Community discussions

MikroTik App

Search found 1028 matches

by mducharme
Sun Oct 18, 2020 9:45 pm
Forum: RouterOS v7 BETA
Topic: IP Route In RouterOS V7
Replies: 3
Views: 742

Re: IP Route In RouterOS V7

I enter the command: "/ ip firewall mangle add action = mark-routing chain = prerouting connection-mark = from-ISP1 new-routing-mark = to-ISP1 passthrough = yes " in response I get: "input does not match any value of new-routing-mark". How to do it correctly? Now you have to add new routing table "...
by mducharme
Sun Oct 11, 2020 2:29 am
Forum: Beginner Basics
Topic: IPV6 Firewall [SOLVED]
Replies: 55
Views: 1694

Re: IPV6 Firewall [SOLVED]

Thanks. Yes, that is the problem i appear to have! I did try the refresh as you did but still no result. :( Interesting it comes back as 'not tested'. One would have thought it would say 'unreachable', as the result I get on ios when I try it is 'reachable' for ICMP (As an FYI, i have swapped to th...
by mducharme
Sat Oct 10, 2020 2:11 pm
Forum: Beginner Basics
Topic: IPV6 Firewall [SOLVED]
Replies: 55
Views: 1694

Re: IPV6 Firewall [SOLVED]

Sorry, what i meant was, iOS on my iPhone returns nearly a full house (19/20) on the test site, but OSX and windows10 does'nt (17/20). Also, after pinging my Macbook ipv6 address from the Ultratools website, I do not get any ICMPv6 input packets recorded in the MT firewall, but do get one forwarded...
by mducharme
Fri Oct 09, 2020 6:30 am
Forum: Beginner Basics
Topic: IPV6 Firewall [SOLVED]
Replies: 55
Views: 1694

Re: IPV6 Firewall [SOLVED]

Sorry scrap that, i was pinging the wrong addresses! Performing a ping6 to ipv6.google.com from terminal in osx, i get a response no prorlem, and if i ping my device ipv6 i also get a response from that test site, although that response time is very high comparing it to outgoing. It is likely that ...
by mducharme
Fri Oct 09, 2020 1:34 am
Forum: Beginner Basics
Topic: IPV6 Firewall [SOLVED]
Replies: 55
Views: 1694

Re: IPV6 Firewall [SOLVED]

Just tested on that site with ipv6.google.com and that seems to work ok?

Image
No, I mean use that site to ping your computers on the inside of your network. Check what IPv6 addresses they have, enter them into the ping tool, and see if it can ping them.
by mducharme
Fri Oct 09, 2020 1:23 am
Forum: Beginner Basics
Topic: IPV6 Firewall [SOLVED]
Replies: 55
Views: 1694

Re: IPV6 Firewall [SOLVED]

That test site shows ICMPv6 as "not tested", but this only seems to be on laptops etc. https://thumbsnap.com/f/rzBTR5WR It is probably the firewall on the device that is blocking pings, not the router itself. Test with an online ping tool that supports IPv6, such as https://www.ultratools.com/tools...
by mducharme
Thu Oct 08, 2020 10:55 pm
Forum: Beginner Basics
Topic: IPV6 Firewall [SOLVED]
Replies: 55
Views: 1694

Re: IPV6 Firewall [SOLVED]

Well, as another update, i configured the icmpv6 protocol etc on the W10 machine and still nothing. I also spoke to my ISP, and they said they supply IPV6 connectivity raw, and do not apply any restrictions on it. What does https://ipv6-test.com/ show? And what makes you think your IPv6 isn't worki...
by mducharme
Wed Oct 07, 2020 7:37 pm
Forum: Beginner Basics
Topic: IPV6 Firewall [SOLVED]
Replies: 55
Views: 1694

Re: IPV6 Firewall [SOLVED]

Just to add, i realised my IPV6 DNS was incorrect but after correcting it, still the same, You can view the default config for the device by executing: /system default-configuration print The default config shown by that command is updated by upgrading the RouterOS version, so it will be the latest...
by mducharme
Tue Sep 29, 2020 1:31 am
Forum: Scripting
Topic: FastTrack-Friendly QoS Script
Replies: 46
Views: 18776

Re: FastTrack-Friendly QoS Script

You'll need to copy and paste the script into scripts (system->scripts->new (+)->paste), change the upload and download bandwidth and inbound and outbound interface names at the top to match your settings, and run the script. (the bandwidths should be slightly less than what you normally receive as...
by mducharme
Thu Sep 24, 2020 2:40 am
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 135
Views: 51901

Re: v6.48beta [testing] is released!

Port Extension is NOT stacking... Right, this isn't stacking - but where this all started was a thread where people were asking for stacking, and MikroTik said they would look for an open standards way, and then they came out with this. Also, they just said in the response to my request for clarifi...
by mducharme
Tue Sep 22, 2020 4:10 am
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 135
Views: 51901

Re: v6.48beta [testing] is released!

Also, for everyone how is interested in the new Bridge Controller and Extender feature, we have created an article that describes it in more detail, more advanced examples are coming soon. Follow this link - https://help.mikrotik.com/docs/display/ROS/Controller+Bridge+and+Port+Extender. Feel free t...
by mducharme
Wed Sep 09, 2020 5:58 am
Forum: RouterOS v7 BETA
Topic: SDWAN using Zerotier
Replies: 21
Views: 8548

Re: SDWAN using Zerotier

+1 for ZeroTier, if possible
by mducharme
Wed Sep 02, 2020 3:13 am
Forum: Announcements
Topic: WinBox v3.25 released!
Replies: 68
Views: 5990

Re: WinBox v3.25 released!

IMHO You shold fix WinBox not ROS ASAP as upgrade to ROS > 6.47 is not always possible I agree with this. It may be caused by a ROS bug but surely there is some way you can have Winbox check the RouterOS version and adjust its behavior based on the version? Perhaps you can use the old code if the R...
by mducharme
Wed Sep 02, 2020 12:29 am
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 135
Views: 51901

Re: v6.48beta [testing] is released!

I have a question about this 802.1BR support. I understand there is this idea of a controlling bridge, which would be like a master switch. What happens if this goes down? Is it a single point of failure? With traditional proprietary stacking solutions from other vendors, the stacked units sync thei...
by mducharme
Mon Aug 31, 2020 11:53 pm
Forum: Beginner Basics
Topic: Mikrotik as L2TP Client connected to Mikrotik L2TP server
Replies: 8
Views: 382

Re: Mikrotik as L2TP Client connected to Mikrotik L2TP server

I have the routers all working in one direction they can all ping thru to the core network 192.168.1.0/24. What the current issue is the route back, the Production router can ping the inside interface of each spoke but no further and only if I set a route to the interface after the L2TP Ipsec tunne...
by mducharme
Sun Aug 30, 2020 1:25 am
Forum: RouterOS v7 BETA
Topic: DHCPv6 Server
Replies: 29
Views: 1359

Re: DHCPv6 Server

Not that it matters too much, because whether DNS server uses IPv4 or IPv6 for transport, it can answer all queries. So if you have IPv6 connectivity but no IPv6 DNS resolvers, it's no problem, because even IPv4 DNS resolver will give you AAAA records needed for IPv6. Yes, of course, either an IPv4...
by mducharme
Sat Aug 29, 2020 11:31 pm
Forum: RouterOS v7 BETA
Topic: DHCPv6 Server
Replies: 29
Views: 1359

Re: DHCPv6 Server

Can a Windows PC get an IPv6 DNS server by SLAAC, RAVD? Yes, Windows 10 supports this since version 1703. There is a gotcha surrounding this support though - Windows prefers DNS servers received through any kind of DHCP to DNS servers advertised via SLAAC. So if you run dual stack IPv4 and IPv6 and...
by mducharme
Sat Aug 29, 2020 8:38 am
Forum: RouterOS v7 BETA
Topic: DHCPv6 Server
Replies: 29
Views: 1359

Re: DHCPv6 Server

Actualy, trainers = MKT staff? If user try to ask something from MKT, some trainer will say: no nooo, user stop asking, and things are done :) I am not MikroTik staff. But Google has said that stateful DHCPv6 is worthless, there is no point to it, and they will never support it in their products be...
by mducharme
Sat Aug 29, 2020 8:02 am
Forum: RouterOS v7 BETA
Topic: DHCPv6 Server
Replies: 29
Views: 1359

Re: DHCPv6 Server

hmmm, last time i checked OpenWrt is was doing exactly this Linux & Windows hosts have they hostnames and addresses was assigned through IPv6 server I'm not talking about "assigning" hostnames through DHCPv6 server. I'm talking about DHCPv6 server collecting existing hostnames. DHCPv4 server does -...
by mducharme
Sat Aug 29, 2020 7:58 am
Forum: RouterOS v7 BETA
Topic: DHCPv6 Server
Replies: 29
Views: 1359

Re: DHCPv6 Server

There is only one good reason for implementing stateful DHCPv6 - a lot of home routers when asking for a prefix will also request an address, and if not given both a prefix and an address, they will not accept either. Other than to work around that bug, stateful DHCPv6 addressing is a waste of time ...
by mducharme
Sat Aug 29, 2020 3:46 am
Forum: Forwarding Protocols
Topic: OSPF VPLS/MPLS load balancing and failover
Replies: 7
Views: 1586

Re: OSPF VPLS/MPLS load balancing and failover

I have a suggestion. Since you are dealing with equal traffic over both links, what I would probably do here is use one VLAN for management IPs for the radios and a separate VLAN for traffic, and have no untagged traffic across the links. On the MikroTik router on both sides, create a bonding interf...
by mducharme
Sat Aug 29, 2020 3:36 am
Forum: RouterOS v7 BETA
Topic: Not a fan of the new (/) slash notation.
Replies: 16
Views: 897

Re: Not a fan of the new (/) slash notation.

Personally, I don't find the slashes a big deal at all. It is more logical than using spaces when it comes to showing people the hierarchy, since the command line really resembles a folder->subfolder structure like a typical file system. For new users, I think it will make things even clearer than t...
by mducharme
Fri Aug 28, 2020 11:51 pm
Forum: RouterOS v7 BETA
Topic: Not a fan of the new (/) slash notation.
Replies: 16
Views: 897

Re: Not a fan of the new (/) slash notation.

I think the reason for adding the slashes was to make the CLI more like the API - the API has always required the use of slashes where the CLI has used spaces.
by mducharme
Thu Aug 27, 2020 4:18 am
Forum: RouterOS v7 BETA
Topic: DHCPv6 Server
Replies: 29
Views: 1359

Re: DHCPv6 Server

never seen anyone using ipv6
IPv6 is not dead, it is growing. IPv4 is dying. IPv4 NAT cannot handle what is coming in the future. Companies don't feel under any pressure to move, but cell providers are moving and home customers are getting IPv6 at an increasing rate.
by mducharme
Thu Aug 27, 2020 2:37 am
Forum: RouterOS v7 BETA
Topic: DHCPv6 Server
Replies: 29
Views: 1359

Re: DHCPv6 Server

This is a reason why i using other brands in my production LANs MKT is good for guest network, i don't care what guest do there, what is they IP, they are filtered out :) stateful DHCP v6 is a must in serious LAN and i don't care what google say You can use DHCPv6-PD, as others have said, but not u...
by mducharme
Fri Aug 21, 2020 10:30 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 282
Views: 71368

Re: v7.1beta2 [development] is released!

P.S. One thing I would really like to see in the new RouterOS v7 MPLS implementation is MPLS mangle for QoS purposes - specifically, "mark packet" and "set priority" actions for MPLS. Right now to do MPLS QoS on RouterOS we have to create a bunch of extra bridges and use bridge filters for QoS. A si...
by mducharme
Fri Aug 21, 2020 7:53 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 282
Views: 71368

Re: v7.1beta2 [development] is released!

Any time frame to move off development phase and make it ready for production / stable?
They still have to implement MPLS - I think that is the one major feature still missing from the current beta. Otherwise, there are probably many small fixes needed here and there.
by mducharme
Fri Aug 21, 2020 7:34 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 282
Views: 71368

Re: v7.1beta2 [development] is released!

IPv6 BGP is working now! Thanks MikroTik!
by mducharme
Wed Aug 19, 2020 2:08 am
Forum: General
Topic: Duplicate PPOE sessions with '1>' at end - Yet One session per host is allowed only
Replies: 6
Views: 1011

Re: Duplicate PPOE sessions with '1>' at end - Yet One session per host is allowed only

Okay, thanks. I found that option. It was disabled. So now in Splynx, both POD + clean and COA & POD is enabled. Should be fine right?
Yes, now you should find that if you try logging in as the user a second time, the first one actually gets disconnected instead of simply passing no traffic.
by mducharme
Tue Aug 18, 2020 5:58 am
Forum: General
Topic: Duplicate PPOE sessions with '1>' at end - Yet One session per host is allowed only
Replies: 6
Views: 1011

Re: Duplicate PPOE sessions with '1>' at end - Yet One session per host is allowed only

Thank you for this info. Yes, the radius server is doing something called POD+Clean according to the settings in Splynx. Is this sufficient and correct? (screenshot below) <pppoe-jack@isp> <pppoe-jack@isp-1> <---- only this one has data flowing through. If only one has data, you should be OK. The s...
by mducharme
Fri Aug 14, 2020 3:12 am
Forum: General
Topic: Duplicate PPOE sessions with '1>' at end - Yet One session per host is allowed only
Replies: 6
Views: 1011

Re: Duplicate PPOE sessions with '1>' at end - Yet One session per host is allowed only

Any ideas? Hi, That is normal behaviour - one-session-per-host will allow a new session to connect but will automatically close the old session. For a split second there are two sessions, so the -1 is added on the new session and then the old session is closed a split second later due to the one-se...
by mducharme
Sun Aug 09, 2020 1:46 am
Forum: Beginner Basics
Topic: Unable to ping client PCs on IPv6 through TunnelBroker
Replies: 8
Views: 1621

Re: Unable to ping client PCs on IPv6 through TunnelBroker

I'm failing the ICMP test on ipv6-test.com and would like to get 20/20 just to brag to my ISP about how cool IPv6 is. The default IPv6 firewall configuration (at least, in its current iteration) allows all ICMPv6 basically. You should find "accept" rules in both the input and forward chain for icmp...
by mducharme
Sat Aug 08, 2020 3:29 am
Forum: Beginner Basics
Topic: I am utterly confused with this switch compared to cisco
Replies: 4
Views: 968

Re: I am utterly confused with this switch compared to cisco

Some of these have already been replied to fairly well, so I just have a few comments. 3. Why is there a VLAN under bridge, and then VLAN's under interface. What is the difference? This is also done with Cisco with exactly the same distinction. On Cisco switches you have vlan definitions (ex. type "...
by mducharme
Thu Aug 06, 2020 3:16 am
Forum: Forwarding Protocols
Topic: Mpls performance on CCR1036-8G-2S.
Replies: 6
Views: 1713

Re: Mpls performance on CCR1036-8G-2S.

In our case, we run VPLS instead of EoIP wherever possible. Our network does not really have redundant paths - it is like a giant tree structure, with a trunk backbone and sites that spread out as branches from there, not connected to each other. In our case, the lack of fast reroute does not impact...
by mducharme
Wed Aug 05, 2020 3:46 am
Forum: RouterOS v7 BETA
Topic: local DNS blocked by firewall (bug?)
Replies: 6
Views: 1631

Re: local DNS blocked by firewall (bug?)

Isn't it incorrectly written or did I misunderstand, please? Example: To set 159.148.60.2 as the primary DNS server and allow the router to be used as a DNS server, do the following: You misunderstood. In the example, "159.148.60.2" would be the DNS server you want to use (ex. that of your ISP) and...
by mducharme
Tue Aug 04, 2020 11:24 pm
Forum: RouterOS v7 BETA
Topic: local DNS blocked by firewall (bug?)
Replies: 6
Views: 1631

Re: local DNS blocked by firewall (bug?)

Your router should not be set to use itself as a DNS server. Under IP->DNS, verify that the only DNS server IPs entered are remote ones and not the router itself.
by mducharme
Tue Aug 04, 2020 9:25 pm
Forum: RouterOS v7 BETA
Topic: Feature Request - Wireguard Protocol
Replies: 163
Views: 47171

Re: Feature Request - Wireguard Protocol

Give them a bit of time at least - they have already basically said they are adding it.
by mducharme
Thu Jul 30, 2020 9:40 pm
Forum: Forwarding Protocols
Topic: MPLS/VPLS/MTU Question??
Replies: 3
Views: 1156

Re: MPLS/VPLS/MTU Question??

L2 MTU for the interfaces that carry MPLS labelled traffic has to be set to at least as high as the MPLS MTU for the network. The MikroTik default L2MTU is often around 1596 or so, we never bothered to lower this. We use an MPLS MTU of 1550 network-wide - it gives more flexibility in case we or the ...
by mducharme
Sat Jul 25, 2020 3:02 am
Forum: RouterOS v7 BETA
Topic: v7.1beta1 [development] is released!
Replies: 103
Views: 41215

Re: v7.1beta1 [development] is released!

RB951G-2HnD not working. Tried to upgrade from 6.46.6 by uploading .npk but it crashes entirely (no communication through LAN, no wi-fi). Fortunately after power reset it has switched to a second partition with 6.46.6, so no netinstall needed. You probably can't upgrade from 6.46.6. Only latest sta...
by mducharme
Thu Jul 23, 2020 11:03 am
Forum: RouterOS v7 BETA
Topic: OSPF routes marked invalid
Replies: 8
Views: 1925

Re: OSPF routes marked invalid

I am having this issue with only some of my OSPFv2 routes.

I have OSPFv2 routes across an L2TP tunnel to a RouterOS 6 device - these all show as invalid. I also have OSPFv2 routes to a RouterOS 6 device across an EoIP tunnel - these seem to work.
by mducharme
Sun Jul 19, 2020 3:23 am
Forum: RouterOS v7 BETA
Topic: IPv6 Radius Accounting Not Working for PPPOE Clients (Delegated Prefix)
Replies: 19
Views: 3504

Re: IPv6 Radius Accounting Not Working for PPPOE Clients (Delegated Prefix)

I Know they have not given any ETA, but atleast it gives all of us a hope. :) :D :) :D
They gave me this same response a year ago.
by mducharme
Fri Jul 17, 2020 1:38 am
Forum: General
Topic: Why does both L2MTU and MAX-L2MTU exist?
Replies: 11
Views: 2304

Re: Why does both L2MTU and MAX-L2MTU exist?

anyone? On a layer 2 network you may have another switch that cannot admit frames that are quite as large as what the others can. In that case you may want to limit all switches to an L2MTU equal to the least capable device you have. If you limit the L2MTU to a setting that the least capable device...
by mducharme
Thu Jul 16, 2020 7:44 am
Forum: RouterOS v7 BETA
Topic: IPv6 Radius Accounting Not Working for PPPOE Clients (Delegated Prefix)
Replies: 19
Views: 3504

Re: IPv6 Radius Accounting Not Working for PPPOE Clients (Delegated Prefix)

Do you have a ticket number?
I had ticket 2018070222004763 for this, but it was in the older OTRS system they used before they moved to JIRA.
by mducharme
Tue Jul 14, 2020 3:51 am
Forum: General
Topic: IPv6 with PPPoE dial to ISP - No browsing [SOLVED]
Replies: 13
Views: 2454

Re: IPv6 with PPPoE dial to ISP - No browsing [SOLVED]

Would this be on the PPPoE Interface? /interface pppoe-client add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 default-route-distance=1 dial-on-demand=no disabled=no interface=ether1-Fibre keepalive-timeout=10 max-mru=1480 max-mtu=1480 mrru=1600 name=ISP profile=default service-n...
by mducharme
Mon Jul 13, 2020 8:17 am
Forum: General
Topic: IPv6 with PPPoE dial to ISP - No browsing [SOLVED]
Replies: 13
Views: 2454

Re: IPv6 with PPPoE dial to ISP - No browsing [SOLVED]

Probably an MTU issue. Try some pings with different packet sizes to determine what your MTU limit is. Usually the PPPoE client MTU limit is 1480 or 1492, but RFC 4368 PPPoE servers allow up to 1500 MTU, as long as your client is configured for 1500..
by mducharme
Mon Jul 13, 2020 4:49 am
Forum: General
Topic: DHCP + RADIUS - renew does not check RADIUS
Replies: 11
Views: 3281

Re: DHCP + RADIUS - renew does not check RADIUS

Someone figure out how to change DHCP Address list or Mikrotik-Rate-Limit using COA? MikroTik does not support CoA with DHCP RADIUS so this is impossible. As I said, your RADIUS server will have send a Session-Timeout value in the initial Access-Accept. If the renewal time for a new lease exceeds t...
by mducharme
Sun Jul 12, 2020 11:21 pm
Forum: RouterOS v7 BETA
Topic: OSPF problems
Replies: 4
Views: 2050

Re: OSPF problems

Yes, I had encountered this above issue. I figure it is actually caused by the missing "gateway" setting. IPv6 BGP has the same issue - missing "gateway" causes the route to be invalid, since how can a route have no gateway?
by mducharme
Fri Jul 10, 2020 12:05 am
Forum: Forwarding Protocols
Topic: MPLS labels missing in traceroute output [SOLVED]
Replies: 8
Views: 1786

Re: MPLS labels missing in traceroute output [SOLVED]

Here is a screenshot from putty, you can see I got the extra columns. I had to run the traceroute command after making the window bigger - if you run the traceroute command before you make the window bigger, the columns will not appear.
traceroute.PNG
by mducharme
Thu Jul 09, 2020 3:04 am
Forum: Forwarding Protocols
Topic: MPLS labels missing in traceroute output [SOLVED]
Replies: 8
Views: 1786

Re: MPLS labels missing in traceroute output [SOLVED]

In my environment I just get 8 columns
It hides the columns on the right if your terminal window is not wide enough to show them. Make your terminal window wider before running traceroute, or use the graphical traceroute in Winbox.
by mducharme
Thu Jul 09, 2020 2:35 am
Forum: RouterOS v7 BETA
Topic: IPv6 Radius Accounting Not Working for PPPOE Clients (Delegated Prefix)
Replies: 19
Views: 3504

Re: IPv6 Radius Accounting Not Working

The feature only exists when using DHCPv6 server outside of PPP/PPPoE situations. It is not yet implemented for PPPoE. We really want to see it implemented for PPPoE situations as well.
by mducharme
Thu Jul 09, 2020 2:33 am
Forum: RouterOS v7 BETA
Topic: missing routeros-mmips-7.0beta8.npk
Replies: 2
Views: 795

Re: missing routeros-mmips-7.0beta8.npk

Using the 'Check for Updates' feature under 6.48beta12 to upgrade to 7.0Beta8 results in the following message: missing routeros-mmips-7.0beta8.npk It should actually be trying to download: routeros-7.0beta8-mmips.npk That's normal. I believe they did that on purpose so that the average home user w...
by mducharme
Wed Jul 08, 2020 12:15 am
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 135
Views: 51901

Re: v6.48beta [testing] is released!

There will continue to be 6.X versions for the foreseeable future as not all the chip sets out there will be able to support the new linux kernel in 7.X What is not able to support the new linux kernel in v7? (other than really old devices, ex. mipsle) From what I have seen, any MikroTik model that...
by mducharme
Tue Jul 07, 2020 11:19 pm
Forum: RouterOS v7 BETA
Topic: v7.0beta8 [development] is released!
Replies: 180
Views: 65098

Re: v7.0beta8 [development] is released!

I work for a distributor and we have asked for this already last year.
by mducharme
Tue Jul 07, 2020 6:03 am
Forum: General
Topic: DHCP Offering Lease Without Success
Replies: 53
Views: 29000

Re: DHCP Offering Lease Without Success

I find in the vast majority of cases where I see this message, it is because the VLAN is allowed in one direction but not the other. When bridge VLAN filtering is used, if there is a VLAN accidentally missing from the config on one device and ingress filtering is not enabled, it is possible to have ...
by mducharme
Tue Jul 07, 2020 5:58 am
Forum: RouterOS v7 BETA
Topic: v7.0beta8 [development] is released!
Replies: 180
Views: 65098

Re: v7.0beta8 [development] is released!

Hi mducharme Thank You so much for your response. :D No problem - you might potentially be able to extend that script to pull the MAC for the logged in user by pulling the "Caller ID" for that username, and do a /tool fetch to a php page running on the radius server that could capture the mac addre...
by mducharme
Mon Jul 06, 2020 8:11 pm
Forum: RouterOS v7 BETA
Topic: v7.0beta8 [development] is released!
Replies: 180
Views: 65098

Re: v7.0beta8 [development] is released!


It is Still Not Working Normis.

We are getting only Remote Prefix but Not the Delegated IPv6 Prefix
This is because they only added support for DHCPv6 RADIUS accounting in that version where PPPoE is not used. If PPPoE is used, it is still not supported.
by mducharme
Mon Jul 06, 2020 8:09 pm
Forum: RouterOS v7 BETA
Topic: v7.0beta8 [development] is released!
Replies: 180
Views: 65098

Re: v7.0beta8 [development] is released!

Thank You so much for the reply @mducharme It would be really helpful if you can share the script. Thanks in Advance Schedule this to run every 5 minutes: /ipv6 dhcp-server binding; :foreach i in=[find server~"pppoe"] do={ make-static $i; set $i comment=[get $i server]; set $i server=all; }
by mducharme
Mon Jul 06, 2020 9:19 am
Forum: Announcements
Topic: v6.47 [stable] is released!
Replies: 349
Views: 96660

Re: v6.47 [stable] is released!

My hope. 6.46 - > long term 6.47 - > stable 6.48.. no, no more 6 series 7.01 - > testing +1, although it looks like there will be a 6.48beta b/c they need to have one in order to introduce point releases for 6.47. It is probably not a big deal for them to do this because most of the fixes can be ro...
by mducharme
Wed Jul 01, 2020 2:10 am
Forum: General
Topic: Doubt about PPPoE Local Address
Replies: 16
Views: 3753

Re: Doubt about PPPoE Local Address

Having a problem at a customer of mine, where say for example one of there links drops, with about 100 PPPoE users behind that, the PPPoE AC drops ALL PPPoE users This issue is most likely either caused by the presence of a masquerade rule, or OSPF not set up with a stub area and area range for PPP...
by mducharme
Wed Jul 01, 2020 1:10 am
Forum: General
Topic: Doubt about PPPoE Local Address
Replies: 16
Views: 3753

Re: Doubt about PPPoE Local Address

So my question is, must the local address be " static " configured to a physical / virtual interface? I would not use a dynamic IP for it of course (because how are you going to automatically change it in the PPP Profile if it changes?), so yes it should be a static IP that the router has on any in...
by mducharme
Tue Jun 30, 2020 6:56 am
Forum: RouterOS v7 BETA
Topic: v7.0beta8 [development] is released!
Replies: 180
Views: 65098

Re: v7.0beta8 [development] is released!

Anyone????? What we do is run a script every 5 minutes that converts all DHCPv6 dynamic bindings (leases) to static bindings. We backup the config of our PPPoE concentrator every hour, and keep the backups for a very long time period. So, every customer gets the same prefix lease the next time, and...
by mducharme
Sat Jun 27, 2020 3:59 am
Forum: Beginner Basics
Topic: Clients behind 2nd Mikrotik
Replies: 4
Views: 1040

Re: Clients behind 2nd Mikrotik

My new setup is made of 1x LTE modem connected to HAP AC, from HAP AC cables to 3 HAP AC lite. DHCP is running on HAP AC while HAP AC Lites serve as access points for clients, no separate VLANa, DHCP configured for single subnet. If I'm connected to HAP AC is there a way to check which client is co...
by mducharme
Fri Jun 26, 2020 7:49 am
Forum: General
Topic: Doubt about PPPoE Local Address
Replies: 16
Views: 3753

Re: Doubt about PPPoE Local Address

Thank you very much for your excellent advice. Should the IP address chosen be added to an interface on the router? For example, if I use 10.0.0.1, should I make a bridge called loopback and add that IP to it? You should use an IP address that your router has on some interface, but it doesn't matte...
by mducharme
Fri Jun 26, 2020 2:48 am
Forum: Beginner Basics
Topic: Why "defconf: drop all not coming from LAN" are dropping these packets? [SOLVED]
Replies: 1
Views: 991

Re: Why "defconf: drop all not coming from LAN" are dropping these packets? [SOLVED]

BR-ESXI is part of LAN interface list, so I'm trying to understand why this rule drop packets I do not expect it to drop. What is the better (proper) way of doing this? I'm assuming adding the individual VLANs to the LAN interface list instead of adding the bridge? In your case, adding BR-ESXI to t...
by mducharme
Fri Jun 26, 2020 2:13 am
Forum: General
Topic: ACL firewall problem (missing L2 EtherType)
Replies: 17
Views: 3354

Re: ACL firewall problem (missing L2 EtherType)

It seems there is a bug in ACL b/c I did use the "Tools / PacketSniffer" tool over interfaces=all, but all the mac-protocols it lists are already present in the ACL... Packet Sniffer runs on CPU, not hardware. You will need to temporarily disable hardware acceleration on the port(s) that you wish t...
by mducharme
Thu Jun 25, 2020 10:57 pm
Forum: RouterOS v7 BETA
Topic: Request: Better visibility regarding SLAAC in V7
Replies: 5
Views: 1440

Re: Request: Better visibility regarding SLAAC in V7

Following is my ipv6 routes pic that shows all the routes I am using: ipv6routing.GIF Compare my ipv6 config against yours ...perhaps it may help You are using DHCPv6-PD client, that has always worked fine. I am talking about SLAAC, it is not the same thing. The DHCPv6 client is adding the default ...
by mducharme
Thu Jun 25, 2020 9:25 pm
Forum: RouterOS v7 BETA
Topic: Request: Better visibility regarding SLAAC in V7
Replies: 5
Views: 1440

Re: Request: Better visibility regarding SLAAC in V7

I am not running v7 but I do understand that v7 has the same capabilities as v6.47 ... I use ipv6 SLAAC and my address list does show all my global addresses As Sob says, I meant when the device receives an address via SLAAC, not when it provides one. In my case I have a MikroTik AP in addition to ...
by mducharme
Wed Jun 24, 2020 5:24 am
Forum: RouterOS v7 BETA
Topic: Request: Better visibility regarding SLAAC in V7
Replies: 5
Views: 1440

Request: Better visibility regarding SLAAC in V7

This is still happening in ROS v7: IPV6-slaac-mikrotik.PNG This is not only confusing but is a potential security issue. Since the device can ping ipv6.google.com, this means two things. First, the device has a global IPv6 address that does not appear in the IPv6->Addresses list. Second, the device ...
by mducharme
Sun Jun 21, 2020 2:57 am
Forum: General
Topic: Doubt about PPPoE Local Address
Replies: 16
Views: 3753

Re: Doubt about PPPoE Local Address

1. Could you please give me some reasons or standard/"good" practices to use when setting the Local IP address of the PPPOE profile. I have 8 routers in an ospf ring. 1 core at the main tower and the others are on towers working as edge routers, with pppoe termination of clients happening on each r...
by mducharme
Fri Jun 19, 2020 8:11 pm
Forum: RouterOS v7 BETA
Topic: Upgrade issues
Replies: 3
Views: 1287

Re: Upgrade issues

Any insight as to what went wrong and how to resolve these issues? From my testing, CAPs running 7.0beta8 can be managed by 6.47 CAPsMAN, but not the other way around. In other words, if you are running 7.0beta8 CAPsMAN, any 6.47 CAPs will not function. The config structure is pretty much the same ...
by mducharme
Fri Jun 19, 2020 2:40 pm
Forum: RouterOS v7 BETA
Topic: Feature requests: improve dot1x and others
Replies: 8
Views: 3047

Re: Feature requests: improve dot1x and others

My features wish list:
  • dns: action redirect requests to external DNS (regex or domain filtering)
This is already in RouterOS as of 6.47 (FWD records in IP->DNS->Static).
by mducharme
Wed Jun 17, 2020 11:36 pm
Forum: RouterBOARD hardware
Topic: CRS112-8G-4S-IN - DC input/POE-out questions
Replies: 6
Views: 1033

Re: CRS112-8G-4S-IN - DC input/POE-out questions

Many thanks mkx I have not been able to interact with one of these units, so I am still a little confused. If I interpret your reply correctly, if both the 48 volt supply and the 18 volt supply are simultaneously attached and functioning, the POE outs will ONLY be 48V? If you plug in both 24V and 4...
by mducharme
Sun Jun 14, 2020 11:26 pm
Forum: RouterOS v7 BETA
Topic: IPv6 BGP routes unreachable [SOLVED]
Replies: 4
Views: 1803

Re: IPv6 BGP routes unreachable [SOLVED]

I found this as well. I believe it is caused by the fact that gateway is :: instead of the correct gateway. I have not yet learned why it happens or how to fix it.
by mducharme
Sat Jun 13, 2020 2:38 am
Forum: General
Topic: Pop up notice for specific customers
Replies: 4
Views: 755

Re: Pop up notice for specific customers

You can redirect to the notice, but it has to be http, not https. Browsers have a relatively new feature called "captive portal detection" which is meant to detect if you have such a redirection for http and send the user to the page. They should not get an insecure site warning as long as you aren'...
by mducharme
Tue Jun 09, 2020 8:53 pm
Forum: RouterOS v7 BETA
Topic: ROSv7 documentation/ config guides
Replies: 14
Views: 3629

Re: ROSv7 documentation/ config guides

Passive and authentication parameters are there but not working at te moment, so it will not be a step back. OK, but I'm not just talking about those - I am asking about the "all" option that we have in RouterOS 6. I use this all the time in OSPFv2 and OSPFv3 to make interfaces passive by default. ...
by mducharme
Tue Jun 09, 2020 4:02 am
Forum: RouterOS v7 BETA
Topic: ROSv7 documentation/ config guides
Replies: 14
Views: 3629

Re: ROSv7 documentation/ config guides

Some basic stuff to start with ROSv7 routing config: https://help.mikrotik.com/docs/display/ROS/ROSv7+Basic+Routing+Examples So with OSPF how does this work now? Redistribution used to create external type 5 LSAs, and if you added the network to advertise to the networks list as passive you would g...
by mducharme
Tue Jun 09, 2020 2:39 am
Forum: RouterOS v7 BETA
Topic: RouteOS v7beta8 vs RB4011iGS+5HacQ2HnD-IN
Replies: 2
Views: 1041

Re: RouteOS v7beta8 vs RB4011iGS+5HacQ2HnD-IN

I wonder if you have a faulty device? I have this same device and 6.47 works fine and I was able to upgrade 6.47 to 7.0beta8.
by mducharme
Mon Jun 08, 2020 6:29 am
Forum: RouterOS v7 BETA
Topic: v7.0beta8 [development] is released!
Replies: 180
Views: 65098

Re: v7.0beta8 [development] is released!

my router stopped responding until I have disconnected cable from internet. Thank you for this - I am having the same issue on my smips device (hAP mini). It is running 7.0beta8. I am not using it as a router so I had ether1 connected but it refused to connect via winbox or terminal (ssh/telnet). I...
by mducharme
Mon Jun 08, 2020 4:29 am
Forum: RouterOS v7 BETA
Topic: v7.0beta8 [development] is released!
Replies: 180
Views: 65098

Re: v7.0beta8 [development] is released!

5GHz interface on RB4011 wifi model is not working in 7.0beta8. It is in ap bridge mode. Scan shows nothing, devices do not see the SSID. I have 6.47 on another partition on the same device and rebooting to that makes it work again. The 2.4GHz interface works fine in either. Strangely, my Audience w...
by mducharme
Sun Jun 07, 2020 4:31 am
Forum: General
Topic: IPv6 SLAAC
Replies: 4
Views: 1265

Re: IPv6 SLAAC

Is it possible for a Mikrotik router to receive a public IPv6 IP with SLAAC? Yes - in Winbox, you have to go into IPv6->Settings and change the "Accept Router Advertisements" setting from "Yes, if forwarding disabled" to "Yes". However, it will not show you the address it receives. You have to dete...
by mducharme
Sun Jun 07, 2020 1:24 am
Forum: RouterOS v7 BETA
Topic: ROSv7 documentation/ config guides
Replies: 14
Views: 3629

Re: ROSv7 documentation/ config guides

There is no equivalent. If you did not specify output filter chain in the templae, then all routes from the routing table is being advertised. If you specify output chain then by default chain blocks everything. You need to configure filters to accept prefixes you want to advertise from routing tab...
by mducharme
Sun Jun 07, 2020 12:59 am
Forum: RouterOS v7 BETA
Topic: OSPFv2 over L2TP
Replies: 0
Views: 649

OSPFv2 over L2TP

Hello, I am experiencing an issue with OSPFv2 over L2TP tunnels. I'm not sure if I'm doing something wrong or if it is a bug. It comes up as point-to-point and I receive all routes, but they are all invalid. Looking at the routes, I see the gateway is the PPP interface (which is correct) but immedia...
by mducharme
Fri Jun 05, 2020 7:52 pm
Forum: RouterOS v7 BETA
Topic: ROSv7 documentation/ config guides
Replies: 14
Views: 3629

Re: ROSv7 documentation/ config guides

I have peering up, but I can't seem to figure out how to advertise things. What is the equivalent of v6's "/routing bgp network" on v7?
by mducharme
Fri Jun 05, 2020 2:15 am
Forum: RouterOS v7 BETA
Topic: v7.0beta8 [development] is released!
Replies: 180
Views: 65098

Re: v7.0beta8 [development] is released!

After a clean ros7b8 netinstall on my hAP lite classic I couldn't access it via winbox or putty. Winbox, after logging in and after " something (forgot what) descriptors" phase says "ERROR: cannot open source file". In putty I can login, but after ROS logo there's nothing I can do, I could write an...
by mducharme
Wed Jun 03, 2020 1:11 am
Forum: Forwarding Protocols
Topic: MPLS - Labels dropping after outage
Replies: 6
Views: 1301

Re: MPLS - Labels dropping after outage

I have experienced this multiple times. I logged a ticket with Mikrotik and got the usual "Fixed in v7" answer.
OSPF is completely rewritten in v7 so I would be surprised if this bug still affects v7. There probably will be some all-new bugs to contend with, though (fun fun).
by mducharme
Tue Jun 02, 2020 12:06 am
Forum: Forwarding Protocols
Topic: MPLS - Labels dropping after outage
Replies: 6
Views: 1301

Re: MPLS - Labels dropping after outage

We have this issue not caused by MPLS but by OSPF. Occasionally after an outage, we are missing some OSPF routes for loopbacks. Our VPLS tunnels are between loopbacks of course and so if we are missing a /32 route in either direction it doesn't come up. The OSPF route that is missing always appears ...
by mducharme
Tue May 26, 2020 8:35 pm
Forum: General
Topic: PPPoE and OSPF drops
Replies: 20
Views: 4026

Re: PPPoE and OSPF drops

Thank you. The current firmware is 6.46.6 which is the current latest stable version. Also watching /tool profile when around 10 pppoe sessions are manually disconnected nothing is spiking up very high, total rarely goes over 10% with none of the individual processes going much higher than 3 or 4%....
by mducharme
Tue May 26, 2020 8:09 pm
Forum: Forwarding Protocols
Topic: [Stability] Multiple PPPoE servers (+10) at the same router - Is there any alternatives?
Replies: 3
Views: 1151

Re: [Stability] Multiple PPPoE servers (+10) at the same router - Is there any alternatives?

We use the bridged setup with horizon set. Our PPPoE concentrator has a few special PPPoE servers that need to go to separate RADIUS servers vs. our regular RADIUS servers. As a result each PPPoE server instance needs to have a matching RADIUS server entry with the RADIUS server's Called-ID matching...
by mducharme
Fri May 22, 2020 7:35 pm
Forum: RouterOS v7 BETA
Topic: V7 questions?
Replies: 34
Views: 7789

Re: V7 questions?

One can of course also buy a brand new CSS326 for $139 or a CRS326 for $189 and try to use it with an alternative OS. It would have to be the CRS - the CSS has a much smaller flash that would only admit the comparatively tiny SwOS (2MB instead of 16MB). Even though the CRS *may* work, you are poten...
by mducharme
Fri May 22, 2020 6:19 pm
Forum: RouterOS v7 BETA
Topic: V7 questions?
Replies: 34
Views: 7789

Re: V7 questions?

24 port RJ45 patch panel, for under $30, for example: https://www.ebay.de/itm/19-Patchpanel-Cat-6-250MHz-24-Port-1HE-RJ45-geschirmt-schwarz-1GB-ProfiPatch/252297831908?hash=item3abe1f65e4:g:OvcAAOSwsEteqZ~N Patch panels don't have any electronics at all, they are basically passive pass-thru systems...
by mducharme
Thu May 21, 2020 9:36 pm
Forum: RouterOS v7 BETA
Topic: V7 questions?
Replies: 34
Views: 7789

Re: V7 questions?

@mducharme, it's technically a router with 24+ independent ports. How is this panel with all the ports usually called? I called it simply a "switch panel", but no, it does not need to be a switch. I don't know what you mean by "panel with all the ports". You can buy 4 port PCIe ethernet cards that ...
by mducharme
Thu May 21, 2020 3:44 am
Forum: RouterOS v7 BETA
Topic: V7 questions?
Replies: 34
Views: 7789

Re: V7 questions?

@mducharme, just a switch panel with 24+ GbE ports with PCIe3 x16 interface would do it too: just install the adapter in a PC and connect the panel to that adapter (don't know which type of cabling is used for that), and ready you are: eth0, eth1 ... eth24. But where to find such a switch panel wit...
by mducharme
Tue May 19, 2020 7:47 pm
Forum: RouterOS v7 BETA
Topic: V7 questions?
Replies: 34
Views: 7789

Re: V7 questions?

@mducharme, thanks for your comments, but I already have made my mind up. Outsiders seem to have a hard time to follow my thoughts and requirements. Never mind. Case closed. For one thing you never explained your requirements, they are vague, some "special use-case" and you posted the other thread ...
by mducharme
Tue May 19, 2020 7:29 pm
Forum: RouterOS v7 BETA
Topic: V7 questions?
Replies: 34
Views: 7789

Re: V7 questions?

I already told: I need a central firewall on the switch, not on the router, because of performance reasons, as well to monitor also all the traffic inside the LAN for any possible "anomalies"... "Performance reasons" simply means that your router is not powerful enough and you need a more powerful ...
by mducharme
Tue May 19, 2020 6:54 pm
Forum: RouterOS v7 BETA
Topic: V7 questions?
Replies: 34
Views: 7789

Re: V7 questions?

I need access to Linux for running own code written in C/C++ to implement the low-level part for an own high-performing advanced central firewall on switch devices (not router). Ie. our requirement is a very special use-case, not necessarily a mainline use-case. You have talked about this before, b...
by mducharme
Mon May 18, 2020 8:21 am
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 3328

Re: IPv6 with TunnelBroker: How to create isolated subnets?

Also, please make sure your RouterBOOT firmware is updated in /system routerboard
by mducharme
Mon May 18, 2020 1:03 am
Forum: General
Topic: DHCP offered but never bound
Replies: 3
Views: 1041

Re: DHCP offered but never bound

No one has the clue? The device is not accepting the offer. You may have one way communication (broadcast from the device can reach the DHCP server but the response packet from DHCP server cannot reach the device). It is also possible that the device is ignoring the offer because maybe it has gotte...
by mducharme
Sun May 17, 2020 11:17 pm
Forum: General
Topic: PPPoE and OSPF drops
Replies: 20
Views: 4026

Re: PPPoE and OSPF drops

I will watch the /tool profile and see what I can find out when I drop a few of them. I have to do this in maintenance windows since its service affecting for all OSPF to go down, I will report back with my findings. Thank you. Also make sure your Routerboot firmware is up to date in /system router...
by mducharme
Sun May 17, 2020 10:59 pm
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 3328

Re: IPv6 with TunnelBroker: How to create isolated subnets?

One correction to the above - leave pvid at the default of "1" for any bridge ports where they are supposed to be trunk ports to switches, carrying only tagged vlans. Thank you mducharme that's a lot of information to consume. It will take me a while to get that processed through. Meanwhile, I quic...
by mducharme
Sun May 17, 2020 5:55 am
Forum: RouterOS v7 BETA
Topic: UI/UX On WinBox
Replies: 23
Views: 4318

Re: UI/UX On WinBox

It's not just looks vs. functionality, it's also what exactly you want to have. I would not want to give up Winbox by any means - however: I think there is the possibility for wireless configuration that there may be something in between Winbox (individual advanced settings for everything) and Quic...
by mducharme
Sun May 17, 2020 2:35 am
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 3328

Re: IPv6 with TunnelBroker: How to create isolated subnets?

One correction to the above - leave pvid at the default of "1" for any bridge ports where they are supposed to be trunk ports to switches, carrying only tagged vlans.
by mducharme
Sun May 17, 2020 2:22 am
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 3328

Re: IPv6 with TunnelBroker: How to create isolated subnets?

You might also consider reverting back your ipv6 nd config settings to the default entirely as there is really no issue with using the default settings. Advertisements shouldn't be sent out unless adveritse=yes is enabled for the IPv6 address, so there is not generally a need to control ipv6 nd per ...
by mducharme
Sun May 17, 2020 2:10 am
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 3328

Re: IPv6 with TunnelBroker: How to create isolated subnets?

There's a VLAN 14 that I was trying to use as the replacement for untagged, but it is not being used. One thing I am wondering about is the IGMP snooping. IPv6 uses multicast instead of broadcast for advertisements. I haven't tried using IGMP snooping before (never had a need) so I wasn't sure how ...
by mducharme
Sat May 16, 2020 11:10 pm
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 3328

Re: IPv6 with TunnelBroker: How to create isolated subnets?

So as I could tell, it's either the router or the laptop. I don't exactly think it's the laptop because that would mean either Windows 10 or Intel and Realtek did this wonky thing. I guess I will have to look into VLAN everything? At this point I would do an /export hide-sensitive and paste here, t...
by mducharme
Sat May 16, 2020 8:43 pm
Forum: General
Topic: PPPoE and OSPF drops
Replies: 20
Views: 4026

Re: PPPoE and OSPF drops

Thank you for the reply. We have no masquerade rules only dst nat and src nat. We also have the stub area for the pppoe ips and the passive default as well already. That sounds fine - do have an OSPF area range configured for the PPPoE customers? What does the Profiler show when a few PPPoE custome...
by mducharme
Sat May 16, 2020 1:18 pm
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 3328

Re: IPv6 with TunnelBroker: How to create isolated subnets?

The new style bridge VLAN - I thought about this no default VLAN 1 idea a while ago and tried a bit but messed things up. Is there a good article on implementing this on Mikrotik RouterOS? I was not sure how to handle the edge where VLAN eventually has to be converted to untagged to be compatible w...
by mducharme
Sat May 16, 2020 12:46 pm
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 3328

Re: IPv6 with TunnelBroker: How to create isolated subnets?

I see what you meant now. This will require a bit more effort and I will try to find some time to conduct this test. Yes I do have DHCPv4 servers on both subnets. I actually thought about this and tried to observe - I could find one or two switches on the network grab a VLAN 59 address but they are...
by mducharme
Sat May 16, 2020 11:38 am
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 3328

Re: IPv6 with TunnelBroker: How to create isolated subnets?

I cannot figure out what leaked the broadcast this time. There's nothing on my network even knows a VLAN 59 except the router itself. Unless you have some device that is just removing all VLAN tags from packets that arrive with a tag. Again, I didn't say to remove VLAN 59 from the switches. I said ...
by mducharme
Sat May 16, 2020 2:31 am
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 3328

Re: IPv6 with TunnelBroker: How to create isolated subnets?

I am aware of the issue with mixed tagged and untagged network. I don't think I have anything like that on my network. However, is there a way for me to diagnose this kind of issue, like to isolate where the issue could happen? What I would do temporarily is disconnect your switches from the router...
by mducharme
Sat May 16, 2020 1:58 am
Forum: General
Topic: PPPoE and OSPF drops
Replies: 20
Views: 4026

Re: PPPoE and OSPF drops

Hello I have a strange issue happening on one of our routers. It is a CCR1072-1G-8S+ currently serving ~250 PPPoE connections. The issue is whenever 5 or more PPPoE connections are dropped at the same time the log will fill up with already active closing previous one multiple times over and over. A...
by mducharme
Sat May 16, 2020 1:03 am
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 3328

Re: IPv6 with TunnelBroker: How to create isolated subnets?

I am not aware of switches on the network could do bridging between VLAN and untagged. But I do have a bunch of "smart managed" switches on the network. The VLAN 59 is created by configuring ports on one of the switches to untag VLAN 59 and PVID 59. I am not 100% sure but I don't think that would l...
by mducharme
Fri May 15, 2020 11:31 pm
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 3328

Re: IPv6 with TunnelBroker: How to create isolated subnets?

Here it is: That all looks fine too. Please note that "/interface bridge vlan" doesn't do anything without having Bridge VLAN filtering enabled. You are using old-style bridging/VLAN configuration instead of bridge vlan filtering, so that setting has no impact. Is there some other device like a swi...
by mducharme
Fri May 15, 2020 11:03 pm
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 3328

Re: IPv6 with TunnelBroker: How to create isolated subnets?

Thanks - as that is what I thought but I don't know what I did wrong. So currently my VLAN is done as a VLAN interface attached on the bridge that includes all my LAN interfaces. Something like this: # NAME MTU ARP VLAN-ID INTERFACE 3 R bridge1-lan-vlan0059 1500 enabled 59 bridge1-lan And then this...
by mducharme
Fri May 15, 2020 10:45 pm
Forum: General
Topic: IPv6 with TunnelBroker: How to create isolated subnets?
Replies: 24
Views: 3328

Re: IPv6 with TunnelBroker: How to create isolated subnets?

I notice that before any setup, the computer on the VLAN can actually get IPv6 configuration. I don't think this is right because I tried to attach IPv6 Address only on my main network interface. And when I try to create one set of configuration for my VLAN, I found that both the main network and V...
by mducharme
Fri May 15, 2020 7:53 pm
Forum: General
Topic: Mikrotik DHCP lease time with Ubiquiti and wireless routers
Replies: 16
Views: 2085

Re: Mikrotik DHCP lease time with Ubiquiti and wireless routers

So the Ubnt radio is the problem, or the home router? Should I have the same or different renew times on everything, or does it even matter? Or should I just bridge the Ubnt user radio and let the Mikrotik hand the IP straight to the users router? Lease times shouldn't really matter. If the end use...
by mducharme
Fri May 15, 2020 7:31 pm
Forum: General
Topic: Mikrotik DHCP lease time with Ubiquiti and wireless routers
Replies: 16
Views: 2085

Re: Mikrotik DHCP lease time with Ubiquiti and wireless routers

2 DHCP servers on one bridged network. That will create confilcts! One DHCP server will send NACK to the client for an address leased by the other.. I also see only one IP address pool, so who owns the pool.? From reading above I don't think there are 2 DHCP servers on the same bridged network here...
by mducharme
Fri May 15, 2020 7:17 pm
Forum: General
Topic: Mikrotik DHCP lease time with Ubiquiti and wireless routers
Replies: 16
Views: 2085

Re: Mikrotik DHCP lease time with Ubiquiti and wireless routers

I don't understand how this could be a MikroTik problem either - if the only problem is that the Ubiquiti radio is not giving DHCP leases to the clients on the LAN port, surely that is a Ubiquiti issue and not anything to do with MikroTik?
by mducharme
Thu May 14, 2020 11:19 pm
Forum: Beginner Basics
Topic: IPV6 setup [SOLVED]
Replies: 7
Views: 2004

Re: IPV6 setup [SOLVED]

I guess something is not quite initialized with ND on the 1st run after reset so it needs a slight "kick" to get it running properly. That makes more sense - I have periodically encountered neighbor discovery issues that a reboot fixes. I never traced them to the first boot after reset though, that...
by mducharme
Thu May 14, 2020 1:25 am
Forum: Beginner Basics
Topic: IPV6 setup [SOLVED]
Replies: 7
Views: 2004

Re: IPV6 setup [SOLVED]

It got working fine :-) ping6 to Internet sites works OK from my Client PC. The key was tweaking ND: either disabling interface=all; or disabling all and adding a new on interface=bridge worked OK for me. I followed the following article: https://www.medo64.com/2018/03/setting-ipv6-on-mikrotik/ Onc...
by mducharme
Wed May 13, 2020 4:33 am
Forum: Beginner Basics
Topic: IPV6 setup [SOLVED]
Replies: 7
Views: 2004

Re: IPV6 setup [SOLVED]

Can your MikroTik itself ping to the Internet via IPv6? If it can, try pinging to the Internet from the MikroTik itself with src-address set to the ipv6 address that you have on bridge. If both work, the problem is that the workstation is not properly set up for IPv6 address auto configuration (SLAA...
by mducharme
Wed May 13, 2020 1:56 am
Forum: RouterOS v7 BETA
Topic: List of devices which will run v7?
Replies: 3
Views: 1570

Re: List of devices which will run v7?

You may have to netinstall it - I had trouble getting it on my hAP mini, wouldn't install due to low disk space.
by mducharme
Tue May 12, 2020 10:36 pm
Forum: Beginner Basics
Topic: IPV6 setup [SOLVED]
Replies: 7
Views: 2004

Re: IPV6 setup [SOLVED]

I found several discussions about IPv6 within this forum but still I'm unable to figure out how to properly configure it and make it work.
You need to give your router's bridge interface an IP from the prefix pool:
/ipv6 address
add address=::1 from-pool=my-ipv6-pool-1 interface=bridge
by mducharme
Tue May 12, 2020 5:11 am
Forum: RouterOS v7 BETA
Topic: Question: Multi-thread BGP
Replies: 9
Views: 3429

Re: Question: Multi-thread BGP

I don't fully understand the syntax, but: /routing fantasy add comment=test count=1000 dealer-id=1000 dst-address=12.0.0.0/8 gateway=192.168.88.1 instance-id=1 name=fantasy-test prefix-length=32 \ priv-offs=1000 priv-size=100 seed=mducharme use-hold=no creates 1000 random /32 routes within 12.0.0.0/...
by mducharme
Tue May 12, 2020 3:44 am
Forum: RouterOS v7 BETA
Topic: Question: Multi-thread BGP
Replies: 9
Views: 3429

Re: Question: Multi-thread BGP

Yup, I figured out routing fantasy - that's exactly what it does.
by mducharme
Tue May 12, 2020 3:00 am
Forum: RouterOS v7 BETA
Topic: Question: Multi-thread BGP
Replies: 9
Views: 3429

Re: Question: Multi-thread BGP

It might be possible in v7 right now to use /routing/fantasy to load up a routing table with enough fictitious routes to simulate multiple full BGP tables and then check to see how long it takes to perform operations on those routes. At least I suspect that is what /routing/fantasy is meant for - a ...
by mducharme
Mon May 04, 2020 9:27 pm
Forum: RouterOS v7 BETA
Topic: IPv6 no link local address
Replies: 1
Views: 1131

Re: IPv6 no link local address

I cannot find ipv6 link local address in any ipv6 interface. Rebooting doesn't help too.
Check /ipv6/settings in CLI to see if disable-ipv6 is set to "yes".
by mducharme
Sun May 03, 2020 9:05 pm
Forum: Beginner Basics
Topic: Is there a "use-ip-firewall" setting also for non-bridge setup? [SOLVED]
Replies: 56
Views: 7615

Re: Is there a "use-ip-firewall" setting also for non-bridge setup? [SOLVED]

Thx for the offer. I would be glad to hear about alternatives. My basic requirements for a central firewall on a 24+ port LAN switch: 1) Firewall for incoming traffic to the LAN, for outgoing traffic from the LAN, as well for local traffic inside the LAN. 2) Firewall decision making over all OSI la...
by mducharme
Sun May 03, 2020 4:06 am
Forum: Beginner Basics
Topic: Is there a "use-ip-firewall" setting also for non-bridge setup? [SOLVED]
Replies: 56
Views: 7615

Re: Is there a "use-ip-firewall" setting also for non-bridge setup? [SOLVED]

Oh man, this is a so much complicated and insecure thing that I think a dedicated firewall is the cleanest, securest, and safest solution. But a dedicated firewall with 24x Gigabit ports plus 2x 10G ports I have yet to see :-) --> forget it, I must solve it with this CRS device only... Why do you n...
by mducharme
Sun May 03, 2020 2:01 am
Forum: Beginner Basics
Topic: Is there a "use-ip-firewall" setting also for non-bridge setup? [SOLVED]
Replies: 56
Views: 7615

Re: Is there a "use-ip-firewall" setting also for non-bridge setup? [SOLVED]

@bpwl, thx for the analysis. LAN2 is managed by this switch. Yes, what I want is simply a switch with a firewall on it for centrally configuring/controlling via this central firewall the whole inbound and outbound traffic to and from LAN2. Regarding separating the ether1 WAN port: yes, can be done,...
by mducharme
Tue Apr 28, 2020 11:11 pm
Forum: RouterOS v7 BETA
Topic: IPv6 dhcp finally in v7 ?
Replies: 8
Views: 2212

Re: IPv6 dhcp finally in v7 ?

suppose they are on same LAN segment (dumb switch) so the only routing decision is possible on router itself, based on source address which source address? from 10 temporary address assigned, which one should i use in filtering? and, yes, there is security question. Why should i allow some device w...
by mducharme
Tue Apr 21, 2020 2:50 am
Forum: RouterOS v7 BETA
Topic: Mysterious 564/tcp open port 7.0beta5
Replies: 38
Views: 7133

Re: Mysterious 564/tcp open port 7.0beta5

2000 is the btest server.

are you testing using nmap on the same the same subnet, or traversing another device?

Thx!
Sam
I can reproduce the tcp/564 connection on my own RouterOS 7 device here. I agree with the OP that RouterOS 7 devices do appear to be listening on that port.
by mducharme
Mon Apr 20, 2020 9:48 pm
Forum: RouterOS v7 BETA
Topic: Mysterious 564/tcp open port 7.0beta5
Replies: 38
Views: 7133

Re: Mysterious 564/tcp open port 7.0beta5

Here are a nmap scan of my v7. More and less default configured. As you see 564 is open. What are 2000, 8728 and 8729 used for. 8728 and 8729 are api and api-ssl, so assuming you have those enabled in IP services they should be listening. 2000 is normally Cisco's proprietary VoIP protocol, SCCP, wh...
by mducharme
Sat Apr 04, 2020 7:56 am
Forum: RouterOS v7 BETA
Topic: Feature Request: RFC3021 /31 point-to-point support in v7
Replies: 4
Views: 2355

Re: Feature Request: RFC3021 /31 point-to-point support in v7

I thought I had read somewhere that this was already added in v7? I haven't tested it to see whether or not that is the case.
by mducharme
Mon Mar 30, 2020 5:06 am
Forum: RouterOS v7 BETA
Topic: FEATURE REQUEST: Add Basic Firewall Rule Wizard
Replies: 63
Views: 13108

Re: FEATURE REQUEST: Add Basic Firewall Rule Wizard

One of the biggest complaints that I hear about MikroTik is the interface for things like wireless CPEs. UBNT has a nice interface for wireless configuration, very easy to use - but obviously it is limited in terms of what you can do with the device overall. With MikroTik you can do anything, you ca...
by mducharme
Sat Mar 28, 2020 8:34 pm
Forum: RouterOS v7 BETA
Topic: FEATURE REQUEST: Add Basic Firewall Rule Wizard
Replies: 63
Views: 13108

Re: FEATURE REQUEST: Add Basic Firewall Rule Wizard

For our home users we do customized webfig skins that limit the options shown to them to hide things that they don't care about and might confuse them. The most user friendly way IMO of managing a home MikroTik is with the iOS or Android app. It might make more sense to have such wizards in there fo...
by mducharme
Thu Mar 05, 2020 8:19 pm
Forum: RouterOS v7 BETA
Topic: Who can use ipv6 normally?
Replies: 11
Views: 4652

Re: Who can use ipv6 normally?

The ipv6 firewall itself is all turned off, and the MTU is changed to 1280, so the problem can't be found. Hi, your ISP may somehow be blocking the ICMPv6 from reaching the destination, or possibly your computer is doing something with it. You are connecting over PPPoE - when you connect with the P...
by mducharme
Mon Feb 24, 2020 7:36 pm
Forum: RouterOS v7 BETA
Topic: Who can use ipv6 normally?
Replies: 11
Views: 4652

Re: Who can use ipv6 normally?

This method is very good, win10 did get dns. However, ipv6 is still abnormal. Many websites cannot be opened or are stuck. Using Padavan's ipv6 is normal, and all websites can be opened normally. Can a friend use ros's IPv6 to access the website? Yes, the original issue is not related to DNS at all...
by mducharme
Fri Feb 21, 2020 7:51 pm
Forum: RouterOS v7 BETA
Topic: Who can use ipv6 normally?
Replies: 11
Views: 4652

Re: Who can use ipv6 normally?

Hi, RouterOS can advertise DNS with DHCPv6. You simply need to add a DHCPv6 server onto the subnet and enable the "other configuration" flag in IPv6 ND settings, you don't need an IPv6 pool etc. The windows clients will make a DHCPv6 request to get DNS servers. If Windows 10 receives DNS servers thr...
by mducharme
Tue Jan 28, 2020 9:26 pm
Forum: RouterOS v7 BETA
Topic: Feature Request - Bound Radius-Server to PPPoE-Server
Replies: 2
Views: 1845

Re: Feature Request - Bound Radius-Server to PPPoE-Server

What are you talking about? This feature has already been in RouterOS for a long time.
by mducharme
Tue Jan 14, 2020 11:46 pm
Forum: Forwarding Protocols
Topic: VPLS traffic shaping
Replies: 14
Views: 2723

Re: VPLS traffic shaping

My vpls and vlan interface are bridge. So If I use vlan interface, could it be a solution for that? Yes - the only confusing thing is it will be the other way around, so you would control the download rate at the near side and the upload rate at the far side (instead of vice versa). The only other ...
by mducharme
Mon Jan 13, 2020 8:50 pm
Forum: General
Topic: VLANs setup (the new way)
Replies: 24
Views: 5103

Re: VLANs setup (the new way)

@mducharme - so you're suggesting: <removed> I had picked up the untagged= in regards to setting the egress VLAN for access ports when reading the various posts/tutorials hence why I'd explicitly defined. Yes, the new config is exactly what I am suggesting. IMO, the only place you would want to set...
by mducharme
Sat Jan 11, 2020 1:04 am
Forum: Forwarding Protocols
Topic: VPLS traffic shaping
Replies: 14
Views: 2723

Re: VPLS traffic shaping

Queue type shouldn't matter very much. RED tends to give best latency, so you might want to use that queue type. You can reconfigure default-small to use red or make a new queue type called "red" that uses red. Default bucket size is fine, but if you need to be more strict with the shaping (i.e. rea...
by mducharme
Fri Jan 10, 2020 9:09 pm
Forum: General
Topic: VLANs setup (the new way)
Replies: 24
Views: 5103

Re: VLANs setup (the new way)

I would actually discourage setting "untagged=etherx" for any /interface bridge vlan - leave it unset, and set the correct PVID for the etherx port in /interface bridge port and that etherx port will also be added dynamically as an untagged port for that /interface bridge vlan without you needing to...
by mducharme
Fri Jan 10, 2020 7:07 pm
Forum: Beginner Basics
Topic: Mikrotik and GNS3 with QoS
Replies: 5
Views: 1418

Re: Mikrotik and GNS3 with QoS

Testing with GNS3 in this case is not helpful, since creating queue trees on the switches will not be suitable for this type of setup - queue trees will require that you disable hardware switching on those switches, and then they can only handle around 100Mbps total which is probably not enough (now...
by mducharme
Fri Jan 10, 2020 6:27 pm
Forum: RouterOS v7 BETA
Topic: ipv6 disable on 7b4
Replies: 7
Views: 3279

Re: ipv6 disable on 7b4

If you reset the router to factory defaults (or if the router is new out of the box), it will have IPv6 firewall rules by default and therefore will be secure already. Although the option is there, there should be no need to disable IPv6 entirely as a result. The only reason I can see for this optio...
by mducharme
Fri Jan 10, 2020 6:16 pm
Forum: Forwarding Protocols
Topic: VPLS traffic shaping
Replies: 14
Views: 2723

Re: VPLS traffic shaping

Will try :) Thanks!
I was actually replying to networkmonkey - I'm afraid I don't know anything about Huawei equipment, never used it, so I have no idea what you want to do.
by mducharme
Fri Jan 10, 2020 4:11 pm
Forum: Forwarding Protocols
Topic: VPLS traffic shaping
Replies: 14
Views: 2723

Re: VPLS traffic shaping

Create a queue tree with parent set to the VPLS interface with the limit you want, matching packets with "no-mark". You will need to do this on the routers on both ends of the tunnel, because it does this limit only on egress traffic.
by mducharme
Thu Jan 09, 2020 6:28 am
Forum: General
Topic: DHCP + RADIUS - renew does not check RADIUS
Replies: 11
Views: 3281

Re: DHCP + RADIUS - renew does not check RADIUS

I'm not seeing any RADIUS auth requests/responses for renewals of existing leases at the Mikrotik. Your RADIUS server will have send a Session-Timeout value in the initial Access-Accept. If the renewal time for a new lease exceeds the remaining session time in the original Session-Timeout RADIUS at...
by mducharme
Thu Dec 19, 2019 7:48 am
Forum: Announcements
Topic: v6.47beta [testing] is released!
Replies: 269
Views: 125665

Re: v6.47beta [testing] is released!

I am curious - how many more 6.4x versions are expected given that 7 is now in beta? Is 6.47 or 6.48 possibly the last RouterOS 6.x? Or will there be a longer period of overlap while 7.x is released and 6.x is still being developed?
by mducharme
Thu Dec 12, 2019 8:04 pm
Forum: General
Topic: DHCPv6 op 79 - Client Link-Layer Address Option
Replies: 6
Views: 1551

Re: DHCPv6 op 79 - Client Link-Layer Address Option

That's only for DHCPv6 Relay, which is not helpful at all for most people. I just want to make DHCPv6 reservations based on link-layer adress. Also it's only RouterOS 7, which is beta, and it's not for my platform (powerpc, RB1100AHx2). It is available for powerpc since beta 3, but I wouldn't recom...
by mducharme
Wed Dec 11, 2019 9:24 pm
Forum: General
Topic: DHCPv6 op 79 - Client Link-Layer Address Option
Replies: 6
Views: 1551

Re: DHCPv6 op 79 - Client Link-Layer Address Option

Still waiting for RFC 6939. Without this, IPv6 is unmanageable in RouterOS. Some client/home-users routers are in a very broken state and they somehow re-generate their DUID all the time, causing /56 pool to be exhausted in 1 hour or less. Did you not see? I believe they have just added it: https:/...
by mducharme
Sat Nov 30, 2019 8:07 am
Forum: RouterOS v7 BETA
Topic: Bricked and no longer working [SOLVED]
Replies: 1
Views: 3538

Re: Bricked and no longer working [SOLVED]

Check to make sure that you didn't upgrade the bootloader firmware to 7.0 (under System->Routerboard, "Current Firmware"). Netinstall should have replaced the bootloader firmware too, but not a bad idea to double check. You can also go into "Settings" in the same menu to check that your boot device ...
by mducharme
Wed Nov 27, 2019 5:36 am
Forum: RouterOS v7 BETA
Topic: CRS3xx MC-LAG in RouterOS 7
Replies: 19
Views: 5974

Re: CRS3xx MC-LAG in RouterOS 7

I agree with all of this again, but I would rather than ROS 7 be stabilized first instead of them introducing too many new features right away. The new kernel and rewritten OSPF/BGP are big changes already. I think it is smart for MikroTik to focus on feature parity with ROS 6 when it comes to the i...
by mducharme
Mon Nov 18, 2019 8:39 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 9471

Re: IPv6 PPPoE and DHCP issue

I Have network as you said with one vlan. What is the role of those routers? I see BGP 7606 and LAN Gateway 7606 and CCR 1036. What are they supposed to be doing? It is highly unusual to use the same VLAN on both the public side and the private side of those two routers (LAN gateway 7606 and CCR 10...
by mducharme
Sat Nov 16, 2019 9:54 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 9471

Re: IPv6 PPPoE and DHCP issue

I have seen that with many tries that are resolves on IPv4 every time.( why it was solving IPv6 IP) When i do with "2606:4700:4700::1111" with this DNS it is going to resolve but sometimes getting request timed out issue. When i did with 2001:4860:4860::8888,2001:4860:4860::8844 DNS it is getting h...
by mducharme
Sat Nov 16, 2019 10:41 am
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 9471

Re: IPv6 PPPoE and DHCP issue

I got as like below image
resolver.PNG
Are you sure three tries is enough to properly test it? When I see your screenshots above, I see that you had problems resolving facebook on the fourth try but the first three were OK. But you are sure the CCR is OK after three tries?
by mducharme
Sat Nov 16, 2019 9:59 am
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 9471

Re: IPv6 PPPoE and DHCP issue

Is there any option on CCR for NSLookup?
Yes I told you in the last post:
put [:resolve facebook.com server=2001:4860:4860::8844]
by mducharme
Fri Nov 15, 2019 7:30 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 9471

Re: IPv6 PPPoE and DHCP issue

I can strongly say that there is no packet drop issue when doing DNS resolver or while browsing.( i have not seen any packet drop for any websites) Im getting ping google and google DNS with =16 ms, Facebook with =24ms. What you really should do is test that same DNS server from different points on...
by mducharme
Fri Nov 15, 2019 12:38 am
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 9471

Re: IPv6 PPPoE and DHCP issue

While you are doing your resolver tests, try running a continuous ping (ping -t) from the same computer to the Google DNS IP: 2001:4860:4860::8844

That way you can see if you have general packet loss with IPv6.
by mducharme
Thu Nov 14, 2019 8:58 am
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 9471

Re: IPv6 PPPoE and DHCP issue

After all this setup's i have got new issue with DNS resolver. Getting slow browing and some websites are not resolving with IPv6 DNS. Hard to say what your problem is. Slow browsing can have many different causes. IPv6 DNS servers should resolve the same websites as IPv4. I really doubt that any p...
by mducharme
Mon Nov 11, 2019 4:25 am
Forum: General
Topic: RB2011UiAS-2HnD-IN and Spectrum Cable Ultra (400Mbps)
Replies: 26
Views: 3769

Re: RB2011UiAS-2HnD-IN and Spectrum Cable Ultra (400Mbps)

personally I find test result for "Routing 25 ip filter rules using 512 byte packets" the best representing real-life performance of devices I'm using. +1 on this - when spec'ing a device, always look for the "Routing, 25 ip filter rules, 512 bytes" spec. Your maximum download speed will be approxi...
by mducharme
Sun Nov 10, 2019 10:35 pm
Forum: General
Topic: IRC channel on freenode
Replies: 1
Views: 648

Re: IRC channel on freenode

The channel does not require invite, you just need to be registered at Freenode.

See: https://www.wikihow.com/Register-a-Nickname-on-Freenode
by mducharme
Sun Nov 10, 2019 10:28 pm
Forum: Beginner Basics
Topic: PPPoE for 1Gbps clients
Replies: 2
Views: 991

Re: PPPoE for 1Gbps clients

Your throughput may be impacted by out of order packets due to fragmentation. If you have at least 1508 layer 2 MTU between your clients and the server, you can change MTU and MRU to 1500 on both sides. Then PPPoE should not theoretically be any more overhead than simply adding a VLAN tag and I woul...
by mducharme
Sun Nov 10, 2019 8:29 am
Forum: Announcements
Topic: v6.44.6 [long-term] is released!
Replies: 54
Views: 47665

Re: v6.44.6 [long-term] is released!

We just found that the OSPFv3 changes in 6.44.6 appear to cause problems with neighbor with Cisco switch with IPv6 (C3560 Software (C3560-IPSERVICESK9-M), Version 15.0(2)SE11, RELEASE SOFTWARE (fc3)). Downgrading to 6.44.5 resolves it. Careful if your router needs OSPFv3 neighbour with Cisco devices.
by mducharme
Sun Nov 10, 2019 5:29 am
Forum: Beginner Basics
Topic: Remove DNS IP from DHCP lease for one PC
Replies: 17
Views: 2525

Re: Remove DNS IP from DHCP lease for one PC

Yes but how will you define that inside the static lease? You can only select the DHCP server to use...! You don't have to change anything inside the static lease. Simply "make static" and don't bother changing anything in the lease and add the network under DHCP Server->Networks and it will work. ...
by mducharme
Sun Nov 10, 2019 1:34 am
Forum: Beginner Basics
Topic: Remove DNS IP from DHCP lease for one PC
Replies: 17
Views: 2525

Re: Remove DNS IP from DHCP lease for one PC

The easiest way to handle this is to give the computer in question a static lease and then create a separate DHCP network for that computer, as shown below: /ip dhcp-server network #this will be used by all computers except 192.168.88.229 add address=192.168.88.0/24 comment=defconf dns-server=192.16...
by mducharme
Sat Nov 09, 2019 10:15 pm
Forum: RouterOS v7 BETA
Topic: Poll: who wants to have a better /export ?
Replies: 17
Views: 4872

Re: Poll: who wants to have a better /export ?

Now for the import process, I´d love to see an option for error-handling, ideally per config section. Like on-error=log-and-proceed, stop-import, skip-section-import, replace-section log-and-proceed: Log the error occured but go ahead with subsequent config import. stop-import: stop the whole confi...
by mducharme
Fri Nov 08, 2019 5:02 am
Forum: RouterOS v7 BETA
Topic: Memory leak on SMIPS
Replies: 0
Views: 2029

Memory leak on SMIPS

I am running ROS 7 beta 3 on a hAP mini for testing and am experiencing a memory leak. It is basically the default configuration but with firewall rules removed, OSPFv2 and OSPFv3 neighbor relationships established with my ROS 6.45.7 device, and DHCPv6 PD client grabbing a prefix from my main ROS 6....
by mducharme
Wed Nov 06, 2019 9:13 pm
Forum: RouterOS v7 BETA
Topic: OpenVPN Bad decompression
Replies: 5
Views: 3328

Re: OpenVPN Bad decompression

Any clue why the LZO compression is still not supported?
I don't think people have requested it, at least not nearly as many as who wanted UDP support.
by mducharme
Wed Nov 06, 2019 8:50 pm
Forum: Announcements
Topic: v6.46beta [testing] is released!
Replies: 150
Views: 76756

Re: v6.46beta [testing] is released!

Hi Mikrotik Team, Please add the following features in upcomming release: 1. Walled garden or some filtering service to limit the invalid PPPOE request hits.--> To filter Unnecessary Hits or Request from unauthenticated PPPOE Clients. 2. IPv6 Accounting for radius. --> Most important and expected b...
by mducharme
Wed Nov 06, 2019 3:50 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 9471

Re: IPv6 PPPoE and DHCP issue

On DHCP im using direct PC's only.
This answer makes no sense. Do you mean you are only using PCs on that VLAN? I don’t know what you mean by “on DHCP”.

Are you sure those PCs are not getting global IPV6 addresses and only link local?
by mducharme
Wed Nov 06, 2019 3:41 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 9471

Re: IPv6 PPPoE and DHCP issue

This what i did in the IPv6->ND
You’ll need to also check “other configuration” box if you want Windows to get DNS server addresses from DHCPV6 server on MikroTik. If they don’t get DNS v6 after that then you have not added DHCPv6 server for that specific network.
by mducharme
Wed Nov 06, 2019 3:31 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 9471

Re: IPv6 PPPoE and DHCP issue

I have getting Valid IPv6 IP and getting Fe80::... gateway, But not able to get IPv6 DNS,
Have you added DHCPV6 server on that vlan? What neighbor discovery settings are configured on the mikrotik under ipv6-> ND?
by mducharme
Wed Nov 06, 2019 3:25 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 9471

Re: IPv6 PPPoE and DHCP issue

When i go to IPv6>addresses i have seen many of the clients are showing with FE80::.. link local ip for PPPoE clients ID's and For all vlan's. That is normal. Also going to Neighbors list i have observed that for 1 mac i'm getting public IP also link local IP But some clients are only getting Link ...
by mducharme
Wed Nov 06, 2019 10:44 am
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 9471

Re: IPv6 PPPoE and DHCP issue

Based on the diagram your Wi-Fi computer shouldn’t see the Cisco RAs at all unless the Mikrotik is bridging the Huawei to the Cisco BGP. If it is doing that on purpose, why? It is a bit strange to bridge an upstream interface to a downstream one in what looks like a fully routed network. Obviously r...
by mducharme
Wed Nov 06, 2019 8:44 am
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 9471

Re: IPv6 PPPoE and DHCP issue

You will have to disable router advertisements on Cisco if it is meant to use RB as IPv6 gateway. Quick googling returns also this page which seems promising. Yes if the MikroTik is supposed to be the IPv6 gateway for that network, you should run the following on the Cisco to disable RA (Router Adv...
by mducharme
Wed Nov 06, 2019 8:35 am
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 9471

Re: IPv6 PPPoE and DHCP issue

in the second (wifi) image it was connected on my local network which is used by cisco and huawei in the middle ware for local offices. So in the second (wifi) image what is the default gateway supposed to be? Is it supposed to be the cisco one (with MAC 00:15:FA:E1:37:80)? Or is it supposed to be ...
by mducharme
Tue Nov 05, 2019 4:50 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 9471

Re: IPv6 PPPoE and DHCP issue

I have seen that from direct router ether port i have got 1 Gateway with fe80:..... like below with no DNS. lan.JPG Coming to my local network it was showing 2 Gateways and no DNS like below. wifi.JPG Can you explain what those two screenshots are showing? Are they behind two different routers and ...
by mducharme
Tue Nov 05, 2019 4:40 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 9471

Re: IPv6 PPPoE and DHCP issue

I have an a doubt on IPv6 gateway is this will come to our clients on dhcp or not? Unlike IPv4, IPv6 cannot send default gateway through DHCP. It is sent by RA (Router Advertisement) packets, which is a part of the ICMPv6 protocol, also used for pinging. IPv6 DNS server addresses can be provided by...
by mducharme
Tue Nov 05, 2019 4:34 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 9471

Re: IPv6 PPPoE and DHCP issue

I'm using cisco, Huawei switches on my network, I have not enabled IPv6 in any switches. I have gateway with cisco 7606. local pop switches are Cisco 3750,Cisco SG300, SF300, SG300 POE, Huawei S5701 Well there is some Cisco device advertising that it is an IPv6 router on VLAN 100. This is from your...
by mducharme
Tue Nov 05, 2019 9:38 am
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 9471

Re: IPv6 PPPoE and DHCP issue

Well, 19/20 is still green, isn't it? Plus, if usual residental user gets 19/19, what should non-usual user with PTR record get, 20/19? Except 19/20 makes it seem to the average user that something isn't working. Whereas they can have completely working IPv6 with completely valid setup and get 19/2...
by mducharme
Mon Nov 04, 2019 11:47 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 9471

Re: IPv6 PPPoE and DHCP issue

I'm getting 20/20 ... what am I doing wrong? :wink: The only way you get 20/20 is if you have a PTR record for your computer's IPv6 address. This won't be the case for just about any home customer. The current recommendation is to not create PTR for residential hosts for IPv6, and so it shouldn't g...
by mducharme
Mon Nov 04, 2019 11:26 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 9471

Re: IPv6 PPPoE and DHCP issue

Just to be completely clear, the IPv6 test will give a score of 19/20 for virtually everybody. Hostname will be "None" for the vast majority of IPv6 end users now and into the future. They shouldn't be counting it in their score at all - right now they deduct one mark out of 20 (giving 19 instead). ...
by mducharme
Mon Nov 04, 2019 4:26 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 9471

Re: IPv6 PPPoE and DHCP issue

That also looks fine. I assume you have that set up for customers who are NOT on pppoe. That is the normal way you would do that. The device appearing as the second default gateway on that network is some kind of Cisco device, based on the MAC address. I’m just not sure why the Cisco device is sendi...
by mducharme
Mon Nov 04, 2019 12:02 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 9471

Re: IPv6 PPPoE and DHCP issue

Yes, that looks fine. 19/20 is normal. No need for the PTR (hostname).
by mducharme
Mon Nov 04, 2019 3:08 am
Forum: Beginner Basics
Topic: IPv6 how to use it right
Replies: 68
Views: 10200

Re: IPv6 how to use it right

That issue got TP-LINK routers DUID new each time ...

I've disable DHCPv6 becouse of that ...
Can’t you just replace the TPlink devices? Or upgrade them to fix it? Disabling DHCPV6 is not a good solution, IPV6 with manual config is too much work.
by mducharme
Mon Nov 04, 2019 1:15 am
Forum: Wireless Networking
Topic: Bandwidth Limit from RADIUS doesn't apply
Replies: 2
Views: 1133

Re: Bandwidth Limit from RADIUS doesn't apply

What specific RADIUS attributes did you use?
by mducharme
Mon Nov 04, 2019 12:21 am
Forum: SwOS
Topic: v6.45.7 SFP+ speed and package issues [SOLVED]
Replies: 18
Views: 7314

Re: v6.45.7 SFP+ speed and package issues [SOLVED]

CCRs is connected via the SFP + port connected to the CRS SFP + port 1 as configured as a Lan bridge. And all their Network equipment connects off of the 10-gig switch through SFP + ports. We have multiple aoc's and dacs test results don't vary depending on what we use both come back the same resul...
by mducharme
Mon Nov 04, 2019 12:04 am
Forum: SwOS
Topic: v6.45.7 SFP+ speed and package issues [SOLVED]
Replies: 18
Views: 7314

Re: v6.45.7 SFP+ speed and package issues [SOLVED]

All MiktoTik equipment we are using has v6.45.7 as the OS and the Boards firmware updated and we tested with 6.44.6 and 7.0B3 all came back with the same results and same issues. Also all equipment was factor reset with minimum changes to make the network usable. That said tomorrow we will test wit...
by mducharme
Sun Nov 03, 2019 10:07 pm
Forum: Beginner Basics
Topic: IPv6 how to use it right
Replies: 68
Views: 10200

Re: IPv6 how to use it right

that what is going on if DHCPv6 SERVER ENABLED dhcpv6.png new prefix each 30-60 sec That appears to be a Ubiquiti bug or wrong setting, it is generating a new DUID each time it requests a prefix. The info field shows the DUID. The DUID is supposed to be fixed for a given router and never change. Yo...
by mducharme
Sun Nov 03, 2019 9:27 pm
Forum: Beginner Basics
Topic: IPv6 how to use it right
Replies: 68
Views: 10200

Re: IPv6 how to use it right

Yes it get link local gateway but ... (look at my routetabels posted above) problem that there is no route to global adress that users get at LAN behind router ... and no internet at all ... This suggests your DHCPv6 prefix delegation server is not working. It is the role of DHCPv6 prefix delegatio...
by mducharme
Sun Nov 03, 2019 9:22 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 9471

Re: IPv6 PPPoE and DHCP issue

When i connect PC i have got Only IP of IPv6 all other came with IPv4 as below . from router.PNG Is this working fine or i have to do anything else. Your MikroTik config is fine now. The computer is not getting DNS but that is the D-Link's fault, something is wrong on the D-Link. Either the D-Link ...
by mducharme
Sun Nov 03, 2019 7:15 am
Forum: SwOS
Topic: v6.45.7 SFP+ speed and package issues [SOLVED]
Replies: 18
Views: 7314

Re: v6.45.7 SFP+ speed and package issues [SOLVED]

So first thing, make sure your firmware is upgraded, not only the RouterOS version, otherwise you may be troubleshooting phantom bugs that should have been fixed. Second if everything is updated is to unplug the switch from everything and do port to port speed tests with only two computers plugged i...
by mducharme
Sun Nov 03, 2019 7:03 am
Forum: SwOS
Topic: v6.45.7 SFP+ speed and package issues [SOLVED]
Replies: 18
Views: 7314

Re: v6.45.7 SFP+ speed and package issues [SOLVED]

Also I hope that you are updating your firmware too, not only the RouterOS version. If you are only updating RouterOS you might be behind on the firmware updates.
by mducharme
Sun Nov 03, 2019 6:59 am
Forum: SwOS
Topic: v6.45.7 SFP+ speed and package issues [SOLVED]
Replies: 18
Views: 7314

Re: v6.45.7 SFP+ speed and package issues [SOLVED]

I see you are just using the default exactly pretty much. But this switch is connected to a router, yes? What about the router config? To test the switch properly you should be doing testing without going through a router - do a speed test between two computers going through the switch with iperf3. ...
by mducharme
Sun Nov 03, 2019 6:48 am
Forum: SwOS
Topic: v6.45.7 SFP+ speed and package issues [SOLVED]
Replies: 18
Views: 7314

Re: v6.45.7 SFP+ speed and package issues [SOLVED]

Share your configs please, /export hide-sensitive

Also this shouldn't be in the SwOS forum since I imagine you are running RouterOS and not SwOS?
by mducharme
Sun Nov 03, 2019 12:37 am
Forum: General
Topic: L2TP server works for Mac, iPhone, not Windows 10 [SOLVED]
Replies: 11
Views: 3201

Re: L2TP server works for Mac, iPhone, not Windows 10 [SOLVED]

I don't know if this is helpful to you, but these are my profile and proposal settings and they work with L2TP windows 10 clients.
proposal.PNG
ipsec-profile.PNG
by mducharme
Sun Nov 03, 2019 12:27 am
Forum: Beginner Basics
Topic: IPv6 how to use it right
Replies: 68
Views: 10200

Re: IPv6 how to use it right

I have a question how to cast default route gateway to client if i didnt put static gateway it trying to use link local adress of mikrotik router of that interface and didnt get router to internet ( ... how to cast global ipv6 adress of Mikrotik from that interface ... I don't understand what you m...
by mducharme
Sat Nov 02, 2019 10:15 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 9471

Re: IPv6 PPPoE and DHCP issue

Thank you very much there in my devices it was "Yes" now i have changed it to "NO". I have got DNS in PPPoe Dial up in Dlink Router. Kindly give me solution for Gateway also in PPPoE. Sorry, what is the problem with the gateway exactly? The device should simply use the PPPoE interface as the IPv6 g...
by mducharme
Sat Nov 02, 2019 7:09 am
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 9471

Re: IPv6 PPPoE and DHCP issue

I have tried to check all vlans disable and enable but dns is still same and why gateway is also not coming ? So the only thing I can think of is that you are getting DNS through RA packets. On your CCR, go into IPv6->Settings and make sure that "Accept Router Advertisements" is set to "no". RAs.PNG
by mducharme
Fri Nov 01, 2019 9:21 pm
Forum: Wireless Networking
Topic: Mikrotik RBLHGG-60adkit vs AirFiber AF-24
Replies: 2
Views: 2111

Re: Mikrotik RBLHGG-60adkit vs AirFiber AF-24

The big difference is going to be distance - you can go 13km with the AF24, but only about a kilometer with the 60's. I believe there are only like one or two channels available with the 24's so if they intend to use all of those in the same place they might run into interference issues. 60ghz has 5...
by mducharme
Fri Nov 01, 2019 6:49 pm
Forum: General
Topic: SSTP & IPv6
Replies: 21
Views: 6570

Re: SSTP & IPv6

You can also run regular IPsec or IKEv2 over IPv6.
by mducharme
Thu Oct 31, 2019 4:03 pm
Forum: Forwarding Protocols
Topic: manipulate ospf equal cost multi-path
Replies: 3
Views: 2331

Re: manipulate ospf equal cost multi-path

Set up two VLANs, one from B1 to C1 and another from B2 to C1. Then you can add the two VLAN interfaces as OSPF interfaces and override the cost on one to make it use the other except on failure.
by mducharme
Thu Oct 31, 2019 3:34 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 9471

Re: IPv6 PPPoE and DHCP issue

I'm using mikrotik as a server and there is no mikrotik clients in my end, Here all are Dlink, TP Link, Neatgear,etc,,,,. Home router are in PPPoE for my customers. I have using Mobile phone and windows PC's and apple mac's on DHCP for my office clients purpose. In both i have receiving the IP only...
by mducharme
Thu Oct 31, 2019 3:27 am
Forum: RouterOS v7 BETA
Topic: IP6 address from pool bug fixed?
Replies: 12
Views: 3750

Re: IP6 address from pool bug fixed?

However they're partially unrelated and can be fixed independently. Flexible address-from-pool selection doesn't have much to do with DHCPv6 server (and I, as an annoying home user, don't care about those problems at all :wink:). Not necessarily, since the problem here is that if a pool can contain...
by mducharme
Thu Oct 31, 2019 1:10 am
Forum: Wireless Networking
Topic: WAP 60G 360 Config and Operation
Replies: 20
Views: 5360

Re: WAP 60G 360 Config and Operation

Has anyone tried some sort of shielding for these AP's yet?

Seems like with 60GHz it would be more effectively shielded given the beam width?
I wonder if this might work?

https://www.eurodk.com/en/products/mikr ... ise-shield
by mducharme
Thu Oct 31, 2019 12:53 am
Forum: RouterOS v7 BETA
Topic: Beta 3 TR069 client?
Replies: 0
Views: 2327

Beta 3 TR069 client?

Hello,

Where is the TR069 client for beta 3? it was available for beta 2, for ARM at least.

I tried to download it from the expected location: https://download.mikrotik.com/routeros/ ... a3-arm.npk

However, it was not there.
by mducharme
Thu Oct 31, 2019 12:08 am
Forum: Wireless Networking
Topic: WAP 60G 360 Config and Operation
Replies: 20
Views: 5360

Re: WAP 60G 360 Config and Operation

It is not a functionality of a specific product... It is a feature of the RouterOS in the Wireless facility... I don't see why it won't work if its either 2.4GHz, 5GHz or 60 GHz... 60GHz has a separate wireless tab called "W60G", it is not the same "Wireless" tab as all other frequencies. The optio...
by mducharme
Wed Oct 30, 2019 9:18 pm
Forum: RouterOS v7 BETA
Topic: IP6 address from pool bug fixed?
Replies: 12
Views: 3750

Re: IP6 address from pool bug fixed?

I agree, your method works. And that way it is possible to use up all prefixes. However, you don't have any control over which /64 will get used on particular interface. But I want to have that control and mentioned bug prevents me from having that control. It isn't a bug though - they never design...
by mducharme
Wed Oct 30, 2019 8:28 pm
Forum: RouterOS v7 BETA
Topic: IP6 address from pool bug fixed?
Replies: 12
Views: 3750

Re: IP6 address from pool bug fixed?

I think you may have a misunderstanding here. When you set "Pool Prefix Length" in the DHCPv6 client, it configures how the prefix given by the ISP should be divided up in your router, not what you are requesting. In other words, if the ISP gives you a /56 and you set "Pool Prefix Length" to 56, you...
by mducharme
Wed Oct 30, 2019 7:35 pm
Forum: Beginner Basics
Topic: IPv6 how to use it right
Replies: 68
Views: 10200

Re: IPv6 how to use it right

I do this with MikroTik routers but unfortunately there are many problems with off-the-shelf routers with IPv6 DHCP - here are two very common IPv6 problems that affect most routers (including TP-Link): 1. Inability for the router to handle receiving a prefix, but not an address, from IPv6 DHCP. Mik...
by mducharme
Wed Oct 30, 2019 7:05 pm
Forum: General
Topic: Graphing in WebFig not able to measure above 2Gbps
Replies: 5
Views: 1095

Re: Graphing in WebFig not able to measure above 2Gbps

Good catch! Is it a bug then? :-) I would say so, yes. Once your rate exceeds 2,147,483,647bps it seems to be doing a wraparound with -2.1Gbps as the starting point. It is a similar problem to SNMPv1 counter overflow. You can see the strange zig-zag pattern once you hit 2.1Gbps, the low "zags" ever...
by mducharme
Wed Oct 30, 2019 6:58 pm
Forum: General
Topic: Graphing in WebFig not able to measure above 2Gbps
Replies: 5
Views: 1095

Re: Graphing in WebFig not able to measure above 2Gbps

It is probably storing the rate as a long (signed 32-bit) integer, which can only exist within the range [−2,147,483,647, +2,147,483,647]
by mducharme
Wed Oct 30, 2019 6:47 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 9471

Re: IPv6 PPPoE and DHCP issue

Your CCR shows fe80::1 as a dynamic DNS server. It looks like it might be handing that down to the D-Link client device, which will not work. Your CCR router is probably configured to pull that from an upstream device. You may have to switch that off, for instance by disabling "Use Peer DNS" in DHCP...
by mducharme
Wed Oct 30, 2019 6:31 pm
Forum: RouterOS v7 BETA
Topic: IP6 address from pool bug fixed?
Replies: 12
Views: 3750

Re: IP6 address from pool bug fixed?

It shouldn't be true that this prevents other /64's from being used. I get a /56 from a pool and do this successfully right now, except I don't use your syntax, which would be invalid for my configuration. What do you have set as the "Pool Prefix Length" in your DHCPv6 client - is it set to 64 or 56?
by mducharme
Sun Oct 27, 2019 10:29 pm
Forum: Forwarding Protocols
Topic: OSPF ignoring Priority?
Replies: 5
Views: 2749

Re: OSPF ignoring Priority?

Apologies, made a typo in my previous post. The BDR is set as 1 and DR set as 255. Surely restart of just one device of these that formed adjacency should be enough to start election process. Else if the DR goes down and comes back up again, it will stay BDR? I am pretty sure standard OSPF behavior...
by mducharme
Sun Oct 27, 2019 5:08 am
Forum: Forwarding Protocols
Topic: OSPF ignoring Priority?
Replies: 5
Views: 2749

Re: OSPF ignoring Priority?

You restarted the device currently acting as the DR?

I'm not sure whether a brief outage of the DR will result in a re-election. It may require an outage of both the DR and BDR to trigger a re-election.
by mducharme
Sun Oct 27, 2019 3:16 am
Forum: Forwarding Protocols
Topic: OSPF ignoring Priority?
Replies: 5
Views: 2749

Re: OSPF ignoring Priority?

Have you logged into the device that is elected as the DR and verified that it is set for 1 and not 255 as the priority?

Note: If the election is already done, adding a new router with 255 is not going to automatically trigger a new election (at least not in my experience).
by mducharme
Sun Oct 27, 2019 3:15 am
Forum: RouterOS v7 BETA
Topic: Feature Request: IPv6 firewall mangle "set priority" action
Replies: 1
Views: 2625

Feature Request: IPv6 firewall mangle "set priority" action

I understand that previously there were some challenges preventing implementation of "set priority" in IPv6 firewall mangle. However now that IPv6 is part of the base product in ROS 7 I would hope that you can add support for "set priority" to the IPv6 firewall mangle. Also of interest (although not...
by mducharme
Sun Oct 27, 2019 3:02 am
Forum: RouterOS v7 BETA
Topic: Feature Request: MPLS Mangle and FastPath Control
Replies: 0
Views: 2466

Feature Request: MPLS Mangle and FastPath Control

Currently we have to do some overly complicated stuff with bridge filters in order to set priority for MPLS frames. It looks from the OSPF module in v7beta that you are making some enhancements for MPLS L3 VPN (Domain ID and Domain Tag support) and so I am hopeful that while this is happening you mi...
by mducharme
Sat Oct 26, 2019 5:20 am
Forum: RouterOS v7 BETA
Topic: Combined OSPFv2/OSPFv3 configuration feedback
Replies: 1
Views: 2604

Re: Combined OSPFv2/OSPFv3 configuration feedback

After looking at this a little bit more, I think this layout can make sense for OSPFv3 in isolation. Where it doesn't make sense is with OSPFv2. On interface ether1 I have neighbor formed and want to set cost of 15 on that interface. The network for that interface is 192.168.88.0/24. So now I need t...
by mducharme
Sat Oct 26, 2019 2:13 am
Forum: RouterOS v7 BETA
Topic: fq_codel or cake in v7
Replies: 48
Views: 15674

Re: fq_codel or cake in v7

I agree with this too, but first I want to see their current feature set stabilized. The sooner that happens, the sooner that they can release v7 and people can start using it in production. New features like this can be added easily later. If they try and add all new features that have been request...
by mducharme
Fri Oct 25, 2019 10:02 pm
Forum: Beginner Basics
Topic: IPv6 PPPoE and DHCP issue
Replies: 72
Views: 9471

Re: IPv6 PPPoE and DHCP issue

Your CCR1036 (which I see you have as an access concentrator from your other posts) needs to be configured with IPv6 DNS servers under IP->DNS to hand them out to the client routers. Obviously you can have both IPv4 and IPv6 DNS configured in IP->DNS on the 1036 and that is fine. Also, what Windows ...
by mducharme
Thu Oct 24, 2019 8:51 am
Forum: Announcements
Topic: v6.46beta [testing] is released!
Replies: 150
Views: 76756

Re: v6.46beta [testing] is released!

It is impossible to upgrade from 6.46beta55 to 7.0beta3 on SMIPS devices, not enough space.

After netinstall of 7.0 beta 3 there seems to be enough space for future 7.x upgrades, so the problem is that 6.46beta55 is too big.
by mducharme
Thu Oct 24, 2019 8:38 am
Forum: Forwarding Protocols
Topic: OSPFv3 adjacency with Cisco routers
Replies: 4
Views: 2719

Re: OSPFv3 adjacency with Cisco routers

FYI, this seems to be fixed in v7 beta.
by mducharme
Thu Oct 24, 2019 7:41 am
Forum: RouterOS v7 BETA
Topic: mipsbe install issues
Replies: 3
Views: 2940

Re: mipsbe install issues

Upgrade first to 6.46 latest beta.

Then download 7.0 beta 3 but don't rename it. Upload it with the name it was when downloaded and reboot. It should upgrade.
by mducharme
Thu Oct 24, 2019 7:35 am
Forum: RouterOS v7 BETA
Topic: 7.0beta3 available in testing?
Replies: 40
Views: 10924

Re: 7.0beta3 available in testing?

The problem is not enough space for upgrade with smips. But after netinstall of v7 beta 3 it looks like there is enough space for upgrade for future 7.0 beta versions. However it currently seems to be impossible to upgrade from 6.46 latest beta to v7 beta 3 on SMIPS due to not enough space.
by mducharme
Thu Oct 24, 2019 7:22 am
Forum: RouterOS v7 BETA
Topic: Combined OSPFv2/OSPFv3 configuration feedback
Replies: 1
Views: 2604

Combined OSPFv2/OSPFv3 configuration feedback

I'm not really sure whether I'm a fan of the combined OSPFv2 and OSPFv3 configuration now. It is quite different and there are fewer tabs than before, which is I suppose better in some way. But interfaces and networks are now combined into one tab, which makes it a little ambiguous regarding whether...
by mducharme
Thu Oct 24, 2019 6:34 am
Forum: RouterOS v7 BETA
Topic: 7.0beta3 available in testing?
Replies: 40
Views: 10924

Re: 7.0beta3 available in testing?

SMIPS failing also. Was getting the ERROR: missing routeros-smips-7.0beta3.npk ... so, attempted to manually upgrade from 6.46beta55 Confirmed, I have the same problem trying to upgrade from the latest 6.46 beta on hap mini. Wound up doing netinstall. However it looks like after installing 7.0 ther...
by mducharme
Fri Oct 18, 2019 8:59 am
Forum: Wireless Networking
Topic: Slow 5GHz
Replies: 3
Views: 1596

Re: Slow 5GHz

You're using local forwarding = no which has a big negative impact on performance.
by mducharme
Wed Oct 16, 2019 6:31 am
Forum: Scripting
Topic: dns to address lists scripts.
Replies: 10
Views: 12250

Re: dns to address lists scripts.

What is the point in using that script today? Address lists have built in support for DNS.
by mducharme
Tue Oct 15, 2019 7:37 am
Forum: Forwarding Protocols
Topic: HTTP Downloads cancels when LDP enabled
Replies: 5
Views: 2356

Re: HTTP Downloads cancels when LDP enabled

What is your advertise filter set to?
by mducharme
Fri Sep 27, 2019 2:28 am
Forum: RouterOS v7 BETA
Topic: RouterOS v7.0beta2 bug fund
Replies: 9
Views: 5111

Re: RouterOS v7.0beta2 bug fund

If it were not locked, people might reply to the bug report instructions post with their bug report. The bugs are supposed to be submitted as new posts in the main forum, not as replies to the bug report instructions.
by mducharme
Wed Sep 04, 2019 9:59 pm
Forum: RouterBOARD hardware
Topic: WAPG60ADM new 60 GHz product
Replies: 18
Views: 5924

Re: WAPG60ADM new 60 GHz product

Yes, M could be for Mesh possibly. Could it be for Terragraph?

https://terragraph.com/

https://blog.mikrotik.com/announcements ... graph.html
by mducharme
Mon Sep 02, 2019 9:23 pm
Forum: Announcements
Topic: Suggestions requested: general hotspot controller improvements in functionality
Replies: 11
Views: 7430

Re: Suggestions requested: general hotspot controller improvements in functionality

I know this is an older topic now but I have some feedback. I would like to see some kind of built-in option for hours of operation - I was able to work around this outside of the Hotspot system with firewall rules matching on the date and time and blocking traffic (redirecting to web proxy) when it...
by mducharme
Fri Aug 30, 2019 12:21 am
Forum: Forwarding Protocols
Topic: OSPFv3 adjacency with Cisco routers
Replies: 4
Views: 2719

Re: OSPFv3 adjacency with Cisco routers

I suspect that the CCR is getting confused by the fact that the same router has the same routerID and same link-local address on both interfaces. Is this the case? Yes - MikroTik OSPFv3 currently uses the neighbor device's link local address as the sole unique identifier for the neighbor relationsh...
by mducharme
Sun Aug 25, 2019 10:59 pm
Forum: General
Topic: Hotspot and HTTPS? What solutions?
Replies: 58
Views: 10972

Re: Hotspot and HTTPS? What solutions?

But recently, I added a Windows 10 machine on the network which does NOT have IPv6, no address, no RA, no DHCPv6 server, and it had connectivity problems. Looking in "ipconfig /all" I saw that it had obtained 3 IPv6 addresses belonging to the 3 networks it isn't connected to! For now I disabled the...
by mducharme
Sun Aug 25, 2019 5:25 am
Forum: General
Topic: Hotspot and HTTPS? What solutions?
Replies: 58
Views: 10972

Re: Hotspot and HTTPS? What solutions?

I don't run IPv6 anywhere yet but knowing about this helps greatly because there may be a server which has had DHCPv4 turned off, but DHCPv6 was forgotten and left on. Or a router got installed that had IPv6 package installed for testing and again same problem. A router with the IPv6 package simply...
by mducharme
Sun Aug 25, 2019 4:12 am
Forum: General
Topic: Hotspot and HTTPS? What solutions?
Replies: 58
Views: 10972

Re: Hotspot and HTTPS? What solutions?

No problem. Related to this, I just found this page here has a MikroTik DNS "fix" for captive portal issues: https://socifi-doc.atlassian.net/wiki/spaces/SC/pages/94601401/Mikrotik+DNS+Fix+to+keep+Android+Splash+Page+and+the+Captive+Portal+Notification+active Why do they need a DNS "fix"? Their SOCI...
by mducharme
Sun Aug 25, 2019 3:45 am
Forum: General
Topic: Hotspot and HTTPS? What solutions?
Replies: 58
Views: 10972

Re: Hotspot and HTTPS? What solutions?

But as I keep saying, I want some actual information on this. Not just 'it should work' HOW does it work? I would like information on how all devices detect hotspot in the first place. Not just a brief overview of "they try and connect to a site and if it fails it'll show you the login page" that d...
by mducharme
Sun Aug 18, 2019 10:19 am
Forum: General
Topic: SNMP doesn't work with asymmetric routes?
Replies: 32
Views: 9386

Re: SNMP doesn't work with asymmetric routes?

I found another 'workaround' for this in case setting src-address doesn't work for you (perhaps you have an IP through DHCP)

/ip firewall mangle add action=mark-routing chain=output new-routing-mark=main passthrough=yes protocol=udp src-port=161
by mducharme
Sat Aug 17, 2019 2:06 pm
Forum: General
Topic: Hotspot and HTTPS? What solutions?
Replies: 58
Views: 10972

Re: Hotspot and HTTPS? What solutions?

My main focus here is not in actually trying to redirect HTTPS, I really honestly don't give a flying stuff about that The real issue is simply when hotspot detection fails, the user gets no prompt or no notification in any way that they need to first 'sign in' and the normal behavior is they just ...
by mducharme
Fri Aug 02, 2019 9:07 pm
Forum: General
Topic: CRS317-1G-16S+RM as storage switch
Replies: 4
Views: 1436

Re: CRS317-1G-16S+RM as storage switch

The concern that I would have is that iSCSI traffic is very bursty and I have heard that switches with large buffers are important for good iSCSI performance. I have not seen any information regarding buffer size with the MikroTik switches. We use the CRS317 for have other applications, but have not...
by mducharme
Thu Jul 25, 2019 7:57 pm
Forum: Announcements
Topic: v6.44.5 [long-term] is released!
Replies: 100
Views: 52515

Re: v6.44.5 [long-term] is released!

Updateing to 6.44.5 brings a problem with PPOE Server. Using a Remote Address in PPP Secret which is from a pool this address is not reserved/blocked. So PPPOE-Server uses this IP twice. Hard to find the problem as pings alway go through from the server side but customers complain like mad. So the ...
by mducharme
Fri Jul 19, 2019 8:16 pm
Forum: Announcements
Topic: v6.44.5 [long-term] is released!
Replies: 100
Views: 52515

Re: v6.44.5 [long-term] is released!

I got problem with dhcp-relay , after upgrade my client cannot get address.
Now I downgrade to version 6.43.16 it work fine.
FYI we have tested this on our devices - DHCP relay is working fine for us on 6.44.5.
by mducharme
Tue Jul 16, 2019 12:39 am
Forum: Forwarding Protocols
Topic: PPPoE over VPLS Tunnel - Client Ping mac server pppoe but it does not connect
Replies: 6
Views: 2575

Re: PPPoE over VPLS Tunnel - Client Ping mac server pppoe but it does not connect

When you do ping, its travel via IP protocols with ospf support. Try to look at your mpls LSP to your pppoe server. Dont work. In R3 adding an IP and pinged to R1. But if I add this ip on the client that is on the R3 bridge I can not ping. You'll have to share more of your config to get proper assi...
by mducharme
Sat Jul 13, 2019 7:51 pm
Forum: General
Topic: Routing Question: Not able to get 1 gbps through our gateway with our router inline can without it
Replies: 8
Views: 1758

Re: Routing Question: Not able to get 1 gbps through our gateway with our router inline can without it

It's a multi thread test such as speedtest.net I have also worked with my upstream provider to setup a speedtest called truespeed this is a test from their data center to my gateway. Same poor results on both test. Hooked directly to their copper gateway port I get tcp throughput in the 940mbps are...
by mducharme
Thu Jul 11, 2019 10:12 pm
Forum: Forwarding Protocols
Topic: OSPF Loopback + MPLS Loopback
Replies: 7
Views: 3126

Re: OSPF Loopback + MPLS Loopback

The main reason why you would want to do something like this is if you wanted to have traffic from loopback to loopback that didn't have an MPLS label. If the advertisement filter is set to only advertise the MPLS loopbacks and not the other loopback, you can use the other loopback for cases where y...
by mducharme
Thu Jul 11, 2019 10:07 pm
Forum: Announcements
Topic: v6.46beta [testing] is released!
Replies: 150
Views: 76756

Re: v6.46beta [testing] is released!

3) Update server to the v6.45beta9;
4) Then update all the hosts to the v6.45beta9;
Don't you mean v6.46beta9?
by mducharme
Thu Jul 11, 2019 3:54 am
Forum: General
Topic: DHCPd specific IP addresses to specific physical ETHx ports.
Replies: 5
Views: 993

Re: DHCPd specific IP addresses to specific physical ETHx ports.

I don't believe proxy ARP is a good solution for your needs, it is a bit of a hack. You are better off assigning subnets to each port (i.e. allocate a bunch of /30 subnets) and set up a dhcp server for each.