MikroTik

zap71

Have you ever used netinstall before or is it your first attempt ever? The issue may be that the device doesn't get a response from netinstall so it continues the boot. I used Netinstall a few years ago but I do not have much experience with it. I followed the wiki article https://wiki.mikrotik.com...

zap71

Thank you for your reply!

Unfortunately I don't think its a problem with the button. The LED indicates that the different modes are triggered (blinking, staying on, then turning off) so I don't think the behaviour is related to a problem with the button.

Zap.

zap71

Hi there, I tried to upgrade two of my 962UiGS-5HacT2HnT and somehow they are both stuck in an endless boot loop. I tried to get them into netinstall mode by holding the reset button for about 10 seconds, the SFP LED flashes, turns solid, turns off, I release the button but a few seconds later, the ...

zap71

Hi, just bricked two of my three RB962UiGS-5HacT2HnT by upgrading from 6.41.2 to 6.41.3. I did the following steps - as I did with the last update: 1. uploaded routeros-mipsbe-6.41.3.npk 2. reboot 3. uploaded active modules - advanced-tools-6.41.3-mipsbe.npk - dhcp-6.41.3-mipsbe.npk - ipv6-6.41.3-mi...

zap71

Hi everybody, I am considering to upgrade my home network with 2 or 3 https://mikrotik.com/product/RB962UiGS-5HacT2HnT devices to upgrade my WLAN to 5GHz. With my current setup I use a RB2011UAS-2HnD-IN and a 951-G-2HnD and it was quite difficult to have them play nicely together within one WLAN mes...

zap71

I just upgraded from 6.34.2 to 6.37.1 and ended up with all my WLANs (I have three of them) broken. The steps to reactivate them were: 1. Enable the wlan interface again 2. I got my last backup dump of the configuration and copy/pasted the configuration of the wlan1 interface to the console /interfa...

zap71

Dear Mikrotiks, since mDNS becomes more and more popular with home automation and the "Interet of Things", it is very cumbersome that RouterOS can't handle IP multicast routing. Therefore it would be highly welcomed if RouterOS v7 would support at least the necessary DNS records so it would be possi...

zap71

Hi,

I talked to MikroTik support and they advised to set the distance to "indoors".

/interface wireless distance=indoors

and since then everything seems to be fine.

Zap.

zap71

In general it is working but I still have the problem, that sometimes the repeater goes into some kind of loop and reports: ... disconnected, management-protection failure ... connected, is AP, wants WDS or ... disconnected, no beacons received ... connected, is AP, wants WDS over and over again. As...

zap71

I wrote a little howto about WDS repeater configuration, which can be found here:
RouterOS WDS Repeater Configuration Guide.

Zap.

zap71

I wrote a little howto about WDS repeater configuration, which can be found here:
RouterOS WDS Repeater Configuration Guide.

Zap.

zap71

You might want to post your problem in English.

Zap.

zap71

Hi, When I get on the guest network (ssid mehmaan), I am able to reach both wireless and wired hosts on 192.168.1.0/24 network, which is not expected. The counter of the firewall rules to drop traffic is not going up which makes me think that something is wrong in configuration. What exactly do you ...

zap71

In case anybody want's to anonymize an exported RouterOS configuration, here is a small perl script to get this job done: RouterOS Export Anonymizer Script

Zap.

zap71

Hi plisken,

unfortunately both routers already run in wireless debug log. But it doesn't give any further information in the logs.

Zap.

zap71

Hi uldis, I changed the configuration to "static mesh" on both ends and still get weird errors every day. This looks like this: disconnected, management-protection failure connected, is AP, wants WDS disconnected, management-protection failure connected, is AP, wants WDS disconnected, received deaut...

zap71

Hi uldis,

thanks for your advice. I set the VAPs to static-mesh and will report back if the occasional behavior stops.

One thing I don't understand is, why does it work in WDS mode "static" and "static mesh" at first and only messes up after several hours? Shouldn't it fail right away?

Zap.

zap71

Hi Dave, here is my export. I hope my beta export-anonymizer script did not destroy anything important. :) Zap. # feb/02/2014 08:30:18 by RouterOS 6.9 # software id = 3TJK-VHYR # /interface bridge add arp=reply-only l2mtu=2290 name=BRIDGE_1 add arp=reply-only l2mtu=2290 name=BRIDGE_2 add l2mtu=2290 ...

zap71

Hi, after a few days running with the new WDS configuration I regualarly get failures where the whole connection seems to stop working. The logs look like this: Feb 1 19:11:38 10.x.x.x wireless,info ZZ:ZZ:ZZ:ZZ:ZZ:ZZ@ssid1: disconnected, no beacons received Feb 1 19:11:39 10.x.x.x wireless,info ZZ:Z...

zap71

Hi, after a few days running with the new WDS configuration I regualarly get failures where the whole connection seems to stop working. The logs look like this: Feb 1 19:11:38 10.x.x.x wireless,info ZZ:ZZ:ZZ:ZZ:ZZ:ZZ@ssid1: disconnected, no beacons received Feb 1 19:11:38 10.x.x.x interface,info swi...

zap71

I assume you must provide some more information what you want to do and why.

Zap.

zap71

I guess, I need a little more help. My setup seems to work as far as I can see on the routers but my clients don't connect to the repeater. I thought that they would do this automatically since it provides the stronger signal. Unfortunately, all devices stay on the main router and ignore the repeate...

zap71

The funny thing is, 6.8 already is on the download servers. If you just replace the version numbers in the 6.7 links, the download runs nicely.

Example: http://download2.mikrotik.com/routeros/ ... be-6.8.zip

Zap.

zap71

Hi plisken, yes, I plan to write a detailed howto with screenshots and everything, probably next weekend.

Zap.

zap71

Everything seems to be solved guys! Thanks alot for your help!

Have a look at Setup question for WLAN repeater.

Zap.

zap71

Hi everybody, hi plisken, I just got my setup working for the first time. The trick was the tip from rjscomms in the thread Repeater mode . I had to insert the MAC addresses of the opposing WDS setup and all of a sudden it started working! After reconfiguring my DHCP and firewall settings my clients...

zap71

I fully agree. It is not really easy to understand or to adapt to a slightly different setup where people just have 2 or 3 access points (which I guess is much more common than dedicated repeaters).

Zap.

zap71

While playing around with all that WDS stuff, I came across one question which I could not find answered anywhere. Is it possible to setup WDS for virtual APs or is it necessary to do this on the physical interface? All examples I could find so far are based on physical interfaces, the GUI allows to...

zap71

I think it might work somehow but I am anxious to mess up my network setup by creating loops and everything.
The RB2011 would suddenly see WLAN addresses of 3 networks coming from LAN3.

zap71

I did some more research about my repeater setup and seem to get more and more confused.

Here is a diagram of my network so it might be easier for you to get what I want to do. The RB951G is the new component which I want to use to extend the range of my WLANs.

Zap.

zap71

Plisken,

that would be great. Your help is very much appreciated!

Zap.

zap71

Hi plisken, thank you for your quick answer. I already read this document but I find it very confusing. I don't have a dedicated main gateway and no dedicated repeater. Both those tasks are on AP1 and AP2 in my case. I am quite confused how to adapt this to my 2 AP setup. Maybe you could give me som...

zap71

Hi, I am not sure how I should setup my home network. I have a RB2011UAS-2HnD and a RB951G-2HnD where the RB2011 is my "core router" which connects to the internet, is the DHCP server and currently provides all LAN and WLANs (several virtual APs) access. Layout: +--> wlan nw1 +--> wlan nw2 +--> rb95...

zap71

I am not familiar with RouterOS as a hotspot but if you are talking about user-manager data, you'll have to backup them separately.

For a (as far as I know) complete backup you can use my script Automated RouterOS Backup to FTP.

Zap.

zap71

I can't spot the mistake in your configuration and maybe your syslog server does not accept the incoming traffic from your router? You might want to have a look at Replace MAC Addresses With Labels Using Syslog-NG where I describe the setup with syslog-ng (and some rewrite filters, which are not imp...

zap71

In case you still need some ideas about logging and syslog-ng specifically, you might get some ideas in my blog post about my own setup here: Replace MAC Addresses With Labels Using Syslog-NG.

Zap.

zap71

In case you use Windows 7 and are to buy an USB adapter, make sure to NOT buy a Prolific chip based adapter.
See my post about Serial Connection With Windows 7.

Zap.

zap71

You might want to check out " /tools graphing ". The graphs will show up on your routers IP address on /graph. It will give you detailes graphs for each client you setup and I assume that if you bild a own HTML file with the daily graph of each interfacel, you can view them all in 5-minute windows. ...

zap71

If I remember correctly, the marks show up in the firewall logs. So you just have to add a logging rule before your catch-all rule and you will find them in the logs.
Just watch with "/log print follow" and see what comes through.

Zap.

zap71

Or you might try

/system backup save
/system backup load

Zap.

zap71

Hmm ok. I assume you might not have changed the interface names of your router. To get those names have a look at the output of /interface ethernet export There you get something like this: set [ find default-name=ether2 ] comment=ether2 [b]name=intranet-if[/b] set [ find default-name=ether1 ] comme...

zap71

Hi, I don't know about your p2p question but for traffic limitations I use this setup on my guest WLAN: /ip firewall mangle add action=mark-connection chain=prerouting dst-port=80 in-interface="guest" \ new-connection-mark=http-conn protocol=tcp add action=mark-packet chain=prerouting connection-mar...

zap71

I assume we need more information.
What is your configuration, what did not work with my example?

Zap.

zap71

Hi, in case your 2 websites have static IPs you might even skip Layer7 checks. The rules should be pretty simple like that: /ip firewall address-list add address=ip1 comment="address of 1st allowed webservice" list=web-ok add address=ip2 comment="address of 2nd allowed webservice" list=web-ok /ip fi...

zap71

Ha what a cool idea!

Zap.

zap71

You probably want firewall rules to block the ICMP protocol on the involved interfaces. I am just not really sure why you would want to do this - in my opinion blocking ping is pseudo security. It does not prevent any possible attacks since there are tons of other possibilities to look for active ho...

zap71

You write that "my web proxy ... response time (ping)" get very slow.

What exactly do you mean by that? Does websurfing get slow for the clients or do ping responses to the router go up?
Your "ping" confuses me somehow.

Zap.

zap71

I think it depends on how you want to create "a file".

You can not modify the extension of "known" file types like exports or backups.

If the filename is a custom file, like e.g.

/tool fetch url="http://www.google.de/" mode=http dst-path=test.abc

you can choose the filename yourself.

Zap.

zap71

That sounds very weird, indeed.

zap71

How much traffic does the proxy have to handle when you enable it?
What does the CPU usage show when it's enabled?

Zap.

zap71

Do you have any scheduled jobs on the router or externally which might be buggy under certain conditions?

Zap.

zap71

Does this error also appear when you reboot the router before the problem occurs?
And how long does it take until the error shows up? Hours? Days? Immediately?

Zap.

zap71

I would try to add a firewall rule like this: /ip firewall mangle add action=mark-routing chain=prerouting comment=\ "mark ftp connections" dst-port=21 \ new-routing-mark=mark-ftp passthrough=no and then add a routing entry accordingly: /ip route add distance=1 gateway=ISP1 routing-mark=mark-ftp I d...

zap71

LOL! I didn't mean it's powered via WLAN but it supports WLAN. I stumbled accross language barriers.

Zap.

zap71

Hi, I am not one of the MikroTik guru's but I'd suggest the RB951G-2HnD . It offers 5gbit Ports, can be powered via POE and WLAN. It does NOT offer POE for the LAN-ports but since you only use two ports, it might be ok to use injectors like RBGPOE . With the router and two injectors you should well ...

zap71

syslog-ng could handle that as well.

zap71

You might want to take a look at my backup solution, which handles the file deletion part as well.
I posted it in Automated RouterOS Backup to FTP in Harry's TechBlog.

zap71

I modified the whole stuff a little bit, e.g. beautified the date-string to represent YYYY-MM-DD format and added an /export file to the backup so one gets a human readable format as well.

The whole thing can be found at Automated RouterOS Backup to FTP in Harry's TechBlog.

zap71

First, what happens if you set all rules to accept and don't drop anything? Does the game run?

If it does, add logging to the firewall rules before you drop packets and check which packets of the game you drop.

zap71

I use DHCP on my RB with static MAC<->IP matching via the ROS user manager feature. Each MAC address only gets exactly one IP address and manually configured addresses won't be accepted (they won't get an ARP entry). Each such user has a profile assigned and these profiles can carry limitations (whi...

zap71

After some more reading and searching, I think I can explain my problem in more detail. The examples and howtos only show either a dhcp client or a dhcp server but not on a single router and not the way that the server depends on the client prefix. :( My problem is, that I need a DHCP client configu...

zap71

Hi guys, thanks for your replies. I did read quite alot about IPv6 and did the stuff Tony suggests. I have my IPv6 firewall in place, DHCPv6 client on the ISP interface, DHCP pool and a ::1/64 advertised address on the router. With these steps I got my router to talk IPv6 and now it's able to ping I...

zap71

Hi, since my ISP now provides IPv6 to my home, I am trying to setup IPv6 in my home network. So far I got everything working on the RB2011 but my Windows 7 clients seem not to get any response from the outside world. I can e.g. ping the RB fe80::* address though. I can see outgoing and incoming traf...

zap71

I posted a slightly modified version of anoka's script and a php-script which handles the "external" server part if you want to host this on a self-owned web server.

The whole thing can be found in Determine External IP Address With RouterOS on Harry's TechBlog.

zap71

I would like to see rules I added especially for debug logging. Right now I have a bunch of rules scattered throughout my firewall rules which I disable when the firewall is just running. When I am working on new rules or debugging problems I would like to just turn them all on at once. Right now I ...

zap71

Hi, is there a way to have a firewall logging rule log on debug level? I think this would come in handy if one needs to debug firewall rules. At the moment I have to enable/disable about a dozen rules if I want to turn on logging and it could be nice to just turn the loglevel of the firewall to "deb...

zap71

Ok, I finally got over the NetInstall problem. I used one of my very old Laptops with a very outdated Windows 7 on it and there NetInstall 6.4 did run as expected and I finally was able to restore the router.

It seems that it is pure luck if one is able to restore the router...

zap71

I tried your version with direct link and via a switch. The result was the same in both cases.

zap71

I tried several netmasks and used addresses from the 192.168.0.0/16 and 10.0.0.0/8 ranges. I run most tries with 192.168.179.158 (PC) and 192.168.179.55 (RB). I don't think that it has something to do with the addresses since the first step to boot the kernel works fine. Just the data transfer later...

zap71

So there is no way to get this piece of crap to netinstall in any way. I tried it from Win7, WinXP, with 5 different versions of netinstall and nothing works. I only get it to "Waiting for installation server" and that's it. I spent arount a whole day to recover the device without any success - I th...

zap71

I tried that 5.23-fixed version but it behaves almost identically, except that the status does not return to "ready" automatically and I have to click to on the router name again for the next try. The installation does not continue though - it is stuck at "Waiting for installation server..." and I c...

zap71

I did not have 6.5 installed on it before. I went from 6.4/3.08 to 6.6/3.10. Right now I let it loop for a few hours and see if it changes or delays the loop after a while and I get access again. I did not get any further with NetInstall since the router does not respond to the broadcast messages wh...

zap71

I just tried the RB951G without any difference. It shows up in NetInstall with status "Ready". When I klick "Install", the status changes to "Installing" and the status line shows "Sending offer...".
After a few seconds all turns back to "Ready" and I can click the install button again.

zap71

What netinstall version you tried when installing? Maybe you could try to use an older netinstall from v6.5 maybe? Does your netinstall work with other routerboard or you don't have any other board to test with? I tried NetInstall 6.4 and 6.6 and both didn't work. I do have a RB951G-2HND but I didn...

zap71

Thanks patrikg, I tried this already but I think this only helps for bootp problems and that part works fine for me. The netboot reliably works, just the later on happening broadcasts seem to be ignored by the booted kernel.

Zap.

zap71

Your booting the device into netboot mode right?

Yes, of course. Boot mode is bootp and the loader works as expected as you can see in the dump above.

zap71

I run a few more experiments and if I put a switch between RB and the NetInstall server and another client as well, the other client sees broadcast messages on the wire, shouting for the router to update: src 0.0.0.0 port 5000 to dst 255.255.255.255 port 5000 (udp). Obviously, the router does not co...

zap71

As I wrote, I can't get NetInstall to work - the "Install" button does not do anything. :? RouterBOOT booter 3.10 RouterBoard 2011UAS-2HnD CPU frequency: 600 MHz Memory speed: 225 MHz Memory size: 128 MiB NAND size: 128 MiB Press any key within 2 seconds to enter setup.. trying bootp protocol... OK ...

zap71

2. ROS 6.6 has killed one RB2011 and I can se it reboots every minute. It’s out on an island, so I can’t get to it other then on a ferry on monday - not good - I know this RB is running Hotspot on vlan and I guess that is what’s causing kernel failure I have exactly this behaviour as well and poste...

zap71

Hi, yesterday I upgraded my rb2011uas-2hnd-in to ROS 6.6 and firmware 3.10. This seems as it was a pretty bad idea. :cry: Unfortunately, a few hours later it went into an endless loop of rebooting every minute or so. I don't see any error messages, it just tries to start services and then it reboots...

zap71

Some more infos for the problem. The logs on my RouterOS side look like this: ... 11:34:28 pptp,ppp,info vpn-us-pptp: connected 11:34:51 pptp,debug,packet sent Echo-Request to xxx.xxx.xxx.xxx 11:34:51 pptp,debug,packet identifier=1 11:34:58 pptp,ppp,debug,packet vpn-us-pptp: rcvd LCP EchoReq id=0x1 ...

zap71

I am trying to setup a VPN connection (PPTP or L2TP) to CyberGhostVPN (https://cyberghostvpn.com/) and can't get that reliably working. The PPP connection terminates and reconnects after a few minutes. I assume that the general setup is correct since everything works fine if I e.g. reconfigure PPTP ...

zap71

Hi all, I am pretty new to RouterOS and my RB2011UAS-2HnD-IN so my question might pretty well result from some misconfiguration on my side. I connected my PC to the serial interface of the router using putty and from time to time I get some gibberish output which I can't find any reason for: [admin@...

Search found 83 matches