MikroTik

kirshteins

Do you have any VLAN port in bridge without MAC address?

kirshteins

Please send this report to support@mikrotik.com along with supout.rif file from this router http://wiki.mikrotik.com/wiki/Manual:Su ... utput_File

kirshteins

These features are described in RouterOS manual:
http://wiki.mikrotik.com/wiki/Connection_tracking
http://wiki.mikrotik.com/wiki/Manual:IP ... onnections

kirshteins

Can anyone do a test with 2.28? http://www.mikrotik.com/download/share/ar7100_2_28.fwf

kirshteins

Adding action=log increases the options. You can use custom chain if you need to log and drop different kinds of traffic. For example, add chain "log and drop" that logs and drops all traffic that is processed through it. /ip firewall filter add chain="log and drop" action=log ad...

kirshteins

Yes, that is correct.

kirshteins

Make log rule (action=log) with same conditions as drop rule and place it before the drop rule.

kirshteins

v5RC10 mipsbe: having an IP on a loopback interface (a bridge interface with no ports) router thinks it has to forward ICMP traffic to its loopback interface so it decrements the TTL once redundantly leading to a traceroute that looks like there is a route loop. Is this problem repeatable in older ...

kirshteins

4.17:
fixed RB1100 ether11,12,13 and RB800 ether3 resetting problem;
Is this gonna be fixed in 5rc11 as well?

Yes, it will be fixed in 5.0rc11 as well.

kirshteins

Please generate and send supout.rif file to support@mikrotik.com together with report of this problem.
http://wiki.mikrotik.com/wiki/Manual:Su ... utput_File

kirshteins

Follow this guide:
http://wiki.mikrotik.com/wiki/Manual:Upgrading_RouterOS

kirshteins

Please upgrade and test with latest v4.17:

What's new in 4.17 (2011-Mar-02 10:53):
*) fixed RB1100 ether11,12,13 and RB800 ether3 resetting problem;

kirshteins

Please describe or draw network topology diagram. What RouterOS version is it? Do you have any mangle action=mark-packet rules? Is there a masquerade NAT configured on this router?

kirshteins

Unfortunately it is not possible to install SwOS on RB750G.

kirshteins

..It doesn't happen everytime..

How often does it happen? I manage to reproduce it roughly once out of 15 tries.

kirshteins

Check out this guide: http://wiki.mikrotik.com/wiki/How_to_Bl ... sing_Proxy
You can specify src-address or src-address range for each access rule.

kirshteins

Test with skipping this part:

ip firewall service-port set pptp ports="1723"

kirshteins

Flag "i" shows its invalid. Unset ports and try again

/ip firewall service-port set pptp ports=""

kirshteins

Most probably NAT breaks PPTP. Make sure PPTP NAT helper is enabled

/ip firewall service-port enable pptp

kirshteins

This presentation guides you through QoS and traffic priorities using RouterOS: PDF sildes, Video

kirshteins

my configuration is very simple, i have bridge interface, pppoe server and thats all

Can you try to disable bridge/-s and PPPoE server/-s on by one and check whether you can reproduce this problem? I tested configuration you described with RB450G v4.16/2.29 and reboot is successful.

kirshteins

Just to test it I turned off auto negotiation on one port of a RB750G and fixed it to 100 Mbps full duplex. The other side was a PC 1Gbps card with auto negotiation enabled. I got dramatic drop of actual data transfer speed from 70 Mbps to about 0.5 Mbps.

Please check the link about duplex mismatch.

kirshteins

Yeah, I found the same thing. But only mangle rules that affect ether 11-13. And it SEEMS only mangle rules that have a queue acting on them.

This problem will be fixed in next release of RouterOS v4.x and v5.x. Thank you for the input.

kirshteins

i have one rb1100 with the same problem

if i trigger a system reboot command, the routerboard never came back again. only if i took the power off and on.

no console messages.

Please send supout.rif file to support@mikrotik.com.

kirshteins

Here is an example: http://wiki.mikrotik.com/wiki/SwOS/Router-On-A-Stick

kirshteins

You can use script and scheduler for this task. Please check out 2nd example at http://wiki.mikrotik.com/wiki/Manual:System/Scheduler.

kirshteins

Can anyone post console output after reboot command as requested by sergejs?

kirshteins

I have routerboard 450g and problem with opening facebook and youtube. Its seems like a firewall blocks it. I checked options in ip- firewall sections, but I dont see any blocked url. I am beginner You can try to reset configuration /system reset-configuration and reapply necessary configuration. A...

kirshteins

Is this problem actual with auto-negotiation enabled on both ends? Please make sure that this is not the case of http://en.wikipedia.org/wiki/Duplex_mismatch.

kirshteins

Please generate and send supout.rif file to support@mikrotik.com.

http://wiki.mikrotik.com/wiki/Manual:Su ... utput_File

kirshteins

Please describe powering of those Routerboards. Can you reproduce this problem using default configuration?

kirshteins

http://wiki.mikrotik.com/wiki/Scripting
http://wiki.mikrotik.com/wiki/Manual:System/Scheduler

kirshteins

Hello. I am a beginner. Can you please explain me how to configure RouterBOARD 750 for work with vlan like this: vlan4, vlan5 ==> [ether1] [ether2] [ether3] [ether4] == vlan4 ==> computer [ether5] == vlan5 ==> another computer Please give more detailed description of your configuration. What is the...

kirshteins

It seems problem is in v3.30. WOL in v4.x, v5.x works fine.

kirshteins

Try /ip firewall address-list add address=66.220.144.0/20 disabled=no list=facebook_ip_addresses add address=69.63.176.0/20 disabled=no list=facebook_ip_addresses add address=204.15.20.0/22 disabled=no list=facebook_ip_addresses /ip firewall filter add action=drop chain=forward disabled=no dst-addre...

kirshteins

Does the target device support this feature? Is target device on same the LAN segment?

kirshteins

I have this question as well.... it seems I lose visibility on the ports when I bridge. I have no graphs any more to show how much traffic is going through them. Is there a work around for this? Please clarify whether you use bridging or switching. It is normal that only master-port of a switching ...

kirshteins

How long cable are you using? Does 10M device support auto-negotiation and full-duplex transmission?

kirshteins

Only RB450G supports switch-all-port=yes/no feature.

kirshteins

Check out this guide: http://wiki.mikrotik.com/wiki/Manual:First_time_startup

kirshteins

What type and how long cable are you using? Is it 10Mbps full or half duplex?

kirshteins

This bug will be fixed. Thanks.

kirshteins

Chain=output will only affect traffic issued from the router, not a traffic going through the router.

kirshteins

Try blocking 443/TCP to the
66.220.144.0-66.220.159.255
69.63.176.0-69.63.191.255
204.15.20.0-204.15.23.255

IP addresses

Have you tested?

kirshteins

Problem with RB1100 crashing/freeze after link down on ether11-ether13 is fixed in v5.0rc9. Please upgrade.

kirshteins

Not exactly "routed". WDS works similar as network of interconnected ethernet switches - host table is used to determine egress ports and RSTP can block ports (according to its topology) to prevent switch loops.

kirshteins

The purpose of WDS is to interconnect APs without a need of a additional backbone. "all packets to all interfaces" can cause serious bridge loops when packets are broadcast. Spanning tree protocol is there to prevent them.

kirshteins

Try setting protocol-mode=rstp on WDS bridges if it is not already set.

kirshteins

Try blocking 443/TCP to the

66.220.144.0-66.220.159.255
69.63.176.0-69.63.191.255
204.15.20.0-204.15.23.255

IP addresses

kirshteins

Thank you very much for your reports. This bug will be fixed in next release of RouterOS.

kirshteins

Unfortunately current RouterOS RSTP implementation is not compatible with MSTP.

kirshteins

Are VLAN interfaces put on bridge interfaces or are they one of the bridge ports? Have you tested without any VLAN configuration on Routerbords?

kirshteins

1. I assume that traffic coming in on one of those ports and bound for a host on another of that switch's ports doesn't go all the way up to the bridge, it just goes through the switch and out the correct port, and won't impact the system CPU performance, is this correct? No, bridged traffic will m...

kirshteins

Routerboards do not have support to be WOL destination devices.

kirshteins

Do you have arp=disabled on that interface clients connect to?

kirshteins

That, most probably, is the cause of two bridge buttons appearing.

kirshteins

mikrotik vlans are competibale with linksys or cisco?

Yes, compatible with IEEE 802.1Q

kirshteins

Do you have stpbridge-legacy-3.30.npk package installed?

kirshteins

add action=dst-nat chain=dstnat comment="HTTP Server" disabled=no \ dst-address=83.141.117.106 dst-port=80 in-interface="IBB DSL WAN" \ protocol=tcp to-addresses=172.29.1.11 to-ports=80 It seems in-interface="IBB DSL WAN" is causing this problem. Http requests from LAN...

kirshteins

Try setting:

/interface bridge settings set use-ip-firewall=yes

kirshteins

What type and how much traffic is going through? What devices are connected to each interface? Are you using standard 12V/0.5A power supply? Also, please, send supout.rif file to support@mikrotik.com

kirshteins

Yes, green light shows that link speed is 1Gbps. Only orange light glowing means link speed is 10/100Mbps. Orange light shows network activity.

kirshteins

Hello, I wonder if all 5 ports are equally configurable on a RB750? I have a feeling that ether5 has some problems (5.0rc7) as PPPoE is configurable but does not work as well as ether5 can not act as local master nor as a DHCP server port. The same configuration on ether3 works perfect. Regards, Z ...

kirshteins

Only ether2-ether5 can be switched on RB750.

kirshteins

Specifying an interface is a must for ARP-ping.

kirshteins

Yes, all RB493G ethernet interfaces can be used as standalone ports. What exactly is not working with all interfaces except ether2 and ether6? Are speed/act LEDs glowing?

kirshteins

Please generate and send supout.rif or autosupout.rif file to support@mikrotik.com
http://wiki.mikrotik.com/wiki/Manual:Su ... utput_File

kirshteins

To clarify you need to select FW file and press upgrade to downgrade. Have you tested with another PC?

kirshteins

What exactly happens when you try to reboot switch? What is your network topology between switch and management device? Reboot is working perfectly fine for me.

kirshteins

This is v1.2 problem not v1.4 problem. Try upgrading from different PC/OS/browser.

kirshteins

Is it possible for SwOS to be easily modified for the next release so that we would access the web interface regardless of vlan tags and vlan settings? :) We will check what can be done about it. I agree than it can be very confusing when VLAN Header "add if missing" or "always strip...

kirshteins

If you specify Allow From VLAN make sure VLAN Mode is not disabled on ingress port. Then you should be able to connect to port2 or port3 using VLAN 16 tag.

kirshteins

Port4 removes VLAN header on egress. That is why you cannot connect with VLAN tagged frames.

kirshteins

need your assistance please.... to be able to remotely access the SWos

Which port are you trying to access through? Make sure IP address you are trying to connect from is in Allow From range.

kirshteins

What's new in 1.4:

*) added ability to limit access by VLAN;
*) added ability to disable Mikrotik Discovery Protocol;
*) fixed problem - connecting to SwOS over VLAN did not work;
*) fixed problem - switch sometimes stopped responding;

http://www.mikrotik.com/download.html

kirshteins

After loosing hundred hairs, I made it work, but not like I was doing it, instead of doing normal ip/firewall/filter bridge rules I did the same filtering but matching the traffic with mangle, I use mangle rules with the in-bridge-port/out-bridge-port option. Can somebody explain this? why is not w...

kirshteins

It means when a eth frame comes in port x , when it gets out port y it should have a vlan tag added. X is "access" port and y us a "trunk" port. Set Default VLAN ID for port x and VLAN Header = add if missing for port y. Set VLAN Mode = strict for both ports and add entry in VLA...

kirshteins

Are all 450G ethernet interfaces affected? Have you tested with multiple cables?

kirshteins

What power supply are you using?

kirshteins

SwOS does not make any IP routing decisions as there is no need for it (as SwOS does not run programs like ping-to or ssh-client etc.). 250GS still should be accessible behind VPN.

kirshteins

Please post your TFTP and DHCP-server configuration if possible.

kirshteins

Make sure you allow this file to be downloadable in TFTP configuration.

kirshteins

Unfortunately, yes, this rule blocks all ARP traffic from the device. 250GS hardware does not support more advanced ARP matching features.

kirshteins

What is status of ACL LED? It should start blinking few seconds after power up, if reset button is pressed. Configuration will be reset if you release reset at this point. Otherwise (after 10 seconds of ACT blinking) it will start to blink twice as frequent and switch will try to boot using BOOTP. h...

kirshteins

Both reset-button and reset-hole are intended to work at the moment when board is being powered up. It works the same way with all Routerboards.

kirshteins

You can access this data by using the terminal

/interface ethernet print stats interval=1s

kirshteins

The native bridge filter don't works, just the firewall ones if ticked "Use Ip Firewall". Just tested in x86 here.

What bridge filter rules are not working for you? I cannot reproduce any problems on Routerboards or x86.

kirshteins

SwOS will simply drop everything that exceed bandwidth limit on ingress port significantly decreasing TCP speed. It is recommend to limit speed on egress ports.

kirshteins

What's new in 1.3: *) added ability to specify ethernet ports from which it is allowed to connect to the switch; *) fixed problem - reboot sometimes made switch unresponsive; *) fixed problem - Hosts table were not shown sometimes; *) fixed problem - sometimes it didn't respond to ARP requests or re...

kirshteins

What SwOS version are you using? Are all ports affected?

kirshteins

So only one LED works (the one on the left)? is this hardware or software made?

Orange LED works the same way as green one, but for 10Mpbs links.

kirshteins

The behavior of ACL has been changed in v1.2 - ACL are no longer affecting traffic going-to or coming-from the CPU of the switch. It is best to use Allow From feature in System tab to restrict access to the switch. Sorry for inconvenience it might caused.

kirshteins

Try filtering by Ethertype:0x0806 and Src. MAC.

kirshteins

VLAN setting under switch section is to manage VLANs going through switch chip, while standard VLAN interface manages VLANs going through CPU.

kirshteins

Yes, this scenario should work without any problems. On 1st switch make sure you have entries in VLAN table with ether1,ether5 for each VLAN-ID and port5 set VLAN header = leave as is. There are no need for adjustments on 2nd switch.

kirshteins

It is best to send this report to support@mikrotik.com along with supout.rif file.

http://wiki.mikrotik.com/wiki/Manual:Su ... utput_File

kirshteins

Only ether2-ether5 can be switched together on RB750.

kirshteins

I cannot reproduce this problem. What is your SNMP configuration on 250GS?

kirshteins

It is an indoor switch and it is not meant to be grounded. Try grounding via one of the mounting holes, if you want to use it outdoors.

kirshteins

Because ethernet header (14 bytes) + two VLAN tags (2*4=8 bytes) + 1500 payload exceeds 1518 bytes and gets dropped.

kirshteins

250GS can forward jumbo frames, but its CPU cannot receive ethernet frames bigger than 1518 bytes. Ethernet frame size is 1522 bytes, if you use double-tagging and 1500 bytes of IP load. Is that a normal standard or just a MT implementation behavior? IEEE 802 packets may have a minimum size restrict...

kirshteins

Which ports are you PCs connected to? Also, please, post your bridge configuration.

/interface bridge export

kirshteins

SwOS v1.2 supports up to 9000 byte frames, so there should not be any problems.

kirshteins

Try the following configuration:

swos.png

kirshteins

Switches 0 and 1 are physically separated, so you cannot make single port switching group. However you can bridge master ports of both switch groups.

kirshteins

It is 1Gbps speed between CPU and and four ports of AR8316, while fifth port is optional to share this 1Gbps with other ports or to give up its ability to be switched with other ports for standalone 1Gbps speed to CPU.
http://wiki.mikrotik.com/wiki/Switch_Ch ... _Switching

kirshteins

Can anyone test whether link drops occur by entering RouterBOOT setup and testing from that point?

kirshteins

For example, 32k f/s means that this port will not forward more than 32'000 broadcast frames per second. Unicast option means whether unicast frames without MAC address entry in host table will be treated as broadcast frames.

kirshteins

Does anyone have a clue what is going on ?

Perhaps it is because of loneliness... as wives don't want to talk about routers

kirshteins

You can get stats from switch chip itself: /interface ethernet print interval=1s stats where name="ether1" name: "ether1" rx-broadcast: 675948 rx-pause: 0 rx-multicast: 70697 rx-fcs-error: 0 rx-align-error: 0 rx-runt: 0 rx-fragment: 0 rx-64: 519755 rx-65-127: 220824 rx-128-255: 9...

kirshteins

It is strongly recommended to load backup only to the same model router it was taken from. You can follow Martín' s advice and edit export file. Or you can simply export only configuration that you need, for example, /ip firewall export ; /ip dns export ; /ip address export etc. Then merge it into o...

kirshteins

http://wiki.mikrotik.com/wiki/How_to_Bl ... sing_Proxy

kirshteins

http://wiki.mikrotik.com/wiki/SwOS#Forw ... uote]Storm Rate - Limit the number of broadcast packets transmitted by an interface
Include Unicast - Include unicast packets without an entry in host table in Storm Rate limitation[/quote]

kirshteins

Seems like SwOS have some problems with ARP replies. You can add static ARP entries for your switches on the Dude server to confirm.

kirshteins

wildbill442, what device is connected to ether13 when these problems occur?

kirshteins

Try adding static ARP entries on RB450G for both RB250G.

kirshteins

Try to add following rule before the other destination NAT rule. Check whether it helps.

/ip firewall nat
add action=accept chain=dstnat dst-port=80 protocol=tcp src-address=172.18.1.2

kirshteins

It is impossible to recover it, but you can reset it by:
http://wiki.mikrotik.com/wiki/Manual:Password_reset
or
http://wiki.mikrotik.com/wiki/Netinstall

kirshteins

Yes, the other rule

filter add chain=input action=accept protocol=icmp comment="default config
uration"

accepts ICMP packets. This is why you could ping the interface.

kirshteins

Only ether2-ether9 can be switched together on RB493. To use ether2 as master-port for all ports use the following command:

/interface ethernet set ether3,ether4,ether5,ether6,ether7,ether8,ether9 master-port=ether2

kirshteins

See this example: http://wiki.mikrotik.com/wiki/Switch_Ch ... _Switching

kirshteins

Is there any NAT configured in this setup?

kirshteins

Most input on ether1 is blocked by default on RB750. There are default firewall filter rules, that will accept pings, but will drop other services. you can try to disable them. /ip firewall filter add chain=input action=accept protocol=icmp comment="default config uration" filter add chain...

kirshteins

No, it will work on all RouterOS versions.

kirshteins

Does this problem occur when using any other web browser than Firefox 3.6.9?

kirshteins

Just follow this guide: http://wiki.mikrotik.com/wiki/Forwardin ... nternal_IP

kirshteins

Please clarify your problem and what are you trying to achieve.

kirshteins

Each counter will reset at 2^32=4294967296.

kirshteins

Is host table contents displayed properly? When this error occurs, please, save it as "Web Page, complete" and send those files to support@mikrotik.com

kirshteins

All 3 (11-13) trouble making ports are connected with a couple of Cisco L3 2948G switches. The only way that worked without giving me trouble was with auto negotiation off at 100/FDX. I will be submitting the supout file soon. We tested multiple RB1100 with Cisco L3 2948G and did not experience any...

kirshteins

"upgrading do not interrupt"

Simply power cycle switch if you are running SwOS 1.0 and see this message.

The download file is only 37 kbytes - is this correct

Yes, it is very lightweight OS.

kirshteins

What version are you running? You can try alternative method to reset switch - take it out of the case and close reset hole with metal object while powering up the board. In a similar way like http://wiki.mikrotik.com/wiki/File:Passw.jpg

kirshteins

Set VLAN Header = add if missing for port5. Everything else looks fine.

kirshteins

You do not have any IP address or DHCP server configured on LAN2 interface. You can bridge LAN and LAN2 together to use same IP address and DHCP server for both interfaces: http://wiki.mikrotik.com/wiki/Bridge

kirshteins

I can't figure out how to limit management access to a port or vlan. http://forum.mikrotik.com/viewtopic.php?p=225658#p225658 Why can't the config file saved be more like a RouterOS config? Please clarify what problems do you have with current configuration backup system? A Mac based telnet login f...

kirshteins

Yes, it is possible to drop, for example, VLAN ID=100 packets that are not entering switch through port1 etc. using ACL rules.

kirshteins

Set VLAN Mode = strict for all ports and VLAN Header = add if missing for Port1. I expect users on port 2 and 3 wont be able to access management. Set password to deny management access for users. Also, it seems that ip address can have only /24 mask (why?). RB250GS will not do any routing. SwOS use...

kirshteins

If you do not assign any port then default value: all ports (0-65535) is used. What kind of traffic do you need to forward (UDP, TCP, all traffic)? Please post forwarding NAT rules that stop working and how you determine that they stopped working.

kirshteins

There should not be any difference between assigning IP address to master or slave port. IP addresses assigned to slave port should work for all switch group ports just as it was assigned to master port. Did you lost connection permanently or just for a few seconds?

kirshteins

This problem has been fixed in latest version 4.11.

kirshteins

Currently it is not supported. But this feature might be implemented in the future.

kirshteins

Please describe your network topology, configuration, how much and what type of traffic is being forwarded through switch when you experience latency issues. We were not able to reproduce any problems with SNMP (tested with Dude v3.6 and v4.0beta2).

kirshteins

I confirm the issue with the Reboot button. I'm connected over vlan1 from my PC. When I press Reboot the webserver in the switch just dies off silently. The switch itself keeps on forwarding the traffic and not a single packet is lost. If I try to telnet 192.168.88.1 port 80 there is no ARP reply. ...

kirshteins

Have anyone tried to reinstall problematic RB1100 using Netinstall and reproduce this problem with default configuration?

kirshteins

The tagged traffic against the internal IP number of the switch (vlan1 on PC to vlan1 on the switch) doesn't work well.

What type and size are those packets? 250GS can forward jumbo frames, but cannot receive one itself. Also 250GS can forward packet fragments, but will not fragment itself.

kirshteins

This behavior is normal for newest revisions of RB411. Green light will indicate 100Mbps link, while orange 10Mbps link.

kirshteins

Do you have problems with increased latency and ping timeouts when you ping to or through switch? Are there any transmission errors reported in statistics tab?

kirshteins

Eben, if you are running v1.1 there should not be any problems upgrading remotely.

kirshteins

If you are running v1.0 you will need to upload v1.2 firmware, press upgrade button and manually power cycle your board. If you are running v1.1 reboot part will be done automatically after upgrade.

kirshteins

What's new in 1.2: *) fixed problem - reset configuration & reboot did not work; *) fixed problem - VLAN header present/not present matcher did not work in ACL; *) fixed problem - could not match all packets in ACL; *) fixed problem - deleting one ACL entry did not have immediate effect; *) fixe...

kirshteins

Please upgrade to SwOS v1.2.

kirshteins

Check policies of your script. Perhaps backup file is not fully generated before the attempt to send it. Try to add short delay in between generating backup and sending the file. /system backup save name=([/system identity get name]); /delay delay-time=5s ; /tool e-mail send to= "me@me.com"...

kirshteins

You have to enable WEB proxy, assign parent-proxy (IP address of your Squid server) and parent-proxy-port (if necessary) to make it transparent. More information:

http://wiki.mikrotik.com/wiki/Manual:IP/Proxy

kirshteins

Both RB450G and RB250GS have Atheros8316 switch chip which supports 2k host table entries. Do this problem occurs when click any other tab apart from hosts? Perhaps you can describe what type of monitoring system you have.

kirshteins

Incorrect status of the interfaces: all interfaces are "running" even if nothing connected.

That is normal for x86 as disable-running-check=yes is set by default.

kirshteins

If you experience problem where RouterOS reports link as running, but traffic cannot be received, try to unplug Ethernet cable. If Link/Act and 10/100 LEDs are still on then there are problems with Ethernet PHY.

kirshteins

Changing SSH port worked best for me.

/ip service set ssh port=2222

kirshteins

Please list exact device names you are experiencing problems with when connected to RB1100 ether11-ether13. Also state their transmission parameters (speed, duplex mode) if auto negotiation is disabled.

kirshteins

Bandwidth-test tries to use all bandwidth available. Running UPD BTest both direction without limitation could cause packet drops and that means there will not be complete synchronization between BTest client and server. Do you experience any problems running TCP BTest or single direction UPD BTest?

kirshteins

Please send supout.rif file to support@mikrotik.com. Generate it while you have auto-negotiation enabled on ether11-ether13. What exact devices are connected to those ports?

kirshteins

Assigning IP addresses to the physical interfaces that are part of the bridge will break things.

It should not break anything. Bridge will simply inherit IP addresses from interfaces assigned as bridge ports.

kirshteins

Which port are you connecting to? Is Ethernet activity LED shining? How you determine that there is no connection?

kirshteins

Routerboards do not have batteries to save clock. You can use NTP client to synchronize time with NTP servers (time.nist.gov, for example). More information:
http://wiki.mikrotik.com/wiki/Manual:Sy ... NTP_client

kirshteins

Try masquerading traffic coming from your LAN network (Src. address) and going to 192.168.1.52 (Dst. address).

kirshteins

There can only be single switch group per physical switch chip. You can use bridging instead.

kirshteins

Try to test with recently released v5.0beta5 if possible.

kirshteins

I experience the same issue. Connected an RB1100 Ether11 to a cisco ME3400 switch. Interface resets every 10 seconds or so. Ether12 and 13, same issue. All other interfaces works fine. Tried another RB1100 with the same issue. This is a really nasty error. Is there are auto-negotiation enabled on b...

kirshteins

Make sure you put this allow rule before general deny youtube.com rule.

kirshteins

What blocking method is being used?

kirshteins

kewlkeed, poor speed could be result of duplex mismatch. We will investigate why this link does not work at forced 100FD.

verdonker, please send supout.rif file to support@mikrotik.com

kirshteins

Ports 1-10 when set to full duplex 100, they do not connect (No Link) to switch I am using (Nortel 1800) (Cross or straight cable) What is exact configuration for both end (auto-negotiation=yes/no, full-duplex=yes/no, speed)? DO connect when I set them to auto, but they don't have duplex If one end...

kirshteins

But how do i Import it then to the new board? Which command do i use?

http://wiki.mikrotik.com/wiki/Manual:Co ... figuration

kirshteins

For troubleshooting you can add general masquerade (masquerade everything) rule on top of your SRC-NAT rule list.

kirshteins

Try to masquerade traffic coming from your LAN and going to 192.168.2.15. Currently 192.168.2.15 is responding directly to user, while user waits response from router.

kirshteins

How long should the Upgrading...(Please do not interrupt) message remain on screen?

Just reboot it. In v1.1 reboot after upgrade will happen automatically.

kirshteins

Please generate supout.rif file when problem occurs and send to support@mikrotik.com together with the description of the problem.

kirshteins

I mean, to be able to use 65535B packet size. See http://forum.mikrotik.com/viewtopic.php?f=3&t=40743 The answer from support was that disabling the IP175D features would not bring any benefits other than be able to use 65535B packet size and I suggested to put it configurable somewhere via con...

kirshteins

Auto wasn't supposed to be there. It has been fixed in latest versions.

kirshteins

Each switch group you configure also has CPU-port, so there shouldn't be any problems to run NTP features on your Routerboards.
More information: http://wiki.mikrotik.com/wiki/Manual:Sw ... p_Features

kirshteins

You can generate supout.rif file after problems occurred and send it to support@mikrotik.com

kirshteins

This problem is caused by additional feature of IP175D switch chip that supports up to 200Mbps speed between CPU and switch, while IP175C only up to 100Mbps. Currently we do not see any benefit form ability to forward 65535-Byte IP packets as all packets exceeding MTU of the interface will get fragm...

kirshteins

What exactly do you mean by downgrade? What device is connected to ether1? What link status is reported by RouterOS and Ethernet LEDs? Perhaps ether1 is bridged and jammed by bridge loop?

kirshteins

Please send a supout.rif file to support@mikrotik.com from affected router.

http://wiki.mikrotik.com/wiki/Manual:Su ... utput_File

kirshteins

By default mac-winbox server and neighbor discovery is disabled on 750G ether1. 192.168.88.1 IP address is already assigned to ether2.

kirshteins

Make sure you have the following configuration

/interface ethernet switch port
set 4 vlan-header=always-strip 
set 2 vlan-header=add-if-missing

kirshteins

What RB model is it? You can try to access router using serial console:
http://wiki.mikrotik.com/wiki/Serial_Console
Also you can reset configuration back to factory defaults using this method:
http://wiki.mikrotik.com/wiki/Manual:Password_reset

kirshteins

Try to trace-route this website with and without router.

kirshteins

1) Only 450G supports this feature.
2) Do you mean adding VLAN tags for specific ports?

kirshteins

RSTP can provide you with loop-free topology and also make your redundant links to provide automatic backup, in case active link fails. You can use traffic-monitor tool to disable MT2 - MT6 and MT2 - MT5 links, if there is too much traffic going through MT2 and RSTP will change topology automaticall...

kirshteins

To clarify: RB750 ports 2-5 can be switched together; RB750G ports 1-5 can be switched together; RB450G by default ports 1-5 can be switched. Supports "switch-all-ports=yes/no" that lets you remove switching ability from ether1, but increases ether1 troughtput to other ports in bridged, an...

kirshteins

Follow this guide to set up web proxy: http://wiki.mikrotik.com/wiki/How_to_Block_Websites_&_Stop_Downloading_Using_Proxy Add rules to block different kind of picture files: /ip proxy access add path=*.jpg action=deny add path=*.jpeg action=deny add path=*.png action=deny add path=*.gif action=d...

kirshteins

Take a look at these guides:
http://wiki.mikrotik.com/wiki/Send_Backup_email
http://wiki.mikrotik.com/wiki/Automated_Backups

kirshteins

As you can see in packet flow diagram bridge forward traffic are not being processed through IP firewall by default. Set /interface bridge settings set use-ip-firewall=yes to change this behavior. You can try this guide http://wiki.mikrotik.com/wiki/Use_SSH_to_execute_commands_(DSA_key_login) to set...

kirshteins

Try to set it to "Run as Administrator". Also if you have multiple NICs make sure only the one your are connecting to the router is enabled, and it has IP address assigned.

kirshteins

There is a bug with ether2 and ether3 not working correctly on some RB433 in v4.3. This bug is fixed in latest v4.5.

kirshteins

Please follow this guide to reset any configuration: http://wiki.mikrotik.com/wiki/Password_reset

kirshteins

RB750 switch does not have advance packet filtering, so it is impossible to isolate networks (it is still possible to isolate VLANs). You can try to use bridge instead of a switching. With "/interface bridge settings set use-ip-firewall=yes" you can use IP firewall.

kirshteins

In case ether3 and ether4 are not switched together, you can try to use IP firewall filter to isolate LANs. For example,

/ip firewall filter
add action=drop chain=forward in-interface=ether3 out-interface=ether4
add action=drop chain=forward in-interface=ether4 out-interface=ether3

kirshteins

Please take a look at Port switching paragraph.

Why are there now port statistics other than on the master port?

What statistics do you mean?

kirshteins

You should have a look at:
http://wiki.mikrotik.com/wiki/First_time_startup
http://wiki.mikrotik.com/wiki/Category:Manual

Search found 592 matches