Community discussions

Search found 71 matches

  • 1
  • 2
by emikrotik
Mon Jul 16, 2018 2:56 pm
Forum: General
Topic: AWS - CHR Dual WAN?
Replies: 0
Views: 221

AWS - CHR Dual WAN?

Hello,

Does anyone have a working config for CHR running in AWS with dual WAN?

I would like to setup CHR at the edge of the VPC with 2 WAN interfaces with 2 Public IP addresses and 1 LAN interface.

Thank you,
by emikrotik
Mon May 14, 2018 11:13 am
Forum: General
Topic: Mangle rules layer 3 vs layer 4
Replies: 2
Views: 348

Mangle rules layer 3 vs layer 4

Hello, I have an issue with mark-connection being overwritten in my mangle rules. Please see below mangle rules; 361-363 are layer 3, PBR on source and destination IP Addresses. 361 chain=prerouting action=mark-connection new-connection-mark=GOOGLE DRIVE passthrough=yes dst-address-list=GOOGLE DRIVE...
by emikrotik
Wed Apr 11, 2018 7:19 am
Forum: RouterOS v6 RC and v7 BETA
Topic: PAP for Winbox Radius Logins
Replies: 7
Views: 2631

Re: PAP for Winbox Radius Logins

+1

Allows for better management.
by emikrotik
Tue Apr 03, 2018 10:53 am
Forum: Beginner Basics
Topic: Queues - SNMP oid
Replies: 0
Views: 297

Queues - SNMP oid

Hello, Can any one tell me what the values in the queues-in and queues-out snmp oid represent? name=.1.3.6.1.4.1.14988.1.1.2.1.1.2.559 bytes-in=.1.3.6.1.4.1.14988.1.1.2.1.1.8.559 bytes-out=.1.3.6.1.4.1.14988.1.1.2.1.1.9.559 packets-in=.1.3.6.1.4.1.14988.1.1.2.1.1.10.559 packets-out=.1.3.6.1.4.1.1498...
by emikrotik
Tue Mar 27, 2018 7:26 am
Forum: General
Topic: IPSec Strongswan configuration fails
Replies: 7
Views: 1730

Re: IPSec Strongswan configuration fails

Hi,

I had the same issue, I believe phase 2 doesn't rekey the SPI. I was not able to come up with a solution.
by emikrotik
Mon Jan 15, 2018 5:10 am
Forum: Beginner Basics
Topic: How to block SSH attackers after 3 bad logins?
Replies: 16
Views: 2366

Re: How to block SSH attackers after 3 bad logins?

Hi, Do you need to access your routes from outside of your network? Why not allow connection via ssh or winbox only from your lan subnet and block from all other sources? ;;; Allow Firewall Remote access chain=input action=accept src-address=<LAN subnet> ;;; Drop Firewall Remote access chain=input a...
by emikrotik
Wed Jan 03, 2018 10:40 am
Forum: General
Topic: CCR1036-12G-4S port bandwidth issue
Replies: 1
Views: 225

Re: CCR1036-12G-4S port bandwidth issue

Have you tried turning off auto-negotiate and setting 1Gbps full duplex?
by emikrotik
Wed Jan 03, 2018 10:27 am
Forum: General
Topic: Creating a computer network
Replies: 3
Views: 381

Re: Creating a computer network

Agree with the above post.

I would also not recommend using the CRS326 as a core router.
by emikrotik
Wed Jan 03, 2018 10:24 am
Forum: General
Topic: How to disconnect active SSH or Winbox or TCP session
Replies: 7
Views: 2145

Re: How to disconnect active SSH or Winbox or TCP session

Not sure if this will work?

Add a filter rule to drop connections from the source IP Address then then go to firewall > connections and delete the connection?
by emikrotik
Wed Jan 03, 2018 10:19 am
Forum: General
Topic: 2xWAN load balancing - how to do real failover?
Replies: 10
Views: 3440

Re: 2xWAN load balancing - how to do real failover?

Try specifying the routing table on the advanced tab of the ping tool.
by emikrotik
Wed Jan 03, 2018 9:58 am
Forum: General
Topic: Remote sniffing WAN traffic
Replies: 1
Views: 406

Re: Remote sniffing WAN traffic

I think ether5 is your WAN port? try changing the interface to your LAN port.
by emikrotik
Fri Nov 24, 2017 4:17 am
Forum: General
Topic: CRS326 not passing vrrp packets [SOLVED]
Replies: 1
Views: 263

Re: CRS326 not passing vrrp packets [SOLVED]

Upgrading the firmware from bugfix 6.38.7 to bugfix 6.39.3 resolved the issue;

*) switch - fixed multicast forwarding on CRS326;
by emikrotik
Thu Nov 23, 2017 8:29 am
Forum: General
Topic: CRS326 not passing vrrp packets [SOLVED]
Replies: 1
Views: 263

CRS326 not passing vrrp packets [SOLVED]

Hi, I am experiencing an issue where the CRS326 is not passing vrrp traffic. I have two CCR1036 configured with a vrrp interface. When I uplink the two CCR1036 to the CRS326 the vrrp interface on both CCR devices are running master. When I replace the CRS326 with a CRS125 or CRS225 vrrp traffic pass...
by emikrotik
Wed Nov 22, 2017 10:09 am
Forum: General
Topic: CRS125 vs CRS326
Replies: 3
Views: 978

CRS125 vs CRS326

Hello,

Does any one have a feature comparison between the CRS125 ( MIPS-BE ) vs CRS326 ( arm ).

I have noticed their is no eg. and in. vlan settings, ingress port policer .etc

Also when rebooting or resetting CRS326 the file system is formatted.


Thanks.
by emikrotik
Wed Nov 22, 2017 9:57 am
Forum: RouterBOARD hardware
Topic: CRS326-24G-2S+RM is dead?
Replies: 1
Views: 732

Re: CRS326-24G-2S+RM is dead?

Maybe it booted in to SwOS? try accessing via the web browser.
by emikrotik
Wed Nov 08, 2017 3:57 am
Forum: Virtualization
Topic: AWS CHR dst-nat to host name
Replies: 1
Views: 604

AWS CHR dst-nat to host name

Hello, I am running a CHR instance as the edge device for my VPC. I am hosting a web server behind CHR, I use a dst-nat rule to NAT the traffic to the server, I would now like to increase the scalability and implement a load balancer. When creating an ELB, you are given a hostname that resolves to a...
by emikrotik
Tue Sep 26, 2017 10:37 am
Forum: General
Topic: >1000 simple queues - how to update them all?
Replies: 7
Views: 3293

Re: >1000 simple queues - how to update them all?

Create a script and use a foreach loop to go through every queue.

:foreach i in=[/queue simple] do={
/queue simple set max-limit=10/10M numbers=$i
}
by emikrotik
Mon Sep 25, 2017 6:17 am
Forum: RouterBOARD hardware
Topic: CRS switch (CRS125) and wired RADIUS authentication
Replies: 2
Views: 765

Re: CRS switch (CRS125) and wired RADIUS authentication

Hello,

Were you able to achieve your desired configuration?
by emikrotik
Thu Sep 21, 2017 9:39 am
Forum: Virtualization
Topic: CHR ova 6.41rc31 downgrade to 6.38.7
Replies: 3
Views: 1485

CHR ova 6.41rc31 downgrade to 6.38.7

Hello,

Is it possible to load the CHR 6.41rc31 ova in to esxi and then downgrade to 6.38.7?

Thank you.
by emikrotik
Mon Aug 21, 2017 6:18 am
Forum: General
Topic: Sharing Bandwidth between 2 locations
Replies: 5
Views: 639

Re: Sharing Bandwidth between 2 locations

Hi,

What is the max throughput on the UBNT link?
by emikrotik
Wed Aug 16, 2017 3:05 am
Forum: Beginner Basics
Topic: Change "Check gateway" ping address on Routes?
Replies: 5
Views: 4032

Re: Change "Check gateway" ping address on Routes?

This is the script I use for multi wan auto failover This is very useful as the gateway is usually your ISP's CPE that is on premise but the ISP may be having an issue upstream. Netwach checks the host every 10 seconds If it goes down it will ping the host 10 times ( verify that it is really down an...
by emikrotik
Wed Aug 16, 2017 2:17 am
Forum: Beginner Basics
Topic: No Internet on Lan and some IP
Replies: 3
Views: 573

Re: No Internet on Lan and some IP

Hi,

Did you add a masquerade rule?

Did you add any filter rules to block access on port 8291?

Did you disable discovery? you should be able to plug your PC into any port and use winbox neighbours to discover the device.
by emikrotik
Fri Aug 11, 2017 5:46 am
Forum: General
Topic: 6.40 - removal of ipsec policy priority
Replies: 1
Views: 509

6.40 - removal of ipsec policy priority

Hello,

6.40
*) ipsec - removed policy priority;

What was the reason for removing priority?

Is there another feature that can achieve the same functionality? ( order of NAT bypass rules? )
by emikrotik
Mon Aug 07, 2017 10:06 am
Forum: Beginner Basics
Topic: Limit bandwitdh for IP range?
Replies: 2
Views: 1345

Re: Limit bandwitdh for IP range?

Sounds like you want to setup PCQ ( Per Client Queuing )
https://wiki.mikrotik.com/wiki/Manual:Queues_-_PCQ
by emikrotik
Wed Jul 26, 2017 2:17 am
Forum: General
Topic: Plz Help me
Replies: 4
Views: 697

Re: Plz Help me

Hi,

You will have to create source NAT rules.

/ip firewall nat add chain=srcnat src-address=10.0.0.1/24 action=src-nat to-addresses=192.168.2.1

/ip firewall nat add chain=srcnat src-address=10.0.1.1/24 action=src-nat to-addresses=192.168.1.1
by emikrotik
Mon Jul 24, 2017 3:08 am
Forum: Beginner Basics
Topic: Port Forwarding Woes :(
Replies: 8
Views: 1020

Re: Port Forwarding Woes :(

1 to 1 NAT ;;; RDP chain=dstnat action=dst-nat to-addresses=10.x.x.x to-ports=3389 protocol=tcp dst-address=x.x.x.x in-interface=sfp3 dst-port=3389 log=no log-prefix="" Port Redirection ;;; SSH chain=dstnat action=dst-nat to-addresses=10.x.x.x to-ports=22 protocol=tcp dst-address=x.x.x.x in-interfa...
by emikrotik
Mon Jul 24, 2017 3:05 am
Forum: Beginner Basics
Topic: Port Forwarding Woes :(
Replies: 8
Views: 1020

Re: Port Forwarding Woes :(

Sometimes, few common ports are silently blocked by the upstream providers,
Try PAT, Example forward port 55510 to your local server ip - port 3389
But why is that so that the common ports are blocked?
To stop people with residential Internet connections hosting mail servers .etc
by emikrotik
Thu Jun 22, 2017 6:40 am
Forum: Beginner Basics
Topic: Port Forwarding Woes :(
Replies: 8
Views: 1020

Re: Port Forwarding Woes :(

1 to 1 NAT ;;; RDP chain=dstnat action=dst-nat to-addresses=10.x.x.x to-ports=3389 protocol=tcp dst-address=x.x.x.x in-interface=sfp3 dst-port=3389 log=no log-prefix="" Port Redirection ;;; SSH chain=dstnat action=dst-nat to-addresses=10.x.x.x to-ports=22 protocol=tcp dst-address=x.x.x.x in-interfac...
by emikrotik
Thu May 18, 2017 9:10 am
Forum: Beginner Basics
Topic: Static Router Conf For CCR1036-12G-4S
Replies: 7
Views: 2990

Re: Static Router Conf For CCR1036-12G-4S

Hello all i also have the same kind of scenario but one thing is different i need to connect my ISP's fibre directly into my CCR-1036 12G-4S SFP port. How can i achieve this any idea i mean how do i configure my SFP port as a internet gateway and currently i have use my ether1 as DHCP server port a...
by emikrotik
Wed May 03, 2017 2:42 am
Forum: RouterBOARD hardware
Topic: Switch with 3 SFP+ port
Replies: 9
Views: 1714

Re: Switch with 3 SFP+ port

Yeah.. The Ubiquiti Edgeswitch 16 XG. This is exactly the type of thing I was looking for. Thanks,, Hmm. So Mikrotik did announce an SFP+ CRS huh? Maybe I will wait and see. Hope they don't take too long in releasing it. The Edgeswitch is ~550 USD ...within my range.. a little stretched but managea...
by emikrotik
Tue May 02, 2017 8:30 am
Forum: Forwarding Protocols
Topic: VRRP ipv6 vlan/crossover
Replies: 14
Views: 1122

Re: VRRP ipv6 vlan/crossover

Hello,

I had the same issue, I found it to be ARP.

I copied the MAC address on the toCore interface so they were the same on both devices and disabled / enabled the port when VRRP changed from master to backup on the script tab.

/interface ethernet set sfp1 mac-address=xx:xx:xx:xx:xx:xx;
by emikrotik
Thu Apr 13, 2017 8:27 am
Forum: General
Topic: DHCP Server performance?
Replies: 1
Views: 387

Re: DHCP Server performance?

I don't have experience with this, although my concern would be the high volume of writes to the flash disk. I do believe you can change the interval; /ip dhcp-server config store-leases-disk Personally I would lean towards running your DHCP server in CHR on a VM. Would imagine this is also more cos...
by emikrotik
Wed Apr 12, 2017 1:19 pm
Forum: General
Topic: CHR or CCR1036 12G 4S
Replies: 1
Views: 282

Re: CHR or CCR1036 12G 4S

Hello, Will you be purchasing devices for redundancies too? I currently use the CCR1009 in active / passive HA supporting 3 ISP's ( 150Mbps throughput ), ~400 users, 40+ IPSec tunnels, layer 7 filtering, mangle rules and queuing CPU usage for last 48 hours: http://imgur.com/QOZrLp5 I would like to t...
by emikrotik
Wed Apr 12, 2017 4:17 am
Forum: General
Topic: Logging how to turn off (fetch etc.) edit INFO action?
Replies: 6
Views: 1258

Re: Logging how to turn off (fetch etc.) edit INFO action?

Hi,

I don't completely understand your requirement.

You could customize your logging rule and add multiple parameters i.e add route change but exclude rip announcements;

Screenshot: http://imgur.com/Hk9Mkeh
by emikrotik
Fri Apr 07, 2017 3:40 am
Forum: Beginner Basics
Topic: Prioritize SSID on CapsMan
Replies: 2
Views: 453

Re: Prioritize SSID on CapsMan

Hi,

Do the SSID's have different subnets?

You could utilize mangle mark packet with simple queue and priority to achieve your goal.
by emikrotik
Fri Apr 07, 2017 3:31 am
Forum: RouterBOARD hardware
Topic: CRS317-1G-16S+RM - Hardware specification
Replies: 34
Views: 7096

CRS317-1G-16S+RM - Hardware specification

Hello,

Is there any news or draft spec on the hardware of the CRS317-1G-16S+RM and release date?

Will the CRS317 support VLAN ACL? and will it be suitable for use as a core switch in a high throughput network running a RIP, VRRP, bridge?

Thanks.
by emikrotik
Thu Feb 16, 2017 9:52 am
Forum: General
Topic: SFP Interfaces
Replies: 3
Views: 788

SFP Interfaces

Hello, I am using a CRS212 with two uplinks to a CRS226, I am using a S-31DLC20D on both sides from the CRS212 to the CRS226 SFP+ 1. Based the SFP comparability matrix; http://wiki.mikrotik.com/wiki/MikroTik_SFP_module_compatibility_table the S-31DLC20D are not compatible with the CRS226 SFP+ 2 port...
by emikrotik
Mon Jan 09, 2017 8:30 am
Forum: Announcements
Topic: v6.38 [current] is released!
Replies: 168
Views: 36312

Re: v6.38 [current] is released!

Strange Bug: After upgrading my CCR1009-8G-1S-1S+ from 6.37.3 to 6.38 the exported config mixed up the interface IDs: /interface ethernet set [ find default-name=ether 5 ] l2mtu=1520 name=ether 1 -kbd set [ find default-name=ether6 ] l2mtu=1520 name=ether2 set [ find default-name=ether7 ] l2mtu=152...
by emikrotik
Mon Jan 09, 2017 7:42 am
Forum: General
Topic: Public-Mikrotik-Bandwidth-Test-Server(s)
Replies: 561
Views: 396887

Re: 3.6 GIG - Public-Mikrotik-Bandwidth-Test-Server

Hope ya don't mind if I ask ... Would somebody happen to be running a CHR or 32-bit ROS on a Amazon Web Services (AWS) account ? This is not a problem. I just happened to look at who was connected to the 207.32.195.2 btest server and spotted a connection from AWS. My question for you, what kind of ...
by emikrotik
Thu Jan 05, 2017 1:14 am
Forum: General
Topic: Public-Mikrotik-Bandwidth-Test-Server(s)
Replies: 561
Views: 396887

Re: 3.6 GIG - Public-Mikrotik-Bandwidth-Test-Server

Hope ya don't mind if I ask ... Would somebody happen to be running a CHR or 32-bit ROS on a Amazon Web Services (AWS) account ? This is not a problem. I just happened to look at who was connected to the 207.32.195.2 btest server and spotted a connection from AWS. My question for you, what kind of ...
by emikrotik
Mon Nov 07, 2016 4:07 am
Forum: General
Topic: NIC-Teaming and Bonding
Replies: 2
Views: 987

Re: NIC-Teaming and Bonding

Hi,

Why do you need to have any configuration on Mikrotik? Can't you just create the switching group and then configure teaming on the OS?
by emikrotik
Mon Nov 07, 2016 4:01 am
Forum: General
Topic: Can not access remote Mikrotik Router over VPN
Replies: 2
Views: 495

Re: Can not access remote Mikrotik Router over VPN

As your routers are on different subnets to the LAN networks you will need to add phase two policies and NAT rules to establish connectivity. You won't be able to use /16 as both LAN networks are class C. As mentioned above check filter rules or allow access from Site A's public IP address and conne...
by emikrotik
Tue Aug 30, 2016 6:11 am
Forum: General
Topic: Export config renames interfaces
Replies: 1
Views: 294

Export config renames interfaces

Hi, I have a strange issue when I export the config the Interfaces are being renamed; set [ find default-name=ether5 ] comment="WAN1" name=ether1 set [ find default-name=ether6 ] comment="WAN2" name=ether2 set [ find default-name=ether7 ] comment="WAN3" name=ether3 set [ find default-name=ether8 ] c...
by emikrotik
Fri Aug 19, 2016 10:16 am
Forum: General
Topic: Block Ping request
Replies: 9
Views: 4760

Re: Block Ping request

Block ICMP packets and allow router to show as a hop on traceroutes;

/ip firewall filter add action=drop chain=forward disabled=yes icmp-options=8:0 protocol=icmp
by emikrotik
Wed Aug 10, 2016 10:38 am
Forum: General
Topic: Possible YouTube video ideas
Replies: 29
Views: 3459

Re: Possible YouTube video ideas

Packet flow and traffic control?

Different applications for simple queues and tree queues and how to setup PCQ.
by emikrotik
Wed Aug 10, 2016 9:56 am
Forum: General
Topic: DHCP Relay VLANs on RB751U-2HnD
Replies: 11
Views: 2640

Re: DHCP Relay VLANs on RB751U-2HnD

Hi,

Was there any solution to this issue?

I am having the same issue with using CRS226 as DHCP relay and having CRS125 as access switches.
by emikrotik
Mon Jun 20, 2016 8:06 am
Forum: RouterOS v7
Topic: Feature request: Stateful HA with Conntrackd
Replies: 30
Views: 6987

Re: Feature request: Stateful HA with Conntrackd

+1 would like to see this feature
  • 1
  • 2