Community discussions

Search found 38 matches

by silverstr8p
Wed May 22, 2019 2:38 am
Forum: General
Topic: Mikrotik > Juniper VLAN trunk
Replies: 11
Views: 826

Re: Mikrotik > Juniper VLAN trunk

I grabbed an HP ProCurve switch and had it configured to do the same thing as I'm trying to accomplish in about 10 minutes, so I think I'm going that direction rather than the pain involved in making a Mikrotik behave. The ProCurve doesn't have a wireless AP, but I could just hang one off it I guess...
by silverstr8p
Mon May 20, 2019 9:57 pm
Forum: General
Topic: Mikrotik > Juniper VLAN trunk
Replies: 11
Views: 826

Re: Mikrotik > Juniper VLAN trunk

/interface bridge export # model = 2011UiAS-2HnD r2 /interface bridge add admin-mac=B8:69:F4:72:1C:47 auto-mac=no comment=defconf name=\ bridge /interface bridge port add bridge=bridge comment=defconf interface=ether2-master add bridge=bridge comment=defconf interface=ether6-master add bridge=bridg...
by silverstr8p
Mon May 20, 2019 9:11 pm
Forum: General
Topic: Mikrotik > Juniper VLAN trunk
Replies: 11
Views: 826

Re: Mikrotik > Juniper VLAN trunk

I think I spoke too soon, my second VLAN on Ports 6-10 doesn't seem to be passing traffic to the Juniper, though VLAN on ports 3-5 is working fine (receives DHCP lease and is routing to Internet across trunk to Juniper and out). Here's what I have related to my second VLAN 432: /interface ethernet s...
by silverstr8p
Wed May 15, 2019 8:32 pm
Forum: General
Topic: Mikrotik > Juniper VLAN trunk
Replies: 11
Views: 826

Re: Mikrotik > Juniper VLAN trunk

Thanks @sindy :) Okay, I did: /interface bridge port add bridge=bridge interface=ether1 and now if I statically configure a laptop on port 3 with 192.168.43.3/24 it can ping the Juniper 192.168.43.1 gateway! Yay! That means the VLAN encapsulation must be working. As for DHCP, wouldn't a laptop plugg...
by silverstr8p
Wed May 15, 2019 1:06 am
Forum: General
Topic: Mikrotik > Juniper VLAN trunk
Replies: 11
Views: 826

Re: Mikrotik > Juniper VLAN trunk

I upgraded to 6.43.15, so hopefully that makes things better. I also added the wlan1 (not renamed) to the bridge, but it still doesn't seem to hit the upstream gateway on the Juniper, am I missing anything in this config? /interface bridge add admin-mac=B8:69:F4:72:4B:A7 auto-mac=no comment=defconf ...
by silverstr8p
Tue May 14, 2019 1:29 am
Forum: General
Topic: Mikrotik > Juniper VLAN trunk
Replies: 11
Views: 826

Re: Mikrotik > Juniper VLAN trunk

Thanks @mkx :) I left ether2 unconfigured to use it as a management port in case something broke, and just configured 3-5 on the data VLAN (actually vlan-id 431) and 6-10 to phone VLAN (actually vlan-id 432) I ran into a glitch trying to delete and add ports: [admin@MikroTik] /interface bridge port>...
by silverstr8p
Sun May 12, 2019 12:18 am
Forum: General
Topic: Mikrotik > Juniper VLAN trunk
Replies: 11
Views: 826

Mikrotik > Juniper VLAN trunk

I'm trying to pass 2 separate tagged VLAN traffic from a RB2011 (Ports 2-5 as VLAN id 10 for 192.168.44.0/24, and Ports 6-10 as VLAN id 20 for 172.16.44.0/24) through ether1 as a "trunk" without NAT (NAT handled by the Juniper later), though I guess VTP isn't supported. I've established a VLAN 20 th...
by silverstr8p
Thu May 25, 2017 10:20 pm
Forum: General
Topic: queue simple not working
Replies: 5
Views: 944

Re: queue simple not working

That didn't seem to work either. I wonder if I should be using the interface queue instead of a simple queue?
by silverstr8p
Sun May 21, 2017 1:00 am
Forum: General
Topic: Port 200 TCP etc. open and telnet by default?
Replies: 8
Views: 1476

Re: Port 200 TCP etc. open and telnet by default?

Still, the original question is what are the other ports for? Why are they open? Why would telnet be needed to be open by default?
by silverstr8p
Sat May 20, 2017 8:15 pm
Forum: General
Topic: Port 200 TCP etc. open and telnet by default?
Replies: 8
Views: 1476

Re: Port 200 TCP etc. open and telnet by default?

There is no port forwarding, I didn't open any ports, and I closed FTP and telnet, other than that they are all standard port configuration.
by silverstr8p
Sat May 20, 2017 8:11 am
Forum: General
Topic: Port 200 TCP etc. open and telnet by default?
Replies: 8
Views: 1476

Re: Port 200 TCP etc. open and telnet by default?

A quick masscan of the web I'm sure would prove that they don't, or don't know how to. Look at all the issues with default passwords. Why would telnet need to be open by default.
by silverstr8p
Fri May 19, 2017 11:02 pm
Forum: General
Topic: Port 200 TCP etc. open and telnet by default?
Replies: 8
Views: 1476

Port 200 TCP etc. open and telnet by default?

I'm looking at open ports on an RB3011 and by default Telnet is open, why? That's horrible. Why is FTP enabled by default? I disabled them both. Also, I noticed port 200 TCP open and a several others, what are they all for? The WebUI says: api 8728 aoi-ssl 8729 ftp 21 ssh 22 telnet 23 winbox 8291 ww...
by silverstr8p
Fri May 19, 2017 10:34 pm
Forum: General
Topic: queue simple not working
Replies: 5
Views: 944

Re: queue simple not working

Okay, will try it when I get back to the location where the switch is.

Should limiting an interface speed work if it's within a bridge group, or could that be causing problems?
by silverstr8p
Fri May 19, 2017 10:22 pm
Forum: General
Topic: queue simple not working
Replies: 5
Views: 944

queue simple not working

I have an RB3011UIAS-RM v6.35.4 with a couple interfaces bridged. I want to set bandwidth limits for one IP running across that bridge on ether5. It's not working. Here's my code (which has worked on other MT boxes): /queue simple add name=whatever target=192.168.10.22/32 max-limit=2M/7M I've also t...
by silverstr8p
Sat Nov 12, 2016 12:22 am
Forum: General
Topic: v6.34.1 internal server error
Replies: 0
Views: 455

v6.34.1 internal server error

I'm attempting to create a bridge across ports 3-5 and assign an IP to it, but after I do, I'm able to login via command line to the new IP/ports, but not the web GUI, which just says internal server error after you enter the username and password and then it dumps you back to the login screen. This...
by silverstr8p
Wed Aug 31, 2016 8:08 am
Forum: General
Topic: mirror source port to mutlple destination/TAP
Replies: 0
Views: 253

mirror source port to mutlple destination/TAP

I want to mirror all traffic from port ether3 tx/rx to both ether4 and ALSO ether5, is that possible? I want to look at the traffic on multiple sensors on different servers.
by silverstr8p
Tue Sep 29, 2015 8:23 pm
Forum: General
Topic: firewall by MAC address or RSA/DSA?
Replies: 5
Views: 812

Re: firewall by MAC address or RSA/DSA?

Yeah, @bajodel I read what he said. In the past I'd attempted to set up a reverse-tunneling proxy openvpn VPN, but got stuck and couldn't get help from the forum or elsewhere (has anyone gotten that working/know of a link?), hence the MAC-based idea. Will look into the PPTP setup and see how that go...
by silverstr8p
Mon Sep 28, 2015 10:43 am
Forum: General
Topic: firewall by MAC address or RSA/DSA?
Replies: 5
Views: 812

Re: firewall by MAC address or RSA/DSA?

Thanks for the src-mac-address directive, will try that. I wanted techs to be able to login to these units on the WAN side, so will only have a fairly narrow number of hosts I need to allow by MAC on WAN. If they are on LAN, they would already be able to access the GUI. They're not very familiar wit...
by silverstr8p
Fri Sep 25, 2015 9:31 pm
Forum: General
Topic: firewall by MAC address or RSA/DSA?
Replies: 5
Views: 812

firewall by MAC address or RSA/DSA?

I want to allow several hosts access to the config GUI/CLI, to be controlled with either RSA/DSA tokens or MAC address they are connecting with, does RouterOS support this, or just IP-based? I want them to connect to the GUI on port 80/443. I have a rule now to allow port 80 from Untrust, from speci...
by silverstr8p
Thu May 07, 2015 3:30 am
Forum: RouterBOARD hardware
Topic: RB 750UP Gigabit Version
Replies: 19
Views: 5169

Re: RB 750UP Gigabit Version

For 8 ports I have to use a Texas Wi-Fi unit, but it's basically a dumb switch, so it won't work at tower sites because I can't manage it and get snmp. The perfect storm would be just like the existing one with 4 more PoE ports and gigE, since our networks now handle more than 100M, especially on th...
by silverstr8p
Thu Feb 12, 2015 1:12 am
Forum: General
Topic: Bandwidth Limit Per Interface
Replies: 3
Views: 13154

Re: Bandwidth Limit Per Interface

Thanks, ran into the same problem and got it working with your tip :)
by silverstr8p
Wed Feb 04, 2015 9:21 pm
Forum: General
Topic: bandwidth spikes bridge loop RB2011?
Replies: 0
Views: 328

bandwidth spikes bridge loop RB2011?

I'm getting bandwidth spikes on my downstream switch from the RB2011 like: http://cheatsheet.logicalwebhost.com/bandwidth_spike.png Has anyone seen something similar, and/or is this an indicator of a bridge/port loop somewhere, or how would I diagnose this? I'll try to get a network diagram together...
by silverstr8p
Thu Aug 14, 2014 10:38 pm
Forum: General
Topic: 750UP bridge works local, not across network
Replies: 2
Views: 419

Re: 750UP bridge works local, not across network

yep, that worked, thanks :) For anyone else who's trying this, here's what I did: /ip route add dst-address=0.0.0.0/0 gateway=192.168.5.1 I think I messed with switching vs. bridging awhile back, and for some reason I was able to get bridging working, but not switching. Are there any special tricks,...
by silverstr8p
Thu Aug 14, 2014 8:22 pm
Forum: General
Topic: 750UP bridge works local, not across network
Replies: 2
Views: 419

750UP bridge works local, not across network

I have bridged all 5 ports to basically use this unit as a 5-port PoE switch that I can l login to and manage. This works when I plug my laptop in directly to the ports, but not when I stick it on the network a few hops away. I can ping/ssh into adjacent IP units on the same subnet coming off the sa...
by silverstr8p
Wed May 28, 2014 9:12 pm
Forum: General
Topic: port forward debug
Replies: 9
Views: 1726

Re: port forward debug

I disabled each of the input firewall rules one at a time and checked port 80, then created a specific input rule to allow port 80 tcp, and none of those steps worked. I wonder about resetting the device to factory and implementing all these steps again to determine if I've made a mistake. I might d...
by silverstr8p
Tue May 27, 2014 10:20 pm
Forum: General
Topic: port forward debug
Replies: 9
Views: 1726

Re: port forward debug

Thanks for the tips @rextended, I added that rule, still doesn't work. Will dig into the tips from @docmarius as well and see if I'm missing something from that angle. For visualization's sake, I made this diagram of what I'm seeing: http://www.logicalwebhost.com/mikrotik_port_open.jpg Obviously onc...
by silverstr8p
Tue May 27, 2014 7:31 pm
Forum: General
Topic: port forward debug
Replies: 9
Views: 1726

Re: port forward debug

Here's what I have: # jan/07/1970 00:46:20 by RouterOS 5.24 # software id = CJJR-YCRT # /ip pool add name=default-dhcp ranges=192.168.88.10-192.168.88.254 /ip dhcp-server add address-pool=default-dhcp authoritative=after-2sec-delay bootp-support=\ static disabled=no interface=ether2-master-local lea...
by silverstr8p
Fri May 23, 2014 12:21 am
Forum: General
Topic: port forward debug
Replies: 9
Views: 1726

Re: port forward debug

Yes, ether1-gateway is assigned a public static IP that I know is world reachable. To test the theory, I configured a netbook running Linux and apache to that same public static IP on the same switch, and the port check tool showed port 80 open, and the public could view my netbook's "website" defau...
by silverstr8p
Thu May 22, 2014 11:47 pm
Forum: General
Topic: port forward debug
Replies: 9
Views: 1726

port forward debug

I want to route a public IP ports 560-564 and 2001 TCP to an internal LAN IP, here's what I have done so far: /ip firewall nat add chain=dstnat dst-address=pub.li.c.ip protocol=tcp dst-port=2001 action=dst-nat to-addresses=192.168.88.3 to-ports=2001 /ip firewall nat add chain=dstnat dst-address=pub....
by silverstr8p
Sat Apr 19, 2014 2:07 am
Forum: General
Topic: OpenVPN postrouting to VPN subnet?
Replies: 0
Views: 564

OpenVPN postrouting to VPN subnet?

I'm following the MT OpenVPN tutorial http://wiki.mikrotik.com/wiki/OpenVPN . Normally OpenVPN on Linux sets up its own private 10.8.0.0/24 subnet that clients appear to be using, and then I have some code that allows them to tunnel back out to the Internet appearing to come from the WAN IP like: vi...
by silverstr8p
Sun Jan 26, 2014 6:50 am
Forum: Beginner Basics
Topic: snmp from WAN/ether1 firewall config?
Replies: 2
Views: 2746

Re: snmp from WAN/ether1 firewall config?

nope, I figured linux shouldn't need it, normal routers usually don't (except Watchguard Fireboxes, which hold a special place in the fiery deep), haven't needed to on Juniper/Cisco gear anyway...so far... After I put the firewall rule in place it worked fine, whereas before snmpwalk -v 1 -c blah 1....
by silverstr8p
Sun Jan 26, 2014 12:57 am
Forum: Beginner Basics
Topic: snmp from WAN/ether1 firewall config?
Replies: 2
Views: 2746

snmp from WAN/ether1 firewall config?

I have snmp enabled on an rb1100us like: [admin@MikroTik] > /snmp print enabled: yes contact: blah@whatever.com location: blah engine-id: trap-target: trap-community: mikrotik_rb1100us trap-version: 1 trap-generators: and have set up that community with 0.0.0.0/0. I created a firewall input rule to ...
by silverstr8p
Wed Nov 20, 2013 7:24 pm
Forum: Beginner Basics
Topic: RB2011 dual LAN routing?
Replies: 10
Views: 5832

Re: RB2011 dual LAN routing?

Okay, I got it :)

I didn't have a default route for 0.0.0.0/0 to point to my upstream gateway, so I did:
/ip route add dst-address=0.0.0.0/0 gateway=10.1.10.1
Thanks you @Rudios and @ssofet, you guys have been a great source of help! I bumped both of your Karma's for the help :)
by silverstr8p
Tue Nov 19, 2013 9:12 pm
Forum: Beginner Basics
Topic: RB2011 dual LAN routing?
Replies: 10
Views: 5832

Re: RB2011 dual LAN routing?

@Rudios: thanks for pointing out my insanity :) I have now changed my subnet to 192.168.16.0/20 and my bridge for ports 2-3 to name 16.0 to avoid problems. I added a route of 192.168.16.0/20 to 10.1.10.1 (my upstream router) and now I can ping 10.1.10.1 (and others on that upstream subnet) from port...
by silverstr8p
Tue Nov 19, 2013 8:17 am
Forum: Beginner Basics
Topic: RB2011 dual LAN routing?
Replies: 10
Views: 5832

Re: RB2011 dual LAN routing?

@Rudios: thanks, will add that. I actually do need a /20, this project is part of a project to re-subnet a production /24 that ran out IP's a couple years before I thought it would, hence the /20, that should carry us until I get the next staging router (catalyst 4500) up and running, then we'll pla...
by silverstr8p
Tue Nov 19, 2013 4:15 am
Forum: Beginner Basics
Topic: RB2011 dual LAN routing?
Replies: 10
Views: 5832

Re: RB2011 dual LAN routing?

okay, I got the bridges set up and interfaces assigned to them: bridge1: 10.0, assigned ports 2-3 bridge2: 5.0, assigned ports 4-5 then added my subnets to those bridges bridge: 10.0, assigned 192.168.10.0/20 bridge: 5.0, assigned 192.168.5.0/24 so thanks, that helped :) But tried to modify the defa...
by silverstr8p
Fri Nov 15, 2013 8:50 am
Forum: Beginner Basics
Topic: RB2011 dual LAN routing?
Replies: 10
Views: 5832

Re: RB2011 dual LAN routing?

Okay, thanks @ssofet, will try it in a bit. In switching vs. bridging, which would result in the most throughput, or would they both be similar capacity? Yes, I want to masquerade outbound packets to eth0, er, 0/0, er, WAN, er ether1 I guess in Mikrotik world :) For outbound traffic ether2-3 -> ethe...
by silverstr8p
Thu Nov 14, 2013 11:13 pm
Forum: Beginner Basics
Topic: RB2011 dual LAN routing?
Replies: 10
Views: 5832

RB2011 dual LAN routing?

I'm trying to figure out to create 2 eth groups, then route NAT'ed traffic from them to eth1, which is a static IP, so here's a diagram: http://cheatsheet.logicalwebhost.com/mikrotik_dual_subnet.jpg Confession: I've been working with Juniper boxes, which are very different, so I'm trying to figure o...