Community discussions

MikroTik App

Search found 1274 matches

by mducharme
Sat May 08, 2021 6:11 am
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36261

Re: v7.1beta5 [development] is released!

Can you post the rules? Ive seen 3 others post about ipv6 connection tracking being broken. Another one is in this exact same thread. Hi, you can get the rules from your own device easily: /system default-configuration print Make sure your window is wide enough first or the ends of the lines will b...
by mducharme
Sat May 08, 2021 2:40 am
Forum: General
Topic: Mikrotik Audience vlan filtering and dhcp issues [SOLVED]
Replies: 6
Views: 193

Re: Mikrotik Audience vlan filtering and dhcp issues [SOLVED]

I fixed that by moving WLAN interfaces to Tagged, but why are they tagged, aren't they treated like access interfaces? When you configure a wireless interface with a VLAN ID in the wireless settings, the tag is added by the wireless interface itself. In other words, by setting vlan-id in a wireless...
by mducharme
Sat May 08, 2021 2:27 am
Forum: General
Topic: Mikrotik Audience vlan filtering and dhcp issues [SOLVED]
Replies: 6
Views: 193

Re: Mikrotik Audience vlan filtering and dhcp issues [SOLVED]

a client connected to port 2 (physical on audience) gets a dhcp lease just fine, the wireless only are the problem Hello, I think you have unintentionally done Q-in-Q. You have configured your wireless interface to add a VLAN tag for VLAN 10 or 20, which is fine, but then you have bridge VLAN filte...
by mducharme
Thu May 06, 2021 3:32 am
Forum: Wireless Networking
Topic: Caps-man with vlans and cAP with vlans on switch chip problem
Replies: 6
Views: 259

Re: Caps-man with vlans and cAP with vlans on switch chip problem

I am certain I am doing something wrong (in datapaths probably) and I am missing something obvious... In "/interface wireless cap" on the two devices, you don't appear to have the "bridge" set. In the case of local-forwarding (which you are using), the bridge= setting in the dat...
by mducharme
Wed May 05, 2021 8:54 am
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36261

Re: v7.1beta5 [development] is released!

It appears IPV6 connection tracking does not work on 7.5Beta5?
It works fine for me, but I am using the factory default MikroTik IPv6 firewall config and not the one from help.mikrotik.com that you pasted.
by mducharme
Tue May 04, 2021 3:58 am
Forum: General
Topic: IPv6 ICMP ok but no TCP traffic
Replies: 20
Views: 697

Re: IPv6 ICMP ok but no TCP traffic

/ipv6 firewall mangle add action=change-mss chain=forward comment=\ "update PMTU for PPPoE via WAN" new-mss=clamp-to-pmtu \ out-interface=pppoe-out1 packet-size=1421-65535 passthrough=yes protocol=\ tcp tcp-flags=syn[/code] What if you hard-set the new-mss instead of new-mss=clamp-to-pmtu...
by mducharme
Tue May 04, 2021 2:02 am
Forum: General
Topic: VPN L2TP/IPSEC RouterOS 6.11
Replies: 18
Views: 623

Re: VPN L2TP/IPSEC RouterOS 6.11

I can't do any updates on this mikrotik because my vendor sais that we had a lot of configurations that will get not working as there have been so many changes from 6.11 to 6.4X. So, If I do the update, there are a lot of things that could get wrong and will have to fix it in a production firewall....
by mducharme
Mon May 03, 2021 11:47 pm
Forum: General
Topic: IPv6 ICMP ok but no TCP traffic
Replies: 20
Views: 697

Re: IPv6 ICMP ok but no TCP traffic

If an MTU issue would be the cause, then it would also be applicable on IPv4 ? No - with IPv4, routers in between the source and destination are allowed to fragment packets, but not with IPv6. So in the event that the server sends the customer a 1500 byte packet, the ISP PPPoE concentrator router c...
by mducharme
Mon May 03, 2021 9:04 pm
Forum: RouterOS v7 BETA
Topic: Feature Request: CAPsMAN - Add dynamic bridge VLAN entries for Access List Rules
Replies: 4
Views: 369

Re: Feature Request: CAPsMAN - Add dynamic bridge VLAN entries for Access List Rules

I know that I can turn off bridge VLAN filtering, but if I want to use the extra port(s) on a cAP ac or hAP ac as access ports, the only other way besides VLAN filtering is to mess around with VLAN interfaces and extra bridges. I wouldn't say this is the case - what I usually do is I configure the ...
by mducharme
Mon May 03, 2021 8:31 pm
Forum: General
Topic: IPv6 ICMP ok but no TCP traffic
Replies: 20
Views: 697

Re: IPv6 ICMP ok but no TCP traffic

I would look at MTU as well especially since it is PPPoE - perhaps the 1500 byte response is not making it back to you.

Ideally if your ISP supports RFC4638 (getting 1500 MTU over PPPoE by making the PPPoE packets slightly oversize) you can eliminate most MTU issues by configuring that.
by mducharme
Mon May 03, 2021 6:12 am
Forum: Beginner Basics
Topic: Do I need to Upgrade my Mikrotik to Take Advantage of Fiber?
Replies: 5
Views: 299

Re: Do I need to Upgrade my Mikrotik to Take Advantage of Fiber?

I am not network savvy and I just upgraded to Google Fiber from a Comcast 250Mbps connection. I have an RB2011UiAS-2HnD-IN and was thinking it would be sufficient. Yes, you should upgrade. For sizing, go onto the products page and look at the device "Test Results" tab, specifically the 51...
by mducharme
Sat May 01, 2021 7:33 am
Forum: Useful user articles
Topic: Using RouterOS to VLAN your network
Replies: 172
Views: 120037

Re: Using RouterOS to VLAN your network

Ah okay got it, capsman and vlans is like mixing beer and wine.......and then drinking vodka LOL It isn't only with CAPsMAN - you can also assign VLANs to different clients on a single SSID without CAPsMAN using an access list that assigns the VLAN tag based on the MAC, or with RADIUS assigning per...
by mducharme
Fri Apr 30, 2021 6:28 pm
Forum: RouterOS v7 BETA
Topic: Feature Request: CAPsMAN - Add dynamic bridge VLAN entries for Access List Rules
Replies: 4
Views: 369

Re: Feature Request: CAPsMAN - Add dynamic bridge VLAN entries for Access List Rules

If an access list rule contains a VLAN-ID, add a dynamic VLAN rule to the bridge for each WiFi interface which is matched by the rule. I agree it would be nice to have a solution for this, but in most cases you can simply avoid using bridge VLAN filtering on the CAP device and use it only on the sw...
by mducharme
Fri Apr 30, 2021 5:56 pm
Forum: Wireless Networking
Topic: Can cAP decide channel in a smarter way
Replies: 8
Views: 557

Re: Can cAP decide channel in a smarter way

None. If I use the configuration random 2ghz (see above), which has channels 1, 6 and 11, what would you suggest to put as reselect-interval? That's up to you - it depends on how often you want it to rescan for possible interference and check to see whether it should change channels. Doing it too o...
by mducharme
Fri Apr 30, 2021 12:54 am
Forum: Wireless Networking
Topic: Can cAP decide channel in a smarter way
Replies: 8
Views: 557

Re: Can cAP decide channel in a smarter way

I did start with all channels, but the signal was bad in the kitchen.
So what is your reselect-interval set to under channels, as mfrey said? Normally this is solved by setting reselect-interval - I'm not sure if you missed that in mfrey's message or if you tried that but it isn't working.
by mducharme
Thu Apr 29, 2021 5:07 am
Forum: Beginner Basics
Topic: MAC VLAN on CRS354-48G
Replies: 18
Views: 1038

Re: MAC VLAN on CRS354-48G

One remark: I had to remove the ports from the default "bridge" first, Hence I couldn't find out how to do it in command line I used the WebGUI - sorry for that ;-) You have two bridges then? Hardware acceleration can only work in one bridge on a router - are you setting hw=no on the rema...
by mducharme
Wed Apr 28, 2021 6:39 pm
Forum: Useful user articles
Topic: Using RouterOS to VLAN your network
Replies: 172
Views: 120037

Re: Using RouterOS to VLAN your network

Hi Mudharm, I use capac and bridge vlan filtering with great success (and no capsman). I use a vlan per SSID to separate users. What am I missing here?? You are talking about per-SSID VLANs - those work fine with bridge VLAN filtering. I'm talking about per-user VLANs with a single SSID - that does...
by mducharme
Wed Apr 28, 2021 5:48 pm
Forum: Beginner Basics
Topic: MAC VLAN on CRS354-48G
Replies: 18
Views: 1038

Re: MAC VLAN on CRS354-48G

Does this make more sense now? No, this does not agree with the example configuration MikroTik posted on their wiki. First they have this, which is clear: /interface bridge add name=bridge1 vlan-filtering=yes /interface bridge port add bridge=bridge1 interface=ether2 hw=yes add bridge=bridge1 inter...
by mducharme
Tue Apr 27, 2021 7:49 pm
Forum: Beginner Basics
Topic: MAC VLAN on CRS354-48G
Replies: 18
Views: 1038

Re: MAC VLAN on CRS354-48G

Whilst switch rules would map unicast traffic to specific VLANs any broadcast/multicast traffic would not be, likely breaking things. This is not entirely the case, but I find the MAC based VLAN support problematic in other ways and we have not used it. The way MikroTik wants it configured is to ma...
by mducharme
Tue Apr 27, 2021 4:48 am
Forum: Useful user articles
Topic: Using RouterOS to VLAN your network
Replies: 172
Views: 120037

Re: Using RouterOS to VLAN your network

As sindy suggested, for any CAPs you are using, I would generally recommend *not* using bridge VLAN filtering on the CAP itself. Use it on the routers and the switches, but not the CAP. The issue is that bridge VLAN filtering artificially limits what you can do with the CAP. For instance, normally y...
by mducharme
Tue Apr 27, 2021 3:49 am
Forum: RouterOS v7 BETA
Topic: Interface setting proxy-arp could be broken
Replies: 1
Views: 259

Re: Interface setting proxy-arp could be broken

With my L2TP/IPsec tunnels I can't get proxy-arp working with 7.1beta5, as I can't get ARP from any devices on the local network. Regular websites work just fine and I can connect to the router itself, but nothing else. It's sad that so much stuff is broken in the 7.1 betas and I can't just not use...
by mducharme
Mon Apr 26, 2021 7:21 pm
Forum: Beginner Basics
Topic: hAP ac3 not sending Router Advertisements, SLAAC fails [SOLVED]
Replies: 5
Views: 594

Re: hAP ac3 not sending Router Advertisements, SLAAC fails [SOLVED]

Do you have to disable and then re-enable this setting each time you reboot your router? Or does disabling/re-enabling change something magically in the configuration? You can try it on your device - I was helping somebody remotely with this issue who was having it on several devices and disabling/...
by mducharme
Mon Apr 26, 2021 2:20 am
Forum: Announcements
Topic: SwOS version 2.12 released!
Replies: 99
Views: 54038

Re: SwOS version 2.12 released!

RB260GSP, restricting forwarding does not work. The switch forwards traffic between all ports even when unchecking forwarding options.
by mducharme
Sat Apr 24, 2021 11:38 pm
Forum: Beginner Basics
Topic: hAP ac3 not sending Router Advertisements, SLAAC fails [SOLVED]
Replies: 5
Views: 594

Re: hAP ac3 not sending Router Advertisements, SLAAC fails [SOLVED]

I don't know why the initial setup had configured interface=all, but it was obviously incorrect. I just encountered this same issue for the first time. The problem is not the default interface=all - it is not incorrect. In fact, disabling the default "interface=all" and re-enabling it cau...
by mducharme
Fri Apr 23, 2021 3:52 am
Forum: General
Topic: Unstable MAC Winbox connection
Replies: 12
Views: 605

Re: Unstable MAC Winbox connection

Ok, if you are right and i can confirm that oversized MAC winbox packets was the problem how to resolve the issue? You might be able to increase the L2 MTU that your PC is allowed to receive by enabling Jumbo Frames or some other option in the network card settings, or by upgrading the driver to a ...
by mducharme
Thu Apr 22, 2021 10:21 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36261

Re: v7.1beta5 [development] is released!

I've accidently rebooted my RB4011 (without WiFi) after 5 days uptime on 7.1beta5. All was running fine but since this reboot it crashes every about 4 hours. Happened six times now. Sometimes a bit less than 4 hours, sometimes a little above. Make sure your RouterBOOT firmware is also upgraded to 7...
by mducharme
Thu Apr 22, 2021 8:41 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36261

Re: v7.1beta5 [development] is released!

Will the new architecture for routing and routing protocols in v7 fix this? If not, please think about a fix. E.g. some setting per interface to copy connected route to some specified table. (it could be that using the VRF feature could solve part of these issues, but unfortunately there is too lit...
by mducharme
Thu Apr 22, 2021 3:09 am
Forum: General
Topic: Unstable MAC Winbox connection
Replies: 12
Views: 605

Re: Unstable MAC Winbox connection

PROBLEM: Winbox connects to device using MAC address but connection breaks after couple of seconds, at this short time i cannot do anything. Winbox was running on Windows laptop with 1gbps LAN integrated on MOBO. Do you folks have same problem? How do you resolve this issue? Hello, I have seen this...
by mducharme
Wed Apr 21, 2021 1:53 pm
Forum: General
Topic: IPV6 was working but has now stopped
Replies: 24
Views: 870

Re: IPV6 was working but has now stopped

I have been looking at the setup for 5 days without understanding what is wrong. I'm desperate Have you tried rebooting the router? I've come across a glitch once or twice where router advertisements stop being sent and a reboot has corrected the issue. It is very rare though - last time it happene...
by mducharme
Tue Apr 20, 2021 2:22 am
Forum: Useful user articles
Topic: MikroTik Wireguard server with Road Warrior clients
Replies: 2
Views: 1000

Re: MikroTik Wireguard server with Road Warrior clients

I would like to apply this setup on 7.1b5 in Webfig. However I'm not able to set the allowed-address for the server peer config, the field gets cleared when pressing Apply and is not saved when pressing OK. Is this some bug? Any other way to make this work? Thanks... I'm new to RouterOS. Yes, I hav...
by mducharme
Sat Apr 17, 2021 11:16 pm
Forum: Wireless Networking
Topic: CAPsMAN 5ghz - no supported channel [SOLVED]
Replies: 24
Views: 1827

Re: CAPsMAN 5ghz - no supported channel [SOLVED]

Yes, I did it already. It is currently 6.48.2. It was thinking that the router in the apartment above is making an interference with my router, but it supports only 2.4 ghz. For now (after removing some of the channels) it seems OK. Would you suggest using only 1 channel, or allowing the router to ...
by mducharme
Sat Apr 17, 2021 11:10 pm
Forum: Wireless Networking
Topic: CAPsMAN 5ghz - no supported channel [SOLVED]
Replies: 24
Views: 1827

Re: CAPsMAN 5ghz - no supported channel [SOLVED]

Yes, I did it already. It is currently 6.48.2. It was thinking that the router in the apartment above is making an interference with my router, but it supports only 2.4 ghz. For now (after removing some of the channels) it seems OK. Would you suggest using only 1 channel, or allowing the router to ...
by mducharme
Sat Apr 17, 2021 10:26 pm
Forum: Wireless Networking
Topic: CAPsMAN 5ghz - no supported channel [SOLVED]
Replies: 24
Views: 1827

Re: CAPsMAN 5ghz - no supported channel [SOLVED]

I don't understand fully what you mean. I did update the packages and then I updated the firmware of both CAPs and RB4011. Should I do something more? Go into System->RouterBOARD and make sure that current firmware version is the same as the upgrade firmware version. If they are different, hit the ...
by mducharme
Sat Apr 17, 2021 9:58 pm
Forum: Wireless Networking
Topic: CAPsMAN 5ghz - no supported channel [SOLVED]
Replies: 24
Views: 1827

Re: CAPsMAN 5ghz - no supported channel [SOLVED]

I did update it yesterday.
OK. Just to clarify in case you were not aware - the RouterBOOT upgrade is separate from the RouterOS upgrade. Upgrading RouterOS itself will not also upgrade the RouterBOOT firmware unless auto upgrade is enabled for RouterBOOT.
by mducharme
Sat Apr 17, 2021 9:22 pm
Forum: General
Topic: RB4011 sometimes maxes 1 core
Replies: 4
Views: 399

Re: RB4011 sometimes maxes 1 core

I have RB4011 and it does not always spread the load on other cores, doing a speed test it sometimes uses multiple cores but it sometimes gets stuck on 1 core using 100 percent. Is this some kind of problem with the router? ISP is DHCP (IPOE) Thanks Use tool profile to see what processes are taking...
by mducharme
Sat Apr 17, 2021 8:48 pm
Forum: Wireless Networking
Topic: CAPsMAN 5ghz - no supported channel [SOLVED]
Replies: 24
Views: 1827

Re: CAPsMAN 5ghz - no supported channel [SOLVED]

I forced the cap with issues on channel 1. It seems OK for now. I also had a nearby channel 48, so I removed it from the list of channels for 5ghz, now I am only on channels 36,40 and 44. It does seem OK for now. For some reason (not sure if it is this), it seems the throughput of the wireless got ...
by mducharme
Sat Apr 17, 2021 4:12 am
Forum: RouterOS v7 BETA
Topic: L2TP BCP is broken
Replies: 3
Views: 320

Re: L2TP BCP is broken

So, you're saying it likely won't be fixed until stable v7 comes out? That's worse than Ubiquiti! I'm saying that if it is caused by one of these Linux GPL customizations that they haven't made yet, they will most likely only fix it when they feel it is getting closer to a stable release. If they i...
by mducharme
Sat Apr 17, 2021 4:00 am
Forum: RouterOS v7 BETA
Topic: L2TP BCP is broken
Replies: 3
Views: 320

Re: L2TP BCP is broken

After upgrading my router to v7 my L2TP BCP setup is broken. No packets can make it across, and I double checked the MTU/MTU/MRRU settings. Are there any changes in v7 that I might to work around to fix this? I spent an hour on my phone during a wedding trying to get the connection to work again. M...
by mducharme
Fri Apr 16, 2021 3:56 am
Forum: Forwarding Protocols
Topic: QoS in VPLS
Replies: 21
Views: 1333

Re: QoS in VPLS

Hello again, Thanks to your advice, setting up the EXP field seems to be working correctly :) I will verify it tomorrow, thank you for now! Something that needs to be clarified is that queue priority values are different than packet priority values (MPLS EXP bit, VLAN PCP). With queue priority, a l...
by mducharme
Fri Apr 16, 2021 1:30 am
Forum: Forwarding Protocols
Topic: QoS in VPLS
Replies: 21
Views: 1333

Re: QoS in VPLS

There's another problem too - he seems have configured the bridge filter to set the priority for the packets that have just been received over the VPLS tunnel instead of the packets that he is about to send over the VPLS tunnel. You probably want to set EXP for the packets that you are about to send...
by mducharme
Thu Apr 15, 2021 9:39 pm
Forum: Useful user articles
Topic: Using RouterOS to VLAN your network
Replies: 172
Views: 120037

Re: Using RouterOS to VLAN your network

I disagree, I find it very confusing to have set PVID on the bridge ports and then not put the associated untagged entries on the bridge vlan. When reading a config its dirt easy visually to see what a person has done. Its so difficult to have to double check a config when not seeing the config, es...
by mducharme
Thu Apr 15, 2021 8:20 pm
Forum: Forwarding Protocols
Topic: Routing over ipsec
Replies: 8
Views: 1136

Re: Routing over ipsec

GRE over IPsec is fine. In the (hopefully near) future, probably IPsec VTI will be an option in RouterOS v7.
by mducharme
Thu Apr 15, 2021 4:46 am
Forum: Forwarding Protocols
Topic: QoS in VPLS
Replies: 21
Views: 1333

Re: QoS in VPLS

Another thing to realize as I think he has them backwards. Queue priorities are highest..1, to lowest..8. Vs COS/packet highest..7, to lowest..0. He has net control as queue priority 7.
Nice catch, missed that. Yes he has the queue priorities backwards.
by mducharme
Thu Apr 15, 2021 4:31 am
Forum: Forwarding Protocols
Topic: QoS in VPLS
Replies: 21
Views: 1333

Re: QoS in VPLS

If he doesn't know or realize, queue priority is only that. Will not transfer to packet or exp priority. As he has the queues built. Yes, exactly, I suspect he might think that the queue priority is somehow going to transfer to packet priority/EXP. And of course, as you say, that is not the case.
by mducharme
Thu Apr 15, 2021 4:21 am
Forum: Forwarding Protocols
Topic: QoS in VPLS
Replies: 21
Views: 1333

Re: QoS in VPLS

If thats his edge router egress traffic into his mpls core, it should show proper priority in the EXP field if he has it set correctly no? (Assuming that packet is one hes expecting to have a priority other than 0) That's what I mean - in his updated config snippet posted above, he isn't setting an...
by mducharme
Thu Apr 15, 2021 2:19 am
Forum: Forwarding Protocols
Topic: QoS in VPLS
Replies: 21
Views: 1333

Re: QoS in VPLS

That is strange because I can't see the EXP field changing its value. I made a mirror port on a port going to MPLS cloud and dumped frames with Wireshark:
You no longer have any set-priority actions to set the priority to anything other than 0 - that's why you don't see anything.
by mducharme
Wed Apr 14, 2021 6:40 pm
Forum: Forwarding Protocols
Topic: QoS in VPLS
Replies: 21
Views: 1333

Re: QoS in VPLS

Thank you for a comment. At the moment I have this sample configuration on the LER router, unfortunately the packets are not classified correctly: You can't use mangle on the traffic if the device is bridging it - only if it is routing it. In this case it is being bridged so it will never hit the m...
by mducharme
Wed Apr 14, 2021 5:11 am
Forum: Beginner Basics
Topic: hEX-S "advanced" setup with VLANs, dynamic DNS, CAPsMAN, etc.
Replies: 13
Views: 873

Re: first significant confusion | Re: hEX-S "advanced" setup with VLANs, dynamic DNS, CAPsMAN, etc.

Can I assign the same range to VLAN10? I think NOT -- the VLAN10 would conflict with the bridge, right? This also begs the additional question: if everything is VLANed, does the bridge even need to have IP addresses assigned to it? On the other hand, if I remove addresses from the bridge, will VLAN...
by mducharme
Wed Apr 14, 2021 2:47 am
Forum: Useful user articles
Topic: MikroTik Wireguard server with Road Warrior clients
Replies: 2
Views: 1000

MikroTik Wireguard server with Road Warrior clients

This is just intended as a basic config example for how to set up wireguard VPN on MikroTik for road warrior clients like iOS devices: MikroTik wireguard server config: # a private and public key will be automatically generated when adding the wireguard interface /interface wireguard add listen-port...
by mducharme
Wed Apr 14, 2021 12:15 am
Forum: General
Topic: Multicast over L2TP/IPSec
Replies: 4
Views: 430

Re: Multicast over L2TP/IPSec

4. Also if multicast works correctly, the clients can talk to each other as P2P devices which can ensure good latency/stability L2TP clients cannot communicate with each other directly by definition - any traffic from one client to another would have to go to your VPN concentrator CHR and back again.
by mducharme
Tue Apr 13, 2021 2:42 pm
Forum: General
Topic: Multicast over L2TP/IPSec
Replies: 4
Views: 430

Re: Multicast over L2TP/IPSec

So basically I have a cloud instance of RouterOS 6.47.9 CHR. It has a public IPv4 address on ether1 (also WAN interface). 1. First I couldn't get IPSec/L2TP to work with Windows 10 client, even after trying out different ciphers and options. It worked with Android and iOS, however. 2. How would I g...
by mducharme
Tue Apr 13, 2021 1:44 am
Forum: General
Topic: Graphing IPv4 and IPv6 Traffic
Replies: 3
Views: 273

Re: Graphing IPv4 and IPv6 Traffic

What you can do as a workaround is to set up queues for some very high rate (a lot more than you need, so that it actually doesn't really limit the clients at all), one for IPv4 traffic and one for IPv6 traffic, and graph the queues.
by mducharme
Mon Apr 12, 2021 6:43 am
Forum: Forwarding Protocols
Topic: PBR - issues
Replies: 3
Views: 373

Re: PBR - issues

But I'm unable to access pppoe user's router remotely. And even unable to access my Wireless ubnt & Mikrotik Access Point in web browser IP of Mikrotik and Ubnt wireless Access point in this network 172.20.20.0/24. Help..!! Policy based routing is always taken very literally and so you have to ...
by mducharme
Sun Apr 11, 2021 6:28 am
Forum: Wireless Networking
Topic: CAPsMAN 5G doesn't work
Replies: 38
Views: 1758

Re: CAPsMAN 5G doesn't work

Also, comparing brazil with brazil-anatel: [admin@Michael-RB4011] > in wireless info country-info brazil ranges: 5170-5250/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(20dBm)/passive,indoor 5250-5330/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(20dBm)/dfs,passive 5490-5710/a,an20,an40,ac20,ac40,ac80,ac160,a...
by mducharme
Sun Apr 11, 2021 6:19 am
Forum: Wireless Networking
Topic: CAPsMAN 5G doesn't work
Replies: 38
Views: 1758

Re: CAPsMAN 5G doesn't work

But the weirdest part is that without CAPsMAN, I never seemed to have problems with the 5GHz band. It is not too surprising to me unfortunately. It seems that CAPsMAN is not quite as smart as the regular wireless setup when it comes to only selecting channels that will be supported by the devices. ...
by mducharme
Sun Apr 11, 2021 5:47 am
Forum: Wireless Networking
Topic: CAPsMAN 5G doesn't work
Replies: 38
Views: 1758

Re: CAPsMAN 5G doesn't work

I'll keep an eye on this, and if they ever stop working again, I'll check out their frequencies and post here again. But I'd really like to understand what was going on... You are still using secondary channels and probably don't need to be. Also, I don't know enough about wifi regulations in Brazi...
by mducharme
Sun Apr 11, 2021 5:07 am
Forum: Wireless Networking
Topic: CAPsMAN 5G doesn't work
Replies: 38
Views: 1758

Re: CAPsMAN 5G doesn't work

It's been at least 5 minutes they both finished the radar scanning and are "running ap". Both of those are outdoor frequencies, at least in many countries - in the CAPsMAN->Configurations tab, double click on your config, and make sure the country is properly set, and installation is set ...
by mducharme
Sun Apr 11, 2021 4:32 am
Forum: Wireless Networking
Topic: CAPsMAN 5G doesn't work
Replies: 38
Views: 1758

Re: CAPsMAN 5G doesn't work

I'm running two RB4011iGS+5HacQ2HnD-IN, one as CAPsMAN and the other as CAP. It was way cheaper then buying a switch and a wireless-capable device, and saved me a lot of space and cables/wires. CAPsMAN is running 5500/20-Ceee/ac/DP(15dBm)+5770/80(15dBm). Seems to be working. CAP is running 5740/20-...
by mducharme
Sun Apr 11, 2021 2:27 am
Forum: Wireless Networking
Topic: CAPsMAN 5G doesn't work
Replies: 38
Views: 1758

Re: CAPsMAN 5G doesn't work

The problem is that the router (the CAPs Manager) is now working with this new CAPsMAN config we came to, but the CAP itself isn't (again, only the 5Ghz network).
What cap device are you using and what frequency has it selected on 5GHz?
by mducharme
Sat Apr 10, 2021 5:33 am
Forum: Wireless Networking
Topic: CAPsMAN 5G doesn't work
Replies: 38
Views: 1758

Re: CAPsMAN 5G doesn't work

Forgot to tell you that they're up to date since day one, Rboard fw included! I also changed the forbid thing. It was in Mikrotik's "example tutorial". I think it doesn't change much is your don't have another CAPsMAN on the network. But it's allowed now. If you reset it and it is working...
by mducharme
Fri Apr 09, 2021 8:15 am
Forum: Wireless Networking
Topic: CAPsMAN 5G doesn't work
Replies: 38
Views: 1758

Re: CAPsMAN 5G doesn't work

/caps-man manager interface
set [ find default=yes ] forbid=yes
On mine this is forbid=no, I think forbid=yes is incorrect. But I'm not sure that is related to your issue here.
by mducharme
Fri Apr 09, 2021 8:10 am
Forum: Wireless Networking
Topic: CAPsMAN 5G doesn't work
Replies: 38
Views: 1758

Re: CAPsMAN 5G doesn't work

Wait, maybe I have some beacons, but they are extremely weak and curiously not really centered around the same frequency (maybe 5MHz for this or that side randomly), but this could be just noise. Try upgrading RouterOS and also make sure that your routerboard firmware is upgraded via system->router...
by mducharme
Fri Apr 09, 2021 7:52 am
Forum: Wireless Networking
Topic: CAPsMAN 5G doesn't work
Replies: 38
Views: 1758

Re: CAPsMAN 5G doesn't work

Main: 5740/20-Ceee/ac(15dBm)+5570/80/DP(15dBm)
AP: 5740/20-Ceee/ac(15dBm)+5570/80/DP(15dBm)
You shouldn't have this +5570/80/DP(15dBm)

That means you have a secondary-frequency enabled, which isn't compatible with all situations.
by mducharme
Fri Apr 09, 2021 7:45 am
Forum: Wireless Networking
Topic: CAPsMAN 5G doesn't work
Replies: 38
Views: 1758

Re: CAPsMAN 5G doesn't work

That is how it was in the beginning (config.rsc is attached in the first post). No, it isn't exactly the same as how it was in the beginning: channel.extension-channel=XXXX In your first post, you had that set. The issue is that I have found that XXXX extension channel can cause major issues when u...
by mducharme
Fri Apr 09, 2021 7:27 am
Forum: Wireless Networking
Topic: CAPsMAN 5G doesn't work
Replies: 38
Views: 1758

Re: CAPsMAN 5G doesn't work

/caps-man channel add band=5ghz-n/ac control-channel-width=20mhz extension-channel=Ceee \ frequency=5170,5190,5230,5270,5310,5510,5550,5590,5630,5660,5755,5795 \ name=5GHz-n-ac secondary-frequency=\ 5170,5190,5230,5270,5310,5510,5550,5590,5630,5660,5755,5795 Clear the entire secondary-frequency and...
by mducharme
Fri Apr 09, 2021 7:07 am
Forum: General
Topic: Multiple packet marks?
Replies: 4
Views: 374

Re: Multiple packet marks?

Would the "mark routing" feature work for this as well? The Mik router has some webservers behind it so I need to be able to differentiate between traffic destined toward regular website visitors and outbound traffic that's supposed to go through the VPN. You have to use mark routing for ...
by mducharme
Fri Apr 09, 2021 6:19 am
Forum: General
Topic: Multiple packet marks?
Replies: 4
Views: 374

Re: Multiple packet marks?

I'm going to have a setup where I have a split-tunnel VPN and a queue tree. The split-tunnel will use mangle rules to mark packets that should get sent through the VPN, but the problem is that the queue tree also uses packet marks for QoS. Is there a way to add multiple marks to a packet/connection...
by mducharme
Fri Apr 09, 2021 6:14 am
Forum: Wireless Networking
Topic: CAPsMAN 5G doesn't work
Replies: 38
Views: 1758

Re: CAPsMAN 5G doesn't work

The spectrum analyzer though, detects some short blips on the primary frequency (it chose 5550/20 and 5660/80 this time) every few seconds. Very faint, very short, kinda semi-randomly spaced in time. I suspect those are probably beacons. MikroTik has never added support for choosing the beacon inte...
by mducharme
Fri Apr 09, 2021 4:30 am
Forum: Wireless Networking
Topic: CAPsMAN 5G doesn't work
Replies: 38
Views: 1758

Re: CAPsMAN 2.5G works, 5G doesn't

It's not a matter of transmitting in the wrong channel/wrong standard. The HackRF + PortaPack photo shows it's not even transmitting AT ALL. It's completely blue (pure noise), whereas any signal should be green. And there's no signal at all except for my neighbours' 5G routers in the lower part of ...
by mducharme
Fri Apr 09, 2021 12:57 am
Forum: Wireless Networking
Topic: CAPsMAN 5G doesn't work
Replies: 38
Views: 1758

Re: CAPsMAN 2.5G works, 5G doesn't

I'm still struggling here. From the screenshots above, your capsman has selected invalid channels. Devices will not generally find these non standard channels. We have had this happen sometimes and the result is that only macbook pros are able to connect up to the wireless on the non standard chann...
by mducharme
Thu Apr 08, 2021 9:10 am
Forum: RouterOS v7 BETA
Topic: intel 710 chipset driver
Replies: 7
Views: 1067

Re: intel 710 chipset driver

I agree - I found this beta to be the first one that was stable enough for me to use for my home network. I would not consider it for any sort of production BGP.
by mducharme
Mon Apr 05, 2021 2:45 am
Forum: Forwarding Protocols
Topic: MPLS - massive throughput difference on CHR when using explicit nulls
Replies: 62
Views: 15307

Re: MPLS - massive throughput difference on CHR when using explicit nulls

I am testing this - I am seeing promising results but still some weird behaviour. When running a TCP btest on a hardware router (1100ahx2) going across an MPLS network to a CHR, I'm seeing full rates for send and receive. When I run the btest on the CHR against the same 1100ahx2 as last, I get full ...
by mducharme
Mon Apr 05, 2021 12:54 am
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36261

Re: v7.1beta5 [development] is released!

My HAP Lite got hard bricked updating via Winbox from v7.1b4 to v7.1b5. The router does not boot any more - the the Power-LED and Ether2 are lit, while Ether1 and Ether4 glow faintly. I tried to install various versions via Netinstall, but even after successfully flashing, the router will not boot....
by mducharme
Mon Apr 05, 2021 12:40 am
Forum: Useful user articles
Topic: Using RouterOS to VLAN your network
Replies: 172
Views: 120037

Re: Using RouterOS to VLAN your network

As an example, here I have created an issue on purpose by setting a port with PVID 99 as statically untagged on VLAN 5:
vlan-issue.JPG
The device on that port will receive untagged packets from both VLANs on egress as a result of this misconfiguration.
by mducharme
Mon Apr 05, 2021 12:29 am
Forum: Useful user articles
Topic: Using RouterOS to VLAN your network
Replies: 172
Views: 120037

Re: Using RouterOS to VLAN your network

@mducharme What if I put in a disclaimer, stating it was unnecessary and handled automatically? This article series is primarily about learning the VLAN concept on MikroTik hardware, not RouterOS syntax. In fact, I try to take a most verbose approach with the syntax to slow everything down and make...
by mducharme
Mon Apr 05, 2021 12:10 am
Forum: Useful user articles
Topic: Using RouterOS to VLAN your network
Replies: 172
Views: 120037

Re: Using RouterOS to VLAN your network

Just to be clear are you saying that the reason setting untagged ports explicitly doesn't do anything because when you add an access port to a vlan by setting its pvid it is automatically added to the vlan table as an untagged port for that vlan. Is that correct? Yes, that is correct - by setting t...
by mducharme
Sun Apr 04, 2021 9:24 am
Forum: Forwarding Protocols
Topic: CHR MPLS on esxi
Replies: 7
Views: 1008

Re: CHR MPLS on esxi

Do you use OSPF on this interface?
Yes, OSPFv2 and OSPFv3. Obviously I had to change the IP MTU on the far side too. In my case it is a /30 so there was only one other device to change the MTU on to get this working.
by mducharme
Sun Apr 04, 2021 6:05 am
Forum: Forwarding Protocols
Topic: CHR MPLS on esxi
Replies: 7
Views: 1008

Re: CHR MPLS on esxi

I just got it activated with a trial and did a bandwidth test. Resulting speeds are just fine - I think they fixed the issue with ESXi performance.
by mducharme
Sun Apr 04, 2021 4:22 am
Forum: Forwarding Protocols
Topic: CHR MPLS on esxi
Replies: 7
Views: 1008

Re: CHR MPLS on esxi

Update: I just increased my IP MTU to 1550 on the VLAN going to the CHR and now VPLS is passing 1500 byte packets without issue.
by mducharme
Sun Apr 04, 2021 3:58 am
Forum: Forwarding Protocols
Topic: CHR MPLS on esxi
Replies: 7
Views: 1008

Re: CHR MPLS on esxi

ESXI 6.5. vSwitch allows to set higher MTU. But it looks like l2mtu is not detected by CHR (shows "0"). mtu is settable. But then the (senseless?) OSPF MTU check jumps in and hinders building neighborship. And it looks like only one OSPF neighbor with different MTU cause problems. Setting...
by mducharme
Thu Apr 01, 2021 3:13 am
Forum: General
Topic: IPSec VTI
Replies: 10
Views: 6751

Re: IPSec VTI

Not to mention that this would allow interop with many other router vendors IPSEC VTI based tunneling solutions. They are adding VTI is my understanding. I think the issue probably is if they add it now, while RouterOS v6 is still being updated, it is much more work for them to manage both code bas...
by mducharme
Wed Mar 31, 2021 10:41 am
Forum: RouterOS v7 BETA
Topic: IPv6 DHCPv6 server?
Replies: 19
Views: 1570

Re: IPv6 DHCPv6 server?

So the vendor sent me a replacement card. It works fine with SLAAC. But I guess they overdid it, it gets a MAC-based address and a bunch of privacy addresses. Yeah, that is a little strange. A UPS shouldn't need privacy addresses under any scenario - they should just have that disabled so it only h...
by mducharme
Tue Mar 30, 2021 12:54 am
Forum: Forwarding Protocols
Topic: EOIP vs VPLS, less packet loss with EOIP?
Replies: 5
Views: 578

Re: EOIP vs VPLS, less packet loss with EOIP?

In this situation, the NVR monitors/reports/records video loss. Its somewhat forgiving, so if its reporting loss, I believe its truly worse than it is. What I would suggest is that, if you are concerned about loss, add a test IP onto both ends of the VPLS tunnel and do a continuous ping from one of...
by mducharme
Mon Mar 29, 2021 11:45 pm
Forum: Forwarding Protocols
Topic: EOIP vs VPLS, less packet loss with EOIP?
Replies: 5
Views: 578

Re: EOIP vs VPLS, less packet loss with EOIP?

How exactly are you monitoring the loss?
by mducharme
Thu Mar 25, 2021 7:33 pm
Forum: Forwarding Protocols
Topic: OSPF bug with IPs containing 255
Replies: 3
Views: 404

Re: OSPF bug with IPs containing 255

Indeed, and I have also escalated this with the ISP, but if it was an ISP issue, why would some of the CCRs work while others don't? (They're all on the same ISP). Also, why would some CCRs see the OSPF neighbors, receive the LSAs, but don't install the routes? If the ISP was blocking traffic with ...
by mducharme
Thu Mar 25, 2021 7:43 am
Forum: RouterOS v7 BETA
Topic: IPv6 DHCPv6 server?
Replies: 19
Views: 1570

Re: IPv6 DHCPv6 server?

I think the reason that Google is pushing this a bit is try to avoid having IPv6 set up in the same way as IPv4 just because it was the way that things were always done. Tons of people also want NAT66 otherwise they don't ever want to use IPv6. It is completely misguided thinking, where they believe...
by mducharme
Thu Mar 25, 2021 7:15 am
Forum: Forwarding Protocols
Topic: /32 blackhole redistribute between bgp instances
Replies: 4
Views: 369

Re: /32 blackhole redistribute between bgp instances

Do you use your normal (external) AS# for Fastnetmon's connection to your router? I'm guessing yes otherwise you need a second instance? Yes we use our external AS for fastnetmon's connection to the router. It works fine. Redistribution of BGP routes from one instance to another becomes much more c...
by mducharme
Thu Mar 25, 2021 7:06 am
Forum: Forwarding Protocols
Topic: /32 blackhole redistribute between bgp instances
Replies: 4
Views: 369

Re: /32 blackhole redistribute between bgp instances

I have fastnetmon setup and upon detection of ddos it sends /32 with 65001:666 via bgp to my CHR, I have FNM setup as a peer with it's own instance but for some reason the route doesn't seem to show when I run /routing bgp advertisements print peer=MYPEER so I'm assuming I have something in the con...
by mducharme
Thu Mar 25, 2021 4:43 am
Forum: RouterOS v7 BETA
Topic: IPv6 DHCPv6 server?
Replies: 19
Views: 1570

Re: IPv6 DHCPv6 server?

About ND-based host tracking, I don't think it can be hooked up to DNS management or even to monitoring with user-friendly names. That's not the case - we have hundreds of linux servers, APs, UPS's, PDU's, switches, etc all on SLAAC. We have to manually create a single DNS record for each, but the ...
by mducharme
Tue Mar 23, 2021 8:24 pm
Forum: RouterOS v7 BETA
Topic: IPv6 DHCPv6 server?
Replies: 19
Views: 1570

Re: IPv6 DHCPv6 server?

The Google engineer makes his case for the best way to track IPv6 address usage by host in RFC 7934 section 9.1:

https://tools.ietf.org/html/rfc7934#page-9
by mducharme
Tue Mar 23, 2021 7:49 pm
Forum: RouterOS v7 BETA
Topic: IPv6 DHCPv6 server?
Replies: 19
Views: 1570

Re: IPv6 DHCPv6 server?

There are other solutions to this problem without bringing stateful DHCPv6 into the mix. We run SLAAC on our internal office network, and the Windows machines joined to Active Directory automatically update the Windows DNS records to include all of the SLAAC IPs used by the system, including the pri...
by mducharme
Tue Mar 23, 2021 8:29 am
Forum: RouterOS v7 BETA
Topic: IPv6 DHCPv6 server?
Replies: 19
Views: 1570

Re: IPv6 DHCPv6 server?

I've tried all permutations of IPv6 configuration options (there are just two: "automatic", and "static IPv6"). I can ping the device over the link-local address, but for some reason it doesn't accept SLAAC. It works over stateful DHCPv6 on OpenWRT. I'll try to upgrade its firmw...
by mducharme
Mon Mar 22, 2021 4:42 am
Forum: RouterOS v7 BETA
Topic: IPv6 DHCPv6 server?
Replies: 19
Views: 1570

Re: IPv6 DHCPv6 server?

It actually doesn't do SLAAC at all, apparently (except obviously for router and DHCPv6 discovery). That is really strange. I've never encountered a device that only supported DHCPv6 client and not SLAAC, and we use many devices. I have seen a few devices where (confusingly) you have to put it in D...
by mducharme
Mon Mar 22, 2021 4:28 am
Forum: Beginner Basics
Topic: Cheapest possible ROS device for wifi extender
Replies: 4
Views: 469

Re: Cheapest possible ROS device for wifi extender

Can someone tell me which Mikrotik device I should use for this? (I found videos saying to connecting devices back to back, but found another comment that a single device could be but bridge and AP_ "Cheapest possible" is not the best thing to be looking for. You can use almost any MikroT...
by mducharme
Mon Mar 22, 2021 1:02 am
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36261

Re: v7.1beta5 [development] is released!

Beta5 doesn't work on my hAP mini - after upgrading the router won't boot. Had to netinstall back to beta4 (netinstall for beta5 did not work, the device would not appear). It works fine on my other devices (mipsbe and arm based).
by mducharme
Sun Mar 21, 2021 10:06 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36261

Re: v7.1beta5 [development] is released!

I tried it using the /routing/id syntax and got the same result. Just to see if it was an issue specific to CHR on Qemu in EVE-NG, I tried the exact same syntax on an RB3011 in my lab and got the same result. Export hangs and i can't export any section of the OSPF config after I add anything to /ro...
by mducharme
Sun Mar 21, 2021 4:35 am
Forum: SwOS
Topic: CRS312-4C+8XG-RM -- Jittery Network Latency During VR Gameplay
Replies: 7
Views: 794

Re: CRS312-4C+8XG-RM -- Jittery Network Latency During VR Gameplay

SWoS v1.11 (Not using v1.12 because it has a bug with 2.5gbps devices)
Have you tried using RouterOS instead of SwOS? The switch supports either. RouterOS has more features and may handle this better than SwOS.
by mducharme
Sun Mar 21, 2021 1:35 am
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36261

Re: v7.1beta5 [development] is released!

What configuration are you using for OSPFv3 ? Whenever I try to add the interface-template, I get a hang on the export similar to the export bug that was just fixed. They have changed the syntax again. router-id for OSPF is now expecting the name of one of the ID's in /routing/id instead of an IP a...
by mducharme
Sat Mar 20, 2021 7:33 pm
Forum: General
Topic: The queues to control bandwidth do not work for me
Replies: 3
Views: 472

Re: The queues to control bandwidth do not work for me

Please help me to control the bandwidth of the clients by IP or by the Interface
Use the method shown here instead of simple queues: https://wiki.mikrotik.com/wiki/Manual:C ... h_Limiting
by mducharme
Sat Mar 20, 2021 5:00 am
Forum: RouterOS v7 BETA
Topic: IPv6 DHCPv6 server?
Replies: 19
Views: 1570

Re: IPv6 DHCPv6 server?

I've several devices that can't really use SLAAC because you need to know their address to connect to them. Some of them are UPS management cards. When you have SLAAC with no privacy extensions, which is the case for most such devices, the SLAAC addresses are essentially static - they won't change....
by mducharme
Sat Mar 20, 2021 2:50 am
Forum: RouterOS v7 BETA
Topic: IPv6 DHCPv6 server?
Replies: 19
Views: 1570

Re: IPv6 DHCPv6 server?

As I understand, RouterOS right now only supports DHCPv6 PD and not the stateful client DHCPv6? It would be nice to support it as well, so that the individual client bindings can be inspected through the console/API. MikroTik did say at one point that they planned to eventually support stateful DHC...
by mducharme
Fri Mar 19, 2021 9:15 am
Forum: RouterOS v7 BETA
Topic: Bug: RouterOS beta 7.1beta4 - RFC3021 - does not route out on a /31 - but accepts traffic from a /31
Replies: 13
Views: 1243

Re: Bug: RouterOS beta 7.1beta4 - RFC3021 - does not route out on a /31 - but accepts traffic from a /31

It says that /31 is not supported, so that people stop asking whether /31 is supported or not. It says /31 is not supported right now - the fact it is on the list suggests that /31 support is potentially intended for a later release. The red boxes on the left have been turning green as we move furt...
by mducharme
Thu Mar 18, 2021 2:21 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36261

Re: v7.1beta5 [development] is released!

OSPFv3 is still broken in beta5 - getting "wrong checksum" from everything, same as in beta4.

Is there any chance of getting RDNSS search list option added? https://tools.ietf.org/html/rfc8106#section-5.2
by mducharme
Thu Mar 18, 2021 2:20 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36261

Re: v7.1beta5 [development] is released!

Thanks for the hint. But I have routerboard "auto-upgrade" set to "yes" for quite some time now - for the exact same reason. The other thing I did was I did not just upgrade - I exported my config to an rsc, upgraded, reset to no default configuration, and pasted it back in. Wit...
by mducharme
Thu Mar 18, 2021 1:32 am
Forum: RouterOS v7 BETA
Topic: v7.1beta5 [development] is released!
Replies: 270
Views: 36261

Re: v7.1beta5 [development] is released!

/tool torch is still excluding all IPv6 traffic. For those having issues with reboots, make sure you upgrade the RouterBOOT firmware. I forgot to do that when going from beta3 to beta4 and my beta4 was spontaneously rebooting once every several hours. Upgrading the RouterBOOT firmware fixed it and m...
by mducharme
Wed Mar 17, 2021 6:58 am
Forum: RouterOS v7 BETA
Topic: Slow IPv6 speeds on v7.1beta4
Replies: 9
Views: 982

Re: Slow IPv6 speeds on v7.1beta4

in general properly structured IPv6 forward filter rules (accept for established/related connections) can speed up things, as there's no filter rules to travel and evaluate, before the packet is admitted for forwarding. so it should be better than the one with 25 FW rules. Yes, but in my experience...
by mducharme
Wed Mar 17, 2021 2:25 am
Forum: General
Topic: H-QoS and RADIUS
Replies: 2
Views: 238

Re: H-QoS and RADIUS

Second - can I attach such "policy" (queue tree) to a PPPoE connection and if I can, how? I didn't find any appropriate radius-attribute in the Mikrotik documentation. You can't do this automatically, you would have to jump through some hoops and script it, and for this type of thing it m...
by mducharme
Mon Mar 15, 2021 1:10 am
Forum: Beginner Basics
Topic: ipv6 package
Replies: 7
Views: 650

Re: ipv6 package

Concluding this means that a setup with activated ipv6 package but with deactivated ipv6 forwarding is almost the same (accept traffic to an from the Mikrotik device) as a setup with deactivated / not installed ipv6 package? Almost, but not quite - activating the IPv6 package on a router that is al...
by mducharme
Sun Mar 14, 2021 12:50 pm
Forum: RouterOS v7 BETA
Topic: Slow IPv6 speeds on v7.1beta4
Replies: 9
Views: 982

Re: Slow IPv6 speeds on v7.1beta4

You don't need a CCR to get decent IPv6 speeds. What I typically do is go to the MikroTik "Test Results" tab for a certain device and look at the "25 ip filter rules", "512 byte" "Mbps" speed. This is a reasonable estimate of the real world performance you can...
by mducharme
Sun Mar 14, 2021 4:30 am
Forum: RouterOS v7 BETA
Topic: v7.1beta4 [development] is released!
Replies: 211
Views: 31159

Re: v7.1beta4 [development] is released!

I found a seeming bug in 7.1beta4 today: Torch is detecting IPv4 traffic only, no IPv6 traffic, regardless of settings.
by mducharme
Sat Mar 13, 2021 1:54 am
Forum: RouterOS v7 BETA
Topic: 7.1beta4: route cache
Replies: 1
Views: 390

Re: 7.1beta4: route cache

Route cache functionality was disabled since Linux 3.6. With this updated Linux release within ROS7, is it still required to enable route cache for Fast Track to work ? There is no more route cache in ROS7. My understanding is that that is why it took so long for ROS7 to come out - they had to rewr...
by mducharme
Fri Mar 12, 2021 9:32 am
Forum: General
Topic: Mikrotik/Cisco GRE Tunnel Establishment [SOLVED]
Replies: 10
Views: 721

Re: Mikrotik/Cisco GRE Tunnel Establishment [SOLVED]

I would agree that the culprit could be the RP filter settings.

I've set up GRE tunnels Cisco<-->MikroTik many times and it has always just worked without a lot of fuss. Something has to be weird about this configuration.
by mducharme
Fri Mar 12, 2021 9:28 am
Forum: RouterOS v7 BETA
Topic: Bug: RouterOS beta 7.1beta4 - RFC3021 - does not route out on a /31 - but accepts traffic from a /31
Replies: 13
Views: 1243

Re: Bug: RouterOS beta 7.1beta4 - RFC3021 - does not route out on a /31 - but accepts traffic from a /31

/127 is different topic (completely unrelated to RFC3021), and BTW /127 is suppoerted and works in ROSv7 It is great that /127 is supported, I assumed it would be in the same boat as /31. I did know they are separate RfC's but they have a similar purpose, so I wouldn't say it is "completely un...
by mducharme
Thu Mar 11, 2021 3:15 am
Forum: RouterOS v7 BETA
Topic: Bug: RouterOS beta 7.1beta4 - RFC3021 - does not route out on a /31 - but accepts traffic from a /31
Replies: 13
Views: 1243

Re: Bug: RouterOS beta 7.1beta4 - RFC3021 - does not route out on a /31 - but accepts traffic from a /31

Can you support it in v7 please? :) Since it's supported (works) one way already :) Yes, we would like to see this and /127 supported as well. MikroTik says no need because we have /32 but /31 and /127 are so standard in terms of router support, it makes MikroTik seem like the odd ones out if they ...
by mducharme
Thu Mar 11, 2021 2:36 am
Forum: Forwarding Protocols
Topic: OSPF force gateway from BGP
Replies: 2
Views: 279

Re: OSPF force gateway from BGP

Hope this makes sense - and happy to learn of some possible solutions.
This might be a solution for you:

https://www.computerweekly.com/tip/Scal ... n-the-edge

The article is old but the information is still correct.
by mducharme
Tue Mar 09, 2021 4:51 am
Forum: RouterOS v7 BETA
Topic: Wireguard?!?!?!?!
Replies: 5
Views: 1041

Re: Wireguard?!?!?!?!

Tested with windows wireguard client since ya know, logging isn't needed for Tik's. Handshake fails on the client, the Tik see's the packets coming in but has an unknown(0) for out interface. Seems the Tik doesn't know what to do with the wireguard packets. I have an SSTP tunnel up on the CHR and i...
by mducharme
Mon Mar 08, 2021 9:26 pm
Forum: RouterOS v7 BETA
Topic: Wireguard?!?!?!?!
Replies: 5
Views: 1041

Re: Wireguard with dual WAN - Routing?!?!?!

/routing table add name=ether1 /ip mangle add action=mark-routing chain=prerouting in-interface=ether1 passthrough=no /ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=70.39.67.49 routing-table=ether1 scope=30 target-scope=10 This is the mangle config on my CHR which yeah does noth...
by mducharme
Mon Mar 08, 2021 7:23 am
Forum: RouterOS v7 BETA
Topic: Feature Request: IS-IS
Replies: 4
Views: 1256

Re: Feature Request: IS-IS

I don't know what's wrong with mikrotik their ospf doesn't work well with huawei or VyOS at times. The new OSPF is a complete rewrite. I would like to see IS-IS too eventually but a properly working OSPF is more important to me. Especially OSPFv3 on RouterOS v6 really does not work properly. If the...
by mducharme
Sat Mar 06, 2021 3:44 am
Forum: General
Topic: Can't get IPv6 SLAAC on router under another router
Replies: 4
Views: 457

Re: Can't get DHCPv6 on router under another router

I'm not using DHCPv6. Don't know why, but there is no output to ipv6 nd export . You may want to edit your screenshot, you forgot to erase the IPv6 address in the title bar. You will find the answers here: https://forum.mikrotik.com/viewtopic.php?p=798589#p798589 and here: https://forum.mikrotik.co...
by mducharme
Fri Mar 05, 2021 2:01 am
Forum: RouterOS v7 BETA
Topic: v7.1beta4 [development] is released!
Replies: 211
Views: 31159

Re: v7.1beta4 [development] is released!

Oh yeah! The same. Recently I found the root of my problems of wrong traffic routing and IPsec issues, which I experienced for 2 months with no resolution from support's side. Totally broken bridge's "Use IP Firewall" mode. The support already informed, but fixes are not there yet. Depend...
by mducharme
Mon Mar 01, 2021 8:31 am
Forum: General
Topic: How to advertise dynamic ipv6 prefix recieved from dhcpv6
Replies: 8
Views: 544

Re: How to advertise dynamic ipv6 prefix recieved from dhcpv6

Yes I did it, and now I have found what was the problem. I have to uncheck "Advertise DNS" from RA as well.
You can leave "Advertise DNS" checked in RA in most cases, but you have to enable "Other configuration".
by mducharme
Mon Mar 01, 2021 5:10 am
Forum: General
Topic: How to advertise dynamic ipv6 prefix recieved from dhcpv6
Replies: 8
Views: 544

Re: How to advertise dynamic ipv6 prefix recieved from dhcpv6

Thank you for this advice, it works!
But I still need DHCPv6, because I need to point LAN clients to my own DNS...
You can add DHCPv6 server on the interface with no pool set, it will provide DNS.
by mducharme
Mon Mar 01, 2021 3:12 am
Forum: Announcements
Topic: v6.48.1 [stable] is released!
Replies: 121
Views: 29794

Re: LLDP-MED behavior

But when you reboot the phone, until ROS loses neighbor information (the phone is still present in neighbor cache), ROS does not respond to LLDP-MED probe immediately, instead it is sending LLDP frame every minute. As the phone does not see immediate reponse (in a few seconds) to the LLDP-MED probe...
by mducharme
Fri Feb 26, 2021 9:24 am
Forum: RouterOS v7 BETA
Topic: v7.1beta4 [development] is released!
Replies: 211
Views: 31159

Re: v7.1beta4 [development] is released!

This thread is for v7betas, not v6!
Yes, sorry, I meant the following:

Some of the new features from 6.48.x are not yet present in 7.1beta4 (ex. LLDP-MED Voice VLAN) - any idea when those will be available?
by mducharme
Thu Feb 25, 2021 9:18 am
Forum: RouterOS v7 BETA
Topic: v7.1beta4 [development] is released!
Replies: 211
Views: 31159

Re: v7.1beta4 [development] is released!

Some of the new features from 6.48.x are not yet present in 7.1beta4 (ex. LLDP-MED Voice VLAN) - any idea when those will be available?
by mducharme
Thu Feb 25, 2021 7:20 am
Forum: RouterOS v7 BETA
Topic: Request: Better visibility regarding SLAAC in V7
Replies: 9
Views: 2454

Re: Request: Better visibility regarding SLAAC in V7

Can you share a ticket ID, so I can +1 this?
It was Ticket# 2018052922002772 but that was from their old OTRS system. They have since moved to JIRA.
by mducharme
Thu Feb 25, 2021 7:06 am
Forum: RouterOS v7 BETA
Topic: Wireguard tunnel internet traffic issues
Replies: 5
Views: 950

Re: Wireguard tunnel internet traffic issues

I think the problem is gateway=WG1 in your ip route - you can only set gateway to an interface if it is a PPP interface. For any other interface type it must be an IP address.
by mducharme
Sun Feb 21, 2021 2:39 am
Forum: RouterOS v7 BETA
Topic: OSPFv3 and RIPng
Replies: 2
Views: 376

Re: OSPFv3 and RIPng

OSPFv3 results in the following in the log:
OspfInterface { { *2 0.0.0.0 0 0.0.0.0 } Point-to-Point PtP-unnumbered } wrong checksum from fe80::4a8f:5aff:fec9:cea1%*2
Yup, I get wrong checksum for everything too. Haven't found a solution yet.
by mducharme
Fri Feb 19, 2021 11:13 pm
Forum: General
Topic: Mikrotik <> Softether site2site (L2TP/ipsec)
Replies: 4
Views: 409

Re: Mikrotik <> Softether site2site (L2TP/ipsec)

That's the thing, softether, AFAIK has one place to declare routes, that are only shared via the DHCP.
Then you probably just cannot use SoftEther for this use case. Run MikroTik CHR virtual machine in Azure instead.
by mducharme
Wed Feb 17, 2021 4:01 am
Forum: General
Topic: Mikrotik <> Softether site2site (L2TP/ipsec)
Replies: 4
Views: 409

Re: Mikrotik <> Softether site2site (L2TP/ipsec)

There i mention my strugles, but no i want to focus on my probable incompetency on the mikrotik side (since its "working worse" than the softether <> softether setup i tried before). I've used softether before, but not with MikroTik. The issue is probably actually on the softether side - ...
by mducharme
Mon Feb 15, 2021 1:35 am
Forum: General
Topic: DHCP Offering Lease Without Success
Replies: 77
Views: 43526

Re: DHCP Offering Lease Without Success

Site was stable for a few days but I noticed the message again today in the logs even though all APs bridge protocol was set to none. Again I toggled the bridge for the particular AP, this time from none to STP, a few seconds later the device fully connected. So the 'none' setting on the APs bridge...
by mducharme
Sat Feb 13, 2021 9:43 pm
Forum: RouterOS v7 BETA
Topic: RouterOS 7.1beta4 -- /routing ospf interface - cannot add interface
Replies: 1
Views: 449

Re: RouterOS 7.1beta4 -- /routing ospf interface - cannot add interface

There are no add commands under interface. Interface-template does work. The instructions are outdated. In 7beta3 the interface menu was renamed to interface-template and the interface-status menu was renamed to interface, presumably to better match the BGP configuration. Wherever you see "/ro...
by mducharme
Sat Feb 13, 2021 9:29 pm
Forum: RouterOS v7 BETA
Topic: Bricked hAP AC2 after flashing 7.1beta4
Replies: 4
Views: 818

Re: Bricked hAP AC2 after flashing 7.1beta4

Thanks for reply, all VMs interfaces disabled (Ewen other hardware NICs like WLAN etc.) After 25 minutes of waiting still no result. Firewall disabled but shouldn't make any difference since winbox and netinstall are working on lower level. https://i.imgur.com/8aadW30.png I can't read the language,...
by mducharme
Fri Feb 12, 2021 11:12 pm
Forum: General
Topic: PPPoE Server and Queues
Replies: 1
Views: 207

Re: PPPoE Server and Queues

We are using RED, we find it performs the best for this application. We will probably switch to codel in v7.
by mducharme
Sat Feb 06, 2021 10:15 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta4 [development] is released!
Replies: 211
Views: 31159

Re: v7.1beta4 [development] is released!

Does wifiwave2 have bridging support yet? I tried it on my audience in beta3 a few months ago and it seemed to work, but the issue was that I need to use the 5GHz uplink radio on the audience to get back to my main router and this bridging did not work (no equivalent of station bridge or wds).
by mducharme
Fri Feb 05, 2021 10:50 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta4 [development] is released!
Replies: 211
Views: 31159

Re: v7.1beta4 [development] is released!

EoIP is still not working with keepalive enabled.
by mducharme
Wed Feb 03, 2021 10:50 am
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 324
Views: 68959

Re: v6.48 [stable] is released!

roadblock Does the developer Team fell into wintersleep? I'm wondering if perhaps they do not intend to release a 6.49 (moving to v7 instead as the next stable release after 6.48) and their existing build process is forcing them to release a 6.49 beta X in order to add the fixes to 6.48, like they ...
by mducharme
Sat Jan 30, 2021 3:28 am
Forum: RouterOS v7 BETA
Topic: Feature Request: Bridge Joiner
Replies: 11
Views: 1422

Re: Feature Request: Bridge Joiner

I have a similar use case that this would work for. We do rate limiting for VPLS tunnels with interface attached queue trees on the bridge ports, which only shape egress. If a multiple outbound VPLS tunnels are connecting to a single bridge at a customer location in PtMP fashion, I would like to be ...
by mducharme
Tue Jan 26, 2021 1:43 am
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 46253

Re: v7.1beta3 [development] is released!

We would like to see /31 support as well. /32 works for quite a few things, but /31 support is a long established RfC and it is generally expected that most modern day routers will support it.
by mducharme
Thu Jan 21, 2021 2:05 am
Forum: General
Topic: IPv6 DNS via DHCP6
Replies: 1
Views: 199

Re: IPv6 DNS via DHCP6

Am I missing something? I wish ND would let me override what it's going to send out, it works perfectly.
You have to enable the "other" flag in the ND settings in order for the devices to know to request the DNS servers via DHCPv6.
by mducharme
Tue Jan 12, 2021 4:41 am
Forum: Beginner Basics
Topic: How to use VLANs to isolate clients and route single public IP from subnet over it? [SOLVED]
Replies: 8
Views: 627

Re: How to use VLANs to isolate clients and route single public IP from subnet over it? [SOLVED]

I think probably what you need to do is delete the routes you have created, and instead add the address multiple times, as follows: /ip address add address=10.1.0.1 interface=VLAN102 network=10.1.0.2 add address=10.1.0.1 interface=VLAN103 network=10.1.0.3 Each time the "network" would be c...
by mducharme
Tue Jan 12, 2021 4:35 am
Forum: Beginner Basics
Topic: How to use VLANs to isolate clients and route single public IP from subnet over it? [SOLVED]
Replies: 8
Views: 627

Re: How to use VLANs to isolate clients and route single public IP from subnet over it? [SOLVED]

The "subnet" is only routed by the ISP I get the IP addresses from, internally I dont want to use it as a subnet. The IPs are from the subnet, but are used as single IPs. I hope you understand what I mean. Sorry, looked at your example a little more closely. This isn't really a "begi...
by mducharme
Tue Jan 12, 2021 3:37 am
Forum: Beginner Basics
Topic: How to use VLANs to isolate clients and route single public IP from subnet over it? [SOLVED]
Replies: 8
Views: 627

Re: How to use VLANs to isolate clients and route single public IP from subnet over it? [SOLVED]

The problem is that when i try to set it up the same way as the Debian based machine (create VLAN interfaces as subinterface of ether2, assign IPs to ether2, add routes) ARP requests for 10.1.0.1 from the VMs (to RouterOS) wont get answered by RouterOS. I then have tried wild combinations of IP ass...
by mducharme
Mon Jan 11, 2021 3:28 am
Forum: Beginner Basics
Topic: Putting more information into router advertisement packets?
Replies: 24
Views: 1446

Re: Putting more information into router advertisement packets?

Putting the router itself into IP->DNS is a bad idea - we tried it to see what would happen and it broke things. For the routers that we provide to our retail customers, we hand out the DNS via DHCPv6 options. To avoid the problem of the customer prefix from changing affecting the DNS IP to hand to ...
by mducharme
Sat Jan 09, 2021 7:49 pm
Forum: Beginner Basics
Topic: Putting more information into router advertisement packets?
Replies: 24
Views: 1446

Re: Putting more information into router advertisement packets?

7.1beta has support for DNS in RA, until then use DHCPv6 option 23
Glad to see they finally implemented that, but it is missing the DNS search list option.
by mducharme
Thu Jan 07, 2021 6:48 am
Forum: Beginner Basics
Topic: IPv6 Firewall
Replies: 22
Views: 1438

Re: IPv6 Firewall

It is strange however, that on Debian 10, when `iptables -L` has no rules (default configuration after installation), the output of `conntrack -L` is empty. On CentOS 7, I run iptables -L and get this: [root@srv /]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FO...
by mducharme
Thu Jan 07, 2021 6:32 am
Forum: RouterOS v7 BETA
Topic: IPv6 Radius Accounting Not Working for PPPOE Clients (Delegated Prefix)
Replies: 32
Views: 5655

Re: IPv6 Radius Accounting Not Working for PPPOE Clients (Delegated Prefix)

I think limiting the clients with the PPPOE usernames limits the clients to the Cap specified on the dynamic Queues by radius both for v4 & v6. Yes, limits have always been working, that is not the problem. The issue is tracking the prefix that the customer receives, which is often a legal requ...
by mducharme
Wed Jan 06, 2021 6:03 am
Forum: Beginner Basics
Topic: IPv6 Firewall
Replies: 22
Views: 1438

Re: IPv6 Firewall

Is this a MikroTik feature or a generic Linux iptables feature? Connection tracking is part of iptables. My experience with Linux suggests that connections are tracked even if there are no iptables rules, so Linux uses what MikroTik calls the "on" setting instead of the "auto" s...
by mducharme
Wed Jan 06, 2021 4:57 am
Forum: Beginner Basics
Topic: IPv6 Firewall
Replies: 22
Views: 1438

Re: IPv6 Firewall

There is no explicit rule to create firewall state based on outgoing packets, and nevertheless state is created and return traffic via sit1 is being permitted. Where exactly is the state created in this example? Connection state tracking happens by default on "auto" when there is at least...
by mducharme
Mon Jan 04, 2021 8:46 am
Forum: RouterOS v7 BETA
Topic: Segment Routing and IS-IS
Replies: 18
Views: 2552

Re: Segment Routing and IS-IS

+1

However, I also do want to see RouterOS v7 stabilized. I would be thrilled if we could move our core BGP routers to ROS 7 in a years time or so. We need working MPLS first for that, and for the existing routing stack to have stabilized enough.
by mducharme
Mon Jan 04, 2021 3:47 am
Forum: General
Topic: WPA3 on existing Mikrotik routers/APs [SOLVED]
Replies: 23
Views: 21359

Re: WPA3 on existing Mikrotik routers/APs [SOLVED]

Hi. I wonder, the wave2 driver is installed by default in 7.1.beta3 or do I have to activate it in some way?
I just read that it says "cli only" and I don't see wpa3 options
It is an optional package.. you have to download the all packages.zip file and you'll find it in there.
by mducharme
Sat Jan 02, 2021 3:19 am
Forum: General
Topic: VLANs, CAPsMAN and the case of the missing DHCP
Replies: 3
Views: 377

Re: VLANs, CAPsMAN and the case of the missing DHCP

Bump.

Can anyone offer any advice, please?
ether2 needs to be set as tagged for vlan 10, 20 and 30, along with the bridge itself.

There is no point in setting untagged= for any VLANs in your case, it doesn't do anything.
by mducharme
Sat Jan 02, 2021 2:49 am
Forum: Beginner Basics
Topic: Best method to clean the Router.
Replies: 11
Views: 1442

Re: Best method to clean the Router.

I came to this thread wondering whether people were going to suggest simply wiping it off with a damp cloth, soap and water, or some kind of disinfecting cloth, and wound up being mildly disappointed. ;)
by mducharme
Thu Dec 31, 2020 8:22 pm
Forum: General
Topic: Trying to get IPV6 working with RouterOS 6.48
Replies: 7
Views: 778

Re: Trying to get IPV6 working with RouterOS 6.48

As mentioned, I'm able to get a prefix from using DHCPv6 Client and assign an IP to the bridge interface. This allows my clients to receive an IP address using SLAAC but I can't get past the hEX in the traceroute but I can ping public resources from hEX and correctly traceroute them. In the tracero...
by mducharme
Thu Dec 31, 2020 5:44 am
Forum: General
Topic: Trying to get IPV6 working with RouterOS 6.48
Replies: 7
Views: 778

Re: Trying to get IPV6 working with RouterOS 6.48

If I enable the the DHCPv6 Client in RouterOS I'm able to get a /64 prefix from the modem. I tried setting other Pool Prefix Lengths like a /60 and a ::/60 prefix hint but I always get a /64 prefix from the modem. Would that still be usable? Yes, if it does that, it will be usable - the only downsi...
by mducharme
Thu Dec 31, 2020 5:35 am
Forum: The User Manager
Topic: User Manager as simple RADIUS server
Replies: 1
Views: 518

Re: User Manager as simple RADIUS server

Is this correct, or does User Manager can be used as a simple RADIUS server for any device? I have a small home/lab network and my AP is an Aruba Instant ON model. I'd be happy (for now) with only the user/password authentication functionality. User Manager can be used as a RADIUS server for other ...
by mducharme
Thu Dec 31, 2020 5:09 am
Forum: General
Topic: Trying to get IPV6 working with RouterOS 6.48
Replies: 7
Views: 778

Re: Trying to get IPV6 working with RouterOS 6.48

My fiber ISP has a modem which can only do Routing (no bridge mode). If they don't do bridge mode, the only way this will work is if their modem acts as a DHCPv6-PD server, and you can request a prefix from it by configuring a DHCPv6-PD client on the MikroTik. Unfortunately, it is most likely that ...
by mducharme
Thu Dec 31, 2020 4:53 am
Forum: RouterOS v7 BETA
Topic: v7 Dynamic routing using IPv6 and OSPFv3/BGP with examples
Replies: 1
Views: 848

Re: v7 Dynamic routing using IPv6 and OSPFv3/BGP with examples

I've been working on a lab for ROSv7 to provide examples for IPv6 config with OSPF and BGP. Details are in the blog post. Hope it's helpful! It is helpful, but actually the syntax has changed drastically between beta2 and beta3, so a lot of what you have has to be adjusted quite a bit for beta3 (un...
by mducharme
Tue Dec 29, 2020 3:43 am
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 324
Views: 68959

Re: v6.48 [stable] is released!

Another issue - the bridging by default forwards LLDP frames from other devices. The issue is that if the VoIP phone receives one of these (and mine has), it will flap back to untagged VLAN since the other device's LLDP frame is missing the LLDP-MED Network Policy VLAN. IMO, it would be ideal if the...
by mducharme
Tue Dec 29, 2020 2:57 am
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 324
Views: 68959

Re: v6.48 [stable] is released!

One further update: If I create a second VLAN on the bridge, the phone starts flapping again between untagged and voice vlan tagged. It appears that once it is on the voice vlan, it starts to process any VLAN tagged LLDP packets, even those that are for a completely unrelated VLAN (i.e. it is ignori...
by mducharme
Tue Dec 29, 2020 2:17 am
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 324
Views: 68959

Re: v6.48 [stable] is released!

It is a rather simple setup - just an RB4011 with the phone plugged in to one of the ports, no bridge VLAN filtering used, and a voice VLAN on the bridge. Update - I figured out the issue. Every minute or so, the router was sending out an LLDP packet to the phone on both the bridge itself (untagged...
by mducharme
Tue Dec 29, 2020 1:12 am
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 324
Views: 68959

Re: v6.48 [stable] is released!

Has anybody tried the LLDP-MED support yet? The only device I have to test with at home is an old antique Cisco 7941 phone, and although it gets the VLAN ID through LLDP-MED, after it connects to the voice VLAN and gets an IP there, it goes back to the main VLAN, then proceeds to flap back and forth...
by mducharme
Mon Dec 28, 2020 11:01 pm
Forum: General
Topic: Feature Request: IPv6 NAT66 Support
Replies: 44
Views: 13056

Re: Feature Request: IPv6 NAT66 Support

The way forward is to slowly fix current mess. But really fix what's broken, not create workarounds that allow broken stuff to work. If home routers can't deal with larger prefix, then they are broken and users should get their money back. If ISPs give out single /64s to accomodate broken routers, ...
by mducharme
Mon Dec 28, 2020 3:30 am
Forum: General
Topic: Feature Request: IPv6 NAT66 Support
Replies: 44
Views: 13056

Re: Feature Request: IPv6 NAT66 Support

My useless ISP gives only a single /64, you can imagine trying to subnet that. I'm moving to VyOS as soon as I can as they support NPTv6 natively. Have you tried setting your DHCPv6 client to ask for a /60 or /56 in the prefix hint? I did that when I was first messing around with IPv6 a few years a...
by mducharme
Fri Dec 25, 2020 9:24 pm
Forum: Wireless Networking
Topic: Inconsistent speed HAP AC2 vs HAP Lite
Replies: 35
Views: 2680

Re: Inconsistent speed HAP AC2 vs HAP Lite

A setting suggestion I would have, if you don't already have it, is to try enabling "adaptive noise immunity" on the CAP device itself. This is done through the advanced tab of the wireless interface. You will have to temporarily switch off the CAP functionality in order to change this set...
by mducharme
Fri Dec 25, 2020 8:51 pm
Forum: Wireless Networking
Topic: Inconsistent speed HAP AC2 vs HAP Lite
Replies: 35
Views: 2680

Re: Inconsistent speed HAP AC2 vs HAP Lite

/caps-man channel add band=2ghz-onlyn extension-channel=Ce frequency=2452 name=channels-laci-2.4 /caps-man datapath add bridge=bridge l2mtu=1600 local-forwarding=yes mtu=1500 name=datapath-caps-laci /caps-man rates add basic=12Mbps name=rates-laci-2.4 supported=12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54...
by mducharme
Fri Dec 25, 2020 1:00 am
Forum: Wireless Networking
Topic: Inconsistent speed HAP AC2 vs HAP Lite
Replies: 35
Views: 2680

Re: Inconsistent speed HAP AC2 vs HAP Lite

I'm also not saying that this is a bad device in any way. For this amount of money, it can do fantastic things. I'm just saying that not showing such important limitations is bad practice. Make sure you are using local forwarding, not CAPsMAN forwarding. You will get the highest data rate with loca...
by mducharme
Thu Dec 24, 2020 9:43 am
Forum: General
Topic: Feature Request: IPv6 NAT66 Support
Replies: 44
Views: 13056

Re: Feature Request: IPv6 NAT66 Support

On IPv6 I generally avoid NAT but see the need for NPT. However, I do actually agree that in a few corner cases NAT66 can be helpful. I would never use it to NAT users, but in one case I am using NAT66 port forward for a RADIUS IP to avoid having to manually add dozens of clients as RADIUS clients. ...
by mducharme
Thu Dec 24, 2020 2:42 am
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 324
Views: 68959

Re: v6.48 [stable] is released!

*) tr069-client - send correct "ConnectionRequestURL" when using IPv6; I am a bit puzzled by this fix as even though our clients are mostly dual stack, and our ACS URL has both A and AAAA records and is listening on IPv4 and IPv6, I've never seen the clients ever attempt to connect to the...
by mducharme
Thu Dec 24, 2020 2:27 am
Forum: Announcements
Topic: v6.48 [stable] is released!
Replies: 324
Views: 68959

Re: v6.48 [stable] is released!

What has changed in the defaults for user groups and neighbor discovery?
I'm not sure about neighbor discovery, but in user groups it appears that the group "full" does not have the "dude" policy enabled by default.
by mducharme
Sun Dec 20, 2020 12:03 am
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 46253

Re: v7.1beta3 [development] is released!

Something strange is happening when 7.1beta3 is used as a client in WG and the remote peer uses a domain in "endpoint-address". The tunnel will appear dead (0bps, 0pps) after reboot. Disabling the interface and enabling it again does nothing. Attempting ping to that hostname from the rout...
by mducharme
Sat Dec 19, 2020 10:51 pm
Forum: Beginner Basics
Topic: Routing between bridge interfaces - masquerade required or not?
Replies: 17
Views: 1436

Re: Routing between bridge interfaces - masquerade required or not?

There is this bit:

/interface bridge settings
set allow-fast-path=no use-ip-firewall=yes use-ip-firewall-for-pppoe=yes

If you don't need to have those set to "yes", I would recommend changing them to "no" (the default).
by mducharme
Sat Dec 19, 2020 7:50 am
Forum: Beginner Basics
Topic: Routing between bridge interfaces - masquerade required or not?
Replies: 17
Views: 1436

Re: Routing between bridge interfaces - masquerade required or not?

and my bridge config:
Can you export your full config with export hide-sensitive?
by mducharme
Sat Dec 19, 2020 6:55 am
Forum: Beginner Basics
Topic: Routing between bridge interfaces - masquerade required or not?
Replies: 17
Views: 1436

Re: Routing between bridge interfaces - masquerade required or not?

"I tried to print it out but that did not work, interface list print did not work for me, it showed the list names but dit not print the interface names."
You need to run "interface list member print" to see the memberships.
by mducharme
Sat Dec 19, 2020 6:30 am
Forum: Beginner Basics
Topic: Routing between bridge interfaces - masquerade required or not?
Replies: 17
Views: 1436

Re: Routing between bridge interfaces - masquerade required or not?

I am connected to ap10 and cannot ping a device on ap9, e.g. 192.168.1.3. I can ping the ap9 interface though (192.168.1.2.2). This behavior will be normal with the default firewall. You'll have to add the other two bridges to the Interface List named "LAN" if you want to be able to ping ...
by mducharme
Sat Dec 19, 2020 6:20 am
Forum: Beginner Basics
Topic: Routing between bridge interfaces - masquerade required or not?
Replies: 17
Views: 1436

Re: Routing between bridge interfaces - masquerade required or not?

What else can be done to fix this problem, or is NAT required?
Your firewall must have been configured to block the traffic between VLANs, given your description. The factory default MikroTik firewall should not do this, but you might have modified it.
by mducharme
Fri Dec 18, 2020 5:14 am
Forum: Announcements
Topic: v6.48rc [testing] is released!
Replies: 18
Views: 5546

Re: v6.48rc [testing] is released!

Should be fixed in the next build. For Delegated-IPv6-Prefix - any chance of adding the feature address-change-immediate-update like in Juniper? https://kb.juniper.net/InfoCenter/index?page=content&id=KB31659 You already are doing RADIUS accounting for the DHCPv6-PD session for a PPPoE tunnel, ...
by mducharme
Fri Dec 18, 2020 4:25 am
Forum: RouterOS v7 BETA
Topic: hAP lite 100% CPU on default config, frequent lock-ups since first ros7 beta
Replies: 2
Views: 683

Re: hAP lite 100% CPU on default config, frequent lock-ups since first ros7 beta

I have performed hard-reset, unplugged a cable from WAN port. And only after booting it up and waiting for ~3minutes i have managed to access my router to look at the tool->profile (see attachment below). After another 5 minutes CPU load lowered to 4%, then I have updated a firmware and rebooted. A...
by mducharme
Fri Dec 18, 2020 2:04 am
Forum: The User Manager
Topic: Hotspot login page does not load automatically
Replies: 5
Views: 13727

Re: Hotspot login page does not load automatically

See my config below:
This line might be your problem:
/ip hotspot walled-garden
add action=allow comment="place hotspot rules here" disabled=no !dst-host dst-port="" !method !path !server !src-address
by mducharme
Thu Dec 17, 2020 9:26 pm
Forum: Forwarding Protocols
Topic: OSPFv3 + PPPoE + area stub [SOLVED]
Replies: 2
Views: 585

Re: OSPFv3 + PPPoE + area stub [SOLVED]

Hello everyone! I can't summarize routes in ospfv3 in a simple way like ospfv2, does anyone have any howto that really works that they can share? Thank you all! What you can do is add the IPv6 supernet that all of your PPPoE customers are in on a loopback bridge, give the loopback bridge the last a...
by mducharme
Wed Dec 16, 2020 6:24 am
Forum: General
Topic: Is there a reason posting is disabled in the announcements? IE software feedback
Replies: 4
Views: 719

Re: Is there a reason posting is disabled in the announcements? IE software feedback

I cannot post a reply either for that topic. I suspect it was a mistake.
by mducharme
Tue Dec 15, 2020 5:58 am
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 46253

Re: v7.1beta3 [development] is released!

Hello! It is not clear to me if wave2 will finally reach my mikrotik rb4011. They said they were experimental packages and that old devices would not be supported. I misunderstood? Yes, I think this is mostly their beta testing for WiFi 6 (802.11ax). However, since the current wave2 beta test packa...
by mducharme
Tue Dec 15, 2020 3:33 am
Forum: General
Topic: Hotspot Apple Login Page HELP!
Replies: 34
Views: 7344

Re: Hotspot Apple Login Page HELP!

Hello, the customer also has access to their router, so maybe there is something wrong with the config. This problem ONLY happens with iOS 14 clients. Everything else is fine. Funny thing, we only have the one customer with this issue. Thanks. Hi, As normis explained, the devices try to fetch the c...
by mducharme
Tue Dec 15, 2020 3:01 am
Forum: General
Topic: Hotspot Apple Login Page HELP!
Replies: 34
Views: 7344

Re: Hotspot Apple Login Page HELP!

I appreciate that. However the client does not want their config posted. We have setup a ton of Hotspot Managers, I was just hoping someone else knew of the existing iOS14 issues. Hi, There are no "existing iOS14 issues". I've tested iOS 14 clients and have zero issues with them seeing th...
by mducharme
Mon Dec 14, 2020 10:47 pm
Forum: General
Topic: Hotspot Apple Login Page HELP!
Replies: 34
Views: 7344

Re: Hotspot Apple Login Page HELP!

OK, do I email to support@mikrotik.com?
Thank you.
Post it here, if you want to get feedback.
by mducharme
Mon Dec 14, 2020 10:11 pm
Forum: General
Topic: Hotspot Apple Login Page HELP!
Replies: 34
Views: 7344

Re: Hotspot Apple Login Page HELP!

Hey Normis, do you have any other suggestions? Thank you.
Export the full config of the device with hide-sensitive.
by mducharme
Mon Dec 14, 2020 8:44 pm
Forum: General
Topic: Queue tree not working as expected
Replies: 42
Views: 2582

Re: Queue tree not working as expected

As I told earlier, my end goal is to prioritize all TCP traffic. Anything that I put into limit-at will be given. Even if it is not used. If you try to put all TCP traffic into a tree, then it is easy to see that the more limit-at values you give, the more bandwidth you will loose for the leaf queu...
by mducharme
Mon Dec 14, 2020 8:36 pm
Forum: General
Topic: Queue tree not working as expected
Replies: 42
Views: 2582

Re: Queue tree not working as expected

Well, I had two simple main goals. Being able to use the full bandwidth was one of them. In my case, my home service ISP (a large cable provider) always provides a bit more than the maximum, and doing speed tests at peak times has never given me less than the maximum. As a result, in my case, I'm a...
by mducharme
Mon Dec 14, 2020 8:33 pm
Forum: General
Topic: RB750Gr3 with a Bluecave as an AP for wireless
Replies: 3
Views: 351

Re: RB750Gr3 with a Bluecave as an AP for wireless

** I would sure like to hear back from someone with an idea of what could be causing this.**
Is there a reason you have add-arp=yes for the DHCP server? What if you change that to no?
by mducharme
Mon Dec 14, 2020 8:21 pm
Forum: General
Topic: Queue tree not working as expected
Replies: 42
Views: 2582

Re: Queue tree not working as expected

* Prioritization will not work correctly if your actual limit is less than the theorietical (given in limit-at) * The actual limit is and will always be different from the theoretical limit. Here is the conclusion: prioritization does not work with WAN connections. After putting so much work into t...
by mducharme
Mon Dec 14, 2020 8:04 pm
Forum: General
Topic: Queue tree not working as expected
Replies: 42
Views: 2582

Re: Queue tree not working as expected

1. allow full available bandwidth flow through the queue tree 2. when there is not enough bandwidth, then distribute it between leaf nodes with given ratios I just don't know how to express this with queue trees. For #2, that is what limit-at is for, basically. You will get closer to the results yo...
by mducharme
Mon Dec 14, 2020 7:43 pm
Forum: RouterOS v7 BETA
Topic: Feature Request: L2 transport
Replies: 1
Views: 491

Re: Feature Request: L2 transport

Do you have any plans for better L2 transport options in ROS v7 ?
They have implemented VXLAN already, so this is an option.
by mducharme
Mon Dec 14, 2020 7:37 pm
Forum: General
Topic: Queue tree not working as expected
Replies: 42
Views: 2582

Re: Queue tree not working as expected

Test results: * Server1 got 343 Mbps * Server2 got 4.6Mbps * Meanwhile, CPU was 28% occupied. This board has 2 CPUs, so even the CPU power was more than enough. Those results are absolutely correct given your settings and are what you should have reached. I'm afraid you have a misunderstanding of t...
by mducharme
Mon Dec 14, 2020 2:57 am
Forum: General
Topic: Queue tree not working as expected
Replies: 42
Views: 2582

Re: Queue tree not working as expected

I was using bridge filters to mark packets, had only changed queue settings. I wasnt worried about his connection/marking. I figured he had that worked out. The queuing was the oddity. MPLS is pretty much the only time I use bridge filters to mark packets, or possibly if I wanted to do QoS on bridg...
by mducharme
Mon Dec 14, 2020 2:19 am
Forum: General
Topic: Queue tree not working as expected
Replies: 42
Views: 2582

Re: Queue tree not working as expected

I would add that once you start mixing connection marks and packet marks, it starts to get quite easy to have a logic error where packets end up getting marked in unexpected ways, or do not get marked at all. In such cases it makes sense to start with a really simple mark-packet mangle rule like I t...
by mducharme
Mon Dec 14, 2020 2:09 am
Forum: General
Topic: Queue tree not working as expected
Replies: 42
Views: 2582

Re: Queue tree not working as expected

Interestingly enough. I was able to fully duplicate what the OP complained about this morning before I left the house. Now that Ive tested with the sub-parent, and returned to a queue more like described above, it works as it should. I know 6.47 does operate differently than 6.47.8 does. I've been ...
by mducharme
Mon Dec 14, 2020 1:53 am
Forum: General
Topic: Queue tree not working as expected
Replies: 42
Views: 2582

Re: Queue tree not working as expected

With 6.47.8 and what hardware?
6.48 beta58, RB4011 wifi model, fasttrack disabled (of course)

I don't think 6.47.8 should behave any differently.
by mducharme
Mon Dec 14, 2020 1:50 am
Forum: General
Topic: Queue tree not working as expected
Replies: 42
Views: 2582

Re: Queue tree not working as expected

Without the intermediate queue on this release, the prioritized traffic it not queued/dropped/limited at properly. CIR works as intended, but the max-limit is the problem. As he noted, it pretty much is split 50/50 until max-limit is reached on the child queues This is what I get with my queue setu...
by mducharme
Mon Dec 14, 2020 1:20 am
Forum: General
Topic: Queue tree not working as expected
Replies: 42
Views: 2582

Re: Queue tree not working as expected

I found a simple work around. /queue tree add limit-at=10M max-limit=10M name=local_out parent=bridge add max-limit=10M name=queue_local_out parent=local_out add comment="SSH 10k guaranteed, high priority" limit-at=10k max-limit=10M name=ssh_to_bridge packet-mark=ssh parent=queue_local_ou...
by mducharme
Mon Dec 14, 2020 12:20 am
Forum: General
Topic: Queue tree not working as expected
Replies: 42
Views: 2582

Re: Queue tree not working as expected

There are some setups where the LAN side has multiple bridges and interfaces. Is it okay use in-interface=WAN and out-interface=WAN? I'm not too comfortable with using bridges as interfaces, it becomes hard for me to tell wether an encapsulated / tunelled etc. package gets mangled and queued twice ...
by mducharme
Sun Dec 13, 2020 11:48 pm
Forum: General
Topic: CAPsMan and dividing 2.4 and 5 Ghz channels across multiple AP's
Replies: 6
Views: 1333

Re: CAPsMan and dividing 2.4 and 5 Ghz channels across multiple AP's

I would expect that CAPsMan is dividing the channels in such a way that there is a minimum overlap. Or or are my expectations incorrect? No, CAPsMAN does no coordination of channels between APs. The auto-frequency function in the AP takes only that AP into account, and the way it works is that it d...
by mducharme
Sun Dec 13, 2020 11:39 pm
Forum: General
Topic: Forum registration disabled?
Replies: 2
Views: 351

Forum registration disabled?

Hello,

I know a user who is trying to register for an account, but the registration function seems to be gone from the forum. What happened to it?
by mducharme
Sun Dec 13, 2020 10:33 pm
Forum: Useful user articles
Topic: Using RouterOS to VLAN your network
Replies: 172
Views: 120037

Re: Using RouterOS to VLAN your network

One thing I do not like about the configuration shown in the examples up at the top (which are otherwise very good) is that it has unnecessary use of the "untagged" setting. You never really have to set anything as untagged manually like that, unless you are using something like MAC-based ...
by mducharme
Fri Dec 11, 2020 11:31 pm
Forum: RouterOS v7 BETA
Topic: HAP mini unable to update
Replies: 25
Views: 2555

Re: HAP mini unable to update

I personally didn't have issues with the hAP mini recently. I upgraded it just fine from 7.1beta2 to 7.1beta3. I did have issues getting it on 7 beta from 6.48 initially but that was with older beta that was larger.
by mducharme
Fri Dec 11, 2020 9:06 pm
Forum: RouterBOARD hardware
Topic: New High Performance Routers ! ?
Replies: 82
Views: 16213

Re: New High Performance Routers ! ?

The CCR2016 should be coming eventually - presumably that is a 16-core ARM64 device. I would hope that we see that in the next year but no official word yet.
by mducharme
Thu Dec 10, 2020 10:41 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 46253

Re: v7.1beta3 [development] is released!

I upgraded CCR2004 and reconfigure OSPF but i do not get a link, all i get is Exchange, ExStart and no Full link. Is there something i am missing?
Impossible to tell without seeing your setup, but I can confirm that OSPFv2 works fine for me in beta 3. OSPFv3 is not working.
by mducharme
Thu Dec 10, 2020 2:01 am
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 46253

Re: v7.1beta3 [development] is released!

Correct me if I got this wrong, is the issue with 2.4GHz not working because it’s shared with the 4 antennas that’s used by the 5GHz and not separate? No, it is because it uses an Atheros chip and the new WifiWave2 currently only includes drivers for Qualcomm (QCAxxxx and IPQxxxx) chips. The 5GHz i...
by mducharme
Thu Dec 10, 2020 12:27 am
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 46253

Re: v7.1beta3 [development] is released!

Ospf not working same issue as Chupaka. downgrading to beta2 to resolve. Beta 2 was straight forward to get OSPF working either. OSPFv2 does work, but it doesn't convert the beta 2 config to the new beta 3 style, so any lines of config that have had syntax changes will disappear completely when you...
by mducharme
Wed Dec 09, 2020 10:29 pm
Forum: Scripting
Topic: FastTrack-Friendly QoS Script
Replies: 50
Views: 22039

Re: FastTrack-Friendly QoS Script

Still would love to see that export though, if anyone has it handy! (-: /ip firewall mangle add action=set-priority chain=postrouting comment="Respect DSCP tagging" new-priority=from-dscp-high-3-bits passthrough=yes add action=set-priority chain=postrouting comment="Prioritize ACKs&q...
by mducharme
Wed Dec 09, 2020 1:13 am
Forum: Forwarding Protocols
Topic: VLAN over VPLS Link
Replies: 9
Views: 796

Re: VLAN over VPLS Link

The default layer 2 MTU of a VPLS tunnel is 1500 which is too small to admit a VLAN tag with a full size packet. You'll need to increase your advertised L2MTU to at least 1504 from 1500.
by mducharme
Tue Dec 08, 2020 10:16 pm
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 185
Views: 67259

Re: v6.48beta [testing] is released!

Can you please Share me how to do this? I don't use unlang every day so I don't have the greatest handle on the syntax, but this should be close to what you need: if (!Delegated-IPv6-Prefix) { update request { &Delegated-IPv6-Prefix = %{sql:select delegatedipv6prefix from radacct where username...
by mducharme
Tue Dec 08, 2020 7:16 am
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 185
Views: 67259

Re: v6.48beta [testing] is released!

Hope Mikrotik Team May Implement the same soon.....
I hope so too. In the meantime, if you use FreeRADIUS, it is possible to work around this with a bit of unlang code to revise the PPPoE accounting lines since the MAC address can be used to reference either.
by mducharme
Tue Dec 08, 2020 4:20 am
Forum: General
Topic: PPPoE AC topology question - firewalling
Replies: 12
Views: 905

Re: PPPoE AC topology question - firewalling

2. What about customer routers which they leave open wan access to management their own devices? What about customers radios - eg with terminated pppoe? I can change port or make firewall on customers devices. It shouldn't be your responsibility to protect your customers routers. If they decide to ...
by mducharme
Tue Dec 08, 2020 2:59 am
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 185
Views: 67259

Re: v6.48beta [testing] is released!

1. When the accounting is being sent to radius the DHCP is creating seperate User Name=<MAC ID> which is not letting the Radius Fetch the Delegation Details. Yes you didn't read my other sentence: What MikroTik still has to do is implement the equivalent of the "address-change-immediate-update...
by mducharme
Tue Dec 08, 2020 12:52 am
Forum: Scripting
Topic: RSC backup restore failing on same model hardware and routerOS version
Replies: 2
Views: 366

Re: RSC backup restore failing on same model hardware and routerOS version

and then trying to restore same file on a new device which is same model Hardware and also same RouterOS version using command /system reset-configuration run-after-reset=flash/backup.rsc This won't work because it will start running the .rsc file before all of the interfaces have initialized, so i...
by mducharme
Mon Dec 07, 2020 9:32 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 46253

Re: v7.1beta3 [development] is released!

What on the Audience? Will you have the two 5Ghz Radio available to play around? Yes, I tested it on my Audience and all three radios appear. However, there is no support for bridging as of yet, so using the second radio as an uplink as it was designed is not really possible. You would need to conn...
by mducharme
Mon Dec 07, 2020 7:58 pm
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 185
Views: 67259

Re: v6.48beta [testing] is released!

1. When the accounting is being sent to radius the DHCP is creating seperate User Name=<MAC ID> which is not letting the Radius Fetch the Delegation Details. Yes you didn't read my other sentence: What MikroTik still has to do is implement the equivalent of the "address-change-immediate-update...
by mducharme
Mon Dec 07, 2020 8:37 am
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 46253

Re: v7.1beta3 [development] is released!

Also, I had hoped for MPLS to be added in this new beta. Do you expect to have MPLS support added before RouterOS 7 is released? Although it seems there are a few glitches here and there to work out, for the most part things are working in ROS 7 now. MPLS seems to be the biggest thing missing.
by mducharme
Mon Dec 07, 2020 5:10 am
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 46253

Re: v7.1beta3 [development] is released!

It is hard to say whether it is due to the architecture or instead something related to the drivers or the particular configuration I have. The RB4011 is my main router at home so I am using a lot of features on it, I am not entirely surprised that I am encountering instability as a result. However...
by mducharme
Sat Dec 05, 2020 10:47 pm
Forum: General
Topic: PPPoE AC topology question - firewalling
Replies: 12
Views: 905

Re: PPPoE AC topology question - firewalling

Because of security. I wanna block access to web/ssh/telnet management on other devices. I dont want the customer to see other device. Customers often leave their devices not secured enough, also our management needs to be protected. But I would presume you are using a management VLAN for your radi...
by mducharme
Sat Dec 05, 2020 10:17 pm
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 185
Views: 67259

Re: v6.48beta [testing] is released!

I Just Tried but no improvement Still Not Sending Delegated IPv6 Prefix to Radius on Accounting :( In the RADIUS menu you have to check not only the PPP box but also the DHCP box for the RADIUS server, then the delegated prefix will be sent on accounting. /radius add address=192.168.88.254 secret=m...
by mducharme
Sat Dec 05, 2020 10:08 pm
Forum: Wireless Networking
Topic: Band Steering implementation?
Replies: 74
Views: 25584

Re: Band Steering implementation?

Well, the bottom line is; Do we need to exchange hardware to keep up with new technology and is it backwards compatible for clients. And when is this going to happen? If I can change my AP's but still connect 'legacy' CPE's it gives me time to swap my P2MP network and can spread the investment. If ...
by mducharme
Sat Dec 05, 2020 4:59 am
Forum: Forwarding Protocols
Topic: mpls on hAP (941)
Replies: 2
Views: 425

Re: mpls on hAP (941)

We ran MPLS in a mixed Cisco-MikroTik environment before moving entirely to MikroTik. No major issues to speak of.
by mducharme
Sat Dec 05, 2020 4:57 am
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 46253

Re: v7.1beta3 [development] is released!

This would substantiate the issues I'm seeing on all the CCR2004 I've tried. So the build of ROS7B3 is borked for Arm? It is hard to say whether it is due to the architecture or instead something related to the drivers or the particular configuration I have. The RB4011 is my main router at home so ...
by mducharme
Sat Dec 05, 2020 3:59 am
Forum: Wireless Networking
Topic: Band Steering implementation?
Replies: 74
Views: 25584

Re: Band Steering implementation?

Alternatively just give up on AC feature set entirely and this time put a proper effort into Wifi6 and do it right. Start again but without dragging heels in the sand forever, so that at least in 1 or 2 years time MikroTik can actually be competitive in the wireless space That is basically what the...
by mducharme
Sat Dec 05, 2020 3:54 am
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 46253

Re: v7.1beta3 [development] is released!

Came home today to no wifi. Looks like the Audience was caught in a boot loop I ended up having to reset See if this is a one off or daily occurrence I had to revert back to Beta 2 on my Audience. No boot loop, but the management interface was only accessible via MAC telnet and showed no interfaces...
by mducharme
Fri Dec 04, 2020 3:38 am
Forum: Wireless Networking
Topic: Band Steering implementation?
Replies: 74
Views: 25584

Re: Band Steering implementation?

I just bought a bunch, and installed, Tenda-AC21 routers. The only difference with the AC23 is it has 2 antennas less. But they work like a charm! People that needed repeaters before can ditch them. Those with 5 Ghz enabled devices automatically connect to the 5 Ghz radio and they see for the first...
by mducharme
Fri Dec 04, 2020 2:42 am
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 46253

Re: v7.1beta3 [development] is released!

OSPFv2 is somewhat unstable now, with either broadcast or PTP network type forming neighbor with ROS 6 - "received wrong LS Ack" in log, with ROS 6 router. Appears to result in crashing entire routing stack for a second, causing tunnels to drop and re-establish and also causing BGP peering...
by mducharme
Thu Dec 03, 2020 10:47 pm
Forum: General
Topic: PPPoE AC topology question - firewalling
Replies: 12
Views: 905

Re: PPPoE AC topology question - firewalling

It looks exactly what i need. I will test it during night. Now i know "where to dig". My fault, gw means gateway - ccr1072 on map - NAT/FIREWALL. I would be really careful with that. If you are policy routing that to the gateway, forcing it there, and the gateway has a route to send the t...
by mducharme
Thu Dec 03, 2020 10:06 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 46253

Re: v7.1beta3 [development] is released!

RB4011 wifi model - upgraded fine, works hAP ac (running as cap) - upgraded fine, works Mikrotik Audience (running as cap) - management hangs about every half hour to hour, going into mac winbox connects but interfaces/wireless menu is empty. Reboot fixes it for another half hour to an hour. Tried r...
by mducharme
Thu Dec 03, 2020 9:46 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 46253

Re: v7.1beta3 [development] is released!

I upgraded a CHR that I use for some testing from v7.1beta2 to v7.1beta3. After upgrade, the BGP link that was configured does not come up. Yes, the required BGP fields have changed. If you created BGP config in 7.1beta2, you have to delete it, upgrade to 7.1 beta 3, make sure all BGP config is gon...
by mducharme
Thu Dec 03, 2020 9:22 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 46253

Re: v7.1beta3 [development] is released!

After upgrade, all my OSPF settings disappeared (except of Instance)
Yes, this happened to me as well. The issue is the required and optional fields have changed, so the old config tries to apply but fields do not exist anymore or have now been named differently.
by mducharme
Thu Dec 03, 2020 8:58 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta3 [development] is released!
Replies: 262
Views: 46253

Re: v7.1beta3 [development] is released!

Apparent OSPFv3 bug in v7.1beta3 - PTP network type is giving "wrong checksum" when trying to establish neighbor with ROS v6 device. OSPFv2 seems to work OK.
by mducharme
Thu Dec 03, 2020 2:24 am
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 387
Views: 101638

Re: v7.1beta2 [development] is released!

Apparent OSPFv3 bug in v7.1beta3 - PTP network type is giving "wrong checksum" when trying to establish neighbor with ROS v6 device. OSPFv2 seems to work OK.
by mducharme
Tue Dec 01, 2020 4:48 am
Forum: General
Topic: Report "Delegated-IPv6-Prefix" attribute for PPPoE
Replies: 233
Views: 64791

Re: Report "Delegated-IPv6-Prefix" attribute for PPPoE

They have finally added it in 6.48 beta58! I tested it and it seems to work - it sends back the dynamically assigned prefix via an accounting packet to the RADIUS server. The only issue that I see is that it treats the IPv6 session as a completely separate RADIUS session, so it has a different sessi...
by mducharme
Tue Dec 01, 2020 4:36 am
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 185
Views: 67259

Re: v6.48beta [testing] is released!

The remaining issue now is that it considers the IPv6 DHCP to be a completely separate RADIUS session from the PPPoE, and the username does not match (it uses the MAC instead). But at least it is being reported back to the RADIUS server.
by mducharme
Tue Dec 01, 2020 4:15 am
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 185
Views: 67259

Re: v6.48beta [testing] is released!

Version 6.48beta58 has been released. *) dhcpv6 server - added support for "Delegated-IPv6-Prefix" for PPP services; Dose this means support is added for Radius Accounting or Can Anyone please Explain this??? I just tested it - RADIUS accounting is now working too for Delegated-IPv6-Prefi...
by mducharme
Tue Dec 01, 2020 12:03 am
Forum: Announcements
Topic: v6.48beta [testing] is released!
Replies: 185
Views: 67259

Re: v6.48beta [testing] is released!

Really happy to finally see Delegated-IPv6-Prefix support for PPPoE. I'm hoping that it includes RADIUS accounting for that attribute as well, or that the accounting is coming soon at least.
by mducharme
Mon Nov 23, 2020 9:49 pm
Forum: Forwarding Protocols
Topic: MPLS/VPLS and HTB / EXP bits
Replies: 15
Views: 3393

Re: MPLS/VPLS and HTB / EXP bits

That makes sense, and now that I know the secret to making the non chr routers properly utilize EXP/COS (as of your comments last night) I was thinking adding the second router as a P router would do as you said above. I havent tested the loss of QOS with php using implicit-null, but in the manual ...
by mducharme
Mon Nov 23, 2020 9:14 pm
Forum: Forwarding Protocols
Topic: MPLS/VPLS and HTB / EXP bits
Replies: 15
Views: 3393

Re: MPLS/VPLS and HTB / EXP bits

But I cant seem to queue the packets that originate from the router. Yes, this is not possible, unfortunately. The issue is that ingress-priority is only set automatically when the packet first arrives at the router, and you can only match ingress-priority in bridge filter rules (not priority). Any...
by mducharme
Mon Nov 23, 2020 9:02 pm
Forum: Forwarding Protocols
Topic: MPLS EXP to COS copy drops to 0 at second router
Replies: 3
Views: 633

Re: MPLS EXP to COS copy drops to 0 at second router

That did the trick. Did I miss that in the manual somewhere? (that its exclusive to non-chr) Thats been a frustrating thing. I've read some of your other posts/threads about needing to use the bridge for qos of mpls packets on incoming/outgoing interfaces. But dropping the COS on ingress downstream...
by mducharme
Mon Nov 23, 2020 4:48 am
Forum: Forwarding Protocols
Topic: MPLS EXP to COS copy drops to 0 at second router
Replies: 3
Views: 633

Re: MPLS EXP to COS copy drops to 0 at second router

Hi, Yes, we experienced this problem long ago. This works fine with CHR but not with any hardware routers - if you are running any hardware router and not CHR, it ends up being COS 0 after the second router. The only workaround we found was to add a single port bridge on the second router, with the ...
by mducharme
Sun Nov 22, 2020 1:57 am
Forum: Forwarding Protocols
Topic: MPLS neighbour addresses 'leaking'?
Replies: 4
Views: 627

Re: MPLS neighbour addresses 'leaking'?

You probably only want your loopback addresses to be advertised in the MPLS forwarding table. Assuming your loopbacks are in a single range, ex. 10.255.255.0/24, you would do something like this: /mpls ldp advertise-filter add prefix=10.255.255.0/24 add advertise=no That tells the MikroTik to advert...
by mducharme
Thu Nov 12, 2020 5:17 am
Forum: RouterOS v7 BETA
Topic: v7.1beta2 [development] is released!
Replies: 387
Views: 101638

Re: v7.1beta2 [development] is released!

It would be welcome when you release new v7 betas quickly even if they are only for single architecture, e.g. only for CHR. That at least enables some testing and evaluation. Getting them to work on all devices is something that can trail after that. If it only takes another day or two, I don't see...
by mducharme
Sun Oct 18, 2020 9:45 pm
Forum: RouterOS v7 BETA
Topic: IP Route In RouterOS V7
Replies: 7
Views: 1781

Re: IP Route In RouterOS V7

I enter the command: "/ ip firewall mangle add action = mark-routing chain = prerouting connection-mark = from-ISP1 new-routing-mark = to-ISP1 passthrough = yes " in response I get: "input does not match any value of new-routing-mark". How to do it correctly? Now you have to add...
by mducharme
Sun Oct 11, 2020 2:29 am
Forum: Beginner Basics
Topic: IPV6 Firewall [SOLVED]
Replies: 55
Views: 2794

Re: IPV6 Firewall [SOLVED]

Thanks. Yes, that is the problem i appear to have! I did try the refresh as you did but still no result. :( Interesting it comes back as 'not tested'. One would have thought it would say 'unreachable', as the result I get on ios when I try it is 'reachable' for ICMP (As an FYI, i have swapped to th...
by mducharme
Sat Oct 10, 2020 2:11 pm
Forum: Beginner Basics
Topic: IPV6 Firewall [SOLVED]
Replies: 55
Views: 2794

Re: IPV6 Firewall [SOLVED]

Sorry, what i meant was, iOS on my iPhone returns nearly a full house (19/20) on the test site, but OSX and windows10 does'nt (17/20). Also, after pinging my Macbook ipv6 address from the Ultratools website, I do not get any ICMPv6 input packets recorded in the MT firewall, but do get one forwarded...
by mducharme
Fri Oct 09, 2020 6:30 am
Forum: Beginner Basics
Topic: IPV6 Firewall [SOLVED]
Replies: 55
Views: 2794

Re: IPV6 Firewall [SOLVED]

Sorry scrap that, i was pinging the wrong addresses! Performing a ping6 to ipv6.google.com from terminal in osx, i get a response no prorlem, and if i ping my device ipv6 i also get a response from that test site, although that response time is very high comparing it to outgoing. It is likely that ...