Community discussions

Search found 149 matches

by Splash
Sun Sep 15, 2019 7:39 pm
Forum: General
Topic: IPSEC RSA Key with IKEv2 Support
Replies: 1
Views: 310

IPSEC RSA Key with IKEv2 Support

Does anyone know when RouterOS will support IKEv2 with RSA Keys?
rsa-key - authenticate using a RSA key imported in keys menu. Only supported in IKEv1;
by Splash
Mon Aug 26, 2019 4:47 pm
Forum: Forwarding Protocols
Topic: /ip route print where ... slow
Replies: 2
Views: 965

Re: /ip route print where ... slow

I tip which doesn't seem to stand out is to enclose the prefix with " 's
ip route print detail where dst-address="xx.xx.xx.xx/xx"
On a large route DB, this shouldn't take more than a few seconds to complete.
by Splash
Mon Aug 19, 2019 11:04 pm
Forum: General
Topic: Log all console commands [SOLVED]
Replies: 27
Views: 7204

Re: Log all console commands [SOLVED]

Hi

Has this been done / implemented
Nope
by Splash
Fri Aug 16, 2019 11:07 pm
Forum: General
Topic: Copper SFP S-RJ01 and CCR-1016-12S-1S+ not working together
Replies: 1
Views: 411

Re: Copper SFP S-RJ01 and CCR-1016-12S-1S+ not working together

I have a similar problem with running a S-RJ01 in a CCR1016. If I connect the interface to a 100Mbs network the router's interface locks up and no longer communicates with the connected network. A reboot is the only way to resolve this until it is used again. If I connect the interface to a 1Gbs net...
by Splash
Wed Jul 10, 2019 1:18 pm
Forum: Announcements
Topic: v6.44.5 [long-term] is released!
Replies: 97
Views: 35210

Re: v6.44.5 [long-term] is released!

Isn't EoIP using GRE? *) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160); So make sure you're allowing GRE before dropping invalid connections. You are right, the problem is in GRE state matching, but why EoIP tunnels is in invalid connection state now? EoIP is based...
by Splash
Tue Sep 18, 2018 11:38 am
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 148
Views: 28953

Re: v6.43 [current] is released!

We have a huge memory leak on the new 6.43 code running on our CRS326's. We use vlan. Within 12hrs the device reboots due to low memory. I reported this too with CRS317's and the only way I could resolve it was to downgrade back to 6.42.7. The fix is supposed to be coming out in the next beta. They...
by Splash
Fri Sep 14, 2018 3:39 pm
Forum: General
Topic: New IP cloud is coming.
Replies: 84
Views: 27075

Re: New IP cloud is coming.

You think there is any chance in the future to support multi-wan setups? One option is to prepend or append the interface number to the dyndns hostname?

pppoe-out1 = xxxxx-1.sn.mynetname.net
pppoe-out2 = xxxxx-2.sn.mynetname.net
by Splash
Fri Sep 14, 2018 3:04 pm
Forum: SwOS
Topic: CRS317 boot issue after power failure
Replies: 22
Views: 3235

Re: CRS317 boot issue after power failure

Hi, I use a CRS317 as core switch for my 10g LAN. We had two power failures in the last 2 weeks, because of thunderstorms. When the power comes back, the CRS317 isn't switching. I have to cut the power cables (1 and 2) and wait a minute. After that period, the switch works again. Is this a known pr...
by Splash
Fri Sep 14, 2018 2:51 pm
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 148
Views: 28953

Re: v6.43 [current] is released!

After updating CCR1009 to 6.43 there is a problem with port stability! Has anyone else encountered such a problem?
Nope, CCR1016, CCR1036 and CCR1072's all behaving.....
by Splash
Thu Sep 13, 2018 10:05 am
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 148
Views: 28953

Re: v6.43 [current] is released!

I sent 3 support output files 90%, 98% and then after the reboot 5%... at 98% the system was trying to swap as the SPI process ran at 100% on 1 CPU. I have a change at 3am to downgrade the switches back to 6.42.7 and hope the VLANs work with some of our providers. The next 6.44beta version should c...
by Splash
Wed Sep 12, 2018 7:18 pm
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 148
Views: 28953

Re: v6.43 [current] is released!

I have now noticed that my CRS125-24G-1S-2HnD is running out of memory, with 6.43.7 it ran around 95MB of free memory, with 6.43 it was down to 34MB free, over night it is now down to 31MB free. Good thing it don't have too much traffic going though this as multiple people are reporting reboots. At...
by Splash
Wed Sep 12, 2018 3:45 pm
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 148
Views: 28953

Re: v6.43 [current] is released!

We have a huge memory leak on the new 6.43 code running on our CRS317's. Some devices seem to be more affected than others, but within 10hrs the device reboots due to low memory. I encountered the same problem on a CCR while it was still rc. MT Support was unable to reproduce / fix it. Only a netin...
by Splash
Wed Sep 12, 2018 1:43 pm
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 148
Views: 28953

Re: v6.43 [current] is released!

We have a huge memory leak on the new 6.43 code running on our CRS317's. Some devices seem to be more affected than others, but within 10hrs the device reboots due to low memory.
by Splash
Thu Sep 06, 2018 2:58 pm
Forum: General
Topic: Group rights inconsistancies [SOLVED]
Replies: 11
Views: 773

Re: Group rights inconsistancies [SOLVED]

Thanks, it seems you are correct, Winbox requires the FTP permission to upload files to the device.
by Splash
Thu Sep 06, 2018 2:54 pm
Forum: General
Topic: Group rights inconsistancies [SOLVED]
Replies: 11
Views: 773

Re: Group rights inconsistancies [SOLVED]

Yup, interesting to note that ftp permission may be required for winbox to upload a file. I will definitely check and confirm this.
by Splash
Wed Sep 05, 2018 9:23 pm
Forum: General
Topic: Group rights inconsistancies [SOLVED]
Replies: 11
Views: 773

Re: Group rights inconsistancies [SOLVED]

*bump*
by Splash
Thu Aug 30, 2018 2:47 pm
Forum: General
Topic: Group rights inconsistancies [SOLVED]
Replies: 11
Views: 773

Re: Group rights inconsistancies [SOLVED]

> /user active print detail
Flags: R - radius, M - by-romon
0 R when=aug/30/2018 13:40:33 name="splash" address=10.18.0.1 via=winbox group=admin
by Splash
Thu Aug 30, 2018 2:46 pm
Forum: General
Topic: Group rights inconsistancies [SOLVED]
Replies: 11
Views: 773

Re: Group rights inconsistancies [SOLVED]

You have set default-group support and you can't set group with RADIUS itself, as far as I know (not for system users). Correct, but through RADIUS auth, you can set the group the user must be attached to. It works for all other admin functions, ie write access. splash Cleartext-Password := "passwo...
by Splash
Thu Aug 30, 2018 2:44 pm
Forum: General
Topic: Group rights inconsistancies [SOLVED]
Replies: 11
Views: 773

Re: Group rights inconsistancies [SOLVED]

# aug/30/2018 13:41:38 by RouterOS 6.42.7 # software id = 5Q9K-P6FX # # model = CCR1036-8G-2S+ # serial number = 91A808AD192F /user group add name=support policy=ssh,read,test,winbox,api,tikapp,!local,!telnet,!ftp,!reboot,!write,!policy,!password,!web,!sniff,!sensitive,!romon,!dude add name=admin p...
by Splash
Thu Aug 30, 2018 2:38 pm
Forum: General
Topic: Group rights inconsistancies [SOLVED]
Replies: 11
Views: 773

Re: Group rights inconsistancies [SOLVED]

/user group add name=support policy=ssh,read,test,winbox,api,tikapp,!local,!telnet,!ftp,!reboot,!write,!policy,!password,!web,!sniff,!sensitive,!romon,!dude add name=admin policy=local,telnet,ssh,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api,tikapp,!ftp,!web,!romon,!dude /user a...
by Splash
Wed Aug 29, 2018 3:55 pm
Forum: General
Topic: Group rights inconsistancies [SOLVED]
Replies: 11
Views: 773

Group rights inconsistancies [SOLVED]

If you add a user to the default "full" group, the user is able to upload new firmware, download backups etc. If you create a new group with all permissions ticked, the user is unable to upload new firmware or download backup files. Comparing the 2 groups, there are no options that are different thr...
by Splash
Wed Jun 13, 2018 2:45 pm
Forum: General
Topic: problems resolving IP Cloud addresses
Replies: 13
Views: 1415

Re: problems resolving IP Cloud addresses

I am having issues with the resolution of dynamic host names against the new NS servers. A number of requests timeout but some return ok. dig 1234567890.sn.mynetname.net @ns1.kissthenet.net ; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> 1234567890.sn.mynetname.net @ns1.kissthenet.net ;; global options: +...
by Splash
Wed Apr 04, 2018 10:42 am
Forum: General
Topic: Log all console commands [SOLVED]
Replies: 27
Views: 7204

Re: Log all console commands [SOLVED]

I wonder if there is a way to motivate Mikrotik to assist with this, or to provide a technical reason why it can't be done?
by Splash
Wed Feb 07, 2018 9:56 am
Forum: Wireless Networking
Topic: CAPsMAN SNMP [SOLVED]
Replies: 1
Views: 480

CAPsMAN SNMP [SOLVED]

Has anyone been able to monitor the status of remote CAPsMAN Devices using the only the controllers detail. I was hoping to only poll the controller and retrieve the list of CAPsMAN interfaces using SNMP to determine which are bound which are inactive? I see through a print of the interfaces it does...
by Splash
Tue Feb 06, 2018 6:12 pm
Forum: Announcements
Topic: v6.41.1 [current]
Replies: 106
Views: 15578

Re: v6.41.1 [current]

Has anyone had an issue with DHCP packets not being passed through a bridge using 6.41.1?

I have bridged 2 ports together, with 1 port being the network where a DHCP server resides and the second port where a DHCP client device is connected.

DHCP packets do not pass through the bridge.
by Splash
Mon Nov 27, 2017 7:09 pm
Forum: General
Topic: Weird LACP Issue
Replies: 7
Views: 2795

Re: Weird LACP Issue

I know this post is a bit old :) but would anyone be able to provide a working solution for creating a LAG between a Mikrotik and a Juniper router that actually works? I'm really struggling to use a CCR1009-8G-1S-1S+ with its 1 x 10g and 1 x 1g fibre ports in a LAG. Traffic flows over the 1g, but no...
by Splash
Sun Oct 22, 2017 9:36 am
Forum: Forwarding Protocols
Topic: BGP different AS same router
Replies: 2
Views: 606

Re: BGP different AS same router

Have you tried 2 BGP Instances (different local AS) and 2 separate Peers?
If you are running 2 x default routes, maybe a local VRF-Lite might help if you want to separate the routing tables.
by Splash
Sat Oct 21, 2017 9:24 pm
Forum: Forwarding Protocols
Topic: GRE Tunnel on Dynamic IP address
Replies: 9
Views: 13408

Re: GRE Tunnel on Dynamic IP address

I thought I'd just add an update to this. I am able to set this up using the DDNS hostname on the CORE, and no local IP set on the Client. Client: Dynamic IP /interface gre add comment="Dynamic GRE Interface" name=gre-tunnel1 remote-address=1.1.1.1 Core: Static IP /interface gre add comment="Dynamic...
by Splash
Wed Sep 06, 2017 10:26 am
Forum: General
Topic: Log all console commands [SOLVED]
Replies: 27
Views: 7204

Re: Log all console commands [SOLVED]

Feature request is different from "is there a way to do this now?" No there isn't. Feature request noted. The main basis for this is to track changes. At the moment I parse the configuration export with the /system history option to tie up what changes were made to a configuration and by whom. This...
by Splash
Sat Apr 29, 2017 4:02 pm
Forum: General
Topic: NAT64 and DNS64
Replies: 77
Views: 25574

Re: NAT64 and DNS64

Here's to hoping IPv6 on Mikrotik will take a leap forward and become a more complete solution. With the IPv6 certification now available from Mikrotik, I'm crossing fingers they will press forward with an IPv6 implementation that is more usable.
by Splash
Mon Apr 24, 2017 10:30 am
Forum: General
Topic: Log all console commands [SOLVED]
Replies: 27
Views: 7204

Re: Log all console commands [SOLVED]

Could I bump this up!
by Splash
Tue Feb 14, 2017 8:06 am
Forum: General
Topic: Log all console commands [SOLVED]
Replies: 27
Views: 7204

Re: Log all console commands [SOLVED]

I'd like to revive this post... There must be a way that Mikrotik adds support to log configuration changes. When you have 1000's of devices all logging to a remove syslog server the generic historical events are pretty useless since it just says that a change was made. As with Cisco, Juniper and a ...
by Splash
Thu Jan 26, 2017 11:11 am
Forum: General
Topic: ROS 6.38 serious DHCP server problem
Replies: 91
Views: 29870

Re: ROS 6.38 serious DHCP server problem

I have logged a support request and included a link to this topic. I hope more confirm this in the mean time. Hello, Sorry for delayed reply. Now we have fixed some bridging bugs from 6.38.x which could cause DHCP related problems and recommend upgrading to the latest v6.39rc. Best regards, Janis B...
by Splash
Tue Jan 17, 2017 8:28 pm
Forum: General
Topic: ROS 6.38 serious DHCP server problem
Replies: 91
Views: 29870

Re: ROS 6.38 serious DHCP server problem

I have logged a support request and included a link to this topic. I hope more confirm this in the mean time.
by Splash
Tue Jan 17, 2017 7:24 pm
Forum: General
Topic: ROS 6.38 serious DHCP server problem
Replies: 91
Views: 29870

Re: ROS 6.38 serious DHCP server problem

I have to agree with this problem. Since version 6.38 the DHCP Service stops responding and no new IP addresses are issued/renewed. To resolve the problem, one has to disable and re-enable the DHCP service. Both 6.38 and 6.38.1 are affected with this problem. Before Restart: (Mitel Phone) 19:19:22 d...
by Splash
Thu Dec 01, 2016 1:17 pm
Forum: RouterBOARD hardware
Topic: RB750Gr3 - Report and questions
Replies: 112
Views: 33054

Re: RB750Gr3 - Report and questions

Ive also noticed a problem with the auto-negotiation for 1Gbs. On a number of 1Gbs devices running on the RB750Gr2 work fine, however moving them to a Gr3, they refuse to run 1Gbs and can only work at 100Mbs....
by Splash
Thu Dec 01, 2016 1:15 pm
Forum: RouterBOARD hardware
Topic: RB750Gr3 - Report and questions
Replies: 112
Views: 33054

Re: RB750Gr3 - Report and questions

I noticed that the master-port option (ethernet interface) is not visible in winbox where its still configurable within the CLI.
by Splash
Thu Nov 17, 2016 3:31 pm
Forum: General
Topic: RB493G and Fast Path
Replies: 0
Views: 411

RB493G and Fast Path

Do you think Mikrotik will ever provide a firmware update or RouterOS update which will allow the RB493G to support Fast Path since it doesn't support it at the moment? http://wiki.mikrotik.com/wiki/Manual:Fast_Path#List_of_RouterBoards_with_FastPath_support name="ether1" default-name="ether1" type=...
by Splash
Mon Nov 07, 2016 11:23 am
Forum: General
Topic: why cant i downgrade my router ?
Replies: 7
Views: 775

Re: why cant i downgrade my router ?

What is your firmware version?

/system routerboard print
by Splash
Wed Oct 26, 2016 11:32 am
Forum: General
Topic: why cant i downgrade my router ?
Replies: 7
Views: 775

Re: why cant i downgrade my router ?

are you doing any layer7 firewall rules?
by Splash
Wed Oct 26, 2016 11:29 am
Forum: Beginner Basics
Topic: trouble forwarding ports to server
Replies: 5
Views: 1027

Re: trouble forwarding ports to server

Are you getting a "connection refused" or a "connection timeout" error. The connection refused error means the NAT is working, but the server is not listening on that port. Try disable your Mikrotik Firewall and just run the NAT rules with logging enabled? Can you telnet to the server on that port t...
by Splash
Wed Oct 26, 2016 11:25 am
Forum: Beginner Basics
Topic: Usermanager
Replies: 1
Views: 461

Re: Usermanager

Good question :)
by Splash
Wed Oct 26, 2016 11:05 am
Forum: Beginner Basics
Topic: MT SYSLOG SERVER
Replies: 2
Views: 1426

Re: MT SYSLOG SERVER

Here a few things you need to check.. 1. Make sure UDP port 514 is open on your Windows PC 2. Update your logging remote option with something like this example. /system logging action print *check which number is your remote option* /system logging action set 3 bsd-syslog=yes remote=1.1.1.1 syslog-...
by Splash
Wed Oct 26, 2016 11:01 am
Forum: Beginner Basics
Topic: [SOLVED] USB flash not showing up
Replies: 4
Views: 1281

Re: USB flash not showing up

Can you check you are running the latest firmware on the CRS device?

Does the device show up in the USB list?
/system resource usb print
by Splash
Wed Oct 26, 2016 10:59 am
Forum: Beginner Basics
Topic: export/import configuration between diffrent models
Replies: 4
Views: 1247

Re: export/import configuration between diffrent models

Can you edit the contents of a binary backup? (Never bothered to try opening one) Another thing to look for is the naming of wireless interfaces. We used a base template image to default our 2011 model CPE whenever we'd put one in stock, and many times, the restore lead to the wireless interface be...
by Splash
Wed Oct 19, 2016 12:26 pm
Forum: Beginner Basics
Topic: Static IPs
Replies: 5
Views: 816

Re: Static IPs

You could use the same address list to do the prioritisation using Firewall Mangle rules and Simple Queues/Queue Tree :) Thats a whole other discussion :)
by Splash
Wed Oct 19, 2016 12:19 pm
Forum: Beginner Basics
Topic: Active Users tab - how to kill hung winbox sessions
Replies: 4
Views: 4333

Re: Active Users tab - how to kill hung winbox sessions

Yup, its one of those "issues" that are not critical but will one day be sorted out. I guess they users are supposed to timeout but never do.
by Splash
Tue Oct 18, 2016 5:57 pm
Forum: General
Topic: NETCONF / YANG
Replies: 9
Views: 3070

Re: NETCONF / YANG

Did Mikrotik respond as I am also interested in NETCONF being supported. Would make systems more standardised.

https://tools.ietf.org/html/rfc6241
by Splash
Tue Oct 18, 2016 5:48 pm
Forum: General
Topic: DHCP in VRRP configuration
Replies: 6
Views: 2846

Re: DHCP in VRRP configuration

I had another look in the docs and found this. DHCP server lease submenu is used to monitor and manage server's leases. The issued leases are showed here as dynamic entries. You can also add static leases to issue a specific IP address to a particular client (identified by MAC address) . Generally, ...
by Splash
Tue Oct 18, 2016 5:39 pm
Forum: General
Topic: DHCP in VRRP configuration
Replies: 6
Views: 2846

Re: DHCP in VRRP configuration

You would only implement this in a situation when you have a failure of your router and do not have another option. In the field, this set up has proven to work fine in the implementations I have done. According to the DHCP RFC, the server "should" probe using ARP or ICMP, but I am not sure how Mikr...
by Splash
Tue Oct 18, 2016 5:22 pm
Forum: Beginner Basics
Topic: Active Users tab - how to kill hung winbox sessions
Replies: 4
Views: 4333

Re: Active Users tab - how to kill hung winbox sessions

Only option is to reboot the router as far as I know. You can steal safe-mode away from a user though.

http://wiki.mikrotik.com/index.php?titl ... #Safe_Mode
by Splash
Tue Oct 18, 2016 5:19 pm
Forum: Beginner Basics
Topic: Please help me & propose a solution‏
Replies: 3
Views: 625

Re: Please help me & propose a solution‏

the only other way to is enable encryption.
by Splash
Tue Oct 18, 2016 3:24 pm
Forum: Beginner Basics
Topic: Router reboots
Replies: 6
Views: 855

Re: Router reboots

side question i notice there is a sytem script running that im unsure of what its meant for but it has two reboot counters that i'm curious are the issue
What is in the script?

Do you find a autosupport.rif file saved in your files directory each time it reboots?
by Splash
Tue Oct 18, 2016 3:19 pm
Forum: Beginner Basics
Topic: firewall rules
Replies: 3
Views: 578

Re: firewall rules

*note - If you are thinking of evaluating your firewall rules using website hostnames/domain names, it will add an additional overhead to your router's CPU and may only work with HTTP and not HTTPS sites.
by Splash
Tue Oct 18, 2016 3:16 pm
Forum: Beginner Basics
Topic: Establishing 2 pppoe setup on single network
Replies: 3
Views: 528

Re: Establishing 2 pppoe setup on single network

The service name is defined by some ISP's when authenticating the ppp user and isnt something you could use.
by Splash
Tue Oct 18, 2016 3:13 pm
Forum: Beginner Basics
Topic: Static IPs
Replies: 5
Views: 816

Re: Static IPs

Start off by using DHCP to set manage all the IP Address information on your network. When you require a device to have a "static" IP Address, mark the address as static in the lease table and leave the rest to be managed dynamically. When setting a user with a static IP on the DHCP Server, it will ...
by Splash
Tue Oct 18, 2016 3:04 pm
Forum: Beginner Basics
Topic: Please help me & propose a solution‏
Replies: 3
Views: 625

Re: Please help me & propose a solution‏

There isn't much you can do about this since he could spoof a MAC address to gain access to your network again. Unfortunately you are going to spend an infinite amount of time trying to update rules each time he changes his MAC. One option is option is to find him and set the dogs on him. If you hav...
by Splash
Tue Oct 18, 2016 2:56 pm
Forum: Beginner Basics
Topic: Timer for DNS resolve is too short
Replies: 2
Views: 511

Re: Timer for DNS resolve is too short

There isnt a way to set a minimum TTL for cached DNS entries. Depending on how static this list is, one option (be it painful unless you script it), is to add a static entry for each address and set a TTL for it. Adding a static entry will stop the router having to lookup the hostname on a remote DN...
by Splash
Tue Oct 18, 2016 2:51 pm
Forum: Beginner Basics
Topic: Error: this page can't be displayed....
Replies: 6
Views: 2831

Re: Error: this page can't be displayed....

What type your WAN connection is? How's MTU configured on WAN interface? I'd also check the MTU settings especially if the connection is being made through a tunnel, like PPPoe, L2TP etc. Some networks and servers block ICMP which is used to negotiate the MTU path causing inconsistencies when the M...
by Splash
Tue Oct 18, 2016 2:48 pm
Forum: Beginner Basics
Topic: What's the meaning of *FFFFFFFE
Replies: 1
Views: 595

Re: What's the meaning of *FFFFFFFE

Could you post your configuration as the default and default-encrypt profiles are included with the RouterOS operating system and cannot be removed, only disabled. It looks like something has gone wrong with your defaults. I've only seen this referenced as an interface if the IP you are checking a r...
by Splash
Tue Oct 18, 2016 2:37 pm
Forum: Beginner Basics
Topic: export/import configuration between diffrent models
Replies: 4
Views: 1247

Re: export/import configuration between diffrent models

Binary backups are generally intended to be restored on the same exact router that generated them. I've even seen strangeness with restoring a binary backup onto a different unit of the same model and firmware revision. I've seen the same, but I fixed it by editing each interface and resetting the ...
by Splash
Tue Oct 18, 2016 2:34 pm
Forum: Beginner Basics
Topic: CAPSMAN - no dhcp offer
Replies: 1
Views: 647

Re: CAPSMAN - no dhcp offer

Check that your DHCP Server is running on the Bridge interface which connects all the CAPSMan interfaces together.
by Splash
Tue Oct 18, 2016 2:29 pm
Forum: General
Topic: DHCP in VRRP configuration
Replies: 6
Views: 2846

Re: DHCP in VRRP configuration

I'd agree with mpreissner, but sometimes you may have to run DHCP at the router level. An option to get this to work properly would be to change the primary router's dhcp server to respond immediately on the first DHCP request it receives, and set the secondary device to only respond after 10s. This...
by Splash
Fri Oct 14, 2016 4:34 pm
Forum: General
Topic: Ling Aggregation LACP how make stable 2Gb/s
Replies: 4
Views: 8523

Re: Ling Aggregation LACP how make stable 2Gb/s

I am not sure if this helps, but this configuration works well with Juniper. Std export: /interface bonding add comment="Primary Bonded Interface" name=bonding1 slaves=sfp1,sfp2 transmit-hash-policy=layer-2-and-3 Verbose export: /interface bonding add arp=enabled arp-interval=100ms arp-ip-targets=""...
by Splash
Fri Oct 14, 2016 4:30 pm
Forum: General
Topic: L2TP+IPSec with LAN Access
Replies: 10
Views: 3790

Re: L2TP+IPSec with LAN Access

to confirm...

1. You have a bridge created eg bridge1
2. You have added the LAN port to this Bridge (bridge1)
3. You have set the "bridge1" within the active PPP Profile Bridge setting
by Splash
Fri Oct 14, 2016 4:27 pm
Forum: General
Topic: wrong return -> (/ip arp find ... )
Replies: 7
Views: 1351

Re: wrong return -> (/ip arp find ... )

this wouldnt work as you have put the quotes after the $

$"mac-address";

should be

"$mac-address";
by Splash
Fri Oct 14, 2016 4:25 pm
Forum: Beginner Basics
Topic: Establishing 2 pppoe setup on single network
Replies: 3
Views: 528

Re: Establishing 2 pppoe setup on single network

If you are using the same credentials to authenticate the PPPOE user, you could set the PPP profile to only allow 1 client to authenticate. This would stop the second connection from being able to authenticate until the first connection is closed.

PPP - Profile - Limits
only one = yes
by Splash
Thu Oct 13, 2016 11:28 am
Forum: General
Topic: wrong return -> (/ip arp find ... )
Replies: 7
Views: 1351

Re: wrong return -> (/ip arp find ... )

Hmm,

Can you try put the arguments in " quotes and see if that helps?

What ROS are you running?
by Splash
Thu Oct 13, 2016 11:25 am
Forum: General
Topic: VRF Issues in RouterOS
Replies: 6
Views: 1644

Re: VRF Issues in RouterOS

You could also use the IP Route Rules option to tell the route to look up the destination in another routing table. This saves you from having to use the firewall mangle rules.

Example:
/ip route rule
add dst-address=10.188.120.2/32 table=DN42
by Splash
Wed Oct 12, 2016 7:25 pm
Forum: General
Topic: Traffic Monitoring tool
Replies: 3
Views: 1165

Re: Traffic Monitoring tool

As Mikrotik supports various types of flows (Netflow V5/V9 or IPFIX), most reporting applications work just fine. You may need to buy an application as there are not too many free open source collectors available.

https://www.google.com/search?q=Netflow ... g+software
by Splash
Wed Oct 12, 2016 7:16 pm
Forum: General
Topic: Interface warning
Replies: 1
Views: 687

Re: Interface warning

You need to check that the interface is running the same on both sides and that your patch lead is not faulty. This happens when one side of the connection is running at half-duplex and the other side is running at full-duplex.
by Splash
Wed Oct 12, 2016 7:13 pm
Forum: General
Topic: wrong return -> (/ip arp find ... )
Replies: 7
Views: 1351

Re: wrong return -> (/ip arp find ... )

I tested this on my router and dont seem to have the same issues when running this command.
/ip arp remove [/ip arp find address="192.168.19.76" and mac-address ="00:00:00:00:00:12" and dynamic=no]
If you just run the command on its own and not in your script, does it do the same thing?
by Splash
Wed Oct 12, 2016 7:01 pm
Forum: General
Topic: [Answered] Where are ip firewall address-list timeout values documented
Replies: 5
Views: 3568

Re: Where are ip firewall address-list timeout values documented

Address-List timers work in the same was as any other times made available within Mikrotik

Examples:
1d 00:00:00 - 1 day or 24hrs
12:00:00 - 12 hours
00:05:00 - 5 min
Example Code:
/ip firewall address-list add list=ddd address=2.2.2.2 timeout="1d 00:00:00"
by Splash
Wed Oct 12, 2016 6:58 pm
Forum: General
Topic: L2TP+IPSec with LAN Access
Replies: 10
Views: 3790

Re: L2TP+IPSec with LAN Access

You may need to update the L2TP profile you are using (profile=default-encryption in your case) and select the bridge you would like this client to be attached to, based on the below being part of the same network subnet. Example: /ppp profile add bridge=VPN-Bridge comment="Default L2TP Profile" nam...
by Splash
Wed Oct 12, 2016 6:51 pm
Forum: General
Topic: Mikrotik licensing
Replies: 3
Views: 499

Re: Mikrotik licensing

If you look under System --> License it will show you what the latest support version you are allowed to run with your current license if I remember correctly. Basically, you can upgrade your device without any problems, and the RouterOS should automatically convert your config from v5 to v6 (someti...
by Splash
Wed Oct 12, 2016 6:43 pm
Forum: General
Topic: IPv6 Tunnel over https
Replies: 8
Views: 1028

Re: IPv6 Tunnel over https

Ahh ok, thanks for the explanation :)
by Splash
Wed Oct 12, 2016 6:41 pm
Forum: General
Topic: L2TP Server Binding + Dynamic L2TP Interface duplication
Replies: 4
Views: 1928

L2TP Server Binding + Dynamic L2TP Interface duplication

RouterOS: 6.34.6 Model: CCR1036-12G-4S I use L2TP Server binding to link a username to an interface so that I can add the interface as part of a VRF and apply routes to it. Problem: Normally when the client connects and authenticates, it is attached to the L2TP Server Binding interface successfully ...
by Splash
Wed Oct 12, 2016 6:29 pm
Forum: General
Topic: Running out of disk space
Replies: 3
Views: 1424

Re: Running out of disk space

Since its running MRTG, the graph file is created with all null data. As data is saved to build the graph metrics, so the null values are replaced with real data. The size of the graph file on the Mikrotik remains the same size, but will have 1 for each graph set you create.
by Splash
Wed Oct 12, 2016 6:27 pm
Forum: General
Topic: IPv6 Tunnel over https
Replies: 8
Views: 1028

Re: IPv6 Tunnel over https

I am not 100% sure what you are asking, but if its about creating an IPv6 tunnel over IPv4 then.... What you are looking for is a 6to4 tunnel which you can create once you have enabled Ipv6 on the router. You can obtain a free tunnel broker account from Hurricane Electric @ https://tunnelbroker.net ...
by Splash
Tue Oct 04, 2016 2:11 pm
Forum: The Dude
Topic: The Dude, v6.37 [current] release.
Replies: 47
Views: 14863

Re: The Dude, v6.37 [current] release.

I see that the link to the latest The Dude client is not available on the website. So when using an older version it requests me to update it, but fails...

I downloaded the latest client from the URL : http://download2.mikrotik.com/routeros/ ... 6.37.1.exe
by Splash
Mon Sep 26, 2016 4:12 pm
Forum: Beginner Basics
Topic: Some advice for GRE tunnel
Replies: 4
Views: 597

Re: Some advice for GRE tunnel

If you run EoIP and bridge the tunnel with an interface connected to your DC lan, then yes as it works as a layer 2 network connection. If one were to use GRE/L2TP etc, you would need to split the network and route the specific IP addresses between each network. This may help you. http://wiki.mikrot...
by Splash
Mon Sep 26, 2016 12:01 pm
Forum: Beginner Basics
Topic: RB951Ui-2HnD - Ether1 burns my devices
Replies: 10
Views: 1032

Re: RB951Ui-2HnD - Ether1 burns my devices

Did you force POE to be on, on that interface?
by Splash
Mon Sep 26, 2016 10:49 am
Forum: Beginner Basics
Topic: Cisco -> Mikrotik
Replies: 8
Views: 1095

Re: Cisco -> Mikrotik

Please Suggest Me Which Device Batter For 10mBPS Leas Line Customer........

Thanks & Regarding
Naushad Ansari
E-Wave Techno Media Solution & Service's
I think you should create a new post with some more detail on what you are trying to do.
by Splash
Mon Sep 26, 2016 10:47 am
Forum: Beginner Basics
Topic: Viewing a file?
Replies: 6
Views: 579

Re: Viewing a file?

Best option I think is to download the file and view it on a PC.... unless the file is really small and only contains text :)
by Splash
Mon Sep 26, 2016 10:45 am
Forum: Beginner Basics
Topic: Some advice for GRE tunnel
Replies: 4
Views: 597

Re: Some advice for GRE tunnel

You could use GRE/L2TP, or possibly even an EoIP tunnel. It depends on how you are connecting the 2 sites together, and what bandwidth requirements you have. If there is minimal traffic, you could create an EoIP tunnel and bridge the 2 networks together. GL's are not that powerful so it really depen...
by Splash
Fri Sep 23, 2016 4:10 pm
Forum: General
Topic: CRS switch LACP support
Replies: 7
Views: 2065

Re: CRS switch LACP support

I see that running RouterOS 6.36.3 on a CRS125 it does support 802.3ad as a bonding mode.

Did I miss understand this question?
by Splash
Fri Sep 23, 2016 3:56 pm
Forum: Forwarding Protocols
Topic: VRF Interface Limit
Replies: 10
Views: 2149

Re: VRF Interface Limit

We have a client with more than 50 interfaces on a vrf without problem. We use CLI for do that
Cool, so we could say then that 50 interfaces is still ok?

When I ran in to this issue, we had attached about 80 interfaces (not all active) and found that the active sites suddenly became isolated.
by Splash
Fri Sep 23, 2016 3:55 pm
Forum: Forwarding Protocols
Topic: VRF Interface Limit
Replies: 10
Views: 2149

Re: VRF Interface Limit

Great, keep us updated. I thought I would have hit this bug by now, but when I checked we are at max 28 interfaces per VRF on a bunch of our routers, I guess we have been lucky that we terminate customer interfaces across multiple PE routers ! It is only a matter of time before we will hit the same...
by Splash
Fri Sep 23, 2016 3:47 pm
Forum: Forwarding Protocols
Topic: VRF Interface Limit
Replies: 10
Views: 2149

Re: VRF Interface Limit

Adding interfaces to a VRF from the CLI is horrific on RouterOS (Sorry guys, but it is).

There badly needs to be an append operator !
Yeah! I agree. I did post a feature request and MT support provided a post with an alternative.

http://forum.mikrotik.com/viewtopic.php?f=1&t=112416
by Splash
Fri Sep 23, 2016 3:46 pm
Forum: General
Topic: Feature request: Append values to configuration
Replies: 9
Views: 1480

Re: Feature request: Append values to configuration

Interesting workaround :)
Thanks!
by Splash
Fri Sep 23, 2016 3:16 pm
Forum: Beginner Basics
Topic: Hairpin NAT issue
Replies: 2
Views: 424

Re: Hairpin NAT issue

You may need to add a local static DNS entry for the local IP of the server, and use the Mikrotik to resolve your DNS queries. There is no need to try access the server using your external IP address, when the server is on your local LAN.
by Splash
Fri Sep 23, 2016 3:14 pm
Forum: Beginner Basics
Topic: After add load balans dsn error
Replies: 3
Views: 379

Re: After add load balans dsn error

I think your translator is not working properly as your replies make no sense.
by Splash
Fri Sep 23, 2016 3:12 pm
Forum: Beginner Basics
Topic: Let's Study MikroTik
Replies: 8
Views: 1924

Re: Let's Study MikroTik

Hello,

Unfortunately you will need to attend training to obtain this study material and be able to write your certification exam.
by Splash
Fri Sep 23, 2016 10:59 am
Forum: Beginner Basics
Topic: Cannot ping router interface
Replies: 1
Views: 497

Re: Cannot ping router interface

Do you have a route on your firewall to route that network range to the mikrotik router since it is not directly connected to the firewall and the mikrotik router has a default route back to the firewall.
by Splash
Fri Sep 23, 2016 10:55 am
Forum: Beginner Basics
Topic: Replacing Century Link Router
Replies: 1
Views: 365

Re: Replacing Century Link Router

I would suggest to start by installing the multicast package if you have not already done so from the "all packages group" for your particular RouterOS version. http://www.mikrotik.com/download Next you can visit the following support page to assist you in configuring the IGMP proxy on your Mikrotik...
by Splash
Fri Sep 23, 2016 10:47 am
Forum: Beginner Basics
Topic: Cisco -> Mikrotik
Replies: 8
Views: 1095

Re: Cisco -> Mikrotik

To set up BGP on a Mikrotik router, you would need to configure both an instance and a peer. Before continuing with the basic configuration, please make sure you have enabled the "routing" packaged within your routers packages list. If you are running IBGP, you can set a local loopback IP and use th...
by Splash
Fri Sep 23, 2016 10:38 am
Forum: Beginner Basics
Topic: Can help me to configure this networking scheme?
Replies: 8
Views: 1187

Re: Can help me to configure this networking scheme?

Thanks for your detailed requirements around your required solution. I would suggest that you may want to get in contact with your local consultant to assist you as this solution does require a number of configuration aspects.
by Splash
Fri Sep 23, 2016 10:30 am
Forum: Beginner Basics
Topic: After add load balans dsn error
Replies: 3
Views: 379

Re: After add load balans dsn error

I am not sure how valid this information is in trying to assist you, but you need to make sure that your DNS servers are available across all of your load balanced links, and that the upstream provider allows you to query these DNS servers. Example, if you run 2 links with 2 separate ISP's you will ...
by Splash
Fri Sep 23, 2016 10:22 am
Forum: Beginner Basics
Topic: Upgrade Firmware for Mikrotik Router
Replies: 2
Views: 620

Re: Upgrade Firmware for Mikrotik Router

There are 2 parts to upgrading your Cloud Core. 1 is the RouterOS and the second being the Firmware. Firmware updates provide additional hardware support and resolve underlying issues with the hardware which is bundled with each RouterOS release. Its advisable to run the latest firmware offered by y...
by Splash
Wed Sep 21, 2016 3:22 pm
Forum: Forwarding Protocols
Topic: VRF Interface Limit
Replies: 10
Views: 2149

Re: VRF Interface Limit

I am busy working with the Mikrotik Support, but it seems that even though you can add them on the CLI, it doesnt work.... something breaks :)
by Splash
Wed Sep 21, 2016 11:48 am
Forum: General
Topic: Feature request: Append values to configuration
Replies: 9
Views: 1480

Feature request: Append values to configuration

Example: When adding additional interfaces to a VRF on the CLI, one has to 'set' the current list with the additional interfaces rather than just appending the new interfaces to the existing list. Current: /ip route vrf set [find routing-mark=EXAMPLE] interfaces=vlan1,vlan2,vlan3 Requested: /ip rout...
by Splash
Wed Sep 21, 2016 11:43 am
Forum: Forwarding Protocols
Topic: VRF Interface Limit
Replies: 10
Views: 2149

VRF Interface Limit

It seems the limit imposed by Mikrotik for the number of interfaces which can be added to a VRF is set to 30. Through winbox, one is only able to add 30 interfaces before the interface stops allowing you to add more. This limit seems not to exist on the CLI as one can easy exceed this limit, however...
by Splash
Wed Sep 21, 2016 11:34 am
Forum: Forwarding Protocols
Topic: How to put dynamic interfaces to specific VRF
Replies: 7
Views: 4261

Re: How to put dynamic interfaces to specific VRF

I know this post is an old one and I had hoped Mikrotik would have resolved or increased this limit by now. I have run in to the same issue when adding GRE interfaces to a VRF with a VLAN. One can't add more than 30 through Winbox, but one can through the CLI. It seems even adding more than this val...
by Splash
Mon Sep 12, 2016 2:06 pm
Forum: Beginner Basics
Topic: Bridge mode - ARP settings
Replies: 1
Views: 552

Re: Bridge mode - ARP settings

You need to check that wlan1 is in "AP Bridge" mode.
by Splash
Mon Sep 12, 2016 2:05 pm
Forum: Beginner Basics
Topic: Setting Buttons
Replies: 2
Views: 346

Re: Setting Buttons

Erm, Nope I dont think so. :)
by Splash
Fri Apr 08, 2016 7:17 pm
Forum: Beginner Basics
Topic: Queues and Policies (QoS)
Replies: 7
Views: 1155

Re: Queues and Policies (QoS)

Managing traffic can become a complicated exercise, such as using Queue Trees. I'd start with my suggestion and then work from there. Yes you are correct about my example providing a guarantee and a limit. I'd suggest doing some reading up on Queue Trees and play around with them on a test router. Y...
by Splash
Fri Apr 08, 2016 2:44 pm
Forum: General
Topic: MTCNA requirement
Replies: 1
Views: 675

Re: MTCNA requirement

I was in the same position, but I found that attending the course helped to solidify certain concepts and build on your current knowledge. The MTCNA may seem trivial, but there are points taught that help to make best use of the device in the field, such a RoMON. Having completed the MTCNA and curre...
by Splash
Fri Apr 08, 2016 10:20 am
Forum: General
Topic: Winbox Window Tiling
Replies: 2
Views: 377

Re: Winbox Window Tiling

Agreed, however if the windows used are dynamic and changed all the time, it would be helpful to re-organise the windows..
by Splash
Thu Apr 07, 2016 1:01 pm
Forum: General
Topic: Winbox Window Tiling
Replies: 2
Views: 377

Winbox Window Tiling

It would be great if Winbox could one day support auto window tiling to automatically re-arrange open windows. Instead of manually moving open windows around and resizing them, it would be much more efficient to click a button to automatically arrange them in either a horizontal, vertical or quadran...
by Splash
Thu Apr 07, 2016 10:57 am
Forum: General
Topic: how to make browser automatically open when connect to my hotspot
Replies: 1
Views: 679

Re: how to make browser automatically open when connect to my hotspot

This is the operating system deciding its an open access point running through a captive portal. Newer Windows operating systems do offer this through a popup once the Wireless connection has been established.
by Splash
Thu Apr 07, 2016 10:55 am
Forum: General
Topic: Having to reboot router daily since 6.34.4
Replies: 5
Views: 837

Re: Having to reboot router daily since 6.34.4

I had the same problem with my SSTP VPN Tunnels. The tunnel would show up, but not pass any traffic. Logging in to the device showed no resource issues yet running a /export would not return any configuration. Rebooting the router would take a few attempts and there is a significant delay in the rou...
by Splash
Wed Apr 06, 2016 2:29 pm
Forum: Beginner Basics
Topic: Wireless Bridge mode DATA Speed
Replies: 3
Views: 602

Re: Wireless Bridge mode DATA Speed

The information you have provided isnt too detailed, but you can check the following:

1. Any queues applied on the devices?
2. Wireless band you are using (A/N), Wireless Frequency Bandwidth (20/40/80Mhz)
3. Limit set on Bandwidth test client?
by Splash
Wed Apr 06, 2016 2:23 pm
Forum: Beginner Basics
Topic: Queues and Policies (QoS)
Replies: 7
Views: 1155

Re: Queues and Policies (QoS)

What you need to do is create a simple queue and set a guaranteed amount of bandwidth but limited to a maximum amount. This means that it will always be given at least this amount if it needs it. If not then other services such as browsing can use the available/unused bandwidth. A Basic option would...
by Splash
Fri Apr 01, 2016 2:27 pm
Forum: General
Topic: IPIP Interface always UP (Running)
Replies: 5
Views: 523

Re: IPIP Interface always UP (Running)

Perfect! Thanks!

Good to know.
by Splash
Thu Mar 31, 2016 8:29 pm
Forum: General
Topic: IPIP Interface always UP (Running)
Replies: 5
Views: 523

Re: IPIP Interface always UP (Running)

Looking at the configuration: (without any changes between the 2 commands) /interface ipip add !keepalive local-address=y.y.y.y name=ipip-1 remote-address=x.x.x.x /interface ipip add clamp-tcp-mss=yes disabled=no dont-fragment=no dscp=inherit !ipsec-secret keepalive=10s,10 local-address=y.y.y.y mtu=...
by Splash
Thu Mar 31, 2016 8:19 pm
Forum: General
Topic: IPIP Interface always UP (Running)
Replies: 5
Views: 523

Re: IPIP Interface always UP (Running)

Ah, I thought it was enabled by default, thanks let me give that a try!

... Looking good!

Do you have any recommendations for the Keepalive settings or will the defaults do?
by Splash
Thu Mar 31, 2016 4:50 pm
Forum: General
Topic: IPIP Interface always UP (Running)
Replies: 5
Views: 523

IPIP Interface always UP (Running)

I have multiple LNS (CCR) devices around the country which I use to provide full HA to our IPIP Tunnel customers. VRRP is used between sites to allow for a single IPIP Tunnel termination configuration BGP is used to replicate the active routes to the various VRF's The issue is that if one creates an...
by Splash
Thu Mar 31, 2016 4:41 pm
Forum: Beginner Basics
Topic: SNTP Client Not Synchronizing Time
Replies: 3
Views: 3600

Re: SNTP Client Not Synchronizing Time

Another consideration is that the NTP request will originate from the IP attached to the interface the traffic is routed through. If this is a private address for example on a point to point link, it wont be able to connect out to the remote NTP site.
by Splash
Thu Mar 31, 2016 10:32 am
Forum: Announcements
Topic: v6.34.4 [current] is released!
Replies: 30
Views: 14064

Re: v6.34.4 [current] is released!

After upgrading from version 6.34.3 to 6.34.4 within a few hours the device (RB493G) stops responding over an SSTP VPN connection. The connection reports up on the CPE, but down on the VPN concentrator (CCR). The device is monitored over the SSTP connection using PING and SNMP. System resources look...
by Splash
Wed Mar 30, 2016 10:16 pm
Forum: Beginner Basics
Topic: how to create multiple dhcp1,dhcp2 like different ip series?
Replies: 2
Views: 555

Re: how to create multiple dhcp1,dhcp2 like different ip series?

With Mikrotik you are able to attach a DHCP Server to an interface, Bridge or a VLAN. This way you can run multiple DHCP Servers on the same router. 1. Create an IP Pool for each DHCP Server 2. Create a DHCP Server and attach it to the require interface. Repeat for each DHCP Server instance 3. Creat...
by Splash
Wed Mar 30, 2016 9:13 pm
Forum: Beginner Basics
Topic: Queues and Policies (QoS)
Replies: 7
Views: 1155

Re: Queues and Policies (QoS)

There are a number of ways one could tackle this, since each user has a unique IP address, you can look at per connection queuing with a set pool of bandwidth, making sure there is enough left for voice. 1. Another option would be to reserve an amount of bandwidth for the number of concurrent calls ...
by Splash
Tue Mar 15, 2016 11:37 am
Forum: General
Topic: HotSpot html upgrade
Replies: 1
Views: 596

HotSpot html upgrade

Is there a recommended process to update the hotspot web files from an older version. I suspect that this is not done through a normal RouterOS update. I seem to be getting client errors after an update to the latest version of 6.34.3. A customer is reporting that they are receiving an error : uploa...
by Splash
Mon Mar 14, 2016 5:34 pm
Forum: RouterBOARD hardware
Topic: SOHO-Router for 150-400 Mbit NAT?
Replies: 12
Views: 1844

Re: SOHO-Router for 150-400 Mbit NAT?

I think based on the cost and constant improvement on networking hardware. In a few years you will likely want to replace it to obtain the benefit of the latest connectivity options. For the small cost of the RB750Gr2, would it really matter to replace it in a few years. You get what you pay for, an...
by Splash
Mon Mar 14, 2016 1:50 pm
Forum: RouterBOARD hardware
Topic: CCR1016-12S-1S+ but with 2 x SFP+?
Replies: 2
Views: 706

Re: CCR1016-12S-1S+ but with 2 x SFP+?

Thanks for the detailed information. I used the 1016 as an example of the SFP only platform. I see the current SFP model I mentioned comes with dual power supply, so I hope they will look at expanding this platform on to the 36Core CPU with 2 x SFP+ ports and 24 x SFP! It would be a real win for POP...
by Splash
Mon Mar 14, 2016 12:36 pm
Forum: RouterBOARD hardware
Topic: CCR1016-12S-1S+ but with 2 x SFP+?
Replies: 2
Views: 706

CCR1016-12S-1S+ but with 2 x SFP+?

Anyone know if there will be a Cloud Core with 2 x SFP+ and 12/24 SFP ports available soon? I would like to deploy these but would like to have redundancy on the 10G up-links.
by Splash
Sun Mar 13, 2016 8:26 pm
Forum: General
Topic: Feature: /export with a term match
Replies: 4
Views: 1043

Re: Feature: /export with a term match

Line splitting normally happens when your terminal window isnt long enough for the full line. You can try doing it with a bigger window on a bigger screen :). I don't think it would require much work to implement some sort of filtering on the export command. I'll look at seeing if I can get sometime...
by Splash
Sat Mar 12, 2016 9:05 am
Forum: General
Topic: Feature: /export with a term match
Replies: 4
Views: 1043

Re: Feature: /export with a term match

Agreed, the only problem is that when you do this it wont include the configuration "sub-sections" which you would need to manually include. Since the OS is based on Linux, I don't think it would be too hard to include cmd line tools like grep for example. Juniper uses the 'match' function, Cisco us...
by Splash
Sat Mar 12, 2016 9:01 am
Forum: Beginner Basics
Topic: help me to configure, please..
Replies: 2
Views: 687

Re: help me to configure, please..

I think you need to double check your IP information provided to you by your ISP. The IP address ranges don't look correct as they are not in the same network address range based on your subnet mask. I'm guessing they are providing you with a point to point IP Address which routes your local public ...
by Splash
Fri Mar 11, 2016 10:01 am
Forum: General
Topic: Feature Request: NTP - Ability to Specify a Source IP Address
Replies: 2
Views: 991

Re: Feature Request: NTP - Ability to Specify a Source IP Address

Yeah I figured as much which sucks! I have had to use a NAT to fix it, but I hope in the future one does not need to implement a work around. Same with DNS queries sourced from the router.
by Splash
Fri Mar 11, 2016 9:59 am
Forum: General
Topic: BGP Advertisments Table Missing Data
Replies: 0
Views: 319

BGP Advertisments Table Missing Data

When one removes the Router ID from the BGP Instance so that it uses the interface IP automatically, the Advertisements table becomes blank, however the routes are being distributed correctly. In my case I am using 2 peers with the same same BGP Instance to distribute routes within a VRF. If I have ...
by Splash
Thu Mar 10, 2016 11:57 am
Forum: Beginner Basics
Topic: Firewall rule with dynamic interface
Replies: 3
Views: 691

Re: Firewall rule with dynamic interface

If you are worried about any configuration bound to a dynamic interface you should, as part of best practice, create a service binding. What this does is create an interface which is static, but linked to a dynamic username account. When ever the account connects it will be provided with the same in...
by Splash
Thu Mar 10, 2016 11:51 am
Forum: Beginner Basics
Topic: clear history ?
Replies: 2
Views: 810

Re: clear history ?

Hello,

It seems the only way for you to achieve this is to reboot the device. I am not sure why clearing the history is a requirement as its merely a log of changes made to the device and by whom.
by Splash
Thu Mar 10, 2016 11:47 am
Forum: General
Topic: Feature: /export with a term match
Replies: 4
Views: 1043

Feature: /export with a term match

I would like to ask that some more power be added to the export facility on the Mikrotik to include the ability to match particular configuration only and with their respective grouping. This would allow one to filter all configuration that matches a particular term which could be an ip, comment, in...
by Splash
Wed Mar 02, 2016 5:05 pm
Forum: Beginner Basics
Topic: Web page exception for blocked TCP Port
Replies: 3
Views: 616

Re: Web page exception for blocked TCP Port

I'll take a stab at an answer and say wouldn't a allow filter rule for the website placed above the drop rule work?
by Splash
Wed Mar 02, 2016 1:14 pm
Forum: Beginner Basics
Topic: Winbox V3.1 Managed List
Replies: 3
Views: 1411

Re: Winbox V3.1 Managed List

Hello,

This can be achieved by selecting the "Tools" menu option and enabling the "Advanced Mode" when running Winbox v3.x.
by Splash
Tue Mar 01, 2016 1:19 pm
Forum: Beginner Basics
Topic: ip flow
Replies: 1
Views: 343

Re: ip flow

Unfortunately not, but this is a feature I would also support in having implemented. You could try build a src-nat rule to try and make sure the source traffic is sourced from the right IP.
by Splash
Tue Mar 01, 2016 1:14 pm
Forum: Beginner Basics
Topic: Sxt lite 5 unable to update router os
Replies: 5
Views: 1065

Re: Sxt lite 5 unable to update router os

The device itself is unable to resolve the Mikrotik update server hostname. If you don't obtain your IP address information automatically through DHCP, check that you have set up a DNS server within the Mikrotik RouterOS .err msg show could not solve DNS shows that the router cannot resolve properly...
by Splash
Tue Mar 01, 2016 12:44 pm
Forum: Beginner Basics
Topic: SMB can access by WiFi but not by ethernet
Replies: 2
Views: 547

Re: SMB can access by WiFi but not by ethernet

Maybe some tests you could perform.

Check IP gateway that is being assigned to the client computer is correct. (subnet etc)
Ping the SMB share IP. (probably the 10.128.0.1 ip)
Traceroute to the SMB share IP.
Torch the interface to see if you are seeing requests.
by Splash
Mon Feb 29, 2016 2:47 pm
Forum: Beginner Basics
Topic: IPSEC can't connect if LAN ports are down
Replies: 1
Views: 363

Re: IPSEC can't connect if LAN ports are down

Hello,

Check that you don't have the "Dial On Demand" option set for the L2TP Tunnel.
by Splash
Mon Feb 29, 2016 2:34 pm
Forum: Beginner Basics
Topic: branding option
Replies: 4
Views: 964

Re: branding option

Hello,

Would you be able to provide more information? Are you referring to your HotSpot Login page?
by Splash
Mon Feb 29, 2016 2:26 pm
Forum: Beginner Basics
Topic: any body help me pls!!!!!!!!!!!!!!
Replies: 5
Views: 594

Re: any body help me pls!!!!!!!!!!!!!!

This might help: # Date: 03/06/2011 # Revised: 22/02/2013 # Revised: 01/08/2013 # Author: Alfredo Agius # Revised by Alexander Prozorov - adaptation for RouterOS version 6.xx # File: cleanUserManager # Tested on: RouterOS version 6.1 # # Description: Deletes Mikrotik User-Manager accounts whos not a...
by Splash
Mon Feb 29, 2016 2:22 pm
Forum: Beginner Basics
Topic: Deny All Traffic Rule
Replies: 2
Views: 2596

Re: Deny All Traffic Rule

Since you are wanting to allow traffic only from 2 /24 subnets, you want to start by creating an address-list for those 2 networks. /ip firewall address-list add address=192.168.1.0/24 list=Allowed_Networks add address=192.168.2.0/24 list=Allowed_Networks Next you will need to create the rule(s) to ...
by Splash
Mon Feb 29, 2016 2:09 pm
Forum: Beginner Basics
Topic: allow websites
Replies: 4
Views: 694

Re: allow websites

hi, I want to buy a new firewall. But i have some questions. In the office we have only one pc and we want to block all web sites and allow to just (exp) http://forum.mikrotik.com/ and http://www.accuweather.com/ i found it this model RB951Ui-2HnD and this model RB951G-2HnD which one is suitable fo...
by Splash
Mon Feb 29, 2016 2:00 pm
Forum: Beginner Basics
Topic: For filtering of log
Replies: 2
Views: 737

Re: For filtering of log

Hello, You could try this, but it may hide other system log messages you still want. In a nutshell edit the default 'info' topic and add an additional topic 'system' but in this case, negate it so that it ignores all info-system messages. Check the number of the logging item, to make sure you are ed...
by Splash
Fri Feb 26, 2016 12:31 pm
Forum: General
Topic: Feature: Auto-Upgrade to support FTP/SFTP/HTTP/HTTPS
Replies: 0
Views: 741

Feature: Auto-Upgrade to support FTP/SFTP/HTTP/HTTPS

Having the Auto Upgrade feature supporting more sources other than using a Mikrotik Router would be a big help. Having the ability to provide upgrades/downgrades through services such as FTP would allow one to make use of existing infrastructure or systems with far more disk space. (Barring running ...
by Splash
Wed Feb 24, 2016 10:25 am
Forum: Scripting
Topic: Script: PPPOE Interface Monitoring Script
Replies: 0
Views: 1763

Script: PPPOE Interface Monitoring Script

Hello, I wrote this script to help users determine when 1 or more of their PPPOE connections have failed. It is capable of monitoring 1 or more connections, for example a router running multiple ADSL Lines. I chose not to bother with email notifications as it wouldnt be helpful if the device only ha...
by Splash
Tue Feb 23, 2016 12:38 pm
Forum: General
Topic: Feature Request: NTP - Ability to Specify a Source IP Address
Replies: 2
Views: 991

Feature Request: NTP - Ability to Specify a Source IP Address

Hello,

Would it be possible to consider allowing one to specify a SOURCE IP Address when using the NTP Client. Such situations as using a routable loopback IP Address or specific local address where one wants the requests to originate from.

Such support is available for RADIUS and SYSLOG.