Community discussions

Search found 33 matches

by dfroe
Mon Jun 10, 2019 8:25 pm
Forum: General
Topic: IPv6 Hotspot (AAAA DNS Filter Workaround)
Replies: 10
Views: 1504

Re: IPv6 Hotspot (AAAA DNS Filter Workaround)

For me this workaround still works as of RouterOS 6.44.3. The chain pre-hs-input is processed for hotspot traffic destined to the RouterBoard. The constraints of these rules are that the user is not authenticated and traffic for the local dns service (port 64872) is matched. It then jumps to the new...
by dfroe
Wed Jul 05, 2017 11:44 am
Forum: General
Topic: Certificate renewal
Replies: 4
Views: 1731

Re: Certificate renewal

Don't think you can replace the certificate. But deleting and importing is easy enough? Scriptable too. Looks like that's true. This way you also have to re-import the private key from flash again. Normally I'd like to only replace or delete and import the public certificate, but well, that's how i...
by dfroe
Tue Jul 04, 2017 8:03 pm
Forum: General
Topic: Certificate renewal
Replies: 4
Views: 1731

Re: Certificate renewal

+1 Same problem here. I started implementing Let's Encrypt certificates. They have a validity of 90 days. The whole certificate deployment process is completely automated. I am able to push the new certificate to my RouterBoards - but how to import it there replacing the old one? I expected that imp...
by dfroe
Sat Aug 06, 2016 1:56 pm
Forum: Wireless Networking
Topic: Preferred frequency with DFS
Replies: 5
Views: 1281

Re: Preferred frequency with DFS

I'm not sure that channel lists are even allowed when having (mandatory) DFS. Interesting, I am not aware of this yet. And from a logical point of view, I wouldn't understand why excluding certain channels (which basically is the idea behind a scan-list) should be in conflict with DFS regulatories....
by dfroe
Sat Aug 06, 2016 1:22 pm
Forum: Wireless Networking
Topic: Preferred frequency with DFS
Replies: 5
Views: 1281

Preferred frequency with DFS

Hello, how is it possible to configure a preferred frequency when using DFS? Let's say I have a channel-list containing 5500, 5540, 5580. I want to prefer 5580 as first choice because there are no other APs around, but I still want to include the other frequencies in case of DFS events. How can I ac...
by dfroe
Tue Jun 21, 2016 5:47 pm
Forum: Scripting
Topic: Munin Plugins to monitor MikroTik Wireless via SNMP
Replies: 6
Views: 1888

Re: Munin Plugins to monitor MikroTik Wireless via SNMP

I am querying OID .1.3.6.1.4.1.14988.1.1.1.3.1.10 on AP to get Overall Tx CCQ for a certain wlan interface. I always get 0 on that OID. RouterOS versions range from 6.27 to latests betas using wireless-fp/wireless-cm2 packages and nv2. Which ones do work for you? [XXX] > sys routerboard print      ...
by dfroe
Tue Jun 21, 2016 12:04 am
Forum: Scripting
Topic: Munin Plugins to monitor MikroTik Wireless via SNMP
Replies: 6
Views: 1888

Re: Munin Plugins to monitor MikroTik Wireless via SNMP

Would you be so kind to let me know which OID you use for the RX/TX CCQ? I am querying OID .1.3.6.1.4.1.14988.1.1.1.3.1.10 on AP to get Overall Tx CCQ for a certain wlan interface. After reading the MikroTik SNMP MIB I'd say that's the only CCQ value you can get via SNMP. If you need specific detai...
by dfroe
Sat Jun 04, 2016 10:27 pm
Forum: General
Topic: Enforcing WinBox Secure Mode
Replies: 1
Views: 753

Enforcing WinBox Secure Mode

Hello, to pass security audits, we have to ensure, that administrative access to network devices (like MikroTik RouterBoards) is only possible through secure and encrypted protocols. For shell access we can use SSH and disable Telnet, for web access we can use HTTPS and disable HTTP, and we can use ...
by dfroe
Wed May 25, 2016 2:05 am
Forum: Scripting
Topic: Munin Plugins to monitor MikroTik Wireless via SNMP
Replies: 6
Views: 1888

Munin Plugins to monitor MikroTik Wireless via SNMP

See attachments for some example screenshots.
by dfroe
Wed May 25, 2016 2:02 am
Forum: Scripting
Topic: Munin Plugins to monitor MikroTik Wireless via SNMP
Replies: 6
Views: 1888

Munin Plugins to monitor MikroTik Wireless via SNMP

For those who might be interested, I have written a few Munin Plugins to provide some more detailed wireless monitoring of MikroTik devices. The plugins solely rely on standard SNMP and use MikroTik MIB . Using SNMPv3 with AuthPriv you can securely monitor devices even over insecure links. If you ar...
by dfroe
Mon Feb 22, 2016 2:03 pm
Forum: RouterBOARD hardware
Topic: hAP ac (lite) VLAN Switch Chip Features
Replies: 2
Views: 1770

Re: hAP ac (lite) VLAN Switch Chip Features

Great, thanks for your fast reply and for updating the wiki. Now it is clear for everybody. :)
by dfroe
Mon Feb 22, 2016 1:11 pm
Forum: RouterBOARD hardware
Topic: hAP ac (lite) VLAN Switch Chip Features
Replies: 2
Views: 1770

hAP ac (lite) VLAN Switch Chip Features

Hi, I consider purchasing some hAP ac and/or hAP ac lite boxes. Does the integrated switch support native dot1q vlan trunking and per port vlan configuration? My setup will look like described here on the wiki: http://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Example_-_802.1Q_Trunking_with_...
by dfroe
Fri Dec 18, 2015 1:08 pm
Forum: General
Topic: IPv6 Hotspot (AAAA DNS Filter Workaround)
Replies: 10
Views: 1504

Re: IPv6 Hotspot (AAAA DNS Filter Workaround)

Sounds good. For me it takes about 3-5 seconds to get redirected to the portal which is absolutely fine. I think most users won't complain (or even disconnect) when they see the portal in <10 seconds. Do you use HTTPS captive portal? Can you try with plain HTTP? When using HTTPS with a certificates ...
by dfroe
Thu Dec 17, 2015 4:41 pm
Forum: General
Topic: IPv6 Hotspot (AAAA DNS Filter Workaround)
Replies: 10
Views: 1504

Re: IPv6 Hotspot (AAAA DNS Filter Workaround)

Maybe you can give the described fine tuning a try to allow aaaa queries for your hotspot fqdn if this timeout leads to your delay. Use the following configuration instead (adjust the hotspot name to the fqdn you are using for your captive portal). This is a more sophisticated approach to my origina...
by dfroe
Tue Dec 15, 2015 5:54 pm
Forum: General
Topic: IPv6 Hotspot (AAAA DNS Filter Workaround)
Replies: 10
Views: 1504

Re: IPv6 Hotspot (AAAA DNS Filter Workaround)

Great to hear that this not only works for me :) You definitely do not have to change any user's dns configuration or type any hotspot ip address. You can (and imho should) still work with something like hotspot.example.com (fqdn) as redirect address. If your client is actually ipv6-capable you will...
by dfroe
Wed Dec 09, 2015 12:08 am
Forum: General
Topic: IPv6 Hotspot (AAAA DNS Filter Workaround)
Replies: 10
Views: 1504

IPv6 Hotspot (AAAA DNS Filter Workaround)

When trying to setup a wireless internet hotspot based on mikrotik gear I had to notice that the hotspot feature does not handle ipv6 at all (tested with latest ros 6.33). It is 2015, ipv6 is about 15 years old, ipv4 space is gone, and v6 is almost completely ignored by vital ros functions like hots...
by dfroe
Tue Jul 28, 2015 9:12 pm
Forum: Wireless Networking
Topic: RB922 Excellent speeds of 535 Mbps! Can you go faster?
Replies: 17
Views: 7350

Re: RB922 Excellent speeds of 535 Mbps! Can you go faster?

I have been trying to set my routerboard 951G according to the specs posted by dfroe but its saying "no support channel" and "scan-list does not contain valid channels". This topic was about 802.11ac with RB922 boards. You mentioned a 951G which has a 2.4 GHz 802.11n radio. This is completely diffe...
by dfroe
Sun May 24, 2015 11:20 pm
Forum: Wireless Networking
Topic: RB922 Excellent speeds of 535 Mbps! Can you go faster?
Replies: 17
Views: 7350

Re: RB922 Excellent speeds of 535 Mbps! Can you go faster?

And last but not least, here is a test with the same equipment but just using 802.11n instead of 802.11ac. bwtest: UDP 200 Mbit/s, TCP 140 Mbit/s. iperf: 110-140 Mbit/s. As you can see in the attached iperf, this run looks much cleaner and more stable. Average iperf throughput is also ~20% better. S...
by dfroe
Sun May 24, 2015 10:58 pm
Forum: Wireless Networking
Topic: RB922 Excellent speeds of 535 Mbps! Can you go faster?
Replies: 17
Views: 7350

Re: RB922 Excellent speeds of 535 Mbps! Can you go faster?

And here is a screenshot of the iperf test. (I wasn't able to attach more than 3 pics in one post.)
by dfroe
Sun May 24, 2015 10:57 pm
Forum: Wireless Networking
Topic: RB922 Excellent speeds of 535 Mbps! Can you go faster?
Replies: 17
Views: 7350

Re: RB922 Excellent speeds of 535 Mbps! Can you go faster?

Today I installed my two new NetMetal 5 on my rather short p2p link to interconnect two houses on different ends of a road. About 100 m distance with clear LoS. Each tiny tower is equipped with 3x 19 dBi panel antennas (Elbox TetraAnt). The polarization of the antennas is H/V/H. I intend to mainly u...
by dfroe
Thu Apr 16, 2015 11:32 pm
Forum: RouterBOARD hardware
Topic: Problem with ethernet port on SXT AC and RB912UAG-5HPnD
Replies: 3
Views: 820

Re: Problem with ethernet port on SXT AC and RB912UAG-5HPnD

Connection over ethernet port is lose but link is ok (not down). Hi, I had exactly the same issue you described once with only one of my RB912UAG-5HPnD. Ethernet suddenly lost connection but worked again for some time after each reboot. MikroTik support told me to RMA the device. After I replaced i...
by dfroe
Sat Jan 03, 2015 5:23 pm
Forum: Forwarding Protocols
Topic: BGP routes not propagated between iBGP and eBGP
Replies: 14
Views: 12739

Re: BGP routes not propagated between iBGP and eBGP

Good question - which most likely only the guy how coded the ROS BGP implementation can answer. :) I am absolutely with you that there shouldn't be any "implicit fancy automatic filters". Nobody knows them (I am not aware that this feature which filters out non-active routes was documented somewhere...
by dfroe
Sat Jan 03, 2015 2:52 pm
Forum: Forwarding Protocols
Topic: BGP routes not propagated between iBGP and eBGP
Replies: 14
Views: 12739

Re: BGP routes not propagated between iBGP and eBGP

Meanwhile I could figure out why RouterOS does not properly propagate the BGP routes in my scenario. It is actually some "special" behaviour of the BGP implementation in RouterOS. Normally you would expect all routes learned via BGP to be propagated to all other BGP peers (assuming there are no filt...
by dfroe
Thu Mar 20, 2014 12:59 am
Forum: General
Topic: Feature request for v7.x
Replies: 269
Views: 63561

Re: Feature request for v7.x BGP advertise-inactive

BGP option like Juniper " advertise-inactive ". At the moment it is not possible to advertise learned BGP routes to other BGP neighbors if that particular route is not in the active routing table because it is overriden by OSPF with better administrative distance. Other bgp impementations (Cisco, Fo...
by dfroe
Mon Mar 10, 2014 5:34 pm
Forum: Forwarding Protocols
Topic: BGP routes not propagated between iBGP and eBGP
Replies: 14
Views: 12739

Re: BGP routes not propagated between iBGP and eBGP

Okay, this explains why the redistribution does not work. But if I change my eBGP instance to AS 64600, then I would not have an eBGP peering between the two RB anymore. Instead this would result in the eBGP transition between the two AS to take place on my RB CPE (between the two instances). This i...
by dfroe
Mon Mar 10, 2014 2:02 am
Forum: Forwarding Protocols
Topic: BGP routes not propagated between iBGP and eBGP
Replies: 14
Views: 12739

Re: BGP routes not propagated between iBGP and eBGP

I have configured the two instances like this: [admin@BaseBox5-CPE] > /routing bgp instance export verbose # mar/10/2014 00:48:33 by RouterOS 6.10 # /routing bgp instance set default as=64601 client-to-client-reflection=yes !cluster-id \ !confederation disabled=no ignore-as-path-len=no name=default ...
by dfroe
Sun Mar 09, 2014 5:06 pm
Forum: Forwarding Protocols
Topic: BGP routes not propagated between iBGP and eBGP
Replies: 14
Views: 12739

Re: BGP routes not propagated between iBGP and eBGP

Interesting hint, I did not have had the idea to create two separate instances for iBGP and eBGP (though this should not be necessary). So on the RB CPE I created a second instance called eBGP and moved my eBGP peer into this new instance. I activated redistribute-other-bgp for that new instance. Ac...
by dfroe
Sun Mar 09, 2014 1:27 am
Forum: Forwarding Protocols
Topic: BGP routes not propagated between iBGP and eBGP
Replies: 14
Views: 12739

Re: BGP routes not propagated between iBGP and eBGP

redistribute-other-bgp did not help (as it only controls the redistribution between multiple bgp instances and I only use a single instance). The other redistribution commands are not what I want. I actually do not want any new routes to be announced by the RB. I only want the RB to pass already lea...
by dfroe
Sat Mar 08, 2014 11:34 pm
Forum: Forwarding Protocols
Topic: BGP routes not propagated between iBGP and eBGP
Replies: 14
Views: 12739

BGP routes not propagated between iBGP and eBGP

I am replacing a former OpenWRT-based P2P link with two RB912 devices. So far the wireless part works like a charm, good signal and performance. But I run into trouble with my BGP configuration. Both sites form an AS (site A AS 64600, site B AS 64601). Each site has a backbone core consisting of sev...
by dfroe
Sat Mar 01, 2014 2:34 am
Forum: General
Topic: IPv6 not working on ether1
Replies: 4
Views: 1913

Re: IPv6 not working on ether1 (solution)

I could finally find the root cause and fix it. The IPv6 address on the MikroTik device was stuck in TENTATIVE mode, i.e. it was waiting for DAD (Duplicate Address Detection) to complete. According to RFC an IPv6 address must not be used in this state until DAD completes. The DAD works a bit like AR...
by dfroe
Fri Feb 28, 2014 1:32 am
Forum: General
Topic: IPv6 not working on ether1
Replies: 4
Views: 1913

Re: IPv6 not working on ether1

Hello, unfortunately the problem arised again after a few days. The IPv6 stack is currently broken although I am using regular interface names. Here is my complete running configuration: /certificate [...] /ip neighbor discovery set ether1 discover=no /interface wireless channels [...] /interface wi...
by dfroe
Tue Feb 25, 2014 10:29 pm
Forum: General
Topic: IPv6 not working on ether1
Replies: 4
Views: 1913

Re: IPv6 not working on ether1

Hi, unfortunately I missed to gather the output of the ipv6 routing table during the broken configuration. However, in the meantime I was actually able to fix this issue by myself. In my first configuration attempt, I started with the default configuration shipped on the RB912 and performed my inten...
by dfroe
Sun Feb 23, 2014 3:50 am
Forum: General
Topic: IPv6 not working on ether1
Replies: 4
Views: 1913

IPv6 not working on ether1

I just bought two BaseBox5 (RB912UAG-5HPnD) devices which is also my first contact with MikroTik devices. I am running the latest ROS 6.10. I have networking experiences with other vendors, the MikroTik hardware and software looks pretty nice, so I wanted to give it a try. Basically I could sucessfu...