Community discussions

MikroTik App

Search found 35 matches

by datajerk
Wed Nov 27, 2019 3:08 am
Forum: Beginner Basics
Topic: Queue active only if on 2nd ISP
Replies: 1
Views: 412

Queue active only if on 2nd ISP

Hi, I have two ISPs (BigCable 1000/40 and BigTelco DSL 40/2). BigTelco is my backup when BigCable is down. When BigCable is down my security cameras fill the 2Mb/s pipe of BigTelco DSL. I'd like to limit that to 1Mb/s. Creating a queue for this is simple, however I only want the queue active when Bi...
by datajerk
Tue Oct 22, 2019 2:47 am
Forum: Beginner Basics
Topic: killing ikev2 with 2 ipsec/ikev2 peers
Replies: 4
Views: 1180

Re: killing ikev2 with 2 ipsec/ikev2 peers

Thank you, this is helpful. I cleaned up and started over following your advice and did some monitoring and observing. I still have the same problem, and it is consistent. I started with one peer/mode-config/identity and continued to add new peers/mode-configs/identities (p/m/i) up to 5, any time I ...
by datajerk
Sat Oct 19, 2019 10:28 pm
Forum: Beginner Basics
Topic: killing ikev2 with 2 ipsec/ikev2 peers
Replies: 4
Views: 1180

Re: killing ikev2 with 2 ipsec/ikev2 peers

Hi, thanks for the quick reply. You need a separate peer, mode-config and identity for every connection. I believe I've done that. I should have provided both entries in the original post. /ip ipsec mode-config add connection-mark=nordvpnus name=nordvpnus responder=no /ip ipsec mode-config add conne...
by datajerk
Sat Oct 19, 2019 9:52 pm
Forum: Beginner Basics
Topic: blocking traffic when ipsec/ikev2 is down
Replies: 5
Views: 916

Re: blocking traffic when ipsec/ikev2 is down

Ok, I think I have a working solution, or at least it appears to work, I need to check to see if any requests are getting out, however none are not being returned. Since ipsec sets up src-nat on connect, I added to my nat external interfaces !addresslist to prevent src-nat. This feels sloppy somehow...
by datajerk
Sat Oct 19, 2019 9:24 pm
Forum: Beginner Basics
Topic: blocking traffic when ipsec/ikev2 is down
Replies: 5
Views: 916

blocking traffic when ipsec/ikev2 is down

Hello, I'm using the following to route an address list out an ipsec/ikev2 tunnel: /ip firewall mangle add action=mark-connection chain=prerouting dst-address-list=!internal new-connection-mark=nordvpnus passthrough=yes src-address-list=nordvpnus /ip firewall mangle add action=change-mss chain=forwa...
by datajerk
Sat Oct 19, 2019 8:38 pm
Forum: Beginner Basics
Topic: killing ikev2 with 2 ipsec/ikev2 peers
Replies: 4
Views: 1180

killing ikev2 with 2 ipsec/ikev2 peers

Hi, I have the following config (Based on https://wiki.mikrotik.com/wiki/IKEv2_EAP_between_NordVPN_and_RouterOS) that works great: /ip ipsec mode-config add connection-mark=nordvpnch name=nordvpnch responder=no /ip ipsec policy group add name=nordvpnch /ip ipsec profile add name=nordvpnch /ip ipsec ...
by datajerk
Sun May 26, 2019 7:07 pm
Forum: General
Topic: CCR1009 active-backup bonding intermittent connectivity with no load
Replies: 2
Views: 616

Re: CCR1009 active-backup bonding intermittent connectivity with no load

2nd Update. 6.44.x works if all non-primary slaves have neighbor discovery disabled.
by datajerk
Sun May 19, 2019 10:41 pm
Forum: General
Topic: CCR1009 active-backup bonding intermittent connectivity with no load
Replies: 2
Views: 616

Re: CCR1009 active-backup bonding intermittent connectivity with no load

Update.

Downgrading from 6.44.3 to 6.43.16 fixed this problem.
by datajerk
Fri May 03, 2019 4:46 pm
Forum: General
Topic: CCR1009 active-backup bonding intermittent connectivity with no load
Replies: 2
Views: 616

CCR1009 active-backup bonding intermittent connectivity with no load

I have a new CCR1009 that I've setup with active-backup bonding with two switches using the SFP+ and SFP ports. The intent is to use 10G as the primary and fail over to 1G if the 10G switch fails or is being updated. Config (no firewall, nothing else, just this): /interface ethernet set [ find defau...
by datajerk
Sun Apr 28, 2019 6:15 pm
Forum: General
Topic: Ring of switches and Vlans
Replies: 8
Views: 1213

Re: Ring of switches and Vlans

I am also having this issue. Exactly once per min my 328 gets this warning only if I have loops. In my case I have a 326 and 328 both connected to the same 10G switch. I have other networking gear with two interfaces for redundancy (they are bridges, single MAC) connected to the 326 and 328. Everyth...
by datajerk
Sun Jul 15, 2018 9:14 pm
Forum: Beginner Basics
Topic: Device connect to VLAN'd port seeing other switch MACs
Replies: 4
Views: 637

Re: Device connect to VLAN'd port seeing other switch MACs

Update. I put 6.42.6 (up from .4/.5) on all my routers and switches, firmware updates too, rebooted. Then no VLANs worked. I specifically tagged some ports, etc... got all VLANs working again. And this problem seems to have cleared itself up. I only see 2 macs now as expected.
by datajerk
Fri Jul 13, 2018 3:08 pm
Forum: Beginner Basics
Topic: Device connect to VLAN'd port seeing other switch MACs
Replies: 4
Views: 637

Re: Device connect to VLAN'd port seeing other switch MACs

Is your described CRS usage complete? E.g. are only those two ports in use? If yes, then what you describe is normal. If not, how are other ports used? Tagged, untagged, ...??? It would not be right if ether1 would "see" MAC of a device which is not downstream connected to ether1 nor is part of VLA...
by datajerk
Fri Jul 13, 2018 7:52 am
Forum: Beginner Basics
Topic: Device connect to VLAN'd port seeing other switch MACs
Replies: 4
Views: 637

Device connect to VLAN'd port seeing other switch MACs

Hi. I have a CRS326 with bridge filter vlan enabled with the following config: /interface bridge port add bridge=bridge interface=ether1 pvid=101 /interface bridge vlan add bridge=bridge tagged=sfpplus1 untagged=ether1 vlan-ids=101 This functions as expected. Untagged traffic from the device in ethe...
by datajerk
Fri Jul 06, 2018 7:32 am
Forum: General
Topic: CRS326 DHCP requests on wrong VLANs/ports
Replies: 3
Views: 561

Re: CRS326 DHCP requests on wrong VLANs/ports

Never mind. There is something wonky with my emulated internet setup. My target isp1/isp2 was another switch using VLANs, basically my CRS326 would untag out and the other switch tag in to vlans 19 and 29 (isp1 and isp2). I replaced one with another router and the problem went away. Unsure why this ...
by datajerk
Fri Jul 06, 2018 6:59 am
Forum: General
Topic: CRS326 DHCP requests on wrong VLANs/ports
Replies: 3
Views: 561

Re: CRS326 DHCP requests on wrong VLANs/ports

check for host table on bridge if you can see CCR Mac address on both vlans on sfp-plus interface and respective mac addresses of clients on respective vlan on ether1 and ether2 Yes I see the CCR sfpplus1 vlans 1,101,102 in the host table on the CSR326 bridge. I do NOT see the respective macs for e...
by datajerk
Thu Jul 05, 2018 4:47 am
Forum: General
Topic: CRS326 DHCP requests on wrong VLANs/ports
Replies: 3
Views: 561

CRS326 DHCP requests on wrong VLANs/ports

I have two ISPs (isp1, isp2) connected to a CRS326 (routeros 6.42.5) in ports ether1, ether2. My router CCR1009 is connected to CRS326 sfpplus1. My router has two vlans, vlan101, and vlan102. vlan101 and vlan102 are configured as dhcp clients on sfpplus (I have no bridge on CCR1009). On the CRS326: ...
by datajerk
Fri Jun 29, 2018 4:02 am
Forum: General
Topic: Feature requests
Replies: 1216
Views: 262174

Re: Feature requests

The woobm is awesome, but it lacks the ability to paste. Please add a "paste" button.

If you are only interested in the switch/router the woobm is connected to via USB, then use telnet instead. You're telnet client C&P will work just fine.
by datajerk
Sun Jun 24, 2018 11:00 pm
Forum: General
Topic: any reviews/comments for CRS328-24P-4S+RM or CRS112-8P-4S-IN poe switches
Replies: 9
Views: 3196

Re: any reviews/comments for CRS328-24P-4S+RM or CRS112-8P-4S-IN poe switches

I've had my CRS328 racked and in production now for > 30 days. I'm currently powering 10 SBCs (with POE splitters) and a number of ruckus APs, hexs, and hexpoes that are then powering hexs and ruckus APs. I have two outdoor ruckus APs, one of which is also powering a camera from the poe out port. Af...
by datajerk
Sat Jun 02, 2018 8:21 pm
Forum: Scripting
Topic: Traft for ARM architecture
Replies: 1
Views: 718

Re: Traft for ARM architecture

Try https://github.com/thefloweringash/tzsp2pcap instead. It is open source and currently being maintained. I use it on both Linux and MacOS without issue. e.g.: ssh router /tool sniffer set filter-interface=bridge filter-ip-address=192.168.1.41/32,192.168.1.42/32 filter-stream=yes streaming-enabled...
by datajerk
Sun May 13, 2018 2:14 am
Forum: RouterBOARD hardware
Topic: SFP module is extremely hot
Replies: 35
Views: 14201

Re: SFP module is extremely hot

Here is my workaround solution. Temperature now managed around 50C degrees. Great Idea, gotta URL for those sinks? Here is the temps for S+RJ10 in CRS210 and CRS328. Does not get that hot in CRS328. Also not too hot in CRS210 if no connection. https://i.imgur.com/tgkdr8y.jpg https://i.imgur.com/QIv...
by datajerk
Fri May 11, 2018 4:21 pm
Forum: RouterBOARD hardware
Topic: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?
Replies: 64
Views: 16339

Re: CRS328-24P-4S+RM - 24x7 fans or temperature sensitive?

I just received my CRS328 and I'm testing it now with 3 10Gb SFP and one POEaf device. My fans are audible for about 30 seconds, then quiet for 30 seconds, and so on ... Pretty annoying while testing. Eventually this will go in a rack and out of my office. It'd be nice if I could just have the fans ...
by datajerk
Tue May 01, 2018 6:14 am
Forum: General
Topic: Woobm copy/paste in console
Replies: 1
Views: 481

Re: Woobm copy/paste in console

Just received my brand news woobm. In the console i'm unable to do copy and paste. do you know how it is doable or if it's going to be a future feature ? thanks From the web interface if you click on home, then you'll be able to telnet to the woobm via the same IP you use for the web interface to g...
by datajerk
Wed Apr 04, 2018 7:51 pm
Forum: Beginner Basics
Topic: How to block dhcp from cable modem, but not from cable company
Replies: 2
Views: 656

How to block dhcp from cable modem, but not from cable company

Hi, I have two ISPs connected to my router, BigCable and BigTelco(DSL). BigCable is my primary ISP with BigTelco as my backup. This worked flawlessly, until I upgraded my cable modem. The new cable modem has an internal DHCP server that will hand the router an 192.168.100.0/24 (usually .10) address ...
by datajerk
Sun Sep 10, 2017 8:49 pm
Forum: General
Topic: 2 routers, and VLANs, ICMP works, but TCP does not work well.
Replies: 10
Views: 1222

Re: 2 routers, and VLANs, ICMP works, but TCP does not work well.

So, this is pretty much what I started with before removing the ports and vlans from the bridge on router1. The problem is that to put a vlan in a bridge I have to also put the uplink port (sfpplus1) also in the same bridge and then traffic (non-vlan) suffers ~5-10% performance hit. This is my first...
by datajerk
Sun Sep 10, 2017 7:33 pm
Forum: General
Topic: 2 routers, and VLANs, ICMP works, but TCP does not work well.
Replies: 10
Views: 1222

Re: 2 routers, and VLANs, ICMP works, but TCP does not work well.

In interface bridge vlan make sure you are adding the bridge to each vlan (likely as a tagged interface). Also, toggle VLAN filtering to on for any bridge you've setup VLANs on. With router1 and router2 move your VLAN interfaces to the bridge not the interface and adjust the bridge ports to tag or ...
by datajerk
Sun Sep 10, 2017 7:18 pm
Forum: General
Topic: 2 routers, and VLANs, ICMP works, but TCP does not work well.
Replies: 10
Views: 1222

Re: 2 routers, and VLANs, ICMP works, but TCP does not work well.

Remember that when your VLAN has the default MTU of 1500 your transporting LAN should have room for 1504 byte frames. It normally is not an issue with MikroTik equipment when directly using ethernet, but you are using bridges and 6.41RC software (not a good idea...) and it could be different there....
by datajerk
Sun Sep 10, 2017 6:03 pm
Forum: General
Topic: 2 routers, and VLANs, ICMP works, but TCP does not work well.
Replies: 10
Views: 1222

Re: 2 routers, and VLANs, ICMP works, but TCP does not work well.

Thanks for taking a look. My configs are below. Using the diagram above this is how wired: switch sfp-sfpplus1 -> router1 sfp-sfpplus1 switch ether6 -> router2 ether2 router1 ether1 -> ISP1 router2 ether1 -> ISP2 workstation -> ether17 (when testing vlan20) workstation -> ether19 (when testing defau...
by datajerk
Sat Sep 09, 2017 10:20 pm
Forum: General
Topic: 2 routers, and VLANs, ICMP works, but TCP does not work well.
Replies: 10
Views: 1222

2 routers, and VLANs, ICMP works, but TCP does not work well.

Hi, I'm having a problem with routing through a 2nd router when using VLANs. Diagram: ISP1 ISP2 | | router1 router2 \ / \ / switch----workstation ISP1 is my primary internet with a distance of 1, ISP2 is my backup with a distance of 2. My previous setup had both ISPs in a single router and it works ...
by datajerk
Tue Sep 05, 2017 11:53 pm
Forum: General
Topic: CRS326 RouterOS VLAN translation
Replies: 5
Views: 3998

Re: CRS326 RouterOS VLAN translation

Thanks. Got it working. The only difference in my config is vlan-filtering=yes.

I used the following:

https://wiki.mikrotik.com/wiki/Manual:I ... _Filtering

Thanks again.
by datajerk
Tue Sep 05, 2017 3:23 am
Forum: General
Topic: CRS326 RouterOS VLAN translation
Replies: 5
Views: 3998

Re: CRS326 RouterOS VLAN translation

Switch to the 6.41rc code that contains the new VLAN aware and hw-offload bridge. The configuration is a standardized one that is much simpler. It's the same across models. Hi, thanks. I should have mentioned that I am using 6.41rc. I am also not very familiar with how to do VLAN translation on the...
by datajerk
Mon Sep 04, 2017 11:26 pm
Forum: General
Topic: CRS326 RouterOS VLAN translation
Replies: 5
Views: 3998

CRS326 RouterOS VLAN translation

Hi, The following works with my CRS125, but not CRS326: /interface ethernet switch egress-vlan-translation add customer-vid=19 new-customer-vid=0 ports=ether16 /interface ethernet switch ingress-vlan-translation add customer-vid=0 new-customer-vid=19 ports=ether16 What is the equivalent for the 326 ...
by datajerk
Sun Jul 09, 2017 2:21 am
Forum: General
Topic: Default VLAN (1) hosts picking up DHCP addresses from router DHCP server running on VLAN (19)
Replies: 1
Views: 438

Default VLAN (1) hosts picking up DHCP addresses from router DHCP server running on VLAN (19)

Hi. I created the following config: /interface vlan add interface=bridge name=vlan19 vlan-id=19 comment="untrusted IoT" /ip address add address=192.168.19.1/24 interface=vlan19 network=192.168.19.0 /ip pool add name=untrusted_iot ranges=192.168.19.100-192.168.19.199 /ip dhcp-server add address-pool=...
by datajerk
Sun Jul 09, 2017 2:12 am
Forum: Beginner Basics
Topic: hAP ac as bridge only
Replies: 3
Views: 1227

Re: hAP ac as bridge only

IIRC, yes I bridged the LAN/WLAN ports. However I still had to run DHCP on the hAP.
by datajerk
Sun Jun 11, 2017 11:48 pm
Forum: Beginner Basics
Topic: hAP ac as bridge only
Replies: 3
Views: 1227

hAP ac as bridge only

Hi, I am trying to replace a powerline Ethernet setup with the hAP ac. Today I use powerline to bridge a Mikrotik hEX with another Mikrotik router. I have tried two different powerline setups from two different vendors and I'm not getting the performance that I can get with wifi to the same location...
by datajerk
Sun Jun 11, 2017 10:30 pm
Forum: RouterBOARD hardware
Topic: CRS326-24G-2S+RM block diagram?
Replies: 0
Views: 497

CRS326-24G-2S+RM block diagram?

Not on websites. Thanks.