MikroTik

rickfrey

Ok, I understand what you are trying to do now. To answer your question, I don't know. It would seem that it should be possible if the RADIUS server was capable of it. You would likely have to have one that uses the MikroTik API, but I don't know of one that works quite that way. Several will compli...

rickfrey

Even if you use check gateway ping option, as long as the gateway IP is up but its internet connection is down, your automatic failover will not work.

That's true. Personally, I would netwatch to resolve that problem, but he doesn't want to do that. How would you configure it?

rickfrey

I've help setup a few, but I haven't use one as a customer to be able to recommend one with confidence. I do know that there are several of those services in Europe. Can anyone else recommend one?

rickfrey

Goto the LAN interface and in the ARP section, choose proxy-arp.

rickfrey

Yes, you need to use WDS mode:
http://wiki.mikrotik.com/wiki/Wireless_repeater

rickfrey

Look into User Manager. If your able to program in PHP, you won't have too much trouble after that.

rickfrey

This is still partially true. At ROS 6.9, it will work as a 3G device, but not as an LTE device. Its not a great choice for 3G device.

rickfrey

Do you have your Windows firewall turned off? What about the UAC settings?

rickfrey

What are the rest of your settings?

rickfrey

The port forwarding is simply a matter of adding the public IP address to the router and then adding a NAT to the affect of: chain=dst-nat dst-address=x.x.x.x dst-port=80 action=dst-nat to-address=y.y.y.y to-ports=80 The load balancing would probably best accomplished with a load balanceing applianc...

rickfrey

Try changing the action to redirect.

rickfrey

What ROS version are you using?

rickfrey

Did you resolve this problem with a latter version of ROS or do you still need help with it?

rickfrey

Can you post your config settings?

rickfrey

Please, post your config.

rickfrey

You can redirect that traffic based on routing/ packet marks.

rickfrey

Please, post your configs?

rickfrey

ROS doesn't have that feature, but depending how you are using your WAN connections, you may be able to use meta router as a work around.

rickfrey

Did this problem go away with latter ROS versions?

rickfrey

Can you post your config?

rickfrey

Can you post your IP -> address and IP -> Firewall -> NAT settings, please. Is your masquerade rule at the bottom?

rickfrey

Can you post your walled garden settings? Are you using a wild card?

rickfrey

#2 can be done with the web proxy.
#3 might be able to be accomplished with the web proxy or might have to be scripted.

rickfrey

What ROS version are you using?

rickfrey

How is your network setup and how are the clients communicating with you?

rickfrey

It sounds like a problem with the cookies on their computer. Try flushing their cookies and logging back in.

rickfrey

Very nice! Thank you!

rickfrey

Can you post your config, please?

rickfrey

Are they just AT commands? What type of physical interface is the modem showing up as?

rickfrey

The first thing you should do is upgrade the OS to the latest version. You may not have a problem after that, but if you do then, please, post your config.

rickfrey

Did you enable proxy arp on the LAN interface?

rickfrey

Can you post your settings? Have you tried to use a different web browser on the 2nd PC?

rickfrey

Its really very easy if you are going to build a bridge with EOIP as one of the ports. You won't need any routing or NAT rules. Just create the EOIP interface on either side and use the IP Sec permitted addresses for each router.

rickfrey

With dropbox even if I give the client full https access they still cannot connect, any ideas?

Are you redirecting 80 & 443?

rickfrey

Can you post your config?

rickfrey

Have you tried re-installing the OS with netinstall? You may simply, just have a bad router.

rickfrey

When you are downloading a file from across the Internet, you are also introducing unknowns into the equation. The best thing would be to test to something that is also connected to your ISP, but who has more B/W than you. This will give you a pretty good idea, but its not perfect either. The B/W te...

rickfrey

Have you tried using 1:1 NAT?

rickfrey

You are going to need to set up policy based routing for that. If you look at the PCC wiki page, there is an example in there that you can modify to your needs.

rickfrey

Can you post your config, please?

rickfrey

How many CPUs show up in resources? We had a similar problem with multi-threading and we had to upgrade to the last ROS version to make it more stable.

rickfrey

Are both side MikroTik? This feature will only work dynamically if both sides are MikroTik. If the other side is some other vendor you are going to have to add the appropriate ports to the bridge.

rickfrey

I've set that up before and it was a little complicated at first, but it worked well after we got it working. If you would like to email me, I can put in touch with someone who can share that configuration with you.

rickfrey

Radius Manager allows you to script that process, so, yes, you can do it. It will be done on that the RADIUS side though.

rickfrey

Many of the RADIUS/ Billing solutions have this ability. How are you authenticating your users?

rickfrey

In your setup, would it be possible to bridge the two Ethernet ports so that you maintain one broadcast domain? That would solve the problem. If you need help with the multicast our company can help you with that.

rickfrey

Can you export your settings and post them?

rickfrey

RADIUS is going to have to fit in there some how. What exactly are you tying to connect to? That will help answer the question.

rickfrey

/ip hotspot
set number=0 idle-timeout=10m

rickfrey

Can you post your configuration settings?

rickfrey

Do you have loopbacks setup and are you trying to access the routers via the loopbacks?

rickfrey

You are going to have to be more specific. You really did not explain the setup at all.

rickfrey

I think you are going to have to post both sides to validate that. What version of Juniper are you using?

rickfrey

Can you post your configs?

rickfrey

Can you post your config?

rickfrey

2ghz-b-channels=2312:0,2317:0,2322:0,2327:0,2332:0,2337:0,2342:0,2347:0, 2352:0,2357:0,2362:0,2367:0,2372:0,2377:0,2382:0,2387:0,2392:0, 2397:0,2402:0,2407:0,2412:0,2417:0,2422:0,2427:0,2432:0,2437:0, 2442:0,2447:0,2452:0,2457:0,2462:0,2467:0,2472:0,2477:0,2482:0, 2487:0,2492:0,2497:0,2502:0,2507:0,...

rickfrey

I haven't tried those, but I have successfully used a Sierra MC8705 with ROS 6.9. It has a miniPCIe form factor, but it does work well after ROS 6.9.

rickfrey

Try this: http://wiki.mikrotik.com/wiki/Manual:PCC

rickfrey

Its possible, but it doesn't make a lot of sense. Why is the CMTS not talking directly to the RADIUS server? Many of the CTMS servers I have encountered did have a "bridge" mode. Have you contacted your vendor and asked them about it? PPPoE makes more sense in this case. I'd dig more into ...

rickfrey

That's not anything to worry about. Its not a unusually high number. The number below it is a little high... still you don't have any bad blocks and if you are not seeing strange problems, its probably not anything to worry about.

rickfrey

Are the devices that are calling into the PPPoE server UBNT devices?

rickfrey

What are the settings you are using now? Are you using the router just as a switch/ bridge? Are your firewall rules turned off?

rickfrey

If you post what you have, we can make suggestions on what you need to modify.

rickfrey

Because the RADIUS token had already been validated. You might want to try using scheduler to script this process.

rickfrey

Just out of curiosity, have you connected a few devices of other flavors besides UBNT to see if they behave that way? What are your PPP settings?

rickfrey

I am using the exact same router at a lot of locations and ROS 6.7 is what we currently run on most production units. We have never had this problem. However, I have had multiple RB900 series that needed a fresh OS install using netinstall. I don't know why, but that has cleared some of the bizarre ...

rickfrey

Yes, its possible. If you start out with the default config for that router, all you going to have to do is add each of the Public IP addresses to the router. Then in IP -> Firewall -> Nat you are going to create rules for each one. Here is how you set up 1:1 NAT: http://wiki.mikrotik.com/wiki/Manua...

rickfrey

Its generally accepted that you should not use VLAN tag 1 the same way you use other tags, so not that's not really broken. Have you tried maxing out the MTU?

rickfrey

Here are a couple of things to try. A) upgrade your ROS, B) if that is not an option, re-install the OS with netinstall, C) connect a serial terminal to it to log what is going on when it reboots. Chances are re installing the OS will fix that. Have you submitted the support file to MikroTik?

rickfrey

Can you post your NAT settings from both routers, please.

rickfrey

Not exactly, but... I know someone who did something that I was really impressed with. The white labeled the router and then they had a very simple program that ran on the customer's computer. It would go out and find the router and make all the changes to it. You could even save settings for that s...

rickfrey

Yes, it is.

rickfrey

I'm not sure what you're asking for. Are you asking how to do it or are you asking have any of us done it successfully? Yes, I have done it successfully. No, it does not work the way I would have thought it was going to work before I tried it. I highly recommend you play with PCC and understand it b...

rickfrey

You are going to have to use a VPN that calls home like PPtP. Then your IPSEC tunnel will get established between the private IP addresses of the 1st tunnel. You'll be able to get it to work that way, but you make have to adjust the MTUs depending on which tunnel combination you use.

rickfrey

That's really not a bad idea.

rickfrey

Can you be more specific about your problem, please? Can you post the config that you are current using?

rickfrey

I'm not quite sure what your specific scenario is, but many WISPs insist that the customer uses their MikroTik wireless router. Some even go so far as to call it a CPE or a modem of some sort. Having in an inexpensive RouterBoard there can be very advantageous. I'm assuming from what you wrote that ...

rickfrey

I've run into that problem also. You can try using scheduler to flush the cache periodically. That will help considerably. In some cases, we have had to offload DNS completely. I doesn't behave quite right with a large number of users.

rickfrey

Oustanding! Thank you for posting this!

rickfrey

That's a good idea, Payday, thanks!

rickfrey

So, if you turn your queues and firewall rules off does the CPU load go back down? Have you considered upgrading to another router? Running a hotspot on an RB-133 won't allow too many host anyway.

rickfrey

If the packets are being spoofed changing IP -> Settings RP Filter to "strict" will help also. You can read more about that here:
http://wiki.mikrotik.com/wiki/Manual:IP/Settings

rickfrey

Can you explain your question a little more, please?

rickfrey

Can you post your config?

rickfrey

Thank you for finding that for me

rickfrey

Awesome, thank you very much!

rickfrey

Anyway what do you think about this?
http://www.balticnetworks.com/ubtiktm-5 ... ennas.html

That would be a great choice

rickfrey

Give this a try:
http://wiki.mikrotik.com/wiki/Manual:PCC

rickfrey

We will need to know what the rest of the settings are to be able to help with this.

rickfrey

Have you tried the Dude? That is a great solution all around.

rickfrey

Not really. In both instances, you have to be on the same broadcast domain in order to receive the discovery packets.

rickfrey

Check out the section on IP4 handler, since that is the section that probably applies to your question.

http://wiki.mikrotik.com/wiki/Manual:Fast_Path

rickfrey

No, you really can do that, but what you can do is create a script that looks at the host names in the DHCP leases. That would allow to identify some things. You could use MAC addresses, but that would be a maintenance nightmare. Over all, I don't think you are going to be able to do it in a manner ...

rickfrey

Here is the MikroTik hardware compatibility list. There are some micro drives listed here:
http://wiki.mikrotik.com/index.php?titl ... mory_cards

rickfrey

Its really less complicated than that. All you really need to do is add two default gateways. One will have a higher distance than the other. Both will have Check gateway by ping enabled. Then you will also need two NAT rules. That will work perfectly and without any problems.

rickfrey

You can find more info on the VLANs and Trunking here:
http://wiki.mikrotik.com/wiki/Manual:Interface/VLAN

What you're trying to do is pretty simple. I'm sure that when you read through this wiki page it will make more sense to you. If not, feel free to ask more questions

rickfrey

Can you post your settings from both devices?

rickfrey

Directions for changing the settings for the log can be found here: http://wiki.mikrotik.com/wiki/Manual:System/Log Unfortunately, you can move the log to a USB device and that is documented here: http://wiki.mikrotik.com/wiki/Manual:Store You can move the log to a remote log server and you can use ...

rickfrey

No, the graphing feature will only graph certain specific parts of the host router.

rickfrey

There are a couple of different ways to do this. You can goto IP -> settings and disable the www (and www-ssl) section or specify a LAN address that it can be reached by. You can also create a firewall filter rule in the input chain that says drop anything on port 80. You can also turn the graphs of...

rickfrey

If you are also using the hotspot with the RADIUS you can do it this way. You will have to create that user a simple queue that is unlimited. Then create them a new profile in hotspot that is separate from everyone else's profile. In there profile you can tell it to use that new queue.

rickfrey

Can you export your system store list, please?

rickfrey

The bridge is now the master interface so you will change the NAT rule to read out-interface=bridge.

rickfrey

Goto IP -> Firewall -> Connections and click on the Tracking button. There you can change the values for how long it maintains a connection. You might lower those values incrementally until you find a set that work for your application. You might also read up on the IP -> Settings and verify/ adjust...

rickfrey

The PPPoE will hand out IP address within Pools and the Radius will handle that without a problem. Is that what you need help with? I don't understand why you want to do PPPoE and DHCP to the same client. Can you explain that a little better, please?

rickfrey

That product only have Windows drivers:

System Requirements Windows 7(32/64bits), Windows Vista(32/64bits), Windows XP(32/64bits), Windows 2000

If it doesn't show up as an interface, its probably not going to work at all.

rickfrey

Yes it is possible. You can use PCC, which will work ok, but is not with out problems. You can use ECMP or OSPF to make it behave like a single connection. You can also use BGP, but ECMP and PCC are probably your only realistic options.

rickfrey

No, it not normal for the PPPoE connection to constantly drop. That is something that you should troubleshoot. I didn't see anything in your config that really stood out as possibly being the culprit. You're ISP may be having problems. If you have a Windows computers, you can set it up as a PPPoE cl...

rickfrey

Both references point to your profile. You profile allows you to make "global" polices" for those instances. They are extremely useful when managing hundreds or thousands of connections. Most everything in the PPP section looks to the profile to see if those values are specified there...

rickfrey

That's an excellent idea! How well did it work for you? Would you mind posting your settings?

rickfrey

I really like that idea too!

rickfrey

When you figure it our, please let us know. I'm sure we are not the only ones that have seen that

rickfrey

Thank you for posting that

rickfrey

Thanks for the answer. Have you tried this yourself? I would like to learn more about it. For instance, would I be correct in assuming that the drivers should be compiled on Debian and then copied over? If anyone has done this, I would be very interested in learning more

rickfrey

The DFS mode was something that was insisted upon by people who could not even imagine what wireless networking was going to become. If you are legally able to turn it off, I would recommend turning it off at both the CPE and the AP. That will provide a much more stable link. BTW, you can keep the A...

rickfrey

Can you post your config?

rickfrey

I've run into that as well. I have suspected the LAN configuration (i.e. switching or bridging the LAN ports). I haven't noticed a consistent behavior yet. Do you have multiple LAN interfaces and if so, how are they set up? How do you have your NAT configured?

rickfrey

1) You should never copy a backup from one router to another. Some times that does appear to work OK, but it will always cause problems in the long run. The best way is use the export feature to copy settings back and forth. The backup file does copy MAC address and that can very problematic. You're...

rickfrey

Awesome, glad I could help

rickfrey

What Karina had to say is a very good point. From what you have said and looking at the pings, my first guess, assuming the hardware is good, is interference. Pings like that are very typical of interference, but Karina is right, you need to ping the AP and do a trace-route to verify where in the pa...

rickfrey

Those instructions won't really help for this. If you can provide a network drawing with IP addresses, it would be easy to walk you through this.

rickfrey

Is this related to your other post? The pic all by itself does't give anybody anything to work with. We would need to know what your configuration is to be able to help?

rickfrey

yes we no longer have a single cisco within the network anywhere, its a good feeling isnt it

lmao

rickfrey

To answer question#1 I prefer to create separate user accounts for each tunnel, just to solve that problem. Each router will be identified by its user account. That's really the easiest and best way I've found. As far as which tunnel to use, that depends on your needs, but I use OVPN when I have the...

rickfrey

Glad I could help!

rickfrey

Why do you have all of the "not" (!) symbols in the export? The rule looks correct except for the !, which shouldn't be there.

rickfrey

No, the code will not block any P2P, but it will block those that it can match. You will not be able to match and block the encrypted streams. As far as the dynamic hotspot queues, you are going to have to go into the user profiles and change the settings in there. That will allow you to get that tr...

rickfrey

I like that idea, but I would also want to have it scroll through multiple images.

rickfrey

Can you post a copy of your config, please?

rickfrey

I usually start out using pre-routing, while I'm building it (Just habit, I don't have a good reason for it.) Then you have to take a step back and see how that affects everything as a whole. Things like marking the priority are going to be in pre-routing, which you did. You handled the in and out c...

rickfrey

I don't know how to the ip-scan one, but with system resource print you can use the get command:

get value-name=xyz

rickfrey

Thanks

rickfrey

I don't believe so, but that would be a really useful feature!

rickfrey

Your network diagram looks great! :D Are you trying to share the bandwidth or use it solely for fail over? If you are wanting to "combine" them the easiest methods are ECMP, policy based routeing, and PCC. All have pros and cons. None of them will truly aggregate the bandwidth. There are M...

rickfrey

Try specifying the dst-address on the general tab for each rule. That will probably resolve the problem.

rickfrey

What device and ROS are you using?

rickfrey

Does your configuration look like this? /interface l2tp-client add add-default-route=yes connect-to=196.30.121.50 name=l2tp-out1 password=\ test profile=default user=test You can't add the DHCP-client directly to a L2TP clients. Just FYI, there are other similar services, which will allow you to con...

rickfrey

That could be very handy, thank you!

rickfrey

Actually.... if you use the API... you could script the RADIUS to dynamically create access lists. That way you could move the customer off of one AP and onto to another AP (a VAP with the same SSID, maybe hidden) that was pointed in the direction you want them to go. It wouldn't be 100% problem fre...

rickfrey

No, there is not a clean way to do that. At least, not that I know of. You could script both the RADIUS and Mikrotik, but the trade off would be service interruptions for the normal customers. You could create a Virtual AP that directed customers like that. Hope that helps

rickfrey

The metal is missing the default route. Add:

/ip route
add gateway=192.168.222.1

It should work once you do that.

rickfrey

That will work. Unless you have a specific requirement to use 2.4GHz, I would switch it over to 5GHz. You could use the groves for all of them and remove the RB-951 so that it can be 5GHz... ,but you may have other reasons for using the RB-951 as well.

rickfrey

Try two things; first remove the in-interface and second move that rule all the way to the top and let us know if that works. I would also, very highly, recommend upgrading to at least 6.7 if not 6.10. 6.1 was frequently buggy.

rickfrey

I noticed that the newer ROS version refer to a "firmware" folder (system -> ports -> Firmware). How is this used?

rickfrey

Your configuration is pretty typical if you are receiving a DHCP address from your ISP and NAT'ing that/ those addresses to the hosts on the LAN. That doesn't sound like it is what you are trying to do. Are you wanting to route the IP addresses to your hosts? Are you trying to bridge them to the host?

rickfrey

Just create a new scheduler instance and copy that text into the window. Replace the MAC address with the one you are going to use. Set it to run every 10 minutes or so and you should be all set. Unfortunately, I don't really know of a good tutorial that would cover this. The more you use the CLI th...

rickfrey

Please, post your config

rickfrey

If the hotspot is not re-directing that traffic correctly then there may be something wrong with the dynamic rules that get created. Look in the firewall, under NAT, and see if there are rules for port 80 and port 443. They should be dynamically created. Make sure that there are not any static NAT r...

rickfrey

Thank you for sharing that! Which cellular network is running on?

rickfrey

If I understand this correctly, all you have to do is add the IP address on the B/W MGMNT Server and then add a route to the BGP router. If the other subnet is already configured on the BGP router,then you will not have to make a change there. What type of device is the B/W MGMNT Server? Here is an ...

rickfrey

Can you post the rest of your settings? Just to clarify, the port scan is against the router?

rickfrey

Here is the link to the manual http://wiki.mikrotik.com/wiki/Manual:Interface/OVPN. There are also some examples on the Wiki and there is a ton of information in the forums.

rickfrey

I noticed you were using the MC8705. How well does it seem to work for you? I have recently begun testing one and I have had it up for 3 days without a problem, but it sounds like you are having the this problem often enough to warrant the script. Which ROS version are you using?

rickfrey

Can you post an example of what you are trying to do? When you say: i'm trying to do a source nat for a TOS number or connection or packet Are you suggesting that anyone of those three things can be the means to identify the traffic to be NAT'd? From the host, through the router, and out to the Inte...

rickfrey

Both cards are compatible within the 802.11a/b/g realm as well as with nstreme related protocols. They, of course, are not 802.11n compatible. There is a significant power difference between the two of them as well. Why don't you post the settings you are using for both cards?

rickfrey

Try running this in scheduler: ip proxy direct set numbers=0 src-address=[ /ip arp get value-name=address number=[find mac-address=00:08:5D:2D:Df:79 ]] You will have to create the web proxy rule by hand the first time, but after that this simple script will update the address for you as often as you...

rickfrey

What chain were you using? The rule should look like this:

 /ip firewall filter
add chain=forward src-address=(the IP you are trying to block) action=drop

If that doesn't work then will need to post the specifics of your configuration.

rickfrey

No problem

rickfrey

My pleasure

rickfrey

Thanks!

rickfrey

The PPPoE client settings look right and you said you were online, so they are probably fine. The firewall does not help you get online, but if you don't understand it can cause problems. Your firewall rules are pretty basic and they basically say protect the router and allow traffic that the LAN in...

rickfrey

You can determine what queue/ BW shaping option the hotspot uses in the User Profile.

rickfrey

Can you post your configs for both routers?

rickfrey

Yes, all of that can be done. It's a little involved because there are multiple pieces there, but its easy enough to do. A company like our's can help you do it, or if you want to do it on your own, I would suggest using GNS3 to model the whole scenario before you go live with it. The HA and load ba...

rickfrey

Can you post your configs?

rickfrey

Can you be a little more specific, please? The answer is going to be yes, but I need more info on what you are wanting to do to answer the "how" part.

rickfrey

Assuming, that you can handle the bridge and other peices, here is the queue piece. This will work on ROS 6.7:

/queue simple
add max-limit=10M/10M name=Example queue=pcq-upload-default/pcq-download-default target=10.0.0.0/24

rickfrey

In GNS3 0.8.6, using Virtulbox for the ROS portion, you will have to configure "Host Only Adapters." You do this through Virtualbox. First draw out what you want your setup to be. Then go into VB and for every set of connections you will have to create a Host Adapter by going to File -> Pr...

rickfrey

rickfrey

Neighbor is also available here http://www.mikrotik.com/download/neighbour.zip

rickfrey

If you check out ARIN and put "google" in the search, you'll see just how many IP addresses you would have to block/ match against in North America alone. If you are trying to match that traffic via Layer 7, its going to drive the CPU though the roof. Everything calls out to Google. It wou...

rickfrey

rickfrey

That can be caused by several different things, but its frequently a sign of a wireless card going out. IF ... nothing has changed and the problem just started all of the sudden... then I would try replacing the wireless device. Otherwise, why don't you try to get a packet capture of what is happeni...

rickfrey

Did you adjust the MTU values? Having the wrongs MTUs will cause the problem you are describing. Try pinging from one router to the next. Start with a Packet Size of 1500 and then work your way down until it starts pinging. If it won't ping at 1500, that's a dead giveaway.

rickfrey

No, problem, glad I could help

rickfrey

Hi James, You lost me with the bridge settings. There was not enough detail to understand how it fits in, but here is the answer to the NAT problem: LAN1 Subnet-----NAT--------------Tunnel--------------NAT-------LAN2 Subnet or or Subnet presented to other side Subnet presented to other side Dependin...

rickfrey

Yes, use the src and dst address lists

rickfrey

You can also enable the SMB Settings and redirect them to a local share.

rickfrey

When you enable the Webproxy, there will be a directory in the Files folder called "webproxy". The webpage "error.html" is editable. I created a very simple webpage as an example of one to replace it with, but this is just for proof of concept. The webpage that is attached here s...

rickfrey

Yes, create the PPPoE client. On the Advanced Tab check "use default router" and the change the distance to 2 or whatever you like. That will give you the same result as the example you cited. Don't forget that you need to NAT rules, one for each connection.

rickfrey

Use can use Netwatch and web-proxy on the CPE. That would be a pretty easy and lightweight solution. There are some great webpages on the Internet that have "Network Up/ Down" that you could use as a template.

rickfrey

I second that idea!

rickfrey

Goto System -> Logging and create a new rule. There is a web-proxy topic that you can choose.

rickfrey

Hi arbabnazar,
Which Routerboard/ type of device are you using? Most of my networks are currently using 5.26 and I have not seen that problem.

rickfrey

Can you post a copy of your config and the log files?

rickfrey

What is your RADIUS timeout value in the MikroTik? The default is 300ms, so you may want to change to some much higher.

rickfrey

It could be interference, but this sounds more like a configuration problem. If you are using Windows clients, or most any client for that matter, they should reconnect all by themselves even if there are frequent disruptions in their service. Can you post the settings you are using in the MikroTik ...

rickfrey

I'm not sure what your envisioning, but with Policy Based Routing, you use Mangle to identify and mark traffic. For example, you might identify the traffic based on IP Address List and mark the connection. The next rule would mark the packet and the third rule would make the routeing. Remember that ...

rickfrey

:) I hadn't really realized it until you asked the question, but I never really see the lights on any on the PCI to miniPCI boards that I have used. I'll leave that one alone so that I'm not giving you bad info. However, the low voltage comment brought to mind something that I had tried. At one poin...

rickfrey

That's hard to answer because Cisco doesn't have just one way to do IPSEC. All tunnels have some overhead and all tunnels have the potential to slow down a connection. IPSEC, as it relates to MikroTik, does perform differently on different Routerboards and with different RouterOS versions. We freque...

rickfrey

You're Welcome

rickfrey

You may need to downgrade the RouterOS version, get the Dude working, and then try to upgrade the RouterOS version. Sometimes, it just comes down to finding a the right combination of hardware and software for what you are trying to do. If 6.7 is not required for your project, go ahead and downgrade...

rickfrey

You really need professional consulting on this. This particular question is too open ended for the forum. How you distribute IP addresses has everything to do with how your network is designed. There are multiple ways to accomplish it, but no one will be able to answer it for this scenario without ...

rickfrey

You really need professional consulting on this. This particular question is too open ended for the forum. How you distribute IP addresses has everything to do with how your network is designed. There are multiple ways to accomplish it, but no one will be able to answer it for this scenario without ...

rickfrey

RouterOS changes the values to use the "k" Flags: X - disabled, I - invalid, D - dynamic 0 name="queue1" target-addresses=10.10.10.1/32 interface=all parent=none packet-marks="" direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=256k/320k...

rickfrey

You can use RADIUS to give them the same IP address each time. That will allow you to do the Policy Based Routing that your trying to do. You could also create a script to match the MAC address to the current IP address.

rickfrey

Your best bet will be IPSEC or IPSEC with IPIP or similar.

rickfrey

You are not currently able to extend the signal of a non-MikroTik AP with a MikroTik AP. The closest you can come to it to use to wireless cards.

rickfrey

The CM9 has been one of my favorite wireless cards of the years :-). If RouterOS is not seeing it, then you have one of four problems. One the CM9 is bad, two the RB-14 is bad, three the motherboard is bad, or four the software is bad. Try reinstalling RouterOS if you feel confident the card is good...

rickfrey

There have been a few times when I have been connecting a MikroTik router to a cable modem that I have had the same sort of experience. For no logical reason at all, it just wouldn't pull and address. There have been three things I have done to overcome this. This first was upgrading the software. S...

Search found 609 matches