go over to the scripting part of the wiki and you'll be able to start making some scripts

https://wiki.mikrotik.com/wiki/Manual:Scripting
by joegoldman
Tue Apr 02, 2019 2:21 am
Forum: Scripting
Topic: Trying to create a script to enable Mikrotik DHCP server if Microsoft DCHP Server is down.
Replies: 2
Views: 352

Re: Trying to create a script to enable Mikrotik DHCP server if Microsoft DCHP Server is down.

Why not run a DHCP 24/7 but put it on authoritative with 2s or 10s delay, so the Microsoft server has time to respond to DHCP requests first if it doesnt then the mikrotik one will.
by joegoldman
Wed Mar 27, 2019 1:11 am
Forum: General
Topic: 10.000 Clients on One Server
Replies: 7
Views: 524

Re: 10.000 Clients on One Server

You dont want one hardware failure taking out so many clients, given how cheap Mikrotik hardware is compared to other big platforms, I'd go with up to 5x 36cores with the intent of 2k per router, that way if one fails each router can just go up to 2.5k and handle the load easily.
by joegoldman
Tue Mar 26, 2019 11:46 pm
Forum: Forwarding Protocols
Topic: Make OSPFv3 use Global IPv6 addresses instead of LinkLocal? [SOLVED]
Replies: 3
Views: 1388

Re: Make OSPFv3 use Global IPv6 addresses instead of LinkLocal? [SOLVED]

Yes, this is quite common in IPv4 space as well, called a Loopback address. For nice traceroutes, I actually set pref-source on all routes to the loopback address too so you dont have to name / PTR and catalog all the interface addresses.
by joegoldman
Tue Mar 26, 2019 6:25 am
Forum: Wireless Networking
Topic: Is possible to set up a RBaCPGi-5acD2nD dual bands with one ssid?
Replies: 4
Views: 373

Re: Is possible to set up a RBaCPGi-5acD2nD dual bands with one ssid?

Just by naming them all the same, they will essentially switch from one AP to the other. Client devices determine how/when they switch to another AP, but you can use connect lists to disassociate people at a certain signal level and force them to re-scan. Easiest way to do this would be use CAPsMAN ...
by joegoldman
Tue Mar 26, 2019 12:36 am
Forum: SwOS
Topic: Can run OSPF on CRS326-24G-2S+RM
Replies: 4
Views: 681

Re: Can run OSPF on CRS326-24G-2S+RM

also all routing is done in CPU - CPU's are quite limited in the switches. You may not get much data routed on a switch.
by joegoldman
Sat Mar 23, 2019 10:34 am
Forum: General
Topic: help to create server radius with sql and and web php form [SOLVED]
Replies: 3
Views: 375

Re: help to create server radius with sql and and web php form [SOLVED]

Mikrotik talks RADIUS - configuring FreeRADIUS to work with Mikrotik is a non-issue, as they work out of the box. Your question is more a FreeRADIUS question, I would suggest seeking help from the FreeRADIUS forums or other help-areas dedicated to that program, to learn how to configure your system ...
by joegoldman
Sat Mar 23, 2019 10:23 am
Forum: General
Topic: Feature Request: 6VPE (VPNv6) - ipv6 address family
Replies: 4
Views: 1213

Re: Feature Request: 6VPE (VPNv6) - ipv6 address family

Most likely you will see this implemented in ROS v7.
Normis says ROS v7 doesnt exist :P

Sorry i kid i kid.
by joegoldman
Fri Mar 22, 2019 3:41 am
Forum: RouterBOARD hardware
Topic: wAP 60Gx3 AP - anyone already tested it?
Replies: 7
Views: 904

Re: wAP 60Gx3 AP - anyone already tested it?

I'd love to try 60ghz out in some of our busier areas mostly because 5ghz is super noisy. How wide are the channels, and how much spectrum can be accessed by these devices? i.e. since each chip can only hand 8 stations (so thats 24 clients per wAP 60Gx3) how many of these could I comfortably run on ...
by joegoldman
Thu Mar 21, 2019 11:58 pm
Forum: Beginner Basics
Topic: Is it OK for all leds to run at once like this ?
Replies: 2
Views: 277

Re: Is it OK for all leds to run at once like this ?

They are not perfectly synced - being on the same bridge means there's absolutely some traffic that will hit all ports simultaneously (e.g. broadcast) along with traffic that wont. Nothing seems amiss to me.
by joegoldman
Sun Mar 17, 2019 11:40 pm
Forum: General
Topic: Redirect All SSL Pages to one page
Replies: 4
Views: 325

Re: Redirect All SSL Pages to one page

Hotspot has HTTPS redirect in the settings - and the redirect can work, however you will always get SSL errors that the user will have to accept. You cant make it do a clean redirect.
by joegoldman
Sun Mar 17, 2019 11:35 pm
Forum: Beginner Basics
Topic: Radus server in my Mikrotik router
Replies: 6
Views: 422

Re: Radus server in my Mikrotik router

You can use userman as a built in Radius sever, however its generally more for Hotspot usage, if your looking for 802.1x auth it might not work for that. Im not sure.
by joegoldman
Wed Mar 13, 2019 2:01 am
Forum: Beginner Basics
Topic: Simplest Route Rule Possible.
Replies: 13
Views: 641

Re: Simplest Route Rule Possible.

There is kind of a way - if that is the ONLY thing in vlan55, then you can add VLAN 55 to a VRF and add the default route for that VRF out the ether1 cable WANIP. If you are not wanting to put the interface into VRF and single out only the traffic for that one IP, then you will need to use a mangle ...
by joegoldman
Mon Mar 11, 2019 1:05 am
Forum: General
Topic: Scaling Mikrotik
Replies: 5
Views: 540

Re: Scaling Mikrotik

Mikrotik is horizontal scaling. Basically start with redundant pairs everywhere - once you start getting to the 50-60% resource usage, add another 1 or 2 next to it. You really dont want resources hitting up over 75% at all to be safe. I'd personally have your core very very simple, just pure routin...
by joegoldman
Mon Mar 11, 2019 12:56 am
Forum: General
Topic: local proxies breaks speed limit
Replies: 5
Views: 313

Re: local proxies breaks speed limit

Are you running a web-proxy on the mikrotik? Are your bw-limits on forwarding traffic? Once traffic is proxied through the router it becomes input/output rather than forward technically, so your queus may be set up wrong to account for that. Do an /export hide-sensitive and post it in code tags so w...
by joegoldman
Wed Mar 06, 2019 11:57 am
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 155040

Re: RouterOS v7.0 beta1 - when?

THE GOOD NEWS IS, that once RouterOS is brought up to date on 4.x kernel - it should be a fairly straight run to keep it updated. The Linux Kernels are not feature releases, meaning the diff between 4.20 and 5.0 is just patches, not a huge new architecture or anything. We just gotta make this one bi...
by joegoldman
Tue Mar 05, 2019 5:12 pm
Forum: Beginner Basics
Topic: I've locked myself out of the router admin interface.
Replies: 2
Views: 230

Re: I've locked myself out of the router admin interface.

If using winbox, try using neighbours and connecting via MAC protocol.

Alternatively, plug another mikrotik into it and use mac-telnet from mikrotik to mikrotik or Rommon (if enabled) which uses L2 protocols as well, so bypasses IP addressing.
by joegoldman
Sun Mar 03, 2019 11:41 pm
Forum: Forwarding Protocols
Topic: Valid router to use in a peering point
Replies: 6
Views: 756

Re: Valid router to use in a peering point

(I've always thought MT should release a CCR1009-8G-2S+)...
There is the CCR1036 8G 2S+ if your after more, or even the 1072-8S+, or what we've done is breakout using a CRS317-1G-16S+
by joegoldman
Fri Mar 01, 2019 11:41 pm
Forum: Forwarding Protocols
Topic: Transit and IX problem
Replies: 5
Views: 615

Re: Transit and IX problem

Best guess is you are importing routes from both, but because your cogent routers are older they are preferred (i.e. that bgp session came up first). I would set a BGP Local Pref on the IX routes only. If this is for inbound traffic only going via cogent, then make sure you are advertising your rang...
by joegoldman
Wed Feb 27, 2019 12:35 pm
Forum: General
Topic: Large route table, removing a static [SOLVED]
Replies: 8
Views: 2061

Re: Large route table, removing a static [SOLVED]

Yes this is my main complaint with Mikrotik at the core at the moment - it can import full tables in good-enough time but convergence is slow as when adding routes or removing routes - up to 5-10 minutes for me with about 1million BGP routes (With some static). I couldnt imagine running a CCR with m...
by joegoldman
Wed Feb 27, 2019 12:28 am
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 155040

Re: RouterOS v7.0 beta1 - when?

The development going into 6.x is development FOR 7.x as well. A lot of the roadmapped features have been put into 6.x because of the delays 7.x brings. 7.x isnt going to suddenly have a heap of new features, 7.x will likely be the latest 6.x but on new kernel, and will take a few iterations to star...
by joegoldman
Sat Feb 23, 2019 12:23 am
Forum: Beginner Basics
Topic: disable PPPoE connections go to html page
Replies: 4
Views: 536

Re: disable PPPoE connections go to html page

Without radius etc, one way would be to change the remote address on their secret - i.e. have an 'internal' / 'suspended' pool thats not a public IP that they get, then in your mikrotik have mangle rules for any traffic from that range to be redirected to your server where the HTML page is.
by joegoldman
Fri Feb 22, 2019 3:42 am
Forum: Wireless Networking
Topic: Selection guide for PtP links Ranges?
Replies: 10
Views: 575

Re: Selection guide for PtP links Ranges?

I answered your questions - how could I give you any more advice without knowing the link requirements and specifics - in which case we'd be at a point of billing you for my consulting time if you want me to design your whole link.
by joegoldman
Thu Feb 21, 2019 10:24 pm
Forum: Wireless Networking
Topic: Selection guide for PtP links Ranges?
Replies: 10
Views: 575

Re: Selection guide for PtP links Ranges?

Max range would be in test conditions. Max range can be affected by weather, noise floor, line of sight, your countries EIRP etc etc. I would not want to be trying to push the max distance of items. You can mix and match, you just may end up with better signal one way then the other. Sometimes bigge...
by joegoldman
Thu Feb 21, 2019 1:25 pm
Forum: General
Topic: I Can't set 802.1p on VLAN for DHCP [probably BUG]
Replies: 9
Views: 653

Re: I Can't set 802.1p on VLAN for DHCP [probably BUG]

send a supout and explanation of your bug to support@mikrotik.com
by joegoldman
Thu Feb 21, 2019 9:17 am
Forum: General
Topic: Easy method to update 300 MikroTik
Replies: 2
Views: 368

Re: Easy method to update 300 MikroTik

No supported way - most people build it out with API scripts and updaters - DUDE might be able to do some of it.
by joegoldman
Sat Feb 16, 2019 5:10 am
Forum: General
Topic: mikrotik wrong username or password
Replies: 5
Views: 650

Re: mikrotik wrong username or password

Was it old RouterOS version? If so its likely been hacked. Good news is, being old version you can use the same hack to re-gain access - but once its been compromised you should take config export, make sure no bad config is in there, and do a fresh net-install.
by joegoldman
Sat Feb 16, 2019 5:08 am
Forum: Announcements
Topic: v6.44rc [testing] is released!
Replies: 67
Views: 12493

Re: v6.44rc [testing] is released!

what does /tool speed-test test to? Do we host a server? Is it same as bandwidth-test and will TCP tests be CPU limited?
by joegoldman
Thu Feb 07, 2019 5:21 am
Forum: General
Topic: Use a Routerboard to tag packets for a management VLAN
Replies: 7
Views: 802

Re: Use a Routerboard to tag packets for a management VLAN

Laptop ---> Ether1 - Ether2 ----> Network In this scenario (Ether1/Ether2 being your bridge Mikrotik) you'd create a vlan interface on Ether2 with vlanID on 100, then create a bridge interface, and add Ether1 and Vlan100 interface, so you are being bridged straight into the VLAN tagged interface. Th...
by joegoldman
Thu Feb 07, 2019 5:16 am
Forum: RouterBOARD hardware
Topic: Why people pair UBNT APs with MikroTik routers?
Replies: 55
Views: 29927

Re: Why people pair UBNT APs with MikroTik routers?

I've done both. I've got many CAPsMAN installs with wAP AC's and cAP AC's in, without issue. I prefer Mikrotik for the flexibility and extra config options. I had a big job that I had to put Ubiquiti in for the pure fact of short time frame and stock availability (this wasnt long after the factory f...
by joegoldman
Wed Feb 06, 2019 5:37 am
Forum: Forwarding Protocols
Topic: IXP routes should be preferred
Replies: 4
Views: 572

Re: IXP routes should be preferred

You are running multiple instances? YOu should only really be doing that for multiple host AS's

In any case, post the output of /export hide-sensitive so we can see what the issue is.
by joegoldman
Wed Feb 06, 2019 1:37 am
Forum: Forwarding Protocols
Topic: IXP routes should be preferred
Replies: 4
Views: 572

Re: IXP routes should be preferred

Guessing you have ignore as path len enabled which means AS Path will not be considered in the best-path selection, in which case the first 'installed' route would be the best based on the other attributes. For IX routes, best practise (in my opinion) is to import them with a high local-pref, which ...
by joegoldman
Sun Feb 03, 2019 10:51 pm
Forum: RouterBOARD hardware
Topic: For real, what is with these blinding power leds?
Replies: 11
Views: 1269

Re: For real, what is with these blinding power leds?

Yes noticed this on my new 4011 i was hoping I could turn it off in the software but nup, I will be black taping it to keep it down, literally shines through multiple rooms if I leave the office door open haha.
by joegoldman
Sat Feb 02, 2019 12:04 pm
Forum: General
Topic: WINDOWS AUTHENTICATE WITH MIKROTIK USERS
Replies: 1
Views: 280

Re: WINDOWS AUTHENTICATE WITH MIKROTIK USERS

You want users to login to the Mikrotik with their Windows credentials? Or you want users to log into Windows with Mikrotik credentials? You could potentially run RADIUS in front of a windows DC server and have people log into mikrotiks with Windows Credentials, the other way around I do not believe...
by joegoldman
Fri Feb 01, 2019 3:27 pm
Forum: General
Topic: Winbox Urgent Suggestion
Replies: 15
Views: 1099

Re: Winbox Urgent Suggestion

There is absolutely nothing wrong with winbox under WINE. An expert Linux user will use all tools available to set up their environment. I use Winbox without fail on all my Linux machines.
by joegoldman
Fri Feb 01, 2019 5:49 am
Forum: Forwarding Protocols
Topic: Routing issue
Replies: 3
Views: 528

Re: Routing issue

youve given us almost 0 helpful information.

You know the last hop it fails at, jump on that hop check the route-table.

Is it that just ICMP is firewalled / blocked from that ingress point onwards?
by joegoldman
Tue Jan 29, 2019 8:13 am
Forum: General
Topic: Don't buy Mikrotik hardware! NO SUPPORT
Replies: 15
Views: 1469

Re: Don't buy Mikrotik hardware! NO SUPPORT

Ubiquiti is also 20-80% more expensive depending on the product, and the software management is a nightmare in some use cases, and nowhere near as flexible at the least. You take the good with the bad in some cases. I use Mikrotik because of the flexibility and pricing. I also understand that my pay...
by joegoldman
Mon Jan 28, 2019 11:54 pm
Forum: General
Topic: Feature requests
Replies: 1160
Views: 208271

Re: Feature requests

I would like to receive SNMP traps when WiFi client registration occurs... for example: [WIRELESS]--Association:11G STA 80:b0:3d:xx:xx:xx associated with WLAN1 SSID = Mikrotik It's very useful for smart home automation scenarios You could replicate this with logging and a syslog (remote) logging se...
by joegoldman
Sat Jan 26, 2019 2:22 am
Forum: General
Topic: OSPF + VRRP +PPPOE
Replies: 5
Views: 598

Re: OSPF + VRRP +PPPOE

You would use Routing Marks or VRFs to basically do source based routing. If you are using public IP space you'll also need to adjust your advertisements so one range is used by ISP 1 and the other by ISP 2
by joegoldman
Fri Jan 25, 2019 5:51 am
Forum: General
Topic: Which Router should i buy for a small web hosting company?
Replies: 6
Views: 630

Re: Which Router should i buy for a small web hosting company?


I was looking for RB3011UiAS-RM or RB1100AHx4, What do you suggest?
RB1100AHx4 very robust and can move a lot of data - i'd go one of them.
by joegoldman
Thu Jan 24, 2019 11:13 pm
Forum: RouterBOARD hardware
Topic: InterCell
Replies: 42
Views: 5024

Re: InterCell

What LTE frequencies/bands you think the WISPs will be able to use in Australia? And what would be the demand for such LTE Base Stations? For Australia - next to impossible for LTE I think - too much regulation and too expensive. I work in a less-developed country outside of Australia where if I co...
by joegoldman
Thu Jan 24, 2019 11:05 pm
Forum: General
Topic: pasting .rsc on a blank slate router
Replies: 4
Views: 497

Re: pasting .rsc on a blank slate router

add a delay up the top of the script, and use the reset-config menu with no-default, run-after of your RSC, thats how I do templated installs.
by joegoldman
Thu Jan 24, 2019 11:26 am
Forum: RouterBOARD hardware
Topic: InterCell
Replies: 42
Views: 5024

Re: InterCell

Such an interesting turn. LTE can be beneficial for WISP though - NBN (National Broadband Network) in Australia are using LTE for their Fixed Wireless roll-outs, however being government run and funded probably got access to frequencies within budget. A country I do a lot of work in - we have a very...
by joegoldman
Sun Jan 20, 2019 12:40 am
Forum: General
Topic: CCR Mikrotik Bandwidth Test - Urgent...-Important
Replies: 8
Views: 830

Re: CCR Mikrotik Bandwidth Test - Urgent...-Important

It's also weekend around most of the world - give it a couple business days.
by joegoldman
Tue Jan 15, 2019 11:57 pm
Forum: General
Topic: v7 routeros
Replies: 12
Views: 3163

Re: v7 routeros

I also like stuff and things, my fellow networkers. :/
by joegoldman
Mon Jan 14, 2019 12:19 am
Forum: RouterBOARD hardware
Topic: Router that does not sound like a Jet Engine for Home 10G Internet?
Replies: 7
Views: 1208

Re: Router that does not sound like a Jet Engine for Home 10G Internet?

Get the 4 port 10gbit switch, device like 4011 to run as a router on a stick, port 1 outside, port 2 router, port 3 inside, done. Limits some of your capacity but for home internet shouldn't matter that much.
by joegoldman
Sun Jan 13, 2019 10:21 am
Forum: Forwarding Protocols
Topic: OSPF and default routes. [SOLVED]
Replies: 3
Views: 691

Re: OSPF and default routes. [SOLVED]

If your redistributing default via OSPF, and all links are equal cost, then it should do this automatically anyways. However - a router will not install an OSPF default route if a static one exists, so you'll have to remove the static one and let the default come in - an easy way to test this if you...
by joegoldman
Fri Dec 28, 2018 11:05 pm
Forum: General
Topic: CRS305-1G-4S+ port statistics
Replies: 1
Views: 365

Re: CRS305-1G-4S+ port statistics

Its a very small visual bug - worth chucking the info to support@mikrotik.com but doesn't warrant a huge amount of discussion.
by joegoldman
Fri Dec 28, 2018 11:01 pm
Forum: Scripting
Topic: Script only works in terminal, not by GUI or scheduler
Replies: 4
Views: 495

Re: Script only works in terminal, not by GUI or scheduler

Thanks for following up with solution - thats actually a very peculiar behaviour which would be easy to overlook.
by joegoldman
Fri Dec 28, 2018 11:00 pm
Forum: General
Topic: OSPF
Replies: 3
Views: 296

Re: OSPF

So you want to receive the route from the remote network? They will have to advertise it to you, i.e. their OSPF config has to be set to allow the route you are wanting to come to you. Unless you are filtering it out yourself. Post your config (/export hide-sensitive) grab OSPF config of remote peer...
by joegoldman
Fri Dec 28, 2018 5:05 am
Forum: General
Topic: Add 160.000 statics dns entries
Replies: 7
Views: 705

Re: Add 160.000 statics dns entries

If people are going to the effort to really get around your controlled DNS environment, then they deserve to have whatever you are trying to use - break. i.e. in PiHole it is more for user protection - a user who can circumvent would know the risks of doing so and protect themselves. It only really ...
by joegoldman
Wed Dec 26, 2018 11:58 pm
Forum: RouterBOARD hardware
Topic: 2*10gb ports for a CCR ?
Replies: 10
Views: 1394

Re: 2*10gb ports for a CCR ?

Switch: Port 1 = WAN - PVID 100 (so access port on vlan 100) Port 2 = LAN - PVID 200 (access port on vlan 200) Port 3 or 4 = Router, Trunk port with tagged 100 and 200 VLAN Making sure bridge vlan filter is on to ensure adherence to the tags and PVID. On Router you have 1 physical interface, you cre...
by joegoldman
Wed Dec 26, 2018 11:12 am
Forum: RouterBOARD hardware
Topic: 2*10gb ports for a CCR ?
Replies: 10
Views: 1394

Re: 2*10gb ports for a CCR ?

You could use a cheap switch like Mikrotik's little 4 port SFP+ switch for WAN, LAN, Router

So WAN comes into switch, switch goes into router, router back to switch for output via LAN port.

Or you could upgrade to the likes of CCR1036-8G-2S+ but thats quite a bit expensive.
by joegoldman
Wed Dec 19, 2018 3:49 am
Forum: General
Topic: Feature Request: SAFE MODE time based
Replies: 16
Views: 1818

Re: Feature Request: SAFE MODE time based

If you lose connection, how do you expect safe mode to remain activated? Although I agree with you and plan my changes with a 'dual-stack' mentality to bring things into line - I do get the point the others are trying to make. Sometimes the changes you need to make affect your connectivity to the d...
by joegoldman
Wed Dec 19, 2018 3:45 am
Forum: General
Topic: Is it possible to change boardname?
Replies: 1
Views: 213

Re: Is it possible to change boardname?

To what purpose?

Short answer is no - the major distributors / integrators may have some option to do this but not general public.
by joegoldman
Tue Dec 11, 2018 2:07 am
Forum: Forwarding Protocols
Topic: no enforce-first-as in RouterOS?
Replies: 8
Views: 1044

Re: no enforce-first-as in RouterOS?

Its default. There's no specific option for it. I do run Client to Client reflection ticked on my instances not sure if that makes a difference, but I use Mikrotik to peer with IX route servers and they deliver routes without their own AS in the path, which my router happily accepts.
by joegoldman
Tue Dec 11, 2018 1:59 am
Forum: RouterBOARD hardware
Topic: hardware idea for a multiport switch
Replies: 45
Views: 8544

Re: hardware idea for a multiport switch

It would definitely need built in cable management arm at the rear that helps slide and guide the cable bundle in and out. Even then I see the high density and effort as a very niche product personally.
by joegoldman
Mon Dec 10, 2018 4:20 am
Forum: Forwarding Protocols
Topic: Is it possible to host 2 web servers within the same public IP address
Replies: 8
Views: 1120

Re: Is it possible to host 2 web servers within the same public IP address

No, this requires deep packet inspection (so MIGHT be able to work sometihng with layer7 filters) as you are now reading the host head in the HTTP packet to know which server to send it to. Your best bet is a low-resource server 3 - a proxy server, it takes in ALL 80/443 requests and proxies based o...
by joegoldman
Tue Dec 04, 2018 10:44 am
Forum: The User Manager
Topic: Strange PPPOE limitation problem
Replies: 7
Views: 2281

Re: Strange PPPOE limitation problem

Do an /export hide-sensitive so we see your full configuration. Running userman you'd think it would be OK. Perhaps turn on some RAW RADIUS logging and capture packets of it happening, see if it is the PPP server ignoring the limitation and setting its own, or if its userman responding with the wron...
by joegoldman
Sat Nov 24, 2018 6:50 am
Forum: RouterBOARD hardware
Topic: RB3011 Power inputs?? [SOLVED]
Replies: 1
Views: 409

Re: RB3011 Power inputs?? [SOLVED]

Yes both can be used, and they will also work as active failover if one of the feeds fails. I do the same with old RB1100AHx2's (As they only had single AC) and 3011's in production
by joegoldman
Sun Nov 11, 2018 11:59 pm
Forum: Beginner Basics
Topic: 3011 update
Replies: 10
Views: 1018

Re: 3011 update

To answer your question, 3011 is an ARM based device so the mipsbe file would not be helpful.

When logging in (via winbox at least) it will tell you the architecture in the title of the window in brackets (arm), (mipsbe), (tile) etc.
by joegoldman
Sun Nov 04, 2018 3:30 pm
Forum: Forwarding Protocols
Topic: VRF Help - Route Leaking from MAIN
Replies: 0
Views: 415

VRF Help - Route Leaking from MAIN

Hi *, Basically I'd like to import all routes (except 0.0.0.0/0) into a VRF. Reason for this - I am doing source based routing to push certain IP's out a 2nd WAN connection, however I'd like it to only use this VRF (which contains a default route) when the resources aren't 'local'. This router impor...
by joegoldman
Wed Oct 31, 2018 9:50 am
Forum: General
Topic: Old kernel. Why?
Replies: 5
Views: 731

Re: Old kernel. Why?

Plenty. ROSv7's main hold up is developing to new kernel. Major kernel's have major changes, especially from what ROS is currently based on to new, the whole networking stack has been re-worked (I believe), so requires a lot of re-development, re-testing etc to get it to feature parity (plus improve...
by joegoldman
Wed Oct 31, 2018 12:53 am
Forum: General
Topic: How to whitelist top level domains? [SOLVED]
Replies: 2
Views: 591

Re: How to whitelist top level domains? [SOLVED]

You should be able to use L7 firewall rules to help create matchers that you can then apply filter/NAT/mangle rules on: https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/L7 This will help you do regex and TLD's to match what you want. It can be quite CPU intensive (As you are inspecting the packet a...
by joegoldman
Mon Oct 29, 2018 9:57 pm
Forum: General
Topic: Need help with VLANS and routing their traffic over L2TP
Replies: 4
Views: 524

Re: Need help with VLANS and routing their traffic over L2TP

post /export hide-sensitive of both routers.

Also easy way to test connectivity, put a computer on a phone IP on that VLAN and make sure it can PING the VoIP server, also maybe check traceroute see where its stopping if there are multiple hops in the path.
by joegoldman
Mon Oct 29, 2018 10:44 am
Forum: Forwarding Protocols
Topic: Auto BlackHoling
Replies: 2
Views: 785

Re: Auto BlackHoling

The question will rely on your upstream provider - so you will need to know what they expect so you can tag the route specifically. They will likely accept routes down to /32 with community <AS>:666 so they know to add as blackhole. Adjust your filters to look for routes with your own blackhole comm...
by joegoldman
Mon Oct 29, 2018 12:10 am
Forum: General
Topic: Winbox layout
Replies: 3
Views: 466

Re: Winbox layout

You can not 'edit' the layout, but you can make changes and save the session. I.E. open the windows you want to see, make changes to the columns, inline comments etc so it looks how you want it to look. Then under file you can go 'Save As' and it will save as a .viw file, then in winbox you can choo...
by joegoldman
Sun Oct 28, 2018 10:17 pm
Forum: General
Topic: Can I connect a Edge Router as a Client to out Mikrotik VPN Server?
Replies: 3
Views: 336

Re: Can I connect a Edge Router as a Client to out Mikrotik VPN Server?

You'll need to know a few details but if you set up the server you should know those details. Look at the Wiki for guides on how to set up VPN clients. If its L2TP/IPSec you'll generally need:

IP
User
Password
IPSec Secret
by joegoldman
Sun Oct 28, 2018 10:07 pm
Forum: General
Topic: Can I connect a Edge Router as a Client to out Mikrotik VPN Server?
Replies: 3
Views: 336

Re: Can I connect a Edge Router as a Client to out Mikrotik VPN Server?

This is a RouterOS forum, not an EdgeOS forum - you'll need to go hassle the ubiquiti community - but to answer your question a quick google suggests that EdgeOS doesnt currently have a way to configure an L2TP / IPSec client connection (such an odd limitation). My honest suggestion would be replace...
by joegoldman
Sat Oct 27, 2018 1:44 am
Forum: Beginner Basics
Topic: cant surf on new ip block
Replies: 4
Views: 631

Re: cant surf on new ip block

Are these your own IP's or given to you by the ISP?

IF they are your own, have you started advertising them to upstream providers? Have you notified them of the new range so they can adjust their BGP filters both ingress from you and egress to their providers?
by joegoldman
Sat Oct 27, 2018 1:42 am
Forum: General
Topic: Any Chance of a test mode before applying the configuration
Replies: 7
Views: 738

Re: Any Chance of a test mode before applying the configuration

There are very few situations given the flexibility of routeros that safe mode wont work for this purpose. Changing IP/routes? youo can dual stack IP's and add the routes, safe mode protects perfectly. Firewall changes? Pretty much what safe mode was made for. I do agree that test change can be bene...
by joegoldman
Sat Oct 27, 2018 1:38 am
Forum: General
Topic: v6 RC and v7 BETA
Replies: 126
Views: 24511

Re: v6 RC and v7 BETA

What is the timeline? if there is no cut-off date then it's just proof of concept for developers. Alpha is exactly that - proof of concept (in a lot of ways) They continue to work on 6.x, but 7 being a new kernel and everything means they have to make sure all existing functionality from 6.x is imp...
by joegoldman
Tue Oct 23, 2018 3:02 pm
Forum: General
Topic: Cloud Backup
Replies: 20
Views: 3742

Re: Cloud Backup

Will these be only .backup files i.e. only restorable to the same piece of hardware? Or will it take config exports too? Even better, are .backup files being worked on so you can safely restore them across devices (same device type but different MACs etc) I only use config expoorts myself at the mom...
by joegoldman
Tue Oct 23, 2018 2:52 pm
Forum: RouterBOARD hardware
Topic: RB 4011 is fanless?
Replies: 6
Views: 1134

Re: RB 4011 is fanless?

You'd call RB1100AHx4 a Home router? But in any case I can appreciate that, for us though the ~60% price difference from RB1100AHx4 to CCR1009 isnt justified by our want for SFP+ port (at this time), this is why i was thinking 4011 could be a good middle-ground if it came in a comparable configurati...
by joegoldman
Tue Oct 23, 2018 2:33 pm
Forum: RouterBOARD hardware
Topic: RB 4011 is fanless?
Replies: 6
Views: 1134

Re: RB 4011 is fanless?

not in near future. there are other devices that have rack cases
If I could get an 1100 with an SFP/SFP+ port I'd be happy haha, was thinking of the 4011 to start replacing our 1100AHx4 fleet if it came in a respectable case (With dual power)
by joegoldman
Tue Oct 23, 2018 2:28 pm
Forum: RouterBOARD hardware
Topic: RB 4011 is fanless?
Replies: 6
Views: 1134

Re: RB 4011 is fanless?

Are we likely to get a (proper) rackmount model, similar to 3011? Or will only the desktop model with big ugly ears remain? The 3011's are a really nice presentable case to put in a customers rack.
by joegoldman
Mon Oct 22, 2018 1:15 pm
Forum: General
Topic: LHG60 Link goes down when it rains
Replies: 21
Views: 1513

Re: LHG60 Link goes down when it rains

Have you considered all aspects? Is there other 60ghz gear? Is it CLEAR line of site? Considered fresnel zone?
by joegoldman
Mon Oct 22, 2018 8:18 am
Forum: General
Topic: v6 RC and v7 BETA
Replies: 126
Views: 24511

Re: v6 RC and v7 BETA

Image
by joegoldman
Sun Oct 21, 2018 12:25 pm
Forum: General
Topic: Mass Managing Mikrotik
Replies: 11
Views: 2053

Re: Mass Managing Mikrotik

Look into the Tr069 protocol, there are both commercial and open source applications for this These are good for client devices and pulling config on boot, but in terms of edge/bottom fo tower etc where you dont want to reboot and manage things like firewall entries etc its not that great. My centr...
by joegoldman
Sun Oct 21, 2018 3:10 am
Forum: RouterBOARD hardware
Topic: Counterfeit CCR1036?
Replies: 4
Views: 1276

Re: Counterfeit CCR1036?

The original 1036 PSU's were notoriously bad for blowing capacitors. I know plenty of people who have replaced PSU's in tthem, or at least put on better capacitors. We personally build an external power source that actually utilises the dual power headers on the board to make them actually dual powe...
by joegoldman
Sat Oct 20, 2018 2:57 pm
Forum: Beginner Basics
Topic: Migrate CCR 1009 to CCR 1036
Replies: 3
Views: 644

Re: Migrate CCR 1009 to CCR 1036

get a copy of /export from your 1009, make the necessary adjustments to change ports etc and run it as an import on your 1036.
by joegoldman
Sat Oct 20, 2018 12:39 pm
Forum: General
Topic: Mass Managing Mikrotik
Replies: 11
Views: 2053

Re: Mass Managing Mikrotik

(managed by unifi controller). Thats great for Ubiquiti Unifi gear but completely awry of the question, Mikrotik also has a similar controller for AP's in their CAPsMAN package. Your post reeks of corporate shill and is completely useless to the topic. To answer OP, I too have rolled out my own in-...
by joegoldman
Sat Oct 20, 2018 5:49 am
Forum: General
Topic: PCQ - Custom Limits
Replies: 0
Views: 207

PCQ - Custom Limits

Hi All, I want to do some real custom PCQ stuff. Basically, for example sake I have 4 IP's sharing 10mbit. I want IP 1 to be guaranteed 5mbit, IP 2 guaranteed 2mbit and the other 2 share the remaining 3mbit, but obviously if IP1 and IP2 not using their full allocation anyone can go up to 10mbit (doe...
by joegoldman
Thu Oct 18, 2018 8:23 am
Forum: Forwarding Protocols
Topic: Null route for unused IP's
Replies: 5
Views: 3167

Re: Null route for unused IP's

Just the /22 should be adequate, if you are using routing bgp network option instead of redistributing active routes. (I personally prefer to not use the network tab in bgp, and have blackhole route with distance 250 to supply an active route to redistribute).
by joegoldman
Sun Oct 14, 2018 3:08 pm
Forum: Forwarding Protocols
Topic: OSPF Interface Cost not working
Replies: 1
Views: 505

OSPF Interface Cost not working

Hi guys quick question regarding OSPF and getting interface costs to work properly. I've got 4 routers in a loop All routers have redistribute OSPF as type 1 All routers either 6.42.6 or 6.42.7 One of the links is kind of bad, but OK for backup, I just brought up a good link on the same router with ...
by joegoldman
Sun Oct 14, 2018 9:39 am
Forum: Beginner Basics
Topic: Change default ip MikroTik crs106 Sfp switch
Replies: 4
Views: 474

Re: Change default ip MikroTik crs106 Sfp switch

/ip->addresses, select 192.168.88.1 entry, modify the options as required, and hit save. Be sure that network is correct too.
by joegoldman
Sun Oct 14, 2018 9:36 am
Forum: General
Topic: VPN issues - Accessing Map Network Drive
Replies: 4
Views: 574

Re: VPN issues - Accessing Map Network Drive

Hi Sob, Please correct me, if I'm wrong, do you mean something like this : "chain=input action=accept src-address=192.168.10.0/29 dst-address=192.168.4.0/24 in-interface= log=no log-prefix=" I appreciate your help. Regards, Pipa. No, he means specifically check firewall setting on the windows host....
by joegoldman
Fri Oct 12, 2018 7:07 am
Forum: General
Topic: Jailbreak for RouterOS 6.43.2 released [SOLVED]
Replies: 16
Views: 3115

Re: Jailbreak for RouterOS 6.43.2 released [SOLVED]

If i'm understanding this right, it requires physical access to the box and the hack is via USB? Which means its also only possible on certain device types (and x86)?
by joegoldman
Fri Oct 12, 2018 1:22 am
Forum: Forwarding Protocols
Topic: RB4011 vs. CCR1009 BGP
Replies: 46
Views: 8194

Re: RB4011 vs. CCR1009 BGP

Stop with the multithreaded BGP. https://m.facebook.com/story.php?story_fbid=1432205596904888&id=186874744771319 Not going to stop at all. BGP processing and FIB updates definitely need to become more multithreaded. I have only 1 million routes in one of my CCR1036's, thats only a single full table...
by joegoldman
Thu Oct 11, 2018 7:09 pm
Forum: Forwarding Protocols
Topic: OSFP Keeps Losing Routes!!! [SOLVED]
Replies: 11
Views: 2133

Re: OSFP Keeps Losing Routes!!! [SOLVED]

When it happens, do you lose connectivity for a short time on the link between the 2 routers? Is the neighbor state still at 'Full' or does i t go to '2-way' or other. I've experienced faults where if there's enough of a time-out to drop the session, but it returns before the 40s (Default) timer run...
by joegoldman
Thu Oct 11, 2018 7:06 pm
Forum: Beginner Basics
Topic: Different DNS based on interface
Replies: 11
Views: 1061

Re: Different DNS based on interface

You can give separate DNS addresses to different IP groups etc via DHCP server network option (as sob noted) or you could use NAT or something else to redirect DNS requests for specific src-addresses, although this is the messier of the options if you can use DHCP your much better doing it that way.
by joegoldman
Thu Oct 11, 2018 7:04 pm
Forum: Wireless Networking
Topic: Mikrotik WISPs: Where?
Replies: 95
Views: 47350

Re: Mikrotik WISPs: Where?

Just started a new WISP in Papua New Guinea. I'd like to say we are 100% mikrotik, but given many reasons we've gone with ubiquiti radios and antennas. Mikrotik still sit at our (decentralised) core, about 8 RB1100's deployed for tower and relay sites, doing PPP termination and OSPF. Mikrotik still ...
by joegoldman
Thu Oct 11, 2018 8:12 am
Forum: General
Topic: Mark connection/packet then routing vs just Mark Routing?
Replies: 5
Views: 2146

Re: Mark connection/packet then routing vs just Mark Routing?

My guess is order of operations limiting the fact that the new marks aren't applied instantly at that line for future processing, so a matcher on something that was placed in this current run wont match. Why not just set all of them to src-address=192.168.1.0/24? In this current scenario, it will ha...
by joegoldman
Wed Oct 10, 2018 4:10 pm
Forum: General
Topic: MIKROTIK: PLEASE ADD GRAPHING FOR HEALTH
Replies: 2
Views: 315

Re: MIKROTIK: PLEASE ADD GRAPHING FOR HEALTH

You can graph these using external NMS and SNMP which is more common of people with multi-router deployments and wanting to monitor things like that - although it could be handy to have on-device graphing as well.
by joegoldman
Fri Oct 05, 2018 2:40 pm
Forum: General
Topic: Feature requests
Replies: 1160
Views: 208271

Re: Feature requests

That is already possible via RADIUS!
No, RADIUS is not a pool manager it can assign statics, software behind RADIUS would need to still manage a pool, which can get out of sync if you miss a stop record or something.
by joegoldman
Fri Oct 05, 2018 9:14 am
Forum: General
Topic: Feature requests
Replies: 1160
Views: 208271

Re: Feature requests

Clustered PPPoE servers....to an extent of course. Basically only really IP Pool clustering - with limited IP addressing and a decentralised core, I currently have 4 different routers doing PPP termination. Rather than split up a /25 and have to try manage enough IP's in the pool between the routers...
by joegoldman
Wed Oct 03, 2018 11:47 pm
Forum: Wireless Networking
Topic: wireless PtP advice [SOLVED]
Replies: 8
Views: 846

Re: wireless PtP advice [SOLVED]

How much bandwidth do you need? 60ghz (wireless wire) will give plenty of bandwidth, and at 100m shouldnt have any issues with bad weather. 5ghz over 100m also very good, you just wont get quite as much bandwidth across it but if your requirements are only very little (in modern relative terms) then...
by joegoldman
Wed Oct 03, 2018 2:30 pm
Forum: Beginner Basics
Topic: Need YouTube CIDR/Netmask
Replies: 8
Views: 889

Re: Need YouTube CIDR/Netmask

They are likely to continuously change/grow/shrink etc, your best bet is to try use content filter on DNS names used by youtube so no matter the IP the packets get marked.. Takes more CPU though.
by joegoldman
Wed Oct 03, 2018 6:15 am
Forum: General
Topic: Feature requests
Replies: 1160
Views: 208271

Re: Feature requests

You are correct, I dont use the graphs for the same reason, but I generate the same graphs using one of many SNMP based monitoring tools out there, so I have a clear idea on CPU usage of routers.
by joegoldman
Wed Oct 03, 2018 5:37 am
Forum: General
Topic: Feature requests
Replies: 1160
Views: 208271

Re: Feature requests

The ability to force CPU, uptime, date etc on all winbox sessions. Instead of having to do it individually Create a 'viw' /session, with those things enabled (And maybe your favourite screens setup and layed out), then use that as your default session view, along with unticking autosave so no matte...
by joegoldman
Wed Oct 03, 2018 5:34 am
Forum: General
Topic: Feature requests
Replies: 1160
Views: 208271

Re: Feature requests

Please add average cpu usage for the last day / month / year whatever. This makes it possible to at a glance see how hard a router is working. This is done in 'graphing' you can set up resource graphs and access them through webfig (at login hit the 'Graphs' button underneath the login) This will k...
by joegoldman
Tue Oct 02, 2018 12:21 pm
Forum: RouterBOARD hardware
Topic: 1100AHx4 loss
Replies: 1
Views: 370

Re: 1100AHx4 loss

Are you watching CPU load during this? When doing just the data, what is CPU load? Does CPU load spike, and hit 100%, when doing the export or SNMP walk? Maybe do a /export hide-sensitive to give us an idea of 'how' complex the config is, if you have a lot of NAT or firewall rules that must be read ...
by joegoldman
Tue Oct 02, 2018 12:09 pm
Forum: Wireless Networking
Topic: Wireless eC, Ce or XX
Replies: 7
Views: 7267

Re: Wireless eC, Ce or XX

So when i'll play with XX i have to set up frequency=auto? No you can specify frequency, and XX will decide which should be control and which should be extension (And adapt). This works better probably for 80mhz extension (XXXX or whatever) where you specify frequency and it will pick where it shou...
by joegoldman
Tue Oct 02, 2018 6:13 am
Forum: General
Topic: Bonding EoIP over vpn
Replies: 6
Views: 592

Re: Bonding EoIP over vpn

Your current solution will only go as fast as the slowest connection, being 12/1, so even if the whole aggregation was working perfectly, you'd only be able to get 60mbit total. You'd have better success bonding just the 2x40m lines together.
by joegoldman
Tue Oct 02, 2018 6:09 am
Forum: Wireless Networking
Topic: Wireless eC, Ce or XX
Replies: 7
Views: 7267

Re: Wireless eC, Ce or XX

It's still a fairly simple concept that the blurb explains... You choose your control (main) frequency and decide if you want extension to go above/below it. XX for auto-selection so it actively avoids noisy neighbours. XX is probably better for noisy/changing environments, eC vs Ce is purely based ...
by joegoldman
Tue Oct 02, 2018 6:04 am
Forum: Beginner Basics
Topic: Bonding 2 WAN
Replies: 5
Views: 2117

Re: Bonding 2 WAN

At a guess, although i've never tried this myself, pfSense might be doing some more aggresive load balancing. Speedtest.net actually uses multi-threaded connections to help give more real-world results. It is entirely possible, although I thought unlikely, that pfSense is sharing even those multi co...
by joegoldman
Mon Oct 01, 2018 1:22 pm
Forum: RouterBOARD hardware
Topic: 10G Switch model number required
Replies: 1
Views: 523

Re: 10G Switch model number required

Try doing some research next time. Takes all of 2 minutes.

https://mikrotik.com/product/crs317_1g_16s_rm
by joegoldman
Mon Oct 01, 2018 1:18 pm
Forum: Beginner Basics
Topic: Bonding 2 WAN
Replies: 5
Views: 2117

Re: Bonding 2 WAN

Bonding requires fragmentation and defragmentation at either end of the 2 links, for a single TCP stream to utilise both links bandwidth at the same time you'd need something talking the same bonding protocol on the other end of the 2 links. If both of your links are from the same ISP, this may be p...
by joegoldman
Mon Oct 01, 2018 10:06 am
Forum: Wireless Networking
Topic: Wireless eC, Ce or XX
Replies: 7
Views: 7267

Re: Wireless eC, Ce or XX

Do some simple research you will find your answers - especially in the Mikrotik wiki/Manual From https://wiki.mikrotik.com/wiki/Manual:Interface/Wireless Use of extension channels (e.g. Ce, eC etc) allows additional 20MHz extension channels and if it should be located below or above the control (mai...
by joegoldman
Sun Sep 30, 2018 2:13 pm
Forum: General
Topic: 3011UiAS PPPoe Client not connecting - NBN Australia
Replies: 3
Views: 315

Re: 3011UiAS PPPoe Client not connecting - NBN Australia

Also Aus, NBN provider to be exact. NBN is L2 network - RSP has choice of PPPoE, IPoE or any other 'auth' method. If your provider says you dont need authentication, then they are likely using IPoE. On your device, this means a DHCP Client (ip -> DHCP Client) added to the WAN interface. DHCP client ...
by joegoldman
Sun Sep 30, 2018 2:07 pm
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 155040

Re: RouterOS v7.0 beta1 - when?

After these years, I do not expect any serious answers to come from the Mikrotik. .... Ubiquity is much more flexible in communication ... another region, another morality I've been forced into ubiquiti for Wireless gear (PtMP Sector -> CPE networks), comfortably finding 27dbi, 29dbi dishes , 20+db...
by joegoldman
Thu Sep 27, 2018 9:19 am
Forum: General
Topic: Feature requests
Replies: 1160
Views: 208271

Re: Feature requests

A few suggestions I'd love: 1) Line item groupings, specifically in firewall stuff - basically a completely empty 'rule' / line thats just a comment, stays in block when comments are set to inline. The work around for this is setting dummy unmatchable rules or putting the comment on the first line i...
by joegoldman
Wed Sep 26, 2018 12:59 pm
Forum: General
Topic: CCR1036 DC input?
Replies: 3
Views: 355

Re: CCR1036 DC input?

We've replaced our CCR1036 PSU's with complete non-OEM units, you can definitely just hit on the molex headers. We supply 24v constant, as we are still technically powering off AC, but we did ours as there are 2 headers on the board (A+B power) but they only manufacture with single PSU, so we replac...
by joegoldman
Wed Sep 26, 2018 12:52 pm
Forum: Forwarding Protocols
Topic: How to create sub-interfaces,run multi process OSPF, redistribution via route-map????
Replies: 1
Views: 457

Re: How to create sub-interfaces,run multi process OSPF, redistribution via route-map????

https://wiki.mikrotik.com/wiki/Manual:TOC Get reading. All you are asking for is definitely possible, albeit with different terminology. Familiarise yourself with Winbox, and a lot of stuff will become clear, like creating a new VLAN interface, setting the tag and applying it to certain interface. A...
by joegoldman
Wed Sep 26, 2018 12:47 pm
Forum: Wireless Networking
Topic: Roaming Help [SOLVED]
Replies: 5
Views: 449

Re: Roaming Help [SOLVED]

Try playing with Connect List/Access List to force a disassociation quicker, i.e. some devices will try hold the existing connection as long as possible, rather than actively scanning for a better closer AP (which uses more battery). What some people do is put a cutoff at say -70db to force the clie...
by joegoldman
Wed Sep 26, 2018 4:10 am
Forum: General
Topic: Queue's on a bridge with packet marks
Replies: 0
Views: 218

Queue's on a bridge with packet marks

Hi Forum, I've set up a transparent bridge of sorts on a CCR 1036. THe 2 incoming interfaces are vlans, different tags of course. I add both these vlans to bridge Bridge settings are set to use IP Firewall, and fast path off I can block the traffic in ip firewall filter, and I can mark packets in ip...
by joegoldman
Fri Sep 21, 2018 9:45 pm
Forum: Beginner Basics
Topic: A sonic boom
Replies: 1
Views: 288

Re: IPsec over L2TP with client-side behind a natted-router???

What problem are you seeing? Have you simply enabled IPSec in the L2TP server settings? Do you see an error in the logs? Post your configuration with sensitve data hidden to garner further help.
by joegoldman
Mon Sep 17, 2018 2:52 pm
Forum: RouterBOARD hardware
Topic: 100Mb LAN - what's the point?
Replies: 13
Views: 1731

Re: 100Mb LAN - what's the point?

Cost of 100mbit chips is also significantly cheaper. I wouldnt want gigabit on some of the real small cheap stuff, cos it would probably double the price. I think Mikrotik do a good job of determining whats worth the gigabit cost and whats not. Products that are capable of higher than 100mbit but on...
by joegoldman
Mon Sep 17, 2018 2:49 pm
Forum: General
Topic: Switch Stacking
Replies: 0
Views: 555

Switch Stacking

Hi forum, this is more aimed at a staff member response, but perhaps if someone attended a MUM where it was discussed you may also know the answer. Basically back in Newsletter 82, the new switches with QSFP ports mentioned this in the description: "40Gbit stacking support" Is this just to say give ...
by joegoldman
Thu Sep 13, 2018 10:37 am
Forum: Beginner Basics
Topic: Queues on transparent bridge
Replies: 1
Views: 375

Re: Queues on transparent bridge

Yes i've tested this. You wont get hardware offload so you'll need a CPU that can do the work. Bridge the 2 interfaces, make sure the bridge settings is set to 'use IP Firewall' (Note: This will change it for ALL bridges on the device), then you'll see the packets go through the firewall process and...
by joegoldman
Thu Sep 13, 2018 10:34 am
Forum: Forwarding Protocols
Topic: Injecting partial BGP/Aggregate routes into OSPF
Replies: 7
Views: 914

Re: Injecting partial BGP/Aggregate routes into OSPF

Done this? I fear as the BGP process is single threaded and eats a whole cpu of the CCR it may cause problems. I do do this, albeit limited. My bigger network runs only BGP as it is a core routing setup, in another country we run more an OSPF mesh around about 7 sites linked together by fixed wirel...
by joegoldman
Thu Sep 13, 2018 8:30 am
Forum: General
Topic: RouterOS ISP identifier
Replies: 10
Views: 714

Re: RouterOS ISP identifier

I see. I was asking that because I saw in a local University campus that their Wi-Fi had in speedtest.net another University as an ISP. I was wondering if that is possible with Mikrotik devices. Is that done through Cisco's? They will have their own allocated IP addresses from an RIR that they cont...
by joegoldman
Thu Sep 13, 2018 2:30 am
Forum: General
Topic: RouterOS ISP identifier
Replies: 10
Views: 714

Re: RouterOS ISP identifier

I tried speedtest.net from three different places and I'm not sure from where they get the name. It's definitely not PTR records. Whois info on addresses doesn't contain the exact strings either. They 100% pull primary data from MaxMind GeoIP DB, however they cache it so instant updates to MaxMind ...
by joegoldman
Thu Sep 13, 2018 2:24 am
Forum: Forwarding Protocols
Topic: Injecting partial BGP/Aggregate routes into OSPF
Replies: 7
Views: 914

Re: Injecting partial BGP/Aggregate routes into OSPF

On the BGP routers, turn on bgp redistribution then add only the wanted routes into ospf-out filter denying the others, so it will redistribute only those?
by joegoldman
Wed Sep 12, 2018 4:52 am
Forum: General
Topic: RouterOS ISP identifier
Replies: 10
Views: 714

Re: RouterOS ISP identifier

These are external websites, that pull the connecting IP and look it up in databases like MaxMind GeoIP DB. In some cases the information can also be pulled from the WHOIS or RIR. You cant control these websites. RouterOS has nothing to do with your request - it is all about external sources and inf...
by joegoldman
Fri Sep 07, 2018 1:27 am
Forum: General
Topic: Winbox via wine on Ubuntu 18.04
Replies: 5
Views: 2634

Re: Winbox via wine on Ubuntu 18.04

I can confirm same issue on Ubuntu 18.04 - probably a kernel change in the higher 4.15+ kernels that affect WINE APIs to the network stack (i'm currently running 4.18.5). I keep a windows VM installed with VIrtualBox as a just-in-case for situations where I absolutely need mac learning, as it can be...
by joegoldman
Tue Aug 14, 2018 12:49 am
Forum: RouterBOARD hardware
Topic: Random latency peaks: CCR1016-12S-1S+ hardware design issue suspected!
Replies: 8
Views: 1625

Re: Random latency peaks: CCR1016-12S-1S+ hardware design issue suspected!

I had a somewhat _similar_ problem on my CCR1036's a while back. It presented a little bit differently but ultimately just a high spike of use for a few seconds then settles down. What it ended up being on my side was my 'BGP Nail' routes - i.e. so I can advertise my /24's out to the world, I'd put ...
by joegoldman
Tue Aug 07, 2018 12:40 pm
Forum: Announcements
Topic: Winbox v3.17 released!
Replies: 17
Views: 9368

Re: Winbox v3.17 released!

@strods - can we have an idea on why show categories only goes by first character on sorted list - most columns i agree but for GROUP column or ROMMON agent column I think it should use fullname unique For example, if I have SITE1, SITE2, SITE3 group, they all group under 'S' instead of 'SITE1' or '...
by joegoldman
Thu Aug 02, 2018 2:05 pm
Forum: Announcements
Topic: Winbox v3.16 released!
Replies: 63
Views: 27707

Re: Winbox v3.16 released!

Can the sort by GROUP function be fixed up so instead of grouping by the first letter it groups by the full group name? Makes it hard when you're trying to group by site and have a few sites that start with same name and they all group together under 'S' or 'B' or something.
by joegoldman
Fri Jul 13, 2018 5:35 am
Forum: General
Topic: Winbox GROUP function
Replies: 0
Views: 258

Winbox GROUP function

Hi Forum, Hoping to hear from the devs - but is there any plan to fix winbox's 'GROUP' function? i.e. When you assigned save profiles to a GROUP, then you sort by Group it used to sort by the whole group - looks like now it only sorts by first letter of the group (which means that Groups starting wi...
by joegoldman
Tue Jul 10, 2018 1:53 pm
Forum: The User Manager
Topic: Userman / Hotspot Auto Create User
Replies: 2
Views: 1153

Userman / Hotspot Auto Create User

Hi Forum, Trying to setup a hotspot where basically the login page simply asks for email address / accept EULA before auto-creating user, logging them in and using it. Preferrably with MAC based cookie for the next x hours for auto-login again. I can easily do this with the API and external login pa...
by joegoldman
Sat Jul 07, 2018 2:09 am
Forum: Wireless Networking
Topic: CAPsMAN forwarding not working
Replies: 1
Views: 483

CAPsMAN forwarding not working

Hi Forum, I'm trying to set up my first CAPsMAN network, and having issue that isn't a big issue but I'd like to fix. The setup is basically: RB1100AHx4 -> CRS328 -> cAP's The RB1100AHx4 is the CAPsMAN and also main router, so I want CAPsMAN forwarding so all traffic comes to this router, and dont w...
by joegoldman
Sun Jun 17, 2018 8:34 am
Forum: General
Topic: PPPoE queues for different routes
Replies: 0
Views: 191

PPPoE queues for different routes

Hi Forum, I really want to do some dynamic queuing. Previously, I've just set the Rate-Limit RADIUS reply for a simple queue to be added on the PPPoE server, and it works perfect. What I want to do now is a bit different, ultimately for example I want to be able to limit a user to 5mbit when going o...
by joegoldman
Wed Apr 04, 2018 1:19 am
Forum: Forwarding Protocols
Topic: can my NAT configuration change my domain name?
Replies: 3
Views: 455

Re: can my NAT configuration change my domain name?

Basically it looks like your DNS provider points to their own webserver, and they've asked you for location of your website, and instead of setting the A record appropriately they've kept the A record pointing at them and are doing a 302 redirect, directly to your IP. If you update the root A record...
by joegoldman
Thu Mar 15, 2018 2:08 am
Forum: Forwarding Protocols
Topic: BGP - Want to receive own routes
Replies: 2
Views: 464

Re: BGP - Want to receive own routes

Im such a wank. Allow-as-in is the obvious answer, I set it to 1 as it has 1 instance of my AS as the origin, all is swell.
by joegoldman
Thu Mar 15, 2018 1:28 am
Forum: Forwarding Protocols
Topic: BGP - Want to receive own routes
Replies: 2
Views: 464

Re: BGP - Want to receive own routes

OK so this is 100% loop protection because its my own origin AS at the separate site.

Is there a way to have the filters allow own origin AS for a single prefix to bypass loop protection on this particular route?
by joegoldman
Wed Mar 14, 2018 11:58 pm
Forum: Forwarding Protocols
Topic: BGP - Want to receive own routes
Replies: 2
Views: 464

BGP - Want to receive own routes

Hi All, Having a hard time deciphering this one. Basically, on one peer im announcing out to upstreams 123.456.24.0/21 [made up for example sake], this is one of our 'supernets', and this is our primary, default site. Recently we've split off 123.456.30.0/23, so the upper quarter of the /21 and anno...
by joegoldman
Tue Sep 12, 2017 12:43 am
Forum: Forwarding Protocols
Topic: How to merge two link for more throughput [SOLVED]
Replies: 21
Views: 2144

Re: How to merge two link for more throughput [SOLVED]

You could potentially EoIP tunnel from PPPoE server to Router A taking both paths (as thats where the separate paths converge) then using a bonding interface to bond the 2. This would likely mean you lose the 30mbit on the 130mbit leg of the link, but being wireless you could run into more overhead ...
by joegoldman
Tue Sep 12, 2017 12:38 am
Forum: Forwarding Protocols
Topic: Transfer traffic between ports
Replies: 2
Views: 463

Re: Transfer traffic between ports

Port Mirroring probably your only bet:

viewtopic.php?t=58471

Requires the ports be part of a switch chip I believe.

Otherwise, not having used the linsn cards - I'd say you would have to daisy chain them.
by joegoldman
Sat Jun 10, 2017 1:11 pm
Forum: General
Topic: Winbox on ubuntu drag and drop file
Replies: 2
Views: 933

Re: Winbox on ubuntu drag and drop file

No. It is a limitation of using winbox in WINE. Although it works, it is not designed for it. It works quite well, as I am full time ubuntu, my solution to this problem is: if you use SCP, you will find that "/" is the root of the file manager, so if you have a file 'log.txt' you want to download fr...
by joegoldman
Wed Jan 04, 2017 11:22 pm
Forum: General
Topic: ROS ARM on raspberrypi
Replies: 2
Views: 1822

Re: ROS ARM on raspberrypi

I dont believe it would be portable from 3011 arch to RPi3 Arch, but in any case the main problem is that the ARM build only provides .npk files, meaning you need a pre-existing routeros installed to upgrade. Only x86 provides a CD ISO - and it does so because x86 is much larger to support a range o...
by joegoldman
Fri Nov 11, 2016 6:28 am
Forum: The User Manager
Topic: What is CoA (Radius Incoming), and how is it configured?
Replies: 3
Views: 6669

Re: What is CoA (Radius Incoming), and how is it configured?

To what CoA is, you are mostly correct. CoA is 'Change of Authorisation', meaning its the RADIUS server (User manager in your use case) tells the NAS (router) that the authorisation parameters have changed. This could be to say Auth is no longer valid, or to set shaping policy to something different...
by joegoldman
Sun Nov 06, 2016 4:55 am
Forum: RouterBOARD hardware
Topic: High Fluctuating CCR CPU
Replies: 3
Views: 744

Re: High Fluctuating CCR CPU

post config - i had similar issue but even on old versions of big spikes for short bursts - but it was very specific to config.
by joegoldman
Tue Nov 01, 2016 10:55 pm
Forum: Forwarding Protocols
Topic: BGP Full Table time
Replies: 11
Views: 5021

Re: BGP Full Table time

BUT what if the active route for 8.8.8.8 is 8.8.8.0/23, then your example would miss it. And then if there's multiple routes at different sizes and different local prefs you could potentially get a range of active routes and you'd still have to figure it out. I need to know what the current active ...
by joegoldman
Tue Nov 01, 2016 2:25 am
Forum: Forwarding Protocols
Topic: BGP Full Table time
Replies: 11
Views: 5021

Re: BGP Full Table time

The thing about having 1M+ routes in the table has been search time for me, less about convergence and loading. This is where Cisco and other platforms have killed it over Mikrotik for me - if I want to look up the current active route entry for 8.8.8.8 (for example). the search time on a 1036 with...
by joegoldman
Mon Oct 31, 2016 2:40 am
Forum: Forwarding Protocols
Topic: BGP Full Table time
Replies: 11
Views: 5021

Re: BGP Full Table time

The thing about having 1M+ routes in the table has been search time for me, less about convergence and loading. This is where Cisco and other platforms have killed it over Mikrotik for me - if I want to look up the current active route entry for 8.8.8.8 (for example). the search time on a 1036 with ...
by joegoldman
Fri May 27, 2016 9:33 am
Forum: Forwarding Protocols
Topic: LNS Functionality inc VRF
Replies: 4
Views: 1219

Re: LNS Functionality inc VRF

There is definitely LNS functionality (but not LAC). VRF's i'm personally not used in this instance - but dynamically it doesnt seem possible, but if you only have a few who require it you could set up custom pppoe server interfaces for them that pushes them into VRF (see: http://forum.mikrotik.com/...
by joegoldman
Fri May 27, 2016 9:30 am
Forum: General
Topic: Someone to login my Mikrotik
Replies: 13
Views: 1687

Re: Someone to login my Mikrotik

It's quite normal if you've left the ports open. Actually not heavy at all (I can show you some massive brute force logs) Best bet is to set up firewalls so people can't access those services from your WAN interface, and if you need to be able to access them set it up with either VPN, whitelist of I...
by joegoldman
Tue Apr 26, 2016 3:34 am
Forum: General
Topic: Apache in Mikrotik
Replies: 5
Views: 1281

Re: Apache in Mikrotik

Post your firewall NAT rules so we can look.
by joegoldman
Mon Apr 18, 2016 3:30 pm
Forum: General
Topic: v6.35 [current] is released!
Replies: 103
Views: 24748

Re: v6.35 [current] is released!

Quick question - Can RouterOS do LAC yet (not just LNS), i.e. forwarding pppoe sessions over L2TP to an LNS?

Is there any documentation on the LNS features yet, specifically how to set it up?
by joegoldman
Tue Feb 16, 2016 3:41 am
Forum: Forwarding Protocols
Topic: BGP less specific route
Replies: 2
Views: 852

Re: BGP less specific route

You can get the routes into your routetable using 'blackhole' routes, so add the /22 as static routes type=blackhole, then its there. Then filters for Peer B specify ONLY the /22 routes allowed out, and they will advertise. If Peer A goes down, BGP will pick up the /22 routes for Peer B, but by the ...
by joegoldman
Fri Dec 25, 2015 2:04 pm
Forum: RouterBOARD hardware
Topic: hEX PoE lite with VDSL modem
Replies: 8
Views: 1758

Re: hEX PoE lite with VDSL modem

I believe its previously been discussed by Mikrotik staff - moving to xDSL technologies comes with a brand new range of compliance for the various regions. Where as the gear they make at the moment is pretty much wide compliance, interfacing with the PSTN of multiple countries, there can be lots of ...
by joegoldman
Tue Sep 22, 2015 11:36 am
Forum: General
Topic: Aggregate dsl traffic by realtime, day, month etc
Replies: 2
Views: 533

Re: Aggregate dsl traffic by realtime, day, month etc

You can still use SNMP to grab the interface counters and extrapolate reporting from there (which is what most graphing systems do, using 5 minute intervals and averaging the data / second), or if you are after more accurate reporting then use netflow (ip -> traffic flow) this is a lot more advanced...
by joegoldman
Sun Sep 20, 2015 10:24 am
Forum: General
Topic: Prioritising traffic while shaping
Replies: 0
Views: 338

Prioritising traffic while shaping

Hi Forum. Running a wholesale ISP, I have bandwidth pools allocated to my wholesale customers. What I currently do is create mangle rules for their IP blocks to mark the traffic, and create Simple Queues with the relevant shaping attributes to limit them - this works fine. What I DO want to do, is s...
by joegoldman
Mon Jul 27, 2015 2:14 pm
Forum: Beginner Basics
Topic: RADIUS port 1700
Replies: 1
Views: 473

Re: RADIUS port 1700

if you are referring to CoA packets - they are not currently supported by RouterOS, it can only act as a client for AUTH and ACCT packets to send TO a Radius server. There is the 'userman' package which is a fully fledged RADIUS server in itself but it runs as suggested by the name as a usermanager ...
by joegoldman
Wed Jul 22, 2015 1:11 am
Forum: Beginner Basics
Topic: Limiting Download after 3 or 4 minutes ?
Replies: 1
Views: 426

Re: Limiting Download after 3 or 4 minutes ?

Hate to break it to you - but you need to learn Mangle, along with queues. Queues have burst which does exactly what you want. Start reading up on setting up queues and Mangle stuff will follow with the documentation. If you are unwilling to learn, hire a professional to do it for you (we can't spoo...
by joegoldman
Wed Jul 22, 2015 1:08 am
Forum: General
Topic: Virtual IP on WAN
Replies: 3
Views: 4176

Re: Virtual IP on WAN

if the 5 IP's are on the WAN interface then you can certainly force NAT for just the mail server via a single IP. Instead of using 'masquerade' NAT rule, you want to use src-nat rule. When creating the NAT rules have one with Src. Address of just your mail server (e.g. 192.168.1.100, not a full subn...
by joegoldman
Wed Jul 22, 2015 1:03 am
Forum: Forwarding Protocols
Topic: CPU usage problems in CCR1036 -8G2S and quues tree
Replies: 4
Views: 1149

Re: CPU usage problems in CCR1036 -8G2S and quues tree

Is there a simple queue per PPP being established? This can certainly put some strain on (as the system is now managing 800 different simple queues) but I wouldn't think it'd hassle it that much. Are the PPPoE clients getting a public IP or are you NAT'ing them as well? To be honest, with the low co...
by joegoldman
Sun Jul 12, 2015 7:25 am
Forum: General
Topic: adding the "$" sign in password
Replies: 4
Views: 562

Re: adding the "$" sign in password

Try 'escaping' it by putting a '\' in front of it, so if your password was:

dollar$

try

dollar\$

or try encapsulating it inside quotes

"dollar$"
by joegoldman
Sun Jul 12, 2015 2:16 am
Forum: General
Topic: PCQ Specific Setup
Replies: 1
Views: 432

PCQ Specific Setup

Hi Forum, I have a downstream customer who uses up to 250mbit from me. I limit this with a simple queue on their VLAN interface with packet marks of their IP ranges for in/out. This 250mbit limit works fine and keeps the customer in check. What they have now asked is if I can limit single IP's insid...
by joegoldman
Fri Jul 10, 2015 8:03 am
Forum: Announcements
Topic: Tik App, MikroTik android utility ALPHA test
Replies: 425
Views: 144626

Re: Tik App, MikroTik android utility ALPHA test

This is great, thanks for working on this. Definite feature request - Port Knocking before connection, possibly even multi-port-knock (I tend to go 2 or 3 different ports in specific order before opening IP for management) so when I'm out and about (mobile network with no fixed IP) I can log in secu...
by joegoldman
Fri Jul 10, 2015 12:59 am
Forum: RouterBOARD hardware
Topic: Mikrotik OS router License recovery
Replies: 4
Views: 830

Re: Mikrotik OS router License recovery

What do you mean by "hard disk crash"? How does this happen exactly? I suggest using good brand hard drives. They work for 10 years and nothing can "crash". Unfortunately even top of the line hard drives can crash - really you should be replacing every 3-5 years depending on the work cycle they go ...
by joegoldman
Thu Jul 09, 2015 12:46 pm
Forum: General
Topic: Is there a way to track those 3 things ?
Replies: 6
Views: 669

Re: Is there a way to track those 3 things ?

Your questions are less to do with mikrotik and networking and more to do with ISP management and network monitoring - I would advise hiring a consultant. Ultimately you can use graphing on the mikrotik router (either under System or Tools, can't remember) or SNMP from a remote system such as Cacti ...
by joegoldman
Fri Jul 03, 2015 3:51 pm
Forum: Announcements
Topic: Leap Second issue on CCR units
Replies: 12
Views: 6908

Re: Leap Second issue on CCR units

Hi Normis,

I had CCR unit running NTP updates on 6.27 that did not crash?

I purposefully disabled SNTP on my primary routers but left it on my secondary's to see if they would be affected but they were not.

CCR1036-8G-2S+ running 6.27
by joegoldman
Sun Jun 28, 2015 7:48 am
Forum: Announcements
Topic: Dual band AP for home use, SSID same or different?
Replies: 62
Views: 32695

Re: Dual band AP for home use, SSID same or different?

Please make it possible to push certain clients from 2,4 to 5ghz if the same SSID is configured (which should the default mode on shipping). Some devices stay on 2,4 even if they support 5, and the air time in the 2,4 space is valuable. This isn't really controlled by the AP - as the AP isn't alway...
by joegoldman
Mon May 25, 2015 6:49 am
Forum: Forwarding Protocols
Topic: Check BGP routes efficiently
Replies: 8
Views: 1677

Re: Check BGP routes efficiently

It is hard to say for version that will be available for masses, but right now it is [admin@MikroTik] /routing route> :put [:time [print where 192.0.128.1 in dst-address] ] DST-ADDRESS GATEWAY DISTANCE AS> 0.0.0.0/0 10.5.101.1 0 S 0.0.0.0/0 10.5.101.1 1 D bY 192.0.128.0/17 10.5.101.1 20 D bY 192.0....
by joegoldman
Fri May 22, 2015 1:59 pm
Forum: Announcements
Topic: Manual Improvements
Replies: 94
Views: 19112

Re: Manual Improvements

User Manager is well out of date.
by joegoldman
Tue May 05, 2015 11:03 am
Forum: General
Topic: winbox central DB for multiple devices
Replies: 2
Views: 563

Re: winbox central DB for multiple devices

with the RC of Winbox 3 you can elect where to store the DB, and you could make the location a mounted network share that your other devices have access to, or a Dropbox style syncing app. Not sure how shared storage goes with multiple access though, if there can be conflicts if changes are made at ...
by joegoldman
Sun May 03, 2015 9:21 am
Forum: Forwarding Protocols
Topic: BGP on Multihomed brings DNS Problems
Replies: 1
Views: 644

Re: BGP on Multihomed brings DNS Problems

Can you reproduce the problem? If so on an affected host: 1) Ping/trace the DNS server, reachable? 2) test the affected website using nslookup specifying different DNS servers 3) Packet Capture the process see if you can find whats missing Run similar tests on unaffected host to compare results (pin...
by joegoldman
Sun May 03, 2015 9:19 am
Forum: Forwarding Protocols
Topic: 2 BGP Peers - different uplink Speed
Replies: 11
Views: 2404

Re: 2 BGP Peers - different uplink Speed

I very much doubt it would translate far beyond your upstreams networks if they even allowed it - certainly not back to Tier1 - although I've never used it so I could be wrong there, it just seems like a technology that would be more likely used if you had 2 unequal links to the same provider, not w...
by joegoldman
Sun May 03, 2015 9:16 am
Forum: Forwarding Protocols
Topic: Bandwidth control through ppp
Replies: 1
Views: 727

Re: Bandwidth control through ppp

If your passing it to the router via RADIUS attriute - it will create a dynamic simple queue on the ppp interface - if this is the case that is the limit for that customer only - if the queue is targeting the 'tunnelling' interface (the physical interface that ALL the connections are coming in on) t...
by joegoldman
Fri May 01, 2015 2:32 pm
Forum: Announcements
Topic: FastTrack - New feature in 6.29
Replies: 237
Views: 140165

Re: FastTrack - New feature in 6.29

Very big shame on no PPPoE client support - most of all networks I work with require PPP style connection with it being the out-interface for NAT.

Is there a limitation on being able to enable this for PPP connections making it not possible or is it something that is being worked on?
by joegoldman
Fri May 01, 2015 2:24 pm
Forum: Forwarding Protocols
Topic: 2 BGP Peers - different uplink Speed
Replies: 11
Views: 2404

Re: 2 BGP Peers - different uplink Speed

The feature you are looking for does exist in BGP, just not in MikroTik. BGP Link bandwidth can be advertised to another AS as an extended community in Cisco routers. If the routers you are peering to are Cisco and will accept this community, then you might be able to make this work by doing the Co...
by joegoldman
Fri May 01, 2015 2:01 am
Forum: The User Manager
Topic: Timed Vouchers
Replies: 2
Views: 1139

Re: Timed Vouchers

On the User Manager profile set a limit to 1Gb traffic, set start at first logon and validity to 1 month ("30d" or "4w 3d"). That should do what you want. Ahh - beautiful, thank you very much. The documentation always mentions credits etc and I couldn't find anywhere for it. Documentation REALLY ne...
by joegoldman
Thu Apr 30, 2015 10:15 am
Forum: The User Manager
Topic: Timed Vouchers
Replies: 2
Views: 1139

Timed Vouchers

Hi Forum, I'm trying to set up vouchers to hand out at reception - where from first logon user gets say 1GB and 1 Month to use it (example). I see the uptime option in limitations, but from what I see this appears to be active time, so if I set it to 1 month, they could do a few hours here, a few ho...
by joegoldman
Mon Apr 27, 2015 1:06 am
Forum: Forwarding Protocols
Topic: 2 BGP Peers - different uplink Speed
Replies: 11
Views: 2404

Re: 2 BGP Peers - different uplink Speed

Hello, so the switch to the other peer - if the one peer has paket loss - will be instantly and there will no more be paket loss if we activate the second peer? regards BGP will stop only at very high packet loss or loss of connectivity to the peer all together, if you are wanting auto failover on ...
by joegoldman
Mon Apr 27, 2015 1:03 am
Forum: General
Topic: Do queues created by PPPoE or Radius Authenticated DHCP have a large overhead
Replies: 1
Views: 408

Re: Do queues created by PPPoE or Radius Authenticated DHCP have a large overhead

Depends what you are comparing to? There are other ways of queuing that could be more efficient at a big number of users - but it is more complex to setup and maintain (using queue tree's and PCQ etc)
by joegoldman
Wed Apr 22, 2015 9:20 am
Forum: Forwarding Protocols
Topic: 2 BGP Peers - different uplink Speed
Replies: 11
Views: 2404

Re: 2 BGP Peers - different uplink Speed

It is ultimately impossible to do exactly what you ask. There are a few methods of load balancing between BGP peers. 1st is to just allow natural BGP redistribution. Networks around the world choose shortest path, which depending on how your 2 upstreams diversify their own links, could mean a perfec...
by joegoldman
Wed Apr 22, 2015 2:04 am
Forum: General
Topic: Winbox 3 RC
Replies: 639
Views: 124022

Re: Winbox 3 RC

joegoldman - Go under Tools menu in Winbox loader and switch to Advanced mode. Then all options will be available. Beautiful, didn't know that option was there with it turned off by default, that has brought back what I needed though. It now remembers my window size and columns perfectly. Thanks
by joegoldman
Tue Apr 21, 2015 2:09 pm
Forum: General
Topic: Winbox 3 RC
Replies: 639
Views: 124022

Re: Winbox 3 RC

I'm having similar problem to above running under WINE on Ubuntu Linux - window opens small, the 'Autosave', 'Group', 'note' and other fields are missing, and it only shows some columns in the connect database - can re-add them but it doesnt remember them. Sticking to older rc for now as rc9 feels u...
by joegoldman
Mon Apr 20, 2015 1:28 pm
Forum: Announcements
Topic: RouterOS v6.28 released
Replies: 229
Views: 62091

Re: RouterOS v6.28 released

Can we please continue to have torrent link for all packages in one hit? I like to keep them organised for offline use in case out in the field - nice to have both 'all packages' and the upgrade package and extra packages, rather than going through and clicking them all and organising them again.
by joegoldman
Thu Apr 16, 2015 2:54 am
Forum: General
Topic: Physical vs VLAN counters
Replies: 0
Views: 328

Physical vs VLAN counters

Hi Forum, Have an interesting problem. ether1 on a CCR1036 has no IP address or anything on the physical port. It has a single VLAN that has an IP as a sub-interface. The only traffic going through this port should be this one VLAN However, I note that there is sometimes around 10mbits of discrepenc...
by joegoldman
Tue Apr 07, 2015 1:07 am
Forum: Forwarding Protocols
Topic: BGP Advertisement
Replies: 14
Views: 1570

Re: BGP Advertisement

I get this problem too, on routers with thousands of routes or routers with ~20 routes, just never shows all the routes and is annoying. Even when it does work (i.e. CLI) its slow as anything, this is the biggest performance boost required, searching through the route table and the advertisements ta...
by joegoldman
Fri Apr 03, 2015 10:13 am
Forum: General
Topic: IPv6 only inside
Replies: 2
Views: 886

IPv6 only inside

Hi Forum, Wondering about how I can go about this. I get IPv4 and IPv6 from ISP over PPPoE - naturally currently I dual stack IPv4 LAN IP that NAT's out the PPPoE interface, and IPv6 public space handed out via SLAAC. Is there a reasonable way to manage only have IPv6 on the inside, and only accessi...
by joegoldman
Sat Mar 14, 2015 11:57 pm
Forum: General
Topic: Do i need NAT if gateway is on the same subnet?
Replies: 2
Views: 684

Re: Do i need NAT if gateway is on the same subnet?

By that setup - no you do not need NAT, as the ADSL router will do NAT for you. You could even change your Mikrotik's DHCP settings to give the ADSL router as the default gateway anyway (rather than traffic HAVING to go through the Mikrotik) However, if your ADSL router is residential grade / crappy...
by joegoldman
Thu Mar 12, 2015 9:36 pm
Forum: General
Topic: Traffic Flow Multiple Interfaces
Replies: 0
Views: 382

Traffic Flow Multiple Interfaces

Hi Forum, I'm wanting to collect flows for multiple interfaces, to go to their individual targets. If setting up multiple traffic flow targets, and multiple interfaces, is all flow data from all interfaces going to all targets? Is there a way to say x interface to y target and a interface to b targe...
by joegoldman
Mon Mar 09, 2015 7:00 am
Forum: RouterBOARD hardware
Topic: CCR-1072 release date?
Replies: 71
Views: 13900

Re: CCR-1072 release date?

Any news on the multi threaded tcp forwarding. Is it still going to be single cpu and bound to 1Gb That is less to do with the 1072 and more to do with ROSv7 (or software in general). I've been told by support that the 1072 will release before stable ROSv7, so will come shipped with ROSv6, so unles...
by joegoldman
Thu Feb 26, 2015 11:05 am
Forum: RouterBOARD hardware
Topic: Hardware request!
Replies: 5
Views: 1416

Re: Hardware request!

Hello. I've seen hAP lite. Thats a good approach to see Mikrotik in more places. but have you ever considered making a Wireless router with ADSL 2+ input? That will target a wide range of customers having ADSL service. I have ADSL too. and I bridged my ADSL modem and made pppoe client in my router....
by joegoldman
Sat Feb 21, 2015 11:23 am
Forum: Forwarding Protocols
Topic: What BGP setups need to be optimized
Replies: 58
Views: 21172

Re: What BGP setups need to be optimized

Hi, CCR1036's, 11~ BGP peers, about 15k~ routes, although Im purposely not taking full table as the time to LOAD the table takes too much, and filtering through the routetable takes too long. This limits my ability to have multiple upstreams (the extra peers are IX's and bi-lateral peering) Run abou...
by joegoldman
Wed Feb 18, 2015 11:44 am
Forum: Announcements
Topic: hAP lite
Replies: 389
Views: 164313

Re: hAP lite

How does this differ much from the 951-2n? Is it meant to be direct replacement of it or do they tackle 2 different needs?
by joegoldman
Sun Feb 15, 2015 8:05 am
Forum: General
Topic: Change of Authorisation RADIUS packet
Replies: 6
Views: 1993

Change of Authorisation RADIUS packet

Hi Team, I'd like to request support for a RADIUS COA (Change of Authorisation) packet to be able to send updates for things such as booting the user offline, changing the interface queue speed (for instance PPPoE dynamic queues) and possibly even other changes to the current session (i.e. add new f...
by joegoldman
Sun Feb 15, 2015 8:02 am
Forum: General
Topic: Winbox 3 RC
Replies: 639
Views: 124022

Re: Winbox 3 RC

...snip about block comments... I would like to second this request - the block comments make great 'Headings' to logically separate blocks of items, most specifically in the firewall (i.e. start of brute force, start of customer x firewall etc) The block comments would also be useful in /export ou...
by joegoldman
Sun Feb 15, 2015 8:00 am
Forum: General
Topic: Winbox 3 RC
Replies: 639
Views: 124022

Re: Winbox 3 RC

Problem with RC5 - the 'Autosave Session' tickbox on the loader screen is not persistant. I have set up my views how I like them - while troubleshooting I tend to open a lot of other things but do not want it to save to that session. At the moment I have to untick 'Autosave Session' on the loader (o...
by joegoldman
Sat Feb 14, 2015 4:12 am
Forum: Forwarding Protocols
Topic: How to measure traffic to an ASN?
Replies: 9
Views: 3033

Re: How to measure traffic to an ASN?

Traffic-Flow version is the difference, higher version of traffic flow standard will provide more information, its also depending on having your netflow collector set to save that information when received as well.
by joegoldman
Fri Feb 13, 2015 2:54 pm
Forum: RouterBOARD hardware
Topic: Purpose of ether port with yellow plug symbol?
Replies: 3
Views: 1209

Re: Purpose of ether port with yellow plug symbol?

Yellow ports / ether10 in this routerboard is for PoE OUT.

Note that it is Passive PoE not 802.3af/at standards.

It is useful for, say, powering a Mikrotik wireless device like an inside AP or a roof mounted SXT, without requiring another power point.
by joegoldman
Fri Feb 13, 2015 2:50 pm
Forum: General
Topic: Prevent accidential disabling of interface
Replies: 3
Views: 729

Re: Prevent accidential disabling of interface

Doesn't appear the skin can be modified to prevent this - for important routers I'd suggest not using Webfig in any case, perhaps CLI or Winbox, I've found webfig to be more consuming on the router and sometimes tedious for tasks causing mistakes like this.
by joegoldman
Wed Feb 11, 2015 8:25 am
Forum: General
Topic: CCR, CRS replacing my Cisco Core? I'm trying.
Replies: 5
Views: 1383

Re: CCR, CRS replacing my Cisco Core? I'm trying.

I would avoid CRS for switching, mainly, as stated, for spanning tree problems.

CCR in place of Cisco though - no problems. Have replaced my network core from Cisco 7200 series to CCR1036 no problems, actually doing more features than the Cisco and barely breaking 10% CPU
by joegoldman
Mon Feb 02, 2015 10:22 am
Forum: Forwarding Protocols
Topic: OSPF per-packet Load balancing
Replies: 5
Views: 1704

Re: OSPF per-packet Load balancing

what is wrong with per connection? Unless you are having issues with single users soaking entire bandwidth on a single thread transfer? Problem is, as Customer i have a radio base station. And technology requires BS to build a GRE tunnel to Core site. So basicly, i always have a single pari src-dst...
by joegoldman
Mon Feb 02, 2015 7:14 am
Forum: RouterBOARD hardware
Topic: Stable high speed RouterBOARD PTP link
Replies: 3
Views: 1007

Re: Stable high speed RouterBOARD PTP link

Have you looked at the SXT AC series? They are narrow beamwidth and depending on length and some other factors could potentially do 100mbps+

NetMetal with the mANT30 could go much further and possibly more speed - check out routerboard.com for more info on them.
  • 1
  • 2