Community discussions

MikroTik App

Search found 942 matches

by mducharme
Tue May 26, 2020 8:35 pm
Forum: General
Topic: PPPoE and OSPF drops
Replies: 7
Views: 1251

Re: PPPoE and OSPF drops

Thank you. The current firmware is 6.46.6 which is the current latest stable version. Also watching /tool profile when around 10 pppoe sessions are manually disconnected nothing is spiking up very high, total rarely goes over 10% with none of the individual processes going much higher than 3 or 4%....
by mducharme
Tue May 26, 2020 8:09 pm
Forum: Forwarding Protocols
Topic: [Stability] Multiple PPPoE servers (+10) at the same router - Is there any alternatives?
Replies: 3
Views: 673

Re: [Stability] Multiple PPPoE servers (+10) at the same router - Is there any alternatives?

We use the bridged setup with horizon set. Our PPPoE concentrator has a few special PPPoE servers that need to go to separate RADIUS servers vs. our regular RADIUS servers. As a result each PPPoE server instance needs to have a matching RADIUS server entry with the RADIUS server's Called-ID matching...
by mducharme
Fri May 22, 2020 7:35 pm
Forum: RouterOS v7 BETA
Topic: V7 questions?
Replies: 34
Views: 6388

Re: V7 questions?

One can of course also buy a brand new CSS326 for $139 or a CRS326 for $189 and try to use it with an alternative OS. It would have to be the CRS - the CSS has a much smaller flash that would only admit the comparatively tiny SwOS (2MB instead of 16MB). Even though the CRS *may* work, you are poten...
by mducharme
Fri May 22, 2020 6:19 pm
Forum: RouterOS v7 BETA
Topic: V7 questions?
Replies: 34
Views: 6388

Re: V7 questions?

24 port RJ45 patch panel, for under $30, for example: https://www.ebay.de/itm/19-Patchpanel-Cat-6-250MHz-24-Port-1HE-RJ45-geschirmt-schwarz-1GB-ProfiPatch/252297831908?hash=item3abe1f65e4:g:OvcAAOSwsEteqZ~N Patch panels don't have any electronics at all, they are basically passive pass-thru systems...
by mducharme
Thu May 21, 2020 9:36 pm
Forum: RouterOS v7 BETA
Topic: V7 questions?
Replies: 34
Views: 6388

Re: V7 questions?

@mducharme, it's technically a router with 24+ independent ports. How is this panel with all the ports usually called? I called it simply a "switch panel", but no, it does not need to be a switch. I don't know what you mean by "panel with all the ports". You can buy 4 port PCIe ethernet cards that ...
by mducharme
Thu May 21, 2020 3:44 am
Forum: RouterOS v7 BETA
Topic: V7 questions?
Replies: 34
Views: 6388

Re: V7 questions?

@mducharme, just a switch panel with 24+ GbE ports with PCIe3 x16 interface would do it too: just install the adapter in a PC and connect the panel to that adapter (don't know which type of cabling is used for that), and ready you are: eth0, eth1 ... eth24. But where to find such a switch panel wit...
by mducharme
Tue May 19, 2020 7:47 pm
Forum: RouterOS v7 BETA
Topic: V7 questions?
Replies: 34
Views: 6388

Re: V7 questions?

@mducharme, thanks for your comments, but I already have made my mind up. Outsiders seem to have a hard time to follow my thoughts and requirements. Never mind. Case closed. For one thing you never explained your requirements, they are vague, some "special use-case" and you posted the other thread ...
by mducharme
Tue May 19, 2020 7:29 pm
Forum: RouterOS v7 BETA
Topic: V7 questions?
Replies: 34
Views: 6388

Re: V7 questions?

I already told: I need a central firewall on the switch, not on the router, because of performance reasons, as well to monitor also all the traffic inside the LAN for any possible "anomalies"... "Performance reasons" simply means that your router is not powerful enough and you need a more powerful ...
by mducharme
Tue May 19, 2020 6:54 pm
Forum: RouterOS v7 BETA
Topic: V7 questions?
Replies: 34
Views: 6388

Re: V7 questions?

I need access to Linux for running own code written in C/C++ to implement the low-level part for an own high-performing advanced central firewall on switch devices (not router). Ie. our requirement is a very special use-case, not necessarily a mainline use-case. You have talked about this before, b...
by mducharme
Mon May 18, 2020 8:21 am
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 2787

Re: IPv6 with TunnelBroker: How to create isolated subnets?

Also, please make sure your RouterBOOT firmware is updated in /system routerboard
by mducharme
Mon May 18, 2020 1:03 am
Forum: General
Topic: DHCP offered but never bound
Replies: 3
Views: 750

Re: DHCP offered but never bound

No one has the clue? The device is not accepting the offer. You may have one way communication (broadcast from the device can reach the DHCP server but the response packet from DHCP server cannot reach the device). It is also possible that the device is ignoring the offer because maybe it has gotte...
by mducharme
Sun May 17, 2020 11:17 pm
Forum: General
Topic: PPPoE and OSPF drops
Replies: 7
Views: 1251

Re: PPPoE and OSPF drops

I will watch the /tool profile and see what I can find out when I drop a few of them. I have to do this in maintenance windows since its service affecting for all OSPF to go down, I will report back with my findings. Thank you. Also make sure your Routerboot firmware is up to date in /system router...
by mducharme
Sun May 17, 2020 10:59 pm
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 2787

Re: IPv6 with TunnelBroker: How to create isolated subnets?

One correction to the above - leave pvid at the default of "1" for any bridge ports where they are supposed to be trunk ports to switches, carrying only tagged vlans. Thank you mducharme that's a lot of information to consume. It will take me a while to get that processed through. Meanwhile, I quic...
by mducharme
Sun May 17, 2020 5:55 am
Forum: RouterOS v7 BETA
Topic: UI/UX On WinBox
Replies: 16
Views: 2493

Re: UI/UX On WinBox

It's not just looks vs. functionality, it's also what exactly you want to have. I would not want to give up Winbox by any means - however: I think there is the possibility for wireless configuration that there may be something in between Winbox (individual advanced settings for everything) and Quic...
by mducharme
Sun May 17, 2020 2:35 am
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 2787

Re: IPv6 with TunnelBroker: How to create isolated subnets?

One correction to the above - leave pvid at the default of "1" for any bridge ports where they are supposed to be trunk ports to switches, carrying only tagged vlans.
by mducharme
Sun May 17, 2020 2:22 am
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 2787

Re: IPv6 with TunnelBroker: How to create isolated subnets?

You might also consider reverting back your ipv6 nd config settings to the default entirely as there is really no issue with using the default settings. Advertisements shouldn't be sent out unless adveritse=yes is enabled for the IPv6 address, so there is not generally a need to control ipv6 nd per ...
by mducharme
Sun May 17, 2020 2:10 am
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 2787

Re: IPv6 with TunnelBroker: How to create isolated subnets?

There's a VLAN 14 that I was trying to use as the replacement for untagged, but it is not being used. One thing I am wondering about is the IGMP snooping. IPv6 uses multicast instead of broadcast for advertisements. I haven't tried using IGMP snooping before (never had a need) so I wasn't sure how ...
by mducharme
Sat May 16, 2020 11:10 pm
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 2787

Re: IPv6 with TunnelBroker: How to create isolated subnets?

So as I could tell, it's either the router or the laptop. I don't exactly think it's the laptop because that would mean either Windows 10 or Intel and Realtek did this wonky thing. I guess I will have to look into VLAN everything? At this point I would do an /export hide-sensitive and paste here, t...
by mducharme
Sat May 16, 2020 8:43 pm
Forum: General
Topic: PPPoE and OSPF drops
Replies: 7
Views: 1251

Re: PPPoE and OSPF drops

Thank you for the reply. We have no masquerade rules only dst nat and src nat. We also have the stub area for the pppoe ips and the passive default as well already. That sounds fine - do have an OSPF area range configured for the PPPoE customers? What does the Profiler show when a few PPPoE custome...
by mducharme
Sat May 16, 2020 1:18 pm
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 2787

Re: IPv6 with TunnelBroker: How to create isolated subnets?

The new style bridge VLAN - I thought about this no default VLAN 1 idea a while ago and tried a bit but messed things up. Is there a good article on implementing this on Mikrotik RouterOS? I was not sure how to handle the edge where VLAN eventually has to be converted to untagged to be compatible w...
by mducharme
Sat May 16, 2020 12:46 pm
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 2787

Re: IPv6 with TunnelBroker: How to create isolated subnets?

I see what you meant now. This will require a bit more effort and I will try to find some time to conduct this test. Yes I do have DHCPv4 servers on both subnets. I actually thought about this and tried to observe - I could find one or two switches on the network grab a VLAN 59 address but they are...
by mducharme
Sat May 16, 2020 11:38 am
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 2787

Re: IPv6 with TunnelBroker: How to create isolated subnets?

I cannot figure out what leaked the broadcast this time. There's nothing on my network even knows a VLAN 59 except the router itself. Unless you have some device that is just removing all VLAN tags from packets that arrive with a tag. Again, I didn't say to remove VLAN 59 from the switches. I said ...
by mducharme
Sat May 16, 2020 2:31 am
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 2787

Re: IPv6 with TunnelBroker: How to create isolated subnets?

I am aware of the issue with mixed tagged and untagged network. I don't think I have anything like that on my network. However, is there a way for me to diagnose this kind of issue, like to isolate where the issue could happen? What I would do temporarily is disconnect your switches from the router...
by mducharme
Sat May 16, 2020 1:58 am
Forum: General
Topic: PPPoE and OSPF drops
Replies: 7
Views: 1251

Re: PPPoE and OSPF drops

Hello I have a strange issue happening on one of our routers. It is a CCR1072-1G-8S+ currently serving ~250 PPPoE connections. The issue is whenever 5 or more PPPoE connections are dropped at the same time the log will fill up with already active closing previous one multiple times over and over. A...
by mducharme
Sat May 16, 2020 1:03 am
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 2787

Re: IPv6 with TunnelBroker: How to create isolated subnets?

I am not aware of switches on the network could do bridging between VLAN and untagged. But I do have a bunch of "smart managed" switches on the network. The VLAN 59 is created by configuring ports on one of the switches to untag VLAN 59 and PVID 59. I am not 100% sure but I don't think that would l...
by mducharme
Fri May 15, 2020 11:31 pm
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 2787

Re: IPv6 with TunnelBroker: How to create isolated subnets?

Here it is: That all looks fine too. Please note that "/interface bridge vlan" doesn't do anything without having Bridge VLAN filtering enabled. You are using old-style bridging/VLAN configuration instead of bridge vlan filtering, so that setting has no impact. Is there some other device like a swi...
by mducharme
Fri May 15, 2020 11:03 pm
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 2787

Re: IPv6 with TunnelBroker: How to create isolated subnets?

Thanks - as that is what I thought but I don't know what I did wrong. So currently my VLAN is done as a VLAN interface attached on the bridge that includes all my LAN interfaces. Something like this: # NAME MTU ARP VLAN-ID INTERFACE 3 R bridge1-lan-vlan0059 1500 enabled 59 bridge1-lan And then this...
by mducharme
Fri May 15, 2020 10:45 pm
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 2787

Re: IPv6 with TunnelBroker: How to create isolated subnets?

I notice that before any setup, the computer on the VLAN can actually get IPv6 configuration. I don't think this is right because I tried to attach IPv6 Address only on my main network interface. And when I try to create one set of configuration for my VLAN, I found that both the main network and V...
by mducharme
Fri May 15, 2020 7:53 pm
Forum: General
Topic: Mikrotik DHCP lease time with Ubiquiti and wireless routers
Replies: 16
Views: 1696

Re: Mikrotik DHCP lease time with Ubiquiti and wireless routers

So the Ubnt radio is the problem, or the home router? Should I have the same or different renew times on everything, or does it even matter? Or should I just bridge the Ubnt user radio and let the Mikrotik hand the IP straight to the users router? Lease times shouldn't really matter. If the end use...
by mducharme
Fri May 15, 2020 7:31 pm
Forum: General
Topic: Mikrotik DHCP lease time with Ubiquiti and wireless routers
Replies: 16
Views: 1696

Re: Mikrotik DHCP lease time with Ubiquiti and wireless routers

2 DHCP servers on one bridged network. That will create confilcts! One DHCP server will send NACK to the client for an address leased by the other.. I also see only one IP address pool, so who owns the pool.? From reading above I don't think there are 2 DHCP servers on the same bridged network here...
by mducharme
Fri May 15, 2020 7:17 pm
Forum: General
Topic: Mikrotik DHCP lease time with Ubiquiti and wireless routers
Replies: 16
Views: 1696

Re: Mikrotik DHCP lease time with Ubiquiti and wireless routers

I don't understand how this could be a MikroTik problem either - if the only problem is that the Ubiquiti radio is not giving DHCP leases to the clients on the LAN port, surely that is a Ubiquiti issue and not anything to do with MikroTik?
by mducharme
Thu May 14, 2020 11:19 pm
Forum: Beginner Basics
Topic: IPV6 setup [SOLVED]
Replies: 7
Views: 1366

Re: IPV6 setup [SOLVED]

I guess something is not quite initialized with ND on the 1st run after reset so it needs a slight "kick" to get it running properly. That makes more sense - I have periodically encountered neighbor discovery issues that a reboot fixes. I never traced them to the first boot after reset though, that...
by mducharme
Thu May 14, 2020 1:25 am
Forum: Beginner Basics
Topic: IPV6 setup [SOLVED]
Replies: 7
Views: 1366

Re: IPV6 setup [SOLVED]

It got working fine :-) ping6 to Internet sites works OK from my Client PC. The key was tweaking ND: either disabling interface=all; or disabling all and adding a new on interface=bridge worked OK for me. I followed the following article: https://www.medo64.com/2018/03/setting-ipv6-on-mikrotik/ Onc...
by mducharme
Wed May 13, 2020 4:33 am
Forum: Beginner Basics
Topic: IPV6 setup [SOLVED]
Replies: 7
Views: 1366

Re: IPV6 setup [SOLVED]

Can your MikroTik itself ping to the Internet via IPv6? If it can, try pinging to the Internet from the MikroTik itself with src-address set to the ipv6 address that you have on bridge. If both work, the problem is that the workstation is not properly set up for IPv6 address auto configuration (SLAA...
by mducharme
Wed May 13, 2020 1:56 am
Forum: RouterOS v7 BETA
Topic: List of devices which will run v7?
Replies: 3
Views: 1070

Re: List of devices which will run v7?

You may have to netinstall it - I had trouble getting it on my hAP mini, wouldn't install due to low disk space.
by mducharme
Tue May 12, 2020 10:36 pm
Forum: Beginner Basics
Topic: IPV6 setup [SOLVED]
Replies: 7
Views: 1366

Re: IPV6 setup [SOLVED]

I found several discussions about IPv6 within this forum but still I'm unable to figure out how to properly configure it and make it work.
You need to give your router's bridge interface an IP from the prefix pool:
/ipv6 address
add address=::1 from-pool=my-ipv6-pool-1 interface=bridge
by mducharme
Tue May 12, 2020 5:11 am
Forum: RouterOS v7 BETA
Topic: Question: Multi-thread BGP
Replies: 9
Views: 2699

Re: Question: Multi-thread BGP

I don't fully understand the syntax, but: /routing fantasy add comment=test count=1000 dealer-id=1000 dst-address=12.0.0.0/8 gateway=192.168.88.1 instance-id=1 name=fantasy-test prefix-length=32 \ priv-offs=1000 priv-size=100 seed=mducharme use-hold=no creates 1000 random /32 routes within 12.0.0.0/...
by mducharme
Tue May 12, 2020 3:44 am
Forum: RouterOS v7 BETA
Topic: Question: Multi-thread BGP
Replies: 9
Views: 2699

Re: Question: Multi-thread BGP

Yup, I figured out routing fantasy - that's exactly what it does.
by mducharme
Tue May 12, 2020 3:00 am
Forum: RouterOS v7 BETA
Topic: Question: Multi-thread BGP
Replies: 9
Views: 2699

Re: Question: Multi-thread BGP

It might be possible in v7 right now to use /routing/fantasy to load up a routing table with enough fictitious routes to simulate multiple full BGP tables and then check to see how long it takes to perform operations on those routes. At least I suspect that is what /routing/fantasy is meant for - a ...
by mducharme
Mon May 04, 2020 9:27 pm
Forum: RouterOS v7 BETA
Topic: IPv6 no link local address
Replies: 1
Views: 740

Re: IPv6 no link local address

I cannot find ipv6 link local address in any ipv6 interface. Rebooting doesn't help too.
Check /ipv6/settings in CLI to see if disable-ipv6 is set to "yes".
by mducharme
Sun May 03, 2020 9:05 pm
Forum: Beginner Basics
Topic: Is there a "use-ip-firewall" setting also for non-bridge setup? [SOLVED]
Replies: 56
Views: 6198

Re: Is there a "use-ip-firewall" setting also for non-bridge setup? [SOLVED]

Thx for the offer. I would be glad to hear about alternatives. My basic requirements for a central firewall on a 24+ port LAN switch: 1) Firewall for incoming traffic to the LAN, for outgoing traffic from the LAN, as well for local traffic inside the LAN. 2) Firewall decision making over all OSI la...
by mducharme
Sun May 03, 2020 4:06 am
Forum: Beginner Basics
Topic: Is there a "use-ip-firewall" setting also for non-bridge setup? [SOLVED]
Replies: 56
Views: 6198

Re: Is there a "use-ip-firewall" setting also for non-bridge setup? [SOLVED]

Oh man, this is a so much complicated and insecure thing that I think a dedicated firewall is the cleanest, securest, and safest solution. But a dedicated firewall with 24x Gigabit ports plus 2x 10G ports I have yet to see :-) --> forget it, I must solve it with this CRS device only... Why do you n...
by mducharme
Sun May 03, 2020 2:01 am
Forum: Beginner Basics
Topic: Is there a "use-ip-firewall" setting also for non-bridge setup? [SOLVED]
Replies: 56
Views: 6198

Re: Is there a "use-ip-firewall" setting also for non-bridge setup? [SOLVED]

@bpwl, thx for the analysis. LAN2 is managed by this switch. Yes, what I want is simply a switch with a firewall on it for centrally configuring/controlling via this central firewall the whole inbound and outbound traffic to and from LAN2. Regarding separating the ether1 WAN port: yes, can be done,...
by mducharme
Tue Apr 28, 2020 11:11 pm
Forum: RouterOS v7 BETA
Topic: IPv6 dhcp finally in v7 ?
Replies: 8
Views: 1670

Re: IPv6 dhcp finally in v7 ?

suppose they are on same LAN segment (dumb switch) so the only routing decision is possible on router itself, based on source address which source address? from 10 temporary address assigned, which one should i use in filtering? and, yes, there is security question. Why should i allow some device w...
by mducharme
Tue Apr 21, 2020 2:50 am
Forum: RouterOS v7 BETA
Topic: Mysterious 564/tcp open port 7.0beta5
Replies: 38
Views: 6197

Re: Mysterious 564/tcp open port 7.0beta5

2000 is the btest server.

are you testing using nmap on the same the same subnet, or traversing another device?

Thx!
Sam
I can reproduce the tcp/564 connection on my own RouterOS 7 device here. I agree with the OP that RouterOS 7 devices do appear to be listening on that port.
by mducharme
Mon Apr 20, 2020 9:48 pm
Forum: RouterOS v7 BETA
Topic: Mysterious 564/tcp open port 7.0beta5
Replies: 38
Views: 6197

Re: Mysterious 564/tcp open port 7.0beta5

Here are a nmap scan of my v7. More and less default configured. As you see 564 is open. What are 2000, 8728 and 8729 used for. 8728 and 8729 are api and api-ssl, so assuming you have those enabled in IP services they should be listening. 2000 is normally Cisco's proprietary VoIP protocol, SCCP, wh...
by mducharme
Sat Apr 04, 2020 7:56 am
Forum: RouterOS v7 BETA
Topic: Feature Request: RFC3021 /31 point-to-point support in v7
Replies: 4
Views: 1850

Re: Feature Request: RFC3021 /31 point-to-point support in v7

I thought I had read somewhere that this was already added in v7? I haven't tested it to see whether or not that is the case.
by mducharme
Mon Mar 30, 2020 5:06 am
Forum: RouterOS v7 BETA
Topic: FEATURE REQUEST: Add Basic Firewall Rule Wizard
Replies: 41
Views: 7057

Re: FEATURE REQUEST: Add Basic Firewall Rule Wizard

One of the biggest complaints that I hear about MikroTik is the interface for things like wireless CPEs. UBNT has a nice interface for wireless configuration, very easy to use - but obviously it is limited in terms of what you can do with the device overall. With MikroTik you can do anything, you ca...
by mducharme
Sat Mar 28, 2020 8:34 pm
Forum: RouterOS v7 BETA
Topic: FEATURE REQUEST: Add Basic Firewall Rule Wizard
Replies: 41
Views: 7057

Re: FEATURE REQUEST: Add Basic Firewall Rule Wizard

For our home users we do customized webfig skins that limit the options shown to them to hide things that they don't care about and might confuse them. The most user friendly way IMO of managing a home MikroTik is with the iOS or Android app. It might make more sense to have such wizards in there fo...
by mducharme
Thu Mar 05, 2020 8:19 pm
Forum: RouterOS v7 BETA
Topic: Who can use ipv6 normally?
Replies: 11
Views: 4072

Re: Who can use ipv6 normally?

The ipv6 firewall itself is all turned off, and the MTU is changed to 1280, so the problem can't be found. Hi, your ISP may somehow be blocking the ICMPv6 from reaching the destination, or possibly your computer is doing something with it. You are connecting over PPPoE - when you connect with the P...
by mducharme
Mon Feb 24, 2020 7:36 pm
Forum: RouterOS v7 BETA
Topic: Who can use ipv6 normally?
Replies: 11
Views: 4072

Re: Who can use ipv6 normally?

This method is very good, win10 did get dns. However, ipv6 is still abnormal. Many websites cannot be opened or are stuck. Using Padavan's ipv6 is normal, and all websites can be opened normally. Can a friend use ros's IPv6 to access the website? Yes, the original issue is not related to DNS at all...
by mducharme
Fri Feb 21, 2020 7:51 pm
Forum: RouterOS v7 BETA
Topic: Who can use ipv6 normally?
Replies: 11
Views: 4072

Re: Who can use ipv6 normally?

Hi, RouterOS can advertise DNS with DHCPv6. You simply need to add a DHCPv6 server onto the subnet and enable the "other configuration" flag in IPv6 ND settings, you don't need an IPv6 pool etc. The windows clients will make a DHCPv6 request to get DNS servers. If Windows 10 receives DNS servers thr...
by mducharme
Tue Jan 28, 2020 9:26 pm
Forum: RouterOS v7 BETA
Topic: Feature Request - Bound Radius-Server to PPPoE-Server
Replies: 2
Views: 1488

Re: Feature Request - Bound Radius-Server to PPPoE-Server

What are you talking about? This feature has already been in RouterOS for a long time.
by mducharme
Tue Jan 14, 2020 11:46 pm
Forum: Forwarding Protocols
Topic: VPLS traffic shaping
Replies: 14
Views: 2222

Re: VPLS traffic shaping

My vpls and vlan interface are bridge. So If I use vlan interface, could it be a solution for that? Yes - the only confusing thing is it will be the other way around, so you would control the download rate at the near side and the upload rate at the far side (instead of vice versa). The only other ...
by mducharme
Mon Jan 13, 2020 8:50 pm
Forum: General
Topic: VLANs setup (the new way)
Replies: 20
Views: 3238

Re: VLANs setup (the new way)

@mducharme - so you're suggesting: <removed> I had picked up the untagged= in regards to setting the egress VLAN for access ports when reading the various posts/tutorials hence why I'd explicitly defined. Yes, the new config is exactly what I am suggesting. IMO, the only place you would want to set...
by mducharme
Sat Jan 11, 2020 1:04 am
Forum: Forwarding Protocols
Topic: VPLS traffic shaping
Replies: 14
Views: 2222

Re: VPLS traffic shaping

Queue type shouldn't matter very much. RED tends to give best latency, so you might want to use that queue type. You can reconfigure default-small to use red or make a new queue type called "red" that uses red. Default bucket size is fine, but if you need to be more strict with the shaping (i.e. rea...
by mducharme
Fri Jan 10, 2020 9:09 pm
Forum: General
Topic: VLANs setup (the new way)
Replies: 20
Views: 3238

Re: VLANs setup (the new way)

I would actually discourage setting "untagged=etherx" for any /interface bridge vlan - leave it unset, and set the correct PVID for the etherx port in /interface bridge port and that etherx port will also be added dynamically as an untagged port for that /interface bridge vlan without you needing to...
by mducharme
Fri Jan 10, 2020 7:07 pm
Forum: Beginner Basics
Topic: Mikrotik and GNS3 with QoS
Replies: 5
Views: 1250

Re: Mikrotik and GNS3 with QoS

Testing with GNS3 in this case is not helpful, since creating queue trees on the switches will not be suitable for this type of setup - queue trees will require that you disable hardware switching on those switches, and then they can only handle around 100Mbps total which is probably not enough (now...
by mducharme
Fri Jan 10, 2020 6:27 pm
Forum: RouterOS v7 BETA
Topic: ipv6 disable on 7b4
Replies: 7
Views: 2218

Re: ipv6 disable on 7b4

If you reset the router to factory defaults (or if the router is new out of the box), it will have IPv6 firewall rules by default and therefore will be secure already. Although the option is there, there should be no need to disable IPv6 entirely as a result. The only reason I can see for this optio...
by mducharme
Fri Jan 10, 2020 6:16 pm
Forum: Forwarding Protocols
Topic: VPLS traffic shaping
Replies: 14
Views: 2222

Re: VPLS traffic shaping

Will try :) Thanks!
I was actually replying to networkmonkey - I'm afraid I don't know anything about Huawei equipment, never used it, so I have no idea what you want to do.
by mducharme
Fri Jan 10, 2020 4:11 pm
Forum: Forwarding Protocols
Topic: VPLS traffic shaping
Replies: 14
Views: 2222

Re: VPLS traffic shaping

Create a queue tree with parent set to the VPLS interface with the limit you want, matching packets with "no-mark". You will need to do this on the routers on both ends of the tunnel, because it does this limit only on egress traffic.
by mducharme
Thu Jan 09, 2020 6:28 am
Forum: General
Topic: DHCP + RADIUS - renew does not check RADIUS
Replies: 8
Views: 2294

Re: DHCP + RADIUS - renew does not check RADIUS

I'm not seeing any RADIUS auth requests/responses for renewals of existing leases at the Mikrotik. Your RADIUS server will have send a Session-Timeout value in the initial Access-Accept. If the renewal time for a new lease exceeds the remaining session time in the original Session-Timeout RADIUS at...
by mducharme
Thu Dec 19, 2019 7:48 am
Forum: Announcements
Topic: v6.47beta [testing] is released!
Replies: 269
Views: 116005

Re: v6.47beta [testing] is released!

I am curious - how many more 6.4x versions are expected given that 7 is now in beta? Is 6.47 or 6.48 possibly the last RouterOS 6.x? Or will there be a longer period of overlap while 7.x is released and 6.x is still being developed?
by mducharme
Thu Dec 12, 2019 8:04 pm
Forum: General
Topic: DHCPv6 op 79 - Client Link-Layer Address Option
Replies: 6
Views: 1302

Re: DHCPv6 op 79 - Client Link-Layer Address Option

That's only for DHCPv6 Relay, which is not helpful at all for most people. I just want to make DHCPv6 reservations based on link-layer adress. Also it's only RouterOS 7, which is beta, and it's not for my platform (powerpc, RB1100AHx2). It is available for powerpc since beta 3, but I wouldn't recom...
by mducharme
Wed Dec 11, 2019 9:24 pm
Forum: General
Topic: DHCPv6 op 79 - Client Link-Layer Address Option
Replies: 6
Views: 1302

Re: DHCPv6 op 79 - Client Link-Layer Address Option

Still waiting for RFC 6939. Without this, IPv6 is unmanageable in RouterOS. Some client/home-users routers are in a very broken state and they somehow re-generate their DUID all the time, causing /56 pool to be exhausted in 1 hour or less. Did you not see? I believe they have just added it: https:/...
by mducharme
Sat Nov 30, 2019 8:07 am
Forum: RouterOS v7 BETA
Topic: Bricked and no longer working [SOLVED]
Replies: 1
Views: 2313

Re: Bricked and no longer working [SOLVED]

Check to make sure that you didn't upgrade the bootloader firmware to 7.0 (under System->Routerboard, "Current Firmware"). Netinstall should have replaced the bootloader firmware too, but not a bad idea to double check. You can also go into "Settings" in the same menu to check that your boot device ...
by mducharme
Wed Nov 27, 2019 5:36 am
Forum: RouterOS v7 BETA
Topic: CRS3xx MC-LAG in RouterOS 7
Replies: 19
Views: 4934

Re: CRS3xx MC-LAG in RouterOS 7

I agree with all of this again, but I would rather than ROS 7 be stabilized first instead of them introducing too many new features right away. The new kernel and rewritten OSPF/BGP are big changes already. I think it is smart for MikroTik to focus on feature parity with ROS 6 when it comes to the i...
by mducharme
Mon Nov 18, 2019 8:39 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 8082

Re: IPv6 PPPoE and DHCP issue

I Have network as you said with one vlan. What is the role of those routers? I see BGP 7606 and LAN Gateway 7606 and CCR 1036. What are they supposed to be doing? It is highly unusual to use the same VLAN on both the public side and the private side of those two routers (LAN gateway 7606 and CCR 10...
by mducharme
Sat Nov 16, 2019 9:54 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 8082

Re: IPv6 PPPoE and DHCP issue

I have seen that with many tries that are resolves on IPv4 every time.( why it was solving IPv6 IP) When i do with "2606:4700:4700::1111" with this DNS it is going to resolve but sometimes getting request timed out issue. When i did with 2001:4860:4860::8888,2001:4860:4860::8844 DNS it is getting h...
by mducharme
Sat Nov 16, 2019 10:41 am
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 8082

Re: IPv6 PPPoE and DHCP issue

I got as like below image
resolver.PNG
Are you sure three tries is enough to properly test it? When I see your screenshots above, I see that you had problems resolving facebook on the fourth try but the first three were OK. But you are sure the CCR is OK after three tries?
by mducharme
Sat Nov 16, 2019 9:59 am
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 8082

Re: IPv6 PPPoE and DHCP issue

Is there any option on CCR for NSLookup?
Yes I told you in the last post:
put [:resolve facebook.com server=2001:4860:4860::8844]
by mducharme
Fri Nov 15, 2019 7:30 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 8082

Re: IPv6 PPPoE and DHCP issue

I can strongly say that there is no packet drop issue when doing DNS resolver or while browsing.( i have not seen any packet drop for any websites) Im getting ping google and google DNS with =16 ms, Facebook with =24ms. What you really should do is test that same DNS server from different points on...
by mducharme
Fri Nov 15, 2019 12:38 am
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 8082

Re: IPv6 PPPoE and DHCP issue

While you are doing your resolver tests, try running a continuous ping (ping -t) from the same computer to the Google DNS IP: 2001:4860:4860::8844

That way you can see if you have general packet loss with IPv6.
by mducharme
Thu Nov 14, 2019 8:58 am
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 8082

Re: IPv6 PPPoE and DHCP issue

After all this setup's i have got new issue with DNS resolver. Getting slow browing and some websites are not resolving with IPv6 DNS. Hard to say what your problem is. Slow browsing can have many different causes. IPv6 DNS servers should resolve the same websites as IPv4. I really doubt that any p...
by mducharme
Mon Nov 11, 2019 4:25 am
Forum: General
Topic: RB2011UiAS-2HnD-IN and Spectrum Cable Ultra (400Mbps)
Replies: 25
Views: 3098

Re: RB2011UiAS-2HnD-IN and Spectrum Cable Ultra (400Mbps)

personally I find test result for "Routing 25 ip filter rules using 512 byte packets" the best representing real-life performance of devices I'm using. +1 on this - when spec'ing a device, always look for the "Routing, 25 ip filter rules, 512 bytes" spec. Your maximum download speed will be approxi...
by mducharme
Sun Nov 10, 2019 10:35 pm
Forum: General
Topic: IRC channel on freenode
Replies: 1
Views: 488

Re: IRC channel on freenode

The channel does not require invite, you just need to be registered at Freenode.

See: https://www.wikihow.com/Register-a-Nickname-on-Freenode
by mducharme
Sun Nov 10, 2019 10:28 pm
Forum: Beginner Basics
Topic: PPPoE for 1Gbps clients
Replies: 2
Views: 787

Re: PPPoE for 1Gbps clients

Your throughput may be impacted by out of order packets due to fragmentation. If you have at least 1508 layer 2 MTU between your clients and the server, you can change MTU and MRU to 1500 on both sides. Then PPPoE should not theoretically be any more overhead than simply adding a VLAN tag and I woul...
by mducharme
Sun Nov 10, 2019 8:29 am
Forum: Announcements
Topic: v6.44.6 [long-term] is released!
Replies: 54
Views: 44181

Re: v6.44.6 [long-term] is released!

We just found that the OSPFv3 changes in 6.44.6 appear to cause problems with neighbor with Cisco switch with IPv6 (C3560 Software (C3560-IPSERVICESK9-M), Version 15.0(2)SE11, RELEASE SOFTWARE (fc3)). Downgrading to 6.44.5 resolves it. Careful if your router needs OSPFv3 neighbour with Cisco devices.
by mducharme
Sun Nov 10, 2019 5:29 am
Forum: Beginner Basics
Topic: Remove DNS IP from DHCP lease for one PC
Replies: 17
Views: 2224

Re: Remove DNS IP from DHCP lease for one PC

Yes but how will you define that inside the static lease? You can only select the DHCP server to use...! You don't have to change anything inside the static lease. Simply "make static" and don't bother changing anything in the lease and add the network under DHCP Server->Networks and it will work. ...
by mducharme
Sun Nov 10, 2019 1:34 am
Forum: Beginner Basics
Topic: Remove DNS IP from DHCP lease for one PC
Replies: 17
Views: 2224

Re: Remove DNS IP from DHCP lease for one PC

The easiest way to handle this is to give the computer in question a static lease and then create a separate DHCP network for that computer, as shown below: /ip dhcp-server network #this will be used by all computers except 192.168.88.229 add address=192.168.88.0/24 comment=defconf dns-server=192.16...
by mducharme
Sat Nov 09, 2019 10:15 pm
Forum: RouterOS v7 BETA
Topic: Poll: who wants to have a better /export ?
Replies: 17
Views: 4202

Re: Poll: who wants to have a better /export ?

Now for the import process, I´d love to see an option for error-handling, ideally per config section. Like on-error=log-and-proceed, stop-import, skip-section-import, replace-section log-and-proceed: Log the error occured but go ahead with subsequent config import. stop-import: stop the whole confi...
by mducharme
Fri Nov 08, 2019 5:02 am
Forum: RouterOS v7 BETA
Topic: Memory leak on SMIPS
Replies: 0
Views: 1678

Memory leak on SMIPS

I am running ROS 7 beta 3 on a hAP mini for testing and am experiencing a memory leak. It is basically the default configuration but with firewall rules removed, OSPFv2 and OSPFv3 neighbor relationships established with my ROS 6.45.7 device, and DHCPv6 PD client grabbing a prefix from my main ROS 6....
by mducharme
Wed Nov 06, 2019 9:13 pm
Forum: RouterOS v7 BETA
Topic: OpenVPN Bad decompression
Replies: 5
Views: 2821

Re: OpenVPN Bad decompression

Any clue why the LZO compression is still not supported?
I don't think people have requested it, at least not nearly as many as who wanted UDP support.
by mducharme
Wed Nov 06, 2019 8:50 pm
Forum: Announcements
Topic: v6.46beta [testing] is released!
Replies: 150
Views: 72944

Re: v6.46beta [testing] is released!

Hi Mikrotik Team, Please add the following features in upcomming release: 1. Walled garden or some filtering service to limit the invalid PPPOE request hits.--> To filter Unnecessary Hits or Request from unauthenticated PPPOE Clients. 2. IPv6 Accounting for radius. --> Most important and expected b...
by mducharme
Wed Nov 06, 2019 3:50 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 8082

Re: IPv6 PPPoE and DHCP issue

On DHCP im using direct PC's only.
This answer makes no sense. Do you mean you are only using PCs on that VLAN? I don’t know what you mean by “on DHCP”.

Are you sure those PCs are not getting global IPV6 addresses and only link local?
by mducharme
Wed Nov 06, 2019 3:41 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 8082

Re: IPv6 PPPoE and DHCP issue

This what i did in the IPv6->ND
You’ll need to also check “other configuration” box if you want Windows to get DNS server addresses from DHCPV6 server on MikroTik. If they don’t get DNS v6 after that then you have not added DHCPv6 server for that specific network.
by mducharme
Wed Nov 06, 2019 3:31 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 8082

Re: IPv6 PPPoE and DHCP issue

I have getting Valid IPv6 IP and getting Fe80::... gateway, But not able to get IPv6 DNS,
Have you added DHCPV6 server on that vlan? What neighbor discovery settings are configured on the mikrotik under ipv6-> ND?
by mducharme
Wed Nov 06, 2019 3:25 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 8082

Re: IPv6 PPPoE and DHCP issue

When i go to IPv6>addresses i have seen many of the clients are showing with FE80::.. link local ip for PPPoE clients ID's and For all vlan's. That is normal. Also going to Neighbors list i have observed that for 1 mac i'm getting public IP also link local IP But some clients are only getting Link ...
by mducharme
Wed Nov 06, 2019 10:44 am
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 8082

Re: IPv6 PPPoE and DHCP issue

Based on the diagram your Wi-Fi computer shouldn’t see the Cisco RAs at all unless the Mikrotik is bridging the Huawei to the Cisco BGP. If it is doing that on purpose, why? It is a bit strange to bridge an upstream interface to a downstream one in what looks like a fully routed network. Obviously r...
by mducharme
Wed Nov 06, 2019 8:44 am
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 8082

Re: IPv6 PPPoE and DHCP issue

You will have to disable router advertisements on Cisco if it is meant to use RB as IPv6 gateway. Quick googling returns also this page which seems promising. Yes if the MikroTik is supposed to be the IPv6 gateway for that network, you should run the following on the Cisco to disable RA (Router Adv...
by mducharme
Wed Nov 06, 2019 8:35 am
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 8082

Re: IPv6 PPPoE and DHCP issue

in the second (wifi) image it was connected on my local network which is used by cisco and huawei in the middle ware for local offices. So in the second (wifi) image what is the default gateway supposed to be? Is it supposed to be the cisco one (with MAC 00:15:FA:E1:37:80)? Or is it supposed to be ...
by mducharme
Tue Nov 05, 2019 4:50 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 8082

Re: IPv6 PPPoE and DHCP issue

I have seen that from direct router ether port i have got 1 Gateway with fe80:..... like below with no DNS. lan.JPG Coming to my local network it was showing 2 Gateways and no DNS like below. wifi.JPG Can you explain what those two screenshots are showing? Are they behind two different routers and ...
by mducharme
Tue Nov 05, 2019 4:40 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 8082

Re: IPv6 PPPoE and DHCP issue

I have an a doubt on IPv6 gateway is this will come to our clients on dhcp or not? Unlike IPv4, IPv6 cannot send default gateway through DHCP. It is sent by RA (Router Advertisement) packets, which is a part of the ICMPv6 protocol, also used for pinging. IPv6 DNS server addresses can be provided by...
by mducharme
Tue Nov 05, 2019 4:34 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 8082

Re: IPv6 PPPoE and DHCP issue

I'm using cisco, Huawei switches on my network, I have not enabled IPv6 in any switches. I have gateway with cisco 7606. local pop switches are Cisco 3750,Cisco SG300, SF300, SG300 POE, Huawei S5701 Well there is some Cisco device advertising that it is an IPv6 router on VLAN 100. This is from your...
by mducharme
Tue Nov 05, 2019 9:38 am
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 8082

Re: IPv6 PPPoE and DHCP issue

Well, 19/20 is still green, isn't it? Plus, if usual residental user gets 19/19, what should non-usual user with PTR record get, 20/19? Except 19/20 makes it seem to the average user that something isn't working. Whereas they can have completely working IPv6 with completely valid setup and get 19/2...
by mducharme
Mon Nov 04, 2019 11:47 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 8082

Re: IPv6 PPPoE and DHCP issue

I'm getting 20/20 ... what am I doing wrong? :wink: The only way you get 20/20 is if you have a PTR record for your computer's IPv6 address. This won't be the case for just about any home customer. The current recommendation is to not create PTR for residential hosts for IPv6, and so it shouldn't g...
by mducharme
Mon Nov 04, 2019 11:26 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 8082

Re: IPv6 PPPoE and DHCP issue

Just to be completely clear, the IPv6 test will give a score of 19/20 for virtually everybody. Hostname will be "None" for the vast majority of IPv6 end users now and into the future. They shouldn't be counting it in their score at all - right now they deduct one mark out of 20 (giving 19 instead). ...
by mducharme
Mon Nov 04, 2019 4:26 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 8082

Re: IPv6 PPPoE and DHCP issue

That also looks fine. I assume you have that set up for customers who are NOT on pppoe. That is the normal way you would do that. The device appearing as the second default gateway on that network is some kind of Cisco device, based on the MAC address. I’m just not sure why the Cisco device is sendi...
by mducharme
Mon Nov 04, 2019 12:02 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 8082

Re: IPv6 PPPoE and DHCP issue

Yes, that looks fine. 19/20 is normal. No need for the PTR (hostname).
by mducharme
Mon Nov 04, 2019 3:08 am
Forum: Beginner Basics
Topic: IPv6 how to use it right
Replies: 68
Views: 8463

Re: IPv6 how to use it right

That issue got TP-LINK routers DUID new each time ...

I've disable DHCPv6 becouse of that ...
Can’t you just replace the TPlink devices? Or upgrade them to fix it? Disabling DHCPV6 is not a good solution, IPV6 with manual config is too much work.
by mducharme
Mon Nov 04, 2019 1:15 am
Forum: Wireless Networking
Topic: Bandwidth Limit from RADIUS doesn't apply
Replies: 2
Views: 1021

Re: Bandwidth Limit from RADIUS doesn't apply

What specific RADIUS attributes did you use?
by mducharme
Mon Nov 04, 2019 12:21 am
Forum: SwOS
Topic: v6.45.7 SFP+ speed and package issues [SOLVED]
Replies: 18
Views: 4755

Re: v6.45.7 SFP+ speed and package issues [SOLVED]

CCRs is connected via the SFP + port connected to the CRS SFP + port 1 as configured as a Lan bridge. And all their Network equipment connects off of the 10-gig switch through SFP + ports. We have multiple aoc's and dacs test results don't vary depending on what we use both come back the same resul...
by mducharme
Mon Nov 04, 2019 12:04 am
Forum: SwOS
Topic: v6.45.7 SFP+ speed and package issues [SOLVED]
Replies: 18
Views: 4755

Re: v6.45.7 SFP+ speed and package issues [SOLVED]

All MiktoTik equipment we are using has v6.45.7 as the OS and the Boards firmware updated and we tested with 6.44.6 and 7.0B3 all came back with the same results and same issues. Also all equipment was factor reset with minimum changes to make the network usable. That said tomorrow we will test wit...
by mducharme
Sun Nov 03, 2019 10:07 pm
Forum: Beginner Basics
Topic: IPv6 how to use it right
Replies: 68
Views: 8463

Re: IPv6 how to use it right

that what is going on if DHCPv6 SERVER ENABLED dhcpv6.png new prefix each 30-60 sec That appears to be a Ubiquiti bug or wrong setting, it is generating a new DUID each time it requests a prefix. The info field shows the DUID. The DUID is supposed to be fixed for a given router and never change. Yo...
by mducharme
Sun Nov 03, 2019 9:27 pm
Forum: Beginner Basics
Topic: IPv6 how to use it right
Replies: 68
Views: 8463

Re: IPv6 how to use it right

Yes it get link local gateway but ... (look at my routetabels posted above) problem that there is no route to global adress that users get at LAN behind router ... and no internet at all ... This suggests your DHCPv6 prefix delegation server is not working. It is the role of DHCPv6 prefix delegatio...
by mducharme
Sun Nov 03, 2019 9:22 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 8082

Re: IPv6 PPPoE and DHCP issue

When i connect PC i have got Only IP of IPv6 all other came with IPv4 as below . from router.PNG Is this working fine or i have to do anything else. Your MikroTik config is fine now. The computer is not getting DNS but that is the D-Link's fault, something is wrong on the D-Link. Either the D-Link ...
by mducharme
Sun Nov 03, 2019 7:15 am
Forum: SwOS
Topic: v6.45.7 SFP+ speed and package issues [SOLVED]
Replies: 18
Views: 4755

Re: v6.45.7 SFP+ speed and package issues [SOLVED]

So first thing, make sure your firmware is upgraded, not only the RouterOS version, otherwise you may be troubleshooting phantom bugs that should have been fixed. Second if everything is updated is to unplug the switch from everything and do port to port speed tests with only two computers plugged i...
by mducharme
Sun Nov 03, 2019 7:03 am
Forum: SwOS
Topic: v6.45.7 SFP+ speed and package issues [SOLVED]
Replies: 18
Views: 4755

Re: v6.45.7 SFP+ speed and package issues [SOLVED]

Also I hope that you are updating your firmware too, not only the RouterOS version. If you are only updating RouterOS you might be behind on the firmware updates.
by mducharme
Sun Nov 03, 2019 6:59 am
Forum: SwOS
Topic: v6.45.7 SFP+ speed and package issues [SOLVED]
Replies: 18
Views: 4755

Re: v6.45.7 SFP+ speed and package issues [SOLVED]

I see you are just using the default exactly pretty much. But this switch is connected to a router, yes? What about the router config? To test the switch properly you should be doing testing without going through a router - do a speed test between two computers going through the switch with iperf3. ...
by mducharme
Sun Nov 03, 2019 6:48 am
Forum: SwOS
Topic: v6.45.7 SFP+ speed and package issues [SOLVED]
Replies: 18
Views: 4755

Re: v6.45.7 SFP+ speed and package issues [SOLVED]

Share your configs please, /export hide-sensitive

Also this shouldn't be in the SwOS forum since I imagine you are running RouterOS and not SwOS?
by mducharme
Sun Nov 03, 2019 12:37 am
Forum: General
Topic: L2TP server works for Mac, iPhone, not Windows 10 [SOLVED]
Replies: 11
Views: 2718

Re: L2TP server works for Mac, iPhone, not Windows 10 [SOLVED]

I don't know if this is helpful to you, but these are my profile and proposal settings and they work with L2TP windows 10 clients.
proposal.PNG
ipsec-profile.PNG
by mducharme
Sun Nov 03, 2019 12:27 am
Forum: Beginner Basics
Topic: IPv6 how to use it right
Replies: 68
Views: 8463

Re: IPv6 how to use it right

I have a question how to cast default route gateway to client if i didnt put static gateway it trying to use link local adress of mikrotik router of that interface and didnt get router to internet ( ... how to cast global ipv6 adress of Mikrotik from that interface ... I don't understand what you m...
by mducharme
Sat Nov 02, 2019 10:15 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 8082

Re: IPv6 PPPoE and DHCP issue

Thank you very much there in my devices it was "Yes" now i have changed it to "NO". I have got DNS in PPPoe Dial up in Dlink Router. Kindly give me solution for Gateway also in PPPoE. Sorry, what is the problem with the gateway exactly? The device should simply use the PPPoE interface as the IPv6 g...
by mducharme
Sat Nov 02, 2019 7:09 am
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 8082

Re: IPv6 PPPoE and DHCP issue

I have tried to check all vlans disable and enable but dns is still same and why gateway is also not coming ? So the only thing I can think of is that you are getting DNS through RA packets. On your CCR, go into IPv6->Settings and make sure that "Accept Router Advertisements" is set to "no". RAs.PNG
by mducharme
Fri Nov 01, 2019 9:21 pm
Forum: Wireless Networking
Topic: Mikrotik RBLHGG-60adkit vs AirFiber AF-24
Replies: 2
Views: 1848

Re: Mikrotik RBLHGG-60adkit vs AirFiber AF-24

The big difference is going to be distance - you can go 13km with the AF24, but only about a kilometer with the 60's. I believe there are only like one or two channels available with the 24's so if they intend to use all of those in the same place they might run into interference issues. 60ghz has 5...
by mducharme
Fri Nov 01, 2019 6:49 pm
Forum: General
Topic: SSTP & IPv6
Replies: 21
Views: 6143

Re: SSTP & IPv6

You can also run regular IPsec or IKEv2 over IPv6.
by mducharme
Thu Oct 31, 2019 4:03 pm
Forum: Forwarding Protocols
Topic: manipulate ospf equal cost multi-path
Replies: 3
Views: 1956

Re: manipulate ospf equal cost multi-path

Set up two VLANs, one from B1 to C1 and another from B2 to C1. Then you can add the two VLAN interfaces as OSPF interfaces and override the cost on one to make it use the other except on failure.
by mducharme
Thu Oct 31, 2019 3:34 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 8082

Re: IPv6 PPPoE and DHCP issue

I'm using mikrotik as a server and there is no mikrotik clients in my end, Here all are Dlink, TP Link, Neatgear,etc,,,,. Home router are in PPPoE for my customers. I have using Mobile phone and windows PC's and apple mac's on DHCP for my office clients purpose. In both i have receiving the IP only...
by mducharme
Thu Oct 31, 2019 3:27 am
Forum: RouterOS v7 BETA
Topic: IP6 address from pool bug fixed?
Replies: 12
Views: 3195

Re: IP6 address from pool bug fixed?

However they're partially unrelated and can be fixed independently. Flexible address-from-pool selection doesn't have much to do with DHCPv6 server (and I, as an annoying home user, don't care about those problems at all :wink:). Not necessarily, since the problem here is that if a pool can contain...
by mducharme
Thu Oct 31, 2019 1:10 am
Forum: Wireless Networking
Topic: WAP 60G 360 Config and Operation
Replies: 20
Views: 4768

Re: WAP 60G 360 Config and Operation

Has anyone tried some sort of shielding for these AP's yet?

Seems like with 60GHz it would be more effectively shielded given the beam width?
I wonder if this might work?

https://www.eurodk.com/en/products/mikr ... ise-shield
by mducharme
Thu Oct 31, 2019 12:53 am
Forum: RouterOS v7 BETA
Topic: Beta 3 TR069 client?
Replies: 0
Views: 2026

Beta 3 TR069 client?

Hello,

Where is the TR069 client for beta 3? it was available for beta 2, for ARM at least.

I tried to download it from the expected location: https://download.mikrotik.com/routeros/ ... a3-arm.npk

However, it was not there.
by mducharme
Thu Oct 31, 2019 12:08 am
Forum: Wireless Networking
Topic: WAP 60G 360 Config and Operation
Replies: 20
Views: 4768

Re: WAP 60G 360 Config and Operation

It is not a functionality of a specific product... It is a feature of the RouterOS in the Wireless facility... I don't see why it won't work if its either 2.4GHz, 5GHz or 60 GHz... 60GHz has a separate wireless tab called "W60G", it is not the same "Wireless" tab as all other frequencies. The optio...
by mducharme
Wed Oct 30, 2019 9:18 pm
Forum: RouterOS v7 BETA
Topic: IP6 address from pool bug fixed?
Replies: 12
Views: 3195

Re: IP6 address from pool bug fixed?

I agree, your method works. And that way it is possible to use up all prefixes. However, you don't have any control over which /64 will get used on particular interface. But I want to have that control and mentioned bug prevents me from having that control. It isn't a bug though - they never design...
by mducharme
Wed Oct 30, 2019 8:28 pm
Forum: RouterOS v7 BETA
Topic: IP6 address from pool bug fixed?
Replies: 12
Views: 3195

Re: IP6 address from pool bug fixed?

I think you may have a misunderstanding here. When you set "Pool Prefix Length" in the DHCPv6 client, it configures how the prefix given by the ISP should be divided up in your router, not what you are requesting. In other words, if the ISP gives you a /56 and you set "Pool Prefix Length" to 56, you...
by mducharme
Wed Oct 30, 2019 7:35 pm
Forum: Beginner Basics
Topic: IPv6 how to use it right
Replies: 68
Views: 8463

Re: IPv6 how to use it right

I do this with MikroTik routers but unfortunately there are many problems with off-the-shelf routers with IPv6 DHCP - here are two very common IPv6 problems that affect most routers (including TP-Link): 1. Inability for the router to handle receiving a prefix, but not an address, from IPv6 DHCP. Mik...
by mducharme
Wed Oct 30, 2019 7:05 pm
Forum: General
Topic: Graphing in WebFig not able to measure above 2Gbps
Replies: 5
Views: 905

Re: Graphing in WebFig not able to measure above 2Gbps

Good catch! Is it a bug then? :-) I would say so, yes. Once your rate exceeds 2,147,483,647bps it seems to be doing a wraparound with -2.1Gbps as the starting point. It is a similar problem to SNMPv1 counter overflow. You can see the strange zig-zag pattern once you hit 2.1Gbps, the low "zags" ever...
by mducharme
Wed Oct 30, 2019 6:58 pm
Forum: General
Topic: Graphing in WebFig not able to measure above 2Gbps
Replies: 5
Views: 905

Re: Graphing in WebFig not able to measure above 2Gbps

It is probably storing the rate as a long (signed 32-bit) integer, which can only exist within the range [−2,147,483,647, +2,147,483,647]
by mducharme
Wed Oct 30, 2019 6:47 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 8082

Re: IPv6 PPPoE and DHCP issue

Your CCR shows fe80::1 as a dynamic DNS server. It looks like it might be handing that down to the D-Link client device, which will not work. Your CCR router is probably configured to pull that from an upstream device. You may have to switch that off, for instance by disabling "Use Peer DNS" in DHCP...
by mducharme
Wed Oct 30, 2019 6:31 pm
Forum: RouterOS v7 BETA
Topic: IP6 address from pool bug fixed?
Replies: 12
Views: 3195

Re: IP6 address from pool bug fixed?

It shouldn't be true that this prevents other /64's from being used. I get a /56 from a pool and do this successfully right now, except I don't use your syntax, which would be invalid for my configuration. What do you have set as the "Pool Prefix Length" in your DHCPv6 client - is it set to 64 or 56?
by mducharme
Sun Oct 27, 2019 10:29 pm
Forum: Forwarding Protocols
Topic: OSPF ignoring Priority?
Replies: 5
Views: 2472

Re: OSPF ignoring Priority?

Apologies, made a typo in my previous post. The BDR is set as 1 and DR set as 255. Surely restart of just one device of these that formed adjacency should be enough to start election process. Else if the DR goes down and comes back up again, it will stay BDR? I am pretty sure standard OSPF behavior...
by mducharme
Sun Oct 27, 2019 5:08 am
Forum: Forwarding Protocols
Topic: OSPF ignoring Priority?
Replies: 5
Views: 2472

Re: OSPF ignoring Priority?

You restarted the device currently acting as the DR?

I'm not sure whether a brief outage of the DR will result in a re-election. It may require an outage of both the DR and BDR to trigger a re-election.
by mducharme
Sun Oct 27, 2019 3:16 am
Forum: Forwarding Protocols
Topic: OSPF ignoring Priority?
Replies: 5
Views: 2472

Re: OSPF ignoring Priority?

Have you logged into the device that is elected as the DR and verified that it is set for 1 and not 255 as the priority?

Note: If the election is already done, adding a new router with 255 is not going to automatically trigger a new election (at least not in my experience).
by mducharme
Sun Oct 27, 2019 3:15 am
Forum: RouterOS v7 BETA
Topic: Feature Request: IPv6 firewall mangle "set priority" action
Replies: 1
Views: 2293

Feature Request: IPv6 firewall mangle "set priority" action

I understand that previously there were some challenges preventing implementation of "set priority" in IPv6 firewall mangle. However now that IPv6 is part of the base product in ROS 7 I would hope that you can add support for "set priority" to the IPv6 firewall mangle. Also of interest (although not...
by mducharme
Sun Oct 27, 2019 3:02 am
Forum: RouterOS v7 BETA
Topic: Feature Request: MPLS Mangle and FastPath Control
Replies: 0
Views: 2127

Feature Request: MPLS Mangle and FastPath Control

Currently we have to do some overly complicated stuff with bridge filters in order to set priority for MPLS frames. It looks from the OSPF module in v7beta that you are making some enhancements for MPLS L3 VPN (Domain ID and Domain Tag support) and so I am hopeful that while this is happening you mi...
by mducharme
Sat Oct 26, 2019 5:20 am
Forum: RouterOS v7 BETA
Topic: Combined OSPFv2/OSPFv3 configuration feedback
Replies: 1
Views: 2287

Re: Combined OSPFv2/OSPFv3 configuration feedback

After looking at this a little bit more, I think this layout can make sense for OSPFv3 in isolation. Where it doesn't make sense is with OSPFv2. On interface ether1 I have neighbor formed and want to set cost of 15 on that interface. The network for that interface is 192.168.88.0/24. So now I need t...
by mducharme
Sat Oct 26, 2019 2:13 am
Forum: RouterOS v7 BETA
Topic: fq_codel or cake in v7
Replies: 26
Views: 10670

Re: fq_codel or cake in v7

I agree with this too, but first I want to see their current feature set stabilized. The sooner that happens, the sooner that they can release v7 and people can start using it in production. New features like this can be added easily later. If they try and add all new features that have been request...
by mducharme
Fri Oct 25, 2019 10:02 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 8082

Re: IPv6 PPPoE and DHCP issue

Your CCR1036 (which I see you have as an access concentrator from your other posts) needs to be configured with IPv6 DNS servers under IP->DNS to hand them out to the client routers. Obviously you can have both IPv4 and IPv6 DNS configured in IP->DNS on the 1036 and that is fine. Also, what Windows ...
by mducharme
Thu Oct 24, 2019 8:51 am
Forum: Announcements
Topic: v6.46beta [testing] is released!
Replies: 150
Views: 72944

Re: v6.46beta [testing] is released!

It is impossible to upgrade from 6.46beta55 to 7.0beta3 on SMIPS devices, not enough space.

After netinstall of 7.0 beta 3 there seems to be enough space for future 7.x upgrades, so the problem is that 6.46beta55 is too big.
by mducharme
Thu Oct 24, 2019 8:38 am
Forum: Forwarding Protocols
Topic: OSPFv3 adjacency with Cisco routers
Replies: 3
Views: 2164

Re: OSPFv3 adjacency with Cisco routers

FYI, this seems to be fixed in v7 beta.
by mducharme
Thu Oct 24, 2019 7:41 am
Forum: RouterOS v7 BETA
Topic: mipsbe install issues
Replies: 2
Views: 2298

Re: mipsbe install issues

Upgrade first to 6.46 latest beta.

Then download 7.0 beta 3 but don't rename it. Upload it with the name it was when downloaded and reboot. It should upgrade.
by mducharme
Thu Oct 24, 2019 7:35 am
Forum: RouterOS v7 BETA
Topic: 7.0beta3 available in testing?
Replies: 40
Views: 9301

Re: 7.0beta3 available in testing?

The problem is not enough space for upgrade with smips. But after netinstall of v7 beta 3 it looks like there is enough space for upgrade for future 7.0 beta versions. However it currently seems to be impossible to upgrade from 6.46 latest beta to v7 beta 3 on SMIPS due to not enough space.
by mducharme
Thu Oct 24, 2019 7:22 am
Forum: RouterOS v7 BETA
Topic: Combined OSPFv2/OSPFv3 configuration feedback
Replies: 1
Views: 2287

Combined OSPFv2/OSPFv3 configuration feedback

I'm not really sure whether I'm a fan of the combined OSPFv2 and OSPFv3 configuration now. It is quite different and there are fewer tabs than before, which is I suppose better in some way. But interfaces and networks are now combined into one tab, which makes it a little ambiguous regarding whether...
by mducharme
Thu Oct 24, 2019 6:34 am
Forum: RouterOS v7 BETA
Topic: 7.0beta3 available in testing?
Replies: 40
Views: 9301

Re: 7.0beta3 available in testing?

SMIPS failing also. Was getting the ERROR: missing routeros-smips-7.0beta3.npk ... so, attempted to manually upgrade from 6.46beta55 Confirmed, I have the same problem trying to upgrade from the latest 6.46 beta on hap mini. Wound up doing netinstall. However it looks like after installing 7.0 ther...
by mducharme
Fri Oct 18, 2019 8:59 am
Forum: Wireless Networking
Topic: Slow 5GHz
Replies: 3
Views: 1344

Re: Slow 5GHz

You're using local forwarding = no which has a big negative impact on performance.
by mducharme
Wed Oct 16, 2019 6:31 am
Forum: Scripting
Topic: dns to address lists scripts.
Replies: 10
Views: 11555

Re: dns to address lists scripts.

What is the point in using that script today? Address lists have built in support for DNS.
by mducharme
Tue Oct 15, 2019 7:37 am
Forum: Forwarding Protocols
Topic: HTTP Downloads cancels when LDP enabled
Replies: 5
Views: 2032

Re: HTTP Downloads cancels when LDP enabled

What is your advertise filter set to?
by mducharme
Fri Sep 27, 2019 2:28 am
Forum: RouterOS v7 BETA
Topic: RouterOS v7.0beta2 bug fund
Replies: 9
Views: 4585

Re: RouterOS v7.0beta2 bug fund

If it were not locked, people might reply to the bug report instructions post with their bug report. The bugs are supposed to be submitted as new posts in the main forum, not as replies to the bug report instructions.
by mducharme
Wed Sep 04, 2019 9:59 pm
Forum: RouterBOARD hardware
Topic: WAPG60ADM new 60 GHz product
Replies: 18
Views: 5384

Re: WAPG60ADM new 60 GHz product

Yes, M could be for Mesh possibly. Could it be for Terragraph?

https://terragraph.com/

https://blog.mikrotik.com/announcements ... graph.html
by mducharme
Mon Sep 02, 2019 9:23 pm
Forum: Announcements
Topic: Suggestions requested: general hotspot controller improvements in functionality
Replies: 11
Views: 6525

Re: Suggestions requested: general hotspot controller improvements in functionality

I know this is an older topic now but I have some feedback. I would like to see some kind of built-in option for hours of operation - I was able to work around this outside of the Hotspot system with firewall rules matching on the date and time and blocking traffic (redirecting to web proxy) when it...
by mducharme
Fri Aug 30, 2019 12:21 am
Forum: Forwarding Protocols
Topic: OSPFv3 adjacency with Cisco routers
Replies: 3
Views: 2164

Re: OSPFv3 adjacency with Cisco routers

I suspect that the CCR is getting confused by the fact that the same router has the same routerID and same link-local address on both interfaces. Is this the case? Yes - MikroTik OSPFv3 currently uses the neighbor device's link local address as the sole unique identifier for the neighbor relationsh...
by mducharme
Sun Aug 25, 2019 10:59 pm
Forum: General
Topic: Hotspot and HTTPS? What solutions?
Replies: 58
Views: 9445

Re: Hotspot and HTTPS? What solutions?

But recently, I added a Windows 10 machine on the network which does NOT have IPv6, no address, no RA, no DHCPv6 server, and it had connectivity problems. Looking in "ipconfig /all" I saw that it had obtained 3 IPv6 addresses belonging to the 3 networks it isn't connected to! For now I disabled the...
by mducharme
Sun Aug 25, 2019 5:25 am
Forum: General
Topic: Hotspot and HTTPS? What solutions?
Replies: 58
Views: 9445

Re: Hotspot and HTTPS? What solutions?

I don't run IPv6 anywhere yet but knowing about this helps greatly because there may be a server which has had DHCPv4 turned off, but DHCPv6 was forgotten and left on. Or a router got installed that had IPv6 package installed for testing and again same problem. A router with the IPv6 package simply...
by mducharme
Sun Aug 25, 2019 4:12 am
Forum: General
Topic: Hotspot and HTTPS? What solutions?
Replies: 58
Views: 9445

Re: Hotspot and HTTPS? What solutions?

No problem. Related to this, I just found this page here has a MikroTik DNS "fix" for captive portal issues: https://socifi-doc.atlassian.net/wiki/spaces/SC/pages/94601401/Mikrotik+DNS+Fix+to+keep+Android+Splash+Page+and+the+Captive+Portal+Notification+active Why do they need a DNS "fix"? Their SOCI...
by mducharme
Sun Aug 25, 2019 3:45 am
Forum: General
Topic: Hotspot and HTTPS? What solutions?
Replies: 58
Views: 9445

Re: Hotspot and HTTPS? What solutions?

But as I keep saying, I want some actual information on this. Not just 'it should work' HOW does it work? I would like information on how all devices detect hotspot in the first place. Not just a brief overview of "they try and connect to a site and if it fails it'll show you the login page" that d...
by mducharme
Sun Aug 18, 2019 10:19 am
Forum: General
Topic: SNMP doesn't work with asymmetric routes?
Replies: 32
Views: 8499

Re: SNMP doesn't work with asymmetric routes?

I found another 'workaround' for this in case setting src-address doesn't work for you (perhaps you have an IP through DHCP)

/ip firewall mangle add action=mark-routing chain=output new-routing-mark=main passthrough=yes protocol=udp src-port=161
by mducharme
Sat Aug 17, 2019 2:06 pm
Forum: General
Topic: Hotspot and HTTPS? What solutions?
Replies: 58
Views: 9445

Re: Hotspot and HTTPS? What solutions?

My main focus here is not in actually trying to redirect HTTPS, I really honestly don't give a flying stuff about that The real issue is simply when hotspot detection fails, the user gets no prompt or no notification in any way that they need to first 'sign in' and the normal behavior is they just ...
by mducharme
Fri Aug 02, 2019 9:07 pm
Forum: General
Topic: CRS317-1G-16S+RM as storage switch
Replies: 4
Views: 1145

Re: CRS317-1G-16S+RM as storage switch

The concern that I would have is that iSCSI traffic is very bursty and I have heard that switches with large buffers are important for good iSCSI performance. I have not seen any information regarding buffer size with the MikroTik switches. We use the CRS317 for have other applications, but have not...
by mducharme
Thu Jul 25, 2019 7:57 pm
Forum: Announcements
Topic: v6.44.5 [long-term] is released!
Replies: 100
Views: 48571

Re: v6.44.5 [long-term] is released!

Updateing to 6.44.5 brings a problem with PPOE Server. Using a Remote Address in PPP Secret which is from a pool this address is not reserved/blocked. So PPPOE-Server uses this IP twice. Hard to find the problem as pings alway go through from the server side but customers complain like mad. So the ...
by mducharme
Fri Jul 19, 2019 8:16 pm
Forum: Announcements
Topic: v6.44.5 [long-term] is released!
Replies: 100
Views: 48571

Re: v6.44.5 [long-term] is released!

I got problem with dhcp-relay , after upgrade my client cannot get address.
Now I downgrade to version 6.43.16 it work fine.
FYI we have tested this on our devices - DHCP relay is working fine for us on 6.44.5.
by mducharme
Tue Jul 16, 2019 12:39 am
Forum: Forwarding Protocols
Topic: PPPoE over VPLS Tunnel - Client Ping mac server pppoe but it does not connect
Replies: 6
Views: 2235

Re: PPPoE over VPLS Tunnel - Client Ping mac server pppoe but it does not connect

When you do ping, its travel via IP protocols with ospf support. Try to look at your mpls LSP to your pppoe server. Dont work. In R3 adding an IP and pinged to R1. But if I add this ip on the client that is on the R3 bridge I can not ping. You'll have to share more of your config to get proper assi...
by mducharme
Sat Jul 13, 2019 7:51 pm
Forum: General
Topic: Routing Question: Not able to get 1 gbps through our gateway with our router inline can without it
Replies: 8
Views: 1556

Re: Routing Question: Not able to get 1 gbps through our gateway with our router inline can without it

It's a multi thread test such as speedtest.net I have also worked with my upstream provider to setup a speedtest called truespeed this is a test from their data center to my gateway. Same poor results on both test. Hooked directly to their copper gateway port I get tcp throughput in the 940mbps are...
by mducharme
Thu Jul 11, 2019 10:12 pm
Forum: Forwarding Protocols
Topic: OSPF Loopback + MPLS Loopback
Replies: 7
Views: 2759

Re: OSPF Loopback + MPLS Loopback

The main reason why you would want to do something like this is if you wanted to have traffic from loopback to loopback that didn't have an MPLS label. If the advertisement filter is set to only advertise the MPLS loopbacks and not the other loopback, you can use the other loopback for cases where y...
by mducharme
Thu Jul 11, 2019 10:07 pm
Forum: Announcements
Topic: v6.46beta [testing] is released!
Replies: 150
Views: 72944

Re: v6.46beta [testing] is released!

3) Update server to the v6.45beta9;
4) Then update all the hosts to the v6.45beta9;
Don't you mean v6.46beta9?
by mducharme
Thu Jul 11, 2019 3:54 am
Forum: General
Topic: DHCPd specific IP addresses to specific physical ETHx ports.
Replies: 5
Views: 822

Re: DHCPd specific IP addresses to specific physical ETHx ports.

I don't believe proxy ARP is a good solution for your needs, it is a bit of a hack. You are better off assigning subnets to each port (i.e. allocate a bunch of /30 subnets) and set up a dhcp server for each.
by mducharme
Mon Jul 08, 2019 5:40 am
Forum: Beginner Basics
Topic: QoS question.
Replies: 4
Views: 740

Re: QoS question.

You can try this: viewtopic.php?f=9&t=129294

That is not a typical feature for QoS, but it looks like someone has implemented it.
by mducharme
Mon Jul 08, 2019 5:20 am
Forum: Beginner Basics
Topic: QoS question.
Replies: 4
Views: 740

Re: QoS question.

Is this a MIkrotik limitation or a QoS limitation in general? How other vendors handle this? This is a general QoS limitation. With all products you need to enter a maximum rate and they use this to determine if the upstream provider is congested. If you are below this maximum rate and the provider...
by mducharme
Mon Jul 08, 2019 12:41 am
Forum: Forwarding Protocols
Topic: OSPF Force path for specific subnet
Replies: 6
Views: 2205

Re: OSPF Force path for specific subnet

Can you run two instances of OSPF between the same two routers (with multiple loopback addresses, etc) and make this work?
Possibly, but that would be a really strange setup. It is very unusual to establish OSPF neighbor with another ISP. You would typically use BGP in this role.
by mducharme
Sun Jul 07, 2019 9:20 pm
Forum: General
Topic: Bridge is resetting CoS to 0 (was: Setting CoS from DSCP on PPPoE server)
Replies: 8
Views: 1486

Re: Bridge is resetting CoS to 0 (was: Setting CoS from DSCP on PPPoE server)

Another thing I didn't mention is that after this VLAN-tagged PPPoE frame leaves the PPPoE NAS, it gets shoved into a VPLS tunnel. And the thing that kills me is that there is a CLEAR inconsistency between how ROS treats priority when it comes to MPLS EXP and how it treats priority when it comes to...
by mducharme
Sun Jul 07, 2019 9:09 pm
Forum: Beginner Basics
Topic: QoS question.
Replies: 4
Views: 740

Re: QoS question.

is there any way to set aside 2 Mbits for certain type of traffic (VoIP for example) , regardless of the total available bandwidth? I want to make sure certain traffic gets at least 2 Mbits, leaving the rest for anything else (web browsing, email, chat, etc) No - you might be able to build a script...
by mducharme
Sun Jul 07, 2019 3:27 am
Forum: Forwarding Protocols
Topic: OSPF Force path for specific subnet
Replies: 6
Views: 2205

Re: OSPF Force path for specific subnet

Any other option? Another routing protocol? multiple OSPF instances perhaps?
You might be able to do this with BGP, depending on your topology.
by mducharme
Mon Jul 01, 2019 9:56 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 111939

Re: v6.45.1 [stable] is released!

The API logins were broken in the last beta of 6.45 as well. Is it related to the removal of the old unencrypted password store?
by mducharme
Thu Jun 27, 2019 4:04 am
Forum: General
Topic: Routing a Block of Public IP Addresses
Replies: 37
Views: 4703

Re: Routing a Block of Public IP Addresses

Does this look right?
John
Yes, that looks good to me, and correct. Should work fine.
by mducharme
Wed Jun 26, 2019 6:08 pm
Forum: General
Topic: Routing a Block of Public IP Addresses
Replies: 37
Views: 4703

Re: Routing a Block of Public IP Addresses

Or would this be more correct: Edge Router route: Destination Address: 198.1.2.128/29 Gateway Address: 10.0.247.101 where 198.1.2.128/29 sets up 6 usable IP addresses and routes those to the Network 2 (which is the first Site Router network) Destination Address: 198.1.2.136/29 Gateway Address: 10.0...
by mducharme
Wed Jun 26, 2019 5:41 pm
Forum: General
Topic: Routing a Block of Public IP Addresses
Replies: 37
Views: 4703

Re: Routing a Block of Public IP Addresses

And I made a mistake. It's 198.1.2.128/26, not /29. John If it is a /26, then you can do it the normal way and split that up across multiple site routers - as long as you only have a few "sites", the trade-off is not bad. The advantage is this will work with any router and is the normal way so it i...
by mducharme
Wed Jun 26, 2019 5:15 pm
Forum: General
Topic: Routing a Block of Public IP Addresses
Replies: 37
Views: 4703

Re: Routing a Block of Public IP Addresses

No, the 38.1.2.128/29 range is provided by the upstream provider as a 'transport' only. The client 'block is the 198.1.2.128/29 range. Right, sorry, misread your last post. I meant 198.1.2.128/29 Something else that others, with whom I've spoken to about this subject, had mentioned was the necessit...
by mducharme
Wed Jun 26, 2019 7:45 am
Forum: Forwarding Protocols
Topic: MPLS over GRE MTU question
Replies: 8
Views: 2481

Re: MPLS over GRE MTU question

So you're saying the MPLS L2MTU is the GRE tunnels' 1500-24? So I have to use the IP MTU of the GRE tunnel to determine the L2MTU of MPLS? A GRE packet is never going to grow above the IP MTU of the interface that it is sent over. I am assuming you are probably using IP MTU 1500 on most interfaces ...
by mducharme
Wed Jun 26, 2019 7:33 am
Forum: General
Topic: Routing a Block of Public IP Addresses
Replies: 37
Views: 4703

Re: Routing a Block of Public IP Addresses

I think I've got it! That actually sounds pretty simple. :-) So I just need to set up incoming routes to get traffic to the correct Client Router/Network. I assume you are trying trying to use the IPs on that 38.1.2.128/29 subnet to assign to various client routers on their WAN ports (one for each)...
by mducharme
Tue Jun 25, 2019 1:19 am
Forum: Forwarding Protocols
Topic: MPLS over GRE MTU question
Replies: 8
Views: 2481

Re: MPLS over GRE MTU question

But there is a physical L2MTU, depending on the parent interface that the traffic is leaving from, correct? When does GRE start fragmenting the L2 stuff? It's long before 65535, obviously. GRE is 24 bytes overhead - assuming your GRE tunnel is running over 1500 IP MTU, subtract 24 bytes for the GRE...
by mducharme
Tue Jun 25, 2019 1:12 am
Forum: General
Topic: Bridge is resetting CoS to 0 (was: Setting CoS from DSCP on PPPoE server)
Replies: 8
Views: 1486

Re: Setting CoS from DSCP on PPPoE server

What am I missing? I haven't tried this myself, but is your setup a bridge with a VLAN on it, or is it a bridge where there is a VLAN interface as the port of the bridge? There is sometimes a difference in behavior between the two - we do some QoS stuff with bridge filters that works only with the ...
by mducharme
Mon Jun 24, 2019 11:54 pm
Forum: Beginner Basics
Topic: Captive portal for Wi-Fi users (no authentication, no internet)
Replies: 8
Views: 1128

Re: Captive portal for Wi-Fi users (no authentication, no internet)

Apologies for the doubt but like I said I'm new with this mikrotik and I've tried most hotspot tutorials from here but with no luck. Perhaps if you could please kindly show me how, step by step on how to accomplish this I would really really appreciate it. What you want to do is very similar to the...
by mducharme
Mon Jun 24, 2019 9:40 pm
Forum: General
Topic: Routing a Block of Public IP Addresses
Replies: 37
Views: 4703

Re: Routing a Block of Public IP Addresses

So, other 'regular' traffic should pass then, correct? Unless it's specifically blocked in the firewall of one of the routers. Correct?
Yes, exactly. Also as an ISP it makes sense to allow most (if not all) ICMP - it makes troubleshooting much easier.
by mducharme
Mon Jun 24, 2019 8:43 pm
Forum: General
Topic: Routing a Block of Public IP Addresses
Replies: 37
Views: 4703

Re: Routing a Block of Public IP Addresses

I've typed /24 too many times. Yes, it's 0.0.0.0/0 on all routers.

John
Add two firewall rules to allow all ICMP on input and forward chains and move them to the top of the list on all three routers, then try the ping again.
by mducharme
Mon Jun 24, 2019 8:26 pm
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 93264

Re: v6.45beta [testing] is released!

Are there any plans to add a simple EAP server authentication where there is no RADIUS server? i.e. Something like xauth for IKEv1 where you can define local users on the router itself? We have a few situations where there is no local RADIUS and certificates are more complicated for end users where ...
by mducharme
Mon Jun 24, 2019 7:53 pm
Forum: General
Topic: Routing a Block of Public IP Addresses
Replies: 37
Views: 4703

Re: Routing a Block of Public IP Addresses

They are set up as a chain. Client Router has 0.0.0.0/24 with Gateway as 10.1.1.254 (which is one of the LAN IP addresses on the Site Router). Site Router has 0.0.0.0/24 with Gateway as 10.0.247.254 (which is one of the LAN IP addresses on the Edge Router). Client routers have internet access just ...
by mducharme
Mon Jun 24, 2019 7:23 pm
Forum: General
Topic: Routing a Block of Public IP Addresses
Replies: 37
Views: 4703

Re: Routing a Block of Public IP Addresses

From Site Router 1, I can ping the Client Router. If I understand correctly, this is because there is a route automatically set up in Site Router 1, since the Client Router is directly connected to Site Router 1. Is this correct? Yes But I still can't ping 10.1.1.1 from the Edge Router. What am I d...
by mducharme
Sun Jun 23, 2019 11:12 pm
Forum: General
Topic: Push remote route through ppp
Replies: 2
Views: 1490

Re: Push remote route through ppp

There is no good solution for this with l2tp. The best way to accomplish this is with IPsec road warrior.

https://wiki.mikrotik.com/wiki/Manual:I ... _Mode_Conf

The split-include takes care of this.
by mducharme
Sun Jun 23, 2019 6:15 pm
Forum: General
Topic: Routing a Block of Public IP Addresses
Replies: 37
Views: 4703

Re: Routing a Block of Public IP Addresses

mducharme, I think I understand what you're saying. I think this again goes back to my background in communications. I'm definitely going to have to 'reshape' my thinking. :-) And there's obviously going to have to be routes in the Client Router to reach the internet, correct? Yes, obviously, but t...
by mducharme
Sun Jun 23, 2019 5:49 am
Forum: General
Topic: Routing a Block of Public IP Addresses
Replies: 37
Views: 4703

Re: Routing a Block of Public IP Addresses

The Edge Router needs a route in place to get incoming traffic to the Client Router, because there's another Router (Router 1) between the Edge Router and the Client Router. Correct? The Edge Router already knows how to reach Router 1, because they're directly connected (so the route is automatical...
by mducharme
Sun Jun 23, 2019 1:03 am
Forum: Forwarding Protocols
Topic: MPLS over GRE MTU question
Replies: 8
Views: 2481

Re: MPLS over GRE MTU question

Well it seems to work ok, and I asked around about it first before trying, and many others said it works fine. Just unsure about the MTU. MPLS works fine over GRE or EoIP. Only the L2MTU matters, and for GRE the L2MTU is 65535 and you can't change it. The only disadvantage of GRE vs EoIP for MPLS i...
by mducharme
Sat Jun 22, 2019 6:57 pm
Forum: Beginner Basics
Topic: Captive portal for Wi-Fi users (no authentication, no internet)
Replies: 8
Views: 1128

Re: Captive portal for Wi-Fi users (no authentication, no internet)

Really? Will this work without intetnet? Cos i've tried a few hotspot guides from here but most requires internet connection to work properly.
Yes it does - why would it not?
by mducharme
Thu Jun 20, 2019 7:02 pm
Forum: Beginner Basics
Topic: Captive portal for Wi-Fi users (no authentication, no internet)
Replies: 8
Views: 1128

Re: Captive portal for Wi-Fi users (no authentication, no internet)

@AidanAus...I'm not quite sure what you're saying "bump the threads", I did post 2 of the same topic since my first post was taking so long for the admin to post it or not so I made a second one. I'm still waiting for the reply on my request since, like I said I was looking for the same topic but c...
by mducharme
Thu Jun 20, 2019 6:26 pm
Forum: General
Topic: Routing a Block of Public IP Addresses
Replies: 37
Views: 4703

Re: Routing a Block of Public IP Addresses

Ok. Now let's expand this a bit. If the 'device' is another route that's on the other side of another router, like this: Edge Router --> Router 1 --> Client Router Then, I would need a route (static or use something like OSPF) in the Edge Router, to route a public IP to the Client Router, since the...
by mducharme
Thu Jun 20, 2019 5:02 am
Forum: General
Topic: Routing a Block of Public IP Addresses
Replies: 37
Views: 4703

Re: Routing a Block of Public IP Addresses

Would I still have to have routes to reach each device from the 'outside world'? Not "each device", but one route for the subnet, yes. However, since you are adding an IP on that subnet onto your router, your router will automatically have a "connected" route to that subnet, so you do not need to a...
by mducharme
Thu Jun 20, 2019 3:22 am
Forum: General
Topic: Routing a Block of Public IP Addresses
Replies: 37
Views: 4703

Re: Routing a Block of Public IP Addresses

So, would I set up my WAN port with 38.1.2.133 and then a 'default route' with 0.0.0.0/0 and the Gateway address as 38.1.2.131? Yes Then, would I set one of the 198.7.8.x addresses (such as 198.7.8.128) as the LAN IP address on my router (which would then be the Gateway IP address in the 'devices' ...
by mducharme
Wed Jun 19, 2019 6:46 pm
Forum: General
Topic: Question - Bandwidth shaping Simple Queues
Replies: 2
Views: 489

Re: Question - Bandwidth shaping Simple Queues

Hi, ether2 interface will not work as a target - you need to use a subnet (ex. 192.168.88.0/24). You will likely also find that you need to set max limit on the "all bandwidth" queue for upload and download in order for it to work.
by mducharme
Tue Jun 18, 2019 4:40 pm
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 26
Views: 3904

Re: QoS prioritization only, without shaping?

This is the primary reason for this post. We want better QoS for backhaul wireless links that we own, and the bandwidth varies it cannot be guaranteed. Real world is not perfect, radio frequencies get crowded, new constructions go up and partially block signal, a bin chicken fly's into the radio an...
by mducharme
Tue Jun 18, 2019 9:16 am
Forum: General
Topic: Radical change coming for home and small business networking
Replies: 53
Views: 7172

Re: Radical change coming for home and small business networking

I think you are really blowing this out of proportion in a “the sky is falling” sort of way. I can tell you right now that cable providers are not going to prevent you from using third party routers just because of this new technology option. You will be able to continue to use CCR routers on these ...
by mducharme
Tue Jun 18, 2019 2:04 am
Forum: RouterBOARD hardware
Topic: CCR1036-8G-2S+ - SFP+ port stops transmitting data?
Replies: 17
Views: 4586

Re: CCR1036-8G-2S+ - SFP+ port stops transmitting data?

We have this problem, but for us it happens every 30-90 days or so. It last happened 57 days ago. We have a ping watchdog to reboot the router when this happens. Disabling and re-enabling the interface might fix it too. Same CCR1036-8G-2S+, first generation. We have two CCR's connected to each other...
by mducharme
Mon Jun 17, 2019 9:30 pm
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 26
Views: 3904

Re: QoS prioritization only, without shaping?

First question: Are you changing the hardware queue type on the MikroTik's? What are you using and what settings? Second question: Are you using a common template for QoS settings and would you care to share it? Answer to First question: No we aren't. One thing you need to realize is that, at least...
by mducharme
Mon Jun 17, 2019 6:15 am
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 26
Views: 3904

Re: QoS prioritization only, without shaping?

Also, AirFiber (except for the AF5XHD) can only read CoS, so you have to copy DSCP to CoS for the AirFiber devices to be able to read it. CoS is really the most universal priority tag available - basically everything supports it, even if DSCP or MPLS EXP bits are not supported. The only downside of ...
by mducharme
Mon Jun 17, 2019 6:04 am
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 26
Views: 3904

Re: QoS prioritization only, without shaping?

Ok but I have heard its best practice to use QoS tags at Layer3 as opposed to Layer2 so why not use DSCP tags instead of CoS? And does a MikroTik router actually do anything with DSCP tagged packets by default or does it need to configured with mangle or queue's to apply prioritization to traffic? ...
by mducharme
Mon Jun 17, 2019 5:26 am
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 26
Views: 3904

Re: QoS prioritization only, without shaping?

The router-router links don't use VLAN's though They just speak to each other on the ethernet link i.e. ether5 on RouterA connects to PTP670 link connects to ether7 on RouterB So using the set priority mangle rule wouldn't do anything? Or would it still tag packets with native VLAN id so that prior...
by mducharme
Mon Jun 17, 2019 4:52 am
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 26
Views: 3904

Re: QoS prioritization only, without shaping?

Here is an example setup from memory: concentrator <-cable-> P-1 <-radio-> P-2 <-radio-> PE <-cable-> CE (customer router) In this example VPLS tunnel runs from concentrator to PE router, so concentrator and PE apply MPLS labels. VPLS tunnel on concentrator would terminate on a bridge (running the P...
by mducharme
Mon Jun 17, 2019 4:15 am
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 26
Views: 3904

Re: QoS prioritization only, without shaping?

Ok so i'm a bit confused as to which method to use here. So lets step it back and i'll give a couple of different scenario's that may need different methods Background: We primarily use Cambium radio's but do use some Ubiquiti and a few Mikrotik I'm going to talk about our backbone infrastructure a...
by mducharme
Sun Jun 16, 2019 10:20 pm
Forum: Wireless Networking
Topic: Guest Wi-Fi Captive Portal Setup [SOLVED]
Replies: 1
Views: 771

Re: Guest Wi-Fi Captive Portal Setup [SOLVED]

You can accomplish this with the hotspot feature in MikroTik - edit the login page to remove the "username" and "password" prompts, add the EULA, and rename the "Connect as Guest" link to "Accept EULA"
by mducharme
Fri Jun 14, 2019 4:53 am
Forum: General
Topic: vlan bridge to port [SOLVED]
Replies: 10
Views: 1228

Re: vlan bridge to port [SOLVED]

What the OP is doing is OK and is simply the old way of creating "access" ports for VLANs where the VLAN is untagged (before bridge VLAN filtering). Doing it the old way can still be justified on platforms other than CRS3xx due to the fact that you can have VLANs while not losing hardware offload fo...
by mducharme
Thu Jun 13, 2019 8:50 am
Forum: General
Topic: Queues lie
Replies: 11
Views: 1195

Re: Queues lie

Manifestly improbable, as our bandwidth tests quite often show speeds well in excess of any customer's bursted queue. I can run BTest from one end of our network to the other (three or four wireless hops) and see speeds in the range of of 80-140Mb. That speed will also be reflected in the first que...
by mducharme
Thu Jun 13, 2019 8:05 am
Forum: General
Topic: Queues lie
Replies: 11
Views: 1195

Re: Queues lie

1-POE-Host is port 1 on the PowerBox, which would normally supply the host's own service, except the property is vacant currently so there's no connection. Here is a partial printout of the queue, the rest of the rules are identical except for address. sqcli.jpg OK Thanks. So, there are a few thing...
by mducharme
Thu Jun 13, 2019 7:43 am
Forum: General
Topic: Queues lie
Replies: 11
Views: 1195

Re: Queues lie

It's pretty difficult to misconfigure simple queues. Queue, queue, queue, that's the one that matches this customer, we're done. There are no other queues. Removing them and putting exactly the same queues back should not fix a bandwidth problem like this... and yet it does. Can you share an export...
by mducharme
Thu Jun 13, 2019 7:14 am
Forum: General
Topic: Queues lie
Replies: 11
Views: 1195

Re: Queues lie

You're not going to tell me the queues were not at fault here. You're also not going to tell me I had them configured wrong, because the configuration I put back was EXACTLY the same configuration that I wiped clean, and it worked just fine from then on… not only for this customer, but for about fi...
by mducharme
Thu Jun 13, 2019 6:04 am
Forum: General
Topic: Queues lie
Replies: 11
Views: 1195

Re: Queues lie

This isn't a question, it's a warning. There is a bug of long standing in RouterOS that causes invisible, internal queue corruption. I have experienced it with both tree queues and simple queues, over a period of something like eight years, and have incontrovertibly proved it is happening. The symp...
by mducharme
Thu Jun 13, 2019 5:57 am
Forum: General
Topic: 10G support for Traffic Engineering
Replies: 1
Views: 681

Re: 10G support for Traffic Engineering

We've been running traffic-engineering based bandwidth limits for at least 5 years. Now that we have 10G interfaces, the 32bit limitation, or whatever the problem, is requiring us to look for different solutions for limiting vpls connections. You can use a queue tree on both sides of the VPLS tunne...
by mducharme
Wed Jun 12, 2019 11:50 pm
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 26
Views: 3904

Re: QoS prioritization only, without shaping?

The other way around, UBNT AP no WDS with MikroTik client connected can often pass VLAN tagged traffic but sometimes it stops and needs to be re-associated to continue. Of course between 2 UBNT devices in WDS mode, and between 2 MikroTik devices in bridge mode there is no issue. In our case the UBN...
by mducharme
Wed Jun 12, 2019 10:57 pm
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 26
Views: 3904

Re: QoS prioritization only, without shaping?

Ok, my experience with UBNT radios that are not in "WDS" mode has been that tagged VLAN traffic over the link does not always work correctly. As we have a mix of UBNT/MikroTik in het network (both at the AP and client side) we often cannot run in "WDS" mode. This should be the same difference as be...
by mducharme
Wed Jun 12, 2019 9:30 pm
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 26
Views: 3904

Re: QoS prioritization only, without shaping?

With the UBNT devices, do you use VLAN tagging only on ethernet and then strip it in the radio, or extend VLAN all over the WiFi link? I have not-so-good experience with the latter when it is not in PtP mode. Sometimes it works fine, sometimes it fails in strange ways. We extend the VLAN over the W...
by mducharme
Wed Jun 12, 2019 6:22 pm
Forum: General
Topic: EoIP tunnels randomly fail
Replies: 8
Views: 999

Re: EoIP tunnels randomly fail

I have a x86 router now running 6.44.3, it was running 42.x, remotely we have a mixture of MK routers but most of them are GR3's We have 10 EoIP tunnels over L2Tp/IPSec vpn/bridge coming into that router. Every now and again one of the EoIP tunnels will drop. We can see traffic from both sides of t...
by mducharme
Wed Jun 12, 2019 5:01 pm
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 26
Views: 3904

Re: QoS prioritization only, without shaping?

Well, when the radio is UBNT (quite common as they operate in the same market segment as MikroTik), the whole QoS thing will work automatically, also without VLAN tagging. It uses the WMM defined queue mapping based on DSCP high 3 bits with 4 queues. This is not true for all of their radios. We hav...
by mducharme
Wed Jun 12, 2019 8:57 am
Forum: Beginner Basics
Topic: My first Mikrotik Router - Firewall Help
Replies: 16
Views: 1574

Re: My first Mikrotik Router - Firewall Help

Your port forwarding is not working because there is no firewall filter forward chain rule that allows that traffic.
by mducharme
Wed Jun 12, 2019 8:45 am
Forum: Forwarding Protocols
Topic: ❗️❓ UNSTABLE VPLS on Wireless networks
Replies: 13
Views: 3019

Re: ❗️❓ UNSTABLE VPLS on Wireless networks

If you have MikroTik radios, use "set priority" action to 7 for OSPF traffic. If the radio is routing you can do that with a mangle rule, or if the radio is bridging you will need to do it with a bridge filter. That will prioritize it as long as you are using either NV2 or WMM. If you are using NV2 ...
by mducharme
Wed Jun 12, 2019 8:35 am
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 26
Views: 3904

Re: QoS prioritization only, without shaping?

Also you should use new priority from dscp high 3 bits, not just from dscp. The mapping from-dscp is probably not what you want. DSCP high 3 bits results in a more useful mapping.
by mducharme
Wed Jun 12, 2019 8:20 am
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 26
Views: 3904

Re: QoS prioritization only, without shaping?

So for all our routers just add a rule at the top of mangle with passthrough ticked 'set priority' new priority: from dscp And that's all thats needed? (Assuming DSCP is already set, otherwise add more mangle rules to set DSCP bits) No queue's added? Yes, *but* whatever you are using for wireless n...
by mducharme
Wed Jun 12, 2019 7:04 am
Forum: General
Topic: QoS prioritization only, without shaping?
Replies: 26
Views: 3904

Re: QoS prioritization only, without shaping?

What wireless links are you using? In most cases, you will need to use a "set priority" mangle rule or bridge filter rule to prioritize the traffic.
by mducharme
Wed Jun 12, 2019 7:02 am
Forum: Forwarding Protocols
Topic: ❗️❓ UNSTABLE VPLS on Wireless networks
Replies: 13
Views: 3019

Re: ❗️❓ UNSTABLE VPLS on Wireless networks

Decreasing downtime is good so certainly follow that feedback but also prioritize OSPF to prevent the downtime from happening in the first place. We have very reliable OSPF over wireless, in some places even set to broadcast (although as scampbell said point-to-point is better), that are completely ...
by mducharme
Tue Jun 11, 2019 9:33 pm
Forum: Forwarding Protocols
Topic: ❗️❓ UNSTABLE VPLS on Wireless networks
Replies: 13
Views: 3019

Re: ❗️❓ UNSTABLE VPLS on Wireless networks

I don't find any good document about it, if is possible get some help that how can I configure it.
I don't have any QOS or priority configuration on routers / links.
What radios are you using?
by mducharme
Tue Jun 11, 2019 5:02 pm
Forum: Forwarding Protocols
Topic: ❗️❓ UNSTABLE VPLS on Wireless networks
Replies: 13
Views: 3019

Re: ❗️❓ UNSTABLE VPLS on Wireless networks

We run long distance wireless links and do not experience this. Even if VPLS tunnels go down for some reason, they typically only take 10 seconds to come back, not 60. The 60 seconds makes me suspect that it is actually something else that is going down, most likely something like OSPF, or possibly ...
by mducharme
Thu Apr 11, 2019 12:16 am
Forum: Beginner Basics
Topic: Limit Bandwidth to Per IP
Replies: 6
Views: 4569

Re: Limit Bandwidth to Per IP

it will effect only connection limit?? then what will i do for bandwidth limit???
I think what you want is PCQ - please see: https://wiki.mikrotik.com/wiki/Manual:Q ... Q_Examples
by mducharme
Wed Mar 13, 2019 9:21 am
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 305
Views: 93264

Re: v6.45beta [testing] is released!

*) dhcpv6-server - added RADIUS accounting support;
This is excellent news - does this also work with DHCPv6 servers over PPP (ex. PPPoE)?
by mducharme
Mon Mar 04, 2019 5:08 am
Forum: Announcements
Topic: v6.44 [stable] is released!
Replies: 219
Views: 48479

Re: v6.44 [stable] is released!

MikroTik as remote DHCP server for relay purposes (not connected directly to the network that DHCP is used on) stops giving leases after upgrade, seemingly due to new ARP conflict detection feature. Disabling conflict detection resolves the issue. Shouldn't this feature shut itself off if the router...
by mducharme
Sun Feb 17, 2019 11:49 pm
Forum: Announcements
Topic: v6.44rc [testing] is released!
Replies: 67
Views: 18798

Re: v6.44rc [testing] is released!

I upgraded from 6.43.12 and had two IPsec peers with RSA key auth. After upgrading to 6.44rc1, only one of the two peers was added to the new ipsec identities tab. I had to recreate the other to bring it up again.
by mducharme
Tue Jan 15, 2019 11:28 am
Forum: General
Topic: Asymmetric Routing
Replies: 7
Views: 987

Re: Asymmetric Routing

I will try a config reset later on Router 1. For the time being it's working in the opposite traffic flow.
can you run /ip route export and paste the results? And the same for /ip route print?
by mducharme
Tue Jan 15, 2019 10:58 am
Forum: General
Topic: Asymmetric Routing
Replies: 7
Views: 987

Re: Asymmetric Routing

Another thing to check - did you perhaps once have that 172.24.62.0/24 subnet set up directly on router1 and removed the IP but haven't rebooted since? Sometimes there can be strange issues caused by route caching when the cache isn't cleared properly.
by mducharme
Tue Jan 15, 2019 10:10 am
Forum: General
Topic: Asymmetric Routing
Replies: 7
Views: 987

Re: Asymmetric Routing

Hmmm. I would have thought while slightly unusual to setup asymmetrically, the Mikrotiks should be able to do this. It's just a matter of setting the static route for 172.24.62.0/24 to gateway IP 10.0.0.2. MikroTik does asymmetric routing and it is allowed by default. If it is not working, then you...
by mducharme
Tue Jan 15, 2019 9:26 am
Forum: General
Topic: Asymmetric Routing
Replies: 7
Views: 987

Re: Asymmetric Routing

Hello,

A router will in some cases try to use ARP to resolve a remote IP if gateway for one of the routes is incorrectly set to an interface instead of an IP address. Double check your routes and make sure you don't have a route where gateway is incorrectly set to an interface name instead of an IP.
by mducharme
Tue Jan 15, 2019 1:45 am
Forum: Forwarding Protocols
Topic: MPLS TE 2x 1gbps point to point links
Replies: 5
Views: 2110

Re: MPLS TE 2x 1gbps point to point links

Hi Guys, I managed to get RSVP TE tunnel up and running between the two routers but traffic doesn't pass over it. I notice that the RSVP TE shows up as an Interface in the router. Should I configure an OSPF connection between the two routers on the RSVP TE interfaces? The issue I am currently havin...
by mducharme
Mon Jan 14, 2019 1:00 am
Forum: General
Topic: CCR1036-8G-2S+with HIGH CPU load
Replies: 9
Views: 1245

Re: CCR1036-8G-2S+with HIGH CPU load

I read about the disabling SNMP, tried it too, didn't help for me. This is by the way what the CPU looks like after the reboot. Busy, but normal: cpu.JPG Yes this is exactly what happened to us. In our case it seemed to start when a winbox session terminated abnormally that had a large table open (...
by mducharme
Mon Jan 14, 2019 12:53 am
Forum: Forwarding Protocols
Topic: MPLS TE 2x 1gbps point to point links
Replies: 5
Views: 2110

Re: MPLS TE 2x 1gbps point to point links

Hi,

This is accomplished by forcing one VPLS tunnel across one TE tunnel and the other VPLS tunnel across the other TE tunnel. The VPLS tunnels can then be used for load balancing.
by mducharme
Sun Jan 13, 2019 7:14 am
Forum: General
Topic: CCR1036-8G-2S+with HIGH CPU load
Replies: 9
Views: 1245

Re: CCR1036-8G-2S+with HIGH CPU load

We experienced this previously - a reboot appeared to clear it. I noticed it happens on our router when a user session is "stuck" - sometimes winbox disconnects but the router still thinks the user is logged in, and continues to think so until it is rebooted. I'm not sure if this is the cause or not...
by mducharme
Sat Jan 05, 2019 10:20 pm
Forum: Announcements
Topic: v6.43.8 [stable] is released!
Replies: 169
Views: 44132

Re: v6.43.8 [stable] is released!

Please suggest me what should i do now? All users are using unlimited bandwidth now, thats why, it's so much tough to me for managing the bandwidth. Another thing is that, when i logged into the mikrotik via winbox, it's showing unsecured mode at the right corner. Potentially the problem is with qu...
by mducharme
Tue Jan 01, 2019 4:38 am
Forum: Scripting
Topic: ":put" problem in scripting [SOLVED]
Replies: 4
Views: 1195

Re: ":put" problem in scripting [SOLVED]

This is normal behavior. If you want the script to print output while it runs, use the :log command which will output to the system log.
by mducharme
Mon Dec 31, 2018 6:26 am
Forum: General
Topic: Port forwarding with PPPOE doesn't work
Replies: 2
Views: 1118

Re: Port forwarding with PPPOE doesn't work

Besides what is explained above, the other problem with this rule is src-port="", which means src-port=NULL. src-port will never be null, so therefore you will need to adjust this rule; Otherwise, it will never apply.
by mducharme
Sun Dec 30, 2018 11:15 pm
Forum: Beginner Basics
Topic: Voice vlan and mikrotik
Replies: 3
Views: 1740

Re: Voice vlan and mikrotik

How to create voice VLAN on Mikrotik? I create as normal VLAN and I add DHCP server but when I plug telephone doesn't receive an IP address. On switch it show that I plug telephone as tagged port. Switch is PLANET gs-4210-24p4c Mikrotik CRS212-1G-10S-1SplusIN and IP telephony is Grandstream. You sh...
by mducharme
Sun Dec 30, 2018 10:45 pm
Forum: Beginner Basics
Topic: RouterOS basic vlan config
Replies: 15
Views: 2087

Re: RouterOS basic vlan config

Also, I would not add the same IP onto two interfaces simultaneously. It could possibly cause an issue - if the device has an IP on the same subnet in two different interfaces, how does it know which to use to reach you? You should probably put the ether2 ip in a different subnet from the IP that yo...
by mducharme
Sun Dec 30, 2018 9:33 pm
Forum: Beginner Basics
Topic: RouterOS basic vlan config
Replies: 15
Views: 2087

Re: RouterOS basic vlan config

no worries. I don't have Windows pcs therefore Winbox is not an option. However I simply reset the CRS and started from scratch. Could also help me understanding the concept a little better. Many people use winbox on MacOS or Linux in Wine. It is designed to work well in Wine. There is even a versi...
by mducharme
Sat Dec 29, 2018 10:38 pm
Forum: Beginner Basics
Topic: RouterOS basic vlan config
Replies: 15
Views: 2087

Re: RouterOS basic vlan config

I added: /ip address add address=192.168.2.60/24 interface=vlan2 network=192.168.2.0 and I removed: /ip address remove numbers=0 (this was the "interface=ether2") the last command unfortunately looked me out. Don't exactly understand why, since Port 17 was supposed to be an untagged access Port on ...
by mducharme
Sat Dec 29, 2018 7:11 pm
Forum: Beginner Basics
Topic: RouterOS basic vlan config
Replies: 15
Views: 2087

Re: RouterOS basic vlan config

and put the IP address on this VLAN interface How do I do this? Can't see an option to set a vlan for the MK IP. To do this, simply change the interface for the IP from "ether2" to "vlan2". Currently you have "/ip address add address=192.168.2.60/24 interface=ether2 network=192.168.2.0", this will ...
by mducharme
Sat Dec 29, 2018 4:29 am
Forum: RouterBOARD hardware
Topic: 10GB SFP+ recognized as 1GB - Question [SOLVED]
Replies: 3
Views: 906

Re: 10GB SFP+ recognized as 1GB - Question [SOLVED]

Thanks, actually I'm embarrassed since I had a look at the block diagram several times and thought even though the channel only provides only 1GB to the CPU it should have a 10GB connection. But I didn't notice it's an SFP only and not SFP+. Aarrrrg. The 4011 has an SFP+ port. If you upgrade to tha...
by mducharme
Sat Dec 29, 2018 4:15 am
Forum: Beginner Basics
Topic: RouterOS basic vlan config
Replies: 15
Views: 2087

Re: RouterOS basic vlan config

Hi again, I didn't have much time recently to keep on trying to set it up. But now I try again and still don't get it properly. second thing I did, was configuring one access port: /interface bridge vlan add bridge=bridge untagged=ether17 vlan-ids=2 so, Port 17 is an access port on vlan 2 untagged....
by mducharme
Fri Dec 28, 2018 11:02 pm
Forum: Beginner Basics
Topic: Firewall is blocking FORWARDING? WHY??
Replies: 9
Views: 1074

Re: Firewall is blocking FORWARDING? WHY??

/ip firewall filter add action=accept chain=forward comment="INTERNET USERS TCP" \ connection-state=established,related,new dst-port="" port="" protocol=tcp add action=accept chain=forward comment="INTERNET USERS UDP" \ connection-nat-state="" connection-state=established,related,new port=53 \ prot...
by mducharme
Wed Dec 26, 2018 10:29 pm
Forum: Forwarding Protocols
Topic: BGP practice
Replies: 14
Views: 2900

Re: BGP practice

Hello mducharme, My topology goes like this ISP 1 -- Router A ------- Router C ------- Router D ------- router F ----- Router B--- ISP 2 So I setup Router A and Router B as BGP routers, inside Routers C, D , F , A, B all use OSPF, I want to establish that when my ISP 1 is down ( it happens sometime...
by mducharme
Wed Dec 26, 2018 5:57 am
Forum: Beginner Basics
Topic: VLAN hell - NOOB :)
Replies: 3
Views: 704

Re: VLAN hell - NOOB :)

Here is a layout of what I would like to accomplish in Phase I isp modem -> Asus router -> eth01 port - CRS in bridge mode - eth10 port -> Hyper-V ( 192.168.1.10) Static IP - eth15 port -> MAC ( 192.168.1.20 ) DHCP IP from Asus router - eth20 port -> IoT Hub #1 ( 192.168.50.10) DHCP IP from CRS - e...