Community discussions

Search found 457 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 10
by joegoldman
Tue May 21, 2019 3:11 am
Forum: General
Topic: Very unusual situation Two bad CCRs in a row?
Replies: 1
Views: 133

Re: Very unusual situation Two bad CCRs in a row?

Its unlikely to be a hardware issue if 2 are doing it. 3011 and ccr1009 are fundamentally different in configurations of ports (switch vs routed etc etc) so there may be snafu's in the config. Post an /export hide-sensitive and mask any identifiable information, and explain which part exactly is not...
by joegoldman
Thu May 02, 2019 12:14 pm
Forum: Scripting
Topic: Script initiate Winbox windows?
Replies: 3
Views: 202

Re: Script initiate Winbox windows?

I prefer not to use webfig - I want it for myself too as super user - so dont want to be logging out / in all the time, and I dont think the skinning tool is flexible enough, as I want the same tool but in many different configs, mostly I want the ping and traceroute tool but with specified src-addr...
by joegoldman
Thu May 02, 2019 12:45 am
Forum: Scripting
Topic: Script initiate Winbox windows?
Replies: 3
Views: 202

Script initiate Winbox windows?

Hi *, I think I know the answer to this already (no) - but is there a way to make a script initiate a winbox GUI element? i.e. I run certain tests / traceroutes / pings etc with different VRF's or source IP's to test different parts of my network - it would be handy if I could 'pre-script' these so ...
by joegoldman
Wed May 01, 2019 2:11 pm
Forum: Forwarding Protocols
Topic: Create BGP communities [SOLVED]
Replies: 3
Views: 280

Re: Create BGP communities [SOLVED]

yes, you dont 'create' communities, routes are tagged with community strings. So when you receive routes from a downstream peer, then when distributing upstream you use route filters community option to decide what to do with them, i.e. can block all routes with community 111:222 or whatever you cho...
by joegoldman
Tue Apr 30, 2019 2:14 am
Forum: General
Topic: implementation of bgp filters on ipv6 tab
Replies: 2
Views: 139

Re: implementation of bgp filters on ipv6 tab

On routing filters, use Address Family option (IP or IPv6) to apply that filter to only one type of address, so you dont catch v4 and v6 together.
by joegoldman
Tue Apr 23, 2019 9:28 pm
Forum: Forwarding Protocols
Topic: Your experience with larger/diverse Area0 OSPF networks?
Replies: 19
Views: 873

Re: Your experience with larger/diverse Area0 OSPF networks?

At only 7 sites in and 250 routes, we are already looking for a new solution before we grow out of control. There are a few options considering. Unfortunately OSPF will always need to be part of it, but thinking of moving OSPF to Loopback propagation only, and MPLS for customer routes. This can have...
by joegoldman
Mon Apr 22, 2019 11:30 am
Forum: Forwarding Protocols
Topic: OSPF LOOP
Replies: 1
Views: 175

Re: OSPF LOOP

So is it mesh or is it ring? If ring network like you describe (but then add in x-connects between them), are you bridging the interfaces so all routers appear on 1 broadcast domain? If so then this would cause your issue. You may need to turn of OSPF broadcast stuff and to a PtMP style connection b...
by joegoldman
Mon Apr 22, 2019 11:26 am
Forum: General
Topic: Port Knocking, avoid scan-caused false positives?
Replies: 17
Views: 655

Re: Port Knocking, avoid scan-caused false positives?

I would think to do it different. If they are doing a huge port scan, then maybe a rule where if dst-port = 5999,6001,6999,7001 then add to list portscanner then on your portknocking do src-address-list!=portscanner This should cover scanners going up and down the list, and covers you for hitting 70...
by joegoldman
Mon Apr 22, 2019 11:22 am
Forum: General
Topic: Walled Garden fbcdn.net
Replies: 4
Views: 380

Re: Walled Garden fbcdn.net

It's because your rule is the first rule - and explicitly drops all https traffic. The rule that allows the walled garden values likely comes after that. paste your /ip firewall filter export and we may be able to tell you the best place to pop the rule. Walled garden setup already restricts user br...
by joegoldman
Mon Apr 22, 2019 9:43 am
Forum: General
Topic: Feature Request : Browser on Winbox
Replies: 11
Views: 9907

Re: Feature Request : Browser on Winbox

Or you can have port forwards - with firewall rule to stop certain IP's, or just enable the NAT while you are working on it etc etc. I go a step further and have port-knock on my devices that puts my current WAN IP in an address-ilst that is allowed to access NAT rules to access wireless gear behind...
by joegoldman
Mon Apr 22, 2019 4:14 am
Forum: General
Topic: How are hardware ports associated with names
Replies: 5
Views: 477

Re: How are hardware ports associated with names

There is an attribute attached to the interface, more-so hidden in the details "default-name" (do an /interface print detail) - this will refer to the hard port as labelled, i.e. ether1 would be port1. This is a quick last resort, its not quick and easy information to grab. I tend to name my ports k...
by joegoldman
Fri Apr 19, 2019 12:40 am
Forum: Beginner Basics
Topic: 0.0.0.253 ip
Replies: 10
Views: 611

Re: 0.0.0.253 ip

post your config (/export hide-sensitive) in code tags and we may be able to help.
by joegoldman
Tue Apr 16, 2019 3:10 am
Forum: General
Topic: who can I hire to get a export to work as an import an a clone [SOLVED]
Replies: 7
Views: 361

Re: who can I hire to get a export to work as an import an a clone [SOLVED]

the all-packages .zip files seem to work so you could download your architecture that way and then just upload the relevant packages that you have installed, bit of a round-a-bout way to do it though.
by joegoldman
Sat Apr 13, 2019 11:43 am
Forum: General
Topic: Mikrotik IP Cloud vs P2P
Replies: 8
Views: 409

Re: Mikrotik IP Cloud vs P2P

IPv6 is still a second class citizen overall - I found many services where my IPv6 would take over but it would take a worse route or have a degraded service because someone somewhere in the path didnt put as much effort into their traffic engineering for IPv6 as they did IPv4, as IPv4 is the mainst...
by joegoldman
Mon Apr 08, 2019 8:23 am
Forum: General
Topic: Why can my /30 subnet can talk to other subnets?
Replies: 5
Views: 364

Re: /30 subnet can talk to other subnets

It is because your clients and your router know where to look for each other. In a /24, they would talk directly as they are same broadcast domain, but in your example they are sending traffic to the router, and the router knows 'hey i know how to get to IP x' so routes it, no issue. Best thing to d...
by joegoldman
Wed Apr 03, 2019 1:48 pm
Forum: General
Topic: PPP Secrets - DNS Server
Replies: 3
Views: 204

Re: PPP Secrets - DNS Server

Yes you could use the On Up and On Down scripting tool in ppp profiles, go over to the scripting part of the wiki and you'll be able to start making some scripts

https://wiki.mikrotik.com/wiki/Manual:Scripting
by joegoldman
Tue Apr 02, 2019 2:21 am
Forum: Scripting
Topic: Trying to create a script to enable Mikrotik DHCP server if Microsoft DCHP Server is down.
Replies: 2
Views: 213

Re: Trying to create a script to enable Mikrotik DHCP server if Microsoft DCHP Server is down.

Why not run a DHCP 24/7 but put it on authoritative with 2s or 10s delay, so the Microsoft server has time to respond to DHCP requests first if it doesnt then the mikrotik one will.
by joegoldman
Wed Mar 27, 2019 1:11 am
Forum: General
Topic: 10.000 Clients on One Server
Replies: 7
Views: 377

Re: 10.000 Clients on One Server

You dont want one hardware failure taking out so many clients, given how cheap Mikrotik hardware is compared to other big platforms, I'd go with up to 5x 36cores with the intent of 2k per router, that way if one fails each router can just go up to 2.5k and handle the load easily.
by joegoldman
Tue Mar 26, 2019 11:46 pm
Forum: Forwarding Protocols
Topic: Make OSPFv3 use Global IPv6 addresses instead of LinkLocal? [SOLVED]
Replies: 3
Views: 1093

Re: Make OSPFv3 use Global IPv6 addresses instead of LinkLocal? [SOLVED]

Yes, this is quite common in IPv4 space as well, called a Loopback address. For nice traceroutes, I actually set pref-source on all routes to the loopback address too so you dont have to name / PTR and catalog all the interface addresses.
by joegoldman
Tue Mar 26, 2019 6:25 am
Forum: Wireless Networking
Topic: Is possible to set up a RBaCPGi-5acD2nD dual bands with one ssid?
Replies: 4
Views: 244

Re: Is possible to set up a RBaCPGi-5acD2nD dual bands with one ssid?

Just by naming them all the same, they will essentially switch from one AP to the other. Client devices determine how/when they switch to another AP, but you can use connect lists to disassociate people at a certain signal level and force them to re-scan. Easiest way to do this would be use CAPsMAN ...
by joegoldman
Tue Mar 26, 2019 12:36 am
Forum: SwOS
Topic: Can run OSPF on CRS326-24G-2S+RM
Replies: 4
Views: 347

Re: Can run OSPF on CRS326-24G-2S+RM

also all routing is done in CPU - CPU's are quite limited in the switches. You may not get much data routed on a switch.
by joegoldman
Sat Mar 23, 2019 10:34 am
Forum: General
Topic: help to create server radius with sql and and web php form [SOLVED]
Replies: 3
Views: 253

Re: help to create server radius with sql and and web php form [SOLVED]

Mikrotik talks RADIUS - configuring FreeRADIUS to work with Mikrotik is a non-issue, as they work out of the box. Your question is more a FreeRADIUS question, I would suggest seeking help from the FreeRADIUS forums or other help-areas dedicated to that program, to learn how to configure your system ...
by joegoldman
Sat Mar 23, 2019 10:23 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request: 6VPE (VPNv6) - ipv6 address family
Replies: 4
Views: 926

Re: Feature Request: 6VPE (VPNv6) - ipv6 address family

Most likely you will see this implemented in ROS v7.
Normis says ROS v7 doesnt exist :P

Sorry i kid i kid.
by joegoldman
Fri Mar 22, 2019 3:41 am
Forum: RouterBOARD hardware
Topic: wAP 60Gx3 AP - anyone already tested it?
Replies: 7
Views: 607

Re: wAP 60Gx3 AP - anyone already tested it?

I'd love to try 60ghz out in some of our busier areas mostly because 5ghz is super noisy. How wide are the channels, and how much spectrum can be accessed by these devices? i.e. since each chip can only hand 8 stations (so thats 24 clients per wAP 60Gx3) how many of these could I comfortably run on ...
by joegoldman
Thu Mar 21, 2019 11:58 pm
Forum: Beginner Basics
Topic: Is it OK for all leds to run at once like this ?
Replies: 2
Views: 174

Re: Is it OK for all leds to run at once like this ?

They are not perfectly synced - being on the same bridge means there's absolutely some traffic that will hit all ports simultaneously (e.g. broadcast) along with traffic that wont. Nothing seems amiss to me.
by joegoldman
Sun Mar 17, 2019 11:40 pm
Forum: General
Topic: Redirect All SSL Pages to one page
Replies: 4
Views: 230

Re: Redirect All SSL Pages to one page

Hotspot has HTTPS redirect in the settings - and the redirect can work, however you will always get SSL errors that the user will have to accept. You cant make it do a clean redirect.
by joegoldman
Sun Mar 17, 2019 11:35 pm
Forum: Beginner Basics
Topic: Radus server in my Mikrotik router
Replies: 6
Views: 298

Re: Radus server in my Mikrotik router

You can use userman as a built in Radius sever, however its generally more for Hotspot usage, if your looking for 802.1x auth it might not work for that. Im not sure.
by joegoldman
Wed Mar 13, 2019 2:01 am
Forum: Beginner Basics
Topic: Simplest Route Rule Possible.
Replies: 13
Views: 485

Re: Simplest Route Rule Possible.

There is kind of a way - if that is the ONLY thing in vlan55, then you can add VLAN 55 to a VRF and add the default route for that VRF out the ether1 cable WANIP. If you are not wanting to put the interface into VRF and single out only the traffic for that one IP, then you will need to use a mangle ...
by joegoldman
Mon Mar 11, 2019 1:05 am
Forum: General
Topic: Scaling Mikrotik
Replies: 5
Views: 415

Re: Scaling Mikrotik

Mikrotik is horizontal scaling. Basically start with redundant pairs everywhere - once you start getting to the 50-60% resource usage, add another 1 or 2 next to it. You really dont want resources hitting up over 75% at all to be safe. I'd personally have your core very very simple, just pure routin...
by joegoldman
Mon Mar 11, 2019 12:56 am
Forum: General
Topic: local proxies breaks speed limit
Replies: 5
Views: 243

Re: local proxies breaks speed limit

Are you running a web-proxy on the mikrotik? Are your bw-limits on forwarding traffic? Once traffic is proxied through the router it becomes input/output rather than forward technically, so your queus may be set up wrong to account for that. Do an /export hide-sensitive and post it in code tags so w...
by joegoldman
Wed Mar 06, 2019 11:57 am
Forum: RouterOS v7
Topic: RouterOS v7.0 beta1 - when?
Replies: 510
Views: 117321

Re: RouterOS v7.0 beta1 - when?

THE GOOD NEWS IS, that once RouterOS is brought up to date on 4.x kernel - it should be a fairly straight run to keep it updated. The Linux Kernels are not feature releases, meaning the diff between 4.20 and 5.0 is just patches, not a huge new architecture or anything. We just gotta make this one bi...
by joegoldman
Tue Mar 05, 2019 5:12 pm
Forum: Beginner Basics
Topic: I've locked myself out of the router admin interface.
Replies: 2
Views: 163

Re: I've locked myself out of the router admin interface.

If using winbox, try using neighbours and connecting via MAC protocol.

Alternatively, plug another mikrotik into it and use mac-telnet from mikrotik to mikrotik or Rommon (if enabled) which uses L2 protocols as well, so bypasses IP addressing.
by joegoldman
Sun Mar 03, 2019 11:41 pm
Forum: Forwarding Protocols
Topic: Valid router to use in a peering point
Replies: 6
Views: 408

Re: Valid router to use in a peering point

(I've always thought MT should release a CCR1009-8G-2S+)...
There is the CCR1036 8G 2S+ if your after more, or even the 1072-8S+, or what we've done is breakout using a CRS317-1G-16S+
by joegoldman
Fri Mar 01, 2019 11:41 pm
Forum: Forwarding Protocols
Topic: Transit and IX problem
Replies: 5
Views: 420

Re: Transit and IX problem

Best guess is you are importing routes from both, but because your cogent routers are older they are preferred (i.e. that bgp session came up first). I would set a BGP Local Pref on the IX routes only. If this is for inbound traffic only going via cogent, then make sure you are advertising your rang...
by joegoldman
Wed Feb 27, 2019 12:35 pm
Forum: General
Topic: Large route table, removing a static [SOLVED]
Replies: 8
Views: 1722

Re: Large route table, removing a static [SOLVED]

Yes this is my main complaint with Mikrotik at the core at the moment - it can import full tables in good-enough time but convergence is slow as when adding routes or removing routes - up to 5-10 minutes for me with about 1million BGP routes (With some static). I couldnt imagine running a CCR with m...
by joegoldman
Wed Feb 27, 2019 12:28 am
Forum: RouterOS v7
Topic: RouterOS v7.0 beta1 - when?
Replies: 510
Views: 117321

Re: RouterOS v7.0 beta1 - when?

The development going into 6.x is development FOR 7.x as well. A lot of the roadmapped features have been put into 6.x because of the delays 7.x brings. 7.x isnt going to suddenly have a heap of new features, 7.x will likely be the latest 6.x but on new kernel, and will take a few iterations to star...
by joegoldman
Sat Feb 23, 2019 12:23 am
Forum: Beginner Basics
Topic: disable PPPoE connections go to html page
Replies: 4
Views: 436

Re: disable PPPoE connections go to html page

Without radius etc, one way would be to change the remote address on their secret - i.e. have an 'internal' / 'suspended' pool thats not a public IP that they get, then in your mikrotik have mangle rules for any traffic from that range to be redirected to your server where the HTML page is.
by joegoldman
Fri Feb 22, 2019 3:42 am
Forum: Wireless Networking
Topic: Selection guide for PtP links Ranges?
Replies: 10
Views: 435

Re: Selection guide for PtP links Ranges?

I answered your questions - how could I give you any more advice without knowing the link requirements and specifics - in which case we'd be at a point of billing you for my consulting time if you want me to design your whole link.
by joegoldman
Thu Feb 21, 2019 10:24 pm
Forum: Wireless Networking
Topic: Selection guide for PtP links Ranges?
Replies: 10
Views: 435

Re: Selection guide for PtP links Ranges?

Max range would be in test conditions. Max range can be affected by weather, noise floor, line of sight, your countries EIRP etc etc. I would not want to be trying to push the max distance of items. You can mix and match, you just may end up with better signal one way then the other. Sometimes bigge...
by joegoldman
Thu Feb 21, 2019 1:25 pm
Forum: General
Topic: I Can't set 802.1p on VLAN for DHCP [probably BUG]
Replies: 7
Views: 377

Re: I Can't set 802.1p on VLAN for DHCP [probably BUG]

send a supout and explanation of your bug to support@mikrotik.com
by joegoldman
Thu Feb 21, 2019 9:17 am
Forum: General
Topic: Easy method to update 300 MikroTik
Replies: 2
Views: 297

Re: Easy method to update 300 MikroTik

No supported way - most people build it out with API scripts and updaters - DUDE might be able to do some of it.
by joegoldman
Sat Feb 16, 2019 5:10 am
Forum: General
Topic: mikrotik wrong username or password
Replies: 5
Views: 436

Re: mikrotik wrong username or password

Was it old RouterOS version? If so its likely been hacked. Good news is, being old version you can use the same hack to re-gain access - but once its been compromised you should take config export, make sure no bad config is in there, and do a fresh net-install.
by joegoldman
Sat Feb 16, 2019 5:08 am
Forum: Announcements
Topic: v6.44rc [testing] is released!
Replies: 67
Views: 10770

Re: v6.44rc [testing] is released!

what does /tool speed-test test to? Do we host a server? Is it same as bandwidth-test and will TCP tests be CPU limited?
by joegoldman
Thu Feb 07, 2019 5:21 am
Forum: General
Topic: Use a Routerboard to tag packets for a management VLAN
Replies: 7
Views: 676

Re: Use a Routerboard to tag packets for a management VLAN

Laptop ---> Ether1 - Ether2 ----> Network In this scenario (Ether1/Ether2 being your bridge Mikrotik) you'd create a vlan interface on Ether2 with vlanID on 100, then create a bridge interface, and add Ether1 and Vlan100 interface, so you are being bridged straight into the VLAN tagged interface. Th...
by joegoldman
Thu Feb 07, 2019 5:16 am
Forum: RouterBOARD hardware
Topic: Why people pair UBNT APs with MikroTik routers?
Replies: 55
Views: 26207

Re: Why people pair UBNT APs with MikroTik routers?

I've done both. I've got many CAPsMAN installs with wAP AC's and cAP AC's in, without issue. I prefer Mikrotik for the flexibility and extra config options. I had a big job that I had to put Ubiquiti in for the pure fact of short time frame and stock availability (this wasnt long after the factory f...
by joegoldman
Wed Feb 06, 2019 5:37 am
Forum: Forwarding Protocols
Topic: IXP routes should be preferred
Replies: 4
Views: 372

Re: IXP routes should be preferred

You are running multiple instances? YOu should only really be doing that for multiple host AS's

In any case, post the output of /export hide-sensitive so we can see what the issue is.
by joegoldman
Wed Feb 06, 2019 1:37 am
Forum: Forwarding Protocols
Topic: IXP routes should be preferred
Replies: 4
Views: 372

Re: IXP routes should be preferred

Guessing you have ignore as path len enabled which means AS Path will not be considered in the best-path selection, in which case the first 'installed' route would be the best based on the other attributes. For IX routes, best practise (in my opinion) is to import them with a high local-pref, which ...
by joegoldman
Sun Feb 03, 2019 10:51 pm
Forum: RouterBOARD hardware
Topic: For real, what is with these blinding power leds?
Replies: 11
Views: 1011

Re: For real, what is with these blinding power leds?

Yes noticed this on my new 4011 i was hoping I could turn it off in the software but nup, I will be black taping it to keep it down, literally shines through multiple rooms if I leave the office door open haha.
by joegoldman
Sat Feb 02, 2019 12:04 pm
Forum: General
Topic: WINDOWS AUTHENTICATE WITH MIKROTIK USERS
Replies: 1
Views: 244

Re: WINDOWS AUTHENTICATE WITH MIKROTIK USERS

You want users to login to the Mikrotik with their Windows credentials? Or you want users to log into Windows with Mikrotik credentials? You could potentially run RADIUS in front of a windows DC server and have people log into mikrotiks with Windows Credentials, the other way around I do not believe...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 10