Community discussions

Search found 49 matches

by bratislav
Mon Oct 29, 2018 11:15 am
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 119
Views: 16955

Re: v6.42.9 [long-term] is released!

This is my first version running a new bridge, don't know if it's a known bug. RB951G-2HnD running as just a Switch/AP (all ethernet+wlan ports under one switch/bridge, no vlans, no nat). If I change the mac address of an ethernet port while it's a member of a switch/bridge, most of the OS will han...
by bratislav
Mon Sep 10, 2018 12:26 pm
Forum: Announcements
Topic: Newsletter #84
Replies: 47
Views: 9360

Re: Newsletter #84

That would be nice but unfortunately RBx00x devices are just too big to be mounted side by side in a 19" rack RB2011iL Dimensions Desktop:230x90x25mm Rackmount:443x92x44mm rb2011rack.png Have MikroTik ever had a discussion about the format of rackmounts. So to be able to mount TWO instead of only ON...
by bratislav
Mon Aug 20, 2018 12:21 pm
Forum: Announcements
Topic: v6.42.7 [current] is released!
Replies: 159
Views: 21758

Re: v6.42.7 [current] is released!

Seems that new workaround option:
*) wireless - added option to disable PMKID for WPA2;
Does not prevent users to connect and so far everything works well for us ...
by bratislav
Sat Aug 18, 2018 1:25 pm
Forum: Announcements
Topic: WPA2 preshared key brute force attack
Replies: 25
Views: 9998

Re: WPA2 preshared key brute force attack

And what about working on WPA3?
According to Qualcomm you need new chipsets for WPA3 so it seems that old gear wont be able to support it ...
by bratislav
Wed Apr 25, 2018 6:43 pm
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 273
Views: 31102

Re: v6.42.1 [current]

I checked this on all our routers upgraded to 6.42 or 6.41 ... And In ROS 6.41 and 6.42 Mikrotik Neighbor Discovery protocol outgoing traffic is actually allowed to bypass firewall altogether and cannot be caught in any chain, not something that any process should be IMHO ... And for me this is actu...
by bratislav
Tue Apr 24, 2018 1:04 pm
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 273
Views: 31102

Re: v6.42.1 [current]

Not related to Winbox security issue, but seems like a bug ... On 6.41.x and 6.42.x MNDP trafic is not visible anymore in firewall output chain ... For example I am using this rules /ip firewall raw> print Flags: X - disabled, I - invalid, D - dynamic 0 chain=output action=passthrough log=yes log-pr...
by bratislav
Thu Nov 02, 2017 12:37 pm
Forum: Announcements
Topic: MikroTik used by Amazon in their cloud datacenters
Replies: 34
Views: 14546

Re: MikroTik used by Amazon in their cloud datacenters

Sadly, it looks like the footage was probably all from inside the Raging Wire data center and not an AWS data center. It was still good to see it being used though. Ragingwire is part of NTT, they are data center operator and they are in business of leasing data center space and infrastructure to c...
by bratislav
Thu Nov 02, 2017 10:39 am
Forum: Announcements
Topic: MikroTik used by Amazon in their cloud datacenters
Replies: 34
Views: 14546

Re: MikroTik used by Amazon in their cloud datacenters

Sadly, it looks like the footage was probably all from inside the Raging Wire data center and not an AWS data center. It was still good to see it being used though. Ragingwire is part of NTT, they are data center operator and they are in business of leasing data center space and infrastructure to c...
by bratislav
Mon Oct 30, 2017 1:05 pm
Forum: Announcements
Topic: v6.40.4 [current]
Replies: 103
Views: 19801

Re: v6.40.4 [current]

It surely works in winbox.
Maybe on your routerboard. On rb922 (and others) don´t work
Interesting ... What versions of WinBox/Windows are you using?
by bratislav
Mon Oct 23, 2017 7:07 pm
Forum: Announcements
Topic: RouterOS (v6.39.3, v6.40.4, v6.41rc) NOT affected by WPA2 vulnerabilities
Replies: 58
Views: 94581

Re: RouterOS (v6.39.3, v6.40.4, v6.41rc) NOT affected by WPA2 vulnerabilities

Also just to be clear on MikroTik APs mitigation is not yet available and the only option is to patch the clients and that maybe impossible especially with Android devices that probably will never receive a patch, so maybe a suggestion for MikroTik to develop something like this and make it availab...
by bratislav
Mon Oct 23, 2017 10:45 am
Forum: Announcements
Topic: RouterOS (v6.39.3, v6.40.4, v6.41rc) NOT affected by WPA2 vulnerabilities
Replies: 58
Views: 94581

Re: RouterOS (v6.39.3, v6.40.4, v6.41rc) NOT affected by WPA2 vulnerabilities

To summarize, the client does connect to the fake AP. That's why the researcher enabled ip forwarding on his linux box. Actually there are AP's that will do this (mitigate the 4-way handshake problem). I'm not sure it will break anything with compatibility but we administer a ton of AP's and they a...
by bratislav
Fri Oct 20, 2017 11:09 am
Forum: Announcements
Topic: RouterOS (v6.39.3, v6.40.4, v6.41rc) NOT affected by WPA2 vulnerabilities
Replies: 58
Views: 94581

Re: RouterOS (v6.39.3, v6.40.4, v6.41rc) NOT affected by WPA2 vulnerabilities

Apparently AP can mitigate this by "bending" the standard 4-way handshake and instead of re-transmitting message 3... It does not re-transmit anything during attack. It's an attacker who replays the message 3 that was originally transmitted by the real AP. It does actually ... the attacker is repla...
by bratislav
Fri Oct 20, 2017 10:35 am
Forum: Announcements
Topic: RouterOS (v6.39.3, v6.40.4, v6.41rc) NOT affected by WPA2 vulnerabilities
Replies: 58
Views: 94581

Re: RouterOS (v6.39.3, v6.40.4, v6.41rc) NOT affected by WPA2 vulnerabilities

The demo from the researcher clearly indicates a man-in-the-middle attack. It is shown in the video on his website around 1:54 https://youtu.be/Oh4WURZoR98 Hence, the client does connect to the malicious AP. You seem to claim the client does not need to connect to the fake AP? You should have also ...
by bratislav
Thu Oct 19, 2017 6:58 pm
Forum: Announcements
Topic: RouterOS (v6.39.3, v6.40.4, v6.41rc) NOT affected by WPA2 vulnerabilities
Replies: 58
Views: 94581

Re: RouterOS NOT affected by WPA2 vulnerabilities

You can fix the 4-way handshake issue either at the client side or at the Access Point side. ... So it's good practice to also fix it at the AP side:-). Wrong!!! KRACK is a pure client-side attack. Patching AP will give you nothing. Worse!!! Patching AP will just give some people false sense of sec...
by bratislav
Tue Oct 17, 2017 6:49 pm
Forum: Announcements
Topic: RouterOS (v6.39.3, v6.40.4, v6.41rc) NOT affected by WPA2 vulnerabilities
Replies: 58
Views: 94581

Re: RouterOS NOT affected by WPA2 vulnerabilities

You can fix the 4-way handshake issue either at the client side or at the Access Point side. ... So it's good practice to also fix it at the AP side:-). Wrong!!! KRACK is a pure client-side attack. Patching AP will give you nothing. Worse!!! Patching AP will just give some people false sense of sec...
by bratislav
Thu Sep 14, 2017 6:44 pm
Forum: Announcements
Topic: Newsletter 78 with 1GBPS WIRELESS PRODUCT ANNOUNCEMENT!
Replies: 109
Views: 24727

Re: Newsletter 78 with 1GBPS WIRELESS PRODUCT ANNOUNCEMENT!

Are you sure that you don't confusing "RB1100AHx4 Dude Edition" with one that is announced here "RB1100AHx4"
Yes it is Dude Edition dude ... it is advertised here on top banner at $349.00 ... and that is way cheaper than what we have to pay here ... but enough of me whining :)
by bratislav
Thu Sep 14, 2017 5:08 pm
Forum: Announcements
Topic: Newsletter 78 with 1GBPS WIRELESS PRODUCT ANNOUNCEMENT!
Replies: 109
Views: 24727

Re: Newsletter 78 with 1GBPS WIRELESS PRODUCT ANNOUNCEMENT!

I would really prefer if you did not announce the prices ... Local distributors here are selling Mikrotik gear way times more expensive, for example RB1100AHX4 is currently 570$ or 475$ before taxes, so it is pretty annoying to find out that we are being robbed like that, it is better just not to kn...
by bratislav
Tue Sep 05, 2017 12:33 pm
Forum: Announcements
Topic: v6.40.3 [current]
Replies: 95
Views: 21497

Re: v6.40.3 [current]

Please plan some method to phase-out bundle package. (i.e. install separate packages from the factory, in some new version replace bundle package with the separate packages from the bundle) Why should Mikrotik do that? Packages are already available separately if you prefer it that way, but bundles...
by bratislav
Mon Sep 04, 2017 2:54 pm
Forum: Announcements
Topic: v6.40.3 [current]
Replies: 95
Views: 21497

Re: v6.40.3 [current]

Thank you! I rebooted the router. Free memory 7.4 MB. I updated the firmware, all ok. You are welcome ... on the other hand this make me wonder ... Seems that hAP lite is very tight with RAM memory and that new upgrades can barely fit so problems like yours should be expected in the future ... Mayb...
by bratislav
Sat Sep 02, 2017 1:15 pm
Forum: Announcements
Topic: v6.40.3 [current]
Replies: 95
Views: 21497

Re: v6.40.3 [current]

Hi all. I can not update the Mikrotik hAP lite firmware. Error: not enought disk space. It worked fine for me ... although I uploaded the npk file to router manually ... As far as I know files for upgrades are stored temporarily in RAM so there must be something hogging your memory ... You could us...
by bratislav
Thu Aug 31, 2017 3:33 pm
Forum: General
Topic: IPSEC aes-gcm shows as none in Winbox
Replies: 0
Views: 399

IPSEC aes-gcm shows as none in Winbox

Has anybody noticed this ... RouterOS 6.38.7 in WinBox does not show anything for encryption algorithm if using aes-gcm: gcmwbox.jpg Everything is actually working and command line shows encryption correctly: ip ipsec installed-sa print Flags: A - AH, E - ESP 0 E spi=0x0000000 src-address=1.2.3.4 ds...
by bratislav
Wed Aug 30, 2017 2:26 pm
Forum: Virtualization
Topic: CHR suggestions for new functionality
Replies: 157
Views: 24612

Re: CHR suggestions for new functionality

Make CHR to run on barebone switches. :-) http://www.edge-core.com/productsInfo.p ... 143&id=264
It wouldn't be Cloud Hosted Router than and Mikrotik already has "barenone" hardware that is running RouterOS ...
by bratislav
Mon Aug 28, 2017 8:50 pm
Forum: Virtualization
Topic: CHR suggestions for new functionality
Replies: 157
Views: 24612

Re: CHR suggestions for new functionality

We are mostly VMware customers ... so for me some kind of VCenter integration, for example webfig access, would be really appreciated ...
by bratislav
Mon Aug 14, 2017 7:10 pm
Forum: Announcements
Topic: v6.40.1 [current]
Replies: 74
Views: 19219

Re: v6.40.1 [current]

Maybe false alert, seems to be NOT related to 6.40.1. I had a chance to test with a friend's hEX. Worked reliably with 6.40, likewise with 6.40.1, both RouterBOOT 3.35. Thanks for the update ... I was too reluctant to go for 6.40.1 after your post ... now I may reconsider :) Anyways seems to me tha...
by bratislav
Sat Aug 12, 2017 3:31 pm
Forum: Announcements
Topic: v6.40.1 [current]
Replies: 74
Views: 19219

Re: v6.40.1 [current]

Are you sure about RouterBOOT version? There is no such version at: https://wiki.mikrotik.com/wiki/RouterBOOT_changelog Also it seems to me that you have to update RouterBOOT separately by issuing system routerboard upgrade and then reboot ... Updated from 6.39.2 to 6.40.1 on a hEX (RouterBOOT 3.35 ...
by bratislav
Fri Aug 11, 2017 6:04 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: a virus scanner on the router board
Replies: 14
Views: 3297

Re: a virus scanner on the router board

Absolutely agree ... and even the most powerful NGFW can not inspect SSL/TLS encrypted packets anyway (without meddling with Cert Store on each end user devices) ... I'm willing to bet that these virus scanning routers are only slightly better than worthless at actually providing real security from ...
by bratislav
Sat Jul 29, 2017 2:13 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 104884

Re: v6.41rc [release candidate] is released! New bridge implementation!

It does not work even if I put my vlan on ether1 or 2. It should be like this ... (if your vlans 20 and 30 are on ether2 ): /interface bridge add name=bridge1 add name=bridge2 add name=bridge3 /interface vlan add interface=ether2 name=vlan20 vlan-id=20 add interface=ether2 name=vlan30 vlan-id=30 /i...
by bratislav
Fri Jul 28, 2017 6:53 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 104884

Re: v6.41rc [release candidate] is released! New bridge implementation!

Shouldn't VLAN be created on Ethernet port, not the bridge ...
Or you are trying Bridge VLAN Filtering and vlan-ids ...
I'm creating VLAN20 on Bridge1 - there's still ok.
But when I add VLAN20 to Bridge2, RB is unavailable on these two ports.
by bratislav
Wed Jul 19, 2017 12:10 pm
Forum: Announcements
Topic: v6.40rc [release candidate] is released! (New bridge implementation delayed till 6.41rc)
Replies: 207
Views: 28316

Re: v6.40rc [release candidate] is released! (New bridge implementation)

You got this wrong ... flash chips are declared in Megabits ... so the prices you found are for 4MB, 32MB and 128MB respectively ... I'm with you guys. I'm not sure what class embedded designers are taught to use tiniest flash chip available on the market but I'd like to alter that curriculum. That ...
by bratislav
Tue Jul 18, 2017 12:31 pm
Forum: Announcements
Topic: v6.40rc [release candidate] is released! (New bridge implementation delayed till 6.41rc)
Replies: 207
Views: 28316

Re: v6.40rc [release candidate] is released! (New bridge implementation)

I really think Mikrotik should discuss using partitions in addition to backups.
Can I make partition(s) on my mAP Lite? It has only 32MB disk space.
Are you sure about that? mAP lite should have 64MB RAM and 16MB flash ... and no you cant use partitions ...
by bratislav
Wed Jul 05, 2017 10:47 am
Forum: Announcements
Topic: v6.38.7 [bugfix] is released!
Replies: 26
Views: 15793

Re: v6.38.7 [bugfix] is released!

100% CPU and can't connect How do you know that CPU is at 100% if you cant connect? And if you can somehow see this could you also check what is hogging CPU? Anyways it may be some DOS attack issue, my advice would be, if you have one spare port, to disconnect router from the network and plug only ...
by bratislav
Sun Apr 30, 2017 2:42 pm
Forum: Announcements
Topic: v6.39 [current]
Replies: 89
Views: 26102

Re: v6.39 [current]

Upgrade went well on RB750GL but DNS has gone berserk check whether you're being used as an attack amplifier look whether /ip dns cache is filled with junk entries Actually you are right ... on that particular router i forgot to close input from internet ...and it was literally bombarded by million...
by bratislav
Sat Apr 29, 2017 4:34 pm
Forum: Announcements
Topic: v6.39 [current]
Replies: 89
Views: 26102

Re: v6.39 [current]

Upgrade went well on RB750GL but DNS has gone berserk NAME CPU USAGE firewall-mgmt 3% ethernet 0.5% console 1% dns 82% firewall 2.5% networking 2% winbox 3% logging 0% management 6% routing 0% queuing 0% telnet 0% bridging 0% unclassified 0% total 100%
by bratislav
Mon Apr 24, 2017 10:56 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: v6.39rc80 [release candidate] is released!
Replies: 63
Views: 8855

Re: v6.39rc76 [release candidate] is released!

So again with RSTP on a VLAN that is attached to a Bridge, it is going to send out the BPDU packets to the interface, regardless of VLAN, right? Isn't that how RSTP works on most switches? Unless MSTP or PVSTP is implemented, this is now normal operation mode which is 'normal' to switches operating...
by bratislav
Mon Apr 24, 2017 10:53 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: v6.39rc80 [release candidate] is released!
Replies: 63
Views: 8855

Re: v6.39rc76 [release candidate] is released!

Would having MSTP option solve this issue?
Unfortunately Mikrotik is just ignoring this issue and sticks with 16 years old RSTP standard ...
by bratislav
Fri Mar 17, 2017 6:17 pm
Forum: General
Topic: Multiple Spanning Tree Protocol MSTP/PVST+
Replies: 2
Views: 1043

Re: Multiple Spanning Tree Protocol MSTP/PVST+

No it does not ...
It has been requested but to no avail>
viewtopic.php?t=44921
by bratislav
Sat Feb 18, 2017 12:15 am
Forum: Announcements
Topic: Winbox 3.11 released!
Replies: 94
Views: 249545

Re: Winbox 3.11 released!

wireless snooper result don't indented in winbox 3.x
What do you mean ...
Image
It seams OK to me ...
by bratislav
Mon Feb 06, 2017 6:56 pm
Forum: Announcements
Topic: Winbox 3.10 released!
Replies: 70
Views: 34432

Re: Winbox 3.10 released!

Could you please add a scroll bar to some windows?
It is unusable on smaller screens ... You could use WebFig for now ...
by bratislav
Thu Feb 02, 2017 10:22 am
Forum: Announcements
Topic: Newsletter 75, January 2017
Replies: 55
Views: 13292

Re: Newsletter 75, January 2017

SwOS Features: Rapid Spanning Tree Protocol (only) Is this really a feature in these day and age ... It seams to me MSTP is obligatory option (same as VLAN) for enterprise network switches ... I don't know of any ''serious" switch that does not support MSTP ... and every other vendor supports it eve...
by bratislav
Sat Jan 28, 2017 5:35 pm
Forum: Announcements
Topic: Winbox 3.10 released!
Replies: 70
Views: 34432

Re: Winbox 3.10 released!

Actually there is one small annoyance in the latest versions of winbox ... If I click on a new session (menu/session/new) it does more or less nothing except deleting the IP address from the session text box and I stay connected to the same router but I am unable to close winbox any more ... or exit...
by bratislav
Thu Jan 26, 2017 6:20 pm
Forum: Announcements
Topic: Winbox 3.10 released!
Replies: 70
Views: 34432

Re: Winbox 3.10 released!

I will ask once again..... This problem can be solved? It seems it was promised in version 3.0 http://fs5.directupload.net/images/170124/jswmnnj5.png You should check your display settings, custom screen font or similar, it works fine for the rest of us ... http://fs5.directupload.net/images/170126...
by bratislav
Wed Oct 26, 2016 7:59 pm
Forum: Announcements
Topic: v6.36.4 [bugfix] is released!
Replies: 51
Views: 11903

Re: v6.36.4 [bugfix] is released!

Looks good so far ... upgrade from routeros-mipsbe-6.34.6 went without any issues and everything works fine ...
by bratislav
Wed Oct 19, 2016 3:21 pm
Forum: Announcements
Topic: v6.37.1 [current] is released!
Replies: 144
Views: 32487

Re: v6.37.1 [current] is released!

Where can I configure LLDP, I cant find anything related to it in "/ip neighbor" or anywhere else. It seams still unimplemented http://forum.mikrotik.com/viewtopic.php?f=1&t=24690&start=50 They have already changed the documentation so we can only hope that it will "magically appear" soon enough ...
by bratislav
Wed Sep 28, 2016 6:17 pm
Forum: Announcements
Topic: v6.37 [current] is released!
Replies: 197
Views: 25945

Re: v6.37 [current] is released!

My upgrade went well but the problem I have is that I can not disable wireless package, that is I can flag it for disablement but after reboot it is enabled again. Everyone who did lose wireless package or sees it as disabled after upgrade - can you please write to support@mikrotik.com and provide p...
by bratislav
Fri Sep 23, 2016 1:13 pm
Forum: Announcements
Topic: v6.37 [current] is released!
Replies: 197
Views: 25945

Re: v6.37 [current] is released!

how do we enable/disable/check status of new feature loop from winbox? i cant find them in my rb2011 interface menu. is this only from terminal? It seems Loop protect feature is not available in this release ... from winbox 3.5 at least ... But it is working from command line: [admin@MikroTik2H] /i...
by bratislav
Fri Jul 22, 2016 10:27 am
Forum: Announcements
Topic: v6.36 [current] is released!
Replies: 183
Views: 34938

Re: v6.36 [current] is released!

After upgrade to 6.36 wireless-fp got removed as expected, but wireless-rep is missing. I got only wireless-cm2 atm. Where i can get wireless-rep from and is it backward compatible with older wireless packages?  You can find it in Extra packages zip archive, it is backward compatible but you should...
by bratislav
Sat Jun 04, 2016 3:31 pm
Forum: Announcements
Topic: v6.34.5 [bugfix] is released!
Replies: 23
Views: 5775

Re: v6.34.5 [bugfix] is released!

Upgrade from v6.34.2 to v6.34.5 deleted and disabled SSTP client configuration ... /interface sstp-client> print Flags: X - disabled, R - running 0 X name="sstp-rtv" max-mtu=1500 max-mru=1500 mrru=disabled connect-to=255.255.255.255:443 http-proxy=0.0.0.0:443 cert verify-server-certificate=no verify...
by bratislav
Wed May 25, 2016 7:17 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: LLDP
Replies: 123
Views: 36918

Re: LLDP

Please specify what info would you like to get from LLDP?
You can start from here :D :
http://vincentbernat.github.io/lldpd/features.html

The license for lldpd is permissive enough that you can even reuse the source ... and it is smart enough to support various protocols not only LLDP ...
by bratislav
Mon Nov 16, 2015 10:10 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: LLDP
Replies: 123
Views: 36918

Re: LLDP

There is an ISC-licensed, open source implementation of LLDP called lldpd (obvioulsy :D ) that also supports CDP and other L2 discovery protocols. It is available on most Linuxes, Openwrt and others and it seams to me that MikroTik could use this to deliver LLDP in no time ... there is also ladvd th...