Most probably... But it could also be a bad crimp. Remember, on gigabit links all 8 wires are used, on 10/100 only 4 are used. Sometimes if one of the two blue or browns aren't crimped properly, you may still have a link, but it does strange things. If it was me, I'd troubleshoot as follow: 1) recri...
Have you removed ether2 and ether3 from the same bridge or (soft)switch? By default ether2 is a master interface, and ether2-5 are slaves - meaning they are all part of the same (soft)switch. You can change this by going to the general tab of ether2-5 and setting "master interface" to none...
Support recommended a full reinstall using netinstall, but I was lucky to get away with software reset (either with /system reset-factory-defaults or by holding reset button). I had the same concern, as one of the devices I had to reset was also on a highsite. But unfortunately there does not appear...
I had similar results with other products too (disc5, SXTsq AC). I contacted Mikrotik support (with sipout.rif), and their advice was to reinstall RouterOS. I managed to recover all devices by doing a hardware reset. I did not try to reload my backup, in case the problem comes back. Sent from my iPh...
Thanks Normis But as I stated in my reply, I am not able to upgrade RouterOS! And after my upgrade attempt failed, I'm no longer able to change any wireless settings either! I believe the original poster also referred to RouterOS, but incorrectly called it "firmware". Please have a second ...
I would like to know the same thing.... I experienced this specifically with LHG AC and SXTsq AC units. Some additional information: After trying to upgrade RouterOS, the router reboots, but old RouterOS remains. The log file says: "kernel failure in previous reboot". I then tried changing...
If your router is enabled for DNS ("Allow remote requests"), your router is vulnerable for DOS attacks from all sides, UNLESS you have a deliberate firewall rule to drop all TCP and UDP pot 53 traffic on your external interface(s). On all my routers, especially ones exposed to the Internet...
Hi guys Hopefully my post would shed some more light on the problem. I have a similar setup as most of you, but with the exception of using Ubiquity radio's and Mikrotik Routers. Here is my scenario: AAA --> BBB --> CCC AAA is connected to BBB using a PtP Ubiquity link (2x Powerbeam 25dBi's), and on...
BUMP! I just came here with the same question and the bottom line is you can't use Axxess/Afrihost L2TP Static IP's on a Mikrotik Router. Has anyone else managed to get something going? I guess Afrihost wouldn't turn off the tunnel authentication from their side, as I believe that would be the ideal...
Hi guys I know this is an old threat, but hopefully someone could help me out here. I don't have a problem "catching" the SIP (UDP:5060) hackers, but I do have a problem rejecting them. What I mean is this: If I create a single filter rule with the hacker's IP as source, the counters goes ...
All the active PPPoE sessions on the right suggests there is more than one authentication mechanism. Do you authenticate the connected users locally, or do you have a second Radius Server (or the like)? The error seems to have something to do with a non-unique value. I can't quite make out what it c...
No, Mikrotik is a ROUTER, not a server. Although Mikrotik's does have some server features, SMTP is one of those things requested several times in the past, but it will never be implemented. However, what you could try is this: Mikrotik does have MetaRouter support, which works similarly to VMWare o...
Hi 49er Do you really need more than 100mbps throughput? In theory that router is capable (as limited by ethernet ports) of 100mbps down + 100mbps up, 200mbps total throughput. Realistically you should easily get 90mbps, depending on interference on the wireless side. At the moment you don't have an...
Hi guys I've been battling with this for the past couple of hours, couldn't find any solution on the forum or wiki. When I do the following (lets assume queue1 exist and the target-address is 192.168.1.1/24) : :put [:len [/queue simple get queue1 target-addresses ]] 1 It seems that whenever you use ...
Use mac authentication for everybody That won't do me any good as the "hacker" (abuser) is a valid user and his MAC needs to be authenticated in any case. The problem is that he is using one of his other family members' accounts when he gets capped. My only solution (unless Mikrotik adds ...
I was hoping for a more "out of the box" solution, but I think a script would be the way to go. I don't have much time right now, but I'll start scripting and share my script here. Please give me a week or so.
Hi guys Sorry for starting a new threat, but I couldn't find my answer in the other threats. In the last few years I've done plenty of HotSpots, so I'm not a nub' at all, but I ran into a issue which I can't seem to resolve myself. To sum up the situation: I installed a MT Hotspot solution (which au...
Have you tried turning it off and back on again? ;) Just some Thursday morning humor! I've had a similar situation, where the PPPoE client wouldn't get correct IP and GW settings from the ISP. I went backwards and forward, but just couldn't resolve the problem. Finally got it working, and the culpri...
Hi megajuras Just a thought.. not sure if it would work, but in theory it should. Have you tried creating a DST-NAT rule on your home RB750, to forward all incoming (incoming on external interface) traffic on port 53 to your RB750's local IP on port 1723? Try something like this: /ip firewall nat ad...
Hi Hilton I would be honored to help with the testing :) If you wish, you could mail me here: giepie at itblanket dot net I also thought of doing my own dyndns system, but in order to do that 100% effectively, you need a server on a network which never goes down, or make use of multiple servers and ...
I have been communicating with the new MD of changeIP via E-Mail. Apparently Sam isn't part of ChangeIP anymore (or perhaps just the dyndns devision). He gently hit me on the nose for flooding their helpdesk, and also explained their SLA to me. Their maximum turnaround time is 24 hours, unless it is...
Seems to be working again, after sending a few hundred mails with the hope to get support. I pleaded with them to put a status link on their homepage where they can paste any issues, so people like us could first check the status page before contacting support. I also suggested they send a bulk mail...
Broken again, no status updates, no response to support mails.
Seems like I'll be going to DynDNS or No-IP (or any **real** or **reliable** Dynamic DNS host). Hopefully changeip will give me a refund due to lack of service
It certainly isn't working for me right now. Do you have a free account or do you also have your own domain? The ddns clients update fine to ChangeIP, and the correct IP is reflected in the control panel, BUT when I do a nslookup to the fqdn (example testingg.itbzone.net), it gives me an old address...
As mentioned earlier, I did receive a reply from Scott at ChangeIP support, only to say DDNS is updating. That was 2 hours ago. I immediately replied with proof that although the DNS on the WEBUI seems to be updating, it doesn't resolve to the correct IP. Even running a nslookup against ChangeIP's s...
I finally received this message: We are seeing successful updates by your microtik router. Sincerely, Scott Support Department ChangeIP.com And replied with this: Hi Scott Thanks for the reply. I almost fell off my chair to finally get a reply after almost a day without DDNS! Currently it does seem ...
I withdraw my previous post. Although DDNS does seem to update, it takes for EVER to reflect. It shouldn't take more than 5min (as indicated on the ChangeIP control panel), but it takes much longer than that). I think this time Sam really died. Last time we thought he died, it only took about a day ...
It did seem to work for a short period, but it is not working right now. I created a test zone (testingg.itbzone.net) and manually changed the IP to 1.2.3.4 and updated the records. I waited for a looooong time for that hostname to become resolvable, and when it finally did, it had the correct IP of...
I just placed another online support ticket, and I finally received one of those automated replies (those that say thanks for contacting support, your ticket number is.....). I have however not received an answer yet.
Please let us know if anyone else receive any kind of updates.
I also found this on the whois page: Administrative Contact, Technical Contact: Network Operations, ChangeIP noc@changeip.com 1200 Brickell Avenue Suite 1950 Miami, FL 33131 US 8007913367 fax: 7862246593 Unfortunately my phone is barred from making international calls. Could someone from the US perh...
I did a whois on changeip.com and it seems they are part of http://www.networksolutions.com. I'm going to try and contact Network Solutions. Will update as soon as I have more information.
I created support tickets online to all 3 departmens (sales, abuse and support). I also sent emails to all the contact addresses on their website, but those mails came back as rejected due to spam. At this point I feel like booking a flight from South Africa and going there in person to find out wha...
I have now managed to manually update the records online, but the fqdn's are still resolving to the old addresses. I tried nslookups too, and they confirm that.
I guess I'll have to start looking at an alternative solution too.
I've setup DynDNS for a client last month, as they already had a DynDNS account. They seem to be stable so far (although its probably way too early to say for sure). But I love ChangeIP, as Sam is part of the Mikrotik community. I just wish he would give better reporting. If there ARE problems, just...
Hi guys Does anyone know if ChangeIP is down? I keep getting "Blacklisted" and/or "Timeout" errors in my Mikrotik logs. This has major repocussions as none of my clients can access anything from outside their offices. My phones are ringing off the hook, and I can't get hold of Ch...
Hey man! Yeah it is kind of weird. The funny thing is, I haven't experienced this, afaik, EVER happening, and now suddenly I see it on about 8 different routers with PPPoE AND l2tp clients. I sent MT support a supout.rif, really holding thumbs they could figure out my problem. All points to a bug (i...
Sorry for butting in but I prefer a nice clean Queue Tree with PCQ for example. No Simple Queues and no scripts - we do not need to make life harder than it is. Hi NetworkPro I too prefer to have nice "clean" rules, nicely labeled and manually configured etc, but if you have /24 or even w...
Does anyone have the script that would make DHCP leases have a simple queue attached? Look at the last script on this page: http://forum.mikrotik.com/viewtopic.php?f=9&t=58551 I'm going to "fine tune" that script for my own use. I need extra functionality to change Queue names if the ...
Just wondering on the graphing, most of my MTs are RB532s with 64 meg of HD space. I have 25 meg free, what is the max value with storage for 100+ queues and interfaces? Just making sure that I don't fill the thing!
Looks like its back up. 36 hours downtime, for a paid for service, and not a word from them... Not a good sign, just happy to have my VPN's and remote updates working on sites again. Please dont make me move back to DYNDNS !!! I'm just as glad all my services have been restored. Every and any produ...
Hi guys Thank goodness I'm not the only one trying to get hold of Sam. I also left several emails and online ticket submissions. I even tried their sales channels etc. It is extremely expensive to make international calls from South Africa, so I didn't call. I really hope nothing has happened to him...
Hi Janisk You say we shouldn't reinvent the wheel. In that case, I'll buy you a case of beer if you find ONE RADIUS package which does everything I require it to do without any modifications. The reason for people like me "reinventing the wheel" is to add functionality to a product. UserMa...
Hi guys I too have a great need for writing larger files. I have written a complete accounting system, based on UserManager. It has the ability to send notifications on certain levels of a user's CAP (eg 50%, 75%, 90% and when the user is finally capped). It sends the user an email and SMS. I have a...
Hi again I had very similar problems in the past, but back then I was using high powered cards (XR5 etc) on highsites. Since then I learned from a RF engineer that by using high powered cards (similar to using amps) actually "boosts" your interference levels too. The same RF engineer also ...
Hi Rudi No, no real luck with such a system. But, we have a general rule of thumb of always ensuring your clients link at between -70 and -75db. This ensures your links are all much more stable, and it makes it easy to see that all your clients have a 70-75db signal. When this changes to say -80 to ...
Everything is done in one script, billing and traffic accounting. The UM logs are kept in the UM DB which keeps on growing. Depending on the amount of users, get a CF or SD card (2GB+) If you have 1000's of users RadiusManager might be the better way until UM is fully out of Beta and has the ability...
We use RadiusManager without problems.. only they have to fix the csv export but works fine for us. I need that someone who used Radius manager and now uses usermanager tell me why they changed. With usermanager you can log all the user connection? like the CTS of Radius Manager? Thanks, I prefer U...
Many thanks to Jacques for the info and to Mikrotik for considering adding Netcash. You most certainly have my vote reqeust for Netcash support. Many people here in South Africa are completely forced to use RadiusManager, due to UM not supporting Netcash. How about starting a poll so we can vote for...
Hi there You should post more info on your setup, particularly what connects to that R52n card etc. I'm doing lab tests (just got my first N card today) and I got up to 51mbps downstream. My upstream is not that good, but I'm using the wrong dipole on it (it's only for testing). I'm running 5GHz-N-O...
OKay I tested it with the new Usermanager from 4.02beta on my RB 1000, with nearly 1000 customers and my customers told me that the ping time is very high with Radius. Without everything is okay!! User Manager only does authentication, it won't cause latency to be high. How did you implement the RB...
Hi albertdal The content field will block all packets which contain the word "facebook". Allthough it's not the best thing to do, I tried it, but it can't block encrypted packets. I'm specifically looking for a way to block certain websites on the URL level as with some cheap off-the-shelv...
Hi all I've been using the webproxy method to block sites for a while now, but it only work for http traffic on port 80. I'm trying to block secure sites eg https://login.facebook.com. I added this rule: /ip proxy access add dst-host=login.facebook.com action=deny But, I don't get any hits on it. Th...
Hi all Great news! Netcash replied to me with the following message: "Hi Giepie, Many thanks for your enquiry and for your enthusiastic support for Netcash on the forum and I will be only too happy to contact the necessary individuals at Mikrotik as requested. However, I do need to point out th...
Hi uldus I sent an email to Netcash requesting some info. I also asked for them to send a mail to support at mikrotik dot com. I sent them the link of this thread incase they wish to join the forum. Unfortunately I have not used Netcash before as User Manager doesn't support it, thus I can't give yo...
I fully agree with andreacoppini (post regarding difference with connectors) I think antA: ufl and antB:SMA would be a great solution. Ubiquity cards are already much larger than normal cards so miniPCI placement would have to be rethinked on future RouterBoards ANYWAY, why not plan ahead by going t...
The MT P2P rules work on the Layer 7 protocol. Layer 7 protocols are established connections, and due to the connections being established already, you can't route it as you'd be breaking the connection. The only solution I know works, is as follow: Route ALL traffic to one gateway(1). On that gatew...
I don't want to hack UM. I wanna create my own "User Manager". My task is to create application which is better than User Manager. I don't know how to pull information from MikroTik. Later I want to to use some kind of CMS application. You're making me think of a old friend who planned on...
I'm sure the CPU would be able to keep up with that amount of users, but you may need more storage space for logs etc. On about 100 users over a period of a year, my UMDB grew to about 40MB. Maybe this could give you some sort of indication on potential disk space required. Currently I run UM on a R...
custom 3rd party, would be great, since i'm living in South Africa, and none of those payment modules support South African places. Want to make use of http://www.netcash.co.za CC API I second Jeeva in this request. Netcash is the only payment gateway aimed at the smaller service provider. Paypal i...
Are you getting a BLACK email or BLANK email? If the email is BLACK, I don't believe the problem is with the script. The mail shouldn't be blank either. Perhaps put some text in the body field of the /tool e-mail command and see if it makes any difference.
Hi KameelperdZA! (vanaf 'n donderstormende weskaap!) I would like to help you with your problems. I am still using the same script (perhaps a few additions and modifications) and it works with all versions except MTROS4B. Could you perhaps give some more info on what exactly isn't working, and perha...
Hi I missed your last reply You should also add wlan1 (or whatever your wireless distribution interface is called) to the bridge. Then it's a good idea to also add a DHCP Client to the bridged interface so you can access it using it's IP address: /ip dhcp-client add interface=bridge1 disabled=no Tha...
Do you want to use the second MT as a repeater in the house? Please give some more info. If it's a inhouse repeater, you could use the second MT in bridged mode and setup a DHCP-Client on the bridge interface. That way the router will have also have internet access, plus you can access it on the dhc...
Hi pjotr What exactly isn't working with your script? Are you aware of the fact that the SAIX IP address have changed? SAIX recommends you use smtp.saix.net instead of it's IP, as certain segments of their network resolve to different addresses. If your problem is that the script won't send out the ...
It could be some DNS issue, or like I said, if you're doing loadbalancing, or routing local and international traffic differently, it could have an affect on certain PC's
That is rather interesting... I'm actively monitoring users I know use ShareAZA and other edonkey etc applications. I have never picked up any loose traffic (ie random ports) on my higher priority lines. On the other hand, as a fail safe, I do block P2P on the higher dedicated lines. (I have a MT on...
I have done it this way: /ip firewall mangle add p2p=all-p2p action=mark-routing packet-mark=p2ppacketmark Then I setup a static route to route the P2P in whichever direction. I also have a dedicated P2P line using "cheaper" bandwidth to help save costs, but more importantly, give higher t...
Everything is written in the manual or in quick setup guide http://www.mikrotik.com/documentation/rosmE.pdf /ip address add address=78.138.29.170/29 interface=internet /ip route add gateway=78.138.29.169 /ip dns set primary-dns=83.229.88.30 To add to what mrz said, you should do the following tests...
I believe Microsoft updates mainly does two things: 1) Break stuff that was working before 2) Make your computer run slower Both of those are great if you bill clients by the hour to fix, but it cause headaches if it's your own systems. MS likes to make you believe they do "security" "...
Hi guys I tried finding my answer in the forums and license page, but I'm not 100% sure. I would like to transfer a Level6 license from a x86 router to a RB600 based router. Is there any way of doing or requesting this? The L6 license is currently on a 4GB CF card, and my original idea was to use it...
Hi Serge Is it possible with the new UM to add more variables? I'm specifically trying to add a secondary E-Mail address to a client's profile (one to send usage statistics to and another to send invoices to). It is also crytical for me to have more variable fields for scripting purposes. Currently ...
LEt's simplify: I run wireless community network. It is open, meaning, there are no restrictions for users to connect. However, I've set network to recognize registered members from visitors. Registered members get static IP leases, and guest get IP's from the pool. Network is subnetted, and any re...
same user for each subnet I admit that I missed this part of the problem. You're right, that does complicate things... the only approach that I can think of to address this would be to not specify an IP in usermanager, and then set up a static ip reservation to that MAC in each of the (2) different...
Hi pedja In UM it is possible to make use of IP pools. On each NAS (Network Authentication Server) or Mikrotik, you could use the same IP Pool name, but with a different IP range. The other option is to specify a default IP pool to be used ON the NAS, and not type anything in the Client IP or Client...
First of all, open Winbox Terminal on your User Manager server, or simply connect to it using a Telnet program. Then go to "/tool user-manager log" and type "print". Look in the log for any authentication attempts and paste on the forum. Are you sure the IP address of the NAS (PP...
After the upgrade, didn't your PPPoE Servers perhaps jump to your ether3, and when you dial your ADSL it actually connect to a PPPoE server running on ether3? The only way this could happen is if you have a PPPoE secret which is the same as your ADSL account. What IP's do you hand out to your client...
I added the same rules from CLI on a RB532A running 3.10, and it definitely comes as 0.0.0.0/0. Did you perhaps upgrade from 2.9, or was that a clean MTROS3.x installation? My RB532A was upgraded regularly throughout all the 2.9.x ranges up to 2.9.50 and then straight to MTROS3.0, then 3.4 I think a...
Hi Alex It really is weird that the router reboots! The only funny thing I can see in your rules are the to-address. Usually 0.0.0.0 would be entered as 0.0.0.0/0 and not 0.0.0.0-255.255.255.255. I haven't tried it your way, but don't really want to risk a router rebooting. Perhaps you should mail t...
Hi Alex Yes, according to your explanation you should use ether1's IP. If you have more than one address on that interface and still not sure what address to exclude, you could setup an IP address list (/ip firewall address-lists) with all IP's ON your CORE router, and choose =! <ip-address-list-of-...
Now its making much more sense, thanks! It's interesting that only D-Link causes that to happen. Although I really don't like sh1tlink products at all, I can't see how the problem could be with specifically D-Link... Are you by any chance using load balancing on your system? Utilities making use of ...
I have done personal tests on RB133 and RB133c's and you get a stable 14mbps throughput. Above that other factors like interference causes the throughput to play yoyo. The actual problem here is that the RB crashes (or CPU skyrockets) as soon as a wireless card is installed. I'm merely stating the p...
If you really wish to find the virus, I might have a good suggestion. If not already using the world's best antivirus (Avast), install it on a PC connected to the backend of your network (ie, the PC is not behind it's own NAT firewall or something). Disable al Windows firewalls on that PC so the the...
If you wish to make a point to point link for your backbone links, you should use bridge to bridge. For clients you should use ap-bridge on the highsite and station at the clients.
bridge->bridge = point to point
ap-bridge->station = point to multipoint
Now we still don't know how your setup works. Is the D-Link installed inside your computer? (Sorry, I'm not familiar with D-Link as I had too many problems with it). Is the D-Link connecting to a highsite (in client mode), or is it distributing signal locally at your house (AP mode) and you connect ...
You could do it that way, but some clients like static IP addresses and use any DNS server they can think of. Then they complain to you about bad service, meanwhile the problem is on their side. I prefer to FORCE everyone to use the DNS I want them to use. If you setup your CORE/DNS router to use it...
I agree with jorj. It is not a good idea to have the same address for 2 bandwidth sources. I would suggest making ISP 1's ip eg 1.1.1.254/24 and ISP 2's IP eg 1.1.2.254/24 on your routers connecting to your ISP's. You could add static routes to route two hardly ever used IP's via both ISP's. (eg, ro...
Hi headstrong I have a general "rule of thumb" way of setting up all highsites/relay sites. Say we have the setup where we have one server room, one highsite, a smaller relay site and a client connected via PPPoE. SERVER ROOM/MAIN SITE: BANDWIDTH ROUTER(ADSL or whatever): IP Address: 192.1...
Is it at all possible to disable your masquerading rules for 10min and testing your DST NAT rule then? I am not sure what your interfaces are called and does, so I can't say for sure if it would help. What I would suggest, of possible, is to disable all NAT rules and only enable the rule you are try...
The simple queue monitors both outgoing and incoming traffic between the router (the interface you choose) and the target address. If you don't specify an interface, you in some cases find that the incoming and outgoing traffic seems to be the same. That is because the same traffic is counted on mor...
If you do a traceroute to that PUBLIC IP, does the trace actually go via the router you are doing the routing on? And if you do a trace to the IP of the internal server, does the traffic also go via the router you are doing the routing on? It sounds like all your traffic might not go via that router...
also note what power supply you are using and whether its going via POE and the distance. It could have to do with voltage drop to the routerboard. I can't think of any other reason. Have you tried upgrading to the latest ROS?
Thankx for the useful link. I am not from an RF background and am always very happy to learn from RF people! I consult with some RF friends whenever I'm unsure, as they almost forgot years ago what we still have to learn!
It is a good idea to block these UDP and TCP ports: 135, 137, 138, 139 and especially 445 on all highsites. They have to do with Netbios and file shares (SAMBA). Most worms and some trojans use these ports to find their way to other open shares, even if nothing is open they still manage to flood you...
Omni's are well-known for picking up static and blowing your wireless card. The card will still work, but very poorly. Omni antenna's are NOT DC grounded, even though some less experienced sales people might tell you they are. The best would be not to use an Omni, rather use some sectors, or ask an ...
We are willing to help, but need some info from you first Could you paste your attempts so we could have a look at them? Please indicate which interfaces and addresses are connected to what and where it needs to forward. The easiest is to go to the terminal screen and to type: /ip firewall nat print...
Usermanager is still under development. Currently it's not possible to have a backup UM, or to even loadbalance to another UM.
You can backup your userdatabase and restore to another router, but it doesn't backup your users's usage, only the attributes such as rate limits, IP, Pool, user/pass etc.
Remember the upgrade from 2.8 to 2.9 and 2.9 to 3 is a very big upgrade. When going from 2.8 to 2.9 we also had many things that wouldn't upgrade. It's always a good idea to install new hardware and make sure everything is working fine in the lab. You could now either install the new router you conf...
Do you really need the hotspot to run on both interfaces? Cant you setup the hotspot interface as a hotspot, and the other interface as a normal AP (no hotspot) and use WEP encryption on it? All you need in that case is an IP address on the interface and a DHCP server for that interface. Be sure to ...
I never had the need to add a ACL to limit all, I only use default forwarding, but it's possible to work. Try 00:00:00:00:00:00:00 and see what happens. Be sure to first set it to enable all users (or simply disable the interface), and make sure your own MAC is right to the top of the ACL list in or...
You gave very little information, but from what I can see your client probably connects using a 2.4GHz AP/Bridge, and you have default forwarding on on your highsite. I suggest disabling default forward on your 2.4GHz distribution interface, and make sure all Access List entries are also set to not ...
The DNS settings specified during your hotspot setup will be used as your primary setup. Since you installed 3 hotspot interfaces with a different DNS server for each of them, it probably changes your primary DNS at random. I usually use these firewall dst-nat entries to force all tcp and udp ports ...
Won't the MT connect to the Senao, or does it connect but not pass DHCP/Traffic? What you said in the forum should really work, it is rather odd. You didn't by any chance setup the Senao to use WPA instead of WEP? One more thing I can think of, is that if you're using a 802.11b Senao AP (Prism2/2.5 ...
Hi I also use MT for my DNS. At the end/core router I have a dst-nat rule which targets ALL port 53 UDP and TCP ports and dst-nat it to that router's address. Under I have two dst-nat firewall rules, one for port53 UDP and one for port53 TCP. It dst-nat all DNS requests to that router's IP. I have s...
You can also add an ACL entry, and set authentication=disabled for that entry. Do not disable the ACL rule itself, set the authentication flag / tickbox to disabled/off.
If you remove your PC Box's default gateway, can you then ping the MT box and the ADSL router? If not, the problem is on your PC, but I doubt it. I would really suggest adding another ethernet interface on your MT and connect your PC to that interface with a DHCP server. From what you wrote in your ...
When you say signal grows, do you mean it becomes weaker or stronger? Be a bit more specific on your power source and what wireless cards you are using.
If you REALLY want to use loadbalancing, why not use MT instead of third party loadbalancers? Search for the ECMP script on the MT WIKI. I do not trust loadbalancing. I make use of src-routing and dst-routing, much more stable and reliable. I reckon loadbalancing is fine for WISPS with fewer clients...
You should assign the IP to the BRIDGE interface and not the ether1 and wlan1 interfaces. You only need one IP. I suggest adding 192.168.5.254 on the bridge interface, and set your pool to hand out 192.168.5.10-.250. Reconfigure your DHCP server, and make sure to only use ONE DHCP server on the BRID...
Have you tried other cards? Was it perhaps a R52H? I had similar problems with a R52H, but when replacing it the CPU was fine again. Only difference was I only had the one card installed, disabled works fine, enabled, no go.
Your problem is the RB133's CPU being way to slow to handle the DUDE. I had DUDE running fine on a RB532A, but as my configuration grew, it started crashing until it wouldn't work at all. Best is to run DUDE on a PC based router, or Windows PC. If you use DUDE for notifications, I wrote a script to ...
It seems the SMTP server is not reachable. Go to the CLI (terminal) and go /tool e-mail send to=x@x.com from=y@y.com subject"hello" body="hello again" server=your_smtp_server
Hi there I honestly have no idea how to break the file up in chunks or what the maximum variable size is. I have similar questions, as for now my scripts are running smooth, but I'm afraid that I might run into the same problem once the files get much bigger. The only solution I can think of is to t...
You should search under failover scripts. Many people wrote scripts for this purpose. You could always adopt it to your needs. The command you need to run in your script, is something like: /ip address set [find name="interfacename'] interface=ether1/wlan2/pppoe-out1 Try and write a script from...
Some boards doesn't switch themselves off upon low voltage. I'm not sure about RB133's, but I know RB112's doesn't switch off, resulting in the voltage regulator packing up. RB532's 600's and I suspect most new boards have protection for this by turning off the board completely until there is suffic...
When installing using either of the above settings, the CF card will be formatted automatically (upon package selection) and everything should be done for you.
Why not use different IP Pools, one for Public IPs and one for Local IPs. In Usermanager (or your RADIUS server), specify from what pool the user needs to get an IP address. I tried figuring out what exactly it is you wish to accomplish by reading all your settings. Is there any specific reason for ...
We really need more info, but it could be that your routers are running one of the first ROS3 or even ROS3 BETA versions, and they were known to be very slow when logging into Winbox. Perhaps open Winbox and wait until the windows are loaded, or Winbox freezes. You could also TELNET into the router,...
How are you attempting it? I suspect you have scripts to backup your userdatabase and import it to the other router. If that is the case, remember that only usernames, passwords, comments, shaping info, private info, IP's, IP Pools etc will be exported/imported. Your clients' actual usage will not b...
In that case I would rather do the following: Create an IP list under ip/firewall/addresslists which contain all the clients you wish to control's source IP's. Then create a firewall rule which drops that addresslist (if the firewall rule is on, those IP's are blocked, if firewall rule is disabled, ...
Yes, it is by far better to use dedicated links. For example: BACKBONE to HIGHSITE: use 2x 5.8 grids pointing to each other YOUR HOUSE to HIGHSITE: use a sector on the HS and a grid at your house HIGHSITE to CLIENTS: use grids at clients and sector on HS The routing is really not difficult once you ...
Can anybody say why there is no syntax highlighting in the editor an why you don't get ANY information why a script isn't running? :wink: Is there a hidden feature to get debug informations ? Heiko Hi Heiko Unfortunately there is no debugger or syntax highlighting in the editor. I have also request...
What happens when you use another kind of AP/bridge?
Are you connecting to your own network, or are you the client of another WISP and connecting to their highsite?
This would be nice, but the solution MT has for this problem is to make use of an external SysLog server. The DUDE does offer this functionality, allthough I haven't tried it yet.
A dynamic queue is created upon authentication of the PPPoE session. Dynamic entries can never be changed, only removed. It would be nice if UM could kick a user when rates are modified from the UM GUI. Perhaps another button which says SAVE AND KICK instead of only SAVE on the UM GUI. I normally ki...
The address that needs to be typed in under /router on your UM, is the address from which the NAS (Network Authentication Server or remote hotspot in your case) will use to authenticate itself on the RADIUS/UM. The simplist way of finding out what that address is, is to login to your hotspot using W...
Please make sure that the PATA drive is the primary drive on the primary IDE interface when installing. Linux and MT doesn't like running of secondary interfaces and also not when it used to be primary and is now secondary.
The address you are trying to access, is it accessible from that PC? What happens if you try to do a tracert to it? From what I can figure out, you are trying to access the internal address of your wireless network, but you are connected via internet and not your own network. If this is true, you'll...
You have to "kick" the active user. Try this command: /ppp active remove [find name="farqad"] This will only work if the user is connected to the site where the script is run from. You could use the :if command to first see if the user is actually online, but the above script sho...
Hi kamal I'm trying to figure out if your clients can't authenticate during night time, or whether they do authenticate but just can't browse. Does it happen to all your clients or only some of them? If the users can't authenticate during night time, what happens to users who was already authenticat...
Who ever said our industry is easy? :D I am very skeptical and careful when upgrading any MT. I only upgrade when I need a new feature or when something isn't working as expected.My rule of thumb is to upgrade highsites at a time where it will be possible to "quickly" go out and fix if nee...
First of all, if you wish for the MT to dial out, the Zyxel router needs to be set to BRIDGE mode and the correct VPI/VCI/Encapsulation settings. If you cant get the above to work, you could always forward all incoming traffic on your Zyxel router to your MT. First try setting the Zyxel to bridge mo...
It is likely a bad signal problem. Please let us know what the signal strength's of all connected clients are and which one is giving the problem. Also give us the signal level on both sides (both the highsite and client side). Do you have clear line of site (LOS) from the problem site to your highs...
I suspect your error message was: Authentication Failed, RADIUS time-out AFAIK you can't specify the RADIUS server as 127.0.0.1. Open the terminal window (from THAT router), type: "/users active print". It will show all active users. Find the active user using TELNET and see what that addr...
Hi ntmanxp Perhaps you misunderstand the concept of PPPoE The LOCAL address on your profile is in fact the default gateway your PPPoE Clients will obtain. I suggest using eg 192.168.0.254 for the LOCAL address. For your clients' IP pool, use 192.168.0.1 to 192.168.0.253 and use that in your profile ...
The best is to have default authenticate setting OFF and adding each client's MAC address manually in the access list. Then you can disable a certain MAC manually. What is the reason for not wanting weaker signals to connect?
Is there a reason for using WDS other than saving on hardware?
I strongly suggest using dedicated backbone links and routing your network properly.If I'm missing your point, please explain your network in a bit more detail.
Hi Egate I agree, it could be confusing. I spent a good few hours on it the other day. You have to specify on what interface you'd like the queue to monitor. And remember, if you have a 0.0.0.0/0 monitor on a certain interface, all queues below that one on the same interface will not count anything....
The source code for UM is unfortunately not open. Your best bet would be to use FreeRADIUS or similar. Otherwise, make use of UM and use some scripts you could easily find on this forum. Why would you like to create your own UM? Is it to modify your GUI, or do you need to add certain features?
Hi w2jo Remember when restoring a backup, your exact settings will be transferred. Since the address you added before restoring the backup was NOT on the previous router, it will be cleared together with any other settings and ONLY the backup's settings will be restored. Lucky for us Winbox now has ...
Hi Phil Why don't you consider billing your clients per GB instead of per time? When you charge per GB it's actually a good thing if users share their details, as you'll end up selling more GB's :) You could sell 10MB at a time if wish. I have many scripts to make usage based systems work very effic...
Hi there Yes, you could make use of a queue. Make sure the users you wish to limit at certain times come from the same source address or make use of address lists. Then setup a queue to limit those users at certain times to a much lower speed. It will not lock the users off completely, but you could...
You can only have ONE DEFAULT gateway, being uhm.. the default! You have several options though. 1) Use source/policy routing where you route certain "from" addresses to a certain gateway. (Eg your more expensive users are routed over your better quality/more expensive bandwidth) 2) Loadba...
I agree with jwcn, rather use PPPoE. This kind of problem needs to be illiminated from the ISP side. You can't expect all your clients to run 3d party software, unless you have very few clients maybe.
Hi all I just wrote a script you may find interesting. How it works: Under ip/firewall/address-lists you add an address list for every IP you wish to monitor. (Use the script only on a router which doesn't make use of address lists for other functions) The Address list's name should be some sort of ...
I too have also adapted those scripts for our setup with excellent success. We have managed to control many aspects of usermanager and ROS etc via scritpting. Hi Airstream Would you mind sharing your version? Perhaps we could learn from each others' scripts! I'll trim mine a bit over the weekend an...
Hi all! I'm more than happy to post my version. Please let me know if you want mine or if the original is sufficient. I'm still tiding up mine a bit so I could put it on the WIKI. I'm busy working on a way to remember the clients' original subscription so if you add gb's during the month, the end of...
Thats how I've been doing it, but I was hoping to find an explination of what every command does too. Is there no other way to find it, or should I just guess and try?
DUH!! Hitting myself against the head! I honestly never thought about it that way! I had a whole bunch of if's inside of each other with log entried to try and figure out where the problem came from, and took out each if command as I know the problem wasn't there. So I basically ended up with my thi...
Hi kewlkeed I sort of agree with your statements. Apparently a new release of UM will come out one of these days with many customizable functions. I recently discovered the power of scripting on UM. Since the GUI doesn't offer you that much, I wrote scripts as follow: 1) to send me daily bandwidth u...
Hi Dragon Are you looking for the full script? I figured out that the problem was with the value of the variable actually being infinity. So I added this bit of code which seems to have fixed it completely: :if ($bytestotal < 1000000000000000000) do={ } else={ :set bytestotal 0 } It has to be part o...
Hi there Thanks for the info! I thought it would mean "length", but wasn't 100% sure. Where could I find a list of all such functions? I looked at the 2.9 manual but theres only a couple of functions. I'm currently sitting with a problem where my variable isn't always an integer and have n...
I managed to get it right! It took me a few hours, but it was worth it! Feel free to use, modify and abuse! :log info "Starting QUEUE Statistics Checker" #####DEFINE VARIABLES##### :local slashchecker :local slashcheckertotal :local bytecountedup :local bytecounteddown :local megcountedup ...
Hi all Thought you might be interested in my script. I have not tested it for dynamic queues as I only need it for static queues: :log info "Starting QUEUE Statistics Checker" #####DEFINE VARIABLES##### :local slashchecker :local slashcheckertotal :local bytecountedup :local bytecounteddow...
Hi itsh.net I found your post because I had similar math problems with the bytes command. The basic problem is that "bytes" is defined as uploadedbytes/downloadedbytes and not two seperate variables such as tx-bytes and rx-bytes. I wrote a quick script to mail all queues on a certain route...
Hi all Congrats on the script! I attempted my own version using a foreach loop, but this way seems to work better for the particular task. I would like to change the script so it not only sends me "total-bytes" but instead "total-tx-byte" and "total-rx-bytes". I noted t...
I agree It is hard to find bugs in a script with no error output. I usually hash out newly added portions of my scripts and remove the hashes after everytime the script ran propperly. Once I hashed out something and the script won't run, I have a rough idea for where to look. It would be very cool i...
You have to use the IBurst SMTP server. I suspect you tried using IS's SMTP server which will not work.
About blocking links, no, you can't block a full URL. However, you could block the IP address of that domain, or add a static DNS record under /ip/dns and give it an invalid IP address.
What version of MT are you running on the UM you wish to backup?
If my mind serves me right, the very first versions of UM could not be restored to the later versions, so you first had to upgrade your UM system and then do a backup.
I've seen the :len argument several times but can't quite figure out what it does and the usermanual doesn't help me either. Could you give me a short description?
Would you mind pasting your scripts on the forum? I'd also like to have a look at them. With MT3 you just might be able to get rid of your Linux scripts and code everything from within your MT's.
Hi Closed_1 If a file download is started, the connection state is already active. This means the file is already downloaded from your DEFAULT gateway, and if you now change the gateway, the download will more than likely fail, even when using a download manager, as everytime the download is restart...
Hi Krige I used your accounting script from the WiKi and rewrote several parts of it. I managed to use the transfer-limit from UM instead of the one you specified using the comment field. Currently the script sends out notifications when a user reach 50%, 75%, 90% and also when a user is capped. It ...
Hi all Since this script seems to be a script orientated thread, I would like to come back to the first post. It would be real nice to have a script make snapshots of all your clients connections' signal strengths at different times of the day. If this could be exported to a file and mailed/uploaded...
Hi Heiko You should perhaps follow this thread too: http://forum.mikrotik.com/viewtopic.php?f=10&t=22264&p=118659#p118659 Apparently the new UM would have many new features, but it sounds like it has more to do with the GUI. Mikrotik really like keeping us in despense! :) At least they never...
Hi serge Thanks for the useful info. I think it would really be nice if one could at least execute a MT script from the UM GUI, and also get a response on screen (if applicable). I'll have to see how the customization works before I can comment on that. I know you can backup the user DB, but many us...
Hi normis The ability to change the colours and add pictures would be a bonus, but should be done right at the end I reckon. More important now is to finish off the groups and dropdown menus etc. It would be awesome if you could add your own custom dropdown menu's and fields and also remove unused f...
Mikrotik for me is a much better platform to build upon. It's a small but very affective system. If a MT router / UM had to crash for whatever reason, a new one could be up and running within 10minutes including all your scripts and special tweaks. If a RADIUS server had to crash, you may not be so ...
Hi all I was wondering if there are any plans in the near future to open the UM database so one could write your own customised GUI. I'm at a point where I need to make a huge decision. Either I stick with UM for another month or two and live with certain limitations (with regards to customising the...
Hi changeip The point is not what uses less power, I just mentioned my reason for wanting to run UM off a RB and not on a PC. 1) I need to have UM running off a RB600 - (for power backup reasons. RB run off 12VDC, Desktop PC does not) 2) I need to have MT/UM running off a CF - (NAND does not have en...
Hi all This is perhaps off topic, but I decided to ask anyway due to the fact that the RB600 specs are being discussed over here. What I need to know, is wheter you can install MT on a CF using the RB600. I have tried this with an RB532A, it didn't work, I contacted MT support and they said it won't...
Hi all A client recently did 88GB according to UM, but we noticed there was several almost duplicate entries, with varying upload used and the sessions were more or less the same time spans too. I can assure you it's not a routing problem or that more than one user is using the same account. UM is c...
When you say you run WDS and bridge the interfaces, do you mean you are actually using one IP range throughout the link? Basically this is what you have: Building 1: NOTEBOOK with 2.4GHz Ant RB333 with 2.4GHz Dist and 5.8GHz Uplink Building 2: RB333 with 5.8GHz Dist and ethernet "uplink" S...
Today I'm going to test with one card configured as bridge AP at 5GHz and the other card configured as bridge AP at 2.4GHz in order to avoid interferences. This seems to be very strange...are you sure the two client were associated to a different ssid (client1--wlan1 and client2--wlan2)? I'm asking...
Hi Giepie. I would find even this script useful. Could you post it in the 'Scripts' collection in the Wiki, or pm me with it please? Thanks, SS Hi SweetSunday Perhaps you misunderstood me. I have not created such a script, as I can't seem to export as CSV format with usage etc. It is possible to ex...
Usermanager CSV Script Hi all I tried writing a script to export the user database in CSV format at the end of each day. The sole purpose for this to be able to have a daily record of all clients' usage in graph form on Excel. I can export the database for backup purposes, but that format does not c...
Hi all, we already used this RB333 using router OS V3.0rc1, great performance, but i tittle disapointed with mac-telnet. When i mac-telnet to it, after command prompt always displayed " 44r " and the consule always crash after i putting wrong or try to dellete the command. Is any body hav...
Hi Normis What is the R52H card you referred to? Is it an upgrade to the normal R52 cards? I haven't seen anything on them at routerboard.com. Re, G http://routerboard.com/prices.html#permlink29 it's a high power card R52H is a 350 milliwatt card vs the previous model with only 65 milliwatt. Thanks...
Is it just me or are there others that think these values should be used the other way around? The uptime-limit should define the time frame to utilize ones credit-limit. Please correct me if I am wrong :? All Wireless ISP's (or in South Africa anyway), doesn't really care about the uptime. Users a...
Is this mean that I have to add google mail SMTP and POP3 server and shoul it be a IP address? Hi Gergana You don't need any POP3 settings for your script to work. You should use your upstream ISP's SMTP server, and make sure your "from-address" is allowed by your ISP's SMTP server. Yes, ...