MikroTik

cwachs

So just throw a /64 on that same customer facing interface as the DHCP Server and set it to advertise only?

cwachs

I work with a small ISP running all Mikrotik routers. We deployed IPv6 a couple years ago to our customers with very few issues. We are configured with a IPv6 DHCP server running on each customer facing router and hand out a /56 prefix to each customer from a /48 pool on each router. We use RADIUS t...

cwachs

We have had reboots on 7.5 to 7.8beta3. All autosupout.rif files sent to Mikrotik. No response at all to the support file and it's been open for two weeks. They have 6 supout files from us from 5 different firmware. We've moved on and put these routes on a Juniper.

cwachs

We had our 2216 go into a reboot loop twice now. They last about 15 minutes and will reboot around 20 times in a row before stopping. We *think* we were able to stop it by disabling OSPFv3 (we do run IPv6 on ours) but that might have been a coincidence with it just stopping on its own. Since then, w...

cwachs

Was able to get routes working correctly but I had to add a distance filter to the route filter: else { set bgp-local-pref 50; set distance +1; accept; } Just having a local-pref for a iBGP route would not give it a preference. Changing the distance on one path to 201 did - but local-pref works fine...

cwachs

I am chasing down a routing issue on a ROS 7.6 router (also is happening in 7.7). We have iBGP inserting routes from multiple paths. We use route filters to add a local-pref number to the incoming routes based on the BGP peer. In the Route table, it is not using the local-pref value, it is inserting...

cwachs

I would suggest that anyone and everyone that is seeing this to open a support ticket with Mikrotik. The more data they get, the faster they will figure out the cause and fix it. Include a supout file with your ticket so they can see similarities.

cwachs

This is the same exact issue we saw two years ago when the original CCR2004 came out. Those would reboot randomly as well. People said the same thing then... Turn off connection tracking. We sent file after file to Mikrotik. Even shipped two routers back to them. Nothing fixed it until one day a new...

cwachs

Following. Brand new 2216 with 7.7 and it reboots multiple times. I do have connection tracking on since the router has some NAT on it. The config is a clone of a CCR1036 that has never rebooted in 2 years. As soon as that config was put on the 2216, reboots started within a couple hours.

cwachs

Following. I am seeing this on a brand new 2216 with 7.7 on it. Took router out of the box, upgraded to 7.7 (from 7.5 factory) and then did a netinstall with no default config. Loaded a config from a working 7.6 router. Seeing random reboots all that report power outage. This is in a data center wit...

cwachs

Not as a separate section. The network is entered into the interface-template.

cwachs

In our test lab, we have a CCR1009 running 6.47.9 and a RB5009 running 7.1 We are attempting an OSPF connection between the two with a PtP link. The 1009 was previously set up to talk to a test router running v6 over PtP with no issues. We replaced the v6 with the 5009, configured OSPF on the 5009 t...

cwachs

No solution. Seems to be a SwOS feature that is not duplicated in ROS.

cwachs

We pulled both our 2004's from service and replaced them with 1036's as well. One of our 2004s was sent to Mikrotik (at their request through a SUP). We opened the ticket back in July. The RMA was approved in August and the 2004 was boxed and shipped to Baltic Networks for return to Mikrotik in earl...

cwachs

See my comments a little higher up. I think watchdog is broken. Our was rebooting exactly every hour as well. It was a true reboot with 15 seconds of packet loss through the switch each time it rebooted.

cwachs

We need a version for the CSS610-1Gi-7R-2S+ switch.

cwachs

That firmware is not for the netPower 7R.

cwachs

Looks like Watchdog is broken in RC12. This seems to be what was causing our router to reboot every 3600 seconds. I've turned Watchdog off and we have gone 2 hours now without a reboot.

cwachs

I have upgraded our switch to RC12. I have two customers attached to it via ether1 and ether2 - both have GPEN powered devices on their end. The uplink to the switch is into SFP+1 using a 1G SFP module. What we notice is on RC12, every hour at exactly :13 past the hour, the switch (and all customers...

cwachs

Just installed rc12 after we power cycled the router to regain access to it.

cwachs

We are still running rc6 and had it stop responding to pings and SNMP today. At first I thought it was cold related (10 degrees F when the problem began) but it never cleared up once it warmed up. I have not rebooted the switch yet. It is still passing traffic but we can't get at it, it won't respon...

cwachs

No, I only am running the NetPower 7 so that is the only one I needed a firmware for.

cwachs

https://box.mikrotik.com/f/a72e315282d149eda481/?dl=1 There is the link they sent me for RC6. I guess if they object to this, they can delete this post. Since it is from their servers and they willingly sent me the link, I hope it is OK to put it here. I guess I should state this is a release candi...

cwachs

Support sent me a copy.

cwachs

We got VLAN support working in RC6.

cwachs

Looks like VLANs are still totally broken with 2.13rc5 firmware. Makes this unusable for us in production. While I get this is a new product, switches are not new to Mikrotik and having a switch product leave the production line with no VLAN support at all is ridiculous. That is not a new product bu...

cwachs

Nothing with us. RMA'd two of ours and bought CCR 1036s to go in their place. My gut tells me it's going to be a while.

cwachs

We did not go to ROS 7 beta but we did run a couple different version 6 betas as part of the test prior to RMA.

cwachs

After almost a month of troubleshooting with Mikrotik, our 2004's have been RMAd. I would strongly encourage all of you with 2004s that are rebooting, freezing, etc to open support tickets with Mikrotik. They need data to solve this problem and the more data, hopefully the faster it can be solved.

cwachs

That is related. It was added to help support troubleshoot this. We are running that firmware at the request of Mikrotik to gather more information when it crashes. Has not done anything yet to stop the crashing.

cwachs

We just had our 2004 crash with the debug firmware installed. The last line of the console output is: [admin@AUW-LOOKOUT-EDGE-02] > LOOPER: read_raw read failed: EOF died with signal Nothing before that for hours. After the crash, we got 2 physical link up/down messages in console (about 2 minutes a...

cwachs

we are running the same debug firmware on ours. Every one of our deployed 2004s is having some sort of problem (either random reboots or crashes or both).

cwachs

I am shipping one 2004 back under RMA and our other one reboots every 1 -2 weeks. Was on 6.47 and I just put it on 6.47.2 two days ago. Both are running BGP and OSPF.

cwachs

What are you all logging to "echo" in hopes of getting useful info in case of a crash? We have "critical, warning, health, system and event" echoing and nothing was on the console at all for our last crash.

cwachs

I'm having lockups on one of our two 2004s as well. It's an edge router with 4 bgp sessions (no full tables). About every 36 hours, it locks up where we can't access it via winbox, ssh and snmp stops. Sometimes it passes traffic through it, other times no traffic will pass. We got a console server o...

cwachs

I have been seeing an issue on both wAP 60 APs and LHG 60's where the AP will not hold on frequency 66000. I have set the scan list on the client to scan for 66000 (which works) and I manually set the frequency 66000 on the AP via CLI. It will change to 66000 and the station will lock up. Then, anyw...

cwachs

Ahh, sorry. We do have two CRS3xx switches running ROS and they have not locked up. They are our core switches so it will be disastrous if they do...

cwachs

We use both the dish and the panel SM. All 1G interface gear (not the Lite). Of our two APs having issues, both have 4 clients and of those 4, each have 2 dishes and 2 panels.

cwachs

CRS is having the same exact issue running SwOS. I've had issues with 2.9, 2.10 and 2.11

cwachs

Is it possible to get Option 82 information across a link using a wAP 60Gx3 (or a wAP 60G) and clients? We use Option 82 in our network to authorize clients. Our Cambium and Mimosa equipment will pass along Remote Agent ID data but I am not able to get this working with 60G gear. I've tried turning ...

cwachs

Following this. We have three wAP 60Gx3 AP's on our network. With 1 or 2 subscribers attached to them, MCS is solid at 8. As soon as I add the 3rd subscriber, all three subsribers fluctuate between MCS 1 and 6. Add a 4th and 5th and it gets worse. This happens on all 5 channels. Go back to 2 subscri...

cwachs

@Imacka, did this happen to you on a switch running Router OS, not Switch OS?? That would be I think the first report of this happening on a ROS switch. I thought the problem was just with switches running SwOS.

cwachs

I don't know the MAC of each customer device and each time they buy a new router, I will have to get the MAC in advance to authorize the port. This is where "lock on first" is perfect in SwOS. It allows any MAC address to connect to the switch but it only allows one MAC address per port. P...

cwachs

The client is supposed to only hook up the WAN port of their own personal router. We serve public IPs to the customers and each customer should only get one IP per apartment. That is what the lock on first and port lock feature allows. It works perfectly for us in SwOS and we are trying to duplicate...

cwachs

No. Client is an apartment resident that hooks up any kind of router they own to the network jack we provide in each unit.

cwachs

Due to some software issues with SwOS, we are wanting to move our CRS326 series switches to ROS. We use these to feed Internet to apartment units and really need the "Lock on First" and "Port Lock" features that SwOS has that only allow a single MAC address to associate with a sw...

cwachs

We are looking at how to move our switches over to ROS because of this. It keeps happening and as a service provider, I can't keep having buildings go offline because a switch stops working. The only feature of SwOS we use that I have not found out how to duplicate in ROS yet is "Port Lock"...

cwachs

Does anyone that is having this issue have Flow Control turned off on all ports?

cwachs

We've had two more switches fail with this same exact issue (all css326). I have filed a support request with Mikrotik two weeks ago but still no reply from them. I am now RMA'ing these switches and replacing them with CRS326 versions - but still running SwOS on them. So far, no issues on the CRS ha...

cwachs

We had our second hang this week on two separate CSS326-24G-2S+ switches. While it was in the "down" state, I was able to confirm I could ping the switch up to a MTU size of 230 bytes. At 231 bytes, the packet was dropped by the offending CSS switch. Both of our hangs this week were under ...

cwachs

We have 4 of these deployed in an apartment building and ended up buying a AC power adapter that pings the Internet and reboots the switch when the pings die. We got tired of driving over there in all hours of the day and night to reboot switches that hang.

cwachs

We are using CSS326's in a MDU scenario. I'd like to use the "lock on first" feature to keep an apartment from grabbing more than 1 IP address. I have a couple of questions on this. Do I need to check BOTH "lock on first" and "port lock" for this to be active? What exac...

cwachs

We are using a CSS326 with FW 2.9. For billing purposes in our router, we pass along Agent Remote ID from the switch to the router (CCR 1009) and from there, it is sent to our DHCP batcher and on to the billing system. We need the Agent Remote ID to be a MAC address since our billing system works of...

cwachs

We are trying to use Option 82 on a couple routers with devices connected locally. I'd like to turn on Option 82 on the bridge and get the router to forward the port MAC address as the "Remote Agent ID". It looks like it uses the port name for the Remote Agent ID and we have to have this i...

cwachs

It is my understanding (from a hardware manufacturer) that the Mikrotik 60 Ghz radios have hardware that can handle channels 1 and 2. Channels 3 and 4 are done by stretching that hardware with software, so to speak. The chip used in the IgniteNet hardware is designed for channels 1-4 and channel 5 (...

cwachs

Installed a LHGG-60ad link a few days ago. Couple questions for those that have some of these up: 1) Is there an SNMP OID for the RSSI? We are graphing signal and MCS but I prefer to capture RSSI. 2) What are you doing to aim? I have aimed Siklu, IgniteNet and other millimeter wave gear but the aimi...

cwachs

We have two identical Mikrotik routers in two locations (A and B). Each router is on a fiber connection to the Internet and configured with a number of VLANs on the LAN side. On each Mikrotik, VLAN 5 is configured in the 10.10.8.0/21 subnet as our management VLAN (no DHCP on VLAN 5). There is a wire...

cwachs

I have recently started using a couple routers with the UPS package connected to compatible APC UPS devices. The data all seems to be there. What is confusing me is the "Off Line Time" and "Min Run Time" settings. The manual does not really clarify exactly what I am setting. What...

cwachs

I found I was not calculating the HEX value for root priority properly. Not sure why it defaults to priority 32768 but my attempts to fix that with a hex value were incorrect. I now have it set to "4096" using hex value "1000" and all seems to be happy.

cwachs

I have a Mikrotik acting as an edge router. SFP1 is connected to our Internet provider. SFP2, 3, 4 are in a bridge acting as our LAN ports. Each of those SFPs is connected to a different Netonix switch via a fiber cable. All 3 of those switches are located at different physical points on our transmi...

cwachs

Solved it. My programming bad. In Mikrotik 1, I routed the new /30 to the vlan interface, not the public IP of Mikrotik 2. Now that Mikrotik 2 hears the /30 coming at it, routing is working properly through it.

cwachs

Up against a simple problem I can't solve... I have a /30 connection to my upstream ISP. They are sending me a separate /25 of public IP space to my edge router (Mikrotik 1). We then subnet that /25 down to /28's, /29's and /30's for internal use. We route those to various VLANs. All is great. Now, ...

cwachs

Hard to come up with a subject for this that encapsulates the problem... We are running an L2TP server on our router. It is used to access the management VLAN of our network. Our Mac and Windows devices connect to it just fine. Once connected, those clients can access all devices in our management V...

cwachs

We are not running many firewall rules to take that much of a toll on CPU: add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related add action=accept chain=forward comment="defconf: accept established,related, untracked" conn...

cwachs

According to the Wiki on Fasttrack, it looks like it should work with PCQ queues that in the queue tree are attached to specific interfaces - not global: Warning: Queues (except Queue Trees parented to interfaces), firewall filter and mangle rules will not be applied for FastTracked traffic. We have...

cwachs

Thanks for the help. I did start off as master/slave on the LAN side and then built a bridge. Forgot to move the LAN IPs to the bridge from the master port. My bad - thanks for catching. I'll try building a bridge for management. I'm not sure I am following you 100% on how to handle the mgt bridge a...

cwachs

True true. I was just surprised by the totality of the throughput hit it took while in router mode. Lesson learned.

CRS has been reconfigured as a switch and put behind a routerboard.

cwachs

Found a couple older posts on this but none that solved it... Using an RB750. On the WAN port, it has untagged Internet connection (with static public IP) and a tagged vlan5 management VLAN. LAN side of the router has ether2-5 bridged together with a private DCHP server and NAT running. All works gr...

cwachs

Swapped out the CRS125-24G-1S with an identically configured RB 962... Doing the same test, my bandwidth shot up to 500 Mbps bidirectional. This is getting much closer to the backhaul speed. If I turn on fasttrack, I can get around 700 Mbps each direction. So, not going to be using the CRS125-24G-1S...

cwachs

Export of router/switch: /interface ethernet set [ find default-name=ether24 ] auto-negotiation=no name=WAN rx-flow-control=auto speed=1Gbps tx-flow-control=auto set [ find default-name=ether2 ] master-port=ether1 name="ether2 #420" set [ find default-name=ether3 ] master-port=ether1 set [...

cwachs

Running a brand new CRS125-24G-1S with firmware 3.41 and ROS 6.40.5. Very simple configuration. Port 24 is WAN and all other ports are slaves to ether1. Switch is handing out IP's via DHCP. No queues of any kind are active. Very basic firewall. Pretty vanilla build so far. My problem is throughput. ...

cwachs

This is fantastic! Works perfectly. I ended up not using a L2TP VPN for now - just using the public IPs at the remote address for the EoIP tunnel and it's doing exactly what I need. So happy. Thanks!

cwachs

This seems trivial but I'm failing miserably... I have 2 CCR routers both on public IPs. Both have a VLAN (VLAN5) that is our management VLAN. On both routers, VLAN5 is configured as 10.10.8.0/19. Every device (couple hundred) in that VLAN has a static IP. There is a DHCP server on Router 1 for addr...

cwachs

Any reason this does not have "find distance=1" and "find distance=2" in the script? Those are my distances for WAN 1 and WAN 2. Is that related??

cwachs

I'm coming back trying to solve this on my router... I have 2 WANs. One has a /30 gateway connection and a /24 of public space assigned to me. It is the primary WAN that all traffic should flow over. WAN 2 has a DHCP address on the WAN side and no public space. My LAN port has a handful of VLANs on ...

cwachs

I am on my second brand new CCR-1009-8G-1S-1S+ router with a bad ETH 1 port out of the box. It is really frustrating. This is a core router for us so I can't live with it gone for 3 months on a RMA.

cwachs

I've been playing off and on with IPv6 on my router for about a year. I have also swapped out my Mikrotik with a Ubiquiti EdgeRouter for a while while I was testing it. I am able to get IPv6 working fine with the Ubiquiti router, as well as computers hooked directly to the Comcast modem. So, it seem...

cwachs

I have a dual WAN setup where I prefer WAN1 for most outbound traffic but want to force traffic to the other WAN2 for Netflix since that ISP has a peering agreement with Netflix and the performance is better. I am not sure if I want to build static routes for Netflix and point to that gateway - whic...

cwachs

I have 2 VLANs set up along with the default (no VLAN). The 3 networks all have separate DHCP pools and they are working properly. I get the correct IP based on the VLAN I am connected to. My problem is, computers on VLAN30 (10.30.1.x) are able to communicate with computers on the default VLAN (10.9...

cwachs

After a few weeks of working on getting IPv6 working, I'm still not up despite other success stories. ISP: Comcast in Colorado. I am doing the following steps with ROS 6.2: /ipv6 dhcp-client add add-default-route=yes interface=ether1-WAN pool-name=IPv6 use-peer-dns=yes It binds and shows a prefix co...

cwachs

Admission #1: not an expert at firewall rules. Accept my apologies up front since this is likely a dumb question.... Built a list of firewall rules based on the "basic rule set" in the wiki: /ip firewall filter add action=drop chain=input comment="Drop Invalid connections" connec...

cwachs

This has been the most helpful post so far but I'm still failing the IPv6 tests. I am connected to Comcast and I pass the tests if I hook my Mac directly to the modem. When I'm connected to the router, I get an IPv6 address on my computer but I fail IPv6 tests. I'm fairly certain I have done somethi...

cwachs

is ipv6 menu missing in CLI or in Winbox or both? are all the packages on the router from same RouterOS build (check in '/system packages') The are missing in Winbox but are present in CLI (which I am usually not smart enough to use well). My packages are all version 6.19 and every one is enabled e...

cwachs

I am running software 6.19. I have enabled the ipv6 package and rebooted the router. It shows that package as active. However, I do not have the IPv6 menu and I don't seem to be able to find a way to configure anything related to IPv6. My end goal is to use IPv6 addresses from the Comcast DHCP serve...

Search found 84 matches