Community discussions

Search found 145 matches

by Splash
Wed Jul 10, 2019 1:18 pm
Forum: Announcements
Topic: v6.44.5 [long-term] is released!
Replies: 59
Views: 8141

Re: v6.44.5 [long-term] is released!

Isn't EoIP using GRE? *) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160); So make sure you're allowing GRE before dropping invalid connections. You are right, the problem is in GRE state matching, but why EoIP tunnels is in invalid connection state now? EoIP is based...
by Splash
Tue Sep 18, 2018 11:38 am
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 148
Views: 26749

Re: v6.43 [current] is released!

We have a huge memory leak on the new 6.43 code running on our CRS326's. We use vlan. Within 12hrs the device reboots due to low memory. I reported this too with CRS317's and the only way I could resolve it was to downgrade back to 6.42.7. The fix is supposed to be coming out in the next beta. They...
by Splash
Fri Sep 14, 2018 3:39 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: New IP cloud is coming.
Replies: 82
Views: 23867

Re: New IP cloud is coming.

You think there is any chance in the future to support multi-wan setups? One option is to prepend or append the interface number to the dyndns hostname?

pppoe-out1 = xxxxx-1.sn.mynetname.net
pppoe-out2 = xxxxx-2.sn.mynetname.net
by Splash
Fri Sep 14, 2018 3:04 pm
Forum: SwOS
Topic: CRS317 boot issue after power failure
Replies: 22
Views: 2844

Re: CRS317 boot issue after power failure

Hi, I use a CRS317 as core switch for my 10g LAN. We had two power failures in the last 2 weeks, because of thunderstorms. When the power comes back, the CRS317 isn't switching. I have to cut the power cables (1 and 2) and wait a minute. After that period, the switch works again. Is this a known pr...
by Splash
Fri Sep 14, 2018 2:51 pm
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 148
Views: 26749

Re: v6.43 [current] is released!

After updating CCR1009 to 6.43 there is a problem with port stability! Has anyone else encountered such a problem?
Nope, CCR1016, CCR1036 and CCR1072's all behaving.....
by Splash
Thu Sep 13, 2018 10:05 am
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 148
Views: 26749

Re: v6.43 [current] is released!

I sent 3 support output files 90%, 98% and then after the reboot 5%... at 98% the system was trying to swap as the SPI process ran at 100% on 1 CPU. I have a change at 3am to downgrade the switches back to 6.42.7 and hope the VLANs work with some of our providers. The next 6.44beta version should c...
by Splash
Wed Sep 12, 2018 7:18 pm
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 148
Views: 26749

Re: v6.43 [current] is released!

I have now noticed that my CRS125-24G-1S-2HnD is running out of memory, with 6.43.7 it ran around 95MB of free memory, with 6.43 it was down to 34MB free, over night it is now down to 31MB free. Good thing it don't have too much traffic going though this as multiple people are reporting reboots. At...
by Splash
Wed Sep 12, 2018 3:45 pm
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 148
Views: 26749

Re: v6.43 [current] is released!

We have a huge memory leak on the new 6.43 code running on our CRS317's. Some devices seem to be more affected than others, but within 10hrs the device reboots due to low memory. I encountered the same problem on a CCR while it was still rc. MT Support was unable to reproduce / fix it. Only a netin...
by Splash
Wed Sep 12, 2018 1:43 pm
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 148
Views: 26749

Re: v6.43 [current] is released!

We have a huge memory leak on the new 6.43 code running on our CRS317's. Some devices seem to be more affected than others, but within 10hrs the device reboots due to low memory.
by Splash
Thu Sep 06, 2018 2:58 pm
Forum: General
Topic: Group rights inconsistancies [SOLVED]
Replies: 11
Views: 699

Re: Group rights inconsistancies [SOLVED]

Thanks, it seems you are correct, Winbox requires the FTP permission to upload files to the device.
by Splash
Thu Sep 06, 2018 2:54 pm
Forum: General
Topic: Group rights inconsistancies [SOLVED]
Replies: 11
Views: 699

Re: Group rights inconsistancies [SOLVED]

Yup, interesting to note that ftp permission may be required for winbox to upload a file. I will definitely check and confirm this.
by Splash
Wed Sep 05, 2018 9:23 pm
Forum: General
Topic: Group rights inconsistancies [SOLVED]
Replies: 11
Views: 699

Re: Group rights inconsistancies [SOLVED]

*bump*
by Splash
Thu Aug 30, 2018 2:47 pm
Forum: General
Topic: Group rights inconsistancies [SOLVED]
Replies: 11
Views: 699

Re: Group rights inconsistancies [SOLVED]

> /user active print detail
Flags: R - radius, M - by-romon
0 R when=aug/30/2018 13:40:33 name="splash" address=10.18.0.1 via=winbox group=admin
by Splash
Thu Aug 30, 2018 2:46 pm
Forum: General
Topic: Group rights inconsistancies [SOLVED]
Replies: 11
Views: 699

Re: Group rights inconsistancies [SOLVED]

You have set default-group support and you can't set group with RADIUS itself, as far as I know (not for system users). Correct, but through RADIUS auth, you can set the group the user must be attached to. It works for all other admin functions, ie write access. splash Cleartext-Password := "passwo...
by Splash
Thu Aug 30, 2018 2:44 pm
Forum: General
Topic: Group rights inconsistancies [SOLVED]
Replies: 11
Views: 699

Re: Group rights inconsistancies [SOLVED]

# aug/30/2018 13:41:38 by RouterOS 6.42.7 # software id = 5Q9K-P6FX # # model = CCR1036-8G-2S+ # serial number = 91A808AD192F /user group add name=support policy=ssh,read,test,winbox,api,tikapp,!local,!telnet,!ftp,!reboot,!write,!policy,!password,!web,!sniff,!sensitive,!romon,!dude add name=admin p...
by Splash
Thu Aug 30, 2018 2:38 pm
Forum: General
Topic: Group rights inconsistancies [SOLVED]
Replies: 11
Views: 699

Re: Group rights inconsistancies [SOLVED]

/user group add name=support policy=ssh,read,test,winbox,api,tikapp,!local,!telnet,!ftp,!reboot,!write,!policy,!password,!web,!sniff,!sensitive,!romon,!dude add name=admin policy=local,telnet,ssh,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api,tikapp,!ftp,!web,!romon,!dude /user a...
by Splash
Wed Aug 29, 2018 3:55 pm
Forum: General
Topic: Group rights inconsistancies [SOLVED]
Replies: 11
Views: 699

Group rights inconsistancies [SOLVED]

If you add a user to the default "full" group, the user is able to upload new firmware, download backups etc. If you create a new group with all permissions ticked, the user is unable to upload new firmware or download backup files. Comparing the 2 groups, there are no options that are different thr...
by Splash
Wed Jun 13, 2018 2:45 pm
Forum: General
Topic: problems resolving IP Cloud addresses
Replies: 13
Views: 1248

Re: problems resolving IP Cloud addresses

I am having issues with the resolution of dynamic host names against the new NS servers. A number of requests timeout but some return ok. dig 1234567890.sn.mynetname.net @ns1.kissthenet.net ; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> 1234567890.sn.mynetname.net @ns1.kissthenet.net ;; global options: +...
by Splash
Wed Apr 04, 2018 10:42 am
Forum: General
Topic: Log all console commands [SOLVED]
Replies: 25
Views: 6315

Re: Log all console commands [SOLVED]

I wonder if there is a way to motivate Mikrotik to assist with this, or to provide a technical reason why it can't be done?
by Splash
Wed Feb 07, 2018 9:56 am
Forum: Wireless Networking
Topic: CAPsMAN SNMP [SOLVED]
Replies: 1
Views: 397

CAPsMAN SNMP [SOLVED]

Has anyone been able to monitor the status of remote CAPsMAN Devices using the only the controllers detail. I was hoping to only poll the controller and retrieve the list of CAPsMAN interfaces using SNMP to determine which are bound which are inactive? I see through a print of the interfaces it does...
by Splash
Tue Feb 06, 2018 6:12 pm
Forum: Announcements
Topic: v6.41.1 [current]
Replies: 106
Views: 14466

Re: v6.41.1 [current]

Has anyone had an issue with DHCP packets not being passed through a bridge using 6.41.1?

I have bridged 2 ports together, with 1 port being the network where a DHCP server resides and the second port where a DHCP client device is connected.

DHCP packets do not pass through the bridge.
by Splash
Mon Nov 27, 2017 7:09 pm
Forum: General
Topic: Weird LACP Issue
Replies: 7
Views: 2633

Re: Weird LACP Issue

I know this post is a bit old :) but would anyone be able to provide a working solution for creating a LAG between a Mikrotik and a Juniper router that actually works? I'm really struggling to use a CCR1009-8G-1S-1S+ with its 1 x 10g and 1 x 1g fibre ports in a LAG. Traffic flows over the 1g, but no...
by Splash
Sun Oct 22, 2017 9:36 am
Forum: Forwarding Protocols
Topic: BGP different AS same router
Replies: 2
Views: 570

Re: BGP different AS same router

Have you tried 2 BGP Instances (different local AS) and 2 separate Peers?
If you are running 2 x default routes, maybe a local VRF-Lite might help if you want to separate the routing tables.
by Splash
Sat Oct 21, 2017 9:24 pm
Forum: Forwarding Protocols
Topic: GRE Tunnel on Dynamic IP address
Replies: 9
Views: 12832

Re: GRE Tunnel on Dynamic IP address

I thought I'd just add an update to this. I am able to set this up using the DDNS hostname on the CORE, and no local IP set on the Client. Client: Dynamic IP /interface gre add comment="Dynamic GRE Interface" name=gre-tunnel1 remote-address=1.1.1.1 Core: Static IP /interface gre add comment="Dynamic...
by Splash
Wed Sep 06, 2017 10:26 am
Forum: General
Topic: Log all console commands [SOLVED]
Replies: 25
Views: 6315

Re: Log all console commands [SOLVED]

Feature request is different from "is there a way to do this now?" No there isn't. Feature request noted. The main basis for this is to track changes. At the moment I parse the configuration export with the /system history option to tie up what changes were made to a configuration and by whom. This...
by Splash
Sat Apr 29, 2017 4:02 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: NAT64 and DNS64
Replies: 77
Views: 24687

Re: NAT64 and DNS64

Here's to hoping IPv6 on Mikrotik will take a leap forward and become a more complete solution. With the IPv6 certification now available from Mikrotik, I'm crossing fingers they will press forward with an IPv6 implementation that is more usable.
by Splash
Mon Apr 24, 2017 10:30 am
Forum: General
Topic: Log all console commands [SOLVED]
Replies: 25
Views: 6315

Re: Log all console commands [SOLVED]

Could I bump this up!
by Splash
Tue Feb 14, 2017 8:06 am
Forum: General
Topic: Log all console commands [SOLVED]
Replies: 25
Views: 6315

Re: Log all console commands [SOLVED]

I'd like to revive this post... There must be a way that Mikrotik adds support to log configuration changes. When you have 1000's of devices all logging to a remove syslog server the generic historical events are pretty useless since it just says that a change was made. As with Cisco, Juniper and a ...
by Splash
Thu Jan 26, 2017 11:11 am
Forum: General
Topic: ROS 6.38 serious DHCP server problem
Replies: 91
Views: 27806

Re: ROS 6.38 serious DHCP server problem

I have logged a support request and included a link to this topic. I hope more confirm this in the mean time. Hello, Sorry for delayed reply. Now we have fixed some bridging bugs from 6.38.x which could cause DHCP related problems and recommend upgrading to the latest v6.39rc. Best regards, Janis B...
by Splash
Tue Jan 17, 2017 8:28 pm
Forum: General
Topic: ROS 6.38 serious DHCP server problem
Replies: 91
Views: 27806

Re: ROS 6.38 serious DHCP server problem

I have logged a support request and included a link to this topic. I hope more confirm this in the mean time.
by Splash
Tue Jan 17, 2017 7:24 pm
Forum: General
Topic: ROS 6.38 serious DHCP server problem
Replies: 91
Views: 27806

Re: ROS 6.38 serious DHCP server problem

I have to agree with this problem. Since version 6.38 the DHCP Service stops responding and no new IP addresses are issued/renewed. To resolve the problem, one has to disable and re-enable the DHCP service. Both 6.38 and 6.38.1 are affected with this problem. Before Restart: (Mitel Phone) 19:19:22 d...
by Splash
Thu Dec 01, 2016 1:17 pm
Forum: RouterBOARD hardware
Topic: RB750Gr3 - Report and questions
Replies: 112
Views: 31625

Re: RB750Gr3 - Report and questions

Ive also noticed a problem with the auto-negotiation for 1Gbs. On a number of 1Gbs devices running on the RB750Gr2 work fine, however moving them to a Gr3, they refuse to run 1Gbs and can only work at 100Mbs....
by Splash
Thu Dec 01, 2016 1:15 pm
Forum: RouterBOARD hardware
Topic: RB750Gr3 - Report and questions
Replies: 112
Views: 31625

Re: RB750Gr3 - Report and questions

I noticed that the master-port option (ethernet interface) is not visible in winbox where its still configurable within the CLI.
by Splash
Thu Nov 17, 2016 3:31 pm
Forum: General
Topic: RB493G and Fast Path
Replies: 0
Views: 382

RB493G and Fast Path

Do you think Mikrotik will ever provide a firmware update or RouterOS update which will allow the RB493G to support Fast Path since it doesn't support it at the moment? http://wiki.mikrotik.com/wiki/Manual:Fast_Path#List_of_RouterBoards_with_FastPath_support name="ether1" default-name="ether1" type=...
by Splash
Mon Nov 07, 2016 11:23 am
Forum: General
Topic: why cant i downgrade my router ?
Replies: 7
Views: 732

Re: why cant i downgrade my router ?

What is your firmware version?

/system routerboard print
by Splash
Wed Oct 26, 2016 11:32 am
Forum: General
Topic: why cant i downgrade my router ?
Replies: 7
Views: 732

Re: why cant i downgrade my router ?

are you doing any layer7 firewall rules?
by Splash
Wed Oct 26, 2016 11:29 am
Forum: Beginner Basics
Topic: trouble forwarding ports to server
Replies: 5
Views: 961

Re: trouble forwarding ports to server

Are you getting a "connection refused" or a "connection timeout" error. The connection refused error means the NAT is working, but the server is not listening on that port. Try disable your Mikrotik Firewall and just run the NAT rules with logging enabled? Can you telnet to the server on that port t...
by Splash
Wed Oct 26, 2016 11:25 am
Forum: Beginner Basics
Topic: Usermanager
Replies: 1
Views: 427

Re: Usermanager

Good question :)
by Splash
Wed Oct 26, 2016 11:05 am
Forum: Beginner Basics
Topic: MT SYSLOG SERVER
Replies: 2
Views: 1321

Re: MT SYSLOG SERVER

Here a few things you need to check.. 1. Make sure UDP port 514 is open on your Windows PC 2. Update your logging remote option with something like this example. /system logging action print *check which number is your remote option* /system logging action set 3 bsd-syslog=yes remote=1.1.1.1 syslog-...
by Splash
Wed Oct 26, 2016 11:01 am
Forum: Beginner Basics
Topic: [SOLVED] USB flash not showing up
Replies: 4
Views: 1150

Re: USB flash not showing up

Can you check you are running the latest firmware on the CRS device?

Does the device show up in the USB list?
/system resource usb print
by Splash
Wed Oct 26, 2016 10:59 am
Forum: Beginner Basics
Topic: export/import configuration between diffrent models
Replies: 4
Views: 1160

Re: export/import configuration between diffrent models

Can you edit the contents of a binary backup? (Never bothered to try opening one) Another thing to look for is the naming of wireless interfaces. We used a base template image to default our 2011 model CPE whenever we'd put one in stock, and many times, the restore lead to the wireless interface be...
by Splash
Wed Oct 19, 2016 12:26 pm
Forum: Beginner Basics
Topic: Static IPs
Replies: 5
Views: 769

Re: Static IPs

You could use the same address list to do the prioritisation using Firewall Mangle rules and Simple Queues/Queue Tree :) Thats a whole other discussion :)
by Splash
Wed Oct 19, 2016 12:19 pm
Forum: Beginner Basics
Topic: Active Users tab - how to kill hung winbox sessions
Replies: 4
Views: 3873

Re: Active Users tab - how to kill hung winbox sessions

Yup, its one of those "issues" that are not critical but will one day be sorted out. I guess they users are supposed to timeout but never do.
by Splash
Tue Oct 18, 2016 5:57 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: NETCONF / YANG
Replies: 6
Views: 2401

Re: NETCONF / YANG

Did Mikrotik respond as I am also interested in NETCONF being supported. Would make systems more standardised.

https://tools.ietf.org/html/rfc6241
by Splash
Tue Oct 18, 2016 5:48 pm
Forum: General
Topic: DHCP in VRRP configuration
Replies: 6
Views: 2516

Re: DHCP in VRRP configuration

I had another look in the docs and found this. DHCP server lease submenu is used to monitor and manage server's leases. The issued leases are showed here as dynamic entries. You can also add static leases to issue a specific IP address to a particular client (identified by MAC address) . Generally, ...
by Splash
Tue Oct 18, 2016 5:39 pm
Forum: General
Topic: DHCP in VRRP configuration
Replies: 6
Views: 2516

Re: DHCP in VRRP configuration

You would only implement this in a situation when you have a failure of your router and do not have another option. In the field, this set up has proven to work fine in the implementations I have done. According to the DHCP RFC, the server "should" probe using ARP or ICMP, but I am not sure how Mikr...
by Splash
Tue Oct 18, 2016 5:22 pm
Forum: Beginner Basics
Topic: Active Users tab - how to kill hung winbox sessions
Replies: 4
Views: 3873

Re: Active Users tab - how to kill hung winbox sessions

Only option is to reboot the router as far as I know. You can steal safe-mode away from a user though.

http://wiki.mikrotik.com/index.php?titl ... #Safe_Mode
by Splash
Tue Oct 18, 2016 5:19 pm
Forum: Beginner Basics
Topic: Please help me & propose a solution‏
Replies: 3
Views: 585

Re: Please help me & propose a solution‏

the only other way to is enable encryption.
by Splash
Tue Oct 18, 2016 3:24 pm
Forum: Beginner Basics
Topic: Router reboots
Replies: 6
Views: 802

Re: Router reboots

side question i notice there is a sytem script running that im unsure of what its meant for but it has two reboot counters that i'm curious are the issue
What is in the script?

Do you find a autosupport.rif file saved in your files directory each time it reboots?
by Splash
Tue Oct 18, 2016 3:19 pm
Forum: Beginner Basics
Topic: firewall rules
Replies: 3
Views: 540

Re: firewall rules

*note - If you are thinking of evaluating your firewall rules using website hostnames/domain names, it will add an additional overhead to your router's CPU and may only work with HTTP and not HTTPS sites.