Community discussions

MikroTik App

Search found 654 matches

by nescafe2002
Fri May 29, 2020 3:13 pm
Forum: General
Topic: API for C#
Replies: 3
Views: 434

Re: API for C#

Better take a look at tik4net => https://github.com/danikf/tik4net

The author is present on the forum => viewtopic.php?t=99954
by nescafe2002
Fri Apr 24, 2020 3:19 pm
Forum: Beginner Basics
Topic: Novice IPv6 using 6rd Tunnel
Replies: 1
Views: 658

Re: Novice IPv6 using 6rd Tunnel

Hello, the information seems incomplete. You'll need to get the IPv4 subnet associated to the 6RD server. Then calculate the IPv6 prefix using https://alephs.org/6rdcalc.html. Enter number (32-mask) in "using ... bits" field. Add 6rd interface /interface 6to4 add !keepalive name=6rd remote-address=1...
by nescafe2002
Fri Apr 03, 2020 11:16 am
Forum: General
Topic: Error in ip route - action timed out
Replies: 6
Views: 1804

Re: Error in ip route - action timed out

You could contact MikroTik support and send a supout file
by nescafe2002
Thu Apr 02, 2020 5:24 pm
Forum: General
Topic: Dual WAN VPN SSTP - second certificate, backup link
Replies: 2
Views: 1240

Re: Dual WAN VPN SSTP - second certificate, backup link

No, but you could use a certificate with a subject alternative name or a wildcard certificate.
by nescafe2002
Wed Mar 18, 2020 8:44 pm
Forum: General
Topic: I can´t see the network in Google Cloud Platform
Replies: 5
Views: 2428

Re: I can´t see the network in Google Cloud Platform

It is possible, route the remote subnet to your local lan, It sounds counter intuitive, but the route won't be used for routing anyway. It's to make sure the router picks a source lan ip which is part of the ipsec policy (local subnet).
by nescafe2002
Thu Feb 13, 2020 3:23 pm
Forum: Scripting
Topic: Diabling a DHCP server
Replies: 6
Views: 2056

Re: Diabling a DHCP server

https://wiki.mikrotik.com/wiki/Manual:S ... ter_values

But for most entries with a identifier, you can use the name instead:

/ip dhcp-server disable default
/ip dhcp-server enable default
by nescafe2002
Wed Feb 05, 2020 10:30 pm
Forum: Announcements
Topic: v6.45.8 [long-term] is released!
Replies: 87
Views: 60567

Re: v6.45.8 [long-term] is released!

"I cannot login via api after upgrade" Or: "I cannot login via api after upgrading from [version] to this v6.45.8. I am using [api implementation] in [language] documented here [url]. The code I am using is: [short login code fragment] I am getting the following result: [result from Mikrotik] or the...
by nescafe2002
Mon Jan 20, 2020 2:02 pm
Forum: General
Topic: Graphical button is absent on forum
Replies: 7
Views: 1003

Re: Graphical button is absent on forum

User is probably referring to the incomplete breadcumb in the page header.

Not a button, but a link to the current forum section is missing and maybe a link to the current topic as well.
by nescafe2002
Mon Jan 20, 2020 11:41 am
Forum: General
Topic: Questions about Cloud Mikrotik
Replies: 3
Views: 723

Re: Questions about Cloud Mikrotik

You may not be suprised if MT decides to ban you for that :) The minimum update interval, no scripting required, is 60 seconds: https://wiki.mikrotik.com/wiki/Manual:IP/Cloud#Properties ddns-update-interval (time, minimum 60 seconds; Default: none) If set DDNS will attempt to connect IP Cloud server...
by nescafe2002
Thu Jan 09, 2020 3:11 pm
Forum: Scripting
Topic: Firetik
Replies: 2
Views: 1833

Re: Firetik

With one word of caution: You should never automate an import process from an untrusted source. It will make your router vulnerable to whatever the url is returning. Even when the scripts seems legit in browser, the author could inject malware based on user agent = Mikrotik/6.x Fetch. Therefore: If ...
by nescafe2002
Tue Jan 07, 2020 1:32 pm
Forum: Scripting
Topic: [ask] Auto detect public ip and generate dstnat rule
Replies: 7
Views: 2373

Re: [ask] Auto detect public ip and generate dstnat rule

IP Cloud will update properly if your device has public IP. If MT is behind another router, you can force a periodic update using ddns-update-interval. No scripting required. /ip cloud set ddns-enabled=yes ddns-update-interval=10m Also, no scripting required for dstnat entries. Assuming you currentl...
by nescafe2002
Wed Jan 01, 2020 5:36 pm
Forum: Scripting
Topic: Get a specific ipv6
Replies: 2
Views: 1584

Re: Get a specific ipv6

The find command can return multiple items. Have you tried specifying the search to limit the number of results? :put [ /ipv6 address get [ find interface=bridge-lan ] address ] invalid internal item number :put [ /ipv6 address get [ find interface=bridge-lan !link-local ] address ] 2a02::xx:xx:xxxx...
by nescafe2002
Sun Dec 29, 2019 1:28 pm
Forum: Scripting
Topic: C# API - tik4net on GitHub
Replies: 162
Views: 44423

Re: C# API - tik4net on GitHub

That function works fine here. Have you tried running it in a Console Application?

I ran the example using LINQPad: https://www.linqpad.net/

Script: http://share.linqpad.net/6i2986.linq
by nescafe2002
Fri Dec 27, 2019 11:21 am
Forum: General
Topic: Packet Sniffer stops after 45 minutes
Replies: 4
Views: 689

Re: Packet Sniffer stops after 45 minutes

Not sure about sctp, but remember that there are multiple chains in the firewall (prerouting/postrouting and input/output/forward). This example sniffs ssh connections, both packets to the server (dst-port=22) and back to client (src-port=22). /ip firewall mangle add action=sniff-tzsp chain=prerouti...
by nescafe2002
Thu Dec 26, 2019 9:24 pm
Forum: General
Topic: Packet Sniffer stops after 45 minutes
Replies: 4
Views: 689

Re: Packet Sniffer stops after 45 minutes

For a more permanent sniffing solution, you might take a look at firewall mangle, action sniff-tzsp:

https://wiki.mikrotik.com/wiki/Manual:I ... all/Mangle
by nescafe2002
Thu Dec 12, 2019 2:14 am
Forum: General
Topic: MAC alias for WAN Eth1
Replies: 15
Views: 3687

Re: MAC alias for WAN Eth1

Search for multiple dhcp client => viewtopic.php?t=60453
by nescafe2002
Tue Dec 10, 2019 12:51 pm
Forum: General
Topic: Dns queries question
Replies: 2
Views: 637

Re: Dns queries question

by nescafe2002
Thu Dec 05, 2019 9:16 pm
Forum: RouterBOARD hardware
Topic: LEDs
Replies: 1
Views: 2059

Re: LEDs

Get a cable and connect the other end to the wAP ac.

It's on the side:

<== POE + DATA
        DATA ==>


Image
by nescafe2002
Fri Nov 29, 2019 12:18 am
Forum: General
Topic: Drop unwanted port-forwarding connections
Replies: 6
Views: 938

Re: Drop unwanted port-forwarding connections

You can set a src-address (or src-address-list) in the forward rule:
/ip firewall address-list
add address=1.1.1.1 list=trusted
/ip firewall nat
add action=dst-nat chain=dstnat dst-address-type=local dst-port=443 protocol=tcp src-address-list=trusted to-addresses=192.168.88.100
by nescafe2002
Sun Nov 24, 2019 2:07 pm
Forum: Beginner Basics
Topic: Internet Speed
Replies: 41
Views: 4437

Re: Internet Speed

You might want to create supout.rif of the device, running full bandwidth test and send it to support. Your device should be able to handle at least 3x those numbers with this config. (One supout with bridge ports ether6-10 enabled, one with bridge ports ether6-10 disabled). I suspect some sort of s...
by nescafe2002
Sun Nov 24, 2019 1:06 pm
Forum: Beginner Basics
Topic: Internet Speed
Replies: 41
Views: 4437

Re: Internet Speed

What's the link rate? It's in the interface property window, tab Status. Could you try disabling bridge ports 6 through 10? Disabling the LCD? Also, you're announcing a lot of dns servers in your dhcp network. You might want to limit the selection to just your routers address (192.168.2.1); the rout...
by nescafe2002
Sun Nov 24, 2019 12:12 pm
Forum: Beginner Basics
Topic: Internet Speed
Replies: 41
Views: 4437

Re: Internet Speed

I've set up my RB2011 according to your configuration. explorer_2019-11-24_11-10-03.png There is room for improvement, but 500Mbps is no problem. Maybe you should check cabling. What rate are the ethernet links? I´ve printed default config but i don´t see these two rules. The default config is longe...
by nescafe2002
Sun Nov 24, 2019 12:23 am
Forum: Beginner Basics
Topic: Internet Speed
Replies: 41
Views: 4437

Re: Internet Speed

Whats the version of RouterOS? Why are you blocking output chain? You're e.g. blocking router originating DNS requests now. Also you may want to exclude ipsec from fasttracking, from default config: /ip firewall filter add chain=forward action=accept ipsec-policy=in,ipsec comment="defconf: accept in...
by nescafe2002
Sat Nov 23, 2019 4:35 pm
Forum: Scripting
Topic: C# API - tik4net on GitHub
Replies: 162
Views: 44423

Re: C# API - tik4net on GitHub

There are generally two ways to performs operations via Tik4Net. Method 1. Use low level API using (var conn = ConnectionFactory.OpenConnection(TikConnectionType.Api_v2, "192.168.88.1", 8728, "admin", "")) { var command = conn.CreateCommand("/interface/pppoe-server/print"); command.AddParameter(".pr...
by nescafe2002
Sat Nov 23, 2019 10:37 am
Forum: Scripting
Topic: fetch a list of user-manager usernames via API
Replies: 3
Views: 1650

Re: fetch a list of user-manager usernames via API

Yes, you have found the right operation. Note that you shouldn't OR after the first entry because #| ORs the two preceding entries (in other words you'll have to follow the Reverse Polish notation (RPN)). Example in C# tik4net: explorer_2019-11-23_09-33-34.png Conversation: ./login =name=admin =pass...
by nescafe2002
Fri Nov 22, 2019 10:58 pm
Forum: Beginner Basics
Topic: Internet Speed
Replies: 41
Views: 4437

Re: Internet Speed

I usually look at the middle table (512 bytes) with 25 filter rules to compare synthetic tests to real world applications in default config but without fasttrack (e.g. IPv6). Great..! Please take a look at the test results for 25 filter rules and 512 Byte packets. Can you please tell me the speed ?...
by nescafe2002
Fri Nov 22, 2019 5:22 pm
Forum: Beginner Basics
Topic: Internet Speed
Replies: 41
Views: 4437

Re: Internet Speed

They are technically not comparable. Product page test results are synthetic tests (using packet generator), fasttrack page test result is based on a single stream TCP test. TCP packet sizes are not fixed. I usually look at the middle table (512 bytes) with 25 filter rules to compare synthetic tests...
by nescafe2002
Fri Nov 22, 2019 4:49 pm
Forum: Beginner Basics
Topic: Internet Speed
Replies: 41
Views: 4437

Re: Internet Speed

Ok @nescafe2002, you can then let Mikrotik know that the test results are wrong! :lol: https://mikrotik.com/product/RB2011UiAS-2HnD-IN#fndtn-testresults They are not wrong, these are just synthetical tests with certain preconditions. Fasttrack follows (semi-) fastpath for most of (*) the establishe...
by nescafe2002
Fri Nov 22, 2019 11:50 am
Forum: Beginner Basics
Topic: Internet Speed
Replies: 41
Views: 4437

Re: Internet Speed

No need to disable firewall.

Fasttrack bypasses firewall filtering for established connections and is enabled in default config.

And there are no queues in default config.

TS is free to post config for further examination.
by nescafe2002
Fri Nov 22, 2019 7:16 am
Forum: Beginner Basics
Topic: Internet Speed
Replies: 41
Views: 4437

Re: Internet Speed

Just stick with RB2011 and enable fasttrack. 800 Mbps is achievable in default configuration. https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack#FastTrack_on_RB2011 hAP ac2 is a good alternative with wireless. Don't invest in a RB3011. They are really fine devices but if you want a dedicated router,...
by nescafe2002
Thu Oct 31, 2019 6:57 pm
Forum: General
Topic: Winbox RouterOS 5x
Replies: 6
Views: 1158

Re: Winbox RouterOS 5x

You better download CHR and run it in a virtual environment:

https://wiki.mikrotik.com/wiki/Manual:CHR#60-day_trial
by nescafe2002
Wed Oct 23, 2019 4:40 pm
Forum: Scripting
Topic: Return list C# API [SOLVED]
Replies: 2
Views: 2191

Re: Return list C# API [SOLVED]

API supports query words to filter. ~ is not a valid query operator. But if listName is exact, you can use the following code: mikrotik.Send("/ip/firewall/address-list/print"); mikrotik.Send("?list=listName", true); foreach (string h in mikrotik.Read()) { Console.WriteLine(h); } https://wiki.mikroti...
by nescafe2002
Thu Oct 10, 2019 10:24 pm
Forum: Scripting
Topic: VB.net API new login procedure [SOLVED]
Replies: 3
Views: 2837

Re: VB.net API new login procedure [SOLVED]

Try this:

		Send("/login")
		Send("=name=" + user)
		Send("=password=" + pass, True)

(Alternatively, use the tik4net package: viewtopic.php?f=9&t=99954)
by nescafe2002
Fri Sep 27, 2019 9:10 am
Forum: Scripting
Topic: item referred by 'place-before' does not exist (11) [SOLVED]
Replies: 7
Views: 2709

Re: item referred by 'place-before' does not exist (11) [SOLVED]

You can (should) use place-before with .id value in API: /ip/firewall/filter/print =.proplist=.id !re.=.id=*37 !re.=.id=*1 !re.=.id=*2 !done /ip/firewall/filter/add =chain=input =dst-address=192.168.1.1 =protocol=tcp =dst-port=81 =comment=TESTING PLACE BEFORE =place-before=*37 !done =ret=*38 /quit
by nescafe2002
Sun Sep 22, 2019 7:26 pm
Forum: Wireless Networking
Topic: Mikrotik's Audience: running in cAP mode:?
Replies: 2
Views: 1263

Re: Mikrotik's Audience: running in cAP mode:?

https://i.mt.lv/cdn/rb_files/1568200626 ... -%20qg.pdf
To connect this device to a wireless network managed by CAPsMAN, keep holding the button for 5 more
seconds, LED turns solid green, release now to turn on CAPs mode (total 10 seconds).
by nescafe2002
Sun Sep 22, 2019 12:07 pm
Forum: Beginner Basics
Topic: Terrible slow performance through IPsec
Replies: 9
Views: 1784

Re: No HTTPS page accessible through IPsec

Have you disabled fasttrack for ipsec? Could you share your configuration (/export hide-sensitive)?
by nescafe2002
Fri Sep 20, 2019 3:33 pm
Forum: Beginner Basics
Topic: CAPSMAN vs Unifi Controller (user review)
Replies: 2
Views: 2012

Re: CAPSMAN vs Unifi Controller (user review)

2. Set your radio provisioning rule to create enabled instead of create dynamic enabled.

https://wiki.mikrotik.com/wiki/Manual:C ... ovisioning
by nescafe2002
Thu Sep 12, 2019 3:51 pm
Forum: Beginner Basics
Topic: Can I block a proram from accessing internet [SOLVED]
Replies: 4
Views: 788

Re: Can I block a proram from accessing internet [SOLVED]

No, process name can only be evaluated on the client computer, not on the mikrotik router.

You can script the firewall rule creation using netsh, powershell or group policy (domain joined pcs).
by nescafe2002
Thu Aug 22, 2019 7:12 pm
Forum: General
Topic: Block some public ip address with wildcard [SOLVED]
Replies: 4
Views: 1008

Re: Block some public ip address with wildcard [SOLVED]

Use CIDR notation, e.g. src-address=83.240.61.0/24 or src-address=83.240.0.0/16.
by nescafe2002
Thu Aug 22, 2019 2:22 pm
Forum: General
Topic: 100% CPU load in CCR 1009 [SOLVED]
Replies: 22
Views: 3147

Re: 100% CPU load in CCR 1009 [SOLVED]

There are related topics on the issue:

viewtopic.php?t=115316 (no solution)
viewtopic.php?t=63096 (no solution)

Have you tried rebooting the device? Are there active tasks under System > Scripts > Jobs?
by nescafe2002
Wed Aug 21, 2019 11:36 pm
Forum: General
Topic: 100% CPU load in CCR 1009 [SOLVED]
Replies: 22
Views: 3147

Re: 100% CPU load in CCR 1009 [SOLVED]

Create supout.rif and send to support@mikrotik.com. It's the one and only way to get (quick) support for your specific situation.
by nescafe2002
Tue Aug 20, 2019 1:07 pm
Forum: Scripting
Topic: Triggered execution? Interface up/down etc
Replies: 5
Views: 2411

Re: Triggered execution? Interface up/down etc

PPP profile works for servers and clients. /ppp profile add name=profile1 on-down="/log info \"Client disconnected\"" on-up="/log info \"Client connected\"" /interface pppoe-client add name=pppoe-out1 profile=profile1 user=test Result: 12:05:10 pppoe,ppp,info pppoe-out1: authenticated 12:05:10 pppoe...
by nescafe2002
Fri Aug 16, 2019 12:08 pm
Forum: Announcements
Topic: v6.45.3 [stable] is released!
Replies: 90
Views: 35014

Re: v6.45.3 [stable] is released!

$ wget https://download.mikrotik.com/routeros/6.45.3/routeros-mipsbe-6.45.3.npk Connecting to download.mikrotik.com (download.mikrotik.com)|2a02:610:7501:4000::226|:443... connected. routeros-mipsbe-6.4 100%[===================>] 11.54M 5.56MB/s in 2.1s IPv4: $ wget -4 https://download.mikrotik.com...
by nescafe2002
Wed Aug 14, 2019 4:52 pm
Forum: Scripting
Topic: mAP lite as travel router [SOLVED]
Replies: 5
Views: 2797

Re: mAP lite as travel router [SOLVED]

You may want to use the built in profile feature to connect to any known network in the list. /interface wireless set [ find default-name=wlan1 ] default-authentication=no disabled=no ssid="" /interface wireless security-profiles add authentication-types=wpa2-psk mode=dynamic-keys name=profile1 wpa2...
by nescafe2002
Tue Aug 06, 2019 4:01 pm
Forum: Beginner Basics
Topic: Restrict access to hEX Ethernet port only for wAP
Replies: 21
Views: 2603

Re: Restrict access to hEX Ethernet port only for wAP

Idea is that I cannot isolate WiFi devices from LAN devices and vice-versa. But in the same time I need to protect some LAN devices from being accessible by an unauthorized device that might plug into LAN using the exposed Ethernet cable used by external wAP. Consider ether3-5 trusted and ether2 un...
by nescafe2002
Tue Aug 06, 2019 3:13 pm
Forum: Beginner Basics
Topic: Restrict access to hEX Ethernet port only for wAP
Replies: 21
Views: 2603

Re: Restrict access to hEX Ethernet port only for wAP

Please take another look at the solution andriys proposed. You really don't want to disable network interfaces, because they will be disabled when you don't expect it (e.g. power outage, update, whatever) and require manualy intervention. Also, they are disabled after at most the chosen interval, so...
by nescafe2002
Tue Aug 06, 2019 2:47 pm
Forum: General
Topic: [ROS/Firewall] How to MANGLE by raw HEX bytes ? [SOLVED]
Replies: 6
Views: 906

Re: [ROS/Firewall] How to MANGLE by raw HEX bytes ?

For external DNS server: /ip firewall layer7-protocol add name=aaa.com regexp="\\x03aaa\\x03com" /ip firewall filter add place-before=0 action=reject chain=forward dst-port=53 layer7-protocol=aaa.com protocol=udp reject-with=icmp-network-unreachable Will block aaa.com, www.aaa.com, subdomain.aaa.com...
by nescafe2002
Mon Aug 05, 2019 12:26 am
Forum: Announcements
Topic: v6.45.3 [stable] is released!
Replies: 90
Views: 35014

Re: v6.45.3 [stable] is released!

2)We already share the necessary files with mikrotik support
Then thanks, that is helpful.

[/offtopic]
by nescafe2002
Sun Aug 04, 2019 3:23 pm
Forum: Announcements
Topic: v6.45.3 [stable] is released!
Replies: 90
Views: 35014

Re: v6.45.3 [stable] is released!

It's actually rather annoying to see release topics filled with non-release specific replies, more annoying if you're replying to the post above and are still quoting the whole thing. 1. I have requested a mod to remove our posts, which are all offtopic. 2. If you want to be helpful, please do not p...
by nescafe2002
Sun Aug 04, 2019 2:44 pm
Forum: Announcements
Topic: v6.45.3 [stable] is released!
Replies: 90
Views: 35014

Re: v6.45.3 [stable] is released!

Posted by spacex — Fri Aug 02, 2019 12:25 am Not fix dude snmp v3 ? Posted by spacex — Sun Aug 04, 2019 2:32 pm Hello, The dude snmp v3 problem not fix ? No, since it is not mentioned in the change log - Please keep this forum topic strictly related to this particular RouterOS release. - no need to ...
by nescafe2002
Wed Jul 24, 2019 11:25 am
Forum: Announcements
Topic: v6.46beta [testing] is released!
Replies: 150
Views: 72944

Re: v6.46beta [testing] is released!

These changes have been tested in stable channel, right? :D

Edit: installed on RB4011, (regular) SFP is detected and working.
by nescafe2002
Wed Jul 24, 2019 11:21 am
Forum: Scripting
Topic: C# API - tik4net on GitHub
Replies: 162
Views: 44423

Re: C# API - tik4net on GitHub

Use TikConnectionType.Api_v2:

using (var conn = ConnectionFactory.OpenConnection(TikConnectionType.Api_v2, "192.168.88.1", "admin", ""))
{
  var cmd = conn.CreateCommand("/system/identity/print");
  var result = cmd.ExecuteSingleRow();
  Console.WriteLine(result.Words["name"]);
}
by nescafe2002
Tue Jul 23, 2019 2:06 pm
Forum: Announcements
Topic: MikroTik smartphone app (ex Tik-App)
Replies: 435
Views: 169170

Re: Tik App, MikroTik android utility ALPHA test

JanezFord: Update your app to version 1.0.11 if you cannot connect to ROS >= 6.45:

1.0.11 Jul 23, 2019
- Login: Fixed connection issue for RouterOS 6.45
by nescafe2002
Mon Jul 22, 2019 10:37 am
Forum: General
Topic: I can not connect to Mikrotik RB 3011 router board over 8291 port
Replies: 1
Views: 318

Re: I can not connect to Mikrotik RB 3011 router board over 8291 port

Ether1 is standard WAN port and protected by firewall.

Connect your client to one of the LAN (ether2-10) ports and you can connect to ip or mac.
by nescafe2002
Thu Jul 18, 2019 4:02 pm
Forum: Scripting
Topic: Missing script
Replies: 7
Views: 1744

Re: Missing script

Is there anything in the scheduler?

(we're just guessing here.. might as well post config /export hide-sensitive or send supout to support)
by nescafe2002
Thu Jul 18, 2019 12:11 pm
Forum: Scripting
Topic: Missing script
Replies: 7
Views: 1744

Re: Missing script

Did you enable safe mode before creating the script?
by nescafe2002
Tue Jul 09, 2019 1:36 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 111937

Re: v6.45.1 [stable] is released!

Add the policy with action=none and no peer:

/ip ipsec policy
add action=none dst-address=10.11.1.0/24 src-address=0.0.0.0/0

Peer is displayed as "unknown" in Winbox, but that's a cosmetic issue.
by nescafe2002
Mon Jul 08, 2019 7:18 pm
Forum: General
Topic: DNS wiki example not work. Why?
Replies: 3
Views: 619

Re: DNS wiki example not work. Why?

No need to include asterisk for hostname. Add $ to mark end of word: /ip dns static add address=127.0.0.1 regexp="\\.example\\.com\$" @MT (if anyone is reading this), another example of why allowing static 0.0.0.0 and :: values as (intended) invalid dns entries would be a good idea (web site blockin...
by nescafe2002
Mon Jul 08, 2019 1:05 am
Forum: General
Topic: RULE for BANKS
Replies: 15
Views: 1541

Re: RULE for BANKS

is to make it happen in fasstrack for the RB

Example of a https://en.wikipedia.org/wiki/XY_problem

Describe what you are trying to achieve, perhaps it can be done without creating address lists.
by nescafe2002
Thu Jun 13, 2019 4:47 pm
Forum: Scripting
Topic: C# API - tik4net on GitHub
Replies: 162
Views: 44423

Re: C# API - tik4net on GitHub

Your [find] example doesn't work because the API does not support composite CLI statements. Fetch the list of ids and then remove one-by-one: using (var conn = tik4net.ConnectionFactory.OpenConnection(TikConnectionType.Api, "192.168.88.1", 8728, "admin", "")) { var list = conn.CreateCommandAndParame...
by nescafe2002
Tue Jun 11, 2019 11:23 pm
Forum: Scripting
Topic: C# API - tik4net on GitHub
Replies: 162
Views: 44423

Re: C# API - tik4net on GitHub

The API returns a result which is not expected by ExecuteNonQuery. Try this instead, ExecuteSingleRows assumes parameters are query words by default so you'll have to supply parameterformat NameValue: Using connection As ITikConnection = ConnectionFactory.CreateConnection(TikConnectionType.Api) conn...
by nescafe2002
Sun Jun 09, 2019 9:40 am
Forum: General
Topic: API Security Vulnerability
Replies: 1
Views: 525

Re: API Security Vulnerability

Please send your findings to support@mikrotik.com with supout.rif of the device to get it fixed (asap).
by nescafe2002
Sat Jun 08, 2019 11:08 pm
Forum: General
Topic: Some wrong with the forum or my post?
Replies: 3
Views: 634

Re: Some wrong with the forum or my post?

View source, there are two posts with these links.

Sat Jul 28, 2018 5:35 pm
viewtopic.php?f=23&t=137338#p676773

Mon Jul 30, 2018 11:36 pm
viewtopic.php?f=23&t=137338#p677134

I don't see a login dialog, only when i open the links manually.
by nescafe2002
Wed Jun 05, 2019 9:58 am
Forum: General
Topic: IPSEC VPN
Replies: 2
Views: 498

Re: IPSEC VPN

Common issue. Traffic to 192.168.2.0/24 will be routed to wan initially, therefore the router picks the ip address from the wan interface to initiate the connection. From there, the connection won't be picked up by ipsec policy. You can create a route to the remote subnet via the lan interface to fo...
by nescafe2002
Sat Jun 01, 2019 3:14 pm
Forum: Scripting
Topic: Sending SMS using Infobip service and MikroTik tool / fetch feature - http-header-field example
Replies: 2
Views: 912

Re: Sending SMS using Infobip service and MikroTik tool / fetch feature - http-header-field example

Why not just user=<user> and password=<pass>?

The basic authorization header is a base64 encoded string user:pass, e.g. from documentation:
$ base64 -d
QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Aladdin:open sesame
by nescafe2002
Sat Jun 01, 2019 8:51 am
Forum: Scripting
Topic: How to use fetch http-header-field since 6.43.12 [SOLVED]
Replies: 6
Views: 2227

Re: How to use fetch http-header-field since 6.43.12 [SOLVED]

http-header-field="Header1: Value1,Authorization: Basic dXNlcjpwYXNz"

But for basic authentication you can also use:

user=user password=pass
by nescafe2002
Tue May 28, 2019 11:36 am
Forum: General
Topic: netwatch BUG [SOLVED]
Replies: 2
Views: 555

Re: netwatch BUG [SOLVED]

Actually, this is not a BUG. The device simply cannot ping the address in the first few seconds after boot. Also, if a specific solution does not meet your requirement, it's not a BUG just not applicable to your case. There is built in watchdog functionality which has several delays built in to over...
by nescafe2002
Thu May 23, 2019 7:26 am
Forum: Wireless Networking
Topic: HAP-ac2: Can't find Hide SSID Setting
Replies: 2
Views: 797

Re: HAP-ac2: Can't find Hide SSID Setting

Click Advanced Mode
by nescafe2002
Tue May 14, 2019 3:04 pm
Forum: Beginner Basics
Topic: Telnet Response after admin login
Replies: 2
Views: 471

Re: Telnet Response after admin login

If you want to automate configuration tasks, you'd better use the built in API functionality (or SSH at least).

https://wiki.mikrotik.com/wiki/Manual:API
by nescafe2002
Wed May 08, 2019 11:18 am
Forum: General
Topic: RB 3011UiAS-RM
Replies: 3
Views: 480

Re: RB 3011UiAS-RM

Have you completely shut down (disconnect power cable) the device at least once?
by nescafe2002
Thu May 02, 2019 10:20 am
Forum: General
Topic: Email feature implementation poor
Replies: 3
Views: 542

Re: Email feature implementation poor

You don't have to specify the predefined settings. Just fill To and Body and it works fine.

I wouldn't call the flexibility of customized server parameters per send action poor design, actually rather handy.
by nescafe2002
Sat Apr 27, 2019 4:03 pm
Forum: General
Topic: V6.45 on RB2011 /system health
Replies: 1
Views: 620

Re: V6.45 on RB2011 /system health

Please create a supout file and send it to support. https://forum.mikrotik.com/viewtopic.php?f=21&t=146087&start=100#p726296 If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected...
by nescafe2002
Thu Apr 25, 2019 1:23 pm
Forum: General
Topic: SSTP Server
Replies: 2
Views: 391

Re: SSTP Server

Since it's part of the ppp package, you can find the server configuration under ppp menu option in Winbox or Webfig.
by nescafe2002
Fri Apr 19, 2019 8:43 am
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 93264

Re: v6.45beta [testing] is released!

Please create a supout.rif as soon as you realize something is wrong and send it - with description of what you expected versus what happened instead - to support with supout.rif . This instruction is posted in every release note: If you experience version related issues, then please send supout fil...
by nescafe2002
Mon Apr 15, 2019 9:26 pm
Forum: General
Topic: Backup doesn't restore - Just goes back to previous settings
Replies: 8
Views: 1041

Re: Backup doesn't restore - Just goes back to previous settings

Generate supout.rif and then e-mail it to them. Include backup if you want. Support is offering to look at your case for free. Please supply anything you can to explain your case:

- what you are doing (apps, buttons, screen)
- what you are seeing
- what you expected to happen
- what happens instead
by nescafe2002
Fri Apr 12, 2019 12:23 pm
Forum: RouterBOARD hardware
Topic: Mikrotik RB4011iGS+5HacQ2HnD 10G SFP+ port flapping
Replies: 3
Views: 1375

Re: Mikrotik RB4011iGS+5HacQ2HnD 10G SFP+ port flapping

S+AO0005 is supported, please generate supout.rif while device is malfunctioning and send to support with problem description.
by nescafe2002
Sat Apr 06, 2019 11:04 am
Forum: Beginner Basics
Topic: Can someone help identify this router..
Replies: 8
Views: 1290

Re: Can someone help identify this router..

https://www.roc-noc.com/mikrotik/routerboard/rb750.html

RouterBOARD 750 with AR7240 CPU, 32MB RAM (?), 5 LAN ports, RouterOS L4, plastic case, power supply, in a retail box.
by nescafe2002
Sat Mar 30, 2019 10:41 am
Forum: General
Topic: IP Cloud
Replies: 41
Views: 18650

Re: IP Cloud

[admin@MikroTik] /ip cloud> print ddns-enabled: yes ddns-update-interval: none update-time: yes public-address: 82.x.x.x dns-name: 757bxxxxxxxx.sn.mynetname.net status: updated It displays public address, but will return local address in actual lookup. C:\>nslookup 757bxxxxxxxx.sn.mynetname.net Non...
by nescafe2002
Thu Mar 28, 2019 12:47 pm
Forum: General
Topic: Cloud IPs need to be blocked
Replies: 13
Views: 1911

Re: Cloud IPs need to be blocked

It's documented and known behavior. https://wiki.mikrotik.com/wiki/Manual:System/Time#Clock_and_Time_zone_configuration Note: Time-zone-autodetect by default is enabled on new RouterOS installation and after configuration reset. The time zone is detected depending on routers public IP address and ou...
by nescafe2002
Fri Mar 22, 2019 3:01 pm
Forum: Scripting
Topic: /export file=[/system identity get name];
Replies: 3
Views: 1231

Re: /export file=[/system identity get name];

Same what?

Please show exactly what command you are running, what you expected to see/happen and what happens instead.

Include terminal output or screen dump when applicable.


What happens when you run
:put [ /system identity get name ]
in console?
by nescafe2002
Fri Mar 22, 2019 3:00 pm
Forum: General
Topic: Get router serial number script
Replies: 2
Views: 2023

Re: Get router serial number script

:put [ /system routerboard get serial-number ]

Prints serial number when run in terminal.

https://wiki.mikrotik.com/wiki/Manual:S ... l_commands
Command: put
Syntax: :put <expression>
Description: put supplied argument to console
by nescafe2002
Thu Mar 21, 2019 7:52 pm
Forum: Announcements
Topic: v6.43.13 [long-term] is released!
Replies: 44
Views: 15283

Re: v6.43.13 [long-term] is released!

viewtopic.php?f=2&t=139091&p=685725#p685742

Make a new user, then re-login. There are big security changes in last versions, rename is no longer possible.
by nescafe2002
Tue Mar 19, 2019 7:09 am
Forum: General
Topic: Delete me, all sorted, thank you. Support@mikrotik.com please respond,
Replies: 3
Views: 605

Re: Support@mikrotik.com please respond

Did you get an auto-reply? If yes, just wait. If not, resend mail (perhaps using another mail service, e.g. Gmail works fine).
by nescafe2002
Mon Mar 18, 2019 9:40 pm
Forum: General
Topic: Block port tcp/udp
Replies: 12
Views: 2106

Re: Block port tcp/udp

Note that port 5060 could by opened on your providers modem/router. We are in an audit process and this port is reported as unsafe. For this reason I want to close. # feb/18/2019 15:07:29 by RouterOS 6.32.3 Better look for another auditor if they didn't mention anything about your ROS version. You s...
by nescafe2002
Mon Mar 18, 2019 3:38 pm
Forum: Wireless Networking
Topic: CAP ac
Replies: 8
Views: 1288

Re: CAP ac

If you reset the device to CAP mode, the admin mac is set automatically. You can verify this by checking the default configuration script: [admin@MikroTik] > /system default-configuration print caps-mode-script: #------------------------------------------------------------------------------- # Note:...
by nescafe2002
Mon Mar 18, 2019 1:27 pm
Forum: General
Topic: Access to IMAP
Replies: 2
Views: 377

Re: Access to IMAP

You need to apply hairpin nat OR add a local static dns entry pointing to your internal server.

https://wiki.mikrotik.com/wiki/Hairpin_NAT
by nescafe2002
Sun Mar 17, 2019 9:15 pm
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 329
Views: 110221

Re: Winbox vulnerability: please upgrade

:)

And Hannah25 is not even a real person, just a spam bot copying this post ( viewtopic.php?t=137572&start=200#p686945 ) and coming back later to edit in some spam links.
by nescafe2002
Fri Mar 15, 2019 10:20 pm
Forum: General
Topic: RB750Gr3 keeps ARP scanning constantly
Replies: 3
Views: 578

Re: RB750Gr3 keeps ARP scanning constantly

Have you enabled internet detect? Try disabling it. If not, post config ( /export hide-sensitive )
by nescafe2002
Fri Mar 15, 2019 11:44 am
Forum: RouterBOARD hardware
Topic: SFP Connection with DAC Optical
Replies: 2
Views: 696

Re: SFP Connection with DAC Optical

Use another DAC. https://mikrotik.com/product/s_ao0005 5m SFP+ 10Gbps Active Optics direct attach cable. This is highly cost-effective way to connect two SFP/SFP+ devices for very short distances, within racks and across adjacent racks. It works with all our products with SFP/SFP+ ports, including n...
by nescafe2002
Tue Mar 12, 2019 9:44 pm
Forum: General
Topic: CAP Wifi devices doesn't see each other
Replies: 1
Views: 416

Re: CAP Wifi devices doesn't see each other

https://wiki.mikrotik.com/wiki/Manual:CAPsMAN#Master_Configuration_Profiles datapath.client-to-client-forwarding (yes | no; Default: no ) controls if client-to-client forwarding between wireless clients connected to interface should be allowed, in local forwarding mode this function is performed by ...
by nescafe2002
Mon Mar 11, 2019 1:54 pm
Forum: Wireless Networking
Topic: 10Gb on RB2011 - bad idea?
Replies: 6
Views: 900

Re: 10Gb on RB2011 - bad idea?

Im not sure why this question gets posted here 1:1, after it was already answered on reddit:
It is a spamming account. Posts get edited and filled with spam links after a while.
by nescafe2002
Fri Mar 08, 2019 12:51 am
Forum: General
Topic: SSTP Server, does it REALLY work for anyone??
Replies: 7
Views: 1452

Re: SSTP Server, does it REALLY work for anyone??

There is very useful information on the wifi, have you tried that? https://wiki.mikrotik.com/wiki/Manual:Interface/SSTP#Application_Examples Please share your config ( /export hide-sensitive ) if you are stuck. Which clients are connecting? (Multiple sstp tunnels and road warrior setups running fine...
by nescafe2002
Wed Mar 06, 2019 7:31 pm
Forum: General
Topic: DHCP Offering Lease Without Success
Replies: 44
Views: 20203

Re: DHCP Offering Lease Without Success

Have you tried disabling STP on bridge? And did you report this issue to support?
by nescafe2002
Wed Mar 06, 2019 1:02 pm
Forum: Wireless Networking
Topic: Hap ac2 poe
Replies: 2
Views: 541

Re: Hap ac2 poe

http://poe-world.com/Calculator/

iexplore_2019-03-06_11-57-26.png
2019-03-06_11-58-44.png

PoE in input Voltage 18-28 V

Voltage is OK but you should consider buying a 1.2A adapter.
by nescafe2002
Sun Mar 03, 2019 6:07 pm
Forum: Scripting
Topic: copy DHCP leases to ARP script
Replies: 2
Views: 836

Re: copy DHCP leases to ARP script

Why don't you use the built in "add-arp" setting? https://forum.mikrotik.com/viewtopic.php?t=87889#p442251 If you enabled this option, and set the interface ARP setting to "reply-only", it will mean that only DHCP clients will be able to access your network, statically configured IP addresses will n...
by nescafe2002
Sun Mar 03, 2019 2:27 pm
Forum: RouterBOARD hardware
Topic: Does an RB4011iGS+RM support a S-RJ01?
Replies: 8
Views: 1283

Re: Does an RB4011iGS+RM support a S-RJ01?

The S-RJ01 is compatible with the RB4011, but will not operate at rate 1000, 100 or 10.

https://wiki.mikrotik.com/wiki/MikroTik ... ble#S-RJ01

So.. not supported I guess?

2019-03-03_13-47-36.png
by nescafe2002
Thu Feb 28, 2019 5:46 pm
Forum: General
Topic: Service Ports in red
Replies: 12
Views: 2393

Re: Service Ports in red

Undo that change, because enabling the firewall helper service won't activate the actual service.

Enable logging for topic tftp and disable/enable tftp rule. Check the log. Is the server starting?
by nescafe2002
Wed Feb 27, 2019 5:29 pm
Forum: Announcements
Topic: v6.44 [stable] is released!
Replies: 219
Views: 48479

Re: v6.44 [stable] is released!

The dhcp package is mandatory, as mentioned in change log, but you should be able to delete / disable any dhcp servers or clients.

What's new in 6.44 (2019-Feb-25 14:11):

Changes in this release:

*) upgrade - made security package depend on DHCP package
by nescafe2002
Wed Feb 27, 2019 5:23 pm
Forum: General
Topic: Service Ports in red
Replies: 12
Views: 2393

Re: Service Ports in red

You have to enable connection tracking if you want to enable firewall service ports.

Note that these are ip service helpers, usually for NAT, not the actual services.

So it doesn't make sense to enable these helpers if you aren't natting or filtering.
by nescafe2002
Wed Feb 27, 2019 4:55 pm
Forum: General
Topic: Anybody ues AT&T Gigabit Fiber with Mikrotik RouterOS?
Replies: 89
Views: 14616

Re: Anybody ues AT&T Gigabit Fiber with Mikrotik RouterOS?

You are considering buying a new device because it cannot saturate the connection using the built-in bandwith tester? Even though RB3011 can handle 1Gpbs NAT traffic easily? Keep in mind that the device has to actually generate the traffic and cannot use any of the hardware offload functions, theref...
by nescafe2002
Wed Feb 27, 2019 1:30 pm
Forum: Announcements
Topic: v6.44 [stable] is released!
Replies: 219
Views: 48479

Re: v6.44 [stable] is released!

ROS 6.44. When exporting
/ip neighbor discovery-settings
, inversion is not taken into account. Be careful!
ROS_6.44_neighbor.jpg

This is strictly spoken not a 6.44 issue, as the problem exists in 6.43 as well. You are welcome to report it, with supout.rif, to support.
by nescafe2002
Wed Feb 27, 2019 12:10 pm
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 613
Views: 179432

Re: RouterOS v7.0 beta1 - when?

In that case, please do not say V7 but instead say: Some version we might release in the (probably distant) future

Really?
by nescafe2002
Tue Feb 26, 2019 5:37 pm
Forum: General
Topic: NEW Public Bandwith Test Server
Replies: 54
Views: 36350

Re: NEW Public Bandwith Test Server

Reset to default configuration & got a fresh ip :) RB4011 @ 1Gbps [admin@MikroTik] > /tool bandwidth-test 87.121.0.45 user=neterra password=neterra direction=both ;;; results can be limited by cpu, note that traffic generation/termination performance might not be representative of forwarding perform...
by nescafe2002
Tue Feb 26, 2019 4:03 pm
Forum: Announcements
Topic: v6.44 [stable] is released!
Replies: 219
Views: 48479

Re: v6.44 [stable] is released!

I updated and my coffee machine started smoking.
by nescafe2002
Tue Feb 26, 2019 5:14 am
Forum: General
Topic: NEW Public Bandwith Test Server
Replies: 54
Views: 36350

Re: NEW Public Bandwith Test Server

Works fine here: RB3011 @ 500Mbps [admin@MikroTik] > /tool bandwidth-test 87.121.0.45 user=neterra password=neterra direction=both status: running duration: 57s tx-current: 543.9Mbps tx-10-second-average: 543.6Mbps tx-total-average: 456.1Mbps rx-current: 543.6Mbps rx-10-second-average: 543.5Mbps rx-...
by nescafe2002
Tue Feb 19, 2019 12:14 am
Forum: Beginner Basics
Topic: Large number of UDP broadcasts coming with Win10 client
Replies: 2
Views: 442

Re: Large number of UDP broadcasts coming with Win10 client

See: https://wiki.mikrotik.com/wiki/Manual:I ... _and_ports

UDP/20561 is used for MAC winbox connection.

It uses broadcasts to be able to connect to RB on L2 (no IP address required).

By connecting to IP address instead you will eliminate these broadcasts.
by nescafe2002
Mon Feb 18, 2019 11:09 am
Forum: Announcements
Topic: v6.44rc [testing] is released!
Replies: 67
Views: 18798

Re: v6.44rc [testing] is released!

Screenshots 1 shows ipsec policy template, screenshot 2 shows ipsec policy (not a template).
by nescafe2002
Mon Feb 18, 2019 10:46 am
Forum: RouterBOARD hardware
Topic: RB4011iGS+ and a Genexis GPON [SOLVED]
Replies: 3
Views: 941

Re: RB4011iGS+ and a Genexis GPON [SOLVED]

Try the new rc (switch to testing channel), it has better support for 1Gbit SFP:


https://mikrotik.com/download/changelog ... lease-tree

What's new in 6.44rc1 (2019-Feb-15 07:12):

*) rb4011 - improved SFP+ interface linking to 1Gbps;
by nescafe2002
Sat Feb 16, 2019 6:49 pm
Forum: General
Topic: RB4011 - SFP Link Flapping once per second
Replies: 3
Views: 1040

Re: RB4011 - SFP Link Flapping once per second

Switch to testing channel. 6.44beta/rc handles SFP much better on RB4011.

viewtopic.php?f=21&t=139057&p=709663#p709663
What's new in 6.44beta61 (2019-Jan-17 13:24):

Changes in this release:

*) rb4011 - improved SFP+ interface linking to 1Gbps;
by nescafe2002
Sat Feb 16, 2019 3:00 pm
Forum: General
Topic: mikrotik wrong username or password
Replies: 5
Views: 1526

Re: mikrotik wrong username or password

You are correct :)
by nescafe2002
Sat Feb 16, 2019 1:56 pm
Forum: General
Topic: mikrotik wrong username or password
Replies: 5
Views: 1526

Re: mikrotik wrong username or password

WinBox v3.18 doesn't connect to RB with empty password out-of-the box.

Just login via WebFig / SSH / telnet and set a password (may even be empty).



WinBox login w/o password seems to works fine..
by nescafe2002
Sat Feb 16, 2019 10:35 am
Forum: General
Topic: DIY Hosting/Nameserver DNS forwarding
Replies: 7
Views: 777

Re: DIY Hosting/Nameserver DNS forwarding

Newer default configuration make use of interface lists, the provided example will work fine on recent configs.

If you don't have interface lists, we can only guess. Post config ( /export hide-sensitive ) or adept example to your liking.
by nescafe2002
Sat Feb 16, 2019 10:32 am
Forum: Beginner Basics
Topic: Finding a firewalled connection [SOLVED]
Replies: 4
Views: 907

Re: Finding a firewalled connection [SOLVED]

Do a Torch on the interface and you will see which host/protocol/port causes the most traffic.

You can enable logging on the specific rule, to memory will be fine for a limited time period.
by nescafe2002
Fri Feb 15, 2019 10:44 pm
Forum: Announcements
Topic: v6.44rc [testing] is released!
Replies: 67
Views: 18798

Re: v6.44rc [testing] is released!

Reporting on forum again won't help much.

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.
by nescafe2002
Fri Feb 15, 2019 3:04 pm
Forum: Beginner Basics
Topic: Drop all and accept some ports
Replies: 8
Views: 1525

Re: Drop all and accept some ports

You need to accept established connections in forward chain, then you can remove all reverse logic rules again. Now, everyone can reach your private network as long as they're using source port 80,443/tcp or 53/udp. Take a look at the default firewall, which is a good entry point anyway. Make sure i...
by nescafe2002
Fri Feb 15, 2019 11:12 am
Forum: General
Topic: Outgoing SSH traffic is blocked
Replies: 3
Views: 764

Re: Outgoing SSH traffic is blocked

Please update your router first, following the steps in this document: https://blog.mikrotik.com/security/winbox-vulnerability.html Update, change pwd, check config. For your ssh problem, you may be blocking ssh connections in firewall. After update, export config ( /export hide-sensitive ) and past...
by nescafe2002
Thu Feb 14, 2019 6:09 pm
Forum: General
Topic: NEW Public Bandwith Test Server
Replies: 54
Views: 36350

Re: NEW Public Bandwith Test Server

Have you enabled fasttrack? I will probably bypass raw firewall, however doesn't explain why tcp is working. Please do no post screenshots, just export config ( /export hide-sensitive ) and paste in code blocks. Also.. TomjNorthIdaho mentioned more than a terabyte of traffic per month hosting public...
by nescafe2002
Thu Feb 14, 2019 1:21 pm
Forum: General
Topic: NEW Public Bandwith Test Server
Replies: 54
Views: 36350

Re: NEW Public Bandwith Test Server

Nice work! You can check out the configuration of TomjNorthIdaho posted here: https://forum.mikrotik.com/viewtopic.php?f=2&t=104266&p=690150#p690150 /ip firewall raw add action=accept chain=prerouting comment="testers accepted" src-address-list=tester add action=drop chain=prerouting comment="previo...
by nescafe2002
Wed Feb 13, 2019 10:55 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 105423

Re: v6.44beta [testing] is released!

You can setup an ipsec transport policy with protocol=47 and ensure gre traffic is secured using the firewall ipsec policy matcher:

https://wiki.mikrotik.com/wiki/Manual:I ... ed_traffic

Dynamic peer will disappear as soon as you unset ipsec secret in gre tunnel.
by nescafe2002
Mon Feb 11, 2019 7:34 pm
Forum: Announcements
Topic: v6.43.12 [stable] is released!
Replies: 49
Views: 18503

Re: v6.43.12 [stable] is released!

Still 100% CPU-load on one of the cores in my RB3011. The router is working, but still this indicate something is wrong. Anyone else with the same problem? Any suggestions on how to fix?

Yes, send supout.rif to support@mikrotik.com.
by nescafe2002
Wed Feb 06, 2019 11:24 am
Forum: Scripting
Topic: API getall routing-mark main [SOLVED]
Replies: 2
Views: 743

Re: API getall routing-mark main [SOLVED]

Routing mark is not main, but empty (missing) for default route. https://wiki.mikrotik.com/wiki/Manual:API#Queries ?name pushes 'true' if item has value of property name, 'false' if it does not. ?-name pushes 'true' if item does not have value of property name, 'false' otherwise. You might try somet...
by nescafe2002
Tue Feb 05, 2019 5:11 pm
Forum: Scripting
Topic: API to Set DHCP Server Address List
Replies: 1
Views: 545

Re: API to Set DHCP Server Address List

The reason you're getting "no such command" is because "ip/dhcp-server/lease/set" is not a valid command. You're missing the leading "/" => "/ip/dhcp-server/lease/set" is valid :) Also, you cannot use [ find ] syntax in API. Print with filter to get id, then update by id. mk.Send("/ip/dhcp-server/le...
by nescafe2002
Tue Feb 05, 2019 1:07 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 105423

Re: v6.44beta [testing] is released!

Since I've spent some time restoring VPN functionality.. here are my 6.44beta61 IKEv2 settings for iOS, macOS and Windows clients. Windows only seems to work with identity my-id=auto and remote-id=auto. Afaik you cannot add a secondary peer for Windows default ipsec settings, so you should alter the...
by nescafe2002
Tue Jan 29, 2019 11:25 am
Forum: General
Topic: VPN peer does not come up
Replies: 6
Views: 965

Re: VPN peer does not come up

Replace screenshots with configuration export (/export hide-sensitive).

Enable ipsec logging (/system logging add topics=ipsec,!packet) and check/post the results (/log print or log window).
by nescafe2002
Tue Jan 29, 2019 10:34 am
Forum: General
Topic: IP Socks causes 100%cpu
Replies: 2
Views: 679

Re: IP Socks causes 100%cpu

when you try to access IP Socks router stuck at 100% cpu, How do you "access IP Socks"? Are you trying to use the IP socks service as a client? Are you opening the IP > Socks > Access window in WinBox? Are you printing the entries in Terminal? The most simple command to remove all entries is, in CL...
by nescafe2002
Mon Jan 28, 2019 10:46 pm
Forum: Forwarding Protocols
Topic: Site to Site IPsec tunnel. Can't ping hosts
Replies: 3
Views: 3964

Re: Site to Site IPsec tunnel. Can't ping hosts

Default firewall accepts untracked connections. Are you using default firewall? Are you pinging from/to routers or hosts? If routers, add route to remote subnet via local interface to ensure router picks correct source address.
by nescafe2002
Fri Jan 25, 2019 7:05 pm
Forum: RouterBOARD hardware
Topic: BTest Server & CPU Load [SOLVED]
Replies: 3
Views: 917

Re: BTest Server & CPU Load [SOLVED]

Kudos for the developers :)
by nescafe2002
Fri Jan 25, 2019 6:51 pm
Forum: RouterBOARD hardware
Topic: BTest Server & CPU Load [SOLVED]
Replies: 3
Views: 917

Re: BTest Server & CPU Load [SOLVED]

You can switch to testing channel to utilize multithreaded btest.

https://mikrotik.com/download/changelog ... lease-tree

What's new in 6.44beta39 (2018-Nov-27 12:14):

*) btest - added multithreading support for both UDP and TCP tests;
by nescafe2002
Fri Jan 25, 2019 12:17 pm
Forum: General
Topic: IP CLOUD is down
Replies: 62
Views: 13664

Re: IP CLOUD is down

For what it's worth, I experienced same outage, yesterday at 16:05 GMT. I thought it was a problem with my provider, since resolving via 8.8.8.8 worked. Problem was solved at 16:15 GMT. Issue re-appeared shortly thereafter. C:\Users\Admin>nslookup 968a09baxxxx.sn.mynetname.net 82.197.196.182 Server:...
by nescafe2002
Fri Jan 25, 2019 11:52 am
Forum: Beginner Basics
Topic: Need help!!!
Replies: 1
Views: 344

Re: Need help!!!

The Quick Guide contains the steps to follow to reset the device. If this is not working, please describe what model and what steps you are executing. If you have disabled a single ethernet interface on a multiple interface device, you may connect your computer to another ethernet port and discover ...
by nescafe2002
Thu Jan 24, 2019 12:05 pm
Forum: RouterBOARD hardware
Topic: Two wap lte kit not working
Replies: 2
Views: 560

Re: Two wap lte kit not working

Could you try applying pressure on the heat sink? This has been the issue with me and another user.

viewtopic.php?f=7&t=138928
by nescafe2002
Wed Jan 23, 2019 11:19 am
Forum: General
Topic: firewall rules for WAN interface - DHCP firewall rules without effect
Replies: 8
Views: 1919

Re: firewall rules for WAN interface - DHCP firewall rules without effect

There's another discussion on the topic: viewtopic.php?t=36035

I don't understand why, but the behavior is reported, confirmed by MT and there is an acceptable workaround (use bridge filer).

Perhaps some documentation on this specific limitation would be nice.
by nescafe2002
Tue Jan 22, 2019 10:19 pm
Forum: General
Topic: firewall rules for WAN interface - DHCP firewall rules without effect
Replies: 8
Views: 1919

Re: firewall rules for WAN interface - DHCP firewall rules without effect

DHCP is over UDP, and CAN be firewalled and NEEDS to be allowed or it won't work... See https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol for protocol details Again, dhcp client cannot be firewalled using ip firewall. 2019-01-22_21-14-15.gif Only bridge firewall. 2019-01-22_21-18-51...
by nescafe2002
Tue Jan 22, 2019 4:09 pm
Forum: Beginner Basics
Topic: Bridges across 4011
Replies: 14
Views: 1177

Re: Bridges across 4011

IP firewall does not affect dhcp client.

See also: viewtopic.php?t=140569
by nescafe2002
Mon Jan 21, 2019 5:08 pm
Forum: Wireless Networking
Topic: CAPsMAN - How to force layer 2?
Replies: 11
Views: 5537

Re: CAPsMAN - How to force layer 2?

Have you tried the last beta?

https://mikrotik.com/download/changelog ... lease-tree
What's new in 6.44beta50 (2018-Dec-17 13:01):

*) capsman - always accept connections from loopback address;
by nescafe2002
Mon Jan 21, 2019 11:17 am
Forum: General
Topic: restore to different hardware
Replies: 5
Views: 777

Re: restore to different hardware

Explain the exact steps you are doing. I have done this procedure several times with success. Just make sure the configuration you are moving is fitting the new hardware model (by making adjustments), the required packages are installed and the version matches.
by nescafe2002
Mon Jan 21, 2019 10:56 am
Forum: General
Topic: restore to different hardware
Replies: 5
Views: 777

Re: restore to different hardware

It does work, but fails at line 24, probably due to a different set of interfaces or features between devices.

You better open the rsc file in a text editor, select the lines by hand and paste them in the terminal.
by nescafe2002
Sun Jan 20, 2019 1:52 pm
Forum: General
Topic: Mikrotik's demo system demo.mt.lv firewall Virus rules, worth using???
Replies: 7
Views: 1465

Re: Mikrotik's demo system demo.mt.lv firewall Virus rules, worth using???

Here they are, using: $ ssh admin@demo.mt.lv "/export" > demo.mt.lv.rsc
by nescafe2002
Sun Jan 20, 2019 12:40 pm
Forum: Beginner Basics
Topic: LHG R 4G kit "cell-monitor" command missing
Replies: 2
Views: 1639

Re: LHG R 4G kit "cell-monitor" command missing

This command is available since 6.44beta14. Switch to testing channel and upgrade if you want to use it now, or wait until 6.44 is considered stable. https://mikrotik.com/download/changelogs/testing-release-tree What's new in 6.44beta14 (2018-Oct-01 12:01): Changes in this release: *) lte - added "c...
by nescafe2002
Sat Jan 19, 2019 5:19 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 105423

Re: v6.44beta [testing] is released!

What's new in 6.44beta61 (2019-Jan-17 13:24): *) rb4011 - improved SFP+ interface linking to 1Gbps; I can confirm FS 1000BASE-BX BiDi SFP 1310nm-TX/1490nm-RX 20km DOM Transceiver Module ( https://www.fs.com/products/20184.html ) is working fine together with a 1Gbit FTTH provider, as long as the sp...
by nescafe2002
Wed Jan 16, 2019 11:10 pm
Forum: General
Topic: CCR Mikrotik Bandwidth Test - Urgent...-Important
Replies: 8
Views: 1240

Re: CCR Mikrotik Bandwidth Test - Urgent...-Important

Testing channel has multithreaded btest.
by nescafe2002
Wed Jan 16, 2019 4:23 pm
Forum: General
Topic: How to use Mikrotik router as a “switch”?
Replies: 8
Views: 5117

Re: How to use Mikrotik router as a “switch”?

Note that this is done automatically if you reset the device to CAPs mode - even if you don't have wireless interfaces or a CAPsMAN controller.

Keep holding the reset button for 5 more seconds, LED turns solid, release now to turn on CAPs mode (total 10 seconds).
by nescafe2002
Wed Jan 16, 2019 6:41 am
Forum: RouterBOARD hardware
Topic: looking for dual wan router [SOLVED]
Replies: 9
Views: 1602

Re: looking for dual wan router [SOLVED]

It has a level 6 license, so basically unlimited.

https://wiki.mikrotik.com/wiki/Manual:L ... nse_Levels

For featured packages, check the "Extra packages" link under TILE architecture in the MikroTik download page. Dude server is supported as well.
by nescafe2002
Tue Jan 15, 2019 5:57 pm
Forum: Wireless Networking
Topic: ARM devices and NV2 protocol
Replies: 622
Views: 86231

Re: ARM devices and NV2 protocol

At the end on Monday Im going to remove all my arm hardware it's too dificult for me and Too expensive but it's the solution. Bye Mikrotik see you in the hell... You made that promise earlier, why are you still here? https://forum.mikrotik.com/viewtopic.php?f=7&t=136002&p=693764#p693764 Five years ...
by nescafe2002
Tue Jan 15, 2019 12:56 pm
Forum: Scripting
Topic: Using API to sign certificate using template
Replies: 2
Views: 549

Re: Using API to sign certificate using template

API expects an attribute name and value. https://wiki.mikrotik.com/wiki/Manual:API#Attribute_word Attribute word structure consists of 5 parts in this order: encoded length content prefix equals sigh - = attribute name separating equals sign - = value of attribute if there is one. It is possible tha...
by nescafe2002
Fri Jan 11, 2019 12:07 pm
Forum: General
Topic: Mikrotik's demo system demo.mt.lv firewall Virus rules, worth using???
Replies: 7
Views: 1465

Re: Mikrotik's demo system demo.mt.lv firewall Virus rules, worth using???

You can ssh to demo.mt.lv and run export to fetch the running configuration.
by nescafe2002
Wed Jan 09, 2019 2:13 pm
Forum: Beginner Basics
Topic: Invalid Command interface/LTE
Replies: 3
Views: 674

Re: Invalid Command interface/LTE

Switch to testing channel.

https://mikrotik.com/download/changelog ... lease-tree
What's new in 6.44beta14 (2018-Oct-01 12:01):

Changes in this release:

*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
by nescafe2002
Tue Jan 08, 2019 1:28 pm
Forum: General
Topic: UniFi põe
Replies: 1
Views: 576

Re: UniFi põe

You're in the /interface ethernet poe context which means that only poe-capable interfaces are available. So there's exactly one item with number=0 available. Nevertheless you should fill the item number buffer by performing 'print' first, as these numbers are dynamically assigned, use [ find where ...
by nescafe2002
Mon Jan 07, 2019 11:10 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 105423

Re: v6.44beta [testing] is released!

To anyone experiencing connectivity issues on bridge interface after upgrade to 6.44beta50 like me: The RB is now sending out MNDP (udp/5678) packets with ip address of bridge and mac address of slave (physical port). (In 6.44beta40 and before the packets were sent with the bridges mac address as so...
by nescafe2002
Mon Jan 07, 2019 5:02 pm
Forum: General
Topic: add it to wishlist - Multicore support for bandwidth test in ROS
Replies: 2
Views: 597

Re: add it to wishlist - Multicore support for bandwidth test in ROS

It's coming..

https://www.mikrotik.com/download/changelogs/testing

6.44beta39 changelog:

Changes in this release:

*) btest - added multithreading support for both UDP and TCP tests;
by nescafe2002
Mon Jan 07, 2019 12:44 pm
Forum: Scripting
Topic: removing data from API [SOLVED]
Replies: 6
Views: 971

Re: removing data from API [SOLVED]

No problem. Note that API is behaving exactly like CLI in these cases: To unset a comment, use: /interface ethernet set 0 comment="" The command contains a parameter (comment) with a value ("") To unset a bridge in ppp, use: /ppp profile set 0 !bridge The commands contains a parameter (!bridge) with...
by nescafe2002
Mon Jan 07, 2019 12:56 am
Forum: General
Topic: What are these unknown PCI resource on RB4011?
Replies: 4
Views: 639

Re: What are these unknown PCI resource on RB4011?

Print detail and google the vendor/device id to get more info. Looks like MT hasn't updated the PCI database yet: [admin@MikroTik] /system resource pci> print detail 0 device="00:05.0" name="unknown (rev: 1)" vendor="unknown" category="Generic system peripheral" vendor-id="0x1c36" device-id="0x0021"...
by nescafe2002
Mon Jan 07, 2019 12:33 am
Forum: Scripting
Topic: removing data from API [SOLVED]
Replies: 6
Views: 971

Re: removing data from API [SOLVED]

Granted, this one isn't documented. But when in doubt, try to recreate console command first and convert that command with parameters to API words. This example was used to remove bridge1 from ppp profile: 0000004A 2f 70 70 70 2f 70 72 6f 66 69 6c 65 2f 73 65 74 /ppp/pro file/set 0000005A 07 3d 2e 6...
by nescafe2002
Sat Jan 05, 2019 6:09 pm
Forum: Scripting
Topic: removing data from API [SOLVED]
Replies: 6
Views: 971

Re: removing data from API [SOLVED]

=comment=<nothing> is the way to go, as documented: https://wiki.mikrotik.com/wiki/Manual:API#Attribute_word Atribute word structure consists of 5 parts in this order: encoded length content prefix equals sigh - = attribute name separating equals sign - = value of attribute if there is one. It is po...
by nescafe2002
Thu Jan 03, 2019 6:00 pm
Forum: Beginner Basics
Topic: RB4011iGS+5HacQ2HnD-IN-US first time troubles
Replies: 14
Views: 2271

Re: RB4011iGS+5HacQ2HnD-IN-US first time troubles

Just keep pressing button until some led starts blinking, then release.

You could also try connecting via mac address, check the neighbor tab in WinBox when connected to any lan port (ether2..ether10), click the mac address and connect.
by nescafe2002
Sun Dec 30, 2018 12:10 pm
Forum: Beginner Basics
Topic: RB2011 slow internet even with fasttrack
Replies: 102
Views: 22082

Re: RB2011 slow internet even with fasttrack

RB3011 w/fasttrack should reach 850Mbps easily, more or less depending on configuration.

RB3011 at 6.43.8 reaches 335 Mbps without fasttrack and 550Mbps with fasttrack (500Mbps capped connection) in a single TCP connection based browser test.

Are you perhaps using an IPv6 test server?
by nescafe2002
Thu Dec 27, 2018 10:16 pm
Forum: General
Topic: RB3011 dropping packets unless packet sniffer running [SOLVED]
Replies: 3
Views: 689

Re: RB3011 dropping packets unless packet sniffer running [SOLVED]

This may be related (detect internet feature): viewtopic.php?f=13&t=142554

If not, please post your config for further analysis.
by nescafe2002
Thu Dec 27, 2018 11:46 am
Forum: General
Topic: After updating RouterOS to version 6.43.7, part of computers in the LAN can't ping each other.Is there the problem with
Replies: 3
Views: 697

Re: After updating RouterOS to version 6.43.7, part of computers in the LAN can't ping each other.Is there the problem w

Well, Windows can set the network to untrusted if it sees another router mac address.

Setting an administrative mac address on the bridge will prevent this from happening.
by nescafe2002
Thu Dec 20, 2018 8:39 pm
Forum: General
Topic: Impossible to downgrade from ROS 6.42.7
Replies: 7
Views: 1577

Re: Impossible to downgrade from ROS 6.42.7

So there's nothing in the log?
by nescafe2002
Thu Dec 20, 2018 6:27 pm
Forum: General
Topic: Impossible to downgrade from ROS 6.42.7
Replies: 7
Views: 1577

Re: Impossible to downgrade from ROS 6.42.7

Anything in the log after reboot? What's the factory software as listed in System > Resources?
by nescafe2002
Mon Dec 17, 2018 1:35 pm
Forum: General
Topic: IP Cloud question
Replies: 26
Views: 2259

Re: IP Cloud question

mynetname.net has no A or AAAA records defined, as your nslookup reveals.

Try [your_serial].sn.mynetname.net instead:
C:\>nslookup 000a09000195.sn.mynetname.net ns1.kissthenet.net
Server:  UnKnown
Address:  2a02:610:7501:1000::201

Name:    000a09000195.sn.mynetname.net
Address:  82.x.y.z
by nescafe2002
Sat Dec 15, 2018 6:48 pm
Forum: Beginner Basics
Topic: RB2011 slow internet even with fasttrack
Replies: 102
Views: 22082

Re: RB2011 slow internet even with fasttrack

RB2011 as a basic router can handle 890 Mbps of IPv4 TCP fasttracked traffic. Other configuration aspects can make it slower. Post config to be sure.
by nescafe2002
Sat Dec 15, 2018 1:39 pm
Forum: General
Topic: Slow internet speed in Hotspot
Replies: 15
Views: 2298

Re: Slow internet speed in Hotspot

Why do you need hotspot for your own laptop?
by nescafe2002
Thu Dec 13, 2018 12:32 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 88790

Re: RB4011

Are you sure the sfp is configured full duplex on the other side? Then it seems a supported configuration. Have you contacted support?
by nescafe2002
Mon Dec 10, 2018 11:32 pm
Forum: General
Topic: SFP for RB4011
Replies: 1
Views: 824

Re: SFP for RB4011

Have you disabled auto negotiation on both ends of the link?

https://wiki.mikrotik.com/wiki/MikroTik ... ansceivers
by nescafe2002
Mon Dec 10, 2018 12:01 pm
Forum: Scripting
Topic: How can i move a firewall filtre rule row id to another row id with c# api
Replies: 1
Views: 410

Re: How can i move a firewall filtre rule row id to another row id with c# api

You can only 'find' in print command using query words. https://wiki.mikrotik.com/wiki/Manual:API#Queries Alternative is to fetch (print) with criteria and move using acquired ID. Working (tested) example: mikrotik.Send("/ip/firewall/filter/print"); mikrotik.Send("=.proplist=.id"); mikrotik.Send("?c...
by nescafe2002
Sun Dec 09, 2018 3:00 pm
Forum: Beginner Basics
Topic: Issue with device connection [SOLVED]
Replies: 4
Views: 1074

Re: Issue with device connection [SOLVED]

/interface detect-internet set detect-interface-list=all This is the culprit. It will enable internet detection for slave interfaces and issue ARP requests with wrong source MAC address. Disable internet detect and it will work again. Response from support regarding this issue: The Detect-Internet ...
by nescafe2002
Sat Dec 08, 2018 11:39 pm
Forum: Beginner Basics
Topic: Bridge ether2 Port Removal [SOLVED]
Replies: 8
Views: 2233

Re: Bridge ether2 Port Removal [SOLVED]

You both should read vecernik87s post better. No need for serial cable. Unless MAC Winbox has been disabled and as long there is a link, you can always connect to the RB using WinBox and its Neighbors tab (click MAC address).
by nescafe2002
Sat Dec 08, 2018 4:32 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 88790

Re: RB4011

Yes, but both RB2011 and RB260GSP have SFP ports, not SFP+
by nescafe2002
Sat Dec 08, 2018 2:16 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 88790

Re: RB4011

You'll have to disable autonegotiation on both ends of the link for SFP to work correctly. https://wiki.mikrotik.com/wiki/MikroTik_SFP_module_compatibility_table#SFP.2B_interface_compatibility_settings_with_SFP_optical_transceivers If you cannot control the setting on the remote end, the scenario is...
by nescafe2002
Sat Dec 08, 2018 12:31 am
Forum: General
Topic: v6.43.4 + v6.43.7 corrupts the use of Address Lists
Replies: 5
Views: 966

Re: v6.43.4 + v6.43.7 corrupts the use of Address Lists

Same issue: viewtopic.php?t=142217

Create supout and send to support to get it fixed in upcoming releases.
by nescafe2002
Thu Dec 06, 2018 8:58 pm
Forum: Beginner Basics
Topic: Ethernet port numbers when changing hardware
Replies: 1
Views: 426

Re: Ethernet port numbers when changing hardware

https://wiki.mikrotik.com/wiki/Manual:Configuration_Management#Description The configuration backup can be used for backing up MikroTik RouterOS configuration to a binary file, which can be stored on the router or downloaded from it using FTP for future use. The configuration restore can be used for...
by nescafe2002
Thu Dec 06, 2018 3:32 pm
Forum: RouterBOARD hardware
Topic: RB3011 cannot reach 500mb/s troughput
Replies: 17
Views: 2777

Re: RB3011 cannot reach 500mb/s troughput

Can you show the profiler running while the device is processing traffic?

I am getting a lot of firewall usage, but that is because SFP is not used and I am testing non-tcp packets.
by nescafe2002
Thu Dec 06, 2018 10:57 am
Forum: RouterBOARD hardware
Topic: RB3011 cannot reach 500mb/s troughput
Replies: 17
Views: 2777

Re: RB3011 cannot reach 500mb/s troughput

The problem could be related to your configuration. Post here ( /export hide-sensitive ) to confirm.
by nescafe2002
Thu Dec 06, 2018 10:50 am
Forum: General
Topic: RB2011 HW Offloading can't be enabling
Replies: 1
Views: 560

Re: RB2011 HW Offloading can't be enabling

Have you enabled IGMP Snooping in bridge settings?

Look here for other reasons why HW offload is deactivated.

https://wiki.mikrotik.com/wiki/Manual:S ... Offloading

RB2011 has AR8327 chip. So MSTP, IGMP snooping, VLAN filtering and bonding will deactivate hw offload.
by nescafe2002
Wed Dec 05, 2018 6:40 pm
Forum: RouterBOARD hardware
Topic: RB3011 cannot reach 500mb/s troughput
Replies: 17
Views: 2777

Re: RB3011 cannot reach 500mb/s troughput

Ran some tests on my RB3011. Bonding ether2 & ether3, run packet generator on other device, one (dstnat) rule: explorer_2018-12-05_17-33-02.png Max traffic ~970Mbps, cpu1 maxed out. Same scenario but with ether2 & ether7 bonded: explorer_2018-12-05_17-45-15.png Most Tx/Rx rates are incorrect, but RB...
by nescafe2002
Tue Dec 04, 2018 3:33 pm
Forum: General
Topic: Simple Queue Parenting Graphical Representation [SOLVED]
Replies: 4
Views: 825

Re: Simple Queue Parenting Graphical Representation [SOLVED]

Click on the Name column header. The list has to be sorted on any other than the # (number) column.
by nescafe2002
Tue Dec 04, 2018 2:17 pm
Forum: General
Topic: Schedule to enable and disable interface in mikrotik
Replies: 8
Views: 6309

Re: Schedule to enable and disable interface in mikrotik

or by name:

/interface disable lan4
by nescafe2002
Mon Dec 03, 2018 11:12 pm
Forum: Scripting
Topic: C# API - tik4net on GitHub
Replies: 162
Views: 44423

Re: C# API - tik4net on GitHub

Yes, just take a copy of https://github.com/danikf/tik4net/blob/master/tik4net.objects/Interface/Interface.cs and include the properties: [TikProperty("last-link-down-time")] public string LastLinkDownTime { get; set; } [TikProperty("last-link-up-time")] public string LastLinkUpTime { get; set; }
by nescafe2002
Mon Dec 03, 2018 12:52 pm
Forum: General
Topic: IP > Cloud stuck on 'updating'
Replies: 18
Views: 5625

Re: IP > Cloud stuck on 'updating'

As the new IP Cloud implementation enters the bugfix-only stage, the old IP cloud will be disabled. Are you disabling the old cloud services as soon as the new IP cloud service hits the long-term branch? What about users who will wait for the next long-term version? Or have to wait for a maintenanc...
by nescafe2002
Sun Dec 02, 2018 2:24 pm
Forum: General
Topic: Help script on vb6 api
Replies: 1
Views: 449

Re: Help script on vb6 api

API does not support query in set operation.

Normally you'd have to split your commands (print with query word to get id, then remove by id).

You can however use the primary name of an object as identifier:

/ip/hotspot/user/remove=.id=user1
by nescafe2002
Sat Dec 01, 2018 1:46 pm
Forum: General
Topic: Problem after ROS 6.40.9 Update
Replies: 7
Views: 880

Re: Problem after ROS 6.40.9 Update

Based on: https://forum.mikrotik.com/download/file.php?id=34558 There are 5 connections from DNS servers to 192.168.190.10 via sstp-Amir. These could be DNS replies to requests received from sstp-Amir. Torch with Protocol and Port enabled to be sure. As the router processes packages from and to inte...
by nescafe2002
Fri Nov 30, 2018 6:15 pm
Forum: General
Topic: Address Lists in Firewal rules
Replies: 16
Views: 1703

Re: Address Lists in Firewal rules

Does the first packet counter (34) increment if you ping 192.168.100.124? And the second packet counter (12)?
by nescafe2002
Fri Nov 30, 2018 12:56 pm
Forum: General
Topic: v6.42.10 [long-term] --- issue
Replies: 2
Views: 559

Re: v6.42.10 [long-term] --- issue

Your problem description: The issue is that when I refresh the ROS to 6.42.10 or 6.43 there will be an association with all DNS IP addresses from each interface with no ruin like sstp or l2dp or Ethernet , despite the fact that I have a standard in course that says the passage for dns is the thing t...
by nescafe2002
Fri Nov 30, 2018 11:28 am
Forum: General
Topic: IP > Cloud stuck on 'updating'
Replies: 18
Views: 5625

Re: IP > Cloud stuck on 'updating'

The new cloud (in 6.43 and above) works fine, but be warned : this is the worst moment to update as you cannot disable the ddns cloud service properly before upgrade. https://mikrotik.com/download/changelogs/stable-release-tree What's new in 6.43 (2018-Sep-06 12:44): MAJOR CHANGES IN v6.43: --------...
by nescafe2002
Fri Nov 30, 2018 10:43 am
Forum: General
Topic: IPSEC between 3 Sides
Replies: 2
Views: 522

Re: IPSEC between 3 Sides

First add the following routes to routers A1 and A2: On router A1: /ip route add dst-address=10.3.0.0/16 gateway=[LAN address of router A2] On router A2: /ip route add dst-address=10.1.0.0/16 gateway=[LAN address of router A1] After this, you should be able to ping site B from router A2 and site C f...
by nescafe2002
Thu Nov 29, 2018 4:21 pm
Forum: RouterBOARD hardware
Topic: Routerboard Spec Recommendation
Replies: 6
Views: 1296

Re: Routerboard Spec Recommendation

You may even better block the sites based on dns, e.g. to block all dns lookups ending on windowsupdate.microsoft.com (including windowsupdate.microsoft.com): /ip dns static add address=127.0.0.1 regexp="windowsupdate\\.microsoft\\.com\$" (I have requested to allow address=0.0.0.0 in static dns to b...
by nescafe2002
Thu Nov 29, 2018 2:09 pm
Forum: General
Topic: Problem after ROS 6.40.9 Update
Replies: 7
Views: 880

Re: Problem after ROS 6.40.9 Update

So there are two problems: Unknown/unwanted dynamic DNS servers appear in IP > DNS configuration PPP clients get assigned these unknown/unwanted dynamic servers If you can solve problem 1, problem 2 will be solved as well: Check all ppp and dhcp clients for use-peer-dns setting. Note that in ovpn-cl...
by nescafe2002
Thu Nov 29, 2018 12:13 pm
Forum: Beginner Basics
Topic: Installation of igmp proxy won't work
Replies: 4
Views: 885

Re: Installation of igmp proxy won't work

hEX S is MMIPS architecture, so you should download this file: https://download.mikrotik.com/routeros/ ... 6.43.4.zip
by nescafe2002
Thu Nov 29, 2018 10:49 am
Forum: RouterBOARD hardware
Topic: Routerboard Spec Recommendation
Replies: 6
Views: 1296

Re: Routerboard Spec Recommendation

I have added your content filters to my RB4011 and this is the result: explorer_2018-11-29_09-39-17.png explorer_2018-11-29_09-38-46.png In comparison, same speedtest with disabled mangle rules (without fasttrack): explorer_2018-11-29_09-41-28.png explorer_2018-11-29_09-47-12.png You should really l...
by nescafe2002
Wed Nov 28, 2018 9:44 pm
Forum: Beginner Basics
Topic: Installation of igmp proxy won't work
Replies: 4
Views: 885

Re: Installation of igmp proxy won't work

  • Make sure the architecture matches (which model?)
  • Make sure the version matches
  • Check the log after reboot for information regarding package installation
by nescafe2002
Wed Nov 28, 2018 5:26 pm
Forum: RouterBOARD hardware
Topic: Routerboard Spec Recommendation
Replies: 6
Views: 1296

Re: Routerboard Spec Recommendation

It depends on the actual mangle rule set. Post your rules. Perhaps some optimization can be applied and not all packets have to be inspected. Personally I'd get rid of the content filters and apply queueing to distribute bandwith, but it depends on whether your provider has a montly maximum upload/d...
by nescafe2002
Wed Nov 28, 2018 1:55 pm
Forum: General
Topic: Problem after ROS 6.40.9 Update
Replies: 7
Views: 880

Re: Problem after ROS 6.40.9 Update

The problem is that when I update the ROS to 6.42.10 or 6.43 there will be a TX traffic to all DNS IP addresses from every interface with no mangle like sstp or l2dp or Ethernet , although I have a rule in route that says the gateway for dns is what interface. Still not clear what the actual proble...
by nescafe2002
Wed Nov 28, 2018 11:01 am
Forum: Announcements
Topic: v6.42.10 [long-term] is released!
Replies: 25
Views: 15771

Re: v6.42.10 [long-term] is released!

@MirhosseiniAmir could you please create a new topic for your question?

This problem is not related to this specific release (6.42.10).

Please do not post screenshots but state your issue as clear as possible, with examples, and with a configuration export ( Terminal > /export hide-sensitive ).
by nescafe2002
Tue Nov 27, 2018 5:54 pm
Forum: General
Topic: Backups disappear from router
Replies: 3
Views: 589

Re: Backups disappear from router

Current 750Gr3 has a temporary file system. If you want to keep your files, store them in /flash:

explorer_2018-11-27_16-52-39.png
by nescafe2002
Tue Nov 27, 2018 2:22 pm
Forum: General
Topic: IPSEC VPN Between 3 Sites [SOLVED]
Replies: 13
Views: 1824

Re: IPSEC VPN Between 3 Sites [SOLVED]

Add the following IPSEC policies: On site A: from subnet B to subnet C via peer C On site A: from subnet C to subnet B via peer B On Site B: from subnet B to subnet C via peer A On Site C: from subnet C to subnet B via peer A No need to add routes, unless you want router-to-router access, then add a...
by nescafe2002
Tue Nov 27, 2018 11:27 am
Forum: General
Topic: HAP AC 2 configuration page
Replies: 1
Views: 403

Re: HAP AC 2 configuration page

Looks like a preconfigured device. It will probably be password protected, so you'd better contact the provider. Nevertheless, you can safely try one or all of the following: - SSH - telnet - WinBox - WinBox discovery (Neighbors tab) - WinBox directly via MAC address (in arp table or on sticker) - W...
by nescafe2002
Fri Nov 23, 2018 12:21 pm
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 88790

Re: RB4011

I haven't tested between two RB4011s, but between RB2011 and RB4011 the flapping will stop if you disable autoneg on both the RB4011 and RB2011, not just the RB4011.
by nescafe2002
Fri Nov 23, 2018 10:14 am
Forum: RouterBOARD hardware
Topic: RB4011
Replies: 371
Views: 88790

Re: RB4011

Disable auto negotiation and 1Gb SFP will work correctly. https://wiki.mikrotik.com/wiki/MikroTik_SFP_module_compatibility_table#SFP.2B_interface_compatibility_settings_with_SFP_optical_transceivers For MikroTik devices with SFP+ interface that support both 10G and 1G link rate following settings ar...
by nescafe2002
Thu Nov 22, 2018 4:21 pm
Forum: RouterBOARD hardware
Topic: RB4011 POE problem [SOLVED]
Replies: 10
Views: 2359

Re: RB4011 POE problem [SOLVED]

Didn't notice before, but I have the same issue: RB4011 <=> cAP ac autoneg 100Mbps, non-autoneg 1Gpbs.
by nescafe2002
Thu Nov 22, 2018 1:06 pm
Forum: Beginner Basics
Topic: Filter traffic in bridg.
Replies: 9
Views: 998

Re: Filter traffic in bridg.

You can filter tcp and udp in bridge firewall.

After setting ip-protocol=tcp or udp, src-address/port and dst-address/port are enabled.

https://wiki.mikrotik.com/wiki/Manual:I ... e_Firewall
by nescafe2002
Tue Nov 20, 2018 12:14 pm
Forum: General
Topic: how to close my ipv6 ports
Replies: 2
Views: 557

Re: how to close my ipv6 ports

MikroTik has a default ipv6 firewall which will be created after resetting configuration (with ipv6 package enabled). You can retrieve this configuration using /system default-configuration print : /ipv6 firewall { address-list add list=bad_ipv6 address=::/128 comment="defconf: unspecified address" ...
by nescafe2002
Sun Nov 18, 2018 11:02 am
Forum: Beginner Basics
Topic: alternate DNS for specific IP on LAN, is it possible? [SOLVED]
Replies: 19
Views: 3058

Re: alternate DNS for specific IP on LAN, is it possible? [SOLVED]

Nice! You still have to convert to hex if you want to supply more than one DNS server, I suppose.
by nescafe2002
Sat Nov 17, 2018 6:28 pm
Forum: Beginner Basics
Topic: alternate DNS for specific IP on LAN, is it possible? [SOLVED]
Replies: 19
Views: 3058

Re: alternate DNS for specific IP on LAN, is it possible? [SOLVED]

GUI can do it, but you have to calculate the IP address to hex using e.g. calculator.

First you add a dhcp option (in Options tab), then you can select it in lease.
by nescafe2002
Thu Nov 15, 2018 10:45 am
Forum: Scripting
Topic: Property "disabled" sometimes missing in print/getall results.
Replies: 1
Views: 544

Re: Property "disabled" sometimes missing in print/getall results.

Can confirm this, but why don't you just report this to MT support?
by nescafe2002
Thu Nov 15, 2018 9:07 am
Forum: General
Topic: Can I Only Allow Port Forwarding (or Dstnat) Based On A Source Address List?
Replies: 2
Views: 1428

Re: Can I Only Allow Port Forwarding (or Dstnat) Based On A Source Address List?

No problem, I have several port forwardings based on a address list:
/ip firewall address-list
add address=1.2.3.4 list=trusted
/ip firewall nat
add action=dst-nat chain=dstnat dst-address-type=local dst-port=8291 \
    protocol=tcp src-address-list=trusted to-addresses=192.168.88.100
by nescafe2002
Thu Nov 15, 2018 12:07 am
Forum: Beginner Basics
Topic: Need help - cannot enter admin page on CAP AC
Replies: 6
Views: 3731

Re: Need help - cannot enter admin page on CAP AC

You could reset the AP into CAPs mode (hold button 10 secs) which will give a bridge + dhcp-client configuration.

Also device should be discoverable in TikApp (iOS and Android).
by nescafe2002
Wed Nov 14, 2018 11:18 pm
Forum: General
Topic: Export incorrect discovery-settings
Replies: 1
Views: 486

Re: Export incorrect discovery-settings

viewtopic.php?f=21&t=140560#p693162
If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after some problem has appeared on device
by nescafe2002
Wed Nov 14, 2018 10:51 pm
Forum: General
Topic: 2011UiAS-2HnD: Fastpath + PBR + GRE - terrible performance!
Replies: 12
Views: 1306

Re: 2011UiAS-2HnD: Fastpath + PBR + GRE - terrible performance!

I've spent enough time with a (as it turned out) partial config. You may have better luck with MT Support self (via mail), be sure to generate a supout.rif when the device is behaving badly and attach it.
by nescafe2002
Tue Nov 13, 2018 3:39 pm
Forum: Beginner Basics
Topic: DHCP client doesn't work on SFP(S-RJ01) port
Replies: 24
Views: 3869

Re: DHCP client doesn't work on SFP(S-RJ01) port

Could you try adding sfp1 to a new bridge-wan and moving dhcp-client (& interface list / firewall rules) to bridge-wan? Still no connectivity?
by nescafe2002
Tue Nov 13, 2018 3:27 pm
Forum: General
Topic: High Traffic
Replies: 4
Views: 743

Re: High Traffic

by nescafe2002
Tue Nov 13, 2018 2:59 pm
Forum: General
Topic: secure winbox port access only by wan ip
Replies: 16
Views: 3146

Re: secure winbox port access only by wan ip

You could set up a DNS [A] record for your management server with a suitable TTL (> 4 hours, to limit continuous stream of DNS lookups).

Then use address list feature in client devices to permit access to Winbox based on A record.
by nescafe2002
Tue Nov 13, 2018 1:09 pm
Forum: Scripting
Topic: C# API - tik4net on GitHub
Replies: 162
Views: 44423

Re: C# API - tik4net on GitHub

You can use GetResponseFieldOrDefault to have a default value as response or check the Words dictionary directly.

E.g.
var profile = vResult.GetResponseFieldOrDefault("actual-profile", "(none)");

or

if (vResult.Words.ContainsKey("actual-profile"))
{
  // Do something
}
by nescafe2002
Tue Nov 13, 2018 12:56 pm
Forum: Beginner Basics
Topic: Winbox lost connection after establish bridge
Replies: 4
Views: 1022

Re: Winbox lost connection after establish bridge

Connect via MAC address. You probably get kicked out, but can reconnect after re-discovery. https://wiki.mikrotik.com/wiki/Manual:Winbox#Starting_Winbox From list of discovered routers you can click on IP or MAC address column to connect to that router. If you click on IP address then IP will be use...
by nescafe2002
Tue Nov 13, 2018 11:10 am
Forum: Beginner Basics
Topic: DHCP issue [SOLVED]
Replies: 9
Views: 1325

Re: DHCP issue [SOLVED]

You can set up a DHCP Alert to detect other dhcp servers on your network.

IP > DHCP Server > Alerts

Set up an alert on your local network interface.

Check the log for DHCP error events.

https://wiki.mikrotik.com/wiki/Manual:I ... ver#Alerts
by nescafe2002
Mon Nov 12, 2018 8:43 pm
Forum: General
Topic: 2011UiAS-2HnD: Fastpath + PBR + GRE - terrible performance!
Replies: 12
Views: 1306

Re: 2011UiAS-2HnD: Fastpath + PBR + GRE - terrible performance!

Cannot reproduce the problem here. Kind of funny that fast path is problematic here as it should be disabled as you are breaking breaking the following conditions: - firewal rules are not configured; - Simple and queue trees with parent=global are not configured; - connection tracking is not active;...
by nescafe2002
Mon Nov 12, 2018 6:52 pm
Forum: General
Topic: 2011UiAS-2HnD: Fastpath + PBR + GRE - terrible performance!
Replies: 12
Views: 1306

Re: 2011UiAS-2HnD: Fastpath + PBR + GRE - terrible performance!

Can you disable the route rule? I think it is pointing to a non existing table.
by nescafe2002
Mon Nov 12, 2018 5:59 pm
Forum: General
Topic: 2011UiAS-2HnD: Fastpath + PBR + GRE - terrible performance!
Replies: 12
Views: 1306

Re: 2011UiAS-2HnD: Fastpath + PBR + GRE - terrible performance!

You have done everything by the book and the way it should be, so it must be a serious hw microcode bug and we cannot help you. ..or could it be a configuration related issue? Post config ( /export hide-sensitive ) if you want assistance on this forum. Perhaps you enabled ipsec and did not exclude i...
by nescafe2002
Sun Nov 11, 2018 11:18 am
Forum: Beginner Basics
Topic: mAP2n PoE for Yealink W52P [SOLVED]
Replies: 3
Views: 761

Re: mAP2n PoE for Yealink W52P [SOLVED]

No, not by specs, but you could try with a standard 802.3af injector (48V).

I have had success with the following setup: standard 802.3af switch (Netgear FS728TP) => mAP2nD => Yealink T46G desktop phone.
by nescafe2002
Sat Nov 10, 2018 3:38 pm
Forum: Scripting
Topic: C# API - tik4net on GitHub
Replies: 162
Views: 44423

Re: C# API - tik4net on GitHub

Sorry, this is an unsupported feature:

https://wiki.mikrotik.com/wiki/API_comm ... e_commands
interactive command examples that will not work in API are:

/system telnet
/system ssh
/tool mac-telnet
by nescafe2002
Sat Nov 10, 2018 2:15 pm
Forum: Beginner Basics
Topic: RE: I cant login in with winbox 3.18 and through browser [SOLVED]
Replies: 2
Views: 664

Re: RE: I cant login in with winbox 3.18 and through browser [SOLVED]

If it's a new device, no password is set. Just login with admin and empty password.

In the box you will find a guick guide ( https://i.mt.lv/cdn/rb_files/1539728765metal-series.pdf ) with instructions to reset the device.
by nescafe2002
Fri Nov 09, 2018 7:33 pm
Forum: Beginner Basics
Topic: The winbox is hard to use
Replies: 12
Views: 1750

Re: The winbox is hard to use

Winbox is a classic MDI application, you can use CTRL-F6 and CTRL-SHIFT-F6 to cycle through child windows, forth and back respectively.
by nescafe2002
Thu Nov 08, 2018 5:35 pm
Forum: Wireless Networking
Topic: CAPSMAN + datapath.bridge-horizon ?
Replies: 6
Views: 2477

Re: CAPSMAN + datapath.bridge-horizon ?

I'd have to check, but think you are correct: datapath.client-to-client-forwarding for traffic within same CAP and datapath.bridge-horizon for forwarding between CAPs on the same bridge.
by nescafe2002
Thu Nov 08, 2018 10:28 am
Forum: General
Topic: SSTP VPN with trusted public certificate
Replies: 3
Views: 781

Re: SSTP VPN with trusted public certificate

Note that you do not need to 'Trust' the intermediate certificate. I have removed that flag from my post.
by nescafe2002
Thu Nov 08, 2018 10:08 am
Forum: General
Topic: SSTP VPN with trusted public certificate
Replies: 3
Views: 781

Re: SSTP VPN with trusted public certificate

"It works on my machine" (Windows 10 client). Have you installed the intermediate certificate? [admin@MikroTik] /certificate> print detail Flags: K - private-key, D - dsa, L - crl, C - smart-card-key, A - authority, I - issued, R - revoked, E - expired, T - trusted 0 L name="vpn.company.com.crt_1" i...
by nescafe2002
Wed Nov 07, 2018 10:50 pm
Forum: Wireless Networking
Topic: CAPSMAN + datapath.bridge-horizon ?
Replies: 6
Views: 2477

Re: CAPSMAN + datapath.bridge-horizon ?

https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Port_Settings Use split horizon bridging to prevent bridging loops. Set the same value for group of ports, to prevent them from sending data to ports with the same horizon value. Split horizon is a software feature that disables hardware offload...
by nescafe2002
Wed Nov 07, 2018 1:24 pm
Forum: General
Topic: unable to upgrade from 6.40.5 (mipsbe)
Replies: 6
Views: 888

Re: unable to upgrade from 6.40.5 (mipsbe)

Export your configuration ( /export file=config in Console ). Save file config.rsc locally (via Files). Check the router for any malicious scripts and scheduler entries. Maybe you can update after removing these entries. Check the log for results after reboot. If upgrade is not possible, use netinst...
by nescafe2002
Wed Nov 07, 2018 11:46 am
Forum: Beginner Basics
Topic: Disabling Dynamic DNS Servers... [SOLVED]
Replies: 8
Views: 11783

Re: Disabling Dynamic DNS Servers... [SOLVED]

Same issue: viewtopic.php?t=129409

Try determining whether it is caused by l2tp or ovpn, create supout and send feature request to MT support based on findings.

If you control l2tp/ovpn server, try modifying server settings.
by nescafe2002
Wed Nov 07, 2018 11:38 am
Forum: Beginner Basics
Topic: Disabling Dynamic DNS Servers... [SOLVED]
Replies: 8
Views: 11783

Re: Disabling Dynamic DNS Servers... [SOLVED]

Do you have other dial-up interfaces? ovpn-client etc.?
by nescafe2002
Tue Nov 06, 2018 10:44 pm
Forum: General
Topic: CRS125 poor throughput & low cpu load [SOLVED]
Replies: 41
Views: 3504

Re: CRS125 poor throughput & low cpu load [SOLVED]

It is under WebFig > Bridge > Settings. Nevertheless, you can always open console via Console button in upper right corner.
by nescafe2002
Tue Nov 06, 2018 6:24 pm
Forum: General
Topic: RB4011 SFP not staying up/linked
Replies: 2
Views: 1240

Re: RB4011 SFP not staying up/linked

https://wiki.mikrotik.com/wiki/MikroTik_SFP_module_compatibility_table#SFP.2B_interface_compatibility_settings_with_SFP_optical_transceivers For MikroTik devices with SFP+ interface that support both 10G and 1G link rate following settings are needed to be set on both linked devices for required int...
by nescafe2002
Tue Nov 06, 2018 5:34 pm
Forum: Announcements
Topic: Newsletter 85
Replies: 30
Views: 12998

Re: Newsletter 85

Look at the block diagram.. the ethernet port is switched with SFP+ so you should get wire speed switching between sfp-sfpplus1..4 and ether1.
by nescafe2002
Tue Nov 06, 2018 1:13 pm
Forum: General
Topic: System issues RB1100ahx4
Replies: 14
Views: 2536

Re: System issues RB1100ahx4

Send problem description (with supout.rif and short description of setup, e.g. used monitoring tools and monitored oids) to support@mikrotik.com.

If possible, enable debug logging for snmp (create separate logging topic for snmp), wait for error and then create supout.
by nescafe2002
Tue Nov 06, 2018 10:59 am
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 329
Views: 110221

Re: Winbox vulnerability: please upgrade

Can you identify the MAC address (mac vendor)?

Have you tried looking it up via ip/arp / bridge/hosts or switch/hosts after regaining access to check which interface it is connected to?

Have you crossed checked with your own machines and ensured it isn't a local device?
by nescafe2002
Fri Nov 02, 2018 10:51 am
Forum: General
Topic: Winbox-Traffic - 200kbit/s
Replies: 14
Views: 1371

Re: Winbox-Traffic - 200kbit/s

You can use ssh to configure device on low bandwith links.
by nescafe2002
Thu Nov 01, 2018 12:42 pm
Forum: Beginner Basics
Topic: 3 VLANs on WAN [SOLVED]
Replies: 7
Views: 1213

Re: 3 VLANs on WAN [SOLVED]

Better add all untrusted interfaces (ether1 + vlans) to WAN interface list. Firewall drops connections based on interface list.
by nescafe2002
Thu Nov 01, 2018 11:58 am
Forum: General
Topic: Bad performance (slow) of RB2011UAS-2HnD [SOLVED]
Replies: 11
Views: 1613

Re: Bad performance (slow) of RB2011UAS-2HnD [SOLVED]

You have some orphaned vlans on bridge, but what is worse.. no adequate firewalling (accepting all but http, ssh and dns to router and internal network). Better take a look at the firewall from default configuration, it contains firewall list based protection and srcnat, allows dstnat (port forwardi...
by nescafe2002
Thu Nov 01, 2018 11:48 am
Forum: Beginner Basics
Topic: "Strange" traffic from router
Replies: 5
Views: 1996

Re: "Strange" traffic from router

Please read this post from MikroTik, it contains all info to fix the issue:

https://blog.mikrotik.com/security/winb ... ility.html
by nescafe2002
Wed Oct 31, 2018 11:04 pm
Forum: RouterBOARD hardware
Topic: cAP Lite Powers on but inaccessible.
Replies: 6
Views: 2518

Re: cAP Lite Powers on but inaccessible.

As a side note, who in the hell thought it was a good idea for the reset button to only work if you hold it down BEFORE powering it on... with a thing this small you need squid arms to both press the button and push the Poe cable in without something going wrong. I have had the same issue and it ca...
by nescafe2002
Wed Oct 31, 2018 11:00 pm
Forum: Beginner Basics
Topic: 3 VLANs on WAN [SOLVED]
Replies: 7
Views: 1213

Re: 3 VLANs on WAN [SOLVED]

If there is a managed switch on WAN side, why don't you use this switch to split off iptv? Are you sure that the switch is well configured? You could disable use-service-tag on vlan-14, temporarily remove the switch on wan side or remove ether1 from bridge and set vlans directly to ether1 to rule ou...
by nescafe2002
Wed Oct 31, 2018 4:51 pm
Forum: General
Topic: Strange behaviour
Replies: 6
Views: 822

Re: Strange behaviour

Cannot answer "why", but a solution is to use the default firewall. It doesn't allow from lan explicitly, but drops everything from (not lan) in input chain and from wan in forward chain. Perhaps to overcome this issue. /ip firewall filter add chain=input action=drop in-interface-list=!LAN comment="...
by nescafe2002
Wed Oct 31, 2018 3:27 pm
Forum: General
Topic: The security flaw for Hajime is closed by the firewall
Replies: 37
Views: 21678

Re: The security flaw for Hajime is closed by the firewall

Please do NOT use the firewall posted above. It is incomplete, unnecessarily complex and will make the router at least vulnerable to DNS amplification attacks. Use the default firewall from MikroTik's default configuration instead (with a default DROP rule on both input and forward chains for non-la...
by nescafe2002
Wed Oct 31, 2018 3:19 pm
Forum: General
Topic: Need help with VLANS and routing their traffic over L2TP
Replies: 4
Views: 1041

Re: Need help with VLANS and routing their traffic over L2TP

Add a routing mark and default routing entry: /ip firewall mangle add action=mark-routing chain=prerouting connection-mark=VOIP-Conn \ in-interface="VOIP Vlan 100" new-routing-mark=Via-Site2Site passthrough=yes /ip route add gateway=Site2Site_Customer routing-mark=Via-Site2Site https://wiki.mikrotik...
by nescafe2002
Wed Oct 31, 2018 12:53 pm
Forum: Beginner Basics
Topic: 3 VLANs on WAN [SOLVED]
Replies: 7
Views: 1213

Re: 3 VLANs on WAN [SOLVED]

You did not post running version. Assuming some recent version, you'd better use the new bridge config with vlan filtering. So, one bridge for WAN with two vlans: /interface bridge add igmp-snooping=yes name=bridge-wan vlan-filtering=yes /interface bridge port add bridge=bridge-wan interface=ether1 ...
by nescafe2002
Wed Oct 31, 2018 12:30 pm
Forum: General
Topic: Bad performance (slow) of RB2011UAS-2HnD [SOLVED]
Replies: 11
Views: 1613

Re: Bad performance (slow) of RB2011UAS-2HnD [SOLVED]

Psycho, please post your configuration ( /export hide-sensitive ) for an adequate advice, instead of us guessing what could be the cause. RB2011 should handle 890 Mbps TCP IPv4 traffic with fasttrack on: https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack Edit: Keep in mind though, that 300Mbit line ...