Community discussions

Search found 106 matches

by stoser
Thu Jul 18, 2019 3:59 am
Forum: Scripting
Topic: netwach email where failover
Replies: 1
Views: 271

Re: netwach email where failover

First I would like to understand what exactly is the problem that you are having. Is the problem that you prefer to use the scheduler instead of the s2s solution over netwatch, but would prefer to only receive just one email per fault (instead of one email every 5 minutes)? Or is the problem that yo...
by stoser
Thu Jul 18, 2019 3:38 am
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4069

Re: 1wan + 2 lan isolated from each other

How should I proceed with the firewall to separate the lans?
see post #24 by @anav
by stoser
Wed Jul 17, 2019 2:03 am
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4069

Re: 1wan + 2 lan isolated from each other

/ping src-address=172.16.24.1 172.16.24.2 count=4 This one should succeed as both addresses are on directly connected subnet. /ping src-address=192.168.1.1 172.16.24.2 count=4 This one shoukd succeed as well, if it doesnt, tgen there's something wrong on the AP. Also you did not perform the second ...
by stoser
Wed Jul 17, 2019 2:00 am
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4069

Re: 1wan + 2 lan isolated from each other

Based on the results of the pings, the 4011 can ping the Ubiquiti AP, and it can also ping the other interface on itself. Please do the following: 1- Try ping from Ubiquiti AP to 4011, and post results (172.16.24.2 to 172.16.24.1) 2 - Try tracert from Ubiquiti AP to an internet site (8.8.8.8 for ex)...
by stoser
Tue Jul 16, 2019 11:36 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4069

Re: 1wan + 2 lan isolated from each other

One problem I see is the following: Look closely at the Ip range for dhcp_pool2:

/ip pool
add name=dhcp_pool1 ranges=192.168.1.210-192.168.1.230
add name=dhcp_pool2 ranges=172.16.24.100-192.16.24.120

Also, you should add the network 172.16.24.0/24, as you yourself stated
by stoser
Tue Jul 16, 2019 5:45 pm
Forum: Scripting
Topic: int-to-string?
Replies: 10
Views: 864

Re: int-to-string?

I have no idea what you are asking for. Please take some time out of your day and write down specifically what you need, perhaps with an example of a very specific input, and an example of the very specific desired output. It is not fair to waste the time of people who are using their valuable time ...
by stoser
Tue Jul 16, 2019 5:28 pm
Forum: Scripting
Topic: int-to-string?
Replies: 10
Views: 864

Re: int-to-string?

Are you referring to printing out a simple ASCII code byte to its corresponding character value?
by stoser
Tue Jul 16, 2019 4:11 pm
Forum: Scripting
Topic: int-to-string?
Replies: 10
Views: 864

Re: int-to-string?

:local int 46;
:local output "";

:set output ($int);
:log info ($output);
The above code would log the character string "46"
by stoser
Tue Jul 16, 2019 3:58 pm
Forum: Beginner Basics
Topic: connection state question [SOLVED]
Replies: 13
Views: 999

Re: connection state question [SOLVED]

All rules in Mikrotik are processed sequentially. Look in Winbox, on the left side of the ip/firewall rules. You will see a column labeled "#". This is the number of the firewall rule. Click the "#" to order the list. The firewall rules will be processed in that order, starting from 0 (zero). Once a...
by stoser
Tue Jul 16, 2019 3:41 pm
Forum: Beginner Basics
Topic: 1wan + 2 lan isolated from each other
Replies: 63
Views: 4069

Re: 1wan + 2 lan isolated from each other

If the requirement is simple isolation of bridge1 from bridge2, assign the IP address 176.16.24.1 to bridge2 (NOT to ether10) and use the rules already suggested by @mkx: /ip firewall filter add action=drop chain=forward in-interface=bridge2 out-interface=bridge1 add action=drop chain=forward in-int...
by stoser
Wed Jul 03, 2019 4:04 pm
Forum: Wireless Networking
Topic: Trouble Establishing Link w/ Wireless Wire Dish
Replies: 1
Views: 209

Re: Trouble Establishing Link w/ Wireless Wire Dish

If you already established that the link works from your neighbor's deck to your deck, and the distances are more or less the same, then start by testing out all of the extras, and removing most of them if possible. First test the cable. Make sure it shown link UP. Just plug a computer into the hous...
by stoser
Mon Jul 01, 2019 9:19 pm
Forum: General
Topic: Failover with email
Replies: 4
Views: 447

Re: Failover with email

I cannot help you with your current design, as I think that is is cumbersome and overly complex. However, I can point you in the direction of a simpler implementation. Have you seen this wiki? https://wiki.mikrotik.com/wiki/Advanced_Routing_Failover_without_Scripting It does everything you need minu...
by stoser
Mon Jul 01, 2019 5:59 am
Forum: General
Topic: Failover with email
Replies: 4
Views: 447

Re: Failover with email

Perhaps a better way would be to let the mikrotik handle the pings and the failover as designed using recursive routes. You could just schedule a script to check to see if any active route has a distance > 1 (which would indicate that the primary route is down). If the condition is met, send an emai...
by stoser
Mon Jul 01, 2019 4:59 am
Forum: Beginner Basics
Topic: Simulation two WAN with one ISP
Replies: 4
Views: 630

Re: Simulation two WAN with one ISP

If all you want to do is simulate and view the traffic going out two different interfaces, you can probably use the IP%interface notation for the gateway values in the routing rules. So if your ISP LAN gateway is 192.168.0.1, and your WAN1 interface name is "ether1", and your WAN2 interface name is ...
by stoser
Mon Jul 01, 2019 4:34 am
Forum: Beginner Basics
Topic: 3 WAN failover
Replies: 4
Views: 788

Re: 3 WAN failover

Which IP addresses should I use for checking the link status? Can I use IP addresses of root DNS servers? I use Google DNS (8.8.8.8 or 8.8.4.4) and Level3 (4.2.2.1, 4.2.2.2, 4.2.2.3, 4.2.2.4), or your can use any other reliable icmp responder that can be reached from that WAN So, how should I confi...
by stoser
Mon Jul 01, 2019 4:09 am
Forum: Beginner Basics
Topic: How to switch immediately after a failover ?
Replies: 7
Views: 833

Re: How to switch immediately after a failover ?

Take a look at this topic, perhaps it will help: https://forum.mikrotik.com/viewtopic.php?f=2&t=139750&hilit=connection Specifically. if you are using srcnat for outgoing traffic, only use srcnat=masquerade. When you use masquerade, the router will automatically clear the connections for you during ...
by stoser
Sun Jan 13, 2019 5:42 pm
Forum: General
Topic: Wrong "Last Link Down Time" in Winbox
Replies: 17
Views: 2396

Re: Wrong "Last Link Down Time" in Winbox

I was able to resolve this on our workstations, it seems to be a difference in how Winbox is writing session files. If you delete the "%userprofile%\appdata\roaming\mikrotik\winbox\sessions" directory, then it all works fine again and correct link down dates are shown. We've confirmed that on two d...
by stoser
Sun Nov 11, 2018 8:17 pm
Forum: Beginner Basics
Topic: The winbox is hard to use
Replies: 12
Views: 1109

Re: The winbox is hard to use

Winbox is a classic MDI application, you can use CTRL-F6 and CTRL-SHIFT-F6 to cycle through child windows, forth and back respectively.
Excellent, and thank you nescafe2002. Did not know this.
by stoser
Sun Nov 11, 2018 8:07 pm
Forum: Beginner Basics
Topic: RB2011 src-nat strange behaviour?
Replies: 20
Views: 979

Re: RB2011 src-nat strange behaviour?

@stoser: if routes on VDSL modem are set correctly, no masquerading between LAN and VDSL modem is needed ... straight routing should do the trick. Single masquerading towards internet (covering both 192.168 networks) should be enough. I completely agree with mkx's post. Including the quoted part. E...
by stoser
Sun Nov 11, 2018 7:55 pm
Forum: Beginner Basics
Topic: RB2011 src-nat strange behaviour?
Replies: 20
Views: 979

Re: RB2011 src-nat strange behaviour?

I wanted that the VDSL router has also a connection to the internet, so the clock gets synchronized and log entries have correct timestamps Concerning the VDSL router having the correct time, please note that the VDSL router in BRIDGE mode has no direct internet access. You need to define the defau...
by stoser
Sun Nov 11, 2018 7:42 pm
Forum: Beginner Basics
Topic: RB2011 src-nat strange behaviour?
Replies: 20
Views: 979

Re: RB2011 src-nat strange behaviour?

Hello, I still think that the OP's issue is that the OP was manquerading only when the out interface was equal to "WIA" (the pppoe interface layered on top of ether10). To access the WAN IP subnet, he will need to masquerade traffic to the subnet associated to ether10. See OP's original post. HWtest...
by stoser
Sun Nov 11, 2018 5:13 pm
Forum: Beginner Basics
Topic: RB2011 src-nat strange behaviour?
Replies: 20
Views: 979

Re: RB2011 src-nat strange behaviour?

Hello, I think that the problem is that you need to masquerade with the Out-Interface set to Interface 10 in order to access the vdsl router. You were masquerading to the PPPoE interface, which is one step ahead of the VDSL router. The PPPoE (WIA) is connecting to you the DSLAM of your provider. Rec...
by stoser
Sun Nov 11, 2018 4:55 pm
Forum: General
Topic: Wrong "Last Link Down Time" in Winbox
Replies: 17
Views: 2396

Re: Wrong "Last Link Down Time" in Winbox

I reported it as well

Ticket#2018103022005561

Mikrotik support asked me for screenshots and additional details, I gave them screenshots from 3 differnt RBs, and using different versions of Winbox (when possible). Hopefully it will be corrected in the next version of Winbox.
by stoser
Tue Oct 30, 2018 4:16 am
Forum: General
Topic: Wrong "Last Link Down Time" in Winbox
Replies: 17
Views: 2396

Re: Wrong "Last Link Down Time" in Winbox

Bump... Yesterday I got around to upgrading all of the RBs in my previous post to 6.43.4, and a CRS 326 as well, both firmware and packages. Using both winbox 3.17 and 3.18, the "Last Link uptime" of all active interfaces always gets set to the time that winbox connected ... The last link downtime i...
by stoser
Sat Sep 29, 2018 10:59 pm
Forum: General
Topic: /ip dns servers= (cache) - how are multiple servers used?
Replies: 18
Views: 1649

Re: /ip dns servers= (cache) - how are multiple servers used?

I agree that Mikrotik should put the answer to the topic in the Wiki. I have not found the answer in the WIKI. However, I recall reading a forum article a few years ago in which a forum guru wrote that Mikrotik uses the DNS entries with Round Robin, excluding DNS IPs that don't reply. It was never m...
by stoser
Sat Sep 29, 2018 6:27 pm
Forum: Beginner Basics
Topic: router without gateway to internet
Replies: 4
Views: 478

Re: router without gateway to internet

Not quite sure what you are asking. The config you posted is very basic. Your config shows no explicit blocking of anything at all. I do not see firewall rules. The only "blocking" could be caused by the lack of specified routes... If you want internet access for your DHCP clients, you will need to ...
by stoser
Sat Sep 29, 2018 6:13 pm
Forum: General
Topic: Routing Failover without Scripting
Replies: 3
Views: 472

Re: Routing Failover without Scripting

sindy, thanks for the link to the other forum topic. Very informative, especially the parts dealing with PPPoE. Kind regards -
by stoser
Fri Sep 28, 2018 10:10 pm
Forum: Beginner Basics
Topic: Connecting two mikrotik routers, ping all hosts access the internet. [SOLVED]
Replies: 2
Views: 333

Re: Connecting two mikrotik routers, ping all hosts access the internet. [SOLVED]

You need to add routes for all corresponding address ranges. On Mikrotik 1 define a route to get to the 10.10.2.0/24 subnet. The gateway would be 192.168.2.2 on Mikrotik 2 On Mikrotik 1 define a route to get to the 10.10.1.0/24 subnet. The gateway would be 192.168.2.1 on Mikrotik 1 On Mikrotik 1 def...
by stoser
Fri Sep 28, 2018 10:02 pm
Forum: General
Topic: Routing Failover without Scripting
Replies: 3
Views: 472

Re: Routing Failover without Scripting

Try putting an IP address for the gateway in the route with scope 10 specifically change "ISP" in the route below to the gateway address of your ISP 1 A S dst-address=1.1.1.1/32 gateway=ISP gateway-status=ISP reachable distance=1 scope=10 target-scope=10 I have not been able to get recursive routing...
by stoser
Fri Sep 28, 2018 5:57 pm
Forum: Beginner Basics
Topic: Route specific IP traffic from LAN Subnet to WAN specific IP
Replies: 4
Views: 1126

Re: Route specific IP traffic from LAN Subnet to WAN specific IP

Like the previous two posts state, but I will clarify and add preferencial source in route: -- Add a connection mark for src address -- add routing mark for the new connection mark -- add static route for new routing mark, but clearly state preferential source in the route. That way all connections ...
by stoser
Fri Sep 28, 2018 5:51 pm
Forum: General
Topic: Failover route fails to carry traffic upon primary failure
Replies: 7
Views: 428

Re: Failover route fails to carry traffic upon primary failure

Anumrak: I can confirm that your suggestion solved my problem, thanks again. The routing failover is now very fast and the connections do not hang. CPU is good. Hopefully you OP had the same problem, and this will help him as well. Back to the OPs original topic request ...
by stoser
Fri Sep 28, 2018 5:02 pm
Forum: General
Topic: Failover route fails to carry traffic upon primary failure
Replies: 7
Views: 428

Re: Failover route fails to carry traffic upon primary failure

Connections get hanging in conn tracker only if you choose whatever source nat action except masquerade. Masq will drop all connection by himself if route though masq interface is unreachable. Anumrak, thank you for this info. There is one interface that I was using src-nat instead of masquerade. I...
by stoser
Fri Sep 28, 2018 4:43 pm
Forum: General
Topic: CRS326-24G-2S+ check power input
Replies: 4
Views: 391

Re: CRS326-24G-2S+ check power input

As far as I know, the CRS 326 only shows temp, it does not show input voltage. And in routers like the 2011 and 3011 that do show input voltage, I am unaware of a way to monitor if the input voltage is coming from the DC input jack or the POE in. It seems to me that the DC inputs are bridged, althou...
by stoser
Fri Sep 28, 2018 4:29 pm
Forum: General
Topic: Failover route fails to carry traffic upon primary failure
Replies: 7
Views: 428

Re: Failover route fails to carry traffic upon primary failure

I have seen that when the WANs are from a different providers with a different public IP and gateway subnet, many stateful connections hang. This occurs when connection marks are used and the corresponding connections are not expired. Over time I have seen that the traffic slowly increases on the ne...
by stoser
Fri Sep 28, 2018 3:56 pm
Forum: General
Topic: 6.42.1 POE Overload
Replies: 12
Views: 2109

Re: 6.42.1 POE Overload

I am running 6.42.7 on a power box pro 960PGS

Had the same problem with a UBNT gen 2 rocket prism with POE-OUT set to auto-on. I had to set it to forced-on to make it work. I am powering directly from a battery bank to the DC input jack, I am NOT using POE-IN.
by stoser
Fri Sep 28, 2018 3:32 pm
Forum: Beginner Basics
Topic: access different subnet from wan interface
Replies: 10
Views: 588

Re: access different subnet from wan interface

I have a telecom Italia router with ip 192.168.1.1 and 2 mikrotiks connected trough eth1-wan to the Telecom router. the mikrotik-1 have 192.168.1.10 on the eth1-wan interface and the mikrotik-2 have 192.168.1.20 on the eth1-wan interface. then all the other ports are bridged with assigned networks ...
by stoser
Fri Sep 28, 2018 3:16 pm
Forum: Beginner Basics
Topic: Can't connect to Mikrotik from outside
Replies: 9
Views: 1184

Re: Can't connect to Mikrotik from outside

accept tcp port 8291 on input chain, set in-interface to be your WAN interface, normally ether1. However you want to limit access to this port by set source IP from which you allow only. Also make sure you are on latest firmware. 1) Recommend to change the winbox port as well, as most robots look f...
by stoser
Fri Sep 28, 2018 3:03 pm
Forum: Beginner Basics
Topic: Basic Routing
Replies: 2
Views: 332

Re: Basic Routing

based on your picture, I assume that [10.10.10.2/30----192.168.0.1/30] are two ports on the same router, specifically ether8 and ether1 Two potential problems: 1) # ADDRESS NETWORK INTERFACE 0 192.168.0.2/30 192.168.0.0 ether1 1 10.10.10.1/30 10.10.10.0 ether8 Why are you putting the addresses of th...
by stoser
Fri Sep 28, 2018 2:45 pm
Forum: General
Topic: Wrong "Last Link Down Time" in Winbox
Replies: 17
Views: 2396

Re: Wrong "Last Link Down Time" in Winbox

I can confirm that this occurs on the following routers using Winbox 3.17 AND Winbox 3.18. Note: The strange date behavior is NOT occurring with winbox 3.11, on the versions that it can connect to (pre 6.43). 3011UiAS, running 6.40.9, Firmware 3.41 Power Box Pro (960PGS) running 6.42.7 750UP running...
by stoser
Thu Sep 27, 2018 6:59 pm
Forum: General
Topic: Wrong "Last Link Down Time" in Winbox
Replies: 17
Views: 2396

Re: Wrong "Last Link Down Time" in Winbox

I am also having this problem, on RouterBOARD 3011UiAS, running 6.40.9, Firmware 3.41 However I do not believe that this has to do with upgrade version or firmware. I believe that it is the newer versions of winbox. Winbox 3.11 connected to the same router shows CORRECT dates in "last link up time" ...
by stoser
Thu Sep 06, 2018 5:41 pm
Forum: Forwarding Protocols
Topic: PPPoE Client on router A, physical connection to modem on router B
Replies: 10
Views: 767

Re: PPPoE Client on router A, physical connection to modem on router B

... at the router add as many bridges as providers, then add only VLAN 1 to bridge 1, VLAN 2 to bridge 2 and so on, what’s the idea, if you set up a bridge interface you can manually change your MAC address so it will work too. I have already tried this, as per the following link, https://wiki.mikr...
by stoser
Thu Sep 06, 2018 5:22 pm
Forum: Forwarding Protocols
Topic: PPPoE Client on router A, physical connection to modem on router B
Replies: 10
Views: 767

Re: PPPoE Client on router A, physical connection to modem on router B

Question for you - for that 'switch stack', is it a single switch or a group of switches in some kind of failover configuration?

I am using a single switch at this point, a CRS326, as I am still testing. The idea is to add failover once I get it working.
by stoser
Wed Sep 05, 2018 7:26 pm
Forum: Forwarding Protocols
Topic: PPPoE Client on router A, physical connection to modem on router B
Replies: 10
Views: 767

Re: PPPoE Client on router A, physical connection to modem on router B

Thanks for all of the guidance. The access concentrator MAC addresses at the DSLAM were the same for all PPPoE client connections, since the ISP is the same. Also, on my router, the ethernet port mac addresses on which the VLANs were built were also the same, since the idea was to use just one physi...
by stoser
Wed Sep 05, 2018 7:46 am
Forum: Forwarding Protocols
Topic: PPPoE Client on router A, physical connection to modem on router B
Replies: 10
Views: 767

Re: PPPoE Client on router A, physical connection to modem on router B

Update ... I have set up 3 PPPoE client connections from 1 physical interface on Router A ( physical interface Ether 5). Each PPPoE connection is associated to a VLAN. There is a VLAN trunk coming off of ether 5, and a managed switch is set up with VLAN access ports, each port with a physical cable ...
by stoser
Wed Sep 05, 2018 5:36 am
Forum: Forwarding Protocols
Topic: PPPoE Client on router A, physical connection to modem on router B
Replies: 10
Views: 767

Re: PPPoE Client on router A, physical connection to modem on router B

Thank you sri2007. Your post made me realize that I was on the right track. I could not get it working with a Router connected to the modems, so I took your advice and connected a CRS switch, and used SwOS to set up the VLAN access ports and trunk, and it all worked out very well. Thanks again. Sett...
by stoser
Tue Sep 04, 2018 3:59 am
Forum: General
Topic: Isolating Static IP customers/clients on local netowrk
Replies: 1
Views: 171

Re: Isolating Static IP customers/clients on local netowrk

If I understand you correctly, you want to drop requests for all IP addresses that you have NOT assigned to simple queues, You would need to use Firewall Filter. Go to IP --> Firewall --> Filter Rules in winbox, and create rules that allow forwarding for only the IP addresses that you want. Drop all...
by stoser
Mon Sep 03, 2018 4:47 pm
Forum: RouterBOARD hardware
Topic: RB 3011
Replies: 5
Views: 597

Re: RB 3011

F1le -- did you just load a backup or did you load a .rsc file containing the config script? If you simply loaded a backup, it will not work. You cannot load a backup from one model number of router into a different model number. .backup files are hardware specific. If you loaded the .rsc file and i...
by stoser
Mon Sep 03, 2018 4:27 pm
Forum: Beginner Basics
Topic: How to hide web interface of router from internet?
Replies: 11
Views: 750

Re: How to hide web interface of router from internet?

The best way to restrict who can access specifically the www interface for administering the router is to do what BartoszP wrote. In the www interface or winbox, choose IP ---> services. Select www. Specify which IP addresses or subnets can access the www service. While you are at it, restrict winbo...
by stoser
Mon Sep 03, 2018 4:14 pm
Forum: Forwarding Protocols
Topic: PPPoE Client on router A, physical connection to modem on router B
Replies: 10
Views: 767

PPPoE Client on router A, physical connection to modem on router B

Hello forum members. I have been trying to make the following scenario work, quite unsuccessfully, for the past couple of days. I am hoping for some pointers... I have an Mtik router acting as a load balancer for a lot of VDSL services. This is ROUTER A. There are more VDSL modems than there are por...
by stoser
Sat Dec 02, 2017 5:46 pm
Forum: General
Topic: Simple queue drop question
Replies: 18
Views: 1791

Re: Simple queue drop question

I though that smaller pkts help voip for low jitter and less delay. Ill give it a try and post results here. Queue size is the maximum number of packets that the queue can have. IT IS NOT the packet size. Packets that come into the queue in excess of the queue size get dropped, and therefore do not...