MikroTik

JimmyNyholm

https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#IGMP_Snooping Reading Wiki and reading Questions here on the Forum. As there is no version setting for IGMP snooping I assume it's on IGMPv2? or is it IGMPv3? It can't be IGMPv1 still? As you se the Confusion is obvious and there is a ton of oth...

JimmyNyholm

Speculating here but: This sounds not so strange removing the queue will probably do (void, null) on all packages thats are currently in the cue. rendering lost packets for the affected flows and you depend on higher level protocols to recover. Is it the same effect if you pause a queue and then del...

JimmyNyholm

There is no problem in the current implementation but there is also not possible to list all users with "full - admin" access and check if the password is set or not.
This makes problems in the Auditing land.

JimmyNyholm

2018 Now any news here +1

JimmyNyholm

ICMP is a protocol that is needed in core routing.
You should not spend cpu resources on firewall rules for that....

ip settings set icmp-rate-limit=10

Or what ever limit is valid in your env.

JimmyNyholm

I like to put it this way: Internet is Asymentric end of discussion. A Router is only using forward lookup (not considering security features, only routing). In BGP you tell Internet how it may reach you. The full view of internet you got when you are multi homed is YOUR view on the internet as a wh...

JimmyNyholm

What is the status of this Issue. I have not seen (or possibly missed) anything in the change log's.... Can we wrap up 2017 with an update on where we stand?

JimmyNyholm

Go under MPLS and under Forwarding Table. You'll notice two counters for the same thing. One is Bytes and Packets, the other is Hw. Bytes and Packets. I believe that's where you'd look. Also *PLEASE* let me know of your results. I am very interested in seeing this. Here it Goes... YES! It show only...

JimmyNyholm

I have a lab with CRS317-1G-16S+ switches in core network as P routers. With L3 Only links routed within the IGP (OSPF). MPLS is enabled and LDP is distributing lables. Only real traffic entering the switch would be mpls not counting ospf that is cpu bound and probably LDP to but the datapath for re...

JimmyNyholm

Please send report to support@mikrotik.com explaining the problem you have and including supout.rif files This is funny !! Can you please explain, when Mikrotik will amend the CRS3xx releases, so that the supout.rif not gets written to volatile memory, but onto flash instead ? Because if the switch...

JimmyNyholm

dksoft, anuser, msatter, alexsolovyev, blackbox100, JimmyNyholm - Please send report to support@mikrotik.com explaining the problem you have and including supout.rif files rajo - Does the same issue appear if you set bridge mode back to "none"? panosla - Please note that RouterOS version ...

JimmyNyholm

Remember that you are incontrol of your own routing domain. Pick an IP from any rfc based internal adress and sinkhole it in your setups this way you may send all unwanted traffic there. And you may later on connect monitoring to get tripwire stuff in action reacting to stuff happening in your netwo...

JimmyNyholm

Thank you very much for responding. One more thing I'd like to clarify, any traffic originating from any of the downstream ASes destined towards AS111111 will have both the ASes in the AS path.. right? thank you, To answer that question please show setup. If you have two AS and if you do wish this ...

JimmyNyholm

Upgraded RB2011, hAP, wAP ac, cAP and a RB1100 without issues. But wondering if there is a new way of how I should handle bonding interfaces with vlans? Currently I have two bonding interfaces with two ethernet ports each. On each of the bonds I have severals vlans and the vlans are put on a separa...

JimmyNyholm

I Posted this question in the 41RC channel but I did not get an answer: Now Looking at the released version of 6.41 of RouterOS. if i set: /interface bridge port add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether1 pvid=64 And then look in the switch menu: The sett...

JimmyNyholm

How the conversion works when there are two switches in the device and both are in the common bridge? What if there are multiple switch groups within one switch differently bridged with other interfaces? I have thought of this to and if I may speculate: The new bridge per say will use hardware offl...

JimmyNyholm

CRS317-1G-16S+RM is powered by a next generation switching chip, giving you wire speed performance for all sixteen 10GbE ports with any Ethernet frame size. New features such as hardware-based Spanning Tree Protocol and Link Aggregation (LACP) provide enhanced protection and true professional perfo...

JimmyNyholm

I do understand but need to ask: Is this by current design in new bridge implementation? Or is it by, how you need to set up the tables in the switch chip? As in: Is it Possible but not implemented or is it a hardware limit and can't be done?

JimmyNyholm

Description: This could allow attacker(in your lan) to exhaust all available CPU and crash the kernel via a flood of ICMP packets with forged source IP addresses associated with the public Internet without fast connection. If you launch the exploit with local IP addresses, the router can handle the...

JimmyNyholm

In this new bridge implementation what is Actually correct. [admin@MikroTik] /interface ethernet switch port> print Flags: I - invalid # NAME SWITCH VLAN-MODE VLAN-HEADER DEFAULT-VLAN-ID INGRESS-RATE EGRESS-RATE 0 sfp-sfpplus2 switch1 secure leave-as-is 1 5.0Mbps 15.0Mbps 1 sfp-sfpplus3 switch1 secu...

JimmyNyholm

If you will use RouterOS MT's on both ends go with /32's and reuse the same lokal IP on all interfaces on one device. That way you have no IP spill at all.

In the interconnecting path to other brand then /30 nets to them is what is needed but in that path ONLY.... MT2MT use the powers of the OS.

JimmyNyholm

So i changed the rule to add action=discard bgp-as-path="^(6451[2-9]|645[2-9][0-9]|64[6-9][0-9]{2}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])_*" chain=XO_In Just a quick thought isn't the ^ in your regexp anchoring in the beginning of the string? use a $ at the end for searching at the end ...

JimmyNyholm

CRS317-1G-16S+ switch menu shows no ports is this normal?

JimmyNyholm

New bridge implementation need: Hardware LACP bonding. Hardware setting per port of learning mode for mac-adresses max number and what to do when max is reached and or port/device restarted. per port ingress and egress hardware rate limiting. dhcp snooping with guard arp snooping with guard Option t...

JimmyNyholm

Please add Metarouter
VM inside VM? Are you serious?

Servers have had hardware support for this for ages. It is actually not as bad as it first sounds, but as always it depends on the application.

JimmyNyholm

Hi I'm going out of my comfort zone here and need your help or advice. Having MT as CPE on customer that is out of blue using all avail bandwith (witch they should be able to do) renders protocols and management tools erradic to say the least. I thought I may ask what is your recommendation as to qu...

JimmyNyholm

When do we get LACP with Hardware offload in this new bridge implementation in routeros on switch devices such as CRS326-24G-2S+ and CRS-317-1G-16s+
Creating a bond and attaching it to the bride is done in software now and good know the cpu's in the switches is weak as hell.

JimmyNyholm

It works from command line interface, but the input field in Winbox is not fixed yet. It will be done soon.

Any chanse this comming to CRS317 but I want to set the limit to say 5 per port?

JimmyNyholm

12:48:39 script,info Interface to remove: *f00135 12:48:39 script,info Interface ID: *14;Interface ID: *15;Interface ID: *16;Interface ID: *1019E238 For what reasons command "find interface=$interface" returns all interfaces? What's wrong? My board is RB1100AHx2 and version is 6.40.3. I'm...

JimmyNyholm

But wait NO.... Don't get me wrong here. I'm all for doing stuff in asic/fpga instead of cpu... But providers doing NAT?! Please don't IPv4 space is scarce I know but: Please make IPV6 work so we may sooner then later shut down ipv4 and be gone with all nat that is breaking all kind of protocols. We...

JimmyNyholm

But Mikrotik changed something in ROS, because till version I could setup OSPF with: - network type: broadcast - network x.x.x.x/24 backbone But now I had to modify my configuration due to version over 6.40.0 as below: - network type: point-to-point - network x.x.x.x/32 backbone And the question is...

JimmyNyholm

Jimmy, I did /ip neighbor export on one that works and one that doesn't and they both show up as discovery=no? SO they appear to be the same there anyway. The interfaces that you need the router to be found on should not be in list as discovery=no. /ip neighbor discovery print will print you all in...

JimmyNyholm

And chains can point to chains in the matching process....

JimmyNyholm

What's new in 6.41rc50 (2017-Oct-30 10:13): *) radius - limited RADIUS timeout maximum value to 3 seconds; do not do this, our system on average 1~5 seconds to process the radius package please leave this field customizable +1 we are using OTP that validates a bit slow sometimes we want 10 seconds....

JimmyNyholm

Hello, thank you for using NordVPN service. OpenVPN will not be possible to set up due to technical reasons - our service does not use user certificate for the authentication. Nevertheless, it would be a shame if you could not use great features that we offer due to the setup issues. That is why we...

JimmyNyholm

I Could say that everyone so far have missed the real question. What do you want? IF you want traffic from both network should route with out any nat. (Then add routes, rules and make nat rules tighter so they only trigger on wan destined traffic and not ipsec tunnel traffic) IF you want an office i...

JimmyNyholm

ISAKMP Ike is Using udp500 to handle key setup (This is only needed if you use ike) NAT-T Traversal UDP Encapsulation is using UDP4500 (This is only needed if you need to support NAT) IPSEC can't function over NAT. Here UDP Encapsulated IPSEC packets may be used. Depending on what types of IPSEC you...

JimmyNyholm

see one of my upstream is ddos protected and the other one is not. i announce /23 to my primary upstream and announce 1x /24 to my ddos protected upstream(because i want one of my 24 will be ddos protected and the other one keep in primary uplink) but right now when i send test attack to my /24 i s...

JimmyNyholm

Hardware offload for Vlans using the bridge ports on CRS212 does not seem to work? /interface bridge add igmp-snooping=no name=bridge1 add igmp-snooping=no name=bridge2 /interface vlan add interface=sfp10 name=sfp10-vlan100 vlan-id=100 add interface=sfp10 name=sfp10-vlan101 vlan-id=101 /interface b...

JimmyNyholm

ok, working on it
horray..

thanks MikroTik.
but no promises! I'm just saying we will consider the possibilities

We Need Fiber Dense ie: 40 sfp and 4sfp+ line rate. Aggregate 40 1g fibers to 4 10g fibers. redundant psu's like CRS317-40S-4S+RM / Dualbooting routeros and switchos offcource.

JimmyNyholm

I have a dozen or so RB3011 routers in service and have GRE tunnels to each from our main location. But when I open Winbox there are a couple of routers that do not show up in my router list, either by MAC or IP address. As far as I can tell they are set up like all of the rest, but those two don't...

JimmyNyholm

Did the handling of default routes in OSPF change from 6.40.3 to 6.40.4?! We upgraded everything from 6.40.3 last night. All routes are distributed as Type 1, and with the devices in question, all links have the same default cost (10). But for some reason, after upgrading to 6.40.4, some of our rou...

JimmyNyholm

In RouterOS v6.41 everything QinQ related has to configured with bridge "vlan-filtering=no" using VLAN interfaces and their "use-service-tag" option.

And if one do that all qinq switching will get software switched or what?

JimmyNyholm

You can fix the 4-way handshake issue either at the client side or at the Access Point side. ... So it's good practice to also fix it at the AP side:-). Wrong!!! KRACK is a pure client-side attack. Patching AP will give you nothing. Worse!!! Patching AP will just give some people false sense of sec...

JimmyNyholm

MT will correct me if I'm wrong but there is what's in Version6 snmp taken from the wiki. MIBs used in RouterOS v6.x: MIKROTIK-MIB MIB-2 HOST-RESOURCES-MIB IF-MIB IP-MIB IP-FORWARD-MIB IPV6-MIB BRIDGE-MIB DHCP-SERVER-MIB CISCO-AAA-SESSION-MIB ENTITY-MIB UPS-MIB SQUID-MIB Don't See any bgp mib there ...

JimmyNyholm

HI
telnet button in webfig not work.

tools - telnet
and
http://192.168.88.1/webfig/#IP:Neighbors.Neighbors.1
button "telnet" and "MAC Telnet"

Are you running MAC with HighSierra? If so you do no longer have telnet on the computer. Brew can reinstall it if you realy need it.

JimmyNyholm

Thanks for fast and clear information.

JimmyNyholm

+1 Big Transit providers in Sweden Doe's it.

JimmyNyholm

There are some restrictions with bgp and ipv6 currently but please explain what you do/see. give config example. Give us as much info as possible and we can help you hammer out the problem.

JimmyNyholm

If you want to influence how other se you anounced routes: add prepends for example. If you want to influence how your own organisation elect between other means identical routes: use weight. Routing on the internet IS asymetric. You may only ASK of others how you want them to reach you but they are...

JimmyNyholm

That Depends. If features such as Bandstearing or BandBalancing and ChannelFly and other stuff is implemented to overcome bad clients with bad roaming in crowed space then I would say Same SSID. Without the mentioned features I would vote for Specific SSIDs for 2 and 5 Ghz. and at the same time vote...

JimmyNyholm

+1 This would be very welcome.

JimmyNyholm

And Fetch supports https already unless there is a specific thing you are referring to that it does not specifically do.

Ohh.. Thanks for pointing out. Is it in bugfix yet.... Yes it was... thanks again for pointing that out.

JimmyNyholm

In ROS this 6.41rc (38) branch with new bridge implementation with (H)ard ware flag. if I want to use switch chip's filter function. is this rules applied to (I want the Silicon Hardware ones...) /interface/bridge/filter or /interface/ethernet/switch/rule Am I right to believe that the switch menu w...

JimmyNyholm

Have you Started winbox trying to replace your config? What it says is that you have a nat all open no security wan outside lan inside with two more black networks behind another router on lan. The design is extremly simple to do, point and click in webb or using winbox gui even mt shell is nice if ...

JimmyNyholm

Overlapping require VRF. Vrf is not implemented totally in mt as of yet but depending on what you want to achieve it may be possible. Please Elaborate and ZeroByte and I can maybe help better answer the question.

JimmyNyholm

Is it me or how do I search for learned mac-addresses with this new bridge implementation. Host table is almost always empty but local mac's but everything works. This has been the same all this 41rc branch.... Is there a way to increase timeout on learning ( I have also asked for the option to disa...

JimmyNyholm

Add vlan 100 in the mt switch and tag only outside port and cpu. Now that 100 vlan will be sent to RouterOS with vlan id 100. Add vlan interface 100 to bridge1 in routeros add ppoe client on vlan 100 Set what ever L3 ip info and other stuff for lan side making MT L2 shining for the stuff you dont ca...

JimmyNyholm

Short I have not tested IT. The Wiki States on: ( https://wiki.mikrotik.com/wiki/Manual:RADIUS_Client ) "RouterOS has a RADIUS client which can authenticate for HotSpot, PPP, PPPoE, PPTP, L2TP and ISDN connections. The attributes received from RADIUS server override the ones set in the default ...

JimmyNyholm

I see your point but depending on infrastructure it would perhaps be less secure putting this in the DNS than for say a file on web or ftp server. Pros being DNS is redundant and caching by nature but this pro may even be a con, due to the fact that even though you would reach stuff through any kind...

JimmyNyholm

here you can find photos and a small post on the CRS326 and the marvell SOCs used in it. https://tikguy.wordpress.com/2017/08/17/meet-the-crs326-24g-2srm/ 802.1ae MACSec support – to provide effortless link level encryption And it would be nice if RouterOS actually implemented all the bells and whi...

JimmyNyholm

Hw. Offload After reboot I have this in log... hardware offloading activated on bridge "bridge1" ports: wlan1,ether2 hardware offloading activated on bridge "bridge1" ports: wlan1,ether3 But port wlan1 status is inactive and not Hw. Offload... Is is correct? Flags: X - disabled,...

JimmyNyholm

and set interface to p2p passive. Include ip in the networks tab verify ospf interface up. Done. Hi, for using loopback in ospf network should i use P2p network type ? I just add loopbackip to ospf network as backbone and its come automatically to ospf interface as dnymic passive. thanks The networ...

JimmyNyholm

The previous switch settings supported MAC learning limits: /interface ethernet switch port set ether6 learn-limit=1 set ether7 learn-limit=1 Is this feature still available with the new bridge implementation? Not as faar as I can se for the moment.. And while we speak of it would it be Possible to...

JimmyNyholm

An alfa to play in the lab would be most welcome.....

JimmyNyholm

and set interface to p2p passive.
Include ip in the networks tab
verify ospf interface up.

Done.

JimmyNyholm

And enable ospf logging if all else fails.

JimmyNyholm

Just to be on the safe side. Running CRS317-1G-16+ On the 6.41rc30 looking in switch menu there is no ports and no switch is that correct? The New implementation is doing "switchy stuff" in bridge section but should I make switch settings in switch section and does that work when Ros doesn...

JimmyNyholm

Hardware mpls offload look prommising.... think of the system as control plane / dataplane if you have slow cpu but some memory you can run protocols and get ldp running in the "control plane" but ingress and egress processing would be soly mpls label switching one will have to se what is ...

JimmyNyholm

I want to use RouterOS due to wanting to have one management experience. And using it as mpls lsr doing hardware routing/switching purly based on mpls tags. Backbone functionality such as igp and ldp (control plane stuff) would then be handled by the cpu but that should not be any problem as all dat...

JimmyNyholm

i've been asked to create a log server and save customers activity to it what type of software i need to get this job done i have to keep the activity based on specific ip address and by PPPOE username any help about such thing new to me is appreciated thx And just to say to get the jobb done if co...

JimmyNyholm

500MB is quit a big log file. I have some Mikrotiks, Windows server, Linux Server. IP Phone, some Axis camera, UPS and some other stystem. All i logged inn to Splunk. When install, you get full version for one month, to test all functions. After that you convert it to free lisenes. You only need to...

JimmyNyholm

The new ova should be right have not tested it. but with my earlier chr's it was a must to convert to scsi to get config written to disc survive reboots.

JimmyNyholm

Ports is empty in winbox and cli for the latest RC as well.

JimmyNyholm

I tried CCR1072-1G-8S +, 100% cpu with various continuous ppp disconnects, removed after 10 min For network instability Are you updating your igp or even worse egp with every pppoe connect/disconnect? If so this is where all your problem lie. filter out the samll ppp prefixes and just anounce a agg...

JimmyNyholm

What's new in 6.41rc26 (2017-Sep-07 13:26): *) crs317 - added initial support for HW offloaded MPLS forwarding; Is this gona be not bridged intefaces can hardware switch depending on label but ldp is running on ip so one would have to configure ip adresses and a routing protocol say ospf to get rou...

JimmyNyholm

JimmyNyholm - Did this happen when you used 6.41rc28? Yes! admin@MikroTik] > system package print Flags: X - disabled # NAME VERSION SCHEDULED 0 routeros-arm 6.41rc28 1 system 6.41rc28 2 X ipv6 6.41rc28 3 X wireless 6.41rc28 4 X hotspot 6.41rc28 5 X dhcp 6.41rc28 6 mpls 6.41rc28 7 routing 6.41rc28 ...

JimmyNyholm

Got my first Batch of CRS317-1G-16S+ 's unpacking the first and trying out this test version. Connected Copper (1g) and startet winbox clearing conf. Looking around and tried to change l2mtu. /interface ethernet set l2mtu=10000 numbers=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 Boom ether1 stoped working (...

JimmyNyholm

Passthrough is not currently supported on SXT LTE and we do not have plans to implement such functionality in near future.

Thanks for the elaboration.

Looking at the SXT LTE device it is the perfect fit for this function. We will buy many more of these units when this is available.

JimmyNyholm

Could be that question was asked how to set their own OSPFv3 filter chains, and answer was that such feature is not implemented. Yes. That was the question. The answer was right one, that is not what is in question. But a proper response would have been something like (ie: not holding back vital in...

JimmyNyholm

is there any news about SXT LTE? Your question was already answered! Unfortunately, currently SXT LTE does not support passthrough mode. Normis could you Elaborate. Your answer and Wiki is ambiguous: Saying It's not supported and it can not be done due to hardware limitations. OR It is currently no...

JimmyNyholm

OSPFv3 routes can be fildered in default OSPF chains. However you cannot change to different chains as it is in OSPFv2. Ohh MRZ! This is new to me as when I asked its not implemented at all. What you now say if i use the default ospf chain (even though i can't point to it in the instance) it will b...

JimmyNyholm

We are told that ospfv3 filtering is not to be expected before V7.

Any news on this MT? Is the V7 plan the definitive answer or whats is hindering you fixing filtering for ospv3 deamon?

JimmyNyholm

Hi. RR's need not to be in data path (most often aren't) so please consider your own setup before fiddeling with above statement. ahem, the nexthop delivered by RRs was not implying the nexthop in fact is the RR, in fact the nexthop is usually the IP set by "next-hop self" (or similar) by...

JimmyNyholm

Hi. RR's need not to be in data path (most often aren't) so please consider your own setup before fiddeling with above statement.

@Mikrotik please fix IPV6 it is 2017 after all and Ipv4 is getting more and more expensive.

JimmyNyholm

Is it me or do we miss MTU Settings?
You´re looking for an option to allow "jumbo frames", i.e. set a higher value for MTU?

Yes thats correct...

JimmyNyholm

Unfortunately, currently SXT LTE does not support passthrough mode. irghost - What is the question about SXT LTE? Are you referring to Passthrough support? if you do, then take a look at this list: https://wiki.mikrotik.com/wiki/Supported_Hardware#4G_LTE_cards_and_modems Is there a plan for this or...

JimmyNyholm

Just create a S vlan on the fiber link
create a bridge add the reciving ethernet port and the svlan as port to bridge.
Done:

untaged and taged ethernet packets will get extra stag over the fiber.

JimmyNyholm

Thanks for the swift respons. I was fault in my belefs that the smtp was open for relay.
Enable log category made that one clear. And made me painfully aware of what i should have looked at in the first place.

Thanks Again.

JimmyNyholm

Is it me or is something broken. tool email send complains about to adress not valid (i've written our noc addres with and without " with and whouth <> its an ordinary something@somewhere.se whats the problem with that. Searching in the Logs at the smtp server tells me that the MT has not even...

JimmyNyholm

Is it me or is something broken. tool email send complains about to adress not valid (i've written our noc addres with and without " with and whouth <> its an ordinary something@somewhere.se whats the problem with that. Searching in the Logs at the smtp server tells me that the MT has not even ...

JimmyNyholm

I've seen it to but then again the other side is passive. if the syn packet get lost then the process is stuck it's not obeying syn timeout and resetting itself and trying again.

JimmyNyholm

Still no info about CRS328-24P-4S+RM... Looks like we have to keep patient. :o Or what about CRS328-48S-4S+RM Need More Fiber ports with decent ratio on uplink. 1:1 as in 10s-1s+ is good but it's to expensive per port and takes up to much space with to little work done. 1U is expensive in telecom c...

JimmyNyholm

Hi this is just my gues: 1. You begin your post saying we went from bridge to routed ospf fine: (That is L2 -> L3) 2. Ospf changes traffic source ip's? No tis is not possible for ospf to do it is a routing protocol talking to other routers modifying the local routers routing table. My Conclusion the...

JimmyNyholm

The routes that are recieved will be announced to an Ibgp peer (requiring full mesh of all ibgp routers). Only active will be anounced from i ibgp route reflect perspective when using RR. the ebgp perspective is controlled by the networks statments in the bgp instance. Syncronice controlling that ne...

JimmyNyholm

+1 Any day now....

JimmyNyholm

JimmyNyholm, a Cisco trunk port will pass both tagged or untagged traffic depending on the allowed VLAN list assigned to the trunk port (by default all VLANs are allowed). This is the "hybrid" behavior you're describing. Leaving the native VLAN routable on trunks is what exposes people to...

JimmyNyholm

The short answer: You can't! But here it goes once more. Internet routing is asyncronus. BGP is the protocol to tell others how to reach you (Announcements) and others to tell you how to reach them. the soup is called your point of view of the internet and the other ones point of view of the interne...

JimmyNyholm

+100 RFC's are set, others have it implemented other isp's and transits are providing it we need this to stay on the target with the industry. First support for the new nlri to validate, accept and forward them. Then ability to form rules and actually act and influence traffic flow. But that can com...

JimmyNyholm

joanllopart - I'm not sure about Cacti, but in RouterOS - graph is made from 5 min average data rate. What is polling interval in your Dude graph ? We imported from 4.0beta3 where graphs has been working fine. I noticed issues with graphs maybe at 6.38. Now graphs ara wrong, specially when they are...

JimmyNyholm

Vlan is Hard to understand IF you used HP as they use the term tag/untagged (Their Ports are all hybrid and can't be trunk or access from the cisco perpspective.) AccessPort = A port that is only accepting untaged frames on ingress and only output untaged frames on egress. All other frametypes is si...

JimmyNyholm

Is it me or do we miss MTU Settings?

JimmyNyholm

Sure 16s+ is about to be released But I was asking for 1Gbit not 10Gbit with standard oversubscription levels 24 -> 20 One 16s+ switch could aggregate 4 24s switches (if we had one) and still have ports available to core connection without inducing Oversubscription in the aggregation layer. I need M...

JimmyNyholm

All routes learned will be installed. If they are used is a mater of best path evaluation.

instance settings will let you influence all metrics and such but I'm afraid this is a whole other horse read up on OSPF and BGP then will we all be happy to discuss Mikrotik implementation of such.

JimmyNyholm

Ugly but: Shouldn't an export to an ospf instance of just the other as routes and then importing them making them IGP originated be sufficent? Just a thougt test in a lab before doing bad stuff in production.

JimmyNyholm

My bgp is working correctly it works perfect. Then it comes down to that probably should split your /20 announcement down to /21's and /22,s and /23's and /24's just to be prepaired for avoiding ddos attacks and such.. That being said create the RR if your now a lir ask your lir to do it. ask your ...

JimmyNyholm

My bgp is working correctly it works perfect. My issue is that if Core 1, 2, and 3, are all online but I loose connection to core 3 from my other two cores. Core 3 continues to announcing its /20 network out to the internet, this it the same /20 that the other cores announce, so inbound traffic hit...

JimmyNyholm

With out all the questions about: Have you checked this is your peer that.... This is what BGP is. BGP is not a millisecond failover protocol. BGP is a self repairing system for inter as communication. Probably it is the HOLD timer on your peers that making them beleve that you are still there. In a...

JimmyNyholm

I would love to se some hardware L2 encryption when: 1. talking to other mikrotik devices (should be simple clickbox and transparent to all other protocols) but ensures no ears dropping on that link. 2. MacSec implementation for inter brand taks. I think this would be a given extension after we have...

JimmyNyholm

+1.
And by all means make ip-changes and dns updates be reflected into peers and other ipsec related stuff.

JimmyNyholm

Do your carrier, witch you say is the same for both sites, have a looking glass? If so use that to verify that it actually got the two but it's not a good path. so it wont be told to their peer's and upstream as the carrier is only telling it's best view of internet to others. The information in thi...

JimmyNyholm

Why not just trash the segment for the three routers. make direct connect from R1-R2, R1-R3, R2-R3 building the triangle. OSPF will then work and behave good. All MT's sure then you may use /31 or /32 's as well. no IP wasting. The segment between is most of the time just a weak link for something t...

JimmyNyholm

I gather that you want to give the transit customer a view of internet and only tell one of your transit providers that the transit customer is reachable through you. If so then: Take the learned routes from your transit customer append them with a community that you staple only transit type A and t...

JimmyNyholm

Hi tik guys. As an ISP and knowing that you aim your products at ISP market. I'm baffled to se all new shiny things come out with copper ports? Who is buildning with copper now days. Please make CRS326-24S-2S+RM for us at a lower price due to not having to supply any interface. We can then populate ...

JimmyNyholm

ISP's all over the world should implement BCP38. We are trying but Mikrotik is hindering us with non working uprf in vrf scenarios. Mikrotik Please You are actually making the internet less secure and prone to spoof by lagging behind...... But then again. All should at least do what they can, where...

JimmyNyholm

I'm happy to introduce the missing support for syntax highlighting and completions in the Sublime Text editor.

Just tried it.... Sweet exactly what the doctor ordered....

Thanks!

JimmyNyholm

Routing filter add your filter to ospf-out or what ever filter list you have selected on the ospf instance. The best is not to import just add networks and set the interfaces to passive. If the routes are next hops that wont work and you will need to edit ospf instance and select redistribute static...

JimmyNyholm

Let's not forget that QSFP and QSFP28 both support breakout or fanout cables. And Dont forget: QSFP28 can do: 1-4 x 10 1-4 x 25 1-2 x 50 1 x 100 SFP28 can do: 1 x 10 1 x 25 QSFP+ can do: 1-4 x 10 1 x 40 SFP+ can do: 1 x 10 1 x 1 All speeds and breakout combinations should be supported on all the po...

JimmyNyholm

One must also ask: Source Media and Destination Media 20Mbyte per second (200Mbit) is about what your average 2" spinning harddrive does after all buffers have been depleted. Allways test network with memory transfers so you test the real performance.

JimmyNyholm

!) bridge - fixed BPDU rx/tx when protocol-mode=none

Fixed as in now we do forward all bpdu's transparrently or now we eat all transparrently What is done exactly?
Need to know so we may plan for the changed behaviour.

JimmyNyholm

+1 Summarized status updates at given intervall is considered good Customer Relations.

JimmyNyholm

both 3.8 and 3.9 do random crashes on win10 x64 home and 100% crash at exiting(instead of correctly closing session). 3.7(and earlier versions) works just fine.

On WIndows Server 2012R2 as well

JimmyNyholm

NAT64 and the companion function of DNS64 is the realizer for us that want to move to the no more nat land. Only 6 Native clients able to talk to all 6 and the small old 4 for these petty sites and services not yet migrated. A Hell Yeah Big +1 from me. I saw the other threads and thought o my good t...

JimmyNyholm

I'm getting the MIC Failures on several of my clients. Interference isn't an issue on one of them and their signal is -50, ccq is around 99. Client is conecting to a RB112/CM9 using a laptop. Two other customers are using Tranzeo CPE 90's. They connect fine....then out of the blue I see those MIC f...

JimmyNyholm

Hi Mikrotik. Please add PAP support to the radius client at login. It uses chap and is not settable if I read manual correctly. Why some of you may ask? Is'nt chap more secure? Yes but my cents is that I am even more secure and using one time passwords and Hence there is nothing to know beforehand t...

JimmyNyholm

*) interface - changed loopback interface mtu to 1500; There is no Loopback interface added. If you need loopback interface simply create bridge and do not add any ports to it. (MTU of 1500 is for that empty bridge used as loopback). This is well known to all of us this is why we are asking this qu...

JimmyNyholm

Hello!

Sorry, what mean
*) interface - changed loopback interface mtu to 1500;
? There is special loopback interface now? Can't find it.

Regards,
Boris

+1 What does it say? Do we have Loopback Interface Now? Cant seem to find either in winbox nor in cli.

JimmyNyholm

edit: I was wrong, Mikrotik does support LACP/802.3ad I'm sorry :( ;-) Right. I would not be a customer if they had not supported LACP. On the plus side is that they even have minimum link property for channel up state. I bought the 1036 before 1072 was out and I only use the two sfp+ ports LACP bu...

JimmyNyholm

patrick7 - Bonding in past reported 2Gbps always. It did not matter if bonding had 2,3,4,5, etc. slave interfaces. Now it will simply report single link speed: *) snmp - always report bonding speed as speed from first bonding slave; For LACP that is Totally Wrong. In protocol less bonding this may ...

JimmyNyholm

Currently you can't, such feature is not implemented.

Care to develop that answer?
"Currently you can't": OK When? Is it planned? What Version will we See it Implemented?

JimmyNyholm

Now there needs to be something like a CRS317-1G-10X-6S+IN ac. Maybe better CRS317-1G-12X-4S+IN ac. Personally I don't se the benefit of coper ports. The benefit of sfp ports is that it should be cheaper to manufacture because no interface needs to be attached. Then you choose what you want and the...

JimmyNyholm

- new CRS317 with 16 x SFP+ ports, coming Q2/17 This completes CRS family :D The new CRS with 16 10G will be a very nice start if price/features equals upp. I would then say that this begins the CRS Family. Now we can go forward and do QSFP, QSFP28 (40G (4*10), 100G,50G,25G (4*25G,2*50G)) Moving up...

JimmyNyholm

Hundred versions and five years later no fix. This year ends with Mikrotik Promising to fix this issue that lasted over 2 major versions in the 3 major that they are eagerly denying has officially been presented as of yet. No internal Alfa exists hence no external Beta exist and no Product with vers...

JimmyNyholm

Hi I was baffled to se that routefilters is not implementet in OSPFv3. I can put in ipv6 records in my filterlists but not use them in the process is this a joke or am I missing something obvious. The wiki has not a peep on v3 and yet it has been there as long as I have used mt. Please explain to me...

JimmyNyholm

Found a bug a think. Had working bridged ethernet over ip (eoip) with ipsec enabled. Upgrading to 6.37 current phase 1 fail against 6.34.6 upgrading to 6.37RC42 same result downgrading again to 6.34.6 Works again. Secret is defined on the tunnel interface so its using the "auto ipsec" feat...

JimmyNyholm

*) wireless - "wireless-cm2" discontinued, uninstall it before update; As before: Uninstall Error - can not uninstall bundled package (6) I will try disable and upgrade.... Works. Disable, reboot, upgrade. Please do not write uninstall when that is not possible. or be more specific disabl...

JimmyNyholm

*) wireless - "wireless-cm2" discontinued, uninstall it before update;

As before: Uninstall Error - can not uninstall bundled package (6)

I will try disable and upgrade....

JimmyNyholm

ok, working on it horray.. :D thanks MikroTik. but no promises! I'm just saying we will consider the possibilities Redundant Power supplys and SFP's 1:1 ie 20 spf and 2 sfp+ or 40 sfp and 4 sfp+ we have 10sfp + 1sfp+ but we need bigger of the same so save space in closet. and offcourse redundant (p...

JimmyNyholm

I understand the request and it is a good one, but just wanted to note, that you can already configure access list to disconnect client with bad signal, and the client will then reconnect to the nearest AP If you actually understand the request: why do you sugest using the braindead (drop the clien...

JimmyNyholm

The symptom is due to one of your switches is to old and cheap. It doesn't handle mac / vlan / table and thus can't have multi homed connections like that. 1. use proper gear with modern mac table / vlan 2. use only one connection and trunk in between of capable and incapable devices. You may create...

JimmyNyholm

You may be able to accomplish what you want by using GRE or L2TP with hooks to IPSec available in those services. No I can't becaus if I specify crypto on tunnel interface then routeros complaint and localendpoint must be specified. This is truely unintuitive. I do understand that it is because of ...

JimmyNyholm

*) tunnel - added option to auto detect tunnel local-address; Can't Seem to find it? Does it solve changing ip in conjuction of auto ipsec aswell? Otherwise please ad that. Bump... No Comment. Neither Winbox 3.4 nor the CLI is displaying anything on any tunnel interface about this feature. What is ...

JimmyNyholm

*) tunnel - added option to auto detect tunnel local-address; Can't Seem to find it? Does it solve changing ip in conjuction of auto ipsec aswell? Otherwise please ad that. Bump... No Comment. Neither Winbox 3.4 nor the CLI is displaying anything on any tunnel interface about this feature. What is ...

JimmyNyholm

*) tunnel - added option to auto detect tunnel local-address;

Can't Seem to find it?
Does it solve changing ip in conjuction of auto ipsec aswell? Otherwise please ad that.

JimmyNyholm

My 2 Cents is that V7 is a Unicorn. If one read the forum and all that V7 will fix.... Good Dam... No company in history has ever managed to release such a big overhaul. IkeV2 is the new standard in almost all communications between organisations. We NEEEEEEEEEEEEEEEEED it. If not in the V6 branch t...

JimmyNyholm

Nice!!!

How often is updated?
My question exactly

The Only viable sullution should be the TTL and Refresh values specified on each individual record but then again a confirmation on that one would be very much apprechiated as the wiki seldom states new features until very much later.

JimmyNyholm

If you are talking about not disabling wireless package, then you can not upgrade until you have removed it. From which version did you upgrade? As we were telling in previous topics about other versions, there was a problem with upgrade but it is not an issue of 6.36rc. It was a problem with old v...

JimmyNyholm

OK So I'm an idiot. Not Reading and just upgrading. What happens if I didn't disable the package?
I have one mAPLite upgraded and now it just boot loops. How do I apply a firmware reset on the unit?

Search found 248 matches