MikroTik

acruhl

This might be simple, I just don't know where to start. This is hypothetical for now, but it might become reality. There are some sites attached to each other through ipsec tunnels over the internet, let's call it 192.168.200.0/20. It's happening above my router. I just have a single uplink to the d...

acruhl

I got a news article about this today through my Google feed. I immediately realized that this is a problem that has been fixed a while. But I agree a short new blog post pointing to the earlier post would reduce confusion. People would be coming here looking for new information. I hope it's clear t...

acruhl

No luck with the null cable either.

I'll try some other stuff unless you see something I missed in the output.

acruhl

Thanks for the clarification. Yes I am trying to log into the MikroTik's serial port, not log out from it. Ok, based on this info I probably need a null modem cable. Everything else I tried is not working so that makes the most sense. I tried 115200 and that didn't work so the next step is to try th...

acruhl

I just bought an RB450Gx4 to play with. It's pretty nice. Except I can't get the serial console working. This is my first ever attempt to connect to a MikroTik by serial cable, but far from my first time using a serial device (I've been around a bit). Searching didn't help much. I'm sure this is a s...

acruhl

I should have said that I'd like to use MetaROUTER, which I think is not possible on arm yet? Does it work on PPC?

You can't always have it all I suppose.

acruhl

This post seems like it's getting off topic so I might start another one. I'm looking at the RB850Gx2 and thinking I'd like to use it. But it seems like it might be the last, or nearly the last PPC based board available. If so, will RouterOS support for PPC end shortly after the last PPC based board...

acruhl

Forget what I said about VRRP if you're trying to use PCC. I didn't see that. If you absolutely need to use both uplinks to get enough bandwidth, then PCC is correct. If not, a master/backup failover setup would be more reliable. I have much better luck with users if the know the uplink bandwidth is...

acruhl

Yeah, looking at your description I think you should look into VRRP failover. You wouldn't need the extra networks, you would just have the 2 wans and 1 subnet below connected by the link between the routers. Figuring out how to failover based on wan link failure is the problem you would have to wor...

acruhl

I can't see the diagram. (EDIT: I can see it now) It says I'm not authorized to download it for whatever reason. Can you fix that? A few things: There's no need to worry about if the hardware switch is being used as of 6.41. See the release notes for 6.41: https://mikrotik.com/download/changelogs If...

acruhl

As far as I know, switch vlan is the old way to do it. You said before you were using 192.168.80.x/24 on vlan100, but in this case it's 10.10.10.x/24. Not sure you need the service tag. Try without it. Your wan bridge is doing something not 100% clear in regards to eth2. You probably don't want eth2...

acruhl

That should work. Make sure eth 2 isn't part of another bridge, if it is and you have other cables connected to the router you might have a spanning tree loop. Send exports: /interface vlan export /interface bridge export /ip address export I suppose it would be useful to set eth2 on both sides as a...

acruhl

The picture doesn't make sense until you label the devices with the red arrows. You shouldn't have to do anything to make the 2 networks communicate if both subnets are defined on the same router. If they aren't talking, you are blocking it. You don't need to add any routes, they are already there a...

acruhl

Well, start with basics. 1. UDP will show errors where TCP won't because TCP will do retransmit until the data is complete. You would see that in a Wireshark trace if it was happening. You can do a packet sniffer trace on the interface where the "bad" network exists on the Mikrotik router if you hav...

acruhl

Yep, funny that this still comes up. I guess this must still be true after all these years. There was conjecture in the "old days" that www.3com.com was the only exception ever made. I have no idea if that's true but it made a good story. They are long gone now of course. (Edit: It's not true. I jus...

acruhl

If I'm understanding you correctly, this is not so easy. As you say, creating one trunk port with multiple vlans is a piece of cake... Doing multiple ports means you need to find your setup on this page and make a bunch of bridges to make it work: https://wiki.mikrotik.com/wiki/Manual:Interface/VLAN...

acruhl

Just thought of a few things: What I just said is not the only way to do it. There are other ways. Testing on test devices helps. hAP-lite or hAP-mini devices are fantastic for testing... You may have to "undo" the default bridge setup to get this to work. Mikrotik assumes on some devices that you w...

acruhl

What is the vlan id of vlan1? Don't use vlan id 1, use something else to keep from getting confused. Vlan 1 is the default vlan and generally shouldn't be used if you're doing vlans. I'm hoping this is right, from memory: Create the vlan interface using a physical interface as it's "interface". That...

acruhl

Not sure this is relevant with wireless, but is your MTU set correctly on the pppoe-client interface?

acruhl

2 things: 1. Use mac telnet as stated above. You'll need to be in the same layer2 domain and it's probably not activated on the WAN interface. 2. ALWAYS use safe mode when doing anything remotely. You can turn it on, do a few commands and ensure they work, then turn it off. Or leave it on the whole ...

acruhl

If you knew that the addresses were worth more today than tomorrow, you might. For example: https://www.networkworld.com/article/3191503/internet/mit-selling-8-million-coveted-ipv4-addresses-amazon-a-buyer.html There are many private companies that hold class A networks. I work for one of them. Comb...

acruhl

I agree that there are older RFCs, what I'm saying is residential support still isn't standardized from what I can tell. So you have to look at what direction actual implementations are taking rather than trusting a 4 1/2 year old RFC. As for DS lite, the IPv4 space could actually start growing agai...

acruhl

I'm not that up to speed on what exactly IPv6 "standards" are, but I have some (possibly naive?) opinions on using it as a residential end customer That RFC document is about 4 1/2 years old now and I would suggest that stuff has changed. For example, using a tunneling service to get IPv6 over IPv4 ...

acruhl

Yeah, that's worth a try next time I'm over there. Setting a static IP is a good start probably. The real problem is I don't know exactly why it's doing this stuff or if it's necessary for it's functionality. In the end the "problem" might only be that MikroTik likes to log messages that this impoli...

acruhl

I'm paranoid these days so I turn on packet sniffer on interfaces quite often, open it in Wireshark, then peel back the stuff that I know should be there until I find the stuff that shouldn't be there. It's surprising if you haven't done it or haven't done it in a while. Doing that is so useful and...

acruhl

I think he mainly wants to get rid of this type of message: default offering lease 192.168.22.209 for CC:35:40:04:38:1B to BC:8C:CD:46:15:F4 without success The info,!dhcp would get rid of the lease renewal messages which he also wants to hide. There may be other info level messages he wants to kee...

acruhl

I bet my left nut you are using some crappy repeaters or a device for switch, that (firmware) is not meant to be a switch. Or connected a freaking Sonos device that makes a loop... Even a laptop, connected both wired and wireless will get 2 separate IPs without problems. Running xp/7/Linux/BD/whate...

acruhl

Yeah. I was really hoping to drop log messages based on a regexp string so I don't drop everything from DHCP.

I'll try it. Thanks.

acruhl

Ok, I'm resurrecting this topic. I finally got to the place where this device exists, and it's a DirecTV DVR/set top box thing. It's apparently doing something on behalf of 2 other "slave" or "client" boxes in other rooms. Super, duper annoying. So I did this: /system logging set 2 topics=warning,!d...

acruhl

The two addresses, 192.168.33.1 and 192.168.33.2, can ping each other. Other interconnections between the boxes exist, so in order to double-check that the ping cannot get through some other way (which is actually not possible even theoretically but just to be bullet-proof), I've disabled the membe...

acruhl

What you wrote in the diagram isn't really in English, maybe you should try in your native language and see if someone can answer.

acruhl

Don't forget to disable the DHCP server. No need for it if you've just got a bridge. Unless you want it of course. But from your explanation you probably don't want it.

acruhl

Diagram it please.

You don't really "connect" DHCP servers together, so I don't understand what you are asking.

acruhl

A trick I do once in a while is to do /export verbose, then send it to a file. I can then grep (search) the file to see if there is something I missed. Try that while looking for "stp" maybe... If you provide a packet trace showing the STP frame with your mac address as the source, plus /export to s...

acruhl

(If anyone wants to bring up layer 3 switches, save your typing--they are just misnamed routers.). Yes and no depending on what you need. Cisco 3750 switches have settings that help decide how to allocate resources (is it a switch or a router?) depending on how you use it. There is a difference if ...

acruhl

There is something very wrong in your post. "Learn about it before asking for help." What could be crazier? Invest tons of time in self educating yourself and finally when you're done post a question on the forums?!?!?! Further: "Hire someone" . Blah. If I were willing to accept the costs for hirin...

acruhl

Maybe I'm a bit ignorant... I work with Cisco and Juniper all day, and they make this stuff really easy. You either have a tagged vlan or you don't. You just push those around to whatever port you want them to go, and they go there. There's a little bit more to it than that in areas, but basically t...

acruhl

If the ASUS will be in bridge mode, then what do you expect it to do besides function as a switch? Perhaps attach wifi to the bridge I suppose. I think he's referring to that ridiculous article at the link in the first post, which talks about a "router" but it's really a bridge (switch) or access p...

acruhl

After thinking about this for a minute, this should be a feature request.

A delay after a reboot solves not only the problem you want to solve, but can also solve "flapping" if one router has a problem and starts rebooting itself. It's a nice feature to have.

acruhl

If you don't care which router becomes the master, you can just use preemption-mode=no and that would solve the problem. You could fail it over manually once everything settles. Otherwise, I don't see a way to do it. I'm doing this at work but the routers I'm using have a preemption delay which does...

acruhl

Have you seen this before? What is doing that? I didn't pick up on the D vs DC, good call. Still, it seems like a single machine trolling the subnet space for something... It's annoying if nothing else. If this was my network I would be looking at packet sniffer traces to see what is doing this and ...

acruhl

So the question remains, have you put in a static route to the 10.x.x.x network on all of the Ciscos? I think you'll get ICMP redirects on all packets destined for the non gateway addresses in the 192.168 network (the ISP cloud you have drawn) if you use a default route in the 192.168 network. I don...

acruhl

I'm now dumber after reading the article at that link. The terminology is ridiculous. It's written by someone who is not a network person. Disable the DHCP server in the MikroTik, then attach your links to the LAN ports (not port 1). Those are bridged so the MikroTik will behave as a switch. What ex...

acruhl

To the original post author: I don't have much to add except the things labeled "WiFi router" are a problem. If they really are "routers", then they have networks other than 10.0.0.0/20 under them and you would need to route to clients under those as well, which you haven't mentioned yet. If those a...

acruhl

Well, "back to basics": You can easily have 2 subnets inside the same layer 2 domain (or physical media, or VLAN, whatever you are calling a single layer 2 network). You just put the gateway addresses on the same interface, for example: /ip address add interface=ether2 address=192.168.1.1/24 /ip add...

acruhl

Possibly. I'm trying to think of a legit use of all zeroes as a MAC and I don't know of one. Hopefully someone knows. To me that looks like some kind of a DDoS attack on that subnet. I would sniff it. If a machine is sending out gratuitous arps with all zeroes for all addresses in the subnet, then y...

acruhl

Yeah, GRE, IPIP, EoIP, whatever works at that point. You can even use the built in ipsec options on the tunnels themselves to make this super easy. Since GRE behaves more like point to point links on a "real" router connection, it's more of a lesson in how routing is supposed to be in my opinion. tu...

acruhl

Each MikroTik router has IPSec protocol, NAT-Traversal (4500/UDP) and IPSec IKE (500/UDP) traffic forwarded from its gateway (ISP Router) I think this is assuming that the "WAN" interface on the MIkroTik routers will always get the same IP address, or there is some other way on these routers to ens...

acruhl

Subscriber IP - 216.00.14.38 sub - 255.255.255.252 They should be raped with a barbed wire for that subnet size. Those retards are the reason IPv4 is full. I am confused, it is only 2 available host addresses, would you mind to elaborate? At expense of four (one for network address and the other fo...

acruhl

Ok, other than access list 101, that's pretty straightforward on the Cisco. Quick detour. This is going to sound like me lecturing: You said "during testing everyone is down" and it's not acceptable. This is not a good business plan, what happens if the Cisco breaks? You should have scheduled downti...

Search found 351 matches