Community discussions

MikroTik App

Search found 129 matches

by ukzerosniper
Sun Sep 05, 2021 8:14 pm
Forum: RouterOS beta
Topic: ZeroTier interface not running
Replies: 5
Views: 4890

ZeroTier interface not running

Hi Guys, I am attempting to play with ZeroTier on a 4011, however I simply cannot get the interface to come up. I have installed the ZT client on my phone and successfully connected, however, I cannot get the interface to enter a running mode on my router. I have updated the router to 7.1RC2 and ins...
by ukzerosniper
Sat Sep 19, 2020 12:58 am
Forum: General
Topic: CCR random CPU spikes and dropping PPPoE sessions
Replies: 2
Views: 1149

CCR random CPU spikes and dropping PPPoE sessions

Hi Guys, We have a few CCRs that were running just fine, then all of a sudden they have begun getting random CPU spikes and dropping PPPoE sessions. We are running 6.43.7 for ROS and Routerboard. We have around 407 PPPoE sessions with simple queues. We are averaging around 15-25% CPU most of the tim...
by ukzerosniper
Fri Jan 03, 2020 3:46 pm
Forum: Beginner Basics
Topic: Nested simple quque
Replies: 6
Views: 2323

Nested simple quque

Hi Guys,

Is it possible to show simple queues as nested? If I have a parent queue, I would like child queues to be indented below the parent so that I can quickly see the relationship as it does with Queue Trees.

Thanks guys.
by ukzerosniper
Sat Jun 08, 2019 2:58 pm
Forum: General
Topic: BUG -> /interface list add name=test include=dynami
Replies: 0
Views: 651

BUG -> /interface list add name=test include=dynami

Hi Guys, I just noticed that dynamic VPLS interfaces dont get caught by an interface list that is set to catch dynamic interfaces. If I set the following interface list /interface list add name=test include=dynamic Then set discovery to exclude the list, I will still discover devices via the VPLS tu...
by ukzerosniper
Wed May 29, 2019 7:54 pm
Forum: General
Topic: BUG -> ip neighbor discovery-settings export command
Replies: 1
Views: 841

BUG -> ip neighbor discovery-settings export command

Hi Guys, This appears to be just a tiny bug, here are the details and how you can replicate it. I just created a custom interface list with some customer facing interfaces in it. I then set the Neighbour discovery to !ListName Then I exported the discovery settings (ready to setup on multiple other ...
by ukzerosniper
Sun Apr 07, 2019 10:53 am
Forum: General
Topic: Help with simple mangle rules for queues
Replies: 1
Views: 885

Re: Help with simple mangle rules for queues

Id appreciate if anyone views this and spots an issue that they let me know. However, it seems to have resolved itself now. This setup is part of a CAPsMAN install. I noticed that the traffic shaping only really seemed to be going wrong with wireless devices. I restarted CAPsMAN and everything retur...
by ukzerosniper
Sun Apr 07, 2019 12:09 am
Forum: General
Topic: Help with simple mangle rules for queues
Replies: 1
Views: 885

Help with simple mangle rules for queues

I have two subnets Home LAN 192.168.10.0/24 Guest LAN 192.168.20.0/24 I have setup connection and packet marks so that I can use queue trees to rate limit the networks. For some reason, my download speed is getting caught in the upload queue. Can anyone help me figure out why? /ip firewall mangle ex...
by ukzerosniper
Sun Mar 31, 2019 9:38 pm
Forum: Beginner Basics
Topic: VLAN Ethernet ports on CAP
Replies: 6
Views: 1764

Re: VLAN Ethernet ports on CAP

What type of cap devices are you using. My cap ACs have two ethernet ports but only use one (wired connection to it)?
(It is by no means a switch but I suppose if desperate.......)
Hi Anav,

They are hAP AC.
by ukzerosniper
Sun Mar 31, 2019 6:40 pm
Forum: Beginner Basics
Topic: VLAN Ethernet ports on CAP
Replies: 6
Views: 1764

Re: VLAN Ethernet ports on CAP

My experience is that one should configure wired part of a cap device as if it wasn't managed by capsman ... Could you elaborate? I'm unsure how to do this as I don't see any VLANs created on the CAP, but they are clearly working. Any help to clarify would be awesome. Thanks. Regards Alasdair MacLeod
by ukzerosniper
Sat Mar 30, 2019 11:46 pm
Forum: General
Topic: VPLS features
Replies: 2
Views: 1412

Re: VPLS features

+1 to the VPLS names
by ukzerosniper
Sat Mar 30, 2019 11:03 pm
Forum: Beginner Basics
Topic: VLAN Ethernet ports on CAP
Replies: 6
Views: 1764

VLAN Ethernet ports on CAP

Hi Guys, I have two VLANs running on my CAPsMAN setup. VLAN10 - Home VLAN20 - Guest On the Wireless everything works perfectly. What I would like to do is add certain Ethernet ports to VLAN 10 and 20 so that Ethernet devices can join the relevant networks. The CAPs have no configurations at the moem...
by ukzerosniper
Mon Feb 18, 2019 3:57 pm
Forum: General
Topic: Use a Routerboard to tag packets for a management VLAN
Replies: 7
Views: 2098

Re: Use a Routerboard to tag packets for a management VLAN

You are correct. I really don’t get it in ros at the moment. I’m trying to figure it out. Imma go and check out your linked topic. Would someone give me a correct config for this lab so that I can see actually how this should be done and have a working example to play with? Any and all help given re...
by ukzerosniper
Mon Feb 18, 2019 1:42 pm
Forum: General
Topic: Use a Routerboard to tag packets for a management VLAN
Replies: 7
Views: 2098

Re: Use a Routerboard to tag packets for a management VLAN

Hi Guys, I managed to make this work using the not advised method. However, I am now trying to do it correctly as reccoemended and I just am not getting it right. Basically, in this lab I want to get R1 (192.168.100.1) to ping R3 (192.168.100.2). R2 has the bridge setup. R1 e3 is connected to R2 e3 ...
by ukzerosniper
Wed Feb 06, 2019 11:55 pm
Forum: General
Topic: Use a Routerboard to tag packets for a management VLAN
Replies: 7
Views: 2098

Use a Routerboard to tag packets for a management VLAN

Hi Guys, Can you help me figure out how to make a configuration for this scenario? I have a device that has a management vlan of 100. My laptop does not support VLANs I want to put a RouterBoard in between the two devices with a bridge and tag all the packets coming from the laptop to the device wit...
by ukzerosniper
Sun Feb 03, 2019 8:45 pm
Forum: Forwarding Protocols
Topic: MPLS TE 2x 1gbps point to point links
Replies: 6
Views: 5990

Re: MPLS TE 2x 1gbps point to point links

Hi Guys. I am still having no luck with this. Could you take a quick look at the configuration below and let me know what im missing? This is from a GNS3 lab I have created to simulate some of these configurations and to try and learn about TE Tunnels. Thanks guys. First Router [admin@R5_ISP_CORE1] ...
by ukzerosniper
Tue Jan 29, 2019 12:07 am
Forum: Forwarding Protocols
Topic: How to prioritise traffic on Eth1 untill full then use Eth2 as overflow
Replies: 3
Views: 2148

Re: How to prioritise traffic on Eth1 untill full then use Eth2 as overflow

Thanks for the link.

I had a look earlier but couldn’t see a solution :/.

Could you highlight yo me the correct method?

Thanks
by ukzerosniper
Mon Jan 28, 2019 4:21 pm
Forum: Forwarding Protocols
Topic: How to prioritise traffic on Eth1 untill full then use Eth2 as overflow
Replies: 3
Views: 2148

How to prioritise traffic on Eth1 untill full then use Eth2 as overflow

Hi Guys, Can we take two wan connections, 1 unlimited data and one limited on data and set them up as follows. Eth1 - Unlimited data - 10Mbps Service Eth2 - Limited data - 10Mbps Service When Eth1 reaches 9Mbps of traffic, start sending new connections onto Eth2. When Eth1 is <9Mbps use Eth1. Can an...
by ukzerosniper
Wed Jan 23, 2019 1:10 am
Forum: General
Topic: CAPsMAN with virtual AP on VLAN - No connectivity
Replies: 10
Views: 2694

Re: CAPsMAN with virtual AP on VLAN - No connectivity

As VAPs are setup as tagged, all traffic artiving at bridge VLAN101 is tagged. For L3 configuration that's not acceptable, only untagged traffic is fine. And vlan interfaces do proper tagging/untagging: /interface vlan add name=vlan101port interface=VLAN101 and move IP configuration from VLAN101 to...
by ukzerosniper
Tue Jan 22, 2019 9:25 pm
Forum: General
Topic: CAPsMAN with virtual AP on VLAN - No connectivity
Replies: 10
Views: 2694

CAPsMAN with virtual AP on VLAN - No connectivity

Hi Guys, I have a CAPsMAN setup which works fine for the Main SSID which is not on a VLAN. I am now trying to add a guest SSID and run it on its own VLAN, but I cant get any IP connectivity when I connect to the guest WiFi. Here is what I have done. Can someone help me understand the correct way to ...
by ukzerosniper
Mon Jan 14, 2019 3:44 pm
Forum: Forwarding Protocols
Topic: MPLS TE 2x 1gbps point to point links
Replies: 6
Views: 5990

Re: MPLS TE 2x 1gbps point to point links

Hi Guys, I managed to get RSVP TE tunnel up and running between the two routers but traffic doesn't pass over it. I notice that the RSVP TE shows up as an Interface in the router. Should I configure an OSPF connection between the two routers on the RSVP TE interfaces? The issue I am currently having...
by ukzerosniper
Mon Jan 14, 2019 1:25 am
Forum: Forwarding Protocols
Topic: MPLS TE 2x 1gbps point to point links
Replies: 6
Views: 5990

Re: MPLS TE 2x 1gbps point to point links

Hi, This is accomplished by forcing one VPLS tunnel across one TE tunnel and the other VPLS tunnel across the other TE tunnel. The VPLS tunnels can then be used for load balancing. Hi @mducharme, Would you be able to share an example config for me that I could use to understand how this would funct...
by ukzerosniper
Sun Jan 13, 2019 11:23 pm
Forum: Forwarding Protocols
Topic: MPLS TE 2x 1gbps point to point links
Replies: 6
Views: 5990

MPLS TE 2x 1gbps point to point links

Hi Guys, I borrowed the ascii art idea from another thread to which I have a similar issue, but not the same. I have two sites linked with a Siklu 2500FX (2gbps radio over 2x 1gbps ethernet at each side). I have eth1 on R1 connected to Eth1 on the siklu at site one. I have eth2 on R1 connected to Et...
by ukzerosniper
Sun Jan 13, 2019 6:19 pm
Forum: Forwarding Protocols
Topic: [MPLS-TE] Balancing 2+ different bandwidth links [SOLVED]
Replies: 16
Views: 17223

Re: [MPLS-TE] Balancing 2+ different bandwidth links [SOLVED]

I've been working on a pseudo-manual method using MPLS-TE, BGP communities, and link coloring to "manually" make more preferred paths for traffic-of-interest, overriding OSPF costs. Does this interest you? Yes this interests us. I have almost the exact same issue as the OP, however, I hav...
by ukzerosniper
Thu Jan 10, 2019 8:35 pm
Forum: Scripting
Topic: Reboot POE port if no IP on DHCP Client
Replies: 0
Views: 846

Reboot POE port if no IP on DHCP Client

Hi Guys, I have a DHCP client on an interface called "ether10 - O2 WAN". If this DHCP client doesnt have an IP, I would like to power off the POE on the port "ether10 - O2 WAN" for 5 seconds, then power it back on. I would like the system to check every 10mins for the IP. I would...
by ukzerosniper
Tue Jan 08, 2019 12:26 pm
Forum: The Dude
Topic: MIBs added to datapath/dude/files not showing up
Replies: 7
Views: 3884

Re: MIBs added to datapath/dude/files not showing up

I was an idiot. They are listed in there it's just that the Siklu mib is called "Radio Root Bridge" and not Siklu. So I was missing that.
by ukzerosniper
Mon Jan 07, 2019 4:57 pm
Forum: The Dude
Topic: MIBs added to datapath/dude/files not showing up
Replies: 7
Views: 3884

Re: MIBs added to datapath/dude/files not showing up

This is my current setup. I'm still not having any luck. To make sure I'm not totally crazy, I should be able to go to "Mib Nodes > Module > Siklu" in the list to confirm that they are correctly detected by the Dude. https://delyqq.am.files.1drv.com/y4puP4QluM_6hY0jJx-6rekJZ0RoT1aM_r3UCb4q...
by ukzerosniper
Mon Jan 07, 2019 2:50 pm
Forum: The Dude
Topic: MIBs added to datapath/dude/files not showing up
Replies: 7
Views: 3884

Re: MIBs added to datapath/dude/files not showing up

Guys, Thanks for responding. However, I am clearly going crazy as the SIKLU mibs are still not showing up. Please see the picture below. It shows the install location of the dude on the server and it shows the places I have stuck the mib files. The mib files all have the name format "SIKLU-MIB....
by ukzerosniper
Fri Jan 04, 2019 3:52 pm
Forum: The Dude
Topic: MIBs added to datapath/dude/files not showing up
Replies: 7
Views: 3884

MIBs added to datapath/dude/files not showing up

Hi Guys, i have uploaded siklu mibs as shown in the screen shot but they are not appearing in the dude. Can anyone tell me what im doing wrong? https://ihxptw.am.files.1drv.com/y4p7YAH0fHR8kb2KxV0EcMBRAwfLIDTDDkQxhv5kx_AdEgOwL0cneGNIVqqBz5hW-LXmnCfMHITAovKzqir4XQ2GffvddCaCkNGIz7wy3Js6EvvHRnfGcIol9MV...
by ukzerosniper
Fri Jan 04, 2019 3:25 pm
Forum: The Dude
Topic: Updated Icons
Replies: 1
Views: 2408

Updated Icons

Hi Guys,

I had a search but I cant find anything so far.

Do any updated icons exist that we can use in the dude for things such as CCRs, LHGs 3011 / 4011 and what not.

Thanks guys.
by ukzerosniper
Tue Jan 01, 2019 1:55 pm
Forum: General
Topic: SNTP + NTP Package issues
Replies: 1
Views: 900

SNTP + NTP Package issues

Hi Guys, I am looking for ways to use DNS to update time inside my network. I installed the NTP package and found that I cant use DNS for an update source without running scripts to do that task manually. That is fine, but if someone that isnt that familiar with MT needs to make an adjustment and im...
by ukzerosniper
Thu Dec 27, 2018 9:31 pm
Forum: General
Topic: v7.00.1 [stable] is released!
Replies: 10
Views: 3090

Re: v7.00.1 [stable] is released!

Sad times. I so fell for this.
by ukzerosniper
Thu Dec 27, 2018 2:29 pm
Forum: General
Topic: Traffic Generator >1Gbps
Replies: 2
Views: 883

Re: Traffic Generator >1Gbps

If I do that, it will deffo only use one interface though right? Which would end up hitting the 1Gbps limit of a single interface again?
by ukzerosniper
Thu Dec 27, 2018 1:30 pm
Forum: General
Topic: Traffic Generator >1Gbps
Replies: 2
Views: 883

Traffic Generator >1Gbps

Hi Guys, I need to test a 2Gbps link. It is a Siklu 2500FX. I have 2x 1Gbps Ethernet ports from the radios into CCR 1036's on each end. The 1036's are linked together with OSPF running ECMP. In the evenings the link is capping out at 1Gbps. It never really seems to break that point. It could be that...
by ukzerosniper
Thu Dec 27, 2018 11:35 am
Forum: General
Topic: Correct Queue Setup
Replies: 0
Views: 682

Correct Queue Setup

Hi Guys, I have been working on a VOIP QOS setup for my routers. I have got the packets for the VOIP connections marked and they hit the queues correctly. My main question is have I set the queues up correctly to ensure priority for the VOIP packets? I have based these Queues on a 10Mbps internet co...
by ukzerosniper
Fri Dec 21, 2018 6:05 pm
Forum: General
Topic: Torch on VOIP phone not showing Tx traffic
Replies: 0
Views: 562

Torch on VOIP phone not showing Tx traffic

Hi Guys,

I plugged a VOIP phone into ether9 of a 3011. I ran torch on the interface and made a VOIP call.

In torch I can only see traffic on Rx, but not Tx. Directly on the interface, I can see that it has traffic on both Rx and Tx.

Can anyone explain why this is?
by ukzerosniper
Sat Dec 08, 2018 11:49 am
Forum: General
Topic: Updating Woobm SSID not working
Replies: 0
Views: 671

Updating Woobm SSID not working

Hi Guys, I have updated the SSID of my Woobm but it still broadcasts the default "WoobmAP" SSID. I have changed the SSID of the AP in the web page configuration and saved the settings. I have unplugged the Woobm and plugged it back in. I have also updated it to version 1.1. Any guidance an...
by ukzerosniper
Sun Oct 28, 2018 8:08 pm
Forum: Scripting
Topic: Alert on AS Route becomes inactive
Replies: 3
Views: 2740

Re: Alert on AS Route becomes inactive

Hi Guys, Thought I would update the post with what I ended up with. I received assistance from a few users on Facebook groups. { :global prevstatus; :global status [:ip route get value-name=active [:ip route find comment="3. Recursive lookup for Virgin connection (Via WAN routing table)"]]...
by ukzerosniper
Sun Oct 28, 2018 3:54 pm
Forum: Scripting
Topic: Alert on AS Route becomes inactive
Replies: 3
Views: 2740

Alert on AS Route becomes inactive

Hi Guys, I am trying to generate alerts for when certain routes become inactive. I have two WANs, one of them is an LTE with limited data. Therefore I want to know when it's in use so that I can investigate. I have used the script below to successfully detect my WAN outage by running the script on a...
by ukzerosniper
Sun Oct 28, 2018 2:35 pm
Forum: Scripting
Topic: Send email when gateway failover
Replies: 6
Views: 5971

Re: Send email when gateway failover

:if ([/ping gatewayip count=4]=0) do={ :log info \ "Gateway down" /tool e-mail send to="youremail" subject="Gateway DOWN" body="MAIL ROUTER" from=routeremailaddress server=emailserveripaddress } Hey, How would we actually use this script to email? Does it cre...
by ukzerosniper
Sat Oct 27, 2018 6:14 pm
Forum: General
Topic: Passthrough lte and slave interface.
Replies: 5
Views: 4065

Re: Passthrough lte and slave interface.

Hi Guys,

Can anyone explain the best way to configure the RBSXTR in a passthrough configuration?

I would like to have a DHCP client on my 2011 which receives the public IP from the ISP.

Thanks guys.
by ukzerosniper
Fri Oct 19, 2018 2:22 pm
Forum: General
Topic: v6 RC and v7 BETA
Replies: 126
Views: 46405

v6 RC and v7 BETA

I see this forum is called the V6 RC and v7 BETA.

Where can I download a v7 BETA?

Thanks guys.
by ukzerosniper
Fri Oct 19, 2018 12:50 pm
Forum: Forwarding Protocols
Topic: BGP Prefix Count vs Route LIst load times
Replies: 2
Views: 3026

BGP Prefix Count vs Route LIst load times

Hi Guys, I know this has been covered a million times in different ways but I am still unclear so Id like to ask some direct questions to help get a better understanding. 1. When I fire up a peer in my MikroTik router, it downloads 713613 Prefixs in around 20 seconds. I see this under Routing > BGP ...
by ukzerosniper
Mon Oct 01, 2018 8:12 pm
Forum: Wireless Networking
Topic: What should be the LHG60 Target RSSI
Replies: 1
Views: 726

What should be the LHG60 Target RSSI

Hi Guys,

We are deploying the LHG60, can someone tell me what our target RSSI should be? How do we know when we have achieved the best signal strength?
by ukzerosniper
Fri Jul 27, 2018 11:45 am
Forum: General
Topic: GNS3 odd behavior
Replies: 4
Views: 1424

Re: GNS3 odd behavior

Hey, thats some good information so far.

Today I have been using CHR 6.42.6 in GNS3. I am also seeing odd DHCP behavior, sometimes it works as expected, others it doesn't. Ill test on all interfaces and see what happens.
by ukzerosniper
Tue Jul 24, 2018 4:59 pm
Forum: Virtualization
Topic: CHR 6.42.6+GNS3 = No RoMON
Replies: 5
Views: 7131

CHR 6.42.6+GNS3 = No RoMON

Hi Guys,

I cannot get RoMON to work in CHR 6.42.6 when running in GNS3.

I can connect to the RoMON server without issue, but it cannot connect to the other routers.

Has anyone else experienced this and been able to resolve it?

Thanks.
by ukzerosniper
Sat Jun 09, 2018 3:07 pm
Forum: General
Topic: ROS 7 Beta
Replies: 42
Views: 22142

ROS 7 Beta

Hi Guys,

Where / how can I download the v7 Beta?

Is there a changelog to see the features that have been done / are being worked on?

Thanks guys.
by ukzerosniper
Sat Jun 09, 2018 2:13 pm
Forum: General
Topic: General QOS Script
Replies: 10
Views: 14759

Re: General QOS Script

Does this only provide QOS on outbound traffic? What about inbound traffic? Thanks. You can use this script to setup the basic QoS based on DSCP. It works well and honors the DSCP set by the application you use. Make sure you set the WAN interface name and the *upload* bandwidth. #Set interface here...
by ukzerosniper
Tue Nov 07, 2017 11:52 pm
Forum: General
Topic: CAPsMAN Bug (I think)
Replies: 2
Views: 882

Re: CAPsMAN Bug (I think)

Sorry, its a hAP AC lite. Ill edit the OP for clarity. Thanks for point that out.
by ukzerosniper
Tue Nov 07, 2017 10:10 pm
Forum: General
Topic: CAPsMAN Bug (I think)
Replies: 2
Views: 882

CAPsMAN Bug (I think)

I have an RB2011 and a hAP AC lite. I have setup CAPsMAN on the RB2011. The hAP AC lite is a CAP. I created 2 sets of channels, 1 for 2.4 and 1 for 5 named "2.4GHz" and "5GHz" respectivly. The 2.4GHz channels I added a number of frequency's and set the extension to Ce. The 5GHz c...
by ukzerosniper
Tue Nov 07, 2017 9:59 pm
Forum: General
Topic: CAPsMAN cant provision 5GHz SSID after 2.4GHz configuration
Replies: 4
Views: 2320

Re: CAPsMAN cant provision 5GHz SSID after 2.4GHz configuration

The problem seems to be that I was using 00:00:00:00:00:00 as the radio MACs for more than one radio type.

It doesnt seem to work. As soon as I added specific radio MACs it behaved exactly as expected.
by ukzerosniper
Tue Nov 07, 2017 9:58 pm
Forum: General
Topic: CAPsMAN cant provision 5GHz SSID after 2.4GHz configuration
Replies: 4
Views: 2320

Re: CAPsMAN cant provision 5GHz SSID after 2.4GHz configuration

The problem seems to be that I was using 00:00:00:00:00:00 as the radio MACs for more than one radio type.

It doesnt seem to work. As soon as I added specific radio MACs it behaved exactly as expected.
by ukzerosniper
Mon Nov 06, 2017 8:53 pm
Forum: General
Topic: CAPsMAN cant provision 5GHz SSID after 2.4GHz configuration
Replies: 4
Views: 2320

Re: CAPsMAN cant provision 5GHz SSID after 2.4GHz configuration

@normis could you comment? Any help received would be massively appreciated.

Thanks guys
by ukzerosniper
Mon Nov 06, 2017 2:13 pm
Forum: General
Topic: Limit options in router OS
Replies: 1
Views: 622

Limit options in router OS

Hi Guys,

Can anyone tell me how we customise webfig to only allow users to access a few options.

Also, is it possible to limit winbox in the same way?
by ukzerosniper
Sun Nov 05, 2017 11:22 pm
Forum: General
Topic: CAPsMAN cant provision 5GHz SSID after 2.4GHz configuration
Replies: 4
Views: 2320

CAPsMAN cant provision 5GHz SSID after 2.4GHz configuration

Hi Guys, I have an RB2011 as the CAPsMAN mangager and a hAP ac Lite as a CAP RB2011 2.4GHz hAP ac lite 2.4GHz + 5GHz AC I have configured 2.4GHz just fine. Everything seems to work, although, the both boards seem to choose the same channel every time. If you can see anything I have done wrong that w...
by ukzerosniper
Sun Nov 05, 2017 10:44 pm
Forum: General
Topic: Capsman Cap Interface Wireless Information Missing
Replies: 0
Views: 643

Capsman Cap Interface Wireless Information Missing

Hi Guys, I have Capsman running on an RB2011 with a single HAPac Lite as a CAP. Everything seems to be working fine with 2.4GHz on both devices (Im having trouble with 5GHz, but if I cant figure it out ill make a different post). When I go to CAPsMAN > CAP Interface > Double click one of the interfa...
by ukzerosniper
Sun Oct 29, 2017 3:13 pm
Forum: General
Topic: Queue Tree Traffic Control - Low priority to unknown traffic
Replies: 4
Views: 1371

Re: Queue Tree Traffic Control - Low priority to unknown traffic

I don’t have one to hand to confirm but I’m sure in queue trees you can create a queue tree with packet mark = no-Mark which should satisfy your need for deprioritised traffic. I have created a packet mark with no-mark. This works as expected. The problem arises when I create a connection mark. My ...
by ukzerosniper
Sat Oct 28, 2017 4:07 pm
Forum: General
Topic: Queue Tree Traffic Control - Low priority to unknown traffic
Replies: 4
Views: 1371

Re: Queue Tree Traffic Control - Low priority to unknown traffic

Hey Guys, I have sort of made it work by simply packet marking the desired packets, however, I would like to use a connection mark then a packet mark to reduce the work load on the router. Currently when I try to use a connection then a packet mark, everything seems to get queued in the Low Priority...
by ukzerosniper
Sat Oct 28, 2017 1:14 pm
Forum: General
Topic: Queue Tree Traffic Control - Low priority to unknown traffic
Replies: 4
Views: 1371

Queue Tree Traffic Control - Low priority to unknown traffic

Hi Guys, I am trying to setup 2 prioritys for traffic. Priority 1 - Known traffic that I want to give priority to. Generally these will be games. In this example Ill use WoW. Priority 2 - Unknown traffic. I have recently had to split my Onedrive archive due to Microsoft removing unlimited storage. N...
by ukzerosniper
Sat Oct 28, 2017 2:03 am
Forum: General
Topic: How to mark connections and packets for Dropbox windows client?
Replies: 1
Views: 726

Re: How to mark connections and packets for Dropbox windows client?

Or can anyone suggest any ideas as to how i could go about this?
by ukzerosniper
Thu Oct 26, 2017 11:33 pm
Forum: General
Topic: How to mark connections and packets for Dropbox windows client?
Replies: 1
Views: 726

How to mark connections and packets for Dropbox windows client?

Hi Guys, Can any genius on this forum help me mark connections and packets for the dropbox windows client. I have used torch to identify dropbox traffic, but it appears to go out on many MANY different ports. I assume they are fairly random. I also assume they use a lot of different IP addresses. Co...
by ukzerosniper
Thu Oct 26, 2017 8:50 pm
Forum: General
Topic: QoS: how can I give low priority to iCloud, GDrive, DropBox, etc upload traffic?
Replies: 4
Views: 5481

Re: QoS: how can I give low priority to iCloud, GDrive, DropBox, etc upload traffic?

I have been trying to figure this out. Does anyone have any insight as to how we can identify and mark packets for dropbox?

Thanks in advance.
by ukzerosniper
Wed Oct 25, 2017 11:39 am
Forum: General
Topic: Firewall logs [SOLVED]
Replies: 1
Views: 1997

Firewall logs [SOLVED]

Hi Guys, I have some firewall logs showing and i just wanted clarification on what im seeing. 27K_11857 blocked-addr: DDoS: forward: in:ether1 - WAN1 out:ether4 - 27K --> BSB_OSPF, src-mac 00:23:3e:53:42:50, proto UDP, 192.48.79.30:53->IP.ON.OUR.NETWORK:62988, len 537 27K_11857 DDoS Blacklist: DDoS:...
by ukzerosniper
Mon Jul 17, 2017 10:43 pm
Forum: Forwarding Protocols
Topic: LOOP Warnings on Management network
Replies: 0
Views: 766

LOOP Warnings on Management network

For general traffic on our network I run iBGP with OSPF. For Management traffic I create a small “Management subnet” for that site. I currently use the same management VLAN across the whole network. I then create a “Management Bridge” with RSTP on, I add a vlan to the ports with hardware directly at...
by ukzerosniper
Tue Apr 25, 2017 4:42 pm
Forum: General
Topic: Ceragon IP20 E or Siklu 2200FX 2Gbps Point to Point - 2x 1Gbps Ethernet
Replies: 4
Views: 1906

Re: Ceragon IP20 E or Siklu 2200FX 2Gbps Point to Point - 2x 1Gbps Ethernet

What does "unique FDB" mean?

Sorry for my ignorance.

Thanks.
by ukzerosniper
Tue Apr 25, 2017 4:02 pm
Forum: General
Topic: Ceragon IP20 E or Siklu 2200FX 2Gbps Point to Point - 2x 1Gbps Ethernet
Replies: 4
Views: 1906

Ceragon IP20 E or Siklu 2200FX 2Gbps Point to Point - 2x 1Gbps Ethernet

Hi Guys, We are looking to use either CeragonIP20E or Siklu 2200FX to link different points on the network together at 2Gbps. We currently run OSPF with eBGP for routing between all routers on the network. In this case, both the Ceragon and the Siklu 2200FX have multiple 1Gbps Ethernet Ports, they d...
by ukzerosniper
Wed Feb 22, 2017 11:23 am
Forum: The Dude
Topic: How to Monitor only specific subnetsm
Replies: 1
Views: 927

How to Monitor only specific subnetsm

Hey Guys, I just installed The Dude for the first time. It pretty much scanned all subnets on all routers and has added thousands of devices. I only wanted it to monitor our core routers. How do I clear out all the devices it has added and tell it specifically to only add devices from subnets I defi...
by ukzerosniper
Thu Feb 16, 2017 6:57 pm
Forum: Beginner Basics
Topic: Attached: Mikrotik Visio Stencils
Replies: 31
Views: 114293

Re: Attached: Mikrotik Visio Stencils

+1 to this please.

Rack layout stencils would be superb. Basically, routers, POE injectors, Switches (anything I plug stuff into) face on that I can stick into a 1U rack on Visio.

Thanks.
by ukzerosniper
Wed Feb 15, 2017 12:34 pm
Forum: General
Topic: VLAN to a network card which doesnt support VLAN IDs
Replies: 1
Views: 653

VLAN to a network card which doesnt support VLAN IDs

Hi Guys, We have a management VLAN on our network which we use to isolate all management interfaces from the production users. Our UPS SNMP cards do not support VLAN IDs. Our routers currently have bridges setup on them with all the VLAN interfaces added to the bridge, we then apply the management s...
by ukzerosniper
Sat Jan 28, 2017 10:55 pm
Forum: Scripting
Topic: Email alert for traffic on specific port
Replies: 1
Views: 1592

Re: Email alert for traffic on specific port

Bump. Can anyone help?
by ukzerosniper
Tue Jan 24, 2017 11:39 pm
Forum: Scripting
Topic: Email alert for traffic on specific port
Replies: 1
Views: 1592

Email alert for traffic on specific port

Hi Guys, I am trying to create a script I can run in the traffic monitor tool to email me when it detects traffic on a specific interface. We have some fast but unreliable units in the field at the moment, when the units die, they need to be physically rebooted to bring them back online. The trouble...
by ukzerosniper
Tue Jan 24, 2017 10:44 pm
Forum: Scripting
Topic: Mikrotik Code Generator
Replies: 15
Views: 37993

Re: Mikrotik Code Generator

This tool seems to be very dead.

Are there any current functional tools available?

Thanks
by ukzerosniper
Sat Dec 03, 2016 11:43 am
Forum: General
Topic: 2x PPPoE Services with 2 different gateways
Replies: 0
Views: 638

2x PPPoE Services with 2 different gateways

We have 2 internet connections on our network. 1x 100Mbps serving a small group of users. Located at a remote site local to the users. 1x 1000Mbps serving most users. Located in our office. The 100Mbps connection is at the opposite end of the network to the 1000Mbps connection. The 100Mbps users are...
by ukzerosniper
Sat Nov 12, 2016 2:02 pm
Forum: General
Topic: Watchguard SSL VPN with RB2011
Replies: 0
Views: 1360

Watchguard SSL VPN with RB2011

Hi Guys, I am trying to setup my VPN on my RB2011. Our VPN Box is a Watchguard FireBox M300. The VPN is SSL. Reading the WiKi and google I understand that in RouterOS SSL VPN is SSTP. I have downloaded the VPN Profile from our watchguard and imported it into the RB2011 System>Certificates>Import htt...
by ukzerosniper
Sat Aug 13, 2016 6:25 pm
Forum: General
Topic: FastTrack with Mangle Rules
Replies: 3
Views: 3646

FastTrack with Mangle Rules

Hi Guys, I am using mangle rules to mark the connections then the packets in the pre routing and post routing chains so that i can pick up the packets and drop them into queue trees. We have a number of 3011s deployed that are having high CPU usage during peak times. I disabled the mangle rules for ...
by ukzerosniper
Mon Aug 08, 2016 1:16 am
Forum: General
Topic: Where is the current mikrotik .mib file download
Replies: 1
Views: 4103

Where is the current mikrotik .mib file download

Hi Guys,

Can anyone tell me where to download the latest version of the MikroTik .mib files please.

I am trying to figure out the pollable OIDs for CCRs and 3011's.

Thanks.
by ukzerosniper
Fri May 06, 2016 5:44 pm
Forum: Beginner Basics
Topic: Weird routing loop in logs but there isn't one.
Replies: 61
Views: 16347

Re: Weird routing loop in logs but there isn't one.

Hi Guys,

Has anyone had any luck getting to the bottom of this? I am experiencing this on a number of RB3011s

Thanks.
by ukzerosniper
Tue Jan 12, 2016 12:48 pm
Forum: General
Topic: CCR queue tree processor usage 100%
Replies: 15
Views: 8826

Re: CCR queue tree processor usage 100%

Do MikroTik have any idea what sort of timescale the solution is planned to take?
by ukzerosniper
Fri Jan 08, 2016 5:55 pm
Forum: General
Topic: CCR queue tree processor usage 100%
Replies: 15
Views: 8826

Re: CCR queue tree processor usage 100%

ukzerosniper - You are absolutely correct. This is 100% precise explanation of issue. We are working on proper fix for situation like this. At this point please use queues which will not load CPU 100% for a longer period of time. Hi @Strods, Thanks for the acknowledgement. Do you have any idea what...
by ukzerosniper
Fri Jan 08, 2016 2:39 pm
Forum: General
Topic: CCR queue tree processor usage 100%
Replies: 15
Views: 8826

Re: CCR queue tree processor usage 100%

One queue structure is limited to one CPU core, you have 2 queue structures (main parent queues in global) so from all cores your queues can use only 2. As soon as those two become a bottleneck, traffic is delayed and all other cores are locked (fully busy) waiting on traffic. some time ago when CC...
by ukzerosniper
Thu Jan 07, 2016 11:24 am
Forum: General
Topic: CCR queue tree processor usage 100%
Replies: 15
Views: 8826

Re: CCR queue tree processor usage 100%

With simple queues, how do you distribute bandwidth evenly? For example. If you have a 10Mbps connection with 20 customers all on 2Mbps service. When 5 customers are on, simple queue will work just fine. When customers 6 - 20 come online and start downloading, simple queues do not share bandwidth ev...
by ukzerosniper
Wed Jan 06, 2016 12:48 am
Forum: General
Topic: CCR queue tree processor usage 100%
Replies: 15
Views: 8826

Re: CCR queue tree processor usage 100%

My link to the screen shot did not work in the previous post and I couldn't find the "Edit Post" button so I am posting it again here.

Thanks

https://onedrive.live.com/redir?resid=C ... hoto%2cjpg
by ukzerosniper
Wed Jan 06, 2016 12:46 am
Forum: General
Topic: CCR queue tree processor usage 100%
Replies: 15
Views: 8826

Re: CCR queue tree processor usage 100%

Hi Guys, Please see a screen shot of Winbox and a copy of an observium graph over the course of a day. https://onedrive.live.com/redir?resid=CBA562CDD838050C!151154&authkey=!AOVGvrEHbfTv9vI&v=3&ithint=photo%2cjpg I think we are simply pushing queue trees too hard... I am going to deploy ...
by ukzerosniper
Mon Jan 04, 2016 9:28 am
Forum: General
Topic: CCR queue tree processor usage 100%
Replies: 15
Views: 8826

CCR queue tree processor usage 100%

Does anyone have any insight to this?

Thanks.


Sent from my iPhone using Tapatalk
by ukzerosniper
Sat Jan 02, 2016 2:53 pm
Forum: General
Topic: CCR queue tree processor usage 100%
Replies: 15
Views: 8826

CCR queue tree processor usage 100%

Hi guys, We have a CCR 1036 acting as one of our main ACs. It currently terminates around 850 PPPoE connections. We use radius to authenticate the connection We give each connection an address list We mark each connection in the fire wall We mark each packet in the firewall We then use pcq queue tre...
by ukzerosniper
Wed Dec 23, 2015 1:16 am
Forum: General
Topic: Stop Observium picking up all ports on CCR?
Replies: 1
Views: 1121

Stop Observium picking up all ports on CCR?

Hi Guys Does anyone know how define which ports observium graphs from a CCR? We have around 1k PPPoE connections on one of our routers. Observium has detected all of them and is listing them all as ports. I really only want it to graph the WAN port (Eth1) on this particular router. Any help is grate...
by ukzerosniper
Tue Nov 03, 2015 10:58 pm
Forum: Beginner Basics
Topic: MT PPTP VPN Outlook wont connect but fine with Windows VPN
Replies: 1
Views: 828

MT PPTP VPN Outlook wont connect but fine with Windows VPN

Hi Guys, When I dial my office PPTP VPN via windows 10, my outlook connects to the office exchange server with no issues. I have setup a PPTP VPN Client on my RB2011UAS-2HnD which dials in just fine. I can browse the shares just fine, however my outlook just stays disconnected. I have tried with and...
by ukzerosniper
Tue Jun 02, 2015 7:19 pm
Forum: General
Topic: Is it possible to specify a custom DNS setting per PPP profile?
Replies: 3
Views: 1650

Re: Is it possible to specify a custom DNS setting per PPP profile?

Hi,

Can you confirm what you mean by redirect port 53?

Also,

When I disable remote DNS request and specify a DNS server manually under the ppp Profile. When a user connects, they still don't get a DNS address.

Please can anyone enlighten me as to what I am doing wrong?

Thanks.
by ukzerosniper
Sun May 31, 2015 2:37 am
Forum: General
Topic: Is it possible to specify a custom DNS setting per PPP profile?
Replies: 3
Views: 1650

Is it possible to specify a custom DNS setting per PPP profile?

I'm sorry. I don't quite understand what your instructing me to do.

Could you please write it in bullet pointed steps.

Thanks.


Sent from my iPhone using Tapatalk
by ukzerosniper
Fri May 29, 2015 2:42 pm
Forum: General
Topic: Is it possible to specify a custom DNS setting per PPP profile?
Replies: 3
Views: 1650

Is it possible to specify a custom DNS setting per PPP profile?

Hi Guys, We have a lot of customers that connect via PPPoE. We have PPP Profiles setup and use RADIUS to authenticate the users and assign them to an address list which is attached to a profile. We do other stuff with queue trees etc. after this. However, I don't think any of the additional things w...
by ukzerosniper
Mon May 18, 2015 7:47 pm
Forum: General
Topic: Force DNS Server on PPPoE Clients
Replies: 1
Views: 1316

Force DNS Server on PPPoE Clients

Hi Guys,

I was wondering if anyone knows a way of giving different DNS server addresses to different PPPoE Clients?

Some clients want adult content filtered, which I could use one DNS service for, Others want no filtering, which I could use Google DNS for.

Any assistance would be great.
by ukzerosniper
Wed May 06, 2015 7:36 pm
Forum: General
Topic: Redirect connection to static webpage with Radius
Replies: 2
Views: 1188

Re: Redirect connection to static webpage with Radius

This sounds very interesting. Does anyone know if MikroTik support this? Or do we have a MikroTik solution that performs a similar job?

Thanks Guys.
by ukzerosniper
Wed May 06, 2015 2:17 pm
Forum: General
Topic: Redirect connection to static webpage with Radius
Replies: 2
Views: 1188

Redirect connection to static webpage with Radius

Hi Guys, We use a custom radius server to authenticate PPPoE connections on our network. We are working on a solution where we can disconnect a user and redirect there connection to a static webpage when we require. Does anyone know of any way that you can force a connection to a specific website ei...
by ukzerosniper
Wed Mar 11, 2015 3:23 pm
Forum: Beginner Basics
Topic: Queue Tree OID not graphable
Replies: 10
Views: 3400

Re: Queue Tree OID not graphable

One more thing, on this page (Which I believe to be a bit dated now) https://www.mikrotik.com/testdocs/ros/2.8/appex/mrtg1.php it suggests that I use the "flow" OID to graph a queue tree. I am running v6.27 and it does not show me an OID for flow. I have the following options name packet-m...
by ukzerosniper
Wed Mar 11, 2015 3:13 pm
Forum: Beginner Basics
Topic: Queue Tree OID not graphable
Replies: 10
Views: 3400

Re: Queue Tree OID not graphable

Ok, I think I may have figured out my issue. When I created my graph I used a Gague type. I have changed it to a counter and now I see results. However, this has lead me onto a second issue. How do I know which OID relates to which queue? I setup the Queue Trees via Winbox. Below is I have written o...
by ukzerosniper
Wed Mar 11, 2015 2:52 pm
Forum: Beginner Basics
Topic: Queue Tree OID not graphable
Replies: 10
Views: 3400

Re: Queue Tree OID not graphable

Hey,

This is the result I get.

adminuser@cactimachine ~}# snmpwalk -c -v Hostname .1.3.6.1.4.1.14988.1.1.2.2.1.7.16777232
SNMPv2-SMI::enterprises.14988.1.1.2.2.1.7.16777232 = Counter64: 69162225226
by ukzerosniper
Wed Mar 11, 2015 2:32 pm
Forum: Beginner Basics
Topic: Queue Tree OID not graphable
Replies: 10
Views: 3400

Re: Queue Tree OID not graphable

Yeah,

i can see all the physical interfaces and all the PPPoE interfaces. But that is all.
by ukzerosniper
Wed Mar 11, 2015 1:35 pm
Forum: Beginner Basics
Topic: Queue Tree OID not graphable
Replies: 10
Views: 3400

Re: Queue Tree OID not graphable

We only have 1 WAN Gateway, but we have multiple LAN gateways to facilitate different devices on different L2 subnets.

If it helps, the Cacti machine which I am trying to create these graphs from is already successfully graphing all the Physical and PPPoE interfaces without any issues.
by ukzerosniper
Wed Mar 11, 2015 1:08 pm
Forum: Beginner Basics
Topic: Queue Tree OID not graphable
Replies: 10
Views: 3400

Re: Queue Tree OID not graphable

> /snmp print
enabled: yes
contact: Al
location: Office
engine-id:
trap-target:
trap-community: public
trap-version: 1
trap-generators:
by ukzerosniper
Wed Mar 11, 2015 12:41 pm
Forum: Beginner Basics
Topic: Queue Tree OID not graphable
Replies: 10
Views: 3400

Queue Tree OID not graphable

Hi Guys, We use Cacti to keep an eye on our network. We have Queue Trees setup in our CCR Routers and everything works great. When I look at > queue tree print oid I get a print out of all the oid's for the queue trees. We have SNMP enabled and we are currently graphing all the interfaces without is...
by ukzerosniper
Thu Aug 21, 2014 9:05 pm
Forum: Beginner Basics
Topic: Whats the difference between Lan Bridge options?
Replies: 3
Views: 1487

Whats the difference between Lan Bridge options?

Hi Guys, I have an RB2011 and was wondering what the difference between the following two methods was. Is one better than the other? The goal is to add all "LAN" interfaces to a single bridge. I am using WinBox not command line. Method 1 1. Create a bridge called "LAN" 2. Assign ...
by ukzerosniper
Sun Jul 27, 2014 7:25 pm
Forum: Beginner Basics
Topic: Queue Tree Help
Replies: 3
Views: 1203

Re: Queue Tree Help

Is the only way to do this to manually crest a queue for each user independently?
by ukzerosniper
Sat Jul 26, 2014 4:09 pm
Forum: Beginner Basics
Topic: Queue Tree Help
Replies: 3
Views: 1203

Queue Tree Help

Hi Guys, I have configured Queue trees based on address lists. This is how I have done it. 1. Created Address Lists 2. Stick Address Lists into PPPoE profiles 3. Create Mangle rule to mark connection based on Address List 4. Create second Mangle rule based on the source address list to mark the pack...
by ukzerosniper
Mon Jul 21, 2014 4:37 pm
Forum: General
Topic: bad LAN Speeds
Replies: 4
Views: 3049

Re: bad LAN Speeds

Problem solved: My setup was completely fine, but there was something wrong with the fiber connetion to my provider. This was causing massive frame loss if speeds going above 100 MBit. 8) What was the problem with the provider? how did you diagnose it? we have a virgin connection here in the UK and...
by ukzerosniper
Wed Jun 04, 2014 12:15 am
Forum: Beginner Basics
Topic: Block all traffic firewall rule based on address list
Replies: 5
Views: 5300

Block all traffic firewall rule based on address list

Hi Guys, I have an address list (blacklist) which has the IP addresses I do not want any traffic moving to or from. I want to block traffic to these addresses from my LAN and WAN sides. I have made a firewall rule which looks like this. chain=forward action=drop src-address-list=blacklist dst-addres...
by ukzerosniper
Tue Jun 03, 2014 9:56 pm
Forum: Beginner Basics
Topic: Close down DNS requests
Replies: 9
Views: 4254

Re: Close down DNS requests

ok, forgive me guys. I am very new to Mikrotik and learning fast :). I now have it working correctly. When creating a firewall rule for this list, I have done as follows. chain=forward action=drop src-address-list=blacklist dst-address-list=blacklist in-interface=all-ethernet out-interface=all-ether...
by ukzerosniper
Tue Jun 03, 2014 9:14 pm
Forum: Beginner Basics
Topic: Close down DNS requests
Replies: 9
Views: 4254

Re: Close down DNS requests

When I enter the command into terminal /system script add name="Download_openbl" source={ {... /tool fetch url="http://joshaven.com/openbl.rsc" mode=http; {... :log info "Downloaded openbl.rsc from Joshaven.com"; {... } I get the message. "failure: item with such n...
by ukzerosniper
Tue Jun 03, 2014 8:11 pm
Forum: Beginner Basics
Topic: Close down DNS requests
Replies: 9
Views: 4254

Re: Close down DNS requests

It didnt create an address list at all...

Am I supposed to manually create an address list? Or should it have been created when running the script?

Thanks
by ukzerosniper
Mon Jun 02, 2014 5:44 pm
Forum: Beginner Basics
Topic: Create an address list from a text file
Replies: 4
Views: 4593

Create an address list from a text file

Hi Guys, Does anyone know how I can easily create an address list from a text file? A few suggestions were made in another thread, but I have started a new thread as this is another more specific question. I would like a simple way of importing these addresses into an address list on the router to b...
by ukzerosniper
Mon Jun 02, 2014 4:01 pm
Forum: Beginner Basics
Topic: Close down DNS requests
Replies: 9
Views: 4254

Re: Close down DNS requests

I ran the code as suggested, but it has not created an Address List under firewall. Any ideas where I am going wrong?
by ukzerosniper
Mon Jun 02, 2014 3:54 pm
Forum: Beginner Basics
Topic: Close down DNS requests
Replies: 9
Views: 4254

Re: Close down DNS requests

The problem do not come from internet, but from your internal network. One of your user are infected. Block all connection from / to this list: http://www.spamhaus.org/drop/ And check if your client make excessive DNS MX request or excessive SMTP request What does "/" mean? If I use the s...
by ukzerosniper
Mon Jun 02, 2014 11:06 am
Forum: Beginner Basics
Topic: Close down DNS requests
Replies: 9
Views: 4254

Close down DNS requests

Hi guys, I am seeing these DNS enteries http://forum.mikrotik.com/download/file.php?mode=view&id=17172&sid=57491cf8ac1771c6c90749e0d8bc2f43 . They have extraordinarily long TTL (24Hrs at beginning). I googled them and found this website link. http://dnsamplificationattacks.blogspot.co.uk/201...
by ukzerosniper
Sat May 31, 2014 6:49 pm
Forum: Beginner Basics
Topic: Firewall filter rules for DNS
Replies: 14
Views: 24867

Re: Firewall filter rules for DNS

Simply add: /ip firewall filter add chain=input in-interface=<input-wan-interface> protocol=tcp dst-port=53 connection-state=new action=drop add chain=input in-interface=<input-wan-interface> protocol=udp dst-port=53 connection-state=new action=drop for each of your WAN This works perfectly. Can yo...
by ukzerosniper
Sat May 31, 2014 6:15 pm
Forum: Beginner Basics
Topic: Firewall filter rules for DNS
Replies: 14
Views: 24867

Re: Firewall filter rules for DNS

and discard my other rules?
by ukzerosniper
Sat May 31, 2014 4:38 pm
Forum: General
Topic: Mikroitk DNS not working
Replies: 4
Views: 9879

Re: Mikroitk DNS not working

I have been looking at that page already. Call me thick, but I cant find the section on (securing) the DNS server.

Could you point me at the right paragraph.

Thanks.
by ukzerosniper
Sat May 31, 2014 4:21 pm
Forum: Beginner Basics
Topic: Firewall filter rules for DNS
Replies: 14
Views: 24867

Re: Firewall filter rules for DNS

The block rule is working so i have made not changed it (at this time). /ip firewall filter print Flags: X - disabled, I - invalid, D - dynamic 1 chain=input action=accept protocol=tcp in-interface=ether9 - LAN1 src-port="" dst-port=53 2 chain=input action=accept protocol=udp in-interface=...
by ukzerosniper
Sat May 31, 2014 4:13 pm
Forum: Beginner Basics
Topic: Firewall filter rules for DNS
Replies: 14
Views: 24867

Re: Firewall filter rules for DNS

Thanks for the reply.

On all rules?
by ukzerosniper
Sat May 31, 2014 3:46 pm
Forum: Beginner Basics
Topic: Firewall filter rules for DNS
Replies: 14
Views: 24867

Firewall filter rules for DNS

Hi Guys, I am trying to configure it so that the outside world cannot access our router for DNS but everything on our LAN can. I have setup filter rules as follows. However this results in nothing being able to access DNS on our router. Oddly if I disable rule 5 DNS works everywhere. I feel like i'm...
by ukzerosniper
Mon Mar 24, 2014 9:04 pm
Forum: Beginner Basics
Topic: L2TP VPN Server
Replies: 1
Views: 1169

L2TP VPN Server

Hi Guys, I have setup a L2TP VPN Server on my RB2011UAS-2HnD. When I try to connect from a client I keep seeing the following log entries IPSEC: 100 bytes message received from 149.254.181.216(41218) to 86.26.44.192(4500) IPSEC: a8132521 09bd46cb 0702d321 00351100 05100201 00000000 00000064 4739d647...
by ukzerosniper
Tue Feb 18, 2014 8:48 pm
Forum: General
Topic: IPSec / Draytek
Replies: 5
Views: 4940

Re: IPSec / Draytek

Did you guys figure this out?

I also need to work on this.

Thanks.
by ukzerosniper
Tue Feb 18, 2014 10:52 am
Forum: Beginner Basics
Topic: Cannot administer RB2011UAS-2HnD from 2nd switch group
Replies: 3
Views: 1573

Re: Cannot administer RB2011UAS-2HnD from 2nd switch group

Post /export compact Here you go. Thanks for any help or assistance you can provide. [USERNAME@MikroTik] > /export compact # feb/18/2014 08:50:41 by RouterOS 6.9 # software id = 90UK-7KQR # /interface bridge add l2mtu=2290 name="LAN Bridge" /interface wireless set [ find default-name=wlan...
by ukzerosniper
Mon Feb 17, 2014 6:26 pm
Forum: Beginner Basics
Topic: Best practice to cover wide area?
Replies: 3
Views: 1856

Re: Best practice to cover wide area?

This sounds more like a hotspot style solution which utilizes a controler. The issue you may have using multiple APs without a controler is that devices may try to stay connected to an AP as they move out of range causing bad performance on the AP. If you use a system with a controler then the APs w...
by ukzerosniper
Mon Feb 17, 2014 12:38 pm
Forum: Beginner Basics
Topic: Bandwidth Test UDP Flat Line
Replies: 0
Views: 869

Bandwidth Test UDP Flat Line

Hi Guys, I have been setting my MikroTik router up for a few days and everything is going well. Very steep learning curve but I am loving it more and more as I get used to it. I have been trying to run the bandwidth test from my office to my router at home. Everything works fine on the TCP test, how...
by ukzerosniper
Sun Feb 16, 2014 8:19 pm
Forum: Beginner Basics
Topic: Cannot administer RB2011UAS-2HnD from 2nd switch group
Replies: 3
Views: 1573

Cannot administer RB2011UAS-2HnD from 2nd switch group

Hi Guys, I am sure this is something simple. I have configured my RB2011UAS-2HnD as a basic home router. Everything is working well. I have a simple issue, I can only administer the router from switch group 1. I have configured the router as follows. ether 1 WAN ether 2 no master ether 3 master set ...
by ukzerosniper
Mon Feb 10, 2014 10:56 am
Forum: Beginner Basics
Topic: Best way to configure LAN side of RB2011UAS
Replies: 2
Views: 1228

Re: Best way to configure LAN side of RB2011UAS

Bump. Any advice would be gratefully received.

Thanks Guys
by ukzerosniper
Sat Feb 08, 2014 7:51 pm
Forum: Beginner Basics
Topic: MikroTik Training Books
Replies: 3
Views: 4568

Re: MikroTik Training Books

I have already ordered this book :)

Do any other worthy candidates exist?

Thanks
by ukzerosniper
Sat Feb 08, 2014 7:49 pm
Forum: Beginner Basics
Topic: Best way to configure LAN side of RB2011UAS
Replies: 2
Views: 1228

Best way to configure LAN side of RB2011UAS

Hi Guys, I am very new to MikroTik and have been looking through the forums which has resulted in me becoming quite confused, so please forgive my ignorance. I have an RB2011UAS-2HnD which I am intending to replace my Draytek Vigor 2820N with. I have successfully configured Port 1 as the WAN Port, T...
by ukzerosniper
Wed Feb 05, 2014 5:42 pm
Forum: Beginner Basics
Topic: MikroTik Training Books
Replies: 3
Views: 4568

MikroTik Training Books

Hi Guys,

Does anyone know of any good training material for MikroTik?

I am looking for books similar to the Cisco Books http://www.amazon.co.uk/CCENT-Official- ... 1587201828

Thanks guys.