Community discussions

Search found 445 matches

  • 1
  • 2
by scampbell
Thu Aug 17, 2017 5:12 am
Forum: Announcements
Topic: Wireless link calculator updated
Replies: 67
Views: 30130

Re: Wireless link calculator updated

Currently the map appears to start in Riga (not sure why ?? hehe ) but it would be nice to have it default to the users default location ? Or allow passing start point via URL so we could add a link on our website and have it default to our own country ? +1 for change default location to user curre...
by scampbell
Thu Aug 10, 2017 8:20 am
Forum: Wireless Networking
Topic: Capsman + ccr1009 + wAP ac
Replies: 1
Views: 649

Re: Capsman + ccr1009 + wAP ac

You need two unique datapaths configured in capsman, one for each SSID. On the CAPsMAN Controller create two bridges, apply unique IP and DHCP combo on each bridge. Then create two datapaths, one for each bridge. Specify which datapath to use with which ssid (done in CAPsMAN Configuration) CAPsMAN w...
by scampbell
Thu Aug 10, 2017 8:11 am
Forum: Wireless Networking
Topic: Bonding Wireless
Replies: 18
Views: 8097

Re: Bonding Wireless

If you are testing SXT's in one room I would recommend reducing Tx Power on all radios so they perform better. Default Tx power in one room gives terrible results. Make sure you choose different non-conflicting channels for each radio pair, use scan or frequency usage to choose the best two channels...
by scampbell
Thu Aug 10, 2017 4:30 am
Forum: Announcements
Topic: Wireless link calculator updated
Replies: 67
Views: 30130

Re: Wireless link calculator updated

Start point - Well I guess I now live in Wellington - where ever that is or what country it is in.
Out of missile range we hope :-)
by scampbell
Thu Aug 10, 2017 4:22 am
Forum: Announcements
Topic: Wireless link calculator updated
Replies: 67
Views: 30130

Re: Wireless link calculator updated

Currently the map appears to start in Riga (not sure why ?? hehe ) but it would be nice to have it default to the users default location ? Or allow passing start point via URL so we could add a link on our website and have it default to our own country ? UPDATE: It actually does this now e.g: https...
by scampbell
Thu Aug 10, 2017 4:19 am
Forum: Announcements
Topic: Wireless link calculator updated
Replies: 67
Views: 30130

Re: Wireless link calculator updated

Currently the map appears to start in Riga (not sure why ?? hehe ) but it would be nice to have it default to the users default location ? Or allow passing start point via URL so we could add a link on our website and have it default to our own country ?
by scampbell
Mon Aug 07, 2017 12:39 am
Forum: Announcements
Topic: Wireless link calculator updated
Replies: 67
Views: 30130

Re: Wireless link calculator updated

Nice work. Thank you
by scampbell
Mon Jun 26, 2017 9:42 pm
Forum: Announcements
Topic: v6.40rc [release candidate] is released!
Replies: 231
Views: 45349

Re: v6.40rc [release candidate] is released!

NV2 Sync appears to be working ok on my trial site, but... While you can only configure it with CLI to work, if you change anything else in Winbox relating to Wireless it loses the CLI configured NV2 settings on close. Can we get this fixed ASAP please ? Also /interface wireless monitor 0 shows the ...
by scampbell
Thu May 18, 2017 1:49 am
Forum: Wireless Networking
Topic: cAP mode button changes poll
Replies: 17
Views: 4073

Re: cAP mode button changes poll

Sorry - I thought they were proposing including WLAN in the bridge ? 2) proposed change: put the management ether1 port also into the same bridge with wireless and rest of the ethernet interfaces and place the dhcp-client on the bridge interface. Agree the rest of what I want is the same as the prop...
by scampbell
Thu May 18, 2017 1:24 am
Forum: Wireless Networking
Topic: cAP mode button changes poll
Replies: 17
Views: 4073

Re: cAP mode button changes poll

My preferred config would be : 1. ether1 in BridgeLocal only (no WLAN - leave that for Capsman Datapath to sort) 2. Cap enable, Bridge=BridgeLocal, Discovery Interface=BridgeLocal 3. DHCP-Client on BridgeLocal And my biggest wish - this be the Factory Default for all wAP and cAP products. Have E1 fi...
by scampbell
Thu May 11, 2017 1:33 am
Forum: General
Topic: Bypass Radius
Replies: 4
Views: 778

Re: Bypass Radius

If the first radius returns it will revert back to responding first.

See viewtopic.php?t=85474
by scampbell
Thu May 11, 2017 1:28 am
Forum: The Dude
Topic: Adding Winbox Tool
Replies: 26
Views: 13779

Re: Adding Winbox Tool

I found one site (W10 Desktop) required additional parentheses (as below) - not sure why but it sorted a file not found error. 8) Windows ???? :lol:

"%HOMEPATH%\Desktop\winbox.exe" [Device.FirstAddress] "[Device.UserName]" "[Device.Password]"
by scampbell
Tue Apr 11, 2017 1:19 pm
Forum: General
Topic: routerOs 6.38.5 - pcie modem - step to send receive sms
Replies: 8
Views: 1504

Re: routerOs 6.38.5 - pcie modem - step to send receive sms

There is a setting under system ports to disable firmware. I tried this followed by a reboot but no joy on lte devices.....


Sent from my iPhone using Tapatalk
by scampbell
Tue Apr 11, 2017 1:18 pm
Forum: General
Topic: routerOs 6.38.5 - pcie modem - step to send receive sms
Replies: 8
Views: 1504

Re: routerOs 6.38.5 - pcie modem - step to send receive sms

I tried this today and no lte device could send Sms but 3G devices that show as ppp could send or receive Sms provided the ppp interface was disabled. I think it is a limitation of LTE ? I even tried an sxt lte from
Mikrotik [emoji3]


Sent from my iPhone using Tapatalk
by scampbell
Tue Apr 11, 2017 1:11 pm
Forum: General
Topic: Forwarding packets on input chain
Replies: 6
Views: 977

Re: Forwarding packets on input chain

Mangle can work in prerouting, input, forward, output or postrouting chains.....


Sent from my iPhone using Tapatalk
by scampbell
Tue Apr 11, 2017 1:10 pm
Forum: General
Topic: Bypass Radius
Replies: 4
Views: 778

Re: Bypass Radius

Mikrotik will check ppp secret then radius. So you can either duplicate your accounts and activate them using net watch or set up a backup radius server


Sent from my iPhone using Tapatalk
by scampbell
Tue Apr 11, 2017 11:33 am
Forum: Beginner Basics
Topic: Winbox connect to MAC
Replies: 14
Views: 5181

Re: Winbox connect to MAC

Check no av, firewall or virtual box on pc. Also try a fixed IP address....


Sent from my iPhone using Tapatalk
by scampbell
Tue Apr 11, 2017 11:20 am
Forum: Beginner Basics
Topic: Winbox connect to MAC
Replies: 14
Views: 5181

Re: Winbox connect to MAC

Try accessing via another router using ip neighbour and then right-click to open with Mac-telnet


Sent from my iPhone using Tapatalk
by scampbell
Tue Apr 11, 2017 11:18 am
Forum: General
Topic: /ip route with named gateway doesn't work
Replies: 6
Views: 1007

Re: /ip route with named gateway doesn't work

Named interfaces only work on interfaces point to point (ppp) addresses otherwise there are too many possible valid hosts to know which one is the next hop.


Sent from my iPhone using Tapatalk
by scampbell
Wed Apr 05, 2017 9:09 pm
Forum: Beginner Basics
Topic: Pass Through Port in (RB951Ui-2Hnd)
Replies: 2
Views: 554

Re: Pass Through Port in (RB951Ui-2Hnd)

Also note the PoE out port is Passive 24v PoE not 802.3af/at PoE (48V). What standard does your device use ?
by scampbell
Wed Apr 05, 2017 9:42 am
Forum: Beginner Basics
Topic: routing problem
Replies: 8
Views: 774

Re: routing problem

The example was so Winbox could be accessed via either WAN. Note also a Remote VPN can connect via either WAN (subject to firewall rules) and then any VPN traffic will automatically flow over the correct WAN. If you are doing a site to site VPN that's another issue that will require routes or IPSEC....
by scampbell
Wed Apr 05, 2017 12:32 am
Forum: Beginner Basics
Topic: routing problem
Replies: 8
Views: 774

Re: routing problem

Hi Farshad, If you use connection-marks to identify traffic FROM a specific WAN t0 allow the response to then return through the correct WAN then passthrough=yes is required. So for just Winbox and VPN you would say: /ip mangle /ip firewall mangle add action=mark-connection chain=input comment=In-Ne...
by scampbell
Wed Apr 05, 2017 12:16 am
Forum: General
Topic: dynDNS SCRIPT THAT WORKS
Replies: 13
Views: 20822

Re: dynDNS SCRIPT THAT WORKS

Could you have a solution for multi WAN enviromment? Can I choose what WAN interface would be bind to that service? IP Cloud will use the WAN with the smallest distance by default. If you want to specifically use a different WAN then you would need to use a Mangle Rule on the Output Chain to captur...
by scampbell
Mon Apr 03, 2017 10:46 pm
Forum: Beginner Basics
Topic: routing problem
Replies: 8
Views: 774

Re: routing problem

Please post an export e.g "/ip firewall export" and paste the results in here.

Here is an excellent article on how to set up dual wan that may also assist :-) https://aacable.wordpress.com/2013/12/0 ... oe-server/
by scampbell
Wed Mar 22, 2017 4:33 am
Forum: Announcements
Topic: v6.37.5 [bugfix] is released!
Replies: 35
Views: 13266

Re: v6.37.5 [bugfix] is released!

I think that this version has problems with: - Winbox session can't be established - The Dude has massive Datastore usage - There is no way to upload file in "The Dude -> Files" Copying files across via Winbox drag 'n drop seems to work ok. I recall reading that is the way forward now. No more drag...
by scampbell
Fri Feb 10, 2017 10:36 pm
Forum: General
Topic: Poor Bandwidth over RouterBoard WLAN
Replies: 2
Views: 495

Re: Poor Bandwidth over RouterBoard WLAN

Try setting channel to 20MHz Ceee and protocol=802.11. Also check no other wireless devices are using 5180 Ceee.

Ensure your wireless security profile does not use TKIP. Just AES is best and wpa2-psk only.


Sent from my iPhone using Tapatalk
by scampbell
Fri Feb 10, 2017 10:31 pm
Forum: Beginner Basics
Topic: EOIP over IPSEC TWO RB750
Replies: 21
Views: 12509

Re: EOIP over IPSEC TWO RB750

If you are sure firewall is not stopping any packets then enable IPSec in the logs and see what is happening.


Sent from my iPhone using Tapatalk
by scampbell
Fri Feb 10, 2017 10:28 pm
Forum: Beginner Basics
Topic: EOIP over IPSEC TWO RB750
Replies: 21
Views: 12509

Re: EOIP over IPSEC TWO RB750

If you enable IPSec you also need to allow Protocol 50 and UDP 500 & 4500 in the Input chain on both routers. Hope this helps.


Sent from my iPhone using Tapatalk
by scampbell
Wed Jan 04, 2017 9:22 pm
Forum: General
Topic: Feature request: CAPsManager - roaming
Replies: 79
Views: 22812

Re: Feature request: CAPsManager - roaming

I understand this topic is roaming, but I also get asked a lot about band steering on Capsman ? This would also be a nice feature to have ?


Sent from my iPhone using Tapatalk
by scampbell
Wed Jan 04, 2017 9:07 pm
Forum: General
Topic: ARM has no user-manager ?
Replies: 9
Views: 2900

Re: ARM has no user-manager ?

http://wiki.mikrotik.com/wiki/User_Manager/Introduction#What_is_User_Manager "The MikroTik User Manager works on x86, MIPS, PowerPC and TILE processor based routers and CHR devices" UM is not supported on ARM, MMIPS and SMIPS currently. Is there a timeframe please ? The RB3011 or RB750GR3 would be ...
by scampbell
Tue Dec 20, 2016 10:19 pm
Forum: General
Topic: Problem with Simple Queue Graphs
Replies: 4
Views: 683

Re: Problem with Simple Queue Graphs

please check the out put of "/queue simple export" ?
by scampbell
Mon Dec 19, 2016 9:13 pm
Forum: Beginner Basics
Topic: IP Route not working
Replies: 3
Views: 600

Re: IP Route not working

Please check your cisco will actually reply to an ICMP Ping ? Also check if the interface the IP address 22.22.22.1/24 is attached to is active. If not then the IP may also not be active. What about pinging 22.22.22.2 ? does this work ? What about traceroute ? The cisco is physically attached to bot...
by scampbell
Wed Nov 09, 2016 12:26 am
Forum: General
Topic: Efficient Wireless Bridging
Replies: 7
Views: 919

Re: Efficient Wireless Bridging

Here is a presntation from one of the MUM's - check out page 11 onwards -it describes most of the limitations and benefits of the different methods :D

http://mum.mikrotik.com/presentations/P ... 012-PL.pdf
by scampbell
Wed Nov 09, 2016 12:19 am
Forum: Beginner Basics
Topic: FW rule to block port 22, but still can ssh in
Replies: 11
Views: 2897

Re: FW rule to block port 22, but still can ssh in

The current rule set works. You are correct it works - but I would still recommend removing that section of the rule as it is not required WithTcpFlag.PNG It is common when rules have been checked in Winbox and options opened but not actually filled in for entries like that to get left behind as or...
by scampbell
Tue Nov 08, 2016 8:21 pm
Forum: General
Topic: Efficient Wireless Bridging
Replies: 7
Views: 919

Re: Efficient Wireless Bridging

You cannot bridge mode-station. You can't, but you can bridge an EoIP tunnel layered over it. You can, true, but it is not as efficient as a simple bridge. If you really wanted to layer a tunnel over that type of link vpls offers a 60% faster solution than eoip and full unfragmented Mtu of 1500 or ...
by scampbell
Tue Nov 08, 2016 11:30 am
Forum: General
Topic: CAPsMAN info needed
Replies: 5
Views: 633

Re: CAPsMAN info needed

DHCP is a layer2 function so connect clients to specific client interface/vlan with a suitable DHCP-server and pool.


Sent from my iPhone using Tapatalk
by scampbell
Tue Nov 08, 2016 11:30 am
Forum: General
Topic: CAPsMAN info needed
Replies: 5
Views: 633

Re: CAPsMAN info needed

DHCP is a layer2 function so connect clients to specific client interface/vlan with a suitable DHCP-server and pool.


Sent from my iPhone using Tapatalk
by scampbell
Tue Nov 08, 2016 11:15 am
Forum: General
Topic: Problem with Simple Queue Graphs
Replies: 4
Views: 683

Re: Problem with Simple Queue Graphs

Check /ip services http is still enabled on port 80 ? Also firewall for http traffic ?

Perhaps Somone has disabled these ?


Sent from my iPhone using Tapatalk
by scampbell
Tue Nov 08, 2016 11:11 am
Forum: RouterBOARD hardware
Topic: wAP AC (General questions and experience)
Replies: 118
Views: 44060

wAP AC (General questions and experience)

Thanks for your feedback, that is really appreciated. The area I need to cover is a harbour of about 120 x 260 meters. In the harbour their are a lot of boats (obviously) with masts (sailboats) as wel as metal boats. The requirement is that there is good WIFI reception inside the boat. Cabling is n...
by scampbell
Tue Nov 08, 2016 11:05 am
Forum: General
Topic: Poweboxes !
Replies: 6
Views: 843

Re: Poweboxes !

Sounds like the switch chip is still working but routeros has hung. I'd suggest sending a supout to Mikrotik.......


Sent from my iPhone using Tapatalk
by scampbell
Tue Nov 08, 2016 11:00 am
Forum: General
Topic: Efficient Wireless Bridging
Replies: 7
Views: 919

Re: Efficient Wireless Bridging

Station-wds is not optimal in an 802.11n environment as it does not work well with packet aggregation ampdu etc which gives the higher speeds


Sent from my iPhone using Tapatalk
by scampbell
Tue Nov 08, 2016 10:58 am
Forum: General
Topic: Efficient Wireless Bridging
Replies: 7
Views: 919

Re: Efficient Wireless Bridging

You cannot bridge mode-station. If mikrotik to mikrotik wireless use mode=station-bridge to connect to mode=bridge or mode=Ap/bridge



Sent from my iPhone using Tapatalk
by scampbell
Tue Nov 08, 2016 10:56 am
Forum: Beginner Basics
Topic: FW rule to block port 22, but still can ssh in
Replies: 11
Views: 2897

Re: FW rule to block port 22, but still can ssh in

Your default input drop rule has a setting of tcp-flags=""

This is probably the problem. Remove any reference to tcp-flags and it should then catch anything not specifically allowed before that.


Sent from my iPhone using Tapatalk
by scampbell
Mon Nov 07, 2016 9:49 am
Forum: Beginner Basics
Topic: FW rule to block port 22, but still can ssh in
Replies: 11
Views: 2897

Re: FW rule to block port 22, but still can ssh in

I would enable rules 3 and 8. These will block all internet access to your router and protect your LAN.

Do check that e1 is your wan interface as it may not be if you run pppoe or a vlan to get to the internet.


Sent from my iPhone using Tapatalk
by scampbell
Sun Oct 30, 2016 7:52 pm
Forum: Beginner Basics
Topic: Problem with load balans RB433AH
Replies: 2
Views: 383

Re: Problem with load balans RB433AH

If you want the system to fail over should one or the other WAN stop then you need to add a backup route for each WAN (being the other WAN and a higher distance. You have done this for the main routing table but not for the to_WAN1 or to_WAN2 tables. #Main Routes add check-gateway=ping comment=Telne...
by scampbell
Fri Sep 30, 2016 6:59 am
Forum: Announcements
Topic: v6.37 [current] is released!
Replies: 197
Views: 34443

Re: v6.37 [current] is released!

I just had a really strange problem with the upgrade from 6.36 to 6.37 When I did the upgrade (using the Mikrotik check-for-upgrade via winbox), the Mikrotik (RB435G) did the upgrade to 6.37 however in Winbox, there was no Wireless section In packages there were two wireless packages, one was 6.37 ...
by scampbell
Fri Sep 30, 2016 6:57 am
Forum: Announcements
Topic: v6.37 [current] is released!
Replies: 197
Views: 34443

Re: v6.37 [current] is released!

I just had a really strange problem with the upgrade from 6.36 to 6.37 When I did the upgrade (using the Mikrotik check-for-upgrade via winbox), the Mikrotik (RB435G) did the upgrade to 6.37 however in Winbox, there was no Wireless section In packages there were two wireless packages, one was 6.37 ...
by scampbell
Thu Sep 29, 2016 4:26 am
Forum: Announcements
Topic: v6.37 [current] is released!
Replies: 197
Views: 34443

Re: v6.37 [current] is released!

I can also confirm the wireless upgrade problem when upgrading to 6.37. In this case going from 6.24 using wireless-fp, the upgrade went through but afterward I had wireless 6.37, wireless 6.24 and wireless-fp 6.24 all present and disabled. Uninistalling via CLI did not remove them. Downgrading to B...
by scampbell
Wed Sep 28, 2016 3:41 am
Forum: Announcements
Topic: v6.37 [current] is released!
Replies: 197
Views: 34443

Re: v6.37 [current] is released!

Hello Folks! We have been running an wireless enterprise environment for many years, we had to fully stop the update of all our devices since it has been announced that DFS mode has been put on based on which country you set. But how can I see if DFS is activated on my devices which I tested to upg...
by scampbell
Sat Sep 24, 2016 5:57 am
Forum: Beginner Basics
Topic: Multiple EoIP tunnels or VLANs
Replies: 2
Views: 922

Re: Multiple EoIP tunnels or VLANs

Beware of mtu's though. if you push multiple vlans through an eoip tunnel you decrease the mtu as the vlan headers take up 8 bytes.


Sent from my iPhone using Tapatalk
by scampbell
Sat Sep 24, 2016 5:54 am
Forum: General
Topic: Reset HAP AC doesn't seem to work
Replies: 2
Views: 1710

Re: Reset HAP AC doesn't seem to work

There is a Winbox packaged up for Mac on this forum which works nicely :-)

Makes sure initial connection is not via ether1 as this is fire walled by default.


Sent from my iPhone using Tapatalk
by scampbell
Sat Sep 24, 2016 5:52 am
Forum: Beginner Basics
Topic: PPTP stopped working
Replies: 6
Views: 2221

Re: PPTP stopped working

Enable PPTP logging in /system logging add topic=PPTP and see if that gives better information. Also make sure your input firewall rules are allowing PPTP or setup etc. ensure no dst-nat rule is redirecting the traffic too [emoji12] Allow tcp 1723 and gre in the input chain. MikroTik PPTP is pretty ...
by scampbell
Wed Sep 21, 2016 4:56 am
Forum: General
Topic: Web proxy redirect rules
Replies: 2
Views: 1150

Re: Web proxy redirect rules

MikroTik web proxy does not support 443


Sent from my iPhone using Tapatalk
by scampbell
Fri Sep 02, 2016 6:51 am
Forum: Forwarding Protocols
Topic: OSPF default route
Replies: 4
Views: 1780

Re: OSPF default route

Well I found the problem it was related to a third party firewall in the network which was causing some issues and its now resolved. Apparently it was blocking all traffic to Port 89, as soon as I had put an exception everything started working normally
That'll do it :lol:
by scampbell
Fri Sep 02, 2016 6:49 am
Forum: Wireless Networking
Topic: How to disable WPS button in RB951Ui-2nD with rOS 6.32.4?
Replies: 9
Views: 5207

Re: How to disable WPS button in RB951Ui-2nD with rOS 6.32.4?

enable wireless-cm2 and reboot - WPS should be back. :-)
by scampbell
Fri Sep 02, 2016 6:45 am
Forum: The Dude
Topic: The Dude, v6.37rc test builds.
Replies: 92
Views: 17618

Re: The Dude, v6.37rc test builds.

Would this include access to /tool sms and /tool e-mail for example ?? :-) Pretty much that. However email tool is already accessible for use with notifications. http://wiki.mikrotik.com/images/f/fc/Dude-email-notif.PNG Haha - of course e-mail is there - sorry. How long until we may see access to t...
by scampbell
Tue Aug 23, 2016 9:52 pm
Forum: RouterBOARD hardware
Topic: Q2 2016 But still no Gigabit PoE Routerboard...
Replies: 53
Views: 8656

Re: Q2 2016 But still no Gigabit PoE Routerboard...

Yup,

we also have lots of inquirys about 24port poe switch...
+1 !!
by scampbell
Tue Aug 23, 2016 9:50 pm
Forum: The Dude
Topic: The Dude, v6.37rc test builds.
Replies: 92
Views: 17618

Re: The Dude, v6.37rc test builds.

@dimsoft

That is not possible at the moment. However we do intend to add some access to server host ROS side for better notification options.
Would this include access to /tool sms and /tool e-mail for example ?? :-)
by scampbell
Fri Aug 05, 2016 2:17 am
Forum: General
Topic: how to make the unit reboot in script?
Replies: 3
Views: 1746

Re: how to make the unit reboot in script?

I concur with BlackVS.

We often create a scheduler to reboot router at midnight with just "/system reboot" as the only command - it works well and is only "interactive" when run from a console.
by scampbell
Mon Jul 25, 2016 3:59 am
Forum: General
Topic: Windows 10 and netinstall
Replies: 19
Views: 15235

Re: Windows 10 and netinstall

False alarm. I have installed new Win10, and now everything working great. The question is what peace of software killed netinstall last time. I will do step by step app install... This is going to sound stupid... but have you tried changing its name? No joke! After installing Windows 10, I had the...
by scampbell
Mon Jun 20, 2016 11:42 pm
Forum: General
Topic: SXT AC best settings
Replies: 82
Views: 49670

Re: SXT AC best settings

/interface wireless set [ find default-name=wlan1 ] band=5ghz-a/n Perhaps setting wireless mode to 5GHz-onlyac or 5ghz-a/n/ac might also help (on both ends) ? My bench testing with registration signal of -50dB is giving 450-500 Mbps UDP - but only 120Mbps TCP on 802.11 80Mhz Ceee WPA2-PSK I'll be t...
by scampbell
Fri May 27, 2016 8:13 am
Forum: RouterBOARD hardware
Topic: wAP AC (General questions and experience)
Replies: 118
Views: 44060

Re: wAP AC (General questions and experience)

deleted - off topic
by scampbell
Thu May 26, 2016 9:38 am
Forum: RouterBOARD hardware
Topic: wAP AC (General questions and experience)
Replies: 118
Views: 44060

Re: wAP AC (General questions and experience)

Mikrotik. I have to say, this is one of the nicest pieces of hardware you have designed. My only real feedback is that a LED visible from the outside would be welcome. This way we can see at a glance if the unit is operational. We use the LED all the time on our Motorola, AeroHive and Ubiquity AP's...
by scampbell
Sun May 15, 2016 6:16 am
Forum: Wireless Networking
Topic: How to disable WPS button in RB951Ui-2nD with rOS 6.32.4?
Replies: 9
Views: 5207

Re: How to disable WPS button in RB951Ui-2nD with rOS 6.32.4?

Also try /system package print

You may be using wireless-fp which does not support WPS anyway :-)
by scampbell
Thu May 05, 2016 11:02 pm
Forum: RouterBOARD hardware
Topic: CRS226 SFP LINK PROBLEMS WITH RB260GSP
Replies: 1
Views: 737

Re: CRS226 SFP LINK PROBLEMS WITH RB260GSP

Did you get anywhere with this ?

I just tried to link a CRS226 via SFP1 and S-RJ45 to ether25 on a CRS125 and no traffic would pass.

Going to look into this further and will see what I find :-)
by scampbell
Thu May 05, 2016 8:33 am
Forum: Wireless Networking
Topic: wAP WOES
Replies: 9
Views: 1353

Re: wAP WOES

This installation is for a hotel, therefore I dont think that enabling local forwarding would make any sense
We use these in hotels with local forwarding. If you use managed switches then it shouldn't be an issue and you can use VLAN's if necessary for isolation.
by scampbell
Thu May 05, 2016 12:45 am
Forum: Wireless Networking
Topic: wAP WOES
Replies: 9
Views: 1353

Re: wAP WOES

Local forwarding has been disabled in the CAPsMAN settings, for all APs All RB912 on the same network are configured with a bridge containing both ether1 and wlan1, and they are functionning quite nicely; it is only the wAPs that seem to have a problem with this setup Lastly, I don't see the purpos...
by scampbell
Wed May 04, 2016 12:52 pm
Forum: General
Topic: blocking dhcp over eoip tunnel, but allow local dhcp
Replies: 10
Views: 1810

blocking dhcp over eoip tunnel, but allow local dhcp

Input is to the router and output is from the router. If you want to stop dhcp from
Goin through the bridge the forward chain would be where I place those rules on the bridge filter


Sent from my iPhone using Tapatalk
by scampbell
Wed May 04, 2016 7:43 am
Forum: Wireless Networking
Topic: Mikrotik Outdoor Wireless Network signal test
Replies: 2
Views: 975

Re: Mikrotik Outdoor Wireless Network signal test

Tx/Rx Signal Strength: When aligning the endpoints you want this as high as possible ( -40 to -65 dBm say) Tx/Rx CCQ: This shows how many packets get through , so 50% means half are getting dropped. Good TX/RX Signal and poor CCQ is a sign of interference - try a different channel Signal To Noise: T...
by scampbell
Wed May 04, 2016 7:35 am
Forum: Wireless Networking
Topic: Non-Overlapping Channels?
Replies: 1
Views: 910

Re: Non-Overlapping Channels?

Google is your friend - https://en.wikipedia.org/wiki/List_of_WLAN_channels :D Ce or Ceee mean centre channel plus next channel (or channels). So 2412 Ce would be 2412 + 2432 - note on 2.4GHz we recommedn only 1 (2412), 6 (2437) & 11 (2462) with 20Mhz Channel widths to avoid overlapping coverage in ...
by scampbell
Wed May 04, 2016 7:20 am
Forum: Wireless Networking
Topic: wAP WOES
Replies: 9
Views: 1353

Re: wAP WOES

Thanks for your response Uldis On the wAPs the bridge systematically ends up using wlan1's MAC address. I did try to set the bridge's admin MAC address but as with the wireless' MAC address, the interface isn't reachable via layer 3. I don't understand why it works at the moment, that is, by not ad...
by scampbell
Wed May 04, 2016 7:16 am
Forum: RouterBOARD hardware
Topic: wAP AC (General questions and experience)
Replies: 118
Views: 44060

Re: wAP AC (General questions and experience)

It would be good if wireless-rep became the default and they deprecated all the other wireless packages :) Mikrotik confirmed to me last night wireless-cm2 would be the default on the next batch which is something. No doubt wireless-rep will become the only package at some point but hopefully they ...
by scampbell
Wed May 04, 2016 6:58 am
Forum: RouterBOARD hardware
Topic: wAP AC (General questions and experience)
Replies: 118
Views: 44060

Re: wAP AC (General questions and experience)

When they arrive they have the default config with firewall on ethernet and open wireless. So if you want to manage them you need to connect to the wifi, or reset them into CAP mode. To reset into CAP mode, power them up whilst holding the reset button in. The wireless lan lights will flash, and af...
by scampbell
Fri Apr 15, 2016 3:42 am
Forum: Announcements
Topic: v6.35rc [release candidate] is released, new wireless package!
Replies: 537
Views: 104833

Re: v6.35rc [release candidate] is released, new wireless package!

Is it possible to add more information about connected user to CAPSMAN view with wireless-rep package? e.g. user name being used, auto-translation of vendor part of MAC (well it´s a gimmick) http://fs5.directupload.net/images/160414/nfdarvre.png If your were to create access lists based on the OUI ...
by scampbell
Thu Apr 14, 2016 8:13 am
Forum: General
Topic: vlan with dhcp server
Replies: 7
Views: 1099

Re: vlan with dhcp server

Show your config for ether5 and the VLAN. my config on ether5 and vlan is exactly like my 1st post. Interface vlan40 add to ether5 and i created dhcp server for vlan40. Unless your PC is using inserting Vlan Tags it will be looking for DHCP on ether5. Use the Torch function with all options enabled...
by scampbell
Tue Apr 12, 2016 8:22 am
Forum: Forwarding Protocols
Topic: OSPF default route
Replies: 4
Views: 1780

Re: OSPF default route

Assuming this router is running OSPF it is strange there are no known OSPF routes at all in the routing table ? They should show with a flag of "o" ?

Perhaps "/route ospf export" and "/ip add pr" from the router with the default route and the one wishing to receive it please. :-)
by scampbell
Tue Apr 12, 2016 8:15 am
Forum: Forwarding Protocols
Topic: can pptp server accept multiple client from same public ip ???
Replies: 2
Views: 1519

Re: can pptp server accept multiple client from same public ip ???

If you mean can you receive and process a PPTP connection request from multiple clients masqueraded behind one remote public IP then yes that should work as each connection will have a unique src-port. For example 10 of your staff are staying in a hotel and all want to connect back to the office via...
by scampbell
Tue Apr 12, 2016 6:23 am
Forum: Announcements
Topic: v6.35rc [release candidate] is released, new wireless package!
Replies: 537
Views: 104833

Re: v6.35rc [release candidate] is released, new wireless package!

Did someone try to this new feature? >> wireless background scan I wanted to script a background scan for known Wifi-APs and if found, connect to it automatically. The Microtik is in a car, and I know several Wifi along the road (while stopping the car!). The Idea was: Scan for known ssid's (or MAC...
by scampbell
Mon Apr 11, 2016 7:30 am
Forum: Beginner Basics
Topic: hAP ac slow Ethernet Internet performance
Replies: 20
Views: 8043

Re: hAP ac slow Ethernet Internet performance

It is sometimes worth disabling RSTP on the bridge as well...... for whatever reason I have noticed RSTP sometimes incorrectly disables ethernet ports on the newer versions of RoS. I've not been able to "pin" this down but by disabling it when I am getting ethernet issues the performance has been be...
by scampbell
Thu Mar 17, 2016 9:59 pm
Forum: General
Topic: DHCP Relay VLANs on RB751U-2HnD
Replies: 11
Views: 2705

Re: DHCP Relay VLANs on RB751U-2HnD

Hi SSI, I would suggest following this example http://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Relay#Example_setup Also check your HP Switches support L2MTU 1594 ? From what I can see your example is pretty much like the above except that you are using an MS server as primary DHCP. Here is my interprea...
by scampbell
Tue Mar 15, 2016 12:23 am
Forum: General
Topic: Slow speeds from CRS125
Replies: 57
Views: 4174

Re: Slow speeds from CRS125

Thanks for the help! Here are the results for mturoute: http://imgur.com/8Iqq4ar.jpg And here is the mtupath results: http://imgur.com/jjnmK64.jpg I would check the MTU and MSS of your WAN too - just to be sure...... 1. download MTUPATH.EXE ( http://www.iea-software.com/products/mtupath.cfm ) and s...
by scampbell
Mon Mar 14, 2016 11:23 pm
Forum: General
Topic: Slow speeds from CRS125
Replies: 57
Views: 4174

Re: Slow speeds from CRS125

I would check the MTU and MSS of your WAN too - just to be sure...... 1. download MTUPATH.EXE ( http://www.iea-software.com/products/mtupath.cfm ) and see what the results for MSS are; 2. download MTUROUTE.EXE (http://www.elifulkerson.com/projects/mturoute.php ) and see what it finds It may be a VLA...
by scampbell
Mon Mar 14, 2016 11:05 pm
Forum: Announcements
Topic: Winbox3.3 released!
Replies: 37
Views: 9364

Re: Winbox3.3 released!

Quick work !! :-)

Windows Smartscreen does not like it though - reports it as an unrecognised app from an unknown publisher on Windows10. You have to force Windows to run anyway.....
by scampbell
Fri Mar 11, 2016 4:39 am
Forum: General
Topic: Slow speeds from CRS125
Replies: 57
Views: 4174

Re: Slow speeds from CRS125

Try disabling any simple queues and changing the WAN port interface queue type as per http://forum.mikrotik.com/viewtopic.php?t=103542
by scampbell
Fri Mar 11, 2016 4:34 am
Forum: Announcements
Topic: Winbox3.2 released!
Replies: 59
Views: 11324

Re: Winbox3.2 released!

AVG again !!! Grrr. Why does this keep happening I wonder ? Perhaps AVG have some shares in another vendor starting with U :-)
by scampbell
Tue Mar 08, 2016 2:15 am
Forum: Forwarding Protocols
Topic: Redirect port 80 for external web administration
Replies: 2
Views: 3309

Re: Redirect port 80 for external web administration

For port 80 traffic from anywhere /ip firewall add action=dst-nat chain=dstnat comment="Web Server" disabled=no dst-port=80 protocol=tcp in-interface=ether1-gateway to-addresses=192.168.1.50 For remote router access via external Port 9000 /ip firewall add action=redirect chain=dstnat comment="Web Se...
by scampbell
Tue Mar 08, 2016 2:08 am
Forum: Forwarding Protocols
Topic: MPLS vpls tunnel - MTU problem - wifi i think
Replies: 3
Views: 1127

Re: MPLS vpls tunnel - MTU problem - wifi i think

It looks like something is stealing 4 bytes :-) Your client bridge shows only 1496 actual bytes so I suspect an interface involved in the bridging is dragging it down. Try removong wlan1 from the client bridge (assuming you have local access of course) and see if the bridge actual-MTU increases. Per...
by scampbell
Tue Mar 08, 2016 2:01 am
Forum: Announcements
Topic: v6.35rc [release candidate] is released, new wireless package!
Replies: 537
Views: 104833

Re: v6.35rc [release candidate] is released, new wireless package!

6.35rc19 has been released! *) winbox - added /interface wireless setup-repeater; Nice feature !! When you use this setup repeater button it currently creates a new bridge (called bridge1) and adds WLAN1 plus the new Virtual WLAN into it. Perhaps this could be modified to ask for a bridge to use (i...
by scampbell
Mon Feb 29, 2016 8:06 am
Forum: Wireless Networking
Topic: 100mbps TCP Full duplex link using 4 dish ( NV2 )
Replies: 9
Views: 2657

Re: 100mbps TCP Full duplex link using 4 dish ( NV2 )

Hi , it's a 3 years posts but i'm going to answer it !! it's not so easy , but you can do it with OSPF routing protocol !! that's all if you are not friend;t with OSPF , use static routing , but in this case you will loose redundancy , with OSPF you could have full duplex and redundancy in case of ...
by scampbell
Fri Feb 19, 2016 5:28 am
Forum: Beginner Basics
Topic: Passing all traffic on to proxy server
Replies: 4
Views: 4494

Re: Passing all traffic on to proxy server

/ip firewall nat add chain=dstnat action=dst-nat to-address=proxyIP to-ports=8080 protocol=TCP, dst-port=80,443 in-interface=bridge-lan This will redirect any HTTP and HTTPS to your proxy on port 8080. Doesn't transparent proxy give certificate issues with SSL? I am on a network that requires the u...
by scampbell
Fri Feb 19, 2016 4:10 am
Forum: General
Topic: Some websites not loading on 2 routers
Replies: 6
Views: 1335

Re: Some websites not loading on 2 routers

I've seen that before :-) When an EOIP tunnel is added to the bridge the bridge MTU automatically drops to equal the smallest MTU of the interface in it.. There is a setting on the bridge to "not" automatically adjust MTU but this can lead to fragmentation. Soemtimes the best solution for an office ...
by scampbell
Fri Feb 19, 2016 12:50 am
Forum: General
Topic: Some websites not loading on 2 routers
Replies: 6
Views: 1335

Re: Some websites not loading on 2 routers

If you are connecting via PPPoE ensure your profile is set to allow MSS Clamping. The quick way to check if this is active is to see if there are two Dynamic Forward Mangles rules. If not then it's not running. Here is a link to another forum post on the subject - http://forum.mikrotik.com/viewtopic...
by scampbell
Fri Feb 19, 2016 12:46 am
Forum: Beginner Basics
Topic: EOIP over IPSEC TWO RB750
Replies: 21
Views: 12509

Re: EOIP over IPSEC TWO RB750

FASTTRACK!!!! Disable it and packets pass. Web Pages load. Grrrrr. Spent all day messing with this. I have not gone back to EOIP yet. Just standard IPSec config and its working. Finally. Some progress then :-) Yeah, Fasttrack breaks all kinds of things as the packets bypass the routing engine as su...
by scampbell
Thu Feb 18, 2016 9:29 pm
Forum: General
Topic: dynDNS SCRIPT THAT WORKS
Replies: 13
Views: 20822

Re: dynDNS SCRIPT THAT WORKS

For simple DDNS requirements there is the built in DDNS under /ip cloud ? It's free and it works :-)

It's url is serial_numer.sn.mynetname.net
by scampbell
Thu Feb 18, 2016 9:21 pm
Forum: General
Topic: IP Routes gateway becomes unreachable after PPTP connection restarts
Replies: 7
Views: 2245

Re: IP Routes gateway becomes unreachable after PPTP connection restarts

I have 4 LAN's that I need to access on the other end, as you can see in my previous post. How can I add the 4 LAN's in the route field?
You can add multiple routes in the secret :-

/ppp secret
add name=changeme password=changeme routes=192.168.1.0/24,192.168.7.0/24,192.168.5.0/24,........
by scampbell
Thu Feb 18, 2016 9:15 pm
Forum: Beginner Basics
Topic: Passing all traffic on to proxy server
Replies: 4
Views: 4494

Re: Passing all traffic on to proxy server

You need to create a dstnat rule with

/ip firewall nat
add chain=dstnat action=dst-nat to-address=proxyIP to-ports=8080 protocol=TCP, dst-port=80,443 in-interface=bridge-lan

This will redirect any HTTP and HTTPS to your proxy on port 8080.

Change settings to suit your proxy :-)
by scampbell
Thu Feb 18, 2016 9:09 pm
Forum: Beginner Basics
Topic: How to detect when default gateway changes?
Replies: 3
Views: 615

Re: How to detect when default gateway changes?

Hi Geeko, If you are behind NAT'ed routers then that is the correct way to do it. It also enables a more complex check than just next-hop :-) If you only need to check next-hop then there is also a setting in the default route called "check-gateway" which can use ping. No use if you are connected to...
by scampbell
Thu Feb 18, 2016 9:00 pm
Forum: Beginner Basics
Topic: EOIP over IPSEC TWO RB750
Replies: 21
Views: 12509

Re: EOIP over IPSEC TWO RB750

Hmmm, ok well you have the basics right it seems. I did some looking around and found this link which may help - http://forum.mikrotik.com/viewtopic.php?t=88033 I wonder if you have some peer settings left over from earlier attempts. Try the following and see if it helps... 1. Disable IPSEC in the E...
by scampbell
Wed Feb 17, 2016 10:37 pm
Forum: Beginner Basics
Topic: IPsec site 2 site VPN. Ping fails in one direction.
Replies: 36
Views: 12783

Re: IPsec site 2 site VPN. Ping fails in one direction.

To get rid of fasttrack there is a firewall rule created by default directly below the two rules to allow established and related with an action=fasttrack-connection. The rule looks like this:- "add action=fasttrack-connection chain=forward comment="default configuration" \ connection-state=establis...
by scampbell
Wed Feb 17, 2016 10:28 pm
Forum: Announcements
Topic: v6.34.1 [current] is released!
Replies: 59
Views: 15957

Re: v6.34.1 [current] is released!

I've noticed an issue running 6.34.1 and Winbox 3.1. If I set the email server in Winbox > Tools > Email > Server to either the fqdn or ip of my mail server then try send an email I get an error connecting entry in the logs. "/tool e-mail print" didn't show a server address entry. "/tool e-mail set...
by scampbell
Wed Feb 17, 2016 10:26 pm
Forum: Beginner Basics
Topic: EOIP over IPSEC TWO RB750
Replies: 21
Views: 12509

Re: EOIP over IPSEC TWO RB750

I can't seem to get this to work. The "easier" EOIP. I setup EoIP selected a secret. Made sure the tunnel IDs were the same. All I see it this in my logs 10:28:18 ipsec,error failed to pre-process ph2 packet. Do I need additions to the firewall filter and nat too? Ensure your firewall is allowing i...
by scampbell
Tue Feb 16, 2016 9:01 pm
Forum: General
Topic: Using EoIP as the connector.
Replies: 8
Views: 884

Re: Using EoIP as the connector.

Could you not have used src-nat to fool the pbx that any packets received from a remote network were instead locally sent ? This would eliminate the need for eoip Eric and possibly simpler ? Also where we see sip issues the packet sniffer is the best tool as you can save to a file, called sip.cap fo...
by scampbell
Mon Feb 15, 2016 8:02 pm
Forum: Announcements
Topic: v6.34.1 [current] is released!
Replies: 59
Views: 15957

Re: v6.34.1 [current] is released!

It appeared in v6.34 and is already fixed in v6.35rc. It is just a cosmetic bug that aes-256 is displayed as aes-128 Maybe cosmetic but I have just wasted an hour on it migrating a router and wondering why my scripts dont work. If I specify in CLI to add a peer with enc-algorythm=aes-128 and then r...
by scampbell
Mon Feb 15, 2016 12:49 am
Forum: Wireless Networking
Topic: WDS or not WDS?
Replies: 3
Views: 1707

Re: WDS or not WDS?

Pasted from Uldis slide pg 34: http://mum.mikrotik.com/presentations/PL12/workshop-wireless-2012-PL.pdf 802.11n and WDS • 802.11n frame aggregation can’t be used together with WDS • Max transmit speed drops from 220Mbps to 160Mbps using WDS (UDP traffic) • Station-bridge has the same speed limitatio...
by scampbell
Mon Feb 15, 2016 12:30 am
Forum: Wireless Networking
Topic: Printer Access with "client to client forwarding" disabled
Replies: 6
Views: 1226

Re: Printer Access with "client to client forwarding" disabled

Use the "access list" feature and allow client to client forwarding for specific hosts and the printers. This allows the default action of no-forwarding except for the hosts you specify by mac-address in the access-list. TIP: You can identify specific hosts in the registration table and copy them to...
by scampbell
Mon Feb 15, 2016 12:24 am
Forum: Wireless Networking
Topic: Chromecast problems!
Replies: 8
Views: 3822

Re: Chromecast problems!

We use CAPsMan with our Chromecast so perhaps you need to publish your CAPsMan Controller config and your AP Config.

As you have correctly noted you cannot set the mode to AP/Bridge in Capsman - only AP. This should not be an issue for you as Chromecast connects as a Station anyway.
by scampbell
Thu Feb 04, 2016 11:39 pm
Forum: Announcements
Topic: Winbox3.1 released!
Replies: 50
Views: 26035

Re: Winbox3.1 released!

We have found issue with hAP lite and missing information. We will fix it in next release. Toigoweb - what does "lot of bug" mean? Can you give examples? Everyone - please report to support@mikrotik.com with description of your problem and screen shots. Forum is for users. If you want to have resol...
by scampbell
Thu Feb 04, 2016 10:44 pm
Forum: Beginner Basics
Topic: Email settings
Replies: 13
Views: 1789

Re: Email settings

Please try setting your e-mail server using the CLI. We have found setting this in Winbox does not work in the RoS 6.34 or 6.33.5 and reported it to Mikrotik.

/tool e-mail set address=x.x.x.x
by scampbell
Thu Feb 04, 2016 12:28 pm
Forum: Wireless Networking
Topic: Mikrotik AC PtP - Nstreme will NOT connect at all but NV2 will???
Replies: 53
Views: 8825

Mikrotik AC PtP - Nstreme will NOT connect at all but NV2 will???

AP config: /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik add authentication-types=wpa2-psk,wpa2-eap management-protection=allowed \ mode=dynamic-keys name=NPP supplicant-identity="" wpa2-pre-shared-key=\ ********* /interface wireless set [ find default-...
by scampbell
Thu Feb 04, 2016 12:17 pm
Forum: Wireless Networking
Topic: Mikrotik AC PtP - Nstreme will NOT connect at all but NV2 will???
Replies: 53
Views: 8825

Mikrotik AC PtP - Nstreme will NOT connect at all but NV2 will???

I couldn't help but notice one of the radios had default-authenticate=no and I couldn't see any mention of access or connect lists. If this is correct and no connect or access list then you won't get a connection :-) Please double check - hope this helps... [edit] a closer look and I saw an access l...
by scampbell
Thu Feb 04, 2016 11:54 am
Forum: Scripting
Topic: Script to disable 3g backup
Replies: 2
Views: 721

Script to disable 3g backup

Use a higher distance for your 3G default route and if 3G is PPPoE set dial on demand=yes
by scampbell
Wed Feb 03, 2016 1:27 am
Forum: Beginner Basics
Topic: Sending E-mail when IP is added to address list
Replies: 3
Views: 995

Re: Sending E-mail when IP is added to address list

Use the log function in the firewall rule and have the action specified as an e-mail. /ip firewall filter add action=add-src-to-address-list address-list=PSD (insert matchers here) chain=forward log=yes log-prefix=PSD /system logging action add email-to=myaddress@somewhere.com name=emailPSD target=e...
by scampbell
Wed Feb 03, 2016 1:10 am
Forum: Beginner Basics
Topic: Help configuring station bridge.
Replies: 1
Views: 396

Re: Help configuring station bridge.

If the other AP is not a Mikrotik AP/Bridge station-bridge will not work as it is a Mikrotik proprietary mode.
by scampbell
Wed Feb 03, 2016 12:51 am
Forum: Beginner Basics
Topic: Problem with dual wan failover not moving back to primary.
Replies: 10
Views: 3361

Re: Problem with dual wan failover not moving back to primary.

dareru's excellent answer is for failover only and will work well. If you use a dynamic protocol on your WAN such as DHCP or PPPoE you will need to ensure you set the default-route-distance to something other than 0 on your backup wan for this to work If you want to be able to manage your router via...
by scampbell
Wed Feb 03, 2016 12:30 am
Forum: Beginner Basics
Topic: RB951G-2HnD bridge performance
Replies: 2
Views: 767

Re: RB951G-2HnD bridge performance

By default the RB951G-2HnD has ether2 and wlan1 in a bridge. Ether3-5 have their master-port set to ether2. Traffic between ether2-5 should occur at wirespeed 1000Mps. So perhaps set the ports back to switch and try again. Be sure to remove from the bridge before setting their master ports. If you a...
by scampbell
Wed Feb 03, 2016 12:24 am
Forum: Beginner Basics
Topic: Email settings
Replies: 13
Views: 1789

Re: Email settings

Add a topic=e-mail action=memory to your /system logging.

The additional log info should help show what is not working correctly when you send an e-mail :-)
by scampbell
Wed Feb 03, 2016 12:21 am
Forum: Beginner Basics
Topic: PPTP
Replies: 2
Views: 393

Re: PPTP

Windows uses WINS to resolve hostnames. On your remote PC's when they connect have the clients configured to use your internal Windows server as both DNS and WINS. On the remote site you may also need to suffix your hostnames with hostname.yourdomain.com to get them to correctly respond. Mikrotik ca...
by scampbell
Wed Feb 03, 2016 12:14 am
Forum: General
Topic: is there a way to block specific URL in Microtik CCR ?
Replies: 10
Views: 760

Re: is there a way to block specific URL in Microtik CCR ?

No it is not possible! Note the "https" which means "secure" communication. The communication is encrypted and the router never sees the URL. Even when you setup a proxy server, the router sees only the hostname not the part after it. So then you can block entire facebook but not one specific page....
by scampbell
Tue Feb 02, 2016 11:52 am
Forum: Wireless Networking
Topic: Wireless bridge [solved with WDS]
Replies: 6
Views: 10457

Wireless bridge [solved with WDS]

Ap-bridge mode to station-bridge is definitely the best way to do a transparent bridge over wireless.

WDS has throughout issues on Wireless N. It works but not as well as station-bridge.
by scampbell
Mon Feb 01, 2016 10:08 pm
Forum: Wireless Networking
Topic: Full Duplex PTP over 7 to 14Kms
Replies: 24
Views: 2976

Re: Full Duplex PTP over 7 to 14Kms

thank you. that looks interesting but has anyone deployed it in actual environment? I have a few sites doing that - for example we use an RB850GX2 at each end and 4 x QRT's. Set up two unique /29 subnets for each wireless link and the radio's as simple bridge (bridge/station-bridge). Apply the diff...
by scampbell
Mon Feb 01, 2016 10:02 pm
Forum: General
Topic: IPIP Tunnel MTU Problem
Replies: 7
Views: 3244

Re: IPIP Tunnel MTU Problem

Have you checked your PPPoE tunnel can pass packets with MTU=1492 natively without fragmenting ?

Some ISP's use VLAN's and we have found the MTU=1480 is the best we can achieve in this case ?
by scampbell
Mon Feb 01, 2016 8:21 am
Forum: General
Topic: IPIP Tunnel MTU Problem
Replies: 7
Views: 3244

Re: IPIP Tunnel MTU Problem

Interesting problem for sure. I would not think you would need to specify source IP as you are using /30 addressing so it should only go one direction anyway. Given your wan connections have MTU limits of either 1500 or 1492 themselves I cannot see how you can push 1600 through any tunnel without fr...
by scampbell
Mon Feb 01, 2016 7:15 am
Forum: Wireless Networking
Topic: Full Duplex PTP over 7 to 14Kms
Replies: 24
Views: 2976

Re: Full Duplex PTP over 7 to 14Kms

no mikrotik products come in full duplex modes as of today.

you need 4 radios cards 2 on each side for full duplex to work.
Or use OSPF and 4 QRT's for example and base setup on http://wiki.mikrotik.com/wiki/Dual_Setup_with_OSPF.
by scampbell
Mon Feb 01, 2016 7:06 am
Forum: Announcements
Topic: v6.34 [current] is released!
Replies: 91
Views: 22689

Re: v6.34 [current] is released!

About ARP entries - they are completely normal. They have been there forever. Incomplete entries simply were no shown. Now we just do not hide them any more. Just a thought - how hard would it be to add a tick box for "show-incomplete" in /ip arp ? This may make it easier for some users to understa...
by scampbell
Mon Feb 01, 2016 6:52 am
Forum: Announcements
Topic: Winbox3.1 released!
Replies: 50
Views: 26035

Re: Winbox3.1 released!

The issue with /tool e-mail being set in Winbox on a hAP still is happening. To reproduce this, configure in Winbox the Tool E-Mail server then open CLI and go /tool e-mail print email1.PNG Note the lack of address in the CLI. Simply issue the /tool e-mail set address=x.x.x.x followed by /tool e-mai...
by scampbell
Mon Feb 01, 2016 6:42 am
Forum: Announcements
Topic: Winbox3.1 released!
Replies: 50
Views: 26035

Re: Winbox3.1 released!

hAP Lite, RouterOS 6.34
+1 but only after updating Bios from 3.24 to 3.29 :-)
by scampbell
Thu Jan 28, 2016 6:41 pm
Forum: General
Topic: OSPF Router-ID in docs and MTCRE
Replies: 4
Views: 979

OSPF Router-ID in docs and MTCRE

I prefer to always specify a loopback address so there are no surprises [emoji41]
by scampbell
Thu Jan 28, 2016 6:34 pm
Forum: General
Topic: PPPoE Server and Proxy ARP with IPv4 and IPv6
Replies: 2
Views: 633

PPPoE Server and Proxy ARP with IPv4 and IPv6

Ospf instance can publish connected routes but using it for PPPoE can create a flood of lsa's
by scampbell
Thu Jan 28, 2016 6:32 pm
Forum: General
Topic: RB3011 missing Interface Master Slave Settings
Replies: 1
Views: 615

RB3011 missing Interface Master Slave Settings

Switch missing in winbox 3.0 is known. Try winbox 2.2.18, cli or webfig.

We are hoping this will be fixed soon [emoji41]
by scampbell
Thu Jan 28, 2016 6:28 pm
Forum: General
Topic: win10 mac-telnet
Replies: 4
Views: 852

win10 mac-telnet

Check the interface you are using has a valid IP address on it, preferably static ip. I know Mac-winbox is l2 but Windows seems to need this. Try running winbox as admin in Windows. Try disable any unused interface like wireless Disable any virtual machine like virtual box. Disable AV and firewall o...
by scampbell
Thu Jan 28, 2016 6:24 pm
Forum: General
Topic: RB2011 - How do I strip tagged VLAN 0?
Replies: 6
Views: 973

RB2011 - How do I strip tagged VLAN 0?

Edit: you can edit packet vlans in a bridge filter - not sure how with just a plain Ethernet interface so perhaps create bridge, add wan, then try bridge filter ?
by scampbell
Thu Jan 28, 2016 6:22 pm
Forum: General
Topic: RB2011 - How do I strip tagged VLAN 0?
Replies: 6
Views: 973

RB2011 - How do I strip tagged VLAN 0?

Technically vlan0 is no vlan. If you add a priority tag to your packets vlan0 is automatically inserted unless another vlan is specified.
by scampbell
Thu Jan 28, 2016 6:16 pm
Forum: General
Topic: is there a way to block specific URL in Microtik CCR ?
Replies: 10
Views: 760

is there a way to block specific URL in Microtik CCR ?

I would try using a L7 firewall rule but these are high CPU cost. Lucky you have a ccr :-)
by scampbell
Thu Jan 28, 2016 6:05 pm
Forum: Beginner Basics
Topic: Problem with basic CAPsMAN configuration
Replies: 8
Views: 8951

Problem with basic CAPsMAN configuration

It may help if you publish an export of your route capsman config and wireless config please. With capsman we do not manually bridge wlan to Ethernet. Capsman automatically will do this if required. Capsman can either local forward data or tunnel it to the controller. It sounds to me you may not be ...
by scampbell
Thu Jan 28, 2016 5:57 pm
Forum: General
Topic: Help please...periodically losing pings!
Replies: 2
Views: 316

Help please...periodically losing pings!

FYI do not use tkip unless absolutely necessary. It limits wireless throughput.
by scampbell
Thu Jan 28, 2016 5:49 pm
Forum: General
Topic: RSTP between a fiber link and wireless link ? Possible in Microtik ?
Replies: 10
Views: 878

RSTP between a fiber link and wireless link ? Possible in Microtik ?

If you are doing that much traffic then the ccr1016-12s might be a better investment. The crs switch chips are good but I'm pretty sure don't support features like RSTP or LACP yet without using the CPU which architecturally is limited to 1gps to/from the CPU. The ccr would allow you to run ospf and...
by scampbell
Wed Jan 27, 2016 7:32 pm
Forum: Announcements
Topic: v6.33.5 [current] is released!
Replies: 120
Views: 33768

Re: v6.33.5 [current] is released!

On hAP on several routers all running 6.33.5 we are seeing a problem with the /tool e-mail settings. If you set the server in Winbox to 1.1.1.1 (say) and then go to the CLI and execute /tool e-mail pring the address entry is blank. You can only seem to enter the e-mail server address via the CLI. Th...
by scampbell
Mon Jan 18, 2016 11:07 pm
Forum: Announcements
Topic: v6.33.5 [current] is released!
Replies: 120
Views: 33768

Re: v6.33.5 [current] is released!

Oh and switch menu still missing on RB3011 Winbox :-) Not in 6.34rc34 yet either FYI 6.34rc36 still missing Switch menu, Master Port on Interface General Tab & CPU Clock on System/Resources in WinBox. As well as not supporting Hardware Encryption yet! I tried connecting to my RB3011 via Winbox 2.21...
by scampbell
Mon Jan 18, 2016 8:02 am
Forum: Wireless Networking
Topic: PPPOE Request (Need Help )
Replies: 1
Views: 316

Re: PPPOE Request (Need Help )

Potentially several solutions depending on how you are handling the ports. Layer2 isolation is 1st. Disable Default Forward on your Wireless NIC's to keep clients on a single wlan from talking to each other. If in your diagram the Ethernet ports are bridged then you could use Split Horizon in the br...
by scampbell
Thu Jan 14, 2016 5:24 am
Forum: General
Topic: Problem with Bridge on CRS125-24G-1S
Replies: 6
Views: 1010

Re: Problem with Bridge on CRS125-24G-1S

When ports are bridged all LAN traffic goes through the CPU (shared 1GB link) whereas when ports are switched LAN traffic does not impact the CPU so routing performance is better.
by scampbell
Wed Jan 13, 2016 10:39 pm
Forum: Announcements
Topic: v6.33.5 [current] is released!
Replies: 120
Views: 33768

Re: v6.33.5 [current] is released!

Oh and switch menu still missing on RB3011 Winbox :-) Not in 6.34rc34 yet either FYI
by scampbell
Wed Jan 13, 2016 10:37 pm
Forum: Announcements
Topic: v6.33.5 [current] is released!
Replies: 120
Views: 33768

Re: v6.33.5 [current] is released!

I also just tried a /system packages upgrade upgrade on an SXT on 6.25 running the wireless package. The device could not be upgraded until I manually upgraded and applied the wireless-fp package which negates the auto-upgrade feature. I would suggest it should automatically change to wireless-fp or...
by scampbell
Wed Jan 13, 2016 8:49 pm
Forum: General
Topic: WinBox 3.0rc15 recognized as malware (IDP.Ares.Generic) by AVG Antivirus
Replies: 1
Views: 966

Re: WinBox 3.0rc15 recognized as malware (IDP.Ares.Generic) by AVG Antivirus

This morning AVG reported Winbox.exe 3.0 as Trojan horse Generic36.CBEY and removed it :-(
by scampbell
Tue Nov 03, 2015 8:56 pm
Forum: General
Topic: Winbox 3 RC
Replies: 639
Views: 122551

Re: Winbox 3 RC

3) After multiple requests, we decided to use default admin without password if router is selected from Neighbours list. If that should not be used, then router must be saved in Managed tab. While in some cases this makes sense we used to achieve that same result (default to admin with no password)...
by scampbell
Mon Nov 02, 2015 10:19 am
Forum: General
Topic: Is it possible for ISP to access my MikroTik?
Replies: 8
Views: 1330

Is it possible for ISP to access my MikroTik?

the default configuration of the RB951 has a firewall on the public (ISP) interface, so nobody can connect to your router from the ISP side, only from your LAN home network I agree but if you need a pppoe interface the default rules need to be changed to reflect this new wan interface. We are seein...
by scampbell
Mon Nov 02, 2015 9:52 am
Forum: Beginner Basics
Topic: Static NAT from external seems to hijack VPN traffic on same port
Replies: 4
Views: 700

Static NAT from external seems to hijack VPN traffic on same port

Add your wan address as the dst-address (not the to-address) of you Nat rule. Specifying just the incoming interface will catch IPSec traffic as well as Internet traffic.
by scampbell
Mon Nov 02, 2015 9:41 am
Forum: General
Topic: utilization of CPU via WinBox
Replies: 18
Views: 1313

utilization of CPU via WinBox

Also /tool graph where you can graph CPU and memory resources and traffic etc
by scampbell
Mon Nov 02, 2015 9:37 am
Forum: RouterBOARD hardware
Topic: Any RouterBoard with 4G LTE sim card slot available?
Replies: 11
Views: 25252

Any RouterBoard with 4G LTE sim card slot available?

Multi tech offer a miniPCIe card with inbuilt sim. HSPA+
by scampbell
Mon Nov 02, 2015 9:14 am
Forum: General
Topic: smtp port forwarding
Replies: 5
Views: 705

Re: smtp port forwarding

You are welcome :-)
by scampbell
Mon Nov 02, 2015 6:22 am
Forum: RouterBOARD hardware
Topic: RB750UP and PowerBox unable to turn on Mikrotik Devices
Replies: 7
Views: 2007

Re: RB750UP and PowerBox unable to turn on Mikrotik Devices

See the link I posted before. Yes, you can say it helps PB to power other devices, but what it actually does is disables short circuit detection on all poe out ports.
Is there a plan to include this command in Winbox ?
by scampbell
Sun Nov 01, 2015 11:59 pm
Forum: Forwarding Protocols
Topic: Issues with OSPF
Replies: 4
Views: 3374

Re: Issues with OSPF

I would try setting the Network-Type =Broadcast on all interfaces rather than Point to Point.

With Network-Type=Point to Point no router is elected as designated router under OSPF. This is good on a wireless segment of an OSPF network but perhaps not so good in your situation ?
by scampbell
Sun Nov 01, 2015 11:49 pm
Forum: Wireless Networking
Topic: CAPsMAN issue with wAP
Replies: 3
Views: 1196

Re: CAPsMAN issue with wAP

You are welcome and thanks for the rating :-)
by scampbell
Fri Oct 30, 2015 5:33 am
Forum: Wireless Networking
Topic: CAPsMAN issue with wAP
Replies: 3
Views: 1196

Re: CAPsMAN issue with wAP

Please check you have the same wireless package installed on all devices. e.g wireless-cm2

/system packages print
by scampbell
Fri Oct 30, 2015 5:21 am
Forum: General
Topic: smtp port forwarding
Replies: 5
Views: 705

Re: smtp port forwarding

You also need to mark the connection coming in from your wan ports to your mail server and ensure the reply goes back the same wan it arrived on. See the following excellent presentation from Steve Discher http://mum.mikrotik.com/presentations/US12/steve.pdf /ip firewall mangle add action=mark-conne...
by scampbell
Tue Oct 27, 2015 5:04 am
Forum: Wireless Networking
Topic: VTP and VLAN's through wireless link
Replies: 5
Views: 1982

Re: VTP and VLAN's through wireless link

If you have setup a transparent bridge and all clients are station-bridge then they will all see each other. Disabling Default Forwarding on the AP/Bridge will give some L2 isolation from clients but the AP/Bridge will see all. If you wish to seperate the customers then you may be better with a rout...
by scampbell
Tue Oct 27, 2015 3:23 am
Forum: Wireless Networking
Topic: mikrotik cAP n2 as repeater bridge
Replies: 4
Views: 2159

Re: mikrotik cAP n2 as repeater bridge

Not sure where I thought Capsman :-)

But ap/Bridge->station-bridge mode might be even better than WDS ? We use this method for transparent bridging frequently.
by scampbell
Tue Oct 27, 2015 3:20 am
Forum: Scripting
Topic: Netwatch failover script
Replies: 3
Views: 3772

Re: Netwatch failover script

Both ways work - I just like using seperate scripts so you can test them :-)
by scampbell
Fri Oct 23, 2015 5:26 am
Forum: Wireless Networking
Topic: Voucher generation and printing
Replies: 2
Views: 1060

Re: Voucher generation and printing

Handlink make a nice printer that does exactly that. www.handlink.com.tw or http://www.campbell.co.nz/index.php?main_page=product_info&cPath=9&products_id=696 We sell them here and they are easy to set up and use and have 3 buttons that can be paired with three different profiles. 1 Hr, 1 Day or 1 w...
by scampbell
Fri Oct 23, 2015 5:24 am
Forum: Wireless Networking
Topic: CapsMAN multicast
Replies: 2
Views: 1138

Re: CapsMAN multicast

And also make sure Windows Firewall is disabled too LoL :lol:
by scampbell
Fri Oct 23, 2015 5:23 am
Forum: Wireless Networking
Topic: CapsMAN multicast
Replies: 2
Views: 1138

Re: CapsMAN multicast

I use Sonos on my network with Capsman.

The secret is to ensure you allow client-to-client forwarding in your datapath setup
by scampbell
Fri Oct 23, 2015 5:15 am
Forum: Wireless Networking
Topic: Problem with setup CAPsMAN for more than two the same SSIDs on multiple CAPs
Replies: 2
Views: 976

Re: Problem with setup CAPsMAN for more than two the same SSIDs on multiple CAPs

The provisioning rules are like firewall rules and work top down, first match. If your mac filter is 00:00:00:00:00:00 for both rules the first will be used always and never reach the second. Try adding in the mac address of the radio you want with cfg3 on the appropriate provision rule and drag it ...
by scampbell
Fri Oct 23, 2015 5:10 am
Forum: Wireless Networking
Topic: How to Lock TX/RX data rates on client
Replies: 1
Views: 4352

Re: How to Lock TX/RX data rates on client

I think you are describing "rate flapping". To fix this you need to disable the higher speds in "supported rates" of radio. This is under the "data rates" section, select "configured" and unselect the top speeds. The logic is if the radio spends 80% of its time at 36Mbbps, 10% at 48Mbps and 10% at 5...
by scampbell
Fri Oct 23, 2015 5:01 am
Forum: Wireless Networking
Topic: mikrotik cAP n2 as repeater bridge
Replies: 4
Views: 2159

Re: mikrotik cAP n2 as repeater bridge

Last I looked Capsman did not support bridge. Mode=ap is the only option
by scampbell
Fri Oct 23, 2015 4:59 am
Forum: Scripting
Topic: Netwatch failover script
Replies: 3
Views: 3772

Re: Netwatch failover script

If you create you netwatch scripts in /system script with name like "up" or "down" you can then run them and see if they work. Then in /tool netwatch just specify the name of the script in the up and down menu's . EXAMPLE: /system script add name=up owner=admin policy=\ ftp,reboot,read,write,policy,...
by scampbell
Thu Oct 22, 2015 5:29 am
Forum: General
Topic: Reach device on hotspot (device has no gateway).
Replies: 2
Views: 727

Re: Reach device on hotspot (device has no gateway).

When I need to get access to a device that has no gateway but does have a valid IP in a subnet, I use a srcnat/masquerade rule so traffic to the device appears to come from it's local subnet. /ip firewall nat add chain=srcnat to-address=192.168.4.165 action=masquerade If the device is on the hotspot...
by scampbell
Thu Oct 22, 2015 5:23 am
Forum: General
Topic: DNS no resolving on failover wan
Replies: 5
Views: 798

Re: DNS no resolving on failover wan

On sites with multiple WAN interfaces and different ISP (therefore different DNS) I add a specific route for each DNS so it always uses the correct ISP. In respect to failover, a script to change the DNS may be useful approach. Using 8.8.8.8 or 8.8.4.4 does work but some CDN's do not like it and get...
by scampbell
Thu Oct 22, 2015 5:15 am
Forum: General
Topic: DHCP Flooding
Replies: 20
Views: 2632

Re: DHCP Flooding

Mikrotik support DHCP Server Alert function that can tell when a new DHCP server is found. /ip dhcp-server alert add disabled=no interface=bridge-lan on-alert="/log error \"server found\"" You can add your own script as required. It is also possible to filter DHCP on a Bridge if required. http://wik...
by scampbell
Thu Oct 22, 2015 5:11 am
Forum: Forwarding Protocols
Topic: OSPF Example Network
Replies: 18
Views: 5936

Re: OSPF Example Network

Agreed, in fact if you take this approach set the interface to passive so no routes can be injected from client side either :-)
by scampbell
Thu Oct 22, 2015 1:51 am
Forum: Beginner Basics
Topic: Routing part of network via PPTP VPN
Replies: 7
Views: 2859

Re: Routing part of network via PPTP VPN

Try adding a forward rule to allow any traffic coming in on your pptp interface.
by scampbell
Thu Oct 22, 2015 1:44 am
Forum: Forwarding Protocols
Topic: OSPF Example Network
Replies: 18
Views: 5936

Re: OSPF Example Network

For AP's it is best to avoid using OSPF to publish client facing subnets actively. As clients connect and drop it creates new LSA's across the whole network so better to not specify the client device subnet in /route ospf net and better to set the /rou ospf instance to publish connected instead. Thi...
by scampbell
Thu Oct 22, 2015 1:26 am
Forum: Wireless Networking
Topic: VTP and VLAN's through wireless link
Replies: 5
Views: 1982

Re: VTP and VLAN's through wireless link

Cisco -> E1--Bridge--Wlan1...............Wlan1--Bridge--Ether1->Cisco

So we are bridging the link through all the way. VLAN's dont route so this is how it must be.

If for some reason a link had to be routed then you could introduce an EoIP or VPLS tunnel between your endpoints instead.
by scampbell
Wed Oct 21, 2015 11:51 pm
Forum: Beginner Basics
Topic: Request for sample script
Replies: 2
Views: 388

Re: Request for sample script

# remove ether10 from switch group (usually master-port=ether6) 1. /int eth set [find name=ether10] master=none # create pppoe-client on ether10 2. /int pppoe-client add name=pppoe-out1 interface=ether10 user=changeme password=changeme use-peer-dns=yes add-def=yes dis=no # add NAT rule to pppoe-clie...
by scampbell
Wed Oct 21, 2015 11:43 pm
Forum: Beginner Basics
Topic: network scan protection
Replies: 1
Views: 635

Re: network scan protection

Use a firewall rule with the PSD matcher to add Port Scanners to an address list (for 5 days perhaps) and have another rule to drop the address list.

RTFM: http://wiki.mikrotik.com/wiki/Drop_port_scanners :D
by scampbell
Wed Oct 21, 2015 11:37 pm
Forum: Beginner Basics
Topic: SIP Phones not registering
Replies: 5
Views: 1410

Re: SIP Phones not registering

FYI Under "/ip firewall services" you will find a SIP ALG enabled by default. Sometimes disabling this can also help according to some of our local SIP Providers.
by scampbell
Wed Oct 21, 2015 11:24 pm
Forum: Wireless Networking
Topic: Computer connected by CAP has no access to local network printer.
Replies: 1
Views: 505

Re: Computer connected by CAP has no access to local network printer.

Check that Client to Client forwarding is enabled in your Capsman Datapath profile. This will give layer2 isolation between wireless devices if not enabled :-)
by scampbell
Wed Oct 21, 2015 11:21 pm
Forum: Wireless Networking
Topic: RB922UAGS-5HPacD Dual Band AP - Poor Performance
Replies: 3
Views: 1423

Re: RB922UAGS-5HPacD Dual Band AP - Poor Performance

Neither radio card has a wireless protocol correctly set. Set both to wireless-protocol=802.11 and see if that helps. R name="2gn" mtu=1500 mac-address=4C:5E:0C:11:0E:FC arp=enabled interface-type=Atheros AR9300 mode=ap-bridge ssid="radio" frequency=2447 band=2ghz-onlyn channel-width=20/40mhz-eC sca...
by scampbell
Wed Oct 21, 2015 11:13 pm
Forum: Wireless Networking
Topic: VTP and VLAN's through wireless link
Replies: 5
Views: 1982

Re: VTP and VLAN's through wireless link

If all the wireless equipment is Mikrotik and it is AP/Bridge-> Station-Bridge with all ethernet's bridged to wlan then VLAN's will pass. You can use the Torch Tool to check this at each router. Be sure to tick all the options and set the time to 30 seconds before running torch. There is an issue wi...
by scampbell
Fri Sep 18, 2015 4:16 am
Forum: Forwarding Protocols
Topic: OSPF Example Network
Replies: 18
Views: 5936

Re: OSPF Example Network

Hello, I'm continuing my testing on OSPF and I have a new question for you! May you help me to understand what is a good ip plan? I read "Burning Bridges" here: http://www.mywisptraining.com/wp-content/uploads/2013/01/BridgedToRouted.pdf I understand I have to remove switches and add router in plac...
by scampbell
Sat Sep 12, 2015 2:11 am
Forum: Beginner Basics
Topic: Port Forwarding Woes
Replies: 8
Views: 1409

Re: Port Forwarding Woes

Hello and thank you for the excellent description and for posting the relevant configurations. In RouterOS, to forward a port to a device, you need two entries in the firewall area: one for NAT and one for the actual firewall itself. You have the correct NAT rule, you are just missing the ip firewa...
by scampbell
Wed Sep 09, 2015 12:18 am
Forum: Beginner Basics
Topic: EOIP over IPSEC TWO RB750
Replies: 21
Views: 12509

Re: EOIP over IPSEC TWO RB750

It is even easier now as Mikrotik added IPSEC support to EOIP in 6.30 - now you can just specify an IPsec Secret when setting up EoIP and the IPSEC is created automatically for you.
by scampbell
Tue Sep 08, 2015 9:42 pm
Forum: Announcements
Topic: v6.32.1 released
Replies: 76
Views: 18847

Re: v6.32.1 released

+1 on various routers running 6.31 or greater. I revert to 6.30.4 and the message goes away.
by scampbell
Thu Jul 02, 2015 2:38 am
Forum: General
Topic: Leap second bug present on TILE devices?
Replies: 49
Views: 10210

Re: Leap second bug present on TILE devices?

Little too late, don't you think?
For this one, yes, but next leap second will be added in around 2 years.
Could you please tell me if you had NTP package on all the servers, or you used SNTP?
I can confirm CCR's with SNTP were OK and CCR's with NTP crashed and became unresponse.
by scampbell
Thu Jan 29, 2015 5:54 am
Forum: Wireless Networking
Topic: psuedobridge mac issue.
Replies: 5
Views: 985

Re: psuedobridge mac issue.

What is the config of the 912Client/AP ? You definitely do not want to use PseudoBridge in a hotspot as it does exactly what you are seeing. 8) If you are using a single wireless card in your final RB912 then consider the config in this example - http://wiki.mikrotik.com/wiki/Wireless_repeater If yo...
by scampbell
Thu Jan 29, 2015 2:25 am
Forum: General
Topic: Routerboard with POE in and POE out
Replies: 10
Views: 1737

Re: Routerboard with POE in and POE out

Interesting. I have an Omnitik with an SXT5 Lite working at one recent plus another with RB433 and QRT5 working so maybe some models (manufacturing runs) work better than others ?
by scampbell
Tue Jan 27, 2015 12:27 am
Forum: General
Topic: Routerboard with POE in and POE out
Replies: 10
Views: 1737

Re: Routerboard with POE in and POE out

Also RB260GSP, RB750UP

And Omnitik UPA model - works ok for us but the LED's are mixed up which can confuse people :-)
by scampbell
Tue Jan 27, 2015 12:25 am
Forum: General
Topic: Mikrotik & Windows Server 2008 Active Directory
Replies: 5
Views: 4198

Re: Mikrotik & Windows Server 2008 Active Directory

Authentication for Winbox/Telnet router logins via Active Directory will not work, unless you store the password in AD with reversible encryption (WARNING: NOT RECOMMENDED). Winbox/Telnet AAA only supports PAP authentication, which requires a cleartext-password to authenticate. There are several li...
by scampbell
Tue Jan 20, 2015 3:00 am
Forum: Beginner Basics
Topic: SFP Module in CRS226-24G-2S+RM
Replies: 2
Views: 1105

Re: SFP Module in CRS226-24G-2S+RM

FYI.....

From the brochure : First port supports 1.25G/10G modules, second port only 10G modules.

http://i.mt.lv/routerboard/files/CRS226 ... 094424.pdf

I hope this helps....
by scampbell
Tue Jan 20, 2015 2:23 am
Forum: General
Topic: RouterOS v6.25
Replies: 110
Views: 31919

Re: RouterOS v6.25

What's new in 6.25 (2015-Jan-19 10:11):

*) WPS support added to CM2 wireless package
Is there any documentation on this please. I can see some new settings on WLAN1 Interface but not under CAPsMAN2 (CM2) package as indicated ?
by scampbell
Wed Oct 29, 2014 7:13 am
Forum: General
Topic: v6.20 released!
Replies: 146
Views: 58483

Re: v6.20 released!

We have upgraded several RB951 series routers in a class situation. 2 or 3 of these have all exhibited odd firewall behavior when rules are disabled. It shows a rule disabled in Winbox yet the rule continues to work, e.g a rule that logs traffic keeps logging even when disabled. We did not test thi...
by scampbell
Tue Oct 21, 2014 3:23 am
Forum: General
Topic: Change DNS Servers When Tunnel Comes Up
Replies: 9
Views: 1680

Re: Change DNS Servers When Tunnel Comes Up

Windows Host name resolution is generally done via a WINS server or LMHOSTS file on the PC. DNS only works for FGDN's such as host.domain.com To resolve \\servename definitley requires WINS/LMHOSTS file.Alternatively you would need to setup static host entries like servername.sitename in Mikrotik DN...
by scampbell
Tue Oct 21, 2014 3:18 am
Forum: RouterBOARD hardware
Topic: How to netinstall RB433 with out IP address
Replies: 13
Views: 5773

Re: How to netinstall RB433 with out IP address

ditonet is 100% correct. ether1 should be labelled POE/BOOT on the RB433. NetInstall will only work with on a port labelled POE/Boot. Refer www.routerboard.com and download the user guide for your router if unsure.
by scampbell
Sat Oct 18, 2014 1:58 am
Forum: RouterBOARD hardware
Topic: RB751U-2HnD - poor wireless performance & problems
Replies: 113
Views: 113730

Re: RB751U-2HnD - poor wireless performance & problems

These are the settings we use where tablets and Apples are being used..... 1. Use a current RoS 2. Set tx power to 17dBm 3. Use Channel width=20MHz - 20/40MHz is not universally accepted by all devices and uses a lot of spectrum 4. Set distance=indoors 5. Disable TKIP in your security profiles - it ...
by scampbell
Sat Oct 18, 2014 1:02 am
Forum: RouterBOARD hardware
Topic: How to netinstall RB433 with out IP address
Replies: 13
Views: 5773

Re: How to netinstall RB433 with out IP address

assign your pc 192.168.88.254 subnet 255.255.255.0 no gateway needed.

In NetInstall under netbooting put 192.168.88.2
by scampbell
Fri Oct 17, 2014 7:11 am
Forum: General
Topic: Change DNS Servers When Tunnel Comes Up
Replies: 9
Views: 1680

Re: Change DNS Servers When Tunnel Comes Up

When you say hosts at the other end do you mean windows hosts ? If so you may need to specify a wins server too and use FQDN's ?
by scampbell
Fri Oct 17, 2014 7:07 am
Forum: RouterBOARD hardware
Topic: How to netinstall RB433 with out IP address
Replies: 13
Views: 5773

Re: How to netinstall RB433 with out IP address

You should be able to reformat your nand from serial and enable boot from Ethernet once then nand. You can then use netinstall to via RB433's ether1. Your PC should be directly connected and have a static IP address assigned to it's Ethernet. In netinstall under netbooting you need to specify an add...
by scampbell
Fri Oct 17, 2014 1:43 am
Forum: General
Topic: Change DNS Servers When Tunnel Comes Up
Replies: 9
Views: 1680

Re: Change DNS Servers When Tunnel Comes Up

If you look under IP DNS any Dynamically assigned DNS's should be listed there :-)
by scampbell
Fri Oct 17, 2014 1:01 am
Forum: Forwarding Protocols
Topic: OSPF Example Network
Replies: 18
Views: 5936

Re: OSPF Example Network

If you use this an example it should get you started - http://wiki.mikrotik.com/wiki/Dual_Setup_with_OSPF In your case one link would be wireless and the other wired. As the wired is less hops than wireless it should automatically prioritise the wired link. P2P wireless interfaces should have their ...
by scampbell
Fri Oct 17, 2014 12:36 am
Forum: General
Topic: Change DNS Servers When Tunnel Comes Up
Replies: 9
Views: 1680

Re: Change DNS Servers When Tunnel Comes Up

I will give that a try when I get home, don't know how I missed that option... I'll update the post either way. Thanks for the idea! My bad - that was for pppoe :D . For PPTP your remote server should be pushing the DNS to you. In Mikrotik PPTP server this is specified in the PPTP Profile. profile ...
by scampbell
Fri Oct 17, 2014 12:26 am
Forum: Scripting
Topic: hotspot ip binding
Replies: 1
Views: 751

Re: hotspot ip binding

I have two user in ip binding I wanna know bytes out of them like Users in hotspot Any suggestions Create a Simple Queue for each Bound IP (as target) with a script that copies statistics to a comment on the appropriate queue. See http://wiki.mikrotik.com/wiki/Automated_Usage_Script_without_userman...
by scampbell
Fri Oct 17, 2014 12:15 am
Forum: General
Topic: Change DNS Servers When Tunnel Comes Up
Replies: 9
Views: 1680

Re: Change DNS Servers When Tunnel Comes Up

I am trying to configure a couple of PPTP dial on demand tunnels on my RB2011 at home. Both tunnels come up via my mangle rule and they disconnect with my idle timeout which is nice. My issue...how do I handle DNS resolution? I would like to leave my DNS server set to my home 'Tik and be able to re...
by scampbell
Wed Oct 15, 2014 11:07 pm
Forum: General
Topic: v6.20 released!
Replies: 146
Views: 58483

Re: v6.20 released!

Again problems with user-manager. 6.18 on x86 with user manager, upgraded to 6.20 and user-manager stop working, not see the files of the database. Revert back to 6.18 solve the problem. We are also seeing an issue with UM and WG500MP printers interfaced via API. Ticket for 1 Hour or 4 Hour print a...
by scampbell
Mon Oct 13, 2014 1:59 am
Forum: Wireless Networking
Topic: Chromecast problems!
Replies: 8
Views: 3822

Re: Chromecast problems!

0 R name="wlan1" mtu=1500 mac-address=4C:5E:0C:32:CD:7F arp=enabled interface-type=Atheros AR9300 mode=bridge ssid="Lonne" frequency=2412 band=2ghz-b/g channel-width=20mhz scan-list=default wireless-protocol=any vlan-mode=no-tag vlan-id=1 wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no...
by scampbell
Mon Oct 13, 2014 1:56 am
Forum: Wireless Networking
Topic: Chromecast problems!
Replies: 8
Views: 3822

Re: Chromecast problems!

We use a Chromecast on an RB2011UiAS-2HnD no problem. Setup is as a standard AP bridged to the LAN with ether1 as a WAN. Our Chromecast only supports standard US channels, 1 -11 basically. We do not recommend using TKIP on Wireless N as it limits throughput to 54Mbps - see http://www.intel.com/suppo...
by scampbell
Mon Oct 13, 2014 1:26 am
Forum: Wireless Networking
Topic: CAPSMAN Interface Naming
Replies: 4
Views: 1179

Re: CAPSMAN Interface Naming

:D I look forward to this - thank you !!
by scampbell
Thu Oct 09, 2014 9:52 am
Forum: Wireless Networking
Topic: CAPSMAN Interface Naming
Replies: 4
Views: 1179

CAPSMAN Interface Naming

We are now using CapsMan for many sites but one thing appears to be missing - hopefully we have not missed it ? Is it possible to incorporate the "/system identity" as a prefix when the interfaces are auto-provisioned ? You can certainly specify a manual "Name Prefix" but I've not seen the ability t...
by scampbell
Thu Oct 09, 2014 9:42 am
Forum: General
Topic: Winbox 3 beta
Replies: 243
Views: 119360

Re: Winbox 3

I'd imagine full Winbox functionality wouldn't be used too much on iOS/Android, more so just to monitor and grab stats which can be done via API. When I'm up on a roof or a tower trying to repair a node that isn't communicating, and need to see what a remote tower is seeing as I try to reconnect, I...
by scampbell
Thu Oct 09, 2014 9:37 am
Forum: General
Topic: v6.20 released!
Replies: 146
Views: 58483

Re: v6.20 released!

We have upgraded several RB951 series routers in a class situation. 2 or 3 of these have all exhibited odd firewall behavior when rules are disabled. It shows a rule disabled in Winbox yet the rule continues to work, e.g a rule that logs traffic keeps logging even when disabled. We did not test this...
by scampbell
Thu Oct 09, 2014 9:23 am
Forum: General
Topic: WARNING: 6.20 upgrade bricked my CCR1036
Replies: 5
Views: 1658

Re: WARNING: 6.20 upgrade bricked my CCR1036

I have received reports of a similar issue with an RB1100AHx2 being upgraded from RoS 5.26. Recovered successfully via serial and Netinstall ok.
by scampbell
Tue Feb 11, 2014 6:56 am
Forum: General
Topic: Feature Request TR-069 CPE
Replies: 80
Views: 24435

Re: Feature Request TR-069 CPE

+1 for TR069

Could this be done via script I wonder ?

Some of the routers we deal with are configured to Fetch their config when connected so no firewall issues I believe ?
by scampbell
Fri Jan 31, 2014 4:41 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1013934

Re: CLOUD CORE ROUTER

@samsung172

Best note ever LOL :))
+1
by scampbell
Thu Jan 09, 2014 4:26 am
Forum: General
Topic: Firewall setup problem
Replies: 4
Views: 2311

Re: Firewall setup problem

That is pretty normal. These are attempts by outside hosts trying to connect to common ports on your router such as RDP (3389) etc.

Disable logging for the Input rule if you want to stop seeing these entries. You can always enable the logging again for diagnostics if necessary.
by scampbell
Thu Jan 09, 2014 3:27 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1013934

Re: CLOUD CORE ROUTER

@krisjanis If you could update us with these tickets about what you are seeing and giving us things to try that would be useful. I can't test with one right now but we could ask Stuart (distributor) to set it up with our config and test it out. Can you let us know what you are seeing? do your ones ...
by scampbell
Thu Jan 09, 2014 3:23 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1013934

Re: CLOUD CORE ROUTER

It would be nice if the /system package upgrade in Winbox gave you a choice to "force" upgrade or "reload RoS" so you can overwrite all the test versions easily when the full release comes out :-) Doesn't "system reset" do what you asked? Or you meant something like upgrade+reset with one command? ...
by scampbell
Thu Jan 09, 2014 3:11 am
Forum: General
Topic: Feature request -> readonly mode
Replies: 1
Views: 777

Re: Feature request -> readonly mode

The safest (and best) way is as you suggested - create a read-only user for looking at your example router. Ctrl-X (Safemode) is ok but will let you make changes (which may also be confusing) which should be lost when you disconnect from the router - unless you exit safemode first in which case chan...
by scampbell
Sat Dec 21, 2013 9:47 am
Forum: RouterBOARD hardware
Topic: CRS Documentation
Replies: 45
Views: 14225

Re: CRS Documentation

Any sign of cli documentation yet ?
by scampbell
Mon Dec 16, 2013 9:10 pm
Forum: RouterBOARD hardware
Topic: CRS Documentation
Replies: 45
Views: 14225

Re: CRS Documentation

@steen Ask for access to latest beta release. Draft changelog says: *) fixed port isolation on CRSs (bug introduced in v6.6); While port isolation != VLAN leakage it could be how they are describing it. Regards Alexander Hi Alexander, I popped that release on a CRS and it looks like Pacific/Aucklan...
by scampbell
Wed Dec 11, 2013 8:24 pm
Forum: RouterBOARD hardware
Topic: CRS Documentation
Replies: 45
Views: 14225

Re: CRS Documentation

Could you clarify which options are not documented yet? Here is the CRS examples page http://wiki.mikrotik.com/wiki/Manual:CRS_examples Starting with Switch Generic: Bridge Type MAC Level Isolation VLAN Level Isolation Use SVID in 1:1 VLAN Lookup Use CVID in 1:1 VLAB Lookup IPv4 Multicast Lookup Mo...
by scampbell
Tue Dec 10, 2013 6:50 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1013934

Re: CLOUD CORE ROUTER

I have seen a similar issue on 2 different CCR's. Both were port flapping randomly all the active ports so we tried 6.7RC1 but no joy. On closer inspection we were advised both CCR's had a single device each which is set to 100Mbps/Full duplex. We changed one device on one router back to auto-negot...
by scampbell
Tue Dec 10, 2013 6:47 am
Forum: General
Topic: v6.7 released
Replies: 225
Views: 109100

Re: v6.7 released

ip->firewall->Service Ports are shown as invalid (I) in case "tracking set enabled=no" Anybody can confirm this (you have to reboot router to replicate this)? Is that OK or minor bug? This is supposed to be so. NAT helpers will not work without connection tracking. I note that if you specify a port...
by scampbell
Sat Nov 30, 2013 2:29 am
Forum: RouterBOARD hardware
Topic: CLOUD CORE ROUTER
Replies: 1374
Views: 1013934

Re: CLOUD CORE ROUTER

6.6 still has the problems with 100mbit/FDX ports randomly changing to gigabit. It seems like some sort of database mismatch. Winbox shows the static speed/duplex as set, but export does not. See my last ticket updates. How do Mikrotik get this soooo wrong ! We also have issues with SFP in CCR link...
by scampbell
Sat Nov 30, 2013 2:19 am
Forum: Beginner Basics
Topic: RB951G and Devolo dLAN Ethernet over Power
Replies: 4
Views: 1113

Re: RB951G and Devolo dLAN Ethernet over Power

First thing to check is connect the pc directly to ether5 and see if that works. If not then you will need to check ether5 is either bridged or switched into the network. If it does work then reconnect the dLAN's and try again. If it still fails use the Packet Sniffer Tool on ether5 and see what the...
by scampbell
Sat Nov 30, 2013 2:11 am
Forum: General
Topic: CRS trunk settings
Replies: 2
Views: 860

Re: CRS trunk settings

Set ether1 and ether2 master port=sfp1 on CRS

All tagged traffic will be passed by all three ports.

Then add VLAN1 to SFP1 and add your management IP address for the CRS to that VLAN.

That should do it.
by scampbell
Sat Nov 30, 2013 2:07 am
Forum: Wireless Networking
Topic: RB912UAG-5HPnD-OUT not working!
Replies: 10
Views: 2752

Re: RB912UAG-5HPnD-OUT not working!

I was connected as shown in the image, but the power does not enter, it did not work.
In case anyone did not understand - the image is how NOT to connect the cable :-)

Power to Mikrotik is supplied via the socket connecter of the adapter using an additional RJ45 cable.
by scampbell
Thu Nov 28, 2013 8:18 pm
Forum: General
Topic: RB1100 Drops packets when Queue Tree enabled ?
Replies: 21
Views: 6075

Re: RB1100 Drops packets when Queue Tree enabled ?

Looks like it may well be an issue. I've got an RB1100AHx2 in production and if I get a chance I'll try and replicate your test :-) No promises though asI have several other jobs on.......
by scampbell
Thu Nov 28, 2013 8:15 pm
Forum: RouterBOARD hardware
Topic: RB751n flaky after upgrade 5.24 -> 6.5
Replies: 4
Views: 1217

Re: RB751n flaky after upgrade 5.24 -> 6.5

A couple of suggestions....

1. Check the RB751 is running the new FW as well. In Winbox go to SYSTEM.ROUTERBOARD and see if you are running the latest. If not click upgrade and reboot.

2. Try re-installing using netinstall and check the otion to "keep configuration"

Hope this helps.
by scampbell
Thu Nov 28, 2013 8:09 pm
Forum: Beginner Basics
Topic: A bit of beginners help with CRS125-24G-1S-RM?
Replies: 8
Views: 2150

Re: A bit of beginners help with CRS125-24G-1S-RM?

We distribute both Mikrotik and ZyXEL so hopefully we can help. How is your Internet IP service delivered to you ? Has your provider given you a /29 subnet where First (or last) usable address is the Gateway you use ? e.g 203.171.1.0/29 ISP GW 203.171.1.1 1st User host = 203.171.1.2, 2nd User host =...
by scampbell
Wed Nov 27, 2013 10:56 pm
Forum: General
Topic: Bonding 2 interfaces - waste of cable?
Replies: 2
Views: 689

Re: Bonding 2 interfaces - waste of cable?

If you use ports not on the same switch group then it is not waste of cable. Can you give more detail on how to do this please as the CRS125 has only 1 switch chip whereas RB1100AHx2 has multiple switch chips...does this mean LACP is supported directly to the CRS125 Switch chip CRS125-131112144104[...
by scampbell
Wed Nov 27, 2013 10:47 pm
Forum: General
Topic: RouterOS v6.6 released
Replies: 164
Views: 72435

Re: RouterOS v6.6 released

I had two CCR's doing this port flap. In both cases all active ports would flap. I checked further and found on both units there was at least one device connected that was NOT set to Auto-Negotiate while all CCR Ports WERE set to Auto-Negotiate. Have now set the appropriate ports to fixed 100Mbps/F...
by scampbell
Wed Nov 27, 2013 10:26 pm
Forum: General
Topic: Switching with RouterOS / CRS Questions
Replies: 81
Views: 43400

Re: Switching with RouterOS / CRS Questions

Along with this it's not really clear how pulling things back to vlan 0 is support to work for configs. IE: If I want tagged/trunked vlans 20,30,40 coming in on ether1 and vlan 20 untagged out ether2 vlan 30 untagged out ether3 vlan 40 untagged out ether4 I would assume I should: 1. accept tagged v...
by scampbell
Wed Nov 27, 2013 12:19 am
Forum: General
Topic: RB1100 Drops packets when Queue Tree enabled ?
Replies: 21
Views: 6075

Re: RB1100 Drops packets when Queue Tree enabled ?

What version RoS and FW are you using on the RB1100AHx2 ?
by scampbell
Tue Nov 26, 2013 9:56 pm
Forum: General
Topic: RB1100 Drops packets when Queue Tree enabled ?
Replies: 21
Views: 6075

Re: RB1100 Drops packets when Queue Tree enabled ?

You have packet-mark="" in your queue configuration.

Try changing that to packet-mark="something" and see if that helps.
by scampbell
Tue Nov 26, 2013 9:46 pm
Forum: General
Topic: RouterOS v6.6 released
Replies: 164
Views: 72435

Re: RouterOS v6.6 released

yeah it looks like this on my site. before it was like in most screens only 1-2 port flaps. now it's like this already for 2 weeks. http://imageshack.com/a/img708/1614/txdh.png I had two CCR's doing this port flap. In both cases all active ports would flap. I checked further and found on both units...
by scampbell
Fri Nov 22, 2013 3:40 am
Forum: General
Topic: RouterOS v6.6 released
Replies: 164
Views: 72435

Re: RouterOS v6.6 released

CCR-1016
still port-flapping
in more obvious way.
before 6.6 ports were going down and that's it
now it flaps ports many times before restart by watchdog.
first week on 6.6 was very stable I thought it is final holy aid....
no...
We are also seeing port flap on CCR1036 and RoS 6.6, FW 3.10
by scampbell
Thu Oct 31, 2013 8:54 pm
Forum: RouterBOARD hardware
Topic: CCR1036-8G-2S+
Replies: 16
Views: 3990

Re: CCR1036-8G-2S+

The last update we had from Mikrotik sales they said late September.

We couldn't wait and just got two current model CCR's to carry us through until it it released.
We have these in stock in NZ now - www.campbell.co.nz
by scampbell
Wed Sep 11, 2013 6:58 am
Forum: Wireless Networking
Topic: RB912UAG-5HPnD-OUT not working!
Replies: 10
Views: 2752

Re: RB912UAG-5HPnD-OUT not working!

That'll sure do it :lol:

Also be sure when testing that your Ethernet cable has all 8 wires connected (look at RJ45). Some inexpensive cables (shipped with cheap soho 10/100 routers for example) only have 4 wires so will not work for PoE.
by scampbell
Tue Aug 27, 2013 7:51 pm
Forum: Wireless Networking
Topic: Wireless issues with RB433GL and 3 wireless cards
Replies: 5
Views: 2828

Wireless issues with RB433GL and 3 wireless cards

Rb435g is a good choice.
by scampbell
Mon Jul 22, 2013 5:38 am
Forum: RouterBOARD hardware
Topic: MikroTik RB2011UAS-2HnD-IN replacement in future(2013-2014)?
Replies: 15
Views: 3963

Re: MikroTik RB2011UAS-2HnD-IN replacement in future(2013-20

Methinks Normis doth protest too much.... :lol:

We have been waiting since March for RB2011-2HnD-IN's - no amount of planning on our part helped :-(

However I am pleased to say the drought has broken and we receive our stock tomorrow :-)
by scampbell
Tue Jul 02, 2013 11:27 pm
Forum: General
Topic: vlan + sniffing = problem
Replies: 11
Views: 3696

Re: vlan + sniffing = problem

I am seeing something similar in RoS6.0 on a CCR1016 I have a VLAN 10 configured on ether12 and with a pppoe-client configured to use VLAN 10. Torch shows the tagged outgoing pppoe-discovery(8863) packets (vlan10) and shows the replies have no vlan tag. (This is the actual issue I am trying to diagn...
by scampbell
Sun Jun 30, 2013 1:25 am
Forum: General
Topic: Help how to configure multiple public IP address on Mikrotik
Replies: 10
Views: 27518

Re: Help how to configure multiple public IP address on Mikr

There are several ways depending on how your clients connect. Lets take 1 example. You have a LAN of 192.168.88.2/24 and are hosting 5 web servers on it, 192.168.88.5-192.168.88.10 with public IP's of 1.1.1.1-1.1.1.5 say. Assume WAN is ether1 So for each server you do a rule set like this : /ip fire...
by scampbell
Sun Jun 30, 2013 1:03 am
Forum: General
Topic: RouterOS 6.1 released
Replies: 198
Views: 53650

Re: RouterOS 6.1 released

The best way to manage logs in Mikrotik - and frankly just about anything - is to export them via Syslog to a Dude server. You can then filter/sort/export them to your hearts content. Go one step further an deploy SIEM if you wish to do correlation etc... http://communities.alienvault.com/ I havent...
by scampbell
Sun Jun 30, 2013 12:53 am
Forum: General
Topic: Feature Request: IPSEC Improvements
Replies: 60
Views: 15522

Re: Feature Request: IPSEC Improvements

We have added initial mode-cfg support in version v6rc13. If anyone wants to test and suggest other needed mode-cfg features.
Hmmm.... Wiki update may be required here as these commands are definitely not in RoS 5.0+ :-)
ros5modeconf.JPG
by scampbell
Thu Jun 27, 2013 10:40 pm
Forum: General
Topic: NTP server problem
Replies: 3
Views: 1088

NTP server problem

Also check ntp server and client are both using the same protocol e.g unicast
by scampbell
Mon Jun 24, 2013 11:50 pm
Forum: General
Topic: RouterOS 6.1 released
Replies: 198
Views: 53650

Re: RouterOS 6.1 released

The best way to manage logs in Mikrotik - and frankly just about anything - is to export them via Syslog to a Dude server. You can then filter/sort/export them to your hearts content. Go one step further an deploy SIEM if you wish to do correlation etc... http://communities.alienvault.com/ I havent...
by scampbell
Mon Jun 24, 2013 12:54 pm
Forum: General
Topic: RouterOS 6.1 released
Replies: 198
Views: 53650

Re: RouterOS 6.1 released

need more details, IPSec did not receive any changes that would brake that. try to enable debug logs on RouterOS and see what is happening. I am debugging a site with mutiple IPSEC tunnels on ROS 6.1 currently. Enabling ipsec in system logging creates multiple entries but it is very difficult to id...
  • 1
  • 2