Community discussions

MikroTik App

Search found 674 matches

by joegoldman
Tue Oct 19, 2021 10:31 am
Forum: Beginner Basics
Topic: Help for a beginner
Replies: 5
Views: 224

Re: Help for a beginner

ALL the interfaces? Including physical ethernet ones? If so - if it is a device with console access, you'd have to go through that. Failing that, capture netinstall/routerboot menu usually through ether1 (again this depends on model) which may let you pull the config but without console access to re...
by joegoldman
Mon Oct 18, 2021 2:42 pm
Forum: Forwarding Protocols
Topic: BGP Filters - howto?
Replies: 1
Views: 150

Re: BGP Filters - howto?

This Wiki will tell you how the filters work.

BGP routes do not carry 'hops', but using bgp-as-path-length you can calculate the how many AS's in the routes path and filter based on that.
by joegoldman
Sun Oct 17, 2021 1:06 am
Forum: RouterOS v7 BETA
Topic: Is MT the worse monitoring router?
Replies: 18
Views: 1306

Re: Is MT the worse monitoring router?

Do you mean Netflow by always exporting file and looking what happend in the past? Am I asking to much to allow Tools/Graphs for IP adress? Why mikrotik never thought about it????? Why only ethers are allowed to see the graphs?? I dont know how they think.... Because you are now asking them to buil...
by joegoldman
Sat Oct 16, 2021 1:07 pm
Forum: General
Topic: Make ssh/web reachable from VPN network [SOLVED]
Replies: 8
Views: 484

Re: Make ssh/web reachable from VPN network [SOLVED]

Mikrotik management services listen on all addresses by default.

What will be stopping access is either IP ACL on the service or username itself
OR
Firewall rules blocking access to anything but specific IP's

Post /export hide-sensitive so we can help determine what the issue is.
by joegoldman
Sat Oct 16, 2021 1:04 pm
Forum: RouterOS v7 BETA
Topic: Is MT the worse monitoring router?
Replies: 18
Views: 1306

Re: Is MT the worse monitoring router?

You can definitely do this on torch for real time, use the interface that the LAN gateway IP resides (usually bridge or master port), and untick everything except dst address (or src address depending on flow of traffic) and you can see the cumulative data used by each IP in instant real time. You w...
by joegoldman
Thu Oct 14, 2021 4:54 am
Forum: General
Topic: Bonding | Management Radios
Replies: 1
Views: 262

Re: Bonding | Management Radios

Place either the transit or management on a separate vlan so their packets aren't captured in the bonding interface, but rather processed on the separate sub-if.
by joegoldman
Tue Oct 05, 2021 6:51 am
Forum: General
Topic: winbox can't work correctly if "users" folder moved from disk C:
Replies: 13
Views: 868

Re: winbox can't work correctly if "users" folder moved from disk C:

I have wanted for a long time to be able to move winbox working dir - I'd like to figure out a way to sync my managed lists database between devices without scripts or copying (using something like Dropbox or Nextcloud. THe session folder is just the .viw files so unfortunately is of little help.
by joegoldman
Tue Oct 05, 2021 12:44 am
Forum: Scripting
Topic: Copy Dynamic ip pptp-out1 to nat address
Replies: 4
Views: 485

Re: Copy Dynamic ip pptp-out1 to nat address

You can use ppp profiles to create on-up and on-down scripts. on-up script has a variable passed in for Local Address (Address assigned to the interface) as '$local-address' So it'd be something similar to this (untested): /ip firewall nat set [ find comment="PPTP UPDATE" ] to-address=$loc...
by joegoldman
Sun Oct 03, 2021 2:07 pm
Forum: RouterOS v7 BETA
Topic: Periodic crashes in 7.1rc4
Replies: 23
Views: 2081

Re: Periodic crashes in 7.1rc4

Bildschirmfoto_2021-10-03_11-59-20.png So that looks fine at least, right? The config is fine - its obviously being set by ntp - but the curious point the other poster was making is that the boot time is always the same to ~2 days ago, all your 'reboot without proper shutdown messages' default back...
by joegoldman
Thu Sep 30, 2021 12:53 am
Forum: Scripting
Topic: [PPPOE] How to disable the secret for 10 seconds when a user disconnects
Replies: 9
Views: 852

Re: [PPPOE] How to disable the secret for 10 seconds when a user disconnects

What I need is that in On down the secret of the user is disabled for 20 seconds. Something like: /ppp secret disable ; Timeout 20s ; / ppp secret enable . But I don't know how to do it so that it applies only to the user who logged out. I gave you that script (just without testing) in my post abov...
by joegoldman
Wed Sep 29, 2021 1:34 am
Forum: Virtualization
Topic: CHR in AWS - Horribly slow
Replies: 2
Views: 637

Re: CHR in AWS - Horribly slow

Have you applied a license? I believe CHR will only route 1mbps or something very low without an applicable license added.
by joegoldman
Mon Sep 27, 2021 1:42 am
Forum: Scripting
Topic: [PPPOE] How to disable the secret for 10 seconds when a user disconnects
Replies: 9
Views: 852

Re: [PPPOE] How to disable the secret for 10 seconds when a user disconnects

The problem is that many ont's restart up to 10 times in 1 minute filling the mikrotik with pppoe requests, I would like to make the secret of the user when detected in DOWN state is disabled for 10 to 20 seconds until it is valid again. I mean a script on the pppoe server. But I do not know how to...
by joegoldman
Mon Sep 27, 2021 1:04 am
Forum: Scripting
Topic: [PPPOE] How to disable the secret for 10 seconds when a user disconnects
Replies: 9
Views: 852

Re: [PPPOE] How to disable the secret for 10 seconds when a user disconnects

If you are trying to avoid one username logging in multiple times (-1,-2 interfaces) then you can use 'One Session Per Host' option in PPPoE Server, so if there is an active user with that username logged in already (or still timing out) then they will be refused login. Alternatively on the ppp prof...
by joegoldman
Sun Sep 26, 2021 2:54 am
Forum: General
Topic: Anonymous user tried to log in
Replies: 7
Views: 783

Re: Anonymous user tried to log in

It looks as though it is a hotspot login for anonymous user / guest user when guest/trial accounts aren't enabled. If its still in your buffer, open it in webfig or winbox and get the other topics listed on the log to know where its coming from, but generally a services login says failed to login vi...
by joegoldman
Tue Sep 21, 2021 11:37 am
Forum: General
Topic: Problem with delivery / looking for alternative [SOLVED]
Replies: 9
Views: 698

Re: Problem with delivery / looking for alternative [SOLVED]

cAP uses 4W max, meaning max 4 x 21 per switch. That is about 84W + losses, which I factor in as 20% max on a good wire, so ~ 100W. Yes, the older 2.4ghz only cAP only uses 4W, if that is the model you are implementing then 100% your calculations are correct - mine above are with accounting for 13W...
by joegoldman
Tue Sep 21, 2021 5:45 am
Forum: General
Topic: Problem with delivery / looking for alternative [SOLVED]
Replies: 9
Views: 698

Re: Problem with delivery / looking for alternative [SOLVED]

I use ubiquiti EdgeSwitch as a decently priced alternative - however 20+ cAP's on a single switch has a max power draw of over 500W (not including the power the switch needs), you can obviously account for much less continuous but if you are playing safe you'd have to go up to 48 port 750W versions ...
by joegoldman
Mon Sep 20, 2021 2:55 am
Forum: General
Topic: Bind Webfig and ssh to a vlan
Replies: 11
Views: 691

Re: Bind Webfig and ssh to a vlan

The services bind to 0.0.0.0 - meaning any IP address locally on the device (sans IP's in different VRF - which is annoying but totally separate issue) Your problem here appears to be two-fold - in the current export you've provided, you only have 2 IP addresses: /ip address add address=192.168.2.99...
by joegoldman
Sun Sep 19, 2021 11:11 am
Forum: Forwarding Protocols
Topic: Multi-Homed BGP over two Edge Routers
Replies: 4
Views: 968

Re: Multi-Homed BGP over two Edge Routers

You can never truly control how traffic gets to you, if you provide multiple paths - but the more successful way is definitely via more specific prefixes. You say you have a /21 - so advertise 2x /22's via ISP A and just the /21 via ISP B - a more specific route in pretty much any route table takes ...
by joegoldman
Tue Sep 14, 2021 2:22 am
Forum: Forwarding Protocols
Topic: OSPF Out Filter
Replies: 6
Views: 764

Re: OSPF Out Filter

is that on backbone area?
As far as i know filters doesn't work on that area
Yes it all runs on a single area.

Why wouldn't filters work on backbone thats weird - i use ospf-in extensibly to re-write the pref-source without issue - do you have source on this? I can't find it in the wiki.
by joegoldman
Tue Sep 14, 2021 1:49 am
Forum: RouterOS v7 BETA
Topic: v7.1rc3 adds Docker (TM) compatible container support
Replies: 207
Views: 24489

Re: v7.1rc3 adds Docker (TM) compatible container support

Is https://hub.docker.com/r/frrouting/frr supported? Because it supports protocols that RouterOS doesn't? As someone else alluded to - it runs contained so it won't affect the RouterOS routing table directly, but you could use a diff protocol to talk between your router and container, then the cont...
by joegoldman
Tue Sep 14, 2021 1:44 am
Forum: General
Topic: Who has the biggest uptime ?
Replies: 22
Views: 3392

Re: Who has the biggest uptime ?

I printed it years ago before switching off the server due to office reorganization. It was standard small factor form desktop, not a "server beast", sitting under the desk on a box of drawers. This piece of memories is still on my pin board. If we going server / non mik uptimes - my bigg...
by joegoldman
Tue Sep 14, 2021 12:18 am
Forum: Forwarding Protocols
Topic: OSPF Out Filter
Replies: 6
Views: 764

OSPF Out Filter

Hi forum, I have a router that gets a connected route via ppp which is pretty standard. The issue is its redistributing that route (as connected route so lower cost) to other peers - its just a router ID so it does not affect customer traffic but causes weird issues and traceroutes when we monitor b...
by joegoldman
Thu Sep 09, 2021 9:23 am
Forum: RouterOS v7 BETA
Topic: v7.1rc3 adds Docker (TM) compatible container support
Replies: 207
Views: 24489

Re: v7.1rc3 adds Docker (TM) compatible container support

HAHA omg the first docker im going to use is likely to be.... ....unifi controller! This is actually super handy. Clients can have unifi controller in the router - maybe small pbx if required Bottom of tower can have local nagios,cacti or other monitoring tools Self hosted dynamic hotspot login webs...
by joegoldman
Thu Sep 09, 2021 2:55 am
Forum: General
Topic: Something must be really wrong on my configuration. Needs real help here! [SOLVED]
Replies: 23
Views: 1337

Re: Something must be really wrong on my configuration. Needs real help here! [SOLVED]

The bridge is not needed. Each port has it's own network... if you may, amigo. how do I get rid of hEX ports 3-5 from slavery? is there a special script to convert them to nothing or something away and send them to their freedom? this is 2021 for heavens! If they are not part of a bridge port - the...
by joegoldman
Wed Sep 08, 2021 3:43 am
Forum: General
Topic: Can Someone Explain this!!!!
Replies: 20
Views: 1394

Re: Can Someone Explain this!!!!

What does your NMS say? You should be able to look at your netflow stats to determine what the excess traffic is, or just torch the interface see whats happening that is not being forwarded to ether4. Likely dropped/queued packets or traffic to unused IP's in a subnet you are using but not actively ...
by joegoldman
Tue Sep 07, 2021 3:05 pm
Forum: Wireless Networking
Topic: Migration of RADIUS, need 2 RADIUS for some time
Replies: 3
Views: 962

Re: Migration of RADIUS, need 2 RADIUS for some time

Hmmm... no answer? Impossible? You can have multiple servers - but if both are required for 'wireless' i'm not sure you can specify which wireless network uses which server. My solution - if NPS supports it (have only used it a little bit) if all rules / policies fail/dont apply on the new server ,...
by joegoldman
Tue Sep 07, 2021 5:48 am
Forum: Forwarding Protocols
Topic: OSPF Effective Load Balancing
Replies: 3
Views: 862

Re: OSPF Effective Load Balancing

When you have a larger link and a smaller one, just make point-to-point VLAN on the larger link, put IP, advertise the network in OSPF and it will do ex 75 / 25 Thanks for the tip - seems hacky and annoying (and will waste IPv4 since i still use that on my ptp links, but might change this to privat...
by joegoldman
Mon Sep 06, 2021 2:00 am
Forum: Forwarding Protocols
Topic: OSPF Effective Load Balancing
Replies: 3
Views: 862

Re: OSPF Effective Load Balancing

I answered this for myself with a solution that I didn't think would work based on an article i read. Basically matching the cost at the originating router will automatically trigger ECMP (50/50 split), my understanding was it also took into account router hops for ECMP but it doesn't, just cost - s...
by joegoldman
Tue Aug 31, 2021 7:37 am
Forum: General
Topic: Who has the biggest uptime ?
Replies: 22
Views: 3392

Re: Who has the biggest uptime ?

Current highest in my network is 465 days. Its in a site we are not allowed to get easy access to - but it is firewalled out the wazoo (running 6.45.5) - most of my others have been rebooted either due to upgrades or power issues I think the next highest is about 100d.
by joegoldman
Tue Aug 31, 2021 7:29 am
Forum: General
Topic: L2 Connection controll
Replies: 4
Views: 491

Re: Mikrotik

No, you can't control what IP it has if its not listening for DHCP, so you could try broadcasting DHCP and see if it picks one up?

You can add an IP in common subnets and do an IP scan to see if it shows (ICMP or ARP)

You can google the device and see if its noted down anywhere its default details.
by joegoldman
Tue Aug 31, 2021 7:27 am
Forum: General
Topic: Trouble Passing static IP's from ISP through RB1100 to 3rd party router
Replies: 5
Views: 553

Re: Trouble Passing static IP's from ISP through RB1100 to 3rd party router

There are many options - depending on how you want to use your resources. You can setup a LAN, using gw address in the block and hand the rest out having all the 3rd party routers in that LAN You can use a system like PPPoE and hand them out on the ppp interface You can use private IP addresses to '...
by joegoldman
Tue Aug 31, 2021 2:15 am
Forum: Forwarding Protocols
Topic: OSPF Effective Load Balancing
Replies: 3
Views: 862

OSPF Effective Load Balancing

Hi Forum Say I have a triangle of sites - internet comes in to Site A and distributes it to Site B and Site C Site C and Site B also have a link between them in case a primary link goes down. Site B is significantly larger than Site C - so we are using a lot of bandwidth on Site A <-> Site B - I'd l...
by joegoldman
Thu Aug 26, 2021 2:11 am
Forum: Announcements
Topic: WinBox v3.29 released!
Replies: 114
Views: 12568

Re: WinBox v3.29 released!

I keep hoping that one day MikroTik will put all winbox functionality in webfig so that we can maintain our routers without having to install winbox. A separate service program (available for Windows and also native for Linux and MacOS) would serve as a relay for MAC access and Netinstall functions...
by joegoldman
Thu Aug 26, 2021 2:07 am
Forum: General
Topic: Switch high CPU VLAN
Replies: 17
Views: 1007

Re: Switch high CPU VLAN

Thank you, yes the CSR is kind of already coming to its knees with just 200mb of traffic. I would have actually used port isolation if it was port, but this being VLAN i cannot use that. I want to test the VLAN under bridge, is there any example related to what I want, I tried looking but nothing s...
by joegoldman
Thu Aug 26, 2021 12:23 am
Forum: RouterOS v7 BETA
Topic: v7.1rc1 reasonable for production for my usecase?
Replies: 15
Views: 1854

Re: v7.1rc1 reasonable for production for my usecase?

Only worth moving to v7 if there's a feature you absolutely NEED for some reason - even then its a silly idea. I'll be on 6.x LT releases for probably quite a while (like 7.10 stable) - as also with the fundamental changes in a lot of the logic and objects, it'll be a 'whole network migration' plan ...
by joegoldman
Thu Aug 26, 2021 12:21 am
Forum: General
Topic: Switch high CPU VLAN
Replies: 17
Views: 1007

Re: Switch high CPU VLAN

You are essentially creating a CPU bridge and plopping the 3 physicals and the 3 VLANs into one 'broadcast' bridge together - this requires CPU access and is more a router functionality (of which the CRS series has very basic routing power) You want to only add the physical interfaces to a single br...
by joegoldman
Tue Aug 24, 2021 12:51 pm
Forum: Announcements
Topic: WinBox v3.29 released!
Replies: 114
Views: 12568

Re: WinBox v3.29 released!

This is a great update! Being able to re-organise columns and the new column selector is a godsend! Along with the windows option for those busy busy troubleshooting sessions. I have asked this before, and had it previously working - but is it possible in the main winbox view to have 'show categorie...
by joegoldman
Tue Aug 24, 2021 12:47 pm
Forum: Beginner Basics
Topic: Username reset
Replies: 1
Views: 447

Re: Username reset

If its a default config device - then you'd log in with admin and <blank> password (i.e. nothing) If its an already setup device, you would need a username/password that works to login and change the password of another user (or your own). If neither of those options are available to you, then you w...
by joegoldman
Fri Aug 20, 2021 3:06 am
Forum: General
Topic: How to deliver Public IP to a client?
Replies: 8
Views: 632

Re: How to deliver Public IP to a client?

I ment why does OP want to deliver not using the /29 Ah ok. Because it would be wasteful. /29 has 8 addresses 1x Network 1x Broadcast 1x Gateway = 5 Usable addresses He would then need to bridge all customers to use same gateway assuming they'll all connect to same router - or extend L2 to other si...
by joegoldman
Fri Aug 20, 2021 2:53 am
Forum: General
Topic: How to deliver Public IP to a client?
Replies: 8
Views: 632

Re: How to deliver Public IP to a client?

Why? Depending on the situation and config - it is possible that one of the routers will respond with the private addressing and if you are outside of that network, you won't receive that reply as its not 'routeable' to you - its small, and just shows a blank spot within the traceroute (traceroute ...
by joegoldman
Thu Aug 19, 2021 5:39 am
Forum: General
Topic: How to deliver Public IP to a client?
Replies: 8
Views: 632

Re: How to deliver Public IP to a client?

You can split the /29 into /30's - but you'll only be able to serve 2 customers that way with network and broadcast addresses. You can kind of use /31's very hackabout - but again still only 4 customers. You can use a point-to-point protocol like PPPoE to establish it You can use private addressing ...
by joegoldman
Wed Aug 18, 2021 3:34 am
Forum: General
Topic: if 5 times try to connect ssh, src address deny !
Replies: 2
Views: 374

Re: if 5 times try to connect ssh, src address deny !

Yes possible, using 'dst-limit' on the 'new' connection state in ip firewall filter or an old, long way is to create staged address-lists with short timeoutes. Management stuff - as rextended suggested, is much better over VPN with maybe some kind of port-knock system to get in - in those rare insta...
by joegoldman
Wed Aug 18, 2021 2:26 am
Forum: General
Topic: What is MikroTik working on?
Replies: 3
Views: 536

Re: What is MikroTik working on?

Work on 6.x has stagnated, and work on 7.x is a BIG job. It'd be hard having your development resources split between 2 large projects. Alongside that - real world issues like you linked along with chip shortages and pandemic in general causes the whole world to slow down realistically. 6.X is mostl...
by joegoldman
Fri Aug 13, 2021 1:03 am
Forum: General
Topic: Issues upgrading ROS v5.26 on x86 pc
Replies: 4
Views: 511

Re: Issues upgrading ROS v5.26 on x86 pc

Given its age - i think your better option is to backup the configurations and rebuild it fresh - Given the age I'd say there's a few steppings you'd likely need to take as latest might not support full conversion from something so old. If you understand the config enough then I would take the expor...
by joegoldman
Sat Aug 07, 2021 9:23 am
Forum: Forwarding Protocols
Topic: BGP is not sending default routed
Replies: 4
Views: 1145

Re: BGP is not sending default routed

What does the Andy-out filter look like, do you have an allow rule for the default route or a deny rule that'd count it out?
by joegoldman
Fri Aug 06, 2021 5:04 am
Forum: RouterBOARD hardware
Topic: Tiny RouterOS capable device
Replies: 5
Views: 1393

Re: Tiny RouterOS capable device

more along the line of the dimensions 90x60x20mm. At that size - no. Not without looking at the bare boards and finding/making your own enclosure. That said - if hAP Mini serves your purpose - just turn the wifi off. The standard hEX case is used by many models and is their default 'compact' case a...
by joegoldman
Thu Jul 22, 2021 5:01 am
Forum: Forwarding Protocols
Topic: Can only ping 1 direction, but it gets weirder...
Replies: 2
Views: 1367

Re: Can only ping 1 direction, but it gets weirder...

What does your ip route show for that particular route ? Does it specificy a bad src-address? Torch the interface without a src-address and see what src/dst its trying to use.
by joegoldman
Fri Jul 16, 2021 1:27 am
Forum: Scripting
Topic: Create an .exe for restarting the mikrotik
Replies: 14
Views: 1372

Re: Create an .exe for restarting the mikrotik

In any case, the comment was made in response to the claim up-thread that "the EXE will have to contain the username and password". The SSH executable doesn't contain user names or passwords, and as we've seen, there are ways to protect its external key. The ultimate idea behind the comme...
by joegoldman
Wed Jul 14, 2021 4:09 am
Forum: Forwarding Protocols
Topic: BGP ECMP (multipathing)
Replies: 55
Views: 21933

Re: BGP ECMP (multipathing)

Thanks. Not very hopeful on it being any time soon since v7 has been in the works for years now :'( Mikrotik spent years putting the groundwork in place, building the framework for the new routing engine to ensure it would scale and be easy to maintain. They also hired a bunch more developers. You ...
by joegoldman
Mon Jul 12, 2021 7:06 am
Forum: Beginner Basics
Topic: Block internet from all but one user
Replies: 22
Views: 1281

Re: Block internet from all but one user

Thank you. I'll try that. I'm still curious why my way did not work. Is that address reserved for them? Did it pull a new address from DHCP before midnight? What does the rest of the rule say? Might be some other matcher. Use /export (or /ip firewall filter export) to get the exact config of the ru...
by joegoldman
Tue Jul 06, 2021 6:44 am
Forum: Scripting
Topic: How to determine if a setting is available
Replies: 3
Views: 930

Re: How to determine if a setting is available

Depending on the devices you need to support, you could always base it on /system routerboard model - from which you can pre-program on what to do for that model. This could be a bit more tedious if you are supporting a LARGE amount if different models but if its between 2 or 3 then its not bad.
by joegoldman
Fri Jul 02, 2021 3:02 am
Forum: RouterBOARD hardware
Topic: Holes at the low end of the CRS product line
Replies: 10
Views: 1803

Re: Holes at the low end of the CSR product line

There's unlimited number of port configurations. You'll almost always never get the exact port config you need - but why would you ? what about growth? What if your 2 camera system turns into 4? Or VoIP phones wanting PoE? You have a minimum requirement - and you should look at a future minimum requ...
by joegoldman
Wed Jun 30, 2021 11:16 am
Forum: Beginner Basics
Topic: How do I find the IP address of my WAP? [SOLVED]
Replies: 6
Views: 715

Re: How do I find the IP address of my WAP? [SOLVED]

My goal with the wide netmask is to be able to identify devices by IP address quickly. I want to assign my WAPs and my gateway router: 10.0.1.1, 10.0.2.1, 10.0.3.1, etc. In conjunction with this, I would like to assign IP addresses via DHCP depending on the WAP that the host attached to. So if it a...
by joegoldman
Sat Jun 26, 2021 1:57 am
Forum: General
Topic: Feature Request: SAFE MODE time based
Replies: 24
Views: 5571

Re: Feature Request: SAFE MODE time based

If you lose connection, how do you expect safe mode to remain activated? We are asking for a way to 'resume' safe mode by reconnecting after loss of connection. A more simple example: Say you are helping configure a remote CPE with new username and password in PPPoE, you are connecting via the WAN....
by joegoldman
Tue Jun 22, 2021 1:45 pm
Forum: Beginner Basics
Topic: Three same-distance routes
Replies: 5
Views: 788

Re: Three same-distance routes

How are these last packets routed once delivered to these equal-distance default route ? Whichever route is currently Active - and likely it is the first to be installed assuming all same distance, scope etc. There is a way to do ECMP by having the gateways in the SAME route if that is what you are...
by joegoldman
Tue Jun 22, 2021 1:38 pm
Forum: General
Topic: PPPOE performance degradation
Replies: 1
Views: 303

Re: PPPOE performance degradation

My main guess would be - is traffic building up overtime causing congestion on the link? MIkrotiks can run a vast array of services if not secured correctly will end up being used for amplify attacks and other things. A copy of your config may help us - but I'd be checking throughput on the ppp inte...
by joegoldman
Mon Jun 21, 2021 6:15 am
Forum: Announcements
Topic: Newsletter June 2021 (#100)
Replies: 55
Views: 20839

Re: Newsletter June 2021 (#100)

Home app - goes thorugh nothing to do with WAN setup. What if its PPPoE? Does this just purely rely on a DHCP WAN? For any kind of funky setups, surely you need the normal MikroTik app, where a lot more options are available. This is for home users with no configuration needs. PPPoE is still widely...
by joegoldman
Fri Jun 18, 2021 3:27 am
Forum: General
Topic: Multiple pppoe with same name and simple queues problem [SOLVED]
Replies: 10
Views: 714

Re: Multiple pppoe with same name and simple queues problem [SOLVED]

You can use ppp interface instead where it uses interface name - you can cross reference session by caller ID from ppp active via ppp interface to get interface name then reference that to simple queues.

Best way to do it depends on what you are trying to achieve.
by joegoldman
Thu Jun 17, 2021 1:48 am
Forum: Announcements
Topic: Newsletter June 2021 (#100)
Replies: 55
Views: 20839

Re: Newsletter June 2021 (#100)

Home app - goes thorugh nothing to do with WAN setup.

What if its PPPoE? Does this just purely rely on a DHCP WAN?
by joegoldman
Thu Jun 10, 2021 12:06 pm
Forum: Beginner Basics
Topic: Unstable connection BGP L2TP IPSec
Replies: 2
Views: 493

Re: Unstable connection BGP L2TP IPSec

I assume you are using L2TP because you are traversing many networks and want to create a single-hop tunnel? If so - the performance issues could very well be any network from source to endpoint of the L2TP tunnel - and may not reflect a configuration issue at all. Is the poor performance also shown...
by joegoldman
Thu Jun 10, 2021 4:10 am
Forum: General
Topic: Multiple RADIUS servers
Replies: 8
Views: 925

Re: Multiple RADIUS servers

It probably needs some testing - it isn't clear if that setting adds a realm / user domain if none is present in the username, and/or will direct requests for a realm / user domain to a particular server. It adds it as an extra domain attribute for Windows servers that require domain validation (fr...
by joegoldman
Mon May 31, 2021 2:50 pm
Forum: General
Topic: Freedarius to g suite using mikrotik does it possible?
Replies: 3
Views: 855

Re: Freedarius to g suite using mikrotik does it possible?

Mikrotik supports RADIUS. FreeRADIUS talking to G Suite is not in Mikrotik's purview - if there is a problem, and you know that FreeRADIUS to G Suite is working, you need to debug why Mikrotik to FreeRADIUS is not - you can set Mikrotik logs down to debug level for Radius and see the raw radius pack...
by joegoldman
Fri May 28, 2021 2:04 am
Forum: Beginner Basics
Topic: L2TP server to use same pool as LAN
Replies: 5
Views: 533

Re: L2TP server to use same pool as LAN

What people tend to forget - VPN interfaces are L3 interfaces not L2 - dialing in is not the same as plugging into the local network, the L2 protocols are largely lost. Things like proxy-arp help, so the router is doing the work for you, but beyond using tech like vpls or eoip, you have to consider ...
by joegoldman
Sat May 22, 2021 3:52 am
Forum: Beginner Basics
Topic: Difference between Simple Queue and Queue tree [SOLVED]
Replies: 2
Views: 650

Re: Difference between Simple Queue and Queue tree [SOLVED]

Hi this is your personal google service: https://wiki.mikrotik.com/wiki/Manual:Queue There are two different ways how to configure queues in RouterOS: /queue simple menu - designed to ease configuration of simple, everyday queuing tasks (such as single client upload/download limitation, p2p traffic ...
by joegoldman
Sat May 22, 2021 1:51 am
Forum: General
Topic: Winbox for linux
Replies: 15
Views: 1359

Re: Winbox for linux

Looking at the repo its just running winbox.exe in wine anyways - just seems another step in the process (or you might find it easier for you). Winbox runs pretty much perfect in WINE - there's little to no reason to port it to a cross-compatible library for *nix. There's also WebFig if you struggle...
by joegoldman
Mon May 17, 2021 3:10 pm
Forum: General
Topic: ISP says that I can't connect my ONT device [SOLVED]
Replies: 2
Views: 465

Re: ISP says that I can't connect my ONT device [SOLVED]

If the ISP says no, then no. Sure there may be technical compatibilities - but more goes into it then that. Their provisioning and other network tools may be based around using their own GPON device (GPON on NBNCo in Australia, the national network, requires their ONU for provisioning and then hande...
by joegoldman
Mon May 17, 2021 3:33 am
Forum: General
Topic: Owncloud port 80
Replies: 6
Views: 835

Re: Owncloud port 80

https://prnt.sc/12vfby3 https://prnt.sc/12vfcdd https://prnt.sc/12vfd0w https://prnt.sc/12vfdb3 When i make for example port 800 i can ofcors enter webpages normal but my host is like xxxxx.ddns.net:800/owncloud Read my post above - this is a web server configuration error. You say yourself the sit...
by joegoldman
Wed May 12, 2021 5:36 am
Forum: General
Topic: external Radius server and mikrotik ???
Replies: 7
Views: 768

Re: external Radius server and mikrotik ???

@joegoldman are you using foxpass? No I am using Radiator on a cloud hosted Dedicated Server in a different country from most of my routers. You can run debug radius log to get the packets being sent and any received to really drill down into the problem (And do the same level on the cloud end) thi...
by joegoldman
Tue May 11, 2021 11:11 am
Forum: General
Topic: external Radius server and mikrotik ???
Replies: 7
Views: 768

Re: external Radius server and mikrotik ???

What are you trying to use the radius client for? Hotspot, PPP, Local Auth etc? Provide an /export (or at least /radius export and config of the service you want using it) so we can help. Personally I connect all our mikrotiks to a 'cloud hosted' Radius server in a different country for ppp auth wit...
by joegoldman
Fri May 07, 2021 10:41 am
Forum: General
Topic: Owncloud port 80
Replies: 6
Views: 835

Re: Owncloud port 80

I wanna finish with "myddnsname.somethink" now its work on myddnsname.somethink/owncloud This is to do with your Raspberry Pi / OwnCloud installation. It is not recognizing the URL as a host-header to point to /var/www/owncloud (or wherever its located on your Pi), but likely being caught...
by joegoldman
Sun May 02, 2021 2:15 pm
Forum: General
Topic: Assign static IP's from ARP not DHCP Leases to stop MAC Clonning
Replies: 7
Views: 923

Re: Assign static IP's from ARP not DHCP Leases

Another option is port security depending on what switching you are using - where you restrict MAC down to the physical port on the switch, so they'd need to spoof and repatch/move desks.
by joegoldman
Sun May 02, 2021 2:06 pm
Forum: Scripting
Topic: Change bytes to mb or gb in simple queue for telegram bots
Replies: 5
Views: 1270

Re: Change bytes to mb or gb in simple queue for telegram bots

You can use simple arithmetic operators on returned values i.e. bytes -> kilobytes is divide bytes by 1024 (( [bytes] / 1024) for instance), where 5120 bytes becomes 5kilobytes, continue up the chain by dividing 1024 t o get to desired value bytes / 1024 = kilobytes kb / 1024 = megabytes mb / 1024 =...
by joegoldman
Fri Apr 30, 2021 2:31 am
Forum: General
Topic: VPN OPTIONS @ HELP with MUDI
Replies: 3
Views: 475

Re: VPN OPTIONS @ HELP with MUDI

Mikrotik supports OVPN server - but only supports certain parts of the spec, so you'll need to read through both documentations to get configuration right.
by joegoldman
Fri Apr 30, 2021 2:24 am
Forum: RouterOS v7 BETA
Topic: VRRP connection tracking and preemption mode
Replies: 7
Views: 1391

Re: VRRP connection tracking and preemption mode

the master does not have connections synced from the backup router yet! Great post and explanation! THis is the #1 reason I had in my head why it would be that way but great to get confirmation. To address OP's situation -w hich I assume is NAT Even though the connections are synced to the 2nd rout...
by joegoldman
Thu Apr 29, 2021 4:15 am
Forum: RouterOS v7 BETA
Topic: VRRP connection tracking and preemption mode
Replies: 7
Views: 1391

Re: VRRP connection tracking and preemption mode

as some of the users in the home where this is being used complain about their internet suddenly going out, which tracking might help a little with.
No - tracking won't really help a notice-able amount. I'd fore-go it and use preemptive mode.
by joegoldman
Thu Apr 29, 2021 1:44 am
Forum: RouterOS v7 BETA
Topic: VRRP connection tracking and preemption mode
Replies: 7
Views: 1391

Re: VRRP connection tracking and preemption mode

Mikrotik explicitly state that pre-emption mode must be off for connection sync as it currently stands - unknown if this is a temporary limitation or not. But - it looks like you should still be able to use priorities etc to force master back to being master (which I thought was VRRP default anyways...
by joegoldman
Wed Apr 21, 2021 5:59 am
Forum: General
Topic: Downloading from ONE interface
Replies: 5
Views: 596

Re: Downloading from ONE interface

IDM is still just a downloader - it may just chunk it out and try get multiple streams going - which can help depending on features of your firewall or ISP in what they might do for rate limiting (PCQ etc) A lot of variables at play here, and you'd need to isolate down to which device/port/portion i...
by joegoldman
Wed Apr 21, 2021 5:55 am
Forum: Forwarding Protocols
Topic: VRRP trigger from lost internet connection
Replies: 5
Views: 1799

Re: VRRP trigger from lost internet connection

If you have Static IP hand-off, you could try pinging your gateway as netwatch, which shouldn't be pingable if internet was to swap to other router The problem with this is, the gateway would always be powered up and pingable even when the internet is down (hurricane knocks out outdoor fiber lines)...
by joegoldman
Wed Apr 21, 2021 3:16 am
Forum: Forwarding Protocols
Topic: VRRP trigger from lost internet connection
Replies: 5
Views: 1799

Re: VRRP trigger from lost internet connection

You'd have to put some checks and balances in there. This is why I said it is setup specific. If you have PPPoE - you could try using on/off scripts in the ppp profile section so a script is run as PPPoE Client goes online and offline. If you have Static IP hand-off, you could try pinging your gatew...
by joegoldman
Wed Apr 21, 2021 3:12 am
Forum: General
Topic: cacti monitoring interface bandwidth
Replies: 1
Views: 540

Re: cacti monitoring interface bandwidth

While the Mikrotik template comes with an interface graph - you can use the cacti inbuilt NET-SNMP templates for interface counters too which do include Megabits per second (in 64bit as well). All my interfaces are using the default cacti SNMP graphs - and I use the Mikrotik template to get stats fo...
by joegoldman
Mon Apr 19, 2021 3:56 am
Forum: Forwarding Protocols
Topic: VRRP trigger from lost internet connection
Replies: 5
Views: 1799

Re: VRRP trigger from lost internet connection

Depending on how your internet works - probably a Netwatch script that then modifies VRRP priorities to force the other one to take over Master
by joegoldman
Fri Apr 16, 2021 2:40 am
Forum: General
Topic: Cloutik feedback ?
Replies: 16
Views: 2140

Re: Cloutik feedback ?

Out of curiousity, how are the "real pro" handling this when you have hundreds of devices to maintain ? All by custom, self developed scripting ? I have self-developed scripts to help with management - but I wouldn't be closed to an application like Cloutik that you linked - but my requir...
by joegoldman
Wed Apr 14, 2021 1:45 am
Forum: General
Topic: Cloutik feedback ?
Replies: 16
Views: 2140

Re: Cloutik feedback ?

You could do the same, by essentially running a VPS and having all your mikrotiks VPN back to it or send info / run scripts. Its putting control (And a lot of information) in someone elses hands If you are having large outages - then its useless Cost is not great - website is poorly made which doesn...
by joegoldman
Wed Apr 14, 2021 1:41 am
Forum: Beginner Basics
Topic: How do I disable (allow all) the firewall completely?
Replies: 1
Views: 601

Re: How do I disable (allow all) the firewall completely?

You can just disable ALL rules in /ip firewall filter - as a stop gap to disable any and all firewall rules related to blocking access. Disabling all shouldn't be an issue - but RouterOS also has a safe mode (For every management type except API) where by you can make these changes and if you are ki...
by joegoldman
Mon Apr 12, 2021 5:28 am
Forum: Forwarding Protocols
Topic: PBR - issues
Replies: 3
Views: 1735

Re: PBR - issues

Please post full /export (hide any info you feel you need to) so people can review it
by joegoldman
Thu Apr 01, 2021 12:46 am
Forum: Forwarding Protocols
Topic: BGP STATIC ROUTE BUG
Replies: 1
Views: 1324

Re: BGP STATIC ROUTE BUG

You would have to provide an /export output for us to even begin to try and help.
by joegoldman
Thu Apr 01, 2021 12:45 am
Forum: General
Topic: Simple queue is detecting traffic but not limiting it
Replies: 2
Views: 538

Re: Simple queue is detecting traffic but not limiting it

You would have to provide an /export output for us to even begin to try and help.
by joegoldman
Fri Mar 26, 2021 1:21 am
Forum: General
Topic: How to search a large IP Firewall Address List?
Replies: 5
Views: 940

Re: How to search a large IP Firewall Address List?

Its not so much a bug as it is just a missing feature. The filter list in winbox gui only allows the order of the command one way - set out by the way the fields are set out i.e. "where address in 1.2.3.4" vs the opposite way that you actually want "where 1.2.3.4 in address" So t...
by joegoldman
Wed Mar 24, 2021 11:44 pm
Forum: RouterOS v7 BETA
Topic: OSPF Cost
Replies: 4
Views: 1264

Re: OSPF Cost

You can also set default cost under instance - which will be the cost given to 'Dynamic' interfaces (entries under routing -> ospf -> interfaces created dynamically due to network statements etc) - to set individual cost per interface you'll have to move them to being a static entry.
by joegoldman
Wed Mar 24, 2021 11:43 pm
Forum: Beginner Basics
Topic: Prevent Created Hotspot Users from using trial
Replies: 4
Views: 693

Re: Prevent Created Hotspot Users from using trial

Ideally you can't - if trial is available then registered users could potentially use the trial period over and over - or you could move to something like MAC based auth/cookies to help avoid it - but then any secondary devices etc may need their own account - or in cases like iphones where they cha...
by joegoldman
Thu Mar 18, 2021 7:39 am
Forum: General
Topic: Down Interface responds to ping?
Replies: 0
Views: 376

Down Interface responds to ping?

Hi Team, I applied an IP address (in a /30) to a downed interface on an RB1100x4 (running long-term 6.47.9) - the route was listed as DC (not active), the whole /24 that this IP happens to be in is routed to this router, but before the cable was plugged in the IP started responding to ping - i.e. th...
by joegoldman
Thu Mar 11, 2021 3:04 am
Forum: Forwarding Protocols
Topic: OSPF force gateway from BGP
Replies: 2
Views: 1005

Re: OSPF force gateway from BGP

Hope this makes sense - and happy to learn of some possible solutions. This might be a solution for you: https://www.computerweekly.com/tip/Scale-your-backbone-with-core-MPLS-BGP-on-the-edge The article is old but the information is still correct. Thats a pretty big network wide change -we have pla...
by joegoldman
Thu Mar 11, 2021 1:35 am
Forum: Forwarding Protocols
Topic: OSPF force gateway from BGP
Replies: 2
Views: 1005

OSPF force gateway from BGP

Hi Forum, Not sure I worded the title right - but looking for a solution to my issue. Consider a WISP network map of various towers linked together (not a 'FULL MESH' but rather random PtP links to create some triangles / loops etc) We run OSPF between all these sites - and it runs quite well - and ...
by joegoldman
Thu Mar 04, 2021 12:07 am
Forum: Beginner Basics
Topic: Setting up 1Gbps MGMT port on CRS317 and CCR2004 for out of band management
Replies: 6
Views: 714

Re: Setting up 1Gbps MGMT port on CRS317 and CCR2004 for out of band management

If it needs a separate default route and you can't use NAT or other rules for OOB to 'trick' it - then you'll need to use VRFs Keep in mind that management services DO NOT listen in VRF's - so you'll need to make the 'main' route table your management one, and create a separate vrf for normal/custom...
by joegoldman
Tue Mar 02, 2021 10:57 am
Forum: General
Topic: ASK [vpls PW]
Replies: 8
Views: 746

Re: ASK [vpls PW]

pretend is long cable but virtual.
by joegoldman
Tue Mar 02, 2021 7:51 am
Forum: Forwarding Protocols
Topic: OSPF priority for dynamic Interfaces
Replies: 4
Views: 1248

Re: OSPF priority for dynamic Interfaces

If there is no static entry in OSPF interface configuration, then parameters are taken from "all" entry. So you can adjust priority there to have all dynamic interfaces needed priority,
Would be good if we could make rules based on interface lists ;)
by joegoldman
Tue Mar 02, 2021 7:48 am
Forum: General
Topic: ASK [vpls PW]
Replies: 8
Views: 746

Re: ASK [vpls PW]

https://en.wikipedia.org/wiki/Virtual_private_network Pseudowire on there refers more to old technologies (such as ATM) but same principal applies (and is kind of in the name) pseudo - not genuine; spurious or sham So psuedo wire is 'not a real wire' meaning it emulates as if you had a direct connec...
by joegoldman
Tue Mar 02, 2021 2:50 am
Forum: Beginner Basics
Topic: Mikrotik - Enable Split Tunnel on L2TP VPN
Replies: 5
Views: 1361

Re: Mikrotik - Enable Split Tunnel on L2TP VPN

L2TP VPN is a PPP style protocol in which the IP handed out is not a subnet but a /32 technically - so no broadcast and ARP learning exists, and the client machine does not generally enable a route for the remote subnet. If you clear use remote default gateway - you'll need to add routes specificall...
by joegoldman
Tue Mar 02, 2021 2:45 am
Forum: General
Topic: winbox multiple instances/databases
Replies: 5
Views: 496

Re: winbox multiple instances/databases

Someone on here successfully modified winbox in a hex editor to change default port - you could potentially modify the default database path and run one unmodified and one modified Beyond that - keeping your databases separate and import the right one each time you wanna swap between them is the onl...
by joegoldman
Sat Feb 27, 2021 3:14 am
Forum: Forwarding Protocols
Topic: Default Route advertisement eBGP failover
Replies: 9
Views: 1336

Re: Default Route advertisement eBGP failover

Only suggestion (which shouldn't change much) dont specify a prefix length on your default route accept rules - currently it appears to be '0' but try it with nothing specified / that field disabled (can't remember how to do this CLI but can change that on Winbox/Webfig) Other than that it'd require...
by joegoldman
Fri Feb 26, 2021 2:16 am
Forum: General
Topic: Winbox glitch
Replies: 15
Views: 2046

Re: Winbox glitch

Is this on a laptop using a trackpad?

If so - does the problem still happen if you plug in a mouse and try that way?
by joegoldman
Thu Feb 25, 2021 11:10 pm
Forum: General
Topic: Winbox glitch
Replies: 15
Views: 2046

Re: Winbox glitch

Are you using it on windows? Or another OS with WINE? Never had the problem with Windows - but have had 'similar' problems on WINE based installs (such as on my Ubuntu laptop) - nothing as bad as your describing - but generally updating WINE to the latest stable tends to help especially if you haven...
by joegoldman
Thu Feb 25, 2021 11:08 pm
Forum: Forwarding Protocols
Topic: OSPF priority for dynamic Interfaces
Replies: 4
Views: 1248

Re: OSPF priority for dynamic Interfaces

Depends what you mean by dynamic in OSPF - a dynamic interface can be created within OSPF based on Network addition (including physical interfaces) - is this the dynamic interface you mean? If so you will need to move the physical interfaces to 'static' and add your path cost etc. If you are talking...
by joegoldman
Thu Feb 25, 2021 11:04 pm
Forum: General
Topic: Cannot Use Multiple IPs
Replies: 13
Views: 1254

Re: Cannot Use Multiple IPs

No, it should not... If you try to ping "internet" from your broadcast address it works! Hrmm - can depend on vendor - some simply won't pass traffic to the defined network or broadcast address when actually configured as that subnet. If x.x.x.248/29 was actually routed via an interconnec...
by joegoldman
Thu Feb 25, 2021 10:28 pm
Forum: Forwarding Protocols
Topic: Default Route advertisement eBGP failover
Replies: 9
Views: 1336

Re: Default Route advertisement eBGP failover

You'd need to show your export (of at least /routing (including bgp and filters)) for us to start to understand what and why it should happen - and why it may not be. You may be filtering it out. You may have peer config slightly off. In a general scenario - Tower3 should still install a default rou...
by joegoldman
Mon Feb 22, 2021 10:59 pm
Forum: Beginner Basics
Topic: Rename interface: to what port is it connected to?
Replies: 5
Views: 567

Re: Rename interface: to what port is it connected to?

You can also use MAC address to determine - lowest will be first port, highest will be last port. But I find it better practice to have a naming scheme - where ether1 is the port - change it to 'ether1-WAN' or 'ether1-ISP' or 'ether1-Haus' - or some combo of the same to keep the interface type and n...
by joegoldman
Mon Feb 22, 2021 6:11 am
Forum: General
Topic: IP > Service > winbox/www - Not Able to Use DNS?
Replies: 3
Views: 386

Re: IP > Service > winbox/www - Not Able to Use DNS?

because people don't come 'from' DNS - i suppose sure you could put DNS record in there and have it resolve forward at a specific time or in intervals - or its possible to have it perhaps lookup PTR on an IP to see if it matches that field - but this is used primarily as a 'firewall' to stop auth fr...
by joegoldman
Mon Feb 22, 2021 1:12 am
Forum: General
Topic: Mikrotik BOX
Replies: 1
Views: 288

Re: Mikrotik BOX

I believe its an internal tool used by the staff - it is a self-hosted 'dropbox' style program where staff can give unique, expirable links etc for quick links to test versions or other files in the course of support tickets etc. I use something similar for my personal stuff using Nextcloud - not su...
by joegoldman
Mon Feb 08, 2021 12:09 am
Forum: Forwarding Protocols
Topic: BGP-Prefix anncouning problem
Replies: 1
Views: 613

Re: BGP-Prefix anncouning problem

We would need to see an export of your /routing bgp and /routing filters to start to help. Are you using summary routes? BGP Networks tab? Does the /22 exist in your route table? Does the /24 exist in your route table? If the /24 is learned by other BGP, does your instance have redistribute other BG...
by joegoldman
Sun Feb 07, 2021 1:32 am
Forum: Wireless Networking
Topic: Mikrotik LHG60 can be used 70.20 GHz frequency?
Replies: 5
Views: 1054

Re: Mikrotik LHG60 can be used 70.20 GHz frequency

I hope that Mikrotik will unlock more frequencies for LHG60, considering that the frequencies that are at 70 GHz have considerably less attenuation of radio waves in dB/km. And it is possible to achieve a more stable link at greater distances. The better frequencies are also generally reserved for ...
by joegoldman
Wed Jan 27, 2021 10:52 pm
Forum: Forwarding Protocols
Topic: BGP Advertise specific route only to a specific peer
Replies: 5
Views: 1099

Re: BGP Advertise specific route only to a specific peer

As a side note, instance out filter (bgp-out) is not working as it should. Normally it should be the global bgp-out filter, but it is not working at all when peers have different out filters set. I hope it gets fixed or maybe I am doing something wrong. Thanks a lot for the help. From the wiki : Ou...
by joegoldman
Fri Jan 22, 2021 5:59 am
Forum: General
Topic: Problem with IP/address and IP/route pref-source need some help
Replies: 2
Views: 518

Re: Problem with IP/address and IP/route pref-source need some help

On the connecting device (the other end of the wireless link) can you use mac-telnet or similar to achieve CLI access? the mac-protocols do not require active and correct subnetting to see their neighbors. Alternatively, you could configure yourself on the other end within the same subnet you placed...
by joegoldman
Thu Jan 21, 2021 10:59 pm
Forum: General
Topic: [Request] Winbox Default Port
Replies: 8
Views: 1087

Re: [Request] Winbox Default Port

The idea was to set in winbox the default port it will try to connect to. This way I could still use the same old method that is typing only IP address in the "Connect To:" field without saving the host in the Managed list (for security reasons) Whats insecure about having it in the manag...
by joegoldman
Wed Jan 20, 2021 6:55 am
Forum: General
Topic: [Request] Winbox Default Port
Replies: 8
Views: 1087

Re: [Request] Winbox Default Port

Without defining the port it will always use the default - but you can save your devices in the managed list with the port specified - you can save without password and add it in when you want to connect.
by joegoldman
Tue Jan 19, 2021 8:13 am
Forum: Forwarding Protocols
Topic: BGP Advertise specific route only to a specific peer
Replies: 5
Views: 1099

Re: BGP Advertise specific route only to a specific peer

Ok thanks. So for that specific prefix in filters; I will just make chain = peer2-out , prefix= x.x.x.x/24, action = accept ? And chain = peer1-out, prefix = x.x.x.x/24, action = discard ? Essentially yes - but if i remember correctly if there's no rule to 'reject' your other prefixes then they wil...
by joegoldman
Tue Jan 19, 2021 5:39 am
Forum: RouterBOARD hardware
Topic: CSS610-8G-2S+IN - POE Version planned ?
Replies: 2
Views: 829

Re: CSS610-8G-2S+IN - POE Version planned ?

If you watch this video:

https://www.youtube.com/watch?v=Xh3oQKcMOmg

He indicates that the PCB has blank spots for extra POE components and theorises there's likely a POE version to come (shows the PCB as well)
by joegoldman
Tue Jan 19, 2021 5:37 am
Forum: The User Manager
Topic: Transparent Proxy
Replies: 1
Views: 1810

Re: Transparent Proxy

web proxy can not blacklist domain names for ssl/https transparently - which most modern sites use now no matter what. Non-transparent proxy gets around this by inspecting the CONNECT request sent to proxy-aware clients - but then can only filter based on domain (not subdir/querystring, e.g. 'facebo...
by joegoldman
Tue Jan 19, 2021 5:21 am
Forum: General
Topic: RouterOS .backup to .rsc/text
Replies: 4
Views: 781

Re: RouterOS .backup to .rsc/text

https://github.com/BigNerd95/RouterOS-Backup-Tools

Might help - other then that I believe support may have internal tools to extract info from backup as long as it isn't encrypted.
by joegoldman
Thu Jan 14, 2021 7:21 am
Forum: General
Topic: Has RouterOS been ripped off?
Replies: 2
Views: 541

Re: Has RouterOS been ripped off?

There is licensing - and branding packages available to routeros users. Depending how much you want to spend - im sure there's no limit to the amount of customisation you can ask for. It is more likely this is branded RouterOS as a commercial customer - and they are using integrated boards in their ...
by joegoldman
Tue Jan 05, 2021 11:02 pm
Forum: Forwarding Protocols
Topic: OSPF Default Route
Replies: 4
Views: 1045

Re: OSPF Default Route

Depending on the setup - VRF's are also another option, where if the (many) subnets are on their own subinterfaces you could potentially have vrf1 using gw1, vrf2 using gw2, and assign the sub interface to the appropriate vrf based on which gateway they need to use. This introduces other issues such...
by joegoldman
Tue Jan 05, 2021 10:58 pm
Forum: General
Topic: ip flow ingress cisco and Mikrotik
Replies: 1
Views: 498

Re: ip flow ingress cisco and Mikrotik

ip flow command is just telling the cisco router what interfaces to watch for netflow/sflow exporting and has no bearing on the connection itself. You'd have to supply config for both the Cisco interface (sh run int <intname>) And the Mikrotik interface (/int gre export) Then we might be able to hel...
by joegoldman
Tue Jan 05, 2021 8:14 am
Forum: Scripting
Topic: Search and select best AP !!!
Replies: 3
Views: 668

Re: Search and select best AP !!!

What your asking is very vague. What are the client device types? What values do you want to compare, and what weight are each given? (i.e. how do you define the 'best' AP) For values that aren't detectable by an unconnected client, how do you intend to transmit those values to them? There's a lot o...
by joegoldman
Mon Nov 16, 2020 11:20 pm
Forum: General
Topic: Uptime rollover bug/SNMP
Replies: 3
Views: 584

Re: Uptime rollover bug/SNMP

497 days is a long time to go without security upgrades etc. Perhaps set up a yearly maintenance and upgrade cycle. Or at the least - have SNMP monitoring start warning at day 450, and become critical at day 480. Who knows - maybe uptime is 64bit int in newer version of RouterOS - a lot of new versi...
by joegoldman
Wed Oct 14, 2020 3:59 am
Forum: Beginner Basics
Topic: Accidently, I removed Interface ether1.
Replies: 5
Views: 930

Re: Accidently, I removed Interface ether1.


Is that even possible Normis? To remove the ethernet interface itself?
One would possibly assume accidentally removed it from the default bridge - which is why the device model is important - might be best to factory reset the device.
by joegoldman
Thu Oct 01, 2020 3:35 am
Forum: RouterBOARD hardware
Topic: NBN router for Australia
Replies: 4
Views: 1293

Re: NBN router for Australia

Hi Lui, RBM33G is an odd choice - and more an integrator part - Mikrotik have much more fully fledged Home/SOHO offerings (see hAP range) NBN in Australia is not a ubiquitous network (no not ubiquiti :P) in that it uses a mix of technologies from Fixed Wireless, to VDSL (FTTN,FTTC), HFC, Satellite a...
by joegoldman
Tue Sep 29, 2020 7:22 am
Forum: General
Topic: Reverse proxy (like nginx) in Mikrotik
Replies: 2
Views: 4334

Re: Reverse proxy (like nginx) in Mikrotik

No. Well maybe with L7 rules but I don't think so. And its not best to put reverse proxy in a router. Its not an all-in-one box, its a router. If you have control over both servers (nginx or apache) set one as the primary, and create a virtualhost for the other and reverse proxy from server 1 to ser...
by joegoldman
Tue Sep 22, 2020 3:33 am
Forum: General
Topic: PPPoE creation and PPPoE scan
Replies: 7
Views: 915

Re: PPPoE creation and PPPoE scan

you 100% can run multiple PPPoE servers on a single downstream interface - this is precisely why 'Service Name' was invented - so based on which service tag was issued it'd know which PPPoE server it was for. Why you are only seeing one, I don't know - might have something to do with the scan tool o...
by joegoldman
Fri Sep 18, 2020 9:04 am
Forum: General
Topic: Scheduler Reboot features not executing [SOLVED]
Replies: 4
Views: 663

Re: Scheduler Reboot features not executing [SOLVED]

Which will suck if Cloudflare DNS ever has a outage in their area :P Gotta be careful with watchdog ping - something in your control that you can move around is usually better, for instance I use a VRRP IP on 2 of my core routers so if a remote routers watchdog ping to that goes down either my whole...
by joegoldman
Fri Sep 18, 2020 5:17 am
Forum: General
Topic: Scheduler Reboot features not executing [SOLVED]
Replies: 4
Views: 663

Re: Scheduler Reboot features not executing [SOLVED]

Those checkboxes are the scripts 'permissions' so to speak, so you've given that script permission to do a reboot, but you still must have a script to do the reboot.
/system reboot
edit: You'll probably also want to set the interval to 1d as well if im not mistaken.
by joegoldman
Mon Sep 14, 2020 10:26 am
Forum: Announcements
Topic: v6.46.7 [long-term] is released!
Replies: 45
Views: 14920

Re: v6.46.7 [long-term] is released!

Hi Shouldn't we be seeing the changelog from 6.45.9 to 6.46.7 not from 6.46.6 ? Going up a major version in a long-term release should be looked over a bit more carefully before we take the plunge. Also what is the process for 'upgrading' a routerboard that does not have direct internet access from ...
by joegoldman
Wed Sep 09, 2020 2:09 pm
Forum: General
Topic: Multiple queues for pppoe user
Replies: 5
Views: 1096

Re: Multiple queues for pppoe user

Because you are dynamically creating queue from ppp profile - traffic matches that first and is used so never hits the other queue. I haven't tried this solution before but your better bet is probably to make both queue's 'static' i.e. created and packet mark individually (or packet mark one then ha...
by joegoldman
Tue Sep 01, 2020 3:02 am
Forum: Announcements
Topic: WinBox v3.25 released!
Replies: 68
Views: 11692

Re: WinBox v3.25 released!

Problems with Winbox UI I'd like to see fixed 1) Category Grouping Happening for quite a while, it used to work as expected - the 'Show Categories' grouping only bases and groups based on 'First Character' (on any field), for instance if I have 5 routers with Username 'joe' and 5 routes with usernam...
by joegoldman
Thu Aug 27, 2020 1:12 am
Forum: RouterOS v7 BETA
Topic: Y u no can specify an interface in routers like you used to be able to?
Replies: 5
Views: 887

Re: Y u no can specify an interface in routers like you used to be able to?

More info required. What are you trying to do. What version are you running. What hardware are you running.
by joegoldman
Wed Aug 26, 2020 2:36 am
Forum: General
Topic: Router overhead
Replies: 2
Views: 440

Re: Router overhead

Its not just the router - remember that those speedtests generally show your average speed over the span of the test, so if you took a few seconds to ramp up to 100mbps, then the few seconds at lower speeds are then factored into your average. Along with that you have overhead in whatever protocol t...
by joegoldman
Wed Aug 26, 2020 2:30 am
Forum: General
Topic: Architecture and growth - how to know when to change
Replies: 7
Views: 1766

Re: Architecture and growth - how to know when to change

I think you are also expecting too much of sub-set services. The CCR's are not made to be an ISP grade DNS resolver. DNS server is mostly built in to do its own lookups - and recursive for local cache in the stance of home/smb/corporate. When you are talking 100's or 1000's of clients, and waterfall...
by joegoldman
Mon Aug 24, 2020 2:12 am
Forum: General
Topic: 2 BRAS With Same IP pool LIST
Replies: 7
Views: 1626

Re: 2 BRAS With Same IP pool LIST

RADIUS is the only answer if you want to use overlapping pool on both BRAS - which is common if using public IPv4 due to IP availability. You could potentially have scripts running to help manage this but it'd be messy and not fool proof so not great. RADIUS can manage a pool though if you don't wan...
by joegoldman
Fri Aug 14, 2020 7:48 am
Forum: Beginner Basics
Topic: Aggregate 2 CRS 125 24G 1S switches
Replies: 2
Views: 953

Re: Aggregate 2 CRS 125 24G 1S switches

They do not support stacking. You design this as a L2 network with whats required. Safest way is probably to plug 2nd switch into next port on router place the 2 switch uplinks on the router into a bridge and move any sub-interfaces(vlans) to that bridge interface, so the VLAN's span across the 2 sw...
by joegoldman
Wed Aug 12, 2020 9:41 am
Forum: General
Topic: Nth Load balancing -Slow speed
Replies: 7
Views: 1595

Re: Nth Load balancing -Slow speed

As said above - load balancing per packet or similar systems won't work well on jittery connections - your best bet to use the 6mbit combined is to do it per connection, so a stream always uses only 1 SIM, and yes means that one stream is limited to 3mb, but as more connections happen it will balanc...
by joegoldman
Thu Aug 06, 2020 1:57 am
Forum: RouterBOARD hardware
Topic: The big CCR2004 reboot thread (was 2004 hardware issues?)
Replies: 301
Views: 39798

Re: 2004 hardware issues?

Something like this is better sent to support@mikrotik.com to start a real case - this is a discussion forum not a proper support channel.
by joegoldman
Wed Jul 29, 2020 12:52 am
Forum: Beginner Basics
Topic: Different VLAN SVIs?
Replies: 2
Views: 987

Re: Different VLAN SVIs?

SVI, from my understanding, is jut a L3 interface for L2 VLAN to attach. Similar concept in RouterOS would be bridges, and assigning ports/vlan interfaces to the bridge, the bridge interface is now the 'SVI'. Depending on your device depends on how you'd do this though. Your better bet would be to s...
by joegoldman
Wed Jun 10, 2020 5:58 am
Forum: General
Topic: ccr1036 shutdown with smart plug - schedule on/off
Replies: 2
Views: 645

Re: ccr1036 shutdown with smart plug - schedule on/off

Will not damage turning off an on too bad. There is a shutdown process in RouterOS that you could use 10 mins before you turn off smart plug, but it sounds like a residential install which a 1036 is SUPER overpowered for, why not replace with a 3011 or ccr1009 that has passive cooling only or someth...
by joegoldman
Thu May 28, 2020 2:51 am
Forum: Announcements
Topic: Winbox v3.24 released!
Replies: 106
Views: 67339

Re: Winbox v3.24 released!

It'd be really great if you can fix group sorting I put all my routers into groups, then I sort by group and go 'Show Categories' - this used to work in that it would be unique per group, but for the last few releases it does it by first letter, so if I have a heap of Client1 Client1 Client2 Client2...
by joegoldman
Wed Apr 29, 2020 2:09 pm
Forum: Announcements
Topic: MikroTik newsletter May 2020 (#95)
Replies: 50
Views: 32082

Re: MikroTik newsletter May 2020 (#95)

Will CCR2X series come out straight with ROSv7 or will it be part of the v6 family first?
by joegoldman
Wed Apr 29, 2020 4:48 am
Forum: Beginner Basics
Topic: pleas help me [SOLVED]
Replies: 5
Views: 3142

Re: pleas help me [SOLVED]

It is always Best practice not to use your real Public IPs as an example... Your ISP gave you a /30 Subnet Block, lets say X.Y.Z.136/30 ... One of there addresses, usually the first one, so the 176.74.123.137 will be used by your ISP. The second one 176.74.123.138 must be used by you and setup on t...
by joegoldman
Mon Apr 06, 2020 2:36 pm
Forum: General
Topic: Fighting spam with a standard firewall
Replies: 10
Views: 2575

Re: Fighting spam with a standard firewall

Can you be more specific on what type of spam you are concerned about?? How to autodetect infected or spammer users what criteria do you want to be blocking them based on? You could monitor connection limits on standard ports and block users if they are connecting too much, but usually spam is dete...
by joegoldman
Mon Apr 06, 2020 2:22 pm
Forum: General
Topic: VRF basics - layer 3 separation
Replies: 2
Views: 1397

Re: VRF basics - layer 3 separation

In outside relation to your actual issue - please be aware that management services in RouterOS are not VRF aware and will not talk back to you via the VRF even if you can connect to it via that.

Your best bet is to leave main as management and create customer VRF's on top.
by joegoldman
Sun Mar 29, 2020 7:26 am
Forum: General
Topic: why
Replies: 4
Views: 1750

Re: why

Using quick set - you are correct changing subnet will delete the existing IP on it that you are likely connected through. You can get around this with mac-winbox (connect via MAC address not IP) that way IP's changing doesn't matter Or do it manually, dualstacking both IP's until you have the new o...
by joegoldman
Fri Mar 20, 2020 2:54 pm
Forum: Beginner Basics
Topic: L2TP/IPSec and Windows 10 road warriors
Replies: 4
Views: 2621

Re: L2TP/IPSec and Windows 10 road warriors

I literally configured mine by starting from default config and going into PPP->L2TP server settings and ticking use IPSec, and then whatever config was default in /ip ipsec area. Maybe export what you have and give some sample of your logs of failed logins and we can help identify whats wrong.
by joegoldman
Fri Mar 20, 2020 2:51 pm
Forum: General
Topic: Winbox save custom layout
Replies: 1
Views: 1033

Re: Winbox save custom layout

Yes. Things are saved in 'Sessions' Usually it is a unique session by IP address you are connecting to, and it auto saves by default when you log out So when you log back into the same router - It will load what you had opened when you left. I prefer to have auto save OFF - and I logged in to a test...
by joegoldman
Fri Mar 20, 2020 2:13 pm
Forum: Forwarding Protocols
Topic: no enforce-first-as in RouterOS?
Replies: 10
Views: 4395

Re: no enforce-first-as in RouterOS?

hello,
Please what is the mikrotik equivalent of "no bgp enforce-first-as" on cisco
This very thread explains the equivalent (none). Read it.
by joegoldman
Fri Mar 20, 2020 11:50 am
Forum: Wireless Networking
Topic: CAPsman - Is this possible ?? [SOLVED]
Replies: 12
Views: 6026

Re: CAPsman - Is this possible ?? [SOLVED]

Make a security config in capsman (Security Cfg. tab) Have that as your master password Under COnfigurations, create a config for each SSID Make each config reference the one Security config for their security (Top option under Security tab in new config window) Assign the different configs to the d...
by joegoldman
Wed Mar 18, 2020 12:12 am
Forum: Announcements
Topic: Photos of towers and masts
Replies: 81
Views: 39722

Re: Photos of towers and masts

Not a big mikrotik install - we use Mikrotik routers everywhere but not so much wireless gear for various reasons. However we have started using the new 60ghz products for short haul stuff - here is a recent install with redundant links (60ghz to about 600m away, airfiber for a few km away) https://...
by joegoldman
Mon Jan 13, 2020 5:14 am
Forum: Beginner Basics
Topic: MultiCast between VLANS (Chromecast vlan1) to/from (PC/Mobile vlan2)
Replies: 13
Views: 5960

Re: MultiCast between VLANS (Chromecast vlan1) to/from (PC/Mobile vlan2)

No there is no real way to do this - unless you properly bridge the VLAN's making them 1 big broadcast domain anyways in a sense. The correct way it seems is to use an avahi reflector so a server that has visibility to both networks and just relays the discovery packets between them. From my underst...
by joegoldman
Thu Jan 09, 2020 3:53 am
Forum: General
Topic: CCR1036 DC input?
Replies: 6
Views: 1891

Re: CCR1036 DC input?

We used 2 separate standalone generic 24v PSU's.

We actually crammed 4x24v PSU's in a 1RU box - to power 2x CCR1036's. The box had A+B AC feed, and each AC feed powered 2x PSU's, then one PSU from each feed into each CCR.
by joegoldman
Thu Jan 09, 2020 3:50 am
Forum: General
Topic: Filter Rule slow speed with it enabled.
Replies: 5
Views: 1301

Re: Filter Rule slow speed with it enabled.

Try use src-address or src-address-list to limit the rule only to certain IPs or just your LAN ips so its only checking outgoing connections and not incoming as well. With it enabled, how many hits is it getting (open it up and you will see the packets per second rate on the rule) Why are you just b...
by joegoldman
Tue Jan 07, 2020 12:45 am
Forum: Beginner Basics
Topic: NAT with multiple public IP
Replies: 1
Views: 3140

Re: NAT with multiple public IP

You will also need hairpin nat

https://wiki.mikrotik.com/wiki/Hairpin_NAT
by joegoldman
Fri Jan 03, 2020 8:11 am
Forum: General
Topic: Filter Rule slow speed with it enabled.
Replies: 5
Views: 1301

Re: Filter Rule slow speed with it enabled.

So many questions here. What is the router you are using? What is the filter rule? With it enabled, how many hits is it getting (open it up and you will see the packets per second rate on the rule) Why are you just blocking it rather than finding and fixing the offending machine(s)? (Or is this ISP/...
by joegoldman
Fri Jan 03, 2020 8:06 am
Forum: General
Topic: Starting small ISP Project
Replies: 2
Views: 812

Re: Starting small ISP Project

Generally, you use PPPoE (or IPoE which is just a cut down DHCP server in a lot of ways) with RADIUS accounting. You can do this with your own billing package or you can use usermanager which is a mikrotik available package. Usermanager is limited in its features and billing, its generally a lot mor...
by joegoldman
Wed Jan 01, 2020 11:14 am
Forum: Scripting
Topic: what port except gaming port ? [SOLVED]
Replies: 2
Views: 3404

Re: what port except gaming port ? [SOLVED]

just do where dst-port != <gaming port>

Gaming port will be dependant on the game, and ther emight be a few. YOu'll have to research for each game.

Then you can put a matcher for high priority on dst-port = and a lower a priority on dst-port != or something
by joegoldman
Tue Dec 31, 2019 12:02 am
Forum: RouterOS v7 BETA
Topic: ROS-7-xxx-Dev--X86-64Bit-BGP
Replies: 3
Views: 3812

Re: ROS-7-xxx-Dev--X86-64Bit-BGP

It's still beta. They are testing function by function. There will be no set date. Wait until first release candidate if you want feature parity to ROS6 , ROS7 beta's will likely go for a long time.
by joegoldman
Wed Dec 18, 2019 11:44 pm
Forum: Beginner Basics
Topic: Factory Reset Mikrotik Router - Lost internet
Replies: 6
Views: 1531

Re: Factory Reset Mikrotik Router - Lost internet

You will need to reconfigure to suit your ISP, you may need to call them and ask them, do you need DHCP on the WAN, do you need PPPoE, set up the WAN then set up NAT etc - a lot of it may be possible through quick set, you'll just need to know what is needed from your ISP.
by joegoldman
Wed Dec 18, 2019 12:00 pm
Forum: General
Topic: Port 80/443 block, except few Microsoft dev sources
Replies: 8
Views: 1503

Re: Port 80/443 block, except few Microsoft dev sources

This is more a job for a content firewall but it may be possble with some L7 matching rules - they are taxing on the router CPU so depends how much traffic you have but should be possible with some management overhead.
by joegoldman
Wed Dec 18, 2019 9:35 am
Forum: Beginner Basics
Topic: Publishing multiple web servers
Replies: 3
Views: 1619

Re: Publishing multiple web servers

Dont know about TMG - but a slimline NGINX reverse proxy running on even a RPi (or small VM if you have VM hardware) is your only bet to route via host header. The Mikrotik only see's the TCP stream and can't really jump into the packets and determine host header - thats read by the webserver when i...
by joegoldman
Sun Dec 15, 2019 9:18 am
Forum: RouterBOARD hardware
Topic: CCR1036-8G-2S+EM physical ethernet port, where to get?
Replies: 5
Views: 3370

Re: CCR1036-8G-2S+EM physical ethernet port, where to get?

If everything else works besides that port - I think your best bet is to just accept the loss and run one port down, and plan on buying a new one. If you really need the extra port(s) perhaps look at a cheap-ish managed switch and breakout from that using VLAN's. I believe the level of repair you ar...
by joegoldman
Wed Dec 11, 2019 8:59 am
Forum: Announcements
Topic: v6.47beta [testing] is released!
Replies: 269
Views: 142335

Re: v6.47beta [testing] is released!

In v6.47beta there is a new menu added - "/system health gauges". You should use this for polling "Health" related data from all the RouterBOARDs.
Does this come with new associated MIBs / OID's? Or more for polling via API?
by joegoldman
Wed Dec 11, 2019 7:31 am
Forum: Wireless Networking
Topic: LHG60 with 5Ghz Backup
Replies: 21
Views: 5247

Re: LHG60 with 5Ghz Backup

If you happen to use Extreme switches, I found the PERFECT solution. Port Redundancy. Or an open standard like most switches LACP in an active/backup mode. Or could use multiple links into routers and OSPF cost metrics or MPLS with traffic engineering. There are multiple solutions to the problem, b...
by joegoldman
Wed Dec 11, 2019 4:01 am
Forum: RouterBOARD hardware
Topic: What is your opinion of Mikrotik routers?
Replies: 3
Views: 3230

Re: What is your opinion of Mikrotik routers?

As routers, like you said, their benefit comes in flexibility and price. Any model can do just about anything, i.e. tiny little $40 routers doing OSPF, BGP, MPLS etc. Once you know RouterOS you can do a lot. YOu just have to be more mindful of your updates, a bit more overhead in management and chan...
by joegoldman
Wed Dec 11, 2019 3:52 am
Forum: General
Topic: Limit Instagram App Speed
Replies: 4
Views: 1596

Re: Limit Instagram App Speed

It would work for a while but these domains have many IP's and could be routed to many endpoints. Your better bet would be some kind of L7 matching rule to get the domain and/or the CDN domains underneath, perhaps capture traffic on a few instagram app processes and see what domains it hits for data...
by joegoldman
Tue Dec 10, 2019 9:54 am
Forum: General
Topic: Cannot connect to services running on LAN machines, from the same LAN
Replies: 2
Views: 777

Re: Cannot connect to services running on LAN machines, from the same LAN

It is more likely this is a host firewall issue - on the same broadcast domain never really hits filter rules unless you have firewall filtering on the bridge interface enabled - within the same LAN it should all keep going. I don't believe this to be a mikrotik problem at all, check firewall on the...
by joegoldman
Tue Dec 10, 2019 8:58 am
Forum: Beginner Basics
Topic: Is it possible to make Mikrotik loop back?
Replies: 5
Views: 1872

Re: Is it possible to make Mikrotik loop back?

What you are looking for is hairpin NAT

https://wiki.mikrotik.com/wiki/Hairpin_NAT
by joegoldman
Sat Dec 07, 2019 7:55 am
Forum: General
Topic: Set Daily download limit
Replies: 1
Views: 694

Re: Set Daily download limit

You will need to use some kind of billing / user system based on RADIUS - the mikrotik built in one would be usermanager - it has very basic features and can integrate with pppoe, hotspot etc, or there are much more feature filled billing systems out there that you can use also.
by joegoldman
Sat Dec 07, 2019 7:54 am
Forum: Forwarding Protocols
Topic: Ospf multi ext gateway
Replies: 2
Views: 2166

Re: Ospf multi ext gateway

Its never too early to implement MPLS. The earlier you do it the less hassle you'll have to endure later. If your hoping to do it purely in OSPF - you will either need to run 2 route tables (VRF's) so they can have different gateways. You can separate the customers by either placing them directly in...
by joegoldman
Fri Nov 29, 2019 4:49 am
Forum: General
Topic: The sad state of OpenVPN
Replies: 12
Views: 5361

Re: The sad state of OpenVPN

Mikrotik were adding new features to OpenVPN in the ROSv7 Beta - so its likely they are going to concentrate on it again - its possible some of the limitations were based on the older kernel and now they putting the newer kernel in they might be able to expand support.
by joegoldman
Tue Nov 26, 2019 2:36 am
Forum: Virtualization
Topic: CHR 6.44.6 with VMWARE 6.7 dont balance cpus
Replies: 12
Views: 4266

Re: CHR 6.44.6 with VMWARE 6.7 dont balance cpus

My answer is still valid. I think you misunderstand CPU loads - you can never really perfectly balance processes among all CPU's. 'Ethernet' could have multiple threads. Thats why you see it on multiple CPU's, and on every CPU 'Firewall' could have multiple threads. Thats why you see it on multiple ...
by joegoldman
Tue Nov 26, 2019 12:32 am
Forum: Wireless Networking
Topic: Can we request for 2 types of firmware? [SOLVED]
Replies: 8
Views: 4919

Re: Can we request for 2 types of firmware? [SOLVED]

This will have a lot to do with moving to v7 on a 4.x kernel. The main reason for the custom drivers with new chipsets would be likely due to backporting to fit the older 2.x kernel that ROSv6 is running on (i believe its 2.x) Very excited for first official build of v7 with feature parity, so we ca...
by joegoldman
Wed Nov 13, 2019 6:54 am
Forum: Virtualization
Topic: CHR 6.44.6 with VMWARE 6.7 dont balance cpus
Replies: 12
Views: 4266

Re: CHR 6.44.6 with VMWARE 6.7 dont balance cpus

It is using all CPU's, you can actually see all but 2 CPU's with 'some' usage on them. In particuluar though it looks like 2 specific threads are busier, and are using a CPU each. A lot of processes in RouterOS are not perfectly multi-threaded. Some processes when they get busy will only use 1 CPU c...
by joegoldman
Sun Nov 10, 2019 12:40 pm
Forum: Wireless Networking
Topic: Chromecast is not discoverable on second AP
Replies: 10
Views: 3468

Re: Chromecast is not discoverable on second AP

they use mDNS / Bonjour protocols, so devices must be on the same broadcast domain - your best bet is to use some sort of proxy device that sits on both LANs and can relay the relevant discovery packets.
by joegoldman
Wed Oct 30, 2019 2:55 am
Forum: General
Topic: Multiple ISP w/ Bandwidth Sensitivity
Replies: 2
Views: 953

Re: Multiple ISP w/ Bandwidth Sensitivity

Yes some of it easier than others, walking you through it is likely a fruitless endeavour as it would require a decent amount of working knowledge. For routing certain devices via one internet connection look at routing marks and route tables to change the route for those singular devices. For your ...
by joegoldman
Mon Oct 28, 2019 1:59 pm
Forum: General
Topic: WAN DHCP Lease Renew Abnormal with NBN
Replies: 11
Views: 3392

Re: WAN DHCP Lease Renew Abnormal with NBN

Even if i request static ip address from ISP, the static ip is also delivered thru DHCP. No...! Ofcorse you can assign that static IP to an interface without the need of a dhcp client... Be sure of what you write before you tout it as gospel - this is DHCP but its mostly IPoE which is not your conv...
by joegoldman
Wed Oct 23, 2019 10:26 pm
Forum: RouterOS v7 BETA
Topic: Scope of v7.0
Replies: 6
Views: 4528

Re: Scope of v7.0

Is the scope of the first release of v7 covered by current beta? In other words is the current beta functionality-wise complete? I believe the plan is to be on parity with latest 6.4x releases - the main difference being its on new kernel and will enable certain performance increases and possible n...
by joegoldman
Wed Oct 23, 2019 1:24 am
Forum: General
Topic: Mikotik routing marks
Replies: 13
Views: 2691

Re: Mikotik routing marks

DO a full /export hide-sensitive so we can get an idea of your full setup.
by joegoldman
Thu Oct 17, 2019 4:55 am
Forum: Beginner Basics
Topic: mikrotik router date and time is false
Replies: 2
Views: 1642

Re: mikrotik router date and time is false

System->Clock to set it manually
System->SNTP Client to set it up to talk to an NTP server to set it automatically.
by joegoldman
Tue Oct 15, 2019 12:37 am
Forum: RouterBOARD hardware
Topic: New High Performance Routers ! ?
Replies: 82
Views: 18299

Re: New High Performance Routers ! ?

I see that it wont be happening at all in the near future. I'd hazard a guess at something by mid-2020, we have QSFP switches now I'm expecting a companion router - and not tile, less cores, more power per core, based on Router OS 7.0 (perhaps even a high powered ARM device given the 7.0beta has be...
by joegoldman
Sat Oct 12, 2019 11:47 am
Forum: Scripting
Topic: Script out entire router configuration or just a section of it?
Replies: 4
Views: 2471

Re: Script out entire router configuration or just a section of it?

Yes for templates I tend to set up a device how I like it and '/export' the entire config then go through it separately and turn certain things into variables with a config section up the top - so its easier and quicker to edit for different routers. I find you need to have a template version per de...
by joegoldman
Sun Sep 29, 2019 1:34 pm
Forum: Wireless Networking
Topic: CAPsMAN 5G and 2G network at same time
Replies: 11
Views: 4617

Re: CAPsMAN 5G and 2G network at same time

Same SSID and password, and let the client decide. There will be very limited cases where devices that wont prefer 5G will need 5G. If they are static devices (such as TV's) then you can ACL them onto 5G but ultimately if they are not bandwidth heavy then it won't really matter all that much.
by joegoldman
Tue Sep 24, 2019 2:48 am
Forum: RouterBOARD hardware
Topic: Recover from "No Default Configuration" System Reset
Replies: 17
Views: 6265

Re: Recover from "No Default Configuration" System Reset

you can also run winbox under wine with mac-winbox working OK - can be a bit iffy but it does work. Sometimes you have to wait for the device to go to link-local address (wont detect the router while still searching for IP) or just set a static IP. Once connection 'established' on your linux box, wi...
by joegoldman
Sun Sep 22, 2019 4:16 am
Forum: General
Topic: CRS 328 SFP+ Speed
Replies: 5
Views: 1559

Re: CRS 328 SFP+ Speed

Theoretically - as long as the disks in the NAS etc can sustain 10gbps, then yes the switch will forward 10gbps as long as its properly configured to use the switch chip.

When it's using the switch chip, it will forward traffic at full wire speed.
by joegoldman
Sat Sep 21, 2019 4:51 pm
Forum: General
Topic: CRS 328 SFP+ Speed
Replies: 5
Views: 1559

Re: CRS 328 SFP+ Speed

As ste is alluding to - the CRS is for switching, traffic generator would require the packets to hit the CPU and not be handled purely in switch chip. TO test speed of your CRS328 you would need something out another port to push to the CCR1009, so you are testing the CRS forwarding capability - whi...
by joegoldman
Wed Sep 18, 2019 2:52 am
Forum: General
Topic: CRS317-1G-16S+ Suddenly Stopped Hardware forwarding
Replies: 0
Views: 817

CRS317-1G-16S+ Suddenly Stopped Hardware forwarding

Hi Forum, Not sure if anyones seen this issue. I have a CRS317-1G-16S+ in production currently running 6.43.4. I have all running switchports in the bridge, with SFP+1 and SFP+2 in a Bonding interface, which is also in the bridge, and indicated hardware in the bridge port list for hardware offload. ...
by joegoldman
Fri Sep 13, 2019 4:37 am
Forum: Beginner Basics
Topic: Setting Mikrotik with Leased Line Topology
Replies: 8
Views: 2038

Re: Setting Mikrotik with Leased Line Topology

I've steered you to the likely answer - give it a go and tell me if it works. If you are not understanding what I am explaining then perhaps this task is beyond your capabilities and you should hire someone to help you. My explanation explains why you would not be able to ping the web server from yo...
by joegoldman
Thu Sep 12, 2019 7:18 am
Forum: Beginner Basics
Topic: Setting Mikrotik with Leased Line Topology
Replies: 8
Views: 2038

Re: Setting Mikrotik with Leased Line Topology

yep so .161 doesnt know how to get back to you, which likely means you are presenting as your internal IP 192.168.88.x. Like a normal internet connection, you'll need to NAT your connection out of that interface. /ip firewall nat add chain=srcnat action=masquerade out-interface=<whatever interface t...
by joegoldman
Thu Sep 12, 2019 6:52 am
Forum: Beginner Basics
Topic: Setting Mikrotik with Leased Line Topology
Replies: 8
Views: 2038

Re: Setting Mikrotik with Leased Line Topology

You'll likely also have to set a NAT rule to src-nat (or masquerade) for traffic out that interface as well, so it will appear as coming from 10.10.10.162 (as their network likely does not have a route back to you for 192.168.88.0/24)
by joegoldman
Thu Sep 12, 2019 4:41 am
Forum: Wireless Networking
Topic: 420Mbps inside trafic
Replies: 2
Views: 1210

Re: 420Mbps inside trafic

that is specifically the CAPsMAN tunneling protocol - not sure why so much data would be going through it if not doing rolling upgrade etc - having it on all interfaces like that makes me think a bridge or loop issue. Perhaps see if you can capture the traffic and load it up in wireshark so you can ...
by joegoldman
Thu Sep 05, 2019 2:57 pm
Forum: General
Topic: Netflow and AS
Replies: 1
Views: 977

Re: Netflow and AS

It's been requested for years and never made it in, not really sure what the technical hurdle to this is apart from perhaps too many expensive route table lookups to get that information (RIB vs FIB), think about how long it takes to search the route table sometimes compared to other routing OS's. O...
by joegoldman
Tue Sep 03, 2019 7:39 am
Forum: Scripting
Topic: Changing autorun.scr no longer works
Replies: 7
Views: 3428

Re: Changing autorun.scr no longer works

This is a user forum - so yes wrong way to get an official answer. Email their support staff, support@mikrotik.com I believe is still the current one.
by joegoldman
Mon Aug 12, 2019 5:36 am
Forum: RouterBOARD hardware
Topic: CRS312, CRS326-24S+2Q+ MIPSBE CPU?
Replies: 7
Views: 4912

Re: CRS312, CRS326-24S+2Q+ MIPSBE CPU?

I'm sure QSFP+ enabled routers (CCR2xxx) range will be in the pipeline, these switches are basically the introduction to them. A 1072 equivalent with 2x QSFP and 6+ SFP+ ports will be magical for core routing.
by joegoldman
Mon Aug 12, 2019 4:32 am
Forum: RouterBOARD hardware
Topic: CRS312, CRS326-24S+2Q+ MIPSBE CPU?
Replies: 7
Views: 4912

Re: CRS312, CRS326-24S+2Q+ MIPSBE CPU?

These aren't marketed (or priced) as full L3 switches. Yes you can route ports to CPU and run some L3 functions, but it is not a fully featured / full wire rate L3 switch, so if thats what you want this product for then this product is not for you. You'd have to send in your recommendations to Mikro...
by joegoldman
Mon Aug 05, 2019 1:50 am
Forum: Forwarding Protocols
Topic: 'Mesh' Network MPLS design
Replies: 0
Views: 2160

'Mesh' Network MPLS design

Hi Forum, Running a decentralised mesh style network, where we have 10-20 sites interconnected via PtP links in big and small loops. Each site terminates PPPoE services locally and installs the customer route in the route table via OSPF - this is working well so far. However I have been thinking of ...
by joegoldman
Mon Aug 05, 2019 1:40 am
Forum: General
Topic: MTU settings for provider network
Replies: 0
Views: 681

MTU settings for provider network

Hi Forum, Looking to know your thoughts on MTU settings for provider networks. We run a decentralised core style setup - a PtMP wireless network from multiple tours. Each tower has an RB1100AHx4 or an RB3011 at the bottom, these routers terminate all local PPPoE sessions and then run OSPF between th...
by joegoldman
Wed Jul 17, 2019 9:49 am
Forum: General
Topic: VLAN within a VLAN
Replies: 5
Views: 1162

Re: VLAN within a VLAN

Yes Possible, its called Q-in-Q. On Mikrotik its more referred to as S-tag, which would be the outer tag. So you could potentially: VLAN100 - STag enabled VLAN101 - Parent Int VLAN100 VLAN102 - Parent Int VLAN100 etc but networks between you and remote need to support you tagging this way too, they ...
by joegoldman
Mon Jul 08, 2019 1:57 pm
Forum: General
Topic: CSS610-8P-2D+OUT availability
Replies: 3
Views: 1142

Re: CSS610-8P-2D+OUT availability

Considering the only reference to that part number I can find is this one thread, you'll have to be more specific at what device your looking at. Do you have a link to the announcement for it?
by joegoldman
Mon Jul 08, 2019 12:56 am
Forum: General
Topic: RULE for BANKS
Replies: 15
Views: 2461

Re: RULE for BANKS

Your request is way too ambitious and unlikely. The easiest way is to look at the different RIR's, and find banking organisations, then you will have their IP blocks. Not all banks are likely to have their own allocation though. Then you get those who host their user services front-end in a cloud li...
by joegoldman
Mon Jul 08, 2019 12:53 am
Forum: Forwarding Protocols
Topic: OSPF Force path for specific subnet
Replies: 6
Views: 3065

Re: OSPF Force path for specific subnet

Static routes, with check-gateway = ping.

So if Link A is your defailt and you want a specific subnet to go via Link B, then static route with check gateway on Link B (or a netwatch script, which is just as simple), so if Link B dies that traffic goes back via Link A
by joegoldman
Sun Jul 07, 2019 11:16 am
Forum: SwOS
Topic: CSS326-24G-2S+RM POE
Replies: 1
Views: 2625

Re: CSS326-24G-2S+RM POE

Your switches are likely 802.3at/af Active PoE type switches - which is a common standard that a lot of things use, including some models of mikrotiks. The CSS326 unfortunately only accepts 24v Passive PoE in. The pinout is different, and voltage is different. Some switches, specifically managed, ca...
by joegoldman
Thu Jul 04, 2019 2:32 pm
Forum: Beginner Basics
Topic: Advice | Recommendation for new router
Replies: 10
Views: 2287

Re: Advice | Recommendation for new router

hAP ac / ac Pro if you want something smaller/cheaper

RB4011 if you want a beast of a router.
by joegoldman
Thu Jul 04, 2019 2:26 pm
Forum: Beginner Basics
Topic: admin password recovery
Replies: 6
Views: 3092

Re: admin password recovery

Do you have any .backup files? I believe they contain user passwords in them that can be extracted. Other then that, its too new for the old password database hack, you might not have much choice but to factory reset and rebuild - and learn a lesson on having multiple accounts/passwords or complete ...
by joegoldman
Thu Jul 04, 2019 2:23 pm
Forum: Beginner Basics
Topic: How to setup Captive Portal on Mikrotik Router?
Replies: 1
Views: 5070

Re: How to setup Captive Portal on Mikrotik Router?

https://wiki.mikrotik.com/wiki/Hotspot_server_setup

https://wiki.mikrotik.com/wiki/HotSpot_ ... login_page

Mikrotik doesnt host PHP pages natively, if you want a PHP page specifically you'll have to externally host it and have your hotspot configured to point to it (all info in those 2 links)
by joegoldman
Thu Jul 04, 2019 2:21 pm
Forum: General
Topic: Choice router for central speed test
Replies: 7
Views: 1636

Re: Choice router for central speed test

RB1100AHx4 or RB3011 - they have faster cores vs the CCR range which have many slower cores. 1100 or 3011 shoul dbe OK for 100mbit throughput testing.
by joegoldman
Wed Jul 03, 2019 11:23 pm
Forum: General
Topic: unwanted change of source IP in my traffic
Replies: 6
Views: 1180

Re: unwanted change of source IP in my traffic

add action=masquerade chain=srcnat
This piece right here will masquerade all traffic everywhere. Define this better or get rid of it.
by joegoldman
Wed Jul 03, 2019 1:58 am
Forum: Scripting
Topic: Script to disable Wlan when no user are logged on
Replies: 8
Views: 3092

Re: Script to disable Wlan when no user are logged on

Well - if its allowing for business hours, you'd disable wifi once last person logs off after say 5-6pm, so it doesnt force them off at a set time in case they are working back, but then leave it off till predetermined time like 7am. All depends on the setup and intent but makes sense to an extent, ...
by joegoldman
Tue Jul 02, 2019 2:27 pm
Forum: RouterBOARD hardware
Topic: RB4011 Metal temperature is really hot
Replies: 53
Views: 21140

Re: RB4011 Metal temperature is really hot

you will need active cooling, so buy a model with active cooling (RB1100AHx4 would be my suggestion).
Be careful choosing device, both RB1100AHx4 models have passive cooling!
Hrmm i swear I remember fan holes on the back of 1100 case - maybe im thinking older model? My bad.
by joegoldman
Tue Jul 02, 2019 3:06 am
Forum: RouterBOARD hardware
Topic: RB4011 Metal temperature is really hot
Replies: 53
Views: 21140

Re: RB4011 Metal temperature is really hot

you need to buy hardware for the installation, not just for the specs. If you are working in hot environments with no natural airflow / air-con then you will need active cooling, so buy a model with active cooling (RB1100AHx4 would be my suggestion). There is more to product selection then just spec...
by joegoldman
Tue Jul 02, 2019 2:01 am
Forum: General
Topic: Customer Traffic through Multiple Queues
Replies: 1
Views: 632

Customer Traffic through Multiple Queues

Hi Forum, Having an interesting problem I'd like to try figure out. I use PPPoE on my network for subscribers, when they login they get a dynamic pppoe interface simple queue, lets say 10mbit. On the transit side, I'd only like them to get 5mbit But local resources able to get the full 10mbit. My id...
by joegoldman
Sun Jun 30, 2019 8:34 am
Forum: General
Topic: Out of the box problem with GUI
Replies: 3
Views: 1014

Re: Out of the box problem with GUI

On the quickset page, after ticking address acquisition to be 'Automatic' you have to hit 'Apply Configuration' down the bottom right for it to stick. Then you can go into Webfig, go to ip->addresses to see the address asigned to you, or you can go ip->dhcp client to see the status of your dhcp requ...
by joegoldman
Thu Jun 27, 2019 12:56 am
Forum: General
Topic: Best Way to Isolate Bridges to Reach Each Other's IPs
Replies: 26
Views: 4616

Re: Best Way to Isolate Bridges to Reach Each Other's IPs

just easy forward rule, in-interface=a, out-interface=b action=drop, and vice versa, that way no traffic can go between a and b.
by joegoldman
Wed May 29, 2019 2:54 am
Forum: General
Topic: NBN FTTC TPG NCD + MT
Replies: 2
Views: 1221

Re: NBN FTTC TPG NCD + MT

This is more a TPG thing then a NBN or even Mikrotik thing - so the post probably has little relevance here - might be a good post for the Australian Whirlpool forums or something. In particular though, your question of whether or not using your buddies username would give you more speed - the answe...
by joegoldman
Tue May 21, 2019 3:11 am
Forum: General
Topic: Very unusual situation Two bad CCRs in a row?
Replies: 1
Views: 723

Re: Very unusual situation Two bad CCRs in a row?

Its unlikely to be a hardware issue if 2 are doing it. 3011 and ccr1009 are fundamentally different in configurations of ports (switch vs routed etc etc) so there may be snafu's in the config. Post an /export hide-sensitive and mask any identifiable information, and explain which part exactly is not...
by joegoldman
Thu May 02, 2019 12:14 pm
Forum: Scripting
Topic: Script initiate Winbox windows?
Replies: 3
Views: 1163

Re: Script initiate Winbox windows?

I prefer not to use webfig - I want it for myself too as super user - so dont want to be logging out / in all the time, and I dont think the skinning tool is flexible enough, as I want the same tool but in many different configs, mostly I want the ping and traceroute tool but with specified src-addr...
by joegoldman
Thu May 02, 2019 12:45 am
Forum: Scripting
Topic: Script initiate Winbox windows?
Replies: 3
Views: 1163

Script initiate Winbox windows?

Hi *, I think I know the answer to this already (no) - but is there a way to make a script initiate a winbox GUI element? i.e. I run certain tests / traceroutes / pings etc with different VRF's or source IP's to test different parts of my network - it would be handy if I could 'pre-script' these so ...
by joegoldman
Wed May 01, 2019 2:11 pm
Forum: Forwarding Protocols
Topic: Create BGP communities [SOLVED]
Replies: 3
Views: 7825

Re: Create BGP communities [SOLVED]

yes, you dont 'create' communities, routes are tagged with community strings. So when you receive routes from a downstream peer, then when distributing upstream you use route filters community option to decide what to do with them, i.e. can block all routes with community 111:222 or whatever you cho...
by joegoldman
Tue Apr 30, 2019 2:14 am
Forum: General
Topic: implementation of bgp filters on ipv6 tab
Replies: 2
Views: 1070

Re: implementation of bgp filters on ipv6 tab

On routing filters, use Address Family option (IP or IPv6) to apply that filter to only one type of address, so you dont catch v4 and v6 together.
by joegoldman
Tue Apr 23, 2019 9:28 pm
Forum: Forwarding Protocols
Topic: Your experience with larger/diverse Area0 OSPF networks?
Replies: 19
Views: 4869

Re: Your experience with larger/diverse Area0 OSPF networks?

At only 7 sites in and 250 routes, we are already looking for a new solution before we grow out of control. There are a few options considering. Unfortunately OSPF will always need to be part of it, but thinking of moving OSPF to Loopback propagation only, and MPLS for customer routes. This can have...
by joegoldman
Mon Apr 22, 2019 11:30 am
Forum: Forwarding Protocols
Topic: OSPF LOOP [SOLVED]
Replies: 2
Views: 5334

Re: OSPF LOOP [SOLVED]

So is it mesh or is it ring? If ring network like you describe (but then add in x-connects between them), are you bridging the interfaces so all routers appear on 1 broadcast domain? If so then this would cause your issue. You may need to turn of OSPF broadcast stuff and to a PtMP style connection b...
by joegoldman
Mon Apr 22, 2019 11:26 am
Forum: General
Topic: Port Knocking, avoid scan-caused false positives?
Replies: 17
Views: 3135

Re: Port Knocking, avoid scan-caused false positives?

I would think to do it different. If they are doing a huge port scan, then maybe a rule where if dst-port = 5999,6001,6999,7001 then add to list portscanner then on your portknocking do src-address-list!=portscanner This should cover scanners going up and down the list, and covers you for hitting 70...
by joegoldman
Mon Apr 22, 2019 11:22 am
Forum: General
Topic: Walled Garden fbcdn.net
Replies: 4
Views: 1358

Re: Walled Garden fbcdn.net

It's because your rule is the first rule - and explicitly drops all https traffic. The rule that allows the walled garden values likely comes after that. paste your /ip firewall filter export and we may be able to tell you the best place to pop the rule. Walled garden setup already restricts user br...
by joegoldman
Mon Apr 22, 2019 9:43 am
Forum: General
Topic: Feature Request : Browser on Winbox
Replies: 12
Views: 13467

Re: Feature Request : Browser on Winbox

Or you can have port forwards - with firewall rule to stop certain IP's, or just enable the NAT while you are working on it etc etc. I go a step further and have port-knock on my devices that puts my current WAN IP in an address-ilst that is allowed to access NAT rules to access wireless gear behind...
by joegoldman
Mon Apr 22, 2019 4:14 am
Forum: General
Topic: How are hardware ports associated with names
Replies: 5
Views: 1549

Re: How are hardware ports associated with names

There is an attribute attached to the interface, more-so hidden in the details "default-name" (do an /interface print detail) - this will refer to the hard port as labelled, i.e. ether1 would be port1. This is a quick last resort, its not quick and easy information to grab. I tend to name ...
by joegoldman
Fri Apr 19, 2019 12:40 am
Forum: Beginner Basics
Topic: 0.0.0.253 ip
Replies: 10
Views: 2099

Re: 0.0.0.253 ip

post your config (/export hide-sensitive) in code tags and we may be able to help.
by joegoldman
Tue Apr 16, 2019 3:10 am
Forum: General
Topic: who can I hire to get a export to work as an import an a clone [SOLVED]
Replies: 7
Views: 1598

Re: who can I hire to get a export to work as an import an a clone [SOLVED]

the all-packages .zip files seem to work so you could download your architecture that way and then just upload the relevant packages that you have installed, bit of a round-a-bout way to do it though.
by joegoldman
Sat Apr 13, 2019 11:43 am
Forum: General
Topic: Mikrotik IP Cloud vs P2P
Replies: 8
Views: 1553

Re: Mikrotik IP Cloud vs P2P

IPv6 is still a second class citizen overall - I found many services where my IPv6 would take over but it would take a worse route or have a degraded service because someone somewhere in the path didnt put as much effort into their traffic engineering for IPv6 as they did IPv4, as IPv4 is the mainst...
by joegoldman
Mon Apr 08, 2019 8:23 am
Forum: General
Topic: Why can my /30 subnet can talk to other subnets?
Replies: 5
Views: 1195

Re: /30 subnet can talk to other subnets

It is because your clients and your router know where to look for each other. In a /24, they would talk directly as they are same broadcast domain, but in your example they are sending traffic to the router, and the router knows 'hey i know how to get to IP x' so routes it, no issue. Best thing to d...
by joegoldman
Wed Apr 03, 2019 1:48 pm
Forum: General
Topic: PPP Secrets - DNS Server
Replies: 3
Views: 1088

Re: PPP Secrets - DNS Server

Yes you could use the On Up and On Down scripting tool in ppp profiles, go over to the scripting part of the wiki and you'll be able to start making some scripts

https://wiki.mikrotik.com/wiki/Manual:Scripting
by joegoldman
Tue Apr 02, 2019 2:21 am
Forum: Scripting
Topic: Trying to create a script to enable Mikrotik DHCP server if Microsoft DCHP Server is down.
Replies: 2
Views: 916

Re: Trying to create a script to enable Mikrotik DHCP server if Microsoft DCHP Server is down.

Why not run a DHCP 24/7 but put it on authoritative with 2s or 10s delay, so the Microsoft server has time to respond to DHCP requests first if it doesnt then the mikrotik one will.
by joegoldman
Wed Mar 27, 2019 1:11 am
Forum: General
Topic: 10.000 Clients on One Server
Replies: 7
Views: 1396

Re: 10.000 Clients on One Server

You dont want one hardware failure taking out so many clients, given how cheap Mikrotik hardware is compared to other big platforms, I'd go with up to 5x 36cores with the intent of 2k per router, that way if one fails each router can just go up to 2.5k and handle the load easily.
by joegoldman
Tue Mar 26, 2019 11:46 pm
Forum: Forwarding Protocols
Topic: Make OSPFv3 use Global IPv6 addresses instead of LinkLocal? [SOLVED]
Replies: 3
Views: 6181

Re: Make OSPFv3 use Global IPv6 addresses instead of LinkLocal? [SOLVED]

Yes, this is quite common in IPv4 space as well, called a Loopback address. For nice traceroutes, I actually set pref-source on all routes to the loopback address too so you dont have to name / PTR and catalog all the interface addresses.
by joegoldman
Tue Mar 26, 2019 6:25 am
Forum: Wireless Networking
Topic: Is possible to set up a RBaCPGi-5acD2nD dual bands with one ssid?
Replies: 4
Views: 1000

Re: Is possible to set up a RBaCPGi-5acD2nD dual bands with one ssid?

Just by naming them all the same, they will essentially switch from one AP to the other. Client devices determine how/when they switch to another AP, but you can use connect lists to disassociate people at a certain signal level and force them to re-scan. Easiest way to do this would be use CAPsMAN ...
by joegoldman
Tue Mar 26, 2019 12:36 am
Forum: SwOS
Topic: Can run OSPF on CRS326-24G-2S+RM
Replies: 4
Views: 2962

Re: Can run OSPF on CRS326-24G-2S+RM

also all routing is done in CPU - CPU's are quite limited in the switches. You may not get much data routed on a switch.
by joegoldman
Sat Mar 23, 2019 10:34 am
Forum: General
Topic: help to create server radius with sql and and web php form [SOLVED]
Replies: 3
Views: 1147

Re: help to create server radius with sql and and web php form [SOLVED]

Mikrotik talks RADIUS - configuring FreeRADIUS to work with Mikrotik is a non-issue, as they work out of the box. Your question is more a FreeRADIUS question, I would suggest seeking help from the FreeRADIUS forums or other help-areas dedicated to that program, to learn how to configure your system ...
by joegoldman
Sat Mar 23, 2019 10:23 am
Forum: General
Topic: Feature Request: 6VPE (VPNv6) - ipv6 address family
Replies: 4
Views: 2013

Re: Feature Request: 6VPE (VPNv6) - ipv6 address family

Most likely you will see this implemented in ROS v7.
Normis says ROS v7 doesnt exist :P

Sorry i kid i kid.
by joegoldman
Fri Mar 22, 2019 3:41 am
Forum: RouterBOARD hardware
Topic: wAP 60Gx3 AP - anyone already tested it?
Replies: 14
Views: 6399

Re: wAP 60Gx3 AP - anyone already tested it?

I'd love to try 60ghz out in some of our busier areas mostly because 5ghz is super noisy. How wide are the channels, and how much spectrum can be accessed by these devices? i.e. since each chip can only hand 8 stations (so thats 24 clients per wAP 60Gx3) how many of these could I comfortably run on ...
by joegoldman
Thu Mar 21, 2019 11:58 pm
Forum: Beginner Basics
Topic: Is it OK for all leds to run at once like this ?
Replies: 2
Views: 782

Re: Is it OK for all leds to run at once like this ?

They are not perfectly synced - being on the same bridge means there's absolutely some traffic that will hit all ports simultaneously (e.g. broadcast) along with traffic that wont. Nothing seems amiss to me.
by joegoldman
Sun Mar 17, 2019 11:40 pm
Forum: General
Topic: Redirect All SSL Pages to one page
Replies: 4
Views: 1057

Re: Redirect All SSL Pages to one page

Hotspot has HTTPS redirect in the settings - and the redirect can work, however you will always get SSL errors that the user will have to accept. You cant make it do a clean redirect.
by joegoldman
Sun Mar 17, 2019 11:35 pm
Forum: Beginner Basics
Topic: Radus server in my Mikrotik router
Replies: 6
Views: 1137

Re: Radus server in my Mikrotik router

You can use userman as a built in Radius sever, however its generally more for Hotspot usage, if your looking for 802.1x auth it might not work for that. Im not sure.
by joegoldman
Wed Mar 13, 2019 2:01 am
Forum: Beginner Basics
Topic: Simplest Route Rule Possible.
Replies: 13
Views: 1450

Re: Simplest Route Rule Possible.

There is kind of a way - if that is the ONLY thing in vlan55, then you can add VLAN 55 to a VRF and add the default route for that VRF out the ether1 cable WANIP. If you are not wanting to put the interface into VRF and single out only the traffic for that one IP, then you will need to use a mangle ...
by joegoldman
Mon Mar 11, 2019 1:05 am
Forum: General
Topic: Scaling Mikrotik
Replies: 5
Views: 1349

Re: Scaling Mikrotik

Mikrotik is horizontal scaling. Basically start with redundant pairs everywhere - once you start getting to the 50-60% resource usage, add another 1 or 2 next to it. You really dont want resources hitting up over 75% at all to be safe. I'd personally have your core very very simple, just pure routin...
by joegoldman
Mon Mar 11, 2019 12:56 am
Forum: General
Topic: local proxies breaks speed limit
Replies: 5
Views: 888

Re: local proxies breaks speed limit

Are you running a web-proxy on the mikrotik? Are your bw-limits on forwarding traffic? Once traffic is proxied through the router it becomes input/output rather than forward technically, so your queus may be set up wrong to account for that. Do an /export hide-sensitive and post it in code tags so w...
by joegoldman
Wed Mar 06, 2019 11:57 am
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 613
Views: 213659

Re: RouterOS v7.0 beta1 - when?

THE GOOD NEWS IS, that once RouterOS is brought up to date on 4.x kernel - it should be a fairly straight run to keep it updated. The Linux Kernels are not feature releases, meaning the diff between 4.20 and 5.0 is just patches, not a huge new architecture or anything. We just gotta make this one bi...
by joegoldman
Tue Mar 05, 2019 5:12 pm
Forum: Beginner Basics
Topic: I've locked myself out of the router admin interface.
Replies: 2
Views: 786

Re: I've locked myself out of the router admin interface.

If using winbox, try using neighbours and connecting via MAC protocol.

Alternatively, plug another mikrotik into it and use mac-telnet from mikrotik to mikrotik or Rommon (if enabled) which uses L2 protocols as well, so bypasses IP addressing.