Community discussions

Search found 526 matches

  • 1
  • 3
  • 4
  • 5
  • 6
  • 7
  • 11
by lambert
Fri Nov 21, 2014 6:12 am
Forum: General
Topic: Remote Syslog Issue in CCR1036 & 450G
Replies: 7
Views: 1924

Re: Remote Syslog Issue in CCR1036 & 450G

Actually, he didn't follow instructions at all... I asked for exports in case there is something which set or unset which is one of the many RouterOS configuration parameters which do not show in the results of a print command. Also, I guess we are supposed to take his word for it that the non-worki...
by lambert
Fri Nov 21, 2014 5:58 am
Forum: General
Topic: Linking a Public IP with a Private IP
Replies: 6
Views: 1341

Re: Linking a Public IP with a Private IP

It doesn't work... :( I still cant figure it out why.
So, show us what you tried so we can help figure out what went wrong. Most of us don't read minds around here.
by lambert
Thu Nov 20, 2014 9:06 am
Forum: General
Topic: CSR125-25G Not Loading Previous Sessions
Replies: 6
Views: 1011

Re: CSR125-25G Not Loading Previous Sessions

I think the corruption tends to happen when a session was not closed cleanly. Like when I get ready to leave and close the lid on the laptop without logging out. It doesn't happen all the time, probably not even 2% of the time. But, quite often across all models of my 70 or so devices. The other alt...
by lambert
Thu Nov 20, 2014 9:00 am
Forum: General
Topic: Remote Syslog Issue in CCR1036 & 450G
Replies: 7
Views: 1924

Re: Remote Syslog Issue in CCR1036 & 450G

Show from a working router the results of /system syslog export.

Show from a non-working router the results of /system syslog export.

Ensure the IP addresses from both routers are permitted to talk to the Kiwi server on the syslog port.
by lambert
Thu Nov 20, 2014 8:55 am
Forum: General
Topic: CSR125-25G Not Loading Previous Sessions
Replies: 6
Views: 1011

Re: CSR125-25G Not Loading Previous Sessions

I would begin by assuming that the winbox settings which are saved for this device are corrupt. Corruption of saved layout is something which happens all the time. Log in without "Load Previous Session" checked. Log out. Log in with "Load Previous Session" checked. Make changes. Log out. Cross your ...
by lambert
Mon Nov 17, 2014 9:55 pm
Forum: Beginner Basics
Topic: Firewall rule
Replies: 7
Views: 1685

Re: Firewall rule

That one rule will not prevent traffic from the ether2 LAN getting to the ether1 LAN. You would have to write another rule with the in and out interfaces flipped to do that, if that is what you want.
by lambert
Fri Nov 14, 2014 8:52 pm
Forum: General
Topic: DHCP issue
Replies: 4
Views: 1020

Re: DHCP issue

I've seen this when there was packet loss between the wireless CPE and the AP.
by lambert
Fri Nov 14, 2014 7:29 pm
Forum: General
Topic: RouterOS DHCP + Freeradius - Queues
Replies: 19
Views: 4773

Re: RouterOS DHCP + Freeradius - Queues

Okay, that makes sense and explains why we do not have a problem. On our network, every user is in an address-list. You might want to make a feature request of MikroTik to use the session-timeout as an address-list timeout. But it would still be there until timeout expired even if you force the devi...
by lambert
Fri Nov 14, 2014 6:41 am
Forum: General
Topic: WISP Project
Replies: 8
Views: 2872

Re: WISP Project

It's simple enough. Static routes are always simple. If you are going to add more sites, you will eventually want to add a dynamic routing protocol to the mix. I'm not sure if you made a typographical error putting 10.10.3.0/24 on two interfaces on the tower router or if that device is a switch. Are...
by lambert
Fri Nov 14, 2014 6:04 am
Forum: RouterBOARD hardware
Topic: CRS125-24G-1S-2HnD-IN - What kind of throughput will I get?
Replies: 4
Views: 1598

Re: CRS125-24G-1S-2HnD-IN - What kind of throughput will I g

If you want to link the switches together, you may want to look at using 10G Ethernet over fiber with different MikroTik switches. http://routerboard.com/CRS210-8G-2SplusIN or http://routerboard.com/CRS226-24G-2SplusIN or if you have a 19" rack: http://routerboard.com/CRS226-24G-2SplusRM There is no...
by lambert
Fri Nov 14, 2014 5:27 am
Forum: Beginner Basics
Topic: Firewall rule
Replies: 7
Views: 1685

Re: Firewall rule

So, you want PC1 to talk to RouterBoard 1 only and PC2 to talk to RouterBoard 2 only? And network1 is, for example, 192.168.1.0/24 and network2 is 192.168.2.0/24? Is that what you mean? if so, you just need something like this on routerboard 2 assuming PC2's IP is 192.168.2.12. Untested and typed in...
by lambert
Fri Nov 14, 2014 4:46 am
Forum: General
Topic: IPsec Disconnects
Replies: 3
Views: 1780

Re: IPsec Disconnects

I have the same problem. I'm just posting a me too here so you know you're not alone.

http://forum.mikrotik.com/viewtopic.php?f=2&t=88389
by lambert
Fri Nov 14, 2014 4:04 am
Forum: General
Topic: New forum look & feel
Replies: 64
Views: 8208

Re: New forum look & feel

The "View unread posts" is not gone - it's at the "Forum" menu on top, renamed to "View new posts" ("unread" is implied). It is gone. "View unread posts" and "View new posts" are 2 totally different functions. "unread" is NOT implied, as "View new posts" shows posts already red. Ah. I see what you ...
by lambert
Thu Nov 13, 2014 11:56 pm
Forum: General
Topic: RouterOS DHCP + Freeradius - Queues
Replies: 19
Views: 4773

Re: RouterOS DHCP + Freeradius - Queues

by lambert
Thu Nov 13, 2014 11:42 pm
Forum: General
Topic: RouterOS DHCP + Freeradius - Queues
Replies: 19
Views: 4773

Re: RouterOS DHCP + Freeradius - Queues

What reply attributes are you returning? It works for us all day every day. Below are the attributes we use for everyone. Customers with static IP addresses also get a Framed-IP attribute from the radreply table. mysql> select * from radgroupreply where groupname = "1MbCustomers"; +-----+-----------...
by lambert
Wed Nov 05, 2014 9:41 am
Forum: General
Topic: Not able to connect to device by IP after resetting
Replies: 3
Views: 594

Re: Not able to connect to device by IP after resetting

I think that is the default config for the RB1100AHx2.

The higher end devices seem to ship with a default which is less crowded. The SOHO devices ship with the more complete configuration to make them behave more like a typical consumer device out of the box.
by lambert
Wed Nov 05, 2014 9:03 am
Forum: Beginner Basics
Topic: Problems with mikrotik pppoe/freeradius/sql authentication
Replies: 5
Views: 2672

Re: Problems with mikrotik pppoe/freeradius/sql authenticati

You are doing things which are more complicated than most forum members get into. The forum members who know what you are doing tend to be busy doing these things and don't always have time to help out. The radiusd -X snippet you posted shows FreeRADIUS handling an accounting packet received from 10...
by lambert
Wed Nov 05, 2014 5:51 am
Forum: General
Topic: FreeRadius limits
Replies: 2
Views: 824

Re: FreeRadius limits

Are you getting accounting data from the MikroTik to FreeRADIUS?
by lambert
Wed Nov 05, 2014 5:36 am
Forum: General
Topic: Slower download and upload
Replies: 4
Views: 795

Re: Slower download and upload

It sounds like it may be time for an upgrade to an RB850Gx2. Unless you want to go crazy and upgrade to a rack mount unit, CCR or RB1100AH.
by lambert
Wed Nov 05, 2014 5:24 am
Forum: Beginner Basics
Topic: router was rebooted without proper shutdown
Replies: 2
Views: 754

Re: router was rebooted without proper shutdown

It can't hurt to do a clean shutdown. It would also give the router a chance to write DHCP lease information and graph information and other things safely to flash rather than loosing the last 5 minutes to an hour worth of data. We don't worry about it. I graph data via SNMP from my monitoring serve...
by lambert
Wed Nov 05, 2014 5:18 am
Forum: General
Topic: Why is RB133 supported by RouterOS v6 while RB133C isn't?
Replies: 5
Views: 1775

Re: Why is RB133 supported by RouterOS v6 while RB133C isn't

Because the RB133C is missing things... I think you answered your own question. :)
by lambert
Wed Nov 05, 2014 5:17 am
Forum: Beginner Basics
Topic: Can websites accessed without a proxy be logged?
Replies: 1
Views: 471

Re: Can websites accessed without a proxy be logged?

You can log it without actually caching the website content. But the easiest way I can think of would involve enabling the web proxy without a cache and adding an access rule to permit and log. You might be able to do it with a Layer 7 filter rule matching only new connection requests to outside IPs...
by lambert
Wed Nov 05, 2014 5:10 am
Forum: General
Topic: CRS-125-24G-1S keeps disconnecting
Replies: 5
Views: 1001

Re: CRS-125-24G-1S keeps disconnecting

I was surprised when I lost connection to the CRS I was configuring today while changing the comment on the port to which I was connected. Not a big deal, just don't change the interface to which you are MAC connected. I don't remember that happening with other models. I may not have paid enough att...
by lambert
Tue Nov 04, 2014 10:56 pm
Forum: General
Topic: RouterOS DHCP + Freeradius - Queues
Replies: 19
Views: 4773

Re: RouterOS DHCP + Freeradius - Queues

With Session-Timeout set to 3600 seconds, the mikrotik re-authenticates them every hour and they get their new MikroTik-Access-List value to change to their new plan speed within an hour of the plan being changed in the database. They can force a renewal before their current lease expires if they a...
by lambert
Tue Nov 04, 2014 10:48 pm
Forum: General
Topic: RouterOS DHCP + Freeradius - Queues
Replies: 19
Views: 4773

Re: RouterOS DHCP + Freeradius - Queues

I am trying to do shaiping via DHCP and got the same issue. I think there is an issue in DHCP processing on Mikrotik side. If station send request first time mikrotik has no lease and correctly sends requests to RADIUS. If station disconnects and resends DHCP request or makes renewal leases, Miroti...
by lambert
Tue Nov 04, 2014 10:06 pm
Forum: Beginner Basics
Topic: ipsec
Replies: 8
Views: 1519

Re: ipsec

What is the solution to help me First, tell us what the problem is. Is the remote IP one of your VPN clients attempting to connect to the VPN server? If so, they are failing to connect for some reason. Enable IPSec debugging. Find out what the error was. If the remote IP is not one of your users at...
by lambert
Tue Nov 04, 2014 2:01 am
Forum: General
Topic: Process logging 100% CPU
Replies: 5
Views: 995

Re: Process logging 100% CPU

Can you get it to export the configuration via telnet or SSH connection? It may not export the entire config you may want to only '/ip firewall export' If you can, are there any firewall rules which log packets? If so, try to disable the rule. If not just disable all entries under /system logging. /...
by lambert
Tue Nov 04, 2014 1:55 am
Forum: General
Topic: CRS-125-24G-1S keeps disconnecting
Replies: 5
Views: 1001

Re: CRS-125-24G-1S keeps disconnecting

Are you connecting via MAC address or via IP address?

What is the physical networking between your computer and the CRS?

Does is disconnect you if you are not changing things? What things are you changing? Do they affect the link between your computer and the CRS?
by lambert
Tue Nov 04, 2014 1:42 am
Forum: Wireless Networking
Topic: Low TCP throughput SXt5HPACD
Replies: 16
Views: 2199

Re: Low TCP throughput SXt5HPACD

day 3 working on this and still can't get above 170mbs. CCQ unstable and modulation keeps bouncing to different rates. Anyone else got these working stable? Did you scan for other 5.8GHz device which might be operating in the area? Not yours, devices belonging to other people. 80MHz of clean spectr...
by lambert
Tue Nov 04, 2014 1:05 am
Forum: Wireless Networking
Topic: cAP-2n
Replies: 2
Views: 5809

Re: cAP-2n

My cAP-2n just arrived today. Powered it up and set my laptop to 192.168.88.224/24 and hit 192.168.88.1. Awesome, now I'm in. The address acquisition was on static and the ip stated 0.0.0.0 so I changed it to automatic. Plugged the cAP-2n into my RB750 and I am unable to see the cAP-2n from the RB7...
by lambert
Mon Oct 27, 2014 5:15 pm
Forum: Beginner Basics
Topic: Dual Chain
Replies: 12
Views: 4145

Re: Dual Chain

Just to be sure we've answered your first questions without requiring any physics. (You had three questions): Dual chains means faster wireless throughput. Second question: In RouterOS, there are two checkboxes under the wireless interface configuration to enable or disable each chain. Third questio...
by lambert
Mon Oct 27, 2014 5:08 pm
Forum: Beginner Basics
Topic: Dual Chain
Replies: 12
Views: 4145

Re: Dual Chain

You are overthinking it. As an appliance operator, you get to check the bullet points. Side A has two chains? Check Side B has two chains? Check Side A has X dBi of antenna gain? Check Side B has X dBi of antenna gain? Check (where X is equal or greater than what you already have installed.) Install...
by lambert
Sat Oct 25, 2014 5:06 am
Forum: Beginner Basics
Topic: Dual Chain
Replies: 12
Views: 4145

Re: Dual Chain

4. there is one channel for both polarities. We can answer specific questions such as these. We usually don't have time to write a curriculum of study to take someone from zero to knowledgeable practitioner. Search engines, with the right query terms, are more time effective. I apologize if that see...
by lambert
Fri Oct 24, 2014 6:33 am
Forum: Beginner Basics
Topic: Dual Chain
Replies: 12
Views: 4145

Re: Dual Chain

by lambert
Sat Oct 11, 2014 8:24 am
Forum: General
Topic: Block all sites except 3 websites on guest network.
Replies: 1
Views: 452

Re: Block all sites except 3 websites on guest network.

Begin with http://wiki.mikrotik.com/wiki/Manual:IP/Proxy . Specifically: http://wiki.mikrotik.com/wiki/Manual:IP/Proxy#Proxy_based_firewall_.E2.80.93_Access_List Allow the three sites (it may be necessary to allow some sites on which those sites depend). Block everything else. If they are your sites...
by lambert
Tue Sep 30, 2014 8:36 am
Forum: General
Topic: Remove dude from RB493G - is there a way to?
Replies: 6
Views: 1308

Re: Remove dude from RB493G - is there a way to?

Good deal. Glad you got it working.

On which OS are you running VirtualBox? Just curious.
by lambert
Tue Sep 30, 2014 12:25 am
Forum: The Dude
Topic: Recommended Replacement Network Monitoring System??
Replies: 20
Views: 7874

Re: Recommended Replacement Network Monitoring System??

Nagios, PNP, NagioSQL, cacti, mrtg, ...
by lambert
Mon Sep 29, 2014 10:58 pm
Forum: Wireless Networking
Topic: 5500 - 5700Mhz
Replies: 6
Views: 1694

Re: 5500 - 5700Mhz

Those frequencies are allowed IF the device has been certified to comply with the rules and configured correctly and you are not interfering with any licensed user of that spectrum. MikroTik has not had the devices certified. Therefore it is illegal to use MikroTik devices on those frequencies in th...
by lambert
Thu Sep 25, 2014 3:07 am
Forum: Wireless Networking
Topic: Yet another WiFi connectivity issues
Replies: 7
Views: 1168

Re: Yet another WiFi connectivity issues

I agree it looks like 'rather wireless than mikrotik' issue, since beside wireless i really like the platform itself and it works well. If, and i say IF, AP per room considered, any suggestions what gear in particular would/could do the job? Lets say i want to go a little futureproof mode, and hand...
by lambert
Wed Sep 24, 2014 11:42 am
Forum: Wireless Networking
Topic: Yet another WiFi connectivity issues
Replies: 7
Views: 1168

Re: Yet another WiFi connectivity issues

The wireless bandwith varies - depending on the activity, whether it is internet traffic (8 mbps for now - I know it's not a lot :P) or internal traffic (filesharing). Testing indoors/dynamic didn't really make a difference forme. The SSID's are not hidden and the combination with primary wifi and ...
by lambert
Wed Sep 24, 2014 6:43 am
Forum: Wireless Networking
Topic: Yet another WiFi connectivity issues
Replies: 7
Views: 1168

Re: Yet another WiFi connectivity issues

What is the CPU utilization of the RB2011? The bandwidth flowing across the wireless interface? Other interfaces? My thinking is that it could be too busy to get to the group key renegotiation in time. Just a wild guess based on no real data. I don't do much MikroTik wireless. Have you tried setting...
by lambert
Tue Sep 23, 2014 11:59 pm
Forum: General
Topic: Remove dude from RB493G - is there a way to?
Replies: 6
Views: 1308

Re: Remove dude from RB493G - is there a way to?

Figure out why netinstall isn't working.

Have you disabled the firewall on your windows computer?
by lambert
Tue Sep 23, 2014 10:06 pm
Forum: RouterBOARD hardware
Topic: I need a recomandation
Replies: 8
Views: 1256

Re: I need a recomandation

If the budget allows, a CCR1009 might have more future-proofing.

The RB1100AHx2 is probably enough for now. But, it is old tech when the CCRs are new tech. You can see old tech as well tested or on its way out.

The choice would come down to budget and individual preference.
by lambert
Tue Sep 23, 2014 9:57 pm
Forum: RouterBOARD hardware
Topic: suggestion for a 5 gig router after testing ccr 1036
Replies: 12
Views: 2192

Re: suggestion for a 5 gig router after testing ccr 1036

/ip firewall filter add action=drop chain=forward comment="zeus drop" connection-state=new dst-address-list=zeus add action=add-src-to-address-list address-list=level1 address-list-timeout=1m chain=input connection-state=new dst-port=22,23 protocol=tcp add action=add-src-to-address-list address-lis...
by lambert
Mon Sep 22, 2014 10:45 pm
Forum: RouterBOARD hardware
Topic: suggestion for a 5 gig router after testing ccr 1036
Replies: 12
Views: 2192

Re: suggestion for a 5 gig router after testing ccr 1036

Joe asked for : /ip firewall export The reason he asked for that is that it is entirely possible for you to write the rules you described in such a way as to spin your CPU for every packet or only when necessary. You can change IP addresses in the rules for privacy, but showing us exactly what the r...
by lambert
Mon Sep 22, 2014 10:27 pm
Forum: RouterBOARD hardware
Topic: RB1100ahx2 redundant powering
Replies: 15
Views: 4473

Re: RB1100ahx2 redundant powering

What is the amp rating of the new UBNT PoE units? What is the amp rating of the old PoE units? I really expect the amp rating to make more difference than half a volt between 22 and 23 VDC. Unfortunately, I do not see power requirements for the RB1100AHx2 on routerboard.com. My RB1100AHx2 running 5....
by lambert
Mon Sep 22, 2014 9:49 pm
Forum: General
Topic: Can't access other subnets on /22 network through PPTP
Replies: 9
Views: 1620

Re: Can't access other subnets on /22 network through PPTP

It is time to get a PPTP user connected and unable to access hosts on the LAN then run /system sup-output on your mikrotik and e-mail support@mikrotik.com. It works for me in the configuration you have described up through RouterOS 6.18.
by lambert
Fri Sep 19, 2014 2:12 am
Forum: General
Topic: centralized configuration management
Replies: 2
Views: 1056

Re: centralized configuration management

I use a Makefile with all of my Tiks listed which ssh's to each device and runs the command to effect the change I want.

You could easily do it with straight shell scripting. You might be able to do it with a batch script wrapped around PuTTY in windows.
by lambert
Fri Sep 19, 2014 12:47 am
Forum: Beginner Basics
Topic: Questing regarding packet marking
Replies: 4
Views: 946

Re: Questing regarding packet marking

I believe the answer is no. I am not 100% certain. I think you would have to tag the encapsulated packet at the time it was encapsulated because once it is encapsulated, it is a different packet. It might help you to follow the packet processing through the packet processing flow charts which have b...
  • 1
  • 3
  • 4
  • 5
  • 6
  • 7
  • 11