Community discussions

Search found 222 matches

by lz1dsb
Tue Mar 06, 2018 9:16 am
Forum: General
Topic: RouterOS <- IPIP Tunnel -> Cisco IOS
Replies: 7
Views: 1301

Re: RouterOS <- IPIP Tunnel -> Cisco IOS

I checked in my older attempts to make GRE/IPsec work over NAT, and I see that I never got IPsec transport over NAT to work. I'm not even sure it is possible. As a workaround I used GRE over IPsec tunnel, and it worked. But you tried that already. It is correct that you need to specify the local ad...
by lz1dsb
Fri Mar 02, 2018 5:02 pm
Forum: General
Topic: RouterOS <- IPIP Tunnel -> Cisco IOS
Replies: 7
Views: 1301

Re: RouterOS <- IPIP Tunnel -> Cisco IOS

I tried to change the policy on the RouterOS like this: /ip ipsec policy add comment=dup-001-router-1 dst-address=192.168.0.0/24 proposal=dup-001-router-1 protocol=ipsec-esp sa-dst-address=213.149.143.84 sa-src-address=77.70.67.28 src-address=77.70.67.28/32 tunnel=yes but still int he ipsec debugs i...
by lz1dsb
Mon Feb 26, 2018 11:24 pm
Forum: General
Topic: RouterOS <- IPIP Tunnel -> Cisco IOS
Replies: 7
Views: 1301

Re: RouterOS <- IPIP Tunnel -> Cisco IOS

So after changing both sides to tunnel mode, I've found the following into the RouterOS debug: 20:01:20 ipsec,debug proposal #1: 1 transform 20:01:20 ipsec,debug got the local address from ID payload 77.70.67.28[0] prefixlen=32 ul_proto=4 20:01:20 ipsec,debug got the peer address from ID payload 192...
by lz1dsb
Mon Feb 26, 2018 8:01 pm
Forum: Forwarding Protocols
Topic: PIM Routing Not Working
Replies: 5
Views: 1663

Re: PIM Routing Not Working

It turned out it's working, but I have issues with the end hosts. The reason I need Multicast routing is for DLNA. It turned out though some DLNA clients use different ports in requesting content. That's the reason why it was not working. So I have to figure out a way now to change the end client be...
by lz1dsb
Thu Feb 22, 2018 12:31 am
Forum: General
Topic: RouterOS <- IPIP Tunnel -> Cisco IOS
Replies: 7
Views: 1301

RouterOS <- IPIP Tunnel -> Cisco IOS

I have been struggling for the past couple of days with a reletively simple setup. It didn't work, so I have decided to emulate it in GNS3. Sure enough I've got the same result like in the real network. So here's the situation 1. A Cisco router behind a NAT device 2. A Mikrotik router (emulated with...
by lz1dsb
Tue Sep 05, 2017 8:27 pm
Forum: Forwarding Protocols
Topic: PIM Routing Not Working
Replies: 5
Views: 1663

Re: PIM Routing Not Working

Any ideas on how to further troubleshoot that?


Regards,
Boyan
by lz1dsb
Wed Aug 30, 2017 7:56 pm
Forum: Forwarding Protocols
Topic: PIM Routing Not Working
Replies: 5
Views: 1663

Re: PIM Routing Not Working

An update: Both routers see each other as PIM neighbors: [bsotirov@Mikrotik1] > routing pim neighbors print ADDRESS INTERFACE PRIORITY TIMEOUT 10.82.79.2 Tunel-rtsf79 [bsotirov@Mikrotik2] > routing pim neighbors print ADDRESS INTERFACE PRIORITY TIMEOUT 10.82.79.1 Tunnel-rtsf82 I have also allowed IG...
by lz1dsb
Tue Aug 29, 2017 9:54 pm
Forum: Forwarding Protocols
Topic: PIM Routing Not Working
Replies: 5
Views: 1663

PIM Routing Not Working

I'm puzzled by a relatively straight forward setup. (Multicast client)192.168.82.50 -----------------192.168.82.1MikrotikRouter10.82.79.1--------------IPIP Tunnel---------------10.82.79.2MikrotikRouter2192.168.79.2---------------192.168.79.1 Multicast source So, I've got PIM enabled on the local bri...
by lz1dsb
Sun Aug 27, 2017 12:42 pm
Forum: Wireless Networking
Topic: CAPsMAN Wireless clients do not get IP addresses
Replies: 2
Views: 1116

Re: CAPsMAN Wireless clients do not get IP addresses

So here's how I was able to solve this. As I saw in several guides and videos, the bridge interface that's associated with the CAPs Manager should have STP disabled. I did the same with the CAP bridge interface. After doing that I was able to get it working. So I guess it might have been the STP tha...
by lz1dsb
Sat Aug 26, 2017 1:51 am
Forum: Wireless Networking
Topic: CAPsMAN Wireless clients do not get IP addresses
Replies: 2
Views: 1116

CAPsMAN Wireless clients do not get IP addresses

I have recently configured a CAPsMAN setup. I've got it going, my CAP is provisioned correctly with both wireless interfaces managed by the CAPsMAN. But the thing is... whey I try to register with a wireless client, I'm able to, the wireless registration succeeds, but the client does not get an IP a...
by lz1dsb
Mon Oct 17, 2016 2:55 pm
Forum: Announcements
Topic: v6.37.1 [current] is released!
Replies: 144
Views: 38173

Re: v6.37.1 [current] is released!

I upgraded all of my Routerboard devices from 6.36.3 to 6.37.1 with no issues, no additional restart was necessary. Here are the models:
RB951G, RB951Ui, hAP ac, wAP, wAP ac


Boyan
by lz1dsb
Mon Oct 17, 2016 12:20 pm
Forum: General
Topic: Question for Mikrotik team & a new way of thinking
Replies: 6
Views: 834

Re: Question for Mikrotik team & a new way of thinking

Yes Lakis, I agree. That's the reason why basing your security policies only on MAC address information is not a good idea, as it could be overcame easily :) But if the author of this thread would like to apply that for a network with a bulk of clients, most of them non-managed, this is a way of doi...
by lz1dsb
Mon Oct 17, 2016 12:07 pm
Forum: General
Topic: Question for Mikrotik team & a new way of thinking
Replies: 6
Views: 834

Re: Question for Mikrotik team & a new way of thinking

I don't think you need to write elaborate scripts to achieve that. The menu /interface bridge filter has the option to configure filter based on source and destination MAC address and you also have a mask option, so you should be able to filter specific OUIs, and hence filter the source Ethernet fra...
by lz1dsb
Mon Oct 10, 2016 10:15 am
Forum: General
Topic: PBR on packets originated from the router
Replies: 1
Views: 496

Re: PBR on packets originated from the router

Any ideas... Either I'm missing something, or this is not possible with RouterOS, which would be quite surprising...
by lz1dsb
Thu Oct 06, 2016 11:30 pm
Forum: General
Topic: PBR on packets originated from the router
Replies: 1
Views: 496

PBR on packets originated from the router

I'm puzzled with the following setup. Currently I have a router that's connected via two ISPs. One of them is primary, the second one is backup. Over the primary ISP I have a static public IP address and I have built an IPsec tunnel to my main router. I would like to have a second tunnel (something ...
by lz1dsb
Wed Aug 10, 2016 3:24 pm
Forum: RouterBOARD hardware
Topic: Flashfig - not enough flash space
Replies: 1
Views: 667

Re: Flashfig - not enough flash space

A few days passed and here are the lessons learned: 1. If you apply an existing configuration, it's better to use an export to a file. Than work with the file that RouterOS generates. 2. Test your configs with the import function. I found that RouterOS will implement the configurations up to an erro...
by lz1dsb
Sat Aug 06, 2016 3:52 pm
Forum: RouterBOARD hardware
Topic: Flashfig - not enough flash space
Replies: 1
Views: 667

Flashfig - not enough flash space

I'm trying to use the Flashfig program to upload a configuration to a RB962 (hAP ac) router. This feature is quite interesting but I've got the following issues so far: 1. I used an export from the router to copy the configuration I would like to upload. It's a production router I would like to clon...
by lz1dsb
Sat Aug 06, 2016 2:29 pm
Forum: Wireless Networking
Topic: Very low performance on 2.4Ghz interface after upugrade to 6.36
Replies: 2
Views: 701

Re: Very low performance on 2.4Ghz interface after upugrade to 6.36

I can now confirm that this was caused from an interference from other channels in the 2.4GHz band. It's solved.
by lz1dsb
Sun Jul 31, 2016 1:29 pm
Forum: Wireless Networking
Topic: Very low performance on 2.4Ghz interface after upugrade to 6.36
Replies: 2
Views: 701

Re: Very low performance on 2.4Ghz interface after upugrade to 6.36

This seems to be a problem not on the hAP itself but with the radio spectrum. I changed the channel and the performance is not back to normal. I'll monitor it in the next couple of days. Man 2.4GHz band is just so crowded these days...
by lz1dsb
Sat Jul 30, 2016 9:27 pm
Forum: Wireless Networking
Topic: Very low performance on 2.4Ghz interface after upugrade to 6.36
Replies: 2
Views: 701

Very low performance on 2.4Ghz interface after upugrade to 6.36

I recently upgraded my hAP ac router to RouterOS version 6.36. I had some issues with it though, but I solved them: http://forum.mikrotik.com/viewtopic.php?f=2&t=110702&p=550035#p550035 Now I notice a terribly low performance on my 2.4Ghz interface. Fortunately I still have the 5Ghz link running rel...
by lz1dsb
Sat Jul 30, 2016 9:17 pm
Forum: General
Topic: ERROR: missing wireless-fp-6.36-mipsbe.npk
Replies: 2
Views: 1268

Re: ERROR: missing wireless-fp-6.36-mipsbe.npk

Yes,
I did that and I was able to upgrade the router. I t broke though, so I had to recover it via MAC WinBox.
Long story short, it works now, but I notice terribly low performance on my 2.4G interface. I'll open another thread for that.
by lz1dsb
Sat Jul 30, 2016 7:48 am
Forum: General
Topic: ERROR: missing wireless-fp-6.36-mipsbe.npk
Replies: 2
Views: 1268

ERROR: missing wireless-fp-6.36-mipsbe.npk

[root@router] > system package update install           channel: current   current-version: 6.35.4    latest-version: 6.36            status: ERROR: missing wireless-fp-6.36-mipsbe.npk                                                                                       I tried to upgrade today my ...
by lz1dsb
Fri Jul 22, 2016 4:19 pm
Forum: General
Topic: IP Firewall Stats
Replies: 5
Views: 676

Re: IP Firewall Stats

Yes, that is correct. 
So does that mean I have to disable all the other rules in the forward chain?
I read about IP Accounting feature in Router OS, but it seems to me it's not very granular. I cannot set it to just count particular traffic...
by lz1dsb
Fri Jul 22, 2016 1:28 pm
Forum: General
Topic: IP Firewall Stats
Replies: 5
Views: 676

Re: IP Firewall Stats

/ip firewall filter add chain=forward comment="!!!!ICMP Tests!!!!" dst-address=<dst-address> protocol=icmp src-address=<src-address> This is the particular rule in question. I would like to count the ICMP packets through the Mikrotik router.  So I start an ICMP session with 10 pings, only 1 packet ...
by lz1dsb
Fri Jul 22, 2016 11:55 am
Forum: General
Topic: IP Firewall Stats
Replies: 5
Views: 676

IP Firewall Stats

I noticed recently that when I use the following command:
ip firewall filter print stats 

it counts only the first packet (and bytes) in the session. Is that an expected behavior? 
I'm running RouterOS 6.35.1
by lz1dsb
Wed Jun 22, 2016 3:25 pm
Forum: General
Topic: The purpose of MikroTik firmware...
Replies: 3
Views: 714

Re: The purpose of MikroTik firmware...

Thank you for clarifying this.
Are there any references who describe the firmware features in greater details?

Regards,
Boyan
by lz1dsb
Wed Jun 22, 2016 1:00 pm
Forum: General
Topic: Strange behaviour from the RouterOS SSH server
Replies: 7
Views: 1390

Re: Strange behaviour from the RouterOS SSH server

Is there a way to mark this thread as closed? The interface has changed recently...
by lz1dsb
Wed Jun 22, 2016 12:58 pm
Forum: General
Topic: Strange behaviour from the RouterOS SSH server
Replies: 7
Views: 1390

Re: Strange behaviour from the RouterOS SSH server

Cha0s that's a spot on!
I mistakenly used telnet (which is disabled on the device) but I've put the correct port that is used for the SSH service. So normally this is what I get, that the port is opened.
So that's it, problem solved. Thank you so much!
by lz1dsb
Wed Jun 22, 2016 12:36 pm
Forum: General
Topic: Strange behaviour from the RouterOS SSH server
Replies: 7
Views: 1390

Re: Strange behaviour from the RouterOS SSH server

Normis,
I've just checked it from my Linux machine...
bsotirov@NUC-desktop:~$ uname -r
3.13.0-88-generic

It woks fine. So it's definitely dependent on the source where the SSH is initiated from...
by lz1dsb
Wed Jun 22, 2016 12:34 pm
Forum: General
Topic: Contention Free Polling support
Replies: 3
Views: 2395

Re: Contention Free Polling support

I'm not sure exactly what happened to it  I'm the original poster (forgot about this account actually). Here's some info,  it appears it's part of the 802.11e QOS standard.   https://en.m.wikipedia.org/wiki/IEEE_802.11e-2005 That is interesting. It is interesting that the AP could control the multi...
by lz1dsb
Wed Jun 22, 2016 12:29 pm
Forum: General
Topic: Strange behaviour from the RouterOS SSH server
Replies: 7
Views: 1390

Re: Strange behaviour from the RouterOS SSH server

Connecting from what kind of OS ?
I connect from RouterOS version 6.35.2
by lz1dsb
Wed Jun 22, 2016 12:27 pm
Forum: Wireless Networking
Topic: Spatial Streams - hAP ac
Replies: 0
Views: 566

Spatial Streams - hAP ac

I was wondering... how many spatial streams are supported on hAP ac?
The brochure says it's a triple chain:
http://routerboard.com/RB962UiGS-5HacT2HnT

But is it capable of supporting 3 spatial streams? Otherwise the gain from an additional chain would be marginal...
by lz1dsb
Wed Jun 22, 2016 12:13 pm
Forum: General
Topic: Strange behaviour from the RouterOS SSH server
Replies: 7
Views: 1390

Strange behaviour from the RouterOS SSH server

Recently I discovered that I have the following strange behaviour on one of mine RB951 routers. When I tried to connect via SSH, I've got the following output: Trying XXX.XXX.XX.X... Connected to XXX.XXX.XX.X. Escape character is '^]'. SSH-2.0-ROSSSH Connection closed by foreign host. Welcome back! ...
by lz1dsb
Wed Jun 22, 2016 11:50 am
Forum: General
Topic: The purpose of MikroTik firmware...
Replies: 3
Views: 714

The purpose of MikroTik firmware...

I recently got into discussion with a colleague about the MikroTik firmware. I realized that I know very few about the firmware. So far I had usually upgraded the firmware after a RouterOS upgrade. But..what are the functions implemented in the firmware? Is it just a boot environment to boot and tes...
by lz1dsb
Sun Jun 12, 2016 6:39 pm
Forum: General
Topic: Contention Free Polling support
Replies: 3
Views: 2395

Re: Contention Free Polling support

That's a pretty old post. I'm going through a classic book on wireless "802.11 Wireless Networks: The Definitive Guide, 2nd Edition" and I read about this function. I didn't even know that such an option exists. Though the book is old, I don't know what happened with the PCF eventually... It would b...
by lz1dsb
Tue Jun 07, 2016 12:07 pm
Forum: Beginner Basics
Topic: So lost with bridging and DHCP
Replies: 9
Views: 963

Re: So lost with bridging and DHCP

In no small part, thanks to your posts in the forums :) The wiki needs a TON of work. I could even help - with my limited knowlege - because a lot of it is simply poor grammar and/or careless typos. But - against the whole point of a wiki - it isn't open to editing. I could understand your frustrat...
by lz1dsb
Tue Jun 07, 2016 11:45 am
Forum: Forwarding Protocols
Topic: Set BGP Origin Attribute in RouterOS
Replies: 11
Views: 2579

Re: Set BGP Origin Attribute in RouterOS

Out of curiosity, why not just use the network statement to originate the prefix properly? Because the summarization function of BGP didn't work for me and I created an unreachable static route, which than I advertise via "redistribute static". It's crazy I know, but this is the only option that ac...
by lz1dsb
Sun May 29, 2016 1:28 pm
Forum: Forwarding Protocols
Topic: Set BGP Origin Attribute in RouterOS
Replies: 11
Views: 2579

Re: Set BGP Origin Attribute in RouterOS

v7 has been expected for more than an year as far as I could remember :)
by lz1dsb
Sun May 29, 2016 1:27 pm
Forum: Forwarding Protocols
Topic: BGP + VRRP?
Replies: 6
Views: 3186

Re: BGP + VRRP?

That's a nice presentation put up very well.
But still the connection tracking is missing as a feature in RouterOS, which means that if you do NAT, you're not able to synchronize the active sessions and in case of fail over to continue without a disruption.


Regards,
Boyan
by lz1dsb
Sun May 29, 2016 1:16 pm
Forum: Beginner Basics
Topic: So lost with bridging and DHCP
Replies: 9
Views: 963

Re: So lost with bridging and DHCP

I'm a bit confused now. Wasn't the thread about multiple DHCP servers?
From what you described, I don't think you need that. You could always match traffic based on a source IP address, mark it and put it in an outbound queue.
by lz1dsb
Fri May 27, 2016 6:03 pm
Forum: Beginner Basics
Topic: So lost with bridging and DHCP
Replies: 9
Views: 963

Re: So lost with bridging and DHCP

Whether it's bridge or a physical interface, it does not matter. For each individual DHCP server you have to assign an interface. A bridge in the sense of Router OS is a logical interface that runs RSTP (by default) and is interconnected logically (L2) to other ports (whether ethernet or wlan, it do...
by lz1dsb
Fri May 27, 2016 10:18 am
Forum: Beginner Basics
Topic: So lost with bridging and DHCP
Replies: 9
Views: 963

Re: So lost with bridging and DHCP

You can have multiple DHCP servers.
In order to use them simultaneously though, you need to bind them to different interfaces, in your case bridges.
If you could share a sample config and a drawing of what you're trying to achieve, we would be able to be more helpful.
by lz1dsb
Mon May 02, 2016 5:19 pm
Forum: General
Topic: Cloud Hosted Router in GNS3
Replies: 0
Views: 546

Cloud Hosted Router in GNS3

I was using a Qemu image for quite some time now but I decided to start using the CHR images, which are not available from Mikrotik. So I downloaded a .vdi image and prepared a virtual machine in VirtualBox. Than I added it to a GNS3 topology, but than... I found I'm not able to start the console! H...
by lz1dsb
Mon May 02, 2016 5:14 pm
Forum: Forwarding Protocols
Topic: Set BGP Origin Attribute in RouterOS
Replies: 11
Views: 2579

Re: Set BGP Origin Attribute in RouterOS

No, there is no option to set origin in filters. You can only force 'igp' by adding bgp network or set specific origin on static routes. Thank you for confirming this. I was expecting it. I have done this in the past with a static route where the BGP origin is specified. I guess, this is not someth...
by lz1dsb
Sat Apr 30, 2016 6:29 pm
Forum: Forwarding Protocols
Topic: Set BGP Origin Attribute in RouterOS
Replies: 11
Views: 2579

Set BGP Origin Attribute in RouterOS

Has anybody found a way to set the BGP origin attribute in RouterOS via routing filter? I don't see an option to do that. The only way I was able to that is via a static route where I have an option to set the origin attribute, but such option is not available in a routing filter. It's not that that...
by lz1dsb
Sat Apr 23, 2016 10:07 pm
Forum: Forwarding Protocols
Topic: BGP + VRRP?
Replies: 6
Views: 3186

Re: BGP + VRRP?

shaoranrch has summarized it pretty well. This is exactly the type of connectivity I would use. It's pity RouterOS does not support inter chassis redundancy mechanism though. For such High Availability scenario it's handy to be able to synchronize the NAT sessions for example.


Boyan
by lz1dsb
Sat Apr 23, 2016 10:01 pm
Forum: Forwarding Protocols
Topic: VRF configuration
Replies: 4
Views: 1889

Re: VRF configuration

And why do you need VRF?
Who advertises the public network? If it's not you and it's the ISP doing it on your behalf, your options are limited. I'm a bit puzzled what you're trying to achieve. Could you prepare a small drawing and elaborate a little bit...
by lz1dsb
Thu Apr 21, 2016 10:45 pm
Forum: Forwarding Protocols
Topic: some question about mpls in mikrotik
Replies: 3
Views: 770

Re: some question about mpls in mikrotik

MPLS stands for Multi Protocol Label Switching. It's technology originally crafted for the Service Provider. It provides a lot of efficiency and flexibility, which is the reason why it's widely used in the Service Provider networks. Nowadays MPLS is also being deployed in Enterprise and even small n...
by lz1dsb
Thu Jun 11, 2015 3:59 pm
Forum: General
Topic: Unusable: 6.29.1 has similar memory leak to 6.28
Replies: 5
Views: 2286

Re: Unusable: 6.29.1 has similar memory leak to 6.28

im using 6.29 on rb951Ui and rb 951G without issues

maybe specific problem on rb2011??
I'm using 6.29.1 on both RB951Ui and RB951G - no issues at all. It must be a something specific...
by lz1dsb
Wed May 27, 2015 11:59 am
Forum: General
Topic: ipsec tunnel between two rb450g
Replies: 6
Views: 1056

Re: ipsec tunnel between two rb450g

Which address do you ping? Is it an address of the router itself? If you ping an address of the router, your should be checking the Input chain. Forward chain is for packets passing through the router...
by lz1dsb
Wed May 27, 2015 11:45 am
Forum: Beginner Basics
Topic: installing routeros in centos
Replies: 2
Views: 1762

Re: installing routeros in centos

Hi I have a hosted centos 6 server. I cannot install routeros via KVM or ISO. How do i install it? tx You can run RouterOS as a QUEMU image. I use to do it regularly in the past, it's nothing special. You install the RouterOS image, and then you could just run it. The sweet thing is that you could ...
by lz1dsb
Tue May 19, 2015 10:57 pm
Forum: General
Topic: SFP recommendations for CCR1036-12G-4S
Replies: 2
Views: 555

SFP recommendations for CCR1036-12G-4S

We recently had an issue with an old SFP on a CCR1036 router. According to the output from RouterOS, the SFP was manufactured in 2004. So this SFP was replaced, but again with the same model from the same batch, i.e. it's again manufactured in 2004. The exact model is: SFP-1.25G-1310 And I was think...
by lz1dsb
Wed Apr 22, 2015 12:02 pm
Forum: Beginner Basics
Topic: Block LAN scanning
Replies: 2
Views: 598

Re: Block LAN scanning

But how do you define "random hosts"... You can block the ICMP traffic, you can also limit it. In your case you could probably work with ranges of IP addresses. But again, what would be a "random host"...
by lz1dsb
Wed Apr 22, 2015 10:40 am
Forum: General
Topic: CCR1009-8G-1S hang up when restore backup file
Replies: 2
Views: 535

Re: CCR1009-8G-1S hang up when restore backup file

That's interesting. I've done this several time on CCR1036 and on RB915, no issues. On the CCR I've done it only through the command line interface, I don't know if it makes any difference.
by lz1dsb
Thu Mar 26, 2015 6:13 pm
Forum: Beginner Basics
Topic: Trying routerOS from pfsense
Replies: 5
Views: 13670

Re: Trying routerOS from pfsense

It's a long post... Anyway the first thing I would do is to capture the traffic from the IP phone. Try to understand how the phone establishes the connection to the Softswitch. I also have a company IP phone at my home, it is behind a MikroTik router which does NAT and Firewall. I didn't have to do ...
by lz1dsb
Thu Mar 26, 2015 2:31 pm
Forum: RouterBOARD hardware
Topic: Upgrading to a better Hardware
Replies: 1
Views: 641

Re: Upgrading to a better Hardware

Hi all, Currently I'm using RB2011UiAS-IN for different tasks: Router, NAT, Firewall, Web Proxy, VPN Server (PPTP) for now about 30 PPTP connections, Two WAN (100Mbps) Load Balancing, some Mangle rules. The router behaves well but very soon, in about 3 weeks the PPTP connections will grow to about ...
by lz1dsb
Thu Mar 26, 2015 2:25 pm
Forum: Beginner Basics
Topic: Port Forwarding won't work on new RB750GL
Replies: 4
Views: 899

Re: Port Forwarding won't work on new RB750GL

Your /ip firewall nat rules look correct to me: /ip firewall nat add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway add action=dst-nat chain=dstnat dst-port=3389 in-interface=ether1-gateway log=yes protocol=tcp to-addresses=\ 192.168.1.30 to-ports=3389 ad...
by lz1dsb
Thu Mar 26, 2015 2:19 pm
Forum: General
Topic: Cloud core switch - example
Replies: 4
Views: 1099

Re: Cloud core switch - example

Hi! The example is not the same - in this example you have 3 tagged vlans going into - and no default untagged vlan (like in my example - vlan 1). I would like to know how can I be 100% shure that everything is isolated completely - for example I would like to force Access ports to be only for unta...
by lz1dsb
Thu Mar 26, 2015 2:11 pm
Forum: General
Topic: 1 year uptime on CCR1036-12G-4S
Replies: 7
Views: 1276

Re: 1 year uptime on CCR1036-12G-4S

This is not a big deal I think. Mikrotik is very stable and can run years but what advantage does it have? I have learned it is bad to have such a long uptime. It means your router is not updated and running old software. So vulnarabilities are not solved. Long uptime is to me... an impressive achi...
by lz1dsb
Thu Mar 26, 2015 2:05 pm
Forum: General
Topic: Cloud core switch - example
Replies: 4
Views: 1099

Re: Cloud core switch - example

Looks good.
Do you have a command output? I find it easier to have configuration excerpt...
Here and example for the CRS configuration:
http://wiki.mikrotik.com/wiki/Manual:CRS_examples#VLAN
by lz1dsb
Thu Mar 26, 2015 1:53 pm
Forum: Beginner Basics
Topic: VLAN Help needed
Replies: 14
Views: 3119

Re: VLAN Help needed

That's cool. I'm glad we've fixed it :)
by lz1dsb
Thu Mar 26, 2015 1:52 pm
Forum: General
Topic: Linking 3 LAN through WAN (Internet)
Replies: 20
Views: 2532

Re: Linking 3 LAN through WAN (Internet)

Wow, this thread has gotten quite long...
What is the situation right now? Did you get it working?
by lz1dsb
Tue Mar 17, 2015 10:46 am
Forum: General
Topic: Linking 3 LAN through WAN (Internet)
Replies: 20
Views: 2532

Re: Linking 3 LAN through WAN (Internet)

Hm... that's strange, could you post an excerpt from the EoIP and the related configs?
by lz1dsb
Mon Mar 16, 2015 9:27 am
Forum: Beginner Basics
Topic: VLAN Help needed
Replies: 14
Views: 3119

Re: VLAN Help needed

Yes, I did post your config. I was just wondering what the goal is. Now it is more clear. Ok, so you can create another VLAN with vlan-id let's say 7. Attach that VLAN to the port you want it to be trunk. Than add this new VLAN to your LAN bridge. This is how your traffic from the LAN will be also r...
by lz1dsb
Sun Mar 15, 2015 12:08 pm
Forum: Beginner Basics
Topic: VLAN Help needed
Replies: 14
Views: 3119

Re: VLAN Help needed

So you use the embedded switch chip: /interface ethernet set [ find default-name=ether1 ] comment=WAN set [ find default-name=ether2 ] comment=LAN name=ether2-master-LAN set [ find default-name=ether3 ] master-port=ether2-master-LAN set [ find default-name=ether4 ] master-port=ether2-master-LAN set ...
by lz1dsb
Sun Mar 15, 2015 11:57 am
Forum: General
Topic: Linking 3 LAN through WAN (Internet)
Replies: 20
Views: 2532

Re: Linking 3 LAN through WAN (Internet)

OSPF is a routing protocol which in general distributes IP Layer 3 information in your routing domain i.e. reachability information for all of the subnetworks you have in your network. How to use it? - just enable the process and advertise all of the subnetworks that you want to distribute, even the...
by lz1dsb
Mon Mar 09, 2015 9:23 am
Forum: General
Topic: Linking 3 LAN through WAN (Internet)
Replies: 20
Views: 2532

Re: Linking 3 LAN through WAN (Internet)

With a simple topology like this, I would start with static routes. You only need to add two routes at each site. The WAN IP Address is DHCP (i.e. Non-Static) on both LAN 1 and LAN 3. So you set up your server at LAN2 and the routers at LAN1 and LAN3 will act as clients, establishing secure connect...
by lz1dsb
Sun Mar 08, 2015 2:57 pm
Forum: General
Topic: Linking 3 LAN through WAN (Internet)
Replies: 20
Views: 2532

Re: Linking 3 LAN through WAN (Internet)

How do you make the routing... First you select the routing protocol. Second you enable the routing process. Third you enable it on the interfaces you want it to run. Fourth you select the local networks you would like to advertise. If you give me more details (interfaces and networks) I could be mo...
by lz1dsb
Sat Mar 07, 2015 6:15 pm
Forum: RouterBOARD hardware
Topic: use cloud core router or cloud router switch for replacing extreme networks layer 3 switch?
Replies: 3
Views: 2451

Re: use cloud core router or cloud router switch for replacing extreme networks layer 3 switch?

The setup on a CCR would be a bit different. You'll need to create the vlans, assign them to the interfaces and bridge the tagged and untagged ports.
by lz1dsb
Sat Mar 07, 2015 11:34 am
Forum: Wireless Networking
Topic: expand and boost my wireless
Replies: 4
Views: 945

Re: expand and boost my wireless

A way to expand your wireless coverage is to use WDS - Wireless Distribution System. Basically you could configure your AP to associate as a client to an SSID, and connect other clients to itsef using the link to the main AP as a backhole. The thing with WDS is that it's not standardized. I've used ...
by lz1dsb
Sat Mar 07, 2015 11:28 am
Forum: General
Topic: Linking 3 LAN through WAN (Internet)
Replies: 20
Views: 2532

Re: Linking 3 LAN through WAN (Internet)

I don't know what do you mean by "bridging". As per your description, you use different IP subnets in the three LANs, so in that case if you "bridge" them (this is a Layer 2 operation), the hosts in the three sites will not be able to communicate, as they're configured in a three differen subnetwork...
by lz1dsb
Thu Mar 05, 2015 2:40 pm
Forum: Wireless Networking
Topic: Point-To-Point Wireless Setup
Replies: 6
Views: 1263

Re: Point-To-Point Wireless Setup

"24/7 is no problem for these units as long as your bandwidth expectations are reasonable." I especially liked this comment. That's important with WiFi p2p links as the weather conditions could seriously deteriorate. For p2p links you could also use the Mikrotik wireless protocols, they should probi...
by lz1dsb
Thu Mar 05, 2015 2:35 pm
Forum: Beginner Basics
Topic: VLAN Help needed
Replies: 14
Views: 3119

Re: VLAN Help needed

Could you also export your config?
Just run export in the CLI. It will generate a text file, which is much more compact and easier to work with. You can remove any sensitive information from the export before posting it off course.
by lz1dsb
Thu Mar 05, 2015 2:33 pm
Forum: Beginner Basics
Topic: VLAN Help needed
Replies: 14
Views: 3119

Re: VLAN Help needed

"My ISP provides me with internet (untagged VLAN1) and IPTV (untagged VLAN6). Update: Got on call with ISP - could be untagged VLAN1 for Internet and IPTV (untagged VLAN6), but dude is not certain." You cannot have both VLANS as untagged. Untagged means plain Ethernet frames, if there's no Tag in th...
by lz1dsb
Sat Feb 28, 2015 11:29 pm
Forum: Beginner Basics
Topic: VLAN Help needed
Replies: 14
Views: 3119

Re: VLAN Help needed

Apparently, this is how you could do it...
http://wiki.mikrotik.com/wiki/Manual:Sw ... Vlan_Table

The configuration does not look hard though. In theory, it should be more efficient as all the switching is done in the Switch chip.
by lz1dsb
Tue Feb 24, 2015 1:22 pm
Forum: Beginner Basics
Topic: VLAN Help needed
Replies: 14
Views: 3119

Re: VLAN Help needed

I also forgot to mention that if your device has a switch chip and you will have large amount of traffic - it would be more efficient to use the switch chip. The sample configuration I gave you, will certainly be less efficient. For small amount of traffic over the vlans, most likely it will not mat...
by lz1dsb
Tue Feb 24, 2015 1:20 pm
Forum: Beginner Basics
Topic: VLAN Help needed
Replies: 14
Views: 3119

Re: VLAN Help needed

There are two ways to configure VLANS in RouterOS. One way is specific to the device, i.e. the switch chip that it uses - I'm not very familiar with it. Other way is to manually configure bridges and assign vlan interfaces, this is what I have used. Below an example: 2 Vlans are created, both of the...
by lz1dsb
Tue Feb 24, 2015 1:07 pm
Forum: General
Topic: RB951G-2HnD Packet loss
Replies: 2
Views: 665

Re: RB951G-2HnD Packet loss

Strange. I have the same device and I recently updated it to version 6.27. I haven't noticed any degradation as you describe it. I do not use any PPPoE though...
Were you able to make any additional traces? RouterOS has a very good built in capture which is very useful.
by lz1dsb
Tue Feb 24, 2015 11:55 am
Forum: General
Topic: What is difference between packet switch and circuit switch network?
Replies: 0
Views: 362

Re: What is difference between packet switch and circuit switch network?

It is either a wrong URL, or I completely do not understand...
by lz1dsb
Sat Feb 21, 2015 11:02 pm
Forum: General
Topic: Dynamic address list time out, but still visible in /ip firewall address-list
Replies: 1
Views: 889

Dynamic address list time out, but still visible in /ip firewall address-list

I've got a situation yesterday where I had to create a firewall rule to block particular traffic. I've put a timeout of 10 minutes. The address lists were created correctly, and the rule worked. What I noticed though is that the dynamic address lists are still visible, even though the timeout is sho...
by lz1dsb
Wed Feb 18, 2015 3:41 pm
Forum: General
Topic: PBX and NAT
Replies: 2
Views: 1368

Re: PBX and NAT

That is because you use "masquarade" option. Masquarade menas to "mask" all sessions from inside to outside network using the outbound IP address. In order to change that, use "src-nat", this should fix it.
by lz1dsb
Wed Feb 04, 2015 2:37 pm
Forum: General
Topic: Unusually high incomming NTP traffic, possiblly a DDOS attac
Replies: 6
Views: 1317

Re: Unusually high incomming NTP traffic, possiblly a DDOS attac

This could be the case. I'm using version 6.20 on both CCRs at that location.
Is there a document by Mikrotik stating that vulnerability?
by lz1dsb
Tue Feb 03, 2015 1:18 pm
Forum: General
Topic: Unusually high incomming NTP traffic, possiblly a DDOS attac
Replies: 6
Views: 1317

Unusually high incomming NTP traffic, possiblly a DDOS attac

Yesterday I've got a strange behaviour on one of our routers. It's and edge router having a BGP session with one of our ISPs. Anyway long story short - the device was unresponsive from its public IP address. I was able to ssh into the router from an internal server and immediately realized that ther...
by lz1dsb
Wed Jan 28, 2015 5:10 pm
Forum: General
Topic: Binding multiple wan IP's via one WAN cable to vlans
Replies: 27
Views: 7181

Re: Binding multiple wan IP's via one WAN cable to vlans

As far as the configuration goes, it does not matter whether it's an ethernet port a vlan interface or a bridge, or whatever. In the NAT rule you just have to reference the correct IP address, the IP address which is assigned for the proper vlan in your example.
by lz1dsb
Sun Jan 25, 2015 1:03 pm
Forum: General
Topic: Mikrotik Virtualbox OSPF Area issue
Replies: 1
Views: 663

Re: Mikrotik Virtualbox OSPF Area issue

I also do use RouterOS in GNS3 with Cisco IOSes for exactly the same purpose as you. I assume it's an issue with licenses. Looking at the license page http://wiki.mikrotik.com/wiki/Manual:License it seems to me that the demo license does not allow normal OSPF operation. In my setup I use RouterOS in...
by lz1dsb
Sun Jan 25, 2015 12:50 pm
Forum: General
Topic: Please advise on CPU-efficient load balancing approach
Replies: 2
Views: 835

Re: Please advise on CPU-efficient load balancing approach

That's an interesting thread, as I also use RB951 devices in my network. I'm not quite sure, but when you use mangle rules, this makes the system process each packet and unfortunatelly RB951 is not the fastest Mikrotik router out there. I guess you're hitting the hardware limit. You could try profil...
by lz1dsb
Sun Jan 25, 2015 12:35 pm
Forum: General
Topic: BGP issue?
Replies: 1
Views: 378

Re: BGP issue?

It is very likely that you have some misconfiguration either in your local system or on the remote BGP peer.
Could you post a configuration /bgp router export would do it...
by lz1dsb
Sun Jan 25, 2015 12:11 pm
Forum: Forwarding Protocols
Topic: OSPF Routing with Multiple Areas
Replies: 4
Views: 1592

Re: OSPF Routing with Multiple Areas

If all areas are connected to the Backbone area, you do not need virtual links.
by lz1dsb
Sun Jan 25, 2015 12:05 pm
Forum: General
Topic: OVPN Server automatically creates interface
Replies: 7
Views: 1359

Re: OVPN Server automatically creates interface

I also noticed that in a long run, the OVPN connection breaks down...
by lz1dsb
Sun Jan 25, 2015 11:58 am
Forum: General
Topic: OVPN Server automatically creates interface
Replies: 7
Views: 1359

Re: OVPN Server automatically creates interface

That's an old post but anyway. I haven't figured out a convenient way to monitor the threads.
I've also started using static interfaces on OVPN, it's how I can control the settings of the routing protocol I run over that link. It's quite useful, before I didn't know about that option.
by lz1dsb
Wed Jan 21, 2015 2:20 pm
Forum: General
Topic: Qemu RouterOS image in GNS3
Replies: 12
Views: 5563

Re: Qemu RouterOS image in GNS3

What do you mean by "not writeable"?
by lz1dsb
Wed Jan 21, 2015 2:19 pm
Forum: Wireless Networking
Topic: High packet loss on WiFi interface in ROS 6.24
Replies: 16
Views: 2874

Re: High packet loss on WiFi interface in ROS 6.24

Well, than it's a different scenario. It could be a faulty radio module.
by lz1dsb
Mon Jan 19, 2015 6:47 pm
Forum: General
Topic: Qemu RouterOS image in GNS3
Replies: 12
Views: 5563

Re: Qemu RouterOS image in GNS3

I did. But I think there's probably something not entirely correct with the way I build the topology in GNS3. I read somewhere that there's an additional option ot set, in order to have the configuration saved for the QUEMU hosts. Hopefully I'll find the time these days to play around with it. It's ...
by lz1dsb
Mon Jan 19, 2015 6:44 pm
Forum: Wireless Networking
Topic: High packet loss on WiFi interface in ROS 6.24
Replies: 16
Views: 2874

Re: High packet loss on WiFi interface in ROS 6.24

Have you by any chance looked at the spectrum? Nowadays the 2.4Ghz spectrum is just too crowded! Fortunatelly you have a very convenient option - WiFi Analysier Android App. With it, you can scan the spectrum and analyse where it's less crowded. Than you'll just have to move the channel. This is wha...
by lz1dsb
Sun Jan 18, 2015 12:06 pm
Forum: General
Topic: Qemu RouterOS image in GNS3
Replies: 12
Views: 5563

Re: Qemu RouterOS image in GNS3

I haven't mentioned one thing though... I still haven't found a way to overcome it. Each time I start the topology - I have to manually enter the configuration, it's not saved in GNS3.
by lz1dsb
Wed Jan 14, 2015 10:37 pm
Forum: General
Topic: Qemu RouterOS image in GNS3
Replies: 12
Views: 5563

Re: Qemu RouterOS image in GNS3

Sorry guys, I've just seen that you've replied... several months later :D Well, I'm using a single license. It's exactly like this, I have created one QUEMU HDD and I've generated a license for it. The first time I've even put the wrong system ID, so I had to generate the license once again. Anyway ...
by lz1dsb
Sat Jan 10, 2015 12:59 am
Forum: General
Topic: What is the maximum capacity of a RB951G?
Replies: 22
Views: 3556

Re: What is the maximum capacity of a RB951G?

I have to give it another try than... If I get 50% utilization of the link, it would be great.

mulțumesc :)
by lz1dsb
Fri Jan 09, 2015 5:06 pm
Forum: Wireless Networking
Topic: High packet loss on WiFi interface in ROS 6.24
Replies: 16
Views: 2874

Re: High packet loss on WiFi interface in ROS 6.24

I will certainly try that. One question though. Wouldn't using a strictly 20MHz channel limit the performance? As theory goes, the wider the band, the higher the achieveable speed... I guess in my case I do not get too much of an improvement, as the nearby channels are already quite congested. Also,...
by lz1dsb
Fri Jan 09, 2015 9:57 am
Forum: General
Topic: What is the maximum capacity of a RB951G?
Replies: 22
Views: 3556

Re: What is the maximum capacity of a RB951G?

I'm a bit confused now... Are my ports controlled by the switch chip or not? Basically I've put the master port in a bridge - in order to have an IP address there and to be able to have L2 connectivity with the Wireless port... interface ethernet switch port print Flags: I - invalid # NAME SWITCH VL...
by lz1dsb
Fri Jan 09, 2015 9:12 am
Forum: Wireless Networking
Topic: High packet loss on WiFi interface in ROS 6.24
Replies: 16
Views: 2874

Re: High packet loss on WiFi interface in ROS 6.24

Just a quick update on this. Last night I did a more extensive troubleshooting on this. I used the WiFi Analyser application on my phone to check how the channels are used, and boy, it's quite crowded! I changed the channel several times with very little improvement of the overal packet drops, so I ...
by lz1dsb
Thu Jan 08, 2015 5:13 pm
Forum: Wireless Networking
Topic: High packet loss on WiFi interface in ROS 6.24
Replies: 16
Views: 2874

Re: High packet loss on WiFi interface in ROS 6.24

uldis, I'm not sure that I'll catch the exact time when the drop happens to generate the suppout file. 1. It is sporadic 2. It briefly happens. So when I start continious pings to the router from the clients, I've got 3-4 pings lost here and there. 3. I'm also wirelesslly connected to the router, so...
by lz1dsb
Thu Jan 08, 2015 5:08 pm
Forum: Forwarding Protocols
Topic: Routing policy question
Replies: 5
Views: 1521

Re: Routing policy question

Thank you babbage, I've just seen your post. That presentation looks quite interesting indeed.
by lz1dsb
Thu Jan 08, 2015 4:49 pm
Forum: General
Topic: What is the maximum capacity of a RB951G?
Replies: 22
Views: 3556

Re: What is the maximum capacity of a RB951G?

Well, actually I did that - and this is the default configuration: [bsotirov@router82.sotirov-bg.net] > interface ethernet export # jan/08/2015 16:48:08 by RouterOS 6.24 # software id = 2DWW-HXRL # /interface ethernet set [ find default-name=ether1 ] comment="Outbound Interface" name=ether1-gateway ...
by lz1dsb
Thu Jan 08, 2015 4:43 pm
Forum: Wireless Networking
Topic: High packet loss on WiFi interface in ROS 6.24
Replies: 16
Views: 2874

Re: High packet loss on WiFi interface in ROS 6.24

And one thing that strikes me is that in the parallel tests I run constantly, whenever there's are packets lost/unserviced/or whatever the reason, it all happens simultaineasly on both clients! Is this normal to have such a behaviour in situations like this?
by lz1dsb
Thu Jan 08, 2015 4:36 pm
Forum: Wireless Networking
Topic: High packet loss on WiFi interface in ROS 6.24
Replies: 16
Views: 2874

Re: High packet loss on WiFi interface in ROS 6.24

I forgot, here are the current settings: /interface wireless set [ find default-name=wlan1 ] band=2ghz-onlyn channel-width=20/40mhz-ht-below comment=LAN country=bulgaria disabled=no \ distance=indoors frequency=2462 l2mtu=2290 mode=ap-bridge ssid=prostor wds-default-bridge=bridge-local wireless-prot...
by lz1dsb
Thu Jan 08, 2015 4:34 pm
Forum: Wireless Networking
Topic: High packet loss on WiFi interface in ROS 6.24
Replies: 16
Views: 2874

Re: High packet loss on WiFi interface in ROS 6.24

Yes, I didn't notice such drops in version 6.23.
I tried both suggestions, no luck. It's the same, the drop rate is around 16-17%
No I do not use WDS at the moment, it's a residual configuration, that I used in the past. I disabled WDS.
by lz1dsb
Thu Jan 08, 2015 3:29 pm
Forum: Wireless Networking
Topic: High packet loss on WiFi interface in ROS 6.24
Replies: 16
Views: 2874

Re: High packet loss on WiFi interface in ROS 6.24

Thank you for your quick responce udilis. 1. I update regularly, so the previous version of the RouterOS was 6.23 2. I use just the regular wireless package. 3. Regarding the settings, I didn't really messed with them when I first installed the router. I set it to 802.11n, set SSID and a password. H...
by lz1dsb
Thu Jan 08, 2015 3:10 pm
Forum: Wireless Networking
Topic: High packet loss on WiFi interface in ROS 6.24
Replies: 16
Views: 2874

Re: High packet loss on WiFi interface in ROS 6.24

I forgot to mention that the ping reply times are horible too! The jitter is way beyond 30ms! The response times are between 0 and 80ms. For a small, not utilized WiFi network I believe this is pretty high. And again, it's only the WiFi interface that is showing this problem. Everyhing else is worki...
by lz1dsb
Thu Jan 08, 2015 2:58 pm
Forum: Wireless Networking
Topic: High packet loss on WiFi interface in ROS 6.24
Replies: 16
Views: 2874

High packet loss on WiFi interface in ROS 6.24

I've noticed that after an upgrade to 6.24 I've got a pretty annying packet loss in the WiFi network. They reach up to 20% percent! I'm testing in parallel from a Linux machine and from another Mikrotik router, connected to the Access Point (RB951G-2HnD). In the log I see that both wireless clients ...
by lz1dsb
Wed Nov 19, 2014 2:10 pm
Forum: General
Topic: Feature request: Statefull NAT
Replies: 0
Views: 1133

Feature request: Statefull NAT

It would be great to have this, it's a must for a high availability scenarios. I imagine it could be tied with VRRP and all routers running in one VRRP group could synchronize their NAT translation tables.
For such powerful devices like the CCR, it's a shame we do not have such a feature.
by lz1dsb
Mon Oct 27, 2014 5:53 pm
Forum: General
Topic: What is the maximum capacity of a RB951G?
Replies: 22
Views: 3556

Re: What is the maximum capacity of a RB951G?

I tested 951G with 411GL and with 2*2 MIMO that was capable of 200 Mbit/sec tcp speed with Ubuntu Proftp server. CPU was around 60%. I think this is a very nice performance. If this is a speed you get over WiFi - it's more than nice. In my case though, I'm mainly concerned with the speed I could po...
by lz1dsb
Wed Oct 22, 2014 12:30 pm
Forum: General
Topic: What is the maximum capacity of a RB951G?
Replies: 22
Views: 3556

Re: What is the maximum capacity of a RB951G?

What was limiting the speed?
In general there was no limiting factor, so I'm a bit puzzled. I didn't expect though to get 100% utilization, maybe 60-70%...
by lz1dsb
Tue Oct 21, 2014 10:57 pm
Forum: Forwarding Protocols
Topic: CCR1016 - no pulls all BGP sessions
Replies: 2
Views: 1003

Re: CCR1016 - no pulls all BGP sessions

Hello i have simple network infrastructure one CCR1016 (alpha) with 3 x eBGP sessions and another (beta) with 1 x eBGP session and both combined to iBGP with public ASN alpha and beta load full prefixes from eBGP peers beta get all prefixes from alpha when alpha getting some prefixes sometimes 30-5...
by lz1dsb
Tue Oct 21, 2014 10:42 pm
Forum: General
Topic: What is the maximum capacity of a RB951G?
Replies: 22
Views: 3556

Re: What is the maximum capacity of a RB951G?

It has to be G version and you have to set switch mode. Maybe in bridge with fastpath also. Of course it will not route/nat 1gbit.
I finally got the chance to test it. So, two RB951G, two hosts connected on the Ethernet ports - the speed that I was able to achieve was around 250Mbps ...
by lz1dsb
Tue Oct 14, 2014 12:26 am
Forum: Forwarding Protocols
Topic: Routing policy question
Replies: 5
Views: 1521

Re: Routing policy question

You could write a script and use the traffic monitor as the trigger, but no, there is not a simple way to do it.
I guess I would be able to mangle the excess traffic then and route only excess to the secondary outbound interface. That's a nice idea. Thank you.
by lz1dsb
Mon Oct 13, 2014 4:00 pm
Forum: Forwarding Protocols
Topic: Routing policy question
Replies: 5
Views: 1521

Routing policy question

This is the area of RouterOS configurations where I would say I'm not very proficient. So the question is:
Is there a way to configure a routing policy in RouterOS so that, when an upper bound of the bandwidth is reached - the excess traffic is routed over another outbound interface?
by lz1dsb
Thu Sep 25, 2014 1:21 am
Forum: General
Topic: 951G-2HnD problem with 6.xx version of RouterOS
Replies: 17
Views: 3205

Re: 951G-2HnD problem with 6.xx version of RouterOS

It seems that mac clonning feature is broken somehow. Report it to mikrotik anyway, maybe they will find something and correct it for the future. I was thinking the same thing but while I was testing, i was using the sniffer embedded in the RouterOS. It was always showing that the MikroTik router w...
by lz1dsb
Thu Sep 18, 2014 2:18 pm
Forum: Forwarding Protocols
Topic: MIkrotik BGP Monitoring
Replies: 55
Views: 18936

Re: MIkrotik BGP Monitoring

I have been told by support that this will be improved in RouterOS v7
A lot of interesting features and improvements are expected in v7... I wonder when it will be released...
by lz1dsb
Thu Sep 18, 2014 2:16 pm
Forum: Forwarding Protocols
Topic: OSPFv3 over l2tp tunnel fails
Replies: 0
Views: 637

OSPFv3 over l2tp tunnel fails

Today I've noticed the following issue, the Link Local IPv6 address in RouterOS for L2TP tunnels is chosen somehow strange. Here's what the situation is on the L2TP server: [router82] > ipv6 address print Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local # ADDRESS FROM-POOL I...
by lz1dsb
Wed Sep 17, 2014 7:40 am
Forum: General
Topic: 951G-2HnD problem with 6.xx version of RouterOS
Replies: 17
Views: 3205

Re: 951G-2HnD problem with 6.xx version of RouterOS

I configured a RB951G-2nHD at my brother's apartment half an year ago. Up until recently I've had similar issue. Though in my case, the outbound connection was dying once the device hits high load. It took me a while to figure it out, but I realized that the problem was that the RB was loosing it's ...
by lz1dsb
Tue Sep 16, 2014 10:53 am
Forum: Forwarding Protocols
Topic: Public IP addresses to host behind a secondary router - BGP?
Replies: 4
Views: 2006

Re: Public IP addresses to host behind a secondary router -

Hi guys, I've a network that is currently full NATed, we want to move it to use public IP address to the hosts within the network and I don't want to use NAT 1:1 in all devices, cause I've many routers involved. We've our own AS number and public IP range (190.113.X.0/22) granted by LACNIC, so, we'...
by lz1dsb
Mon Sep 15, 2014 10:51 pm
Forum: General
Topic: What is the maximum capacity of a RB951G?
Replies: 22
Views: 3556

Re: What is the maximum capacity of a RB951G?

Exactly. Connect computers that are able to generate the traffic behind and then measure the throughput.
But still... Are the RB951 boxes able to handle 1Gbps traffic. I really can't imagine this to be possible. Not that I complain about it though..
I'll test it with machines behind the routers....
by lz1dsb
Mon Sep 15, 2014 9:57 pm
Forum: General
Topic: What is the maximum capacity of a RB951G?
Replies: 22
Views: 3556

Re: What is the maximum capacity of a RB951G?

What devices are you using to generate the traffic?
I use the BTest Server and Client on both Routerboards... I guess running the test on the boards themselves influences the results...
by lz1dsb
Mon Sep 15, 2014 6:42 pm
Forum: Forwarding Protocols
Topic: Loss of BGP function after 3-4 weeks
Replies: 16
Views: 3122

Re: Loss of BGP function after 3-4 weeks

That's disturbing. I have two CCR1036s in one of the centers and they are exchanging full BGP table with two upstream ISPs. I've just checked the uptime - 7 weeks. I've had some flapping BGP sessions during these 7 weeks, but it was always a L2 device in between that was breaking the connection. Wha...
by lz1dsb
Mon Sep 15, 2014 6:26 pm
Forum: General
Topic: What is the maximum capacity of a RB951G?
Replies: 22
Views: 3556

What is the maximum capacity of a RB951G?

So the situation is like this. I have two RB951G connected over around 50m of FTP cable. The link is established as 1Gbps Ethernet. Starting a bandwidth test between them, over UDP I've got around 250 Mbps, over TCP I've got around 120-130 Mbps. I guess this is the maximum capacity of the routerboar...
by lz1dsb
Thu Sep 11, 2014 5:01 pm
Forum: General
Topic: SSTP tunnel does not detect connection failure
Replies: 6
Views: 1216

Re: SSTP tunnel does not detect connection failure

Do you have a keepalive-timeout set?
No, but I noticed that there is such a parameter. I can only see it on the sstp-client though. How should I set it on the server, or this keepalive is just a client function?
by lz1dsb
Wed Sep 10, 2014 4:38 pm
Forum: General
Topic: SSTP tunnel does not detect connection failure
Replies: 6
Views: 1216

Re: SSTP tunnel does not detect connection failure

I have had some very bad experiences using SSTP (tunnels staying up when they shouldn't be and massive packet loss). I would strongly recommend that you avoid SSTP like the plague if at all possible. I think I'm having exactly the same issue here. The SSTP client does not detect that the SSTP serve...
by lz1dsb
Wed Sep 10, 2014 12:41 pm
Forum: General
Topic: SSTP tunnel does not detect connection failure
Replies: 6
Views: 1216

SSTP tunnel does not detect connection failure

I started using SSTP few days ago between three locations. One of them is the SSTP server where all of the tunnels are terminated, the other two - dial in. I've started it with password authentication only for the moment, just to test how it works. Over the tunnels I use OSPF to advertise the networ...
by lz1dsb
Tue Sep 09, 2014 5:00 pm
Forum: General
Topic: RE: Openvpn Setup problem: please help
Replies: 3
Views: 3334

Re: RE: Openvpn Setup problem: please help

Thank God I found this!
I didn't even know that this OVPN server option ever exists....
by lz1dsb
Sun Aug 31, 2014 5:45 pm
Forum: General
Topic: Can't get internet with new router!
Replies: 18
Views: 3213

Re: Can't get internet with new router!

you should be able to see it in
/interface wireless registration-table print
by lz1dsb
Sun Aug 31, 2014 3:33 pm
Forum: General
Topic: Can't get internet with new router!
Replies: 18
Views: 3213

Re: Can't get internet with new router!

Do you get anything in /interface wireless registration-table print If you get any registrations, check also whether the dhcp server allocates IP addresses /ip dhcp-server lease print That is what I am NOT getting. I also cannot renew and release....... So what is the state of the DHCP server than?...
by lz1dsb
Sun Aug 31, 2014 10:42 am
Forum: General
Topic: Can't get internet with new router!
Replies: 18
Views: 3213

Re: Can't get internet with new router!

Do you get anything in /interface wireless registration-table print
If you get any registrations, check also whether the dhcp server allocates IP addresses /ip dhcp-server lease print
by lz1dsb
Tue Aug 26, 2014 11:42 pm
Forum: General
Topic: A question about Masquarade
Replies: 4
Views: 825

Re: A question about Masquarade

What I meant above was that if you have /ip address add interface=ehter1 address=10.10.10.30/24 add interface=ether2 address=10.200.200.40/24 add interface=ether3 address=192.168.0.1/24 comment="LOCAL" /ip route add dst-address=0.0.0.0/0 distance=1 gateway=10.10.10.1 add dst-address=0.0.0.0/0 dista...
by lz1dsb
Tue Aug 26, 2014 6:51 pm
Forum: Forwarding Protocols
Topic: Source based PBR
Replies: 1
Views: 797

Source based PBR

Can I do a source based PBR in RouterOS where the action once the traffic is matched is to change the next-hop ip address, i.e. the gateway? I found many solutions to this where source based PBR is implemented, but they use an additional route which is added to the routing table. Can I do it only by...
by lz1dsb
Tue Aug 26, 2014 6:38 pm
Forum: General
Topic: How filter output in /ip firewall connection print
Replies: 5
Views: 6142

Re: How filter output in /ip firewall connection print

I know that there's a way to filter the print output of a command and I use this regularly in the /ip route print output. But why it doesn't work on /ip firewall nat? For example when I try to filter out only the connections from a particular source address - it does not work, I've got empty output...
by lz1dsb
Tue Aug 26, 2014 6:30 pm
Forum: General
Topic: A question about Masquarade
Replies: 4
Views: 825

Re: A question about Masquarade

Is my understanding correct? A masquarade is considered a source NAT, which means that according to the packet flow diagram http://wiki.mikrotik.com/images/2/24/Packetflowv6.png the NAT-ing should happen in the Postrouting phase, after the packet has already been routed, correct? If this is so, tha...
by lz1dsb
Tue Aug 26, 2014 5:26 pm
Forum: Forwarding Protocols
Topic: CCR and Internet BGP - survey of user experiences
Replies: 24
Views: 9559

Re: CCR and Internet BGP - survey of user experiences

Glad to see this thread has been useful...i've seen it linked in multiple other forum posts. @Mikrotik - what is the status on balancing BGP across multiple cores? That's something I would like to see too! This is something that bothers me, because it turns out that as far as routing is concerned -...
by lz1dsb
Tue Aug 26, 2014 3:46 pm
Forum: General
Topic: A question about Masquarade
Replies: 4
Views: 825

A question about Masquarade

Is my understanding correct? A masquarade is considered a source NAT, which means that according to the packet flow diagram http://wiki.mikrotik.com/images/2/24/Packetflowv6.png the NAT-ing should happen in the Postrouting phase, after the packet has already been routed, correct? If this is so, than...
by lz1dsb
Tue Aug 26, 2014 2:56 pm
Forum: General
Topic: How filter output in /ip firewall connection print
Replies: 5
Views: 6142

How filter output in /ip firewall connection print

I know that there's a way to filter the print output of a command and I use this regularly in the /ip route print output. But why it doesn't work on /ip firewall nat? For example when I try to filter out only the connections from a particular source address - it does not work, I've got empty output....
by lz1dsb
Tue Aug 26, 2014 12:27 pm
Forum: Forwarding Protocols
Topic: Hello, I need to do below topology with Mikrotik. But how ?
Replies: 2
Views: 976

Re: Hello, I need to do below topology with Mikrotik. But h

You'll need to load balance across different servers...
I'm not aware of such a function directly available in the RouterOS.
It should be possible though with PCC - Per Connection Classifier in the ip firewall.
by lz1dsb
Fri Aug 22, 2014 12:10 pm
Forum: Forwarding Protocols
Topic: BGP4-MIB Support
Replies: 5
Views: 1438

Re: BGP4-MIB Support

+1
That would be nice to have...
by lz1dsb
Thu Aug 21, 2014 5:30 pm
Forum: Forwarding Protocols
Topic: question regarding MPLS VRF BGP and OSPF limitations
Replies: 2
Views: 1012

Re: question regarding MPLS VRF BGP and OSPF limitations

We use CCR's in the scenario you describe. The main issue is that CCR'S will not currently do more than 1Gbit/s on a single TCP session. Multiple sessions will go over, but a single one is limited by only being able to run across a single core. What is the aggregate traffic throughput which we coul...
by lz1dsb
Thu Aug 21, 2014 5:17 pm
Forum: Forwarding Protocols
Topic: CCR and Internet BGP - survey of user experiences
Replies: 24
Views: 9559

Re: CCR and Internet BGP - survey of user experiences

1) What kind CCR (s) are you using in your network two CCR-1036-12G 2) How many BGP feeds / Routes are you taking in above 500k. One of the routers has 4 BGP peering sessions, the other has 5. At the moment we're peering with 2 ISPs, in the next month another two ISP peering sessions are planned. 3)...
by lz1dsb
Thu Aug 21, 2014 4:48 pm
Forum: Forwarding Protocols
Topic: OSPF in 6.18 not acting right
Replies: 1
Views: 845

Re: OSPF in 6.18 not acting right

Customer were complaining about download speeds being terrible. Mostly around 1-1.5Mbps. No matter what their queues are set to. I have a computer at the a tower site so I was easily able to verify this. Also AirControl tests to CPEs confirmed. I think this is related to 6.18 as I upgraded over the...
by lz1dsb
Thu Aug 21, 2014 4:45 pm
Forum: Forwarding Protocols
Topic: Mikrotik RB201 forwarding some address
Replies: 1
Views: 1571

Re: Mikrotik RB201 forwarding some address

From few weeks I have installed router Mikrotik RB201. To one port of this router is connected server of terminals. Now I have blocked all route from this port do Internet except one IP address, where I set in menu IP - firewall src. address: x.x.x.x dst. address: (IP adres in Internet) src. port: ...
by lz1dsb
Thu Aug 21, 2014 4:27 pm
Forum: Forwarding Protocols
Topic: ospf on point to multipoint
Replies: 3
Views: 1128

Re: ospf on point to multipoint

anybody ? may be easy with diag attached.
Could you export the ospf config on the hub router and on one of the spoke routers?

In general OSPF should work just fine in that setup...
by lz1dsb
Thu Aug 21, 2014 3:58 pm
Forum: Forwarding Protocols
Topic: BGP-MPLS-BGP soluton
Replies: 3
Views: 1815

Re: BGP-MPLS-BGP soluton

Hello! I am working on a Project to implement a second transitt provider to get conectivity to the "world" I already have an MPLS cloud, using confederation and an internal ospf Routing table to distribute loopback for bgp peering to other routers to distribute my internal vrf - internet. This is o...
by lz1dsb
Thu Aug 21, 2014 3:30 pm
Forum: Forwarding Protocols
Topic: BGP routing loop
Replies: 3
Views: 1257

Re: BGP routing loop

Thank you for your reply. Yes, I created null route.
Have you tried to trace the traffic to the /21 network with traceroute from an outside network?
You do advertise the /24 network to the upstream BGP router, correct?
by lz1dsb
Thu Aug 21, 2014 11:51 am
Forum: General
Topic: Mikrotik CCR-1016
Replies: 1
Views: 552

Re: Mikrotik CCR-1016

Hi there, I am wondering if it is possible to have multiple configuration files which can be selected and loaded via the touch screen interface protected via pin code prior to switching ? If not is it possible to use a physical serial-controlled button or relay to achieve a similar outcome? As far ...
by lz1dsb
Thu Aug 21, 2014 11:46 am
Forum: General
Topic: Filtering outputs on print commands? How?
Replies: 3
Views: 5847

Re: Filtering outputs on print commands? How?

How can I filter the output of any print command in RouterOS? for example: ip route print - how can I get only the connected, static, etc... it does have embedded filter for BGP and OSPf though - it works. But how can I flexibly define what I want to be displayed? I'm running full table BGP now and...
by lz1dsb
Wed Aug 20, 2014 5:45 pm
Forum: General
Topic: Filtering outputs on print commands? How?
Replies: 3
Views: 5847

Filtering outputs on print commands? How?

I don't know if this is the right place to put this... How can I filter the output of any print command in RouterOS? for example: ip route print - how can I get only the connected, static, etc... it does have embedded filter for BGP and OSPf though - it works. But how can I flexibly define what I wa...
by lz1dsb
Mon Aug 18, 2014 5:14 pm
Forum: General
Topic: OVPN Server automatically creates interface
Replies: 7
Views: 1359

Re: OVPN Server automatically creates interface

I use OVPN connection (RB951 on both sites). On server site I manually created interface named ovpn-client1. Typically, when client makes connection, interface on server site become active and all is OK. But sometimes server automatically creates interface called <ovpn-client1> (with brackets) and ...
by lz1dsb
Mon Aug 18, 2014 3:52 pm
Forum: General
Topic: Vlan Interfaces Disappearing
Replies: 9
Views: 2426

Re: Vlan Interfaces Disappearing

Upgrade did the trick. Thanks~ I've had a situation with RouterOS v6.17 where almost all of my bridge interfaces were lost. A reboot of the device solved it, for now. It's kind of strange though, as some of the traffic was still flowing through the device. So I wonder... whether it will happen agai...
by lz1dsb
Mon Aug 18, 2014 3:35 pm
Forum: General
Topic: Traceroute and NAT
Replies: 2
Views: 711

Re: Traceroute and NAT

Yes is normal, not worry. The first ip appear because the TTL end at the router, The second is equal because the TTL end on the device BUT the device by nat has the same ip of the router... That explains it. But why than the Cisco IOS reacts in a different way in such a scenario? I've just tested i...
by lz1dsb
Fri Aug 15, 2014 9:34 pm
Forum: General
Topic: Traceroute and NAT
Replies: 2
Views: 711

Traceroute and NAT

I've noticed the following phenomenon. When a static 1:1 NAT is configured on a MikroTik router (source and destination NAT), after I start a traceroute to the Global IP address that is being translated to a private Local IP address, I always see the last hop being doubled! it seems like the router ...
by lz1dsb
Tue Aug 12, 2014 9:17 pm
Forum: General
Topic: IP Firewall and NAT statefull failover
Replies: 1
Views: 407

Re: IP Firewall and NAT statefull failover

Anyone... I'm wondering whether this kind of a setup is supported at all...
by lz1dsb
Mon Aug 11, 2014 3:32 pm
Forum: General
Topic: IP Firewall and NAT statefull failover
Replies: 1
Views: 407

IP Firewall and NAT statefull failover

Is that possible?
Me, personally, I haven't so far been able to find if this is a possible setup with RouterOS.
Has anybody been able to find anything about that?
by lz1dsb
Wed Aug 06, 2014 8:37 pm
Forum: Forwarding Protocols
Topic: BGP aggregate configuration
Replies: 9
Views: 4437

Re: BGP aggregate configuration

My guess is its because the two halfs of your /25 are not in your routing table. Its only going to aggregate routes that fully exist. Good point. It's interesting if it's really the case. I'll test it tonight if I have time. But strange though... I don't recall reading for such a requirement in the...
by lz1dsb
Sat Aug 02, 2014 9:52 pm
Forum: Forwarding Protocols
Topic: Q about Mikrotik and Camera
Replies: 3
Views: 946

Re: Q about Mikrotik and Camera

You need to find out which ports those cameras use.
mmm ok my dear if i found what i will do after that
When you know the port you can use an "ip firewall nat" rule to forward that port to a private IP address. And this is how your camera will be reachable from the outside network.
by lz1dsb
Fri Aug 01, 2014 2:28 pm
Forum: Forwarding Protocols
Topic: migrating cisco to mikrotik
Replies: 1
Views: 954

Re: migrating cisco to mikrotik

Dear Member I have the following config on Cisco interface FastEthernet0/0 ip address 2.1.1.1 255.255.255.252 interface FastEthernet0/1 ip address 1.1.1.1 255.255.255.252 interface Vlan1 description -=LAN-1=- ip address 192.168.1.1 255.255.255.0 Interface 0/0 and 0/1 IPs are for BGP with 2 upstream...
by lz1dsb
Fri Aug 01, 2014 2:00 pm
Forum: Forwarding Protocols
Topic: BGP aggregate configuration
Replies: 9
Views: 4437

Re: BGP aggregate configuration

My guess is its because the two halfs of your /25 are not in your routing table. Its only going to aggregate routes that fully exist. Good point. It's interesting if it's really the case. I'll test it tonight if I have time. But strange though... I don't recall reading for such a requirement in the...
by lz1dsb
Wed Jul 30, 2014 9:13 pm
Forum: Forwarding Protocols
Topic: BGP aggregate configuration
Replies: 9
Views: 4437

Re: BGP aggregate configuration

I think I started to get it!!! When I use the parameter bgp-origin= set to something it actually does not set the BGP Origin parameter! It matches it! So the only way I have found to set it is in an unexpected place ... setting the dummy ip route itself. This is where it's possible to set this, and ...
by lz1dsb
Wed Jul 30, 2014 9:00 pm
Forum: Forwarding Protocols
Topic: BGP aggregate configuration
Replies: 9
Views: 4437

Re: BGP aggregate configuration

Can you post your full routing table (assuming it's not a full public) No, it's not a routing table with public prefixes. I haven't applied the configuration on the production system yet. I'm testing it in GNS3 with a QEMU image of RouterOS. I stumbled upon this fairly old thread... http://forum.mi...
by lz1dsb
Wed Jul 30, 2014 6:56 pm
Forum: Forwarding Protocols
Topic: BGP session over 31 bit subnet
Replies: 15
Views: 5656

Re: BGP session over 31 bit subnet

What does the connected route for 212.6.82.0/32 look like? I just tried it, setting up a session between two MTs, one with a /32 mask, and the other with a /31. As I expected, the routes are active on the unit with the /32 mask, and not on the one with the /31. /32 unit: /ip address add address=169...
by lz1dsb
Wed Jul 30, 2014 6:50 pm
Forum: Forwarding Protocols
Topic: BGP aggregate configuration
Replies: 9
Views: 4437

Re: BGP aggregate configuration

Can't speak for the BGP aggregation but your filter command is incorrect and likely the problem. Try one of the following depending on what you wish to match. Match /24 and /25 prefix length: /routing filter add action=discard chain=out-filter invert-match=yes prefix=150.13.0.0 prefix-length=24-25 ...
by lz1dsb
Mon Jul 28, 2014 10:16 pm
Forum: Forwarding Protocols
Topic: BGP aggregate configuration
Replies: 9
Views: 4437

Re: BGP aggregate configuration

Anyone?
Am I the only one trying to use BGP Aggregate on RouterOS?
by lz1dsb
Mon Jul 28, 2014 10:14 pm
Forum: Forwarding Protocols
Topic: BGP session over 31 bit subnet
Replies: 15
Views: 5656

Re: BGP session over 31 bit subnet

For BGP, you can use a /31 on the Cisco side; and a /32 on the MT side, with the network= parameter set to the Cisco's side of the /31. So, with the Cisco config you have, you would want to change the MT side to: /ip address add address=212.6.82.1/32 interface=vlan-2958 network=212.6.82.0 That won'...
by lz1dsb
Fri Jul 25, 2014 4:02 pm
Forum: Forwarding Protocols
Topic: BGP session over 31 bit subnet
Replies: 15
Views: 5656

Re: BGP session over 31 bit subnet

For BGP, you can use a /31 on the Cisco side; and a /32 on the MT side, with the network= parameter set to the Cisco's side of the /31. So, with the Cisco config you have, you would want to change the MT side to: /ip address add address=212.6.82.1/32 interface=vlan-2958 network=212.6.82.0 That won'...
by lz1dsb
Fri Jul 25, 2014 3:48 pm
Forum: Forwarding Protocols
Topic: BGP aggregate configuration
Replies: 9
Views: 4437

BGP aggregate configuration

The question is, how it's done? I haven't found so far a good example about this and I've been testing a bit lately. So here's my config& I have a public /24 prefix which is divided into two /25 networks. And off course I would like to advertise the prefix to the provided as only one /24. /routing f...
by lz1dsb
Thu Jul 17, 2014 8:54 pm
Forum: Forwarding Protocols
Topic: OSPF Routing with Multiple Areas
Replies: 4
Views: 1592

Re: OSPF Routing with Multiple Areas

Hi Everyone, i need some help routing OSPF between many routers. i would like to have them bundle in different areas, but im having trouble making it work. could someone plz help me design the OSPF areas. So i might have 5 routers in one area and then connected with backbone. i have attached a newo...
by lz1dsb
Thu Jul 17, 2014 8:51 pm
Forum: Forwarding Protocols
Topic: BGP session over 31 bit subnet
Replies: 15
Views: 5656

Re: BGP session over 31 bit subnet

RouterOS doesnt support RFC3021? :shock: You shouldnt need /30 for running OSPF or BGP...as both routing protocols work just fine with RFC3021 adressing scheme. As public ipv4 space is exhausted, every little trick, helps a bit in siuations where you cannot use ipv6. It's a question we've got from ...
by lz1dsb
Thu Jul 17, 2014 8:49 pm
Forum: Forwarding Protocols
Topic: BGP session over 31 bit subnet
Replies: 15
Views: 5656

Re: BGP session over 31 bit subnet

Haven't you tried /30 subnet? It has also network and mulicast addresses in addition and it could help. Maybe. Yes i did. It works, the question is... why RouterOS does not work with /31 subnet? We'll establish a BGP session with a backup provider and they've asked whether our equipment supports th...
by lz1dsb
Wed Jul 16, 2014 7:39 pm
Forum: Forwarding Protocols
Topic: BGP session over 31 bit subnet
Replies: 15
Views: 5656

Re: BGP session over 31 bit subnet

I've just decided whether the same situation is valid for all routing protocols, yes it is! I've started OSPF between the routers - the same situation. Than I've configured a parallel connection between the routers. The parallel connection was configured with a standard /24 mask. And... voilla! It l...
by lz1dsb
Wed Jul 16, 2014 6:58 pm
Forum: Forwarding Protocols
Topic: BGP session over 31 bit subnet
Replies: 15
Views: 5656

BGP session over 31 bit subnet

I stumbled upon this thread http://forum.mikrotik.com/viewtopic.php?f=14&t=32935 and as it's a bit old, I've decided to start another one. So the scenario is pretty simple: I have a Cisco router on one end of the connection, on the other end, there's the MikroTik router. The requirement is to use a ...
by lz1dsb
Wed Jul 16, 2014 6:41 pm
Forum: General
Topic: Qemu RouterOS image in GNS3
Replies: 12
Views: 5563

Re: Qemu RouterOS image in GNS3

I just wanted to post what was my experience so far. 1. Creating a QEMU image of RouterOS turned out to be quite an easy task. I followed the description in mum.mikrotik.com/presentations/ID13/rofiq.pdf 2. Putting the RouterOS image in GNS3 is also a matter of setting a path to the QEMU image and se...
by lz1dsb
Sat Jul 05, 2014 11:19 pm
Forum: General
Topic: Qemu RouterOS image in GNS3
Replies: 12
Views: 5563

Qemu RouterOS image in GNS3

Here's the situation. i was able to create an qemu image of RouterOS and I successfully started it in GNS3. Connecting it to other routers works, and it's amazing that I can simulate different vendors on one common platform where I can interconnect the way I like. My question is more or less about.....
by lz1dsb
Wed May 21, 2014 4:38 pm
Forum: Forwarding Protocols
Topic: Microtik L3 deployment
Replies: 1
Views: 1094

Re: Microtik L3 deployment

Hi all, Actually i want to deploy Mikrotik as a Wireless Access Gateway to offer wifi services and manage some users. i was wondering if it is possible to have a layer 3 connection between Mikrotik and the users or if it is necessary to have a L2 tunnel between them. Many thanks in advance! Many th...
by lz1dsb
Tue May 20, 2014 4:26 pm
Forum: Forwarding Protocols
Topic: OSPF type 0x09 error
Replies: 6
Views: 2202

Re: OSPF type 0x09 error

Hello all, 2014-04-25T09:57:37+00:00 vShield-edge-4-0 routing[372]: [user.emerg] EXCEPTION 0x3e01-117: DB DESCRIPTION packet received with invalid master / slave bit. 2014-04-25T09:57:37+00:00 vShield-edge-4-0 routing[372]: [user.info] AUDIT 0x3e01-91: OSPF 1 An adjacency with a neighbor has gone d...
by lz1dsb
Tue May 20, 2014 4:01 pm
Forum: Forwarding Protocols
Topic: Help with OSPF
Replies: 1
Views: 683

Re: Help with OSPF

In order for this to work, you'll have to enable OSPF for both networks 192.168.1.0/24 and 192.168.0.0/24. What I don't see in your topology are the networks behind the RB750GL routers. You'll have to advertise them in OSPF as well. Your setup is pretty straight forward, so I do not recommend to fur...
by lz1dsb
Tue May 13, 2014 1:34 pm
Forum: General
Topic: How to control traffic in LAN?
Replies: 18
Views: 1659

Re: How to control traffic in LAN?

I have one Cisco 3750 switch,about 20 Cisco 2950/2960.and about 15 Access point in my network. All switch are managed switch. in all switch i define VLAN and every thing work properly. All Access points belong to a vlan. Like it's already written here - with such setup (only Layer 2 between the end...
by lz1dsb
Tue May 13, 2014 1:25 pm
Forum: General
Topic: Protecting against public IP abuse
Replies: 5
Views: 860

Re: Protecting against public IP abuse

Hi lz1dsb, The things are easier! Get up a PPPoE server and it provides a IP from a ip pool. Let's chek the WIKI. Santiago I agree that PPPoE would work in this case... but to me this is an additional overhead. You'll need additional configuration on every user to establish a PPPoE tunnel to the se...
by lz1dsb
Tue May 13, 2014 11:51 am
Forum: General
Topic: Protecting against public IP abuse
Replies: 5
Views: 860

Re: Protecting against public IP abuse

How you assign IP to the client? How is possilbe than your client can pick any IP they want? That's pretty legitimate question here.. I think the best way is to use automatic address allocation via DHCP. That's what DHCP is designed for. If the question is though... whether we would like to protect...
by lz1dsb
Fri May 09, 2014 3:06 pm
Forum: General
Topic: what solution can solve this scenario?
Replies: 4
Views: 651

Re: what solution can solve this scenario?

On SXT1 add default route

/ip route add gateway=192.168.1.1
If he does not redistribute the default route over RIP, he also needs to add a default route on SXT2.
Also, all clients need a proper DNS address...
by lz1dsb
Fri May 09, 2014 2:59 pm
Forum: General
Topic: ssh to routeros from routeros
Replies: 3
Views: 561

Re: ssh to routeros from routeros

Hi i have been deploying ccr1036's in pairs and I use a cross over cable to link the 2, but I can't ssh from 1 ccr1036 to the other. I have tried /system ssh user=admin <ip address of the other unit> but it comes straight back How can I get around this ? A That's the way to do it. Have you changed ...
by lz1dsb
Fri May 09, 2014 2:58 pm
Forum: General
Topic: layer 2 traffic
Replies: 4
Views: 670

Re: layer 2 traffic

this is where I've lost it how to do it.
is there a guide?
Here's the guide...
by lz1dsb
Fri May 09, 2014 2:56 pm
Forum: General
Topic: RB951G - hardware issues....?
Replies: 6
Views: 1014

Re: RB951G - hardware issues....?

also could you tell us to what device the board is connected as maybe there is some compatibility problem with ethernet connection? As far as I know from the provider, the device on the other end is a simple non-managed TP-link switch... This is the switch that aggregates the Ethernet connections w...
by lz1dsb
Fri May 09, 2014 2:54 pm
Forum: General
Topic: LLDP support for neighbor discovery
Replies: 11
Views: 3206

Re: LLDP support for neighbor discovery

According to the official documentation on the subject:
http://wiki.mikrotik.com/wiki/Manual:IP ... _discovery

LLDP is not supported. At least nothing is mentioned in the document. I agree that LLDP is an important feature nowadays...
by lz1dsb
Fri May 09, 2014 12:09 am
Forum: General
Topic: RB951G - hardware issues....?
Replies: 6
Views: 1014

Re: RB951G - hardware issues....?

I'm running the latest image 6.12.
All right, next time it happens, I'll send the support file.
by lz1dsb
Thu May 08, 2014 11:21 am
Forum: General
Topic: RB951G - hardware issues....?
Replies: 6
Views: 1014

Re: RB951G - hardware issues....?

Am I the only one facing this issue with RB951G?
by lz1dsb
Wed Apr 30, 2014 11:58 am
Forum: General
Topic: RouterOS upgrade oddness
Replies: 6
Views: 1892

Re: RouterOS upgrade oddness

You have supposingly 5x version. You have to copy package files to router manually and reboot.
I've noticed the same thing... When you upgrade to a major RouterOS version, you'll have to do it manually. I guess it makes sense...
by lz1dsb
Wed Apr 30, 2014 11:54 am
Forum: General
Topic: RSTP and VLANS
Replies: 10
Views: 6719

Re: RSTP and VLANS

Hmm, maybe this is my problem. I do use RSTP in other parts of the network for redundancy links, but not in this case. I've been expecting it to stop network loops if they occur however. Maybe I am mis-using this. In my diagram above, if a customer on switch 2 creates a network loop at his location...
by lz1dsb
Wed Apr 30, 2014 12:27 am
Forum: General
Topic: RSTP and VLANS
Replies: 10
Views: 6719

Re: RSTP and VLANS

Ok I'm going to try this and run some experiments but I'm a bit confused. If I currently have just 1 bridge with all physical Ethernet ports on that bridge, how do the vlans even cross that bridge without utilizing the spanning tree? I would think that all traffic on the bridge would be bound to th...
by lz1dsb
Mon Apr 28, 2014 9:56 pm
Forum: General
Topic: RB951G - hardware issues....?
Replies: 6
Views: 1014

Re: RB951G - hardware issues....?

I think I was able to pinpoint the reason... Lots of traffic! When I initiate a constant traffic of around 40Mbps over the router - the outbound interface fails after few minutes, it cannot sustain it. The interesting part is though that the router does not fail by itself - its reachable and I can s...
by lz1dsb
Mon Apr 28, 2014 2:42 pm
Forum: General
Topic: RB951G - hardware issues....?
Replies: 6
Views: 1014

RB951G - hardware issues....?

Have you guys experienced any hardware issues with RB951G-2HnD? I'm quite puzzled here... I've been using this model for an year now. At my home I have two RB951Gs running, without any obvious issues so far. So recently I bought another one for my brother's apartment and since than, the problems sta...
by lz1dsb
Thu Mar 20, 2014 3:08 pm
Forum: General
Topic: Traffic isolation with VLANs
Replies: 6
Views: 1647

Re: Traffic isolation with VLANs

But than... If I need more Vlans over both ports? Because they're supposed to be trunk ports.
So if I put them in a bridge with a vlan, can I also put them on another bridge with another vlan etc. And will this isolate the traffic between the vlans?
by lz1dsb
Thu Mar 20, 2014 2:12 pm
Forum: General
Topic: Traffic isolation with VLANs
Replies: 6
Views: 1647

Re: Traffic isolation with VLANs

It is on CCR-1036...
by lz1dsb
Thu Mar 20, 2014 12:22 pm
Forum: General
Topic: Traffic isolation with VLANs
Replies: 6
Views: 1647

Traffic isolation with VLANs

I've got the following setup: A MikroTik router, connected to other two switches on ports ether4 and ether5. 1. I would like to configure Vlans so both ports ether4 and ether5 has carry traffic for all the different vlans in the LAN segment. 2. The Vlan configuration will overlap on both ports, i.e....
by lz1dsb
Thu Mar 06, 2014 8:23 pm
Forum: General
Topic: NTP client does not synchronize
Replies: 6
Views: 3220

Re: NTP client does not synchronize

try some other NTP servers from pool.ntp.org @normis I did that. I configured other servers from 3.bg.pool.ntp.org. It's still the same: sys ntp client print enabled: yes mode: unicast primary-ntp: 193.104.79.174 secondary-ntp: 46.47.81.47 poll-interval: 16s active-server: 46.47.81.47 system clock ...
by lz1dsb
Fri Feb 28, 2014 3:55 pm
Forum: General
Topic: NTP client does not synchronize
Replies: 6
Views: 3220

NTP client does not synchronize

I've got a CCR1036 running RouterOS version 6.7. The NTP package was not working so I've decided to uninstall it and to utilize the NTP client only package which is within the RouterOS package. I did that and I captured the NTP traffic from and to the router. So now I see that the router is sending ...
by lz1dsb
Sat Feb 22, 2014 1:07 pm
Forum: General
Topic: Trunk port on a CCR1036 router
Replies: 11
Views: 6251

Re: Trunk port on a CCR1036 router

I would like to just finish this thread as resolved. The issue turned out to be with the provider. So here's the config that worked for me... Site A /interface vlan add interface=sfp1 l2mtu=1586 mtu=1590 name=vlan2705 vlan-id=2705 /ip address add address=10.27.5.100/24 interface=vlan2705 network=10....
by lz1dsb
Tue Feb 11, 2014 11:21 am
Forum: General
Topic: How to provide internet services on ADSL inerface
Replies: 1
Views: 539

Re: How to provide internet services on ADSL inerface

If the ADSL infrastructure is pure Layer 2 there shouldn't be any difference. Than the hotspot users will connect to your router over the layer 2 infrastructure, get an IP address, and than eventually get authorized via the hotspot service.
by lz1dsb
Mon Feb 10, 2014 12:17 pm
Forum: General
Topic: Openvpn server on ROS 6.9
Replies: 1
Views: 841

Re: Openvpn server on ROS 6.9

Strange... I've done the same upgrade on my RB951 and RB751. The RB951 is the OVPN server, the other is the client. I have the tunnel running for a week now, exactly after the upgrade on both boards was done... Here's the output from the server. Maybe you have a different configuration that has issu...
by lz1dsb
Wed Jan 29, 2014 6:49 pm
Forum: General
Topic: Connecting Mikrotik router to a QinQ provider network
Replies: 2
Views: 1075

Re: Connecting Mikrotik router to a QinQ provider network

I assume both ends of the ISP link are configured the same? That's a valid point! I realized that I don't have an explicit knowledge what's configured on the other end of the link... So I'm now checking on that. But if we assume that I might have analog configuration on the other end, this configur...
by lz1dsb
Wed Jan 29, 2014 6:10 pm
Forum: General
Topic: Connecting Mikrotik router to a QinQ provider network
Replies: 2
Views: 1075

Connecting Mikrotik router to a QinQ provider network

I recently started a thread regarding the trunk port configuration in RouterOS. Well, now I have a real world example where I have to configure a trunk port to a provider network, where the provider uses QinQ to transport my traffic. Here's the provider's port configuration: description customerX sw...
by lz1dsb
Mon Jan 27, 2014 11:22 pm
Forum: General
Topic: Idle session timeout for a user, administrating the router?
Replies: 1
Views: 468

Re: Idle session timeout for a user, administrating the rout

Bump!
I can't believe that such a function does not exist...
by lz1dsb
Sun Jan 26, 2014 7:08 pm
Forum: General
Topic: Idle session timeout for a user, administrating the router?
Replies: 1
Views: 468

Idle session timeout for a user, administrating the router?

I recently realized that the user I use for administrating my routers, does not have an idle session timeout... I checked all options when creating a user, but I don't seem to find any possibility to add idle timeout. Is it possible to have an idle timeout for the users, connected to the RouterOS? I...
by lz1dsb
Sun Jan 26, 2014 5:00 pm
Forum: General
Topic: Trunk port on a CCR1036 router
Replies: 11
Views: 6251

Re: Trunk port on a CCR1036 router

So if I got you correct, the configuration should look like this: /interface bridge add name=br-vlan10 /interface bridge add name=br-vlan20 /interface bridge add name=br-vlan30 /interface vlan add interface=ether4 name=vlan10 vlan-id=10 add interface=ether4 name=vlan20 vlan-id=20 add interface=ethe...
by lz1dsb
Sun Jan 26, 2014 10:15 am
Forum: General
Topic: Trunk port on a CCR1036 router
Replies: 11
Views: 6251

Re: Trunk port on a CCR1036 router

Create 3 bridges, one for each Vlan. Create three Vlan interfaces on both port 4 and 5. Bridge the correct port (ether1/2/3) with the two correct Vlan interfaces. Another option is to bridge port 4 and 5 and create the Vlan interfaces on that bridge. Then bridge only one Vlan interface with the rig...
by lz1dsb
Sat Jan 25, 2014 10:42 pm
Forum: General
Topic: Trunk port on a CCR1036 router
Replies: 11
Views: 6251

Trunk port on a CCR1036 router

I'm a bit confused with the trunk and access configurations on RouterOS. I've seen at least couple of ways of configuring VLANs and trunks. It's kind of confusing. That's why I start this thread, because on the CCR1036 platform I find it even more confusing... So let me summarize what confuses me: 1...
by lz1dsb
Tue Jan 14, 2014 11:21 pm
Forum: General
Topic: 11ac radio?
Replies: 27
Views: 7545

Re: 11ac radio?

I don't think that 98% is correct. All Apple computers support 802.11ac MikroTik is working on .ac products for this year. That's great normis! We'll appreciate higher speeds. Regarding the numbers... like I wrote - just figurative. I saw a presentation recently and such high number was cited there...
by lz1dsb
Thu Jan 09, 2014 4:21 pm
Forum: General
Topic: UPnP does not work with Nomachine's NX
Replies: 0
Views: 955

UPnP does not work with Nomachine's NX

So here's the setup: One RB951G-2HnD connected to my ISP. It's configured as a standard AP that does NAT. There's another RB951G-2HnD which is connected to the AP and it's configured to work in as a bridge. I use WDS. Behind the second RB951G-2HnD I have my laptop connected to one of the ports. On m...
by lz1dsb
Tue Jan 07, 2014 4:35 pm
Forum: General
Topic: 11ac radio?
Replies: 27
Views: 7545

Re: 11ac radio?

11ac radio is still quite new standard. For the whole 2012 98% (figurative numbers, I don't remember the exact figure but it was quite high) of the worldwide sales of WiFi equipment were 11n. So we could safely say that the transition towards 11n has finished. I personally don't believe that the tra...
by lz1dsb
Fri Jan 03, 2014 10:42 pm
Forum: General
Topic: IPsec configuration... am I missing something?
Replies: 10
Views: 7185

Re: IPsec configuration... am I missing something?

So finally I've got a time to test this once again. and the IPsec tunnel is working. Thank you andriys.
Now I've got a pretty got idea on how to configure IPsec in RouterOS. I'll still have to look for a dynamic way of establishing the IPsec tunnel though. I'll check again the documentation...
by lz1dsb
Mon Dec 30, 2013 4:05 pm
Forum: General
Topic: IPsec configuration... am I missing something?
Replies: 10
Views: 7185

Re: IPsec configuration... am I missing something?

andriys... I think I'm starting to get the IPsec configuration piece by piece in my head. I think I'm missing this. I only get output in the /ip ipsec remote-peer print section. But at least until now, I haven't seen any dynamic policies forming. I'll double check in a couple of days, I'm a bit on t...
by lz1dsb
Sun Dec 29, 2013 4:10 pm
Forum: General
Topic: IPsec configuration... am I missing something?
Replies: 10
Views: 7185

Re: IPsec configuration... am I missing something?

No, I don't have any other policies besides the one we're discussing here...
I still believe that the issue is not the IPsec though. According to the outputs - it's established. But I guess the firewall is blocking the traffic, or the NAT....
by lz1dsb
Sat Dec 28, 2013 9:36 pm
Forum: General
Topic: IPsec configuration... am I missing something?
Replies: 10
Views: 7185

Re: IPsec configuration... am I missing something?

andriys, I guess the whole point of the mode-cfg configuration is that I won't have to create a script for the dynamically changing IP address ;) In the mean time I've changed the configuration on both routers. Now, I have the IPsec connection listed as established at both ends: [admin@MikroTik_main...
by lz1dsb
Fri Dec 27, 2013 10:40 pm
Forum: General
Topic: IPsec configuration... am I missing something?
Replies: 10
Views: 7185

Re: IPsec configuration... am I missing something?

andryis thank you for your quick and detailed reply... I'm just wondering... doesn't the configuration you propose break the concept of the mode-cfg and template configuration? I mean... the way I understand it - it allows me to have a device working like a VPN concentrator where I can terminate IPs...
by lz1dsb
Thu Dec 26, 2013 5:19 pm
Forum: General
Topic: IPsec configuration... am I missing something?
Replies: 10
Views: 7185

IPsec configuration... am I missing something?

So, here's the situation: I have two locations, my parent's home where I use ADSL connection and I don't have a static public IP address. Then, there's my home where I have a public IP address assigned to my router. So to tell a long story short - I would like to establish an IPsec connection in ord...
by lz1dsb
Thu Sep 19, 2013 5:35 pm
Forum: General
Topic: ROS 6.2 and 6.3 +Winbox + Quickset = self country change
Replies: 29
Views: 15449

Re: ROS 6.2 and 6.3 +Winbox + Quickset = self country change

Hmmm... Installing RouterOS 6.4 on my RB751G-2HnD and this issue seems to be solved. I haven't tried it on RB951 models...
by lz1dsb
Fri Aug 09, 2013 7:39 pm
Forum: General
Topic: ROS 6.2 and 6.3 +Winbox + Quickset = self country change
Replies: 29
Views: 15449

Re: ROS 6.2 + WINDOWS 8 +Winbox + Quickset = self country ch

Are there any news on this bug? Have you guys found anything new about it?
by lz1dsb
Thu Aug 08, 2013 6:14 pm
Forum: General
Topic: Rb2011 V6.2 bug
Replies: 11
Views: 3101

Re: Rb2011 V6.2 bug

Yesterday I've upgraded my RB951G-2HnD and I have the same effect with Winbox. Whenever go to the Quick Setup menu, the app hangs and crashes.
When using RouterOS version 5.25, there aren't any issues with that. I haven't noticed any issues with the CPU load.
by lz1dsb
Thu Aug 08, 2013 1:30 am
Forum: General
Topic: ROS 6.2 and 6.3 +Winbox + Quickset = self country change
Replies: 29
Views: 15449

Re: ROS 6.2 + WINDOWS 8 +Winbox + Quickset = self country ch

I've just upgraded my RB951G-2HnD to version 6.2.
I'm running it in station mode. Whenever I enter "Quickset" from WinBox, the WinBox hangs and than crashes. Otherwise all of my settings were retained correctly and the device seems to be working fine... so far.
Is this a known bug?