Community discussions

Search found 445 matches

  • 1
  • 2
by scampbell
Sat Sep 24, 2016 5:54 am
Forum: General
Topic: Reset HAP AC doesn't seem to work
Replies: 2
Views: 1713

Re: Reset HAP AC doesn't seem to work

There is a Winbox packaged up for Mac on this forum which works nicely :-)

Makes sure initial connection is not via ether1 as this is fire walled by default.


Sent from my iPhone using Tapatalk
by scampbell
Sat Sep 24, 2016 5:52 am
Forum: Beginner Basics
Topic: PPTP stopped working
Replies: 6
Views: 2229

Re: PPTP stopped working

Enable PPTP logging in /system logging add topic=PPTP and see if that gives better information. Also make sure your input firewall rules are allowing PPTP or setup etc. ensure no dst-nat rule is redirecting the traffic too [emoji12] Allow tcp 1723 and gre in the input chain. MikroTik PPTP is pretty ...
by scampbell
Wed Sep 21, 2016 4:56 am
Forum: General
Topic: Web proxy redirect rules
Replies: 2
Views: 1154

Re: Web proxy redirect rules

MikroTik web proxy does not support 443


Sent from my iPhone using Tapatalk
by scampbell
Fri Sep 02, 2016 6:51 am
Forum: Forwarding Protocols
Topic: OSPF default route
Replies: 4
Views: 1782

Re: OSPF default route

Well I found the problem it was related to a third party firewall in the network which was causing some issues and its now resolved. Apparently it was blocking all traffic to Port 89, as soon as I had put an exception everything started working normally
That'll do it :lol:
by scampbell
Fri Sep 02, 2016 6:49 am
Forum: Wireless Networking
Topic: How to disable WPS button in RB951Ui-2nD with rOS 6.32.4?
Replies: 9
Views: 5231

Re: How to disable WPS button in RB951Ui-2nD with rOS 6.32.4?

enable wireless-cm2 and reboot - WPS should be back. :-)
by scampbell
Fri Sep 02, 2016 6:45 am
Forum: The Dude
Topic: The Dude, v6.37rc test builds.
Replies: 92
Views: 17630

Re: The Dude, v6.37rc test builds.

Would this include access to /tool sms and /tool e-mail for example ?? :-) Pretty much that. However email tool is already accessible for use with notifications. http://wiki.mikrotik.com/images/f/fc/Dude-email-notif.PNG Haha - of course e-mail is there - sorry. How long until we may see access to t...
by scampbell
Tue Aug 23, 2016 9:52 pm
Forum: RouterBOARD hardware
Topic: Q2 2016 But still no Gigabit PoE Routerboard...
Replies: 53
Views: 8669

Re: Q2 2016 But still no Gigabit PoE Routerboard...

Yup,

we also have lots of inquirys about 24port poe switch...
+1 !!
by scampbell
Tue Aug 23, 2016 9:50 pm
Forum: The Dude
Topic: The Dude, v6.37rc test builds.
Replies: 92
Views: 17630

Re: The Dude, v6.37rc test builds.

@dimsoft

That is not possible at the moment. However we do intend to add some access to server host ROS side for better notification options.
Would this include access to /tool sms and /tool e-mail for example ?? :-)
by scampbell
Fri Aug 05, 2016 2:17 am
Forum: General
Topic: how to make the unit reboot in script?
Replies: 3
Views: 1752

Re: how to make the unit reboot in script?

I concur with BlackVS.

We often create a scheduler to reboot router at midnight with just "/system reboot" as the only command - it works well and is only "interactive" when run from a console.
by scampbell
Mon Jul 25, 2016 3:59 am
Forum: General
Topic: Windows 10 and netinstall
Replies: 19
Views: 15274

Re: Windows 10 and netinstall

False alarm. I have installed new Win10, and now everything working great. The question is what peace of software killed netinstall last time. I will do step by step app install... This is going to sound stupid... but have you tried changing its name? No joke! After installing Windows 10, I had the...
by scampbell
Mon Jun 20, 2016 11:42 pm
Forum: General
Topic: SXT AC best settings
Replies: 82
Views: 49695

Re: SXT AC best settings

/interface wireless set [ find default-name=wlan1 ] band=5ghz-a/n Perhaps setting wireless mode to 5GHz-onlyac or 5ghz-a/n/ac might also help (on both ends) ? My bench testing with registration signal of -50dB is giving 450-500 Mbps UDP - but only 120Mbps TCP on 802.11 80Mhz Ceee WPA2-PSK I'll be t...
by scampbell
Fri May 27, 2016 8:13 am
Forum: RouterBOARD hardware
Topic: wAP AC (General questions and experience)
Replies: 118
Views: 44095

Re: wAP AC (General questions and experience)

deleted - off topic
by scampbell
Thu May 26, 2016 9:38 am
Forum: RouterBOARD hardware
Topic: wAP AC (General questions and experience)
Replies: 118
Views: 44095

Re: wAP AC (General questions and experience)

Mikrotik. I have to say, this is one of the nicest pieces of hardware you have designed. My only real feedback is that a LED visible from the outside would be welcome. This way we can see at a glance if the unit is operational. We use the LED all the time on our Motorola, AeroHive and Ubiquity AP's...
by scampbell
Sun May 15, 2016 6:16 am
Forum: Wireless Networking
Topic: How to disable WPS button in RB951Ui-2nD with rOS 6.32.4?
Replies: 9
Views: 5231

Re: How to disable WPS button in RB951Ui-2nD with rOS 6.32.4?

Also try /system package print

You may be using wireless-fp which does not support WPS anyway :-)
by scampbell
Thu May 05, 2016 11:02 pm
Forum: RouterBOARD hardware
Topic: CRS226 SFP LINK PROBLEMS WITH RB260GSP
Replies: 1
Views: 739

Re: CRS226 SFP LINK PROBLEMS WITH RB260GSP

Did you get anywhere with this ?

I just tried to link a CRS226 via SFP1 and S-RJ45 to ether25 on a CRS125 and no traffic would pass.

Going to look into this further and will see what I find :-)
by scampbell
Thu May 05, 2016 8:33 am
Forum: Wireless Networking
Topic: wAP WOES
Replies: 9
Views: 1357

Re: wAP WOES

This installation is for a hotel, therefore I dont think that enabling local forwarding would make any sense
We use these in hotels with local forwarding. If you use managed switches then it shouldn't be an issue and you can use VLAN's if necessary for isolation.
by scampbell
Thu May 05, 2016 12:45 am
Forum: Wireless Networking
Topic: wAP WOES
Replies: 9
Views: 1357

Re: wAP WOES

Local forwarding has been disabled in the CAPsMAN settings, for all APs All RB912 on the same network are configured with a bridge containing both ether1 and wlan1, and they are functionning quite nicely; it is only the wAPs that seem to have a problem with this setup Lastly, I don't see the purpos...
by scampbell
Wed May 04, 2016 12:52 pm
Forum: General
Topic: blocking dhcp over eoip tunnel, but allow local dhcp
Replies: 10
Views: 1822

blocking dhcp over eoip tunnel, but allow local dhcp

Input is to the router and output is from the router. If you want to stop dhcp from
Goin through the bridge the forward chain would be where I place those rules on the bridge filter


Sent from my iPhone using Tapatalk
by scampbell
Wed May 04, 2016 7:43 am
Forum: Wireless Networking
Topic: Mikrotik Outdoor Wireless Network signal test
Replies: 2
Views: 976

Re: Mikrotik Outdoor Wireless Network signal test

Tx/Rx Signal Strength: When aligning the endpoints you want this as high as possible ( -40 to -65 dBm say) Tx/Rx CCQ: This shows how many packets get through , so 50% means half are getting dropped. Good TX/RX Signal and poor CCQ is a sign of interference - try a different channel Signal To Noise: T...
by scampbell
Wed May 04, 2016 7:35 am
Forum: Wireless Networking
Topic: Non-Overlapping Channels?
Replies: 1
Views: 913

Re: Non-Overlapping Channels?

Google is your friend - https://en.wikipedia.org/wiki/List_of_WLAN_channels :D Ce or Ceee mean centre channel plus next channel (or channels). So 2412 Ce would be 2412 + 2432 - note on 2.4GHz we recommedn only 1 (2412), 6 (2437) & 11 (2462) with 20Mhz Channel widths to avoid overlapping coverage in ...
by scampbell
Wed May 04, 2016 7:20 am
Forum: Wireless Networking
Topic: wAP WOES
Replies: 9
Views: 1357

Re: wAP WOES

Thanks for your response Uldis On the wAPs the bridge systematically ends up using wlan1's MAC address. I did try to set the bridge's admin MAC address but as with the wireless' MAC address, the interface isn't reachable via layer 3. I don't understand why it works at the moment, that is, by not ad...
by scampbell
Wed May 04, 2016 7:16 am
Forum: RouterBOARD hardware
Topic: wAP AC (General questions and experience)
Replies: 118
Views: 44095

Re: wAP AC (General questions and experience)

It would be good if wireless-rep became the default and they deprecated all the other wireless packages :) Mikrotik confirmed to me last night wireless-cm2 would be the default on the next batch which is something. No doubt wireless-rep will become the only package at some point but hopefully they ...
by scampbell
Wed May 04, 2016 6:58 am
Forum: RouterBOARD hardware
Topic: wAP AC (General questions and experience)
Replies: 118
Views: 44095

Re: wAP AC (General questions and experience)

When they arrive they have the default config with firewall on ethernet and open wireless. So if you want to manage them you need to connect to the wifi, or reset them into CAP mode. To reset into CAP mode, power them up whilst holding the reset button in. The wireless lan lights will flash, and af...
by scampbell
Fri Apr 15, 2016 3:42 am
Forum: Announcements
Topic: v6.35rc [release candidate] is released, new wireless package!
Replies: 537
Views: 104926

Re: v6.35rc [release candidate] is released, new wireless package!

Is it possible to add more information about connected user to CAPSMAN view with wireless-rep package? e.g. user name being used, auto-translation of vendor part of MAC (well it´s a gimmick) http://fs5.directupload.net/images/160414/nfdarvre.png If your were to create access lists based on the OUI ...
by scampbell
Thu Apr 14, 2016 8:13 am
Forum: General
Topic: vlan with dhcp server
Replies: 7
Views: 1103

Re: vlan with dhcp server

Show your config for ether5 and the VLAN. my config on ether5 and vlan is exactly like my 1st post. Interface vlan40 add to ether5 and i created dhcp server for vlan40. Unless your PC is using inserting Vlan Tags it will be looking for DHCP on ether5. Use the Torch function with all options enabled...
by scampbell
Tue Apr 12, 2016 8:22 am
Forum: Forwarding Protocols
Topic: OSPF default route
Replies: 4
Views: 1782

Re: OSPF default route

Assuming this router is running OSPF it is strange there are no known OSPF routes at all in the routing table ? They should show with a flag of "o" ?

Perhaps "/route ospf export" and "/ip add pr" from the router with the default route and the one wishing to receive it please. :-)
by scampbell
Tue Apr 12, 2016 8:15 am
Forum: Forwarding Protocols
Topic: can pptp server accept multiple client from same public ip ???
Replies: 2
Views: 1526

Re: can pptp server accept multiple client from same public ip ???

If you mean can you receive and process a PPTP connection request from multiple clients masqueraded behind one remote public IP then yes that should work as each connection will have a unique src-port. For example 10 of your staff are staying in a hotel and all want to connect back to the office via...
by scampbell
Tue Apr 12, 2016 6:23 am
Forum: Announcements
Topic: v6.35rc [release candidate] is released, new wireless package!
Replies: 537
Views: 104926

Re: v6.35rc [release candidate] is released, new wireless package!

Did someone try to this new feature? >> wireless background scan I wanted to script a background scan for known Wifi-APs and if found, connect to it automatically. The Microtik is in a car, and I know several Wifi along the road (while stopping the car!). The Idea was: Scan for known ssid's (or MAC...
by scampbell
Mon Apr 11, 2016 7:30 am
Forum: Beginner Basics
Topic: hAP ac slow Ethernet Internet performance
Replies: 20
Views: 8051

Re: hAP ac slow Ethernet Internet performance

It is sometimes worth disabling RSTP on the bridge as well...... for whatever reason I have noticed RSTP sometimes incorrectly disables ethernet ports on the newer versions of RoS. I've not been able to "pin" this down but by disabling it when I am getting ethernet issues the performance has been be...
by scampbell
Thu Mar 17, 2016 9:59 pm
Forum: General
Topic: DHCP Relay VLANs on RB751U-2HnD
Replies: 11
Views: 2708

Re: DHCP Relay VLANs on RB751U-2HnD

Hi SSI, I would suggest following this example http://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Relay#Example_setup Also check your HP Switches support L2MTU 1594 ? From what I can see your example is pretty much like the above except that you are using an MS server as primary DHCP. Here is my interprea...
by scampbell
Tue Mar 15, 2016 12:23 am
Forum: General
Topic: Slow speeds from CRS125
Replies: 57
Views: 4181

Re: Slow speeds from CRS125

Thanks for the help! Here are the results for mturoute: http://imgur.com/8Iqq4ar.jpg And here is the mtupath results: http://imgur.com/jjnmK64.jpg I would check the MTU and MSS of your WAN too - just to be sure...... 1. download MTUPATH.EXE ( http://www.iea-software.com/products/mtupath.cfm ) and s...
by scampbell
Mon Mar 14, 2016 11:23 pm
Forum: General
Topic: Slow speeds from CRS125
Replies: 57
Views: 4181

Re: Slow speeds from CRS125

I would check the MTU and MSS of your WAN too - just to be sure...... 1. download MTUPATH.EXE ( http://www.iea-software.com/products/mtupath.cfm ) and see what the results for MSS are; 2. download MTUROUTE.EXE (http://www.elifulkerson.com/projects/mturoute.php ) and see what it finds It may be a VLA...
by scampbell
Mon Mar 14, 2016 11:05 pm
Forum: Announcements
Topic: Winbox3.3 released!
Replies: 37
Views: 9381

Re: Winbox3.3 released!

Quick work !! :-)

Windows Smartscreen does not like it though - reports it as an unrecognised app from an unknown publisher on Windows10. You have to force Windows to run anyway.....
by scampbell
Fri Mar 11, 2016 4:39 am
Forum: General
Topic: Slow speeds from CRS125
Replies: 57
Views: 4181

Re: Slow speeds from CRS125

Try disabling any simple queues and changing the WAN port interface queue type as per http://forum.mikrotik.com/viewtopic.php?t=103542
by scampbell
Fri Mar 11, 2016 4:34 am
Forum: Announcements
Topic: Winbox3.2 released!
Replies: 59
Views: 11342

Re: Winbox3.2 released!

AVG again !!! Grrr. Why does this keep happening I wonder ? Perhaps AVG have some shares in another vendor starting with U :-)
by scampbell
Tue Mar 08, 2016 2:15 am
Forum: Forwarding Protocols
Topic: Redirect port 80 for external web administration
Replies: 2
Views: 3314

Re: Redirect port 80 for external web administration

For port 80 traffic from anywhere /ip firewall add action=dst-nat chain=dstnat comment="Web Server" disabled=no dst-port=80 protocol=tcp in-interface=ether1-gateway to-addresses=192.168.1.50 For remote router access via external Port 9000 /ip firewall add action=redirect chain=dstnat comment="Web Se...
by scampbell
Tue Mar 08, 2016 2:08 am
Forum: Forwarding Protocols
Topic: MPLS vpls tunnel - MTU problem - wifi i think
Replies: 3
Views: 1128

Re: MPLS vpls tunnel - MTU problem - wifi i think

It looks like something is stealing 4 bytes :-) Your client bridge shows only 1496 actual bytes so I suspect an interface involved in the bridging is dragging it down. Try removong wlan1 from the client bridge (assuming you have local access of course) and see if the bridge actual-MTU increases. Per...
by scampbell
Tue Mar 08, 2016 2:01 am
Forum: Announcements
Topic: v6.35rc [release candidate] is released, new wireless package!
Replies: 537
Views: 104926

Re: v6.35rc [release candidate] is released, new wireless package!

6.35rc19 has been released! *) winbox - added /interface wireless setup-repeater; Nice feature !! When you use this setup repeater button it currently creates a new bridge (called bridge1) and adds WLAN1 plus the new Virtual WLAN into it. Perhaps this could be modified to ask for a bridge to use (i...
by scampbell
Mon Feb 29, 2016 8:06 am
Forum: Wireless Networking
Topic: 100mbps TCP Full duplex link using 4 dish ( NV2 )
Replies: 9
Views: 2660

Re: 100mbps TCP Full duplex link using 4 dish ( NV2 )

Hi , it's a 3 years posts but i'm going to answer it !! it's not so easy , but you can do it with OSPF routing protocol !! that's all if you are not friend;t with OSPF , use static routing , but in this case you will loose redundancy , with OSPF you could have full duplex and redundancy in case of ...
by scampbell
Fri Feb 19, 2016 5:28 am
Forum: Beginner Basics
Topic: Passing all traffic on to proxy server
Replies: 4
Views: 4505

Re: Passing all traffic on to proxy server

/ip firewall nat add chain=dstnat action=dst-nat to-address=proxyIP to-ports=8080 protocol=TCP, dst-port=80,443 in-interface=bridge-lan This will redirect any HTTP and HTTPS to your proxy on port 8080. Doesn't transparent proxy give certificate issues with SSL? I am on a network that requires the u...
by scampbell
Fri Feb 19, 2016 4:10 am
Forum: General
Topic: Some websites not loading on 2 routers
Replies: 6
Views: 1340

Re: Some websites not loading on 2 routers

I've seen that before :-) When an EOIP tunnel is added to the bridge the bridge MTU automatically drops to equal the smallest MTU of the interface in it.. There is a setting on the bridge to "not" automatically adjust MTU but this can lead to fragmentation. Soemtimes the best solution for an office ...
by scampbell
Fri Feb 19, 2016 12:50 am
Forum: General
Topic: Some websites not loading on 2 routers
Replies: 6
Views: 1340

Re: Some websites not loading on 2 routers

If you are connecting via PPPoE ensure your profile is set to allow MSS Clamping. The quick way to check if this is active is to see if there are two Dynamic Forward Mangles rules. If not then it's not running. Here is a link to another forum post on the subject - http://forum.mikrotik.com/viewtopic...
by scampbell
Fri Feb 19, 2016 12:46 am
Forum: Beginner Basics
Topic: EOIP over IPSEC TWO RB750
Replies: 21
Views: 12521

Re: EOIP over IPSEC TWO RB750

FASTTRACK!!!! Disable it and packets pass. Web Pages load. Grrrrr. Spent all day messing with this. I have not gone back to EOIP yet. Just standard IPSec config and its working. Finally. Some progress then :-) Yeah, Fasttrack breaks all kinds of things as the packets bypass the routing engine as su...
by scampbell
Thu Feb 18, 2016 9:29 pm
Forum: General
Topic: dynDNS SCRIPT THAT WORKS
Replies: 13
Views: 20840

Re: dynDNS SCRIPT THAT WORKS

For simple DDNS requirements there is the built in DDNS under /ip cloud ? It's free and it works :-)

It's url is serial_numer.sn.mynetname.net
by scampbell
Thu Feb 18, 2016 9:21 pm
Forum: General
Topic: IP Routes gateway becomes unreachable after PPTP connection restarts
Replies: 7
Views: 2258

Re: IP Routes gateway becomes unreachable after PPTP connection restarts

I have 4 LAN's that I need to access on the other end, as you can see in my previous post. How can I add the 4 LAN's in the route field?
You can add multiple routes in the secret :-

/ppp secret
add name=changeme password=changeme routes=192.168.1.0/24,192.168.7.0/24,192.168.5.0/24,........
by scampbell
Thu Feb 18, 2016 9:15 pm
Forum: Beginner Basics
Topic: Passing all traffic on to proxy server
Replies: 4
Views: 4505

Re: Passing all traffic on to proxy server

You need to create a dstnat rule with

/ip firewall nat
add chain=dstnat action=dst-nat to-address=proxyIP to-ports=8080 protocol=TCP, dst-port=80,443 in-interface=bridge-lan

This will redirect any HTTP and HTTPS to your proxy on port 8080.

Change settings to suit your proxy :-)
by scampbell
Thu Feb 18, 2016 9:09 pm
Forum: Beginner Basics
Topic: How to detect when default gateway changes?
Replies: 3
Views: 619

Re: How to detect when default gateway changes?

Hi Geeko, If you are behind NAT'ed routers then that is the correct way to do it. It also enables a more complex check than just next-hop :-) If you only need to check next-hop then there is also a setting in the default route called "check-gateway" which can use ping. No use if you are connected to...
by scampbell
Thu Feb 18, 2016 9:00 pm
Forum: Beginner Basics
Topic: EOIP over IPSEC TWO RB750
Replies: 21
Views: 12521

Re: EOIP over IPSEC TWO RB750

Hmmm, ok well you have the basics right it seems. I did some looking around and found this link which may help - http://forum.mikrotik.com/viewtopic.php?t=88033 I wonder if you have some peer settings left over from earlier attempts. Try the following and see if it helps... 1. Disable IPSEC in the E...
by scampbell
Wed Feb 17, 2016 10:37 pm
Forum: Beginner Basics
Topic: IPsec site 2 site VPN. Ping fails in one direction.
Replies: 36
Views: 12816

Re: IPsec site 2 site VPN. Ping fails in one direction.

To get rid of fasttrack there is a firewall rule created by default directly below the two rules to allow established and related with an action=fasttrack-connection. The rule looks like this:- "add action=fasttrack-connection chain=forward comment="default configuration" \ connection-state=establis...
by scampbell
Wed Feb 17, 2016 10:28 pm
Forum: Announcements
Topic: v6.34.1 [current] is released!
Replies: 59
Views: 15978

Re: v6.34.1 [current] is released!

I've noticed an issue running 6.34.1 and Winbox 3.1. If I set the email server in Winbox > Tools > Email > Server to either the fqdn or ip of my mail server then try send an email I get an error connecting entry in the logs. "/tool e-mail print" didn't show a server address entry. "/tool e-mail set...
by scampbell
Wed Feb 17, 2016 10:26 pm
Forum: Beginner Basics
Topic: EOIP over IPSEC TWO RB750
Replies: 21
Views: 12521

Re: EOIP over IPSEC TWO RB750

I can't seem to get this to work. The "easier" EOIP. I setup EoIP selected a secret. Made sure the tunnel IDs were the same. All I see it this in my logs 10:28:18 ipsec,error failed to pre-process ph2 packet. Do I need additions to the firewall filter and nat too? Ensure your firewall is allowing i...
by scampbell
Tue Feb 16, 2016 9:01 pm
Forum: General
Topic: Using EoIP as the connector.
Replies: 8
Views: 885

Re: Using EoIP as the connector.

Could you not have used src-nat to fool the pbx that any packets received from a remote network were instead locally sent ? This would eliminate the need for eoip Eric and possibly simpler ? Also where we see sip issues the packet sniffer is the best tool as you can save to a file, called sip.cap fo...
by scampbell
Mon Feb 15, 2016 8:02 pm
Forum: Announcements
Topic: v6.34.1 [current] is released!
Replies: 59
Views: 15978

Re: v6.34.1 [current] is released!

It appeared in v6.34 and is already fixed in v6.35rc. It is just a cosmetic bug that aes-256 is displayed as aes-128 Maybe cosmetic but I have just wasted an hour on it migrating a router and wondering why my scripts dont work. If I specify in CLI to add a peer with enc-algorythm=aes-128 and then r...
by scampbell
Mon Feb 15, 2016 12:49 am
Forum: Wireless Networking
Topic: WDS or not WDS?
Replies: 3
Views: 1715

Re: WDS or not WDS?

Pasted from Uldis slide pg 34: http://mum.mikrotik.com/presentations/PL12/workshop-wireless-2012-PL.pdf 802.11n and WDS • 802.11n frame aggregation can’t be used together with WDS • Max transmit speed drops from 220Mbps to 160Mbps using WDS (UDP traffic) • Station-bridge has the same speed limitatio...
by scampbell
Mon Feb 15, 2016 12:30 am
Forum: Wireless Networking
Topic: Printer Access with "client to client forwarding" disabled
Replies: 6
Views: 1230

Re: Printer Access with "client to client forwarding" disabled

Use the "access list" feature and allow client to client forwarding for specific hosts and the printers. This allows the default action of no-forwarding except for the hosts you specify by mac-address in the access-list. TIP: You can identify specific hosts in the registration table and copy them to...
by scampbell
Mon Feb 15, 2016 12:24 am
Forum: Wireless Networking
Topic: Chromecast problems!
Replies: 8
Views: 3832

Re: Chromecast problems!

We use CAPsMan with our Chromecast so perhaps you need to publish your CAPsMan Controller config and your AP Config.

As you have correctly noted you cannot set the mode to AP/Bridge in Capsman - only AP. This should not be an issue for you as Chromecast connects as a Station anyway.
by scampbell
Thu Feb 04, 2016 11:39 pm
Forum: Announcements
Topic: Winbox3.1 released!
Replies: 50
Views: 26093

Re: Winbox3.1 released!

We have found issue with hAP lite and missing information. We will fix it in next release. Toigoweb - what does "lot of bug" mean? Can you give examples? Everyone - please report to support@mikrotik.com with description of your problem and screen shots. Forum is for users. If you want to have resol...
by scampbell
Thu Feb 04, 2016 10:44 pm
Forum: Beginner Basics
Topic: Email settings
Replies: 13
Views: 1796

Re: Email settings

Please try setting your e-mail server using the CLI. We have found setting this in Winbox does not work in the RoS 6.34 or 6.33.5 and reported it to Mikrotik.

/tool e-mail set address=x.x.x.x
by scampbell
Thu Feb 04, 2016 12:28 pm
Forum: Wireless Networking
Topic: Mikrotik AC PtP - Nstreme will NOT connect at all but NV2 will???
Replies: 53
Views: 8846

Mikrotik AC PtP - Nstreme will NOT connect at all but NV2 will???

AP config: /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik add authentication-types=wpa2-psk,wpa2-eap management-protection=allowed \ mode=dynamic-keys name=NPP supplicant-identity="" wpa2-pre-shared-key=\ ********* /interface wireless set [ find default-...
by scampbell
Thu Feb 04, 2016 12:17 pm
Forum: Wireless Networking
Topic: Mikrotik AC PtP - Nstreme will NOT connect at all but NV2 will???
Replies: 53
Views: 8846

Mikrotik AC PtP - Nstreme will NOT connect at all but NV2 will???

I couldn't help but notice one of the radios had default-authenticate=no and I couldn't see any mention of access or connect lists. If this is correct and no connect or access list then you won't get a connection :-) Please double check - hope this helps... [edit] a closer look and I saw an access l...
by scampbell
Thu Feb 04, 2016 11:54 am
Forum: Scripting
Topic: Script to disable 3g backup
Replies: 2
Views: 724

Script to disable 3g backup

Use a higher distance for your 3G default route and if 3G is PPPoE set dial on demand=yes
by scampbell
Wed Feb 03, 2016 1:27 am
Forum: Beginner Basics
Topic: Sending E-mail when IP is added to address list
Replies: 3
Views: 998

Re: Sending E-mail when IP is added to address list

Use the log function in the firewall rule and have the action specified as an e-mail. /ip firewall filter add action=add-src-to-address-list address-list=PSD (insert matchers here) chain=forward log=yes log-prefix=PSD /system logging action add email-to=myaddress@somewhere.com name=emailPSD target=e...
by scampbell
Wed Feb 03, 2016 1:10 am
Forum: Beginner Basics
Topic: Help configuring station bridge.
Replies: 1
Views: 399

Re: Help configuring station bridge.

If the other AP is not a Mikrotik AP/Bridge station-bridge will not work as it is a Mikrotik proprietary mode.
by scampbell
Wed Feb 03, 2016 12:51 am
Forum: Beginner Basics
Topic: Problem with dual wan failover not moving back to primary.
Replies: 10
Views: 3363

Re: Problem with dual wan failover not moving back to primary.

dareru's excellent answer is for failover only and will work well. If you use a dynamic protocol on your WAN such as DHCP or PPPoE you will need to ensure you set the default-route-distance to something other than 0 on your backup wan for this to work If you want to be able to manage your router via...
by scampbell
Wed Feb 03, 2016 12:30 am
Forum: Beginner Basics
Topic: RB951G-2HnD bridge performance
Replies: 2
Views: 770

Re: RB951G-2HnD bridge performance

By default the RB951G-2HnD has ether2 and wlan1 in a bridge. Ether3-5 have their master-port set to ether2. Traffic between ether2-5 should occur at wirespeed 1000Mps. So perhaps set the ports back to switch and try again. Be sure to remove from the bridge before setting their master ports. If you a...
by scampbell
Wed Feb 03, 2016 12:24 am
Forum: Beginner Basics
Topic: Email settings
Replies: 13
Views: 1796

Re: Email settings

Add a topic=e-mail action=memory to your /system logging.

The additional log info should help show what is not working correctly when you send an e-mail :-)
by scampbell
Wed Feb 03, 2016 12:21 am
Forum: Beginner Basics
Topic: PPTP
Replies: 2
Views: 394

Re: PPTP

Windows uses WINS to resolve hostnames. On your remote PC's when they connect have the clients configured to use your internal Windows server as both DNS and WINS. On the remote site you may also need to suffix your hostnames with hostname.yourdomain.com to get them to correctly respond. Mikrotik ca...
by scampbell
Wed Feb 03, 2016 12:14 am
Forum: General
Topic: is there a way to block specific URL in Microtik CCR ?
Replies: 10
Views: 763

Re: is there a way to block specific URL in Microtik CCR ?

No it is not possible! Note the "https" which means "secure" communication. The communication is encrypted and the router never sees the URL. Even when you setup a proxy server, the router sees only the hostname not the part after it. So then you can block entire facebook but not one specific page....
by scampbell
Tue Feb 02, 2016 11:52 am
Forum: Wireless Networking
Topic: Wireless bridge [solved with WDS]
Replies: 6
Views: 10472

Wireless bridge [solved with WDS]

Ap-bridge mode to station-bridge is definitely the best way to do a transparent bridge over wireless.

WDS has throughout issues on Wireless N. It works but not as well as station-bridge.
by scampbell
Mon Feb 01, 2016 10:08 pm
Forum: Wireless Networking
Topic: Full Duplex PTP over 7 to 14Kms
Replies: 24
Views: 2980

Re: Full Duplex PTP over 7 to 14Kms

thank you. that looks interesting but has anyone deployed it in actual environment? I have a few sites doing that - for example we use an RB850GX2 at each end and 4 x QRT's. Set up two unique /29 subnets for each wireless link and the radio's as simple bridge (bridge/station-bridge). Apply the diff...
by scampbell
Mon Feb 01, 2016 10:02 pm
Forum: General
Topic: IPIP Tunnel MTU Problem
Replies: 7
Views: 3253

Re: IPIP Tunnel MTU Problem

Have you checked your PPPoE tunnel can pass packets with MTU=1492 natively without fragmenting ?

Some ISP's use VLAN's and we have found the MTU=1480 is the best we can achieve in this case ?
by scampbell
Mon Feb 01, 2016 8:21 am
Forum: General
Topic: IPIP Tunnel MTU Problem
Replies: 7
Views: 3253

Re: IPIP Tunnel MTU Problem

Interesting problem for sure. I would not think you would need to specify source IP as you are using /30 addressing so it should only go one direction anyway. Given your wan connections have MTU limits of either 1500 or 1492 themselves I cannot see how you can push 1600 through any tunnel without fr...
by scampbell
Mon Feb 01, 2016 7:15 am
Forum: Wireless Networking
Topic: Full Duplex PTP over 7 to 14Kms
Replies: 24
Views: 2980

Re: Full Duplex PTP over 7 to 14Kms

no mikrotik products come in full duplex modes as of today.

you need 4 radios cards 2 on each side for full duplex to work.
Or use OSPF and 4 QRT's for example and base setup on http://wiki.mikrotik.com/wiki/Dual_Setup_with_OSPF.
by scampbell
Mon Feb 01, 2016 7:06 am
Forum: Announcements
Topic: v6.34 [current] is released!
Replies: 91
Views: 22722

Re: v6.34 [current] is released!

About ARP entries - they are completely normal. They have been there forever. Incomplete entries simply were no shown. Now we just do not hide them any more. Just a thought - how hard would it be to add a tick box for "show-incomplete" in /ip arp ? This may make it easier for some users to understa...
by scampbell
Mon Feb 01, 2016 6:52 am
Forum: Announcements
Topic: Winbox3.1 released!
Replies: 50
Views: 26093

Re: Winbox3.1 released!

The issue with /tool e-mail being set in Winbox on a hAP still is happening. To reproduce this, configure in Winbox the Tool E-Mail server then open CLI and go /tool e-mail print email1.PNG Note the lack of address in the CLI. Simply issue the /tool e-mail set address=x.x.x.x followed by /tool e-mai...
by scampbell
Mon Feb 01, 2016 6:42 am
Forum: Announcements
Topic: Winbox3.1 released!
Replies: 50
Views: 26093

Re: Winbox3.1 released!

hAP Lite, RouterOS 6.34
+1 but only after updating Bios from 3.24 to 3.29 :-)
by scampbell
Thu Jan 28, 2016 6:41 pm
Forum: General
Topic: OSPF Router-ID in docs and MTCRE
Replies: 4
Views: 983

OSPF Router-ID in docs and MTCRE

I prefer to always specify a loopback address so there are no surprises [emoji41]
by scampbell
Thu Jan 28, 2016 6:34 pm
Forum: General
Topic: PPPoE Server and Proxy ARP with IPv4 and IPv6
Replies: 2
Views: 634

PPPoE Server and Proxy ARP with IPv4 and IPv6

Ospf instance can publish connected routes but using it for PPPoE can create a flood of lsa's
by scampbell
Thu Jan 28, 2016 6:32 pm
Forum: General
Topic: RB3011 missing Interface Master Slave Settings
Replies: 1
Views: 617

RB3011 missing Interface Master Slave Settings

Switch missing in winbox 3.0 is known. Try winbox 2.2.18, cli or webfig.

We are hoping this will be fixed soon [emoji41]
by scampbell
Thu Jan 28, 2016 6:28 pm
Forum: General
Topic: win10 mac-telnet
Replies: 4
Views: 852

win10 mac-telnet

Check the interface you are using has a valid IP address on it, preferably static ip. I know Mac-winbox is l2 but Windows seems to need this. Try running winbox as admin in Windows. Try disable any unused interface like wireless Disable any virtual machine like virtual box. Disable AV and firewall o...
by scampbell
Thu Jan 28, 2016 6:24 pm
Forum: General
Topic: RB2011 - How do I strip tagged VLAN 0?
Replies: 6
Views: 975

RB2011 - How do I strip tagged VLAN 0?

Edit: you can edit packet vlans in a bridge filter - not sure how with just a plain Ethernet interface so perhaps create bridge, add wan, then try bridge filter ?
by scampbell
Thu Jan 28, 2016 6:22 pm
Forum: General
Topic: RB2011 - How do I strip tagged VLAN 0?
Replies: 6
Views: 975

RB2011 - How do I strip tagged VLAN 0?

Technically vlan0 is no vlan. If you add a priority tag to your packets vlan0 is automatically inserted unless another vlan is specified.
by scampbell
Thu Jan 28, 2016 6:16 pm
Forum: General
Topic: is there a way to block specific URL in Microtik CCR ?
Replies: 10
Views: 763

is there a way to block specific URL in Microtik CCR ?

I would try using a L7 firewall rule but these are high CPU cost. Lucky you have a ccr :-)
by scampbell
Thu Jan 28, 2016 6:05 pm
Forum: Beginner Basics
Topic: Problem with basic CAPsMAN configuration
Replies: 8
Views: 8968

Problem with basic CAPsMAN configuration

It may help if you publish an export of your route capsman config and wireless config please. With capsman we do not manually bridge wlan to Ethernet. Capsman automatically will do this if required. Capsman can either local forward data or tunnel it to the controller. It sounds to me you may not be ...
by scampbell
Thu Jan 28, 2016 5:57 pm
Forum: General
Topic: Help please...periodically losing pings!
Replies: 2
Views: 318

Help please...periodically losing pings!

FYI do not use tkip unless absolutely necessary. It limits wireless throughput.
by scampbell
Thu Jan 28, 2016 5:49 pm
Forum: General
Topic: RSTP between a fiber link and wireless link ? Possible in Microtik ?
Replies: 10
Views: 880

RSTP between a fiber link and wireless link ? Possible in Microtik ?

If you are doing that much traffic then the ccr1016-12s might be a better investment. The crs switch chips are good but I'm pretty sure don't support features like RSTP or LACP yet without using the CPU which architecturally is limited to 1gps to/from the CPU. The ccr would allow you to run ospf and...
by scampbell
Wed Jan 27, 2016 7:32 pm
Forum: Announcements
Topic: v6.33.5 [current] is released!
Replies: 120
Views: 33806

Re: v6.33.5 [current] is released!

On hAP on several routers all running 6.33.5 we are seeing a problem with the /tool e-mail settings. If you set the server in Winbox to 1.1.1.1 (say) and then go to the CLI and execute /tool e-mail pring the address entry is blank. You can only seem to enter the e-mail server address via the CLI. Th...
by scampbell
Mon Jan 18, 2016 11:07 pm
Forum: Announcements
Topic: v6.33.5 [current] is released!
Replies: 120
Views: 33806

Re: v6.33.5 [current] is released!

Oh and switch menu still missing on RB3011 Winbox :-) Not in 6.34rc34 yet either FYI 6.34rc36 still missing Switch menu, Master Port on Interface General Tab & CPU Clock on System/Resources in WinBox. As well as not supporting Hardware Encryption yet! I tried connecting to my RB3011 via Winbox 2.21...
by scampbell
Mon Jan 18, 2016 8:02 am
Forum: Wireless Networking
Topic: PPPOE Request (Need Help )
Replies: 1
Views: 318

Re: PPPOE Request (Need Help )

Potentially several solutions depending on how you are handling the ports. Layer2 isolation is 1st. Disable Default Forward on your Wireless NIC's to keep clients on a single wlan from talking to each other. If in your diagram the Ethernet ports are bridged then you could use Split Horizon in the br...
by scampbell
Thu Jan 14, 2016 5:24 am
Forum: General
Topic: Problem with Bridge on CRS125-24G-1S
Replies: 6
Views: 1015

Re: Problem with Bridge on CRS125-24G-1S

When ports are bridged all LAN traffic goes through the CPU (shared 1GB link) whereas when ports are switched LAN traffic does not impact the CPU so routing performance is better.
by scampbell
Wed Jan 13, 2016 10:39 pm
Forum: Announcements
Topic: v6.33.5 [current] is released!
Replies: 120
Views: 33806

Re: v6.33.5 [current] is released!

Oh and switch menu still missing on RB3011 Winbox :-) Not in 6.34rc34 yet either FYI
by scampbell
Wed Jan 13, 2016 10:37 pm
Forum: Announcements
Topic: v6.33.5 [current] is released!
Replies: 120
Views: 33806

Re: v6.33.5 [current] is released!

I also just tried a /system packages upgrade upgrade on an SXT on 6.25 running the wireless package. The device could not be upgraded until I manually upgraded and applied the wireless-fp package which negates the auto-upgrade feature. I would suggest it should automatically change to wireless-fp or...
by scampbell
Wed Jan 13, 2016 8:49 pm
Forum: General
Topic: WinBox 3.0rc15 recognized as malware (IDP.Ares.Generic) by AVG Antivirus
Replies: 1
Views: 967

Re: WinBox 3.0rc15 recognized as malware (IDP.Ares.Generic) by AVG Antivirus

This morning AVG reported Winbox.exe 3.0 as Trojan horse Generic36.CBEY and removed it :-(
by scampbell
Tue Nov 03, 2015 8:56 pm
Forum: General
Topic: Winbox 3 RC
Replies: 639
Views: 122691

Re: Winbox 3 RC

3) After multiple requests, we decided to use default admin without password if router is selected from Neighbours list. If that should not be used, then router must be saved in Managed tab. While in some cases this makes sense we used to achieve that same result (default to admin with no password)...
by scampbell
Mon Nov 02, 2015 10:19 am
Forum: General
Topic: Is it possible for ISP to access my MikroTik?
Replies: 8
Views: 1332

Is it possible for ISP to access my MikroTik?

the default configuration of the RB951 has a firewall on the public (ISP) interface, so nobody can connect to your router from the ISP side, only from your LAN home network I agree but if you need a pppoe interface the default rules need to be changed to reflect this new wan interface. We are seein...
by scampbell
Mon Nov 02, 2015 9:52 am
Forum: Beginner Basics
Topic: Static NAT from external seems to hijack VPN traffic on same port
Replies: 4
Views: 701

Static NAT from external seems to hijack VPN traffic on same port

Add your wan address as the dst-address (not the to-address) of you Nat rule. Specifying just the incoming interface will catch IPSec traffic as well as Internet traffic.
by scampbell
Mon Nov 02, 2015 9:41 am
Forum: General
Topic: utilization of CPU via WinBox
Replies: 18
Views: 1315

utilization of CPU via WinBox

Also /tool graph where you can graph CPU and memory resources and traffic etc
by scampbell
Mon Nov 02, 2015 9:37 am
Forum: RouterBOARD hardware
Topic: Any RouterBoard with 4G LTE sim card slot available?
Replies: 11
Views: 25277

Any RouterBoard with 4G LTE sim card slot available?

Multi tech offer a miniPCIe card with inbuilt sim. HSPA+
by scampbell
Mon Nov 02, 2015 9:14 am
Forum: General
Topic: smtp port forwarding
Replies: 5
Views: 708

Re: smtp port forwarding

You are welcome :-)
by scampbell
Mon Nov 02, 2015 6:22 am
Forum: RouterBOARD hardware
Topic: RB750UP and PowerBox unable to turn on Mikrotik Devices
Replies: 7
Views: 2012

Re: RB750UP and PowerBox unable to turn on Mikrotik Devices

See the link I posted before. Yes, you can say it helps PB to power other devices, but what it actually does is disables short circuit detection on all poe out ports.
Is there a plan to include this command in Winbox ?
by scampbell
Sun Nov 01, 2015 11:59 pm
Forum: Forwarding Protocols
Topic: Issues with OSPF
Replies: 4
Views: 3380

Re: Issues with OSPF

I would try setting the Network-Type =Broadcast on all interfaces rather than Point to Point.

With Network-Type=Point to Point no router is elected as designated router under OSPF. This is good on a wireless segment of an OSPF network but perhaps not so good in your situation ?
by scampbell
Sun Nov 01, 2015 11:49 pm
Forum: Wireless Networking
Topic: CAPsMAN issue with wAP
Replies: 3
Views: 1199

Re: CAPsMAN issue with wAP

You are welcome and thanks for the rating :-)
by scampbell
Fri Oct 30, 2015 5:33 am
Forum: Wireless Networking
Topic: CAPsMAN issue with wAP
Replies: 3
Views: 1199

Re: CAPsMAN issue with wAP

Please check you have the same wireless package installed on all devices. e.g wireless-cm2

/system packages print
by scampbell
Fri Oct 30, 2015 5:21 am
Forum: General
Topic: smtp port forwarding
Replies: 5
Views: 708

Re: smtp port forwarding

You also need to mark the connection coming in from your wan ports to your mail server and ensure the reply goes back the same wan it arrived on. See the following excellent presentation from Steve Discher http://mum.mikrotik.com/presentations/US12/steve.pdf /ip firewall mangle add action=mark-conne...
by scampbell
Tue Oct 27, 2015 5:04 am
Forum: Wireless Networking
Topic: VTP and VLAN's through wireless link
Replies: 5
Views: 1989

Re: VTP and VLAN's through wireless link

If you have setup a transparent bridge and all clients are station-bridge then they will all see each other. Disabling Default Forwarding on the AP/Bridge will give some L2 isolation from clients but the AP/Bridge will see all. If you wish to seperate the customers then you may be better with a rout...
by scampbell
Tue Oct 27, 2015 3:23 am
Forum: Wireless Networking
Topic: mikrotik cAP n2 as repeater bridge
Replies: 4
Views: 2163

Re: mikrotik cAP n2 as repeater bridge

Not sure where I thought Capsman :-)

But ap/Bridge->station-bridge mode might be even better than WDS ? We use this method for transparent bridging frequently.
by scampbell
Tue Oct 27, 2015 3:20 am
Forum: Scripting
Topic: Netwatch failover script
Replies: 3
Views: 3780

Re: Netwatch failover script

Both ways work - I just like using seperate scripts so you can test them :-)
by scampbell
Fri Oct 23, 2015 5:26 am
Forum: Wireless Networking
Topic: Voucher generation and printing
Replies: 2
Views: 1063

Re: Voucher generation and printing

Handlink make a nice printer that does exactly that. www.handlink.com.tw or http://www.campbell.co.nz/index.php?main_page=product_info&cPath=9&products_id=696 We sell them here and they are easy to set up and use and have 3 buttons that can be paired with three different profiles. 1 Hr, 1 Day or 1 w...
by scampbell
Fri Oct 23, 2015 5:24 am
Forum: Wireless Networking
Topic: CapsMAN multicast
Replies: 2
Views: 1141

Re: CapsMAN multicast

And also make sure Windows Firewall is disabled too LoL :lol:
by scampbell
Fri Oct 23, 2015 5:23 am
Forum: Wireless Networking
Topic: CapsMAN multicast
Replies: 2
Views: 1141

Re: CapsMAN multicast

I use Sonos on my network with Capsman.

The secret is to ensure you allow client-to-client forwarding in your datapath setup
by scampbell
Fri Oct 23, 2015 5:15 am
Forum: Wireless Networking
Topic: Problem with setup CAPsMAN for more than two the same SSIDs on multiple CAPs
Replies: 2
Views: 978

Re: Problem with setup CAPsMAN for more than two the same SSIDs on multiple CAPs

The provisioning rules are like firewall rules and work top down, first match. If your mac filter is 00:00:00:00:00:00 for both rules the first will be used always and never reach the second. Try adding in the mac address of the radio you want with cfg3 on the appropriate provision rule and drag it ...
by scampbell
Fri Oct 23, 2015 5:10 am
Forum: Wireless Networking
Topic: How to Lock TX/RX data rates on client
Replies: 1
Views: 4362

Re: How to Lock TX/RX data rates on client

I think you are describing "rate flapping". To fix this you need to disable the higher speds in "supported rates" of radio. This is under the "data rates" section, select "configured" and unselect the top speeds. The logic is if the radio spends 80% of its time at 36Mbbps, 10% at 48Mbps and 10% at 5...
by scampbell
Fri Oct 23, 2015 5:01 am
Forum: Wireless Networking
Topic: mikrotik cAP n2 as repeater bridge
Replies: 4
Views: 2163

Re: mikrotik cAP n2 as repeater bridge

Last I looked Capsman did not support bridge. Mode=ap is the only option
by scampbell
Fri Oct 23, 2015 4:59 am
Forum: Scripting
Topic: Netwatch failover script
Replies: 3
Views: 3780

Re: Netwatch failover script

If you create you netwatch scripts in /system script with name like "up" or "down" you can then run them and see if they work. Then in /tool netwatch just specify the name of the script in the up and down menu's . EXAMPLE: /system script add name=up owner=admin policy=\ ftp,reboot,read,write,policy,...
by scampbell
Thu Oct 22, 2015 5:29 am
Forum: General
Topic: Reach device on hotspot (device has no gateway).
Replies: 2
Views: 727

Re: Reach device on hotspot (device has no gateway).

When I need to get access to a device that has no gateway but does have a valid IP in a subnet, I use a srcnat/masquerade rule so traffic to the device appears to come from it's local subnet. /ip firewall nat add chain=srcnat to-address=192.168.4.165 action=masquerade If the device is on the hotspot...
by scampbell
Thu Oct 22, 2015 5:23 am
Forum: General
Topic: DNS no resolving on failover wan
Replies: 5
Views: 799

Re: DNS no resolving on failover wan

On sites with multiple WAN interfaces and different ISP (therefore different DNS) I add a specific route for each DNS so it always uses the correct ISP. In respect to failover, a script to change the DNS may be useful approach. Using 8.8.8.8 or 8.8.4.4 does work but some CDN's do not like it and get...
by scampbell
Thu Oct 22, 2015 5:15 am
Forum: General
Topic: DHCP Flooding
Replies: 20
Views: 2640

Re: DHCP Flooding

Mikrotik support DHCP Server Alert function that can tell when a new DHCP server is found. /ip dhcp-server alert add disabled=no interface=bridge-lan on-alert="/log error \"server found\"" You can add your own script as required. It is also possible to filter DHCP on a Bridge if required. http://wik...
by scampbell
Thu Oct 22, 2015 5:11 am
Forum: Forwarding Protocols
Topic: OSPF Example Network
Replies: 18
Views: 5939

Re: OSPF Example Network

Agreed, in fact if you take this approach set the interface to passive so no routes can be injected from client side either :-)
by scampbell
Thu Oct 22, 2015 1:51 am
Forum: Beginner Basics
Topic: Routing part of network via PPTP VPN
Replies: 7
Views: 2863

Re: Routing part of network via PPTP VPN

Try adding a forward rule to allow any traffic coming in on your pptp interface.
by scampbell
Thu Oct 22, 2015 1:44 am
Forum: Forwarding Protocols
Topic: OSPF Example Network
Replies: 18
Views: 5939

Re: OSPF Example Network

For AP's it is best to avoid using OSPF to publish client facing subnets actively. As clients connect and drop it creates new LSA's across the whole network so better to not specify the client device subnet in /route ospf net and better to set the /rou ospf instance to publish connected instead. Thi...
by scampbell
Thu Oct 22, 2015 1:26 am
Forum: Wireless Networking
Topic: VTP and VLAN's through wireless link
Replies: 5
Views: 1989

Re: VTP and VLAN's through wireless link

Cisco -> E1--Bridge--Wlan1...............Wlan1--Bridge--Ether1->Cisco

So we are bridging the link through all the way. VLAN's dont route so this is how it must be.

If for some reason a link had to be routed then you could introduce an EoIP or VPLS tunnel between your endpoints instead.
by scampbell
Wed Oct 21, 2015 11:51 pm
Forum: Beginner Basics
Topic: Request for sample script
Replies: 2
Views: 389

Re: Request for sample script

# remove ether10 from switch group (usually master-port=ether6) 1. /int eth set [find name=ether10] master=none # create pppoe-client on ether10 2. /int pppoe-client add name=pppoe-out1 interface=ether10 user=changeme password=changeme use-peer-dns=yes add-def=yes dis=no # add NAT rule to pppoe-clie...
by scampbell
Wed Oct 21, 2015 11:43 pm
Forum: Beginner Basics
Topic: network scan protection
Replies: 1
Views: 638

Re: network scan protection

Use a firewall rule with the PSD matcher to add Port Scanners to an address list (for 5 days perhaps) and have another rule to drop the address list.

RTFM: http://wiki.mikrotik.com/wiki/Drop_port_scanners :D
by scampbell
Wed Oct 21, 2015 11:37 pm
Forum: Beginner Basics
Topic: SIP Phones not registering
Replies: 5
Views: 1414

Re: SIP Phones not registering

FYI Under "/ip firewall services" you will find a SIP ALG enabled by default. Sometimes disabling this can also help according to some of our local SIP Providers.
by scampbell
Wed Oct 21, 2015 11:24 pm
Forum: Wireless Networking
Topic: Computer connected by CAP has no access to local network printer.
Replies: 1
Views: 506

Re: Computer connected by CAP has no access to local network printer.

Check that Client to Client forwarding is enabled in your Capsman Datapath profile. This will give layer2 isolation between wireless devices if not enabled :-)
by scampbell
Wed Oct 21, 2015 11:21 pm
Forum: Wireless Networking
Topic: RB922UAGS-5HPacD Dual Band AP - Poor Performance
Replies: 3
Views: 1425

Re: RB922UAGS-5HPacD Dual Band AP - Poor Performance

Neither radio card has a wireless protocol correctly set. Set both to wireless-protocol=802.11 and see if that helps. R name="2gn" mtu=1500 mac-address=4C:5E:0C:11:0E:FC arp=enabled interface-type=Atheros AR9300 mode=ap-bridge ssid="radio" frequency=2447 band=2ghz-onlyn channel-width=20/40mhz-eC sca...
by scampbell
Wed Oct 21, 2015 11:13 pm
Forum: Wireless Networking
Topic: VTP and VLAN's through wireless link
Replies: 5
Views: 1989

Re: VTP and VLAN's through wireless link

If all the wireless equipment is Mikrotik and it is AP/Bridge-> Station-Bridge with all ethernet's bridged to wlan then VLAN's will pass. You can use the Torch Tool to check this at each router. Be sure to tick all the options and set the time to 30 seconds before running torch. There is an issue wi...
by scampbell
Fri Sep 18, 2015 4:16 am
Forum: Forwarding Protocols
Topic: OSPF Example Network
Replies: 18
Views: 5939

Re: OSPF Example Network

Hello, I'm continuing my testing on OSPF and I have a new question for you! May you help me to understand what is a good ip plan? I read "Burning Bridges" here: http://www.mywisptraining.com/wp-content/uploads/2013/01/BridgedToRouted.pdf I understand I have to remove switches and add router in plac...
by scampbell
Sat Sep 12, 2015 2:11 am
Forum: Beginner Basics
Topic: Port Forwarding Woes
Replies: 8
Views: 1412

Re: Port Forwarding Woes

Hello and thank you for the excellent description and for posting the relevant configurations. In RouterOS, to forward a port to a device, you need two entries in the firewall area: one for NAT and one for the actual firewall itself. You have the correct NAT rule, you are just missing the ip firewa...
by scampbell
Wed Sep 09, 2015 12:18 am
Forum: Beginner Basics
Topic: EOIP over IPSEC TWO RB750
Replies: 21
Views: 12521

Re: EOIP over IPSEC TWO RB750

It is even easier now as Mikrotik added IPSEC support to EOIP in 6.30 - now you can just specify an IPsec Secret when setting up EoIP and the IPSEC is created automatically for you.
by scampbell
Tue Sep 08, 2015 9:42 pm
Forum: Announcements
Topic: v6.32.1 released
Replies: 76
Views: 18865

Re: v6.32.1 released

+1 on various routers running 6.31 or greater. I revert to 6.30.4 and the message goes away.
by scampbell
Thu Jul 02, 2015 2:38 am
Forum: General
Topic: Leap second bug present on TILE devices?
Replies: 49
Views: 10221

Re: Leap second bug present on TILE devices?

Little too late, don't you think?
For this one, yes, but next leap second will be added in around 2 years.
Could you please tell me if you had NTP package on all the servers, or you used SNTP?
I can confirm CCR's with SNTP were OK and CCR's with NTP crashed and became unresponse.
by scampbell
Thu Jan 29, 2015 5:54 am
Forum: Wireless Networking
Topic: psuedobridge mac issue.
Replies: 5
Views: 987

Re: psuedobridge mac issue.

What is the config of the 912Client/AP ? You definitely do not want to use PseudoBridge in a hotspot as it does exactly what you are seeing. 8) If you are using a single wireless card in your final RB912 then consider the config in this example - http://wiki.mikrotik.com/wiki/Wireless_repeater If yo...
by scampbell
Thu Jan 29, 2015 2:25 am
Forum: General
Topic: Routerboard with POE in and POE out
Replies: 10
Views: 1738

Re: Routerboard with POE in and POE out

Interesting. I have an Omnitik with an SXT5 Lite working at one recent plus another with RB433 and QRT5 working so maybe some models (manufacturing runs) work better than others ?
by scampbell
Tue Jan 27, 2015 12:27 am
Forum: General
Topic: Routerboard with POE in and POE out
Replies: 10
Views: 1738

Re: Routerboard with POE in and POE out

Also RB260GSP, RB750UP

And Omnitik UPA model - works ok for us but the LED's are mixed up which can confuse people :-)
by scampbell
Tue Jan 27, 2015 12:25 am
Forum: General
Topic: Mikrotik & Windows Server 2008 Active Directory
Replies: 5
Views: 4199

Re: Mikrotik & Windows Server 2008 Active Directory

Authentication for Winbox/Telnet router logins via Active Directory will not work, unless you store the password in AD with reversible encryption (WARNING: NOT RECOMMENDED). Winbox/Telnet AAA only supports PAP authentication, which requires a cleartext-password to authenticate. There are several li...
by scampbell
Tue Jan 20, 2015 3:00 am
Forum: Beginner Basics
Topic: SFP Module in CRS226-24G-2S+RM
Replies: 2
Views: 1105

Re: SFP Module in CRS226-24G-2S+RM

FYI.....

From the brochure : First port supports 1.25G/10G modules, second port only 10G modules.

http://i.mt.lv/routerboard/files/CRS226 ... 094424.pdf

I hope this helps....
by scampbell
Tue Jan 20, 2015 2:23 am
Forum: General
Topic: RouterOS v6.25
Replies: 110
Views: 31945

Re: RouterOS v6.25

What's new in 6.25 (2015-Jan-19 10:11):

*) WPS support added to CM2 wireless package
Is there any documentation on this please. I can see some new settings on WLAN1 Interface but not under CAPsMAN2 (CM2) package as indicated ?
by scampbell
Wed Oct 29, 2014 7:13 am
Forum: General
Topic: v6.20 released!
Replies: 146
Views: 58519

Re: v6.20 released!

We have upgraded several RB951 series routers in a class situation. 2 or 3 of these have all exhibited odd firewall behavior when rules are disabled. It shows a rule disabled in Winbox yet the rule continues to work, e.g a rule that logs traffic keeps logging even when disabled. We did not test thi...
by scampbell
Tue Oct 21, 2014 3:23 am
Forum: General
Topic: Change DNS Servers When Tunnel Comes Up
Replies: 9
Views: 1681

Re: Change DNS Servers When Tunnel Comes Up

Windows Host name resolution is generally done via a WINS server or LMHOSTS file on the PC. DNS only works for FGDN's such as host.domain.com To resolve \\servename definitley requires WINS/LMHOSTS file.Alternatively you would need to setup static host entries like servername.sitename in Mikrotik DN...
by scampbell
Tue Oct 21, 2014 3:18 am
Forum: RouterBOARD hardware
Topic: How to netinstall RB433 with out IP address
Replies: 13
Views: 5781

Re: How to netinstall RB433 with out IP address

ditonet is 100% correct. ether1 should be labelled POE/BOOT on the RB433. NetInstall will only work with on a port labelled POE/Boot. Refer www.routerboard.com and download the user guide for your router if unsure.
by scampbell
Sat Oct 18, 2014 1:58 am
Forum: RouterBOARD hardware
Topic: RB751U-2HnD - poor wireless performance & problems
Replies: 113
Views: 113773

Re: RB751U-2HnD - poor wireless performance & problems

These are the settings we use where tablets and Apples are being used..... 1. Use a current RoS 2. Set tx power to 17dBm 3. Use Channel width=20MHz - 20/40MHz is not universally accepted by all devices and uses a lot of spectrum 4. Set distance=indoors 5. Disable TKIP in your security profiles - it ...
by scampbell
Sat Oct 18, 2014 1:02 am
Forum: RouterBOARD hardware
Topic: How to netinstall RB433 with out IP address
Replies: 13
Views: 5781

Re: How to netinstall RB433 with out IP address

assign your pc 192.168.88.254 subnet 255.255.255.0 no gateway needed.

In NetInstall under netbooting put 192.168.88.2
by scampbell
Fri Oct 17, 2014 7:11 am
Forum: General
Topic: Change DNS Servers When Tunnel Comes Up
Replies: 9
Views: 1681

Re: Change DNS Servers When Tunnel Comes Up

When you say hosts at the other end do you mean windows hosts ? If so you may need to specify a wins server too and use FQDN's ?
by scampbell
Fri Oct 17, 2014 7:07 am
Forum: RouterBOARD hardware
Topic: How to netinstall RB433 with out IP address
Replies: 13
Views: 5781

Re: How to netinstall RB433 with out IP address

You should be able to reformat your nand from serial and enable boot from Ethernet once then nand. You can then use netinstall to via RB433's ether1. Your PC should be directly connected and have a static IP address assigned to it's Ethernet. In netinstall under netbooting you need to specify an add...
by scampbell
Fri Oct 17, 2014 1:43 am
Forum: General
Topic: Change DNS Servers When Tunnel Comes Up
Replies: 9
Views: 1681

Re: Change DNS Servers When Tunnel Comes Up

If you look under IP DNS any Dynamically assigned DNS's should be listed there :-)
by scampbell
Fri Oct 17, 2014 1:01 am
Forum: Forwarding Protocols
Topic: OSPF Example Network
Replies: 18
Views: 5939

Re: OSPF Example Network

If you use this an example it should get you started - http://wiki.mikrotik.com/wiki/Dual_Setup_with_OSPF In your case one link would be wireless and the other wired. As the wired is less hops than wireless it should automatically prioritise the wired link. P2P wireless interfaces should have their ...
by scampbell
Fri Oct 17, 2014 12:36 am
Forum: General
Topic: Change DNS Servers When Tunnel Comes Up
Replies: 9
Views: 1681

Re: Change DNS Servers When Tunnel Comes Up

I will give that a try when I get home, don't know how I missed that option... I'll update the post either way. Thanks for the idea! My bad - that was for pppoe :D . For PPTP your remote server should be pushing the DNS to you. In Mikrotik PPTP server this is specified in the PPTP Profile. profile ...
by scampbell
Fri Oct 17, 2014 12:26 am
Forum: Scripting
Topic: hotspot ip binding
Replies: 1
Views: 751

Re: hotspot ip binding

I have two user in ip binding I wanna know bytes out of them like Users in hotspot Any suggestions Create a Simple Queue for each Bound IP (as target) with a script that copies statistics to a comment on the appropriate queue. See http://wiki.mikrotik.com/wiki/Automated_Usage_Script_without_userman...
by scampbell
Fri Oct 17, 2014 12:15 am
Forum: General
Topic: Change DNS Servers When Tunnel Comes Up
Replies: 9
Views: 1681

Re: Change DNS Servers When Tunnel Comes Up

I am trying to configure a couple of PPTP dial on demand tunnels on my RB2011 at home. Both tunnels come up via my mangle rule and they disconnect with my idle timeout which is nice. My issue...how do I handle DNS resolution? I would like to leave my DNS server set to my home 'Tik and be able to re...
by scampbell
Wed Oct 15, 2014 11:07 pm
Forum: General
Topic: v6.20 released!
Replies: 146
Views: 58519

Re: v6.20 released!

Again problems with user-manager. 6.18 on x86 with user manager, upgraded to 6.20 and user-manager stop working, not see the files of the database. Revert back to 6.18 solve the problem. We are also seeing an issue with UM and WG500MP printers interfaced via API. Ticket for 1 Hour or 4 Hour print a...
by scampbell
Mon Oct 13, 2014 1:59 am
Forum: Wireless Networking
Topic: Chromecast problems!
Replies: 8
Views: 3832

Re: Chromecast problems!

0 R name="wlan1" mtu=1500 mac-address=4C:5E:0C:32:CD:7F arp=enabled interface-type=Atheros AR9300 mode=bridge ssid="Lonne" frequency=2412 band=2ghz-b/g channel-width=20mhz scan-list=default wireless-protocol=any vlan-mode=no-tag vlan-id=1 wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no...
by scampbell
Mon Oct 13, 2014 1:56 am
Forum: Wireless Networking
Topic: Chromecast problems!
Replies: 8
Views: 3832

Re: Chromecast problems!

We use a Chromecast on an RB2011UiAS-2HnD no problem. Setup is as a standard AP bridged to the LAN with ether1 as a WAN. Our Chromecast only supports standard US channels, 1 -11 basically. We do not recommend using TKIP on Wireless N as it limits throughput to 54Mbps - see http://www.intel.com/suppo...
by scampbell
Mon Oct 13, 2014 1:26 am
Forum: Wireless Networking
Topic: CAPSMAN Interface Naming
Replies: 4
Views: 1179

Re: CAPSMAN Interface Naming

:D I look forward to this - thank you !!
by scampbell
Thu Oct 09, 2014 9:52 am
Forum: Wireless Networking
Topic: CAPSMAN Interface Naming
Replies: 4
Views: 1179

CAPSMAN Interface Naming

We are now using CapsMan for many sites but one thing appears to be missing - hopefully we have not missed it ? Is it possible to incorporate the "/system identity" as a prefix when the interfaces are auto-provisioned ? You can certainly specify a manual "Name Prefix" but I've not seen the ability t...
by scampbell
Thu Oct 09, 2014 9:42 am
Forum: General
Topic: Winbox 3 beta
Replies: 243
Views: 119417

Re: Winbox 3

I'd imagine full Winbox functionality wouldn't be used too much on iOS/Android, more so just to monitor and grab stats which can be done via API. When I'm up on a roof or a tower trying to repair a node that isn't communicating, and need to see what a remote tower is seeing as I try to reconnect, I...
by scampbell
Thu Oct 09, 2014 9:37 am
Forum: General
Topic: v6.20 released!
Replies: 146
Views: 58519

Re: v6.20 released!

We have upgraded several RB951 series routers in a class situation. 2 or 3 of these have all exhibited odd firewall behavior when rules are disabled. It shows a rule disabled in Winbox yet the rule continues to work, e.g a rule that logs traffic keeps logging even when disabled. We did not test this...
by scampbell
Thu Oct 09, 2014 9:23 am
Forum: General
Topic: WARNING: 6.20 upgrade bricked my CCR1036
Replies: 5
Views: 1658

Re: WARNING: 6.20 upgrade bricked my CCR1036

I have received reports of a similar issue with an RB1100AHx2 being upgraded from RoS 5.26. Recovered successfully via serial and Netinstall ok.
by scampbell
Tue Feb 11, 2014 6:56 am
Forum: General
Topic: Feature Request TR-069 CPE
Replies: 80
Views: 24495

Re: Feature Request TR-069 CPE

+1 for TR069

Could this be done via script I wonder ?

Some of the routers we deal with are configured to Fetch their config when connected so no firewall issues I believe ?
by scampbell
Fri Jan 31, 2014 4:41 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1014132

Re: CLOUD CORE ROUTER

@samsung172

Best note ever LOL :))
+1
by scampbell
Thu Jan 09, 2014 4:26 am
Forum: General
Topic: Firewall setup problem
Replies: 4
Views: 2311

Re: Firewall setup problem

That is pretty normal. These are attempts by outside hosts trying to connect to common ports on your router such as RDP (3389) etc.

Disable logging for the Input rule if you want to stop seeing these entries. You can always enable the logging again for diagnostics if necessary.
by scampbell
Thu Jan 09, 2014 3:27 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1014132

Re: CLOUD CORE ROUTER

@krisjanis If you could update us with these tickets about what you are seeing and giving us things to try that would be useful. I can't test with one right now but we could ask Stuart (distributor) to set it up with our config and test it out. Can you let us know what you are seeing? do your ones ...
by scampbell
Thu Jan 09, 2014 3:23 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1014132

Re: CLOUD CORE ROUTER

It would be nice if the /system package upgrade in Winbox gave you a choice to "force" upgrade or "reload RoS" so you can overwrite all the test versions easily when the full release comes out :-) Doesn't "system reset" do what you asked? Or you meant something like upgrade+reset with one command? ...
by scampbell
Thu Jan 09, 2014 3:11 am
Forum: General
Topic: Feature request -> readonly mode
Replies: 1
Views: 779

Re: Feature request -> readonly mode

The safest (and best) way is as you suggested - create a read-only user for looking at your example router. Ctrl-X (Safemode) is ok but will let you make changes (which may also be confusing) which should be lost when you disconnect from the router - unless you exit safemode first in which case chan...
by scampbell
Sat Dec 21, 2013 9:47 am
Forum: RouterBOARD hardware
Topic: CRS Documentation
Replies: 45
Views: 14240

Re: CRS Documentation

Any sign of cli documentation yet ?
by scampbell
Mon Dec 16, 2013 9:10 pm
Forum: RouterBOARD hardware
Topic: CRS Documentation
Replies: 45
Views: 14240

Re: CRS Documentation

@steen Ask for access to latest beta release. Draft changelog says: *) fixed port isolation on CRSs (bug introduced in v6.6); While port isolation != VLAN leakage it could be how they are describing it. Regards Alexander Hi Alexander, I popped that release on a CRS and it looks like Pacific/Aucklan...
by scampbell
Wed Dec 11, 2013 8:24 pm
Forum: RouterBOARD hardware
Topic: CRS Documentation
Replies: 45
Views: 14240

Re: CRS Documentation

Could you clarify which options are not documented yet? Here is the CRS examples page http://wiki.mikrotik.com/wiki/Manual:CRS_examples Starting with Switch Generic: Bridge Type MAC Level Isolation VLAN Level Isolation Use SVID in 1:1 VLAN Lookup Use CVID in 1:1 VLAB Lookup IPv4 Multicast Lookup Mo...
by scampbell
Tue Dec 10, 2013 6:50 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1014132

Re: CLOUD CORE ROUTER

I have seen a similar issue on 2 different CCR's. Both were port flapping randomly all the active ports so we tried 6.7RC1 but no joy. On closer inspection we were advised both CCR's had a single device each which is set to 100Mbps/Full duplex. We changed one device on one router back to auto-negot...
by scampbell
Tue Dec 10, 2013 6:47 am
Forum: General
Topic: v6.7 released
Replies: 225
Views: 109128

Re: v6.7 released

ip->firewall->Service Ports are shown as invalid (I) in case "tracking set enabled=no" Anybody can confirm this (you have to reboot router to replicate this)? Is that OK or minor bug? This is supposed to be so. NAT helpers will not work without connection tracking. I note that if you specify a port...
by scampbell
Sat Nov 30, 2013 2:29 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1014132

Re: CLOUD CORE ROUTER

6.6 still has the problems with 100mbit/FDX ports randomly changing to gigabit. It seems like some sort of database mismatch. Winbox shows the static speed/duplex as set, but export does not. See my last ticket updates. How do Mikrotik get this soooo wrong ! We also have issues with SFP in CCR link...
by scampbell
Sat Nov 30, 2013 2:19 am
Forum: Beginner Basics
Topic: RB951G and Devolo dLAN Ethernet over Power
Replies: 4
Views: 1113

Re: RB951G and Devolo dLAN Ethernet over Power

First thing to check is connect the pc directly to ether5 and see if that works. If not then you will need to check ether5 is either bridged or switched into the network. If it does work then reconnect the dLAN's and try again. If it still fails use the Packet Sniffer Tool on ether5 and see what the...
by scampbell
Sat Nov 30, 2013 2:11 am
Forum: General
Topic: CRS trunk settings
Replies: 2
Views: 861

Re: CRS trunk settings

Set ether1 and ether2 master port=sfp1 on CRS

All tagged traffic will be passed by all three ports.

Then add VLAN1 to SFP1 and add your management IP address for the CRS to that VLAN.

That should do it.
by scampbell
Sat Nov 30, 2013 2:07 am
Forum: Wireless Networking
Topic: RB912UAG-5HPnD-OUT not working!
Replies: 10
Views: 2760

Re: RB912UAG-5HPnD-OUT not working!

I was connected as shown in the image, but the power does not enter, it did not work.
In case anyone did not understand - the image is how NOT to connect the cable :-)

Power to Mikrotik is supplied via the socket connecter of the adapter using an additional RJ45 cable.
by scampbell
Thu Nov 28, 2013 8:18 pm
Forum: General
Topic: RB1100 Drops packets when Queue Tree enabled ?
Replies: 21
Views: 6081

Re: RB1100 Drops packets when Queue Tree enabled ?

Looks like it may well be an issue. I've got an RB1100AHx2 in production and if I get a chance I'll try and replicate your test :-) No promises though asI have several other jobs on.......
by scampbell
Thu Nov 28, 2013 8:15 pm
Forum: RouterBOARD hardware
Topic: RB751n flaky after upgrade 5.24 -> 6.5
Replies: 4
Views: 1219

Re: RB751n flaky after upgrade 5.24 -> 6.5

A couple of suggestions....

1. Check the RB751 is running the new FW as well. In Winbox go to SYSTEM.ROUTERBOARD and see if you are running the latest. If not click upgrade and reboot.

2. Try re-installing using netinstall and check the otion to "keep configuration"

Hope this helps.
by scampbell
Thu Nov 28, 2013 8:09 pm
Forum: Beginner Basics
Topic: A bit of beginners help with CRS125-24G-1S-RM?
Replies: 8
Views: 2150

Re: A bit of beginners help with CRS125-24G-1S-RM?

We distribute both Mikrotik and ZyXEL so hopefully we can help. How is your Internet IP service delivered to you ? Has your provider given you a /29 subnet where First (or last) usable address is the Gateway you use ? e.g 203.171.1.0/29 ISP GW 203.171.1.1 1st User host = 203.171.1.2, 2nd User host =...
by scampbell
Wed Nov 27, 2013 10:56 pm
Forum: General
Topic: Bonding 2 interfaces - waste of cable?
Replies: 2
Views: 690

Re: Bonding 2 interfaces - waste of cable?

If you use ports not on the same switch group then it is not waste of cable. Can you give more detail on how to do this please as the CRS125 has only 1 switch chip whereas RB1100AHx2 has multiple switch chips...does this mean LACP is supported directly to the CRS125 Switch chip CRS125-131112144104[...
by scampbell
Wed Nov 27, 2013 10:47 pm
Forum: General
Topic: RouterOS v6.6 released
Replies: 164
Views: 72444

Re: RouterOS v6.6 released

I had two CCR's doing this port flap. In both cases all active ports would flap. I checked further and found on both units there was at least one device connected that was NOT set to Auto-Negotiate while all CCR Ports WERE set to Auto-Negotiate. Have now set the appropriate ports to fixed 100Mbps/F...
by scampbell
Wed Nov 27, 2013 10:26 pm
Forum: General
Topic: Switching with RouterOS / CRS Questions
Replies: 81
Views: 43417

Re: Switching with RouterOS / CRS Questions

Along with this it's not really clear how pulling things back to vlan 0 is support to work for configs. IE: If I want tagged/trunked vlans 20,30,40 coming in on ether1 and vlan 20 untagged out ether2 vlan 30 untagged out ether3 vlan 40 untagged out ether4 I would assume I should: 1. accept tagged v...
by scampbell
Wed Nov 27, 2013 12:19 am
Forum: General
Topic: RB1100 Drops packets when Queue Tree enabled ?
Replies: 21
Views: 6081

Re: RB1100 Drops packets when Queue Tree enabled ?

What version RoS and FW are you using on the RB1100AHx2 ?
by scampbell
Tue Nov 26, 2013 9:56 pm
Forum: General
Topic: RB1100 Drops packets when Queue Tree enabled ?
Replies: 21
Views: 6081

Re: RB1100 Drops packets when Queue Tree enabled ?

You have packet-mark="" in your queue configuration.

Try changing that to packet-mark="something" and see if that helps.
by scampbell
Tue Nov 26, 2013 9:46 pm
Forum: General
Topic: RouterOS v6.6 released
Replies: 164
Views: 72444

Re: RouterOS v6.6 released

yeah it looks like this on my site. before it was like in most screens only 1-2 port flaps. now it's like this already for 2 weeks. http://imageshack.com/a/img708/1614/txdh.png I had two CCR's doing this port flap. In both cases all active ports would flap. I checked further and found on both units...
by scampbell
Fri Nov 22, 2013 3:40 am
Forum: General
Topic: RouterOS v6.6 released
Replies: 164
Views: 72444

Re: RouterOS v6.6 released

CCR-1016
still port-flapping
in more obvious way.
before 6.6 ports were going down and that's it
now it flaps ports many times before restart by watchdog.
first week on 6.6 was very stable I thought it is final holy aid....
no...
We are also seeing port flap on CCR1036 and RoS 6.6, FW 3.10
by scampbell
Thu Oct 31, 2013 8:54 pm
Forum: RouterBOARD hardware
Topic: CCR1036-8G-2S+
Replies: 16
Views: 3992

Re: CCR1036-8G-2S+

The last update we had from Mikrotik sales they said late September.

We couldn't wait and just got two current model CCR's to carry us through until it it released.
We have these in stock in NZ now - www.campbell.co.nz
by scampbell
Wed Sep 11, 2013 6:58 am
Forum: Wireless Networking
Topic: RB912UAG-5HPnD-OUT not working!
Replies: 10
Views: 2760

Re: RB912UAG-5HPnD-OUT not working!

That'll sure do it :lol:

Also be sure when testing that your Ethernet cable has all 8 wires connected (look at RJ45). Some inexpensive cables (shipped with cheap soho 10/100 routers for example) only have 4 wires so will not work for PoE.
by scampbell
Tue Aug 27, 2013 7:51 pm
Forum: Wireless Networking
Topic: Wireless issues with RB433GL and 3 wireless cards
Replies: 5
Views: 2829

Wireless issues with RB433GL and 3 wireless cards

Rb435g is a good choice.
by scampbell
Mon Jul 22, 2013 5:38 am
Forum: RouterBOARD hardware
Topic: MikroTik RB2011UAS-2HnD-IN replacement in future(2013-2014)?
Replies: 15
Views: 3965

Re: MikroTik RB2011UAS-2HnD-IN replacement in future(2013-20

Methinks Normis doth protest too much.... :lol:

We have been waiting since March for RB2011-2HnD-IN's - no amount of planning on our part helped :-(

However I am pleased to say the drought has broken and we receive our stock tomorrow :-)
by scampbell
Tue Jul 02, 2013 11:27 pm
Forum: General
Topic: vlan + sniffing = problem
Replies: 11
Views: 3704

Re: vlan + sniffing = problem

I am seeing something similar in RoS6.0 on a CCR1016 I have a VLAN 10 configured on ether12 and with a pppoe-client configured to use VLAN 10. Torch shows the tagged outgoing pppoe-discovery(8863) packets (vlan10) and shows the replies have no vlan tag. (This is the actual issue I am trying to diagn...
by scampbell
Sun Jun 30, 2013 1:25 am
Forum: General
Topic: Help how to configure multiple public IP address on Mikrotik
Replies: 10
Views: 27529

Re: Help how to configure multiple public IP address on Mikr

There are several ways depending on how your clients connect. Lets take 1 example. You have a LAN of 192.168.88.2/24 and are hosting 5 web servers on it, 192.168.88.5-192.168.88.10 with public IP's of 1.1.1.1-1.1.1.5 say. Assume WAN is ether1 So for each server you do a rule set like this : /ip fire...
by scampbell
Sun Jun 30, 2013 1:03 am
Forum: General
Topic: RouterOS 6.1 released
Replies: 198
Views: 53670

Re: RouterOS 6.1 released

The best way to manage logs in Mikrotik - and frankly just about anything - is to export them via Syslog to a Dude server. You can then filter/sort/export them to your hearts content. Go one step further an deploy SIEM if you wish to do correlation etc... http://communities.alienvault.com/ I havent...
by scampbell
Sun Jun 30, 2013 12:53 am
Forum: General
Topic: Feature Request: IPSEC Improvements
Replies: 60
Views: 15536

Re: Feature Request: IPSEC Improvements

We have added initial mode-cfg support in version v6rc13. If anyone wants to test and suggest other needed mode-cfg features.
Hmmm.... Wiki update may be required here as these commands are definitely not in RoS 5.0+ :-)
ros5modeconf.JPG
by scampbell
Thu Jun 27, 2013 10:40 pm
Forum: General
Topic: NTP server problem
Replies: 3
Views: 1088

NTP server problem

Also check ntp server and client are both using the same protocol e.g unicast
by scampbell
Mon Jun 24, 2013 11:50 pm
Forum: General
Topic: RouterOS 6.1 released
Replies: 198
Views: 53670

Re: RouterOS 6.1 released

The best way to manage logs in Mikrotik - and frankly just about anything - is to export them via Syslog to a Dude server. You can then filter/sort/export them to your hearts content. Go one step further an deploy SIEM if you wish to do correlation etc... http://communities.alienvault.com/ I havent...
by scampbell
Mon Jun 24, 2013 12:54 pm
Forum: General
Topic: RouterOS 6.1 released
Replies: 198
Views: 53670

Re: RouterOS 6.1 released

need more details, IPSec did not receive any changes that would brake that. try to enable debug logs on RouterOS and see what is happening. I am debugging a site with mutiple IPSEC tunnels on ROS 6.1 currently. Enabling ipsec in system logging creates multiple entries but it is very difficult to id...
by scampbell
Mon Jun 24, 2013 12:45 pm
Forum: General
Topic: v6.0 released
Replies: 321
Views: 67808

Re: v6.0 released

I saw this on one site. Check the lease time on the W2K server. My site was set to expire its leases every 1h and changing it to 3d made a big difference. (ROS 6.1 CCR 1016)

Having said that the ARP table should have refreshed with the 1 hour settings but sometimes workarounds are useful :-)
by scampbell
Mon Jun 24, 2013 12:37 pm
Forum: General
Topic: PPPoe recieved PADO with unknown host-uniq dropping
Replies: 12
Views: 5456

Re: PPPoe recieved PADO with unknown host-uniq dropping

Bump ?

It is now the end of June and still no response from Mikrotik Support ? Any ideas are welcome please ?
by scampbell
Fri May 31, 2013 5:11 am
Forum: General
Topic: v6.0 released
Replies: 321
Views: 67808

Re: v6.0 released

Upgraded RB450G from 5.24 to 6.0 and my meta-routers had all disappeared.

The virtual IF's were still present though but displayed unknown for meta-router.

Recreated the meta-routers with the same names and everything was then ok and all old data was present.
by scampbell
Mon May 27, 2013 12:55 pm
Forum: General
Topic: PPPoE and Usermanager - radius times out v 5.18
Replies: 2
Views: 1358

Re: PPPoE and Usermanager - radius times out v 5.18

I have successfully used the loopback 127.0.0.1 when the Hotspot and User Manager are on the same server. You may need to create a firewall rule to allow UDP Ports 1812-1813 though. If any rule blocks this to the router then you will get radius timeouts. /ip firewall filter add chain=input src-addre...
by scampbell
Fri May 24, 2013 2:52 am
Forum: RouterBOARD hardware
Topic: RB951-2n and Metal now shipping
Replies: 69
Views: 26449

Re: RB951-2n and Metal now shipping

Has anyone managed to attach an aerial to J101 or J104 on the RB951-2n yet ?
rb951-2n_pcb.JPG
by scampbell
Wed May 22, 2013 9:44 am
Forum: General
Topic: PPPoe recieved PADO with unknown host-uniq dropping
Replies: 12
Views: 5456

Re: PPPoe recieved PADO with unknown host-uniq dropping

Bump ?

Oh, and we tried a different brand router as a test and it connects fine so the issue seems to be unique to the Mikrotik PPPoE client.
by scampbell
Sun May 19, 2013 6:18 am
Forum: Wireless Networking
Topic: can't decrease tx power on RB 911
Replies: 4
Views: 1665

Re: can't decrease tx power on RB 911

I've seen this also on RB951G-2HnD and RB2011UAS-2HnD.

Apparently it is a chipset issue.....

see http://forum.mikrotik.com/viewtopic.php?f=1&t=68141
by scampbell
Fri May 17, 2013 9:10 am
Forum: General
Topic: anyone can set this? i can pay for it. 【URGENT 】
Replies: 8
Views: 1061

Re: anyone can set this? i can pay for it. 【URGENT 】

I agree with ronix but if you need urgent help send me an email with your details and i'll send you all my skype and telephone details
by scampbell
Fri May 17, 2013 1:28 am
Forum: Beginner Basics
Topic: Blocking internet access on 1 port but Sharing Network
Replies: 4
Views: 1272

Re: Blocking internet access on 1 port but Sharing Network

You could also mangle the traffic coming in from Group B (ether2 in my example) and give it a routing mark of, say, "blackhole". Then create a blackhole route so any attempts to get out from Group B (ether2) will fail. /ip firewall mangle add action=mark-routing chain=prerouting in-interface=ether2 ...
by scampbell
Fri May 17, 2013 1:06 am
Forum: General
Topic: Is it possible to create a public VPN-service using RB750?
Replies: 3
Views: 1839

Re: Is it possible to create a public VPN-service using RB75

You can always run RouterOS on a PC if you need more CPU power !!!
by scampbell
Fri May 17, 2013 12:18 am
Forum: The Dude
Topic: Daily bandwidth total report
Replies: 4
Views: 8496

Re: Daily bandwidth total report

In that case how about a simple script like /interface ethernet print stats file=stats.txt /interface ethernet reset-counters /tool e-mail send to="config@mydomain.com" subject="$[/system identity get name] usage) \ body="$[/system clock get date] Ethernet usage Stats" file=stats.txt You can then sc...
by scampbell
Thu May 16, 2013 10:46 pm
Forum: General
Topic: Cisco/mikrotik quick redirect
Replies: 3
Views: 799

Re: Cisco/mikrotik quick redirect

by scampbell
Thu May 16, 2013 10:29 pm
Forum: The Dude
Topic: Daily bandwidth total report
Replies: 4
Views: 8496

Re: Daily bandwidth total report

You should be able to adapt this script to give you reports based on Interface, Ip, VLAN etc. It is an excellent bit of code and full credit to Andrew Cox.

http://wiki.mikrotik.com/wiki/Automated ... sermanager
by scampbell
Thu May 16, 2013 10:25 pm
Forum: General
Topic: anyone can set this? i can pay for it. 【URGENT 】
Replies: 8
Views: 1061

Re: anyone can set this? i can pay for it. 【URGENT 】

If you need a consultant I'm happy to assist. scampbell@campbell.co.nz

Alternatively there may be other consultants closer to you - http://www.mikrotik.com/consultants/
by scampbell
Thu May 16, 2013 10:16 pm
Forum: General
Topic: PPPoe recieved PADO with unknown host-uniq dropping
Replies: 12
Views: 5456

Re: PPPoe recieved PADO with unknown host-uniq dropping

I have provided packet traces for this to Mikrotik and been awaiting a response for 10 days now. Hopefully this means they have confirmed an issue..........

Mikrotik - any news on Ticket#2013042666000109 please ?
by scampbell
Thu May 16, 2013 9:41 pm
Forum: Scripting
Topic: remote ssh via script
Replies: 52
Views: 30225

Re: remote ssh via script

I have a similar issue, running RoS 5.24. I have set up the user admin-ssh on both routers, given them FULL rights (for now), and loaded the Public Key on the Host and Private & Public Keys on the client. The script owner is admin-ssh If I execute the script from a New Terminal in Winbox (logged int...
by scampbell
Tue Feb 05, 2013 4:32 am
Forum: General
Topic: 6.0rcX manual TX power (RB2011UAS-2HnD-IN)
Replies: 5
Views: 4652

Re: 6.0rcX manual TX power (RB2011UAS-2HnD-IN)

I agree. If you cannot perform a function due to chipset - disable the function and document it.

We have enough real issues to chase without having to chase unknown chipset limitations.
by scampbell
Fri Dec 07, 2012 12:44 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1014132

Re: CLOUD CORE ROUTER

Will CCR support Metarouter please ?
by scampbell
Fri Dec 07, 2012 12:40 am
Forum: General
Topic: How to block access to clients port 80 from outside
Replies: 5
Views: 3619

Re: How to block access to clients port 80 from outside

You need to create firewall rules to allow established and related connections and to drop any new connections coming in on pppoe-out1. /ip firewall filter add chain=input comment="default configuration" protocol=icmp add chain=input comment="default configuration" connection-state=established add c...
by scampbell
Thu Dec 06, 2012 10:58 pm
Forum: Virtualization
Topic: MetaROUTER on RB1100AHx2
Replies: 18
Views: 8628

Re: MetaROUTER on RB1100AHx2

Is there any update on running Metarouters one either RB1100AHx2 and CCR 10xx ?
by scampbell
Tue Dec 04, 2012 11:05 am
Forum: General
Topic: iOS6
Replies: 7
Views: 1305

iOS6

Do you have any DST-nat rules configured for port 80 ?

If you do not specify the interface it may redirecting your requests.
by scampbell
Tue Dec 04, 2012 10:59 am
Forum: Wireless Networking
Topic: 300 Mbps Full Duplex 100m link - Quest - Solved
Replies: 19
Views: 7254

300 Mbps Full Duplex 100m link - Quest

You may want to try shielding your radio cards to avoid crosstalk between them. Also try limiting output power if possible
by scampbell
Thu Nov 01, 2012 4:24 am
Forum: General
Topic: PPPoe recieved PADO with unknown host-uniq dropping
Replies: 12
Views: 5456

Re: PPPoe recieved PADO with unknown host-uniq dropping

I have tried using ROS6.0 RC3 and still the same issue as described.

Can anyone please assist ?
by scampbell
Wed Oct 31, 2012 2:57 am
Forum: Forwarding Protocols
Topic: RB750 SSL Forwarding issue to external proxy
Replies: 2
Views: 1595

Re: RB750 SSL Forwarding issue to external proxy

It appears the to-port in both examples is 9400. In this case the first rule will work and the second will be ignored.

Try changing the to-port=9401 for the second rule to redirect to port 443.

Then any connects to port 9401 should be redirected to port 443.
by scampbell
Tue Sep 11, 2012 11:39 pm
Forum: General
Topic: sd card missing
Replies: 8
Views: 1334

Re: sd card missing

I have seen it on RB450G and RB493G as well.
by scampbell
Mon Sep 10, 2012 8:57 am
Forum: General
Topic: MicroSD Card on RB1100AH is not detected
Replies: 7
Views: 2134

Re: MicroSD Card on RB1100AH is not detected

I tried the 2GB Transedn http://www.transcendusa.com/support/dlc ... es-edm.pdf and it failed after a soft boot.

Interesting as I have used these before with success.

It seems there is a serious issue with RoS and microSD cards ?
by scampbell
Mon Sep 10, 2012 8:40 am
Forum: General
Topic: sd card missing
Replies: 8
Views: 1334

Re: sd card missing

I have tried a Class 2 Transend 2 GB SD Card in one of our RB1100AHx2 running RoS 5.20 and it does not survive a soft reboot.

Only a power down resolves the problem.
by scampbell
Wed Aug 22, 2012 5:38 am
Forum: The Dude
Topic: Dude on ppc (RB1100) cant access by web
Replies: 15
Views: 8281

Dude on ppc (RB1100) cant access by web

+1 for me too. X86 and rb1100ahx2
by scampbell
Fri Jul 20, 2012 7:29 am
Forum: Beginner Basics
Topic: vlan isolation not working
Replies: 12
Views: 3414

Re: vlan isolation not working

Could you not set all of the VLAN Horiizon's=1 in the Bridge Port settings to isolate these ?

My understanding is traffic is not passed between ports with the same Horizon setting in the bridge.

If any VLAN in the bridge is to be shared/accessed by the others set it to Horizon=0 (for example).
by scampbell
Fri Jul 20, 2012 7:13 am
Forum: Beginner Basics
Topic: Hotspot
Replies: 20
Views: 1788

Re: Hotspot

Have a look at this article - http://wiki.mikrotik.com/wiki/Hotspot_server_setup

Just be sure to add an IP address to your VAP and specify the VAP as the Hotspot Interface during setup.
by scampbell
Fri Jul 20, 2012 7:04 am
Forum: General
Topic: v5.19 released
Replies: 57
Views: 21264

Re: v5.19 released

Minor Bug: RoS 5.19 NTP Client menu has a spelling error for Dynamic Servers still.
by scampbell
Fri Jul 06, 2012 11:54 pm
Forum: Wireless Networking
Topic: VLANs over wireless
Replies: 6
Views: 1175

VLANs over wireless

So your options are to either downgrade the RoS or buy a L4 license then.
by scampbell
Fri Jul 06, 2012 8:08 pm
Forum: Wireless Networking
Topic: Tracking Usage
Replies: 2
Views: 574

Tracking Usage

by scampbell
Fri Jul 06, 2012 7:59 pm
Forum: Wireless Networking
Topic: Dropping wireless clients on RB751U-2HnD
Replies: 19
Views: 5264

Dropping wireless clients on RB751U-2HnD

The link distance is 1.2km Registration Signal says it is 20kms. Signal strength -62/-66 Tx 2Mbps / Rx 180Mbps Signal to Noise 48dB CCQ 10/99% P Throughput 530kbps /interface wireless security-profiles set [ find default=yes ] authentication-types=wpa2-psk group-ciphers=tkip,aes-ccm mode=dynamic-ke...
by scampbell
Fri Jul 06, 2012 7:41 pm
Forum: Wireless Networking
Topic: VLANs over wireless
Replies: 6
Views: 1175

VLANs over wireless

Set up your link as Bridge ->station and create an eoip interface over the link to carry the all the vlans.
by scampbell
Wed Jul 04, 2012 12:59 pm
Forum: General
Topic: Can't connect to OmniTIK U-5HnD
Replies: 7
Views: 6899

Can't connect to OmniTIK U-5HnD

Why do they put a default firewall rule to block all traffic on ether1 of the Omnitik's ?

I would think these should ship with a blank config so you can configure them from the single PoE input port ?
by scampbell
Mon Jun 25, 2012 6:03 pm
Forum: RouterBOARD hardware
Topic: power Supply Advice
Replies: 7
Views: 1086

power Supply Advice

If you are unsure on grounding it would be wise to consult an electrical engineer as there may be a bigger issue here like improper power wiring which is dangerous. If the box is mounted outside for example I would use an earth stake (from an electrical wholesaler) inserted into the soil and wired b...
by scampbell
Mon Jun 18, 2012 4:19 am
Forum: RouterBOARD hardware
Topic: power Supply Advice
Replies: 7
Views: 1086

power Supply Advice

Have you tried earthing the cases ?
by scampbell
Tue Jun 12, 2012 7:43 am
Forum: RouterBOARD hardware
Topic: 750UP resets if powered by 24VDC battery or ccontroller
Replies: 4
Views: 1352

Re: 750UP resets if powered by 24VDC battery or ccontroller

I wonder if it has something to do with startup current ? What happens if you only power up the RB750UP with no devices connected ? Then add you devices one by one - is it still stable ? Possible Workaround If so perhaps a startup script to disable E2-E5 immediately then at 1 second intervals enable...
by scampbell
Tue Jun 12, 2012 7:33 am
Forum: RouterBOARD hardware
Topic: RB751U-2HnD - poor wireless performance & problems
Replies: 113
Views: 113773

Re: RB751U-2HnD - poor wireless performance & problems

I did some quick tests with an iPhone and RB751U-2HnD RoS 5.17 First I ran the test with the phone very close to the AP. The TX CCQ was pretty low but pings responded ok. I moved the iPhone 2 metre away from the AP and TX CCQ improved to better than 80% FYI My RB751U-2HnD is set to 17dBm rtaher than...
by scampbell
Mon Jun 11, 2012 6:35 am
Forum: General
Topic: RB751U-2HnD low wifi speed
Replies: 4
Views: 2305

Re: RB751U-2HnD low wifi speed

I use the default internal ones at my office and it is giving me good internal coverage within the building. (about 200 m2).

I get OK outside coverage too.
by scampbell
Sat Jun 09, 2012 12:26 pm
Forum: Beginner Basics
Topic: Telnet is not working
Replies: 7
Views: 1444

Telnet is not working

Can you use the telnet tool from one of your other routers to talk to the offending mikrotik ?
by scampbell
Fri Jun 08, 2012 7:14 pm
Forum: Wireless Networking
Topic: How to connect mikrotik to wireless network with WPA Radius
Replies: 1
Views: 723

How to connect mikrotik to wireless network with WPA Radius

Any mikrotik with wireless should be able to be set as a wireless adapter for a printer. rb751u or rb751g perhaps ?

Use station-wds or psuedo bridge mode
by scampbell
Fri Jun 08, 2012 7:10 pm
Forum: Wireless Networking
Topic: wireless signal (tx/rx) strength shown on login page...
Replies: 10
Views: 3571

wireless signal (tx/rx) strength shown on login page...

You can set your AP to only allow connections with good signal by using the Access list

http://wiki.mikrotik.com/wiki/Manual:In ... ccess_List
by scampbell
Fri Jun 08, 2012 7:02 pm
Forum: Beginner Basics
Topic: Telnet is not working
Replies: 7
Views: 1444

Telnet is not working

On the mikrotik go to ip.services and make sure Telnet is enabled and that there is no IP address restriction stopping you.

Also check your ip.firewall.filter that no input rules are stopping access.

By default the rb750gl will block any input to ether1.
by scampbell
Fri Jun 08, 2012 6:50 pm
Forum: Beginner Basics
Topic: special setup in need of help - new to mikrotik
Replies: 9
Views: 1232

special setup in need of help - new to mikrotik

Please go to ip.dns and export your settings so we can see what is configured.

The most common issue is DNS does not have Accept Requests ticked.
by scampbell
Fri Jun 08, 2012 6:39 pm
Forum: RouterBOARD hardware
Topic: RB411AH showing wrong Voltage?
Replies: 2
Views: 795

RB411AH showing wrong Voltage?

Where are you measuring voltage ? At the adapter or in the router board ?

To be sure I would measure at the board itself.
by scampbell
Fri Jun 08, 2012 6:33 pm
Forum: General
Topic: RB751U-2HnD low wifi speed
Replies: 4
Views: 2305

RB751U-2HnD low wifi speed

The RB751's have a lot more RF power than a budget AP. 26dBm compared to only 17dBm in many cases. Testing on the bench close to the AP can give poor results as the test device is "swamped" with signal. The only real tweak is to ensure both HT chains are enabled and only use AES ciphers when you ena...
  • 1
  • 2