Community discussions

MikroTik App

Search found 1155 matches

by mducharme
Sat Mar 06, 2021 3:44 am
Forum: General
Topic: Can't get DHCPv6 on router under another router
Replies: 3
Views: 229

Re: Can't get DHCPv6 on router under another router

I'm not using DHCPv6. Don't know why, but there is no output to ipv6 nd export . You may want to edit your screenshot, you forgot to erase the IPv6 address in the title bar. You will find the answers here: https://forum.mikrotik.com/viewtopic.php?p=798589#p798589 and here: https://forum.mikrotik.co...
by mducharme
Fri Mar 05, 2021 2:01 am
Forum: RouterOS v7 BETA
Topic: v7.1beta4 [development] is released!
Replies: 185
Views: 24171

Re: v7.1beta4 [development] is released!

Oh yeah! The same. Recently I found the root of my problems of wrong traffic routing and IPsec issues, which I experienced for 2 months with no resolution from support's side. Totally broken bridge's "Use IP Firewall" mode. The support already informed, but fixes are not there yet. Depend...
by mducharme
Mon Mar 01, 2021 8:31 am
Forum: General
Topic: How to advertise dynamic ipv6 prefix recieved from dhcpv6
Replies: 8
Views: 438

Re: How to advertise dynamic ipv6 prefix recieved from dhcpv6

Yes I did it, and now I have found what was the problem. I have to uncheck "Advertise DNS" from RA as well.
You can leave "Advertise DNS" checked in RA in most cases, but you have to enable "Other configuration".
by mducharme
Mon Mar 01, 2021 5:10 am
Forum: General
Topic: How to advertise dynamic ipv6 prefix recieved from dhcpv6
Replies: 8
Views: 438

Re: How to advertise dynamic ipv6 prefix recieved from dhcpv6

Thank you for this advice, it works!
But I still need DHCPv6, because I need to point LAN clients to my own DNS...
You can add DHCPv6 server on the interface with no pool set, it will provide DNS.
by mducharme
Mon Mar 01, 2021 3:12 am
Forum: Announcements
Topic: v6.48.1 [stable] is released!
Replies: 100
Views: 19446

Re: LLDP-MED behavior

But when you reboot the phone, until ROS loses neighbor information (the phone is still present in neighbor cache), ROS does not respond to LLDP-MED probe immediately, instead it is sending LLDP frame every minute. As the phone does not see immediate reponse (in a few seconds) to the LLDP-MED probe...
by mducharme
Fri Feb 26, 2021 9:24 am
Forum: RouterOS v7 BETA
Topic: v7.1beta4 [development] is released!
Replies: 185
Views: 24171

Re: v7.1beta4 [development] is released!

This thread is for v7betas, not v6!
Yes, sorry, I meant the following:

Some of the new features from 6.48.x are not yet present in 7.1beta4 (ex. LLDP-MED Voice VLAN) - any idea when those will be available?
by mducharme
Thu Feb 25, 2021 9:18 am
Forum: RouterOS v7 BETA
Topic: v7.1beta4 [development] is released!
Replies: 185
Views: 24171

Re: v7.1beta4 [development] is released!

Some of the new features from 6.48.x are not yet present in 7.1beta4 (ex. LLDP-MED Voice VLAN) - any idea when those will be available?
by mducharme
Thu Feb 25, 2021 7:20 am
Forum: RouterOS v7 BETA
Topic: Request: Better visibility regarding SLAAC in V7
Replies: 8
Views: 2020

Re: Request: Better visibility regarding SLAAC in V7

Can you share a ticket ID, so I can +1 this?
It was Ticket# 2018052922002772 but that was from their old OTRS system. They have since moved to JIRA.
by mducharme
Thu Feb 25, 2021 7:06 am
Forum: RouterOS v7 BETA
Topic: Wireguard tunnel internet traffic issues
Replies: 5
Views: 564

Re: Wireguard tunnel internet traffic issues

I think the problem is gateway=WG1 in your ip route - you can only set gateway to an interface if it is a PPP interface. For any other interface type it must be an IP address.
by mducharme
Sun Feb 21, 2021 2:39 am
Forum: RouterOS v7 BETA
Topic: OSPFv3 and RIPng
Replies: 1
Views: 172

Re: OSPFv3 and RIPng

OSPFv3 results in the following in the log:
OspfInterface { { *2 0.0.0.0 0 0.0.0.0 } Point-to-Point PtP-unnumbered } wrong checksum from fe80::4a8f:5aff:fec9:cea1%*2
Yup, I get wrong checksum for everything too. Haven't found a solution yet.
by mducharme
Fri Feb 19, 2021 11:13 pm
Forum: General
Topic: Mikrotik <> Softether site2site (L2TP/ipsec)
Replies: 4
Views: 353

Re: Mikrotik <> Softether site2site (L2TP/ipsec)

That's the thing, softether, AFAIK has one place to declare routes, that are only shared via the DHCP.
Then you probably just cannot use SoftEther for this use case. Run MikroTik CHR virtual machine in Azure instead.
by mducharme
Wed Feb 17, 2021 4:01 am
Forum: General
Topic: Mikrotik <> Softether site2site (L2TP/ipsec)
Replies: 4
Views: 353

Re: Mikrotik <> Softether site2site (L2TP/ipsec)

There i mention my strugles, but no i want to focus on my probable incompetency on the mikrotik side (since its "working worse" than the softether <> softether setup i tried before). I've used softether before, but not with MikroTik. The issue is probably actually on the softether side - ...
by mducharme
Mon Feb 15, 2021 1:35 am
Forum: General
Topic: DHCP Offering Lease Without Success
Replies: 66
Views: 38255

Re: DHCP Offering Lease Without Success

Site was stable for a few days but I noticed the message again today in the logs even though all APs bridge protocol was set to none. Again I toggled the bridge for the particular AP, this time from none to STP, a few seconds later the device fully connected. So the 'none' setting on the APs bridge...
by mducharme
Sat Feb 13, 2021 9:43 pm
Forum: RouterOS v7 BETA
Topic: RouterOS 7.1beta4 -- /routing ospf interface - cannot add interface
Replies: 1
Views: 317

Re: RouterOS 7.1beta4 -- /routing ospf interface - cannot add interface

There are no add commands under interface. Interface-template does work. The instructions are outdated. In 7beta3 the interface menu was renamed to interface-template and the interface-status menu was renamed to interface, presumably to better match the BGP configuration. Wherever you see "/ro...
by mducharme
Sat Feb 13, 2021 9:29 pm
Forum: RouterOS v7 BETA
Topic: Bricked hAP AC2 after flashing 7.1beta4
Replies: 4
Views: 606

Re: Bricked hAP AC2 after flashing 7.1beta4

Thanks for reply, all VMs interfaces disabled (Ewen other hardware NICs like WLAN etc.) After 25 minutes of waiting still no result. Firewall disabled but shouldn't make any difference since winbox and netinstall are working on lower level. https://i.imgur.com/8aadW30.png I can't read the language,...
by mducharme
Fri Feb 12, 2021 11:12 pm
Forum: General
Topic: PPPoE Server and Queues
Replies: 1
Views: 173

Re: PPPoE Server and Queues

We are using RED, we find it performs the best for this application. We will probably switch to codel in v7.
by mducharme
Sat Feb 06, 2021 10:15 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta4 [development] is released!
Replies: 185
Views: 24171

Re: v7.1beta4 [development] is released!

Does wifiwave2 have bridging support yet? I tried it on my audience in beta3 a few months ago and it seemed to work, but the issue was that I need to use the 5GHz uplink radio on the audience to get back to my main router and this bridging did not work (no equivalent of station bridge or wds).
by mducharme
Fri Feb 05, 2021 10:50 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta4 [development] is released!
Replies: 185
Views: 24171

Re: v7.1beta4 [development] is released!

EoIP is still not working with keepalive enabled.
by mducharme
Wed Feb 03, 2021 10:50 am
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 324
Views: 62195

Re: v6.48 [stable] is released!

roadblock Does the developer Team fell into wintersleep? I'm wondering if perhaps they do not intend to release a 6.49 (moving to v7 instead as the next stable release after 6.48) and their existing build process is forcing them to release a 6.49 beta X in order to add the fixes to 6.48, like they ...
by mducharme
Sat Jan 30, 2021 3:28 am
Forum: RouterOS v7 BETA
Topic: Feature Request: Bridge Joiner
Replies: 11
Views: 1223

Re: Feature Request: Bridge Joiner

I have a similar use case that this would work for. We do rate limiting for VPLS tunnels with interface attached queue trees on the bridge ports, which only shape egress. If a multiple outbound VPLS tunnels are connecting to a single bridge at a customer location in PtMP fashion, I would like to be ...
by mducharme
Tue Jan 26, 2021 1:43 am
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 43012

Re: v7.1beta3 [development] is released!

We would like to see /31 support as well. /32 works for quite a few things, but /31 support is a long established RfC and it is generally expected that most modern day routers will support it.
by mducharme
Thu Jan 21, 2021 2:05 am
Forum: General
Topic: IPv6 DNS via DHCP6
Replies: 1
Views: 168

Re: IPv6 DNS via DHCP6

Am I missing something? I wish ND would let me override what it's going to send out, it works perfectly.
You have to enable the "other" flag in the ND settings in order for the devices to know to request the DNS servers via DHCPv6.
by mducharme
Tue Jan 12, 2021 4:41 am
Forum: Beginner Basics
Topic: How to use VLANs to isolate clients and route single public IP from subnet over it? [SOLVED]
Replies: 8
Views: 532

Re: How to use VLANs to isolate clients and route single public IP from subnet over it? [SOLVED]

I think probably what you need to do is delete the routes you have created, and instead add the address multiple times, as follows: /ip address add address=10.1.0.1 interface=VLAN102 network=10.1.0.2 add address=10.1.0.1 interface=VLAN103 network=10.1.0.3 Each time the "network" would be c...
by mducharme
Tue Jan 12, 2021 4:35 am
Forum: Beginner Basics
Topic: How to use VLANs to isolate clients and route single public IP from subnet over it? [SOLVED]
Replies: 8
Views: 532

Re: How to use VLANs to isolate clients and route single public IP from subnet over it? [SOLVED]

The "subnet" is only routed by the ISP I get the IP addresses from, internally I dont want to use it as a subnet. The IPs are from the subnet, but are used as single IPs. I hope you understand what I mean. Sorry, looked at your example a little more closely. This isn't really a "begi...
by mducharme
Tue Jan 12, 2021 3:37 am
Forum: Beginner Basics
Topic: How to use VLANs to isolate clients and route single public IP from subnet over it? [SOLVED]
Replies: 8
Views: 532

Re: How to use VLANs to isolate clients and route single public IP from subnet over it? [SOLVED]

The problem is that when i try to set it up the same way as the Debian based machine (create VLAN interfaces as subinterface of ether2, assign IPs to ether2, add routes) ARP requests for 10.1.0.1 from the VMs (to RouterOS) wont get answered by RouterOS. I then have tried wild combinations of IP ass...
by mducharme
Mon Jan 11, 2021 3:28 am
Forum: Beginner Basics
Topic: Putting more information into router advertisement packets?
Replies: 24
Views: 1241

Re: Putting more information into router advertisement packets?

Putting the router itself into IP->DNS is a bad idea - we tried it to see what would happen and it broke things. For the routers that we provide to our retail customers, we hand out the DNS via DHCPv6 options. To avoid the problem of the customer prefix from changing affecting the DNS IP to hand to ...
by mducharme
Sat Jan 09, 2021 7:49 pm
Forum: Beginner Basics
Topic: Putting more information into router advertisement packets?
Replies: 24
Views: 1241

Re: Putting more information into router advertisement packets?

7.1beta has support for DNS in RA, until then use DHCPv6 option 23
Glad to see they finally implemented that, but it is missing the DNS search list option.
by mducharme
Thu Jan 07, 2021 6:48 am
Forum: Beginner Basics
Topic: IPv6 Firewall
Replies: 22
Views: 1176

Re: IPv6 Firewall

It is strange however, that on Debian 10, when `iptables -L` has no rules (default configuration after installation), the output of `conntrack -L` is empty. On CentOS 7, I run iptables -L and get this: [root@srv /]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FO...
by mducharme
Thu Jan 07, 2021 6:32 am
Forum: RouterOS v7 BETA
Topic: IPv6 Radius Accounting Not Working for PPPOE Clients (Delegated Prefix)
Replies: 31
Views: 5077

Re: IPv6 Radius Accounting Not Working for PPPOE Clients (Delegated Prefix)

I think limiting the clients with the PPPOE usernames limits the clients to the Cap specified on the dynamic Queues by radius both for v4 & v6. Yes, limits have always been working, that is not the problem. The issue is tracking the prefix that the customer receives, which is often a legal requ...
by mducharme
Wed Jan 06, 2021 6:03 am
Forum: Beginner Basics
Topic: IPv6 Firewall
Replies: 22
Views: 1176

Re: IPv6 Firewall

Is this a MikroTik feature or a generic Linux iptables feature? Connection tracking is part of iptables. My experience with Linux suggests that connections are tracked even if there are no iptables rules, so Linux uses what MikroTik calls the "on" setting instead of the "auto" s...
by mducharme
Wed Jan 06, 2021 4:57 am
Forum: Beginner Basics
Topic: IPv6 Firewall
Replies: 22
Views: 1176

Re: IPv6 Firewall

There is no explicit rule to create firewall state based on outgoing packets, and nevertheless state is created and return traffic via sit1 is being permitted. Where exactly is the state created in this example? Connection state tracking happens by default on "auto" when there is at least...
by mducharme
Mon Jan 04, 2021 8:46 am
Forum: RouterOS v7 BETA
Topic: Segment Routing and IS-IS
Replies: 13
Views: 1562

Re: Segment Routing and IS-IS

+1

However, I also do want to see RouterOS v7 stabilized. I would be thrilled if we could move our core BGP routers to ROS 7 in a years time or so. We need working MPLS first for that, and for the existing routing stack to have stabilized enough.
by mducharme
Mon Jan 04, 2021 3:47 am
Forum: General
Topic: WPA3 on existing Mikrotik routers/APs [SOLVED]
Replies: 23
Views: 20139

Re: WPA3 on existing Mikrotik routers/APs [SOLVED]

Hi. I wonder, the wave2 driver is installed by default in 7.1.beta3 or do I have to activate it in some way?
I just read that it says "cli only" and I don't see wpa3 options
It is an optional package.. you have to download the all packages.zip file and you'll find it in there.
by mducharme
Sat Jan 02, 2021 3:19 am
Forum: General
Topic: VLANs, CAPsMAN and the case of the missing DHCP
Replies: 3
Views: 340

Re: VLANs, CAPsMAN and the case of the missing DHCP

Bump.

Can anyone offer any advice, please?
ether2 needs to be set as tagged for vlan 10, 20 and 30, along with the bridge itself.

There is no point in setting untagged= for any VLANs in your case, it doesn't do anything.
by mducharme
Sat Jan 02, 2021 2:49 am
Forum: Beginner Basics
Topic: Best method to clean the Router.
Replies: 10
Views: 1178

Re: Best method to clean the Router.

I came to this thread wondering whether people were going to suggest simply wiping it off with a damp cloth, soap and water, or some kind of disinfecting cloth, and wound up being mildly disappointed. ;)
by mducharme
Thu Dec 31, 2020 8:22 pm
Forum: General
Topic: Trying to get IPV6 working with RouterOS 6.48
Replies: 7
Views: 681

Re: Trying to get IPV6 working with RouterOS 6.48

As mentioned, I'm able to get a prefix from using DHCPv6 Client and assign an IP to the bridge interface. This allows my clients to receive an IP address using SLAAC but I can't get past the hEX in the traceroute but I can ping public resources from hEX and correctly traceroute them. In the tracero...
by mducharme
Thu Dec 31, 2020 5:44 am
Forum: General
Topic: Trying to get IPV6 working with RouterOS 6.48
Replies: 7
Views: 681

Re: Trying to get IPV6 working with RouterOS 6.48

If I enable the the DHCPv6 Client in RouterOS I'm able to get a /64 prefix from the modem. I tried setting other Pool Prefix Lengths like a /60 and a ::/60 prefix hint but I always get a /64 prefix from the modem. Would that still be usable? Yes, if it does that, it will be usable - the only downsi...
by mducharme
Thu Dec 31, 2020 5:35 am
Forum: The User Manager
Topic: User Manager as simple RADIUS server
Replies: 1
Views: 362

Re: User Manager as simple RADIUS server

Is this correct, or does User Manager can be used as a simple RADIUS server for any device? I have a small home/lab network and my AP is an Aruba Instant ON model. I'd be happy (for now) with only the user/password authentication functionality. User Manager can be used as a RADIUS server for other ...
by mducharme
Thu Dec 31, 2020 5:09 am
Forum: General
Topic: Trying to get IPV6 working with RouterOS 6.48
Replies: 7
Views: 681

Re: Trying to get IPV6 working with RouterOS 6.48

My fiber ISP has a modem which can only do Routing (no bridge mode). If they don't do bridge mode, the only way this will work is if their modem acts as a DHCPv6-PD server, and you can request a prefix from it by configuring a DHCPv6-PD client on the MikroTik. Unfortunately, it is most likely that ...
by mducharme
Thu Dec 31, 2020 4:53 am
Forum: RouterOS v7 BETA
Topic: v7 Dynamic routing using IPv6 and OSPFv3/BGP with examples
Replies: 1
Views: 732

Re: v7 Dynamic routing using IPv6 and OSPFv3/BGP with examples

I've been working on a lab for ROSv7 to provide examples for IPv6 config with OSPF and BGP. Details are in the blog post. Hope it's helpful! It is helpful, but actually the syntax has changed drastically between beta2 and beta3, so a lot of what you have has to be adjusted quite a bit for beta3 (un...
by mducharme
Tue Dec 29, 2020 3:43 am
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 324
Views: 62195

Re: v6.48 [stable] is released!

Another issue - the bridging by default forwards LLDP frames from other devices. The issue is that if the VoIP phone receives one of these (and mine has), it will flap back to untagged VLAN since the other device's LLDP frame is missing the LLDP-MED Network Policy VLAN. IMO, it would be ideal if the...
by mducharme
Tue Dec 29, 2020 2:57 am
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 324
Views: 62195

Re: v6.48 [stable] is released!

One further update: If I create a second VLAN on the bridge, the phone starts flapping again between untagged and voice vlan tagged. It appears that once it is on the voice vlan, it starts to process any VLAN tagged LLDP packets, even those that are for a completely unrelated VLAN (i.e. it is ignori...
by mducharme
Tue Dec 29, 2020 2:17 am
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 324
Views: 62195

Re: v6.48 [stable] is released!

It is a rather simple setup - just an RB4011 with the phone plugged in to one of the ports, no bridge VLAN filtering used, and a voice VLAN on the bridge. Update - I figured out the issue. Every minute or so, the router was sending out an LLDP packet to the phone on both the bridge itself (untagged...
by mducharme
Tue Dec 29, 2020 1:12 am
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 324
Views: 62195

Re: v6.48 [stable] is released!

Has anybody tried the LLDP-MED support yet? The only device I have to test with at home is an old antique Cisco 7941 phone, and although it gets the VLAN ID through LLDP-MED, after it connects to the voice VLAN and gets an IP there, it goes back to the main VLAN, then proceeds to flap back and forth...
by mducharme
Mon Dec 28, 2020 11:01 pm
Forum: General
Topic: Feature Request: IPv6 NAT66 Support
Replies: 42
Views: 12346

Re: Feature Request: IPv6 NAT66 Support

The way forward is to slowly fix current mess. But really fix what's broken, not create workarounds that allow broken stuff to work. If home routers can't deal with larger prefix, then they are broken and users should get their money back. If ISPs give out single /64s to accomodate broken routers, ...
by mducharme
Mon Dec 28, 2020 3:30 am
Forum: General
Topic: Feature Request: IPv6 NAT66 Support
Replies: 42
Views: 12346

Re: Feature Request: IPv6 NAT66 Support

My useless ISP gives only a single /64, you can imagine trying to subnet that. I'm moving to VyOS as soon as I can as they support NPTv6 natively. Have you tried setting your DHCPv6 client to ask for a /60 or /56 in the prefix hint? I did that when I was first messing around with IPv6 a few years a...
by mducharme
Fri Dec 25, 2020 9:24 pm
Forum: Wireless Networking
Topic: Inconsistent speed HAP AC2 vs HAP Lite
Replies: 35
Views: 2442

Re: Inconsistent speed HAP AC2 vs HAP Lite

A setting suggestion I would have, if you don't already have it, is to try enabling "adaptive noise immunity" on the CAP device itself. This is done through the advanced tab of the wireless interface. You will have to temporarily switch off the CAP functionality in order to change this set...
by mducharme
Fri Dec 25, 2020 8:51 pm
Forum: Wireless Networking
Topic: Inconsistent speed HAP AC2 vs HAP Lite
Replies: 35
Views: 2442

Re: Inconsistent speed HAP AC2 vs HAP Lite

/caps-man channel add band=2ghz-onlyn extension-channel=Ce frequency=2452 name=channels-laci-2.4 /caps-man datapath add bridge=bridge l2mtu=1600 local-forwarding=yes mtu=1500 name=datapath-caps-laci /caps-man rates add basic=12Mbps name=rates-laci-2.4 supported=12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54...
by mducharme
Fri Dec 25, 2020 1:00 am
Forum: Wireless Networking
Topic: Inconsistent speed HAP AC2 vs HAP Lite
Replies: 35
Views: 2442

Re: Inconsistent speed HAP AC2 vs HAP Lite

I'm also not saying that this is a bad device in any way. For this amount of money, it can do fantastic things. I'm just saying that not showing such important limitations is bad practice. Make sure you are using local forwarding, not CAPsMAN forwarding. You will get the highest data rate with loca...
by mducharme
Thu Dec 24, 2020 9:43 am
Forum: General
Topic: Feature Request: IPv6 NAT66 Support
Replies: 42
Views: 12346

Re: Feature Request: IPv6 NAT66 Support

On IPv6 I generally avoid NAT but see the need for NPT. However, I do actually agree that in a few corner cases NAT66 can be helpful. I would never use it to NAT users, but in one case I am using NAT66 port forward for a RADIUS IP to avoid having to manually add dozens of clients as RADIUS clients. ...
by mducharme
Thu Dec 24, 2020 2:42 am
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 324
Views: 62195

Re: v6.48 [stable] is released!

*) tr069-client - send correct "ConnectionRequestURL" when using IPv6; I am a bit puzzled by this fix as even though our clients are mostly dual stack, and our ACS URL has both A and AAAA records and is listening on IPv4 and IPv6, I've never seen the clients ever attempt to connect to the...
by mducharme
Thu Dec 24, 2020 2:27 am
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 324
Views: 62195

Re: v6.48 [stable] is released!

What has changed in the defaults for user groups and neighbor discovery?
I'm not sure about neighbor discovery, but in user groups it appears that the group "full" does not have the "dude" policy enabled by default.
by mducharme
Sun Dec 20, 2020 12:03 am
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 43012

Re: v7.1beta3 [development] is released!

Something strange is happening when 7.1beta3 is used as a client in WG and the remote peer uses a domain in "endpoint-address". The tunnel will appear dead (0bps, 0pps) after reboot. Disabling the interface and enabling it again does nothing. Attempting ping to that hostname from the rout...
by mducharme
Sat Dec 19, 2020 10:51 pm
Forum: Beginner Basics
Topic: Routing between bridge interfaces - masquerade required or not?
Replies: 17
Views: 1290

Re: Routing between bridge interfaces - masquerade required or not?

There is this bit:

/interface bridge settings
set allow-fast-path=no use-ip-firewall=yes use-ip-firewall-for-pppoe=yes

If you don't need to have those set to "yes", I would recommend changing them to "no" (the default).
by mducharme
Sat Dec 19, 2020 7:50 am
Forum: Beginner Basics
Topic: Routing between bridge interfaces - masquerade required or not?
Replies: 17
Views: 1290

Re: Routing between bridge interfaces - masquerade required or not?

and my bridge config:
Can you export your full config with export hide-sensitive?
by mducharme
Sat Dec 19, 2020 6:55 am
Forum: Beginner Basics
Topic: Routing between bridge interfaces - masquerade required or not?
Replies: 17
Views: 1290

Re: Routing between bridge interfaces - masquerade required or not?

"I tried to print it out but that did not work, interface list print did not work for me, it showed the list names but dit not print the interface names."
You need to run "interface list member print" to see the memberships.
by mducharme
Sat Dec 19, 2020 6:30 am
Forum: Beginner Basics
Topic: Routing between bridge interfaces - masquerade required or not?
Replies: 17
Views: 1290

Re: Routing between bridge interfaces - masquerade required or not?

I am connected to ap10 and cannot ping a device on ap9, e.g. 192.168.1.3. I can ping the ap9 interface though (192.168.1.2.2). This behavior will be normal with the default firewall. You'll have to add the other two bridges to the Interface List named "LAN" if you want to be able to ping ...
by mducharme
Sat Dec 19, 2020 6:20 am
Forum: Beginner Basics
Topic: Routing between bridge interfaces - masquerade required or not?
Replies: 17
Views: 1290

Re: Routing between bridge interfaces - masquerade required or not?

What else can be done to fix this problem, or is NAT required?
Your firewall must have been configured to block the traffic between VLANs, given your description. The factory default MikroTik firewall should not do this, but you might have modified it.
by mducharme
Fri Dec 18, 2020 5:14 am
Forum: Announcements
Topic: v6.48rc [testing] is released!
Replies: 18
Views: 5101

Re: v6.48rc [testing] is released!

Should be fixed in the next build. For Delegated-IPv6-Prefix - any chance of adding the feature address-change-immediate-update like in Juniper? https://kb.juniper.net/InfoCenter/index?page=content&id=KB31659 You already are doing RADIUS accounting for the DHCPv6-PD session for a PPPoE tunnel, ...
by mducharme
Fri Dec 18, 2020 4:25 am
Forum: RouterOS v7 BETA
Topic: hAP lite 100% CPU on default config, frequent lock-ups since first ros7 beta
Replies: 2
Views: 520

Re: hAP lite 100% CPU on default config, frequent lock-ups since first ros7 beta

I have performed hard-reset, unplugged a cable from WAN port. And only after booting it up and waiting for ~3minutes i have managed to access my router to look at the tool->profile (see attachment below). After another 5 minutes CPU load lowered to 4%, then I have updated a firmware and rebooted. A...
by mducharme
Fri Dec 18, 2020 2:04 am
Forum: The User Manager
Topic: Hotspot login page does not load automatically
Replies: 5
Views: 13399

Re: Hotspot login page does not load automatically

See my config below:
This line might be your problem:
/ip hotspot walled-garden
add action=allow comment="place hotspot rules here" disabled=no !dst-host dst-port="" !method !path !server !src-address
by mducharme
Thu Dec 17, 2020 9:26 pm
Forum: Forwarding Protocols
Topic: OSPFv3 + PPPoE + area stub [SOLVED]
Replies: 2
Views: 403

Re: OSPFv3 + PPPoE + area stub [SOLVED]

Hello everyone! I can't summarize routes in ospfv3 in a simple way like ospfv2, does anyone have any howto that really works that they can share? Thank you all! What you can do is add the IPv6 supernet that all of your PPPoE customers are in on a loopback bridge, give the loopback bridge the last a...
by mducharme
Wed Dec 16, 2020 6:24 am
Forum: General
Topic: Is there a reason posting is disabled in the announcements? IE software feedback
Replies: 4
Views: 650

Re: Is there a reason posting is disabled in the announcements? IE software feedback

I cannot post a reply either for that topic. I suspect it was a mistake.
by mducharme
Tue Dec 15, 2020 5:58 am
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 43012

Re: v7.1beta3 [development] is released!

Hello! It is not clear to me if wave2 will finally reach my mikrotik rb4011. They said they were experimental packages and that old devices would not be supported. I misunderstood? Yes, I think this is mostly their beta testing for WiFi 6 (802.11ax). However, since the current wave2 beta test packa...
by mducharme
Tue Dec 15, 2020 3:33 am
Forum: General
Topic: Hotspot Apple Login Page HELP!
Replies: 34
Views: 6769

Re: Hotspot Apple Login Page HELP!

Hello, the customer also has access to their router, so maybe there is something wrong with the config. This problem ONLY happens with iOS 14 clients. Everything else is fine. Funny thing, we only have the one customer with this issue. Thanks. Hi, As normis explained, the devices try to fetch the c...
by mducharme
Tue Dec 15, 2020 3:01 am
Forum: General
Topic: Hotspot Apple Login Page HELP!
Replies: 34
Views: 6769

Re: Hotspot Apple Login Page HELP!

I appreciate that. However the client does not want their config posted. We have setup a ton of Hotspot Managers, I was just hoping someone else knew of the existing iOS14 issues. Hi, There are no "existing iOS14 issues". I've tested iOS 14 clients and have zero issues with them seeing th...
by mducharme
Mon Dec 14, 2020 10:47 pm
Forum: General
Topic: Hotspot Apple Login Page HELP!
Replies: 34
Views: 6769

Re: Hotspot Apple Login Page HELP!

OK, do I email to support@mikrotik.com?
Thank you.
Post it here, if you want to get feedback.
by mducharme
Mon Dec 14, 2020 10:11 pm
Forum: General
Topic: Hotspot Apple Login Page HELP!
Replies: 34
Views: 6769

Re: Hotspot Apple Login Page HELP!

Hey Normis, do you have any other suggestions? Thank you.
Export the full config of the device with hide-sensitive.
by mducharme
Mon Dec 14, 2020 8:44 pm
Forum: General
Topic: Queue tree not working as expected
Replies: 42
Views: 2167

Re: Queue tree not working as expected

As I told earlier, my end goal is to prioritize all TCP traffic. Anything that I put into limit-at will be given. Even if it is not used. If you try to put all TCP traffic into a tree, then it is easy to see that the more limit-at values you give, the more bandwidth you will loose for the leaf queu...
by mducharme
Mon Dec 14, 2020 8:36 pm
Forum: General
Topic: Queue tree not working as expected
Replies: 42
Views: 2167

Re: Queue tree not working as expected

Well, I had two simple main goals. Being able to use the full bandwidth was one of them. In my case, my home service ISP (a large cable provider) always provides a bit more than the maximum, and doing speed tests at peak times has never given me less than the maximum. As a result, in my case, I'm a...
by mducharme
Mon Dec 14, 2020 8:33 pm
Forum: General
Topic: RB750Gr3 with a Bluecave as an AP for wireless
Replies: 3
Views: 311

Re: RB750Gr3 with a Bluecave as an AP for wireless

** I would sure like to hear back from someone with an idea of what could be causing this.**
Is there a reason you have add-arp=yes for the DHCP server? What if you change that to no?
by mducharme
Mon Dec 14, 2020 8:21 pm
Forum: General
Topic: Queue tree not working as expected
Replies: 42
Views: 2167

Re: Queue tree not working as expected

* Prioritization will not work correctly if your actual limit is less than the theorietical (given in limit-at) * The actual limit is and will always be different from the theoretical limit. Here is the conclusion: prioritization does not work with WAN connections. After putting so much work into t...
by mducharme
Mon Dec 14, 2020 8:04 pm
Forum: General
Topic: Queue tree not working as expected
Replies: 42
Views: 2167

Re: Queue tree not working as expected

1. allow full available bandwidth flow through the queue tree 2. when there is not enough bandwidth, then distribute it between leaf nodes with given ratios I just don't know how to express this with queue trees. For #2, that is what limit-at is for, basically. You will get closer to the results yo...
by mducharme
Mon Dec 14, 2020 7:43 pm
Forum: RouterOS v7 BETA
Topic: Feature Request: L2 transport
Replies: 1
Views: 372

Re: Feature Request: L2 transport

Do you have any plans for better L2 transport options in ROS v7 ?
They have implemented VXLAN already, so this is an option.
by mducharme
Mon Dec 14, 2020 7:37 pm
Forum: General
Topic: Queue tree not working as expected
Replies: 42
Views: 2167

Re: Queue tree not working as expected

Test results: * Server1 got 343 Mbps * Server2 got 4.6Mbps * Meanwhile, CPU was 28% occupied. This board has 2 CPUs, so even the CPU power was more than enough. Those results are absolutely correct given your settings and are what you should have reached. I'm afraid you have a misunderstanding of t...
by mducharme
Mon Dec 14, 2020 2:57 am
Forum: General
Topic: Queue tree not working as expected
Replies: 42
Views: 2167

Re: Queue tree not working as expected

I was using bridge filters to mark packets, had only changed queue settings. I wasnt worried about his connection/marking. I figured he had that worked out. The queuing was the oddity. MPLS is pretty much the only time I use bridge filters to mark packets, or possibly if I wanted to do QoS on bridg...
by mducharme
Mon Dec 14, 2020 2:19 am
Forum: General
Topic: Queue tree not working as expected
Replies: 42
Views: 2167

Re: Queue tree not working as expected

I would add that once you start mixing connection marks and packet marks, it starts to get quite easy to have a logic error where packets end up getting marked in unexpected ways, or do not get marked at all. In such cases it makes sense to start with a really simple mark-packet mangle rule like I t...
by mducharme
Mon Dec 14, 2020 2:09 am
Forum: General
Topic: Queue tree not working as expected
Replies: 42
Views: 2167

Re: Queue tree not working as expected

Interestingly enough. I was able to fully duplicate what the OP complained about this morning before I left the house. Now that Ive tested with the sub-parent, and returned to a queue more like described above, it works as it should. I know 6.47 does operate differently than 6.47.8 does. I've been ...
by mducharme
Mon Dec 14, 2020 1:53 am
Forum: General
Topic: Queue tree not working as expected
Replies: 42
Views: 2167

Re: Queue tree not working as expected

With 6.47.8 and what hardware?
6.48 beta58, RB4011 wifi model, fasttrack disabled (of course)

I don't think 6.47.8 should behave any differently.
by mducharme
Mon Dec 14, 2020 1:50 am
Forum: General
Topic: Queue tree not working as expected
Replies: 42
Views: 2167

Re: Queue tree not working as expected

Without the intermediate queue on this release, the prioritized traffic it not queued/dropped/limited at properly. CIR works as intended, but the max-limit is the problem. As he noted, it pretty much is split 50/50 until max-limit is reached on the child queues This is what I get with my queue setu...
by mducharme
Mon Dec 14, 2020 1:20 am
Forum: General
Topic: Queue tree not working as expected
Replies: 42
Views: 2167

Re: Queue tree not working as expected

I found a simple work around. /queue tree add limit-at=10M max-limit=10M name=local_out parent=bridge add max-limit=10M name=queue_local_out parent=local_out add comment="SSH 10k guaranteed, high priority" limit-at=10k max-limit=10M name=ssh_to_bridge packet-mark=ssh parent=queue_local_ou...
by mducharme
Mon Dec 14, 2020 12:20 am
Forum: General
Topic: Queue tree not working as expected
Replies: 42
Views: 2167

Re: Queue tree not working as expected

There are some setups where the LAN side has multiple bridges and interfaces. Is it okay use in-interface=WAN and out-interface=WAN? I'm not too comfortable with using bridges as interfaces, it becomes hard for me to tell wether an encapsulated / tunelled etc. package gets mangled and queued twice ...
by mducharme
Sun Dec 13, 2020 11:48 pm
Forum: General
Topic: CAPsMan and dividing 2.4 and 5 Ghz channels across multiple AP's
Replies: 6
Views: 1276

Re: CAPsMan and dividing 2.4 and 5 Ghz channels across multiple AP's

I would expect that CAPsMan is dividing the channels in such a way that there is a minimum overlap. Or or are my expectations incorrect? No, CAPsMAN does no coordination of channels between APs. The auto-frequency function in the AP takes only that AP into account, and the way it works is that it d...
by mducharme
Sun Dec 13, 2020 11:39 pm
Forum: General
Topic: Forum registration disabled?
Replies: 2
Views: 299

Forum registration disabled?

Hello,

I know a user who is trying to register for an account, but the registration function seems to be gone from the forum. What happened to it?
by mducharme
Sun Dec 13, 2020 10:33 pm
Forum: Useful user articles
Topic: Using RouterOS to VLAN your network
Replies: 154
Views: 101517

Re: Using RouterOS to VLAN your network

One thing I do not like about the configuration shown in the examples up at the top (which are otherwise very good) is that it has unnecessary use of the "untagged" setting. You never really have to set anything as untagged manually like that, unless you are using something like MAC-based ...
by mducharme
Fri Dec 11, 2020 11:31 pm
Forum: RouterOS v7 BETA
Topic: HAP mini unable to update
Replies: 25
Views: 2295

Re: HAP mini unable to update

I personally didn't have issues with the hAP mini recently. I upgraded it just fine from 7.1beta2 to 7.1beta3. I did have issues getting it on 7 beta from 6.48 initially but that was with older beta that was larger.
by mducharme
Fri Dec 11, 2020 9:06 pm
Forum: RouterBOARD hardware
Topic: New High Performance Routers ! ?
Replies: 82
Views: 15495

Re: New High Performance Routers ! ?

The CCR2016 should be coming eventually - presumably that is a 16-core ARM64 device. I would hope that we see that in the next year but no official word yet.
by mducharme
Thu Dec 10, 2020 10:41 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 43012

Re: v7.1beta3 [development] is released!

I upgraded CCR2004 and reconfigure OSPF but i do not get a link, all i get is Exchange, ExStart and no Full link. Is there something i am missing?
Impossible to tell without seeing your setup, but I can confirm that OSPFv2 works fine for me in beta 3. OSPFv3 is not working.
by mducharme
Thu Dec 10, 2020 2:01 am
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 43012

Re: v7.1beta3 [development] is released!

Correct me if I got this wrong, is the issue with 2.4GHz not working because it’s shared with the 4 antennas that’s used by the 5GHz and not separate? No, it is because it uses an Atheros chip and the new WifiWave2 currently only includes drivers for Qualcomm (QCAxxxx and IPQxxxx) chips. The 5GHz i...
by mducharme
Thu Dec 10, 2020 12:27 am
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 43012

Re: v7.1beta3 [development] is released!

Ospf not working same issue as Chupaka. downgrading to beta2 to resolve. Beta 2 was straight forward to get OSPF working either. OSPFv2 does work, but it doesn't convert the beta 2 config to the new beta 3 style, so any lines of config that have had syntax changes will disappear completely when you...
by mducharme
Wed Dec 09, 2020 10:29 pm
Forum: Scripting
Topic: FastTrack-Friendly QoS Script
Replies: 50
Views: 21275

Re: FastTrack-Friendly QoS Script

Still would love to see that export though, if anyone has it handy! (-: /ip firewall mangle add action=set-priority chain=postrouting comment="Respect DSCP tagging" new-priority=from-dscp-high-3-bits passthrough=yes add action=set-priority chain=postrouting comment="Prioritize ACKs&q...
by mducharme
Wed Dec 09, 2020 1:13 am
Forum: Forwarding Protocols
Topic: VLAN over VPLS Link
Replies: 9
Views: 630

Re: VLAN over VPLS Link

The default layer 2 MTU of a VPLS tunnel is 1500 which is too small to admit a VLAN tag with a full size packet. You'll need to increase your advertised L2MTU to at least 1504 from 1500.
by mducharme
Tue Dec 08, 2020 10:16 pm
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 185
Views: 65329

Re: v6.48beta [testing] is released!

Can you please Share me how to do this? I don't use unlang every day so I don't have the greatest handle on the syntax, but this should be close to what you need: if (!Delegated-IPv6-Prefix) { update request { &Delegated-IPv6-Prefix = %{sql:select delegatedipv6prefix from radacct where username...
by mducharme
Tue Dec 08, 2020 7:16 am
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 185
Views: 65329

Re: v6.48beta [testing] is released!

Hope Mikrotik Team May Implement the same soon.....
I hope so too. In the meantime, if you use FreeRADIUS, it is possible to work around this with a bit of unlang code to revise the PPPoE accounting lines since the MAC address can be used to reference either.
by mducharme
Tue Dec 08, 2020 4:20 am
Forum: General
Topic: PPPoE AC topology question - firewalling
Replies: 12
Views: 798

Re: PPPoE AC topology question - firewalling

2. What about customer routers which they leave open wan access to management their own devices? What about customers radios - eg with terminated pppoe? I can change port or make firewall on customers devices. It shouldn't be your responsibility to protect your customers routers. If they decide to ...
by mducharme
Tue Dec 08, 2020 2:59 am
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 185
Views: 65329

Re: v6.48beta [testing] is released!

1. When the accounting is being sent to radius the DHCP is creating seperate User Name=<MAC ID> which is not letting the Radius Fetch the Delegation Details. Yes you didn't read my other sentence: What MikroTik still has to do is implement the equivalent of the "address-change-immediate-update...
by mducharme
Tue Dec 08, 2020 12:52 am
Forum: Scripting
Topic: RSC backup restore failing on same model hardware and routerOS version
Replies: 2
Views: 264

Re: RSC backup restore failing on same model hardware and routerOS version

and then trying to restore same file on a new device which is same model Hardware and also same RouterOS version using command /system reset-configuration run-after-reset=flash/backup.rsc This won't work because it will start running the .rsc file before all of the interfaces have initialized, so i...
by mducharme
Mon Dec 07, 2020 9:32 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 43012

Re: v7.1beta3 [development] is released!

What on the Audience? Will you have the two 5Ghz Radio available to play around? Yes, I tested it on my Audience and all three radios appear. However, there is no support for bridging as of yet, so using the second radio as an uplink as it was designed is not really possible. You would need to conn...
by mducharme
Mon Dec 07, 2020 7:58 pm
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 185
Views: 65329

Re: v6.48beta [testing] is released!

1. When the accounting is being sent to radius the DHCP is creating seperate User Name=<MAC ID> which is not letting the Radius Fetch the Delegation Details. Yes you didn't read my other sentence: What MikroTik still has to do is implement the equivalent of the "address-change-immediate-update...
by mducharme
Mon Dec 07, 2020 8:37 am
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 43012

Re: v7.1beta3 [development] is released!

Also, I had hoped for MPLS to be added in this new beta. Do you expect to have MPLS support added before RouterOS 7 is released? Although it seems there are a few glitches here and there to work out, for the most part things are working in ROS 7 now. MPLS seems to be the biggest thing missing.
by mducharme
Mon Dec 07, 2020 5:10 am
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 43012

Re: v7.1beta3 [development] is released!

It is hard to say whether it is due to the architecture or instead something related to the drivers or the particular configuration I have. The RB4011 is my main router at home so I am using a lot of features on it, I am not entirely surprised that I am encountering instability as a result. However...
by mducharme
Sat Dec 05, 2020 10:47 pm
Forum: General
Topic: PPPoE AC topology question - firewalling
Replies: 12
Views: 798

Re: PPPoE AC topology question - firewalling

Because of security. I wanna block access to web/ssh/telnet management on other devices. I dont want the customer to see other device. Customers often leave their devices not secured enough, also our management needs to be protected. But I would presume you are using a management VLAN for your radi...
by mducharme
Sat Dec 05, 2020 10:17 pm
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 185
Views: 65329

Re: v6.48beta [testing] is released!

I Just Tried but no improvement Still Not Sending Delegated IPv6 Prefix to Radius on Accounting :( In the RADIUS menu you have to check not only the PPP box but also the DHCP box for the RADIUS server, then the delegated prefix will be sent on accounting. /radius add address=192.168.88.254 secret=m...
by mducharme
Sat Dec 05, 2020 10:08 pm
Forum: Wireless Networking
Topic: Band Steering implementation?
Replies: 74
Views: 24459

Re: Band Steering implementation?

Well, the bottom line is; Do we need to exchange hardware to keep up with new technology and is it backwards compatible for clients. And when is this going to happen? If I can change my AP's but still connect 'legacy' CPE's it gives me time to swap my P2MP network and can spread the investment. If ...
by mducharme
Sat Dec 05, 2020 4:59 am
Forum: Forwarding Protocols
Topic: mpls on hAP (941)
Replies: 2
Views: 300

Re: mpls on hAP (941)

We ran MPLS in a mixed Cisco-MikroTik environment before moving entirely to MikroTik. No major issues to speak of.
by mducharme
Sat Dec 05, 2020 4:57 am
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 43012

Re: v7.1beta3 [development] is released!

This would substantiate the issues I'm seeing on all the CCR2004 I've tried. So the build of ROS7B3 is borked for Arm? It is hard to say whether it is due to the architecture or instead something related to the drivers or the particular configuration I have. The RB4011 is my main router at home so ...
by mducharme
Sat Dec 05, 2020 3:59 am
Forum: Wireless Networking
Topic: Band Steering implementation?
Replies: 74
Views: 24459

Re: Band Steering implementation?

Alternatively just give up on AC feature set entirely and this time put a proper effort into Wifi6 and do it right. Start again but without dragging heels in the sand forever, so that at least in 1 or 2 years time MikroTik can actually be competitive in the wireless space That is basically what the...
by mducharme
Sat Dec 05, 2020 3:54 am
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 43012

Re: v7.1beta3 [development] is released!

Came home today to no wifi. Looks like the Audience was caught in a boot loop I ended up having to reset See if this is a one off or daily occurrence I had to revert back to Beta 2 on my Audience. No boot loop, but the management interface was only accessible via MAC telnet and showed no interfaces...
by mducharme
Fri Dec 04, 2020 3:38 am
Forum: Wireless Networking
Topic: Band Steering implementation?
Replies: 74
Views: 24459

Re: Band Steering implementation?

I just bought a bunch, and installed, Tenda-AC21 routers. The only difference with the AC23 is it has 2 antennas less. But they work like a charm! People that needed repeaters before can ditch them. Those with 5 Ghz enabled devices automatically connect to the 5 Ghz radio and they see for the first...
by mducharme
Fri Dec 04, 2020 2:42 am
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 43012

Re: v7.1beta3 [development] is released!

OSPFv2 is somewhat unstable now, with either broadcast or PTP network type forming neighbor with ROS 6 - "received wrong LS Ack" in log, with ROS 6 router. Appears to result in crashing entire routing stack for a second, causing tunnels to drop and re-establish and also causing BGP peering...
by mducharme
Thu Dec 03, 2020 10:47 pm
Forum: General
Topic: PPPoE AC topology question - firewalling
Replies: 12
Views: 798

Re: PPPoE AC topology question - firewalling

It looks exactly what i need. I will test it during night. Now i know "where to dig". My fault, gw means gateway - ccr1072 on map - NAT/FIREWALL. I would be really careful with that. If you are policy routing that to the gateway, forcing it there, and the gateway has a route to send the t...
by mducharme
Thu Dec 03, 2020 10:06 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 43012

Re: v7.1beta3 [development] is released!

RB4011 wifi model - upgraded fine, works hAP ac (running as cap) - upgraded fine, works Mikrotik Audience (running as cap) - management hangs about every half hour to hour, going into mac winbox connects but interfaces/wireless menu is empty. Reboot fixes it for another half hour to an hour. Tried r...
by mducharme
Thu Dec 03, 2020 9:46 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 43012

Re: v7.1beta3 [development] is released!

I upgraded a CHR that I use for some testing from v7.1beta2 to v7.1beta3. After upgrade, the BGP link that was configured does not come up. Yes, the required BGP fields have changed. If you created BGP config in 7.1beta2, you have to delete it, upgrade to 7.1 beta 3, make sure all BGP config is gon...
by mducharme
Thu Dec 03, 2020 9:22 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 43012

Re: v7.1beta3 [development] is released!

After upgrade, all my OSPF settings disappeared (except of Instance)
Yes, this happened to me as well. The issue is the required and optional fields have changed, so the old config tries to apply but fields do not exist anymore or have now been named differently.
by mducharme
Thu Dec 03, 2020 8:58 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 43012

Re: v7.1beta3 [development] is released!

Apparent OSPFv3 bug in v7.1beta3 - PTP network type is giving "wrong checksum" when trying to establish neighbor with ROS v6 device. OSPFv2 seems to work OK.
by mducharme
Thu Dec 03, 2020 2:24 am
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 387
Views: 97264

Re: v7.1beta2 [development] is released!

Apparent OSPFv3 bug in v7.1beta3 - PTP network type is giving "wrong checksum" when trying to establish neighbor with ROS v6 device. OSPFv2 seems to work OK.
by mducharme
Tue Dec 01, 2020 4:48 am
Forum: General
Topic: Report "Delegated-IPv6-Prefix" attribute for PPPoE
Replies: 226
Views: 61856

Re: Report "Delegated-IPv6-Prefix" attribute for PPPoE

They have finally added it in 6.48 beta58! I tested it and it seems to work - it sends back the dynamically assigned prefix via an accounting packet to the RADIUS server. The only issue that I see is that it treats the IPv6 session as a completely separate RADIUS session, so it has a different sessi...
by mducharme
Tue Dec 01, 2020 4:36 am
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 185
Views: 65329

Re: v6.48beta [testing] is released!

The remaining issue now is that it considers the IPv6 DHCP to be a completely separate RADIUS session from the PPPoE, and the username does not match (it uses the MAC instead). But at least it is being reported back to the RADIUS server.
by mducharme
Tue Dec 01, 2020 4:15 am
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 185
Views: 65329

Re: v6.48beta [testing] is released!

Version 6.48beta58 has been released. *) dhcpv6 server - added support for "Delegated-IPv6-Prefix" for PPP services; Dose this means support is added for Radius Accounting or Can Anyone please Explain this??? I just tested it - RADIUS accounting is now working too for Delegated-IPv6-Prefi...
by mducharme
Tue Dec 01, 2020 12:03 am
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 185
Views: 65329

Re: v6.48beta [testing] is released!

Really happy to finally see Delegated-IPv6-Prefix support for PPPoE. I'm hoping that it includes RADIUS accounting for that attribute as well, or that the accounting is coming soon at least.
by mducharme
Mon Nov 23, 2020 9:49 pm
Forum: Forwarding Protocols
Topic: MPLS/VPLS and HTB / EXP bits
Replies: 15
Views: 3126

Re: MPLS/VPLS and HTB / EXP bits

That makes sense, and now that I know the secret to making the non chr routers properly utilize EXP/COS (as of your comments last night) I was thinking adding the second router as a P router would do as you said above. I havent tested the loss of QOS with php using implicit-null, but in the manual ...
by mducharme
Mon Nov 23, 2020 9:14 pm
Forum: Forwarding Protocols
Topic: MPLS/VPLS and HTB / EXP bits
Replies: 15
Views: 3126

Re: MPLS/VPLS and HTB / EXP bits

But I cant seem to queue the packets that originate from the router. Yes, this is not possible, unfortunately. The issue is that ingress-priority is only set automatically when the packet first arrives at the router, and you can only match ingress-priority in bridge filter rules (not priority). Any...
by mducharme
Mon Nov 23, 2020 9:02 pm
Forum: Forwarding Protocols
Topic: MPLS EXP to COS copy drops to 0 at second router
Replies: 3
Views: 486

Re: MPLS EXP to COS copy drops to 0 at second router

That did the trick. Did I miss that in the manual somewhere? (that its exclusive to non-chr) Thats been a frustrating thing. I've read some of your other posts/threads about needing to use the bridge for qos of mpls packets on incoming/outgoing interfaces. But dropping the COS on ingress downstream...
by mducharme
Mon Nov 23, 2020 4:48 am
Forum: Forwarding Protocols
Topic: MPLS EXP to COS copy drops to 0 at second router
Replies: 3
Views: 486

Re: MPLS EXP to COS copy drops to 0 at second router

Hi, Yes, we experienced this problem long ago. This works fine with CHR but not with any hardware routers - if you are running any hardware router and not CHR, it ends up being COS 0 after the second router. The only workaround we found was to add a single port bridge on the second router, with the ...
by mducharme
Sun Nov 22, 2020 1:57 am
Forum: Forwarding Protocols
Topic: MPLS neighbour addresses 'leaking'?
Replies: 4
Views: 513

Re: MPLS neighbour addresses 'leaking'?

You probably only want your loopback addresses to be advertised in the MPLS forwarding table. Assuming your loopbacks are in a single range, ex. 10.255.255.0/24, you would do something like this: /mpls ldp advertise-filter add prefix=10.255.255.0/24 add advertise=no That tells the MikroTik to advert...
by mducharme
Thu Nov 12, 2020 5:17 am
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 387
Views: 97264

Re: v7.1beta2 [development] is released!

It would be welcome when you release new v7 betas quickly even if they are only for single architecture, e.g. only for CHR. That at least enables some testing and evaluation. Getting them to work on all devices is something that can trail after that. If it only takes another day or two, I don't see...
by mducharme
Sun Oct 18, 2020 9:45 pm
Forum: RouterOS v7 BETA
Topic: IP Route In RouterOS V7
Replies: 7
Views: 1609

Re: IP Route In RouterOS V7

I enter the command: "/ ip firewall mangle add action = mark-routing chain = prerouting connection-mark = from-ISP1 new-routing-mark = to-ISP1 passthrough = yes " in response I get: "input does not match any value of new-routing-mark". How to do it correctly? Now you have to add...
by mducharme
Sun Oct 11, 2020 2:29 am
Forum: Beginner Basics
Topic: IPV6 Firewall [SOLVED]
Replies: 55
Views: 2481

Re: IPV6 Firewall [SOLVED]

Thanks. Yes, that is the problem i appear to have! I did try the refresh as you did but still no result. :( Interesting it comes back as 'not tested'. One would have thought it would say 'unreachable', as the result I get on ios when I try it is 'reachable' for ICMP (As an FYI, i have swapped to th...
by mducharme
Sat Oct 10, 2020 2:11 pm
Forum: Beginner Basics
Topic: IPV6 Firewall [SOLVED]
Replies: 55
Views: 2481

Re: IPV6 Firewall [SOLVED]

Sorry, what i meant was, iOS on my iPhone returns nearly a full house (19/20) on the test site, but OSX and windows10 does'nt (17/20). Also, after pinging my Macbook ipv6 address from the Ultratools website, I do not get any ICMPv6 input packets recorded in the MT firewall, but do get one forwarded...
by mducharme
Fri Oct 09, 2020 6:30 am
Forum: Beginner Basics
Topic: IPV6 Firewall [SOLVED]
Replies: 55
Views: 2481

Re: IPV6 Firewall [SOLVED]

Sorry scrap that, i was pinging the wrong addresses! Performing a ping6 to ipv6.google.com from terminal in osx, i get a response no prorlem, and if i ping my device ipv6 i also get a response from that test site, although that response time is very high comparing it to outgoing. It is likely that ...
by mducharme
Fri Oct 09, 2020 1:34 am
Forum: Beginner Basics
Topic: IPV6 Firewall [SOLVED]
Replies: 55
Views: 2481

Re: IPV6 Firewall [SOLVED]

Just tested on that site with ipv6.google.com and that seems to work ok?

Image
No, I mean use that site to ping your computers on the inside of your network. Check what IPv6 addresses they have, enter them into the ping tool, and see if it can ping them.
by mducharme
Fri Oct 09, 2020 1:23 am
Forum: Beginner Basics
Topic: IPV6 Firewall [SOLVED]
Replies: 55
Views: 2481

Re: IPV6 Firewall [SOLVED]

That test site shows ICMPv6 as "not tested", but this only seems to be on laptops etc. https://thumbsnap.com/f/rzBTR5WR It is probably the firewall on the device that is blocking pings, not the router itself. Test with an online ping tool that supports IPv6, such as https://www.ultratools...
by mducharme
Thu Oct 08, 2020 10:55 pm
Forum: Beginner Basics
Topic: IPV6 Firewall [SOLVED]
Replies: 55
Views: 2481

Re: IPV6 Firewall [SOLVED]

Well, as another update, i configured the icmpv6 protocol etc on the W10 machine and still nothing. I also spoke to my ISP, and they said they supply IPV6 connectivity raw, and do not apply any restrictions on it. What does https://ipv6-test.com/ show? And what makes you think your IPv6 isn't worki...
by mducharme
Wed Oct 07, 2020 7:37 pm
Forum: Beginner Basics
Topic: IPV6 Firewall [SOLVED]
Replies: 55
Views: 2481

Re: IPV6 Firewall [SOLVED]

Just to add, i realised my IPV6 DNS was incorrect but after correcting it, still the same, You can view the default config for the device by executing: /system default-configuration print The default config shown by that command is updated by upgrading the RouterOS version, so it will be the latest...
by mducharme
Tue Sep 29, 2020 1:31 am
Forum: Scripting
Topic: FastTrack-Friendly QoS Script
Replies: 50
Views: 21275

Re: FastTrack-Friendly QoS Script

You'll need to copy and paste the script into scripts (system->scripts->new (+)->paste), change the upload and download bandwidth and inbound and outbound interface names at the top to match your settings, and run the script. (the bandwidths should be slightly less than what you normally receive as...
by mducharme
Thu Sep 24, 2020 2:40 am
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 185
Views: 65329

Re: v6.48beta [testing] is released!

Port Extension is NOT stacking... Right, this isn't stacking - but where this all started was a thread where people were asking for stacking, and MikroTik said they would look for an open standards way, and then they came out with this. Also, they just said in the response to my request for clarifi...
by mducharme
Tue Sep 22, 2020 4:10 am
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 185
Views: 65329

Re: v6.48beta [testing] is released!

Also, for everyone how is interested in the new Bridge Controller and Extender feature, we have created an article that describes it in more detail, more advanced examples are coming soon. Follow this link - https://help.mikrotik.com/docs/display/ROS/Controller+Bridge+and+Port+Extender. Feel free t...
by mducharme
Wed Sep 09, 2020 5:58 am
Forum: RouterOS v7 BETA
Topic: SDWAN using Zerotier
Replies: 25
Views: 10576

Re: SDWAN using Zerotier

+1 for ZeroTier, if possible
by mducharme
Wed Sep 02, 2020 3:13 am
Forum: Announcements
Topic: WinBox v3.25 released!
Replies: 68
Views: 7459

Re: WinBox v3.25 released!

IMHO You shold fix WinBox not ROS ASAP as upgrade to ROS > 6.47 is not always possible I agree with this. It may be caused by a ROS bug but surely there is some way you can have Winbox check the RouterOS version and adjust its behavior based on the version? Perhaps you can use the old code if the R...
by mducharme
Wed Sep 02, 2020 12:29 am
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 185
Views: 65329

Re: v6.48beta [testing] is released!

I have a question about this 802.1BR support. I understand there is this idea of a controlling bridge, which would be like a master switch. What happens if this goes down? Is it a single point of failure? With traditional proprietary stacking solutions from other vendors, the stacked units sync thei...
by mducharme
Mon Aug 31, 2020 11:53 pm
Forum: Beginner Basics
Topic: Mikrotik as L2TP Client connected to Mikrotik L2TP server
Replies: 8
Views: 595

Re: Mikrotik as L2TP Client connected to Mikrotik L2TP server

I have the routers all working in one direction they can all ping thru to the core network 192.168.1.0/24. What the current issue is the route back, the Production router can ping the inside interface of each spoke but no further and only if I set a route to the interface after the L2TP Ipsec tunne...
by mducharme
Sun Aug 30, 2020 1:25 am
Forum: RouterOS v7 BETA
Topic: DHCPv6 Server
Replies: 29
Views: 1849

Re: DHCPv6 Server

Not that it matters too much, because whether DNS server uses IPv4 or IPv6 for transport, it can answer all queries. So if you have IPv6 connectivity but no IPv6 DNS resolvers, it's no problem, because even IPv4 DNS resolver will give you AAAA records needed for IPv6. Yes, of course, either an IPv4...
by mducharme
Sat Aug 29, 2020 11:31 pm
Forum: RouterOS v7 BETA
Topic: DHCPv6 Server
Replies: 29
Views: 1849

Re: DHCPv6 Server

Can a Windows PC get an IPv6 DNS server by SLAAC, RAVD? Yes, Windows 10 supports this since version 1703. There is a gotcha surrounding this support though - Windows prefers DNS servers received through any kind of DHCP to DNS servers advertised via SLAAC. So if you run dual stack IPv4 and IPv6 and...
by mducharme
Sat Aug 29, 2020 8:38 am
Forum: RouterOS v7 BETA
Topic: DHCPv6 Server
Replies: 29
Views: 1849

Re: DHCPv6 Server

Actualy, trainers = MKT staff? If user try to ask something from MKT, some trainer will say: no nooo, user stop asking, and things are done :) I am not MikroTik staff. But Google has said that stateful DHCPv6 is worthless, there is no point to it, and they will never support it in their products be...
by mducharme
Sat Aug 29, 2020 8:02 am
Forum: RouterOS v7 BETA
Topic: DHCPv6 Server
Replies: 29
Views: 1849

Re: DHCPv6 Server

hmmm, last time i checked OpenWrt is was doing exactly this Linux & Windows hosts have they hostnames and addresses was assigned through IPv6 server I'm not talking about "assigning" hostnames through DHCPv6 server. I'm talking about DHCPv6 server collecting existing hostnames. DHCPv4...
by mducharme
Sat Aug 29, 2020 7:58 am
Forum: RouterOS v7 BETA
Topic: DHCPv6 Server
Replies: 29
Views: 1849

Re: DHCPv6 Server

There is only one good reason for implementing stateful DHCPv6 - a lot of home routers when asking for a prefix will also request an address, and if not given both a prefix and an address, they will not accept either. Other than to work around that bug, stateful DHCPv6 addressing is a waste of time ...
by mducharme
Sat Aug 29, 2020 3:46 am
Forum: Forwarding Protocols
Topic: OSPF VPLS/MPLS load balancing and failover
Replies: 7
Views: 2075

Re: OSPF VPLS/MPLS load balancing and failover

I have a suggestion. Since you are dealing with equal traffic over both links, what I would probably do here is use one VLAN for management IPs for the radios and a separate VLAN for traffic, and have no untagged traffic across the links. On the MikroTik router on both sides, create a bonding interf...
by mducharme
Sat Aug 29, 2020 3:36 am
Forum: RouterOS v7 BETA
Topic: Not a fan of the new (/) slash notation.
Replies: 16
Views: 1161

Re: Not a fan of the new (/) slash notation.

Personally, I don't find the slashes a big deal at all. It is more logical than using spaces when it comes to showing people the hierarchy, since the command line really resembles a folder->subfolder structure like a typical file system. For new users, I think it will make things even clearer than t...
by mducharme
Fri Aug 28, 2020 11:51 pm
Forum: RouterOS v7 BETA
Topic: Not a fan of the new (/) slash notation.
Replies: 16
Views: 1161

Re: Not a fan of the new (/) slash notation.

I think the reason for adding the slashes was to make the CLI more like the API - the API has always required the use of slashes where the CLI has used spaces.
by mducharme
Thu Aug 27, 2020 4:18 am
Forum: RouterOS v7 BETA
Topic: DHCPv6 Server
Replies: 29
Views: 1849

Re: DHCPv6 Server

never seen anyone using ipv6
IPv6 is not dead, it is growing. IPv4 is dying. IPv4 NAT cannot handle what is coming in the future. Companies don't feel under any pressure to move, but cell providers are moving and home customers are getting IPv6 at an increasing rate.
by mducharme
Thu Aug 27, 2020 2:37 am
Forum: RouterOS v7 BETA
Topic: DHCPv6 Server
Replies: 29
Views: 1849

Re: DHCPv6 Server

This is a reason why i using other brands in my production LANs MKT is good for guest network, i don't care what guest do there, what is they IP, they are filtered out :) stateful DHCP v6 is a must in serious LAN and i don't care what google say You can use DHCPv6-PD, as others have said, but not u...
by mducharme
Fri Aug 21, 2020 10:30 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 387
Views: 97264

Re: v7.1beta2 [development] is released!

P.S. One thing I would really like to see in the new RouterOS v7 MPLS implementation is MPLS mangle for QoS purposes - specifically, "mark packet" and "set priority" actions for MPLS. Right now to do MPLS QoS on RouterOS we have to create a bunch of extra bridges and use bridge f...
by mducharme
Fri Aug 21, 2020 7:53 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 387
Views: 97264

Re: v7.1beta2 [development] is released!

Any time frame to move off development phase and make it ready for production / stable?
They still have to implement MPLS - I think that is the one major feature still missing from the current beta. Otherwise, there are probably many small fixes needed here and there.
by mducharme
Fri Aug 21, 2020 7:34 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 387
Views: 97264

Re: v7.1beta2 [development] is released!

IPv6 BGP is working now! Thanks MikroTik!
by mducharme
Wed Aug 19, 2020 2:08 am
Forum: General
Topic: Duplicate PPOE sessions with '1>' at end - Yet One session per host is allowed only
Replies: 6
Views: 1286

Re: Duplicate PPOE sessions with '1>' at end - Yet One session per host is allowed only

Okay, thanks. I found that option. It was disabled. So now in Splynx, both POD + clean and COA & POD is enabled. Should be fine right? Yes, now you should find that if you try logging in as the user a second time, the first one actually gets disconnected instead of simply passing no traffic.
by mducharme
Tue Aug 18, 2020 5:58 am
Forum: General
Topic: Duplicate PPOE sessions with '1>' at end - Yet One session per host is allowed only
Replies: 6
Views: 1286

Re: Duplicate PPOE sessions with '1>' at end - Yet One session per host is allowed only

Thank you for this info. Yes, the radius server is doing something called POD+Clean according to the settings in Splynx. Is this sufficient and correct? (screenshot below) <pppoe-jack@isp> <pppoe-jack@isp-1> <---- only this one has data flowing through. If only one has data, you should be OK. The s...
by mducharme
Fri Aug 14, 2020 3:12 am
Forum: General
Topic: Duplicate PPOE sessions with '1>' at end - Yet One session per host is allowed only
Replies: 6
Views: 1286

Re: Duplicate PPOE sessions with '1>' at end - Yet One session per host is allowed only

Any ideas? Hi, That is normal behaviour - one-session-per-host will allow a new session to connect but will automatically close the old session. For a split second there are two sessions, so the -1 is added on the new session and then the old session is closed a split second later due to the one-se...
by mducharme
Sun Aug 09, 2020 1:46 am
Forum: Beginner Basics
Topic: Unable to ping client PCs on IPv6 through TunnelBroker
Replies: 8
Views: 1776

Re: Unable to ping client PCs on IPv6 through TunnelBroker

I'm failing the ICMP test on ipv6-test.com and would like to get 20/20 just to brag to my ISP about how cool IPv6 is. The default IPv6 firewall configuration (at least, in its current iteration) allows all ICMPv6 basically. You should find "accept" rules in both the input and forward chai...
by mducharme
Sat Aug 08, 2020 3:29 am
Forum: Beginner Basics
Topic: I am utterly confused with this switch compared to cisco
Replies: 4
Views: 1064

Re: I am utterly confused with this switch compared to cisco

Some of these have already been replied to fairly well, so I just have a few comments. 3. Why is there a VLAN under bridge, and then VLAN's under interface. What is the difference? This is also done with Cisco with exactly the same distinction. On Cisco switches you have vlan definitions (ex. type &...
by mducharme
Thu Aug 06, 2020 3:16 am
Forum: Forwarding Protocols
Topic: Mpls performance on CCR1036-8G-2S.
Replies: 6
Views: 2012

Re: Mpls performance on CCR1036-8G-2S.

In our case, we run VPLS instead of EoIP wherever possible. Our network does not really have redundant paths - it is like a giant tree structure, with a trunk backbone and sites that spread out as branches from there, not connected to each other. In our case, the lack of fast reroute does not impact...
by mducharme
Wed Aug 05, 2020 3:46 am
Forum: RouterOS v7 BETA
Topic: local DNS blocked by firewall (bug?)
Replies: 6
Views: 1834

Re: local DNS blocked by firewall (bug?)

Isn't it incorrectly written or did I misunderstand, please? Example: To set 159.148.60.2 as the primary DNS server and allow the router to be used as a DNS server, do the following: You misunderstood. In the example, "159.148.60.2" would be the DNS server you want to use (ex. that of you...
by mducharme
Tue Aug 04, 2020 11:24 pm
Forum: RouterOS v7 BETA
Topic: local DNS blocked by firewall (bug?)
Replies: 6
Views: 1834

Re: local DNS blocked by firewall (bug?)

Your router should not be set to use itself as a DNS server. Under IP->DNS, verify that the only DNS server IPs entered are remote ones and not the router itself.
by mducharme
Tue Aug 04, 2020 9:25 pm
Forum: RouterOS v7 BETA
Topic: Feature Request - Wireguard Protocol
Replies: 165
Views: 55475

Re: Feature Request - Wireguard Protocol

Give them a bit of time at least - they have already basically said they are adding it.
by mducharme
Thu Jul 30, 2020 9:40 pm
Forum: Forwarding Protocols
Topic: MPLS/VPLS/MTU Question??
Replies: 3
Views: 1420

Re: MPLS/VPLS/MTU Question??

L2 MTU for the interfaces that carry MPLS labelled traffic has to be set to at least as high as the MPLS MTU for the network. The MikroTik default L2MTU is often around 1596 or so, we never bothered to lower this. We use an MPLS MTU of 1550 network-wide - it gives more flexibility in case we or the ...
by mducharme
Sat Jul 25, 2020 3:02 am
Forum: RouterOS v7 BETA
Topic: v7.1beta1 [development] is released!
Replies: 103
Views: 43511

Re: v7.1beta1 [development] is released!

RB951G-2HnD not working. Tried to upgrade from 6.46.6 by uploading .npk but it crashes entirely (no communication through LAN, no wi-fi). Fortunately after power reset it has switched to a second partition with 6.46.6, so no netinstall needed. You probably can't upgrade from 6.46.6. Only latest sta...
by mducharme
Thu Jul 23, 2020 11:03 am
Forum: RouterOS v7 BETA
Topic: OSPF routes marked invalid
Replies: 8
Views: 2177

Re: OSPF routes marked invalid

I am having this issue with only some of my OSPFv2 routes.

I have OSPFv2 routes across an L2TP tunnel to a RouterOS 6 device - these all show as invalid. I also have OSPFv2 routes to a RouterOS 6 device across an EoIP tunnel - these seem to work.
by mducharme
Sun Jul 19, 2020 3:23 am
Forum: RouterOS v7 BETA
Topic: IPv6 Radius Accounting Not Working for PPPOE Clients (Delegated Prefix)
Replies: 31
Views: 5077

Re: IPv6 Radius Accounting Not Working for PPPOE Clients (Delegated Prefix)

I Know they have not given any ETA, but atleast it gives all of us a hope. :) :D :) :D
They gave me this same response a year ago.
by mducharme
Fri Jul 17, 2020 1:38 am
Forum: General
Topic: Why does both L2MTU and MAX-L2MTU exist?
Replies: 11
Views: 2511

Re: Why does both L2MTU and MAX-L2MTU exist?

anyone? On a layer 2 network you may have another switch that cannot admit frames that are quite as large as what the others can. In that case you may want to limit all switches to an L2MTU equal to the least capable device you have. If you limit the L2MTU to a setting that the least capable device...
by mducharme
Thu Jul 16, 2020 7:44 am
Forum: RouterOS v7 BETA
Topic: IPv6 Radius Accounting Not Working for PPPOE Clients (Delegated Prefix)
Replies: 31
Views: 5077

Re: IPv6 Radius Accounting Not Working for PPPOE Clients (Delegated Prefix)

Do you have a ticket number?
I had ticket 2018070222004763 for this, but it was in the older OTRS system they used before they moved to JIRA.
by mducharme
Tue Jul 14, 2020 3:51 am
Forum: General
Topic: IPv6 with PPPoE dial to ISP - No browsing [SOLVED]
Replies: 13
Views: 2757

Re: IPv6 with PPPoE dial to ISP - No browsing [SOLVED]

Would this be on the PPPoE Interface? /interface pppoe-client add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 default-route-distance=1 dial-on-demand=no disabled=no interface=ether1-Fibre keepalive-timeout=10 max-mru=1480 max-mtu=1480 mrru=1600 name=ISP profile=default...
by mducharme
Mon Jul 13, 2020 8:17 am
Forum: General
Topic: IPv6 with PPPoE dial to ISP - No browsing [SOLVED]
Replies: 13
Views: 2757

Re: IPv6 with PPPoE dial to ISP - No browsing [SOLVED]

Probably an MTU issue. Try some pings with different packet sizes to determine what your MTU limit is. Usually the PPPoE client MTU limit is 1480 or 1492, but RFC 4368 PPPoE servers allow up to 1500 MTU, as long as your client is configured for 1500..
by mducharme
Mon Jul 13, 2020 4:49 am
Forum: General
Topic: DHCP + RADIUS - renew does not check RADIUS
Replies: 11
Views: 3678

Re: DHCP + RADIUS - renew does not check RADIUS

Someone figure out how to change DHCP Address list or Mikrotik-Rate-Limit using COA? MikroTik does not support CoA with DHCP RADIUS so this is impossible. As I said, your RADIUS server will have send a Session-Timeout value in the initial Access-Accept. If the renewal time for a new lease exceeds t...
by mducharme
Sun Jul 12, 2020 11:21 pm
Forum: RouterOS v7 BETA
Topic: OSPF problems
Replies: 4
Views: 2290

Re: OSPF problems

Yes, I had encountered this above issue. I figure it is actually caused by the missing "gateway" setting. IPv6 BGP has the same issue - missing "gateway" causes the route to be invalid, since how can a route have no gateway?
by mducharme
Fri Jul 10, 2020 12:05 am
Forum: Forwarding Protocols
Topic: MPLS labels missing in traceroute output [SOLVED]
Replies: 8
Views: 2061

Re: MPLS labels missing in traceroute output [SOLVED]

Here is a screenshot from putty, you can see I got the extra columns. I had to run the traceroute command after making the window bigger - if you run the traceroute command before you make the window bigger, the columns will not appear.
traceroute.PNG
by mducharme
Thu Jul 09, 2020 3:04 am
Forum: Forwarding Protocols
Topic: MPLS labels missing in traceroute output [SOLVED]
Replies: 8
Views: 2061

Re: MPLS labels missing in traceroute output [SOLVED]

In my environment I just get 8 columns
It hides the columns on the right if your terminal window is not wide enough to show them. Make your terminal window wider before running traceroute, or use the graphical traceroute in Winbox.
by mducharme
Thu Jul 09, 2020 2:35 am
Forum: RouterOS v7 BETA
Topic: IPv6 Radius Accounting Not Working for PPPOE Clients (Delegated Prefix)
Replies: 31
Views: 5077

Re: IPv6 Radius Accounting Not Working

The feature only exists when using DHCPv6 server outside of PPP/PPPoE situations. It is not yet implemented for PPPoE. We really want to see it implemented for PPPoE situations as well.
by mducharme
Thu Jul 09, 2020 2:33 am
Forum: RouterOS v7 BETA
Topic: missing routeros-mmips-7.0beta8.npk
Replies: 2
Views: 944

Re: missing routeros-mmips-7.0beta8.npk

Using the 'Check for Updates' feature under 6.48beta12 to upgrade to 7.0Beta8 results in the following message: missing routeros-mmips-7.0beta8.npk It should actually be trying to download: routeros-7.0beta8-mmips.npk That's normal. I believe they did that on purpose so that the average home user w...
by mducharme
Wed Jul 08, 2020 12:15 am
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 185
Views: 65329

Re: v6.48beta [testing] is released!

There will continue to be 6.X versions for the foreseeable future as not all the chip sets out there will be able to support the new linux kernel in 7.X What is not able to support the new linux kernel in v7? (other than really old devices, ex. mipsle) From what I have seen, any MikroTik model that...
by mducharme
Tue Jul 07, 2020 11:19 pm
Forum: RouterOS v7 BETA
Topic: v7.0beta8 [development] is released!
Replies: 180
Views: 69123

Re: v7.0beta8 [development] is released!

I work for a distributor and we have asked for this already last year.
by mducharme
Tue Jul 07, 2020 6:03 am
Forum: General
Topic: DHCP Offering Lease Without Success
Replies: 66
Views: 38255

Re: DHCP Offering Lease Without Success

I find in the vast majority of cases where I see this message, it is because the VLAN is allowed in one direction but not the other. When bridge VLAN filtering is used, if there is a VLAN accidentally missing from the config on one device and ingress filtering is not enabled, it is possible to have ...
by mducharme
Tue Jul 07, 2020 5:58 am
Forum: RouterOS v7 BETA
Topic: v7.0beta8 [development] is released!
Replies: 180
Views: 69123

Re: v7.0beta8 [development] is released!

Hi mducharme Thank You so much for your response. :D No problem - you might potentially be able to extend that script to pull the MAC for the logged in user by pulling the "Caller ID" for that username, and do a /tool fetch to a php page running on the radius server that could capture the...
by mducharme
Mon Jul 06, 2020 8:11 pm
Forum: RouterOS v7 BETA
Topic: v7.0beta8 [development] is released!
Replies: 180
Views: 69123

Re: v7.0beta8 [development] is released!


It is Still Not Working Normis.

We are getting only Remote Prefix but Not the Delegated IPv6 Prefix
This is because they only added support for DHCPv6 RADIUS accounting in that version where PPPoE is not used. If PPPoE is used, it is still not supported.
by mducharme
Mon Jul 06, 2020 8:09 pm
Forum: RouterOS v7 BETA
Topic: v7.0beta8 [development] is released!
Replies: 180
Views: 69123

Re: v7.0beta8 [development] is released!

Thank You so much for the reply @mducharme It would be really helpful if you can share the script. Thanks in Advance Schedule this to run every 5 minutes: /ipv6 dhcp-server binding; :foreach i in=[find server~"pppoe"] do={ make-static $i; set $i comment=[get $i server]; set $i server=all;...
by mducharme
Mon Jul 06, 2020 9:19 am
Forum: Announcements
Topic: v6.47 [stable] is released!
Replies: 349
Views: 107695

Re: v6.47 [stable] is released!

My hope. 6.46 - > long term 6.47 - > stable 6.48.. no, no more 6 series 7.01 - > testing +1, although it looks like there will be a 6.48beta b/c they need to have one in order to introduce point releases for 6.47. It is probably not a big deal for them to do this because most of the fixes can be ro...
by mducharme
Wed Jul 01, 2020 2:10 am
Forum: General
Topic: Doubt about PPPoE Local Address
Replies: 16
Views: 4087

Re: Doubt about PPPoE Local Address

Having a problem at a customer of mine, where say for example one of there links drops, with about 100 PPPoE users behind that, the PPPoE AC drops ALL PPPoE users This issue is most likely either caused by the presence of a masquerade rule, or OSPF not set up with a stub area and area range for PPP...
by mducharme
Wed Jul 01, 2020 1:10 am
Forum: General
Topic: Doubt about PPPoE Local Address
Replies: 16
Views: 4087

Re: Doubt about PPPoE Local Address

So my question is, must the local address be " static " configured to a physical / virtual interface? I would not use a dynamic IP for it of course (because how are you going to automatically change it in the PPP Profile if it changes?), so yes it should be a static IP that the router has...
by mducharme
Tue Jun 30, 2020 6:56 am
Forum: RouterOS v7 BETA
Topic: v7.0beta8 [development] is released!
Replies: 180
Views: 69123

Re: v7.0beta8 [development] is released!

Anyone????? What we do is run a script every 5 minutes that converts all DHCPv6 dynamic bindings (leases) to static bindings. We backup the config of our PPPoE concentrator every hour, and keep the backups for a very long time period. So, every customer gets the same prefix lease the next time, and...
by mducharme
Sat Jun 27, 2020 3:59 am
Forum: Beginner Basics
Topic: Clients behind 2nd Mikrotik
Replies: 4
Views: 1145

Re: Clients behind 2nd Mikrotik

My new setup is made of 1x LTE modem connected to HAP AC, from HAP AC cables to 3 HAP AC lite. DHCP is running on HAP AC while HAP AC Lites serve as access points for clients, no separate VLANa, DHCP configured for single subnet. If I'm connected to HAP AC is there a way to check which client is co...
by mducharme
Fri Jun 26, 2020 7:49 am
Forum: General
Topic: Doubt about PPPoE Local Address
Replies: 16
Views: 4087

Re: Doubt about PPPoE Local Address

Thank you very much for your excellent advice. Should the IP address chosen be added to an interface on the router? For example, if I use 10.0.0.1, should I make a bridge called loopback and add that IP to it? You should use an IP address that your router has on some interface, but it doesn't matte...
by mducharme
Fri Jun 26, 2020 2:48 am
Forum: Beginner Basics
Topic: Why "defconf: drop all not coming from LAN" are dropping these packets? [SOLVED]
Replies: 1
Views: 1337

Re: Why "defconf: drop all not coming from LAN" are dropping these packets? [SOLVED]

BR-ESXI is part of LAN interface list, so I'm trying to understand why this rule drop packets I do not expect it to drop. What is the better (proper) way of doing this? I'm assuming adding the individual VLANs to the LAN interface list instead of adding the bridge? In your case, adding BR-ESXI to t...
by mducharme
Fri Jun 26, 2020 2:13 am
Forum: General
Topic: ACL firewall problem (missing L2 EtherType)
Replies: 17
Views: 3723

Re: ACL firewall problem (missing L2 EtherType)

It seems there is a bug in ACL b/c I did use the "Tools / PacketSniffer" tool over interfaces=all, but all the mac-protocols it lists are already present in the ACL... Packet Sniffer runs on CPU, not hardware. You will need to temporarily disable hardware acceleration on the port(s) that ...
by mducharme
Thu Jun 25, 2020 10:57 pm
Forum: RouterOS v7 BETA
Topic: Request: Better visibility regarding SLAAC in V7
Replies: 8
Views: 2020

Re: Request: Better visibility regarding SLAAC in V7

Following is my ipv6 routes pic that shows all the routes I am using: ipv6routing.GIF Compare my ipv6 config against yours ...perhaps it may help You are using DHCPv6-PD client, that has always worked fine. I am talking about SLAAC, it is not the same thing. The DHCPv6 client is adding the default ...
by mducharme
Thu Jun 25, 2020 9:25 pm
Forum: RouterOS v7 BETA
Topic: Request: Better visibility regarding SLAAC in V7
Replies: 8
Views: 2020

Re: Request: Better visibility regarding SLAAC in V7

I am not running v7 but I do understand that v7 has the same capabilities as v6.47 ... I use ipv6 SLAAC and my address list does show all my global addresses As Sob says, I meant when the device receives an address via SLAAC, not when it provides one. In my case I have a MikroTik AP in addition to ...
by mducharme
Wed Jun 24, 2020 5:24 am
Forum: RouterOS v7 BETA
Topic: Request: Better visibility regarding SLAAC in V7
Replies: 8
Views: 2020

Request: Better visibility regarding SLAAC in V7

This is still happening in ROS v7: IPV6-slaac-mikrotik.PNG This is not only confusing but is a potential security issue. Since the device can ping ipv6.google.com, this means two things. First, the device has a global IPv6 address that does not appear in the IPv6->Addresses list. Second, the device ...
by mducharme
Sun Jun 21, 2020 2:57 am
Forum: General
Topic: Doubt about PPPoE Local Address
Replies: 16
Views: 4087

Re: Doubt about PPPoE Local Address

1. Could you please give me some reasons or standard/"good" practices to use when setting the Local IP address of the PPPOE profile. I have 8 routers in an ospf ring. 1 core at the main tower and the others are on towers working as edge routers, with pppoe termination of clients happening...
by mducharme
Fri Jun 19, 2020 8:11 pm
Forum: RouterOS v7 BETA
Topic: Upgrade issues
Replies: 3
Views: 1450

Re: Upgrade issues

Any insight as to what went wrong and how to resolve these issues? From my testing, CAPs running 7.0beta8 can be managed by 6.47 CAPsMAN, but not the other way around. In other words, if you are running 7.0beta8 CAPsMAN, any 6.47 CAPs will not function. The config structure is pretty much the same ...
by mducharme
Fri Jun 19, 2020 2:40 pm
Forum: RouterOS v7 BETA
Topic: Feature requests: improve dot1x and others
Replies: 8
Views: 3289

Re: Feature requests: improve dot1x and others

My features wish list:
  • dns: action redirect requests to external DNS (regex or domain filtering)
This is already in RouterOS as of 6.47 (FWD records in IP->DNS->Static).
by mducharme
Wed Jun 17, 2020 11:36 pm
Forum: RouterBOARD hardware
Topic: CRS112-8G-4S-IN - DC input/POE-out questions
Replies: 6
Views: 1252

Re: CRS112-8G-4S-IN - DC input/POE-out questions

Many thanks mkx I have not been able to interact with one of these units, so I am still a little confused. If I interpret your reply correctly, if both the 48 volt supply and the 18 volt supply are simultaneously attached and functioning, the POE outs will ONLY be 48V? If you plug in both 24V and 4...
by mducharme
Sun Jun 14, 2020 11:26 pm
Forum: RouterOS v7 BETA
Topic: IPv6 BGP routes unreachable [SOLVED]
Replies: 4
Views: 2067

Re: IPv6 BGP routes unreachable [SOLVED]

I found this as well. I believe it is caused by the fact that gateway is :: instead of the correct gateway. I have not yet learned why it happens or how to fix it.
by mducharme
Sat Jun 13, 2020 2:38 am
Forum: General
Topic: Pop up notice for specific customers
Replies: 4
Views: 873

Re: Pop up notice for specific customers

You can redirect to the notice, but it has to be http, not https. Browsers have a relatively new feature called "captive portal detection" which is meant to detect if you have such a redirection for http and send the user to the page. They should not get an insecure site warning as long as...
by mducharme
Tue Jun 09, 2020 8:53 pm
Forum: RouterOS v7 BETA
Topic: ROSv7 documentation/ config guides
Replies: 14
Views: 4036

Re: ROSv7 documentation/ config guides

Passive and authentication parameters are there but not working at te moment, so it will not be a step back. OK, but I'm not just talking about those - I am asking about the "all" option that we have in RouterOS 6. I use this all the time in OSPFv2 and OSPFv3 to make interfaces passive by...
by mducharme
Tue Jun 09, 2020 4:02 am
Forum: RouterOS v7 BETA
Topic: ROSv7 documentation/ config guides
Replies: 14
Views: 4036

Re: ROSv7 documentation/ config guides

Some basic stuff to start with ROSv7 routing config: https://help.mikrotik.com/docs/display/ROS/ROSv7+Basic+Routing+Examples So with OSPF how does this work now? Redistribution used to create external type 5 LSAs, and if you added the network to advertise to the networks list as passive you would g...
by mducharme
Tue Jun 09, 2020 2:39 am
Forum: RouterOS v7 BETA
Topic: RouteOS v7beta8 vs RB4011iGS+5HacQ2HnD-IN
Replies: 2
Views: 1177

Re: RouteOS v7beta8 vs RB4011iGS+5HacQ2HnD-IN

I wonder if you have a faulty device? I have this same device and 6.47 works fine and I was able to upgrade 6.47 to 7.0beta8.
by mducharme
Mon Jun 08, 2020 6:29 am
Forum: RouterOS v7 BETA
Topic: v7.0beta8 [development] is released!
Replies: 180
Views: 69123

Re: v7.0beta8 [development] is released!

my router stopped responding until I have disconnected cable from internet. Thank you for this - I am having the same issue on my smips device (hAP mini). It is running 7.0beta8. I am not using it as a router so I had ether1 connected but it refused to connect via winbox or terminal (ssh/telnet). I...
by mducharme
Mon Jun 08, 2020 4:29 am
Forum: RouterOS v7 BETA
Topic: v7.0beta8 [development] is released!
Replies: 180
Views: 69123

Re: v7.0beta8 [development] is released!

5GHz interface on RB4011 wifi model is not working in 7.0beta8. It is in ap bridge mode. Scan shows nothing, devices do not see the SSID. I have 6.47 on another partition on the same device and rebooting to that makes it work again. The 2.4GHz interface works fine in either. Strangely, my Audience w...
by mducharme
Sun Jun 07, 2020 4:31 am
Forum: General
Topic: IPv6 SLAAC
Replies: 4
Views: 1741

Re: IPv6 SLAAC

Is it possible for a Mikrotik router to receive a public IPv6 IP with SLAAC? Yes - in Winbox, you have to go into IPv6->Settings and change the "Accept Router Advertisements" setting from "Yes, if forwarding disabled" to "Yes". However, it will not show you the address...
by mducharme
Sun Jun 07, 2020 1:24 am
Forum: RouterOS v7 BETA
Topic: ROSv7 documentation/ config guides
Replies: 14
Views: 4036

Re: ROSv7 documentation/ config guides

There is no equivalent. If you did not specify output filter chain in the templae, then all routes from the routing table is being advertised. If you specify output chain then by default chain blocks everything. You need to configure filters to accept prefixes you want to advertise from routing tab...
by mducharme
Sun Jun 07, 2020 12:59 am
Forum: RouterOS v7 BETA
Topic: OSPFv2 over L2TP
Replies: 0
Views: 746

OSPFv2 over L2TP

Hello, I am experiencing an issue with OSPFv2 over L2TP tunnels. I'm not sure if I'm doing something wrong or if it is a bug. It comes up as point-to-point and I receive all routes, but they are all invalid. Looking at the routes, I see the gateway is the PPP interface (which is correct) but immedia...
by mducharme
Fri Jun 05, 2020 7:52 pm
Forum: RouterOS v7 BETA
Topic: ROSv7 documentation/ config guides
Replies: 14
Views: 4036

Re: ROSv7 documentation/ config guides

I have peering up, but I can't seem to figure out how to advertise things. What is the equivalent of v6's "/routing bgp network" on v7?
by mducharme
Fri Jun 05, 2020 2:15 am
Forum: RouterOS v7 BETA
Topic: v7.0beta8 [development] is released!
Replies: 180
Views: 69123

Re: v7.0beta8 [development] is released!

After a clean ros7b8 netinstall on my hAP lite classic I couldn't access it via winbox or putty. Winbox, after logging in and after " something (forgot what) descriptors" phase says "ERROR: cannot open source file". In putty I can login, but after ROS logo there's nothing I can ...
by mducharme
Wed Jun 03, 2020 1:11 am
Forum: Forwarding Protocols
Topic: MPLS - Labels dropping after outage
Replies: 6
Views: 1512

Re: MPLS - Labels dropping after outage

I have experienced this multiple times. I logged a ticket with Mikrotik and got the usual "Fixed in v7" answer.
OSPF is completely rewritten in v7 so I would be surprised if this bug still affects v7. There probably will be some all-new bugs to contend with, though (fun fun).
by mducharme
Tue Jun 02, 2020 12:06 am
Forum: Forwarding Protocols
Topic: MPLS - Labels dropping after outage
Replies: 6
Views: 1512

Re: MPLS - Labels dropping after outage

We have this issue not caused by MPLS but by OSPF. Occasionally after an outage, we are missing some OSPF routes for loopbacks. Our VPLS tunnels are between loopbacks of course and so if we are missing a /32 route in either direction it doesn't come up. The OSPF route that is missing always appears ...
by mducharme
Tue May 26, 2020 8:35 pm
Forum: General
Topic: PPPoE and OSPF drops
Replies: 20
Views: 4427

Re: PPPoE and OSPF drops

Thank you. The current firmware is 6.46.6 which is the current latest stable version. Also watching /tool profile when around 10 pppoe sessions are manually disconnected nothing is spiking up very high, total rarely goes over 10% with none of the individual processes going much higher than 3 or 4%....
by mducharme
Tue May 26, 2020 8:09 pm
Forum: Forwarding Protocols
Topic: [Stability] Multiple PPPoE servers (+10) at the same router - Is there any alternatives?
Replies: 3
Views: 1586

Re: [Stability] Multiple PPPoE servers (+10) at the same router - Is there any alternatives?

We use the bridged setup with horizon set. Our PPPoE concentrator has a few special PPPoE servers that need to go to separate RADIUS servers vs. our regular RADIUS servers. As a result each PPPoE server instance needs to have a matching RADIUS server entry with the RADIUS server's Called-ID matching...
by mducharme
Fri May 22, 2020 7:35 pm
Forum: RouterOS v7 BETA
Topic: V7 questions?
Replies: 34
Views: 8377

Re: V7 questions?

One can of course also buy a brand new CSS326 for $139 or a CRS326 for $189 and try to use it with an alternative OS. It would have to be the CRS - the CSS has a much smaller flash that would only admit the comparatively tiny SwOS (2MB instead of 16MB). Even though the CRS *may* work, you are poten...
by mducharme
Fri May 22, 2020 6:19 pm
Forum: RouterOS v7 BETA
Topic: V7 questions?
Replies: 34
Views: 8377

Re: V7 questions?

24 port RJ45 patch panel, for under $30, for example: https://www.ebay.de/itm/19-Patchpanel-Cat-6-250MHz-24-Port-1HE-RJ45-geschirmt-schwarz-1GB-ProfiPatch/252297831908?hash=item3abe1f65e4:g:OvcAAOSwsEteqZ~N Patch panels don't have any electronics at all, they are basically passive pass-thru systems...
by mducharme
Thu May 21, 2020 9:36 pm
Forum: RouterOS v7 BETA
Topic: V7 questions?
Replies: 34
Views: 8377

Re: V7 questions?

@mducharme, it's technically a router with 24+ independent ports. How is this panel with all the ports usually called? I called it simply a "switch panel", but no, it does not need to be a switch. I don't know what you mean by "panel with all the ports". You can buy 4 port PCIe ...
by mducharme
Thu May 21, 2020 3:44 am
Forum: RouterOS v7 BETA
Topic: V7 questions?
Replies: 34
Views: 8377

Re: V7 questions?

@mducharme, just a switch panel with 24+ GbE ports with PCIe3 x16 interface would do it too: just install the adapter in a PC and connect the panel to that adapter (don't know which type of cabling is used for that), and ready you are: eth0, eth1 ... eth24. But where to find such a switch panel wit...
by mducharme
Tue May 19, 2020 7:47 pm
Forum: RouterOS v7 BETA
Topic: V7 questions?
Replies: 34
Views: 8377

Re: V7 questions?

@mducharme, thanks for your comments, but I already have made my mind up. Outsiders seem to have a hard time to follow my thoughts and requirements. Never mind. Case closed. For one thing you never explained your requirements, they are vague, some "special use-case" and you posted the oth...
by mducharme
Tue May 19, 2020 7:29 pm
Forum: RouterOS v7 BETA
Topic: V7 questions?
Replies: 34
Views: 8377

Re: V7 questions?

I already told: I need a central firewall on the switch, not on the router, because of performance reasons, as well to monitor also all the traffic inside the LAN for any possible "anomalies"... "Performance reasons" simply means that your router is not powerful enough and you n...
by mducharme
Tue May 19, 2020 6:54 pm
Forum: RouterOS v7 BETA
Topic: V7 questions?
Replies: 34
Views: 8377

Re: V7 questions?

I need access to Linux for running own code written in C/C++ to implement the low-level part for an own high-performing advanced central firewall on switch devices (not router). Ie. our requirement is a very special use-case, not necessarily a mainline use-case. You have talked about this before, b...
by mducharme
Mon May 18, 2020 8:21 am
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 3905

Re: IPv6 with TunnelBroker: How to create isolated subnets?

Also, please make sure your RouterBOOT firmware is updated in /system routerboard
by mducharme
Mon May 18, 2020 1:03 am
Forum: General
Topic: DHCP offered but never bound
Replies: 3
Views: 1364

Re: DHCP offered but never bound

No one has the clue? The device is not accepting the offer. You may have one way communication (broadcast from the device can reach the DHCP server but the response packet from DHCP server cannot reach the device). It is also possible that the device is ignoring the offer because maybe it has gotte...
by mducharme
Sun May 17, 2020 11:17 pm
Forum: General
Topic: PPPoE and OSPF drops
Replies: 20
Views: 4427

Re: PPPoE and OSPF drops

I will watch the /tool profile and see what I can find out when I drop a few of them. I have to do this in maintenance windows since its service affecting for all OSPF to go down, I will report back with my findings. Thank you. Also make sure your Routerboot firmware is up to date in /system router...
by mducharme
Sun May 17, 2020 10:59 pm
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 3905

Re: IPv6 with TunnelBroker: How to create isolated subnets?

One correction to the above - leave pvid at the default of "1" for any bridge ports where they are supposed to be trunk ports to switches, carrying only tagged vlans. Thank you mducharme that's a lot of information to consume. It will take me a while to get that processed through. Meanwhi...
by mducharme
Sun May 17, 2020 5:55 am
Forum: RouterOS v7 BETA
Topic: UI/UX On WinBox
Replies: 23
Views: 4807

Re: UI/UX On WinBox

It's not just looks vs. functionality, it's also what exactly you want to have. I would not want to give up Winbox by any means - however: I think there is the possibility for wireless configuration that there may be something in between Winbox (individual advanced settings for everything) and Quic...
by mducharme
Sun May 17, 2020 2:35 am
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 3905

Re: IPv6 with TunnelBroker: How to create isolated subnets?

One correction to the above - leave pvid at the default of "1" for any bridge ports where they are supposed to be trunk ports to switches, carrying only tagged vlans.
by mducharme
Sun May 17, 2020 2:22 am
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 3905

Re: IPv6 with TunnelBroker: How to create isolated subnets?

You might also consider reverting back your ipv6 nd config settings to the default entirely as there is really no issue with using the default settings. Advertisements shouldn't be sent out unless adveritse=yes is enabled for the IPv6 address, so there is not generally a need to control ipv6 nd per ...
by mducharme
Sun May 17, 2020 2:10 am
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 3905

Re: IPv6 with TunnelBroker: How to create isolated subnets?

There's a VLAN 14 that I was trying to use as the replacement for untagged, but it is not being used. One thing I am wondering about is the IGMP snooping. IPv6 uses multicast instead of broadcast for advertisements. I haven't tried using IGMP snooping before (never had a need) so I wasn't sure how ...
by mducharme
Sat May 16, 2020 11:10 pm
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 3905

Re: IPv6 with TunnelBroker: How to create isolated subnets?

So as I could tell, it's either the router or the laptop. I don't exactly think it's the laptop because that would mean either Windows 10 or Intel and Realtek did this wonky thing. I guess I will have to look into VLAN everything? At this point I would do an /export hide-sensitive and paste here, t...
by mducharme
Sat May 16, 2020 8:43 pm
Forum: General
Topic: PPPoE and OSPF drops
Replies: 20
Views: 4427

Re: PPPoE and OSPF drops

Thank you for the reply. We have no masquerade rules only dst nat and src nat. We also have the stub area for the pppoe ips and the passive default as well already. That sounds fine - do have an OSPF area range configured for the PPPoE customers? What does the Profiler show when a few PPPoE custome...
by mducharme
Sat May 16, 2020 1:18 pm
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 3905

Re: IPv6 with TunnelBroker: How to create isolated subnets?

The new style bridge VLAN - I thought about this no default VLAN 1 idea a while ago and tried a bit but messed things up. Is there a good article on implementing this on Mikrotik RouterOS? I was not sure how to handle the edge where VLAN eventually has to be converted to untagged to be compatible w...
by mducharme
Sat May 16, 2020 12:46 pm
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 3905

Re: IPv6 with TunnelBroker: How to create isolated subnets?

I see what you meant now. This will require a bit more effort and I will try to find some time to conduct this test. Yes I do have DHCPv4 servers on both subnets. I actually thought about this and tried to observe - I could find one or two switches on the network grab a VLAN 59 address but they are...
by mducharme
Sat May 16, 2020 11:38 am
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 3905

Re: IPv6 with TunnelBroker: How to create isolated subnets?

I cannot figure out what leaked the broadcast this time. There's nothing on my network even knows a VLAN 59 except the router itself. Unless you have some device that is just removing all VLAN tags from packets that arrive with a tag. Again, I didn't say to remove VLAN 59 from the switches. I said ...
by mducharme
Sat May 16, 2020 2:31 am
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 3905

Re: IPv6 with TunnelBroker: How to create isolated subnets?

I am aware of the issue with mixed tagged and untagged network. I don't think I have anything like that on my network. However, is there a way for me to diagnose this kind of issue, like to isolate where the issue could happen? What I would do temporarily is disconnect your switches from the router...
by mducharme
Sat May 16, 2020 1:58 am
Forum: General
Topic: PPPoE and OSPF drops
Replies: 20
Views: 4427

Re: PPPoE and OSPF drops

Hello I have a strange issue happening on one of our routers. It is a CCR1072-1G-8S+ currently serving ~250 PPPoE connections. The issue is whenever 5 or more PPPoE connections are dropped at the same time the log will fill up with already active closing previous one multiple times over and over. A...
by mducharme
Sat May 16, 2020 1:03 am
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 3905

Re: IPv6 with TunnelBroker: How to create isolated subnets?

I am not aware of switches on the network could do bridging between VLAN and untagged. But I do have a bunch of "smart managed" switches on the network. The VLAN 59 is created by configuring ports on one of the switches to untag VLAN 59 and PVID 59. I am not 100% sure but I don't think th...
by mducharme
Fri May 15, 2020 11:31 pm
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 3905

Re: IPv6 with TunnelBroker: How to create isolated subnets?

Here it is: That all looks fine too. Please note that "/interface bridge vlan" doesn't do anything without having Bridge VLAN filtering enabled. You are using old-style bridging/VLAN configuration instead of bridge vlan filtering, so that setting has no impact. Is there some other device ...
by mducharme
Fri May 15, 2020 11:03 pm
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 3905

Re: IPv6 with TunnelBroker: How to create isolated subnets?

Thanks - as that is what I thought but I don't know what I did wrong. So currently my VLAN is done as a VLAN interface attached on the bridge that includes all my LAN interfaces. Something like this: # NAME MTU ARP VLAN-ID INTERFACE 3 R bridge1-lan-vlan0059 1500 enabled 59 bridge1-lan And then this...
by mducharme
Fri May 15, 2020 10:45 pm
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 3905

Re: IPv6 with TunnelBroker: How to create isolated subnets?

I notice that before any setup, the computer on the VLAN can actually get IPv6 configuration. I don't think this is right because I tried to attach IPv6 Address only on my main network interface. And when I try to create one set of configuration for my VLAN, I found that both the main network and V...
by mducharme
Fri May 15, 2020 7:53 pm
Forum: General
Topic: Mikrotik DHCP lease time with Ubiquiti and wireless routers
Replies: 16
Views: 2400

Re: Mikrotik DHCP lease time with Ubiquiti and wireless routers

So the Ubnt radio is the problem, or the home router? Should I have the same or different renew times on everything, or does it even matter? Or should I just bridge the Ubnt user radio and let the Mikrotik hand the IP straight to the users router? Lease times shouldn't really matter. If the end use...
by mducharme
Fri May 15, 2020 7:31 pm
Forum: General
Topic: Mikrotik DHCP lease time with Ubiquiti and wireless routers
Replies: 16
Views: 2400

Re: Mikrotik DHCP lease time with Ubiquiti and wireless routers

2 DHCP servers on one bridged network. That will create confilcts! One DHCP server will send NACK to the client for an address leased by the other.. I also see only one IP address pool, so who owns the pool.? From reading above I don't think there are 2 DHCP servers on the same bridged network here...
by mducharme
Fri May 15, 2020 7:17 pm
Forum: General
Topic: Mikrotik DHCP lease time with Ubiquiti and wireless routers
Replies: 16
Views: 2400

Re: Mikrotik DHCP lease time with Ubiquiti and wireless routers

I don't understand how this could be a MikroTik problem either - if the only problem is that the Ubiquiti radio is not giving DHCP leases to the clients on the LAN port, surely that is a Ubiquiti issue and not anything to do with MikroTik?
by mducharme
Thu May 14, 2020 11:19 pm
Forum: Beginner Basics
Topic: IPV6 setup [SOLVED]
Replies: 7
Views: 2389

Re: IPV6 setup [SOLVED]

I guess something is not quite initialized with ND on the 1st run after reset so it needs a slight "kick" to get it running properly. That makes more sense - I have periodically encountered neighbor discovery issues that a reboot fixes. I never traced them to the first boot after reset th...
by mducharme
Thu May 14, 2020 1:25 am
Forum: Beginner Basics
Topic: IPV6 setup [SOLVED]
Replies: 7
Views: 2389

Re: IPV6 setup [SOLVED]

It got working fine :-) ping6 to Internet sites works OK from my Client PC. The key was tweaking ND: either disabling interface=all; or disabling all and adding a new on interface=bridge worked OK for me. I followed the following article: https://www.medo64.com/2018/03/setting-ipv6-on-mikrotik/ Onc...
by mducharme
Wed May 13, 2020 4:33 am
Forum: Beginner Basics
Topic: IPV6 setup [SOLVED]
Replies: 7
Views: 2389

Re: IPV6 setup [SOLVED]

Can your MikroTik itself ping to the Internet via IPv6? If it can, try pinging to the Internet from the MikroTik itself with src-address set to the ipv6 address that you have on bridge. If both work, the problem is that the workstation is not properly set up for IPv6 address auto configuration (SLAA...
by mducharme
Wed May 13, 2020 1:56 am
Forum: RouterOS v7 BETA
Topic: List of devices which will run v7?
Replies: 3
Views: 1710

Re: List of devices which will run v7?

You may have to netinstall it - I had trouble getting it on my hAP mini, wouldn't install due to low disk space.
by mducharme
Tue May 12, 2020 10:36 pm
Forum: Beginner Basics
Topic: IPV6 setup [SOLVED]
Replies: 7
Views: 2389

Re: IPV6 setup [SOLVED]

I found several discussions about IPv6 within this forum but still I'm unable to figure out how to properly configure it and make it work.
You need to give your router's bridge interface an IP from the prefix pool:
/ipv6 address
add address=::1 from-pool=my-ipv6-pool-1 interface=bridge
by mducharme
Tue May 12, 2020 5:11 am
Forum: RouterOS v7 BETA
Topic: Question: Multi-thread BGP
Replies: 9
Views: 3822

Re: Question: Multi-thread BGP

I don't fully understand the syntax, but: /routing fantasy add comment=test count=1000 dealer-id=1000 dst-address=12.0.0.0/8 gateway=192.168.88.1 instance-id=1 name=fantasy-test prefix-length=32 \ priv-offs=1000 priv-size=100 seed=mducharme use-hold=no creates 1000 random /32 routes within 12.0.0.0/...