Community discussions

Search found 249 matches

by JimmyNyholm
Sun Apr 14, 2019 8:47 pm
Forum: Announcements
Topic: v6.43.14 [long-term] is released!
Replies: 29
Views: 8034

Re: v6.43.14 [long-term] is released!

doesn't work renaming the admin user 0 again.
by JimmyNyholm
Mon Feb 04, 2019 7:44 am
Forum: Announcements
Topic: February Newsletter #87
Replies: 65
Views: 14532

Re: February Newsletter #87

Can we please have special mounting fot having 2 SFP+ port switch CRS309-1G-8S+IN in one rack Unit
by JimmyNyholm
Sat Dec 22, 2018 3:24 pm
Forum: The Dude
Topic: Help with probe is posible.
Replies: 0
Views: 406

Help with probe is posible.

Hi I have an Idea. I want dude to probe a link on map (can be / is interface on device) if load is too much assymetric loaded ie: only TX, nothing RX or only RX and nothing TX. This could indicate a failure situation on a link that is know to only transport duplex ie tcp traffic traffic or such........
by JimmyNyholm
Mon Dec 10, 2018 11:34 am
Forum: The Dude
Topic: Move device to Submap.
Replies: 9
Views: 1197

Re: Move device to Submap.

Copy, Paste (as in ctrl-c ctrl-v doesn't work in dude client windows. Context menu on right mousebutton doesn't show this as an alternative either. AM I missing something? Yes. The buttons in the window work. But there probably is a bug or not assigned os standard shortcust to the button. Thanks aga...
by JimmyNyholm
Mon Dec 10, 2018 7:46 am
Forum: The Dude
Topic: Move device to Submap.
Replies: 9
Views: 1197

Re: Move device to Submap.

Thanks I didn't think of that but: This will create a new device making statistic readings / Historical Data of all device data not being there. Right? What I am about to do now this "work around" will suffice. But there should be a move function as from dude's standpoint it would be the same device...
by JimmyNyholm
Fri Dec 07, 2018 10:29 am
Forum: The Dude
Topic: Move device to Submap.
Replies: 9
Views: 1197

Move device to Submap.

Hi I wonder if there is a smart way moving devices from main map to a newly created submap without having to "delete and recreate" them. IE Some drag and drop functionality somewhere or a property on the object that i have not yet discovered? Please advice. What is the current best practise in this ...
by JimmyNyholm
Wed Dec 05, 2018 6:09 am
Forum: Announcements
Topic: v6.43.7 [stable] is released!
Replies: 53
Views: 12346

Re: v6.43.7 [stable] is released!

Sounds cool but what is the benefit of doing it manual by script /fetch in contrast to /system/package/upgrade ?
by JimmyNyholm
Tue Nov 13, 2018 9:38 am
Forum: Announcements
Topic: v6.43.4 [stable] is released!
Replies: 78
Views: 22678

Re: v6.43.4 [stable] is released!

6.43.4 is Stable branch and includes *) bridge - do not learn untagged frames when filtering only tagged packets;
When do we recon that this patch will be available in "Long Term" branch?
by JimmyNyholm
Thu Nov 08, 2018 4:17 am
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 84075

Re: v6.44beta [testing] is released!

All hash options is useless, Static passwords is insecure. I use OTP (One time Password) can't hash anything because there is nothing to hash on. Please reimplement PAP so I may once again be secure.
by JimmyNyholm
Fri Aug 24, 2018 9:12 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 557
Views: 113454

Re: v6.43rc [release candidate] is released!

And what about making radius login scheme selectable. chap for people who use static shit that can be challenged pap for us who only use one time passwords. And therefore Inherrently dosen't have anything to do a challenge on. (CHAP is unusable in this case)
by JimmyNyholm
Fri Aug 24, 2018 9:10 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 557
Views: 113454

Re: v6.43rc [release candidate] is released!

And what about making radius login scheme selectable. chap for people who use static shit that can be challenged pap for us who only use one time passwords.
by JimmyNyholm
Fri Aug 24, 2018 9:01 pm
Forum: Announcements
Topic: WPA2 preshared key brute force attack
Replies: 26
Views: 25108

Re: WPA2 preshared key brute force attack

And what about working on WPA3? According to Qualcomm you need new chipsets for WPA3 so it seems that old gear wont be able to support it ... As far as I can tell that is a big spit of "bullspit" ;-) WPA3 can be done in software only if the hardware features in a old chip is to slow. But then again...
by JimmyNyholm
Fri Aug 24, 2018 8:46 pm
Forum: Forwarding Protocols
Topic: IPv6 recursive nexthops via iBGP
Replies: 108
Views: 23712

Re: IPv6 recursive nexthops via iBGP

Passing Into Late 2018 And still this is big issue when @Mikrotik WHEN will recursive routing work in routeros. Installed V6 routes that have reachables nexthops (recursivly that is) will never be active due to something broken. FIX NOW. IPV4 days are over and we must deploy ipv6.
by JimmyNyholm
Sat Aug 18, 2018 9:54 am
Forum: Announcements
Topic: WPA2 preshared key brute force attack
Replies: 26
Views: 25108

Re: WPA2 preshared key brute force attack

And what about working on WPA3?
by JimmyNyholm
Sat Aug 04, 2018 11:17 am
Forum: Announcements
Topic: Winbox vulnerability: please upgrade
Replies: 329
Views: 89020

Re: Winbox vulnerability: please upgrade

I got the same Mail two days ago so perhaps they're having problem with the mail systems ? ;-)
by JimmyNyholm
Sat Aug 04, 2018 11:07 am
Forum: General
Topic: IPv6 BGP unreachable nexthop through loopback
Replies: 7
Views: 1046

Re: IPv6 BGP unreachable nexthop through loopback

Currently recursive routing will not work if gateway is link local address. I'd say Recusive routing is totally broken for ipv6 in RosV6 having route coming in from ospfv3 process, ibgp session but MP bgp route can't get active because the gateway is unreachable according to the ipv6 route print wh...
by JimmyNyholm
Sat Aug 04, 2018 9:36 am
Forum: Forwarding Protocols
Topic: set next-hop anyhow?
Replies: 2
Views: 925

Re: set next-hop anyhow?

What I have discovered is: If you override the nexthop in a filter on the incoming it will not be reflected that way if you not also have a filter to the respective outgoing. This is unintuitive i'd say but once you realise this it gets a bit clearer in the RouterOS Space. (This is not Currently doa...
by JimmyNyholm
Sat Aug 04, 2018 9:29 am
Forum: Forwarding Protocols
Topic: OSPF splitted broadcast network
Replies: 1
Views: 498

Re: OSPF splitted broadcast network

I'd say you get a classical splitt brain scenario where both sides tries to converge and finds them self as DR's and depending on other redistribution many blackholes in the routing. This is why you run OSPF and perhaps you should have a backup direct link to avoid SplitBrain. But Who am I that may ...
by JimmyNyholm
Sat Aug 04, 2018 9:21 am
Forum: Forwarding Protocols
Topic: OSPF Router ID
Replies: 6
Views: 2659

Re: OSPF Router ID

The Question have been answered but one could put it this way. Say this "number" is just a number. Sure it looks like an IP'adress. BUT for analogy think of it as a Color value. When routers have only few links this is what think and call SIMPLE OSPF network. the reson for this ID is not obvious. Bu...
by JimmyNyholm
Sun Jul 29, 2018 2:42 pm
Forum: General
Topic: BGP multithreaded
Replies: 17
Views: 4888

Re: BGP multithreaded

Forwarding and routing is good and fast as long as you keep all traffic in fastpath. It is a router not a firewall. True, but it is still good practice to do anti-spoofing filtering on a border router I also feel happier blocking traffic to the control plane with filters on the 'input' chain - you ...
by JimmyNyholm
Tue Jul 24, 2018 4:07 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 557
Views: 113454

Re: v6.43rc [release candidate] is released!

And even worse the chap packet that you send out doest not contain any password (you are sending empty radius request even before asking the user of a password. Clean upp your code and enable PAP/CHAP/MSCHAP as option NOW! I'm trying this RC in a CRS328-4C-20S-4S+RM After downgrading to Current 6.42...
by JimmyNyholm
Tue Jul 24, 2018 3:36 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 557
Views: 113454

Re: v6.43rc [release candidate] is released!

Ok so now I test the RC45 Build. My setup scripts fail can't rename user admin anymore? WHY?
by JimmyNyholm
Tue Jul 24, 2018 11:38 am
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 557
Views: 113454

Re: v6.43rc [release candidate] is released!

NOOOOO!!!! -"radius - use MS-CHAPv2 for "login" service authentication;" I hope there is a setting for this. chap, chapv2 with or without ms flavour is doing nothing good to the fact that static passwords are weak and should not be used. We use one time passwords witch will not work in replay mode d...
by JimmyNyholm
Sun Jul 08, 2018 11:28 am
Forum: General
Topic: Feature Request /31 Subnet
Replies: 30
Views: 10528

Re: Feature Request /31 Subnet

Actually it wont get ugly if you combine the fine /32 support with the fact that you can have the same ip och many interfaces in routerOS. Then you can do fully functional ospf. Assign a /28 for a 16 port router as to say router has the same IP on all its customer facing interfaces then carve /32 to...
by JimmyNyholm
Wed Jun 27, 2018 8:30 am
Forum: Forwarding Protocols
Topic: Can I drop a specific ospf route+gateway combination?
Replies: 1
Views: 492

Re: Can I drop a specific ospf route+gateway combination?

In Router Filter you may check multiple fields in the matcher section. You may then pin this filter matcher to a specified source in conjuction with your other matchers, such as prefix. Only osfp-in list is checked for ospf process if I'm not remembering wrong.
by JimmyNyholm
Sat Jun 23, 2018 2:23 pm
Forum: General
Topic: CSR3xx, HW-Offloading, Q-in-Q in 6.43
Replies: 10
Views: 2947

Re: CSR3xx, HW-Offloading, Q-in-Q in 6.43

Did a quick look in the current RC with initial qinq support and then what port settings for stack trunk or stack access.
setting vlans marking them as outer q? no.

MT Will this surface later in the development or did you not think this through?
by JimmyNyholm
Sat Jun 23, 2018 2:17 pm
Forum: General
Topic: ROS 7 Beta
Replies: 42
Views: 12938

Re: ROS 7 Beta

True Isolated VRFs
ip setting RP Filter Strict VRF Aware.
All other Services/Features VRF Aware
New Routing Engine Multicore Support.
v4v6 agnostic full same features over the whole product.
And that's just the top of my head.
by JimmyNyholm
Mon Jun 18, 2018 12:16 pm
Forum: Announcements
Topic: VPNfilter official statement
Replies: 191
Views: 77731

Re: VPNfilter official statement

Security advisory emails were sent to all users that are in our database.
Where do I register to get this advisorys?
by JimmyNyholm
Wed Jun 06, 2018 1:36 pm
Forum: The Dude
Topic: Adding Winbox Tool
Replies: 26
Views: 14105

Re: Adding Winbox Tool

Or better yet. Support external rest api call for geting current password from other system. Dude is loged in with one type of user that should not be used by personell from say Support or other personel from say NOC.
by JimmyNyholm
Wed Jun 06, 2018 1:02 pm
Forum: Announcements
Topic: v6.42.3 [current]
Replies: 80
Views: 23077

Re: v6.42.3 [current]

6.42.x breaks sometching quite badly in DHCP server. I have a setup where a CCR1016 serves several VLANs, with a dedicated DHCP server to each VLAN. 6.41.4 works beautifully without any sort of hiccups. 6.42.x sometimes won't bring the DHCP instances up in the first boot. If i reboot the CCR, then ...
by JimmyNyholm
Wed May 30, 2018 1:24 pm
Forum: Announcements
Topic: Winbox 3.14 released!
Replies: 77
Views: 25360

Re: Winbox 3.14 released!

What's new in v3.14: *) added support for new style authentication and encryption for connections to RouterOS v6.43; Does this let us get Radius with pap work later on for winbox login (I am using OTP-Tokens there simply is nothing to do chap on so now it's impossible to login to winbox in my more ...
by JimmyNyholm
Wed May 30, 2018 11:56 am
Forum: Announcements
Topic: VPNfilter official statement
Replies: 191
Views: 77731

Re: VPNfilter official statement

Thanks for the prompt response Normis. I assume people that were using the quickset dynamic dns vpn and appropriate firewall rules + updated fw would have been invunerable to these attacks ? Any RouterOS version with firewall on the www port from untrusted networks was always safe. The original vun...
by JimmyNyholm
Fri May 11, 2018 9:13 am
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 272
Views: 45656

Re: v6.42.1 [current]

still waiting for the bugfix only update This vulnerability isn't much of a problem. The problem is administrators leaving their firewall services (API, Winbox, SSH, etc.) exposed to untrusted networks. It's better to apply firewall filters to the input chain that will protect against this and othe...
by JimmyNyholm
Thu May 10, 2018 4:42 pm
Forum: Announcements
Topic: Newsletter #82 (May 2018)
Replies: 38
Views: 11390

Re: Newsletter #82 (May 2018)

WOW! will CRS332-32S+RM have Hardware MPLS P switching aswell same as we now have at 317-16S+ ?????
by JimmyNyholm
Fri Apr 06, 2018 6:13 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 97329

Re: v6.42rc [release candidate] is released!

Confirmation from MT in Mail RC55 will have fix for my LACP Bonding problem. Have a Nice week end and I hope for the soon Release of RC55. One wonder what more magical fixes will be included.
;-)
by JimmyNyholm
Wed Mar 28, 2018 3:11 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 97329

Re: v6.42rc [release candidate] is released!

My LACP problem is still Present in this RC ([Ticket#2018031222001218] LACP HW problem reaching bridge)
by JimmyNyholm
Sun Mar 25, 2018 10:39 pm
Forum: Announcements
Topic: v6.41.3 [current]
Replies: 139
Views: 31242

Re: v6.41.3 [current]

Word of !WARNING for anyone who has the CCR1072-1G-8S+. We have two of these units, since the upgrade both have used consistently 10 more watts of power! This has also increased the temperature of the device and fan speed, that can't be a good thing can it? We've contacted Mikrotik and this is thei...
by JimmyNyholm
Fri Mar 23, 2018 9:48 am
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 97329

Re: v6.42rc [release candidate] is released!

[admin@sw-under] > interface bonding print Flags: X - disabled, R - running 0 name="CoreUplink" mtu=1500 mac-address=64:D1:54:EA:BC:83 arp=enabled arp-timeout=auto slaves=sfp-sfpplus1,sfp-sfpplus2 mode=802.3ad primary=none link-monitoring=mii arp-interval=100ms arp-ip-targets="" mii-interval=100ms ...
by JimmyNyholm
Thu Mar 22, 2018 12:24 pm
Forum: General
Topic: New router OS
Replies: 46
Views: 12278

Re: New router OS

Steve is right. There is barely anything left in v7 that we haven't backported. Isolated VRF's VRF aware Services All of them and Multiple of them (ie allow ssh source this in vrf x and source that in vrf p only listening on ip's local to that respective vrfs) Tunnel Interface: Inner VRF and Outer ...
by JimmyNyholm
Thu Mar 22, 2018 12:07 pm
Forum: Announcements
Topic: Winbox 3.12 released!
Replies: 55
Views: 43908

Re: Winbox 3.12 released!

I recon you have full feed. and single core problem every question you make in cli will take forever. I guess that winbox can't be faster then cli can so..... Or am I missing something?
by JimmyNyholm
Sat Mar 10, 2018 7:31 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 97329

Re: v6.42rc [release candidate] is released!

# jan/13/1970 03:06:17 by RouterOS 6.42rc39 # software id = JLRA-QA36 # # model = CRS326-24G-2S+ # serial number = 763C06E78477 /interface ethernet set [ find default-name=sfp-sfpplus2 ] mac-address=6C:3B:6B:ED:F9:E6 /interface bridge add admin-mac=6C:3B:6B:ED:F9:E6 auto-mac=no fast-forward=no name...
by JimmyNyholm
Fri Mar 09, 2018 2:20 pm
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM
Replies: 6
Views: 1272

CRS328-24P-4S+RM

CRS328-24P-4S+RM Wow.
This is what I was waiting for. Nice one. When will it be available.
by JimmyNyholm
Fri Mar 09, 2018 12:58 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 97329

Re: v6.42rc [release candidate] is released!

*) crs3xx - added initial "hw-offload" support for 802.3ad and "balance-xor" bonding; Well done! I can confirm it's working on a CRS326 now. Still open is the issue to change MTU size. [admin@MikroTik] /interface bonding> set bond2 mtu=8148 failure: could not set mtu [admin@MikroTik] /interface bon...
by JimmyNyholm
Thu Mar 08, 2018 4:20 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 97329

Re: v6.42rc [release candidate] is released!

*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts; *) bridge - added per-port learning options; *) bridge - added support for static hosts; Thanks. This will make it possible to configure stuff that I was waiting for. Is there any plans for more l...
by JimmyNyholm
Tue Feb 27, 2018 5:46 pm
Forum: Forwarding Protocols
Topic: Point-to-point (/31) addresses
Replies: 64
Views: 41086

Re: Point-to-point (/31) addresses

I would skip using an actual /31, and just use two /32s. Specify the remote address as the "network", and you should be good to go. This mechanism is more flexible than using /31s, as the addresses don't need to be adjacent; and more efficient since you can re-use the same address for multiple link...
by JimmyNyholm
Tue Feb 27, 2018 5:36 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 97329

Re: v6.42rc [release candidate] is released!

We are aware of this DHCP client problem, will try to fix in one of the next RC versions.
Thanks mrz....
Are you aware and have reproduced the LACP problem aswell?
by JimmyNyholm
Mon Feb 26, 2018 11:00 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 97329

Re: v6.42rc [release candidate] is released!

Have you set admin-mac on the bridge? I have only created the bridge1 interface. /interface bridge export # mar/12/1970 15:13:17 by RouterOS 6.42rc35 # software id = M8A7-BVIJ # # model = CRS326-24G-2S+ /interface bridge add igmp-snooping=yes name=bridge1 protocol-mode=none pvid=64 vlan-filtering=y...
by JimmyNyholm
Mon Feb 26, 2018 4:31 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 97329

Re: v6.42rc [release candidate] is released!

Tested This New RC. My Bridge LACP bridge problem still exists. Not reachable through lacp bond if no other local port on bridge is active.

ip dhcp-client connected to bridge1 does eternal searching after reboot disable and enable fixes the problem
by JimmyNyholm
Sun Feb 25, 2018 3:25 pm
Forum: Announcements
Topic: v6.40.6 [bugfix] is released!
Replies: 58
Views: 15390

Re: v6.40.6 [bugfix] is released!

Long, long post ... five seconds of scrolling. Was it necessary? No Scrolling Here. Use real browser and the post is rendered in a scrolled list inside that post. As for the question it seems legit to ask to se if one has understod things right. To actually answer the question: Yes that seems to be...
by JimmyNyholm
Sun Feb 25, 2018 12:10 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 97329

Re: v6.42rc [release candidate] is released!

Ok So I did see the wiki was updated to state the fact of HW offload on crs3xx series. So I did a new test and: 23 I H ether24 bridge1 yes 64 0x80 10 10 none 24 H Core bridge1 yes 64 0x80 10 10 none [admin@labb-mgmt-1] /interface bridge port> Shurely it states that the Bond in my case named Core sho...
by JimmyNyholm
Tue Feb 20, 2018 1:42 pm
Forum: Forwarding Protocols
Topic: eoip sharing subnet
Replies: 6
Views: 1076

Re: eoip sharing subnet

The EOIP tunnel is an interface to RouterOS. This is your inside of tunnel and can be part of bridge. the interface that holds the LocalIP that eoip binds to in the encapsulated iptraffic it generates should of course not be part of the same (or any bridge) this creates loops and defeats the purpose...
by JimmyNyholm
Sun Feb 18, 2018 3:21 pm
Forum: Forwarding Protocols
Topic: Choose right VPN tunnel when both peers are dual-homed
Replies: 2
Views: 441

Re: Choose right VPN tunnel when both peers are dual-homed

Hi. If both sides have static ip's this is easy. If you need L3 only then setup meshed gre tunnels with configured ipsec secret then the gre traffic is encrypted and all is well. You may then assign links ip's and loopback and enable ospf and set the weight. Using carefull settings and only routing ...
by JimmyNyholm
Sun Feb 18, 2018 2:58 pm
Forum: Forwarding Protocols
Topic: vrf connected route leaking
Replies: 20
Views: 5660

Re: vrf connected route leaking

Not yet, but v7beta is coming later this year
Are we there yet?
by JimmyNyholm
Sun Feb 18, 2018 12:31 pm
Forum: The User Manager
Topic: API set command
Replies: 1
Views: 807

Re: API set command

The manual is at: https://wiki.mikrotik.com/wiki/Manual:API
C# abstractions are found at nuget and discussed here in the scripting forum, and set command perhaps here: viewtopic.php?f=9&t=130899&p=642998&hil ... 23#p642998
by JimmyNyholm
Sat Feb 17, 2018 2:19 pm
Forum: Forwarding Protocols
Topic: eoip sharing subnet
Replies: 6
Views: 1076

Re: eoip sharing subnet

EOIP is ethernet like interface encapsulated over ip packet. Ethernetlike makes it able to be part of bridge witch you seem to grasp but then you attach ip's to interfaces instead of the bridge? Please make a drawing on what you are trying to do, then we are much more able to help you. Subject suges...
by JimmyNyholm
Wed Feb 14, 2018 10:25 am
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 97329

Re: v6.42rc [release candidate] is released!

*) radius - increase allowed RADIUS server timeout to 60s; To add an important reason to the too short limit problem of timeout in radius: Successful authentications are answered immediately (in order of milliseconds if possible), but to protect the server from brute-force attacks and DOS-type atta...
by JimmyNyholm
Sat Feb 10, 2018 4:01 pm
Forum: General
Topic: CVE-2018-5951: MikroTik RouterOS Denial of Service Vulnerability
Replies: 20
Views: 4485

Re: CVE-2018-5951: MikroTik RouterOS Denial of Service Vulnerability

Did you read my post entirely? A simple firewall stops it. Why don't you have it?
Let me think......... FASTPATH!
by JimmyNyholm
Sat Feb 10, 2018 3:59 pm
Forum: General
Topic: CVE-2018-5951: MikroTik RouterOS Denial of Service Vulnerability
Replies: 20
Views: 4485

Re: CVE-2018-5951: MikroTik RouterOS Denial of Service Vulnerability

Interesting, if you call something that just uses your resources "a vulnerability", when you can clearly protect your device against this (like with firewall), would you also call Chrome a vulnerability? It uses tons of RAM on my machine. First the CVE is reserved but information is not official fr...
by JimmyNyholm
Fri Feb 09, 2018 5:31 pm
Forum: General
Topic: Feature request: Virtual Extensible LAN (VXLAN)
Replies: 27
Views: 11130

Re: Feature request: Virtual Extensible LAN (VXLAN)

+1000 Inspiration for code can be found in the openbsd projekt https://man.openbsd.org/vxlan.4
by JimmyNyholm
Fri Feb 09, 2018 5:08 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 97329

Re: v6.42rc [release candidate] is released!

*) crs3xx - added initial hw-offload support for 802.3ad and balance-xor bonding Jiiiha!.... Will test prompty. Offcourse 4 tuble ip hash srcip srcport dstip dstport will come later right!? Ok So I tested on a CRS326-24G-2S+ but neither winbox nor cli shows anything anywhere. Initial maybe initial ...
by JimmyNyholm
Fri Feb 09, 2018 4:27 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 97329

Re: v6.42rc [release candidate] is released!

*) crs3xx - added initial hw-offload support for 802.3ad and balance-xor bonding
Jiiiha!.... Will test prompty. Offcourse 4 tuble ip hash srcip srcport dstip dstport will come later right!?
by JimmyNyholm
Wed Feb 07, 2018 2:04 pm
Forum: Announcements
Topic: MikroTik News February 2018 (Issue #80)
Replies: 65
Views: 17085

Re: MikroTik News February 2018 (Issue #80)

Excellent news on the PoE switch! Nice work, MikroTik. I have a 28 IP network camera installation coming up in May of this year. Could really use a rackmount 24 port PoE switch too!
And while youre at 24port powe why not 48port poe.
48 Gig ports with 1 qsfp+ port breakable to 4 sfp+ ports
by JimmyNyholm
Thu Feb 01, 2018 12:22 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 97329

Re: v6.42rc [release candidate] is released!

that pvid could be seen in 41rc's aswell if you set something it goes away though
by JimmyNyholm
Thu Feb 01, 2018 12:00 pm
Forum: Announcements
Topic: MikroTik News February 2018 (Issue #80)
Replies: 65
Views: 17085

Re: MikroTik News February 2018 (Issue #80)

RouterOS v7, how cool is that!
The what and where now? Nothing that I see in that Issue mentions V7???
by JimmyNyholm
Tue Jan 30, 2018 8:31 pm
Forum: Forwarding Protocols
Topic: Strange readings in traffic monitor
Replies: 4
Views: 599

Re: Strange readings in traffic monitor

I'm running 1036 and 1072's with muliple full bgp feeds for both v4 and v6 its is not an issue.

What ROS version are you running? And what is your routerboard firmware version?

If you connect winbox to macserver you may se strange results connect using IP its unicast and stable.
by JimmyNyholm
Tue Jan 30, 2018 1:28 am
Forum: General
Topic: Routing traffic over 2 interfaces
Replies: 4
Views: 853

Re: Routing traffic over 2 interfaces

The question have ben answered. But as long as you take Layer2 in count you can with routing and proxy-arping overcome many subnetting wasting scenarios offcourse all depends on what problem you actually trying to solve.
by JimmyNyholm
Tue Jan 30, 2018 1:23 am
Forum: General
Topic: Slower ipsec with 6.41
Replies: 7
Views: 1230

Re: Slower ipsec with 6.41

And support ticket number to Mikrotik is?
by JimmyNyholm
Tue Jan 30, 2018 1:02 am
Forum: General
Topic: ADD DYNAMIC VLAN ASSIGNMENT.
Replies: 37
Views: 16307

Re: ADD DYNAMIC VLAN ASSIGNMENT.

2018 Are we there yet?
by JimmyNyholm
Tue Jan 30, 2018 12:57 am
Forum: General
Topic: Bandwidth Test Tool and RADIUS
Replies: 6
Views: 2465

Re: Bandwidth Test Tool and RADIUS

I Did stumble over this today when I tried to uppgrade my sequrity a couple of notches.

+1000

Please add radius (PAP one time passwords) support to the bandwith testserver as well and only if radius server returns that user has a group that has the access offcourse
by JimmyNyholm
Tue Jan 30, 2018 12:44 am
Forum: Announcements
Topic: Tik App, MikroTik android utility ALPHA test
Replies: 425
Views: 144521

Re: Tik App, MikroTik android utility ALPHA test

I have to admit that it is a bit oxymoron to have "serious" concerns about 3rd party data exposure when you use android which is pretty much spyware on its own :P
Android is a virus :lol:
by JimmyNyholm
Mon Jan 29, 2018 2:57 pm
Forum: Announcements
Topic: New features in Dude RC
Replies: 22
Views: 9765

Re: New features in Dude RC

Upgraded to latest Ros42RC15 due to vmware tools support. (IE running on CHR) I think this RC version of dude has got the authentication faliure for bandwith test again or am I missing something in my dude role in my install. /user group add name=dude-group policy="telnet,ssh,reboot,read,test,sniff,...
by JimmyNyholm
Fri Jan 26, 2018 5:47 pm
Forum: Announcements
Topic: v6.39.3 [bugfix] is released!
Replies: 47
Views: 16616

Re: v6.39.3 [bugfix] is released!

In this release address list entry timeout option is broken! Entry is removed from address list randomly, but much more faster than specified amount of time many have raised this bug but no answer yet, perhaps it will be fixed in the next bugfix As of most comments on the forum have any one filed a...
by JimmyNyholm
Tue Jan 23, 2018 10:34 am
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 97329

Re: v6.42rc [release candidate] is released!

HW LACP is must. [Ticket#2018012222005306] RE: LACP HW CRS317-1G-16 [...] Hello, We are currently working on this feature. We hope to see it soon. Best regards, Arturs C. -- MikroTik.com Come to the MUM conferences, registration open in Cameroon, Kenya, Russia (Ekaterinburg), Russia (St. Petersburg...
by JimmyNyholm
Mon Jan 22, 2018 11:17 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 97329

Re: v6.42rc [release candidate] is released!

I would love VLan Translation on CRS317-1G-16S+RM as well... when can vi se that?
by JimmyNyholm
Mon Jan 22, 2018 11:15 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 97329

Re: v6.42rc [release candidate] is released!

HW LACP is must.
[Ticket#2018012222005306] RE: LACP HW CRS317-1G-16 [...]
by JimmyNyholm
Mon Jan 22, 2018 9:54 pm
Forum: General
Topic: Feature request: MPLS IPv6
Replies: 18
Views: 6978

Re: Feature request: MPLS IPv6

RouterOS firsts need ECMP for MPLS first. There is a lot people that have several links between routers for redundancy / more troughtput like us and with ldp enable, the Routers OS only sets a label for the first gateway. The other ECMP gateways dont get labels.. So no traffic is forwarded trought ...
by JimmyNyholm
Mon Jan 22, 2018 9:49 pm
Forum: General
Topic: BGP multithreaded
Replies: 17
Views: 4888

Re: BGP multithreaded

I have, no flapping all is working ok but convergence times is horrible. I have only 3 Full Feeds on each (ie: one full peer and two reflectors with all other peers) one tilera core is constantly at 100percent it will do as much as it can, as fast as it can. Forwarding and routing is good and fast a...
by JimmyNyholm
Mon Jan 22, 2018 8:56 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 97329

Re: v6.42rc [release candidate] is released!

HW LACP is must.
by JimmyNyholm
Mon Jan 22, 2018 8:50 pm
Forum: Scripting
Topic: /tool fetch https check-certificate=yes undocumented, not working...
Replies: 8
Views: 2513

Re: /tool fetch https check-certificate=yes undocumented, not working...

Can you please update wiki to reflect the new options. If I don't read the forum wrong it is possible to set HttpHeaders!? how? Examples please and in wiki to..... http-data cli tells me: http-data -- POST or PUT request body data So this tells me no headers can go into this field..... How do I chan...
by JimmyNyholm
Mon Jan 22, 2018 8:37 pm
Forum: General
Topic: RouterOS Radius Login SSH / Winbox
Replies: 1
Views: 453

Re: RouterOS Radius Login SSH / Winbox

Waiting for comment on this from Support: [Ticket#2018012222004996] RE: RADIUS LOGIN.
by JimmyNyholm
Mon Jan 22, 2018 12:06 pm
Forum: General
Topic: /31 bit mask doesn't work on GRE tunnel?
Replies: 3
Views: 591

Re: /31 bit mask doesn't work on GRE tunnel?

Exactly but that only works on MT <-> MT ppp's not other brands...

Please Fix
by JimmyNyholm
Sun Jan 21, 2018 9:44 pm
Forum: General
Topic: RouterOS Radius Login SSH / Winbox
Replies: 1
Views: 453

RouterOS Radius Login SSH / Winbox

Hi All. Why do SSH radius login do pap by default and not settable? (Don't Read me Wrong I need pap because I use one time passwords there are nothing to challenge on so chap is not an option) And Why do Winbox radius login only do chap by default and not settable? (This hits me because I need PAP, ...
by JimmyNyholm
Sat Jan 20, 2018 3:14 pm
Forum: Announcements
Topic: v6.41 [current]
Replies: 304
Views: 77930

Re: v6.41 [current]

If it's critical for you - just stay with 6.40 or earlier :)
:wink: Am doing just that, was just stating the obvious. :D
by JimmyNyholm
Sat Jan 20, 2018 3:04 pm
Forum: General
Topic: Any plans for SD WAN?
Replies: 18
Views: 8173

Re: Any plans for SD WAN?

SD-WAN can balance, prioritice (duplicate packets for guaranteed delivery with lowest possible latency) on multiple encrypted paths and such on applications/steams level. Yes I would love MT to do this but it is currently not possible with the design in current hardware or CPU power and software. Bu...
by JimmyNyholm
Sat Jan 20, 2018 2:47 pm
Forum: General
Topic: Future Request: Enable telnet & winbox services on vrf interfaces/ips
Replies: 1
Views: 837

Re: Future Request: Enable telnet & winbox services on vrf interfaces/ips

I'm told Full VRF mode will be there in V7.

uprf is not vrf enabled either witch is bigger issue for me. renders current vrf pretty much useless.
by JimmyNyholm
Sat Jan 20, 2018 2:43 pm
Forum: General
Topic: Feature request: Virtual Extensible LAN (VXLAN)
Replies: 27
Views: 11130

Re: Feature request: Virtual Extensible LAN (VXLAN)

Hell Yes... The newer chips in switch hardware all ready have hardware tagging enable new software/hardware tagging interface type PLEASE!
by JimmyNyholm
Sat Jan 20, 2018 2:30 pm
Forum: Announcements
Topic: v6.41 [current]
Replies: 304
Views: 77930

Re: v6.41 [current]

Which will disable fastpath on your router, yes!? It won't. TCP MSS has to be adjusted only in the first two packets of each session, and the fasttracking rule only applies on the following ones anyway (TCP state established is reached after the SYN,ACK has been processed). I wasn't talking about f...
by JimmyNyholm
Sat Jan 20, 2018 2:04 pm
Forum: Announcements
Topic: v6.41 [current]
Replies: 304
Views: 77930

Re: v6.41 [current]

The problem is already fixed in 6.42rc.

The workaround is to add TCP MSS rule to your firewall rules
Witch will disable fastpath on your router yes!?
by JimmyNyholm
Fri Jan 12, 2018 11:45 pm
Forum: General
Topic: Please resolve the problem setup
Replies: 2
Views: 768

Re: Please resolve the problem setup

How many neighbours is that?
by JimmyNyholm
Fri Jan 12, 2018 7:31 pm
Forum: General
Topic: ethernet tx/rx too long
Replies: 6
Views: 1748

Re: ethernet tx/rx too long

Someone know what this is? I have it on in 6.41 HapACs connected with Max L2Mtu on sfp to CCRS...
by JimmyNyholm
Fri Jan 12, 2018 6:24 pm
Forum: Announcements
Topic: v6.41 [current]
Replies: 304
Views: 77930

Re: v6.41 [current]

Can someone explain why eoip interface has a l2mtu setting of 65535 in this version and not changeble.

If I do bridging it is this value that is the max l2 recieved right? and it sould after adding headers fragment if outgoing interface after routelookup has a smaller ip mtu?
by JimmyNyholm
Fri Jan 12, 2018 5:33 pm
Forum: Announcements
Topic: Securing your device is important
Replies: 32
Views: 11332

Re: Securing your device is important

Set networks for ALL services even if they are disabled. Set networks for ALL users, with strong passwords. Disable Mac Servers for interfaces that do not need it. Disable IP Neighbour for interfaces that do not need it. IF Deploying Romon consider segment key usage and have different hops for diffe...
by JimmyNyholm
Fri Jan 12, 2018 5:17 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 97329

Re: v6.42rc [release candidate] is released!

Version 6.42rc5 has been released.
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
Please explain.
by JimmyNyholm
Thu Jan 11, 2018 9:27 am
Forum: Forwarding Protocols
Topic: BGP Route Reflectors, how to properly configure??
Replies: 19
Views: 10655

Re: BGP Route Reflectors, how to properly configure??

Others has all ready provided insights to your question. I just had one more. When using MT as a route reflector and if you follow guides that the reflector actually not participating in the data path. MT will only reflect installed routes it can't currently (it has been asked for) be pure reflector...
by JimmyNyholm
Wed Jan 10, 2018 5:37 pm
Forum: SwOS
Topic: VLANS on CRS317-1G-16S+
Replies: 3
Views: 931

Re: VLANS on CRS317-1G-16S+

There is no problem with RouterOs in current version 6.41 as far as I know. I have 20 of them in production and 3 more in a labb doing P switching mpls in hardware on L3 only interfaces. Never se any cpu hit on it as long as you only do stuff that is currenty supported att the hardware offload (swit...
by JimmyNyholm
Mon Jan 08, 2018 10:26 am
Forum: Forwarding Protocols
Topic: Filter For Prefixes Origin My OWn AS Allow
Replies: 1
Views: 302

Re: Filter For Prefixes Origin My OWn AS Allow

Your own as prefixes originated from somewhere in your as comming over ibgp (reflected or meshed) is essential empty of aspath so:

^$
by JimmyNyholm
Sun Jan 07, 2018 3:27 pm
Forum: Forwarding Protocols
Topic: Bonding 2 WAN Connections for faster streaming
Replies: 3
Views: 2142

Re: Bonding 2 WAN Connections for faster streaming

For the second question. Yes to do what ever fashion you have to control both ends of the communication. Off course this doable by overlay over other transports but the above knowledge will take you there. And by saying it is Doable is NOT saying I would recommend it!. Again take the above mentions...
by JimmyNyholm
Sun Jan 07, 2018 3:19 pm
Forum: Forwarding Protocols
Topic: Bonding 2 WAN Connections for faster streaming
Replies: 3
Views: 2142

Re: Bonding 2 WAN Connections for faster streaming

Some one correct me but: I am afraid it it not possible as long as you only have one stream: Bear with me on this one. Not speaking MT just saying: L2 Bond with or without bonding protocol: One Stream has to take the same path as long it is available, this is due to not have packet out of order prob...
by JimmyNyholm
Sun Jan 07, 2018 3:00 pm
Forum: Forwarding Protocols
Topic: OSPF DEFAULT ROUTES
Replies: 3
Views: 564

Re: OSPF DEFAULT ROUTES

This is doable and by reading up on the wiki and underlying linux chains stuff you will be able to. Mangle mark all connections coming in from the other interface, then you can pre or post route change the marked connections going out again. I am only doing pure routing in the isp space. For me this...
by JimmyNyholm
Sun Jan 07, 2018 2:53 pm
Forum: Forwarding Protocols
Topic: OSPF & PPPoE - strange issue
Replies: 2
Views: 556

Re: OSPF & PPPoE - strange issue

pppoe client not getting IP is one problem.

I would say that in this case ospf has nothing to do with it looking at all interfaces in ospf process it is surly down as no IP i assigned.
Your question is not for the Forwarding protocols section i'm afraid.
by JimmyNyholm
Fri Jan 05, 2018 3:25 pm
Forum: Announcements
Topic: v6.41 [current]
Replies: 304
Views: 77930

Re: v6.41 [current]

https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#IGMP_Snooping Reading Wiki and reading Questions here on the Forum. As there is no version setting for IGMP snooping I assume it's on IGMPv2? or is it IGMPv3? It can't be IGMPv1 still? As you se the Confusion is obvious and there is a ton of oth...
by JimmyNyholm
Thu Jan 04, 2018 3:32 pm
Forum: Forwarding Protocols
Topic: CCR1072-1G-8S+ BGP Locking Up
Replies: 11
Views: 1987

Re: CCR1072-1G-8S+ BGP Locking Up

Speculating here but: This sounds not so strange removing the queue will probably do (void, null) on all packages thats are currently in the cue. rendering lost packets for the affected flows and you depend on higher level protocols to recover. Is it the same effect if you pause a queue and then del...
by JimmyNyholm
Tue Jan 02, 2018 8:19 pm
Forum: General
Topic: Users default to no password, and no way to detect it!
Replies: 4
Views: 1167

Re: Users default to no password, and no way to detect it!

There is no problem in the current implementation but there is also not possible to list all users with "full - admin" access and check if the password is set or not.
This makes problems in the Auditing land.
by JimmyNyholm
Sun Dec 31, 2017 4:00 pm
Forum: Forwarding Protocols
Topic: How To Limit ICMP Packets Count !?
Replies: 7
Views: 7719

Re: How To Limit ICMP Packets Count !?

ICMP is a protocol that is needed in core routing.
You should not spend cpu resources on firewall rules for that....


ip settings set icmp-rate-limit=10

Or what ever limit is valid in your env.
by JimmyNyholm
Sun Dec 31, 2017 2:51 pm
Forum: Forwarding Protocols
Topic: BGP traffic out peer priority
Replies: 6
Views: 1801

Re: BGP traffic out peer priority

I like to put it this way: Internet is Asymentric end of discussion. A Router is only using forward lookup (not considering security features, only routing). In BGP you tell Internet how it may reach you. The full view of internet you got when you are multi homed is YOUR view on the internet as a wh...
by JimmyNyholm
Sun Dec 31, 2017 2:28 pm
Forum: Forwarding Protocols
Topic: BGP bug - subtle but problematic issue with communities
Replies: 24
Views: 3202

Re: BGP bug - subtle but problematic issue with communities

What is the status of this Issue. I have not seen (or possibly missed) anything in the change log's.... Can we wrap up 2017 with an update on where we stand?
by JimmyNyholm
Fri Dec 29, 2017 2:51 pm
Forum: Announcements
Topic: v6.41 [current]
Replies: 304
Views: 77930

Re: v6.41 [current]

Go under MPLS and under Forwarding Table. You'll notice two counters for the same thing. One is Bytes and Packets, the other is Hw. Bytes and Packets. I believe that's where you'd look. Also *PLEASE* let me know of your results. I am very interested in seeing this. Here it Goes... YES! It show only...
by JimmyNyholm
Thu Dec 28, 2017 6:49 pm
Forum: Announcements
Topic: v6.41 [current]
Replies: 304
Views: 77930

Re: v6.41 [current]

I have a lab with CRS317-1G-16S+ switches in core network as P routers. With L3 Only links routed within the IGP (OSPF). MPLS is enabled and LDP is distributing lables. Only real traffic entering the switch would be mpls not counting ospf that is cpu bound and probably LDP to but the datapath for re...
by JimmyNyholm
Sun Dec 24, 2017 12:33 am
Forum: Announcements
Topic: v6.41 [current]
Replies: 304
Views: 77930

Re: v6.41 [current]

Please send report to support@mikrotik.com explaining the problem you have and including supout.rif files This is funny !! Can you please explain, when Mikrotik will amend the CRS3xx releases, so that the supout.rif not gets written to volatile memory, but onto flash instead ? Because if the switch...
by JimmyNyholm
Sun Dec 24, 2017 12:22 am
Forum: Announcements
Topic: v6.41 [current]
Replies: 304
Views: 77930

Re: v6.41 [current]

dksoft, anuser, msatter, alexsolovyev, blackbox100, JimmyNyholm - Please send report to support@mikrotik.com explaining the problem you have and including supout.rif files rajo - Does the same issue appear if you set bridge mode back to "none"? panosla - Please note that RouterOS version does not i...
by JimmyNyholm
Sat Dec 23, 2017 1:37 pm
Forum: General
Topic: Feature request: Static DNS NXDOMAIN
Replies: 8
Views: 1458

Re: Feature request: Static DNS NXDOMAIN

Remember that you are incontrol of your own routing domain. Pick an IP from any rfc based internal adress and sinkhole it in your setups this way you may send all unwanted traffic there. And you may later on connect monitoring to get tripwire stuff in action reacting to stuff happening in your netwo...
by JimmyNyholm
Sat Dec 23, 2017 1:25 pm
Forum: Forwarding Protocols
Topic: Multiple AS on single router, possible?
Replies: 3
Views: 476

Re: Multiple AS on single router, possible?

Thank you very much for responding. One more thing I'd like to clarify, any traffic originating from any of the downstream ASes destined towards AS111111 will have both the ASes in the AS path.. right? thank you, To answer that question please show setup. If you have two AS and if you do wish this ...
by JimmyNyholm
Sat Dec 23, 2017 1:14 pm
Forum: Announcements
Topic: v6.41 [current]
Replies: 304
Views: 77930

Re: v6.41 [current]

Upgraded RB2011, hAP, wAP ac, cAP and a RB1100 without issues. But wondering if there is a new way of how I should handle bonding interfaces with vlans? Currently I have two bonding interfaces with two ethernet ports each. On each of the bonds I have severals vlans and the vlans are put on a separa...
by JimmyNyholm
Sat Dec 23, 2017 12:53 pm
Forum: Announcements
Topic: v6.41 [current]
Replies: 304
Views: 77930

Re: v6.41 [current]

I Posted this question in the 41RC channel but I did not get an answer: Now Looking at the released version of 6.41 of RouterOS. if i set: /interface bridge port add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether1 pvid=64 And then look in the switch menu: The sett...
by JimmyNyholm
Sat Dec 23, 2017 11:49 am
Forum: Announcements
Topic: v6.41 [current]
Replies: 304
Views: 77930

Re: v6.41 [current]

How the conversion works when there are two switches in the device and both are in the common bridge? What if there are multiple switch groups within one switch differently bridged with other interfaces? I have thought of this to and if I may speculate: The new bridge per say will use hardware offl...
by JimmyNyholm
Thu Dec 21, 2017 8:11 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 123700

Re: v6.41rc [release candidate] is released! New bridge implementation!

CRS317-1G-16S+RM is powered by a next generation switching chip, giving you wire speed performance for all sixteen 10GbE ports with any Ethernet frame size. New features such as hardware-based Spanning Tree Protocol and Link Aggregation (LACP) provide enhanced protection and true professional perfo...
by JimmyNyholm
Mon Dec 18, 2017 7:31 pm
Forum: General
Topic: HW Offload CRS 2 bridges
Replies: 4
Views: 1538

Re: HW Offload CRS 2 bridges

I do understand but need to ask: Is this by current design in new bridge implementation? Or is it by, how you need to set up the tables in the switch chip? As in: Is it Possible but not implemented or is it a hardware limit and can't be done?
by JimmyNyholm
Mon Dec 18, 2017 7:26 pm
Forum: General
Topic: [exploit-db.com] MikroTik 6.40.5 ICMP - Denial of Service
Replies: 16
Views: 3592

Re: [exploit-db.com] MikroTik 6.40.5 ICMP - Denial of Service

Description: This could allow attacker(in your lan) to exhaust all available CPU and crash the kernel via a flood of ICMP packets with forged source IP addresses associated with the public Internet without fast connection. If you launch the exploit with local IP addresses, the router can handle the...
by JimmyNyholm
Mon Dec 18, 2017 11:13 am
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 123700

Re: v6.41rc [release candidate] is released! New bridge implementation!

In this new bridge implementation what is Actually correct. [admin@MikroTik] /interface ethernet switch port> print Flags: I - invalid # NAME SWITCH VLAN-MODE VLAN-HEADER DEFAULT-VLAN-ID INGRESS-RATE EGRESS-RATE 0 sfp-sfpplus2 switch1 secure leave-as-is 1 5.0Mbps 15.0Mbps 1 sfp-sfpplus3 switch1 secu...
by JimmyNyholm
Sun Dec 17, 2017 6:51 pm
Forum: General
Topic: Mikrotik - limitations for enterprise solutions
Replies: 16
Views: 8532

Re: Mikrotik - limitations for enterprise solutions

There is a question bothering me with all this BGP single core issue. So it takes a longer time to get full BGP tables because of this single core. But after that, where comes this single core issue into play since there are only updates beyond that point which I assume do not saturate that core? A...
by JimmyNyholm
Wed Dec 13, 2017 11:48 pm
Forum: Forwarding Protocols
Topic: Proper application advice for ospf
Replies: 2
Views: 364

Re: Proper application advice for ospf

If you will use RouterOS MT's on both ends go with /32's and reuse the same lokal IP on all interfaces on one device. That way you have no IP spill at all.

In the interconnecting path to other brand then /30 nets to them is what is needed but in that path ONLY.... MT2MT use the powers of the OS.
by JimmyNyholm
Sat Dec 09, 2017 2:03 pm
Forum: Forwarding Protocols
Topic: Blocking Private ASN inbound
Replies: 7
Views: 999

Re: Blocking Private ASN inbound

So i changed the rule to add action=discard bgp-as-path="^(6451[2-9]|645[2-9][0-9]|64[6-9][0-9]{2}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])_*" chain=XO_In Just a quick thought isn't the ^ in your regexp anchoring in the beginning of the string? use a $ at the end for searching at the end for origin...
by JimmyNyholm
Thu Nov 30, 2017 4:46 pm
Forum: Announcements
Topic: v6.40.5 [current]
Replies: 82
Views: 25257

Re: v6.40.5 [current]

CRS317-1G-16S+ switch menu shows no ports is this normal?
by JimmyNyholm
Wed Nov 29, 2017 11:04 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 123700

Re: v6.41rc [release candidate] is released! New bridge implementation!

New bridge implementation need: Hardware LACP bonding. Hardware setting per port of learning mode for mac-adresses max number and what to do when max is reached and or port/device restarted. per port ingress and egress hardware rate limiting. dhcp snooping with guard arp snooping with guard Option t...
by JimmyNyholm
Mon Nov 27, 2017 12:01 pm
Forum: Virtualization
Topic: CHR suggestions for new functionality
Replies: 157
Views: 32411

Re: CHR suggestions for new functionality

Please add Metarouter
VM inside VM? Are you serious?
Servers have had hardware support for this for ages. It is actually not as bad as it first sounds, but as always it depends on the application.
by JimmyNyholm
Thu Nov 16, 2017 5:26 pm
Forum: Forwarding Protocols
Topic: BGP, OSPF, SNMP, Winbox.... QUEUEs
Replies: 0
Views: 349

BGP, OSPF, SNMP, Winbox.... QUEUEs

Hi I'm going out of my comfort zone here and need your help or advice. Having MT as CPE on customer that is out of blue using all avail bandwith (witch they should be able to do) renders protocols and management tools erradic to say the least. I thought I may ask what is your recommendation as to qu...
by JimmyNyholm
Fri Nov 10, 2017 11:34 am
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 123700

Re: v6.41rc [release candidate] is released! New bridge implementation!

When do we get LACP with Hardware offload in this new bridge implementation in routeros on switch devices such as CRS326-24G-2S+ and CRS-317-1G-16s+
Creating a bond and attaching it to the bride is done in software now and good know the cpu's in the switches is weak as hell.
by JimmyNyholm
Tue Nov 07, 2017 1:38 pm
Forum: RouterBOARD hardware
Topic: CRS MAC address learning problem
Replies: 11
Views: 3230

Re: CRS MAC address learning problem

It works from command line interface, but the input field in Winbox is not fixed yet. It will be done soon.
Any chanse this comming to CRS317 but I want to set the limit to say 5 per port?
by JimmyNyholm
Sun Nov 05, 2017 2:44 pm
Forum: Forwarding Protocols
Topic: OSPF cost on dynamic interfaces
Replies: 6
Views: 2307

Re: OSPF cost on dynamic interfaces

12:48:39 script,info Interface to remove: *f00135 12:48:39 script,info Interface ID: *14;Interface ID: *15;Interface ID: *16;Interface ID: *1019E238 For what reasons command "find interface=$interface" returns all interfaces? What's wrong? My board is RB1100AHx2 and version is 6.40.3. I'm definitel...
by JimmyNyholm
Sun Nov 05, 2017 2:29 pm
Forum: General
Topic: Feature Request: Hardware NAT
Replies: 18
Views: 7123

Re: Feature Request: Hardware NAT

But wait NO.... Don't get me wrong here. I'm all for doing stuff in asic/fpga instead of cpu... But providers doing NAT?! Please don't IPv4 space is scarce I know but: Please make IPV6 work so we may sooner then later shut down ipv4 and be gone with all nat that is breaking all kind of protocols. We...
by JimmyNyholm
Sun Nov 05, 2017 12:18 pm
Forum: Announcements
Topic: v6.40.4 [current]
Replies: 103
Views: 25731

Re: v6.40.4 [current]

But Mikrotik changed something in ROS, because till version I could setup OSPF with: - network type: broadcast - network x.x.x.x/24 backbone But now I had to modify my configuration due to version over 6.40.0 as below: - network type: point-to-point - network x.x.x.x/32 backbone And the question is...
by JimmyNyholm
Sat Nov 04, 2017 4:32 pm
Forum: Announcements
Topic: Winbox 3.11 released!
Replies: 94
Views: 285728

Re: Winbox 3.11 released!

Jimmy, I did /ip neighbor export on one that works and one that doesn't and they both show up as discovery=no? SO they appear to be the same there anyway. The interfaces that you need the router to be found on should not be in list as discovery=no. /ip neighbor discovery print will print you all in...
by JimmyNyholm
Fri Nov 03, 2017 5:41 pm
Forum: Forwarding Protocols
Topic: Advanced BGP Setup
Replies: 4
Views: 1047

Re: Advanced BGP Setup

And chains can point to chains in the matching process....
by JimmyNyholm
Fri Nov 03, 2017 4:27 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 123700

Re: v6.41rc [release candidate] is released! New bridge implementation!

What's new in 6.41rc50 (2017-Oct-30 10:13): *) radius - limited RADIUS timeout maximum value to 3 seconds; do not do this, our system on average 1~5 seconds to process the radius package please leave this field customizable +1 we are using OTP that validates a bit slow sometimes we want 10 seconds....
by JimmyNyholm
Mon Oct 30, 2017 8:44 pm
Forum: RouterBOARD hardware
Topic: Paid VPN service Nord VPN
Replies: 16
Views: 11005

Re: Paid VPN service Nord VPN

Hello, thank you for using NordVPN service. OpenVPN will not be possible to set up due to technical reasons - our service does not use user certificate for the authentication. Nevertheless, it would be a shame if you could not use great features that we offer due to the setup issues. That is why we...
by JimmyNyholm
Mon Oct 30, 2017 8:31 pm
Forum: General
Topic: Ipsec Site to Site, again...
Replies: 14
Views: 1850

Re: Ipsec Site to Site, again...

I Could say that everyone so far have missed the real question. What do you want? IF you want traffic from both network should route with out any nat. (Then add routes, rules and make nat rules tighter so they only trigger on wan destined traffic and not ipsec tunnel traffic) IF you want an office i...
by JimmyNyholm
Mon Oct 30, 2017 8:15 pm
Forum: General
Topic: Firewall filter rules to allow incoming IPSec packets - are they really needed?
Replies: 4
Views: 1459

Re: Firewall filter rules to allow incoming IPSec packets - are they really needed?

ISAKMP Ike is Using udp500 to handle key setup (This is only needed if you use ike) NAT-T Traversal UDP Encapsulation is using UDP4500 (This is only needed if you need to support NAT) IPSEC can't function over NAT. Here UDP Encapsulated IPSEC packets may be used. Depending on what types of IPSEC you...
by JimmyNyholm
Mon Oct 30, 2017 7:21 pm
Forum: Forwarding Protocols
Topic: best path choose wrongly
Replies: 9
Views: 855

Re: best path choose wrongly

see one of my upstream is ddos protected and the other one is not. i announce /23 to my primary upstream and announce 1x /24 to my ddos protected upstream(because i want one of my 24 will be ddos protected and the other one keep in primary uplink) but right now when i send test attack to my /24 i s...
by JimmyNyholm
Mon Oct 30, 2017 6:57 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 123700

Re: v6.41rc [release candidate] is released! New bridge implementation!

Hardware offload for Vlans using the bridge ports on CRS212 does not seem to work? /interface bridge add igmp-snooping=no name=bridge1 add igmp-snooping=no name=bridge2 /interface vlan add interface=sfp10 name=sfp10-vlan100 vlan-id=100 add interface=sfp10 name=sfp10-vlan101 vlan-id=101 /interface b...
by JimmyNyholm
Sun Oct 29, 2017 9:03 pm
Forum: SwOS
Topic: 16/32/48 ports
Replies: 51
Views: 20168

Re: 16/32/48 ports

ok, working on it
horray.. :D

thanks MikroTik.
but no promises! I'm just saying we will consider the possibilities
We Need Fiber Dense ie: 40 sfp and 4sfp+ line rate. Aggregate 40 1g fibers to 4 10g fibers. redundant psu's like CRS317-40S-4S+RM / Dualbooting routeros and switchos offcource.
by JimmyNyholm
Sun Oct 29, 2017 8:35 pm
Forum: Announcements
Topic: Winbox 3.11 released!
Replies: 94
Views: 285728

Re: Winbox 3.11 released!

I have a dozen or so RB3011 routers in service and have GRE tunnels to each from our main location. But when I open Winbox there are a couple of routers that do not show up in my router list, either by MAC or IP address. As far as I can tell they are set up like all of the rest, but those two don't...
by JimmyNyholm
Fri Oct 20, 2017 6:27 pm
Forum: Announcements
Topic: v6.40.4 [current]
Replies: 103
Views: 25731

Re: v6.40.4 [current]

Did the handling of default routes in OSPF change from 6.40.3 to 6.40.4?! We upgraded everything from 6.40.3 last night. All routes are distributed as Type 1, and with the devices in question, all links have the same default cost (10). But for some reason, after upgrading to 6.40.4, some of our rou...
by JimmyNyholm
Fri Oct 20, 2017 6:19 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 123700

Re: v6.41rc [release candidate] is released! New bridge implementation!

In RouterOS v6.41 everything QinQ related has to configured with bridge "vlan-filtering=no" using VLAN interfaces and their "use-service-tag" option.
And if one do that all qinq switching will get software switched or what?
by JimmyNyholm
Thu Oct 19, 2017 6:08 pm
Forum: Announcements
Topic: RouterOS (v6.39.3, v6.40.4, v6.41rc) NOT affected by WPA2 vulnerabilities
Replies: 58
Views: 105563

Re: RouterOS NOT affected by WPA2 vulnerabilities

You can fix the 4-way handshake issue either at the client side or at the Access Point side. ... So it's good practice to also fix it at the AP side:-). Wrong!!! KRACK is a pure client-side attack. Patching AP will give you nothing. Worse!!! Patching AP will just give some people false sense of sec...
by JimmyNyholm
Tue Oct 17, 2017 10:06 am
Forum: Forwarding Protocols
Topic: OID's BGP session status
Replies: 4
Views: 940

Re: OID's BGP session status

MT will correct me if I'm wrong but there is what's in Version6 snmp taken from the wiki. MIBs used in RouterOS v6.x: MIKROTIK-MIB MIB-2 HOST-RESOURCES-MIB IF-MIB IP-MIB IP-FORWARD-MIB IPV6-MIB BRIDGE-MIB DHCP-SERVER-MIB CISCO-AAA-SESSION-MIB ENTITY-MIB UPS-MIB SQUID-MIB Don't See any bgp mib there ...
by JimmyNyholm
Tue Oct 17, 2017 9:56 am
Forum: Announcements
Topic: v6.40.4 [current]
Replies: 103
Views: 25731

Re: v6.40.4 [current]

HI
telnet button in webfig not work.

tools - telnet
and
http://192.168.88.1/webfig/#IP:Neighbors.Neighbors.1
button "telnet" and "MAC Telnet"
Are you running MAC with HighSierra? If so you do no longer have telnet on the computer. Brew can reinstall it if you realy need it.
by JimmyNyholm
Mon Oct 16, 2017 11:45 pm
Forum: Announcements
Topic: RouterOS (v6.39.3, v6.40.4, v6.41rc) NOT affected by WPA2 vulnerabilities
Replies: 58
Views: 105563

Re: RouterOS NOT affected by WPA2 vulnerabilities

Thanks for fast and clear information.
by JimmyNyholm
Fri Oct 13, 2017 8:46 pm
Forum: Forwarding Protocols
Topic: Feature request: BGP flowspec (RFC5575)
Replies: 24
Views: 6700

Re: Feature request: BGP flowspec (RFC5575)

+1 Big Transit providers in Sweden Doe's it.
by JimmyNyholm
Wed Oct 11, 2017 1:57 pm
Forum: Forwarding Protocols
Topic: IPv6 Settings disables eBGP
Replies: 7
Views: 635

Re: IPv6 Settings disables eBGP

There are some restrictions with bgp and ipv6 currently but please explain what you do/see. give config example. Give us as much info as possible and we can help you hammer out the problem.
by JimmyNyholm
Mon Oct 09, 2017 10:43 pm
Forum: Forwarding Protocols
Topic: BGP Multihoming with two peers
Replies: 1
Views: 797

Re: BGP Multihoming with two peers

If you want to influence how other se you anounced routes: add prepends for example. If you want to influence how your own organisation elect between other means identical routes: use weight. Routing on the internet IS asymetric. You may only ASK of others how you want them to reach you but they are...
by JimmyNyholm
Fri Oct 06, 2017 10:22 pm
Forum: Announcements
Topic: Dual band AP for home use, SSID same or different?
Replies: 62
Views: 32666

Re: Dual band AP for home use, SSID same or different?

That Depends. If features such as Bandstearing or BandBalancing and ChannelFly and other stuff is implemented to overcome bad clients with bad roaming in crowed space then I would say Same SSID. Without the mentioned features I would vote for Specific SSIDs for 2 and 5 Ghz. and at the same time vote...
by JimmyNyholm
Fri Oct 06, 2017 2:35 pm
Forum: General
Topic: Feature request: BGP dampening
Replies: 9
Views: 4002

Re: Feature request: BGP dampening

+1 This would be very welcome.
by JimmyNyholm
Fri Oct 06, 2017 11:51 am
Forum: General
Topic: Feature Request - DNS txt records support
Replies: 4
Views: 937

Re: Feature Request - DNS txt records support

And Fetch supports https already unless there is a specific thing you are referring to that it does not specifically do.
Ohh.. Thanks for pointing out. Is it in bugfix yet.... Yes it was... thanks again for pointing that out.
by JimmyNyholm
Fri Oct 06, 2017 10:25 am
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 123700

Re: v6.41rc [release candidate] is released! New bridge implementation!

In ROS this 6.41rc (38) branch with new bridge implementation with (H)ard ware flag. if I want to use switch chip's filter function. is this rules applied to (I want the Silicon Hardware ones...) /interface/bridge/filter or /interface/ethernet/switch/rule Am I right to believe that the switch menu w...
by JimmyNyholm
Thu Oct 05, 2017 10:42 pm
Forum: Beginner Basics
Topic: Help! Replace Cisco to Mikrotik RB3011UiAS (arm)
Replies: 1
Views: 332

Re: Help! Replace Cisco to Mikrotik RB3011UiAS (arm)

Have you Started winbox trying to replace your config? What it says is that you have a nat all open no security wan outside lan inside with two more black networks behind another router on lan. The design is extremly simple to do, point and click in webb or using winbox gui even mt shell is nice if ...
by JimmyNyholm
Thu Oct 05, 2017 3:04 pm
Forum: Forwarding Protocols
Topic: OSPF Multi-instance network.
Replies: 2
Views: 536

Re: OSPF Multi-instance network.

Overlapping require VRF. Vrf is not implemented totally in mt as of yet but depending on what you want to achieve it may be possible. Please Elaborate and ZeroByte and I can maybe help better answer the question.
by JimmyNyholm
Thu Oct 05, 2017 2:07 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 123700

Re: v6.41rc [release candidate] is released! New bridge implementation!

Is it me or how do I search for learned mac-addresses with this new bridge implementation. Host table is almost always empty but local mac's but everything works. This has been the same all this 41rc branch.... Is there a way to increase timeout on learning ( I have also asked for the option to disa...
by JimmyNyholm
Sun Oct 01, 2017 12:06 pm
Forum: General
Topic: multiple VLANs one interface from ISP switch vs bridge [SOLVED]
Replies: 8
Views: 1392

Re: multiple VLANs one interface from ISP switch vs bridge [SOLVED]

Add vlan 100 in the mt switch and tag only outside port and cpu. Now that 100 vlan will be sent to RouterOS with vlan id 100. Add vlan interface 100 to bridge1 in routeros add ppoe client on vlan 100 Set what ever L3 ip info and other stuff for lan side making MT L2 shining for the stuff you dont ca...
by JimmyNyholm
Sun Oct 01, 2017 11:53 am
Forum: General
Topic: Suggestion: VPN profile selected from radius response
Replies: 4
Views: 1516

Re: Suggestion: VPN profile selected from radius response

Short I have not tested IT. The Wiki States on: ( https://wiki.mikrotik.com/wiki/Manual:RADIUS_Client ) "RouterOS has a RADIUS client which can authenticate for HotSpot, PPP, PPPoE, PPTP, L2TP and ISDN connections. The attributes received from RADIUS server override the ones set in the default profi...
by JimmyNyholm
Sun Oct 01, 2017 11:19 am
Forum: General
Topic: Feature Request - DNS txt records support
Replies: 4
Views: 937

Re: Feature Request - DNS txt records support

I see your point but depending on infrastructure it would perhaps be less secure putting this in the DNS than for say a file on web or ftp server. Pros being DNS is redundant and caching by nature but this pro may even be a con, due to the fact that even though you would reach stuff through any kind...
by JimmyNyholm
Sat Sep 30, 2017 8:46 pm
Forum: RouterBOARD hardware
Topic: CRS326-24G-2S+RM fans
Replies: 18
Views: 4400

Re: CRS326-24G-2S+RM fans

here you can find photos and a small post on the CRS326 and the marvell SOCs used in it. https://tikguy.wordpress.com/2017/08/17/meet-the-crs326-24g-2srm/ 802.1ae MACSec support – to provide effortless link level encryption And it would be nice if RouterOS actually implemented all the bells and whi...
by JimmyNyholm
Sat Sep 30, 2017 8:33 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 123700

Re: v6.41rc [release candidate] is released! New bridge implementation!

Hw. Offload After reboot I have this in log... hardware offloading activated on bridge "bridge1" ports: wlan1,ether2 hardware offloading activated on bridge "bridge1" ports: wlan1,ether3 But port wlan1 status is inactive and not Hw. Offload... Is is correct? Flags: X - disabled, I - inactive, D - d...
by JimmyNyholm
Sun Sep 24, 2017 10:49 am
Forum: Forwarding Protocols
Topic: OSPF router ID
Replies: 5
Views: 833

Re: OSPF router ID

and set interface to p2p passive. Include ip in the networks tab verify ospf interface up. Done. Hi, for using loopback in ospf network should i use P2p network type ? I just add loopbackip to ospf network as backbone and its come automatically to ospf interface as dnymic passive. thanks The networ...
by JimmyNyholm
Fri Sep 22, 2017 12:36 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 123700

Re: v6.41rc [release candidate] is released! New bridge implementation!

The previous switch settings supported MAC learning limits: /interface ethernet switch port set ether6 learn-limit=1 set ether7 learn-limit=1 Is this feature still available with the new bridge implementation? Not as faar as I can se for the moment.. And while we speak of it would it be Possible to...
by JimmyNyholm
Thu Sep 21, 2017 2:17 pm
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 154934

Re: RouterOS v7.0 beta1 - when?

An alfa to play in the lab would be most welcome.....
by JimmyNyholm
Thu Sep 21, 2017 12:59 pm
Forum: Forwarding Protocols
Topic: OSPF router ID
Replies: 5
Views: 833

Re: OSPF router ID

and set interface to p2p passive.
Include ip in the networks tab
verify ospf interface up.

Done.
by JimmyNyholm
Tue Sep 19, 2017 8:11 pm
Forum: Forwarding Protocols
Topic: OSPF across VLANS not making sense
Replies: 8
Views: 6798

Re: OSPF across VLANS not making sense

And enable ospf logging if all else fails.
by JimmyNyholm
Tue Sep 19, 2017 7:11 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 123700

Re: v6.41rc [release candidate] is released! New bridge implementation!

Just to be on the safe side. Running CRS317-1G-16+ On the 6.41rc30 looking in switch menu there is no ports and no switch is that correct? The New implementation is doing "switchy stuff" in bridge section but should I make switch settings in switch section and does that work when Ros doesn't find an...
by JimmyNyholm
Tue Sep 19, 2017 6:59 pm
Forum: RouterBOARD hardware
Topic: CRS317-1G-16S+RM - VLans not configurable [SOLVED]
Replies: 16
Views: 5201

Re: CRS317-1G-16S+RM - VLans not configurable [SOLVED]

Hardware mpls offload look prommising.... think of the system as control plane / dataplane if you have slow cpu but some memory you can run protocols and get ldp running in the "control plane" but ingress and egress processing would be soly mpls label switching one will have to se what is lying roun...
by JimmyNyholm
Mon Sep 18, 2017 12:14 am
Forum: RouterBOARD hardware
Topic: CRS317-1G-16S+RM - VLans not configurable [SOLVED]
Replies: 16
Views: 5201

Re: CRS317-1G-16S+RM - VLans not configurable [SOLVED]

I want to use RouterOS due to wanting to have one management experience. And using it as mpls lsr doing hardware routing/switching purly based on mpls tags. Backbone functionality such as igp and ldp (control plane stuff) would then be handled by the cpu but that should not be any problem as all dat...
by JimmyNyholm
Sun Sep 17, 2017 1:59 pm
Forum: General
Topic: Log Server
Replies: 11
Views: 2449

Re: Log Server

i've been asked to create a log server and save customers activity to it what type of software i need to get this job done i have to keep the activity based on specific ip address and by PPPOE username any help about such thing new to me is appreciated thx And just to say to get the jobb done if co...
by JimmyNyholm
Sun Sep 17, 2017 1:52 pm
Forum: General
Topic: Log Server
Replies: 11
Views: 2449

Re: Log Server

500MB is quit a big log file. I have some Mikrotiks, Windows server, Linux Server. IP Phone, some Axis camera, UPS and some other stystem. All i logged inn to Splunk. When install, you get full version for one month, to test all functions. After that you convert it to free lisenes. You only need to...
by JimmyNyholm
Sun Sep 17, 2017 1:32 pm
Forum: Virtualization
Topic: CHR re-enabling DHCP client on each reboot
Replies: 6
Views: 917

Re: CHR re-enabling DHCP client on each reboot

The new ova should be right have not tested it. but with my earlier chr's it was a must to convert to scsi to get config written to disc survive reboots.
by JimmyNyholm
Sun Sep 17, 2017 11:27 am
Forum: RouterBOARD hardware
Topic: CRS317-1G-16S+RM - VLans not configurable [SOLVED]
Replies: 16
Views: 5201

Re: CRS317-1G-16S+RM - VLans not configurable [SOLVED]

Ports is empty in winbox and cli for the latest RC as well.
by JimmyNyholm
Sun Sep 17, 2017 11:25 am
Forum: Virtualization
Topic: Problem CPU CHR 100 % whit 27 GHZ xeon processor
Replies: 36
Views: 5390

Re: Problem CPU CHR 100 % whit 27 GHZ xeon processor

I tried CCR1072-1G-8S +, 100% cpu with various continuous ppp disconnects, removed after 10 min For network instability Are you updating your igp or even worse egp with every pppoe connect/disconnect? If so this is where all your problem lie. filter out the samll ppp prefixes and just anounce a agg...
by JimmyNyholm
Fri Sep 15, 2017 2:47 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 123700

Re: v6.41rc [release candidate] is released! New bridge implementation!

What's new in 6.41rc26 (2017-Sep-07 13:26): *) crs317 - added initial support for HW offloaded MPLS forwarding; Is this gona be not bridged intefaces can hardware switch depending on label but ldp is running on ip so one would have to configure ip adresses and a routing protocol say ospf to get rou...
by JimmyNyholm
Fri Sep 15, 2017 11:24 am
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 123700

Re: v6.41rc [release candidate] is released! New bridge implementation!

JimmyNyholm - Did this happen when you used 6.41rc28? Yes! admin@MikroTik] > system package print Flags: X - disabled # NAME VERSION SCHEDULED 0 routeros-arm 6.41rc28 1 system 6.41rc28 2 X ipv6 6.41rc28 3 X wireless 6.41rc28 4 X hotspot 6.41rc28 5 X dhcp 6.41rc28 6 mpls 6.41rc28 7 routing 6.41rc28 ...
by JimmyNyholm
Wed Sep 13, 2017 1:51 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 123700

Re: v6.41rc [release candidate] is released! New bridge implementation!

Got my first Batch of CRS317-1G-16S+ 's unpacking the first and trying out this test version. Connected Copper (1g) and startet winbox clearing conf. Looking around and tried to change l2mtu. /interface ethernet set l2mtu=10000 numbers=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 Boom ether1 stoped working (...
by JimmyNyholm
Tue Sep 12, 2017 3:01 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 123700

Re: v6.41rc [release candidate] is released! New bridge implementation!

Passthrough is not currently supported on SXT LTE and we do not have plans to implement such functionality in near future.
Thanks for the elaboration.

Looking at the SXT LTE device it is the perfect fit for this function. We will buy many more of these units when this is available.
by JimmyNyholm
Mon Sep 11, 2017 4:32 pm
Forum: Forwarding Protocols
Topic: OSPFv3 prefix filtering (distribute list)
Replies: 6
Views: 916

Re: OSPFv3 prefix filtering (distribute list)

Could be that question was asked how to set their own OSPFv3 filter chains, and answer was that such feature is not implemented. Yes. That was the question. The answer was right one, that is not what is in question. But a proper response would have been something like (ie: not holding back vital in...
by JimmyNyholm
Mon Sep 11, 2017 4:15 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 123700

Re: v6.41rc [release candidate] is released! New bridge implementation!

is there any news about SXT LTE? Your question was already answered! Unfortunately, currently SXT LTE does not support passthrough mode. Normis could you Elaborate. Your answer and Wiki is ambiguous: Saying It's not supported and it can not be done due to hardware limitations. OR It is currently no...
by JimmyNyholm
Sat Sep 09, 2017 7:16 pm
Forum: Forwarding Protocols
Topic: OSPFv3 prefix filtering (distribute list)
Replies: 6
Views: 916

Re: OSPFv3 prefix filtering (distribute list)

OSPFv3 routes can be fildered in default OSPF chains. However you cannot change to different chains as it is in OSPFv2. Ohh MRZ! This is new to me as when I asked its not implemented at all. What you now say if i use the default ospf chain (even though i can't point to it in the instance) it will b...
by JimmyNyholm
Sun Sep 03, 2017 8:50 pm
Forum: Forwarding Protocols
Topic: OSPFv3 prefix filtering (distribute list)
Replies: 6
Views: 916

Re: OSPFv3 prefix filtering (distribute list)

We are told that ospfv3 filtering is not to be expected before V7.

Any news on this MT? Is the V7 plan the definitive answer or whats is hindering you fixing filtering for ospv3 deamon?
by JimmyNyholm
Sun Sep 03, 2017 8:39 pm
Forum: Forwarding Protocols
Topic: IPv6 recursive nexthops via iBGP
Replies: 108
Views: 23712

Re: IPv6 recursive nexthops via iBGP

Hi. RR's need not to be in data path (most often aren't) so please consider your own setup before fiddeling with above statement. ahem, the nexthop delivered by RRs was not implying the nexthop in fact is the RR, in fact the nexthop is usually the IP set by "next-hop self" (or similar) by BGP-route...
by JimmyNyholm
Sun Sep 03, 2017 1:31 pm
Forum: Forwarding Protocols
Topic: IPv6 recursive nexthops via iBGP
Replies: 108
Views: 23712

Re: IPv6 recursive nexthops via iBGP

Hi. RR's need not to be in data path (most often aren't) so please consider your own setup before fiddeling with above statement.

@Mikrotik please fix IPV6 it is 2017 after all and Ipv4 is getting more and more expensive.
by JimmyNyholm
Fri Sep 01, 2017 5:45 pm
Forum: SwOS
Topic: SwOS MTU
Replies: 7
Views: 3067

Re: SwOS MTU

Is it me or do we miss MTU Settings?
You´re looking for an option to allow "jumbo frames", i.e. set a higher value for MTU?
Yes thats correct...
by JimmyNyholm
Fri Sep 01, 2017 5:08 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 123700

Re: v6.41rc [release candidate] is released! New bridge implementation!

Unfortunately, currently SXT LTE does not support passthrough mode. irghost - What is the question about SXT LTE? Are you referring to Passthrough support? if you do, then take a look at this list: https://wiki.mikrotik.com/wiki/Supported_Hardware#4G_LTE_cards_and_modems Is there a plan for this or...
by JimmyNyholm
Sun Aug 20, 2017 7:06 pm
Forum: General
Topic: VLAN Q-in-Q mikrotik
Replies: 3
Views: 1878

Re: VLAN Q-in-Q mikrotik

Just create a S vlan on the fiber link
create a bridge add the reciving ethernet port and the svlan as port to bridge.
Done:

untaged and taged ethernet packets will get extra stag over the fiber.
by JimmyNyholm
Fri Aug 18, 2017 5:19 pm
Forum: General
Topic: /tool email
Replies: 5
Views: 778

Re: /tool email

Thanks for the swift respons. I was fault in my belefs that the smtp was open for relay.
Enable log category made that one clear. And made me painfully aware of what i should have looked at in the first place.

Thanks Again.
by JimmyNyholm
Fri Aug 18, 2017 4:28 pm
Forum: General
Topic: /tool email
Replies: 5
Views: 778

Re: /tool email

Is it me or is something broken. tool email send complains about to adress not valid (i've written our noc addres with and without " with and whouth <> its an ordinary something@somewhere.se whats the problem with that. Searching in the Logs at the smtp server tells me that the MT has not even trie...
by JimmyNyholm
Fri Aug 18, 2017 4:23 pm
Forum: General
Topic: /tool email
Replies: 5
Views: 778

/tool email

Is it me or is something broken. tool email send complains about to adress not valid (i've written our noc addres with and without " with and whouth <> its an ordinary something@somewhere.se whats the problem with that. Searching in the Logs at the smtp server tells me that the MT has not even tried...
by JimmyNyholm
Thu Aug 17, 2017 11:29 am
Forum: Forwarding Protocols
Topic: BGP not trying to reconnect more than once
Replies: 10
Views: 1964

Re: BGP not trying to reconnect more than once

I've seen it to but then again the other side is passive. if the syn packet get lost then the process is stuck it's not obeying syn timeout and resetting itself and trying again.
by JimmyNyholm
Sat Aug 12, 2017 2:06 pm
Forum: Announcements
Topic: Newsletter 77
Replies: 40
Views: 14172

Re: Newsletter 77

Still no info about CRS328-24P-4S+RM... Looks like we have to keep patient. :o Or what about CRS328-48S-4S+RM Need More Fiber ports with decent ratio on uplink. 1:1 as in 10s-1s+ is good but it's to expensive per port and takes up to much space with to little work done. 1U is expensive in telecom c...
by JimmyNyholm
Sat Aug 12, 2017 1:00 pm
Forum: Forwarding Protocols
Topic: OSPF Overwrites End User Public IP
Replies: 8
Views: 806

Re: OSPF Overwrites End User Public IP

Hi this is just my gues: 1. You begin your post saying we went from bridge to routed ospf fine: (That is L2 -> L3) 2. Ospf changes traffic source ip's? No tis is not possible for ospf to do it is a routing protocol talking to other routers modifying the local routers routing table. My Conclusion the...
by JimmyNyholm
Thu Aug 10, 2017 5:50 pm
Forum: Forwarding Protocols
Topic: BGP not advertising routes
Replies: 7
Views: 2144

Re: BGP not advertising routes

The routes that are recieved will be announced to an Ibgp peer (requiring full mesh of all ibgp routers). Only active will be anounced from i ibgp route reflect perspective when using RR. the ebgp perspective is controlled by the networks statments in the bgp instance. Syncronice controlling that ne...
by JimmyNyholm
Fri Aug 04, 2017 12:22 am
Forum: General
Topic: RPKI
Replies: 30
Views: 5719

Re: RPKI

+1 Any day now....
by JimmyNyholm
Sun Jul 30, 2017 6:58 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 123700

Re: v6.41rc [release candidate] is released! New bridge implementation!

JimmyNyholm, a Cisco trunk port will pass both tagged or untagged traffic depending on the allowed VLAN list assigned to the trunk port (by default all VLANs are allowed). This is the "hybrid" behavior you're describing. Leaving the native VLAN routable on trunks is what exposes people to double ta...
by JimmyNyholm
Sun Jul 30, 2017 3:11 pm
Forum: Forwarding Protocols
Topic: filter rule for priority of traffic bgp
Replies: 1
Views: 506

Re: filter rule for priority of traffic bgp

The short answer: You can't! But here it goes once more. Internet routing is asyncronus. BGP is the protocol to tell others how to reach you (Announcements) and others to tell you how to reach them. the soup is called your point of view of the internet and the other ones point of view of the interne...
by JimmyNyholm
Sun Jul 30, 2017 2:52 pm
Forum: Forwarding Protocols
Topic: Feature request: BGP flowspec (RFC5575)
Replies: 24
Views: 6700

Re: Feature request: BGP flowspec (RFC5575)

+100 RFC's are set, others have it implemented other isp's and transits are providing it we need this to stay on the target with the industry. First support for the new nlri to validate, accept and forward them. Then ability to form rules and actually act and influence traffic flow. But that can com...
by JimmyNyholm
Sat Jul 29, 2017 1:51 pm
Forum: Announcements
Topic: The Dude, v6.39rc test builds.
Replies: 121
Views: 28562

Re: The Dude, v6.39rc test builds.

joanllopart - I'm not sure about Cacti, but in RouterOS - graph is made from 5 min average data rate. What is polling interval in your Dude graph ? We imported from 4.0beta3 where graphs has been working fine. I noticed issues with graphs maybe at 6.38. Now graphs ara wrong, specially when they are...
by JimmyNyholm
Sat Jul 29, 2017 1:21 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 123700

Re: v6.41rc [release candidate] is released! New bridge implementation!

Vlan is Hard to understand IF you used HP as they use the term tag/untagged (Their Ports are all hybrid and can't be trunk or access from the cisco perpspective.) AccessPort = A port that is only accepting untaged frames on ingress and only output untaged frames on egress. All other frametypes is si...
by JimmyNyholm
Sat Jul 29, 2017 12:26 pm
Forum: SwOS
Topic: SwOS MTU
Replies: 7
Views: 3067

SwOS MTU

Is it me or do we miss MTU Settings?
by JimmyNyholm
Sat Jul 29, 2017 12:24 pm
Forum: SwOS
Topic: CRS326-24G-2S+RM Where is CRS326-24S-2S+RM
Replies: 3
Views: 1249

Re: CRS326-24G-2S+RM Where is CRS326-24S-2S+RM

Sure 16s+ is about to be released But I was asking for 1Gbit not 10Gbit with standard oversubscription levels 24 -> 20 One 16s+ switch could aggregate 4 24s switches (if we had one) and still have ports available to core connection without inducing Oversubscription in the aggregation layer. I need M...
by JimmyNyholm
Thu Jul 27, 2017 8:55 am
Forum: Forwarding Protocols
Topic: OSPF vs BGP route of the same
Replies: 2
Views: 1118

Re: OSPF vs BGP route of the same

All routes learned will be installed. If they are used is a mater of best path evaluation.

instance settings will let you influence all metrics and such but I'm afraid this is a whole other horse read up on OSPF and BGP then will we all be happy to discuss Mikrotik implementation of such.
by JimmyNyholm
Sat Jul 22, 2017 1:10 am
Forum: Forwarding Protocols
Topic: Remove non-private AS from incoming prefix or the the outgoing peer
Replies: 4
Views: 680

Re: Remove non-private AS from incoming prefix or the the outgoing peer

Ugly but: Shouldn't an export to an ospf instance of just the other as routes and then importing them making them IGP originated be sufficent? Just a thougt test in a lab before doing bad stuff in production.
by JimmyNyholm
Fri Jul 21, 2017 10:08 pm
Forum: Forwarding Protocols
Topic: BGP Advice
Replies: 10
Views: 1285

Re: BGP Advice

My bgp is working correctly it works perfect. Then it comes down to that probably should split your /20 announcement down to /21's and /22,s and /23's and /24's just to be prepaired for avoiding ddos attacks and such.. That being said create the RR if your now a lir ask your lir to do it. ask your ...
by JimmyNyholm
Fri Jul 21, 2017 10:05 pm
Forum: Forwarding Protocols
Topic: BGP Advice
Replies: 10
Views: 1285

Re: BGP Advice

My bgp is working correctly it works perfect. My issue is that if Core 1, 2, and 3, are all online but I loose connection to core 3 from my other two cores. Core 3 continues to announcing its /20 network out to the internet, this it the same /20 that the other cores announce, so inbound traffic hit...
by JimmyNyholm
Fri Jul 21, 2017 1:07 pm
Forum: Forwarding Protocols
Topic: BGP Advice
Replies: 10
Views: 1285

Re: BGP Advice

With out all the questions about: Have you checked this is your peer that.... This is what BGP is. BGP is not a millisecond failover protocol. BGP is a self repairing system for inter as communication. Probably it is the HOLD timer on your peers that making them beleve that you are still there. In a...
by JimmyNyholm
Sun Jul 16, 2017 5:14 pm
Forum: General
Topic: MACSEC and or MikrotikSec
Replies: 1
Views: 1791

MACSEC and or MikrotikSec

I would love to se some hardware L2 encryption when: 1. talking to other mikrotik devices (should be simple clickbox and transparent to all other protocols) but ensures no ears dropping on that link. 2. MacSec implementation for inter brand taks. I think this would be a given extension after we have...
by JimmyNyholm
Sun Jul 16, 2017 4:47 pm
Forum: General
Topic: Feature request - DNS names in IPsec
Replies: 7
Views: 1754

Re: Feature request - DNS names in IPsec

+1.
And by all means make ip-changes and dns updates be reflected into peers and other ipsec related stuff.
by JimmyNyholm
Sun Jul 16, 2017 4:04 pm
Forum: Forwarding Protocols
Topic: why prepend/weight not working ?
Replies: 1
Views: 472

Re: why prepend/weight not working ?

Do your carrier, witch you say is the same for both sites, have a looking glass? If so use that to verify that it actually got the two but it's not a good path. so it wont be told to their peer's and upstream as the carrier is only telling it's best view of internet to others. The information in thi...
by JimmyNyholm
Sun Jul 16, 2017 3:55 pm
Forum: Forwarding Protocols
Topic: OSPF-DR,backup
Replies: 6
Views: 905

Re: OSPF-DR,backup

Why not just trash the segment for the three routers. make direct connect from R1-R2, R1-R3, R2-R3 building the triangle. OSPF will then work and behave good. All MT's sure then you may use /31 or /32 's as well. no IP wasting. The segment between is most of the time just a weak link for something t...
by JimmyNyholm
Sun Jul 16, 2017 3:43 pm
Forum: Forwarding Protocols
Topic: send prefix only from 1 upstream to transit
Replies: 2
Views: 493

Re: send prefix only from 1 upstream to transit

I gather that you want to give the transit customer a view of internet and only tell one of your transit providers that the transit customer is reachable through you. If so then: Take the learned routes from your transit customer append them with a community that you staple only transit type A and t...
by JimmyNyholm
Sat Jul 15, 2017 12:45 pm
Forum: SwOS
Topic: CRS326-24G-2S+RM Where is CRS326-24S-2S+RM
Replies: 3
Views: 1249

CRS326-24G-2S+RM Where is CRS326-24S-2S+RM

Hi tik guys. As an ISP and knowing that you aim your products at ISP market. I'm baffled to se all new shiny things come out with copper ports? Who is buildning with copper now days. Please make CRS326-24S-2S+RM for us at a lower price due to not having to supply any interface. We can then populate ...
by JimmyNyholm
Mon Jul 10, 2017 7:05 pm
Forum: General
Topic: What is Google DNS doing here?
Replies: 9
Views: 1107

Re: What is Google DNS doing here?

ISP's all over the world should implement BCP38. We are trying but Mikrotik is hindering us with non working uprf in vrf scenarios. Mikrotik Please You are actually making the internet less secure and prone to spoof by lagging behind...... But then again. All should at least do what they can, where...
by JimmyNyholm
Mon Jul 10, 2017 2:02 am
Forum: Scripting
Topic: Syntax highlighting and completions for Sublime Text
Replies: 38
Views: 24730

Re: Syntax highlighting and completions for Sublime Text

I'm happy to introduce the missing support for syntax highlighting and completions in the Sublime Text editor.
Just tried it.... Sweet exactly what the doctor ordered....

Thanks!
by JimmyNyholm
Sat Jul 08, 2017 11:55 pm
Forum: Forwarding Protocols
Topic: Redistribute static route to OSPF with filter
Replies: 1
Views: 726

Re: Redistribute static route to OSPF with filter

Routing filter add your filter to ospf-out or what ever filter list you have selected on the ospf instance. The best is not to import just add networks and set the interfaces to passive. If the routes are next hops that wont work and you will need to edit ospf instance and select redistribute static...
by JimmyNyholm
Tue May 16, 2017 9:52 am
Forum: General
Topic: Which types of ports would you like to see for a high speed router
Replies: 168
Views: 25924

Re: Which types of ports would you like to see for a high speed router

Let's not forget that QSFP and QSFP28 both support breakout or fanout cables. And Dont forget: QSFP28 can do: 1-4 x 10 1-4 x 25 1-2 x 50 1 x 100 SFP28 can do: 1 x 10 1 x 25 QSFP+ can do: 1-4 x 10 1 x 40 SFP+ can do: 1 x 10 1 x 1 All speeds and breakout combinations should be supported on all the po...
by JimmyNyholm
Tue May 09, 2017 8:54 pm
Forum: General
Topic: v6.40.rc4 GRE-IPSec SMB
Replies: 15
Views: 2097

Re: v6.40.rc4 GRE-IPSec SMB

One must also ask: Source Media and Destination Media 20Mbyte per second (200Mbit) is about what your average 2" spinning harddrive does after all buffers have been depleted. Allways test network with memory transfers so you test the real performance.
by JimmyNyholm
Tue Mar 21, 2017 1:17 pm
Forum: Announcements
Topic: v6.39rc [release candidate] is released
Replies: 391
Views: 82362

Re: v6.39rc [release candidate] is released

!) bridge - fixed BPDU rx/tx when protocol-mode=none

Fixed as in now we do forward all bpdu's transparrently or now we eat all transparrently What is done exactly?
Need to know so we may plan for the changed behaviour.
by JimmyNyholm
Wed Jan 25, 2017 3:14 pm
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 154934

Re: RouterOS v7.0 beta1 - when?

+1 Summarized status updates at given intervall is considered good Customer Relations.
by JimmyNyholm
Thu Jan 19, 2017 8:42 pm
Forum: Announcements
Topic: Winbox 3.9 released!
Replies: 35
Views: 15605

Re: Winbox 3.9 released!

both 3.8 and 3.9 do random crashes on win10 x64 home and 100% crash at exiting(instead of correctly closing session). 3.7(and earlier versions) works just fine.
On WIndows Server 2012R2 as well
by JimmyNyholm
Tue Jan 10, 2017 1:16 am
Forum: General
Topic: IPv6 and NAT - how I changed my mind
Replies: 19
Views: 8375

Re: IPv6 and NAT - how I changed my mind

NAT64 and the companion function of DNS64 is the realizer for us that want to move to the no more nat land. Only 6 Native clients able to talk to all 6 and the small old 4 for these petty sites and services not yet migrated. A Hell Yeah Big +1 from me. I saw the other threads and thought o my good t...
by JimmyNyholm
Mon Jan 09, 2017 8:47 pm
Forum: Wireless Networking
Topic: Wireless disconnection messages explained!
Replies: 85
Views: 77712

Re:

I'm getting the MIC Failures on several of my clients. Interference isn't an issue on one of them and their signal is -50, ccq is around 99. Client is conecting to a RB112/CM9 using a laptop. Two other customers are using Tranzeo CPE 90's. They connect fine....then out of the blue I see those MIC f...
by JimmyNyholm
Mon Jan 09, 2017 8:39 pm
Forum: General
Topic: Radius PAP for Login.
Replies: 1
Views: 888

Radius PAP for Login.

Hi Mikrotik. Please add PAP support to the radius client at login. It uses chap and is not settable if I read manual correctly. Why some of you may ask? Is'nt chap more secure? Yes but my cents is that I am even more secure and using one time passwords and Hence there is nothing to know beforehand t...
by JimmyNyholm
Tue Jan 03, 2017 11:36 am
Forum: Announcements
Topic: v6.38 [current] is released!
Replies: 168
Views: 37199

Re: v6.38 [current] is released!

*) interface - changed loopback interface mtu to 1500; There is no Loopback interface added. If you need loopback interface simply create bridge and do not add any ports to it. (MTU of 1500 is for that empty bridge used as loopback). This is well known to all of us this is why we are asking this qu...
by JimmyNyholm
Mon Jan 02, 2017 10:45 pm
Forum: Announcements
Topic: v6.38 [current] is released!
Replies: 168
Views: 37199

Re: v6.38 [current] is released!

Hello!

Sorry, what mean
*) interface - changed loopback interface mtu to 1500;
? There is special loopback interface now? Can't find it.

Regards,
Boris

+1 What does it say? Do we have Loopback Interface Now? Cant seem to find either in winbox nor in cli.
by JimmyNyholm
Mon Jan 02, 2017 10:18 pm
Forum: Announcements
Topic: v6.38 [current] is released!
Replies: 168
Views: 37199

Re: v6.38 [current] is released!

edit: I was wrong, Mikrotik does support LACP/802.3ad I'm sorry :( ;-) Right. I would not be a customer if they had not supported LACP. On the plus side is that they even have minimum link property for channel up state. I bought the 1036 before 1072 was out and I only use the two sfp+ ports LACP bu...
by JimmyNyholm
Mon Jan 02, 2017 7:36 pm
Forum: Announcements
Topic: v6.38 [current] is released!
Replies: 168
Views: 37199

Re: v6.38 [current] is released!

patrick7 - Bonding in past reported 2Gbps always. It did not matter if bonding had 2,3,4,5, etc. slave interfaces. Now it will simply report single link speed: *) snmp - always report bonding speed as speed from first bonding slave; For LACP that is Totally Wrong. In protocol less bonding this may ...
by JimmyNyholm
Mon Jan 02, 2017 1:34 pm
Forum: General
Topic: OSPFv3 Filtering
Replies: 6
Views: 1867

Re: OSPFv3 Filtering

Currently you can't, such feature is not implemented.
Care to develop that answer?
"Currently you can't": OK When? Is it planned? What Version will we See it Implemented?
by JimmyNyholm
Fri Dec 30, 2016 5:12 am
Forum: Announcements
Topic: MikroTik News December 2016 (Issue #74)
Replies: 94
Views: 22244

Re: MikroTik News December 2016 (Issue #74)

Now there needs to be something like a CRS317-1G-10X-6S+IN ac. Maybe better CRS317-1G-12X-4S+IN ac. Personally I don't se the benefit of coper ports. The benefit of sfp ports is that it should be cheaper to manufacture because no interface needs to be attached. Then you choose what you want and the...
by JimmyNyholm
Fri Dec 30, 2016 5:02 am
Forum: Announcements
Topic: MikroTik News December 2016 (Issue #74)
Replies: 94
Views: 22244

Re: MikroTik News December 2016 (Issue #74)

- new CRS317 with 16 x SFP+ ports, coming Q2/17 This completes CRS family :D The new CRS with 16 10G will be a very nice start if price/features equals upp. I would then say that this begins the CRS Family. Now we can go forward and do QSFP, QSFP28 (40G (4*10), 100G,50G,25G (4*25G,2*50G)) Moving up...
by JimmyNyholm
Fri Dec 30, 2016 4:45 am
Forum: Forwarding Protocols
Topic: OSPFv3 Missing /128 Routes in 5.1
Replies: 73
Views: 18373

Re: OSPFv3 Missing /128 Routes in 5.1 - 6.38

Hundred versions and five years later no fix. This year ends with Mikrotik Promising to fix this issue that lasted over 2 major versions in the 3 major that they are eagerly denying has officially been presented as of yet. No internal Alfa exists hence no external Beta exist and no Product with vers...
by JimmyNyholm
Thu Dec 29, 2016 4:52 pm
Forum: General
Topic: OSPFv3 Filtering
Replies: 6
Views: 1867

OSPFv3 Filtering

Hi I was baffled to se that routefilters is not implementet in OSPFv3. I can put in ipv6 records in my filterlists but not use them in the process is this a joke or am I missing something obvious. The wiki has not a peep on v3 and yet it has been there as long as I have used mt. Please explain to me...
by JimmyNyholm
Fri Sep 23, 2016 8:38 pm
Forum: Announcements
Topic: v6.37 [current] is released!
Replies: 197
Views: 34910

Re: v6.37 [current] is released!

Found a bug a think.
Had working bridged ethernet over ip (eoip) with ipsec enabled.
Upgrading to 6.37 current phase 1 fail against 6.34.6
upgrading to 6.37RC42 same result
downgrading again to 6.34.6 Works again.

Secret is defined on the tunnel interface so its using the "auto ipsec" feature.
by JimmyNyholm
Thu Jul 21, 2016 11:36 pm
Forum: Announcements
Topic: v6.37rc [release candidate] is released, only one wireless package!
Replies: 321
Views: 57275

Re: v6.37rc [release candidate] is released, only one wireless package!

*) wireless - "wireless-cm2" discontinued, uninstall it before update; As before: Uninstall Error - can not uninstall bundled package (6) I will try disable and upgrade.... Works. Disable, reboot, upgrade. Please do not write uninstall when that is not possible. or be more specific disable if packa...
by JimmyNyholm
Thu Jul 21, 2016 10:41 pm
Forum: Announcements
Topic: v6.37rc [release candidate] is released, only one wireless package!
Replies: 321
Views: 57275

Re: v6.37rc [release candidate] is released, only one wireless package!

*) wireless - "wireless-cm2" discontinued, uninstall it before update;

As before: Uninstall Error - can not uninstall bundled package (6)

I will try disable and upgrade....
by JimmyNyholm
Sat Jul 16, 2016 10:31 pm
Forum: SwOS
Topic: 16/32/48 ports
Replies: 51
Views: 20168

Re: 16/32/48 ports

ok, working on it horray.. :D thanks MikroTik. but no promises! I'm just saying we will consider the possibilities Redundant Power supplys and SFP's 1:1 ie 20 spf and 2 sfp+ or 40 sfp and 4 sfp+ we have 10sfp + 1sfp+ but we need bigger of the same so save space in closet. and offcourse redundant (p...
by JimmyNyholm
Sat Jul 16, 2016 9:11 pm
Forum: General
Topic: Feature request: CAPsManager - roaming
Replies: 79
Views: 23239

Re: Feature request: CAPsManager - roaming

I understand the request and it is a good one, but just wanted to note, that you can already configure access list to disconnect client with bad signal, and the client will then reconnect to the nearest AP If you actually understand the request: why do you sugest using the braindead (drop the clien...
by JimmyNyholm
Sun Jun 26, 2016 12:08 pm
Forum: SwOS
Topic: Bug ? Same mac diff. VID not work
Replies: 10
Views: 2399

Re: Bug ? Same mac diff. VID not work

The symptom is due to one of your switches is to old and cheap. It doesn't handle mac / vlan / table and thus can't have multi homed connections like that. 1. use proper gear with modern mac table / vlan 2. use only one connection and trunk in between of capable and incapable devices. You may create...
by JimmyNyholm
Wed Jun 22, 2016 12:19 am
Forum: Announcements
Topic: v6.36rc [release candidate] is released, wireless-fp package is discontinued!
Replies: 295
Views: 65177

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

You may be able to accomplish what you want by using GRE or L2TP with hooks to IPSec available in those services. No I can't becaus if I specify crypto on tunnel interface then routeros complaint and localendpoint must be specified. This is truely unintuitive. I do understand that it is because of ...
by JimmyNyholm
Fri Jun 17, 2016 7:21 pm
Forum: Announcements
Topic: v6.36rc [release candidate] is released, wireless-fp package is discontinued!
Replies: 295
Views: 65177

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

*) tunnel - added option to auto detect tunnel local-address; Can't Seem to find it? Does it solve changing ip in conjuction of auto ipsec aswell? Otherwise please ad that. Bump... No Comment. Neither Winbox 3.4 nor the CLI is displaying anything on any tunnel interface about this feature. What is ...
by JimmyNyholm
Sun Jun 12, 2016 3:40 am
Forum: Announcements
Topic: v6.36rc [release candidate] is released, wireless-fp package is discontinued!
Replies: 295
Views: 65177

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

*) tunnel - added option to auto detect tunnel local-address; Can't Seem to find it? Does it solve changing ip in conjuction of auto ipsec aswell? Otherwise please ad that. Bump... No Comment. Neither Winbox 3.4 nor the CLI is displaying anything on any tunnel interface about this feature. What is ...
by JimmyNyholm
Fri Jun 03, 2016 10:45 am
Forum: Announcements
Topic: v6.36rc [release candidate] is released, wireless-fp package is discontinued!
Replies: 295
Views: 65177

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

*) tunnel - added option to auto detect tunnel local-address;

Can't Seem to find it?
Does it solve changing ip in conjuction of auto ipsec aswell? Otherwise please ad that.
by JimmyNyholm
Fri Jun 03, 2016 10:39 am
Forum: General
Topic: Feature Req: IKEv2 server and client
Replies: 291
Views: 80693

Re: Feature Req: IKEv2 server and client

My 2 Cents is that V7 is a Unicorn. If one read the forum and all that V7 will fix.... Good Dam... No company in history has ever managed to release such a big overhaul. IkeV2 is the new standard in almost all communications between organisations. We NEEEEEEEEEEEEEEEEED it. If not in the V6 branch t...
by JimmyNyholm
Thu May 26, 2016 4:20 pm
Forum: Announcements
Topic: v6.36rc [release candidate] is released, wireless-fp package is discontinued!
Replies: 295
Views: 65177

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!


Nice!!!

How often is updated?
My question exactly :)
The Only viable sullution should be the TTL and Refresh values specified on each individual record but then again a confirmation on that one would be very much apprechiated as the wiki seldom states new features until very much later.
by JimmyNyholm
Mon Apr 25, 2016 10:13 am
Forum: Announcements
Topic: v6.36rc [release candidate] is released, wireless-fp package is discontinued!
Replies: 295
Views: 65177

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

If you are talking about not disabling wireless package, then you can not upgrade until you have removed it. From which version did you upgrade? As we were telling in previous topics about other versions, there was a problem with upgrade but it is not an issue of 6.36rc. It was a problem with old v...
by JimmyNyholm
Mon Apr 25, 2016 2:21 am
Forum: Announcements
Topic: v6.36rc [release candidate] is released, wireless-fp package is discontinued!
Replies: 295
Views: 65177

Re: v6.36rc [release candidate] is released, wireless-fp package is discontinued!

OK So I'm an idiot. Not Reading and just upgrading. What happens if I didn't disable the package?
I have one mAPLite upgraded and now it just boot loops. How do I apply a firmware reset on the unit?