Community discussions

Search found 799 matches

by mducharme
Fri Oct 18, 2019 8:59 am
Forum: Wireless Networking
Topic: Slow 5GHz
Replies: 1
Views: 127

Re: Slow 5GHz

You're using local forwarding = no which has a big negative impact on performance.
by mducharme
Wed Oct 16, 2019 6:31 am
Forum: Scripting
Topic: dns to address lists scripts.
Replies: 10
Views: 9497

Re: dns to address lists scripts.

What is the point in using that script today? Address lists have built in support for DNS.
by mducharme
Tue Oct 15, 2019 7:37 am
Forum: Forwarding Protocols
Topic: HTTP Downloads cancels when LDP enabled
Replies: 4
Views: 397

Re: HTTP Downloads cancels when LDP enabled

What is your advertise filter set to?
by mducharme
Fri Sep 27, 2019 2:28 am
Forum: RouterOS v7 BETA
Topic: RouterOS v7.0beta2 bug fund
Replies: 9
Views: 1901

Re: RouterOS v7.0beta2 bug fund

If it were not locked, people might reply to the bug report instructions post with their bug report. The bugs are supposed to be submitted as new posts in the main forum, not as replies to the bug report instructions.
by mducharme
Wed Sep 04, 2019 9:59 pm
Forum: RouterBOARD hardware
Topic: WAPG60ADM new 60 GHz product
Replies: 17
Views: 2373

Re: WAPG60ADM new 60 GHz product

Yes, M could be for Mesh possibly. Could it be for Terragraph?

https://terragraph.com/

https://blog.mikrotik.com/announcements ... graph.html
by mducharme
Mon Sep 02, 2019 9:23 pm
Forum: Announcements
Topic: Suggestions requested: general hotspot controller improvements in functionality
Replies: 11
Views: 1926

Re: Suggestions requested: general hotspot controller improvements in functionality

I know this is an older topic now but I have some feedback. I would like to see some kind of built-in option for hours of operation - I was able to work around this outside of the Hotspot system with firewall rules matching on the date and time and blocking traffic (redirecting to web proxy) when it...
by mducharme
Fri Aug 30, 2019 12:21 am
Forum: Forwarding Protocols
Topic: OSPFv3 adjacency with Cisco routers
Replies: 2
Views: 465

Re: OSPFv3 adjacency with Cisco routers

I suspect that the CCR is getting confused by the fact that the same router has the same routerID and same link-local address on both interfaces. Is this the case? Yes - MikroTik OSPFv3 currently uses the neighbor device's link local address as the sole unique identifier for the neighbor relationsh...
by mducharme
Sun Aug 25, 2019 10:59 pm
Forum: General
Topic: Hotspot and HTTPS? What solutions?
Replies: 53
Views: 5583

Re: Hotspot and HTTPS? What solutions?

But recently, I added a Windows 10 machine on the network which does NOT have IPv6, no address, no RA, no DHCPv6 server, and it had connectivity problems. Looking in "ipconfig /all" I saw that it had obtained 3 IPv6 addresses belonging to the 3 networks it isn't connected to! For now I disabled the...
by mducharme
Sun Aug 25, 2019 5:25 am
Forum: General
Topic: Hotspot and HTTPS? What solutions?
Replies: 53
Views: 5583

Re: Hotspot and HTTPS? What solutions?

I don't run IPv6 anywhere yet but knowing about this helps greatly because there may be a server which has had DHCPv4 turned off, but DHCPv6 was forgotten and left on. Or a router got installed that had IPv6 package installed for testing and again same problem. A router with the IPv6 package simply...
by mducharme
Sun Aug 25, 2019 4:12 am
Forum: General
Topic: Hotspot and HTTPS? What solutions?
Replies: 53
Views: 5583

Re: Hotspot and HTTPS? What solutions?

No problem. Related to this, I just found this page here has a MikroTik DNS "fix" for captive portal issues: https://socifi-doc.atlassian.net/wiki/spaces/SC/pages/94601401/Mikrotik+DNS+Fix+to+keep+Android+Splash+Page+and+the+Captive+Portal+Notification+active Why do they need a DNS "fix"? Their SOCI...
by mducharme
Sun Aug 25, 2019 3:45 am
Forum: General
Topic: Hotspot and HTTPS? What solutions?
Replies: 53
Views: 5583

Re: Hotspot and HTTPS? What solutions?

But as I keep saying, I want some actual information on this. Not just 'it should work' HOW does it work? I would like information on how all devices detect hotspot in the first place. Not just a brief overview of "they try and connect to a site and if it fails it'll show you the login page" that d...
by mducharme
Sun Aug 18, 2019 10:19 am
Forum: General
Topic: SNMP doesn't work with asymmetric routes?
Replies: 32
Views: 7333

Re: SNMP doesn't work with asymmetric routes?

I found another 'workaround' for this in case setting src-address doesn't work for you (perhaps you have an IP through DHCP)

/ip firewall mangle add action=mark-routing chain=output new-routing-mark=main passthrough=yes protocol=udp src-port=161
by mducharme
Sat Aug 17, 2019 2:06 pm
Forum: General
Topic: Hotspot and HTTPS? What solutions?
Replies: 53
Views: 5583

Re: Hotspot and HTTPS? What solutions?

My main focus here is not in actually trying to redirect HTTPS, I really honestly don't give a flying stuff about that The real issue is simply when hotspot detection fails, the user gets no prompt or no notification in any way that they need to first 'sign in' and the normal behavior is they just ...
by mducharme
Fri Aug 02, 2019 9:07 pm
Forum: General
Topic: CRS317-1G-16S+RM as storage switch
Replies: 4
Views: 651

Re: CRS317-1G-16S+RM as storage switch

The concern that I would have is that iSCSI traffic is very bursty and I have heard that switches with large buffers are important for good iSCSI performance. I have not seen any information regarding buffer size with the MikroTik switches. We use the CRS317 for have other applications, but have not...
by mducharme
Thu Jul 25, 2019 7:57 pm
Forum: Announcements
Topic: v6.44.5 [long-term] is released!
Replies: 97
Views: 34027

Re: v6.44.5 [long-term] is released!

Updateing to 6.44.5 brings a problem with PPOE Server. Using a Remote Address in PPP Secret which is from a pool this address is not reserved/blocked. So PPPOE-Server uses this IP twice. Hard to find the problem as pings alway go through from the server side but customers complain like mad. So the ...
by mducharme
Fri Jul 19, 2019 8:16 pm
Forum: Announcements
Topic: v6.44.5 [long-term] is released!
Replies: 97
Views: 34027

Re: v6.44.5 [long-term] is released!

I got problem with dhcp-relay , after upgrade my client cannot get address.
Now I downgrade to version 6.43.16 it work fine.
FYI we have tested this on our devices - DHCP relay is working fine for us on 6.44.5.
by mducharme
Tue Jul 16, 2019 12:39 am
Forum: Forwarding Protocols
Topic: PPPoE over VPLS Tunnel - Client Ping mac server pppoe but it does not connect
Replies: 6
Views: 678

Re: PPPoE over VPLS Tunnel - Client Ping mac server pppoe but it does not connect

When you do ping, its travel via IP protocols with ospf support. Try to look at your mpls LSP to your pppoe server. Dont work. In R3 adding an IP and pinged to R1. But if I add this ip on the client that is on the R3 bridge I can not ping. You'll have to share more of your config to get proper assi...
by mducharme
Sat Jul 13, 2019 7:51 pm
Forum: General
Topic: Routing Question: Not able to get 1 gbps through our gateway with our router inline can without it
Replies: 4
Views: 591

Re: Routing Question: Not able to get 1 gbps through our gateway with our router inline can without it

It's a multi thread test such as speedtest.net I have also worked with my upstream provider to setup a speedtest called truespeed this is a test from their data center to my gateway. Same poor results on both test. Hooked directly to their copper gateway port I get tcp throughput in the 940mbps are...
by mducharme
Thu Jul 11, 2019 10:12 pm
Forum: Forwarding Protocols
Topic: OSPF Loopback + MPLS Loopback
Replies: 7
Views: 1224

Re: OSPF Loopback + MPLS Loopback

The main reason why you would want to do something like this is if you wanted to have traffic from loopback to loopback that didn't have an MPLS label. If the advertisement filter is set to only advertise the MPLS loopbacks and not the other loopback, you can use the other loopback for cases where y...
by mducharme
Thu Jul 11, 2019 10:07 pm
Forum: Announcements
Topic: v6.46beta [testing] is released!
Replies: 107
Views: 39610

Re: v6.46beta [testing] is released!

3) Update server to the v6.45beta9;
4) Then update all the hosts to the v6.45beta9;
Don't you mean v6.46beta9?
by mducharme
Thu Jul 11, 2019 3:54 am
Forum: General
Topic: DHCPd specific IP addresses to specific physical ETHx ports.
Replies: 5
Views: 491

Re: DHCPd specific IP addresses to specific physical ETHx ports.

I don't believe proxy ARP is a good solution for your needs, it is a bit of a hack. You are better off assigning subnets to each port (i.e. allocate a bunch of /30 subnets) and set up a dhcp server for each.
by mducharme
Mon Jul 08, 2019 5:40 am
Forum: Beginner Basics
Topic: QoS question.
Replies: 4
Views: 430

Re: QoS question.

You can try this: viewtopic.php?f=9&t=129294

That is not a typical feature for QoS, but it looks like someone has implemented it.
by mducharme
Mon Jul 08, 2019 5:20 am
Forum: Beginner Basics
Topic: QoS question.
Replies: 4
Views: 430

Re: QoS question.

Is this a MIkrotik limitation or a QoS limitation in general? How other vendors handle this? This is a general QoS limitation. With all products you need to enter a maximum rate and they use this to determine if the upstream provider is congested. If you are below this maximum rate and the provider...
by mducharme
Mon Jul 08, 2019 12:41 am
Forum: Forwarding Protocols
Topic: OSPF Force path for specific subnet
Replies: 6
Views: 663

Re: OSPF Force path for specific subnet

Can you run two instances of OSPF between the same two routers (with multiple loopback addresses, etc) and make this work?
Possibly, but that would be a really strange setup. It is very unusual to establish OSPF neighbor with another ISP. You would typically use BGP in this role.
by mducharme
Sun Jul 07, 2019 9:20 pm
Forum: General
Topic: Bridge is resetting CoS to 0 (was: Setting CoS from DSCP on PPPoE server)
Replies: 8
Views: 806

Re: Bridge is resetting CoS to 0 (was: Setting CoS from DSCP on PPPoE server)

Another thing I didn't mention is that after this VLAN-tagged PPPoE frame leaves the PPPoE NAS, it gets shoved into a VPLS tunnel. And the thing that kills me is that there is a CLEAR inconsistency between how ROS treats priority when it comes to MPLS EXP and how it treats priority when it comes to...
by mducharme
Sun Jul 07, 2019 9:09 pm
Forum: Beginner Basics
Topic: QoS question.
Replies: 4
Views: 430

Re: QoS question.

is there any way to set aside 2 Mbits for certain type of traffic (VoIP for example) , regardless of the total available bandwidth? I want to make sure certain traffic gets at least 2 Mbits, leaving the rest for anything else (web browsing, email, chat, etc) No - you might be able to build a script...
by mducharme
Sun Jul 07, 2019 3:27 am
Forum: Forwarding Protocols
Topic: OSPF Force path for specific subnet
Replies: 6
Views: 663

Re: OSPF Force path for specific subnet

Any other option? Another routing protocol? multiple OSPF instances perhaps?
You might be able to do this with BGP, depending on your topology.
by mducharme
Mon Jul 01, 2019 9:56 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 70036

Re: v6.45.1 [stable] is released!

The API logins were broken in the last beta of 6.45 as well. Is it related to the removal of the old unencrypted password store?
by mducharme
Thu Jun 27, 2019 4:04 am
Forum: General
Topic: Routing a Block of Public IP Addresses
Replies: 37
Views: 2323

Re: Routing a Block of Public IP Addresses

Does this look right?
John
Yes, that looks good to me, and correct. Should work fine.
by mducharme
Wed Jun 26, 2019 6:08 pm
Forum: General
Topic: Routing a Block of Public IP Addresses
Replies: 37
Views: 2323

Re: Routing a Block of Public IP Addresses

Or would this be more correct: Edge Router route: Destination Address: 198.1.2.128/29 Gateway Address: 10.0.247.101 where 198.1.2.128/29 sets up 6 usable IP addresses and routes those to the Network 2 (which is the first Site Router network) Destination Address: 198.1.2.136/29 Gateway Address: 10.0...
by mducharme
Wed Jun 26, 2019 5:41 pm
Forum: General
Topic: Routing a Block of Public IP Addresses
Replies: 37
Views: 2323

Re: Routing a Block of Public IP Addresses

And I made a mistake. It's 198.1.2.128/26, not /29. John If it is a /26, then you can do it the normal way and split that up across multiple site routers - as long as you only have a few "sites", the trade-off is not bad. The advantage is this will work with any router and is the normal way so it i...
by mducharme
Wed Jun 26, 2019 5:15 pm
Forum: General
Topic: Routing a Block of Public IP Addresses
Replies: 37
Views: 2323

Re: Routing a Block of Public IP Addresses

No, the 38.1.2.128/29 range is provided by the upstream provider as a 'transport' only. The client 'block is the 198.1.2.128/29 range. Right, sorry, misread your last post. I meant 198.1.2.128/29 Something else that others, with whom I've spoken to about this subject, had mentioned was the necessit...
by mducharme
Wed Jun 26, 2019 7:45 am
Forum: Forwarding Protocols
Topic: MPLS over GRE MTU question
Replies: 8
Views: 813

Re: MPLS over GRE MTU question

So you're saying the MPLS L2MTU is the GRE tunnels' 1500-24? So I have to use the IP MTU of the GRE tunnel to determine the L2MTU of MPLS? A GRE packet is never going to grow above the IP MTU of the interface that it is sent over. I am assuming you are probably using IP MTU 1500 on most interfaces ...
by mducharme
Wed Jun 26, 2019 7:33 am
Forum: General
Topic: Routing a Block of Public IP Addresses
Replies: 37
Views: 2323

Re: Routing a Block of Public IP Addresses

I think I've got it! That actually sounds pretty simple. :-) So I just need to set up incoming routes to get traffic to the correct Client Router/Network. I assume you are trying trying to use the IPs on that 38.1.2.128/29 subnet to assign to various client routers on their WAN ports (one for each)...
by mducharme
Tue Jun 25, 2019 1:19 am
Forum: Forwarding Protocols
Topic: MPLS over GRE MTU question
Replies: 8
Views: 813

Re: MPLS over GRE MTU question

But there is a physical L2MTU, depending on the parent interface that the traffic is leaving from, correct? When does GRE start fragmenting the L2 stuff? It's long before 65535, obviously. GRE is 24 bytes overhead - assuming your GRE tunnel is running over 1500 IP MTU, subtract 24 bytes for the GRE...
by mducharme
Tue Jun 25, 2019 1:12 am
Forum: General
Topic: Bridge is resetting CoS to 0 (was: Setting CoS from DSCP on PPPoE server)
Replies: 8
Views: 806

Re: Setting CoS from DSCP on PPPoE server

What am I missing? I haven't tried this myself, but is your setup a bridge with a VLAN on it, or is it a bridge where there is a VLAN interface as the port of the bridge? There is sometimes a difference in behavior between the two - we do some QoS stuff with bridge filters that works only with the ...
by mducharme
Mon Jun 24, 2019 11:54 pm
Forum: Beginner Basics
Topic: Captive portal for Wi-Fi users (no authentication, no internet)
Replies: 8
Views: 653

Re: Captive portal for Wi-Fi users (no authentication, no internet)

Apologies for the doubt but like I said I'm new with this mikrotik and I've tried most hotspot tutorials from here but with no luck. Perhaps if you could please kindly show me how, step by step on how to accomplish this I would really really appreciate it. What you want to do is very similar to the...
by mducharme
Mon Jun 24, 2019 9:40 pm
Forum: General
Topic: Routing a Block of Public IP Addresses
Replies: 37
Views: 2323

Re: Routing a Block of Public IP Addresses

So, other 'regular' traffic should pass then, correct? Unless it's specifically blocked in the firewall of one of the routers. Correct?
Yes, exactly. Also as an ISP it makes sense to allow most (if not all) ICMP - it makes troubleshooting much easier.
by mducharme
Mon Jun 24, 2019 8:43 pm
Forum: General
Topic: Routing a Block of Public IP Addresses
Replies: 37
Views: 2323

Re: Routing a Block of Public IP Addresses

I've typed /24 too many times. Yes, it's 0.0.0.0/0 on all routers.

John
Add two firewall rules to allow all ICMP on input and forward chains and move them to the top of the list on all three routers, then try the ping again.
by mducharme
Mon Jun 24, 2019 8:26 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 71366

Re: v6.45beta [testing] is released!

Are there any plans to add a simple EAP server authentication where there is no RADIUS server? i.e. Something like xauth for IKEv1 where you can define local users on the router itself? We have a few situations where there is no local RADIUS and certificates are more complicated for end users where ...
by mducharme
Mon Jun 24, 2019 7:53 pm
Forum: General
Topic: Routing a Block of Public IP Addresses
Replies: 37
Views: 2323

Re: Routing a Block of Public IP Addresses

They are set up as a chain. Client Router has 0.0.0.0/24 with Gateway as 10.1.1.254 (which is one of the LAN IP addresses on the Site Router). Site Router has 0.0.0.0/24 with Gateway as 10.0.247.254 (which is one of the LAN IP addresses on the Edge Router). Client routers have internet access just ...
by mducharme
Mon Jun 24, 2019 7:23 pm
Forum: General
Topic: Routing a Block of Public IP Addresses
Replies: 37
Views: 2323

Re: Routing a Block of Public IP Addresses

From Site Router 1, I can ping the Client Router. If I understand correctly, this is because there is a route automatically set up in Site Router 1, since the Client Router is directly connected to Site Router 1. Is this correct? Yes But I still can't ping 10.1.1.1 from the Edge Router. What am I d...
by mducharme
Sun Jun 23, 2019 11:12 pm
Forum: General
Topic: Push remote route through ppp
Replies: 2
Views: 473

Re: Push remote route through ppp

There is no good solution for this with l2tp. The best way to accomplish this is with IPsec road warrior.

https://wiki.mikrotik.com/wiki/Manual:I ... _Mode_Conf

The split-include takes care of this.
by mducharme
Sun Jun 23, 2019 6:15 pm
Forum: General
Topic: Routing a Block of Public IP Addresses
Replies: 37
Views: 2323

Re: Routing a Block of Public IP Addresses

mducharme, I think I understand what you're saying. I think this again goes back to my background in communications. I'm definitely going to have to 'reshape' my thinking. :-) And there's obviously going to have to be routes in the Client Router to reach the internet, correct? Yes, obviously, but t...
by mducharme
Sun Jun 23, 2019 5:49 am
Forum: General
Topic: Routing a Block of Public IP Addresses
Replies: 37
Views: 2323

Re: Routing a Block of Public IP Addresses

The Edge Router needs a route in place to get incoming traffic to the Client Router, because there's another Router (Router 1) between the Edge Router and the Client Router. Correct? The Edge Router already knows how to reach Router 1, because they're directly connected (so the route is automatical...
by mducharme
Sun Jun 23, 2019 1:03 am
Forum: Forwarding Protocols
Topic: MPLS over GRE MTU question
Replies: 8
Views: 813

Re: MPLS over GRE MTU question

Well it seems to work ok, and I asked around about it first before trying, and many others said it works fine. Just unsure about the MTU. MPLS works fine over GRE or EoIP. Only the L2MTU matters, and for GRE the L2MTU is 65535 and you can't change it. The only disadvantage of GRE vs EoIP for MPLS i...
by mducharme
Sat Jun 22, 2019 6:57 pm
Forum: Beginner Basics
Topic: Captive portal for Wi-Fi users (no authentication, no internet)
Replies: 8
Views: 653

Re: Captive portal for Wi-Fi users (no authentication, no internet)

Really? Will this work without intetnet? Cos i've tried a few hotspot guides from here but most requires internet connection to work properly.
Yes it does - why would it not?
by mducharme
Thu Jun 20, 2019 7:02 pm
Forum: Beginner Basics
Topic: Captive portal for Wi-Fi users (no authentication, no internet)
Replies: 8
Views: 653

Re: Captive portal for Wi-Fi users (no authentication, no internet)

@AidanAus...I'm not quite sure what you're saying "bump the threads", I did post 2 of the same topic since my first post was taking so long for the admin to post it or not so I made a second one. I'm still waiting for the reply on my request since, like I said I was looking for the same topic but c...
by mducharme
Thu Jun 20, 2019 6:26 pm
Forum: General
Topic: Routing a Block of Public IP Addresses
Replies: 37
Views: 2323

Re: Routing a Block of Public IP Addresses

Ok. Now let's expand this a bit. If the 'device' is another route that's on the other side of another router, like this: Edge Router --> Router 1 --> Client Router Then, I would need a route (static or use something like OSPF) in the Edge Router, to route a public IP to the Client Router, since the...
by mducharme
Thu Jun 20, 2019 5:02 am
Forum: General
Topic: Routing a Block of Public IP Addresses
Replies: 37
Views: 2323

Re: Routing a Block of Public IP Addresses

Would I still have to have routes to reach each device from the 'outside world'? Not "each device", but one route for the subnet, yes. However, since you are adding an IP on that subnet onto your router, your router will automatically have a "connected" route to that subnet, so you do not need to a...
by mducharme
Thu Jun 20, 2019 3:22 am
Forum: General
Topic: Routing a Block of Public IP Addresses
Replies: 37
Views: 2323

Re: Routing a Block of Public IP Addresses

So, would I set up my WAN port with 38.1.2.133 and then a 'default route' with 0.0.0.0/0 and the Gateway address as 38.1.2.131? Yes Then, would I set one of the 198.7.8.x addresses (such as 198.7.8.128) as the LAN IP address on my router (which would then be the Gateway IP address in the 'devices' ...
by mducharme
Wed Jun 19, 2019 6:46 pm
Forum: General
Topic: Question - Bandwidth shaping Simple Queues
Replies: 2
Views: 260

Re: Question - Bandwidth shaping Simple Queues

Hi, ether2 interface will not work as a target - you need to use a subnet (ex. 192.168.88.0/24). You will likely also find that you need to set max limit on the "all bandwidth" queue for upload and download in order for it to work.
by mducharme
Tue Jun 18, 2019 4:40 pm
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 26
Views: 1582

Re: QoS prioritization only, without shaping?

This is the primary reason for this post. We want better QoS for backhaul wireless links that we own, and the bandwidth varies it cannot be guaranteed. Real world is not perfect, radio frequencies get crowded, new constructions go up and partially block signal, a bin chicken fly's into the radio an...
by mducharme
Tue Jun 18, 2019 9:16 am
Forum: General
Topic: Radical change coming for home and small business networking
Replies: 37
Views: 2845

Re: Radical change coming for home and small business networking

I think you are really blowing this out of proportion in a “the sky is falling” sort of way. I can tell you right now that cable providers are not going to prevent you from using third party routers just because of this new technology option. You will be able to continue to use CCR routers on these ...
by mducharme
Tue Jun 18, 2019 2:04 am
Forum: RouterBOARD hardware
Topic: CCR1036-8G-2S+ - SFP+ port stops transmitting data?
Replies: 7
Views: 969

Re: CCR1036-8G-2S+ - SFP+ port stops transmitting data?

We have this problem, but for us it happens every 30-90 days or so. It last happened 57 days ago. We have a ping watchdog to reboot the router when this happens. Disabling and re-enabling the interface might fix it too. Same CCR1036-8G-2S+, first generation. We have two CCR's connected to each other...
by mducharme
Mon Jun 17, 2019 9:30 pm
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 26
Views: 1582

Re: QoS prioritization only, without shaping?

First question: Are you changing the hardware queue type on the MikroTik's? What are you using and what settings? Second question: Are you using a common template for QoS settings and would you care to share it? Answer to First question: No we aren't. One thing you need to realize is that, at least...
by mducharme
Mon Jun 17, 2019 6:15 am
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 26
Views: 1582

Re: QoS prioritization only, without shaping?

Also, AirFiber (except for the AF5XHD) can only read CoS, so you have to copy DSCP to CoS for the AirFiber devices to be able to read it. CoS is really the most universal priority tag available - basically everything supports it, even if DSCP or MPLS EXP bits are not supported. The only downside of ...
by mducharme
Mon Jun 17, 2019 6:04 am
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 26
Views: 1582

Re: QoS prioritization only, without shaping?

Ok but I have heard its best practice to use QoS tags at Layer3 as opposed to Layer2 so why not use DSCP tags instead of CoS? And does a MikroTik router actually do anything with DSCP tagged packets by default or does it need to configured with mangle or queue's to apply prioritization to traffic? ...
by mducharme
Mon Jun 17, 2019 5:26 am
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 26
Views: 1582

Re: QoS prioritization only, without shaping?

The router-router links don't use VLAN's though They just speak to each other on the ethernet link i.e. ether5 on RouterA connects to PTP670 link connects to ether7 on RouterB So using the set priority mangle rule wouldn't do anything? Or would it still tag packets with native VLAN id so that prior...
by mducharme
Mon Jun 17, 2019 4:52 am
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 26
Views: 1582

Re: QoS prioritization only, without shaping?

Here is an example setup from memory: concentrator <-cable-> P-1 <-radio-> P-2 <-radio-> PE <-cable-> CE (customer router) In this example VPLS tunnel runs from concentrator to PE router, so concentrator and PE apply MPLS labels. VPLS tunnel on concentrator would terminate on a bridge (running the P...
by mducharme
Mon Jun 17, 2019 4:15 am
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 26
Views: 1582

Re: QoS prioritization only, without shaping?

Ok so i'm a bit confused as to which method to use here. So lets step it back and i'll give a couple of different scenario's that may need different methods Background: We primarily use Cambium radio's but do use some Ubiquiti and a few Mikrotik I'm going to talk about our backbone infrastructure a...
by mducharme
Sun Jun 16, 2019 10:20 pm
Forum: Wireless Networking
Topic: Guest Wi-Fi Captive Portal Setup [SOLVED]
Replies: 1
Views: 387

Re: Guest Wi-Fi Captive Portal Setup [SOLVED]

You can accomplish this with the hotspot feature in MikroTik - edit the login page to remove the "username" and "password" prompts, add the EULA, and rename the "Connect as Guest" link to "Accept EULA"
by mducharme
Fri Jun 14, 2019 4:53 am
Forum: General
Topic: vlan bridge to port [SOLVED]
Replies: 10
Views: 701

Re: vlan bridge to port [SOLVED]

What the OP is doing is OK and is simply the old way of creating "access" ports for VLANs where the VLAN is untagged (before bridge VLAN filtering). Doing it the old way can still be justified on platforms other than CRS3xx due to the fact that you can have VLANs while not losing hardware offload fo...
by mducharme
Thu Jun 13, 2019 8:50 am
Forum: General
Topic: Queues lie
Replies: 11
Views: 632

Re: Queues lie

Manifestly improbable, as our bandwidth tests quite often show speeds well in excess of any customer's bursted queue. I can run BTest from one end of our network to the other (three or four wireless hops) and see speeds in the range of of 80-140Mb. That speed will also be reflected in the first que...
by mducharme
Thu Jun 13, 2019 8:05 am
Forum: General
Topic: Queues lie
Replies: 11
Views: 632

Re: Queues lie

1-POE-Host is port 1 on the PowerBox, which would normally supply the host's own service, except the property is vacant currently so there's no connection. Here is a partial printout of the queue, the rest of the rules are identical except for address. sqcli.jpg OK Thanks. So, there are a few thing...
by mducharme
Thu Jun 13, 2019 7:43 am
Forum: General
Topic: Queues lie
Replies: 11
Views: 632

Re: Queues lie

It's pretty difficult to misconfigure simple queues. Queue, queue, queue, that's the one that matches this customer, we're done. There are no other queues. Removing them and putting exactly the same queues back should not fix a bandwidth problem like this... and yet it does. Can you share an export...
by mducharme
Thu Jun 13, 2019 7:14 am
Forum: General
Topic: Queues lie
Replies: 11
Views: 632

Re: Queues lie

You're not going to tell me the queues were not at fault here. You're also not going to tell me I had them configured wrong, because the configuration I put back was EXACTLY the same configuration that I wiped clean, and it worked just fine from then on… not only for this customer, but for about fi...
by mducharme
Thu Jun 13, 2019 6:04 am
Forum: General
Topic: Queues lie
Replies: 11
Views: 632

Re: Queues lie

This isn't a question, it's a warning. There is a bug of long standing in RouterOS that causes invisible, internal queue corruption. I have experienced it with both tree queues and simple queues, over a period of something like eight years, and have incontrovertibly proved it is happening. The symp...
by mducharme
Thu Jun 13, 2019 5:57 am
Forum: General
Topic: 10G support for Traffic Engineering
Replies: 1
Views: 471

Re: 10G support for Traffic Engineering

We've been running traffic-engineering based bandwidth limits for at least 5 years. Now that we have 10G interfaces, the 32bit limitation, or whatever the problem, is requiring us to look for different solutions for limiting vpls connections. You can use a queue tree on both sides of the VPLS tunne...
by mducharme
Wed Jun 12, 2019 11:50 pm
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 26
Views: 1582

Re: QoS prioritization only, without shaping?

The other way around, UBNT AP no WDS with MikroTik client connected can often pass VLAN tagged traffic but sometimes it stops and needs to be re-associated to continue. Of course between 2 UBNT devices in WDS mode, and between 2 MikroTik devices in bridge mode there is no issue. In our case the UBN...
by mducharme
Wed Jun 12, 2019 10:57 pm
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 26
Views: 1582

Re: QoS prioritization only, without shaping?

Ok, my experience with UBNT radios that are not in "WDS" mode has been that tagged VLAN traffic over the link does not always work correctly. As we have a mix of UBNT/MikroTik in het network (both at the AP and client side) we often cannot run in "WDS" mode. This should be the same difference as be...
by mducharme
Wed Jun 12, 2019 9:30 pm
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 26
Views: 1582

Re: QoS prioritization only, without shaping?

With the UBNT devices, do you use VLAN tagging only on ethernet and then strip it in the radio, or extend VLAN all over the WiFi link? I have not-so-good experience with the latter when it is not in PtP mode. Sometimes it works fine, sometimes it fails in strange ways. We extend the VLAN over the W...
by mducharme
Wed Jun 12, 2019 6:22 pm
Forum: General
Topic: EoIP tunnels randomly fail
Replies: 8
Views: 580

Re: EoIP tunnels randomly fail

I have a x86 router now running 6.44.3, it was running 42.x, remotely we have a mixture of MK routers but most of them are GR3's We have 10 EoIP tunnels over L2Tp/IPSec vpn/bridge coming into that router. Every now and again one of the EoIP tunnels will drop. We can see traffic from both sides of t...
by mducharme
Wed Jun 12, 2019 5:01 pm
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 26
Views: 1582

Re: QoS prioritization only, without shaping?

Well, when the radio is UBNT (quite common as they operate in the same market segment as MikroTik), the whole QoS thing will work automatically, also without VLAN tagging. It uses the WMM defined queue mapping based on DSCP high 3 bits with 4 queues. This is not true for all of their radios. We hav...
by mducharme
Wed Jun 12, 2019 8:57 am
Forum: Beginner Basics
Topic: My first Mikrotik Router - Firewall Help
Replies: 16
Views: 1072

Re: My first Mikrotik Router - Firewall Help

Your port forwarding is not working because there is no firewall filter forward chain rule that allows that traffic.
by mducharme
Wed Jun 12, 2019 8:45 am
Forum: Forwarding Protocols
Topic: ❗️❓ UNSTABLE VPLS on Wireless networks
Replies: 13
Views: 1177

Re: ❗️❓ UNSTABLE VPLS on Wireless networks

If you have MikroTik radios, use "set priority" action to 7 for OSPF traffic. If the radio is routing you can do that with a mangle rule, or if the radio is bridging you will need to do it with a bridge filter. That will prioritize it as long as you are using either NV2 or WMM. If you are using NV2 ...
by mducharme
Wed Jun 12, 2019 8:35 am
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 26
Views: 1582

Re: QoS prioritization only, without shaping?

Also you should use new priority from dscp high 3 bits, not just from dscp. The mapping from-dscp is probably not what you want. DSCP high 3 bits results in a more useful mapping.
by mducharme
Wed Jun 12, 2019 8:20 am
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 26
Views: 1582

Re: QoS prioritization only, without shaping?

So for all our routers just add a rule at the top of mangle with passthrough ticked 'set priority' new priority: from dscp And that's all thats needed? (Assuming DSCP is already set, otherwise add more mangle rules to set DSCP bits) No queue's added? Yes, *but* whatever you are using for wireless n...
by mducharme
Wed Jun 12, 2019 7:04 am
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 26
Views: 1582

Re: QoS prioritization only, without shaping?

What wireless links are you using? In most cases, you will need to use a "set priority" mangle rule or bridge filter rule to prioritize the traffic.
by mducharme
Wed Jun 12, 2019 7:02 am
Forum: Forwarding Protocols
Topic: ❗️❓ UNSTABLE VPLS on Wireless networks
Replies: 13
Views: 1177

Re: ❗️❓ UNSTABLE VPLS on Wireless networks

Decreasing downtime is good so certainly follow that feedback but also prioritize OSPF to prevent the downtime from happening in the first place. We have very reliable OSPF over wireless, in some places even set to broadcast (although as scampbell said point-to-point is better), that are completely ...
by mducharme
Tue Jun 11, 2019 9:33 pm
Forum: Forwarding Protocols
Topic: ❗️❓ UNSTABLE VPLS on Wireless networks
Replies: 13
Views: 1177

Re: ❗️❓ UNSTABLE VPLS on Wireless networks

I don't find any good document about it, if is possible get some help that how can I configure it.
I don't have any QOS or priority configuration on routers / links.
What radios are you using?
by mducharme
Tue Jun 11, 2019 5:02 pm
Forum: Forwarding Protocols
Topic: ❗️❓ UNSTABLE VPLS on Wireless networks
Replies: 13
Views: 1177

Re: ❗️❓ UNSTABLE VPLS on Wireless networks

We run long distance wireless links and do not experience this. Even if VPLS tunnels go down for some reason, they typically only take 10 seconds to come back, not 60. The 60 seconds makes me suspect that it is actually something else that is going down, most likely something like OSPF, or possibly ...
by mducharme
Thu Apr 11, 2019 12:16 am
Forum: Beginner Basics
Topic: Limit Bandwidth to Per IP
Replies: 6
Views: 1058

Re: Limit Bandwidth to Per IP

it will effect only connection limit?? then what will i do for bandwidth limit???
I think what you want is PCQ - please see: https://wiki.mikrotik.com/wiki/Manual:Q ... Q_Examples
by mducharme
Wed Mar 13, 2019 9:21 am
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 71366

Re: v6.45beta [testing] is released!

*) dhcpv6-server - added RADIUS accounting support;
This is excellent news - does this also work with DHCPv6 servers over PPP (ex. PPPoE)?
by mducharme
Mon Mar 04, 2019 5:08 am
Forum: Announcements
Topic: v6.44 [stable] is released!
Replies: 219
Views: 36390

Re: v6.44 [stable] is released!

MikroTik as remote DHCP server for relay purposes (not connected directly to the network that DHCP is used on) stops giving leases after upgrade, seemingly due to new ARP conflict detection feature. Disabling conflict detection resolves the issue. Shouldn't this feature shut itself off if the router...
by mducharme
Sun Feb 17, 2019 11:49 pm
Forum: Announcements
Topic: v6.44rc [testing] is released!
Replies: 67
Views: 12479

Re: v6.44rc [testing] is released!

I upgraded from 6.43.12 and had two IPsec peers with RSA key auth. After upgrading to 6.44rc1, only one of the two peers was added to the new ipsec identities tab. I had to recreate the other to bring it up again.
by mducharme
Tue Jan 15, 2019 11:28 am
Forum: General
Topic: Asymmetric Routing
Replies: 7
Views: 571

Re: Asymmetric Routing

I will try a config reset later on Router 1. For the time being it's working in the opposite traffic flow.
can you run /ip route export and paste the results? And the same for /ip route print?
by mducharme
Tue Jan 15, 2019 10:58 am
Forum: General
Topic: Asymmetric Routing
Replies: 7
Views: 571

Re: Asymmetric Routing

Another thing to check - did you perhaps once have that 172.24.62.0/24 subnet set up directly on router1 and removed the IP but haven't rebooted since? Sometimes there can be strange issues caused by route caching when the cache isn't cleared properly.
by mducharme
Tue Jan 15, 2019 10:10 am
Forum: General
Topic: Asymmetric Routing
Replies: 7
Views: 571

Re: Asymmetric Routing

Hmmm. I would have thought while slightly unusual to setup asymmetrically, the Mikrotiks should be able to do this. It's just a matter of setting the static route for 172.24.62.0/24 to gateway IP 10.0.0.2. MikroTik does asymmetric routing and it is allowed by default. If it is not working, then you...
by mducharme
Tue Jan 15, 2019 9:26 am
Forum: General
Topic: Asymmetric Routing
Replies: 7
Views: 571

Re: Asymmetric Routing

Hello,

A router will in some cases try to use ARP to resolve a remote IP if gateway for one of the routes is incorrectly set to an interface instead of an IP address. Double check your routes and make sure you don't have a route where gateway is incorrectly set to an interface name instead of an IP.
by mducharme
Tue Jan 15, 2019 1:45 am
Forum: Forwarding Protocols
Topic: MPLS TE 2x 1gbps point to point links
Replies: 5
Views: 809

Re: MPLS TE 2x 1gbps point to point links

Hi Guys, I managed to get RSVP TE tunnel up and running between the two routers but traffic doesn't pass over it. I notice that the RSVP TE shows up as an Interface in the router. Should I configure an OSPF connection between the two routers on the RSVP TE interfaces? The issue I am currently havin...
by mducharme
Mon Jan 14, 2019 1:00 am
Forum: General
Topic: CCR1036-8G-2S+with HIGH CPU load
Replies: 9
Views: 850

Re: CCR1036-8G-2S+with HIGH CPU load

I read about the disabling SNMP, tried it too, didn't help for me. This is by the way what the CPU looks like after the reboot. Busy, but normal: cpu.JPG Yes this is exactly what happened to us. In our case it seemed to start when a winbox session terminated abnormally that had a large table open (...
by mducharme
Mon Jan 14, 2019 12:53 am
Forum: Forwarding Protocols
Topic: MPLS TE 2x 1gbps point to point links
Replies: 5
Views: 809

Re: MPLS TE 2x 1gbps point to point links

Hi,

This is accomplished by forcing one VPLS tunnel across one TE tunnel and the other VPLS tunnel across the other TE tunnel. The VPLS tunnels can then be used for load balancing.
by mducharme
Sun Jan 13, 2019 7:14 am
Forum: General
Topic: CCR1036-8G-2S+with HIGH CPU load
Replies: 9
Views: 850

Re: CCR1036-8G-2S+with HIGH CPU load

We experienced this previously - a reboot appeared to clear it. I noticed it happens on our router when a user session is "stuck" - sometimes winbox disconnects but the router still thinks the user is logged in, and continues to think so until it is rebooted. I'm not sure if this is the cause or not...
by mducharme
Sat Jan 05, 2019 10:20 pm
Forum: Announcements
Topic: v6.43.8 [stable] is released!
Replies: 169
Views: 33800

Re: v6.43.8 [stable] is released!

Please suggest me what should i do now? All users are using unlimited bandwidth now, thats why, it's so much tough to me for managing the bandwidth. Another thing is that, when i logged into the mikrotik via winbox, it's showing unsecured mode at the right corner. Potentially the problem is with qu...
by mducharme
Tue Jan 01, 2019 4:38 am
Forum: Scripting
Topic: ":put" problem in scripting [SOLVED]
Replies: 4
Views: 651

Re: ":put" problem in scripting [SOLVED]

This is normal behavior. If you want the script to print output while it runs, use the :log command which will output to the system log.
by mducharme
Mon Dec 31, 2018 6:26 am
Forum: General
Topic: Port forwarding with PPPOE doesn't work
Replies: 2
Views: 556

Re: Port forwarding with PPPOE doesn't work

Besides what is explained above, the other problem with this rule is src-port="", which means src-port=NULL. src-port will never be null, so therefore you will need to adjust this rule; Otherwise, it will never apply.
by mducharme
Sun Dec 30, 2018 11:15 pm
Forum: Beginner Basics
Topic: Voice vlan and mikrotik
Replies: 3
Views: 846

Re: Voice vlan and mikrotik

How to create voice VLAN on Mikrotik? I create as normal VLAN and I add DHCP server but when I plug telephone doesn't receive an IP address. On switch it show that I plug telephone as tagged port. Switch is PLANET gs-4210-24p4c Mikrotik CRS212-1G-10S-1SplusIN and IP telephony is Grandstream. You sh...
by mducharme
Sun Dec 30, 2018 10:45 pm
Forum: Beginner Basics
Topic: RouterOS basic vlan config
Replies: 15
Views: 1409

Re: RouterOS basic vlan config

Also, I would not add the same IP onto two interfaces simultaneously. It could possibly cause an issue - if the device has an IP on the same subnet in two different interfaces, how does it know which to use to reach you? You should probably put the ether2 ip in a different subnet from the IP that yo...
by mducharme
Sun Dec 30, 2018 9:33 pm
Forum: Beginner Basics
Topic: RouterOS basic vlan config
Replies: 15
Views: 1409

Re: RouterOS basic vlan config

no worries. I don't have Windows pcs therefore Winbox is not an option. However I simply reset the CRS and started from scratch. Could also help me understanding the concept a little better. Many people use winbox on MacOS or Linux in Wine. It is designed to work well in Wine. There is even a versi...
by mducharme
Sat Dec 29, 2018 10:38 pm
Forum: Beginner Basics
Topic: RouterOS basic vlan config
Replies: 15
Views: 1409

Re: RouterOS basic vlan config

I added: /ip address add address=192.168.2.60/24 interface=vlan2 network=192.168.2.0 and I removed: /ip address remove numbers=0 (this was the "interface=ether2") the last command unfortunately looked me out. Don't exactly understand why, since Port 17 was supposed to be an untagged access Port on ...
by mducharme
Sat Dec 29, 2018 7:11 pm
Forum: Beginner Basics
Topic: RouterOS basic vlan config
Replies: 15
Views: 1409

Re: RouterOS basic vlan config

and put the IP address on this VLAN interface How do I do this? Can't see an option to set a vlan for the MK IP. To do this, simply change the interface for the IP from "ether2" to "vlan2". Currently you have "/ip address add address=192.168.2.60/24 interface=ether2 network=192.168.2.0", this will ...
by mducharme
Sat Dec 29, 2018 4:29 am
Forum: RouterBOARD hardware
Topic: 10GB SFP+ recognized as 1GB - Question [SOLVED]
Replies: 3
Views: 613

Re: 10GB SFP+ recognized as 1GB - Question [SOLVED]

Thanks, actually I'm embarrassed since I had a look at the block diagram several times and thought even though the channel only provides only 1GB to the CPU it should have a 10GB connection. But I didn't notice it's an SFP only and not SFP+. Aarrrrg. The 4011 has an SFP+ port. If you upgrade to tha...
by mducharme
Sat Dec 29, 2018 4:15 am
Forum: Beginner Basics
Topic: RouterOS basic vlan config
Replies: 15
Views: 1409

Re: RouterOS basic vlan config

Hi again, I didn't have much time recently to keep on trying to set it up. But now I try again and still don't get it properly. second thing I did, was configuring one access port: /interface bridge vlan add bridge=bridge untagged=ether17 vlan-ids=2 so, Port 17 is an access port on vlan 2 untagged....
by mducharme
Fri Dec 28, 2018 11:02 pm
Forum: Beginner Basics
Topic: Firewall is blocking FORWARDING? WHY??
Replies: 9
Views: 688

Re: Firewall is blocking FORWARDING? WHY??

/ip firewall filter add action=accept chain=forward comment="INTERNET USERS TCP" \ connection-state=established,related,new dst-port="" port="" protocol=tcp add action=accept chain=forward comment="INTERNET USERS UDP" \ connection-nat-state="" connection-state=established,related,new port=53 \ prot...
by mducharme
Wed Dec 26, 2018 10:29 pm
Forum: Forwarding Protocols
Topic: BGP practice
Replies: 14
Views: 1821

Re: BGP practice

Hello mducharme, My topology goes like this ISP 1 -- Router A ------- Router C ------- Router D ------- router F ----- Router B--- ISP 2 So I setup Router A and Router B as BGP routers, inside Routers C, D , F , A, B all use OSPF, I want to establish that when my ISP 1 is down ( it happens sometime...
by mducharme
Wed Dec 26, 2018 5:57 am
Forum: Beginner Basics
Topic: VLAN hell - NOOB :)
Replies: 3
Views: 490

Re: VLAN hell - NOOB :)

Here is a layout of what I would like to accomplish in Phase I isp modem -> Asus router -> eth01 port - CRS in bridge mode - eth10 port -> Hyper-V ( 192.168.1.10) Static IP - eth15 port -> MAC ( 192.168.1.20 ) DHCP IP from Asus router - eth20 port -> IoT Hub #1 ( 192.168.50.10) DHCP IP from CRS - e...
by mducharme
Wed Dec 26, 2018 3:45 am
Forum: Forwarding Protocols
Topic: BGP practice
Replies: 14
Views: 1821

Re: BGP practice

Hello, So, I setup a default static route metric in OSPF Instance in Router A (primary) to 1, a , and on router B ( secondary) to 5 Router A has a type 1 redistributedef. route : always as type 1 Router B has a type 1 redistrubute def route : always as type 2 with metric 5 So to test it I need to s...
by mducharme
Tue Dec 25, 2018 3:00 am
Forum: General
Topic: v7.00.1 [stable] is released!
Replies: 10
Views: 1332

Re: v7.00.1 [stable] is released!

NOT funny. :(
by mducharme
Tue Dec 25, 2018 1:40 am
Forum: General
Topic: Report "Delegated-IPv6-Prefix" attribute for PPPoE
Replies: 200
Views: 39517

Re: Report "Delegated-IPv6-Prefix" attribute for PPPoE

Dear friend, I could post the script. Here it is - we run this every 5 minutes using the scheduler: /ipv6 dhcp-server binding; :foreach i in=[find server~"pppoe"] do={ make-static $i; set $i comment=[get $i server]; set $i server=all; } It works well and users always get the same prefix after disco...
by mducharme
Mon Dec 24, 2018 8:41 pm
Forum: Forwarding Protocols
Topic: How can I reeduce load over 1072 to 2 x 1036
Replies: 8
Views: 1183

Re: How can I reeduce load over 1072 to 2 x 1036

amt - I'm afraid I don't quite understand the problem here. If the traffic is coming from the clients and passing through router A and B on the way to the BGP router, why not just do NAT there? Why do you need to send the traffic back to router A and router B after it has come from the inside? If yo...
by mducharme
Mon Dec 24, 2018 8:31 pm
Forum: General
Topic: Report "Delegated-IPv6-Prefix" attribute for PPPoE
Replies: 200
Views: 39517

Re: Report "Delegated-IPv6-Prefix" attribute for PPPoE

We have been using a workaround for now, although I'm not sure whether it will work for everybody, if it does help someone I can post the script. We have a script that runs that turns any dynamic DHCPv6 PPPoE bindings into static bindings, so that if the customer disconnects and reconnects, they get...
by mducharme
Sun Dec 23, 2018 1:18 pm
Forum: General
Topic: Report "Delegated-IPv6-Prefix" attribute for PPPoE
Replies: 200
Views: 39517

Re: Report "Delegated-IPv6-Prefix" attribute for PPPoE

I have hope that they are still working on this and on IPv6 RADIUS accounting. They seem to have prioritized IPv6-related enhancements in the past year or so, judging by the change logs.
by mducharme
Fri Dec 21, 2018 8:13 pm
Forum: Forwarding Protocols
Topic: Setup IPv6 L2TP Server to provide IPv6 connectivity on iOS L2TP client
Replies: 3
Views: 787

Re: Setup IPv6 L2TP Server to provide IPv6 connectivity on iOS L2TP client

This doesn't work on MacOS because for some reason MacOS doesn't do SLAAC on ppp interfaces. People have created hack-ish workarounds like a script that does a packet capture to listen to for IPv6 router advertisements and then use that to set the IPv6 address, but that kinda workaround doesn't real...
by mducharme
Fri Dec 21, 2018 4:38 am
Forum: Wireless Networking
Topic: Newbie: LHG 5ac only hitting 100mbps
Replies: 30
Views: 2050

Re: Newbie: LHG 5ac only hitting 100mbps

Last couple of questions.. How about the LHG 60 why is it per claim able to do gigabit speed ( 1Gbps full duplex actual throughput (both directions 1Gbps at the same time) with basically the same hardware as the lhg 5 ac but just different frequency? Is this gigabit speed 802.11 or the other protoc...
by mducharme
Fri Dec 21, 2018 1:27 am
Forum: General
Topic: Using queues to limit maximum bandwidth (NOT TO EXCEED)
Replies: 14
Views: 1618

Re: Using queues to limit maximum bandwidth (NOT TO EXCEED)

I went ahead and make a users address list on both sides of the circuit. I then dropped all traffic not destined for or from those addresses. Using torch I was able to confirm that only those specific addresses are going through now. I went ahead and disabled all the rules and modified the main que...
by mducharme
Thu Dec 20, 2018 8:33 am
Forum: Wireless Networking
Topic: Newbie: LHG 5ac only hitting 100mbps
Replies: 30
Views: 2050

Re: Newbie: LHG 5ac only hitting 100mbps

Yes, I am not expecting more from these MT That is what I was expecting even before about the half of the 866mbps minus the overhead. But MT needs to fix the other 2 protocols to match or even exceed the 802.11. But what bothers me on the responses here it seems that they are not expecting it to pe...
by mducharme
Thu Dec 20, 2018 4:37 am
Forum: Wireless Networking
Topic: Newbie: LHG 5ac only hitting 100mbps
Replies: 30
Views: 2050

Re: Newbie: LHG 5ac only hitting 100mbps

during testing it was around 10 meters. anyway I got it to a max of 400mbps ( I was maxing out at around 36 to 38MBps for file transfer ) with the most ideal condition ( very low noise, tested from 20+ dbi to 60+ , 802.11, 1 big file transfer around 3 meters apart ) I guess the other 2 protocols ar...
by mducharme
Thu Dec 20, 2018 2:43 am
Forum: Forwarding Protocols
Topic: BGP over GRE TUNNEL problems on one direction
Replies: 2
Views: 418

Re: BGP over GRE TUNNEL problems on one direction

Does anyone have a hint on what i could start looking? It's appreciated.
That doesn't look like the right connection, port 443 is not BGP. You'll need to share more config than just that one screenshot to allow for troubleshooting.
by mducharme
Wed Dec 19, 2018 7:48 pm
Forum: General
Topic: Using queues to limit maximum bandwidth (NOT TO EXCEED)
Replies: 14
Views: 1618

Re: Using queues to limit maximum bandwidth (NOT TO EXCEED)

I have tried disabling the individual and the catchall rules and just have the single PCQ parent with similar results. It exceed 5Mbps when set at 2400K. You have a logic error somewhere where some traffic is not going into any of those queues. You have not accounted for all of your traffic somehow...
by mducharme
Wed Dec 19, 2018 1:47 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 84074

Re: v6.44beta [testing] is released!

Most likely a supout.rif file is already generating in the backgound. Is there an autosupout.rif file in the Files menu? No, there are no files at all in the files menu. I had rebooted and tried again. It is still trying to generate the supout 5 hours later. If I go to the command line and type "/i...
by mducharme
Wed Dec 19, 2018 8:21 am
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 84074

Re: v6.44beta [testing] is released!

mducharme , please generate a supout.rif file when the issue is present and send it to support@mikrotik.com emils - Unfortunately, not possible. When it is happening, I ask my router to generate supout and it sits there not responding. I tried stopping and restarting and I get "Couldn't start - bus...
by mducharme
Wed Dec 19, 2018 6:57 am
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 84074

Re: v6.44beta [testing] is released!

I tried to upgrade to the latest 6.44 beta (6.44beta50) but it was not successful - I end up with 100% CPU usage continuously caused by ipsec process. In winbox I cannot go into IP->IPSEC and view settings, or /ip ipsec export. If I try to export ipsec I get no output.
by mducharme
Wed Dec 19, 2018 6:43 am
Forum: Wireless Networking
Topic: Newbie: LHG 5ac only hitting 100mbps
Replies: 30
Views: 2050

Re: Newbie: LHG 5ac only hitting 100mbps

Anyway, I will checking other hardware as I need something at least 500mbps. MT seems to be having issues with wireless ptp speeds as of the moment and seems that there is no solution yet.. https://forum.mikrotik.com/viewtopic.php?f=7&t=136002&start=250 Already bought a couple of b5 and b5c. I was ...
by mducharme
Wed Dec 19, 2018 4:27 am
Forum: Wireless Networking
Topic: Newbie: LHG 5ac only hitting 100mbps
Replies: 30
Views: 2050

Re: Newbie: LHG 5ac only hitting 100mbps

Thanks to you and all those responded. I was not expecting to achieve the 866 but somewhere in the 400s. never figured that it really far from that. This is my first time with ptp wireless thus me scratching my head. I thought it should be better with our aruba ap 225s but wasn't. Although I haven'...
by mducharme
Wed Dec 19, 2018 12:15 am
Forum: Wireless Networking
Topic: Newbie: LHG 5ac only hitting 100mbps
Replies: 30
Views: 2050

Re: Newbie: LHG 5ac only hitting 100mbps

Anyway So, the 100Mbps duplex is normal I guess. Would be nice that MT would show real world test of the radio link so people like me could have informed choices. You might get more than 100Mbps duplex, but you would have to test with separate devices on either side of the radios instead of using b...
by mducharme
Wed Dec 19, 2018 12:03 am
Forum: Wireless Networking
Topic: Newbie: LHG 5ac only hitting 100mbps
Replies: 30
Views: 2050

Re: Newbie: LHG 5ac only hitting 100mbps

So in real world result... What would be the best case UL/DL speed? 285Mbps - 649Mbps one way? how can I achieve the higher result? basically the transmitter are already side by side and made sure that there is no interference on the channel. " Lucky " means winning the silicon lottery or is it as ...
by mducharme
Tue Dec 18, 2018 7:23 am
Forum: General
Topic: NETINSTALL: bind tftp general failed
Replies: 3
Views: 1034

Re: NETINSTALL: bind tftp general failed

I ran into the same issue last year Alain caused by a conflict with the same TFTP server and it took me a while to figure it out. Felt silly afterwards. I think it happens to everyone from time to time.
by mducharme
Tue Dec 18, 2018 4:09 am
Forum: General
Topic: Wrong RoS version noted after upgrade to 6.43.4 Stable [SOLVED]
Replies: 3
Views: 806

Re: Wrong RoS version noted after upgrade to 6.43.4 Stable [SOLVED]

I dont knowed that even RoS must upgrade hardware FW. Thanks for your answer. Helped ! You can upgrade firmware automatically after ROS upgrade by going into Routerboard->Settings and enable auto upgrade. Second reboot will be needed after ROS upgrade for firmware upgrade, but it saves you from nee...
by mducharme
Tue Dec 18, 2018 3:32 am
Forum: Wireless Networking
Topic: Newbie: LHG 5ac only hitting 100mbps
Replies: 30
Views: 2050

Re: Newbie: LHG 5ac only hitting 100mbps

When you btest you should not btest on the devices, the CPU will max out, you should btest between other devices connected to both ends. - I took into consideration reg the maxing out of the cpu, I checked even at tcp my utilization is about only 20% on both ends. So i assume this isn't about the C...
by mducharme
Tue Dec 18, 2018 1:06 am
Forum: General
Topic: IP CLOUD is down
Replies: 61
Views: 10604

Re: IP CLOUD is down

I wonder if there might actually be two separate problems at play here.
by mducharme
Mon Dec 17, 2018 10:17 pm
Forum: General
Topic: IP CLOUD is down
Replies: 61
Views: 10604

Re: IP CLOUD is down

There is a difference between DNS resolvers:

Firmware is 6.43.2 on CCR1036-8G-2S+ for example. This looks like connectivity problems, and nothing to do with old/new.
Confirmed that Google DNS is resolving the 6.43.x new IP cloud names but not Cloudflare DNS from here as well.
by mducharme
Mon Dec 17, 2018 12:02 pm
Forum: General
Topic: IS it possible to install to mikrotik router os x86 on HP Smart Array 6i Controller
Replies: 2
Views: 388

Re: IS it possible to install to mikrotik router os x86 on HP Smart Array 6i Controller

Hello, I am trying to install mikrotik router os on HP Proliant dl380 g4 blade server which has an HP Smart Array 6i raid Controller i had tried with raid 5 raid 1+0 raid 0 but every time it says error no boot drive found :( can anyone help me with that Set up a virtualization system and run CHR in...
by mducharme
Sun Dec 16, 2018 10:11 pm
Forum: General
Topic: Using queues to limit maximum bandwidth (NOT TO EXCEED)
Replies: 14
Views: 1618

Re: Using queues to limit maximum bandwidth (NOT TO EXCEED)

Through "Simple Queues". Printing only shows the parent Q, see below screenshot. PCQ-Child-Qs.JPG Those are not child queues. Those are PCQ queues. The OP has actual manually created simple queues as child queues that have parent set, so the simple queues list appears as a tree structure. His PCQ i...
by mducharme
Sun Dec 16, 2018 6:19 pm
Forum: General
Topic: High CPU load 70+ on queueing alone.
Replies: 8
Views: 787

Re: High CPU load 70+ on queueing alone.

Just a thought: as it is right now each child queue needs to borrow from parent for each and every packet. It's hard to find any info about parent queue sizes. I'll try to dig some more info. Thanks for reply. Hi, I don’t think playing with settings like that will help you very much. The problem is...
by mducharme
Sun Dec 16, 2018 5:13 am
Forum: General
Topic: ccr1009 speedtest resoults
Replies: 3
Views: 474

Re: ccr1009 speedtest resoults

The btest process itself uses quite a bit of CPU. Results will always be lower than the device supports if the CPU is being maxed out or nearly maxed out by the btest process. This is false. the CCR only goes to 1%. That is not false. The btest server only became multithreaded as of 6.44beta39. Bef...
by mducharme
Sat Dec 15, 2018 10:15 pm
Forum: General
Topic: Using queues to limit maximum bandwidth (NOT TO EXCEED)
Replies: 14
Views: 1618

Re: Using queues to limit maximum bandwidth (NOT TO EXCEED)

The Child Q's are created dynamically
Through what feature - DHCP? Hotspot? PPP? Can you execute "/queue simple print" and show the output? Printing the list will include all dynamic queues as separate items.
by mducharme
Sat Dec 15, 2018 2:32 am
Forum: General
Topic: ccr1009 speedtest resoults
Replies: 3
Views: 474

Re: ccr1009 speedtest resoults

The btest process itself uses quite a bit of CPU. Results will always be lower than the device supports if the CPU is being maxed out or nearly maxed out by the btest process.
by mducharme
Fri Dec 14, 2018 10:51 pm
Forum: General
Topic: Using queues to limit maximum bandwidth (NOT TO EXCEED)
Replies: 14
Views: 1618

Re: Using queues to limit maximum bandwidth (NOT TO EXCEED)

I have at a client the below and works 100%: /queue simple add comment="1Mb" max-limit=50M/50M name=ParentQ queue=pcq-uload-1M/pcq-dload-1M target=172.16.0.0/16 /queue type add kind=pcq name=pcq-uload-1M pcq-classifier=src-address pcq-rate=1024k add kind=pcq name=pcq-dload-1M pcq-classifier=dst-add...
by mducharme
Fri Dec 14, 2018 1:48 am
Forum: General
Topic: Using queues to limit maximum bandwidth (NOT TO EXCEED)
Replies: 14
Views: 1618

Re: Using queues to limit maximum bandwidth (NOT TO EXCEED)

No dice, The PCQ queue does not limit trafffic and in fact allows it to push up over 5Mbps. Are you sure that every single subnet in the parent target list is also the target of at least one child queue, and that child queue also has max-limit set for up and down? If you create a single simple queu...
by mducharme
Wed Dec 12, 2018 5:56 am
Forum: Beginner Basics
Topic: LAN and internet in the same public range /27
Replies: 10
Views: 786

Re: LAN and internet in the same public range /27

Hi,

The best thing to do would be to ask your provider to route the /27 through your router instead of to the WAN side of your router. They should be able to do that. You could even use a private /30 on the WAN side of your router to connect to the provider.
by mducharme
Tue Dec 11, 2018 11:31 am
Forum: Scripting
Topic: TR-069 Change router password? [SOLVED]
Replies: 3
Views: 713

Re: TR-069 Change router password? [SOLVED]

mmm, We use different username/password per CPE. Thanks anyway, will figure out how to do this. Hi, One way you could do this is by setting the username and password via TR069 for something that allows a username and password setting - for instance, PPPoE client. Then you could run a .alter script ...
by mducharme
Tue Dec 11, 2018 11:16 am
Forum: Forwarding Protocols
Topic: ospf summarization help [SOLVED]
Replies: 21
Views: 2396

Re: ospf summarization help [SOLVED]

so, I understand that you suggest me to convert multiple area to 1 area back and do summarize with area ranges. and I understand that there is no any summarize choice if multiple subnets used at multiple areas Correct, for both. If you want to have more areas, renumber your networks so that they ca...
by mducharme
Tue Dec 11, 2018 10:59 am
Forum: General
Topic: Severe port flapping on CRS328-24P-4S+ and CRS317-1G-16S+
Replies: 145
Views: 19445

Re: Severe port flapping on CRS328-24P-4S+ and CRS317-1G-16S+

From the MikroTik site it looks to me like the S+32LC10D is specifically meant to have the S+23LC10D module on the other end. Are you using the same module on both ends?
by mducharme
Tue Dec 11, 2018 1:33 am
Forum: Scripting
Topic: TR-069 Change router password? [SOLVED]
Replies: 3
Views: 713

Re: TR-069 Change router password? [SOLVED]

Does anybody know if it is possible to change or set router username/password with TR-069 Hi, AFAIK this is not possible directly, except you can probably use a .alter configuration file to accomplish this if you have already rolled out the devices. If you are still making the default config, you c...
by mducharme
Mon Dec 10, 2018 11:22 pm
Forum: Forwarding Protocols
Topic: OSPF loses routes after days
Replies: 23
Views: 2513

Re: OSPF loses routes after days

I have many IPs on that interface. Multiple of them are doing OSPF. A couple are not. Keep in mind the issue with one router is every 1-3 days. The other router is after maybe a week or two. The first router has 0 problems talking to a Powercode BMU in the same situation - it only happens when I mo...
by mducharme
Mon Dec 10, 2018 7:51 pm
Forum: Forwarding Protocols
Topic: OSPF loses routes after days
Replies: 23
Views: 2513

Re: OSPF loses routes after days

What if I have both examples? Wait - you are saying you have two IPs on one interface? ex. two different IPs in two different /30's at the same time on one interface and OSPF neighbor with both? If so, I think that is a bad idea, and it may be responsible for your instability. Whenever I have a sin...
by mducharme
Mon Dec 10, 2018 7:41 pm
Forum: Forwarding Protocols
Topic: ospf summarization help [SOLVED]
Replies: 21
Views: 2396

Re: ospf summarization help [SOLVED]

Sorry I missed that you asked for routes, Area1 60 routes, Area2 33 routes, Area3 44 Routes if i collect them in one area total routes will be 137. too much or its very low for one area ? That is fine for one area, you don't need three. It especially doesn't make sense to split things into differen...
by mducharme
Mon Dec 10, 2018 2:50 am
Forum: Forwarding Protocols
Topic: Is it possible to host 2 web servers within the same public IP address
Replies: 8
Views: 1119

Re: Is it possible to host 2 web servers within the same public IP address

As I only count with one public IP address I want to know if it’s possible to dst-nat port 443/80 to server1 if firstdomain.com gets requested and to server2 if seconddomain.com gets requested. I have never tried this before, but it might work if you set tls-host for the NAT rule for firstdomain.co...
by mducharme
Sat Dec 08, 2018 10:06 am
Forum: Forwarding Protocols
Topic: ospf summarization help [SOLVED]
Replies: 21
Views: 2396

Re: ospf summarization help [SOLVED]

60 ospf installed router and 100 not installed(which is AP or P2p Link) But how many OSPF routes in the routing table? My thought is you probably do not need so many areas, especially if you only have a couple hundred routes. More areas used to be needed with older routers, but those were recommend...
by mducharme
Sat Dec 08, 2018 1:34 am
Forum: Forwarding Protocols
Topic: OSPF loses routes after days
Replies: 23
Views: 2513

Re: OSPF loses routes after days

If they are on different interfaces it would be point-to-point on both sides. ptmp is only if there is a shared subnet (as opposed to a different interface or VLAN) that connects to multiple things in a hub-and-spoke setup. If everything is individual /30's then just use point to point on both sides...
by mducharme
Fri Dec 07, 2018 11:40 pm
Forum: Forwarding Protocols
Topic: ospf summarization help [SOLVED]
Replies: 21
Views: 2396

Re: ospf summarization help [SOLVED]

160 device but ospf not working all of them, for example p2p links connected with /29 , AP's with connected to powerbox with /30. Only power box or Rb1100 works with ospf if AP attached on it or if any p2p link
Then how many OSPF routers and how many routes?
by mducharme
Fri Dec 07, 2018 10:53 pm
Forum: Forwarding Protocols
Topic: ospf summarization help [SOLVED]
Replies: 21
Views: 2396

Re: ospf summarization help [SOLVED]

Please explain what you mean by 160-170 "devices". Do you mean 160-170 OSPF routers (ex. 160 powerboxes)?
by mducharme
Fri Dec 07, 2018 9:36 am
Forum: Forwarding Protocols
Topic: ospf summarization help [SOLVED]
Replies: 21
Views: 2396

Re: ospf summarization help [SOLVED]

If the public IP ranges are mixed randomly in all areas, one solution can be to tunnel the customers back to a central router (or routers) using either VPLS tunnels (preferred) or EoIP tunnels. That central router (or routers) can then have an OSPF stub area with an area range to summarize the adver...
by mducharme
Fri Dec 07, 2018 2:56 am
Forum: Forwarding Protocols
Topic: ospf summarization help [SOLVED]
Replies: 21
Views: 2396

Re: ospf summarization help [SOLVED]

Hi amt, you use an "area range" on router B to summarize the area to other areas. You can create it under Routing->OSPF->Area Ranges.
by mducharme
Wed Dec 05, 2018 11:44 pm
Forum: Forwarding Protocols
Topic: OSPF loses routes after days
Replies: 23
Views: 2513

Re: OSPF loses routes after days

For GRE/EoIP tunnels, we use point to point network type for all such tunnels. In most cases however we use broadcast for wireless backhaul /30's and haven't had any problems, so we haven't bothered to change them to point-to-point (even though point-to-point is considered to be a bit better in that...
by mducharme
Wed Dec 05, 2018 6:36 pm
Forum: Forwarding Protocols
Topic: OSPF loses routes after days
Replies: 23
Views: 2513

Re: OSPF loses routes after days

So the suggestion here is to do it more like this? /routing ospf instance set [ find default=yes ] router-id=10.255.0.16 /routing ospf network add area=backbone network=2.2.2.2/30 add area=backbone network=10.16.0.0/24 add area=backbone network=10.255.0.0/24 add area=backbone network=2.2.2.44/30 Ye...
by mducharme
Wed Dec 05, 2018 1:32 pm
Forum: Forwarding Protocols
Topic: OSPF loses routes after days
Replies: 23
Views: 2513

Re: OSPF loses routes after days

How many routes do you have? We have not experienced this issue at all with OSPFv2 with 450 OSPFv2 routes and 130 routers. It's been completely stable.
by mducharme
Wed Dec 05, 2018 1:22 pm
Forum: General
Topic: IPv6 fe80 address get changed on every reboot
Replies: 4
Views: 514

Re: IPv6 fe80 address get changed on every reboot

I have a static route on my router from my ISP that routes a /54 to my Mikrotik. I can only route on my fe80 address, so now i have to change my routes every time my Mikrotik reboots. Manually set the MAC on the bridge interface, then the fe80 address should not change. The fe80 address is derived ...
by mducharme
Wed Dec 05, 2018 4:22 am
Forum: Forwarding Protocols
Topic: OSPF loses routes after days
Replies: 23
Views: 2513

Re: OSPF loses routes after days

Normally you would add network statements for your customer subnets, not redistribute them. This will advertise them to the other routers as a regular LSA instead of an external LSA. The way you are doing it is really not recommended.
by mducharme
Tue Dec 04, 2018 6:15 pm
Forum: Forwarding Protocols
Topic: OSPF loses routes after days
Replies: 23
Views: 2513

Re: OSPF loses routes after days

Why are you redistributing everything? Why not add everything as OSPF networks? That may not be the cause of your problem, but OSPF is quite stable for us, and we do very little redistribution. Redistributing things in general is not recommended if there is a better way. Everything that is redistrib...
by mducharme
Sun Dec 02, 2018 4:22 am
Forum: Beginner Basics
Topic: One /25 public subnet for 100 vlans without 1:1 nat?
Replies: 3
Views: 455

Re: One /25 public subnet for 100 vlans without 1:1 nat?

Don't do it as different VLANs - use layer 2 isolation to isolate the different customers, then enable "local-proxy-arp" and disable the sending of redirects to allow the customers to contact each other through the router again.
by mducharme
Thu Nov 29, 2018 9:10 am
Forum: General
Topic: Queue Tree Upload
Replies: 15
Views: 1764

Re: Queue Tree Upload

Whenever I have done hierarchical queue tree setups like that, I have never had a packet-mark set for the parent, it is always unset (i.e. !packet-mark yes but NOT packet-mark=no-mark). Only child queues with no children of their own have a packet mark generally. I'm not sure what happens if a queue...
by mducharme
Thu Nov 29, 2018 8:57 am
Forum: General
Topic: Queue Tree Upload
Replies: 15
Views: 1764

Re: Queue Tree Upload

Have you disabled the fasttrack-connection rules in IP->Firewall->Filter?
by mducharme
Mon Nov 26, 2018 2:57 am
Forum: Forwarding Protocols
Topic: [Solved] Routing of Traffic from Switch with Port Isolation
Replies: 5
Views: 1099

Re: [Solved] Routing of Traffic from Switch with Port Isolation

Have you tried turning off "send redirects" in IP->Settings? With Cisco devices, enabling local proxy arp disables redirects on that interface, but it looks like MikroTik may not do that by default, based on your output.
by mducharme
Sat Nov 24, 2018 7:58 am
Forum: Announcements
Topic: v6.43.4 [stable] is released!
Replies: 78
Views: 22678

Re: v6.43.4 [stable] is released!

Additionally invert-match=no (default) and set-bgp-prepend-path="" (default) are also added for every newly created rule by default When I create a new routing filter rule on my home router (running 6.43.4) it does not have those added for every newly created rule by default. I'm not sure how you a...
by mducharme
Fri Nov 23, 2018 9:13 pm
Forum: Announcements
Topic: v6.43.4 [stable] is released!
Replies: 78
Views: 22678

Re: v6.43.4 [stable] is released!

Already tried that, no difference. From my perspective a reject rule without any attributes (inculding address-family) should always reject everything. address-family="" on the reject rule would only reject routes where address-family = NULL, which should never be true. If you want it to reject any...
by mducharme
Fri Nov 23, 2018 9:00 pm
Forum: Announcements
Topic: v6.43.4 [stable] is released!
Replies: 78
Views: 22678

Re: v6.43.4 [stable] is released!

Why are the /32 routes installed and active? Seems like the prefix-length=16-24 filter attribute is handled incorrectly.
Already contacted MT support two days ago, no reply yet.
I think the address-family="" in your reject rule is probably causing it to not match anything.
by mducharme
Wed Nov 21, 2018 10:49 am
Forum: General
Topic: 1500 L3 MTU on a Mikrotik PPPoE Server
Replies: 4
Views: 622

Re: 1500 L3 MTU on a Mikrotik PPPoE Server

You need max-mtu=1500 max-mru=1500 set on both client and server for RFC4638 to work. If it is only set on the server, the client will still use 1480 or 1492.
by mducharme
Tue Nov 20, 2018 8:43 am
Forum: Announcements
Topic: v6.42.10 [long-term] is released!
Replies: 25
Views: 10746

Re: v6.42.10 [long-term] is released!

Thank you very much for this! With the bridge VLAN filtering memory leak fix, we can now test this for rollout on our network to replace the older 6.40.x long-term release.
by mducharme
Mon Nov 19, 2018 6:35 pm
Forum: Forwarding Protocols
Topic: BGP Filter
Replies: 3
Views: 620

Re: BGP Filter

Have you applied that as the in-filter in the properties for the BGP peer?
by mducharme
Sat Nov 17, 2018 8:58 am
Forum: Forwarding Protocols
Topic: OSPF - BGP - Route Reflector
Replies: 8
Views: 1429

Re: OSPF - BGP - Route Reflector

I need the Edge router to prefer the OSPF because I do not want to route traffic through the reflector. Could you simply establish additional peerings between the access and edge routers besides the reflector? Having a reflector doesn't necessarily mean that everything has to be peered only with th...
by mducharme
Fri Nov 16, 2018 10:15 pm
Forum: Forwarding Protocols
Topic: OSPF - BGP - Route Reflector
Replies: 8
Views: 1429

Re: OSPF - BGP - Route Reflector

Correct.. the access routers are also running bgo for customers to peer with. I also have a total of 8 upstream peers and 3 downstream. That's why I am building the route reflectors. To improve scaling. OK.. well then as a thought, why not use a routing filter to set the distance for the route? Tha...
by mducharme
Fri Nov 16, 2018 10:06 pm
Forum: Forwarding Protocols
Topic: [Solved] Routing of Traffic from Switch with Port Isolation
Replies: 5
Views: 1099

Re: Routing of Traffic from Switch with Port Isolation

2. What I want can only be realized with a firewall running on the switch. Not true - you can do this by enabling "local-proxy-arp" on the interface or bridge interface or VLAN interface on the MikroTik that the hosts are on. This should enable communication between the hosts with isolation on the ...
by mducharme
Fri Nov 16, 2018 5:15 am
Forum: Forwarding Protocols
Topic: OSPF - BGP - Route Reflector
Replies: 8
Views: 1429

Re: OSPF - BGP - Route Reflector

Why not use one public AS for your edge routers (presumably doing BGP with the outside world), and a private AS for the access routers, and eBGP between them? Then you don't need route reflection. Or do the access routers need to peer with customers over the public AS?
by mducharme
Mon Nov 12, 2018 7:19 pm
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 119
Views: 26102

Re: v6.42.9 [long-term] is released!

Any change of an updated long-term version soon that fixes the bridge VLAN filtering memory leak bug?
by mducharme
Tue Nov 06, 2018 6:04 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 84074

Re: v6.44beta [testing] is released!

I see some complaining about MS-CHAPv2 support in Winbox. We like the MS-CHAPv2 support for Winbox because it allows us to no longer have to store the passwords unencrypted on the authentication server, so I hope it is retained in some way. We do not wish to go back to regular CHAP in our case.
by mducharme
Sun Nov 04, 2018 10:54 pm
Forum: Forwarding Protocols
Topic: BGP IPv6 route reflection
Replies: 27
Views: 4585

Re: BGP IPv6 route reflection

IPv6 route reflection still doesn't work and it's causing a lot of troubles in our network. Is it really the only option to wait for ROS v7? Route reflection works fine here with v4 and v6 -- we also have separate peers for v4 and v6 with route reflection in at least one case, and it works. However...
by mducharme
Tue Oct 30, 2018 3:01 am
Forum: Forwarding Protocols
Topic: Which area for PPPoE Server ? [SOLVED]
Replies: 28
Views: 3118

Re: Which area for PPPoE Server ? [SOLVED]

Yes, you should use a stub area for PPPoE. We have multiple concentrators in different places and so we use a stub area on each, we have the router ID double as the area ID for the stub area so that we don't need to separately track the stub areas. Do not put the customers in the backbone or you wil...
by mducharme
Thu Oct 25, 2018 2:45 am
Forum: Announcements
Topic: v6.43.4 [stable] is released!
Replies: 78
Views: 22678

Re: v6.43.4 [stable] is released!

mducharme - Can you provide more details about the problem that you have? Preferably over e-mail to support@mikrotik.com? Provide supout file from your DHCPv6 server and more details about the problem - which client was trying to connect and did not receive a prefix, was the exact same configuratio...
by mducharme
Sat Oct 20, 2018 2:37 am
Forum: General
Topic: Report "Delegated-IPv6-Prefix" attribute for PPPoE
Replies: 200
Views: 39517

Re: Report "Delegated-IPv6-Prefix" attribute for PPPoE

I did a test yesterday, it worked again as it worked in version 6.42.7, but I still can not get radius to assign the pools, it is still necessary to create the pools in mikrotik. In my understanding nothing new, since the interests us is the full integration with the radius, not to create several p...
by mducharme
Fri Oct 19, 2018 4:01 am
Forum: Announcements
Topic: v6.43.4 [stable] is released!
Replies: 78
Views: 22678

Re: v6.43.4 [stable] is released!

*) dhcpv6-server - fixed dynamic binding addition on solicit when IA_PD does not contain prefix (introduced in v6.43); *) dhcpv6-server - recreate DHCPv6 server binding if it is no longer within prefix pool when rebinding/renewing; Are you sure this is fixed? I just upgraded and am still having the...
by mducharme
Fri Oct 19, 2018 2:19 am
Forum: Wireless Networking
Topic: Wireless router in every hotel room
Replies: 28
Views: 2891

Re: Wireless router in every hotel room

But... @mducharme... You don't think we would plug the cAP to the main switch with a network cable going from outside the room, to the AP along the ceiling, do you? Why would we for the phone :lol: We would dig a path in the concrete from outside to somewhere in the room (for instance, to the curre...
by mducharme
Thu Oct 18, 2018 11:07 pm
Forum: Wireless Networking
Topic: Wireless router in every hotel room
Replies: 28
Views: 2891

Re: Wireless router in every hotel room

[...] the phones would be connected to the AP. If we buy half the AP at the beginning, then we will plug the phones with the APs. You're going to plug the phones into the ceiling? :shock: That would look a bit strange having a network cable going up the wall and into the cAP, doesn't really say fiv...
by mducharme
Thu Oct 18, 2018 7:30 pm
Forum: Wireless Networking
Topic: Wireless router in every hotel room
Replies: 28
Views: 2891

Re: Wireless router in every hotel room

What is sure, is that every room will have its own cable to a switch. If we end up buying half the APs, we will still connect the phones directly to a PoE switch. The wsAP isn't the best choice because apparently there is no way to close the panel and seal it when a cable is plugged (as far as I un...
by mducharme
Thu Oct 18, 2018 9:02 am
Forum: General
Topic: Can't upgrade Router ( solved )
Replies: 13
Views: 8365

Re: Can't upgrade Router

At this point I would probably recommend a netinstall to a 6.36 or 6.37 release and restore the config on that version, then upgrade to a newer release.
by mducharme
Thu Oct 18, 2018 5:36 am
Forum: Wireless Networking
Topic: Wireless router in every hotel room
Replies: 28
Views: 2891

Re: Wireless router in every hotel room

Going 2.4GHz only is *very* risky, since then you are designing it for current minimum bandwidth and not future, and assuming that nobody else will add more 2.4GHz AP's in the area. If you have 2.4GHz in every room, you are going to have to lower the power substantially to help get rid of interferen...
by mducharme
Thu Oct 18, 2018 4:45 am
Forum: General
Topic: Can't upgrade Router ( solved )
Replies: 13
Views: 8365

Re: Can't upgrade Router

Hello,

Try intermediate upgrade to 6.37.x and report back. 6.37.x changed the wireless package names, so it might be that an upgrade from before 6.37 to 6.40.x doesn't work because of that.
by mducharme
Wed Oct 17, 2018 5:12 am
Forum: General
Topic: Can't upgrade Router ( solved )
Replies: 13
Views: 8365

Re: Can't upgrade Router

Can you share a screenshot of System->Packages? And, to confirm, you are uploading the npk file and rebooting and it isn't upgrading?

Also, as a suggestion, you can try upgrading to some interim release first, ex. 6.40.9
by mducharme
Wed Oct 17, 2018 2:14 am
Forum: General
Topic: Severe Performance Drop RB3011 [SOLVED]
Replies: 33
Views: 2202

Re: Severe Performance Drop RB3011 [SOLVED]

"Fast Forward" shouldn't make a difference, it is only for two port bridges.

You are doing a lot of stuff on that router, ex. the PCQ, but I would not expect it to be hitting a throughput limit at 30% CPU. Are you sure you have been upgrading the firmware along with the RouterOS version?
by mducharme
Mon Oct 15, 2018 12:24 am
Forum: General
Topic: WISP OSPF MPLS VPLS Problem
Replies: 1
Views: 319

Re: WISP OSPF MPLS VPLS Problem

Why do you even want VPLS tunnels on the client radios? If you have pppoe and you set up vpls on the client radio that means you need one vpls tunnel per pppoe customer, which seems excessive.
by mducharme
Sun Oct 14, 2018 10:40 pm
Forum: General
Topic: TR-069 Genieacs
Replies: 3
Views: 1288

Re: TR-069 Genieacs

If you wish to make the same change to many devices, then making the change via a GenieACS preset is probably the best way of doing it. This is possible if the parameter you wish to change is exposed in the TR-069 tree. Yes, this is what my actual purpose is. Is there a manual or something? Where c...
by mducharme
Sat Oct 13, 2018 4:45 am
Forum: General
Topic: Severe Performance Drop RB3011 [SOLVED]
Replies: 33
Views: 2202

Re: Severe Performance Drop RB3011 [SOLVED]

Going off of MikroTik's test results I figured the 3011 would be more than sufficient: Their test in routing with 25 ip filter rules shows a result of 2,453.1 Mbps. Granted, this is not with queuing. But is queuing really this hard on the available horsepower? For test results that approximate real...
by mducharme
Sat Oct 13, 2018 3:22 am
Forum: General
Topic: TR-069 Genieacs
Replies: 3
Views: 1288

Re: TR-069 Genieacs

What I am trying to accomplish is, I have almost 100 routers in field. And making a small change is very painful. Can anyone please guide me or point me to the right direction on how to use ACS/TR-069, that I do the settings on ACS and all the routers, whenever they come online, get the setting and...
by mducharme
Fri Oct 12, 2018 10:02 pm
Forum: Forwarding Protocols
Topic: uTorrent not working
Replies: 3
Views: 519

Re: uTorrent not working

i'm using by default configure... just connect PPPoE connection settings nothing else. what I need to do for run utorrent as well? Check your UPnP settings, it might be that the port forwarding is not working. If you have set up PPPoE, perhaps UPnP is configured to use the wrong external interface ...
by mducharme
Fri Oct 12, 2018 12:21 am
Forum: Beginner Basics
Topic: single ip address doesnt work
Replies: 4
Views: 458

Re: single ip address doesnt work

If I remember correctly we tried using that ip testing of dhcp, but removed the dhcp months ago. From what your wrote Im guessing you rebooted the router to clear everything, or do I need to upgrade to newest release? No, we simply rebooted it to clear the cache. We didn't want to because it takes ...
by mducharme
Thu Oct 11, 2018 10:21 pm
Forum: Beginner Basics
Topic: single ip address doesnt work
Replies: 4
Views: 458

Re: single ip address doesnt work

What would cause one single ip address not to work? The mikrotik assigns the ip address to the modem but I am not able to surf the web. All other ip addresses in the block work except this one ip. We use PPPoE if that makes a difference. Thanks Kevin Hello, If the issue follows the IP, check for fi...
by mducharme
Thu Oct 11, 2018 8:57 pm
Forum: General
Topic: UBNT UNMS with Traffic Flow
Replies: 1
Views: 1225

Re: UBNT UNMS with Traffic Flow

UNMS is supporting NETFLOW This router is supporting 500 Customers if I enable Traffic flow on the Mikrotik Cloud core will it create a reboot? any issues to be aware of? running 6.34.4 yes I know its way outdated I have a 2nd unit with config and updated firmware we just can't afford downtime yet ...
by mducharme
Thu Oct 11, 2018 4:52 am
Forum: General
Topic: switching from L2TP/IPSEC to IKEv2/IPSEC interface?
Replies: 13
Views: 4484

Re: switching from L2TP/IPSEC to IKEv2/IPSEC interface?

Ideally I'd like it to operate as another virtual interface so I can dynamically add the default gateway route with the preferable metric when the interface is up (and then if the interface drops I can fall back to the direct-to-ISP default route) The config is working fine (both with the current L...
by mducharme
Wed Oct 10, 2018 7:56 pm
Forum: General
Topic: queue problem
Replies: 16
Views: 1210

Re: queue problem

it is working on egress side if you select "packet marks = no-mark" Good! Queue trees only control egress. If you want to control ingress, a workaround is to put a queue tree on a different interface or different device. We put a queue tree on our core router to control customer download and a queu...
by mducharme
Tue Oct 09, 2018 3:38 am
Forum: Forwarding Protocols
Topic: DSCP policy based routing?
Replies: 2
Views: 494

Re: DSCP policy based routing?

It sounds to me like it ought to work, but I would recommend setting up a test lab in GNS3 or something similar to be sure.
by mducharme
Tue Oct 09, 2018 2:40 am
Forum: General
Topic: queue problem
Replies: 16
Views: 1210

Re: queue problem

Could you please point out what is wrong in my code or if there is some typical catch for queue trees? Yes, I am sure - I believe it isn't working for you because you are missing the setting "packet-mark=no-mark" from the queue trees. Having packet mark unset is only a valid configuration where tha...
by mducharme
Mon Oct 08, 2018 9:06 pm
Forum: General
Topic: queue problem
Replies: 16
Views: 1210

Re: queue problem

Thank you for all of your answer, All of circuits are L2, There is no such ip address and router in our backbone. we can`t use vpls or pseudowire. all devices are l2 switch and connect with the fibre cable. we all want to do rate-limiting all of vlan please click link to see diagram. http://higgs.g...
by mducharme
Mon Oct 08, 2018 8:46 pm
Forum: General
Topic: Report "Delegated-IPv6-Prefix" attribute for PPPoE
Replies: 200
Views: 39517

Re: Report "Delegated-IPv6-Prefix" attribute for PPPoE

Does this mean 6.44 will finally support running a dual-stack PPPoE server with RADIUS auth? Or are these fixes still only for DHCP? That fix is for everything, but 6.44 only currently supports the attribute over DHCPv6, not PPP tunnels I would hope that they are adding support for the attribute to...
by mducharme
Sat Oct 06, 2018 9:36 pm
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 119
Views: 26102

Re: v6.42.9 [long-term] is released!

But maybe it is like you said and it only works for routers that are running almost default configuration. I somewhat doubt that this is what MikroTik intended. I would send them your previous config so they can try to figure out why their conversion routine failed with your setup. Maybe they can i...
by mducharme
Fri Oct 05, 2018 11:32 pm
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 39154

Re: v6.43.1 [stable] and v6.43.2 [stable] are released!

Appearently there is a memory leak since changelog 6.44beta17 (2018-Oct-04 09:42) states: "*) bridge - fixed possible memory leak when VLAN filtering is used;" I had VLAN filtering turned on... on my hap ac The ones who monitored stable memory usage, did you have VLAN filtering on? 6.42.7 is still ...
by mducharme
Thu Oct 04, 2018 11:56 pm
Forum: General
Topic: queue problem
Replies: 16
Views: 1210

Re: queue problem

The queue does not catch any traffic if the ports are under the bridge. /queue simple add max-limit=10M/10M name=queue1 queue=pcq-upload-default/pcq-download-default target=bridge1 Hi, This is normal behavior, simple queues do not operate when an interface is the target, unless it is a point to poi...
by mducharme
Thu Oct 04, 2018 10:26 pm
Forum: Forwarding Protocols
Topic: IPSEC and routing issue
Replies: 6
Views: 770

Re: IPSEC and routing issue

I haven't had enough experience with complicated IPsec designs to know if this is normal behavior or not. Someone else may have a better workaround, but I had an idea that might work. You could possibly create a mangle rule that applies a routing mark if the packet is ipsec encrypted, to force it to...
by mducharme
Thu Oct 04, 2018 5:14 am
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 39154

Re: v6.43.1 [stable] and v6.43.2 [stable] is released!

My hap ac has still memory leak and crashes even in 6.43.2 not really stable kernel failure in previous boot out of memory condition was detected I also have instabilities with my hap AC, crashing every week, although I wasn't graphing memory usage before so I can't be sure there is a leak on mine....
by mducharme
Wed Oct 03, 2018 9:12 pm
Forum: General
Topic: Router won't install update
Replies: 7
Views: 1566

Re: Router won't install update

Saw another with the same sort of issue. Replaced it rather than waste time. When the 1st unit comes back to me... I will take a closer look. Field tech is going to swap for one I have at the office. Failure to upgrade is probably due to one of three reasons: - (Most likely) one or more extra packa...
by mducharme
Wed Oct 03, 2018 9:05 pm
Forum: General
Topic: Remote (L2TP/IPsec) clients still isolated, how we cam allow smb/rdp access between them?
Replies: 41
Views: 3539

Re: Remote (L2TP/IPsec) clients still isolated, how we cam allow smb/rdp access between them?

I haven't really worked with SSTP very much. I am actually wondering - why are you using both? You could just use L2TP/IPsec for all clients instead of a mix of L2TP and SSTP. SSTP probably will not perform quite as well as L2TP/IPsec.
by mducharme
Tue Oct 02, 2018 6:44 pm
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 119
Views: 26102

Re: v6.42.9 [long-term] is released!

Reading is underrated, as statement to have 2x bridges on the same switch chip on RB2011 seemed too unrealistic, my brain didn't registered that, why the hell would you need setups like this, if you can have it all in one hw bridge/switch and configure port isolation? I do not know why @vortex has ...
by mducharme
Tue Oct 02, 2018 6:26 pm
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 119
Views: 26102

Re: v6.42.9 [long-term] is released!

Wrong What? You are saying on a 2011 with 6.40.x you could have 4 master ports? Two master ports per switch chip? I have never seen this work with a MikroTik SOHO device, they normally only support one master port per switch chip (so 2 master ports on the 2011). And I could similarly have four brid...
by mducharme
Tue Oct 02, 2018 6:12 pm
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 119
Views: 26102

Re: v6.42.9 [long-term] is released!

I have one bridge on the gigabit chip and 2 bridges on the fast chip.
If you have two bridges on one chip it will only be able to hardware accelerate one of those two bridges (this was also the case before, where you could only have one master port per switch chip).
by mducharme
Tue Oct 02, 2018 5:20 pm
Forum: General
Topic: Report "Delegated-IPv6-Prefix" attribute for PPPoE
Replies: 200
Views: 39517

Re: Report "Delegated-IPv6-Prefix" attribute for PPPoE

Looks like it is fixed in the 6.44 beta:

viewtopic.php?f=21&t=139057&start=50#p689985
*) dhcpv6-server - recreate DHCPv6 server binding if it is no longer within prefix pool when rebinding/renewing;
by mducharme
Tue Oct 02, 2018 5:13 pm
Forum: General
Topic: Setting up public IPv6 addresses - best approach
Replies: 5
Views: 484

Re: Setting up public IPv6 addresses - best approach

So, do we tunnel out and if so which tunnel? There is just about zero info out there on IPv6. IPv4 is old hat but, routing v6 is new for me and I am finding getting our presence on the internet a challenge. It is pretty easy actually, just get a free BGP tunnel from Hurricane Electric tunnelbroker ...
by mducharme
Tue Oct 02, 2018 10:44 am
Forum: Beginner Basics
Topic: Help - Traffic not visible in Queue Tree
Replies: 6
Views: 647

Re: Help - Traffic not visible in Queue Tree

Each packet can only have one mark. An additional mark will replace the first mark.
by mducharme
Tue Oct 02, 2018 9:39 am
Forum: General
Topic: RB750GL 6.38.1 don't upgrading
Replies: 3
Views: 635

Re: RB750GL 6.38.1 don't upgrading

Try an older upgrade first (ex. to 6.40.9), and make sure you have enough free space on the router to upgrade. If the router has too little space it can refuse to upgrade and will leave the files untouched.
by mducharme
Tue Oct 02, 2018 8:29 am
Forum: General
Topic: Setting up public IPv6 addresses - best approach
Replies: 5
Views: 484

Re: Setting up public IPv6 addresses - best approach

Thanks Trema, I will have a look. My advice is don't reserve too little for your internal use. We have a /32 and are an ISP, we have half of that allocated to internal stuff and half allocated to customers. The internal stuff is things like management IPs for radios, servers, internal IPs for staff...
by mducharme
Tue Oct 02, 2018 8:20 am
Forum: Beginner Basics
Topic: RADIUS on Different Subnet
Replies: 5
Views: 659

Re: RADIUS on Different Subnet

Greetings I only added 1 RADIUS Server (10.20.0.65) I added similar configuration from 10.20.0.1 router to the 10.20.2.1 router You misunderstand what I am saying. RADIUS servers normally ignore requests from all routers except those routers that have been defined as NAS units in the RADIUS server ...
by mducharme
Tue Oct 02, 2018 7:14 am
Forum: Beginner Basics
Topic: RADIUS on Different Subnet
Replies: 5
Views: 659

Re: RADIUS on Different Subnet

The RADIUS server generally needs to have the NAS IP configured, you probably added the IP of your first NAS but not the second one. The default for most RADIUS servers is to only reply to requests from known NAS IP's.
by mducharme
Tue Oct 02, 2018 5:34 am
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 119
Views: 26102

Re: v6.42.9 [long-term] is released!

Point is that the old function is binned too soon for industrial/production environments. And auto-convert, even when it works, is just not enough in those cases. In these environments the upgrade requires extensive investments in testing, documentation, re-certification.... In general, what those ...
by mducharme
Tue Oct 02, 2018 3:43 am
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 119
Views: 26102

Re: v6.42.9 [long-term] is released!

The L2 MTU did not fix Winbox. I had used IP to upload. There are no switches. I deleted all the Bridge config, and no bridge was added. The Firewall config still shows empty. And no connectivity. I rolled back again. Send MikroTik a supout from your device, I'm sure they will want to fix the auto ...
by mducharme
Tue Oct 02, 2018 3:15 am
Forum: General
Topic: Report "Delegated-IPv6-Prefix" attribute for PPPoE
Replies: 200
Views: 39517

Re: Report "Delegated-IPv6-Prefix" attribute for PPPoE

Good afternoon everyone, In fact, in my tests, the DHCPv6 PD pool no longer works. Either by mikrotik in the ppp profile or via radius the way I used it here. I have done all the tests in this version, this option is not functional, the DUAL-STACK clients do not receive the prefix via DHCPv6 via DP...
by mducharme
Tue Oct 02, 2018 3:11 am
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 119
Views: 26102

Re: v6.42.9 [long-term] is released!

I changed the L2 MTU to 1500. I think because of the Airport Extreme.
Can you clarify what you meant by deactivated bridges - did you have a bridge created but it was disabled? Maybe this is why the conversion failed, if it wasn't expecting this.
by mducharme
Tue Oct 02, 2018 3:01 am
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 119
Views: 26102

Re: v6.42.9 [long-term] is released!

I have 1500 as MTU. Are you sure? The default MTU (i.e. layer 3 MTU is 1500) but the default Layer 2 MTU is 1598 (unless you have changed the layer 2 MTU from the default), since MAC winbox is layer 2 it will send the larger 1598 frames and those may get dropped on their way to the Winbox client on...
by mducharme
Tue Oct 02, 2018 2:55 am
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 119
Views: 26102

Re: v6.42.9 [long-term] is released!

Maybe the firewall config is not deleted, just Winbox not showing it, as sometimes everything appears empty. Winbox also disconnects frequently. I cannot even upload. I always use Webfig, but I cannot connect even with the fixed IP. Are you using MAC winbox to connect currently, and it is something...
by mducharme
Tue Oct 02, 2018 2:46 am
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 119
Views: 26102

Re: v6.42.9 [long-term] is released!

The upgrade does not work. Also, this update does not appear on the bugfix channel. I had to upload the package. That's strange, it appears on the bugfix channel for me in "check for updates" on the device. And it certainly should not delete the firewall config, you should open a support ticket. Th...
by mducharme
Tue Oct 02, 2018 2:40 am
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 119
Views: 26102

Re: v6.42.9 [long-term] is released!

Yes, there are some major misunderstandings regarding VLANs with hardware offload in 6.41+. The bottom line is that if you pretend that the new bridge VLAN options do not exist and do not use them, and you set up VLANs the old way using the switch (which still works), you should continue to have har...
by mducharme
Tue Oct 02, 2018 12:47 am
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 119
Views: 26102

Re: v6.42.9 [long-term] is released!

I tried using bridge on my 2011 before and it was too slow. Does this mean I can no longer update my router? It shouldn't be slower than before as long as hardware-offload is working. If hardware offload works, performance should be the same as 6.40.x. If you find there is a big performance drop, a...
by mducharme
Mon Oct 01, 2018 2:46 am
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 39154

Re: v6.43.1 [stable] and v6.43.2 [stable] is released!

My hap ac has still memory leak and crashes even in 6.43.2 not really stable kernel failure in previous boot out of memory condition was detected I also have instabilities with my hap AC, crashing every week, although I wasn't graphing memory usage before so I can't be sure there is a leak on mine....
by mducharme
Fri Sep 28, 2018 11:41 pm
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 39154

Re: v6.43.1 [stable] and v6.43.2 [stable] is released!

It has now been nearly three weeks since 6.43 was released and DHCPv6 PD server over PPP is still completely broken, preventing all PPP clients from getting IPv6. Is a fix coming soon? It is a rather critical issue.
by mducharme
Fri Sep 28, 2018 11:21 pm
Forum: General
Topic: Report "Delegated-IPv6-Prefix" attribute for PPPoE
Replies: 200
Views: 39517

Re: Report "Delegated-IPv6-Prefix" attribute for PPPoE

6.43 version introduces this feature for DHCP service. You are trying to use it with PPP service. Currently such feature is not supported. I dont understand why the Mikrotik-IPv6-Delagated-Pool stop to working in this version while workinkg in previous version, if Mikrotik only introduces the new f...
by mducharme
Thu Sep 27, 2018 10:55 pm
Forum: General
Topic: IPV6 over PPPoE prefix expiry longer than IPv4 lease
Replies: 5
Views: 594

Re: IPV6 over PPPoE prefix expiry longer than IPv4 lease

So is there anything I can do to force the DHCPv6 client to release and renew its lease whenever the PPPoE connection gets established? Another possibly related bug with the DHCPv6 client is that it doesn't acquire a prefix immediately after the PPPoE connection comes up, it just hangs at "rebindin...
by mducharme
Thu Sep 27, 2018 8:12 am
Forum: General
Topic: Site to Site L2TP VOIP
Replies: 21
Views: 1438

Re: Site to Site L2TP VOIP

I connected my 2 mikrotiks router through L2TP connection, My PBX server on my OfficeA and My Phone is in my OfficeB, The problem is when i try to make call to each other there is no audio for both side. My OfficeB cannot connect to my PBX Server in OfficeA through NAT via My Public IP(I don't know...
by mducharme
Thu Sep 27, 2018 3:05 am
Forum: General
Topic: IPV6 over PPPoE prefix expiry longer than IPv4 lease
Replies: 5
Views: 594

Re: IPV6 over PPPoE prefix expiry longer than IPv4 lease

There is no "IPv4 lease time" in this case. PPPoE uses IPCP to give an IPv4 address. This address is allocated until the customer disconnects. The only way of shortening this period is by actually forcing a disconnect of the customer. Your ISP must be doing this every two days, and your DHCPv6 clien...
by mducharme
Tue Sep 25, 2018 8:22 pm
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 39154

Re: v6.43.1 [stable] and v6.43.2 [stable] is released!

Is there any information on correcting the error "Delegated-IPv6-Prefix" attribute for PPPoE? The problem is bigger than just the Delegated-IPv6-Prefix - from my testing, DHCPv6 prefix delegation is basically entirely broken, at least with PPP connections, whether or not RADIUS is used. Only if the...
by mducharme
Tue Sep 25, 2018 8:24 am
Forum: Forwarding Protocols
Topic: OSPF: No ping to backbone [SOLVED]
Replies: 17
Views: 1352

Re: OSPF: No ping to backbone [SOLVED]

Sorry for delayed edit! The problem is now solved. I don't know why now, but in some cases I have seen delayed reactions on some lower level Mikrotik routers (like RB750).
Excellent! Glad that helped. It is not always unusual for there to be a delay when making major routing changes.
by mducharme
Tue Sep 25, 2018 8:17 am
Forum: Forwarding Protocols
Topic: OSPF: No ping to backbone [SOLVED]
Replies: 17
Views: 1352

Re: OSPF: No ping to backbone [SOLVED]

Anyway, it seems that turning static redistribution off doesn't solve my problem. Even putting all networks in backbone area doesn't fix pinging problem. Subnets behind routers are always pingable and other IPs are not! The only pingable hop other than HQ is 172.16.2.6 (HAS's PPTP end to HQ). If yo...
by mducharme
Tue Sep 25, 2018 5:31 am
Forum: General
Topic: IPv6 client problems with bonded WAN
Replies: 5
Views: 519

Re: IPv6 client problems with bonded WAN

I tried the release the DHCPv6 lease and disabled the client before it renewed... restarted the modem set up bonding all over again.. kind of the same result when I request an address and prefix it just sits at searching forever... but now when I request only an address it binds instantly like it d...
by mducharme
Tue Sep 25, 2018 2:28 am
Forum: General
Topic: Is RouterOS Blocking VPN? (Noob In need)
Replies: 3
Views: 375

Re: Is RouterOS Blocking VPN? (Noob In need)

Thank you for the response. I am not running a default configuration however, I do have the allow established and related configured in the filter section of the firewall. Might there be more required in order to get this working or at least eliminate the config/router from the problem? No, not rea...
by mducharme
Tue Sep 25, 2018 2:20 am
Forum: Wireless Networking
Topic: WAP ac 5GHz issues with iPhone XS
Replies: 142
Views: 17952

Re: WAP ac 5GHz issues with iPhone XS

I notice you don't have a country set for your wireless interface. You should set that, otherwise the interface may be able to select a frequency that is not allowed in your country and the phone may then refuse to connect. There are other potential issues, but that jumps out as a possibility.
by mducharme
Tue Sep 25, 2018 2:13 am
Forum: General
Topic: Is RouterOS Blocking VPN? (Noob In need)
Replies: 3
Views: 375

Re: Is RouterOS Blocking VPN? (Noob In need)

Do I need to set up anything in the ipsec area of the router if I am not actually using the router to connect to the client. I would like to just connect my Linux pc to my company hosted vpn server. Again I am not looking to connect my router as the client or connect directly to another router that...
by mducharme
Tue Sep 25, 2018 1:52 am
Forum: Forwarding Protocols
Topic: IPv6 recursive nexthops via iBGP
Replies: 108
Views: 23711

Re: IPv6 recursive nexthops via iBGP

As you state the advertise option is not needed and was most probably only effecting a change by it flapping the IPv6 address when applying the change. Problem resurfaces if the layer 2 VPLS tunnels re-establish and automatically get removed and added to the bridge, thereby changing its MAC address...
by mducharme
Mon Sep 24, 2018 7:47 pm
Forum: General
Topic: IPv6 client problems with bonded WAN
Replies: 5
Views: 519

Re: IPv6 client problems with bonded WAN

to create the bond, I just make a bonding interface, assign ether1 and ether2 as slaves with LACP and mii as the the link monitoring then change all my references to ether1 to the bonding interface as soon as I do this my DHCPv6 client goes into "searching" status and never moves from that. when it...
by mducharme
Mon Sep 24, 2018 7:32 pm
Forum: Forwarding Protocols
Topic: OSPF: No ping to backbone [SOLVED]
Replies: 17
Views: 1352

Re: OSPF: No ping to backbone [SOLVED]

Thanks for spending time on this issue. I have already tried tracing and the only hops I see are 134.30 and 134.10. It seems that in some way, 134.30 passes packets destined to backbone back to 134.10 and because 134.10 is already told that these should be handled by 134.30, a loop is formed. Becau...
by mducharme
Mon Sep 24, 2018 12:15 pm
Forum: Forwarding Protocols
Topic: OSPF: No ping to backbone [SOLVED]
Replies: 17
Views: 1352

Re: OSPF: No ping to backbone [SOLVED]

I'm afraid that text-based map doesn't really give the best view of the topology, so I can't really tell for sure where the problem is. What I would recommend is tracing the route manually by going through the routing tables on the various routers to trace the echo request from the source to the des...
by mducharme
Mon Sep 24, 2018 11:38 am
Forum: Forwarding Protocols
Topic: OSPF: No ping to backbone [SOLVED]
Replies: 17
Views: 1352

Re: OSPF: No ping to backbone [SOLVED]

And which router has the IP 172.16.2.41? The non-pingable one has that as the next hop for basically all routes.
by mducharme
Mon Sep 24, 2018 10:56 am
Forum: Forwarding Protocols
Topic: OSPF: No ping to backbone [SOLVED]
Replies: 17
Views: 1352

Re: OSPF: No ping to backbone [SOLVED]

If this was the case, I would have received timeouts, not TTL expired. And, I'm sure that they do have routes to 192.168.134.0/24, as their routing tables explicitly show that. OK. Can you try pinging a backbone IP that is one hop away (on a neighboring router) and if it doesn't work then paste the...
by mducharme
Mon Sep 24, 2018 10:45 am
Forum: Forwarding Protocols
Topic: OSPF: No ping to backbone [SOLVED]
Replies: 17
Views: 1352

Re: OSPF: No ping to backbone [SOLVED]

It can ping ONLY IPs bound to that router, and nothing else.
Then, the most likely problem is that your other routers are probably missing a route to the 192.168.134.0/24 subnet, and can't get the reply packet back to the PC as a result.