Community discussions

MikroTik App

Search found 64 matches

by blazej44800
Tue Dec 27, 2022 12:39 pm
Forum: General
Topic: SSH login causes two access requests to radius before password prompt
Replies: 2
Views: 779

Re: SSH login causes two access requests to radius before password prompt

Of course, it was the first thing I tried. No difference. I still see two access-reject answers before password prompt.
by blazej44800
Mon Dec 26, 2022 4:08 pm
Forum: General
Topic: SSH login causes two access requests to radius before password prompt
Replies: 2
Views: 779

SSH login causes two access requests to radius before password prompt

Hello,

I have discovered, that if I configure radius for login authorization and I login via SSH, Mikrotik firstly makes two radius access-requests without password (even before SSH password prompt).

Why this behaviour?
by blazej44800
Fri May 13, 2022 10:22 am
Forum: General
Topic: Connection tracking - forced off vs. auto off
Replies: 24
Views: 6045

Re: Connection tracking - forced off vs. auto off

I tried few things. Any filter/nat/mangle rule will add two dynamic rules to RAW table. Any rule in raw table will not. If raw table contains any static rule, these dynamic rules go to the end. Conntrack turned off in auto mode makes the same CPU saving as turning off via "no-track" raw ru...
by blazej44800
Thu May 12, 2022 11:00 am
Forum: General
Topic: Connection tracking - forced off vs. auto off
Replies: 24
Views: 6045

Re: Connection tracking - forced off vs. auto off

I got reply from MK support: Artūrs C.3 Hello, Yes, that is how it works in RouterOS. Turning off firewall connection tracking will dynamically generate firewall RAW rules with "action=notrack" and all the new connections will bypass the connection tracking table. Fundamentally, connection...
by blazej44800
Thu May 12, 2022 12:04 am
Forum: General
Topic: Connection tracking - forced off vs. auto off
Replies: 24
Views: 6045

Re: Connection tracking - forced off vs. auto off

When you tried to turn the conntrack off, did you have any rule in filter/NAT table? I also think, this behaviour depends on rules in filter table. It looks like Mikrotik completely disable some kernel parts, when there are no filter rules. But when there is any, mikrotik can not disable these kern...
by blazej44800
Wed May 11, 2022 11:45 pm
Forum: General
Topic: Connection tracking - forced off vs. auto off
Replies: 24
Views: 6045

Re: Connection tracking - forced off vs. auto off

For me, it's instantly.
by blazej44800
Wed May 11, 2022 9:56 pm
Forum: General
Topic: Connection tracking - forced off vs. auto off
Replies: 24
Views: 6045

Re: Connection tracking - forced off vs. auto off

ROS v 7.2, setting connection tracking to off created the exact same Dynamic entries in the RAW table too...
Hmm, we have to wait for support reply in ticket. I will keep in touch.
by blazej44800
Wed May 11, 2022 6:55 pm
Forum: General
Topic: Connection tracking - forced off vs. auto off
Replies: 24
Views: 6045

Re: Connection tracking - forced off vs. auto off

The thing is that what you've actually open is not a "ticket"
Sorry, it is just typo ... but I opened ticket also (SUP-81934).

When you tried to turn the conntrack off, did you have any rule in filter/NAT table? EDIT And did the connections table flushed after turning off? yes
by blazej44800
Wed May 11, 2022 5:43 pm
Forum: General
Topic: Connection tracking - forced off vs. auto off
Replies: 24
Views: 6045

Re: Connection tracking - forced off vs. auto off

Yes, it is strange. Because of this I opened this ticket, what that is. Just to make sure, these rules are: [router] /ip firewall raw> print Flags: X - disabled, I - invalid, D - dynamic 0 D ;;; /ip firewall connection tracking set enabled=no chain=prerouting action=notrack 1 D ;;; /ip firewall conn...
by blazej44800
Wed May 11, 2022 5:29 pm
Forum: General
Topic: Connection tracking - forced off vs. auto off
Replies: 24
Views: 6045

Re: Connection tracking - forced off vs. auto off

I just check on RB5009 wit 7.2.3 and on RB911G with 6.48.6, but on both never appear rules on firewall raw when I set connection-tracking off...
I checked this on RB2011 running 6.48.3.
https://i.imgur.com/tNESJpN.png
by blazej44800
Wed May 11, 2022 4:53 pm
Forum: General
Topic: Connection tracking - forced off vs. auto off
Replies: 24
Views: 6045

Re: Connection tracking - forced off vs. auto off

What I'm trying to say is that these two methods don't do the same thing. And I think, it can have impact to performance also. (I think that conntrack disabled in AUTO mode disables some parts of Linux Kernel network stack completely. But forcing conntrack disable just cause to mark all traffic with...
by blazej44800
Wed May 11, 2022 3:58 pm
Forum: General
Topic: Connection tracking - forced off vs. auto off
Replies: 24
Views: 6045

Connection tracking - forced off vs. auto off

Hello, I found that disabling connection tracking by setting "/ip firewall connection tracking set enabled=no" will add 2 rules to raw table (with action=no-track) and it will not flush "connections table" (entries have to timeout natively). On the other hand, when "/ip fire...
by blazej44800
Thu Dec 23, 2021 9:26 pm
Forum: Forwarding Protocols
Topic: rp-filter=loose, including default-route or no?
Replies: 6
Views: 9116

Re: rp-filter=loose, including default-route or no?

UP

I just tested the behaviour of RP loose mode and it considers default route as normal route. In case default route is installed, loose mode has no sense.
I tried the same on Arista switch and they correctly ignore the default route.
Who wants to join support ticket, PM to me.

SUP-69814
by blazej44800
Fri Oct 08, 2021 9:28 pm
Forum: Announcements
Topic: v6.49 [stable] is released!
Replies: 219
Views: 95833

Re: v6.49 [stable] is released!

Hello everyone,

today I used 6.49 on newly upgraded site with RB953GS-5HnT. After 80 minutes it was rebooted "Without proper shutdown by watchdog timer". After next 30 minutes again. I did downgrade to 6.48.5 and no reboot yet (5 hours). Auto supout was not created.
by blazej44800
Tue Sep 28, 2021 8:25 pm
Forum: Forwarding Protocols
Topic: RouterOS ignoring OSPF LSA with LA-bit set
Replies: 1
Views: 2866

RouterOS ignoring OSPF LSA with LA-bit set

Hello, in mailing list of Bird routing daemon https://bird.network.cz/pipermail/bird-users/2021-September/015758.html we discussed that RouterOS is wrongly ignoring OSPF LSAs with /128 IPv6 addresses with LA-option bit set. In my situation, Debian server has IPv6 address attached to dummy interface....
by blazej44800
Fri Feb 05, 2021 12:48 pm
Forum: Announcements
Topic: v6.48.1 [stable] is released!
Replies: 103
Views: 60247

Re: v6.48.1 [stable] is released!

What about RB3011 port flapping re-introduced in 6.48?
It's this one
) switch - fixed interface toggling for devices with multiple QCA8337, Atheros8327 or RTL8367 switch chips (introduced in v6.48);
Ou, I missed that. Thanks!
by blazej44800
Fri Feb 05, 2021 11:43 am
Forum: Announcements
Topic: v6.48.1 [stable] is released!
Replies: 103
Views: 60247

Re: v6.48.1 [stable] is released!

What about RB3011 port flapping re-introduced in 6.48?
by blazej44800
Mon Dec 14, 2020 11:23 pm
Forum: Wireless Networking
Topic: ROS make-wifi-fast bufferbloat implementation
Replies: 3
Views: 1134

ROS make-wifi-fast bufferbloat implementation

Hi there,
I'm interested in implementation of bufferbloat make-wifi-fast from 2016 by Dave Tath's group. Has the current stable ROS implemented these patches for wifi queue management, fair airtime sharing and so on?
by blazej44800
Mon Sep 14, 2020 5:22 pm
Forum: Wireless Networking
Topic: wAP 60G AP parameters
Replies: 3
Views: 2145

wAP 60G AP parameters

Hello,

does anybody know antenna gain and max. TX power for wAP 60G AP?


Thanks
by blazej44800
Sat Sep 05, 2020 10:19 pm
Forum: Wireless Networking
Topic: Nv2 Security Profile Problem
Replies: 8
Views: 3432

Re: Nv2 Security Profile Problem

Up.

Some plans to introduce NV2 compatibility with 802.1x and radius in ROS 7?
by blazej44800
Wed Aug 19, 2020 2:08 pm
Forum: Wireless Networking
Topic: Akamai CDN causing NV2 unequal bandwidth distribution
Replies: 0
Views: 622

Akamai CDN causing NV2 unequal bandwidth distribution

Hello everyone, I'm experiencing similar problem to https://forum.mikrotik.com/viewtopic.php?t=112385 Simply: I think Akamai CDN edge servers are running some modified TCP stack or congestion control algorithm. When one station on PTMP AP with NV2 starts to download Microsoft updates, some game upda...
by blazej44800
Sat Jul 25, 2020 10:04 pm
Forum: RouterOS beta
Topic: v7.1beta1 [development] is released!
Replies: 103
Views: 57480

Re: v7.1beta1 [development] is released!

@hknet please, don't mess up count of NAT rules with conntrack table size limit.
by blazej44800
Fri Jun 05, 2020 9:30 pm
Forum: RouterBOARD hardware
Topic: Mikrotik hardware accelerated routing
Replies: 20
Views: 9536

Re: Mikrotik hardware accelerated routing

It looks like my idea was implemented in v7.0beta7. Thumb up! I'm excited to check it out.
by blazej44800
Tue Feb 04, 2020 1:35 pm
Forum: RouterOS beta
Topic: Feature request: NV2 EAP
Replies: 0
Views: 2593

Feature request: NV2 EAP

Hello,

I would be really happy to see NV2 EAP authentication in v7 release.
I was just beta testing central radius EAP authentication for wireless clients in our WISP network and I stayed froozen that so stupid functionality like that is not available yet.

Regards,
Blažej
by blazej44800
Sun Dec 15, 2019 9:56 pm
Forum: RouterOS beta
Topic: HFSC queue tree
Replies: 1
Views: 4073

HFSC queue tree

Hello,

firstly, thanks for really huge improvements in v7. Keep going!

What about to update/add implementation of queue tree based on HFSC instead of HTB? HFSC is available in Linux kernel for many years.
by blazej44800
Sat Dec 07, 2019 7:45 pm
Forum: RouterBOARD hardware
Topic: Mikrotik hardware accelerated routing
Replies: 20
Views: 9536

Re: Mikrotik hardware accelerated routing

Of course I don't consider CRS as router. It was example for offload of MPLS. But RB3011/RB4011 and CCR has also unpredictable performance for critical traffic.
by blazej44800
Sat Dec 07, 2019 1:23 pm
Forum: RouterBOARD hardware
Topic: Mikrotik hardware accelerated routing
Replies: 20
Views: 9536

Re: Mikrotik hardware accelerated routing

Sure, ASICs are expensive. But CRS317 looks cheap. More switches like this. Some SFP versions, ethernet versions and some combination SFP/ETH as provider core routers. Maybe I'm doing something wrong but software routing is unable to transfer multicast traffic for IPTV without packet loss. Not extre...
by blazej44800
Sat Dec 07, 2019 10:43 am
Forum: RouterBOARD hardware
Topic: Mikrotik hardware accelerated routing
Replies: 20
Views: 9536

Mikrotik hardware accelerated routing

Hi,

I have question about hardware routing with Mikrotik devices. Are there any plans to implements some CAM/TCAMs to Mikrotik devices for hardware routing? Or just expand MPLS accelerated hardware like CRS317?



Regards,
Blažej
by blazej44800
Mon Oct 28, 2019 7:26 pm
Forum: Forwarding Protocols
Topic: Route flap after DR goes down
Replies: 8
Views: 5956

Re: Route flap after DR goes down

Use LOOPBACK ip Address as Router-ID:

* R1, /routing ospf instance set [ find default=yes ] router-id=192.168.2.1
* The same in all others Routrers

This will solve all your problems
No change. Did you test it?
by blazej44800
Mon Oct 28, 2019 5:08 pm
Forum: Forwarding Protocols
Topic: Route flap after DR goes down
Replies: 8
Views: 5956

Re: Route flap after DR goes down

Export below.
by blazej44800
Mon Oct 28, 2019 12:02 pm
Forum: Forwarding Protocols
Topic: Route flap after DR goes down
Replies: 8
Views: 5956

Re: Route flap after DR goes down

I just proved this issue with real devices - simple 4 routers star with switch in the middle. R1 - PRIO: 200 - 192.168.0.1/24 - LOOPBACK: 192.168.1.1 R2 - PRIO: 190 - 192.168.0.2/24 - LOOPBACK: 192.168.2.1 R3 - PRIO: 180 - 192.168.0.3/24 - LOOPBACK: 192.168.3.1 R4 - PRIO: 170 - 192.168.0.4/24 - LOOP...
by blazej44800
Sun Oct 27, 2019 10:09 pm
Forum: Forwarding Protocols
Topic: Route flap after DR goes down
Replies: 8
Views: 5956

Route flap after DR goes down

Hello, I just experienced different behaviour in OSPF - RouterOS vs. Cisco iOS according to GNS3 simulation. I have few routers connected to switch. They are running OSPF broadcast network type with DR/BDR election. With RouterOS when DR router goes down, all other routers flush route table for dead...
by blazej44800
Wed Jul 24, 2019 1:10 pm
Forum: General
Topic: Passing NTP servers via PPPoE and radius
Replies: 0
Views: 741

Passing NTP servers via PPPoE and radius

Hello,

it's possible to pass NTP servers for PPPoE clients? Are there attributes for it?


Thanks
by blazej44800
Sat Feb 02, 2019 9:27 pm
Forum: Wireless Networking
Topic: [SOLVED] WMM giving terrible throughput
Replies: 8
Views: 6899

Re: WMM giving terrible throughput

Exactly. After setting WMM priority max throughput is 25Mbps on 802.11 WMM enabled link. After disabling 50+. Where is the problem? Tested on AP RB922UAGS-5HPacD with ROS v6.43.8 with client SXT Lite5 with ROS v6.43.8
by blazej44800
Tue Jan 29, 2019 10:57 am
Forum: General
Topic: LCD Display causing packet loss... what???
Replies: 15
Views: 4689

Re: LCD Display causing packet loss... what???

I can confirm: 2-10% packet loss on RB3011 with RoS 6.43.8 only on ports ether6-10 with ENABLED LCD. Disabling solved it.
by blazej44800
Wed Mar 28, 2018 12:40 am
Forum: General
Topic: RouterOS making unaccounted outbound winbox connections [SOLVED]
Replies: 75
Views: 145748

Re: RouterOS making unaccounted outbound winbox connections [SOLVED]

@normis
I've just discovered two devices, one is RB SXT 5HnD with ROS 6.41.3, upgraded from older version after infection. Both continue to scan for telnet, upgrading didn't solve problem. Just generating suppout, await for it on support.
by blazej44800
Sun Jul 03, 2016 8:19 pm
Forum: General
Topic: Problem with Mangle
Replies: 7
Views: 4483

Re: Problem with Mangle

I have the same problem. Cannot forward some traffic to other interface via routing mark. Trying on RB433 with 6.35.4
by blazej44800
Sat Feb 06, 2016 11:29 pm
Forum: General
Topic: enhance "check-gateway" feature - use arbitrary check IP
Replies: 34
Views: 46543

Re: enhance "check-gateway" feature - use arbitrary check IP

+10 for feature request!
by blazej44800
Sun Sep 20, 2015 1:31 pm
Forum: General
Topic: Can't flush static DNS entries
Replies: 10
Views: 9756

Re: Can't flush static DNS entries

Only if there is a lot of items? I exactly found, the reason when it happend. See my video above.
by blazej44800
Sat Sep 05, 2015 12:15 pm
Forum: General
Topic: Can't flush static DNS entries
Replies: 10
Views: 9756

Re: Can't flush static DNS entries

The situation when it happen: https://www.youtube.com/watch?v=CF6RvVPpxGM
by blazej44800
Sat Aug 29, 2015 11:17 am
Forum: General
Topic: Can't flush static DNS entries
Replies: 10
Views: 9756

Re: Can't flush static DNS entries

I already sent suppout and video, how it happend. It hapens when you rename static entry. Then the previous one trapp in cache.
by blazej44800
Tue May 05, 2015 5:56 pm
Forum: General
Topic: Can't flush static DNS entries
Replies: 10
Views: 9756

Re: Can't flush static DNS entries

Exactly the same problem. Deleted static DNS record is still in cache. ROS 6.27, RB2011.
by blazej44800
Sat Sep 06, 2014 5:10 pm
Forum: The Dude
Topic: Ping Timeout (Database related)
Replies: 7
Views: 7462

Re: Ping Timeout (Database related)

Just run Server as admin .. with administrator rights :)
by blazej44800
Sat Aug 23, 2014 9:08 pm
Forum: General
Topic: One registered device per one access-list rule
Replies: 0
Views: 773

One registered device per one access-list rule

Hello, I'll use CAPsManager with 5 CAPs. I will have clients, with Private PSK entered in access-list (no MAC address resolution). My question: is there any way to authentify only one device per one access-list rule in the same time? (It means that in the same time 2 devices with same PSK cannot be ...
by blazej44800
Tue Jul 08, 2014 1:26 pm
Forum: General
Topic: How to Compelet Traceroute in 2 Hops
Replies: 5
Views: 1822

Re: How to Compelet Traceroute in 2 Hops

It may happend, because TTL value was change in 10.10.10.1 . For better understanding, look at this (how traceroute works): http://en.wikipedia.org/wiki/Traceroute
by blazej44800
Sat Jun 21, 2014 3:32 pm
Forum: General
Topic: Feature request: CAPsManager - roaming
Replies: 80
Views: 39298

Feature request: CAPsManager - roaming

Good morning,

I'm really glad, that mikrotik made and released CAPsManager. But I think, CAPsManager should support Roaming between networks, something like it has UBNT and UniFi.
Please, add this in new versions. I think, I'm not alone, who want this.


Regards
Blažej
by blazej44800
Sat Jun 14, 2014 7:38 pm
Forum: General
Topic: Feature request: route - check gateway via ping to some IP
Replies: 3
Views: 2610

Re: Feature request: route - check gateway via ping to some

Can you show me small example how to do this?
by blazej44800
Sat Jun 14, 2014 6:56 pm
Forum: General
Topic: Feature request: route - check gateway via ping to some IP
Replies: 3
Views: 2610

Feature request: route - check gateway via ping to some IP

Hi,

I think it should be good, if we can set Route -> Check gateway to "Ping to specific IP". Because you know, now there is ping, but only to gateway. But what if happend something further... So we can set any IP which will be testing to PING via this Route.

Thanks
by blazej44800
Sat Jun 14, 2014 6:45 pm
Forum: General
Topic: Feature request: add Encryption to WiFi scan
Replies: 5
Views: 3611

Feature request: add Encryption to WiFi scan

Hi,

I think that WiFi scan should show Encryption of each network. I think it's just small detail, but it can help.



Thanks
by blazej44800
Mon May 12, 2014 3:06 pm
Forum: General
Topic: Bad passwords log
Replies: 0
Views: 754

Bad passwords log

Hi guys, Im trying to catch all bad passwords which are going to my RB via winbox. I already tried packet sniffer (Wireshark, ..) but communication looks encrypted or something. I'm attaching pcap files of capturing (one with safe mode and one without). I was trying to login with name admin and pass...
by blazej44800
Mon May 12, 2014 11:48 am
Forum: General
Topic: Getting firewall rules via SNMP
Replies: 4
Views: 1598

Re: Getting firewall rules via SNMP

I can use only SNMP protocol. It haven't to be used in DUDE. I can use else software, but only via SNMP.
by blazej44800
Sun May 11, 2014 8:51 pm
Forum: General
Topic: Getting firewall rules via SNMP
Replies: 4
Views: 1598

Getting firewall rules via SNMP

Hi guys,

Is possible to get firewall rules via SNMP? I tried SNMP walk in Dude but there is nothing about this. Any ideas?

Thanks
by blazej44800
Sun Mar 23, 2014 6:22 pm
Forum: General
Topic: v6.11 released
Replies: 260
Views: 112358

Re: v6.11 released

Routing Mark problem returns on my RB2011L. Downgrade to 6.7 solved the problem.
I had also problems. CPU was 100% after changing Routing tables. I downgraded to 6.10 and it's ok.
by blazej44800
Fri Mar 21, 2014 11:02 pm
Forum: General
Topic: v6.11 released
Replies: 260
Views: 112358

Re: v6.11 released

NTP don't work on RouterOs 6.11.
Several ntp servers tried to no avail.
After a few hours, after reboot
see attachement
For me, on RB2011-UAS-2HnD works normal.
Where is the setting for the auto frequency selection? can't seem to find it anywhere
It's last option in Frequency selectbox (auto).
by blazej44800
Fri Mar 21, 2014 8:01 pm
Forum: General
Topic: v6.11 released
Replies: 260
Views: 112358

Re: v6.11 released

Good morning, after upgrade I see this - the select box is not full width in WinBox. It's normal or bug? I didn't see this in earlier versions.
screenshot-ros.png
by blazej44800
Mon Mar 10, 2014 11:17 pm
Forum: Wireless Networking
Topic: RB2011 - big latency
Replies: 2
Views: 2003

Re: RB2011 - big latency

Thanks for tip :)

I'm closing access.
by blazej44800
Sat Mar 08, 2014 7:45 pm
Forum: Wireless Networking
Topic: RB2011 - big latency
Replies: 2
Views: 2003

RB2011 - big latency

Hello, I have RB2011 UAS-2HnD-IN. My wireless is running on B/G/N mode. I have connected max. 5 clients. When I try to download something over than 20Mbps via wifi, my ping to gateway is going up to > 20ms and more. What should I change in my settings? My friends tested this same on his ZyXel and he...
by blazej44800
Sat Mar 08, 2014 12:58 pm
Forum: General
Topic: Ping to 127.0.0.1 > 3ms. It's normal?
Replies: 3
Views: 2474

Re: Ping to 127.0.0.1 > 3ms. It's normal?

Normal? Stupid windows knows, that ping to 127.0.0.1 should be < 1ms: Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=1...
by blazej44800
Fri Mar 07, 2014 11:02 pm
Forum: General
Topic: Ping to 127.0.0.1 > 3ms. It's normal?
Replies: 3
Views: 2474

Ping to 127.0.0.1 > 3ms. It's normal?

Hello everybody,

I'm using RB2011 UAS-2HnD-IN with ROS L5 (v. 6.10). I tried to ping loopback (127.0.0.1) and I get results between 0-10ms with 2% CPU load. I tried to disable all NAT's and firewall rules. No different. I'm attaching screeshot from WinBox.

Is it normal? Can it be HW error?

Thanks
by blazej44800
Wed Feb 26, 2014 4:48 pm
Forum: Virtualization
Topic: access to usb from metarouter
Replies: 12
Views: 11594

Re: access to usb from metarouter

Can I know why? I think it can be good way to make home DLNA server for streaming USB content, or home print server or connect webcam for streaming.
by blazej44800
Tue Feb 25, 2014 11:52 pm
Forum: Virtualization
Topic: access to usb from metarouter
Replies: 12
Views: 11594

Re: access to usb from metarouter

Hi. Is there still no way to use USB attached to routerboard in Metarouter?
by blazej44800
Sat Feb 22, 2014 10:59 pm
Forum: Virtualization
Topic: Metarouter images
Replies: 378
Views: 385857

Re: Metarouter images

Hello.

liquidcz: can you add packages: minidlna, kmod-usb-uhci, kmod-usb-ohci, kmod-usb2, kmod-usb-printer, p910nd

Thanks a lot (vďaka :))
by blazej44800
Thu Feb 20, 2014 6:18 pm
Forum: Wireless Networking
Topic: RB2011UAS-2HnD Wireless ping loss
Replies: 6
Views: 2890

Re: RB2011UAS-2HnD Wireless ping loss

Hi

I have the same problem. Mikrotik RouterBOARD 2011-UAS-2HnD-IN. Ping over ethernet interfaces is < 1ms. Over wifi 0-100ms and I'm lossing packets (ca. 1%). Can anyone help me?

Thank you :)