Community discussions

Search found 478 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 10
by joegoldman
Mon Aug 12, 2019 5:36 am
Forum: RouterBOARD hardware
Topic: CRS312, CRS326-24S+2Q+ MIPSBE CPU?
Replies: 5
Views: 703

Re: CRS312, CRS326-24S+2Q+ MIPSBE CPU?

I'm sure QSFP+ enabled routers (CCR2xxx) range will be in the pipeline, these switches are basically the introduction to them. A 1072 equivalent with 2x QSFP and 6+ SFP+ ports will be magical for core routing.
by joegoldman
Mon Aug 12, 2019 4:32 am
Forum: RouterBOARD hardware
Topic: CRS312, CRS326-24S+2Q+ MIPSBE CPU?
Replies: 5
Views: 703

Re: CRS312, CRS326-24S+2Q+ MIPSBE CPU?

These aren't marketed (or priced) as full L3 switches. Yes you can route ports to CPU and run some L3 functions, but it is not a fully featured / full wire rate L3 switch, so if thats what you want this product for then this product is not for you. You'd have to send in your recommendations to Mikro...
by joegoldman
Mon Aug 05, 2019 1:50 am
Forum: Forwarding Protocols
Topic: 'Mesh' Network MPLS design
Replies: 0
Views: 255

'Mesh' Network MPLS design

Hi Forum, Running a decentralised mesh style network, where we have 10-20 sites interconnected via PtP links in big and small loops. Each site terminates PPPoE services locally and installs the customer route in the route table via OSPF - this is working well so far. However I have been thinking of ...
by joegoldman
Mon Aug 05, 2019 1:40 am
Forum: General
Topic: MTU settings for provider network
Replies: 0
Views: 180

MTU settings for provider network

Hi Forum, Looking to know your thoughts on MTU settings for provider networks. We run a decentralised core style setup - a PtMP wireless network from multiple tours. Each tower has an RB1100AHx4 or an RB3011 at the bottom, these routers terminate all local PPPoE sessions and then run OSPF between th...
by joegoldman
Wed Jul 17, 2019 9:49 am
Forum: General
Topic: VLAN within a VLAN
Replies: 5
Views: 422

Re: VLAN within a VLAN

Yes Possible, its called Q-in-Q. On Mikrotik its more referred to as S-tag, which would be the outer tag. So you could potentially: VLAN100 - STag enabled VLAN101 - Parent Int VLAN100 VLAN102 - Parent Int VLAN100 etc but networks between you and remote need to support you tagging this way too, they ...
by joegoldman
Mon Jul 08, 2019 1:57 pm
Forum: General
Topic: CSS610-8P-2D+OUT availability
Replies: 3
Views: 347

Re: CSS610-8P-2D+OUT availability

Considering the only reference to that part number I can find is this one thread, you'll have to be more specific at what device your looking at. Do you have a link to the announcement for it?
by joegoldman
Mon Jul 08, 2019 12:56 am
Forum: General
Topic: RULE for BANKS
Replies: 15
Views: 760

Re: RULE for BANKS

Your request is way too ambitious and unlikely. The easiest way is to look at the different RIR's, and find banking organisations, then you will have their IP blocks. Not all banks are likely to have their own allocation though. Then you get those who host their user services front-end in a cloud li...
by joegoldman
Mon Jul 08, 2019 12:53 am
Forum: Forwarding Protocols
Topic: OSPF Force path for specific subnet
Replies: 6
Views: 522

Re: OSPF Force path for specific subnet

Static routes, with check-gateway = ping.

So if Link A is your defailt and you want a specific subnet to go via Link B, then static route with check gateway on Link B (or a netwatch script, which is just as simple), so if Link B dies that traffic goes back via Link A
by joegoldman
Sun Jul 07, 2019 11:16 am
Forum: SwOS
Topic: CSS326-24G-2S+RM POE
Replies: 1
Views: 317

Re: CSS326-24G-2S+RM POE

Your switches are likely 802.3at/af Active PoE type switches - which is a common standard that a lot of things use, including some models of mikrotiks. The CSS326 unfortunately only accepts 24v Passive PoE in. The pinout is different, and voltage is different. Some switches, specifically managed, ca...
by joegoldman
Thu Jul 04, 2019 2:32 pm
Forum: Beginner Basics
Topic: Advice | Recommendation for new router
Replies: 10
Views: 649

Re: Advice | Recommendation for new router

hAP ac / ac Pro if you want something smaller/cheaper

RB4011 if you want a beast of a router.
by joegoldman
Thu Jul 04, 2019 2:26 pm
Forum: Beginner Basics
Topic: admin password recovery
Replies: 6
Views: 495

Re: admin password recovery

Do you have any .backup files? I believe they contain user passwords in them that can be extracted. Other then that, its too new for the old password database hack, you might not have much choice but to factory reset and rebuild - and learn a lesson on having multiple accounts/passwords or complete ...
by joegoldman
Thu Jul 04, 2019 2:23 pm
Forum: Beginner Basics
Topic: How to setup Captive Portal on Mikrotik Router?
Replies: 1
Views: 187

Re: How to setup Captive Portal on Mikrotik Router?

https://wiki.mikrotik.com/wiki/Hotspot_server_setup

https://wiki.mikrotik.com/wiki/HotSpot_ ... login_page

Mikrotik doesnt host PHP pages natively, if you want a PHP page specifically you'll have to externally host it and have your hotspot configured to point to it (all info in those 2 links)
by joegoldman
Thu Jul 04, 2019 2:21 pm
Forum: General
Topic: Choice router for central speed test
Replies: 7
Views: 469

Re: Choice router for central speed test

RB1100AHx4 or RB3011 - they have faster cores vs the CCR range which have many slower cores. 1100 or 3011 shoul dbe OK for 100mbit throughput testing.
by joegoldman
Wed Jul 03, 2019 11:23 pm
Forum: General
Topic: unwanted change of source IP in my traffic
Replies: 6
Views: 369

Re: unwanted change of source IP in my traffic

add action=masquerade chain=srcnat
This piece right here will masquerade all traffic everywhere. Define this better or get rid of it.
by joegoldman
Wed Jul 03, 2019 1:58 am
Forum: Scripting
Topic: Script to disable Wlan when no user are logged on
Replies: 8
Views: 716

Re: Script to disable Wlan when no user are logged on

Well - if its allowing for business hours, you'd disable wifi once last person logs off after say 5-6pm, so it doesnt force them off at a set time in case they are working back, but then leave it off till predetermined time like 7am. All depends on the setup and intent but makes sense to an extent, ...
by joegoldman
Tue Jul 02, 2019 2:27 pm
Forum: RouterBOARD hardware
Topic: RB4011 Metal temperature is really hot
Replies: 42
Views: 5611

Re: RB4011 Metal temperature is really hot

you will need active cooling, so buy a model with active cooling (RB1100AHx4 would be my suggestion).
Be careful choosing device, both RB1100AHx4 models have passive cooling!
Hrmm i swear I remember fan holes on the back of 1100 case - maybe im thinking older model? My bad.
by joegoldman
Tue Jul 02, 2019 3:06 am
Forum: RouterBOARD hardware
Topic: RB4011 Metal temperature is really hot
Replies: 42
Views: 5611

Re: RB4011 Metal temperature is really hot

you need to buy hardware for the installation, not just for the specs. If you are working in hot environments with no natural airflow / air-con then you will need active cooling, so buy a model with active cooling (RB1100AHx4 would be my suggestion). There is more to product selection then just spec...
by joegoldman
Tue Jul 02, 2019 2:01 am
Forum: General
Topic: Customer Traffic through Multiple Queues
Replies: 1
Views: 172

Customer Traffic through Multiple Queues

Hi Forum, Having an interesting problem I'd like to try figure out. I use PPPoE on my network for subscribers, when they login they get a dynamic pppoe interface simple queue, lets say 10mbit. On the transit side, I'd only like them to get 5mbit But local resources able to get the full 10mbit. My id...
by joegoldman
Sun Jun 30, 2019 8:34 am
Forum: General
Topic: Out of the box problem with GUI
Replies: 3
Views: 442

Re: Out of the box problem with GUI

On the quickset page, after ticking address acquisition to be 'Automatic' you have to hit 'Apply Configuration' down the bottom right for it to stick. Then you can go into Webfig, go to ip->addresses to see the address asigned to you, or you can go ip->dhcp client to see the status of your dhcp requ...
by joegoldman
Thu Jun 27, 2019 12:56 am
Forum: General
Topic: Best Way to Isolate Bridges to Reach Each Other's IPs
Replies: 26
Views: 1311

Re: Best Way to Isolate Bridges to Reach Each Other's IPs

just easy forward rule, in-interface=a, out-interface=b action=drop, and vice versa, that way no traffic can go between a and b.
by joegoldman
Wed May 29, 2019 2:54 am
Forum: General
Topic: NBN FTTC TPG NCD + MT
Replies: 2
Views: 301

Re: NBN FTTC TPG NCD + MT

This is more a TPG thing then a NBN or even Mikrotik thing - so the post probably has little relevance here - might be a good post for the Australian Whirlpool forums or something. In particular though, your question of whether or not using your buddies username would give you more speed - the answe...
by joegoldman
Tue May 21, 2019 3:11 am
Forum: General
Topic: Very unusual situation Two bad CCRs in a row?
Replies: 1
Views: 206

Re: Very unusual situation Two bad CCRs in a row?

Its unlikely to be a hardware issue if 2 are doing it. 3011 and ccr1009 are fundamentally different in configurations of ports (switch vs routed etc etc) so there may be snafu's in the config. Post an /export hide-sensitive and mask any identifiable information, and explain which part exactly is not...
by joegoldman
Thu May 02, 2019 12:14 pm
Forum: Scripting
Topic: Script initiate Winbox windows?
Replies: 3
Views: 313

Re: Script initiate Winbox windows?

I prefer not to use webfig - I want it for myself too as super user - so dont want to be logging out / in all the time, and I dont think the skinning tool is flexible enough, as I want the same tool but in many different configs, mostly I want the ping and traceroute tool but with specified src-addr...
by joegoldman
Thu May 02, 2019 12:45 am
Forum: Scripting
Topic: Script initiate Winbox windows?
Replies: 3
Views: 313

Script initiate Winbox windows?

Hi *, I think I know the answer to this already (no) - but is there a way to make a script initiate a winbox GUI element? i.e. I run certain tests / traceroutes / pings etc with different VRF's or source IP's to test different parts of my network - it would be handy if I could 'pre-script' these so ...
by joegoldman
Wed May 01, 2019 2:11 pm
Forum: Forwarding Protocols
Topic: Create BGP communities [SOLVED]
Replies: 3
Views: 541

Re: Create BGP communities [SOLVED]

yes, you dont 'create' communities, routes are tagged with community strings. So when you receive routes from a downstream peer, then when distributing upstream you use route filters community option to decide what to do with them, i.e. can block all routes with community 111:222 or whatever you cho...
by joegoldman
Tue Apr 30, 2019 2:14 am
Forum: General
Topic: implementation of bgp filters on ipv6 tab
Replies: 2
Views: 216

Re: implementation of bgp filters on ipv6 tab

On routing filters, use Address Family option (IP or IPv6) to apply that filter to only one type of address, so you dont catch v4 and v6 together.
by joegoldman
Tue Apr 23, 2019 9:28 pm
Forum: Forwarding Protocols
Topic: Your experience with larger/diverse Area0 OSPF networks?
Replies: 19
Views: 1236

Re: Your experience with larger/diverse Area0 OSPF networks?

At only 7 sites in and 250 routes, we are already looking for a new solution before we grow out of control. There are a few options considering. Unfortunately OSPF will always need to be part of it, but thinking of moving OSPF to Loopback propagation only, and MPLS for customer routes. This can have...
by joegoldman
Mon Apr 22, 2019 11:30 am
Forum: Forwarding Protocols
Topic: OSPF LOOP [SOLVED]
Replies: 2
Views: 431

Re: OSPF LOOP [SOLVED]

So is it mesh or is it ring? If ring network like you describe (but then add in x-connects between them), are you bridging the interfaces so all routers appear on 1 broadcast domain? If so then this would cause your issue. You may need to turn of OSPF broadcast stuff and to a PtMP style connection b...
by joegoldman
Mon Apr 22, 2019 11:26 am
Forum: General
Topic: Port Knocking, avoid scan-caused false positives?
Replies: 17
Views: 841

Re: Port Knocking, avoid scan-caused false positives?

I would think to do it different. If they are doing a huge port scan, then maybe a rule where if dst-port = 5999,6001,6999,7001 then add to list portscanner then on your portknocking do src-address-list!=portscanner This should cover scanners going up and down the list, and covers you for hitting 70...
by joegoldman
Mon Apr 22, 2019 11:22 am
Forum: General
Topic: Walled Garden fbcdn.net
Replies: 4
Views: 496

Re: Walled Garden fbcdn.net

It's because your rule is the first rule - and explicitly drops all https traffic. The rule that allows the walled garden values likely comes after that. paste your /ip firewall filter export and we may be able to tell you the best place to pop the rule. Walled garden setup already restricts user br...
by joegoldman
Mon Apr 22, 2019 9:43 am
Forum: General
Topic: Feature Request : Browser on Winbox
Replies: 11
Views: 10314

Re: Feature Request : Browser on Winbox

Or you can have port forwards - with firewall rule to stop certain IP's, or just enable the NAT while you are working on it etc etc. I go a step further and have port-knock on my devices that puts my current WAN IP in an address-ilst that is allowed to access NAT rules to access wireless gear behind...
by joegoldman
Mon Apr 22, 2019 4:14 am
Forum: General
Topic: How are hardware ports associated with names
Replies: 5
Views: 566

Re: How are hardware ports associated with names

There is an attribute attached to the interface, more-so hidden in the details "default-name" (do an /interface print detail) - this will refer to the hard port as labelled, i.e. ether1 would be port1. This is a quick last resort, its not quick and easy information to grab. I tend to name my ports k...
by joegoldman
Fri Apr 19, 2019 12:40 am
Forum: Beginner Basics
Topic: 0.0.0.253 ip
Replies: 10
Views: 784

Re: 0.0.0.253 ip

post your config (/export hide-sensitive) in code tags and we may be able to help.
by joegoldman
Tue Apr 16, 2019 3:10 am
Forum: General
Topic: who can I hire to get a export to work as an import an a clone [SOLVED]
Replies: 7
Views: 491

Re: who can I hire to get a export to work as an import an a clone [SOLVED]

the all-packages .zip files seem to work so you could download your architecture that way and then just upload the relevant packages that you have installed, bit of a round-a-bout way to do it though.
by joegoldman
Sat Apr 13, 2019 11:43 am
Forum: General
Topic: Mikrotik IP Cloud vs P2P
Replies: 8
Views: 541

Re: Mikrotik IP Cloud vs P2P

IPv6 is still a second class citizen overall - I found many services where my IPv6 would take over but it would take a worse route or have a degraded service because someone somewhere in the path didnt put as much effort into their traffic engineering for IPv6 as they did IPv4, as IPv4 is the mainst...
by joegoldman
Mon Apr 08, 2019 8:23 am
Forum: General
Topic: Why can my /30 subnet can talk to other subnets?
Replies: 5
Views: 458

Re: /30 subnet can talk to other subnets

It is because your clients and your router know where to look for each other. In a /24, they would talk directly as they are same broadcast domain, but in your example they are sending traffic to the router, and the router knows 'hey i know how to get to IP x' so routes it, no issue. Best thing to d...
by joegoldman
Wed Apr 03, 2019 1:48 pm
Forum: General
Topic: PPP Secrets - DNS Server
Replies: 3
Views: 287

Re: PPP Secrets - DNS Server

Yes you could use the On Up and On Down scripting tool in ppp profiles, go over to the scripting part of the wiki and you'll be able to start making some scripts

https://wiki.mikrotik.com/wiki/Manual:Scripting
by joegoldman
Tue Apr 02, 2019 2:21 am
Forum: Scripting
Topic: Trying to create a script to enable Mikrotik DHCP server if Microsoft DCHP Server is down.
Replies: 2
Views: 298

Re: Trying to create a script to enable Mikrotik DHCP server if Microsoft DCHP Server is down.

Why not run a DHCP 24/7 but put it on authoritative with 2s or 10s delay, so the Microsoft server has time to respond to DHCP requests first if it doesnt then the mikrotik one will.
by joegoldman
Wed Mar 27, 2019 1:11 am
Forum: General
Topic: 10.000 Clients on One Server
Replies: 7
Views: 478

Re: 10.000 Clients on One Server

You dont want one hardware failure taking out so many clients, given how cheap Mikrotik hardware is compared to other big platforms, I'd go with up to 5x 36cores with the intent of 2k per router, that way if one fails each router can just go up to 2.5k and handle the load easily.
by joegoldman
Tue Mar 26, 2019 11:46 pm
Forum: Forwarding Protocols
Topic: Make OSPFv3 use Global IPv6 addresses instead of LinkLocal? [SOLVED]
Replies: 3
Views: 1285

Re: Make OSPFv3 use Global IPv6 addresses instead of LinkLocal? [SOLVED]

Yes, this is quite common in IPv4 space as well, called a Loopback address. For nice traceroutes, I actually set pref-source on all routes to the loopback address too so you dont have to name / PTR and catalog all the interface addresses.
by joegoldman
Tue Mar 26, 2019 6:25 am
Forum: Wireless Networking
Topic: Is possible to set up a RBaCPGi-5acD2nD dual bands with one ssid?
Replies: 4
Views: 335

Re: Is possible to set up a RBaCPGi-5acD2nD dual bands with one ssid?

Just by naming them all the same, they will essentially switch from one AP to the other. Client devices determine how/when they switch to another AP, but you can use connect lists to disassociate people at a certain signal level and force them to re-scan. Easiest way to do this would be use CAPsMAN ...
by joegoldman
Tue Mar 26, 2019 12:36 am
Forum: SwOS
Topic: Can run OSPF on CRS326-24G-2S+RM
Replies: 4
Views: 566

Re: Can run OSPF on CRS326-24G-2S+RM

also all routing is done in CPU - CPU's are quite limited in the switches. You may not get much data routed on a switch.
by joegoldman
Sat Mar 23, 2019 10:34 am
Forum: General
Topic: help to create server radius with sql and and web php form [SOLVED]
Replies: 3
Views: 335

Re: help to create server radius with sql and and web php form [SOLVED]

Mikrotik talks RADIUS - configuring FreeRADIUS to work with Mikrotik is a non-issue, as they work out of the box. Your question is more a FreeRADIUS question, I would suggest seeking help from the FreeRADIUS forums or other help-areas dedicated to that program, to learn how to configure your system ...
by joegoldman
Sat Mar 23, 2019 10:23 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request: 6VPE (VPNv6) - ipv6 address family
Replies: 4
Views: 1107

Re: Feature Request: 6VPE (VPNv6) - ipv6 address family

Most likely you will see this implemented in ROS v7.
Normis says ROS v7 doesnt exist :P

Sorry i kid i kid.
by joegoldman
Fri Mar 22, 2019 3:41 am
Forum: RouterBOARD hardware
Topic: wAP 60Gx3 AP - anyone already tested it?
Replies: 7
Views: 790

Re: wAP 60Gx3 AP - anyone already tested it?

I'd love to try 60ghz out in some of our busier areas mostly because 5ghz is super noisy. How wide are the channels, and how much spectrum can be accessed by these devices? i.e. since each chip can only hand 8 stations (so thats 24 clients per wAP 60Gx3) how many of these could I comfortably run on ...
by joegoldman
Thu Mar 21, 2019 11:58 pm
Forum: Beginner Basics
Topic: Is it OK for all leds to run at once like this ?
Replies: 2
Views: 251

Re: Is it OK for all leds to run at once like this ?

They are not perfectly synced - being on the same bridge means there's absolutely some traffic that will hit all ports simultaneously (e.g. broadcast) along with traffic that wont. Nothing seems amiss to me.
by joegoldman
Sun Mar 17, 2019 11:40 pm
Forum: General
Topic: Redirect All SSL Pages to one page
Replies: 4
Views: 288

Re: Redirect All SSL Pages to one page

Hotspot has HTTPS redirect in the settings - and the redirect can work, however you will always get SSL errors that the user will have to accept. You cant make it do a clean redirect.
by joegoldman
Sun Mar 17, 2019 11:35 pm
Forum: Beginner Basics
Topic: Radus server in my Mikrotik router
Replies: 6
Views: 389

Re: Radus server in my Mikrotik router

You can use userman as a built in Radius sever, however its generally more for Hotspot usage, if your looking for 802.1x auth it might not work for that. Im not sure.
by joegoldman
Wed Mar 13, 2019 2:01 am
Forum: Beginner Basics
Topic: Simplest Route Rule Possible.
Replies: 13
Views: 602

Re: Simplest Route Rule Possible.

There is kind of a way - if that is the ONLY thing in vlan55, then you can add VLAN 55 to a VRF and add the default route for that VRF out the ether1 cable WANIP. If you are not wanting to put the interface into VRF and single out only the traffic for that one IP, then you will need to use a mangle ...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 10