MikroTik

bajodel

Low/High are actual voltage levels ..[cut].. depends on the specific SFP.

Nice, thanx

bajodel

Entering the command on CLI solves the problem: /interface ethernet set sfp-sfpplus1 sfp-rate-select=low Nice to know, but what does that setting really do? In the mikrotik interface wiki I read: sfp-rate-select (high | low; Default: high) Allows to control rate select pin for SFP ports. ..witch is...

bajodel

My thinking is that using STP to create redundant links between two directly attached devices is (slight) abuse. In this case it would be better .. bonding.. I can agree on this, but consider that just phisically plugging ether1 of rb3011 to one port of the crs326 immediately kills the rb3011 (swit...

bajodel

I don't know if these things are strictly related to 6.45.x but.. Yesterday I've added a secondary ethernet link from my main switch (CRS326) and my firewall (RB3011) in the knowledge my CRS326 would handle the backup link correctly (STP was already active on my CRS326); previously there was only th...

bajodel

The [netinstall-6.44.5.zip] seems corrupted, please confirm ..thanks

bajodel

Anyone experienced database corruption on dude with 6.44.2 ? After intalling 6.44.2, after some minutes of normal working dude service stopped; in log I saw corruption messages. Switching to 6.44.1 and reimporting didn't fix the problem. I've switched back to long-term 6.43.14, reimported the last b...

bajodel

It adds what?
Sorry, it actually drops the WLAN interface

try to upgrade the routerboard firmware as well, go to system routerboard upgrade.. then reboot
then see what happens and take a look at log lines

bajodel

*) make mouse wheel work anywere in connect window if login or password fields are in focus;

Now it works again ! Thanks

bajodel

Yes, this behavior of focus is the best solution for most of the users. https://www.thestar.com/news/insight/2016/01/16/when-us-air-force-discovered-the-flaw-of-averages.html Don't do something for most of the users, make it customisable so all users can use it the way they like ;) + 1000 .. I'm wi...

bajodel

I have 6.38.3 version, and I want to upgrade, but I want to avoid DHCP Server fail on bridge. What version is afected? Can I upgrade to 6.40.6 without risk of this bug?

IMHO yes, but better to ask here >> viewtopic.php?f=21&t=131129&start=50

bajodel

I've similar problem on a rb3011 connected to crs326 via DAC cable, disabling auto-negotiate on sfp interface and manually setting 1G (probably 10G in your setup I guess) the link came back fine. There is still a issue, now my rb3011 doesn't detect sfp down state (down link counter stay always on 0)...

bajodel

i cant show it with video. please open winbox with many saved adresses. i have 48 items in my address book. mark one and try to scroll up-down with the mouse wheel. it does not. with 3.11 was possible. Using Win7x86, it works for me in win10 the behaviour is exactly as freemannn says, plus some str...

bajodel

going back to 3.11, focuses on 3.12 are just crazy..

bajodel

Winbox 3.12 (on win10) doesn't scroll between saved items after selecting one of them, it seems the focus is elsewhere. After touching the vertical bar, scrolling works again.
It's only me? Please confirm.

bajodel

Please add night mode. We cant manage our routers at night

+1 good point

bajodel

I'd try via console cable, and then via netinstall if the first approach fails.

bajodel

Could we expect that 6.40.5 will become "bugfix" or 6.40.6 with fixes from 6.41? 6.40.5 is the last with "old-known-bridge-implementation" technology and not all want to upgrade to "new-better-but-not-too-familiarized" one. +1 .. absolutely, and keep 6.40.x on bugfix f...

bajodel

so > https://wiki.mikrotik.com/wiki/Manual:S ... utput_File

and send to support (ticket)

bajodel

upgrade also firmware (system routerboard update), then do 2 full reboot

bajodel

In your hypothetical example, IMHO, both clients would have similar bandwidth capabilities but the initial conditions should stay stable (freeze). You maybe should ask yourself why the conditions are so similar: - bad sector (huge side lobes, behaving as omni, ..) - client B (on side lobe) have bett...

bajodel

add some documents

+1 .. We know documentation takes time, but the rc features cannot be really well tested w/o at least basic suggestions

bajodel

ok, exactly as @aholmes says

bajodel

on the lease you have to restrict the assignment to the (1.x) specific dhcp instance, now I don't remember by hart the command .. but you'll find easily

bajodel

All you can do is already written in above posts.
For lazy guys looking for ready made / step-by-step guides >> YouTube.com

bajodel

This small update with possible can someone help better understand the place of new blocks "RAW Prerouting" and "RAW Output". @noviy I noticed only now your 2017/03 diagram update (I know, I'm late :lol: ) .. but I want to thank you for the brilliant work!! Now with new details ...

bajodel

.. if I use lease->arp entry creation to enforce DHCP use, I cannot delete leases at any time prior to their actual expiration because it will break connectivity for the user. .. would not give any indication as to why things stopped working. I see, in this scenario neither CoA (if supported in dhc...

bajodel

Little "/export" issue:
in "ip dhcp-server" section, any setting to "bootp-support" (e.g. set bootp-support=none lan_dhcp) will not be exported

bajodel

I'm sorry I've no answers, but I have a question:

the lease duration is set by MT dhcp server (settings) or by Radius?

I guess deleting leases via script lead to a overlapping addresses risk (can radius take care of this?)

bajodel

so go the three policies way
Another option would be ike2 which is currently going to support multiple split-networks (see last rc changelog)

bajodel

not three tunnels but three policies, or maybe you can "summarize" your 3 remote subnets into one bigger supernet

bajodel

take a look here >> viewtopic.php?t=71262

bajodel

nice trick, indeed! surely worth a try.

I was guessing.. as ip are assigned by dhcp (so dhcp can add arp dynamically) probably the arp-reply method could work too. You say 1:1 nat needs full arp functionality but probably that is enough, did you test it?

bajodel

https://www.fool.com/investing/2017/02/ ... rying.aspx
.."will be rolling out a brand-new technology called LTU this year"..

bajodel

hand out random /32

how do you manage that?

I absolutely agree on all other points, I usually would add:
- set proxy-arp to reply only on hotspot interface and set dhcp to add arp for leases

bajodel

I presume you specifically need (tunnel/encryption and) a virtual interface (l2tp) otherwise ipsec/ikev2 policy would be simpler. Maybe you can bring up ikev2 tunnel and then place l2tp over it (2 steps, w/o mt encryption checkbox auto-create) so you can separately debug. Now I'm not at office but a...

bajodel

There are no timestamps on strongswan side. I see Phase1 won't go up, I also see l2tp connection starting in mt .. are you trying to l2tp over ipsec ? strongswan cannot handle l2tp directly, you need separate daemon like xl2tpd. I would try to use ike2 as it's more robust on nat scenario, I've alrea...

bajodel

mikrotik ros version? strongswan version?

try to increase log verbosity on strongswan side (and then on mt side) and report back

bajodel

.. ..
seriously as a customer i don't understand and that obliges me to search alternatives, as an act of responsibility towards my clients
.. ..

+1

bajodel

In their shoes I would concurrently release a new 6.40.x in bugfix and stable, forcing all system to switch to bugfix channel as update default (6.40.x should then live in bugfix for long time). For admins ready to 6.41 it would be simple enough as manually switch to current again; in this way all s...

bajodel

+1 for tunable beacon intervals (better than nothing) .. I dont know if it's already in feature requests, but it should be

bajodel

From your description I cannot understand if CAPsMAN is on the cloud or on premise, maybe give some details

bajodel

VirtIO SCSI support, please, ASAP: viewtopic.php?f=15&t=124905&p=626094#p626094

+1

bajodel

(instead of print use export)

provide >> /export hide-sensitive

bajodel

try also to set allow-fast-path=yes on GRE or IPIP

bajodel

I suspect there are problems for hEX poe running 6.40.4, I've recently downgraded two units to bugfix 6.39.3 because poe autodetection on ether2/3 showed false shortcircuits (4/5 weren't affected). I would recommend to try bugfix 6.39.3 and report back

bajodel

nice! rep+

bajodel

Has anyone tested ROMON in 6.41rc47? Seems that is not working. Also, can someone explain how QinQ vlans would be programmed in the new Bridge vlan implementation? Put a bridge in your bridge? and if I need a single service tag on packets ? I've never played with new bridge but I suppose there is a...

bajodel

Thanks for fast fix and clear informations, well done!

bajodel

Since v2.5 switch address acquisition mode by default is DHCP with fallback to static address. It is the reason why you, probably, see 0.0.0.0 address for about 10 seconds right after booting. I've missed the " Since v2.5 switch address acquisition mode by default is DHCP " in changelog, ...

bajodel

I've managed to XMODEM SwOS v2.4 to my CRS326 (if I XMODEM v2.6 the device boot up without an IP ..even after a [r] reset config). Booting up SwOS 2.4 and tring to upgrade to v2.6 from web control panel the upgrade succeed but the device looses his IP address (reset do not solve), see below serial c...

bajodel

Hello bajodel, in case you have something plugged into CRS326 SFP+ ports, unplug it. Then try to boot SwOS and perform upgrade to v2.6. It should solve SwOS booting issues with active SFP+ ports. I've nothing plugged into SFP+ , the only cable connected is in ether1. Tried booting SwOS (also forcin...

bajodel

I've tried to switch to SwOS on a CRS326 but it goes in boot loop, I've connected serial cable and tried to fix but it seems there is no SwOS installed. I've seen in RoterBoot there are two possibility to flash new SwOS, via ethernet (tftp I suppose) and via serial cable but I've not found detailed ...

bajodel

AFAIK. . yes but via software w/o hardware assistance

bajodel

Why prerouting and not input ? The text says that these connections are "connection initiated from outside"... Connections from outside can go to the router (input) or can pass through to a device behind (forward), using prerouting you intercept both. Why distances are different? On sever...

bajodel

Tom, have you found the "bad-ass box"

? I'm very curious about drivers for physical 10-gig cards..

bajodel

Proscend endorses Versatek for US distribution:
https://www.versatek.com/product/vx-160 ... lco-grade/
They just restocked apparently.

I must check if they ship to EU, thank you anyway..

bajodel

.. or maybe use the in "in-bridge-port=" matcher in previous zerobyte configuration schema (std forward filter)?

bajodel

I'm curious, does this work on 360 meters distance?

probably not, and even if it works it will poorly perform (fraction of the nominal speed) and it will be unreliable IMHO

bajodel

Got the Procend 180-T ..[cut].. I will post some results..

Interesting, I'll wait for news.

Have anyone links of EU/shops where these modules are available? thanks..

bajodel

I suggest checking with your local authorities. There are new laws coming soon, some countries have already implemented them. For example check the left map on page 11: http://www.etsi.org/images/files/ETSIWhitePapers/etsi_wp9_e_band_and_v_band_survey_20150629.pdf Ok, thank you. You need to study y...

bajodel

..[CUT].. Only a few countries in the EU have stricter rules.

Please normis, could you be more specific ? I'm in EU/Italy and this information would be usefull (also for other EU citizens).
Thank you.

bajodel

any feedback from live/prod systems using these sfp modules?

bajodel

After upgrading from a fairly old version (6.36.2) to 6.40.4, we are experiencing massive IPsec issues.[CUT]... On the IPsec - Policies tab the failing policies do not have an "Active" state, and the PH2 State is "no phase2". But for the same tunnel, some policies are still work...

bajodel

..cut.. SFP transceiver, why do you have auto-negotiation disabled and what is connected to opposite side? Have you tried to turn auto-negotiation=on? On RB3011 sfp to a CRS326-24G-2S+ via DAC cable doesn't work if you set auto-negotiation , furthermore the RB3011 doesn't detect if link go down (CR...

bajodel

It's been 4 hours and the CRS326-24G-2S+ (on 6.41rc37) is now beheaving well: - RSTP now works stable between CRS326 and CRS125 (also on 6.41rc37) - it's now possible to edit MAC addresses on CRS326 ethernet ports (and the device doesn't stuck on reboot) - no port flapping (yet) very curious about t...

bajodel

Upgraded CRS326-24G-2S+ to 6.41rc37 , after reboot in the log I've noticed all ports have been removed from bridge hw-offloading and re-inserted. I've also noticed Firmware 3.43 was available for CRS326-24G-2S+ and I've upgraded it also and rebooted. Now I've enabled RSTP again and I'm going to re-i...

bajodel

paste your actual config ( via /export hide-sensitive)

bajodel

I've noticed one more thing (CRS326 - 6.41rc34 - RSTP now enabled):
>> keeping winbox logged to CRS326 the problem does not show up
>> closing winbox .. flapping starts

bajodel

(see previous post) Confirmed.. after some hours, disablig RSTP it's now stable.

bajodel

Board: CRS326-24G-2S+ Previous ROS: 6.41rc32 Status: quite stable, all port in bridge w/ RSTP enabled and 2 active link to CRS125 (active/alternate) Upgraded to 6.41rc34, every 3-5 minutes my laptop (direct patch cord to a CRS326 port) detects lost link; on a separate windows I've constant ping to m...

bajodel

Hey, Mikrotik team! Please extend "netwatch" funtionality a little bit. It is a nice feature, but so undeveloped. It will be nice to have an option to set amount of ping to send before change status to down and at its frequency. ..and the possibility to set source address (e.g. remote ips...

bajodel

Just updated a CRS125 test unit to 6.41rc31 (from 6.40.3); firmware upgrade and master-port-TO-new-bridge config auto-conversion went smoothly. NOTE: CRS125 config has custom MAC addresses set for all interfaces and this has not compromised upgrade/conversion, on CRS326 instead custom MAC addresses ...

bajodel

..CUT.. The switch constantly runs at 61°C and the SFP+ module at 49°C (my rack temperature is ~24°C)

They seem ok, also my CRS326 lives at that temperature. I agree that it's probably a little higher than previous crs models but the architecture is different.

bajodel

bajodel - Can you please send to support@mikrotik,.com precise commands which you execute to reproduce this problem? We added all ports into bridge, added DHCP client on bridge, rebooted device and it is working just fine. Board: CRS326-24G-2S+ 1) netinstalled 6.40.3 2) upgraded to 6.41rc30 3) rese...

bajodel

Sure, as soon as possible I'll try to redo the same setup.
Now I remember that I also changed default MACs on etherXX interfaces and set admin-MAC on bridge one.

bajodel

Just tested CRS326-24G-2S+ on 6.41rc30 - started from clean config (reset w/o default) - simple config: all port in a bridge, RSTP active - ip dhcp client on bridge interface - set identity and users Reboot >> device dead Via console I see the device is booting correctly >> startup services >> login...

bajodel

On CRS326-24G-2S+ / ros 6.40.3 and RouterBOOT booter 3.41, the memory test fail (tested on 2 different board); I guess the test is broken otherwise I've two defecting board memory. ..[CUT].. Hi, we found this test do not work correctly and most likely device memory works without errors. It will be ...

bajodel

On CRS326-24G-2S+ / ros 6.40.3 and RouterBOOT booter 3.41, the memory test fail (tested on 2 different board); I guess the test is broken otherwise I've two defecting board memory. ## choice "t" (do memory testing) Error in address=0x016FFEEC, W=0x016FFEEC R=0x01009C5C X=0x006F62B0 Error i...

bajodel

Dear Tom Jones,

Can you please tell me the same command for esxi 5.xx as your provided command is not working on esx 5.1

ESXi 5.0/5.1:
vsish -e set /net/tcpip/sysctl set _net_inet_tcp_delayed_ack=0

ESXi 5.5:
vsish -e set /net/tcpip/instances/defaultTcpipStack/sysctl/_net_inet_tcp_delayed_ack 0

bajodel

On RB3011/6.40.3 the sfp interface (DAC cable to CRS125 in my current test) doesn't correctly detect the down status, the CRS125/6.40.3 instead correctly detects if cable unplugged, other device is rebooted (temporary down), etc.. It was the same on 6.40.2 and I'm quite sure also 6.39.2 was affected...

bajodel

Updated some test boards on my desk (RB750Gr3, RB951G-2HnD, RBmAP2n), they are working well.
Thanks for this new 'current.point' release.

bajodel

The op wrote "150MB throughput" (not 150 mbps), if not a typo this means about 2 Gbit.
As pukkita said ..this is not going to happen . (full stop)

bajodel

Reverting to bugfix, dynamic address-lists work as expected.
Anyone can confirm on different board ?

bajodel

Probably there is a problem on dynamic address-list:

1) ok for dynamic address-list feeded by firewall rule (add src to address-list)
2) items istantly disappear if dynamic address-list are loaded from cli/script/winbox (I'm testing with 8days timeout)

(testing on a hEX with 6.40)

bajodel

.. less in profits .. I see yours point, but .. hEX/RB750Gr3 >> 5 Gbit ethernet, poe in, CPU with 4 Threads 2 core 880 MHz, usb port, sd port, 256 mb ram, voltage sensor and pcb temp sensor.. and 16mb flash !? I think there were other rooms for saving 2 $ , why put 256 mb ram and quad core cpu .. t...

bajodel

This was very easy to roll back with a partition. Just make the partition..

You are right, but try to use partitioning on a hEX (or any other "zero flash") devices!
There is no common sense in putting 16mb flash on new devices.. IMHO .. the real reason is obviously NOT save 2 bucks

bajodel

..cut.. What to do? ..cut.. IMHO stay with previous setup/version untill implementation is stable and complete; to edit bridge/switch functionality adding MSTP and igmp snooping is surely not easy step fo mt guys. Anyway I guess your abnormal broadcast is coming from uplink swich(es), maybe you can...

bajodel

@IntrusDave - I was testing/reading your last (beta) 'blacklistUpdate' script, at the end (quoted section below) ..[CUT].. # Turn the logging back on :if (\$blDebug = 1) do={ \$log t=\"Enabling firewall info logging...\"; } /system logging set numbers=0 topics=\$cl; ..[CUT].. I cannot figu...

bajodel

Please do some minimal work on the IPv6 routing..

+1

bajodel

..
Can not install dude-6.39.2: system 6.39.2 is not installed, but is required
Any ideas?

Probably wrong arch, try this:
https://download2.mikrotik.com/routeros ... .2-arm.npk

bajodel

.. [CUT].. We could think how to sync the APs that are on different frequencies but located on the same tower and connected to the same ethernet network. absolutely +1 Another thing; on current stable/rc scheduler has some issues, if you create new item it works but if you create from 'copy' it nev...

bajodel

Since for me this is an ethernet router I don't miss usb for lte stuff (and there are plenty of other storage interfaces), but I strongly agree SFP is the biggest missing feature (2x SFP+ in my dreams). I'm not an LCD big fan (I always disable it) because pegs cpu in small devices and it's almost us...

bajodel

have you set autoritative=yes on mt dhcp server ? (default is delay 2 seconds)

bajodel

..CUT.. Hey now, do not put words into my mouth. I never said anything about RouterOS 7. You can re-watch the announcement video and see. ok, so I cannot confirm :-) Probably my memory needs an upgrade, anyway I remember "someone" who said that ..and he was only joking. Is now any better ...

bajodel

IntrusDave is right .. no news/rumors for ros7 here Yes there was news! One guy said they had been so busy on developing new hardware that they had not worked on version 7 so there was no progress.. CUT.. I can confirm normis said that yesterday during opening session ..but he was only joking, prob...

bajodel

Be creative, invite someone from MikroTik for a drink (or two, three, ... you get the idea) and get some info from them!

very hard task, they are from latvia ..they can drink forever!

bajodel

IntrusDave is right .. no news/rumors for ros7 here

bajodel

CRS328-24P-4S+RM
-- SFP ports support only 10Gbit modules or also 1Gbit modules?
-- have also Separate PSU for passive or 802.3af/at PoE out?

- both (AFAIK)
- single input iec connector

bajodel

Some photos from live exhibition..

viewtopic.php?f=3&t=118852&p=591263#p591253

bajodel

bajodel

bajodel

bajodel

bajodel

bajodel

bajodel

bajodel

bajodel

bajodel

Sorry for current bad photo, after lunch new products (real) will be showed live..

bajodel

Will there be a live stream of MUM Europe 2017?

probably.. otherwise I can post some hot shots (new products info)

bajodel

!) bridge - fixed BPDU rx/tx when protocol-mode=none

can we have more information on this? thanks

bajodel

.. would be great to have also a 6.36 branch update/fix. I guess I'm not the only one keeping all 5ghz radio there to skip new forced radar stuff (waiting untill very stable)

bajodel

Upgraded successfully some 3011, 2011, hex poe, hex, 912xx and a couple of x86.
No problems, so far. Thanks for Vault7 immediate fix.

bajodel

Nathan, I guess that as these settings exist on standalone ap (even if we actually don't use/need them) they had been ported to (ap mode) capsman (?)

bajodel

Anyone else missing this feature with other basic APs feature?

yep +1

bajodel

interesting feature +1

bajodel

..cut..
A mangle rule which lets you modify any offset of a packet and a condition which works like the wireshark splice option would be really nice for us geeks

indeed, very useful and maybe a new CoDel/fq_codel queue type..
Maybe on ros7

bajodel

( http://forum.mikrotik.com/viewtopic.php?f=21&t=116994&p=581809#p581808 ) Note: Sorry for crossposting, but probably I've wrong posted earlier and this is a winbox problem. "/ip accounting" settings are not correctly shown by winbox (current/lastest 3.10), testing on board CRS125....

bajodel

damn!

.. probably also "/ip traffic-flow" have the same behaviour (winbox 3.10, board is 3011).
bye..

bajodel

"/ip accounting" settings are not correctly shown by winbox (current/lastest 3.10 , board is CRS125). I've no way now to go deeper and check if it could be a ros 6.37.4(+?) or winbox only (3.10) problem. Try to configure/enable ip accounting via winbox > all seems to be fine (service works...

bajodel

.. cut.. I personally can settle for the same way safe mode is working now, just with an option in Winbox at the startup saying "launch in safe mode" that would simply click the safe mode button for me in the beginning. If somebody else is editing in safe mode - I will get an error messag...

bajodel

http://mum.mikrotik.com/presentations/E ... 217199.pdf

any english (or italian) version?

bajodel

Here you can find informations..
http://wiki.mikrotik.com/wiki/Manual:Su ... utput_File

bajodel

Future request: Please preserve the state of the "Torch" collect blocks when exiting Winbox so I don't have to keep reselecting them each time?

+11

bajodel

in my setup, starting from 6.38x, the email notification server PORT setting is ignored (If I put 587, it uses 25 instead). I can't test rc now, could someone please check/confirm ? thanks

Am I the only one ?

(x86 dude)

bajodel

I'm interested too
+1

bajodel

in my setup, starting from 6.38x, the email notification server PORT setting is ignored (If I put 587, it uses 25 instead). I can't test rc now, could someone please check/confirm ? thanks

bajodel

It's too hard to solve in this way, you need to test more with the help of torch and log. In your place I would try to simplify the setup (maybe starting from blank config); surely you have some oddness in the marking/routing stuff but it's hard to work reading export lines w/o the possibility to di...

bajodel

The question is, what queries it sends that some public resolvers can properly answer and RouterOS can't? It should be the same.

Maybe some queries are not sent to public resolver but forced elsewhere, redirected queries are instead all catched so something can definitely be different

bajodel

( Safely backup your config and) try this: /ip route add dst-address=172.16.21.240/28 gateway=172.16.21.254 routing-mark=lan-paul ..and also notice that IMHO you have errors in your "/ip firewall filter" (I've splitted your forward/input chains but keeping YOUR original order): {01} add ch...

bajodel

...
Is it okay? I tried looking for 850nm but most shops don't mention wavelength so I'm a bit confused.

It's ok for S+85DLC03D but why don't you use the DAC ?

bajodel

Nice infos, good work!

bajodel

@janus20. ..any update?

bajodel

..[CUT] .. I have noticed "out:pppoe-paul" ; should not be "out:ether5 ? When i have tested from local network with both workstation and my laptop connected into same switch, and was working, i did not pay attention on this. I will try tomorrow to see it. Absolutely. So double check ...

bajodel

Hi @bajodel. Nope; Code you listed is working fine ( as i have already mentioned above ) but i want to connect via RDP from inside lan after .. [CUT] .. Yes, my bad .. I've copy&pasted wrong rules. Let's have another approach: 1) leave proxy-arp enabled on ether5 2) put an explicit (early posit...

bajodel

/ip firewall filter add action=accept chain=forward comment="Forward Remote Desktop Paul" disabled=no dst-port=35000 in-interface=pppoe-paul log=yes protocol=tcp /ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=35000 in-interface=pppoe-paul protocol=tcp to-addresses=1...

bajodel

I would try to enable proxy-arp on ether5 (or local-proxy-arp if you are already on 6.38),

bajodel

..[cut]..
*) bridge - fixed VLAN BPDU rx and tx when connected to non-RouterOS device with STP functionality;
..[cut]..

Can I have more info about that ? Thank you.

bajodel

Version 6.38rc49 has been released.
..
*) capsman - added "group-key-update" parameter;
...

finally! ..great news!

bajodel

http://www.mikrotik.com/thedude

bajodel

figata! (italian version for "cool")

bajodel

just a note.. I see now there is an updated/new cAP version wich is dual chained, what version do you have?

bajodel

So in my situation, with one 2011 and two cAPs, is there a way to run only 1 ssid through 2011 and cAPs? It just doesn't make any sense to not use 2011's dual antennas when it's faster than cAP. sure, set the same ssid/wpa2 on all 3 ap (2011 and 2 cAP). If you have clean full spectrum set 1,6,11 ch...

bajodel

just a note, imho you should measure total bandwidth on your real wan interface and not the test bandwidth avg in order to take the right script decisions

bajodel

Remember cAP is mono chain, 2011 has dual chain wireless (two antenna/polarisation) so the latter has double the speed (in perfect conditions) and has better resiliency in noisy environment

bajodel

probably ccr1009 would be enough for that, but I would go for the ccr1016 (not the 1036 because it has not the redundant power option).

bajodel

probably because you restored the same backup file on the three device.
look at interface property and click on reset mac, or via console "/interface ethernet reset-mac-address"

bajodel

new hEX is indeed powerful and affordable, probably it can do the job ..worth a try. I've suggested 3011 to be sure and to have some rooms for growth with few bucks more.
I would leave the crs doing the switch only, queue is heavy task (anyway you can try)

bajodel

did you update firmware also (system routerboard)?

bajodel

are you serious? you bought a 100 bucks switch pretending to route, nat and queue 300 users on a 100Mbit link?!
maybe crs is good enough for switching your user network, but now it's time to buy a quite powerful router !
if you have low budget, a 3011 would be the cheaper solution

bajodel

..cut.. 1. in your hotspot server settings, remove the address-pool entry (it should be none) - this way no unknown IP addresses will be mapped to pool addresses. 2. in the hotspot IP bindings list, create a rule at the bottom of the list for the entirety of your hotspot range as "regular"...

bajodel

I've a couple of 3011 on 100/100 fiber connection doing nat, firewall and queue (no fasttrack) and their cpu work in range 25-30% when link is saturated. In same conditions I think 3011 would probably max his cpus at about 300-400 Mbit (aggregate). I may be wrong but IMHO 3011 is not the right choic...

bajodel

Version 6.38rc36 has been released. Changes since 6.38rc35: .. [CUT].. If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash. CRS125-24G-1S upgraded from 6.38rc3...

bajodel

+1 ..

bajodel

why disabled interface go up 10 half duplex ? (asked already on the linked page)

bajodel

are you able to setup a working status with ispB only?

bajodel

.. [CUT] .. 3) use the list as a raw in and out list, and whitelist the addresses you feel are wrongly blocked. Personally, I use option 3 for businesses .. [CUT] .. Testing (mode 3) now on a new hEX and works like a charm. Thanks.. (rep+) I'm wondering if I can consider "reliable" your s...

bajodel

My only disappointment is the 16MB flash. I'm a huge proponent of partitions. There have been times where I have had to revert back after upgrading, due to a bug. Nothing like being able to just boot the other partition! I would be willing to pay the extra $2 to have 32 or 64MB flash. ;-) Amen .. +1

bajodel

WMM is enabled by default in CAPsMAN (from 6.31+) , before it was disabled by default (I would like a control over it too with a software setting). About group key timeout (I can be wrong) I remember some mention in a past changelog but I've not verified that functionality at that time; a rapid chec...

bajodel

Code: Select all
add chain=srcnat out-interface=LAN dst-address=192.168.1.100 action=masquerade
can you explain logic of that expression?

you'll find it useful >> http://wiki.mikrotik.com/wiki/Hairpin_NAT

bajodel

nice job, too white for me also (ubiquit/ous apple style contamination) but it's my problem only

bajodel

About HW encryption, it was promised for ROS v7, because currently used kernel does not have a driver.

ok, this answers only to one question. What about partitions ? I'm now extremely used to work with them for failsafe/backup and I'm scared to upgrade my 3011 devices.

bajodel

On RB951G with 6.38rc15 (using winbox 3.7) if you set wlan1 band to 2 Ghz-G/N the HT MCS tab disappears. It came back if you set band to bgn or only-n (not tested other combinations)

bajodel

My GPON ONU works well, but also show no details in CRS125. Do you have someone working GPON SFP with details about SFP module? Thanks

I'm sorry I've no answer, but I have a question

..what do you have/use on the other side (olt)?

bajodel

I guees, crowded vertical reasons

bajodel

Ha! Wow! I never looked there! me too, so rep+ to Tom Anyway, nv2 key size never make packets bigger, only "more encrypted" (so more cpu? probably not) Hardware retry default to 7 if I remember well, I usually set it lower for good links (keeping latency down) and higher for bad one (help...

bajodel

Have you upgraded many times (RC version included) that 1016 ? ..a couple of times I've experienced some problems when I did lot of uprade (testing boards) . Netinstall solved.
Let us know

bajodel

Seems like ipip tunnels not working if fastpath is enabled (if I disable fastpath locally on ipip interface or globally tunnels works)

bajodel

In your place i would try to:
- check all bridges if they have admin-mac correctly set
- temporarily disable fastpath/track (torch docet)
- check interfaces status up/down counters
- try to disable interface flow control
- ...

Could you show us the /export ? (opportunely obfuscated)

bajodel

releasenote for 6.37rc10 says: snmp - added script table which executes script and returns it's output on get request;
Unfortunately I still have not been able to locate that script table... where is it?

Me too, where is it?

bajodel

Try also to set 911G-5HPnD CPE ethernet interface queue to ethernet default (not only hardware queue)

bajodel

I've (need to) read your post 6 times and dozens of rfc, now I've understood (probably only 80-90%, better than nothing).. and:

+1 I strongly agree

bajodel

When CPU load increases to 90-100%, FAN speed is about 25000RPM. In profile it shows queueing consumes 70-80% CPU. This setup was working fine for more than a year and of late we are seeing this issue.

what has changed during the year? more users? different queue? upgraded ros ?

bajodel

I remember some users complaining when pppoe server reaches some limit threshold (don't recall now exactly), probably I'm wrong but maybe worth to search in old topics also..

bajodel

If you don't need to use all 10 ports, you can also connect ether5 and ether6 with a short patch. For example, if you set ether1 master port for ether2,3,4,5 and ether6 master port for ether7,8,9,10 you will have a sort of full switched logic (no cpu involved) as you can normally achieve with crs li...

bajodel

(sorry for incorrect grammar, I'm not native speaking) Just for curiosity ZeroByte ..which are the drawbacks if we put static and pppoe customers on the same lanX? I mean, in such scenario with few public addresses. My question arises because I always try to avoid proxy-arp whenever possible. Probab...

bajodel

http://forum.mikrotik.com/viewtopic.php?t=104464

ARM systems do not include usermanager ..jet

bajodel

absolutely nice ++

bajodel

station-bridge is obviously not a option with your Apple AP, but you probably can try with station-wds ..

http://wiki.mikrotik.com/wiki/Manual:In ... s#Repeater

bajodel

I suspect similar strange behavior on some test board (working with actual bugfix 6.34.6 and current 6.35.x) .. on production I'm always very conservative and still using old bugfix 6.32.x and 6.30.4 everywhere and there I never notified problems.
Do you have any updates on this?

bajodel

I also dug up my previous report of this bug, and Mikrotik stated that this behavior will be fixed in ROSv7.

This seems like too large of a bug to leave un-fixed in ROSv6.

I Absolutely agree with you! Thanx for your lab works and detailed report.

bajodel

..cut..
(I'm not quite sure what the behavior is for a tree that is parented to global - perhaps someone else can chime in on that point)...cut..

I'm interested too

P.S. and I would like to know why I cannot give you rep anymore..

bajodel

bajodel - This is different fix for other issue.

I got it, so I must wait..

Please.. answer.. when do you plan to make partitions work on RB3011/ARM ?

bajodel

Version 6.36rc30 has been released. *) rb3011 - fixed usb driver load (introduced in 6.36r22); If you experience version related issues.. [cut].. RB3011 on 6.36rc30 (rebooted 2 times after) doesn't see usb disk (USB kingston datatraveler 8GB); item present in system resources usb list but not in sy...

bajodel

Upgraded some ipsec endpoints (mostly rb1100) ..all working well.
The new bugfix version seems to have the same quality/stability level of previous.. maybe better.
Well done!

bajodel

Version 6.36rc27 has been released. .. cut .. If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash. Rb3011 still doesn't see usb disk and partition's tool doesn...

bajodel

First reboot after upgrade "solved" the timestamp issue..

Confirmed on a rb1100, thanks for hint

bajodel

..[cut].. bajodel - please generate supout file on device and send it to support@mikrotik.com OK ..to give more help I've netinstalled one of the RB3011 with 6.36rc16. Problem persist, so supout sent to support@mikrotik.com with screenshot and details. >> [Ticket#2016052566000541] Thank you..

bajodel

Version 6.36rc16 has been released. ..[CUT].. If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash. On two RB3011 upgraded to 6.36rc16 I've lost USB/Disk (prese...

bajodel

http://forum.mikrotik.com/viewtopic.php?t=53660

http://forum.mikrotik.com/viewtopic.php?t=30914

https://aacable.wordpress.com/2011/09/0 ... -same-lan/

bajodel

+1 ..

bajodel

Pcq-upload does not work well when apple devices starts to backup!!! I mean when a user starts to fully upload. It works better if you also set a rate limit in pcq queue (eventually bursted) at a reasonable fraction of full upload speed (also true for download ..but, in my experience, avoidable in ...

bajodel

*) rb3011 - make ether6-ether10 work if SFP module is present on bootup; Does this resolve the port flapping issue that appeared on some rc after rc29? If yes, did anyone manage to upgrade to the latest rc without 'bricking' their board? There are a few reports not being able to boot afterwards. My...

bajodel

Version 6.35rc42 ..port flapping on 3011 persist (ports 6-10), device unusable Also confirmed here. Downgraded back to 6.35rc29 and the problem was resolved. I'm quite new to 3011 so I went back to 6.34.3, flapping resolved but I've encountered some strange 'loop' alert on bridges witch have VLANs ...

bajodel

Version 6.35rc41 has been released. ..[CUT].. If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash. It does not resolve the behavior to flapping at the RB3011 i...

bajodel

any news on this?

bajodel

about same results with 1/2 the cost ?

bajodel

From wiki.. http://wiki.mikrotik.com/wiki/Manual:Upgrading_RouterOS License issues When upgrading from older versions, there could be issues with your license key. Possible scenarios: When upgrading from RouterOS v2.8 or older, the system might complain about expired upgrade time. To override this, ...

bajodel

looking for answer as well ..

bajodel

I'm sorry thats not what I ment. I already have a wpa2-radius setup with ROS and the ubiquiti ap's a long time. With rfc 3580 you can make dynamic vlan's. So you can asign specific users to a specific vlan based on their login username or you can allow access to a specific ssid for a specific user....

Search found 547 matches