Community discussions

MikroTik App

Search found 532 matches

  • 1
  • 2
by amt
Fri Dec 22, 2023 7:26 pm
Forum: General
Topic: CGN NAT ( NAT444 ) help
Replies: 39
Views: 6126

Re: CGN NAT ( NAT444 ) help

It's not the number of firewall/nat rules that slows down throughput and places a large CPU load on the system. What slows down a system is how many rules have to be processed to get packets through the system. Thus - efficient use of jump tables is where you get the speed because you are then able...
by amt
Fri Dec 22, 2023 7:15 pm
Forum: General
Topic: CGN NAT ( NAT444 ) help
Replies: 39
Views: 6126

Re: CGN NAT ( NAT444 ) help

Bear in mind that 250 ports per customer actually mean 250 ports per connection to a particular remote socket, so far more than 250 connections per customer in total. There are just a few scenarios where that may still be a limitation - what comes to my mind is that some of your customers would hav...
by amt
Fri Dec 22, 2023 7:12 pm
Forum: General
Topic: CGN NAT ( NAT444 ) help
Replies: 39
Views: 6126

Re: CGN NAT ( NAT444 ) help

Thank you for sharing, I am starting to do the same process, only by using netmap instead of src-nat, I aim to reduce the number of rules.
Don't forget to read this:
viewtopic.php?t=176358
will definitely be examined in detail , thanks for inform :)
by amt
Fri Dec 22, 2023 11:35 am
Forum: General
Topic: CGN NAT ( NAT444 ) help
Replies: 39
Views: 6126

Re: CGN NAT ( NAT444 ) help

Thank you for sharing, I am starting to do the same process, only by using netmap instead of src-nat, I aim to reduce the number of rules.
by amt
Thu Dec 21, 2023 7:03 pm
Forum: General
Topic: CGN NAT ( NAT444 ) help
Replies: 39
Views: 6126

Re: CGN NAT ( NAT444 ) help

I ended up makin a text file and uploaded the text file to the CHR via winbox , then ran the file as a script ( I think my file was a .rsc file ?? ) --- Anyway - that way worked well and pretty fast. North Idaho Tom Jones I was talking about this, yes its better to import it to the CHR .rsc or prep...
by amt
Thu Dec 21, 2023 12:28 pm
Forum: General
Topic: CGN NAT ( NAT444 ) help
Replies: 39
Views: 6126

Re: CGN NAT ( NAT444 ) help

I'm closely following this thread as I urgently need to prepare for such notices :-(( In a worst case scenario, if I can't get severaI IP, I would have to NAT traffic from 250 devices into 1 public IP. In case I can't implement CGN, I was thinking of implementing a NAT-logging system instead, maybe...
by amt
Thu Dec 14, 2023 5:30 pm
Forum: RouterBOARD hardware
Topic: The big CCR2004 reboot thread (was 2004 hardware issues?)
Replies: 458
Views: 147721

Re: 2004 hardware issues?

We just had a 2004 have all interfaces go down and up again. Also seems OSPF dident fully recover, so in the end we rebooted it.

/Mikael
2023 is almost over and the problem still persists, is any one test and get good results with v7.12.1 ?
by amt
Tue Jul 04, 2023 9:18 am
Forum: General
Topic: Help with No track Raw rule
Replies: 2
Views: 2888

Re: Help with No track Raw rule

I usually do this 1) action=accept all traffic that needs NAT ( usually it is only traffic from local private subnets) in RAW table (it will send traffic to connection tracking - even if it is disabled) 2) disable connection tracking 3) build stateless firewall can you share example rule for 1 st o...
by amt
Tue Feb 15, 2022 1:13 pm
Forum: Announcements
Topic: v6.49.3 [stable] is released!
Replies: 64
Views: 21491

Re: v6.49.3 [stable] is released!

try again, it should work correctly now
Yes, Now it's okay. :)
by amt
Tue Feb 15, 2022 12:41 pm
Forum: Announcements
Topic: v6.49.3 [stable] is released!
Replies: 64
Views: 21491

Re: v6.49.3 [stable] is released!

upss, something wrong in here ?
version.png
by amt
Wed Apr 14, 2021 11:52 am
Forum: Announcements
Topic: v6.48.2 [stable] is released!
Replies: 141
Views: 61832

Re: v6.48.2 [stable] is released!

after update fw of powerbox;
Untitled.jpg
by amt
Wed Feb 05, 2020 9:51 am
Forum: Wireless Networking
Topic: Hotspot Splash Page Not Loading Automatically
Replies: 2
Views: 3561

Re: Hotspot Splash Page Not Loading Automatically

Please show us your firewall rules. Is the site opening when you try to access it directly (enter the IP-address in your browsers url bar)?
I have the same problem on hotspot, but when enter ip , login page opening...
by amt
Fri Sep 20, 2019 1:17 pm
Forum: Scripting
Topic: Blackhole automated
Replies: 3
Views: 3702

Re: Blackhole automated

more information needed. is that one host that attacks there are several hosts that attack, there are one host attacking with several connections etc. in all cases your solution is going to be different. there are one host attacking with several connections to one ip, or sometimes several host atta...
by amt
Thu Jul 25, 2019 9:09 pm
Forum: General
Topic: Radius CoA and PoD with PPPOE
Replies: 19
Views: 18858

Re: Radius CoA and PoD with PPPOE

PPPoE doesn't support CoA, only PoD.
You Wrong COA works with pope perfectly!!!!
Please read the changelog before posting.
In 2007 there was no any CoA for any PPP.
any trick on pppoe server side ? we are trying to implement COA, but queue not changing.
by amt
Fri Jul 19, 2019 9:37 am
Forum: Wireless Networking
Topic: Wireless LHG at 80Mhz
Replies: 1
Views: 1131

Re: Wireless LHG at 80Mhz

if your LHG Model is RBLHG-5HPnD-XL its not AC and its only 802.11 a/n wireless device, so You can go max 40Mhz not 80Mhz
if your LHG Model is RBLHGG-5acD its 802.11ac wireless device so you should select 5Ghz AC mode on Band to catch 80Mhz
by amt
Wed Jul 17, 2019 2:42 pm
Forum: General
Topic: tunnel issue
Replies: 4
Views: 1273

Re: tunnel issue

which ROS version at device ?
by amt
Mon Jul 15, 2019 1:50 pm
Forum: Wireless Networking
Topic: Station WDS error connecting
Replies: 1
Views: 1087

Re: Station WDS error connecting

you should disable airmax to connect any Mikrotik device to ubnt device.
by amt
Mon Jul 01, 2019 10:27 am
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 415
Views: 196547

Re: v6.45.1 [stable] is released!

many thanks Mikrotik Team...
by amt
Thu Jun 13, 2019 5:12 pm
Forum: Beginner Basics
Topic: set up second WAN/ISP temporarily
Replies: 8
Views: 2284

Re: set up second WAN/ISP temporarily

Here is the correct code: /ip firewall mangle add action=mark-connection chain=forward comment="ISP1-In" in-interface=ether1 new-connection-mark="ISP1-In" add action=mark-connection chain=forward comment="ISP2-In" in-interface=ether2 new-connection-mark="ISP2-In&q...
by amt
Mon Jun 10, 2019 8:54 am
Forum: General
Topic: Ability to change MAC of bonded interface
Replies: 1
Views: 1281

Re: Ability to change MAC of bonded interface

/interface bonding set forced-mac-address=XX:XX:XX:XX:XX:XX bonding1
by amt
Fri May 24, 2019 12:32 pm
Forum: General
Topic: Bridge or Bonding
Replies: 1
Views: 1661

Re: Bridge or Bonding

if your switch support LACP you can use bonding 802.3ad and enter your vlans under bonding interface
by amt
Fri May 24, 2019 8:37 am
Forum: Beginner Basics
Topic: EoIP Tunnel poor performance
Replies: 6
Views: 4869

Re: EoIP Tunnel poor performance

while location B using internet, internet comes from location A, So if your Upload is bad at location A you can not get better performance and also eoip add 42 byte header and if your pppoe connection at 1480Mtu you should set your EoIP mtu 1480-42=1438. when create EoIP do not touch anything it wil...
by amt
Thu May 23, 2019 3:42 pm
Forum: Beginner Basics
Topic: EoIP Tunnel poor performance
Replies: 6
Views: 4869

Re: EoIP Tunnel poor performance

Eoip interface had MTU 1406 but yesterday I changed to 1542 because I read that it could be improve the performance. Clam TCP MSS and Allow Fast Path is activated and L2 MTU is 65535 (I do not know if this value is correct for the proper functioning of the tunnel) if your interface mtu's are at 150...
by amt
Tue May 21, 2019 3:23 pm
Forum: Wireless Networking
Topic: link interruption
Replies: 3
Views: 1265

Re: link interruption

Some interference local to the tower? Grab a spectrum analyzer with directional antenna and hunt the fox ... I love the hunt the fox idea :) but I should climb to the tower and sit on it at midnight :) 3 links in almost the same direction, 3 of them start to disconnect same time. one of them at 01:...
by amt
Tue May 21, 2019 2:24 pm
Forum: Wireless Networking
Topic: link interruption
Replies: 3
Views: 1265

link interruption

Hello all, we have p2p link at 18 km with mant30, last few days our link start to disconnect at night time. signal increases from 43 to 77,80 and link start to drop, at daytime there is no any problem but at night problem start. we have 2 more links with 15km distance at same tower and they have als...
by amt
Sat May 18, 2019 3:53 pm
Forum: General
Topic: Bottleneck on CCR (possible queue related)
Replies: 10
Views: 4372

Re: Bottleneck on CCR (possible queue related)

We recently hit this same wall again. Our interface queues were set to multi-queue-ethernet-default with a queue size of 1000. This served us up to a peak throughput of 4Gbps. I've had to increase the queue size to 1500 to get our peak throughput above that. We do not need interface queues. We have...
by amt
Mon May 06, 2019 5:00 pm
Forum: General
Topic: What is the behavior of this log?
Replies: 2
Views: 872

Re: What is the behavior of this log?

disable l2tp server if you dont need it
/interface l2tp-server server set enabled=no
by amt
Wed Apr 24, 2019 10:12 am
Forum: Forwarding Protocols
Topic: Your experience with larger/diverse Area0 OSPF networks?
Replies: 19
Views: 6207

Re: Your experience with larger/diverse Area0 OSPF networks?

do you use any mangle rule while using ecmp ? No I don't have any mangle rule at my network (excepting when I need to configure GRE tunnels in the middle so I change the TCP-MSS via mangle rules). thanks for your answer sri2007, Im using ecmp but faced some problems. for example roter that with ecm...
by amt
Tue Apr 23, 2019 12:56 pm
Forum: Forwarding Protocols
Topic: Your experience with larger/diverse Area0 OSPF networks?
Replies: 19
Views: 6207

Re: Your experience with larger/diverse Area0 OSPF networks?

ECMP load-balancing works great too, it's my best solution to deploy a 20gig ring between two cities in the country, or even to aggregate some wireless links (using AirFiber 5xHD) to add them as a single port to increase the total throughput of that node. do you use any mangle rule while using ecmp ?
by amt
Fri Apr 19, 2019 3:40 pm
Forum: General
Topic: List Active PPP with ip address(where mtu 1480) [SOLVED]
Replies: 3
Views: 1925

Re: List Active PPP with ip address(where mtu 1480) [SOLVED]

Something like this ?
:foreach i in=[/interface find actual-mtu=1480 running] do={/ip address print where interface=[/interface get value-name=name $i]}
Yes thats solves my problem... Really Thanks...
by amt
Tue Apr 16, 2019 5:57 pm
Forum: The Dude
Topic: Where is db cleanup and maintenance info
Replies: 16
Views: 12657

Re: Where is db cleanup and maintenance info

The Wiki on this: https://wiki.mikrotik.com/wiki/Manual:The_Dude_v6/db_vacuum Also have a look at this script to backup and vacuum: https://github.com/sayajin101/Dude-Backup-Script Hello, vacumm not helped. I found another solutin and it's great now :) here is a solution; http://www.mtin.net/blog/c...
by amt
Tue Apr 16, 2019 4:43 pm
Forum: General
Topic: List Active PPP with ip address(where mtu 1480) [SOLVED]
Replies: 3
Views: 1925

List Active PPP with ip address(where mtu 1480) [SOLVED]

Hello all,
is there any method to print active ppp users with their ip ? but I would like to print only mtu 1480.
I tested belows but no chance
interface print where mtu=1480
No Ip listed
interface pppoe-server print where mtu=1480
no ip listed.

Thanks for all help
by amt
Tue Apr 16, 2019 9:36 am
Forum: The Dude
Topic: Where is db cleanup and maintenance info
Replies: 16
Views: 12657

Re: Where is db cleanup and maintenance info

Hi All,

I have a Dude server that is sitting at 8 GB running. What is the best way to purge old data?

Bill
any solution ? I'm also wanting to clean old data
by amt
Sat Apr 06, 2019 11:16 am
Forum: Beginner Basics
Topic: Can someone help identify this router..
Replies: 8
Views: 3274

Re: Can someone help identify this router..

Ports are 10/100 not 10/100/1000
by amt
Sat Apr 06, 2019 8:59 am
Forum: Forwarding Protocols
Topic: Policy Routing not working
Replies: 1
Views: 2358

Re: Policy Routing not working

use address list instead of content..
by amt
Mon Apr 01, 2019 10:52 am
Forum: General
Topic: EoIP MTU for pppoe server tunnel
Replies: 15
Views: 7428

Re: EoIP MTU for pppoe server tunnel

If all the equipment in your access network supports jumbo frames (large MTUs), then there won't be any problem. If there's a device, which doesn't support jumbo frames (or is not configured appropriately), then you will hit some problems ... hello mkx I think all they support 1562MTU , all devices...
by amt
Sun Mar 31, 2019 11:59 pm
Forum: General
Topic: EoIP MTU for pppoe server tunnel
Replies: 15
Views: 7428

Re: EoIP MTU for pppoe server tunnel

Hello, I do some tests on lab and I increase ethernet MTU from 1500 to 1562 and now EoIP tunnels mtu came to 1520(EoIP tunnels at auto mtu) and pppoe connection is came to 1500. if I increase my whole network ethernet and wlan's mtu to 1562 my alll EoIp tunnels mtu's will change 1520 automatically a...
by amt
Wed Mar 27, 2019 4:53 pm
Forum: General
Topic: 10.000 Clients on One Server
Replies: 7
Views: 1814

Re: 10.000 Clients on One Server

i understand you and i am working as the same as you said ,but in my case the CCR1036 can up to 600 user and i have alot of servers and i just asking if there is anew platform or router i can use with a high quality
we are using 1036 with 1k user and there is no problem.
by amt
Mon Mar 25, 2019 8:41 am
Forum: General
Topic: MTU & Actual MTU [SOLVED]
Replies: 5
Views: 23378

Re: MTU & Actual MTU [SOLVED]

In Mikrotik world MTU = layer3 MTU and generally shouldn't ever exceed 1500 I'm late in this thread but i post for those who will get here searching for MTU in Mikrotik. Jumbo frames would be more than 1500 bytes. For example, we have GlusterFS storage nodes hooked to a 10 Gbps switch with jumbo fr...
by amt
Wed Feb 27, 2019 4:35 pm
Forum: Scripting
Topic: ReNumber ip address via script ?
Replies: 2
Views: 1385

Re: ReNumber ip address via script ?

It is tricky. I would do "/ export file=config-..." for all of them, or at least the main types, and get the files via scp or ftp. Then you can look at the places that need renumbering. I don't use ospf, but I'd still need to change things in a lot of submenus: /ip pool, /ppp profile, /ip...
by amt
Wed Feb 27, 2019 12:41 pm
Forum: Scripting
Topic: ReNumber ip address via script ?
Replies: 2
Views: 1385

ReNumber ip address via script ?

Hello, I need to change ip address of many router can I do this with script ? for example 172.16.57.2/24 but only .57. will change with .58. at ip>>address and at routing>> Ospf >>Network. if possible I will add script to all boards and do schedule to make all board same time. Thnx
by amt
Fri Feb 08, 2019 12:21 pm
Forum: RouterBOARD hardware
Topic: New routerboot firmware
Replies: 12
Views: 7208

Re: New routerboot firmware

i need routerboot factory firmware: if your device one of theese ; CRS1xx, CRS2xx, DISC, FiberBox, hAP, hAP ac, hAP ac lite, LDF, LHG, ltAP mini, mANTBox, mAP, NetBox, NetMetal, PowerBox, PWR-Line, QRT, RB9xx, SXTsq, cAP, hEX Lite, RB4xx, wAP, BaseBox, DynaDish, RB2011, SXT, OmniTik, Groove, Metal,...
by amt
Wed Feb 06, 2019 7:02 pm
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 608
Views: 192280

Re: LHG 60G experience

Maybe try 64800 :)
thnx djvolt, now I'm going to test it also, distance was not so far that's why I could not think change frequency :) I believe that for long distance high frequency needed on 60GHz
by amt
Wed Feb 06, 2019 6:58 pm
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 608
Views: 192280

Re: LHG 60G experience

Signal is fine. is this PtP or PtMP setup? Is latest version used on both sides? Are devices mounted on fixed / stable pole? hello antonsb, its ptp and yes using lastest version on both sides but beta, mounted with stable pole with solid mount. for 200 meters signal is not good for me, I was waitin...
by amt
Wed Feb 06, 2019 8:54 am
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 608
Views: 192280

Re: LHG 60G experience

Hello Guys, here is short distance link and have small problems like disconnection, distance is 200meters here is result; AP Side; connected: yes frequency: 60480 remote-address: XX tx-mcs: 6 tx-phy-rate: 1540.0Mbps signal: 60 rssi: -48 tx-sector: 40 tx-sector-info: left 1.4 degrees, up 0.6 degrees ...
by amt
Wed Jan 30, 2019 11:33 am
Forum: General
Topic: PPPoE: Peer is not responding
Replies: 27
Views: 53874

Re: PPPoE: Peer is not responding

Hello my friend i have 5000 active PPPOE session on Mikrotik without any problem. peer not responding log usually happen when client have low bandwidth or error. and i have a question.are you upgrade your router? and what license you use? 5000 active session on one device ? what do you use for this...
by amt
Mon Jan 21, 2019 5:35 pm
Forum: General
Topic: QoS/Bandwidth Management
Replies: 2
Views: 6443

Re: QoS/Bandwidth Management

Hello all So to improve QoS and strain on bandwidth, I'd like to priorotize bandwidth in the following way: 1 - HTTP Browsing, Youtube, WhatsApp, Facebook Instagram and other social media 2 - WhatsApp/Skype/VoIP and Video calls (mobile) 3 - Video Streaming sites and Netflix etc. 4 - P2P limited to ...
by amt
Sun Jan 20, 2019 8:11 pm
Forum: General
Topic: CCR1072-1G-8S+ Load Question
Replies: 5
Views: 1646

Re: CCR1072-1G-8S+ Load Question

Simple Queue + Parent will give you the best performance on CCR
can you explain it more ? simple queue for what ? I have a little problems with CCR1072, may help me. I cant pass the traffic over 2gb. its seems its like locked to 2gb .

Thanks
by amt
Sun Jan 20, 2019 8:06 pm
Forum: Forwarding Protocols
Topic: Best Practice: How to Correct CCR1072 10G capacity 1.8G
Replies: 6
Views: 4850

Re: Best Practice: How Correct CCR1072 10G capacity 1.8G

Mikrotik Architecture I understand that all traffic that go across the Mikrotik use 1CPU-Core like Simple-Queue, becasue is one stream.- If I use a Queue tree I am creating a different stream on this way the traffic is share for all the differents CPU and we not have a High CPU and not limit in the...
by amt
Wed Jan 09, 2019 10:09 am
Forum: Forwarding Protocols
Topic: ECMP settings for Outgoing packets uses same routing decision
Replies: 3
Views: 1952

Re: ECMP settings for Outgoing packets uses same routing decision

in chain=prerouting
thanks sebastia,
do I need mark mark-connection ?
by amt
Tue Jan 08, 2019 3:43 pm
Forum: Forwarding Protocols
Topic: ECMP settings for Outgoing packets uses same routing decision
Replies: 3
Views: 1952

ECMP settings for Outgoing packets uses same routing decision

Hello, at wiki page for Outgoing packets uses same routing decision there are few mangle rules as below; / ip firewall mangle add chain=input in-interface=wlan1 action=mark-connection new-connection-mark=wlan1_conn add chain=input in-interface=wlan2 action=mark-connection new-connection-mark=wlan2_c...
by amt
Mon Jan 07, 2019 11:11 am
Forum: Forwarding Protocols
Topic: OSPF Database error
Replies: 10
Views: 5658

Re: OSPF Database error

This exactly matches a client issue I had a while ago. Is this a UBNT link? Try changing the OSPF network type on both sides to point-to-point. Please note, this will drop the adjacency so if you do not have redundancy to connect to the far side without this link, do the remote side first. If this ...
by amt
Mon Jan 07, 2019 9:22 am
Forum: Forwarding Protocols
Topic: OSPF Database error
Replies: 10
Views: 5658

Re: OSPF Database error

Can you show the same information on 172.17.36.21, I want to see if there is a network type mismatch on that segment /routing ospf area add area-id=0.0.0.1 default-cost=1 inject-summary-lsas=no name=area1 type=stub /routing ospf instance set [ find default=yes ] router-id=10.255.255.33 /routing osp...
by amt
Mon Jan 07, 2019 8:22 am
Forum: Forwarding Protocols
Topic: How can I reeduce load over 1072 to 2 x 1036
Replies: 8
Views: 3585

Re: How can I reeduce load over 1072 to 2 x 1036

Always prefer 2x 1036 than a 1072. See the topic ... https://forum.mikrotik.com/viewtopic.php?f=3&t=122525 We are still waiting for mikrotik's official position on the CCR1072 freezes without any solution or information. Complete wrapping of your best product, fix, worst product. you are absolu...
by amt
Sat Jan 05, 2019 11:44 am
Forum: General
Topic: EoIP MTU for pppoe server tunnel
Replies: 15
Views: 7428

Re: EoIP MTU for pppoe server tunnel

hello idlemind, no problem for delay, thanks for still interesting with my topic. You can provide 1500 MTU directly to your customers over PPPoE in 2 ways. You can use EoIP to bridge over any underlying MTU what appears to be natural Ethernet at any MTU you choose. EoIP is capable of providing fragm...
by amt
Sat Jan 05, 2019 9:52 am
Forum: Forwarding Protocols
Topic: OSPF Database error
Replies: 10
Views: 5658

Re: OSPF Database error

Also check the remote side priority, since network statement is broadcast, I bet you are having a DR issue. You can post the remote side configuration here so we can all take a look. If the priority is set to a non-default value, try setting it to the default. Also, how many OSPF speakers are on th...
by amt
Sat Jan 05, 2019 9:38 am
Forum: Forwarding Protocols
Topic: OSPF Database error
Replies: 10
Views: 5658

Re: OSPF Database error

What are your MTU settings for Layer 2 and Layer 3 on each side of the link OSPF is trying to form a neighbor on? Normally getting stuck in two way indicates MTU, have also seen it occur as the result of a network type mismatch. Hello, all mtu's default 1500 on layer2 and layer3, I do not touch mtu...
by amt
Fri Jan 04, 2019 3:47 pm
Forum: Forwarding Protocols
Topic: OSPF Database error
Replies: 10
Views: 5658

Re: OSPF Database error

Can you post your configuration? thanks for anwer here is ospf config; /routing ospf area add area-id=0.0.0.1 default-cost=1 inject-summary-lsas=no name=area1 type=stub /routing ospf instance set [ find default=yes ] router-id=172.17.36.172 /routing ospf interface add authentication=md5 authenticat...
by amt
Wed Jan 02, 2019 8:12 am
Forum: Forwarding Protocols
Topic: OSPF Database error
Replies: 10
Views: 5658

OSPF Database error

Hello, I faced this problem and I want to ask what can be the problem, I faced this problem before but reboot can solve the problem but now reboot cant solve the problem. what can cause this error ? 10:23:26 route,ospf,info OSPFv2 neighbor 172.17.36.22: state change from Full to 2-Way 10:24:07 route...
by amt
Tue Dec 25, 2018 11:26 am
Forum: Forwarding Protocols
Topic: How can I reeduce load over 1072 to 2 x 1036
Replies: 8
Views: 3585

Re: How can I reeduce load over 1072 to 2 x 1036

hello mducharme; amt - I'm afraid I don't quite understand the problem here. If the traffic is coming from the clients and passing through router A and B on the way to the BGP router, why not just do NAT there? Why do you need to send the traffic back to router A and router B after it has come from ...
by amt
Mon Dec 24, 2018 1:18 pm
Forum: Forwarding Protocols
Topic: How can I reeduce load over 1072 to 2 x 1036
Replies: 8
Views: 3585

Re: How can I reeduce load over 1072 to 2 x 1036

ip route
add comment=to_roterA and RouterB distance=1 dst-address=xxx.xxx.xxx/24 gateway=10.10.1.5,10.10.1.2,10.10.1.10

Tested and not work :=)
by amt
Sat Dec 22, 2018 10:04 am
Forum: Announcements
Topic: v6.43.8 [stable] is released!
Replies: 169
Views: 82749

Re: v6.43.8 [stable] is released!

i'm wondering what's differences between new "installation" and distance?
actually what the new feature does?

Thanks
me too :)
by amt
Fri Dec 21, 2018 12:30 pm
Forum: General
Topic: NAT performance - CCR1072
Replies: 1
Views: 1364

Re: NAT performance - CCR1072

Hello all , I have a strange <<problem>> with some nating im doing in a 1072 CCR . Im bandwidth testing between a virtual machine and a physical server . Virtual machine sits in a hypervisor connected to a Dell 100Gbit switch . Physical server has internet access through the CCR with NAT . Also the...
by amt
Fri Dec 21, 2018 11:19 am
Forum: Forwarding Protocols
Topic: How can I reeduce load over 1072 to 2 x 1036
Replies: 8
Views: 3585

Re: How can I reeduce load over 1072 to 2 x 1036

can I route all puplic ip's to both Router A and routerB then nat on them ? for ex; /ip route add comment=to_roterA and RouterB distance=1 dst-address=xxx.xxx.xxx/24 gateway=10.10.1.5,10.10.1.2,10.10.1.10 For Router A there are 2 interface comes from bgp router so 10.10.1.5,10.10.1.10 use for it.. i...
by amt
Fri Dec 21, 2018 11:12 am
Forum: Forwarding Protocols
Topic: How can I reeduce load over 1072 to 2 x 1036
Replies: 8
Views: 3585

Re: How can I reeduce load over 1072 to 2 x 1036

Where is the CCR 1072 located? I don't see it in the drawing. Is not visible because you have been drawing the target scenario with Router A+B (2x 1036?) already replacing the 1072? Or is the CCR 1072 called "BGP Router" in the drawing? hi peterh Bgp router is 1072 and connected to our up...
by amt
Thu Dec 20, 2018 10:35 am
Forum: General
Topic: TCP performance over Mikrotik
Replies: 14
Views: 14229

Re: TCP performance over Mikrotik

yep, you basically allowed your interfaces to use multiple CPU cores (i assume that it is multi-core router.) Simple FIFO force all stream to use single CPU core. Hello, all 36 cores selected only-hardware-queue by default, change that interface queue to multi-queue-ethernet-default can affect traf...
by amt
Mon Dec 17, 2018 4:24 pm
Forum: General
Topic: ❓ what's the best solution for OSPF and PPPoE service
Replies: 30
Views: 10192

Re: ❓ what's the best solution for OSPF and PPPoE service

The answer is NSSA and filters.
you mean pppoe_server's should be in area with nssa and routing filter's should use for discard thesee ip's ?
by amt
Sun Dec 16, 2018 10:51 pm
Forum: Forwarding Protocols
Topic: How can I reeduce load over 1072 to 2 x 1036
Replies: 8
Views: 3585

How can I reeduce load over 1072 to 2 x 1036

Hi All, I want to share load on ccr 1072 and divide it to two router... I share simple diagram to you all may help me.. bgp router connected to our upstream provider and we have 2 x /22 puplic ip and natting customer's ip with them on CCR1072.. but I would like to nat customer's ip's on Router A and...
by amt
Sun Dec 16, 2018 7:03 pm
Forum: General
Topic: firewall is pushing the cpu
Replies: 23
Views: 9358

Re: firewall is pushing the cpu

I turn this arround in RAW, only allow the ports I use and the have a block-all for TCP and UDP. For specific filtering on allowed ports I group similar rules under a Jump. So when traffic is not for that ports it has to pass only one line. It is always a good to look if block or accept is more eff...
by amt
Sat Dec 15, 2018 8:11 am
Forum: General
Topic: firewall is pushing the cpu
Replies: 23
Views: 9358

Re: firewall is pushing the cpu

"tune (=reduce) conn tracking timeouts" is only relevant if you want to do connection tracking. Do you? If yes: you could reduce the timeout timing, so that connections are cleaned up sooner. Ex: "TCP established timeout" /ip firewall connection tracking settings Further make su...
by amt
Thu Dec 13, 2018 10:59 am
Forum: General
Topic: firewall is pushing the cpu
Replies: 23
Views: 9358

Re: firewall is pushing the cpu

From forwarding point of view, following rules are applicable: add action=accept chain=forward comment="ACCEPT established & related" connection-state=established,related add action=drop chain=forward comment="DROP invalid" connection-state=invalid add action=accept chain=fo...
by amt
Wed Dec 12, 2018 3:55 pm
Forum: General
Topic: firewall is pushing the cpu
Replies: 23
Views: 9358

Re: firewall is pushing the cpu

* what is the typical connection count through that router? while connection tracking disabled; ip firewall connection print count-only :: 2801 while connection tracking enabled; ip firewall connection print count-only:: 20458 * do you need/have to protect your inner / forwarded networks? yes I nee...
by amt
Tue Dec 11, 2018 4:19 pm
Forum: General
Topic: firewall is pushing the cpu
Replies: 23
Views: 9358

Re: firewall is pushing the cpu

what is the purpose of this router: only natting? or natting + forwarding? If also forwarding and it's sizeable amount, use no-track in raw to not do conntracking for it... That will save cpu together with FastPath. Hi sebastia, thanks for your answer. Just fowarding traffic to other routers. I alr...
by amt
Tue Dec 11, 2018 2:30 pm
Forum: General
Topic: firewall is pushing the cpu
Replies: 23
Views: 9358

Re: firewall is pushing the cpu

any other suggestion ?
by amt
Tue Dec 11, 2018 2:25 pm
Forum: Forwarding Protocols
Topic: ospf summarization help [SOLVED]
Replies: 21
Views: 9183

Re: ospf summarization help [SOLVED]

Correct, for both. If you want to have more areas, renumber your networks so that they can be easily summarized with area ranges. However, I don't think it is that necessary with the small areas you describe. OSPF areas are helpful once you start having several hundred routes, or for things like PP...
by amt
Tue Dec 11, 2018 11:05 am
Forum: Forwarding Protocols
Topic: ospf summarization help [SOLVED]
Replies: 21
Views: 9183

Re: ospf summarization help [SOLVED]

Sorry I missed that you asked for routes, Area1 60 routes, Area2 33 routes, Area3 44 Routes if i collect them in one area total routes will be 137. too much or its very low for one area ? That is fine for one area, you don't need three. It especially doesn't make sense to split things into differen...
by amt
Mon Dec 10, 2018 10:17 pm
Forum: General
Topic: ❓ what's the best solution for OSPF and PPPoE service
Replies: 30
Views: 10192

Re: ❓ what's the best solution for OSPF and PPPoE service

The answer is NSSA and filters.
Thanks for your answer,

Can you give a simple example ?
by amt
Mon Dec 10, 2018 11:14 am
Forum: General
Topic: ❓ what's the best solution for OSPF and PPPoE service
Replies: 30
Views: 10192

Re: ❓ what's the best solution for OSPF and PPPoE service

In general, I'd recommend as best practices that you never use redistribute connected unless it's just unavoidable for some reason (I can't imagine many such scenarios), and don't redistribute static routes except at the very edge of your OSPF domain - on access routers mostly - and in those router...
by amt
Mon Dec 10, 2018 10:22 am
Forum: Forwarding Protocols
Topic: ospf summarization help [SOLVED]
Replies: 21
Views: 9183

Re: ospf summarization help [SOLVED]

But how many OSPF routes in the routing table? My thought is you probably do not need so many areas, especially if you only have a couple hundred routes. More areas used to be needed with older routers, but those were recommendations based on 1990's or early 2000's routers. Sorry I missed that you ...
by amt
Sat Dec 08, 2018 9:42 am
Forum: Forwarding Protocols
Topic: ospf summarization help [SOLVED]
Replies: 21
Views: 9183

Re: ospf summarization help [SOLVED]

Then how many OSPF routers and how many routes?
60 ospf installed router and 100 not installed(which is AP or P2p Link)
by amt
Sat Dec 08, 2018 9:39 am
Forum: General
Topic: Renew IP address of PPPoE client
Replies: 10
Views: 4212

Re: Renew IP address of PPPoE client

I mean if you use /24 for pppoe pool divide it to /25 and create 2 x ip pool and use next pool option

here is an example
/ip pool
add name=PPPoE_Pool-1 ranges=100.64.16.0/25  next-pool=pool1
add name=pppoe_pool-2 ranges=100.64.16.128/25
by amt
Fri Dec 07, 2018 11:23 pm
Forum: Forwarding Protocols
Topic: ospf summarization help [SOLVED]
Replies: 21
Views: 9183

Re: ospf summarization help [SOLVED]

Please explain what you mean by 160-170 "devices". Do you mean 160-170 OSPF routers (ex. 160 powerboxes)? 160 device but ospf not working all of them, for example p2p links connected with /29 , AP's with connected to powerbox with /30. Only power box or Rb1100 works with ospf if AP attach...
by amt
Fri Dec 07, 2018 1:38 pm
Forum: General
Topic: firewall is pushing the cpu
Replies: 23
Views: 9358

Re: firewall is pushing the cpu

Are you sure it is not just somebody trying to attack your router and it's doing it's job? Does/Has the CPU usage subside(d)? Yes Im sure, when disable firewall filter rules CPU usage subside... also I tried to add your firewall rules that suggest to me as below but traffic down from 300 to 200 :) ...
by amt
Fri Dec 07, 2018 12:20 pm
Forum: General
Topic: firewall is pushing the cpu
Replies: 23
Views: 9358

Re: firewall is pushing the cpu

With firewalls my personal ethos is drop everything and allow only what you want. Your firewall was allowing what you want and dropping "some" stuff. Your rules can be much simpler if you set them up as per below and that may transpire into better CPU utilisation. Nobody has asked what mo...
by amt
Fri Dec 07, 2018 12:13 pm
Forum: General
Topic: firewall is pushing the cpu
Replies: 23
Views: 9358

Re: firewall is pushing the cpu

Slightly wipe the firewall rolls sequence. The input section always ends with 'drop all' # drop all other input add chain = input action = drop comment = "drop everything else" And the 'forward' chain - # drop all other forward add chain = forward action = drop comment = "drop everyt...
by amt
Fri Dec 07, 2018 12:11 pm
Forum: General
Topic: firewall is pushing the cpu
Replies: 23
Views: 9358

Re: firewall is pushing the cpu

when you use firewall the router have to check every packet,so when you have heavy traffic,the cpu will go up fast . you can make mark(/ip firewall mangle) the connection then mark the packets,this will reduce you cpu cost . thanks for your answer... you mean I will create mangle that mark the port...
by amt
Fri Dec 07, 2018 10:41 am
Forum: General
Topic: Renew IP address of PPPoE client
Replies: 10
Views: 4212

Re: Renew IP address of PPPoE client

Hi, I need to change an IP address of one customer that is connected to our network throught a PPPoE server configurated on a CCR1036. But every time the customer connects the Mikrotik give him the same IP address! How can I force the Mikrotik to renew the IP address of PPPoE connections on every r...
by amt
Fri Dec 07, 2018 10:28 am
Forum: Forwarding Protocols
Topic: ospf summarization help [SOLVED]
Replies: 21
Views: 9183

Re: ospf summarization help [SOLVED]

If the public IP ranges are mixed randomly in all areas, one solution can be to tunnel the customers back to a central router (or routers) using either VPLS tunnels (preferred) or EoIP tunnels. That central router (or routers) can then have an OSPF stub area with an area range to summarize the adve...
by amt
Fri Dec 07, 2018 8:49 am
Forum: General
Topic: firewall is pushing the cpu
Replies: 23
Views: 9358

firewall is pushing the cpu

Hi everyone, yesterday I realized that the firewall that I used on all devices increase cpu usage which device on heavy traffic on it. I wanted to share the firewall that I put on all devices below may firewall rules wrong. When I disable all rulses in ip firewal filter ,cpu returns to normal. /ip f...
by amt
Fri Dec 07, 2018 8:16 am
Forum: Forwarding Protocols
Topic: ospf summarization help [SOLVED]
Replies: 21
Views: 9183

Re: ospf summarization help [SOLVED]

Hi amt, you use an "area range" on router B to summarize the area to other areas. You can create it under Routing->OSPF->Area Ranges. hi mducharme, thanks for your answer... it was like as you said, I was using area range to summarize but it was one area before and I used 3 x /24 ip range...
by amt
Thu Dec 06, 2018 10:46 am
Forum: Forwarding Protocols
Topic: OSPF loses routes after days
Replies: 23
Views: 8087

Re: OSPF loses routes after days

How many routes do you have? We have not experienced this issue at all with OSPFv2 with 450 OSPFv2 routes and 130 routers. It's been completely stable. hi mducharme, I have some problems on ospf, you have experience on ospf and can you help me with this topic https://forum.mikrotik.com/viewtopic.ph...
by amt
Wed Dec 05, 2018 2:20 pm
Forum: Forwarding Protocols
Topic: OSPF loses routes after days
Replies: 23
Views: 8087

Re: OSPF loses routes after days

I encountered the same problem, some times ospf router's lost routes and after reboot it start to work again, I was using the stub area an i thought i put many devices in one stub are and divided them into different stub areas.. now problem does not repeat again I'm waiting if problem continue... bu...
by amt
Tue Dec 04, 2018 11:34 pm
Forum: Forwarding Protocols
Topic: ospf summarization help [SOLVED]
Replies: 21
Views: 9183

Re: ospf summarization help [SOLVED]

no answer ?
by amt
Mon Dec 03, 2018 4:58 pm
Forum: Forwarding Protocols
Topic: ospf summarization help [SOLVED]
Replies: 21
Views: 9183

Re: ospf summarization help [SOLVED]

any update ?
by amt
Sat Dec 01, 2018 11:14 pm
Forum: Forwarding Protocols
Topic: ospf summarization help [SOLVED]
Replies: 21
Views: 9183

Re: ospf summarization help [SOLVED]

ohh, ok got it... so the main question here will be, does the router B have interfaces assigned to each area (I mean area 0, area 1 and area 2); or only each PowerBox has one interface at the backbone area and the other one in the default area? The rule is that only the ABR (area border router) or ...
by amt
Sat Dec 01, 2018 8:35 pm
Forum: Forwarding Protocols
Topic: ospf summarization help [SOLVED]
Replies: 21
Views: 9183

Re: ospf summarization help [SOLVED]

HI! if you're trying to summarize routes using OSPF, then the PPPoE server will be the ABR (area border router) or ASBR; but you'll need to standardize your subnets, as example PPPoE 1 will have clients at only one range (a.e. 172.16.0.0/24); then you can do a redistribute connected and the add a s...
by amt
Sat Dec 01, 2018 1:01 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 169272

Re: v6.44beta [testing] is released!

Dude multithreading support when?
and bgp multithreading support when?
by amt
Sat Dec 01, 2018 12:56 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 169272

Re: v6.44beta [testing] is released!

if it is worked without problem, I will install too :)
Only on test CCR, which you can Netinetall any time!
exatly, both 1072 are at very critic area, so I will wait :)
by amt
Sat Dec 01, 2018 9:04 am
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 169272

Re: v6.44beta [testing] is released!

if it is worked without problem, I will install too :)
by amt
Fri Nov 30, 2018 10:37 pm
Forum: Forwarding Protocols
Topic: ospf summarization help [SOLVED]
Replies: 21
Views: 9183

Re: ospf summarization help [SOLVED]

no any help ?
by amt
Fri Nov 30, 2018 10:28 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 169272

Re: v6.44beta [testing] is released!

Average Joe will not know how to use iperf. I think target audience for this feature is defferent from iperf users :) But it is fun anyway: [admin@1072_bonding_test_1] > /tool speed-test 192.168.1.2 test-duration=60 ;;; results can be limited by cpu, note that traffic generation/termination perform...
by amt
Thu Nov 29, 2018 5:01 pm
Forum: Forwarding Protocols
Topic: ospf summarization help [SOLVED]
Replies: 21
Views: 9183

ospf summarization help [SOLVED]

Hi , I need an help to configure network correcly, I divided my ospf network to areas and now I cant summarize the ip blocks with ospf area ranges. I divided one area to 4 different area due to too much router were at one area, these four diffirent area using the ranges 172.17.41.0/24 and 172.17.42....
by amt
Thu Nov 29, 2018 10:59 am
Forum: Forwarding Protocols
Topic: Which area for PPPoE Server ? [SOLVED]
Replies: 28
Views: 8401

Re: Which area for PPPoE Server ? [SOLVED]

I Think I should open new topic for this... :) thanks for all your help
by amt
Wed Nov 28, 2018 10:08 am
Forum: Forwarding Protocols
Topic: Which area for PPPoE Server ? [SOLVED]
Replies: 28
Views: 8401

Re: Which area for PPPoE Server ? [SOLVED]

I divided area1 which is had 170 device and more than 70 router ospf installed. to 4 different area but now I faced with new problem :=) I used area ranges for summarize network.. and now I couldn't find how I will summarize them again, because I use 3 diffident /24 ip range and all of them at diffe...
by amt
Tue Nov 27, 2018 3:44 pm
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 608
Views: 192280

Re: LHG 60G experience

Upcoming Beta version (will be released today or tomorrow) will include rolling avg of RSSI value - "10s-average-rssi"
and relased :)
Untitled.jpg
by amt
Tue Nov 27, 2018 3:00 pm
Forum: Forwarding Protocols
Topic: Which area for PPPoE Server ? [SOLVED]
Replies: 28
Views: 8401

Re: Which area for PPPoE Server ? [SOLVED]

Thanks Anumrak for all your help and thanks for others forum users for their help also.. I will re configure and see the results.
by amt
Tue Nov 27, 2018 10:55 am
Forum: Forwarding Protocols
Topic: Which area for PPPoE Server ? [SOLVED]
Replies: 28
Views: 8401

Re: Which area for PPPoE Server ? [SOLVED]

It depends how often your network changing thier routes and links. If pretty often - 70 routers is bad idea. If not often at all - let it be. routes not changing on this routers to much but I will divide them to multi area at backbone router as your suggest, if you look the diagram that I shared on...
by amt
Mon Nov 26, 2018 11:44 pm
Forum: Forwarding Protocols
Topic: Which area for PPPoE Server ? [SOLVED]
Replies: 28
Views: 8401

Re: Which area for PPPoE Server ? [SOLVED]

Thanks for your help; "should i create new stub area at backbone roter and put the pppoe_server to this area" - yes, only because of saving routers energy for recalculations of SPF. I will create new pppoe_serever and put it new are and test to see results, cause I have 5 pppoe_server on s...
by amt
Mon Nov 26, 2018 3:39 pm
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 608
Views: 192280

Re: LHG 60G experience

66GHz is mandatory on 2200+ meters!
Not exactly true -

connected: yes
frequency: 64800
remote-address: 04:D6:AA:AF:D3:C6
tx-mcs: 8
tx-phy-rate: 2.3Gbps
signal: 80
rssi: -57
distance: 2409.94m
so ? I can use 66Ghz for 900m link also for better performance.
by amt
Mon Nov 26, 2018 3:37 pm
Forum: Forwarding Protocols
Topic: Which area for PPPoE Server ? [SOLVED]
Replies: 28
Views: 8401

Re: Which area for PPPoE Server ? [SOLVED]

Of course you can if it's stub. If it's has no exit to any other places except backbone. Also if area1 has only one uplink, you can use totally stub area, to loose all specific routes. thanks Anumrak, how many router can be one area in ospf, is there any limitation ? cause I changed this area1 to s...
by amt
Mon Nov 26, 2018 12:30 pm
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 608
Views: 192280

Re: LHG 60G experience

As You can see, both links are working on 66.000! On the central location. antennas are almost back to back, and it looks like it doesn't bother them :) I tried shorter link at 64ghz, but connection was not stable. I assume that is misalignment related. is better to use frequency: 66000 for long di...
by amt
Mon Nov 26, 2018 12:23 pm
Forum: Forwarding Protocols
Topic: Which area for PPPoE Server ? [SOLVED]
Replies: 28
Views: 8401

Re: Which area for PPPoE Server ? [SOLVED]

any help ?
by amt
Mon Nov 26, 2018 12:22 pm
Forum: General
Topic: PPPoE Over PPTP ??? 100% possible !! without EoIP
Replies: 4
Views: 2198

Re: PPPoE Over PPTP ??? 100% possible !! without EoIP

is that better than EoIP for carry pppoe ? I use EoIP but mtu decrease to 1458 and I want to use higer mtu to supply customer's better mtu on their connections.
by amt
Mon Nov 26, 2018 10:19 am
Forum: The Dude
Topic: Specify custom Winbox port for ROS device in Dude
Replies: 2
Views: 12483

Re: Specify custom Winbox port for ROS device in Dude

did u create new probe first ? cause I couldn succses..

Thanks
by amt
Fri Nov 09, 2018 10:37 am
Forum: Wireless Networking
Topic: Wireless not working until reboot
Replies: 12
Views: 3972

Re: Wireless not working until reboot

still no any soultion :) :)
by amt
Fri Nov 09, 2018 10:10 am
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 608
Views: 192280

Re: LHG 60G experience

AP side is not aligned 100% Client shows - 48 and AP -54 so there is a little difference thanks mistry7 for your help I worked on it too much to set :) I should work more you mean :) there are 2 LHG 60 on same tower but diffrend frequency, and one of them bridge mode and other client. is that situa...
by amt
Fri Nov 09, 2018 8:44 am
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 608
Views: 192280

Re: LHG 60G experience

I don't use align for same reason - to fast and all-over-the-place update of data. Use normal monitor, but be patient. Move lhg slightly and then wait couple of seconds. I look only at RSSI... AP A; connected: yes frequency: 64800 remote-address: mac deleted tx-mcs: 8 tx-phy-rate: 2.3Gbps signal: 9...
by amt
Thu Nov 08, 2018 2:55 pm
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 608
Views: 192280

Re: LHG 60G experience

Unfortunately no! They broke it! Use terminal for all of the information... I tried to use align option for alignment the links and update devices to beta version and it's seems broken... when I use align in cli mode rssi and signal change so rapid for ex 50- to -58 but so quick when use monitor it...
by amt
Thu Nov 08, 2018 2:23 pm
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 608
Views: 192280

Re: LHG 60G experience

on version 6.44beta28 there is no any info at link status
LHG 60.jpg
by amt
Thu Nov 08, 2018 12:43 pm
Forum: Wireless Networking
Topic: LHG 60, DROPS OUt
Replies: 8
Views: 2997

Re: LHG 60, DROPS OUt

Latest versions in first few minutes devices will test out possible beamforming scenarios - RSSI readings will change rapidly during this.
In beta versions we have included align mode:
/interface w60g align wlan60-1
Hi antonsb,
you mean for align device we must use beta version ?
by amt
Thu Nov 08, 2018 10:16 am
Forum: RouterBOARD hardware
Topic: LHG 60G disable beam forming [SOLVED]
Replies: 31
Views: 13670

Re: LHG 60G disable beam forming [SOLVED]

Hi , I have two 800 m links and both was setup without beam forming disabled . They working perfect even in heavy rain or fog for that distance . We based in Ireland and last two weeks was mental rain and fog and didnt have one disconnection yet . True is from 700mb it dropped down to 500mb but sti...
by amt
Wed Nov 07, 2018 2:16 pm
Forum: RouterBOARD hardware
Topic: LHG 60G disable beam forming [SOLVED]
Replies: 31
Views: 13670

Re: LHG 60G disable beam forming [SOLVED]

Not a single drop even I heavy rain. , we based in Ireland so rain is here twice a week sometimes non stop for couple of weeks and don’t have any problems with it . Best 200€ I ever spend :D what is exact command for disable beam forming ? and do I need it ? I bought 2 x LHG60 Kit and need to insta...
by amt
Wed Nov 07, 2018 2:00 pm
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 608
Views: 192280

Re: LHG 60G experience

We use LHG-60G on link ~900 meters. We have 1 gbit/sec in duplex mode bandwith-test. We try to establish link in 1.5km - fail.
what is dublex mode ? on LHG 60 you have choice for full dublex and half-dublex ?
by amt
Tue Nov 06, 2018 8:17 am
Forum: Forwarding Protocols
Topic: Which area for PPPoE Server ? [SOLVED]
Replies: 28
Views: 8401

Re: Which area for PPPoE Server ? [SOLVED]

can I use totally stub area for area1 ?
by amt
Sat Nov 03, 2018 10:07 am
Forum: Forwarding Protocols
Topic: Which area for PPPoE Server ? [SOLVED]
Replies: 28
Views: 8401

Re: Which area for PPPoE Server ? [SOLVED]

How you mean "and I sent ppppoe connections to pppoe server over eoip." On Ap's I create eoip tunnel betwen AP and pppoe_server and I sent customers pppoe_client connections over this eoip to pppoe_server just keep in mind all non backbone MUST be connected to backbone area, otherwise you...
by amt
Fri Nov 02, 2018 3:04 pm
Forum: Forwarding Protocols
Topic: Which area for PPPoE Server ? [SOLVED]
Replies: 28
Views: 8401

Re: Which area for PPPoE Server ? [SOLVED]

Do you know what a difference between default and stub and totally stubby area? Which types goes through areas,which no? and whats the goal? The answer will be dependent what you want to do https://networklessons.com/ospf/ospf-lsa-types-explained/ I want full connectivity with backbone are from all...
by amt
Tue Oct 30, 2018 10:04 am
Forum: Forwarding Protocols
Topic: Which area for PPPoE Server ? [SOLVED]
Replies: 28
Views: 8401

Re: Which area for PPPoE Server ? [SOLVED]

here is small diagram for show better I hope it will help to undestand.
Network Diagram.jpg

On here area1 type is default, is better to use type stub in here ?

thanks all for your helps
by amt
Tue Oct 30, 2018 10:00 am
Forum: Forwarding Protocols
Topic: Which area for PPPoE Server ? [SOLVED]
Replies: 28
Views: 8401

Re: Which area for PPPoE Server ? [SOLVED]

inject-summary-lsas=no
Thanks nichky I will change it.
by amt
Tue Oct 30, 2018 9:59 am
Forum: Forwarding Protocols
Topic: Which area for PPPoE Server ? [SOLVED]
Replies: 28
Views: 8401

Re: Which area for PPPoE Server ? [SOLVED]

if you want to sleep better, play with totally stub area :)
working on to sleep better :)
by amt
Tue Oct 30, 2018 8:21 am
Forum: Forwarding Protocols
Topic: Which area for PPPoE Server ? [SOLVED]
Replies: 28
Views: 8401

Re: Which area for PPPoE Server ? [SOLVED]

Yes, you should use a stub area for PPPoE. We have multiple concentrators in different places and so we use a stub area on each, we have the router ID double as the area ID for the stub area so that we don't need to separately track the stub areas. Do not put the customers in the backbone or you wi...
by amt
Mon Oct 29, 2018 4:13 pm
Forum: General
Topic: EoIP MTU for pppoe server tunnel
Replies: 15
Views: 7428

Re: EoIP MTU for pppoe server tunnel

Hi,
any one can help me to increase mtu tunnel ? cause all mtu tunnels are at auto and 1458, I would like to give customers to full mtu

Thanks
by amt
Mon Oct 29, 2018 4:09 pm
Forum: Forwarding Protocols
Topic: Which area for PPPoE Server ? [SOLVED]
Replies: 28
Views: 8401

Re: Which area for PPPoE Server ? [SOLVED]

It can be done on ASBR router in order to realease cusomer's ppp tunnels traffic from your AS right to the Internet.
sorry I dont understand, can you explain it more ?
by amt
Mon Oct 29, 2018 10:34 am
Forum: Forwarding Protocols
Topic: Auto BlackHoling
Replies: 2
Views: 1886

Re: Auto BlackHoling

hello,
which system do you use for detect dddos ?
by amt
Sun Oct 14, 2018 8:32 pm
Forum: Forwarding Protocols
Topic: Which area for PPPoE Server ? [SOLVED]
Replies: 28
Views: 8401

Which area for PPPoE Server ? [SOLVED]

Hi All, I have just passing from bridged network to a fully routed network with ospf, I keeped pppoe server's on backbone area... should i use stub area for pppoe server's ? or they should in backbone are ? I use backbone area for pppoe_server ip and loopback ip. and Im using that command below for ...
by amt
Fri Sep 28, 2018 1:25 pm
Forum: General
Topic: 6.42.1 POE Overload
Replies: 12
Views: 5252

Re: 6.42.1 POE Overload

Is nobody else having this issue?
I had same issue and change psu solve the problem.
by amt
Tue Sep 18, 2018 1:50 pm
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 85197

Re: v6.43.1 [stable] is released!

Maybe 6.43.1 was retracted or not available for automatic download yet/now.
I just installed over automatic download and this happen. its a simple error maybe :=)
by amt
Tue Sep 18, 2018 12:17 pm
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 85197

Re: v6.43.1 [stable] is released!

Untitled.jpg
by amt
Mon Sep 17, 2018 2:26 pm
Forum: General
Topic: EoIP MTU for pppoe server tunnel
Replies: 15
Views: 7428

Re: EoIP MTU for pppoe server tunnel

anyone ???
by amt
Fri Sep 07, 2018 9:31 am
Forum: Wireless Networking
Topic: Wireless not working until reboot
Replies: 12
Views: 3972

Re: Wireless not working until reboot

I sent mail to support and waiting.
by amt
Wed Aug 29, 2018 1:33 pm
Forum: General
Topic: EoIP MTU for pppoe server tunnel
Replies: 15
Views: 7428

Re: EoIP MTU for pppoe server tunnel

I will probably need to see a diagram with the MTU noted along the pathing. The biggest item of concern is your statement that the EoIP and wireless are added to the same bridge. Is this happening at CPE? If so, why? No, CPE is customer side and customer side not using eoip or bridge, CPe connectin...
by amt
Tue Aug 28, 2018 8:48 am
Forum: General
Topic: setting max mtu
Replies: 3
Views: 2109

Re: setting max mtu

Hi,

how do you carry your customer pppoe_connections to pppoe_server ? over eoIP ?

Thnanks
by amt
Fri Aug 03, 2018 9:24 am
Forum: The Dude
Topic: Dude Discovery for only Mikrotik Device
Replies: 0
Views: 2211

Dude Discovery for only Mikrotik Device

Hi,
I want to use discovery on dude for only mikrotik device's, when I start discovery its finds ubnt devices also, But I would like to search only mikrotik devices. is there any method to do this ?

Thanks
by amt
Wed Aug 01, 2018 10:47 am
Forum: General
Topic: RB1100 Ahx2 PSU
Replies: 0
Views: 728

RB1100 Ahx2 PSU

Hi,

I Have RB1100Ahx2 and I want to change it's PSU, normally it uses 12V 3a, can I use 24Vdc ? on product page 2-pin terminal input Voltage seems 7-28 V, so I think I can use 24V, but before use it I would like to ask if some one have experience with 24V psu on RB1100Ahx2.

Thanks
by amt
Fri Jul 27, 2018 4:39 pm
Forum: The Dude
Topic: Easy way to mass upgrade firmware?
Replies: 24
Views: 24443

Re: Easy way to mass upgrade firmware?

Yes that is the better way, not all at the same time (using scheduled job) but at different times. With Linux I would use a combination of "ssh" and "expect" to do that. With "expect" you can program a multi-step procedure that would login to the device, check the curr...
by amt
Fri Jul 27, 2018 3:16 pm
Forum: Wireless Networking
Topic: ARM devices and NV2 protocol
Replies: 622
Views: 163162

Re: ARM devices and NV2 protocol

Normis, is there a way, to do some improvement in Nstreme as well? Or Mikrotik fixed that as a Dead end?

Many times its working much better than NV2...

I agree
by amt
Fri Jul 27, 2018 2:35 pm
Forum: The Dude
Topic: Easy way to mass upgrade firmware?
Replies: 24
Views: 24443

Re: Easy way to mass upgrade firmware?

Of course when the router is providing power supply to the access points it is dangerous to update them at exactly the same time as the power will be cut when the access points are doing the flash writes... :( What is true in that posting: when the files are downloaded (and the device has big flash...
by amt
Fri Jul 27, 2018 2:30 pm
Forum: Wireless Networking
Topic: Wireless not working until reboot
Replies: 12
Views: 3972

Re: Wireless not working until reboot

I happend again this morning, sent an e-mail to support. Now we wait :)

Edit: Got the advice to reinstall the device using netinstall. Uptime for the hAP AC Lite is 3 days now and so far no issues. Will keep you posted!
did you find any solution ?
by amt
Fri Jul 27, 2018 8:06 am
Forum: General
Topic: EoIP MTU for pppoe server tunnel
Replies: 15
Views: 7428

Re: EoIP MTU for pppoe server tunnel

I will probably need to see a diagram with the MTU noted along the pathing. The biggest item of concern is your statement that the EoIP and wireless are added to the same bridge. Is this happening at CPE? If so, why? No, CPE is customer side and customer side not using eoip or bridge, CPe connectin...
by amt
Thu Jul 26, 2018 3:40 pm
Forum: Announcements
Topic: Security announcement blog
Replies: 117
Views: 73549

Re: Security announcement blog

Is there a way to sign up for email announcements of new articles too?
+1
by amt
Wed Jul 25, 2018 3:14 pm
Forum: Announcements
Topic: v6.42.6 [current]
Replies: 102
Views: 63956

Re: v6.42.6 [current]

properly configure RTS/CTS the 'hidden node' issue doesn't exist anymore. cxan you explain it more ? :) If you read up a bit on the specifics of the RTS/CTS scheme and how it works then you'll know what I mean. Use google and find loads of info that better explain how the system works then I can do...
by amt
Wed Jul 25, 2018 2:59 pm
Forum: The Dude
Topic: Easy way to mass upgrade firmware?
Replies: 24
Views: 24443

Re: Easy way to mass upgrade firmware?

/system script add name=Autoupdater owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="system package update check-for-updates\r\ \n:global FWstatus [/system package update get status];\r\ \n\r\ \nif (\$FWstatus = \"New version is available\")...
by amt
Wed Jul 25, 2018 2:37 pm
Forum: Scripting
Topic: cript sending email attack ports
Replies: 6
Views: 1915

Re: cript sending email attack ports

I put port scanner rules, when it finds an ip that scans ports, it blocks ip that generated the scan for 30 days
what rules do you use for port scanners ?
by amt
Wed Jul 25, 2018 2:16 pm
Forum: Announcements
Topic: v6.42.6 [current]
Replies: 102
Views: 63956

Re: v6.42.6 [current]

802.11 suffers from hidden node problems, network stalls, at least if trying it in some distribution network. Here counts nv2, and in old days nstreme. We have around 100Mbit/s P2MP using "modern devices" and current firmware and in legacy device environment (RN52 radio boards) we have 20...
by amt
Wed Jul 25, 2018 2:00 pm
Forum: General
Topic: Hacked-Rogue DNS?
Replies: 12
Views: 4422

Re: Hacked-Rogue DNS?

- Use aggressive firewall. Ban all IPs that try to connect to ports with no services listening. How do you do this? Do you have a script? Will this add much CPU load? Rule 1: Chain=Input, in-interface=ether1, src-add-list=BANNED, action=drop Rule 2: Chain=Input, in-interface=ether1, proto=tcp, dst-...
by amt
Wed Jul 25, 2018 1:15 pm
Forum: The Dude
Topic: Easy way to mass upgrade firmware?
Replies: 24
Views: 24443

Re: Easy way to mass upgrade firmware?

/system script add name=Autoupdater owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="system package update check-for-updates\r\ \n:global FWstatus [/system package update get status];\r\ \n\r\ \nif (\$FWstatus = \"New version is available\")...
by amt
Wed Jul 25, 2018 1:05 pm
Forum: General
Topic: EoIP MTU for pppoe server tunnel
Replies: 15
Views: 7428

Re: EoIP MTU for pppoe server tunnel

MTU Typically, the largest Ethernet frame that can be transmitted without fragmentation is 1500 bytes. PPPoE adds another 6 bytes of overhead and PPP field adds two more bytes, leaving 1492 bytes for IP datagram. Therefore max PPPoE MRU and MTU values must not be larger than 1492. TCP stacks try to...
by amt
Fri Jul 20, 2018 3:40 pm
Forum: General
Topic: EoIP MTU for pppoe server tunnel
Replies: 15
Views: 7428

EoIP MTU for pppoe server tunnel

I know may this is the asked question before but I could not get correct answer.. can you help me guys ? I have a routed and bridged network and I'm sending customer's pppoe_client connections to pppoe server over eoip, eoip tunnels created between AP's and Pppoe Server. So Questions: - what is the ...
by amt
Thu Jul 12, 2018 8:37 am
Forum: Announcements
Topic: Winbox v3.16 released!
Replies: 62
Views: 60066

Re: Winbox v3.16 released!

The problem with "Click Reconnect, then Winbox window disappears and after exactly 30 seconds automatically disconnect from device with Connection lost window appearing again" still persist (first time spotted in v3.14 https://forum.mikrotik.com/viewtopic.php?f=21&t=134940&start=5...
by amt
Tue Jul 03, 2018 1:49 pm
Forum: Wireless Networking
Topic: Wireless not working until reboot
Replies: 12
Views: 3972

Re: Wireless not working until reboot

I also have same problem On some SXT's and OmniTiK's and I put daily reboot them, its not good but I couldnt find any other solution. I tried to change freuency but no any effect.
by amt
Tue Jun 12, 2018 12:11 pm
Forum: Wireless Networking
Topic: What is maximum speed i can get?
Replies: 2
Views: 1120

Re: What is maximum speed i can get?

I try to catch 300mb Netmetal with mant 30 at 16km. is possible to catch this if any one have experinece
by amt
Sat May 26, 2018 2:33 pm
Forum: Announcements
Topic: v6.42.3 [current]
Replies: 80
Views: 47602

Re: v6.42.3 [current]

Now we need to improve in nv2 ptp since we can not get past those 100 mbps in ptp mode as well.
Definitely I agree with you..
by amt
Wed May 16, 2018 4:39 pm
Forum: General
Topic: loopback interfaces and OSPF Areas
Replies: 4
Views: 1506

Re: loopback interfaces and OSPF Areas

I use loopback interfaces at backbone areas but if use another area with area-id 0.0.0.1 I do not use loopback. do i need to use them ?
by amt
Fri May 11, 2018 3:17 pm
Forum: Wireless Networking
Topic: *) winbox - added 160 MHz "channel-width" to wireless settings; ??
Replies: 7
Views: 4126

Re: *) winbox - added 160 MHz "channel-width" to wireless settings; ??

viewtopic.php?f=21&t=133272&start=100#p655798
For XX selection;
This feature allows to select channel automatically by selecting the best one from available.
by amt
Fri Apr 27, 2018 3:19 pm
Forum: General
Topic: 6.42.1 POE Overload
Replies: 12
Views: 5252

Re: 6.42.1 POE Overload

I had some issue with poe-out setting, when I select poe-out: auto on it seems that waiting for load. when I select forced on device that connected to ethernet start working. but if I select poe-out: auto on device not working.
by amt
Fri Apr 27, 2018 2:10 pm
Forum: General
Topic: Lost connection to multiple LHG units [SOLVED]
Replies: 25
Views: 7469

Re: Lost connection to multiple LHG units [SOLVED]

today I solve the problem and I would like to share with you may help another person in this forum... the attacker change th ereformat-hold-button value and you should keep pressing to reset button untill 5 minute to put device netinstall :=)

Thanks for all help.
by amt
Fri Apr 20, 2018 10:07 am
Forum: Announcements
Topic: v6.42 [current]
Replies: 147
Views: 76698

Re: v6.42 [current]

What is the wireless XX option under Channel width?
I am wondering too
Was thinking that but would like to be sure :lol:
Still no any answer :) :) :)
by amt
Thu Apr 19, 2018 10:58 am
Forum: Announcements
Topic: v6.42 [current]
Replies: 147
Views: 76698

Re: v6.42 [current]

What is the wireless XX option under Channel width?
I am wondering too
by amt
Wed Apr 18, 2018 8:06 am
Forum: Announcements
Topic: v6.42 [current]
Replies: 147
Views: 76698

Re: v6.42 [current]

Updated SXT Lite5 Ac from 6.40.5 to 6.42 and device down, After netinstall device work again...
by amt
Tue Apr 17, 2018 1:16 pm
Forum: General
Topic: VPN Over PPTP down when Fasttrack connection enabled
Replies: 4
Views: 2698

Re: VPN Over PPTP down when Fasttrack connection enabled

I disabled fasttrack... You do not need to disable fasttracking completely. Choose the category of traffic which occupies the most bandwidth and let that one be handled by the defaut routing table, i.e. without marking, which makes it possible to fasttrack it. If it is the traffic category you need...
by amt
Tue Apr 17, 2018 9:42 am
Forum: General
Topic: VPN Over PPTP down when Fasttrack connection enabled
Replies: 4
Views: 2698

Re: VPN Over PPTP down when Fasttrack connection enabled

Your can read this topic: viewtopic.php?t=130212

And at the end: viewtopic.php?t=130212#p641053
Thanks msatter,
I disabled fasttrack...
by amt
Fri Apr 13, 2018 4:36 pm
Forum: General
Topic: rb951G-2hnd 6.41.4 help :(
Replies: 3
Views: 1120

Re: rb951G-2hnd 6.41.4 help :(

new bridge implementation that supports hardware offloading (hw-offload).
HW.jpg
by amt
Fri Apr 13, 2018 3:53 pm
Forum: General
Topic: VPN Over PPTP down when Fasttrack connection enabled
Replies: 4
Views: 2698

VPN Over PPTP down when Fasttrack connection enabled

Hi all, I was using PPTP connection for access to blocked web sites or others etc. which are filtered by upstream provider, normally pptp traffic is nearly 14-15mb but when I enable fasttrack this traffic start to down like 3mb- 4mb and web sites and videos start to load slowly. is there any one her...
by amt
Thu Apr 12, 2018 2:31 pm
Forum: General
Topic: EoIP over VPN - Help with packet overhead and MSS calculation
Replies: 5
Views: 1875

Re: EoIP over VPN - Help with packet overhead and MSS calculation

What network exactly you want to connect? Layer 2 or 3? If 2, use EoIP + IPsec. If 3 use L2TP + IPsec. Hi Anumrak, Layer 2 mean bridged network and Layer 3 for routed network.. why you prefer to use pppoe over L2TP ( if mean carrying pppoe_client customer to pppoe_server over l2tp )connection on La...
by amt
Thu Apr 12, 2018 2:24 pm
Forum: Beginner Basics
Topic: blocking access
Replies: 4
Views: 1302

Re: blocking access

Turn the router off.
Cut his RJ45 cable.
best solution :)
by amt
Mon Apr 09, 2018 10:21 am
Forum: Forwarding Protocols
Topic: EoIP Tunnel is Running but not passing traffic
Replies: 3
Views: 5498

Re: EoIP Tunnel is Running but not passing traffic

can you ping remote and local ip's from each other, I mean can you ping from router B to Router A' s ip address and from router B to Router A's ip address. and also change tunnel-id for both side.
by amt
Mon Apr 02, 2018 2:54 pm
Forum: Announcements
Topic: Urgent security advisory
Replies: 110
Views: 142419

Re: Urgent security advisory

what happen when device infected ? I read post's but cant see what this infection does to the equipment.
by amt
Fri Mar 30, 2018 8:32 am
Forum: Beginner Basics
Topic: Recommende "IP/IP Settings"
Replies: 6
Views: 5719

Re: Recommende "IP/IP Settings"

kill redirects(very insecured/exploitable), bump icmp rate limitation a bit(to say 50-100-500), disable fast-path if you not use it(if you not ISP - you perhaps not), put RP filtering to "strict"(if you not use gear in corporate setup with (relatively)complex routing of multiple sub-netwo...
by amt
Thu Mar 29, 2018 1:15 pm
Forum: Announcements
Topic: Urgent security advisory
Replies: 110
Views: 142419

Re: Urgent security advisory

maybe our problem in the following address could be related to this topic.

viewtopic.php?f=2&t=132160
by amt
Thu Mar 29, 2018 1:05 pm
Forum: General
Topic: PPPoE MSS clamp no working on upgrade
Replies: 17
Views: 12088

Re: PPPoE MSS clamp no working on upgrade

After yesterday's "URGENT security advisory" from Mikrotik I upgraded my PPPoE Servers to 6.40.6 and now same thing: MSS mangle rules gone and service broken! Please help! write it manual may help you; /ip firewall mangle add action=change-mss chain=forward new-mss=clamp-to-pmtu passthrou...
by amt
Mon Mar 26, 2018 12:14 pm
Forum: General
Topic: firewall advice to pppoe_client customers [SOLVED]
Replies: 26
Views: 7517

Re: firewall advice to pppoe_client customers [SOLVED]

Great thanks to everyone for their helps...
by amt
Mon Mar 26, 2018 12:12 pm
Forum: Scripting
Topic: Blacklist Filter update script
Replies: 632
Views: 212231

Re: Blacklist Filter update script

It's been a nice run. Almost 3 years, and over 2200 active users. But I am shutting down the this service. Thank you, Dave, for a valiant effort. For everyone who was using Dave's Blacklist, let me recommend the Malicious IP blacklist from SquidBlackList.org, available for download from https://www...
by amt
Mon Mar 26, 2018 12:08 pm
Forum: Scripting
Topic: Blacklist Filter update script
Replies: 632
Views: 212231

Re: Blacklist Filter update script

Thank you for providing this great service .....
by amt
Fri Mar 23, 2018 8:55 pm
Forum: General
Topic: Lost connection to multiple LHG units [SOLVED]
Replies: 25
Views: 7469

Re: Lost connection to multiple LHG units [SOLVED]

There were no any fw rules at customer side :(
Bad Idea, even worse if router has direct access from internet.
I certainly agree with you, it was a very bad mistake. I hope it will be useful for my experience.
by amt
Fri Mar 23, 2018 8:52 pm
Forum: General
Topic: Lost connection to multiple LHG units [SOLVED]
Replies: 25
Views: 7469

Re: Lost connection to multiple LHG units [SOLVED]

It sounds like your customers devices were completely exposed to the internet then. Someone probably just brute-forced their way in would be my guess. I'd suggest you consider retaining connection logs at your border device. It gives you something to review during root cause analysis. Thanks for yo...
by amt
Fri Mar 23, 2018 5:33 pm
Forum: General
Topic: firewall advice to pppoe_client customers [SOLVED]
Replies: 26
Views: 7517

Re: firewall advice to pppoe_client customers [SOLVED]

add action=drop chain=input comment="drop connection for admin special ports" dst-port=22,23,8291,8728,8729 protocol=tcp add action=drop chain=input comment="drop connection for Admin special ports" dst-port=22,23,8291,8728,8729 protocol=udp add action=drop chain=forward comment...
by amt
Fri Mar 23, 2018 5:28 pm
Forum: General
Topic: Lost connection to multiple LHG units [SOLVED]
Replies: 25
Views: 7469

Re: Lost connection to multiple LHG units [SOLVED]

I would be curious to see your previous firewall rules to see if there is any obvious weakness.
There were no any fw rules at customer side :(
Only drop rules for input and foward chain at pppoe_servers for port 22,23,8291,8728
by amt
Fri Mar 23, 2018 4:56 pm
Forum: General
Topic: firewall advice to pppoe_client customers [SOLVED]
Replies: 26
Views: 7517

Re: firewall advice to pppoe_client customers [SOLVED]

Why do you want this rule? Except if needed for monitoring, ICMP traffic will work just fine if initiated from inside, and then the following will be allowed by established, related rule without rule below add action=accept chain=input comment="ACCEPT ICMP" in-interface-list=WAN protocol=...
by amt
Fri Mar 23, 2018 4:25 pm
Forum: General
Topic: firewall advice to pppoe_client customers [SOLVED]
Replies: 26
Views: 7517

Re: firewall advice to pppoe_client customers [SOLVED]

I will suggest you remove the in-interface on the following rules. /ip firewall filter add action=accept chain=forward comment="ACCEPT established & related" connection-state=established,related in-interface-list=WAN add action=accept chain=input comment="ACCEPT established &...
by amt
Fri Mar 23, 2018 3:14 pm
Forum: Announcements
Topic: Significant improvement for wireless Nv2 PtMP
Replies: 245
Views: 114905

Re: Significant improvement for wireless Nv2 PtMP

What is 20/40MHz XX on Channel Width , I haven't seen it before.
by amt
Fri Mar 23, 2018 3:03 pm
Forum: General
Topic: firewall advice to pppoe_client customers [SOLVED]
Replies: 26
Views: 7517

Re: firewall advice to pppoe_client customers [SOLVED]

I will suggest you remove the in-interface on the following rules. /ip firewall filter add action=accept chain=forward comment="ACCEPT established & related" connection-state=established,related in-interface-list=WAN add action=accept chain=input comment="ACCEPT established &...
by amt
Fri Mar 23, 2018 2:26 pm
Forum: General
Topic: firewall advice to pppoe_client customers [SOLVED]
Replies: 26
Views: 7517

Re: firewall advice to pppoe_client customers [SOLVED]

So I can start to use these rules :)
by amt
Fri Mar 23, 2018 12:09 pm
Forum: General
Topic: firewall advice to pppoe_client customers [SOLVED]
Replies: 26
Views: 7517

Re: firewall advice to pppoe_client customers [SOLVED]

Assuming your pppoe runs on top of some ethernet interface (presumably ether1), is it safe to add all ether interfaces to LAN list? I'd leave that particular one out. If pppoe runs on top of sfp1 interface then your config is OK. Hi Mkx thanks for your answer all customer devices are SXT or LHG and...
by amt
Fri Mar 23, 2018 12:00 pm
Forum: General
Topic: Lost connection to multiple LHG units [SOLVED]
Replies: 25
Views: 7469

Re: Lost connection to multiple LHG units [SOLVED]

I don't know how to erase firmware, so I can't begin to guess what happened. Perhaps one of your management hosts is/was compromised. Another possibility would be an as-yet-undiscovered vulnerability since it only occurred on routers with public IPs. I have perhaps 100 MT routers with public IPs an...
by amt
Fri Mar 23, 2018 11:53 am
Forum: General
Topic: firewall advice to pppoe_client customers [SOLVED]
Replies: 26
Views: 7517

Re: firewall advice to pppoe_client customers [SOLVED]

I will suggest you remove the in-interface on the following rules. /ip firewall filter add action=accept chain=forward comment="ACCEPT established & related" connection-state=established,related in-interface-list=WAN add action=accept chain=input comment="ACCEPT established &...
by amt
Thu Mar 22, 2018 2:52 pm
Forum: General
Topic: firewall advice to pppoe_client customers [SOLVED]
Replies: 26
Views: 7517

Re: firewall advice to pppoe_client customers [SOLVED]

Many Many Thanks Steveocee... here is last one.. /interface list add name=WAN /interface list add name=LAN /interface list member add interface=[/interface ethernet find] list=LAN /interface list member add interface=[/interface pppoe-client find] list=WAN /ip firewall address-list add address=10.10...
by amt
Wed Mar 21, 2018 5:08 pm
Forum: General
Topic: Lost connection to multiple LHG units [SOLVED]
Replies: 25
Views: 7469

Re: Lost connection to multiple LHG units [SOLVED]

Most people that think they have a "secure" network do not. I see this all the time. yes you are right.. plus for this inexperienced :) Do you have remote management of the devices at the customer sites? no Do you use common passwords across multiple devices? unfortunately yes same passwo...
by amt
Wed Mar 21, 2018 3:32 pm
Forum: General
Topic: Useful tools and utilities disappeared
Replies: 6
Views: 1902

Re: Useful tools and utilities disappeared

https://expirebox.com/download/a7286457 ... 0be76.html

download from here I upload it for you.. but in rar file.
by amt
Wed Mar 21, 2018 2:53 pm
Forum: General
Topic: firewall advice to pppoe_client customers [SOLVED]
Replies: 26
Views: 7517

Re: firewall advice to pppoe_client customers [SOLVED]

Basic one but usable, of course you need to change the in-interface to match your pppoe client interface name (pppoe_out1 is the default); /ip firewall filter add action=accept chain=forward comment="ACCEPT established & related" connection-state=established,related in-interface=pppoe...
by amt
Wed Mar 21, 2018 2:30 pm
Forum: General
Topic: firewall advice to pppoe_client customers [SOLVED]
Replies: 26
Views: 7517

Re: firewall advice to pppoe_client customers [SOLVED]

WAN and LAN are interface lists. You just need to edit WAN interface list. Thanks mrz, also I would like to add this rules also but Im not sure the order of the rules, can i add this rule end of the default config ? or /ip firewall address-list add address=10.10.2.10 comment="Admin Network&quo...
by amt
Wed Mar 21, 2018 2:04 pm
Forum: General
Topic: firewall advice to pppoe_client customers [SOLVED]
Replies: 26
Views: 7517

Re: firewall advice to pppoe_client customers [SOLVED]

/ip firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid add action=accept chain=input comment=&qu...
by amt
Wed Mar 21, 2018 1:38 pm
Forum: General
Topic: firewall advice to pppoe_client customers [SOLVED]
Replies: 26
Views: 7517

firewall advice to pppoe_client customers [SOLVED]

Hi All,
our client devices connected with PPPoE got attacked and many of our devices became useless. Do you have any suggestions for firewall rules that can be used to take precautions?

Thanks lot
by amt
Tue Mar 20, 2018 7:11 pm
Forum: General
Topic: Lost connection to multiple LHG units [SOLVED]
Replies: 25
Views: 7469

Re: Lost connection to multiple SXT units [SOLVED]

there is no any wifi signal also, most of them LHG and all of them same problem... bios seems lost. we copy one of LHG bios and transfer it to broken one and it worked. but now the licence has problem,device worked and telling there is no licence. and another problem all mac same with copied one. J...
by amt
Tue Mar 20, 2018 4:45 pm
Forum: General
Topic: Lost connection to multiple LHG units [SOLVED]
Replies: 25
Views: 7469

Re: Lost connection to multiple SXT units [SOLVED]

You say Ethernet interface not working. Can you access the device from the WiFI interface? Hi Normis, there is no any wifi signal also, most of them LHG and all of them same problem... bios seems lost. we copy one of LHG bios and transfer it to broken one and it worked. but now the licence has prob...
by amt
Tue Mar 20, 2018 4:20 pm
Forum: General
Topic: Lost connection to multiple LHG units [SOLVED]
Replies: 25
Views: 7469

Re: URGENT Help !! any security vulnerabilitie ? [SOLVED]

hi anav,

we are supplying to internet to these customers and we did not change any setup, we did not implement any firmware. there are more than thousand cpe. and only puplic ip assigned mikrotik's affected.
by amt
Tue Mar 20, 2018 1:10 pm
Forum: General
Topic: Lost connection to multiple LHG units [SOLVED]
Replies: 25
Views: 7469

Re: URGENT Help !! any security vulnerabilitie ? [SOLVED]

I sent mail to support yesterday but not answerd me yet.
by amt
Tue Mar 20, 2018 10:14 am
Forum: General
Topic: Remote code execution in MikroTik RouterOS v6 (all before 6.41.3)
Replies: 13
Views: 5465

Re: Remote code execution in MikroTik RouterOS v6 (all before 6.41.3)

while waiting answer from support , I wanted to share it thinking that I could get help from here

thanks normis.
by amt
Tue Mar 20, 2018 9:59 am
Forum: General
Topic: Remote code execution in MikroTik RouterOS v6 (all before 6.41.3)
Replies: 13
Views: 5465

Re: Remote code execution in MikroTik RouterOS v6 (all before 6.41.3)

thanks doneware, do you have any idea why this happen ? all mikrotik device down today which are using puplic ip on their interface... Thanks Please stop posting in all topics that are not related to your question. There is a high likelihood you suffered ESD damage due to static discharge in the at...
by amt
Tue Mar 20, 2018 8:29 am
Forum: General
Topic: Lost connection to multiple LHG units [SOLVED]
Replies: 25
Views: 7469

Re: URGENT Help !! any security vulnerabilitie ? [SOLVED]

Using to easy Passwords on public available not firewalled devices?
Hi mistry7,

password was not easy and also user name was not admin. winbox port and ssh, telnet, api closed to outside.

Thanks.
by amt
Tue Mar 20, 2018 8:28 am
Forum: General
Topic: Lost connection to multiple LHG units [SOLVED]
Replies: 25
Views: 7469

Re: URGENT Help !! any security vulnerabilitie ? [SOLVED]

Version?
... details, formulate an relatory.
Hi BRMateus2,

devices not working so I could not check what version they were. I will try to netinstall them today. nearly 50 device down.
by amt
Tue Mar 20, 2018 8:26 am
Forum: General
Topic: Lost connection to multiple LHG units [SOLVED]
Replies: 25
Views: 7469

Re: URGENT Help !! any security vulnerabilitie ? [SOLVED]

Power outages? Didnt pay internet bills? ISP folded? What is the reason for the failures? Not enough information. Hi anav, Power outages? these devices at in different places and there were no Power outages at their place... Didnt pay internet bills? devices not working, ether ports not work. What ...
by amt
Mon Mar 19, 2018 11:39 pm
Forum: General
Topic: Remote code execution in MikroTik RouterOS v6 (all before 6.41.3)
Replies: 13
Views: 5465

Re: Remote code execution in MikroTik RouterOS v6 (all before 6.41.3)

thanks doneware,

do you have any idea why this happen ? all mikrotik device down today which are using puplic ip on their interface...

Thanks
by amt
Mon Mar 19, 2018 7:24 pm
Forum: General
Topic: Lost connection to multiple LHG units [SOLVED]
Replies: 25
Views: 7469

Lost connection to multiple LHG units [SOLVED]

Hi all, Today all our customers who has puplic ip with Mikrotik device stop working. When we check for understand what happen, we see that the ethernet interfaces of these devices are not working , and some SXT reseted. So I wonder to ask if is that related with any security vulnerabilities ? Thanks.
by amt
Mon Mar 19, 2018 6:54 pm
Forum: General
Topic: Remote code execution in MikroTik RouterOS v6 (all before 6.41.3)
Replies: 13
Views: 5465

Re: Remote code execution in MikroTik RouterOS v6 (all before 6.41.3)

Hi Muqatil,

normaly we do not enable SMB on devices. we leave them as default
 enabled: no
        domain: MSHOME
       comment: MikrotikSMB
      allow-guests: yes
      interfaces: all 


I wonder if this vulnerability may affected. cause all of this devices down today.
by amt
Mon Mar 19, 2018 6:03 pm
Forum: General
Topic: Remote code execution in MikroTik RouterOS v6 (all before 6.41.3)
Replies: 13
Views: 5465

Re: Remote code execution in MikroTik RouterOS v6 (all before 6.41.3)

Hi,
Today all our customers who has puplic ip with Mikrotik device stop working. When we check to understand what happen, we see that ethernet interfaces of these devices are not working , and some SXT reseted. İs that related with this vulnerabilities ?

Thanks.
by amt
Wed Feb 14, 2018 7:52 am
Forum: General
Topic: EoIp Tunnel problem
Replies: 4
Views: 1496

Re: EoIp Tunnel problem

no, eoip down but i can ping routers from A router to B router and B router to A router.
by amt
Mon Feb 12, 2018 9:52 am
Forum: General
Topic: EoIp Tunnel problem
Replies: 4
Views: 1496

Re: EoIp Tunnel problem

up..
by amt
Thu Feb 08, 2018 8:29 am
Forum: The Dude
Topic: Recovering the Dude after db corruption.
Replies: 5
Views: 6239

Re: Recovering the Dude after db corruption.

Hello eriitguy,

Yes I asked to support but I think they are so busy,they not answer me yet.

Thank you
by amt
Wed Feb 07, 2018 11:49 am
Forum: The Dude
Topic: Recovering the Dude after db corruption.
Replies: 5
Views: 6239

Re: Recovering the Dude after db corruption.

anyone to help ?_
by amt
Tue Feb 06, 2018 12:39 pm
Forum: The Dude
Topic: Recovering the Dude after db corruption.
Replies: 5
Views: 6239

Re: Recovering the Dude after db corruption.

this is not worked for me.. can you explain more ? I could not do this, it gives me an error. did i made mistake ? here is output; C:\test2>sqlite3.exe dude.orig.db SQLite version 3.21.0 2017-10-24 18:55:49 Enter ".help" for usage hints. sqlite> .output objs.sql sqlite> .dump sqlite> .exit...
by amt
Tue Feb 06, 2018 12:15 pm
Forum: The Dude
Topic: Dude malformed DB - can't modify any thing.
Replies: 1
Views: 1161

Re: Dude malformed DB - can't modify any thing.

hi,

find any soultion for this ?
by amt
Wed Jan 17, 2018 7:52 am
Forum: General
Topic: EoIp Tunnel problem
Replies: 4
Views: 1496

Re: EoIp Tunnel problem

any idea ?
by amt
Thu Jan 11, 2018 12:21 pm
Forum: General
Topic: EoIp Tunnel problem
Replies: 4
Views: 1496

EoIp Tunnel problem

Hi all, I have small problem about EoIP tunnels, I changed my bridged network to routed one. I set up ospf and remove the bridges betwen devices. everything was ok but now my EoIP tunnels strart to not working. I carry my pppoe connections to pppoe_server over EoIP tunnels. there were no problem whe...
by amt
Thu Jan 11, 2018 12:09 pm
Forum: General
Topic: Automatic backup
Replies: 9
Views: 8584

Re: Automatic backup

you can check https://wiki.mikrotik.com/wiki/Scripts also forum has Scripting index... you can check also forum...
by amt
Wed Jan 10, 2018 2:32 pm
Forum: General
Topic: Automatic backup
Replies: 9
Views: 8584

Re: Automatic backup

Hi,

try this;
/system backup save name=([/system identity get name] . "-" . [:pick [/system clock get date] 7 11] . [:pick [/system clock get date] 0 3] . [:pick [/system clock get date] 4 6]);
by amt
Thu Dec 21, 2017 12:33 pm
Forum: Forwarding Protocols
Topic: Extend OSPF network
Replies: 5
Views: 1521

Re: Extend OSPF network

bridged network are 100-120 device totally.. so I create area1 to keep away them from backbone area.
by amt
Tue Dec 19, 2017 4:54 pm
Forum: Forwarding Protocols
Topic: Extend OSPF network
Replies: 5
Views: 1521

Re: Extend OSPF network

Hi,
Thanks for your answer...
I created are1 on TowerM and add other bridged network as Area1 and I convert all to from bridge to routed(ospf) and I select area1 for all other devices which are bridged before. not its working. is that wrong way ?

Thanks
by amt
Thu Dec 14, 2017 10:13 am
Forum: Forwarding Protocols
Topic: Extend OSPF network
Replies: 5
Views: 1521

Extend OSPF network

I am aware that I am asking many questions about ospf in these days. I am in the learning phase so Im asking you to help me for find the right ways for me please forgive me. Im tring to convert my all network to Routed network from bridge. and here is my main network networkdraw-22.png in here there...
by amt
Thu Dec 14, 2017 9:14 am
Forum: Forwarding Protocols
Topic: Proper application advice for ospf
Replies: 2
Views: 1269

Re: Proper application advice for ospf

hi JimmyNyholm,
thanks for you info. yes I will use mikrotik , you prefer to use /32 for wlan interface on p2p links and /32 for ethernet of these links. this will help me to not consume local ip's also, and i will not use bridge also for p2p links. am i correct ?

Thanks
by amt
Wed Dec 13, 2017 12:04 pm
Forum: Forwarding Protocols
Topic: Proper application advice for ospf
Replies: 2
Views: 1269

Proper application advice for ospf

Hello, As someone who is in the learning phase of Ospf, I would like to ask you some questions about OSPF to learn the right way. If you can help, I am very happy. On wireless link which implementation should be okey for ospf networks RB3011 <<< /30 ip betwen ethernets >>> Netmetal AP Ethernet inter...
by amt
Tue Dec 12, 2017 4:43 pm
Forum: General
Topic: SFP signal too strong
Replies: 9
Views: 6547

Re: SFP signal too strong

Im using S-31DLC20D and thesee modules are SM for 20km and Im using them at 20meters, does it makes problem ?

Thanks.
by amt
Thu Dec 07, 2017 11:45 am
Forum: Beginner Basics
Topic: 2 WAN network failover confusion
Replies: 4
Views: 2202

Re: 2 WAN network failover confusion

have a look this;
Posse7x share some info, I think it will help you.
viewtopic.php?f=13&t=128196
by amt
Mon Dec 04, 2017 12:44 pm
Forum: RouterBOARD hardware
Topic: Less than 2000 Mbps on 10GB link
Replies: 15
Views: 10133

Re: Less than 2000 Mbps on 10GB link

thanks to everone...
thanks for sharing yours experience and information with me...
by amt
Sat Dec 02, 2017 12:04 pm
Forum: RouterBOARD hardware
Topic: Less than 2000 Mbps on 10GB link
Replies: 15
Views: 10133

Re: Less than 2000 Mbps on 10GB link

Hi, no, traffic testing is not a problem, I would like to learn that if I need to change the mtu value for 10gb interfaces ? because mtu value 9000 is used for 10gb interfaces in forums and on the web. but my only connection between the 2 points is with a 10gb interface. all my other connections are...
by amt
Thu Nov 30, 2017 10:55 pm
Forum: RouterBOARD hardware
Topic: Modular CCR?
Replies: 38
Views: 6860

Re: Modular CCR?

I write same answer at other topic also sory for this. I hope this will be understandable for my problem. <<Provider>> ===802.3ad (3x 1Gb interface) === <<CCR1072>>> ===10Gb interface=== <<CCR1036>> after this all other networks 1Gb interface. so for this 10Gb connection do I need increase mtu size ...
by amt
Thu Nov 30, 2017 10:50 pm
Forum: RouterBOARD hardware
Topic: Less than 2000 Mbps on 10GB link
Replies: 15
Views: 10133

Re: Less than 2000 Mbps on 10GB link

please post your configuration export look like your are not switching (hardware), maybe you are bridging (software) I hope this will be understandable :) <<Provider>> ===802.3ad===(3x 1Gb interface) <<CCR1072>>> ===10Gb interface=== <<CCR1036>> after this all other networks 1Gb. so for this 10Gb i...
by amt
Thu Nov 30, 2017 4:57 pm
Forum: RouterBOARD hardware
Topic: Modular CCR?
Replies: 38
Views: 6860

Re: Modular CCR?

What should be MTU if i use 10G sfp+ ? Does having a mtu of 1500 cause any problems on 10Gb interface ?
by amt
Thu Nov 30, 2017 4:26 pm
Forum: RouterBOARD hardware
Topic: Less than 2000 Mbps on 10GB link
Replies: 15
Views: 10133

Re: Less than 2000 Mbps on 10GB link

What should be MTU if i use 10G sfp+ ? Does having a mtu of 1500 cause any problems on 10Gb interface ?
by amt
Thu Nov 30, 2017 9:25 am
Forum: General
Topic: Bonding interface
Replies: 7
Views: 3400

Re: Bonding interface

Just letting everyone know, switching to 802.3ad i.e lacp, solved our issue. We are now getting full speeds to overseas on higher latency paths. Super happy. And ps - this is between a ccr1016 and a ccr1072 - so Mikrotik to Mikrotik using layer2 + 3 hashing. Hi Paulct, I test 802.3ad before but can...
by amt
Wed Nov 29, 2017 2:21 pm
Forum: Beginner Basics
Topic: help on adding second gateway with distance=2
Replies: 11
Views: 3435

Re: help on adding second gateway with distance=2

I have no detailed knowledge about OSPF but I would not select "always". I would use "if installed". That is what I use in BGP and it makes sure it only forwards the default route it gets from others, not claim it has it while it really hasn't. Hi pe1chl, thanks for your info, I...
by amt
Wed Nov 29, 2017 10:03 am
Forum: General
Topic: Error message when submitting forum posts
Replies: 3
Views: 783

Re: Error message when submitting forum posts

I have same problem.. and also page not display correctly.
Untitled-1.jpg
by amt
Tue Nov 28, 2017 8:29 pm
Forum: Beginner Basics
Topic: help on adding second gateway with distance=2
Replies: 11
Views: 3435

Re: help on adding second gateway with distance=2

Well I normally use BGP but it should be the same with OSPF. Every device has association with the neighbors only and the default route is just one of the routes distributed by the routing protocol. Like every route it originates at some point (in this case router A) and all other routers learn its...
by amt
Tue Nov 28, 2017 8:04 pm
Forum: General
Topic: Bonding interface
Replies: 7
Views: 3400

Re: Bonding interface

Good topic :) I had also same problem.. i test 802.3ad for bonding two interface between ccr1036 and ccr1072 but it was not worked.. 802.3ad works betwen mikrotik and cisco. But betwen two mikrotik i could not get succsess...
by amt
Tue Nov 28, 2017 7:40 pm
Forum: Beginner Basics
Topic: help on adding second gateway with distance=2
Replies: 11
Views: 3435

Re: help on adding second gateway with distance=2

You can distribute your default route via the routing protocol you use. Should i enable it on all devices that working with ospf ? And some of this p 2 p links are radiolink and I should enter gateway manually. So not put a hardwired default route in each router. You mean not write gateway manually...
by amt
Tue Nov 28, 2017 7:21 pm
Forum: Beginner Basics
Topic: help on adding second gateway with distance=2
Replies: 11
Views: 3435

Re: help on adding second gateway with distance=2

the problem is tower m is monitoring the connection to tower g as long as this connection works the second route won't work so you need to monitor an ip address behind your gw route1: /ip route add check-gateway=ping distance=1 dst-address=8.8.8.8(=high available ip or secound ip from tower d) gate...
by amt
Tue Nov 28, 2017 7:09 pm
Forum: Beginner Basics
Topic: help on adding second gateway with distance=2
Replies: 11
Views: 3435

Re: help on adding second gateway with distance=2

Use an autorouting protocol (OSPF or BGP) to do your routes. In each location you configure the neighbor locations only. The autorouting protocol will rebuild your route tables when one link fails. Hi pe1chl, Yes I build ospf between them.. and ospf running. But its not helped me for this situation...
by amt
Tue Nov 28, 2017 4:08 pm
Forum: Beginner Basics
Topic: help on adding second gateway with distance=2
Replies: 11
Views: 3435

help on adding second gateway with distance=2

First of all hello to everyone, I tried to change network type from bridge to routed network, but I have some problems and I am very happy if you can help me in this matter. I shared a little work below to explain the problem I am experiencing. networkdraw-2.png tower A has two connections, one of t...
by amt
Thu Nov 23, 2017 4:49 pm
Forum: General
Topic: drop all dns request from Internet to my network
Replies: 5
Views: 1921

Re: drop all dns request from Internet to my network

for raw table; /ip firewall raw add action=drop chain=prerouting dst-port=53 in-interface=WAN protocol=tcp add action=drop chain=prerouting dst-port=53 in-interface=WAN protocol=udp for filter; /ip firewall filter add action=reject chain=input comment=DNS dst-port=53 protocol=udp reject-with=icmp-po...
by amt
Tue Nov 14, 2017 9:24 am
Forum: General
Topic: Max L2TP tunnels / sessions
Replies: 4
Views: 2572

Re: Max L2TP tunnels / sessions

Thanks for the info. Yes I have L6 License. I have now about 8K PPP sessions over 17 L2TP tunnels, so I'm only limited with CPU and nb of connections? (the router is tracking connections because I'm using the mangle table) Hi, do you sent ppp sessions over L2TP tunnels ? I wonder what the performan...
by amt
Wed Oct 11, 2017 4:07 pm
Forum: General
Topic: selective connection tracking
Replies: 5
Views: 1881

Re: selective connection tracking

Hi, do I need connection tracking when there is no any firewall rule and nat on router ? I have some PPPoE Server and connection tracking is enabled on them. and I have some routers just passing traffic to other sites or other routers and connection tracking a enabled on them too. I read some post a...
  • 1
  • 2