Community discussions

Search found 1395 matches

by CZFan
Thu Oct 17, 2019 11:07 pm
Forum: General
Topic: Is there an new exploit going around?
Replies: 47
Views: 4893

Re: Is there an new exploit going around?

I'm not entirely convinced your (CZFan) problem has anything to do with what is being discussed here. The config changes that were made by this bot to compromised routers were VERY small and VERY simple...3 "/ip firewall [filter/nat] add" commands and that's it. -- Nathan Probably right, think some...
by CZFan
Thu Oct 17, 2019 7:29 pm
Forum: General
Topic: Is there an new exploit going around?
Replies: 47
Views: 4893

Re: Is there an new exploit going around?

This topic so far: "I heard somebody got hacked"; "Me too"; "I have no firewall and use admin user". So please: - Use latest version (at least "long-term") - If you upgraded from a vulnerable older version, make a new user and new password, delete the old user - Do not use "admin" user, ever - Send...
by CZFan
Thu Oct 17, 2019 12:08 am
Forum: General
Topic: Is there an new exploit going around?
Replies: 47
Views: 4893

Re: Is there an new exploit going around?

Hmmmm, when I updated my Hap ac2 to 6.45.5, I started getting all of a sudden lots of SSH timeout errors in log. On further investigation, all the firewall rules were broken as the in interface list item seems to have been deleted, so I suspect this started there already see topic https://forum.mikr...
by CZFan
Mon Oct 14, 2019 12:42 am
Forum: General
Topic: PPPoE Passthrough/Half Bridged
Replies: 1
Views: 187

Re: PPPoE Passthrough/Half Bridged

Is it dialup, i.e. ADSL or fiber connection? The ptoblem is going to be if the primary PPPoE (on router) is down, you will need L2 access to the secondary ISP for PPPoE to connect. On fiber, the ONT/ONU is usually configured for a specific ISP vlan, and if ADSL, the dialup will have to happen on mod...
by CZFan
Mon Oct 14, 2019 12:16 am
Forum: General
Topic: [Feature Request] allow 3 X login attempts with MAC Tel
Replies: 1
Views: 163

[Feature Request] allow 3 X login attempts with MAC Tel

Sometimes I open 20 to 30 MAC Tel sessions, then make a mistake with entering password as example, then I have to close that session and search for the MAC again, so if it will allow 3 X login attempts it would be great, I.e Putty
by CZFan
Sun Oct 13, 2019 12:54 am
Forum: Wireless Networking
Topic: Intel AC9560 - very slow
Replies: 5
Views: 605

Re: Intel AC9560 - very slow

Would you mind sending the necessary support files / config to support@mikrotik.com and share the response here?
by CZFan
Thu Oct 10, 2019 10:42 pm
Forum: General
Topic: Slow connection via mikrotik
Replies: 17
Views: 2121

Re: Slow connection via mikrotik

Maybe first test with a pc's on each side of the 2011 before replacing
by CZFan
Thu Oct 10, 2019 3:18 pm
Forum: General
Topic: Public-Mikrotik-Bandwidth-Test-Server(s)
Replies: 574
Views: 418539

Re: Public-Mikrotik-Bandwidth-Test-Server(s)

... I would like to ask for some feedback if you don't mind … --- Who and where-are-you to those who use the btest server ? --- Does the new IPv6 btest address appear to be working correctly ? --- And comments are always welcome …… North Idaho Tom Jones Hi Tom, From South Africa, I make use of this...
by CZFan
Thu Oct 10, 2019 1:47 am
Forum: Beginner Basics
Topic: Sharing the bandwidth doesn't work
Replies: 37
Views: 3383

Re: Sharing the bandwidth doesn't work

You need to elaborate on what you mean "share" with your brother. If you want to share the bandwidth dynamically, i.e. when you not using, he gets 100% and vice versa, then all you need is the below: If you both use internet, then it will dynamically share, to test, start a speed test on both pc's a...
by CZFan
Tue Oct 08, 2019 1:32 am
Forum: General
Topic: [Issue] Switch management on VLAN
Replies: 1
Views: 166

Re: [Issue] Switch management on VLAN

You need to add switch1-CPU to the management vlan config, more info here

https://wiki.mikrotik.com/wiki/Manual:C ... s_examples
by CZFan
Mon Oct 07, 2019 12:35 am
Forum: General
Topic: DHCP Clinet is working on Basic router setup but not static setup [SOLVED]
Replies: 7
Views: 2378

Re: DHCP Clinet is working on Basic router setup but not static setup [SOLVED]

What is the IP you get when using DHCP client, is it the same as what you configured statically?

The router further up might also have reply only on ARP, which will prevent you comms on network if not via DHCP
by CZFan
Fri Oct 04, 2019 11:17 pm
Forum: General
Topic: Extend dynamic VLANs to Wireless 802.1x
Replies: 5
Views: 1143

Re: Extend dynamic VLANs to Wireless 802.1x

The DHCP service must do the radius request
by CZFan
Fri Oct 04, 2019 8:55 pm
Forum: General
Topic: RouterOS-Bandwidth Test between 2 CRS328
Replies: 7
Views: 1165

Re: RouterOS-Bandwidth Test between 2 CRS328

IP addresses of the devices should be on bridge interface and not slave interface ether2.

What does Tools-->Profile show when you do transfers through the devices?
by CZFan
Fri Oct 04, 2019 7:44 pm
Forum: General
Topic: RouterOS-Bandwidth Test between 2 CRS328
Replies: 7
Views: 1165

Re: RouterOS-Bandwidth Test between 2 CRS328

can you share the full config?
by CZFan
Fri Oct 04, 2019 7:28 pm
Forum: General
Topic: RouterOS-Bandwidth Test between 2 CRS328
Replies: 7
Views: 1165

Re: RouterOS-Bandwidth Test between 2 CRS328

1. CRS devices are switches by design, and not routers, have low CPU specs.
2. You should test "through" these devices, and not from one to other
3. Depending on the configuration, i.e. firewall etc will also impact performance
by CZFan
Fri Oct 04, 2019 12:28 am
Forum: General
Topic: understanding packet sniffer
Replies: 5
Views: 650

Re: understanding packet sniffer

When you set interface in sniffer, do you use physical interface or PPPoE-out1 interface?
by CZFan
Fri Oct 04, 2019 12:06 am
Forum: General
Topic: Traceroute problem
Replies: 6
Views: 879

Re: Traceroute problem

Do not use interfaces as gateway, change this to the IP address of the gateway
by CZFan
Thu Oct 03, 2019 11:39 pm
Forum: General
Topic: Packet loss just on 443 port
Replies: 12
Views: 1374

Re: Packet loss just on 443 port

Then maybe it will s time to hire a certified consultant
by CZFan
Wed Oct 02, 2019 11:36 pm
Forum: General
Topic: MikroTik ignoring DHCP Discover Requests from devices
Replies: 11
Views: 1271

Re: MikroTik ignoring DHCP Discover Requests from devices

Have you applied at least 6.44.5 long term version?

6.40.9 is fairly old, and not sure why time is wasted on that
by CZFan
Sun Sep 29, 2019 5:20 pm
Forum: Scripting
Topic: pppoe server command line
Replies: 1
Views: 230

Re: pppoe server command line

/interface pppoe-server server remove [find where service-name="NameOfPPPoEService"]
by CZFan
Sun Sep 29, 2019 4:26 pm
Forum: Beginner Basics
Topic: Connect 2 computers KEEP WiFi intact
Replies: 12
Views: 1008

Re: Connect 2 computers KEEP WiFi intact

I suspect you problem is that you have 2 default gateways, one on each interface and due to the interface metrics, it is preferring the LAN.

Remove any gateway config from the DHCP service on the Mikrotik connecting the 2 NB's
by CZFan
Fri Sep 27, 2019 8:33 pm
Forum: General
Topic: Radius timeout - Ver 6.44
Replies: 10
Views: 1043

Re: Radius timeout - Ver 6.44

So why dont you just install 6.44.5 and test, inst5ead of "rolling" back to older version??

Also, you just post here "it is not working", not providing any configs, or packet captures, or anything. so you should not expect much in return
by CZFan
Fri Sep 27, 2019 8:26 pm
Forum: General
Topic: MikroTik ignoring DHCP Discover Requests from devices
Replies: 11
Views: 1271

Re: MikroTik ignoring DHCP Discover Requests from devices

without seeing the config, my guess would be there are no DHCP service running on VID 316
by CZFan
Fri Sep 27, 2019 8:01 pm
Forum: General
Topic: Radius timeout - Ver 6.44
Replies: 10
Views: 1043

Re: Radius timeout - Ver 6.44

It would work for a day or a week, but then it would start doing radius timeouts on new authentications. This was for a PPPoE server with about 50 sessions. Below a screenshot of active sessions on the 1036 as example, 91 active PPPoE sessions authenticated via Radius, device has been up for 58 day...
by CZFan
Wed Sep 25, 2019 7:27 pm
Forum: Beginner Basics
Topic: CLI "Not Like" [SOLVED]
Replies: 4
Views: 392

Re: CLI "Not Like" [SOLVED]

very cool dashboard thingy
by CZFan
Wed Sep 25, 2019 7:03 pm
Forum: Beginner Basics
Topic: CLI "Not Like" [SOLVED]
Replies: 4
Views: 392

Re: CLI "Not Like" [SOLVED]

Thx, geez, I would never have gotten to that :-)
Why such a complicated way, bug?
Why does it just not work the same as "Not Equal", i.e. !=?
by CZFan
Wed Sep 25, 2019 3:49 pm
Forum: Beginner Basics
Topic: CLI "Not Like" [SOLVED]
Replies: 4
Views: 392

CLI "Not Like" [SOLVED]

I am trying to find devices in neighbor where ROS is "not like" 6.44.5, but cant get this working, tried various formats...

/ip neigh pri where version!~"6.44.5"

can anyone help me out please
by CZFan
Wed Sep 25, 2019 2:34 pm
Forum: Wireless Networking
Topic: Band Steering
Replies: 17
Views: 6185

Re: Band Steering

Has anything changed re Band Steering, I have a customer asking about this?
by CZFan
Wed Sep 25, 2019 12:12 am
Forum: General
Topic: Increasing traffic
Replies: 4
Views: 717

Re: Increasing traffic

I don't think OP asked about utilization of CPU etc, but port speeds. Depending on which CCR you have, you can change PPPoE to the SFP+ port which will give you 10Gb/s capacity, if you have the SFP only model, that will at least give you 1.25Gb/s for now. Else I think you need to split traffic from ...
by CZFan
Tue Sep 24, 2019 11:32 pm
Forum: General
Topic: Radius timeout - Ver 6.44
Replies: 10
Views: 1043

Re: Radius timeout - Ver 6.44

I am running 6.44.5 long term at various sites on different devices, i.e. 3011, 1009, 1036, etc. all accessing radius without any problems
by CZFan
Sun Sep 22, 2019 11:00 pm
Forum: General
Topic: Book for advanced routing
Replies: 2
Views: 609

Re: Book for advanced routing

I am not sure you are allowed "advertising" on this forum
by CZFan
Sat Sep 21, 2019 12:13 am
Forum: General
Topic: MikroTik ignoring DHCP Discover Requests from devices
Replies: 11
Views: 1271

Re: MikroTik ignoring DHCP Discover Requests from devices

I'm experiencing some peculiar issues on 6.40.9 (we haven't upgraded just yet. We definitely plan to.)

Surely the above should be the first step before asking help?
by CZFan
Wed Sep 18, 2019 12:23 am
Forum: Beginner Basics
Topic: Hairpin not working
Replies: 30
Views: 2947

Re: Hairpin not working


He / I ....
:-)
by CZFan
Tue Sep 17, 2019 1:38 pm
Forum: General
Topic: NEW Public Bandwith Test Server
Replies: 38
Views: 16773

Re: NEW Public Bandwith Test Server

Seems to not work for me, goes into running state, but then nothing happens
Nterra Test.JPG
by CZFan
Tue Sep 17, 2019 12:07 am
Forum: General
Topic: lost internet access after upgrade
Replies: 2
Views: 388

Re: lost internet access after upgrade

The Capsman issue is cause you had the reset butted pressed for too long:
5 secs reset
10 secs Capsman mode
15 secs netinstall mode
by CZFan
Sun Sep 15, 2019 12:08 am
Forum: Beginner Basics
Topic: Redirect internal queris to Local Server
Replies: 1
Views: 311

Re: Redirect internal queris to Local Server

Either split DNS or hairpin NAT config will solve your problem
by CZFan
Sat Sep 14, 2019 12:41 pm
Forum: Beginner Basics
Topic: First config
Replies: 7
Views: 987

Re: First config

If this device is directly connect the world wide web, I suspect you might have some bigger problems as the device might already be compromised. "jan/01/2002 22:14:02 by RouterOS 6.30.4"

Read up on netinstall, then apply at least 6.44.5 long term version with netinstall.
by CZFan
Thu Sep 12, 2019 12:58 am
Forum: Scripting
Topic: FUP Allowance & Speed
Replies: 1
Views: 367

Re: FUP Allowance & Speed

I also have a need for this, so following...
by CZFan
Mon Sep 09, 2019 12:08 am
Forum: Beginner Basics
Topic: RB750, Pi-Hole and cross interface communication
Replies: 37
Views: 3008

Re: RB750, Pi-Hole and cross interface communication

If you have no firewall rules, all traffic will be accepted
by CZFan
Sat Sep 07, 2019 2:16 pm
Forum: General
Topic: Wireless redundate link with bonding
Replies: 15
Views: 1165

Re: Wireless redundate link with bonding

Can also add a device each side of the wireless devices then use RSTP will a wireless bridge pass the xSTP related frames? To be honest, I dont know, never looked into it, according to Mikrotik, it seems possible, i.e. if bridged in Stations-WDS mode you can use RSTP, etc, so I suppose it will depe...
by CZFan
Sat Sep 07, 2019 2:13 pm
Forum: Beginner Basics
Topic: Problem connecting two MikroTiks [SOLVED]
Replies: 5
Views: 719

Re: Problem connecting two MikroTiks [SOLVED]

or replace Hap AC Lite with Hap AC2?
by CZFan
Sat Sep 07, 2019 1:56 pm
Forum: General
Topic: Wireless redundate link with bonding
Replies: 15
Views: 1165

Re: Wireless redundate link with bonding

Sorry, should have stated, I never tested it, just popped in my head when I read the post, the concept is: cant draw as nice as @sindy :-) WL2---2GHz L2-----WL2 / \ ---RB1(With RSTP) RB2(With RSTP)----- \ / WL1----5GHz L2-----WL1 RB1 & 2 as a switch, i.e. all ports bridged
by CZFan
Sat Sep 07, 2019 1:43 am
Forum: General
Topic: Wireless redundate link with bonding
Replies: 15
Views: 1165

Re: Wireless redundate link with bonding

Can also add a device each side of the wireless devices then use RSTP
by CZFan
Sat Sep 07, 2019 1:26 am
Forum: General
Topic: Port Forwarding on ECMP Balancing
Replies: 10
Views: 1126

Re: Port Forwarding on ECMP Balancing

Mangle rules should be in pre-routing chain
by CZFan
Sat Sep 07, 2019 1:07 am
Forum: Beginner Basics
Topic: Problem connecting two MikroTiks [SOLVED]
Replies: 5
Views: 719

Re: Problem connecting two MikroTiks [SOLVED]

Hap AC lite only has fast Ethernet ports(100Mb/s), what port is on media converter?
by CZFan
Sat Sep 07, 2019 12:05 am
Forum: Beginner Basics
Topic: NAT problems - Xbox One and Nintendo Switch
Replies: 32
Views: 3407

Re: NAT problems - Xbox One and Nintendo Switch

Not at laptop now, but the interfaces are just which is internal and which is external, i.e. In my case, PPPoE interface is external and bridge is internal

UPnP will dynamically create the relevant NAT rules, hence the warning, internal devices can open network access to the outside world
by CZFan
Fri Sep 06, 2019 11:00 pm
Forum: General
Topic: can ping IP from router but clients cannot access IP
Replies: 9
Views: 687

Re: can ping IP from router but clients cannot access IP

couple of irregularities in your config, my suggestion will be for you to correct these before moving forward, e.g. 1. LAN Gateway IP address/network on router is a /24, but DHCP clients get issued a /8, routing is based on networks, no host info. 2. Instead of having 2 totally different IPs on the ...
by CZFan
Fri Sep 06, 2019 8:00 pm
Forum: General
Topic: can ping IP from router but clients cannot access IP
Replies: 9
Views: 687

Re: can ping IP from router but clients cannot access IP

Then, time is now to post results of "/export hide-sensitive" here, (BETWEEN CODE BRACKETS)
by CZFan
Fri Sep 06, 2019 1:28 pm
Forum: Scripting
Topic: Parse ping result
Replies: 3
Views: 683

Re: Parse ping result

And I want receive ping result with percent and time sent=2 received=2 packet-loss=0% min-rtt=0ms avg-rtt=0ms max-rtt=0ms How can i do this? packet loss/success percent is easy to pull off: :local totalsent 10 :local success [/ping count=$totalsent x.x.x.x ] :put ($success * 100 / $totalsent) due t...
by CZFan
Fri Sep 06, 2019 11:38 am
Forum: Wireless Networking
Topic: How to optimize CAPsMan? [SOLVED]
Replies: 6
Views: 849

Re: How to optimize CAPsMan? [SOLVED]

@mrmut Thank you for such detailed feedback
by CZFan
Fri Sep 06, 2019 1:54 am
Forum: General
Topic: Cannot pppoe if not connected to the bridge of provider's mikrotik
Replies: 7
Views: 488

Re: Cannot pppoe if not connected to the bridge of provider's mikrotik

If info in post above is accurate, then you can't get 500 up as all interfaces of hex lite is 100 mbs
by CZFan
Fri Sep 06, 2019 1:26 am
Forum: General
Topic: Remote Access & Port Forward Over L2TP [SOLVED]
Replies: 4
Views: 503

Re: Remote Access & Port Forward Over L2TP [SOLVED]

You might have to do some src NATing on R1 side for WAN client in order for other side to return packets via R1
by CZFan
Fri Sep 06, 2019 1:19 am
Forum: General
Topic: can ping IP from router but clients cannot access IP
Replies: 9
Views: 687

Re: can ping IP from router but clients cannot access IP

No, I meant that does the 172 device know where to send packets destined for 192 range, i.e. DHCP range?

As a test, add nat rule below and test again from DHCP client
Add chain=srcnat action=masquerade out-interface=eth01_uplink
by CZFan
Fri Sep 06, 2019 12:43 am
Forum: General
Topic: can ping IP from router but clients cannot access IP
Replies: 9
Views: 687

Re: can ping IP from router but clients cannot access IP

Does the device 172.21.54.101 have a route back to the DHCP range?
by CZFan
Fri Sep 06, 2019 12:28 am
Forum: Beginner Basics
Topic: Can't Access RB2011 after initial setup
Replies: 1
Views: 301

Re: Can't Access RB2011 after initial setup

My first suggestion will be, make sure Winbox version is 3.19

Then it sounds like you are doing config via quickset, suggest you don't and do config manually
by CZFan
Thu Sep 05, 2019 11:58 pm
Forum: General
Topic: Cannot pppoe if not connected to the bridge of provider's mikrotik
Replies: 7
Views: 488

Re: Cannot pppoe if not connected to the bridge of provider's mikrotik

Why change it, if it works and you get your full speed, leave it and allow them to monitor the link.

Then as to why, they probably have vlan config on the hex
by CZFan
Thu Sep 05, 2019 9:37 pm
Forum: Beginner Basics
Topic: Cannot get LTE to work
Replies: 1
Views: 291

Re: Cannot get LTE to work

Are you sure you bought the correct model, I.e. There are 2 X SXT LTE models, supporting different LTE bands?
by CZFan
Thu Sep 05, 2019 8:34 pm
Forum: Beginner Basics
Topic: Convert Wifi to Wired
Replies: 4
Views: 540

Re: Convert Wifi to Wired

I use my hAP AC Lite as travel router. Mostly using a wireless backhaul. Works perfectly, haven't had problems on connecting to any wireless network yet. So I fully disagree with @mkx (based on my experience). I suspect that is not the same thing what mkx is talking about, I suspect you are connect...
by CZFan
Thu Sep 05, 2019 7:00 pm
Forum: Beginner Basics
Topic: Change DDNS name (Mikrotik cloud)
Replies: 10
Views: 1062

Re: Change DDNS name (Mikrotik cloud)

You can still choose, if you want to do it for free, there is always No-IP DDNS service which is free. You might not be concerned re security, but the next person is, and his IT knowledge may not be up to scratch, then he will also blame Mikrotik, so where do you draw the line? I dont think there is...
by CZFan
Thu Sep 05, 2019 6:34 pm
Forum: Beginner Basics
Topic: NAT problems - Xbox One and Nintendo Switch
Replies: 32
Views: 3407

Re: NAT problems - Xbox One and Nintendo Switch

My son plays xbox with other players on www, only have Mikrotik in my house :-) The OPs problem is all the NATs along the path Can you post your settings for xbox as I cannot get my guest to play games against others over the internet :-( Also can you list which games specifically work? Have nothin...
by CZFan
Thu Sep 05, 2019 6:07 pm
Forum: Wireless Networking
Topic: How to optimize CAPsMan? [SOLVED]
Replies: 6
Views: 849

Re: How to optimize CAPsMan? [SOLVED]

Not CapsMan as such, but crowded WiFi issue, see topic viewtopic.php?f=7&t=151772&p=748156#p748156

Still studying the doc and planning deployment...
by CZFan
Thu Sep 05, 2019 1:14 pm
Forum: SwOS
Topic: SwOS version 2.10 released!
Replies: 3
Views: 775

Re: SwOS version 2.10 released!

i think is better to wait the official announcement

Agree, they might want to withdraw the new version, etc
by CZFan
Thu Sep 05, 2019 12:38 pm
Forum: Beginner Basics
Topic: Change DDNS name (Mikrotik cloud)
Replies: 10
Views: 1062

Re: Change DDNS name (Mikrotik cloud)

Thank you for your kind answer. I hope one day MIkrotik may enable the name editing, like ASUS does already for its routers. I don't see reasons to don't let us do it..

As far as I know, ASUS, etc uses things like DynDns, etc, and you are welcome to use those also on Mikrotik
by CZFan
Thu Sep 05, 2019 12:22 pm
Forum: Beginner Basics
Topic: Cannot get simple VLAN to work on CRS317 ☹
Replies: 24
Views: 2151

Re: Cannot get simple VLAN to work on CRS317 ☹

Lets 1st setup management access for CRS (Using Vlan 123 as example) /interface bridge add fast-forward=no frame-types=admit-only-vlan-tagged ingress-filtering=yes name=bridge1 vlan-filtering=yes /interface vlan add interface=bridge1 name=MGMT vlan-id=123 /ip address add address=10.1.2.3/24 interfac...
by CZFan
Wed Sep 04, 2019 11:44 pm
Forum: Beginner Basics
Topic: Two routers two WANs (WAN and LTE) failover help needed
Replies: 4
Views: 571

Re: Two routers two WANs (WAN and LTE) failover help needed

Also keep in mind that should internet access fail over to USB LTE connection, you will lose incoming traffic such as port forwarding, VPN, etc
by CZFan
Wed Sep 04, 2019 11:10 pm
Forum: Wireless Networking
Topic: How to optimize CAPsMan? [SOLVED]
Replies: 6
Views: 849

Re: How to optimize CAPsMan? [SOLVED]

This was posted as a reply to one of my wifi questions recently, might help you
https://mum.mikrotik.com/presentations/ ... 286214.pdf
by CZFan
Wed Sep 04, 2019 10:31 pm
Forum: Beginner Basics
Topic: Where do you report a bug?
Replies: 12
Views: 1186

Re: Where do you report a bug?

So the Barman says to the Hap AC, "hey, your IP address should have the CIDR notation, not your subnet mask"

Something else, DHCP scope should not include X.x.x.31, that is the broadcast address for /27, and routeros typically assigns IPs from high to low, so maybe you were issued .31 IP
by CZFan
Wed Sep 04, 2019 10:20 pm
Forum: Beginner Basics
Topic: Cannot get simple VLAN to work on CRS317 ☹
Replies: 24
Views: 2151

Re: Cannot get simple VLAN to work on CRS317 ☹

If you are the trying to ping from the CRS device, then the IP address must be on vlan123 and not the bridge
by CZFan
Tue Sep 03, 2019 11:34 pm
Forum: Beginner Basics
Topic: NAT problems - Xbox One and Nintendo Switch
Replies: 32
Views: 3407

Re: NAT problems - Xbox One and Nintendo Switch

My son plays xbox with other players on www, only have Mikrotik in my house :-)

The OPs problem is all the NATs along the path
by CZFan
Tue Sep 03, 2019 9:42 pm
Forum: Beginner Basics
Topic: Cannot get simple VLAN to work on CRS317 ☹
Replies: 24
Views: 2151

Re: Cannot get simple VLAN to work on CRS317 ☹

Hello, I am making some progress …….. that is to say ….. I know what is going wrong …… I discovered IMHO a very obscure CRS behavoir. - I can ARP ping the other side (the gateway), using the ping tool (arp ping) and the test pc - but I can not (IP) ping the other side !! So level-2 is OK, but I can...
by CZFan
Tue Sep 03, 2019 9:02 pm
Forum: Beginner Basics
Topic: Forwarding traffic
Replies: 4
Views: 607

Re: Forwarding traffic

You have not provided much info, and from what you have mentioned, I am not sure why L2 is a must. Both printing and VoIP can work across a L3 network. So I would use IPSec site to site (IKE) VPN between offices, configure the phones as an "External Extension", but routed across the VPN link, i.e. p...
by CZFan
Tue Sep 03, 2019 8:46 pm
Forum: Wireless Networking
Topic: Need help with WiFi in Apartments/Flats
Replies: 7
Views: 884

Re: Need help with WiFi in Apartments/Flats

https://mum.mikrotik.com/presentations/ ... 286214.pdf

Above link should be of immense help in solving the WiFi issues.
Thx, some serious RF Knowledge there (Ron Touw)
by CZFan
Mon Sep 02, 2019 10:11 pm
Forum: Wireless Networking
Topic: Need help with WiFi in Apartments/Flats
Replies: 7
Views: 884

Re: Need help with WiFi in Apartments/Flats

Sounds like one is screwed to provide a decent service per room at least wirelessly. ... It is a bit of a " damned if you do and damned if you don't " situation. The customers want to sit in their bedroom and get the full speed of the internet they pay for on wifi, so if you set settings accordingl...
by CZFan
Mon Sep 02, 2019 1:29 pm
Forum: Wireless Networking
Topic: Need help with WiFi in Apartments/Flats
Replies: 7
Views: 884

Need help with WiFi in Apartments/Flats

Hi, I need some help as per subject line. Have an estate where +- 1500 Mikrotik units are deployed at each Apartment / Flat, 99% of these Mikrotiks are Hap Lites with the odd Hap AC2 here and there. The problem is, some of these apartments/flats are very small, i.e. 1 bedroom units with only a singl...
by CZFan
Mon Sep 02, 2019 12:02 am
Forum: Beginner Basics
Topic: Cannot access gateway from LAN [SOLVED]
Replies: 2
Views: 407

Re: Cannot access gateway from LAN [SOLVED]

Do you have default gateway and / or DNS for client devices in DHCP?
by CZFan
Sun Sep 01, 2019 11:38 pm
Forum: Beginner Basics
Topic: Forwarding traffic
Replies: 4
Views: 607

Re: Forwarding traffic

Personally, I would not use DHCP across the tunnel, if main site is down for long period, it will mean remote site internet access, local network printing, etc, will also be down.
Then issue DHCP from local routers and specify relevant gateway in scopes
by CZFan
Sun Sep 01, 2019 9:41 pm
Forum: Announcements
Topic: v6.45.5 [stable] is released!
Replies: 54
Views: 15754

Re: v6.45.5 [stable] is released!

Upgraded Hap AC2 to 6.45.5 and getting ssh auth messages in log I did not get before 14:39:22 ssh,info auth timeout 14:39:23 ssh,info auth timeout 14:45:45 ssh,info auth timeout 14:46:37 ssh,info auth timeout 14:53:13 ssh,info auth timeout 14:53:13 ssh,info auth timeout 14:56:28 ssh,info auth timeo...
by CZFan
Sat Aug 31, 2019 10:27 pm
Forum: Announcements
Topic: v6.45.5 [stable] is released!
Replies: 54
Views: 15754

Re: v6.45.5 [stable] is released!

Upgraded Hap AC2 to 6.45.5 and getting ssh auth messages in log I did not get before 14:39:22 ssh,info auth timeout 14:39:23 ssh,info auth timeout 14:45:45 ssh,info auth timeout 14:46:37 ssh,info auth timeout 14:53:13 ssh,info auth timeout 14:53:13 ssh,info auth timeout 14:56:28 ssh,info auth timeo...
by CZFan
Sat Aug 31, 2019 8:12 pm
Forum: Announcements
Topic: v6.45.5 [stable] is released!
Replies: 54
Views: 15754

Re: v6.45.5 [stable] is released!

Upgraded Hap AC2 to 6.45.5 and getting ssh auth messages in log I did not get before 14:39:22 ssh,info auth timeout 14:39:23 ssh,info auth timeout 14:45:45 ssh,info auth timeout 14:46:37 ssh,info auth timeout 14:53:13 ssh,info auth timeout 14:53:13 ssh,info auth timeout 14:56:28 ssh,info auth timeou...
by CZFan
Fri Aug 30, 2019 11:53 pm
Forum: General
Topic: Trace Error - HELP!
Replies: 1
Views: 234

Re: Trace Error - HELP!

2nd one seems to be routing out to the Internet, best will be to provide the full config of both routers "between code brackets"
by CZFan
Fri Aug 30, 2019 1:13 am
Forum: General
Topic: And now?
Replies: 3
Views: 465

Re: And now?

Thx sebastia, but it was more of a [sarcasm on][/sarcasm off] post for the people bashing Mikrotik for releasing security fixes, etc just to show bigger brands are not immune
by CZFan
Thu Aug 29, 2019 11:59 pm
Forum: General
Topic: Bridge VLAN Filtering help [SOLVED]
Replies: 22
Views: 1992

Re: Bridge VLAN Filtering help [SOLVED]

It did not make sense to me that a access port can be a member of mulipless VLAN's, so I just read up on d-links asymmetrical vlan, and all it is is a hybrid port, which Mikrotik already does. Or am I missing something? EDIT: Nevermind, found another article, and it sounds quite cool, in a nutshell,...
by CZFan
Thu Aug 29, 2019 11:39 pm
Forum: General
Topic: And now?
Replies: 3
Views: 465

And now?

by CZFan
Thu Aug 29, 2019 11:07 pm
Forum: Beginner Basics
Topic: VLAN between two routers. Can it work!? If so how?
Replies: 9
Views: 857

Re: VLAN between two routers. Can it work!? If so how?

If the PCC and NAS are same vlan, then your config is wrong
by CZFan
Thu Aug 29, 2019 11:01 pm
Forum: Beginner Basics
Topic: tag all untagged traffic - can't get it working
Replies: 12
Views: 968

Re: tag all untagged traffic - can't get it working

Where hybrid ports are possible, the "always strip" will only remove the tag that matches the pvid of the port, other tags will stay
by CZFan
Mon Aug 26, 2019 11:03 pm
Forum: Scripting
Topic: Remove src-address via script... [SOLVED]
Replies: 2
Views: 374

Remove src-address via script... [SOLVED]

I have client devices that have their LAN address range as src-address, want to run a script that will remove / disable the src-address field and set the out interface as WAN interface list. I tired the following, but it tells me it needs an address range, which sounds logical, but how do I then rem...
by CZFan
Mon Aug 26, 2019 5:37 pm
Forum: Scripting
Topic: Trying to download json file via ftp [SOLVED]
Replies: 3
Views: 477

Re: Trying to download json file via ftp [SOLVED]

@SIB,

Thank you, looks like that "poll" error translates into a permissions problem, tested with admin user and worked.
by CZFan
Mon Aug 26, 2019 1:14 pm
Forum: Scripting
Topic: Trying to download json file via ftp [SOLVED]
Replies: 3
Views: 477

Re: Trying to download json file via ftp [SOLVED]

To provide more info, below is what works: :local UpdateFile {"Hap-Lite/ppp-6.44.3-smips.npk";"Hap-Lite/security-6.44.3-smips.npk";"Hap-Lite/tr069-client-6.44.3-smips.npk";"Hap-Lite/wireless-6.44.3-smips.npk";"Hap-Lite/advanced-tools-6.44.3-smips.npk";"Hap-Lite/dhcp-6.44.3-smips.npk";"Hap-Lite/syste...
by CZFan
Sun Aug 25, 2019 11:30 pm
Forum: Beginner Basics
Topic: MikroTik HAP AC2 WebFig configuration unreachable [SOLVED]
Replies: 3
Views: 514

Re: MikroTik HAP AC2 WebFig configuration unreachable [SOLVED]

Switch off power to device, press and hold reset button and while doing this switch on power to device hold for approx 5 seconds , release reset button,

That should do the t
by CZFan
Sun Aug 25, 2019 11:02 pm
Forum: Scripting
Topic: Trying to download json file via ftp [SOLVED]
Replies: 3
Views: 477

Trying to download json file via ftp [SOLVED]

Hi, I created 2 scripts, one to download ROS update files from another MT router and another to download a webfig skin json file, both via ftp The download of the package files work great, but using the exact same command for the json file fails with poll error. Is there anything special about the s...
by CZFan
Sat Aug 24, 2019 1:46 am
Forum: General
Topic: Hap Ac 2, not capable of 1Gbit transfer
Replies: 11
Views: 1197

Re: Hap Ac 2, not capable of 1Gbit transfer

I don't think it is the device, but maybe the config or something in the environment. My suggestion will be go back to basics, the beginning, do factory default the device and test. Pending results, you should do further troubleshooting and keep support@mikrotik.com in the loop. Also post updates he...
by CZFan
Thu Aug 22, 2019 11:56 pm
Forum: General
Topic: Hap Ac 2, not capable of 1Gbit transfer
Replies: 11
Views: 1197

Re: Hap Ac 2, not capable of 1Gbit transfer

I think the firewall rules can be improved on, I.e order by moving established/related rules to top of chain

Have you tried by setting flow control to off?
by CZFan
Wed Aug 21, 2019 12:26 am
Forum: General
Topic: question about CCR 1072 CPU
Replies: 3
Views: 525

Re: question about CCR 1072 CPU

Electronic equipment like to run as cold as possible, when increasing the frequency/ clock speed, the chip will run hotter and shorten its life
by CZFan
Tue Aug 20, 2019 11:56 pm
Forum: General
Topic: Slow Gbit speed with Mikrotik hex S
Replies: 15
Views: 1442

Re: Slow Gbit speed with Mikrotik hex S

Use ether1 with ether2 or 4
by CZFan
Fri Aug 16, 2019 9:28 pm
Forum: General
Topic: Not access site local
Replies: 2
Views: 300

Re: Not access site local

by CZFan
Fri Aug 16, 2019 9:25 pm
Forum: General
Topic: help me ! vpn lan to lan
Replies: 1
Views: 216

Re: help me ! vpn lan to lan

Add routes on both sides for the other sides subnet
by CZFan
Fri Aug 16, 2019 9:20 pm
Forum: General
Topic: PPOE AND VLANS
Replies: 1
Views: 232

Re: PPOE AND VLANS

Can't see your image
by CZFan
Fri Aug 16, 2019 9:17 pm
Forum: General
Topic: Access from the Internet
Replies: 23
Views: 1439

Re: Access from the Internet

You will not be able to access"All AP's" directly on port 443, i.e. Port Forwarding / Dst NAT.

Use VPN access, and then access APs via private IP:443
by CZFan
Fri Aug 16, 2019 12:21 am
Forum: General
Topic: ROS cant reach the internet, Local clients can
Replies: 3
Views: 483

Re: ROS cant reach the internet, Local clients can

Did not study config you posted, but will suggest you clean up the mangle rules, you have passthrough yes on all, and packets might change again with following mangle rule and results end up not as expected
by CZFan
Thu Aug 15, 2019 12:42 am
Forum: Beginner Basics
Topic: NAT problems - Xbox One and Nintendo Switch
Replies: 32
Views: 3407

Re: NAT problems - Xbox One and Nintendo Switch

If you have hired a company to do the installation, then surely they must correct the problem / design of the network?

Alternatively, my suggestion will be to hire a Mikrotik Certified Consultant in your area. https://mikrotik.com/consultants
See above
by CZFan
Wed Aug 14, 2019 12:45 am
Forum: Beginner Basics
Topic: File download block?
Replies: 25
Views: 2485

Re: File download block?

@Sob, my brain is tired, been fighting with L2 fiber provider all day for poor service, but just so I can follow, I can't see what is wrong in the webfig, it shows 1970k instead of 1970000, which seems to be correct according to my current tired brain?
by CZFan
Mon Aug 12, 2019 5:48 pm
Forum: Beginner Basics
Topic: File download block?
Replies: 25
Views: 2485

Re: File download block?

@pe1chl, also true
by CZFan
Mon Aug 12, 2019 4:14 pm
Forum: Beginner Basics
Topic: File download block?
Replies: 25
Views: 2485

Re: File download block?

Yes, I am aware of that, but how do the others do it, at train stations, airports ... ? a few weeks ago I set up a WLAN connection at the airport and I couldn't download any files. So there has to be a solution. I doubt they were able to block files download over an HTTPS connection. Only whole dom...
by CZFan
Sun Aug 11, 2019 4:17 pm
Forum: Beginner Basics
Topic: DYnamic Source Natting or Nat Pooling
Replies: 1
Views: 290

Re: DYnamic Source Natting or Nat Pooling

Have not looked deep into this, but you can maybe try something like this: /ip firewall nat add action=src-nat chain=srcnat out-interface-list=WAN src-address=10.200.200.10-10.200.200.250 to-addresses=10.20.30.40 add action=src-nat chain=srcnat out-interface-list=WAN src-address=10.200.201.10-10.200...
by CZFan
Sun Aug 11, 2019 3:29 pm
Forum: Beginner Basics
Topic: VPN -> Lan Devices.
Replies: 2
Views: 383

Re: VPN -> Lan Devices.

It sounds like a routing problem, so either the vpn client does not know where to send packets for dst 192.168.88.0/x or internal devices does not know where to send these back to, doubt it is the latter though as they should have a default gateway if they access the internet. Make sure you have a r...
by CZFan
Fri Aug 09, 2019 12:05 am
Forum: General
Topic: unknow packets broadcasted
Replies: 3
Views: 435

Re: unknow packets broadcasted

I suspect (R)STP packets, but best is sniff packets to be sure
by CZFan
Thu Aug 08, 2019 1:00 am
Forum: General
Topic: RB951G-2HnD dissapears
Replies: 4
Views: 491

Re: RB951G-2HnD dissapears

I suspect these devices were hacked, hence going offline due to the very old version.

My suggestion will to build a l2 link to the CRs, then connect these faulty ones to crs and do a netinstall across the l2 link
by CZFan
Sun Aug 04, 2019 12:10 am
Forum: General
Topic: Issues with SSTP connection [SOLVED]
Replies: 14
Views: 1391

Re: Issues with SSTP connection [SOLVED]

IIRC, RoS can inject routes if you connecting from a Mikrotik client, but don't think it can for Windows client. You will have to disable remote gateway and add routes manually to Windows clients for split tunneling.

For me personally routing all traffic via VPN while VPN is active is safer
by CZFan
Sat Aug 03, 2019 11:06 pm
Forum: General
Topic: Winbox dicovery behind NAT [SOLVED]
Replies: 3
Views: 546

Re: Winbox dicovery behind NAT [SOLVED]

MNDP works on Layer 2, i.e. broadcast domain, cant cross Layer 3 network
by CZFan
Sat Aug 03, 2019 10:37 pm
Forum: General
Topic: Issues with SSTP connection [SOLVED]
Replies: 14
Views: 1391

Re: Issues with SSTP connection [SOLVED]

Change proxy-arp back to enable

On Windows 10 VPN client config, is "Use default gateway on remote network" enabled / ticked? if not, enable it and test again.

If still problems, post results of "tracert -d 10.0.0.1" from Windows client with VPN established
by CZFan
Sat Aug 03, 2019 6:39 pm
Forum: General
Topic: Issues with SSTP connection [SOLVED]
Replies: 14
Views: 1391

Re: Issues with SSTP connection [SOLVED]

I dont know if you are trying to setup L2TP manually over IPSec, but I don't see " ipsec-secret="My-Preshared-Secret" one-session-per-host=yes use-ipsec=required " in config line as per export: /interface l2tp-server server set authentication=mschap2 default-profile=VPN-L2TP enabled=yes \ keepalive-...
by CZFan
Fri Aug 02, 2019 10:05 pm
Forum: General
Topic: Very simple VLAN
Replies: 16
Views: 1446

Re: Very simple VLAN

My suggestion will then be place that SSID on a separate vlan, issue a different subnet via DHCP to those clients on the vlan and config routing for that subnet
by CZFan
Fri Aug 02, 2019 9:59 pm
Forum: General
Topic: Issues with SSTP connection [SOLVED]
Replies: 14
Views: 1391

Re: Issues with SSTP connection [SOLVED]

Not at laptop at the moment, will have deeper look into config tomorrow morning.

Off the bat I will change the 172.0.0.0/x IPs, these are outside the private IP range scope, use 172.16.x.x - 172.31.x.x instead
by CZFan
Fri Aug 02, 2019 12:21 am
Forum: General
Topic: Issues with SSTP connection [SOLVED]
Replies: 14
Views: 1391

Re: Issues with SSTP connection [SOLVED]

If remote client is getting same IP range as per internal network where VPN server is, then you will need to enable proxy arp on LAN facing interface on VPN server.

Else post full export hide-sensitive here between code brackets
by CZFan
Thu Aug 01, 2019 11:40 pm
Forum: General
Topic: Very simple VLAN
Replies: 16
Views: 1446

Re: Very simple VLAN

Not sure if information missing, or maybe I don't fully understand requirements, but if you have an address list of source IPs, then these are already distinguished on the Mikrotik, why the need to complicate things with VLAN's? All then needed is policy based routing on source address list to go vi...
by CZFan
Thu Aug 01, 2019 12:07 am
Forum: Beginner Basics
Topic: No internet on LAN - hex rb750gr3 with E3372
Replies: 12
Views: 1164

Re: No internet on LAN - hex rb750gr3 with E3372

Besides what @mkx said, I don't see where the client devices get DNS config from.

Add DNS server IPs under DHCP server networks
by CZFan
Wed Jul 31, 2019 11:48 pm
Forum: Beginner Basics
Topic: RouterOS - SFP+ very low speed (crs328-24p-4s+rm)
Replies: 2
Views: 472

Re: RouterOS - SFP+ very low speed (crs328-24p-4s+rm)

Try downgrading to 6.44.5 long term version, suggest using netinstall to do downgrade
by CZFan
Wed Jul 31, 2019 11:38 pm
Forum: Beginner Basics
Topic: Disabling o removing DNS Dynamic Servers
Replies: 16
Views: 1407

Re: Disabling o removing DNS Dynamic Servers

Try version 6.44.5 long term
by CZFan
Wed Jul 31, 2019 11:27 pm
Forum: General
Topic: Issues with SSTP connection [SOLVED]
Replies: 14
Views: 1391

Re: Issues with SSTP connection [SOLVED]

Firstly, why incoming firewall rules for port 53? You are going to become a target for DNS amplification attacks.

Then read through below for SSTP config:

https://wiki.mikrotik.com/wiki/SSTP_step-by-step
https://wiki.mikrotik.com/wiki/Manual:Interface/SSTP
by CZFan
Wed Jul 31, 2019 11:20 pm
Forum: General
Topic: Unable to get more than 175 IP's
Replies: 18
Views: 1694

Re: Unable to get more than 175 IP's

My suggestion will be for you to attend MTCNA training at an accredit Mikrotik trainer or hire services of a certified Mikrotik consultant
by CZFan
Wed Jul 31, 2019 10:41 pm
Forum: General
Topic: two mikrotik server
Replies: 1
Views: 292

Re: two mikrotik server

by CZFan
Wed Jul 31, 2019 12:20 am
Forum: General
Topic: Group Create for user
Replies: 2
Views: 397

Re: Group Create for user

Dear all,

How to create new user who can't access ip>firewall in winbox not web. please suggest me.

Nazim Uddin

Don't think you can limit this with Winbox, only with webfig skin
by CZFan
Wed Jul 31, 2019 12:03 am
Forum: General
Topic: Testing for packetloss between DC
Replies: 2
Views: 370

Re: Testing for packetloss between DC

Personally I would rather connect a pc / laptop at each side and use something like iperf to test
by CZFan
Mon Jul 29, 2019 8:19 pm
Forum: Wireless Networking
Topic: Strange problem with Wireless
Replies: 5
Views: 683

Re: Strange problem with Wireless

Start by providing the full config here between code brackets using command "export hide-sensitive" in Terminal
by CZFan
Mon Jul 29, 2019 7:32 pm
Forum: General
Topic: PPPoE Session packets being broadcast?? [SOLVED]
Replies: 40
Views: 2277

Re: PPPoE Session packets being broadcast?? [SOLVED]

This problem has been resolved, caused by a loop in the network

Thx to extremely knowledgeable forum member @sindy.
by CZFan
Sat Jul 27, 2019 10:51 pm
Forum: Announcements
Topic: v6.45.2 [stable] is released!
Replies: 206
Views: 35892

Re: v6.45.2 [stable] is released!

SFP+ on 4011 broken. Please pull the update. I have had two switches go offline due to this update. Did you do the "Wireless Reset" as mentioned in previous version (6.45.1) change log? *) rb4011 - fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset re...
by CZFan
Tue Jul 23, 2019 11:50 pm
Forum: Beginner Basics
Topic: problem to reach some websites [SOLVED]
Replies: 20
Views: 1875

Re: problem to reach some websites [SOLVED]

So you say this rule in may router is the root cause? /ip firewall filter add action=drop chain=input comment="Drop ICMP on outside IF" in-interface=ether1 protocol=icmp But how come that one VLAN is ok and other is not? Why did a firmware upgrade solve the problem? That rule is on input chain, so ...
by CZFan
Tue Jul 23, 2019 10:57 pm
Forum: General
Topic: VPN (L2TP/IPsec) to VLAN
Replies: 8
Views: 2285

Re: VPN (L2TP/IPsec) to VLAN

Just following this really helpful thread as I have a similar configuration project for multiple L2tp users, however - /ppp secret set [find name=a1] remote-address=pg_A set [find name=a2] remote-address=pg_A set [find name=b1] remote-address=pg_B does not work on mine (version 6.44.5). It appears ...
by CZFan
Sun Jul 21, 2019 12:34 am
Forum: Beginner Basics
Topic: RouterOS - Route traffic through specific gateway problem
Replies: 5
Views: 672

Re: RouterOS - Route traffic through specific gateway problem

Start by getting routing only working first, I.e disable mangle and route marking rules.
Once routing is still not working, then troubleshoot from there, if working, then add mangle rules and see where it breaks
by CZFan
Sat Jul 20, 2019 11:56 pm
Forum: Scripting
Topic: How to check if array is empty [SOLVED]
Replies: 3
Views: 696

Re: How to check if array is empty [SOLVED]

Thx to both, selected Jotne's post as solution due to it being more "complete"
by CZFan
Sat Jul 20, 2019 3:00 pm
Forum: Scripting
Topic: How to check if array is empty [SOLVED]
Replies: 3
Views: 696

How to check if array is empty [SOLVED]

Hi,

How can I check if an array is empty, e.g. I would like to:

If array is empty, do "Log Message 1"
else
do "Log Message 2"
by CZFan
Sat Jul 20, 2019 2:11 pm
Forum: General
Topic: hAP-Lite throughput and HDD memory woes
Replies: 3
Views: 536

Re: hAP-Lite throughput and HDD memory woes

I forgot to add to my post, the speeds were via PPPoE->VLAN connection.

Maybe put config (export hide-sensitive) here, we can pick up a typo error or something
by CZFan
Sat Jul 20, 2019 1:23 am
Forum: General
Topic: hAP-Lite throughput and HDD memory woes
Replies: 3
Views: 536

Re: hAP-Lite throughput and HDD memory woes

The space issue is not a big thing, just download the separate packages and apply them. There is a thread that discussed that topic on this forum. Regarding speed issues, I have an install base of about 1200 Hap Lite's, speed I get through them is 100mb/s when connected wired, and between 60 and 65 ...
by CZFan
Mon Jul 15, 2019 10:44 pm
Forum: Beginner Basics
Topic: Network isolation using VRF?
Replies: 8
Views: 761

Re: Network isolation using VRF?

Some experience i had with some other routers, the general setup is that if u have 2 networks, they wont see each other until you do routing. But Mikrotik for some reason does this for you. So to break this link all i did was: /ip route rule add action=drop dst-address=192.168.aa.0/24 src-address=1...
by CZFan
Sat Jul 13, 2019 1:22 pm
Forum: Forwarding Protocols
Topic: VPN Prob
Replies: 3
Views: 543

Re: VPN Prob

2 Things:
1. I am not sure if someone here on this public forum is going to help you circumvent the laws of the country
2. Cant do / suggest anything if you do not provide more info, i.e. current config
by CZFan
Sat Jul 13, 2019 1:07 am
Forum: General
Topic: VLAN VRRP
Replies: 18
Views: 1459

Re: VLAN VRRP

Trust you will make a quick and full recovery @sindy
by CZFan
Sat Jul 13, 2019 12:50 am
Forum: General
Topic: CRS3xx hardware offload with split-horizon? or similar setup?
Replies: 6
Views: 567

Re: CRS3xx hardware offload with split-horizon? or similar setup?

It shows on my CRS326 running 6.44.3
by CZFan
Sat Jul 13, 2019 12:37 am
Forum: General
Topic: IPSEC Traffic Flow
Replies: 3
Views: 391

Re: IPSEC Traffic Flow

I suspect your problem is due to what I call "The lazy mans" routing, i.e. NATing, packets are being src NATed one direction and gets to destination and back, but from destination routing is failing.

But as per @sindy, very difficult to say exactly where problem is without more info
by CZFan
Fri Jul 12, 2019 1:37 am
Forum: Wireless Networking
Topic: Single VLAN Bridge to Bridge [SOLVED]
Replies: 3
Views: 585

Re: Single VLAN Bridge to Bridge [SOLVED]

You should be looking at using a single bridge, then separating the staff and guest networks using VLAN's and firewall rules.

Below article should help
https://wiki.mikrotik.com/wiki/Manual:Bridge_VLAN_Table
by CZFan
Tue Jul 09, 2019 1:17 am
Forum: Beginner Basics
Topic: RouterOS - Route traffic through specific gateway problem
Replies: 5
Views: 672

Re: RouterOS - Route traffic through specific gateway problem

try adding Routing-Mark=to_Wan2 to the route you are trying to add
by CZFan
Sat Jul 06, 2019 2:10 pm
Forum: General
Topic: PPPoE Session packets being broadcast?? [SOLVED]
Replies: 40
Views: 2277

Re: PPPoE Session packets being broadcast?? [SOLVED]

@sindy,
If you connect with me on Skype (ID under my profile), I can send the the packet capture file done on sfpplus2 to see if you can see anything strange
by CZFan
Sat Jul 06, 2019 11:39 am
Forum: General
Topic: PPPoE Session packets being broadcast?? [SOLVED]
Replies: 40
Views: 2277

Re: PPPoE Session packets being broadcast?? [SOLVED]

i will get in touch with Mikrotik support
I'd neverteless like to see the config ;)

As requested, see attached, info is a bit anonymized, so hope it makes sense
by CZFan
Sat Jul 06, 2019 12:51 am
Forum: General
Topic: PPPoE Session packets being broadcast?? [SOLVED]
Replies: 40
Views: 2277

Re: PPPoE Session packets being broadcast?? [SOLVED]

No problem, will post it tomorrow
by CZFan
Sat Jul 06, 2019 12:48 am
Forum: Scripting
Topic: Script or CHR Scheduler Problem?
Replies: 1
Views: 422

Re: Script or CHR Scheduler Problem?

Bump, anyone?
by CZFan
Fri Jul 05, 2019 11:31 pm
Forum: General
Topic: PPPoE Session packets being broadcast?? [SOLVED]
Replies: 40
Views: 2277

Re: PPPoE Session packets being broadcast?? [SOLVED]

@sindy, I don't know how to thank you, but again your posts have been extremely helpful and I learned a lot again! What you are saying about the CPU port makes a lot of sense and answered why I was seeing these frames (I keep forgetting the CPU is also seen as a "port") Yes, this ISP does have the b...
by CZFan
Fri Jul 05, 2019 10:52 pm
Forum: General
Topic: PPPoE Session packets being broadcast?? [SOLVED]
Replies: 40
Views: 2277

Re: PPPoE Session packets being broadcast?? [SOLVED]

Post the CRS config, maybe I can see something there (don't expect too much, though). And the output of /interface bridge port print.

I will be very surprised if there is something in the IT world that you can't resolve
by CZFan
Fri Jul 05, 2019 10:45 pm
Forum: General
Topic: PPPoE Session packets being broadcast?? [SOLVED]
Replies: 40
Views: 2277

Re: PPPoE Session packets being broadcast?? [SOLVED]

Will do that, but before I do that, my concern is not really why it is being sent to all clients from my CRS as ports going to client devices are trunk ports and contains all VLAN's of all ISPs, so it will make sense why from the CRS. But for some reason, these frames come in on the wire strange way...
by CZFan
Fri Jul 05, 2019 10:24 pm
Forum: General
Topic: PPPoE Session packets being broadcast?? [SOLVED]
Replies: 40
Views: 2277

Re: PPPoE Session packets being broadcast?? [SOLVED]

Host count shows just over 4200.

Not sure if this will help narrowing down where the problem is, but the interface directly connected to the ISP FP Rx count (Fast-Path?) shows exact same amount of traffic I see being "broadcast" to all devices.
by CZFan
Fri Jul 05, 2019 1:21 am
Forum: Beginner Basics
Topic: Problem Loading Websites
Replies: 2
Views: 367

Re: Problem Loading Websites

Post the results from "export hide-sensitive" here, someone will be able to look at any config problem
by CZFan
Thu Jul 04, 2019 11:46 pm
Forum: General
Topic: PPPoE Session packets being broadcast?? [SOLVED]
Replies: 40
Views: 2277

Re: PPPoE Session packets being broadcast?? [SOLVED]

I saw the keep alive responses being sent by the client device at the client device while the issue were present, i.e. I could see PPPoE session traffic to this client on other devices. What else I noticed short while ago, I looked at the MAC address of this client in host table in bridge, and notic...
by CZFan
Thu Jul 04, 2019 7:59 pm
Forum: General
Topic: PPPoE Session packets being broadcast?? [SOLVED]
Replies: 40
Views: 2277

Re: PPPoE Session packets being broadcast?? [SOLVED]

The CRS is a 326, max devices / MAC addresses inside the FTTh network is +- 2000. The concern I have is I have seen on the CPE management device these packets received sometimes reaches 80 - 90 Mb/s, this going all over the internal network not good, and it effectively becomes like a DDOS to custome...
by CZFan
Wed Jul 03, 2019 10:53 pm
Forum: General
Topic: PPPoE Session packets being broadcast?? [SOLVED]
Replies: 40
Views: 2277

Re: PPPoE Session packets being broadcast?? [SOLVED]

Apologies, I am providing L2 connectivity from clients behind OLTs to ISP's, the PPPoE AC is at the ISP. Yes, the dst MAC addresses belongs to customers behind the OLTs, traffic that I see, dst MACs changes every now and then, so it is not a specific customer behind OLTs whose traffic I see, but is ...
by CZFan
Wed Jul 03, 2019 9:50 pm
Forum: General
Topic: PPPoE Session packets being broadcast?? [SOLVED]
Replies: 40
Views: 2277

Re: PPPoE Session packets being broadcast?? [SOLVED]

@CZFan, @Anumrak's point of view made me review the whole thread and I've noticed I may be misunderstanding some points all the time. So 1) are the two clients whose traffic you could see to arrive to the "CPE management router" connected via your own OLTs or their MAC addresses are unrelated to yo...
by CZFan
Wed Jul 03, 2019 9:41 pm
Forum: General
Topic: PPPoE Session packets being broadcast?? [SOLVED]
Replies: 40
Views: 2277

Re: PPPoE Session packets being broadcast?? [SOLVED]

I am still experiencing the problem, and seeing these packets on ALL devices inside the FTTh network. Below screenshot from another customer device, seeing all these packets not meant for this device. I had something strange happen today, an not sure if I can replicate it again, but was trying to MA...
by CZFan
Tue Jul 02, 2019 6:17 pm
Forum: Scripting
Topic: Script or CHR Scheduler Problem?
Replies: 1
Views: 422

Script or CHR Scheduler Problem?

I am not very au fait with Mikrotik Scripting, and not sure if the problem is with Scheduler in CHR or if script is incorrect, so if someone does not mind helping me out here it will be much appreciated. What I have is a script to backup Dude config and database (On CHR), but it seems to be creating...
by CZFan
Tue Jul 02, 2019 5:02 pm
Forum: General
Topic: PPPoE Session packets being broadcast?? [SOLVED]
Replies: 40
Views: 2277

Re: PPPoE Session packets being broadcast?? [SOLVED]

Thx all for the feedback.

@sindy, believe me when I say, your feedback carry way more weight than 2c's
by CZFan
Wed Jun 26, 2019 4:16 pm
Forum: General
Topic: PPPoE Session packets being broadcast?? [SOLVED]
Replies: 40
Views: 2277

Re: PPPoE Session packets being broadcast?? [SOLVED]

Thank you @Anumrak,

I will dig a bit further and chat again to ISP....
by CZFan
Wed Jun 26, 2019 2:32 pm
Forum: General
Topic: PPPoE Session packets being broadcast?? [SOLVED]
Replies: 40
Views: 2277

Re: PPPoE Session packets being broadcast?? [SOLVED]

PPP frames inside ethernet providing unique layer 2 tunnel based on unicast frames on session level. Why torch should show you destination IP, when PPP tunnel operates only with mac address? Not sure I understand your post, is your question directed at me? Well yeah. I thought you didn't get why ds...
by CZFan
Wed Jun 26, 2019 2:30 pm
Forum: General
Topic: PPPoE Session packets being broadcast?? [SOLVED]
Replies: 40
Views: 2277

Re: PPPoE Session packets being broadcast?? [SOLVED]

PPP frames inside ethernet providing unique layer 2 tunnel based on unicast frames on session level. Why torch should show you destination IP, when PPP tunnel operates only with mac address? Not sure I understand your post, is your question directed at me? Well yeah. I thought you didn't get why ds...
by CZFan
Wed Jun 26, 2019 2:24 am
Forum: Beginner Basics
Topic: RB 3011: Very simple VLAN scenario not working. [SOLVED]
Replies: 3
Views: 482

Re: RB 3011: Very simple VLAN scenario not working. [SOLVED]

For access to the device itself, i.e. Management ip and or access to services on device, i.e. DHCP, etc, you will have to provide access to the CPU using the "bridge port", so the command will be:
/interface bridge vlan
add bridge=bridge tagged=bridge untagged=ether8 vlan-ids=10
by CZFan
Wed Jun 26, 2019 12:28 am
Forum: General
Topic: PPPoE Session packets being broadcast?? [SOLVED]
Replies: 40
Views: 2277

Re: PPPoE Session packets being broadcast?? [SOLVED]

PPP frames inside ethernet providing unique layer 2 tunnel based on unicast frames on session level. Why torch should show you destination IP, when PPP tunnel operates only with mac address?
Not sure I understand your post, is your question directed at me?
by CZFan
Mon Jun 24, 2019 11:47 pm
Forum: General
Topic: PPPoE Session packets being broadcast?? [SOLVED]
Replies: 40
Views: 2277

Re: PPPoE Session packets being broadcast?? [SOLVED]

Ether1 is connected to crs switch.

I think what is happening is the device not storing end user device MAC address and broadcasting this PPPoE session packets on all ports?
by CZFan
Sun Jun 23, 2019 4:14 pm
Forum: General
Topic: PPPoE Session packets being broadcast?? [SOLVED]
Replies: 40
Views: 2277

Re: PPPoE Session packets being broadcast?? [SOLVED]

Anyone? It is happening again, same ISP but different customer in the FTTh network.

Reported to ISP again, but does not seem they know where the problem is, almost like vlan 501 leaking over to native vlan from their side?

Have pcap file if that will help, but I cant see anything funny in it?
by CZFan
Sat Jun 22, 2019 10:37 pm
Forum: Scripting
Topic: Script to releases memory
Replies: 5
Views: 673

Re: Script to releases memory

Yes there is, "/system reboot" :-)

Maybe disable services that are not being used, i.e. Hotspot, routing, etc in System->Packages.
by CZFan
Sat Jun 22, 2019 10:16 pm
Forum: Wireless Networking
Topic: Low speed
Replies: 4
Views: 542

Re: Low speed

Can the device you downloading to achieve more?
by CZFan
Sat Jun 22, 2019 10:11 pm
Forum: Beginner Basics
Topic: RB2011 WAN interface not reaching full speed
Replies: 10
Views: 1111

Re: RB2011 WAN interface not reaching full speed

Hi

Hint: next time export config with "/export hide-sensitive compact"
i am sure "export" defaults to compact?
by CZFan
Sat Jun 22, 2019 10:05 pm
Forum: Beginner Basics
Topic: hAP AC - Fiber ISP Nid
Replies: 2
Views: 301

Re: hAP AC - Fiber ISP Nid

To ensure hardware offload on LAN ports, create first bridge and assign ports 1-4 and wifi to it. Create vlan interfaces and assign them to SFP interface. NATing, firewall rules, etc will need to be setup against relevant VLAN's, i.e. masquerade will need to go on out interface vlan 5. Create 2nd br...
by CZFan
Sat Jun 22, 2019 9:23 pm
Forum: General
Topic: PPPoE Session packets being broadcast?? [SOLVED]
Replies: 40
Views: 2277

PPPoE Session packets being broadcast?? [SOLVED]

I had a situation today and want to understand why this will happen (Dont have much experience with PPPoE, etc) The environment is FTTh where customers connect to relevant ISP across Vlan & PPPoE, OLTs connects to CRS on Isolated Trunk (Vlan) Ports, then branches out to the relevant ISPs based on Vl...
by CZFan
Fri Jun 21, 2019 2:04 pm
Forum: Beginner Basics
Topic: Connect to LAN through mikrotik connected to VPN
Replies: 1
Views: 236

Re: Connect to LAN through mikrotik connected to VPN

Is the VPN server a seperate device from Mikrotik? If so, you will have to tell the VPN server how to get to 192.168.1.x subnet
by CZFan
Fri Jun 21, 2019 1:32 am
Forum: General
Topic: Mikrotik Interface
Replies: 2
Views: 321

Re: Mikrotik Interface

Please under what circumstance can an interface on router got disabled automatically without manual disabling Your question is a bit vague, are you asking to disable an interface other ways besides doing it manually or did you have an experience where the interface got disabled and all the technici...
by CZFan
Fri Jun 21, 2019 12:58 am
Forum: Wireless Networking
Topic: rx rate problem
Replies: 9
Views: 761

Re: rx rate problem

????

Did you see the suggestion from @mkx posted 13 May?
by CZFan
Fri Jun 21, 2019 12:45 am
Forum: Beginner Basics
Topic: RB2011 WAN interface not reaching full speed
Replies: 10
Views: 1111

Re: RB2011 WAN interface not reaching full speed

That does not look like the full export and without seeing firewall filter and mangle rules, it makes it difficult to make suggestions.

Read up on fasttrack, enable it and test again
by CZFan
Wed Jun 19, 2019 1:44 pm
Forum: General
Topic: Google pings corrupts
Replies: 1
Views: 320

Google pings corrupts

Hi, Not strictly a Mikrotik related question, but just want to see if you guys get the same. This started recently, can't ping any Google services with packets bigger than 92, if I do, packets gets corrupted. I get this from 2 locations which has nothing in common except using Mikrotik routers, diff...
by CZFan
Wed Jun 19, 2019 2:15 am
Forum: Beginner Basics
Topic: RB2011 WAN interface not reaching full speed
Replies: 10
Views: 1111

Re: RB2011 WAN interface not reaching full speed

Start by upgrading to 6.44.3, then post results of "export hide-sensitive" here (between source code bracket so, see menu bot tons above)
by CZFan
Wed Jun 19, 2019 2:10 am
Forum: Beginner Basics
Topic: RB751G-2hnd - VLAN on ether5 - No bridge - DHCP server issues
Replies: 3
Views: 373

Re: RB751G-2hnd - VLAN on ether5 - No bridge - DHCP server issues

From your post, I ge the feeling there is a bigger picture / goal missing, anyway. Using info in your post, you do not need to do any config so on the chip level as it seems there will be no vlan switching. Then add the vlan to ether 5, add IP address to vlan interface, same with DHCP server. The si...
by CZFan
Sun Jun 16, 2019 9:18 pm
Forum: Beginner Basics
Topic: Config VPN and DDNS + smartphone
Replies: 5
Views: 497

Re: Config VPN and DDNS + smartphone

Have you tried to connect with pc/laptop? Apple (iPhone, etc) have dropped support for pptp vpn a while ago due to pptp not being secure, not even allowing it on passthrough, maybe Samsung followed same process. Will be a good idea if you used another VPN type anyway, one that is more secure, i.e. L...
by CZFan
Sun Jun 16, 2019 8:29 pm
Forum: General
Topic: Hardware VLAN [SOLVED]
Replies: 7
Views: 655

Re: Hardware VLAN [SOLVED]

Yes,
/interface vlan
add interface=bridge1 vlan-id=2 name=vlan2

/ip address
add address=192.168.2.1/24 interface=vlan2
Also see...
https://wiki.mikrotik.com/wiki/Manual:B ... witch_chip
by CZFan
Sun Jun 16, 2019 7:32 pm
Forum: Wireless Networking
Topic: How replace a failing Wireless Wire Dish unit ?
Replies: 2
Views: 334

Re: How replace a failing Wireless Wire Dish unit ?

Besides admin users, IP addresses, for normal management, etc,you will have to configure the following as a minimum to get the link up:

1. Mode: "Bridge" or "Station Bridge" depending which one you replacing
2: SSID
3: SSID Password
by CZFan
Sun Jun 16, 2019 7:26 pm
Forum: Wireless Networking
Topic: Configuring a Wireless Wire Dish as a switch ?
Replies: 2
Views: 337

Re: Configuring a Wireless Wire Dish as a switch ?

Not sure I understand correct, but there is only 1 Ethernet interface on these devices?

However, you can connect a switch on both sides of it
by CZFan
Sat Jun 15, 2019 11:44 pm
Forum: Beginner Basics
Topic: SXT LTE kit and router Zyxel NBG-416N
Replies: 2
Views: 380

Re: SXT LTE kit and router Zyxel NBG-416N

Search for SXT passthrough
by CZFan
Sat Jun 15, 2019 10:11 pm
Forum: General
Topic: One device in my network will not work
Replies: 4
Views: 289

Re: One device in my network will not work

I can't understand at all. That's pretty common here, I've reverted to guessing. Here in particular, I've guessed that "it's my Mikrotik" actually means "it's caused by some issue on my Mikrotik". Let's see whether the guess was correct. Must be a "bug" in the forum software, the crystal ball facil...
by CZFan
Sat Jun 15, 2019 9:24 pm
Forum: General
Topic: need help choosing hardware
Replies: 5
Views: 435

Re: need help choosing hardware

The 866Mb/s is probably "Radio" speed, which will equate to approximately 50% of that for Data Throughput due to wireless overhead, etc. I recently replaced a Mikrotik LHG 5 AC wireless link with the Mikrotik 60GHz "Wireless Wire" product, end result is I have XBox / PS4 gamers on the other side of ...
by CZFan
Sat Jun 15, 2019 9:08 pm
Forum: General
Topic: Can you make a CRS328-24P-4S+ both a switch and router
Replies: 6
Views: 456

Re: Can you make a CRS328-24P-4S+ both a switch and router

Yes, but it actually is a "Switch" by design, so not best performance if you have high speed routing requirements.
by CZFan
Sat Jun 15, 2019 1:23 pm
Forum: Beginner Basics
Topic: Mikrotik RB2011 in "Router" Mode
Replies: 12
Views: 956

Re: Mikrotik RB2011 in "Router" Mode

I am not really sure you are successfully pinging the SXT (192.168.88.1) as both devices have that same IP config on ether1 interfaces, so your config seems totally incorrect . You already have a "router / firewall / DHCP / etc" in the SXT, why not make the Hap AC2 a "switch+AP" only device? See top...
by CZFan
Thu Jun 13, 2019 11:42 am
Forum: Beginner Basics
Topic: Every device shows the same IP in Winbox Scan
Replies: 4
Views: 333

Re: Every device shows the same IP in Winbox Scan

Suspect you have configured Proxy-Arp on interface(s).
by CZFan
Thu Jun 13, 2019 12:49 am
Forum: General
Topic: RouterOS Virtual Labs
Replies: 84
Views: 112389

Re: RouterOS Virtual Labs

@sebastia,
I created a new "project" in gns3 today and again, one of the my routers mixed up the ether ports.

Would you mind sharing a bit more of your setup, i.e. Which version of gns3, using virtualbox, VMware player, workstation, etc?
by CZFan
Wed Jun 12, 2019 2:16 pm
Forum: RouterBOARD hardware
Topic: Wireless wire 60Ghz default password
Replies: 25
Views: 7077

Re: Wireless wire 60Ghz default password

Took over client from another service provider, previous service provider created their own admin user / password and removed the default admin user. The equipment is now mounted on masts, etc, is there a way to get the default admin user / password from the device for record keeping purposes? Using...
by CZFan
Tue Jun 11, 2019 6:35 pm
Forum: Forwarding Protocols
Topic: ❗️❓ UNSTABLE VPLS on Wireless networks
Replies: 13
Views: 1176

Re: ❗️❓ UNSTABLE VPLS on Wireless networks

One bit of info missing, does the wireless link go down for 60 seconds before connects again? Reason I am asking is we have a wireless link, 2 x LHG 5ac's, short distance (about 700 meters) but sometimes takes up to 3 minutes to connect again if the wireless link dropped and reason seems to be takin...
by CZFan
Sun Jun 09, 2019 11:40 pm
Forum: General
Topic: RouterOS Virtual Labs
Replies: 84
Views: 112389

Re: RouterOS Virtual Labs

I'm trying to get CHR working on EVE-NG and it works but the interfaces dont seem to line up. I will put 192.168.1.1/24 on R1:ether1 and 192.168.1.2/24 on R2:ether1. I will make a connection from R1:ether1 and R2:ether1. I will then try to ping 192.168.1.2 from R1 with no success. I will move the I...
by CZFan
Sun Jun 09, 2019 1:32 pm
Forum: Beginner Basics
Topic: Wireless Wire (RBwAPG-60adkit) - Not working. Appreciate the help!
Replies: 7
Views: 558

Re: Wireless Wire (RBwAPG-60adkit) - Not working. Appreciate the help!

I recently installed one of these Wireless Wire setups, straight from the supplier the 2 radios did not want to connect. After logging in on each device, I noticed both were in "Bridge" mode, changed the slave to "Station-Bridge" then it connected. Not sure if above is correct but my link is working...
by CZFan
Sun Jun 09, 2019 12:26 am
Forum: General
Topic: Need Solution: How to get the maximum speed of my Connection from my MikrotikBoard 2011UiAS-2HnD [SOLVED]
Replies: 7
Views: 588

Re: Need Solution: How to get the maximum speed of my Connection from my MikrotikBoard 2011UiAS-2HnD [SOLVED]

You will need to make use of firewall "fasttrack" rule.

Search the forum, many discussions re above, including on the 2011 router
by CZFan
Sat Jun 08, 2019 9:01 pm
Forum: Beginner Basics
Topic: Help! -- Something is dropping All traffic
Replies: 2
Views: 254

Re: Help! -- Something is dropping All traffic

Your problems is that "Cisco Small Business" thingy :-)

Just joking, have to echo what @anav said, without seeing config and / or more info on environment, very difficult to assist.

Maybe as a starting point provide full config (after deleting sensitive info) of 3011's and also a network diagram
by CZFan
Sat Jun 08, 2019 8:53 pm
Forum: General
Topic: Time Based firewaal rules
Replies: 12
Views: 685

Re: Time Based firewaal rules

I figured it out!! You have to specify the time and day or days that you want the rule to be applied and then you have to press reset all counters to reset everything and allow the new rule to be applied. I checked it 3-4 times and it worked fine. Thank you all!!!! I suspect that you have a rule be...
by CZFan
Sat Jun 08, 2019 8:27 pm
Forum: General
Topic: QUEUE TREE
Replies: 4
Views: 377

Re: QUEUE TREE

Don't quite understand your question, you say you have seen this configuration and state that it worked??? Anyway, to answer your question, yes, you mark the connection, then the packets of this connection, the "connection" is both "up" and "down" traffic. Then apply the queue tree config accordingl...
by CZFan
Sat Jun 08, 2019 8:20 pm
Forum: General
Topic: QinQ VLAN's Help needed [SOLVED]
Replies: 61
Views: 6666

Re: QinQ VLAN's Help needed [SOLVED]

@deepmedia
As a side note, I assume the 1.1.1.1, etc addresses are loopback addresses, anyway, personally I will stay away from them as they are routable on internet
by CZFan
Sat Jun 08, 2019 7:21 pm
Forum: General
Topic: Strange Mangle situation - Download fighting Upload [SOLVED]
Replies: 22
Views: 1303

Re: Strange Mangle situation - Download fighting Upload [SOLVED]

...

How in the world are you going to specify flow direction in the "Queue Tree" ? The Flow Direction is done in mangle with packer marking and then used as an input in the "Queue Tree".
...
QtreeIface.JPG
by CZFan
Sat Jun 08, 2019 2:25 am
Forum: General
Topic: Strange Mangle situation - Download fighting Upload [SOLVED]
Replies: 22
Views: 1303

Re: Strange Mangle situation - Download fighting Upload [SOLVED]

Hy I'm also confused. How can CZFan's example work? The mangle uses src-address-list, meaning "Download" traffic from a bunch of IPs. How can those packet marks be used in Queue trees for uploads? ... the mangle uses src-address-list, for the device starting the connection, in this case it was a pc...
by CZFan
Fri Jun 07, 2019 7:52 pm
Forum: General
Topic: Strange Mangle situation - Download fighting Upload [SOLVED]
Replies: 22
Views: 1303

Re: Strange Mangle situation - Download fighting Upload [SOLVED]

... So long this did the trick, but i had the assumption that what ever you put into Connection marking follows the Packet marking if you use "Connection marking" as input ? This had me fighting for a very long time and i hope it help others as well. Also this proves that almost every Tutorial out ...
by CZFan
Fri Jun 07, 2019 1:54 am
Forum: Beginner Basics
Topic: Problem with Firewall Rule
Replies: 3
Views: 338

Re: Problem with Firewall Rule

It will block ssh, but as sftp runs over ssh session, it will also block sftp
by CZFan
Fri Jun 07, 2019 1:10 am
Forum: General
Topic: EoIP & Queue
Replies: 1
Views: 226

Re: EoIP & Queue

Under queue tree, for VPN:IN, change parent to LAN interface, i.e. Bridge or what ever you called it
by CZFan
Fri Jun 07, 2019 12:12 am
Forum: General
Topic: Strange Mangle situation - Download fighting Upload [SOLVED]
Replies: 22
Views: 1303

Re: Strange Mangle situation - Download fighting Upload [SOLVED]

Not at my pc at the moment, but below with you doing some reading on wiki should get you there.

You should not specify interfaces in mangle rules, then in queue tree config, specify the interface / queue as required, i.e. Bridge interface for download and PPPoE interface for upload
by CZFan
Sun Jun 02, 2019 1:02 am
Forum: Beginner Basics
Topic: Can i intercept Traffic flowing through my MikroTik Router?
Replies: 3
Views: 411

Re: Can i intercept Traffic flowing through my MikroTik Router?

Traffic flow is used for network statistics.

I think it will be better if you define "intercept" and what actually needs to happen to the frames / packets once intercepted in order for us to get a better unde standing of a our requirements and provide better suggestions.
by CZFan
Sun Jun 02, 2019 12:51 am
Forum: Beginner Basics
Topic: Ban IP's / Drop connections of RDP Brute forcers
Replies: 6
Views: 669

Re: Ban IP's / Drop connections of RDP Brute forcers

Hmmmm, there is no reason why the action drop rule should be in the RAW firewall filter and NOT the input chain. As the rhyme goes. I would like to slap the peepee of the person that wrote the wikee. Slow day. ;-) Highly recommend you read through this thread for some sage advice! https://forum.mik...
by CZFan
Fri May 31, 2019 12:21 am
Forum: General
Topic: Trying to change IPSEC Peers from main to aggressive, getting an error I dont understand.
Replies: 9
Views: 696

Re: Trying to change IPSEC Peers from main to aggressive, getting an error I dont understand.

Re firewall, also ensure you block DNS from outside on input chain
by CZFan
Thu May 23, 2019 12:23 am
Forum: General
Topic: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]
Replies: 30
Views: 1579

Re: VLAN trunk - master-slave way of config on physical interfaces [SOLVED]

It never came to my mind to try to push VLANs through a L2TP tunnel in bridge mode, but I've expected it would be enough to configure the /interface bridge port and /interface bridge vlan items also for the L2TP interfaces. However, it seems RouterOS is not ready for this (at least as of 6.44.3). W...
by CZFan
Tue May 21, 2019 10:33 pm
Forum: General
Topic: Strange RP filter behavior
Replies: 12
Views: 749

Re: Strange RP filter behavior

@macgaiver: Here you go, but be warned, once you see it, you can't unsee it.

Do you and @sindy visit each other in The Matrix for drinks :-)
by CZFan
Tue May 21, 2019 12:18 am
Forum: General
Topic: Route to multiple remote locations with same LAN subnet/network [SOLVED]
Replies: 6
Views: 446

Re: Route to multiple remote locations with same LAN subnet/network [SOLVED]

Sindy=genius!!!
You should write a routerOS book, I will pre-order buy it now!

Yes, indeed, that he should do, will also order before publication.
His method of reaching or explains is excellent
by CZFan
Fri May 17, 2019 9:41 pm
Forum: General
Topic: Winbox Simple Queue display change
Replies: 1
Views: 181

Re: Winbox Simple Queue display change

Toggle on or off by clicking on "#"
by CZFan
Thu May 16, 2019 10:10 pm
Forum: General
Topic: How to PCQ this?
Replies: 5
Views: 419

Re: How to PCQ this?

Are the subnets consecutive? If so, aggregate / summarize the subnets
by CZFan
Wed May 15, 2019 11:50 pm
Forum: General
Topic: How to PCQ this?
Replies: 5
Views: 419

Re: How to PCQ this?

Target should point to internal subnet, rest looks good
by CZFan
Tue May 14, 2019 3:34 am
Forum: General
Topic: Mk, NAT Open Request [Help needed]
Replies: 42
Views: 1922

Re: Mk, NAT Open Request [Help needed]

I think it is time you pride the config, in terminal window,
Export file=YourFileName hide-sensitive and either attach the file here or copy and paste the contents between source code brackets
by CZFan
Sun May 12, 2019 1:56 am
Forum: General
Topic: SXT 2 Discontinued?
Replies: 3
Views: 346

Re: SXT 2 Discontinued?

On Stock in Germany

Same in South Africa
by CZFan
Sat May 11, 2019 9:57 pm
Forum: General
Topic: VLAN over Bridge
Replies: 41
Views: 1743

Re: VLAN over Bridge

... The way Google Fiber and the OP's ISP use of the CoS field in the VLAN tag is rather a misuse to me, because normally it is used to convey the information about frame priority, not that it would have to contain a single mandatory value. But I have no idea what weakness of their system they had ...
by CZFan
Sat May 11, 2019 8:49 pm
Forum: General
Topic: VLAN over Bridge
Replies: 41
Views: 1743

Re: VLAN over Bridge

... 3. While I've only worked on one RB4011 I don't recall all the switch menu options being set like this. But I won't know until this week when it's back up online at a the customer site to double check but wasn't there when I was doing the initial setup. ... The RB4011 has a RTL8367 switch chip ...
by CZFan
Sat May 11, 2019 8:38 pm
Forum: General
Topic: VLAN over Bridge
Replies: 41
Views: 1743

Re: VLAN over Bridge

@sindy & @anav, while your little spat is cute you both have failed to notice some glaring errors in this config. 1. bridgePrio6 is the one that is supposed to filter this WAN VLAN stuff. So why is it a _member_ of the default bridge?! That's a no no. 2. There is nothing that shows bridgePrio6 has ...
by CZFan
Sun Apr 28, 2019 3:21 am
Forum: Forwarding Protocols
Topic: Output of "/routing bgp advertisements print" is truncated [SOLVED]
Replies: 5
Views: 806

Re: Output of "/routing bgp advertisements print" is truncated [SOLVED]

Have you tried accessing the device with ssh and then run command?
by CZFan
Wed Apr 24, 2019 4:40 pm
Forum: General
Topic: use another dns for http
Replies: 12
Views: 545

Re: use another dns for http

Personally, I would use Domain Controller as DNS (and DHCP) for internal clients, DNS should already be installed on DC Server as that is one of the requirements for AD to work properly
by CZFan
Wed Apr 24, 2019 3:52 am
Forum: General
Topic: ip scan to text file
Replies: 1
Views: 139

Re: ip scan to text file

Think it will be something like
/tool ip-scan address=12.34.56.78 interface=ether1
by CZFan
Wed Apr 24, 2019 1:38 am
Forum: Beginner Basics
Topic: RouterOS - NAT problem (dst-nat)
Replies: 23
Views: 1276

Re: RouterOS - NAT problem (dst-nat)

...
Then the client will send mails out, either directly to your hosted mail server or alternative Skype server.
...
Suppose to be SMTP Server, Apple IOS auto correct :-(
by CZFan
Tue Apr 23, 2019 4:22 am
Forum: Beginner Basics
Topic: RouterOS - NAT problem (dst-nat)
Replies: 23
Views: 1276

Re: RouterOS - NAT problem (dst-nat)

@Anav, IIRC, you are using an email client with mail server hosted our side your network. Then the client will send mails out, either directly to your hosted mail server or alternative Skype server. The mail coming in, is being "pulled" by the mail client, so connection is into initiated from inside...
by CZFan
Tue Apr 23, 2019 4:00 am
Forum: General
Topic: Issues with internal traffic not getting NATed
Replies: 21
Views: 1112

Re: Issues with internal traffic not getting NATed

I am struggling to understand what you are looking for here, the "drop invalid" rule is the built in solution
by CZFan
Tue Apr 23, 2019 3:46 am
Forum: General
Topic: Run script when a gateway fails over
Replies: 5
Views: 364

Re: Run script when a gateway fails over

Based on the limited information you provided, this should be sufficient:

Create / run a script to pick up active wan IP
by CZFan
Sun Apr 21, 2019 8:31 pm
Forum: Beginner Basics
Topic: RouterOS - NAT problem (dst-nat)
Replies: 23
Views: 1276

Re: RouterOS - NAT problem (dst-nat)

RouterOS uses routes from "/ip route" to decide where to send packets. It doesn't automatically send replies back the same way from where the request came. So you have incoming connection on WAN2, but default route uses WAN1, so response packets are sent there and of course it doesn't work. Solutio...
by CZFan
Sun Apr 21, 2019 6:02 pm
Forum: Beginner Basics
Topic: Avoiding Double NAT with multiple routers
Replies: 25
Views: 9784

Re: Avoiding Double NAT with multiple routers


@anav I already did it (viewtopic.php?f=13&t=145144), but I got no answers... l don’t know what to do.

You now have an answer...
by CZFan
Sun Apr 21, 2019 6:01 pm
Forum: Beginner Basics
Topic: NAT problems - Xbox One and Nintendo Switch
Replies: 32
Views: 3407

Re: NAT problems - Xbox One and Nintendo Switch

If you have hired a company to do the installation, then surely they must correct the problem / design of the network?

Alternatively, my suggestion will be to hire a Mikrotik Certified Consultant in your area. https://mikrotik.com/consultants
by CZFan
Fri Apr 19, 2019 3:22 am
Forum: General
Topic: Need advice with a proper router for my home.
Replies: 13
Views: 933

Re: Need advice with a proper router for my home.

What will you do that concerns you about the memory.
Hap ac2 has 4 cpu and that memory is more than sufficient
by CZFan
Mon Apr 15, 2019 11:50 pm
Forum: General
Topic: who can I hire to get a export to work as an import an a clone [SOLVED]
Replies: 7
Views: 552

Re: who can I hire to get a export to work as an import an a clone [SOLVED]

...

I can't seem to downgrade it to 6.34.4 Mikrotik seems to have deleted the firmware from there website

...

https://mikrotik.com/download/archive
by CZFan
Sun Apr 14, 2019 4:39 pm
Forum: General
Topic: help with queue
Replies: 4
Views: 368

Re: help with queue

Add a simple queue with target of CCTV IP and set rate limits required
by CZFan
Sun Apr 14, 2019 4:34 pm
Forum: Beginner Basics
Topic: HAP mini IPSEC+EoIP performance?
Replies: 4
Views: 461

Re: HAP mini IPSEC+EoIP performance?

As far as I can recall, Hap Mini and Lite has exactly the same specs, only difference is mini has 3 ether ports and Lite has 4 ether ports
by CZFan
Fri Apr 12, 2019 4:45 am
Forum: Wireless Networking
Topic: Some wireless questions
Replies: 5
Views: 545

Re: Some wireless questions

My main concern is to make sure the antennas are aligned, my thinking is does not matter settings you play with, if alignment is out, you will never have a stable / good link. but seems for some reason, no one here wants to comment on if the alignment tool in Winbox still works. I have set the chann...
by CZFan
Thu Apr 11, 2019 11:20 pm
Forum: General
Topic: L2TP VPN "L2TP UDP packet received from" over and over again. [SOLVED]
Replies: 14
Views: 1107

Re: L2TP VPN "L2TP UDP packet received from" over and over again. [SOLVED]

Yup, that will also work as OpenVPN on MT is TCP Based.

I just prefer SSTP over O-VPN as SSTP uses port 443, less chance of ISP's blocking it.
by CZFan
Thu Apr 11, 2019 9:43 pm
Forum: Forwarding Protocols
Topic: MikroTik and Cisco ASA
Replies: 5
Views: 675

Re: MikroTik and Cisco ASA

One suggestion will be to not use NATing between proxy / ASA / MT, but rather routing and only NAT out on MT
by CZFan
Thu Apr 11, 2019 9:04 pm
Forum: General
Topic: L2TP VPN "L2TP UDP packet received from" over and over again. [SOLVED]
Replies: 14
Views: 1107

Re: L2TP VPN "L2TP UDP packet received from" over and over again. [SOLVED]

You can use certs with SSTP between MT's, but it is not required. My point was you can quickly test it without creating certs etc. if it works better, then implement with certs
by CZFan
Thu Apr 11, 2019 7:53 pm
Forum: General
Topic: L2TP VPN "L2TP UDP packet received from" over and over again. [SOLVED]
Replies: 14
Views: 1107

Re: L2TP VPN "L2TP UDP packet received from" over and over again. [SOLVED]

UDP not good for unstable links, maybe try a TCP based site to site VPN, i.e. SSTP bwteen MT's, don't need certs in this case
by CZFan
Wed Apr 10, 2019 3:18 am
Forum: Wireless Networking
Topic: Some wireless questions
Replies: 5
Views: 545

Re: Some wireless questions

Thx for your response, and I might very well be wrong and please correct me if I am wrong My understanding is that it is 897Mb/s air rate (radio) and should be able E to get 450 - 500 Mb/s data rate. I did some more reading, and it seems like with the equipment used for the link and due to short dis...
by CZFan
Tue Apr 09, 2019 9:10 pm
Forum: Wireless Networking
Topic: Some wireless questions
Replies: 5
Views: 545

Re: Some wireless questions

Bump, anyone, please?
by CZFan
Mon Apr 08, 2019 9:00 pm
Forum: Wireless Networking
Topic: Some wireless questions
Replies: 5
Views: 545

Some wireless questions

Hi Have a PTP link (2 x LHG 5ac's) connected but not too happy re performance which I am sure is due to my limited knowledge on wireless and asking for some help. The distance between the devices is about 500m with clear line of sight, both devices are on ROS 6.44.1. I if I can get the link to push ...
by CZFan
Mon Apr 08, 2019 3:52 pm
Forum: General
Topic: Filter Rules - Output showing activity, why?
Replies: 4
Views: 367

Re: Filter Rules - Output showing activity, why?

cause your rules are incorrect: Forward chain, you have dst address list which should work ok, but should really be src address list input chain, again you have dst address list, this will never work as you should not have any China IPs as per address list on your router, so should also be src addre...
by CZFan
Sat Apr 06, 2019 9:59 pm
Forum: General
Topic: SIP port(s)
Replies: 6
Views: 448

Re: SIP port(s)

I want mind to grind coffee beans. They should call it the cAPpuccinoAC

:lol: :lol: :lol: :lol:
by CZFan
Sat Apr 06, 2019 2:37 am
Forum: Beginner Basics
Topic: PPTP Issues
Replies: 13
Views: 876

Re: PPTP Issues

If you coming with a Windows client behind a NAT and L2TP/IPSec server is also behind a NAT, have a look at this, it solved my problem:

https://support.microsoft.com/en-gb/hel ... in-windows
by CZFan
Fri Apr 05, 2019 5:54 pm
Forum: The User Manager
Topic: HEX S - User Manager (Will it be enough)
Replies: 3
Views: 755

Re: HEX S - User Manager (Will it be enough)

Would you use a Mini to transport the local school rugby / soccer team to a game?

The Hex S is a SOHO device, that is an acronym for "Small Office / Home Office", do you think what you are trying to do fits in there?
by CZFan
Thu Apr 04, 2019 11:12 am
Forum: Announcements
Topic: v6.44.2 [stable] is released!
Replies: 67
Views: 12446

Re: v6.44.2 [stable] is released!

Hi Emils,

Is this fix related to recent vulnerability issue that were going to go public on 9 April?
by CZFan
Mon Apr 01, 2019 4:03 am
Forum: Wireless Networking
Topic: Alignment Mode : How to use
Replies: 4
Views: 8721

Re: Alignment Mode : How to use

Is this functionality still working? I have 2 lhg 5ac devices, link is up in bridged ptp config currently syncing at 400Mbps, but when I try this, I get nada. no sounds on station side, no info in Winbox on station side. All I get is customer screaming at me every time I do this as the link between ...