Community discussions

Search found 5270 matches

by pe1chl
Wed Jun 19, 2019 12:13 pm
Forum: General
Topic: Route the Fiber [SOLVED]
Replies: 7
Views: 382

Re: Route the Fiber [SOLVED]

Well, sometimes the situation can be tricky. For example, for me it is not possible to get fiber, but for the people across the street it is. My street is the border of the area where you can get fiber. If I would get internet from the people across the street (I don't, I have my own VDSL connection...
by pe1chl
Tue Jun 18, 2019 8:50 pm
Forum: RouterOS v7
Topic: Feature request: Force sending of DHCP options to clients
Replies: 26
Views: 5364

Re: Feature request: Force sending of DHCP options to clients

When there is some option that fixes your problem, you can add it. That has been possible for a long time.
by pe1chl
Tue Jun 18, 2019 11:06 am
Forum: General
Topic: 802.1p without VLAN tag?
Replies: 5
Views: 195

Re: 802.1p without VLAN tag?

Yeah, everything will be possible in v7 :-) It for sure is not enough to set a priority and then assume that the router will add 802.1p tags... I have priority setting (from high 3 bits of DSCP) in most of my routers and by default it does nothing. With a tagged VLAN it works OK. So either the route...
by pe1chl
Mon Jun 17, 2019 11:54 pm
Forum: General
Topic: 802.1p without VLAN tag?
Replies: 5
Views: 195

Re: 802.1p without VLAN tag?

Ah you have also been looking for it :-) It kind of surprises me that VLAN refuses ID 0 because this is the standard way of using it... Of course I could use some other ID but it would require changes at the other end as well. (for now, ignoring the fact that the other side may have a wrong implemen...
by pe1chl
Mon Jun 17, 2019 9:40 pm
Forum: General
Topic: 802.1p without VLAN tag?
Replies: 5
Views: 195

802.1p without VLAN tag?

Is there any way in RouterOS to use 802.1p priority without having a VLAN tag? An easy way to do this would be to have a VLAN subinterface with VLAN tag 0, but RouterOS does not allow tag 0 in a VLAN subinterface. Is there some other option on the ethernet interface to have that 802.1p header that I...
by pe1chl
Mon Jun 17, 2019 6:48 pm
Forum: Wireless Networking
Topic: Mikrotik 951G-2HnD as AP does not roam connection [SOLVED]
Replies: 3
Views: 180

Re: Mikrotik 951G-2HnD as AP does not roam connection [SOLVED]

Nobody does. You will have to test it and see what happens.
by pe1chl
Mon Jun 17, 2019 3:07 pm
Forum: Wireless Networking
Topic: Mikrotik 951G-2HnD as AP does not roam connection [SOLVED]
Replies: 3
Views: 180

Re: Mikrotik 951G-2HnD as AP does not roam connection [SOLVED]

In such a configuration, roaming is entirely up to the client. When it does not look around on other channels and/or does not decide to hop to a stronger signal, no roaming is taking place.
With your extender both APs were probably on the same channel and the client may behave differently.
by pe1chl
Mon Jun 17, 2019 11:51 am
Forum: Announcements
Topic: v6.44.3 [stable] is released!
Replies: 121
Views: 25922

Re: v6.44.3 [stable] is released!

Ah, the usual problem with QuickSet... It has been requested many times to have some feature to make QuickSet readonly (either manually or even automatically after changes outside QuickSet have been made) but it is not picked up by MikroTik. Now, QuickSet remains a ticking timebomb in routers with n...
by pe1chl
Mon Jun 17, 2019 11:47 am
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 25
Views: 825

Re: QoS prioritization only, without shaping?

When you are using DSCP for priority it often is not required to have mangle rules like that, because most applications already set DSCP. E.g. a VoIP telephone and a VoIP server will already set the DSCP on their voice data to 46. No need to do that again in a mangle rule, unless something between t...
by pe1chl
Mon Jun 17, 2019 1:52 am
Forum: General
Topic: Measure aggregate ipv4 vs ipv6 volume through router
Replies: 2
Views: 112

Re: Measure aggregate ipv4 vs ipv6 volume through router

It is not possible within the router at the moment. When you want to write something yourself, you can use a firewall rule to count the traffic and use a program on another computer that retrieves the counters of the firewall rule and graphs it. Unfortunately firewall counters are not readable via S...
by pe1chl
Mon Jun 17, 2019 1:31 am
Forum: Beginner Basics
Topic: single IP constantly trying to log to my Mikrotik
Replies: 33
Views: 1196

Re: single IP constantly trying to log to my Mikrotik

Filtering in the raw table can sometimes make sense in cases where an extreme amount of traffic arrives that is to be dropped before it can register a "connection", e.g. UDP traffic or traffic to be dst-natted ("portforwarding" in most router speak). But in this case there is no extreme amount of tr...
by pe1chl
Sun Jun 16, 2019 12:54 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 287
Views: 57545

Re: v6.45beta [testing] is released!

Will it ever be possible to filter ipsec logs by peer? Debugging is pretty much impossible if you have a ton of tunnels active. +1K I think the log part need to be rebuild, for betther debugging For better debugging and analysis you should consider sending to a remote log server. Makes life much ea...
by pe1chl
Sun Jun 16, 2019 12:50 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 287
Views: 57545

Re: v6.45beta [testing] is released!

I don't think I understand what is going on there. I use ND, not DHCPv6, for setting those parameters. That's the point. With ND you can not specify the DNS server, with DHCPv6 you can. Consider to switch... Works just fine, I've set it up this way as well. Only Android does not support DHCPv6 and ...
by pe1chl
Sat Jun 15, 2019 10:11 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 287
Views: 57545

Re: v6.45beta [testing] is released!

I don't think I understand what is going on there. I use ND, not DHCPv6, for setting those parameters.
by pe1chl
Sat Jun 15, 2019 10:05 pm
Forum: Beginner Basics
Topic: single IP constantly trying to log to my Mikrotik
Replies: 33
Views: 1196

Re: single IP constantly trying to log to my Mikrotik

If we're speculating: why should raw rules be stored any differently than tracked connections? Because the manual states that raw rules are processed sequentially from top to bottom. So that is the only way they can be matched. First check the first rule, if it matches perform its action, then chec...
by pe1chl
Sat Jun 15, 2019 1:47 pm
Forum: Beginner Basics
Topic: single IP constantly trying to log to my Mikrotik
Replies: 33
Views: 1196

Re: single IP constantly trying to log to my Mikrotik

for each packet some cpu cycles will be used to compare with existing list of connections and determine if it's established or related to them and if they can be allowed to pass .... which might be thousands of comparisons if that many connections are tracked by FW at given time. Compared to that, ...
by pe1chl
Fri Jun 14, 2019 5:38 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 287
Views: 57545

Re: v6.45beta [testing] is released!

Please implement "advertise-local-dns" option in IPv6 ND that makes router advertise the local address (same as gateway) as DNS server, instead of the IPv6 DNS servers configured in /ip dns. (to make IPv6 systems use the local DNS resolver instead of going directly to the ISP DNS servers) This is ne...
by pe1chl
Fri Jun 14, 2019 12:35 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: firewall src add and dst add
Replies: 38
Views: 3246

Re: firewall src add and dst add

The issue of course is that he wants to use opendns via port 5353. It is not possible to set that in the route DNS resolver, only the server can be specified and not the port number. That should really be fixed by MikroTik, but for now he needs to use the ugly hack mentioned by Sob to make that work...
by pe1chl
Thu Jun 13, 2019 4:19 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature requests
Replies: 1095
Views: 187903

Re: Feature requests

It would be nice to have some feature to move an entire network with all its interface-related settings to another interface. I.e. interface list, bridge port, IP/IPv6 addresses, dhcp client or server, firewall entries, and all other config that refers to an interface. Use case: you want to move an ...
by pe1chl
Thu Jun 13, 2019 12:07 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 287
Views: 57545

Re: v6.45beta [testing] is released!

But not only that, distinct interfaces would make everything more clear and admin friendly. More interoperable too. And the whole thing doesn't even sound too complicated. Well, I remember the days when all Linux systems did that, but it was changed because others (BSD, Cisco) were not using separa...
by pe1chl
Thu Jun 13, 2019 12:00 pm
Forum: Beginner Basics
Topic: Update to a specific version: CLI / CCR1009 [SOLVED]
Replies: 6
Views: 266

Re: Update to a specific version: CLI / CCR1009 [SOLVED]

When you have CCR1009-7G (and not 8G) you are not affected by the changes in the bridge/switch architecture (master-port to bridge migration) so that does not affect you. Maybe you have seen it happen in other MikroTik devices. Another recent change is in the IPsec configuration, but that would not ...
by pe1chl
Wed Jun 12, 2019 11:32 pm
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 25
Views: 825

Re: QoS prioritization only, without shaping?

I'm quite (but not completely) sure that there is no way of getting a UBNT client (no WDS) connected to a MikroTik AP (ap bridge) passing VLAN tagged traffic, and no config on the MikroTik AP side to be compatible with UBNT client WDS. What UBNT calls WDS is different from MikroTik WDS, it is more l...
by pe1chl
Wed Jun 12, 2019 10:49 pm
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 25
Views: 825

Re: QoS prioritization only, without shaping?

With the UBNT devices, do you use VLAN tagging only on ethernet and then strip it in the radio, or extend VLAN all over the WiFi link? I have not-so-good experience with the latter when it is not in PtP mode. Sometimes it works fine, sometimes it fails in strange ways. We extend the VLAN over the W...
by pe1chl
Wed Jun 12, 2019 7:11 pm
Forum: RouterBOARD hardware
Topic: Wireless wire 60Ghz default password
Replies: 25
Views: 5609

Re: Wireless wire 60Ghz default password

I've tried everything that is says to do but I still can not logon to the wireless wire " wrong username or password " The default password is on the label, isn't it? (I don't have a Wireless Wire myself but I understood that it is the first device to not use the old "admin"/"" default login after ...
by pe1chl
Wed Jun 12, 2019 7:10 pm
Forum: RouterBOARD hardware
Topic: Wireless wire 60Ghz default password
Replies: 25
Views: 5609

Re: Wireless wire 60Ghz default password

With old firmware this is easy. Just use the availabe winbox attacks that return the user/password information. With new firmware, not so easy.
by pe1chl
Wed Jun 12, 2019 7:02 pm
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 25
Views: 825

Re: QoS prioritization only, without shaping?

With the UBNT devices, do you use VLAN tagging only on ethernet and then strip it in the radio, or extend VLAN all over the WiFi link? I have not-so-good experience with the latter when it is not in PtP mode. Sometimes it works fine, sometimes it fails in strange ways. The problem with using "bridge...
by pe1chl
Wed Jun 12, 2019 11:09 am
Forum: General
Topic: Need Solution: How to get the maximum speed of my Connection from my MikrotikBoard 2011UiAS-2HnD [SOLVED]
Replies: 7
Views: 363

Re: Need Solution: How to get the maximum speed of my Connection from my MikrotikBoard 2011UiAS-2HnD [SOLVED]

But i don;t beliefve that a US$ 100 + router cannot give 400mbps internet speed where the less cost TP-Llink router even can give the speed... It is an old router. Maybe you bought it recently, but it was released in 2011, nearly 8 years ago. You cannot compare that to other devices that were devel...
by pe1chl
Wed Jun 12, 2019 11:01 am
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 25
Views: 825

Re: QoS prioritization only, without shaping?

If the wireless radio is not MikroTik, it will need to support QoS. Most wireless radios support QoS using CoS (vlan priority) which "set priority" on the router also sets. So if you are using a non-MikroTik radio your router will need to set priority with a mangle rule and tag the packet with a VL...
by pe1chl
Wed Jun 12, 2019 10:01 am
Forum: RouterOS v6 RC and v7 BETA
Topic: firewall src add and dst add
Replies: 38
Views: 3246

Re: firewall src add and dst add

What you want to do is not really possible for sites like that. It would work OK for sites that are hosted on their own server with one or a few IP addresses that are static. But when it is hosted on a CDN, you will have those issues. Not only will it fail to catch all possible connections because t...
by pe1chl
Tue Jun 11, 2019 8:48 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: firewall src add and dst add
Replies: 38
Views: 3246

Re: firewall src add and dst add

That is the issue that Sob mentioned above. You need to carefully read and understand it. Basically, this method is not going to work for what you want to do unless you use the MikroTik DNS resolver on all your internal systems. Having "the same DNS server" is NOT going to cut it! You need to have y...
by pe1chl
Tue Jun 11, 2019 1:18 pm
Forum: Beginner Basics
Topic: Update to a specific version: CLI / CCR1009 [SOLVED]
Replies: 6
Views: 266

Re: Update to a specific version: CLI / CCR1009 [SOLVED]

When you have a lot of CCRs, I don't recommend standardising on an older version. When you buy new ones, they will not be able to run the older version.
Running an older version would usually be motivated by the changes in the bridge/switch, and it does not apply to the CCR1009-7G anyway.
by pe1chl
Tue Jun 11, 2019 12:21 pm
Forum: Beginner Basics
Topic: Update to a specific version: CLI / CCR1009 [SOLVED]
Replies: 6
Views: 266

Re: Update to a specific version: CLI / CCR1009 [SOLVED]

Note that it is not possible to downgrade below the RouterOS version that came with the device.
Look in system->resources, at the bottom it says "factory software". That is the lowest version you can install.

Of course it is not advisable to run software that old. It has vulnerabilities.
by pe1chl
Tue Jun 11, 2019 11:40 am
Forum: RouterOS v6 RC and v7 BETA
Topic: firewall src add and dst add
Replies: 38
Views: 3246

Re: firewall src add and dst add

I think your use case is rarely used( most people i saw implement it use ip addresses instead of hostnames) Wait a moment! I use it all the time, for many different purposes! I cannot help that others type literal IP addresses. DNS is so much more convenient. W.r.t. your other suggestion: you have ...
by pe1chl
Sat Jun 08, 2019 9:25 pm
Forum: Scripting
Topic: Blacklist Filter (Development Topic)
Replies: 190
Views: 20238

Re: Blacklist Filter (Development Topic)

Please show a calculation of how much bandwidth per month you need per router using the service, and how much the cost for different amounts of bandwidth per month is.
by pe1chl
Sat Jun 08, 2019 12:43 pm
Forum: Scripting
Topic: Blacklist Filter (Development Topic)
Replies: 190
Views: 20238

Re: Blacklist Filter (Development Topic)

I regret to inform you all that I have shut down the servers. With over 35,000 routers hitting the server every few hours, and only 10 supporters (totally $50/month), the expenses are not even remotely being covered. I'm putting out almost $500/month now just in bandwidth costs. I'm curious how muc...
by pe1chl
Sat Jun 08, 2019 12:17 pm
Forum: General
Topic: Strange Mangle situation - Download fighting Upload [SOLVED]
Replies: 22
Views: 789

Re: Strange Mangle situation - Download fighting Upload [SOLVED]

I already told you that above: you should set the parent of the topmost items in the queue tree to the interfaces where you want the queue to operate. The queue tree only operates in the sending direction. So you attach the Upload queue tree to your internet interface, and the Download queue tree to...
by pe1chl
Fri Jun 07, 2019 8:58 pm
Forum: General
Topic: Strange Mangle situation - Download fighting Upload [SOLVED]
Replies: 22
Views: 789

Re: Strange Mangle situation - Download fighting Upload [SOLVED]

It is possible to use separate connection marks for upload and download based on incoming interface, but it is important that the matching rule includes the check for no-mark, so the mark is assigned only once (on the first match for the connection) and not overwritten later. The above example fail...
by pe1chl
Fri Jun 07, 2019 7:21 pm
Forum: General
Topic: Strange Mangle situation - Download fighting Upload [SOLVED]
Replies: 22
Views: 789

Re: Strange Mangle situation - Download fighting Upload [SOLVED]

It is possible to use separate connection marks for upload and download based on incoming interface, but it is important that the matching rule includes the check for no-mark, so the mark is assigned only once (on the first match for the connection) and not overwritten later. The above example fails...
by pe1chl
Fri Jun 07, 2019 5:36 pm
Forum: General
Topic: Strange Mangle situation - Download fighting Upload [SOLVED]
Replies: 22
Views: 789

Re: Strange Mangle situation - Download fighting Upload [SOLVED]

Either im doing something wrong or i hit into a mangle bug. I have read the wiki numerous times and try to read anything more i could find but here i am. You have made a "global" queue instead of attaching it to an interface. This sometimes has an application but usually it is not the best way. Che...
by pe1chl
Wed Jun 05, 2019 5:09 pm
Forum: General
Topic: Basic traffic prioritization
Replies: 8
Views: 358

Re: Basic traffic prioritization

Yes, this shows it works OK. By setting the pcq-upload-default you can equalize the bandwidth between users. But unfortunately, it is not possible to do that for download. You can trick it by setting a similar queue on your local network, also at a rate just lower than the download rate you should h...
by pe1chl
Wed Jun 05, 2019 4:13 pm
Forum: General
Topic: Basic traffic prioritization
Replies: 8
Views: 358

Re: Basic traffic prioritization

Let's for the argument sake say I set up a "voip" queue, and an "all-other-traffic". (I have marked my voip traffic with a mangle rule, so that's sorted.). Now I make a 2mb voip queue, how do i set that up so that the "all-other-traffic" consumes the rest of the bandwidth, but doesnt eat into the 2...
by pe1chl
Wed Jun 05, 2019 2:51 pm
Forum: General
Topic: Basic traffic prioritization
Replies: 8
Views: 358

Re: Basic traffic prioritization

For a start, let's make clear that you cannot really determine the priority used at the ISP side. It is up to the ISP to do that for you. A decent ISP that also offers VoIP will have done that, if not then you will be facing challenges. Limiting traffic is crucial. When you just pump out traffic at ...
by pe1chl
Wed Jun 05, 2019 11:48 am
Forum: General
Topic: ROS 6.38 serious DHCP server problem
Replies: 91
Views: 27002

Re: ROS 6.38 serious DHCP server problem

You cannot run DHCP over a pseudobrigde operated in reverse. (i.e. with the DHCP server at the station side and the DHCP client at the AP side), as you will encounter the problem you describe. However that is true for all WiFi equipment. In the "normal" situation of having the DHCP server at the AP ...
by pe1chl
Wed Jun 05, 2019 11:44 am
Forum: General
Topic: IPv6 transition mechanism
Replies: 71
Views: 4963

Re: IPv6 transition mechanism

Happy eye-balls sort out this problem in a matter of 150 ms, not 5 seconds, the problem is probably a failure in the ISP or content provider. Is the same as when you have IPv4 only and something fails, we need to realize that technical problema can be the same in IPv4 than IPv6 ! Happy Eyeballs doe...
by pe1chl
Tue Jun 04, 2019 2:11 pm
Forum: RouterOS v7
Topic: RouterOS v7.0 beta1 - when?
Replies: 523
Views: 122552

Re: RouterOS v7.0 beta1 - when?

Today we have a New mum. I Hope any news about Ros v7 or any improvement in router
I recently visited a MUM and there was no mention in the opening announcement, but the people at the MikroTik desk said "it will certainly be released before the end of the year".
They did not mention WHICH year.
by pe1chl
Tue Jun 04, 2019 10:33 am
Forum: RouterOS v7
Topic: RouterOS v7.0 beta1 - when?
Replies: 523
Views: 122552

Re: RouterOS v7.0 beta1 - when?

One could hope that after this experience MikroTik tries to limit the number of kernel patches and/or keeps an eye on kernel development and regularly updates the kernel patches so it becomes possible to change kernel revision in a minor v7 revision (e.g. 7.0.x to 7.1.x). If not, it will not take lo...
by pe1chl
Tue Jun 04, 2019 10:29 am
Forum: RouterBOARD hardware
Topic: RB750Gr3 - Report and questions
Replies: 112
Views: 30942

Re: RB750Gr3 - Report and questions

I think the first level of VLAN (in hardware) is used to emulate 5 ports on a chip that has only 2. When you configure ether1, ether2, ether3, ether4 and ether5 you are in fact internally configuring some VLANs that are mapped in the internal switch to exit on that specific port untagged. Now, when ...
by pe1chl
Mon Jun 03, 2019 11:41 pm
Forum: RouterBOARD hardware
Topic: More info about mUPS
Replies: 53
Views: 7971

Re: More info about mUPS

Such a charger normally operates in constant-current mode below a certain voltage, then clamps at a fixed voltage curresponding to fully-charged battery, where the current will drop. Hopefully not at 14.2v but more like 13.8v. Of course, a really good charger has more clever characteristics than tha...
by pe1chl
Mon Jun 03, 2019 11:35 pm
Forum: General
Topic: IPv6 transition mechanism
Replies: 71
Views: 4963

Re: IPv6 transition mechanism

Today 99% if not more of traffic is outgoing https (TCP port 443) connections and NPT is no problem at all for them. When being careful to ensure that the same client always gets the same external address (as long as both links are available), most applications will work fine. The exception is only ...
by pe1chl
Mon Jun 03, 2019 7:11 pm
Forum: General
Topic: IPv6 transition mechanism
Replies: 71
Views: 4963

Re: IPv6 transition mechanism

Indeed. At first I thought "maybe it is possible to use RA to advertise more than one prefix on each LAN and then the clients will pickup a random prefix and use that for the duration of their IPv6 dynamic address, or when there appears to be no connectivy, and then switch randomly to the other pref...