Community discussions

MikroTik App

Search found 315 matches

  • 1
  • 2
by millenium7
Fri Oct 30, 2020 3:45 pm
Forum: General
Topic: How to identify routers with compromised password?
Replies: 3
Views: 287

Re: How to identify routers with compromised password?

Essentially i want to scan the entire network for any devices that allow login with 'MyAdmin / Password123' (not actual credentials) I can either do that with a machine running a program or script (I don't know of one personally, open to suggestions) but that would only test for SSH, ideally i'd als...
by millenium7
Fri Oct 30, 2020 2:16 am
Forum: General
Topic: How to identify routers with compromised password?
Replies: 3
Views: 287

How to identify routers with compromised password?

Is there a method to identify routers which are using a compromised password? I.e. lets say a bunch were originally setup with user account 'MyAdmin' and 'Password123' I want to do a scan of the network and find any routers that allow that login so I can go in and change it Most of our routers use R...
by millenium7
Mon Sep 28, 2020 12:07 am
Forum: Wireless Networking
Topic: MikroTik AP and Mimosa SM's. No WDS? Workaround?
Replies: 2
Views: 818

Re: MikroTik AP and Mimosa SM's. No WDS? Workaround?

Yes. We went up to each and every Mimosa radio in our network, unscrewed its high quality hose clamp fitting and promptly turfed it into the nearest bin so as to not infect any potential eBay 2nd hand buyers with deep regret and seething hatred. We then fit MikroTik/Cambium/Ubiquiti and lived a bett...
by millenium7
Thu Sep 24, 2020 7:19 am
Forum: General
Topic: DNS server selection based on Layer7 - viable?
Replies: 9
Views: 609

Re: DNS server selection based on Layer7 - viable?

I hear you, and we're trying to get that to happen. For now the Mikrotik will suffice at the same time however, the reality is the vast majority of smaller businesses do only run a single AD and DNS server without issue. And the reality is with virtualisation and image backups it's not the end of th...
by millenium7
Thu Sep 24, 2020 5:02 am
Forum: General
Topic: DNS server selection based on Layer7 - viable?
Replies: 9
Views: 609

Re: DNS server selection based on Layer7 - viable?

Wasn't aware of the DNS changes in 6.47 That would work I've also just setup a lab environment with an AD server and PC It does also work the 'old' way with layer7 protocol and 2x NAT rules /ip firewall layer7-protocol add comment=!!! name=domainrequests regexp="((.*).testdomain.local|(.*).testdomai...
by millenium7
Thu Sep 24, 2020 3:54 am
Forum: General
Topic: DNS server selection based on Layer7 - viable?
Replies: 9
Views: 609

Re: DNS server selection based on Layer7 - viable?

Specify two DNS servers and clients will try the first and if not responding, try the next. Windows clients are sticky with their DNS selection If I put i.e. the AD server as the first DNS server, and google/cloudflare as an alternative server, then if the AD server is unreachable yes it will fail ...
by millenium7
Thu Sep 24, 2020 3:22 am
Forum: General
Topic: DNS server selection based on Layer7 - viable?
Replies: 9
Views: 609

DNS server selection based on Layer7 - viable?

Is it viable to use Layer7 filtering to selectively route DNS requests to different servers? I want to use a MikroTik router in an organization as the DNS server. This organization runs Active Directory with only a single Domain/DNS server and relies on it for certain internal resources However if t...
by millenium7
Tue Sep 15, 2020 11:32 am
Forum: General
Topic: Mark routing to establish SSTP not working
Replies: 3
Views: 165

Re: Mark routing to establish SSTP not working

Bingo, you nailed it. Never would have thought that I did log the packets at the server side and it shows the packets coming in from the 'correct' IP (NAT'd by the LTE router) and packets therefore should get sent back correctly. I guess thats not enough, and would have been a nightmare to troublesh...
by millenium7
Tue Sep 15, 2020 9:25 am
Forum: General
Topic: Mark routing to establish SSTP not working
Replies: 3
Views: 165

Mark routing to establish SSTP not working

Can someone help me with this? I have in the mangle rules /ip firewall mangle add action=mark-routing chain=output comment="Establish SSTP via LTE" dst-address=1.2.3.4 dst-port=443 new-routing-mark=LTE passthrough=no protocol=tcp This is placed at the very top, no further mangle rules would affect t...
by millenium7
Mon Aug 31, 2020 4:34 am
Forum: General
Topic: LTE modem disconnects every 2 minutes
Replies: 9
Views: 3006

Re: LTE modem disconnects every 2 minutes

having the same problem on 6.47 (and many previous versions before that, don't remember one thats 100% stable)
by millenium7
Tue Aug 25, 2020 10:14 am
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 589
Views: 103867

Re: LHG 60G experience

Thanks for responding but that just isn't true..... or at least its woefully inaccurate, or isn't explained correctly. I still don't know if its referring to the AP or the SM (assuming logged into the AP) I was physically up onsite at this location, I know for a fact that this particular location th...
by millenium7
Sat Aug 22, 2020 11:51 am
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 589
Views: 103867

Re: LHG 60G experience

Those are not simple things and each installation is different and there are much more factors that may affect success with link. We can't simplify those details as they are much complicated compared to regular wireless. Simple explanation is available in our wiki. I disagree. MikroTik engineers do...
by millenium7
Fri Aug 21, 2020 3:57 am
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 589
Views: 103867

Re: LHG 60G experience

frequent tx-sector changes indicate, that there is issue related to devices moving in wind or alignment issues. In theory tx-sector should only change on very rare occasions - during first minutes of established connection, rain or on line of sight loss And what about if its rapidly changing but th...
by millenium7
Thu Aug 20, 2020 7:32 am
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 589
Views: 103867

Re: LHG 60G experience

Ok so 'frequency=auto' is seemingly a really bad idea. And using the terminal with 'int w60g mon 0' is essential as tx-error rate shows a more accurate picture than signal/MCS/rssi Pretty sure the way auto works is it just picks 58320 regardless, as i've only ever seen it on that frequency. It defin...
by millenium7
Wed Aug 19, 2020 3:08 am
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 589
Views: 103867

Re: LHG 60G experience

You're using LHG-60's as AP's? The antenna pattern is 3 degrees. So, across 120 degrees at ~100m, you're running off the RF equivalent of fumes. In theory yes, theoretically it shouldn't even work at all, but so far nothings made sense and matched up with the theoretical data. We used the LHG 60G a...
by millenium7
Tue Aug 18, 2020 2:13 am
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 589
Views: 103867

Re: LHG 60G experience

So to add some more experience and more confusion needing clarification.... Went out to the AP side of a site thats doing multipoint, spread is about 10 degrees between the 2 SM's. Distance is ~170m and ~340m respectively All of them are LHG 60G Found it was a little bit out of alignment, slightly u...
by millenium7
Sun Aug 16, 2020 4:17 am
Forum: Wireless Networking
Topic: LHG 60G experience
Replies: 589
Views: 103867

Re: LHG 60G experience

I've read through this entire thread and I still don't know exactly how to use these things 'properly'. There's too much confusion We have a few of them out in the field and they are unpredictable. Some links drop in the rain at just 300m, yet people are claiming over 10x that distance Speed doesn't...
by millenium7
Fri Jul 17, 2020 2:04 am
Forum: General
Topic: Why does both L2MTU and MAX-L2MTU exist?
Replies: 11
Views: 2308

Re: Why does both L2MTU and MAX-L2MTU exist?

Thats all well and good in theory, and that is the case for L3 MTU as there is path MTU discovery as well as response mechanisms to indicate the MTU is too large But unless i'm mistaken, L2 MTU will always silently drop. And i'm also not aware of any protocols that specifically go looking for the L2...
by millenium7
Wed Jul 15, 2020 4:50 am
Forum: Forwarding Protocols
Topic: OSPF VPLS/MPLS load balancing and failover
Replies: 7
Views: 1604

Re: OSPF VPLS/MPLS load balancing and failover

I'm investigating the same thing at the moment It appears the only way to do this properly and retain failover in both directions (if backup link goes down, should failover to primary) is using MPLS Traffic Engineering. I'm still investigating how to properly implement it with Mikrotik in the most m...
by millenium7
Mon Jun 22, 2020 3:04 am
Forum: Forwarding Protocols
Topic: Redundant paths to OSPF?
Replies: 1
Views: 619

Re: Redundant paths to OSPF?

Routes are chosen in this order - Most specific route - Administrative Distance (lower is better) - Metric/Cost (lower is better) If a packet has a destination of 192.168.1.2 and you have the following routes in the table... 192.168.0.0/16 - Distance 1 - Cost 0 192.168.1.0/24 - Distance 110 - Cost 5...
by millenium7
Mon Jun 22, 2020 2:57 am
Forum: Forwarding Protocols
Topic: Marking packets between mikrotik routers! [SOLVED]
Replies: 3
Views: 1275

Re: Marking packets between mikrotik routers! [SOLVED]

DSCP on its own is just a tag Yes its used for QoS but its up to each device along the chain to decide what to do, there's nothing stopping it from just entirely ignoring the DSCP number and doing no QoS whatsoever. It's common for most devices to just bundle a range of DSCP values into only 3 or so...
by millenium7
Tue Jun 16, 2020 4:15 am
Forum: General
Topic: Hotspot bypass for a range of MAC addresses?
Replies: 0
Views: 458

Hotspot bypass for a range of MAC addresses?

Is there a way to use wildcards or a range of MAC addresses in the hotspot bypass?
by millenium7
Fri Jun 12, 2020 11:52 am
Forum: General
Topic: Feature requests
Replies: 1279
Views: 290363

Re: Feature requests

I'm sorry to tell you, but that isn't possible. Addresses have not been assigned that way! I also sometimes thought it would have been much better when it had been done that way, but it hasn't. LIRs have assigned /24.../16 blocks to "users" (companies, internet providers) completely randomly, withi...
by millenium7
Fri Jun 12, 2020 6:15 am
Forum: Forwarding Protocols
Topic: MPLS TE and OSPF. Some clarification?
Replies: 0
Views: 420

MPLS TE and OSPF. Some clarification?

I been labbing MPLS TE and things aren't quite as they seem, and work a little differently to how i'd expect. I'm hoping someone can clarify Reading through the wiki page https://wiki.mikrotik.com/wiki/Manual:Simple_TE It gives some examples, but it's not thoroughly explaining everything in use The ...
by millenium7
Fri Jun 12, 2020 3:25 am
Forum: General
Topic: Feature requests
Replies: 1279
Views: 290363

Re: Feature requests

My first claim is that it is useless. And I will explain that: You have not defined what "the country of an IP address" is, and neither has the internet. You are WAY overthinking this. It's really as simple as an address list generated from IANA that says i.e. 1.x.x.x/8 = Belongs in USA. 2.1.x.x/16...
by millenium7
Wed Jun 10, 2020 3:59 am
Forum: General
Topic: Feature requests
Replies: 1279
Views: 290363

Re: Feature requests

Consider a GeoIP package allowing for firewall filtering by Country I'm against that. It is completely useless, and it tends to racism. lmao, oh god, political correctness has now extended to routers..... There are very good reasons for country blocking, first and foremost is for many people there'...
by millenium7
Thu Jun 04, 2020 6:18 am
Forum: Forwarding Protocols
Topic: Selective routing with failover in MikroTik - How?
Replies: 2
Views: 700

Selective routing with failover in MikroTik - How?

So I have 2 scenario's that I need to find a solution for Scenario A : 1 hop selective routing https://i.imgur.com/rqLBmlo.png RouterA & RouterB are running OSPF to each other, the 60ghz path is set to the default cost of 10 and is running BFD, the 5ghz path is a cost of 15 This works perfectly fine...
by millenium7
Thu Jun 04, 2020 5:18 am
Forum: General
Topic: Why does both L2MTU and MAX-L2MTU exist?
Replies: 11
Views: 2308

Re: Why does both L2MTU and MAX-L2MTU exist?

L2MTU is what its actually set to, it will never transmit more than that Max L2MTU is the hardware limit of what its capable of doing. This varies from model to model, some only support ~2000 others support ~11000 etc Removing it would be a really bad idea, its extremely useful for determining the m...
by millenium7
Thu May 28, 2020 3:33 am
Forum: Forwarding Protocols
Topic: OSPF configuration rules
Replies: 2
Views: 1168

Re: OSPF configuration rules

Actually i've found NBMA to be quite buggy on MikroTik and I can't think of any upsides to using it. The only 2 possible scenario's I can think it has any merit whatsoever is 1) You have some really antiquated shitty radio equipment or you are leasing a link from another company that does not suppor...
by millenium7
Thu May 28, 2020 2:56 am
Forum: Forwarding Protocols
Topic: WE NEED EIGRP
Replies: 39
Views: 16818

Re: WE NEED EIGRP

We just had a major network outage yesterday due to OSPF's design limitations. We expanded a network that was originally setup as a separate area but now has major transit link in it. That network needs to be in the backbone because of OSPF's limited design restrictions, but its joined to the rest o...
by millenium7
Thu May 28, 2020 2:34 am
Forum: Forwarding Protocols
Topic: Unable to route between WAN and inside network - Public IP and no Nat required.
Replies: 2
Views: 580

Re: Unable to route between WAN and inside network - Public IP and no Nat required.

Might need a /export of the relevant sections It really depends how you've set your firewall filter rules up, but if you have a typical set of requirements (public IP that the LAN shares, additional public IP's for other devices) you shouldn't need anything at all in 'firewall filter' you just need ...
by millenium7
Tue May 26, 2020 3:32 am
Forum: Forwarding Protocols
Topic: [Stability] Multiple PPPoE servers (+10) at the same router - Is there any alternatives?
Replies: 3
Views: 1170

Re: [Stability] Multiple PPPoE servers (+10) at the same router - Is there any alternatives?

Since PPPoE is something that hits the CPU anyway, you won't have any noticeable performance drop by bridging all the interfaces And PPPoE stability has never been an issue in my experience with MikroTik, it's the one thing thats worked perfectly every single time for me, and I much prefer MikroTik'...
by millenium7
Tue May 12, 2020 12:26 am
Forum: Forwarding Protocols
Topic: WE NEED EIGRP
Replies: 39
Views: 16818

Re: WE NEED EIGRP

I don't dispute its lack of popularity and support But saying things like "I can probably count on one hand the number of times i've seen EIGRP used in a WISP in the last 15 years." is a chicken or egg scenario. It's like me saying "I can count on 1 hand the number of electric vehicles I see on the ...
by millenium7
Tue May 05, 2020 2:28 am
Forum: General
Topic: How to test the speed of a cable
Replies: 2
Views: 836

Re: How to test the speed of a cable

Devices send as a certain modulation rate, in the case of ethernet this is not variable its fixed at 10/100/1000mbit. It can't drop its speed down to say 800mbit/s if the cable is a little wonky. It can drop down to 100mbit if the NIC detects a missing pair or a poor enough signal ratio, it will nev...
by millenium7
Wed Apr 29, 2020 2:59 am
Forum: Forwarding Protocols
Topic: WE NEED EIGRP
Replies: 39
Views: 16818

Re: WE NEED EIGRP

This is definitely an antiquated and very closed minded view. Let's look over the fact that EIGRP - regardless of its usefulness - was a closed system with a fairly insignificant (comparatively speaking) install base and is very unlikely to ever make it into other platforms with any level of deploy...
by millenium7
Wed Apr 22, 2020 6:59 am
Forum: General
Topic: How does RSTP work with vlan interfaces in bridge?
Replies: 0
Views: 1122

How does RSTP work with vlan interfaces in bridge?

How does STP work on MikroTik when you put vlan interfaces into a bridge? And does it work differently when you put the physical interfaces into the bridge but use the 'vlan' tab and then create a VLAN interface on the bridge Take this example which is close to a real world example that was experien...
by millenium7
Tue Apr 21, 2020 12:30 pm
Forum: Wireless Networking
Topic: DHCP lease over wireless bridge does not work for Ethernet clients [SOLVED]
Replies: 4
Views: 2754

Re: DHCP lease over wireless bridge does not work for Ethernet clients [SOLVED]

It does work, there will be an explanation for whats going on, why it isn't working for you and a way to fix it. It may be something like your AP is blocking multiple DHCP requests (unlikely but you never know). The mikrotik does not need a lease, so disable that to start with, heck just do a system...
by millenium7
Tue Apr 21, 2020 2:35 am
Forum: Wireless Networking
Topic: DHCP lease over wireless bridge does not work for Ethernet clients [SOLVED]
Replies: 4
Views: 2754

Re: DHCP lease over wireless bridge does not work for Ethernet clients [SOLVED]

I've used station-pseudobridge mode in the past and its worked fine, havn't needed to do anything special just put in a bridge with an ethernet port The wiki does say this This mode is limited to complete L2 bridging of data to single device connected to station (by means of single MAC address trans...
by millenium7
Thu Apr 09, 2020 11:56 am
Forum: General
Topic: Can traffic generator be used over more than 1 hop?
Replies: 2
Views: 1058

Re: Can traffic generator be used over more than 1 hop?

That's not suited, I need to test routing performance. If it's in a tunnel its not going to pass traffic in the same fashion
by millenium7
Thu Apr 09, 2020 10:34 am
Forum: General
Topic: RB3011 - low routing performance with low CPU usage?
Replies: 7
Views: 2199

Re: RB3011 - low routing performance with low CPU usage?

Ok very interesting I setup a lab with a CCR as the core a HEX/RB2011/RB3011 as routers connected to it through a gigabit switch Then another CCR behind it that I used as a customer to simulate this In my initial testing I got the expected behaviour, which is slower tests 'from' the router and faste...
by millenium7
Thu Apr 09, 2020 9:32 am
Forum: General
Topic: Can traffic generator be used over more than 1 hop?
Replies: 2
Views: 1058

Can traffic generator be used over more than 1 hop?

I don't see a way to do this and all the examples i've come across have 2 routers directly connected I want to measure the packet throughput rate of routers. So I need to send traffic 'through' them and also have packets bounced back to measure jitter, packet loss etc If I have RouterA->RouterB It's...
by millenium7
Thu Apr 09, 2020 2:32 am
Forum: RouterBOARD hardware
Topic: CCR1036-8G-2S+ - SFP+ port stops transmitting data?
Replies: 18
Views: 5545

Re: CCR1036-8G-2S+ - SFP+ port stops transmitting data?

That's not a great fix But would simply increasing the L2MTU and not restoring it back down help? Because there is no harm in setting L2MTU to max. Infact I don't know why it isn't set to maximum (that goes for every single device on the market). Nothing will ever send larger L2 frames unless specif...
by millenium7
Wed Apr 08, 2020 1:13 pm
Forum: General
Topic: RB3011 - low routing performance with low CPU usage?
Replies: 7
Views: 2199

Re: RB3011 - low routing performance with low CPU usage?

It wouldn't. But everything is already set to point to point
by millenium7
Wed Apr 08, 2020 10:23 am
Forum: RouterBOARD hardware
Topic: CCR1036-8G-2S+ - SFP+ port stops transmitting data?
Replies: 18
Views: 5545

Re: CCR1036-8G-2S+ - SFP+ port stops transmitting data?

This happened AGAIN in our network at a different location, but to 'ethernet' ports this time. So this bug seemingly doesn't care if its ethernet or SFP modules This happened on a CCR1009-7G-1C-1S+ That site has had issues with VPLS tunnels randomly dropping off over the past couple months. I very t...
by millenium7
Wed Apr 08, 2020 3:38 am
Forum: General
Topic: 20km Point-to-Point 5HPacD2HPnD-XL or LHGXL52ac
Replies: 4
Views: 1495

Re: 20km Point-to-Point 5HPacD2HPnD-XL or LHGXL52ac

That distance is nothing for this antenna... https://mikrotik.com/products/ptp Has anyone experience with the unit not being able to reach the full output Full output? Actually you must setup the antenna within the Limits allowed in your Country. I call bulllllllllllllllshit on those graphs lol LHG...
by millenium7
Wed Apr 08, 2020 3:22 am
Forum: General
Topic: RB3011 - low routing performance with low CPU usage?
Replies: 7
Views: 2199

Re: RB3011 - low routing performance with low CPU usage?

CPU usage is very low ~5-15%. It's not even close to maxing out 1 core, yet the actual results of passing packets through it look very much like a lack of processing power So either CPU usage is reported completely incorrectly for routed traffic, or there's something else going on Note that if I use...
by millenium7
Tue Apr 07, 2020 8:05 am
Forum: General
Topic: Feature Request: Interface in OSPF state change log entry
Replies: 0
Views: 1355

Feature Request: Interface in OSPF state change log entry

We use Syslog to get fast notifications of OSPF neighbor state changes pushed to SLACK. Problem is the log entry only contains the neighbor ID When we have a primary and backup path, the messages are identical if primary or secondary fails. Can the message be changed to also include the interface na...
by millenium7
Tue Apr 07, 2020 7:09 am
Forum: Forwarding Protocols
Topic: How can this BGP session possibly drop when OSPF changes?
Replies: 3
Views: 1639

Re: How can this BGP session possibly drop when OSPF changes?

Ok well take the following example https://i.imgur.com/WVLFeSx.png RouterA/B/C establish an iBGP session to the core using their physical link addresses (i.e. 10.0.1.1), not loopbacks, so the routes directly to the core should never be affected, they'll use their directly connected links at all time...
by millenium7
Tue Apr 07, 2020 3:48 am
Forum: General
Topic: Policy routing for VoIP across backup links?
Replies: 1
Views: 1529

Re: Policy routing for VoIP across backup links?

Bump. Anyone?
by millenium7
Mon Apr 06, 2020 5:02 am
Forum: Forwarding Protocols
Topic: How can this BGP session possibly drop when OSPF changes?
Replies: 3
Views: 1639

How can this BGP session possibly drop when OSPF changes?

The topology/setup We have a core router that uses iBGP sessions to the rest of our network, it only establishes iBGP sessions to the sites that have a layer2 fibre connection (We'll call them A/B/C). The core is setup as a route reflector to these sites. Each of these site has its own Layer2 conne...
by millenium7
Sat Apr 04, 2020 1:43 pm
Forum: Wireless Networking
Topic: Why no 60/80ghz with 5ghz failover?
Replies: 13
Views: 3174

Re: Why no 60/80ghz with 5ghz failover?

Again you are missing the point that it is a 'backup' Don't need super long range, or particular high performance. 99.99% of the time it is not being used at all It's entire purpose in life is to provide connectivity when there otherwise is none, it's not to be an awesome standalone 5ghz product tha...
by millenium7
Sat Apr 04, 2020 2:00 am
Forum: Wireless Networking
Topic: Why no 60/80ghz with 5ghz failover?
Replies: 13
Views: 3174

Re: Why no 60/80ghz with 5ghz failover?

Yes it doesnt NEED to be high gain Who would install a 60+5ghz radio and want 30db of gain? So you can make a link go 8km on 5ghz only and never use the 60ghz? :lol: that would be stupid It doesn't need much gain, the PRIMARY purpose is the 60ghz radio, so as long as the 5ghz can do the same distanc...
by millenium7
Fri Apr 03, 2020 6:32 am
Forum: General
Topic: Is BTest broken after 1 hop?
Replies: 4
Views: 1548

Re: Is BTest broken after 1 hop?

Ok its not the btest program, it's something funky going on with the RB3011's in our network. They can do good performance only when passing packets to a directly connected neighbor, but if they have to go more than 1 hop it all turns to shit. Even if packets are being passed 'through' a RB3011 and ...
by millenium7
Fri Apr 03, 2020 6:30 am
Forum: General
Topic: RB3011 - low routing performance with low CPU usage?
Replies: 7
Views: 2199

RB3011 - low routing performance with low CPU usage?

Ok so riddle me this We've been encountering speed issues since starting to migrate off PPPoE client connections inside VPLS tunnels to a PPPoE concentrator, and onto DHCP instead Why are we doing this? - Faster recovery if a link goes down - Faster failover - Multi path selection - Simpler topology...
by millenium7
Fri Apr 03, 2020 1:42 am
Forum: Wireless Networking
Topic: Why no 60/80ghz with 5ghz failover?
Replies: 13
Views: 3174

Re: Why no 60/80ghz with 5ghz failover?

2 devices is vastly inferior to 1 combined device - Need to run extra cables (PoE passthrough does not help if they are different voltages) - More config on switches/routers with more ports or VLANs, extra IP addresses - Need to pay a lot more attention to loop prevention - Need more physical mast s...
by millenium7
Fri Apr 03, 2020 1:12 am
Forum: General
Topic: Routing a Block of Public IP Addresses to Other Mikrotik [SOLVED]
Replies: 12
Views: 3755

Re: Routing a Block of Public IP Addresses to Other Mikrotik [SOLVED]

I figured the routers already have some config on them, MikroTik2 already has a route to 1 or a default route etc. But yes that is needed if there's no existing routes From a routers perspective there are no 'private' or 'public' IP addresses, they are just IP's NAT has changed the way most of us th...
by millenium7
Thu Apr 02, 2020 12:45 pm
Forum: Wireless Networking
Topic: Why no 60/80ghz with 5ghz failover?
Replies: 13
Views: 3174

Re: Why no 60/80ghz with 5ghz failover?

Yep, lots of really good products and really good ideas that are only halfway finished. It's like their R&D department do nothing until 4:30pm on a friday then madly come up with something before 5pm beers - 36/72 core router, with no support for MetaRouter/Virtualization and almost everything is si...
by millenium7
Thu Apr 02, 2020 12:23 pm
Forum: Wireless Networking
Topic: Why no 60/80ghz with 5ghz failover?
Replies: 13
Views: 3174

Why no 60/80ghz with 5ghz failover?

I don't understand this, why no dual 60/80ghz with 5ghz failover products? The 60ghz LHG radios are FANTASTIC, I really, really like them due to the beamforming. You just chuck them in and hey presto you have a 2gbit/s link, I don't even really bother to align them they 'just work', right up until i...
by millenium7
Thu Apr 02, 2020 11:44 am
Forum: General
Topic: RB750gr3 for 140mb WAN + 20 clients [SOLVED]
Replies: 10
Views: 3366

Re: RB750gr3 for 140mb WAN + 20 clients [SOLVED]

umm what the hell lol. HEX/RB750gr3 has PLENTY of grunt, will effortlessly do 140mb/s even with lots of firewall/NAT/mangle rules We use them a lot as distribution routers on small sites that don't yet warrant a CCR running OSPF/MPLS/VPLS as well as DHCP servers, several firewall entries etc and all...
by millenium7
Thu Apr 02, 2020 11:40 am
Forum: General
Topic: Routing a Block of Public IP Addresses to Other Mikrotik [SOLVED]
Replies: 12
Views: 3755

Re: Routing a Block of Public IP Addresses to Other Mikrotik [SOLVED]

Well I work as the lead engineer for an ISP so if it doesn't work i'm out of a job :lol:
by millenium7
Thu Apr 02, 2020 11:10 am
Forum: General
Topic: Routing a Block of Public IP Addresses to Other Mikrotik [SOLVED]
Replies: 12
Views: 3755

Re: Routing a Block of Public IP Addresses to Other Mikrotik [SOLVED]

however i had some overthinking since those are Public IPs and i dont know if the ISP has any limitation to the TTL of the packets or anything... Nope, and on that topic.... TTL can be manipulated on MikroTik with mangle rules. It actually does come in very handy if you have known, fixed number of ...
by millenium7
Thu Apr 02, 2020 3:22 am
Forum: General
Topic: Routing a Block of Public IP Addresses to Other Mikrotik [SOLVED]
Replies: 12
Views: 3755

Re: Routing a Block of Public IP Addresses to Other Mikrotik [SOLVED]

Ummm this is super easy. All you do is add a static route on MikroTik 1 pointing to MikroTik 2 But MikroTik 2 still needs to have an address. Normally on the link between MikroTik 1 and 2 you would give them a private IP i.e. 10.0.12.1/30 and 10.0.12.2/30 Then on MikroTik1 you just add your static r...
by millenium7
Tue Mar 31, 2020 8:35 pm
Forum: General
Topic: Is BTest broken after 1 hop?
Replies: 4
Views: 1548

Re: Is BTest broken after 1 hop?

No, doing independent tests from A to B and B to C shows roughly the actual bandwidth available. Testing A to C shows way lower It's not interference, completely different (80ghz one side, 5ghz the other). Radios are not pointing in the same direction A to C should be seeing 150 but it doesn't I tes...
by millenium7
Tue Mar 31, 2020 7:28 am
Forum: General
Topic: Policy routing for VoIP across backup links?
Replies: 1
Views: 1529

Policy routing for VoIP across backup links?

Not quite sure of the way to go about this Essentially we have a OSPF+MPLS network, almost all of it is wireless Some sites have 24/60/80ghz primary and 5ghz backup links. The 5ghz always sit idle until used, the main link has BFD for faster failover. But occasionally a link flaps in bad conditions ...
by millenium7
Tue Mar 31, 2020 6:13 am
Forum: General
Topic: Load external image on captive portal
Replies: 14
Views: 3092

Re: Load external image on captive portal

use the walled garden section to whitelist the URL or IP address
by millenium7
Tue Mar 31, 2020 2:28 am
Forum: General
Topic: Is BTest broken after 1 hop?
Replies: 4
Views: 1548

Is BTest broken after 1 hop?

This is something we rely on quite a bit to test for available 'real usable' capacity but 99% of the time we've been using it 1 hop away, either direct router-router connections or across PPPoE connections at customer sites, and for this its fairly accurate especially with UDP However i've been test...
by millenium7
Mon Mar 30, 2020 10:38 am
Forum: Forwarding Protocols
Topic: EOIP alternative?
Replies: 10
Views: 3561

Re: EOIP alternative?

EoIP is going to fragment anyway, it's a Layer2 bridging protocol, not Layer3 MTU (which is a L3 MTU) shouldn't even really be used. It will carry all L2 traffic at an MTU up to ~65535 or whatever its set to So if you put it in a bridge or any standard Layer2 segment with switches etc you're going t...
by millenium7
Fri Mar 27, 2020 10:43 am
Forum: Announcements
Topic: v6.45.8 [long-term] is released!
Replies: 87
Views: 64955

Re: v6.45.8 [long-term] is released!

I think 6.45.8 is a mess and feel that MikroTik should withdraw it. There's multiple issues with it and some of them are pretty damn serious
by millenium7
Wed Mar 25, 2020 1:14 am
Forum: Scripting
Topic: Are special parameters parsed when script ran by DHCP server?
Replies: 3
Views: 1509

Re: Are special parameters parsed when script ran by DHCP server?

err yes there is
agent-remote-id and agent-circuit-id are parameters that are injected into DHCP request packets by another inline device, also knows as DHCP Option 82
Both are supported in MikroTik's DHCP server as read-only parameters
by millenium7
Mon Mar 23, 2020 5:12 am
Forum: Scripting
Topic: Are special parameters parsed when script ran by DHCP server?
Replies: 3
Views: 1509

Are special parameters parsed when script ran by DHCP server?

At the moment I have a 30 line script to ensure only 1 DHCP lease can be active per Remote-ID at a time, the newest lease clears all other entries that have the same Remote-ID (potential issue if a client plugged a switch into their WAN connection instead of a router) but there's currently a bug in ...
by millenium7
Sun Mar 22, 2020 12:42 am
Forum: RouterBOARD hardware
Topic: CCR1036-8G-2S+ - SFP+ port stops transmitting data?
Replies: 18
Views: 5545

Re: CCR1036-8G-2S+ - SFP+ port stops transmitting data?

The biggest benefit of DHCP for both for us and customers is they can just take any router straight out of the box, plug it in and bam immediately have internet access, as almost all routers are configured for DHCP by default. They can factory reset it, still works just fine. Because MikroTik router...
by millenium7
Sat Mar 21, 2020 12:50 am
Forum: RouterBOARD hardware
Topic: CCR1036-8G-2S+ - SFP+ port stops transmitting data?
Replies: 18
Views: 5545

Re: CCR1036-8G-2S+ - SFP+ port stops transmitting data?

I found no solution, and the amount of outages and customer issues this caused i'll never be trying it again We've had to keep those core routers entirely OSPF and MPLS free. As PPPoE is still terminated on those routers, this means we lose automatic failover if a major site goes down, and we have t...
by millenium7
Fri Mar 13, 2020 2:15 pm
Forum: Forwarding Protocols
Topic: OSPF and multiple areas
Replies: 9
Views: 3942

Re: OSPF and multiple areas

You need to use route filtering I've said it multiple times, OSPF kinda sucks with its design limitations at scale in a WISP but it's what we have so we have to deal with it Note also that additional areas can all be fringe networks but using the exact same area I.e. there's absolutely no problem wi...
by millenium7
Fri Mar 13, 2020 4:49 am
Forum: General
Topic: DHCP leases based on Circuit/Remote ID information?
Replies: 0
Views: 1682

DHCP leases based on Circuit/Remote ID information?

As far as I can tell the only way to identify a device for a static lease on MikroTik is by MAC address? The 'use src MAC address' option I believe uses the Remote ID information but it still needs to be entered into the 'MAC Address' field of a static lease, meaning it can only accept standard MAC ...
by millenium7
Wed Mar 11, 2020 2:43 am
Forum: Forwarding Protocols
Topic: VPLS woes, tunnel will not come up
Replies: 4
Views: 2703

Re: VPLS woes, tunnel will not come up

Really need help with this. Downgraded all routers in our network that were on 6.45.x back to 6.44.6 and still havn't the same problem Various tunnels (completely different locations this time) are just going down and not coming back up. This is a huge problem I've put in half a dozen EoIP tunnels f...
by millenium7
Tue Mar 10, 2020 8:46 am
Forum: Announcements
Topic: v6.45.8 [long-term] is released!
Replies: 87
Views: 64955

Re: v6.45.8 [long-term] is released!

I upgraded some routers from 6.44.x to 6.45.8 and i've been experiencing VPLS issues in our network More information here https://forum.mikrotik.com/viewtopic.php?f=14&t=158525 but the basics are that VPLS tunnels are randomly stopping, won't go into running state. But everything I check manually (r...
by millenium7
Tue Mar 10, 2020 4:01 am
Forum: Forwarding Protocols
Topic: OSPF and multiple areas
Replies: 9
Views: 3942

Re: OSPF and multiple areas

Is stubbing and range/summary mandatory for take advantage of the benefits? At what level (# of routers, # of routes) is an MPLS+iBGP solution a more logical to use than plain OSPF? MPLS LDP does not use BGP routes. So you still HAVE to use OSPF (unless you statically add labels I guess) And LDP al...
by millenium7
Tue Mar 10, 2020 1:11 am
Forum: Forwarding Protocols
Topic: VPLS woes, tunnel will not come up
Replies: 4
Views: 2703

VPLS woes, tunnel will not come up

I can't work out this, I chalk it up to yet another mikrotik bug I have 2 routers in our network that just refuse to bring up a VPLS tunnel now. They were working fine, then suddenly out of nowhere they just flat out refuse to connect to each other. And I can't for the life of me work it out Before ...
by millenium7
Sat Mar 07, 2020 2:24 am
Forum: Forwarding Protocols
Topic: WE NEED EIGRP
Replies: 39
Views: 16818

Re: WE NEED EIGRP

OSPF works fine for corporate/enterprise IS-IS works far better for 'service provider' environments EIGRP works in both This is **NOT** the way to look at routing protocols. Routing protocols solve problems. We have to stop looking at them as enterprise vs. service provider. You can't separate them...
by millenium7
Fri Mar 06, 2020 6:22 am
Forum: Forwarding Protocols
Topic: WE NEED EIGRP
Replies: 39
Views: 16818

Re: WE NEED EIGRP

I can't imagine devoting the resources to bring up EIGRP. As networks continue to stop being Cisco-exclusive, the demand for EIGRP drops even more. You can run OSPF and EIGRP in parallel if you wish to make a transition to OSPF. I can't imagine why people are against EIGRP on MikroTik and think OSP...
by millenium7
Fri Mar 06, 2020 2:35 am
Forum: General
Topic: feature request ADVANCED DNS Server
Replies: 42
Views: 11839

Re: feature request ADVANCED DNS Server

I disagree with this feature request The included DNS features are as functional as they realistically need to be, for what MikroTik routers are You need to keep things in perspective. At the end of the day it is a router, not a server. MikroTik already has a huge amount of quality of life improveme...
by millenium7
Wed Mar 04, 2020 9:29 am
Forum: Forwarding Protocols
Topic: Multicast routing, confused
Replies: 0
Views: 2769

Multicast routing, confused

I've managed to kind-of-sort-of get multicast working in a lab environment but it seems buggy. Like i'll have a working configuration and then i'll reboot a router and all of a sudden, stops working Or I try and break it on purpose, and yet multicast is still flowing I'm just confused with it all, s...
by millenium7
Tue Feb 25, 2020 12:08 pm
Forum: Forwarding Protocols
Topic: EOIP alternative?
Replies: 10
Views: 3561

Re: EOIP alternative?

If your home network is connected via private network and does not go over the internet. Then your best bet is VPLS This takes a bit more to setup but its not too bad. All routers between you and the destination need to be running MPLS, and you need to make sure your L2MTU on every device (every rad...
by millenium7
Tue Feb 25, 2020 9:37 am
Forum: General
Topic: DHCP Option 82 route injection?
Replies: 2
Views: 1341

Re: DHCP Option 82 route injection?

Script updated and tested. Does exactly what it should (only supports /32 routes)

/32 routes are added for DHCP leases handed out on a specific interface. This script can be copied and used multiple times on multiple instances
Routes will get removed when the lease expires
by millenium7
Tue Feb 25, 2020 2:37 am
Forum: Forwarding Protocols
Topic: EOIP alternative?
Replies: 10
Views: 3561

Re: EOIP alternative?

MTU could also be an issue here How are you using EoIP? Is it just native EoIP or is it running inside another tunnel i.e. PPTP or L2TP? If the latter, absolutely only use L2TP as thats the only UDP based VPN that MikroTik supports at this point in time Either way i'd manually set the MTU to 1500 on...
by millenium7
Tue Feb 25, 2020 2:19 am
Forum: General
Topic: DHCP Option 82 route injection?
Replies: 2
Views: 1341

Re: DHCP Option 82 route injection?

Well I stayed up late and adapted a script I made for updating address lists ### DHCP Option 82 route injection script { :local DHCPServerName "DHCP82Clients" ; # Set this to the name of the DHCP Server instance :local Comment "Added by DHCP82 Script" :local Distance 5 ; # Route distance :local DHCP...
by millenium7
Mon Feb 24, 2020 8:31 am
Forum: General
Topic: DHCP Option 82 route injection?
Replies: 2
Views: 1341

DHCP Option 82 route injection?

I want to move to DHCP option 82 on MikroTik for easier provisioning of clients, just plug in any off-the-shelf router including MikroTik and bang client is online. However at the moment it is entirely useless for /32 and/or public IP address space because I can't see any way to have the routes inje...
by millenium7
Thu Feb 20, 2020 1:21 am
Forum: Wireless Networking
Topic: 60ghz products, some clarification?
Replies: 3
Views: 2138

Re: 60ghz products, some clarification?

Interesting, the multi element array explains why you can just point it practically anywhere and it works So why is it the center is stronger? Why does it matter if its using any other element in the array? And if MikroTik's beam width of 1 degree still holds any validity then that would mean that 6...
by millenium7
Fri Feb 14, 2020 5:16 am
Forum: Wireless Networking
Topic: 60ghz products, some clarification?
Replies: 3
Views: 2138

60ghz products, some clarification?

Ok so we've had a bunch of 60ghz dishes deployed in the field for a while now and they seem to 'just work' which contradicts the information i'm reading on the wiki and is also vastly different to other 60ghz products on the market. I want to get some clarification on how they actually work, and to ...
by millenium7
Tue Feb 04, 2020 1:58 am
Forum: Forwarding Protocols
Topic: Selective filtering of BGP routes distributed into OSPF not working?
Replies: 2
Views: 1786

Re: Selective filtering of BGP routes distributed into OSPF not working?

Ah figured it out straight after posting this. I figured that the best place to do this is on the 'in' filter since in my head BGP routes are going 'in' to the OSPF instance and I don't even want them in the internal OSPF route database in the first place, but I guess thats not how it works? It seem...
by millenium7
Tue Feb 04, 2020 1:52 am
Forum: Forwarding Protocols
Topic: Selective filtering of BGP routes distributed into OSPF not working?
Replies: 2
Views: 1786

Selective filtering of BGP routes distributed into OSPF not working?

Why does this not work? /routing filter add action=accept chain=ospf-in comment="Allow specific routes" prefix=10.240.254.0/24 prefix-length=24-32 protocol=bgp /routing filter add action=discard chain=ospf-in comment="Drop all other BGP redistributed routes" protocol=bgp Yet as soon as I enable redi...
by millenium7
Sun Feb 02, 2020 1:56 am
Forum: General
Topic: Audiophile Level(Low Noise Floor, Silent) Mikrotik vs Ubiquiti Unifi Network Switch
Replies: 31
Views: 4835

Re: Audiophile Level(Low Noise Floor, Silent) Mikrotik vs Ubiquiti Unifi Network Switch

I'm sure those 500$ patch cords are worth it too. 1.5m of pure zeroes and ones trough those wires.... No, no, thats the thing. There's a big difference between and 1's and 0's. Those audiophile grade cables will tweak them just right so that you get -0.0023's and 1.0067's instead = higher dynamic r...
by millenium7
Fri Jan 31, 2020 7:28 am
Forum: General
Topic: Audiophile Level(Low Noise Floor, Silent) Mikrotik vs Ubiquiti Unifi Network Switch
Replies: 31
Views: 4835

Re: Audiophile Level(Low Noise Floor, Silent) Mikrotik vs Ubiquiti Unifi Network Switch

lmao @ the 'audiophile switch' It takes a special kind of ignorance and lack of willingness to understand how things actually work to buy into that crap @OP if you don't want to believe it, go and look into ethernet actually works, how packet flow and processing works etc and you'll realize it makes...
by millenium7
Thu Jan 30, 2020 11:15 pm
Forum: General
Topic: NetInstall changed config back to factory defaults?
Replies: 4
Views: 806

Re: NetInstall changed config back to factory defaults?

You misunderstand, there's been a different config applied that overrides the default configuration. So when holding the reset button it reverts NOT to the factory defaults, but to a config that somebody else applied

I don't want this, I want to restore it truly back to factory defaults
by millenium7
Thu Jan 30, 2020 4:28 am
Forum: General
Topic: NetInstall changed config back to factory defaults?
Replies: 4
Views: 806

NetInstall changed config back to factory defaults?

We have a bunch of wAP's in storage that were originally flashed with a different default config, hence using the reset method just applies the config I don't want. I want to restore them back to original factory defaults. Is this possible? Alternatively what is the factory default for a device in C...
by millenium7
Mon Jan 13, 2020 1:43 pm
Forum: RouterOS v7 BETA
Topic: New User Manager in RouterOS v7
Replies: 62
Views: 44159

Re: New User Manager in RouterOS v7

True but my workday does no consist of sitting around twiddling my thumbs wondering what I could do next :) I don't mind tinkering with things but time is limited and if its not viable yet i'm happy to just wait and move onto other things. After all V7 is not production ready just yet anyway, but ke...
by millenium7
Mon Jan 13, 2020 5:16 am
Forum: RouterOS v7 BETA
Topic: New User Manager in RouterOS v7
Replies: 62
Views: 44159

Re: New User Manager in RouterOS v7

Can this new user manager (or the old one) be used in a centralized way for multiple sites? We currently use HSNM because it gives us a web UI to setup new sites and generate new voucher codes for any site with an administrative overview. Plus change images etc for the hotspot page But we could very...
by millenium7
Thu Jan 09, 2020 8:41 am
Forum: General
Topic: Hotspot and HTTPS? What solutions?
Replies: 58
Views: 11001

Re: Hotspot and HTTPS? What solutions?

I don't think theres anything more MikroTik could do (maybe better handling of IPv6 with this? But we don't use IPv6 so it doesn't affect me right now) The industry should move to a better system in general, such as a new DHCP option number that includes a URL. So when a client connects and gets an ...
by millenium7
Thu Dec 19, 2019 6:09 am
Forum: General
Topic: SNMP OID for bad blocks?
Replies: 1
Views: 628

Re: SNMP OID for bad blocks?

Nope? There is none?

In that case what is the error message generated in the log file when a bad block is encountered? At least that way I can write a syslog alert when its detected. But I need to write a regex match statement and I don't know what the message is
by millenium7
Thu Dec 19, 2019 6:08 am
Forum: Beginner Basics
Topic: CRS1xx/2xx suuuuuuuuuuuuucks. Help with configuring VLANs?
Replies: 4
Views: 1600

Re: CRS1xx/2xx suuuuuuuuuuuuucks. Help with configuring VLANs?

I had it configured similarly in the first place and it wasn't working. Turns out you need to disable 'vlan filtering' on the bridge otherwise no traffic passes through when you set the switch VLAN rules, it just stops entirely. I figured it would still work just not have hardware offload until it w...
by millenium7
Thu Dec 12, 2019 6:21 am
Forum: Beginner Basics
Topic: CRS1xx/2xx suuuuuuuuuuuuucks. Help with configuring VLANs?
Replies: 4
Views: 1600

CRS1xx/2xx suuuuuuuuuuuuucks. Help with configuring VLANs?

Urgh I absolutely HATE the 'switch' menu its the worst piece of crap configuration i've ever seen. The most basic things like VLAN's go from being simple to overwhelmingly complicated. I'm glad this garbage was scrapped in favor of bridges, however CRS1xx/2xx still don't work properly with bridges! ...
by millenium7
Wed Dec 11, 2019 5:03 am
Forum: General
Topic: Suggestion: Completely virtual router based on two physical routers
Replies: 183
Views: 31871

Re: Suggestion: Completely virtual router based on two physical routers

Mikrotik continues to make it hard to keep this thing working. :( I'm somewhat surprised and also irritated that they havn't implemented this natively into RouterOS by now. If nothing else they should contact you and ask to work on native implementation (paid of course!) This script is one of the b...
by millenium7
Tue Dec 10, 2019 12:02 pm
Forum: General
Topic: /interface ethernet set [ find default-name=ether1 ] speed=100Mbps
Replies: 5
Views: 1578

Re: /interface ethernet set [ find default-name=ether1 ] speed=100Mbps

Is there an 'unset' command for the speed parameter then? I want to push to hundreds of routers but need a command that will work for them all, I don't mind scripting it either if its fairly straightforward, but don't want to push a bunch of 'set speed=' commands that result in half of them no longe...
by millenium7
Tue Dec 10, 2019 11:37 am
Forum: General
Topic: /interface ethernet set [ find default-name=ether1 ] speed=100Mbps
Replies: 5
Views: 1578

Re: /interface ethernet set [ find default-name=ether1 ] speed=100Mbps

In RouterOS any other configured speed value than 1Gbps (default) we be included in the export. But I 'DONT' manually set the speed in our network, yet ~50% of devices when running an export show this I suspect its due to something in a firmware update. Yet some of them DO still have the defaults (...
by millenium7
Tue Dec 10, 2019 4:25 am
Forum: General
Topic: SNMP OID for bad blocks?
Replies: 1
Views: 628

SNMP OID for bad blocks?

Can't seem to find an OID for the bad blocks percentage. I want to add this to our monitoring system to alert on any failing flash memory so we can replace the devices as soon as any are detected
by millenium7
Tue Dec 10, 2019 1:50 am
Forum: General
Topic: /interface ethernet set [ find default-name=ether1 ] speed=100Mbps
Replies: 5
Views: 1578

/interface ethernet set [ find default-name=ether1 ] speed=100Mbps

Why is this in so many router configs? Very rarely do I ever want to force the interface speed, yet this command appears very frequently for absolutely no reason First question is if auto-negotiation is ticked, does it do anything? (big problem if it does) Secondly why is it being set like that? It'...
by millenium7
Fri Dec 06, 2019 5:48 am
Forum: General
Topic: Any way to ignore FCS errors on a particular port?
Replies: 2
Views: 802

Any way to ignore FCS errors on a particular port?

This is a known issue with MikroTik and other vendors (Cambium and Ubiquiti in particular) with some devices. In my case specifically Cambium PTP radio's connected to a MikroTik router FCS errors are generated with very regular intervals,it's not an actual frame error and is not caused by bad cablin...
by millenium7
Thu Nov 14, 2019 11:55 am
Forum: General
Topic: Possible to export/print password?
Replies: 3
Views: 838

Re: Possible to export/print password?

Well here's hoping that password hashes get included in the /export in a future firmware
by millenium7
Thu Nov 14, 2019 2:34 am
Forum: RouterOS v7 BETA
Topic: Poll: who wants to have a better /export ?
Replies: 17
Views: 4886

Re: Poll: who wants to have a better /export ?

There's a few things I would like to see - Definitely add options to specify terminal width and not export with any color or other terminal options using the /export command. Right now this only works if adding options to the username when logging in i.e. instead of "admin" you have to use username ...
by millenium7
Thu Nov 14, 2019 2:03 am
Forum: General
Topic: Possible to export/print password?
Replies: 3
Views: 838

Re: Possible to export/print password?

Bump

Still need a way to audit for out of date passwords
by millenium7
Wed Nov 06, 2019 1:26 am
Forum: Beginner Basics
Topic: 2 public IPs from the same ISP
Replies: 3
Views: 807

Re: 2 public IPs from the same ISP

Policy based routing is really quite simple - Optionally add all internet services into an Interface List. I.e. I use 'InternetFacing' this way I don't need to duplicate all my firewall rules, i.e. instead of 'in-interface=ether1-ISP1' drop all rule. I just use 'in-interface-list=InternetFacing' wit...
by millenium7
Mon Nov 04, 2019 7:48 am
Forum: General
Topic: Chnage MTU PPPoE
Replies: 19
Views: 2394

Re: Chnage MTU PPPoE

I'm confused You can set the PPPoE MTU, but you don't type it in where it says "Actual MTU" you type 1492 into "Max MTU" and "Max MRU" The way MikroTik works with its PPPoE clients, if it can't successfully carry the requested size (or you don't enter one) it will drop back to 1480. Even if the line...
by millenium7
Mon Nov 04, 2019 7:34 am
Forum: General
Topic: Request: Take OSPF state changes out of 'debug' log category
Replies: 2
Views: 961

Request: Take OSPF state changes out of 'debug' log category

Part of our monitoring is to log and alert of OSPF state changes. At the moment only the transition 'to DOWN' is logged as a 'route, ospf, info' message but anything else i.e. "state changed from Loading to Full" is in the 'route, ospf, debug' logging category This means I can't generate messages sh...
by millenium7
Wed Oct 30, 2019 7:19 am
Forum: General
Topic: Possible to export/print password?
Replies: 3
Views: 838

Possible to export/print password?

I know the obvious answer is 'no' for security reasons but i'm not actually looking for the password itself to a user account. I'm actually looking for user accounts that match a known password The reason being is I have templates I use to setup distribution routers with a default known password so ...
by millenium7
Wed Oct 23, 2019 6:21 am
Forum: Forwarding Protocols
Topic: OSPF PtMP type removes network advertisements?
Replies: 8
Views: 3745

Re: OSPF PtMP type removes network advertisements?

I would recommend using individual VLAN interfaces to each router anyway for the reason you can then apply CoS priority based on DSCP high 3 bits. As many radios will not read DSCP tags. But applying CoS at every hop in the network ensures you have working QoS everywhere and the only way to do that ...
by millenium7
Mon Oct 14, 2019 8:47 am
Forum: General
Topic: Collisions and deferred on gigabit port? how?
Replies: 3
Views: 895

Re: Collisions and deferred on gigabit port? how?

the gigabit standard is full duplex. It may be possible to force it on a MikroTik but thats not the case therefore it should always 'fall back' to full duplex if the other side isn't explicitly asking to do half duplex. The opposite of what ethernet/fast ethernet is Either way, it's reporting full d...
by millenium7
Thu Oct 10, 2019 3:04 am
Forum: General
Topic: Collisions and deferred on gigabit port? how?
Replies: 3
Views: 895

Collisions and deferred on gigabit port? how?

Riddle me this name="ether1" tx-packet=57 236 390 tx-64=996 840 tx-65-127=7 610 302 tx-128-255=49 379 966 tx-256-511=273 234 tx-512-1023=493 835 tx-1024-1518=15 100 tx-broadcast=559 491 tx-pause=0 tx-multicast=973 397 tx-collision=180 tx-excessive-collision=0 tx-multiple-collision=28 tx-single-colli...
by millenium7
Fri Oct 04, 2019 10:59 am
Forum: General
Topic: Feature Request: SNMP-GET output to variable
Replies: 10
Views: 2458

Re: Feature Request: SNMP-GET output to variable

It's a bit of a chicken and egg scenario Because this feature doesn't work, it doesn't get used, people don't even think of it But if it was implemented, there's A LOT of potential power that can be leveraged with a simple MikroTik router I know i'd be writing monitoring templates then just chucking...
by millenium7
Tue Oct 01, 2019 1:19 am
Forum: General
Topic: Recommended hotel hotspot management software?
Replies: 5
Views: 1162

Re: Recommended hotel hotspot management software?

In all honesty I don't care if its MikroTik based or not. Infact having dedicated boxes we can easily spin up and install onsite to take care of that location i'm all in favor of as it moves that component completely off the main onsite router, easing troubleshooting and management But it must be so...
by millenium7
Mon Sep 30, 2019 9:00 am
Forum: General
Topic: Recommended hotel hotspot management software?
Replies: 5
Views: 1162

Recommended hotel hotspot management software?

We're currently using HSNM Hotspot Manager which is ok management wise and it ingrates nicely with MikroTik to serve HTML pages and handle logins locally, but there's just too many issues that seemingly cannot be fixed. Such as users having to continually log in (despite having the timeout periods s...
by millenium7
Wed Sep 18, 2019 2:10 am
Forum: General
Topic: Any way to filter out FCS errors on a specific interface?
Replies: 0
Views: 622

Any way to filter out FCS errors on a specific interface?

Doesn't have to be for the physical counters, but stop it appearing in the log files. This is a known issue between some cambium PTP products and MikroTik routers with neither one taking the blame. Every 30/60 seconds a FCS error happens, its extremely regular its not a physical line issue. It doesn...
by millenium7
Tue Sep 03, 2019 4:17 am
Forum: Wireless Networking
Topic: Hotspot woes, users having to keep signing in
Replies: 1
Views: 716

Hotspot woes, users having to keep signing in

We have 1 hotel in particular that continually complains about an issue that I can't seem to diagnose thus I can't fix it They keep saying that users are getting logged off and having to re sign in even in short periods of time I would like to know 'everywhere' that can influence hotspot users so I ...
by millenium7
Thu Aug 29, 2019 7:53 am
Forum: General
Topic: CAPSMAN - Control or disable ethernet interfaces?
Replies: 1
Views: 422

CAPSMAN - Control or disable ethernet interfaces?

We have some WSAP devices that have 2 accessible ethernet interfaces on the front. I want these ports to either be disabled, or bridged with the wireless interfaces so if any guests plug in to these ports they get access to the hotspot network and not the uplink interface that the WSAP is connected ...
by millenium7
Sun Aug 25, 2019 4:06 am
Forum: General
Topic: Hotspot and HTTPS? What solutions?
Replies: 58
Views: 11001

Re: Hotspot and HTTPS? What solutions?

Awesome response. Thank you for taking the time to clear it up Before I created this thread I had no knowledge of how the actual 'hotspot detection' works outside of a HTTP redirect when the user themselves opens a page and try and browse. But that's really a last ditch effort and in an ideal world ...
by millenium7
Wed Aug 21, 2019 7:31 am
Forum: Scripting
Topic: Triggered execution? Interface up/down etc
Replies: 5
Views: 2912

Re: Triggered execution? Interface up/down etc

Yep works perfectly, thanks
by millenium7
Tue Aug 20, 2019 1:57 pm
Forum: Scripting
Topic: Triggered execution? Interface up/down etc
Replies: 5
Views: 2912

Re: Triggered execution? Interface up/down etc

Ah maybe it does work then. I'll lab it up tomorrow and see how it goes

Nothing for ethernet though I presume?
by millenium7
Tue Aug 20, 2019 9:20 am
Forum: General
Topic: Hotspot and HTTPS? What solutions?
Replies: 58
Views: 11001

Re: Hotspot and HTTPS? What solutions?

Like said above, you should not be typing anything. Computers and phones have hotspot detection But as I keep saying, I want some actual information on this. Not just 'it should work' HOW does it work? I would like information on how all devices detect hotspot in the first place. Not just a brief o...
by millenium7
Tue Aug 20, 2019 9:12 am
Forum: Scripting
Topic: Triggered execution? Interface up/down etc
Replies: 5
Views: 2912

Triggered execution? Interface up/down etc

Is there a way to have scripts run on a triggered event rather than by scheduler? In particular i'm looking for a way to run a script when an interface goes up or down I can see this can be done on VRRP or PPPoE servers (via profile) but I actually need an event to run when the PPPoE Client interfac...
by millenium7
Tue Aug 20, 2019 6:53 am
Forum: General
Topic: Hotspot and HTTPS? What solutions?
Replies: 58
Views: 11001

Re: Hotspot and HTTPS? What solutions?

Here's a list of domains that devices check. I have no idea if this list is totally accurate and if its missing any (can't see a post date) but its a start https://success.tanaza.com/s/article/How-Automatic-Detection-of-Captive-Portal-works It's all well and good saying what should or shouldn't be d...
by millenium7
Sat Aug 17, 2019 10:21 am
Forum: General
Topic: Hotspot and HTTPS? What solutions?
Replies: 58
Views: 11001

Re: Hotspot and HTTPS? What solutions?

My main focus here is not in actually trying to redirect HTTPS, I really honestly don't give a flying stuff about that The real issue is simply when hotspot detection fails, the user gets no prompt or no notification in any way that they need to first 'sign in' and the normal behavior is they just o...
by millenium7
Fri Aug 16, 2019 4:25 pm
Forum: General
Topic: Is the FT4232HL serial chipset supported?
Replies: 4
Views: 1106

Re: Is the FT4232HL serial chipset supported?

Yeah its specific to that chip The freezing happens every time a channel is opened. And it can also be slow to be recognised and show up under system ports, sometimes up to 10+ minutes But it does work and is at least $1000 cheaper than a dedicated solution. Good enough for a worst case scenario Tha...
by millenium7
Fri Aug 16, 2019 11:14 am
Forum: General
Topic: Hotspot and HTTPS? What solutions?
Replies: 58
Views: 11001

Re: Hotspot and HTTPS? What solutions?

If the hotspot server is a mikrotik router, how do you accomplish this? Sorry, no idea, but doing this for long time already, on openwrt-based devices. Which are much better suited for hotspots with "advanced features", like this one. Any recommendations for a package we can put on a low cost or lo...
by millenium7
Fri Aug 16, 2019 11:08 am
Forum: General
Topic: Hotspot and HTTPS? What solutions?
Replies: 58
Views: 11001

Re: Hotspot and HTTPS? What solutions?

In part, HTTPS exists exactly to prevent such silent interception of web browsing. Doesn't change the fact that other hotspot devices have far, far better hotspot handling than MikroTik. It seems to 'just work' far more often. Whereas we constantly get the odd device that just doesn't play ball wit...
by millenium7
Fri Aug 16, 2019 9:11 am
Forum: General
Topic: Hotspot and HTTPS? What solutions?
Replies: 58
Views: 11001

Re: Hotspot and HTTPS? What solutions?

Make sure your hotspot is intercepting requests to hotspot-detection services that any modern OS has. This includes HTTP requests to URLs such as http://gstatic.com/generate_204 and intercepting all DNS requests eg for invalid / random hostnames like "xgjaiobman" If the hotspot server is a mikrotik...
by millenium7
Fri Aug 16, 2019 8:22 am
Forum: General
Topic: Mikrotik: Change the default Powerbox config!
Replies: 16
Views: 2930

Re: Mikrotik: Change the default Powerbox config!

Mikrotik devices are not always used as expected by many customers. So they try to make the safest configuration possible for customers. I have seen devices just plugged in and not configured, with blank admin password. Last power box i saw like that was at a hotel to power their access points. The...
by millenium7
Fri Aug 16, 2019 7:38 am
Forum: General
Topic: Feature Request: SNMP-GET output to variable
Replies: 10
Views: 2458

Re: Feature Request: SNMP-GET output to variable

Bump I hope a MikroTik rep sees this and puts it on the drawing board. Would help a lot with the ability to read data off other devices Our primary use case is pre-emptive route failover but I can think of a lot of other use cases i.e. emailing to alert of high temperature of devices that don't supp...
by millenium7
Fri Aug 16, 2019 6:57 am
Forum: General
Topic: Is the FT4232HL serial chipset supported?
Replies: 4
Views: 1106

Re: Is the FT4232HL serial chipset supported?

Thought i'd post an update to this. The answer is yes its supported (StarTech USB to 4 port RS232 adapter incase link dies) nothing more required other than just plugging it in Serial sessions can be opened via the 'system serial-terminal port=usb1 channel=' command, channel being 0-3 for ports 1-4 ...
by millenium7
Thu Aug 15, 2019 9:03 am
Forum: General
Topic: 'ip ssh forwarding' any instance where it'll enable itself?
Replies: 1
Views: 604

'ip ssh forwarding' any instance where it'll enable itself?

Are there any instances where /ip ssh set forwarding-enabled=remote would be set automatically? I.e. firmware update etc
I'm seeing this has been turned on for some routers. I'm thinking they may be compromised and this is being used as an attack mechanism
by millenium7
Mon Jul 29, 2019 1:28 am
Forum: Forwarding Protocols
Topic: WISP OSPF Multi Area optimum configuration
Replies: 10
Views: 3545

Re: WISP OSPF Multi Area optimum configuration

MTU is end to end. If the customers session is 1480 they can never send or receive anything larger without fragmentation anyway. There's no reason you can't use 1500 byte PPPoE sessions though, as long as the equipment to the customer supports large enough L2MTU. You set your PPPoE server to Max-MTU...
by millenium7
Sun Jul 28, 2019 11:27 am
Forum: Forwarding Protocols
Topic: WISP OSPF Multi Area optimum configuration
Replies: 10
Views: 3545

Re: WISP OSPF Multi Area optimum configuration

Late response and I'm on a phone so I won't quote specific sections of text but.... PPPoE is staying in place in our network. Because Mikrotik doesnt support /32 DHCP address assignment for customers properly. Or rather the actual assignment of the address works ok but the router doesn't add a route...
by millenium7
Thu Jul 25, 2019 12:46 pm
Forum: Forwarding Protocols
Topic: IS-IS
Replies: 46
Views: 17772

Re: IS-IS

OSPF suuuuucks for wireless networks, company acquisitions and companies with rapid expansion. It's ok for university campuses or businesses that generally don't change much with a fairly fixed topology, but not for service providers or many modern companies that expand in unpredictable ways Having ...
by millenium7
Fri Jul 19, 2019 7:51 am
Forum: Wireless Networking
Topic: MikroTik AP and Mimosa SM's. No WDS? Workaround?
Replies: 2
Views: 818

MikroTik AP and Mimosa SM's. No WDS? Workaround?

Is there a workaround I can implement for this? We have a network segment that is Mimosa with an A5 access point and C5 radio's. Behind all the C5 radio's are switches and then customers who use PPPoE The Mimosa's have been a constant pain in the ass and the biggest one is they don't even allow half...
by millenium7
Fri Jul 12, 2019 4:24 pm
Forum: General
Topic: CRS3xx hardware offload with split-horizon? or similar setup?
Replies: 6
Views: 1004

Re: CRS3xx hardware offload with split-horizon? or similar setup?

Must be a bug then. Switch is a CRS317 running 6.44.3 so its a recent firmware. Definitely does not show up in a normal /export
It doesn't even show if I do a '/interface ethernet switch export'
I have to specifically do '/interface ethernet switch port export'
by millenium7
Fri Jul 12, 2019 2:43 pm
Forum: General
Topic: CRS3xx hardware offload with split-horizon? or similar setup?
Replies: 6
Views: 1004

Re: CRS3xx hardware offload with split-horizon? or similar setup?

Yeah I managed to set it, wasn't messy

Thing I really don't like though is switch commands don't show up in a /export
by millenium7
Thu Jul 11, 2019 9:54 am
Forum: General
Topic: CRS3xx hardware offload with split-horizon? or similar setup?
Replies: 6
Views: 1004

CRS3xx hardware offload with split-horizon? or similar setup?

Setting a horizon value on a bridge port disables hardware offload on that port, so this isn't an option But I have a setup that requires ports to be isolated from each other to prevent any accidental loop and reduce unnecessary broadcast traffic How else can it be achieved without lots of messy fil...
by millenium7
Thu Jul 04, 2019 9:26 am
Forum: Forwarding Protocols
Topic: WISP OSPF Multi Area optimum configuration
Replies: 10
Views: 3545

Re: WISP OSPF Multi Area optimum configuration

As present I don't have any PTP failover links ! So not sure if should still use BFD! Unfortunately MikroTik just isn't as stable as Cisco/Juniper etc. In an ideal world BFD would just work flawlessly all the time and then its an an easy answer of enable it everywhere in the network Sometimes its n...
by millenium7
Thu Jul 04, 2019 4:29 am
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 26
Views: 4771

Re: QoS prioritization only, without shaping?

Have started getting setup for this but its quite a long process adding VLAN tags to all router links - especially when there's a switch like a Netonix in between as their default policy is drop all unknown VLAN's, takes a fair bit more time per link to change But this is also a good opportunity to ...
by millenium7
Wed Jul 03, 2019 7:00 am
Forum: Forwarding Protocols
Topic: WISP OSPF Multi Area optimum configuration
Replies: 10
Views: 3545

Re: WISP OSPF Multi Area optimum configuration

So you're carrying the VLAN all the way through the network? Been there, seen that, it's really really bad and not scalable. I would make getting extended bridges out of your network a top priority, as it becomes much harder to remove the bigger you get. VLAN's shouldn't go any further than the dire...
by millenium7
Tue Jul 02, 2019 3:06 am
Forum: Scripting
Topic: Script to disable Wlan when no user are logged on
Replies: 8
Views: 2270

Re: Script to disable Wlan when no user are logged on

Hello, I am well on my way to make our MikroTiks environmentally friendly. I have reduced their power output, assigned the mode button to switch wlan on or off, and now I would like the router to disable wlan when all users have disconnected from wlan. Have you done the calculations to determine ho...
by millenium7
Tue Jul 02, 2019 2:38 am
Forum: Forwarding Protocols
Topic: ❗️❓ UNSTABLE VPLS on Wireless networks
Replies: 13
Views: 3559

Re: ❗️❓ UNSTABLE VPLS on Wireless networks

Just regarding NBMA OSPF type. I would advise against it. I've had issues with NBMA being unreliable for no apparent reason I've found the best option on MikroTik if you have a point-to-multipoint setup is to instead create separate VLAN interfaces (1 for each neighboring router) and then use the po...
by millenium7
Tue Jul 02, 2019 2:31 am
Forum: Forwarding Protocols
Topic: OSPF Loopback + MPLS Loopback
Replies: 7
Views: 3131

Re: OSPF Loopback + MPLS Loopback

Just curious asking why on our network that a previous techie would create both OSPF and MPLS loopbacks on routers each with there own ip range ?
Cause he was a massive goose?
by millenium7
Tue Jul 02, 2019 2:28 am
Forum: Forwarding Protocols
Topic: WISP OSPF Multi Area optimum configuration
Replies: 10
Views: 3545

Re: WISP OSPF Multi Area optimum configuration

Need more info on the topology For instance are PPPoE sessions terminated closest to the customer, or are they all terminated at a central PPPoE concentrator? If the latter are you using VPLS tunnels (or something else like EoIP?) Do you have BGP running internally in the network? These answers chan...
by millenium7
Tue Jun 25, 2019 2:05 am
Forum: General
Topic: Make OSPF 'adjacency' display by default in neighbors
Replies: 0
Views: 647

Make OSPF 'adjacency' display by default in neighbors

I don't know why this wouldn't have been the default since like ROS v1.0 Can you change it so that by default in the neighbors tab of OSPF it shows the adjacency time column? That's right in your face on any other routing platform when doing a "show ip neighbor" and is a really useful bit of informa...
by millenium7
Mon Jun 24, 2019 8:16 am
Forum: RouterBOARD hardware
Topic: CCR1036-8G-2S+ - SFP+ port stops transmitting data?
Replies: 18
Views: 5545

Re: CCR1036-8G-2S+ - SFP+ port stops transmitting data?

I setup a lab using 1 of the existing routers, leaving config exactly the same. Used other devices to simulate switches and other routers Setup BGP+OSPF+MPLS routers as good as I can but obviously not as big as the actual network. Added 200 PPPoE sessions with traffic generator across several router...
by millenium7
Thu Jun 20, 2019 4:49 am
Forum: Forwarding Protocols
Topic: OSPF 60GHz and 5GHz with two hex
Replies: 5
Views: 2659

Re: OSPF 60GHz and 5GHz

The way I do this in our network is first make sure you aren't bridging the 60ghz and 5ghz together. You want to use routing Set IP addresses on 60ghz and 5ghz links in different subnets i.e. 10.0.0.0/29 for 60ghz and 10.0.1.0/29 for 5ghz Set up OSPF for both networks. Use type point-to-point (most ...
by millenium7
Thu Jun 20, 2019 4:16 am
Forum: General
Topic: Feature Request: container host (e. g. Docker host) instead of MetaROUTER
Replies: 3
Views: 3102

Re: Feature Request: container host (e. g. Docker host) instead of MetaROUTER

This would be great if we could spin up small servers running on the RouterBoard hardware i.e. network monitoring collectors

However the downside is massive potential for security holes at the hardware and kernel level so thats why I think they would never implement it
by millenium7
Tue Jun 18, 2019 12:48 pm
Forum: The Dude
Topic: The Dude IS Dead, really, isn't it?
Replies: 41
Views: 14030

Re: The Dude IS Dead, really, isn't it?

NetXMS is IMO the very best 'free' platform out there, by quite a long margin. But its the best 'theoretically' That's the problem with it. It's not the best out of the box, it actually is really difficult to get it to do some pretty basic things like 'just start monitoring bandwidth on all interfac...
by millenium7
Tue Jun 18, 2019 12:34 pm
Forum: RouterBOARD hardware
Topic: CCR1036-8G-2S+ - SFP+ port stops transmitting data?
Replies: 18
Views: 5545

Re: CCR1036-8G-2S+ - SFP+ port stops transmitting data?

We have this problem, but for us it happens every 30-90 days or so. It last happened 57 days ago. We have a ping watchdog to reboot the router when this happens. Disabling and re-enabling the interface might fix it too. Same CCR1036-8G-2S+, first generation. We have two CCR's connected to each othe...
by millenium7
Tue Jun 18, 2019 11:51 am
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 26
Views: 4771

Re: QoS prioritization only, without shaping?

We only do this queue tree setup on links from 3rd party connectivity vendors where they guarantee us a certain bandwidth amount where we are at risk of actually maxing out that amount. It doesn't make sense to set up these queue trees and packet marks if the router is only connected to radio links...
by millenium7
Tue Jun 18, 2019 6:04 am
Forum: General
Topic: Suggestion: Completely virtual router based on two physical routers
Replies: 183
Views: 31871

Re: Suggestion: Completely virtual router based on two physical routers

Just with the default 'disk' action which creates file beginning with 'log.' then the sequence number, then ends in txt i.e. log.0.txt and log.1.txt by default The reason for logging to disk is incase connectivity is lost i.e. interfaces locking up, at least logs would be stored if theres no other w...
by millenium7
Mon Jun 17, 2019 4:06 pm
Forum: General
Topic: CCR SFP interface locking up if OSPF/MPLS enabled
Replies: 0
Views: 519

CCR SFP interface locking up if OSPF/MPLS enabled

Further details are here https://forum.mikrotik.com/viewtopic.php?f=3&t=149273&p=735586#p735586 But the short version is we have plenty of MikroTik routers out there all working fine with OSPF, MPLS and BGP just fine. But the ones in our data center have their SFP+ interfaces partially lock up after...
by millenium7
Mon Jun 17, 2019 3:53 pm
Forum: RouterBOARD hardware
Topic: CCR1036-8G-2S+ - SFP+ port stops transmitting data?
Replies: 18
Views: 5545

Re: CCR1036-8G-2S+ - SFP+ port stops transmitting data?

replaced with brand new CCR1016's and the same problem happens! This is caused by either OSPF or MPLS in combination with what's already running (eBGP, iBGP, PPPoE, IPSec). When OSPF+MPLS are disabled it's fine. But when enabling them the network is perfectly stable and looks totally fine for a few ...
by millenium7
Mon Jun 17, 2019 10:08 am
Forum: General
Topic: Suggestion: Completely virtual router based on two physical routers
Replies: 183
Views: 31871

Re: Suggestion: Completely virtual router based on two physical routers

I noticed the copying of files to be a problem. Is it possible for you to change that in your script to exclude anything beginning with 'log.' ? Reason is I was logging to disk any errors to try and help troubleshoot the issues we were having when we couldn't catch it in time, but when the router re...
by millenium7
Mon Jun 17, 2019 9:57 am
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 26
Views: 4771

Re: QoS prioritization only, without shaping?

Ok i'm liking this QoS implementaiton, its quite simple to implement and elegant. However couple more questions I've been labbing this just with a couple of routers connected via 100mbit ethernet to first get the queueing correct then i'll test with radio's in between Baseline was just to have no Qo...
by millenium7
Mon Jun 17, 2019 5:55 am
Forum: General
Topic: Suggestion: Completely virtual router based on two physical routers
Replies: 183
Views: 31871

Re: Suggestion: Completely virtual router based on two physical routers

Ok. As I said I don't think its the script because I can't think of any way to even make an interface do that, even if intentionally trying Good to know the reboots are a normal thing. It was happening more than once a day but knowing that its also caused by 'system history print' answers why becaus...
by millenium7
Mon Jun 17, 2019 5:54 am
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 26
Views: 4771

Re: QoS prioritization only, without shaping?

Ok but I have heard its best practice to use QoS tags at Layer3 as opposed to Layer2 so why not use DSCP tags instead of CoS?

And does a MikroTik router actually do anything with DSCP tagged packets by default or does it need to configured with mangle or queue's to apply prioritization to traffic?
by millenium7
Mon Jun 17, 2019 5:16 am
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 26
Views: 4771

Re: QoS prioritization only, without shaping?

The router-router links don't use VLAN's though They just speak to each other on the ethernet link i.e. ether5 on RouterA connects to PTP670 link connects to ether7 on RouterB So using the set priority mangle rule wouldn't do anything? Or would it still tag packets with native VLAN id so that priori...
by millenium7
Mon Jun 17, 2019 3:21 am
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 26
Views: 4771

Re: QoS prioritization only, without shaping?

Ok so i'm a bit confused as to which method to use here. So lets step it back and i'll give a couple of different scenario's that may need different methods Background: We primarily use Cambium radio's but do use some Ubiquiti and a few Mikrotik I'm going to talk about our backbone infrastructure an...
by millenium7
Thu Jun 13, 2019 1:33 pm
Forum: RouterBOARD hardware
Topic: CCR1036-8G-2S+ - SFP+ port stops transmitting data?
Replies: 18
Views: 5545

Re: CCR1036-8G-2S+ - SFP+ port stops transmitting data?

Nope, new hardware revision and 6.44.3 still same problem So it's very likely some bug with the hardware or underlying OS that produces no logs and no information to us. As I can't possibly see how you can stop a SFP port from transmitting data no matter what you tried to do via scripting or configu...
by millenium7
Thu Jun 13, 2019 10:22 am
Forum: General
Topic: Suggestion: Completely virtual router based on two physical routers
Replies: 183
Views: 31871

Re: Suggestion: Completely virtual router based on two physical routers

Do you run this on any routers other than 1009's? I also want to ask if its normal behavior for the standby to regularly reboot? I don't know the exact interval but maybe once every 2 hours? We were running the older version on 6.42.3 and aside from the standby rebooting it did seem to work fine for...
by millenium7
Thu Jun 13, 2019 9:54 am
Forum: RouterBOARD hardware
Topic: CCR1036-8G-2S+ - SFP+ port stops transmitting data?
Replies: 18
Views: 5545

Re: CCR1036-8G-2S+ - SFP+ port stops transmitting data?

Cycling interface isn't a solution and for us would still result in an extended outage as this router handles PPPoE connections Have replaced 1x router with the new CCR1036 revision that has dual power supplies and updated both to 6.44.3 including firmware Will report back if it continues to lock up...
by millenium7
Wed Jun 12, 2019 12:02 pm
Forum: RouterBOARD hardware
Topic: CCR1036-8G-2S+ - SFP+ port stops transmitting data?
Replies: 18
Views: 5545

CCR1036-8G-2S+ - SFP+ port stops transmitting data?

This has just happened out of the blue. All data is transmitted to/from one of these routers via the SFPPlus1 port (connected with a Direct Attach Cable to a Mikrotik CRS328) I went to site and logged into the router via ethernet/laptop before touching anything and found the port just entirely stopp...
by millenium7
Wed Jun 12, 2019 7:42 am
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 26
Views: 4771

Re: QoS prioritization only, without shaping?

So for all our routers just add a rule at the top of mangle with passthrough ticked
'set priority'
new priority: from dscp

And that's all thats needed? (Assuming DSCP is already set, otherwise add more mangle rules to set DSCP bits)

No queue's added?
by millenium7
Wed Jun 12, 2019 6:57 am
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 26
Views: 4771

QoS prioritization only, without shaping?

How is QoS configured on MikroTik for just packet prioritization and no shaping? i.e. just making sure high priority packets that are received immediately get pushed to the front of the queue and transmitted as soon as possible, retransmissions for those packets take priority etc. Not any form of sh...
by millenium7
Thu May 30, 2019 10:52 am
Forum: Scripting
Topic: Script for DHCP leases without terminal width issue
Replies: 0
Views: 761

Script for DHCP leases without terminal width issue

I've written a small script that solves the problem of values being cut off in the output, as MikroTik sometimes infers an 80 character column width Note to MikroTik devs: Please add a console command to manually set terminal width like almost every network vendor has. I know you can set it via the ...
by millenium7
Wed May 22, 2019 6:35 am
Forum: General
Topic: SNMPv3 Encryption doesn't work?
Replies: 0
Views: 495

SNMPv3 Encryption doesn't work?

Trying to setup SNMPv3 on a few routers that are polled across the internet If I set 'security' type to Authorized (no encryption) it works fine. But 'Private' doesn't work when I turn on logging on the MikroTik I see Packet(v3)from: [Source IP] v3 user: [Username] bad v3 packet security level: 1 v3...
by millenium7
Mon May 20, 2019 3:31 pm
Forum: General
Topic: Mikrotik as XModem transmitter?
Replies: 3
Views: 810

Re: Mikrotik as XModem transmitter?

Perfect, thanks

Next question though is can I actually upload firmware via serial? because a bit of reading seems to suggest its only for boot loader not RouterOS
by millenium7
Mon May 20, 2019 7:22 am
Forum: General
Topic: Mikrotik as XModem transmitter?
Replies: 3
Views: 810

Mikrotik as XModem transmitter?

I've build an out of band management solution with a 4 port RS232 hub and a mikrotik mAP. It works perfectly fine connecting to other Mikrotik devices using /system serial-terminal usb1 channel=0/1/2/3 Even allows simultaneous sessions to multiple ports. This is all great stuff However I can't see a...
by millenium7
Fri Apr 26, 2019 8:03 am
Forum: Forwarding Protocols
Topic: Your experience with larger/diverse Area0 OSPF networks?
Replies: 19
Views: 3856

Re: Your experience with larger/diverse Area0 OSPF networks?

; I you have that scenario I'll prefer BGP to the customer instead of OSPF;
Regarding BGP, it's not an option in the Mikrotik world if you want MPLS based services to the customer (we almost exclusively use PPPoE and carry it over VPLS tunnels) as Mikrotik doesn't support BGP LU
by millenium7
Fri Apr 26, 2019 1:44 am
Forum: Forwarding Protocols
Topic: Your experience with larger/diverse Area0 OSPF networks?
Replies: 19
Views: 3856

Re: Your experience with larger/diverse Area0 OSPF networks?

EIGRP was Cisco proprietary for a long time, it no longer is. There are a couple other vendors that use it Many extensions to EIGRP are still Cisco proprietary but the core functionality and the bits that matter are there for anyone to implement There is no technical reason why EIGRP couldn't be a w...
by millenium7
Thu Apr 25, 2019 7:13 am
Forum: Forwarding Protocols
Topic: Your experience with larger/diverse Area0 OSPF networks?
Replies: 19
Views: 3856

Re: Your experience with larger/diverse Area0 OSPF networks?

millenium7, if your WISP grows enough you'll see that an OSPF structured design combined with BGP is a great advantage, I've seen so many networks that grows in many directions became really unstable You can't always structure it the way OSPF wants you to due to its inherently restrictive enterpris...
by millenium7
Thu Apr 25, 2019 4:39 am
Forum: Forwarding Protocols
Topic: Your experience with larger/diverse Area0 OSPF networks?
Replies: 19
Views: 3856

Re: Your experience with larger/diverse Area0 OSPF networks?

At only 7 sites in and 250 routes, we are already looking for a new solution before we grow out of control. The concept of Area0, no area-to-area communication (must go through area0) and all area's must connect to 0, no ability to summarize except at ABR's is just awful for WISP design where the n...
by millenium7
Tue Apr 23, 2019 8:22 am
Forum: Forwarding Protocols
Topic: Your experience with larger/diverse Area0 OSPF networks?
Replies: 19
Views: 3856

Re: Your experience with larger/diverse Area0 OSPF networks?

1. 276 routers and 2385 active routes 2. 202 routers and 1338 active routes 3. 142 routers and 846 active routes The current networks are stable, even when one or two routers are flapping (due for example to a marginal radio link). On the other hand, our current success may or may not be helped by ...
by millenium7
Tue Apr 23, 2019 3:15 am
Forum: General
Topic: HotSpot IP POOL - running out of addresses
Replies: 6
Views: 6482

Re: HotSpot IP POOL - running out of addresses

I know this is an old post but it comes up in a google search so I feel I should post the solution here Had the same problem, DHCP leases were expiring just fine but they were stuck in the IP Pool / Used Addresses section Fix is simple. Go to IP Hotspot Servers and specify an idle timeout period, mi...
by millenium7
Tue Apr 23, 2019 1:27 am
Forum: Forwarding Protocols
Topic: Your experience with larger/diverse Area0 OSPF networks?
Replies: 19
Views: 3856

Re: Your experience with larger/diverse Area0 OSPF networks?

Besides that, those Mikrotik works great, the convergence by default in OSPF (hello/dead timers at 10secs & 40secs) is practically imperceptible for my customers; the ECMP load-balancing works great too, it's my best solution to deploy a 20gig ring between two cities in the country, or even to aggr...
by millenium7
Sat Apr 20, 2019 2:44 am
Forum: Forwarding Protocols
Topic: VLAN - best practice?
Replies: 9
Views: 3667

Re: VLAN - best practice?

Interesting functionality what is the use case for that scenario vice simply using one vlan for both subnets?? Obviously there seems to be a reason to have two VLANS vice one and normally if there is some degree of sharing (common printer etc) then firewall can be made so that the connectivity need...
by millenium7
Tue Apr 16, 2019 7:56 am
Forum: General
Topic: LTE failover just doesn't work properly
Replies: 2
Views: 698

LTE failover just doesn't work properly

We've had a growing number of complaints about backup 4g/LTE services just not working and it's been a constant source of frustration for both parties, as whenever I tested is in the lab and heck even on site it would work just fine Our primary internet service is delivered via PPPoE so if there's a...
by millenium7
Tue Apr 16, 2019 7:04 am
Forum: Forwarding Protocols
Topic: IS-IS
Replies: 46
Views: 17772

Re: IS-IS

+1 for IS-IS
+1000 for EIGRP which is not Cisco proprietary and hasn't been for years
by millenium7
Tue Apr 16, 2019 5:11 am
Forum: Forwarding Protocols
Topic: Your experience with larger/diverse Area0 OSPF networks?
Replies: 19
Views: 3856

Your experience with larger/diverse Area0 OSPF networks?

Thought i'd throw this out there to get a case study of OSPF backbone networks that have continually grown and not segregated into multiple area's or multiple instances I'd primarily like to hear from people who have routers that include wireless links, slow/unreliable links, long daisy chained segm...
by millenium7
Tue Apr 16, 2019 4:33 am
Forum: Forwarding Protocols
Topic: VLAN - best practice?
Replies: 9
Views: 3667

Re: VLAN - best practice?

Due to the nature of bridges, I always put the vlans on the physical interfaces then create a bridge for each vlan, I don't rely on the bridges switch logic for vlan filtering (and I believe it is disabled by default anyways). That method is only for the CCR platforms though which is why I asked. T...
by millenium7
Tue Apr 16, 2019 4:29 am
Forum: Forwarding Protocols
Topic: OSPF PtMP type removes network advertisements?
Replies: 8
Views: 3745

Re: OSPF PtMP type removes network advertisements?

I don't remember where this was in our topology so I can't go and find what I did to fix it But I do know that I don't ever use the PTMP network type anymore, and I exclusively use point-to-point so i'm guessing this is what I did with that link as well All multi-point links now use individual VLAN'...
by millenium7
Mon Apr 15, 2019 8:38 am
Forum: General
Topic: Is the FT4232HL serial chipset supported?
Replies: 4
Views: 1106

Is the FT4232HL serial chipset supported?

Want to build an out of band serial management solution and so far the RBM33G + This https://www.mwave.com.au/product/startech-usb-to-4port-straightthrough-rs232-serial-adapter-ab67056 is the cleanest/simplest solution I can find. I know all the cheap FT232 chipset devices work fine but not sure abo...
by millenium7
Fri Apr 05, 2019 8:38 am
Forum: General
Topic: Stop logging FCS errors on specific port?
Replies: 0
Views: 502

Stop logging FCS errors on specific port?

There is a known problem/bug/feature with MikroTik CCR and Cambium PMP radio's that shows FCS errors on a port every 30/60 seconds I havn't found any confirmed way to resolve this, other than some ridiculous remedies like run the link at 10mbit (yeah, no....) This isn't an actual problem and hasn't ...
by millenium7
Fri Apr 05, 2019 8:24 am
Forum: Forwarding Protocols
Topic: VPLS with static labels but no OSPF+LDP doesn't work?
Replies: 0
Views: 1712

VPLS with static labels but no OSPF+LDP doesn't work?

I'm trying to get around the limitation of LDP not using BGP routes and therefore VPLS cannot work over those links. I've setup a scenario in a lab LabA->LabB using BGP. OSPF/LDP setup but disabled for rapid testing LabB connected to LabC other routers behind it using OSPF with LDP LabB and all othe...
by millenium7
Sun Mar 31, 2019 12:10 am
Forum: General
Topic: Mikrotik: Change the default Powerbox config!
Replies: 16
Views: 2930

Re: Mikrotik: Change the default Powerbox config!

It's not a stupid design, just lack of testing everything on your side before leaving the place. And yet you can't provide an example of why its a good design... Maybe you're right, maybe it is lack of testing. We should have tested totally unexpected scenario's like oh I dunno the device factory r...
by millenium7
Fri Mar 29, 2019 1:38 pm
Forum: General
Topic: Suggestion: Completely virtual router based on two physical routers
Replies: 183
Views: 31871

Re: Suggestion: Completely virtual router based on two physical routers

Havn't updated yet. In the meantime we're waiting for our old device to get back from an RMA request, new one not going in yet and probably won't as i'm unsure of any config differences. I know for instance the new one has 2x SFP+ instead of 1x SFP+ and 1x SFP so that could cause an issue. But do st...
by millenium7
Fri Mar 29, 2019 12:37 pm
Forum: General
Topic: Mikrotik: Change the default Powerbox config!
Replies: 16
Views: 2930

Re: Mikrotik: Change the default Powerbox config!

As do we, and in all transparency we havn't had a big issue with powerboxes that we've been installing for a year. However I say 'big' issue. The one i'm talking about where it just reset itself was infact a big issue that would have been a small issue had I been able to get access to it. That's the...
by millenium7
Fri Mar 29, 2019 12:13 am
Forum: General
Topic: Suggestion: Completely virtual router based on two physical routers
Replies: 183
Views: 31871

Re: Suggestion: Completely virtual router based on two physical routers

It does yes. Can I suggest changing the wording though?, 'FOR A' implies the mac you are giving it
Maybe 'NEW MAC OF A' is clearer?
by millenium7
Fri Mar 29, 2019 12:06 am
Forum: General
Topic: Feature Request: SNMP-GET output to variable
Replies: 10
Views: 2458

Re: Feature Request: SNMP-GET output to variable

Thanks. That will help and i'll give it a try later (mods can we get that put into the Wiki page for Tools/SNMP and scripts?) I don't like doing it by that method though because as you say it relies on delay. It's also causing writes on the flash memory For my purpose I need it to run very often, ev...
by millenium7
Thu Mar 28, 2019 11:57 pm
Forum: General
Topic: Suggestion: Completely virtual router based on two physical routers
Replies: 183
Views: 31871

Re: Suggestion: Completely virtual router based on two physical routers

One thing that's not so clear in your rebuild instructions [NEW MAC FOR A] Because you say 'FOR' A. Do you mean the new MAC you are going to give out, or put in the existing MAC that A has? I.e. OldA (dead) - Ether1: 11:11:11:11:11:11 - .... - Ether8: 11:11:11:11:11:18 OldB - Ether1: 22:22:22:22:22:...
by millenium7
Thu Mar 28, 2019 11:51 pm
Forum: General
Topic: Suggestion: Completely virtual router based on two physical routers
Replies: 183
Views: 31871

Re: Suggestion: Completely virtual router based on two physical routers

@millenium7 You mentioned a new hardware release of the CCR model you had. I don't have any of this updated gear, is it done as the same exact model # (/system routerboard print)? CCR1036-8G-2S+ on both but the new one has a normal USB port, 2x AC input and RJ45 console port Unsure of any other cha...
by millenium7
Thu Mar 28, 2019 11:47 pm
Forum: General
Topic: Mikrotik: Change the default Powerbox config!
Replies: 16
Views: 2930

Re: Mikrotik: Change the default Powerbox config!

Power box is the same RB750P, so they share the same configuration. Since there were not a lot of complains, this configuration is being kept. Why do you have to get lots of complaints? It's about use case It makes perfect sense if we are talking about a device like hAP AC. This is a CPE device, co...
by millenium7
Thu Mar 28, 2019 3:13 pm
Forum: General
Topic: Mikrotik: Change the default Powerbox config!
Replies: 16
Views: 2930

Re: Mikrotik: Change the default Powerbox config!

Netinstalling a new default config is a lot more work for something that should be set from factory. Installers should be able to just put the device in without having the mess around with netinstall Tell me a viable case for blocking off ether1 on a powerbox by default? Otherwise why not just chang...
by millenium7
Thu Mar 28, 2019 11:50 am
Forum: General
Topic: Mikrotik: Change the default Powerbox config!
Replies: 16
Views: 2930

Re: Mikrotik: Change the default Powerbox config!

@millenium7 : If I understand it correctly, your employee stuff up, make excuses and because of that, you want Mikrotik to adjust setting for whole world? That just does not add up :D No to the first part, yes to the second. Today the powerbox just randomly reset itself, nobody did it. Maybe power ...
by millenium7
Thu Mar 28, 2019 12:39 am
Forum: General
Topic: Mikrotik: Change the default Powerbox config!
Replies: 16
Views: 2930

Re: Mikrotik: Change the default Powerbox config!

Still a bad idea. We want the powerbox to have internet connectivity, it's part of the management network and that's used for firmware updates, sending email notifications etc The powerbox should always have been treated as a switch, not a router I like that it is a RB product and not SwOS but it sh...
by millenium7
Thu Mar 28, 2019 12:24 am
Forum: General
Topic: Mikrotik: Change the default Powerbox config!
Replies: 16
Views: 2930

Mikrotik: Change the default Powerbox config!

Change the powerbox config to not be like a customer router. Having ether1 treated as a 'WAN' interface, firewalled off and blocked from mac telnet is monumentally stupid. That's where the device gets power by PoE, 99% of the time when its powered by PoE it's going to be connected upstream and thus ...
by millenium7
Wed Mar 27, 2019 2:38 pm
Forum: Beginner Basics
Topic: How do you turn on hEX's DMZ?
Replies: 16
Views: 5033

Re: How do you turn on hEX's DMZ?

That is not DMZ. That is just forwarding. DMZ by definition should be separated from LAN. So you also need another internal subnet, probably on specific port or vlan, add forwarding rules, etc etc... NAT is just part of the whole puzzle. That's why nobody gave a straightforward answer - it is incom...
by millenium7
Wed Mar 27, 2019 11:12 am
Forum: Beginner Basics
Topic: How do you turn on hEX's DMZ?
Replies: 16
Views: 5033

Re: How do you turn on hEX's DMZ?

I don't know why nobody's given you a simple straightforward answer because the answer is simple and straightforward /ip firewall nat add chain=dstnat dst-address=1.2.3.4 in-interface=ether1 action=dst-nat to-addresses=192.168.1.5 Where 1.2.3.4 = your public IP ether1 = whatever is the internet faci...
by millenium7
Wed Mar 27, 2019 9:47 am
Forum: Scripting
Topic: RouterOS SNMP Get
Replies: 10
Views: 5020

Re: RouterOS SNMP Get

Well yes obviously if it was local to the device, however the point of SNMP is to retrieve data from 'other' devices i.e. RouterA->RadioA->RadioB->RouterB Neither router has any visiblity of the link, they only see the physical ethernet port status, RadioA->RadioB can be down entirely, still shows u...
by millenium7
Wed Mar 27, 2019 8:17 am
Forum: General
Topic: Feature Request: SNMP-GET output to variable
Replies: 10
Views: 2458

Feature Request: SNMP-GET output to variable

Currently /tool snmp-get does not allow you to store the output to variables i.e. :global test [/tool snmp-get 127.0.0.1 oid=.1.3.6.1.4.1.14988.1.1.4.4.0] :put $test the 'test' variable is blank I need to be able to store OID values for use in scripts My primary use case at the moment is to poll rad...
by millenium7
Wed Mar 27, 2019 8:10 am
Forum: Scripting
Topic: RouterOS SNMP Get
Replies: 10
Views: 5020

Re: RouterOS SNMP Get

This needs to be implemented, would be hugely useful My particular use case is monitoring link quality of radio's so I can force a re-route when SNR or signal strength drops below a certain point Without this, link can flap up and down with packet loss, high latency, congestion etc. OSPF becomes ver...
by millenium7
Wed Mar 27, 2019 7:42 am
Forum: General
Topic: Is it possible for a MikroTik to do a SNMP get?
Replies: 1
Views: 541

Re: Is it possible for a MikroTik to do a SNMP get?

To sort-of answer my own question. It turns out there is a /tool snmp-get command that isn't documented anywhere (that I could see) The problem is the output cannot be saved into variables, and is therefore useless I need to be able to poll an OID to get i.e. signal strength and then act upon the re...
by millenium7
Tue Mar 26, 2019 2:43 pm
Forum: General
Topic: Suggestion: Completely virtual router based on two physical routers
Replies: 183
Views: 31871

Re: Suggestion: Completely virtual router based on two physical routers

You're a legend for following up with this so quickly and in depth. Thank you very much
I'll wait for the tested update
by millenium7
Mon Mar 25, 2019 1:29 am
Forum: General
Topic: Suggestion: Completely virtual router based on two physical routers
Replies: 183
Views: 31871

Re: Suggestion: Completely virtual router based on two physical routers

Went to change out the dead router and noticed MikroTik has a new hardware revision of CCR series which require 6.43.5 as the minimum RouterOS version and cannot be downgraded any further. I've read on the github page there's a known bug with 6.43.x and its causing reboots and intermittent issues Ca...
by millenium7
Tue Mar 19, 2019 2:56 am
Forum: General
Topic: Is it possible for a MikroTik to do a SNMP get?
Replies: 1
Views: 541

Is it possible for a MikroTik to do a SNMP get?

I don't mean polling the MikroTik via SNMP. I mean the MikroTik polling something else through SNMP I want to write some scripts that monitor wireless links and switch to failover as the link degrades, before it completely drops out. And keeps it on the failover until the link is fully restored Sinc...
by millenium7
Wed Mar 13, 2019 8:17 am
Forum: General
Topic: /32 addresses to end customers without PPPoE?
Replies: 0
Views: 473

/32 addresses to end customers without PPPoE?

We're currently using PPPoE over VPLS to span our network and get customer traffic back to a PPPoE concentrator. This works well and has served us well, it's simple and easy to deploy new distribution sites, that site connects to concentrator with VPLS and customer link is bridged into that with spl...
by millenium7
Tue Feb 26, 2019 5:20 am
Forum: General
Topic: Suggestion: Completely virtual router based on two physical routers
Replies: 183
Views: 31871

Re: Suggestion: Completely virtual router based on two physical routers

Awesome, i'll give it a go next time i'm at the DC but backup beforehand. Thanks
by millenium7
Thu Feb 21, 2019 9:22 am
Forum: General
Topic: Suggestion: Completely virtual router based on two physical routers
Replies: 183
Views: 31871

Re: Suggestion: Completely virtual router based on two physical routers

So we have had a hardware failure on one of the routers and this script saved us a lot of downtime However now comes the time to replace with another router. I have an identical model here There are no instructions on what to do to bring a new standby router back into the mix (preferably without any...
by millenium7
Wed Feb 20, 2019 8:26 am
Forum: Scripting
Topic: How do you negate a command?
Replies: 1
Views: 553

How do you negate a command?

I want to bulk change some CAPSMAN entries, previously i've specified some values that I want to omit, i.e. local-forwarding in datapath. Problem is I can't find a way to actually remove this command. I can go in and run a command such as /caps conf set [find where name="somethingsomething"] datapat...
by millenium7
Wed Feb 06, 2019 2:27 am
Forum: General
Topic: TCP vs UDP routing handled differently?
Replies: 4
Views: 1475

Re: TCP vs UDP routing handled differently?

I didn't say that. There is OSPF in the network, and BGP at Router B to other routers (including E) All routers do have a specific route to E E does not have a specific route to the original source, so it uses it's default gateway which is B D also doesn't have a specific route, so again it uses it'...
by millenium7
Tue Feb 05, 2019 6:56 am
Forum: General
Topic: Anyone using Solarwinds NCM? Injecting garbage into backups
Replies: 0
Views: 677

Anyone using Solarwinds NCM? Injecting garbage into backups

We're trialing Solarwinds Network Configuration Manager but i'm noticing it's just not playing ball with MikroTik. It all seems good from the outside but I notice it's regularly throwing garbage characters into the backup files, both corrupting them and causing lots of diffs when nothings changed i....
by millenium7
Tue Feb 05, 2019 6:16 am
Forum: General
Topic: TCP vs UDP routing handled differently?
Replies: 4
Views: 1475

Re: TCP vs UDP routing handled differently?

It's a rather large config that I don't want to post, even with hide sensitive
But the only parts should affect routing are in the ip routes and ip firewall section. There's no route so it should use the default one, and there's no firewall rules affecting this
by millenium7
Mon Feb 04, 2019 6:41 am
Forum: General
Topic: TCP vs UDP routing handled differently?
Replies: 4
Views: 1475

TCP vs UDP routing handled differently?

I don't know if this is a bug, a feature, or simply the way UDP traffic works and i've never heard about it I've been troubleshooting an issue with SNMP being unreachable to a particular destination (Router E in the below example), yet pings and all other ICMP or TCP based traffic work fine I've don...
by millenium7
Mon Jan 14, 2019 2:47 am
Forum: General
Topic: CCR's dying - any way to diagnose? Or get config/logs?
Replies: 0
Views: 503

CCR's dying - any way to diagnose? Or get config/logs?

This is the 2nd CCR we've had die on us unexpectedly. First one was doing strange things like dropping OSPF sessions and taking a very long time to restart. I upgraded the firmware on it and then it got stuck in a permanent boot loop. Would get all the way to ROS starting but once a few packets went...
by millenium7
Tue Nov 27, 2018 2:44 am
Forum: General
Topic: Convert Time from 24 Hour to 12 Hour
Replies: 10
Views: 1380

Re: Convert Time from 24 Hour to 12 Hour

In that case modify the script, check the first 2 digits and if they equal "00" then change to "12"
by millenium7
Tue Nov 27, 2018 2:30 am
Forum: General
Topic: Improving hotspot/captive portal detection?
Replies: 3
Views: 1170

Re: Improving hotspot/captive portal detection?

There is no system that works with HTTPS*. This is by design, if you could intercept a secure page to show your portal, so could anyone else. You misunderstand me There are much better captive portal systems out there that don't intercept HTTPS, but they work when a user tries to go to a HTTPS URL ...
by millenium7
Tue Nov 27, 2018 1:56 am
Forum: General
Topic: Convert Time from 24 Hour to 12 Hour
Replies: 10
Views: 1380

Re: Convert Time from 24 Hour to 12 Hour

I just tested the script I posted above and it works exactly as expected :global CurrentTime [/system clock get time] :put "Current time is $CurrentTime" :if (($CurrentTime - 12:00:00) > 00:00:00) do={:set $CurrentTime ($CurrentTime - 12:00:00) ; :put "Time changed to $CurrentTime"} Then alter the C...
by millenium7
Mon Nov 26, 2018 3:54 am
Forum: General
Topic: Convert Time from 24 Hour to 12 Hour
Replies: 10
Views: 1380

Re: Convert Time from 24 Hour to 12 Hour

Well for one you're in the wrong section and this should probably be in Scripting This probably isn't the best method but maybe something like :if (($CurrentTime - 12:00:00) > 00:00:00) do={:set $CurrentTime ($CurrentTime - 12:00:00)} Havn't tested that works, but theoretically if time is midday or ...
by millenium7
Mon Nov 26, 2018 3:40 am
Forum: General
Topic: Improving hotspot/captive portal detection?
Replies: 3
Views: 1170

Improving hotspot/captive portal detection?

From what I understand the MikroTik implemention intercepts HTTP requests (and optionally HTTPS) and redirects them internally to the hotspot setup running on the router. But it's not very graceful and especially with HTTPS it either doesn't work or it will throw a certificate warning, and it doesn'...
by millenium7
Tue Nov 20, 2018 1:11 am
Forum: Scripting
Topic: Scripting Array help
Replies: 4
Views: 2835

Re: Scripting Array help

I managed to get this working. Yes need to use ; instead of , in arrays Also, need to use :for not :foreach. Foreach runs all instances at the same time, for runs one time for each entry separately. Here's a working example that pulls out all values in an array of any length :global SetInterfaces {"...
by millenium7
Fri Nov 09, 2018 2:10 am
Forum: Scripting
Topic: Scripting Array help
Replies: 4
Views: 2835

Scripting Array help

The official help https://wiki.mikrotik.com/wiki/Manual:Scripting#Operations_with_Arrays is not very helpful when it comes to understanding and using arrays There needs to be more examples and theory explanation What i'm trying to do is something like this :global SetInterfaces {"ether1", "ether2", ...
by millenium7
Tue Nov 06, 2018 11:47 am
Forum: General
Topic: APC UPS not detecting?
Replies: 5
Views: 1658

APC UPS not detecting?

We have some APC SMX750I units out there connected with the included console cables to MikroTik CCR routers. I'm 99% sure I tested the connectivity in the lab before we deployed them to make sure they work and they did. However when we installed them they didn't work, they weren't detected I'm going...
by millenium7
Fri Oct 12, 2018 4:20 am
Forum: General
Topic: Which chains do SrcNAT and DstNAT go through?
Replies: 7
Views: 1420

Re: Which chains do SrcNAT and DstNAT go through?

So in short
Input chains only if the 'final' destination of the packet after all NAT/redirects etc are processed is the router
Output chain only if the router itself generated the packet. Does not apply to packets that are srcnat'd packets even if they use the routers IP address
by millenium7
Thu Oct 11, 2018 8:29 am
Forum: General
Topic: Mark connection/packet then routing vs just Mark Routing?
Replies: 5
Views: 4801

Re: Mark connection/packet then routing vs just Mark Routing?

The reason why i'd prefer to use connection and packet marks are for other operations i.e. queue's, changing TTL etc. It makes more sense to only have to create 1 'top tier' rule to match all traffic from an IP address I.e. lets say its not 192.168.1.0/24 but is instead 192.168.1.55 which is the IP ...
by millenium7
Thu Oct 11, 2018 8:22 am
Forum: General
Topic: Which chains do SrcNAT and DstNAT go through?
Replies: 7
Views: 1420

Which chains do SrcNAT and DstNAT go through?

chain=input is used for packets destined to the router itself. If the router IP is 1.1.1.1 but there's a dst-nat rule forwarding tcp 80 traffic to 192.168.1.1 and a connection from the internet comes in to 1.1.1.1:80 will this traffic match the input or forward chain? or both? And again with Src NAT...
by millenium7
Thu Oct 11, 2018 7:59 am
Forum: General
Topic: Mark connection/packet then routing vs just Mark Routing?
Replies: 5
Views: 4801

Mark connection/packet then routing vs just Mark Routing?

Can someone explain to me why just 'mark routing' with a source IP address works, but using connection marks to try and do the same thing doesn't work? I.e. with connection marks. Packets match, routing matches, but typing "what is my IP" in google shows it going through main routing tables ISP /ip ...
by millenium7
Mon Sep 17, 2018 9:32 am
Forum: General
Topic: New bridge implementation - how to bridge 2 VLANs together?
Replies: 2
Views: 1116

Re: New bridge implementation - how to bridge 2 VLANs together?

Ok so I figured it out There's 2 problems to tackle, the first is the bridge config and that is a combination of the new method and old method. Create a bridge, add all the ports, set all the VLAN's etc according to a new method. Except in my case VLAN20 I don't add under the 'VLAN' section of the b...
by millenium7
Fri Sep 14, 2018 4:07 am
Forum: Beginner Basics
Topic: What tunnel/VPN should I use [SOLVED]
Replies: 3
Views: 863

Re: What tunnel/VPN should I use [SOLVED]

For camera's I would be using L2TP with or without IPSec The reason being that L2TP is the only UDP based VPN that Mikrotik supports Camera's usually stream at a constant bitrate without stopping, if you have a situation where your link becomes a little bit flakey (even just for a moment) then you'r...
by millenium7
Thu Sep 13, 2018 3:21 am
Forum: General
Topic: New bridge implementation - how to bridge 2 VLANs together?
Replies: 2
Views: 1116

New bridge implementation - how to bridge 2 VLANs together?

We are upgrading an existing production network and will be making some major changes, but we need to keep things working in the meantime At the moment the internal IT equipment is all on VLAN1 (native), I want to move all the internal stuff into a new switch which is going to be behind a sonicwall....
by millenium7
Mon Sep 10, 2018 7:31 am
Forum: Forwarding Protocols
Topic: Combining LDP and BGP for VPLS tunnels?
Replies: 1
Views: 743

Re: Combining LDP and BGP for VPLS tunnels?

Or would it be best to keep all the existing OSPF and LDP setup in place, but also run BGP everywhere and then start converting all the VPLS tunnels that need to get to the core over from LDP to BGP?
by millenium7
Mon Sep 10, 2018 7:27 am
Forum: Forwarding Protocols
Topic: Combining LDP and BGP for VPLS tunnels?
Replies: 1
Views: 743

Combining LDP and BGP for VPLS tunnels?

We are migrating from multiple locations as separate cores into a centralized core Each location has many links and routers behind it, and each location runs its own OSPF area 0 network Each of these locations has a main core router which terminates customer PPPoE sessions through VPLS to each edge ...
by millenium7
Thu Aug 30, 2018 2:57 am
Forum: General
Topic: Suggestion: Completely virtual router based on two physical routers
Replies: 183
Views: 31871

Re: Suggestion: Completely virtual router based on two physical routers

Anyone tested and confirmed this works exactly as expected on 6.42.x ? We're running this on a couple of routers in a data center and it seems to work fine. However 2 problems i've noticed and I don't know if they are an issue with the later firmware or something going on with the script 1) I can't ...
by millenium7
Mon Aug 20, 2018 5:40 am
Forum: General
Topic: Passwords for hundreds/thousdands of devices
Replies: 10
Views: 1943

Re: Passwords for hundreds/thousdands of devices

I would like to know if there is a better method but the way I've implemented it is to run up a copy of Windows Server, install active directory and Network Policy Server and set it up accordingly (wasn't easy to figure out from scratch but once understood it's quite straightforward) This server act...
by millenium7
Tue Jun 26, 2018 4:03 am
Forum: Forwarding Protocols
Topic: ❗❓ MPLS MTU Problem , more than 1500 byte get packet fragmentation error
Replies: 10
Views: 2804

Re: ❗❓ MPLS MTU Problem , more than 1500 byte get packet fragmentation error

Pings happen at Layer3 so make sure that 'MTU' is large enough So even if you have i.e. 5000 L2MTU, if L3MTU is still 1500 (Just called MTU in mikrotik, and don't forget the MRU as well on PPPoE) then you can only send 1500 byte pings Increase MTU along the path to 1520 and you'll be able to send 15...
by millenium7
Fri Jun 22, 2018 11:11 am
Forum: Forwarding Protocols
Topic: MPLS/VPLS will not form between iBGP neighbors
Replies: 23
Views: 2584

Re: MPLS/VPLS will not form between iBGP neighbors

The simpler the topology, the better for the network and better for its support. If I was you, I'd choose one OSPF area for all routers and VPLS with LDP signaling. RIP is simple, but we don't use RIP because it's slow and inefficient. Same with a very large area0 topology across many wireless link...
by millenium7
Fri Jun 22, 2018 7:16 am
Forum: Forwarding Protocols
Topic: MPLS/VPLS will not form between iBGP neighbors
Replies: 23
Views: 2584

Re: MPLS/VPLS will not form between iBGP neighbors

I think BGP signalled VPLS might work but i'm having reliability issues. I've never configured this before so maybe i'm doing something wrong, I did follow the wiki but.... well the first problem is MPLS does not form without LDP, so even though BGP is working, i'm using L2VPN functionality and both...
by millenium7
Fri Jun 22, 2018 4:08 am
Forum: Forwarding Protocols
Topic: MPLS/VPLS will not form between iBGP neighbors
Replies: 23
Views: 2584

Re: MPLS/VPLS will not form between iBGP neighbors

Don't do worst design with things that have to run another way. You mean like using OSPF instead of EIGRP? :) It would be PERFECT for our network, and quite honestly I imagine it would also be perfect for the vast majority of WISPs. I'm surprised MikroTik hasn't implemented it (it is not Cisco prop...
by millenium7
Thu Jun 21, 2018 2:36 pm
Forum: Forwarding Protocols
Topic: MPLS/VPLS will not form between iBGP neighbors
Replies: 23
Views: 2584

Re: MPLS/VPLS will not form between iBGP neighbors

What I have done before is run 2 OSPF instances on D & E, then I redistribute between both instances. But I have had some routing issues where traffic went across D-E when it didn't have to. And I don't have as much flexibility. It generally just seems quite messy Moving to BGP I have not had issues...
by millenium7
Thu Jun 21, 2018 2:25 pm
Forum: Forwarding Protocols
Topic: MPLS/VPLS will not form between iBGP neighbors
Replies: 23
Views: 2584

Re: MPLS/VPLS will not form between iBGP neighbors

Yes I have tried that but I am not running OSPF between these 2 routers. Let me draw a basic diagram that will make more sense https://image.ibb.co/n8OukT/image.png I don't want to join the OSPF area's because then a change on router F will mean routers A/B/C/D hear about it 1) Slower convergence 2)...
by millenium7
Thu Jun 21, 2018 1:40 pm
Forum: Forwarding Protocols
Topic: MPLS/VPLS will not form between iBGP neighbors
Replies: 23
Views: 2584

Re: MPLS/VPLS will not form between iBGP neighbors

LDP will not assign labels to BGP routes Is there any way around this? I could set a static IP for the next router i.e. A-B And then it works I can get a VPLS tunnel between those 2 routers But VPLS doesn't work for routers that are further along i..e A-B-C (between A and C) I even tried setting a ...
  • 1
  • 2