MikroTik

RackKing

I have gotten a couple of these - the board slides about 1/4" with the case front to back. Anybody else see this? So when you plug an cable in the board slides backward and hits the back of the case I presume. Pull the cable and the whole things slides forward and stops. Perhaps I can open the ...

RackKing

anyone have a thought?

RackKing

Hi, I have a logging rule designed to send an email if the firewall action log contains a prefix "must match" for example. The firewall rule works correctly and adds the prefix to the log like "must match input: xxxxxx...." The problem is the logging rule seems to attach that pre...

RackKing

Pre-empting the worst is probably the best summary.
If they're poking at certain ports when they shouldn't then you probably don't want them poking at anything.

This makes a great deal of sense to me - thanks.

Good discussion - thanks to all who responded.

RackKing

If you have drop rules that simply drop packets to ports/services you do not use like ssh, ftp, telnet, winbox, etc... what is the advantage to creating a timed black list and dropping that? Is it to gain the logs and perform further action? If you have the IP/Services turned for all those is there ...

RackKing

Despite the fact MNDP is located in /ip neighbor menu, it should be considered as L2 protocol because both dst-MAC and dst-IP are broadcasts. Due to that, /ip firewall (both filter and raw) see the packets but can't drop them. (personally I consider that as bug - either it should count matched pack...

RackKing

Hi, I am trying to allow only admin computers that are on a "Winbox_Admin" firewall address list to see the neighbor discovery results from winbox connections to MNDP UDP on port 5678. I want to leave Neighbors Discover settings on my management interface running but block the "result...

RackKing

Hi,

I have been blocking all udp 5678 packets input and forward chains with no luck. Anyone have some help - please?

Thanks

RackKing

Anybody else have a thought on this?

RackKing

is chain=input right? input is for traffic going to router itself. chain=forward maybe? Hi and thanks for your response. I have a rule for both chains now - the only one that ever generates any traffic is the input rule. The remote winbox pc is sending the MNDP broadcast to the input of the router ...

RackKing

So I made this firewall filter rule and drug it to the top.

chain=input action=drop protocol=udp dst-address=255.255.255.255 dst-port=5678 log=no
log-prefix=""

I still see the connection from the host winbox IP:5678.

Am I missing something?

RackKing

Just filter out UDP broadcast packets with destination 255.255.255.255 & port 5678 on the devices you don't want taking part in MNDP.

@icsterm Thank you very much. I will give it a shot!

RackKing

Thank you for.posting this - could you expand a little bit? a sample config would help me get my head wrapped around it. Turning on igmp proxy on the interfaces but I have never use the other features.

Thanks for any help.

RackKing

So.... thank you everyone for this thread and specifically to @Retral and @pukkita. I worked on this for a couple of hours.... it was maddening. I tried 3 different branded laptops win7 - 10 not luck until I found this thread. I think this thread should get referenced in the Wiki. FYI - I could get ...

RackKing

@docmarius That was my understanding thanks for the clarification. Discovery is a nice feature to make some things more convenient but I understand the reason for turning it off. I was contemplating leaving it running on my management interface. My concern is that if somebody gains access to an inte...

RackKing

If there is a way to limit the discovery from only showing up on specific interfaces let me know. "With a list you can activate a single interface" I am not talking about limiting what port it "discovers on" I want it to only report what it discovers to a single physical interfac...

RackKing

As in the firewall address list?

RackKing

@R1CH - do you leave Neighbors Discover on for your management VLAN?

RackKing

On one of my bigger networks I have a dedicated management VLAN. RouterOS is firewalled on every interface except this VLAN, so it only performs routing. I have a Linux box on the management network running wireguard that allows me to remote in, I trust wireguard far more than any of the RouterOS V...

RackKing

I understand the Neighbor Discovery Settings can only run on and interface list. So you can create a list <LAN> and Add and interface to it like <LAN-VLAN>. It will then discover devices that VLAN and advertise them to Winbox correct? Can you have the "advertised to only a single interface? My ...

RackKing

It's a great idea to have a management network if your end devices can be separated like that. Once you are in a SOHO/SMB environment then this becomes almost standard to have multiple LANs (/vlans). The trick is ensuring nobody simply plugs in to your MGMT network to access the devices. Ensuring y...

RackKing

How does the IP/Service/Winbox - "Available From" differ from an input rule with address-list in the firewall? Does one have priority over the other?

RackKing

Thank you both for your replies.

RackKing

I would really appreciate any feedback.

RackKing

I don't think they overlap and I would implement Dude, Splunk and, in place of Cacti, Zabbix. Dude for management and very basic monitoring but it can do more. Splunk (I am using it's alternative Graylog) for log collecting, log analyzing and alerting. Zabbix for monitoring, graphing and alerting. ...

RackKing

This is a SOHO/SMB focused question for the most part. I typically create a management network for devices like managed switches, APs, Power Devices, and other various widgets that are directly related to core network operations. I let them pull DCHP and then set a reservation out of the DHCP scope....

RackKing

Just got my wired 4011 up in the lab.... I will play with it over the next week. Physically a solid device - but what I don't like > - miss the beep (dumb I know) - miss the LCD as it had customer curb appeal even though it was rarely used.... - think it should have USB - storage and WAN - I really ...

RackKing

For monitoring stuff I do recommend Splunk as I have posted here: https://forum.mikrotik.com/viewtopic.php?t=137338 There are other nice program like NEDI that can be used to keep track of all your devices. Thanks for your reply! Do you use The Dude? I am thinking about using Splunk as well but it ...

RackKing

Here is a post where I am struggling to understand the VLAN :) https://forum.mikrotik.com/viewtopic.php?t=138232 I have read that thread about 10 times... it is good stuff. I am amazed at your visualizations and drawings - Visio? I could only dream of doing something that well laid out - great work.

RackKing

So maybe a dumb question... I did have a look a the Patreon page. What level would you recommend to an integrator like who would offer this to his customers as part of a annual service offering? I would bill them directly and purchase your service. I suppose I could buy a tier and then upgrade as I ...

RackKing

@Jotne thanks very much for your reply. I have not been brave enough to try and combine these approaches yet, but I can see where you can get the best of both worlds by doing so. I guess there is "no one bridge to rule them all"... :-) (sorry). it is curious that newer hardware does not ha...

RackKing

Thank you for the reply. So much for a single pain of glass

RackKing

Due to that, you can't consider blacklist as alternative to whitelists (which are useful only for incoming connections). It has different purpose and even with thousands of blocked IP's blacklist will not have significant impact on your CPU.

This was very helpful - and perhaps the end game.

RackKing

@vecernik87

Thank you very much for your thoughtful response. That helps me very much.

RackKing

Anyone? I was hoping @jotne would chime in as he is the splunk guy and spread some light on this topic.

RackKing

Hi, I have been reading a great deal about all the various exploits going around and thinking about how to protect my networks better. I also have read about the interesting blacklist update projects that are being developed. One comment got me thinking about whitelisting vs blacklisting - the spiri...

RackKing

um - I feel silly.... That is the ticket.

RackKing

Any feedback or pictures? Or another solution if you wanted to ceiling mount this. Thanks in advance.

RackKing

I am just trying to get his sorted in my mind. I am curious to know how these fit together, or don't. What is the typical use case, or better put how do yo use them. I primarily serve the SMB market. I am not a WISP, although I do a fair amount of PTP and PTMP installations :-). I am to the point wh...

RackKing

it does even appear on the new RB4011 device. We need a standard layer to work with VLAN and let it sort itself out automatically. Thanks for the response.... wow I had no idea the new 4011 did not allow access to the switch chip config. Poor assumption on my part - thanks for setting me straight. ...

RackKing

I have spent countless hours reading posts form @sindy, @CZFan, @mkx, @efaden, @ dasiu, @Jonte, and many others who gratefully contributed to this topic on these forums. I cannot express how thankful I am for all your posts on this often confusing and complex topic. Sharing your knowledge and patien...

RackKing

Same firewall rules - any idea where to start looking? The gateway for each vlan is responding to ping but the hosts are not.

RackKing

Right - no radius here. I have 3.18.

I still have the issue. I am going to do some more testing today,,,

RackKing

That is what happens to me as well.

Anyone?

RackKing

Hi, I have used Advanced IP scanner for a long time with no issues. I use it to scan the network from a connected PC to get info on devices, IP, etc... it is easy and I like the export function. I know a similar scan can be done in winbox, but not as convenient from a test client without winbox.... ...

RackKing

do it the old way... RB3011 connections ether1 - WAN ether2 - Trunk 1 (V100, V200, V300) ether3 - Trunk 2 (V100, V200, V300) ether4 - access port vlan 100 ether5 - access port vlan 200 1. make a bridge. br1 2. add ether2 and 3 to the bridge. 3 make vlan 100 and 200 as port to the bridge. vlan100_br...

RackKing

Not sure I understand your last sentence. I am trying have VLAN 100 and 200 present (egress?) on ether2 to and 3 to pass tagged to a downstream switch. The Tags simply aren't there. I can confirm this with a test downstream switch and a Netool.io scan device. When I use your option 1 from the first...

RackKing

The only mistake I can spot is that under /interface bridge port , you haven't set the pvid for the access ports ether4 and ether5 . So you have to add the pvid parameter to these lines in accord with the rules under /interface bridge vlan : /interface bridge port set [find interface=ether4] pvid=1...

RackKing

here is the config - note the default was left to keep it simple so I could connect. # jun/08/2018 15:16:55 by RouterOS 6.42.3 # software id = # # model = 2011UiAS /interface bridge add admin-mac=64:D1:54:1E:B4:AE auto-mac=no comment=defconf name=bridge add fast-forward=no name=my-bridge vlan-filter...

RackKing

Thanks for responding. I will have to build it from your option 2 and will post back.

RackKing

Hi, First I would like to say thank you to the following members in no particular order: @sindy @CZFan and @acrul. I have read through your man post and a grateful for what I have gleaned. But - I have been really struggling this week trying to get this sorted. I am hoping someone can set me straigh...

RackKing

Thanks, so it appears I'm on the right track then, other than not doing the firewall rules yet. I'll do a few more tweaks and then put this in as active. Just wanted to make sure with the newer changes in 6.4x that I didn't need to reconfigure how I was doing things previously for any reason. Just ...

RackKing

Hi, Thanks so much for your reply and sorry to not be very clear. The "piece of cake" I was referring to was creating multiple trunk ports prior to 6.4.1 (I think thats right) when the master port designation was still being used. If my trunk port was configured on ether-2-master for examp...

RackKing

I have ether 2 setup as a trunk port with several VLANs running on it. IP addresses, DHCP, etc.. are defined on those VLANs. So - in previous versions of ROS you could just select the master port (eth2) and boom you would have another trunk to carry to another switch or whatever. How is this accompl...

RackKing

anyone?

RackKing

Hi, I have a dev router behind a main production router. I would like the dev router to be in the DMZ for testing purposes. I have the an ether7 setup as the DMZ interface on my 2011 production router with a separate network setup for it. I have a DHCP server running on ether7 it to test DHCP client...

RackKing

Thanks all

RackKing

Thanks for your reply - I still get "discover-interface-list: !dynamic"

It should say none, after that command right?

RackKing

I am somewhat confused as how to use the new list feature. We had our interfaces and vlans set to discovery = no. How do I achieve that with the new ROS version 6.41.1.

thanks in advance

RackKing

yes - can you provide some basics of the filter rules?

RackKing

The basics are that the router is on the management network (for example) 192.168.1.x and the PC I am trying to access it via winbox is one 192.168.2.X. The firewall is setup to isolate the two networks. The networks are setup on different interfaces with DHCP, DNS, all the normal stuff.

RackKing

This should be trivial... but need some help. I have a router on a management network and would like to access it from a specific workstation on a user network. I thought a simple forward rule from the workstation to the router would work, but no. Do I need an input rule from the IP to the TCP port ...

RackKing

I rebooted the Unit and the problem stopped. - solved

RackKing

I turned off SSH and same result.

I noticed discovery and CDP are both enabled. Could these be an issue?

RackKing

I am at a loss on this - not my install on the Unifi equipment and have never seen this before. I am hoping somebody can tell me what this traffic is and how to stop it? Thanks in advance. I have a feeling this is a "Oh duh, I should have known that" type of answer..... 10:04:36 firewall,i...

RackKing

I am now having the same issue after an upgrade - any update?

RackKing

What do you mean by that? In such case it would not be an update but fully different product. Anyway remember the difference between a switch and a router... Hi Jarda - thanks for commenting. In smaller projects I do set these up as a router as well to do basic DHCP, NAT and basic firewall. Perhaps...

RackKing

Hi - wondering if this product will be updated at any time or if it is in the works already I am out of the loop. An ARM aka 3011 version of this would be killer, or even a processor on par with the HEX.

Thanks in advance for any feedback.

RackKing

Thank you for your reply - but I am not sure I understand. Some questions. 1. If use the management IP as described in the last step, does that mean the only way I will be able to access the router will be on port 2? I will have to provide my PC a static IP in the 192.168.88.1/24 network? 2. DHCP - ...

RackKing

I am struggling to make this work and wonder if someone can provide some assistance. He is some setup info with RB750: ether 1 = WAN ether 2 = master port - VLAN 10,20,30,40 connect to managed switch ether 3 = Master port 2 ether 4 = Master port 2 ether 5 = Master port 2 All of the VLANs are configu...

RackKing

I suspect that you have an allow state=established,related rule that comes before your "allow ICMP" rule - so once one ping gets through, all of them will as long as connection tracking considers the connection "active" If your allow ICMP rule has a rate limit, then as long as t...

RackKing

A reasonably-sized botnet can scan the entire IPv4 space in pretty short time, so they're not going to waste time trying to ping and then scan - they're just going to scan. I bet that by now they've gotten clever enough to shuffle the target hosts/ports among their entire botnet and slow it down to...

RackKing

Hi, So I am using the basic two line "allow limited ping" filter rules outlined in the Wiki and other places. The rule works and begins to hit the drop rule when the threshold is met. here for example: http://wiki.mikrotik.com/wiki/Securing_your_router My question is - what should the &quo...

RackKing

I just got my Pantech UML 295 and followed these directions and was not able to even see the LTE under interfaces but I can see it under resources under system > resources > USB Any recommendations on what I can try? Yes. Install the modem in a Windows machine, with the Verizon software. Use that s...

RackKing

Yes in that case you can do it with the switch:

/interface ethernet switch port
set 5 default-vlan-id=172 vlan-header=always-strip vlan-mode=secure

This will make port 5 an untagged member of vlan 172.

Thanks so much - I will give this a shot!

RackKing

So I want Ether5 to be a member of a VLAN currently on Ether2 - and pull from that DHCP, DNS, etc...

RackKing

thanks for the reply - but do I do it /switch settings?

RackKing

Thank you this was helpful and allowed me back in.
Which one of the two hints?

console cable - I could never get the reset button to function.

RackKing

Hi,
I have trunk port on ether2 with several VLANs, address, DHPC, etc... this all works will connected to a manged switch.

I would like to make ether9 on the RB3011 part of an existing VLAN (172). Can I do this in the switch settings or do I need to create a bridge?

Thanks in advance.

RackKing

No idea about the reset problem (except: note that the first blinks do not count, first wait 5 seconds THEN wait for it to blink). However, when you only locked yourself out due to the firewall or IP config problem, note that you can still access it via the RS232 port. Use a "Cisco blue cable&...

RackKing

I have a 3011 I am trying to recover. I have followed the instructions on the Wiki closely. I have the console cable and ethernet cabled attached to port 1, etc.... I have selected etherboot in the serial console and all is good. I can see the routerboard 3011 in the list as "ready". I am ...

RackKing

So - I bricked the config on the 3011 and cannot reconnect. I have tried the reset button several times but must be doing something wrong. I apply power while holding the reset button and wait for the top LED next to the USB port to blink then let go - no work. I can get it to go to ether boot every...

RackKing

Trying to use the reset button on the back of the RB3011 to reload the default config. I have pressed and held .... and prayed. I cannot get it to reset.

Any advice?

RackKing

@RackKing - thank you so much!! I was going mad with the EdgeSwitch. My Problem was that the Trunk Port from my CRS was simply not working at all. I couldn't even manage to connect to the Edgeswitch itself through the Trunk Port. Disabling STP on the Edgeswitch solved the Problem. The Trunk Port us...

RackKing

We are looking to find replacement power supplies for the DC24V 1.2 amp units that come in the box. We have had a few fail and want to keep some on hand. The model number is FLD301-240120-U for the 2011 I just checked but I am sure they chance. The form factor is perfect for us - so I am looking for...

RackKing

RB2011 with the default local bridge. I am trying to filter ether3 to allow only a specific MAC address to connect. When I run the rule on the bridge it works but obviously block all other traffic. Ether3 is slaved to ether2 as well. I want it on the same network DHCP server as ether2 but want to re...

RackKing

it appears there is no way to do this by interface with a bridge involved

RackKing

This is also a 2011 with a bridge - so I will add that and try

RackKing

Thanks Jarda - I went to bridge / settings and ticked the "use IP Firewall box" on and off with same result. I assume this should be off as it was by default?

Is there a different way to turn the bridged firewall on?

RackKing

This should be an easy one - but I cannot seem to get it to work. I was trying bridge filter > forward in/out interface action drop. This does not seem to work.

Any help.

RackKing

That title probably makes little sense.... but here goes I am trying to get clients that connect to a WLAN with a VLAN tag (from Unifi) to pull from an address pool/list this that is forced to use OpenDNS - while being on the same network with an additional HDCP server for "normal" clients...

RackKing

Hi, I have setup some address lists - regular vs family. I have setup rules rules to send family to open dns and regular to google. The issue is I have to manually add "family" users. This is a PITA. I have also setup some a Family wirelss vlan that uses OpenDNS - but the VLAN prohibits ot...

RackKing

@ krisjanis

Thanks for your reply - now I understand. Is a server package for the RB3011 in the works?

Sorry if this has been covered.

RackKing

Probably a dumb question - but you are discussing this running on arm - you are talking about the client right? Not the router, i.e. so the dude package will run on the rb3011 right? I am, obviously, new to The Dude. Does anyone recommend a "newbie" guide or getting started post? I will be...

RackKing

Can you detail this statement a little? AFAIK, RP is ARM based and does not support wine... Is there a native linux or a java version available? My mistake then. But the question is not for us, but for Wine developers. MikroTik has never made Winbox for Linux, we do have Webfig that works on all pl...

RackKing

Sorry if this is a dumb question... but it would be great to run Winbox from a Pi.

Thanks in advance.

RackKing

I am wondering the same - anyone?

RackKing

Any ideas for getting Sonos to work across VLANs where the speaker is on the main network, but the app is running on a device connected Wi-Fi and is on a different Guest VLAN? Can this be done via firewall rules or something else. I am just not sure what sonos needs. Any help would be appreciated. T...

RackKing

I have a wired guest network - I would like to isolate them from seeing one another.3

I have the guest network setup with a firewall address list - but cant seem to write a filter rule that works. Any advice?

RackKing

So - I am not sure, but will check. I am not sure how that would work? How would you forward from the WAN to the router?

Would the IPV6 hit the router directly? Sorry to be naive just never really dealt with double NAT before.

RackKing

I am not sure how/if I can make use of it. So, I have DishNet that uses a double NAT and I cannot hit the router as I have no WAN IP. I have no experience with IPV6 and have a question. I am told the with Dishnet the IPV6 WAN address is discrete to the modem. Can I use the IPV6 address to reach the ...

RackKing

I've run into this before with the EAP350. I think you need to have "Isolation" checked on SSIDs not part of the primary/management VLAN (so enable Isolation on your Guest SSID).

Thank you! Spot on - works now.

Cheers

RackKing

First - on this same rb2011 I have a guest VLAN configured and operating properly with some existing Unifi APs. The Guest SSID is tagging properly and pulling from the correct DCHP server, etc.... they work fine. On the EnGenius setup they have place to enable a VLAN ID. I set this to my guest VLAN ...

RackKing

I am estimating according the last row from the performance table (routing with 25 filter rules) 512B column. This is the most representative value that roughly corresponds to my cases when a device should do the nat. And the values are quite similar in real. Thank you - this is exactly the informa...

RackKing

I am just trying to understand what byte packet size is best used or most representative......

RackKing

Thank you so much for the reply - but in general terms what size should I use to estimate WAN to LAN performance from the data?

RackKing

Hi, So I see the performance numbers have been put out on routerboard.com for the hEX RB750Gr2. http://routerboard.com/RB750Gr2 Based on 25 IP filter rules it looks the throughput for 1518 bytes is 986.1 Mbps. Does 1518 relate to the MTU size, or what number is the most realistic to use for determin...

RackKing

anyone?

RackKing

Hi, So I see the performance numbers have been put out on routerboard.com for the hEX RB750Gr2. http://routerboard.com/RB750Gr2 Based on 25 IP filter rules it looks the throughput for 1518 bytes is 986.1 Mbps. Does 1518 relate to the MTU size, or what number is the most realistic to use for determin...

RackKing

Can anyone comment on the filter rules?

RackKing

If it is not listening to connections from the public Internet, how is it a security risk? All it does is let computers on the LAN request ports be open and forwarded to them. That is to say, what is needed to make a game work properly. There's no real rocket science. /did game programming until a ...

RackKing

I believe another quick and dirty way to get game consoles (xbox, playstation, etc) running properly is to turn UPNP on in the client cpe. We typically leave UPnP disabled on the router as it is a potential significant security risk. If UPnP was running, I assume it would work well but have never t...

RackKing

Hi, I have used the link below to identify and open the required ports for an Xbox One. http://support.xbox.com/en-US/xbox-one/networking/network-ports-used-xbox-live Here are the rules being used, where xbox ip address = the reserved local IP address of the Xbox /ip firewall filter= add chain=forwa...

RackKing

I am wondering if anyone has an idea of how these two compare simply in WAN to LAN performance? The processor speed is different, but I am unsure how that translates to real world performance. With a normal firewall I wonder how big of an internet connection the HEX could handle - 500Mbps with fastt...

RackKing

I checked the usual suspects and found! Thanks for the input. I am pretty excited about this little router!

RackKing

really - who? I will check the usual suspects but if you would PM me that would be great.

RackKing

great - any idea when this is shipping?

RackKing

@gbr - thank you very much for posting this. I kind of works for me.... have a couple of questions. Note: I am a novice at scripting and still learning.

I have the script I provided working successfully on three routers.

Thanks very much GBR for the help and clarification.

RackKing

Thank you for providing this to the community!

RackKing

@gbr - thank you very much for posting this. I kind of works for me.... have a couple of questions. Note: I am a novice at scripting and still learning. So I have poured over this sever times - it has been a great learning opportunity. As I understand it this - # get the current IP address from the ...

RackKing

@gbr

did you get it working - can you share?

RackKing

Also - a data sheet I saw shows a 750 mhz processor. With a normal "soho" firewall and nat rules what do you think the max wan to lan performance would be?

Thanks in advance .

RackKing

RB 2011 was the product in 2011 so i might be that RB 3011 will be released in Q2 of 3011?! no seriously i'm also waiting for that device. but it's also better if it get postponed rather than a not working release. nevertheless MT could give an update on the state.

+1

RackKing

I use the rack mount 2011 versions almost exclusively. So it is simply black with white lettering and matches the rest of the gear it lives with. No red on the rack. I don't think the red looks bad on the desktop models.

my 2

RackKing

when we have hEX with gigabit?

RackKing

"ny chance to get the rb3011 rm in the style of the crs series?"

no white please........ for that matter, I wish the CRS stuff was black as well

RackKing

I have some firewall rules that are blocking some of my networks from communicating or seeing one another. This is working fine. I am trying to allow some traffic through and am wondering the best way to accomplish this. I have a UAPs that dropped off the remote server when I put them in place. Also...

RackKing

Thanks Dave!

RackKing

Ah - that would have been good info - RB2011UiAS ROS - 6.29 Firmware - 3.22 That port is connected to a Charter cable modem. I suppose it could be the modem - I just have never seen it do that kind of thing. As I check the logs it is still going on. I would suspect it is not the cable, and I would t...

RackKing

thanks for the reply - it seems to happen every 30 mins? Is the interface failing on the router?

RackKing

this may be a dumb question.... can someone help me understand what is happening? The port is a connected to the modem which is not dropping.

Thanks in advance.

RackKing

thanks - this worked sort of - I will check the manual to find more information. The wish the manual was setup in more of a "how to" fashion.

Anyway - when I add the WAN IP address or DSN name it finds it, but only ads a DNS service. Do I need to ad the router IP?

RackKing

Hi jarda - I simply do not understand what you are asking me in regard to tunnels. I am at work behind a router. I have an RB2011 remotely I can access through a wan IP. I can access it through winbox. I have all services on the router off, so SSH, telnet, etc... are all off. My winbox port is the o...

RackKing

Thanks I appreciate the lesson and information.

Can you tell me how to setup The Dude to monitor other routers on connections to let me know when they go up/down?

Are you saying I do that with a tunnel?

RackKing

Thanks Jarda -

Have you tried to use tunnels between your devices to have clear access to them?

If you mean can I Winbox into them remotely - yes. Is tunnel something you start on the Dude?

I am just not sure how to get started...

RackKing

So, I would like to know how to use the dude to monitor remote routers, mostly rb2011s. I would like to get an email if a 2011 goes missing. I am using windows and can run on a server. I would maybe grow into other things - but right now I just want to watch remote installations and know if they go ...

RackKing

Thanks for all he replies!

RackKing

thank you very much - that really helps

Kudos to you,

RackKing

hmmmm - never done port knocking I will do a search and see if I figure it out. Or if you have some info please pass it along.

by tunneling do you mean VPN?

RackKing

We have several routers in the filed at this point that we access from our Office. We have 8291 open and can access these no problem. We use a good 8 character password currently. What do you guys to secure this more? Should we use a stronger password? Changing the port? Can I specify specific hosts...

RackKing

Thanks very much for the information from each of you. This helps me frame it up. @ Nathan, The 1100 looks like a defiantly step up, but the pricing delta puts it really close to the entry 1009. I have been watching the prices and sometimes they are within about $60. so the 1009 is not that much mor...

RackKing

I guess I was just asking about "faster" in general terms. We are dealing with 100mbps WAN connections regularly now. I have seen the charts on router board and get that, but I wonder how a few concurrent VPN connections running at the same time affect that performance? One reason for my q...

RackKing

Bueller.....

RackKing

So - Just to make this clear in my own little mind.... I am interested in WAN to LAN performance primarily, and VPN and routing speed next. Metarouter is not a factor for my thinking. What is the natural progression from the 2011? RB980gx2 CCR1009 seems like a big jump.... also afraid to ask this fo...

RackKing

@Nathan

I disabled this on the EdgeSwitch. As I was testing this and trying to figure out where the problem lies, I was pinging the edgeswitch. so RSTP was on for a long long time.....

@43 - yeap the bridges with RTSP did not play nice for sure.

Thanks guys.

RackKing

So..... mercifully I have tracked down the problem/issue. A big thanks to 43north for throwing some time at this - he is a great guy. To be clear - at the most basic level - when I had the Edgeswtich connected to a CCR port that was part of a bridge it would instantly become unavailable. As seen by ...

RackKing

First - I apologize for the minutia in this post. I am still very much a beginner with Router OS. Hi, I am looking for confirmation that I am doing the right things when configuring VLANs. If there are scenarios where this will not work please advise. Specifically I am trying to make sure I have not...

RackKing

Hi 43 - again thanks for your continued help. I cannot get mine to work. What settings are you using?

RackKing

at least I do not feel so crazy...... thanks 43 for your help

RackKing

A Nathan & 43 thank you both for the help. @ Nathan you have descried what I am trying to achieve perfectly - but it simply does not work for me. 0/48 uplink trunk has VLANs 10,20,30,40 included and tagged and Default VLAN 1 included and untagged. This should mean the hardware on this is into th...

RackKing

First thanks 43 for your help - I have followed the instructions exactly - and no necessarily getting an error. I just cannot get an IP address from the router to the wireless client. Here is my setup - perhaps more clear. On the CCR1016 I have 4 VLANs setup with DHCP servers, addresses, bridges, et...

RackKing

not really .... if my VLANs are 10,20,30,40 - are you saying the pvid needs to be the same? pvid 10,20,30,40? On the Ubiquiti EdgeSwitch 1) Create VLANs that you wish to pass from your Mikrotik - I did this on the status page = 10,20,30,40 2) On Port Configuration page, include VLANs TAGGED on your ...

RackKing

thank you for the clarification on the access points - if the PVID is default at 1 does it need to be changed?

RackKing

So - I very much appreciate your efforts - but cannot get his to take.... Any feedback would be appreciated, I am probably missing something simple. This management vlan is confusing to me. Here is my 192.168.x.x setup on my CCR1016 .10 network - VLAN 10 .20 network - VLAN 20 .30 network - VLAN 30 ....

RackKing

I am in same situation with an edge switch - how did you get this working - cant figure out how to create a trunk port. All the VLans are setup in the CCR. I am using UAPs to tag via SSID.

any help appreciated.

RackKing

I was asking how many people deploy a UTM with a Mikrotik router. Is there a UTM everyone likes or a go to unit for a small business, restaurant, church, large residential, (not enterprise) that we should consider using? I am wondering if this would be a good standard practice to just do? I know the...

RackKing

Is this a crazy question?

RackKing

We primarily use RB2011 of various flavors in residential systems and some light commercial projects.

Should we consider a UTM as part of our standard package? Does anyone else out here do this? If so do you have a recommendation?

RackKing

Is there a way to do DNS filtering by mac?

So in a household you want the Kids computer to be using OpenDNS setup up appropriately, but the parents computer to use google DNS.

Can this be done?

Sorry if this is a newbie question.

RackKing

Again, Sorry for the newbie questions... I have never setup the Mikrotik email feature. I have read some posts about "monitoring? using the email feature. What to you guys use the email function for? Can someone share some scripts/tricks on using the Email feature. Any remote information concer...

RackKing

RackKing, I use a USB port replicator. This is the only way I can get the RB2011 to talk to my APC-UPS (after a few reboots). http://wiki.mikrotik.com/wiki/Manual:System/UPS From the wiki, it looks like MK only supports APC Smart UPS. Thanks for this - I will try one. So - you have gotten communica...

RackKing

Does anyone have any input?

RackKing

So - I am an idiot I think. The instructions indicated to use ether1.... so I am connected ether1 directly to my laptop. I have also downloaded and installed the correct netinstall version that matches what is currently on the RB2011 V6.7 I hold the reset button down on power up until I see ether bo...

RackKing

ah - google is my friend. I will make a rolled RJ45 cable and give it a shot. If I am on the wrong track please let me know.

RackKing

Hi, I have a 2011 that needs the OS to be re-installed via netinstall. I see the 2011 has a console port on the back of the unit. Can I connect via Ethernet to this? I do have a console style serial to Ethernet cable but no serial port on my laptop. Sorry to be a newbie - I have never used a console...

RackKing

any help?

RackKing

I am trying to setup a RB2011 to a DSL router in bridge mode. I setup the PPPoE to the correct port and configured the dial in with the user name and password, but I cannot get it to connect. Also - I have place the modem (netgear 7550 from frontier) in bridge mode previously. Is there a guide for t...

RackKing

I got is sorted - thanks. You gave me the place to look.

RackKing

Hi,
I have some scripts I use that when I copy over produce the following error. I think the error has to do with syntax changes - any help?

"input does not match any value of policy"

Thanks in advance.

RackKing

Further - when I try to do a = system resources usb> print" the router locks up and reboots....

I do not see an entry into the log either.

ideas?

RackKing

So - I have read through some posts and not read any concrete information so I thought I would ask. My ultimate goal is to create a script that sends an email if the UPS goes on batter backup if the site looses power. But first... I have the USB package loaded and the UPS connected - but I cannot se...

RackKing

Thanks guys for all the responses I see I have a lot of work to do

RackKing

We would like to be able to keep better track of the systems we have deployed. What are you guys using for remote monitoring? At the very least we are looking at a system to email alert us if a router has dropped offline. Is there a cloud management app that works well. Nagios and the like sound gre...

RackKing

yes windows 8

RackKing

How can I install this package? I had read a post about copying it the file window and rebooting the router.

When I drag it over it does not show up in the files list.

What am I doing wrong - thanks in advance for any/all help

RackKing

Thanks - Perfect! for add one user /user add name=x password=x group=full comment="" disabled=no If you need to create one group outside the 3 already provided (full, read, write) you first must create it by: /user group add name="administrators" skin=default comment=""...

RackKing

I am tired of adding the winbox users to each router manually - what is the syntax to copy the script in. I am assuming this can be done ?:???

Thanks.

RackKing

Is there a way to edit a DHCP rule to change the pool size without deleting it and starting over

How do you set DHCP reservations? Is it the same as in a consumer router where you hit make static and leave it where it is or do I need to move it outside the pool?

Thanks in advance.

RackKing

Is the 2011 better for home use - 30 MB ISP, guest vlan, 18 wired hosts, no voip, VPN for support, Ubiquiti for WLAN. I am really thinking the RB2011UiAS-RM is a no brainier - wish I would have figured this out a year ago. I am now to Mikrotik. How does this change when the 850gx2 finally ships? Tha...

RackKing

+1 on this

Search found 380 matches