Community discussions

Search found 788 matches

by mducharme
Sun Dec 02, 2018 4:22 am
Forum: Beginner Basics
Topic: One /25 public subnet for 100 vlans without 1:1 nat?
Replies: 3
Views: 425

Re: One /25 public subnet for 100 vlans without 1:1 nat?

Don't do it as different VLANs - use layer 2 isolation to isolate the different customers, then enable "local-proxy-arp" and disable the sending of redirects to allow the customers to contact each other through the router again.
by mducharme
Thu Nov 29, 2018 9:10 am
Forum: General
Topic: Queue Tree Upload
Replies: 15
Views: 1551

Re: Queue Tree Upload

Whenever I have done hierarchical queue tree setups like that, I have never had a packet-mark set for the parent, it is always unset (i.e. !packet-mark yes but NOT packet-mark=no-mark). Only child queues with no children of their own have a packet mark generally. I'm not sure what happens if a queue...
by mducharme
Thu Nov 29, 2018 8:57 am
Forum: General
Topic: Queue Tree Upload
Replies: 15
Views: 1551

Re: Queue Tree Upload

Have you disabled the fasttrack-connection rules in IP->Firewall->Filter?
by mducharme
Mon Nov 26, 2018 2:57 am
Forum: Forwarding Protocols
Topic: [Solved] Routing of Traffic from Switch with Port Isolation
Replies: 5
Views: 986

Re: [Solved] Routing of Traffic from Switch with Port Isolation

Have you tried turning off "send redirects" in IP->Settings? With Cisco devices, enabling local proxy arp disables redirects on that interface, but it looks like MikroTik may not do that by default, based on your output.
by mducharme
Sat Nov 24, 2018 7:58 am
Forum: Announcements
Topic: v6.43.4 [stable] is released!
Replies: 78
Views: 21732

Re: v6.43.4 [stable] is released!

Additionally invert-match=no (default) and set-bgp-prepend-path="" (default) are also added for every newly created rule by default When I create a new routing filter rule on my home router (running 6.43.4) it does not have those added for every newly created rule by default. I'm not sure how you a...
by mducharme
Fri Nov 23, 2018 9:13 pm
Forum: Announcements
Topic: v6.43.4 [stable] is released!
Replies: 78
Views: 21732

Re: v6.43.4 [stable] is released!

Already tried that, no difference. From my perspective a reject rule without any attributes (inculding address-family) should always reject everything. address-family="" on the reject rule would only reject routes where address-family = NULL, which should never be true. If you want it to reject any...
by mducharme
Fri Nov 23, 2018 9:00 pm
Forum: Announcements
Topic: v6.43.4 [stable] is released!
Replies: 78
Views: 21732

Re: v6.43.4 [stable] is released!

Why are the /32 routes installed and active? Seems like the prefix-length=16-24 filter attribute is handled incorrectly.
Already contacted MT support two days ago, no reply yet.
I think the address-family="" in your reject rule is probably causing it to not match anything.
by mducharme
Wed Nov 21, 2018 10:49 am
Forum: General
Topic: 1500 L3 MTU on a Mikrotik PPPoE Server
Replies: 4
Views: 555

Re: 1500 L3 MTU on a Mikrotik PPPoE Server

You need max-mtu=1500 max-mru=1500 set on both client and server for RFC4638 to work. If it is only set on the server, the client will still use 1480 or 1492.
by mducharme
Tue Nov 20, 2018 8:43 am
Forum: Announcements
Topic: v6.42.10 [long-term] is released!
Replies: 25
Views: 10257

Re: v6.42.10 [long-term] is released!

Thank you very much for this! With the bridge VLAN filtering memory leak fix, we can now test this for rollout on our network to replace the older 6.40.x long-term release.
by mducharme
Mon Nov 19, 2018 6:35 pm
Forum: Forwarding Protocols
Topic: BGP Filter
Replies: 3
Views: 568

Re: BGP Filter

Have you applied that as the in-filter in the properties for the BGP peer?
by mducharme
Sat Nov 17, 2018 8:58 am
Forum: Forwarding Protocols
Topic: OSPF - BGP - Route Reflector
Replies: 8
Views: 1280

Re: OSPF - BGP - Route Reflector

I need the Edge router to prefer the OSPF because I do not want to route traffic through the reflector. Could you simply establish additional peerings between the access and edge routers besides the reflector? Having a reflector doesn't necessarily mean that everything has to be peered only with th...
by mducharme
Fri Nov 16, 2018 10:15 pm
Forum: Forwarding Protocols
Topic: OSPF - BGP - Route Reflector
Replies: 8
Views: 1280

Re: OSPF - BGP - Route Reflector

Correct.. the access routers are also running bgo for customers to peer with. I also have a total of 8 upstream peers and 3 downstream. That's why I am building the route reflectors. To improve scaling. OK.. well then as a thought, why not use a routing filter to set the distance for the route? Tha...
by mducharme
Fri Nov 16, 2018 10:06 pm
Forum: Forwarding Protocols
Topic: [Solved] Routing of Traffic from Switch with Port Isolation
Replies: 5
Views: 986

Re: Routing of Traffic from Switch with Port Isolation

2. What I want can only be realized with a firewall running on the switch. Not true - you can do this by enabling "local-proxy-arp" on the interface or bridge interface or VLAN interface on the MikroTik that the hosts are on. This should enable communication between the hosts with isolation on the ...
by mducharme
Fri Nov 16, 2018 5:15 am
Forum: Forwarding Protocols
Topic: OSPF - BGP - Route Reflector
Replies: 8
Views: 1280

Re: OSPF - BGP - Route Reflector

Why not use one public AS for your edge routers (presumably doing BGP with the outside world), and a private AS for the access routers, and eBGP between them? Then you don't need route reflection. Or do the access routers need to peer with customers over the public AS?
by mducharme
Mon Nov 12, 2018 7:19 pm
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 119
Views: 25087

Re: v6.42.9 [long-term] is released!

Any change of an updated long-term version soon that fixes the bridge VLAN filtering memory leak bug?
by mducharme
Tue Nov 06, 2018 6:04 pm
Forum: Announcements
Topic: v6.44beta [testing] is released!
Replies: 365
Views: 80772

Re: v6.44beta [testing] is released!

I see some complaining about MS-CHAPv2 support in Winbox. We like the MS-CHAPv2 support for Winbox because it allows us to no longer have to store the passwords unencrypted on the authentication server, so I hope it is retained in some way. We do not wish to go back to regular CHAP in our case.
by mducharme
Sun Nov 04, 2018 10:54 pm
Forum: Forwarding Protocols
Topic: BGP IPv6 route reflection
Replies: 27
Views: 4289

Re: BGP IPv6 route reflection

IPv6 route reflection still doesn't work and it's causing a lot of troubles in our network. Is it really the only option to wait for ROS v7? Route reflection works fine here with v4 and v6 -- we also have separate peers for v4 and v6 with route reflection in at least one case, and it works. However...
by mducharme
Tue Oct 30, 2018 3:01 am
Forum: Forwarding Protocols
Topic: Which area for PPPoE Server ? [SOLVED]
Replies: 28
Views: 2921

Re: Which area for PPPoE Server ? [SOLVED]

Yes, you should use a stub area for PPPoE. We have multiple concentrators in different places and so we use a stub area on each, we have the router ID double as the area ID for the stub area so that we don't need to separately track the stub areas. Do not put the customers in the backbone or you wil...
by mducharme
Thu Oct 25, 2018 2:45 am
Forum: Announcements
Topic: v6.43.4 [stable] is released!
Replies: 78
Views: 21732

Re: v6.43.4 [stable] is released!

mducharme - Can you provide more details about the problem that you have? Preferably over e-mail to support@mikrotik.com? Provide supout file from your DHCPv6 server and more details about the problem - which client was trying to connect and did not receive a prefix, was the exact same configuratio...
by mducharme
Sat Oct 20, 2018 2:37 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Report "Delegated-IPv6-Prefix" attribute for PPPoE
Replies: 192
Views: 36875

Re: Report "Delegated-IPv6-Prefix" attribute for PPPoE

I did a test yesterday, it worked again as it worked in version 6.42.7, but I still can not get radius to assign the pools, it is still necessary to create the pools in mikrotik. In my understanding nothing new, since the interests us is the full integration with the radius, not to create several p...
by mducharme
Fri Oct 19, 2018 4:01 am
Forum: Announcements
Topic: v6.43.4 [stable] is released!
Replies: 78
Views: 21732

Re: v6.43.4 [stable] is released!

*) dhcpv6-server - fixed dynamic binding addition on solicit when IA_PD does not contain prefix (introduced in v6.43); *) dhcpv6-server - recreate DHCPv6 server binding if it is no longer within prefix pool when rebinding/renewing; Are you sure this is fixed? I just upgraded and am still having the...
by mducharme
Fri Oct 19, 2018 2:19 am
Forum: Wireless Networking
Topic: Wireless router in every hotel room
Replies: 28
Views: 2701

Re: Wireless router in every hotel room

But... @mducharme... You don't think we would plug the cAP to the main switch with a network cable going from outside the room, to the AP along the ceiling, do you? Why would we for the phone :lol: We would dig a path in the concrete from outside to somewhere in the room (for instance, to the curre...
by mducharme
Thu Oct 18, 2018 11:07 pm
Forum: Wireless Networking
Topic: Wireless router in every hotel room
Replies: 28
Views: 2701

Re: Wireless router in every hotel room

[...] the phones would be connected to the AP. If we buy half the AP at the beginning, then we will plug the phones with the APs. You're going to plug the phones into the ceiling? :shock: That would look a bit strange having a network cable going up the wall and into the cAP, doesn't really say fiv...
by mducharme
Thu Oct 18, 2018 7:30 pm
Forum: Wireless Networking
Topic: Wireless router in every hotel room
Replies: 28
Views: 2701

Re: Wireless router in every hotel room

What is sure, is that every room will have its own cable to a switch. If we end up buying half the APs, we will still connect the phones directly to a PoE switch. The wsAP isn't the best choice because apparently there is no way to close the panel and seal it when a cable is plugged (as far as I un...
by mducharme
Thu Oct 18, 2018 9:02 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Can't upgrade Router ( solved )
Replies: 13
Views: 6790

Re: Can't upgrade Router

At this point I would probably recommend a netinstall to a 6.36 or 6.37 release and restore the config on that version, then upgrade to a newer release.
by mducharme
Thu Oct 18, 2018 5:36 am
Forum: Wireless Networking
Topic: Wireless router in every hotel room
Replies: 28
Views: 2701

Re: Wireless router in every hotel room

Going 2.4GHz only is *very* risky, since then you are designing it for current minimum bandwidth and not future, and assuming that nobody else will add more 2.4GHz AP's in the area. If you have 2.4GHz in every room, you are going to have to lower the power substantially to help get rid of interferen...
by mducharme
Thu Oct 18, 2018 4:45 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Can't upgrade Router ( solved )
Replies: 13
Views: 6790

Re: Can't upgrade Router

Hello,

Try intermediate upgrade to 6.37.x and report back. 6.37.x changed the wireless package names, so it might be that an upgrade from before 6.37 to 6.40.x doesn't work because of that.
by mducharme
Wed Oct 17, 2018 5:12 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Can't upgrade Router ( solved )
Replies: 13
Views: 6790

Re: Can't upgrade Router

Can you share a screenshot of System->Packages? And, to confirm, you are uploading the npk file and rebooting and it isn't upgrading?

Also, as a suggestion, you can try upgrading to some interim release first, ex. 6.40.9
by mducharme
Wed Oct 17, 2018 2:14 am
Forum: General
Topic: Severe Performance Drop RB3011 [SOLVED]
Replies: 33
Views: 2038

Re: Severe Performance Drop RB3011 [SOLVED]

"Fast Forward" shouldn't make a difference, it is only for two port bridges.

You are doing a lot of stuff on that router, ex. the PCQ, but I would not expect it to be hitting a throughput limit at 30% CPU. Are you sure you have been upgrading the firmware along with the RouterOS version?
by mducharme
Mon Oct 15, 2018 12:24 am
Forum: General
Topic: WISP OSPF MPLS VPLS Problem
Replies: 1
Views: 294

Re: WISP OSPF MPLS VPLS Problem

Why do you even want VPLS tunnels on the client radios? If you have pppoe and you set up vpls on the client radio that means you need one vpls tunnel per pppoe customer, which seems excessive.
by mducharme
Sun Oct 14, 2018 10:40 pm
Forum: General
Topic: TR-069 Genieacs
Replies: 3
Views: 1134

Re: TR-069 Genieacs

If you wish to make the same change to many devices, then making the change via a GenieACS preset is probably the best way of doing it. This is possible if the parameter you wish to change is exposed in the TR-069 tree. Yes, this is what my actual purpose is. Is there a manual or something? Where c...
by mducharme
Sat Oct 13, 2018 4:45 am
Forum: General
Topic: Severe Performance Drop RB3011 [SOLVED]
Replies: 33
Views: 2038

Re: Severe Performance Drop RB3011 [SOLVED]

Going off of MikroTik's test results I figured the 3011 would be more than sufficient: Their test in routing with 25 ip filter rules shows a result of 2,453.1 Mbps. Granted, this is not with queuing. But is queuing really this hard on the available horsepower? For test results that approximate real...
by mducharme
Sat Oct 13, 2018 3:22 am
Forum: General
Topic: TR-069 Genieacs
Replies: 3
Views: 1134

Re: TR-069 Genieacs

What I am trying to accomplish is, I have almost 100 routers in field. And making a small change is very painful. Can anyone please guide me or point me to the right direction on how to use ACS/TR-069, that I do the settings on ACS and all the routers, whenever they come online, get the setting and...
by mducharme
Fri Oct 12, 2018 10:02 pm
Forum: Forwarding Protocols
Topic: uTorrent not working
Replies: 3
Views: 465

Re: uTorrent not working

i'm using by default configure... just connect PPPoE connection settings nothing else. what I need to do for run utorrent as well? Check your UPnP settings, it might be that the port forwarding is not working. If you have set up PPPoE, perhaps UPnP is configured to use the wrong external interface ...
by mducharme
Fri Oct 12, 2018 12:21 am
Forum: Beginner Basics
Topic: single ip address doesnt work
Replies: 4
Views: 425

Re: single ip address doesnt work

If I remember correctly we tried using that ip testing of dhcp, but removed the dhcp months ago. From what your wrote Im guessing you rebooted the router to clear everything, or do I need to upgrade to newest release? No, we simply rebooted it to clear the cache. We didn't want to because it takes ...
by mducharme
Thu Oct 11, 2018 10:21 pm
Forum: Beginner Basics
Topic: single ip address doesnt work
Replies: 4
Views: 425

Re: single ip address doesnt work

What would cause one single ip address not to work? The mikrotik assigns the ip address to the modem but I am not able to surf the web. All other ip addresses in the block work except this one ip. We use PPPoE if that makes a difference. Thanks Kevin Hello, If the issue follows the IP, check for fi...
by mducharme
Thu Oct 11, 2018 8:57 pm
Forum: General
Topic: UBNT UNMS with Traffic Flow
Replies: 1
Views: 982

Re: UBNT UNMS with Traffic Flow

UNMS is supporting NETFLOW This router is supporting 500 Customers if I enable Traffic flow on the Mikrotik Cloud core will it create a reboot? any issues to be aware of? running 6.34.4 yes I know its way outdated I have a 2nd unit with config and updated firmware we just can't afford downtime yet ...
by mducharme
Thu Oct 11, 2018 4:52 am
Forum: General
Topic: switching from L2TP/IPSEC to IKEv2/IPSEC interface?
Replies: 13
Views: 4093

Re: switching from L2TP/IPSEC to IKEv2/IPSEC interface?

Ideally I'd like it to operate as another virtual interface so I can dynamically add the default gateway route with the preferable metric when the interface is up (and then if the interface drops I can fall back to the direct-to-ISP default route) The config is working fine (both with the current L...
by mducharme
Wed Oct 10, 2018 7:56 pm
Forum: General
Topic: queue problem
Replies: 16
Views: 1129

Re: queue problem

it is working on egress side if you select "packet marks = no-mark" Good! Queue trees only control egress. If you want to control ingress, a workaround is to put a queue tree on a different interface or different device. We put a queue tree on our core router to control customer download and a queu...
by mducharme
Tue Oct 09, 2018 3:38 am
Forum: Forwarding Protocols
Topic: DSCP policy based routing?
Replies: 2
Views: 453

Re: DSCP policy based routing?

It sounds to me like it ought to work, but I would recommend setting up a test lab in GNS3 or something similar to be sure.
by mducharme
Tue Oct 09, 2018 2:40 am
Forum: General
Topic: queue problem
Replies: 16
Views: 1129

Re: queue problem

Could you please point out what is wrong in my code or if there is some typical catch for queue trees? Yes, I am sure - I believe it isn't working for you because you are missing the setting "packet-mark=no-mark" from the queue trees. Having packet mark unset is only a valid configuration where tha...
by mducharme
Mon Oct 08, 2018 9:06 pm
Forum: General
Topic: queue problem
Replies: 16
Views: 1129

Re: queue problem

Thank you for all of your answer, All of circuits are L2, There is no such ip address and router in our backbone. we can`t use vpls or pseudowire. all devices are l2 switch and connect with the fibre cable. we all want to do rate-limiting all of vlan please click link to see diagram. http://higgs.g...
by mducharme
Mon Oct 08, 2018 8:46 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Report "Delegated-IPv6-Prefix" attribute for PPPoE
Replies: 192
Views: 36875

Re: Report "Delegated-IPv6-Prefix" attribute for PPPoE

Does this mean 6.44 will finally support running a dual-stack PPPoE server with RADIUS auth? Or are these fixes still only for DHCP? That fix is for everything, but 6.44 only currently supports the attribute over DHCPv6, not PPP tunnels I would hope that they are adding support for the attribute to...
by mducharme
Sat Oct 06, 2018 9:36 pm
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 119
Views: 25087

Re: v6.42.9 [long-term] is released!

But maybe it is like you said and it only works for routers that are running almost default configuration. I somewhat doubt that this is what MikroTik intended. I would send them your previous config so they can try to figure out why their conversion routine failed with your setup. Maybe they can i...
by mducharme
Fri Oct 05, 2018 11:32 pm
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 37518

Re: v6.43.1 [stable] and v6.43.2 [stable] are released!

Appearently there is a memory leak since changelog 6.44beta17 (2018-Oct-04 09:42) states: "*) bridge - fixed possible memory leak when VLAN filtering is used;" I had VLAN filtering turned on... on my hap ac The ones who monitored stable memory usage, did you have VLAN filtering on? 6.42.7 is still ...
by mducharme
Thu Oct 04, 2018 11:56 pm
Forum: General
Topic: queue problem
Replies: 16
Views: 1129

Re: queue problem

The queue does not catch any traffic if the ports are under the bridge. /queue simple add max-limit=10M/10M name=queue1 queue=pcq-upload-default/pcq-download-default target=bridge1 Hi, This is normal behavior, simple queues do not operate when an interface is the target, unless it is a point to poi...
by mducharme
Thu Oct 04, 2018 10:26 pm
Forum: Forwarding Protocols
Topic: IPSEC and routing issue
Replies: 6
Views: 705

Re: IPSEC and routing issue

I haven't had enough experience with complicated IPsec designs to know if this is normal behavior or not. Someone else may have a better workaround, but I had an idea that might work. You could possibly create a mangle rule that applies a routing mark if the packet is ipsec encrypted, to force it to...
by mducharme
Thu Oct 04, 2018 5:14 am
Forum: Announcements
Topic: v6.43.1 [stable] and v6.43.2 [stable] are released!
Replies: 186
Views: 37518

Re: v6.43.1 [stable] and v6.43.2 [stable] is released!

My hap ac has still memory leak and crashes even in 6.43.2 not really stable kernel failure in previous boot out of memory condition was detected I also have instabilities with my hap AC, crashing every week, although I wasn't graphing memory usage before so I can't be sure there is a leak on mine....
by mducharme
Wed Oct 03, 2018 9:12 pm
Forum: General
Topic: Router won't install update
Replies: 7
Views: 1388

Re: Router won't install update

Saw another with the same sort of issue. Replaced it rather than waste time. When the 1st unit comes back to me... I will take a closer look. Field tech is going to swap for one I have at the office. Failure to upgrade is probably due to one of three reasons: - (Most likely) one or more extra packa...
by mducharme
Wed Oct 03, 2018 9:05 pm
Forum: General
Topic: Remote (L2TP/IPsec) clients still isolated, how we cam allow smb/rdp access between them?
Replies: 41
Views: 3249

Re: Remote (L2TP/IPsec) clients still isolated, how we cam allow smb/rdp access between them?

I haven't really worked with SSTP very much. I am actually wondering - why are you using both? You could just use L2TP/IPsec for all clients instead of a mix of L2TP and SSTP. SSTP probably will not perform quite as well as L2TP/IPsec.