Community discussions

MikroTik App

Search found 628 matches

by joegoldman
Thu Jul 22, 2021 5:01 am
Forum: Forwarding Protocols
Topic: Can only ping 1 direction, but it gets weirder...
Replies: 2
Views: 654

Re: Can only ping 1 direction, but it gets weirder...

What does your ip route show for that particular route ? Does it specificy a bad src-address? Torch the interface without a src-address and see what src/dst its trying to use.
by joegoldman
Fri Jul 16, 2021 1:27 am
Forum: Scripting
Topic: Create an .exe for restarting the mikrotik
Replies: 14
Views: 751

Re: Create an .exe for restarting the mikrotik

In any case, the comment was made in response to the claim up-thread that "the EXE will have to contain the username and password". The SSH executable doesn't contain user names or passwords, and as we've seen, there are ways to protect its external key. The ultimate idea behind the comme...
by joegoldman
Wed Jul 14, 2021 4:09 am
Forum: Forwarding Protocols
Topic: BGP ECMP (multipathing)
Replies: 53
Views: 20295

Re: BGP ECMP (multipathing)

Thanks. Not very hopeful on it being any time soon since v7 has been in the works for years now :'( Mikrotik spent years putting the groundwork in place, building the framework for the new routing engine to ensure it would scale and be easy to maintain. They also hired a bunch more developers. You ...
by joegoldman
Mon Jul 12, 2021 7:06 am
Forum: Beginner Basics
Topic: Block internet from all but one user
Replies: 22
Views: 1038

Re: Block internet from all but one user

Thank you. I'll try that. I'm still curious why my way did not work. Is that address reserved for them? Did it pull a new address from DHCP before midnight? What does the rest of the rule say? Might be some other matcher. Use /export (or /ip firewall filter export) to get the exact config of the ru...
by joegoldman
Tue Jul 06, 2021 6:44 am
Forum: Scripting
Topic: How to determine if a setting is available
Replies: 3
Views: 505

Re: How to determine if a setting is available

Depending on the devices you need to support, you could always base it on /system routerboard model - from which you can pre-program on what to do for that model. This could be a bit more tedious if you are supporting a LARGE amount if different models but if its between 2 or 3 then its not bad.
by joegoldman
Fri Jul 02, 2021 3:02 am
Forum: RouterBOARD hardware
Topic: Holes at the low end of the CRS product line
Replies: 10
Views: 1196

Re: Holes at the low end of the CSR product line

There's unlimited number of port configurations. You'll almost always never get the exact port config you need - but why would you ? what about growth? What if your 2 camera system turns into 4? Or VoIP phones wanting PoE? You have a minimum requirement - and you should look at a future minimum requ...
by joegoldman
Wed Jun 30, 2021 11:16 am
Forum: Beginner Basics
Topic: How do I find the IP address of my WAP? [SOLVED]
Replies: 6
Views: 563

Re: How do I find the IP address of my WAP? [SOLVED]

My goal with the wide netmask is to be able to identify devices by IP address quickly. I want to assign my WAPs and my gateway router: 10.0.1.1, 10.0.2.1, 10.0.3.1, etc. In conjunction with this, I would like to assign IP addresses via DHCP depending on the WAP that the host attached to. So if it a...
by joegoldman
Sat Jun 26, 2021 1:57 am
Forum: General
Topic: Feature Request: SAFE MODE time based
Replies: 22
Views: 4950

Re: Feature Request: SAFE MODE time based

If you lose connection, how do you expect safe mode to remain activated? We are asking for a way to 'resume' safe mode by reconnecting after loss of connection. A more simple example: Say you are helping configure a remote CPE with new username and password in PPPoE, you are connecting via the WAN....
by joegoldman
Tue Jun 22, 2021 1:45 pm
Forum: Beginner Basics
Topic: Three same-distance routes
Replies: 5
Views: 669

Re: Three same-distance routes

How are these last packets routed once delivered to these equal-distance default route ? Whichever route is currently Active - and likely it is the first to be installed assuming all same distance, scope etc. There is a way to do ECMP by having the gateways in the SAME route if that is what you are...
by joegoldman
Tue Jun 22, 2021 1:38 pm
Forum: General
Topic: PPPOE performance degradation
Replies: 1
Views: 259

Re: PPPOE performance degradation

My main guess would be - is traffic building up overtime causing congestion on the link? MIkrotiks can run a vast array of services if not secured correctly will end up being used for amplify attacks and other things. A copy of your config may help us - but I'd be checking throughput on the ppp inte...
by joegoldman
Mon Jun 21, 2021 6:15 am
Forum: Announcements
Topic: Newsletter June 2021 (#100)
Replies: 54
Views: 15303

Re: Newsletter June 2021 (#100)

Home app - goes thorugh nothing to do with WAN setup. What if its PPPoE? Does this just purely rely on a DHCP WAN? For any kind of funky setups, surely you need the normal MikroTik app, where a lot more options are available. This is for home users with no configuration needs. PPPoE is still widely...
by joegoldman
Fri Jun 18, 2021 3:27 am
Forum: General
Topic: Multiple pppoe with same name and simple queues problem [SOLVED]
Replies: 10
Views: 609

Re: Multiple pppoe with same name and simple queues problem [SOLVED]

You can use ppp interface instead where it uses interface name - you can cross reference session by caller ID from ppp active via ppp interface to get interface name then reference that to simple queues.

Best way to do it depends on what you are trying to achieve.
by joegoldman
Thu Jun 17, 2021 1:48 am
Forum: Announcements
Topic: Newsletter June 2021 (#100)
Replies: 54
Views: 15303

Re: Newsletter June 2021 (#100)

Home app - goes thorugh nothing to do with WAN setup.

What if its PPPoE? Does this just purely rely on a DHCP WAN?
by joegoldman
Thu Jun 10, 2021 12:06 pm
Forum: Beginner Basics
Topic: Unstable connection BGP L2TP IPSec
Replies: 2
Views: 392

Re: Unstable connection BGP L2TP IPSec

I assume you are using L2TP because you are traversing many networks and want to create a single-hop tunnel? If so - the performance issues could very well be any network from source to endpoint of the L2TP tunnel - and may not reflect a configuration issue at all. Is the poor performance also shown...
by joegoldman
Thu Jun 10, 2021 4:10 am
Forum: General
Topic: Multiple RADIUS servers
Replies: 8
Views: 657

Re: Multiple RADIUS servers

It probably needs some testing - it isn't clear if that setting adds a realm / user domain if none is present in the username, and/or will direct requests for a realm / user domain to a particular server. It adds it as an extra domain attribute for Windows servers that require domain validation (fr...
by joegoldman
Mon May 31, 2021 2:50 pm
Forum: General
Topic: Freedarius to g suite using mikrotik does it possible?
Replies: 3
Views: 751

Re: Freedarius to g suite using mikrotik does it possible?

Mikrotik supports RADIUS. FreeRADIUS talking to G Suite is not in Mikrotik's purview - if there is a problem, and you know that FreeRADIUS to G Suite is working, you need to debug why Mikrotik to FreeRADIUS is not - you can set Mikrotik logs down to debug level for Radius and see the raw radius pack...
by joegoldman
Fri May 28, 2021 2:04 am
Forum: Beginner Basics
Topic: L2TP server to use same pool as LAN
Replies: 5
Views: 454

Re: L2TP server to use same pool as LAN

What people tend to forget - VPN interfaces are L3 interfaces not L2 - dialing in is not the same as plugging into the local network, the L2 protocols are largely lost. Things like proxy-arp help, so the router is doing the work for you, but beyond using tech like vpls or eoip, you have to consider ...
by joegoldman
Sat May 22, 2021 3:52 am
Forum: Beginner Basics
Topic: Difference between Simple Queue and Queue tree [SOLVED]
Replies: 2
Views: 512

Re: Difference between Simple Queue and Queue tree [SOLVED]

Hi this is your personal google service: https://wiki.mikrotik.com/wiki/Manual:Queue There are two different ways how to configure queues in RouterOS: /queue simple menu - designed to ease configuration of simple, everyday queuing tasks (such as single client upload/download limitation, p2p traffic ...
by joegoldman
Sat May 22, 2021 1:51 am
Forum: General
Topic: Winbox for linux
Replies: 15
Views: 885

Re: Winbox for linux

Looking at the repo its just running winbox.exe in wine anyways - just seems another step in the process (or you might find it easier for you). Winbox runs pretty much perfect in WINE - there's little to no reason to port it to a cross-compatible library for *nix. There's also WebFig if you struggle...
by joegoldman
Mon May 17, 2021 3:10 pm
Forum: General
Topic: ISP says that I can't connect my ONT device [SOLVED]
Replies: 2
Views: 364

Re: ISP says that I can't connect my ONT device [SOLVED]

If the ISP says no, then no. Sure there may be technical compatibilities - but more goes into it then that. Their provisioning and other network tools may be based around using their own GPON device (GPON on NBNCo in Australia, the national network, requires their ONU for provisioning and then hande...
by joegoldman
Mon May 17, 2021 3:33 am
Forum: General
Topic: Owncloud port 80
Replies: 6
Views: 673

Re: Owncloud port 80

https://prnt.sc/12vfby3 https://prnt.sc/12vfcdd https://prnt.sc/12vfd0w https://prnt.sc/12vfdb3 When i make for example port 800 i can ofcors enter webpages normal but my host is like xxxxx.ddns.net:800/owncloud Read my post above - this is a web server configuration error. You say yourself the sit...
by joegoldman
Wed May 12, 2021 5:36 am
Forum: General
Topic: external Radius server and mikrotik ???
Replies: 7
Views: 554

Re: external Radius server and mikrotik ???

@joegoldman are you using foxpass? No I am using Radiator on a cloud hosted Dedicated Server in a different country from most of my routers. You can run debug radius log to get the packets being sent and any received to really drill down into the problem (And do the same level on the cloud end) thi...
by joegoldman
Tue May 11, 2021 11:11 am
Forum: General
Topic: external Radius server and mikrotik ???
Replies: 7
Views: 554

Re: external Radius server and mikrotik ???

What are you trying to use the radius client for? Hotspot, PPP, Local Auth etc? Provide an /export (or at least /radius export and config of the service you want using it) so we can help. Personally I connect all our mikrotiks to a 'cloud hosted' Radius server in a different country for ppp auth wit...
by joegoldman
Fri May 07, 2021 10:41 am
Forum: General
Topic: Owncloud port 80
Replies: 6
Views: 673

Re: Owncloud port 80

I wanna finish with "myddnsname.somethink" now its work on myddnsname.somethink/owncloud This is to do with your Raspberry Pi / OwnCloud installation. It is not recognizing the URL as a host-header to point to /var/www/owncloud (or wherever its located on your Pi), but likely being caught...
by joegoldman
Sun May 02, 2021 2:15 pm
Forum: General
Topic: Assign static IP's from ARP not DHCP Leases to stop MAC Clonning
Replies: 7
Views: 803

Re: Assign static IP's from ARP not DHCP Leases

Another option is port security depending on what switching you are using - where you restrict MAC down to the physical port on the switch, so they'd need to spoof and repatch/move desks.
by joegoldman
Sun May 02, 2021 2:06 pm
Forum: Scripting
Topic: Change bytes to mb or gb in simple queue for telegram bots
Replies: 5
Views: 1128

Re: Change bytes to mb or gb in simple queue for telegram bots

You can use simple arithmetic operators on returned values i.e. bytes -> kilobytes is divide bytes by 1024 (( [bytes] / 1024) for instance), where 5120 bytes becomes 5kilobytes, continue up the chain by dividing 1024 t o get to desired value bytes / 1024 = kilobytes kb / 1024 = megabytes mb / 1024 =...
by joegoldman
Fri Apr 30, 2021 2:31 am
Forum: General
Topic: VPN OPTIONS @ HELP with MUDI
Replies: 3
Views: 408

Re: VPN OPTIONS @ HELP with MUDI

Mikrotik supports OVPN server - but only supports certain parts of the spec, so you'll need to read through both documentations to get configuration right.
by joegoldman
Fri Apr 30, 2021 2:24 am
Forum: RouterOS v7 BETA
Topic: VRRP connection tracking and preemption mode
Replies: 7
Views: 1148

Re: VRRP connection tracking and preemption mode

the master does not have connections synced from the backup router yet! Great post and explanation! THis is the #1 reason I had in my head why it would be that way but great to get confirmation. To address OP's situation -w hich I assume is NAT Even though the connections are synced to the 2nd rout...
by joegoldman
Thu Apr 29, 2021 4:15 am
Forum: RouterOS v7 BETA
Topic: VRRP connection tracking and preemption mode
Replies: 7
Views: 1148

Re: VRRP connection tracking and preemption mode

as some of the users in the home where this is being used complain about their internet suddenly going out, which tracking might help a little with.
No - tracking won't really help a notice-able amount. I'd fore-go it and use preemptive mode.
by joegoldman
Thu Apr 29, 2021 1:44 am
Forum: RouterOS v7 BETA
Topic: VRRP connection tracking and preemption mode
Replies: 7
Views: 1148

Re: VRRP connection tracking and preemption mode

Mikrotik explicitly state that pre-emption mode must be off for connection sync as it currently stands - unknown if this is a temporary limitation or not. But - it looks like you should still be able to use priorities etc to force master back to being master (which I thought was VRRP default anyways...
by joegoldman
Wed Apr 21, 2021 5:59 am
Forum: General
Topic: Downloading from ONE interface
Replies: 5
Views: 522

Re: Downloading from ONE interface

IDM is still just a downloader - it may just chunk it out and try get multiple streams going - which can help depending on features of your firewall or ISP in what they might do for rate limiting (PCQ etc) A lot of variables at play here, and you'd need to isolate down to which device/port/portion i...
by joegoldman
Wed Apr 21, 2021 5:55 am
Forum: Forwarding Protocols
Topic: VRRP trigger from lost internet connection
Replies: 5
Views: 1083

Re: VRRP trigger from lost internet connection

If you have Static IP hand-off, you could try pinging your gateway as netwatch, which shouldn't be pingable if internet was to swap to other router The problem with this is, the gateway would always be powered up and pingable even when the internet is down (hurricane knocks out outdoor fiber lines)...
by joegoldman
Wed Apr 21, 2021 3:16 am
Forum: Forwarding Protocols
Topic: VRRP trigger from lost internet connection
Replies: 5
Views: 1083

Re: VRRP trigger from lost internet connection

You'd have to put some checks and balances in there. This is why I said it is setup specific. If you have PPPoE - you could try using on/off scripts in the ppp profile section so a script is run as PPPoE Client goes online and offline. If you have Static IP hand-off, you could try pinging your gatew...
by joegoldman
Wed Apr 21, 2021 3:12 am
Forum: General
Topic: cacti monitoring interface bandwidth
Replies: 1
Views: 304

Re: cacti monitoring interface bandwidth

While the Mikrotik template comes with an interface graph - you can use the cacti inbuilt NET-SNMP templates for interface counters too which do include Megabits per second (in 64bit as well). All my interfaces are using the default cacti SNMP graphs - and I use the Mikrotik template to get stats fo...
by joegoldman
Mon Apr 19, 2021 3:56 am
Forum: Forwarding Protocols
Topic: VRRP trigger from lost internet connection
Replies: 5
Views: 1083

Re: VRRP trigger from lost internet connection

Depending on how your internet works - probably a Netwatch script that then modifies VRRP priorities to force the other one to take over Master
by joegoldman
Fri Apr 16, 2021 2:40 am
Forum: General
Topic: Cloutik feedback ?
Replies: 12
Views: 1471

Re: Cloutik feedback ?

Out of curiousity, how are the "real pro" handling this when you have hundreds of devices to maintain ? All by custom, self developed scripting ? I have self-developed scripts to help with management - but I wouldn't be closed to an application like Cloutik that you linked - but my requir...
by joegoldman
Wed Apr 14, 2021 1:45 am
Forum: General
Topic: Cloutik feedback ?
Replies: 12
Views: 1471

Re: Cloutik feedback ?

You could do the same, by essentially running a VPS and having all your mikrotiks VPN back to it or send info / run scripts. Its putting control (And a lot of information) in someone elses hands If you are having large outages - then its useless Cost is not great - website is poorly made which doesn...
by joegoldman
Wed Apr 14, 2021 1:41 am
Forum: Beginner Basics
Topic: How do I disable (allow all) the firewall completely?
Replies: 1
Views: 481

Re: How do I disable (allow all) the firewall completely?

You can just disable ALL rules in /ip firewall filter - as a stop gap to disable any and all firewall rules related to blocking access. Disabling all shouldn't be an issue - but RouterOS also has a safe mode (For every management type except API) where by you can make these changes and if you are ki...
by joegoldman
Mon Apr 12, 2021 5:28 am
Forum: Forwarding Protocols
Topic: PBR - issues
Replies: 3
Views: 1004

Re: PBR - issues

Please post full /export (hide any info you feel you need to) so people can review it
by joegoldman
Thu Apr 01, 2021 12:46 am
Forum: Forwarding Protocols
Topic: BGP STATIC ROUTE BUG
Replies: 1
Views: 893

Re: BGP STATIC ROUTE BUG

You would have to provide an /export output for us to even begin to try and help.
by joegoldman
Thu Apr 01, 2021 12:45 am
Forum: General
Topic: Simple queue is detecting traffic but not limiting it
Replies: 2
Views: 488

Re: Simple queue is detecting traffic but not limiting it

You would have to provide an /export output for us to even begin to try and help.
by joegoldman
Fri Mar 26, 2021 1:21 am
Forum: General
Topic: How to search a large IP Firewall Address List?
Replies: 5
Views: 764

Re: How to search a large IP Firewall Address List?

Its not so much a bug as it is just a missing feature. The filter list in winbox gui only allows the order of the command one way - set out by the way the fields are set out i.e. "where address in 1.2.3.4" vs the opposite way that you actually want "where 1.2.3.4 in address" So t...
by joegoldman
Wed Mar 24, 2021 11:44 pm
Forum: RouterOS v7 BETA
Topic: OSPF Cost
Replies: 4
Views: 1115

Re: OSPF Cost

You can also set default cost under instance - which will be the cost given to 'Dynamic' interfaces (entries under routing -> ospf -> interfaces created dynamically due to network statements etc) - to set individual cost per interface you'll have to move them to being a static entry.
by joegoldman
Wed Mar 24, 2021 11:43 pm
Forum: Beginner Basics
Topic: Prevent Created Hotspot Users from using trial
Replies: 4
Views: 598

Re: Prevent Created Hotspot Users from using trial

Ideally you can't - if trial is available then registered users could potentially use the trial period over and over - or you could move to something like MAC based auth/cookies to help avoid it - but then any secondary devices etc may need their own account - or in cases like iphones where they cha...
by joegoldman
Thu Mar 18, 2021 7:39 am
Forum: General
Topic: Down Interface responds to ping?
Replies: 0
Views: 329

Down Interface responds to ping?

Hi Team, I applied an IP address (in a /30) to a downed interface on an RB1100x4 (running long-term 6.47.9) - the route was listed as DC (not active), the whole /24 that this IP happens to be in is routed to this router, but before the cable was plugged in the IP started responding to ping - i.e. th...
by joegoldman
Thu Mar 11, 2021 3:04 am
Forum: Forwarding Protocols
Topic: OSPF force gateway from BGP
Replies: 2
Views: 881

Re: OSPF force gateway from BGP

Hope this makes sense - and happy to learn of some possible solutions. This might be a solution for you: https://www.computerweekly.com/tip/Scale-your-backbone-with-core-MPLS-BGP-on-the-edge The article is old but the information is still correct. Thats a pretty big network wide change -we have pla...
by joegoldman
Thu Mar 11, 2021 1:35 am
Forum: Forwarding Protocols
Topic: OSPF force gateway from BGP
Replies: 2
Views: 881

OSPF force gateway from BGP

Hi Forum, Not sure I worded the title right - but looking for a solution to my issue. Consider a WISP network map of various towers linked together (not a 'FULL MESH' but rather random PtP links to create some triangles / loops etc) We run OSPF between all these sites - and it runs quite well - and ...
by joegoldman
Thu Mar 04, 2021 12:07 am
Forum: Beginner Basics
Topic: Setting up 1Gbps MGMT port on CRS317 and CCR2004 for out of band management
Replies: 6
Views: 571

Re: Setting up 1Gbps MGMT port on CRS317 and CCR2004 for out of band management

If it needs a separate default route and you can't use NAT or other rules for OOB to 'trick' it - then you'll need to use VRFs Keep in mind that management services DO NOT listen in VRF's - so you'll need to make the 'main' route table your management one, and create a separate vrf for normal/custom...
by joegoldman
Tue Mar 02, 2021 10:57 am
Forum: General
Topic: ASK [vpls PW]
Replies: 8
Views: 572

Re: ASK [vpls PW]

pretend is long cable but virtual.
by joegoldman
Tue Mar 02, 2021 7:51 am
Forum: Forwarding Protocols
Topic: OSPF priority for dynamic Interfaces
Replies: 4
Views: 1131

Re: OSPF priority for dynamic Interfaces

If there is no static entry in OSPF interface configuration, then parameters are taken from "all" entry. So you can adjust priority there to have all dynamic interfaces needed priority,
Would be good if we could make rules based on interface lists ;)
by joegoldman
Tue Mar 02, 2021 7:48 am
Forum: General
Topic: ASK [vpls PW]
Replies: 8
Views: 572

Re: ASK [vpls PW]

https://en.wikipedia.org/wiki/Virtual_private_network Pseudowire on there refers more to old technologies (such as ATM) but same principal applies (and is kind of in the name) pseudo - not genuine; spurious or sham So psuedo wire is 'not a real wire' meaning it emulates as if you had a direct connec...
by joegoldman
Tue Mar 02, 2021 2:50 am
Forum: Beginner Basics
Topic: Mikrotik - Enable Split Tunnel on L2TP VPN
Replies: 5
Views: 891

Re: Mikrotik - Enable Split Tunnel on L2TP VPN

L2TP VPN is a PPP style protocol in which the IP handed out is not a subnet but a /32 technically - so no broadcast and ARP learning exists, and the client machine does not generally enable a route for the remote subnet. If you clear use remote default gateway - you'll need to add routes specificall...
by joegoldman
Tue Mar 02, 2021 2:45 am
Forum: General
Topic: winbox multiple instances/databases
Replies: 5
Views: 399

Re: winbox multiple instances/databases

Someone on here successfully modified winbox in a hex editor to change default port - you could potentially modify the default database path and run one unmodified and one modified Beyond that - keeping your databases separate and import the right one each time you wanna swap between them is the onl...
by joegoldman
Sat Feb 27, 2021 3:14 am
Forum: Forwarding Protocols
Topic: Default Route advertisement eBGP failover
Replies: 9
Views: 1211

Re: Default Route advertisement eBGP failover

Only suggestion (which shouldn't change much) dont specify a prefix length on your default route accept rules - currently it appears to be '0' but try it with nothing specified / that field disabled (can't remember how to do this CLI but can change that on Winbox/Webfig) Other than that it'd require...
by joegoldman
Fri Feb 26, 2021 2:16 am
Forum: General
Topic: Winbox glitch
Replies: 14
Views: 1604

Re: Winbox glitch

Is this on a laptop using a trackpad?

If so - does the problem still happen if you plug in a mouse and try that way?
by joegoldman
Thu Feb 25, 2021 11:10 pm
Forum: General
Topic: Winbox glitch
Replies: 14
Views: 1604

Re: Winbox glitch

Are you using it on windows? Or another OS with WINE? Never had the problem with Windows - but have had 'similar' problems on WINE based installs (such as on my Ubuntu laptop) - nothing as bad as your describing - but generally updating WINE to the latest stable tends to help especially if you haven...
by joegoldman
Thu Feb 25, 2021 11:08 pm
Forum: Forwarding Protocols
Topic: OSPF priority for dynamic Interfaces
Replies: 4
Views: 1131

Re: OSPF priority for dynamic Interfaces

Depends what you mean by dynamic in OSPF - a dynamic interface can be created within OSPF based on Network addition (including physical interfaces) - is this the dynamic interface you mean? If so you will need to move the physical interfaces to 'static' and add your path cost etc. If you are talking...
by joegoldman
Thu Feb 25, 2021 11:04 pm
Forum: General
Topic: Cannot Use Multiple IPs
Replies: 13
Views: 1016

Re: Cannot Use Multiple IPs

No, it should not... If you try to ping "internet" from your broadcast address it works! Hrmm - can depend on vendor - some simply won't pass traffic to the defined network or broadcast address when actually configured as that subnet. If x.x.x.248/29 was actually routed via an interconnec...
by joegoldman
Thu Feb 25, 2021 10:28 pm
Forum: Forwarding Protocols
Topic: Default Route advertisement eBGP failover
Replies: 9
Views: 1211

Re: Default Route advertisement eBGP failover

You'd need to show your export (of at least /routing (including bgp and filters)) for us to start to understand what and why it should happen - and why it may not be. You may be filtering it out. You may have peer config slightly off. In a general scenario - Tower3 should still install a default rou...
by joegoldman
Mon Feb 22, 2021 10:59 pm
Forum: Beginner Basics
Topic: Rename interface: to what port is it connected to?
Replies: 5
Views: 470

Re: Rename interface: to what port is it connected to?

You can also use MAC address to determine - lowest will be first port, highest will be last port. But I find it better practice to have a naming scheme - where ether1 is the port - change it to 'ether1-WAN' or 'ether1-ISP' or 'ether1-Haus' - or some combo of the same to keep the interface type and n...
by joegoldman
Mon Feb 22, 2021 6:11 am
Forum: General
Topic: IP > Service > winbox/www - Not Able to Use DNS?
Replies: 3
Views: 322

Re: IP > Service > winbox/www - Not Able to Use DNS?

because people don't come 'from' DNS - i suppose sure you could put DNS record in there and have it resolve forward at a specific time or in intervals - or its possible to have it perhaps lookup PTR on an IP to see if it matches that field - but this is used primarily as a 'firewall' to stop auth fr...
by joegoldman
Mon Feb 22, 2021 1:12 am
Forum: General
Topic: Mikrotik BOX
Replies: 1
Views: 231

Re: Mikrotik BOX

I believe its an internal tool used by the staff - it is a self-hosted 'dropbox' style program where staff can give unique, expirable links etc for quick links to test versions or other files in the course of support tickets etc. I use something similar for my personal stuff using Nextcloud - not su...
by joegoldman
Mon Feb 08, 2021 12:09 am
Forum: Forwarding Protocols
Topic: BGP-Prefix anncouning problem
Replies: 1
Views: 541

Re: BGP-Prefix anncouning problem

We would need to see an export of your /routing bgp and /routing filters to start to help. Are you using summary routes? BGP Networks tab? Does the /22 exist in your route table? Does the /24 exist in your route table? If the /24 is learned by other BGP, does your instance have redistribute other BG...
by joegoldman
Sun Feb 07, 2021 1:32 am
Forum: Wireless Networking
Topic: Mikrotik LHG60 can be used 70.20 GHz frequency?
Replies: 5
Views: 966

Re: Mikrotik LHG60 can be used 70.20 GHz frequency

I hope that Mikrotik will unlock more frequencies for LHG60, considering that the frequencies that are at 70 GHz have considerably less attenuation of radio waves in dB/km. And it is possible to achieve a more stable link at greater distances. The better frequencies are also generally reserved for ...
by joegoldman
Wed Jan 27, 2021 10:52 pm
Forum: Forwarding Protocols
Topic: BGP Advertise specific route only to a specific peer
Replies: 5
Views: 984

Re: BGP Advertise specific route only to a specific peer

As a side note, instance out filter (bgp-out) is not working as it should. Normally it should be the global bgp-out filter, but it is not working at all when peers have different out filters set. I hope it gets fixed or maybe I am doing something wrong. Thanks a lot for the help. From the wiki : Ou...
by joegoldman
Fri Jan 22, 2021 5:59 am
Forum: General
Topic: Problem with IP/address and IP/route pref-source need some help
Replies: 2
Views: 398

Re: Problem with IP/address and IP/route pref-source need some help

On the connecting device (the other end of the wireless link) can you use mac-telnet or similar to achieve CLI access? the mac-protocols do not require active and correct subnetting to see their neighbors. Alternatively, you could configure yourself on the other end within the same subnet you placed...
by joegoldman
Thu Jan 21, 2021 10:59 pm
Forum: General
Topic: [Request] Winbox Default Port
Replies: 8
Views: 936

Re: [Request] Winbox Default Port

The idea was to set in winbox the default port it will try to connect to. This way I could still use the same old method that is typing only IP address in the "Connect To:" field without saving the host in the Managed list (for security reasons) Whats insecure about having it in the manag...
by joegoldman
Wed Jan 20, 2021 6:55 am
Forum: General
Topic: [Request] Winbox Default Port
Replies: 8
Views: 936

Re: [Request] Winbox Default Port

Without defining the port it will always use the default - but you can save your devices in the managed list with the port specified - you can save without password and add it in when you want to connect.
by joegoldman
Tue Jan 19, 2021 8:13 am
Forum: Forwarding Protocols
Topic: BGP Advertise specific route only to a specific peer
Replies: 5
Views: 984

Re: BGP Advertise specific route only to a specific peer

Ok thanks. So for that specific prefix in filters; I will just make chain = peer2-out , prefix= x.x.x.x/24, action = accept ? And chain = peer1-out, prefix = x.x.x.x/24, action = discard ? Essentially yes - but if i remember correctly if there's no rule to 'reject' your other prefixes then they wil...
by joegoldman
Tue Jan 19, 2021 5:39 am
Forum: RouterBOARD hardware
Topic: CSS610-8G-2S+IN - POE Version planned ?
Replies: 2
Views: 722

Re: CSS610-8G-2S+IN - POE Version planned ?

If you watch this video:

https://www.youtube.com/watch?v=Xh3oQKcMOmg

He indicates that the PCB has blank spots for extra POE components and theorises there's likely a POE version to come (shows the PCB as well)
by joegoldman
Tue Jan 19, 2021 5:37 am
Forum: The User Manager
Topic: Transparent Proxy
Replies: 1
Views: 1054

Re: Transparent Proxy

web proxy can not blacklist domain names for ssl/https transparently - which most modern sites use now no matter what. Non-transparent proxy gets around this by inspecting the CONNECT request sent to proxy-aware clients - but then can only filter based on domain (not subdir/querystring, e.g. 'facebo...
by joegoldman
Tue Jan 19, 2021 5:21 am
Forum: General
Topic: RouterOS .backup to .rsc/text
Replies: 4
Views: 583

Re: RouterOS .backup to .rsc/text

https://github.com/BigNerd95/RouterOS-Backup-Tools

Might help - other then that I believe support may have internal tools to extract info from backup as long as it isn't encrypted.
by joegoldman
Thu Jan 14, 2021 7:21 am
Forum: General
Topic: Has RouterOS been ripped off?
Replies: 2
Views: 475

Re: Has RouterOS been ripped off?

There is licensing - and branding packages available to routeros users. Depending how much you want to spend - im sure there's no limit to the amount of customisation you can ask for. It is more likely this is branded RouterOS as a commercial customer - and they are using integrated boards in their ...
by joegoldman
Tue Jan 05, 2021 11:02 pm
Forum: Forwarding Protocols
Topic: OSPF Default Route
Replies: 4
Views: 928

Re: OSPF Default Route

Depending on the setup - VRF's are also another option, where if the (many) subnets are on their own subinterfaces you could potentially have vrf1 using gw1, vrf2 using gw2, and assign the sub interface to the appropriate vrf based on which gateway they need to use. This introduces other issues such...
by joegoldman
Tue Jan 05, 2021 10:58 pm
Forum: General
Topic: ip flow ingress cisco and Mikrotik
Replies: 1
Views: 460

Re: ip flow ingress cisco and Mikrotik

ip flow command is just telling the cisco router what interfaces to watch for netflow/sflow exporting and has no bearing on the connection itself. You'd have to supply config for both the Cisco interface (sh run int <intname>) And the Mikrotik interface (/int gre export) Then we might be able to hel...
by joegoldman
Tue Jan 05, 2021 8:14 am
Forum: Scripting
Topic: Search and select best AP !!!
Replies: 3
Views: 600

Re: Search and select best AP !!!

What your asking is very vague. What are the client device types? What values do you want to compare, and what weight are each given? (i.e. how do you define the 'best' AP) For values that aren't detectable by an unconnected client, how do you intend to transmit those values to them? There's a lot o...
by joegoldman
Mon Nov 16, 2020 11:20 pm
Forum: General
Topic: Uptime rollover bug/SNMP
Replies: 3
Views: 513

Re: Uptime rollover bug/SNMP

497 days is a long time to go without security upgrades etc. Perhaps set up a yearly maintenance and upgrade cycle. Or at the least - have SNMP monitoring start warning at day 450, and become critical at day 480. Who knows - maybe uptime is 64bit int in newer version of RouterOS - a lot of new versi...
by joegoldman
Wed Oct 14, 2020 3:59 am
Forum: Beginner Basics
Topic: Accidently, I removed Interface ether1.
Replies: 5
Views: 837

Re: Accidently, I removed Interface ether1.


Is that even possible Normis? To remove the ethernet interface itself?
One would possibly assume accidentally removed it from the default bridge - which is why the device model is important - might be best to factory reset the device.
by joegoldman
Thu Oct 01, 2020 3:35 am
Forum: RouterBOARD hardware
Topic: NBN router for Australia
Replies: 4
Views: 1043

Re: NBN router for Australia

Hi Lui, RBM33G is an odd choice - and more an integrator part - Mikrotik have much more fully fledged Home/SOHO offerings (see hAP range) NBN in Australia is not a ubiquitous network (no not ubiquiti :P) in that it uses a mix of technologies from Fixed Wireless, to VDSL (FTTN,FTTC), HFC, Satellite a...
by joegoldman
Tue Sep 29, 2020 7:22 am
Forum: General
Topic: Reverse proxy (like nginx) in Mikrotik
Replies: 2
Views: 3249

Re: Reverse proxy (like nginx) in Mikrotik

No. Well maybe with L7 rules but I don't think so. And its not best to put reverse proxy in a router. Its not an all-in-one box, its a router. If you have control over both servers (nginx or apache) set one as the primary, and create a virtualhost for the other and reverse proxy from server 1 to ser...
by joegoldman
Tue Sep 22, 2020 3:33 am
Forum: General
Topic: PPPoE creation and PPPoE scan
Replies: 7
Views: 772

Re: PPPoE creation and PPPoE scan

you 100% can run multiple PPPoE servers on a single downstream interface - this is precisely why 'Service Name' was invented - so based on which service tag was issued it'd know which PPPoE server it was for. Why you are only seeing one, I don't know - might have something to do with the scan tool o...
by joegoldman
Fri Sep 18, 2020 9:04 am
Forum: General
Topic: Scheduler Reboot features not executing [SOLVED]
Replies: 4
Views: 556

Re: Scheduler Reboot features not executing [SOLVED]

Which will suck if Cloudflare DNS ever has a outage in their area :P Gotta be careful with watchdog ping - something in your control that you can move around is usually better, for instance I use a VRRP IP on 2 of my core routers so if a remote routers watchdog ping to that goes down either my whole...
by joegoldman
Fri Sep 18, 2020 5:17 am
Forum: General
Topic: Scheduler Reboot features not executing [SOLVED]
Replies: 4
Views: 556

Re: Scheduler Reboot features not executing [SOLVED]

Those checkboxes are the scripts 'permissions' so to speak, so you've given that script permission to do a reboot, but you still must have a script to do the reboot.
/system reboot
edit: You'll probably also want to set the interval to 1d as well if im not mistaken.
by joegoldman
Mon Sep 14, 2020 10:26 am
Forum: Announcements
Topic: v6.46.7 [long-term] is released!
Replies: 45
Views: 13460

Re: v6.46.7 [long-term] is released!

Hi Shouldn't we be seeing the changelog from 6.45.9 to 6.46.7 not from 6.46.6 ? Going up a major version in a long-term release should be looked over a bit more carefully before we take the plunge. Also what is the process for 'upgrading' a routerboard that does not have direct internet access from ...
by joegoldman
Wed Sep 09, 2020 2:09 pm
Forum: General
Topic: Multiple queues for pppoe user
Replies: 5
Views: 1015

Re: Multiple queues for pppoe user

Because you are dynamically creating queue from ppp profile - traffic matches that first and is used so never hits the other queue. I haven't tried this solution before but your better bet is probably to make both queue's 'static' i.e. created and packet mark individually (or packet mark one then ha...
by joegoldman
Tue Sep 01, 2020 3:02 am
Forum: Announcements
Topic: WinBox v3.25 released!
Replies: 68
Views: 10003

Re: WinBox v3.25 released!

Problems with Winbox UI I'd like to see fixed 1) Category Grouping Happening for quite a while, it used to work as expected - the 'Show Categories' grouping only bases and groups based on 'First Character' (on any field), for instance if I have 5 routers with Username 'joe' and 5 routes with usernam...
by joegoldman
Thu Aug 27, 2020 1:12 am
Forum: RouterOS v7 BETA
Topic: Y u no can specify an interface in routers like you used to be able to?
Replies: 5
Views: 782

Re: Y u no can specify an interface in routers like you used to be able to?

More info required. What are you trying to do. What version are you running. What hardware are you running.
by joegoldman
Wed Aug 26, 2020 2:36 am
Forum: General
Topic: Router overhead
Replies: 2
Views: 368

Re: Router overhead

Its not just the router - remember that those speedtests generally show your average speed over the span of the test, so if you took a few seconds to ramp up to 100mbps, then the few seconds at lower speeds are then factored into your average. Along with that you have overhead in whatever protocol t...
by joegoldman
Wed Aug 26, 2020 2:30 am
Forum: General
Topic: Architecture and growth - how to know when to change
Replies: 7
Views: 1651

Re: Architecture and growth - how to know when to change

I think you are also expecting too much of sub-set services. The CCR's are not made to be an ISP grade DNS resolver. DNS server is mostly built in to do its own lookups - and recursive for local cache in the stance of home/smb/corporate. When you are talking 100's or 1000's of clients, and waterfall...
by joegoldman
Mon Aug 24, 2020 2:12 am
Forum: General
Topic: 2 BRAS With Same IP pool LIST
Replies: 7
Views: 1501

Re: 2 BRAS With Same IP pool LIST

RADIUS is the only answer if you want to use overlapping pool on both BRAS - which is common if using public IPv4 due to IP availability. You could potentially have scripts running to help manage this but it'd be messy and not fool proof so not great. RADIUS can manage a pool though if you don't wan...
by joegoldman
Fri Aug 14, 2020 7:48 am
Forum: Beginner Basics
Topic: Aggregate 2 CRS 125 24G 1S switches
Replies: 2
Views: 880

Re: Aggregate 2 CRS 125 24G 1S switches

They do not support stacking. You design this as a L2 network with whats required. Safest way is probably to plug 2nd switch into next port on router place the 2 switch uplinks on the router into a bridge and move any sub-interfaces(vlans) to that bridge interface, so the VLAN's span across the 2 sw...
by joegoldman
Wed Aug 12, 2020 9:41 am
Forum: General
Topic: Nth Load balancing -Slow speed
Replies: 7
Views: 1504

Re: Nth Load balancing -Slow speed

As said above - load balancing per packet or similar systems won't work well on jittery connections - your best bet to use the 6mbit combined is to do it per connection, so a stream always uses only 1 SIM, and yes means that one stream is limited to 3mb, but as more connections happen it will balanc...
by joegoldman
Thu Aug 06, 2020 1:57 am
Forum: RouterBOARD hardware
Topic: The big CCR2004 reboot thread (was 2004 hardware issues?)
Replies: 192
Views: 25281

Re: 2004 hardware issues?

Something like this is better sent to support@mikrotik.com to start a real case - this is a discussion forum not a proper support channel.
by joegoldman
Wed Jul 29, 2020 12:52 am
Forum: Beginner Basics
Topic: Different VLAN SVIs?
Replies: 2
Views: 912

Re: Different VLAN SVIs?

SVI, from my understanding, is jut a L3 interface for L2 VLAN to attach. Similar concept in RouterOS would be bridges, and assigning ports/vlan interfaces to the bridge, the bridge interface is now the 'SVI'. Depending on your device depends on how you'd do this though. Your better bet would be to s...
by joegoldman
Wed Jun 10, 2020 5:58 am
Forum: General
Topic: ccr1036 shutdown with smart plug - schedule on/off
Replies: 2
Views: 592

Re: ccr1036 shutdown with smart plug - schedule on/off

Will not damage turning off an on too bad. There is a shutdown process in RouterOS that you could use 10 mins before you turn off smart plug, but it sounds like a residential install which a 1036 is SUPER overpowered for, why not replace with a 3011 or ccr1009 that has passive cooling only or someth...
by joegoldman
Thu May 28, 2020 2:51 am
Forum: Announcements
Topic: Winbox v3.24 released!
Replies: 106
Views: 64793

Re: Winbox v3.24 released!

It'd be really great if you can fix group sorting I put all my routers into groups, then I sort by group and go 'Show Categories' - this used to work in that it would be unique per group, but for the last few releases it does it by first letter, so if I have a heap of Client1 Client1 Client2 Client2...
by joegoldman
Wed Apr 29, 2020 2:09 pm
Forum: Announcements
Topic: MikroTik newsletter May 2020 (#95)
Replies: 50
Views: 30762

Re: MikroTik newsletter May 2020 (#95)

Will CCR2X series come out straight with ROSv7 or will it be part of the v6 family first?
by joegoldman
Wed Apr 29, 2020 4:48 am
Forum: Beginner Basics
Topic: pleas help me [SOLVED]
Replies: 5
Views: 2305

Re: pleas help me [SOLVED]

It is always Best practice not to use your real Public IPs as an example... Your ISP gave you a /30 Subnet Block, lets say X.Y.Z.136/30 ... One of there addresses, usually the first one, so the 176.74.123.137 will be used by your ISP. The second one 176.74.123.138 must be used by you and setup on t...
by joegoldman
Mon Apr 06, 2020 2:36 pm
Forum: General
Topic: Fighting spam with a standard firewall
Replies: 10
Views: 2465

Re: Fighting spam with a standard firewall

Can you be more specific on what type of spam you are concerned about?? How to autodetect infected or spammer users what criteria do you want to be blocking them based on? You could monitor connection limits on standard ports and block users if they are connecting too much, but usually spam is dete...
by joegoldman
Mon Apr 06, 2020 2:22 pm
Forum: General
Topic: VRF basics - layer 3 separation
Replies: 2
Views: 1335

Re: VRF basics - layer 3 separation

In outside relation to your actual issue - please be aware that management services in RouterOS are not VRF aware and will not talk back to you via the VRF even if you can connect to it via that.

Your best bet is to leave main as management and create customer VRF's on top.
by joegoldman
Sun Mar 29, 2020 7:26 am
Forum: General
Topic: why
Replies: 4
Views: 1674

Re: why

Using quick set - you are correct changing subnet will delete the existing IP on it that you are likely connected through. You can get around this with mac-winbox (connect via MAC address not IP) that way IP's changing doesn't matter Or do it manually, dualstacking both IP's until you have the new o...
by joegoldman
Fri Mar 20, 2020 2:54 pm
Forum: Beginner Basics
Topic: L2TP/IPSec and Windows 10 road warriors
Replies: 4
Views: 2443

Re: L2TP/IPSec and Windows 10 road warriors

I literally configured mine by starting from default config and going into PPP->L2TP server settings and ticking use IPSec, and then whatever config was default in /ip ipsec area. Maybe export what you have and give some sample of your logs of failed logins and we can help identify whats wrong.
by joegoldman
Fri Mar 20, 2020 2:51 pm
Forum: General
Topic: Winbox save custom layout
Replies: 1
Views: 968

Re: Winbox save custom layout

Yes. Things are saved in 'Sessions' Usually it is a unique session by IP address you are connecting to, and it auto saves by default when you log out So when you log back into the same router - It will load what you had opened when you left. I prefer to have auto save OFF - and I logged in to a test...
by joegoldman
Fri Mar 20, 2020 2:13 pm
Forum: Forwarding Protocols
Topic: no enforce-first-as in RouterOS?
Replies: 10
Views: 4204

Re: no enforce-first-as in RouterOS?

hello,
Please what is the mikrotik equivalent of "no bgp enforce-first-as" on cisco
This very thread explains the equivalent (none). Read it.
by joegoldman
Fri Mar 20, 2020 11:50 am
Forum: Wireless Networking
Topic: CAPsman - Is this possible ?? [SOLVED]
Replies: 12
Views: 5038

Re: CAPsman - Is this possible ?? [SOLVED]

Make a security config in capsman (Security Cfg. tab) Have that as your master password Under COnfigurations, create a config for each SSID Make each config reference the one Security config for their security (Top option under Security tab in new config window) Assign the different configs to the d...
by joegoldman
Wed Mar 18, 2020 12:12 am
Forum: Announcements
Topic: Photos of towers and masts
Replies: 81
Views: 37883

Re: Photos of towers and masts

Not a big mikrotik install - we use Mikrotik routers everywhere but not so much wireless gear for various reasons. However we have started using the new 60ghz products for short haul stuff - here is a recent install with redundant links (60ghz to about 600m away, airfiber for a few km away) https://...
by joegoldman
Mon Jan 13, 2020 5:14 am
Forum: Beginner Basics
Topic: MultiCast between VLANS (Chromecast vlan1) to/from (PC/Mobile vlan2)
Replies: 13
Views: 5659

Re: MultiCast between VLANS (Chromecast vlan1) to/from (PC/Mobile vlan2)

No there is no real way to do this - unless you properly bridge the VLAN's making them 1 big broadcast domain anyways in a sense. The correct way it seems is to use an avahi reflector so a server that has visibility to both networks and just relays the discovery packets between them. From my underst...
by joegoldman
Thu Jan 09, 2020 3:53 am
Forum: General
Topic: CCR1036 DC input?
Replies: 6
Views: 1783

Re: CCR1036 DC input?

We used 2 separate standalone generic 24v PSU's.

We actually crammed 4x24v PSU's in a 1RU box - to power 2x CCR1036's. The box had A+B AC feed, and each AC feed powered 2x PSU's, then one PSU from each feed into each CCR.
by joegoldman
Thu Jan 09, 2020 3:50 am
Forum: General
Topic: Filter Rule slow speed with it enabled.
Replies: 5
Views: 1221

Re: Filter Rule slow speed with it enabled.

Try use src-address or src-address-list to limit the rule only to certain IPs or just your LAN ips so its only checking outgoing connections and not incoming as well. With it enabled, how many hits is it getting (open it up and you will see the packets per second rate on the rule) Why are you just b...
by joegoldman
Tue Jan 07, 2020 12:45 am
Forum: Beginner Basics
Topic: NAT with multiple public IP
Replies: 1
Views: 2639

Re: NAT with multiple public IP

You will also need hairpin nat

https://wiki.mikrotik.com/wiki/Hairpin_NAT
by joegoldman
Fri Jan 03, 2020 8:11 am
Forum: General
Topic: Filter Rule slow speed with it enabled.
Replies: 5
Views: 1221

Re: Filter Rule slow speed with it enabled.

So many questions here. What is the router you are using? What is the filter rule? With it enabled, how many hits is it getting (open it up and you will see the packets per second rate on the rule) Why are you just blocking it rather than finding and fixing the offending machine(s)? (Or is this ISP/...
by joegoldman
Fri Jan 03, 2020 8:06 am
Forum: General
Topic: Starting small ISP Project
Replies: 2
Views: 766

Re: Starting small ISP Project

Generally, you use PPPoE (or IPoE which is just a cut down DHCP server in a lot of ways) with RADIUS accounting. You can do this with your own billing package or you can use usermanager which is a mikrotik available package. Usermanager is limited in its features and billing, its generally a lot mor...
by joegoldman
Wed Jan 01, 2020 11:14 am
Forum: Scripting
Topic: what port except gaming port ? [SOLVED]
Replies: 2
Views: 2502

Re: what port except gaming port ? [SOLVED]

just do where dst-port != <gaming port>

Gaming port will be dependant on the game, and ther emight be a few. YOu'll have to research for each game.

Then you can put a matcher for high priority on dst-port = and a lower a priority on dst-port != or something
by joegoldman
Tue Dec 31, 2019 12:02 am
Forum: RouterOS v7 BETA
Topic: ROS-7-xxx-Dev--X86-64Bit-BGP
Replies: 3
Views: 3737

Re: ROS-7-xxx-Dev--X86-64Bit-BGP

It's still beta. They are testing function by function. There will be no set date. Wait until first release candidate if you want feature parity to ROS6 , ROS7 beta's will likely go for a long time.
by joegoldman
Wed Dec 18, 2019 11:44 pm
Forum: Beginner Basics
Topic: Factory Reset Mikrotik Router - Lost internet
Replies: 6
Views: 1439

Re: Factory Reset Mikrotik Router - Lost internet

You will need to reconfigure to suit your ISP, you may need to call them and ask them, do you need DHCP on the WAN, do you need PPPoE, set up the WAN then set up NAT etc - a lot of it may be possible through quick set, you'll just need to know what is needed from your ISP.
by joegoldman
Wed Dec 18, 2019 12:00 pm
Forum: General
Topic: Port 80/443 block, except few Microsoft dev sources
Replies: 8
Views: 1409

Re: Port 80/443 block, except few Microsoft dev sources

This is more a job for a content firewall but it may be possble with some L7 matching rules - they are taxing on the router CPU so depends how much traffic you have but should be possible with some management overhead.
by joegoldman
Wed Dec 18, 2019 9:35 am
Forum: Beginner Basics
Topic: Publishing multiple web servers
Replies: 3
Views: 1487

Re: Publishing multiple web servers

Dont know about TMG - but a slimline NGINX reverse proxy running on even a RPi (or small VM if you have VM hardware) is your only bet to route via host header. The Mikrotik only see's the TCP stream and can't really jump into the packets and determine host header - thats read by the webserver when i...
by joegoldman
Sun Dec 15, 2019 9:18 am
Forum: RouterBOARD hardware
Topic: CCR1036-8G-2S+EM physical ethernet port, where to get?
Replies: 5
Views: 3304

Re: CCR1036-8G-2S+EM physical ethernet port, where to get?

If everything else works besides that port - I think your best bet is to just accept the loss and run one port down, and plan on buying a new one. If you really need the extra port(s) perhaps look at a cheap-ish managed switch and breakout from that using VLAN's. I believe the level of repair you ar...
by joegoldman
Wed Dec 11, 2019 8:59 am
Forum: Announcements
Topic: v6.47beta [testing] is released!
Replies: 269
Views: 137765

Re: v6.47beta [testing] is released!

In v6.47beta there is a new menu added - "/system health gauges". You should use this for polling "Health" related data from all the RouterBOARDs.
Does this come with new associated MIBs / OID's? Or more for polling via API?
by joegoldman
Wed Dec 11, 2019 7:31 am
Forum: Wireless Networking
Topic: LHG60 with 5Ghz Backup
Replies: 21
Views: 4946

Re: LHG60 with 5Ghz Backup

If you happen to use Extreme switches, I found the PERFECT solution. Port Redundancy. Or an open standard like most switches LACP in an active/backup mode. Or could use multiple links into routers and OSPF cost metrics or MPLS with traffic engineering. There are multiple solutions to the problem, b...
by joegoldman
Wed Dec 11, 2019 4:01 am
Forum: RouterBOARD hardware
Topic: What is your opinion of Mikrotik routers?
Replies: 3
Views: 3177

Re: What is your opinion of Mikrotik routers?

As routers, like you said, their benefit comes in flexibility and price. Any model can do just about anything, i.e. tiny little $40 routers doing OSPF, BGP, MPLS etc. Once you know RouterOS you can do a lot. YOu just have to be more mindful of your updates, a bit more overhead in management and chan...
by joegoldman
Wed Dec 11, 2019 3:52 am
Forum: General
Topic: Limit Instagram App Speed
Replies: 4
Views: 1518

Re: Limit Instagram App Speed

It would work for a while but these domains have many IP's and could be routed to many endpoints. Your better bet would be some kind of L7 matching rule to get the domain and/or the CDN domains underneath, perhaps capture traffic on a few instagram app processes and see what domains it hits for data...
by joegoldman
Tue Dec 10, 2019 9:54 am
Forum: General
Topic: Cannot connect to services running on LAN machines, from the same LAN
Replies: 2
Views: 730

Re: Cannot connect to services running on LAN machines, from the same LAN

It is more likely this is a host firewall issue - on the same broadcast domain never really hits filter rules unless you have firewall filtering on the bridge interface enabled - within the same LAN it should all keep going. I don't believe this to be a mikrotik problem at all, check firewall on the...
by joegoldman
Tue Dec 10, 2019 8:58 am
Forum: Beginner Basics
Topic: Is it possible to make Mikrotik loop back?
Replies: 5
Views: 1751

Re: Is it possible to make Mikrotik loop back?

What you are looking for is hairpin NAT

https://wiki.mikrotik.com/wiki/Hairpin_NAT
by joegoldman
Sat Dec 07, 2019 7:55 am
Forum: General
Topic: Set Daily download limit
Replies: 1
Views: 639

Re: Set Daily download limit

You will need to use some kind of billing / user system based on RADIUS - the mikrotik built in one would be usermanager - it has very basic features and can integrate with pppoe, hotspot etc, or there are much more feature filled billing systems out there that you can use also.
by joegoldman
Sat Dec 07, 2019 7:54 am
Forum: Forwarding Protocols
Topic: Ospf multi ext gateway
Replies: 2
Views: 2096

Re: Ospf multi ext gateway

Its never too early to implement MPLS. The earlier you do it the less hassle you'll have to endure later. If your hoping to do it purely in OSPF - you will either need to run 2 route tables (VRF's) so they can have different gateways. You can separate the customers by either placing them directly in...
by joegoldman
Fri Nov 29, 2019 4:49 am
Forum: General
Topic: The sad state of OpenVPN
Replies: 12
Views: 4970

Re: The sad state of OpenVPN

Mikrotik were adding new features to OpenVPN in the ROSv7 Beta - so its likely they are going to concentrate on it again - its possible some of the limitations were based on the older kernel and now they putting the newer kernel in they might be able to expand support.
by joegoldman
Tue Nov 26, 2019 2:36 am
Forum: Virtualization
Topic: CHR 6.44.6 with VMWARE 6.7 dont balance cpus
Replies: 12
Views: 4070

Re: CHR 6.44.6 with VMWARE 6.7 dont balance cpus

My answer is still valid. I think you misunderstand CPU loads - you can never really perfectly balance processes among all CPU's. 'Ethernet' could have multiple threads. Thats why you see it on multiple CPU's, and on every CPU 'Firewall' could have multiple threads. Thats why you see it on multiple ...
by joegoldman
Tue Nov 26, 2019 12:32 am
Forum: Wireless Networking
Topic: Can we request for 2 types of firmware? [SOLVED]
Replies: 8
Views: 4669

Re: Can we request for 2 types of firmware? [SOLVED]

This will have a lot to do with moving to v7 on a 4.x kernel. The main reason for the custom drivers with new chipsets would be likely due to backporting to fit the older 2.x kernel that ROSv6 is running on (i believe its 2.x) Very excited for first official build of v7 with feature parity, so we ca...
by joegoldman
Wed Nov 13, 2019 6:54 am
Forum: Virtualization
Topic: CHR 6.44.6 with VMWARE 6.7 dont balance cpus
Replies: 12
Views: 4070

Re: CHR 6.44.6 with VMWARE 6.7 dont balance cpus

It is using all CPU's, you can actually see all but 2 CPU's with 'some' usage on them. In particuluar though it looks like 2 specific threads are busier, and are using a CPU each. A lot of processes in RouterOS are not perfectly multi-threaded. Some processes when they get busy will only use 1 CPU c...
by joegoldman
Sun Nov 10, 2019 12:40 pm
Forum: Wireless Networking
Topic: Chromecast is not discoverable on second AP
Replies: 10
Views: 3301

Re: Chromecast is not discoverable on second AP

they use mDNS / Bonjour protocols, so devices must be on the same broadcast domain - your best bet is to use some sort of proxy device that sits on both LANs and can relay the relevant discovery packets.
by joegoldman
Wed Oct 30, 2019 2:55 am
Forum: General
Topic: Multiple ISP w/ Bandwidth Sensitivity
Replies: 2
Views: 898

Re: Multiple ISP w/ Bandwidth Sensitivity

Yes some of it easier than others, walking you through it is likely a fruitless endeavour as it would require a decent amount of working knowledge. For routing certain devices via one internet connection look at routing marks and route tables to change the route for those singular devices. For your ...
by joegoldman
Mon Oct 28, 2019 1:59 pm
Forum: General
Topic: WAN DHCP Lease Renew Abnormal with NBN
Replies: 11
Views: 3134

Re: WAN DHCP Lease Renew Abnormal with NBN

Even if i request static ip address from ISP, the static ip is also delivered thru DHCP. No...! Ofcorse you can assign that static IP to an interface without the need of a dhcp client... Be sure of what you write before you tout it as gospel - this is DHCP but its mostly IPoE which is not your conv...
by joegoldman
Wed Oct 23, 2019 10:26 pm
Forum: RouterOS v7 BETA
Topic: Scope of v7.0
Replies: 6
Views: 4421

Re: Scope of v7.0

Is the scope of the first release of v7 covered by current beta? In other words is the current beta functionality-wise complete? I believe the plan is to be on parity with latest 6.4x releases - the main difference being its on new kernel and will enable certain performance increases and possible n...
by joegoldman
Wed Oct 23, 2019 1:24 am
Forum: General
Topic: Mikotik routing marks
Replies: 13
Views: 2564

Re: Mikotik routing marks

DO a full /export hide-sensitive so we can get an idea of your full setup.
by joegoldman
Thu Oct 17, 2019 4:55 am
Forum: Beginner Basics
Topic: mikrotik router date and time is false
Replies: 2
Views: 1477

Re: mikrotik router date and time is false

System->Clock to set it manually
System->SNTP Client to set it up to talk to an NTP server to set it automatically.
by joegoldman
Tue Oct 15, 2019 12:37 am
Forum: RouterBOARD hardware
Topic: New High Performance Routers ! ?
Replies: 82
Views: 17318

Re: New High Performance Routers ! ?

I see that it wont be happening at all in the near future. I'd hazard a guess at something by mid-2020, we have QSFP switches now I'm expecting a companion router - and not tile, less cores, more power per core, based on Router OS 7.0 (perhaps even a high powered ARM device given the 7.0beta has be...
by joegoldman
Sat Oct 12, 2019 11:47 am
Forum: Scripting
Topic: Script out entire router configuration or just a section of it?
Replies: 4
Views: 2364

Re: Script out entire router configuration or just a section of it?

Yes for templates I tend to set up a device how I like it and '/export' the entire config then go through it separately and turn certain things into variables with a config section up the top - so its easier and quicker to edit for different routers. I find you need to have a template version per de...
by joegoldman
Sun Sep 29, 2019 1:34 pm
Forum: Wireless Networking
Topic: CAPsMAN 5G and 2G network at same time
Replies: 11
Views: 4385

Re: CAPsMAN 5G and 2G network at same time

Same SSID and password, and let the client decide. There will be very limited cases where devices that wont prefer 5G will need 5G. If they are static devices (such as TV's) then you can ACL them onto 5G but ultimately if they are not bandwidth heavy then it won't really matter all that much.
by joegoldman
Tue Sep 24, 2019 2:48 am
Forum: RouterBOARD hardware
Topic: Recover from "No Default Configuration" System Reset
Replies: 17
Views: 5685

Re: Recover from "No Default Configuration" System Reset

you can also run winbox under wine with mac-winbox working OK - can be a bit iffy but it does work. Sometimes you have to wait for the device to go to link-local address (wont detect the router while still searching for IP) or just set a static IP. Once connection 'established' on your linux box, wi...
by joegoldman
Sun Sep 22, 2019 4:16 am
Forum: General
Topic: CRS 328 SFP+ Speed
Replies: 5
Views: 1482

Re: CRS 328 SFP+ Speed

Theoretically - as long as the disks in the NAS etc can sustain 10gbps, then yes the switch will forward 10gbps as long as its properly configured to use the switch chip.

When it's using the switch chip, it will forward traffic at full wire speed.
by joegoldman
Sat Sep 21, 2019 4:51 pm
Forum: General
Topic: CRS 328 SFP+ Speed
Replies: 5
Views: 1482

Re: CRS 328 SFP+ Speed

As ste is alluding to - the CRS is for switching, traffic generator would require the packets to hit the CPU and not be handled purely in switch chip. TO test speed of your CRS328 you would need something out another port to push to the CCR1009, so you are testing the CRS forwarding capability - whi...
by joegoldman
Wed Sep 18, 2019 2:52 am
Forum: General
Topic: CRS317-1G-16S+ Suddenly Stopped Hardware forwarding
Replies: 0
Views: 775

CRS317-1G-16S+ Suddenly Stopped Hardware forwarding

Hi Forum, Not sure if anyones seen this issue. I have a CRS317-1G-16S+ in production currently running 6.43.4. I have all running switchports in the bridge, with SFP+1 and SFP+2 in a Bonding interface, which is also in the bridge, and indicated hardware in the bridge port list for hardware offload. ...
by joegoldman
Fri Sep 13, 2019 4:37 am
Forum: Beginner Basics
Topic: Setting Mikrotik with Leased Line Topology
Replies: 8
Views: 1898

Re: Setting Mikrotik with Leased Line Topology

I've steered you to the likely answer - give it a go and tell me if it works. If you are not understanding what I am explaining then perhaps this task is beyond your capabilities and you should hire someone to help you. My explanation explains why you would not be able to ping the web server from yo...
by joegoldman
Thu Sep 12, 2019 7:18 am
Forum: Beginner Basics
Topic: Setting Mikrotik with Leased Line Topology
Replies: 8
Views: 1898

Re: Setting Mikrotik with Leased Line Topology

yep so .161 doesnt know how to get back to you, which likely means you are presenting as your internal IP 192.168.88.x. Like a normal internet connection, you'll need to NAT your connection out of that interface. /ip firewall nat add chain=srcnat action=masquerade out-interface=<whatever interface t...
by joegoldman
Thu Sep 12, 2019 6:52 am
Forum: Beginner Basics
Topic: Setting Mikrotik with Leased Line Topology
Replies: 8
Views: 1898

Re: Setting Mikrotik with Leased Line Topology

You'll likely also have to set a NAT rule to src-nat (or masquerade) for traffic out that interface as well, so it will appear as coming from 10.10.10.162 (as their network likely does not have a route back to you for 192.168.88.0/24)
by joegoldman
Thu Sep 12, 2019 4:41 am
Forum: Wireless Networking
Topic: 420Mbps inside trafic
Replies: 2
Views: 1152

Re: 420Mbps inside trafic

that is specifically the CAPsMAN tunneling protocol - not sure why so much data would be going through it if not doing rolling upgrade etc - having it on all interfaces like that makes me think a bridge or loop issue. Perhaps see if you can capture the traffic and load it up in wireshark so you can ...
by joegoldman
Thu Sep 05, 2019 2:57 pm
Forum: General
Topic: Netflow and AS
Replies: 1
Views: 923

Re: Netflow and AS

It's been requested for years and never made it in, not really sure what the technical hurdle to this is apart from perhaps too many expensive route table lookups to get that information (RIB vs FIB), think about how long it takes to search the route table sometimes compared to other routing OS's. O...
by joegoldman
Tue Sep 03, 2019 7:39 am
Forum: Scripting
Topic: Changing autorun.scr no longer works
Replies: 7
Views: 3275

Re: Changing autorun.scr no longer works

This is a user forum - so yes wrong way to get an official answer. Email their support staff, support@mikrotik.com I believe is still the current one.
by joegoldman
Mon Aug 12, 2019 5:36 am
Forum: RouterBOARD hardware
Topic: CRS312, CRS326-24S+2Q+ MIPSBE CPU?
Replies: 7
Views: 4785

Re: CRS312, CRS326-24S+2Q+ MIPSBE CPU?

I'm sure QSFP+ enabled routers (CCR2xxx) range will be in the pipeline, these switches are basically the introduction to them. A 1072 equivalent with 2x QSFP and 6+ SFP+ ports will be magical for core routing.
by joegoldman
Mon Aug 12, 2019 4:32 am
Forum: RouterBOARD hardware
Topic: CRS312, CRS326-24S+2Q+ MIPSBE CPU?
Replies: 7
Views: 4785

Re: CRS312, CRS326-24S+2Q+ MIPSBE CPU?

These aren't marketed (or priced) as full L3 switches. Yes you can route ports to CPU and run some L3 functions, but it is not a fully featured / full wire rate L3 switch, so if thats what you want this product for then this product is not for you. You'd have to send in your recommendations to Mikro...
by joegoldman
Mon Aug 05, 2019 1:50 am
Forum: Forwarding Protocols
Topic: 'Mesh' Network MPLS design
Replies: 0
Views: 2111

'Mesh' Network MPLS design

Hi Forum, Running a decentralised mesh style network, where we have 10-20 sites interconnected via PtP links in big and small loops. Each site terminates PPPoE services locally and installs the customer route in the route table via OSPF - this is working well so far. However I have been thinking of ...
by joegoldman
Mon Aug 05, 2019 1:40 am
Forum: General
Topic: MTU settings for provider network
Replies: 0
Views: 642

MTU settings for provider network

Hi Forum, Looking to know your thoughts on MTU settings for provider networks. We run a decentralised core style setup - a PtMP wireless network from multiple tours. Each tower has an RB1100AHx4 or an RB3011 at the bottom, these routers terminate all local PPPoE sessions and then run OSPF between th...
by joegoldman
Wed Jul 17, 2019 9:49 am
Forum: General
Topic: VLAN within a VLAN
Replies: 5
Views: 1101

Re: VLAN within a VLAN

Yes Possible, its called Q-in-Q. On Mikrotik its more referred to as S-tag, which would be the outer tag. So you could potentially: VLAN100 - STag enabled VLAN101 - Parent Int VLAN100 VLAN102 - Parent Int VLAN100 etc but networks between you and remote need to support you tagging this way too, they ...
by joegoldman
Mon Jul 08, 2019 1:57 pm
Forum: General
Topic: CSS610-8P-2D+OUT availability
Replies: 3
Views: 1089

Re: CSS610-8P-2D+OUT availability

Considering the only reference to that part number I can find is this one thread, you'll have to be more specific at what device your looking at. Do you have a link to the announcement for it?
by joegoldman
Mon Jul 08, 2019 12:56 am
Forum: General
Topic: RULE for BANKS
Replies: 15
Views: 2328

Re: RULE for BANKS

Your request is way too ambitious and unlikely. The easiest way is to look at the different RIR's, and find banking organisations, then you will have their IP blocks. Not all banks are likely to have their own allocation though. Then you get those who host their user services front-end in a cloud li...
by joegoldman
Mon Jul 08, 2019 12:53 am
Forum: Forwarding Protocols
Topic: OSPF Force path for specific subnet
Replies: 6
Views: 2956

Re: OSPF Force path for specific subnet

Static routes, with check-gateway = ping.

So if Link A is your defailt and you want a specific subnet to go via Link B, then static route with check gateway on Link B (or a netwatch script, which is just as simple), so if Link B dies that traffic goes back via Link A
by joegoldman
Sun Jul 07, 2019 11:16 am
Forum: SwOS
Topic: CSS326-24G-2S+RM POE
Replies: 1
Views: 2539

Re: CSS326-24G-2S+RM POE

Your switches are likely 802.3at/af Active PoE type switches - which is a common standard that a lot of things use, including some models of mikrotiks. The CSS326 unfortunately only accepts 24v Passive PoE in. The pinout is different, and voltage is different. Some switches, specifically managed, ca...
by joegoldman
Thu Jul 04, 2019 2:32 pm
Forum: Beginner Basics
Topic: Advice | Recommendation for new router
Replies: 10
Views: 2173

Re: Advice | Recommendation for new router

hAP ac / ac Pro if you want something smaller/cheaper

RB4011 if you want a beast of a router.
by joegoldman
Thu Jul 04, 2019 2:26 pm
Forum: Beginner Basics
Topic: admin password recovery
Replies: 6
Views: 2730

Re: admin password recovery

Do you have any .backup files? I believe they contain user passwords in them that can be extracted. Other then that, its too new for the old password database hack, you might not have much choice but to factory reset and rebuild - and learn a lesson on having multiple accounts/passwords or complete ...
by joegoldman
Thu Jul 04, 2019 2:23 pm
Forum: Beginner Basics
Topic: How to setup Captive Portal on Mikrotik Router?
Replies: 1
Views: 4595

Re: How to setup Captive Portal on Mikrotik Router?

https://wiki.mikrotik.com/wiki/Hotspot_server_setup

https://wiki.mikrotik.com/wiki/HotSpot_ ... login_page

Mikrotik doesnt host PHP pages natively, if you want a PHP page specifically you'll have to externally host it and have your hotspot configured to point to it (all info in those 2 links)
by joegoldman
Thu Jul 04, 2019 2:21 pm
Forum: General
Topic: Choice router for central speed test
Replies: 7
Views: 1567

Re: Choice router for central speed test

RB1100AHx4 or RB3011 - they have faster cores vs the CCR range which have many slower cores. 1100 or 3011 shoul dbe OK for 100mbit throughput testing.
by joegoldman
Wed Jul 03, 2019 11:23 pm
Forum: General
Topic: unwanted change of source IP in my traffic
Replies: 6
Views: 1104

Re: unwanted change of source IP in my traffic

add action=masquerade chain=srcnat
This piece right here will masquerade all traffic everywhere. Define this better or get rid of it.
by joegoldman
Wed Jul 03, 2019 1:58 am
Forum: Scripting
Topic: Script to disable Wlan when no user are logged on
Replies: 8
Views: 2867

Re: Script to disable Wlan when no user are logged on

Well - if its allowing for business hours, you'd disable wifi once last person logs off after say 5-6pm, so it doesnt force them off at a set time in case they are working back, but then leave it off till predetermined time like 7am. All depends on the setup and intent but makes sense to an extent, ...
by joegoldman
Tue Jul 02, 2019 2:27 pm
Forum: RouterBOARD hardware
Topic: RB4011 Metal temperature is really hot
Replies: 53
Views: 19911

Re: RB4011 Metal temperature is really hot

you will need active cooling, so buy a model with active cooling (RB1100AHx4 would be my suggestion).
Be careful choosing device, both RB1100AHx4 models have passive cooling!
Hrmm i swear I remember fan holes on the back of 1100 case - maybe im thinking older model? My bad.
by joegoldman
Tue Jul 02, 2019 3:06 am
Forum: RouterBOARD hardware
Topic: RB4011 Metal temperature is really hot
Replies: 53
Views: 19911

Re: RB4011 Metal temperature is really hot

you need to buy hardware for the installation, not just for the specs. If you are working in hot environments with no natural airflow / air-con then you will need active cooling, so buy a model with active cooling (RB1100AHx4 would be my suggestion). There is more to product selection then just spec...
by joegoldman
Tue Jul 02, 2019 2:01 am
Forum: General
Topic: Customer Traffic through Multiple Queues
Replies: 1
Views: 605

Customer Traffic through Multiple Queues

Hi Forum, Having an interesting problem I'd like to try figure out. I use PPPoE on my network for subscribers, when they login they get a dynamic pppoe interface simple queue, lets say 10mbit. On the transit side, I'd only like them to get 5mbit But local resources able to get the full 10mbit. My id...
by joegoldman
Sun Jun 30, 2019 8:34 am
Forum: General
Topic: Out of the box problem with GUI
Replies: 3
Views: 972

Re: Out of the box problem with GUI

On the quickset page, after ticking address acquisition to be 'Automatic' you have to hit 'Apply Configuration' down the bottom right for it to stick. Then you can go into Webfig, go to ip->addresses to see the address asigned to you, or you can go ip->dhcp client to see the status of your dhcp requ...
by joegoldman
Thu Jun 27, 2019 12:56 am
Forum: General
Topic: Best Way to Isolate Bridges to Reach Each Other's IPs
Replies: 26
Views: 4309

Re: Best Way to Isolate Bridges to Reach Each Other's IPs

just easy forward rule, in-interface=a, out-interface=b action=drop, and vice versa, that way no traffic can go between a and b.
by joegoldman
Wed May 29, 2019 2:54 am
Forum: General
Topic: NBN FTTC TPG NCD + MT
Replies: 2
Views: 1161

Re: NBN FTTC TPG NCD + MT

This is more a TPG thing then a NBN or even Mikrotik thing - so the post probably has little relevance here - might be a good post for the Australian Whirlpool forums or something. In particular though, your question of whether or not using your buddies username would give you more speed - the answe...
by joegoldman
Tue May 21, 2019 3:11 am
Forum: General
Topic: Very unusual situation Two bad CCRs in a row?
Replies: 1
Views: 676

Re: Very unusual situation Two bad CCRs in a row?

Its unlikely to be a hardware issue if 2 are doing it. 3011 and ccr1009 are fundamentally different in configurations of ports (switch vs routed etc etc) so there may be snafu's in the config. Post an /export hide-sensitive and mask any identifiable information, and explain which part exactly is not...
by joegoldman
Thu May 02, 2019 12:14 pm
Forum: Scripting
Topic: Script initiate Winbox windows?
Replies: 3
Views: 1084

Re: Script initiate Winbox windows?

I prefer not to use webfig - I want it for myself too as super user - so dont want to be logging out / in all the time, and I dont think the skinning tool is flexible enough, as I want the same tool but in many different configs, mostly I want the ping and traceroute tool but with specified src-addr...
by joegoldman
Thu May 02, 2019 12:45 am
Forum: Scripting
Topic: Script initiate Winbox windows?
Replies: 3
Views: 1084

Script initiate Winbox windows?

Hi *, I think I know the answer to this already (no) - but is there a way to make a script initiate a winbox GUI element? i.e. I run certain tests / traceroutes / pings etc with different VRF's or source IP's to test different parts of my network - it would be handy if I could 'pre-script' these so ...
by joegoldman
Wed May 01, 2019 2:11 pm
Forum: Forwarding Protocols
Topic: Create BGP communities [SOLVED]
Replies: 3
Views: 6994

Re: Create BGP communities [SOLVED]

yes, you dont 'create' communities, routes are tagged with community strings. So when you receive routes from a downstream peer, then when distributing upstream you use route filters community option to decide what to do with them, i.e. can block all routes with community 111:222 or whatever you cho...
by joegoldman
Tue Apr 30, 2019 2:14 am
Forum: General
Topic: implementation of bgp filters on ipv6 tab
Replies: 2
Views: 1001

Re: implementation of bgp filters on ipv6 tab

On routing filters, use Address Family option (IP or IPv6) to apply that filter to only one type of address, so you dont catch v4 and v6 together.
by joegoldman
Tue Apr 23, 2019 9:28 pm
Forum: Forwarding Protocols
Topic: Your experience with larger/diverse Area0 OSPF networks?
Replies: 19
Views: 4628

Re: Your experience with larger/diverse Area0 OSPF networks?

At only 7 sites in and 250 routes, we are already looking for a new solution before we grow out of control. There are a few options considering. Unfortunately OSPF will always need to be part of it, but thinking of moving OSPF to Loopback propagation only, and MPLS for customer routes. This can have...
by joegoldman
Mon Apr 22, 2019 11:30 am
Forum: Forwarding Protocols
Topic: OSPF LOOP [SOLVED]
Replies: 2
Views: 4711

Re: OSPF LOOP [SOLVED]

So is it mesh or is it ring? If ring network like you describe (but then add in x-connects between them), are you bridging the interfaces so all routers appear on 1 broadcast domain? If so then this would cause your issue. You may need to turn of OSPF broadcast stuff and to a PtMP style connection b...
by joegoldman
Mon Apr 22, 2019 11:26 am
Forum: General
Topic: Port Knocking, avoid scan-caused false positives?
Replies: 17
Views: 2960

Re: Port Knocking, avoid scan-caused false positives?

I would think to do it different. If they are doing a huge port scan, then maybe a rule where if dst-port = 5999,6001,6999,7001 then add to list portscanner then on your portknocking do src-address-list!=portscanner This should cover scanners going up and down the list, and covers you for hitting 70...
by joegoldman
Mon Apr 22, 2019 11:22 am
Forum: General
Topic: Walled Garden fbcdn.net
Replies: 4
Views: 1296

Re: Walled Garden fbcdn.net

It's because your rule is the first rule - and explicitly drops all https traffic. The rule that allows the walled garden values likely comes after that. paste your /ip firewall filter export and we may be able to tell you the best place to pop the rule. Walled garden setup already restricts user br...
by joegoldman
Mon Apr 22, 2019 9:43 am
Forum: General
Topic: Feature Request : Browser on Winbox
Replies: 12
Views: 13158

Re: Feature Request : Browser on Winbox

Or you can have port forwards - with firewall rule to stop certain IP's, or just enable the NAT while you are working on it etc etc. I go a step further and have port-knock on my devices that puts my current WAN IP in an address-ilst that is allowed to access NAT rules to access wireless gear behind...
by joegoldman
Mon Apr 22, 2019 4:14 am
Forum: General
Topic: How are hardware ports associated with names
Replies: 5
Views: 1441

Re: How are hardware ports associated with names

There is an attribute attached to the interface, more-so hidden in the details "default-name" (do an /interface print detail) - this will refer to the hard port as labelled, i.e. ether1 would be port1. This is a quick last resort, its not quick and easy information to grab. I tend to name ...
by joegoldman
Fri Apr 19, 2019 12:40 am
Forum: Beginner Basics
Topic: 0.0.0.253 ip
Replies: 10
Views: 1979

Re: 0.0.0.253 ip

post your config (/export hide-sensitive) in code tags and we may be able to help.
by joegoldman
Tue Apr 16, 2019 3:10 am
Forum: General
Topic: who can I hire to get a export to work as an import an a clone [SOLVED]
Replies: 7
Views: 1500

Re: who can I hire to get a export to work as an import an a clone [SOLVED]

the all-packages .zip files seem to work so you could download your architecture that way and then just upload the relevant packages that you have installed, bit of a round-a-bout way to do it though.
by joegoldman
Sat Apr 13, 2019 11:43 am
Forum: General
Topic: Mikrotik IP Cloud vs P2P
Replies: 8
Views: 1478

Re: Mikrotik IP Cloud vs P2P

IPv6 is still a second class citizen overall - I found many services where my IPv6 would take over but it would take a worse route or have a degraded service because someone somewhere in the path didnt put as much effort into their traffic engineering for IPv6 as they did IPv4, as IPv4 is the mainst...
by joegoldman
Mon Apr 08, 2019 8:23 am
Forum: General
Topic: Why can my /30 subnet can talk to other subnets?
Replies: 5
Views: 1138

Re: /30 subnet can talk to other subnets

It is because your clients and your router know where to look for each other. In a /24, they would talk directly as they are same broadcast domain, but in your example they are sending traffic to the router, and the router knows 'hey i know how to get to IP x' so routes it, no issue. Best thing to d...
by joegoldman
Wed Apr 03, 2019 1:48 pm
Forum: General
Topic: PPP Secrets - DNS Server
Replies: 3
Views: 1040

Re: PPP Secrets - DNS Server

Yes you could use the On Up and On Down scripting tool in ppp profiles, go over to the scripting part of the wiki and you'll be able to start making some scripts

https://wiki.mikrotik.com/wiki/Manual:Scripting
by joegoldman
Tue Apr 02, 2019 2:21 am
Forum: Scripting
Topic: Trying to create a script to enable Mikrotik DHCP server if Microsoft DCHP Server is down.
Replies: 2
Views: 849

Re: Trying to create a script to enable Mikrotik DHCP server if Microsoft DCHP Server is down.

Why not run a DHCP 24/7 but put it on authoritative with 2s or 10s delay, so the Microsoft server has time to respond to DHCP requests first if it doesnt then the mikrotik one will.
by joegoldman
Wed Mar 27, 2019 1:11 am
Forum: General
Topic: 10.000 Clients on One Server
Replies: 7
Views: 1326

Re: 10.000 Clients on One Server

You dont want one hardware failure taking out so many clients, given how cheap Mikrotik hardware is compared to other big platforms, I'd go with up to 5x 36cores with the intent of 2k per router, that way if one fails each router can just go up to 2.5k and handle the load easily.
by joegoldman
Tue Mar 26, 2019 11:46 pm
Forum: Forwarding Protocols
Topic: Make OSPFv3 use Global IPv6 addresses instead of LinkLocal? [SOLVED]
Replies: 3
Views: 5633

Re: Make OSPFv3 use Global IPv6 addresses instead of LinkLocal? [SOLVED]

Yes, this is quite common in IPv4 space as well, called a Loopback address. For nice traceroutes, I actually set pref-source on all routes to the loopback address too so you dont have to name / PTR and catalog all the interface addresses.
by joegoldman
Tue Mar 26, 2019 6:25 am
Forum: Wireless Networking
Topic: Is possible to set up a RBaCPGi-5acD2nD dual bands with one ssid?
Replies: 4
Views: 948

Re: Is possible to set up a RBaCPGi-5acD2nD dual bands with one ssid?

Just by naming them all the same, they will essentially switch from one AP to the other. Client devices determine how/when they switch to another AP, but you can use connect lists to disassociate people at a certain signal level and force them to re-scan. Easiest way to do this would be use CAPsMAN ...
by joegoldman
Tue Mar 26, 2019 12:36 am
Forum: SwOS
Topic: Can run OSPF on CRS326-24G-2S+RM
Replies: 4
Views: 2853

Re: Can run OSPF on CRS326-24G-2S+RM

also all routing is done in CPU - CPU's are quite limited in the switches. You may not get much data routed on a switch.
by joegoldman
Sat Mar 23, 2019 10:34 am
Forum: General
Topic: help to create server radius with sql and and web php form [SOLVED]
Replies: 3
Views: 1062

Re: help to create server radius with sql and and web php form [SOLVED]

Mikrotik talks RADIUS - configuring FreeRADIUS to work with Mikrotik is a non-issue, as they work out of the box. Your question is more a FreeRADIUS question, I would suggest seeking help from the FreeRADIUS forums or other help-areas dedicated to that program, to learn how to configure your system ...
by joegoldman
Sat Mar 23, 2019 10:23 am
Forum: General
Topic: Feature Request: 6VPE (VPNv6) - ipv6 address family
Replies: 4
Views: 1939

Re: Feature Request: 6VPE (VPNv6) - ipv6 address family

Most likely you will see this implemented in ROS v7.
Normis says ROS v7 doesnt exist :P

Sorry i kid i kid.
by joegoldman
Fri Mar 22, 2019 3:41 am
Forum: RouterBOARD hardware
Topic: wAP 60Gx3 AP - anyone already tested it?
Replies: 14
Views: 6181

Re: wAP 60Gx3 AP - anyone already tested it?

I'd love to try 60ghz out in some of our busier areas mostly because 5ghz is super noisy. How wide are the channels, and how much spectrum can be accessed by these devices? i.e. since each chip can only hand 8 stations (so thats 24 clients per wAP 60Gx3) how many of these could I comfortably run on ...
by joegoldman
Thu Mar 21, 2019 11:58 pm
Forum: Beginner Basics
Topic: Is it OK for all leds to run at once like this ?
Replies: 2
Views: 743

Re: Is it OK for all leds to run at once like this ?

They are not perfectly synced - being on the same bridge means there's absolutely some traffic that will hit all ports simultaneously (e.g. broadcast) along with traffic that wont. Nothing seems amiss to me.
by joegoldman
Sun Mar 17, 2019 11:40 pm
Forum: General
Topic: Redirect All SSL Pages to one page
Replies: 4
Views: 982

Re: Redirect All SSL Pages to one page

Hotspot has HTTPS redirect in the settings - and the redirect can work, however you will always get SSL errors that the user will have to accept. You cant make it do a clean redirect.
by joegoldman
Sun Mar 17, 2019 11:35 pm
Forum: Beginner Basics
Topic: Radus server in my Mikrotik router
Replies: 6
Views: 1058

Re: Radus server in my Mikrotik router

You can use userman as a built in Radius sever, however its generally more for Hotspot usage, if your looking for 802.1x auth it might not work for that. Im not sure.
by joegoldman
Wed Mar 13, 2019 2:01 am
Forum: Beginner Basics
Topic: Simplest Route Rule Possible.
Replies: 13
Views: 1354

Re: Simplest Route Rule Possible.

There is kind of a way - if that is the ONLY thing in vlan55, then you can add VLAN 55 to a VRF and add the default route for that VRF out the ether1 cable WANIP. If you are not wanting to put the interface into VRF and single out only the traffic for that one IP, then you will need to use a mangle ...
by joegoldman
Mon Mar 11, 2019 1:05 am
Forum: General
Topic: Scaling Mikrotik
Replies: 5
Views: 1278

Re: Scaling Mikrotik

Mikrotik is horizontal scaling. Basically start with redundant pairs everywhere - once you start getting to the 50-60% resource usage, add another 1 or 2 next to it. You really dont want resources hitting up over 75% at all to be safe. I'd personally have your core very very simple, just pure routin...
by joegoldman
Mon Mar 11, 2019 12:56 am
Forum: General
Topic: local proxies breaks speed limit
Replies: 5
Views: 841

Re: local proxies breaks speed limit

Are you running a web-proxy on the mikrotik? Are your bw-limits on forwarding traffic? Once traffic is proxied through the router it becomes input/output rather than forward technically, so your queus may be set up wrong to account for that. Do an /export hide-sensitive and post it in code tags so w...
by joegoldman
Wed Mar 06, 2019 11:57 am
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 613
Views: 208884

Re: RouterOS v7.0 beta1 - when?

THE GOOD NEWS IS, that once RouterOS is brought up to date on 4.x kernel - it should be a fairly straight run to keep it updated. The Linux Kernels are not feature releases, meaning the diff between 4.20 and 5.0 is just patches, not a huge new architecture or anything. We just gotta make this one bi...
by joegoldman
Tue Mar 05, 2019 5:12 pm
Forum: Beginner Basics
Topic: I've locked myself out of the router admin interface.
Replies: 2
Views: 739

Re: I've locked myself out of the router admin interface.

If using winbox, try using neighbours and connecting via MAC protocol.

Alternatively, plug another mikrotik into it and use mac-telnet from mikrotik to mikrotik or Rommon (if enabled) which uses L2 protocols as well, so bypasses IP addressing.
by joegoldman
Sun Mar 03, 2019 11:41 pm
Forum: Forwarding Protocols
Topic: Valid router to use in a peering point
Replies: 6
Views: 2819

Re: Valid router to use in a peering point

(I've always thought MT should release a CCR1009-8G-2S+)...
There is the CCR1036 8G 2S+ if your after more, or even the 1072-8S+, or what we've done is breakout using a CRS317-1G-16S+
by joegoldman
Fri Mar 01, 2019 11:41 pm
Forum: Forwarding Protocols
Topic: Transit and IX problem
Replies: 5
Views: 2569

Re: Transit and IX problem

Best guess is you are importing routes from both, but because your cogent routers are older they are preferred (i.e. that bgp session came up first). I would set a BGP Local Pref on the IX routes only. If this is for inbound traffic only going via cogent, then make sure you are advertising your rang...
by joegoldman
Wed Feb 27, 2019 12:35 pm
Forum: General
Topic: Large route table, removing a static [SOLVED]
Replies: 8
Views: 4120

Re: Large route table, removing a static [SOLVED]

Yes this is my main complaint with Mikrotik at the core at the moment - it can import full tables in good-enough time but convergence is slow as when adding routes or removing routes - up to 5-10 minutes for me with about 1million BGP routes (With some static). I couldnt imagine running a CCR with m...
by joegoldman
Wed Feb 27, 2019 12:28 am
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 613
Views: 208884

Re: RouterOS v7.0 beta1 - when?

The development going into 6.x is development FOR 7.x as well. A lot of the roadmapped features have been put into 6.x because of the delays 7.x brings. 7.x isnt going to suddenly have a heap of new features, 7.x will likely be the latest 6.x but on new kernel, and will take a few iterations to star...
by joegoldman
Sat Feb 23, 2019 12:23 am
Forum: Beginner Basics
Topic: disable PPPoE connections go to html page
Replies: 4
Views: 1118

Re: disable PPPoE connections go to html page

Without radius etc, one way would be to change the remote address on their secret - i.e. have an 'internal' / 'suspended' pool thats not a public IP that they get, then in your mikrotik have mangle rules for any traffic from that range to be redirected to your server where the HTML page is.
by joegoldman
Fri Feb 22, 2019 3:42 am
Forum: Wireless Networking
Topic: Selection guide for PtP links Ranges?
Replies: 11
Views: 1802

Re: Selection guide for PtP links Ranges?

I answered your questions - how could I give you any more advice without knowing the link requirements and specifics - in which case we'd be at a point of billing you for my consulting time if you want me to design your whole link.
by joegoldman
Thu Feb 21, 2019 10:24 pm
Forum: Wireless Networking
Topic: Selection guide for PtP links Ranges?
Replies: 11
Views: 1802

Re: Selection guide for PtP links Ranges?

Max range would be in test conditions. Max range can be affected by weather, noise floor, line of sight, your countries EIRP etc etc. I would not want to be trying to push the max distance of items. You can mix and match, you just may end up with better signal one way then the other. Sometimes bigge...
by joegoldman
Thu Feb 21, 2019 1:25 pm
Forum: General
Topic: I Can't set 802.1p on VLAN for DHCP [probably BUG]
Replies: 9
Views: 1855

Re: I Can't set 802.1p on VLAN for DHCP [probably BUG]

send a supout and explanation of your bug to support@mikrotik.com
by joegoldman
Thu Feb 21, 2019 9:17 am
Forum: General
Topic: Easy method to update 300 MikroTik
Replies: 2
Views: 860

Re: Easy method to update 300 MikroTik

No supported way - most people build it out with API scripts and updaters - DUDE might be able to do some of it.
by joegoldman
Sat Feb 16, 2019 5:10 am
Forum: General
Topic: mikrotik wrong username or password
Replies: 5
Views: 3365

Re: mikrotik wrong username or password

Was it old RouterOS version? If so its likely been hacked. Good news is, being old version you can use the same hack to re-gain access - but once its been compromised you should take config export, make sure no bad config is in there, and do a fresh net-install.
by joegoldman
Sat Feb 16, 2019 5:08 am
Forum: Announcements
Topic: v6.44rc [testing] is released!
Replies: 67
Views: 23847

Re: v6.44rc [testing] is released!

what does /tool speed-test test to? Do we host a server? Is it same as bandwidth-test and will TCP tests be CPU limited?
by joegoldman
Thu Feb 07, 2019 5:21 am
Forum: General
Topic: Use a Routerboard to tag packets for a management VLAN
Replies: 7
Views: 1581

Re: Use a Routerboard to tag packets for a management VLAN

Laptop ---> Ether1 - Ether2 ----> Network In this scenario (Ether1/Ether2 being your bridge Mikrotik) you'd create a vlan interface on Ether2 with vlanID on 100, then create a bridge interface, and add Ether1 and Vlan100 interface, so you are being bridged straight into the VLAN tagged interface. Th...
by joegoldman
Thu Feb 07, 2019 5:16 am
Forum: RouterBOARD hardware
Topic: Why people pair UBNT APs with MikroTik routers?
Replies: 56
Views: 44058

Re: Why people pair UBNT APs with MikroTik routers?

I've done both. I've got many CAPsMAN installs with wAP AC's and cAP AC's in, without issue. I prefer Mikrotik for the flexibility and extra config options. I had a big job that I had to put Ubiquiti in for the pure fact of short time frame and stock availability (this wasnt long after the factory f...
by joegoldman
Wed Feb 06, 2019 5:37 am
Forum: Forwarding Protocols
Topic: IXP routes should be preferred
Replies: 4
Views: 2336

Re: IXP routes should be preferred

You are running multiple instances? YOu should only really be doing that for multiple host AS's

In any case, post the output of /export hide-sensitive so we can see what the issue is.
by joegoldman
Wed Feb 06, 2019 1:37 am
Forum: Forwarding Protocols
Topic: IXP routes should be preferred
Replies: 4
Views: 2336

Re: IXP routes should be preferred

Guessing you have ignore as path len enabled which means AS Path will not be considered in the best-path selection, in which case the first 'installed' route would be the best based on the other attributes. For IX routes, best practise (in my opinion) is to import them with a high local-pref, which ...
by joegoldman
Sun Feb 03, 2019 10:51 pm
Forum: RouterBOARD hardware
Topic: For real, what is with these blinding power leds?
Replies: 11
Views: 3227

Re: For real, what is with these blinding power leds?

Yes noticed this on my new 4011 i was hoping I could turn it off in the software but nup, I will be black taping it to keep it down, literally shines through multiple rooms if I leave the office door open haha.
by joegoldman
Sat Feb 02, 2019 12:04 pm
Forum: General
Topic: WINDOWS AUTHENTICATE WITH MIKROTIK USERS
Replies: 1
Views: 583

Re: WINDOWS AUTHENTICATE WITH MIKROTIK USERS

You want users to login to the Mikrotik with their Windows credentials? Or you want users to log into Windows with Mikrotik credentials? You could potentially run RADIUS in front of a windows DC server and have people log into mikrotiks with Windows Credentials, the other way around I do not believe...
by joegoldman
Fri Feb 01, 2019 3:27 pm
Forum: General
Topic: Winbox Urgent Suggestion
Replies: 15
Views: 2087

Re: Winbox Urgent Suggestion

There is absolutely nothing wrong with winbox under WINE. An expert Linux user will use all tools available to set up their environment. I use Winbox without fail on all my Linux machines.
by joegoldman
Fri Feb 01, 2019 5:49 am
Forum: Forwarding Protocols
Topic: Routing issue
Replies: 3
Views: 2013

Re: Routing issue

youve given us almost 0 helpful information.

You know the last hop it fails at, jump on that hop check the route-table.

Is it that just ICMP is firewalled / blocked from that ingress point onwards?
by joegoldman
Tue Jan 29, 2019 8:13 am
Forum: General
Topic: Don't buy Mikrotik hardware! NO SUPPORT
Replies: 15
Views: 2740

Re: Don't buy Mikrotik hardware! NO SUPPORT

Ubiquiti is also 20-80% more expensive depending on the product, and the software management is a nightmare in some use cases, and nowhere near as flexible at the least. You take the good with the bad in some cases. I use Mikrotik because of the flexibility and pricing. I also understand that my pay...
by joegoldman
Mon Jan 28, 2019 11:54 pm
Forum: General
Topic: Feature requests
Replies: 1374
Views: 343324

Re: Feature requests

I would like to receive SNMP traps when WiFi client registration occurs... for example: [WIRELESS]--Association:11G STA 80:b0:3d:xx:xx:xx associated with WLAN1 SSID = Mikrotik It's very useful for smart home automation scenarios You could replicate this with logging and a syslog (remote) logging se...
by joegoldman
Sat Jan 26, 2019 2:22 am
Forum: General
Topic: OSPF + VRRP +PPPOE
Replies: 5
Views: 1273

Re: OSPF + VRRP +PPPOE

You would use Routing Marks or VRFs to basically do source based routing. If you are using public IP space you'll also need to adjust your advertisements so one range is used by ISP 1 and the other by ISP 2
by joegoldman
Fri Jan 25, 2019 5:51 am
Forum: General
Topic: Which Router should i buy for a small web hosting company?
Replies: 6
Views: 1234

Re: Which Router should i buy for a small web hosting company?


I was looking for RB3011UiAS-RM or RB1100AHx4, What do you suggest?
RB1100AHx4 very robust and can move a lot of data - i'd go one of them.
by joegoldman
Thu Jan 24, 2019 11:13 pm
Forum: RouterBOARD hardware
Topic: InterCell
Replies: 46
Views: 13221

Re: InterCell

What LTE frequencies/bands you think the WISPs will be able to use in Australia? And what would be the demand for such LTE Base Stations? For Australia - next to impossible for LTE I think - too much regulation and too expensive. I work in a less-developed country outside of Australia where if I co...
by joegoldman
Thu Jan 24, 2019 11:05 pm
Forum: General
Topic: pasting .rsc on a blank slate router
Replies: 4
Views: 1086

Re: pasting .rsc on a blank slate router

add a delay up the top of the script, and use the reset-config menu with no-default, run-after of your RSC, thats how I do templated installs.
by joegoldman
Thu Jan 24, 2019 11:26 am
Forum: RouterBOARD hardware
Topic: InterCell
Replies: 46
Views: 13221

Re: InterCell

Such an interesting turn. LTE can be beneficial for WISP though - NBN (National Broadband Network) in Australia are using LTE for their Fixed Wireless roll-outs, however being government run and funded probably got access to frequencies within budget. A country I do a lot of work in - we have a very...
by joegoldman
Sun Jan 20, 2019 12:40 am
Forum: General
Topic: CCR Mikrotik Bandwidth Test - Urgent...-Important
Replies: 8
Views: 1925

Re: CCR Mikrotik Bandwidth Test - Urgent...-Important

It's also weekend around most of the world - give it a couple business days.
by joegoldman
Tue Jan 15, 2019 11:57 pm
Forum: General
Topic: v7 routeros
Replies: 12
Views: 4707

Re: v7 routeros

I also like stuff and things, my fellow networkers. :/
by joegoldman
Mon Jan 14, 2019 12:19 am
Forum: RouterBOARD hardware
Topic: Router that does not sound like a Jet Engine for Home 10G Internet?
Replies: 7
Views: 2539

Re: Router that does not sound like a Jet Engine for Home 10G Internet?

Get the 4 port 10gbit switch, device like 4011 to run as a router on a stick, port 1 outside, port 2 router, port 3 inside, done. Limits some of your capacity but for home internet shouldn't matter that much.
by joegoldman
Sun Jan 13, 2019 10:21 am
Forum: Forwarding Protocols
Topic: OSPF and default routes. [SOLVED]
Replies: 3
Views: 4000

Re: OSPF and default routes. [SOLVED]

If your redistributing default via OSPF, and all links are equal cost, then it should do this automatically anyways. However - a router will not install an OSPF default route if a static one exists, so you'll have to remove the static one and let the default come in - an easy way to test this if you...
by joegoldman
Fri Dec 28, 2018 11:05 pm
Forum: General
Topic: CRS305-1G-4S+ port statistics
Replies: 1
Views: 722

Re: CRS305-1G-4S+ port statistics

Its a very small visual bug - worth chucking the info to support@mikrotik.com but doesn't warrant a huge amount of discussion.
by joegoldman
Fri Dec 28, 2018 11:01 pm
Forum: Scripting
Topic: Script only works in terminal, not by GUI or scheduler
Replies: 4
Views: 1295

Re: Script only works in terminal, not by GUI or scheduler

Thanks for following up with solution - thats actually a very peculiar behaviour which would be easy to overlook.
by joegoldman
Fri Dec 28, 2018 11:00 pm
Forum: General
Topic: OSPF
Replies: 3
Views: 862

Re: OSPF

So you want to receive the route from the remote network? They will have to advertise it to you, i.e. their OSPF config has to be set to allow the route you are wanting to come to you. Unless you are filtering it out yourself. Post your config (/export hide-sensitive) grab OSPF config of remote peer...
by joegoldman
Fri Dec 28, 2018 5:05 am
Forum: General
Topic: Add 160.000 statics dns entries
Replies: 7
Views: 1300

Re: Add 160.000 statics dns entries

If people are going to the effort to really get around your controlled DNS environment, then they deserve to have whatever you are trying to use - break. i.e. in PiHole it is more for user protection - a user who can circumvent would know the risks of doing so and protect themselves. It only really ...
by joegoldman
Wed Dec 26, 2018 11:58 pm
Forum: RouterBOARD hardware
Topic: 2*10gb ports for a CCR ?
Replies: 10
Views: 3629

Re: 2*10gb ports for a CCR ?

Switch: Port 1 = WAN - PVID 100 (so access port on vlan 100) Port 2 = LAN - PVID 200 (access port on vlan 200) Port 3 or 4 = Router, Trunk port with tagged 100 and 200 VLAN Making sure bridge vlan filter is on to ensure adherence to the tags and PVID. On Router you have 1 physical interface, you cre...
by joegoldman
Wed Dec 26, 2018 11:12 am
Forum: RouterBOARD hardware
Topic: 2*10gb ports for a CCR ?
Replies: 10
Views: 3629

Re: 2*10gb ports for a CCR ?

You could use a cheap switch like Mikrotik's little 4 port SFP+ switch for WAN, LAN, Router

So WAN comes into switch, switch goes into router, router back to switch for output via LAN port.

Or you could upgrade to the likes of CCR1036-8G-2S+ but thats quite a bit expensive.
by joegoldman
Wed Dec 19, 2018 3:49 am
Forum: General
Topic: Feature Request: SAFE MODE time based
Replies: 22
Views: 4950

Re: Feature Request: SAFE MODE time based

If you lose connection, how do you expect safe mode to remain activated? Although I agree with you and plan my changes with a 'dual-stack' mentality to bring things into line - I do get the point the others are trying to make. Sometimes the changes you need to make affect your connectivity to the d...
by joegoldman
Wed Dec 19, 2018 3:45 am
Forum: General
Topic: Is it possible to change boardname?
Replies: 1
Views: 554

Re: Is it possible to change boardname?

To what purpose?

Short answer is no - the major distributors / integrators may have some option to do this but not general public.
by joegoldman
Tue Dec 11, 2018 2:07 am
Forum: Forwarding Protocols
Topic: no enforce-first-as in RouterOS?
Replies: 10
Views: 4204

Re: no enforce-first-as in RouterOS?

Its default. There's no specific option for it. I do run Client to Client reflection ticked on my instances not sure if that makes a difference, but I use Mikrotik to peer with IX route servers and they deliver routes without their own AS in the path, which my router happily accepts.
by joegoldman
Tue Dec 11, 2018 1:59 am
Forum: RouterBOARD hardware
Topic: hardware idea for a multiport switch
Replies: 79
Views: 38144

Re: hardware idea for a multiport switch

It would definitely need built in cable management arm at the rear that helps slide and guide the cable bundle in and out. Even then I see the high density and effort as a very niche product personally.
by joegoldman
Mon Dec 10, 2018 4:20 am
Forum: Forwarding Protocols
Topic: Is it possible to host 2 web servers within the same public IP address
Replies: 8
Views: 3073

Re: Is it possible to host 2 web servers within the same public IP address

No, this requires deep packet inspection (so MIGHT be able to work sometihng with layer7 filters) as you are now reading the host head in the HTTP packet to know which server to send it to. Your best bet is a low-resource server 3 - a proxy server, it takes in ALL 80/443 requests and proxies based o...
by joegoldman
Tue Dec 04, 2018 10:44 am
Forum: The User Manager
Topic: Strange PPPOE limitation problem
Replies: 7
Views: 4620

Re: Strange PPPOE limitation problem

Do an /export hide-sensitive so we see your full configuration. Running userman you'd think it would be OK. Perhaps turn on some RAW RADIUS logging and capture packets of it happening, see if it is the PPP server ignoring the limitation and setting its own, or if its userman responding with the wron...
by joegoldman
Sat Nov 24, 2018 6:50 am
Forum: RouterBOARD hardware
Topic: RB3011 Power inputs?? [SOLVED]
Replies: 1
Views: 977

Re: RB3011 Power inputs?? [SOLVED]

Yes both can be used, and they will also work as active failover if one of the feeds fails. I do the same with old RB1100AHx2's (As they only had single AC) and 3011's in production
by joegoldman
Sun Nov 11, 2018 11:59 pm
Forum: Beginner Basics
Topic: 3011 update
Replies: 10
Views: 1912

Re: 3011 update

To answer your question, 3011 is an ARM based device so the mipsbe file would not be helpful.

When logging in (via winbox at least) it will tell you the architecture in the title of the window in brackets (arm), (mipsbe), (tile) etc.
by joegoldman
Sun Nov 04, 2018 3:30 pm
Forum: Forwarding Protocols
Topic: VRF Help - Route Leaking from MAIN
Replies: 0
Views: 946

VRF Help - Route Leaking from MAIN

Hi *, Basically I'd like to import all routes (except 0.0.0.0/0) into a VRF. Reason for this - I am doing source based routing to push certain IP's out a 2nd WAN connection, however I'd like it to only use this VRF (which contains a default route) when the resources aren't 'local'. This router impor...
by joegoldman
Wed Oct 31, 2018 9:50 am
Forum: General
Topic: Old kernel. Why?
Replies: 5
Views: 1541

Re: Old kernel. Why?

Plenty. ROSv7's main hold up is developing to new kernel. Major kernel's have major changes, especially from what ROS is currently based on to new, the whole networking stack has been re-worked (I believe), so requires a lot of re-development, re-testing etc to get it to feature parity (plus improve...