Community discussions

Search found 78 matches

by KBV
Tue Sep 17, 2019 11:35 am
Forum: RouterOS v7 BETA
Topic: OVPN Сlient v7 cannot connect to OVPN Server v6.45.6 if the <require-client-certificate> option is set [SOLVED]
Replies: 2
Views: 501

OVPN Сlient v7 cannot connect to OVPN Server v6.45.6 if the <require-client-certificate> option is set [SOLVED]

OVPN Server: CHR 6.45.6 OVPN Client: RBD52G-5HacD2HnD 7.0beta1 OVPN Сlient v7 cannot connect to OVPN Server v6.45.6 if the <require-client-certificate> option is set. Сertificates issued by the CHR 6.45.6 specially for this test. Server certificate KeyUsage: digital signature, key encipherment, tls ...
by KBV
Mon Sep 16, 2019 9:20 am
Forum: RouterOS v7 BETA
Topic: WLAN Access List cannot be configured with Winbox [SOLVED]
Replies: 1
Views: 511

WLAN Access List cannot be configured with Winbox [SOLVED]

7.0beta1 Winbox 3.19 RBD52G-5HacD2HnD When creating a record you cannot set an adequate signal level (signal-range). Winbox will throw an error: <Error in Signal Strength - range in [-1;120] expected!> Of course no one can connect with a minimum signal level of -1 )) When using CLI there is no such ...
by KBV
Tue Sep 10, 2019 11:11 am
Forum: General
Topic: RouterOS v7.0beta1 (ARM)
Replies: 174
Views: 30293

Re: RouterOS v7.0beta1 (ARM)

As no "OpenVPN client" or "OpenVPN server" usage is standardized for certificates, I would expect "tls-client" or "tls-server" to be required, but you have to check. Also, some clients and servers require a minimum key length and minimum key type (RSA/EC) of the certificate to accept it. This key u...
by KBV
Tue Sep 10, 2019 6:44 am
Forum: General
Topic: RouterOS v7.0beta1 (ARM)
Replies: 174
Views: 30293

Re: RouterOS v7.0beta1 (ARM)

Where were the certificates generated? In my experience, MT generated certificates don't work with the Windows OVPN desktop client (maybe they do now, I haven't tested recently). Maybe, hopefully, if your certificates are MT generated from v6 or older this is an indication that Mikrotik is now usin...
by KBV
Mon Sep 09, 2019 6:23 pm
Forum: General
Topic: RouterOS v7.0beta1 (ARM)
Replies: 174
Views: 30293

Re: RouterOS v7.0beta1 (ARM)

OVPN is not compatible with the previous v6;
v7 ovpn client does not connect to server v6.45 if certificates are used.
by KBV
Thu Jan 18, 2018 12:09 pm
Forum: General
Topic: RB1100AHX4: TX drops on VLAN
Replies: 3
Views: 654

Re: RB1100AHX4: TX drops on VLAN

I had a similar problem on the x86 router.
I was able to reduce the amount of drops experimenting with queues (/queue interface).
But first make sure that the physical interfaces have a "only-hardware-queue" queue
by KBV
Tue Dec 26, 2017 9:21 am
Forum: Announcements
Topic: v6.41 [current]
Replies: 304
Views: 76862

Re: v6.41 [current]

These look like replies your router sends to incoming packets to unreachable hosts. The router generates those ICMP packets to inform the sender that the host is unreachable. Yes, I read it. But I do not use <Rejection> rules. [admin@MikroTik-3011] > /ip firewall filter print count-only where actio...
by KBV
Tue Dec 26, 2017 9:08 am
Forum: Announcements
Topic: v6.41 [current]
Replies: 304
Views: 76862

Re: v6.41 [current]

Can you explain what it is? [admin@MikroTik-3011] > /ip firewall filter print Flags: X - disabled, I - invalid, D - dynamic 0 D ;;; special dummy rule to show fasttrack counters chain=forward action=passthrough 1 chain=output action=drop protocol=icmp out-interface-list=WAN-Zone log=yes log-prefix="...
by KBV
Mon Dec 25, 2017 4:19 pm
Forum: Announcements
Topic: v6.41 [current]
Replies: 304
Views: 76862

Re: v6.41 [current]

What is your configuration? How large is your local subnet and is there a default route to some WAN address? Errors like that can occur when the subnet is large and is being scanned, or when there is no default route and the next hop has "proxy arp" enabled. In such cases there can be many open ARP...
by KBV
Mon Dec 25, 2017 12:07 pm
Forum: Announcements
Topic: v6.41 [current]
Replies: 304
Views: 76862

Re: v6.41 [current]

Isn't max-neighbor-entries about IP ARP table? Check it, not Neighbour Discovery
Now (usually) the ARP table contains 11 entries - 9 LAN and 2 from outside (WAN).
---
[admin@MikroTik] > /ip arp print count-only
11
---
But I can check at the time the problem occurs.
by KBV
Mon Dec 25, 2017 9:24 am
Forum: Announcements
Topic: v6.41 [current]
Replies: 304
Views: 76862

Re: v6.41 [current]

After upgrading my home RB3011 6.40.5 to 6.41RC/ 6.41. Then I increased <max-neighbor-entries> to 16384 and the problem disappeared. But there are only two neighbor devices... [admin@MikroTik] > /log print [...] 07:42:02 warning ipv4 neighbor table overflow, please consider increasing max-neighbor-e...
by KBV
Sat Dec 23, 2017 8:10 am
Forum: General
Topic: RB1100Dx4 Multicore issue ?
Replies: 18
Views: 1475

Re: RB1100Dx4 Multicore issue ?

I got a brand new RB1100Dh4 a few days ago, I`ve noticed that shes running with only one core at 40~80% while the others are at 0~1% usage i had a RB750G3 before and using all 4 cores doing the same job. It's all so) IMHO If they do the load distribution - there will be problems with reordering the...
by KBV
Thu Dec 14, 2017 7:42 pm
Forum: The Dude
Topic: 6.40.5 SNMP encryption does not work
Replies: 2
Views: 494

Re: 6.40.5 SNMP encryption does not work

Most likely it happens because of the conflict use the same ports in your system configuration.
A standard snmp port is used...
When I switch snmp to encryption mode, the interfaces disappear in the list.

PS Forgot to say, I monitor the Mikrotik (6.40.5) devices using snmp. hAP lite and CHR.
by KBV
Thu Dec 14, 2017 11:30 am
Forum: The Dude
Topic: 6.40.5 SNMP encryption does not work
Replies: 2
Views: 494

6.40.5 SNMP encryption does not work

Hi!
When I enable SNMP encryption, the interfaces arbitrarily disappear from the list (Dude map->Device->SNMP->Interface) and links loading is not displayed
SNMP authentication works fine.
by KBV
Wed Dec 13, 2017 10:16 am
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 122643

Re: v6.41rc [release candidate] is released! New bridge implementation!

Using or not using the hw-offload does not affect the situation.
I'm sorry. It seems the problem only occurs when I turn on the hw-offload.
by KBV
Tue Dec 12, 2017 8:51 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 122643

Re: v6.41rc [release candidate] is released! New bridge implementation!

Hi! I have a simple configuration of the router rb3011 - two software bridges and do not use the master port (there are vlans on ethernet interfaces). The update to version 6.41rc62 is done correctly, but in one of the networks packet loss starts. Communication with the nodes of this network arbitra...
by KBV
Sat Dec 09, 2017 10:58 am
Forum: Announcements
Topic: v6.40.5 [current]
Replies: 82
Views: 24984

Re: v6.40.5 [current]

------------------ [admin@MikroTik] > /certificate crl print detail Flags: E - expired, D - dynamic 0 D cert=cert_export_KBV-CHR-CA.crt_0 url="http://192.168.80.251/crl/4.crl" num=0 revoked=0 signature="********" next-update=dec/09/2018 08:05:30 last-update=dec/09/2017 08:50:44 ------------------ Wi...
by KBV
Mon Jan 16, 2017 1:19 am
Forum: RouterBOARD hardware
Topic: RB3011suddenly loses USB flash drive
Replies: 16
Views: 2692

Re: RB3011suddenly loses USB flash drive

Ordinary flash drive is not designed for placing database. This is just to transfer photos to another computer; second flash drive will soon fail too))
Use the SLC flash.
by KBV
Mon Aug 01, 2016 9:40 pm
Forum: The Dude
Topic: The Dude, v6.37rc test builds.
Replies: 92
Views: 17632

Re: The Dude, v6.37rc test builds.

Dude for x86,
I updated from version 6.37rc5 to rc11 (and back to rc5):
dude Error in history.jpg
Real traffic on the interface - 5-10 Mbps, in version 6.37rc5 is displayed correctly
by KBV
Tue Jul 19, 2016 12:48 pm
Forum: Announcements
Topic: v6.36rc [release candidate] is released, wireless-fp package is discontinued!
Replies: 295
Views: 64746

Re: The Dude, v6.36rc test builds.

Firewall rules with interface list is not updated to version 6.36rc40 [admin@MikroTik-CHR-Dude] > /interface export compact # jul/19/2016 15:29:29 by RouterOS 6.36rc30 # software id = # /interface list add name=TEST /interface list member add interface=ether1 list=TEST admin@MikroTik-CHR-Dude] > /ip...
by KBV
Sun Jun 26, 2016 4:00 pm
Forum: Beginner Basics
Topic: 3560 and Mikrotik RB2011-RM vlans not working
Replies: 3
Views: 688

Re: 3560 and Mikrotik RB2011-RM vlans not working

interface GigabitEthernet0/6
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 100,200
missing "switchport mode trunk" command
by KBV
Mon Mar 28, 2016 9:13 am
Forum: Announcements
Topic: v6.35rc [release candidate] is released, new wireless package!
Replies: 537
Views: 104941

Re: v6.35rc [release candidate] is released, new wireless package!

CRL do not work correctly
Self-signed certificates do not contain CRL when working through winbox - CRL field not available.
When signing via CLI this is no problem.

But CRL is still not working correctly when you export / import the certificate- then CRL contains inappropriate information.
by KBV
Wed Feb 10, 2016 12:33 pm
Forum: RouterBOARD hardware
Topic: AMD 2650 (AM1) only one cpu
Replies: 4
Views: 1050

Re: AMD 2650 (AM1) only one cpu

Never run the "Bandwidth test" on the system under test. It is not clever :D
You are testing the traffic generator performance.
by KBV
Sun Feb 07, 2016 8:01 am
Forum: Announcements
Topic: v6.35rc [release candidate] is released, new wireless package!
Replies: 537
Views: 104941

Re: v6.35rc is released, new wireless package!

Returned old problem - time is not synchronized with the dynamic NTP servers.
After the command "/system ntp client print" synchronization occurs immediately.

It does occur not on all routers. I could not understand what it depends on.
by KBV
Thu Oct 29, 2015 12:21 pm
Forum: General
Topic: v6.33rc release candidate (final testing)
Replies: 203
Views: 36899

Re: v6.33rc release candidate (final testing)

*) fastpath - eoip,gre,ipip tunnels support fastpath (new per tunnel setting "allow-fast-path");
Not available in Winbox.
As a result you can not create tunnel (eg GRE) with IPSEC via Winbox
See attach
And you can not turn fastpath off /Not available in Winbox/

How to create a tunnel?
by KBV
Wed Oct 28, 2015 10:41 pm
Forum: RouterBOARD hardware
Topic: RB1100AHx2 Poor Performance
Replies: 5
Views: 1100

Re: RB1100AHx2 Poor Performance

tried running various Internet speedtest's
You do not control all the elements of the test to conclude that the problem is in you router.
What to you allows to draw conclusion what a problem in a RB1100AHx2, but not in hundred other routers in the Internet.
by KBV
Mon Oct 26, 2015 8:37 pm
Forum: RouterBOARD hardware
Topic: RB850Gx2 vs hex
Replies: 5
Views: 2177

Re: RB850Gx2 vs hex

Yes, you are completely right
With the new version rb850gx2 I got IPSEC speed 150+150Mbps (rx+tx), unlike the old version 50+50mbit
I think this is a very good result (150+150=300 in sum) IPSEC performance.
by KBV
Mon Oct 26, 2015 1:24 pm
Forum: RouterBOARD hardware
Topic: RB850Gx2 vs hex
Replies: 5
Views: 2177

Re: RB850Gx2 vs hex

rb850gx2 not support Fast path. I think that explains everything
by KBV
Fri Oct 23, 2015 11:20 pm
Forum: General
Topic: Problem with falling IPSec VPN connection between MikroTik and Cisco
Replies: 10
Views: 2648

Re: Problem with falling IPSec VPN connection between MikroTik and Cisco

IPSEC settings are not the same in many places. Where is "PFS Group 2" in Mikrotik (phase 1)? crypto isakmp policy 30 encr 3des authentication pre-share group 2 you set it on Cisco... The default values for "Lifetime" are also different in Cisco and Mikrotik. I'm not sure that the Cisco is compatibl...
by KBV
Thu Oct 22, 2015 7:59 pm
Forum: RouterBOARD hardware
Topic: RB850Gx2 very low speed
Replies: 5
Views: 1361

Re: RB850Gx2 very low speed

Mikrotik, please repair the routers RB850Gx2 :?
Copy screenshot-2.jpg
by KBV
Thu Oct 22, 2015 7:02 pm
Forum: RouterBOARD hardware
Topic: RB850Gx2 very low speed
Replies: 5
Views: 1361

Re: RB850Gx2 very low speed

I have simplified the configuration. Now it's just a bridge Server is connected to the interface Ether2. computer to the Ether3. Speed up to 100 Mbit/s :( Copy screenshot.jpg [admin@MikroTik] > /export # oct/22/2015 21:51:02 by RouterOS 6.32.3 # software id = xxxxxxx # /interface bridge add name=bri...
by KBV
Thu Oct 22, 2015 6:32 pm
Forum: RouterBOARD hardware
Topic: RB850Gx2 very low speed
Replies: 5
Views: 1361

Re: RB850Gx2 very low speed

MTU on interfaces set by default 1500B (in the first message is a complete router configuration) I tried to set 1400, then 1560 on Ether1&2. Nothing has changed. Then I tried the following commands: /ip firewall connection tracking set enabled=auto / ip firewall mangle add action = change-mss chain ...
by KBV
Thu Oct 22, 2015 4:25 pm
Forum: RouterBOARD hardware
Topic: RB850Gx2 very low speed
Replies: 5
Views: 1361

Re: RB850Gx2 very low speed

In the program Wireshark I see a lot of messages "TCP out-of-order" and "TCP Dup ACK"
by KBV
Thu Oct 22, 2015 4:08 pm
Forum: RouterBOARD hardware
Topic: RB850Gx2 very low speed
Replies: 5
Views: 1361

RB850Gx2 very low speed

There is a problem In this scheme I can not get the speed of copying a file from a server to computer more than 150Mbit/s. Router CPU load 5-15% If connect directly - 850mbit/s Configurations very simple- no queues, no firewall rules, no connection tracking etc. No errors, all interfaces of 1Gb/s. [...
by KBV
Fri Oct 16, 2015 6:34 pm
Forum: General
Topic: v6.33rc release candidate (final testing)
Replies: 203
Views: 36899

Re: v6.33rc release candidate (final testing)

Has this release addressed the constant reboots when using GRE tunnels or has this not been identified yet.
At first glance the problem is solved.
I updated to RC24 without incident :D
by KBV
Fri Oct 09, 2015 2:59 pm
Forum: General
Topic: v6.33rc release candidate (final testing)
Replies: 203
Views: 36899

Re: v6.33rc release candidate

rc22 released. we have fixed the latest few problems and are getting ready for v6.33 release. You are crazy! 6.33rc21 and 6.33rc22 does not work on rb850gx2. Completely (reboots infinetely). I thought that this is just a beta and nothing serious. But you're going to let release. When users update w...
by KBV
Tue Sep 29, 2015 9:03 am
Forum: RouterBOARD hardware
Topic: 2X RB450G as PPPoE and Hotspot Server with User manager Radius Server Max User
Replies: 10
Views: 1285

Re: 2X RB450G as PPPoE and Hotspot Server with User manager Radius Server Max User

First. I have not seen the second.
It would be very interesting to know. If there are no problems with them - I would replace my.

Who has such a device (new version of the rb850gx2)? It is necessary to conduct a small test ...
by KBV
Mon Sep 28, 2015 11:21 am
Forum: RouterBOARD hardware
Topic: 2X RB450G as PPPoE and Hotspot Server with User manager Radius Server Max User
Replies: 10
Views: 1285

Re: 2X RB450G as PPPoE and Hotspot Server with User manager Radius Server Max User

The 850gx2 is not working well. I propose to wait until its fixed.
by KBV
Sun Sep 13, 2015 8:44 pm
Forum: General
Topic: Русскоязычный раздел форума.
Replies: 10
Views: 5893

Re: Русскоязычный раздел форума.

Это неплохо, но Здесь не наберется столько русскоговорящих пользователей чтобы раздел не помер. И это затруднит решение проблем. Сейчас большой плюс форума- что форум почитывают разрабы, вы в тикете (в техподдержку) можете сослаться на тему, а разраб может ее почитать для уточнения нюансов. А с русс...
by KBV
Sun Sep 13, 2015 12:29 am
Forum: RouterBOARD hardware
Topic: RB850Gx2 - serious problem with the transmission of packets
Replies: 5
Views: 1521

Re: RB850Gx2 - serious problem with the transmission of packets

And understand finally what vlan is default - 0 or 1!
I will explain.
When you turn on secure "vlan-mode", you must create this vlan in the table.
Not tagged interface also has a vlan, usually 0.
But on RB850Gx2 this is vlan 1 !!
WTF! How should I know?
Amount of bugs scares me :(
by KBV
Sat Sep 12, 2015 10:07 pm
Forum: RouterBOARD hardware
Topic: RB850Gx2 - serious problem with the transmission of packets
Replies: 5
Views: 1521

Re: RB850Gx2 - serious problem with the transmission of packets

Something like this...
Hardware switch works well-108MB/s
Fix the software switch (bridge) pls :(
copy 108MB-s.jpg
by KBV
Sat Sep 12, 2015 7:01 pm
Forum: RouterBOARD hardware
Topic: RB850Gx2 - serious problem with the transmission of packets
Replies: 5
Views: 1521

Re: RB850Gx2 - serious problem with the transmission of packets

Thank you. I know it's probably solve the problem.
But there are exist several VLANs, it is very difficult to configure the hardware switch.

Productivity of software switch is enough for me. But this significant failure should be corrected.
by KBV
Sat Sep 12, 2015 3:56 pm
Forum: RouterBOARD hardware
Topic: OC potential of rb850gx2
Replies: 1
Views: 615

Re: OC potential of rb850gx2

To increase the frequency the CPU radiator needs to be replaced, possibly with active cooling
I do not think that the next ROS can solve it :D
by KBV
Sat Sep 12, 2015 2:05 pm
Forum: RouterBOARD hardware
Topic: RB850Gx2 - serious problem with the transmission of packets
Replies: 5
Views: 1521

Re: RB850Gx2 - serious problem with the transmission of packets

And in addition to changing the order I see a small percentage of packet loss.

I do not know will I be able to configure all on the switching chip. It is rather difficult for me :(
But now this device is not suitable for use :(
by KBV
Sat Sep 12, 2015 1:18 pm
Forum: RouterBOARD hardware
Topic: RB850Gx2 - serious problem with the transmission of packets
Replies: 5
Views: 1521

RB850Gx2 - serious problem with the transmission of packets

A significant drop file transfer performance via the software bridge. I spent a lot of time to understand what was happening- File Transfer is up to 20-30MB/s (Megabytes/s). Pings are going well (without losses and delays), but the speed of transmission is very low. I came to the conclusion that the...
by KBV
Wed Aug 12, 2015 11:04 am
Forum: RouterBOARD hardware
Topic: RB850Gx2 - Release date?
Replies: 193
Views: 47294

Re: RB850Gx2 - Release date?

What encryption standards supported Hardware Accelerator?
In addition to the AES128
by KBV
Sat Aug 08, 2015 9:31 am
Forum: RouterBOARD hardware
Topic: RB850Gx2 - Release date?
Replies: 193
Views: 47294

Re: RB850Gx2 - Release date?

It is only encryption performance. RB1100ahx2 roughly twice as powerful. I doubt that you will get so much on RB850Gx2 due to other restrictions.
However in VPN range 100-300mb/s this router must be good.
by KBV
Tue Aug 04, 2015 6:17 pm
Forum: General
Topic: RB1100AHx2 After Upgrading to ROS 6.30.2
Replies: 13
Views: 2470

Re: RB1100AHx2 After Upgrading to ROS 6.30.2

RB1100AHx2 nominally not support virtualization.
You have tried to work around this limitation third-party applications?

I do not understand your discussion and conclusions :?
by KBV
Thu Jul 30, 2015 7:00 am
Forum: RouterBOARD hardware
Topic: RB2011UiAS-2HnD-IN, is Gigabit routing possible?
Replies: 33
Views: 20064

Re: RB2011UiAS-2HnD-IN, is Gigabit routing possible?

5GHz has a narrow application. I'm not sure that the router with the AP 5GHz it right. You can not put RB2011 (or similar device but with a 5GHz) on the ceiling or on the wall in the living room :D
Really good scheme networks- separate router and a separate AP installed in the proper place.
by KBV
Wed Jul 29, 2015 8:14 pm
Forum: RouterBOARD hardware
Topic: RB850Gx2 - Release date?
Replies: 193
Views: 47294

Re: RB850Gx2 - Release date?

Left to repair fasttrack and fastpath :(
by KBV
Tue Jul 28, 2015 3:59 pm
Forum: General
Topic: Subnet Routing problem!!!
Replies: 9
Views: 740

Re: Subnet Routing problem!!!

In the case of Direct delivery routing mechanisms are not used. It uses ARP
Read about the Direct and Indirect delivery of IP :?
by KBV
Tue Jul 28, 2015 3:47 pm
Forum: General
Topic: Subnet Routing problem!!!
Replies: 9
Views: 740

Re: Subnet Routing problem!!!

Read about the Direct and Indirect delivery of IP packets
by KBV
Wed Jul 15, 2015 5:42 pm
Forum: RouterBOARD hardware
Topic: CRS SWITCH MAC LIMIT
Replies: 3
Views: 1186

Re: CRS SWITCH MAC LIMIT

It is very strange.
According to the general switching rules in this case frames should be flooded (similar to a broadcast frames). Or new entry replaces the oldest entry in the table; both processes are usually invisible to the user.
Blocking does not occur ever.
by KBV
Wed Jul 15, 2015 4:08 pm
Forum: Announcements
Topic: v6.30.x bugfix release
Replies: 136
Views: 33474

Re: v6.30.1 bugfix release

you are somewhere lost x86 "Extra packages" in 6.30(x) :)
link on the download page is not available, but the package can be downloaded if you enter a direct link
by KBV
Mon Jul 13, 2015 9:58 pm
Forum: General
Topic: Firewall drop rules not working
Replies: 2
Views: 1391

Re: Firewall drop rules not working

you need a table of FORWARD, not input
by KBV
Wed Jul 01, 2015 1:11 pm
Forum: Announcements
Topic: FastTrack - New feature in 6.29
Replies: 237
Views: 139156

Re: FastTrack - New feature in 6.29

it's not supported on my router at home which is an RB450G
FastTrack is supported only half router models. So it's normal.
by KBV
Wed May 06, 2015 6:59 pm
Forum: RouterBOARD hardware
Topic: mAP 2n blinking
Replies: 25
Views: 9354

Re: mAP 2n blinking

Yes, on my device it was. Exactly when upgrading to 6.28
After that I was able to upload the new version using netinstall
by KBV
Tue May 05, 2015 4:53 pm
Forum: RouterBOARD hardware
Topic: CRS125-24G-1S-2HnD packet loss
Replies: 17
Views: 2168

Re: CRS125-24G-1S-2HnD packet loss

Ask your ISP whether has AutoNegotiation fulfilled on the external interface. A consistent interface mode on both sides must be the same (sometimes it is not so)
by KBV
Thu Apr 30, 2015 7:06 pm
Forum: Announcements
Topic: FastTrack - New feature in 6.29
Replies: 237
Views: 139156

Re: FastTrack - New feature in 6.29

Yes, it seems so.
I also tried it on MIPSBE. There are small oddities, but generally works well :)
On my other platforms it has not yet happened.
by KBV
Tue Apr 28, 2015 10:33 pm
Forum: Announcements
Topic: FastTrack - New feature in 6.29
Replies: 237
Views: 139156

Re: FastTrack - New feature in 6.29

I feel there is some kind of trick :D
by KBV
Tue Apr 28, 2015 10:06 pm
Forum: Announcements
Topic: FastTrack - New feature in 6.29
Replies: 237
Views: 139156

Re: FastTrack - New feature in 6.29

KBV - Did you use CCR device? FastTrack will work properly on CCR devices starting from 6.29rc14 version
Oh, no. I did not know that it only works on CCR
I tried to run on 850gx2
by KBV
Tue Apr 28, 2015 6:01 pm
Forum: General
Topic: New features and routerOS v6
Replies: 8
Views: 3123

Re: FastTrack - New feature in 6.29

Complication of development has its price. Directly and in dollars :)
And this is leading to market positioning. I think things are not so simple..
by KBV
Tue Apr 28, 2015 4:40 pm
Forum: Announcements
Topic: FastTrack - New feature in 6.29
Replies: 237
Views: 139156

Re: FastTrack - New feature in 6.29

It is not about filter rules, it is also about NAT. Basically it is fastpath solution when connection tracking is necessary Connection tracking can operate without NAT, It is rather a function of the "Full State Firewall" If the FS firewall and NAT is not necessary, tracking is better forcibly disa...
by KBV
Tue Apr 28, 2015 2:41 pm
Forum: General
Topic: IOS IPS running on 2901 Router Throughput Issue
Replies: 2
Views: 725

Re: IOS IPS running on 2901 Router Throughput Issue

When you turn on IPS on the CheckPoint equipment performance drops to 10 times (with a maximum depth checks).
This is normal. IPS is extremely costly task.

On serious firewalls you can control the depth and scope of inspections to look for balance of performance and security
by KBV
Tue Apr 28, 2015 12:03 pm
Forum: Announcements
Topic: FastTrack - New feature in 6.29
Replies: 237
Views: 139156

Re: FastTrack - New feature in 6.29

I added this rule to the top. [admin@RB850Gx2] > /ip firewall filter print Flags: X - disabled, I - invalid, D - dynamic 0 chain=forward action=fasttrack-connection connection-state=established,related log=no log-prefix="" 1 chain=forward action=accept connection-state=established,related log=no log...
by KBV
Fri Apr 24, 2015 6:27 pm
Forum: Announcements
Topic: RouterOS v6.28 released
Replies: 229
Views: 61716

Re: RouterOS v6.28 released

I'm sorry :(
Router RB850Gx2 randomly hangs on reboot. I could not find regularities.
Relationship with the / system console has not been confirmed.
Well, I'll write our support.
by KBV
Fri Apr 24, 2015 5:54 pm
Forum: Announcements
Topic: RouterOS v6.28 released
Replies: 229
Views: 61716

Re: RouterOS v6.28 released

Router RB850Gx2 hangs on reboot if serial port is removed from the /system console [admin@RB850Gx2] > /system console print Flags: X - disabled, U - used, F - free # PORT TERM RouterBOOT booter 3.22 RouterBoard 850Gx2 CPU frequency: 533 MHz Memory size: 512 MiB NAND size: 512 MiB Press any key withi...
by KBV
Wed Apr 22, 2015 9:51 pm
Forum: Beginner Basics
Topic: Switch Chip: what am i doing wrong
Replies: 3
Views: 616

Re: Switch Chip: what am i doing wrong

I solved the problem. Thanks to all :)
The port "switch 1 cpu" was in VLAN-mode "disabled". Tags have been ignored and vlan 81 was in a LAN network :)
by KBV
Wed Apr 22, 2015 5:59 pm
Forum: RouterBOARD hardware
Topic: RB850Gx2 - Release date?
Replies: 193
Views: 47294

Re: RB850Gx2 - Release date?

5. ~150-200Mbps
I checked ipsec throughput RB850Gx2 with ROS 6.28
With routing and some firewall rules:
receiving 120-125Mbps
transmission 112Mbps

Without routing and filtering I believe that will be close to 150Mbps :)
by KBV
Tue Apr 21, 2015 1:06 pm
Forum: Beginner Basics
Topic: Switch Chip: what am i doing wrong
Replies: 3
Views: 616

Re: Switch Chip: what am i doing wrong

Sorry :)
RB850Gx2 , Atheros 8327 switch chip

/interface ethernet switch port
set 0 - this is the Port 2
set 2 - Port4
by KBV
Mon Apr 20, 2015 8:04 pm
Forum: Beginner Basics
Topic: Switch Chip: what am i doing wrong
Replies: 3
Views: 616

Switch Chip: what am i doing wrong

I want to do so: scheme.jpg /interface bridge add name=bridge-DMZ protocol-mode=none add name=bridge-LAN protocol-mode=none /interface vlan add interface=ether2-Server name=Port2-vlan81 vlan-id=81 /interface bridge port add bridge=bridge-LAN interface=ether2-Server add bridge=bridge-DMZ interface=Po...
by KBV
Mon Apr 20, 2015 8:13 am
Forum: General
Topic: RB750UP Switch Chip and Routing
Replies: 3
Views: 836

Re: RB750UP Switch Chip and Routing

Yes of course :) L3 routing must be done through the "switch 1 cpu"
I tried to do the following scheme - see below
Evening I'll try again and show what happened - I will be grateful if you help to understand what I'm doing wrong :)
by KBV
Sun Apr 19, 2015 8:47 pm
Forum: General
Topic: RB750UP Switch Chip and Routing
Replies: 3
Views: 836

Re: RB750UP Switch Chip and Routing

Hello
I have tried to implement similar task on rb850x2.
This is easily implemented using software Bridge, but nothing happened on the Atheros chip.
I could not understand the reason (maybe I did something wrong) :(
If the community is ready to help I am ready to continue the experiments.
by KBV
Fri Apr 17, 2015 4:07 pm
Forum: General
Topic: v6.28 will be released this week!
Replies: 72
Views: 18879

Re: v6.28 will be released this week!

Do not turn on RoMON on productive routers. This can lead to hangs.
On my RB850Gx2 RoMON does not work, and one core hangs after RoMON turning off.
And you have to reboot the router.
by KBV
Mon Mar 30, 2015 9:52 pm
Forum: General
Topic: APC UPS
Replies: 10
Views: 4241

Re: APC UPS

So is there support for the APC UPS or not?
The 10 topics with this issue and silence :?
by KBV
Sat Nov 15, 2014 1:07 pm
Forum: RouterBOARD hardware
Topic: mAP-2n AP/CAP LED
Replies: 3
Views: 1985

mAP-2n AP/CAP LED

Hi!
I recently bought mAP-2n. There is a question about LED AP / CAP.
The image can be assumed that in AP mode it should light up. In reality, the LED never lights up. In CAP mode it flashes.

Is it possible to make the switching-on of the LED corresponds to the the inclusion of of the access point?
by KBV
Tue Nov 11, 2014 3:49 pm
Forum: General
Topic: v6.21.1 released
Replies: 112
Views: 27361

Re: v6.21.1 released

Who will read your discussion on the Russian?
This interesting presence admins and developers here.

PS как вы занимаетесь IT без Английского? Документацию Гуглом переводите? Сочувствую.