And it's a pity, because ipset (which is probably used internally) does support lists of lists, together with other useful lists types (I would very much like to have its hash:ip,port list). It's really a pity that there is a list group function in other brands of products. It's very convenient to ...

There are no lists of lists.

In other brands of products, routers or firewalls, many have the function of list group, which is very convenient to use

/ip f add add list=mylist1 address=172.16.3.5 /ip f add add list=mylist1 address=172.16.3.65 /ip f add add list=mylist1 address=172.16.3.22 /ip f add add list=mylist2 address=172.17.2.225 /ip f add add list=mylist2 address=172.17.2.21 /ip f add add list=mylist3 address=172.20.0.56 /ip f add add list...

the dude snmp connect to a switch ,if the interface of switch have a high speed ，for example the 10Gbps SFP+ , the dude realtime rate will display a error values on the switch display the interface rate: Current system time: 2020-12-08 09:15:43 Last 300 seconds input rate 6971407512 bits/sec, 736975...

1. Direct link route lost bug Description: After the interface is configured with an IP address, a direct connection route will be automatically generated in the routing table. However, under unknown circumstances, the direct connection route will be lost, resulting in the inability to communicate w...

A scalable solution with load distribution is always better than replacing one all-in-one-box by another single one with more horsepower. The highest step to cross is the one between "one" and "more than one"; whether "more than one" is actually two or twenty doesn't m...

Bandwidth enforcement is CPU intensive, so you'll have to pour in more CPU. There is no way to optimize the current setup without affecting its behaviour (pcq per each individual user simply must create as many virtual queues as there are users). And yes, it will require a reconfiguration of the to...

Still unresolved

I can confirm that many Android VPN-s end like that. This is very common errors. Rememer that now is very important fix when users connect vpn from the same NAT. I only encounter the connection problem between routers, other clients such as Android or windows have not encountered ,it is not about n...

I have never seen that, and I have quite some L2TP setups. Although always over IPsec. But I don't think that should affect this. I have several L2TP clients that operate over 4G sticks that get a new IP address every day or every 8 hours, and of course at that time they lose the connection. But th...

My LAN have 2000 users， wifi + wired The WAN have 4Gbps My router is CCR1036-8G-2S+ , LAN and WAN all use the 10G SFP+ port to 10Gswitch when i do the Simple configuration lan-ip\wan-ip\dhcp\nat\default-route,the network worked well, high bandwidth and low delay，when the online users at 1500 and ban...

solved

must use the bridge

bridge ports add the ether

on bridge vlans add the vlan

and set the vlan taget on the bridge

and set the vlan untaget on which ether port ,or taget on which ether port

if the server in trouble, it always make the l2tp-client of itself error, when it's l2tp-client try to connect to other server ,will log: 15:45:36 l2tp,ppp,info l2tp-to-a5: terminating... - session closed 15:45:36 l2tp,ppp,info l2tp-to-a5: disconnected 15:45:36 l2tp,ppp,info l2tp-to-a5: initializing...

when the L2TP and CLIENT is working well （ MT device routeboard、 x86、 CCR、CHR ） In many cases, for example: 1、server or client network Abnormal disconnection 2、server or client reboot 3、server enalbe -> disable -> enalbe that will make the client can‘t connect to the server anymore。 log like client：...

unset

Code: Select all

/ip firewall nat unset [find action=masquerade] out-interface

WoW~~ I really didn't expect such a command to exist.

Thank you very much.

help！ In CLI mode how to set one parameter value to default for exemple /ip f m add chain=src-nat out-interface=ether1 action=masq but now i dont want the "out-interface=ether1" ,if in winbox i can click the button of "set to default" to cancel this parameter , but in CLI how to ...

if you create a bridge and set bridge port like bridge1-wlan1 bridge1-eher2-master you should change the ip interface from ether2 to bridge1 , if you dont do that , the network will be stop i try it in rb952 , you must change the interface=bridge1 and why your routerboard still work ,ok i dont know

oh my....... you are wrong from the beginning... your vpn address pool cant use 192.168.2.x -x why you use 2.x.......any others like 192.168.3.x you wont get so many questions in ros vpn address cant use arp to find the lan address , its the cut mode ，so you just can use the routing mode so the lan ...

maybe port1 & port2 in the same group

master and slave or have the same master port

rb750g - switch - port show this name switch vlan-mode vlan-header default-vlan-ID ether1 switch1 disabled leave as is 0 ether2 switch1 disabled leave as is 0 ether3 switch1 disabled leave as is 0 ether4 switch1 disabled leave as is 0 ether5 switch1 disabled leave as is 0 and i set ether3 (conn to A...

rb750g - switch - port show this name switch vlan-mode vlan-header default-vlan-ID ether1 switch1 disabled leave as is 0 ether2 switch1 disabled leave as is 0 ether3 switch1 disabled leave as is 0 ether4 switch1 disabled leave as is 0 ether5 switch1 disabled leave as is 0 and i set ether3 (conn to A...

I do the wifi , 8AP 1AC 1AC+6AP---SWITCH------TRUNK----RB750Gr3---2AP I want vlan2 to do the management-vlan (for AP and AC) so I set the switch's ports (which conn with AP&AC) mode trunk and pvid 2 ,and , AC can find the AP ,this is no problem but the ap (conn -to rb750g) can't be found, becaus...

you need another roteros , 250+250 , one is the master ,on it do PCC and take half packets to the secend ros

if you have a VM server (ESXi ,Ctrix, Hyper-V, and so on ), it will be simple

i guess your ether-NIC is 1000M
and you use the pppoe-client
and your account is 2Mbps
and the account is no read-only

and so~~~~~ you need 500s interface with different MAC-address to run the pppoe-client , that 500*2=1000M

and PCC

just a joke

PPTP MTU/MRU = 1500 - 56 ( 20 IP_HEADER + 20 TCP_HEADER + 12 GRE_HEADER + 4 PPP_HEADER ) = 1444 B

this right?

but in routerOS the pptp-server/client set default mtu/mru 1460/1460 , how to understand ? or in routerOS the mtu 1460 include what?

a: MTU !!!

I get it

I use a backup file import to the ros which has the different version with the backup

so if you want take the option from one ros to another , and they have different version , use backup->restore may make you in trouble

1m/1m 2m/2m 512k/512k 5s

try to delete the last char "s"

the brust-time default-unit is like second ,so you give a Integer number should be ok

VPN借线网页打不开.JPG R1 R2 R3 each have a isp link to internet ，and each have a default-route to internet，and config the src-nat for all lan ip to internet R1 R2 R3 together is a Independent part ，the LAN-Network just for R1 R2 R3 connect-use R1 - R3 and R2 - R3 each have a pptp-vpn tunnel R1 R2 R3 confi...

1、ros do the pptp-server 2、some client（maybe ros、windows、liunx …）conn to pptp-server 3、the client make Abnormal disconnection （like Unplug the cable） 4、in the server ，the pptp connection will be there forever.................. 5、if the user profile only-one=yes ，the next time he will con‘t loggin th...