Hi, Is it possible to export a device list from SSH including the hostname and its IP address? I'm planning to use netmiko to extract a list of device from certain type + status and use the filtered list to apply commands via python on that specific list. example: /dude device export-list where devi...
Hi, I have a netmiko script that collects the configuration of a lot of Mikrotik devices via SSH (more than 300 devices) It runs 'export' command and saves the output to a file for each device I noticed the 'export' command is being interrupted on 6.49 version (6.47 and 6.48 are ok) Attachments show...
Hi, Is it possible to create Dude Tools based on User Privilege? Example: Full Group = has access to all Dude Tools Write Group = has access to all Dude Tools that have their group associated Read Group = has access to all Dude Tools that have their group associated That would be useful to give, for...
Hi, Is it possible to configure dst-nat rule to access a remote device that doesn't have a gateway configured? The image has details about the intended scenario: image_2021-09-27_111104.png I would like to access 192.168.1.3 device (that is behind NAT of 192.168.1.1), but it doesn't have a gateway (...
Hi, I'm trying to change AS-path inside our AS for an specific IPv4 BGP annoucement: 138.N.N.0/24 image_2021-06-16_123611.png PE 7 send route to PE 10 with option Set BGP Prepend Path configured to add AS 300 before our main AS (AS 700 configured in Instance and iBGP peers) 2021-06-16 12_32_19.png T...
Hi, I searched about this subject matter in the forum but didn't find an answer. I need to create a firewall rule to monitor PPS traffic from/to customers If a customer exceeds some number of PPS (maybe 50.000 pps), add the /32 IP address to an address-list for some time This way I can block it for ...
Hi, I would like to send those logs generated by Dude (device up | device down) to a remote log server (Graylog Server) I already have RouterOS logs being sent to remote log server. How do I can send Dude's logs to RouterOS hosting the Dude Server? This way RouterOS will forward logs received from D...
That's the idea: Dedicate one or more Telegram Bot to send notifications related only to High Priority Devices (as you said, Windows and Linux Servers as an example) My issue is that I didn't find way to assign a custom notification (Telegram Bot) to a group instead of device by device I would like ...
Hi, Is it possible to generate notifications by Device Type? Example: enable Telegram notification only in Windows Computers group or DNS Servers group? I searched in the wiki, in the forum and inside Dude options but didn't find how to accomplish that. Telegram integration is working perfectly, but...
Thanks for all those hints But I'm looking for something at RADIUS level to control this The radius debug from RouterOS shows me it uses these attributes to check a hostpot user authorization against RADIUS: sending Access-Request with id 173 to 172.16.40.40:1812 Signature = 0xbb737bf6ac8c0fbb0da6b9...
Hi, I've created a freeRADIUS + MySQL + daloRADIUS server and it's working great for login and hotspot services. My problem is: hotspot users can access winbox with read permissions Which attributes can I use to control/restrict hotspot users to login only in hotspot service? Which attributes can I ...
If you don't insist on it being an official feature, you can "fix" your WinBox executable. Fire up your favourite hex editor, search for bytes 63200000 and replace them with c9150000. In current version (3.27) it's there only once in both 32 and 64 bit variants, so you can't go wrong. Gre...
We have not had this problem in 3 years since: Matching LDP times to OSPF Replacing MikroTik route reflectors with VyOS (FRR) VyOS uses FRR and can now also do MPLS, it reflects defaults and I submitted patches to get route filter feature parity in VyOS (set distance, set preferred source, match on...
That's the point If you type 10.0.0.1, winbox will try to connect to default 8291 port, you don't need to type 10.0.0.1:8291 If you change default port on every Mikrotik in your network, you need to type IP address + new port every time 10.0.0.1:5577 The idea was to set in winbox the default port it...
Hi, Is it possible to add to winbox a way to define the default port to connect to? Example: As a security option, I chose to change all my Mikrotik devices to listen to winbox/dude on port 5577 Every time I need to connect to them, I need to write the IP address plus :5577 port on Connect To field ...
I tried several formats of route field, but none worked The way I found was the old (but gold) bat script: echo # show interfaces index, L2TP is index 54 netsh interface ipv4 show interfaces # delete old static routes route delete 10.0.0.0 mask 255.0.0.0 route delete 172.16.0.0 mask 255.240.0.0 # ad...
Hi, I'm trying to send multiples routes (10.0.0.0/8 network and 172.16.0.0/12 network) to my L2TP client (Windows 7), but I'm only getting the 10.0.0.0/8 network being installed in Windows routing table > ppp secret print detail Flags: X - disabled 0 name="tomasi" service=l2tp caller-id=&q...
Hi, I have the following scenario: [RB2011] === [RB911] - - - - - - - - [RB911] === [RB850] RB911 are in bridge + station-bridge mode (MTU = 1600) and a OSPF adjacency configured between RB2011 and RB850 (a /30 IPv4 prefix). - - - The OSPF adjacency was working perfectly till this evening in point-t...
Hi, This week we had another failure similar to this: When there is a fault in L2 path, RB converges OSPF correctly to the new best path. But MPLS still tries the earlier interface, causing traffic loops. The solution: disable MPLS LDP and re-enable it When fault is corrected in L2 path, RB again co...
Hi, We have a BNG cluster in our datacenter like this: https://i.imgsafe.org/05/05227650ee.png I noticed some BNG are accepting customers authentication and leasing 0.0.0.0 IP address, while other BNG has available IP address to lease. Is there a way to BNG deny PPPoE authentication when pool is emp...
Same issue here: PPPoE servers work for some days and, suddenly, they stop to authenticate PPPoE users, giving radius timeout error user customerabc authentication failed - radius timeout After reboot RB, PPPoE clients authenticate again I saw this issue on CCR (tile) and RB450 (mipsbe) models. I'll...
Hi, I'm trying to figure out what is happening in the following scenario: The router has OSPF route to PE 10.0.0.189 loopback via correct gateway The router has MPLS labels to PE 10.0.0.189 loopback via correct gateway But... traceroute doesn't find the gateway to send the packet labeled. https://i....
Hi, I would like help to solve a problem using the transceiver pair S-35LC20D | S-53LC20D. Optical signals are excellent, but RB2011 insists to use 10Mbps modulation: https://i.imgsafe.org/e5/e5b4f8bed4.png https://i.imgsafe.org/e5/e5b6c4d085.png Is there a hint/suggestion to solve this problem? Tha...
Hi, Today we needed to recover a POP that was using RB912. We have replaced the damaged RB912 with a 911G-5HPacD The .rsc didn't work. The RB didn't accept a 10MHz bandwidth configuration :? Is this a hardware limitation? a bug of wireless package? Frequency box only shows "auto" in the dr...
Hi, I noticed a host inside network 172.16.16.0/24 (172.16.16.254) wasn't replying to Dude Server. After do a traceroute from Dude Server to 172.16.16.254, a loop was detected: tool traceroute address=172.16.16.254 # ADDRESS LOSS SENT LAST AVG BEST WORST STD-DEV STATUS 1 179.125.47.225 0% 1 1.3ms 1....
Hi, Which is the best current configuration to the Mikrotik integration with FastNetMon? I'm using those: * Cache entries = 128k * Active Flow Timeout = 00:01:00 * Inactive Flow Timeout = 00:01:00 Netflow version = 9 Template refresh = 30 Template timeout = 30 FastNetMon is receiving data correctly,...
Hi, Is there an option to view network maps on a web browser? We bought some TVs to view some dashboards (Zabbix / PRTG / Management Software / etc.). They only work with web browsers, do not allow to download app (like remote desktop feature). The only way we found to view dude on one of these TVs ...
Hi, I noticed my Dude instance doesn't show traffic above ~500 Mbps. (it should be ~950 Mbps at those valleys) It's very strange, because Zabbix also collects information of that router in the same manner (SNMP v1) and doesn't show this gaps. Is there a fine tune in Dude to fix this issue? https://i...
Right, I found the answer in this wiki: https://wiki.mikrotik.com/wiki/Vlans_on_Mikrotik_environment Where he says: Interfaces eth3,eth4 are trunk ports and and only need to forward tagged packets. We do not need to do any tag add/remove so there is no need to add vlans. https://i.imgsafe.org/50/501...
Right, but in this scenario RB2011 will not tag or untag VLAN. The aim is to configure RB2011 only to transport tagged VLAN from PPPoE Server > AP and vice-versa without modifying them. It seems the only way is to create a bridge and add all ports to it (or use a VLAN capable switch with all ports i...
Hi, I've searched in the forum about this topic, but didn't find a solution. Is it possible to make all RB2011 ports as VLAN trunk? The idea is to transport any VLAN (already tagged) from AP to PPPoE Server, keeping redundancy of link between all RB2011 in the tower. This way we can set each AP to a...
Hi, I have some questions about bridging and I would like help to find the answers: I've made a diagram to give details about the scenario: https://i.imgsafe.org/c0/c0e0302974.png My questions are: 1 - Do the bridge will untag the frame ingressing before forward it to the VPLS tunnel? 2 - Do I need ...
Thank you! This tool helps a lot :) The only problem I see is: the tool doesn't have a delay parameter to avoid congestion of alerts. I've tried to generate a warning log every time interface traffic crosses thresholds (above 960M or below 1M). The logs were generated correctly, but my Slack channel...
Excellent! To make it better: # When up to down | unstable to down /tool fetch mode=https url="https://hooks.slack.com/services/TEEEEEEEE/BEEEEEEEE/EEEEEEEEEEEEEEEEEEEEEEEE" http-method=post http-data="payload={\"attachments\": [ { \"title\": \"Dude Notificati...
Jarda, you're right The tool to change all passwords is ready: I have a .bat script that calls PLINK.exe and PSCP.exe, log in all routers and apply the command to change password. The problem is: after change all full access password in all routers, I need to change the login credentials of each ite...
Hi, Is it possible to add a feature to manage a password profile? Then we could assign this profile, instead of set an individual password to each item. Yesterday, I changed our full access password in all routers of our network via script. Today, I'm facing difficult to access the items via right c...
It seems that is working now. I added R5, R6 and R7 again. I've changed all seven routers of lab to MPLS MTU = 1522. Now winbox is loading, before creating TE tunnels. And traffic is going through the TE tunnels, after create them in R1 and R4. I don't know why it didn't work with 1508 bytes of MPLS...
I'm not getting a value to wireless modulation in version 6.38.5 (BaseBox 5). The value for the tx-rate and rx-rate OID are 0, even the radio is operational at MCS 11 (120mbps/120mbps).
The issue was fixed, adding a minus sign before the chat ID: before: https://api.telegram.org/bot123456789:AAQFb1byb3LEwMes_TQeCM1k5wsFb_VguhG/sendMessage\?chat_id=123456789&text=Hello after: https://api.telegram.org/bot123456789:AAQFb1byb3LEwMes_TQeCM1k5wsFb_VguhG/sendMessage\?chat_id=-12345678...
I've changed all routers to RB2011. I've tried MPLS MTU = 1598 in all routers I've removed R5, R6 and R7 from scenario, but the issue still persists: R3 and R4 show blank boxes inside winbox. Is this a normal behavior from a PC connected in a interface that doesn't speak MPLS? Which is the correct w...
Updating: I've done the following steps in all the RB493AH: * updated to 6.38.5; * resetted to default, with no-default=yes; * reconfigured OSPF with loopbacks; * enabled MPLS (LDP-settings = enabled | interfaces ether2 and ether3 added to LDP interfaces). But... still same issue: R1, R2 and R5 are ...
At the moment, I only have OSPF and MPLS enabled. From the notebook, winbox have full access to R1, R2 and R5. Routers R3, R4, R6 and R7 reply ping perfectly, but show blank boxes inside Winbox. Which MPLS MTU do you suggest to use? I'll try to upgrade to 6.38.5, like Thierry said, to try solve this...
Hi, I'm trying to deploy MPLS in a lab to study VPLS and TE Tunnels. This is my scenario (R1 to R7 are RB493AH): https://i.imgsafe.org/2bcd81441b.png My notebook is connected to R1, and the server to R4. All routers are in 6.37.5 version. Also, all of them have loopback configured (10.0.0.1 to 10.0....
Hi, I've tested the hyperlink, that it's inside the fetch command: https://api.telegram.org/bot123456789:AAQFb1byb3LEwMes_TQeCM1k5wsFb_VguhG/sendMessage\?chat_id=123456789&text=Hello But It doesn't even send the Hello message to the group the bot is participating. The webpage says: "{"...
Hi, Is it possible to add a feature to allow customers access only their respective submap? It would be usefull to allow them monitor the backbone they are attached to, but that is unavailable outside the WISP AS (OSPF running private IP). This way, we could offer them access to only a submap that h...
Hi, How do we do to give read-only access to Tools > Winbox (when right click any device) to dude read users? The aim is to give full winbox access to full dude users and read-only winbox access to dude read users in the same item. :lol: https://i.imgsafe.org/7a9a796f21.png Even the users have read ...
Hi, I've tried to create a new submap today (in version 6.38). The submap is created, it's listed in Networks Maps , but... it doesn't appear in the map I've created it. After enter it through Network Maps list, I noticed the new submap doesn't have that button to return to main map Any suggestion a...
Thank you, PaulsMT I was doing it wrong: creating the Winbox item via Dude > Tools menu inside winbox of x86 server. Now I found the Tools menu in the Dude Windows Client. I followed your instruction and it worked perfectly. Now it keeps the parameters: Type: execute Name: winbox Command: C:\Tools\w...
Hi, Here still doesn't work I've created the Winbox link in 6.38 inside Dude > Tools menu pointing the link to C:\Tools\winbox.exe [Device.FirstAddress][Device.UserName] [Device.Password] , but it shows "unknown" status http://i.imgsafe.org/77398a47b4.png This way, in the map, when I right...
Hi, Yesterday I've updated my Dude Server to 6.38 (and the windows client too, obvious). When I logged in with a Full User - the map shows icons and fonts correctly. When I logged in with a Read User - the map loads (a good news), but the icons (SVG) and fonts are not loaded. Am I doing something wr...
Hi, I've installed a x86 VM on Hyper-V specially to host Dude Server 6.37.3. After install, configure and put level 4 license, I've imported my backup from 4.0beta3. It imported correctly, including imported my customized images (.svg) The problem is: * I only can log in with an user that has Full p...
Hi, Continuing this discussion... How can we monitor CPU usage in Zabbix? I've tried to create 2 items in Zabbix in RB850Gx2 template: [user@rb850gx2] > sys resource cpu pri oid 0 load=.1.3.6.1.2.1.25.3.3.1.2.1 1 load=.1.3.6.1.2.1.25.3.3.1.2.2 Then I've created a graph to show both of them, but the ...
Hi, I've made a test in my office today: The topology was this way: [RB2011 01 - eth4 Gigabit] --- [Mimosa B5C AP] ~~~~~~~~~~~~~~~~~~ [Mimosa B5C Station] --- [RB2011 02 - eth5 Gigabit] --- copper link - cat5e ~~~ wireless link RB2011 01 ==== 172.16.200.169/29 B5C AP ====== 172.16.200.170/29 B5C Sta...
1. I plugged my ethernet cable in eth1
2. I waited it to power on
3. I pressed the res/wds button about 1min
4. It appeared in netinstall 6.36
5. Then I installed routeros-smips in it.
Hi, I tried to update an hAP to 6.36. After it rebooted, it did not appear again in winbox. How do I recover it? Which steps do I need to do to inject npk packet in it via Netinstall? I tried a lot of procedures: * hold res/wps for 30 seconds while it is powered on; * hold res/wps before the hAP pow...
Thank you for your reply. It seems the following script has worked to search logging rules and IF no rules THEN add them to the system: :D :global name; :set name [/system identity get name]; system logging action set remote remote=ip.ip.ip.ip remote-port=514 :if ([:len [system logging find topics~&...
Hi, I'm using batch commands to send a script to all my routers via SSH (with Plink and PSCP). Plink executes a script inside script.something file. I noticed that /system backup save name=$filename; and /export file=$rsc; overwrite the files already existing and create updated files every time I ru...
Hi, I have some doubts about the configurations in system > logging. My remote log server (Rsyslog + Loganalyzer on CentOS 6.7) is running ok and receiving all logs correctly. 1 . If I set topic=warning to remote server, will the Mikrotik send error and critical too? (because warning(4) is less seve...
I've changed a bit your example ( all local to global ). Now the BACKUP and RSC were sucessfully created. Can I have problems using global instead of local? :log info "STARTING BACKUP"; :global filename; :global date [/system clock get date]; :global time [/system clock get time]; :global ...
Hi, I tried to execute the following script to get a backup and .rsc file (with name + date + time ) but it gave me errors: :log info "STARTING BACKUP" :global backupfile ([/system identity get name] . "-" . [/system clock get date] . "-" . [/system clock get time]) /...
Hi, I need help to recovery my RB493G It didn't boot anymore. I've tried a lot of versions of Netinstall (with the exact .npk version), anyone worked. The serial cable is ok, PuTTY is showing all messages correctly. This is the error: "Formatting disk... ERROR: could not format partitions Pres...
It seems these steps worked for me: 1. Open PuTTy Key Generator; 2. Select SSH-2 RSA 2048 bits; 3. Click "Generate"; 4. Move mouse pointer a lot inside blank area to create strong crypto; 5. Right-click "ssh-rsa AAAA...", click on "Select All", copy and paste in Notepad...
Hi, I need to redistribute to backbone some static routes from a OSPF router inside a totally stub area. (to route extra prefixes to some clients that do not are in my OSPF scenario) I've tried to apply the following option in this specific router: routing > ospf > instances > default > redistribute...
Hi, I have a CCR1016-12G working as a PPPoE Server. Some customers are claiming that do not have access to Internet. Then I made the following test: * ping-ed the IP of my customer and tried to access his router; the ping was successful, but the customer router did not reply; * I let the cmd ping-in...