Community discussions

Search found 284 matches

by gustavomam
Thu Apr 05, 2018 1:17 pm
Forum: Scripting
Topic: How to clear ip firewall counters in script?
Replies: 3
Views: 795

Re: How to clear ip firewall counters in script?

Hi.

Try to use script only with one line
/ip firewall filter reset-counters numbers=5

It could be a problem with the previous lines in script.
by gustavomam
Tue Mar 13, 2018 5:34 pm
Forum: Wireless Networking
Topic: CAPsMAN how to keep .npk updated ? (Cap Manager auto-update)
Replies: 4
Views: 3376

Re: CAPsMAN how to keep .npk updated ?

Hi I don't understand your request. If you want to use upgrade policy require same version, is because you will put in manager files the latest version of RouterOS /caps-man manager set enabled=yes package-path=/upgrade/routeros-mipsbe-6.41.3.npk Important create a folder where you will upload the f...
by gustavomam
Tue Mar 13, 2018 5:25 pm
Forum: General
Topic: Feature request: 802.1x over ethernet
Replies: 5
Views: 1668

Re: Feature request: 802.1x over ethernet

+1 will be useful
by gustavomam
Tue Mar 13, 2018 5:19 pm
Forum: Beginner Basics
Topic: Hotspot setup in the Office
Replies: 1
Views: 461

Re: Hotspot setup in the Office

Hi,

Packets will go between server to clients and clients to server, RB wouldn't block communication because is local communication inside LAN (through the switch)

Client PC -> Switch -> Server PC
by gustavomam
Sat Sep 23, 2017 1:09 pm
Forum: Scripting
Topic: a script for monitoring packet loss for ping 10 times
Replies: 4
Views: 2619

Re: a script for monitoring packet loss for ping 10 times

You can use netwatch too.
But @iwankaro1 is asking for 90% lost. Netwatch is binary ping (works or not wokrs) you can't fine setup % of lost.
by gustavomam
Sat Sep 23, 2017 1:08 pm
Forum: Scripting
Topic: a script for monitoring packet loss for ping 10 times
Replies: 4
Views: 2619

Re: a script for monitoring packet loss for ping 10 times

You can use netwatch too.
But @iwankaro1 is asking for 90% lost. Netwatch is binary ping (works or not wokrs) you can't fine setup % of lost.
by gustavomam
Sat Sep 23, 2017 1:05 pm
Forum: Wireless Networking
Topic: Capsman low speed
Replies: 4
Views: 1449

Re: Capsman low speed

You should look each device wireless properties like:
Sensitive
Chains Quantity
Tx power
Band Support (2Ghz and 5 Ghz)
802.11 standard support (a,b,g,n, ac)
by gustavomam
Wed Sep 20, 2017 10:13 pm
Forum: Scripting
Topic: a script for monitoring packet loss for ping 10 times
Replies: 4
Views: 2619

Re: a script for monitoring packet loss for ping 10 times

Hi.

Try this script.
:local ipPing ("8.8.8.8")
:local pingip
:set pingip [/ping $ipPing count=10]
:if ($pingip = 1) do={
	:log info ("90% lost")
    /interface ethernet disable ether1
} else={
    /interface ethernet enable ether1
}
by gustavomam
Wed Sep 20, 2017 10:06 pm
Forum: Wireless Networking
Topic: Capsman low speed
Replies: 4
Views: 1449

Re: Capsman low speed

Hi. I guess this it not a problem with capsman. First you have to look in capsman registration table Tx/Rx rate. For example if you reach 150 Mbps data rate, then you will have aprox. 75 Mbps effective if there is only one device in this cap. The reason you won't be able to reach all the capacity of...
by gustavomam
Thu Aug 17, 2017 9:47 am
Forum: General
Topic: set primary ip for interface
Replies: 6
Views: 1152

Re: set primary ip for interface

I think it would be match with the specific mask like routing table because it is the more probability best option , /30 will be prefer than /27. As far as i know it is not possible to set primary or secondary IP in a interface, in fact have more than an IP address in a interface is not the best pra...
by gustavomam
Mon Jun 26, 2017 6:52 pm
Forum: Scripting
Topic: Failover
Replies: 6
Views: 1096

Re: Failover

You can simplify using netwatch instead scripting /tool netwatch add down-script="/ip route disable [find comment=wan1]" host=8.8.8.8 up-script="/ip route enable [find comment=wan1]" Here the router will be pinging 8.8.8.8 and when it fail will shutdown the route with comment=wan1 Play a little bit ...
by gustavomam
Mon Jun 26, 2017 6:45 pm
Forum: Beginner Basics
Topic: Whitelisted generic
Replies: 1
Views: 258

Re: Whitelisted generic

You will need a DDOS prevent firewall

New firewall raw in MikroTIk was though for this.

Check this topic in MUM will hepl you
https://mum.mikrotik.com/presentations/ ... 372820.pdf
by gustavomam
Mon Jun 26, 2017 5:32 pm
Forum: Beginner Basics
Topic: Second ISP Mikrotik and Winbox problem
Replies: 3
Views: 520

Re: Second ISP Mikrotik and Winbox problem

Ok.

Can you give more information about your firewall?

/ip firewall filter export
/ip firewall nat export
/ip firewall mangle export
by gustavomam
Fri Jun 23, 2017 5:02 pm
Forum: Beginner Basics
Topic: ping comes by WAN1, but reply goes to WAN2
Replies: 2
Views: 366

Re: ping comes by WAN1, but reply goes to WAN2

Hello mgo You should check output and input mark in mangle in order to track your connections properly and route in the correct wan. add chain=prerouting in-interface=ISP1 connection-mark=no-mark action=mark-connection new-connection-mark=ISP1_conn add chain=prerouting in-interface=ISP2 connection-m...
by gustavomam
Fri Jun 23, 2017 12:00 pm
Forum: General
Topic: Reason for autosupout
Replies: 8
Views: 1235

Re: Reason for autosupout

I think this error (hardware/software) will not be available in MikroTik log, i'm sure inside deep linux kernel we can check this log.
The same reason that we couldn't install new drivers in mikrotik, we have limited access to linux that support routerOS funcionality
by gustavomam
Fri Jun 23, 2017 11:47 am
Forum: General
Topic: Reason for autosupout
Replies: 8
Views: 1235

Re: Reason for autosupout

Hi

It looks like is automatic autosupout
Ckeck this topic.

viewtopic.php?t=24739
by gustavomam
Fri Jun 23, 2017 11:45 am
Forum: Beginner Basics
Topic: Second ISP Mikrotik and Winbox problem
Replies: 3
Views: 520

Re: Second ISP Mikrotik and Winbox problem

If you have already check all you said.

Maybe you are trying to enter in your mikrotik's ISP , it happens to me a lot in the past. Did you check your mikrotik logs? if there is not log my theory is true.
by gustavomam
Fri Jun 23, 2017 9:18 am
Forum: Wireless Networking
Topic: Wirelles can over 25mb of Download
Replies: 18
Views: 3677

Re: Wirelles can over 25mb of Download

It is not a problem It is wireless functionality, depends of many factors: Data rates negotiated How many wireless devices are connected SNR Bandwith channel Re transmissions Noise Device sensitive 802.11 standard (a,b,g,n,ac) Upload and download Etc. Even if you have a good data rate, let's said 14...
by gustavomam
Thu Jun 22, 2017 5:05 pm
Forum: General
Topic: Manage Clients to where they connecting
Replies: 4
Views: 813

Re: Manage Clients to where they connecting

Did you see the link i had sent you?.

I am really new in this topic too, but what i know it could works.
by gustavomam
Thu Jun 22, 2017 5:03 pm
Forum: Beginner Basics
Topic: Routing troubles
Replies: 6
Views: 544

Re: Routing troubles

You need this route in MikroTik Router

ip route add dst-address=192.168.10.0/24 gateway=(IP VPN on Dlink router)

and in the D-link router (in the brand syntax)

ip route add dst-address=192.168.120.0/24 gateway=(IP VPN on MikroTIk Router)
by gustavomam
Wed Jun 21, 2017 8:25 pm
Forum: Beginner Basics
Topic: Routing troubles
Replies: 6
Views: 544

Re: Routing troubles

Maybe you need to add routes between routers.

Please post a simple diagram of your two routers, networks and IPs
by gustavomam
Wed Jun 21, 2017 1:32 pm
Forum: Beginner Basics
Topic: Routing troubles
Replies: 6
Views: 544

Re: Routing troubles

If both networks have their default route pointing mikrotik router, they should see each other.

Why did you add local bridge to pptp profile?

Adding this means you have site to site VPN and you want to link routers using BCP (Bridge Control Protocol), i guess it is not your propose.
by gustavomam
Wed Jun 21, 2017 12:35 am
Forum: General
Topic: ( Solved )PCC Load Banance Router and VPN have no internet
Replies: 14
Views: 1459

Re: PCC Load Banance Router and VPN have no internet

There is a trick to ping host in local network from vpn users in the same network.

Put your lan interface in this mode arp=proxy-arp
by gustavomam
Tue Jun 20, 2017 5:30 pm
Forum: General
Topic: ( Solved )PCC Load Banance Router and VPN have no internet
Replies: 14
Views: 1459

Re: PCC Load Banance Router and VPN have no internet

Check step by step.

Can you reach other network? ping 8.8.8.8
Can you resolve dns? ping google.com
by gustavomam
Tue Jun 20, 2017 5:23 pm
Forum: General
Topic: ( Solved )PCC Load Banance Router and VPN have no internet
Replies: 14
Views: 1459

Re: PCC Load Banance Router and VPN have no internet

You are right, thanks for correct me.

It is not necessary mark-connection, my post have two action in the same rule so it couldn't work as well.

I put here the correct rule
add chain=prerouting src-address=192.168.3.101-192.168.3.150 action=accept
by gustavomam
Tue Jun 20, 2017 1:02 am
Forum: General
Topic: ( Solved )PCC Load Banance Router and VPN have no internet
Replies: 14
Views: 1459

Re: PCC Load Banance Router and VPN have no internet

I think your L2TP VPN is load balance and thats why you couldn't have internet connection as well Try to add this line and the top of your firewall mangle add action=mark-connection chain=prerouting src-address=192.168.3.101-192.168.3.150 action=accept Where 192.168.3.101-192.168.3.150 is L2TP_Pool ...
by gustavomam
Mon Jun 19, 2017 5:05 pm
Forum: General
Topic: ( Solved )PCC Load Banance Router and VPN have no internet
Replies: 14
Views: 1459

Re: PCC Load Banance Router and VPN have no internet

Hello.

Please give more information about your configuration

/ip route print

/ip route export

/ip firewall mangle

/ip firewall filter

or you can give us this full config

/export
by gustavomam
Mon Jun 19, 2017 4:59 pm
Forum: Forwarding Protocols
Topic: OSPF backup route send email
Replies: 9
Views: 905

Re: OSPF backup route send email

Hi.

Maybe you can complete your routine with a more conditions like this:
:foreach i in=[find gateway=$gateway1 && active && dst-address=0.0.0.0/0] do={
by gustavomam
Sat Jun 17, 2017 2:30 pm
Forum: General
Topic: Why turn off Neighbor Discovery (ND)?
Replies: 4
Views: 5469

Re: Why turn off Neighbor Discovery (ND)?

Hi. Is a best practice in IPv4 too. It is the way to avoid sending network discovery packets to interfaces. A premise for security is meanwhile people now you less is better for your security. Through ND packets you send information like routerOS version, software ID, plataform, interface name, upti...
by gustavomam
Fri Jun 16, 2017 9:11 pm
Forum: Forwarding Protocols
Topic: OSPF backup route send email
Replies: 9
Views: 905

Re: OSPF backup route send email

Yes I have tried it early morning

Did it work for you?
by gustavomam
Fri Jun 16, 2017 7:08 pm
Forum: Wireless Networking
Topic: hAP AC RC throughput improvements?
Replies: 1
Views: 365

Re: hAP AC RC throughput improvements?

HI.

Maybe this results is the new routerOS drivers updates.

Check this articule, where i talk about it
viewtopic.php?f=7&t=121883&hilit=MUM
by gustavomam
Fri Jun 16, 2017 6:58 pm
Forum: General
Topic: Shared Folders
Replies: 15
Views: 2113

Re: Shared Folders

Did you check windows firewall in both sides?

Revisaste que el firewall de windows estuviera desactivado en ambos extremos?
by gustavomam
Fri Jun 16, 2017 10:13 am
Forum: Beginner Basics
Topic: CRS326 - Newbee
Replies: 3
Views: 542

Re: CRS326 - Newbee

Thanks for your help Normis.

I am newbee in SwOS too, everyday we learn stuffs in forum.
by gustavomam
Fri Jun 16, 2017 10:00 am
Forum: Beginner Basics
Topic: CRS326 - Newbee
Replies: 3
Views: 542

Re: CRS326 - Newbee

Hi,

System Routerboard
Settings
Option boot OS

Here you can change RouterOs or SwOS booting
by gustavomam
Fri Jun 16, 2017 9:39 am
Forum: Forwarding Protocols
Topic: OSPF backup route send email
Replies: 9
Views: 905

Re: OSPF backup route send email

Ok Arky you can use this: :global gateway1 ("10.20.180.120") /ip route { :foreach i in=[find gateway=$gateway1] do={ :if ([/ip route get $i active]) do={ /tool e-mail send to="peter@gmail.com" subject="ALERT Gateway1 is enable" :log info ("ALERT Gateway1 is enable") ; } else={ /tool e-mail send to="...
by gustavomam
Thu Jun 15, 2017 6:52 pm
Forum: General
Topic: Shared Folders
Replies: 15
Views: 2113

Re: Shared Folders

It has to be in filter rules and chain forward.

Debe ser en el filter rules y la cadena forward.
by gustavomam
Thu Jun 15, 2017 6:33 pm
Forum: Wireless Networking
Topic: Local forwarding vs. CAPsMAN forwarding
Replies: 6
Views: 3830

Re: Local forwarding vs. CAPsMAN forwarding

I have edited my post because it was mistake. am i right now?
by gustavomam
Thu Jun 15, 2017 5:38 pm
Forum: Wireless Networking
Topic: Local forwarding vs. CAPsMAN forwarding
Replies: 6
Views: 3830

Re: Local forwarding vs. CAPsMAN forwarding

Hi. It is really simple. There are two planes in wifi: data plane and control plane. By default local forwarding is disable: it means control (capsman) and data ( data from user to internet) are going to capsman manager If you enable local forwarding: your control will be manage in capsman router an...
by gustavomam
Wed Jun 14, 2017 2:40 pm
Forum: Virtualization
Topic: CHR for wireless bridge
Replies: 7
Views: 1440

Re: CHR for wireless bridge

Hi.

As far as I know you can't install wireless adapter in virtual RouterOs machines.

Could anyone have success with this?
by gustavomam
Wed Jun 14, 2017 1:01 pm
Forum: General
Topic: Router on a stick doesn't work.
Replies: 1
Views: 637

Re: Router on a stick doesn't work.

Hi.

Hi with virtual machines you must use service tag and to put the interface (VMWARE interface) in promiscuous mode accepting all vlans from 1-4095

You can check this old post too.

viewtopic.php?f=13&t=106193&hilit=virtual+machines
by gustavomam
Wed Jun 14, 2017 11:12 am
Forum: Wireless Networking
Topic: About CAPsMan channel selection.. Again!!!!
Replies: 7
Views: 4129

Re: About CAPsMan channel selection.. Again!!!!

Good!!.Thanks Uldis

I have upgrade and tested it now. Works fine!

Image

Will be useful too have the same feature selecting multiple Channel above
by gustavomam
Wed Jun 14, 2017 10:44 am
Forum: Scripting
Topic: Add adresses with loop script
Replies: 4
Views: 992

Re: Add adresses with loop script

Hi.

I have test your script whit 3 interfaces and works
:for e from 101 to 103 do={
/ip address add address=("10.150." .$e .".1/24") \ 
interface=($e)
}
I tested vlan and bridge interface.

What RouterOs version do you have?, is it the latest?
by gustavomam
Wed Jun 14, 2017 9:46 am
Forum: Scripting
Topic: Add adresses with loop script
Replies: 4
Views: 992

Re: Add adresses with loop script

Your script works.

Do you have the correct name of your interfaces?.

I mean interface name 101,102,103...150 ?
by gustavomam
Wed Jun 14, 2017 9:40 am
Forum: General
Topic: Failover not working
Replies: 1
Views: 345

Re: Failover not working

Hi.

First of all. Upgrade your RouterOs . The latest available now is 6.39.2.

It looks that your second gateway 93.64.36.241 in not reachable, do you have check gateway by ping enable?
Please send your export for this command
/ip route print detail
by gustavomam
Wed Jun 14, 2017 9:31 am
Forum: Wireless Networking
Topic: About CAPsMan channel selection.. Again!!!!
Replies: 7
Views: 4129

Re: About CAPsMan channel selection.. Again!!!!

Hi You are right, there is not direct response from MikroTik about this topic. In fact, Capsman was not think to achieve auto channel selection when you turn on yours AP. The only response meanwhile is that we have to choose it manually for each AP , using the old frequency channel planning and tuni...
by gustavomam
Tue Jun 13, 2017 9:58 am
Forum: General
Topic: Manage Clients to where they connecting
Replies: 4
Views: 813

Re: Manage Clients to where they connecting

Hi. Did you hear about DNS load balancing? Maybe the solution is to have your 4 routers in the same DNS name and implement load balancing, so by round robin algorithm it will choose a different IP of your routers. Check this link https://www.digitalocean.com/community/tutorials/how-to-configure-dns-...
by gustavomam
Mon Jun 12, 2017 6:46 pm
Forum: General
Topic: What router to get for the following setup
Replies: 3
Views: 357

Re: What router to get for the following setup

This RouterBoard rocks!

If you have extra money and you can afford it, buy it!

I was telling you the minimum router to achieve this traffic. As you know if you can buy a better router of course you are covered to scale your network.
by gustavomam
Mon Jun 12, 2017 6:35 pm
Forum: Wireless Networking
Topic: PTP Problem !!!
Replies: 1
Views: 405

Re: PTP Problem !!!

CCQ values doesn't have correct values when the radio is using NV2.

Remember that NV2 is a proprietary protocol based in TDMA so it is not the same way to calculate average of values Tmin/Treal of CCQ
by gustavomam
Mon Jun 12, 2017 6:30 pm
Forum: General
Topic: VRRP on VLAN
Replies: 11
Views: 2188

Re: VRRP on VLAN

Hi.

I think you have the answer in a old post.

Check this out
viewtopic.php?t=56698
by gustavomam
Mon Jun 12, 2017 6:25 pm
Forum: Wireless Networking
Topic: Problem with CAPsMAN and hotspot
Replies: 1
Views: 431

Re: Problem with CAPsMAN and hotspot

Did you try to force radio provision in capsman radio tab?
by gustavomam
Mon Jun 12, 2017 6:23 pm
Forum: Forwarding Protocols
Topic: OSPF backup route send email
Replies: 9
Views: 905

Re: OSPF backup route send email

Hi, Test this Set in e-mail settings /tool e-mail set address=smtp.gmail.com from=<mail@gmail.com> password=abc123 port=587 start-tls=yes user=mail@gmail.com Create script :global status10 [interface ethernet get ether10 running] :global status9 [interface ethernet get ether9 running] :if ($status10...
by gustavomam
Mon Jun 12, 2017 6:09 pm
Forum: General
Topic: What router to get for the following setup
Replies: 3
Views: 357

Re: What router to get for the following setup

Hi.

You need at least one L5 router
https://routerboard.com/RB3011UiAS-RM


If you want to be over-dimension use this L6 routers and think in the future

https://routerboard.com/RB1100Dx4
https://routerboard.com/CCR1009-7G-1C-PC
by gustavomam
Mon Jun 12, 2017 9:09 am
Forum: Scripting
Topic: external ip from another interface
Replies: 4
Views: 1154

Re: external ip from another interface

Hi.

There is a trick, you can have a script with this structure

Turn On default Route 1
Test external IP --> save as ipwan1
Turn On default Route 2, Turn off default Route 1
Test external IP --> save as ipwan2

Something like that will work!
by gustavomam
Sat Jun 10, 2017 4:46 pm
Forum: Scripting
Topic: external ip from another interface
Replies: 4
Views: 1154

Re: external ip from another interface

Hi Script really works, but exactly what you have don't work for me I use this and works fine. I preferred global variable in order to see if the script fills in environment script section the correct value. /tool fetch url="http://myip.dnsomatic.com/" mode=http dst-path=ip.txt :global ip [file get ...
by gustavomam
Sat Jun 10, 2017 4:27 pm
Forum: RouterBOARD hardware
Topic: Ethernet cable fault?
Replies: 3
Views: 416

Re: Ethernet cable fault?

Looks like you have open circuit in 3 pairs.
Check the cable with a lan tester to confirm that.
by gustavomam
Sat Jun 10, 2017 4:23 pm
Forum: Beginner Basics
Topic: Hi Forum
Replies: 2
Views: 297

Re: Hi Forum

It looks like you want to make load balancer. In MikroTik there are at least 3 ways to implement it PCC,NTH and ECMP. It depends what you need. I recommend you to check out this videos: https://www.youtube.com/watch?v=AqXkBkEaS5I from my Partner Alejandro Teixeira Or this other from another trainer ...
by gustavomam
Sat Jun 10, 2017 10:06 am
Forum: Wireless Networking
Topic: Why do AP/Client Tx limits in wireless access list not work properly?
Replies: 1
Views: 689

Re: Why do AP/Client Tx limits in wireless access list not work properly?

Client-tx-limit in access-list is a proprietary extension that is supported by RouterOS clients. It means you need routerOS/Routerboard WIFI clients.
by gustavomam
Sat Jun 10, 2017 9:59 am
Forum: General
Topic: IP SLA in Mikrotik
Replies: 2
Views: 2575

Re: IP SLA in Mikrotik

As far as i know there are not a module to have this in mikrotik.

You have values in snmp traps that you could use to feed another monitoring software. I have test PandoraFMS and it is really good, it have a SLA module to make reports.
by gustavomam
Sat Jun 10, 2017 9:56 am
Forum: General
Topic: captive portal/2nd SSID
Replies: 1
Views: 374

Re: captive portal/2nd SSID

Hi.

You can achieve this using slave interface to master provisioned physical wlan interface.

Check this out to have virtual AP (2nd SSID)
https://mum.mikrotik.com/presentations/TR14/mani.pdf

It really wokrs!
by gustavomam
Wed Jun 07, 2017 8:24 pm
Forum: Wireless Networking
Topic: Drone plane Wireless network
Replies: 3
Views: 537

Re: Drone plane Wireless network

It is a really interesting project @senour.

The correct way is to calculate with the topography map with a program like radiomobile in order to plan very well the deployment.

Also to check band channel plan, power, and rx sensitive in drons.
by gustavomam
Wed Jun 07, 2017 10:01 am
Forum: General
Topic: 192.168.60.0/32 - what this strange route mean?
Replies: 8
Views: 1276

Re: 192.168.60.0/32 - what this strange route mean?

You set it two IP address one with /24 another with /32 and these have the same network 192.168.60.254/32 192.168.60.0 route 192.168.60.0/32 192.168.60.254 192.168.60.254/24 192.168.60.0 route 192.168.60.0/24 192.168.60.254 If you have not set the network the router will complete as router think is ...
by gustavomam
Wed Jun 07, 2017 9:47 am
Forum: Wireless Networking
Topic: Redirect to Web Site
Replies: 8
Views: 8059

Re: Redirect to Web Site

But have you ever try hotspot?.
It's really simple, there are thousands of videos on youtube and the wiki documentation
https://wiki.mikrotik.com/wiki/Hotspot_server_setup
by gustavomam
Wed Jun 07, 2017 9:41 am
Forum: Wireless Networking
Topic: Wireless Handover between two WLANs
Replies: 3
Views: 809

Re: Wireless Handover between two WLANs

If you don't want to lower your wlan2ghz radio you may choose the devices in the access-list like this:
add action=accept comment="Phone XXX" disabled=no interface=wlan_5G mac-address=54:00:22:3A:00:35
add action=reject comment="Phone XXX" disabled=no interface=wlan_2G mac-address=54:00:22:3A:00:35
by gustavomam
Tue Jun 06, 2017 2:39 pm
Forum: Wireless Networking
Topic: CAPsMANv2, 5Ghz, no supported band
Replies: 6
Views: 3325

Re: CAPsMANv2, 5Ghz, no supported band

I agree with BartoszP.

Check your country available channels here
https://en.wikipedia.org/wiki/List_of_WLAN_channels

And check your routerboard country channel.
by gustavomam
Tue Jun 06, 2017 2:35 pm
Forum: General
Topic: packet multiplication
Replies: 3
Views: 478

Re: packet multiplication

That's right. WDS have some advantages, but these are the disadvantages.
You can tuning your deployment with mesh portal using HWMP+ as layer 2 selecting path.
by gustavomam
Tue Jun 06, 2017 9:34 am
Forum: General
Topic: packet multiplication
Replies: 3
Views: 478

Re: packet multiplication

Remember in this case,you are using WDS so you will be increasing frames from Broadcast, control , collisions, etc. If normally in wireless communications you have a lot, imagine WDS with 15 devices.
by gustavomam
Tue Jun 06, 2017 9:24 am
Forum: Wireless Networking
Topic: Redirect to Web Site
Replies: 8
Views: 8059

Re: Redirect to Web Site

In this case, if you want to redirect to a site and then another site that the user want the answer is hotspot
by gustavomam
Mon Jun 05, 2017 5:46 pm
Forum: RouterBOARD hardware
Topic: Upgrade for CRS125 ?
Replies: 2
Views: 372

Re: Upgrade for CRS125 ?

Yes. The have already announced in Milan MUM. MikroTik will have POE Switch up to 24 ports Check it out here, from page 38 https://mum.mikrotik.com/presentations/EU17/2017-eu.pdf Acording to Normis" The release dates for all devices are Q2/Q3 2017, approximately" https://forum.mikrotik.com/viewtopic...
by gustavomam
Mon Jun 05, 2017 5:37 pm
Forum: Wireless Networking
Topic: CAPsMANv2, 5Ghz, no supported band
Replies: 6
Views: 3325

Re: CAPsMANv2, 5Ghz, no supported band

Hi. I think you have a configuration mismatch 5785 allow 20 Mhz channel from 5775-5795 so it couldn't support extension channel eCee for 80 Mhz cause it will be out of band. Select disable in extension channel add band=5ghz-a/n/ac extension-channel=disabled frequency=5785 name=channel-5Ghz width=20
by gustavomam
Mon Jun 05, 2017 5:26 pm
Forum: Scripting
Topic: Trouble with PoE state in 6.39.1
Replies: 3
Views: 447

Re: Trouble with PoE state in 6.39.1

Maybe it is a bug

I have tried in 6.38.1 and 6.39.1 and it doesn't work in 6.39.1 it looks like value poe-out-status has nothing and it really has value
by gustavomam
Mon Jun 05, 2017 5:03 pm
Forum: Wireless Networking
Topic: Redirect to Web Site
Replies: 8
Views: 8059

Re: Redirect to Web Site

If your wlan1 interface belongs to a bridge you have to apply the rule in the bridge, cause have the layer 3 functionality
by gustavomam
Mon Jun 05, 2017 2:47 pm
Forum: Beginner Basics
Topic: Block internet access on specific physical port
Replies: 16
Views: 4376

Re: Block internet access on specific physical port

Hmm but that will only block http/https access right? So all other ports would be open to the internet? Basically you would not be able to surf using a browser but things like SMTP/FTP/Torrents and other things not requiring port 80/443 would still work? If you want to block other programs, and not...
by gustavomam
Mon Jun 05, 2017 12:59 pm
Forum: General
Topic: Mikrotik Speed
Replies: 6
Views: 644

Re: Mikrotik Speed

Your welcome!.

I'm glad you improve your speed results!

735.17 Mbit/s is a good performance.

Just for the records, which MikroTik routers do you have?
by gustavomam
Mon Jun 05, 2017 11:56 am
Forum: Beginner Basics
Topic: Block internet access on specific physical port
Replies: 16
Views: 4376

Re: Block internet access on specific physical port

You can try this
/ip firewall filter add action=drop chain=forward dst-port=80,443 in-interface=ether4 protocol=tcp
by gustavomam
Mon Jun 05, 2017 11:51 am
Forum: Wireless Networking
Topic: Redirect to Web Site
Replies: 8
Views: 8059

Re: Redirect to Web Site

Hi. You can redirect your traffic to web-proxy. First active it /ip proxy set enabled=yes Then create a rule to send all traffic to proxy /ip firewall nat add in-interface=wlan1 dst-port=80 protocol=tcp action=redirect to-ports=8080 chain=dstnat Create a access rule to allow traffic to your site, an...
by gustavomam
Mon Jun 05, 2017 11:27 am
Forum: General
Topic: Mikrotik Speed
Replies: 6
Views: 644

Re: Mikrotik Speed

You can active Fasttrack in order to improve this performance.

Check this out
https://wiki.mikrotik.com/index.php?tit ... edirect=no
by gustavomam
Mon Jun 05, 2017 10:02 am
Forum: General
Topic: Shared Folders
Replies: 15
Views: 2113

Re: Shared Folders

Hi.

You can add adress-list with the exceptions and put a rule below all the other rules

Puedes agregar un address-list con las excecpiones y colocar una regla por encima de todas las reglas
by gustavomam
Sat Jun 03, 2017 1:34 pm
Forum: Beginner Basics
Topic: Learning all the features
Replies: 4
Views: 572

Re: Learning all the features

Hi. All the routerboard have the almost the same RouterOS features. The only different is License limitation You can see here https://wiki.mikrotik.com/wiki/Manual:License hAP lite is L4 License. Some important features you can use in this Capsman controller Wifi interface in 2.4Ghz You can energy i...
by gustavomam
Fri Jun 02, 2017 8:23 pm
Forum: Beginner Basics
Topic: DHCP on slave interface
Replies: 5
Views: 4945

Re: DHCP on slave interface

It is not possible in newer versions because is a bugfix There is no reason to have a DHCP server in a interface that is bridged with another, layer 3 have to be set it in Bridge interface only , because all the interface bridged are joined or "slave" what happen in the bridge. I know sometimes we n...
by gustavomam
Fri Jun 02, 2017 8:13 pm
Forum: General
Topic: Create PPTP connection for different IP range to main LAN
Replies: 3
Views: 387

Re: Create PPTP connection for different IP range to main LAN

Your welcome!

Making a better community in this forum we will be "routing the world" with MikroTik jejeje

The best way to learn more things in MikroTik is helping another colleagues :D
by gustavomam
Fri Jun 02, 2017 10:07 am
Forum: General
Topic: Create PPTP connection for different IP range to main LAN
Replies: 3
Views: 387

Re: Create PPTP connection for different IP range to main LAN

Hi, What you want to do is Access to UBNT default network from your PPTP client besides internet. There is a “trick” that maybe help you. When you have the same subnet in more than one interface (PPTP interface and ether interface), you have a layer 2 conflict so you should help interface to decide ...
by gustavomam
Fri Jun 02, 2017 9:47 am
Forum: RouterBOARD hardware
Topic: RB951 Eth1 with link and no cable connnected
Replies: 3
Views: 400

Re: RB951 Eth1 with link and no cable connnected

Hi.

This behavior looks like if you have some of your port in master/slave with the switch chipset, did you remove this configuration from default config ?
by gustavomam
Thu Jun 01, 2017 5:20 pm
Forum: General
Topic: Which CPU frequency on RB951-2n? Site-wise or device-size false report?
Replies: 5
Views: 538

Re: Which CPU frequency on RB951-2n? Site-wise or device-size false report?

I think i have the answer! Your factory firmware is 2.39 and belongs to AR9330 CPU so, in this old version of hardware ( maybe the oldest RB951-2N) it has 360 Mhz, i remember had someone and i sold it a year ago. But what appears in routerboard.com is the latest version of hardware of RB951-2n that ...
by gustavomam
Thu Jun 01, 2017 5:09 pm
Forum: Wireless Networking
Topic: Connecting cAP Lite In Station While Broadcasting An SSID
Replies: 1
Views: 323

Re: Connecting cAP Lite In Station While Broadcasting An SSID

Hi.

I think it is not possible to have an access point and a client in the same physical wireless interface, even you have the option in mode tab

I have tried to and couldn't

Did some else have try it?
by gustavomam
Thu Jun 01, 2017 5:00 pm
Forum: General
Topic: Which CPU frequency on RB951-2n? Site-wise or device-size false report?
Replies: 5
Views: 538

Re: Which CPU frequency on RB951-2n? Site-wise or device-size false report?

OH! I now got it

Di you check /system resource ? which frequency appear ?

Do you have the latest routerOS ?
by gustavomam
Thu Jun 01, 2017 4:43 pm
Forum: General
Topic: Which CPU frequency on RB951-2n? Site-wise or device-size false report?
Replies: 5
Views: 538

Re: Which CPU frequency on RB951-2n? Site-wise or device-size false report?

Hi. The CPU nominal frequency is 400 Mhz. You can set a lower frequency, but increase the frequency i think it is not possible. Because is limit by CPU hardware. But you have to reboot your routerboard after apply the changes. Be aware, kernel could crash Read this post, what normunds said https://f...
by gustavomam
Thu Jun 01, 2017 4:23 pm
Forum: Scripting
Topic: Import graph
Replies: 1
Views: 303

Re: Import graph

Hi.

As far as i know it's not possible. That's why the best practice would be storage this info in external monitoring like Dude, Cacti, Opennms

The are some users that create his own graph using MikroTik API.
by gustavomam
Thu Jun 01, 2017 3:33 pm
Forum: Wireless Networking
Topic: Wireless Handover between two WLANs
Replies: 3
Views: 809

Re: Wireless Handover between two WLANs

Hi. In my house i have the same scenario What you are trying to do is called band-steering, this is not available as easily set button option in mikrotik, so you have to make it. If there is not control in Access Point side, the client will choose the better signal, But it depends too of the client ...
by gustavomam
Thu Jun 01, 2017 3:15 pm
Forum: General
Topic: Shared Folders
Replies: 15
Views: 2113

Re: Shared Folders

Hola Rey68 Como han comentado los otros foristas. Hay varias formas de hacerlo Si quieres conservar en la misma red a los usuarios wifi de los ethernet puedes mantener el bridge y crear reglas de drop entre grupos de usuarios que puedes definir en el address-list, puedes crear un grupo WIFI y otro l...
by gustavomam
Wed May 31, 2017 6:31 pm
Forum: General
Topic: Shared Folders
Replies: 15
Views: 2113

Re: Shared Folders

Hi.

You can add a firewall rule to achieve this target

/ip firewall filter add chain=forward in-interface=wifi out-interface=LAN action=drop

where wifi is the name of your access point interface, and LAN the name of your Ethernet interface

Regards.
by gustavomam
Wed May 31, 2017 5:01 pm
Forum: Beginner Basics
Topic: Static IP on Internet port not working
Replies: 2
Views: 609

Re: Static IP on Internet port not working

Maybe your ISP could block IPs that haven't been assigned yet You can try to change your mac-address interface to another and looks if you can see this Can you see in arp router table 10.0.0.1 mac address? Ping 10.0.0.1 if it doesn't work you can be block it in L3 Ping 8.8.8.8 if it doesn't work you...
by gustavomam
Wed May 31, 2017 10:15 am
Forum: Beginner Basics
Topic: MicroTik TRAINING
Replies: 1
Views: 276

Re: MicroTik TRAINING

Hi. You are in a good way, formal training is the best way to structure your knowledge. You can attend training in other country like Puerto Rico that have training in June, or some place near you. About the class and material, you can access these in formal training, and the only way to take certif...
by gustavomam
Wed May 31, 2017 9:59 am
Forum: The Dude
Topic: Feature Request - Password Profile to Assign to Items
Replies: 3
Views: 726

Re: Feature Request - Password Profile to Assign to Items

Hi.

I think this issue could be resolve using AAA authentication with freeradius, usermanager or other.

Change username/password in a server is easier than changing with scripting.
by gustavomam
Tue May 30, 2017 12:08 pm
Forum: Scripting
Topic: how can I connect hotspot using API?
Replies: 13
Views: 2045

Re: how can I connect hotspot using API?

If i understand what you want to do,

Do you want to test your captive portal out of your MikroTik network?

Maybe you can emulate a virtual host and connect a Layer 2 tunnel (EoIP) through CHR router to your MikroTIk Hotspot Router.
by gustavomam
Tue May 30, 2017 9:36 am
Forum: General
Topic: exception website or ip from bandwidth
Replies: 1
Views: 327

Re: exception website or ip from bandwidth

If you are using simple queue, you can set a new rule above your rules that match this specific traffic from bridge to ether2
by gustavomam
Tue May 30, 2017 9:28 am
Forum: Wireless Networking
Topic: When coming AC Wave2 chip?
Replies: 41
Views: 7674

Re: When coming AC Wave2 chip?

MikroTik haven't published the ppt slide yet.

This information is from my trainers colleagues, who attended Denver MUM.

Image
Image

Regards.
by gustavomam
Mon May 29, 2017 6:01 pm
Forum: Beginner Basics
Topic: Mobile phones unable to connect after enabling management protection
Replies: 7
Views: 968

Re: Mobile phones unable to connect after enabling management protection

You can use this
interface wireless set tx-power=10 wlan1
where "wlan1" is your interface wireless name and "10" is your tx-power level you want. If you have few walls you can have signal with low level power
by gustavomam
Mon May 29, 2017 11:52 am
Forum: General
Topic: Watchdog and manual disagrees
Replies: 2
Views: 527

Re: Watchdog and manual disagrees

Hi

You need to fill out your email settings in
/tool e-mail
set address=smtp.gmail.com from=<mail@gmail.com> password=abc1234 port=587 start-tls=yes user=mail@gmail.com
by gustavomam
Mon May 29, 2017 11:47 am
Forum: Scripting
Topic: send mail when ping is 200ms+
Replies: 45
Views: 3375

Re: send mail when ping is 200ms+

Hi.

This post could help you to fix it out.
viewtopic.php?t=82816
by gustavomam
Mon May 29, 2017 11:04 am
Forum: General
Topic: RB3011 High CPU usage
Replies: 9
Views: 2824

Re: RB3011 High CPU usage

You must have your connection tracking in auto or yes, in order fast path works
Did you check in tool profile which process was consuming your % CPU?
Remember fast path feature is for only TCP/UDP packets at this moment.
by gustavomam
Mon May 29, 2017 10:56 am
Forum: Beginner Basics
Topic: Mobile phones unable to connect after enabling management protection
Replies: 7
Views: 968

Re: Mobile phones unable to connect after enabling management protection

I am curious, do you have deauth attacks in a your home network?.

Maybe you can decrease your power level to have less attacks
by gustavomam
Mon May 29, 2017 10:53 am
Forum: Wireless Networking
Topic: When coming AC Wave2 chip?
Replies: 41
Views: 7674

Re: When coming AC Wave2 chip?

Looks like there are not news about AC Wave 2.

Only new in US MUM was a new chipset improvement of actual 802.11 ac wave 1 up to 700 mbps
by gustavomam
Fri May 26, 2017 12:48 pm
Forum: General
Topic: Multiple subnets/wans routing
Replies: 9
Views: 990

Re: Multiple subnets/wans routing

Try to add this firewal nat rules to your MikroTik Router

add action=masquerade chain=srcnat src-address=192.168.10.0/24
add action=masquerade chain=srcnat dst-address=192.168.10.0/24

If the ping works it confirms the problem is in Zyxel routing table.
by gustavomam
Fri May 26, 2017 11:47 am
Forum: General
Topic: DHCP assigned client cannot reach internet, the same manual configured yes
Replies: 3
Views: 310

Re: DHCP assigned client cannot reach internet, the same manual configured yes

Could be a layer 2 problem. Besides you can do it. You should'n have 2 networks in the same interface. That's why vlans exists because you have virtual LANs in the same physical interface or in other vendors you can use sub-interface, we don't have sub-interface in MikroTik, we have vlans to separat...
by gustavomam
Fri May 26, 2017 11:41 am
Forum: Scripting
Topic: PPPoe reconnect script?
Replies: 1
Views: 2489

Re: PPPoe reconnect script?

You can use a scheduler to run once at day with this script

/interface pppoe-client disable pppoe-client-WAN
:delay 2s
/interface pppoe-client enable pppoe-client-WAN

where "pppoe-client-WAN" is your client interface name
Regards.
by gustavomam
Fri May 26, 2017 11:31 am
Forum: General
Topic: Multiple subnets/wans routing
Replies: 9
Views: 990

Re: Multiple subnets/wans routing

From witch IP Adress are you trying to connect?
by gustavomam
Fri May 26, 2017 11:30 am
Forum: General
Topic: RB3011 High CPU usage
Replies: 9
Views: 2824

Re: RB3011 High CPU usage

Did you follow the instructions in PDF to allow this?, if packets are 0 you don't have no packets or no rules that match with this condition.
by gustavomam
Fri May 26, 2017 10:35 am
Forum: Beginner Basics
Topic: Mobile phones unable to connect after enabling management protection
Replies: 7
Views: 968

Re: Mobile phones unable to connect after enabling management protection

Does it a wifi network in a office?. What is the main propose?
You can secure your network
Using 802.1x authentication
Adding access-list for your MAC clients.

Prevent deauth attacks is a complex wifi problem,
https://www.cwnp.com/hacking-solutions- ... ntication/
by gustavomam
Fri May 26, 2017 9:43 am
Forum: General
Topic: Multiple subnets/wans routing
Replies: 9
Views: 990

Re: Multiple subnets/wans routing

Did you check if you have some firewall in Zyxel router?
by gustavomam
Thu May 25, 2017 10:59 am
Forum: General
Topic: Multiple subnets/wans routing
Replies: 9
Views: 990

Re: Multiple subnets/wans routing

You should add static route on Zyxel Router to access other routes.

If Zyxel have default route pointing internet, it couldn't access inside networks.

Regards.
by gustavomam
Thu May 25, 2017 10:04 am
Forum: Beginner Basics
Topic: Mobile phones unable to connect after enabling management protection
Replies: 7
Views: 968

Re: Mobile phones unable to connect after enabling management protection

Hi.

Remember management-protection feature is a proprietary security for MikroTik device. It means, if you mark as required only MikroTik device with the same management-protection key will connect.
by gustavomam
Thu May 25, 2017 9:59 am
Forum: General
Topic: Multiple subnets/wans routing
Replies: 9
Views: 990

Re: Multiple subnets/wans routing

Please explain better what you want to achieve.

Load balancing?
by gustavomam
Wed May 24, 2017 6:22 pm
Forum: Scripting
Topic: Scripting Help
Replies: 3
Views: 404

Re: Scripting Help

If you want to have fast failover, maybe you should check once per minute, but if you have flapping interface increase each 3-5 minutes or more.

You can implement tool netwatch and probe with a simple ping to the gateway, and then take actions to change routes.

Thank you for rate positive!
by gustavomam
Wed May 24, 2017 1:14 pm
Forum: Beginner Basics
Topic: cannot ping by hostname
Replies: 2
Views: 989

Re: cannot ping by hostname

If you want to ping host or PC names you can use WINs servers and set it in DHCP network settings.
by gustavomam
Wed May 24, 2017 11:42 am
Forum: General
Topic: RB3011 High CPU usage
Replies: 9
Views: 2824

Re: RB3011 High CPU usage

Hi.

Usually enabling fast path will be enough to solve this.

You can check here what you should do in your router.

https://mum.mikrotik.com//presentations ... 654925.pdf

Regards.
by gustavomam
Wed May 24, 2017 11:34 am
Forum: Scripting
Topic: Scripting Help
Replies: 3
Views: 404

Re: Scripting Help

Hi. I made the script, i hope it will be useful /ip route add dst-address=10.0.0.0/24 gateway=172.16.155.1 comment="route1" /ip route add dst-address=10.0.0.0/24 gateway=172.16.78.1 comment="route2" :global status7 [interface ethernet get ether7 running] :global status9 [interface ethernet get ether...
by gustavomam
Wed May 24, 2017 9:26 am
Forum: Wireless Networking
Topic: When coming AC Wave2 chip?
Replies: 41
Views: 7674

Re: When coming AC Wave2 chip?

I hope MikroTik will announce it in MUM Denver tomorrow
by gustavomam
Mon May 22, 2017 1:18 pm
Forum: Wireless Networking
Topic: Changeing interface in the CAPSMAN
Replies: 3
Views: 405

Re: Changeing interface in the CAPSMAN

The issue is that wireless interface "firewall" name access-list and connection-list, are checked all the time you refresh some changes that's why it have to drop all clients and then take it again. In ethernet, firewall is a complete separate module. Maybe you could ask for the new RouterOS feature...
by gustavomam
Mon May 22, 2017 10:44 am
Forum: Scripting
Topic: Scripts on hAP lite,
Replies: 1
Views: 629

Re: Scripts on hAP lite,

Hi.

Did you check if interface name are exactly the same in RB1100 and hAP lite?, usually if mismatch script fails.
by gustavomam
Mon May 22, 2017 10:03 am
Forum: Wireless Networking
Topic: Changeing interface in the CAPSMAN
Replies: 3
Views: 405

Re: Changeing interface in the CAPSMAN

I think you can't avoid this situation. It is like when you change some configuration in wireless interface without using capsman, all the clients will be disassociated and then connect again. Wireless interface should check if all conditions are able to accept the clients again, even if the only ch...
by gustavomam
Mon May 22, 2017 9:23 am
Forum: General
Topic: Limit a firewall rule (http redirect) to once per day?
Replies: 1
Views: 306

Re: Limit a firewall rule (http redirect) to once per day?

Did you try to implement an schedule with an script to accomplish this job?
by gustavomam
Fri May 19, 2017 3:38 pm
Forum: Scripting
Topic: Error sending email <filename.rsc>:error handling file
Replies: 4
Views: 925

Re: Error sending email <filename.rsc>:error handling file

Try to use fliname without space.
by gustavomam
Thu May 18, 2017 6:06 pm
Forum: Beginner Basics
Topic: Port Forwarding on HTTP
Replies: 6
Views: 545

Re: Port Forwarding on HTTP

I have never tried, but maybe you can use web-proxy to filter external users.
You can specify the URL you want to permit.
by gustavomam
Thu May 18, 2017 5:49 pm
Forum: Scripting
Topic: Count timed out pings
Replies: 2
Views: 319

Re: Count timed out pings

Hi.

You can use this
:global pingip
:set pingip [/ping 8.8.8.8 count=10]
ping pingip will return a global value, the difference between 10 ( total pings) will be timeout pings

Regards.
by gustavomam
Thu May 18, 2017 5:34 pm
Forum: Beginner Basics
Topic: Port Forwarding on HTTP
Replies: 6
Views: 545

Re: Port Forwarding on HTTP

Hi
You can filter src-address or address-list in your dst-nat rule.
It will be redundant your Apache rules, but is one way to do the job.

Regards
by gustavomam
Thu May 18, 2017 5:25 pm
Forum: Beginner Basics
Topic: Need help with Mikrotik RouterBoard RB951Ui
Replies: 1
Views: 265

Re: Need help with Mikrotik RouterBoard RB951Ui

Hello.

You can try with web proxy tool
/ip proxy access
add action=deny redirect-to=www.facebook.com/mypage
You must active web-proxy and use a redirect rule, you can guide here:
https://wiki.mikrotik.com/wiki/Manual:IP/Proxy
by gustavomam
Thu May 18, 2017 5:17 pm
Forum: Scripting
Topic: Error sending email <filename.rsc>:error handling file
Replies: 4
Views: 925

Re: Error sending email <filename.rsc>:error handling file

Hi.

I test your code and works for me, please tell me what is exactly the error to help you better.

Maybe your filename.rsc has to many words or especial characters.
by gustavomam
Thu May 04, 2017 7:29 pm
Forum: General
Topic: RouterOS Upgrade Question
Replies: 3
Views: 507

Re: RouterOS Upgrade Question

Hi. You can use your CCR 1009 as central upgrade source, having in file list .npk file of the architecture you have in your different routers and with scripting do the job. My advice is not upgrade your routers each time MT have a new update, unless you need and specific update feature or bug-fix. A...
by gustavomam
Wed Apr 19, 2017 8:52 am
Forum: Forwarding Protocols
Topic: Same packets over different ISP's for reliability possible?
Replies: 3
Views: 494

Re: Same packets over different ISP's for reliability possible?

Hi.

I didn't try it. But i can give you some ideas, you could use routing igm-proxy to route multicast packages using GRE interfaces.
https://wiki.mikrotik.com/wiki/Manual:R ... IGMP-Proxy

Regards.
by gustavomam
Tue Apr 18, 2017 8:12 pm
Forum: Scripting
Topic: capsman registration details
Replies: 2
Views: 987

Re: capsman registration details

HI gramels

I made this script on weekend, check my post.

viewtopic.php?f=9&t=120818
by gustavomam
Tue Apr 18, 2017 6:47 pm
Forum: General
Topic: separate vlan for trial users in HotSpot
Replies: 1
Views: 328

Re: separate vlan for trial users in HotSpot

Hi.

You can assign VLAN with radius.

Check this out, it will help you.
by gustavomam
Mon Apr 17, 2017 9:46 pm
Forum: Scripting
Topic: Capsman registration identify with dhcp lease comment
Replies: 6
Views: 1747

Re: Capsman registration identify with dhcp lease comment

Hi. Maybe you don't undearstand my point. I don't rename the CAPs, i only use comment of lease to comment wich device is connected in CAPs. Here you have some pictures to ilustrate my script. https://dl.dropboxusercontent.com/u/3989582/cAP/Access_list.png https://dl.dropboxusercontent.com/u/3989582/...
by gustavomam
Mon Apr 17, 2017 6:16 pm
Forum: General
Topic: ECMP routing shows @unknown at Gateways
Replies: 1
Views: 351

Re: ECMP routing shows @unknown at Gateways

Hi.

This happens when router didn't find the interface you have already add. Maybe if you disconnect your USB modem the interface could disappear in interface list.
by gustavomam
Mon Apr 17, 2017 1:12 pm
Forum: Scripting
Topic: Capsman registration identify with dhcp lease comment
Replies: 6
Views: 1747

Capsman registration identify with dhcp lease comment

Hi everyone. This weekend i was working in a script that someone asked in the forum, i couldn't find the topic, so here you have Is useful to know who is connect in which access point in Capsman. Capsman only shows mac-address, so this script search this mac-adress in dhcp-lease and create an access...
by gustavomam
Mon Apr 17, 2017 12:52 pm
Forum: Forwarding Protocols
Topic: Site to Site VPN with Dynamic IP
Replies: 3
Views: 7791

Re: Site to Site VPN with Dynamic IP

Hi. MikroTik have already implement a feature to help in this situations ip cloud set ddns-enabled=yes You can track your dynamic IP through serial number ip cloud print ddns-enabled: yes update-time: yes public-address: "your public IP" dns-name: "your router serial number".sn.mynetname.net status:...
by gustavomam
Wed Apr 12, 2017 6:06 pm
Forum: RouterBOARD hardware
Topic: CCR Wish list
Replies: 1
Views: 417

Re: CCR Wish list

Agree with #3
and i would like to add to your list multi-gigabit ethernet ports support (2.5-5 Gbps) in standards IEEE 802.3bz, NBASE-T and MGBASE-T
by gustavomam
Wed Apr 12, 2017 5:20 pm
Forum: Beginner Basics
Topic: scheduler to control hotspot
Replies: 1
Views: 317

Re: scheduler to control hotspot

Hi.

You can use this
/system scheduler
add interval=1d name=on_portal on-event="/ip hotspot enable name_portal" start-time=10:00:00
add interval=1d name=off_portal on-event="/ip hotspot disable name_portal" start-time=23:00:00
Regards
by gustavomam
Wed Apr 12, 2017 9:52 am
Forum: RouterBOARD hardware
Topic: Mikrotik Hardware for 50 to 150 Users?
Replies: 8
Views: 4712

Re: Mikrotik Hardware for 50 to 150 Users?

It is not a easy answer. It depends in how much traffic will the router handle per client.
  • If you are using queue buffering will take part of RAM
    If you are using tracking connection will take part of RAM
by gustavomam
Mon Apr 10, 2017 6:37 pm
Forum: Beginner Basics
Topic: How to ban an hotspot trial user ??
Replies: 6
Views: 807

Re: How to ban an hotspot trial user ??

Could not be easy. The administrator have to be 24/7 looking the active hotspot users?
Its easier to make a white list of users and bypass it from hotspot, in other case why do you need hotspot if you only want to give service to know users?
by gustavomam
Mon Apr 10, 2017 5:31 pm
Forum: Beginner Basics
Topic: How to ban an hotspot trial user ??
Replies: 6
Views: 807

Re: How to ban an hotspot trial user ??

You can achieve this through a script.

The problem is how you identify "rouge" client and normal users ?
by gustavomam
Mon Apr 10, 2017 2:54 pm
Forum: Beginner Basics
Topic: How to ban an hotspot trial user ??
Replies: 6
Views: 807

Re: How to ban an hotspot trial user ??

Hello.

You can use this
/ip hotspot user remove [find where dynamic ]
Regards.
by gustavomam
Mon Apr 10, 2017 1:40 pm
Forum: RouterBOARD hardware
Topic: Mikrotik Hardware for 50 to 150 Users?
Replies: 8
Views: 4712

Re: Mikrotik Hardware for 50 to 150 Users?

Hi Elgoncalo..

This https://routerboard.com/RB750Gr3 high performance for up to 200 users low cost 59.95 USD (2 core x 880 Mhz and 256 MB RAM)
This https://routerboard.com/RB3011UiAS-RM very high performance up to 500 ppoe users 179.00 USD (2 core x 1.4 Ghz and 1 GB RAM)

Regards.
by gustavomam
Thu Apr 06, 2017 3:10 pm
Forum: Beginner Basics
Topic: Hello all
Replies: 4
Views: 627

Re: Hello all

Welcome Ava

The best way to learn is: help answer someone else in the topics that you have already know. This way you will be rolling the wheel.

Regars.
by gustavomam
Thu Apr 06, 2017 3:06 pm
Forum: Virtualization
Topic: Mikrotik as router
Replies: 1
Views: 665

Re: Mikrotik as router

Hello Clack

In the past year MikroTik made a version dedicated to this use.You can have it in Amazon Cloud too.
You can see CHR info here
https://wiki.mikrotik.com/wiki/Manual:CHR
by gustavomam
Thu Mar 30, 2017 9:40 am
Forum: Beginner Basics
Topic: HotSpot default HTML
Replies: 2
Views: 2929

Re: HotSpot default HTML

Hi miloslukic1991

With this command
/ip hotspot reset-html server_name
Regards
by gustavomam
Fri Mar 24, 2017 11:01 am
Forum: RouterBOARD hardware
Topic: RB922 shows no wireless
Replies: 9
Views: 1040

Re: RB922 shows no wireless

You can uninstall and them install only wireless package of RouterOS
by gustavomam
Tue Mar 21, 2017 5:16 pm
Forum: Forwarding Protocols
Topic: OSPF cost on dynamic interfaces
Replies: 6
Views: 2304

Re: OSPF cost on dynamic interfaces

Hi.

For this you will need to make static interfaces for your VPN client or server and then create as interface in OSPF interface list in order to set up a cost.

Otherwise you only will have default cost.

Regards
by gustavomam
Tue Mar 21, 2017 3:00 pm
Forum: Scripting
Topic: Send list of active connections to email
Replies: 4
Views: 722

Re: Send list of active connections to email

Sorry for my delay, i was to busy You can use something like that /ip firewall connection print file=conex where src-address~"1.2.3.4" /tool e-mail send to="mail@gmail.com" from="conex TO MAIL" file=conex.txt In this case it will send you all what is in connection tracking with 1.2.3.4 src-address I...
by gustavomam
Wed Mar 15, 2017 11:07 am
Forum: Beginner Basics
Topic: Vpn with 2 wan with failover
Replies: 9
Views: 3830

Re: Vpn with 2 wan with failover

Hi,

Did you try setting distance=1 to primary and distance=2 to backup in /ip route?
by gustavomam
Mon Mar 13, 2017 5:22 pm
Forum: Scripting
Topic: Send list of active connections to email
Replies: 4
Views: 722

Re: Send list of active connections to email

Hello. You can use this First configure your mail settings /tool e-mail set address=smtp.gmail.com from=<from@gmail.com> password=passw0rd port=587 start-tls=yes user=from@gmail.com Then schedule the script with the frequency you need. /ip firewall connection print file=conex /tool e-mail send to="m...
by gustavomam
Fri Mar 10, 2017 1:13 pm
Forum: General
Topic: Walet Garden
Replies: 4
Views: 463

Re: Walet Garden

Hi.

ip firewall filter add chain=forward dst-address-list=facebook action=drop

here you have IP of Facebook ASN

http://bgp.he.net/AS32934#_prefixes

Regards
by gustavomam
Thu Mar 09, 2017 10:57 am
Forum: General
Topic: New IP address on DHCP release
Replies: 10
Views: 2697

Re: New IP address on DHCP release

DHCP server must check if someone have the IP before assign it, no matter if some device has static or dynamic
by gustavomam
Wed Mar 08, 2017 11:20 am
Forum: Beginner Basics
Topic: Hyper-V and Mikrotik
Replies: 3
Views: 2099

Re: Hyper-V and Mikrotik

Hi.

It will be possible with CHR routerOS version, check it out: https://wiki.mikrotik.com/wiki/Manual:C ... stallation
by gustavomam
Wed Mar 08, 2017 10:11 am
Forum: RouterBOARD hardware
Topic: user manager RB3011UiAS-RM
Replies: 3
Views: 2019

Re: user manager RB3011UiAS-RM

I don't know why MT release only usermanager in this specific version https://download2.mikrotik.com/routeros/6.33.3/all_packages-arm-6.33.3.zip . I don't recommend you to downgrade to 6.33 you won't be able to upgrade RouterOS including usermanager package up the V7 release. If you are sure with th...
by gustavomam
Tue Mar 07, 2017 6:30 pm
Forum: General
Topic: New IP address on DHCP release
Replies: 10
Views: 2697

Re: New IP address on DHCP release

You can make and scheduler each minute to invoke this script
/ip dhcp-server lease remove [find dynamic]
by gustavomam
Tue Mar 07, 2017 12:02 pm
Forum: General
Topic: CAPsMAN add WDS MESH/Repeater
Replies: 1
Views: 2719

Re: CAPsMAN add WDS MESH/Repeater

Hi

Capsman only support AP mode for radios, maybe MikroTik already have in capsman roadmap this functionality for MESH (dynamic WDS interface, etc)
by gustavomam
Tue Mar 07, 2017 9:34 am
Forum: RouterBOARD hardware
Topic: user manager RB3011UiAS-RM
Replies: 3
Views: 2019

Re: user manager RB3011UiAS-RM

Hello.

RB3011 has ARM architecture so it doesn't have usermanager package :( , maybe for RouterOS V7

Related topic viewtopic.php?t=104464

Regards
by gustavomam
Mon Mar 06, 2017 12:25 pm
Forum: Scripting
Topic: Disable/enable ether port via script
Replies: 4
Views: 3443

Re: Disable/enable ether port via script

Hi dipdip. Here you have the script: You only need to replace ether5 for your interface name /interface ethernet monitor ether5 once do={ :if ($rate = "100Mbps") do={ /interface ethernet set ether5 disabled=yes :delay 5s /interface ethernet set ether5 disabled=no :log info message="ether5 reset by s...
by gustavomam
Mon Mar 06, 2017 11:47 am
Forum: Beginner Basics
Topic: Bypass VPN for Netflix?
Replies: 15
Views: 6952

Re: Bypass VPN for Netflix?

Hi.

I think Netflix blocks almost all VPN service.

You can try using strongdns service,
by gustavomam
Fri Mar 03, 2017 12:52 pm
Forum: General
Topic: [SOLVED] No downgrade possible because not enough free RAM
Replies: 6
Views: 1546

Re: No downgrade possible because not enough free RAM

Hi. New Routerboard only have 16 MB of flash memory. You can make downgrade or upgrade uploading files to RAM too (this function is available recently), if you try in flash it will fail. You can try upload new RouterOS version using netinstall. Remember it will erase all your files in memory so you ...
by gustavomam
Thu Mar 02, 2017 9:46 am
Forum: Scripting
Topic: Scripted /ip address enable/disable ?
Replies: 2
Views: 1672

Re: Scripted /ip address enable/disable ?

Hello mada3k.

You are missing " " in the IP address

Try

/ip address enable [find address="192.168.34.1/24"]
/ip address enable [find address="192.168.35.1/24"]

regards.
by gustavomam
Thu Mar 02, 2017 9:39 am
Forum: Forwarding Protocols
Topic: MikroTik Routing Process Clarification
Replies: 1
Views: 411

Re: MikroTik Routing Process Clarification

Hi Rafael, glad to see you in the forum. This topic is covered in this presentation https://mum.mikrotik.com//presentations/RU14/megis.pdf It looks like all routing protocols run (table updates and protocols calculations) in a single core. As you can see MikroTik have the promise that multi-core fun...
by gustavomam
Tue Feb 28, 2017 11:16 am
Forum: Wireless Networking
Topic: Wireless problem in phone
Replies: 11
Views: 1505

Re: Wireless problem in phone

There is nothing wear in configuration file.

Have you try to connect your cell phone in another brand or MikroTik access point? .

The problem could be your phone
by gustavomam
Tue Feb 28, 2017 10:38 am
Forum: Wireless Networking
Topic: Wireless problem in phone
Replies: 11
Views: 1505

Re: Wireless problem in phone

Do you have some firewall rules in your router?

Please make complete export of your configuration
by gustavomam
Tue Feb 28, 2017 10:14 am
Forum: Wireless Networking
Topic: Wireless problem in phone
Replies: 11
Views: 1505

Re: Wireless problem in phone

If your wifi problem is with a MikroTik Router. It is necessary to watch system log to check what's happend
by gustavomam
Mon Feb 27, 2017 5:04 pm
Forum: General
Topic: Walet Garden
Replies: 4
Views: 463

Re: Walet Garden

If you are working with BGP you can make routing-filters to block this AS.

With hotspot is easier to make an address-list in firewall filter with Facebook AS IP address.
by gustavomam
Mon Feb 27, 2017 5:01 pm
Forum: Wireless Networking
Topic: Wireless problem in phone
Replies: 11
Views: 1505

Re: Wireless problem in phone

Hi.

Did you log mikotik wireless interface?
by gustavomam
Fri Feb 24, 2017 10:06 am
Forum: General
Topic: need more dhcp adresses for the hotspot function
Replies: 6
Views: 738

Re: need more dhcp adresses for the hotspot function

Hi 10.5.50.0/22 is not possible network cause 50 in binary 00110010 is a host address for 3th byte so you can not use as network address. IP Range 10.5.48.1 - 10.5.51.254 so 10.5.50.0/22 is a IP between range. 1022 host available 10.5.48.1/22 should be the gateway ( IP address on interface) 10.5.50....
by gustavomam
Thu Feb 23, 2017 5:24 pm
Forum: Beginner Basics
Topic: Layer 7 firewall filter-log
Replies: 5
Views: 848

Re: Layer 7 firewall filter-log

The think is that an IP could not warranty an URL.

Many URLs could resolve an IP, and IP can be resolve in many URLs

Even worse, the IP could belong to an Content Delivery Network (CDN) and work for multiple networks sites.

You can use this page instead

https://mxtoolbox.com/ReverseLookup.aspx
by gustavomam
Thu Feb 23, 2017 5:05 pm
Forum: Beginner Basics
Topic: Layer 7 firewall filter-log
Replies: 5
Views: 848

Re: Layer 7 firewall filter-log

check this link, it will help you to identify the IP origin

http://cqcounter.com/whois/
by gustavomam
Thu Feb 23, 2017 5:02 pm
Forum: Scripting
Topic: Block all website except google traffic
Replies: 2
Views: 691

Re: Block all website except google traffic

Hello.

You can try permit traffic IP to and from this IP

http://bgp.he.net/AS15169#_prefixes

http://bgp.he.net/AS43515#_prefixes

The problem i can see is when this pages call another one ( gadgets, plugins, etc) the page won't look good.

Try and tell us what happened.
by gustavomam
Thu Feb 23, 2017 3:10 pm
Forum: General
Topic: Help on router
Replies: 3
Views: 565

Re: Help on router

This router will be great for your solutions
https://routerboard.com/CCR1009-7G-1C-PC

It is cost-efective
by gustavomam
Thu Feb 23, 2017 2:26 pm
Forum: Wireless Networking
Topic: Unable to get to SXT's settings
Replies: 5
Views: 403

Re: Unable to get to SXT's settings

Did you try to connect via mac-telnet?
by gustavomam
Thu Feb 23, 2017 2:07 pm
Forum: Wireless Networking
Topic: Unable to get to SXT's settings
Replies: 5
Views: 403

Re: Unable to connect to SXT

Change your SXT to station-bridge to access it.
by gustavomam
Thu Feb 23, 2017 1:56 pm
Forum: General
Topic: [SOLVED] How to add allowed IP for isolated LANs?
Replies: 2
Views: 335

Re: How to add allowed IP for isolated LANs?

You could insert a rule before what you have blocking the specific IP you want to allow
ip firewall filter add chain=forward src-address=10.0.200.15 dst-address=192.168.2.33 action=accept
.
.
.
.
ip firewall filter add chain=forward src-address=10.0.200.0/24 dst-address=192.168.2.0/24 action=drop
by gustavomam
Thu Feb 23, 2017 10:21 am
Forum: Beginner Basics
Topic: Disable dhcp ethernet (not wifi)
Replies: 3
Views: 582

Re: Disable dhcp ethernet (not wifi)

If you have both in bridge for DHCP. You can use bridge filter to allow only DHCP request in WIFI interface

Here is a post that will help you
https://aacable.wordpress.com/2013/02/2 ... ik-bridge/
by gustavomam
Thu Feb 23, 2017 9:18 am
Forum: Wireless Networking
Topic: Advice wanted
Replies: 6
Views: 588

Re: Advice wanted

It is not a rule more access point. If you have to much users density is better. For example if you have more than 30 devices per floor you may use more than 1 WAP to share associated devices. About roaming MT have been working to improve it with CAPSMAN, i think it works good. I agree with @baragoo...
by gustavomam
Wed Feb 22, 2017 6:01 pm
Forum: Wireless Networking
Topic: Advice wanted
Replies: 6
Views: 588

Re: Advice wanted

There are not simple answer for this question. It depends of the building architecture. - Wall density - Windows Size - Space you like to cover (meters) - Obstacles inside In the mayor case is better more access point with proper location (you can try some wifi site surve simulator) with power and c...
by gustavomam
Wed Feb 22, 2017 11:00 am
Forum: Wireless Networking
Topic: adding to access List Issue
Replies: 3
Views: 376

Re: adding to access List Issue

Hi.

It is totally normal. When you have done changes in wireless interface it will refresh settings and wireless client will disconnect.

In access-list is more necessary because you need to check conditions of clients who would like to connect.
by gustavomam
Tue Feb 21, 2017 11:54 am
Forum: General
Topic: need more dhcp adresses for the hotspot function
Replies: 6
Views: 738

Re: need more dhcp adresses for the hotspot function

You can use another IP address.

Use 172.16.0.1/16 will provide 65534 IP address
by gustavomam
Tue Feb 21, 2017 11:37 am
Forum: General
Topic: queue rules for IPTV
Replies: 2
Views: 1712

Re: queue rules for IPTV

Hi.

You can force to reset established previous connection in the connection tracking erasing all connections of IPTV

Mangle only works with new connections, if there is a established won't mark it
by gustavomam
Fri Feb 17, 2017 10:21 am
Forum: Forwarding Protocols
Topic: OSPF - what to put in one area
Replies: 3
Views: 718

Re: OSPF - what to put in one area

You need areas to join certain group of routers inside an Autonomous System Some vendors recommend to join in groups of 40-50, i have done deployment with 5-10 of router per area and it works fine. There are to many advantages of this: Summarize networks to send only sumarize route to backbone area ...
by gustavomam
Fri Feb 17, 2017 9:55 am
Forum: RouterBOARD hardware
Topic: Some features support
Replies: 1
Views: 282

Re: Some features support

Hi. All routerboard will support VRRP, RIP, OSPF with routing packet active. MetaRouter can be used on RB400, RB700 series except models with SPI flash, RB900 series except models with SPI flash, RB2011 boards Listed PPC boards: RB1000, RB1100, RB1100AH and RB800. Multicast needs multicast package a...
by gustavomam
Fri Feb 17, 2017 9:13 am
Forum: General
Topic: Moving to a new router, unable to transfer the configuration
Replies: 5
Views: 1487

Re: Moving to a new router, unable to transfer the configuration

You can reach through MAC address in winbox.

Other thing i forgot, if you restore a backup from another router you will copy the mac-address to, so you will need to reset mac address in order to have the original one.
by gustavomam
Fri Feb 17, 2017 9:09 am
Forum: General
Topic: AC WAVE2
Replies: 4
Views: 1924

Re: AC WAVE2

but if we have AC2 will reach more than 1 Gbps. Do you think two Gb ports with bonding will be enough?
by gustavomam
Thu Feb 16, 2017 6:33 pm
Forum: Wireless Networking
Topic: Purpose of wds-slave?
Replies: 2
Views: 873

Re: Purpose of wds-slave?

Hi. wds-slave is a kind of AP and its purpose is for mesh deployment. It can scan frequency define in scan-list and connect to an Access Point in the new frequency (this couldn't been achieve by a simple AP in AP bridge mode). It can connect with another AP, wds-slave or device which need wireless s...
by gustavomam
Thu Feb 16, 2017 10:04 am
Forum: General
Topic: queue simple parent rules on Ros6
Replies: 2
Views: 701

Re: queue simple parent rules on Ros6

Hi.

If you want to have multiple parent working: queue tree is the answer
by gustavomam
Wed Feb 15, 2017 7:43 pm
Forum: Wireless Networking
Topic: (i) beacon support?
Replies: 1
Views: 558

Re: (i) beacon support?

I agree with you. I hope MikroTik have information about beacons in wireless interface soon, i am waiting for it. In other post i answer if some have information about Atheros chipset driver itself to check inside RouterOS if something is possible. We could implement band steering function if we had...
by gustavomam
Wed Feb 15, 2017 7:36 pm
Forum: General
Topic: Default routes dependant upon the source subnet? (RB750Gr2)
Replies: 1
Views: 286

Re: Default routes dependant upon the source subnet? (RB750Gr2)

Hello.

You can use routing mark to get this job.

Check this out http://wiki.mikrotik.com/wiki/Policy_Base_Routing
by gustavomam
Wed Feb 15, 2017 7:33 pm
Forum: General
Topic: Changing \ Updating Dynamic Queue ?
Replies: 4
Views: 693

Re: Changing \ Updating Dynamic Queue ?

Why you don't try use manual entry instead dynamic? . Maybe you will have more advantages than disadvantages.
by gustavomam
Wed Feb 15, 2017 7:31 pm
Forum: General
Topic: Moving to a new router, unable to transfer the configuration
Replies: 5
Views: 1487

Re: Moving to a new router, unable to transfer the configuration

Hello Hamradio. Backup file warranty function in the same conditions of hardware, routerOS Version and architecture. In your case you don't have no one ( in some case you can use .backup in different routerboards but i do not recommend you) First of all upgrade both routerOS the latest one The expor...
by gustavomam
Wed Feb 15, 2017 6:58 pm
Forum: General
Topic: V7 ....
Replies: 23
Views: 6106

Re: V7 ....

I agree with 49er

RouterOS V5 and V6 (with new features and support) works well, no matter how much time takes V7 to be release.

Is more important a V7 rechecked very well than V7 in beta release for many time with to many bugs.
by gustavomam
Wed Feb 15, 2017 6:11 pm
Forum: General
Topic: Changing \ Updating Dynamic Queue ?
Replies: 4
Views: 693

Re: Changing \ Updating Dynamic Queue ?

Hi Sinan.

It is not possible to edit a dynamic queue entry.

Maybe you could try edit where it is called like hotspot or PPP profile and then reload the user to take change.
by gustavomam
Wed Feb 15, 2017 11:55 am
Forum: Wireless Networking
Topic: Authenticating on the wifi that needs user/pass
Replies: 6
Views: 690

Re: Authenticating on the wifi that needs user/pass

Hi.

You can use Ip hotspot option available on RouterOS, dependents on Level you can use more users
L4 up to 200 active users
L5 up to 500 active users
L6 unlimited by software (limited by hardware performance)
by gustavomam
Fri Feb 10, 2017 9:49 am
Forum: Beginner Basics
Topic: history statistics
Replies: 3
Views: 614

Re: history statistics

Hello Malamaka.

This link will help you http://www.ntop.org/ntopng/how-to-analy ... ng-ntopng/

NTOP do the job and show powerful graphics with your network traffic
by gustavomam
Fri Feb 10, 2017 9:41 am
Forum: General
Topic: PPPoE active connection limit per routerboard
Replies: 1
Views: 390

Re: PPPoE active connection limit per routerboard

Hi. So only could make a script to check this
ppp active print count-only where service="pppoe"
and compare with your maximum value of pppoe sessions
by gustavomam
Fri Feb 10, 2017 9:22 am
Forum: Beginner Basics
Topic: help
Replies: 1
Views: 258

Re: help

There is not problem U13cs3002, only you have to do is make netinstall procedure to recover your routerOS
by gustavomam
Fri Feb 10, 2017 9:20 am
Forum: Beginner Basics
Topic: Hotspot problem - android opens google
Replies: 1
Views: 2270

Re: Hotspot problem - android opens google

Hi hurymark

This is a common problem with hotspot, you can check this topic http://forum.mikrotik.com/viewtopic.php?t=81683
by gustavomam
Fri Feb 10, 2017 9:14 am
Forum: Beginner Basics
Topic: Need Help, RB941 Cant Connect to Internet
Replies: 4
Views: 517

Re: Need Help, RB941 Cant Connect to Internet

Please check if your DNS 192.168.0.105 is working

You can disable transparent proxy on your hoptspot profile
by gustavomam
Thu Feb 09, 2017 11:37 am
Forum: Beginner Basics
Topic: Port Forward from USB 3G to LAN ports
Replies: 1
Views: 399

Re: Port Forward from USB 3G to LAN ports

If you have a routable Public IP address from your ISP. You need to check if it have open ports and their are visible outside.
You can use this
http://www.canyouseeme.org/ or other page instead.
by gustavomam
Thu Feb 09, 2017 11:33 am
Forum: Beginner Basics
Topic: SOHO WIFI for multiy story house
Replies: 4
Views: 691

Re: SOHO WIFI for multiy story house

Hi DjJohnny Let me answer your questions A.- In terms of performance and functionality RB962UiGS-5HacT2HnT is much better than RB2011UiAS-2HnD-IN. In my opinion you have better test results in traffic, 2 excellent wlan interfaces with Triple chain each. B.- There is not problem, Capsman will work in...
by gustavomam
Thu Feb 09, 2017 11:14 am
Forum: Beginner Basics
Topic: Dynamic DNS server
Replies: 2
Views: 1650

Re: Dynamic DNS server

H Humlas

If your ISP changed DHCP settings you can not enter other DNS in Dynamic Server field. You can avoid it using use-peer-dns=no in dhcp-client so you can add static entries.

As far i know MikroTik would prefer dynamic over static entries in DNS settings.
by gustavomam
Thu Feb 09, 2017 9:34 am
Forum: Wireless Networking
Topic: Same SSID different frequencies
Replies: 5
Views: 1170

Re: Same SSID different frequencies

I would like to make a script to make band steering with mikrotik. Do anyone have information about atheros chipset beacon drivers?
by gustavomam
Thu Feb 09, 2017 9:27 am
Forum: General
Topic: Route needed with L2TP VPN
Replies: 4
Views: 2817

Re: Route needed with L2TP VPN

Im not sure if you can do it that way with Ipsec policy with openvpn you can as well
by gustavomam
Wed Feb 08, 2017 12:00 pm
Forum: General
Topic: Route needed with L2TP VPN
Replies: 4
Views: 2817

Re: Route needed with L2TP VPN

by gustavomam
Wed Feb 08, 2017 10:58 am
Forum: RouterBOARD hardware
Topic: Hap AC speed and connection issues
Replies: 9
Views: 1586

Re: Hap AC speed and connection issues

Sometimes Windows make transfer slower.

Do you have some firewall checking the files?
Are you using some file transfer program?. You should try teracopy
by gustavomam
Wed Feb 08, 2017 10:40 am
Forum: Wireless Networking
Topic: Same SSID different frequencies
Replies: 5
Views: 1170

Re: Same SSID different frequencies

Hi Tambakti CPE choose by default the best signal strength. You can influence that using connect-list (if you are using mikrotik CPE) or you should force then from Access Point using access-list I recently can see some smartphone choose 5 Ghz signal if they have the same SSID from 2.4 and 5 Ghz sign...
by gustavomam
Wed Feb 08, 2017 9:39 am
Forum: Beginner Basics
Topic: Need Help, RB941 Cant Connect to Internet
Replies: 4
Views: 517

Re: Need Help, RB941 Cant Connect to Internet

Hi WMRX You should remove interface ether2-master-local and wlan1 from bridge, because your using it with different subnets, and if you are using Dhcp-server or hotspot couldn't belong to a bridge interface by itself Why are you using different gateways in the same subnet?, i think you only need one...
by gustavomam
Tue Feb 07, 2017 11:31 am
Forum: General
Topic: DHCP-Server + radius + add arp
Replies: 1
Views: 322

Re: DHCP-Server + radius + add arp

Hi Gutzeit
As far as i know the option add arp is not a predefined function in DHCP-SERVER RFC
Maybe it could explain why is not working whith freeradius.
by gustavomam
Tue Feb 07, 2017 11:05 am
Forum: Forwarding Protocols
Topic: Multi ip address on interface confuses bgp
Replies: 1
Views: 462

Re: Multi ip address on interface confuses bgp

Hi. I think with 2 IP address in a single interface will confuse many protocols, even BGP. In other vendors this is not possible for this reason. In MikroTik You usually use vlan or bridge interface to have this funcionality. update-source works better when it belongs to a bridge interface. Maybe if...
by gustavomam
Mon Feb 06, 2017 5:41 pm
Forum: General
Topic: Several allowed addresses on Tools/Graphing
Replies: 1
Views: 256

Re: Several allowed addresses on Tools/Graphing

From the menu allowed address is not possible.

You should use firewall filter input rule with address list allowed to your http port on MikroTik.
by gustavomam
Mon Feb 06, 2017 2:40 pm
Forum: General
Topic: MikroTik Neighbor Discovery Protocol (MNDP) documentation?
Replies: 3
Views: 1364

Re: MikroTik Neighbor Discovery Protocol (MNDP) documentation?

I think is part of standard Link Layer Discovery Protocol (http://www.ieee802.org/1/files/public/d ... erview.pdf) using TLV format of each vendor

It explains why you can see neighbors from other vendors like HP, Cisco, Ubiquiti, etc
by gustavomam
Mon Feb 06, 2017 1:06 pm
Forum: Beginner Basics
Topic: Firewall NAT error
Replies: 5
Views: 536

Re: Firewall NAT error

In the newest version of RouterOs, this message is because you have wlan or some port inside a bridge. You need to apply the rule to the bridge

I you want two independent networks you can't have bridge ports. In order to have to different subnet you need an IP segment for each port or vlan
by gustavomam
Mon Feb 06, 2017 11:57 am
Forum: General
Topic: Default password not working after factory reset
Replies: 2
Views: 1611

Re: Default password not working after factory reset

Hello Probabily the vendor make a propietary default configuration, so when you use /system reset-configuration no-default=yes you are using the configuration of your vendor instead default configuration from mikrotik device. You can try making netinstall to format routerOS software and configuration.
by gustavomam
Mon Feb 06, 2017 11:30 am
Forum: Forwarding Protocols
Topic: LOAD BALANCING PPPoE SAME ISP
Replies: 1
Views: 740

Re: LOAD BALANCING PPPoE SAME ISP

You have to use % simbol in order to fix this problem

/ip route
add gateway=10.1.101.1%ether1 routing-mark=first
add gateway=10.1.101.1%ether2 routing-mark=other

Here it is the complete articule about this

http://wiki.mikrotik.com/wiki/Manual:Lo ... bnet_links
by gustavomam
Mon Feb 06, 2017 11:21 am
Forum: Beginner Basics
Topic: --
Replies: 1
Views: 291

Re: hi i need help with my project

Hi.

You can limit transfer file size with connection-bytes option in /ip firewall filter
by gustavomam
Mon Feb 06, 2017 10:51 am
Forum: Beginner Basics
Topic: Firewall NAT error
Replies: 5
Views: 536

Re: Firewall NAT error

Hi.

I can't see your picture. Can you export your firewall configuration?
by gustavomam
Wed Jan 25, 2017 1:43 pm
Forum: General
Topic: ip firewall mangle vs. interface bridge filter
Replies: 2
Views: 849

Re: ip firewall mangle vs. interface bridge filter

In wireless comunications is very important use Layer 2 priority.

You can see this post: http://forum.mikrotik.com/viewtopic.php?t=117225
by gustavomam
Wed Jan 25, 2017 10:17 am
Forum: General
Topic: Cannot Ping Gateway from VLAN Bridge
Replies: 2
Views: 827

Re: Cannot Ping Gateway from VLAN Bridge

I think you should have a ARP problem

Repeat the ping meawhile you are checking routers ARP table.
by gustavomam
Wed Jan 25, 2017 10:02 am
Forum: RouterBOARD hardware
Topic: VPN performance of different RBs
Replies: 16
Views: 14137

Re: VPN performance of different RBs

I think MikroTik people is very cautious to make a "buyer's guide" cause there are to many combination of situations inside RouterBoard hardware.

I will be useful something like a matrix of routerboard capabilities.
by gustavomam
Wed Jan 25, 2017 9:52 am
Forum: Wireless Networking
Topic: Priorize voip traffic in point-to-point wireless link
Replies: 10
Views: 1742

Re: Priorize voip traffic in point-to-point wireless link

This presentation in english from Lutz Kleemann will help you guys.

http://mum.mikrotik.com/presentations/US13/lutz.pdf
by gustavomam
Tue Jan 24, 2017 12:44 pm
Forum: Wireless Networking
Topic: Extending wireless on RB2011UiAS-2HnD-IN
Replies: 6
Views: 734

Re: Extending wireless on RB2011UiAS-2HnD-IN

No. It have to be RouterOS device in order works.

In the market as far as i know, there is not a multivendor WIFI controller.

All I know are propietary with their brands.
by gustavomam
Tue Jan 24, 2017 12:40 pm
Forum: RouterBOARD hardware
Topic: VPN performance of different RBs
Replies: 16
Views: 14137

Re: VPN performance of different RBs

Hello.

I found a time ago this articule, i think it can help you

http://rickfreyconsulting.com/mikrotik-vpns/

Is from Rick Frey
by gustavomam
Tue Jan 24, 2017 12:16 pm
Forum: Wireless Networking
Topic: Extending wireless on RB2011UiAS-2HnD-IN
Replies: 6
Views: 734

Re: Extending wireless on RB2011UiAS-2HnD-IN

Yes of course.

All MikroTik model with interface wireless and L4 license will works with Capsman.

Capsman is going to make your life better for sure, adding WIFI device as much as you want.
by gustavomam
Tue Jan 24, 2017 11:36 am
Forum: Wireless Networking
Topic: Extending wireless on RB2011UiAS-2HnD-IN
Replies: 6
Views: 734

Re: Extending wireless on RB2011UiAS-2HnD-IN

You could get some WAP-AC (RBwAPG-5HacT2HnD) wich is very good Access Point. Connect on bridge with the other ports in RB2011

Configure CAPSMAN future in RB2011 and set wireless interfaces as CAP.
by gustavomam
Mon Jan 23, 2017 1:03 pm
Forum: Beginner Basics
Topic: How to Port Forward from Dynamic WAN IP to Internal Address
Replies: 5
Views: 1458

Re: How to Port Forward from Dynamic WAN IP to Internal Address

Hello.

If you are trying to access inside the LAN netwiork connecting with Public IP you won't acces.

Check your firewall filter rules too
by gustavomam
Mon Jan 23, 2017 12:28 pm
Forum: Wireless Networking
Topic: Priorize voip traffic in point-to-point wireless link
Replies: 10
Views: 1742

Re: Priorize voip traffic in point-to-point wireless link

Josu.

Remenber you have to put in advance mode your interface, if you are in simple mode it doesn't appear.
by gustavomam
Mon Jan 23, 2017 10:39 am
Forum: Beginner Basics
Topic: Forced Routing
Replies: 1
Views: 250

Re: Forced Routing

If there are a route whith the routing mark (ISP no avaible) the packet will take the default route with less distance metric. Firewall mangle still will be marking the connection with routing mark even if it is not avaible. The other way is disabling those rules in firewall mangle via scripting if ...
by gustavomam
Mon Jan 23, 2017 10:34 am
Forum: The Dude
Topic: Update client on a local network
Replies: 1
Views: 353

Re: Update client on a local network

Hello.

If you are assigning IP address via DHCP server the expire time will notify client when to renew. From the router itself you can not force to renew it.
by gustavomam
Mon Jan 23, 2017 10:28 am
Forum: General
Topic: RB 750Gr3 - Can't delete empty directories - action failed (6)
Replies: 3
Views: 1016

Re: RB 750Gr3 - Can't delete empty directories - action failed (6)

Did you try remove from console? with /file remove command
by gustavomam
Mon Jan 23, 2017 10:06 am
Forum: Beginner Basics
Topic: Mikrotik is block sites
Replies: 3
Views: 466

Re: Mikrotik is block sites

Try to upgrade your RouterOs. This RouterOs version is to old, i think since 2012 maybe.
by gustavomam
Mon Jan 23, 2017 10:03 am
Forum: Beginner Basics
Topic: Backup or export Mikrotik Usermanger Templates (vouchers)
Replies: 1
Views: 380

Re: Backup or export Mikrotik Usermanger Templates (vouchers)

I don't think so. Maybe you should save a backup in pdf or somewhere else.
by gustavomam
Mon Jan 23, 2017 9:40 am
Forum: Wireless Networking
Topic: Priorize voip traffic in point-to-point wireless link
Replies: 10
Views: 1742

Re: Priorize voip traffic in point-to-point wireless link

Hi.

My advice you should read and see this video
He is a trainer from Italy and explain very well QoS on air, all your questions will be answer.
https://youtu.be/DyyQVfuZD4M
http://mum.mikrotik.com/presentations/E ... 217199.pdf

Regards.
by gustavomam
Fri Jan 20, 2017 1:59 pm
Forum: Forwarding Protocols
Topic: Force outgoing traffic to specific public IP address
Replies: 11
Views: 5418

Re: Force outgoing traffic to specific public IP address

Hi.

There is a trick i have done sometime.

You can use VRRP interface in order to have many WAN IP address of your ISP.

You can see my video here.

http://tiktube.com/video/JEiC3bHCeHplDE ... rqlmoCDmE=
by gustavomam
Fri Jan 20, 2017 1:41 pm
Forum: General
Topic: RB962UiGS-5HacT2HnT Question
Replies: 1
Views: 203

Re: RB962UiGS-5HacT2HnT Question

It was announced on April 2015 during MUM in Miami but his release was delayed for some reason.

I can remenber it was avaible since MUM in Santiago Chile 15 Febrary 2016
by gustavomam
Fri Jan 20, 2017 1:37 pm
Forum: Forwarding Protocols
Topic: Force outgoing traffic to specific public IP address
Replies: 11
Views: 5418

Re: Force outgoing traffic to specific public IP address

Hi.

You need to use routing-mark to be able to get this.

http://wiki.mikrotik.com/wiki/Balanceo_ ... de_trafico

Regards.
by gustavomam
Fri Jan 20, 2017 11:05 am
Forum: Beginner Basics
Topic: 2 dsl 2 mikrotik 2 DHCP with wireless link
Replies: 1
Views: 264

Re: 2 dsl 2 mikrotik 2 DHCP with wireless link

Hello. The solution is routing your network. You should connect your mikrotik device in the center of your network linking dsl, sw and Ubiquiti First add a network segment in wireless link (i am assuming you have yours ubiquiti in bridge mode) for example 10.0.0.0/24 where 10.0.0.1 ether in office A...
by gustavomam
Thu Jan 19, 2017 2:41 pm
Forum: General
Topic: Sub Interface on Vlan
Replies: 1
Views: 694

Re: Sub Interface on Vlan

by gustavomam
Thu Jan 19, 2017 2:28 pm
Forum: Beginner Basics
Topic: Dual WAN for Dynamic Bandwidth WAN Connection
Replies: 1
Views: 343

Re: Dual WAN for Dynamic Bandwidth WAN Connection

what you are trying to do, my clients request it to many times. There is not a simple solution for this problem, maybe monitoring performance with script and making load balancing changes continuosly The other way is build and aplication via mikrotik API to monitoring and making changes all the time.
by gustavomam
Thu Jan 19, 2017 2:20 pm
Forum: General
Topic: Unifi AP AC PRO with 2 SSID conected to a mikrotik, and that mikrotik conected to two different routers
Replies: 4
Views: 536

Re: Unifi AP AC PRO with 2 SSID conected to a mikrotik, and that mikrotik conected to two different routers

I think the situation is about words. What you mean as redirect i think is about routing. Redirect is most use for firewall rules, in this case is not necesary Inside interface ether on mikrotik create 2 vlans linking with vlans in unifi. Then create rule in order to send the traffic in some direcci...
by gustavomam
Thu Jan 19, 2017 2:11 pm
Forum: General
Topic: [Solved] How to access a L2TP client?
Replies: 5
Views: 502

Re: How to access a L2TP client?

So you should check PC firewall intead.
by gustavomam
Thu Jan 19, 2017 9:06 am
Forum: General
Topic: [Solved] How to access a L2TP client?
Replies: 5
Views: 502

Re: How to access a L2TP client?

Did you check if your IP adress is routable between your network?.

Sometimes is necesarry to add manual routes in your client device.
by gustavomam
Wed Jan 18, 2017 5:14 pm
Forum: General
Topic: Unifi AP AC PRO with 2 SSID conected to a mikrotik, and that mikrotik conected to two different routers
Replies: 4
Views: 536

Re: Unifi AP AC PRO with 2 SSID conected to a mikrotik, and that mikrotik conected to two different routers

You need to create a vlan interface for each router and linking it with the vlan in Unifi.
by gustavomam
Wed Jan 18, 2017 5:11 pm
Forum: Scripting
Topic: Creating dhcp client after new interface seems to fail.
Replies: 1
Views: 308

Re: Creating dhcp client after new interface seems to fail.

Hello.

You could put a delay timer between rules, maybe routerOS need a second to realize the new interface.
by gustavomam
Wed Jan 18, 2017 10:47 am
Forum: Beginner Basics
Topic: Single WAN port and Multi subnet public IPs
Replies: 6
Views: 544

Re: Single WAN port and Multi subnet public IPs

Some ISP give you links via VLAN, so you can put a VLAN for each link in MikroTik Router, similar as sub-interface in Cisco routers
by gustavomam
Wed Jan 18, 2017 10:10 am
Forum: Beginner Basics
Topic: Single WAN port and Multi subnet public IPs
Replies: 6
Views: 544

Re: Single WAN port and Multi subnet public IPs

If the subnet are not overlaping will not be a problem.

Maybe you could have a layer2 problem looking in ARP table, the best practice is to use VLAN instead
by gustavomam
Wed Jan 18, 2017 10:01 am
Forum: General
Topic: backup script
Replies: 2
Views: 1871

Re: backup script

Hello.

Usually when you create a Backup, if you don't define a password it should use the password from the user you are log in.
by gustavomam
Wed Jan 18, 2017 9:48 am
Forum: General
Topic: Map2n not available from WAN
Replies: 1
Views: 245

Re: Map2n not available from WAN

Hello.

Maybe your ISP is bloking some ports, check from the outside with a port scanner online if you have those ports open.