I have them all in g only mode except the titanium. Configs are the same for each radio on the mikrotiks. Frequency issues are not present. My stuff is the only thing around. I live 45 minutes from a gas station. I'm good with configs . Did the training and have been installing/configuring several y...
For a couple of months I have been trying to figure out an issue I have been having. I got a Republic Wireless phone to test for the school systems around me and could not properly connect sip calls through my wireless. After testing a while and trying different devices, I found that my systems with...
I have had 4 out of 10 doa. No more of those cards for me. I have never spent so much to have that many doa. Then one died within an hour of use. No overpowering. Every other card has worked fine in my routers, I just wanted a less noisy card. Oh well. I will stick with Ubis now.
Just wondering if a normal mikrotik backup also backs up usermanager? Have lots of backups of the whole system but no database backups yet and the database seems to have totally disappeared. Thanks
Think there will be a fix to it any time soon? 2.9.44 worked great with winbox it was only when I went to beta I noticed it. Not a big deal since the terminal still works for me but winbox is a big sales point when recommending things to people.
Seems the last couple versions do not show all of the data in winbox (now using 3.10B). Here is what we have and what is happening. We have about 30 vlans with pppoe servers on them. There are about 700 pppoe users. The machine is a dual core box with 2 gigs of ram and 8 interfaces. The router is ru...
I agree about the PPPoE. I have set up many networks with it. It reduces risk of network loops, more efficiently uses ip addresses, is easier to contain virus and trojan traffic, with radius it is easy to manage, offers a good user validation mechanism, you can easily static assign public ips, or dy...
Just wondering... Is it possible to use radius but still have the secrets entered and enabled so if radius goes down, the default secrets could take over? From what I have seen, local secrets are default over radius so I have to keep the secrets disabled so radius can authenticate and if radius goes...
What is the terminating device? Whatever it is, set a /30 for transport and then add routes so all the others /30 and /29 go to your Mikrotik or whatever. That gives you 12 ips to use out of the 16 since 4 are tied up in the transport. ex. Router internal ip xx.xx.xx.1/30 Mikrotik Wan ip xx.xx.xx.2/...
You had the actions only partially entered by just saying "nat". You must specify src-nat or dst-nat Should be: add chain=srcnat src-address=10.10.10.10 action=src-nat to-addresses=138.xxx.yyy.zzz \ to-ports=0-65535 comment="" disabled=no add chain=dstnat dst-address=138.xxx.yyy....
I would have to look but it should be center pin is + and the yellow wire is +. Normally center is positive. I would check it though by using a multimeter on the current power connector. Dont solder it into the mikrotik though, just put a connector on the wires so you can plug it in. Then it can be ...
I do not have a MT connected to a pc psu but i do have pc PSU set up for power to other equipment and power banks. I use just the 12v side quite often. I have the 5v side open for use and leds to show the voltage status of each line. The only thing I had to do to make them work without a pc was load...
The network description I gave is kind of like the way the internet works. Since we are dealing with Routing it is not bound by a local networks limitations as long as the routes are in place so the routers know what way to send everything. Each network has a gateway router that is connected to the ...
I must disagree with you on that one. If you have a static route that 192.168.0.0/24 gateway 192.168.3.5 then when the packet gets to the mikrotik there is a static route that 192.168.0.0/24 gateways to 192.168.3.2 That is a static route and the ping should pass with no problems. The clients on each...
I am wondering how these really effect my networks. Say I have the following Network A - IP 192.168.0.0/24 Interface IP 192.168.3.2/30 | | O - Mikrotik Gateway to Internet, With masquerade out to internet Interface 0 - xxx.xxx.xxx.xxx to Internet Interface 1 192.168.3.1/30 - To Network A Interface 2...
Here is a question. Could the scope/target scope have something to do with it? Any documentation about these two fields?
Is it
0 Global
255 No Where
254 Link
253 Host
??
If so, whats the 10, 20 etc that I have seen ?
Thanks
I think I am in agreeance with you both. I have several networks I work on that have been running great and pinging around. Recently I was working one with OSPF configured and could not ping through. I found that if I got on the end point and pinged to an ip addy connected to the main mikrotik, I co...
I just put them into a spread sheet, then added my rule before the ip, and the part after the ip. Copied them to every cell in the columns and then copied and pasted into gedit. After that, I copied and pasted into router.
in the mangle table make sure you added your rule in prerouting and also you want to use routing mark if you are going to change the route of something.
I tested a large number of rules to find out what it could handle. Added 256 rules to the firewall filter, 120 to the mange, and 80 queue rules. Did not hiccup at all. I stopped there. That is not a lot of rules by them selves but that was added to what i already had in my completed system. The poin...
The network i am working on is not. Thanks for the idea though. I had them swap out switches already, no luck. I'm confused lol. Wish I was down there to physically look at it all.
I feel the pain lol. Still havent sorted this one out. It is 800 miles away so I can not actually see anything to find the issue. Have built another new system and same problem. The thing that is confusing me the most is why it works fine with the old one but not the new. The configs are the same.
Got farther than before. It requested Mozilla ActiveX control which of course I did not have installed. Installed that and it made it through the install completely. Then I went to open Netinstall to test it but got an error that shut it down. The error was:
"bind bootp failed: (10013)"
Net install has not worked for me in the past on a Ubuntu Dapper Drake system running wine. Winbox worked great but Netinstall has not. I am downloading the newest version right now to try.
Exactly. I started with 2.9.27 and have had good experiences. Like I said, have a backup one to run every time you do an upgrade. Testing is always best.
Ram, Ram, and more Ram. Other than that, I have seen no major issues. I have read some posts by people with problems but never experienced problems myself. Watch your upgrades though and always have a backup unit when doing upgrades. ps, a nice processor will help too. More than anything though, Ram
Not so easy. Just because you are a WISP does not mean you are free. You are still facilities based. The issue I have is the long term of backups and their ability to look at anything they want. I am 100% AGAINST all of this crap. I have prided myself in protecting my users and clients against all o...
I must agree about the cf issues. I use all linux systems and have been happy with winbox but netinstall wont work for me. Really would suck if I had to set up a windblows trash can in order to install mikrotik on cf. I only use cf. Luckily I have not had to do any new installs recently. Maybe Ill j...
I also drop them HCI. What I do is count new connections within a certain amount of time and then drop them for 5 minutes if they try more than 4 times in 2 minutes. That way I can log in from anywhere and still keep a brute force attack from being effective.
My first guess would be that your cable either has a pinch in it or a bad connector crimp. 40m is easy to get data and poe across. Try with another cable just sitting there coiled up in front of you.
Any time Shielder. I do agree with jojo though. I do not block all P2P I queue it with a max upload of 512k so it can not over run my network and the priority is 8 so it is below eveyrthing. Even unknown gets a higher priority. The point behind this is... If you block all p2p you end up with users o...
Sounds like you are missing route rules. Since you are now marking routes you need rules for the look up tables. Example: / ip route rule add dst-address=10.33.33.0/29 action=lookup table=main comment="" disabled=no add dst-address=10.254.0.0/16 action=lookup table=main comment=""...
Thanks for the data Shielder! I have been looking at 1000ah batteries also. The reason was winter. With no sun sometimes for a week I was going a little large. I would much rather use a 350ah and that seems completely possible based on your numbers. I really like the idea of batteries and radio link...
I was planning on doing some testing on this myself. I have solar needs for a few locations but want the research done first. I will be running a couple with dual 200mw radios off a battery soon to find the time till it discharges too low and then timing the solar charge up. I havent tried wind beca...
It is probably your time out period of 1 day. If you have a heavy user log in, they will get added to one of the three. Then they will stay on it for 1 day. You can shorten that if you want. Then you will see more balancing. One link may be higher here or there but over the course of the day it will...
If you use an off network IP on your interface (ex. 10.31.89.7) and you do not have a masquerade rule for 10.31.89.0/24 or whatever, then the user will have to connect via a 10.31.89.0 rule to get on and no matter what gateway they type they will not make it out because they are not masqueraded. Plu...
If you are running dhcp on an interface and PPPoE then the users ethernet interface will try to connect dhcp while the PPPoE virtual interface will connect seperately from DHCP. DHCP is not needed with PPPoE because you can assign ips out of pools and be dynamic anyway. I personally use bogus addres...
One moe thing, you can still load balance with pppoe. You just cant use in interface. Instead use your address range (src address=) so it only deals with your local addresses.
Good night.
add chain=prerouting in-interface=Local action=add-src-to-address-list address-list=odd address-list-timeout=1d connection-mark=odd passthrough=yes Everyone is being added to the odd address list. Should look like this (needs to be changed on the even also): add chain=prerouting in-interface=Local ...
Ive gone through hours of logs from the network. Some with the old mikrotik some with the new one. There is definately a broadcast storm with the new machine but not with the old. The only real difference I see in traffic before the storm is, when running on the Old machine there is some IGMP traffi...
Pretty simple set up. Couple things to check just to make sure you have everything there. 1) Set default gateway in routes 2) Set route rule for lookup main table 3) Srcnat with action masquerade 4) Make sure dns servers are set up Not much to it. If you have all of that, then we need more data to t...
We are replacing a 2.8.24 RouterOS system with a brand new system running 2.9.30. I am help with this remotely. Configs are set up the same but for some reason we are getting packet storms shortly after adding the new system. Unplug it and replug the old one and everything runs fine again. They have...
I do not have the answer to your question but had one for you. Are you using a pc or routerboard? How much ram? The reason I ask is, I have done some bgp stuff but always use bgpd. Have played with mikrotik but ran into issues with not enough ram. I havent put it on a pc with mikrotik yet but I gues...
Personally I only do connection marking then packet marking for p2p. By marking the connection of a P2P connection, I have less risk of them floating around my filters and queues.
Sounds like you need to use a route rule to set it straight. ChangeIP is correct, you should use method #2 though I would specify a destination IP in your rules so you dont snag everyone (unless that is what you want).
Are you using global out as your parent? If so, then it queues all output on all interfaces and your other queues dont really mean anything. If you do it based on output interface, it takes time to add the trees for every device, but you can control it well.
You can use a routing mark and add a route for that routing mark. What changeip is probably saying is that you have to control where the ping is coming out from because if you do not, the router will pick and it may not be the right one. You have 2 routes for gateways and you mark your routes based ...
Sure can. In the users file (mine is in /etc/freeradius) there are a bunch of defaults set and since we are using sql to feed the attributes, we do not need those defaults. They just stomp on us. Here are a few of them, but I commented out all of them. #DEFAULT Service-Type == Framed-User # Framed-I...
if you do what I said above, then when your server changes routes, the ping can not go out because it is bound to the dead interface. That keeps a ping from going out until the connection is active again. When the connection is active again, the ping will pass to the gateway, you will get a reply an...
Just set a firewall rule that ping to destination ip (gateway) goes out the correct interface. Then you will only be able to ping the gateways from the correct interface. Example: Mangle table- set routing mark in prerouting for ping to xx.xx.xx.xx Then make your rule based on the mark. Do that for ...
Just posting this so no one else has to spend hours overlooking the issue. I just set up a new radius server with mysql. Authenticated fine but I wanted static IPs assigned in some cases too. No problem, except Framed-IP-Address was not working so my users ended up with an IP from the pool in my ppp...