Community discussions

MikroTik App

Search found 551 matches

  • 1
  • 2
by joegoldman
Mon Nov 16, 2020 11:20 pm
Forum: General
Topic: Uptime rollover bug/SNMP
Replies: 3
Views: 289

Re: Uptime rollover bug/SNMP

497 days is a long time to go without security upgrades etc. Perhaps set up a yearly maintenance and upgrade cycle. Or at the least - have SNMP monitoring start warning at day 450, and become critical at day 480. Who knows - maybe uptime is 64bit int in newer version of RouterOS - a lot of new versi...
by joegoldman
Wed Oct 14, 2020 3:59 am
Forum: Beginner Basics
Topic: Accidently, I removed Interface ether1.
Replies: 4
Views: 350

Re: Accidently, I removed Interface ether1.


Is that even possible Normis? To remove the ethernet interface itself?
One would possibly assume accidentally removed it from the default bridge - which is why the device model is important - might be best to factory reset the device.
by joegoldman
Thu Oct 01, 2020 3:35 am
Forum: RouterBOARD hardware
Topic: NBN router for Australia
Replies: 4
Views: 338

Re: NBN router for Australia

Hi Lui, RBM33G is an odd choice - and more an integrator part - Mikrotik have much more fully fledged Home/SOHO offerings (see hAP range) NBN in Australia is not a ubiquitous network (no not ubiquiti :P) in that it uses a mix of technologies from Fixed Wireless, to VDSL (FTTN,FTTC), HFC, Satellite a...
by joegoldman
Tue Sep 29, 2020 7:22 am
Forum: General
Topic: Reverse proxy (like nginx) in Mikrotik
Replies: 2
Views: 539

Re: Reverse proxy (like nginx) in Mikrotik

No. Well maybe with L7 rules but I don't think so. And its not best to put reverse proxy in a router. Its not an all-in-one box, its a router. If you have control over both servers (nginx or apache) set one as the primary, and create a virtualhost for the other and reverse proxy from server 1 to ser...
by joegoldman
Tue Sep 22, 2020 3:33 am
Forum: General
Topic: PPPoE creation and PPPoE scan
Replies: 7
Views: 458

Re: PPPoE creation and PPPoE scan

you 100% can run multiple PPPoE servers on a single downstream interface - this is precisely why 'Service Name' was invented - so based on which service tag was issued it'd know which PPPoE server it was for. Why you are only seeing one, I don't know - might have something to do with the scan tool o...
by joegoldman
Fri Sep 18, 2020 9:04 am
Forum: General
Topic: Scheduler Reboot features not executing [SOLVED]
Replies: 4
Views: 317

Re: Scheduler Reboot features not executing [SOLVED]

Which will suck if Cloudflare DNS ever has a outage in their area :P Gotta be careful with watchdog ping - something in your control that you can move around is usually better, for instance I use a VRRP IP on 2 of my core routers so if a remote routers watchdog ping to that goes down either my whole...
by joegoldman
Fri Sep 18, 2020 5:17 am
Forum: General
Topic: Scheduler Reboot features not executing [SOLVED]
Replies: 4
Views: 317

Re: Scheduler Reboot features not executing [SOLVED]

Those checkboxes are the scripts 'permissions' so to speak, so you've given that script permission to do a reboot, but you still must have a script to do the reboot.
/system reboot
edit: You'll probably also want to set the interval to 1d as well if im not mistaken.
by joegoldman
Mon Sep 14, 2020 10:26 am
Forum: Announcements
Topic: v6.46.7 [long-term] is released!
Replies: 45
Views: 10530

Re: v6.46.7 [long-term] is released!

Hi Shouldn't we be seeing the changelog from 6.45.9 to 6.46.7 not from 6.46.6 ? Going up a major version in a long-term release should be looked over a bit more carefully before we take the plunge. Also what is the process for 'upgrading' a routerboard that does not have direct internet access from ...
by joegoldman
Wed Sep 09, 2020 2:09 pm
Forum: General
Topic: Multiple queues for pppoe user
Replies: 5
Views: 657

Re: Multiple queues for pppoe user

Because you are dynamically creating queue from ppp profile - traffic matches that first and is used so never hits the other queue. I haven't tried this solution before but your better bet is probably to make both queue's 'static' i.e. created and packet mark individually (or packet mark one then ha...
by joegoldman
Tue Sep 01, 2020 3:02 am
Forum: Announcements
Topic: WinBox v3.25 released!
Replies: 68
Views: 6314

Re: WinBox v3.25 released!

Problems with Winbox UI I'd like to see fixed 1) Category Grouping Happening for quite a while, it used to work as expected - the 'Show Categories' grouping only bases and groups based on 'First Character' (on any field), for instance if I have 5 routers with Username 'joe' and 5 routes with usernam...
by joegoldman
Thu Aug 27, 2020 1:12 am
Forum: RouterOS v7 BETA
Topic: Y u no can specify an interface in routers like you used to be able to?
Replies: 5
Views: 453

Re: Y u no can specify an interface in routers like you used to be able to?

More info required. What are you trying to do. What version are you running. What hardware are you running.
by joegoldman
Wed Aug 26, 2020 2:36 am
Forum: General
Topic: Router overhead
Replies: 2
Views: 221

Re: Router overhead

Its not just the router - remember that those speedtests generally show your average speed over the span of the test, so if you took a few seconds to ramp up to 100mbps, then the few seconds at lower speeds are then factored into your average. Along with that you have overhead in whatever protocol t...
by joegoldman
Wed Aug 26, 2020 2:30 am
Forum: General
Topic: Architecture and growth - how to know when to change
Replies: 7
Views: 1272

Re: Architecture and growth - how to know when to change

I think you are also expecting too much of sub-set services. The CCR's are not made to be an ISP grade DNS resolver. DNS server is mostly built in to do its own lookups - and recursive for local cache in the stance of home/smb/corporate. When you are talking 100's or 1000's of clients, and waterfall...
by joegoldman
Mon Aug 24, 2020 2:12 am
Forum: General
Topic: 2 BRAS With Same IP pool LIST
Replies: 7
Views: 1165

Re: 2 BRAS With Same IP pool LIST

RADIUS is the only answer if you want to use overlapping pool on both BRAS - which is common if using public IPv4 due to IP availability. You could potentially have scripts running to help manage this but it'd be messy and not fool proof so not great. RADIUS can manage a pool though if you don't wan...
by joegoldman
Fri Aug 14, 2020 7:48 am
Forum: Beginner Basics
Topic: Aggregate 2 CRS 125 24G 1S switches
Replies: 2
Views: 698

Re: Aggregate 2 CRS 125 24G 1S switches

They do not support stacking. You design this as a L2 network with whats required. Safest way is probably to plug 2nd switch into next port on router place the 2 switch uplinks on the router into a bridge and move any sub-interfaces(vlans) to that bridge interface, so the VLAN's span across the 2 sw...
by joegoldman
Wed Aug 12, 2020 9:41 am
Forum: General
Topic: Nth Load balancing -Slow speed
Replies: 7
Views: 1269

Re: Nth Load balancing -Slow speed

As said above - load balancing per packet or similar systems won't work well on jittery connections - your best bet to use the 6mbit combined is to do it per connection, so a stream always uses only 1 SIM, and yes means that one stream is limited to 3mb, but as more connections happen it will balanc...
by joegoldman
Thu Aug 06, 2020 1:57 am
Forum: RouterBOARD hardware
Topic: 2004 hardware issues?
Replies: 26
Views: 3981

Re: 2004 hardware issues?

Something like this is better sent to support@mikrotik.com to start a real case - this is a discussion forum not a proper support channel.
by joegoldman
Wed Jul 29, 2020 12:52 am
Forum: Beginner Basics
Topic: Different VLAN SVIs?
Replies: 2
Views: 726

Re: Different VLAN SVIs?

SVI, from my understanding, is jut a L3 interface for L2 VLAN to attach. Similar concept in RouterOS would be bridges, and assigning ports/vlan interfaces to the bridge, the bridge interface is now the 'SVI'. Depending on your device depends on how you'd do this though. Your better bet would be to s...
by joegoldman
Wed Jun 10, 2020 5:58 am
Forum: General
Topic: ccr1036 shutdown with smart plug - schedule on/off
Replies: 2
Views: 446

Re: ccr1036 shutdown with smart plug - schedule on/off

Will not damage turning off an on too bad. There is a shutdown process in RouterOS that you could use 10 mins before you turn off smart plug, but it sounds like a residential install which a 1036 is SUPER overpowered for, why not replace with a 3011 or ccr1009 that has passive cooling only or someth...
by joegoldman
Thu May 28, 2020 2:51 am
Forum: Announcements
Topic: Winbox v3.24 released!
Replies: 106
Views: 58196

Re: Winbox v3.24 released!

It'd be really great if you can fix group sorting I put all my routers into groups, then I sort by group and go 'Show Categories' - this used to work in that it would be unique per group, but for the last few releases it does it by first letter, so if I have a heap of Client1 Client1 Client2 Client2...
by joegoldman
Wed Apr 29, 2020 2:09 pm
Forum: Announcements
Topic: MikroTik newsletter May 2020 (#95)
Replies: 50
Views: 27985

Re: MikroTik newsletter May 2020 (#95)

Will CCR2X series come out straight with ROSv7 or will it be part of the v6 family first?
by joegoldman
Wed Apr 29, 2020 4:48 am
Forum: Beginner Basics
Topic: pleas help me [SOLVED]
Replies: 5
Views: 2005

Re: pleas help me [SOLVED]

It is always Best practice not to use your real Public IPs as an example... Your ISP gave you a /30 Subnet Block, lets say X.Y.Z.136/30 ... One of there addresses, usually the first one, so the 176.74.123.137 will be used by your ISP. The second one 176.74.123.138 must be used by you and setup on t...
by joegoldman
Mon Apr 06, 2020 2:36 pm
Forum: General
Topic: Fighting spam with a standard firewall
Replies: 10
Views: 2118

Re: Fighting spam with a standard firewall

Can you be more specific on what type of spam you are concerned about?? How to autodetect infected or spammer users what criteria do you want to be blocking them based on? You could monitor connection limits on standard ports and block users if they are connecting too much, but usually spam is dete...
by joegoldman
Mon Apr 06, 2020 2:22 pm
Forum: General
Topic: VRF basics - layer 3 separation
Replies: 2
Views: 1155

Re: VRF basics - layer 3 separation

In outside relation to your actual issue - please be aware that management services in RouterOS are not VRF aware and will not talk back to you via the VRF even if you can connect to it via that.

Your best bet is to leave main as management and create customer VRF's on top.
by joegoldman
Sun Mar 29, 2020 7:26 am
Forum: General
Topic: why
Replies: 4
Views: 1441

Re: why

Using quick set - you are correct changing subnet will delete the existing IP on it that you are likely connected through. You can get around this with mac-winbox (connect via MAC address not IP) that way IP's changing doesn't matter Or do it manually, dualstacking both IP's until you have the new o...
by joegoldman
Fri Mar 20, 2020 2:54 pm
Forum: Beginner Basics
Topic: L2TP/IPSec and Windows 10 road warriors
Replies: 4
Views: 1723

Re: L2TP/IPSec and Windows 10 road warriors

I literally configured mine by starting from default config and going into PPP->L2TP server settings and ticking use IPSec, and then whatever config was default in /ip ipsec area. Maybe export what you have and give some sample of your logs of failed logins and we can help identify whats wrong.
by joegoldman
Fri Mar 20, 2020 2:51 pm
Forum: General
Topic: Winbox save custom layout
Replies: 1
Views: 786

Re: Winbox save custom layout

Yes. Things are saved in 'Sessions' Usually it is a unique session by IP address you are connecting to, and it auto saves by default when you log out So when you log back into the same router - It will load what you had opened when you left. I prefer to have auto save OFF - and I logged in to a test...
by joegoldman
Fri Mar 20, 2020 2:13 pm
Forum: Forwarding Protocols
Topic: no enforce-first-as in RouterOS?
Replies: 10
Views: 3565

Re: no enforce-first-as in RouterOS?

hello,
Please what is the mikrotik equivalent of "no bgp enforce-first-as" on cisco
This very thread explains the equivalent (none). Read it.
by joegoldman
Fri Mar 20, 2020 11:50 am
Forum: Wireless Networking
Topic: CAPsman - Is this possible ?? [SOLVED]
Replies: 12
Views: 4262

Re: CAPsman - Is this possible ?? [SOLVED]

Make a security config in capsman (Security Cfg. tab) Have that as your master password Under COnfigurations, create a config for each SSID Make each config reference the one Security config for their security (Top option under Security tab in new config window) Assign the different configs to the d...
by joegoldman
Wed Mar 18, 2020 12:12 am
Forum: Announcements
Topic: Photos of towers and masts
Replies: 81
Views: 33214

Re: Photos of towers and masts

Not a big mikrotik install - we use Mikrotik routers everywhere but not so much wireless gear for various reasons. However we have started using the new 60ghz products for short haul stuff - here is a recent install with redundant links (60ghz to about 600m away, airfiber for a few km away) https://...
by joegoldman
Mon Jan 13, 2020 5:14 am
Forum: Beginner Basics
Topic: MultiCast between VLANS (Chromecast vlan1) to/from (PC/Mobile vlan2)
Replies: 13
Views: 4630

Re: MultiCast between VLANS (Chromecast vlan1) to/from (PC/Mobile vlan2)

No there is no real way to do this - unless you properly bridge the VLAN's making them 1 big broadcast domain anyways in a sense. The correct way it seems is to use an avahi reflector so a server that has visibility to both networks and just relays the discovery packets between them. From my underst...
by joegoldman
Thu Jan 09, 2020 3:53 am
Forum: General
Topic: CCR1036 DC input?
Replies: 6
Views: 1433

Re: CCR1036 DC input?

We used 2 separate standalone generic 24v PSU's.

We actually crammed 4x24v PSU's in a 1RU box - to power 2x CCR1036's. The box had A+B AC feed, and each AC feed powered 2x PSU's, then one PSU from each feed into each CCR.
by joegoldman
Thu Jan 09, 2020 3:50 am
Forum: General
Topic: Filter Rule slow speed with it enabled.
Replies: 5
Views: 1016

Re: Filter Rule slow speed with it enabled.

Try use src-address or src-address-list to limit the rule only to certain IPs or just your LAN ips so its only checking outgoing connections and not incoming as well. With it enabled, how many hits is it getting (open it up and you will see the packets per second rate on the rule) Why are you just b...
by joegoldman
Tue Jan 07, 2020 12:45 am
Forum: Beginner Basics
Topic: NAT with multiple public IP
Replies: 1
Views: 1306

Re: NAT with multiple public IP

You will also need hairpin nat

https://wiki.mikrotik.com/wiki/Hairpin_NAT
by joegoldman
Fri Jan 03, 2020 8:11 am
Forum: General
Topic: Filter Rule slow speed with it enabled.
Replies: 5
Views: 1016

Re: Filter Rule slow speed with it enabled.

So many questions here. What is the router you are using? What is the filter rule? With it enabled, how many hits is it getting (open it up and you will see the packets per second rate on the rule) Why are you just blocking it rather than finding and fixing the offending machine(s)? (Or is this ISP/...
by joegoldman
Fri Jan 03, 2020 8:06 am
Forum: General
Topic: Starting small ISP Project
Replies: 2
Views: 607

Re: Starting small ISP Project

Generally, you use PPPoE (or IPoE which is just a cut down DHCP server in a lot of ways) with RADIUS accounting. You can do this with your own billing package or you can use usermanager which is a mikrotik available package. Usermanager is limited in its features and billing, its generally a lot mor...
by joegoldman
Wed Jan 01, 2020 11:14 am
Forum: Scripting
Topic: what port except gaming port ? [SOLVED]
Replies: 2
Views: 2261

Re: what port except gaming port ? [SOLVED]

just do where dst-port != <gaming port>

Gaming port will be dependant on the game, and ther emight be a few. YOu'll have to research for each game.

Then you can put a matcher for high priority on dst-port = and a lower a priority on dst-port != or something
by joegoldman
Tue Dec 31, 2019 12:02 am
Forum: RouterOS v7 BETA
Topic: ROS-7-xxx-Dev--X86-64Bit-BGP
Replies: 3
Views: 3438

Re: ROS-7-xxx-Dev--X86-64Bit-BGP

It's still beta. They are testing function by function. There will be no set date. Wait until first release candidate if you want feature parity to ROS6 , ROS7 beta's will likely go for a long time.
by joegoldman
Wed Dec 18, 2019 11:44 pm
Forum: Beginner Basics
Topic: Factory Reset Mikrotik Router - Lost internet
Replies: 6
Views: 1149

Re: Factory Reset Mikrotik Router - Lost internet

You will need to reconfigure to suit your ISP, you may need to call them and ask them, do you need DHCP on the WAN, do you need PPPoE, set up the WAN then set up NAT etc - a lot of it may be possible through quick set, you'll just need to know what is needed from your ISP.
by joegoldman
Wed Dec 18, 2019 12:00 pm
Forum: General
Topic: Port 80/443 block, except few Microsoft dev sources
Replies: 8
Views: 1170

Re: Port 80/443 block, except few Microsoft dev sources

This is more a job for a content firewall but it may be possble with some L7 matching rules - they are taxing on the router CPU so depends how much traffic you have but should be possible with some management overhead.
by joegoldman
Wed Dec 18, 2019 9:35 am
Forum: Beginner Basics
Topic: Publishing multiple web servers
Replies: 3
Views: 921

Re: Publishing multiple web servers

Dont know about TMG - but a slimline NGINX reverse proxy running on even a RPi (or small VM if you have VM hardware) is your only bet to route via host header. The Mikrotik only see's the TCP stream and can't really jump into the packets and determine host header - thats read by the webserver when i...
by joegoldman
Sun Dec 15, 2019 9:18 am
Forum: RouterBOARD hardware
Topic: CCR1036-8G-2S+EM physical ethernet port, where to get?
Replies: 5
Views: 3093

Re: CCR1036-8G-2S+EM physical ethernet port, where to get?

If everything else works besides that port - I think your best bet is to just accept the loss and run one port down, and plan on buying a new one. If you really need the extra port(s) perhaps look at a cheap-ish managed switch and breakout from that using VLAN's. I believe the level of repair you ar...
by joegoldman
Wed Dec 11, 2019 8:59 am
Forum: Announcements
Topic: v6.47beta [testing] is released!
Replies: 269
Views: 126769

Re: v6.47beta [testing] is released!

In v6.47beta there is a new menu added - "/system health gauges". You should use this for polling "Health" related data from all the RouterBOARDs.
Does this come with new associated MIBs / OID's? Or more for polling via API?
by joegoldman
Wed Dec 11, 2019 7:31 am
Forum: Wireless Networking
Topic: LHG60 with 5Ghz Backup
Replies: 21
Views: 4021

Re: LHG60 with 5Ghz Backup

If you happen to use Extreme switches, I found the PERFECT solution. Port Redundancy. Or an open standard like most switches LACP in an active/backup mode. Or could use multiple links into routers and OSPF cost metrics or MPLS with traffic engineering. There are multiple solutions to the problem, b...
by joegoldman
Wed Dec 11, 2019 4:01 am
Forum: RouterBOARD hardware
Topic: What is your opinion of Mikrotik routers?
Replies: 3
Views: 2983

Re: What is your opinion of Mikrotik routers?

As routers, like you said, their benefit comes in flexibility and price. Any model can do just about anything, i.e. tiny little $40 routers doing OSPF, BGP, MPLS etc. Once you know RouterOS you can do a lot. YOu just have to be more mindful of your updates, a bit more overhead in management and chan...
by joegoldman
Wed Dec 11, 2019 3:52 am
Forum: General
Topic: Limit Instagram App Speed
Replies: 4
Views: 1216

Re: Limit Instagram App Speed

It would work for a while but these domains have many IP's and could be routed to many endpoints. Your better bet would be some kind of L7 matching rule to get the domain and/or the CDN domains underneath, perhaps capture traffic on a few instagram app processes and see what domains it hits for data...
by joegoldman
Tue Dec 10, 2019 9:54 am
Forum: General
Topic: Cannot connect to services running on LAN machines, from the same LAN
Replies: 2
Views: 580

Re: Cannot connect to services running on LAN machines, from the same LAN

It is more likely this is a host firewall issue - on the same broadcast domain never really hits filter rules unless you have firewall filtering on the bridge interface enabled - within the same LAN it should all keep going. I don't believe this to be a mikrotik problem at all, check firewall on the...
by joegoldman
Tue Dec 10, 2019 8:58 am
Forum: Beginner Basics
Topic: Is it possible to make Mikrotik loop back?
Replies: 5
Views: 1458

Re: Is it possible to make Mikrotik loop back?

What you are looking for is hairpin NAT

https://wiki.mikrotik.com/wiki/Hairpin_NAT
by joegoldman
Sat Dec 07, 2019 7:55 am
Forum: General
Topic: Set Daily download limit
Replies: 1
Views: 505

Re: Set Daily download limit

You will need to use some kind of billing / user system based on RADIUS - the mikrotik built in one would be usermanager - it has very basic features and can integrate with pppoe, hotspot etc, or there are much more feature filled billing systems out there that you can use also.
by joegoldman
Sat Dec 07, 2019 7:54 am
Forum: Forwarding Protocols
Topic: Ospf multi ext gateway
Replies: 2
Views: 1876

Re: Ospf multi ext gateway

Its never too early to implement MPLS. The earlier you do it the less hassle you'll have to endure later. If your hoping to do it purely in OSPF - you will either need to run 2 route tables (VRF's) so they can have different gateways. You can separate the customers by either placing them directly in...
by joegoldman
Fri Nov 29, 2019 4:49 am
Forum: General
Topic: The sad state of OpenVPN
Replies: 12
Views: 3401

Re: The sad state of OpenVPN

Mikrotik were adding new features to OpenVPN in the ROSv7 Beta - so its likely they are going to concentrate on it again - its possible some of the limitations were based on the older kernel and now they putting the newer kernel in they might be able to expand support.
by joegoldman
Tue Nov 26, 2019 2:36 am
Forum: Virtualization
Topic: CHR 6.44.6 with VMWARE 6.7 dont balance cpus
Replies: 12
Views: 3184

Re: CHR 6.44.6 with VMWARE 6.7 dont balance cpus

My answer is still valid. I think you misunderstand CPU loads - you can never really perfectly balance processes among all CPU's. 'Ethernet' could have multiple threads. Thats why you see it on multiple CPU's, and on every CPU 'Firewall' could have multiple threads. Thats why you see it on multiple ...
by joegoldman
Tue Nov 26, 2019 12:32 am
Forum: Wireless Networking
Topic: Can we request for 2 types of firmware? [SOLVED]
Replies: 8
Views: 3969

Re: Can we request for 2 types of firmware? [SOLVED]

This will have a lot to do with moving to v7 on a 4.x kernel. The main reason for the custom drivers with new chipsets would be likely due to backporting to fit the older 2.x kernel that ROSv6 is running on (i believe its 2.x) Very excited for first official build of v7 with feature parity, so we ca...
by joegoldman
Wed Nov 13, 2019 6:54 am
Forum: Virtualization
Topic: CHR 6.44.6 with VMWARE 6.7 dont balance cpus
Replies: 12
Views: 3184

Re: CHR 6.44.6 with VMWARE 6.7 dont balance cpus

It is using all CPU's, you can actually see all but 2 CPU's with 'some' usage on them. In particuluar though it looks like 2 specific threads are busier, and are using a CPU each. A lot of processes in RouterOS are not perfectly multi-threaded. Some processes when they get busy will only use 1 CPU c...
by joegoldman
Sun Nov 10, 2019 12:40 pm
Forum: Wireless Networking
Topic: Chromecast is not discoverable on second AP
Replies: 10
Views: 2802

Re: Chromecast is not discoverable on second AP

they use mDNS / Bonjour protocols, so devices must be on the same broadcast domain - your best bet is to use some sort of proxy device that sits on both LANs and can relay the relevant discovery packets.
by joegoldman
Wed Oct 30, 2019 2:55 am
Forum: General
Topic: Multiple ISP w/ Bandwidth Sensitivity
Replies: 2
Views: 709

Re: Multiple ISP w/ Bandwidth Sensitivity

Yes some of it easier than others, walking you through it is likely a fruitless endeavour as it would require a decent amount of working knowledge. For routing certain devices via one internet connection look at routing marks and route tables to change the route for those singular devices. For your ...
by joegoldman
Mon Oct 28, 2019 1:59 pm
Forum: General
Topic: WAN DHCP Lease Renew Abnormal with NBN
Replies: 10
Views: 2247

Re: WAN DHCP Lease Renew Abnormal with NBN

Even if i request static ip address from ISP, the static ip is also delivered thru DHCP. No...! Ofcorse you can assign that static IP to an interface without the need of a dhcp client... Be sure of what you write before you tout it as gospel - this is DHCP but its mostly IPoE which is not your conv...
by joegoldman
Wed Oct 23, 2019 10:26 pm
Forum: RouterOS v7 BETA
Topic: Scope of v7.0
Replies: 6
Views: 4062

Re: Scope of v7.0

Is the scope of the first release of v7 covered by current beta? In other words is the current beta functionality-wise complete? I believe the plan is to be on parity with latest 6.4x releases - the main difference being its on new kernel and will enable certain performance increases and possible n...
by joegoldman
Wed Oct 23, 2019 1:24 am
Forum: General
Topic: Mikotik routing marks
Replies: 13
Views: 2078

Re: Mikotik routing marks

DO a full /export hide-sensitive so we can get an idea of your full setup.
by joegoldman
Thu Oct 17, 2019 4:55 am
Forum: Beginner Basics
Topic: mikrotik router date and time is false
Replies: 2
Views: 1003

Re: mikrotik router date and time is false

System->Clock to set it manually
System->SNTP Client to set it up to talk to an NTP server to set it automatically.
by joegoldman
Tue Oct 15, 2019 12:37 am
Forum: RouterBOARD hardware
Topic: New High Performance Routers ! ?
Replies: 48
Views: 11563

Re: New High Performance Routers ! ?

I see that it wont be happening at all in the near future. I'd hazard a guess at something by mid-2020, we have QSFP switches now I'm expecting a companion router - and not tile, less cores, more power per core, based on Router OS 7.0 (perhaps even a high powered ARM device given the 7.0beta has be...
by joegoldman
Sat Oct 12, 2019 11:47 am
Forum: Scripting
Topic: Script out entire router configuration or just a section of it?
Replies: 4
Views: 2102

Re: Script out entire router configuration or just a section of it?

Yes for templates I tend to set up a device how I like it and '/export' the entire config then go through it separately and turn certain things into variables with a config section up the top - so its easier and quicker to edit for different routers. I find you need to have a template version per de...
by joegoldman
Sun Sep 29, 2019 1:34 pm
Forum: Wireless Networking
Topic: CAPsMAN 5G and 2G network at same time
Replies: 11
Views: 3353

Re: CAPsMAN 5G and 2G network at same time

Same SSID and password, and let the client decide. There will be very limited cases where devices that wont prefer 5G will need 5G. If they are static devices (such as TV's) then you can ACL them onto 5G but ultimately if they are not bandwidth heavy then it won't really matter all that much.
by joegoldman
Tue Sep 24, 2019 2:48 am
Forum: RouterBOARD hardware
Topic: Recover from "No Default Configuration" System Reset
Replies: 17
Views: 3956

Re: Recover from "No Default Configuration" System Reset

you can also run winbox under wine with mac-winbox working OK - can be a bit iffy but it does work. Sometimes you have to wait for the device to go to link-local address (wont detect the router while still searching for IP) or just set a static IP. Once connection 'established' on your linux box, wi...
by joegoldman
Sun Sep 22, 2019 4:16 am
Forum: General
Topic: CRS 328 SFP+ Speed
Replies: 5
Views: 1261

Re: CRS 328 SFP+ Speed

Theoretically - as long as the disks in the NAS etc can sustain 10gbps, then yes the switch will forward 10gbps as long as its properly configured to use the switch chip.

When it's using the switch chip, it will forward traffic at full wire speed.
by joegoldman
Sat Sep 21, 2019 4:51 pm
Forum: General
Topic: CRS 328 SFP+ Speed
Replies: 5
Views: 1261

Re: CRS 328 SFP+ Speed

As ste is alluding to - the CRS is for switching, traffic generator would require the packets to hit the CPU and not be handled purely in switch chip. TO test speed of your CRS328 you would need something out another port to push to the CCR1009, so you are testing the CRS forwarding capability - whi...
by joegoldman
Wed Sep 18, 2019 2:52 am
Forum: General
Topic: CRS317-1G-16S+ Suddenly Stopped Hardware forwarding
Replies: 0
Views: 670

CRS317-1G-16S+ Suddenly Stopped Hardware forwarding

Hi Forum, Not sure if anyones seen this issue. I have a CRS317-1G-16S+ in production currently running 6.43.4. I have all running switchports in the bridge, with SFP+1 and SFP+2 in a Bonding interface, which is also in the bridge, and indicated hardware in the bridge port list for hardware offload. ...
by joegoldman
Fri Sep 13, 2019 4:37 am
Forum: Beginner Basics
Topic: Setting Mikrotik with Leased Line Topology
Replies: 8
Views: 1418

Re: Setting Mikrotik with Leased Line Topology

I've steered you to the likely answer - give it a go and tell me if it works. If you are not understanding what I am explaining then perhaps this task is beyond your capabilities and you should hire someone to help you. My explanation explains why you would not be able to ping the web server from yo...
by joegoldman
Thu Sep 12, 2019 7:18 am
Forum: Beginner Basics
Topic: Setting Mikrotik with Leased Line Topology
Replies: 8
Views: 1418

Re: Setting Mikrotik with Leased Line Topology

yep so .161 doesnt know how to get back to you, which likely means you are presenting as your internal IP 192.168.88.x. Like a normal internet connection, you'll need to NAT your connection out of that interface. /ip firewall nat add chain=srcnat action=masquerade out-interface=<whatever interface t...
by joegoldman
Thu Sep 12, 2019 6:52 am
Forum: Beginner Basics
Topic: Setting Mikrotik with Leased Line Topology
Replies: 8
Views: 1418

Re: Setting Mikrotik with Leased Line Topology

You'll likely also have to set a NAT rule to src-nat (or masquerade) for traffic out that interface as well, so it will appear as coming from 10.10.10.162 (as their network likely does not have a route back to you for 192.168.88.0/24)
by joegoldman
Thu Sep 12, 2019 4:41 am
Forum: Wireless Networking
Topic: 420Mbps inside trafic
Replies: 2
Views: 963

Re: 420Mbps inside trafic

that is specifically the CAPsMAN tunneling protocol - not sure why so much data would be going through it if not doing rolling upgrade etc - having it on all interfaces like that makes me think a bridge or loop issue. Perhaps see if you can capture the traffic and load it up in wireshark so you can ...
by joegoldman
Thu Sep 05, 2019 2:57 pm
Forum: General
Topic: Netflow and AS
Replies: 1
Views: 718

Re: Netflow and AS

It's been requested for years and never made it in, not really sure what the technical hurdle to this is apart from perhaps too many expensive route table lookups to get that information (RIB vs FIB), think about how long it takes to search the route table sometimes compared to other routing OS's. O...
by joegoldman
Tue Sep 03, 2019 7:39 am
Forum: Scripting
Topic: Changing autorun.scr no longer works
Replies: 7
Views: 2803

Re: Changing autorun.scr no longer works

This is a user forum - so yes wrong way to get an official answer. Email their support staff, support@mikrotik.com I believe is still the current one.
by joegoldman
Mon Aug 12, 2019 5:36 am
Forum: RouterBOARD hardware
Topic: CRS312, CRS326-24S+2Q+ MIPSBE CPU?
Replies: 7
Views: 4365

Re: CRS312, CRS326-24S+2Q+ MIPSBE CPU?

I'm sure QSFP+ enabled routers (CCR2xxx) range will be in the pipeline, these switches are basically the introduction to them. A 1072 equivalent with 2x QSFP and 6+ SFP+ ports will be magical for core routing.
by joegoldman
Mon Aug 12, 2019 4:32 am
Forum: RouterBOARD hardware
Topic: CRS312, CRS326-24S+2Q+ MIPSBE CPU?
Replies: 7
Views: 4365

Re: CRS312, CRS326-24S+2Q+ MIPSBE CPU?

These aren't marketed (or priced) as full L3 switches. Yes you can route ports to CPU and run some L3 functions, but it is not a fully featured / full wire rate L3 switch, so if thats what you want this product for then this product is not for you. You'd have to send in your recommendations to Mikro...
by joegoldman
Mon Aug 05, 2019 1:50 am
Forum: Forwarding Protocols
Topic: 'Mesh' Network MPLS design
Replies: 0
Views: 1968

'Mesh' Network MPLS design

Hi Forum, Running a decentralised mesh style network, where we have 10-20 sites interconnected via PtP links in big and small loops. Each site terminates PPPoE services locally and installs the customer route in the route table via OSPF - this is working well so far. However I have been thinking of ...
by joegoldman
Mon Aug 05, 2019 1:40 am
Forum: General
Topic: MTU settings for provider network
Replies: 0
Views: 532

MTU settings for provider network

Hi Forum, Looking to know your thoughts on MTU settings for provider networks. We run a decentralised core style setup - a PtMP wireless network from multiple tours. Each tower has an RB1100AHx4 or an RB3011 at the bottom, these routers terminate all local PPPoE sessions and then run OSPF between th...
by joegoldman
Wed Jul 17, 2019 9:49 am
Forum: General
Topic: VLAN within a VLAN
Replies: 5
Views: 895

Re: VLAN within a VLAN

Yes Possible, its called Q-in-Q. On Mikrotik its more referred to as S-tag, which would be the outer tag. So you could potentially: VLAN100 - STag enabled VLAN101 - Parent Int VLAN100 VLAN102 - Parent Int VLAN100 etc but networks between you and remote need to support you tagging this way too, they ...
by joegoldman
Mon Jul 08, 2019 1:57 pm
Forum: General
Topic: CSS610-8P-2D+OUT availability
Replies: 3
Views: 890

Re: CSS610-8P-2D+OUT availability

Considering the only reference to that part number I can find is this one thread, you'll have to be more specific at what device your looking at. Do you have a link to the announcement for it?
by joegoldman
Mon Jul 08, 2019 12:56 am
Forum: General
Topic: RULE for BANKS
Replies: 15
Views: 1833

Re: RULE for BANKS

Your request is way too ambitious and unlikely. The easiest way is to look at the different RIR's, and find banking organisations, then you will have their IP blocks. Not all banks are likely to have their own allocation though. Then you get those who host their user services front-end in a cloud li...
by joegoldman
Mon Jul 08, 2019 12:53 am
Forum: Forwarding Protocols
Topic: OSPF Force path for specific subnet
Replies: 6
Views: 2600

Re: OSPF Force path for specific subnet

Static routes, with check-gateway = ping.

So if Link A is your defailt and you want a specific subnet to go via Link B, then static route with check gateway on Link B (or a netwatch script, which is just as simple), so if Link B dies that traffic goes back via Link A
by joegoldman
Sun Jul 07, 2019 11:16 am
Forum: SwOS
Topic: CSS326-24G-2S+RM POE
Replies: 1
Views: 2159

Re: CSS326-24G-2S+RM POE

Your switches are likely 802.3at/af Active PoE type switches - which is a common standard that a lot of things use, including some models of mikrotiks. The CSS326 unfortunately only accepts 24v Passive PoE in. The pinout is different, and voltage is different. Some switches, specifically managed, ca...
by joegoldman
Thu Jul 04, 2019 2:32 pm
Forum: Beginner Basics
Topic: Advice | Recommendation for new router
Replies: 10
Views: 1818

Re: Advice | Recommendation for new router

hAP ac / ac Pro if you want something smaller/cheaper

RB4011 if you want a beast of a router.
by joegoldman
Thu Jul 04, 2019 2:26 pm
Forum: Beginner Basics
Topic: admin password recovery
Replies: 6
Views: 1642

Re: admin password recovery

Do you have any .backup files? I believe they contain user passwords in them that can be extracted. Other then that, its too new for the old password database hack, you might not have much choice but to factory reset and rebuild - and learn a lesson on having multiple accounts/passwords or complete ...
by joegoldman
Thu Jul 04, 2019 2:23 pm
Forum: Beginner Basics
Topic: How to setup Captive Portal on Mikrotik Router?
Replies: 1
Views: 2564

Re: How to setup Captive Portal on Mikrotik Router?

https://wiki.mikrotik.com/wiki/Hotspot_server_setup

https://wiki.mikrotik.com/wiki/HotSpot_ ... login_page

Mikrotik doesnt host PHP pages natively, if you want a PHP page specifically you'll have to externally host it and have your hotspot configured to point to it (all info in those 2 links)
by joegoldman
Thu Jul 04, 2019 2:21 pm
Forum: General
Topic: Choice router for central speed test
Replies: 7
Views: 1275

Re: Choice router for central speed test

RB1100AHx4 or RB3011 - they have faster cores vs the CCR range which have many slower cores. 1100 or 3011 shoul dbe OK for 100mbit throughput testing.
by joegoldman
Wed Jul 03, 2019 11:23 pm
Forum: General
Topic: unwanted change of source IP in my traffic
Replies: 6
Views: 871

Re: unwanted change of source IP in my traffic

add action=masquerade chain=srcnat
This piece right here will masquerade all traffic everywhere. Define this better or get rid of it.
by joegoldman
Wed Jul 03, 2019 1:58 am
Forum: Scripting
Topic: Script to disable Wlan when no user are logged on
Replies: 8
Views: 2305

Re: Script to disable Wlan when no user are logged on

Well - if its allowing for business hours, you'd disable wifi once last person logs off after say 5-6pm, so it doesnt force them off at a set time in case they are working back, but then leave it off till predetermined time like 7am. All depends on the setup and intent but makes sense to an extent, ...
by joegoldman
Tue Jul 02, 2019 2:27 pm
Forum: RouterBOARD hardware
Topic: RB4011 Metal temperature is really hot
Replies: 53
Views: 15660

Re: RB4011 Metal temperature is really hot

you will need active cooling, so buy a model with active cooling (RB1100AHx4 would be my suggestion).
Be careful choosing device, both RB1100AHx4 models have passive cooling!
Hrmm i swear I remember fan holes on the back of 1100 case - maybe im thinking older model? My bad.
by joegoldman
Tue Jul 02, 2019 3:06 am
Forum: RouterBOARD hardware
Topic: RB4011 Metal temperature is really hot
Replies: 53
Views: 15660

Re: RB4011 Metal temperature is really hot

you need to buy hardware for the installation, not just for the specs. If you are working in hot environments with no natural airflow / air-con then you will need active cooling, so buy a model with active cooling (RB1100AHx4 would be my suggestion). There is more to product selection then just spec...
by joegoldman
Tue Jul 02, 2019 2:01 am
Forum: General
Topic: Customer Traffic through Multiple Queues
Replies: 1
Views: 501

Customer Traffic through Multiple Queues

Hi Forum, Having an interesting problem I'd like to try figure out. I use PPPoE on my network for subscribers, when they login they get a dynamic pppoe interface simple queue, lets say 10mbit. On the transit side, I'd only like them to get 5mbit But local resources able to get the full 10mbit. My id...
by joegoldman
Sun Jun 30, 2019 8:34 am
Forum: General
Topic: Out of the box problem with GUI
Replies: 3
Views: 815

Re: Out of the box problem with GUI

On the quickset page, after ticking address acquisition to be 'Automatic' you have to hit 'Apply Configuration' down the bottom right for it to stick. Then you can go into Webfig, go to ip->addresses to see the address asigned to you, or you can go ip->dhcp client to see the status of your dhcp requ...
by joegoldman
Thu Jun 27, 2019 12:56 am
Forum: General
Topic: Best Way to Isolate Bridges to Reach Each Other's IPs
Replies: 26
Views: 3303

Re: Best Way to Isolate Bridges to Reach Each Other's IPs

just easy forward rule, in-interface=a, out-interface=b action=drop, and vice versa, that way no traffic can go between a and b.
by joegoldman
Wed May 29, 2019 2:54 am
Forum: General
Topic: NBN FTTC TPG NCD + MT
Replies: 2
Views: 931

Re: NBN FTTC TPG NCD + MT

This is more a TPG thing then a NBN or even Mikrotik thing - so the post probably has little relevance here - might be a good post for the Australian Whirlpool forums or something. In particular though, your question of whether or not using your buddies username would give you more speed - the answe...
by joegoldman
Tue May 21, 2019 3:11 am
Forum: General
Topic: Very unusual situation Two bad CCRs in a row?
Replies: 1
Views: 526

Re: Very unusual situation Two bad CCRs in a row?

Its unlikely to be a hardware issue if 2 are doing it. 3011 and ccr1009 are fundamentally different in configurations of ports (switch vs routed etc etc) so there may be snafu's in the config. Post an /export hide-sensitive and mask any identifiable information, and explain which part exactly is not...
by joegoldman
Thu May 02, 2019 12:14 pm
Forum: Scripting
Topic: Script initiate Winbox windows?
Replies: 3
Views: 913

Re: Script initiate Winbox windows?

I prefer not to use webfig - I want it for myself too as super user - so dont want to be logging out / in all the time, and I dont think the skinning tool is flexible enough, as I want the same tool but in many different configs, mostly I want the ping and traceroute tool but with specified src-addr...
by joegoldman
Thu May 02, 2019 12:45 am
Forum: Scripting
Topic: Script initiate Winbox windows?
Replies: 3
Views: 913

Script initiate Winbox windows?

Hi *, I think I know the answer to this already (no) - but is there a way to make a script initiate a winbox GUI element? i.e. I run certain tests / traceroutes / pings etc with different VRF's or source IP's to test different parts of my network - it would be handy if I could 'pre-script' these so ...
by joegoldman
Wed May 01, 2019 2:11 pm
Forum: Forwarding Protocols
Topic: Create BGP communities [SOLVED]
Replies: 3
Views: 5704

Re: Create BGP communities [SOLVED]

yes, you dont 'create' communities, routes are tagged with community strings. So when you receive routes from a downstream peer, then when distributing upstream you use route filters community option to decide what to do with them, i.e. can block all routes with community 111:222 or whatever you cho...
by joegoldman
Tue Apr 30, 2019 2:14 am
Forum: General
Topic: implementation of bgp filters on ipv6 tab
Replies: 2
Views: 792

Re: implementation of bgp filters on ipv6 tab

On routing filters, use Address Family option (IP or IPv6) to apply that filter to only one type of address, so you dont catch v4 and v6 together.
by joegoldman
Tue Apr 23, 2019 9:28 pm
Forum: Forwarding Protocols
Topic: Your experience with larger/diverse Area0 OSPF networks?
Replies: 19
Views: 3913

Re: Your experience with larger/diverse Area0 OSPF networks?

At only 7 sites in and 250 routes, we are already looking for a new solution before we grow out of control. There are a few options considering. Unfortunately OSPF will always need to be part of it, but thinking of moving OSPF to Loopback propagation only, and MPLS for customer routes. This can have...
by joegoldman
Mon Apr 22, 2019 11:30 am
Forum: Forwarding Protocols
Topic: OSPF LOOP [SOLVED]
Replies: 2
Views: 4193

Re: OSPF LOOP [SOLVED]

So is it mesh or is it ring? If ring network like you describe (but then add in x-connects between them), are you bridging the interfaces so all routers appear on 1 broadcast domain? If so then this would cause your issue. You may need to turn of OSPF broadcast stuff and to a PtMP style connection b...
by joegoldman
Mon Apr 22, 2019 11:26 am
Forum: General
Topic: Port Knocking, avoid scan-caused false positives?
Replies: 17
Views: 2211

Re: Port Knocking, avoid scan-caused false positives?

I would think to do it different. If they are doing a huge port scan, then maybe a rule where if dst-port = 5999,6001,6999,7001 then add to list portscanner then on your portknocking do src-address-list!=portscanner This should cover scanners going up and down the list, and covers you for hitting 70...
by joegoldman
Mon Apr 22, 2019 11:22 am
Forum: General
Topic: Walled Garden fbcdn.net
Replies: 4
Views: 1069

Re: Walled Garden fbcdn.net

It's because your rule is the first rule - and explicitly drops all https traffic. The rule that allows the walled garden values likely comes after that. paste your /ip firewall filter export and we may be able to tell you the best place to pop the rule. Walled garden setup already restricts user br...
by joegoldman
Mon Apr 22, 2019 9:43 am
Forum: General
Topic: Feature Request : Browser on Winbox
Replies: 12
Views: 12264

Re: Feature Request : Browser on Winbox

Or you can have port forwards - with firewall rule to stop certain IP's, or just enable the NAT while you are working on it etc etc. I go a step further and have port-knock on my devices that puts my current WAN IP in an address-ilst that is allowed to access NAT rules to access wireless gear behind...
by joegoldman
Mon Apr 22, 2019 4:14 am
Forum: General
Topic: How are hardware ports associated with names
Replies: 5
Views: 1154

Re: How are hardware ports associated with names

There is an attribute attached to the interface, more-so hidden in the details "default-name" (do an /interface print detail) - this will refer to the hard port as labelled, i.e. ether1 would be port1. This is a quick last resort, its not quick and easy information to grab. I tend to name my ports k...
by joegoldman
Fri Apr 19, 2019 12:40 am
Forum: Beginner Basics
Topic: 0.0.0.253 ip
Replies: 10
Views: 1579

Re: 0.0.0.253 ip

post your config (/export hide-sensitive) in code tags and we may be able to help.
by joegoldman
Tue Apr 16, 2019 3:10 am
Forum: General
Topic: who can I hire to get a export to work as an import an a clone [SOLVED]
Replies: 7
Views: 1186

Re: who can I hire to get a export to work as an import an a clone [SOLVED]

the all-packages .zip files seem to work so you could download your architecture that way and then just upload the relevant packages that you have installed, bit of a round-a-bout way to do it though.
by joegoldman
Sat Apr 13, 2019 11:43 am
Forum: General
Topic: Mikrotik IP Cloud vs P2P
Replies: 8
Views: 1216

Re: Mikrotik IP Cloud vs P2P

IPv6 is still a second class citizen overall - I found many services where my IPv6 would take over but it would take a worse route or have a degraded service because someone somewhere in the path didnt put as much effort into their traffic engineering for IPv6 as they did IPv4, as IPv4 is the mainst...
by joegoldman
Mon Apr 08, 2019 8:23 am
Forum: General
Topic: Why can my /30 subnet can talk to other subnets?
Replies: 5
Views: 918

Re: /30 subnet can talk to other subnets

It is because your clients and your router know where to look for each other. In a /24, they would talk directly as they are same broadcast domain, but in your example they are sending traffic to the router, and the router knows 'hey i know how to get to IP x' so routes it, no issue. Best thing to d...
by joegoldman
Wed Apr 03, 2019 1:48 pm
Forum: General
Topic: PPP Secrets - DNS Server
Replies: 3
Views: 800

Re: PPP Secrets - DNS Server

Yes you could use the On Up and On Down scripting tool in ppp profiles, go over to the scripting part of the wiki and you'll be able to start making some scripts

https://wiki.mikrotik.com/wiki/Manual:Scripting
by joegoldman
Tue Apr 02, 2019 2:21 am
Forum: Scripting
Topic: Trying to create a script to enable Mikrotik DHCP server if Microsoft DCHP Server is down.
Replies: 2
Views: 708

Re: Trying to create a script to enable Mikrotik DHCP server if Microsoft DCHP Server is down.

Why not run a DHCP 24/7 but put it on authoritative with 2s or 10s delay, so the Microsoft server has time to respond to DHCP requests first if it doesnt then the mikrotik one will.
by joegoldman
Wed Mar 27, 2019 1:11 am
Forum: General
Topic: 10.000 Clients on One Server
Replies: 7
Views: 1076

Re: 10.000 Clients on One Server

You dont want one hardware failure taking out so many clients, given how cheap Mikrotik hardware is compared to other big platforms, I'd go with up to 5x 36cores with the intent of 2k per router, that way if one fails each router can just go up to 2.5k and handle the load easily.
by joegoldman
Tue Mar 26, 2019 11:46 pm
Forum: Forwarding Protocols
Topic: Make OSPFv3 use Global IPv6 addresses instead of LinkLocal? [SOLVED]
Replies: 3
Views: 5082

Re: Make OSPFv3 use Global IPv6 addresses instead of LinkLocal? [SOLVED]

Yes, this is quite common in IPv4 space as well, called a Loopback address. For nice traceroutes, I actually set pref-source on all routes to the loopback address too so you dont have to name / PTR and catalog all the interface addresses.
by joegoldman
Tue Mar 26, 2019 6:25 am
Forum: Wireless Networking
Topic: Is possible to set up a RBaCPGi-5acD2nD dual bands with one ssid?
Replies: 4
Views: 783

Re: Is possible to set up a RBaCPGi-5acD2nD dual bands with one ssid?

Just by naming them all the same, they will essentially switch from one AP to the other. Client devices determine how/when they switch to another AP, but you can use connect lists to disassociate people at a certain signal level and force them to re-scan. Easiest way to do this would be use CAPsMAN ...
by joegoldman
Tue Mar 26, 2019 12:36 am
Forum: SwOS
Topic: Can run OSPF on CRS326-24G-2S+RM
Replies: 4
Views: 2506

Re: Can run OSPF on CRS326-24G-2S+RM

also all routing is done in CPU - CPU's are quite limited in the switches. You may not get much data routed on a switch.
by joegoldman
Sat Mar 23, 2019 10:34 am
Forum: General
Topic: help to create server radius with sql and and web php form [SOLVED]
Replies: 3
Views: 847

Re: help to create server radius with sql and and web php form [SOLVED]

Mikrotik talks RADIUS - configuring FreeRADIUS to work with Mikrotik is a non-issue, as they work out of the box. Your question is more a FreeRADIUS question, I would suggest seeking help from the FreeRADIUS forums or other help-areas dedicated to that program, to learn how to configure your system ...
by joegoldman
Sat Mar 23, 2019 10:23 am
Forum: General
Topic: Feature Request: 6VPE (VPNv6) - ipv6 address family
Replies: 4
Views: 1700

Re: Feature Request: 6VPE (VPNv6) - ipv6 address family

Most likely you will see this implemented in ROS v7.
Normis says ROS v7 doesnt exist :P

Sorry i kid i kid.
by joegoldman
Fri Mar 22, 2019 3:41 am
Forum: RouterBOARD hardware
Topic: wAP 60Gx3 AP - anyone already tested it?
Replies: 12
Views: 4934

Re: wAP 60Gx3 AP - anyone already tested it?

I'd love to try 60ghz out in some of our busier areas mostly because 5ghz is super noisy. How wide are the channels, and how much spectrum can be accessed by these devices? i.e. since each chip can only hand 8 stations (so thats 24 clients per wAP 60Gx3) how many of these could I comfortably run on ...
by joegoldman
Thu Mar 21, 2019 11:58 pm
Forum: Beginner Basics
Topic: Is it OK for all leds to run at once like this ?
Replies: 2
Views: 597

Re: Is it OK for all leds to run at once like this ?

They are not perfectly synced - being on the same bridge means there's absolutely some traffic that will hit all ports simultaneously (e.g. broadcast) along with traffic that wont. Nothing seems amiss to me.
by joegoldman
Sun Mar 17, 2019 11:40 pm
Forum: General
Topic: Redirect All SSL Pages to one page
Replies: 4
Views: 773

Re: Redirect All SSL Pages to one page

Hotspot has HTTPS redirect in the settings - and the redirect can work, however you will always get SSL errors that the user will have to accept. You cant make it do a clean redirect.
by joegoldman
Sun Mar 17, 2019 11:35 pm
Forum: Beginner Basics
Topic: Radus server in my Mikrotik router
Replies: 6
Views: 819

Re: Radus server in my Mikrotik router

You can use userman as a built in Radius sever, however its generally more for Hotspot usage, if your looking for 802.1x auth it might not work for that. Im not sure.
by joegoldman
Wed Mar 13, 2019 2:01 am
Forum: Beginner Basics
Topic: Simplest Route Rule Possible.
Replies: 13
Views: 1092

Re: Simplest Route Rule Possible.

There is kind of a way - if that is the ONLY thing in vlan55, then you can add VLAN 55 to a VRF and add the default route for that VRF out the ether1 cable WANIP. If you are not wanting to put the interface into VRF and single out only the traffic for that one IP, then you will need to use a mangle ...
by joegoldman
Mon Mar 11, 2019 1:05 am
Forum: General
Topic: Scaling Mikrotik
Replies: 5
Views: 1024

Re: Scaling Mikrotik

Mikrotik is horizontal scaling. Basically start with redundant pairs everywhere - once you start getting to the 50-60% resource usage, add another 1 or 2 next to it. You really dont want resources hitting up over 75% at all to be safe. I'd personally have your core very very simple, just pure routin...
by joegoldman
Mon Mar 11, 2019 12:56 am
Forum: General
Topic: local proxies breaks speed limit
Replies: 5
Views: 660

Re: local proxies breaks speed limit

Are you running a web-proxy on the mikrotik? Are your bw-limits on forwarding traffic? Once traffic is proxied through the router it becomes input/output rather than forward technically, so your queus may be set up wrong to account for that. Do an /export hide-sensitive and post it in code tags so w...
by joegoldman
Wed Mar 06, 2019 11:57 am
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 613
Views: 191453

Re: RouterOS v7.0 beta1 - when?

THE GOOD NEWS IS, that once RouterOS is brought up to date on 4.x kernel - it should be a fairly straight run to keep it updated. The Linux Kernels are not feature releases, meaning the diff between 4.20 and 5.0 is just patches, not a huge new architecture or anything. We just gotta make this one bi...
by joegoldman
Tue Mar 05, 2019 5:12 pm
Forum: Beginner Basics
Topic: I've locked myself out of the router admin interface.
Replies: 2
Views: 559

Re: I've locked myself out of the router admin interface.

If using winbox, try using neighbours and connecting via MAC protocol.

Alternatively, plug another mikrotik into it and use mac-telnet from mikrotik to mikrotik or Rommon (if enabled) which uses L2 protocols as well, so bypasses IP addressing.
by joegoldman
Sun Mar 03, 2019 11:41 pm
Forum: Forwarding Protocols
Topic: Valid router to use in a peering point
Replies: 6
Views: 2510

Re: Valid router to use in a peering point

(I've always thought MT should release a CCR1009-8G-2S+)...
There is the CCR1036 8G 2S+ if your after more, or even the 1072-8S+, or what we've done is breakout using a CRS317-1G-16S+
by joegoldman
Fri Mar 01, 2019 11:41 pm
Forum: Forwarding Protocols
Topic: Transit and IX problem
Replies: 5
Views: 2265

Re: Transit and IX problem

Best guess is you are importing routes from both, but because your cogent routers are older they are preferred (i.e. that bgp session came up first). I would set a BGP Local Pref on the IX routes only. If this is for inbound traffic only going via cogent, then make sure you are advertising your rang...
by joegoldman
Wed Feb 27, 2019 12:35 pm
Forum: General
Topic: Large route table, removing a static [SOLVED]
Replies: 8
Views: 3482

Re: Large route table, removing a static [SOLVED]

Yes this is my main complaint with Mikrotik at the core at the moment - it can import full tables in good-enough time but convergence is slow as when adding routes or removing routes - up to 5-10 minutes for me with about 1million BGP routes (With some static). I couldnt imagine running a CCR with m...
by joegoldman
Wed Feb 27, 2019 12:28 am
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 613
Views: 191453

Re: RouterOS v7.0 beta1 - when?

The development going into 6.x is development FOR 7.x as well. A lot of the roadmapped features have been put into 6.x because of the delays 7.x brings. 7.x isnt going to suddenly have a heap of new features, 7.x will likely be the latest 6.x but on new kernel, and will take a few iterations to star...
by joegoldman
Sat Feb 23, 2019 12:23 am
Forum: Beginner Basics
Topic: disable PPPoE connections go to html page
Replies: 4
Views: 924

Re: disable PPPoE connections go to html page

Without radius etc, one way would be to change the remote address on their secret - i.e. have an 'internal' / 'suspended' pool thats not a public IP that they get, then in your mikrotik have mangle rules for any traffic from that range to be redirected to your server where the HTML page is.
by joegoldman
Fri Feb 22, 2019 3:42 am
Forum: Wireless Networking
Topic: Selection guide for PtP links Ranges?
Replies: 11
Views: 1388

Re: Selection guide for PtP links Ranges?

I answered your questions - how could I give you any more advice without knowing the link requirements and specifics - in which case we'd be at a point of billing you for my consulting time if you want me to design your whole link.
by joegoldman
Thu Feb 21, 2019 10:24 pm
Forum: Wireless Networking
Topic: Selection guide for PtP links Ranges?
Replies: 11
Views: 1388

Re: Selection guide for PtP links Ranges?

Max range would be in test conditions. Max range can be affected by weather, noise floor, line of sight, your countries EIRP etc etc. I would not want to be trying to push the max distance of items. You can mix and match, you just may end up with better signal one way then the other. Sometimes bigge...
by joegoldman
Thu Feb 21, 2019 1:25 pm
Forum: General
Topic: I Can't set 802.1p on VLAN for DHCP [probably BUG]
Replies: 9
Views: 1373

Re: I Can't set 802.1p on VLAN for DHCP [probably BUG]

send a supout and explanation of your bug to support@mikrotik.com
by joegoldman
Thu Feb 21, 2019 9:17 am
Forum: General
Topic: Easy method to update 300 MikroTik
Replies: 2
Views: 701

Re: Easy method to update 300 MikroTik

No supported way - most people build it out with API scripts and updaters - DUDE might be able to do some of it.
by joegoldman
Sat Feb 16, 2019 5:10 am
Forum: General
Topic: mikrotik wrong username or password
Replies: 5
Views: 2401

Re: mikrotik wrong username or password

Was it old RouterOS version? If so its likely been hacked. Good news is, being old version you can use the same hack to re-gain access - but once its been compromised you should take config export, make sure no bad config is in there, and do a fresh net-install.
by joegoldman
Sat Feb 16, 2019 5:08 am
Forum: Announcements
Topic: v6.44rc [testing] is released!
Replies: 67
Views: 21121

Re: v6.44rc [testing] is released!

what does /tool speed-test test to? Do we host a server? Is it same as bandwidth-test and will TCP tests be CPU limited?
by joegoldman
Thu Feb 07, 2019 5:21 am
Forum: General
Topic: Use a Routerboard to tag packets for a management VLAN
Replies: 7
Views: 1296

Re: Use a Routerboard to tag packets for a management VLAN

Laptop ---> Ether1 - Ether2 ----> Network In this scenario (Ether1/Ether2 being your bridge Mikrotik) you'd create a vlan interface on Ether2 with vlanID on 100, then create a bridge interface, and add Ether1 and Vlan100 interface, so you are being bridged straight into the VLAN tagged interface. Th...
by joegoldman
Thu Feb 07, 2019 5:16 am
Forum: RouterBOARD hardware
Topic: Why people pair UBNT APs with MikroTik routers?
Replies: 56
Views: 40005

Re: Why people pair UBNT APs with MikroTik routers?

I've done both. I've got many CAPsMAN installs with wAP AC's and cAP AC's in, without issue. I prefer Mikrotik for the flexibility and extra config options. I had a big job that I had to put Ubiquiti in for the pure fact of short time frame and stock availability (this wasnt long after the factory f...
by joegoldman
Wed Feb 06, 2019 5:37 am
Forum: Forwarding Protocols
Topic: IXP routes should be preferred
Replies: 4
Views: 2097

Re: IXP routes should be preferred

You are running multiple instances? YOu should only really be doing that for multiple host AS's

In any case, post the output of /export hide-sensitive so we can see what the issue is.
by joegoldman
Wed Feb 06, 2019 1:37 am
Forum: Forwarding Protocols
Topic: IXP routes should be preferred
Replies: 4
Views: 2097

Re: IXP routes should be preferred

Guessing you have ignore as path len enabled which means AS Path will not be considered in the best-path selection, in which case the first 'installed' route would be the best based on the other attributes. For IX routes, best practise (in my opinion) is to import them with a high local-pref, which ...
by joegoldman
Sun Feb 03, 2019 10:51 pm
Forum: RouterBOARD hardware
Topic: For real, what is with these blinding power leds?
Replies: 11
Views: 2269

Re: For real, what is with these blinding power leds?

Yes noticed this on my new 4011 i was hoping I could turn it off in the software but nup, I will be black taping it to keep it down, literally shines through multiple rooms if I leave the office door open haha.
by joegoldman
Sat Feb 02, 2019 12:04 pm
Forum: General
Topic: WINDOWS AUTHENTICATE WITH MIKROTIK USERS
Replies: 1
Views: 469

Re: WINDOWS AUTHENTICATE WITH MIKROTIK USERS

You want users to login to the Mikrotik with their Windows credentials? Or you want users to log into Windows with Mikrotik credentials? You could potentially run RADIUS in front of a windows DC server and have people log into mikrotiks with Windows Credentials, the other way around I do not believe...
by joegoldman
Fri Feb 01, 2019 3:27 pm
Forum: General
Topic: Winbox Urgent Suggestion
Replies: 15
Views: 1714

Re: Winbox Urgent Suggestion

There is absolutely nothing wrong with winbox under WINE. An expert Linux user will use all tools available to set up their environment. I use Winbox without fail on all my Linux machines.
by joegoldman
Fri Feb 01, 2019 5:49 am
Forum: Forwarding Protocols
Topic: Routing issue
Replies: 3
Views: 1840

Re: Routing issue

youve given us almost 0 helpful information.

You know the last hop it fails at, jump on that hop check the route-table.

Is it that just ICMP is firewalled / blocked from that ingress point onwards?
by joegoldman
Tue Jan 29, 2019 8:13 am
Forum: General
Topic: Don't buy Mikrotik hardware! NO SUPPORT
Replies: 15
Views: 2269

Re: Don't buy Mikrotik hardware! NO SUPPORT

Ubiquiti is also 20-80% more expensive depending on the product, and the software management is a nightmare in some use cases, and nowhere near as flexible at the least. You take the good with the bad in some cases. I use Mikrotik because of the flexibility and pricing. I also understand that my pay...
by joegoldman
Mon Jan 28, 2019 11:54 pm
Forum: General
Topic: Feature requests
Replies: 1280
Views: 293724

Re: Feature requests

I would like to receive SNMP traps when WiFi client registration occurs... for example: [WIRELESS]--Association:11G STA 80:b0:3d:xx:xx:xx associated with WLAN1 SSID = Mikrotik It's very useful for smart home automation scenarios You could replicate this with logging and a syslog (remote) logging se...
by joegoldman
Sat Jan 26, 2019 2:22 am
Forum: General
Topic: OSPF + VRRP +PPPOE
Replies: 5
Views: 1016

Re: OSPF + VRRP +PPPOE

You would use Routing Marks or VRFs to basically do source based routing. If you are using public IP space you'll also need to adjust your advertisements so one range is used by ISP 1 and the other by ISP 2
by joegoldman
Fri Jan 25, 2019 5:51 am
Forum: General
Topic: Which Router should i buy for a small web hosting company?
Replies: 6
Views: 1032

Re: Which Router should i buy for a small web hosting company?


I was looking for RB3011UiAS-RM or RB1100AHx4, What do you suggest?
RB1100AHx4 very robust and can move a lot of data - i'd go one of them.
by joegoldman
Thu Jan 24, 2019 11:13 pm
Forum: RouterBOARD hardware
Topic: InterCell
Replies: 45
Views: 10985

Re: InterCell

What LTE frequencies/bands you think the WISPs will be able to use in Australia? And what would be the demand for such LTE Base Stations? For Australia - next to impossible for LTE I think - too much regulation and too expensive. I work in a less-developed country outside of Australia where if I co...
by joegoldman
Thu Jan 24, 2019 11:05 pm
Forum: General
Topic: pasting .rsc on a blank slate router
Replies: 4
Views: 890

Re: pasting .rsc on a blank slate router

add a delay up the top of the script, and use the reset-config menu with no-default, run-after of your RSC, thats how I do templated installs.
by joegoldman
Thu Jan 24, 2019 11:26 am
Forum: RouterBOARD hardware
Topic: InterCell
Replies: 45
Views: 10985

Re: InterCell

Such an interesting turn. LTE can be beneficial for WISP though - NBN (National Broadband Network) in Australia are using LTE for their Fixed Wireless roll-outs, however being government run and funded probably got access to frequencies within budget. A country I do a lot of work in - we have a very...
by joegoldman
Sun Jan 20, 2019 12:40 am
Forum: General
Topic: CCR Mikrotik Bandwidth Test - Urgent...-Important
Replies: 8
Views: 1521

Re: CCR Mikrotik Bandwidth Test - Urgent...-Important

It's also weekend around most of the world - give it a couple business days.
by joegoldman
Tue Jan 15, 2019 11:57 pm
Forum: General
Topic: v7 routeros
Replies: 12
Views: 4180

Re: v7 routeros

I also like stuff and things, my fellow networkers. :/
by joegoldman
Mon Jan 14, 2019 12:19 am
Forum: RouterBOARD hardware
Topic: Router that does not sound like a Jet Engine for Home 10G Internet?
Replies: 7
Views: 2126

Re: Router that does not sound like a Jet Engine for Home 10G Internet?

Get the 4 port 10gbit switch, device like 4011 to run as a router on a stick, port 1 outside, port 2 router, port 3 inside, done. Limits some of your capacity but for home internet shouldn't matter that much.
by joegoldman
Sun Jan 13, 2019 10:21 am
Forum: Forwarding Protocols
Topic: OSPF and default routes. [SOLVED]
Replies: 3
Views: 3153

Re: OSPF and default routes. [SOLVED]

If your redistributing default via OSPF, and all links are equal cost, then it should do this automatically anyways. However - a router will not install an OSPF default route if a static one exists, so you'll have to remove the static one and let the default come in - an easy way to test this if you...
by joegoldman
Fri Dec 28, 2018 11:05 pm
Forum: General
Topic: CRS305-1G-4S+ port statistics
Replies: 1
Views: 593

Re: CRS305-1G-4S+ port statistics

Its a very small visual bug - worth chucking the info to support@mikrotik.com but doesn't warrant a huge amount of discussion.
by joegoldman
Fri Dec 28, 2018 11:01 pm
Forum: Scripting
Topic: Script only works in terminal, not by GUI or scheduler
Replies: 4
Views: 998

Re: Script only works in terminal, not by GUI or scheduler

Thanks for following up with solution - thats actually a very peculiar behaviour which would be easy to overlook.
by joegoldman
Fri Dec 28, 2018 11:00 pm
Forum: General
Topic: OSPF
Replies: 3
Views: 702

Re: OSPF

So you want to receive the route from the remote network? They will have to advertise it to you, i.e. their OSPF config has to be set to allow the route you are wanting to come to you. Unless you are filtering it out yourself. Post your config (/export hide-sensitive) grab OSPF config of remote peer...
by joegoldman
Fri Dec 28, 2018 5:05 am
Forum: General
Topic: Add 160.000 statics dns entries
Replies: 7
Views: 1098

Re: Add 160.000 statics dns entries

If people are going to the effort to really get around your controlled DNS environment, then they deserve to have whatever you are trying to use - break. i.e. in PiHole it is more for user protection - a user who can circumvent would know the risks of doing so and protect themselves. It only really ...
by joegoldman
Wed Dec 26, 2018 11:58 pm
Forum: RouterBOARD hardware
Topic: 2*10gb ports for a CCR ?
Replies: 10
Views: 3041

Re: 2*10gb ports for a CCR ?

Switch: Port 1 = WAN - PVID 100 (so access port on vlan 100) Port 2 = LAN - PVID 200 (access port on vlan 200) Port 3 or 4 = Router, Trunk port with tagged 100 and 200 VLAN Making sure bridge vlan filter is on to ensure adherence to the tags and PVID. On Router you have 1 physical interface, you cre...
by joegoldman
Wed Dec 26, 2018 11:12 am
Forum: RouterBOARD hardware
Topic: 2*10gb ports for a CCR ?
Replies: 10
Views: 3041

Re: 2*10gb ports for a CCR ?

You could use a cheap switch like Mikrotik's little 4 port SFP+ switch for WAN, LAN, Router

So WAN comes into switch, switch goes into router, router back to switch for output via LAN port.

Or you could upgrade to the likes of CCR1036-8G-2S+ but thats quite a bit expensive.
by joegoldman
Wed Dec 19, 2018 3:49 am
Forum: General
Topic: Feature Request: SAFE MODE time based
Replies: 17
Views: 3654

Re: Feature Request: SAFE MODE time based

If you lose connection, how do you expect safe mode to remain activated? Although I agree with you and plan my changes with a 'dual-stack' mentality to bring things into line - I do get the point the others are trying to make. Sometimes the changes you need to make affect your connectivity to the d...
by joegoldman
Wed Dec 19, 2018 3:45 am
Forum: General
Topic: Is it possible to change boardname?
Replies: 1
Views: 424

Re: Is it possible to change boardname?

To what purpose?

Short answer is no - the major distributors / integrators may have some option to do this but not general public.
by joegoldman
Tue Dec 11, 2018 2:07 am
Forum: Forwarding Protocols
Topic: no enforce-first-as in RouterOS?
Replies: 10
Views: 3565

Re: no enforce-first-as in RouterOS?

Its default. There's no specific option for it. I do run Client to Client reflection ticked on my instances not sure if that makes a difference, but I use Mikrotik to peer with IX route servers and they deliver routes without their own AS in the path, which my router happily accepts.
by joegoldman
Tue Dec 11, 2018 1:59 am
Forum: RouterBOARD hardware
Topic: hardware idea for a multiport switch
Replies: 68
Views: 32376

Re: hardware idea for a multiport switch

It would definitely need built in cable management arm at the rear that helps slide and guide the cable bundle in and out. Even then I see the high density and effort as a very niche product personally.
by joegoldman
Mon Dec 10, 2018 4:20 am
Forum: Forwarding Protocols
Topic: Is it possible to host 2 web servers within the same public IP address
Replies: 8
Views: 2420

Re: Is it possible to host 2 web servers within the same public IP address

No, this requires deep packet inspection (so MIGHT be able to work sometihng with layer7 filters) as you are now reading the host head in the HTTP packet to know which server to send it to. Your best bet is a low-resource server 3 - a proxy server, it takes in ALL 80/443 requests and proxies based o...
by joegoldman
Tue Dec 04, 2018 10:44 am
Forum: The User Manager
Topic: Strange PPPOE limitation problem
Replies: 7
Views: 3997

Re: Strange PPPOE limitation problem

Do an /export hide-sensitive so we see your full configuration. Running userman you'd think it would be OK. Perhaps turn on some RAW RADIUS logging and capture packets of it happening, see if it is the PPP server ignoring the limitation and setting its own, or if its userman responding with the wron...
by joegoldman
Sat Nov 24, 2018 6:50 am
Forum: RouterBOARD hardware
Topic: RB3011 Power inputs?? [SOLVED]
Replies: 1
Views: 797

Re: RB3011 Power inputs?? [SOLVED]

Yes both can be used, and they will also work as active failover if one of the feeds fails. I do the same with old RB1100AHx2's (As they only had single AC) and 3011's in production
by joegoldman
Sun Nov 11, 2018 11:59 pm
Forum: Beginner Basics
Topic: 3011 update
Replies: 10
Views: 1582

Re: 3011 update

To answer your question, 3011 is an ARM based device so the mipsbe file would not be helpful.

When logging in (via winbox at least) it will tell you the architecture in the title of the window in brackets (arm), (mipsbe), (tile) etc.
by joegoldman
Sun Nov 04, 2018 3:30 pm
Forum: Forwarding Protocols
Topic: VRF Help - Route Leaking from MAIN
Replies: 0
Views: 824

VRF Help - Route Leaking from MAIN

Hi *, Basically I'd like to import all routes (except 0.0.0.0/0) into a VRF. Reason for this - I am doing source based routing to push certain IP's out a 2nd WAN connection, however I'd like it to only use this VRF (which contains a default route) when the resources aren't 'local'. This router impor...
by joegoldman
Wed Oct 31, 2018 9:50 am
Forum: General
Topic: Old kernel. Why?
Replies: 5
Views: 1290

Re: Old kernel. Why?

Plenty. ROSv7's main hold up is developing to new kernel. Major kernel's have major changes, especially from what ROS is currently based on to new, the whole networking stack has been re-worked (I believe), so requires a lot of re-development, re-testing etc to get it to feature parity (plus improve...
by joegoldman
Wed Oct 31, 2018 12:53 am
Forum: General
Topic: How to whitelist top level domains? [SOLVED]
Replies: 2
Views: 1239

Re: How to whitelist top level domains? [SOLVED]

You should be able to use L7 firewall rules to help create matchers that you can then apply filter/NAT/mangle rules on: https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/L7 This will help you do regex and TLD's to match what you want. It can be quite CPU intensive (As you are inspecting the packet a...
by joegoldman
Mon Oct 29, 2018 9:57 pm
Forum: General
Topic: Need help with VLANS and routing their traffic over L2TP
Replies: 4
Views: 1362

Re: Need help with VLANS and routing their traffic over L2TP

post /export hide-sensitive of both routers.

Also easy way to test connectivity, put a computer on a phone IP on that VLAN and make sure it can PING the VoIP server, also maybe check traceroute see where its stopping if there are multiple hops in the path.
by joegoldman
Mon Oct 29, 2018 10:44 am
Forum: Forwarding Protocols
Topic: Auto BlackHoling
Replies: 2
Views: 1224

Re: Auto BlackHoling

The question will rely on your upstream provider - so you will need to know what they expect so you can tag the route specifically. They will likely accept routes down to /32 with community <AS>:666 so they know to add as blackhole. Adjust your filters to look for routes with your own blackhole comm...
by joegoldman
Mon Oct 29, 2018 12:10 am
Forum: General
Topic: Winbox layout
Replies: 3
Views: 829

Re: Winbox layout

You can not 'edit' the layout, but you can make changes and save the session. I.E. open the windows you want to see, make changes to the columns, inline comments etc so it looks how you want it to look. Then under file you can go 'Save As' and it will save as a .viw file, then in winbox you can choo...
by joegoldman
Sun Oct 28, 2018 10:17 pm
Forum: General
Topic: Can I connect a Edge Router as a Client to out Mikrotik VPN Server?
Replies: 3
Views: 742

Re: Can I connect a Edge Router as a Client to out Mikrotik VPN Server?

You'll need to know a few details but if you set up the server you should know those details. Look at the Wiki for guides on how to set up VPN clients. If its L2TP/IPSec you'll generally need:

IP
User
Password
IPSec Secret
by joegoldman
Sun Oct 28, 2018 10:07 pm
Forum: General
Topic: Can I connect a Edge Router as a Client to out Mikrotik VPN Server?
Replies: 3
Views: 742

Re: Can I connect a Edge Router as a Client to out Mikrotik VPN Server?

This is a RouterOS forum, not an EdgeOS forum - you'll need to go hassle the ubiquiti community - but to answer your question a quick google suggests that EdgeOS doesnt currently have a way to configure an L2TP / IPSec client connection (such an odd limitation). My honest suggestion would be replace...
by joegoldman
Sat Oct 27, 2018 1:44 am
Forum: Beginner Basics
Topic: cant surf on new ip block
Replies: 4
Views: 1014

Re: cant surf on new ip block

Are these your own IP's or given to you by the ISP?

IF they are your own, have you started advertising them to upstream providers? Have you notified them of the new range so they can adjust their BGP filters both ingress from you and egress to their providers?
by joegoldman
Sat Oct 27, 2018 1:42 am
Forum: General
Topic: Any Chance of a test mode before applying the configuration
Replies: 9
Views: 1822

Re: Any Chance of a test mode before applying the configuration

There are very few situations given the flexibility of routeros that safe mode wont work for this purpose. Changing IP/routes? youo can dual stack IP's and add the routes, safe mode protects perfectly. Firewall changes? Pretty much what safe mode was made for. I do agree that test change can be bene...
by joegoldman
Sat Oct 27, 2018 1:38 am
Forum: General
Topic: v6 RC and v7 BETA
Replies: 126
Views: 32726

Re: v6 RC and v7 BETA

What is the timeline? if there is no cut-off date then it's just proof of concept for developers. Alpha is exactly that - proof of concept (in a lot of ways) They continue to work on 6.x, but 7 being a new kernel and everything means they have to make sure all existing functionality from 6.x is imp...
by joegoldman
Tue Oct 23, 2018 3:02 pm
Forum: General
Topic: Cloud Backup
Replies: 21
Views: 6650

Re: Cloud Backup

Will these be only .backup files i.e. only restorable to the same piece of hardware? Or will it take config exports too? Even better, are .backup files being worked on so you can safely restore them across devices (same device type but different MACs etc) I only use config expoorts myself at the mom...
by joegoldman
Tue Oct 23, 2018 2:52 pm
Forum: RouterBOARD hardware
Topic: RB 4011 is fanless?
Replies: 6
Views: 1689

Re: RB 4011 is fanless?

You'd call RB1100AHx4 a Home router? But in any case I can appreciate that, for us though the ~60% price difference from RB1100AHx4 to CCR1009 isnt justified by our want for SFP+ port (at this time), this is why i was thinking 4011 could be a good middle-ground if it came in a comparable configurati...
by joegoldman
Tue Oct 23, 2018 2:33 pm
Forum: RouterBOARD hardware
Topic: RB 4011 is fanless?
Replies: 6
Views: 1689

Re: RB 4011 is fanless?

not in near future. there are other devices that have rack cases
If I could get an 1100 with an SFP/SFP+ port I'd be happy haha, was thinking of the 4011 to start replacing our 1100AHx4 fleet if it came in a respectable case (With dual power)
by joegoldman
Tue Oct 23, 2018 2:28 pm
Forum: RouterBOARD hardware
Topic: RB 4011 is fanless?
Replies: 6
Views: 1689

Re: RB 4011 is fanless?

Are we likely to get a (proper) rackmount model, similar to 3011? Or will only the desktop model with big ugly ears remain? The 3011's are a really nice presentable case to put in a customers rack.
by joegoldman
Mon Oct 22, 2018 1:15 pm
Forum: General
Topic: LHG60 Link goes down when it rains
Replies: 21
Views: 2638

Re: LHG60 Link goes down when it rains

Have you considered all aspects? Is there other 60ghz gear? Is it CLEAR line of site? Considered fresnel zone?
by joegoldman
Mon Oct 22, 2018 8:18 am
Forum: General
Topic: v6 RC and v7 BETA
Replies: 126
Views: 32726

Re: v6 RC and v7 BETA

Image
by joegoldman
Sun Oct 21, 2018 12:25 pm
Forum: General
Topic: Mass Managing Mikrotik
Replies: 11
Views: 3989

Re: Mass Managing Mikrotik

Look into the Tr069 protocol, there are both commercial and open source applications for this These are good for client devices and pulling config on boot, but in terms of edge/bottom fo tower etc where you dont want to reboot and manage things like firewall entries etc its not that great. My centr...
by joegoldman
Sun Oct 21, 2018 3:10 am
Forum: RouterBOARD hardware
Topic: Counterfeit CCR1036?
Replies: 4
Views: 1798

Re: Counterfeit CCR1036?

The original 1036 PSU's were notoriously bad for blowing capacitors. I know plenty of people who have replaced PSU's in tthem, or at least put on better capacitors. We personally build an external power source that actually utilises the dual power headers on the board to make them actually dual powe...
by joegoldman
Sat Oct 20, 2018 2:57 pm
Forum: Beginner Basics
Topic: Migrate CCR 1009 to CCR 1036
Replies: 3
Views: 999

Re: Migrate CCR 1009 to CCR 1036

get a copy of /export from your 1009, make the necessary adjustments to change ports etc and run it as an import on your 1036.
by joegoldman
Sat Oct 20, 2018 12:39 pm
Forum: General
Topic: Mass Managing Mikrotik
Replies: 11
Views: 3989

Re: Mass Managing Mikrotik

(managed by unifi controller). Thats great for Ubiquiti Unifi gear but completely awry of the question, Mikrotik also has a similar controller for AP's in their CAPsMAN package. Your post reeks of corporate shill and is completely useless to the topic. To answer OP, I too have rolled out my own in-...
by joegoldman
Sat Oct 20, 2018 5:49 am
Forum: General
Topic: PCQ - Custom Limits
Replies: 0
Views: 412

PCQ - Custom Limits

Hi All, I want to do some real custom PCQ stuff. Basically, for example sake I have 4 IP's sharing 10mbit. I want IP 1 to be guaranteed 5mbit, IP 2 guaranteed 2mbit and the other 2 share the remaining 3mbit, but obviously if IP1 and IP2 not using their full allocation anyone can go up to 10mbit (doe...
by joegoldman
Thu Oct 18, 2018 8:23 am
Forum: Forwarding Protocols
Topic: Null route for unused IP's
Replies: 5
Views: 4783

Re: Null route for unused IP's

Just the /22 should be adequate, if you are using routing bgp network option instead of redistributing active routes. (I personally prefer to not use the network tab in bgp, and have blackhole route with distance 250 to supply an active route to redistribute).
by joegoldman
Sun Oct 14, 2018 3:08 pm
Forum: Forwarding Protocols
Topic: OSPF Interface Cost not working
Replies: 1
Views: 955

OSPF Interface Cost not working

Hi guys quick question regarding OSPF and getting interface costs to work properly. I've got 4 routers in a loop All routers have redistribute OSPF as type 1 All routers either 6.42.6 or 6.42.7 One of the links is kind of bad, but OK for backup, I just brought up a good link on the same router with ...
by joegoldman
Sun Oct 14, 2018 9:39 am
Forum: Beginner Basics
Topic: Change default ip MikroTik crs106 Sfp switch
Replies: 4
Views: 842

Re: Change default ip MikroTik crs106 Sfp switch

/ip->addresses, select 192.168.88.1 entry, modify the options as required, and hit save. Be sure that network is correct too.
by joegoldman
Sun Oct 14, 2018 9:36 am
Forum: General
Topic: VPN issues - Accessing Map Network Drive
Replies: 4
Views: 1151

Re: VPN issues - Accessing Map Network Drive

Hi Sob, Please correct me, if I'm wrong, do you mean something like this : "chain=input action=accept src-address=192.168.10.0/29 dst-address=192.168.4.0/24 in-interface= log=no log-prefix=" I appreciate your help. Regards, Pipa. No, he means specifically check firewall setting on the windows host....
by joegoldman
Fri Oct 12, 2018 7:07 am
Forum: General
Topic: Jailbreak for RouterOS 6.43.2 released [SOLVED]
Replies: 16
Views: 4964

Re: Jailbreak for RouterOS 6.43.2 released [SOLVED]

If i'm understanding this right, it requires physical access to the box and the hack is via USB? Which means its also only possible on certain device types (and x86)?
by joegoldman
Fri Oct 12, 2018 1:22 am
Forum: Forwarding Protocols
Topic: RB4011 vs. CCR1009 BGP
Replies: 46
Views: 14499

Re: RB4011 vs. CCR1009 BGP

Stop with the multithreaded BGP. https://m.facebook.com/story.php?story_fbid=1432205596904888&id=186874744771319 Not going to stop at all. BGP processing and FIB updates definitely need to become more multithreaded. I have only 1 million routes in one of my CCR1036's, thats only a single full table...
by joegoldman
Thu Oct 11, 2018 7:09 pm
Forum: Forwarding Protocols
Topic: OSFP Keeps Losing Routes!!! [SOLVED]
Replies: 11
Views: 3929

Re: OSFP Keeps Losing Routes!!! [SOLVED]

When it happens, do you lose connectivity for a short time on the link between the 2 routers? Is the neighbor state still at 'Full' or does i t go to '2-way' or other. I've experienced faults where if there's enough of a time-out to drop the session, but it returns before the 40s (Default) timer run...
by joegoldman
Thu Oct 11, 2018 7:06 pm
Forum: Beginner Basics
Topic: Different DNS based on interface
Replies: 11
Views: 2068

Re: Different DNS based on interface

You can give separate DNS addresses to different IP groups etc via DHCP server network option (as sob noted) or you could use NAT or something else to redirect DNS requests for specific src-addresses, although this is the messier of the options if you can use DHCP your much better doing it that way.
by joegoldman
Thu Oct 11, 2018 7:04 pm
Forum: Wireless Networking
Topic: Mikrotik WISPs: Where?
Replies: 98
Views: 70034

Re: Mikrotik WISPs: Where?

Just started a new WISP in Papua New Guinea. I'd like to say we are 100% mikrotik, but given many reasons we've gone with ubiquiti radios and antennas. Mikrotik still sit at our (decentralised) core, about 8 RB1100's deployed for tower and relay sites, doing PPP termination and OSPF. Mikrotik still ...
by joegoldman
Thu Oct 11, 2018 8:12 am
Forum: General
Topic: Mark connection/packet then routing vs just Mark Routing?
Replies: 5
Views: 4939

Re: Mark connection/packet then routing vs just Mark Routing?

My guess is order of operations limiting the fact that the new marks aren't applied instantly at that line for future processing, so a matcher on something that was placed in this current run wont match. Why not just set all of them to src-address=192.168.1.0/24? In this current scenario, it will ha...
by joegoldman
Wed Oct 10, 2018 4:10 pm
Forum: General
Topic: MIKROTIK: PLEASE ADD GRAPHING FOR HEALTH
Replies: 2
Views: 590

Re: MIKROTIK: PLEASE ADD GRAPHING FOR HEALTH

You can graph these using external NMS and SNMP which is more common of people with multi-router deployments and wanting to monitor things like that - although it could be handy to have on-device graphing as well.
by joegoldman
Fri Oct 05, 2018 2:40 pm
Forum: General
Topic: Feature requests
Replies: 1280
Views: 293724

Re: Feature requests

That is already possible via RADIUS!
No, RADIUS is not a pool manager it can assign statics, software behind RADIUS would need to still manage a pool, which can get out of sync if you miss a stop record or something.
by joegoldman
Fri Oct 05, 2018 9:14 am
Forum: General
Topic: Feature requests
Replies: 1280
Views: 293724

Re: Feature requests

Clustered PPPoE servers....to an extent of course. Basically only really IP Pool clustering - with limited IP addressing and a decentralised core, I currently have 4 different routers doing PPP termination. Rather than split up a /25 and have to try manage enough IP's in the pool between the routers...
by joegoldman
Wed Oct 03, 2018 11:47 pm
Forum: Wireless Networking
Topic: wireless PtP advice [SOLVED]
Replies: 8
Views: 1475

Re: wireless PtP advice [SOLVED]

How much bandwidth do you need? 60ghz (wireless wire) will give plenty of bandwidth, and at 100m shouldnt have any issues with bad weather. 5ghz over 100m also very good, you just wont get quite as much bandwidth across it but if your requirements are only very little (in modern relative terms) then...
by joegoldman
Wed Oct 03, 2018 2:30 pm
Forum: Beginner Basics
Topic: Need YouTube CIDR/Netmask
Replies: 8
Views: 1427

Re: Need YouTube CIDR/Netmask

They are likely to continuously change/grow/shrink etc, your best bet is to try use content filter on DNS names used by youtube so no matter the IP the packets get marked.. Takes more CPU though.
by joegoldman
Wed Oct 03, 2018 6:15 am
Forum: General
Topic: Feature requests
Replies: 1280
Views: 293724

Re: Feature requests

You are correct, I dont use the graphs for the same reason, but I generate the same graphs using one of many SNMP based monitoring tools out there, so I have a clear idea on CPU usage of routers.
by joegoldman
Wed Oct 03, 2018 5:37 am
Forum: General
Topic: Feature requests
Replies: 1280
Views: 293724

Re: Feature requests

The ability to force CPU, uptime, date etc on all winbox sessions. Instead of having to do it individually Create a 'viw' /session, with those things enabled (And maybe your favourite screens setup and layed out), then use that as your default session view, along with unticking autosave so no matte...
by joegoldman
Wed Oct 03, 2018 5:34 am
Forum: General
Topic: Feature requests
Replies: 1280
Views: 293724

Re: Feature requests

Please add average cpu usage for the last day / month / year whatever. This makes it possible to at a glance see how hard a router is working. This is done in 'graphing' you can set up resource graphs and access them through webfig (at login hit the 'Graphs' button underneath the login) This will k...
by joegoldman
Tue Oct 02, 2018 12:21 pm
Forum: RouterBOARD hardware
Topic: 1100AHx4 loss
Replies: 1
Views: 635

Re: 1100AHx4 loss

Are you watching CPU load during this? When doing just the data, what is CPU load? Does CPU load spike, and hit 100%, when doing the export or SNMP walk? Maybe do a /export hide-sensitive to give us an idea of 'how' complex the config is, if you have a lot of NAT or firewall rules that must be read ...
by joegoldman
Tue Oct 02, 2018 12:09 pm
Forum: Wireless Networking
Topic: Wireless eC, Ce or XX
Replies: 8
Views: 21511

Re: Wireless eC, Ce or XX

So when i'll play with XX i have to set up frequency=auto? No you can specify frequency, and XX will decide which should be control and which should be extension (And adapt). This works better probably for 80mhz extension (XXXX or whatever) where you specify frequency and it will pick where it shou...
by joegoldman
Tue Oct 02, 2018 6:13 am
Forum: General
Topic: Bonding EoIP over vpn
Replies: 6
Views: 1173

Re: Bonding EoIP over vpn

Your current solution will only go as fast as the slowest connection, being 12/1, so even if the whole aggregation was working perfectly, you'd only be able to get 60mbit total. You'd have better success bonding just the 2x40m lines together.
by joegoldman
Tue Oct 02, 2018 6:09 am
Forum: Wireless Networking
Topic: Wireless eC, Ce or XX
Replies: 8
Views: 21511

Re: Wireless eC, Ce or XX

It's still a fairly simple concept that the blurb explains... You choose your control (main) frequency and decide if you want extension to go above/below it. XX for auto-selection so it actively avoids noisy neighbours. XX is probably better for noisy/changing environments, eC vs Ce is purely based ...
by joegoldman
Tue Oct 02, 2018 6:04 am
Forum: Beginner Basics
Topic: Bonding 2 WAN
Replies: 5
Views: 4430

Re: Bonding 2 WAN

At a guess, although i've never tried this myself, pfSense might be doing some more aggresive load balancing. Speedtest.net actually uses multi-threaded connections to help give more real-world results. It is entirely possible, although I thought unlikely, that pfSense is sharing even those multi co...
by joegoldman
Mon Oct 01, 2018 1:22 pm
Forum: RouterBOARD hardware
Topic: 10G Switch model number required
Replies: 1
Views: 772

Re: 10G Switch model number required

Try doing some research next time. Takes all of 2 minutes.

https://mikrotik.com/product/crs317_1g_16s_rm
by joegoldman
Mon Oct 01, 2018 1:18 pm
Forum: Beginner Basics
Topic: Bonding 2 WAN
Replies: 5
Views: 4430

Re: Bonding 2 WAN

Bonding requires fragmentation and defragmentation at either end of the 2 links, for a single TCP stream to utilise both links bandwidth at the same time you'd need something talking the same bonding protocol on the other end of the 2 links. If both of your links are from the same ISP, this may be p...
by joegoldman
Mon Oct 01, 2018 10:06 am
Forum: Wireless Networking
Topic: Wireless eC, Ce or XX
Replies: 8
Views: 21511

Re: Wireless eC, Ce or XX

Do some simple research you will find your answers - especially in the Mikrotik wiki/Manual From https://wiki.mikrotik.com/wiki/Manual:Interface/Wireless Use of extension channels (e.g. Ce, eC etc) allows additional 20MHz extension channels and if it should be located below or above the control (mai...
by joegoldman
Sun Sep 30, 2018 2:13 pm
Forum: General
Topic: 3011UiAS PPPoe Client not connecting - NBN Australia
Replies: 3
Views: 722

Re: 3011UiAS PPPoe Client not connecting - NBN Australia

Also Aus, NBN provider to be exact. NBN is L2 network - RSP has choice of PPPoE, IPoE or any other 'auth' method. If your provider says you dont need authentication, then they are likely using IPoE. On your device, this means a DHCP Client (ip -> DHCP Client) added to the WAN interface. DHCP client ...
by joegoldman
Sun Sep 30, 2018 2:07 pm
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 613
Views: 191453

Re: RouterOS v7.0 beta1 - when?

After these years, I do not expect any serious answers to come from the Mikrotik. .... Ubiquity is much more flexible in communication ... another region, another morality I've been forced into ubiquiti for Wireless gear (PtMP Sector -> CPE networks), comfortably finding 27dbi, 29dbi dishes , 20+db...
by joegoldman
Thu Sep 27, 2018 9:19 am
Forum: General
Topic: Feature requests
Replies: 1280
Views: 293724

Re: Feature requests

A few suggestions I'd love: 1) Line item groupings, specifically in firewall stuff - basically a completely empty 'rule' / line thats just a comment, stays in block when comments are set to inline. The work around for this is setting dummy unmatchable rules or putting the comment on the first line i...
by joegoldman
Wed Sep 26, 2018 12:59 pm
Forum: General
Topic: CCR1036 DC input?
Replies: 6
Views: 1433

Re: CCR1036 DC input?

We've replaced our CCR1036 PSU's with complete non-OEM units, you can definitely just hit on the molex headers. We supply 24v constant, as we are still technically powering off AC, but we did ours as there are 2 headers on the board (A+B power) but they only manufacture with single PSU, so we replac...
by joegoldman
Wed Sep 26, 2018 12:52 pm
Forum: Forwarding Protocols
Topic: How to create sub-interfaces,run multi process OSPF, redistribution via route-map????
Replies: 1
Views: 885

Re: How to create sub-interfaces,run multi process OSPF, redistribution via route-map????

https://wiki.mikrotik.com/wiki/Manual:TOC Get reading. All you are asking for is definitely possible, albeit with different terminology. Familiarise yourself with Winbox, and a lot of stuff will become clear, like creating a new VLAN interface, setting the tag and applying it to certain interface. A...
by joegoldman
Wed Sep 26, 2018 12:47 pm
Forum: Wireless Networking
Topic: Roaming Help [SOLVED]
Replies: 5
Views: 1124

Re: Roaming Help [SOLVED]

Try playing with Connect List/Access List to force a disassociation quicker, i.e. some devices will try hold the existing connection as long as possible, rather than actively scanning for a better closer AP (which uses more battery). What some people do is put a cutoff at say -70db to force the clie...
by joegoldman
Wed Sep 26, 2018 4:10 am
Forum: General
Topic: Queue's on a bridge with packet marks
Replies: 0
Views: 452

Queue's on a bridge with packet marks

Hi Forum, I've set up a transparent bridge of sorts on a CCR 1036. THe 2 incoming interfaces are vlans, different tags of course. I add both these vlans to bridge Bridge settings are set to use IP Firewall, and fast path off I can block the traffic in ip firewall filter, and I can mark packets in ip...
by joegoldman
Fri Sep 21, 2018 9:45 pm
Forum: Beginner Basics
Topic: A sonic boom
Replies: 1
Views: 542

Re: IPsec over L2TP with client-side behind a natted-router???

What problem are you seeing? Have you simply enabled IPSec in the L2TP server settings? Do you see an error in the logs? Post your configuration with sensitve data hidden to garner further help.
by joegoldman
Mon Sep 17, 2018 2:52 pm
Forum: RouterBOARD hardware
Topic: 100Mb LAN - what's the point?
Replies: 13
Views: 2695

Re: 100Mb LAN - what's the point?

Cost of 100mbit chips is also significantly cheaper. I wouldnt want gigabit on some of the real small cheap stuff, cos it would probably double the price. I think Mikrotik do a good job of determining whats worth the gigabit cost and whats not. Products that are capable of higher than 100mbit but on...
by joegoldman
Mon Sep 17, 2018 2:49 pm
Forum: General
Topic: Switch Stacking
Replies: 0
Views: 1123

Switch Stacking

Hi forum, this is more aimed at a staff member response, but perhaps if someone attended a MUM where it was discussed you may also know the answer. Basically back in Newsletter 82, the new switches with QSFP ports mentioned this in the description: "40Gbit stacking support" Is this just to say give ...
by joegoldman
Thu Sep 13, 2018 10:37 am
Forum: Beginner Basics
Topic: Queues on transparent bridge
Replies: 1
Views: 702

Re: Queues on transparent bridge

Yes i've tested this. You wont get hardware offload so you'll need a CPU that can do the work. Bridge the 2 interfaces, make sure the bridge settings is set to 'use IP Firewall' (Note: This will change it for ALL bridges on the device), then you'll see the packets go through the firewall process and...
by joegoldman
Thu Sep 13, 2018 10:34 am
Forum: Forwarding Protocols
Topic: Injecting partial BGP/Aggregate routes into OSPF
Replies: 7
Views: 1824

Re: Injecting partial BGP/Aggregate routes into OSPF

Done this? I fear as the BGP process is single threaded and eats a whole cpu of the CCR it may cause problems. I do do this, albeit limited. My bigger network runs only BGP as it is a core routing setup, in another country we run more an OSPF mesh around about 7 sites linked together by fixed wirel...
by joegoldman
Thu Sep 13, 2018 8:30 am
Forum: General
Topic: RouterOS ISP identifier
Replies: 10
Views: 1363

Re: RouterOS ISP identifier

I see. I was asking that because I saw in a local University campus that their Wi-Fi had in speedtest.net another University as an ISP. I was wondering if that is possible with Mikrotik devices. Is that done through Cisco's? They will have their own allocated IP addresses from an RIR that they cont...
by joegoldman
Thu Sep 13, 2018 2:30 am
Forum: General
Topic: RouterOS ISP identifier
Replies: 10
Views: 1363

Re: RouterOS ISP identifier

I tried speedtest.net from three different places and I'm not sure from where they get the name. It's definitely not PTR records. Whois info on addresses doesn't contain the exact strings either. They 100% pull primary data from MaxMind GeoIP DB, however they cache it so instant updates to MaxMind ...
by joegoldman
Thu Sep 13, 2018 2:24 am
Forum: Forwarding Protocols
Topic: Injecting partial BGP/Aggregate routes into OSPF
Replies: 7
Views: 1824

Re: Injecting partial BGP/Aggregate routes into OSPF

On the BGP routers, turn on bgp redistribution then add only the wanted routes into ospf-out filter denying the others, so it will redistribute only those?
by joegoldman
Wed Sep 12, 2018 4:52 am
Forum: General
Topic: RouterOS ISP identifier
Replies: 10
Views: 1363

Re: RouterOS ISP identifier

These are external websites, that pull the connecting IP and look it up in databases like MaxMind GeoIP DB. In some cases the information can also be pulled from the WHOIS or RIR. You cant control these websites. RouterOS has nothing to do with your request - it is all about external sources and inf...
by joegoldman
Fri Sep 07, 2018 1:27 am
Forum: General
Topic: Winbox via wine on Ubuntu 18.04
Replies: 5
Views: 3887

Re: Winbox via wine on Ubuntu 18.04

I can confirm same issue on Ubuntu 18.04 - probably a kernel change in the higher 4.15+ kernels that affect WINE APIs to the network stack (i'm currently running 4.18.5). I keep a windows VM installed with VIrtualBox as a just-in-case for situations where I absolutely need mac learning, as it can be...
by joegoldman
Tue Aug 14, 2018 12:49 am
Forum: RouterBOARD hardware
Topic: Random latency peaks: CCR1016-12S-1S+ hardware design issue suspected!
Replies: 8
Views: 2393

Re: Random latency peaks: CCR1016-12S-1S+ hardware design issue suspected!

I had a somewhat _similar_ problem on my CCR1036's a while back. It presented a little bit differently but ultimately just a high spike of use for a few seconds then settles down. What it ended up being on my side was my 'BGP Nail' routes - i.e. so I can advertise my /24's out to the world, I'd put ...
by joegoldman
Tue Aug 07, 2018 12:40 pm
Forum: Announcements
Topic: Winbox v3.17 released!
Replies: 17
Views: 15497

Re: Winbox v3.17 released!

@strods - can we have an idea on why show categories only goes by first character on sorted list - most columns i agree but for GROUP column or ROMMON agent column I think it should use fullname unique For example, if I have SITE1, SITE2, SITE3 group, they all group under 'S' instead of 'SITE1' or '...
by joegoldman
Thu Aug 02, 2018 2:05 pm
Forum: Announcements
Topic: Winbox v3.16 released!
Replies: 63
Views: 38738

Re: Winbox v3.16 released!

Can the sort by GROUP function be fixed up so instead of grouping by the first letter it groups by the full group name? Makes it hard when you're trying to group by site and have a few sites that start with same name and they all group together under 'S' or 'B' or something.
by joegoldman
Fri Jul 13, 2018 5:35 am
Forum: General
Topic: Winbox GROUP function
Replies: 0
Views: 458

Winbox GROUP function

Hi Forum, Hoping to hear from the devs - but is there any plan to fix winbox's 'GROUP' function? i.e. When you assigned save profiles to a GROUP, then you sort by Group it used to sort by the whole group - looks like now it only sorts by first letter of the group (which means that Groups starting wi...
by joegoldman
Tue Jul 10, 2018 1:53 pm
Forum: The User Manager
Topic: Userman / Hotspot Auto Create User
Replies: 2
Views: 2926

Userman / Hotspot Auto Create User

Hi Forum, Trying to setup a hotspot where basically the login page simply asks for email address / accept EULA before auto-creating user, logging them in and using it. Preferrably with MAC based cookie for the next x hours for auto-login again. I can easily do this with the API and external login pa...
by joegoldman
Sat Jul 07, 2018 2:09 am
Forum: Wireless Networking
Topic: CAPsMAN forwarding not working
Replies: 1
Views: 805

CAPsMAN forwarding not working

Hi Forum, I'm trying to set up my first CAPsMAN network, and having issue that isn't a big issue but I'd like to fix. The setup is basically: RB1100AHx4 -> CRS328 -> cAP's The RB1100AHx4 is the CAPsMAN and also main router, so I want CAPsMAN forwarding so all traffic comes to this router, and dont w...
by joegoldman
Sun Jun 17, 2018 8:34 am
Forum: General
Topic: PPPoE queues for different routes
Replies: 0
Views: 372

PPPoE queues for different routes

Hi Forum, I really want to do some dynamic queuing. Previously, I've just set the Rate-Limit RADIUS reply for a simple queue to be added on the PPPoE server, and it works perfect. What I want to do now is a bit different, ultimately for example I want to be able to limit a user to 5mbit when going o...
by joegoldman
Wed Apr 04, 2018 1:19 am
Forum: Forwarding Protocols
Topic: can my NAT configuration change my domain name?
Replies: 3
Views: 729

Re: can my NAT configuration change my domain name?

Basically it looks like your DNS provider points to their own webserver, and they've asked you for location of your website, and instead of setting the A record appropriately they've kept the A record pointing at them and are doing a 302 redirect, directly to your IP. If you update the root A record...
by joegoldman
Thu Mar 15, 2018 2:08 am
Forum: Forwarding Protocols
Topic: BGP - Want to receive own routes
Replies: 2
Views: 727

Re: BGP - Want to receive own routes

Im such a wank. Allow-as-in is the obvious answer, I set it to 1 as it has 1 instance of my AS as the origin, all is swell.
by joegoldman
Thu Mar 15, 2018 1:28 am
Forum: Forwarding Protocols
Topic: BGP - Want to receive own routes
Replies: 2
Views: 727

Re: BGP - Want to receive own routes

OK so this is 100% loop protection because its my own origin AS at the separate site.

Is there a way to have the filters allow own origin AS for a single prefix to bypass loop protection on this particular route?
by joegoldman
Wed Mar 14, 2018 11:58 pm
Forum: Forwarding Protocols
Topic: BGP - Want to receive own routes
Replies: 2
Views: 727

BGP - Want to receive own routes

Hi All, Having a hard time deciphering this one. Basically, on one peer im announcing out to upstreams 123.456.24.0/21 [made up for example sake], this is one of our 'supernets', and this is our primary, default site. Recently we've split off 123.456.30.0/23, so the upper quarter of the /21 and anno...
by joegoldman
Tue Sep 12, 2017 12:43 am
Forum: Forwarding Protocols
Topic: How to merge two link for more throughput [SOLVED]
Replies: 21
Views: 3014

Re: How to merge two link for more throughput [SOLVED]

You could potentially EoIP tunnel from PPPoE server to Router A taking both paths (as thats where the separate paths converge) then using a bonding interface to bond the 2. This would likely mean you lose the 30mbit on the 130mbit leg of the link, but being wireless you could run into more overhead ...
by joegoldman
Tue Sep 12, 2017 12:38 am
Forum: Forwarding Protocols
Topic: Transfer traffic between ports
Replies: 2
Views: 692

Re: Transfer traffic between ports

Port Mirroring probably your only bet:

viewtopic.php?t=58471

Requires the ports be part of a switch chip I believe.

Otherwise, not having used the linsn cards - I'd say you would have to daisy chain them.
by joegoldman
Sat Jun 10, 2017 1:11 pm
Forum: General
Topic: Winbox on ubuntu drag and drop file
Replies: 2
Views: 1216

Re: Winbox on ubuntu drag and drop file

No. It is a limitation of using winbox in WINE. Although it works, it is not designed for it. It works quite well, as I am full time ubuntu, my solution to this problem is: if you use SCP, you will find that "/" is the root of the file manager, so if you have a file 'log.txt' you want to download fr...
  • 1
  • 2