Community discussions

MikroTik App

Search found 242 matches

by OKNET
Fri Jul 17, 2020 5:26 pm
Forum: General
Topic: Wanted switch....
Replies: 1
Views: 611

Wanted switch....

Mikrotik launched some interesting new hardware.
Anyway , there is still a lack of a 16 x Gigabit ports-PoE with SFP+ switch (when a netPower16P however has ben released for outdoor use)
CRS328-24P is too big in depth , where CRS112-8P has too few ports.
Still waiting for a mid-solution....
by OKNET
Fri Jan 17, 2020 5:26 pm
Forum: Scripting
Topic: Update after....two days
Replies: 5
Views: 2273

Re: Update after....two days

....I could set a daily "schedule1" to check if new version is availale, if yes, enable "schedule2" with interval 2days ,who launches update script. This script also disables "schedule2" itself, stopping updates unless "schedule1" finds a new version available. Surely there would a better and elegan...
by OKNET
Fri Jan 17, 2020 9:30 am
Forum: Scripting
Topic: Update after....two days
Replies: 5
Views: 2273

Update after....two days

I use a simple scheduled script to update my RB : /system package update check-for-updates once :if ( [get status] = "New version is available") do={ install etc etc How can I delay the update after i.e. two days the new version has been detected ? I.e. making the script to collect current date and ...
by OKNET
Wed Dec 11, 2019 12:13 pm
Forum: General
Topic: Dns queries question
Replies: 2
Views: 758

Re: Dns queries question

So, it seems common and safe.....
by OKNET
Tue Dec 10, 2019 9:38 am
Forum: General
Topic: Dns queries question
Replies: 2
Views: 758

Dns queries question

https://i.ibb.co/4TGZnLq/rbcli.jpg RB serving as gateway for a hundred smartphone clients RB is DNS/DHCP server In few hours I end up with many hundreds DNS cache entries like these : https://i.ibb.co/pv1TnrN/dns.jpg AP are WiFi routers indeed, and I continuously have dns queries from their ip addr...
by OKNET
Fri Oct 18, 2019 10:15 am
Forum: General
Topic: Passwordless SSH login FROM routerboard INTO debian [SOLVED]
Replies: 3
Views: 1112

Re: Passwordless SSH login FROM routerboard INTO debian

I've understood that private RSA key of client must be copied into ~/.ssh/authorized_key of server Just proven this works for a passwordless login from debian client to debian server. Now, what RSA key of mikrotik should I use to be copied into server authorized_key ?? If I cannot issue a RSA key fr...
by OKNET
Mon Oct 14, 2019 10:35 am
Forum: General
Topic: Passwordless SSH login FROM routerboard INTO debian [SOLVED]
Replies: 3
Views: 1112

Passwordless SSH login FROM routerboard INTO debian [SOLVED]

I need to login from routerboard (ssh client or ssh-exec) into a debian system without password. I have generated a RSA key pair into Debian system and copied both into ./ssh/authorized_keys I have copied those keys into routerboard and correctly imported When I try to login into Debian it still ask...
by OKNET
Thu Jul 25, 2019 3:19 pm
Forum: Announcements
Topic: v6.45.2 [stable] is released!
Replies: 206
Views: 53457

Re: v6.45.2 [stable] is released!

Not any direct method to access to flash neither ?
by OKNET
Thu Jul 25, 2019 2:15 pm
Forum: Announcements
Topic: v6.45.2 [stable] is released!
Replies: 206
Views: 53457

Re: v6.45.2 [stable] is released!

hAP lite has 32MB ram 16MB flash No way to update after deleting all files and rebooted more than once (had to try netinstall yet). The winbox method system->packages>CheckForUpdates, finds new version but "download and install button" refuses to appear (likely because of space issue). Previously h...
by OKNET
Mon Jul 22, 2019 6:05 pm
Forum: Announcements
Topic: v6.45.2 [stable] is released!
Replies: 206
Views: 53457

Re: v6.45.2 [stable] is released!

hAP lite has 32MB ram 16MB flash
No way to update after deleting all files and rebooted more than once (had to try netinstall yet).
The winbox method system->packages>CheckForUpdates, finds new version but "download and install button" refuses to appear (likely because of space issue).
by OKNET
Mon Jul 22, 2019 4:02 pm
Forum: Beginner Basics
Topic: New filter rules ?
Replies: 6
Views: 1473

New filter rules ?

Looking at filter rules after 6.45.2 hAP lite has been conf-resetted : 0 D comment=special dummy rule to show fasttrack counters chain=forward action=passthrough 1 comment=defconf: accept established,related,untracked chain=input action=accept connection-state=established,related,untracked 2 comment...
by OKNET
Mon Jul 22, 2019 11:54 am
Forum: Announcements
Topic: v6.45.2 [stable] is released!
Replies: 206
Views: 53457

Re: v6.45.2 [stable] is released!

Ok for manual extracting and install packages for hAP lite but....... what about next releases ? no more npk-upgradable ?

Is it ok to have 7,4 MB available out of 16 total ?
by OKNET
Fri Jul 12, 2019 11:34 am
Forum: General
Topic: Problem with inactive recursive routes
Replies: 1
Views: 513

Problem with inactive recursive routes

As per https://wiki.mikrotik.com/wiki/Advanced_Routing_Failover_without_Scripting : My actual routes: 0 A S comment=Failover gwa dst-address=0.0.0.0/0 gateway=10.17.13.1 gateway-status=10.17.13.1 recursive via 172.16.217.254 ether1 distance=1 scope=30 target-scope=10 routing-mark=to_WAN1 1 S comment...
by OKNET
Sat Jun 29, 2019 2:34 am
Forum: Beginner Basics
Topic: DDNS on a specific WAN
Replies: 0
Views: 675

DDNS on a specific WAN

A LAN device makes DDNS updates (www.noip.com)
Routerboard has two WAN (two ISP) , how can I force calls to www.noip.com to use a specific WAN ?
I cannot route by domain name...
by OKNET
Fri Jun 28, 2019 3:48 pm
Forum: Beginner Basics
Topic: How to switch immediately after a failover ?
Replies: 7
Views: 1712

Re: How to switch immediately after a failover ?

Actually, it seems to have not a great effect....
In which position should I place it among forward chain rules ?

Rather than notify client, shouldn't be more effective to cut out dead connections ?
by OKNET
Fri Jun 28, 2019 12:34 pm
Forum: Beginner Basics
Topic: How to switch immediately after a failover ?
Replies: 7
Views: 1712

How to switch immediately after a failover ?

Usual failover without scripting: https://wiki.mikrotik.com/wiki/Advanced_Routing_Failover_without_Scripting Once a virtual gateway is down due to loss of internet connectivity, the second gateway is immediately available but all old tcp connections (as seen in /ip firewall connection) are still up ...
by OKNET
Tue Nov 20, 2018 12:08 pm
Forum: General
Topic: Watchguard Firebox hardware and RouterOS?
Replies: 16
Views: 6784

Re: Watchguard Firebox hardware and RouterOS?

Just installed 6.43.4 into a X700 64MB CompactFlash and enabled LCD Nothing easier..... for an old unused HW X700 comes with a miniPCI slot equipped with an AV-SFB160 VPN accelerator card , once replaced with a Routerboard R52 found on my toolbox, it was immediately recognized and running .... Works...
by OKNET
Mon Oct 15, 2018 9:27 am
Forum: Virtualization
Topic: CHR license on router with no internet
Replies: 12
Views: 4605

Re: CHR license on router with no internet

Once the 60 days runs out there is no detriment to the OS, it carries on working fine apart from you cannot upgrade the software package any further. New to CHR, do you mean after trial period CHR still works at full speed and full capabilities but no more way to upgrade ?? I hope nobody choose thi...
by OKNET
Tue Oct 02, 2018 9:43 am
Forum: General
Topic: FTP port forwarding works only on one WAN
Replies: 9
Views: 1252

Re: FTP port forwarding works only on one WAN

Thank you for replies, So the issue is the double nat, and it doesn't happen in pppoe as the public IP is directly assigned to MT WAN interface Yes , all ports from public ip address are natted from router (10.0.10.1) to routerboard WAN (10.0.10.254) Connection mark for dual wan already done this wa...
by OKNET
Mon Oct 01, 2018 6:35 pm
Forum: General
Topic: FTP port forwarding works only on one WAN
Replies: 9
Views: 1252

FTP port forwarding works only on one WAN

FTP to port 2121 of both public ip addresses of two ISP connections , points to LAN ftp server, port 21 : add action=dst-nat chain=dstnat dst-port=2121 in-interface-list=WANs protocol=tcp to-addresses=192.168.1.100 to-ports=21 The connection works over a pppoe WAN with public ip address released to ...
by OKNET
Thu Sep 27, 2018 10:26 am
Forum: Scripting
Topic: Need to fix this update script:
Replies: 0
Views: 499

Need to fix this update script:

As described in https://forum.mikrotik.com/viewtopic.php?f=7&t=131039 I'm using this line to downlad new npk files into CAPs manager to be available to APs update (as "require same version") : /tool fetch address="download.mikrotik.com" mode=https src-path="/routeros/$newVer/routeros-mipsbe-$newVer....
by OKNET
Thu Jul 19, 2018 11:41 am
Forum: Wireless Networking
Topic: CAPsMAN restrict SSID to one band [SOLVED]
Replies: 8
Views: 2297

Re: CAPsMAN restrict SSID to one band [SOLVED]

I don't have any channel configuration. The fact you have an SSID configuration that matches a RADIO MAC address, means that configuration, thus that SSID will be used only on THAT radio. So 5GHz radio = aa:bb:cc:dd:ee:01 = config01 = SSID_A 2.4GHz radio = aa:bb:cc:dd:ee:02 = config02 = SSID_B simpl...
by OKNET
Mon Jul 16, 2018 4:33 pm
Forum: Wireless Networking
Topic: CAPsMAN restrict SSID to one band [SOLVED]
Replies: 8
Views: 2297

Re: CAPsMAN restrict SSID to one band [SOLVED]

That was, basically, what I suggested you to do...... :o You have chosen two provisioning rules , based on hw-supported-modes rather than mac-address of each radio.... Mine was: add action=create-dynamic-enabled master-configuration=cfg_5g name-format=identity radio-mac=6C:3B:6B:xx:xx:xx add action=...
by OKNET
Wed Jul 11, 2018 5:01 pm
Forum: Wireless Networking
Topic: CAPsMAN 5ghz
Replies: 9
Views: 14362

Re: CAPsMAN 5ghz

You must set a frequency for that channel, and make sure the relative extension channels don't fall in a restricted portion of band denied by your country regulatory domain (if set) or out of band at all.
by OKNET
Wed Jul 11, 2018 4:51 pm
Forum: Wireless Networking
Topic: CAPsMAN restrict SSID to one band [SOLVED]
Replies: 8
Views: 2297

Re: CAPsMAN restrict SSID to one band [SOLVED]

I have simply created two provisioning rules that match each Radio MAC (thus each band inside the same AP)

Each rule points to a different Master Configuration with its own SSID (no need for slave configuration, I use them for multiple SSID inside the same band if needed)
by OKNET
Wed Jul 11, 2018 4:35 pm
Forum: Wireless Networking
Topic: CAPsMAN + 10 AP
Replies: 2
Views: 716

Re: CAPsMAN + 10 AP

In Registration Table you will find the connected clients , not the APs.
by OKNET
Thu Jun 28, 2018 4:53 pm
Forum: General
Topic: L2TP failover
Replies: 3
Views: 549

Re: L2TP failover

Completely different subnets. However, I found a simple workaround: Since recent Ros versions, hostnames are allowed as L2TP client target, I've set an arbitrary domain name pointing to both addresses : /ip dns static add address=<ISP1_public_address> name=myl2tpserver.fail add address=<ISP2_public_...
by OKNET
Thu Jun 28, 2018 4:09 pm
Forum: General
Topic: L2TP failover
Replies: 3
Views: 549

L2TP failover

My MT L2TP server has tho different ip addresses from different ISP

How can the second ip address be used as failover from MT L2TP client ?
by OKNET
Thu Jun 28, 2018 9:36 am
Forum: Wireless Networking
Topic: 6.42.5 : w60g
Replies: 0
Views: 582

6.42.5 : w60g

ROs 6.42.5 : w60g - improved maximum achievable distance;

how much, generally, in percentage ?
by OKNET
Fri Jun 15, 2018 3:34 pm
Forum: Wireless Networking
Topic: 60Ghz 2.4km - possible?
Replies: 41
Views: 9394

Re: 60Ghz 2.4km - possible?

I wonder how many distortion reflections and attenuation has 1Km path in between modern buildings , and with bad weather conditions.... Probably something better can be expected in a longer unobstructed path (i.e. mountain to mountain , mountain to lowland, skyscrape to mountain etc...) manuzoli sai...
by OKNET
Fri Jun 15, 2018 12:48 pm
Forum: Wireless Networking
Topic: 60Ghz 2.4km - possible?
Replies: 41
Views: 9394

Re: 60Ghz 2.4km - possible?

Is it an unobstructed path ?

2,4Km link is a very short distance for clear path , unless 60GHz devices have some intrinsic limitation (they are 802.11ad devices).....
by OKNET
Wed Jun 13, 2018 11:55 am
Forum: Wireless Networking
Topic: [SOLVED] CAPSMAN + "Manager Forwarding Mode" + Tagged VLANs (=> use case: EDUROAM)
Replies: 14
Views: 4888

Re: [SOLVED] CAPSMAN + "Manager Forwarding Mode" + Tagged VLANs (=> use case: EDUROAM)

I have to do it in CRS125 but is confusing me: I have a bridge1 bonding all switch ports together as replacement of old master-port I have three vlan to bridge1: add interface=bridge1 name=vlan10 vlan-id=10 add interface=bridge1 name=vlan20 vlan-id=20 add interface=bridge1 name=vlan30 vlan-id=30 The...
by OKNET
Tue Jun 12, 2018 6:42 pm
Forum: General
Topic: Mikrotik RB3011 Question about Lans
Replies: 10
Views: 999

Re: Mikrotik RB3011 Question about Lans

Is PoE switch used for cameras purpose only ?
If so , you can assign a different LAN subnet (included the routerboard ethernet port it connects to) and filter its outgoing traffic in firewall.
by OKNET
Tue Jun 12, 2018 8:57 am
Forum: General
Topic: LCD Display causing packet loss... what???
Replies: 14
Views: 2832

Re: LCD Display causing packet loss... what???

It would be interesting to know if other products using LCD are affected this way.....
by OKNET
Mon Jun 11, 2018 9:16 pm
Forum: General
Topic: Need recommendations on a FAST mikrotik box (1Gb link)
Replies: 8
Views: 2536

Re: Need recommendations on a FAST mikrotik box (1Gb link)

Always good to know about others experience
So hap-ac2 is comparable if not better with 3011 ??
So it should be better than HEX or HEXs ?

Or is it quality vs price involved in your comparation ?
by OKNET
Mon Jun 11, 2018 8:05 pm
Forum: General
Topic: CAPsMAN and VLAN without local forwarding
Replies: 6
Views: 1737

Re: CAPsMAN and VLAN without local forwarding

Sindy, I admit CAPsMAN philosophy is a little tricky for unexperienced like me. I always used NO local forwarding, just all traffic controlled by manager (mostly wifi for some hotels) But they don't need VLANs yet, I'm doing some experiment in laboratory where are four VLANs I need a pair of SSID (m...
by OKNET
Mon Jun 11, 2018 7:53 pm
Forum: General
Topic: Need recommendations on a FAST mikrotik box (1Gb link)
Replies: 8
Views: 2536

Re: Need recommendations on a FAST mikrotik box (1Gb link)

Squeeze,
What about RB3011 in the list ?
by OKNET
Mon Jun 11, 2018 10:44 am
Forum: General
Topic: CAPsMAN and VLAN without local forwarding
Replies: 6
Views: 1737

CAPsMAN and VLAN without local forwarding

From what I understood, NO-local forwarding (or manager forwarding) causes the system to create new interfaces that pratically reflect the wireless interfaces of each AP. This requires a bridge (and only a bridge) to be declared as datapath in manager configuration. As I use VLANs , how can I set da...
by OKNET
Mon Jun 11, 2018 10:19 am
Forum: General
Topic: more vlan trunks on CRS125 ?
Replies: 4
Views: 791

Re: more vlan trunks on CRS125 ?

Thank you Artz, One thing is not clear to me from that wiki, look at "Port based VLAN" and "InterVLAN Routing" examples: The bridge, the ingress-vlan-translation and the egress-vlan-tag are the same. They differ in Vlan membership declaration. Port based VLAN uses "/interface ethernet switch vlan" I...
by OKNET
Fri Jun 08, 2018 3:21 pm
Forum: General
Topic: more vlan trunks on CRS125 ?
Replies: 4
Views: 791

Re: more vlan trunks on CRS125 ?

Thank you for link In wiki , switch1-cpu port is added to /interface ethernet switch egress-vlan-tag in each desired vlan Should I do the same for all ethernet ports intended to be vlan trunks carrying tagged vlans to other switches ? Should those ethernet ports be added to bridge anyway ? Thanks
by OKNET
Fri Jun 08, 2018 1:04 pm
Forum: General
Topic: more vlan trunks on CRS125 ?
Replies: 4
Views: 791

more vlan trunks on CRS125 ?

I followed https://wiki.mikrotik.com/wiki/Manual:CRS1xx/2xx_series_switches_examples , expecially inter-vlan routing On my CRS125 ports 1-21-22 are trunks carrying tagged vlans to three switches , ports 23 and 24 are WANs, the remaining ports (2 to 20) are members of VLAN10 untagged. As per wiki I s...
by OKNET
Thu May 24, 2018 3:56 pm
Forum: Wireless Networking
Topic: Again on WAP-AC PoE requirement
Replies: 7
Views: 1468

Re: Again on WAP-AC PoE requirement

Mikrotik devices simply are NOT fully 802.11af/at compliant. They might be compatible to some switches, yes. But they lack the support of all requirements. It seems they are missing galvanic isolation. wAP ac is an older product. New products are fully compatible. What do you mean for "new products...
by OKNET
Tue May 22, 2018 10:27 am
Forum: Wireless Networking
Topic: Again on WAP-AC PoE requirement
Replies: 7
Views: 1468

Again on WAP-AC PoE requirement

I'm still stuck and confused on PoE power requirement of wap-ac specifications say : PoE in 802.3af/at Some 802.3af switches can easily handle them, where other ones fail When running , wap-ac draws a ridiculos 4to8W any af PoE should be capable of....... Nobody has been able to tell me if PoE budge...
by OKNET
Tue May 22, 2018 9:58 am
Forum: General
Topic: Advanced Routing Failover without Scripting questions:
Replies: 3
Views: 1185

Re: Advanced Routing Failover without Scripting questions:

Since both are already used and I need a pair more (a pair for first wan and a pair for the second one) , what else do you suggest ??
by OKNET
Wed May 16, 2018 9:33 am
Forum: General
Topic: Port forwarding inside the same lan
Replies: 3
Views: 872

Re: Port forwarding inside the same lan

Sindy; thanks for clear explanation.
RoadkillX : so what's the entire rule ?
by OKNET
Tue May 15, 2018 1:07 pm
Forum: General
Topic: Port forwarding inside the same lan
Replies: 3
Views: 872

Port forwarding inside the same lan

I need to do a prot forwarding between machines on the same lan: packets from 192.168.1.0/24 machines to 192.168.1.1 on port 8080 (routerboard lan ip address) must be redirected to 192.168.1.10 on port 80 , so I tried add chain=dstnat action=dst-nat to-addresses=192.168.1.10 to-ports=80 protocol=tcp...
by OKNET
Tue May 08, 2018 5:16 pm
Forum: General
Topic: Advanced Routing Failover without Scripting questions:
Replies: 3
Views: 1185

Advanced Routing Failover without Scripting questions:

https://wiki.mikrotik.com/wiki/Advanced_Routing_Failover_without_Scripting Which internet hosts do you choose for ping check ?? (often, big companies change ip address or ping policies....resulting unreachable) Do you experience , sometimes, routes become "unreachable" despite you can ping hosts cor...
by OKNET
Thu May 03, 2018 8:56 pm
Forum: Wireless Networking
Topic: CAPsMAN how to keep .npk updated ? (Cap Manager auto-update)
Replies: 4
Views: 5738

Re: CAPsMAN how to keep .npk updated ? (Cap Manager auto-update)

Very probably I'm less expert in scripting than you... :D A said , I've copied some sources, and that sequence was done that way , probably , yes , it can be modified to do a firmware check and upgrade once routerboard has rebooted after a package upgrade (so I don't bother so much....new package to...
by OKNET
Wed May 02, 2018 11:27 am
Forum: Wireless Networking
Topic: CAPsMAN how to keep .npk updated ? (Cap Manager auto-update)
Replies: 4
Views: 5738

Re: CAPsMAN how to keep .npk updated ?

Basically I need to update .npk file for APs AUTOMATICALLY before Manager upgrade. Copying and mixing parts from some sources and wiki I'm ended with this simple working script : ############# create ap file directory: "apdir" ############# create the update schedule: /system scheduler add name=Auto...
by OKNET
Thu Apr 26, 2018 9:29 am
Forum: General
Topic: Auto upgrade wiki scripts fails
Replies: 2
Views: 921

Auto upgrade wiki scripts fails

As per wiki : /system package update check-for-updates once :delay 1s; :if ( [get status] = "New version is available") do={ install } running manually it says : channel: current current-version: 6.42 status: finding out latest version... input does not match any value of value-name Already tried to...
by OKNET
Fri Apr 20, 2018 9:05 am
Forum: Wireless Networking
Topic: Bridging the same subnet
Replies: 5
Views: 1265

Re: Bridging the same subnet

Ok for WDS, But I was surprised by wiki saying : The MPLS/VPLS approach has some advantages: VPLS tunnel is about 60% faster and less overhead than EoIP tunnel 802.11n speed is limited over WDS bridges, this method doesn't have such limitations It should be interesting to know which configuration ha...
by OKNET
Thu Apr 19, 2018 6:42 pm
Forum: Wireless Networking
Topic: Bridging the same subnet
Replies: 5
Views: 1265

Re: Bridging the same subnet

I'm again on this old post , thinking at this method over the "new" 802.11ac protocol: still valid for bridging the same subnet or something better is available ?

Thank you
by OKNET
Wed Apr 18, 2018 5:00 pm
Forum: Wireless Networking
Topic: So, what protocol to use in PtP link ?
Replies: 1
Views: 617

So, what protocol to use in PtP link ?

After latest discussions about NV2 quality for a Point to Point link, is it still the best protocol to be used ?
Thank you
by OKNET
Thu Apr 12, 2018 6:01 pm
Forum: General
Topic: two l2tp connections from same ip address
Replies: 7
Views: 5633

Re: two l2tp connections from same ip address

Yes , I'm using L2TP with IPsec

No tests made with plain L2TP
by OKNET
Thu Apr 12, 2018 4:57 pm
Forum: General
Topic: two l2tp connections from same ip address
Replies: 7
Views: 5633

Re: two l2tp connections from same ip address

Thank you
Hoping MikroTik staff take this in consideration for next firmwares
by OKNET
Tue Apr 10, 2018 3:50 pm
Forum: General
Topic: two l2tp connections from same ip address
Replies: 7
Views: 5633

two l2tp connections from same ip address

I have two routerboard behind the same ISP dsl router Each of them is configured to build an l2tp connection to THE SAME server (another routerboard device) so both come from with the same public ip address Each l2tp is configured with its own name, secret and remote address When the first l2tp sess...
by OKNET
Fri Apr 06, 2018 3:01 pm
Forum: General
Topic: Serial flow control
Replies: 4
Views: 664

Re: Serial flow control

Sindy, this have somewhat to do with my other post referring to USB port....

Do you mean that a generic USBtoSERIAL adapter (i.e. prolific2303) can be used for this scope and hardware flow control is still available ??
by OKNET
Fri Apr 06, 2018 2:56 pm
Forum: General
Topic: Controlling a remote USB device
Replies: 6
Views: 2088

Re: Controlling a remote USB device

But I suppose the purpose is for the only USB to serial data exchange. I would like to manage a smart device (a printer, an Arduino-like, etc etc ) connected to routerboard USB port , as if it was connected to my PC USB port (via a local virtual USB port client emulator ) I.e. I connect a printer to...
by OKNET
Fri Apr 06, 2018 11:00 am
Forum: General
Topic: Serial flow control
Replies: 4
Views: 664

Re: Serial flow control

I mean as per wiki : (e.g., some RouterBOARD models have reduced serial port functionality) My rb2011, rb3011, crs125-24g etc say "port does not support hardware flow control" : is it an "hardware" limitation of these machines ?? I need to control some devices that need hardware flow control....
by OKNET
Fri Apr 06, 2018 10:49 am
Forum: General
Topic: Controlling a remote USB device
Replies: 6
Views: 2088

Controlling a remote USB device

As interestingly proposed in https://wiki.mikrotik.com/wiki/Serial_Port_Usage , "Accessing a serial device as if it were physically connected to your PCs' COM port" section,
is it possible to achieve the same with a device connected to routerboard USB port ???
Thank you
by OKNET
Fri Apr 06, 2018 9:36 am
Forum: General
Topic: Serial flow control
Replies: 4
Views: 664

Serial flow control

Which routerboard models support hardware flow control on Serial0 ??
Thank you
by OKNET
Mon Feb 19, 2018 11:15 am
Forum: Wireless Networking
Topic: CAPsMAN how to keep .npk updated ? (Cap Manager auto-update)
Replies: 4
Views: 5738

CAPsMAN how to keep .npk updated ? (Cap Manager auto-update)

With CAP "require same version" upgrade policy, how can I keep .npk files for APs, AUTOMATICALLY updated to same version (latest) before I update manager ?

Thanks
by OKNET
Fri Dec 22, 2017 1:03 pm
Forum: General
Topic: SSH Mikrotik to Mikrotik
Replies: 7
Views: 2042

Re: SSH Mikrotik to Mikrotik

OK, Fill your "users wishlist" :)
by OKNET
Fri Dec 22, 2017 12:31 pm
Forum: RouterBOARD hardware
Topic: RB3011 no more POE on port eth10
Replies: 29
Views: 8395

Re: RB3011 no more POE on port eth10

Of RB3011 or unworking powered device ?
by OKNET
Fri Dec 22, 2017 12:21 pm
Forum: General
Topic: SSH Mikrotik to Mikrotik
Replies: 7
Views: 2042

Re: SSH Mikrotik to Mikrotik

It works !! Keys pair generated without passphrase, public+private imported into client with empty passphrase, public imported into server associated to desired user et voila' straight getting of remote router prompt without password. There is just a last insurmountable obstacle for now : the /syste...
by OKNET
Fri Dec 22, 2017 11:03 am
Forum: General
Topic: SSH Mikrotik to Mikrotik
Replies: 7
Views: 2042

Re: SSH Mikrotik to Mikrotik

Thank you for answering, Let me understand: I should export public key from CLIENT RouterOS to be imported into SERVER RouterOS, but exporting of public key is not possible So I have tried to export the private key ( ip ssh export-host-key ) converted into a public key by a linux machine (ssh-keygen...
by OKNET
Fri Dec 22, 2017 10:02 am
Forum: General
Topic: SSH Mikrotik to Mikrotik
Replies: 7
Views: 2042

Re: SSH Mikrotik to Mikrotik

No ideas ? I know forums behaviour so I can't pretend an answer, but I'm asking myself if : 1 my question is so simple that I should find myself the answer or 2 my question is too hard and very few know the answer for solution or 3 my question has no solutions At least a little answer for second or ...
by OKNET
Thu Dec 21, 2017 5:37 pm
Forum: General
Topic: SSH Mikrotik to Mikrotik
Replies: 7
Views: 2042

SSH Mikrotik to Mikrotik

I have succesfully established a SSH PASSWORDLESS connection from a linux client to a routerboard (server) using RSA key method.

Can I do the same from Mikrotik SSH client to Mikrotik SSH server ?

If yes, how to export keys from client machine ?

Thank you
by OKNET
Tue Dec 19, 2017 10:45 am
Forum: RouterBOARD hardware
Topic: RB3011 no more POE on port eth10
Replies: 29
Views: 8395

Re: RB3011 no more POE on port eth10

I have solved issue by replacing the SXT unit powered by 3011 Note that "suspected faulty" SXT is OK with its own injector, and powers up OK with few 3011 but KO with other 3011 units. It seems an edge situation where , anyway, 3011 PoE capability is at its limit. Unfortunately I can try no more tha...
by OKNET
Fri Dec 15, 2017 12:53 am
Forum: General
Topic: Need netwatch to execute a script on remote linux machine
Replies: 4
Views: 888

Re: Need netwatch to execute a script on remote linux machine

Let me ask it this way:

When admin@myrouterboard starts an ssh session to an external server, which private/public key is used ?

Thanks
by OKNET
Thu Dec 14, 2017 11:47 pm
Forum: Scripting
Topic: remote ssh via script
Replies: 52
Views: 37928

Re: remote ssh via script

Almost 2018 After years and years same issue (no single line ssh client connecting automatically to remote ssh server by script) At least , someone from mikrotik staff should clearly say : "it is not possible and it will be not possible because we don't want it to be possible" People still remain ha...
by OKNET
Tue Dec 12, 2017 10:47 am
Forum: Announcements
Topic: MikroTik used by Amazon in their cloud datacenters
Replies: 33
Views: 23400

Re: MikroTik used by Amazon in their cloud datacenters

Which is the biggest routerboard based system you know of ?
by OKNET
Mon Dec 11, 2017 6:11 pm
Forum: General
Topic: Need netwatch to execute a script on remote linux machine
Replies: 4
Views: 888

Re: Need netwatch to execute a script on remote linux machine

No one ? Let me explain better: First of all , is it possible to run ssh CLIENT commands from inside a routeros script ? If yes, assuming it is not possible to automate the ssh username/password mechanism, can routeros perform a passwordless client session to a remote linux machine using RSA key Is ...
by OKNET
Mon Dec 11, 2017 11:10 am
Forum: General
Topic: netwatch for mac addresses ??
Replies: 2
Views: 616

Re: netwatch for mac addresses ??

thanks !
by OKNET
Thu Dec 07, 2017 12:57 am
Forum: General
Topic: Need netwatch to execute a script on remote linux machine
Replies: 4
Views: 888

Need netwatch to execute a script on remote linux machine

I need to execute a script on a remote linux machine when a netwatch event is detected
Something like :
on up ,
/system ssh user=myuser password=mypassword command= /home/myuser/myscript.sh

It seems automated ssh login via script doesn't work

Any idea ?
by OKNET
Thu Nov 30, 2017 3:42 pm
Forum: General
Topic: Auth error sending mail
Replies: 0
Views: 357

Auth error sending mail

I'm trying to sen e-mail from within routeros with these parameters : address: <smtp_address> port: 587 start-tls: yes from: Mikrotik_Router user: <myusername> password: <mypassword> AUTH fails , smtp server answers back : Nov 30 14:39:33 mail postfix/submission/smtpd[9383]: connect from unknown[rou...
by OKNET
Thu Nov 30, 2017 3:08 pm
Forum: General
Topic: netwatch for mac addresses ??
Replies: 2
Views: 616

netwatch for mac addresses ??

I need for a script to be triggered each time a MAC address is listed , even for few seconds , in "wireless > registration" table
Netwatch works for ip addresses only, how to accomplish this ??
Thank you,
by OKNET
Thu Sep 21, 2017 3:23 pm
Forum: RouterBOARD hardware
Topic: RB3011 no more POE on port eth10
Replies: 29
Views: 8395

Re: RB3011 no more POE on port eth10

I'm using the original wall-power supply on my 3011 I do not understand if it is a local hardware issue, I'm checking now a new 3011 with a new sxt5ac on laboratory , and all is working fine , sxt is powered up at every cable connection..... The cable I'm using in faulty installation has been checke...
by OKNET
Thu Aug 24, 2017 5:54 pm
Forum: RouterBOARD hardware
Topic: RB3011 no more POE on port eth10
Replies: 29
Views: 8395

Re: RB3011 no more POE on port eth10

Same issue, I've bought a RB3011 to power my sxt 5 ac (RBSXTG-5HPacDr2) via eth10 PoE It has powered up correctly just one time after a lot of poe reset and cable disconnect and reconnect, it has lasted correctly up for days unless a package upgrade reboot has occourred No more became alive ! Ether1...
by OKNET
Fri Jul 21, 2017 3:28 pm
Forum: Wireless Networking
Topic: How 5ghz-a/n/ac works ??
Replies: 3
Views: 1523

Re: How 5ghz-a/n/ac works ??

Yes , it was an unsupported channel choice..... not an A/N/AC problem...
by OKNET
Thu Jul 13, 2017 9:34 am
Forum: Wireless Networking
Topic: Drop clients when signal is weak
Replies: 7
Views: 12432

Re: Drop clients when signal is weak

in capsman u can set signal limit if its gets too low that ap automatically kicks out that device and eventually device will connect to another ap with a better signal The downside is , on the area edge APs, clients kicked out but with no better AP to choose , are kicked out until they come back to...
by OKNET
Tue Jul 11, 2017 4:05 pm
Forum: Wireless Networking
Topic: How to reset mAp ?
Replies: 3
Views: 11037

Re: How to reset mAp ?

While checking, I have found three boot timing 1- Release button when ap/cap and wireless leds blink alternate , mAp starts in out-of-the-box mode: no access from lan , only unsecured wireless enabled 2- Release button when ap/cap led blinks fast , mAp starts in capsman mode (access anyway allowed f...
by OKNET
Tue Jul 11, 2017 10:10 am
Forum: Wireless Networking
Topic: How to reset mAp ?
Replies: 3
Views: 11037

How to reset mAp ?

What is the button timing procedure to reset mAp to nodefaults=yes without connecting to wireless ?
Thanks
by OKNET
Tue Jul 11, 2017 9:16 am
Forum: General
Topic: set a rule with dynamically learned parameters ?
Replies: 4
Views: 679

Re: set a rule with dynamically learned parameters ?

It seems feasible..... thank you
by OKNET
Mon Jul 10, 2017 3:06 pm
Forum: General
Topic: set a rule with dynamically learned parameters ?
Replies: 4
Views: 679

Re: set a rule with dynamically learned parameters ?

Sorry, I mean automatically rewrite those two rules into this machine (running dhcp client), each time a new IP LAN subnet has been released to it.
Without human operation.
by OKNET
Mon Jul 10, 2017 1:05 pm
Forum: General
Topic: set a rule with dynamically learned parameters ?
Replies: 4
Views: 679

set a rule with dynamically learned parameters ?

Consider these two firewall/nat rules : chain=srcnat action=netmap to-addresses=10.10.0.0/24 src-address= 192.168.1.0/24 out-interface=l2tp-out1 chain=dstnat action=netmap to-addresses= 192.168.1.0/24 dst-address=10.10.0.0/24 in-interface=l2tp-out1 192.168.1.0/24 is lan subnet address released to de...
by OKNET
Mon Jun 26, 2017 9:27 am
Forum: General
Topic: Masquerade for NetMap
Replies: 2
Views: 1122

Re: Masquerade for NetMap

Already tried.... doesn't work...


Errata:

It works ! ( I forgot to reset active connections while activating rule.....)

Thank you
by OKNET
Fri Jun 23, 2017 12:58 pm
Forum: General
Topic: Masquerade for NetMap
Replies: 2
Views: 1122

Masquerade for NetMap

Scenario: http://www.digiteltlc.com/public/mask.jpg Machines on 192.168.0.0/24 network must reach network 10.10.10.0/0 with a "virtual" address 192.168.5.X I.e. to connect to 10.10.10.100 I will enter 192.168.5.100 I have routed 192.168.5.0/24 through 10.0.0.2 endpoint and addedd two NetMap rules to...
by OKNET
Mon Jun 19, 2017 6:11 pm
Forum: Wireless Networking
Topic: How 5ghz-a/n/ac works ??
Replies: 3
Views: 1523

How 5ghz-a/n/ac works ??

I set wlan2 on my wap-ac to 5ghz-a/n/ac

A non-AC capable client cannot see its SSID.
On MT wlan status window, it is running channel 5180/20/ac

All ok if Band is set to 5ghz-A/N

How should I configure wlan in a wireless environment where older devices are present ???
by OKNET
Mon May 22, 2017 6:35 pm
Forum: General
Topic: Need a clarification on hotspot trial user
Replies: 7
Views: 2801

Re: Need a clarification on hotspot trial user (I'm Stuck)

Not able to solve the issue : I need trial users to have no time/bandwidth limits for 10-15 days (hotel guests) I have set up hotspot with these parameters : SERVER IdleTimeout 5 min. Server profile - Login by Cookie, Http Chap, Trial Http Cookie Lifetime 3 days Trial Uptime Limit 0 Trial Uptime Res...
by OKNET
Tue May 16, 2017 4:23 pm
Forum: General
Topic: Need a clarification on hotspot trial user
Replies: 7
Views: 2801

Re: Need a clarification on hotspot trial user

Sorry for this "up"

I've solved reloading the old backup (same identical configuration)

Probably some time limit expired and but cleared by restore ??

Any idea ??
by OKNET
Mon May 15, 2017 11:10 pm
Forum: General
Topic: Need a clarification on hotspot trial user
Replies: 7
Views: 2801

Re: Need a clarification on hotspot trial user

A bigger problem: Suddenly hotspot users (trial authentication) cannot get the login page thus they cannot turn into active user and navigate internet. They can get login page typing hotspot server ip address on web browser, after trial login, the hotspot user is created as well its cookie and it is...
by OKNET
Mon May 15, 2017 11:46 am
Forum: General
Topic: Need a clarification on hotspot trial user
Replies: 7
Views: 2801

Need a clarification on hotspot trial user

I need some explanations on hotspot and trial user settings: How does HTTP Cookie Lifetime work ? What does it happens when this timer expire ? On Hotspot server profile, a pair of timers where used , as per manual ; trial-uptime (time/time; Default: 30m/1d) Are they replaced now by two fields "Tria...
by OKNET
Thu Apr 27, 2017 5:34 pm
Forum: General
Topic: wap-ac PoE issue with Dlink switches , help needed please ! [solved...]
Replies: 20
Views: 3989

Re: wap-ac PoE issue with Dlink switches , help needed please !

Some way solved...... Replaced DGS1210-28P switch with DGS1100-26 M P (where MP stands for Max PoE) It has all ports 30W PoE capable ( 802.3at ) despite the fact wap-ac is a 12w max. device Once connected to this switch they drawn from 4 to 8 W each but Dlink DGS1210-28P 802.3af gigabit switch go ma...
by OKNET
Wed Apr 19, 2017 10:12 am
Forum: General
Topic: Failover without scripting issue with PPPoE: why and how to solve ?
Replies: 2
Views: 985

Re: Failover without scripting issue with PPPoE: why and how to solve ?

About WHY, I think the cause is described in wiki: Nexthops cannot be resolved through interface routes (i.e. routes that have interface index instead of gateway address as nexthop). Nexthops also cannot be resolved through unreachable routes (with type B, U, or P) even when they are active. They al...
by OKNET
Tue Apr 18, 2017 5:31 pm
Forum: General
Topic: Failover without scripting issue with PPPoE: why and how to solve ?
Replies: 2
Views: 985

Failover without scripting issue with PPPoE: why and how to solve ?

I always used this method with natted DSL routers : As earlier, first we need routes to our checking hosts: /ip route add dst-address=Host1A gateway=GW1 scope=10 add dst-address=Host1B gateway=GW1 scope=10 add dst-address=Host2A gateway=GW2 scope=10 add dst-address=Host2B gateway=GW2 scope=10 Then, ...
by OKNET
Tue Apr 18, 2017 4:18 pm
Forum: General
Topic: How to allow webfig to manager own password ?
Replies: 1
Views: 445

How to allow webfig to manager own password ?

I have created a new skin for a user "test" of a group "test" that loads its own skin "test".

How can I allow this user to change its own password from webfig in system->users while denying the view/modify of other users settings (expecially passwords) ???

I'm not able in skin configuration.....
by OKNET
Tue Apr 04, 2017 5:49 pm
Forum: General
Topic: wap-ac PoE issue with Dlink switches , help needed please ! [solved...]
Replies: 20
Views: 3989

Re: wap-ac PoE issue with Dlink switches , help needed please !

nz_monkey: is 2520-24 POE a gigabit switch ? This make me think about this: my wap-ac work correctly if connected to a pair of 802.3af switches (des1316 and srw224P) here in my lab , but they are 10/100 switches and poe supply involves 1,2,3,6 pins (checked , they power up with only these pins) Giga...
by OKNET
Tue Apr 04, 2017 3:23 pm
Forum: General
Topic: wap-ac PoE issue with Dlink switches , help needed please ! [solved...]
Replies: 20
Views: 3989

Re: wap-ac PoE issue with Dlink switches , help needed please !

Thanks,
How do you solved it ??
Is your issue still open ??

Just open a request to MT support, let's see if they can help me....
by OKNET
Tue Apr 04, 2017 12:57 pm
Forum: General
Topic: wap-ac PoE issue with Dlink switches , help needed please ! [solved...]
Replies: 20
Views: 3989

Re: wap-ac PoE issue with Dlink switches , help needed please !

All patch cables are new "straight" cat6 All palace cabling system was the previous used by other brand/model working access points (I just replaced the APs) As said, there is a strange behaviour on display active poe ports on switch maintenance page How much power does it show for those powered por...
by OKNET
Tue Apr 04, 2017 10:05 am
Forum: General
Topic: wap-ac PoE issue with Dlink switches , help needed please ! [solved...]
Replies: 20
Views: 3989

Re: wap-ac PoE issue with Dlink switches , help needed please !

Power budget is set to maximum (193w) Now I have 11 wap-ac connected to the switch but only four active : System Power Status Total PoE Power Budget 193 Power Used 20.5 Power Left 172.5 The percentage of system power supplied 10.6% But the remaining seven don't want to start..... unless unplug them ...
by OKNET
Mon Apr 03, 2017 6:16 pm
Forum: General
Topic: wap-ac PoE issue with Dlink switches , help needed please ! [solved...]
Replies: 20
Views: 3989

Re: wap-ac PoE issue with Dlink switches , help needed please !

At this point , the only reasonable choice is to make tests with a different brand/model switch.......
by OKNET
Mon Apr 03, 2017 6:03 pm
Forum: General
Topic: wap-ac PoE issue with Dlink switches , help needed please ! [solved...]
Replies: 20
Views: 3989

Re: wap-ac PoE issue with Dlink switches , help needed please !

Already tried to switch them All cables are unshielded All cables are CAT5e ! I hope this couldn't be the culprit !!! Anyway , for each single AP/cable , it powers up correctly , the problem is after some number of them is connected. Perhaps wap-ac are near to 802.3af Class3 limit : POE Power Class ...
by OKNET
Mon Apr 03, 2017 4:42 pm
Forum: General
Topic: wap-ac PoE issue with Dlink switches , help needed please ! [solved...]
Replies: 20
Views: 3989

Re: wap-ac PoE issue with Dlink switches , help needed please !

Today I've tried 6.37.5 as well as 6.39rc58 Nothing is changed in behaviour..... I would put the blame on switches malfunctioning, but other brands access-points power up at first shot regardless switches firmware..... Has anybody tried wap-ac with Dlink DGS series yet ?? Being sure it is an uncompa...
by OKNET
Sun Apr 02, 2017 12:50 pm
Forum: General
Topic: wap-ac PoE issue with Dlink switches , help needed please ! [solved...]
Replies: 20
Views: 3989

Re: wap-ac PoE issue with Dlink switches , help needed please !

So, it seems ROS version affects PoE.....

Any suggested version ??

Some 6.39rc or pre 6.38.5 ??
by OKNET
Sat Apr 01, 2017 8:57 pm
Forum: General
Topic: wap-ac PoE issue with Dlink switches , help needed please ! [solved...]
Replies: 20
Views: 3989

Re: wap-ac PoE issue with Dlink switches , help needed please !

You're right with DGS1210-28P specifications The problem. absurd, is exactly started on the first four ports : I was connecting WAP-AC sequentially on this port order: 1-2-3 5-6-7 9-10-11 all ok, 9 AP up and running I have connected the tenth one on port 4 and this first group (claimed capable of 30...
by OKNET
Fri Mar 31, 2017 8:36 pm
Forum: General
Topic: wap-ac PoE issue with Dlink switches , help needed please ! [solved...]
Replies: 20
Views: 3989

wap-ac PoE issue with Dlink switches , help needed please ! [solved...]

Just connected 11 wap-ac to a new Dlink DGS1210-28p Connecting one AP per time until 9 of them are up , at tenth PoE goes down on 4 ports ( it seems there are a "PoE grouping" each 4 ports 1-4 5-8 9-12 and so on...) As dlink power budget is 193w we are under power treshold. If I reboot the switch wi...
by OKNET
Tue Mar 28, 2017 10:43 am
Forum: Beginner Basics
Topic: A mangle rule is exhausting me....
Replies: 3
Views: 737

Re: A mangle rule is exhausting me....

Sorry for this "up" .... I'm trying to solve this issue I have when managing routerboard from "WAN" side : locally. ethernet, not over internet with a NATted dsl router : http://www.digiteltlc.com/public/r2.jpg From few presentation abut pcc I usually adopt: an accept rule to avoid marking for local...
by OKNET
Mon Mar 27, 2017 6:43 pm
Forum: Beginner Basics
Topic: A mangle rule is exhausting me....
Replies: 3
Views: 737

Re: A mangle rule is exhausting me....

It seems a routing take place inside the same "connected" network....why ?
by OKNET
Mon Mar 27, 2017 6:17 pm
Forum: Beginner Basics
Topic: A mangle rule is exhausting me....
Replies: 3
Views: 737

A mangle rule is exhausting me....

ether7: 192.168.1.1/24 /ip firewall mangle chain=input action=mark-connection new-connection-mark=WAN2_conn passthrough=yes in-interface=ether7 chain=output action=mark-routing new-routing-mark=to_WAN2 passthrough=no connection-mark=WAN2_conn /ip route dst-address=0.0.0.0/0 gateway=192.168.1.254 gat...
by OKNET
Mon Mar 27, 2017 2:53 pm
Forum: General
Topic: HotSpot and PCC
Replies: 0
Views: 421

HotSpot and PCC

In case I need to spread CAPsMAN-hotspot connectivity over more WANs using PCC method, can I go for the usual PCC rules ? what should I use as "in-interface" : the bridge one declared as datapath in CAPsMAN ???

Thank you
by OKNET
Fri Mar 24, 2017 3:44 pm
Forum: General
Topic: CAPsMAN auto frequency
Replies: 39
Views: 32257

Re: CAPsMAN auto frequency

Now, I have setup 6 of them controlled by manager with no frequency/channel set Radio 1 (2.4Ghz) are all six to 2442/20-Ce/gn Radio 2 (5GHz) all different frequencies Please can we have any clarification from MikroTik staff ?? Just to know if it is correct , it is a bug, etc. any sort of answer to k...
by OKNET
Fri Mar 24, 2017 9:46 am
Forum: Wireless Networking
Topic: wAP-AC loses a radio after CAP upgrade
Replies: 4
Views: 1019

Re: wAP-AC loses a radio after CAP upgrade

I realized it is (perhaps) a version issue : The out-of-the-box wAP-ac come with 6.35.4 ROs Disconnected from Manager (or auto-upgrade disabled) , each time I set them in CAP mode by power-on button , they enable ONE RADIO ONLY (2.4GHz) After upgrade to 6.38.5 they keep the one radio configuration b...
by OKNET
Fri Mar 24, 2017 9:15 am
Forum: Wireless Networking
Topic: wAP-AC loses a radio after CAP upgrade
Replies: 4
Views: 1019

Re: wAP-AC loses a radio after CAP upgrade

Yes, it seems a simple workaround But I don't understand why after ugrade Wap-AC restarts in single radio mode rather than dual-radio as it was before.... CAP mode remains , so ? Imagine a working environment; tomorrow I'll go for Manager upgrade, consequentially (wanted or by power loss) all workin...
by OKNET
Thu Mar 23, 2017 6:24 pm
Forum: Wireless Networking
Topic: wAP-AC loses a radio after CAP upgrade
Replies: 4
Views: 1019

Re: wAP-AC CAp-upgrade issue

Just...... I'm wondering if they will restart with a single radio at every further upgrade once all are installed :(
by OKNET
Thu Mar 23, 2017 5:57 pm
Forum: Wireless Networking
Topic: wAP-AC loses a radio after CAP upgrade
Replies: 4
Views: 1019

wAP-AC loses a radio after CAP upgrade

I'm configuring a 20 AP CAPs-MAN system using wAP-AC When I start each access point with button in CAPs mode, it is recognized by manager, the upgrade to required ROs is OK but the access point restarts (with new firmware) with only 2,4GHz radio managed by CAPsMAN (5GHz led turned off) I have to rep...
by OKNET
Wed Mar 22, 2017 4:22 pm
Forum: General
Topic: Sometimes a host is no more reachable inside the same Vlan...
Replies: 5
Views: 715

Re: Sometimes a host is no more reachable inside the same Vlan...

Hardware layer is OK and port enabled
It is absurd....... I remove device from ethernet port , connect a mini-switch to the same CRS port and device to mini-switch , all up and running.
I reconnect device again on same CRS port STOP ! arp= 00:00:00:00:00:00

:?
by OKNET
Tue Mar 21, 2017 10:11 am
Forum: General
Topic: Can i setup my mikrotik to auto select the best channel?
Replies: 3
Views: 1372

Re: Can i setup my mikrotik to auto select the best channel?

Sorry for "respawning" this very old post.... Normis, forgive me, but the question is one on "hit-parade" of the "answer you would have but you won't ask for" by most users.... I try to rephrase the question(s) in behalf of hundreds users: Is MikroTik wireless system (single AP or CAPsMAN) capable o...
by OKNET
Tue Mar 21, 2017 9:55 am
Forum: General
Topic: CAPsMAN auto frequency
Replies: 39
Views: 32257

Re: CAPsMAN auto frequency

Strange, it seems to select the same channel on all three AP when frequency set to auto. AP2 # managed by CAPsMAN # channel: 2412/20/g(30dBm), SSID: teknisk, CAPsMAN forwarding AP3 # managed by CAPsMAN # channel: 2412/20/g(30dBm), SSID: teknisk, CAPsMAN forwarding AP4 # managed by CAPsMAN # channel...
by OKNET
Tue Mar 21, 2017 9:23 am
Forum: General
Topic: CRS125 nice sfp issue....
Replies: 1
Views: 387

Re: CRS125 nice sfp issue....

Anyone could try himself on his lab ?
Is it just my issue ?
by OKNET
Mon Mar 20, 2017 10:03 am
Forum: General
Topic: CRS125 nice sfp issue....
Replies: 1
Views: 387

CRS125 nice sfp issue....

My CRS125-24G-1S has sfp1 configured as Vlan trunk connection to an HP1700-24 switch If I set sfp1 to disabled state, the relative led on MT sfp interface turns off while the HP side remains on !! The funny thing is Vlan trunk remains active with traffic flowing from MT to HP like nothing was done.....
by OKNET
Mon Mar 20, 2017 9:08 am
Forum: General
Topic: Sometimes a host is no more reachable inside the same Vlan...
Replies: 5
Views: 715

Re: Sometimes a host is no more reachable inside the same Vlan...

No, they have static ip address It seems strange this is an issue happening only to me..... Perhaps any macroscopic error somewhere in configuration ?? Too strange nobody has experienced something like this.. yesterday it was happened with ip-pbx machine (static ip adress) : machine unreachable from...
by OKNET
Fri Mar 17, 2017 6:35 pm
Forum: General
Topic: Sometimes a host is no more reachable inside the same Vlan...
Replies: 5
Views: 715

Sometimes a host is no more reachable inside the same Vlan...

I have a TP-Link access point and an Avaya ip phone that sometimes are no longer reachable. They are inside the same vlan as my pc Ip arp tabe says: IP_ADDRESS MAC ADDRESS 192.168.1.100 00:00:00:00:00:00 192.168.1.220 00:00:00:00:00:00 No results if I reboot devices or reboot routerboard If I remove...
by OKNET
Fri Mar 17, 2017 6:05 pm
Forum: Beginner Basics
Topic: Noob routing question
Replies: 5
Views: 663

Re: Noob routing question

All ok, it was an "accept" rule between two subnets, placed before masquerade one avoiding masquerade itself...... Assuming i have to access multiple occasional machines on 192.168.1.0/24 network, should rules like these work ? chain=srcnat action=masquerade dst-address=192.168.1.0/24 out-interface=...
by OKNET
Fri Mar 17, 2017 5:39 pm
Forum: Beginner Basics
Topic: Noob routing question
Replies: 5
Views: 663

Re: Noob routing question

Something like

chain=srcnat action=masquerade dst-address=192.168.1.100 out-interface=ether5 ???

because it doesn't work......
by OKNET
Fri Mar 17, 2017 4:48 pm
Forum: General
Topic: Can I have an HotSpot without login ?
Replies: 3
Views: 1578

Re: Can I have an HotSpot without login ?

You're right :oops:
Thanks
by OKNET
Fri Mar 17, 2017 4:42 pm
Forum: Beginner Basics
Topic: Noob routing question
Replies: 5
Views: 663

Noob routing question

Image


PC1 cannot ping PC2 because PC2 doesn't know how to route back (no default gateway)

Any workaround ??
by OKNET
Fri Mar 17, 2017 12:33 pm
Forum: General
Topic: Can I have an HotSpot without login ?
Replies: 3
Views: 1578

Can I have an HotSpot without login ?

Can I set up an HotSpot with a main login page and then access internet with no authentication ?

I.E. my restaurant welcome page and a "Ok, keep surfing internet" button ??

Thanks
by OKNET
Fri Mar 17, 2017 11:44 am
Forum: General
Topic: User Manager for arm
Replies: 2
Views: 972

Re: User Manager for arm

:shock:

So no User Manager for RB3011 .......

Not a great thing .....really
by OKNET
Thu Mar 16, 2017 5:10 pm
Forum: General
Topic: User Manager for arm
Replies: 2
Views: 972

User Manager for arm

Why User Manager package is not included in all_packages-arm-6.38.5.zip ??
by OKNET
Thu Mar 16, 2017 4:10 pm
Forum: Scripting
Topic: Hotspot user script ?
Replies: 0
Views: 559

Hotspot user script ?

Absolutely ignorant on scripting.... Wanted feature : To collect a cell.phone number from the HotSpot login page Generate a random hotspot username/password Send them via SMS back to the phone number to allow user login. First of all: Is it possible ? Any existing example or at least something to co...
by OKNET
Mon Mar 13, 2017 6:58 pm
Forum: RouterBOARD hardware
Topic: HAP AC
Replies: 540
Views: 151152

Re: HAP AC

Once HapAC is placed in CAPs mode, it is no more seen on /ip neighbor table
Turned back in stand-alone mode it is seen again
Is it a normal behaviour ?
by OKNET
Mon Mar 13, 2017 6:54 pm
Forum: RouterBOARD hardware
Topic: HAP AC faulty seriers - very poor LAN performance? (switch problem)
Replies: 77
Views: 28369

Re: HAP AC faulty seriers - very poor LAN performance? (switch problem)

How can I run LAN performance ?
Is btest software or /tool bandwidth-test enough ?

Thanks
by OKNET
Fri Mar 10, 2017 10:58 pm
Forum: General
Topic: Loadbalance or other option?
Replies: 9
Views: 878

Re: Loadbalance or other option?

Yu can eventually "weight" PCC between slow and fast wan : add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-type=!local in-interface=bridge-local \ new-connection-mark=ISP1_conn per-connection-classifier=both-addresses:5/0 add action=mark-connection chain=prerouting co...
by OKNET
Fri Mar 10, 2017 5:25 pm
Forum: The User Manager
Topic: Generating hotspot passwords and sending them via sms
Replies: 26
Views: 30637

Re: Generating hotspot passwords and sending them via sms

Any progress in this topic ???

Very interested in self-authentication by SMS
by OKNET
Fri Mar 10, 2017 5:17 pm
Forum: General
Topic: Autonomous hotspot authentication
Replies: 2
Views: 659

Re: Autonomous hotspot authentication

Let's make it simpler : A new customer connects to MT wifi network and login to hotspot portal page saying "enter your username/password or your phone number to get one" I have a working usb modem connected to routerboard already capable of sending SMS . Are there some exaples somewhere about how to...
by OKNET
Fri Mar 10, 2017 3:39 pm
Forum: General
Topic: Manage inter-vlan connections
Replies: 7
Views: 740

Re: Manage inter-vlan connections

Confirm, new order , it works !
by OKNET
Fri Mar 10, 2017 9:02 am
Forum: General
Topic: Manage inter-vlan connections
Replies: 7
Views: 740

Re: Manage inter-vlan connections

You're right, I must allow packets in both directions
It works , thanks
by OKNET
Thu Mar 09, 2017 11:39 pm
Forum: General
Topic: Autonomous hotspot authentication
Replies: 2
Views: 659

Autonomous hotspot authentication

I'm wondering if there is any way to setup a wifi hotspot without the need of human user manager management..... I.e. a new hotel customer connects to local wifi, it is not allowed to surf internet unless a local webpage or an e-mail gives him back a user-pass to be matched with user manager Or some...
by OKNET
Thu Mar 09, 2017 4:53 pm
Forum: General
Topic: Manage inter-vlan connections
Replies: 7
Views: 740

Re: Manage inter-vlan connections

Already tried. It doesn't work.

In this allow rule, packets counter increases while pinging a machine on another vlan but it increases as well on the next rule (the dropping one).
Any idea ?
by OKNET
Thu Mar 09, 2017 3:51 pm
Forum: General
Topic: More occasional dhcp servers.....
Replies: 0
Views: 233

More occasional dhcp servers.....

It happens, occasionally , to connect for testing, some routers having DHCP server enabled to our network in which resides the main DHCP server (RB3011)
Is there a way for the DHCP client that connects JUST THAT MOMENT :? to get dynamic ip address only from routerboard some way ??

Thank you
by OKNET
Thu Mar 09, 2017 12:53 pm
Forum: General
Topic: Manage inter-vlan connections
Replies: 7
Views: 740

Manage inter-vlan connections

Once switch1-cpu is involved in multiple Vlans for routing purpose, each Vlan can route to WAN by its own gateway Doing so, also inter-vlan is automatically enabled but this is unwanted. I've got to insert a filter rule on top of my forward ones : chain=forward action=drop in-interface=all-vlan out-...
by OKNET
Thu Mar 09, 2017 10:37 am
Forum: General
Topic: CRS Vlan 4095
Replies: 0
Views: 456

CRS Vlan 4095

I have the two ethernet ports with no master port defined and switch1-cpu port automatically bound to dynamic vlan 4095

Why is this and what's the purpose ?

Thanks
by OKNET
Wed Mar 08, 2017 3:18 pm
Forum: General
Topic: Default vlan ?
Replies: 2
Views: 736

Re: Default vlan ?

Many brands use Vlan1 as default interface
I was only ask if a "default" Vlan is present on mikrotik devices.

You made me curious: what's the problem in using Vlan1 ?

Thanks
by OKNET
Wed Mar 08, 2017 9:35 am
Forum: General
Topic: Default vlan ?
Replies: 2
Views: 736

Default vlan ?

Is there a default native VLAN in MT routerboard ?

Or should I declare a new Vlan (i.e. 1) and associate all needed ports to it ?

Thanks
by OKNET
Mon Mar 06, 2017 6:49 pm
Forum: General
Topic: RB3011 SFP
Replies: 3
Views: 1287

Re: RB3011 SFP

So it becomes :

Image


No more connected to a switch so no master/slave also , only aggregation by bridge, isn't it ?
by OKNET
Mon Mar 06, 2017 6:11 pm
Forum: General
Topic: l2TP/ipsec from win10 behind mikrotik to natted mikrotik [Solved]
Replies: 5
Views: 1141

l2TP/ipsec from win10 behind mikrotik to natted mikrotik [Solved]

Scenario: [Win10_l2tp/ipsec]--------crs125----------------(internet)----------------isp_router_full_natted_to_RB----------rb3011 From iPhone to rb3011 the l2tp/ipsec works immediately From Win10 behind crs125 , ike phase fails due to timeout Same credentials/secrets configured in both clients Please...
by OKNET
Mon Mar 06, 2017 3:54 pm
Forum: General
Topic: RB3011 SFP
Replies: 3
Views: 1287

RB3011 SFP

When I insert an SFP module into an RB3011, it is attached directly to the CPU and Switch2 lose its second GigaBit channel to CPU itself.
Is it right ??

So, SFP1, will made no more part of a switch and cannot be set as master or slave port of any other port.
Can you confirm this ?
by OKNET
Tue Jan 17, 2017 6:48 pm
Forum: Wireless Networking
Topic: Finding a suggestion on CAPsMAN config
Replies: 0
Views: 452

Finding a suggestion on CAPsMAN config

I'm testing CAPsMAN with pair of wAPac controlled by a rb2011 access point have both wlans and eth1 bound into a bridge 2011 have four managed cap interfaces and eth6 bound into a bridge where DHCP server is running eth6 is masqueraded to eth1 (WAN) all is working fine but..... is this the right way...
by OKNET
Tue Jan 17, 2017 11:27 am
Forum: General
Topic: Restore configuration issue on same device
Replies: 1
Views: 491

Restore configuration issue on same device

SXT G-5HPacD

Saved .backup file and restored into a new SXT G-5HPacD r2

Both machines 6.38.1

All seems ok, except wireless interface on the new unit is named wlan2 instead wlan1, it is disabled and radio parameters (band, channel width, frequency) NOT configured.

Is this normal ? Why ?
by OKNET
Wed Jan 04, 2017 3:02 pm
Forum: General
Topic: L2TP/IPSec for Road Warrior
Replies: 93
Views: 40565

Re: L2TP/IPSec for Road Warrior

And of course, a prerequisite is that you have the ability to manage firewall on your ISP's router and configure port forwarding to your MikroTik... All incoming internet traffic forwarded transparently to MikroTik WAN (that is a LAN for ISP router) I've tried tens of configurations The problem was...
by OKNET
Wed Jan 04, 2017 10:40 am
Forum: General
Topic: Rule check by cli
Replies: 4
Views: 707

Re: Rule check by cli

That works perfectly !!
Thank you
by OKNET
Wed Jan 04, 2017 1:25 am
Forum: General
Topic: L2TP/IPSec for Road Warrior
Replies: 93
Views: 40565

Re: L2TP/IPSec for Road Warrior

Ok probably mislead the question because of topic title......
I've simply asked here because I never had a definitive answer on the issue of a MT L2TP/ipsec server running behind a nat (and eventually a solution)
It's an old problem asked for by many of us without a firm answer.
by OKNET
Tue Jan 03, 2017 11:55 pm
Forum: General
Topic: L2TP/IPSec for Road Warrior
Replies: 93
Views: 40565

Re: L2TP/IPSec for Road Warrior

Mrz,
Can you confirm that mikrotik L2TP/ipsec server can't work behind NAT (i.e.NATted by ISP DSL router) when clients (road warriors) have dynamic IP addresses ??
by OKNET
Tue Jan 03, 2017 3:49 pm
Forum: General
Topic: Rule check by cli
Replies: 4
Views: 707

Re: Rule check by cli

Thank you
I've not well understood how to use it :

I have an external automated system that connects to routerboard via SSH , it has to know the rule state by a SSH command and expects a string as answer (true, false, enabled, disabled, 1, 0 etc etc)

How to achieve this ??
by OKNET
Mon Jan 02, 2017 2:13 pm
Forum: General
Topic: Rule check by cli
Replies: 4
Views: 707

Rule check by cli

Hi all , HNY

How can I check if a firewall filter rule is enabled or disabled by CLI ??
I mean a value has to be passed back to be used in a script

i.e. just a terminal command to get back an "enabled" or "disabled" answer about the rule with comment "MyParticularRule"

Thanks
by OKNET
Mon Dec 05, 2016 9:25 am
Forum: Wireless Networking
Topic: CAPsMan question
Replies: 3
Views: 975

Re: CAPsMan question

I mean, does CAP system analyze wireless environment then, accordingly, manage itself dynamically channels and power levels for best performance ?
Or is it only a Centralized CONFIGURATION controller (to be tuned by installer only once) ?
by OKNET
Fri Dec 02, 2016 3:38 pm
Forum: Wireless Networking
Topic: CAPsMan question
Replies: 3
Views: 975

CAPsMan question

Does CAP system dynamically manage power level and frequency of each controlled AP like other systems do ?

Thanks
by OKNET
Thu Dec 01, 2016 4:46 pm
Forum: Wireless Networking
Topic: Bridging the same subnet
Replies: 5
Views: 1265

Re: Bridging the same subnet

Quite old post....

Using this method , what's the difference other than "transparency" from bind wlan1 and ethernet into a local bridge in each unit ?? (bandwidth, latency ecc.)

Thank you !
by OKNET
Thu Dec 01, 2016 4:30 pm
Forum: Wireless Networking
Topic: NV2 vs NSTREME... Why the difference?
Replies: 16
Views: 17284

Re: NV2 vs NSTREME... Why the difference?

But....which basic settings for nstreme in ac environment ??

I've tried nstreme on a pair of QRT5ac P-P (bridge--stationbridge) but throughput is about an half than NV2 .....where I'm wrong ??

Do you refer to nstreme-dual ?
by OKNET
Thu Dec 01, 2016 12:21 am
Forum: Wireless Networking
Topic: 6.37.2 to 6.37.3 no more link on my bridge
Replies: 0
Views: 440

6.37.2 to 6.37.3 no more link on my bridge

A pair of sxt5ac bridge---station bridge running 6.37.2 exquisitely, a lot of planned reboots and link up in few seconds Upgraded station to 6.37.3 all ok , link back Upgraded bridge to 6.37.3 no more link, continuous channel scan and a lot of radar detected on whole spectrum , once decided to run a...
by OKNET
Thu Dec 01, 2016 12:10 am
Forum: Wireless Networking
Topic: QRT5ac throughput
Replies: 13
Views: 2133

Re: QRT5ac throughput

Thank you for tips
So, is it more affordable to run bandwidth client/server on two powerful PCs in place of CRS and 3011 ??
by OKNET
Wed Nov 30, 2016 12:42 pm
Forum: Wireless Networking
Topic: QRT5ac throughput
Replies: 13
Views: 2133

Re: QRT5ac throughput

Ethernet test means testing of the ethernet port. The test does not include Wireless communication which is usually slower than Ethernet. The Ethernet test shows performance of the unit itself, of it's CPU capability. Wireless test will depend on the environment, so we don't have such tests. Ahhhhh...
by OKNET
Wed Nov 30, 2016 12:06 pm
Forum: Wireless Networking
Topic: QRT5ac throughput
Replies: 13
Views: 2133

Re: QRT5ac throughput

Thank you for replies I'e played with bandwidth test in this setup : Crs125-24G-1S---------------QRT5ac<<<<<20mt>>>>>QRT5ac------------RB3011UiAS 192.168.1.254--------------192.168.1.10----------------192.168.1.20---------192.168.1.30 Test ran from Crs125-24G-1S QRT5ac bot with reduced power to achi...
by OKNET
Fri Nov 25, 2016 11:25 am
Forum: Wireless Networking
Topic: QRT5ac throughput
Replies: 13
Views: 2133

QRT5ac throughput

Ethernet test results published on brochure are intended one way ?? What should I expect for a full duplex comunication ? Can I use bonding of multiple QRT5ac for a point to point link to increase bandwidth ? (are radio channels interfering for close units ?) I was asked for a minimum guaranteed 1Gb...
by OKNET
Tue Nov 22, 2016 10:48 am
Forum: Beginner Basics
Topic: What's the best practice for configuring great number of capsman APs ?
Replies: 0
Views: 631

What's the best practice for configuring great number of capsman APs ?

Great number can be subjective , however they can be 10, 50 , 200 (an hotel, a shopping centre etc.) If I have to install them quickly out of the box after a site survey, what's the best practice ? I.e. collect all MAC addresses , install them, power them on and let the manager does the automatic pr...
by OKNET
Fri Nov 11, 2016 1:10 pm
Forum: General
Topic: Can you help me in failed ping ?
Replies: 4
Views: 860

Re: Can you help me in failed ping ?

Sorry, I mean "Left routerboard as well can ping printer but CANNOT ping right PC" Skuykend : there is no firewall enabled on both pc From right routerboard i can ping locally right pc , but I cannot from left one from its subnet through tunnel (gre-ipsec) to right pc I haven't tried , but I suppose...
by OKNET
Thu Nov 10, 2016 6:28 pm
Forum: General
Topic: Can you help me in failed ping ?
Replies: 4
Views: 860

Can you help me in failed ping ?

Scenario : http://www.digiteltlc.com/public/pr1.jpg Right windows PC has two ip addresses configured in its nic as well as right routerboard Right pc has a static route to reach system on the left Problem: Right PC can ping left PC Left PC can ping printer but CANNOT ping right PC Left routerboard a...
by OKNET
Thu Nov 10, 2016 6:21 pm
Forum: General
Topic: Can you help me in failed ping ?
Replies: 2
Views: 558

Can you help me in failed ping ?

Scenario :

Image
by OKNET
Mon Nov 07, 2016 4:58 pm
Forum: General
Topic: CAPsMAN info needed
Replies: 5
Views: 1020

Re: CAPsMAN info needed

pardon......

In case my AP get an IP address from Manager DHCP server (i.e. for management purpose) , how can wireless client get an IP address from A DIFFERENT POOL ??
by OKNET
Mon Nov 07, 2016 4:50 pm
Forum: General
Topic: CAPsMAN info needed
Replies: 5
Views: 1020

CAPsMAN info needed

I'm playing for first time with CAPsMAN successfully Just a pair of questions : In a L2 environment (all APs and Maager on the same switch) is of any utility to have controller as DHCP server and APs as DHCP clients ? Why ? If controller hasn't router function, and DHCP server resides on same LAN, c...
by OKNET
Mon Oct 31, 2016 5:16 pm
Forum: RouterBOARD hardware
Topic: wAP AC (General questions and experience)
Replies: 118
Views: 49357

Re: wAP AC (General questions and experience)

Is anybody aware of a different mounting solution for the wAP. My understanding is that the wAP is a broadcasting in a circle. If the wAP is mounted on a iron pipe (this is the only way in my situation to mount an AP on the jetties in our harbour) it (can) influence the broadcasting. If I can mount...
by OKNET
Fri Jul 29, 2016 11:01 am
Forum: General
Topic: feature request: add Port List to firewall
Replies: 35
Views: 10169

Re: feature request: add Port List to firewall

Yes, me too http://forum.mikrotik.com/viewtopic.php ... 1fa1a908bd
Hope to see it soon....
by OKNET
Thu Jul 28, 2016 2:29 pm
Forum: General
Topic: pcc and browser stall
Replies: 9
Views: 2112

Re: pcc and browser stall

Mrz, thank you,   as per wiki : Note that not all packets in a connection can be fasttracked, so it is likely to see some packets going through slow path even though connection is marked for fasttrack. This is the reason why fasttrack-connection is usually followed be identical action=accept rule. F...
by OKNET
Thu Jul 28, 2016 12:55 pm
Forum: General
Topic: pcc and browser stall
Replies: 9
Views: 2112

Re: pcc and browser stall

Just realized that this issue is related to the use of "fast track" feature added as rule in firewall filter , as in my recent post http://forum.mikrotik.com/viewtopic.php?f=13&t=110560

Unfortunately not yet an useful answer.... :( 
by OKNET
Thu Jul 28, 2016 10:28 am
Forum: Beginner Basics
Topic: I don't understand this simple mangle rule:
Replies: 14
Views: 2241

Re: I don't understand this simple mangle rule:

I'm not sure to have understood pe1chl suggestion : I actually have three table to choose in routing rules :  "main" , "to_WAN1" and "to_WAN2" "to_WAN1" and "to_WAN2" are the routing marks defined by PCC and added to each 0.0.0.0/0 route : dst-address=0.0.0.0/0 gateway=10.0.10.1 gateway-status=10.0....
by OKNET
Wed Jul 27, 2016 3:40 pm
Forum: Beginner Basics
Topic: I don't understand this simple mangle rule:
Replies: 14
Views: 2241

Re: I don't understand this simple mangle rule:

Clear !

Just choosen the routing rules instead now

If I have multiple LANs interfaces, should the routing rules have to be applied to that subnets also ??? 
Thank you
by OKNET
Tue Jul 26, 2016 5:57 pm
Forum: Beginner Basics
Topic: I don't understand this simple mangle rule:
Replies: 14
Views: 2241

Re: I don't understand this simple mangle rule:

Thank you for answers I connect only a single device to my wan interface , it is the ISP dsl router usually with the whole traffic natted to MT machine WAN so that connection has a /30 subnet and router IP adress is set as gateway in MT routing table (one router per wan) Can i omit that mangle rule...
by OKNET
Tue Jul 26, 2016 12:15 pm
Forum: Beginner Basics
Topic: Navigation issue with Fasttrack in conjunction with pcc
Replies: 6
Views: 2830

Re: Navigation issue with Fasttrack in conjunction with pcc

Fasttrack rule is the one included in basic firewall settings: add comment="accept ICMP" chain=input action=accept protocol=icmp  add comment="accept establieshed,related" chain=input action=accept connection-state=established,related  add comment="drop all from WAN" chain=input action=drop in-inter...
by OKNET
Mon Jul 25, 2016 5:30 pm
Forum: Beginner Basics
Topic: I don't understand this simple mangle rule:
Replies: 14
Views: 2241

Re: I don't understand this simple mangle rule:

Thank you for answers I connect only a single device to my wan interface , it is the ISP dsl router usually with the whole traffic natted to MT machine WAN so that connection has a /30 subnet and router IP adress is set as gateway in MT routing table (one router per wan) Can i omit that mangle rules...
by OKNET
Thu Jul 14, 2016 6:46 pm
Forum: Beginner Basics
Topic: I don't understand this simple mangle rule:
Replies: 14
Views: 2241

I don't understand this simple mangle rule:

In a double WAN environment /ip firewall mangle add action=accept chain=prerouting disabled=no dst-address=<WAN1_class> add action=accept chain=prerouting disabled=no dst-address=<WAN2_class> to exempt connected networks from the mangle chain but how do they really work ? what if it they are not pre...
by OKNET
Thu Jul 14, 2016 6:35 pm
Forum: General
Topic: Differences in mangle rules
Replies: 0
Views: 368

Differences in mangle rules

Please, consider these rules : /ipfirewall mangle addchain=forward connection-mark=no-mark in-interface=ISP_1action=mark-connection new-connection-mark=WAN1->LANs addchain=forward connection-mark=no-mark in-interface=ISP_2action=mark-connection new-connection-mark=WAN2->LANs addchain=prerouting conn...
by OKNET
Thu Jul 14, 2016 3:34 pm
Forum: Beginner Basics
Topic: Routing by destination port
Replies: 3
Views: 689

Re: Routing by destination port

I mean, the rule  chain=prerouting action=mark-routing new-routing-mark=to_WAN3  protocol=tcp  dst-port=8888 is it processed also when a packet comes from a LAN machine to a LAN machine (so connection fails because routed to WAN3) ?? I have just checked LAN to LAN connection on port 8888 works despi...
by OKNET
Thu Jul 14, 2016 3:12 pm
Forum: General
Topic: pcc and browser stall
Replies: 9
Views: 2112

Re: pcc and browser stall

It is very random... fortunately it happens in few percent of visited websites, i can't say if some site is more affected than another, it seems not. I'm checking now with both-addresses only , I'll let you know I will also check the per-bandwidth method as in http://mum.mikrotik.com/presentations/U...
by OKNET
Mon Jul 11, 2016 4:28 pm
Forum: General
Topic: pcc and browser stall
Replies: 9
Views: 2112

Re: pcc and browser stall

No good news yet, also a single user with a routing mark rule placed before PCC ones to bypass PCC mechanism, experience navigation issue It seems however that calls made trough a WAN doesn't get the right answer or answer through diferent wan here's my mangle rules : D chain=forward action=change-...
by OKNET
Fri Jul 08, 2016 12:03 pm
Forum: Beginner Basics
Topic: Routing by destination port
Replies: 3
Views: 689

Routing by destination port

I want to choose a particular WAN interface to be used for calls to particular destination ports in internet. In a rule like : chain=prerouting action=mark-routing new-routing-mark=to_WAN3  protocol=tcp  dst-port=8888 shoud I specify addresses not belong to my lan subnet ?  i.e. add   dst-address=!1...
by OKNET
Thu Jun 30, 2016 12:17 pm
Forum: Wireless Networking
Topic: PtP bandwidth check with a pair of SXT5ac
Replies: 1
Views: 793

PtP bandwidth check with a pair of SXT5ac

I have few PtP links with SXT 5 ac Once they are aligned how can I check link bandwidth ? I usually do a test with BandwidthTest tool, but the results are very different if I use UDP rather TCP and trasmit vs receive vs both. How should I set them ? What is the real bandwidth a customer can achieve ...
by OKNET
Thu Jun 23, 2016 1:03 pm
Forum: General
Topic: pcc and browser stall
Replies: 9
Views: 2112

pcc and browser stall

I use two wan PCC "loadbalancing" ( basically followed this method http://mum.mikrotik.com/presentations/US12/steve.pdf  ) Often pc web browsers hang with " waiting for website...." It doesn't happen if I disable a wan interface (no matter which one) I know there are issues with HTTPS sites using th...
by OKNET
Wed Jun 22, 2016 10:12 am
Forum: General
Topic: DNS entry question
Replies: 0
Views: 372

DNS entry question

I need to add a single static dns entry for <anything>.yyy.zz   as well as symply  yyy.zz

If entry is yyy.zz  a call to xxx.yyy.zz gives "unknown host"
If entry is .yyy.zz resolves <anything>.yyy.zz but not yyy.zz itself

What's the right syntax ?
by OKNET
Tue Jun 21, 2016 5:00 pm
Forum: Wireless Networking
Topic: Bridging the same subnet
Replies: 5
Views: 1265

Bridging the same subnet

There is a quite old document I follow when I have to bridge a subnet via wireless link:
http://wiki.mikrotik.com/wiki/Transpare ... using_MPLS
Is it still the best method ??
Thank you
by OKNET
Tue Jun 21, 2016 9:34 am
Forum: The User Manager
Topic: HotSpot printer
Replies: 3
Views: 5007

HotSpot printer

There are many hotspot commercial products that come with their own thermal printer to create user account and print voucher simply at a button press. There is one from Handlink claimed to work with routerOS hotspots But...how can I build my own printer system with my own  parts ?? A few considerati...
by OKNET
Mon Jun 13, 2016 4:42 pm
Forum: Scripting
Topic: Save a backup to FTP once it is done locally
Replies: 2
Views: 1034

Re: Save a backup to FTP once it is done locally

Already look at that script, but I was finding something to check existing backup date and , as soon it is modified (overwrited) locally, start the remote ftp upload.
But I'm not as smart with scripting  :(
by OKNET
Thu Jun 09, 2016 3:46 pm
Forum: Scripting
Topic: Save a backup to FTP once it is done locally
Replies: 2
Views: 1034

Save a backup to FTP once it is done locally

There are good scripts for FTP backup on the net.
But I need to upload configuration to remote FTP server immediately once a "system backup save name=" command is issued locally
How can it be done ???

Thank you
by OKNET
Mon May 30, 2016 9:35 am
Forum: General
Topic: How to check a PPPoE address ??
Replies: 0
Views: 354

How to check a PPPoE address ??

My ISP gives me a static IP address once PPPoE session is established. Sometimes, for unknown reasons we are cheching with ISP, PPPoE session gives back a wrong IP address and no internet connection is possible. For MT machine however, PPPoE is up and running , so it is valid as route (three wan her...
by OKNET
Mon May 30, 2016 9:25 am
Forum: General
Topic: Failover route out of PCC check
Replies: 0
Views: 315

Failover route out of PCC check

I'm using succesfully a 2 wan PCC outgoing connection I have some rules, before PCC ones, to force traffic toward specific addresses or ports to use WAN1 Now, for failover purpose, I need these last connections to use WAN2 IF WAN1 is not available. All this, however, has to be kept out of PCC mechan...
by OKNET
Fri May 27, 2016 5:35 pm
Forum: RouterBOARD hardware
Topic: Routerboard PoE
Replies: 3
Views: 752

Re: Routerboard PoE

I mean 802.3af/at PoE smart power supply, not the simple cable pair splitters (that however work).

NOT this:
Image
but this:
Image
by OKNET
Fri May 27, 2016 3:29 pm
Forum: RouterBOARD hardware
Topic: Routerboard PoE
Replies: 3
Views: 752

Routerboard PoE

Do routerboards for wireless applications support standard PoE power supply ??
I've always installed them with their simple pin 4-5 , 7-8 injectors.....
Thank you
by OKNET
Thu May 12, 2016 9:53 am
Forum: Beginner Basics
Topic: Question about rb2011 switches
Replies: 13
Views: 1560

Re: Question about rb2011 switches

Thank you. Does it affect performance this way ?? Is it better to leave switch2 (100Mb) alone without bridge and connect a port of gigabit switch to an external switch ?? I mean , in bridged solution, if two lan machine, each connected to a different rb2011 switch have to exchange a big amount of tr...
by OKNET
Wed May 11, 2016 5:25 pm
Forum: Beginner Basics
Topic: Question about rb2011 switches
Replies: 13
Views: 1560

Question about rb2011 switches

If I want all 10 ports to act as a single switch, I should set port 2-5 with eth1 as master and ports 7-10 with eth6 as master
Then bind port eth1 and eth6 with a local bridge.

Which device should I assign the IP address: eth1 or bridge ??

Thank you
by OKNET
Tue May 03, 2016 12:18 pm
Forum: Beginner Basics
Topic: A question about firewall behaviour :
Replies: 1
Views: 907

A question about firewall behaviour :

I setup my filters as per some info collected on this forum: add comment="accept ICMP" chain=input action=accept protocol=icmp add comment="IPSEC Passthrough" chain=input action=accept protocol=ipsec-esp add comment="IPSEC Passthrough" chain=input action=accept protocol=udp dst-port=500 add comment=...
by OKNET
Mon May 02, 2016 3:04 pm
Forum: General
Topic: Two LAN Two PCC routing
Replies: 0
Views: 441

Two LAN Two PCC routing

Let's assume we have four WAN and two LAN Each LAN has to use a pair of WAN bonded together with PCC method. How to route each LAN into the related paired WAN ?? Is Src. Address=<LanNetwork/24> in each PCC mangle rule enough for this ?? i.e.: chain=prerouting action=mark-connection new-connection-ma...
by OKNET
Tue Apr 19, 2016 10:55 am
Forum: Beginner Basics
Topic: Need your suggestion about maintenance tunnels management
Replies: 0
Views: 432

Need your suggestion about maintenance tunnels management

Scenario : multiple customer sites to manage, time to time no port forwarding to managed machines wanted on remote routers no software like teaviewer, ammyy etc I was thinking about vpn to each site (gre/ipsec or l2tp/ipsec) An In-site Mt device should place a tunnel call to main site (this to avoid...
by OKNET
Tue Apr 19, 2016 10:42 am
Forum: General
Topic: How to check a PPPoE gateway ??
Replies: 4
Views: 2238

Re: How to check a PPPoE gateway ??

Just realized that , however, that failover is intrinsic in pppoe connection.
In fact, if I disconnect dsl line or provider drops the connection, that route becomes inactive (gateway unreachable) as soon as MT is aware of, without the need of ping to anything....

Thank you anyway
by OKNET
Tue Apr 19, 2016 10:25 am
Forum: Beginner Basics
Topic: port list
Replies: 6
Views: 2100

Re: port list

OK so....wishlisted....

Thank you all
by OKNET
Mon Apr 18, 2016 11:48 pm
Forum: Beginner Basics
Topic: port list
Replies: 6
Views: 2100

Re: port list

I know about setting multiple ports or port range It would be interesting if I could add a port-list to multiple filrewall rules , thus modifying a single list all related rules should be affected in order to avoid each rule modification. I have just read an old (2008) post where someone ask for the...
by OKNET
Mon Apr 18, 2016 9:11 am
Forum: Beginner Basics
Topic: port list
Replies: 6
Views: 2100

port list

Is there a way to set a port list to be used in firewall rules ??
I mean something like address-list is already doing....just instead of using i.e. "src-port=10,20,80,10-200,5546-5580"
Thank you
by OKNET
Fri Apr 15, 2016 12:07 pm
Forum: Beginner Basics
Topic: Cannot ping a Lan device from MT
Replies: 3
Views: 897

Re: Cannot ping a Lan device from MT

Tried a second cascade switch , an ASUS GX10088 , it doesn't ping , while with the previous one (HP 1700-24) was OK

Image

Red= Eth connections

it seems an arp issue between phone and routeros...
by OKNET
Fri Apr 15, 2016 11:12 am
Forum: Beginner Basics
Topic: Cannot ping a Lan device from MT
Replies: 3
Views: 897

Re: Cannot ping a Lan device from MT

Sorry for UPs LAN machines can ping IP phone through MT switch, IP pbx too, so no issue with VOiP functionality. The problem is when phone reboots, it searches for router (the MT device) and hangs in "bad router" state because it doesn't receive back any answer from MT. IP phone has a little etherne...
by OKNET
Fri Apr 15, 2016 8:57 am
Forum: Beginner Basics
Topic: What is fasttrack ?
Replies: 12
Views: 12503

Re:

Imagine that it marks connection like mangle with do-not-process-by-firewall mark.
Ok, Thank you
by OKNET
Fri Apr 15, 2016 12:27 am
Forum: Beginner Basics
Topic: Cannot ping a Lan device from MT
Replies: 3
Views: 897

Re: Cannot ping a Lan device from MT

The curious thing: if i connect the IP phone to a second switch chain-connected to MT lan they ping together like a charm....
I have already tried to connect IP phone to a different ethernet port of MT (it is a 24 port , eth 2 to eth 20 set with eth1 as master port)
Any idea ?
by OKNET
Thu Apr 14, 2016 10:49 pm
Forum: Beginner Basics
Topic: Cannot ping a Lan device from MT
Replies: 3
Views: 897

Cannot ping a Lan device from MT

A mikrotik CRS and an IP phone on the same lan cannot ping each other, while all other machines on lan can ping both devices and vice-versa.
The MT arp table shows the IP phone with MAC address 00:00:00:00:00:00
Rebooted both MT and phone , same result.

Why is this and how can I solve it please ???
by OKNET
Thu Apr 14, 2016 10:42 pm
Forum: Beginner Basics
Topic: What is fasttrack ?
Replies: 12
Views: 12503

Re: What is fasttrack ?

Yes , it shows the benefits of fasttrack, but I still don't understand how it works.... :?
by OKNET
Thu Apr 14, 2016 5:37 pm
Forum: Beginner Basics
Topic: What is fasttrack ?
Replies: 12
Views: 12503

Re: What is fasttrack ?

Already read :shock:

Not so clear , why is a packet "fast-tracked" ?? who is fast-tracking it ?? what does it happen to a fasttracked packet ?

Some other source to learn from (or simply a brief explanation from one of you...) :D :D
by OKNET
Thu Apr 14, 2016 11:37 am
Forum: Beginner Basics
Topic: What is fasttrack ?
Replies: 12
Views: 12503

What is fasttrack ?

A very newbie question:

What is a fasttrack connection I've seen on basic filter rule ?

How does it work ? What mechanism is involved ??


thank you
by OKNET
Tue Apr 12, 2016 6:03 pm
Forum: General
Topic: How to check a PPPoE gateway ??
Replies: 4
Views: 2238

Re: How to check a PPPoE gateway ??

You're right, but I don't know my ISP gateway IP address. The public IP address released by ISP PPPoE server is what they call a /32 address ip , over an "unnumbered" ip interface (don't ask me if it is true or what do they mean.....) I can know the ISP first hop but i'm not sure if IT is the gatewa...
by OKNET
Mon Apr 11, 2016 2:18 pm
Forum: General
Topic: How to check a PPPoE gateway ??
Replies: 4
Views: 2238

How to check a PPPoE gateway ??

I have two gateways in a PCC balancing environment. One is an ethernet router and it is checked with check-gateway=ping The other one is a dsl modem and MT device provides PPPoE call (thus, getting the IP address from ISP) What's the method to check if PPPoE connection is available , for failover pu...
by OKNET
Thu Mar 31, 2016 11:05 am
Forum: Beginner Basics
Topic: Very newbie firewall question
Replies: 6
Views: 1017

Very newbie firewall question

What's the difference (behaviour and risk) between a wan incoming packet matching :

1 - a port blocked with a "drop" rule

2 - the same port opened but with no service answering/configured

??

Thank you
by OKNET
Tue Mar 22, 2016 11:33 am
Forum: General
Topic: Two dynamic IP ipsec peers
Replies: 7
Views: 1554

Re: Two dynamic IP ipsec peers

Do you mean multiple 0.0.0.0/0 peers with different encryption algorithm, ipsec secret etc ???
by OKNET
Tue Mar 22, 2016 10:20 am
Forum: General
Topic: Two dynamic IP ipsec peers
Replies: 7
Views: 1554

Re: Two dynamic IP ipsec peers

Pardon....
Just realized GRE tunnel has its own IPSEc section to generate a relatd policy....great

Anyway, what if different encription method are asked from dynamic peers ?
by OKNET
Tue Mar 22, 2016 10:15 am
Forum: Beginner Basics
Topic: Gre Tunnel hostname
Replies: 1
Views: 565

Gre Tunnel hostname

I've seen Gre Tunnel config accepts hostnames in "remote address" field other than ip address
Does it mean it works also this way ?? (6.34.3)
by OKNET
Tue Mar 22, 2016 10:12 am
Forum: General
Topic: Two dynamic IP ipsec peers
Replies: 7
Views: 1554

Two dynamic IP ipsec peers

What if I need two incoming ipsec connection from two peers having each a dynamic ip address and different services ?

i.e. a roadwarrior L2TP client and a GRE over IPsec tunnel from a dynamic source each with different encryption method ?

Thanks
by OKNET
Mon Mar 21, 2016 5:17 pm
Forum: Beginner Basics
Topic: More subnets on the same switch
Replies: 5
Views: 881

Re: More subnets on the same switch

I need to start L2TP server
L2TP pool is on the LAN subnet
Now, how can a L2TP client reach all machines on lan without using proxy-arp (because of issue above)???
by OKNET
Fri Mar 18, 2016 9:03 am
Forum: Beginner Basics
Topic: More subnets on the same switch
Replies: 5
Views: 881

Re: More subnets on the same switch

Very satisfactory answer !

proxy-arp was for old pptp sessions, no longer needed, removed

All ok now

Thank you
by OKNET
Thu Mar 17, 2016 6:47 pm
Forum: Beginner Basics
Topic: More subnets on the same switch
Replies: 5
Views: 881

Re: More subnets on the same switch

P.S. proxy-arp is enabled on eth1
by OKNET
Thu Mar 17, 2016 6:35 pm
Forum: Beginner Basics
Topic: More subnets on the same switch
Replies: 5
Views: 881

More subnets on the same switch

I have a strange behaviour , perhaps correct , explain me about.... My eth1 is 192.168.1.1/24 eth2 to eth5 have eth1 as master port My windows machine 192.168.1.100 is connected to eth2 (192.168.1.1 default gateway) If I connect a 10.0.0.5/24 machine on eth3 and add a 10.0.0.100 secondary address to...
by OKNET
Tue Nov 17, 2015 6:06 pm
Forum: General
Topic: Winbox closes when reduced to taskbar icon
Replies: 0
Views: 541

Winbox closes when reduced to taskbar icon

Yesterday I've downloaded the latest winbox on Mikrotik site I realize that it closes itself when I reduce it to a taskbar icon while a terminal running a ping is opened. Is it intentional or is it a bug (or my pc bug.... I'm running Windows10 on this one...) ?? Anyone experiencing something like th...
by OKNET
Fri Nov 06, 2015 10:12 am
Forum: General
Topic: A question about PCC rule
Replies: 0
Views: 469

A question about PCC rule

A pcc rule sequence usually is : add chain=prerouting dst-address-type=!local in-interface=ether1 per-connection-classifier=both-addresses­-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn add chain=prerouting connection-mark=WAN1_conn in-interface=ether1 action=mark-routing new-ro...
by OKNET
Thu Nov 05, 2015 5:32 pm
Forum: General
Topic: Two lan subnet sharing same PCC gateways
Replies: 0
Views: 477

Two lan subnet sharing same PCC gateways

I think I have my single lan to dual gateway PCC mechanism working OK at last..... Now, what if I add a second lan subnet on a second ethernet interface and need to use the same PCC /gateways ??? Is it enough I add a pair of rules with the new ETH but the same connection mark ?? i.e. : (existing rul...
by OKNET
Tue Nov 03, 2015 9:13 am
Forum: General
Topic: Strange 60seconds packet loss
Replies: 3
Views: 545

Re: Strange 60seconds packet loss

I've forgotten to mention the static route is because this connectivity is not the main of routerboards system the default route 0.0.0.0/0 is routed to a different (internet) router attached to eth2 on each routerboard. I'm waiting for ISP to check for interruction from inside their routers , but so...
by OKNET
Mon Nov 02, 2015 4:09 pm
Forum: General
Topic: Strange 60seconds packet loss
Replies: 3
Views: 545

Strange 60seconds packet loss

I have three sites, each of them has an ADSL isp router with its "LAN" ethernet connected to RB2011UiAS "WAN" ethernet All ports and protocols are transparently forwarded from router dsl interface static pubblic ip address to routerboard "WAN" ipaddress. I have opened two terminals each routerboard ...
by OKNET
Thu Sep 17, 2015 10:20 am
Forum: General
Topic: PPTP + PCC : how ?
Replies: 2
Views: 619

Re: PPTP + PCC : how ?

Something similar as well.... I have three PCC WANs but PPTP works only connecting to the third one... I tried something found here around, like : add chain=prerouting protocol=gre action=accept add chain=prerouting protocol=tcp dst-port=1723 action=accept or even add chain=prerouting dst-address-li...
by OKNET
Thu Sep 10, 2015 3:02 pm
Forum: General
Topic: PPTP + PCC : how ?
Replies: 2
Views: 619

PPTP + PCC : how ?

Hi
I can't get client connection to routerboard PPTP server running PCC loadbalancing.
I'm trying PPTP connection from internet to the first of three wan "bound" with PCC , I suppose the PCC mechanism is the cause of the issue.
How can I solve this ?
Thank you
by OKNET
Mon Aug 10, 2015 6:11 pm
Forum: General
Topic: Let me understand this PCC thing....
Replies: 5
Views: 1160

Re: Let me understand this PCC thing....

Unfortunately I can work only "at my home" , not ISP or datacenter, so I'll go for using PCC the best way it can offer... Any user reading here can suggest me a practical example on how to bypass the PCC load balancing mechanism for the only HTTPS traffic ?? (which firewall rule and where to place i...
by OKNET
Thu Aug 06, 2015 7:17 pm
Forum: General
Topic: Let me understand this PCC thing....
Replies: 5
Views: 1160

Re: Let me understand this PCC thing....

Thanks for reply I supposed that....unfortunately no bonding possibilities are offered by ISP But....I'm asking myself how can I accomplish this (and yes it's ok) with systems like PfSense or pieces of hardware like Lancom routers (you'll know as they're german). It seems no breaking issues are pres...
by OKNET
Thu Aug 06, 2015 12:38 pm
Forum: General
Topic: Let me understand this PCC thing....
Replies: 5
Views: 1160

Let me understand this PCC thing....

I have read beginner wiki : http://wiki.mikrotik.com/wiki/How_PCC_works_(beginner) From what I have understood, PCC is a method to mathematically extract a marker from a combination of parameters (addresses and ports, src-dst) and use this marked packed to be routed over a specific WAN connection. T...
by OKNET
Thu Aug 06, 2015 12:16 pm
Forum: General
Topic: Two subnet, two default gateway
Replies: 3
Views: 12270

Re: Two subnet, two default gateway

I was been away for a time.

Van , let me thank you now... :D

Very helpful
by OKNET
Wed Jun 24, 2015 2:43 pm
Forum: General
Topic: Two subnet, two default gateway
Replies: 3
Views: 12270

Re: Two subnet, two default gateway

Any suggestion ? It makes me think question is too much simple one can imagine I can sove it myself....(perhaps you're ok.. :? ) When I add a new route , I can set a dst address and a gateway , but no a source address or network, It would be easy if one can set source a.a.a.a/24 dst 0.0.0.0/0 gatewa...
by OKNET
Mon Jun 22, 2015 9:31 am
Forum: General
Topic: Two subnet, two default gateway
Replies: 3
Views: 12270

Two subnet, two default gateway

I have to manage two different lan subnet with the same routerboard device, each one with its default gateway (0.0.0.0 route) i.e. : eth1 192.168.1.1 (default gateway for this lan) 0.0.0.0/0.0.0.0 routed to 10.0.0.254 attached to eth2 (10.0.0.1) eth3 192.168.2.1 (default gateway for this lan) 0.0.0....