Community discussions

Search found 531 matches

  • 1
  • 2
by lambert
Thu Jul 30, 2015 11:02 am
Forum: Wireless Networking
Topic: Switch for the BTS end ?
Replies: 1
Views: 423

Re: Switch for the BTS end ?

Many MikroTik routers have groups of switched ports. You could use any of them which also has an SFP slot for this task. The RB2011 and the CRS series come to mind. The RB260GS or RB260GSP are also options from MikroTik. They run SwitchOS rather than RouterOS. Or, you can get a switch from some othe...
by lambert
Thu Jul 30, 2015 10:52 am
Forum: Scripting
Topic: hotspot specific user log-in
Replies: 3
Views: 748

Re: hotspot specific user log-in

Without having tried it myself... It looks like you could build an /ip hotspot user profile specifically for that user, then set the user with "specialusername" to have that profile. Winbox shows script edit fields for "On Login" and "On Logout" in the IP hotspot User Profile settings. Like I say, n...
by lambert
Thu Jul 30, 2015 10:17 am
Forum: General
Topic: Hotspot where "free trial" is 1mbps/512kbps and authenticated gets >3mbps/1mbps?
Replies: 2
Views: 492

Re: Hotspot where "free trial" is 1mbps/512kbps and authenticated gets >3mbps/1mbps?

I'm trying the non-streaming plan doing an automatic login using a hotspot user and plaintext password in the login link. It seems to work. <a href="$(link-login-only)?dst=$(link-orig-esc)&username=defaultguest&password=defaultguest"> The code box wants to word-wrap at a hyphen on my screen. I suspe...
by lambert
Tue Jul 28, 2015 12:03 am
Forum: General
Topic: Hotspot where "free trial" is 1mbps/512kbps and authenticated gets >3mbps/1mbps?
Replies: 2
Views: 492

Hotspot where "free trial" is 1mbps/512kbps and authenticated gets >3mbps/1mbps?

I'm trying to meet a customer's requirements of giving wifi guests the option of WiFi at slow speeds (e-mail and basic web capable) for free or signing up for streaming capable speeds via a credit card / RADIUS. I've been looking for examples for a few hours and don't see something similar. If anyon...
by lambert
Wed Jul 08, 2015 2:47 am
Forum: RouterBOARD hardware
Topic: Seeking Hardware Recommendation?
Replies: 4
Views: 852

Re: Seeking Hardware Recommendation?

You didn't tell us how much bandwidth you have coming in. Do you want to handle VPN connections from outside? You said you want to get rid of the TDS router. But you also said you cannot get rid of the TDS router and keep your video service. You would need input from someone who knows the TDS system...
by lambert
Wed Jul 08, 2015 2:32 am
Forum: General
Topic: Bandwidth management on the fly
Replies: 1
Views: 466

Re: Bandwidth management on the fly

How do you decide to rate limit them? What queueing method are you using?
by lambert
Sun Jul 05, 2015 8:26 am
Forum: General
Topic: BGP with CCR1009 ?
Replies: 5
Views: 760

Re: BGP with CCR1009 ?

That is completely up to your choice of network architecture design, and budget. It is considered good practice to have one router do the eBGP and other routers handle the IGP. But that is not strictly required. Whether you use one router or two to handle the eBGP peers, is up to you. Two routers ei...
by lambert
Sun Jul 05, 2015 8:00 am
Forum: General
Topic: BGP with CCR1009 ?
Replies: 5
Views: 760

Re: BGP with CCR1009 ?

That depends on your tolerance to slow BGP table loads. *I* would use what I have and if BGP table loads are too painful for *my* environment, grab an x86 router. You have to make your own decision... :-) Even a Pentium 4 would likely have faster BGP table loads. A decent i7, in a network appliance ...
by lambert
Sun Jul 05, 2015 7:47 am
Forum: General
Topic: BGP with CCR1009 ?
Replies: 5
Views: 760

Re: BGP with CCR1009 ?

CPU wise for handling the throughput, the CCR1009 should be able to handle it in its sleep. BGP wise, if you are taking full routes from both providers, it will likely take some time to get the routes downloaded and integrated. It's a single threaded process at this time so only one core is used. A ...
by lambert
Wed Jul 01, 2015 10:42 am
Forum: General
Topic: Leap Second insertion
Replies: 7
Views: 1555

Re: Leap Second insertion

We only have a handful of CCRs, 1036 and 1009. 6.18, 6.24, and 6.27.

No lockups.

The RouterOS NTP client, in unicast mode, is pointed at 2 of our FreeBSD servers which are synced to pool.ntp.org.
by lambert
Fri May 15, 2015 1:57 am
Forum: RouterBOARD hardware
Topic: RB2011UAS-2HnD-IN Questions Topic
Replies: 215
Views: 92493

Re: RB2011UAS-2HnD-IN Questions Topic

first i've setup an basic setup for notebook and xbox(360/ONE) in the web utility. wireless connections are all stable and good, however on the 1Gbit port of the Routerboard it totally collapse the connection when i want to advertise only on 1Gbit full duplex. (the 1Gbit port is literally going off...
by lambert
Fri May 15, 2015 1:18 am
Forum: RouterBOARD hardware
Topic: RB2011UAS-2HnD-IN Questions Topic
Replies: 215
Views: 92493

Re: RB2011UAS-2HnD-IN Questions Topic

How many active users does this hardware (Rb2011) handle simuntaneously without any Hic-ups or system crashes? How many vehicles can be carried on a ferry without tipping over? It depends. Are some vehicles buses and some vehicles "Smart" cars? How many of each exactly? How many are motorcycles? Ho...
by lambert
Wed May 13, 2015 9:35 pm
Forum: RouterBOARD hardware
Topic: Need more CPU and 10 eth ports - which device to choose?
Replies: 12
Views: 1459

Re: Need more CPU and 10 eth ports - which device to choose?

Oh and the RB1100AHx2 is a 5 port router with two 4 port switches.
by lambert
Wed May 13, 2015 9:33 pm
Forum: RouterBOARD hardware
Topic: Need more CPU and 10 eth ports - which device to choose?
Replies: 12
Views: 1459

Re: Need more CPU and 10 eth ports - which device to choose?

I would not worry about number of ports on the router unless you need that many WAN connections, or have a lot of isolated internal LAN subnets. You need WAN and LAN connections on the new router. Continue to use your existing CRS as a switch. If you have multiple internal LANs that need to be route...
by lambert
Tue May 12, 2015 6:10 pm
Forum: General
Topic: Help! PPPoE and Static same interface
Replies: 15
Views: 3402

Re: Help! PPPoE and Static same interface

Hi all, I am trying to find out how to make a connection similar to the one I have at the moment but I want to improve the network to RouterOS. I bought a CRS109 and want to make it my default router at home. I have a bridge that brings ADSL as a PPPoE, but I would like to still access this bridge'...
by lambert
Thu Apr 30, 2015 10:02 pm
Forum: General
Topic: nonat in mikrotik
Replies: 1
Views: 492

Re: nonat in mikrotik

That would go something like: /ip firewall address-list add list=nonat address=nonatIP /ip firewall address-list add list=nonat address=nonatsubnet/prefix comment="if desired, document here" /ip firewall nat chain=src-nat src-address-list=nonat action=accept /ip firewall nat chain=src-nat src-addres...
by lambert
Thu Apr 23, 2015 7:12 am
Forum: General
Topic: Torrent
Replies: 43
Views: 10008

Re: Torrent

normis, I modified your script slightly. It should work on *BSD and Mac OS X/Darwin without having to install extra software and everywhere else with wget. Tested on FreeBSD and MacOS X. #!/usr/bin/env sh ARCH=$(uname -s) case $ARCH in FreeBSD) GETIT="fetch -q"; OUT="-o -"; ;; *BSD|Darwin) GETIT="ft...
by lambert
Wed Apr 15, 2015 3:23 pm
Forum: Beginner Basics
Topic: In-network websites unreachable
Replies: 9
Views: 1099

Re: In-network websites unreachable

That depends on the specifics of what RouterOS version and how you configured everything.
by lambert
Wed Apr 15, 2015 3:19 pm
Forum: Scripting
Topic: script for only e.g. facebook
Replies: 3
Views: 815

Re: script for only e.g. facebook

block 443
by lambert
Wed Apr 15, 2015 8:04 am
Forum: Scripting
Topic: script for only e.g. facebook
Replies: 3
Views: 815

Re: script for only e.g. facebook

Maybe you could use an access rule with the web proxy which is transparently applied only for your "certain group of users" however you decide to identify them?

http://wiki.mikrotik.com/wiki/Manual:IP/Proxy
by lambert
Wed Apr 15, 2015 7:59 am
Forum: Beginner Basics
Topic: In-network websites unreachable
Replies: 9
Views: 1099

Re: In-network websites unreachable

It might be MTU issues. Do large pings work? Does SSH hang when you move a lot of data through the connection?
by lambert
Sat Apr 04, 2015 9:53 am
Forum: General
Topic: Is QuickSet a threat with pppoe?
Replies: 10
Views: 1029

Re: Is QuickSet a threat with pppoe?

I am new to Mikrotik and ROS and I'm currently using ROS 6.27 with a RB951Ui-2HnD. My ISP uses pppoe for authentication and I used QuickSet with the "HomeAP"-Setting. When taking a look at firewall rules the device is open to the whole world. After half an hour, I got 200 failed logins in the log v...
by lambert
Fri Apr 03, 2015 7:43 pm
Forum: Forwarding Protocols
Topic: Making BGP Changes
Replies: 11
Views: 1241

Re: Making BGP Changes

For outbound traffic, probably. Do it at 2AM anyway. If you are advertising routes to your provider, (Why would you run BGP if you're not?), then the routes you are advertising will probably go away until the BGP session rebuilds. That will most likely make your static default route immaterial from ...
by lambert
Thu Mar 26, 2015 8:07 pm
Forum: General
Topic: Router Suggestion
Replies: 3
Views: 641

Re: Router Suggestion

Well, without knowing your WAN speeds I have to say "get the RB1100AHx2." If you have more than 100Mbps total, you will likely run out of power with the RB2011 series.
by lambert
Thu Mar 26, 2015 7:37 pm
Forum: General
Topic: 1 year uptime on CCR1036-12G-4S
Replies: 7
Views: 1277

Re: 1 year uptime on CCR1036-12G-4S

The CCRs need some reports of good uptimes under load to counter the bad "press" they deservedly received when first released. I see some people who wrote off the CCR line entirely back in the pre-6.7 days. These people haven't noticed that most issues appear to be fixed, for many, not all and maybe...
by lambert
Thu Mar 26, 2015 1:51 am
Forum: General
Topic: 1 year uptime on CCR1036-12G-4S
Replies: 7
Views: 1277

Re: 1 year uptime on CCR1036-12G-4S

Thought I would share this for you all, from one of our CCR's... Would you mind telling us what functions this router is fulfilling? BGP, OSPF, Queue Trees, NTP server ......? I had 270+ days on my BGP(1 peer, partial routes)/OSPF/50 firewall rules/20 vlans/occasional L2TP/IPsec server/500Mbps CCR1...
by lambert
Sat Mar 14, 2015 12:31 am
Forum: Beginner Basics
Topic: What about EIGRP at Mikrotik
Replies: 7
Views: 2220

Re: What about EIGRP at Mikrotik

The protocol is not supported on RouterOS. You will want to use RIP, OSPF, or iBGP.
by lambert
Fri Mar 13, 2015 3:39 am
Forum: General
Topic: Terminating outdoor cable inside
Replies: 1
Views: 430

Re: Terminating outdoor cable inside

Sounds like a plan if your install budget can handle it. There have got to be less expensive cat6 surface mount parts. If you don't feel strongly about having the entry point stuck down, you could go with something like : http://www.deepsurplus.com/Network-Structured-Wiring/Ethernet-CAT5e-Inline-Ada...
by lambert
Thu Mar 12, 2015 6:20 pm
Forum: General
Topic: Router Suggestion
Replies: 3
Views: 641

Re: Router Suggestion

WAN speeds?

Off-site VPN clients? If yes, what type of VPN?

Rate limiting or traffic prioritization for internal users?
by lambert
Thu Mar 12, 2015 4:59 pm
Forum: General
Topic: _HUGE_ Packet loss on CRS125 :(((
Replies: 66
Views: 9004

Re: _HUGE_ Packet loss on CRS125 :(((

I have no opinion on whether or not this will help your issue. Have you tried http://forum.mikrotik.com/viewtopic.php?t=92711#p463429.
by lambert
Thu Mar 12, 2015 12:01 am
Forum: General
Topic: Billing software with Radius support
Replies: 3
Views: 1369

Re: Billing software with Radius support

If you are a typical Wireless ISP, off the top of my head: http://freeside.biz/freeside http://wispmon.com http://powercode.com http://visp.net http://azotel.com http://ispbilling.com http://billmax.com There are probably other options. If you just want to do hotspot billing, there are other package...
by lambert
Tue Mar 03, 2015 2:06 am
Forum: General
Topic: RouterOS DHCP + Freeradius - Queues
Replies: 19
Views: 4991

Re: RouterOS DHCP + Freeradius - Queues

That fixes a problem which was introduced after 6.18.
by lambert
Wed Feb 18, 2015 5:56 am
Forum: Beginner Basics
Topic: When auto updating, Error connection timed out
Replies: 29
Views: 17472

Re: When auto updating, Error connection timed out

While all management traffic works to my RouterOS devices and I can ping and SSH to the general Internet from the RouterOS devices, the auto update checker timed out until I added the state checking rules to the firewall's input chain. Maybe it is using FTP underneath. I didn't dig into why it would...
by lambert
Mon Feb 16, 2015 11:17 pm
Forum: General
Topic: _HUGE_ Packet loss on CRS125 :(((
Replies: 66
Views: 9004

Re: _HUGE_ Packet loss on CRS125 :(((

Do you have any packet loss with -i 0.01? Do you have any packet loss with -s 1472? The CPU on the CRS is small. Watch cpu utilization while you run the ping command. You are doing a serious flood ping with your existing ping command. Your existing size is forcing it to send 7 packets over the wire ...
by lambert
Mon Feb 16, 2015 7:11 pm
Forum: General
Topic: Need help: DHCP on VLAN bridge not working, works on just an interface?
Replies: 11
Views: 7738

Re: Need help: DHCP on VLAN bridge not working, works on just an interface?

/interface bridge port add bridge=bridge-vlan21 port=ether4-vlan21
by lambert
Mon Feb 16, 2015 7:03 pm
Forum: General
Topic: Router and 2 AP
Replies: 2
Views: 520

Re: Router and 2 AP

Please start by reading the pages linked from here: http://wiki.mikrotik.com/wiki/Category:Wireless

If you still have trouble, come back and ask us about the specific item which is giving you trouble.
by lambert
Mon Feb 16, 2015 6:55 pm
Forum: General
Topic: freeradius+dhcp with mikrotik - no netmask and gateway
Replies: 5
Views: 2359

Re: freeradius+dhcp with mikrotik - no netmask and gateway

Hello.. i'm try this case too .. but still no running. please let me know the detail ... You tried which way? There are two scenarios described before your post and we cannot tell to which message you are referring. Please describe your setup, tell us what version of RouterOS you are using, and sho...
by lambert
Fri Jan 23, 2015 10:38 am
Forum: General
Topic: Issue with DHCP and PPPoE servers on the same bridge?
Replies: 0
Views: 328

Issue with DHCP and PPPoE servers on the same bridge?

We have a WISP with several towers. There are multiple APs per tower. All of the APs are in one bridge with port horizon and / or bridge filters to keep the users from speaking to one another. We use DHCP + RADIUS auth to hand IPs to the customer. It works. But we are missing the accounting records ...
by lambert
Mon Jan 19, 2015 8:06 am
Forum: Beginner Basics
Topic: rb850gx2 speed problem
Replies: 7
Views: 1350

Re: rb850gx2 speed problem

I would start by putting the passthrough=no rules immediately following the rules which create the connections marks they look for. I think you will spend less time comparing traffic for each possible condition before short circuiting out of the loop. Then, look for the set of rules which see the mo...
by lambert
Fri Jan 16, 2015 9:40 am
Forum: Wireless Networking
Topic: Contention Ratio calculation
Replies: 1
Views: 1550

Re: Contention Ratio calculation

I think there have been several conversations on this forum on this topic. You might want to use the search function.
by lambert
Tue Dec 30, 2014 10:20 am
Forum: General
Topic: Ditch ubiquiti and come to mikrotik?
Replies: 39
Views: 7507

Re: Ditch ubiquiti and come to mikrotik?

i'll go in there and run a cable around the perimeter of my office temporarily to test...... as which i'm sure you and the others that mentioned doing so are correct. so, for each device that talks to the ap, cut the rate in two and divide by the number of connected devices? starting with say 144, ...
by lambert
Tue Dec 30, 2014 10:14 am
Forum: General
Topic: Ditch ubiquiti and come to mikrotik?
Replies: 39
Views: 7507

Re: Ditch ubiquiti and come to mikrotik?

Possibly because the AP is screaming. Possibly because of other noise. Do you have both chains enabled on the AP? 40 MHz, 1 chain = 144mbps.
by lambert
Tue Dec 30, 2014 9:41 am
Forum: General
Topic: Ditch ubiquiti and come to mikrotik?
Replies: 39
Views: 7507

Re: Ditch ubiquiti and come to mikrotik?

- the 15GB vid is at least 2hrs. in length. so that should be a paltry 125MB/minute or 2.08MB/sec (16.66Mbit/sec). That should be easily achieved, even on the lesser 144Mbit connection....... right? 144Mbps air rate yields approximately 72Mbps of data throughput. Now, with two devices talking to ea...
by lambert
Thu Dec 11, 2014 1:37 am
Forum: General
Topic: l2tp keepalive?
Replies: 5
Views: 1341

Re: l2tp keepalive?

Did you change the keepalive setting on both sides?

I have not done the research, but you can, to know if the keepalive value is negotiated to the smallest acceptable value between L2TP peers or not.
by lambert
Thu Nov 27, 2014 2:31 am
Forum: General
Topic: Wisp Routing or Bridging
Replies: 3
Views: 1633

Re: Wisp Routing or Bridging

RTFW. If you have specific questions after reading the fine wiki, http://wiki.MikroTik.com/, someone may be able to offer assistance.
by lambert
Wed Nov 26, 2014 10:00 pm
Forum: General
Topic: I need skilled eyes on my config
Replies: 2
Views: 642

Re: I need skilled eyes on my config

This thread has a similar question to yours. You have to define VLANs as sub-interfaces of their master interfaces. Then you use bridges including the VLAN interfaces into the appropriate grouping.

http://forum.mikrotik.com/viewtopic.php ... 88#p457425
by lambert
Wed Nov 26, 2014 9:11 pm
Forum: General
Topic: How much Bandwidth is required? [WISP]
Replies: 16
Views: 3790

Re: How much Bandwidth is required? [WISP]

Given my pricey bandwidth upstream, I can see this topic changing to "How so I conserve bandwidth" and "How do I make my service seem fast". Web cache (squid) is one way. But this is only for httptraffic. Qos is also another important tool (i.e. Give priority to http  and VoIP). Any other 'tricks...
by lambert
Tue Nov 25, 2014 1:16 am
Forum: General
Topic: WISP Project
Replies: 8
Views: 2940

Re: WISP Project

Yeah, that diagram is generally how I would do it. Make sure the AP 10.1.2.2 is configured with default forward turned off. If you have more than one AP, keep them in separate networks or use bridge filters or port horizon settings to keep traffic from coming in on one IP and going back out to a cli...
by lambert
Tue Nov 25, 2014 12:05 am
Forum: General
Topic: How much Bandwidth is required? [WISP]
Replies: 16
Views: 3790

Re: How much Bandwidth is required? [WISP]

It depends. I have towers with 30 clients which use 60Mbps during peak hours. I have towers with 50 clients which use 12Mbps during peak hours. It depends on the customers. Younger clients tend to use more bandwidth than older clients. Wealthier clients tend to use more bandwidth than less wealthy c...
by lambert
Mon Nov 24, 2014 11:40 pm
Forum: General
Topic: Wisp Routing or Bridging
Replies: 3
Views: 1633

Re: Wisp Routing or Bridging

Routing. Always. You can setup VLANs from each AP back to the CCR1036 if you don't want to put a router at each tower. That will keep you from having one huge broadcast domain. If you run PPPoE on the CCR, you will be okay, as long as the back-hauls are managed via a separate VLAN than is used to tr...
by lambert
Mon Nov 24, 2014 11:22 pm
Forum: General
Topic: Remote Syslog Issue in CCR1036 & 450G
Replies: 7
Views: 1991

Re: Remote Syslog Issue in CCR1036 & 450G

Yes, i am able to ping from both routers and kiwi syslog to routers also , even i tried to upgrade and downgrade the versions but same issue repeated. check out the images and .rsc of non working and working Please, do not make gratuitous changes such as changing the version of RouterOS. Let us deb...
by lambert
Sat Nov 22, 2014 8:06 am
Forum: General
Topic: My Internet provider have a "connections limit"..
Replies: 12
Views: 2748

Re: My Internet provider have a "connections limit"..

What kind of connection limit? Session time limit? Bytes transferred limit? Simultaneous TCP connection limit? Something else? You have to actually get around to telling us exactly what the problem is for us to be able to offer suggestions. When plisken asked for more information, you told us the sa...
by lambert
Fri Nov 21, 2014 9:18 am
Forum: General
Topic: WISP Project
Replies: 8
Views: 2940

Re: WISP Project

"Don't bridge networks" which means don't build a network of 100's of clients across several towers all in the same broadcast domain. Bridging your backhauls makes the configuration of the radios simpler. It makes them more like a long ethernet cable between towers. It is not wrong to do it the way ...
by lambert
Fri Nov 21, 2014 8:35 am
Forum: Beginner Basics
Topic: Mikrotik RB2011 UniFi 2 SSID and Local Network
Replies: 6
Views: 3290

Re: Mikrotik RB2011 UniFi 2 SSID and Local Network

I think the mikrotik way is to create vlans 200 and 300 on each of the UniFi ethernet interfaces, then put each VLAN interface in into the appropriate bridge. /interface vlan add interface=ether3 name=E03_V200 vlan-id=200 add interface=ether3 name=E03_V300 vlan-id=300 add interface=ether4 name=E04_V...
by lambert
Fri Nov 21, 2014 6:12 am
Forum: General
Topic: Remote Syslog Issue in CCR1036 & 450G
Replies: 7
Views: 1991

Re: Remote Syslog Issue in CCR1036 & 450G

Actually, he didn't follow instructions at all... I asked for exports in case there is something which set or unset which is one of the many RouterOS configuration parameters which do not show in the results of a print command. Also, I guess we are supposed to take his word for it that the non-worki...
by lambert
Fri Nov 21, 2014 5:58 am
Forum: General
Topic: Linking a Public IP with a Private IP
Replies: 6
Views: 1403

Re: Linking a Public IP with a Private IP

It doesn't work... :( I still cant figure it out why.
So, show us what you tried so we can help figure out what went wrong. Most of us don't read minds around here.
by lambert
Thu Nov 20, 2014 9:06 am
Forum: General
Topic: CSR125-25G Not Loading Previous Sessions
Replies: 6
Views: 1062

Re: CSR125-25G Not Loading Previous Sessions

I think the corruption tends to happen when a session was not closed cleanly. Like when I get ready to leave and close the lid on the laptop without logging out. It doesn't happen all the time, probably not even 2% of the time. But, quite often across all models of my 70 or so devices. The other alt...
by lambert
Thu Nov 20, 2014 9:00 am
Forum: General
Topic: Remote Syslog Issue in CCR1036 & 450G
Replies: 7
Views: 1991

Re: Remote Syslog Issue in CCR1036 & 450G

Show from a working router the results of /system syslog export.

Show from a non-working router the results of /system syslog export.

Ensure the IP addresses from both routers are permitted to talk to the Kiwi server on the syslog port.
by lambert
Thu Nov 20, 2014 8:55 am
Forum: General
Topic: CSR125-25G Not Loading Previous Sessions
Replies: 6
Views: 1062

Re: CSR125-25G Not Loading Previous Sessions

I would begin by assuming that the winbox settings which are saved for this device are corrupt. Corruption of saved layout is something which happens all the time. Log in without "Load Previous Session" checked. Log out. Log in with "Load Previous Session" checked. Make changes. Log out. Cross your ...
by lambert
Mon Nov 17, 2014 9:55 pm
Forum: Beginner Basics
Topic: Firewall rule
Replies: 7
Views: 1722

Re: Firewall rule

That one rule will not prevent traffic from the ether2 LAN getting to the ether1 LAN. You would have to write another rule with the in and out interfaces flipped to do that, if that is what you want.
by lambert
Fri Nov 14, 2014 8:52 pm
Forum: General
Topic: DHCP issue
Replies: 4
Views: 1058

Re: DHCP issue

I've seen this when there was packet loss between the wireless CPE and the AP.
by lambert
Fri Nov 14, 2014 7:29 pm
Forum: General
Topic: RouterOS DHCP + Freeradius - Queues
Replies: 19
Views: 4991

Re: RouterOS DHCP + Freeradius - Queues

Okay, that makes sense and explains why we do not have a problem. On our network, every user is in an address-list. You might want to make a feature request of MikroTik to use the session-timeout as an address-list timeout. But it would still be there until timeout expired even if you force the devi...
by lambert
Fri Nov 14, 2014 6:41 am
Forum: General
Topic: WISP Project
Replies: 8
Views: 2940

Re: WISP Project

It's simple enough. Static routes are always simple. If you are going to add more sites, you will eventually want to add a dynamic routing protocol to the mix. I'm not sure if you made a typographical error putting 10.10.3.0/24 on two interfaces on the tower router or if that device is a switch. Are...
by lambert
Fri Nov 14, 2014 6:04 am
Forum: RouterBOARD hardware
Topic: CRS125-24G-1S-2HnD-IN - What kind of throughput will I get?
Replies: 4
Views: 1635

Re: CRS125-24G-1S-2HnD-IN - What kind of throughput will I g

If you want to link the switches together, you may want to look at using 10G Ethernet over fiber with different MikroTik switches. http://routerboard.com/CRS210-8G-2SplusIN or http://routerboard.com/CRS226-24G-2SplusIN or if you have a 19" rack: http://routerboard.com/CRS226-24G-2SplusRM There is no...
by lambert
Fri Nov 14, 2014 5:27 am
Forum: Beginner Basics
Topic: Firewall rule
Replies: 7
Views: 1722

Re: Firewall rule

So, you want PC1 to talk to RouterBoard 1 only and PC2 to talk to RouterBoard 2 only? And network1 is, for example, 192.168.1.0/24 and network2 is 192.168.2.0/24? Is that what you mean? if so, you just need something like this on routerboard 2 assuming PC2's IP is 192.168.2.12. Untested and typed in...
by lambert
Fri Nov 14, 2014 4:46 am
Forum: General
Topic: IPsec Disconnects
Replies: 3
Views: 1872

Re: IPsec Disconnects

I have the same problem. I'm just posting a me too here so you know you're not alone.

http://forum.mikrotik.com/viewtopic.php?f=2&t=88389
by lambert
Fri Nov 14, 2014 4:04 am
Forum: General
Topic: New forum look & feel
Replies: 64
Views: 8452

Re: New forum look & feel

The "View unread posts" is not gone - it's at the "Forum" menu on top, renamed to "View new posts" ("unread" is implied). It is gone. "View unread posts" and "View new posts" are 2 totally different functions. "unread" is NOT implied, as "View new posts" shows posts already red. Ah. I see what you ...
by lambert
Thu Nov 13, 2014 11:56 pm
Forum: General
Topic: RouterOS DHCP + Freeradius - Queues
Replies: 19
Views: 4991

Re: RouterOS DHCP + Freeradius - Queues

by lambert
Thu Nov 13, 2014 11:42 pm
Forum: General
Topic: RouterOS DHCP + Freeradius - Queues
Replies: 19
Views: 4991

Re: RouterOS DHCP + Freeradius - Queues

What reply attributes are you returning? It works for us all day every day. Below are the attributes we use for everyone. Customers with static IP addresses also get a Framed-IP attribute from the radreply table. mysql> select * from radgroupreply where groupname = "1MbCustomers"; +-----+-----------...
by lambert
Wed Nov 05, 2014 9:41 am
Forum: General
Topic: Not able to connect to device by IP after resetting
Replies: 3
Views: 627

Re: Not able to connect to device by IP after resetting

I think that is the default config for the RB1100AHx2.

The higher end devices seem to ship with a default which is less crowded. The SOHO devices ship with the more complete configuration to make them behave more like a typical consumer device out of the box.
by lambert
Wed Nov 05, 2014 9:03 am
Forum: Beginner Basics
Topic: Problems with mikrotik pppoe/freeradius/sql authentication
Replies: 5
Views: 2757

Re: Problems with mikrotik pppoe/freeradius/sql authenticati

You are doing things which are more complicated than most forum members get into. The forum members who know what you are doing tend to be busy doing these things and don't always have time to help out. The radiusd -X snippet you posted shows FreeRADIUS handling an accounting packet received from 10...
by lambert
Wed Nov 05, 2014 5:51 am
Forum: General
Topic: FreeRadius limits
Replies: 2
Views: 856

Re: FreeRadius limits

Are you getting accounting data from the MikroTik to FreeRADIUS?
by lambert
Wed Nov 05, 2014 5:36 am
Forum: General
Topic: Slower download and upload
Replies: 4
Views: 827

Re: Slower download and upload

It sounds like it may be time for an upgrade to an RB850Gx2. Unless you want to go crazy and upgrade to a rack mount unit, CCR or RB1100AH.
by lambert
Wed Nov 05, 2014 5:24 am
Forum: Beginner Basics
Topic: router was rebooted without proper shutdown
Replies: 2
Views: 777

Re: router was rebooted without proper shutdown

It can't hurt to do a clean shutdown. It would also give the router a chance to write DHCP lease information and graph information and other things safely to flash rather than loosing the last 5 minutes to an hour worth of data. We don't worry about it. I graph data via SNMP from my monitoring serve...
by lambert
Wed Nov 05, 2014 5:18 am
Forum: General
Topic: Why is RB133 supported by RouterOS v6 while RB133C isn't?
Replies: 5
Views: 1852

Re: Why is RB133 supported by RouterOS v6 while RB133C isn't

Because the RB133C is missing things... I think you answered your own question. :)
by lambert
Wed Nov 05, 2014 5:17 am
Forum: Beginner Basics
Topic: Can websites accessed without a proxy be logged?
Replies: 1
Views: 498

Re: Can websites accessed without a proxy be logged?

You can log it without actually caching the website content. But the easiest way I can think of would involve enabling the web proxy without a cache and adding an access rule to permit and log. You might be able to do it with a Layer 7 filter rule matching only new connection requests to outside IPs...
by lambert
Wed Nov 05, 2014 5:10 am
Forum: General
Topic: CRS-125-24G-1S keeps disconnecting
Replies: 5
Views: 1047

Re: CRS-125-24G-1S keeps disconnecting

I was surprised when I lost connection to the CRS I was configuring today while changing the comment on the port to which I was connected. Not a big deal, just don't change the interface to which you are MAC connected. I don't remember that happening with other models. I may not have paid enough att...
by lambert
Tue Nov 04, 2014 10:56 pm
Forum: General
Topic: RouterOS DHCP + Freeradius - Queues
Replies: 19
Views: 4991

Re: RouterOS DHCP + Freeradius - Queues

With Session-Timeout set to 3600 seconds, the mikrotik re-authenticates them every hour and they get their new MikroTik-Access-List value to change to their new plan speed within an hour of the plan being changed in the database. They can force a renewal before their current lease expires if they a...
by lambert
Tue Nov 04, 2014 10:48 pm
Forum: General
Topic: RouterOS DHCP + Freeradius - Queues
Replies: 19
Views: 4991

Re: RouterOS DHCP + Freeradius - Queues

I am trying to do shaiping via DHCP and got the same issue. I think there is an issue in DHCP processing on Mikrotik side. If station send request first time mikrotik has no lease and correctly sends requests to RADIUS. If station disconnects and resends DHCP request or makes renewal leases, Miroti...
by lambert
Tue Nov 04, 2014 10:06 pm
Forum: Beginner Basics
Topic: ipsec
Replies: 8
Views: 1580

Re: ipsec

What is the solution to help me First, tell us what the problem is. Is the remote IP one of your VPN clients attempting to connect to the VPN server? If so, they are failing to connect for some reason. Enable IPSec debugging. Find out what the error was. If the remote IP is not one of your users at...
by lambert
Tue Nov 04, 2014 2:01 am
Forum: General
Topic: Process logging 100% CPU
Replies: 5
Views: 1066

Re: Process logging 100% CPU

Can you get it to export the configuration via telnet or SSH connection? It may not export the entire config you may want to only '/ip firewall export' If you can, are there any firewall rules which log packets? If so, try to disable the rule. If not just disable all entries under /system logging. /...
by lambert
Tue Nov 04, 2014 1:55 am
Forum: General
Topic: CRS-125-24G-1S keeps disconnecting
Replies: 5
Views: 1047

Re: CRS-125-24G-1S keeps disconnecting

Are you connecting via MAC address or via IP address?

What is the physical networking between your computer and the CRS?

Does is disconnect you if you are not changing things? What things are you changing? Do they affect the link between your computer and the CRS?
by lambert
Tue Nov 04, 2014 1:42 am
Forum: Wireless Networking
Topic: Low TCP throughput SXt5HPACD
Replies: 16
Views: 2272

Re: Low TCP throughput SXt5HPACD

day 3 working on this and still can't get above 170mbs. CCQ unstable and modulation keeps bouncing to different rates. Anyone else got these working stable? Did you scan for other 5.8GHz device which might be operating in the area? Not yours, devices belonging to other people. 80MHz of clean spectr...
by lambert
Tue Nov 04, 2014 1:05 am
Forum: Wireless Networking
Topic: cAP-2n
Replies: 2
Views: 5905

Re: cAP-2n

My cAP-2n just arrived today. Powered it up and set my laptop to 192.168.88.224/24 and hit 192.168.88.1. Awesome, now I'm in. The address acquisition was on static and the ip stated 0.0.0.0 so I changed it to automatic. Plugged the cAP-2n into my RB750 and I am unable to see the cAP-2n from the RB7...
by lambert
Mon Oct 27, 2014 5:15 pm
Forum: Beginner Basics
Topic: Dual Chain
Replies: 12
Views: 4393

Re: Dual Chain

Just to be sure we've answered your first questions without requiring any physics. (You had three questions): Dual chains means faster wireless throughput. Second question: In RouterOS, there are two checkboxes under the wireless interface configuration to enable or disable each chain. Third questio...
by lambert
Mon Oct 27, 2014 5:08 pm
Forum: Beginner Basics
Topic: Dual Chain
Replies: 12
Views: 4393

Re: Dual Chain

You are overthinking it. As an appliance operator, you get to check the bullet points. Side A has two chains? Check Side B has two chains? Check Side A has X dBi of antenna gain? Check Side B has X dBi of antenna gain? Check (where X is equal or greater than what you already have installed.) Install...
by lambert
Sat Oct 25, 2014 5:06 am
Forum: Beginner Basics
Topic: Dual Chain
Replies: 12
Views: 4393

Re: Dual Chain

4. there is one channel for both polarities. We can answer specific questions such as these. We usually don't have time to write a curriculum of study to take someone from zero to knowledgeable practitioner. Search engines, with the right query terms, are more time effective. I apologize if that see...
by lambert
Fri Oct 24, 2014 6:33 am
Forum: Beginner Basics
Topic: Dual Chain
Replies: 12
Views: 4393

Re: Dual Chain

by lambert
Sat Oct 11, 2014 8:24 am
Forum: General
Topic: Block all sites except 3 websites on guest network.
Replies: 1
Views: 477

Re: Block all sites except 3 websites on guest network.

Begin with http://wiki.mikrotik.com/wiki/Manual:IP/Proxy . Specifically: http://wiki.mikrotik.com/wiki/Manual:IP/Proxy#Proxy_based_firewall_.E2.80.93_Access_List Allow the three sites (it may be necessary to allow some sites on which those sites depend). Block everything else. If they are your sites...
by lambert
Tue Sep 30, 2014 8:36 am
Forum: General
Topic: Remove dude from RB493G - is there a way to?
Replies: 6
Views: 1411

Re: Remove dude from RB493G - is there a way to?

Good deal. Glad you got it working.

On which OS are you running VirtualBox? Just curious.
by lambert
Tue Sep 30, 2014 12:25 am
Forum: The Dude
Topic: Recommended Replacement Network Monitoring System??
Replies: 20
Views: 8014

Re: Recommended Replacement Network Monitoring System??

Nagios, PNP, NagioSQL, cacti, mrtg, ...
by lambert
Mon Sep 29, 2014 10:58 pm
Forum: Wireless Networking
Topic: 5500 - 5700Mhz
Replies: 6
Views: 1746

Re: 5500 - 5700Mhz

Those frequencies are allowed IF the device has been certified to comply with the rules and configured correctly and you are not interfering with any licensed user of that spectrum. MikroTik has not had the devices certified. Therefore it is illegal to use MikroTik devices on those frequencies in th...
by lambert
Thu Sep 25, 2014 3:07 am
Forum: Wireless Networking
Topic: Yet another WiFi connectivity issues
Replies: 7
Views: 1217

Re: Yet another WiFi connectivity issues

I agree it looks like 'rather wireless than mikrotik' issue, since beside wireless i really like the platform itself and it works well. If, and i say IF, AP per room considered, any suggestions what gear in particular would/could do the job? Lets say i want to go a little futureproof mode, and hand...
by lambert
Wed Sep 24, 2014 11:42 am
Forum: Wireless Networking
Topic: Yet another WiFi connectivity issues
Replies: 7
Views: 1217

Re: Yet another WiFi connectivity issues

The wireless bandwith varies - depending on the activity, whether it is internet traffic (8 mbps for now - I know it's not a lot :P) or internal traffic (filesharing). Testing indoors/dynamic didn't really make a difference forme. The SSID's are not hidden and the combination with primary wifi and ...
by lambert
Wed Sep 24, 2014 6:43 am
Forum: Wireless Networking
Topic: Yet another WiFi connectivity issues
Replies: 7
Views: 1217

Re: Yet another WiFi connectivity issues

What is the CPU utilization of the RB2011? The bandwidth flowing across the wireless interface? Other interfaces? My thinking is that it could be too busy to get to the group key renegotiation in time. Just a wild guess based on no real data. I don't do much MikroTik wireless. Have you tried setting...
by lambert
Tue Sep 23, 2014 11:59 pm
Forum: General
Topic: Remove dude from RB493G - is there a way to?
Replies: 6
Views: 1411

Re: Remove dude from RB493G - is there a way to?

Figure out why netinstall isn't working.

Have you disabled the firewall on your windows computer?
by lambert
Tue Sep 23, 2014 10:06 pm
Forum: RouterBOARD hardware
Topic: I need a recomandation
Replies: 8
Views: 1306

Re: I need a recomandation

If the budget allows, a CCR1009 might have more future-proofing.

The RB1100AHx2 is probably enough for now. But, it is old tech when the CCRs are new tech. You can see old tech as well tested or on its way out.

The choice would come down to budget and individual preference.
by lambert
Tue Sep 23, 2014 9:57 pm
Forum: RouterBOARD hardware
Topic: suggestion for a 5 gig router after testing ccr 1036
Replies: 12
Views: 2260

Re: suggestion for a 5 gig router after testing ccr 1036

/ip firewall filter add action=drop chain=forward comment="zeus drop" connection-state=new dst-address-list=zeus add action=add-src-to-address-list address-list=level1 address-list-timeout=1m chain=input connection-state=new dst-port=22,23 protocol=tcp add action=add-src-to-address-list address-lis...
by lambert
Mon Sep 22, 2014 10:45 pm
Forum: RouterBOARD hardware
Topic: suggestion for a 5 gig router after testing ccr 1036
Replies: 12
Views: 2260

Re: suggestion for a 5 gig router after testing ccr 1036

Joe asked for : /ip firewall export The reason he asked for that is that it is entirely possible for you to write the rules you described in such a way as to spin your CPU for every packet or only when necessary. You can change IP addresses in the rules for privacy, but showing us exactly what the r...
by lambert
Mon Sep 22, 2014 10:27 pm
Forum: RouterBOARD hardware
Topic: RB1100ahx2 redundant powering
Replies: 15
Views: 4581

Re: RB1100ahx2 redundant powering

What is the amp rating of the new UBNT PoE units? What is the amp rating of the old PoE units? I really expect the amp rating to make more difference than half a volt between 22 and 23 VDC. Unfortunately, I do not see power requirements for the RB1100AHx2 on routerboard.com. My RB1100AHx2 running 5....
by lambert
Mon Sep 22, 2014 9:49 pm
Forum: General
Topic: Can't access other subnets on /22 network through PPTP
Replies: 9
Views: 1671

Re: Can't access other subnets on /22 network through PPTP

It is time to get a PPTP user connected and unable to access hosts on the LAN then run /system sup-output on your mikrotik and e-mail support@mikrotik.com. It works for me in the configuration you have described up through RouterOS 6.18.
by lambert
Fri Sep 19, 2014 2:12 am
Forum: General
Topic: centralized configuration management
Replies: 2
Views: 1088

Re: centralized configuration management

I use a Makefile with all of my Tiks listed which ssh's to each device and runs the command to effect the change I want.

You could easily do it with straight shell scripting. You might be able to do it with a batch script wrapped around PuTTY in windows.
by lambert
Fri Sep 19, 2014 12:47 am
Forum: Beginner Basics
Topic: Questing regarding packet marking
Replies: 4
Views: 984

Re: Questing regarding packet marking

I believe the answer is no. I am not 100% certain. I think you would have to tag the encapsulated packet at the time it was encapsulated because once it is encapsulated, it is a different packet. It might help you to follow the packet processing through the packet processing flow charts which have b...
by lambert
Wed Sep 17, 2014 1:21 am
Forum: General
Topic: RouterOS DHCP + Freeradius - Queues
Replies: 19
Views: 4991

Re: RouterOS DHCP + Freeradius - Queues

Are you specifying the Session-Timeout in your FreeRADIUS reply packet? We had issues without Session-Timeout where users were only authenticated once. As long as they kept their lease renewed before it expired, they never had to authenticate again. With Session-Timeout set to 3600 seconds, the mikr...
by lambert
Wed Sep 17, 2014 12:57 am
Forum: Beginner Basics
Topic: New Router OSX
Replies: 6
Views: 1985

Re: New Router OSX

Lets say i have a fresh zero config routerOS router that someone plugs into a routerOS router on my network. I want to be able to connect to via winbox and configure this router without ever touching it. I winbox to the existing router and get a MAC telnet session to the new box. from there what is...
by lambert
Tue Sep 16, 2014 3:11 am
Forum: General
Topic: two mikrotik servers in same subnet
Replies: 10
Views: 1613

Re: two mikrotik servers in same subnet

There is no need to apologize for your English skills. They are certainly better than my skills in your primary language. We just have to work through it until we understand each other. Could you show us the results of : /ip address export /ping count=5 10.0.0.1 /ping count=5 10.0.0.6 /ip arp print ...
by lambert
Mon Sep 15, 2014 2:48 am
Forum: General
Topic: v6.19 released
Replies: 256
Views: 93572

Re: v6.19 released

We're complaining that pre-release RouterOS requires pre-release Winbox? Maybe MikroTik just wants to ensure that they get some Winbox 3 feedback from the people who are already demonstrably risk takers. If you are running RCs, you are a risk taker. Anyone who cares should e-mail support and ask the...
by lambert
Sat Sep 13, 2014 7:11 am
Forum: Beginner Basics
Topic: Questing regarding packet marking
Replies: 4
Views: 984

Re: Questing regarding packet marking

It is my understanding that packet and connection marks never leave the router which added them. I am not certain from your question if you are referring to the marks in the same device which added them, then encapsulated them. Or are you wanting to refer to the marks added on one device, call it ro...
by lambert
Sat Sep 13, 2014 7:02 am
Forum: General
Topic: Can't access other subnets on /22 network through PPTP
Replies: 9
Views: 1671

Re: Can't access other subnets on /22 network through PPTP

Where is the rest of the 192.168.0.0/22 subnet? Is it on your local LAN or is it broken up and spread out across a wide network with multiple routers?

If the IP address of your "LAN" is 192.168.0.1/22, you probably need to enable proxy arp on the same interface which has that IP address.
by lambert
Sat Sep 13, 2014 6:57 am
Forum: General
Topic: two mikrotik servers in same subnet
Replies: 10
Views: 1613

Re: two mikrotik servers in same subnet

i have problem . i want to link two mikrotik servers in one switch . when i do that one of them take the advantage and cant reach to the another one . i do that give one of them ip 10.0.0.1 and the another one ip 10.0.0.6 What is the exact problem? 10.0.0.1 MikroTik cannot talk to 10.0.0.6 MikroTik...
by lambert
Sat Sep 13, 2014 6:38 am
Forum: Wireless Networking
Topic: Netbox5 - Outdoor results with 866/866 Data Rates
Replies: 6
Views: 1779

Re: Netbox5 - Outdoor results with 866/866 Data Rates

It's also a really short link, and the signals are HOT, -27 or so, I can't see anywhere what the current TX powers are, all just say 0db !?!? NV2 - 170Mb Nstreme - 175Mb 802.11 - 530Mb UDP / 160TCP Looks like plain 802.11 gives the best throughput, but how well will it work at long-haul links at 30...
by lambert
Sat Sep 13, 2014 6:23 am
Forum: Beginner Basics
Topic: New Router OSX
Replies: 6
Views: 1985

Re: New Router OSX

Wine or CodeWeavers or ... http://forum.mikrotik.com/viewtopic.php?f=1&t=63703 But!!!! You can't be plugged into the port that the default configuration thinks is the "WAN", Internet uplink. For most RBs that is ether1. You need to be plugged into a port which is on the "LAN". Otherwise the MikroTik...
by lambert
Thu Sep 11, 2014 9:45 pm
Forum: General
Topic: v6.19 released
Replies: 256
Views: 93572

Re: v6.19 released

I believe the format of the set command is : set {entry number(s)} things to set Your command should have been in the format of: /ip dhcp-server lease set [find server=dhcp-lan2] address-list=klient But the error you are getting says that the address-list entry already existed in /ip firewall addres...
by lambert
Wed Sep 10, 2014 10:55 am
Forum: General
Topic: CCR Performance
Replies: 5
Views: 1241

Re: CCR Performance

I have three BGP upstreams (same provider) in geographically different locations. The biggest pipe is connected to a CCR1036. We switched to it from the 7206 about 7 months ago. We have 500Mbps there and it just ticks along. The other two sites are running older x86 boxes with about 200Mbps each. I'...
by lambert
Wed Sep 10, 2014 10:24 am
Forum: General
Topic: Authentication Server for ISP?
Replies: 2
Views: 664

Re: Authentication Server for ISP?

FreeRADIUS is pretty much the gold standard. If you don't already know *nix, you will have a steep learning curve. If you can handle operating a computer without a mouse, you'll be fine. <in jest> I hate Windows. I really do. It takes too long to find a mouse to attach to the computer so that I can ...
by lambert
Mon Sep 08, 2014 6:57 pm
Forum: General
Topic: l2tp+ipsec and win7 problem
Replies: 10
Views: 1922

Re: l2tp+ipsec and win7 problem

I am reading your fw rules on my phone. So I may have missed something.

I do not see input allows for udp 500,4500 or ipsec-ah and ipsec-esp. You may also need to allow l2tp, port 1701, IIRC.
by lambert
Mon Sep 08, 2014 4:52 am
Forum: Forwarding Protocols
Topic: mark connection where protocol icmp matches udp ?
Replies: 1
Views: 1204

Re: mark connection where protocol icmp matches udp ?

ICMP packets are sometimes used for signaling during TCP/UDP sessions. Things like "whoa, don't talk so fast" or "yo! the packets you are sending are too big". Perhaps those ICMP messages are considered part of the original connection? You might try doing packet marks instead of connection marks. Or...
by lambert
Mon Sep 08, 2014 4:39 am
Forum: Forwarding Protocols
Topic: ospf - SequreISP (bridge) RESOLVED
Replies: 4
Views: 1405

Re: ospf - SequreISP (bridge) RESOLVED

Good! Sorry I wasn't able to be more helpful.
by lambert
Sat Sep 06, 2014 8:00 pm
Forum: Beginner Basics
Topic: Block all websites except 3 sites
Replies: 1
Views: 1022

Re: Block all websites except 3 sites

Without using the non-cacheing web proxy, is harder. You might try something like this, untested: Make all clients use MikroTik for DNS. /ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB max-udp-packet-size=4096 servers= /ip dns static add address=192.168.1.1 disabled=no name...
by lambert
Sat Sep 06, 2014 7:39 pm
Forum: Forwarding Protocols
Topic: ospf - SequreISP (bridge) RESOLVED
Replies: 4
Views: 1405

Re: ospf - SequreISP (bridge)

I do not fully understand your situation. You might try posting your question in your native language as well as English. I think something was lost in the translation.

Perhaps you could show us the configuration and the unexpected results?
by lambert
Tue Sep 02, 2014 9:50 pm
Forum: General
Topic: Ethernet stats shows zero every few ticks
Replies: 1
Views: 1112

Re: Ethernet stats shows zero every few ticks

This is just a sampling error. WinBox probably gets the time elapsed then reads the counter. If it doesn't get a response in a reasonable period of time, x milliseconds, it will show 0 traffic flow for that sample period. The next sample period will then show bytes throughput for two sample interval...
by lambert
Thu Aug 28, 2014 5:20 am
Forum: General
Topic: RESOLVED -simple queue without packets drop on ccr1036 v6.18
Replies: 9
Views: 3858

Re: RESOLVED -simple queue without packets drop on ccr1036 v

Maybe an example will translate better. /queue type set [find name=default-small] kind=sfq /queue type set [find name=default] kind=sfq For why I am suggesting that you try changing the queue "kind" : http://wiki.mikrotik.com/wiki/Manual:Queue#Kinds and also http://www.tldp.org/HOWTO/Traffic-Control...
by lambert
Wed Aug 27, 2014 6:31 am
Forum: General
Topic: IPsec/L2TP connection dropping every 48 minutes
Replies: 4
Views: 2792

Re: IPsec/L2TP connection dropping every 48 minutes

I have not tried sstp. I don't use Windows so would have to do some research to make that work. I really think the regularity and specificity of the timing indicates that it is an ipsec specific issue.
by lambert
Mon Aug 25, 2014 4:18 am
Forum: General
Topic: RESOLVED -simple queue without packets drop on ccr1036 v6.18
Replies: 9
Views: 3858

Re: simple queue without packets drop on ccr1036 v6.18

Rate limiting happens by delaying, then dropping packets. You can not push 200Mbps of traffic through a 50Mbps pipe. Some will have to fall off outside the pipe and end up on the floor. The packets on the floor are "dropped" packets. You are using the "default" or "default-small" queue type. Those r...
by lambert
Mon Aug 25, 2014 3:57 am
Forum: General
Topic: *NEED HELP* L2TP client connection + Secret question
Replies: 9
Views: 2062

Re: *NEED HELP* L2TP client connection + Secret question

Upgrade to RouterOS 6.18 and check the new Use IPsec option in the L2TP server config window. Then put your secret in there.

If you don't upgrade to RouterOS 6.18, or later, you get to manually configure IPsec for yourself..
by lambert
Sat Aug 23, 2014 11:16 am
Forum: General
Topic: Ports Going Dead with UBNT Radios
Replies: 9
Views: 2152

Re: Ports Going Dead with UBNT Radios

Well, that would be strange, since most of these routers are on water towers where the APs and Backhauls are at the same height (on the fence of the walkway around the water tank). AND, this problem only affects ports that are connected to access points. Also, if the ports were damaged, how would t...
by lambert
Sat Aug 23, 2014 10:52 am
Forum: General
Topic: IPsec/L2TP connection dropping every 48 minutes
Replies: 4
Views: 2792

IPsec/L2TP connection dropping every 48 minutes

I have just added L2TP with IPsec to a router which has been only doing PPTP VPNs. I stayed connected as long as I liked with PPTP. But PPTP is bad. So, I switched to L2TP with IPsec. I checked the use IPsec box in the L2TP server configuration and added my IPsec secret. Before I did so, /ip ipsec e...
by lambert
Fri Aug 22, 2014 11:13 pm
Forum: General
Topic: SOLVED - L2TP IPSEC stoped working after Upgrade to 6.18
Replies: 19
Views: 65581

Re: L2TP IPSEC stoped working after Upgrade to 6.18

removing the value for Policy Group (no value at all - NULL), solved the problem. I had the same problem after upgrading from 6.11 to 6.18. I've tried at various times on 6.x to get any policy using a policy group to work. It never has. It may be a failure on my part to understand how to use policy...
by lambert
Fri Aug 22, 2014 6:17 pm
Forum: General
Topic: Response VPN
Replies: 1
Views: 400

Re: Response VPN

The RB1100AHx2 has crypto acceleration. It has the best chance of being low latency. The 750 does crypto on the main CPU which was never particularly fast. Even the 1100AHx2 will likely have additional latency in the tunnel than outside. Do you have a problem with throughput? Do you use applications...
by lambert
Fri Aug 22, 2014 5:56 pm
Forum: General
Topic: Pptp performance issues
Replies: 4
Views: 990

Re: Pptp performance issues

There is not enough data for analysis.

Which routerboards?

Which routeros?

The CPU on the RB may be too slow. Watch '/system resource monitor ' while testing.
by lambert
Thu Aug 21, 2014 10:29 pm
Forum: General
Topic: Ports Going Dead with UBNT Radios
Replies: 9
Views: 2152

Re: Ports Going Dead with UBNT Radios

Possibly because the ports were physically damaged while. RouerOS happened to be on version 6.11/18. Especially if you've had weather events during the time since you left 6.7. I'm not saying that is absolutely what happened, just that it is a good probability. I have not seen your symptoms on my ne...
by lambert
Wed Aug 20, 2014 9:58 am
Forum: Beginner Basics
Topic: PING from RouterOS - relationship with MTU
Replies: 2
Views: 3040

Re: PING from RouterOS - relationship with MTU

Different devices have different ideas for what is meant when you specify a size to its "ping" command. In RouterOS, it seems to mean "Send a packet this size". RouterOS takes into account the IP and ICMP framing and sends a packet which totals X bytes. In BSD/Windows/Linux... it means "Send an ICMP...
by lambert
Tue Aug 19, 2014 11:17 am
Forum: General
Topic: Ports Going Dead with UBNT Radios
Replies: 9
Views: 2152

Re: Ports Going Dead with UBNT Radios

I would look at the grounding on these radios. Make sure the shield on the ethernet cable is properly connected so that static can drain off the radio properly.
by lambert
Fri Aug 15, 2014 7:57 am
Forum: General
Topic: Researching Potential Office Firewall/Router Solutions
Replies: 34
Views: 3634

Re: Researching Potential Office Firewall/Router Solutions

I really dislike running the same subnet at multiple sites. I cannot say if that will cause you any trouble. I dislike it enough that every site I manage uses some randomly chosen subnet in RFC1918 space. So, I don't have recent experience with your situation. The CPU in the RB2011-UAS should be suf...
by lambert
Fri Aug 01, 2014 12:09 am
Forum: Wireless Networking
Topic: Explanation: cros pollarization, port to port izolation
Replies: 1
Views: 501

Re: Explanation: cros pollarization, port to port izolation

http://lmgtfy.com/?q=cross+polarization

http://lmgtfy.com/?q=port+to+port+isolation+RF

With the accepted english spelling of the words, you will probably get better results.
by lambert
Mon Jul 21, 2014 11:05 am
Forum: RouterBOARD hardware
Topic: FM-Proof Routerboard
Replies: 6
Views: 1624

Re: FM-Proof Routerboard

Ferrite beads on the ethernet? I have heard that people have luck on FM towers by putting the ethernet cable in metal conduit.

The RB450 appears to have shielded ports.

I doubt the CPU model has much to do with it. Grounding and shielding of the ethernet ports are likely much more important.
by lambert
Thu Jul 17, 2014 7:41 am
Forum: General
Topic: Mikrotik as a WAN Emulator
Replies: 2
Views: 1486

Re: Mikrotik as a WAN Emulator

Hi, is it possible to limit a user not only with the bandwith but also with a given latency or defined packet loss ? if yes than how ? thank you very much for the help. Greetings You can do it with dummynet on a freebsd box. I don't recall seeing anything in RouterOS which can provide the latency f...
by lambert
Tue Jul 08, 2014 8:27 pm
Forum: RouterBOARD hardware
Topic: RB450G Voltage Reads 2.6V Low
Replies: 5
Views: 1297

Re: RB450G Voltage Reads 2.6V Low

http://wiki.mikrotik.com/wiki/Monitor_input_voltage_on_RB333/433AH I've been using that script on the 450G I have on solar. I made a modification that "corrects" the RouterOS reading to match the reading we got with a volt-meter at that time. It may not be accurate all the time, but it got closer. ...
by lambert
Mon Jul 07, 2014 11:41 pm
Forum: General
Topic: Site-to-Site VPN - what hardware on each end?
Replies: 1
Views: 692

Re: Site-to-Site VPN - what hardware on each end?

Any of the 600MHz MIPSbe devices should work to be as fast as your RB450G. It may work with a slower device. You didn't say how much bandwidth was available for the VPN. The 600MHz MIPSbe devices can probably move between 20 and 60Mbps of data in a VPN. It depends on the VPN technology. I would try ...
by lambert
Thu Jul 03, 2014 11:12 am
Forum: General
Topic: Shortest Path Bridging
Replies: 4
Views: 1383

Re: Shortest Path Bridging

IS-IS instead of OSPF.... Which is why MikroTik probably won't go there. They don't seem to want to do IS-IS, yet.
by lambert
Fri Jun 27, 2014 12:04 am
Forum: Forwarding Protocols
Topic: OSPF: A series of hopefully easy questions
Replies: 3
Views: 854

Re: OSPF: A series of hopefully easy questions

I went looking for OSPF videos after seeing your question. I should be training the other guys here, but I don't have time to train them. Isn't that always the problem... I like this video so far, I have not watched the whole thing yet. So far he's covering theory without Cisco specifics (except NBM...
by lambert
Thu Jun 26, 2014 10:16 pm
Forum: Forwarding Protocols
Topic: OSPF: A series of hopefully easy questions
Replies: 3
Views: 854

Re: OSPF: A series of hopefully easy questions

The defaults were chosen well over time. I would leave settings you don't understand alone until you have issues which you can directly attribute to those settings. 1) The default is the recommended value, by definition. :-) It could use more CPU time to lower the setting. Theoretically, the neighbo...
by lambert
Thu Jun 26, 2014 10:03 pm
Forum: General
Topic: Excessive traffic
Replies: 15
Views: 2607

Re: Excessive traffic

How many entries in the bridging host table?
by lambert
Wed Jun 25, 2014 9:23 pm
Forum: General
Topic: Excessive traffic
Replies: 15
Views: 2607

Re: Excessive traffic

Friends don't let friends bridge networks.... ;-) Is RTSP enabled everywhere? One switch / hub / bridge on the network with a cable plugged between two ports on the same segment can completely ruin your day. That cable could be between two ports on the same device or ports on two different devices w...
by lambert
Wed Jun 25, 2014 9:10 pm
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1015923

Re: CLOUD CORE ROUTER

Then you have something else wrong with the 951. The Cloud Core is passing traffic correctly for the ATA. You should look through the configs of the 951 to find your problem. It is probably somewhere under /ip firewall. At this point, it is really off-topic for this thread.
by lambert
Tue Jun 24, 2014 8:19 pm
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1015923

Re: CLOUD CORE ROUTER

On the 192.168.0.251 mikrotik, /ip route add gateway=192.168.0.5 I forgotten the gateway :shock: So now I added it and from the mikrotik 951 (192.168.0.251/24) I can reach the ccr1009 192.168.0.5 but not 192.168.88.0/24. From the ccr1009 (precisely 192.168.88.1) I can't reach 192.168.0.251 despite ...
by lambert
Tue Jun 24, 2014 4:53 pm
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1015923

Re: CLOUD CORE ROUTER

Is there a 192.168.88.0/24 IP address, or IP route on the 951?

did you set the default gw on your ata?
by lambert
Tue Jun 24, 2014 12:37 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1015923

Re: CLOUD CORE ROUTER

On the 192.168.0.251 mikrotik,
/ip route
add gateway=192.168.0.5
If the 192.168.0.0/24 hosts don't know how to get back to 192.168.88.0/24, how can they respond to pings and traceroutes and web requests from devices in 192.168.88.0/24 or any other non-192.168.0.0/24 hosts?
by lambert
Mon Jun 23, 2014 10:43 pm
Forum: General
Topic: multi port forwarding
Replies: 1
Views: 1665

Re: multi port forwarding

Forward 80,443 to 192.168.q.125
/ip firewall nat
add action=dst-nat chain=dstnat comment="Web Server" disabled=no \
    dst-address=a.b.c.d dst-port=80,443 protocol=tcp to-addresses=192.168.q.125
Or do you have a more specific question?
by lambert
Mon Jun 23, 2014 10:22 pm
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1015923

Re: CLOUD CORE ROUTER

This really should have been in a separate thread.

What is the default gateway on the 192.168.88.253 PC?

What is the default gateway on the 192.168.0.250 ATA?

Can the PC ping 192.168.0.5?
by lambert
Sat Jun 21, 2014 10:04 am
Forum: General
Topic: HELP! OSPF session not staying up.
Replies: 4
Views: 829

Re: HELP! OSPF session not staying up.

Redistribute-connected=as-type-1

That may not be the exact spelling. I am on my 'smart ' phone right now.

If you have connected subnets you do not want distributed, add a route filter to deny them in ospf-out.
by lambert
Fri Jun 20, 2014 9:57 pm
Forum: General
Topic: HELP! OSPF session not staying up.
Replies: 4
Views: 829

Re: HELP! OSPF session not staying up.

Are the two Tik's connected with an ethernet cable? Or is there a wireless link? With my wireless links I have a public /30 for OSPF and a private /29 for the wireless bridges. That way traceroute doesn't break. Change your NAT to not src-nat 10.255.249.6/29. What is your OSPF network type on A/1 an...
by lambert
Fri Jun 20, 2014 12:32 pm
Forum: General
Topic: How to mark youtube IPs
Replies: 34
Views: 5363

Re: How to mark youtube IPs

the whole reason of https is its name.... secure... it uses a ssl. the packets are encripted, you won't be able to see what the packet is even with layer 7, that's the whole point. many have tried but i haven't seen a model working. i haven't seen yet a layer 7 regex for https of any kind! but... i...
by lambert
Fri Jun 20, 2014 12:22 pm
Forum: General
Topic: Browsing the webpage for longer than - add to address-list
Replies: 8
Views: 918

Re: Browsing the webpage for longer than - add to address-li

"Register" can be handled by MAC address authentication. Personally, I think the users would be more aware of the need to work rather than play if they have to authenticate to play. But people say I am mean. Doing what you want will likely require a lot of scripting. You may need to hire a consultan...
by lambert
Fri Jun 20, 2014 12:15 pm
Forum: General
Topic: no buffer space
Replies: 9
Views: 1709

Re: no buffer space

If you can afford the downtime for testing, it might be good to install (15-2 = 13, 13%2 = 7, 2+7 = 9) RouterOS 6.9 and see if the problem is there. If not install (15 - 9 = 6, 6%2 = 3, 9+3 = 12) RouterOS 6.12 and test that. Then keep bisecting the versions until you get to version 6.x works and ver...
by lambert
Fri Jun 20, 2014 12:06 pm
Forum: General
Topic: no buffer space
Replies: 9
Views: 1709

Re: no buffer space

The best way to not get an answer is to not ask the question.

When you send a message to support@mikrotik.com is sends back an automated reply which lists the information they want for every support request. Did you supply all of that information?
by lambert
Thu Jun 19, 2014 9:40 pm
Forum: General
Topic: How to mark youtube IPs
Replies: 34
Views: 5363

Re: How to mark youtube IPs

I cannot afford the time to build it for you. There are consultants who would be happy to do so.

http://lmgtfy.com/?q=mikrotik+qos+cdn
by lambert
Thu Jun 19, 2014 8:44 pm
Forum: Forwarding Protocols
Topic: WE NEED EIGRP
Replies: 21
Views: 9481

Re: WE NEED EIGRP

The only thing is you should have multicast enabled links Multicast has historically had issues on Atheros based wireless links. That goes for Ubiquiti equipment and, I believe, MikroTik equipment in not too distant past. They both seem to do fairly well now. OSPF also tends to use multicast by def...
by lambert
Thu Jun 19, 2014 8:30 pm
Forum: General
Topic: MTCWE CERTIFICATION
Replies: 2
Views: 903

Re: MTCWE CERTIFICATION

It is my understanding that the MikroTik certification process requires that you take the training class, from an authorized trainer, then take the test. There is no independent study then pass the test path to MikroTik certification.
by lambert
Thu Jun 19, 2014 8:15 pm
Forum: General
Topic: Redundant RADIUS servers for authentication : bug ???
Replies: 4
Views: 1007

Re: Redundant RADIUS servers for authentication : bug ???

Of course, this assumes that ROS will accept a hostname instead of an IP address...I'm not sure if it does or not, but it might be worth a try. RouterOS does not store a hostname for that configuration field. Which results in a lot of people writing, and rewriting, scripts to periodically resolve t...
by lambert
Thu Jun 19, 2014 8:11 pm
Forum: Beginner Basics
Topic: RDP 3389 block to external connections
Replies: 10
Views: 5277

Re: RDP 3389 block to external connections

You don't happen to control the PPPoE server do you? If you run torch on your pppoe-out1 interface, do you see the outgoing RDP request? If you do, then it's time to call your ISP and ask if they have a default rule to block outgoing RDP traffic from subscribers. It would be the first time I've hear...
by lambert
Thu Jun 19, 2014 8:03 pm
Forum: General
Topic: Browsing the webpage for longer than - add to address-list
Replies: 8
Views: 918

Re: Browsing the webpage for longer than - add to address-li

Maybe you could treat the the lan as a hotspot for internet access to non-exempt work related sites. Then you could use user manager or RADIUS to set limits on session time which could be 5 minutes per "ticket". You could have an automated system which issues one new "ticket" per hour. I can visuali...
by lambert
Thu Jun 19, 2014 7:52 pm
Forum: General
Topic: How to mark youtube IPs
Replies: 34
Views: 5363

Re: How to mark youtube IPs

You should be able to identify CDN type hosts with mangle/firewall rules and connection-byte. If you add those hosts to an address-list you can shape traffic to that dst-address-list however you like. The devil is in the details.
by lambert
Thu Jun 19, 2014 7:47 pm
Forum: General
Topic: Mentioning IP Pool
Replies: 9
Views: 1365

Re: Mentioning IP Pool

Okay, that sounds logical then. As long as the mikrotik 1:1 NAT can handle hosts on the network and broadcast addresses of the /24, he should be okay. Is the 1:1 pool subnet usually configured in /ip addresses? Or is it just a logical range and the Tik intercepts traffic to those addresses on the fo...
by lambert
Thu Jun 19, 2014 5:45 pm
Forum: General
Topic: PPtP Incoming Filter Rules
Replies: 3
Views: 1854

Re: PPtP Incoming Filter Rules

Yes. All traffic passes through the default chains. Defining other chains is for your convenience and to improve filter rule efficiency. If you want to apply a lot of rules to one specific host, or group of hosts, that could take up a lot of of filter processing time. If those hosts are not a majori...
by lambert
Thu Jun 19, 2014 5:36 pm
Forum: General
Topic: Mentioning IP Pool
Replies: 9
Views: 1365

Re: Mentioning IP Pool

If they have static IPs, what is the point of having an IP pool? I do not use hotspot, so maybe there is some point I do not know about.

What is the IP address which is configured on the hotspot facing interface?
by lambert
Thu Jun 19, 2014 5:28 pm
Forum: Scripting
Topic: does this exist for an interface already...
Replies: 4
Views: 1051

Re: does this exist for an interface already...

Load balancing is more of a manual configuration process via any of the MikroTik user interfaces. See http://wiki.mikrotik.com/wiki/Manual:PCC
by lambert
Thu Jun 19, 2014 10:33 am
Forum: General
Topic: no buffer space
Replies: 9
Views: 1709

Re: no buffer space

The link to your airfiber was probably not working for the first several pings. I've seen the no buffer space error when the physical link is up, but the device on the other end was not actually doing anything with the packets yet. I think it was while I was trying to ping the remote end of an AirFI...
by lambert
Thu Jun 19, 2014 10:23 am
Forum: General
Topic: Mentioning IP Pool
Replies: 9
Views: 1365

Re: Mentioning IP Pool

Hi Is it possible to mention ip pool in CIDR Notation ? For example , to specify a pool 192.168.1.1-192.168.1.254 , is it syntactically correct in Mikrotik to specify 192.168.1.0/24 ? That would not be correct 192.168.1.0/24 would include 192.168.1.0 and 192.168.1.255 in addition to 192.168.1.1-192...
by lambert
Thu Jun 19, 2014 9:59 am
Forum: RouterBOARD hardware
Topic: Wish - RB2011UiAS-2HnD-RM ?
Replies: 25
Views: 9458

Re: Wish - RB2011UiAS-2HnD-RM ?

Kids these days are spoiled by their 4 post rack cabinets... Rack does not have to mean a metal cabinet. I have a 19" two post relay rack for my network and server gear at the house. My current RB951 AP is sitting on a shelf 2U below the 48 port patch panel and above the Atom based server. I have go...
by lambert
Tue Jun 17, 2014 10:21 pm
Forum: General
Topic: L2tp / ipsec client vpn
Replies: 4
Views: 2380

Re: L2tp / ipsec client vpn

Then you are going to have to give us more information. Telling us "Tried that. Didn't work." is not a useful diagnostic. :)

Show us the configuration you made on the client.
/int l2tp-client export
/ppp export
/ip ipsec export
...
Please remove the actual secrets and passwords.
by lambert
Tue Jun 17, 2014 1:24 am
Forum: Beginner Basics
Topic: Device dead or at the least in a coma
Replies: 6
Views: 1251

Re: Device dead or at the least in a coma

Do you get link lights on the problem ports? Just for fun, try running "/int ethernet enable 2,3,4". Does "/int ethernet monitor 2,3,4" register any changes when you plug or unplug devices into those ports? While writing this answer, I just found one of my ports, ether5, only advertising 10Mbps rate...
by lambert
Tue Jun 17, 2014 12:25 am
Forum: General
Topic: creating new user that won't be able to remove admin
Replies: 2
Views: 561

Re: creating new user that won't be able to remove admin

http://wiki.mikrotik.com/wiki/Manual:Router_AAA policy - policy that grants user management rights. Should be used together with write policy. Allows also to see global variables created by other users (requires also 'test' policy). I do not think RouterOS has fine-grained enough user management ri...
by lambert
Tue Jun 17, 2014 12:18 am
Forum: General
Topic: Create a queue for priority without a max limit
Replies: 13
Views: 1782

Re: Create a queue for priority without a max limit

We still do not understand what you are trying to do. Try to use more words to be more specific and detailed about what you are trying to do. Just bumping the post without added details of clarity is less likely to get a good answer.
by lambert
Tue Jun 17, 2014 12:12 am
Forum: General
Topic: L2tp / ipsec client vpn
Replies: 4
Views: 2380

Re: L2tp / ipsec client vpn

Take the client config part from this document http://wiki.mikrotik.com/wiki/L2TP_%2B_ ... ik_routers.
by lambert
Tue Jun 17, 2014 12:09 am
Forum: Wireless Networking
Topic: Problem with the WISP
Replies: 18
Views: 3629

Re: Problem with the WISP

You need to watch the amperage of the supply you are using. You'll need enough amps to run both devices while using the PoE out feature. I suspect the 951's power supply will be more likely to have enough amps for both devices. If you want to use one power supply for both devices and the SXT is your...
by lambert
Mon Jun 16, 2014 11:41 pm
Forum: General
Topic: PPtP Incoming Filter Rules
Replies: 3
Views: 1854

Re: PPtP Incoming Filter Rules

If you create a non-default chain, you have to use a jump in one of the default chains in order to get to your chain.

Otherwise the OS has no idea what you intended to do.

Or did I mis-understand your question?
by lambert
Sat Jun 14, 2014 1:19 am
Forum: General
Topic: first L2TP UDP packet received from x.x.x.x
Replies: 1
Views: 4241

Re: first L2TP UDP packet received from x.x.x.x

Enable logging of l2tp messages.
by lambert
Sat Jun 14, 2014 1:12 am
Forum: Beginner Basics
Topic: Where are the Routerboard Firmware Update Changlogs
Replies: 1
Views: 566

Re: Where are the Routerboard Firmware Update Changlogs

http://www.google.com/search?q=mikrotik ... +changelog

It doesn't seem to have been updated yet. Maybe MikroTik will get to it. Maybe they won't. Open a support ticket if you really really want to know.
by lambert
Sat Jun 14, 2014 1:09 am
Forum: General
Topic: Edit - RB2011UiAS-2HnD-IN crashes using IPSEC
Replies: 1
Views: 753

Re: Edit - RB2011UiAS-2HnD-IN crashes using IPSEC

Have you tried resetting the configuration to defaults then reconfiguring the device again. Sometimes after an upgrade the config doesn't update correctly.
by lambert
Sat Jun 14, 2014 1:02 am
Forum: General
Topic: Local Static IP not acessible - MAC reachable. Any solution
Replies: 3
Views: 810

Re: Local Static IP not acessible - MAC reachable. Any solut

Is D4:CA:6D:85:F4:DE the mac address of ETH02_to_Swit...? If not, I suspect there may be another device in the switch with also thinks it own the 192.168.1.1 IP. If that is the MAC address of ETH02_to_Swit..., then I would suspect that someone has created a loop in the network which ends up with one...
by lambert
Sat Jun 14, 2014 12:52 am
Forum: General
Topic: [ASK] beginner ask about VPN connection
Replies: 2
Views: 657

Re: [ASK] beginner ask about VPN connection

I am sorry. Google did not translate well.

Please, also state your question in your native language. This is a very international community. Someone else may be able to make a better translation than Google did.
by lambert
Sat Jun 14, 2014 12:47 am
Forum: Forwarding Protocols
Topic: Routed OSPF network 2 WAN DSL connections to ISP
Replies: 5
Views: 2158

Re: Routed OSPF network 2 WAN DSL connections to ISP

Where are the IPs from the /29 of the DSL connection on TIK1 configured? On the PPPoE interface? If so, the IPs may go invalid when the connection falls down and be withdrawn from OSPF which would mean that TIK2 would no longer be able to find a route for those IPs. What are your firewall rules? bot...
by lambert
Sat Jun 14, 2014 12:30 am
Forum: Forwarding Protocols
Topic: ospf with primary and secondary link (offline until needed)
Replies: 1
Views: 3067

Re: ospf with primary and secondary link (offline until need

Did you change the priority of the backup link on both sides of the link? In which direction do you see traffic? There will always be some, very small amount of, traffic on the backup link. That traffic will be OSPF neighbor association maintenance. If your primary link is lightly loaded, you might ...
by lambert
Sat Jun 14, 2014 12:15 am
Forum: Forwarding Protocols
Topic: OSPF link state down
Replies: 6
Views: 2862

Re: OSPF link state down

Hi all, I'm seeing some strange behaviour of OSPF on wireless link's. I have OSPF running on approx 40 router's and there is probaly some bug causing that randomly some wireless interface change state to down, If I check wireless registration table link uptime is in days. There is no message in log...
by lambert
Thu Jun 12, 2014 9:58 pm
Forum: Wireless Networking
Topic: [SOLVED] Ubiquiti AP and Mikrotik CPE
Replies: 6
Views: 6148

Re: Ubiquiti AP and Mikrotik CPE

In other words, make sure AirMax is disabled on the Ubiquiti AP. And do not try to use nstream or NV2 on the MikroTik client.
by lambert
Thu Jun 12, 2014 12:49 am
Forum: Forwarding Protocols
Topic: prevent OSPF dynamic routes / interfaces
Replies: 4
Views: 2138

Re: prevent OSPF dynamic routes / interfaces

You say you adjusted several properties, sigh.

We are going to need to see /routing ospf export.

What are the devices to which your MikroTik is supposed to speak OSPF? What OSPF configuration are they running?
by lambert
Thu Jun 12, 2014 12:00 am
Forum: Wireless Networking
Topic: Problem with the WISP
Replies: 18
Views: 3629

Re: Problem with the WISP

The signals which affect your link are the signals which the radios on either end of your link can hear. Shielding the SXT will allow it to not hear the noise on the sides and back. It will then only hear signals from the direction of your AP. That makes picking out and decoding the AP's signal much...
by lambert
Tue Jun 10, 2014 7:58 pm
Forum: General
Topic: RADIUS rate refresh after DHCPREQUEST
Replies: 3
Views: 687

Re: RADIUS rate refresh after DHCPREQUEST

I've not looked into the protocol specifics. However, I have a couple thousand fixed wireless clients for whom it works. Without session timeout in the radius reply, the MikroTik DHCP server never re-queried radius on lease renewal. The MikroTik DHCP server had authorization for the user, without a ...
by lambert
Tue Jun 10, 2014 7:07 am
Forum: General
Topic: RADIUS rate refresh after DHCPREQUEST
Replies: 3
Views: 687

Re: RADIUS rate refresh after DHCPREQUEST

Set the Session-Timeout in the RADIUS reply. mysql> select * from radgroupreply where groupname = "6MbBusiness"; +-----+-------------+-----------------------+----+-------------+ | id | groupname | attribute | op | value | +-----+-------------+-----------------------+----+-------------+ | 210 | 6MbBu...
by lambert
Thu Jun 05, 2014 6:47 am
Forum: General
Topic: How block OS Windows
Replies: 39
Views: 7740

Re: How block OS Windows

pfSense https://www.pfsense.org/about-pfsense/features.html Third bullet point under Firewall heading... pfSense software utilizes p0f, an advanced passive OS/network fingerprinting utility to allow you to filter by the Operating System initiating the connection. Want to allow FreeBSD and Linux mach...
by lambert
Tue Jun 03, 2014 5:50 am
Forum: Scripting
Topic: Get OS of Client
Replies: 5
Views: 1351

Re: Get OS of Client

I don't think RouterOS has OS fingerprinting features. You could use nmap from another device to map IPs to its best guess of what OS your clients are running. If you use hotspot http authentication, you can put your hotspot auth page on a server which can log what the web browser claims its OS and ...
by lambert
Fri May 30, 2014 9:51 pm
Forum: General
Topic: L2TP/IPsec dropped after site-to-site IPsec configured
Replies: 2
Views: 765

Re: L2TP/IPsec dropped after site-to-site IPsec configured

We can look into our crystal ball when it returns from the shop. In the meantime, you could post your
/ip ipsec export
Remember to remove shared secrets and any other sensitive information from what you post.
by lambert
Fri May 30, 2014 9:44 pm
Forum: Beginner Basics
Topic: VPN L2TP/IPsec connection works in LAN but not WAN
Replies: 4
Views: 3663

Re: VPN L2TP/IPsec connection works in LAN but not WAN

My guess is that the OP had a firewall filter rules similar to : /ip firewall filter add chain=input comment="default configuration" protocol=icmp add chain=input comment="default configuration" connection-state=established add chain=input comment="default configuration" connection-state=related add...
by lambert
Fri May 23, 2014 4:36 pm
Forum: General
Topic: RB450 bricked after RouterOS upgrading. Any solution Pls?
Replies: 21
Views: 2958

Re: RB450 bricked after RouterOS upgrading. Any solution Pls

You can't tell how a pre-made serial cable is wired by looking at it unless they were nice enough to stamp "Null-Modem" in the plastic shroud of the connector. You can tell how a pre-made serial cable is wired by using an ohm meter to determine which wire is connected to which pin at each end of the...
by lambert
Thu May 22, 2014 10:55 pm
Forum: General
Topic: RB450 bricked after RouterOS upgrading. Any solution Pls?
Replies: 21
Views: 2958

Re: RB450 bricked after RouterOS upgrading. Any solution Pls

Your first screenshot shows that you uploaded mipsle packages to your mipsbe device. If you will netinstall the firmware for the correct architecture it should work better.
by lambert
Thu May 22, 2014 9:07 am
Forum: The User Manager
Topic: always Radius Server Not responding
Replies: 4
Views: 1791

Re: always Radius Server Not responding

restart radiusd on the ubuntu box with "radiusd -X" then watch the logs while the MikroTik sends a request. It will most likely show that your shared secret is not correct, if you have the MikroTik added to the client setup in FreeRADIUS at all.
by lambert
Wed May 14, 2014 9:56 pm
Forum: General
Topic: RB2011UiAS-IN using as switch
Replies: 7
Views: 1116

Re: RB2011UiAS-IN using as switch

Thank you guys, rextended procedure was the best solution for me, thanks rextended, but I still have a doubt, what's the difference between these settings: bridge1-1000 ports: ether1,ether2,ether3,ether4,ether5 bridge2-100 ports: ether6,ether7,ether8,ether9,ether10 bridge3-all ports: bridge1-1000,b...
by lambert
Thu May 08, 2014 8:33 am
Forum: General
Topic: where is WOL?
Replies: 4
Views: 1168

Re: where is WOL?

It's there for me in 6.12 on the boxes I have.

CCR1036:
> /tool wol
mac:
Script Error: action cancelled
RB493G:
> /tool wol
mac:
Script Error: action cancelled
2011UiAS-2HnD:
> /tool wol
mac:
Script Error: action cancelled
I don't have any RB600s.
by lambert
Sun Mar 09, 2014 7:58 am
Forum: Wireless Networking
Topic: WISP Best Practices and Making Performance Better
Replies: 9
Views: 3196

Re: WISP Best Practices and Making Performance Better

With more narrower beam width you mean if I am currently using 120' sector then I should use 90' sectors ? I am ready to pay for proprietary wireless protocol.. please explain how to do it ? Cant use N-Stream because the CPE's are not Microtik. They are Ubiquitti Loco 2 Nanostations at the customer...
by lambert
Fri Mar 07, 2014 7:12 pm
Forum: Wireless Networking
Topic: Some questions regarding a WISP setup.
Replies: 26
Views: 6931

Re: Some questions regarding a WISP setup.

Use good antennas with good shielding for any chance of frequency re-use. We are tending to use antennas from http://www.kpperformance.ca/2-4-ghz-antennas You may be able to use vertical antenna separation to improve frequency reuse. I have much more frequency available in 5 GHz band. You could try ...
by lambert
Fri Mar 07, 2014 2:43 am
Forum: Wireless Networking
Topic: Large HW Frame vs Frames difference
Replies: 2
Views: 1502

Re: Large HW Frame vs Frames difference

Lower your output power some more. If you can set tx power to 1, the link should still work. I don't know if SXT's will allow that power setting or not. I tend to suspect improper alignment when the chains have more then 3dB difference in the RSSIs. However, If they are very close together, and you ...
by lambert
Fri Mar 07, 2014 1:06 am
Forum: Wireless Networking
Topic: 5.4kms point to point link
Replies: 4
Views: 1069

Re: 5.4kms point to point link

I am not clear on what your image represents, ground clutter or terrain. Assuming the path profile shows Earth, rather than ground clutter, and that the vertical scale is meters, you will get 0 throughput without 20 to 25 meters above ground level radio mount points at each end, rough guess. If ther...
by lambert
Fri Mar 07, 2014 12:38 am
Forum: Wireless Networking
Topic: WISP Best Practices and Making Performance Better
Replies: 9
Views: 3196

Re: WISP Best Practices and Making Performance Better

nstream or nv2 should get you more than the standard 802.11 MAC.

More narrower beamwidth sectors.

After that, you need to pay more money for proprietary wireless protocol systems.
by lambert
Fri Mar 07, 2014 12:04 am
Forum: General
Topic: L2TP Over IPSec with OSX Not Working?
Replies: 4
Views: 2519

Re: L2TP Over IPSec with OSX Not Working?

Next series of wild guesses.... 6.10? has problems with aes-256 IIRC **KNOWN ISSUE: IPsec AES-CBC 256 Bit encryption algorithm doesn't work in some cases. Use 128 bit AES, or hold on for v6.11** I have no idea how that problem would present in MacOS X errors. What are the ppp-in/ppp-out filters? Doe...
by lambert
Thu Mar 06, 2014 10:24 pm
Forum: General
Topic: L2TP Over IPSec with OSX Not Working?
Replies: 4
Views: 2519

Re: L2TP Over IPSec with OSX Not Working?

My best guess is: Your client, the Mac, has to connect to the IP address on the mikrotik which will be the preferred source IP for packets returned to your client. The MikroTik does not reply from the IP address to which your client connected. It's an annoying bug. If you have multiple paths out of ...
by lambert
Thu Mar 06, 2014 10:19 pm
Forum: General
Topic: Dual radios ptp, OSPF, failover works, just not 2x speed.
Replies: 4
Views: 870

Re: Dual radios ptp, OSPF, failover works, just not 2x speed

Let us know how that compares when you get it setup, please.
by lambert
Thu Mar 06, 2014 2:11 am
Forum: General
Topic: Make Router Respond to Pings Only From Same Subnet...
Replies: 10
Views: 904

Re: Make Router Respond to Pings Only From Same Subnet...

four filter rules input icmp src-address=10.0.0.0/24 dst-address=10.0.0.1 accept input icmp src-address=10.0.1.0/24 dst-address=10.0.1.1 accept input icmp src-address=10.0.2.0/24 dst-address=10.0.2.1 accept input icmp deny Now, go break out the caffeine. It sounds like you're having one of those day...
by lambert
Wed Mar 05, 2014 5:05 pm
Forum: Wireless Networking
Topic: Some questions regarding a WISP setup.
Replies: 26
Views: 6931

Re: Some questions regarding a WISP setup.

I have almost decided to go for a 802.11g(3x120° sectors) setup for first few customers. How many users will I be able to support If I limit the channel to 10MHz? There are no other WISPs in the city, so there will not be any competition for spectrum for now. I will keep in mind what you said about...
by lambert
Tue Mar 04, 2014 5:16 pm
Forum: Wireless Networking
Topic: Some questions regarding a WISP setup.
Replies: 26
Views: 6931

Re: Some questions regarding a WISP setup.

One radio per antenna. Do not use a splitter to feed three 120 degree sectors. Use enough bandwidth to support actual customers. 20Mhz channels mean you hear twice the interference as you would at 10Mhz. 10Mhz also plays better with multiple sectors on the tower. You want a minimum of 10Mhz between ...
by lambert
Tue Mar 04, 2014 3:22 am
Forum: General
Topic: Dual radios ptp, OSPF, failover works, just not 2x speed.
Replies: 4
Views: 870

Re: Dual radios ptp, OSPF, failover works, just not 2x speed

Since these wireless links are simplex rather than duplex, using one radio to transmit (mostly) and one radio to recieve (mostly) brings your throughput from approximately 50% theoretical throughput each way to 100% theoretical (mostly) each way. This is what people mean when they say that the setup...
by lambert
Mon Mar 03, 2014 10:37 pm
Forum: General
Topic: How to block all traffic from outside to my Router
Replies: 14
Views: 7890

Re: How to block all traffic from outside to my Router

Someone on upstairs router is streaming video from Amazon? Traffic comes in from ISP1. Traffic goes out ether2, "Upstairs WiFi Router". IP addresses of high traffic connections belong to Amazon. /ip firewall nat add action=masquerade chain=srcnat Some machine connected to Upstairs WiFi Router reques...
by lambert
Fri Feb 28, 2014 3:33 pm
Forum: General
Topic: v5.26 NTP Server "server-not-synchronized"
Replies: 6
Views: 1389

Re: v5.26 NTP Server "server-not-synchronized"

How long has the server been up? With the regular ntp.org server software, the server can have the right time, without declaring itself stable yet. Once the server thinks it has a good sync, you may be okay.
by lambert
Tue Feb 25, 2014 5:28 pm
Forum: General
Topic: about radius server and mikrotik
Replies: 2
Views: 638

Re: about radius server and mikrotik

I am not certain that I am parsing your question correctly. I may be answering the wrong question. Here is a sample of the RADIUS attributes I set to put DHCP users into address lists. I use the address lists for mangle and queue trees, but it will work with firewall filter rules also. FreeRADIUS / ...
by lambert
Thu Feb 20, 2014 3:01 am
Forum: RouterBOARD hardware
Topic: Installing Xenserver on Routerboard CCR1016-12G
Replies: 2
Views: 1395

Re: Installing Xenserver on Routerboard CCR1016-12G

http://www.linleygroup.com/newsletters/newsletter_detail.php?num=4732&year=2011&tag=3 Power efficiency is the most obvious benefit of Tilera’s proprietary VLIW CPU design. The company claims a performance-per-watt advantage of up to 10× over Intel’s 32nm Xeon design. In the server market, however, ...
by lambert
Thu Feb 20, 2014 2:33 am
Forum: RouterBOARD hardware
Topic: Power UBNT Radio from 2011UAS-2HnD-IN
Replies: 7
Views: 2173

Re: Power UBNT Radio from 2011UAS-2HnD-IN

I guess it would depend on the total current draw of the UBNT devices and whether or not that draw is permissible through PoE out port. I had missed that ChrisHumphreys was trying to power two UBNT devices. I read too quickly. It looks like the 2011UiAS-2HnD-IN probably only has 500mA out on port 10...
by lambert
Wed Feb 19, 2014 9:17 pm
Forum: RouterBOARD hardware
Topic: RB1100ahx2 redundant powering
Replies: 15
Views: 4581

Re: RB1100ahx2 redundant powering

Somewhere on the forum, Normis posted that at least one model device was able to use two power supplies for the purpose of failover so long as the difference in voltage between the two power supplies was greater than 2v DC. It would run on the higher voltage and use the lower voltage supply if the h...
by lambert
Wed Feb 19, 2014 9:11 pm
Forum: RouterBOARD hardware
Topic: Power UBNT Radio from 2011UAS-2HnD-IN
Replies: 7
Views: 2173

Re: Power UBNT Radio from 2011UAS-2HnD-IN

A slightly different product will do what you request. You want the RB2011UiAS-2HnD-IN. Note the added "i".

http://routerboard.com/RB2011UiAS-2HnD-IN

You should be able to power the ubiquiti device from ether10 on that device. I haven't checked for availability on those.
by lambert
Sat Jan 25, 2014 12:31 am
Forum: General
Topic: HELP with L2TP/IPsec
Replies: 6
Views: 933

Re: HELP with L2TP/IPsec

What is the version of your RouterOS?
by lambert
Sat Jan 25, 2014 12:28 am
Forum: General
Topic: Firewall filter rules and nmap scan results
Replies: 12
Views: 3803

Re: Firewall filter rules and nmap scan results

nmap the internal address just for fun.
by lambert
Fri Jan 24, 2014 8:48 pm
Forum: General
Topic: enhance "check-gateway" feature - use arbitrary check IP
Replies: 34
Views: 29375

Re: enhance "check-gateway" feature - use arbitrary check IP

It really would be nice if we could do that per route. Dreaming, and applying to one of my real situations, that might look like: /ip route add check-gateway=ping check-address=A.B.C.1 comment=Wireless distance=10 dst-address=0.0.0.0/1 gateway=\ H.I.J.225 add check-gateway=ping comment=DSL distance=...
by lambert
Sat Jan 11, 2014 12:12 am
Forum: RouterBOARD hardware
Topic: Replacing RB1200
Replies: 3
Views: 1175

Re: Replacing RB1200

with /export compact, I didn't think there were supposed to be any mac addresses.
by lambert
Fri Jan 10, 2014 8:53 am
Forum: General
Topic: Firewall filter rules and nmap scan results
Replies: 12
Views: 3803

Re: Firewall filter rules and nmap scan results

I don't see anything that tells me what the issue is. Are you still seeing the extra ports when you nmap your A.B.C.14 IP?

I don't use routing-marks so it may be some side effect of that. I'm sorry but I'm out of ideas.
by lambert
Thu Jan 09, 2014 10:27 am
Forum: General
Topic: Exempt access to server from queue
Replies: 3
Views: 847

Re: Exempt access to server from queue

/ip firewall mangle add chain=forward comment="Server traffic, bypass mangle" dst-address-list=ServerIPs add action=mark-connection chain=forward comment="Identify 1Mbps Dedicated customer connections" \ connection-state=new new-connection-mark=1024kb_ded_conn src-address-list=1MbDedicated add acti...
by lambert
Thu Jan 09, 2014 10:20 am
Forum: General
Topic: Firewall filter rules and nmap scan results
Replies: 12
Views: 3803

Re: Firewall filter rules and nmap scan results

IP address of my nmap machine is 192.168.0.119, connected to ether2_homenet. I think I forgot to ask for ip address print and your nmap command is ? nmap -sT A.B.C.14 ? It looks like you are using routing marks. Could you show us the output of /ip route export Are you trying to keep address space i...
by lambert
Mon Jan 06, 2014 8:36 am
Forum: General
Topic: Firewall filter rules and nmap scan results
Replies: 12
Views: 3803

Re: Firewall filter rules and nmap scan results

In order to do more than guess, I believe we need to see /interface print /ip address export /ip firewall export /ip firewall print /ip mangle print /ip route print Then tell us the IP address of your nmap machine, the physical port on the MikroTik to which your nmap machine is connected, and the ac...
by lambert
Sun Jan 05, 2014 7:15 am
Forum: Virtualization
Topic: MetaROUTER possibilities?
Replies: 1
Views: 1963

Re: MetaROUTER possibilities?

What you are thinking should work.

Just make sure metarouter is supported on your hardware.
by lambert
Sun Jan 05, 2014 7:13 am
Forum: General
Topic: Throughput when bridged slower than NAT
Replies: 2
Views: 1762

Re: Throughput when bridged slower than NAT

When the RB2011 is bridged, could one of the other devices connected to the 2011 be acting as a DHCP server and your connection using that device as it's default gateway instead of the CCR? Have you tried disabling all interfaces other than the uplink and the one connected to your test router to see...
by lambert
Sun Jan 05, 2014 7:05 am
Forum: General
Topic: Firewall filter rules and nmap scan results
Replies: 12
Views: 3803

Re: Firewall filter rules and nmap scan results

Do you have any port forwarding NAT rules?

If no, you may not be scanning the correct IP address. Is "<IP>" the address assigned to your PPPoE-TelekomDSL interface or a LAN IP?
by lambert
Sun Jan 05, 2014 7:00 am
Forum: RouterBOARD hardware
Topic: Replacing RB1200
Replies: 3
Views: 1175

Re: Replacing RB1200

You can use an "/export compact" (5.x) or "/export" (6.x) from the 1200 to configure the 1100. I haven't used a 1200. You would need to pay attention to different numbers of ethernet interfaces, if they are different. Do not try to use a /backup from the 1200 to load up the 1100. Much badness could ...
by lambert
Sun Jan 05, 2014 6:45 am
Forum: General
Topic: Exempt access to server from queue
Replies: 3
Views: 847

Re: Exempt access to server from queue

Use "/ip mangle" rules to mark the packets going to yourIPs differently than you mark the packets going to !yourIPs. Using an address-list named something like "yourIPs".

Setup queues, simple or queue tree, to use the marks.
by lambert
Sun Jan 05, 2014 6:38 am
Forum: RouterBOARD hardware
Topic: CRS125-24G - Mikrotik 24 port switch / Switch chip features
Replies: 4
Views: 2597

Re: CRS125-24G - Mikrotik 24 port switch / Switch chip featu

Kreacher is thinking of the CCR series rather than the CRS series.
by lambert
Mon Dec 30, 2013 10:01 am
Forum: General
Topic: No Internet on Some IP Addresses
Replies: 5
Views: 2177

Re: No Internet on Some IP Addresses

I'm going to try to thin this down to relevant info... /ip address> pri Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK INTERFACE 1 ;;; Radius 172.16.1.9/29 172.16.1.8 ether1 7 ;;; West Sector Bcc 172.16.1.85/30 172.16.1.84 ether10 10 2.2.2.1/32 2.2.2.1 lobridge When did Oklahoma mov...
by lambert
Sat Dec 21, 2013 10:28 pm
Forum: General
Topic: No Internet on Some IP Addresses
Replies: 5
Views: 2177

Re: No Internet on Some IP Addresses

I am using a RB1100 to route Internet from our service provider to our WISP customers. Port 1 on the RB1100 is hooked to the Internet. Ports 2 - 10 route it to various sector AP's and backhauls. I have a couple of customers that have static IP addresses. At times they are unable to access the Inter...
by lambert
Mon Dec 16, 2013 9:30 pm
Forum: Wireless Networking
Topic: 6 SXT G-2HnD AP as a base station
Replies: 7
Views: 2827

Re: 6 SXT G-2HnD AP as a base station

Do client laptops and smartphones work on 5mhz channels?? No. Do they sense Nstreme or NS2? No. What if we plan a wifi-zone?? A hotspot? With all the APs on the one tower? No. You will self-interfere until nothing works. The client laptops and smart phones will hear the tower just fine. However, th...
by lambert
Wed Dec 04, 2013 7:34 am
Forum: RouterBOARD hardware
Topic: "Radius Server is not responding" Logs
Replies: 5
Views: 2563

Re: "Radius Server is not responding" Logs

Why do you want to change the RADIUS error message? What do you feel you will gain by disabling an informational error message? Do you desire to use RADIUS for an authentication or authorization purposes. The english in your first post contained almost zero content. It was probably automatically tra...
by lambert
Thu Oct 24, 2013 8:41 am
Forum: Beginner Basics
Topic: Buttons in Winbox
Replies: 9
Views: 1368

Re: Buttons in Winbox

The device you are using most likely does not have a battery backed real time clock. Saves cost. Use NTP to set the clock automatically.
by lambert
Thu Sep 26, 2013 7:46 am
Forum: RouterBOARD hardware
Topic: RB951-2HnD blocked some features ...
Replies: 1
Views: 1146

Re: RB951-2HnD blocked some features ...

The disabled options is a known problem with RouterOS 6.4. If you close the option window and reopen it, the options should be re-enabled. Or you can downgrade to 6.3.
by lambert
Tue Sep 24, 2013 11:23 pm
Forum: General
Topic: Mikrotik Rate Limit - Queue Tree
Replies: 2
Views: 925

Re: Mikrotik Rate Limit - Queue Tree

The RADIUS attribute you are using creates simple queues. That is what it does. If you want to use queue tree, create your mangle rules to mark packets based on address lists. Then create your queue trees to use the packet marks. Then configure RADIUS to return mikrotik-address-list attributes inste...
by lambert
Fri Sep 20, 2013 6:19 am
Forum: General
Topic: Multiple Mikrotik-Rate-Limit how to
Replies: 2
Views: 1353

Re: Multiple Mikrotik-Rate-Limit how to

Have you considered having RADIUS return a mikrotik-address-list attribute rather than a mikrotik-rate-limit attribute and using the address-list in your statically configured queues? We put different classes of users in different address-lists via RADIUS and the PCQ queue types used in the queue tr...
by lambert
Fri Sep 20, 2013 6:09 am
Forum: General
Topic: rb750up
Replies: 1
Views: 662

Re: rb750up

You forgot to tell us what version of RouterOS you are using.
by lambert
Fri Sep 20, 2013 6:05 am
Forum: General
Topic: Request for for some PPPoE Server features
Replies: 3
Views: 1134

Re: Request for for some PPPoE Server features

Request for for some PPPoE Server features: Ability to connect to PPPoE server with any or even empty username and password Use RADIUS rather than built-in ppp secrets. Your RADIUS server should be able to make this happen. Logging passwords in PPPoE server when using PAP. Currently, when user tryi...
by lambert
Tue Sep 17, 2013 10:55 pm
Forum: General
Topic: mikrotik + freeradius + dhcp + simple queue
Replies: 4
Views: 1905

Re: mikrotik + freeradius + dhcp + simple queue

Are you returning a session-timeout? Or are you just using the 3 day timeout from your stock DCHP server config? Session-Timeout := ${lease time} I suspect MikroTik's DHCP server only checks RADIUS again when the Session-Timeout has expired. It may assume an infinite Session-Timeout if it does not r...
by lambert
Tue Sep 17, 2013 8:16 pm
Forum: Forwarding Protocols
Topic: Network routed with OSPF with 2 default routes
Replies: 12
Views: 4354

Re: Network routed with OSPF with 2 default routes

I think they are planning to fix this in RouterOS 7.x. I have a flakey BGP transit provider who takes down half my network at least once per month when the BGP peering session drops or the default route is withdrawn. I moved to 6.x because it was supposed to be better. Maybe it is, maybe my flakey p...
by lambert
Wed Sep 11, 2013 10:13 pm
Forum: General
Topic: Catching a bad RB1200
Replies: 2
Views: 564

Re: Catching a bad RB1200

I don't know that you'll get the RB450 to do what you want, but if you have a general *nix box with a serial port, you can try : http://www.conserver.com/ Combined with http://wiki.mikrotik.com/wiki/Serial_Port_Usage you should be able to use conserver on a *nix box anywhere with continued IP connec...
  • 1
  • 2