MikroTik

ConnectivityEngineer

Interesting to say the least. We have quite a number of networks we have deployed IPv6 into. I always wish when things like this happened I knew more to be able to protect our clients - but of course that is the nature of the beast. Hoping Mikrotik can patch the issue. IPArchitects has a decent idea...

ConnectivityEngineer

For a simple setup - I suggest you peek at Mikrotik's revamped "The DUDE" Keep in mind - it runs on the router OS itself - and DOES NOT use windows or linux workstations to perform its tasks. I personally like some other solutions - Good Old Nagios, I was using Observium but then read some...

ConnectivityEngineer

YUP - kick but router ... but when I am working with enterprise customers who are demanding some options -I do not have a choice. On the other hand - when dealing with a large portion of our customer base - they get a Mikrotik EVERY time... not only because of cost - but because it is an easy system...

ConnectivityEngineer

Good Point ZeroByte

Joshaven has a great solution for some RBL's - i run locally to verify myself - and the above solution works -
Needs to get tweaked for v6 i think however

ConnectivityEngineer

While you will need to tweak this to your liking - might try using the script below which pulls from the blocklister.gefoo.org lists Keep in mind... Thousands of entries in the firewall CAN create a slow internet experience if Every Packet has to go through it. To that end - might decide to edit the...

ConnectivityEngineer

This thread (see the end ) has a decent script if your comfortable playing in that arena http://forum.mikrotik.com/viewtopic.php?t=87219 I personally like Queue Trees better - because the system (at least it was like this on version 5 of RouterOS not sure on RouterOS 6.x) goes through every simple q...

ConnectivityEngineer

Few methods - easiest if you are unsure how to operate Queues is to simply assign Simple Queues This can be done a few ways - just limit how much bandwidth each system is given via DHCP - and then static your own and set your priority to be 1 where theirs would be placed at the back end - and given ...

ConnectivityEngineer

Let me first say - IT WAS NOT the trainer. He actually stated he thought they were - but I figured let me ask. Butch Evans normally steers folks in the right direction... but I felt it was wise to ask just in case especially since we have more companies beginning to use our services daily to support...

ConnectivityEngineer

One other note: you might want to check out the script from Joshaven. http://joshaven.com/resources/tricks/mikrotik-automatically-updated-address-list/ Blocking known bad guys from even getting THROUGH your router is a great start :-) We mirror the lists he wgets and creates as well http://connectiv...

ConnectivityEngineer

I would suggest asking in the thread you posted - especially since it appears the author may be in the thread. I would also however suggest a much different approach. Allowing Access TO your router should Only happen if you know WHO IS COMING Allowing Access THROUGH Your Router on the other hand is ...

ConnectivityEngineer

Few things to help us on the forums who volunteer to help you: 1. Mind posting your config? (and please remember to strip out External IP addresses as needed for security reasons) 2. This is an RB951 - how many users are connecting and running through the system? I am wondering if it is a limit due ...

ConnectivityEngineer

Great Question: http://cateee.net/lkddb/web-lkddb/NET_VENDOR_ATHEROS.html shows that vendor: 1969 ("Qualcomm Atheros"), device: 1073 ("AR8151 v1.0 Gigabit Ethernet") vendor: 1969 ("Qualcomm Atheros"), device: 1083 ("AR8151 v2.0 Gigabit Ethernet") Are supported...

ConnectivityEngineer

Interesting thats for sure.

You could make sure to change the TTL for icmp

/ip firewall mangle add chain=prerouting out-interface=!ether1 action=change-ttl new-ttl=set:64 passthrough=yes

where ether1 is the interface in question (tune to your hearts desire in other words )

ConnectivityEngineer

Good Question - I have seen this happen - on a few different Tik Versions - and this has been the fix.

I know bit odd - but give it a shot.

ConnectivityEngineer

Without the backup config file - good luck.
If you had that - it might be possible...

ConnectivityEngineer

I am sitting waiting another train - however - this link might help you as well...

https://github.com/pear2/Net_RouterOS/wiki

ConnectivityEngineer

found this as well: http://wiki.mikrotik.com/wiki/API_PHP_package#Ping_from_router <?php use PEAR2\Net\RouterOS; require_once 'PEAR2/Autoload.php'; if (isset($_GET['act'])) {//This is merely to ensure the form was submitted. //Adjust RouterOS IP, username and password accordingly. $client = new Rout...

ConnectivityEngineer

The easiest way is to simply setup a shared file location on a webserver Then run /tool fetch url=http://yourdomain.com/files/data.txt[code] Every script I run also has the following at the top [code] # Printing local time for Log purposes ... :local CurrentTime [/system clock get time]; :log warnin...

ConnectivityEngineer

What you could do is setup a script so when netwatch on the host finds it is down send an snmp trap to Zabbix. We stopped using Zabbix because of the lack of dependencies AND thinks like this (admit its been a few years) Just our usage case... Anyhow - You can setup a trigger prototype using the &qu...

ConnectivityEngineer

Most likely the ONU is NOT passing this data upstream to the DHCP server. By definition a Layer 2 CPE does not have any Layer 3 capabilities (well depending upon your system it may allow communication with the captive portal for entering the Registration ID The issue is that your looking for the ONU...

ConnectivityEngineer

Rather than retyping - this should help. In short - each location gets their own network. https://aacable.wordpress.com/2012/11/21/different-login-page-for-multiple-network-on-mikrotik-hotspot/ Does not matter if that interface is a Wireless or Wired @ that point. The option to allow or not allow wo...

ConnectivityEngineer

Best solution - run Radius.

Technically there are work arounds - however they take a bit of scripting AND are not bulletproof.

Radius will do exactly what your looking for Mikrotik has a decent writeup available here: http://wiki.mikrotik.com/wiki/RouterOs_MySql_Freeradius

ConnectivityEngineer

Check the Lease time: If set to 0s lease will never expire, if not - then after it expires it will drop.

This might help: http://wiki.mikrotik.com/wiki/Manual:IP ... figuration

ConnectivityEngineer

If you add the port you wish to monitor to a bridge - and then add another port to the bridge the second port on the bridge will act like a mirrored port. I know its a bit clunky - however since there are NO SWITCH CHIPS in the Cloud Core Router series - this is the work around if you need something...

ConnectivityEngineer

Hello - Sorry I think the community is a bit stuck trying to figure out what you are asking. So lets start by answering the question that we think you asked - and then if not - having you restate the question. To set a Mikrotik to utilize a Radius Server - you simply go to the Radius menu and enter ...

ConnectivityEngineer

Forwarding labeled packets is quite different from forwarding IP packets in that not only is the IP lookup replaced with a lookup of the label in the label forwarding information base (LFIB) but different label operations are also possible. All IPv4 packets have one or more labels. This does imply t...

ConnectivityEngineer

Hope things are going well. Sadly we do not know how your hotspot is setup - SO it is a bit difficult to give you a clear answer. Andrew COX wrote a decent script for making sure users are limited to specific bandwidth settings. So might want to try this (of course edit to your needs) Andrew's is pa...

ConnectivityEngineer

You need to redirect port80 for the PPPoE users to the web proxy - since the PPPoE users basically create a dynamic interface - this might be part of the issue. Instead of working on an interface I would much rather work from an IP range. This is especially true if you wish in the future to have som...

ConnectivityEngineer

Without knowing your specific setup it is hard to say. What other jobs (if any) is the Mikrotik performing. Do you have any layer7 rules running, Firewall rules? etc Are the connections working as they should - (ie autonegotiate for interfaces working) If you have a 1/2 duplex or similar issue on a ...

ConnectivityEngineer

Simple Queues are exactly that - Simple. You may need to expand a bit pass the simple Queues. Traffic is most likely (depending on your setup) still First In / First Out /ip firewall mangle add chain=prerouting action=mark-connection new-connection-mark=ICMP_PING passthrough=yes protocol=icmp add ch...

ConnectivityEngineer

This is done via Policy Based Routing

Butch Evans has an excellent blog posting on this - http://blog.butchevans.com/2008/09/mikr ... n-example/rather than me retyping all this stuff over.

If your US Based - I suggest checking out Butch's Training Sessions as well.

ConnectivityEngineer

Awesome. Thanks for updating the forum - far to often folks keep threads hanging !

+1 for your reputation

ConnectivityEngineer

Did you get this figured out?

ConnectivityEngineer

servers: 8.8.8.8 dynamic-servers: 10.90.5.1,8.8.8.8,78.136.107.50 allow-remote-requests: no That last line basically is making it so that the LOCAL system IS NOT answering requests for DNS You might need to enable that - and then create the firewall rules as needed. I will test in a lab tomorrowish ...

ConnectivityEngineer

RC = release Candidate ... (which I am thinking you know)

Can you let us know what happens when you get a console cable connected?

ConnectivityEngineer

This most likely is FAR outside of the support of this forum.... especially because Installing the Dude Client WILL NOT wipe your hard drive. In any event - let's try helping you here: I would suggest first looking into the BIOS of the machine and seeing if there is an option to boot from the hard d...

ConnectivityEngineer

quick note of thanks: Far to often folks DO NOT update their requests to let folks know they found a solution... +1

ConnectivityEngineer

Generally speaking the RB750 is a decent product - and it even supports MPLS as shown here: http://routerboard.com/RB750 Just the other night we had a customer call into our Mikrotik TAC complaining their systems were dropping and locking up (we blogged here about it: http://connectivity.engineer/ne...

ConnectivityEngineer

Joshaven is TOP NOTCH. I have met him personally, done dinner etc with his family. He knows his stuff !!! I would however suggest you use his script BUT pull the data into / from your own source. WHY? because if his server ever were to go offline - simply said - your solution would STOP working If y...

ConnectivityEngineer

You should be able to do this - as long as a few things are in place.

1. If your using 2 different networks and place one in HotSpot mode - than only that network would require the hotspot...
2. Is the Radius Server authentication working?

What if anything is showing in the logs

ConnectivityEngineer

Can you please post the output of your config ?

Chances are there is a missing rule allowing your NAT to work.

If you visit the terminal just paste the output from these commands

/ip address export

 /ip route export

/ip firewall export

ConnectivityEngineer

Are you using AP Bridge mode? or ?

ConnectivityEngineer

I am not using the Arbor Networks product any longer - however - might want to see what you have setup in RouterOS first. /snmp> print I know I needed to provide some MIBs back in the day - If needed - you might need to add the MIB as well You can grab the MIB from here http://download2.mikrotik.com...

ConnectivityEngineer

Simple Firewall Rules for the VPN should work. I do not see your setup - so it is a bit difficult to figure out where the fault 100% is. Are you allowing Anyone to access your router and then use it ? (even by accident? ) Be happy to view your config if needed - chances are someone or something is u...

ConnectivityEngineer

Round Robin.

While I wondered the same thing - I just did a sniff on port 53 traffic - and sure enough - appeared to be round robin.

ConnectivityEngineer

IS-IS I do not believe is supported even in the latest Kernel by default (i might be wrong on that one however)- At present this would require Mikrotik to do some very heavy lifting creating a ISO protocol stack - ISO addressing - CLNS etc. Here is a start - https://git.netdef.org/projects/OSR/repos...

ConnectivityEngineer

+1 on this request

ConnectivityEngineer

until some things like IS-IS are supported - Cisco and other vendors still must be part of many providers portfolios

This is NOT Mikrotik's fault however - IS-IS is not supported in the Kernel

ConnectivityEngineer

On Friday 18th - The Dude was Re-Released.
Note - there is NO LONGER A WINDOWS SERVER VERSION

(there is a windows client however)

Visit this link http://forum.mikrotik.com/viewtopic.php?f=8&t=102772 for additional details.

ConnectivityEngineer

Do you have WDS enabled on both AP's?
This should help .

Also - you could create a MAC filter and block the 00:00.... and see WHAT stops

ConnectivityEngineer

I am not 100% sure however when you referenced the WAP is getting its management IP on a different network - it had me thinking. If both the sender and receiver for a multicast group are on the same local broadcast subnet, then the routers do not need to be involved in the process, and communication...

ConnectivityEngineer

Mikrotik makes an excellent A Record DNS Server for simple entries - However - the Server still requires fully qualified domain names - Or at minimum NO SPACES http://wiki.mikrotik.com/wiki/Manual:IP/DNS#All_DNS_Entries In short they are following the RFC Specs outlined here: http://www.ietf.org/rfc...

ConnectivityEngineer

Perhaps we do not have enough information to help you with the request... I do know in the past I personally had issues with a client after an upgrade. I ended up increasing the time outs and voila - worked like a champ. Quick ? Are you using sstp-server interface bindings on server's side, or do yo...

ConnectivityEngineer

It might be a simple BIOS setting - might check and see if you have PNP or similar activated. Also - I noticed your using an older version of RouterOS 5.2 There are a large number of advantages to utilizing the later versions - Mind letting us know a bit more about your setup? What system / motherbo...

ConnectivityEngineer

If you go to terminal please do the following /ip dns print It could be that DNS is timing out - OR your provider may be limiting the number of requests - It could also be that you have an invalid setup of sorts When this happens - you might also try to resolve domains on the Mikrotik itself /tools ...

ConnectivityEngineer

There are various solutions for SIP clients behind NAT, some of them in client side (STUN, TURN, ICE), others in server side (Proxy RTP as RtpProxy,MediaProxy). Sadly - we are not sure how your SIP provider is providing the solution to your setup - SO - this information might need to be tweaked just...

ConnectivityEngineer

Recently in a training I heard that Mikrotik ARE NOT CERTIFIED for use in the USA by the FCC.
Is this correct?

Search found 57 matches