Community discussions

Search found 533 matches

  • 1
  • 2
by lambert
Tue Jun 24, 2014 8:19 pm
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1017063

Re: CLOUD CORE ROUTER

On the 192.168.0.251 mikrotik, /ip route add gateway=192.168.0.5 I forgotten the gateway :shock: So now I added it and from the mikrotik 951 (192.168.0.251/24) I can reach the ccr1009 192.168.0.5 but not 192.168.88.0/24. From the ccr1009 (precisely 192.168.88.1) I can't reach 192.168.0.251 despite ...
by lambert
Tue Jun 24, 2014 4:53 pm
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1017063

Re: CLOUD CORE ROUTER

Is there a 192.168.88.0/24 IP address, or IP route on the 951?

did you set the default gw on your ata?
by lambert
Tue Jun 24, 2014 12:37 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1017063

Re: CLOUD CORE ROUTER

On the 192.168.0.251 mikrotik,
/ip route
add gateway=192.168.0.5
If the 192.168.0.0/24 hosts don't know how to get back to 192.168.88.0/24, how can they respond to pings and traceroutes and web requests from devices in 192.168.88.0/24 or any other non-192.168.0.0/24 hosts?
by lambert
Mon Jun 23, 2014 10:43 pm
Forum: General
Topic: multi port forwarding
Replies: 1
Views: 1690

Re: multi port forwarding

Forward 80,443 to 192.168.q.125
/ip firewall nat
add action=dst-nat chain=dstnat comment="Web Server" disabled=no \
    dst-address=a.b.c.d dst-port=80,443 protocol=tcp to-addresses=192.168.q.125
Or do you have a more specific question?
by lambert
Mon Jun 23, 2014 10:22 pm
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1017063

Re: CLOUD CORE ROUTER

This really should have been in a separate thread.

What is the default gateway on the 192.168.88.253 PC?

What is the default gateway on the 192.168.0.250 ATA?

Can the PC ping 192.168.0.5?
by lambert
Sat Jun 21, 2014 10:04 am
Forum: General
Topic: HELP! OSPF session not staying up.
Replies: 4
Views: 839

Re: HELP! OSPF session not staying up.

Redistribute-connected=as-type-1

That may not be the exact spelling. I am on my 'smart ' phone right now.

If you have connected subnets you do not want distributed, add a route filter to deny them in ospf-out.
by lambert
Fri Jun 20, 2014 9:57 pm
Forum: General
Topic: HELP! OSPF session not staying up.
Replies: 4
Views: 839

Re: HELP! OSPF session not staying up.

Are the two Tik's connected with an ethernet cable? Or is there a wireless link? With my wireless links I have a public /30 for OSPF and a private /29 for the wireless bridges. That way traceroute doesn't break. Change your NAT to not src-nat 10.255.249.6/29. What is your OSPF network type on A/1 an...
by lambert
Fri Jun 20, 2014 12:32 pm
Forum: General
Topic: How to mark youtube IPs
Replies: 34
Views: 5394

Re: How to mark youtube IPs

the whole reason of https is its name.... secure... it uses a ssl. the packets are encripted, you won't be able to see what the packet is even with layer 7, that's the whole point. many have tried but i haven't seen a model working. i haven't seen yet a layer 7 regex for https of any kind! but... i...
by lambert
Fri Jun 20, 2014 12:22 pm
Forum: General
Topic: Browsing the webpage for longer than - add to address-list
Replies: 8
Views: 932

Re: Browsing the webpage for longer than - add to address-li

"Register" can be handled by MAC address authentication. Personally, I think the users would be more aware of the need to work rather than play if they have to authenticate to play. But people say I am mean. Doing what you want will likely require a lot of scripting. You may need to hire a consultan...
by lambert
Fri Jun 20, 2014 12:15 pm
Forum: General
Topic: no buffer space
Replies: 9
Views: 1745

Re: no buffer space

If you can afford the downtime for testing, it might be good to install (15-2 = 13, 13%2 = 7, 2+7 = 9) RouterOS 6.9 and see if the problem is there. If not install (15 - 9 = 6, 6%2 = 3, 9+3 = 12) RouterOS 6.12 and test that. Then keep bisecting the versions until you get to version 6.x works and ver...
by lambert
Fri Jun 20, 2014 12:06 pm
Forum: General
Topic: no buffer space
Replies: 9
Views: 1745

Re: no buffer space

The best way to not get an answer is to not ask the question.

When you send a message to support@mikrotik.com is sends back an automated reply which lists the information they want for every support request. Did you supply all of that information?
by lambert
Thu Jun 19, 2014 9:40 pm
Forum: General
Topic: How to mark youtube IPs
Replies: 34
Views: 5394

Re: How to mark youtube IPs

I cannot afford the time to build it for you. There are consultants who would be happy to do so.

http://lmgtfy.com/?q=mikrotik+qos+cdn
by lambert
Thu Jun 19, 2014 8:44 pm
Forum: Forwarding Protocols
Topic: WE NEED EIGRP
Replies: 21
Views: 9603

Re: WE NEED EIGRP

The only thing is you should have multicast enabled links Multicast has historically had issues on Atheros based wireless links. That goes for Ubiquiti equipment and, I believe, MikroTik equipment in not too distant past. They both seem to do fairly well now. OSPF also tends to use multicast by def...
by lambert
Thu Jun 19, 2014 8:30 pm
Forum: General
Topic: MTCWE CERTIFICATION
Replies: 2
Views: 914

Re: MTCWE CERTIFICATION

It is my understanding that the MikroTik certification process requires that you take the training class, from an authorized trainer, then take the test. There is no independent study then pass the test path to MikroTik certification.
by lambert
Thu Jun 19, 2014 8:15 pm
Forum: General
Topic: Redundant RADIUS servers for authentication : bug ???
Replies: 4
Views: 1027

Re: Redundant RADIUS servers for authentication : bug ???

Of course, this assumes that ROS will accept a hostname instead of an IP address...I'm not sure if it does or not, but it might be worth a try. RouterOS does not store a hostname for that configuration field. Which results in a lot of people writing, and rewriting, scripts to periodically resolve t...
by lambert
Thu Jun 19, 2014 8:11 pm
Forum: Beginner Basics
Topic: RDP 3389 block to external connections
Replies: 10
Views: 5328

Re: RDP 3389 block to external connections

You don't happen to control the PPPoE server do you? If you run torch on your pppoe-out1 interface, do you see the outgoing RDP request? If you do, then it's time to call your ISP and ask if they have a default rule to block outgoing RDP traffic from subscribers. It would be the first time I've hear...
by lambert
Thu Jun 19, 2014 8:03 pm
Forum: General
Topic: Browsing the webpage for longer than - add to address-list
Replies: 8
Views: 932

Re: Browsing the webpage for longer than - add to address-li

Maybe you could treat the the lan as a hotspot for internet access to non-exempt work related sites. Then you could use user manager or RADIUS to set limits on session time which could be 5 minutes per "ticket". You could have an automated system which issues one new "ticket" per hour. I can visuali...
by lambert
Thu Jun 19, 2014 7:52 pm
Forum: General
Topic: How to mark youtube IPs
Replies: 34
Views: 5394

Re: How to mark youtube IPs

You should be able to identify CDN type hosts with mangle/firewall rules and connection-byte. If you add those hosts to an address-list you can shape traffic to that dst-address-list however you like. The devil is in the details.
by lambert
Thu Jun 19, 2014 7:47 pm
Forum: General
Topic: Mentioning IP Pool
Replies: 9
Views: 1387

Re: Mentioning IP Pool

Okay, that sounds logical then. As long as the mikrotik 1:1 NAT can handle hosts on the network and broadcast addresses of the /24, he should be okay. Is the 1:1 pool subnet usually configured in /ip addresses? Or is it just a logical range and the Tik intercepts traffic to those addresses on the fo...
by lambert
Thu Jun 19, 2014 5:45 pm
Forum: General
Topic: PPtP Incoming Filter Rules
Replies: 3
Views: 1882

Re: PPtP Incoming Filter Rules

Yes. All traffic passes through the default chains. Defining other chains is for your convenience and to improve filter rule efficiency. If you want to apply a lot of rules to one specific host, or group of hosts, that could take up a lot of of filter processing time. If those hosts are not a majori...
by lambert
Thu Jun 19, 2014 5:36 pm
Forum: General
Topic: Mentioning IP Pool
Replies: 9
Views: 1387

Re: Mentioning IP Pool

If they have static IPs, what is the point of having an IP pool? I do not use hotspot, so maybe there is some point I do not know about.

What is the IP address which is configured on the hotspot facing interface?
by lambert
Thu Jun 19, 2014 5:28 pm
Forum: Scripting
Topic: does this exist for an interface already...
Replies: 4
Views: 1058

Re: does this exist for an interface already...

Load balancing is more of a manual configuration process via any of the MikroTik user interfaces. See http://wiki.mikrotik.com/wiki/Manual:PCC
by lambert
Thu Jun 19, 2014 10:33 am
Forum: General
Topic: no buffer space
Replies: 9
Views: 1745

Re: no buffer space

The link to your airfiber was probably not working for the first several pings. I've seen the no buffer space error when the physical link is up, but the device on the other end was not actually doing anything with the packets yet. I think it was while I was trying to ping the remote end of an AirFI...
by lambert
Thu Jun 19, 2014 10:23 am
Forum: General
Topic: Mentioning IP Pool
Replies: 9
Views: 1387

Re: Mentioning IP Pool

Hi Is it possible to mention ip pool in CIDR Notation ? For example , to specify a pool 192.168.1.1-192.168.1.254 , is it syntactically correct in Mikrotik to specify 192.168.1.0/24 ? That would not be correct 192.168.1.0/24 would include 192.168.1.0 and 192.168.1.255 in addition to 192.168.1.1-192...
by lambert
Thu Jun 19, 2014 9:59 am
Forum: RouterBOARD hardware
Topic: Wish - RB2011UiAS-2HnD-RM ?
Replies: 25
Views: 9493

Re: Wish - RB2011UiAS-2HnD-RM ?

Kids these days are spoiled by their 4 post rack cabinets... Rack does not have to mean a metal cabinet. I have a 19" two post relay rack for my network and server gear at the house. My current RB951 AP is sitting on a shelf 2U below the 48 port patch panel and above the Atom based server. I have go...
by lambert
Tue Jun 17, 2014 10:21 pm
Forum: General
Topic: L2tp / ipsec client vpn
Replies: 4
Views: 2390

Re: L2tp / ipsec client vpn

Then you are going to have to give us more information. Telling us "Tried that. Didn't work." is not a useful diagnostic. :)

Show us the configuration you made on the client.
/int l2tp-client export
/ppp export
/ip ipsec export
...
Please remove the actual secrets and passwords.
by lambert
Tue Jun 17, 2014 1:24 am
Forum: Beginner Basics
Topic: Device dead or at the least in a coma
Replies: 6
Views: 1259

Re: Device dead or at the least in a coma

Do you get link lights on the problem ports? Just for fun, try running "/int ethernet enable 2,3,4". Does "/int ethernet monitor 2,3,4" register any changes when you plug or unplug devices into those ports? While writing this answer, I just found one of my ports, ether5, only advertising 10Mbps rate...
by lambert
Tue Jun 17, 2014 12:25 am
Forum: General
Topic: creating new user that won't be able to remove admin
Replies: 2
Views: 573

Re: creating new user that won't be able to remove admin

http://wiki.mikrotik.com/wiki/Manual:Router_AAA policy - policy that grants user management rights. Should be used together with write policy. Allows also to see global variables created by other users (requires also 'test' policy). I do not think RouterOS has fine-grained enough user management ri...
by lambert
Tue Jun 17, 2014 12:18 am
Forum: General
Topic: Create a queue for priority without a max limit
Replies: 13
Views: 1804

Re: Create a queue for priority without a max limit

We still do not understand what you are trying to do. Try to use more words to be more specific and detailed about what you are trying to do. Just bumping the post without added details of clarity is less likely to get a good answer.
by lambert
Tue Jun 17, 2014 12:12 am
Forum: General
Topic: L2tp / ipsec client vpn
Replies: 4
Views: 2390

Re: L2tp / ipsec client vpn

Take the client config part from this document http://wiki.mikrotik.com/wiki/L2TP_%2B_ ... ik_routers.
by lambert
Tue Jun 17, 2014 12:09 am
Forum: Wireless Networking
Topic: Problem with the WISP
Replies: 18
Views: 3656

Re: Problem with the WISP

You need to watch the amperage of the supply you are using. You'll need enough amps to run both devices while using the PoE out feature. I suspect the 951's power supply will be more likely to have enough amps for both devices. If you want to use one power supply for both devices and the SXT is your...
by lambert
Mon Jun 16, 2014 11:41 pm
Forum: General
Topic: PPtP Incoming Filter Rules
Replies: 3
Views: 1882

Re: PPtP Incoming Filter Rules

If you create a non-default chain, you have to use a jump in one of the default chains in order to get to your chain.

Otherwise the OS has no idea what you intended to do.

Or did I mis-understand your question?
by lambert
Sat Jun 14, 2014 1:19 am
Forum: General
Topic: first L2TP UDP packet received from x.x.x.x
Replies: 1
Views: 4308

Re: first L2TP UDP packet received from x.x.x.x

Enable logging of l2tp messages.
by lambert
Sat Jun 14, 2014 1:12 am
Forum: Beginner Basics
Topic: Where are the Routerboard Firmware Update Changlogs
Replies: 1
Views: 569

Re: Where are the Routerboard Firmware Update Changlogs

http://www.google.com/search?q=mikrotik ... +changelog

It doesn't seem to have been updated yet. Maybe MikroTik will get to it. Maybe they won't. Open a support ticket if you really really want to know.
by lambert
Sat Jun 14, 2014 1:09 am
Forum: General
Topic: Edit - RB2011UiAS-2HnD-IN crashes using IPSEC
Replies: 1
Views: 765

Re: Edit - RB2011UiAS-2HnD-IN crashes using IPSEC

Have you tried resetting the configuration to defaults then reconfiguring the device again. Sometimes after an upgrade the config doesn't update correctly.
by lambert
Sat Jun 14, 2014 1:02 am
Forum: General
Topic: Local Static IP not acessible - MAC reachable. Any solution
Replies: 3
Views: 818

Re: Local Static IP not acessible - MAC reachable. Any solut

Is D4:CA:6D:85:F4:DE the mac address of ETH02_to_Swit...? If not, I suspect there may be another device in the switch with also thinks it own the 192.168.1.1 IP. If that is the MAC address of ETH02_to_Swit..., then I would suspect that someone has created a loop in the network which ends up with one...
by lambert
Sat Jun 14, 2014 12:52 am
Forum: General
Topic: [ASK] beginner ask about VPN connection
Replies: 2
Views: 666

Re: [ASK] beginner ask about VPN connection

I am sorry. Google did not translate well.

Please, also state your question in your native language. This is a very international community. Someone else may be able to make a better translation than Google did.
by lambert
Sat Jun 14, 2014 12:47 am
Forum: Forwarding Protocols
Topic: Routed OSPF network 2 WAN DSL connections to ISP
Replies: 5
Views: 2177

Re: Routed OSPF network 2 WAN DSL connections to ISP

Where are the IPs from the /29 of the DSL connection on TIK1 configured? On the PPPoE interface? If so, the IPs may go invalid when the connection falls down and be withdrawn from OSPF which would mean that TIK2 would no longer be able to find a route for those IPs. What are your firewall rules? bot...
by lambert
Sat Jun 14, 2014 12:30 am
Forum: Forwarding Protocols
Topic: ospf with primary and secondary link (offline until needed)
Replies: 1
Views: 3073

Re: ospf with primary and secondary link (offline until need

Did you change the priority of the backup link on both sides of the link? In which direction do you see traffic? There will always be some, very small amount of, traffic on the backup link. That traffic will be OSPF neighbor association maintenance. If your primary link is lightly loaded, you might ...
by lambert
Sat Jun 14, 2014 12:15 am
Forum: Forwarding Protocols
Topic: OSPF link state down
Replies: 6
Views: 2879

Re: OSPF link state down

Hi all, I'm seeing some strange behaviour of OSPF on wireless link's. I have OSPF running on approx 40 router's and there is probaly some bug causing that randomly some wireless interface change state to down, If I check wireless registration table link uptime is in days. There is no message in log...
by lambert
Thu Jun 12, 2014 9:58 pm
Forum: Wireless Networking
Topic: [SOLVED] Ubiquiti AP and Mikrotik CPE
Replies: 6
Views: 6205

Re: Ubiquiti AP and Mikrotik CPE

In other words, make sure AirMax is disabled on the Ubiquiti AP. And do not try to use nstream or NV2 on the MikroTik client.
by lambert
Thu Jun 12, 2014 12:49 am
Forum: Forwarding Protocols
Topic: prevent OSPF dynamic routes / interfaces
Replies: 4
Views: 2151

Re: prevent OSPF dynamic routes / interfaces

You say you adjusted several properties, sigh.

We are going to need to see /routing ospf export.

What are the devices to which your MikroTik is supposed to speak OSPF? What OSPF configuration are they running?
by lambert
Thu Jun 12, 2014 12:00 am
Forum: Wireless Networking
Topic: Problem with the WISP
Replies: 18
Views: 3656

Re: Problem with the WISP

The signals which affect your link are the signals which the radios on either end of your link can hear. Shielding the SXT will allow it to not hear the noise on the sides and back. It will then only hear signals from the direction of your AP. That makes picking out and decoding the AP's signal much...
by lambert
Tue Jun 10, 2014 7:58 pm
Forum: General
Topic: RADIUS rate refresh after DHCPREQUEST
Replies: 3
Views: 697

Re: RADIUS rate refresh after DHCPREQUEST

I've not looked into the protocol specifics. However, I have a couple thousand fixed wireless clients for whom it works. Without session timeout in the radius reply, the MikroTik DHCP server never re-queried radius on lease renewal. The MikroTik DHCP server had authorization for the user, without a ...
by lambert
Tue Jun 10, 2014 7:07 am
Forum: General
Topic: RADIUS rate refresh after DHCPREQUEST
Replies: 3
Views: 697

Re: RADIUS rate refresh after DHCPREQUEST

Set the Session-Timeout in the RADIUS reply. mysql> select * from radgroupreply where groupname = "6MbBusiness"; +-----+-------------+-----------------------+----+-------------+ | id | groupname | attribute | op | value | +-----+-------------+-----------------------+----+-------------+ | 210 | 6MbBu...
by lambert
Thu Jun 05, 2014 6:47 am
Forum: General
Topic: How block OS Windows
Replies: 39
Views: 7778

Re: How block OS Windows

pfSense https://www.pfsense.org/about-pfsense/features.html Third bullet point under Firewall heading... pfSense software utilizes p0f, an advanced passive OS/network fingerprinting utility to allow you to filter by the Operating System initiating the connection. Want to allow FreeBSD and Linux mach...
by lambert
Tue Jun 03, 2014 5:50 am
Forum: Scripting
Topic: Get OS of Client
Replies: 5
Views: 1362

Re: Get OS of Client

I don't think RouterOS has OS fingerprinting features. You could use nmap from another device to map IPs to its best guess of what OS your clients are running. If you use hotspot http authentication, you can put your hotspot auth page on a server which can log what the web browser claims its OS and ...
by lambert
Fri May 30, 2014 9:51 pm
Forum: General
Topic: L2TP/IPsec dropped after site-to-site IPsec configured
Replies: 2
Views: 770

Re: L2TP/IPsec dropped after site-to-site IPsec configured

We can look into our crystal ball when it returns from the shop. In the meantime, you could post your
/ip ipsec export
Remember to remove shared secrets and any other sensitive information from what you post.
by lambert
Fri May 30, 2014 9:44 pm
Forum: Beginner Basics
Topic: VPN L2TP/IPsec connection works in LAN but not WAN
Replies: 4
Views: 3678

Re: VPN L2TP/IPsec connection works in LAN but not WAN

My guess is that the OP had a firewall filter rules similar to : /ip firewall filter add chain=input comment="default configuration" protocol=icmp add chain=input comment="default configuration" connection-state=established add chain=input comment="default configuration" connection-state=related add...
by lambert
Fri May 23, 2014 4:36 pm
Forum: General
Topic: RB450 bricked after RouterOS upgrading. Any solution Pls?
Replies: 21
Views: 2990

Re: RB450 bricked after RouterOS upgrading. Any solution Pls

You can't tell how a pre-made serial cable is wired by looking at it unless they were nice enough to stamp "Null-Modem" in the plastic shroud of the connector. You can tell how a pre-made serial cable is wired by using an ohm meter to determine which wire is connected to which pin at each end of the...
by lambert
Thu May 22, 2014 10:55 pm
Forum: General
Topic: RB450 bricked after RouterOS upgrading. Any solution Pls?
Replies: 21
Views: 2990

Re: RB450 bricked after RouterOS upgrading. Any solution Pls

Your first screenshot shows that you uploaded mipsle packages to your mipsbe device. If you will netinstall the firmware for the correct architecture it should work better.
by lambert
Thu May 22, 2014 9:07 am
Forum: The User Manager
Topic: always Radius Server Not responding
Replies: 4
Views: 1796

Re: always Radius Server Not responding

restart radiusd on the ubuntu box with "radiusd -X" then watch the logs while the MikroTik sends a request. It will most likely show that your shared secret is not correct, if you have the MikroTik added to the client setup in FreeRADIUS at all.
by lambert
Wed May 14, 2014 9:56 pm
Forum: General
Topic: RB2011UiAS-IN using as switch
Replies: 7
Views: 1133

Re: RB2011UiAS-IN using as switch

Thank you guys, rextended procedure was the best solution for me, thanks rextended, but I still have a doubt, what's the difference between these settings: bridge1-1000 ports: ether1,ether2,ether3,ether4,ether5 bridge2-100 ports: ether6,ether7,ether8,ether9,ether10 bridge3-all ports: bridge1-1000,b...
by lambert
Thu May 08, 2014 8:33 am
Forum: General
Topic: where is WOL?
Replies: 4
Views: 1173

Re: where is WOL?

It's there for me in 6.12 on the boxes I have.

CCR1036:
> /tool wol
mac:
Script Error: action cancelled
RB493G:
> /tool wol
mac:
Script Error: action cancelled
2011UiAS-2HnD:
> /tool wol
mac:
Script Error: action cancelled
I don't have any RB600s.
by lambert
Sun Mar 09, 2014 7:58 am
Forum: Wireless Networking
Topic: WISP Best Practices and Making Performance Better
Replies: 9
Views: 3219

Re: WISP Best Practices and Making Performance Better

With more narrower beam width you mean if I am currently using 120' sector then I should use 90' sectors ? I am ready to pay for proprietary wireless protocol.. please explain how to do it ? Cant use N-Stream because the CPE's are not Microtik. They are Ubiquitti Loco 2 Nanostations at the customer...
by lambert
Fri Mar 07, 2014 7:12 pm
Forum: Wireless Networking
Topic: Some questions regarding a WISP setup.
Replies: 26
Views: 6952

Re: Some questions regarding a WISP setup.

Use good antennas with good shielding for any chance of frequency re-use. We are tending to use antennas from http://www.kpperformance.ca/2-4-ghz-antennas You may be able to use vertical antenna separation to improve frequency reuse. I have much more frequency available in 5 GHz band. You could try ...
by lambert
Fri Mar 07, 2014 2:43 am
Forum: Wireless Networking
Topic: Large HW Frame vs Frames difference
Replies: 2
Views: 1517

Re: Large HW Frame vs Frames difference

Lower your output power some more. If you can set tx power to 1, the link should still work. I don't know if SXT's will allow that power setting or not. I tend to suspect improper alignment when the chains have more then 3dB difference in the RSSIs. However, If they are very close together, and you ...
by lambert
Fri Mar 07, 2014 1:06 am
Forum: Wireless Networking
Topic: 5.4kms point to point link
Replies: 4
Views: 1082

Re: 5.4kms point to point link

I am not clear on what your image represents, ground clutter or terrain. Assuming the path profile shows Earth, rather than ground clutter, and that the vertical scale is meters, you will get 0 throughput without 20 to 25 meters above ground level radio mount points at each end, rough guess. If ther...
by lambert
Fri Mar 07, 2014 12:38 am
Forum: Wireless Networking
Topic: WISP Best Practices and Making Performance Better
Replies: 9
Views: 3219

Re: WISP Best Practices and Making Performance Better

nstream or nv2 should get you more than the standard 802.11 MAC.

More narrower beamwidth sectors.

After that, you need to pay more money for proprietary wireless protocol systems.
by lambert
Fri Mar 07, 2014 12:04 am
Forum: General
Topic: L2TP Over IPSec with OSX Not Working?
Replies: 4
Views: 2525

Re: L2TP Over IPSec with OSX Not Working?

Next series of wild guesses.... 6.10? has problems with aes-256 IIRC **KNOWN ISSUE: IPsec AES-CBC 256 Bit encryption algorithm doesn't work in some cases. Use 128 bit AES, or hold on for v6.11** I have no idea how that problem would present in MacOS X errors. What are the ppp-in/ppp-out filters? Doe...
by lambert
Thu Mar 06, 2014 10:24 pm
Forum: General
Topic: L2TP Over IPSec with OSX Not Working?
Replies: 4
Views: 2525

Re: L2TP Over IPSec with OSX Not Working?

My best guess is: Your client, the Mac, has to connect to the IP address on the mikrotik which will be the preferred source IP for packets returned to your client. The MikroTik does not reply from the IP address to which your client connected. It's an annoying bug. If you have multiple paths out of ...
by lambert
Thu Mar 06, 2014 10:19 pm
Forum: General
Topic: Dual radios ptp, OSPF, failover works, just not 2x speed.
Replies: 4
Views: 879

Re: Dual radios ptp, OSPF, failover works, just not 2x speed

Let us know how that compares when you get it setup, please.
by lambert
Thu Mar 06, 2014 2:11 am
Forum: General
Topic: Make Router Respond to Pings Only From Same Subnet...
Replies: 10
Views: 914

Re: Make Router Respond to Pings Only From Same Subnet...

four filter rules input icmp src-address=10.0.0.0/24 dst-address=10.0.0.1 accept input icmp src-address=10.0.1.0/24 dst-address=10.0.1.1 accept input icmp src-address=10.0.2.0/24 dst-address=10.0.2.1 accept input icmp deny Now, go break out the caffeine. It sounds like you're having one of those day...
by lambert
Wed Mar 05, 2014 5:05 pm
Forum: Wireless Networking
Topic: Some questions regarding a WISP setup.
Replies: 26
Views: 6952

Re: Some questions regarding a WISP setup.

I have almost decided to go for a 802.11g(3x120° sectors) setup for first few customers. How many users will I be able to support If I limit the channel to 10MHz? There are no other WISPs in the city, so there will not be any competition for spectrum for now. I will keep in mind what you said about...
by lambert
Tue Mar 04, 2014 5:16 pm
Forum: Wireless Networking
Topic: Some questions regarding a WISP setup.
Replies: 26
Views: 6952

Re: Some questions regarding a WISP setup.

One radio per antenna. Do not use a splitter to feed three 120 degree sectors. Use enough bandwidth to support actual customers. 20Mhz channels mean you hear twice the interference as you would at 10Mhz. 10Mhz also plays better with multiple sectors on the tower. You want a minimum of 10Mhz between ...
by lambert
Tue Mar 04, 2014 3:22 am
Forum: General
Topic: Dual radios ptp, OSPF, failover works, just not 2x speed.
Replies: 4
Views: 879

Re: Dual radios ptp, OSPF, failover works, just not 2x speed

Since these wireless links are simplex rather than duplex, using one radio to transmit (mostly) and one radio to recieve (mostly) brings your throughput from approximately 50% theoretical throughput each way to 100% theoretical (mostly) each way. This is what people mean when they say that the setup...
by lambert
Mon Mar 03, 2014 10:37 pm
Forum: General
Topic: How to block all traffic from outside to my Router
Replies: 14
Views: 7935

Re: How to block all traffic from outside to my Router

Someone on upstairs router is streaming video from Amazon? Traffic comes in from ISP1. Traffic goes out ether2, "Upstairs WiFi Router". IP addresses of high traffic connections belong to Amazon. /ip firewall nat add action=masquerade chain=srcnat Some machine connected to Upstairs WiFi Router reques...
by lambert
Fri Feb 28, 2014 3:33 pm
Forum: General
Topic: v5.26 NTP Server "server-not-synchronized"
Replies: 6
Views: 1401

Re: v5.26 NTP Server "server-not-synchronized"

How long has the server been up? With the regular ntp.org server software, the server can have the right time, without declaring itself stable yet. Once the server thinks it has a good sync, you may be okay.
by lambert
Tue Feb 25, 2014 5:28 pm
Forum: General
Topic: about radius server and mikrotik
Replies: 2
Views: 642

Re: about radius server and mikrotik

I am not certain that I am parsing your question correctly. I may be answering the wrong question. Here is a sample of the RADIUS attributes I set to put DHCP users into address lists. I use the address lists for mangle and queue trees, but it will work with firewall filter rules also. FreeRADIUS / ...
by lambert
Thu Feb 20, 2014 3:01 am
Forum: RouterBOARD hardware
Topic: Installing Xenserver on Routerboard CCR1016-12G
Replies: 2
Views: 1403

Re: Installing Xenserver on Routerboard CCR1016-12G

http://www.linleygroup.com/newsletters/newsletter_detail.php?num=4732&year=2011&tag=3 Power efficiency is the most obvious benefit of Tilera’s proprietary VLIW CPU design. The company claims a performance-per-watt advantage of up to 10× over Intel’s 32nm Xeon design. In the server market, however, ...
by lambert
Thu Feb 20, 2014 2:33 am
Forum: RouterBOARD hardware
Topic: Power UBNT Radio from 2011UAS-2HnD-IN
Replies: 7
Views: 2188

Re: Power UBNT Radio from 2011UAS-2HnD-IN

I guess it would depend on the total current draw of the UBNT devices and whether or not that draw is permissible through PoE out port. I had missed that ChrisHumphreys was trying to power two UBNT devices. I read too quickly. It looks like the 2011UiAS-2HnD-IN probably only has 500mA out on port 10...
by lambert
Wed Feb 19, 2014 9:17 pm
Forum: RouterBOARD hardware
Topic: RB1100ahx2 redundant powering
Replies: 15
Views: 4613

Re: RB1100ahx2 redundant powering

Somewhere on the forum, Normis posted that at least one model device was able to use two power supplies for the purpose of failover so long as the difference in voltage between the two power supplies was greater than 2v DC. It would run on the higher voltage and use the lower voltage supply if the h...
by lambert
Wed Feb 19, 2014 9:11 pm
Forum: RouterBOARD hardware
Topic: Power UBNT Radio from 2011UAS-2HnD-IN
Replies: 7
Views: 2188

Re: Power UBNT Radio from 2011UAS-2HnD-IN

A slightly different product will do what you request. You want the RB2011UiAS-2HnD-IN. Note the added "i".

http://routerboard.com/RB2011UiAS-2HnD-IN

You should be able to power the ubiquiti device from ether10 on that device. I haven't checked for availability on those.
by lambert
Sat Jan 25, 2014 12:31 am
Forum: General
Topic: HELP with L2TP/IPsec
Replies: 6
Views: 940

Re: HELP with L2TP/IPsec

What is the version of your RouterOS?
by lambert
Sat Jan 25, 2014 12:28 am
Forum: General
Topic: Firewall filter rules and nmap scan results
Replies: 12
Views: 3848

Re: Firewall filter rules and nmap scan results

nmap the internal address just for fun.
by lambert
Fri Jan 24, 2014 8:48 pm
Forum: General
Topic: enhance "check-gateway" feature - use arbitrary check IP
Replies: 34
Views: 29913

Re: enhance "check-gateway" feature - use arbitrary check IP

It really would be nice if we could do that per route. Dreaming, and applying to one of my real situations, that might look like: /ip route add check-gateway=ping check-address=A.B.C.1 comment=Wireless distance=10 dst-address=0.0.0.0/1 gateway=\ H.I.J.225 add check-gateway=ping comment=DSL distance=...
by lambert
Sat Jan 11, 2014 12:12 am
Forum: RouterBOARD hardware
Topic: Replacing RB1200
Replies: 3
Views: 1179

Re: Replacing RB1200

with /export compact, I didn't think there were supposed to be any mac addresses.
by lambert
Fri Jan 10, 2014 8:53 am
Forum: General
Topic: Firewall filter rules and nmap scan results
Replies: 12
Views: 3848

Re: Firewall filter rules and nmap scan results

I don't see anything that tells me what the issue is. Are you still seeing the extra ports when you nmap your A.B.C.14 IP?

I don't use routing-marks so it may be some side effect of that. I'm sorry but I'm out of ideas.
by lambert
Thu Jan 09, 2014 10:27 am
Forum: General
Topic: Exempt access to server from queue
Replies: 3
Views: 861

Re: Exempt access to server from queue

/ip firewall mangle add chain=forward comment="Server traffic, bypass mangle" dst-address-list=ServerIPs add action=mark-connection chain=forward comment="Identify 1Mbps Dedicated customer connections" \ connection-state=new new-connection-mark=1024kb_ded_conn src-address-list=1MbDedicated add acti...
by lambert
Thu Jan 09, 2014 10:20 am
Forum: General
Topic: Firewall filter rules and nmap scan results
Replies: 12
Views: 3848

Re: Firewall filter rules and nmap scan results

IP address of my nmap machine is 192.168.0.119, connected to ether2_homenet. I think I forgot to ask for ip address print and your nmap command is ? nmap -sT A.B.C.14 ? It looks like you are using routing marks. Could you show us the output of /ip route export Are you trying to keep address space i...
by lambert
Mon Jan 06, 2014 8:36 am
Forum: General
Topic: Firewall filter rules and nmap scan results
Replies: 12
Views: 3848

Re: Firewall filter rules and nmap scan results

In order to do more than guess, I believe we need to see /interface print /ip address export /ip firewall export /ip firewall print /ip mangle print /ip route print Then tell us the IP address of your nmap machine, the physical port on the MikroTik to which your nmap machine is connected, and the ac...
by lambert
Sun Jan 05, 2014 7:15 am
Forum: Virtualization
Topic: MetaROUTER possibilities?
Replies: 1
Views: 1979

Re: MetaROUTER possibilities?

What you are thinking should work.

Just make sure metarouter is supported on your hardware.
by lambert
Sun Jan 05, 2014 7:13 am
Forum: General
Topic: Throughput when bridged slower than NAT
Replies: 2
Views: 1768

Re: Throughput when bridged slower than NAT

When the RB2011 is bridged, could one of the other devices connected to the 2011 be acting as a DHCP server and your connection using that device as it's default gateway instead of the CCR? Have you tried disabling all interfaces other than the uplink and the one connected to your test router to see...
by lambert
Sun Jan 05, 2014 7:05 am
Forum: General
Topic: Firewall filter rules and nmap scan results
Replies: 12
Views: 3848

Re: Firewall filter rules and nmap scan results

Do you have any port forwarding NAT rules?

If no, you may not be scanning the correct IP address. Is "<IP>" the address assigned to your PPPoE-TelekomDSL interface or a LAN IP?
by lambert
Sun Jan 05, 2014 7:00 am
Forum: RouterBOARD hardware
Topic: Replacing RB1200
Replies: 3
Views: 1179

Re: Replacing RB1200

You can use an "/export compact" (5.x) or "/export" (6.x) from the 1200 to configure the 1100. I haven't used a 1200. You would need to pay attention to different numbers of ethernet interfaces, if they are different. Do not try to use a /backup from the 1200 to load up the 1100. Much badness could ...
by lambert
Sun Jan 05, 2014 6:45 am
Forum: General
Topic: Exempt access to server from queue
Replies: 3
Views: 861

Re: Exempt access to server from queue

Use "/ip mangle" rules to mark the packets going to yourIPs differently than you mark the packets going to !yourIPs. Using an address-list named something like "yourIPs".

Setup queues, simple or queue tree, to use the marks.
by lambert
Sun Jan 05, 2014 6:38 am
Forum: RouterBOARD hardware
Topic: CRS125-24G - Mikrotik 24 port switch / Switch chip features
Replies: 4
Views: 2609

Re: CRS125-24G - Mikrotik 24 port switch / Switch chip featu

Kreacher is thinking of the CCR series rather than the CRS series.
by lambert
Mon Dec 30, 2013 10:01 am
Forum: General
Topic: No Internet on Some IP Addresses
Replies: 5
Views: 2192

Re: No Internet on Some IP Addresses

I'm going to try to thin this down to relevant info... /ip address> pri Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK INTERFACE 1 ;;; Radius 172.16.1.9/29 172.16.1.8 ether1 7 ;;; West Sector Bcc 172.16.1.85/30 172.16.1.84 ether10 10 2.2.2.1/32 2.2.2.1 lobridge When did Oklahoma mov...
by lambert
Sat Dec 21, 2013 10:28 pm
Forum: General
Topic: No Internet on Some IP Addresses
Replies: 5
Views: 2192

Re: No Internet on Some IP Addresses

I am using a RB1100 to route Internet from our service provider to our WISP customers. Port 1 on the RB1100 is hooked to the Internet. Ports 2 - 10 route it to various sector AP's and backhauls. I have a couple of customers that have static IP addresses. At times they are unable to access the Inter...
by lambert
Mon Dec 16, 2013 9:30 pm
Forum: Wireless Networking
Topic: 6 SXT G-2HnD AP as a base station
Replies: 7
Views: 2840

Re: 6 SXT G-2HnD AP as a base station

Do client laptops and smartphones work on 5mhz channels?? No. Do they sense Nstreme or NS2? No. What if we plan a wifi-zone?? A hotspot? With all the APs on the one tower? No. You will self-interfere until nothing works. The client laptops and smart phones will hear the tower just fine. However, th...
by lambert
Wed Dec 04, 2013 7:34 am
Forum: RouterBOARD hardware
Topic: "Radius Server is not responding" Logs
Replies: 5
Views: 2574

Re: "Radius Server is not responding" Logs

Why do you want to change the RADIUS error message? What do you feel you will gain by disabling an informational error message? Do you desire to use RADIUS for an authentication or authorization purposes. The english in your first post contained almost zero content. It was probably automatically tra...
by lambert
Thu Oct 24, 2013 8:41 am
Forum: Beginner Basics
Topic: Buttons in Winbox
Replies: 9
Views: 1379

Re: Buttons in Winbox

The device you are using most likely does not have a battery backed real time clock. Saves cost. Use NTP to set the clock automatically.
by lambert
Thu Sep 26, 2013 7:46 am
Forum: RouterBOARD hardware
Topic: RB951-2HnD blocked some features ...
Replies: 1
Views: 1149

Re: RB951-2HnD blocked some features ...

The disabled options is a known problem with RouterOS 6.4. If you close the option window and reopen it, the options should be re-enabled. Or you can downgrade to 6.3.
by lambert
Tue Sep 24, 2013 11:23 pm
Forum: General
Topic: Mikrotik Rate Limit - Queue Tree
Replies: 2
Views: 936

Re: Mikrotik Rate Limit - Queue Tree

The RADIUS attribute you are using creates simple queues. That is what it does. If you want to use queue tree, create your mangle rules to mark packets based on address lists. Then create your queue trees to use the packet marks. Then configure RADIUS to return mikrotik-address-list attributes inste...
by lambert
Fri Sep 20, 2013 6:19 am
Forum: General
Topic: Multiple Mikrotik-Rate-Limit how to
Replies: 2
Views: 1362

Re: Multiple Mikrotik-Rate-Limit how to

Have you considered having RADIUS return a mikrotik-address-list attribute rather than a mikrotik-rate-limit attribute and using the address-list in your statically configured queues? We put different classes of users in different address-lists via RADIUS and the PCQ queue types used in the queue tr...
by lambert
Fri Sep 20, 2013 6:09 am
Forum: General
Topic: rb750up
Replies: 1
Views: 674

Re: rb750up

You forgot to tell us what version of RouterOS you are using.
by lambert
Fri Sep 20, 2013 6:05 am
Forum: General
Topic: Request for for some PPPoE Server features
Replies: 3
Views: 1150

Re: Request for for some PPPoE Server features

Request for for some PPPoE Server features: Ability to connect to PPPoE server with any or even empty username and password Use RADIUS rather than built-in ppp secrets. Your RADIUS server should be able to make this happen. Logging passwords in PPPoE server when using PAP. Currently, when user tryi...
by lambert
Tue Sep 17, 2013 10:55 pm
Forum: General
Topic: mikrotik + freeradius + dhcp + simple queue
Replies: 4
Views: 1913

Re: mikrotik + freeradius + dhcp + simple queue

Are you returning a session-timeout? Or are you just using the 3 day timeout from your stock DCHP server config? Session-Timeout := ${lease time} I suspect MikroTik's DHCP server only checks RADIUS again when the Session-Timeout has expired. It may assume an infinite Session-Timeout if it does not r...
by lambert
Tue Sep 17, 2013 8:16 pm
Forum: Forwarding Protocols
Topic: Network routed with OSPF with 2 default routes
Replies: 12
Views: 4379

Re: Network routed with OSPF with 2 default routes

I think they are planning to fix this in RouterOS 7.x. I have a flakey BGP transit provider who takes down half my network at least once per month when the BGP peering session drops or the default route is withdrawn. I moved to 6.x because it was supposed to be better. Maybe it is, maybe my flakey p...
by lambert
Wed Sep 11, 2013 10:13 pm
Forum: General
Topic: Catching a bad RB1200
Replies: 2
Views: 571

Re: Catching a bad RB1200

I don't know that you'll get the RB450 to do what you want, but if you have a general *nix box with a serial port, you can try : http://www.conserver.com/ Combined with http://wiki.mikrotik.com/wiki/Serial_Port_Usage you should be able to use conserver on a *nix box anywhere with continued IP connec...
by lambert
Fri Sep 06, 2013 2:29 am
Forum: General
Topic: PPPoE & RADIUS with a dynamic address list
Replies: 2
Views: 1004

Re: PPPoE & RADIUS with a dynamic address list

That's a great question. I hope someone knows the answer. I can see that being very useful in the future. I cannot think of any way to get it done at the moment, other than having some process on the FreeRADIUS box watch the logins and manipulate the mikrotik when it sees a user such as that log in.
by lambert
Thu Aug 29, 2013 5:45 am
Forum: General
Topic: PPP and Radius, but with limit sessions
Replies: 1
Views: 576

Re: PPP and Radius, but with limit sessions

limit 2 what?

simultaneous-use?

total number of sessions on the mikrotik?

Hours? Bytes? Ports?
by lambert
Wed Jun 26, 2013 9:07 pm
Forum: Wireless Networking
Topic: 6 SXT G-2HnD AP as a base station
Replies: 7
Views: 2840

Re: 6 SXT G-2HnD AP as a base station

Use vertical separation for at least half the APs, 3m at least. So two groups of 3 APs installed 3 - 5 meters apart. Add Metal shielding for every AP so that APs cannot hear other APs louder than -60dB RSSI. Use 5MHz channels. You can't do that if you are talking to consumer devices. Turn the power ...
by lambert
Sat Jun 22, 2013 9:23 am
Forum: General
Topic: Router OS Re install
Replies: 5
Views: 823

Re: Router OS Re install

I suspect that keeping the configuration will keep the password which you do not know. Hopefully you have a text format backup of the config you can use to reload the configuration. Only you can decided if you can deal with clearing the configuration.
by lambert
Sat Jun 22, 2013 8:53 am
Forum: General
Topic: Router OS Re install
Replies: 5
Views: 823

Re: Router OS Re install

http://wiki.mikrotik.com/wiki/Manual:Li ... he_License

My understanding is that if you just re-install RouterOS over your old RouterOS install, it should be okay. Do not reformat or fdisk the drive. I have not actually done this myself. Contact support@mikrotik.com for a definitive answer.
by lambert
Sat Jun 22, 2013 8:47 am
Forum: RouterBOARD hardware
Topic: ptp 2 SXT G-2HnD low bandwidth
Replies: 9
Views: 4104

Re: ptp 2 SXT G-2HnD low bandwidth

The signals seem to be too strong, as suggested earlier. Did the received signal strength change when you changed the power settings? I think some RouterBoards only use TX Power Mode = card rates. If the received power doesn't change when using TX Power Mode = all rates fixed, try card rates. Can yo...
by lambert
Sat Jun 22, 2013 8:29 am
Forum: General
Topic: DHCP with Radius Auth
Replies: 1
Views: 1730

Re: DHCP with Radius Auth

Run FreeRADIUS with "radiusd -X", as suggested everywhere in the FreeRADIUS documentation. The reason for the reject will be in the output of radiusd. You may want to run it inside "script" to collect the output. Most likely, the MikroTik is not sending an empty password with the radius access reque...
by lambert
Sat Jun 22, 2013 7:38 am
Forum: Beginner Basics
Topic: RB2011L-IN keep rebooting
Replies: 1
Views: 467

Re: RB2011L-IN keep rebooting

I suspect that it is time to netinstall the device.

http://wiki.mikrotik.com/wiki/Manual:Netinstall
by lambert
Sat Jun 22, 2013 7:28 am
Forum: RouterBOARD hardware
Topic: RB 493G CPU Proplem
Replies: 3
Views: 825

Re: RB 493G CPU Proplem

Great! Just make sure you have upgraded the RouterBoard firmware to get past that bug in the firmware. "/system routerboard print" and "/system routerboard upgrade" if the current version is old. If it doesn't come back up on it's own after the firmware update, give it 2 or 3 minutes. Then power cyc...
by lambert
Fri Jun 21, 2013 2:28 am
Forum: RouterBOARD hardware
Topic: RB 493G CPU Proplem
Replies: 3
Views: 825

Re: RB 493G CPU Proplem

Check your CPU frequency, especially if this is running RouterOS 4.x. > /system routerboard settings print baud-rate: 115200 boot-delay: 2s enter-setup-on: any-key boot-device: nand-if-fail-then-ethernet cpu-frequency: 680MHz boot-protocol: bootp enable-jumper-reset: yes force-backup-booter: no sile...
by lambert
Thu Jun 20, 2013 9:49 am
Forum: General
Topic: Model & Serial not showing under System->Routerboard
Replies: 3
Views: 1364

Re: Model & Serial not showing under System->Routerboard

This seems to happen to several RB1100AHx2 units. I have seen more than one thread about it on here. A netinstall brought them back for me once. Both times I was running 6.0rcX. But it may have been after I was running 6.x and downgraded to 5.2x. I can't remember the exact order in which I did thing...
by lambert
Thu Jun 20, 2013 8:54 am
Forum: General
Topic: Curiosity
Replies: 13
Views: 1492

Re: Curiosity

I've reordered the IP addresses to make it easier to parse in my head. It's unfortunate that your copy and paste truncated some of the lines, but I think we can figure out what is necessary. BTW, your configuration shows 6 IPs on ether1. There may have been a typo in your first post which said 5 IPs...
by lambert
Wed Jun 19, 2013 7:44 am
Forum: General
Topic: Curiosity
Replies: 13
Views: 1492

Re: Curiosity

Why things would have changed after only a reboot, I have no idea. I think we will need to see, at least:
/ip address export compact
/ip firewall export compact
by lambert
Tue Jun 18, 2013 9:39 pm
Forum: General
Topic: DNS DDoS Attack mitigation!
Replies: 6
Views: 22161

Re: DNS DDoS Attack mitigation!

I am not sure I would classify 30 queries per second as a DoS attack. I just took a quick sample on one of my three name servers and am seeing 95.37 queries per second. I am completely unconcerned about the load on a Pentium II at that level. We host a few hundred, fairly obscure, mostly local inter...
by lambert
Tue Jun 18, 2013 10:42 am
Forum: General
Topic: DNS DDoS Attack mitigation!
Replies: 6
Views: 22161

Re: DNS DDoS Attack mitigation!

Authoritative name server? Or recursive name server? Doing both on one host? If you're doing recursion with this server, do you allow recursive queries from not your IPs? If so, tightening that up may help. That probably won't be a RouterOS fix though. Do you have query logs? How many combined DoS q...
by lambert
Mon Jun 17, 2013 10:24 pm
Forum: General
Topic: DHCP accounting and RADIUS packets
Replies: 35
Views: 13517

Re: DHCP accounting and RADIUS packets

Has anyone come up with a way to get the radius accounting information without making users change how their equipment is setup by using mac-auth in the hotspot functionality? It looks to me like it should be possible to enable hotspot on the customer facing interface and deal with their already DHC...
by lambert
Sun May 26, 2013 6:56 am
Forum: RouterBOARD hardware
Topic: Comparable hardware for 15/5 circuit and 50 users.
Replies: 5
Views: 1348

Re: Comparable hardware for 15/5 circuit and 50 users.

I would recommend the biggest device you can afford to allow for future growth. I would not be afraid of using the small one for that scenario, but spending the extra may guarantee success and allow for a lot more growth.
by lambert
Sun May 26, 2013 1:01 am
Forum: General
Topic: VPN with routerboard
Replies: 3
Views: 700

Re: VPN with routerboard

/ip firewall nat
add action=masquerade chain=srcnat out-interface=YOURPPTP_INTERFACE src-address=YOUR_HOME_LAN_SUBNET
All traffic to your office from your home will appear to come from the MikroTik's PPTP IP address.
by lambert
Sat May 25, 2013 6:32 am
Forum: General
Topic: VPN with routerboard
Replies: 3
Views: 700

Re: VPN with routerboard

I don't know if your company will be bridging their LAN to your PPTP connection. If so, you probably want to create a bridge and add the PPTP interface and your LAN interface in the same bridge. Otherwise, you'll probably end up adding a route for 192.168.0.0/24 across your PPTP interface. You'll wa...
by lambert
Sat May 25, 2013 6:17 am
Forum: RouterBOARD hardware
Topic: Comparable hardware for 15/5 circuit and 50 users.
Replies: 5
Views: 1348

Re: Comparable hardware for 15/5 circuit and 50 users.

It depends on what you want to do with it. Do you just want it to be a firewall/router/NAT router? If so, any of the current RouterBoards are sufficient for such a small network. The 951G would be more than fast enough if that is all you want to do. It costs less than the proposed case for your x86 ...
by lambert
Sat May 25, 2013 1:37 am
Forum: General
Topic: 5.23 Problem on rb1100AHx2
Replies: 3
Views: 844

Re: 5.23 Problem on rb1100AHx2

When mine did that, MikroTik support suggested using netinstall to load 6.x onto it. I didn't want to run 6.x so I put 5.24 on. That fixed the memory and serial number/model problems. Since then, the serial number has gone missing again... I put the 1100AHx2 in the least used part of my network. It ...
by lambert
Wed May 22, 2013 2:24 am
Forum: General
Topic: freeradius+dhcp with mikrotik - no netmask and gateway
Replies: 5
Views: 2377

Re: freeradius+dhcp with mikrotik - no netmask and gateway

The easy way: Setup the network under /ip dhcp-server network. Just use FreeRADIUS to hand out the "Framed-IP-Address" from one of those networks and the MikroTik dhcp-server will fill in the netmask, gateway, and DNS. That is how my network is setup for the customers which receive a static IP addre...
by lambert
Wed May 22, 2013 2:02 am
Forum: Beginner Basics
Topic: Mikrotik router monitoring in nagios
Replies: 3
Views: 18115

Re: Mikrotik router monitoring in nagios

This should point you in the right direction. define command { command_name check_mt24v command_line $USER1$/check_snmp -H $HOSTADDRESS$ -o 1.3.6.1.4.1.14988.1.1.3.8.0 -C $USER15$ -w $ARG1$ -c $ARG2$ register 1 } define service { hostgroup_name mt24v service_description MikroTik Voltage 24v nominal ...
by lambert
Tue Apr 30, 2013 10:49 pm
Forum: Wireless Networking
Topic: Bad speed with RB751u, RB751G and RB951G
Replies: 5
Views: 1379

Re: Bad speed with RB751u, RB751G and RB951G

Have you enabled both chains?
/int wireless set 0 ht-rxchains=0,1 ht-txchains=0,1
by lambert
Mon Apr 29, 2013 11:33 pm
Forum: General
Topic: 5.24 released!
Replies: 161
Views: 44530

Re: 5.24 released!

There is a slight problem with RB1100Hx2 and 5.24 System - Routerboard - Settings shows the following error [admin@MikroTik] > sys rou set pri baud-rate: 115200 boot-delay: 2s enter-setup-on: any-key boot-device: nand-if-fail-then-ethernet cpu-frequency: 1066MHz memory-data-rate: (unknown) boot-pro...
by lambert
Sun Mar 31, 2013 8:12 am
Forum: General
Topic: Super basic port forwarding doesn't work
Replies: 9
Views: 4066

Re: Super basic port forwarding doesn't work

Just to make sure, was your last router a MikroTik? I've not tried matching all IPs with the syntax you are showing, Did you '*' out the real public IP? Or does your config really contain the '*'s? If so, you might try this instead, untested: /ip firewall nat add chain=dstnat action=dst-nat to-addre...
by lambert
Sun Mar 31, 2013 12:52 am
Forum: Forwarding Protocols
Topic: OSPFv2 problems
Replies: 5
Views: 2728

Re: OSPFv2 problems

I should have said "these links", sorry for not getting that edited correctly. Also I'm assuming that in your first post, you meant "We would prefer *not* to have to use NBMA." Sorry if I am explaining below your level of understanding. It's not always apparent how much someone knows from a couple o...
by lambert
Fri Mar 29, 2013 9:39 pm
Forum: Forwarding Protocols
Topic: OSPFv2 problems
Replies: 5
Views: 2728

Re: OSPFv2 problems

I'm having sporadic OSPFv2 problems over a wireless link (WDS, UBNT) between a 450G and a 1100AH. This happens on several of our links. The wireless links are very stable and do not drop any packets when the OSPF problem occurs. I would use OSPF point-to-point network type on this link. Also make s...
by lambert
Fri Mar 29, 2013 12:38 am
Forum: Forwarding Protocols
Topic: Propagate routes for customers BGP peer
Replies: 3
Views: 1085

Re: Propagate routes for customers BGP peer

Do you speak eBGP to your providers? Do you get full tables from your providers, or just default routes (0.0.0.0/0)? Does the router which speaks eBGP to your customer also speak iBGP to your router which speaks eBGP to your provider? On the router which speaks to the customer, try: /ip route print ...
by lambert
Thu Mar 28, 2013 6:47 pm
Forum: Forwarding Protocols
Topic: Who is using MT MPLS in production
Replies: 13
Views: 3249

Re: Who is using MT MPLS in production

united states sugar company has a large network, if you want, here is a video case study http://www.tiktube.com/video/HKgD3hDqenqKlDHppLEvqsptGlnoKDKn= <rant> Do people not know how to shut up while attending a presentation anymore? I cannot deal with this video for all the crowd chit chat in the a...
by lambert
Wed Mar 20, 2013 6:07 am
Forum: Beginner Basics
Topic: Basic VPN PPTP from ISP to Inet home configuration
Replies: 10
Views: 2726

Re: Basic VPN PPTP from ISP to Inet home configuration

Here is a real world example of how to do something like what you are doing. This is from a live, working setup. /ip route add check-gateway=ping comment=Wireless distance=10 dst-address=0.0.0.0/1 \ gateway=wireless.next.hop.ip add check-gateway=ping comment=DSL distance=20 dst-address=0.0.0.0/1 \ g...
by lambert
Mon Mar 18, 2013 8:47 pm
Forum: General
Topic: Problem running PPPoE Server for conn over 2,5 Mbps
Replies: 7
Views: 1454

Re: Problem running PPPoE Server for conn over 2,5 Mbps

In 5.x and lower, Queue trees are supposed to be more efficient than simple queues. In 6.x, there is not supposed to be any distinction from a performance perspective. I think you've misunderstood how PCQ works. You set the limits in your PCQ queue definition. That limit works for each matching cond...
by lambert
Mon Mar 18, 2013 7:16 pm
Forum: General
Topic: [ask] problem queue tree and mangle doesnt work
Replies: 5
Views: 1339

Re: [ask] problem queue tree and mangle doesnt work

I've written the mangle above. And this is my queue tree. /queue tree ... add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 \ max-limit=5M name=Download-GAME packet-mark="" parent=Total-Download \ priority=1 add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-...
by lambert
Mon Mar 18, 2013 3:33 am
Forum: General
Topic: Problem running PPPoE Server for conn over 2,5 Mbps
Replies: 7
Views: 1454

Re: Problem running PPPoE Server for conn over 2,5 Mbps

Sounds like the simple queues are getting approximately 85% of their scheduled bandwidth for a single stream. I don't use simple queues, so I'm not sure why that is. We use queue tree.
by lambert
Sun Mar 17, 2013 10:22 pm
Forum: General
Topic: MikroTik RouterBOARD 411-5NH - NO WLAN INTERFACE?
Replies: 6
Views: 1479

Re: MikroTik RouterBOARD 411-5NH - NO WLAN INTERFACE?

I'm not sure from your description what exactly happened when. It sounds like whatever went wrong happened a long time ago. Check the wireless card slot for corrosion. Look for swollen capacitors. If you are sure the upgrade caused the loss of the wlan interface, downgrade it to what you were using ...
by lambert
Sun Mar 17, 2013 8:29 am
Forum: Forwarding Protocols
Topic: OSPF Will not form full adjacency
Replies: 9
Views: 4296

Re: OSPF Will not form full adjacency

Which firmware are you running on the Rockets? Do you have administrative control of the Rockets? Or is that another department? There is a setting for multicast on the Advanced tab. If someone changed the setting, it could have blocked the OSPF multicast traffic. Older AirOS firmwares had issues pa...
by lambert
Sun Mar 17, 2013 7:36 am
Forum: Wireless Networking
Topic: Help with Routing to Wnable LAN Print @ Remote PC's
Replies: 4
Views: 833

Re: Help with Routing to Wnable LAN Print @ Remote PC's

No problem, sometimes it just takes a fresh set of eyes.
by lambert
Sun Mar 17, 2013 7:04 am
Forum: General
Topic: masquerade bug?
Replies: 2
Views: 498

Re: masquerade bug?

What is your exact masquerade rule?
by lambert
Sat Mar 16, 2013 6:53 am
Forum: General
Topic: [ask] problem queue tree and mangle doesnt work
Replies: 5
Views: 1339

Re: [ask] problem queue tree and mangle doesnt work

I don't know that I can come up with an answer for you, but I would want to see the export compact of /queue and /ip firewall mangle
by lambert
Sat Mar 16, 2013 6:17 am
Forum: General
Topic: Problem running PPPoE Server for conn over 2,5 Mbps
Replies: 7
Views: 1454

Re: Problem running PPPoE Server for conn over 2,5 Mbps

Can you show us the relevant parts of the config of your MikroTik? We can't help much when we are guessing about how your system is configured.

You might want to post screenshots of winbox showing the queues and pppoe interfaces while you are having the problem.
by lambert
Sat Mar 16, 2013 6:04 am
Forum: Wireless Networking
Topic: Help with Routing to Wnable LAN Print @ Remote PC's
Replies: 4
Views: 833

Re: Help with Routing to enable LAN Print @ Remote PC's

Please show us for two of the remote sites, and the main office: /interface print /ip route export compact /ip firewall export compact I don't understand how this would work with a routed network using the same /24 at each remote site, which is how I interpret your diagram. I would expect each remot...
by lambert
Sat Mar 16, 2013 5:35 am
Forum: Beginner Basics
Topic: Basic VPN PPTP from ISP to Inet home configuration
Replies: 10
Views: 2726

Re: Basic VPN PPTP from ISP to Inet home configuration

You could write a script to :resolve the hostname to an IP address every ${time_interval} and updates the PPTP interface with the new IP address. It will reset connection at every update, isn't it? I have not tried it myself so I don't know for sure. If it does, you may want to run it from a tools ...
by lambert
Fri Mar 15, 2013 7:46 pm
Forum: General
Topic: RouterOs v5.24,6rc11,6rc12 huge bugs
Replies: 2
Views: 2755

Re: RouterOs v5.24,6rc11,6rc12 huge bugs

If at all possible, it would be good if you could give us a few more details. Which hardware are you using? How many devices? What features do you use? You told us that you use PCQ in your queue trees and you have some routes... Do you use OSPF, BGP, static routes, hotspot, vlans, bridges .............
by lambert
Fri Mar 15, 2013 7:37 am
Forum: General
Topic: PPPoe connections dropping at random intervals
Replies: 3
Views: 1683

Re: PPPoe connections dropping at random intervals

If you have an extra available, it might be good to try a 400G series router in place of the RB1100AHx2. I've had a lot of issues with my RB1100AHx2. MikroTik support says that the complex config I was running on it was responsible for the several problems on 6.0rx*. I had to move to 6.0 because I w...
by lambert
Fri Mar 15, 2013 6:30 am
Forum: RouterBOARD hardware
Topic: CCR1016-12G Kernal Failure
Replies: 11
Views: 3007

Re: CCR1016-12G Kernal Failure

Sorry I didn't see this sooner. You would likely be able to see and record the kernel panic message by connecting a serial console cable to the MikroTik x86 box and a PC I suspect most terminal emulation software for your PC will have the ability to log the serial traffic. Then you will be able to f...
by lambert
Thu Mar 14, 2013 4:30 pm
Forum: RouterBOARD hardware
Topic: Conflict with 2 Omnitik in the same switch
Replies: 3
Views: 887

Re: Conflict with 2 Omnitik in the same switch

Can you show us screen captures of winbox trying to discover all of the devices in each of the three cases? Did you originally setup one OmniTik; then back that configuration up and restore its configuration on the second OmniTik; then change the IP addresses on the second OmniTik to be unique? If t...
by lambert
Wed Mar 13, 2013 9:07 pm
Forum: General
Topic: MikroTik RouterBOARD 411-5NH - NO WLAN INTERFACE?
Replies: 6
Views: 1479

Re: MikroTik RouterBOARD 411-5NH - NO WLAN INTERFACE?

Is the wireless package enabled?

show us :
/system package print
/system routerboard print
/system routerboard settings print
/interface print
by lambert
Wed Mar 13, 2013 8:44 pm
Forum: RouterBOARD hardware
Topic: Conflict with 2 Omnitik in the same switch
Replies: 3
Views: 887

Re: Conflict with 2 Omnitik in the same switch

Make sure the two OmniTiks are using different, unique, IP addresses in the same subnet on the interfaces with connect to the switch.

Or do you have some non-IP level conflict? You have not actually told us what the conflict symptoms are.
by lambert
Wed Mar 13, 2013 8:31 pm
Forum: RouterBOARD hardware
Topic: ReflectorTIK reflector for OmniTIK
Replies: 12
Views: 7071

Re: Reflector for OmniTIK

How much did the two reflectors lower the RSSI between the two OmniTiks on that tower versus without the reflectors?
by lambert
Sun Mar 10, 2013 7:28 am
Forum: Beginner Basics
Topic: Basic VPN PPTP from ISP to Inet home configuration
Replies: 10
Views: 2726

Re: Basic VPN PPTP from ISP to Inet home configuration

Configured LAN (main settings receved by DHCP: host IP, LAN GW, DNS), NAT (chain=srcnat out interface=wan[renamed ether1] action=masquerade), PPTP (user-pass blah-blah-blah with option Add Default Route). Here is first issue: ISP gives me VPN server as domain name, resolved by LAN DNS, but i can on...
by lambert
Sat Mar 09, 2013 8:47 am
Forum: Forwarding Protocols
Topic: RouterOS China VPN --> Route all destination IP address
Replies: 4
Views: 3393

Re: RouterOS China VPN --> Route all destination IP address

First, the format of the netblocks you get from that site are not nice for your application. You'll have better luck starting from a CIDR format list. https://www.countryipblocks.net/ For a test I used the CIDR aggregation script and got a file with one netblock per line. Then it would be need to be...
by lambert
Fri Mar 08, 2013 7:23 am
Forum: General
Topic: New Ethernet port flap issue enquiery, PLS JOIN!
Replies: 247
Views: 86077

Re: New Ethernet port flap issue enquiery, PLS JOIN!

so we have an idea, replacing the omnitik switching ports with a TP-Link switch, i saw the port flapping stoped from the omnitik to the switch (100M connection link), So the SXT, 411, omnitik, and TP-Link is at the top of the tower? How long is the cable between the omnitik and the TP-Link? the pro...
by lambert
Thu Mar 07, 2013 11:43 pm
Forum: General
Topic: 4 X 20Mbps(DL and UL) connection is enough for 350 users?
Replies: 10
Views: 1463

Re: 4 X 20Mbps(DL and UL) connection is enough for 350 users

i'm not going to use firewall, because the network is at hostel and for students. My clients don't let me to block p2p. In order to service 300 P2P using students, and still let them play online games, in 80Mbps, you will likely have to use the mangle rules and queue tree in order to prioritize tra...
by lambert
Thu Mar 07, 2013 8:07 am
Forum: General
Topic: 4 X 20Mbps(DL and UL) connection is enough for 350 users?
Replies: 10
Views: 1463

Re: 4 X 20Mbps(DL and UL) connection is enough for 350 users

Definitive answer: It depends.

:)
by lambert
Fri Mar 01, 2013 2:37 am
Forum: General
Topic: Any way to have NAT out interface pick the default route
Replies: 4
Views: 585

Re: Any way to have NAT out interface pick the default route

Just put your NAT rules on your network boarder routers. The routers which talk to the Internet. Setup nat rules on each of those routers which cover all of your private space, say 10.0.0.0/8. Now no matter which path your private addresses take to the Internet, it will be NATed to an IP on that con...
by lambert
Wed Feb 27, 2013 8:53 pm
Forum: General
Topic: Home use
Replies: 8
Views: 952

Re: Home use

Install a 2011 for everything it brings you. Add a SXT or groove, depending on where the AP is mounted in relation to your coverage area, to handle the 5Ghz access.
by lambert
Wed Jan 30, 2013 7:47 pm
Forum: General
Topic: Has anyone else seen issues with Cisco + Mikrotik w/6.0*?
Replies: 2
Views: 1030

Re: Has anyone else seen issues with Cisco + Mikrotik w/6.0*

I will file a ticket with support. However, 6.0rc will not be put back into a position where it can take out a significant portion of my network. When the box went into production in mid-June it was running 5.17. I believe we installed 5.21 in November, probably the 14th. The first panic was 6 hours...
by lambert
Wed Jan 30, 2013 1:51 pm
Forum: General
Topic: Has anyone else seen issues with Cisco + Mikrotik w/6.0*?
Replies: 2
Views: 1030

Has anyone else seen issues with Cisco + Mikrotik w/6.0*?

I had a Cisco 7204VXR NPE-G1 suddenly start spinning the CPU at 100% last night. The mikrotik shares most of the VLANs with it in preparation for migrating away from the Cisco. Tonight, while everyone was getting ready for sleep and not changing the network, the non-process CPU load (aka interrupts)...
by lambert
Tue Jan 29, 2013 8:31 am
Forum: General
Topic: Mikrotik combined into one joint
Replies: 1
Views: 777

Re: Mikrotik combined into one joint

I suspect you may want to write your question in your native language and pass that through Google Translate or similar. I unable to understand your question as written.

Maybe you want to combine multiple connections into one?
by lambert
Tue Jan 29, 2013 8:26 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1017063

Re: CLOUD CORE ROUTER

jan/28 02:39:14 system,error,critical router was rebooted without proper shutdown If it gets the date correct in the log, it is probably one of the phantom reboot log messages. The router probably did not actually reboot. Unless, do the CCRs have an actual real time clock? That would be nice. I'm n...
by lambert
Fri Jan 25, 2013 7:21 pm
Forum: General
Topic: My RB951-2n is non-functional
Replies: 17
Views: 5647

Re: My RB951-2n is non-functional

Sometimes it may help to watch an actual clock with seconds indicator rather than counting. Humans are notoriously bad timepieces. Our time sense is subjective and variable. We get impatient... :-)

Does anyone know if the router will exit netinstall mode if you hold the button too long?
by lambert
Thu Jan 24, 2013 9:12 am
Forum: Beginner Basics
Topic: System logging to SysLog server
Replies: 4
Views: 927

Re: System logging to SysLog server

After installing a Snare BackLog server on one machine (192.168.149.112) and adding a new LogAction at System/Logging with Type remote, Remote Address 192.168.149.112 and Remote Port 514... ... there are no log messages received by the Snare BackLog server. What was my mistake here? Does the firewa...
by lambert
Wed Jan 23, 2013 9:06 pm
Forum: Wireless Networking
Topic: 29 mile link -What should I expect
Replies: 4
Views: 1301

Re: 29 mile link -What should I expect

Hi, Both sides are syncing at 52/130. Airmax is on and NOACK is enabled. We are using 20Mhz channels. I have shield kits ordered, and should be here any day now. Noise floor is -93. Each site is our own with a lot of 5.8 gear at both ends but we have band plans in place giving each channel in use a...
by lambert
Tue Jan 22, 2013 10:38 pm
Forum: Scripting
Topic: ssh expect login
Replies: 2
Views: 4054

Re: ssh expect login

You might try: ($out) = $ssh->send('/queue simple print;/quit\r'); I do not use expect, I am just using something like: ssh router.fqdn "/queue simple print; /quit;" I have had trouble getting output without sending the quit command. It does not give me trouble every time. Perhaps SSH disconnects to...
by lambert
Sat Jan 19, 2013 1:16 am
Forum: General
Topic: v6 rc7 released
Replies: 88
Views: 24292

Re: V6 RC 7.0 released

Why it show me itself, or this is normal ? On demo2.mt.lv all is ok. On demo.mt.lv is double. I think it is normal if the mikrotik is the only one doing discovery protocol on the interface. If there are other devices participating in discover, I don't see the current RouterOS device listed on the i...
by lambert
Sat Jan 19, 2013 1:10 am
Forum: General
Topic: Is anyone using RouterOS as an ISP DSL aggregator box?
Replies: 7
Views: 1089

Re: Is anyone using RouterOS as an ISP DSL aggregator box?

That's solves a different problem. I think you are talking about setting up a multi-link session to your ISP.

This thread is about being the ISP for 1000 or more DSL customers.
by lambert
Fri Jan 18, 2013 12:57 am
Forum: General
Topic: Is anyone using RouterOS as an ISP DSL aggregator box?
Replies: 7
Views: 1089

Re: Is anyone using RouterOS as an ISP DSL aggregator box?

It looks like ImageStream had LAC/LNS capability. http://wiki.imagestream.com/wiki/Router_Installation_and_Configuration_Manual/Configuring_L2TP_as_LNS I have a couple of older Rebel Routers laying around. They use too much power for my tower sites. But for the colo facility, I don't really care how...
by lambert
Thu Jan 17, 2013 11:47 pm
Forum: General
Topic: sstp/pptp stops working frequently
Replies: 8
Views: 1661

Re: sstp/pptp stops working frequently

Do any RADIUS packets arrive at the RADIUS server when they are sent via the OVPN tunnel? If so, do they arrive with a source address that the RADIUS server is expecting? Or are they instead sourced from the OVPN tunnel end-point IP on the MikroTik? You may need to set the src-address for the RADIUS...
by lambert
Thu Jan 17, 2013 11:24 pm
Forum: General
Topic: Queue Problems in RB1100AHx2 (SMP)
Replies: 11
Views: 3245

Re: Queue Problems in RB1100AHx2 (SMP)

I am unable to replicate your reported issues on 6.0rc7. [lambert@RB1100AHx2_6.0rc7] > /queue tree print count 154 [lambert@RB1100AHx2_6.0rc7] > /ip addr print Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK INTERFACE ... 3 10.128.1.13/29 10.128.1.8 vlan11 4 10.128.1.5/29 10.128.1.0 ...
by lambert
Wed Jan 16, 2013 9:05 pm
Forum: General
Topic: v6 rc6 released
Replies: 215
Views: 62668

Re: v6 rc6 released

An autosupout.rif is automagically created by the OS when OS knows it has blown up. There may be some types of failure which cause the router to reboot but not create the autosupout.rif. Look in /files and see if there is already an autosupout.rif. /files print Copy it to your computer by drag and d...
by lambert
Tue Jan 15, 2013 11:36 pm
Forum: General
Topic: v6 rc6 released
Replies: 215
Views: 62668

Re: v6 rc6 released

If you have an autosupout.rif, send it.

Be sure to include network configuration description or diagram and how you use the router. I don't think they will need the log entries.
by lambert
Tue Jan 15, 2013 11:25 pm
Forum: RouterBOARD hardware
Topic: RB951-2n and Metal now shipping
Replies: 69
Views: 26595

Re: RB951-2n and Metal now shipping

I like the IDU - ODU concept. How about a RB250G with an AP, no routing, PoE out on ether1, call it an RB251G-2HnD for this discussion. Your outdoor unit can do all the routing, including using VLANs to separate the AP from the ethernet ports inside the house. SwOS would probably need to be extended...
by lambert
Tue Jan 15, 2013 9:17 pm
Forum: General
Topic: v6 rc6 released
Replies: 215
Views: 62668

Re: v6 rc6 released

433AH, about 400 simple queues. Every time I log into it, I loose connection. When it comes back, the log says "Kernal Panic" and rebooted.

?????????
Send the autosupout.rif to support@mikrotik.com so they can fix it for all of us...
by lambert
Tue Jan 15, 2013 9:36 am
Forum: Forwarding Protocols
Topic: OSPF Problem, very extrange!
Replies: 4
Views: 2067

Re: OSPF Problem, very extrange!

allac, I'm not sure I correctly understand what you are trying to say. I have more than 50 links that look like what you describe. The most important thing: Make sure the RocketMs are in WDS mode. If that doesn't fix the problem: Change the OSPF network-type to point-to-point on your MikroTiks. /rou...
by lambert
Tue Jan 15, 2013 9:19 am
Forum: General
Topic: Is anyone using RouterOS as an ISP DSL aggregator box?
Replies: 7
Views: 1089

Re: Is anyone using RouterOS as an ISP DSL aggregator box?

Thanks for the feedback guys.

Based on the limited number of responses, I'm going to plan on doing this with a Cisco.
by lambert
Tue Jan 15, 2013 9:14 am
Forum: Forwarding Protocols
Topic: Database description packet has different master status flag
Replies: 65
Views: 34867

Re: Database description packet has different master status

What puzzles me is I enable ospf on one link with no problem,but on another link routes periodically disappear with the log file showing the usual errors init down etc.All same hardware and network topology with the obvious differences of subnets on the radios and routers.it really baffles me,anywa...
by lambert
Tue Jan 15, 2013 8:22 am
Forum: Wireless Networking
Topic: 80 miles link only 160 mb throughput
Replies: 19
Views: 3703

Re: 80 miles link only 160 mb throughput

I agree, the difference in received signal on each end probably means that one end is slightly out of alignment. But, I don't know that getting it perfectly aligned will be enough to get you a higher modulation rate.

What size dishes are you using for that much distance?
by lambert
Tue Jan 15, 2013 7:49 am
Forum: General
Topic: SXT-G TCP Issues
Replies: 5
Views: 659

Re: SXT-G TCP Issues

When you test the first link, do you connect between the second SXT and before the RB2011? Or do you test through the RB2011? Have you turned off the all mangle and queue tree rules on the RB2011? I have difficulty getting much over 100Mbps through my RB493Gs with our mangle / queue tree rules. I ju...
by lambert
Tue Jan 15, 2013 7:29 am
Forum: Forwarding Protocols
Topic: unable to connect VPN through mikrotik 5.18
Replies: 4
Views: 1302

Re: unable to connect VPN through mikrotik 5.18

What flavor of VPN, IPSec, GRE, IPoverIP, OpenVPN, SSTP, ... ? Based on your screenshot I could assume IPSec, but you really need to be explicit to get good answers. You say the VPN is not working through the MikroTik. What is your network layout? Where is the VPN client? Where is the VPN server? Yo...
by lambert
Tue Jan 15, 2013 7:29 am
Forum: Forwarding Protocols
Topic: unable to connect VPN through mikrotik 5.18
Replies: 4
Views: 1302

Re: unable to connect VPN through mikrotik 5.18

Deleted accidental double posting.
by lambert
Tue Jan 15, 2013 7:20 am
Forum: General
Topic: Queue Problems in RB1100AHx2 (SMP)
Replies: 11
Views: 3245

Re: Queue Problems in RB1100AHx2 (SMP)

What version of RouterOS was on the RB1200? What version of RouterOS is on the RB1100AHx2? Are there any unexpected entries in the logs? My RB1100AHx2 with RouterOS 5.21 began rebooting at random intervals when I pushed traffic through port Ether2. I don't know if the port was important or just the ...
by lambert
Sun Jan 13, 2013 1:01 am
Forum: Beginner Basics
Topic: DHCP leases being offered but not accepted
Replies: 9
Views: 8143

Re: DHCP leases being offered but not accepted

I have 60 towers with ubiquiti APs on top and a mikrotik, running 4.17 and now 5.21, at the base. I've not seen this problem. I would power cycle one unmanaged switch at a time and see if the 30mbps RX goes away. Maybe just unplug devices from the switch first. It sounds like the problem I had in th...
by lambert
Sat Jan 12, 2013 10:42 am
Forum: General
Topic: Is anyone using RouterOS as an ISP DSL aggregator box?
Replies: 7
Views: 1089

Is anyone using RouterOS as an ISP DSL aggregator box?

I work for an ISP which has a few thousand DSL users. We currently terminate the DSL via an ATM OC3 connection on a Cisco 7206VXR. The telephone company now wants to deliver the DSL via an ethernet handoff. I suspect they are going to deliver the DSL circuits over one or more L2TP connection. So far...
by lambert
Fri Jan 11, 2013 2:43 am
Forum: Forwarding Protocols
Topic: OSPF Design consideration
Replies: 10
Views: 4759

Re: OSPF Design consideration

I have 50+ routers. 1 area. OSPF carries 550+ routes. Works nicely.
by lambert
Tue Jan 01, 2013 12:14 am
Forum: General
Topic: ROS 6rc6 on 2011UAS-2HnD crashes often
Replies: 1
Views: 819

Re: ROS 6rc6 on 2011UAS-2HnD crashes often

any autosupout.rif in /files ? If so send them to support@mikrotik.com
by lambert
Sat Dec 22, 2012 2:51 am
Forum: General
Topic: Still problems with RouterOS and Broadcom devices.
Replies: 2
Views: 1454

Re: Still problems with RouterOS and Broadcom devices.

I do not see this problem with my 2010 MacBook Pro with 10.6.8. It spends the night connected to my RB751U. I transport it to work during the day, so I may just not be spending enough time connected to the MikroTik to get "lucky" with this. en1: Card Type: AirPort Extreme (0x14E4, 0x93) Firmware Ver...
by lambert
Fri Sep 14, 2012 7:49 pm
Forum: RouterBOARD hardware
Topic: Mikrotik 1100AH X2 vs Ubiquti Edge Router
Replies: 26
Views: 28237

Re: Mikrotik 1100AH X2 vs Ubiquti Edge Router

@lambert: Maybe I have a wrong impression, but there are 9 independent individual gigabit ports on the 439G. The switch chips are there to allow them to be optionally switched, and are bypassed by default. So it is a 9 port router, not a 2 port router + a switch. Each of the 9 ports with its IPs, r...
by lambert
Thu Sep 13, 2012 11:07 pm
Forum: RouterBOARD hardware
Topic: Mikrotik 1100AH X2 vs Ubiquti Edge Router
Replies: 26
Views: 28237

Re: Mikrotik 1100AH X2 vs Ubiquti Edge Router

It sounds like the RB1100AH is a 5 port router, 5 Gig-E ports to the CPU? The fact that 2 of those ports are connected to embedded 6-port GigE switches, leaving 5 open ports on each switch is a bonus. For maximum throughput on RB1100AH pass traffic between combinations of ether1, ether6, ether11, et...
by lambert
Wed Sep 12, 2012 9:39 pm
Forum: Forwarding Protocols
Topic: OSPF - 2 edge routers
Replies: 1
Views: 763

Re: OSPF - 2 edge routers

Yes, originate default, as type 1, when installed on both routers at each end of the network. /routing ospf instance set [ find default=yes ] distribute-default=if-installed-as-type-1 Speak OSPF on all internal routers. Leave them in the default area. Do not originate default from the routers in the...
by lambert
Wed Sep 12, 2012 1:59 am
Forum: RouterBOARD hardware
Topic: RB2011UAS-2HnD-IN Questions Topic
Replies: 215
Views: 92781

Re: RB2011UAS-2HnD-IN Questions Topic

Great! Google was much more helpful with "USB OTG". I hadn't been aware of On The Go before today. Thank you!
by lambert
Wed Sep 12, 2012 1:45 am
Forum: General
Topic: Winbox for Mac OSx & Windows & Linux
Replies: 48
Views: 40655

Re: Winbox for Mac OSx & Windows & Linux

I can't connect to RB using mac-address. Is it working on it? Artur It doesn't like to find RBs on ethernet when airport is enabled/primary network connection. Disable Airport or connect RB ethernet, not ether1 if still default config, to wired part of the LAN to which your airport is connected. In...
by lambert
Wed Sep 12, 2012 1:35 am
Forum: General
Topic: Winbox for Mac OSx & Windows & Linux
Replies: 48
Views: 40655

Re: Winbox for Mac OSx & Windows & Linux

Yes, it works: Netinstall & Putty (using serial cable) in Win7 under Coherence with Parallels.

Lorenzo
Thanks, maybe I'll spring for the Parallels 7 upgrade...
by lambert
Wed Sep 12, 2012 12:56 am
Forum: RouterBOARD hardware
Topic: RB2011UAS-2HnD-IN Questions Topic
Replies: 215
Views: 92781

Re: RB2011UAS-2HnD-IN Questions Topic

I'm trying to figure out what kind of cable/adaptor I will need to connect a RB/2011 to an APC UPS so that I can monitor the UPS at the tower(s). To connect to most of the APC cables (USB Type A plug to RJ-45) I would probably need a micro-USB B to USB Type A receptacle. I haven't been able to find ...
by lambert
Tue Sep 11, 2012 1:27 am
Forum: General
Topic: Auto Negotiation
Replies: 4
Views: 1045

Re: Auto Negotiation

Maybe so he can talk to ISPs like AT&T. They force me to disable auto negotiation on my Opt-E-MAN 1GB fiber service.
by lambert
Wed Sep 05, 2012 12:29 pm
Forum: Forwarding Protocols
Topic: OSPF Problem, very extrange!
Replies: 4
Views: 2067

Re: OSPF Problem, very extrange!

What version of RouterOS was the old router running? What version of RouterOS is the new router running? What is the network type of the OSPF interface having the problems? RouterOS 4.x let me get away with mismatched network types, somehow. It even worked with RouterOS (PTP) and Cisco (Broadcast) m...
by lambert
Wed Sep 05, 2012 7:58 am
Forum: General
Topic: Winbox for Mac OSx & Windows & Linux
Replies: 48
Views: 40655

Re: Winbox for Mac OSx & Windows & Linux

Have you gotten netinstall to work under Parallels? I had more success with VirtualBox the last time I tried. That was about 1.5 years ago. Luckily, I haven't had to netinstall since.
by lambert
Mon Jun 25, 2012 6:30 pm
Forum: General
Topic: Power router extremely slow after upgrade to 5.17
Replies: 6
Views: 1224

Re: Power router extremely slow after upgrade to 5.17

Did the 100MHz CPU problem happen on a PowerRouter (x86 device) or a MIPSBE device? I've seen that with a handful of RB400 series devices. I don't think that particular bug would affect the PowerRouter. But there may be another bug which could cause a similar issue.
by lambert
Mon Jun 25, 2012 6:27 pm
Forum: General
Topic: Help In DHCP Server
Replies: 3
Views: 471

Re: Help In DHCP Server

That's the sort of thing I meant by "and you haven't gone out of your way to break anything else".
by lambert
Mon Jun 25, 2012 5:08 am
Forum: General
Topic: DHCP accounting and RADIUS packets
Replies: 35
Views: 13517

Re: DHCP accounting and RADIUS packets

Also, I thought I would see an auth request every time the lease was renewed, but I haven't seen any auth requests after the initial request unless I delete the dynamic lease on the mikrotik before the lease is renewed. it's how it works: if you don't set lease timeout in RADIUS Access-Accept, then...
by lambert
Sat Jun 23, 2012 12:43 am
Forum: General
Topic: Help In DHCP Server
Replies: 3
Views: 471

Re: Help In DHCP Server

If your /ip dhcp-server networks are configured with the mikrotik as the gateway, and you haven't gone out of your way to break anything else, the routing tables should automagically do what you are asking.
by lambert
Sat Jun 23, 2012 12:40 am
Forum: General
Topic: Power router extremely slow after upgrade to 5.17
Replies: 6
Views: 1224

Re: Power router extremely slow after upgrade to 5.17

Another thought. Have you compared the output of /system resources between the two boxes?

Maybe the cpu frequency got mixed up on the slow box? Or perhaps a BIOS setting got tweaked?
by lambert
Sat Jun 23, 2012 12:36 am
Forum: General
Topic: Power router extremely slow after upgrade to 5.17
Replies: 6
Views: 1224

Re: Power router extremely slow after upgrade to 5.17

You did not thoroughly describe your trouble-shooting methodology. We don't know if the "one interface" is the same interface as the previously described "shared interface", by which I assume you meant interface on router a which talks to the same network segment as an interface on router b. Did you...
by lambert
Fri Jun 22, 2012 11:38 pm
Forum: General
Topic: DHCP accounting and RADIUS packets
Replies: 35
Views: 13517

Re: DHCP accounting and RADIUS packets

I just setup DHCP with RADIUS auth yesterday and thought I had done something wrong when I didn't see accounting start packets. I was expecting a start packet on initial assignment and a stop packet when the lease expires. Perhaps an accounting update packet when the lease is renewed. Also, I though...
by lambert
Fri Jun 22, 2012 11:27 pm
Forum: General
Topic: Feature Request: MTR
Replies: 72
Views: 25333

Re: Feature Request: MTR

Because my PC and I, are not in the same country with the network having difficulties. Because when my PC and I are on the network having difficulties, return traffic may take a different path than traffic from my location out. You don't always know what is going on until you've looked at it from bo...
by lambert
Sun Apr 15, 2012 9:12 am
Forum: Forwarding Protocols
Topic: OSPF change prefix len on connected subnet, subnet not adv
Replies: 1
Views: 899

OSPF change prefix len on connected subnet, subnet not adv

RouterOS 5.14 RB493G We had IP address x.y.z.36/28 configured on a bridge interface. Also have a.b.c.9/29 on the same bridge interface. We split the subnet into 2 /29s. The x.y.z.36 address stayed on the bridge interface, but I changed the /28 to /29 via winbox. I hit the up arrow beside the network...
by lambert
Thu Nov 17, 2011 7:08 pm
Forum: General
Topic: Address List doesn't work if network address is specified
Replies: 10
Views: 848

Re: Address List doesn't work if network address is specifie

Thank you, sadeghrafie.

That shows, very nicely, that the mangle rule adds entries for ips not covered by the /24.

Did you try any traffic from hosts which are covered by the /24?
by lambert
Thu Nov 17, 2011 2:24 am
Forum: General
Topic: Address List doesn't work if network address is specified
Replies: 10
Views: 848

Re: Address List doesn't work if network address is specifie

Perhaps the addresses the mangle rule would have added are already on the list since each is one of the 256 IP addresses referenced by the 192.168.88.0/24 entry?

To experimentally verify, try using 192.168.88.0/25 and see if your mangle rule adds hosts in the 128-255 range.
by lambert
Mon Nov 14, 2011 9:36 pm
Forum: General
Topic: ROS 5.8 on rb4.xx problem!
Replies: 7
Views: 1030

Re: ROS 5.8 on rb4.xx problem!

Have you checked your CPU frequency in /system routerboard settings print? http://forum.mikrotik.com/viewtopic.php?f=3&t=56558 I'm making a wild guess that a CPU frequency of 100MHz could cause winbox responses to be slow enough to not populate your winbox client, but your SSH or serial terminal cou...
by lambert
Mon Nov 14, 2011 9:28 pm
Forum: RouterBOARD hardware
Topic: Corrupt boot loader RB493G
Replies: 9
Views: 4601

Re: Corrupt boot loader RB493G

I've read other reports on the cpufreq changing to 100 by itself. No known cause for it that I know of. I suspect something in the firmware before 2.37 didn't care what was in the cpufreq field and we just didn't see any issue with whatever garbage got written there. 2.28 certainly boots with the c...
by lambert
Mon Nov 14, 2011 7:24 pm
Forum: Forwarding Protocols
Topic: OSPF over PPPoE: OSPF DB routes not installed to table
Replies: 9
Views: 2910

Re: OSPF over PPPoE: OSPF DB routes not installed to table

If the OP controls the access concentrator, the Cisco, my post was meant to suggest RBE as a work around. I appologize if I failed to make that clear. Ignoring MTU differences was meant as a diagnostic tool to prove MTU issues which someone might not have noticed / been able to "see". Another possib...
by lambert
Thu Nov 10, 2011 12:33 am
Forum: Forwarding Protocols
Topic: OSPF over PPPoE: OSPF DB routes not installed to table
Replies: 9
Views: 2910

Re: OSPF over PPPoE: OSPF DB routes not installed to table

Does the association come up as "Full"? Or is it just "I see you", "Init". Or "I see you, you see me", "2-Way"? Make sure you have the same MTU on both the cisco and the MikroTik. You may want to tell the cisco to allow MTU mismatch. I have several DSL connections from MikroTik/ImageStream/pfSense/C...
by lambert
Thu Nov 10, 2011 12:02 am
Forum: RouterBOARD hardware
Topic: Corrupt boot loader RB493G
Replies: 9
Views: 4601

Corrupt boot loader RB493G

I have an RB493G which I upgraded to RouterOS 5.8 tonight from 4.16 or 4.17. The first one went good, this one had to be power cycled. It came up and looked good. So I upgraded the firmware to 2.37. That went worse than the OS upgrade. It will no longer output anything on the serial console when try...
by lambert
Wed Sep 21, 2011 10:59 pm
Forum: Wireless Networking
Topic: Health and WIFI
Replies: 11
Views: 1714

Re: Health and WIFI

WiFi routers' RF emissions are probably not going to be significant. Our understanding of science and medicine changes all the time. What is thought to be okay today may be thought to be dangerous tomorrow. If you want to actually use science to calculate your compliance with current RF exposure gui...
by lambert
Wed Sep 21, 2011 9:47 pm
Forum: General
Topic: OSPF with RB450 and Cisco
Replies: 14
Views: 2721

Re: OSPF with RB450 and Cisco

Time to get someone else to log into all of the gear and look at things. It will probably be obvious to a second pair of eyes.
by lambert
Mon Sep 19, 2011 10:33 pm
Forum: General
Topic: OSPF with RB450 and Cisco
Replies: 14
Views: 2721

Re: OSPF with RB450 and Cisco

What are the firewall rules on the the MikroTik? Do you specifically allow protocol 89 traffic between the cisco and the MikroTik? Is the MTU on the cisco's interface equal to the MTU on the MikroTik? show int vlan802 We already know the MikroTik is set to 1500 bytes. On the Cisco, try specifying th...
by lambert
Mon Sep 19, 2011 12:32 pm
Forum: Scripting
Topic: /export without line wrap?
Replies: 11
Views: 4595

Re: /export without line wrap?

Thanks. That should work.
by lambert
Fri Sep 16, 2011 1:53 am
Forum: Scripting
Topic: /export without line wrap?
Replies: 11
Views: 4595

/export without line wrap?

Searching for ways to do things without "x" never works well. I want to export items from my MikroTiks but I want to avoid having to put the continued lines back together with my scripts. I can add a subroutine to my scripts to do that for me, but it would be nice if there were an option in RouterOS...
by lambert
Thu Sep 01, 2011 11:41 am
Forum: General
Topic: PPP process using all available CPU
Replies: 2
Views: 541

Re: PPP process using all available CPU

MikroTik support says they have been able to replicate the problem and will have it fixed in a future rev.
by lambert
Tue Aug 30, 2011 10:24 pm
Forum: General
Topic: PPP process using all available CPU
Replies: 2
Views: 541

Re: PPP process using all available CPU

I performed a "/system/reset-configuration" this morning to clear the ppp configuration. Now the cpu is 97% to 99% idle.

I have not attempted to setup the ovpn-client again, yet.

Also, I found a reply from MikroTik support in my mailbox this morning. Hopefully we'll get this figured out soon.
by lambert
Tue Aug 30, 2011 2:18 am
Forum: Beginner Basics
Topic: RB 450G is hot?
Replies: 35
Views: 19647

Re: RB 450G is hot?

did you see any problems at the 80C temperature reading? the temperature sensor is not very accurate so do not trust only that. So, no "rules of thumb?" 10% margin of error? 30% margin of error? 10% margin at 20C, 60% margin at 25C, to be ridiculous? I have not seen errors which I could attribute t...
by lambert
Tue Aug 30, 2011 12:11 am
Forum: General
Topic: PPP process using all available CPU
Replies: 2
Views: 541

PPP process using all available CPU

I have an RB450G, routeros-mipsbe-5.5.npk, which is going to be setup with one DHCP WAN interface and one PPPoE/via DSL WAN interface. It will also have an OVPN client to tunnel into their remote network. Everything looked good. They were up and running on the DHCP WAN (ether1) and I had the DSL WAN...
by lambert
Tue Jul 19, 2011 7:44 pm
Forum: Beginner Basics
Topic: RB 450G is hot?
Replies: 35
Views: 19647

Re: RB 450G is hot?

At what RB4xx temperature sensor reading do we need to set our Nagios alarms?


I have one unit mounted in a box in a field with no trees which is seeing readings of 80 C for two or three hours in the afternoon. I am going to try to build the equipment enclosure some shade.
by lambert
Sat May 21, 2011 8:41 pm
Forum: RouterBOARD hardware
Topic: Repair RB4xx series board which have taken surges?
Replies: 1
Views: 662

Repair RB4xx series board which have taken surges?

I now have an RB450G and a RB493G which have taken lightning strikes despite the lightning protection equipment. In both cases there was a small 8 pin IC near the power input jack which is blown apart. That IC is the only visible damage. Would it be possible to identify and replace those ICs? I'm no...
by lambert
Sat May 21, 2011 8:33 pm
Forum: RouterBOARD hardware
Topic: RB450G power light comes on but no serial console output
Replies: 0
Views: 654

RB450G power light comes on but no serial console output

I have a new RB450G which I configured two days ago. Everything looked good. I upgraded it to RouterOS 5.2 since this one is going to the far ends of the network where problems will be containable. I don't think the RouterOS 5.2 upgrade is related to the problem. I believe routerboard firmware was 2...
by lambert
Fri May 06, 2011 2:58 am
Forum: RouterBOARD hardware
Topic: SNMP temperature/voltage OID missing on 450G 4.16
Replies: 11
Views: 10999

Re: SNMP temperature/voltage OID missing on 450G 4.16

Sorry, I didn't see this thread before posting my question about the same topic. http://forum.mikrotik.com/viewtopic.php?f=2&t=50619 Again, it's not just a matter of waiting for the monitoring values to be populated after boot up. It is that they are sometimes not there. If it is an after power cycl...
by lambert
Thu May 05, 2011 8:52 am
Forum: General
Topic: SNMP not returning OIDs for voltage and temperature?
Replies: 1
Views: 1954

Re: SNMP not returning OIDs for voltage and temperature?

My temperature and voltage graphs flatlined again. We've been dealing with wind damage from a tornado so I haven't had time to look at the graphs, or care for the last week or so. lambert@dns1:~> snmpwalk -v1 -c sixr4ih59mdso gw1.mpt 1.3.6.1.4.1.14988.1.1.3 SNMPv2-SMI::enterprises.14988.1.1.3.9.0 = ...
by lambert
Wed Apr 06, 2011 9:59 am
Forum: Forwarding Protocols
Topic: Problems with OSPF
Replies: 3
Views: 1038

Re: Problems with OSPF

I believe you will want to upgrade both units to, at least 4.16. I have only been using MikroTiks since 4.16 has been available. I believe the forums have mentioned multiple OSPF issues with 4.x where x < 16, but it may have been x < 13. Don't forget to upgrade the routerboard firmware after upgradi...
by lambert
Wed Apr 06, 2011 9:40 am
Forum: General
Topic: SNMP not returning OIDs for voltage and temperature?
Replies: 1
Views: 1954

SNMP not returning OIDs for voltage and temperature?

I have several RB450Gs and a couple of RB493Gs. I have noticed on 3 of the RB450Gs, 2 running 4.16 and one running 4.17 and one RB493G running 4.17 that sometimes, they do not want to return the values for the temperature and / or voltage OIDs. > snmpwalk -v1 -c community {RB493G_HOSTNAME} 1.3.6.1.4...
by lambert
Fri Feb 11, 2011 12:06 am
Forum: Forwarding Protocols
Topic: OSPF problems when MD5 authentication is in use
Replies: 4
Views: 2432

Re: OSPF problems when MD5 authentication is in use

1. Do router clocks have to by synchronized for MD5 authentication to work? 2. If so, why? No, with the caveat, as I understand it, that the clock cannot go backward without dropping the neighbor associations on the other routers for security reasons. When a router which does not have the clock syn...
by lambert
Thu Feb 10, 2011 11:28 pm
Forum: Forwarding Protocols
Topic: Problem is OSPF MD5 Authentication OS 4.16
Replies: 3
Views: 2522

Re: Problem is OSPF MD5 Authentication OS 4.16

Just to be certain, the interface on the 4.16 box which is speaking to the 5.0 box is actually named exactly "ether1-gateway"? I'd look for typographical errors. This is probably not related to your problems but, just in case: I had some problems the other night because I restored a config with cust...
  • 1
  • 2