Community discussions

Search found 445 matches

  • 1
  • 2
by scampbell
Wed Feb 17, 2016 10:37 pm
Forum: Beginner Basics
Topic: IPsec site 2 site VPN. Ping fails in one direction.
Replies: 36
Views: 12765

Re: IPsec site 2 site VPN. Ping fails in one direction.

To get rid of fasttrack there is a firewall rule created by default directly below the two rules to allow established and related with an action=fasttrack-connection. The rule looks like this:- "add action=fasttrack-connection chain=forward comment="default configuration" \ connection-state=establis...
by scampbell
Wed Feb 17, 2016 10:28 pm
Forum: Announcements
Topic: v6.34.1 [current] is released!
Replies: 59
Views: 15949

Re: v6.34.1 [current] is released!

I've noticed an issue running 6.34.1 and Winbox 3.1. If I set the email server in Winbox > Tools > Email > Server to either the fqdn or ip of my mail server then try send an email I get an error connecting entry in the logs. "/tool e-mail print" didn't show a server address entry. "/tool e-mail set...
by scampbell
Wed Feb 17, 2016 10:26 pm
Forum: Beginner Basics
Topic: EOIP over IPSEC TWO RB750
Replies: 21
Views: 12497

Re: EOIP over IPSEC TWO RB750

I can't seem to get this to work. The "easier" EOIP. I setup EoIP selected a secret. Made sure the tunnel IDs were the same. All I see it this in my logs 10:28:18 ipsec,error failed to pre-process ph2 packet. Do I need additions to the firewall filter and nat too? Ensure your firewall is allowing i...
by scampbell
Tue Feb 16, 2016 9:01 pm
Forum: General
Topic: Using EoIP as the connector.
Replies: 8
Views: 882

Re: Using EoIP as the connector.

Could you not have used src-nat to fool the pbx that any packets received from a remote network were instead locally sent ? This would eliminate the need for eoip Eric and possibly simpler ? Also where we see sip issues the packet sniffer is the best tool as you can save to a file, called sip.cap fo...
by scampbell
Mon Feb 15, 2016 8:02 pm
Forum: Announcements
Topic: v6.34.1 [current] is released!
Replies: 59
Views: 15949

Re: v6.34.1 [current] is released!

It appeared in v6.34 and is already fixed in v6.35rc. It is just a cosmetic bug that aes-256 is displayed as aes-128 Maybe cosmetic but I have just wasted an hour on it migrating a router and wondering why my scripts dont work. If I specify in CLI to add a peer with enc-algorythm=aes-128 and then r...
by scampbell
Mon Feb 15, 2016 12:49 am
Forum: Wireless Networking
Topic: WDS or not WDS?
Replies: 3
Views: 1705

Re: WDS or not WDS?

Pasted from Uldis slide pg 34: http://mum.mikrotik.com/presentations/PL12/workshop-wireless-2012-PL.pdf 802.11n and WDS • 802.11n frame aggregation can’t be used together with WDS • Max transmit speed drops from 220Mbps to 160Mbps using WDS (UDP traffic) • Station-bridge has the same speed limitatio...
by scampbell
Mon Feb 15, 2016 12:30 am
Forum: Wireless Networking
Topic: Printer Access with "client to client forwarding" disabled
Replies: 6
Views: 1225

Re: Printer Access with "client to client forwarding" disabled

Use the "access list" feature and allow client to client forwarding for specific hosts and the printers. This allows the default action of no-forwarding except for the hosts you specify by mac-address in the access-list. TIP: You can identify specific hosts in the registration table and copy them to...
by scampbell
Mon Feb 15, 2016 12:24 am
Forum: Wireless Networking
Topic: Chromecast problems!
Replies: 8
Views: 3819

Re: Chromecast problems!

We use CAPsMan with our Chromecast so perhaps you need to publish your CAPsMan Controller config and your AP Config.

As you have correctly noted you cannot set the mode to AP/Bridge in Capsman - only AP. This should not be an issue for you as Chromecast connects as a Station anyway.
by scampbell
Thu Feb 04, 2016 11:39 pm
Forum: Announcements
Topic: Winbox3.1 released!
Replies: 50
Views: 25985

Re: Winbox3.1 released!

We have found issue with hAP lite and missing information. We will fix it in next release. Toigoweb - what does "lot of bug" mean? Can you give examples? Everyone - please report to support@mikrotik.com with description of your problem and screen shots. Forum is for users. If you want to have resol...
by scampbell
Thu Feb 04, 2016 10:44 pm
Forum: Beginner Basics
Topic: Email settings
Replies: 13
Views: 1783

Re: Email settings

Please try setting your e-mail server using the CLI. We have found setting this in Winbox does not work in the RoS 6.34 or 6.33.5 and reported it to Mikrotik.

/tool e-mail set address=x.x.x.x
by scampbell
Thu Feb 04, 2016 12:28 pm
Forum: Wireless Networking
Topic: Mikrotik AC PtP - Nstreme will NOT connect at all but NV2 will???
Replies: 53
Views: 8819

Mikrotik AC PtP - Nstreme will NOT connect at all but NV2 will???

AP config: /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik add authentication-types=wpa2-psk,wpa2-eap management-protection=allowed \ mode=dynamic-keys name=NPP supplicant-identity="" wpa2-pre-shared-key=\ ********* /interface wireless set [ find default-...
by scampbell
Thu Feb 04, 2016 12:17 pm
Forum: Wireless Networking
Topic: Mikrotik AC PtP - Nstreme will NOT connect at all but NV2 will???
Replies: 53
Views: 8819

Mikrotik AC PtP - Nstreme will NOT connect at all but NV2 will???

I couldn't help but notice one of the radios had default-authenticate=no and I couldn't see any mention of access or connect lists. If this is correct and no connect or access list then you won't get a connection :-) Please double check - hope this helps... [edit] a closer look and I saw an access l...
by scampbell
Thu Feb 04, 2016 11:54 am
Forum: Scripting
Topic: Script to disable 3g backup
Replies: 2
Views: 721

Script to disable 3g backup

Use a higher distance for your 3G default route and if 3G is PPPoE set dial on demand=yes
by scampbell
Wed Feb 03, 2016 1:27 am
Forum: Beginner Basics
Topic: Sending E-mail when IP is added to address list
Replies: 3
Views: 995

Re: Sending E-mail when IP is added to address list

Use the log function in the firewall rule and have the action specified as an e-mail. /ip firewall filter add action=add-src-to-address-list address-list=PSD (insert matchers here) chain=forward log=yes log-prefix=PSD /system logging action add email-to=myaddress@somewhere.com name=emailPSD target=e...
by scampbell
Wed Feb 03, 2016 1:10 am
Forum: Beginner Basics
Topic: Help configuring station bridge.
Replies: 1
Views: 395

Re: Help configuring station bridge.

If the other AP is not a Mikrotik AP/Bridge station-bridge will not work as it is a Mikrotik proprietary mode.
by scampbell
Wed Feb 03, 2016 12:51 am
Forum: Beginner Basics
Topic: Problem with dual wan failover not moving back to primary.
Replies: 10
Views: 3354

Re: Problem with dual wan failover not moving back to primary.

dareru's excellent answer is for failover only and will work well. If you use a dynamic protocol on your WAN such as DHCP or PPPoE you will need to ensure you set the default-route-distance to something other than 0 on your backup wan for this to work If you want to be able to manage your router via...
by scampbell
Wed Feb 03, 2016 12:30 am
Forum: Beginner Basics
Topic: RB951G-2HnD bridge performance
Replies: 2
Views: 767

Re: RB951G-2HnD bridge performance

By default the RB951G-2HnD has ether2 and wlan1 in a bridge. Ether3-5 have their master-port set to ether2. Traffic between ether2-5 should occur at wirespeed 1000Mps. So perhaps set the ports back to switch and try again. Be sure to remove from the bridge before setting their master ports. If you a...
by scampbell
Wed Feb 03, 2016 12:24 am
Forum: Beginner Basics
Topic: Email settings
Replies: 13
Views: 1783

Re: Email settings

Add a topic=e-mail action=memory to your /system logging.

The additional log info should help show what is not working correctly when you send an e-mail :-)
by scampbell
Wed Feb 03, 2016 12:21 am
Forum: Beginner Basics
Topic: PPTP
Replies: 2
Views: 393

Re: PPTP

Windows uses WINS to resolve hostnames. On your remote PC's when they connect have the clients configured to use your internal Windows server as both DNS and WINS. On the remote site you may also need to suffix your hostnames with hostname.yourdomain.com to get them to correctly respond. Mikrotik ca...
by scampbell
Wed Feb 03, 2016 12:14 am
Forum: General
Topic: is there a way to block specific URL in Microtik CCR ?
Replies: 10
Views: 760

Re: is there a way to block specific URL in Microtik CCR ?

No it is not possible! Note the "https" which means "secure" communication. The communication is encrypted and the router never sees the URL. Even when you setup a proxy server, the router sees only the hostname not the part after it. So then you can block entire facebook but not one specific page....
by scampbell
Tue Feb 02, 2016 11:52 am
Forum: Wireless Networking
Topic: Wireless bridge [solved with WDS]
Replies: 6
Views: 10443

Wireless bridge [solved with WDS]

Ap-bridge mode to station-bridge is definitely the best way to do a transparent bridge over wireless.

WDS has throughout issues on Wireless N. It works but not as well as station-bridge.
by scampbell
Mon Feb 01, 2016 10:08 pm
Forum: Wireless Networking
Topic: Full Duplex PTP over 7 to 14Kms
Replies: 24
Views: 2973

Re: Full Duplex PTP over 7 to 14Kms

thank you. that looks interesting but has anyone deployed it in actual environment? I have a few sites doing that - for example we use an RB850GX2 at each end and 4 x QRT's. Set up two unique /29 subnets for each wireless link and the radio's as simple bridge (bridge/station-bridge). Apply the diff...
by scampbell
Mon Feb 01, 2016 10:02 pm
Forum: General
Topic: IPIP Tunnel MTU Problem
Replies: 7
Views: 3240

Re: IPIP Tunnel MTU Problem

Have you checked your PPPoE tunnel can pass packets with MTU=1492 natively without fragmenting ?

Some ISP's use VLAN's and we have found the MTU=1480 is the best we can achieve in this case ?
by scampbell
Mon Feb 01, 2016 8:21 am
Forum: General
Topic: IPIP Tunnel MTU Problem
Replies: 7
Views: 3240

Re: IPIP Tunnel MTU Problem

Interesting problem for sure. I would not think you would need to specify source IP as you are using /30 addressing so it should only go one direction anyway. Given your wan connections have MTU limits of either 1500 or 1492 themselves I cannot see how you can push 1600 through any tunnel without fr...
by scampbell
Mon Feb 01, 2016 7:15 am
Forum: Wireless Networking
Topic: Full Duplex PTP over 7 to 14Kms
Replies: 24
Views: 2973

Re: Full Duplex PTP over 7 to 14Kms

no mikrotik products come in full duplex modes as of today.

you need 4 radios cards 2 on each side for full duplex to work.
Or use OSPF and 4 QRT's for example and base setup on http://wiki.mikrotik.com/wiki/Dual_Setup_with_OSPF.
by scampbell
Mon Feb 01, 2016 7:06 am
Forum: Announcements
Topic: v6.34 [current] is released!
Replies: 91
Views: 22675

Re: v6.34 [current] is released!

About ARP entries - they are completely normal. They have been there forever. Incomplete entries simply were no shown. Now we just do not hide them any more. Just a thought - how hard would it be to add a tick box for "show-incomplete" in /ip arp ? This may make it easier for some users to understa...
by scampbell
Mon Feb 01, 2016 6:52 am
Forum: Announcements
Topic: Winbox3.1 released!
Replies: 50
Views: 25985

Re: Winbox3.1 released!

The issue with /tool e-mail being set in Winbox on a hAP still is happening. To reproduce this, configure in Winbox the Tool E-Mail server then open CLI and go /tool e-mail print email1.PNG Note the lack of address in the CLI. Simply issue the /tool e-mail set address=x.x.x.x followed by /tool e-mai...
by scampbell
Mon Feb 01, 2016 6:42 am
Forum: Announcements
Topic: Winbox3.1 released!
Replies: 50
Views: 25985

Re: Winbox3.1 released!

hAP Lite, RouterOS 6.34
+1 but only after updating Bios from 3.24 to 3.29 :-)
by scampbell
Thu Jan 28, 2016 6:41 pm
Forum: General
Topic: OSPF Router-ID in docs and MTCRE
Replies: 4
Views: 979

OSPF Router-ID in docs and MTCRE

I prefer to always specify a loopback address so there are no surprises [emoji41]
by scampbell
Thu Jan 28, 2016 6:34 pm
Forum: General
Topic: PPPoE Server and Proxy ARP with IPv4 and IPv6
Replies: 2
Views: 631

PPPoE Server and Proxy ARP with IPv4 and IPv6

Ospf instance can publish connected routes but using it for PPPoE can create a flood of lsa's
by scampbell
Thu Jan 28, 2016 6:32 pm
Forum: General
Topic: RB3011 missing Interface Master Slave Settings
Replies: 1
Views: 615

RB3011 missing Interface Master Slave Settings

Switch missing in winbox 3.0 is known. Try winbox 2.2.18, cli or webfig.

We are hoping this will be fixed soon [emoji41]
by scampbell
Thu Jan 28, 2016 6:28 pm
Forum: General
Topic: win10 mac-telnet
Replies: 4
Views: 849

win10 mac-telnet

Check the interface you are using has a valid IP address on it, preferably static ip. I know Mac-winbox is l2 but Windows seems to need this. Try running winbox as admin in Windows. Try disable any unused interface like wireless Disable any virtual machine like virtual box. Disable AV and firewall o...
by scampbell
Thu Jan 28, 2016 6:24 pm
Forum: General
Topic: RB2011 - How do I strip tagged VLAN 0?
Replies: 6
Views: 970

RB2011 - How do I strip tagged VLAN 0?

Edit: you can edit packet vlans in a bridge filter - not sure how with just a plain Ethernet interface so perhaps create bridge, add wan, then try bridge filter ?
by scampbell
Thu Jan 28, 2016 6:22 pm
Forum: General
Topic: RB2011 - How do I strip tagged VLAN 0?
Replies: 6
Views: 970

RB2011 - How do I strip tagged VLAN 0?

Technically vlan0 is no vlan. If you add a priority tag to your packets vlan0 is automatically inserted unless another vlan is specified.
by scampbell
Thu Jan 28, 2016 6:16 pm
Forum: General
Topic: is there a way to block specific URL in Microtik CCR ?
Replies: 10
Views: 760

is there a way to block specific URL in Microtik CCR ?

I would try using a L7 firewall rule but these are high CPU cost. Lucky you have a ccr :-)
by scampbell
Thu Jan 28, 2016 6:05 pm
Forum: Beginner Basics
Topic: Problem with basic CAPsMAN configuration
Replies: 8
Views: 8939

Problem with basic CAPsMAN configuration

It may help if you publish an export of your route capsman config and wireless config please. With capsman we do not manually bridge wlan to Ethernet. Capsman automatically will do this if required. Capsman can either local forward data or tunnel it to the controller. It sounds to me you may not be ...
by scampbell
Thu Jan 28, 2016 5:57 pm
Forum: General
Topic: Help please...periodically losing pings!
Replies: 2
Views: 316

Help please...periodically losing pings!

FYI do not use tkip unless absolutely necessary. It limits wireless throughput.
by scampbell
Thu Jan 28, 2016 5:49 pm
Forum: General
Topic: RSTP between a fiber link and wireless link ? Possible in Microtik ?
Replies: 10
Views: 877

RSTP between a fiber link and wireless link ? Possible in Microtik ?

If you are doing that much traffic then the ccr1016-12s might be a better investment. The crs switch chips are good but I'm pretty sure don't support features like RSTP or LACP yet without using the CPU which architecturally is limited to 1gps to/from the CPU. The ccr would allow you to run ospf and...
by scampbell
Wed Jan 27, 2016 7:32 pm
Forum: Announcements
Topic: v6.33.5 [current] is released!
Replies: 120
Views: 33748

Re: v6.33.5 [current] is released!

On hAP on several routers all running 6.33.5 we are seeing a problem with the /tool e-mail settings. If you set the server in Winbox to 1.1.1.1 (say) and then go to the CLI and execute /tool e-mail pring the address entry is blank. You can only seem to enter the e-mail server address via the CLI. Th...
by scampbell
Mon Jan 18, 2016 11:07 pm
Forum: Announcements
Topic: v6.33.5 [current] is released!
Replies: 120
Views: 33748

Re: v6.33.5 [current] is released!

Oh and switch menu still missing on RB3011 Winbox :-) Not in 6.34rc34 yet either FYI 6.34rc36 still missing Switch menu, Master Port on Interface General Tab & CPU Clock on System/Resources in WinBox. As well as not supporting Hardware Encryption yet! I tried connecting to my RB3011 via Winbox 2.21...
by scampbell
Mon Jan 18, 2016 8:02 am
Forum: Wireless Networking
Topic: PPPOE Request (Need Help )
Replies: 1
Views: 316

Re: PPPOE Request (Need Help )

Potentially several solutions depending on how you are handling the ports. Layer2 isolation is 1st. Disable Default Forward on your Wireless NIC's to keep clients on a single wlan from talking to each other. If in your diagram the Ethernet ports are bridged then you could use Split Horizon in the br...
by scampbell
Thu Jan 14, 2016 5:24 am
Forum: General
Topic: Problem with Bridge on CRS125-24G-1S
Replies: 6
Views: 1007

Re: Problem with Bridge on CRS125-24G-1S

When ports are bridged all LAN traffic goes through the CPU (shared 1GB link) whereas when ports are switched LAN traffic does not impact the CPU so routing performance is better.
by scampbell
Wed Jan 13, 2016 10:39 pm
Forum: Announcements
Topic: v6.33.5 [current] is released!
Replies: 120
Views: 33748

Re: v6.33.5 [current] is released!

Oh and switch menu still missing on RB3011 Winbox :-) Not in 6.34rc34 yet either FYI
by scampbell
Wed Jan 13, 2016 10:37 pm
Forum: Announcements
Topic: v6.33.5 [current] is released!
Replies: 120
Views: 33748

Re: v6.33.5 [current] is released!

I also just tried a /system packages upgrade upgrade on an SXT on 6.25 running the wireless package. The device could not be upgraded until I manually upgraded and applied the wireless-fp package which negates the auto-upgrade feature. I would suggest it should automatically change to wireless-fp or...
by scampbell
Wed Jan 13, 2016 8:49 pm
Forum: General
Topic: WinBox 3.0rc15 recognized as malware (IDP.Ares.Generic) by AVG Antivirus
Replies: 1
Views: 963

Re: WinBox 3.0rc15 recognized as malware (IDP.Ares.Generic) by AVG Antivirus

This morning AVG reported Winbox.exe 3.0 as Trojan horse Generic36.CBEY and removed it :-(
by scampbell
Tue Nov 03, 2015 8:56 pm
Forum: General
Topic: Winbox 3 RC
Replies: 639
Views: 122334

Re: Winbox 3 RC

3) After multiple requests, we decided to use default admin without password if router is selected from Neighbours list. If that should not be used, then router must be saved in Managed tab. While in some cases this makes sense we used to achieve that same result (default to admin with no password)...
by scampbell
Mon Nov 02, 2015 10:19 am
Forum: General
Topic: Is it possible for ISP to access my MikroTik?
Replies: 8
Views: 1330

Is it possible for ISP to access my MikroTik?

the default configuration of the RB951 has a firewall on the public (ISP) interface, so nobody can connect to your router from the ISP side, only from your LAN home network I agree but if you need a pppoe interface the default rules need to be changed to reflect this new wan interface. We are seein...
by scampbell
Mon Nov 02, 2015 9:52 am
Forum: Beginner Basics
Topic: Static NAT from external seems to hijack VPN traffic on same port
Replies: 4
Views: 697

Static NAT from external seems to hijack VPN traffic on same port

Add your wan address as the dst-address (not the to-address) of you Nat rule. Specifying just the incoming interface will catch IPSec traffic as well as Internet traffic.
by scampbell
Mon Nov 02, 2015 9:41 am
Forum: General
Topic: utilization of CPU via WinBox
Replies: 18
Views: 1311

utilization of CPU via WinBox

Also /tool graph where you can graph CPU and memory resources and traffic etc
by scampbell
Mon Nov 02, 2015 9:37 am
Forum: RouterBOARD hardware
Topic: Any RouterBoard with 4G LTE sim card slot available?
Replies: 11
Views: 25216

Any RouterBoard with 4G LTE sim card slot available?

Multi tech offer a miniPCIe card with inbuilt sim. HSPA+
by scampbell
Mon Nov 02, 2015 9:14 am
Forum: General
Topic: smtp port forwarding
Replies: 5
Views: 703

Re: smtp port forwarding

You are welcome :-)
by scampbell
Mon Nov 02, 2015 6:22 am
Forum: RouterBOARD hardware
Topic: RB750UP and PowerBox unable to turn on Mikrotik Devices
Replies: 7
Views: 2007

Re: RB750UP and PowerBox unable to turn on Mikrotik Devices

See the link I posted before. Yes, you can say it helps PB to power other devices, but what it actually does is disables short circuit detection on all poe out ports.
Is there a plan to include this command in Winbox ?
by scampbell
Sun Nov 01, 2015 11:59 pm
Forum: Forwarding Protocols
Topic: Issues with OSPF
Replies: 4
Views: 3371

Re: Issues with OSPF

I would try setting the Network-Type =Broadcast on all interfaces rather than Point to Point.

With Network-Type=Point to Point no router is elected as designated router under OSPF. This is good on a wireless segment of an OSPF network but perhaps not so good in your situation ?
by scampbell
Sun Nov 01, 2015 11:49 pm
Forum: Wireless Networking
Topic: CAPsMAN issue with wAP
Replies: 3
Views: 1196

Re: CAPsMAN issue with wAP

You are welcome and thanks for the rating :-)
by scampbell
Fri Oct 30, 2015 5:33 am
Forum: Wireless Networking
Topic: CAPsMAN issue with wAP
Replies: 3
Views: 1196

Re: CAPsMAN issue with wAP

Please check you have the same wireless package installed on all devices. e.g wireless-cm2

/system packages print
by scampbell
Fri Oct 30, 2015 5:21 am
Forum: General
Topic: smtp port forwarding
Replies: 5
Views: 703

Re: smtp port forwarding

You also need to mark the connection coming in from your wan ports to your mail server and ensure the reply goes back the same wan it arrived on. See the following excellent presentation from Steve Discher http://mum.mikrotik.com/presentations/US12/steve.pdf /ip firewall mangle add action=mark-conne...
by scampbell
Tue Oct 27, 2015 5:04 am
Forum: Wireless Networking
Topic: VTP and VLAN's through wireless link
Replies: 5
Views: 1978

Re: VTP and VLAN's through wireless link

If you have setup a transparent bridge and all clients are station-bridge then they will all see each other. Disabling Default Forwarding on the AP/Bridge will give some L2 isolation from clients but the AP/Bridge will see all. If you wish to seperate the customers then you may be better with a rout...
by scampbell
Tue Oct 27, 2015 3:23 am
Forum: Wireless Networking
Topic: mikrotik cAP n2 as repeater bridge
Replies: 4
Views: 2159

Re: mikrotik cAP n2 as repeater bridge

Not sure where I thought Capsman :-)

But ap/Bridge->station-bridge mode might be even better than WDS ? We use this method for transparent bridging frequently.
by scampbell
Tue Oct 27, 2015 3:20 am
Forum: Scripting
Topic: Netwatch failover script
Replies: 3
Views: 3771

Re: Netwatch failover script

Both ways work - I just like using seperate scripts so you can test them :-)
by scampbell
Fri Oct 23, 2015 5:26 am
Forum: Wireless Networking
Topic: Voucher generation and printing
Replies: 2
Views: 1059

Re: Voucher generation and printing

Handlink make a nice printer that does exactly that. www.handlink.com.tw or http://www.campbell.co.nz/index.php?main_page=product_info&cPath=9&products_id=696 We sell them here and they are easy to set up and use and have 3 buttons that can be paired with three different profiles. 1 Hr, 1 Day or 1 w...
by scampbell
Fri Oct 23, 2015 5:24 am
Forum: Wireless Networking
Topic: CapsMAN multicast
Replies: 2
Views: 1137

Re: CapsMAN multicast

And also make sure Windows Firewall is disabled too LoL :lol:
by scampbell
Fri Oct 23, 2015 5:23 am
Forum: Wireless Networking
Topic: CapsMAN multicast
Replies: 2
Views: 1137

Re: CapsMAN multicast

I use Sonos on my network with Capsman.

The secret is to ensure you allow client-to-client forwarding in your datapath setup
by scampbell
Fri Oct 23, 2015 5:15 am
Forum: Wireless Networking
Topic: Problem with setup CAPsMAN for more than two the same SSIDs on multiple CAPs
Replies: 2
Views: 976

Re: Problem with setup CAPsMAN for more than two the same SSIDs on multiple CAPs

The provisioning rules are like firewall rules and work top down, first match. If your mac filter is 00:00:00:00:00:00 for both rules the first will be used always and never reach the second. Try adding in the mac address of the radio you want with cfg3 on the appropriate provision rule and drag it ...
by scampbell
Fri Oct 23, 2015 5:10 am
Forum: Wireless Networking
Topic: How to Lock TX/RX data rates on client
Replies: 1
Views: 4344

Re: How to Lock TX/RX data rates on client

I think you are describing "rate flapping". To fix this you need to disable the higher speds in "supported rates" of radio. This is under the "data rates" section, select "configured" and unselect the top speeds. The logic is if the radio spends 80% of its time at 36Mbbps, 10% at 48Mbps and 10% at 5...
by scampbell
Fri Oct 23, 2015 5:01 am
Forum: Wireless Networking
Topic: mikrotik cAP n2 as repeater bridge
Replies: 4
Views: 2159

Re: mikrotik cAP n2 as repeater bridge

Last I looked Capsman did not support bridge. Mode=ap is the only option
by scampbell
Fri Oct 23, 2015 4:59 am
Forum: Scripting
Topic: Netwatch failover script
Replies: 3
Views: 3771

Re: Netwatch failover script

If you create you netwatch scripts in /system script with name like "up" or "down" you can then run them and see if they work. Then in /tool netwatch just specify the name of the script in the up and down menu's . EXAMPLE: /system script add name=up owner=admin policy=\ ftp,reboot,read,write,policy,...
by scampbell
Thu Oct 22, 2015 5:29 am
Forum: General
Topic: Reach device on hotspot (device has no gateway).
Replies: 2
Views: 725

Re: Reach device on hotspot (device has no gateway).

When I need to get access to a device that has no gateway but does have a valid IP in a subnet, I use a srcnat/masquerade rule so traffic to the device appears to come from it's local subnet. /ip firewall nat add chain=srcnat to-address=192.168.4.165 action=masquerade If the device is on the hotspot...
by scampbell
Thu Oct 22, 2015 5:23 am
Forum: General
Topic: DNS no resolving on failover wan
Replies: 5
Views: 798

Re: DNS no resolving on failover wan

On sites with multiple WAN interfaces and different ISP (therefore different DNS) I add a specific route for each DNS so it always uses the correct ISP. In respect to failover, a script to change the DNS may be useful approach. Using 8.8.8.8 or 8.8.4.4 does work but some CDN's do not like it and get...
by scampbell
Thu Oct 22, 2015 5:15 am
Forum: General
Topic: DHCP Flooding
Replies: 20
Views: 2626

Re: DHCP Flooding

Mikrotik support DHCP Server Alert function that can tell when a new DHCP server is found. /ip dhcp-server alert add disabled=no interface=bridge-lan on-alert="/log error \"server found\"" You can add your own script as required. It is also possible to filter DHCP on a Bridge if required. http://wik...
by scampbell
Thu Oct 22, 2015 5:11 am
Forum: Forwarding Protocols
Topic: OSPF Example Network
Replies: 18
Views: 5932

Re: OSPF Example Network

Agreed, in fact if you take this approach set the interface to passive so no routes can be injected from client side either :-)
by scampbell
Thu Oct 22, 2015 1:51 am
Forum: Beginner Basics
Topic: Routing part of network via PPTP VPN
Replies: 7
Views: 2856

Re: Routing part of network via PPTP VPN

Try adding a forward rule to allow any traffic coming in on your pptp interface.
by scampbell
Thu Oct 22, 2015 1:44 am
Forum: Forwarding Protocols
Topic: OSPF Example Network
Replies: 18
Views: 5932

Re: OSPF Example Network

For AP's it is best to avoid using OSPF to publish client facing subnets actively. As clients connect and drop it creates new LSA's across the whole network so better to not specify the client device subnet in /route ospf net and better to set the /rou ospf instance to publish connected instead. Thi...
by scampbell
Thu Oct 22, 2015 1:26 am
Forum: Wireless Networking
Topic: VTP and VLAN's through wireless link
Replies: 5
Views: 1978

Re: VTP and VLAN's through wireless link

Cisco -> E1--Bridge--Wlan1...............Wlan1--Bridge--Ether1->Cisco

So we are bridging the link through all the way. VLAN's dont route so this is how it must be.

If for some reason a link had to be routed then you could introduce an EoIP or VPLS tunnel between your endpoints instead.
by scampbell
Wed Oct 21, 2015 11:51 pm
Forum: Beginner Basics
Topic: Request for sample script
Replies: 2
Views: 387

Re: Request for sample script

# remove ether10 from switch group (usually master-port=ether6) 1. /int eth set [find name=ether10] master=none # create pppoe-client on ether10 2. /int pppoe-client add name=pppoe-out1 interface=ether10 user=changeme password=changeme use-peer-dns=yes add-def=yes dis=no # add NAT rule to pppoe-clie...
by scampbell
Wed Oct 21, 2015 11:43 pm
Forum: Beginner Basics
Topic: network scan protection
Replies: 1
Views: 634

Re: network scan protection

Use a firewall rule with the PSD matcher to add Port Scanners to an address list (for 5 days perhaps) and have another rule to drop the address list.

RTFM: http://wiki.mikrotik.com/wiki/Drop_port_scanners :D
by scampbell
Wed Oct 21, 2015 11:37 pm
Forum: Beginner Basics
Topic: SIP Phones not registering
Replies: 5
Views: 1407

Re: SIP Phones not registering

FYI Under "/ip firewall services" you will find a SIP ALG enabled by default. Sometimes disabling this can also help according to some of our local SIP Providers.
by scampbell
Wed Oct 21, 2015 11:24 pm
Forum: Wireless Networking
Topic: Computer connected by CAP has no access to local network printer.
Replies: 1
Views: 505

Re: Computer connected by CAP has no access to local network printer.

Check that Client to Client forwarding is enabled in your Capsman Datapath profile. This will give layer2 isolation between wireless devices if not enabled :-)
by scampbell
Wed Oct 21, 2015 11:21 pm
Forum: Wireless Networking
Topic: RB922UAGS-5HPacD Dual Band AP - Poor Performance
Replies: 3
Views: 1423

Re: RB922UAGS-5HPacD Dual Band AP - Poor Performance

Neither radio card has a wireless protocol correctly set. Set both to wireless-protocol=802.11 and see if that helps. R name="2gn" mtu=1500 mac-address=4C:5E:0C:11:0E:FC arp=enabled interface-type=Atheros AR9300 mode=ap-bridge ssid="radio" frequency=2447 band=2ghz-onlyn channel-width=20/40mhz-eC sca...
by scampbell
Wed Oct 21, 2015 11:13 pm
Forum: Wireless Networking
Topic: VTP and VLAN's through wireless link
Replies: 5
Views: 1978

Re: VTP and VLAN's through wireless link

If all the wireless equipment is Mikrotik and it is AP/Bridge-> Station-Bridge with all ethernet's bridged to wlan then VLAN's will pass. You can use the Torch Tool to check this at each router. Be sure to tick all the options and set the time to 30 seconds before running torch. There is an issue wi...
by scampbell
Fri Sep 18, 2015 4:16 am
Forum: Forwarding Protocols
Topic: OSPF Example Network
Replies: 18
Views: 5932

Re: OSPF Example Network

Hello, I'm continuing my testing on OSPF and I have a new question for you! May you help me to understand what is a good ip plan? I read "Burning Bridges" here: http://www.mywisptraining.com/wp-content/uploads/2013/01/BridgedToRouted.pdf I understand I have to remove switches and add router in plac...
by scampbell
Sat Sep 12, 2015 2:11 am
Forum: Beginner Basics
Topic: Port Forwarding Woes
Replies: 8
Views: 1407

Re: Port Forwarding Woes

Hello and thank you for the excellent description and for posting the relevant configurations. In RouterOS, to forward a port to a device, you need two entries in the firewall area: one for NAT and one for the actual firewall itself. You have the correct NAT rule, you are just missing the ip firewa...
by scampbell
Wed Sep 09, 2015 12:18 am
Forum: Beginner Basics
Topic: EOIP over IPSEC TWO RB750
Replies: 21
Views: 12497

Re: EOIP over IPSEC TWO RB750

It is even easier now as Mikrotik added IPSEC support to EOIP in 6.30 - now you can just specify an IPsec Secret when setting up EoIP and the IPSEC is created automatically for you.
by scampbell
Tue Sep 08, 2015 9:42 pm
Forum: Announcements
Topic: v6.32.1 released
Replies: 76
Views: 18828

Re: v6.32.1 released

+1 on various routers running 6.31 or greater. I revert to 6.30.4 and the message goes away.
by scampbell
Thu Jul 02, 2015 2:38 am
Forum: General
Topic: Leap second bug present on TILE devices?
Replies: 49
Views: 10199

Re: Leap second bug present on TILE devices?

Little too late, don't you think?
For this one, yes, but next leap second will be added in around 2 years.
Could you please tell me if you had NTP package on all the servers, or you used SNTP?
I can confirm CCR's with SNTP were OK and CCR's with NTP crashed and became unresponse.
by scampbell
Thu Jan 29, 2015 5:54 am
Forum: Wireless Networking
Topic: psuedobridge mac issue.
Replies: 5
Views: 985

Re: psuedobridge mac issue.

What is the config of the 912Client/AP ? You definitely do not want to use PseudoBridge in a hotspot as it does exactly what you are seeing. 8) If you are using a single wireless card in your final RB912 then consider the config in this example - http://wiki.mikrotik.com/wiki/Wireless_repeater If yo...
by scampbell
Thu Jan 29, 2015 2:25 am
Forum: General
Topic: Routerboard with POE in and POE out
Replies: 10
Views: 1735

Re: Routerboard with POE in and POE out

Interesting. I have an Omnitik with an SXT5 Lite working at one recent plus another with RB433 and QRT5 working so maybe some models (manufacturing runs) work better than others ?
by scampbell
Tue Jan 27, 2015 12:27 am
Forum: General
Topic: Routerboard with POE in and POE out
Replies: 10
Views: 1735

Re: Routerboard with POE in and POE out

Also RB260GSP, RB750UP

And Omnitik UPA model - works ok for us but the LED's are mixed up which can confuse people :-)
by scampbell
Tue Jan 27, 2015 12:25 am
Forum: General
Topic: Mikrotik & Windows Server 2008 Active Directory
Replies: 5
Views: 4195

Re: Mikrotik & Windows Server 2008 Active Directory

Authentication for Winbox/Telnet router logins via Active Directory will not work, unless you store the password in AD with reversible encryption (WARNING: NOT RECOMMENDED). Winbox/Telnet AAA only supports PAP authentication, which requires a cleartext-password to authenticate. There are several li...
by scampbell
Tue Jan 20, 2015 3:00 am
Forum: Beginner Basics
Topic: SFP Module in CRS226-24G-2S+RM
Replies: 2
Views: 1101

Re: SFP Module in CRS226-24G-2S+RM

FYI.....

From the brochure : First port supports 1.25G/10G modules, second port only 10G modules.

http://i.mt.lv/routerboard/files/CRS226 ... 094424.pdf

I hope this helps....
by scampbell
Tue Jan 20, 2015 2:23 am
Forum: General
Topic: RouterOS v6.25
Replies: 110
Views: 31866

Re: RouterOS v6.25

What's new in 6.25 (2015-Jan-19 10:11):

*) WPS support added to CM2 wireless package
Is there any documentation on this please. I can see some new settings on WLAN1 Interface but not under CAPsMAN2 (CM2) package as indicated ?
by scampbell
Wed Oct 29, 2014 7:13 am
Forum: General
Topic: v6.20 released!
Replies: 146
Views: 58465

Re: v6.20 released!

We have upgraded several RB951 series routers in a class situation. 2 or 3 of these have all exhibited odd firewall behavior when rules are disabled. It shows a rule disabled in Winbox yet the rule continues to work, e.g a rule that logs traffic keeps logging even when disabled. We did not test thi...
by scampbell
Tue Oct 21, 2014 3:23 am
Forum: General
Topic: Change DNS Servers When Tunnel Comes Up
Replies: 9
Views: 1679

Re: Change DNS Servers When Tunnel Comes Up

Windows Host name resolution is generally done via a WINS server or LMHOSTS file on the PC. DNS only works for FGDN's such as host.domain.com To resolve \\servename definitley requires WINS/LMHOSTS file.Alternatively you would need to setup static host entries like servername.sitename in Mikrotik DN...
by scampbell
Tue Oct 21, 2014 3:18 am
Forum: RouterBOARD hardware
Topic: How to netinstall RB433 with out IP address
Replies: 13
Views: 5769

Re: How to netinstall RB433 with out IP address

ditonet is 100% correct. ether1 should be labelled POE/BOOT on the RB433. NetInstall will only work with on a port labelled POE/Boot. Refer www.routerboard.com and download the user guide for your router if unsure.
by scampbell
Sat Oct 18, 2014 1:58 am
Forum: RouterBOARD hardware
Topic: RB751U-2HnD - poor wireless performance & problems
Replies: 113
Views: 113705

Re: RB751U-2HnD - poor wireless performance & problems

These are the settings we use where tablets and Apples are being used..... 1. Use a current RoS 2. Set tx power to 17dBm 3. Use Channel width=20MHz - 20/40MHz is not universally accepted by all devices and uses a lot of spectrum 4. Set distance=indoors 5. Disable TKIP in your security profiles - it ...
by scampbell
Sat Oct 18, 2014 1:02 am
Forum: RouterBOARD hardware
Topic: How to netinstall RB433 with out IP address
Replies: 13
Views: 5769

Re: How to netinstall RB433 with out IP address

assign your pc 192.168.88.254 subnet 255.255.255.0 no gateway needed.

In NetInstall under netbooting put 192.168.88.2
by scampbell
Fri Oct 17, 2014 7:11 am
Forum: General
Topic: Change DNS Servers When Tunnel Comes Up
Replies: 9
Views: 1679

Re: Change DNS Servers When Tunnel Comes Up

When you say hosts at the other end do you mean windows hosts ? If so you may need to specify a wins server too and use FQDN's ?
by scampbell
Fri Oct 17, 2014 7:07 am
Forum: RouterBOARD hardware
Topic: How to netinstall RB433 with out IP address
Replies: 13
Views: 5769

Re: How to netinstall RB433 with out IP address

You should be able to reformat your nand from serial and enable boot from Ethernet once then nand. You can then use netinstall to via RB433's ether1. Your PC should be directly connected and have a static IP address assigned to it's Ethernet. In netinstall under netbooting you need to specify an add...
by scampbell
Fri Oct 17, 2014 1:43 am
Forum: General
Topic: Change DNS Servers When Tunnel Comes Up
Replies: 9
Views: 1679

Re: Change DNS Servers When Tunnel Comes Up

If you look under IP DNS any Dynamically assigned DNS's should be listed there :-)
by scampbell
Fri Oct 17, 2014 1:01 am
Forum: Forwarding Protocols
Topic: OSPF Example Network
Replies: 18
Views: 5932

Re: OSPF Example Network

If you use this an example it should get you started - http://wiki.mikrotik.com/wiki/Dual_Setup_with_OSPF In your case one link would be wireless and the other wired. As the wired is less hops than wireless it should automatically prioritise the wired link. P2P wireless interfaces should have their ...
by scampbell
Fri Oct 17, 2014 12:36 am
Forum: General
Topic: Change DNS Servers When Tunnel Comes Up
Replies: 9
Views: 1679

Re: Change DNS Servers When Tunnel Comes Up

I will give that a try when I get home, don't know how I missed that option... I'll update the post either way. Thanks for the idea! My bad - that was for pppoe :D . For PPTP your remote server should be pushing the DNS to you. In Mikrotik PPTP server this is specified in the PPTP Profile. profile ...
by scampbell
Fri Oct 17, 2014 12:26 am
Forum: Scripting
Topic: hotspot ip binding
Replies: 1
Views: 748

Re: hotspot ip binding

I have two user in ip binding I wanna know bytes out of them like Users in hotspot Any suggestions Create a Simple Queue for each Bound IP (as target) with a script that copies statistics to a comment on the appropriate queue. See http://wiki.mikrotik.com/wiki/Automated_Usage_Script_without_userman...
by scampbell
Fri Oct 17, 2014 12:15 am
Forum: General
Topic: Change DNS Servers When Tunnel Comes Up
Replies: 9
Views: 1679

Re: Change DNS Servers When Tunnel Comes Up

I am trying to configure a couple of PPTP dial on demand tunnels on my RB2011 at home. Both tunnels come up via my mangle rule and they disconnect with my idle timeout which is nice. My issue...how do I handle DNS resolution? I would like to leave my DNS server set to my home 'Tik and be able to re...
by scampbell
Wed Oct 15, 2014 11:07 pm
Forum: General
Topic: v6.20 released!
Replies: 146
Views: 58465

Re: v6.20 released!

Again problems with user-manager. 6.18 on x86 with user manager, upgraded to 6.20 and user-manager stop working, not see the files of the database. Revert back to 6.18 solve the problem. We are also seeing an issue with UM and WG500MP printers interfaced via API. Ticket for 1 Hour or 4 Hour print a...
by scampbell
Mon Oct 13, 2014 1:59 am
Forum: Wireless Networking
Topic: Chromecast problems!
Replies: 8
Views: 3819

Re: Chromecast problems!

0 R name="wlan1" mtu=1500 mac-address=4C:5E:0C:32:CD:7F arp=enabled interface-type=Atheros AR9300 mode=bridge ssid="Lonne" frequency=2412 band=2ghz-b/g channel-width=20mhz scan-list=default wireless-protocol=any vlan-mode=no-tag vlan-id=1 wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no...
by scampbell
Mon Oct 13, 2014 1:56 am
Forum: Wireless Networking
Topic: Chromecast problems!
Replies: 8
Views: 3819

Re: Chromecast problems!

We use a Chromecast on an RB2011UiAS-2HnD no problem. Setup is as a standard AP bridged to the LAN with ether1 as a WAN. Our Chromecast only supports standard US channels, 1 -11 basically. We do not recommend using TKIP on Wireless N as it limits throughput to 54Mbps - see http://www.intel.com/suppo...
by scampbell
Mon Oct 13, 2014 1:26 am
Forum: Wireless Networking
Topic: CAPSMAN Interface Naming
Replies: 4
Views: 1179

Re: CAPSMAN Interface Naming

:D I look forward to this - thank you !!
by scampbell
Thu Oct 09, 2014 9:52 am
Forum: Wireless Networking
Topic: CAPSMAN Interface Naming
Replies: 4
Views: 1179

CAPSMAN Interface Naming

We are now using CapsMan for many sites but one thing appears to be missing - hopefully we have not missed it ? Is it possible to incorporate the "/system identity" as a prefix when the interfaces are auto-provisioned ? You can certainly specify a manual "Name Prefix" but I've not seen the ability t...
by scampbell
Thu Oct 09, 2014 9:42 am
Forum: General
Topic: Winbox 3 beta
Replies: 243
Views: 119316

Re: Winbox 3

I'd imagine full Winbox functionality wouldn't be used too much on iOS/Android, more so just to monitor and grab stats which can be done via API. When I'm up on a roof or a tower trying to repair a node that isn't communicating, and need to see what a remote tower is seeing as I try to reconnect, I...
by scampbell
Thu Oct 09, 2014 9:37 am
Forum: General
Topic: v6.20 released!
Replies: 146
Views: 58465

Re: v6.20 released!

We have upgraded several RB951 series routers in a class situation. 2 or 3 of these have all exhibited odd firewall behavior when rules are disabled. It shows a rule disabled in Winbox yet the rule continues to work, e.g a rule that logs traffic keeps logging even when disabled. We did not test this...
by scampbell
Thu Oct 09, 2014 9:23 am
Forum: General
Topic: WARNING: 6.20 upgrade bricked my CCR1036
Replies: 5
Views: 1657

Re: WARNING: 6.20 upgrade bricked my CCR1036

I have received reports of a similar issue with an RB1100AHx2 being upgraded from RoS 5.26. Recovered successfully via serial and Netinstall ok.
by scampbell
Tue Feb 11, 2014 6:56 am
Forum: General
Topic: Feature Request TR-069 CPE
Replies: 79
Views: 24144

Re: Feature Request TR-069 CPE

+1 for TR069

Could this be done via script I wonder ?

Some of the routers we deal with are configured to Fetch their config when connected so no firewall issues I believe ?
by scampbell
Fri Jan 31, 2014 4:41 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1013866

Re: CLOUD CORE ROUTER

@samsung172

Best note ever LOL :))
+1
by scampbell
Thu Jan 09, 2014 4:26 am
Forum: General
Topic: Firewall setup problem
Replies: 4
Views: 2311

Re: Firewall setup problem

That is pretty normal. These are attempts by outside hosts trying to connect to common ports on your router such as RDP (3389) etc.

Disable logging for the Input rule if you want to stop seeing these entries. You can always enable the logging again for diagnostics if necessary.
by scampbell
Thu Jan 09, 2014 3:27 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1013866

Re: CLOUD CORE ROUTER

@krisjanis If you could update us with these tickets about what you are seeing and giving us things to try that would be useful. I can't test with one right now but we could ask Stuart (distributor) to set it up with our config and test it out. Can you let us know what you are seeing? do your ones ...
by scampbell
Thu Jan 09, 2014 3:23 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1013866

Re: CLOUD CORE ROUTER

It would be nice if the /system package upgrade in Winbox gave you a choice to "force" upgrade or "reload RoS" so you can overwrite all the test versions easily when the full release comes out :-) Doesn't "system reset" do what you asked? Or you meant something like upgrade+reset with one command? ...
by scampbell
Thu Jan 09, 2014 3:11 am
Forum: General
Topic: Feature request -> readonly mode
Replies: 1
Views: 773

Re: Feature request -> readonly mode

The safest (and best) way is as you suggested - create a read-only user for looking at your example router. Ctrl-X (Safemode) is ok but will let you make changes (which may also be confusing) which should be lost when you disconnect from the router - unless you exit safemode first in which case chan...
by scampbell
Sat Dec 21, 2013 9:47 am
Forum: RouterBOARD hardware
Topic: CRS Documentation
Replies: 45
Views: 14223

Re: CRS Documentation

Any sign of cli documentation yet ?
by scampbell
Mon Dec 16, 2013 9:10 pm
Forum: RouterBOARD hardware
Topic: CRS Documentation
Replies: 45
Views: 14223

Re: CRS Documentation

@steen Ask for access to latest beta release. Draft changelog says: *) fixed port isolation on CRSs (bug introduced in v6.6); While port isolation != VLAN leakage it could be how they are describing it. Regards Alexander Hi Alexander, I popped that release on a CRS and it looks like Pacific/Aucklan...
by scampbell
Wed Dec 11, 2013 8:24 pm
Forum: RouterBOARD hardware
Topic: CRS Documentation
Replies: 45
Views: 14223

Re: CRS Documentation

Could you clarify which options are not documented yet? Here is the CRS examples page http://wiki.mikrotik.com/wiki/Manual:CRS_examples Starting with Switch Generic: Bridge Type MAC Level Isolation VLAN Level Isolation Use SVID in 1:1 VLAN Lookup Use CVID in 1:1 VLAB Lookup IPv4 Multicast Lookup Mo...
by scampbell
Tue Dec 10, 2013 6:50 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1013866

Re: CLOUD CORE ROUTER

I have seen a similar issue on 2 different CCR's. Both were port flapping randomly all the active ports so we tried 6.7RC1 but no joy. On closer inspection we were advised both CCR's had a single device each which is set to 100Mbps/Full duplex. We changed one device on one router back to auto-negot...
by scampbell
Tue Dec 10, 2013 6:47 am
Forum: General
Topic: v6.7 released
Replies: 225
Views: 109076

Re: v6.7 released

ip->firewall->Service Ports are shown as invalid (I) in case "tracking set enabled=no" Anybody can confirm this (you have to reboot router to replicate this)? Is that OK or minor bug? This is supposed to be so. NAT helpers will not work without connection tracking. I note that if you specify a port...
by scampbell
Sat Nov 30, 2013 2:29 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1013866

Re: CLOUD CORE ROUTER

6.6 still has the problems with 100mbit/FDX ports randomly changing to gigabit. It seems like some sort of database mismatch. Winbox shows the static speed/duplex as set, but export does not. See my last ticket updates. How do Mikrotik get this soooo wrong ! We also have issues with SFP in CCR link...
by scampbell
Sat Nov 30, 2013 2:19 am
Forum: Beginner Basics
Topic: RB951G and Devolo dLAN Ethernet over Power
Replies: 4
Views: 1113

Re: RB951G and Devolo dLAN Ethernet over Power

First thing to check is connect the pc directly to ether5 and see if that works. If not then you will need to check ether5 is either bridged or switched into the network. If it does work then reconnect the dLAN's and try again. If it still fails use the Packet Sniffer Tool on ether5 and see what the...
by scampbell
Sat Nov 30, 2013 2:11 am
Forum: General
Topic: CRS trunk settings
Replies: 2
Views: 860

Re: CRS trunk settings

Set ether1 and ether2 master port=sfp1 on CRS

All tagged traffic will be passed by all three ports.

Then add VLAN1 to SFP1 and add your management IP address for the CRS to that VLAN.

That should do it.
by scampbell
Sat Nov 30, 2013 2:07 am
Forum: Wireless Networking
Topic: RB912UAG-5HPnD-OUT not working!
Replies: 10
Views: 2751

Re: RB912UAG-5HPnD-OUT not working!

I was connected as shown in the image, but the power does not enter, it did not work.
In case anyone did not understand - the image is how NOT to connect the cable :-)

Power to Mikrotik is supplied via the socket connecter of the adapter using an additional RJ45 cable.
by scampbell
Thu Nov 28, 2013 8:18 pm
Forum: General
Topic: RB1100 Drops packets when Queue Tree enabled ?
Replies: 21
Views: 6071

Re: RB1100 Drops packets when Queue Tree enabled ?

Looks like it may well be an issue. I've got an RB1100AHx2 in production and if I get a chance I'll try and replicate your test :-) No promises though asI have several other jobs on.......
by scampbell
Thu Nov 28, 2013 8:15 pm
Forum: RouterBOARD hardware
Topic: RB751n flaky after upgrade 5.24 -> 6.5
Replies: 4
Views: 1217

Re: RB751n flaky after upgrade 5.24 -> 6.5

A couple of suggestions....

1. Check the RB751 is running the new FW as well. In Winbox go to SYSTEM.ROUTERBOARD and see if you are running the latest. If not click upgrade and reboot.

2. Try re-installing using netinstall and check the otion to "keep configuration"

Hope this helps.
by scampbell
Thu Nov 28, 2013 8:09 pm
Forum: Beginner Basics
Topic: A bit of beginners help with CRS125-24G-1S-RM?
Replies: 8
Views: 2147

Re: A bit of beginners help with CRS125-24G-1S-RM?

We distribute both Mikrotik and ZyXEL so hopefully we can help. How is your Internet IP service delivered to you ? Has your provider given you a /29 subnet where First (or last) usable address is the Gateway you use ? e.g 203.171.1.0/29 ISP GW 203.171.1.1 1st User host = 203.171.1.2, 2nd User host =...
by scampbell
Wed Nov 27, 2013 10:56 pm
Forum: General
Topic: Bonding 2 interfaces - waste of cable?
Replies: 2
Views: 689

Re: Bonding 2 interfaces - waste of cable?

If you use ports not on the same switch group then it is not waste of cable. Can you give more detail on how to do this please as the CRS125 has only 1 switch chip whereas RB1100AHx2 has multiple switch chips...does this mean LACP is supported directly to the CRS125 Switch chip CRS125-131112144104[...
by scampbell
Wed Nov 27, 2013 10:47 pm
Forum: General
Topic: RouterOS v6.6 released
Replies: 164
Views: 72420

Re: RouterOS v6.6 released

I had two CCR's doing this port flap. In both cases all active ports would flap. I checked further and found on both units there was at least one device connected that was NOT set to Auto-Negotiate while all CCR Ports WERE set to Auto-Negotiate. Have now set the appropriate ports to fixed 100Mbps/F...
by scampbell
Wed Nov 27, 2013 10:26 pm
Forum: General
Topic: Switching with RouterOS / CRS Questions
Replies: 81
Views: 43385

Re: Switching with RouterOS / CRS Questions

Along with this it's not really clear how pulling things back to vlan 0 is support to work for configs. IE: If I want tagged/trunked vlans 20,30,40 coming in on ether1 and vlan 20 untagged out ether2 vlan 30 untagged out ether3 vlan 40 untagged out ether4 I would assume I should: 1. accept tagged v...
by scampbell
Wed Nov 27, 2013 12:19 am
Forum: General
Topic: RB1100 Drops packets when Queue Tree enabled ?
Replies: 21
Views: 6071

Re: RB1100 Drops packets when Queue Tree enabled ?

What version RoS and FW are you using on the RB1100AHx2 ?
by scampbell
Tue Nov 26, 2013 9:56 pm
Forum: General
Topic: RB1100 Drops packets when Queue Tree enabled ?
Replies: 21
Views: 6071

Re: RB1100 Drops packets when Queue Tree enabled ?

You have packet-mark="" in your queue configuration.

Try changing that to packet-mark="something" and see if that helps.
by scampbell
Tue Nov 26, 2013 9:46 pm
Forum: General
Topic: RouterOS v6.6 released
Replies: 164
Views: 72420

Re: RouterOS v6.6 released

yeah it looks like this on my site. before it was like in most screens only 1-2 port flaps. now it's like this already for 2 weeks. http://imageshack.com/a/img708/1614/txdh.png I had two CCR's doing this port flap. In both cases all active ports would flap. I checked further and found on both units...
by scampbell
Fri Nov 22, 2013 3:40 am
Forum: General
Topic: RouterOS v6.6 released
Replies: 164
Views: 72420

Re: RouterOS v6.6 released

CCR-1016
still port-flapping
in more obvious way.
before 6.6 ports were going down and that's it
now it flaps ports many times before restart by watchdog.
first week on 6.6 was very stable I thought it is final holy aid....
no...
We are also seeing port flap on CCR1036 and RoS 6.6, FW 3.10
by scampbell
Thu Oct 31, 2013 8:54 pm
Forum: RouterBOARD hardware
Topic: CCR1036-8G-2S+
Replies: 16
Views: 3990

Re: CCR1036-8G-2S+

The last update we had from Mikrotik sales they said late September.

We couldn't wait and just got two current model CCR's to carry us through until it it released.
We have these in stock in NZ now - www.campbell.co.nz
by scampbell
Wed Sep 11, 2013 6:58 am
Forum: Wireless Networking
Topic: RB912UAG-5HPnD-OUT not working!
Replies: 10
Views: 2751

Re: RB912UAG-5HPnD-OUT not working!

That'll sure do it :lol:

Also be sure when testing that your Ethernet cable has all 8 wires connected (look at RJ45). Some inexpensive cables (shipped with cheap soho 10/100 routers for example) only have 4 wires so will not work for PoE.
by scampbell
Tue Aug 27, 2013 7:51 pm
Forum: Wireless Networking
Topic: Wireless issues with RB433GL and 3 wireless cards
Replies: 5
Views: 2828

Wireless issues with RB433GL and 3 wireless cards

Rb435g is a good choice.
by scampbell
Mon Jul 22, 2013 5:38 am
Forum: RouterBOARD hardware
Topic: MikroTik RB2011UAS-2HnD-IN replacement in future(2013-2014)?
Replies: 15
Views: 3960

Re: MikroTik RB2011UAS-2HnD-IN replacement in future(2013-20

Methinks Normis doth protest too much.... :lol:

We have been waiting since March for RB2011-2HnD-IN's - no amount of planning on our part helped :-(

However I am pleased to say the drought has broken and we receive our stock tomorrow :-)
by scampbell
Tue Jul 02, 2013 11:27 pm
Forum: General
Topic: vlan + sniffing = problem
Replies: 11
Views: 3690

Re: vlan + sniffing = problem

I am seeing something similar in RoS6.0 on a CCR1016 I have a VLAN 10 configured on ether12 and with a pppoe-client configured to use VLAN 10. Torch shows the tagged outgoing pppoe-discovery(8863) packets (vlan10) and shows the replies have no vlan tag. (This is the actual issue I am trying to diagn...
by scampbell
Sun Jun 30, 2013 1:25 am
Forum: General
Topic: Help how to configure multiple public IP address on Mikrotik
Replies: 10
Views: 27502

Re: Help how to configure multiple public IP address on Mikr

There are several ways depending on how your clients connect. Lets take 1 example. You have a LAN of 192.168.88.2/24 and are hosting 5 web servers on it, 192.168.88.5-192.168.88.10 with public IP's of 1.1.1.1-1.1.1.5 say. Assume WAN is ether1 So for each server you do a rule set like this : /ip fire...
by scampbell
Sun Jun 30, 2013 1:03 am
Forum: General
Topic: RouterOS 6.1 released
Replies: 198
Views: 53638

Re: RouterOS 6.1 released

The best way to manage logs in Mikrotik - and frankly just about anything - is to export them via Syslog to a Dude server. You can then filter/sort/export them to your hearts content. Go one step further an deploy SIEM if you wish to do correlation etc... http://communities.alienvault.com/ I havent...
by scampbell
Sun Jun 30, 2013 12:53 am
Forum: General
Topic: Feature Request: IPSEC Improvements
Replies: 60
Views: 15513

Re: Feature Request: IPSEC Improvements

We have added initial mode-cfg support in version v6rc13. If anyone wants to test and suggest other needed mode-cfg features.
Hmmm.... Wiki update may be required here as these commands are definitely not in RoS 5.0+ :-)
ros5modeconf.JPG
by scampbell
Thu Jun 27, 2013 10:40 pm
Forum: General
Topic: NTP server problem
Replies: 3
Views: 1087

NTP server problem

Also check ntp server and client are both using the same protocol e.g unicast
by scampbell
Mon Jun 24, 2013 11:50 pm
Forum: General
Topic: RouterOS 6.1 released
Replies: 198
Views: 53638

Re: RouterOS 6.1 released

The best way to manage logs in Mikrotik - and frankly just about anything - is to export them via Syslog to a Dude server. You can then filter/sort/export them to your hearts content. Go one step further an deploy SIEM if you wish to do correlation etc... http://communities.alienvault.com/ I havent...
by scampbell
Mon Jun 24, 2013 12:54 pm
Forum: General
Topic: RouterOS 6.1 released
Replies: 198
Views: 53638

Re: RouterOS 6.1 released

need more details, IPSec did not receive any changes that would brake that. try to enable debug logs on RouterOS and see what is happening. I am debugging a site with mutiple IPSEC tunnels on ROS 6.1 currently. Enabling ipsec in system logging creates multiple entries but it is very difficult to id...
by scampbell
Mon Jun 24, 2013 12:45 pm
Forum: General
Topic: v6.0 released
Replies: 321
Views: 67740

Re: v6.0 released

I saw this on one site. Check the lease time on the W2K server. My site was set to expire its leases every 1h and changing it to 3d made a big difference. (ROS 6.1 CCR 1016)

Having said that the ARP table should have refreshed with the 1 hour settings but sometimes workarounds are useful :-)
by scampbell
Mon Jun 24, 2013 12:37 pm
Forum: General
Topic: PPPoe recieved PADO with unknown host-uniq dropping
Replies: 12
Views: 5449

Re: PPPoe recieved PADO with unknown host-uniq dropping

Bump ?

It is now the end of June and still no response from Mikrotik Support ? Any ideas are welcome please ?
by scampbell
Fri May 31, 2013 5:11 am
Forum: General
Topic: v6.0 released
Replies: 321
Views: 67740

Re: v6.0 released

Upgraded RB450G from 5.24 to 6.0 and my meta-routers had all disappeared.

The virtual IF's were still present though but displayed unknown for meta-router.

Recreated the meta-routers with the same names and everything was then ok and all old data was present.
by scampbell
Mon May 27, 2013 12:55 pm
Forum: General
Topic: PPPoE and Usermanager - radius times out v 5.18
Replies: 2
Views: 1358

Re: PPPoE and Usermanager - radius times out v 5.18

I have successfully used the loopback 127.0.0.1 when the Hotspot and User Manager are on the same server. You may need to create a firewall rule to allow UDP Ports 1812-1813 though. If any rule blocks this to the router then you will get radius timeouts. /ip firewall filter add chain=input src-addre...
by scampbell
Fri May 24, 2013 2:52 am
Forum: RouterBOARD hardware
Topic: RB951-2n and Metal now shipping
Replies: 69
Views: 26441

Re: RB951-2n and Metal now shipping

Has anyone managed to attach an aerial to J101 or J104 on the RB951-2n yet ?
rb951-2n_pcb.JPG
by scampbell
Wed May 22, 2013 9:44 am
Forum: General
Topic: PPPoe recieved PADO with unknown host-uniq dropping
Replies: 12
Views: 5449

Re: PPPoe recieved PADO with unknown host-uniq dropping

Bump ?

Oh, and we tried a different brand router as a test and it connects fine so the issue seems to be unique to the Mikrotik PPPoE client.
by scampbell
Sun May 19, 2013 6:18 am
Forum: Wireless Networking
Topic: can't decrease tx power on RB 911
Replies: 4
Views: 1663

Re: can't decrease tx power on RB 911

I've seen this also on RB951G-2HnD and RB2011UAS-2HnD.

Apparently it is a chipset issue.....

see http://forum.mikrotik.com/viewtopic.php?f=1&t=68141
by scampbell
Fri May 17, 2013 9:10 am
Forum: General
Topic: anyone can set this? i can pay for it. 【URGENT 】
Replies: 8
Views: 1059

Re: anyone can set this? i can pay for it. 【URGENT 】

I agree with ronix but if you need urgent help send me an email with your details and i'll send you all my skype and telephone details
by scampbell
Fri May 17, 2013 1:28 am
Forum: Beginner Basics
Topic: Blocking internet access on 1 port but Sharing Network
Replies: 4
Views: 1269

Re: Blocking internet access on 1 port but Sharing Network

You could also mangle the traffic coming in from Group B (ether2 in my example) and give it a routing mark of, say, "blackhole". Then create a blackhole route so any attempts to get out from Group B (ether2) will fail. /ip firewall mangle add action=mark-routing chain=prerouting in-interface=ether2 ...
by scampbell
Fri May 17, 2013 1:06 am
Forum: General
Topic: Is it possible to create a public VPN-service using RB750?
Replies: 3
Views: 1836

Re: Is it possible to create a public VPN-service using RB75

You can always run RouterOS on a PC if you need more CPU power !!!
by scampbell
Fri May 17, 2013 12:18 am
Forum: The Dude
Topic: Daily bandwidth total report
Replies: 4
Views: 8486

Re: Daily bandwidth total report

In that case how about a simple script like /interface ethernet print stats file=stats.txt /interface ethernet reset-counters /tool e-mail send to="config@mydomain.com" subject="$[/system identity get name] usage) \ body="$[/system clock get date] Ethernet usage Stats" file=stats.txt You can then sc...
by scampbell
Thu May 16, 2013 10:46 pm
Forum: General
Topic: Cisco/mikrotik quick redirect
Replies: 3
Views: 798

Re: Cisco/mikrotik quick redirect

by scampbell
Thu May 16, 2013 10:29 pm
Forum: The Dude
Topic: Daily bandwidth total report
Replies: 4
Views: 8486

Re: Daily bandwidth total report

You should be able to adapt this script to give you reports based on Interface, Ip, VLAN etc. It is an excellent bit of code and full credit to Andrew Cox.

http://wiki.mikrotik.com/wiki/Automated ... sermanager
by scampbell
Thu May 16, 2013 10:25 pm
Forum: General
Topic: anyone can set this? i can pay for it. 【URGENT 】
Replies: 8
Views: 1059

Re: anyone can set this? i can pay for it. 【URGENT 】

If you need a consultant I'm happy to assist. scampbell@campbell.co.nz

Alternatively there may be other consultants closer to you - http://www.mikrotik.com/consultants/
by scampbell
Thu May 16, 2013 10:16 pm
Forum: General
Topic: PPPoe recieved PADO with unknown host-uniq dropping
Replies: 12
Views: 5449

Re: PPPoe recieved PADO with unknown host-uniq dropping

I have provided packet traces for this to Mikrotik and been awaiting a response for 10 days now. Hopefully this means they have confirmed an issue..........

Mikrotik - any news on Ticket#2013042666000109 please ?
by scampbell
Thu May 16, 2013 9:41 pm
Forum: Scripting
Topic: remote ssh via script
Replies: 52
Views: 30126

Re: remote ssh via script

I have a similar issue, running RoS 5.24. I have set up the user admin-ssh on both routers, given them FULL rights (for now), and loaded the Public Key on the Host and Private & Public Keys on the client. The script owner is admin-ssh If I execute the script from a New Terminal in Winbox (logged int...
by scampbell
Tue Feb 05, 2013 4:32 am
Forum: General
Topic: 6.0rcX manual TX power (RB2011UAS-2HnD-IN)
Replies: 5
Views: 4650

Re: 6.0rcX manual TX power (RB2011UAS-2HnD-IN)

I agree. If you cannot perform a function due to chipset - disable the function and document it.

We have enough real issues to chase without having to chase unknown chipset limitations.
by scampbell
Fri Dec 07, 2012 12:44 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1013866

Re: CLOUD CORE ROUTER

Will CCR support Metarouter please ?
by scampbell
Fri Dec 07, 2012 12:40 am
Forum: General
Topic: How to block access to clients port 80 from outside
Replies: 5
Views: 3609

Re: How to block access to clients port 80 from outside

You need to create firewall rules to allow established and related connections and to drop any new connections coming in on pppoe-out1. /ip firewall filter add chain=input comment="default configuration" protocol=icmp add chain=input comment="default configuration" connection-state=established add c...
by scampbell
Thu Dec 06, 2012 10:58 pm
Forum: Virtualization
Topic: MetaROUTER on RB1100AHx2
Replies: 18
Views: 8622

Re: MetaROUTER on RB1100AHx2

Is there any update on running Metarouters one either RB1100AHx2 and CCR 10xx ?
by scampbell
Tue Dec 04, 2012 11:05 am
Forum: General
Topic: iOS6
Replies: 7
Views: 1305

iOS6

Do you have any DST-nat rules configured for port 80 ?

If you do not specify the interface it may redirecting your requests.
by scampbell
Tue Dec 04, 2012 10:59 am
Forum: Wireless Networking
Topic: 300 Mbps Full Duplex 100m link - Quest - Solved
Replies: 19
Views: 7237

300 Mbps Full Duplex 100m link - Quest

You may want to try shielding your radio cards to avoid crosstalk between them. Also try limiting output power if possible
by scampbell
Thu Nov 01, 2012 4:24 am
Forum: General
Topic: PPPoe recieved PADO with unknown host-uniq dropping
Replies: 12
Views: 5449

Re: PPPoe recieved PADO with unknown host-uniq dropping

I have tried using ROS6.0 RC3 and still the same issue as described.

Can anyone please assist ?
by scampbell
Wed Oct 31, 2012 2:57 am
Forum: Forwarding Protocols
Topic: RB750 SSL Forwarding issue to external proxy
Replies: 2
Views: 1594

Re: RB750 SSL Forwarding issue to external proxy

It appears the to-port in both examples is 9400. In this case the first rule will work and the second will be ignored.

Try changing the to-port=9401 for the second rule to redirect to port 443.

Then any connects to port 9401 should be redirected to port 443.
by scampbell
Tue Sep 11, 2012 11:39 pm
Forum: General
Topic: sd card missing
Replies: 8
Views: 1333

Re: sd card missing

I have seen it on RB450G and RB493G as well.
by scampbell
Mon Sep 10, 2012 8:57 am
Forum: General
Topic: MicroSD Card on RB1100AH is not detected
Replies: 7
Views: 2126

Re: MicroSD Card on RB1100AH is not detected

I tried the 2GB Transedn http://www.transcendusa.com/support/dlc ... es-edm.pdf and it failed after a soft boot.

Interesting as I have used these before with success.

It seems there is a serious issue with RoS and microSD cards ?
by scampbell
Mon Sep 10, 2012 8:40 am
Forum: General
Topic: sd card missing
Replies: 8
Views: 1333

Re: sd card missing

I have tried a Class 2 Transend 2 GB SD Card in one of our RB1100AHx2 running RoS 5.20 and it does not survive a soft reboot.

Only a power down resolves the problem.
by scampbell
Wed Aug 22, 2012 5:38 am
Forum: The Dude
Topic: Dude on ppc (RB1100) cant access by web
Replies: 15
Views: 8277

Dude on ppc (RB1100) cant access by web

+1 for me too. X86 and rb1100ahx2
by scampbell
Fri Jul 20, 2012 7:29 am
Forum: Beginner Basics
Topic: vlan isolation not working
Replies: 12
Views: 3407

Re: vlan isolation not working

Could you not set all of the VLAN Horiizon's=1 in the Bridge Port settings to isolate these ?

My understanding is traffic is not passed between ports with the same Horizon setting in the bridge.

If any VLAN in the bridge is to be shared/accessed by the others set it to Horizon=0 (for example).
by scampbell
Fri Jul 20, 2012 7:13 am
Forum: Beginner Basics
Topic: Hotspot
Replies: 20
Views: 1788

Re: Hotspot

Have a look at this article - http://wiki.mikrotik.com/wiki/Hotspot_server_setup

Just be sure to add an IP address to your VAP and specify the VAP as the Hotspot Interface during setup.
by scampbell
Fri Jul 20, 2012 7:04 am
Forum: General
Topic: v5.19 released
Replies: 57
Views: 21257

Re: v5.19 released

Minor Bug: RoS 5.19 NTP Client menu has a spelling error for Dynamic Servers still.
by scampbell
Fri Jul 06, 2012 11:54 pm
Forum: Wireless Networking
Topic: VLANs over wireless
Replies: 6
Views: 1174

VLANs over wireless

So your options are to either downgrade the RoS or buy a L4 license then.
by scampbell
Fri Jul 06, 2012 8:08 pm
Forum: Wireless Networking
Topic: Tracking Usage
Replies: 2
Views: 574

Tracking Usage

by scampbell
Fri Jul 06, 2012 7:59 pm
Forum: Wireless Networking
Topic: Dropping wireless clients on RB751U-2HnD
Replies: 19
Views: 5261

Dropping wireless clients on RB751U-2HnD

The link distance is 1.2km Registration Signal says it is 20kms. Signal strength -62/-66 Tx 2Mbps / Rx 180Mbps Signal to Noise 48dB CCQ 10/99% P Throughput 530kbps /interface wireless security-profiles set [ find default=yes ] authentication-types=wpa2-psk group-ciphers=tkip,aes-ccm mode=dynamic-ke...
by scampbell
Fri Jul 06, 2012 7:41 pm
Forum: Wireless Networking
Topic: VLANs over wireless
Replies: 6
Views: 1174

VLANs over wireless

Set up your link as Bridge ->station and create an eoip interface over the link to carry the all the vlans.
by scampbell
Wed Jul 04, 2012 12:59 pm
Forum: General
Topic: Can't connect to OmniTIK U-5HnD
Replies: 7
Views: 6891

Can't connect to OmniTIK U-5HnD

Why do they put a default firewall rule to block all traffic on ether1 of the Omnitik's ?

I would think these should ship with a blank config so you can configure them from the single PoE input port ?
by scampbell
Mon Jun 25, 2012 6:03 pm
Forum: RouterBOARD hardware
Topic: power Supply Advice
Replies: 7
Views: 1085

power Supply Advice

If you are unsure on grounding it would be wise to consult an electrical engineer as there may be a bigger issue here like improper power wiring which is dangerous. If the box is mounted outside for example I would use an earth stake (from an electrical wholesaler) inserted into the soil and wired b...
by scampbell
Mon Jun 18, 2012 4:19 am
Forum: RouterBOARD hardware
Topic: power Supply Advice
Replies: 7
Views: 1085

power Supply Advice

Have you tried earthing the cases ?
by scampbell
Tue Jun 12, 2012 7:43 am
Forum: RouterBOARD hardware
Topic: 750UP resets if powered by 24VDC battery or ccontroller
Replies: 4
Views: 1351

Re: 750UP resets if powered by 24VDC battery or ccontroller

I wonder if it has something to do with startup current ? What happens if you only power up the RB750UP with no devices connected ? Then add you devices one by one - is it still stable ? Possible Workaround If so perhaps a startup script to disable E2-E5 immediately then at 1 second intervals enable...
by scampbell
Tue Jun 12, 2012 7:33 am
Forum: RouterBOARD hardware
Topic: RB751U-2HnD - poor wireless performance & problems
Replies: 113
Views: 113705

Re: RB751U-2HnD - poor wireless performance & problems

I did some quick tests with an iPhone and RB751U-2HnD RoS 5.17 First I ran the test with the phone very close to the AP. The TX CCQ was pretty low but pings responded ok. I moved the iPhone 2 metre away from the AP and TX CCQ improved to better than 80% FYI My RB751U-2HnD is set to 17dBm rtaher than...
by scampbell
Mon Jun 11, 2012 6:35 am
Forum: General
Topic: RB751U-2HnD low wifi speed
Replies: 4
Views: 2300

Re: RB751U-2HnD low wifi speed

I use the default internal ones at my office and it is giving me good internal coverage within the building. (about 200 m2).

I get OK outside coverage too.
by scampbell
Sat Jun 09, 2012 12:26 pm
Forum: Beginner Basics
Topic: Telnet is not working
Replies: 7
Views: 1443

Telnet is not working

Can you use the telnet tool from one of your other routers to talk to the offending mikrotik ?
by scampbell
Fri Jun 08, 2012 7:14 pm
Forum: Wireless Networking
Topic: How to connect mikrotik to wireless network with WPA Radius
Replies: 1
Views: 723

How to connect mikrotik to wireless network with WPA Radius

Any mikrotik with wireless should be able to be set as a wireless adapter for a printer. rb751u or rb751g perhaps ?

Use station-wds or psuedo bridge mode
by scampbell
Fri Jun 08, 2012 7:10 pm
Forum: Wireless Networking
Topic: wireless signal (tx/rx) strength shown on login page...
Replies: 10
Views: 3571

wireless signal (tx/rx) strength shown on login page...

You can set your AP to only allow connections with good signal by using the Access list

http://wiki.mikrotik.com/wiki/Manual:In ... ccess_List
by scampbell
Fri Jun 08, 2012 7:02 pm
Forum: Beginner Basics
Topic: Telnet is not working
Replies: 7
Views: 1443

Telnet is not working

On the mikrotik go to ip.services and make sure Telnet is enabled and that there is no IP address restriction stopping you.

Also check your ip.firewall.filter that no input rules are stopping access.

By default the rb750gl will block any input to ether1.
by scampbell
Fri Jun 08, 2012 6:50 pm
Forum: Beginner Basics
Topic: special setup in need of help - new to mikrotik
Replies: 9
Views: 1232

special setup in need of help - new to mikrotik

Please go to ip.dns and export your settings so we can see what is configured.

The most common issue is DNS does not have Accept Requests ticked.
by scampbell
Fri Jun 08, 2012 6:39 pm
Forum: RouterBOARD hardware
Topic: RB411AH showing wrong Voltage?
Replies: 2
Views: 794

RB411AH showing wrong Voltage?

Where are you measuring voltage ? At the adapter or in the router board ?

To be sure I would measure at the board itself.
by scampbell
Fri Jun 08, 2012 6:33 pm
Forum: General
Topic: RB751U-2HnD low wifi speed
Replies: 4
Views: 2300

RB751U-2HnD low wifi speed

The RB751's have a lot more RF power than a budget AP. 26dBm compared to only 17dBm in many cases. Testing on the bench close to the AP can give poor results as the test device is "swamped" with signal. The only real tweak is to ensure both HT chains are enabled and only use AES ciphers when you ena...
by scampbell
Fri Jun 08, 2012 6:26 pm
Forum: RouterBOARD hardware
Topic: PoE on OmniTik-UPA-5Hnd not powering up
Replies: 2
Views: 702

PoE on OmniTik-UPA-5Hnd not powering up

Also check your Cat5 cable. Make sure all 4 pairs are terminated correctly.

Some fly leads are manufactured with only two pairs connected and this will cause PoE (or Gigabit Ethernet) not to work.
by scampbell
Thu Jun 07, 2012 5:24 pm
Forum: The User Manager
Topic: 5.17 Vouchers - Error 400: Session Expired
Replies: 2
Views: 1314

5.17 Vouchers - Error 400: Session Expired

I have seen issues with IE9. Try the same tasks using mozilla Firefox
by scampbell
Wed Jun 06, 2012 4:05 am
Forum: General
Topic: RB751U-2HnD Wireless Antenna Patterns
Replies: 7
Views: 1574

Re: RB751U-2HnD Wireless Antenna Patterns

we will have the antenna patterns in about a week
Normis - could you please provide a link to these patterns. I have looked in the brochure and User Guide but could not find them :-)
Bump
by scampbell
Fri Jun 01, 2012 12:38 pm
Forum: Wireless Networking
Topic: Highsite Hotspot Query
Replies: 7
Views: 1320

Highsite Hotspot Query

So this is my virgin post, hoping to make many more
You can only have one virgin post ...... :-)
by scampbell
Fri Jun 01, 2012 12:36 pm
Forum: Wireless Networking
Topic: Online Link budget/analysis calculator
Replies: 1
Views: 1209

Online Link budget/analysis calculator

Mikrotik website under Downloads has a calculator.

Also a good app for iPhone is from a company called Sice - app is called Airlive and is good for pointing ap's and doing budget calculations.
by scampbell
Tue May 29, 2012 12:36 pm
Forum: Beginner Basics
Topic: on 751U-2HnD, how i get ip address assign with VLAN on eth 1
Replies: 2
Views: 580

on 751U-2HnD, how i get ip address assign with VLAN on eth 1

Add a vlan to ether1 then add a dhcp client to that VLAN.

Although usually isp's will assign client address via pppoe ?
by scampbell
Tue May 29, 2012 12:24 pm
Forum: Wireless Networking
Topic: two ap in one 433
Replies: 18
Views: 2135

two ap in one 433

Has anyone had any success using EMI shielding between the boards and rf cables when using dual rf cards on the rb 433 ?
by scampbell
Thu May 03, 2012 1:26 am
Forum: General
Topic: RB751U-2HnD Wireless Antenna Patterns
Replies: 7
Views: 1574

Re: RB751U-2HnD Wireless Antenna Patterns

we will have the antenna patterns in about a week
Normis - could you please provide a link to these patterns. I have looked in the brochure and User Guide but could not find them :-)
by scampbell
Wed Apr 18, 2012 8:54 am
Forum: Scripting
Topic: URGENT HELP REQ. Need Script to scan for MAC Address on WLAN
Replies: 9
Views: 2845

URGENT HELP REQ. Need Script to scan for MAC Address on WLAN

It should - alignment needs to work both ways in a p2 p link :-)
by scampbell
Wed Apr 18, 2012 4:30 am
Forum: Scripting
Topic: URGENT HELP REQ. Need Script to scan for MAC Address on WLAN
Replies: 9
Views: 2845

URGENT HELP REQ. Need Script to scan for MAC Address on WLAN

The alignment tool in the wireless interface can be programmed to look for a specific Mac address.

When found the RB will start beeping
by scampbell
Wed Apr 18, 2012 4:25 am
Forum: General
Topic: Can somebody tell me what this log means?
Replies: 4
Views: 3365

Can somebody tell me what this log means?

Add suitable rules in ip firewall input chain to block new connections for unwanted sources and destination ports
by scampbell
Tue Apr 17, 2012 2:25 am
Forum: RouterBOARD hardware
Topic: RB750UP - Issue
Replies: 260
Views: 54554

Re: rb750up voltage monitoring

At that current the voltage drop over the wires should be negligable, perhaps 0.1v at most. I have an RB750UP running RoS 5.14 FW 2.38. The /system health command gives a voltage of 22.7v. If I take a voltage reading directly off the DC Jack it reads 24.12v If I take a voltage reading off the PoE Ou...
by scampbell
Fri Apr 13, 2012 2:47 am
Forum: General
Topic: PPTP Server w/Windows 7 PPTP Client PLEASE HELP!!
Replies: 38
Views: 50742

Re: PPTP Server w/Windows 7 PPTP Client PLEASE HELP!!

Sure does, and ppp, pppoe etc. :D I do not see any actual PPTP entries in the log though. We need to confirm the PPTP packets are arriving at the Mikrotik as the issue may be at the client side ? Is the client a fixed IP ? If so add an Input rule with the necessary source address and action of LOG a...
by scampbell
Fri Apr 13, 2012 1:49 am
Forum: General
Topic: PPTP Server w/Windows 7 PPTP Client PLEASE HELP!!
Replies: 38
Views: 50742

Re: PPTP Server w/Windows 7 PPTP Client PLEASE HELP!!

This also from MS Technet: Microsoft error codes doesn't really tell you what's wrong. A error code 807 typically is either the client or the server is behind a NAT device and does not pass through GRE protocol 47. If GRE protocol 47 isn't pass through the NAT device you'll get 807. you'll also get ...
by scampbell
Fri Apr 13, 2012 1:45 am
Forum: General
Topic: PPTP Server w/Windows 7 PPTP Client PLEASE HELP!!
Replies: 38
Views: 50742

Re: PPTP Server w/Windows 7 PPTP Client PLEASE HELP!!

ppplog.jpg
Be sure to add PPTP logging as per my original post and try again then post the log :-)

If you have done that already then no PPTP packets are hitting your router and the problem is elsewhere - perhaps disable ANY firewall Input rules and try again ?
by scampbell
Fri Apr 13, 2012 1:29 am
Forum: RouterBOARD hardware
Topic: RB750UP - Issue
Replies: 260
Views: 54554

Re: rb750up voltage monitoring

I guess in this case 4" is better than 10" :lol: You are right that should not make any significant difference - as long as the wire gauge is reasonable and connectors are making clean contact. I suspect the RB probably has a diode on the input circuit hence the voltage difference and in RoS 5.12 th...
by scampbell
Fri Apr 13, 2012 1:09 am
Forum: General
Topic: PPTP Server w/Windows 7 PPTP Client PLEASE HELP!!
Replies: 38
Views: 50742

Re: PPTP Server w/Windows 7 PPTP Client PLEASE HELP!!

http://wiki.mikrotik.com/wiki/Manual:Li ... nse_Levels

Level 4 allows 200 PPTP clients so I do not think that is the issue.

What does the Mikrotik Log show ?
by scampbell
Thu Apr 12, 2012 11:37 pm
Forum: General
Topic: PPTP Server w/Windows 7 PPTP Client PLEASE HELP!!
Replies: 38
Views: 50742

Re: PPTP Server w/Windows 7 PPTP Client PLEASE HELP!!

There is an excellent article at Greg Sowell's site http://gregsowell.com/?p=680 You might also like to turn on logging for PPTP /system logging add action=memory disabled=no prefix="" topics=pptp This should help in debugging. Are you using L2TP over IPSEC or PPTP on the Windows PC ? Double check t...
by scampbell
Thu Apr 12, 2012 11:16 pm
Forum: General
Topic: Total Usage of a pppoe user
Replies: 4
Views: 812

Re: Total Usage of a pppoe user

If you are giving your PPPOE user a fixed IP set up a simple queue with the Target Address set to that of the PPPoE user. This will accumulate the traffic for you. e.g /queue simple add target-address="172.16.20.23" queue="default/default" (where 172.16.20.23 is PPPoE Client IP) Alternatively you ca...
by scampbell
Thu Apr 12, 2012 11:11 pm
Forum: RouterBOARD hardware
Topic: RB750UP - Issue
Replies: 260
Views: 54554

Re: rb750up voltage monitoring

Its gone from reporting 11.5v to 12.1 with the latest update (5.12). Next time I'm at that site ill put a multimeter across the battery and see how accurate it is :). Thanks! Damien I notice you are comparing the voltage at the battery terminals against the Mikrotik's internal measurement. Notwiths...
by scampbell
Mon Apr 02, 2012 7:51 am
Forum: Beginner Basics
Topic: RB 751U
Replies: 6
Views: 1017

Re: RB 751U

Hi All Thanks for the comments, and I agree with the storage space restriction etc, how ever Surely the Ups package should not require that much space? I am Battling to get that to work as well? What packages are currently shown as loaded and how much disk space does /system resources show ? Please...
by scampbell
Sun Apr 01, 2012 11:44 pm
Forum: Beginner Basics
Topic: RB 751U
Replies: 6
Views: 1017

Re: RB 751U

Are you running 5.14 on your router?
Good question !!
by scampbell
Sun Apr 01, 2012 11:40 pm
Forum: Beginner Basics
Topic: RB 751U
Replies: 6
Views: 1017

Re: RB 751U

Have a look in your logs, you will probably see an error message telling you User Manager not installed as the disk is too small. To successfully run User Manager you need an RB with lots of available NAND capability or a microSD slot for additional storage. Go to /system resources and it will show ...
by scampbell
Sun Apr 01, 2012 11:22 pm
Forum: General
Topic: DHCP Server on Wireless Interface
Replies: 5
Views: 6126

Re: DHCP Server on Wireless Interface

No problem. :) What Mikrotik router are you using ? Please check you do not have an IP conflict going on between the different interfaces and pools. For example if you take a DHCP directly off ether2 and assign it to wlan1 the DHCP pool and network may still refer to an address assigned to ether2 ?
by scampbell
Fri Mar 30, 2012 3:01 am
Forum: General
Topic: DHCP Server on Wireless Interface
Replies: 5
Views: 6126

DHCP Server on Wireless Interface

If you have no clients connected to the wireless it will show as "I" until
They connect.
by scampbell
Fri Mar 23, 2012 11:50 pm
Forum: Beginner Basics
Topic: Got my Wireless working - but only unprotected (WPA2?)
Replies: 16
Views: 1869

Got my Wireless working - but only unprotected (WPA2?)

Turn off TKIP if you want to get wireless N speeds. Use only AES :-)
by scampbell
Fri Mar 23, 2012 4:37 pm
Forum: The User Manager
Topic: RouterBoard 1100AHx2 Where is User Manager
Replies: 15
Views: 5037

RouterBoard 1100AHx2 Where is User Manager

Pretty weird. When it was running live what did / system resources say about memory/storage ?
by scampbell
Fri Mar 23, 2012 4:17 pm
Forum: General
Topic: TFTP support
Replies: 3
Views: 789

TFTP support

by scampbell
Fri Mar 23, 2012 4:13 pm
Forum: General
Topic: hotspotting help
Replies: 9
Views: 801

hotspotting help

Have you considered using the built in Trial feature ?

http://wiki.mikrotik.com/wiki/Manual:IP/Hotspot/Profile
by scampbell
Fri Mar 23, 2012 4:07 pm
Forum: Beginner Basics
Topic: Remote access from the Internet (WAN side)
Replies: 32
Views: 194295

Remote access from the Internet (WAN side)

create an Input rule to allow Port 8291 from the internet. /ip firewall filter add action=accept chain=input disabled=no dst-port=8291 protocol=tcp be sure to place it above any rules dropping Input. I would also consider specifying which hosts can connect rather than leaving it wide open. Thank yo...
by scampbell
Fri Mar 23, 2012 4:04 pm
Forum: General
Topic: fowarding email
Replies: 8
Views: 1799

fowarding email

You could use a Mangle rule to change the routing mark to match a specific interface.
by scampbell
Fri Mar 23, 2012 4:03 pm
Forum: The User Manager
Topic: RouterBoard 1100AHx2 Where is User Manager
Replies: 15
Views: 5037

RouterBoard 1100AHx2 Where is User Manager

Rb1100ahx2 has a very limited amount of NAND storage so you may not be able to load all packages at once, especially when doing an upgrade. Try loading the basic packages for 5.14 first then add UM once the upgrade to 5.14 is complete. You will also need to install a microSD Class 2 (not C4) chip fo...
by scampbell
Fri Mar 23, 2012 6:42 am
Forum: Beginner Basics
Topic: Remote access from the Internet (WAN side)
Replies: 32
Views: 194295

Re: Remote access from the Internet (WAN side)

create an Input rule to allow Port 8291 from the internet.

/ip firewall filter add action=accept chain=input disabled=no dst-port=8291 protocol=tcp

be sure to place it above any rules dropping Input.

I would also consider specifying which hosts can connect rather than leaving it wide open.
by scampbell
Fri Mar 23, 2012 6:34 am
Forum: RouterBOARD hardware
Topic: RB751 external antenna
Replies: 21
Views: 10014

Re: RB751 external antenna

That is good news but it would still be nice if Mikrotik carried an aerial we could buy.

I have fitted AC/SWIM to an RB751 but it is a bit ugly :-)
by scampbell
Thu Mar 22, 2012 1:21 am
Forum: RouterBOARD hardware
Topic: reseting the rb751u-2hnd
Replies: 2
Views: 1475

Re: reseting the rb751u-2hnd

Hello, I recently purchased this router and would like to set it up to repeat an existing wireless signal, I tried to reset it by pressing the reset button but now it will not recognize anything attached to it thank you for any help you may be able to give me ljearwood The factory default will not ...
by scampbell
Thu Mar 22, 2012 1:18 am
Forum: RouterBOARD hardware
Topic: RB751 external antenna
Replies: 21
Views: 10014

Re: RB751 external antenna

Only antenna with straight MMCX fill fit easily out of the box: http://www.google.lv/search?gcx=c&ix=c2 ... 6&bih=1071
Are Mikrotik going to stock this so we can buy it with our RB751's ?
by scampbell
Mon Mar 19, 2012 11:25 am
Forum: The Dude
Topic: Dude 4.0 beta4??
Replies: 39
Views: 24432

Dude 4.0 beta4??

Add the ability to execute command on RouterOS directly like in windows.

E.g /tool SMS send
by scampbell
Mon Mar 19, 2012 11:15 am
Forum: General
Topic: UM 4.17: Credits Add does not add the Credit !!!
Replies: 1
Views: 361

UM 4.17: Credits Add does not add the Credit !!!

Are you using IE as a browser ? Try Mozilla Firefox instead.

This fixed some strange issues with UM for me.


If the post was helpful please give Karma :-)
by scampbell
Mon Mar 19, 2012 11:09 am
Forum: General
Topic: PTP link aggregation
Replies: 2
Views: 639

PTP link aggregation

Is the traffic symmetric ?

As Wireless is half duplex consider using OSPF to send upstream up one link and downstream on the other.

It also gives good failover.

http://wiki.mikrotik.com/wiki/Setup_Dua ... _with_OSPF


If the post was helpful please give Karma :-)
by scampbell
Thu Mar 15, 2012 7:40 pm
Forum: Beginner Basics
Topic: Need Help.. Hotspot feature not working on RB751U-2HnD
Replies: 6
Views: 1776

Need Help.. Hotspot feature not working on RB751U-2HnD

Make sure wlan1 is not still bridged to ether2.

By default WLAN and ether2 ( plus ether3-5 via switch) are connected in a bridge.


If the post was helpful please give Karma :-)
by scampbell
Thu Mar 15, 2012 7:19 pm
Forum: General
Topic: Multiple HotSpot Servers on One RouterOS
Replies: 3
Views: 1745

Multiple HotSpot Servers on One RouterOS

Create a virtual Ap interface Add a unique ip and network to it, say 10.1.50.1/24 Got to hotspot and, using the wizard, add a hotspot to that interface. If you require unique HTML pages create a new folder, say hotspot2, and specify that directory in the server profile for the 2 nd hotspot. That sho...
by scampbell
Thu Mar 15, 2012 7:10 pm
Forum: General
Topic: RB450G + ROS 5.14 + microSD = strange problem
Replies: 15
Views: 3761

RB450G + ROS 5.14 + microSD = strange problem

Well I have had confirmation from Mikrotik support that the Sandisk C4 4 & 8 GB do not work for them either and no promise of a fix due to a hw limitation currently. Same issue - fine on power up but gone after a soft reboot. I tried a C2 1 GB and that worked ok so off to buy older slower microSD's ...
by scampbell
Tue Mar 13, 2012 6:58 am
Forum: Scripting
Topic: Random password script...
Replies: 7
Views: 10257

Re: Random password script...

A quick edit - the "generate password" line had a couple of typo's :-) # define char table :global chArray a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z :local strPass ""; #get counters :local ch1num [/ip firewall filter get [find comment=r1] packets ]; :local ch2num [/ip firewall filter get [...
by scampbell
Fri Mar 09, 2012 1:22 am
Forum: RouterBOARD hardware
Topic: R5SHPn minpci card and heating problem ?
Replies: 8
Views: 2459

R5SHPn minpci card and heating problem ?

True- that was a footer set up in Tapatalk. Now modified :-)
by scampbell
Thu Mar 08, 2012 9:12 pm
Forum: RouterBOARD hardware
Topic: R5SHPn minpci card and heating problem ?
Replies: 8
Views: 2459

R5SHPn minpci card and heating problem ?

We are looking to put one of these in an Acconet EN5820 enclosure.

These are made from plastic so I wonder if the heat will be an issue ?
by scampbell
Thu Mar 08, 2012 7:06 am
Forum: General
Topic: Upgrade to 5.14 / RB1100 not booting anymore.
Replies: 3
Views: 2327

Upgrade to 5.14 / RB1100 not booting anymore.

I always cross my fingers when doing an upgrade remotely as it can crash. If it crashes you need to get into the car and go to site. My advice would be to only do it if you have to.

You cannot run different versions of packages when you update.
by scampbell
Wed Mar 07, 2012 8:42 pm
Forum: General
Topic: RB450G + ROS 5.14 + microSD = strange problem
Replies: 15
Views: 3761

RB450G + ROS 5.14 + microSD = strange problem

I also received a response yesterday and have provided some more info to Mikrotik on microSD model.

Mine are Sandisk C4 sdhc 4 & 8 GB models




If the post was helpful please give Karma :-)
by scampbell
Wed Mar 07, 2012 8:34 pm
Forum: General
Topic: I have 2 questions for your licence
Replies: 6
Views: 802

I have 2 questions for your licence

Thanks cbrown for the clarification - you are correct. The other issue to consider before upgrading your license is NAND storage on the RB. Many need an additional microSD to successfully run UM, or Dude etc especially in a big site :-) You can check under the System Resource command. If you run out...
  • 1
  • 2