Community discussions

MikroTik App

Search found 605 matches

by joegoldman
Fri May 07, 2021 10:41 am
Forum: General
Topic: Owncloud port 80
Replies: 4
Views: 165

Re: Owncloud port 80

I wanna finish with "myddnsname.somethink" now its work on myddnsname.somethink/owncloud This is to do with your Raspberry Pi / OwnCloud installation. It is not recognizing the URL as a host-header to point to /var/www/owncloud (or wherever its located on your Pi), but likely being caught...
by joegoldman
Sun May 02, 2021 2:15 pm
Forum: General
Topic: Assign static IP's from ARP not DHCP Leases to stop MAC Clonning
Replies: 7
Views: 508

Re: Assign static IP's from ARP not DHCP Leases

Another option is port security depending on what switching you are using - where you restrict MAC down to the physical port on the switch, so they'd need to spoof and repatch/move desks.
by joegoldman
Sun May 02, 2021 2:06 pm
Forum: Scripting
Topic: Change bytes to mb or gb in simple queue for telegram bots
Replies: 5
Views: 556

Re: Change bytes to mb or gb in simple queue for telegram bots

You can use simple arithmetic operators on returned values i.e. bytes -> kilobytes is divide bytes by 1024 (( [bytes] / 1024) for instance), where 5120 bytes becomes 5kilobytes, continue up the chain by dividing 1024 t o get to desired value bytes / 1024 = kilobytes kb / 1024 = megabytes mb / 1024 =...
by joegoldman
Fri Apr 30, 2021 2:31 am
Forum: General
Topic: VPN OPTIONS @ HELP with MUDI
Replies: 3
Views: 251

Re: VPN OPTIONS @ HELP with MUDI

Mikrotik supports OVPN server - but only supports certain parts of the spec, so you'll need to read through both documentations to get configuration right.
by joegoldman
Fri Apr 30, 2021 2:24 am
Forum: RouterOS v7 BETA
Topic: VRRP connection tracking and preemption mode
Replies: 7
Views: 546

Re: VRRP connection tracking and preemption mode

the master does not have connections synced from the backup router yet! Great post and explanation! THis is the #1 reason I had in my head why it would be that way but great to get confirmation. To address OP's situation -w hich I assume is NAT Even though the connections are synced to the 2nd rout...
by joegoldman
Thu Apr 29, 2021 4:15 am
Forum: RouterOS v7 BETA
Topic: VRRP connection tracking and preemption mode
Replies: 7
Views: 546

Re: VRRP connection tracking and preemption mode

as some of the users in the home where this is being used complain about their internet suddenly going out, which tracking might help a little with.
No - tracking won't really help a notice-able amount. I'd fore-go it and use preemptive mode.
by joegoldman
Thu Apr 29, 2021 1:44 am
Forum: RouterOS v7 BETA
Topic: VRRP connection tracking and preemption mode
Replies: 7
Views: 546

Re: VRRP connection tracking and preemption mode

Mikrotik explicitly state that pre-emption mode must be off for connection sync as it currently stands - unknown if this is a temporary limitation or not. But - it looks like you should still be able to use priorities etc to force master back to being master (which I thought was VRRP default anyways...
by joegoldman
Wed Apr 21, 2021 5:59 am
Forum: General
Topic: Downloading from ONE interface
Replies: 5
Views: 333

Re: Downloading from ONE interface

IDM is still just a downloader - it may just chunk it out and try get multiple streams going - which can help depending on features of your firewall or ISP in what they might do for rate limiting (PCQ etc) A lot of variables at play here, and you'd need to isolate down to which device/port/portion i...
by joegoldman
Wed Apr 21, 2021 5:55 am
Forum: Forwarding Protocols
Topic: VRRP trigger from lost internet connection
Replies: 5
Views: 436

Re: VRRP trigger from lost internet connection

If you have Static IP hand-off, you could try pinging your gateway as netwatch, which shouldn't be pingable if internet was to swap to other router The problem with this is, the gateway would always be powered up and pingable even when the internet is down (hurricane knocks out outdoor fiber lines)...
by joegoldman
Wed Apr 21, 2021 3:16 am
Forum: Forwarding Protocols
Topic: VRRP trigger from lost internet connection
Replies: 5
Views: 436

Re: VRRP trigger from lost internet connection

You'd have to put some checks and balances in there. This is why I said it is setup specific. If you have PPPoE - you could try using on/off scripts in the ppp profile section so a script is run as PPPoE Client goes online and offline. If you have Static IP hand-off, you could try pinging your gatew...
by joegoldman
Wed Apr 21, 2021 3:12 am
Forum: General
Topic: cacti monitoring interface bandwidth
Replies: 1
Views: 199

Re: cacti monitoring interface bandwidth

While the Mikrotik template comes with an interface graph - you can use the cacti inbuilt NET-SNMP templates for interface counters too which do include Megabits per second (in 64bit as well). All my interfaces are using the default cacti SNMP graphs - and I use the Mikrotik template to get stats fo...
by joegoldman
Mon Apr 19, 2021 3:56 am
Forum: Forwarding Protocols
Topic: VRRP trigger from lost internet connection
Replies: 5
Views: 436

Re: VRRP trigger from lost internet connection

Depending on how your internet works - probably a Netwatch script that then modifies VRRP priorities to force the other one to take over Master
by joegoldman
Fri Apr 16, 2021 2:40 am
Forum: General
Topic: Cloutik feedback ?
Replies: 10
Views: 788

Re: Cloutik feedback ?

Out of curiousity, how are the "real pro" handling this when you have hundreds of devices to maintain ? All by custom, self developed scripting ? I have self-developed scripts to help with management - but I wouldn't be closed to an application like Cloutik that you linked - but my requir...
by joegoldman
Wed Apr 14, 2021 1:45 am
Forum: General
Topic: Cloutik feedback ?
Replies: 10
Views: 788

Re: Cloutik feedback ?

You could do the same, by essentially running a VPS and having all your mikrotiks VPN back to it or send info / run scripts. Its putting control (And a lot of information) in someone elses hands If you are having large outages - then its useless Cost is not great - website is poorly made which doesn...
by joegoldman
Wed Apr 14, 2021 1:41 am
Forum: Beginner Basics
Topic: How do I disable (allow all) the firewall completely?
Replies: 1
Views: 347

Re: How do I disable (allow all) the firewall completely?

You can just disable ALL rules in /ip firewall filter - as a stop gap to disable any and all firewall rules related to blocking access. Disabling all shouldn't be an issue - but RouterOS also has a safe mode (For every management type except API) where by you can make these changes and if you are ki...
by joegoldman
Mon Apr 12, 2021 5:28 am
Forum: Forwarding Protocols
Topic: PBR - issues
Replies: 3
Views: 376

Re: PBR - issues

Please post full /export (hide any info you feel you need to) so people can review it
by joegoldman
Thu Apr 01, 2021 12:46 am
Forum: Forwarding Protocols
Topic: BGP STATIC ROUTE BUG
Replies: 1
Views: 342

Re: BGP STATIC ROUTE BUG

You would have to provide an /export output for us to even begin to try and help.
by joegoldman
Thu Apr 01, 2021 12:45 am
Forum: General
Topic: Simple queue is detecting traffic but not limiting it
Replies: 2
Views: 428

Re: Simple queue is detecting traffic but not limiting it

You would have to provide an /export output for us to even begin to try and help.
by joegoldman
Fri Mar 26, 2021 1:21 am
Forum: General
Topic: How to search a large IP Firewall Address List?
Replies: 5
Views: 663

Re: How to search a large IP Firewall Address List?

Its not so much a bug as it is just a missing feature. The filter list in winbox gui only allows the order of the command one way - set out by the way the fields are set out i.e. "where address in 1.2.3.4" vs the opposite way that you actually want "where 1.2.3.4 in address" So t...
by joegoldman
Wed Mar 24, 2021 11:44 pm
Forum: RouterOS v7 BETA
Topic: OSPF Cost
Replies: 4
Views: 757

Re: OSPF Cost

You can also set default cost under instance - which will be the cost given to 'Dynamic' interfaces (entries under routing -> ospf -> interfaces created dynamically due to network statements etc) - to set individual cost per interface you'll have to move them to being a static entry.
by joegoldman
Wed Mar 24, 2021 11:43 pm
Forum: Beginner Basics
Topic: Prevent Created Hotspot Users from using trial
Replies: 4
Views: 522

Re: Prevent Created Hotspot Users from using trial

Ideally you can't - if trial is available then registered users could potentially use the trial period over and over - or you could move to something like MAC based auth/cookies to help avoid it - but then any secondary devices etc may need their own account - or in cases like iphones where they cha...
by joegoldman
Thu Mar 18, 2021 7:39 am
Forum: General
Topic: Down Interface responds to ping?
Replies: 0
Views: 286

Down Interface responds to ping?

Hi Team, I applied an IP address (in a /30) to a downed interface on an RB1100x4 (running long-term 6.47.9) - the route was listed as DC (not active), the whole /24 that this IP happens to be in is routed to this router, but before the cable was plugged in the IP started responding to ping - i.e. th...
by joegoldman
Thu Mar 11, 2021 3:04 am
Forum: Forwarding Protocols
Topic: OSPF force gateway from BGP
Replies: 2
Views: 281

Re: OSPF force gateway from BGP

Hope this makes sense - and happy to learn of some possible solutions. This might be a solution for you: https://www.computerweekly.com/tip/Scale-your-backbone-with-core-MPLS-BGP-on-the-edge The article is old but the information is still correct. Thats a pretty big network wide change -we have pla...
by joegoldman
Thu Mar 11, 2021 1:35 am
Forum: Forwarding Protocols
Topic: OSPF force gateway from BGP
Replies: 2
Views: 281

OSPF force gateway from BGP

Hi Forum, Not sure I worded the title right - but looking for a solution to my issue. Consider a WISP network map of various towers linked together (not a 'FULL MESH' but rather random PtP links to create some triangles / loops etc) We run OSPF between all these sites - and it runs quite well - and ...
by joegoldman
Thu Mar 04, 2021 12:07 am
Forum: Beginner Basics
Topic: Setting up 1Gbps MGMT port on CRS317 and CCR2004 for out of band management
Replies: 6
Views: 441

Re: Setting up 1Gbps MGMT port on CRS317 and CCR2004 for out of band management

If it needs a separate default route and you can't use NAT or other rules for OOB to 'trick' it - then you'll need to use VRFs Keep in mind that management services DO NOT listen in VRF's - so you'll need to make the 'main' route table your management one, and create a separate vrf for normal/custom...
by joegoldman
Tue Mar 02, 2021 10:57 am
Forum: General
Topic: ASK [vpls PW]
Replies: 8
Views: 466

Re: ASK [vpls PW]

pretend is long cable but virtual.
by joegoldman
Tue Mar 02, 2021 7:51 am
Forum: Forwarding Protocols
Topic: OSPF priority for dynamic Interfaces
Replies: 4
Views: 547

Re: OSPF priority for dynamic Interfaces

If there is no static entry in OSPF interface configuration, then parameters are taken from "all" entry. So you can adjust priority there to have all dynamic interfaces needed priority,
Would be good if we could make rules based on interface lists ;)
by joegoldman
Tue Mar 02, 2021 7:48 am
Forum: General
Topic: ASK [vpls PW]
Replies: 8
Views: 466

Re: ASK [vpls PW]

https://en.wikipedia.org/wiki/Virtual_private_network Pseudowire on there refers more to old technologies (such as ATM) but same principal applies (and is kind of in the name) pseudo - not genuine; spurious or sham So psuedo wire is 'not a real wire' meaning it emulates as if you had a direct connec...
by joegoldman
Tue Mar 02, 2021 2:50 am
Forum: Beginner Basics
Topic: Mikrotik - Enable Split Tunnel on L2TP VPN
Replies: 5
Views: 507

Re: Mikrotik - Enable Split Tunnel on L2TP VPN

L2TP VPN is a PPP style protocol in which the IP handed out is not a subnet but a /32 technically - so no broadcast and ARP learning exists, and the client machine does not generally enable a route for the remote subnet. If you clear use remote default gateway - you'll need to add routes specificall...
by joegoldman
Tue Mar 02, 2021 2:45 am
Forum: General
Topic: winbox multiple instances/databases
Replies: 5
Views: 325

Re: winbox multiple instances/databases

Someone on here successfully modified winbox in a hex editor to change default port - you could potentially modify the default database path and run one unmodified and one modified Beyond that - keeping your databases separate and import the right one each time you wanna swap between them is the onl...
by joegoldman
Sat Feb 27, 2021 3:14 am
Forum: Forwarding Protocols
Topic: Default Route advertisement eBGP failover
Replies: 9
Views: 673

Re: Default Route advertisement eBGP failover

Only suggestion (which shouldn't change much) dont specify a prefix length on your default route accept rules - currently it appears to be '0' but try it with nothing specified / that field disabled (can't remember how to do this CLI but can change that on Winbox/Webfig) Other than that it'd require...
by joegoldman
Fri Feb 26, 2021 2:16 am
Forum: General
Topic: Winbox glitch
Replies: 11
Views: 893

Re: Winbox glitch

Is this on a laptop using a trackpad?

If so - does the problem still happen if you plug in a mouse and try that way?
by joegoldman
Thu Feb 25, 2021 11:10 pm
Forum: General
Topic: Winbox glitch
Replies: 11
Views: 893

Re: Winbox glitch

Are you using it on windows? Or another OS with WINE? Never had the problem with Windows - but have had 'similar' problems on WINE based installs (such as on my Ubuntu laptop) - nothing as bad as your describing - but generally updating WINE to the latest stable tends to help especially if you haven...
by joegoldman
Thu Feb 25, 2021 11:08 pm
Forum: Forwarding Protocols
Topic: OSPF priority for dynamic Interfaces
Replies: 4
Views: 547

Re: OSPF priority for dynamic Interfaces

Depends what you mean by dynamic in OSPF - a dynamic interface can be created within OSPF based on Network addition (including physical interfaces) - is this the dynamic interface you mean? If so you will need to move the physical interfaces to 'static' and add your path cost etc. If you are talking...
by joegoldman
Thu Feb 25, 2021 11:04 pm
Forum: General
Topic: Cannot Use Multiple IPs
Replies: 13
Views: 858

Re: Cannot Use Multiple IPs

No, it should not... If you try to ping "internet" from your broadcast address it works! Hrmm - can depend on vendor - some simply won't pass traffic to the defined network or broadcast address when actually configured as that subnet. If x.x.x.248/29 was actually routed via an interconnec...
by joegoldman
Thu Feb 25, 2021 10:28 pm
Forum: Forwarding Protocols
Topic: Default Route advertisement eBGP failover
Replies: 9
Views: 673

Re: Default Route advertisement eBGP failover

You'd need to show your export (of at least /routing (including bgp and filters)) for us to start to understand what and why it should happen - and why it may not be. You may be filtering it out. You may have peer config slightly off. In a general scenario - Tower3 should still install a default rou...
by joegoldman
Mon Feb 22, 2021 10:59 pm
Forum: Beginner Basics
Topic: Rename interface: to what port is it connected to?
Replies: 5
Views: 389

Re: Rename interface: to what port is it connected to?

You can also use MAC address to determine - lowest will be first port, highest will be last port. But I find it better practice to have a naming scheme - where ether1 is the port - change it to 'ether1-WAN' or 'ether1-ISP' or 'ether1-Haus' - or some combo of the same to keep the interface type and n...
by joegoldman
Mon Feb 22, 2021 6:11 am
Forum: General
Topic: IP > Service > winbox/www - Not Able to Use DNS?
Replies: 3
Views: 258

Re: IP > Service > winbox/www - Not Able to Use DNS?

because people don't come 'from' DNS - i suppose sure you could put DNS record in there and have it resolve forward at a specific time or in intervals - or its possible to have it perhaps lookup PTR on an IP to see if it matches that field - but this is used primarily as a 'firewall' to stop auth fr...
by joegoldman
Mon Feb 22, 2021 1:12 am
Forum: General
Topic: Mikrotik BOX
Replies: 1
Views: 185

Re: Mikrotik BOX

I believe its an internal tool used by the staff - it is a self-hosted 'dropbox' style program where staff can give unique, expirable links etc for quick links to test versions or other files in the course of support tickets etc. I use something similar for my personal stuff using Nextcloud - not su...
by joegoldman
Mon Feb 08, 2021 12:09 am
Forum: Forwarding Protocols
Topic: BGP-Prefix anncouning problem
Replies: 1
Views: 291

Re: BGP-Prefix anncouning problem

We would need to see an export of your /routing bgp and /routing filters to start to help. Are you using summary routes? BGP Networks tab? Does the /22 exist in your route table? Does the /24 exist in your route table? If the /24 is learned by other BGP, does your instance have redistribute other BG...
by joegoldman
Sun Feb 07, 2021 1:32 am
Forum: Wireless Networking
Topic: Mikrotik LHG60 can be used 70.20 GHz frequency?
Replies: 5
Views: 849

Re: Mikrotik LHG60 can be used 70.20 GHz frequency

I hope that Mikrotik will unlock more frequencies for LHG60, considering that the frequencies that are at 70 GHz have considerably less attenuation of radio waves in dB/km. And it is possible to achieve a more stable link at greater distances. The better frequencies are also generally reserved for ...
by joegoldman
Wed Jan 27, 2021 10:52 pm
Forum: Forwarding Protocols
Topic: BGP Advertise specific route only to a specific peer
Replies: 5
Views: 665

Re: BGP Advertise specific route only to a specific peer

As a side note, instance out filter (bgp-out) is not working as it should. Normally it should be the global bgp-out filter, but it is not working at all when peers have different out filters set. I hope it gets fixed or maybe I am doing something wrong. Thanks a lot for the help. From the wiki : Ou...
by joegoldman
Fri Jan 22, 2021 5:59 am
Forum: General
Topic: Problem with IP/address and IP/route pref-source need some help
Replies: 2
Views: 299

Re: Problem with IP/address and IP/route pref-source need some help

On the connecting device (the other end of the wireless link) can you use mac-telnet or similar to achieve CLI access? the mac-protocols do not require active and correct subnetting to see their neighbors. Alternatively, you could configure yourself on the other end within the same subnet you placed...
by joegoldman
Thu Jan 21, 2021 10:59 pm
Forum: General
Topic: [Request] Winbox Default Port
Replies: 8
Views: 764

Re: [Request] Winbox Default Port

The idea was to set in winbox the default port it will try to connect to. This way I could still use the same old method that is typing only IP address in the "Connect To:" field without saving the host in the Managed list (for security reasons) Whats insecure about having it in the manag...
by joegoldman
Wed Jan 20, 2021 6:55 am
Forum: General
Topic: [Request] Winbox Default Port
Replies: 8
Views: 764

Re: [Request] Winbox Default Port

Without defining the port it will always use the default - but you can save your devices in the managed list with the port specified - you can save without password and add it in when you want to connect.
by joegoldman
Tue Jan 19, 2021 8:13 am
Forum: Forwarding Protocols
Topic: BGP Advertise specific route only to a specific peer
Replies: 5
Views: 665

Re: BGP Advertise specific route only to a specific peer

Ok thanks. So for that specific prefix in filters; I will just make chain = peer2-out , prefix= x.x.x.x/24, action = accept ? And chain = peer1-out, prefix = x.x.x.x/24, action = discard ? Essentially yes - but if i remember correctly if there's no rule to 'reject' your other prefixes then they wil...
by joegoldman
Tue Jan 19, 2021 5:39 am
Forum: RouterBOARD hardware
Topic: CSS610-8G-2S+IN - POE Version planned ?
Replies: 2
Views: 556

Re: CSS610-8G-2S+IN - POE Version planned ?

If you watch this video:

https://www.youtube.com/watch?v=Xh3oQKcMOmg

He indicates that the PCB has blank spots for extra POE components and theorises there's likely a POE version to come (shows the PCB as well)
by joegoldman
Tue Jan 19, 2021 5:37 am
Forum: The User Manager
Topic: Transparent Proxy
Replies: 1
Views: 385

Re: Transparent Proxy

web proxy can not blacklist domain names for ssl/https transparently - which most modern sites use now no matter what. Non-transparent proxy gets around this by inspecting the CONNECT request sent to proxy-aware clients - but then can only filter based on domain (not subdir/querystring, e.g. 'facebo...
by joegoldman
Tue Jan 19, 2021 5:21 am
Forum: General
Topic: RouterOS .backup to .rsc/text
Replies: 4
Views: 482

Re: RouterOS .backup to .rsc/text

https://github.com/BigNerd95/RouterOS-Backup-Tools

Might help - other then that I believe support may have internal tools to extract info from backup as long as it isn't encrypted.
by joegoldman
Thu Jan 14, 2021 7:21 am
Forum: General
Topic: Has RouterOS been ripped off?
Replies: 2
Views: 358

Re: Has RouterOS been ripped off?

There is licensing - and branding packages available to routeros users. Depending how much you want to spend - im sure there's no limit to the amount of customisation you can ask for. It is more likely this is branded RouterOS as a commercial customer - and they are using integrated boards in their ...
by joegoldman
Tue Jan 05, 2021 11:02 pm
Forum: Forwarding Protocols
Topic: OSPF Default Route
Replies: 4
Views: 613

Re: OSPF Default Route

Depending on the setup - VRF's are also another option, where if the (many) subnets are on their own subinterfaces you could potentially have vrf1 using gw1, vrf2 using gw2, and assign the sub interface to the appropriate vrf based on which gateway they need to use. This introduces other issues such...
by joegoldman
Tue Jan 05, 2021 10:58 pm
Forum: General
Topic: ip flow ingress cisco and Mikrotik
Replies: 1
Views: 424

Re: ip flow ingress cisco and Mikrotik

ip flow command is just telling the cisco router what interfaces to watch for netflow/sflow exporting and has no bearing on the connection itself. You'd have to supply config for both the Cisco interface (sh run int <intname>) And the Mikrotik interface (/int gre export) Then we might be able to hel...
by joegoldman
Tue Jan 05, 2021 8:14 am
Forum: Scripting
Topic: Search and select best AP !!!
Replies: 3
Views: 506

Re: Search and select best AP !!!

What your asking is very vague. What are the client device types? What values do you want to compare, and what weight are each given? (i.e. how do you define the 'best' AP) For values that aren't detectable by an unconnected client, how do you intend to transmit those values to them? There's a lot o...
by joegoldman
Mon Nov 16, 2020 11:20 pm
Forum: General
Topic: Uptime rollover bug/SNMP
Replies: 3
Views: 436

Re: Uptime rollover bug/SNMP

497 days is a long time to go without security upgrades etc. Perhaps set up a yearly maintenance and upgrade cycle. Or at the least - have SNMP monitoring start warning at day 450, and become critical at day 480. Who knows - maybe uptime is 64bit int in newer version of RouterOS - a lot of new versi...
by joegoldman
Wed Oct 14, 2020 3:59 am
Forum: Beginner Basics
Topic: Accidently, I removed Interface ether1.
Replies: 5
Views: 709

Re: Accidently, I removed Interface ether1.


Is that even possible Normis? To remove the ethernet interface itself?
One would possibly assume accidentally removed it from the default bridge - which is why the device model is important - might be best to factory reset the device.
by joegoldman
Thu Oct 01, 2020 3:35 am
Forum: RouterBOARD hardware
Topic: NBN router for Australia
Replies: 4
Views: 802

Re: NBN router for Australia

Hi Lui, RBM33G is an odd choice - and more an integrator part - Mikrotik have much more fully fledged Home/SOHO offerings (see hAP range) NBN in Australia is not a ubiquitous network (no not ubiquiti :P) in that it uses a mix of technologies from Fixed Wireless, to VDSL (FTTN,FTTC), HFC, Satellite a...
by joegoldman
Tue Sep 29, 2020 7:22 am
Forum: General
Topic: Reverse proxy (like nginx) in Mikrotik
Replies: 2
Views: 2314

Re: Reverse proxy (like nginx) in Mikrotik

No. Well maybe with L7 rules but I don't think so. And its not best to put reverse proxy in a router. Its not an all-in-one box, its a router. If you have control over both servers (nginx or apache) set one as the primary, and create a virtualhost for the other and reverse proxy from server 1 to ser...
by joegoldman
Tue Sep 22, 2020 3:33 am
Forum: General
Topic: PPPoE creation and PPPoE scan
Replies: 7
Views: 643

Re: PPPoE creation and PPPoE scan

you 100% can run multiple PPPoE servers on a single downstream interface - this is precisely why 'Service Name' was invented - so based on which service tag was issued it'd know which PPPoE server it was for. Why you are only seeing one, I don't know - might have something to do with the scan tool o...
by joegoldman
Fri Sep 18, 2020 9:04 am
Forum: General
Topic: Scheduler Reboot features not executing [SOLVED]
Replies: 4
Views: 471

Re: Scheduler Reboot features not executing [SOLVED]

Which will suck if Cloudflare DNS ever has a outage in their area :P Gotta be careful with watchdog ping - something in your control that you can move around is usually better, for instance I use a VRRP IP on 2 of my core routers so if a remote routers watchdog ping to that goes down either my whole...
by joegoldman
Fri Sep 18, 2020 5:17 am
Forum: General
Topic: Scheduler Reboot features not executing [SOLVED]
Replies: 4
Views: 471

Re: Scheduler Reboot features not executing [SOLVED]

Those checkboxes are the scripts 'permissions' so to speak, so you've given that script permission to do a reboot, but you still must have a script to do the reboot.
/system reboot
edit: You'll probably also want to set the interval to 1d as well if im not mistaken.
by joegoldman
Mon Sep 14, 2020 10:26 am
Forum: Announcements
Topic: v6.46.7 [long-term] is released!
Replies: 45
Views: 12208

Re: v6.46.7 [long-term] is released!

Hi Shouldn't we be seeing the changelog from 6.45.9 to 6.46.7 not from 6.46.6 ? Going up a major version in a long-term release should be looked over a bit more carefully before we take the plunge. Also what is the process for 'upgrading' a routerboard that does not have direct internet access from ...
by joegoldman
Wed Sep 09, 2020 2:09 pm
Forum: General
Topic: Multiple queues for pppoe user
Replies: 5
Views: 900

Re: Multiple queues for pppoe user

Because you are dynamically creating queue from ppp profile - traffic matches that first and is used so never hits the other queue. I haven't tried this solution before but your better bet is probably to make both queue's 'static' i.e. created and packet mark individually (or packet mark one then ha...
by joegoldman
Tue Sep 01, 2020 3:02 am
Forum: Announcements
Topic: WinBox v3.25 released!
Replies: 68
Views: 8373

Re: WinBox v3.25 released!

Problems with Winbox UI I'd like to see fixed 1) Category Grouping Happening for quite a while, it used to work as expected - the 'Show Categories' grouping only bases and groups based on 'First Character' (on any field), for instance if I have 5 routers with Username 'joe' and 5 routes with usernam...
by joegoldman
Thu Aug 27, 2020 1:12 am
Forum: RouterOS v7 BETA
Topic: Y u no can specify an interface in routers like you used to be able to?
Replies: 5
Views: 683

Re: Y u no can specify an interface in routers like you used to be able to?

More info required. What are you trying to do. What version are you running. What hardware are you running.
by joegoldman
Wed Aug 26, 2020 2:36 am
Forum: General
Topic: Router overhead
Replies: 2
Views: 310

Re: Router overhead

Its not just the router - remember that those speedtests generally show your average speed over the span of the test, so if you took a few seconds to ramp up to 100mbps, then the few seconds at lower speeds are then factored into your average. Along with that you have overhead in whatever protocol t...
by joegoldman
Wed Aug 26, 2020 2:30 am
Forum: General
Topic: Architecture and growth - how to know when to change
Replies: 7
Views: 1500

Re: Architecture and growth - how to know when to change

I think you are also expecting too much of sub-set services. The CCR's are not made to be an ISP grade DNS resolver. DNS server is mostly built in to do its own lookups - and recursive for local cache in the stance of home/smb/corporate. When you are talking 100's or 1000's of clients, and waterfall...
by joegoldman
Mon Aug 24, 2020 2:12 am
Forum: General
Topic: 2 BRAS With Same IP pool LIST
Replies: 7
Views: 1386

Re: 2 BRAS With Same IP pool LIST

RADIUS is the only answer if you want to use overlapping pool on both BRAS - which is common if using public IPv4 due to IP availability. You could potentially have scripts running to help manage this but it'd be messy and not fool proof so not great. RADIUS can manage a pool though if you don't wan...
by joegoldman
Fri Aug 14, 2020 7:48 am
Forum: Beginner Basics
Topic: Aggregate 2 CRS 125 24G 1S switches
Replies: 2
Views: 811

Re: Aggregate 2 CRS 125 24G 1S switches

They do not support stacking. You design this as a L2 network with whats required. Safest way is probably to plug 2nd switch into next port on router place the 2 switch uplinks on the router into a bridge and move any sub-interfaces(vlans) to that bridge interface, so the VLAN's span across the 2 sw...
by joegoldman
Wed Aug 12, 2020 9:41 am
Forum: General
Topic: Nth Load balancing -Slow speed
Replies: 7
Views: 1416

Re: Nth Load balancing -Slow speed

As said above - load balancing per packet or similar systems won't work well on jittery connections - your best bet to use the 6mbit combined is to do it per connection, so a stream always uses only 1 SIM, and yes means that one stream is limited to 3mb, but as more connections happen it will balanc...
by joegoldman
Thu Aug 06, 2020 1:57 am
Forum: RouterBOARD hardware
Topic: The big CCR2004 reboot thread (was 2004 hardware issues?)
Replies: 169
Views: 19396

Re: 2004 hardware issues?

Something like this is better sent to support@mikrotik.com to start a real case - this is a discussion forum not a proper support channel.
by joegoldman
Wed Jul 29, 2020 12:52 am
Forum: Beginner Basics
Topic: Different VLAN SVIs?
Replies: 2
Views: 844

Re: Different VLAN SVIs?

SVI, from my understanding, is jut a L3 interface for L2 VLAN to attach. Similar concept in RouterOS would be bridges, and assigning ports/vlan interfaces to the bridge, the bridge interface is now the 'SVI'. Depending on your device depends on how you'd do this though. Your better bet would be to s...
by joegoldman
Wed Jun 10, 2020 5:58 am
Forum: General
Topic: ccr1036 shutdown with smart plug - schedule on/off
Replies: 2
Views: 537

Re: ccr1036 shutdown with smart plug - schedule on/off

Will not damage turning off an on too bad. There is a shutdown process in RouterOS that you could use 10 mins before you turn off smart plug, but it sounds like a residential install which a 1036 is SUPER overpowered for, why not replace with a 3011 or ccr1009 that has passive cooling only or someth...
by joegoldman
Thu May 28, 2020 2:51 am
Forum: Announcements
Topic: Winbox v3.24 released!
Replies: 106
Views: 62238

Re: Winbox v3.24 released!

It'd be really great if you can fix group sorting I put all my routers into groups, then I sort by group and go 'Show Categories' - this used to work in that it would be unique per group, but for the last few releases it does it by first letter, so if I have a heap of Client1 Client1 Client2 Client2...
by joegoldman
Wed Apr 29, 2020 2:09 pm
Forum: Announcements
Topic: MikroTik newsletter May 2020 (#95)
Replies: 50
Views: 29472

Re: MikroTik newsletter May 2020 (#95)

Will CCR2X series come out straight with ROSv7 or will it be part of the v6 family first?
by joegoldman
Wed Apr 29, 2020 4:48 am
Forum: Beginner Basics
Topic: pleas help me [SOLVED]
Replies: 5
Views: 2217

Re: pleas help me [SOLVED]

It is always Best practice not to use your real Public IPs as an example... Your ISP gave you a /30 Subnet Block, lets say X.Y.Z.136/30 ... One of there addresses, usually the first one, so the 176.74.123.137 will be used by your ISP. The second one 176.74.123.138 must be used by you and setup on t...
by joegoldman
Mon Apr 06, 2020 2:36 pm
Forum: General
Topic: Fighting spam with a standard firewall
Replies: 10
Views: 2348

Re: Fighting spam with a standard firewall

Can you be more specific on what type of spam you are concerned about?? How to autodetect infected or spammer users what criteria do you want to be blocking them based on? You could monitor connection limits on standard ports and block users if they are connecting too much, but usually spam is dete...
by joegoldman
Mon Apr 06, 2020 2:22 pm
Forum: General
Topic: VRF basics - layer 3 separation
Replies: 2
Views: 1267

Re: VRF basics - layer 3 separation

In outside relation to your actual issue - please be aware that management services in RouterOS are not VRF aware and will not talk back to you via the VRF even if you can connect to it via that.

Your best bet is to leave main as management and create customer VRF's on top.
by joegoldman
Sun Mar 29, 2020 7:26 am
Forum: General
Topic: why
Replies: 4
Views: 1598

Re: why

Using quick set - you are correct changing subnet will delete the existing IP on it that you are likely connected through. You can get around this with mac-winbox (connect via MAC address not IP) that way IP's changing doesn't matter Or do it manually, dualstacking both IP's until you have the new o...
by joegoldman
Fri Mar 20, 2020 2:54 pm
Forum: Beginner Basics
Topic: L2TP/IPSec and Windows 10 road warriors
Replies: 4
Views: 2243

Re: L2TP/IPSec and Windows 10 road warriors

I literally configured mine by starting from default config and going into PPP->L2TP server settings and ticking use IPSec, and then whatever config was default in /ip ipsec area. Maybe export what you have and give some sample of your logs of failed logins and we can help identify whats wrong.
by joegoldman
Fri Mar 20, 2020 2:51 pm
Forum: General
Topic: Winbox save custom layout
Replies: 1
Views: 901

Re: Winbox save custom layout

Yes. Things are saved in 'Sessions' Usually it is a unique session by IP address you are connecting to, and it auto saves by default when you log out So when you log back into the same router - It will load what you had opened when you left. I prefer to have auto save OFF - and I logged in to a test...
by joegoldman
Fri Mar 20, 2020 2:13 pm
Forum: Forwarding Protocols
Topic: no enforce-first-as in RouterOS?
Replies: 10
Views: 4001

Re: no enforce-first-as in RouterOS?

hello,
Please what is the mikrotik equivalent of "no bgp enforce-first-as" on cisco
This very thread explains the equivalent (none). Read it.
by joegoldman
Fri Mar 20, 2020 11:50 am
Forum: Wireless Networking
Topic: CAPsman - Is this possible ?? [SOLVED]
Replies: 12
Views: 4819

Re: CAPsman - Is this possible ?? [SOLVED]

Make a security config in capsman (Security Cfg. tab) Have that as your master password Under COnfigurations, create a config for each SSID Make each config reference the one Security config for their security (Top option under Security tab in new config window) Assign the different configs to the d...
by joegoldman
Wed Mar 18, 2020 12:12 am
Forum: Announcements
Topic: Photos of towers and masts
Replies: 81
Views: 35919

Re: Photos of towers and masts

Not a big mikrotik install - we use Mikrotik routers everywhere but not so much wireless gear for various reasons. However we have started using the new 60ghz products for short haul stuff - here is a recent install with redundant links (60ghz to about 600m away, airfiber for a few km away) https://...
by joegoldman
Mon Jan 13, 2020 5:14 am
Forum: Beginner Basics
Topic: MultiCast between VLANS (Chromecast vlan1) to/from (PC/Mobile vlan2)
Replies: 13
Views: 5343

Re: MultiCast between VLANS (Chromecast vlan1) to/from (PC/Mobile vlan2)

No there is no real way to do this - unless you properly bridge the VLAN's making them 1 big broadcast domain anyways in a sense. The correct way it seems is to use an avahi reflector so a server that has visibility to both networks and just relays the discovery packets between them. From my underst...
by joegoldman
Thu Jan 09, 2020 3:53 am
Forum: General
Topic: CCR1036 DC input?
Replies: 6
Views: 1653

Re: CCR1036 DC input?

We used 2 separate standalone generic 24v PSU's.

We actually crammed 4x24v PSU's in a 1RU box - to power 2x CCR1036's. The box had A+B AC feed, and each AC feed powered 2x PSU's, then one PSU from each feed into each CCR.
by joegoldman
Thu Jan 09, 2020 3:50 am
Forum: General
Topic: Filter Rule slow speed with it enabled.
Replies: 5
Views: 1153

Re: Filter Rule slow speed with it enabled.

Try use src-address or src-address-list to limit the rule only to certain IPs or just your LAN ips so its only checking outgoing connections and not incoming as well. With it enabled, how many hits is it getting (open it up and you will see the packets per second rate on the rule) Why are you just b...
by joegoldman
Tue Jan 07, 2020 12:45 am
Forum: Beginner Basics
Topic: NAT with multiple public IP
Replies: 1
Views: 2159

Re: NAT with multiple public IP

You will also need hairpin nat

https://wiki.mikrotik.com/wiki/Hairpin_NAT
by joegoldman
Fri Jan 03, 2020 8:11 am
Forum: General
Topic: Filter Rule slow speed with it enabled.
Replies: 5
Views: 1153

Re: Filter Rule slow speed with it enabled.

So many questions here. What is the router you are using? What is the filter rule? With it enabled, how many hits is it getting (open it up and you will see the packets per second rate on the rule) Why are you just blocking it rather than finding and fixing the offending machine(s)? (Or is this ISP/...
by joegoldman
Fri Jan 03, 2020 8:06 am
Forum: General
Topic: Starting small ISP Project
Replies: 2
Views: 703

Re: Starting small ISP Project

Generally, you use PPPoE (or IPoE which is just a cut down DHCP server in a lot of ways) with RADIUS accounting. You can do this with your own billing package or you can use usermanager which is a mikrotik available package. Usermanager is limited in its features and billing, its generally a lot mor...
by joegoldman
Wed Jan 01, 2020 11:14 am
Forum: Scripting
Topic: what port except gaming port ? [SOLVED]
Replies: 2
Views: 2414

Re: what port except gaming port ? [SOLVED]

just do where dst-port != <gaming port>

Gaming port will be dependant on the game, and ther emight be a few. YOu'll have to research for each game.

Then you can put a matcher for high priority on dst-port = and a lower a priority on dst-port != or something
by joegoldman
Tue Dec 31, 2019 12:02 am
Forum: RouterOS v7 BETA
Topic: ROS-7-xxx-Dev--X86-64Bit-BGP
Replies: 3
Views: 3652

Re: ROS-7-xxx-Dev--X86-64Bit-BGP

It's still beta. They are testing function by function. There will be no set date. Wait until first release candidate if you want feature parity to ROS6 , ROS7 beta's will likely go for a long time.
by joegoldman
Wed Dec 18, 2019 11:44 pm
Forum: Beginner Basics
Topic: Factory Reset Mikrotik Router - Lost internet
Replies: 6
Views: 1341

Re: Factory Reset Mikrotik Router - Lost internet

You will need to reconfigure to suit your ISP, you may need to call them and ask them, do you need DHCP on the WAN, do you need PPPoE, set up the WAN then set up NAT etc - a lot of it may be possible through quick set, you'll just need to know what is needed from your ISP.
by joegoldman
Wed Dec 18, 2019 12:00 pm
Forum: General
Topic: Port 80/443 block, except few Microsoft dev sources
Replies: 8
Views: 1335

Re: Port 80/443 block, except few Microsoft dev sources

This is more a job for a content firewall but it may be possble with some L7 matching rules - they are taxing on the router CPU so depends how much traffic you have but should be possible with some management overhead.
by joegoldman
Wed Dec 18, 2019 9:35 am
Forum: Beginner Basics
Topic: Publishing multiple web servers
Replies: 3
Views: 1332

Re: Publishing multiple web servers

Dont know about TMG - but a slimline NGINX reverse proxy running on even a RPi (or small VM if you have VM hardware) is your only bet to route via host header. The Mikrotik only see's the TCP stream and can't really jump into the packets and determine host header - thats read by the webserver when i...
by joegoldman
Sun Dec 15, 2019 9:18 am
Forum: RouterBOARD hardware
Topic: CCR1036-8G-2S+EM physical ethernet port, where to get?
Replies: 5
Views: 3222

Re: CCR1036-8G-2S+EM physical ethernet port, where to get?

If everything else works besides that port - I think your best bet is to just accept the loss and run one port down, and plan on buying a new one. If you really need the extra port(s) perhaps look at a cheap-ish managed switch and breakout from that using VLAN's. I believe the level of repair you ar...
by joegoldman
Wed Dec 11, 2019 8:59 am
Forum: Announcements
Topic: v6.47beta [testing] is released!
Replies: 269
Views: 133359

Re: v6.47beta [testing] is released!

In v6.47beta there is a new menu added - "/system health gauges". You should use this for polling "Health" related data from all the RouterBOARDs.
Does this come with new associated MIBs / OID's? Or more for polling via API?
by joegoldman
Wed Dec 11, 2019 7:31 am
Forum: Wireless Networking
Topic: LHG60 with 5Ghz Backup
Replies: 21
Views: 4651

Re: LHG60 with 5Ghz Backup

If you happen to use Extreme switches, I found the PERFECT solution. Port Redundancy. Or an open standard like most switches LACP in an active/backup mode. Or could use multiple links into routers and OSPF cost metrics or MPLS with traffic engineering. There are multiple solutions to the problem, b...
by joegoldman
Wed Dec 11, 2019 4:01 am
Forum: RouterBOARD hardware
Topic: What is your opinion of Mikrotik routers?
Replies: 3
Views: 3116

Re: What is your opinion of Mikrotik routers?

As routers, like you said, their benefit comes in flexibility and price. Any model can do just about anything, i.e. tiny little $40 routers doing OSPF, BGP, MPLS etc. Once you know RouterOS you can do a lot. YOu just have to be more mindful of your updates, a bit more overhead in management and chan...
by joegoldman
Wed Dec 11, 2019 3:52 am
Forum: General
Topic: Limit Instagram App Speed
Replies: 4
Views: 1435

Re: Limit Instagram App Speed

It would work for a while but these domains have many IP's and could be routed to many endpoints. Your better bet would be some kind of L7 matching rule to get the domain and/or the CDN domains underneath, perhaps capture traffic on a few instagram app processes and see what domains it hits for data...
by joegoldman
Tue Dec 10, 2019 9:54 am
Forum: General
Topic: Cannot connect to services running on LAN machines, from the same LAN
Replies: 2
Views: 677

Re: Cannot connect to services running on LAN machines, from the same LAN

It is more likely this is a host firewall issue - on the same broadcast domain never really hits filter rules unless you have firewall filtering on the bridge interface enabled - within the same LAN it should all keep going. I don't believe this to be a mikrotik problem at all, check firewall on the...
by joegoldman
Tue Dec 10, 2019 8:58 am
Forum: Beginner Basics
Topic: Is it possible to make Mikrotik loop back?
Replies: 5
Views: 1654

Re: Is it possible to make Mikrotik loop back?

What you are looking for is hairpin NAT

https://wiki.mikrotik.com/wiki/Hairpin_NAT
by joegoldman
Sat Dec 07, 2019 7:55 am
Forum: General
Topic: Set Daily download limit
Replies: 1
Views: 595

Re: Set Daily download limit

You will need to use some kind of billing / user system based on RADIUS - the mikrotik built in one would be usermanager - it has very basic features and can integrate with pppoe, hotspot etc, or there are much more feature filled billing systems out there that you can use also.
by joegoldman
Sat Dec 07, 2019 7:54 am
Forum: Forwarding Protocols
Topic: Ospf multi ext gateway
Replies: 2
Views: 2020

Re: Ospf multi ext gateway

Its never too early to implement MPLS. The earlier you do it the less hassle you'll have to endure later. If your hoping to do it purely in OSPF - you will either need to run 2 route tables (VRF's) so they can have different gateways. You can separate the customers by either placing them directly in...
by joegoldman
Fri Nov 29, 2019 4:49 am
Forum: General
Topic: The sad state of OpenVPN
Replies: 12
Views: 4516

Re: The sad state of OpenVPN

Mikrotik were adding new features to OpenVPN in the ROSv7 Beta - so its likely they are going to concentrate on it again - its possible some of the limitations were based on the older kernel and now they putting the newer kernel in they might be able to expand support.
by joegoldman
Tue Nov 26, 2019 2:36 am
Forum: Virtualization
Topic: CHR 6.44.6 with VMWARE 6.7 dont balance cpus
Replies: 12
Views: 3638

Re: CHR 6.44.6 with VMWARE 6.7 dont balance cpus

My answer is still valid. I think you misunderstand CPU loads - you can never really perfectly balance processes among all CPU's. 'Ethernet' could have multiple threads. Thats why you see it on multiple CPU's, and on every CPU 'Firewall' could have multiple threads. Thats why you see it on multiple ...
by joegoldman
Tue Nov 26, 2019 12:32 am
Forum: Wireless Networking
Topic: Can we request for 2 types of firmware? [SOLVED]
Replies: 8
Views: 4468

Re: Can we request for 2 types of firmware? [SOLVED]

This will have a lot to do with moving to v7 on a 4.x kernel. The main reason for the custom drivers with new chipsets would be likely due to backporting to fit the older 2.x kernel that ROSv6 is running on (i believe its 2.x) Very excited for first official build of v7 with feature parity, so we ca...
by joegoldman
Wed Nov 13, 2019 6:54 am
Forum: Virtualization
Topic: CHR 6.44.6 with VMWARE 6.7 dont balance cpus
Replies: 12
Views: 3638

Re: CHR 6.44.6 with VMWARE 6.7 dont balance cpus

It is using all CPU's, you can actually see all but 2 CPU's with 'some' usage on them. In particuluar though it looks like 2 specific threads are busier, and are using a CPU each. A lot of processes in RouterOS are not perfectly multi-threaded. Some processes when they get busy will only use 1 CPU c...
by joegoldman
Sun Nov 10, 2019 12:40 pm
Forum: Wireless Networking
Topic: Chromecast is not discoverable on second AP
Replies: 10
Views: 3138

Re: Chromecast is not discoverable on second AP

they use mDNS / Bonjour protocols, so devices must be on the same broadcast domain - your best bet is to use some sort of proxy device that sits on both LANs and can relay the relevant discovery packets.
by joegoldman
Wed Oct 30, 2019 2:55 am
Forum: General
Topic: Multiple ISP w/ Bandwidth Sensitivity
Replies: 2
Views: 825

Re: Multiple ISP w/ Bandwidth Sensitivity

Yes some of it easier than others, walking you through it is likely a fruitless endeavour as it would require a decent amount of working knowledge. For routing certain devices via one internet connection look at routing marks and route tables to change the route for those singular devices. For your ...
by joegoldman
Mon Oct 28, 2019 1:59 pm
Forum: General
Topic: WAN DHCP Lease Renew Abnormal with NBN
Replies: 11
Views: 2846

Re: WAN DHCP Lease Renew Abnormal with NBN

Even if i request static ip address from ISP, the static ip is also delivered thru DHCP. No...! Ofcorse you can assign that static IP to an interface without the need of a dhcp client... Be sure of what you write before you tout it as gospel - this is DHCP but its mostly IPoE which is not your conv...
by joegoldman
Wed Oct 23, 2019 10:26 pm
Forum: RouterOS v7 BETA
Topic: Scope of v7.0
Replies: 6
Views: 4304

Re: Scope of v7.0

Is the scope of the first release of v7 covered by current beta? In other words is the current beta functionality-wise complete? I believe the plan is to be on parity with latest 6.4x releases - the main difference being its on new kernel and will enable certain performance increases and possible n...
by joegoldman
Wed Oct 23, 2019 1:24 am
Forum: General
Topic: Mikotik routing marks
Replies: 13
Views: 2387

Re: Mikotik routing marks

DO a full /export hide-sensitive so we can get an idea of your full setup.
by joegoldman
Thu Oct 17, 2019 4:55 am
Forum: Beginner Basics
Topic: mikrotik router date and time is false
Replies: 2
Views: 1331

Re: mikrotik router date and time is false

System->Clock to set it manually
System->SNTP Client to set it up to talk to an NTP server to set it automatically.
by joegoldman
Tue Oct 15, 2019 12:37 am
Forum: RouterBOARD hardware
Topic: New High Performance Routers ! ?
Replies: 82
Views: 16219

Re: New High Performance Routers ! ?

I see that it wont be happening at all in the near future. I'd hazard a guess at something by mid-2020, we have QSFP switches now I'm expecting a companion router - and not tile, less cores, more power per core, based on Router OS 7.0 (perhaps even a high powered ARM device given the 7.0beta has be...
by joegoldman
Sat Oct 12, 2019 11:47 am
Forum: Scripting
Topic: Script out entire router configuration or just a section of it?
Replies: 4
Views: 2260

Re: Script out entire router configuration or just a section of it?

Yes for templates I tend to set up a device how I like it and '/export' the entire config then go through it separately and turn certain things into variables with a config section up the top - so its easier and quicker to edit for different routers. I find you need to have a template version per de...
by joegoldman
Sun Sep 29, 2019 1:34 pm
Forum: Wireless Networking
Topic: CAPsMAN 5G and 2G network at same time
Replies: 11
Views: 4057

Re: CAPsMAN 5G and 2G network at same time

Same SSID and password, and let the client decide. There will be very limited cases where devices that wont prefer 5G will need 5G. If they are static devices (such as TV's) then you can ACL them onto 5G but ultimately if they are not bandwidth heavy then it won't really matter all that much.
by joegoldman
Tue Sep 24, 2019 2:48 am
Forum: RouterBOARD hardware
Topic: Recover from "No Default Configuration" System Reset
Replies: 17
Views: 5124

Re: Recover from "No Default Configuration" System Reset

you can also run winbox under wine with mac-winbox working OK - can be a bit iffy but it does work. Sometimes you have to wait for the device to go to link-local address (wont detect the router while still searching for IP) or just set a static IP. Once connection 'established' on your linux box, wi...
by joegoldman
Sun Sep 22, 2019 4:16 am
Forum: General
Topic: CRS 328 SFP+ Speed
Replies: 5
Views: 1396

Re: CRS 328 SFP+ Speed

Theoretically - as long as the disks in the NAS etc can sustain 10gbps, then yes the switch will forward 10gbps as long as its properly configured to use the switch chip.

When it's using the switch chip, it will forward traffic at full wire speed.
by joegoldman
Sat Sep 21, 2019 4:51 pm
Forum: General
Topic: CRS 328 SFP+ Speed
Replies: 5
Views: 1396

Re: CRS 328 SFP+ Speed

As ste is alluding to - the CRS is for switching, traffic generator would require the packets to hit the CPU and not be handled purely in switch chip. TO test speed of your CRS328 you would need something out another port to push to the CCR1009, so you are testing the CRS forwarding capability - whi...
by joegoldman
Wed Sep 18, 2019 2:52 am
Forum: General
Topic: CRS317-1G-16S+ Suddenly Stopped Hardware forwarding
Replies: 0
Views: 741

CRS317-1G-16S+ Suddenly Stopped Hardware forwarding

Hi Forum, Not sure if anyones seen this issue. I have a CRS317-1G-16S+ in production currently running 6.43.4. I have all running switchports in the bridge, with SFP+1 and SFP+2 in a Bonding interface, which is also in the bridge, and indicated hardware in the bridge port list for hardware offload. ...
by joegoldman
Fri Sep 13, 2019 4:37 am
Forum: Beginner Basics
Topic: Setting Mikrotik with Leased Line Topology
Replies: 8
Views: 1731

Re: Setting Mikrotik with Leased Line Topology

I've steered you to the likely answer - give it a go and tell me if it works. If you are not understanding what I am explaining then perhaps this task is beyond your capabilities and you should hire someone to help you. My explanation explains why you would not be able to ping the web server from yo...
by joegoldman
Thu Sep 12, 2019 7:18 am
Forum: Beginner Basics
Topic: Setting Mikrotik with Leased Line Topology
Replies: 8
Views: 1731

Re: Setting Mikrotik with Leased Line Topology

yep so .161 doesnt know how to get back to you, which likely means you are presenting as your internal IP 192.168.88.x. Like a normal internet connection, you'll need to NAT your connection out of that interface. /ip firewall nat add chain=srcnat action=masquerade out-interface=<whatever interface t...
by joegoldman
Thu Sep 12, 2019 6:52 am
Forum: Beginner Basics
Topic: Setting Mikrotik with Leased Line Topology
Replies: 8
Views: 1731

Re: Setting Mikrotik with Leased Line Topology

You'll likely also have to set a NAT rule to src-nat (or masquerade) for traffic out that interface as well, so it will appear as coming from 10.10.10.162 (as their network likely does not have a route back to you for 192.168.88.0/24)
by joegoldman
Thu Sep 12, 2019 4:41 am
Forum: Wireless Networking
Topic: 420Mbps inside trafic
Replies: 2
Views: 1078

Re: 420Mbps inside trafic

that is specifically the CAPsMAN tunneling protocol - not sure why so much data would be going through it if not doing rolling upgrade etc - having it on all interfaces like that makes me think a bridge or loop issue. Perhaps see if you can capture the traffic and load it up in wireshark so you can ...
by joegoldman
Thu Sep 05, 2019 2:57 pm
Forum: General
Topic: Netflow and AS
Replies: 1
Views: 860

Re: Netflow and AS

It's been requested for years and never made it in, not really sure what the technical hurdle to this is apart from perhaps too many expensive route table lookups to get that information (RIB vs FIB), think about how long it takes to search the route table sometimes compared to other routing OS's. O...
by joegoldman
Tue Sep 03, 2019 7:39 am
Forum: Scripting
Topic: Changing autorun.scr no longer works
Replies: 7
Views: 3102

Re: Changing autorun.scr no longer works

This is a user forum - so yes wrong way to get an official answer. Email their support staff, support@mikrotik.com I believe is still the current one.
by joegoldman
Mon Aug 12, 2019 5:36 am
Forum: RouterBOARD hardware
Topic: CRS312, CRS326-24S+2Q+ MIPSBE CPU?
Replies: 7
Views: 4631

Re: CRS312, CRS326-24S+2Q+ MIPSBE CPU?

I'm sure QSFP+ enabled routers (CCR2xxx) range will be in the pipeline, these switches are basically the introduction to them. A 1072 equivalent with 2x QSFP and 6+ SFP+ ports will be magical for core routing.
by joegoldman
Mon Aug 12, 2019 4:32 am
Forum: RouterBOARD hardware
Topic: CRS312, CRS326-24S+2Q+ MIPSBE CPU?
Replies: 7
Views: 4631

Re: CRS312, CRS326-24S+2Q+ MIPSBE CPU?

These aren't marketed (or priced) as full L3 switches. Yes you can route ports to CPU and run some L3 functions, but it is not a fully featured / full wire rate L3 switch, so if thats what you want this product for then this product is not for you. You'd have to send in your recommendations to Mikro...
by joegoldman
Mon Aug 05, 2019 1:50 am
Forum: Forwarding Protocols
Topic: 'Mesh' Network MPLS design
Replies: 0
Views: 2059

'Mesh' Network MPLS design

Hi Forum, Running a decentralised mesh style network, where we have 10-20 sites interconnected via PtP links in big and small loops. Each site terminates PPPoE services locally and installs the customer route in the route table via OSPF - this is working well so far. However I have been thinking of ...
by joegoldman
Mon Aug 05, 2019 1:40 am
Forum: General
Topic: MTU settings for provider network
Replies: 0
Views: 606

MTU settings for provider network

Hi Forum, Looking to know your thoughts on MTU settings for provider networks. We run a decentralised core style setup - a PtMP wireless network from multiple tours. Each tower has an RB1100AHx4 or an RB3011 at the bottom, these routers terminate all local PPPoE sessions and then run OSPF between th...
by joegoldman
Wed Jul 17, 2019 9:49 am
Forum: General
Topic: VLAN within a VLAN
Replies: 5
Views: 1026

Re: VLAN within a VLAN

Yes Possible, its called Q-in-Q. On Mikrotik its more referred to as S-tag, which would be the outer tag. So you could potentially: VLAN100 - STag enabled VLAN101 - Parent Int VLAN100 VLAN102 - Parent Int VLAN100 etc but networks between you and remote need to support you tagging this way too, they ...
by joegoldman
Mon Jul 08, 2019 1:57 pm
Forum: General
Topic: CSS610-8P-2D+OUT availability
Replies: 3
Views: 1006

Re: CSS610-8P-2D+OUT availability

Considering the only reference to that part number I can find is this one thread, you'll have to be more specific at what device your looking at. Do you have a link to the announcement for it?
by joegoldman
Mon Jul 08, 2019 12:56 am
Forum: General
Topic: RULE for BANKS
Replies: 15
Views: 2175

Re: RULE for BANKS

Your request is way too ambitious and unlikely. The easiest way is to look at the different RIR's, and find banking organisations, then you will have their IP blocks. Not all banks are likely to have their own allocation though. Then you get those who host their user services front-end in a cloud li...
by joegoldman
Mon Jul 08, 2019 12:53 am
Forum: Forwarding Protocols
Topic: OSPF Force path for specific subnet
Replies: 6
Views: 2838

Re: OSPF Force path for specific subnet

Static routes, with check-gateway = ping.

So if Link A is your defailt and you want a specific subnet to go via Link B, then static route with check gateway on Link B (or a netwatch script, which is just as simple), so if Link B dies that traffic goes back via Link A
by joegoldman
Sun Jul 07, 2019 11:16 am
Forum: SwOS
Topic: CSS326-24G-2S+RM POE
Replies: 1
Views: 2453

Re: CSS326-24G-2S+RM POE

Your switches are likely 802.3at/af Active PoE type switches - which is a common standard that a lot of things use, including some models of mikrotiks. The CSS326 unfortunately only accepts 24v Passive PoE in. The pinout is different, and voltage is different. Some switches, specifically managed, ca...
by joegoldman
Thu Jul 04, 2019 2:32 pm
Forum: Beginner Basics
Topic: Advice | Recommendation for new router
Replies: 10
Views: 2072

Re: Advice | Recommendation for new router

hAP ac / ac Pro if you want something smaller/cheaper

RB4011 if you want a beast of a router.
by joegoldman
Thu Jul 04, 2019 2:26 pm
Forum: Beginner Basics
Topic: admin password recovery
Replies: 6
Views: 2353

Re: admin password recovery

Do you have any .backup files? I believe they contain user passwords in them that can be extracted. Other then that, its too new for the old password database hack, you might not have much choice but to factory reset and rebuild - and learn a lesson on having multiple accounts/passwords or complete ...
by joegoldman
Thu Jul 04, 2019 2:23 pm
Forum: Beginner Basics
Topic: How to setup Captive Portal on Mikrotik Router?
Replies: 1
Views: 4046

Re: How to setup Captive Portal on Mikrotik Router?

https://wiki.mikrotik.com/wiki/Hotspot_server_setup

https://wiki.mikrotik.com/wiki/HotSpot_ ... login_page

Mikrotik doesnt host PHP pages natively, if you want a PHP page specifically you'll have to externally host it and have your hotspot configured to point to it (all info in those 2 links)
by joegoldman
Thu Jul 04, 2019 2:21 pm
Forum: General
Topic: Choice router for central speed test
Replies: 7
Views: 1471

Re: Choice router for central speed test

RB1100AHx4 or RB3011 - they have faster cores vs the CCR range which have many slower cores. 1100 or 3011 shoul dbe OK for 100mbit throughput testing.
by joegoldman
Wed Jul 03, 2019 11:23 pm
Forum: General
Topic: unwanted change of source IP in my traffic
Replies: 6
Views: 1038

Re: unwanted change of source IP in my traffic

add action=masquerade chain=srcnat
This piece right here will masquerade all traffic everywhere. Define this better or get rid of it.
by joegoldman
Wed Jul 03, 2019 1:58 am
Forum: Scripting
Topic: Script to disable Wlan when no user are logged on
Replies: 8
Views: 2660

Re: Script to disable Wlan when no user are logged on

Well - if its allowing for business hours, you'd disable wifi once last person logs off after say 5-6pm, so it doesnt force them off at a set time in case they are working back, but then leave it off till predetermined time like 7am. All depends on the setup and intent but makes sense to an extent, ...
by joegoldman
Tue Jul 02, 2019 2:27 pm
Forum: RouterBOARD hardware
Topic: RB4011 Metal temperature is really hot
Replies: 53
Views: 18316

Re: RB4011 Metal temperature is really hot

you will need active cooling, so buy a model with active cooling (RB1100AHx4 would be my suggestion).
Be careful choosing device, both RB1100AHx4 models have passive cooling!
Hrmm i swear I remember fan holes on the back of 1100 case - maybe im thinking older model? My bad.
by joegoldman
Tue Jul 02, 2019 3:06 am
Forum: RouterBOARD hardware
Topic: RB4011 Metal temperature is really hot
Replies: 53
Views: 18316

Re: RB4011 Metal temperature is really hot

you need to buy hardware for the installation, not just for the specs. If you are working in hot environments with no natural airflow / air-con then you will need active cooling, so buy a model with active cooling (RB1100AHx4 would be my suggestion). There is more to product selection then just spec...
by joegoldman
Tue Jul 02, 2019 2:01 am
Forum: General
Topic: Customer Traffic through Multiple Queues
Replies: 1
Views: 570

Customer Traffic through Multiple Queues

Hi Forum, Having an interesting problem I'd like to try figure out. I use PPPoE on my network for subscribers, when they login they get a dynamic pppoe interface simple queue, lets say 10mbit. On the transit side, I'd only like them to get 5mbit But local resources able to get the full 10mbit. My id...
by joegoldman
Sun Jun 30, 2019 8:34 am
Forum: General
Topic: Out of the box problem with GUI
Replies: 3
Views: 922

Re: Out of the box problem with GUI

On the quickset page, after ticking address acquisition to be 'Automatic' you have to hit 'Apply Configuration' down the bottom right for it to stick. Then you can go into Webfig, go to ip->addresses to see the address asigned to you, or you can go ip->dhcp client to see the status of your dhcp requ...
by joegoldman
Thu Jun 27, 2019 12:56 am
Forum: General
Topic: Best Way to Isolate Bridges to Reach Each Other's IPs
Replies: 26
Views: 3965

Re: Best Way to Isolate Bridges to Reach Each Other's IPs

just easy forward rule, in-interface=a, out-interface=b action=drop, and vice versa, that way no traffic can go between a and b.
by joegoldman
Wed May 29, 2019 2:54 am
Forum: General
Topic: NBN FTTC TPG NCD + MT
Replies: 2
Views: 1089

Re: NBN FTTC TPG NCD + MT

This is more a TPG thing then a NBN or even Mikrotik thing - so the post probably has little relevance here - might be a good post for the Australian Whirlpool forums or something. In particular though, your question of whether or not using your buddies username would give you more speed - the answe...
by joegoldman
Tue May 21, 2019 3:11 am
Forum: General
Topic: Very unusual situation Two bad CCRs in a row?
Replies: 1
Views: 623

Re: Very unusual situation Two bad CCRs in a row?

Its unlikely to be a hardware issue if 2 are doing it. 3011 and ccr1009 are fundamentally different in configurations of ports (switch vs routed etc etc) so there may be snafu's in the config. Post an /export hide-sensitive and mask any identifiable information, and explain which part exactly is not...
by joegoldman
Thu May 02, 2019 12:14 pm
Forum: Scripting
Topic: Script initiate Winbox windows?
Replies: 3
Views: 1034

Re: Script initiate Winbox windows?

I prefer not to use webfig - I want it for myself too as super user - so dont want to be logging out / in all the time, and I dont think the skinning tool is flexible enough, as I want the same tool but in many different configs, mostly I want the ping and traceroute tool but with specified src-addr...
by joegoldman
Thu May 02, 2019 12:45 am
Forum: Scripting
Topic: Script initiate Winbox windows?
Replies: 3
Views: 1034

Script initiate Winbox windows?

Hi *, I think I know the answer to this already (no) - but is there a way to make a script initiate a winbox GUI element? i.e. I run certain tests / traceroutes / pings etc with different VRF's or source IP's to test different parts of my network - it would be handy if I could 'pre-script' these so ...
by joegoldman
Wed May 01, 2019 2:11 pm
Forum: Forwarding Protocols
Topic: Create BGP communities [SOLVED]
Replies: 3
Views: 6642

Re: Create BGP communities [SOLVED]

yes, you dont 'create' communities, routes are tagged with community strings. So when you receive routes from a downstream peer, then when distributing upstream you use route filters community option to decide what to do with them, i.e. can block all routes with community 111:222 or whatever you cho...
by joegoldman
Tue Apr 30, 2019 2:14 am
Forum: General
Topic: implementation of bgp filters on ipv6 tab
Replies: 2
Views: 929

Re: implementation of bgp filters on ipv6 tab

On routing filters, use Address Family option (IP or IPv6) to apply that filter to only one type of address, so you dont catch v4 and v6 together.
by joegoldman
Tue Apr 23, 2019 9:28 pm
Forum: Forwarding Protocols
Topic: Your experience with larger/diverse Area0 OSPF networks?
Replies: 19
Views: 4390

Re: Your experience with larger/diverse Area0 OSPF networks?

At only 7 sites in and 250 routes, we are already looking for a new solution before we grow out of control. There are a few options considering. Unfortunately OSPF will always need to be part of it, but thinking of moving OSPF to Loopback propagation only, and MPLS for customer routes. This can have...
by joegoldman
Mon Apr 22, 2019 11:30 am
Forum: Forwarding Protocols
Topic: OSPF LOOP [SOLVED]
Replies: 2
Views: 4614

Re: OSPF LOOP [SOLVED]

So is it mesh or is it ring? If ring network like you describe (but then add in x-connects between them), are you bridging the interfaces so all routers appear on 1 broadcast domain? If so then this would cause your issue. You may need to turn of OSPF broadcast stuff and to a PtMP style connection b...
by joegoldman
Mon Apr 22, 2019 11:26 am
Forum: General
Topic: Port Knocking, avoid scan-caused false positives?
Replies: 17
Views: 2769

Re: Port Knocking, avoid scan-caused false positives?

I would think to do it different. If they are doing a huge port scan, then maybe a rule where if dst-port = 5999,6001,6999,7001 then add to list portscanner then on your portknocking do src-address-list!=portscanner This should cover scanners going up and down the list, and covers you for hitting 70...
by joegoldman
Mon Apr 22, 2019 11:22 am
Forum: General
Topic: Walled Garden fbcdn.net
Replies: 4
Views: 1221

Re: Walled Garden fbcdn.net

It's because your rule is the first rule - and explicitly drops all https traffic. The rule that allows the walled garden values likely comes after that. paste your /ip firewall filter export and we may be able to tell you the best place to pop the rule. Walled garden setup already restricts user br...
by joegoldman
Mon Apr 22, 2019 9:43 am
Forum: General
Topic: Feature Request : Browser on Winbox
Replies: 12
Views: 12856

Re: Feature Request : Browser on Winbox

Or you can have port forwards - with firewall rule to stop certain IP's, or just enable the NAT while you are working on it etc etc. I go a step further and have port-knock on my devices that puts my current WAN IP in an address-ilst that is allowed to access NAT rules to access wireless gear behind...
by joegoldman
Mon Apr 22, 2019 4:14 am
Forum: General
Topic: How are hardware ports associated with names
Replies: 5
Views: 1342

Re: How are hardware ports associated with names

There is an attribute attached to the interface, more-so hidden in the details "default-name" (do an /interface print detail) - this will refer to the hard port as labelled, i.e. ether1 would be port1. This is a quick last resort, its not quick and easy information to grab. I tend to name ...
by joegoldman
Fri Apr 19, 2019 12:40 am
Forum: Beginner Basics
Topic: 0.0.0.253 ip
Replies: 10
Views: 1847

Re: 0.0.0.253 ip

post your config (/export hide-sensitive) in code tags and we may be able to help.
by joegoldman
Tue Apr 16, 2019 3:10 am
Forum: General
Topic: who can I hire to get a export to work as an import an a clone [SOLVED]
Replies: 7
Views: 1401

Re: who can I hire to get a export to work as an import an a clone [SOLVED]

the all-packages .zip files seem to work so you could download your architecture that way and then just upload the relevant packages that you have installed, bit of a round-a-bout way to do it though.
by joegoldman
Sat Apr 13, 2019 11:43 am
Forum: General
Topic: Mikrotik IP Cloud vs P2P
Replies: 8
Views: 1391

Re: Mikrotik IP Cloud vs P2P

IPv6 is still a second class citizen overall - I found many services where my IPv6 would take over but it would take a worse route or have a degraded service because someone somewhere in the path didnt put as much effort into their traffic engineering for IPv6 as they did IPv4, as IPv4 is the mainst...
by joegoldman
Mon Apr 08, 2019 8:23 am
Forum: General
Topic: Why can my /30 subnet can talk to other subnets?
Replies: 5
Views: 1052

Re: /30 subnet can talk to other subnets

It is because your clients and your router know where to look for each other. In a /24, they would talk directly as they are same broadcast domain, but in your example they are sending traffic to the router, and the router knows 'hey i know how to get to IP x' so routes it, no issue. Best thing to d...
by joegoldman
Wed Apr 03, 2019 1:48 pm
Forum: General
Topic: PPP Secrets - DNS Server
Replies: 3
Views: 973

Re: PPP Secrets - DNS Server

Yes you could use the On Up and On Down scripting tool in ppp profiles, go over to the scripting part of the wiki and you'll be able to start making some scripts

https://wiki.mikrotik.com/wiki/Manual:Scripting
by joegoldman
Tue Apr 02, 2019 2:21 am
Forum: Scripting
Topic: Trying to create a script to enable Mikrotik DHCP server if Microsoft DCHP Server is down.
Replies: 2
Views: 807

Re: Trying to create a script to enable Mikrotik DHCP server if Microsoft DCHP Server is down.

Why not run a DHCP 24/7 but put it on authoritative with 2s or 10s delay, so the Microsoft server has time to respond to DHCP requests first if it doesnt then the mikrotik one will.
by joegoldman
Wed Mar 27, 2019 1:11 am
Forum: General
Topic: 10.000 Clients on One Server
Replies: 7
Views: 1242

Re: 10.000 Clients on One Server

You dont want one hardware failure taking out so many clients, given how cheap Mikrotik hardware is compared to other big platforms, I'd go with up to 5x 36cores with the intent of 2k per router, that way if one fails each router can just go up to 2.5k and handle the load easily.
by joegoldman
Tue Mar 26, 2019 11:46 pm
Forum: Forwarding Protocols
Topic: Make OSPFv3 use Global IPv6 addresses instead of LinkLocal? [SOLVED]
Replies: 3
Views: 5523

Re: Make OSPFv3 use Global IPv6 addresses instead of LinkLocal? [SOLVED]

Yes, this is quite common in IPv4 space as well, called a Loopback address. For nice traceroutes, I actually set pref-source on all routes to the loopback address too so you dont have to name / PTR and catalog all the interface addresses.
by joegoldman
Tue Mar 26, 2019 6:25 am
Forum: Wireless Networking
Topic: Is possible to set up a RBaCPGi-5acD2nD dual bands with one ssid?
Replies: 4
Views: 891

Re: Is possible to set up a RBaCPGi-5acD2nD dual bands with one ssid?

Just by naming them all the same, they will essentially switch from one AP to the other. Client devices determine how/when they switch to another AP, but you can use connect lists to disassociate people at a certain signal level and force them to re-scan. Easiest way to do this would be use CAPsMAN ...
by joegoldman
Tue Mar 26, 2019 12:36 am
Forum: SwOS
Topic: Can run OSPF on CRS326-24G-2S+RM
Replies: 4
Views: 2732

Re: Can run OSPF on CRS326-24G-2S+RM

also all routing is done in CPU - CPU's are quite limited in the switches. You may not get much data routed on a switch.
by joegoldman
Sat Mar 23, 2019 10:34 am
Forum: General
Topic: help to create server radius with sql and and web php form [SOLVED]
Replies: 3
Views: 1002

Re: help to create server radius with sql and and web php form [SOLVED]

Mikrotik talks RADIUS - configuring FreeRADIUS to work with Mikrotik is a non-issue, as they work out of the box. Your question is more a FreeRADIUS question, I would suggest seeking help from the FreeRADIUS forums or other help-areas dedicated to that program, to learn how to configure your system ...
by joegoldman
Sat Mar 23, 2019 10:23 am
Forum: General
Topic: Feature Request: 6VPE (VPNv6) - ipv6 address family
Replies: 4
Views: 1862

Re: Feature Request: 6VPE (VPNv6) - ipv6 address family

Most likely you will see this implemented in ROS v7.
Normis says ROS v7 doesnt exist :P

Sorry i kid i kid.
by joegoldman
Fri Mar 22, 2019 3:41 am
Forum: RouterBOARD hardware
Topic: wAP 60Gx3 AP - anyone already tested it?
Replies: 14
Views: 5612

Re: wAP 60Gx3 AP - anyone already tested it?

I'd love to try 60ghz out in some of our busier areas mostly because 5ghz is super noisy. How wide are the channels, and how much spectrum can be accessed by these devices? i.e. since each chip can only hand 8 stations (so thats 24 clients per wAP 60Gx3) how many of these could I comfortably run on ...
by joegoldman
Thu Mar 21, 2019 11:58 pm
Forum: Beginner Basics
Topic: Is it OK for all leds to run at once like this ?
Replies: 2
Views: 698

Re: Is it OK for all leds to run at once like this ?

They are not perfectly synced - being on the same bridge means there's absolutely some traffic that will hit all ports simultaneously (e.g. broadcast) along with traffic that wont. Nothing seems amiss to me.
by joegoldman
Sun Mar 17, 2019 11:40 pm
Forum: General
Topic: Redirect All SSL Pages to one page
Replies: 4
Views: 908

Re: Redirect All SSL Pages to one page

Hotspot has HTTPS redirect in the settings - and the redirect can work, however you will always get SSL errors that the user will have to accept. You cant make it do a clean redirect.
by joegoldman
Sun Mar 17, 2019 11:35 pm
Forum: Beginner Basics
Topic: Radus server in my Mikrotik router
Replies: 6
Views: 975

Re: Radus server in my Mikrotik router

You can use userman as a built in Radius sever, however its generally more for Hotspot usage, if your looking for 802.1x auth it might not work for that. Im not sure.
by joegoldman
Wed Mar 13, 2019 2:01 am
Forum: Beginner Basics
Topic: Simplest Route Rule Possible.
Replies: 13
Views: 1273

Re: Simplest Route Rule Possible.

There is kind of a way - if that is the ONLY thing in vlan55, then you can add VLAN 55 to a VRF and add the default route for that VRF out the ether1 cable WANIP. If you are not wanting to put the interface into VRF and single out only the traffic for that one IP, then you will need to use a mangle ...
by joegoldman
Mon Mar 11, 2019 1:05 am
Forum: General
Topic: Scaling Mikrotik
Replies: 5
Views: 1195

Re: Scaling Mikrotik

Mikrotik is horizontal scaling. Basically start with redundant pairs everywhere - once you start getting to the 50-60% resource usage, add another 1 or 2 next to it. You really dont want resources hitting up over 75% at all to be safe. I'd personally have your core very very simple, just pure routin...
by joegoldman
Mon Mar 11, 2019 12:56 am
Forum: General
Topic: local proxies breaks speed limit
Replies: 5
Views: 784

Re: local proxies breaks speed limit

Are you running a web-proxy on the mikrotik? Are your bw-limits on forwarding traffic? Once traffic is proxied through the router it becomes input/output rather than forward technically, so your queus may be set up wrong to account for that. Do an /export hide-sensitive and post it in code tags so w...
by joegoldman
Wed Mar 06, 2019 11:57 am
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 613
Views: 202720

Re: RouterOS v7.0 beta1 - when?

THE GOOD NEWS IS, that once RouterOS is brought up to date on 4.x kernel - it should be a fairly straight run to keep it updated. The Linux Kernels are not feature releases, meaning the diff between 4.20 and 5.0 is just patches, not a huge new architecture or anything. We just gotta make this one bi...
by joegoldman
Tue Mar 05, 2019 5:12 pm
Forum: Beginner Basics
Topic: I've locked myself out of the router admin interface.
Replies: 2
Views: 682

Re: I've locked myself out of the router admin interface.

If using winbox, try using neighbours and connecting via MAC protocol.

Alternatively, plug another mikrotik into it and use mac-telnet from mikrotik to mikrotik or Rommon (if enabled) which uses L2 protocols as well, so bypasses IP addressing.
by joegoldman
Sun Mar 03, 2019 11:41 pm
Forum: Forwarding Protocols
Topic: Valid router to use in a peering point
Replies: 6
Views: 2722

Re: Valid router to use in a peering point

(I've always thought MT should release a CCR1009-8G-2S+)...
There is the CCR1036 8G 2S+ if your after more, or even the 1072-8S+, or what we've done is breakout using a CRS317-1G-16S+
by joegoldman
Fri Mar 01, 2019 11:41 pm
Forum: Forwarding Protocols
Topic: Transit and IX problem
Replies: 5
Views: 2478

Re: Transit and IX problem

Best guess is you are importing routes from both, but because your cogent routers are older they are preferred (i.e. that bgp session came up first). I would set a BGP Local Pref on the IX routes only. If this is for inbound traffic only going via cogent, then make sure you are advertising your rang...
by joegoldman
Wed Feb 27, 2019 12:35 pm
Forum: General
Topic: Large route table, removing a static [SOLVED]
Replies: 8
Views: 3917

Re: Large route table, removing a static [SOLVED]

Yes this is my main complaint with Mikrotik at the core at the moment - it can import full tables in good-enough time but convergence is slow as when adding routes or removing routes - up to 5-10 minutes for me with about 1million BGP routes (With some static). I couldnt imagine running a CCR with m...
by joegoldman
Wed Feb 27, 2019 12:28 am
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 613
Views: 202720

Re: RouterOS v7.0 beta1 - when?

The development going into 6.x is development FOR 7.x as well. A lot of the roadmapped features have been put into 6.x because of the delays 7.x brings. 7.x isnt going to suddenly have a heap of new features, 7.x will likely be the latest 6.x but on new kernel, and will take a few iterations to star...
by joegoldman
Sat Feb 23, 2019 12:23 am
Forum: Beginner Basics
Topic: disable PPPoE connections go to html page
Replies: 4
Views: 1063

Re: disable PPPoE connections go to html page

Without radius etc, one way would be to change the remote address on their secret - i.e. have an 'internal' / 'suspended' pool thats not a public IP that they get, then in your mikrotik have mangle rules for any traffic from that range to be redirected to your server where the HTML page is.
by joegoldman
Fri Feb 22, 2019 3:42 am
Forum: Wireless Networking
Topic: Selection guide for PtP links Ranges?
Replies: 11
Views: 1656

Re: Selection guide for PtP links Ranges?

I answered your questions - how could I give you any more advice without knowing the link requirements and specifics - in which case we'd be at a point of billing you for my consulting time if you want me to design your whole link.
by joegoldman
Thu Feb 21, 2019 10:24 pm
Forum: Wireless Networking
Topic: Selection guide for PtP links Ranges?
Replies: 11
Views: 1656

Re: Selection guide for PtP links Ranges?

Max range would be in test conditions. Max range can be affected by weather, noise floor, line of sight, your countries EIRP etc etc. I would not want to be trying to push the max distance of items. You can mix and match, you just may end up with better signal one way then the other. Sometimes bigge...
by joegoldman
Thu Feb 21, 2019 1:25 pm
Forum: General
Topic: I Can't set 802.1p on VLAN for DHCP [probably BUG]
Replies: 9
Views: 1720

Re: I Can't set 802.1p on VLAN for DHCP [probably BUG]

send a supout and explanation of your bug to support@mikrotik.com
by joegoldman
Thu Feb 21, 2019 9:17 am
Forum: General
Topic: Easy method to update 300 MikroTik
Replies: 2
Views: 802

Re: Easy method to update 300 MikroTik

No supported way - most people build it out with API scripts and updaters - DUDE might be able to do some of it.
by joegoldman
Sat Feb 16, 2019 5:10 am
Forum: General
Topic: mikrotik wrong username or password
Replies: 5
Views: 3092

Re: mikrotik wrong username or password

Was it old RouterOS version? If so its likely been hacked. Good news is, being old version you can use the same hack to re-gain access - but once its been compromised you should take config export, make sure no bad config is in there, and do a fresh net-install.
by joegoldman
Sat Feb 16, 2019 5:08 am
Forum: Announcements
Topic: v6.44rc [testing] is released!
Replies: 67
Views: 22624

Re: v6.44rc [testing] is released!

what does /tool speed-test test to? Do we host a server? Is it same as bandwidth-test and will TCP tests be CPU limited?
by joegoldman
Thu Feb 07, 2019 5:21 am
Forum: General
Topic: Use a Routerboard to tag packets for a management VLAN
Replies: 7
Views: 1492

Re: Use a Routerboard to tag packets for a management VLAN

Laptop ---> Ether1 - Ether2 ----> Network In this scenario (Ether1/Ether2 being your bridge Mikrotik) you'd create a vlan interface on Ether2 with vlanID on 100, then create a bridge interface, and add Ether1 and Vlan100 interface, so you are being bridged straight into the VLAN tagged interface. Th...
by joegoldman
Thu Feb 07, 2019 5:16 am
Forum: RouterBOARD hardware
Topic: Why people pair UBNT APs with MikroTik routers?
Replies: 56
Views: 42871

Re: Why people pair UBNT APs with MikroTik routers?

I've done both. I've got many CAPsMAN installs with wAP AC's and cAP AC's in, without issue. I prefer Mikrotik for the flexibility and extra config options. I had a big job that I had to put Ubiquiti in for the pure fact of short time frame and stock availability (this wasnt long after the factory f...
by joegoldman
Wed Feb 06, 2019 5:37 am
Forum: Forwarding Protocols
Topic: IXP routes should be preferred
Replies: 4
Views: 2259

Re: IXP routes should be preferred

You are running multiple instances? YOu should only really be doing that for multiple host AS's

In any case, post the output of /export hide-sensitive so we can see what the issue is.
by joegoldman
Wed Feb 06, 2019 1:37 am
Forum: Forwarding Protocols
Topic: IXP routes should be preferred
Replies: 4
Views: 2259

Re: IXP routes should be preferred

Guessing you have ignore as path len enabled which means AS Path will not be considered in the best-path selection, in which case the first 'installed' route would be the best based on the other attributes. For IX routes, best practise (in my opinion) is to import them with a high local-pref, which ...
by joegoldman
Sun Feb 03, 2019 10:51 pm
Forum: RouterBOARD hardware
Topic: For real, what is with these blinding power leds?
Replies: 11
Views: 2936

Re: For real, what is with these blinding power leds?

Yes noticed this on my new 4011 i was hoping I could turn it off in the software but nup, I will be black taping it to keep it down, literally shines through multiple rooms if I leave the office door open haha.
by joegoldman
Sat Feb 02, 2019 12:04 pm
Forum: General
Topic: WINDOWS AUTHENTICATE WITH MIKROTIK USERS
Replies: 1
Views: 553

Re: WINDOWS AUTHENTICATE WITH MIKROTIK USERS

You want users to login to the Mikrotik with their Windows credentials? Or you want users to log into Windows with Mikrotik credentials? You could potentially run RADIUS in front of a windows DC server and have people log into mikrotiks with Windows Credentials, the other way around I do not believe...
by joegoldman
Fri Feb 01, 2019 3:27 pm
Forum: General
Topic: Winbox Urgent Suggestion
Replies: 15
Views: 1949

Re: Winbox Urgent Suggestion

There is absolutely nothing wrong with winbox under WINE. An expert Linux user will use all tools available to set up their environment. I use Winbox without fail on all my Linux machines.
by joegoldman
Fri Feb 01, 2019 5:49 am
Forum: Forwarding Protocols
Topic: Routing issue
Replies: 3
Views: 1953

Re: Routing issue

youve given us almost 0 helpful information.

You know the last hop it fails at, jump on that hop check the route-table.

Is it that just ICMP is firewalled / blocked from that ingress point onwards?
by joegoldman
Tue Jan 29, 2019 8:13 am
Forum: General
Topic: Don't buy Mikrotik hardware! NO SUPPORT
Replies: 15
Views: 2581

Re: Don't buy Mikrotik hardware! NO SUPPORT

Ubiquiti is also 20-80% more expensive depending on the product, and the software management is a nightmare in some use cases, and nowhere near as flexible at the least. You take the good with the bad in some cases. I use Mikrotik because of the flexibility and pricing. I also understand that my pay...
by joegoldman
Mon Jan 28, 2019 11:54 pm
Forum: General
Topic: Feature requests
Replies: 1336
Views: 323198

Re: Feature requests

I would like to receive SNMP traps when WiFi client registration occurs... for example: [WIRELESS]--Association:11G STA 80:b0:3d:xx:xx:xx associated with WLAN1 SSID = Mikrotik It's very useful for smart home automation scenarios You could replicate this with logging and a syslog (remote) logging se...
by joegoldman
Sat Jan 26, 2019 2:22 am
Forum: General
Topic: OSPF + VRRP +PPPOE
Replies: 5
Views: 1200

Re: OSPF + VRRP +PPPOE

You would use Routing Marks or VRFs to basically do source based routing. If you are using public IP space you'll also need to adjust your advertisements so one range is used by ISP 1 and the other by ISP 2
by joegoldman
Fri Jan 25, 2019 5:51 am
Forum: General
Topic: Which Router should i buy for a small web hosting company?
Replies: 6
Views: 1164

Re: Which Router should i buy for a small web hosting company?


I was looking for RB3011UiAS-RM or RB1100AHx4, What do you suggest?
RB1100AHx4 very robust and can move a lot of data - i'd go one of them.
by joegoldman
Thu Jan 24, 2019 11:13 pm
Forum: RouterBOARD hardware
Topic: InterCell
Replies: 46
Views: 12232

Re: InterCell

What LTE frequencies/bands you think the WISPs will be able to use in Australia? And what would be the demand for such LTE Base Stations? For Australia - next to impossible for LTE I think - too much regulation and too expensive. I work in a less-developed country outside of Australia where if I co...
by joegoldman
Thu Jan 24, 2019 11:05 pm
Forum: General
Topic: pasting .rsc on a blank slate router
Replies: 4
Views: 1017

Re: pasting .rsc on a blank slate router

add a delay up the top of the script, and use the reset-config menu with no-default, run-after of your RSC, thats how I do templated installs.
by joegoldman
Thu Jan 24, 2019 11:26 am
Forum: RouterBOARD hardware
Topic: InterCell
Replies: 46
Views: 12232

Re: InterCell

Such an interesting turn. LTE can be beneficial for WISP though - NBN (National Broadband Network) in Australia are using LTE for their Fixed Wireless roll-outs, however being government run and funded probably got access to frequencies within budget. A country I do a lot of work in - we have a very...
by joegoldman
Sun Jan 20, 2019 12:40 am
Forum: General
Topic: CCR Mikrotik Bandwidth Test - Urgent...-Important
Replies: 8
Views: 1795

Re: CCR Mikrotik Bandwidth Test - Urgent...-Important

It's also weekend around most of the world - give it a couple business days.
by joegoldman
Tue Jan 15, 2019 11:57 pm
Forum: General
Topic: v7 routeros
Replies: 12
Views: 4517

Re: v7 routeros

I also like stuff and things, my fellow networkers. :/
by joegoldman
Mon Jan 14, 2019 12:19 am
Forum: RouterBOARD hardware
Topic: Router that does not sound like a Jet Engine for Home 10G Internet?
Replies: 7
Views: 2394

Re: Router that does not sound like a Jet Engine for Home 10G Internet?

Get the 4 port 10gbit switch, device like 4011 to run as a router on a stick, port 1 outside, port 2 router, port 3 inside, done. Limits some of your capacity but for home internet shouldn't matter that much.
by joegoldman
Sun Jan 13, 2019 10:21 am
Forum: Forwarding Protocols
Topic: OSPF and default routes. [SOLVED]
Replies: 3
Views: 3776

Re: OSPF and default routes. [SOLVED]

If your redistributing default via OSPF, and all links are equal cost, then it should do this automatically anyways. However - a router will not install an OSPF default route if a static one exists, so you'll have to remove the static one and let the default come in - an easy way to test this if you...
by joegoldman
Fri Dec 28, 2018 11:05 pm
Forum: General
Topic: CRS305-1G-4S+ port statistics
Replies: 1
Views: 683

Re: CRS305-1G-4S+ port statistics

Its a very small visual bug - worth chucking the info to support@mikrotik.com but doesn't warrant a huge amount of discussion.
by joegoldman
Fri Dec 28, 2018 11:01 pm
Forum: Scripting
Topic: Script only works in terminal, not by GUI or scheduler
Replies: 4
Views: 1189

Re: Script only works in terminal, not by GUI or scheduler

Thanks for following up with solution - thats actually a very peculiar behaviour which would be easy to overlook.
by joegoldman
Fri Dec 28, 2018 11:00 pm
Forum: General
Topic: OSPF
Replies: 3
Views: 817

Re: OSPF

So you want to receive the route from the remote network? They will have to advertise it to you, i.e. their OSPF config has to be set to allow the route you are wanting to come to you. Unless you are filtering it out yourself. Post your config (/export hide-sensitive) grab OSPF config of remote peer...
by joegoldman
Fri Dec 28, 2018 5:05 am
Forum: General
Topic: Add 160.000 statics dns entries
Replies: 7
Views: 1236

Re: Add 160.000 statics dns entries

If people are going to the effort to really get around your controlled DNS environment, then they deserve to have whatever you are trying to use - break. i.e. in PiHole it is more for user protection - a user who can circumvent would know the risks of doing so and protect themselves. It only really ...
by joegoldman
Wed Dec 26, 2018 11:58 pm
Forum: RouterBOARD hardware
Topic: 2*10gb ports for a CCR ?
Replies: 10
Views: 3417

Re: 2*10gb ports for a CCR ?

Switch: Port 1 = WAN - PVID 100 (so access port on vlan 100) Port 2 = LAN - PVID 200 (access port on vlan 200) Port 3 or 4 = Router, Trunk port with tagged 100 and 200 VLAN Making sure bridge vlan filter is on to ensure adherence to the tags and PVID. On Router you have 1 physical interface, you cre...
by joegoldman
Wed Dec 26, 2018 11:12 am
Forum: RouterBOARD hardware
Topic: 2*10gb ports for a CCR ?
Replies: 10
Views: 3417

Re: 2*10gb ports for a CCR ?

You could use a cheap switch like Mikrotik's little 4 port SFP+ switch for WAN, LAN, Router

So WAN comes into switch, switch goes into router, router back to switch for output via LAN port.

Or you could upgrade to the likes of CCR1036-8G-2S+ but thats quite a bit expensive.
by joegoldman
Wed Dec 19, 2018 3:49 am
Forum: General
Topic: Feature Request: SAFE MODE time based
Replies: 17
Views: 4192

Re: Feature Request: SAFE MODE time based

If you lose connection, how do you expect safe mode to remain activated? Although I agree with you and plan my changes with a 'dual-stack' mentality to bring things into line - I do get the point the others are trying to make. Sometimes the changes you need to make affect your connectivity to the d...
by joegoldman
Wed Dec 19, 2018 3:45 am
Forum: General
Topic: Is it possible to change boardname?
Replies: 1
Views: 514

Re: Is it possible to change boardname?

To what purpose?

Short answer is no - the major distributors / integrators may have some option to do this but not general public.
by joegoldman
Tue Dec 11, 2018 2:07 am
Forum: Forwarding Protocols
Topic: no enforce-first-as in RouterOS?
Replies: 10
Views: 4001

Re: no enforce-first-as in RouterOS?

Its default. There's no specific option for it. I do run Client to Client reflection ticked on my instances not sure if that makes a difference, but I use Mikrotik to peer with IX route servers and they deliver routes without their own AS in the path, which my router happily accepts.
by joegoldman
Tue Dec 11, 2018 1:59 am
Forum: RouterBOARD hardware
Topic: hardware idea for a multiport switch
Replies: 72
Views: 35350

Re: hardware idea for a multiport switch

It would definitely need built in cable management arm at the rear that helps slide and guide the cable bundle in and out. Even then I see the high density and effort as a very niche product personally.
by joegoldman
Mon Dec 10, 2018 4:20 am
Forum: Forwarding Protocols
Topic: Is it possible to host 2 web servers within the same public IP address
Replies: 8
Views: 2855

Re: Is it possible to host 2 web servers within the same public IP address

No, this requires deep packet inspection (so MIGHT be able to work sometihng with layer7 filters) as you are now reading the host head in the HTTP packet to know which server to send it to. Your best bet is a low-resource server 3 - a proxy server, it takes in ALL 80/443 requests and proxies based o...
by joegoldman
Tue Dec 04, 2018 10:44 am
Forum: The User Manager
Topic: Strange PPPOE limitation problem
Replies: 7
Views: 4315

Re: Strange PPPOE limitation problem

Do an /export hide-sensitive so we see your full configuration. Running userman you'd think it would be OK. Perhaps turn on some RAW RADIUS logging and capture packets of it happening, see if it is the PPP server ignoring the limitation and setting its own, or if its userman responding with the wron...
by joegoldman
Sat Nov 24, 2018 6:50 am
Forum: RouterBOARD hardware
Topic: RB3011 Power inputs?? [SOLVED]
Replies: 1
Views: 917

Re: RB3011 Power inputs?? [SOLVED]

Yes both can be used, and they will also work as active failover if one of the feeds fails. I do the same with old RB1100AHx2's (As they only had single AC) and 3011's in production
by joegoldman
Sun Nov 11, 2018 11:59 pm
Forum: Beginner Basics
Topic: 3011 update
Replies: 10
Views: 1810

Re: 3011 update

To answer your question, 3011 is an ARM based device so the mipsbe file would not be helpful.

When logging in (via winbox at least) it will tell you the architecture in the title of the window in brackets (arm), (mipsbe), (tile) etc.
by joegoldman
Sun Nov 04, 2018 3:30 pm
Forum: Forwarding Protocols
Topic: VRF Help - Route Leaking from MAIN
Replies: 0
Views: 903

VRF Help - Route Leaking from MAIN

Hi *, Basically I'd like to import all routes (except 0.0.0.0/0) into a VRF. Reason for this - I am doing source based routing to push certain IP's out a 2nd WAN connection, however I'd like it to only use this VRF (which contains a default route) when the resources aren't 'local'. This router impor...
by joegoldman
Wed Oct 31, 2018 9:50 am
Forum: General
Topic: Old kernel. Why?
Replies: 5
Views: 1457

Re: Old kernel. Why?

Plenty. ROSv7's main hold up is developing to new kernel. Major kernel's have major changes, especially from what ROS is currently based on to new, the whole networking stack has been re-worked (I believe), so requires a lot of re-development, re-testing etc to get it to feature parity (plus improve...
by joegoldman
Wed Oct 31, 2018 12:53 am
Forum: General
Topic: How to whitelist top level domains? [SOLVED]
Replies: 2
Views: 1409

Re: How to whitelist top level domains? [SOLVED]

You should be able to use L7 firewall rules to help create matchers that you can then apply filter/NAT/mangle rules on: https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/L7 This will help you do regex and TLD's to match what you want. It can be quite CPU intensive (As you are inspecting the packet a...
by joegoldman
Mon Oct 29, 2018 9:57 pm
Forum: General
Topic: Need help with VLANS and routing their traffic over L2TP
Replies: 4
Views: 1627

Re: Need help with VLANS and routing their traffic over L2TP

post /export hide-sensitive of both routers.

Also easy way to test connectivity, put a computer on a phone IP on that VLAN and make sure it can PING the VoIP server, also maybe check traceroute see where its stopping if there are multiple hops in the path.
by joegoldman
Mon Oct 29, 2018 10:44 am
Forum: Forwarding Protocols
Topic: Auto BlackHoling
Replies: 2
Views: 1346

Re: Auto BlackHoling

The question will rely on your upstream provider - so you will need to know what they expect so you can tag the route specifically. They will likely accept routes down to /32 with community <AS>:666 so they know to add as blackhole. Adjust your filters to look for routes with your own blackhole comm...
by joegoldman
Mon Oct 29, 2018 12:10 am
Forum: General
Topic: Winbox layout
Replies: 3
Views: 948

Re: Winbox layout

You can not 'edit' the layout, but you can make changes and save the session. I.E. open the windows you want to see, make changes to the columns, inline comments etc so it looks how you want it to look. Then under file you can go 'Save As' and it will save as a .viw file, then in winbox you can choo...
by joegoldman
Sun Oct 28, 2018 10:17 pm
Forum: General
Topic: Can I connect a Edge Router as a Client to out Mikrotik VPN Server?
Replies: 3
Views: 887

Re: Can I connect a Edge Router as a Client to out Mikrotik VPN Server?

You'll need to know a few details but if you set up the server you should know those details. Look at the Wiki for guides on how to set up VPN clients. If its L2TP/IPSec you'll generally need:

IP
User
Password
IPSec Secret
by joegoldman
Sun Oct 28, 2018 10:07 pm
Forum: General
Topic: Can I connect a Edge Router as a Client to out Mikrotik VPN Server?
Replies: 3
Views: 887

Re: Can I connect a Edge Router as a Client to out Mikrotik VPN Server?

This is a RouterOS forum, not an EdgeOS forum - you'll need to go hassle the ubiquiti community - but to answer your question a quick google suggests that EdgeOS doesnt currently have a way to configure an L2TP / IPSec client connection (such an odd limitation). My honest suggestion would be replace...
by joegoldman
Sat Oct 27, 2018 1:44 am
Forum: Beginner Basics
Topic: cant surf on new ip block
Replies: 4
Views: 1142

Re: cant surf on new ip block

Are these your own IP's or given to you by the ISP?

IF they are your own, have you started advertising them to upstream providers? Have you notified them of the new range so they can adjust their BGP filters both ingress from you and egress to their providers?
by joegoldman
Sat Oct 27, 2018 1:42 am
Forum: General
Topic: Any Chance of a test mode before applying the configuration
Replies: 9
Views: 2175

Re: Any Chance of a test mode before applying the configuration

There are very few situations given the flexibility of routeros that safe mode wont work for this purpose. Changing IP/routes? youo can dual stack IP's and add the routes, safe mode protects perfectly. Firewall changes? Pretty much what safe mode was made for. I do agree that test change can be bene...
by joegoldman
Sat Oct 27, 2018 1:38 am
Forum: General
Topic: v6 RC and v7 BETA
Replies: 126
Views: 35318

Re: v6 RC and v7 BETA

What is the timeline? if there is no cut-off date then it's just proof of concept for developers. Alpha is exactly that - proof of concept (in a lot of ways) They continue to work on 6.x, but 7 being a new kernel and everything means they have to make sure all existing functionality from 6.x is imp...
by joegoldman
Tue Oct 23, 2018 3:02 pm
Forum: General
Topic: Cloud Backup
Replies: 21
Views: 7486

Re: Cloud Backup

Will these be only .backup files i.e. only restorable to the same piece of hardware? Or will it take config exports too? Even better, are .backup files being worked on so you can safely restore them across devices (same device type but different MACs etc) I only use config expoorts myself at the mom...
by joegoldman
Tue Oct 23, 2018 2:52 pm
Forum: RouterBOARD hardware
Topic: RB 4011 is fanless?
Replies: 6
Views: 1858

Re: RB 4011 is fanless?

You'd call RB1100AHx4 a Home router? But in any case I can appreciate that, for us though the ~60% price difference from RB1100AHx4 to CCR1009 isnt justified by our want for SFP+ port (at this time), this is why i was thinking 4011 could be a good middle-ground if it came in a comparable configurati...
by joegoldman
Tue Oct 23, 2018 2:33 pm
Forum: RouterBOARD hardware
Topic: RB 4011 is fanless?
Replies: 6
Views: 1858

Re: RB 4011 is fanless?

not in near future. there are other devices that have rack cases
If I could get an 1100 with an SFP/SFP+ port I'd be happy haha, was thinking of the 4011 to start replacing our 1100AHx4 fleet if it came in a respectable case (With dual power)
by joegoldman
Tue Oct 23, 2018 2:28 pm
Forum: RouterBOARD hardware
Topic: RB 4011 is fanless?
Replies: 6
Views: 1858

Re: RB 4011 is fanless?

Are we likely to get a (proper) rackmount model, similar to 3011? Or will only the desktop model with big ugly ears remain? The 3011's are a really nice presentable case to put in a customers rack.
by joegoldman
Mon Oct 22, 2018 1:15 pm
Forum: General
Topic: LHG60 Link goes down when it rains
Replies: 21
Views: 3067

Re: LHG60 Link goes down when it rains

Have you considered all aspects? Is there other 60ghz gear? Is it CLEAR line of site? Considered fresnel zone?
by joegoldman
Mon Oct 22, 2018 8:18 am
Forum: General
Topic: v6 RC and v7 BETA
Replies: 126
Views: 35318

Re: v6 RC and v7 BETA

Image
by joegoldman
Sun Oct 21, 2018 12:25 pm
Forum: General
Topic: Mass Managing Mikrotik
Replies: 11
Views: 4595

Re: Mass Managing Mikrotik

Look into the Tr069 protocol, there are both commercial and open source applications for this These are good for client devices and pulling config on boot, but in terms of edge/bottom fo tower etc where you dont want to reboot and manage things like firewall entries etc its not that great. My centr...
by joegoldman
Sun Oct 21, 2018 3:10 am
Forum: RouterBOARD hardware
Topic: Counterfeit CCR1036?
Replies: 4
Views: 1957

Re: Counterfeit CCR1036?

The original 1036 PSU's were notoriously bad for blowing capacitors. I know plenty of people who have replaced PSU's in tthem, or at least put on better capacitors. We personally build an external power source that actually utilises the dual power headers on the board to make them actually dual powe...
by joegoldman
Sat Oct 20, 2018 2:57 pm
Forum: Beginner Basics
Topic: Migrate CCR 1009 to CCR 1036
Replies: 3
Views: 1125

Re: Migrate CCR 1009 to CCR 1036

get a copy of /export from your 1009, make the necessary adjustments to change ports etc and run it as an import on your 1036.
by joegoldman
Sat Oct 20, 2018 12:39 pm
Forum: General
Topic: Mass Managing Mikrotik
Replies: 11
Views: 4595

Re: Mass Managing Mikrotik

(managed by unifi controller). Thats great for Ubiquiti Unifi gear but completely awry of the question, Mikrotik also has a similar controller for AP's in their CAPsMAN package. Your post reeks of corporate shill and is completely useless to the topic. To answer OP, I too have rolled out my own in-...
by joegoldman
Sat Oct 20, 2018 5:49 am
Forum: General
Topic: PCQ - Custom Limits
Replies: 0
Views: 477

PCQ - Custom Limits

Hi All, I want to do some real custom PCQ stuff. Basically, for example sake I have 4 IP's sharing 10mbit. I want IP 1 to be guaranteed 5mbit, IP 2 guaranteed 2mbit and the other 2 share the remaining 3mbit, but obviously if IP1 and IP2 not using their full allocation anyone can go up to 10mbit (doe...
by joegoldman
Thu Oct 18, 2018 8:23 am
Forum: Forwarding Protocols
Topic: Null route for unused IP's
Replies: 5
Views: 5298

Re: Null route for unused IP's

Just the /22 should be adequate, if you are using routing bgp network option instead of redistributing active routes. (I personally prefer to not use the network tab in bgp, and have blackhole route with distance 250 to supply an active route to redistribute).
by joegoldman
Sun Oct 14, 2018 3:08 pm
Forum: Forwarding Protocols
Topic: OSPF Interface Cost not working
Replies: 1
Views: 1078

OSPF Interface Cost not working

Hi guys quick question regarding OSPF and getting interface costs to work properly. I've got 4 routers in a loop All routers have redistribute OSPF as type 1 All routers either 6.42.6 or 6.42.7 One of the links is kind of bad, but OK for backup, I just brought up a good link on the same router with ...
by joegoldman
Sun Oct 14, 2018 9:39 am
Forum: Beginner Basics
Topic: Change default ip MikroTik crs106 Sfp switch
Replies: 4
Views: 985

Re: Change default ip MikroTik crs106 Sfp switch

/ip->addresses, select 192.168.88.1 entry, modify the options as required, and hit save. Be sure that network is correct too.