Community discussions

MikroTik App

Search found 128 matches

by flameproof
Tue May 03, 2022 9:16 pm
Forum: General
Topic: Proxy-ARP replies to all ARP broadcasts for any IP address
Replies: 11
Views: 1013

Re: Proxy-ARP replies to all ARP broadcasts for any IP address

The amount of ARP requests that would flow would still be minimal. The only time when the monitoring server needs to access a device behind PPPoE is for remote troubleshooting over SSH. This is not for passing customer traffic, it's for smol smol amounts of management traffic, compared to our volume...
by flameproof
Tue May 03, 2022 7:23 pm
Forum: General
Topic: Proxy-ARP replies to all ARP broadcasts for any IP address
Replies: 11
Views: 1013

Re: Proxy-ARP replies to all ARP broadcasts for any IP address

Except it is not (a one-time config). Right now, we'd have to add a routing table entry every time we launch a new network and add a CCR PPPoE concentrator. This would be done on the Linux server. If we setup BGP on the Linux server (Ubuntu) via eg. BIRD, against the central CCR that routes all traf...
by flameproof
Tue May 03, 2022 6:43 pm
Forum: General
Topic: Proxy-ARP replies to all ARP broadcasts for any IP address
Replies: 11
Views: 1013

Re: Proxy-ARP replies to all ARP broadcasts for any IP address

OK thanks for the suggestion. OSPF or iBGP complicate our network topology, we try to keep things as dumbed down and simple as possible so that our operation costs are kept in check. Operating a complex nationwide network requires different skills (and thereby costs) than a simple one. When you offe...
by flameproof
Tue May 03, 2022 5:48 pm
Forum: General
Topic: Proxy-ARP replies to all ARP broadcasts for any IP address
Replies: 11
Views: 1013

Re: Proxy-ARP replies to all ARP broadcasts for any IP address

I should have clarified that the idea is to move to CGNAT and give CPEs an IP from the same /10 block, to make things simpler and not have to handle every single network individually. How would I get proxy-arp working in that scenario?
by flameproof
Tue May 03, 2022 3:40 pm
Forum: General
Topic: Proxy-ARP replies to all ARP broadcasts for any IP address
Replies: 11
Views: 1013

Re: Proxy-ARP replies to all ARP broadcasts for any IP address

As a follow-up, I have tried solutions posted in other threads, such as adding the IP of the downstream network to the upstream interface (e.g. 10.70.0.1/16 to ETH2 of CCR A), to no avail. I have fixed the problem by moving to static routes on the Linux server for each IP range, with gateway a stati...
by flameproof
Tue May 03, 2022 2:38 pm
Forum: General
Topic: Proxy-ARP replies to all ARP broadcasts for any IP address
Replies: 11
Views: 1013

Proxy-ARP replies to all ARP broadcasts for any IP address

Hi all, I'm scratching my head around an issue with proxy-arp. See the below diagram [ EDIT: I want to move all CPEs to use the CGNAT /10, assigning IPs from that block without sub-dividing it into subnets, that is where proxy-arp would be useful compared to static routing ]: CCR Proxy ARP.png The L...
by flameproof
Fri Mar 04, 2022 5:42 pm
Forum: General
Topic: CCR1072 running out of CPU, what next for a PPPoE ISP?
Replies: 23
Views: 5875

Re: CCR1072 running out of CPU, what next for a PPPoE ISP?

That's what we end up doing ;-)
by flameproof
Fri Mar 04, 2022 9:46 am
Forum: General
Topic: CCR1072 running out of CPU, what next for a PPPoE ISP?
Replies: 23
Views: 5875

Re: CCR1072 running out of CPU, what next for a PPPoE ISP?

It has been a year, and no. What seems clear is Mikrotik is moving away from Tile, has been developing new hardware for months, and we're going to test the new models.
by flameproof
Tue Nov 02, 2021 9:18 am
Forum: Forwarding Protocols
Topic: Netflix OCA public IPv4 routing
Replies: 3
Views: 5257

Re: Netflix OCA public IPv4 routing

Thanks for this - do you have details on the upstream routing setup? That's where I'm stuck. Traffic originating from the OCA is not being sent out via IPT, and seems to exit via DIA. Not sure how to force it other than what I have done already...
by flameproof
Tue Nov 02, 2021 8:54 am
Forum: Forwarding Protocols
Topic: Netflix OCA public IPv4 routing
Replies: 3
Views: 5257

Netflix OCA public IPv4 routing

Hi all, Have been scratching my head for a couple of days on this one. We've received a Netflix OCA to install inside our network, and it comes with a configured IPv4 address from the address space we own under our AS. Our core router has two upstream connections, one we call DIA (Direct Internet Ac...
by flameproof
Tue Mar 23, 2021 9:43 pm
Forum: General
Topic: PWR-Line AP - what firmware version is usable? Neighbor visible yet no IP traffic
Replies: 1
Views: 828

PWR-Line AP - what firmware version is usable? Neighbor visible yet no IP traffic

I have a setup where I connected one PWR-Line Pro and two PWR-Line APs, and it worked OK. I then added a second Pro, and upgraded firware to 6.48.1 on the two APs. Five hours later, and having tried 6.48.1, 6.49 beta, 6.47.x... I have the following issue: if the AP is right next to the Pro, it will ...
by flameproof
Thu Mar 04, 2021 11:39 am
Forum: General
Topic: CCR1072 running out of CPU, what next for a PPPoE ISP?
Replies: 23
Views: 5875

Re: CCR1072 running out of CPU, what next for a PPPoE ISP?

Greetings, We have a few more CCRs that have fallen into this problem. The CPU #1 gets stuck at 100% on "networking", and all PPPoE sessions are eventually dropped and re-established. We use software bridge to tie more than one ethernet port together, as our total subscriber throughput exc...
by flameproof
Wed Mar 03, 2021 4:01 am
Forum: General
Topic: Out of disk space - upgrading hAP Lite from v6.35 to v6.35.2
Replies: 57
Views: 30344

Re: Out of disk space - upgrading hAP Lite from v6.35 to v6.35.2

We are not rolling out 6.47.9 yet, but I can see that the .npk for 6.47.6 is 7,351,618 bytes, and for 6.47.9 it's 7,390,379 bytes, a 38,761 byte difference (38kB). You must have some leftover files eg. backups, supout.rif, etc. to explain that IMHO. We remove all files before an update, to make sure...
by flameproof
Fri Jan 15, 2021 5:09 pm
Forum: General
Topic: Mikrotik or NOT!!! Industry standarts say no!! Why? [SOLVED]
Replies: 115
Views: 30818

Re: Mikrotik or NOT!!! Industry standarts say no!! Why? [SOLVED]

The company I work for also has millions of PPPoE users/customers too ;-) But we are running several "areas" & "sub-areas" in the country each with our gear to terminate PPPoE sessions (Nokia). Looking at the stats, I would say they handle up to about 7k subscribers max but ...
by flameproof
Thu Jan 14, 2021 7:28 pm
Forum: General
Topic: Mikrotik or NOT!!! Industry standarts say no!! Why? [SOLVED]
Replies: 115
Views: 30818

Re: Mikrotik or NOT!!! Industry standarts say no!! Why? [SOLVED]

Sooooo move away from PPPoE to what exactly? We are talking 15.000 CPEs, I’m open to suggestions.

Movistar, my home fibre ISP, with millions of customers, runs PPPoE...
by flameproof
Thu Dec 31, 2020 1:09 pm
Forum: General
Topic: Mikrotik or NOT!!! Industry standarts say no!! Why? [SOLVED]
Replies: 115
Views: 30818

Re: Mikrotik or NOT!!! Industry standarts say no!! Why? [SOLVED]

I chip into this one as someone who has deployed 50+ CCRs (from 1016 all the way to 1072s), and some 15.000 CPEs (hAP Lite mainly), with very basic requirements - we keep our architecture purposefully "light" so as to not need OSPF or BGP experts in field services, it's all very basic flat...
by flameproof
Thu Dec 31, 2020 12:33 pm
Forum: RouterOS beta
Topic: REST
Replies: 11
Views: 4311

Re: REST

Is this available on v7.1beta3? The document literally states from "RouterOS v7beta4", but that could be read as "v7.0beta4"? In any case, I have found two issues: - Crash when using certain SSL certificates which work fine on v6 (1000s of units deployed). I can file a report if ...
by flameproof
Wed Dec 02, 2020 10:45 am
Forum: General
Topic: CCR1072 running out of CPU, what next for a PPPoE ISP?
Replies: 23
Views: 5875

Re: CCR1072 running out of CPU, what next for a PPPoE ISP?

Hi Michael - we are currently testing a split-duties configuration on one of our smaller networks. In essence, we will use a 1036 as NAT/router, and one or more 1016s as PPPoE concentrators enforcing rate limits via queues. We can thus scale with more 1016s (cheaper) as required. I'll post here when...
by flameproof
Fri Oct 23, 2020 2:21 pm
Forum: General
Topic: EOIP not working behind 1:1 nat
Replies: 4
Views: 1033

Re: EOIP not working behind 1:1 nat

EoIP is as simple to get working as it gets. I have created tunnels through NAT on a Mikrotik device, e.g. Mikrotik #1 -> [ NAT Mikrotik #2] -> Mikrotik #3. However, you need to be aware of MTU. Can you show your actual configuration?
by flameproof
Fri Oct 23, 2020 1:29 pm
Forum: General
Topic: Out of disk space - upgrading hAP Lite from v6.35 to v6.35.2
Replies: 57
Views: 30344

Re: Out of disk space - upgrading hAP Lite from v6.35 to v6.35.2

I can confirm this has worked with ~500 of our deployed hAP Lites, which were previously failing to upgrade. Good news!
by flameproof
Thu Oct 22, 2020 2:51 pm
Forum: General
Topic: Out of disk space - upgrading hAP Lite from v6.35 to v6.35.2
Replies: 57
Views: 30344

Re: Out of disk space - upgrading hAP Lite from v6.35 to v6.35.2

Thanks for your input pe1chl - however the main issue with it is, what happens if some packages don't make it fully, or at all, and the CPE loses power? We don't have control over, or warning from, Kenya's power grid, which is extremely temperamental, so power outages mid-upgrade are definitely an i...
by flameproof
Thu Oct 22, 2020 1:31 am
Forum: General
Topic: Out of disk space - upgrading hAP Lite from v6.35 to v6.35.2
Replies: 57
Views: 30344

Re: Out of disk space - upgrading hAP Lite from v6.35 to v6.35.2

Last one and I'll shut up until we have other views. I have tried to upgrade by downloading separate package files to a test CPE. This was fine until they would not all fit either, and had to do one set, reboot, then another set, reboot... with the added risk that a CPE could lose power at any time,...
by flameproof
Thu Oct 22, 2020 12:55 am
Forum: General
Topic: Out of disk space - upgrading hAP Lite from v6.35 to v6.35.2
Replies: 57
Views: 30344

Re: Out of disk space - upgrading hAP Lite from v6.35 to v6.35.2

Taking the mick now... can't make its mind up as to how much free is free...

hAP.png
by flameproof
Thu Oct 22, 2020 12:45 am
Forum: General
Topic: Out of disk space - upgrading hAP Lite from v6.35 to v6.35.2
Replies: 57
Views: 30344

Re: Out of disk space - upgrading hAP Lite from v6.35 to v6.35.2

I'm in the category of "have 1000s of devices". To be precise, close to 15.000 hAP Lites in our network. We are trying to upgrade them to 6.47.4, to no avail. No custom packages, nothing out of the ordinary. We get told the CPEs have 7.3MB left and 7.4MB are needed. We need a way to packag...
by flameproof
Thu Oct 15, 2020 11:42 am
Forum: General
Topic: Architecture and growth - how to know when to change
Replies: 7
Views: 2747

Re: Architecture and growth - how to know when to change

Thanks for that - we actually increased those limits ages ago, and fine-tuned the timeouts, to no avail. These are the stats from the Bind9 server we put into operation to fix the issue: Screen Shot 2020-10-15 at 10.34.42.png You can see that peak rate from the entire network (~14.000 CPEs) is some ...
by flameproof
Sun Sep 20, 2020 12:10 am
Forum: General
Topic: PPPoE and OSPF drops
Replies: 20
Views: 6081

Re: PPPoE and OSPF drops

Ok, I could live with it heading to wish list - however, please try to marry 40Gbps modules or CDWM multiplexers which you’d use to run at least 80Gbps of traffic, with a lack of monitoring capabilities on the boxes meant to drive said traffic. If the top-of-the-line 1072 (at over $3000!!) chokes at...
by flameproof
Fri Sep 18, 2020 9:24 am
Forum: General
Topic: Terrible connection tracking bug... or terrible stupidity! [SOLVED] (it was me!)
Replies: 12
Views: 4010

Re: Terrible connection tracking bug... or terrible stupidity! (by me)

Yes, the response I got from Mikrotik was about the same ("Our hardware is not up to your particular needs"), however no suggestion to split duties was made, I found that one by searching for options. My biggest peeve at this time is the lack of proper visibility into the innards and perfo...
by flameproof
Thu Sep 17, 2020 11:25 pm
Forum: General
Topic: Terrible connection tracking bug... or terrible stupidity! [SOLVED] (it was me!)
Replies: 12
Views: 4010

Re: Terrible connection tracking bug... or terrible stupidity! (by me)

You are right that sometimes the relevant stuff is hidden in what you consider not relevant... been there, done that! In this case, the configuration is rather simple. I'll raise this as a bug with Mikrotik, given the "weird" nature of the PPPoE "flaps" we keep seeing with no way...
by flameproof
Thu Sep 17, 2020 6:12 pm
Forum: General
Topic: Terrible connection tracking bug... or terrible stupidity! [SOLVED] (it was me!)
Replies: 12
Views: 4010

Re: Terrible connection tracking bug... or terrible stupidity! (by me)

I posted the relevant config of the NAT router in the first post of the thread, are there other areas of config you’re missing? I can post the whole thing but there are no other NAT/mangle or routing rules.
by flameproof
Thu Sep 17, 2020 5:43 pm
Forum: General
Topic: Terrible connection tracking bug... or terrible stupidity! [SOLVED] (it was me!)
Replies: 12
Views: 4010

Re: Terrible connection tracking bug... or terrible stupidity! (by me)

I have now added a type=blackhole route with destination address 172.16.0.0/24, and the flood no longer happens! So, routing loop confirmed, with the mystery of the source address being the web server, as you mentioned.
by flameproof
Thu Sep 17, 2020 5:35 pm
Forum: General
Topic: Terrible connection tracking bug... or terrible stupidity! [SOLVED] (it was me!)
Replies: 12
Views: 4010

Re: Terrible connection tracking bug... or terrible stupidity! (by me)

You are on the right track - looks like a routing loop (not had one before!), looking at the packet details in Wireshark, "normal" traffic has a TTL of 63, when the link is cut off, there is a ping-pong of ACKs between NAT and BRAS boxes, with the TTL decreasing by one each time. When TTL ...
by flameproof
Thu Sep 17, 2020 3:37 pm
Forum: General
Topic: Terrible connection tracking bug... or terrible stupidity! [SOLVED] (it was me!)
Replies: 12
Views: 4010

Re: Terrible connection tracking bug... or terrible stupidity! (by me)

Hi sindy, thanks so much for your thoughful reply! I also came across a post from April where you mentioned loose-tcp-tracking. How does this setting impact the box in terms of resources CPU/memory? I don't want to jump out of the pan into the fire, so-to-speak... Rather than go blow-by-blow, I'll r...
by flameproof
Thu Sep 17, 2020 1:10 pm
Forum: General
Topic: Terrible connection tracking bug... or terrible stupidity! [SOLVED] (it was me!)
Replies: 12
Views: 4010

Terrible connection tracking bug... or terrible stupidity! [SOLVED] (it was me!)

I've been following the suggestions from Syed on his blog post , and have managed to replicate the setup in my lab (this is to fix the random PPPoE disconnection floods & CCR lockups reported on various threads previously). This is my current setup: PPPoE Test Setup.png And this is the "com...
by flameproof
Wed Aug 26, 2020 3:30 pm
Forum: General
Topic: Can't get 10Gb on crs326-24s+2q+rm
Replies: 7
Views: 2001

Re: Can't get 10Gb on crs326-24s+2q+rm

You have to give more subtleties and setting. Seeing around 2Gbps is in all likelihood because of CPU mediation, rather than switch chip as it were. We ignore 10Gbps on a CRS317 and it scarcely enlists CPU use at 1-2%. Erm... that's my exact same post, but with some words swapped out for different ...
by flameproof
Mon Aug 24, 2020 10:56 pm
Forum: General
Topic: Can't get 10Gb on crs326-24s+2q+rm
Replies: 7
Views: 2001

Re: Can't get 10Gb on crs326-24s+2q+rm

Is the iperf test also directly server to server? Is the 5Gbps file transfer through the switch? You need to provide more details and context. Seeing around 2Gbps is almost certainly due to CPU intervention, instead of switch chip only. We pass over 10Gbps on a CRS317 and it barely registers CPU usa...
by flameproof
Mon Aug 24, 2020 2:32 am
Forum: General
Topic: 2 BRAS With Same IP pool LIST
Replies: 7
Views: 2559

Re: 2 BRAS With Same IP pool LIST

That approach is good if you don't have high volumes of customers, or if you do, they have decent power grids and you don't see PPPoE PADI floods etc. Our RADIUS server now is single-query per Access-Request, as efficient as it can get. Whatever you do on the RADIUS server will reflect in the number...
by flameproof
Mon Aug 24, 2020 1:30 am
Forum: General
Topic: Can't get 10Gb on crs326-24s+2q+rm
Replies: 7
Views: 2001

Re: Can't get 10Gb on crs326-24s+2q+rm

Make sure you are not passing any traffic through the CPU, e.g. firewall filters, bridges with VLAN interfaces in them (use the "native" VLAN on bridges!), routing or IP firewall, etc. What you see is most likely due to the CPU having to do work rather than the switch chip (been there, don...
by flameproof
Mon Aug 24, 2020 1:25 am
Forum: General
Topic: 2 BRAS With Same IP pool LIST
Replies: 7
Views: 2559

Re: 2 BRAS With Same IP pool LIST

I've been mulling this one over as part of the fix to the PPPoE session drops - and have come up with this: assign a "static" IPv4 in whatever internal range you prefer to each customer account on your RADIUS DB, and hand it out in the Access-Accept. We currently use Framed-Pool but will m...
by flameproof
Sat Aug 22, 2020 11:15 am
Forum: General
Topic: Architecture and growth - how to know when to change
Replies: 7
Views: 2747

Re: Architecture and growth - how to know when to change

Hi jarda, thanks for your input - we spent weeks trying to get support to react, and when things stalled, I emailed the CEO with copy to the CTO, who replied and said he'd put someone on the case. We were never offered the option to give them remote access, install extra software or tools to debug, ...
by flameproof
Mon Aug 17, 2020 11:14 pm
Forum: General
Topic: PPPoE and OSPF drops
Replies: 20
Views: 6081

Re: PPPoE and OSPF drops

Hmmmm don’t agree with that - Cisco charges outrageous prices because they have a captive market, and of course solutions for extremely large volumes of data. If we assume that RouterOS’ DNS resolver is Bind under the skin, there is no excuse not to expose the level of logging Bind provides, which i...
by flameproof
Mon Aug 17, 2020 8:11 pm
Forum: General
Topic: PPPoE and OSPF drops
Replies: 20
Views: 6081

Re: PPPoE and OSPF drops

Sooooo why is that info not in performance data provided by Mikrotik, alongside DNS resolver capabilities, etc? Why is soooo hard to analyze connection tracking issues? You're getting to the answer, not the path that it takes to resolve an issue. Please see my "philosophical" thread on thi...
by flameproof
Mon Aug 17, 2020 12:41 pm
Forum: General
Topic: Architecture and growth - how to know when to change
Replies: 7
Views: 2747

Architecture and growth - how to know when to change

Hi all, This is a somewhat philosophical post - it's not about the actual technical details, which I will use as an example, but about the underlying issues that we are faced with when gauging the capability of Mikrotik devices to perform certain functionality. The issue at hand is that there are in...
by flameproof
Mon Aug 17, 2020 9:24 am
Forum: General
Topic: PPPoE and OSPF drops
Replies: 20
Views: 6081

Re: PPPoE and OSPF drops

There is part which is our architecture / configuration, but the more deep & worrying issue is that in some cases, one has almost zero visibility into when the architecture or configuration is causing a particular issue. Had we these tools at our disposal (or was the wiki more useful in some are...
by flameproof
Sat Aug 15, 2020 12:43 pm
Forum: General
Topic: PPPoE and OSPF drops
Replies: 20
Views: 6081

Re: PPPoE and OSPF drops

Indeed, both Mikrotik support and other colleagues of the forum pointed to alternative hardware as a solution, thank you.
by flameproof
Fri Aug 14, 2020 1:48 pm
Forum: RouterBOARD hardware
Topic: RB1000 closing tens of pppoe connections at once
Replies: 56
Views: 29544

Re: RB1000 closing tens of pppoe connections at once

@glueck @rodolfo Thanks for your input and suggestions - we are definitely contemplating the x86 metal + dedicated PPPoE stack as an option. On the connection tracking disabled - how would you handle dynamic rate limiting without it? We use a simple queue for each CPE session, assigned based on RADI...
by flameproof
Fri Aug 14, 2020 9:13 am
Forum: General
Topic: PPPoE and OSPF drops
Replies: 20
Views: 6081

Re: PPPoE and OSPF drops

Greetings - we have been having issues with CCRs (including a 1072) dropping all or part of the established PPPoE sessions, during which the CCR appears to stop responding to API/SSH (WebFig remains available but most sections are blank). We contacted Mikrotik with support files etc. and eventually ...
by flameproof
Fri Aug 14, 2020 9:06 am
Forum: RouterBOARD hardware
Topic: RB1000 closing tens of pppoe connections at once
Replies: 56
Views: 29544

Re: RB1000 closing tens of pppoe connections at once

I hate reviving old threads from years past, but this one IMHO is worth keeping alive. We have the same issue with 1300 PPPoE sessions on a CCR1702. We are able to reliably reproduce this: 1. Drop a number of customers by: a) Rebooting a downstream switch OR b) Rebooting a PtP AirFiber serving a dow...
by flameproof
Thu Aug 13, 2020 12:11 am
Forum: General
Topic: Poor DNS performance under heavy traffic
Replies: 3
Views: 2070

Poor DNS performance under heavy traffic

Hi all, We're currently peaking at around 8.5Gbps in our network, all going through a single CCR1072. We use this CCR as a DNS cache, which feeds our downstream networks, each served by a CCR (1016 to 1072 depending on customer volumes). Basically, the customer CPE has the network-level CCR as the D...
by flameproof
Tue May 05, 2020 3:55 pm
Forum: General
Topic: CCR1072 running out of CPU, what next for a PPPoE ISP?
Replies: 23
Views: 5875

Re: CCR1072 running out of CPU, what next for a PPPoE ISP?

Simple question, why have you not split it over 2 x 1072s? Cost, essentially. The 1072 costs over $4000 in Kenya, so it's quite a heavy hit unless we can also add the number of customers to support the CAPEX. However, that is one test we are going to do, with a 1036 (we don't have that many 1072s l...
by flameproof
Tue May 05, 2020 2:26 pm
Forum: General
Topic: CCR1072 running out of CPU, what next for a PPPoE ISP?
Replies: 23
Views: 5875

Re: CCR1072 running out of CPU, what next for a PPPoE ISP?

In that case, the manual should be upgraded accordingly... it still says Simple queues have a strict order - each packet must go through every queue until it reaches one queue which conditions fit packet parameters or until the end of the queues list is reached. (In case of 1000 queues, a packet fo...
by flameproof
Tue May 05, 2020 1:40 pm
Forum: General
Topic: CCR1072 running out of CPU, what next for a PPPoE ISP?
Replies: 23
Views: 5875

Re: CCR1072 running out of CPU, what next for a PPPoE ISP?

So in terms of the loads, the CPUs are in the low 10s at most, except the ones that get to 100%. In terms of queues, I have a lab setup where I did test using 5 hAPs downloading a large file from a HTTP server repeatedly, and testing queues etc. I got the queues to work (PCQ queue type holding the r...
by flameproof
Tue May 05, 2020 1:17 pm
Forum: General
Topic: CCR1072 running out of CPU, what next for a PPPoE ISP?
Replies: 23
Views: 5875

Re: CCR1072 running out of CPU, what next for a PPPoE ISP?

Hi sindy, Thank you for your very detailed and quick reply. I'll quote and reply in blocks: you are cutting the edge all the time, which /tool profile or, even better, CPU usage graph should show We don't see any single CPU get loaded to 100% for extended periods of time, it's more like many CPUs sp...
by flameproof
Tue May 05, 2020 12:18 pm
Forum: General
Topic: CCR1072 running out of CPU, what next for a PPPoE ISP?
Replies: 23
Views: 5875

CCR1072 running out of CPU, what next for a PPPoE ISP?

Hi all, I'm writing to pick the collective mind on our conundrum. We have been in contact with Mikrotik support, due to a problem we are having in some of our networks (we're a small ISP in Kenya), where under 1400 to 2000 CPEs connected, over PPPoE, cause "flaps", where the CCR gets in a ...
by flameproof
Tue Nov 05, 2019 11:10 am
Forum: General
Topic: How to limit PPPoE connection request attack?
Replies: 36
Views: 15808

Re: How to limit PPPoE connection request attack?

Apologies for bumping this old thread, but the problem still exists. Example: we have ~1200 PPPoE clients in an area, after a massive power cut, they all come back online at once: Screen Shot 2019-11-05 at 09.52.16.png When this happens, our RADIUS server is suddenly hit by thousands of requests, be...
by flameproof
Mon Nov 04, 2019 9:52 pm
Forum: General
Topic: RADIUS "pending" requests never go through
Replies: 0
Views: 912

RADIUS "pending" requests never go through

Hi all, Having a strange issue with some of our CCRs (1016 and 1036s), where the number of "pending" RADIUS requests increases slowly and never drops to zero, but strangely, remains at the steadily increasing value. The RADIUS client is used for PPPoE authentication of our customer CPEs, a...
by flameproof
Thu Oct 31, 2019 1:05 pm
Forum: Announcements
Topic: v6.45.7 [stable] is released!
Replies: 104
Views: 69896

Re: v6.45.7 [stable] is released!

jacekes Should be fixed now. Sunlight , flameproof Please send supout.rif file to support@mikrotik.com maryaadmins Check if addresses are not given out by the Cisco router. In most cases, your described issue is caused by another DHCP server in your network. Have just sent a supout and export verbo...
by flameproof
Thu Oct 31, 2019 12:13 pm
Forum: Announcements
Topic: v6.45.7 [stable] is released!
Replies: 104
Views: 69896

Re: v6.45.7 [stable] is released!

After upgrading a CCR1016 to 6.45.7, I have "lost" all access to RADIUS settings. From WebFig, RADIUS tab shows no entries (I had three, one dhcp and two ppp, with one being UDP and the other RADSEC). From cli, /radius print just hangs, no output. /radius remove [ find ] also hangs. From W...
by flameproof
Thu Oct 31, 2019 9:11 am
Forum: General
Topic: Graphing in WebFig not able to measure above 2Gbps
Replies: 5
Views: 1827

Re: Graphing in WebFig not able to measure above 2Gbps

Do I need to file it as a bug anywhere then? Or it gets taken from here directly?
by flameproof
Wed Oct 30, 2019 6:59 pm
Forum: General
Topic: Graphing in WebFig not able to measure above 2Gbps
Replies: 5
Views: 1827

Re: Graphing in WebFig not able to measure above 2Gbps

Good catch! Is it a bug then? :-)
by flameproof
Wed Oct 30, 2019 6:39 pm
Forum: General
Topic: Graphing in WebFig not able to measure above 2Gbps
Replies: 5
Views: 1827

Graphing in WebFig not able to measure above 2Gbps

Hi all, Having a weird problem, this is a CCR1072 running 6.44.3. Under Tools -> Graphing, our upstream interface graph shows this: Screen Shot 2019-10-30 at 17.33.51.png However, we are pushing closer to 4Gbps at peak times, which reflects in the HTML-based graph view: Screen Shot 2019-10-30 at 17....
by flameproof
Fri Jun 14, 2019 3:00 pm
Forum: General
Topic: Limit PPPoE flood after CCR reboot/link loss
Replies: 0
Views: 900

Limit PPPoE flood after CCR reboot/link loss

Hi, We have some CCR1016s running PPPoE servers, handling up to 800 sessions in one case. If the CCR reboots or the uplink to the RADIUS server etc. is lost, when things go back to normal, all clients want to connect, all at once. The RADIUS server is thus hit with hundreds of access & accountin...
by flameproof
Mon May 20, 2019 9:20 am
Forum: RouterBOARD hardware
Topic: LtAP Kit no registration - Vodafone ES SIM
Replies: 2
Views: 1714

Re: LtAP Kit no registration - Vodafone ES SIM

Thanks for the suggestion, I did notice the graphic with two SIMs and two small dots - it would be nice to have an extended manual for this device. However, this was not the issue, the SIM was recognized fine. I have got the LtAP to register, barely (121 link downs overnight!) doing: - Removed the h...
by flameproof
Mon May 20, 2019 1:37 am
Forum: Wireless Networking
Topic: wAP LTE Kit EU - Slow LTE speed
Replies: 68
Views: 31699

Re: wAP LTE Kit EU - Slow LTE speed

I have just received two units, testing for an order of ~30. Cannot even connect to the network. Cannot change to 3G, keeps reverting to LTE upon saving. Same SIM and settings as used in an SXT LTE which worked fine (within reason, it had to have a good view of a cell tower). I have a Linksys LTE ro...
by flameproof
Mon May 20, 2019 12:39 am
Forum: RouterBOARD hardware
Topic: LtAP Kit no registration - Vodafone ES SIM
Replies: 2
Views: 1714

LtAP Kit no registration - Vodafone ES SIM

I have an oldish SXT LTE which has worked fine with a Vodafone Spain SIM card. I have ordered two LtAP Kit units, which has a followup order of 30 more to be used as backups on our remote sites. Nothing I have tried has gotten this device to register on the network. I have tried two other SIMs, same...
by flameproof
Wed Feb 13, 2019 11:55 am
Forum: RouterBOARD hardware
Topic: PowerBox powering options
Replies: 10
Views: 3039

Re: PowerBox powering options

The PowerBox Pro has a self-consumption of 3.1W vs. less than 1W for the PowerBox. With the LightBeam and two UniFis connected, it's drawing 15W with no traffic, vs 11.5W of the PowerBox. It's also a lot more expensive :-)
by flameproof
Mon Feb 11, 2019 11:48 pm
Forum: RouterBOARD hardware
Topic: PowerBox powering options
Replies: 10
Views: 3039

Re: PowerBox powering options

So, new results are in, with a super-duper-wondercable ordered from Amazon (20€). Cat6, 30m, supposedly "high quality". Measured resistance 5.8 ohms vs. 21 ohms from the grey cable. This time, the PowerBox PSU + injector keeps the three devices powered, even during the same speed tests on ...
by flameproof
Mon Feb 11, 2019 10:53 am
Forum: RouterBOARD hardware
Topic: PowerBox powering options
Replies: 10
Views: 3039

Re: PowerBox powering options

Try these:

https://mikrotik.com/product/rbgpoe_con_hp

Or a power supply with 28/30v

Thanks for the suggestion, but this would add too much extra cost (converter + 48V injector + waterproof box on the roof).
by flameproof
Mon Feb 11, 2019 10:52 am
Forum: RouterBOARD hardware
Topic: PowerBox powering options
Replies: 10
Views: 3039

Re: PowerBox powering options

Thanks for the comments! Check the specs of your wireless gear. If they can run on voltage higher than 24V (e.g. up to 48V), then go for 30V power supply (that's maximum that powerbox handles). The Ubiquiti gear won't take higher - well it might, but it may wear out the caps faster etc. This is also...
by flameproof
Mon Feb 11, 2019 1:35 am
Forum: RouterBOARD hardware
Topic: PowerBox powering options
Replies: 10
Views: 3039

PowerBox powering options

Hi all, I'm testing the PowerBox for deployment on rooftops with a 30m Cat6 cable run from the 24V PoE injector into ETH1, then two UniFi Mesh APs + one LightBeam AC for backhaul, connected on ETH3 to ETH5. Measuring while directly powered via the barrel connector over a 50cm cable, setup works fine...
by flameproof
Thu Jan 17, 2019 6:34 pm
Forum: RouterBOARD hardware
Topic: RouterBOARD naming... not consistent!
Replies: 4
Views: 1495

Re: RouterBOARD naming... not consistent!

Not wanting to change it, just have a consistent way of identifying a router model over SSH, without complicated regex...
by flameproof
Thu Jan 17, 2019 5:27 pm
Forum: RouterBOARD hardware
Topic: RouterBOARD naming... not consistent!
Replies: 4
Views: 1495

Re: RouterBOARD naming... not consistent!

Have done so, model name remains the same. I thought it may have been in the firmware where v3.x had “old” naming and 4.x “new” based on RBxxxx, but looks to be fully baked in.
by flameproof
Thu Jan 17, 2019 4:44 pm
Forum: RouterBOARD hardware
Topic: RouterBOARD naming... not consistent!
Replies: 4
Views: 1495

RouterBOARD naming... not consistent!

Hi all, We use an in-house App for provisioning CPEs, currently the hAP Lite model (RB941-2nD-TC). The App first identifies the device it's connecting to, to make sure we don't try to provision say an RB951 with the config parameters for the hAP Lite. We have found a discrepancy in what is returned ...
by flameproof
Tue Oct 02, 2018 10:37 am
Forum: General
Topic: Failover route fails to carry traffic upon primary failure
Replies: 7
Views: 1808

Re: Failover route fails to carry traffic upon primary failure

@stoser how did you fix specifically? I believe the issue is how our masquerade is configured - we masquerade PPPoE to a specific upstream IP address, which of course breaks when the secondary route takes over, as the upstream IP range is different. I'm simulating all this in the lab but have a few ...
by flameproof
Fri Sep 28, 2018 12:43 pm
Forum: General
Topic: Failover route fails to carry traffic upon primary failure
Replies: 7
Views: 1808

Failover route fails to carry traffic upon primary failure

Hi all, I have a CCR1016 configured with a default gateway on ETH1 (10.20.10.1), distance 1, check gateway via ping. Then, another route on ETH5 (10.20.16.1) with distance 2. When I disable the primary interface on the upstream router, the CCR correctly marks the primary route as unreachable, and ma...
by flameproof
Wed May 16, 2018 4:29 pm
Forum: RouterBOARD hardware
Topic: S-31DLC20DI vs S-31DLC20D
Replies: 0
Views: 1136

S-31DLC20DI vs S-31DLC20D

Hi all,

We have ordered some S-31DLC20D SFP modules and received S-31DLC20DI instead. They seem to work fine, but they are physically different from other S-31DLC20D we have. I cannot find any differences on any website, and the S-31DLC20DI is not even on Mikrotik's site.

Anyone can shed some light?
by flameproof
Wed Apr 25, 2018 9:12 pm
Forum: General
Topic: Radius Problem with WebFig
Replies: 19
Views: 7207

Re: Radius Problem with WebFig

Apologies for reviving an old thread... but it's almost mid 2018, we're on 6.42.1, and RADIUS-based WebFig login still does not work . My RADIUS server is sending all the right replies. Log shows: Message RADIUS: MS-CHAP2-Success = 0x00533d35443744314535453536393636 Message user test.user logged in ...
by flameproof
Fri Sep 15, 2017 2:07 pm
Forum: RouterBOARD hardware
Topic: SXT LTE too low sensitivity? Not connecting
Replies: 8
Views: 2519

Re: SXT LTE too low sensitivity? Not connecting

OK thanks, good to know. I have moved the antenna's location, and it now establishes a link to the cell:
Registered.png
Download 28Mbps, upload 3.5Mbps. I'm on 6.40.3. It would be really really nice to have some real-time tools eg. scan working :-)
by flameproof
Fri Sep 15, 2017 1:44 pm
Forum: RouterBOARD hardware
Topic: SXT LTE too low sensitivity? Not connecting
Replies: 8
Views: 2519

Re: SXT LTE too low sensitivity? Not connecting

While we are at it - how long does a PLMN search cycle take? In order to align the antenna, on a normal SXT the LEDs are updated rather frequently - not sure how this works on the SXT LTE. I'd like to pan the SXT but I need to leave it for one full "cycle" before I can see the effect.
by flameproof
Fri Sep 15, 2017 1:42 pm
Forum: RouterBOARD hardware
Topic: SXT LTE too low sensitivity? Not connecting
Replies: 8
Views: 2519

Re: SXT LTE too low sensitivity? Not connecting

So while we have 800MHz LTE, in this case the Android phone and TP-Link are connected to Band 3. I have checked with Field Test on iOS and it is connected to an 800MHz tower.
by flameproof
Fri Sep 15, 2017 12:53 pm
Forum: RouterBOARD hardware
Topic: SXT LTE too low sensitivity? Not connecting
Replies: 8
Views: 2519

Re: SXT LTE too low sensitivity? Not connecting

The tower is on Band 3. These are the tower details as per the official government database:
Tower 735.png
Is there any way to get more details about the scanning / PLMN search progress?
by flameproof
Fri Sep 15, 2017 12:34 pm
Forum: RouterBOARD hardware
Topic: SXT LTE too low sensitivity? Not connecting
Replies: 8
Views: 2519

SXT LTE too low sensitivity? Not connecting

I'm trying to get an SXT LTE connected to Vodafone Spain. It connects fine in areas with good signal, but I'm in a place where the nearest cell tower is 4km away. I have two phones connected, plus a TP-Link LTE "MiFi" router. One phone and TP-Link show "two bars", but the Android...
by flameproof
Fri Sep 15, 2017 12:26 pm
Forum: Scripting
Topic: Stop a running background /tool fetch
Replies: 2
Views: 2358

Re: Stop a running background /tool fetch

Thanks so much for this - we use Bandwidth Test for certain segments of the network, but we want to be able to test traffic under "real" conditions, passing traffic through all Mikrotik boxes in the chain. Other than having a device behind each SXT doing its own traffic (expensive!!) we ch...
by flameproof
Thu Sep 14, 2017 12:43 pm
Forum: Scripting
Topic: Stop a running background /tool fetch
Replies: 2
Views: 2358

Stop a running background /tool fetch

I have the following setup to do load testing: - An array of 20 SXTs - One mANT - A server behind the mANT On each SXT there is a script that when run, it starts 10 scheduler tasks which in turn start parallel /tool fetch commands to download (and discard) a 10 MB .zip. This works really nice, but I...
by flameproof
Fri Sep 01, 2017 10:22 pm
Forum: Wireless Networking
Topic: mANTBox 19s dropping speed to zero
Replies: 5
Views: 2378

Re: mANTBox 19s dropping speed to zero

We have tried all settings, it doesn't matter if the channel is free or not. We see this on quite clean links. It'd be nice to have a spectrum analysis tool like Ubiquiti has in AirOS 8...
by flameproof
Fri Sep 01, 2017 10:47 am
Forum: Wireless Networking
Topic: mANTBox 19s dropping speed to zero
Replies: 5
Views: 2378

Re: mANTBox 19s dropping speed to zero

The current config is: 0 R name="W_AP" mtu=1500 l2mtu=1600 mac-address=********* arp=enabled disable-running-check=no interface-type=Atheros AR9888 radio-name="*******" mode=ap-bridge ssid="********" area="" frequency-mode=manual-txpower country=no_country_set...
by flameproof
Thu Aug 31, 2017 6:04 pm
Forum: Wireless Networking
Topic: mANTBox 19s dropping speed to zero
Replies: 5
Views: 2378

mANTBox 19s dropping speed to zero

Hi all, I have an mANTBox 19s, with 19 connected SXT 5s, and I see the following, every so often the total throughput drops to zero. Have tried various combinations of HW retries, protection modes, etc. and see changes in throughput, but the drops are still there: Screenshot at Aug 31 17-02-14.png A...
by flameproof
Mon Jul 24, 2017 2:06 pm
Forum: Wireless Networking
Topic: RB client won't accept EAP-TTLS certificate from RADIUS
Replies: 5
Views: 1832

Re: RB client won't accept EAP-TTLS certificate from RADIUS

Only ROS limitation is it needs the CA to contain the complete CA chain (on the server). But this is the case - my server is sending the full chain including the root CA that's used for the two intermediates. As they say, the proof is in the pudding, so I've gone out and spent $300 on two SSL certi...
by flameproof
Sun Jul 23, 2017 6:25 pm
Forum: Wireless Networking
Topic: RB client won't accept EAP-TTLS certificate from RADIUS
Replies: 5
Views: 1832

Re: RB client won't accept EAP-TTLS certificate from RADIUS

I have been testing the RADIUS server further using eapol_test (found in wpa_supplicant). The SSL certificate chain sent by RADIUS is now correct: /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA...
by flameproof
Sun Jul 23, 2017 5:05 pm
Forum: Wireless Networking
Topic: RB client won't accept EAP-TTLS certificate from RADIUS
Replies: 5
Views: 1832

Re: RB client won't accept EAP-TTLS certificate from RADIUS

Thanks for your input. I have investigated further, and find that NameCheap issues a bundle composed of: #1 COMODO RSA Certification Authority (as the root) #2 COMODO RSA Domain Validation Secure Server CA (issued by #1) But I have found that #1 is actually issued by AddTrust External CA Root, of wh...
by flameproof
Sun Jul 23, 2017 1:49 am
Forum: Wireless Networking
Topic: RB client won't accept EAP-TTLS certificate from RADIUS
Replies: 5
Views: 1832

RB client won't accept EAP-TTLS certificate from RADIUS

Hi all, I'm stumped by this problem, I have some RB connecting as wireless clients to a RB AP running in EAP mode, against a RADIUS server. I am using signed certificates for a valid domain, so no self-generated ones. No matter what I try, RADIUS ends up throwing up this: Reply-Message = "EAP T...
by flameproof
Tue Jul 18, 2017 3:48 pm
Forum: Wireless Networking
Topic: SXT 5 ac PtP unstable link speeds
Replies: 6
Views: 2276

Re: SXT 5 ac PtP unstable link speeds

Thanks for your input. I have to add we also tried the SXT HG5 ac, same result. Alignment is not the issue otherwise we would be incapable of aligning the NanoBeams too. Mikrotik needs a guide to maximize performance on their hardware, I keep finding posts here about it but they are unanswered or th...
by flameproof
Tue Jul 18, 2017 11:03 am
Forum: Wireless Networking
Topic: SXT 5 ac PtP unstable link speeds
Replies: 6
Views: 2276

Re: SXT 5 ac PtP unstable link speeds

We have finally replaced the SXT 5s with NanoBeam ACs (19dBi versions) and the link is stable, with -60 to -62 dBm both sides. Throughput is stable, and our problems are solved. Our links from SXT 5 to mANTBox 19s are working much better for some reason.
by flameproof
Tue Jun 13, 2017 9:00 pm
Forum: Wireless Networking
Topic: SXT 5 ac PtP unstable link speeds
Replies: 6
Views: 2276

Re: SXT 5 ac PtP unstable link speeds

Likely bad alignment. We have good LOS with no obstacles in the fresnel zone. On other grounds, if I change the TX power to one of the manual settings, its default value is 17dBm, whereas the SXT can reach 30. Does the "default" setting increase power above 17dBm? I have also noticed I can...
by flameproof
Tue Jun 13, 2017 5:58 pm
Forum: Wireless Networking
Topic: SXT 5 ac PtP unstable link speeds
Replies: 6
Views: 2276

SXT 5 ac PtP unstable link speeds

Hi all, I have a pair of SXT 5 ac pointed at each other, about 1,5km away. For reference a pair of NanoBeams would achieve links speeds of ~400Mbps at 80MHz. These two I can only get up to 50-80Mbps in one direction, and in the other the link goes down to "12 Mbps" bare, no width or other ...
by flameproof
Tue May 30, 2017 6:11 pm
Forum: General
Topic: Passing traffic through external firewall and back into CCR
Replies: 0
Views: 686

Passing traffic through external firewall and back into CCR

Hi all, I have a bit of a weird situation. A CCR is serving hotspot users and PPPoE clients on one ethernet interface (ETH2), and has another ethernet interface configured as WAN uplink (ETH1). PPPoE sessions are encrypted, the CPE device being a hAP. Hotspot users are just coming in via various WiF...
by flameproof
Tue May 30, 2017 1:52 pm
Forum: Scripting
Topic: Getting realtime traffic speeds from interface
Replies: 3
Views: 2364

Re: Getting realtime traffic speeds from interface

Thanks - this was a test using SSH before I move the code to use API. I'll test using API then.
by flameproof
Tue May 30, 2017 1:40 pm
Forum: Scripting
Topic: Getting realtime traffic speeds from interface
Replies: 3
Views: 2364

Getting realtime traffic speeds from interface

Hi all, Trying to get realtime traffic speed on PPPoE interfaces on a CCR, and with /interface/monitor-traffic <interface> I get this: name: <pppoe-661806175A84> rx-packets-per-second: 121 rx-bits-per-second: 52.9kbps fp-rx-packets-per-second: 0 fp-rx-bits-per-second: 0bps rx-drops-per-second: 0 rx-...
by flameproof
Wed Feb 22, 2017 4:25 pm
Forum: General
Topic: traffik flow pre/post nat?
Replies: 4
Views: 1989

Re: traffik flow pre/post nat?

The thread is a bit old, but I'm having similar issues. I'm trying to collect using nProbe + ntopng, and I see that v9 and IPFIX flows contain post-NAT address information, but this seems to be ignored by nProbe/ntopng - did you ever find a solution? I'm having the same problem whereby clients appea...
by flameproof
Mon Feb 20, 2017 1:29 pm
Forum: General
Topic: Simple queue puts interface at queue limit
Replies: 0
Views: 1200

Simple queue puts interface at queue limit

Hi all, Having a weird issue, it may be related to my limited understanding of queues (so far, learning fast...). I have a hotspot setup on a bridge interface, and on the hotspot server profile, Rate Limit set to 18M/18M. Users are auth'd via RADIUS, and given a rate limit of 1M/1M. Thus, I see one ...
by flameproof
Tue Feb 14, 2017 10:59 am
Forum: General
Topic: RB as upgrade source deletes files upon reboot
Replies: 1
Views: 986

RB as upgrade source deletes files upon reboot

Hi all, I'm using an hAP ac to provision hAP Lite CPEs we deploy, and part of that is upgrading the hAP's firmware. I upload the firmware files (smips) to the hAP ac, set the upgrade source on the Lite, it all works beautifully. However, if I reboot the hAP ac, the files uploaded are deleted. Is the...
by flameproof
Wed Jan 18, 2017 7:41 am
Forum: Wireless Networking
Topic: spectral-scan saved file format?
Replies: 19
Views: 7719

Re: spectral-scan saved file format?

On the tool itself, not likely to go on Github as it's internal to our company, but I can post a file format description & and example on how to read it. The file itself is not completely reverse-engineered, I was only interested in reading the RSSI samples, so anything such as frequency mapping...
by flameproof
Fri Jan 13, 2017 8:14 am
Forum: RouterBOARD hardware
Topic: SXT LTE wont find any networks. Broken?
Replies: 24
Views: 14540

Re: SXT LTE wont find any networks. Broken?

Just to contradict the user from Spain, I have an SXT LTE working on Vodafone, the signal is low but that's what I also get on my mobile - Vodafone doesn't have good LTE coverage here. With this signal I still get 19Mbps down, 12Mbps up.
SXT LTE Vodafone.png
by flameproof
Thu Jan 12, 2017 2:36 pm
Forum: Wireless Networking
Topic: spectral-scan saved file format?
Replies: 19
Views: 7719

Re: spectral-scan saved file format?

And a couple more screenshots, one showing a noisy scan, the other an AP doing somewhat intelligent reselection.
RF scan noisy.png
Reselection OK.png
by flameproof
Thu Jan 12, 2017 2:35 pm
Forum: Wireless Networking
Topic: spectral-scan saved file format?
Replies: 19
Views: 7719

Re: spectral-scan saved file format?

So, I finally managed to reverse-engineer the file format, to the extent that I can consistently read and interpret the results of spectral scans. I've now deployed on our network via a custom-made tool, which connects to each AP once an hour, runs the scan for 5 seconds, downloads the file, and pro...
by flameproof
Tue Dec 13, 2016 8:00 am
Forum: Wireless Networking
Topic: spectral-scan saved file format?
Replies: 19
Views: 7719

Re: spectral-scan saved file format?

I was fully aware of that URL and the posts pointing to it. However, after asking said forum member, I was told I could get 5 API calls per day and anything higher it would be paid-for. I need to process hourly readings from 55 APs, so it was going to get expensive fast. It became cheaper for me to ...
by flameproof
Wed Dec 07, 2016 11:13 am
Forum: Wireless Networking
Topic: spectral-scan saved file format?
Replies: 19
Views: 7719

Re: spectral-scan saved file format?

So I have emailed Mikrotik asking for the file format, with the aim of creating a tool to automate the collection and parsing of spectral scans from our AP deployment. We are having bad noise issues so we want to see if there are patterns, wether it's constrained to certain locations, etc. Our topol...
by flameproof
Wed Sep 21, 2016 1:13 pm
Forum: Wireless Networking
Topic: Nv2 Lite5 ac + mANT 19s stuck at 6Mbps
Replies: 1
Views: 1079

Re: Nv2 Lite5 ac + mANT 19s stuck at 6Mbps

Nobody has seen this happen before? Anyone from Mikrotik?
by flameproof
Wed Sep 07, 2016 11:45 am
Forum: RouterBOARD hardware
Topic: mAP lite
Replies: 58
Views: 27354

Re: mAP lite

So, we're considering this for a WISP-type deployment, where we cable apartment buildings using the mAP Lite as the end-user device. Our big issue is when we have to mass-configure them - we currently have an auto-config system that does firmware upgrade, configuration, insert into inventory, etc. e...
by flameproof
Wed Sep 07, 2016 11:09 am
Forum: Wireless Networking
Topic: Nv2 Lite5 ac + mANT 19s stuck at 6Mbps
Replies: 1
Views: 1079

Nv2 Lite5 ac + mANT 19s stuck at 6Mbps

Hi all, I'm connecting (in the lab) an SXT Lite5 ac to an mANT 19s, in Nv2 mode, and I'm only able to achieve a 6Mbps link. Bandwidth test shows 45Mbps throughput in TCP mode 50 connections, bidirectional. I've left things mostly as defaults, and tried in AC-only and A/N/AC mode too, and tweaking ra...
by flameproof
Thu May 26, 2016 3:12 pm
Forum: Announcements
Topic: MikroTik News May 2016 (Issue #72)
Replies: 26
Views: 29691

Re: MikroTik News May 2016 (Issue #72)

Quick one on the wAP. We run 2.4GHz 912s with a 5GHz board, using the 5GHz for connecting to backhaul, and the 2.4 to give client access. The 2.4 and 5GHz segments are effectively bridged, creating a flat transparent network all the way back to a CCR running the hotspot service. Would the wAP suppor...
by flameproof
Wed Apr 20, 2016 9:26 am
Forum: Wireless Networking
Topic: How does RB client choose between various hidden EAP access points
Replies: 0
Views: 793

How does RB client choose between various hidden EAP access points

Hi, I have several Ubiquiti NanoStation M5 setup in AP mode, EAP, and hidden SSID. The RB912s are setup as clients, and they are free to connect to any M5. I'm seeing some RBs connecting to the best M5 based on their location, but then another RB right next to them will connect to an M5 on the other...
by flameproof
Wed Apr 20, 2016 9:22 am
Forum: Wireless Networking
Topic: How to know if hotspot customers suffer from slow internet ?
Replies: 1
Views: 914

Re: How to know if hotspot customers suffer from slow internet ?

Your users could be idle, or trying to send a lot of traffic but not receiving any. Without sniffing the wire it's hard to tell, and when you mix wireless into it, which brings its own bag of issues (noise, low CCQ, etc.), even harder.

Best bet is to ask your users, via survey forms or similar.
by flameproof
Fri Apr 15, 2016 2:28 pm
Forum: General
Topic: Script or method to update dynamic DNS on failover interface
Replies: 2
Views: 1769

Re: Script or method to update dynamic DNS on failover interface

Thanks for the idea - have tested it and it works, it's fine for what I need. Awesome!
by flameproof
Fri Apr 15, 2016 11:54 am
Forum: General
Topic: Script or method to update dynamic DNS on failover interface
Replies: 2
Views: 1769

Script or method to update dynamic DNS on failover interface

I have a CCR1016 sitting in a remote location, connected via AirFiber to the internet backhaul. Since we get the occasional failure of the primary backhaul, I connected a 4G router to the CCR, so it can use this connection when the primary goes down. What I now need is for a way to find out the publ...
by flameproof
Thu Jan 28, 2016 5:57 pm
Forum: General
Topic: NTP client in NTP package not working
Replies: 4
Views: 2044

Re: NTP client in NTP package not working

It wasn't working on 6.33.3 and it's still not working on 6.33.5.
by flameproof
Mon Jan 25, 2016 12:41 pm
Forum: General
Topic: NTP client in NTP package not working
Replies: 4
Views: 2044

NTP client in NTP package not working

Hi all, On two CCR1012s, if I install the NTP package, the client side does not work - the time is set to January 10th (it's the 25th today) and the time is off by a few hours. If I disable the package and use SNTP instead, it syncs perfectly. Any ideas? A forum search shows this coming up every now...
by flameproof
Thu Dec 31, 2015 4:24 am
Forum: General
Topic: Known issues and bugs - a list
Replies: 284
Views: 170940

Re: Known issues and bugs - a list

There seems to be a bug in 6.33.3 (haven't checked older versions) with RADIUS-based user login (AAA). Upon login by a non-local user, the following is logged on the MT router: 03:16:54 radius,debug new request 0d:01 code=Access-Request service=login 03:16:54 radius,debug sending 0d:01 to x.x.x.x:18...
by flameproof
Wed Dec 30, 2015 11:41 pm
Forum: Wireless Networking
Topic: how to filter local traffic in hotspot
Replies: 3
Views: 1823

Re: how to filter local traffic in hotspot

You cannot do this easily. Once a host is placed in "auth'd" mode, all its traffic is accounted for and passed to RADIUS for accounting (if that's what you use). One solution I tested and worked, but ended up not implementing, was to use Traffic Flow, with an nfacctd listener which filtere...
by flameproof
Wed Dec 30, 2015 11:34 pm
Forum: Wireless Networking
Topic: different radius server per SSID
Replies: 6
Views: 2231

Re: different radius server per SSID

Do you really need to use three completely different RADIUS servers? Because using NAS-Port or other attributes, you can handle each request in a different section of the server's config, no need for three separate servers.
by flameproof
Wed Dec 30, 2015 11:10 pm
Forum: General
Topic: RB951G-2HnD Drops wi-fi connections
Replies: 4
Views: 1963

Re: RB951G-2HnD Drops wi-fi connections

Make sure your DHCP pool isn't being exhausted - are these always the same clients? Otherwise, you could have leases out to clients no longer connected. If this is the case, decrease the lease time, or use a script to remove the lease upon disassociation from the wireless side.
by flameproof
Wed Dec 30, 2015 11:08 pm
Forum: General
Topic: Radius issue with multiple Hotspot
Replies: 6
Views: 1896

Re: Radius issue with multiple Hotspot

The easiest way to achieve what you want is to use two hotspot profiles, with two DHCP pools, and use Location ID or Location Name to tell between the two at the RADIUS server. The other way is to differentiate based on Framed-IP-Address but that depends on what RADIUS server you have - I use Radiat...
by flameproof
Tue Dec 29, 2015 5:19 pm
Forum: General
Topic: WebFig hangs after RADIUS login
Replies: 0
Views: 1214

WebFig hangs after RADIUS login

Hi all, I've setup RADIUS login for users on a RB912, with no accounting. The access-request is received & processed fine by the RADIUS server, upon logging on WebFig, returning an access-reject upon a bad password, or an access-accept if user & pass are OK. So far, so good. The reply items ...
by flameproof
Sat Nov 14, 2015 2:27 pm
Forum: General
Topic: Traffic Flow changes in 6.29
Replies: 10
Views: 3040

Re: Traffic Flow changes in 6.29

So I've found a bit more about the flows sent by Mikrotik. In v1 and v5, there is no NAT information, and no matter what masquerade or proxy settings I use, I always get either the public IP, or the private IP, but not the endpoints. It may have to do with having the hostpot service running, when I ...
by flameproof
Fri Nov 13, 2015 3:09 pm
Forum: General
Topic: Traffic Flow changes in 6.29
Replies: 10
Views: 3040

Re: Traffic Flow changes in 6.29

Ahhh, I saw "something unusual" in your data, but haven't read thoroughly. Sure, you see two different flows: from the client to hotspot proxy and from proxy to the server. Just disable 'transparent proxy' option in Hotspot profile — and clients will go to Internet directly OK - I'll give...
by flameproof
Fri Nov 13, 2015 11:12 am
Forum: General
Topic: Traffic Flow changes in 6.29
Replies: 10
Views: 3040

Re: Traffic Flow changes in 6.29

OK two thoughts then - one, I'll reboot the router between changes, read in another thread that config changes won't apply to flows still active. I also tested with interfaces 'all'. Second one, I'm running this on a router running a hotspot service - will masquerading options affect how flows are c...
by flameproof
Thu Nov 12, 2015 4:41 pm
Forum: General
Topic: Traffic Flow changes in 6.29
Replies: 10
Views: 3040

Re: Traffic Flow changes in 6.29

I have just upgraded to 6.33 but still seeing this issue. In my case, I have the WAN interface on 10.20.0.12, and LAN clients on 10.30.0.0/24 with a gateway IP of 10.30.0.1. A client 10.30.0.250 downloads a file from a remote server, and I see these aggregates in my log, when monitoring the WAN inte...
by flameproof
Tue Sep 01, 2015 3:33 pm
Forum: RouterBOARD hardware
Topic: RB912 voltage measurement deviation
Replies: 2
Views: 846

Re: RB912 voltage measurement deviation

Thanks normis - not intending to use it in a scientific way, but I'd like to use it to notify someone if the batteries are running down to dangerous voltages, eg. if solar panels stop working, are blown down by wind or whatever.

Is there a circuit diagram of the RouterBoards available?
by flameproof
Tue Sep 01, 2015 3:23 pm
Forum: RouterBOARD hardware
Topic: RB912 voltage measurement deviation
Replies: 2
Views: 846

RB912 voltage measurement deviation

Hi all, I'm monitoring a couple of solar-powered RB912s, and it seems the voltage measurement shown in System -> Health is always lower than the actual DC voltage provided by the battery, by around 0.9V. Does anyone know if the DC voltage measurement is taken after a protection diode, or other circu...