Community discussions

Search found 217 matches

by JimmyNyholm
Fri May 11, 2018 9:13 am
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 272
Views: 23248

Re: v6.42.1 [current]

still waiting for the bugfix only update This vulnerability isn't much of a problem. The problem is administrators leaving their firewall services (API, Winbox, SSH, etc.) exposed to untrusted networks. It's better to apply firewall filters to the input chain that will protect against this and othe...
by JimmyNyholm
Thu May 10, 2018 4:42 pm
Forum: Announcements
Topic: Newsletter #82 (May 2018)
Replies: 34
Views: 5420

Re: Newsletter #82 (May 2018)

WOW! will CRS332-32S+RM have Hardware MPLS P switching aswell same as we now have at 317-16S+ ?????
by JimmyNyholm
Fri Apr 06, 2018 6:13 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 64522

Re: v6.42rc [release candidate] is released!

Confirmation from MT in Mail RC55 will have fix for my LACP Bonding problem. Have a Nice week end and I hope for the soon Release of RC55. One wonder what more magical fixes will be included.
;-)
by JimmyNyholm
Wed Mar 28, 2018 3:11 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 64522

Re: v6.42rc [release candidate] is released!

My LACP problem is still Present in this RC ([Ticket#2018031222001218] LACP HW problem reaching bridge)
by JimmyNyholm
Sun Mar 25, 2018 10:39 pm
Forum: Announcements
Topic: v6.41.3 [current]
Replies: 139
Views: 18715

Re: v6.41.3 [current]

Word of !WARNING for anyone who has the CCR1072-1G-8S+. We have two of these units, since the upgrade both have used consistently 10 more watts of power! This has also increased the temperature of the device and fan speed, that can't be a good thing can it? We've contacted Mikrotik and this is thei...
by JimmyNyholm
Fri Mar 23, 2018 9:48 am
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 64522

Re: v6.42rc [release candidate] is released!

[admin@sw-under] > interface bonding print Flags: X - disabled, R - running 0 name="CoreUplink" mtu=1500 mac-address=64:D1:54:EA:BC:83 arp=enabled arp-timeout=auto slaves=sfp-sfpplus1,sfp-sfpplus2 mode=802.3ad primary=none link-monitoring=mii arp-interval=100ms arp-ip-targets="" mii-interval=100ms ...
by JimmyNyholm
Thu Mar 22, 2018 12:24 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: New router OS
Replies: 42
Views: 5939

Re: New router OS

Steve is right. There is barely anything left in v7 that we haven't backported. Isolated VRF's VRF aware Services All of them and Multiple of them (ie allow ssh source this in vrf x and source that in vrf p only listening on ip's local to that respective vrfs) Tunnel Interface: Inner VRF and Outer ...
by JimmyNyholm
Thu Mar 22, 2018 12:07 pm
Forum: Announcements
Topic: Winbox 3.12 released!
Replies: 55
Views: 15447

Re: Winbox 3.12 released!

I recon you have full feed. and single core problem every question you make in cli will take forever. I guess that winbox can't be faster then cli can so..... Or am I missing something?
by JimmyNyholm
Sat Mar 10, 2018 7:31 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 64522

Re: v6.42rc [release candidate] is released!

# jan/13/1970 03:06:17 by RouterOS 6.42rc39 # software id = JLRA-QA36 # # model = CRS326-24G-2S+ # serial number = 763C06E78477 /interface ethernet set [ find default-name=sfp-sfpplus2 ] mac-address=6C:3B:6B:ED:F9:E6 /interface bridge add admin-mac=6C:3B:6B:ED:F9:E6 auto-mac=no fast-forward=no name...
by JimmyNyholm
Fri Mar 09, 2018 2:20 pm
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM
Replies: 6
Views: 576

CRS328-24P-4S+RM

CRS328-24P-4S+RM Wow.
This is what I was waiting for. Nice one. When will it be available.
by JimmyNyholm
Fri Mar 09, 2018 12:58 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 64522

Re: v6.42rc [release candidate] is released!

*) crs3xx - added initial "hw-offload" support for 802.3ad and "balance-xor" bonding; Well done! I can confirm it's working on a CRS326 now. Still open is the issue to change MTU size. [admin@MikroTik] /interface bonding> set bond2 mtu=8148 failure: could not set mtu [admin@MikroTik] /interface bon...
by JimmyNyholm
Thu Mar 08, 2018 4:20 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 64522

Re: v6.42rc [release candidate] is released!

*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts; *) bridge - added per-port learning options; *) bridge - added support for static hosts; Thanks. This will make it possible to configure stuff that I was waiting for. Is there any plans for more l...
by JimmyNyholm
Tue Feb 27, 2018 5:46 pm
Forum: Forwarding Protocols
Topic: Point-to-point (/31) addresses
Replies: 60
Views: 31560

Re: Point-to-point (/31) addresses

I would skip using an actual /31, and just use two /32s. Specify the remote address as the "network", and you should be good to go. This mechanism is more flexible than using /31s, as the addresses don't need to be adjacent; and more efficient since you can re-use the same address for multiple link...
by JimmyNyholm
Tue Feb 27, 2018 5:36 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 64522

Re: v6.42rc [release candidate] is released!

We are aware of this DHCP client problem, will try to fix in one of the next RC versions.
Thanks mrz....
Are you aware and have reproduced the LACP problem aswell?
by JimmyNyholm
Mon Feb 26, 2018 11:00 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 64522

Re: v6.42rc [release candidate] is released!

Have you set admin-mac on the bridge? I have only created the bridge1 interface. /interface bridge export # mar/12/1970 15:13:17 by RouterOS 6.42rc35 # software id = M8A7-BVIJ # # model = CRS326-24G-2S+ /interface bridge add igmp-snooping=yes name=bridge1 protocol-mode=none pvid=64 vlan-filtering=y...
by JimmyNyholm
Mon Feb 26, 2018 4:31 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 64522

Re: v6.42rc [release candidate] is released!

Tested This New RC. My Bridge LACP bridge problem still exists. Not reachable through lacp bond if no other local port on bridge is active.

ip dhcp-client connected to bridge1 does eternal searching after reboot disable and enable fixes the problem
by JimmyNyholm
Sun Feb 25, 2018 3:25 pm
Forum: Announcements
Topic: v6.40.6 [bugfix] is released!
Replies: 58
Views: 8752

Re: v6.40.6 [bugfix] is released!

Long, long post ... five seconds of scrolling. Was it necessary? No Scrolling Here. Use real browser and the post is rendered in a scrolled list inside that post. As for the question it seems legit to ask to se if one has understod things right. To actually answer the question: Yes that seems to be...
by JimmyNyholm
Sun Feb 25, 2018 12:10 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 64522

Re: v6.42rc [release candidate] is released!

Ok So I did see the wiki was updated to state the fact of HW offload on crs3xx series. So I did a new test and: 23 I H ether24 bridge1 yes 64 0x80 10 10 none 24 H Core bridge1 yes 64 0x80 10 10 none [admin@labb-mgmt-1] /interface bridge port> Shurely it states that the Bond in my case named Core sho...
by JimmyNyholm
Tue Feb 20, 2018 1:42 pm
Forum: Forwarding Protocols
Topic: eoip sharing subnet
Replies: 6
Views: 401

Re: eoip sharing subnet

The EOIP tunnel is an interface to RouterOS. This is your inside of tunnel and can be part of bridge. the interface that holds the LocalIP that eoip binds to in the encapsulated iptraffic it generates should of course not be part of the same (or any bridge) this creates loops and defeats the purpose...
by JimmyNyholm
Sun Feb 18, 2018 3:21 pm
Forum: Forwarding Protocols
Topic: Choose right VPN tunnel when both peers are dual-homed
Replies: 2
Views: 159

Re: Choose right VPN tunnel when both peers are dual-homed

Hi. If both sides have static ip's this is easy. If you need L3 only then setup meshed gre tunnels with configured ipsec secret then the gre traffic is encrypted and all is well. You may then assign links ip's and loopback and enable ospf and set the weight. Using carefull settings and only routing ...
by JimmyNyholm
Sun Feb 18, 2018 2:58 pm
Forum: Forwarding Protocols
Topic: vrf connected route leaking
Replies: 20
Views: 4207

Re: vrf connected route leaking

Not yet, but v7beta is coming later this year
Are we there yet?
by JimmyNyholm
Sun Feb 18, 2018 12:31 pm
Forum: The User Manager
Topic: API set command
Replies: 1
Views: 188

Re: API set command

The manual is at: https://wiki.mikrotik.com/wiki/Manual:API
C# abstractions are found at nuget and discussed here in the scripting forum, and set command perhaps here: viewtopic.php?f=9&t=130899&p=642998&hil ... 23#p642998
by JimmyNyholm
Sat Feb 17, 2018 2:19 pm
Forum: Forwarding Protocols
Topic: eoip sharing subnet
Replies: 6
Views: 401

Re: eoip sharing subnet

EOIP is ethernet like interface encapsulated over ip packet. Ethernetlike makes it able to be part of bridge witch you seem to grasp but then you attach ip's to interfaces instead of the bridge? Please make a drawing on what you are trying to do, then we are much more able to help you. Subject suges...
by JimmyNyholm
Wed Feb 14, 2018 10:25 am
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 64522

Re: v6.42rc [release candidate] is released!

*) radius - increase allowed RADIUS server timeout to 60s; To add an important reason to the too short limit problem of timeout in radius: Successful authentications are answered immediately (in order of milliseconds if possible), but to protect the server from brute-force attacks and DOS-type atta...
by JimmyNyholm
Sat Feb 10, 2018 4:01 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: CVE-2018-5951: MikroTik RouterOS Denial of Service Vulnerability
Replies: 20
Views: 1961

Re: CVE-2018-5951: MikroTik RouterOS Denial of Service Vulnerability

Did you read my post entirely? A simple firewall stops it. Why don't you have it?
Let me think......... FASTPATH!
by JimmyNyholm
Sat Feb 10, 2018 3:59 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: CVE-2018-5951: MikroTik RouterOS Denial of Service Vulnerability
Replies: 20
Views: 1961

Re: CVE-2018-5951: MikroTik RouterOS Denial of Service Vulnerability

Interesting, if you call something that just uses your resources "a vulnerability", when you can clearly protect your device against this (like with firewall), would you also call Chrome a vulnerability? It uses tons of RAM on my machine. First the CVE is reserved but information is not official fr...
by JimmyNyholm
Fri Feb 09, 2018 5:31 pm
Forum: RouterOS v7
Topic: Feature request: Virtual Extensible LAN (VXLAN)
Replies: 17
Views: 5630

Re: Feature request: Virtual Extensible LAN (VXLAN)

+1000 Inspiration for code can be found in the openbsd projekt https://man.openbsd.org/vxlan.4
by JimmyNyholm
Fri Feb 09, 2018 5:08 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 64522

Re: v6.42rc [release candidate] is released!

*) crs3xx - added initial hw-offload support for 802.3ad and balance-xor bonding Jiiiha!.... Will test prompty. Offcourse 4 tuble ip hash srcip srcport dstip dstport will come later right!? Ok So I tested on a CRS326-24G-2S+ but neither winbox nor cli shows anything anywhere. Initial maybe initial ...
by JimmyNyholm
Fri Feb 09, 2018 4:27 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 64522

Re: v6.42rc [release candidate] is released!

*) crs3xx - added initial hw-offload support for 802.3ad and balance-xor bonding
Jiiiha!.... Will test prompty. Offcourse 4 tuble ip hash srcip srcport dstip dstport will come later right!?
by JimmyNyholm
Wed Feb 07, 2018 2:04 pm
Forum: Announcements
Topic: MikroTik News February 2018 (Issue #80)
Replies: 65
Views: 10348

Re: MikroTik News February 2018 (Issue #80)

Excellent news on the PoE switch! Nice work, MikroTik. I have a 28 IP network camera installation coming up in May of this year. Could really use a rackmount 24 port PoE switch too!
And while youre at 24port powe why not 48port poe.
48 Gig ports with 1 qsfp+ port breakable to 4 sfp+ ports
by JimmyNyholm
Thu Feb 01, 2018 12:22 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 64522

Re: v6.42rc [release candidate] is released!

that pvid could be seen in 41rc's aswell if you set something it goes away though
by JimmyNyholm
Thu Feb 01, 2018 12:00 pm
Forum: Announcements
Topic: MikroTik News February 2018 (Issue #80)
Replies: 65
Views: 10348

Re: MikroTik News February 2018 (Issue #80)

RouterOS v7, how cool is that!
The what and where now? Nothing that I see in that Issue mentions V7???
by JimmyNyholm
Tue Jan 30, 2018 8:31 pm
Forum: Forwarding Protocols
Topic: Strange readings in traffic monitor
Replies: 4
Views: 241

Re: Strange readings in traffic monitor

I'm running 1036 and 1072's with muliple full bgp feeds for both v4 and v6 its is not an issue.

What ROS version are you running? And what is your routerboard firmware version?

If you connect winbox to macserver you may se strange results connect using IP its unicast and stable.
by JimmyNyholm
Tue Jan 30, 2018 1:28 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Routing traffic over 2 interfaces
Replies: 4
Views: 337

Re: Routing traffic over 2 interfaces

The question have ben answered. But as long as you take Layer2 in count you can with routing and proxy-arping overcome many subnetting wasting scenarios offcourse all depends on what problem you actually trying to solve.
by JimmyNyholm
Tue Jan 30, 2018 1:23 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Slower ipsec with 6.41
Replies: 7
Views: 701

Re: Slower ipsec with 6.41

And support ticket number to Mikrotik is?
by JimmyNyholm
Tue Jan 30, 2018 1:02 am
Forum: RouterOS v6 RC and v7 BETA
Topic: ADD DYNAMIC VLAN ASSIGNMENT.
Replies: 37
Views: 13739

Re: ADD DYNAMIC VLAN ASSIGNMENT.

2018 Are we there yet?
by JimmyNyholm
Tue Jan 30, 2018 12:57 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Bandwidth Test Tool and RADIUS
Replies: 6
Views: 1952

Re: Bandwidth Test Tool and RADIUS

I Did stumble over this today when I tried to uppgrade my sequrity a couple of notches.

+1000

Please add radius (PAP one time passwords) support to the bandwith testserver as well and only if radius server returns that user has a group that has the access offcourse
by JimmyNyholm
Tue Jan 30, 2018 12:44 am
Forum: Announcements
Topic: Tik App, MikroTik android utility ALPHA test
Replies: 313
Views: 96634

Re: Tik App, MikroTik android utility ALPHA test

I have to admit that it is a bit oxymoron to have "serious" concerns about 3rd party data exposure when you use android which is pretty much spyware on its own :P
Android is a virus :lol:
by JimmyNyholm
Mon Jan 29, 2018 2:57 pm
Forum: Announcements
Topic: New features in Dude RC
Replies: 22
Views: 7611

Re: New features in Dude RC

Upgraded to latest Ros42RC15 due to vmware tools support. (IE running on CHR) I think this RC version of dude has got the authentication faliure for bandwith test again or am I missing something in my dude role in my install. /user group add name=dude-group policy="telnet,ssh,reboot,read,test,sniff,...
by JimmyNyholm
Fri Jan 26, 2018 5:47 pm
Forum: Announcements
Topic: v6.39.3 [bugfix] is released!
Replies: 47
Views: 10402

Re: v6.39.3 [bugfix] is released!

In this release address list entry timeout option is broken! Entry is removed from address list randomly, but much more faster than specified amount of time many have raised this bug but no answer yet, perhaps it will be fixed in the next bugfix As of most comments on the forum have any one filed a...
by JimmyNyholm
Tue Jan 23, 2018 10:34 am
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 64522

Re: v6.42rc [release candidate] is released!

HW LACP is must. [Ticket#2018012222005306] RE: LACP HW CRS317-1G-16 [...] Hello, We are currently working on this feature. We hope to see it soon. Best regards, Arturs C. -- MikroTik.com Come to the MUM conferences, registration open in Cameroon, Kenya, Russia (Ekaterinburg), Russia (St. Petersburg...
by JimmyNyholm
Mon Jan 22, 2018 11:17 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 64522

Re: v6.42rc [release candidate] is released!

I would love VLan Translation on CRS317-1G-16S+RM as well... when can vi se that?
by JimmyNyholm
Mon Jan 22, 2018 11:15 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 64522

Re: v6.42rc [release candidate] is released!

HW LACP is must.
[Ticket#2018012222005306] RE: LACP HW CRS317-1G-16 [...]
by JimmyNyholm
Mon Jan 22, 2018 9:54 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature request: MPLS IPv6
Replies: 18
Views: 6072

Re: Feature request: MPLS IPv6

RouterOS firsts need ECMP for MPLS first. There is a lot people that have several links between routers for redundancy / more troughtput like us and with ldp enable, the Routers OS only sets a label for the first gateway. The other ECMP gateways dont get labels.. So no traffic is forwarded trought ...
by JimmyNyholm
Mon Jan 22, 2018 9:49 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: BGP multithreaded
Replies: 2
Views: 444

Re: BGP multithreaded

I have, no flapping all is working ok but convergence times is horrible. I have only 3 Full Feeds on each (ie: one full peer and two reflectors with all other peers) one tilera core is constantly at 100percent it will do as much as it can, as fast as it can. Forwarding and routing is good and fast a...
by JimmyNyholm
Mon Jan 22, 2018 8:56 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 64522

Re: v6.42rc [release candidate] is released!

HW LACP is must.
by JimmyNyholm
Mon Jan 22, 2018 8:50 pm
Forum: Scripting
Topic: /tool fetch https check-certificate=yes undocumented, not working...
Replies: 7
Views: 291

Re: /tool fetch https check-certificate=yes undocumented, not working...

Can you please update wiki to reflect the new options. If I don't read the forum wrong it is possible to set HttpHeaders!? how? Examples please and in wiki to..... http-data cli tells me: http-data -- POST or PUT request body data So this tells me no headers can go into this field..... How do I chan...
by JimmyNyholm
Mon Jan 22, 2018 8:37 pm
Forum: General
Topic: RouterOS Radius Login SSH / Winbox
Replies: 1
Views: 158

Re: RouterOS Radius Login SSH / Winbox

Waiting for comment on this from Support: [Ticket#2018012222004996] RE: RADIUS LOGIN.
by JimmyNyholm
Mon Jan 22, 2018 12:06 pm
Forum: General
Topic: /31 bit mask doesn't work on GRE tunnel?
Replies: 3
Views: 216

Re: /31 bit mask doesn't work on GRE tunnel?

Exactly but that only works on MT <-> MT ppp's not other brands...

Please Fix
by JimmyNyholm
Sun Jan 21, 2018 9:44 pm
Forum: General
Topic: RouterOS Radius Login SSH / Winbox
Replies: 1
Views: 158

RouterOS Radius Login SSH / Winbox

Hi All. Why do SSH radius login do pap by default and not settable? (Don't Read me Wrong I need pap because I use one time passwords there are nothing to challenge on so chap is not an option) And Why do Winbox radius login only do chap by default and not settable? (This hits me because I need PAP, ...