Community discussions

MikroTik App

Search found 209 matches

by Splash
Fri Nov 17, 2023 7:57 pm
Forum: Forwarding Protocols
Topic: How in v7? Selectivity accept prefixes, not load the rest?
Replies: 12
Views: 3161

Re: How in v7? Selectivity accept prefixes, not load the rest?

V7 cannot really cope without a discard rule...especially when using peering route servers on non ARM64 based routers..... Its crazy that I have 1m (Many RS servers from difference exchanges) routes in my router that the filters have to pass through each time there is a change, when they could be fi...
by Splash
Mon Sep 11, 2023 12:56 pm
Forum: RouterBOARD hardware
Topic: New hAP ax lite LTE
Replies: 199
Views: 26155

Re: New hAP ax lite LTE

Thanks! Pity.
by Splash
Mon Sep 11, 2023 12:12 pm
Forum: RouterBOARD hardware
Topic: New hAP ax lite LTE
Replies: 199
Views: 26155

Re: New hAP ax lite LTE

Does the HAP AX have a USB Hub or is it just used to power the device, ie one can power the device, but also add additional USB devices such as a HUB etc?
by Splash
Fri Jul 21, 2023 11:45 am
Forum: Forwarding Protocols
Topic: [BGP] add-path-out seems to be ignored
Replies: 7
Views: 3783

Re: [BGP] add-path-out seems to be ignored

Something I found works for me on the CCR2004's is to set the CPU affinity to main under the template for all BGP peering sessions.
/routing bgp template
set input.affinity=main output.affinity=main
by Splash
Wed May 31, 2023 2:17 pm
Forum: General
Topic: Fault light on CRS-317-1G-16S+
Replies: 11
Views: 4267

Re: Fault light on CRS-317-1G-16S+

You will need to use this command
/system health settings detect-fans
by Splash
Tue May 16, 2023 7:38 pm
Forum: General
Topic: Fault light on CRS-317-1G-16S+
Replies: 11
Views: 4267

Re: Fault light on CRS-317-1G-16S+

Hi,
/system health settings detect-fans
7.8 = No change
7.9 = 1 worked, 1 didnt
by Splash
Thu Feb 02, 2023 5:31 pm
Forum: Announcements
Topic: v7.7 [stable] is released!
Replies: 357
Views: 113707

Re: v7.7 [stable] is released! bug with SFP info not visible

Hi,

with fw 7.4.1 no problem to see sfp info but with fw 7.7 not impossible to see information
maybe with new version I can see all info, btw both sfp are Mikrotik,

I do some tests with others sfp models I can see info!

Thank you
FLEXOPTIX SFP's (10G) working fine and showing details.
by Splash
Tue Nov 15, 2022 12:35 pm
Forum: General
Topic: Switch: block STP on one port in RouterOS v7
Replies: 4
Views: 1692

Re: Switch: block STP on one port in RouterOS v7

You could try a switching rule... The manual seems to state you need to depend on the switch model you are using. https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge "Dropping received BPDUs on a certain port can be done on some switch chips using ACL rules, but the Bridge Filter Input rules...
by Splash
Wed Oct 26, 2022 5:39 pm
Forum: General
Topic: VXLAN: Kernel Crash [TILE]
Replies: 2
Views: 435

Re: VXLAN: Kernel Crash [TILE]

@Mikrotik - SUP-95739
by Splash
Mon Oct 24, 2022 7:47 pm
Forum: General
Topic: VXLAN: Kernel Crash [TILE]
Replies: 2
Views: 435

VXLAN: Kernel Crash [TILE]

We created a VXLAN between a CCR2004 and a CCR1009 without any issues. The virtual VLAN worked by transmitting data successfully however, adding the VXLAN interface to a bridge caused the device to kernel panic and reboot. At one point we managed to disable the VXLAN interface within the bridge port...
by Splash
Mon Oct 24, 2022 7:43 pm
Forum: General
Topic: CRS317 - Hardware Switch configuration
Replies: 5
Views: 638

Re: CRS317 - Hardware Switch configuration

You could have a look at changing the bridge type to 0x88a8.
/interface bridge
add ether-type=0x88a8 frame-types=admit-only-vlan-tagged name=bridge1 vlan-filtering=yes
https://networkengineering.stackexchang ... -or-0x8100
by Splash
Thu Sep 01, 2022 10:09 am
Forum: RouterBOARD hardware
Topic: CRS317 NAND Replacement
Replies: 22
Views: 2324

Re: CRS317 NAND Replacement

100%, this will be my first option, but in case this doesn't work, Ill try the NAND replacement to save the device.
by Splash
Wed Aug 31, 2022 3:43 pm
Forum: RouterBOARD hardware
Topic: CRS317 NAND Replacement
Replies: 22
Views: 2324

Re: CRS317 NAND Replacement

Ok tracked down and warranty expired April 2019.
by Splash
Wed Aug 31, 2022 2:44 pm
Forum: RouterBOARD hardware
Topic: CRS317 NAND Replacement
Replies: 22
Views: 2324

Re: CRS317 NAND Replacement

Ha Ha, I could try all of them I guess :)
by Splash
Wed Aug 31, 2022 2:28 pm
Forum: RouterBOARD hardware
Topic: CRS317 NAND Replacement
Replies: 22
Views: 2324

Re: CRS317 NAND Replacement

Ah, so what if you don't know who the distributor is? :)
by Splash
Wed Aug 31, 2022 2:22 pm
Forum: RouterBOARD hardware
Topic: CRS317 NAND Replacement
Replies: 22
Views: 2324

Re: CRS317 NAND Replacement

Awesome, yeah the plan was to get an electronics repair company to replace the chip as they have the best tools for the job :). I have exported and saved the license, so at least that part is done in case the device completely dies. I have found it a bit of a struggle trying to find the 16MB chip th...
by Splash
Wed Aug 31, 2022 10:37 am
Forum: RouterBOARD hardware
Topic: CRS317 NAND Replacement
Replies: 22
Views: 2324

Re: CRS317 NAND Replacement

III: try netinstall, often solve, and you do not lose licence, and not all bad blocks are defective sectors...
Thanks, I'll give this a go first....
by Splash
Tue Aug 30, 2022 10:55 pm
Forum: RouterBOARD hardware
Topic: CRS317 NAND Replacement
Replies: 22
Views: 2324

Re: CRS317 NAND Replacement

True, and the cost of 16MB vs 32MB/64MB is really insignificant. I wonder if they did it to stop people using it for "something" else?

I can pick up a 128MB NAND for $2, if not less.
by Splash
Tue Aug 30, 2022 8:23 pm
Forum: RouterBOARD hardware
Topic: CRS317 NAND Replacement
Replies: 22
Views: 2324

Re: CRS317 NAND Replacement

Thanks for the guidance. I did reach out to Mikrotik and they said in a nutshell, they couldn't help and I would lose the license if I replaced the NAND. They said I would need to purchase a new one. The device logs 0 to disk, and only keeps the odd backup we save to it in case of an emergency resto...
by Splash
Tue Aug 30, 2022 2:57 pm
Forum: RouterBOARD hardware
Topic: CRS317 NAND Replacement
Replies: 22
Views: 2324

Re: CRS317 NAND Replacement

Thanks for the input.

Yup, It's a pity nand chip of $2 would send this device to ewaste..
I have exported the license from the device, would this not work?

From what I can pick up, the chip is: Winbond 25Q128FVSG 1553
by Splash
Tue Aug 30, 2022 11:48 am
Forum: RouterBOARD hardware
Topic: CRS317 NAND Replacement
Replies: 22
Views: 2324

CRS317 NAND Replacement

Hello, Would anyone know where on the board the NAND chip is for the CRS317 and what make/model/type it is? I need to look are replacing it due to bad blocks even with a very low total write count. Unfortunately, the device is a number of years old and wouldn't qualify for a warranty replacement. I ...
by Splash
Fri Jun 10, 2022 4:35 pm
Forum: General
Topic: V7: Winbox not displaying interfaces for gateways
Replies: 0
Views: 506

V7: Winbox not displaying interfaces for gateways

When adding a new route using RouterOS version 7, the gateway option within winbox no longer presents a list of interfaces available to select from. This can be quite annoying when one needs to type in interface names already present within the device, such as pppoe-out1 or l2tp-out1.
by Splash
Fri Mar 04, 2022 1:29 pm
Forum: RouterOS beta
Topic: BGP prefix count in ROS 7.1 stable
Replies: 21
Views: 13296

Re: BGP prefix count in ROS 7.1 stable

I think it is also related to the fact the BGP service was re-written by Mikrotik for version 7 and there was an oversight or they ran out of time? I know of no other BGP service that does not report on prefixes sent, received, rejected, etc. I had hoped V7 BGP would be a big jump forward in both pe...
by Splash
Fri Mar 04, 2022 9:50 am
Forum: RouterOS beta
Topic: BGP prefix count in ROS 7.1 stable
Replies: 21
Views: 13296

Re: BGP prefix count in ROS 7.1 stable

This sucks :)
by Splash
Fri Feb 18, 2022 7:15 pm
Forum: RouterOS beta
Topic: BGP prefix count in ROS 7.1 stable
Replies: 21
Views: 13296

Re: BGP prefix count in ROS 7.1 stable

This is still an issue for me on version 7.1.2.

Please fix :)
by Splash
Mon Feb 07, 2022 5:06 pm
Forum: General
Topic: Fault light on CRS-317-1G-16S+
Replies: 11
Views: 4267

Re: Fault light on CRS-317-1G-16S+

I am sorry to re-open this thread, but I am unable to get rid of the fault light if the fans are not spinning. I have 1 CRS317 switch which turns on a fault led when the fans stop spinning. I am running Version 7.1.1 with the V7.1.1 firmware. I tried downgrading, and then upgrading again with no luc...
by Splash
Wed Jan 12, 2022 4:21 pm
Forum: Announcements
Topic: WinBox v3.32 released!
Replies: 65
Views: 93540

Re: WinBox v3.32 released!

Has anyone seen that when running a ping/trace/torch from selecting an interface/ip/mac it starts with the stop button greyed out instead of the other way round. One has to press "start" an then "stop" for it to stop the action.
by Splash
Wed Jan 12, 2022 4:17 pm
Forum: Announcements
Topic: WinBox v3.32 released!
Replies: 65
Views: 93540

Re: WinBox v3.32 released!

Loads Very Slow... Have to clear cache everytime to make it respond fast.

Support Team Kindly Note tha same and do the needful
I see the same happening with this version.... I only have about 50 saved devices.
by Splash
Fri Dec 31, 2021 9:52 am
Forum: RouterBOARD hardware
Topic: The big CCR2004 reboot thread (was 2004 hardware issues?)
Replies: 458
Views: 148140

Re: The big CCR2004 reboot thread (was 2004 hardware issues?)

Anyone seen an issue with the CCR2004 on ROS V6.49.1 where there is packet loss each time BGP needs to converge its routes? If the routes from the remote peer are stable, then there is no packet loss across any interfaces. As soon as the CCR2004 needs to converge received or withdrawn routes, CPU g...
by Splash
Fri Dec 24, 2021 12:13 pm
Forum: RouterBOARD hardware
Topic: The big CCR2004 reboot thread (was 2004 hardware issues?)
Replies: 458
Views: 148140

Re: The big CCR2004 reboot thread (was 2004 hardware issues?)

I would say a say as a rule of thumb.... If you have a CCR2004, then run RouterOS 7.1.x The CPU is 64bit based architecture and the RouterOS V6 is a 32 bit operating system. After upgrading to 7.1.x you will also see 4GB of RAM vs 2GB. It seems with V6 on 2004, if the CPU is hit, then it interrupts ...
by Splash
Wed Dec 15, 2021 9:16 pm
Forum: RouterOS beta
Topic: Routing Filter conversion v6 to v7
Replies: 6
Views: 5307

Re: Routing Filter conversion v6 to v7

This was from version 6.49.2 (stable) to 7.1 (stable)
by Splash
Wed Dec 15, 2021 6:32 pm
Forum: RouterOS beta
Topic: Routing Filter conversion v6 to v7
Replies: 6
Views: 5307

Re: Routing Filter conversion v6 to v7

Here are a few examples. If you would like me to provide you with the full before and after, please let me know how I can send it to you? prefix-length=0-32 changes to dst-len > 32 all IPv4 transit routes, ie 0.0.0.0/0 were marked as invalid all IPV6 outbound routes were not advertised Example1 add ...
by Splash
Wed Dec 15, 2021 3:02 pm
Forum: RouterOS beta
Topic: Routing Filter conversion v6 to v7
Replies: 6
Views: 5307

Re: Routing Filter conversion v6 to v7

I picked up the same, and ended up rewriting all filters...
I'd say the conversion rate is probably close to 20% successful so far.
by Splash
Mon Dec 13, 2021 10:33 pm
Forum: RouterBOARD hardware
Topic: The big CCR2004 reboot thread (was 2004 hardware issues?)
Replies: 458
Views: 148140

Re: The big CCR2004 reboot thread (was 2004 hardware issues?)

Anyone seen an issue with the CCR2004 on ROS V6.49.1 where there is packet loss each time BGP needs to converge its routes? If the routes from the remote peer are stable, then there is no packet loss across any interfaces. As soon as the CCR2004 needs to converge received or withdrawn routes, CPU go...
by Splash
Mon Dec 13, 2021 9:01 am
Forum: RouterBOARD hardware
Topic: The big CCR2004 reboot thread (was 2004 hardware issues?)
Replies: 458
Views: 148140

Re: The big CCR2004 reboot thread (was 2004 hardware issues?)

Thats a little worrying....

You updated the firmware too?
by Splash
Wed Dec 08, 2021 9:42 am
Forum: RouterBOARD hardware
Topic: The big CCR2004 reboot thread (was 2004 hardware issues?)
Replies: 458
Views: 148140

Re: The big CCR2004 reboot thread (was 2004 hardware issues?)

I think the main note to take is that the CCR2004 platform is designed as a 64 bit device (ARM64), and running the operating system in 32bit compatibility mode is probably the primary issue its experiencing. For example it only exposes 50% of the devices RAM to the operating system in V6. I think th...
by Splash
Tue Dec 07, 2021 11:20 am
Forum: Forwarding Protocols
Topic: V7: Route Filters Assist
Replies: 2
Views: 2540

Re: V7: Route Filters Assist

ah! I tried to blackhole, but didn't try the "yes" option. appreciate the help.
by Splash
Tue Dec 07, 2021 9:37 am
Forum: Forwarding Protocols
Topic: V7: Route Filters Assist
Replies: 2
Views: 2540

V7: Route Filters Assist

Could someone point me in the right direction regarding the conversion of V6 route filters to V7. Through the upgrade process this is not automatically done and requires me to rebuild my full rule set. I tested the route filter conversion from V6 to V7 but it doesn't work even though it is marked as...
by Splash
Tue Dec 07, 2021 9:34 am
Forum: Forwarding Protocols
Topic: Winbox session drop on BGP feed import?
Replies: 2
Views: 3361

Re: Winbox session drop on BGP feed import?

This is due to the CPU peaking at 100% on the same core and the management process (winbox) causing Winbox to timeout.

You will need to re-login with Winbox or try a SSH session instead.
by Splash
Mon Dec 06, 2021 9:23 pm
Forum: RouterOS beta
Topic: Help migrating filter rules from v6 to v7
Replies: 13
Views: 5778

Re: Help migrating filter rules from v6 to v7

Also note that I tested the route filter conversion from V6 to V7 but it doesn't work even though it is marked as completed. The filters are removed from the V7 config after an upgrade.

https://help.mikrotik.com/docs/display/ ... ol+Status
by Splash
Mon Dec 06, 2021 9:21 pm
Forum: RouterOS beta
Topic: Help migrating filter rules from v6 to v7
Replies: 13
Views: 5778

Re: Help migrating filter rules from v6 to v7

Would anyone know what the syntax is to mark a route as unreachable based on a matcher. I have used a basic bgp-communities as an example example: add action=accept bgp-communities=no-export chain=BGP-IN set-type=unreachable becomes if (bgp-communities equal no-export) {set xxxxxxx; accept} gw only ...
by Splash
Mon Dec 06, 2021 2:48 pm
Forum: RouterBOARD hardware
Topic: CCR2004 packet loss
Replies: 135
Views: 58871

Re: CCR2004 packet loss

Running 6.49.1 with the queue fix I am picking up packet loss only when BGP is syncing routes (100k). If I disable the BGP session then the router shows no signs of packet loss. Packet loss is also experienced between the router and the internal network. Anyone know of a way to stop BGP impacting t...
by Splash
Mon Dec 06, 2021 2:47 pm
Forum: RouterBOARD hardware
Topic: CCR2004 packet loss
Replies: 135
Views: 58871

Re: CCR2004 packet loss

/queue type set ethernet-default pfifo-limit=300
/queue interface set [find where queue!=no-queue] queue=ethernet-default

viewtopic.php?p=895484#p895484
by Splash
Mon Dec 06, 2021 12:40 pm
Forum: RouterBOARD hardware
Topic: CCR2004 packet loss
Replies: 135
Views: 58871

Re: CCR2004 packet loss

Running 6.49.1 with the queue fix I am picking up packet loss only when BGP is syncing routes (100k). If I disable the BGP session then the router shows no signs of packet loss. Packet loss is also experienced between the router and the internal network. Anyone know of a way to stop BGP impacting th...
by Splash
Mon Dec 06, 2021 11:37 am
Forum: RouterBOARD hardware
Topic: The big CCR2004 reboot thread (was 2004 hardware issues?)
Replies: 458
Views: 148140

Re: The big CCR2004 reboot thread (was 2004 hardware issues?)

/queue type set ethernet-default pfifo-limit=300
/queue interface set [find where queue!=no-queue] queue=ethernet-default
by Splash
Sat Dec 04, 2021 6:36 pm
Forum: RouterBOARD hardware
Topic: The big CCR2004 reboot thread (was 2004 hardware issues?)
Replies: 458
Views: 148140

Re: The big CCR2004 reboot thread (was 2004 hardware issues?)

We applied the suggested Ethernet hardware queues changes to 6.49 and the router still rebooted.... We are now running 6.49.1 with the suggested fix and will monitor it over the coming days.
by Splash
Mon Nov 29, 2021 1:13 pm
Forum: RouterBOARD hardware
Topic: The big CCR2004 reboot thread (was 2004 hardware issues?)
Replies: 458
Views: 148140

Re: The big CCR2004 reboot thread (was 2004 hardware issues?)

Makes sense. I am hoping the stable release of V7 will be soon as its quite disruptive to have a core device just randomly reboot :)
by Splash
Mon Nov 29, 2021 10:06 am
Forum: RouterBOARD hardware
Topic: The big CCR2004 reboot thread (was 2004 hardware issues?)
Replies: 458
Views: 148140

Re: The big CCR2004 reboot thread (was 2004 hardware issues?)

I wonder if this helps narrowing down what causes the router to reboot?

[*]Is this a batch of routers with this issue?
[*]Is this a software issue in general?
[*]Is this related to a BGP issue. (We have them rebooting with no OSPF)

@mikrotik?
by Splash
Sat Nov 27, 2021 12:04 pm
Forum: RouterBOARD hardware
Topic: The big CCR2004 reboot thread (was 2004 hardware issues?)
Replies: 458
Views: 148140

Re: The big CCR2004 reboot thread (was 2004 hardware issues?)

I have now found the Mikrotik don't even respond to tickets logged regarding random reboots.

Running any track of RouterOS, various sub-versions all produce the same issue with our devices.

Do you think this device was build for V7 and that V6 is running in compatibility mode (32bit) on a 64bit CPU?
by Splash
Thu Sep 30, 2021 5:01 pm
Forum: RouterOS beta
Topic: Feedback on RouterOSv7 route filtering
Replies: 28
Views: 13697

Re: Feedback on RouterOSv7 route filtering

What would be handy is to have the "script" or "code" that one can import your current filters in to and then export the new V7 filters for importing in to a V7 device. It seems from the development track, that this conversion will not be part of V7 and therefore you would probab...
by Splash
Wed Sep 01, 2021 10:12 am
Forum: General
Topic: MTZA - South African MT Community
Replies: 3
Views: 2069

Re: MTZA - South African MT Community

Hi,

Just an update to let you know that the Discord Server is open to all if anyone is interested in joining. Currently only in English.

https://discord.gg/CvaGbjP
by Splash
Wed Sep 01, 2021 10:11 am
Forum: General
Topic: Unofficial IRC channel for Mikrotik users
Replies: 12
Views: 7254

Re: Unofficial IRC channel for Mikrotik users

We do have a Discord Server if you are interested: https://discord.gg/CvaGbjP
by Splash
Mon Mar 15, 2021 2:02 pm
Forum: RouterOS beta
Topic: new feature request MLAG!!!
Replies: 33
Views: 17015

Re: new feature request MLAG!!!

Anyone tried this yet? https://help.mikrotik.com/docs/display/ROS/Controller+Bridge+and+Port+Extender And managed to get a bonded interface across 2 switches? I got this working, but there is NO hardware switching support, so its all CPU based, which as you know means its unusable. I cannot believe...
by Splash
Fri Sep 25, 2020 5:27 pm
Forum: RouterOS beta
Topic: new feature request MLAG!!!
Replies: 33
Views: 17015

Re: new feature request MLAG!!!

Anyone tried this yet?

https://help.mikrotik.com/docs/display/ ... t+Extender

And managed to get a bonded interface across 2 switches?
by Splash
Fri May 29, 2020 6:00 pm
Forum: General
Topic: CRS with RouterOS vlan stacking (QinQ)
Replies: 5
Views: 8193

Re: CRS with RouterOS vlan stacking (QinQ)

After some work, I managed to get the VLAN QinQ to work on a CRS106 running the latest stable version of RouterOS 6.46.6 If You can make it better, please let me know! I also managed to get a loopback within a management VLAN working, but I can't seem to get "Drop if VLAN Not Set" to work ...
by Splash
Sun May 03, 2020 3:07 pm
Forum: RouterOS beta
Topic: new feature request MLAG!!!
Replies: 33
Views: 17015

Re: new feature request MLAG!!!

I'd be happy with the ability to just be able to run an MLAG. There is currently no way for one to create a redundant LAG across 2 switches for redundancy. https://www.redpill-linpro.com/techblog/images/posts/20180226-MLAG-topology.png Anyone have a workaround to be able to bond 2 connections from s...
by Splash
Wed Apr 29, 2020 8:19 pm
Forum: Announcements
Topic: v6.46.6 [stable] is released!
Replies: 68
Views: 54347

Re: v6.46.6 [stable] is released!

Interesting :) this stable version is marked as "testing"
            uptime: 1h33m5s
            version: 6.46.6 (testing)
         build-time: Apr/27/2020 10:32:16
...
I see it has been mentioned already :)
by Splash
Thu Apr 09, 2020 12:05 pm
Forum: RouterOS beta
Topic: V7 Routing Protocols Option [SOLVED]
Replies: 3
Views: 10396

Re: V7 Routing Protocols Option [SOLVED]

@Mrz, I'm guessing its running bird?
by Splash
Thu Apr 09, 2020 11:04 am
Forum: RouterOS beta
Topic: V7 Routing Protocols Option [SOLVED]
Replies: 3
Views: 10396

V7 Routing Protocols Option [SOLVED]

Hello, If ROS is based on Linux and running a Linux kernel, wouldn't it be a better idea to move from the old quagga/bird based routing protocol engine to something more up to date such as FRRouting? As FRR is used in a number of OSS systems, such as Cumulus, why not use it in RouterOS? It would als...
by Splash
Tue Feb 11, 2020 9:32 am
Forum: General
Topic: MTZA - South African MT Community
Replies: 3
Views: 2069

Re: MTZA - South African MT Community

Bump :)
by Splash
Mon Feb 10, 2020 5:08 pm
Forum: RouterOS beta
Topic: Tools/Profiler - all CPUs always 100% on CHR
Replies: 5
Views: 4192

Re: Tools/Profiler - all CPUs always 100% on CHR

FYI, same on a CCR1016-12G (tile)

:)
by Splash
Sun Nov 03, 2019 7:23 pm
Forum: General
Topic: Blocking ads using Mikrotik
Replies: 1
Views: 6544

Re: Blocking ads using Mikrotik

Maybe this would be a better idea.... use it as your dns server

https://pi-hole.net/

or

https://adguard.com/en/adguard-dns/overview.html
by Splash
Mon Oct 28, 2019 9:32 am
Forum: General
Topic: MTZA - South African MT Community
Replies: 3
Views: 2069

MTZA - South African MT Community

Hello, We have started a Discord server in South Africa which is open to anyone who wishes to join - https://discord.gg/CvaGbjP The purpose of this server is to encourage real-time interaction with Mikrotik enthusiasts and networking specialists both local and abroad. If you are new to Discord feel ...
by Splash
Sun Sep 15, 2019 7:39 pm
Forum: General
Topic: IPSEC RSA Key with IKEv2 Support
Replies: 1
Views: 1461

IPSEC RSA Key with IKEv2 Support

Does anyone know when RouterOS will support IKEv2 with RSA Keys?
rsa-key - authenticate using a RSA key imported in keys menu. Only supported in IKEv1;
by Splash
Mon Aug 26, 2019 4:47 pm
Forum: Forwarding Protocols
Topic: /ip route print where ... slow
Replies: 2
Views: 3423

Re: /ip route print where ... slow

I tip which doesn't seem to stand out is to enclose the prefix with " 's
ip route print detail where dst-address="xx.xx.xx.xx/xx"
On a large route DB, this shouldn't take more than a few seconds to complete.
by Splash
Mon Aug 19, 2019 11:04 pm
Forum: General
Topic: Log all console commands [SOLVED]
Replies: 31
Views: 19381

Re: Log all console commands [SOLVED]

Hi

Has this been done / implemented
Nope
by Splash
Fri Aug 16, 2019 11:07 pm
Forum: General
Topic: Copper SFP S-RJ01 and CCR-1016-12S-1S+ not working together
Replies: 1
Views: 1339

Re: Copper SFP S-RJ01 and CCR-1016-12S-1S+ not working together

I have a similar problem with running a S-RJ01 in a CCR1016. If I connect the interface to a 100Mbs network the router's interface locks up and no longer communicates with the connected network. A reboot is the only way to resolve this until it is used again. If I connect the interface to a 1Gbs net...
by Splash
Wed Jul 10, 2019 1:18 pm
Forum: Announcements
Topic: v6.44.5 [long-term] is released!
Replies: 100
Views: 84943

Re: v6.44.5 [long-term] is released!

Isn't EoIP using GRE? *) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160); So make sure you're allowing GRE before dropping invalid connections. You are right, the problem is in GRE state matching, but why EoIP tunnels is in invalid connection state now? EoIP is based...
by Splash
Tue Sep 18, 2018 11:38 am
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 147
Views: 70954

Re: v6.43 [current] is released!

We have a huge memory leak on the new 6.43 code running on our CRS326's. We use vlan. Within 12hrs the device reboots due to low memory. I reported this too with CRS317's and the only way I could resolve it was to downgrade back to 6.42.7. The fix is supposed to be coming out in the next beta. They...
by Splash
Fri Sep 14, 2018 3:39 pm
Forum: General
Topic: New IP cloud is coming.
Replies: 84
Views: 46882

Re: New IP cloud is coming.

You think there is any chance in the future to support multi-wan setups? One option is to prepend or append the interface number to the dyndns hostname?

pppoe-out1 = xxxxx-1.sn.mynetname.net
pppoe-out2 = xxxxx-2.sn.mynetname.net
by Splash
Fri Sep 14, 2018 3:04 pm
Forum: SwOS
Topic: CRS317 boot issue after power failure
Replies: 22
Views: 8002

Re: CRS317 boot issue after power failure

Hi, I use a CRS317 as core switch for my 10g LAN. We had two power failures in the last 2 weeks, because of thunderstorms. When the power comes back, the CRS317 isn't switching. I have to cut the power cables (1 and 2) and wait a minute. After that period, the switch works again. Is this a known pr...
by Splash
Fri Sep 14, 2018 2:51 pm
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 147
Views: 70954

Re: v6.43 [current] is released!

After updating CCR1009 to 6.43 there is a problem with port stability! Has anyone else encountered such a problem?
Nope, CCR1016, CCR1036 and CCR1072's all behaving.....
by Splash
Thu Sep 13, 2018 10:05 am
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 147
Views: 70954

Re: v6.43 [current] is released!

I sent 3 support output files 90%, 98% and then after the reboot 5%... at 98% the system was trying to swap as the SPI process ran at 100% on 1 CPU. I have a change at 3am to downgrade the switches back to 6.42.7 and hope the VLANs work with some of our providers. The next 6.44beta version should c...
by Splash
Wed Sep 12, 2018 7:18 pm
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 147
Views: 70954

Re: v6.43 [current] is released!

I have now noticed that my CRS125-24G-1S-2HnD is running out of memory, with 6.43.7 it ran around 95MB of free memory, with 6.43 it was down to 34MB free, over night it is now down to 31MB free. Good thing it don't have too much traffic going though this as multiple people are reporting reboots. At...
by Splash
Wed Sep 12, 2018 3:45 pm
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 147
Views: 70954

Re: v6.43 [current] is released!

We have a huge memory leak on the new 6.43 code running on our CRS317's. Some devices seem to be more affected than others, but within 10hrs the device reboots due to low memory. I encountered the same problem on a CCR while it was still rc. MT Support was unable to reproduce / fix it. Only a netin...
by Splash
Wed Sep 12, 2018 1:43 pm
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 147
Views: 70954

Re: v6.43 [current] is released!

We have a huge memory leak on the new 6.43 code running on our CRS317's. Some devices seem to be more affected than others, but within 10hrs the device reboots due to low memory.
by Splash
Thu Sep 06, 2018 2:58 pm
Forum: General
Topic: Group rights inconsistancies [SOLVED]
Replies: 11
Views: 3462

Re: Group rights inconsistancies [SOLVED]

Thanks, it seems you are correct, Winbox requires the FTP permission to upload files to the device.
by Splash
Thu Sep 06, 2018 2:54 pm
Forum: General
Topic: Group rights inconsistancies [SOLVED]
Replies: 11
Views: 3462

Re: Group rights inconsistancies [SOLVED]

Yup, interesting to note that ftp permission may be required for winbox to upload a file. I will definitely check and confirm this.
by Splash
Wed Sep 05, 2018 9:23 pm
Forum: General
Topic: Group rights inconsistancies [SOLVED]
Replies: 11
Views: 3462

Re: Group rights inconsistancies [SOLVED]

*bump*
by Splash
Thu Aug 30, 2018 2:47 pm
Forum: General
Topic: Group rights inconsistancies [SOLVED]
Replies: 11
Views: 3462

Re: Group rights inconsistancies [SOLVED]

> /user active print detail
Flags: R - radius, M - by-romon
0 R when=aug/30/2018 13:40:33 name="splash" address=10.18.0.1 via=winbox group=admin
by Splash
Thu Aug 30, 2018 2:46 pm
Forum: General
Topic: Group rights inconsistancies [SOLVED]
Replies: 11
Views: 3462

Re: Group rights inconsistancies [SOLVED]

You have set default-group support and you can't set group with RADIUS itself, as far as I know (not for system users). Correct, but through RADIUS auth, you can set the group the user must be attached to. It works for all other admin functions, ie write access. splash Cleartext-Password := "p...
by Splash
Thu Aug 30, 2018 2:44 pm
Forum: General
Topic: Group rights inconsistancies [SOLVED]
Replies: 11
Views: 3462

Re: Group rights inconsistancies [SOLVED]

# aug/30/2018 13:41:38 by RouterOS 6.42.7 # software id = 5Q9K-P6FX # # model = CCR1036-8G-2S+ # serial number = 91A808AD192F /user group add name=support policy=ssh,read,test,winbox,api,tikapp,!local,!telnet,!ftp,!reboot,!write,!policy,!password,!web,!sniff,!sensitive,!romon,!dude add name=admin p...
by Splash
Thu Aug 30, 2018 2:38 pm
Forum: General
Topic: Group rights inconsistancies [SOLVED]
Replies: 11
Views: 3462

Re: Group rights inconsistancies [SOLVED]

/user group add name=support policy=ssh,read,test,winbox,api,tikapp,!local,!telnet,!ftp,!reboot,!write,!policy,!password,!web,!sniff,!sensitive,!romon,!dude add name=admin policy=local,telnet,ssh,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api,tikapp,!ftp,!web,!romon,!dude /user a...
by Splash
Wed Aug 29, 2018 3:55 pm
Forum: General
Topic: Group rights inconsistancies [SOLVED]
Replies: 11
Views: 3462

Group rights inconsistancies [SOLVED]

If you add a user to the default "full" group, the user is able to upload new firmware, download backups etc. If you create a new group with all permissions ticked, the user is unable to upload new firmware or download backup files. Comparing the 2 groups, there are no options that are dif...
by Splash
Wed Jun 13, 2018 2:45 pm
Forum: General
Topic: problems resolving IP Cloud addresses
Replies: 13
Views: 3625

Re: problems resolving IP Cloud addresses

I am having issues with the resolution of dynamic host names against the new NS servers. A number of requests timeout but some return ok. dig 1234567890.sn.mynetname.net @ns1.kissthenet.net ; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> 1234567890.sn.mynetname.net @ns1.kissthenet.net ;; global options: +...
by Splash
Wed Apr 04, 2018 10:42 am
Forum: General
Topic: Log all console commands [SOLVED]
Replies: 31
Views: 19381

Re: Log all console commands [SOLVED]

I wonder if there is a way to motivate Mikrotik to assist with this, or to provide a technical reason why it can't be done?
by Splash
Wed Feb 07, 2018 9:56 am
Forum: Wireless Networking
Topic: CAPsMAN SNMP [SOLVED]
Replies: 1
Views: 2317

CAPsMAN SNMP [SOLVED]

Has anyone been able to monitor the status of remote CAPsMAN Devices using the only the controllers detail. I was hoping to only poll the controller and retrieve the list of CAPsMAN interfaces using SNMP to determine which are bound which are inactive? I see through a print of the interfaces it does...
by Splash
Tue Feb 06, 2018 6:12 pm
Forum: Announcements
Topic: v6.41.1 [current]
Replies: 104
Views: 32465

Re: v6.41.1 [current]

Has anyone had an issue with DHCP packets not being passed through a bridge using 6.41.1?

I have bridged 2 ports together, with 1 port being the network where a DHCP server resides and the second port where a DHCP client device is connected.

DHCP packets do not pass through the bridge.
by Splash
Mon Nov 27, 2017 7:09 pm
Forum: General
Topic: Weird LACP Issue
Replies: 7
Views: 5461

Re: Weird LACP Issue

I know this post is a bit old :) but would anyone be able to provide a working solution for creating a LAG between a Mikrotik and a Juniper router that actually works? I'm really struggling to use a CCR1009-8G-1S-1S+ with its 1 x 10g and 1 x 1g fibre ports in a LAG. Traffic flows over the 1g, but no...
by Splash
Sun Oct 22, 2017 9:36 am
Forum: Forwarding Protocols
Topic: BGP different AS same router
Replies: 2
Views: 1369

Re: BGP different AS same router

Have you tried 2 BGP Instances (different local AS) and 2 separate Peers?
If you are running 2 x default routes, maybe a local VRF-Lite might help if you want to separate the routing tables.
by Splash
Sat Oct 21, 2017 9:24 pm
Forum: Forwarding Protocols
Topic: GRE Tunnel on Dynamic IP address
Replies: 9
Views: 22027

Re: GRE Tunnel on Dynamic IP address

I thought I'd just add an update to this. I am able to set this up using the DDNS hostname on the CORE, and no local IP set on the Client. Client: Dynamic IP /interface gre add comment="Dynamic GRE Interface" name=gre-tunnel1 remote-address=1.1.1.1 Core: Static IP /interface gre add commen...
by Splash
Wed Sep 06, 2017 10:26 am
Forum: General
Topic: Log all console commands [SOLVED]
Replies: 31
Views: 19381

Re: Log all console commands [SOLVED]

Feature request is different from "is there a way to do this now?" No there isn't. Feature request noted. The main basis for this is to track changes. At the moment I parse the configuration export with the /system history option to tie up what changes were made to a configuration and by ...
by Splash
Sat Apr 29, 2017 4:02 pm
Forum: General
Topic: NAT64 and DNS64
Replies: 101
Views: 48951

Re: NAT64 and DNS64

Here's to hoping IPv6 on Mikrotik will take a leap forward and become a more complete solution. With the IPv6 certification now available from Mikrotik, I'm crossing fingers they will press forward with an IPv6 implementation that is more usable.
by Splash
Mon Apr 24, 2017 10:30 am
Forum: General
Topic: Log all console commands [SOLVED]
Replies: 31
Views: 19381

Re: Log all console commands [SOLVED]

Could I bump this up!
by Splash
Tue Feb 14, 2017 8:06 am
Forum: General
Topic: Log all console commands [SOLVED]
Replies: 31
Views: 19381

Re: Log all console commands [SOLVED]

I'd like to revive this post... There must be a way that Mikrotik adds support to log configuration changes. When you have 1000's of devices all logging to a remove syslog server the generic historical events are pretty useless since it just says that a change was made. As with Cisco, Juniper and a ...
by Splash
Thu Jan 26, 2017 11:11 am
Forum: General
Topic: ROS 6.38 serious DHCP server problem
Replies: 147
Views: 66729

Re: ROS 6.38 serious DHCP server problem

I have logged a support request and included a link to this topic. I hope more confirm this in the mean time. Hello, Sorry for delayed reply. Now we have fixed some bridging bugs from 6.38.x which could cause DHCP related problems and recommend upgrading to the latest v6.39rc. Best regards, Janis B...
by Splash
Tue Jan 17, 2017 8:28 pm
Forum: General
Topic: ROS 6.38 serious DHCP server problem
Replies: 147
Views: 66729

Re: ROS 6.38 serious DHCP server problem

I have logged a support request and included a link to this topic. I hope more confirm this in the mean time.
by Splash
Tue Jan 17, 2017 7:24 pm
Forum: General
Topic: ROS 6.38 serious DHCP server problem
Replies: 147
Views: 66729

Re: ROS 6.38 serious DHCP server problem

I have to agree with this problem. Since version 6.38 the DHCP Service stops responding and no new IP addresses are issued/renewed. To resolve the problem, one has to disable and re-enable the DHCP service. Both 6.38 and 6.38.1 are affected with this problem. Before Restart: (Mitel Phone) 19:19:22 d...
by Splash
Thu Dec 01, 2016 1:17 pm
Forum: RouterBOARD hardware
Topic: RB750Gr3 - Report and questions
Replies: 113
Views: 52941

Re: RB750Gr3 - Report and questions

Ive also noticed a problem with the auto-negotiation for 1Gbs. On a number of 1Gbs devices running on the RB750Gr2 work fine, however moving them to a Gr3, they refuse to run 1Gbs and can only work at 100Mbs....
by Splash
Thu Dec 01, 2016 1:15 pm
Forum: RouterBOARD hardware
Topic: RB750Gr3 - Report and questions
Replies: 113
Views: 52941

Re: RB750Gr3 - Report and questions

I noticed that the master-port option (ethernet interface) is not visible in winbox where its still configurable within the CLI.
by Splash
Thu Nov 17, 2016 3:31 pm
Forum: General
Topic: RB493G and Fast Path
Replies: 0
Views: 890

RB493G and Fast Path

Do you think Mikrotik will ever provide a firmware update or RouterOS update which will allow the RB493G to support Fast Path since it doesn't support it at the moment? http://wiki.mikrotik.com/wiki/Manual:Fast_Path#List_of_RouterBoards_with_FastPath_support name="ether1" default-name=&quo...
by Splash
Mon Nov 07, 2016 11:23 am
Forum: General
Topic: why cant i downgrade my router ?
Replies: 7
Views: 1661

Re: why cant i downgrade my router ?

What is your firmware version?

/system routerboard print
by Splash
Wed Oct 26, 2016 11:32 am
Forum: General
Topic: why cant i downgrade my router ?
Replies: 7
Views: 1661

Re: why cant i downgrade my router ?

are you doing any layer7 firewall rules?
by Splash
Wed Oct 26, 2016 11:29 am
Forum: Beginner Basics
Topic: trouble forwarding ports to server
Replies: 5
Views: 3698

Re: trouble forwarding ports to server

Are you getting a "connection refused" or a "connection timeout" error. The connection refused error means the NAT is working, but the server is not listening on that port. Try disable your Mikrotik Firewall and just run the NAT rules with logging enabled? Can you telnet to the s...
by Splash
Wed Oct 26, 2016 11:25 am
Forum: Beginner Basics
Topic: Usermanager
Replies: 1
Views: 974

Re: Usermanager

Good question :)
by Splash
Wed Oct 26, 2016 11:05 am
Forum: Beginner Basics
Topic: MT SYSLOG SERVER
Replies: 2
Views: 2284

Re: MT SYSLOG SERVER

Here a few things you need to check.. 1. Make sure UDP port 514 is open on your Windows PC 2. Update your logging remote option with something like this example. /system logging action print *check which number is your remote option* /system logging action set 3 bsd-syslog=yes remote=1.1.1.1 syslog-...
by Splash
Wed Oct 26, 2016 11:01 am
Forum: Beginner Basics
Topic: [SOLVED] USB flash not showing up
Replies: 4
Views: 5667

Re: USB flash not showing up

Can you check you are running the latest firmware on the CRS device?

Does the device show up in the USB list?
/system resource usb print
by Splash
Wed Oct 26, 2016 10:59 am
Forum: Beginner Basics
Topic: export/import configuration between diffrent models
Replies: 4
Views: 2418

Re: export/import configuration between diffrent models

Can you edit the contents of a binary backup? (Never bothered to try opening one) Another thing to look for is the naming of wireless interfaces. We used a base template image to default our 2011 model CPE whenever we'd put one in stock, and many times, the restore lead to the wireless interface be...
by Splash
Wed Oct 19, 2016 12:26 pm
Forum: Beginner Basics
Topic: Static IPs
Replies: 5
Views: 1812

Re: Static IPs

You could use the same address list to do the prioritisation using Firewall Mangle rules and Simple Queues/Queue Tree :) Thats a whole other discussion :)
by Splash
Wed Oct 19, 2016 12:19 pm
Forum: Beginner Basics
Topic: Active Users tab - how to kill hung winbox sessions
Replies: 4
Views: 12877

Re: Active Users tab - how to kill hung winbox sessions

Yup, its one of those "issues" that are not critical but will one day be sorted out. I guess they users are supposed to timeout but never do.
by Splash
Tue Oct 18, 2016 5:57 pm
Forum: General
Topic: NETCONF / YANG
Replies: 11
Views: 8243

Re: NETCONF / YANG

Did Mikrotik respond as I am also interested in NETCONF being supported. Would make systems more standardised.

https://tools.ietf.org/html/rfc6241
by Splash
Tue Oct 18, 2016 5:48 pm
Forum: General
Topic: DHCP in VRRP configuration
Replies: 6
Views: 5827

Re: DHCP in VRRP configuration

I had another look in the docs and found this. DHCP server lease submenu is used to monitor and manage server's leases. The issued leases are showed here as dynamic entries. You can also add static leases to issue a specific IP address to a particular client (identified by MAC address) . Generally, ...
by Splash
Tue Oct 18, 2016 5:39 pm
Forum: General
Topic: DHCP in VRRP configuration
Replies: 6
Views: 5827

Re: DHCP in VRRP configuration

You would only implement this in a situation when you have a failure of your router and do not have another option. In the field, this set up has proven to work fine in the implementations I have done. According to the DHCP RFC, the server "should" probe using ARP or ICMP, but I am not sur...
by Splash
Tue Oct 18, 2016 5:22 pm
Forum: Beginner Basics
Topic: Active Users tab - how to kill hung winbox sessions
Replies: 4
Views: 12877

Re: Active Users tab - how to kill hung winbox sessions

Only option is to reboot the router as far as I know. You can steal safe-mode away from a user though.

http://wiki.mikrotik.com/index.php?titl ... #Safe_Mode
by Splash
Tue Oct 18, 2016 5:19 pm
Forum: Beginner Basics
Topic: Please help me & propose a solution‏
Replies: 3
Views: 1342

Re: Please help me & propose a solution‏

the only other way to is enable encryption.
by Splash
Tue Oct 18, 2016 3:24 pm
Forum: Beginner Basics
Topic: Router reboots
Replies: 6
Views: 1705

Re: Router reboots

side question i notice there is a sytem script running that im unsure of what its meant for but it has two reboot counters that i'm curious are the issue
What is in the script?

Do you find a autosupport.rif file saved in your files directory each time it reboots?
by Splash
Tue Oct 18, 2016 3:19 pm
Forum: Beginner Basics
Topic: firewall rules
Replies: 3
Views: 1271

Re: firewall rules

*note - If you are thinking of evaluating your firewall rules using website hostnames/domain names, it will add an additional overhead to your router's CPU and may only work with HTTP and not HTTPS sites.
by Splash
Tue Oct 18, 2016 3:16 pm
Forum: Beginner Basics
Topic: Establishing 2 pppoe setup on single network
Replies: 3
Views: 1146

Re: Establishing 2 pppoe setup on single network

The service name is defined by some ISP's when authenticating the ppp user and isnt something you could use.
by Splash
Tue Oct 18, 2016 3:13 pm
Forum: Beginner Basics
Topic: Static IPs
Replies: 5
Views: 1812

Re: Static IPs

Start off by using DHCP to set manage all the IP Address information on your network. When you require a device to have a "static" IP Address, mark the address as static in the lease table and leave the rest to be managed dynamically. When setting a user with a static IP on the DHCP Server...
by Splash
Tue Oct 18, 2016 3:04 pm
Forum: Beginner Basics
Topic: Please help me & propose a solution‏
Replies: 3
Views: 1342

Re: Please help me & propose a solution‏

There isn't much you can do about this since he could spoof a MAC address to gain access to your network again. Unfortunately you are going to spend an infinite amount of time trying to update rules each time he changes his MAC. One option is option is to find him and set the dogs on him. If you hav...
by Splash
Tue Oct 18, 2016 2:56 pm
Forum: Beginner Basics
Topic: Timer for DNS resolve is too short
Replies: 2
Views: 1079

Re: Timer for DNS resolve is too short

There isnt a way to set a minimum TTL for cached DNS entries. Depending on how static this list is, one option (be it painful unless you script it), is to add a static entry for each address and set a TTL for it. Adding a static entry will stop the router having to lookup the hostname on a remote DN...
by Splash
Tue Oct 18, 2016 2:51 pm
Forum: Beginner Basics
Topic: Error: this page can't be displayed....
Replies: 6
Views: 6118

Re: Error: this page can't be displayed....

What type your WAN connection is? How's MTU configured on WAN interface? I'd also check the MTU settings especially if the connection is being made through a tunnel, like PPPoe, L2TP etc. Some networks and servers block ICMP which is used to negotiate the MTU path causing inconsistencies when the M...
by Splash
Tue Oct 18, 2016 2:48 pm
Forum: Beginner Basics
Topic: What's the meaning of *FFFFFFFE
Replies: 1
Views: 1261

Re: What's the meaning of *FFFFFFFE

Could you post your configuration as the default and default-encrypt profiles are included with the RouterOS operating system and cannot be removed, only disabled. It looks like something has gone wrong with your defaults. I've only seen this referenced as an interface if the IP you are checking a r...
by Splash
Tue Oct 18, 2016 2:37 pm
Forum: Beginner Basics
Topic: export/import configuration between diffrent models
Replies: 4
Views: 2418

Re: export/import configuration between diffrent models

Binary backups are generally intended to be restored on the same exact router that generated them. I've even seen strangeness with restoring a binary backup onto a different unit of the same model and firmware revision. I've seen the same, but I fixed it by editing each interface and resetting the ...
by Splash
Tue Oct 18, 2016 2:34 pm
Forum: Beginner Basics
Topic: CAPSMAN - no dhcp offer
Replies: 1
Views: 1296

Re: CAPSMAN - no dhcp offer

Check that your DHCP Server is running on the Bridge interface which connects all the CAPSMan interfaces together.
by Splash
Tue Oct 18, 2016 2:29 pm
Forum: General
Topic: DHCP in VRRP configuration
Replies: 6
Views: 5827

Re: DHCP in VRRP configuration

I'd agree with mpreissner, but sometimes you may have to run DHCP at the router level. An option to get this to work properly would be to change the primary router's dhcp server to respond immediately on the first DHCP request it receives, and set the secondary device to only respond after 10s. This...
by Splash
Fri Oct 14, 2016 4:34 pm
Forum: General
Topic: Ling Aggregation LACP how make stable 2Gb/s
Replies: 4
Views: 21603

Re: Ling Aggregation LACP how make stable 2Gb/s

I am not sure if this helps, but this configuration works well with Juniper. Std export: /interface bonding add comment="Primary Bonded Interface" name=bonding1 slaves=sfp1,sfp2 transmit-hash-policy=layer-2-and-3 Verbose export: /interface bonding add arp=enabled arp-interval=100ms arp-ip-...
by Splash
Fri Oct 14, 2016 4:30 pm
Forum: General
Topic: L2TP+IPSec with LAN Access
Replies: 11
Views: 9346

Re: L2TP+IPSec with LAN Access

to confirm...

1. You have a bridge created eg bridge1
2. You have added the LAN port to this Bridge (bridge1)
3. You have set the "bridge1" within the active PPP Profile Bridge setting
by Splash
Fri Oct 14, 2016 4:27 pm
Forum: General
Topic: wrong return -> (/ip arp find ... )
Replies: 7
Views: 4115

Re: wrong return -> (/ip arp find ... )

this wouldnt work as you have put the quotes after the $

$"mac-address";

should be

"$mac-address";
by Splash
Fri Oct 14, 2016 4:25 pm
Forum: Beginner Basics
Topic: Establishing 2 pppoe setup on single network
Replies: 3
Views: 1146

Re: Establishing 2 pppoe setup on single network

If you are using the same credentials to authenticate the PPPOE user, you could set the PPP profile to only allow 1 client to authenticate. This would stop the second connection from being able to authenticate until the first connection is closed.

PPP - Profile - Limits
only one = yes
by Splash
Thu Oct 13, 2016 11:28 am
Forum: General
Topic: wrong return -> (/ip arp find ... )
Replies: 7
Views: 4115

Re: wrong return -> (/ip arp find ... )

Hmm,

Can you try put the arguments in " quotes and see if that helps?

What ROS are you running?
by Splash
Thu Oct 13, 2016 11:25 am
Forum: General
Topic: VRF Issues in RouterOS
Replies: 7
Views: 4037

Re: VRF Issues in RouterOS

You could also use the IP Route Rules option to tell the route to look up the destination in another routing table. This saves you from having to use the firewall mangle rules.

Example:
/ip route rule
add dst-address=10.188.120.2/32 table=DN42
by Splash
Wed Oct 12, 2016 7:25 pm
Forum: General
Topic: Traffic Monitoring tool
Replies: 3
Views: 2047

Re: Traffic Monitoring tool

As Mikrotik supports various types of flows (Netflow V5/V9 or IPFIX), most reporting applications work just fine. You may need to buy an application as there are not too many free open source collectors available.

https://www.google.com/search?q=Netflow ... g+software
by Splash
Wed Oct 12, 2016 7:16 pm
Forum: General
Topic: Interface warning
Replies: 1
Views: 1496

Re: Interface warning

You need to check that the interface is running the same on both sides and that your patch lead is not faulty. This happens when one side of the connection is running at half-duplex and the other side is running at full-duplex.
by Splash
Wed Oct 12, 2016 7:13 pm
Forum: General
Topic: wrong return -> (/ip arp find ... )
Replies: 7
Views: 4115

Re: wrong return -> (/ip arp find ... )

I tested this on my router and dont seem to have the same issues when running this command. /ip arp remove [/ip arp find address="192.168.19.76" and mac-address ="00:00:00:00:00:12" and dynamic=no] If you just run the command on its own and not in your script, does it do the same...
by Splash
Wed Oct 12, 2016 7:01 pm
Forum: General
Topic: [Answered] Where are ip firewall address-list timeout values documented
Replies: 5
Views: 9305

Re: Where are ip firewall address-list timeout values documented

Address-List timers work in the same was as any other times made available within Mikrotik

Examples:
1d 00:00:00 - 1 day or 24hrs
12:00:00 - 12 hours
00:05:00 - 5 min
Example Code:
/ip firewall address-list add list=ddd address=2.2.2.2 timeout="1d 00:00:00"
by Splash
Wed Oct 12, 2016 6:58 pm
Forum: General
Topic: L2TP+IPSec with LAN Access
Replies: 11
Views: 9346

Re: L2TP+IPSec with LAN Access

You may need to update the L2TP profile you are using (profile=default-encryption in your case) and select the bridge you would like this client to be attached to, based on the below being part of the same network subnet. Example: /ppp profile add bridge=VPN-Bridge comment="Default L2TP Profile...
by Splash
Wed Oct 12, 2016 6:51 pm
Forum: General
Topic: Mikrotik licensing
Replies: 3
Views: 1097

Re: Mikrotik licensing

If you look under System --> License it will show you what the latest support version you are allowed to run with your current license if I remember correctly. Basically, you can upgrade your device without any problems, and the RouterOS should automatically convert your config from v5 to v6 (someti...
by Splash
Wed Oct 12, 2016 6:43 pm
Forum: General
Topic: IPv6 Tunnel over https
Replies: 8
Views: 2639

Re: IPv6 Tunnel over https

Ahh ok, thanks for the explanation :)
by Splash
Wed Oct 12, 2016 6:41 pm
Forum: General
Topic: L2TP Server Binding + Dynamic L2TP Interface duplication
Replies: 16
Views: 9096

L2TP Server Binding + Dynamic L2TP Interface duplication

RouterOS: 6.34.6 Model: CCR1036-12G-4S I use L2TP Server binding to link a username to an interface so that I can add the interface as part of a VRF and apply routes to it. Problem: Normally when the client connects and authenticates, it is attached to the L2TP Server Binding interface successfully ...
by Splash
Wed Oct 12, 2016 6:29 pm
Forum: General
Topic: Running out of disk space
Replies: 3
Views: 2476

Re: Running out of disk space

Since its running MRTG, the graph file is created with all null data. As data is saved to build the graph metrics, so the null values are replaced with real data. The size of the graph file on the Mikrotik remains the same size, but will have 1 for each graph set you create.
by Splash
Wed Oct 12, 2016 6:27 pm
Forum: General
Topic: IPv6 Tunnel over https
Replies: 8
Views: 2639

Re: IPv6 Tunnel over https

I am not 100% sure what you are asking, but if its about creating an IPv6 tunnel over IPv4 then.... What you are looking for is a 6to4 tunnel which you can create once you have enabled Ipv6 on the router. You can obtain a free tunnel broker account from Hurricane Electric @ https://tunnelbroker.net ...
by Splash
Tue Oct 04, 2016 2:11 pm
Forum: The Dude
Topic: The Dude, v6.37 [current] release.
Replies: 47
Views: 21859

Re: The Dude, v6.37 [current] release.

I see that the link to the latest The Dude client is not available on the website. So when using an older version it requests me to update it, but fails...

I downloaded the latest client from the URL : http://download2.mikrotik.com/routeros/ ... 6.37.1.exe
by Splash
Mon Sep 26, 2016 4:12 pm
Forum: Beginner Basics
Topic: Some advice for GRE tunnel
Replies: 4
Views: 1313

Re: Some advice for GRE tunnel

If you run EoIP and bridge the tunnel with an interface connected to your DC lan, then yes as it works as a layer 2 network connection. If one were to use GRE/L2TP etc, you would need to split the network and route the specific IP addresses between each network. This may help you. http://wiki.mikrot...
by Splash
Mon Sep 26, 2016 12:01 pm
Forum: Beginner Basics
Topic: RB951Ui-2HnD - Ether1 burns my devices
Replies: 10
Views: 2656

Re: RB951Ui-2HnD - Ether1 burns my devices

Did you force POE to be on, on that interface?
by Splash
Mon Sep 26, 2016 10:47 am
Forum: Beginner Basics
Topic: Viewing a file?
Replies: 6
Views: 1765

Re: Viewing a file?

Best option I think is to download the file and view it on a PC.... unless the file is really small and only contains text :)
by Splash
Mon Sep 26, 2016 10:45 am
Forum: Beginner Basics
Topic: Some advice for GRE tunnel
Replies: 4
Views: 1313

Re: Some advice for GRE tunnel

You could use GRE/L2TP, or possibly even an EoIP tunnel. It depends on how you are connecting the 2 sites together, and what bandwidth requirements you have. If there is minimal traffic, you could create an EoIP tunnel and bridge the 2 networks together. GL's are not that powerful so it really depen...
by Splash
Fri Sep 23, 2016 4:10 pm
Forum: General
Topic: CRS switch LACP support
Replies: 7
Views: 3799

Re: CRS switch LACP support

I see that running RouterOS 6.36.3 on a CRS125 it does support 802.3ad as a bonding mode.

Did I miss understand this question?
by Splash
Fri Sep 23, 2016 3:56 pm
Forum: Forwarding Protocols
Topic: VRF Interface Limit
Replies: 14
Views: 5854

Re: VRF Interface Limit

We have a client with more than 50 interfaces on a vrf without problem. We use CLI for do that
Cool, so we could say then that 50 interfaces is still ok?

When I ran in to this issue, we had attached about 80 interfaces (not all active) and found that the active sites suddenly became isolated.
by Splash
Fri Sep 23, 2016 3:55 pm
Forum: Forwarding Protocols
Topic: VRF Interface Limit
Replies: 14
Views: 5854

Re: VRF Interface Limit

Great, keep us updated. I thought I would have hit this bug by now, but when I checked we are at max 28 interfaces per VRF on a bunch of our routers, I guess we have been lucky that we terminate customer interfaces across multiple PE routers ! It is only a matter of time before we will hit the same...
by Splash
Fri Sep 23, 2016 3:47 pm
Forum: Forwarding Protocols
Topic: VRF Interface Limit
Replies: 14
Views: 5854

Re: VRF Interface Limit

Adding interfaces to a VRF from the CLI is horrific on RouterOS (Sorry guys, but it is).

There badly needs to be an append operator !
Yeah! I agree. I did post a feature request and MT support provided a post with an alternative.

http://forum.mikrotik.com/viewtopic.php?f=1&t=112416
by Splash
Fri Sep 23, 2016 3:46 pm
Forum: General
Topic: Feature request: Append values to configuration
Replies: 11
Views: 4824

Re: Feature request: Append values to configuration

Interesting workaround :)
Thanks!
by Splash
Fri Sep 23, 2016 3:16 pm
Forum: Beginner Basics
Topic: Hairpin NAT issue
Replies: 2
Views: 1062

Re: Hairpin NAT issue

You may need to add a local static DNS entry for the local IP of the server, and use the Mikrotik to resolve your DNS queries. There is no need to try access the server using your external IP address, when the server is on your local LAN.
by Splash
Fri Sep 23, 2016 3:14 pm
Forum: Beginner Basics
Topic: After add load balans dsn error
Replies: 3
Views: 1072

Re: After add load balans dsn error

I think your translator is not working properly as your replies make no sense.
by Splash
Fri Sep 23, 2016 3:12 pm
Forum: Beginner Basics
Topic: Let's Study MikroTik
Replies: 8
Views: 3189

Re: Let's Study MikroTik

Hello,

Unfortunately you will need to attend training to obtain this study material and be able to write your certification exam.
by Splash
Fri Sep 23, 2016 10:59 am
Forum: Beginner Basics
Topic: Cannot ping router interface
Replies: 1
Views: 1071

Re: Cannot ping router interface

Do you have a route on your firewall to route that network range to the mikrotik router since it is not directly connected to the firewall and the mikrotik router has a default route back to the firewall.
by Splash
Fri Sep 23, 2016 10:55 am
Forum: Beginner Basics
Topic: Replacing Century Link Router
Replies: 1
Views: 859

Re: Replacing Century Link Router

I would suggest to start by installing the multicast package if you have not already done so from the "all packages group" for your particular RouterOS version. http://www.mikrotik.com/download Next you can visit the following support page to assist you in configuring the IGMP proxy on you...
by Splash
Fri Sep 23, 2016 10:38 am
Forum: Beginner Basics
Topic: Can help me to configure this networking scheme?
Replies: 8
Views: 2318

Re: Can help me to configure this networking scheme?

Thanks for your detailed requirements around your required solution. I would suggest that you may want to get in contact with your local consultant to assist you as this solution does require a number of configuration aspects.
by Splash
Fri Sep 23, 2016 10:30 am
Forum: Beginner Basics
Topic: After add load balans dsn error
Replies: 3
Views: 1072

Re: After add load balans dsn error

I am not sure how valid this information is in trying to assist you, but you need to make sure that your DNS servers are available across all of your load balanced links, and that the upstream provider allows you to query these DNS servers. Example, if you run 2 links with 2 separate ISP's you will ...
by Splash
Fri Sep 23, 2016 10:22 am
Forum: Beginner Basics
Topic: Upgrade Firmware for Mikrotik Router
Replies: 2
Views: 1377

Re: Upgrade Firmware for Mikrotik Router

There are 2 parts to upgrading your Cloud Core. 1 is the RouterOS and the second being the Firmware. Firmware updates provide additional hardware support and resolve underlying issues with the hardware which is bundled with each RouterOS release. Its advisable to run the latest firmware offered by y...
by Splash
Wed Sep 21, 2016 3:22 pm
Forum: Forwarding Protocols
Topic: VRF Interface Limit
Replies: 14
Views: 5854

Re: VRF Interface Limit

I am busy working with the Mikrotik Support, but it seems that even though you can add them on the CLI, it doesnt work.... something breaks :)
by Splash
Wed Sep 21, 2016 11:48 am
Forum: General
Topic: Feature request: Append values to configuration
Replies: 11
Views: 4824

Feature request: Append values to configuration

Example: When adding additional interfaces to a VRF on the CLI, one has to 'set' the current list with the additional interfaces rather than just appending the new interfaces to the existing list. Current: /ip route vrf set [find routing-mark=EXAMPLE] interfaces=vlan1,vlan2,vlan3 Requested: /ip rout...
by Splash
Wed Sep 21, 2016 11:43 am
Forum: Forwarding Protocols
Topic: VRF Interface Limit
Replies: 14
Views: 5854

VRF Interface Limit

It seems the limit imposed by Mikrotik for the number of interfaces which can be added to a VRF is set to 30. Through winbox, one is only able to add 30 interfaces before the interface stops allowing you to add more. This limit seems not to exist on the CLI as one can easy exceed this limit, however...
by Splash
Wed Sep 21, 2016 11:34 am
Forum: Forwarding Protocols
Topic: How to put dynamic interfaces to specific VRF
Replies: 20
Views: 16007

Re: How to put dynamic interfaces to specific VRF

I know this post is an old one and I had hoped Mikrotik would have resolved or increased this limit by now. I have run in to the same issue when adding GRE interfaces to a VRF with a VLAN. One can't add more than 30 through Winbox, but one can through the CLI. It seems even adding more than this val...
by Splash
Mon Sep 12, 2016 2:06 pm
Forum: Beginner Basics
Topic: Bridge mode - ARP settings
Replies: 1
Views: 1119

Re: Bridge mode - ARP settings

You need to check that wlan1 is in "AP Bridge" mode.
by Splash
Mon Sep 12, 2016 2:05 pm
Forum: Beginner Basics
Topic: Setting Buttons
Replies: 2
Views: 884

Re: Setting Buttons

Erm, Nope I dont think so. :)
by Splash
Fri Apr 08, 2016 7:17 pm
Forum: Beginner Basics
Topic: Queues and Policies (QoS)
Replies: 7
Views: 2204

Re: Queues and Policies (QoS)

Managing traffic can become a complicated exercise, such as using Queue Trees. I'd start with my suggestion and then work from there. Yes you are correct about my example providing a guarantee and a limit. I'd suggest doing some reading up on Queue Trees and play around with them on a test router. Y...
by Splash
Fri Apr 08, 2016 2:44 pm
Forum: General
Topic: MTCNA requirement
Replies: 1
Views: 1346

Re: MTCNA requirement

I was in the same position, but I found that attending the course helped to solidify certain concepts and build on your current knowledge. The MTCNA may seem trivial, but there are points taught that help to make best use of the device in the field, such a RoMON. Having completed the MTCNA and curre...
by Splash
Fri Apr 08, 2016 10:20 am
Forum: General
Topic: Winbox Window Tiling
Replies: 2
Views: 1087

Re: Winbox Window Tiling

Agreed, however if the windows used are dynamic and changed all the time, it would be helpful to re-organise the windows..
by Splash
Thu Apr 07, 2016 1:01 pm
Forum: General
Topic: Winbox Window Tiling
Replies: 2
Views: 1087

Winbox Window Tiling

It would be great if Winbox could one day support auto window tiling to automatically re-arrange open windows. Instead of manually moving open windows around and resizing them, it would be much more efficient to click a button to automatically arrange them in either a horizontal, vertical or quadran...
by Splash
Thu Apr 07, 2016 10:57 am
Forum: General
Topic: how to make browser automatically open when connect to my hotspot
Replies: 1
Views: 1225

Re: how to make browser automatically open when connect to my hotspot

This is the operating system deciding its an open access point running through a captive portal. Newer Windows operating systems do offer this through a popup once the Wireless connection has been established.
by Splash
Thu Apr 07, 2016 10:55 am
Forum: General
Topic: Having to reboot router daily since 6.34.4
Replies: 5
Views: 1882

Re: Having to reboot router daily since 6.34.4

I had the same problem with my SSTP VPN Tunnels. The tunnel would show up, but not pass any traffic. Logging in to the device showed no resource issues yet running a /export would not return any configuration. Rebooting the router would take a few attempts and there is a significant delay in the rou...
by Splash
Wed Apr 06, 2016 2:29 pm
Forum: Beginner Basics
Topic: Wireless Bridge mode DATA Speed
Replies: 2
Views: 1192

Re: Wireless Bridge mode DATA Speed

The information you have provided isnt too detailed, but you can check the following:

1. Any queues applied on the devices?
2. Wireless band you are using (A/N), Wireless Frequency Bandwidth (20/40/80Mhz)
3. Limit set on Bandwidth test client?
by Splash
Wed Apr 06, 2016 2:23 pm
Forum: Beginner Basics
Topic: Queues and Policies (QoS)
Replies: 7
Views: 2204

Re: Queues and Policies (QoS)

What you need to do is create a simple queue and set a guaranteed amount of bandwidth but limited to a maximum amount. This means that it will always be given at least this amount if it needs it. If not then other services such as browsing can use the available/unused bandwidth. A Basic option would...
by Splash
Fri Apr 01, 2016 2:27 pm
Forum: General
Topic: IPIP Interface always UP (Running)
Replies: 5
Views: 1475

Re: IPIP Interface always UP (Running)

Perfect! Thanks!

Good to know.
by Splash
Thu Mar 31, 2016 8:29 pm
Forum: General
Topic: IPIP Interface always UP (Running)
Replies: 5
Views: 1475

Re: IPIP Interface always UP (Running)

Looking at the configuration: (without any changes between the 2 commands) /interface ipip add !keepalive local-address=y.y.y.y name=ipip-1 remote-address=x.x.x.x /interface ipip add clamp-tcp-mss=yes disabled=no dont-fragment=no dscp=inherit !ipsec-secret keepalive=10s,10 local-address=y.y.y.y mtu=...
by Splash
Thu Mar 31, 2016 8:19 pm
Forum: General
Topic: IPIP Interface always UP (Running)
Replies: 5
Views: 1475

Re: IPIP Interface always UP (Running)

Ah, I thought it was enabled by default, thanks let me give that a try!

... Looking good!

Do you have any recommendations for the Keepalive settings or will the defaults do?
by Splash
Thu Mar 31, 2016 4:50 pm
Forum: General
Topic: IPIP Interface always UP (Running)
Replies: 5
Views: 1475

IPIP Interface always UP (Running)

I have multiple LNS (CCR) devices around the country which I use to provide full HA to our IPIP Tunnel customers. VRRP is used between sites to allow for a single IPIP Tunnel termination configuration BGP is used to replicate the active routes to the various VRF's The issue is that if one creates an...
by Splash
Thu Mar 31, 2016 4:41 pm
Forum: Beginner Basics
Topic: SNTP Client Not Synchronizing Time
Replies: 3
Views: 10296

Re: SNTP Client Not Synchronizing Time

Another consideration is that the NTP request will originate from the IP attached to the interface the traffic is routed through. If this is a private address for example on a point to point link, it wont be able to connect out to the remote NTP site.
by Splash
Thu Mar 31, 2016 10:32 am
Forum: Announcements
Topic: v6.34.4 [current] is released!
Replies: 30
Views: 23037

Re: v6.34.4 [current] is released!

After upgrading from version 6.34.3 to 6.34.4 within a few hours the device (RB493G) stops responding over an SSTP VPN connection. The connection reports up on the CPE, but down on the VPN concentrator (CCR). The device is monitored over the SSTP connection using PING and SNMP. System resources look...
by Splash
Wed Mar 30, 2016 10:16 pm
Forum: Beginner Basics
Topic: how to create multiple dhcp1,dhcp2 like different ip series?
Replies: 2
Views: 1139

Re: how to create multiple dhcp1,dhcp2 like different ip series?

With Mikrotik you are able to attach a DHCP Server to an interface, Bridge or a VLAN. This way you can run multiple DHCP Servers on the same router. 1. Create an IP Pool for each DHCP Server 2. Create a DHCP Server and attach it to the require interface. Repeat for each DHCP Server instance 3. Creat...
by Splash
Wed Mar 30, 2016 9:13 pm
Forum: Beginner Basics
Topic: Queues and Policies (QoS)
Replies: 7
Views: 2204

Re: Queues and Policies (QoS)

There are a number of ways one could tackle this, since each user has a unique IP address, you can look at per connection queuing with a set pool of bandwidth, making sure there is enough left for voice. 1. Another option would be to reserve an amount of bandwidth for the number of concurrent calls ...
by Splash
Tue Mar 15, 2016 11:37 am
Forum: General
Topic: HotSpot html upgrade
Replies: 1
Views: 1083

HotSpot html upgrade

Is there a recommended process to update the hotspot web files from an older version. I suspect that this is not done through a normal RouterOS update. I seem to be getting client errors after an update to the latest version of 6.34.3. A customer is reporting that they are receiving an error : uploa...
by Splash
Mon Mar 14, 2016 1:50 pm
Forum: RouterBOARD hardware
Topic: CCR1016-12S-1S+ but with 2 x SFP+?
Replies: 2
Views: 1436

Re: CCR1016-12S-1S+ but with 2 x SFP+?

Thanks for the detailed information. I used the 1016 as an example of the SFP only platform. I see the current SFP model I mentioned comes with dual power supply, so I hope they will look at expanding this platform on to the 36Core CPU with 2 x SFP+ ports and 24 x SFP! It would be a real win for POP...
by Splash
Mon Mar 14, 2016 12:36 pm
Forum: RouterBOARD hardware
Topic: CCR1016-12S-1S+ but with 2 x SFP+?
Replies: 2
Views: 1436

CCR1016-12S-1S+ but with 2 x SFP+?

Anyone know if there will be a Cloud Core with 2 x SFP+ and 12/24 SFP ports available soon? I would like to deploy these but would like to have redundancy on the 10G up-links.
by Splash
Sun Mar 13, 2016 8:26 pm
Forum: General
Topic: Feature: /export with a term match
Replies: 4
Views: 2123

Re: Feature: /export with a term match

Line splitting normally happens when your terminal window isnt long enough for the full line. You can try doing it with a bigger window on a bigger screen :). I don't think it would require much work to implement some sort of filtering on the export command. I'll look at seeing if I can get sometime...
by Splash
Sat Mar 12, 2016 9:05 am
Forum: General
Topic: Feature: /export with a term match
Replies: 4
Views: 2123

Re: Feature: /export with a term match

Agreed, the only problem is that when you do this it wont include the configuration "sub-sections" which you would need to manually include. Since the OS is based on Linux, I don't think it would be too hard to include cmd line tools like grep for example. Juniper uses the 'match' function...
by Splash
Sat Mar 12, 2016 9:01 am
Forum: Beginner Basics
Topic: help me to configure, please..
Replies: 2
Views: 1358

Re: help me to configure, please..

I think you need to double check your IP information provided to you by your ISP. The IP address ranges don't look correct as they are not in the same network address range based on your subnet mask. I'm guessing they are providing you with a point to point IP Address which routes your local public ...
by Splash
Fri Mar 11, 2016 10:01 am
Forum: General
Topic: Feature Request: NTP - Ability to Specify a Source IP Address
Replies: 2
Views: 1839

Re: Feature Request: NTP - Ability to Specify a Source IP Address

Yeah I figured as much which sucks! I have had to use a NAT to fix it, but I hope in the future one does not need to implement a work around. Same with DNS queries sourced from the router.
by Splash
Fri Mar 11, 2016 9:59 am
Forum: General
Topic: BGP Advertisments Table Missing Data
Replies: 0
Views: 684

BGP Advertisments Table Missing Data

When one removes the Router ID from the BGP Instance so that it uses the interface IP automatically, the Advertisements table becomes blank, however the routes are being distributed correctly. In my case I am using 2 peers with the same same BGP Instance to distribute routes within a VRF. If I have ...
by Splash
Thu Mar 10, 2016 11:57 am
Forum: Beginner Basics
Topic: Firewall rule with dynamic interface
Replies: 3
Views: 1882

Re: Firewall rule with dynamic interface

If you are worried about any configuration bound to a dynamic interface you should, as part of best practice, create a service binding. What this does is create an interface which is static, but linked to a dynamic username account. When ever the account connects it will be provided with the same in...
by Splash
Thu Mar 10, 2016 11:51 am
Forum: Beginner Basics
Topic: clear history ?
Replies: 2
Views: 1460

Re: clear history ?

Hello,

It seems the only way for you to achieve this is to reboot the device. I am not sure why clearing the history is a requirement as its merely a log of changes made to the device and by whom.
by Splash
Thu Mar 10, 2016 11:47 am
Forum: General
Topic: Feature: /export with a term match
Replies: 4
Views: 2123

Feature: /export with a term match

I would like to ask that some more power be added to the export facility on the Mikrotik to include the ability to match particular configuration only and with their respective grouping. This would allow one to filter all configuration that matches a particular term which could be an ip, comment, in...
by Splash
Wed Mar 02, 2016 5:05 pm
Forum: Beginner Basics
Topic: Web page exception for blocked TCP Port
Replies: 3
Views: 1305

Re: Web page exception for blocked TCP Port

I'll take a stab at an answer and say wouldn't a allow filter rule for the website placed above the drop rule work?
by Splash
Wed Mar 02, 2016 1:14 pm
Forum: Beginner Basics
Topic: Winbox V3.1 Managed List
Replies: 3
Views: 3007

Re: Winbox V3.1 Managed List

Hello,

This can be achieved by selecting the "Tools" menu option and enabling the "Advanced Mode" when running Winbox v3.x.
by Splash
Tue Mar 01, 2016 1:19 pm
Forum: Beginner Basics
Topic: ip flow
Replies: 1
Views: 761

Re: ip flow

Unfortunately not, but this is a feature I would also support in having implemented. You could try build a src-nat rule to try and make sure the source traffic is sourced from the right IP.
by Splash
Tue Mar 01, 2016 1:14 pm
Forum: Beginner Basics
Topic: Sxt lite 5 unable to update router os
Replies: 5
Views: 1762

Re: Sxt lite 5 unable to update router os

The device itself is unable to resolve the Mikrotik update server hostname. If you don't obtain your IP address information automatically through DHCP, check that you have set up a DNS server within the Mikrotik RouterOS .err msg show could not solve DNS shows that the router cannot resolve properly...
by Splash
Tue Mar 01, 2016 12:44 pm
Forum: Beginner Basics
Topic: SMB can access by WiFi but not by ethernet
Replies: 2
Views: 1139

Re: SMB can access by WiFi but not by ethernet

Maybe some tests you could perform.

Check IP gateway that is being assigned to the client computer is correct. (subnet etc)
Ping the SMB share IP. (probably the 10.128.0.1 ip)
Traceroute to the SMB share IP.
Torch the interface to see if you are seeing requests.
by Splash
Mon Feb 29, 2016 2:47 pm
Forum: Beginner Basics
Topic: IPSEC can't connect if LAN ports are down
Replies: 1
Views: 883

Re: IPSEC can't connect if LAN ports are down

Hello,

Check that you don't have the "Dial On Demand" option set for the L2TP Tunnel.
by Splash
Mon Feb 29, 2016 2:34 pm
Forum: Beginner Basics
Topic: branding option
Replies: 4
Views: 1672

Re: branding option

Hello,

Would you be able to provide more information? Are you referring to your HotSpot Login page?
by Splash
Mon Feb 29, 2016 2:26 pm
Forum: Beginner Basics
Topic: any body help me pls!!!!!!!!!!!!!!
Replies: 4
Views: 1374

Re: any body help me pls!!!!!!!!!!!!!!

This might help: # Date: 03/06/2011 # Revised: 22/02/2013 # Revised: 01/08/2013 # Author: Alfredo Agius # Revised by Alexander Prozorov - adaptation for RouterOS version 6.xx # File: cleanUserManager # Tested on: RouterOS version 6.1 # # Description: Deletes Mikrotik User-Manager accounts whos not a...
by Splash
Mon Feb 29, 2016 2:22 pm
Forum: Beginner Basics
Topic: Deny All Traffic Rule
Replies: 2
Views: 4752

Re: Deny All Traffic Rule

Since you are wanting to allow traffic only from 2 /24 subnets, you want to start by creating an address-list for those 2 networks. /ip firewall address-list add address=192.168.1.0/24 list=Allowed_Networks add address=192.168.2.0/24 list=Allowed_Networks Next you will need to create the rule(s) to ...
by Splash
Mon Feb 29, 2016 2:09 pm
Forum: Beginner Basics
Topic: allow websites
Replies: 4
Views: 1361

Re: allow websites

hi, I want to buy a new firewall. But i have some questions. In the office we have only one pc and we want to block all web sites and allow to just (exp) http://forum.mikrotik.com/ and http://www.accuweather.com/ i found it this model RB951Ui-2HnD and this model RB951G-2HnD which one is suitable fo...
by Splash
Mon Feb 29, 2016 2:00 pm
Forum: Beginner Basics
Topic: For filtering of log
Replies: 2
Views: 2123

Re: For filtering of log

Hello, You could try this, but it may hide other system log messages you still want. In a nutshell edit the default 'info' topic and add an additional topic 'system' but in this case, negate it so that it ignores all info-system messages. Check the number of the logging item, to make sure you are ed...
by Splash
Fri Feb 26, 2016 12:31 pm
Forum: General
Topic: Feature: Auto-Upgrade to support FTP/SFTP/HTTP/HTTPS
Replies: 0
Views: 1231

Feature: Auto-Upgrade to support FTP/SFTP/HTTP/HTTPS

Having the Auto Upgrade feature supporting more sources other than using a Mikrotik Router would be a big help. Having the ability to provide upgrades/downgrades through services such as FTP would allow one to make use of existing infrastructure or systems with far more disk space. (Barring running ...
by Splash
Wed Feb 24, 2016 10:25 am
Forum: Scripting
Topic: Script: PPPOE Interface Monitoring Script
Replies: 0
Views: 3490

Script: PPPOE Interface Monitoring Script

Hello, I wrote this script to help users determine when 1 or more of their PPPOE connections have failed. It is capable of monitoring 1 or more connections, for example a router running multiple ADSL Lines. I chose not to bother with email notifications as it wouldnt be helpful if the device only ha...
by Splash
Tue Feb 23, 2016 12:38 pm
Forum: General
Topic: Feature Request: NTP - Ability to Specify a Source IP Address
Replies: 2
Views: 1839

Feature Request: NTP - Ability to Specify a Source IP Address

Hello,

Would it be possible to consider allowing one to specify a SOURCE IP Address when using the NTP Client. Such situations as using a routable loopback IP Address or specific local address where one wants the requests to originate from.

Such support is available for RADIUS and SYSLOG.