Community discussions

Search found 34 matches

by volga629
Thu Oct 03, 2019 4:39 pm
Forum: General
Topic: Mikrotik RB951Ui-2HnD Switch VLAN
Replies: 1
Views: 387

Mikrotik RB951Ui-2HnD Switch VLAN

Hello Everyone, Setup: OS Ver: 6.45 Model: RB951Ui-2HnD Bridge Interface BR1_UPLINK Attached interfaces to bridge: wlan 1 ( vlan 50 tag ) wlan2 ( vlan 20 tag ) ether 2 ( trunk ) ether 3,4,5 ( connected laptop ) Issue: How to mark interfaces 3,4,5 with access vlan 50 so it will pass to ether 2 down s...
by volga629
Sun Aug 07, 2016 9:48 pm
Forum: General
Topic: Ipv6 address distribution
Replies: 2
Views: 529

Re: Ipv6 address distribution

This output on "Mikrotik Access Point 1"

[volga629@can01nlap03] > /ipv6 nd export
# aug/07/2016 15:47:24 by RouterOS 6.36
# software id = NN8I-H0IA
#
/ipv6 nd
set [ find default=yes ] interface=bridge-wifi other-configuration=yes
/ipv6 nd prefix default
set autonomous=no
by volga629
Sun Aug 07, 2016 7:13 pm
Forum: General
Topic: Ipv6 address distribution
Replies: 2
Views: 529

Ipv6 address distribution

Hello Everyone, Having issue distribute ipv6 address from tunnel broker assigned subnet. My setup |----- Desktop 1 Tunnel broker ------ Internet ---- Mikrotik Main Router ----- Mikrotik Access Point 1 |------ Desktop 2 |------ Deskop 3 ------ Mikrotik Access Point 2 I setup tunnel to broker and assi...
by volga629
Wed Jan 13, 2016 9:21 pm
Forum: Forwarding Protocols
Topic: BGP VPLS
Replies: 26
Views: 2847

Re: BGP VPLS

This virtual router run on kvm hpv
by volga629
Wed Jan 13, 2016 9:20 pm
Forum: Forwarding Protocols
Topic: BGP VPLS
Replies: 26
Views: 2847

Re: BGP VPLS

I tried 1200b and getting little bit less speed. [volga629@ws01 ~]$ sudo iperf -s -p 2000 -l 1200 ------------------------------------------------------------ Server listening on TCP port 2000 TCP window size: 85.3 KByte (default) ------------------------------------------------------------ [ 4] loc...
by volga629
Wed Jan 13, 2016 7:53 pm
Forum: Forwarding Protocols
Topic: BGP VPLS
Replies: 26
Views: 2847

Re: BGP VPLS

I setup EoIP with secure ipsec. Did speed test with ipsec and without ipsec and with ipsec getting less 40Mb/s then without which significant difference. Without IPsec [volga629@ws01 ~]$ sudo iperf -s -p 2000 ------------------------------------------------------------ Server listening on TCP port 2...
by volga629
Wed Jan 13, 2016 7:01 pm
Forum: Forwarding Protocols
Topic: BGP VPLS
Replies: 26
Views: 2847

Re: BGP VPLS

I guess with EoIP no need ipip.
by volga629
Wed Jan 13, 2016 6:18 pm
Forum: Forwarding Protocols
Topic: BGP VPLS
Replies: 26
Views: 2847

Re: BGP VPLS

Thank you for reply. I will try you recommendation today. What is performance wise if I will terminate 3 or 4 ipip tunnels on each device with EoIP.
by volga629
Wed Jan 13, 2016 2:01 pm
Forum: Forwarding Protocols
Topic: BGP VPLS
Replies: 26
Views: 2847

Re: BGP VPLS

After some troubleshooting. I don't see why always label get null-exp 0.
by volga629
Wed Jan 13, 2016 2:04 am
Forum: Forwarding Protocols
Topic: BGP VPLS
Replies: 26
Views: 2847

Re: BGP VPLS

I found the issue with firewall, but I think MPLS binding is not completing properly. I don't see out label on AD [volga629@canlrt03] /interface vpls> /mpls remote-bindings print Flags: X - disabled, A - active, D - dynamic # DST-ADDRESS NEXTHOP LABEL PEER 0 D 10.1.254.1/32 33 10.2.254.1:0 1 AD 10.2...
by volga629
Wed Jan 13, 2016 12:01 am
Forum: Forwarding Protocols
Topic: BGP VPLS
Replies: 26
Views: 2847

Re: BGP VPLS

yes, this is unrelated to the topic. One side of VPLS show up and another not [volga629@canlrt03] > /interface bridge port print Flags: X - disabled, I - inactive, D - dynamic # INTERFACE BRIDGE PRIORITY PATH-COST HORIZON 0 LAN-eth1 LAN-lo0 0x80 10 none 1 D vpls9 LAN-lo0 0x80 50 1 [volga629@canlrt04...
by volga629
Tue Jan 12, 2016 11:22 pm
Forum: Forwarding Protocols
Topic: BGP VPLS
Replies: 26
Views: 2847

Re: BGP VPLS

I see on drop log
input: in:ipip-tun01 out:(none), proto UDP, ipip_tunnel_ip:646->224.0.0.2:646, len 62
by volga629
Tue Jan 12, 2016 11:19 pm
Forum: Forwarding Protocols
Topic: BGP VPLS
Replies: 26
Views: 2847

Re: BGP VPLS

I have 5 sites to connect together. I am trying get working at least 2 sites for right now. Encryption will done on application layer. Still doing some troubleshooting one side of vpls not established correctly, might be firewall issue.
by volga629
Tue Jan 12, 2016 10:22 pm
Forum: Forwarding Protocols
Topic: BGP VPLS
Replies: 26
Views: 2847

Re: BGP VPLS

I got working case with ipip tunnel BGP come up and vpls link come up too, but from lan server ip I can't ping another end same server says UNREACHABLE [volga629@canlrt03] > /interface bridge port print Flags: X - disabled, I - inactive, D - dynamic # INTERFACE BRIDGE PRIORITY PATH-COST HORIZON 0 LA...
by volga629
Tue Jan 12, 2016 9:26 pm
Forum: Forwarding Protocols
Topic: BGP VPLS
Replies: 26
Views: 2847

Re: BGP VPLS

In y case I think it will not work, because both routers on WAN side in different networks. So I will need run some thing like GRE tunnel to reach each loop back. Or some thing else which I s on't know about. My setup. IP address of WAN-eth1 assigned by each ISP. Router 1 WAN-eth1 -----> ISP 1 ----I...
by volga629
Tue Jan 12, 2016 6:46 pm
Forum: Forwarding Protocols
Topic: BGP VPLS
Replies: 26
Views: 2847

Re: BGP VPLS

Interesting that if I set on BGP update-source loop back interface it sit on connect state never established only my wan interface works.
by volga629
Tue Jan 12, 2016 6:00 pm
Forum: Forwarding Protocols
Topic: BGP VPLS
Replies: 26
Views: 2847

Re: BGP VPLS

Here TE settings. Both IP of each end loop back, where on OSPF set redistribute connected as-type 1 [volga629@canlrt04] /interface traffic-eng> print value-list name: te1 mtu: 1500 disable-running-check: no from-address: 10.2.254.1 to-address: 10.1.254.1 bandwidth: 1kbps primary-path: dyn secondary-...
by volga629
Tue Jan 12, 2016 5:56 pm
Forum: Forwarding Protocols
Topic: BGP VPLS
Replies: 26
Views: 2847

Re: BGP VPLS

I just verified my setup and everything looks exactly as you described. I tired bring up TE, but it not working either. What log I can enable ?
by volga629
Tue Jan 12, 2016 4:52 pm
Forum: Forwarding Protocols
Topic: BGP VPLS
Replies: 26
Views: 2847

Re: BGP VPLS

Thank you for reply.
I configured ldp to each side public ip as lsr-id, but it not completing negotiations, because 2 ends is in different subnet ranges. Is this make sense ?
by volga629
Tue Jan 12, 2016 6:09 am
Forum: Forwarding Protocols
Topic: BGP VPLS
Replies: 26
Views: 2847

BGP VPLS

Hello Everyone, I have installed 2 routers each in remote location, WAN interface in different subnets. I am trying connect BGP address-families=l2vpn to propagate routes and VPLS . BGP establish connection, but none routes is coming up. Also VPLS interface set inactive. Any help thank you.[ [volga6...
by volga629
Wed Sep 09, 2015 3:37 pm
Forum: General
Topic: ipsec road warrior android
Replies: 3
Views: 676

Re: ipsec road warrior android

Hello Everyone, Having issue where I created profile with IPsec Road Warrior connection for android clients, but can't access any resources on LAN or Server Subnet. Clients connects without any issues. I created ipsec chain and ESP with NAT-T marking connection in mangle table to make sure allow on...
by volga629
Wed Sep 09, 2015 12:33 am
Forum: General
Topic: ipsec road warrior android
Replies: 3
Views: 676

ipsec road warrior android

Hello Everyone, Having issue where I created profile with IPsec Road Warrior connection for android clients, but can't access any resources on LAN or Server Subnet. Clients connects without any issues. I created ipsec chain and ESP with NAT-T marking connection in mangle table to make sure allow onl...
by volga629
Thu Jul 02, 2015 5:30 pm
Forum: General
Topic: firewall rules
Replies: 0
Views: 365

firewall rules

Hello Everyone, I am trying do content match with forwarding. How is possible to it with mikrotik ? Is it will work for multiply servers on the lan ? Any help thank you. 1. Match content string. In raw iptables. -A PREROUTING -i eth+ -p tcp --dport 5085 -m string --string "sip:sip:domain.tld" --algo...
by volga629
Mon Mar 16, 2015 6:23 am
Forum: General
Topic: Feature request for v7.x
Replies: 269
Views: 63626

Re: Feature request for v7.x

Hello Everyone,
Will be nice to see for RouterOS7

1. 802.11k 802.11r Fast Transition Roaming. Really useful in MAN areas.
2. Routed based vpn ipsec0 klips with libreswan. Better control over vpn traffic.
by volga629
Mon Mar 16, 2015 6:03 am
Forum: Scripting
Topic: wireless signal-strength
Replies: 6
Views: 2427

Re: wireless signal-strength

Hello Everyone,
Is possible to know how on version 6.27 get command in right way to print signal-strength
[volga629@testap] > /interface wireless registration-table get [find interface=wlan1] signal-strength  
invalid internal item number
by volga629
Wed Jan 07, 2015 5:12 pm
Forum: Wireless Networking
Topic: Wifi AP
Replies: 4
Views: 851

Re: Wifi AP

I though about this RB912UAG-2HPnD-OUT 802.11g/n that I can use also 3g/4G for fail-over connection. I am just trying build test lab where will be in use mix AP to accommodate different wireless clients.
by volga629
Wed Jan 07, 2015 3:43 pm
Forum: Wireless Networking
Topic: Wifi AP
Replies: 4
Views: 851

Re: Wifi AP

Thank you for reply. Yes than explain a lot. So I will need look for external AP with 2.4 Ghz band.
by volga629
Wed Jan 07, 2015 2:35 am
Forum: Wireless Networking
Topic: Wifi AP
Replies: 4
Views: 851

Wifi AP

Hello Everyone, We bought for testing in company office RB OmniTIK UPA-5HnD firmware 6.24. I got basic setup done. And wifi access point show up, but some devices don't see access point at all. How possible troubleshoot that problem ? Example Laptop Dell E6430 [user@vm ~]$ lspci | grep Broad 02:00.0...
by volga629
Fri Oct 31, 2014 4:04 am
Forum: General
Topic: poe
Replies: 1
Views: 622

poe

Hello Everyone,
I have omnitik upa 5hnd and router 450G is possible power then from external poe switch ? And if yes which model or manufacture. I tried plug 450G to netgear poe switch without power adapter, but didn't worked.

Any help thank you.
by volga629
Sun Jun 29, 2014 9:59 pm
Forum: General
Topic: l2tp vpn with radius
Replies: 0
Views: 1045

l2tp vpn with radius

Hello Everyone, I see that my radius server it granting access, but mikrotik reject. So far I checked l2tp profile all related configuration to l2tp. IPSEC part is coming up as should, but authentication faling. Radius as back ended use DS-389 server which is ldap. Detail: Virtual Appliance Mikrotik...
by volga629
Sat Nov 23, 2013 5:33 am
Forum: General
Topic: Feature Request: IPSEC Improvements
Replies: 60
Views: 15700

Re: Feature Request: IPSEC Improvements

VTI +1

A lot of cases were I need run Eoip though ipsec and there another tunnels to supply OSPF for router. Tunnel interface will be simplify for 100% everything. Hope this feature will be on Router OS soon.
by volga629
Wed Nov 20, 2013 4:46 am
Forum: General
Topic: eoip ipsec problem
Replies: 1
Views: 743

eoip ipsec problem

Hello Everyone, I am trying extend private dmz to DR site though ipsec and eoip. Got vpn tunnel up in transport mode up and running also added eoip interface faces remote side as public ip of the ipsec tunnel. and setup bridge with relevant interfaces in it, but server in PUB_DMZ can't reach DR on s...
by volga629
Wed Nov 20, 2013 12:04 am
Forum: Beginner Basics
Topic: Geo IP lookup support for firewall
Replies: 0
Views: 460

Geo IP lookup support for firewall

Hello Everyone,
I would like ask for firewall addon, Add geo ip country lookup for firewall. This feature really handy to control connections based on country code, specially when routers is on WAN side.
Poll will be available for 30 days, I hope find people interest and support in this feature.
by volga629
Tue Nov 19, 2013 6:35 am
Forum: Beginner Basics
Topic: Outbound connection
Replies: 0
Views: 430

Outbound connection

Hello Everyone, I can't figure out outbound connection is problem. Only ping traffic is going out, but nothing else. Tried reproduce problem on regular iptables and worked as expected. I see some connection in log, but assume that get lost on the way. Beside that DNAT working as expected. Any help t...