Community discussions

MikroTik App

Search found 1266 matches

by savage
Fri Mar 15, 2024 12:36 pm
Forum: Forwarding Protocols
Topic: OSPF "sequence mismatch" after HA-Failover of neighbor
Replies: 2
Views: 209

Re: OSPF "sequence mismatch" after HA-Failover of neighbor

v7 is plagued with sequence mismatch errors. We have it on almost all our v7 routers, comes and goes at free will.

In our case at least, it hasn't impacted routing. Just an annoying log entry.
by savage
Wed Mar 06, 2024 8:00 pm
Forum: Announcements
Topic: v7.14.1 [stable] is released!
Replies: 419
Views: 68946

Re: v7.14 [stable] is released!

How do i delete loop back interface? i am not interested in
Can't. And ditto. If I need a loopback, I'll create one :)
by savage
Wed Mar 06, 2024 2:19 pm
Forum: Announcements
Topic: v7.14.1 [stable] is released!
Replies: 419
Views: 68946

Re: v7.14 [stable] is released!

Well...

Whilst I am happy and grateful to FINALLY have a v7 AMI on AWS... Reading this thread, I'll skip on 7.14
by savage
Fri Feb 23, 2024 1:05 pm
Forum: Forwarding Protocols
Topic: ROSv7.13.3 - bgp-ext-communities
Replies: 2
Views: 342

Re: ROSv7.13.3 - bgp-ext-communities

[admin@MikroTik] /routing/filter/community-ext-list> add list=yes communities="rt:123:123" [admin@MikroTik] /routing/filter/community-ext-list> add list=yes communities="rt:123:123.123.123.123" invalid value for argument community: invalid prefix route distinguisher value value ...
by savage
Fri Feb 23, 2024 12:56 pm
Forum: Forwarding Protocols
Topic: ROSv7.13.3 - bgp-ext-communities
Replies: 2
Views: 342

ROSv7.13.3 - bgp-ext-communities

Hi All, if (afi ipv4 && protocol bgp) { jump GLOBAL-DENY-v4; if (bgp-as-path ^123$) { set bgp-local-pref 200; } set bgp-communities TRANSIT; set bgp-ext-communities rt:123:111.111.111.111; accept; } The bgp-ext-communities are not applied. bgp-communities are however applied? Am I missing so...
by savage
Mon Feb 12, 2024 12:25 pm
Forum: Forwarding Protocols
Topic: Empty BGP session on ROS 7.13.4
Replies: 2
Views: 439

Re: Empty BGP session on ROS 7.13.4

BGP in ROSv7 defaults to 'deny all' for route filters, where as ROSv6 was 'accept all'.

You need an inbound and outbound filter on the BGP sessions.
by savage
Thu Feb 08, 2024 11:16 am
Forum: General
Topic: ROS v7 - EoIP Ipsec
Replies: 7
Views: 422

Re: ROS v7 - EoIP Ipsec

Public Tunnel ran fine with ROSv6 ipsec enabled. Tunnel runs fine on ROSv7 too, the ipsec is just not configured and visible in /ip/ipsec, and traffic on the tunnel is unencrypted, even though ipsec is enabled on the EoIP configuration. Seems to me that ROSv7 is ignoring the ipsec secret configurati...
by savage
Thu Feb 08, 2024 11:04 am
Forum: General
Topic: ROS v7 - EoIP Ipsec
Replies: 7
Views: 422

Re: ROS v7 - EoIP Ipsec

You have configured tunnels on both sides ?
Of course. The tunnel is in a Running state.

Hmpf. Will look at it some more then. Maybe I am missing something.
by savage
Thu Feb 08, 2024 10:53 am
Forum: General
Topic: ROS v7 - EoIP Ipsec
Replies: 7
Views: 422

Re: ROS v7 - EoIP Ipsec

It works. I set up such tunnels. What configuration do you have? 7.13.3? I know it works adding the ipsec key to the EoIP configuration, but no ipsec phase 1 / phase 2 is configured in /ip/ipsec? Packet dumps also indicate gre traffic, and not ipsec traffic. [admin@MikroTik] > /interface/eoip/print...
by savage
Wed Feb 07, 2024 5:21 pm
Forum: General
Topic: ROS v7 - EoIP Ipsec
Replies: 7
Views: 422

ROS v7 - EoIP Ipsec

Hi,

Is it just me, or is ipsec on eoip tunnels also not working / implemented?

thnx
by savage
Wed Feb 07, 2024 5:08 pm
Forum: General
Topic: Ways to change NAS-Identifier in RADIUS requests?
Replies: 8
Views: 567

Re: Ways to change NAS-Identifier in RADIUS requests?

https://www.rfc-editor.org/rfc/rfc2138#page-48 5.32. NAS-Identifier Description This Attribute contains a string identifying the NAS originating the Access-Request. It is only used in Access-Request packets. Either NAS-IP-Address or NAS-Identifier SHOULD be present in an Access-Request packet. A sum...
by savage
Wed Feb 07, 2024 4:59 pm
Forum: General
Topic: Ways to change NAS-Identifier in RADIUS requests?
Replies: 8
Views: 567

Re: Ways to change NAS-Identifier in RADIUS requests?

Plenty other attributes that can be used, such as NAS-IP-Address ? Definitely, however the external service uses only Nas-Identifier and they likely won't change that just for me. I did ask, though Then it's a lack of functionality on the external service, unfortunately. Install a AAA proxy in the ...
by savage
Wed Feb 07, 2024 9:27 am
Forum: General
Topic: Ways to change NAS-Identifier in RADIUS requests?
Replies: 8
Views: 567

Re: Ways to change NAS-Identifier in RADIUS requests?

Plenty other attributes that can be used, such as NAS-IP-Address ?
by savage
Mon Feb 05, 2024 1:01 pm
Forum: General
Topic: ROS v7.13.2 "stable" CHR
Replies: 0
Views: 205

ROS v7.13.2 "stable" CHR

[admin@MikroTik] > /ip/route/print count-only 0 action timed out - try again, if error continues contact MikroTik support and send a supout file (13) Can't add static routes, can't view routing tables, can't count routes, can't do anything pertaining to routes. Not even rebooting the router solves ...
by savage
Fri Feb 02, 2024 3:53 pm
Forum: Announcements
Topic: v7.13.5 [stable] is released!
Replies: 909
Views: 253304

Re: v7.13.1 [stable] is released!

It would always be best to adhere to common hostname format standards as system identity translates to hostname of the device.
Then Mikrotik should check that, when setting the identity and not accept spaces (and other characters that doesn't belong there) :)
by savage
Tue Oct 10, 2023 1:40 pm
Forum: RouterOS beta
Topic: BGP - Prefix Count
Replies: 9
Views: 3200

Re: BGP - Prefix Count

Same story here.

Also find it amusing that you still have to revert to looking at packet dumps, to see what is actually advertised too.

ROSv7 feels like a pet project that got started and just never got finished. Def. not prod ready IMHO.
by savage
Mon Sep 11, 2023 6:51 pm
Forum: Forwarding Protocols
Topic: delete communities
Replies: 9
Views: 2910

Re: delete communities

I reported it to support in March (SUP-110901) but never got any response.
Also no response on my support ticket. Seems that is the norm these days.

TY for confirming.
by savage
Sat Sep 09, 2023 10:55 am
Forum: Forwarding Protocols
Topic: delete communities
Replies: 9
Views: 2910

delete communities

Hi, Am I missing something? if (afi ipv4 && protocol bgp && bgp-communities equals TRANS-ANNOUNCE) { delete bgp-communities TRANS-ANNOUNCE; accept; } The filter matches communities TRANS-ANNOUNCE, but it does not delete TRANS-ANNOUNCE prior to sending the advertisement on to the prov...
by savage
Wed Sep 06, 2023 4:56 pm
Forum: Forwarding Protocols
Topic: Route Filter Comments
Replies: 2
Views: 2358

Route Filter Comments

Hi,

Can comments be added in ROSv7 routing filters? Tried #, ', as well as //

Thanks
by savage
Mon Aug 21, 2023 3:17 pm
Forum: Forwarding Protocols
Topic: route print
Replies: 6
Views: 2292

Re: route print

/routing/route print detail
And clearly you haven't read the forum posts...
by savage
Mon Aug 21, 2023 1:12 pm
Forum: Forwarding Protocols
Topic: route print
Replies: 6
Views: 2292

Re: route print

/routing/route print (detail)? Have you tried it before you actually just assumed things? Clearly, you are under estimating my intelligence here... [chrisk@x] > /system/package/print Columns: NAME, VERSION # NAME VERSION 0 routeros 7.11 [chrisk@x] > /ip route/print detail Flags: D - dynamic; X - di...
by savage
Mon Aug 21, 2023 12:11 pm
Forum: Forwarding Protocols
Topic: route print
Replies: 6
Views: 2292

route print

Hi,

Seeing that V7 is now so stable and mainstream and all....

When can we expect to see things like BGP/OSPF/RIP/etc metrics and AS Paths etc in a simple route print command?
by savage
Mon Jul 17, 2023 11:33 am
Forum: RouterBOARD hardware
Topic: CRS326-24S+2Q+ all of a sudden ROS7 only?
Replies: 11
Views: 3410

Re: CRS326-24S+2Q+ all of a sudden ROS7 only?

Try 7.10.2 - works nicely.
Hire me as a QA engineer, and I will "try" it for you. Not my job, and not on my networks.

Anyways... Moving on...
by savage
Mon Jul 17, 2023 11:05 am
Forum: RouterBOARD hardware
Topic: CRS326-24S+2Q+ all of a sudden ROS7 only?
Replies: 11
Views: 3410

Re: CRS326-24S+2Q+ all of a sudden ROS7 only?

Unless you have specific critical issues that you have reported directly to MikroTik, please do not spread misinformation about software stability. There's no misinformation - it's all over the forums. As you don't have a ROSv7 long-term release, but instead, only a stable release, your software re...
by savage
Mon Jul 17, 2023 10:55 am
Forum: RouterBOARD hardware
Topic: CRS326-24S+2Q+ all of a sudden ROS7 only?
Replies: 11
Views: 3410

Re: CRS326-24S+2Q+ all of a sudden ROS7 only?

Then please UPDATE YOUR DATASHEETS so that I don't buy crap that I don't want!
by savage
Mon Jul 17, 2023 10:53 am
Forum: RouterBOARD hardware
Topic: CRS326-24S+2Q+ all of a sudden ROS7 only?
Replies: 11
Views: 3410

Re: CRS326-24S+2Q+ all of a sudden ROS7 only?

Have 2 v7 devices in our network, work on them every day, and no, I am not happy with v7 yet. Why not please just address my concerns, instead of pushing your v7 agenda? Since when are the CRS326-24S+2Q+ v7 only, and why is this not reflected in the datasheets like you specify the requirements for R...
by savage
Mon Jul 17, 2023 10:47 am
Forum: RouterBOARD hardware
Topic: CRS326-24S+2Q+ all of a sudden ROS7 only?
Replies: 11
Views: 3410

CRS326-24S+2Q+ all of a sudden ROS7 only?

Hi, I have at least 30 CRS326-24S+2Q+ (r2) running in our datacenters, all happily running ROSv6. We've now received 4 new CRS326-24S+2Q+ (r3) units, that we are attempting to deploy. These devices to our surprise, came to us with ROSv7 (which, we don't deem as production ready). Both a software dow...
by savage
Tue Jun 13, 2023 9:13 pm
Forum: Forwarding Protocols
Topic: MPLS + LDP Logging
Replies: 16
Views: 7354

Re: MPLS + LDP Logging

Don't think they doing anything anymore for v6. Dissapointing, as v7 is faaar from production ready.
by savage
Thu Mar 02, 2023 3:18 pm
Forum: RouterBOARD hardware
Topic: 40G direct attach cable
Replies: 8
Views: 1665

Re: 40G direct attach cable

savage I know that cables exist. What I meant is a box that I can plug A fiber into running at 40G and it has a DAC cable from it so I can connect it to 4 x 10G ports Any 40G QSFP interface on the one side, any 10G Interface on the other side? The CRS326-24S+2Q+RM for example as 2 x QSFP ports. So ...
by savage
Thu Mar 02, 2023 1:39 pm
Forum: RouterBOARD hardware
Topic: 40G direct attach cable
Replies: 8
Views: 1665

Re: 40G direct attach cable

Uhm. Have you tried google?

They exist, and is commonly used.
by savage
Thu Sep 22, 2022 10:43 pm
Forum: General
Topic: Netflow Timestamps
Replies: 1
Views: 705

Re: Netflow Timestamps

+1 - really annoying. v5 does not support v6, and v9 does not support time stamps. I can't even remember for how long Netflow has been an issue in 'tik. Would be lovely to just get this fixed once and for all please. Flow Record: Flags = 0x06 FLOW, Unsampled label = <none> export sysid = 25 size = 6...
by savage
Fri Apr 29, 2022 5:22 am
Forum: Beginner Basics
Topic: NTP protocol Is Blocked by ISP [SOLVED]
Replies: 47
Views: 9228

Re: NTP protocol Is Blocked by ISP [SOLVED]

Come on guys! It is "quite common" that an ISP blocks all traffic from UDP port 123
Uhm, no? ISPs should not, ever, be filtering traffic. Not their responsibility. If my ISP blocks port 123 (or any port for that matter), I'll be cancelling services very promptly thereafter.
by savage
Thu Apr 28, 2022 8:25 am
Forum: RouterBOARD hardware
Topic: NetPower 16p.... Rubbish PoE design. Workarounds?
Replies: 20
Views: 4323

Re: NetPower 16p.... Rubbish PoE design. Workarounds?

So whats the most logical solution when you only have X number of cables? You remove a radio, install something like a PowerBox in between, then reconnect the radio to the powerbox and you also have another 3 ports available. Easy logical straightforward expansion Yet the netpower has no PoE input ...
by savage
Thu Apr 28, 2022 8:03 am
Forum: General
Topic: VRRP Issues
Replies: 16
Views: 2782

Re: VRRP Issues

There's a switch in between. VLAN 100 is LAN Management and VLAN 101 is WIFI Management. VLANs are correct between the firewalls. Confirmed that they can see each other through neighbors and can ping local IP of each other. And for example, if I disable VRRP on MTik02, it can ping and see MTik01 wi...
by savage
Mon Apr 18, 2022 2:25 pm
Forum: General
Topic: S-31DLC20D on RB-760iGS RX Lose
Replies: 10
Views: 1281

Re: S-31DLC20D on RB-760iGS RX Lose

I would try different SFP modules, looks like you've got some cheap made in Japan AliExpress SFPs there... Just my 2c.
by savage
Sun Apr 17, 2022 10:45 am
Forum: RouterBOARD hardware
Topic: CRS sfp woe's
Replies: 4
Views: 955

Re: CRS sfp woe's

Yep, seems pretty normal for generic sfp's to randomly work between MT chassis. I have about 50 MT devices in my care all using fiber trunks. Generally speaking I use either genuine mikrotik SFP's, or Cisco Genuine( which seem to work fine ) in my MT gear. I also keep an eye on : https://wiki.mikro...
by savage
Sun Apr 17, 2022 10:42 am
Forum: General
Topic: S-31DLC20D on RB-760iGS RX Lose
Replies: 10
Views: 1281

Re: S-31DLC20D on RB-760iGS RX Lose

Either your fiber lead is faulty, or yes, you need to cross your fiber leads on the patch lead. TX goes to RX and RX goes to TX. They are (or should be) crossed. RX loose and a -40dB is essentially telling you that it is not receiving any light. So either the receiving end is broken, or the transmit...
by savage
Sun Apr 03, 2022 6:13 pm
Forum: General
Topic: QSFP & SFP28 Modules
Replies: 0
Views: 296

QSFP & SFP28 Modules

Hi,

Is it just me, or is Mikrotik missing some SFP modules?

I am looking for a QSFP (40Gbps) SM module, as well as a SFP28 (25Gbps) SM module? Seems there are only QSFP for multi-mode fiber, and SFP28 only comes in a DAC cable???

What's my options please.

Thanks,
by savage
Fri Mar 25, 2022 7:23 am
Forum: General
Topic: Irony
Replies: 3
Views: 549

Re: Irony

RouterOS versions 7.1.4 and 7.1.5 has been released "v7 stable" channel! Before an upgrade: 1) Remember to make backup/export files before an upgrade and save them on another storage device; 2) Make sure the device will not lose power during upgrade process; 3) Device has enough free stor...
by savage
Thu Mar 17, 2022 7:54 am
Forum: RouterOS beta
Topic: CCR1072-1G-8S+ Export config issue
Replies: 3
Views: 2379

Re: CCR1072-1G-8S+ Export config issue

export gets stuck often at various part of the config, in all versions.

known thing, reported many many times before to MT, and no fixes.
by savage
Fri Mar 11, 2022 3:27 pm
Forum: RouterOS beta
Topic: ipv4 LAN activity on WAN port w/o NAT on sniffer??
Replies: 6
Views: 1346

Re: ipv4 LAN activity on WAN port w/o NAT on sniffer??

So I finally figured it out. Dam Mikrotik, that was a brain twister.
Nothing to do with Mikrotik. This is networking 1-0-1... Any router, will give you the exact same result.
by savage
Fri Mar 11, 2022 3:21 pm
Forum: RouterOS beta
Topic: Limited WireGuard troughput over Gbit WAN
Replies: 9
Views: 2018

Re: Limited WireGuard troughput over Gbit WAN

I don't think CPU usage is a problem. As you said, the 5009 should do more and runs at a maximum of 39%. The CHR runs at 4x 4.0GHz with less than 10%. ...running a similar setup (RB4011 with 1G/55M I-Net and 1x3GHz/2M CHR,) I can confirm, that 450Mbps is max for traffic via the wg-link. As RB4011 a...
by savage
Fri Mar 11, 2022 10:56 am
Forum: General
Topic: Blocking IP's by region [SOLVED]
Replies: 22
Views: 34728

Re: Blocking IP's by region [SOLVED]

I don't see how the info I posted is inaccurate. It contains a bash snippet which downloads current allocations directly from RIPE's ftp. It builds the download URL using current system date. You can check RIPE's ftp contents using this http mirror: https://ftp.ripe.net/pub/stats/ripencc/ . As you ...
by savage
Thu Mar 10, 2022 5:07 pm
Forum: RouterOS beta
Topic: ROSv7 equivalent of /routing/bgp/advertisements print
Replies: 49
Views: 24842

Re: ROSv7 equivalent of /routing/bgp/advertisements print

Reasons not to use ROS7...
by savage
Thu Mar 03, 2022 9:12 pm
Forum: General
Topic: RB4011 and RB1100 AHx4 "bricks" randomly
Replies: 222
Views: 77758

Re: RB4011 and RB1100 AHx4 "bricks" randomly

I suggest you scheduling a reboot every 7/14 days in the night to refresh the routers. I solved in this way when I got bricked 4011...
Restarting a core network device, holding millions of BGP routes, is not a way to 'solve' a problem. Glad it works for you though.
by savage
Mon Feb 28, 2022 3:02 am
Forum: General
Topic: Free eBGP for EU countries
Replies: 0
Views: 1557

Free eBGP for EU countries

* MODS: Please remove if inappropriate * Hi Everyone, I've been running a eBGP service for quite some time privately to protect my own network infrastructure via BGP, instead of using Firewall ACLs. It is significantly less resource intensive to null-route a IP address, vs. having to firewall it. Up...
by savage
Tue Feb 22, 2022 1:19 pm
Forum: Announcements
Topic: v7.1.3 is released!
Replies: 251
Views: 55666

Re: v7.1.3 is released!

Hi,

Upgrading from 6.48.x to 7.1.x - NTP client not working... stuck on waiting.
Works fine here...
by savage
Tue Feb 08, 2022 7:47 pm
Forum: RouterOS beta
Topic: Disable Unused Packages
Replies: 14
Views: 9470

Re: Disable Unused Packages

With many things, if you don't enable them, all they do is eating some disk space. I'd understand the poor souls with 16MB storage devices, but why do you worry about it, when yours has half a gigabyte? :) Because with all things, there's a little thing called bugs. What do you think happens when 7...
by savage
Thu Feb 20, 2020 3:19 pm
Forum: General
Topic: PPPoE different IP after disconnect/connect
Replies: 4
Views: 2729

Re: PPPoE different IP after disconnect/connect

Mikrotik as far as I remember, allocates IPs out of the pools on a first-come, first-served basis. Which ever first IP is available in the pool, will be allocated. If user A disconnects, no one else connects, and user A reconnects an hour later, they will get the same IP. If user A disconnects, user...
by savage
Thu Feb 20, 2020 10:15 am
Forum: General
Topic: QinQ advice needed!
Replies: 12
Views: 5135

Re: QinQ advice needed!

Just an FYI - QinQ requires jumbo frames. 1500 byte frames aren't enough to encapsulate a VLAN inside a VLAN.

Not sure if it is/isn't the issue but worth noting regardless as you'll run into massive fragmentation issues once you actually start pushing data.
by savage
Mon Feb 17, 2020 8:47 am
Forum: Forwarding Protocols
Topic: Maximum amount of BGP routes in MikroTik routes
Replies: 2
Views: 5938

Re: Maximum amount of BGP routes in MikroTik routes

It will hold the routes with minimal memory - that's not the problem. Changing the routes in the actual routing table, will take 5+ minutes however. It learns the routes via BGP fairly quickly, but it updates, -notoriously- slowly. Failing over a full table (880K+ routes) will take you 30 minutes, e...
by savage
Fri Feb 14, 2020 11:30 am
Forum: RouterBOARD hardware
Topic: Ccr 1009 power issue
Replies: 12
Views: 6227

Re: Ccr 1009 power issue

BTW, just because there is 0 printed on it, don't assume it's 0 ohm.

Be that what it may, as others have said... There's way more wrong with your RB than a blown resistor. There's a reason why it blew.
by savage
Wed Feb 12, 2020 1:27 pm
Forum: Beginner Basics
Topic: [SETUP FILTER RULES] VLAN
Replies: 7
Views: 3446

Re: [SETUP FILTER RULES] VLAN

Your rule allows for .30 to talk to .31. You don't have a rule to allow .31 to talk to .30
by savage
Wed Feb 12, 2020 1:26 pm
Forum: Beginner Basics
Topic: BUG - Route filter BGP AS PATH
Replies: 2
Views: 1822

Re: BUG - Route filter BGP AS PATH

AS Path filters are regular expressions. You don't have a regular expression in your filter.
by savage
Tue Jan 14, 2020 12:03 pm
Forum: Forwarding Protocols
Topic: Cymru-TEAM (UTRS) Blackholing problem
Replies: 4
Views: 3253

Re: Cymru-TEAM (UTRS) Blackholing problem

CYMRU provides examples for Mikrotik - use them, they work.
by savage
Thu Nov 14, 2019 3:54 pm
Forum: RouterBOARD hardware
Topic: x86 routers
Replies: 2
Views: 2983

Re: x86 routers

ta!
by savage
Thu Nov 14, 2019 10:00 am
Forum: RouterBOARD hardware
Topic: x86 routers
Replies: 2
Views: 2983

x86 routers

Hi guys, For the love of me, I can't find it now. Can someone recommend a few of these manufacturers that sells (pref. modular) x86, 1U routers running 'Tik. I know there's a few of them with modular SFP/SFP+/Copper ports/interfaces, running on Xeon processors. Just can't remember the names now. And...
by savage
Wed Nov 06, 2019 1:27 pm
Forum: General
Topic: LACP Bonding + VLAN (2 x 10G SFP+) Problem
Replies: 5
Views: 2216

Re: LACP Bonding + VLAN (2 x 10G SFP+) Problem

The VLAN and the Bond has the same MAC address - Cisco's doesn't like this, and MT refuses to add functionality in order to change MAC addresses for VLANs. The VLAN will always have the same MAC as the parent interface. This would be especially troublesome if the provider does some kind of MAC filte...
by savage
Thu Oct 31, 2019 11:21 am
Forum: Scripting
Topic: Object-Oriented Perl API at CPAN
Replies: 18
Views: 6392

Re: Object-Oriented Perl API at CPAN

Adding route: 100.100.0.0/24 >>> /ip/route/add >>> =type=blackhole >>> =bgp-origin=igp >>> =bgp-communities=65000:5002 >>> =dst-address=100.100.0.0/24 start read_len read_len got 5 recv 5 <<< !trap start read_len read_len got 64 recv 64 <<< =message=value of dst-address must have number address aft...
by savage
Thu Oct 31, 2019 11:00 am
Forum: Scripting
Topic: API - route adding...
Replies: 0
Views: 2100

API - route adding...

Hi All, Adding route: 100.200.0.0/16 >>> /ip/route/add >>> =.type=blackhole >>> =.bgp-communities=65000:5002 >>> =.dst-address=100.200.0.0/16 >>> =.bgp-origin=igp start read_len 1 Am I missing something? A return of 1 means it's not likeing something in the parameters? I'm not sure what?
by savage
Thu Oct 31, 2019 10:16 am
Forum: Scripting
Topic: perl API client
Replies: 109
Views: 68542

Re: perl API client

Can we get these libs updated please?

They no longer work after the recent changes made by Mikrotik.
by savage
Wed Oct 30, 2019 3:54 am
Forum: RouterBOARD hardware
Topic: CCR1072 Mikrotik Copper SFPs
Replies: 0
Views: 2337

CCR1072 Mikrotik Copper SFPs

Image

wtf? LC connector, but a RJ45 SFP?

Yes - the port is down, and not coming up.... Wonderful.

CCR1072-1G-8S+
by savage
Thu Oct 17, 2019 1:54 pm
Forum: Forwarding Protocols
Topic: OSPF - distribute static route to selective neighbor instead of all neighbors
Replies: 4
Views: 3077

Re: OSPF - distribute static route to selective neighbor instead of all neighbors

I don't believe it's possible (Mikrotik or not) to implement filters per neighbor in OSPF...

Use BGP. That's one way to solve your issues.
by savage
Thu Oct 17, 2019 12:59 pm
Forum: General
Topic: Is there an new exploit going around?
Replies: 57
Views: 22765

Re: Is there an new exploit going around?

- are you seriously using "admin" ?
Oh yes - that's the other thing I do by default. admin username is deleted / renamed.
by savage
Thu Oct 17, 2019 12:00 pm
Forum: General
Topic: Is there an new exploit going around?
Replies: 57
Views: 22765

Re: Is there an new exploit going around?

In general management ports like SSH and Winbox should not be open to internet by default. +1 All my routers have *all* management services firewalled and only accessible from a management address-list, unused services disabled. Not one of my routers has been hit. Only thing accessible from 0.0.0.0...
by savage
Tue Oct 15, 2019 4:00 pm
Forum: Beginner Basics
Topic: Is the vpn ip pool created by quicksetup correct? [SOLVED]
Replies: 4
Views: 1642

Re: Is the vpn ip pool created by quicksetup correct? [SOLVED]

255 is a broadcast address when the subnet's broadcast address falls there (i.e., x.x.x.255/24)

VPNs and (more specifically) PPP, uses point-to-point addressing. There is no network, nor broadcast address at play.
by savage
Tue Oct 15, 2019 9:39 am
Forum: RouterBOARD hardware
Topic: New High Performance Routers ! ?
Replies: 85
Views: 25955

Re: New High Performance Routers ! ?

Can also confirm, I've done some serious traffic under serious loads on a CHR (ESX).

The problem is however, it's not always feasible to put down a x86 host for virtualization. When it's possible though, it's a no-brainer.
by savage
Wed Oct 09, 2019 2:00 pm
Forum: General
Topic: Slow connection via mikrotik
Replies: 18
Views: 8390

Re: Slow connection via mikrotik

If there really isn't anything configured on the router as you claimed, it can only be a layer 1 / layer 2 issue.

Check Ethernet cables, ports, errors, duplex mismatches, etc.
by savage
Mon Oct 07, 2019 1:41 pm
Forum: RouterBOARD hardware
Topic: New High Performance Routers ! ?
Replies: 85
Views: 25955

Re: New High Performance Routers ! ?

18 Gbit/s, when in the web page says that it can pass until 80 Gbit/s. There is something weird. Can you post your export with hide-sensitive option? Regards. MT's estimates, are extremely optimistic. The tests are done virtually with a blank router, doing absolutely nothing at all - it doesn't rep...
by savage
Fri Oct 04, 2019 11:12 am
Forum: Forwarding Protocols
Topic: Filters for +500 prefixes
Replies: 9
Views: 5026

Re: Filters for +500 prefixes

Cisco, Juniper, Huawei, Alcatel, etc... all have the option to create a "prefix-list" for filters. I'm surprised Mikrotik doesn't offer this option...
/routing filter ?

what's your problem?
by savage
Thu Sep 26, 2019 5:44 pm
Forum: Beginner Basics
Topic: Cannot ping/trace NATed public ip
Replies: 1
Views: 877

Re: Cannot ping/trace NATed public ip

add action=dst-nat chain=dstnat dst-address=11.22.33.44 in-interface=WAN to-addresses=192.168.0.69

add src-address=!<your internal IP range>, or exclude your public IP as a dst-address from your masquerade rule.

You can't masq yourself out, and expect to come back in.
by savage
Mon Sep 23, 2019 3:15 pm
Forum: RouterOS beta
Topic: Torrent client
Replies: 59
Views: 36057

Re: Torrent client

Don't know what MT was thinking to add a torrent client, in a router?!?!?!?!

+1 - remove.
by savage
Fri Sep 13, 2019 3:53 pm
Forum: General
Topic: Yet another GRE not working [SOLVED]
Replies: 7
Views: 7032

Re: Yet another GRE not working [SOLVED]

As the devices are 1:1 nated,

/ip ipsec profile
set [ find default=yes ] dh-group=modp1024 nat-traversal=no

nat-traversal on the default policies needs to be enabled.
by savage
Fri Sep 13, 2019 9:05 am
Forum: RouterBOARD hardware
Topic: Hardware bandwidth limitation? [SOLVED]
Replies: 16
Views: 11365

Re: Hardware bandwidth limitation? [SOLVED]

Setting flow-control to off seems to have solved it... I have no idea why it wasn't off, is off the default? Flow control is supposed to be a good thing, if you have a limited speed (less than ethernet line rate), limited buffer depth device between you and the next hop. http://virtualthreads.blogs...
by savage
Thu Sep 12, 2019 6:55 pm
Forum: RouterBOARD hardware
Topic: Hardware bandwidth limitation? [SOLVED]
Replies: 16
Views: 11365

Re: Hardware bandwidth limitation? [SOLVED]

set [ find default-name=ether1 ] rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether2 ] mtu=1280

Why are you running a 1280 MTU? Set flow-control to off too.

This isn't a standard config, there's a LOT of "other" stuff here.
by savage
Thu Sep 12, 2019 3:38 pm
Forum: General
Topic: Schedule for 1st of every month
Replies: 9
Views: 6000

Re: Schedule for 1st of every month

:if ([/system clock get date]~"/01/") do={
#place instructions here
};
Wouldn't that also run every day on the first month?
by savage
Thu Sep 05, 2019 10:17 am
Forum: Beginner Basics
Topic: 1 interface, 2 vlans, prioritize Vlan2 95%
Replies: 8
Views: 2533

Re: 1 interface, 2 vlans, prioritize Vlan2 95%

Well, VLANs are Layer 2 - I don't believe you can "guarantee" layer 3 capacity.

If you have a 100mbps interface, give vlan1 95mbps, and vlan2 5mbps via simple queues. More than that, I don't think you can do.
by savage
Wed Aug 07, 2019 9:44 am
Forum: RouterBOARD hardware
Topic: Minimum fibre length between S-3553LC20D
Replies: 10
Views: 4142

Re: Minimum fibre length between S-3553LC20D

The SFP's will automatically increase/decrease power as needed. There's no minimum distance for a fiber cable. Maximum limitations are provided as there is loss / fade over long cable runs.
by savage
Tue Aug 06, 2019 10:24 am
Forum: General
Topic: No doubts. It's highly useful stuff.
Replies: 2
Views: 1008

Re: No doubts. It's highly useful stuff.

Also hate these default configs they started implementing. Makes life unnecessarily difficult
by savage
Fri Aug 02, 2019 6:59 pm
Forum: Forwarding Protocols
Topic: question about bgp full table from 2 different provider
Replies: 7
Views: 3481

Re: question about bgp full table from 2 different provider

when i change weight/local pref then it takes about 3-5m for update the weights because i haveabout 4m routes in my route table. how in the heck do you have 4m routes, are you not filtering out anything smaller than a /24 ? Of course, don't except anything smaller than /24. Two or three full tables...
by savage
Fri Aug 02, 2019 2:49 pm
Forum: RouterBOARD hardware
Topic: RB4011 Meltdown
Replies: 4
Views: 3068

Re: RB4011 Meltdown

Seen this happen on other networking kits where power was supplied to Ethernet ports that should not be getting power yes.
by savage
Mon Jul 29, 2019 10:37 am
Forum: Scripting
Topic: mass-enable all of my vlan using script
Replies: 7
Views: 4184

Re: mass-enable all of my vlan using script

/interface vlan [ /interface vlan find ] set disabled=[no|yes]
by savage
Sat Jul 20, 2019 1:33 am
Forum: Scripting
Topic: am i missing something???
Replies: 2
Views: 2021

Re: am i missing something???

:if ([/ip ipsec policy get [find dst-address=10.0.0.0/16] value-name=dst-address] = 10.0.0.0/16) do={ :put found } else={ :put notfound } works when there is a policy matching 10.0.0.0, but returns a "no such item" error on a check when there isn't a policy. Why return an error? shouldn't...
by savage
Sat Jul 20, 2019 1:21 am
Forum: Scripting
Topic: am i missing something???
Replies: 2
Views: 2021

am i missing something???

Flags: T - template, X - disabled, D - dynamic, I - invalid, A - active, * - default # PEER TUNNEL SRC-ADDRESS DST-ADDRESS PROTOCOL ACTION LEVEL PH2-COUNT 0 T * ::/0 ::/0 all 1 A TRANS-GW #1 yes 0.0.0.0/0 a.b.23.213/32 all encrypt require 1 2 A TRANS-GW #1 yes 0.0.0.0/0 c.d.30.0/24 all encrypt requ...
by savage
Mon Jul 15, 2019 4:23 pm
Forum: Forwarding Protocols
Topic: OSPF state changes on long Ethernet POE leads
Replies: 2
Views: 2540

Re: OSPF state changes on long Ethernet POE leads

I would also pin this rather on an underlying ethernet issue. 20+ flaps in 24 hours is a lot.

Ethernet errors, packet loss? anything at all wrong with the links?
by savage
Tue Jul 09, 2019 9:30 am
Forum: General
Topic: Which types of ports would you like to see for a high speed router
Replies: 179
Views: 58560

Re: Which types of ports would you like to see for a high speed router

Once per three years is more than enough.
LOL
by savage
Fri Jul 05, 2019 6:07 pm
Forum: General
Topic: IPv6 gre
Replies: 5
Views: 1751

Re: IPv6 gre

Thnx for the explanation guys. Makes sense.
by savage
Fri Jul 05, 2019 5:02 pm
Forum: General
Topic: IPv6 gre
Replies: 5
Views: 1751

Re: IPv6 gre

What happens if you set do-not-fragment while pinging the IPv4 address? do-not-fragment=yes then as expected, IPv4 fails as well as IPv6 do-not-fragment=no then as expected IPv4 works, but not as expected IPv6 does not. I don't believe do-not-fragment is applied to IPv6 traffic on a IPv4 gre tunnel...
by savage
Fri Jul 05, 2019 4:46 pm
Forum: General
Topic: IPv6 gre
Replies: 5
Views: 1751

IPv6 gre

Hi Guys, Two routers, identical configuration: /interface gre add allow-fast-path=no ipsec-secret="blah" local-address=192.168.24.98 mtu=1520 name=gre-tunnel1 remote-address=192.168.24.54 /ipv6 address add address=X:X:X:101::16/126 advertise=no interface=gre-tunnel1 /ip address add address...
by savage
Thu Jul 04, 2019 9:02 am
Forum: Forwarding Protocols
Topic: OSPF Force path for specific subnet
Replies: 6
Views: 3825

Re: OSPF Force path for specific subnet

Static routes. Pretty much all that comes to mind.

OSPF can't manipulate cost per route, only per interface.
by savage
Thu Jun 27, 2019 11:02 am
Forum: Forwarding Protocols
Topic: OSPF Randomly Down Every 2-3 Days
Replies: 1
Views: 2719

Re: OSPF Randomly Down Every 2-3 Days

No outages on the L2 circuit? Even briefly (a few seconds) that is long enough for a packet to disappear / be lost?

I've seen similar issues where one router would transmit a packet through a L2 provider circuit, and the packet doesn't get to the remote side, causing OSPF to get confused.
by savage
Mon Jun 24, 2019 10:16 am
Forum: Forwarding Protocols
Topic: OSPF Linux MikroTik
Replies: 6
Views: 5242

Re: OSPF Linux MikroTik

I don't believe you'll be able to run OSPF inside AWS. They block Multicast / Broadcasts.

I also believe (not sure if it's fixed yet) that there is/was issues with OSPF over ipip. Not 100% on this, but I recall something like this.
by savage
Thu Jun 13, 2019 9:22 am
Forum: Wireless Networking
Topic: Wi-fi RADIUS Assigned VLAN based on user/password, troubleshooting help
Replies: 5
Views: 3285

Re: Wi-fi RADIUS Assigned VLAN based on user/password, troubleshooting help

viewtopic.php?t=119494

Contains in details what is required and what you are missing, and also covers a small bug (which I don't know whether it's fixed yet or not).
by savage
Thu Jun 06, 2019 12:23 pm
Forum: RouterBOARD hardware
Topic: Mikrotik SFP / Cisco
Replies: 3
Views: 3360

Mikrotik SFP / Cisco

Hi Guys, Anyone here using the Mikrotik MM / SM SFP modules on Cisco 9200 switches (1G links)? I know there are IOS commands and what not for the Cisco to "make it work" with 3rd party optics - this doesn't guarantee compatibility though. Just figured I'd ask to see whether I can get confi...
by savage
Thu Jun 06, 2019 9:41 am
Forum: Forwarding Protocols
Topic: question about bgp full table from 2 different provider
Replies: 7
Views: 3481

Re: question about bgp full table from 2 different provider

And that's precisely the problem with BGP being single threaded in MT.

Unfortunately, there's no way to speed up the time the convergence takes on MT currently. Your stuck at a few minutes of downtime, or alternately, use different routers.
by savage
Thu May 30, 2019 2:36 pm
Forum: Beginner Basics
Topic: Managing two separate subnet with same class addresses
Replies: 9
Views: 2874

Re: Managing two separate subnet with same class addresses

Only way to do this without messing things up, is to use a VRF
by savage
Mon May 20, 2019 3:44 pm
Forum: Beginner Basics
Topic: Can mikrotik get all the bandwidth of 100Mbps internet from ISP?
Replies: 13
Views: 9624

Re: Can mikrotik get all the bandwidth of 100Mbps internet from ISP?

You are using PPPoE, which has overhead on the protocol.

I don't believe 90Mbps on a 100Mbps PPPoE account, is unrealistic TBH.

EDIT: As you've mentioned as well... Yes, use 1Gbps ports, not 10/100. It does make a difference.
by savage
Mon May 20, 2019 11:31 am
Forum: General
Topic: weird bgp-filter bug
Replies: 3
Views: 2292

Re: weird bgp-filter bug

Filters has been buggy for as long as I can remember. It's not something you want to change and/or update frequently. Refreshing the (bgp) peer, or changing the order of the filter rules, may cause the BGP process to re-read and process the updated filter, but yes. It's kinda a hit and a miss at thi...
by savage
Thu May 16, 2019 3:36 pm
Forum: General
Topic: 70m cable with MikroTik
Replies: 8
Views: 2111

Re: 70m cable with MikroTik

At those distances, I would just pull fiber and forget about copper all together.

I've seen many (even CAT6) cables where the copper qty in the cable was low. Errors started to happen from as near as 60m.
by savage
Fri May 10, 2019 11:24 am
Forum: RouterBOARD hardware
Topic: Need more than one SFP interface at the level of $100 and $200
Replies: 8
Views: 2607

Re: Need more than one SFP interface at the level of $100 and $200

CRS326
CRS112
CRS305

?
Those are switches, not routers.
by savage
Tue May 08, 2018 12:04 pm
Forum: General
Topic: RADIUS answer ignored
Replies: 4
Views: 1409

Re: RADIUS answer ignored

We are also seeing this on CCRs from time to time...
by savage
Thu Mar 29, 2018 2:50 pm
Forum: General
Topic: Winbox Not Detecting RouterBoard
Replies: 31
Views: 34799

Re: Winbox Not Detecting RouterBoard

It's an issue with new ROS default configs & ROS versions shipped, and firmware... I've probably installed over 200 RB750's over the last two months (and other RBs). All of them, I've had to use a specific ethernet port and/or wireless, upgrade ROS, reboot (twice, because after the first reboot ...
by savage
Tue Mar 13, 2018 1:22 pm
Forum: General
Topic: RADIUS Client - SessionID not globally unique
Replies: 7
Views: 2836

Re: RADIUS Client - SessionID not globally unique

Acct-Session-Id is not globally unique, it is not per NAS unique, and it is not unique across reboots.

https://tools.ietf.org/html/rfc2866#page-15 The RFC makes no requirement for the attribute to be unique.
by savage
Sat Feb 17, 2018 2:44 pm
Forum: General
Topic: interface bonding with SFP+ and Ethernet
Replies: 1
Views: 1608

Re: interface bonding with SFP+ and Ethernet

For LACP all interfaces must be of the same speed & duplex.

You can use a SPF+ port, but needs to be a SFP (1G) module, and not a SPF+ (10G) module.

You can run SPF (1G) and copper together in a LACP, no problems there.
by savage
Sat Feb 17, 2018 12:09 pm
Forum: Wireless Networking
Topic: PoE Voltage Drops
Replies: 9
Views: 2827

Re: PoE Voltage Drops

14V at the end of a 130M 24AWG (presumably) cable run is actually quite good. The voltage drop is quite normal over that distance, but it SHOULD be sufficient as the RB's SHOULD operate on 12V. As others suggested, I would also recommend trying a 30V PSU. Just to be safe. My guess however, is that y...
by savage
Wed Feb 14, 2018 8:16 am
Forum: General
Topic: Where is VRF, Route Rules, and Routing table selector for IPv6
Replies: 1
Views: 1534

Re: Where is VRF, Route Rules, and Routing table selector for IPv6

Not yet supported. Many, many, IPv6 stuff isn't fully implemented yet in ROS.

PPP & IPv6 is also severely lacking.
by savage
Wed Jan 17, 2018 5:40 pm
Forum: Wireless Networking
Topic: 60GHz multipoint, share your experience
Replies: 37
Views: 21427

Re: 60GHz multipoint, share your experience

I'm sure it will be resolved in v7 ;)
:lol:
by savage
Thu Dec 14, 2017 5:24 pm
Forum: Wireless Networking
Topic: NV2 sync issues and solutions
Replies: 91
Views: 18541

Re: NV2 sync issues and solutions

I guess us moving into Mimosa was the right decision in the end.
+1

Love it how mikrotik pretty much just don't care.
by savage
Thu Dec 14, 2017 8:41 am
Forum: General
Topic: [exploit-db.com] MikroTik 6.40.5 ICMP - Denial of Service
Replies: 16
Views: 6496

Re: [exploit-db.com] MikroTik 6.40.5 ICMP - Denial of Service

This is not an exploit.
Yes - that's precisely why the topic says Denial of Service, and not Exploit :lol:

Funny how most devices have things like control plane policing, to limit things like this.
by savage
Mon Dec 11, 2017 10:46 am
Forum: Wireless Networking
Topic: NV2 sync issues and solutions
Replies: 91
Views: 18541

Re: NV2 sync issues and solutions

Further to stop using CCRs in it's entirety (PSU issues, BGP issues), we too, are seriously considering alternatives (Cambium / Mimosa) to Mikrotik on the wireless side. Mikrotik's loosing traction fast. Unless v7 is a magic bullet that gets released, very, very soon... I see tough times ahead for M...
by savage
Sun Dec 10, 2017 6:45 pm
Forum: Forwarding Protocols
Topic: Multiple VPN over single PPPoe-out
Replies: 1
Views: 955

Re: Multiple VPN over single PPPoe-out

Add a null / blackhole route with a high metric. That will catch the traffic when the VPN isn't active. When the VPN becomes active, it will install a route with a lower metric, and the lower metric route will take preference, routing your traffic normally over the VPN.
by savage
Sat Dec 02, 2017 8:47 am
Forum: General
Topic: Forum troubles
Replies: 39
Views: 6875

Re: Forum troubles

Also still frequently seeing DB errors, and waiting minutes (literally) for pages to load...
by savage
Thu Nov 30, 2017 2:01 pm
Forum: General
Topic: Forum troubles
Replies: 39
Views: 6875

Re: Forum troubles

ditto
by savage
Mon Nov 27, 2017 9:04 am
Forum: Wireless Networking
Topic: Nv2 limitations??
Replies: 23
Views: 5525

Re: Nv2 limitations??

So then why we only seeing 20-30Mbps throughput on the APs? :D Back to square one... running a loop here... one more time ; a client with Rx-rate connection rate of 52Mbps will have throughput of more or less 30Mbps when doing bandwidth test. at that moment the total bandwidth available to all clie...
by savage
Sun Nov 26, 2017 9:07 pm
Forum: Wireless Networking
Topic: Nv2 limitations??
Replies: 23
Views: 5525

Re: Nv2 limitations??

. And when it's NOT active, you sit with links with 3% or 5% CCQ, which degrades the performance of the links that IS active... How ? , only active low data rates that are degrading throughput of AP. Thats basic wifi behaviour. Idle connections almost none. So then why we only seeing 20-30Mbps thro...
by savage
Sun Nov 26, 2017 8:38 pm
Forum: Wireless Networking
Topic: Nv2 limitations??
Replies: 23
Views: 5525

Re: Nv2 limitations??

What makes this interesting, is that CCQ drops when the link is idle and there's no traffic. Yet, when there's traffic all CCQs are well over the 80% and we still only get about 30Mbps / 35Mbps. CCQ can only be measured with active traffic. Well... DUH, of course. And when it's NOT active, you sit ...
by savage
Sun Nov 26, 2017 7:21 am
Forum: Wireless Networking
Topic: Nv2 limitations??
Replies: 23
Views: 5525

Re: Nv2 limitations??

We're sitting with the same thing... What makes this interesting, is that CCQ drops when the link is idle and there's no traffic. Yet, when there's traffic all CCQs are well over the 80% and we still only get about 30Mbps / 35Mbps. Given that CCQ drops when links are idle, just how are you supposed ...
by savage
Mon Nov 13, 2017 6:40 pm
Forum: General
Topic: pppoe-relay
Replies: 29
Views: 23521

Re: Re:

Indeed. And now read what I said, setup the bridges, setup the EoIP tunnel between the MT Box and the PPPoE Server, and it should work. If you get the PPPoE Requests at the MT, there is no reason why you cannot tunnel it to kingdom come, if you so desire. EoIP - it's a trick, it's not a solution. E...
by savage
Sat Nov 11, 2017 2:25 pm
Forum: General
Topic: is address-list timeout broken? [SOLVED]
Replies: 2
Views: 1608

Re: is address-list timeout broken? [SOLVED]

Thnx for confirming.
by savage
Sat Nov 11, 2017 1:22 pm
Forum: General
Topic: is address-list timeout broken? [SOLVED]
Replies: 2
Views: 1608

is address-list timeout broken? [SOLVED]

Hi,

ROS 6.39.3 (bugfix)...
/ip firewall address-list add address=127.0.0.1 comment="_TEST_" list="test" timeout=00:02:00
Never mind what values I use for timeout, the dynamic rule is created, but after 10 to 20 seconds, the rule is removed again... :o
by savage
Wed Nov 08, 2017 12:24 pm
Forum: General
Topic: Freeradius Sim-Use not working with Mikrotik Hotspot
Replies: 5
Views: 3281

Re: Freeradius Sim-Use not working with Mikrotik Hotspot

You can not use simultaneous use without checkrad. If the radius server misses an accounting stop it's not going to close the session. The only way to know whether the session is active or not is to query he nas. These things aren't out of the box configurations. It requires a lot of work and custom...
by savage
Mon Nov 06, 2017 8:24 pm
Forum: Wireless Networking
Topic: What is the point of an 802.11ac router with 10/100 ethernet?
Replies: 10
Views: 3354

Re: What is the point of an 802.11ac router with 10/100 ethernet?

Remember your 300 Mbps speed is in a single direction only, actual traffic will be both ways and a 100 Mbps fullduplex ethernet connection could in theory transfer up to 200 Mbps added. Nice math :) So yes, whilst it's 300mbps in a single direction, a 10/100 port CAN NOT, and NEVER WILL be able to ...
by savage
Mon Nov 06, 2017 8:19 pm
Forum: General
Topic: Freeradius Sim-Use not working with Mikrotik Hotspot
Replies: 5
Views: 3281

Re: Freeradius Sim-Use not working with Mikrotik Hotspot

https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/doc/configuration/simultaneous_use You need to *read* this, to understand how it works. It's not just a matter of slapping a few attributes into a radius request. Pay attention especially to section 3 in the documentation, IMPLEMENTATION, a...
by savage
Thu Oct 26, 2017 9:49 am
Forum: Beginner Basics
Topic: Allowing 100 sip connection to pbx
Replies: 5
Views: 1886

Re: Allowing 100 sip connection to pbx

Due to the connection-tracking required, I think connection-limit only applies to TCP traffic, not UDP.

I may be wrong on this one, but I'm fairly sure that's what your problem is. You also want to be on the forward chain, not the input chain (your three connection-tracking rules).
by savage
Wed Oct 25, 2017 9:43 am
Forum: General
Topic: Radius timeout limit
Replies: 4
Views: 2133

Re: Radius timeout limit

Yes in single authentication, but when you have dual authentication (like one time password - OTP) than we want to give users more time to enter it.... And giving the use time to enter a OTP, has nothing to do with the duration of the AAA *request*. The *request* is only sent AFTER the user entered...
by savage
Tue Oct 24, 2017 6:05 pm
Forum: General
Topic: Radius timeout limit
Replies: 4
Views: 2133

Re: Radius timeout limit

Uhm.

20s is WAY to long for a AAA response, by that time, your client would long have given up trying to authenticate. You want to handle AAA within 2 or 3 seconds (tops).
by savage
Thu Oct 12, 2017 8:28 pm
Forum: Wireless Networking
Topic: Quick Q re Station & connect-list
Replies: 0
Views: 894

Quick Q re Station & connect-list

Hi, From the docs (https://wiki.mikrotik.com/wiki/Manual:Interface/Wireless#Connect_List) Operation: connect-list rules are always checked sequentially, starting from the first. disabled rules are always ignored. Only the first matching rule is applied. If connect-list does not have any rule that ma...
by savage
Tue Oct 10, 2017 7:59 pm
Forum: General
Topic: Intel SFP+ support?
Replies: 15
Views: 8469

Re: Intel SFP+ support?

Hi, We are using a CCR1072-1G-8S+ as our core router. In the near future we will attach two 10gig links to it with a dualport Intel x710 with sr optics: https://www.intel.com/content/www/us/en/ethernet-products/optics-cables/ethernet-sfp-optics-brief.html?wapkw=intel%20SFP%20%20optics As Intel stat...
by savage
Thu Oct 05, 2017 7:09 pm
Forum: Forwarding Protocols
Topic: IPv6 recursive nexthops via iBGP
Replies: 110
Views: 49692

Re: IPv6 recursive nexthops via iBGP

I gave up on mikrotik when we moved to a dual stack network because of this bug. You can find new Juniper SRX routers pretty cheaply if you look hard. Don’t pay more than 25% of the list cost, though. I'm in the same boat. Can't use MT in my core / borders. MT is definitely not aware of the actual ...
by savage
Wed Oct 04, 2017 8:17 pm
Forum: General
Topic: Internet configuration with CGNAT
Replies: 9
Views: 6348

Re: Internet configuration with CGNAT

/interface vlan add name=wan vlan-id=20 interface=ether1 /ip address add address=100.64.139.40/30 interface=wan /ip route add dst=0.0.0.0/0 gateway=100.64.139.39 /ip firewall nat add chain=srcnat out-interface=wan action=src-nat to-address=62.28.108.38 As you don't have 62.28.108.38 assigned to any...
by savage
Wed Oct 04, 2017 8:12 pm
Forum: General
Topic: Internet configuration with CGNAT
Replies: 9
Views: 6348

Re: Internet configuration with CGNAT

On your WAN Ethernet port... Create a VLAN with VLANID 20 On the VLAN interface, assign 100.64.139.40/30 Add default route to 100.64.139.39 Confirm that you can ping 100.64.139.39 (or at least see the MAC address under /ip arp), if not, there's no point in going further... If you can then; Create lo...
by savage
Sun Oct 01, 2017 6:58 pm
Forum: RouterBOARD hardware
Topic: CCR-1036-8G-2+ Crashing!
Replies: 3
Views: 1907

Re: CCR-1036-8G-2+ Crashing!

Do you monitor / graph the power levels of the device?

Sounds to me like it's the PSU failing... Quite a few people suffer from PSU issues on the CCRs, despite MT claiming nothing wrong, problem fixed, new PSU, etc...
by savage
Thu Sep 28, 2017 8:05 pm
Forum: Forwarding Protocols
Topic: Subnetting public /22 with PPPoE and OSPF
Replies: 8
Views: 2419

Re: Subnetting public /22 with PPPoE and OSPF

Well, if you want to use /29 as a base pool size and don't want to get painted into a corner because some tower is much more popular, then what you could do is allocate your initial /29 blocks sparsely and then simply increase to /28 at sites requiring it, then /27, etc. Amusing of course that that...
by savage
Sat Sep 23, 2017 5:34 pm
Forum: General
Topic: CCR1009-8G-1S-1Splus with 10gb uplink ?!
Replies: 7
Views: 2108

Re: CCR1009-8G-1S-1Splus with 10gb uplink ?!

As long as you're within the 300m distance limitation, yes. No reason why it won't work.
Why 300 meters. With S+31DLC10D single mode sfp+ 10km. It is compatible
Because the OP *specifically* mentions MM fiber?
by savage
Sat Sep 23, 2017 3:12 pm
Forum: General
Topic: CCR1009-8G-1S-1Splus with 10gb uplink ?!
Replies: 7
Views: 2108

Re: CCR1009-8G-1S-1Splus with 10gb uplink ?!

https://mikrotik.com/product/CCR1009-8G-1S-1Splus Clearly states 8 x 10/100/1000 Ethernet ports, 1 x SFP ports, and 1 x SFP+ ports (SFP+ = 10G) https://mikrotik.com/product/Splus85DLC03D Clearly states it's a SFP+ module (10G), and it supports 10Gbps. Not sure which datasheets you are looking at :)
by savage
Sat Sep 23, 2017 3:04 pm
Forum: General
Topic: CCR1009-8G-1S-1Splus with 10gb uplink ?!
Replies: 7
Views: 2108

Re: CCR1009-8G-1S-1Splus with 10gb uplink ?!

As long as you're within the 300m distance limitation, yes. No reason why it won't work.
by savage
Sat Sep 23, 2017 3:02 pm
Forum: General
Topic: CRS212 SFP ports with fiber and RJ45 SFPS (RJ45 does not works)
Replies: 1
Views: 1027

Re: CRS212 SFP ports with fiber and RJ45 SFPS (RJ45 does not works)

It's a known thing with various vendors and switches - it's not specifically related to MT. On gigabit Ethernet, auto negotiation negotiates a lot more than just speed & duplex. It's more than likely one of these other things that is negotiated, that is failing (for example flow control) - and t...
by savage
Fri Sep 22, 2017 6:24 pm
Forum: Beginner Basics
Topic: Only TCP/UDP port load balancing
Replies: 2
Views: 1392

Re: Only TCP/UDP port load balancing

Not with ECMP I believe, but something similar can be achieved by using https://wiki.mikrotik.com/wiki/Manual:PCC
by savage
Wed Sep 13, 2017 9:05 am
Forum: Beginner Basics
Topic: PPPoE - What am I doing wrong?
Replies: 5
Views: 3768

Re: PPPoE - What am I doing wrong?

You send a PPP echo, and the remote does not respond. Therefore, the link is closed. You said you haven't changed the MAC addresses. Have you tried to do so? I am going to go on a limb here and say that the PPPoE Service from the provider is tied to your MAC address and it will only work if the new ...
by savage
Tue Sep 12, 2017 1:21 pm
Forum: General
Topic: freeradius + Mikrotik
Replies: 2
Views: 1508

Re: freeradius + Mikrotik

Yes.

Run scripts on the accounting tables and close sessions which should not be open, or check the 'checkrad' scripts (which would also need customization) so that the radius server actually queries the nas to confirm whether or not a session is active.
by savage
Mon Sep 11, 2017 8:18 am
Forum: Wireless Networking
Topic: looking for the best wifi router (ISP)
Replies: 9
Views: 3941

Re: looking for the best wifi router (ISP)

wAP AC and RB952Ui-5ac2nD, but the wifi speed is very horrible. Never more than 50-60 mbps on a clean 5 ac channel with -55db The wan capable of 125mbps. See here . hAP AC & wAP AC are the best! I can do over 150Mbps on my cell phone, Yes, and the OP is speaking about ISP services. 1) Outdoors,...
by savage
Sun Sep 10, 2017 7:08 pm
Forum: Beginner Basics
Topic: Question about SC , APC UPC connectors
Replies: 8
Views: 3932

Re: Question about SC , APC UPC connectors

On the SFP it doesn't matter - as long as it is the correct connector. You don't get a APC and/or UPC SFP module. It's difficult to explain, but on a mid coupler, the plastic extending from the fiber connectors needs to be aligned correctly (either square (UPC) or angled (APC)). In a SPF module, the...
by savage
Sun Sep 10, 2017 7:00 pm
Forum: Wireless Networking
Topic: looking for the best wifi router (ISP)
Replies: 9
Views: 3941

Re: looking for the best wifi router (ISP)

Don't think you'll ever see the (real world) speeds you want on point to multi-point connections...

Definitely no where near those speeds with a -80 signal.
by savage
Sun Sep 10, 2017 6:56 pm
Forum: Beginner Basics
Topic: Question about SC , APC UPC connectors
Replies: 8
Views: 3932

Re: Question about SC , APC UPC connectors

Either a APC to UPC patch lead, or as you say, most commonly they just splice the required pigtail on to the fiber yes with the appropriate mid-coupler.

Personally, I don't buy into the whole APC thing being better...
by savage
Tue Sep 05, 2017 8:34 pm
Forum: RouterBOARD hardware
Topic: RB M11G 802.3af/at
Replies: 7
Views: 2495

Re: RB M11G 802.3af/at

Oh ok, I stand corrected - there's one :)
by savage
Tue Sep 05, 2017 6:34 pm
Forum: Forwarding Protocols
Topic: Subnetting public /22 with PPPoE and OSPF
Replies: 8
Views: 2419

Re: Subnetting public /22 with PPPoE and OSPF

Sounds like a good candidate for VPLS and a central PPPoE server exercise.
by savage
Tue Sep 05, 2017 6:26 pm
Forum: General
Topic: Feature Request : RFC 8195 "Use of BGP Large Communities"
Replies: 1
Views: 1873

Re: Feature Request : RFC 8195 "Use of BGP Large Communities"

Can pretty much guarantee you it won't be considered for anything other than ROS v7. There's been plenty discussions on here about large communities. MT always avoiding the issue with hacks and 'other' things to do, instead of proper large communities. We have a 32bit asn, and use a private 16bit as...
by savage
Tue Sep 05, 2017 6:23 pm
Forum: RouterBOARD hardware
Topic: RB3011UiAS-RM problem with power connector
Replies: 6
Views: 3618

Re: RB3011UiAS-RM problem with power connector

Or the product must just be designed better...

Have two 3011s here with the same issue. Like the CCR's, I've stopped buying them.
by savage
Tue Sep 05, 2017 6:20 pm
Forum: RouterBOARD hardware
Topic: RB M11G 802.3af/at
Replies: 7
Views: 2495

Re: RB M11G 802.3af/at

Knowing MT and looking at all their other products, I'd say passive POE is correct, and 802.3at/af is incorrect.

There's not one single MT device that runs on 802.3at/af
by savage
Thu Aug 31, 2017 11:20 am
Forum: RouterBOARD hardware
Topic: CCR1036 Power Supply
Replies: 81
Views: 32853

Re: CCR1036 Power Supply

If your seller provides no warranty, you can either replace the cap, like others posted above. To prolong the life of the cap, you can set the FAN mode to "redundant" which increases fan speed and brings temperature down by at least 3 degrees celsius. You can also mount the device in some...
by savage
Thu Aug 31, 2017 11:13 am
Forum: RouterBOARD hardware
Topic: CCR1036 Power Supply
Replies: 81
Views: 32853

Re: CCR1036 Power Supply

What will you offer to people having 1036 with the old design suffering on this problems? Contact the seller for warranty options, just like with any hardware issue. Does your re-sellers KNOW that replacement PSUs even exist? Again, see my comment(s) above which you so nicely ignored. We are being ...
by savage
Fri Aug 25, 2017 2:29 pm
Forum: General
Topic: Hardware suggestion
Replies: 2
Views: 1984

Re: Hardware suggestion

+1 - and in -precisely- the same situation as you, considering the options of MT as a "to the masses" CPE... Another good example to MT's lack of "adequate" fiber support, is the MANTBOXes for example. Simply no place what so ever to terminate / splice - never mind the actual pro...
by savage
Fri Aug 25, 2017 1:53 pm
Forum: General
Topic: PPPoE MSS clamp no working on upgrade
Replies: 17
Views: 12032

Re: PPPoE MSS clamp no working on upgrade

Check the changelogs. I suspect you'll need to contact MT about this.

I recall some version change where dynamic MSS rules was removed, and it is now apparently handled internally inside PPP itself.
by savage
Mon Aug 21, 2017 8:15 am
Forum: RouterBOARD hardware
Topic: CCR1036 Power Supply
Replies: 81
Views: 32853

Re: CCR1036 Power Supply

As far as I know, the last 6-8 months we are shipping units with an improved PSU, the C10 has been changed to a better one. Some parts have been changed to better handle the heating. Is there any way for a distributor to tell if they have the fixed version? I'm looking to deploy my first CCR1036 so...
by savage
Wed Aug 16, 2017 7:06 pm
Forum: General
Topic: Does this violate RFC?
Replies: 26
Views: 6262

Re: Does this violate RFC?

I was just curious if anyone thinks that the ROS implementation should not clobber the case of the actual DNS reply. (again, it shouldn't matter - I agree 100%) It more than likely shouldn't yes. But as you said - it shouldn't matter either. I'd perhaps just file a bug, and shove it under the ROS v...
by savage
Wed Aug 16, 2017 6:35 pm
Forum: General
Topic: Does this violate RFC?
Replies: 26
Views: 6262

Re: Does this violate RFC?

Think it's the lock being anal. If there's a RFC stating case sensitivity on DNS resolution, it would be the first that I hear about it.
by savage
Fri Aug 11, 2017 11:53 am
Forum: Forwarding Protocols
Topic: BGP not trying to reconnect more than once
Replies: 11
Views: 7874

Re: BGP not trying to reconnect more than once

I emailed support about this issue - feedback below: Yes, it is a known problem, it tries multiple times except that with each try and failure interval between tries increase. Currently solution for this problem when interval becomes too high is only disable/enable. This will change in ROS v7. From...
by savage
Fri Aug 11, 2017 9:33 am
Forum: Beginner Basics
Topic: Restrict download to 1 Gigabyte per day per user
Replies: 1
Views: 1091

Re: Restrict download to 1 Gigabyte per day per user

FreeRadius has modules to handle these kind of things, specifically.

It's not complicated to setup at all.. https://wiki.freeradius.org/modules/Rlm_sqlcounter
by savage
Thu Aug 03, 2017 4:21 am
Forum: General
Topic: new feature:Dynamic ppp address-lists
Replies: 33
Views: 19866

Re: new feature:Dynamic ppp address-lists

A real pity that this as well as filters, are only implemented for IPv4, and nothing for IPv6...
by savage
Thu Jul 27, 2017 2:30 pm
Forum: General
Topic: Ipv6 In Mikrotik
Replies: 5
Views: 1524

Re: Ipv6 In Mikrotik

Sounds like your ISP is doing it wrong, very wrong in fact.
+1

If that's how your ISP hands out IPv6, I suggest you find a new ISP...
by savage
Thu Jul 27, 2017 1:59 pm
Forum: Virtualization
Topic: Configuring a Trunk Port on ROS installed on top of VMWare Workstation
Replies: 8
Views: 4561

Re: Configuring a Trunk Port on ROS installed on top of VMWare Workstation

I think you are limited to E1000 cards if you use x86 but if you use CHR you can use vxmnet3 which will give more performance.
That's also true yes. x86 does not support vxmnet3, so no 10G.
by savage
Thu Jul 27, 2017 1:04 pm
Forum: Forwarding Protocols
Topic: BGP supplied route marked unreachable
Replies: 8
Views: 4582

Re: BGP supplied route marked unreachable

@savage it does not apply in this case. Recursive routing does not work only with link-local gateways. I beg to differ.... [cknipe@WCLH-BR01.cpt.za.as203319.net] > /ipv6 route print detail where gateway=2a07:b2c5::3 Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, o -...
by savage
Thu Jul 27, 2017 12:10 pm
Forum: Forwarding Protocols
Topic: BGP supplied route marked unreachable
Replies: 8
Views: 4582

Re: BGP supplied route marked unreachable

If this is for recursive routing, you need to manually add a static route in the tables for the gateway IP address. MT doesn't do recursive routing correctly in IPv6, it's a known bug.
by savage
Thu Jul 27, 2017 6:56 am
Forum: General
Topic: Mikrotik router duplicates every single IP address on the network
Replies: 12
Views: 3873

Re: Mikrotik router duplicates every single IP address on the network

Copy & Pasted the configurations across the 31 radios? Perhaps, including the statically configured MAC addresses?
by savage
Wed Jul 26, 2017 1:19 pm
Forum: Virtualization
Topic: Configuring a Trunk Port on ROS installed on top of VMWare Workstation
Replies: 8
Views: 4561

Re: Configuring a Trunk Port on ROS installed on top of VMWare Workstation

Does VMWare (Running inside Windows 10 PRO) support TRUNK interfaces? and How to achieve that?
VMWare Workstation no. You'd need to use ESXi (vSphere).
by savage
Tue Jul 25, 2017 3:25 pm
Forum: Forwarding Protocols
Topic: advertise IPv6 through ipv4 BGP peer
Replies: 2
Views: 2548

Re: advertise IPv6 through ipv4 BGP peer

Yes - Don't do it.

Separate sessions for IPv4 and IPv6 peering.
by savage
Fri Jul 21, 2017 2:49 pm
Forum: General
Topic: Radius auth issues
Replies: 16
Views: 8420

Re: Radius auth issues

The reason the radius is rejecting the request (ignoring it), is presumably because you have the client configured in radius with a src of 10.100.3.1, but the request is coming from 10.100.3.120. If you check the FR logs, or run FR in debug mode, you'd also notice big fat warnings and errors genera...
by savage
Fri Jul 21, 2017 11:48 am
Forum: General
Topic: Radius auth issues
Replies: 16
Views: 8420

Re: Radius auth issues

You configured ROS to use 10.100.3.1 as a src-address for radius requests, yet, the packet dump indicates that the request is originating from 10.100.3.120 (the local ethernet interface address). That would indicate to me that 10.100.3.1 is not assigned to the router. Do you have a loopback iterface...
by savage
Fri Jul 21, 2017 9:20 am
Forum: General
Topic: Radius Problem with WebFig
Replies: 19
Views: 7187

Re: Radius Problem with WebFig

I've been able to solve the issue, I can login via web and ssh with ActiveDirectory and FreeRadius. I can share the config if someone have problems. Maybe Windows's password encryption is reversible, but I would doubt it Windows can store the passwords using "reversable" encryption. It's ...
by savage
Wed Jul 19, 2017 3:16 pm
Forum: Forwarding Protocols
Topic: Remove non-private AS from incoming prefix or the the outgoing peer
Replies: 4
Views: 1962

Re: Remove non-private AS from incoming prefix or the the outgoing peer

In general (not ros specific), I think the AS path can only be appended too, I don't think any device can remove from the AS path.
by savage
Wed Jul 19, 2017 3:14 pm
Forum: General
Topic: Radius Problem with WebFig
Replies: 19
Views: 7187

Re: Radius Problem with WebFig

I wish you could configure what authentication mechanism was used for all of these. My company had a userdb with encrypted passwords, so we could not use RADIUS auth for winbox sessions (chap requires cleartext password db). Ditto. Stumped to see CHAP2 has been thrown into the mix too now :shock: N...
by savage
Wed Jul 19, 2017 3:10 pm
Forum: General
Topic: Feature Request: Natural Sort
Replies: 6
Views: 1620

Re: Feature Request: Natural Sort

There's piles of sorting that's wrong.

IPv6 routing tables is a total mess too, doesn't seem to get sorted at all.
by savage
Tue Jul 18, 2017 6:45 pm
Forum: General
Topic: ❓ MPLS + VPLS + PPPOE Central (DataTransfer Problem on 3rd hops)
Replies: 27
Views: 4725

Re: ❓ MPLS + VPLS + PPPOE Central (DataTransfer Problem on 3rd hops)

On RB951-2n (R2) ether1 default L2MTU is 1600, that's why only ether2 appear in the export.
Ah yes, of course. Thanks!
by savage
Tue Jul 18, 2017 6:30 pm
Forum: General
Topic: ❓ MPLS + VPLS + PPPOE Central (DataTransfer Problem on 3rd hops)
Replies: 27
Views: 4725

Re: ❓ MPLS + VPLS + PPPOE Central (DataTransfer Problem on 3rd hops)

R2: /interface bridge add name=loopback /interface ethernet set [ find default-name=ether2 ] l2mtu=1600 /interface vpls add advertised-l2mtu=1508 disabled=no l2mtu=1508 mac-address=02:9D:3D:58:0D:7D name=R2-R1 remote-peer=172.16.0.1 vpls-id=1:2 /ip address add address=172.16.1.2/24 interface=ether1...
by savage
Tue Jul 18, 2017 11:30 am
Forum: General
Topic: BGP / Configuration Sync
Replies: 29
Views: 5667

Re: BGP / Configuration Sync

Once thing I can get my head around is how to give each router an accessible IP so I can reach both independently. Both routers will have the same config in terms of firewall rules etc. Each running their own LNS with different public IPs. Make the two /30's public IPs (which is industry best pract...
by savage
Fri Jun 30, 2017 1:23 pm
Forum: RouterBOARD hardware
Topic: [SOLVED] hEX PoE not working with Copper SFP
Replies: 3
Views: 2900

Re: hEX PoE not working with Copper SFP

Try forcing them to 1000/Full. I've seen a lot of SFP interfaces causing issues with auto negotiation, and normally forcing them to 1000/full on both sides causes the links to come up.

Other than that, yes, suggest you contact MT.
by savage
Wed Jun 28, 2017 4:11 pm
Forum: General
Topic: IPv6 /127
Replies: 20
Views: 8576

Re: IPv6 /127

Any address with /127 mask is not working. Also, there is no good reason to use that. Shrugs. RFC3627 is old, outdated, and multiple erratas exists for it. https://tools.ietf.org/html/rfc6164 for example, has clear definitive reasons as to why /127s ARE valid, and accepted. Quite a lot of ISPs doin...
by savage
Wed Jun 28, 2017 3:34 pm
Forum: General
Topic: python telnetlib not working on Mikrotik routerOs
Replies: 7
Views: 4070

Re: python telnetlib not working on Mikrotik routerOs

I'm sorry you feel I'm complaining about "colors."

Drop the ANSI completely from the terminal. Like any other sane network vendor.
by savage
Wed Jun 28, 2017 1:57 pm
Forum: General
Topic: Feature Req: show Standard Deviation on Pings / in Ping Gui
Replies: 2
Views: 1701

Re: Feature Req: show Standard Deviation on Pings / in Ping Gui

It used to be there.

Then requests came in for a MTR like ping / traceroute, and ping was effectively replaced by MTR. Now, it seems we're going to go back to ping again.

MT should just include BOTH tools really.
by savage
Tue Jun 27, 2017 9:06 pm
Forum: Beginner Basics
Topic: How calculate total internet usage for each user
Replies: 6
Views: 4503

Re: How calculate total internet usage for each user

Well that's how it's done unfortunately. The router can't keep those stats past a reboot.

You need a different box. You can use NetFlow (which can be very detailed), IP Accounting, or Radius Accounting (if you're using Radius).
by savage
Tue Jun 27, 2017 9:04 pm
Forum: General
Topic: python telnetlib not working on Mikrotik routerOs
Replies: 7
Views: 4070

Re: python telnetlib not working on Mikrotik routerOs

You forgot that RouterOS terminal by default will output pretty lines with colour codes
There's nothing pretty about it. It's a HUGE PITA :evil: Even with +cti, it's still not a "dumb" terminal.
by savage
Fri Jun 16, 2017 10:48 pm
Forum: RouterBOARD hardware
Topic: CCR1036-8G-2S+ SFP+ Problems
Replies: 2
Views: 1349

Re: CCR1036-8G-2S+ SFP+ Problems

Both your interfaces is marked as slaves? Slave to what?

Post your configs and then we can perhaps see something.
by savage
Fri Jun 16, 2017 10:46 pm
Forum: Virtualization
Topic: CHR on OVH VPS SSD
Replies: 23
Views: 32758

Re: CHR on OVH VPS SSD

There has been some posts floating around on the forum about converting the IDE disk to SCSI, and making it work that way with a few more different type of setups.

search a bit, perhaps theyll work for you :)
by savage
Fri Jun 16, 2017 10:41 pm
Forum: Virtualization
Topic: 40Gb interfaces with CHR
Replies: 6
Views: 6426

Re: 40Gb interfaces with CHR

vmxnet3 can apparently sustain near 40gbps speeds. Given CHR already supports vmxnet3 and have an unlimited license option, the question becomes one for the hypervisor. Given adequate hardware, I am fairly sure ESX6.5 with adequate gear, would be able to sustain 40Gbps+ https://blogs.vmware.com/perf...
by savage
Fri Jun 16, 2017 1:38 am
Forum: General
Topic: VRRP on VLAN
Replies: 11
Views: 5267

Re: VRRP on VLAN

Strange. I've never, ever heard of a vlan on top of VRRP. A vlan (should) be attached to an interface. VRRP is attached to an IP address. MT is the only vendor I know off that creates a new interface for a VRRP instance (which is why you can create the VLAN). Oh well. If you don't care for a broadca...
by savage
Thu Jun 15, 2017 3:43 pm
Forum: General
Topic: CCR1072 as a route server?
Replies: 7
Views: 3059

Re: CCR1072 as a route server?

Thanks for the thoughts. Does a single prefix being withdrawn require a full recompute of BGP then? I know that the CCR1072 is slow on a full table - the mistake I made with a filter ended up pushing all prefixes from our ASR1k to the CCR, and even after I fixed it in less than a minute, it still s...
by savage
Thu Jun 15, 2017 1:15 pm
Forum: General
Topic: CCR1072 as a route server?
Replies: 7
Views: 3059

Re: CCR1072 as a route server?

The CCR's very slow with BGP, you're going to end up waiting a very, very long time for the RS to push announcements/withdraws. Because BGP only hammers on one CPU, the rest of your CCR will basically be wasted completely. We actually have instances where our CCR (+- 90 peers) actually get's SO busy...
by savage
Wed Jun 14, 2017 2:55 am
Forum: General
Topic: VRRP on VLAN
Replies: 11
Views: 5267

Re: VRRP on VLAN

Uhm. Vlans are layer 2. Vrrp is layer 3.

I'm surprised that Mt even allow this. It shouldnt work at all.... if you can actually do this in Mt, it should be seen as a bug.
by savage
Tue Jun 13, 2017 7:54 pm
Forum: General
Topic: PPPOE Server Uplink Consumption Difference
Replies: 5
Views: 1544

Re: PPPOE Server Uplink Consumption Difference

I have no idea about the 10%... I think it could be. I'm fairly certain your issue is the additional encapsulation for PPPoE though. If memory serves me correctly, you're looking at 20 or 28 bytes per packet extra. It really depends on your MTUs, whether there's other encapsulations evolved (VLANs, ...
by savage
Tue Jun 13, 2017 5:53 pm
Forum: General
Topic: PPPOE Server Uplink Consumption Difference
Replies: 5
Views: 1544

Re: PPPOE Server Uplink Consumption Difference

It's not out by a lot AFAIK.

Isn't this just normal packet overhead introduced by using PPPoE?

PS: Nice stats. Whilst not the biggest, that's one of the better graphs in terms of throughput that I've seen on a MT :D
by savage
Tue Jun 13, 2017 4:50 pm
Forum: General
Topic: Cannot ping devices in other network (except for gateway)
Replies: 7
Views: 8243

Re: Cannot ping devices in other network (except for gateway)

Ah ok :) That would have been my next thought yes - but I was for some reason thinking we're talking about android devices or something. Yes, windows by default does not allow UDP based traceroutes to work outside of the local lan, ICMP does though (at least my windows boxes does). Glad you got it s...
by savage
Tue Jun 13, 2017 4:06 pm
Forum: General
Topic: How to Preference IPv4 over IPv6 on dual stack router on Mikrotik RouterOS?
Replies: 20
Views: 5653

Re: How to Preference IPv4 over IPv6 on dual stack router on Mikrotik RouterOS?

However Mikrotik offers additional funcionality of proxy which handles cache of pages so it means that it opens/loads page instead of client but it is client starting conversation so the client decides if the "talk" is handled in IP4 world or in IP6 ... Not true. Go learn how proxy server...
by savage
Tue Jun 13, 2017 3:45 pm
Forum: General
Topic: How to Preference IPv4 over IPv6 on dual stack router on Mikrotik RouterOS?
Replies: 20
Views: 5653

Re: How to Preference IPv4 over IPv6 on dual stack router on Mikrotik RouterOS?

Seems to be deeper problem than you ask. It is not router opening sites. I don't quite agree with that statement. Thanks to MT adding piles of things onto MT, which a ROUTER is not supposed to do, it IS the MT opening sites... For example - web proxy.... MT would need to give preference to connect ...
by savage
Tue Jun 13, 2017 3:16 pm
Forum: General
Topic: Cannot ping devices in other network (except for gateway)
Replies: 7
Views: 8243

Re: Cannot ping devices in other network (except for gateway)

You say that they are all connected to the same RB3011 right? Did you post your entire export for /ip arp? You assign 66.1 as a default gateway via DHCP, but 66.1 aren't assigned to the RB3011 according to your ARP table? Is the ip assigned to the bridge and active? I know, stupid question. If that'...
by savage
Tue Jun 13, 2017 2:54 pm
Forum: General
Topic: Cannot ping devices in other network (except for gateway)
Replies: 7
Views: 8243

Re: Cannot ping devices in other network (except for gateway)

OH, then I misunderstood you :) It actually makes life easier. Either 192.168.66.254 is not on the Smarthome network, or the default gateway for the device is wrong. Can you also provide a export for /ip arp, and /ip dhcp-server It's quite normal that you'll be able to access 66.1 because it's the s...
by savage
Tue Jun 13, 2017 2:03 pm
Forum: General
Topic: Cannot ping devices in other network (except for gateway)
Replies: 7
Views: 8243

Re: Cannot ping devices in other network (except for gateway)

I'd say the remote gateway doesn't have a (correct) route back to the .44 network.

/ip route print on both routers would help.
by savage
Tue Jun 13, 2017 1:56 pm
Forum: General
Topic: VRRP on VLAN
Replies: 11
Views: 5267

Re: VRRP on VLAN

If you don't use /32s on any secondary IP address (not only VRRP) you will receive broadcast traffic (among other things) twice. This could affect some services and routing protocols. That's also why /32s are always used on Loopbacks, in order to not create a broadcast domain. Whilst MT may create t...
by savage
Tue Jun 13, 2017 1:43 pm
Forum: Beginner Basics
Topic: RADIUS between Mikrotik and MS Server
Replies: 3
Views: 2329

Re: RADIUS between Mikrotik and MS Server

Reason: Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect. Logs don't lie. Either: 1) You are using an incorrect shared secret, 2) The user you are authenticating as, is not in the required ...
by savage
Tue Jun 13, 2017 1:39 pm
Forum: Beginner Basics
Topic: radius crashing
Replies: 5
Views: 1578

Re: radius crashing

IO errors generally means bad news.

Try a different SD card. Brand new, is not a guarantee that it's not broken. It looks to me, like the SD card is faulty, or there's perhaps some incompatibility between the MT and the SD card.
by savage
Tue Jun 13, 2017 1:37 pm
Forum: General
Topic: Radius server is not respondig
Replies: 4
Views: 1375

Re: Radius server is not respondig

Is the actual IP you use as the src-address, actually ON the router? i.e. a loopback interface or something?

need /ip address export and /radius export
by savage
Fri Jun 09, 2017 3:31 pm
Forum: Forwarding Protocols
Topic: Route customers according to IP address over OSPF
Replies: 4
Views: 1466

Re: Route customers according to IP address over OSPF

You can't do this with OSPF, hence, Open Shortest Path First in the name. All traffic will traverse R6, unless the path becomes unavailable. If Cust2 to Cust4 somehow is tunneled to R3, possibilities opens up with OSPF and then it could become interesting though. At best, you're looking at VPLS Tunn...
by savage
Thu Jun 01, 2017 9:14 am
Forum: General
Topic: mikrotik & freeradius with crypted password
Replies: 3
Views: 3149

Re: mikrotik & freeradius with crypted password

SSH uses PAP authentication, winbox uses CHAP authentication.

CHAP *requires* passwords to be in clear text format, that's how CHAP works unfortunately.
by savage
Tue May 30, 2017 1:26 pm
Forum: Forwarding Protocols
Topic: BGP Peer Selection
Replies: 3
Views: 1320

Re: BGP Peer Selection

It sounds right, but why not ask your DDOS provider?
by savage
Tue May 30, 2017 10:57 am
Forum: General
Topic: IPv6 /127
Replies: 20
Views: 8576

Re: IPv6 /127

so skip the first 2 addresses and start using this form ::2/127 also, what is the main reason behind using /127 and instead of /128 that should be supported and is supported from IPv6 get-go. It's not only ::/127, but also 10::/127, 20::/127, 30::/127, 40::/127, etc... Quite annoying, to say the le...
by savage
Sat May 27, 2017 5:34 pm
Forum: Wireless Networking
Topic: is it possible to use 10/100 poe on gigabit board?
Replies: 1
Views: 841

Re: is it possible to use 10/100 poe on gigabit board?

Yes, but it would only link at 10/100, not Gigabit.
by savage
Fri May 26, 2017 5:35 pm
Forum: General
Topic: 1xSFP port per device Fiber daisy chain possible ?
Replies: 4
Views: 1745

Re: 1xSFP port per device Fiber daisy chain possible ?

PS: I think your only real option would be CWDM and splitters, but I'm not sure which (if any) are supported in MT.
by savage
Fri May 26, 2017 5:10 pm
Forum: General
Topic: 1xSFP port per device Fiber daisy chain possible ?
Replies: 4
Views: 1745

Re: 1xSFP port per device Fiber daisy chain possible ?

Hi,

No, it's not possible. 1 SPF, 1 port.

They don't make dual "bidi" SFP modules either as far as I know. "bidi" SPFs are paired together, and must be used in a pair.
by savage
Thu May 25, 2017 10:24 pm
Forum: Forwarding Protocols
Topic: Best Practice: How to Correct CCR1072 10G capacity 1.8G
Replies: 6
Views: 4826

Re: Best Practice: How to Correct CCR1072 10G capacity 1.8G

It should be fixed in version 7 but who knows when this will be released. The only way past this issues is CHR with a cpu with good single thread performance and high clock speed. eg i7 7700K .... The day will be glorious if ROS7 gets released and firewall and queues is distributed evenly over all ...
by savage
Thu May 25, 2017 1:01 am
Forum: Forwarding Protocols
Topic: IPv6 recursive nexthops via iBGP
Replies: 110
Views: 49692

Re: IPv6 recursive nexthops via iBGP

OSPFv3 and Loopback-bridge-interfaces with /128 IPv6 addresses assigned in RouterOS will only be shown reachable if one sets an admin-mac to the bridge (named eg Loopback0). well, that's not 100% intuitive, but I guess that's something I can live with. What you perhaps don't know, and can't live wi...
by savage
Thu May 25, 2017 12:59 am
Forum: Forwarding Protocols
Topic: IPv6 recursive nexthops via iBGP
Replies: 110
Views: 49692

Re: IPv6 recursive nexthops via iBGP

7 years later, and still not fixed :roll:

Thank you MT. You pretty much put the final nail in the coffin as far as using Mikrotik goes. I (like many others), can not continue to wait 'indefinitely' until the mythical v7 finally appears.
by savage
Wed May 24, 2017 9:16 am
Forum: Beginner Basics
Topic: Did I make a mistake? New to Mikrotik
Replies: 9
Views: 1875

Re: Did I make a mistake? New to Mikrotik

You can just upgrade the license.
by savage
Wed May 24, 2017 9:14 am
Forum: General
Topic: IPv6 VRFs
Replies: 7
Views: 2587

Re: IPv6 VRFs

Hello! Are we likely to see support for IPv6 VRFs any time soon? :-) Thanks! Alex shrugs (after removing some other statement)... Is that ALSO not supported? Time to re-think my entire network design, yet AGAIN. :evil: Very nice to have ROS with a little bit of everything, but almost nothing is com...
by savage
Wed May 24, 2017 9:10 am
Forum: RouterBOARD hardware
Topic: Why Mikrotik does not produce the routers on x86 processors?
Replies: 37
Views: 18844

Re: Why Mikrotik does not produce the routers on x86 processors?

We are thinking to buy CCR1072-1G-8S+ With your environment, a CCR will literally fall over. It simply can not deal with BGP, Firewall Rules, and Traffic in high quantities. High traffic and maybe 100 firewall rules, will be enough to stop the CCR dead in it's tracks. It's definitely not the 'flags...
by savage
Thu May 18, 2017 10:56 pm
Forum: General
Topic: Which types of ports would you like to see for a high speed router
Replies: 179
Views: 58560

Re: Which types of ports would you like to see for a high speed router

Just different requirements\designs. The CCRs are great performance for the price when you're not considering large routing tables. Whatever this platform is may have big enough cores to overcome the large routing table issue. BGP works just fine on x86 and CHR. If not, you use these boxes for MPLS...
by savage
Thu May 18, 2017 10:14 pm
Forum: General
Topic: Which types of ports would you like to see for a high speed router
Replies: 179
Views: 58560

Re: Which types of ports would you like to see for a high speed router

I know this is probably not going to go over well, but I'm going to say it anyway: it's time for Mikrotik to have an Apple equivalent of "Back to the Mac"; except the Mac is RouterOS. I don't want to see another piece of hardware. I want to see a commitment to releasing RouterOS 7. All th...
by savage
Thu May 18, 2017 7:13 pm
Forum: General
Topic: Which types of ports would you like to see for a high speed router
Replies: 179
Views: 58560

Re: Which types of ports would you like to see for a high speed router

Please do a CLEAR separation between "enterprise" routers, and SOHO routers. I think it's time... Enterprise Routers - PLEASE we are willing to pay, MAKE IT RELIABLE , make it PERFORM . Interfaces, can be modular. 4 x 1GB, 4 x SPF, 2 x SFP+, 1 x QSFP+, etc... No need to have fixed ports. S...
by savage
Thu May 18, 2017 4:14 pm
Forum: Forwarding Protocols
Topic: BGP Converge time
Replies: 7
Views: 3402

Re: BGP Converge time

It's typically due to better clock speeds on a single core for a VM since the process is still confined to a single core. The Tilera family of processors is optimized to move packets. BGP has a heavy computational load with large route tables and so Intel x86 chipsets are able the chew through the ...
by savage
Mon May 15, 2017 12:53 pm
Forum: RouterBOARD hardware
Topic: CCR1036 Power Supply
Replies: 81
Views: 32853

Re: CCR1036 Power Supply

I am seeing wider reports of CCR power supply problems now. Mikrotik, maybe you are not seeing these problems via RMA as the units are 12+ months old, or people are just replacing the PSU and not returning the routers. Well the COST associated with a RMA is a factor. The DISTRIBUTORS just pull up t...
by savage
Thu May 11, 2017 6:58 pm
Forum: General
Topic: Firewall rules only using one CPU
Replies: 8
Views: 2706

Re: Firewall rules only using one CPU

Good day, Recently our upstream provider has been threatening to terminate our service because they have started to receive a metric Sh!t ton of abuse mails from because internet users on the network is downloading illegal torrents, with 5000 customers that's no surprise. Out of pure curiosity... H...
by savage
Tue May 09, 2017 5:32 pm
Forum: General
Topic: Esxi - Mikrotik CHR 6.38.5 - Intel 10G SFP Issues
Replies: 13
Views: 4555

Re: Esxi - Mikrotik CHR 6.38.5 - Intel 10G SFP Issues

I am running chr instances in vmware workstation easily maxing the gigabit port on the server. When I am ready to run esxi I will move them there too... Yeah but that's nothing to brag about. My CCR's battle at more than ~4Gbps (real traffic) - and I'm not the only one, there's many similar posts o...
by savage
Thu May 04, 2017 9:19 am
Forum: Wireless Networking
Topic: How to evenly distribute clients in capsman?
Replies: 3
Views: 1515

Re: How to evenly distribute clients in capsman?

There should be a option to specify max amount of stations per AP
Perhaps, but max clients != even distribution :D
by savage
Thu May 04, 2017 9:15 am
Forum: Forwarding Protocols
Topic: BGP Converge time
Replies: 7
Views: 3402

Re: BGP Converge time

Mikrotik's BGP is single threaded and runs only on one CPU core. It is extremely slow - especially with things like updates/withdraws. You're not the only one with issues like this, trust me.

If convergence time is a concern, I'd suggest you look at other routers TBH.
by savage
Tue May 02, 2017 6:56 pm
Forum: Virtualization
Topic: CHR Spec'ing VMWare Host
Replies: 1
Views: 3009

CHR Spec'ing VMWare Host

Hi, Couple of questions re CHR please... 1) Anyone running a CHR in a high demanding environment? When running on 10G hardware, what kind of actual performance is achieved? Can I realistically expect 5Gbps+ when a CCR is battling with 4Gbps+ (similar configurations)? The application will be CPU boun...
by savage
Tue May 02, 2017 9:10 am
Forum: General
Topic: pppoe rejects value?
Replies: 1
Views: 794

Re: pppoe rejects value?

Reject represents the number of Auth-Reject packets received from the AAA server.

You'll need to look at the AAA logs to determine why auth requests are rejected by the AAA server.
by savage
Mon Apr 10, 2017 6:27 pm
Forum: Forwarding Protocols
Topic: MikroTik - Packet loss on core MPLS router
Replies: 3
Views: 1941

Re: MikroTik - Packet loss on core MPLS router

DACs are fine. Problem was with connecting tracking tables which was learning about every stream although there are no forward firewall rules. What is concerning is that Mikrotik was dropping packets and none of the interface statistics were incrementing their drop counters. CPUs were well balanced...
by savage
Wed Mar 29, 2017 3:44 pm
Forum: General
Topic: Feature requests
Replies: 1739
Views: 624797

Re: Feature requests

Hello!

RouterOS "ip route print where dst-address in x.x.x.x/z" is fast. But for a reason the same for ipv6 is slow (when the number of routes is large).

Please, make ipv6 route lookups fast as well.
And IPv6 filter on dst-address doesn't work at all in Winbox
by savage
Fri Mar 24, 2017 3:41 pm
Forum: Forwarding Protocols
Topic: MikroTik - Packet loss on core MPLS router
Replies: 3
Views: 1941

Re: MikroTik - Packet loss on core MPLS router

We are experiencing an increasing amount of packet loss on CCR1036-8G-2S+ routers since migrating their connectivity from 1GbE to 10GbDAC. Personally, I've never liked DACs. Have you tried a different DAC? Have you tried normal SPF+ modules with MM/SM fiber instead? We run multiple SPF+ (SM) interf...
by savage
Fri Mar 24, 2017 12:30 pm
Forum: RouterBOARD hardware
Topic: RB922 shows no wireless
Replies: 9
Views: 2453

Re: RB922 shows no wireless

Seen it with SXT's before, but not a 922. It's not impossible however.

Make a supout, and send it to MT to check?
by savage
Fri Mar 24, 2017 12:19 pm
Forum: RouterBOARD hardware
Topic: RB922 shows no wireless
Replies: 9
Views: 2453

Re: RB922 shows no wireless

Wireless card could also be faulty...
by savage
Mon Mar 20, 2017 5:48 pm
Forum: Scripting
Topic: Command Needed for Hard Reboot of Router OS
Replies: 6
Views: 7193

Re: Command Needed for Hard Reboot of Router OS

/system reboot?
by savage
Mon Mar 20, 2017 11:10 am
Forum: RouterBOARD hardware
Topic: RB921 (Sector) won't restart
Replies: 7
Views: 1817

Re: RB921 (Sector) won't restart

It's a 2 hour trip up a 4x4 route, looking for any way to avoid that No way to avoid it. There's critical processes on the RB that's not responding anymore, that's why it's working intermittently and why some functionality doesn't work. Eventually the entire RB will stop responding. You'll have to ...
by savage
Mon Mar 20, 2017 10:41 am
Forum: RouterBOARD hardware
Topic: RB921 (Sector) won't restart
Replies: 7
Views: 1817

Re: RB921 (Sector) won't restart

You'll need to power cycle the unit.
by savage
Fri Mar 17, 2017 8:20 pm
Forum: RouterBOARD hardware
Topic: CCR1036 Power Supply
Replies: 81
Views: 32853

Re: CCR1036 Power Supply

BTW @nz_monkey...

These power supplies with the better, green caps.. Aren't these supposed to be the NEW improved power supplies?

And yes, this is in a huge DC, so a very stable supply on the AC side, on UPS.
by savage
Fri Mar 17, 2017 8:17 pm
Forum: RouterBOARD hardware
Topic: CCR1036 Power Supply
Replies: 81
Views: 32853

Re: CCR1036 Power Supply

http://www.meconet.de/ in Germany, ~14 in stock if I remember correctly. I also saw a few US companies with stock (but shipping & customs would have taken too long in my case).

My first unit came from MT directly, but I think that was on a special case only.
by savage
Fri Mar 17, 2017 6:26 pm
Forum: RouterBOARD hardware
Topic: CCR1036 Power Supply
Replies: 81
Views: 32853

Re: CCR1036 Power Supply

Image

I guess we found the issue. New PSU is in, 23.7V on the dot just like it used to be.
by savage
Thu Mar 16, 2017 10:47 am
Forum: RouterBOARD hardware
Topic: CCR1036 Power Supply
Replies: 81
Views: 32853

Re: CCR1036 Power Supply

Hi Chris,

Let us know if the C10 capacitor is leaking, and if it has the black plastic around it.

Thanks,


Andrew
Will ask the DC engineers to take some pics when they replace it. 4 CCR's purchased (over a period of 2 years), this is now the 3rd one failing :-(
by savage
Thu Mar 16, 2017 9:15 am
Forum: Forwarding Protocols
Topic: BGP not trying to reconnect more than once
Replies: 11
Views: 7874

Re: BGP not trying to reconnect more than once

We're seeing the same thing, and I've posted about it before as well...

IMHO, a bug.
by savage
Wed Mar 15, 2017 11:10 pm
Forum: RouterBOARD hardware
Topic: CCR1036 Power Supply
Replies: 81
Views: 32853

Re: CCR1036 Power Supply

Image

And there she goes... :(

Found a replacement at a online shop in Germany that luckily has stock. Hopefully I'll receive it tomorrow!

MT - you REALLY need to work on the reliability of your hardware :evil:
by savage
Wed Mar 15, 2017 9:48 pm
Forum: RouterBOARD hardware
Topic: CCR1036 Power Supply
Replies: 81
Views: 32853

CCR1036 Power Supply

Hi,

Someone close to the Netherlands that can supply a CCR1036 power supply, urgently?

Just had ANOTHER CCR starting to fall over due to a suspected failed power supply, shrugs... :(
by savage
Mon Mar 13, 2017 9:23 pm
Forum: RouterBOARD hardware
Topic: What is the Packet Buffer Size for the CCR 1036-8G-2S+
Replies: 1
Views: 1282

Re: What is the Packet Buffer Size for the CCR 1036-8G-2S+

It's not published, neither for Mikrotik's switches.

I'd also be VERY interested in these numbers TBH...
by savage
Sun Mar 12, 2017 1:50 pm
Forum: Wireless Networking
Topic: CAPSMan + freeradius + VLAN per User
Replies: 21
Views: 17023

Re: CAPSMan + freeradius + VLAN per User

According to https://wiki.mikrotik.com/wiki/Manual:RADIUS_Client/vendor_dictionary ATTRIBUTE Mikrotik_Wireless_VLANID 26 integer ATTRIBUTE Mikrotik_Wireless_VLANIDtype 27 integer Are the correct attributes. Can you post a radtest? That, is incorrect. It needs to be updated, just FYI.... I just had ...
by savage
Sun Mar 12, 2017 12:18 pm
Forum: Wireless Networking
Topic: CAPSMan + freeradius + VLAN per User
Replies: 21
Views: 17023

Re: CAPSMan + freeradius + VLAN per User

There's something strange with your radius... Your last access-challenge, is request 296 in your radius log, and THAT request, includes the VLAN parameters. However, request 297 (which is your access-accept), does NOT include any VLAN parameters. So somewhere between the access-challenge and the acc...
by savage
Sun Mar 12, 2017 9:39 am
Forum: Wireless Networking
Topic: CAPSMan + freeradius + VLAN per User
Replies: 21
Views: 17023

Re: CAPSMan + freeradius + VLAN per User

(295) Mikrotik_Wireless_VLANID = 20 (295) Mikrotik_Wireless_VLANIDtype = 0 Your AAA sever is returning VLAN number, BUT, it is also returning a VLANIDtype of 0, which means do NOT tag the traffic. You need to return VLANIDtype = 2, not 0 (https://wiki.mikrotik.com/wiki/Manual:Interface/Wireless#VLA...
by savage
Wed Mar 08, 2017 8:15 am
Forum: General
Topic: CIA exploits against Mikrotik hardware
Replies: 97
Views: 60839

Re: CIA exploits against Mikrotik hardware

Yup. Keep administrative functions OFF the Internet, and you'll be fine...
by savage
Mon Mar 06, 2017 9:25 pm
Forum: RouterBOARD hardware
Topic: Which device for long range (1-2 km) wifi?
Replies: 4
Views: 3591

Re: Which device for long range (1-2 km) wifi?

1. What is the maximum distance over which we can use POE? Let's say we installed RB951Ui-2HnD (or is there a lower power device we should use?) at the buildings and tried to power them over POE from our solar stations. You are limited to 100m, more than that and Ethernet becomes troublesome, if it...
by savage
Mon Mar 06, 2017 9:21 pm
Forum: RouterBOARD hardware
Topic: CCR 1009-8G-1S-1S+ Boot Failures, Reboots and lockups
Replies: 5
Views: 2253

Re: CCR 1009-8G-1S-1S+ Boot Failures, Reboots and lockups

Try a different power supply... It's a 12V or 24V device, if you have a external power supply you can use that too just to test.

I've had the same type of issues on one of my CCR1036's until I replaced the power supply.
by savage
Mon Mar 06, 2017 9:04 pm
Forum: Beginner Basics
Topic: Is there any limition on APIs?
Replies: 1
Views: 770

Re: Is there any limition on APIs?

Yes, not all commands are accepted.

It's also rather slow, but a bit faster than console.
by savage
Wed Mar 01, 2017 3:27 pm
Forum: Virtualization
Topic: CHR feature requests
Replies: 81
Views: 36605

Re: CHR feature requests

If you don't care about having the latest RouterOS version all the time, your license is free with any speed. HUH? So running one version back of bugfix, is free? When did that happen? Nothing like this mentioned at https://wiki.mikrotik.com/wiki/Manual:CHR#CHR_Licensing You can request a trial and...
by savage
Wed Mar 01, 2017 3:23 pm
Forum: Virtualization
Topic: CHR feature requests
Replies: 81
Views: 36605

Re: CHR feature requests

If you don't care about having the latest RouterOS version all the time, your license is free with any speed.
HUH?

So running one version back of bugfix, is free? When did that happen? Nothing like this mentioned at https://wiki.mikrotik.com/wiki/Manual:CHR#CHR_Licensing