MikroTik

rwrocket

I am investigating how to deploy TR-069 setup with my PPPoE Customer CPE and I found that the ACS url can be set with DHCP option 60 or DHCPv6 option 16 I am not using DHCP for CPE but prefer to use PPPoE, however I am currently passing IPv6 prefixes to the CPE by way of DHCPv6 PD Pool It would be a...

rwrocket

on pcq queue you can change "pcq-rate=30M" for "pcq-rate=0" is not necesary to specify this value becaus you are limiting on the simple queue, this value is used t o limit per host speed values for 30m/20m i will recommend: download: limit 999 and total limit of 99999 upload: li...

rwrocket

*bump*

hate having to bump my own thread but more often than not my posts get 0 replies, maybe I am asking too difficult questions?

rwrocket

I have been revisiting PCQ queues recently and have found it difficult to find a straight forward formula or definitive answer on how to calculate the PCQ settings. I will give two different examples just so I can get it clear in my head. I have so far left the default pcq-limit of 50Kib and 2000Kib...

rwrocket

Thank you for the reply, I am not clear what you are mean though or if it is normal or not?

The majority of these packets come from my customer side (PPPoE clients) attempting to reach outside (internet) addresses

rwrocket

If I turn on logging/blocking of invalid forward traffic in this intermediate router I get a lot of packets that seem to be legit but are being marked as invalid. For now I am allowing it in case it causes problems for our customers so I hope someone might be able to explain why I am seeing this. To...

rwrocket

I have setup calea server and sender as per the wiki https://wiki.mikrotik.com/wiki/CALEA I can see packets being sent by the intercept client and they appear to be getting to the calea server (I can see traffic on the interface suggesting this) But I see no files in the created folders and when I d...

rwrocket

I know there are a few topics on dynamically updating blacklists on here and one very good recent one by IntusDave by the looks of it, However I was thinking it would be useful to be able to lookup Abuse IPDB automatically using their provided API from either within mikrotik or via some fancy script...

rwrocket

I have these CRS switches some in production and some laying around and I kind of hating using them as a switch due to the RouterOS switching implementation Is there any hope of running SwOS on them as from what I can see they are not supported and still auto update to ROS. I remember in the beginni...

rwrocket

Hi Priority only used in OSPF protocol for selected DR and BDR. Your network uses Link-Link DR and BDR respectively do not need. Use the point-to-point network type and set up the Hello and the Dead interval What are your losses on the channel and delay? Sorry but as stated I don't want to use PTP ...

rwrocket

Surely this can be done with eBGP also just as effectively as OSPF?

rwrocket

I have the following setup in which I previously had problems with OSPF dropping in PTP or PTMP mode so I switch to NBMA for stability as these are 20+km wireless links (mixture of cambium and UBNT radios) ROS Versions were 6.38-6.39 Traffic should flow over the primary link at all times unless the ...

rwrocket

We use a 3rd party radius solution based on freeradius + mikrotik for PPPoE VDSL customers. Mikrotik is connected to a VDSL2 DSLAM which then connects to customer VDSL2 modems. For accurate daily statistical accounting information we set PPPoE session timeout to 24 hours on Mikrotik profile. The pro...

rwrocket

+1
I need this yesterday

rwrocket

ZeroByte I am unfortunately in a situation with my transit providers that fits what you described about the local pref. Prepending does not work unfortunately because of the ISP upstream of our transit provider has set a high local pref for our backup transit provider over our primary where we have ...

rwrocket

I understand how to set the metrics in multiple instances, but I am not sure if I understand if multiple OSPF instances would be the solution here/might cause more problems?

rwrocket

This may well be an OSPF design flaw by myself and I could potentially fix it but I wanted to ask if there is another way before I decide to run vlans over my router connections. Basically I have R3 connected to R1 and R2 via an external providers fibre connection. The external provider has given me...

rwrocket

FYI in case anyone strikes this problem Hello, Your configuration has multiple master-ports, they create a simple port isolation solution but CRS switch-chip VLANs can work only on the first port group with a master-port. You should reconfigure CRS to use one master-port for all ports if you want to...

rwrocket

So this is very strange and driving me mental All I want to achieve is to have port 24 trunk (tag multiple vlans) and then have port 22 and later other ports untagged on selected vlans. I setup a trunk vlan and untagged vlan setup to suit my environment following the Example 1 (Trunk and Access port...

rwrocket

*BUMP* I have the same problem

MTU over 1500 seems very problematic

rwrocket

*BUMP*

I would really like to know about this as I am using CHR on Unetlabs and I think I have ran into the MTU greater than 1500 problem

rwrocket

One more note on MED, instead of relying on your IGP metrics, you can just specify a MED when sending routes to an eBGP neighbor. In routing filters, there is a BGP action "set BGP MED" - put MED of 50 on R1, and MED 100 on R2. This will be the simplest (and in my opinion, the most approp...

rwrocket

Thank you once again ZeroByte for being my hero and explaining things so clearly. I didn't know that communities = local pref, I thought they were something completely different and not related. I think it will make more sense now if I tell you that I am using communities already on both R1 & R2...

rwrocket

But here's the thing, the routes I am sending to the upstream peer are learned from OSPF, so I am originating them...
I am receiving only default route from upstream router

I already asked the ISP if they can set the local pref on their inbound route map but they told me it's something I need to do.

rwrocket

I have two CCR1009-8G-1S-1S+ running 6.35.4 lets call them R1 and R2 the configuration is this: one upstream BGP peer on both routers(I am unable to alter configuration on this router) The Upstream BGP peer, connects to both my routers inside a /29 network. I want R1 to be the primary path for outgo...

rwrocket

Thanks all

the 31DLC10D worked

Now I just need to find if there is a switch mikrotik make that has dual power and supports it

rwrocket

The cable is LOOPED so 23 goes into 24 I asked about this and was told that we need to use both ports (TX and RX) and it was looped for testing but we are free to remove the cable and insert our own. I also found reference to duplex SMOF in the order for connection between demarc and our rack which ...

rwrocket

fdfsd.jpg The picture attached is of a cables only 10gig service we have with one of our upstream providers. The information I have is that we need to connect to both ports 23 & 24 as one is TX and the other RX This makes me inclined to think that it is single mode fiber What I am not sure abou...

rwrocket

Strongly agree

this is just silly

such a time waster to have to edit all duplicate interface names out of a config file to do a clone backup

rwrocket

########BUG confirmed##### Hello, Thank you for your e-mail. There was indeed a bug regarding your issue. Looks like we managed to fix it, but the fix is not jet published thus not tested either. The fix will be available for testing in v6.34rc12 and latter. I will also inform you when it gets teste...

rwrocket

Just guessing here... Could it be when you ping you measure trip time from A to B, but what you refer in netwatch is timeout? If time for a packet to travel from A to B is 4ms, for netwatch probe to get a packet from A to B (4ms) and the reply back from B to A (another 4ms) = 8ms. Too tight for 9ms...

rwrocket

#### UPDATE, BUG confirmed see last post ############ I am trying to use the Netwatch tool but am finding the timeout value confusing. I am running 6.32.2 ROS I have the interval set to 00:00:10 if I set the Timeout Value to 10ms the netwatch status goes to UP If I set the Timeout value to 9ms the n...

rwrocket

I have been having good success with wireless-default type actually in my recent tests

Hopefully it stays this way but looks like I may have found my solution

rwrocket

As I said.....

PPPoE

this implies simple queue because as far as I know PPPoE can only use simple queues.

There is no queue config as such, they are created dynamically upon successful PPPoE radius auth

rwrocket

Currently I am running 6.32.2 I have long struggled with suspecting that queues in Mikrotik are slowing down my customers more than it should. I thought I had solved the problem by going away from using the default-small queue type but I found the problem seems to be back. Here is the scenario PPPoE...

rwrocket

*BUMP*

Uldis any update on this?

This would be a game changer for us

rwrocket

BUMP

Need this too

rwrocket

Split Horizon indeed does solve my issue, seems to be the most elegant solution also

thanks all

rwrocket

I will experiment with both of these solutions and get back to you both

thanks for your input

rwrocket

I have found out the solution to this problem myself It is because my VLAN MAC Addresses are the same In my case I had my vlans attached to an INTERFACE BOND so they all had the same MAC address I am not sure the best way to get around this however Doesn't seem like I can change the MAC address on t...

rwrocket

Well I am glad to know it is not only me

However I don't have QinQ, I am just adding VLANs to a bridge then putting a PPPoE Server on that bridge.

rwrocket

I have a PPPoE Setup I am testing Previously I had 2 PPPoE clients and two PPPoE servers running on their vlan interfaces respectively all on mikrotik hardware. I plan to deliver PPPoE using Radius to configure IP's etc so I thought I could create just one PPPoE Server on a bridge and bridge all my ...

rwrocket

RB2011 non fastpath with firewall and NAT will only net about 130mbps I believe from my testing

rwrocket

Sorry I know this is not ROS related but it's driving me crazy and I can't find a forum for posting forum bugs/issues.

rwrocket

Rather new to MPLS + VPLS on Mikrotik and trying to get it working for PPPoE delivery in my lab however I have run into a problem I don't think is MTU related. For now I have removed all switches bridges etc while I try to troubleshoot why one of my tunnels is not passing traffic. Here is the scenar...

rwrocket

Thanks very much for the reply djmitch Most of what you did I already understood and had planned to do, Any reason why you use NBMA OSPF instead of PTP/PTMP? I have found PTP to work great over wireless with mikrotik so far. For the scripting redundancy, this is really what my question was as I am u...

rwrocket

Wondering if some gurus can help me plan this in my head. I understand how MPLS and VPLS tunnels work over an OSPF infrastructure and I plan to test and implement this in my OSPF network soon. I am wanting to move to PPPoE as well and like the idea of having a central PPPoE server connected to the C...

rwrocket

The other end will be mikrotik also but not directly opposite via layer2

It will go through some radio links

I had decided to do this by bonding EOIP tunnels but as you said it is putting load on the cpu instead of using the switch capabilities.

rwrocket

Hoping someone can please help me because I am pulling my hair out here. I have a CRS125-24G-1S-IN Here is the configuration I need Eth1 & Eth 2 in a active backup bond. Management vlan 20 attached to switch1 cpu and tagged these ports Customer vlan 10 on tagged on these ports ANy other port /al...

rwrocket

In general terms, the network statements in BGP are a list of prefixes which the router will originate if it sees a matching route (exact match, both destination and mask) in the active routing table. In other words, it's a set of destinations that the router will tell the world it knows how to rea...

rwrocket

Advertise your /24 in both places AND announce your more specific prefixes. I assume of course that your customers in geographic region A all come from a specific subset of your IP space (the same /27 for instance) and region B is also able to be aggregated into a single prefix. In order for MEDs t...

rwrocket

Ahh sorry I was not clear The answer to your question is, you can set it up do what you like... e.g if you wanted to load balance across the two interfaces, http://wiki.mikrotik.com/wiki/Manual:BGP_Load_Balancing_with_two_interfaces or if you wanted to do load sharing... http://wiki.mikrotik.com/wik...

rwrocket

I am pretty new to BGP so forgive me if this is a rather straight forward question. Say I have my own AS number and I have two independent links to my upstream ISP Lets call these links link A and link B. Both connecting to the same ISP and thus peering to the same AS number So lets say for the argu...

rwrocket

Ok so I think I found what is causing the disconnect set [ find default-name=ether12 ] l2mtu=1590 From what I can see, the ROS defaults for 6.28 on a CCR1036-12G-4S are 12mtu=1580 it must have previously been 1590 because I certainly did not change this but it is in my config file Also this causes t...

rwrocket

Thanks Connect to router MAC via WinBox (i.e. layer2), upload the file to the RB, then go to terminal and issue /import verbose=yes file-name=YourExport.rsc That way you should see where the error is. Thanks Pukkita, making progress Found a couple of errors in my config and fixed them but now I got ...

rwrocket

If I do that all that happens is I am disconnected from winbox

And when I reconnect doesn't appear like any of the config has been written.

Can I send you my config ? I will try PM you.

Seems to me like the memory is filling up or something, it is quite a large config

rwrocket

I can send it to you but don't really want to attach it here for obvious reasons.

But I don't see why that really matters because I just want to know how to log errors when importing a config file

rwrocket

Title says it all.

I am frustrated with my backup restore script not working so I need to see where it fails in the import process.

I need to log errors to a file because when I import the configuration file I get disconnected from winbox so I never see the output in the terminal.

rwrocket

I was right it is a bug

Fixed in the latest nightly RC build apparently

However I am not brave enough to run a pre-release update on a production router

rwrocket

I Would like to see a Routerboard with integrated Dual band dual chain radios + at least one Mini-PCI-E expansion slot. This will be something to replace Ubiquity UAP Pro and UAP AC . It will have the ability to serve both 5Ghz and 2.4Ghz simultaneously as well being able to add one more additional ...

rwrocket

And it looks like my old friend the "every queue stops getting traffic when a queue is changed" bug is back again

If I disable all Queues and re-enable it fixes it but this concerns me greatly.

rwrocket

You reply before I fix my reply ;))) [...] but I have created that rule and I'm using it for months and google DNS IPs never go to that list. You put 8h timeout on the address list entry, my timeout is: when routerboard is rebooted.... [...] The IP do not have any related DNS name? [...] What other...

rwrocket

Why you not ask directly on the original post where you find the rule? viewtopic.php?f=2&t=54607&p=480275&hilit=%40SCANNER#p480275 Sorry I forgot where I got the rule from, thanks for replying here. but you are fully secure than your dst-address is really unused? What other services go ...

rwrocket

I have a rule like so to catch people scanning our subnets XXX.XXX.XXX.XXX = an unused IP on our customer subnet. 1 ;;; HONEYPOT chain=forward action=add-src-to-address-list dst-address=XXX.XXX.XXX.XXX src-address-list=!WHITELIST address-list=@SCANNER address-list-timeout=8h in-interface=WAN1 log=no...

rwrocket

I have a great backup script that emails me backups every day of my CCR1036 Problem is that it doesn't seem to be generic enough to restore correctly on a duplicate device which worries me because if I have a hardware failure it will take some time to recover. I have been testing restores today and ...

rwrocket

I have a scenario like so: prerouting marking connection from A to B prerouting jumping to chain AB AB chain marking everything else as "AB Traffic" (passthrough) AB chain Marking http traffic type as "HTTP" (no passthrough) When I create a queue for HTTP under global and limit t...

rwrocket

Don't think it is that, it happens with MAC addresses never used before.

rwrocket

Subject is not very clear but here is the problem I am facing. I have a hotspot setup and working well with radius and MAC authentication. Only problem is that changes to MAC authentication in the radius server seem to require a hotspot restart on the mikrotik router for it to take effect. This does...

rwrocket

Can anyone advise me on how I can script this to run for a time period then stop? I see the sniff commands can be run with the following attributes but I am also not sure what they do. <interface> -- append -- as-value -- do -- file -- interval -- once -- without-paging I can press Q to stop it runn...

rwrocket

Great that was what I needed, the sniff command.

Now if only I could run it with a filter? but as far as I have read so far there is no filter commands for the wireless sniffer like there is for the other packet sniffer?

rwrocket

Title says it all

I cannot find any information on how to run the Wireless Packet Sniffer any other way than clicking on the start button.

rwrocket

Thanks for the reply

You confirmed my findings, that I need a dedicated radio for monitoring.

Now that I have come to terms with this I have a few ideas on how to achieve it.

BYO using routerboards seems entirely possible but not cost effective.

rwrocket

I am not sure if this has been discussed in here before, I was unable to find anything matching what I intend to do. Anyone familiar with Cisco Aironet or some other big Wireless vendors will know they have software and hardware to monitor beacons from any wireless device nearby a Wireless AP while ...

rwrocket

Thanks again

rwrocket

Ok I just tested by changing to translate "candidate" and Voila

Working as expected!!

Thank you ZeroByte this is awesome, kinda expected it to be something simple I had missed.

One final question.

Should I be redistributing connected as Type 1 or Type 2 in this example?

rwrocket

FIrstly thanks for your reply. One thing I noticed on R2 (I think) you put 10.255.255.0/24 into both areas, which is a no-no... EDIT****** Just noticed this was a typo, in my lab I have 10.255.255.0/24 only in Area 0.0.0.0 on R2. Will update the first post to reflect this there cannot be an ASBR in ...

rwrocket

Your diagram is most confusing, can you advise if the radios you want to monitor are out on the internet somewhere else or inside some of the subnets you listed in your diagram? If the latter there should be no problem as seems like there would be no NATing happening. There is a setting in AirContro...

rwrocket

I have a fairly standard OSPF setup in my lab that I am trying to get my head around and I need someone to explain to me what is possible without adding static routes. Here is my current setup. OSPF testing over wireless using NBMA R1 (ASBR) Gateway to internet Default backbone OSPF RID 10.255.255.1...

rwrocket

You haven't given very detailed information but as I understand it you should be able to do it by setting a static default route on R2 with a distance of 180 or something that will not take precedence over the default route coming from OSPF. You may need to adjust your OSPF instance on R2, by that I...

rwrocket

Recently new to RouterOS and am falling in love with my CCR1036 units . However I am confusing myself while attempting to setup VRRP in a hot spare type scenario. Here is what I am trying to achieve : Wan interface is tagged into vlan 10 Bridge created called WAN-BRIDGE and contains the VLAN10 inter...

Search found 80 matches