MikroTik

nescafe2002

Same what?

Please show exactly what command you are running, what you expected to see/happen and what happens instead.

Include terminal output or screen dump when applicable.

What happens when you run

:put [ /system identity get name ]

in console?

nescafe2002

:put [ /system routerboard get serial-number ]

Prints serial number when run in terminal.

https://wiki.mikrotik.com/wiki/Manual:S ... l_commands

Command: put
Syntax: :put <expression>
Description: put supplied argument to console

nescafe2002

viewtopic.php?f=2&t=139091&p=685725#p685742

Make a new user, then re-login. There are big security changes in last versions, rename is no longer possible.

nescafe2002

Did you get an auto-reply? If yes, just wait. If not, resend mail (perhaps using another mail service, e.g. Gmail works fine).

nescafe2002

Note that port 5060 could by opened on your providers modem/router. We are in an audit process and this port is reported as unsafe. For this reason I want to close. # feb/18/2019 15:07:29 by RouterOS 6.32.3 Better look for another auditor if they didn't mention anything about your ROS version. You s...

nescafe2002

If you reset the device to CAP mode, the admin mac is set automatically. You can verify this by checking the default configuration script: [admin@MikroTik] > /system default-configuration print caps-mode-script: #------------------------------------------------------------------------------- # Note:...

nescafe2002

You need to apply hairpin nat OR add a local static dns entry pointing to your internal server.

https://wiki.mikrotik.com/wiki/Hairpin_NAT

nescafe2002

And Hannah25 is not even a real person, just a spam bot copying this post ( viewtopic.php?t=137572&start=200#p686945 ) and coming back later to edit in some spam links.

nescafe2002

Have you enabled internet detect? Try disabling it. If not, post config ( /export hide-sensitive )

nescafe2002

Use another DAC. https://mikrotik.com/product/s_ao0005 5m SFP+ 10Gbps Active Optics direct attach cable. This is highly cost-effective way to connect two SFP/SFP+ devices for very short distances, within racks and across adjacent racks. It works with all our products with SFP/SFP+ ports, including n...

nescafe2002

https://wiki.mikrotik.com/wiki/Manual:CAPsMAN#Master_Configuration_Profiles datapath.client-to-client-forwarding (yes | no; Default: no ) controls if client-to-client forwarding between wireless clients connected to interface should be allowed, in local forwarding mode this function is performed by ...

nescafe2002

Im not sure why this question gets posted here 1:1, after it was already answered on reddit:

It is a spamming account. Posts get edited and filled with spam links after a while.

nescafe2002

There is very useful information on the wifi, have you tried that? https://wiki.mikrotik.com/wiki/Manual:Interface/SSTP#Application_Examples Please share your config ( /export hide-sensitive ) if you are stuck. Which clients are connecting? (Multiple sstp tunnels and road warrior setups running fine...

nescafe2002

Have you tried disabling STP on bridge? And did you report this issue to support?

nescafe2002

http://poe-world.com/Calculator/

iexplore_2019-03-06_11-57-26.png

2019-03-06_11-58-44.png

PoE in input Voltage 18-28 V

Voltage is OK but you should consider buying a 1.2A adapter.

nescafe2002

Why don't you use the built in "add-arp" setting? https://forum.mikrotik.com/viewtopic.php?t=87889#p442251 If you enabled this option, and set the interface ARP setting to "reply-only", it will mean that only DHCP clients will be able to access your network, statically configured IP addresses will n...

nescafe2002

The S-RJ01 is compatible with the RB4011, but will not operate at rate 1000, 100 or 10.

https://wiki.mikrotik.com/wiki/MikroTik ... ble#S-RJ01

So.. not supported I guess?

2019-03-03_13-47-36.png

nescafe2002

Undo that change, because enabling the firewall helper service won't activate the actual service.

Enable logging for topic tftp and disable/enable tftp rule. Check the log. Is the server starting?

nescafe2002

The dhcp package is mandatory, as mentioned in change log, but you should be able to delete / disable any dhcp servers or clients.

What's new in 6.44 (2019-Feb-25 14:11):

Changes in this release:

*) upgrade - made security package depend on DHCP package

nescafe2002

You have to enable connection tracking if you want to enable firewall service ports.

Note that these are ip service helpers, usually for NAT, not the actual services.

So it doesn't make sense to enable these helpers if you aren't natting or filtering.

nescafe2002

You are considering buying a new device because it cannot saturate the connection using the built-in bandwith tester? Even though RB3011 can handle 1Gpbs NAT traffic easily? Keep in mind that the device has to actually generate the traffic and cannot use any of the hardware offload functions, theref...

nescafe2002

ROS 6.44. When exporting
Code: Select all
/ip neighbor discovery-settings
, inversion is not taken into account. Be careful!
ROS_6.44_neighbor.jpg

This is strictly spoken not a 6.44 issue, as the problem exists in 6.43 as well. You are welcome to report it, with supout.rif, to support.

nescafe2002

In that case, please do not say V7 but instead say: Some version we might release in the (probably distant) future

Really?

nescafe2002

Reset to default configuration & got a fresh ip :) RB4011 @ 1Gbps [admin@MikroTik] > /tool bandwidth-test 87.121.0.45 user=neterra password=neterra direction=both ;;; results can be limited by cpu, note that traffic generation/termination performance might not be representative of forwarding perform...

nescafe2002

I updated and my coffee machine started smoking.

nescafe2002

Works fine here: RB3011 @ 500Mbps [admin@MikroTik] > /tool bandwidth-test 87.121.0.45 user=neterra password=neterra direction=both status: running duration: 57s tx-current: 543.9Mbps tx-10-second-average: 543.6Mbps tx-total-average: 456.1Mbps rx-current: 543.6Mbps rx-10-second-average: 543.5Mbps rx-...

nescafe2002

See: https://wiki.mikrotik.com/wiki/Manual:I ... _and_ports

UDP/20561 is used for MAC winbox connection.

It uses broadcasts to be able to connect to RB on L2 (no IP address required).

By connecting to IP address instead you will eliminate these broadcasts.

nescafe2002

Screenshots 1 shows ipsec policy template, screenshot 2 shows ipsec policy (not a template).

nescafe2002

Try the new rc (switch to testing channel), it has better support for 1Gbit SFP:

https://mikrotik.com/download/changelog ... lease-tree

What's new in 6.44rc1 (2019-Feb-15 07:12):

*) rb4011 - improved SFP+ interface linking to 1Gbps;

nescafe2002

Switch to testing channel. 6.44beta/rc handles SFP much better on RB4011.

viewtopic.php?f=21&t=139057&p=709663#p709663

What's new in 6.44beta61 (2019-Jan-17 13:24):

Changes in this release:

*) rb4011 - improved SFP+ interface linking to 1Gbps;

nescafe2002

You are correct

nescafe2002

WinBox v3.18 doesn't connect to RB with empty password out-of-the box.

Just login via WebFig / SSH / telnet and set a password (may even be empty).

WinBox login w/o password seems to works fine..

nescafe2002

Newer default configuration make use of interface lists, the provided example will work fine on recent configs.

If you don't have interface lists, we can only guess. Post config ( /export hide-sensitive ) or adept example to your liking.

nescafe2002

Do a Torch on the interface and you will see which host/protocol/port causes the most traffic.

You can enable logging on the specific rule, to memory will be fine for a limited time period.

nescafe2002

Reporting on forum again won't help much.

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

nescafe2002

You need to accept established connections in forward chain, then you can remove all reverse logic rules again. Now, everyone can reach your private network as long as they're using source port 80,443/tcp or 53/udp. Take a look at the default firewall, which is a good entry point anyway. Make sure i...

nescafe2002

Duplicate topic: viewtopic.php?f=2&t=145145

nescafe2002

Please update your router first, following the steps in this document: https://blog.mikrotik.com/security/winbox-vulnerability.html Update, change pwd, check config. For your ssh problem, you may be blocking ssh connections in firewall. After update, export config ( /export hide-sensitive ) and past...

nescafe2002

Have you enabled fasttrack? I will probably bypass raw firewall, however doesn't explain why tcp is working. Please do no post screenshots, just export config ( /export hide-sensitive ) and paste in code blocks. Also.. TomjNorthIdaho mentioned more than a terabyte of traffic per month hosting public...

nescafe2002

Nice work! You can check out the configuration of TomjNorthIdaho posted here: https://forum.mikrotik.com/viewtopic.php?f=2&t=104266&p=690150#p690150 /ip firewall raw add action=accept chain=prerouting comment="testers accepted" src-address-list=tester add action=drop chain=prerouting comment="previo...

nescafe2002

You can setup an ipsec transport policy with protocol=47 and ensure gre traffic is secured using the firewall ipsec policy matcher:

https://wiki.mikrotik.com/wiki/Manual:I ... ed_traffic

Dynamic peer will disappear as soon as you unset ipsec secret in gre tunnel.

nescafe2002

Rtfm?

https://wiki.mikrotik.com/wiki/Manual:I ... ess_points

nescafe2002

Still 100% CPU-load on one of the cores in my RB3011. The router is working, but still this indicate something is wrong. Anyone else with the same problem? Any suggestions on how to fix?

Yes, send supout.rif to support@mikrotik.com.

nescafe2002

Routing mark is not main, but empty (missing) for default route. https://wiki.mikrotik.com/wiki/Manual:API#Queries ?name pushes 'true' if item has value of property name, 'false' if it does not. ?-name pushes 'true' if item does not have value of property name, 'false' otherwise. You might try somet...

nescafe2002

The reason you're getting "no such command" is because "ip/dhcp-server/lease/set" is not a valid command. You're missing the leading "/" => "/ip/dhcp-server/lease/set" is valid :) Also, you cannot use [ find ] syntax in API. Print with filter to get id, then update by id. mk.Send("/ip/dhcp-server/le...

nescafe2002

Since I've spent some time restoring VPN functionality.. here are my 6.44beta61 IKEv2 settings for iOS, macOS and Windows clients. Windows only seems to work with identity my-id=auto and remote-id=auto. Afaik you cannot add a secondary peer for Windows default ipsec settings, so you should alter the...

nescafe2002

Replace screenshots with configuration export (/export hide-sensitive).

Enable ipsec logging (/system logging add topics=ipsec,!packet) and check/post the results (/log print or log window).

nescafe2002

when you try to access IP Socks router stuck at 100% cpu, How do you "access IP Socks"? Are you trying to use the IP socks service as a client? Are you opening the IP > Socks > Access window in WinBox? Are you printing the entries in Terminal? The most simple command to remove all entries is, in CL...

nescafe2002

Default firewall accepts untracked connections. Are you using default firewall? Are you pinging from/to routers or hosts? If routers, add route to remote subnet via local interface to ensure router picks correct source address.

nescafe2002

Kudos for the developers

Search found 573 matches