Now you'd wish manufacturers to give one of their main tools to keep clients with them away...A WiFi TDMA mode that is compatible with UBNT airMAX.
We usually have a mix of MikroTik/UBNT access points and clients in our network so we can only use bare 802.11 even when TDMA would perform much better.
Alternative: an IEEE standard for this mode that is implemented by both companies.
+1Netinstall for Linux, or documentation of the netinstall process so it can be programmed for Linux by someone else.
RoMON works only over L2 transparent links. A proxy could be operating at IP level. A nice feature would be to add an IP-level layer to RoMON so you can@TomjNorthIdaho
RoMON
If you can connect to 1st mikrotik via TCP (ssh), than using putty, you can configure additional port forwards on the fly.Winbox proxy ???
It might be nice to be able to connect to another Mikrotik using the 1st mikrotik as a proxy to be able to connect up to a 2nd Mikrotik.
Where , an admin might not be able to directly connecte to the 2nd mikrotik, but if the 1st mikrotik can mac/IP connect to the 2nd then allow a winbox proxy connection through the 1st mikrotik to a 2nd mikrotik.
When testing P2MP networks for best throughput and latency you need to run a test from several CPE's (in a 'all MT' network) and then switch between the different protocols and setting to see what gives best result.
Each time though the connection with AP is lost due a config change, the CPE needs to be opened up again in its winbox session. And each time all settings for the bandwidth test are gone... each time you need to fill these again..
Can bandwidth test not be made to at least remember its settings? It has to be stopped when the CPE drops the connection over the interface the test runs, but it would be o so helpful if the settings for the test just come back after the winbox session is opened again. Just click on 'run' and the test can run again..
Would make it a great time saver in troubleshooting and fine tuning P2MP networks...
+1Please implement a proper auto channel selection that looks at the usage and noise floor of each frequency in the scanlist before choosing a channel.
And not one that just counts how many devices it sees per frequency (as per now): viewtopic.php?f=7&t=122063&p=677377#p600476
So you see it under /system healt print ?CRS112-8P-4S:
SNMP Oid's for PSU1 + PSU2 Voltage or at least a status.
Currently only Temperature under system health supported.
Feature requests - SNMP OID Ethernet link speed
It would be great to have SNMP OIDs for Ethernet link speeds. (if they are there , I have not spotted them yet).
These could be very useful to detect when an Ethernet link changes link speed. Such as when what is/was supposed to be a 1-Gig link changes to a 100 meg link.
North Idaho Tom Jones
$ snmpwalk -v2c -c public 192.168.88.1 |grep ifSpeed
IF-MIB::ifSpeed.1 = Gauge32: 0
IF-MIB::ifSpeed.2 = Gauge32: 1000000000
IF-MIB::ifSpeed.3 = Gauge32: 1000000000
IF-MIB::ifSpeed.4 = Gauge32: 0
IF-MIB::ifSpeed.5 = Gauge32: 100000000
IF-MIB::ifSpeed.6 = Gauge32: 1000000000
IF-MIB::ifSpeed.7 = Gauge32: 0
IF-MIB::ifSpeed.8 = Gauge32: 0
IF-MIB::ifSpeed.9 = Gauge32: 1000000000
IF-MIB::ifSpeed.10 = Gauge32: 1000000000
IF-MIB::ifSpeed.12 = Gauge32: 100000000
IF-MIB::ifSpeed.14 = Gauge32: 1000000000
IF-MIB::ifSpeed.15 = Gauge32: 0
IF-MIB::ifSpeed.17 = Gauge32: 0
IF-MIB::ifSpeed.18 = Gauge32: 100000000
IF-MIB::ifSpeed.21 = Gauge32: 10000000
IF-MIB::ifSpeed.22 = Gauge32: 0
IF-MIB::ifSpeed.24 = Gauge32: 0
IF-MIB::ifSpeed.25 = Gauge32: 1000000000
+1 !!!!!!Feature requests - SNMP OID Ethernet link speed
It would be great to have SNMP OIDs for Ethernet link speeds. (if they are there , I have not spotted them yet).
These could be very useful to detect when an Ethernet link changes link speed. Such as when what is/was supposed to be a 1-Gig link changes to a 100 meg link.
North Idaho Tom Jones
snmpwalk -v2c -c public 192.168.0.1 .1.3.6.1.2.1.2.2.1.5
IF-MIB::ifSpeed.1 = Gauge32: 1000000000
IF-MIB::ifSpeed.2 = Gauge32: 100000000
IF-MIB::ifSpeed.3 = Gauge32: 0
IF-MIB::ifSpeed.4 = Gauge32: 1000000000
IF-MIB::ifSpeed.5 = Gauge32: 1000000000
IF-MIB::ifSpeed.6 = Gauge32: 10000000
IF-MIB::ifSpeed.8 = Gauge32: 1000000000
IF-MIB::ifSpeed.9 = Gauge32: 100000000
IF-MIB::ifSpeed.10 = Gauge32: 1000000000
snmpwalk -v2c -c public 192.168.0.1 .1.3.6.1.2.1.2.2.1.2
IF-MIB::ifDescr.1 = STRING: ether1-Wan
IF-MIB::ifDescr.2 = STRING: bridge_vlan1
IF-MIB::ifDescr.3 = STRING: ether3
IF-MIB::ifDescr.4 = STRING: ether4-Win_Server
IF-MIB::ifDescr.5 = STRING: ether5-Linux_server
IF-MIB::ifDescr.6 = STRING: pptp-in1
IF-MIB::ifDescr.8 = STRING: ether2-Cisco-Switch
IF-MIB::ifDescr.9 = STRING: bridge-vlan20
IF-MIB::ifDescr.10 = STRING: eth2-vlan20
snmpwalk -v2c -c public 192.168.0.80 .1.3.6.1.2.1.2.2.1.2
IF-MIB::ifDescr.1 = STRING: wlan1
IF-MIB::ifDescr.2 = STRING: ether1
IF-MIB::ifDescr.3 = STRING: ether2
IF-MIB::ifDescr.4 = STRING: ether3
IF-MIB::ifDescr.5 = STRING: ether4
IF-MIB::ifDescr.6 = STRING: bridge
snmpwalk -v2c -c public 192.168.0.80 .1.3.6.1.2.1.2.2.1.5
IF-MIB::ifSpeed.1 = Gauge32: 50000000
IF-MIB::ifSpeed.2 = Gauge32: 100000000
IF-MIB::ifSpeed.3 = Gauge32: 0
IF-MIB::ifSpeed.4 = Gauge32: 0
IF-MIB::ifSpeed.5 = Gauge32: 10000000
IF-MIB::ifSpeed.6 = Gauge32: 100000000
news?hi guys, it seems to me that it is still not possible to change the date format in dd/mm/yyyy. It would be very useful as I also work with userman reports.
Does anyone have a solution?
thank you
Valerio
Please this to be able to use several lists on a single rule without having to copy them together manually or by scripting.1. IP firewall address lists could include one another (or firewall rules could match multiple lists at once, e.g. "src-address-list=list1,list2").
+1I would like to see something like triggers when an interface state changes, so router can run a script (like ip-up/ip-down on "real" Linuxes).
The underlying Linux mechanism does have a "list of lists" feature so it would be easy to add a "list12" that has "list1" and "list2" as members and then specify that as src-address-list.Please this to be able to use several lists on a single rule without having to copy them together manually or by scripting.1. IP firewall address lists could include one another (or firewall rules could match multiple lists at once, e.g. "src-address-list=list1,list2").
http://prntscr.com/kq653h
Also do the same on src/dst-address and in/out-interface so we don't have to create a list if just needing a rule with two or three addresses as it makes config more neat.
But what is preventing Mikrotik from making it possible to create hidden lists from several IPs specified in a single rule or having a rule match if IP exists in list A or list B?The underlying Linux mechanism does have a "list of lists" feature so it would be easy to add a "list12" that has "list1" and "list2" as members and then specify that as src-address-list.Please this to be able to use several lists on a single rule without having to copy them together manually or by scripting.1. IP firewall address lists could include one another (or firewall rules could match multiple lists at once, e.g. "src-address-list=list1,list2").
http://prntscr.com/kq653h
Also do the same on src/dst-address and in/out-interface so we don't have to create a list if just needing a rule with two or three addresses as it makes config more neat.
There is no support to have several lists or several addresses in a single firewall item. You can only do that by having several separate items and indeed that is what happens when you try that in Linux.
(you insert a simple rule with different addresses and when you look later you have several rules in your table)
It would not be a good idea to do that because it introduces new possibilities for bugs.But what is preventing Mikrotik from making it possible to create hidden lists from several IPs specified in a single rule or having a rule match if IP exists in list A or list B?
Tom:NV2 - increase NV2 client scan-for-AP b4 connect to AP
Unlike 802.11 or nstream, nv2 clients do not background scan for better APs to connect or roam to. All client nv2 connections want to stay connected to the original nv2 AP they first connected to. Longer nv2 client scan times would at least get equal client-connect loads distributed evenly among all nv2 APs of equal signal strength found in the client nv2 scan list.
North Idaho Tom Jones
How about performing an IP / neighbor command on your main router (that should 'see' all units) and order by device type? You'll immediately see if a units is 'n' or 'ac'. My antenas all have their designated AP in their name so I can then also set the filter and thus see in an instance which units are 'n' or 'ac' (and thus can do 80Mhz wide channel in 'ac') for each AP.Re: Feature requests (ability to view wireless capabilities)
Is there a feature to see/view the capabilities of a wireless wlan ?
If not , then I would like to see a new feature to show the wireless capabilities and possible settings.
My issue, I have more than 1,000 nv2 client Mikrotiks. I currently use a Linux expect script to sequentially connect up to each client and perform some commands. The results of the commands are stored in a directory on my Linux machine (results-directory/IP-address-of-client-mikrotik). I am then able to grep the results-directory for pattern matches I am looking for and with this list, I am then able to obtain a client list of IP addresses I am searching for.
I am searching for a method to find all client Mikrotiks that are AC capable, and/or Ceee capable, and/or 2x2 capable. My problem is, I don't know the client wireless capabilities without actually attempting to configure the wireless interface. Thus, it would be a nice feature to be able to print the wireless capabilities without actually making wireless configuration changes.
North Idaho Tom Jones
rfc 6286 - AS-wide Unique BGP Identifier for BGP-4 support for routerOS BGP.
it relaxes some strict definitions: routerid can be now an arbitrary 32 bit unsigned integer, while the older definition restricts it to "valid unicast address".
this breaks BGP compatibility with mikrotik devices right now if not taken in consideration.
in general you only need to remove the check that was required in rfc4271.
this needs to be worked out with IPv6-only devices where you don't have no IPv4 address to be used as bgp identifer.
opened a support request for it earlier today:Just ran into this issue today.
@TomjNorthIdaho: So it's enterprise feature then? That's good, it won't agitate people for being another frivolous home feature.A WISP could possibly use something like this to play a sound file ...
It would pretty much be a tool for what ever a Mikrotik admin might want/need. Also , because I am suggesting it be an optional package, it would not necessarily be pre-loaded on a fresh Mikrotik router. This optional package could potentially be a nifty tool when used with scripts (including netwatch) to provide audio/verbal information. Also , because I know this type of motherboard speaker driver works on old/slow 16 MHz 16-bit computers , it would not be a Mikrotik resource drain sucking performance away from L2/L3 throughput.@TomjNorthIdaho: So it's enterprise feature then? That's good, it won't agitate people for being another frivolous home feature.A WISP could possibly use something like this to play a sound file ...
How about the possibilities of a new wireless driver for Wireless chipsets ? With a developent package , a new wireless driver could be created (using all of the available Atheros chipset registers/settings) to make new high-performance high-thoughput wireless drivers (such as a new/better nv2 'TDMA') system that might way outperform the current Mikrotik properitery hybrid TDMA (nv2). Or how about the tens of thousands of Linux drivers and applications/tools/utilities already freely available.Good luck with that. It doesn't seem to me that MikroTik is much for opening up. For example, according to developer of open-source MAC telnet, they don't even want to share details about new 6.43+ authentication, which is something that has no reason to be secret. And you want them to let you plug in your own code in their kernel...
But it could be nice. Even if it was something significantly more modest, just custom packages for strictly user-space non-root stuff. You could easily add custom services, simple web server, full-featured DNS server, UDP proxy, etc. Things that people sometimes want and MikroTik is not eager to implement. Combine it with some API to integrate own configuration interface for these things in WinBox/WebFix/CLI and it would be wonderful. But I'm not holding my breath.
Yes it would certainly be nice to have user-mode daemons under isolated user IDs so they cannot mess with the MikroTik part of the system, but frankly I doubt that the infrastructure for that is currently in place."my plan" (if we can call it that) seems more realistic, because even though they would lose some control, isolated package could not easily mess up whole system.
I'd like to ask to complete IPSEC/IKEv2 implementation.
Motivation is : lots of VPN providers - NordVPN and others - are moving to that, leaving L2TP/IPsec disappearing.
System > scripts > environment (both winbox and webfig) ( it's only the current values however)There sould be a new section, a table in webfig and in winbox for global variables with initial values.
Such request is pretty useless. Defince what you consider "complete"? Which features you are missing?I join the request, i need secure way to use NordVPN.
I'd like to ask to complete IPSEC/IKEv2 implementation.
Motivation is : lots of VPN providers - NordVPN and others - are moving to that, leaving L2TP/IPsec disappearing.
This can be done using scripting. The underlying mechanism in the kernel does not support a DNS name so it would have to be solved in a similar way.Please consider adding FQDN and DDNS support to the Local and Remote Address fields of the GRE Interface.
Isn't the support already here for some time?.. quite long time...Please consider adding FQDN and DDNS support to the Local and Remote Address fields of the GRE Interface.
What's new in 6.33 (2015-Nov-06 12:49):
*) tunnels - eoip,eoipv6,gre,gre6,ipip,ipipv6,6to4 tunnels now support dns name as remote address;
Why not just unset it?Yes, it's there, but only for remote address. Local address accepts only IP address.
Yeah, in nginx you simply use try_files for your custom files on local server and proxy_pass to the original MikroTik server for the restIn that case one can choose to retrieve the LATEST file from a local server and still get the npk files from "upgrade.mikrotik.com".
(so it is not required to keep a complete mirror of those files)
But of course it should be possible to mimic that with a reasonably flexible "transparent proxy" (that allows some files to be served locally and the remainder to be proxied)
I should have provided more detail.Isn't the support already here for some time?.. quite long time...Please consider adding FQDN and DDNS support to the Local and Remote Address fields of the GRE Interface.
What's new in 6.33 (2015-Nov-06 12:49):
*) tunnels - eoip,eoipv6,gre,gre6,ipip,ipipv6,6to4 tunnels now support dns name as remote address;
+1 for allowing MAC address prefixes in lists as well for identify entire classes of devices like VoIP phones.Please add:
MAC address lists
Port lists in Firewall
Having MAC addresses in a list would not be very useful for that. What you want is to match MAC address by prefix, usually by the first 3 octets (manufacturer).+1 for allowing MAC address prefixes in lists as well for identify entire classes of devices like VoIP phones.
So, updates work via plain HTTP? No encryption?Well, as I can see, you just create static DNS entry on the router "upgrade.mikrotik.com" with the IP of your server, then run HTTP server on that IP, serving one-line files "/routeros/LATEST.(6|6fix|6rc|7)" containing "$VERSION $TIMESTAMP" (for example, "1.0 1"). Then create "/routeros/$VERSION" dir with CHANGELOG (any text you want to see) and .npk files. Done
Why shame? There is absolutely no problem with that!So, updates work via plain HTTP? No encryption?
Shame!
Because there is no excuse anymore for any service to run without TLS. Certificates are free (if not dirt cheap for those that don't - for whatever reason - like Let's Encrypt).Why shame?
Yeah, it's fine. Until it somehow gets exploited in the future.Remember the update files themselves are signed! The signature is verified before they are installed.
So http is fine.
Microsoft's policies are not an example to be copied.You know, Windows is using http download for windows update as well.
I never inferred that. Logging in to some website is COMPLETELY DIFFERENT from downloading a firmware update.Sure,
So next time you login to your web-banking do not check for TLS.
TLS would remove the possibility to have a local update repository on a closed network. At least until the update URL is made configurable.So yeah, TLS would not hurt and could help some people sleep better.
This is done in 'graphing' you can set up resource graphs and access them through webfig (at login hit the 'Graphs' button underneath the login)Please add average cpu usage for the last day / month / year whatever. This makes it possible to at a glance see how hard a router is working.
Create a 'viw' /session, with those things enabled (And maybe your favourite screens setup and layed out), then use that as your default session view, along with unticking autosave so no matter what you do in that session it resets next time you log-in.The ability to force CPU, uptime, date etc on all winbox sessions.
Instead of having to do it individually
That would be almost okay if the graphs had some authentication built into them as well as opposed to just an ip whitelist.This is done in 'graphing' you can set up resource graphs and access them through webfig (at login hit the 'Graphs' button underneath the login)Please add average cpu usage for the last day / month / year whatever. This makes it possible to at a glance see how hard a router is working.
This will keep a daily, weekly and yearly graph if i remember correctly, daily being 5 minute poll, weekly being 2 hour and yearly being 1 day or something to that effect.
Here is a screenshot form my Splunk Mikrotik project found here: viewtopic.php?t=137338Please add average cpu usage for the last day / month / year whatever. This makes it possible to at a glance see how hard a router is working.
If IP whitelist is not enough, you can limit it to VPN via firewall.1) unsecured graphing which can't be queried using a script anyway
Mikrotik has "The Dude" which works well enough as SNMP server. It is not masterpiece, has its own bugs, but works.2) have to run a 3rd party snmp server because there is no snmp server from Mikrotik
Unsure what do you mean. You can query SNMP from router.... and no ability to query snmp registers from the router itself.
Everyone will ask for different average. Someone will ask for 5m, someone for 1hour, someone for 1day... Cmon, if you have such specific requirements, is it really that hard to make own script, which will grab SNMP counters and show you absolutely anything you can imagine?Surely there's a point where it's simpler to just add in an average counter in the resources tab which can be scripted...
It's okay, I apologize for getting a bit irritated as well. I appreciate your suggestion and will give it a try.@Wyz4k No. I should apologize. I didn't realize it will sound so aggressive. This is certainly about "feature requests". Sometime, requests are great. Sometime not - people submit them due to misunderstanding or lack of information. I just tried to correct some of your statements and I didn't mean to offend you
Your feature is already implemented in RC/testing version. And some people don't like it...I'm new to the forum, and I'd like to know where is the right place for a feature request.
No, RADIUS is not a pool manager it can assign statics, software behind RADIUS would need to still manage a pool, which can get out of sync if you miss a stop record or something.That is already possible via RADIUS!
Current:
/interface ethernet switch vlan add ports=sfp1,sfp2 vlan-id=200
/interface ethernet switch vlan add ports=sfp1,sfp2 vlan-id=201
Proposed:
/interface ethernet switch vlan add ports=sfp1,sfp2 vlan-id=200,201
Current:
/interface ethernet switch vlan add ports=sfp1,sfp2 vlan-id=200
/interface ethernet switch vlan add ports=sfp1,sfp2 vlan-id=201
Proposed:
/interface list add name=sfp-list
/interface list member add interface=sfp1 list=sfp-list
/interface list member add interface=sfp2 list=sfp-list
/interface ethernet switch vlan add ports=sfp-list vlan-id=200,201
Thanks for explanation, I didn't know what's the underlying implementation of interface lists. Well, the idea(1) is still nice to have, since my vlan table entries contain same trunk ports.Remember that interface lists are handled by the CPU. An interface list is just a bit set in the interface definition which can be matched e.g. in the firewall ("is this bit set for the interface where this packet arrived") by the processor.
This is entirely different from switch programming, where a fixed mapping between devices and vlans is programmed in an external chip essentially one-time (at startup) and the mapping is only used by the switch chip, not by the processor.
There should simply be the possibility to add "user graphing" where an SNMP OID is entered and the value is graphed. It has been requested before.It would be really nice if MikroTik would add the ability to graph health information such as voltage and temperature and no I'm not referring about SNMP and API, I am referring to tools->graphing,the same way as resources, queues and interfaces are graphed.
PLEASE!MT please consider doing some BGP and routing-related fixes for christmas.
Would make A LOT of MT users very, very happy! Just to give some examples:
- multi-threading
- BGP4 SNMP MIBs
- better BGP convergence time
- faster route table searches
- fix ipv6 route reflection
- add RPKI support
Hello. It's not a feature request.Hello, why mikrotik does not have the ability to better define user permissions based on roles?
I fully underwrite these features requests. The problem is only I have made almost the same, and more, request on Winbox improvement several times over the years and never even got a reply..... None of these 'ergonomic' adjustments are ever implemented.Features Request!
a. Winbox, lets suppose we want to remove 5 columns and add 6 more. That would require to do 11 times the same thing since the list closes every time. Wouldn't it be easier (for the users not the programmer!) to have check box in front of every option, so as to check-uncheck whatever needed?
b. Winbox again. Wouldn't a rule copy from the start page be easier using the right click? got add-remove-enable-disable etc but no copy. Less windows-less clicks
c. Again winbox! Start page of a menu again (e.g. Firewall). A drop menu for the options (when double-clicked?) would be much faster to change an option. Combined with the second request, making a copy of rule and changing one option would be sth like right click-->copy rule--> double click new rule option-->choose new option.
Yup - it can be a little frustrating when a video about Mikrotik is not in English (the only language I know).And now, for something completely different: (no, not the larch)
With all those YouTube videos from MUM taken from all over the world, it would be nice when the language of the video is always visible in the title.
Some of them are in English or another language I could understand, but more often they are completely incomprehensible to me and it would be useful to make that selection already in the title listing.
Very true! Note that in no way I would suggest not to put videos in other languages on the channel.But - I am also very aware that English is not the only language used in the world.
Youtube has that, but it is not really usable right now except when you want to have fun.- However , with todays technology , I suspect that somewhere there just might be a really smart computer than in real-time can verbally translate the spoken language in a video to English and optionally print the translated language on the bottom of the video at the same time.
I don't want to advocate separating English from non-English videos. We should not consider one language "better" than another.Indeed - it would be nice to separate the non-English videos.
RPKI is really neededRPKI/ROV guys, please. No need to re-invent the wheel.
See RTRlib for a lightweight, open-source C library: http://rpki.realmv6.org/
PS: Perfect for a weekend hackathon @ Mikrotik HQ while the weather outside is bad
It is sort of possible to do that, by clicking the "log" checkmark on the last page (the matched traffic will appear in the log).Something like TORCH on firewall rule!
It would be great if i can select firewall rule and click on torch - and see what traffic is triggering on that rule!
.
time - same logline
time - same logline
the line above are repteated X times.
time - end of repeated lines
|
time - new logline
.
As long as you have connection tracking, and do not use the log on the "established/related" rule (which should be at or near the top of the list), logging on rules further down the list will usually have less volume and certainly not a duplication of the same info.On that being logged many many times the same loglines it would be nice if that could be avoided by buffering the new and same loglines till an other different logline is going to be written to the log.
When you dealing with external logs, this is something you like to avoid at all cost like here in my Splunk - Mikrotik project:the line above are repeated X times.
In RAW I don't have those control options and thinking further about it.As long as you have connection tracking, and do not use the log on the "established/related" rule (which should be at or near the top of the list), logging on rules further down the list will usually have less volume and certainly not a duplication of the same info.On that being logged many many times the same loglines it would be nice if that could be avoided by buffering the new and same loglines till an other different logline is going to be written to the log.
Of course there can still be a lot of new connections logged this way.
Making it optional on rule level is the way to go. The user have to decide, if it is going to be used or not.When you dealing with external logs, this is something you like to avoid at all cost like here in my Splunk - Mikrotik project:the line above are repeated X times.
viewtopic.php?t=137338
When you read logs external programs its hard to understand what is repeated and get the message back together.
And do you have many boxes that sends syslog to same server, it makes it even worse.
So if implemented, this need to be an option.
[Feature Request] :resolve DNS Client Improvements
One of the advantages of RouterOS is its scriptability and the strength of its shell syntax for getting things done. New improvements in the :system and :tool areas have given us more tools than ever, and augmenting existing features with script="" hooks have given us even more places to use those tools. However, it seems like an important scripting primitive (for a network device, at least) has been neglected for some time: :resolve.
You are right. That’s why in this year’s MUM in Tirana i changed the title and description of my presentations from English to Albanian (the language I was going to give them)I don't want to advocate separating English from non-English videos. We should not consider one language "better" than another.Indeed - it would be nice to separate the non-English videos.
I just would like to see the language of the video in the listing.
https://wiki.mikrotik.com/wiki/Manual:T ... _Generatoradd multi-cpu(multi-core) support to Bandwidth Test Tool.
this is required for 10G/SFP+ speeds testing between CCR1036/ or between CRS317-1G-16S+RM devices.
At the moment Bandwidth Test Tool can generate only 2Gbps and utilize only 1 core on CCR routers.
What's hard on doingWhen do we ever see the option of select and copy text in the winbox log files? This has been asked for years.
Plus the option to search for string of caracters?
When studying your logs in winbox it's at times hard to get the eyes focused on what you want to see if there are many lines to read through.
And copy and paste into a text file would make is so easy to quickly select what you are looking for.
ssh mikrotik "/log print" | less
1. I am not doing ssh. 2. I don't want to print anything. I just want to quickly look in my log and highlight a line or try to find just one setting (one mac leaving or connectiong for example on an antenna) so I can see what happened or where something went wrong.What's hard on doingWhen do we ever see the option of select and copy text in the winbox log files? This has been asked for years.
Plus the option to search for string of caracters?
When studying your logs in winbox it's at times hard to get the eyes focused on what you want to see if there are many lines to read through.
And copy and paste into a text file would make is so easy to quickly select what you are looking for.?Code: Select allssh mikrotik "/log print" | less
That is actually already possible.Please make address lists available as destinations in ip route menu.
What's new in 6.41 (2017-Dec-22 11:55):
...
*) bgp - added 32-bit private ASN support;
...
i need me too complete supporto for IPSEC/IKEv2 with EAP Authentication implementation for NordVPNI'd like to ask to complete IPSEC/IKEv2 implementation.
Motivation is : lots of VPN providers - NordVPN and others - are moving to that, leaving L2TP/IPsec disappearing.
Of note: I have some CHRs running on VMware ESXi servers with 10-Gig network cards.Please,
add multi-cpu(multi-core) support to Bandwidth Test Tool.
this is required for 10G/SFP+ speeds testing between CCR1036/ or between CRS317-1G-16S+RM devices.
At the moment Bandwidth Test Tool can generate only 2Gbps and utilize only 1 core on CCR routers.
Since beta version "6.44beta39", bandwidth test utilizes all of the CPU cores.Of note: I have some CHRs running on VMware ESXi servers with 10-Gig network cards.Please,
add multi-cpu(multi-core) support to Bandwidth Test Tool.
this is required for 10G/SFP+ speeds testing between CCR1036/ or between CRS317-1G-16S+RM devices.
At the moment Bandwidth Test Tool can generate only 2Gbps and utilize only 1 core on CCR routers.
A single btest session uses a single CPU - however … multiple btest sessions (a mix of send & receive btest(s) appear to use multiple CPUs.
A single CPU assigned to my CHR ROS system can actually btest using vmxnet-3 Ethernet interfaces through the physical 10-Gig network cards can reach near 10-Gig throughput to another CHR btest device on a different VMware ESXi server.
Additionally , two CHRs running on the same physical VMware ESXi servers using vmxnet-3 interfaces can easily btest to each other at rates faster than 10-Gig (in my case , I have tested two CHRs on the same system at almost 19-Gig. And , a CHR running a btest to the loopback interface 127.0.0.1 can easily hit over 20-Gig. I have never seen a Mikrotik motherboard btest to the loopback 127.0.0.1 interface at even 1/4th that speed.
Also - in my opinion , a CHR running on a decent SuperMicro with fast Intel XEON CPUs and lots of CPU cache has always totally and easily way out performed all Mikrotik motherboards that I have tested. For example, a full BGP load on a 10-Gig feed is almost 10-times faster than a CCR1036 Mikrotik router.
Also - again in my opinion, a CCR1036 is good at speeds less than 2-Gig , and a CRS is more of a switch than a router and they are slower. On both your CCRs and CRS mikrotiks , run a btest to 127.0.0.1 and you will discover they are not all that fast or even in the neighborhood of performance a CHR with good hardware can deliver.
North Idaho Tom Jones
- a mptcp enabled kernel
pound as a loadbalancer service
implement letsencrypt including automatisation for certificare renewals.
That isn't required because when you have no link, you will be disconnected (far to) quickly and lose the open window (reverts to connections list)!Also a green/yellow/red color field within WINBOX to indicate if you are still connected to the router (green - connected, yellow - don't know, red-disconnected)
That is possible with scripts. See my RouterOS Scripts (or at github), especially mode-button-event and mode-button-scheduler.I would love to see the functionality of the Mode button expanded. Specifically, it would be useful to be able to assign different actions taken based on whether the button was pressed once, double-pressed, triple-pressed, or long-pressed.
You can get rid of this. If you do not need the file just add "keep-result=no" to your fetch command. If you do need the file I suppose you read the content later? Just switch to return value to a variable.If anybody from MikroTik is reading this I would make a sugestion that I can somehow disable fetch tool log messages.
I wrote a simple script for fetching public IP address for updating No-ip address, and it works OK, but now I have log flooded with fetch messages.
Not true on MacOS/Wine Winbox.That isn't required because when you have no link, you will be disconnected (far to) quickly and lose the open window (reverts to connections list)!Also a green/yellow/red color field within WINBOX to indicate if you are still connected to the router (green - connected, yellow - don't know, red-disconnected)
What I would like to see is an option to disconnect only after 1-2 minutes of link-down, so it is possible to survive a router reboot somewhere inbetween.
Strange! Under Windows and with Linux/Wine this does not happen, whenever the link is lost you get disconnected within 3 seconds.Not true on MacOS/Wine Winbox.
You get disconnected but it won't through you out (but the clock stops to work!).
+1In "queue tree" please provide the option of specifying limit-at and max-limit as a percentage of the limit on the next higher layer.
When the value of the limit in the parent item changes, automatically re-calculate the values specified by percentage.
Now that you mention this, what about being able to personalize the parameters being shown on the dashboard? It would be useful to use a script to show any value or calculation.Please add temperature and voltage to the dashboard of the Winbox.
Often it is necessary to monitor the parameters and the location on the dashboard would simplify this at times.
winbox upg.jpg
You could replicate this with logging and a syslog (remote) logging server. Bit of a workaroundI would like to receive SNMP traps when WiFi client registration occurs...
for example:
[WIRELESS]--Association:11G STA 80:b0:3d:xx:xx:xx associated with WLAN1 SSID = Mikrotik
It's very useful for smart home automation scenarios
As joegoldman write, syslog is your friend. Look at the project in my signature using Splunk to monitor Mikrotik.I would like to receive SNMP traps when WiFi client registration occurs...
2019-01-24 08:48:09 wireless,info MikroTik: 04:79:70:A9:B1:B3@wlan2: connected, signal strength -45
2019-01-24 08:36:55 wireless,info MikroTik: 04:79:70:A9:B1:B3@wlan2: connected, signal strength -43
2019-01-24 07:51:17 wireless,info MikroTik: 04:79:70:A9:B1:B3@wlan2: connected, signal strength -39
2019-01-23 10:05:08 wireless,info MikroTik: 04:79:70:A9:B1:B3@wlan2: connected, signal strength -32
winbox: please have some feature to set (or completely disable) the live update interval of pages that show counters etc.
A simple yet I think important request: provide IPv6 out of the box. This really requires a package to be present and some default firewall & stateless configuration enabled. I don't see the reason why in 2019 they are shipped with IPv4 only where even cheap consumer routers are IPv6 enabled OOB.
A request:
Please create a 2g/3g/4g high gain antenna (dual chain). mANT LTE 5o is very little.
Actually you can do(...)user has to perform factory reset to get decent configuration as starting point - but loosing whatever already done in other parts (IPv4, wlan, VLAN, ...).
/system default-configuration print file=default-cfg
Why do you think so? Did they said something (even unofficially)?Unfortunately it appears the IPv6 developer has left the company (maybe he was also the BGP developer?)
Actually you can do(...)user has to perform factory reset to get decent configuration as starting point - but loosing whatever already done in other parts (IPv4, wlan, VLAN, ...).after installing IPv6 package and you will get the default config with IPv6 related stuffCode: Select all/system default-configuration print file=default-cfg
I think so, because NO development of these components has appeared aside from some minor bug fixes, for several years.Why do you think so? Did they said something (even unofficially)?Unfortunately it appears the IPv6 developer has left the company (maybe he was also the BGP developer?)
We started renting Mikrotik routers to our customers as a basic managed WiFi solution and one thing that any ISP will run into with this type of setup is the customer hitting the damn reset button.
We'd love a way to change the default configuration that doesn't involve netinstall. It's extremely tedious to have someone sit there and netinstall a stack of routers with our custom configuration. There needs to be a better way! Mikrotiks are so close to being perfect for deploying as managed wifi.
To go with that, a basic Tr069 ACS able to run on RouterOS, like Dude or Userman, would be very useful. As long as it can handle applying configurations, setting wifi info and PPPoE logins, it will get people most of the there. Monitoring bandwidth, latency and WiFi stats would also be useful.
+infinity agree with that, Why in the logs cannot log the hostname/comment if is there, is very annoying to see/debug: mac abc123 connected mac abc123 disconnectedIt would be convinient to CAPSAM and DHCP to log to log not only MAC address but also HOSTNAME if it is known.
Process of transforming MAC 2 HOST is tedious and if log changes quickly you have no chance to check who is associating/dhcping
DHCP server lease script can help you:It would be convinient to CAPSAM and DHCP to log to log not only MAC address but also HOSTNAME if it is known.
Process of transforming MAC 2 HOST is tedious and if log changes quickly you have no chance to check who is associating/dhcping
:local leaseHostName;
:if ($leaseBound = 1) do={
:set leaseHostName $"lease-hostname";
:log info ("DHCP server: $leaseServerName => MAC: $leaseActMAC => IP: $leaseActIP => Host Name: " . $leaseHostName);
};
https://wiki.mikrotik.com/wiki/Manual:N ... v2_networkMikrotik's wireless nv2 protocol ( a version of TDMA ) currently does not use encryption ( I think I am correct here … ).
+1Can we get standard 802.11s support?
I see that feature on some systems but frankly I just find it irritating (session has been logged out when you come back to it after studying how to solve some issue),For more security, automatically logging out after the SSH session was idle eg for 10 minutes would be great!
SSH forwarding introduces a session takeover scenario, so there is security value of this feature (which is why other vendors implement it). Perhaps a default of 1h or never is better.I see that feature on some systems but frankly I just find it irritating (session has been logged out when you come back to it after studying how to solve some issue),For more security, automatically logging out after the SSH session was idle eg for 10 minutes would be great!
and frankly I don't see how that adds any security. Maybe a little more for telnet where you conceivably could take over the open session when you are at an
intermediate router, but for SSH that does not work.
The topic is marked as "Solved"
IEEE1588 and SyncE would be great, but requires specific support in hardware level
Also +1+1Can we get standard 802.11s support?
802.11s would be useful to mesh for example with OpenWRT based devices (some of which may be routerboards
[...]
Please implement mesh protocols compatible with non-RouterOS devices!
Isn't it the existing Session -> Close Windows?A feature I would like to see in Winbox is a new selection to close all winbox windows
Example - many many windows open in winbox , click close-all and presto they all close and you still have your connected winbox session
North Idaho Tom Jones
Hmmm , yea I know if I exit my winbox to a remote Mikrotik then the all the sessions associated with that winbox connection close.Isn't it the existing Session -> Close Windows?A feature I would like to see in Winbox is a new selection to close all winbox windows
Example - many many windows open in winbox , click close-all and presto they all close and you still have your connected winbox session
North Idaho Tom Jones
Or I'm not understanding you... or for sure it is the existing option "Session->Close All Windows". It closes all the windows without disconnecting the winbox session. Please, check itA feature I would like to see in Winbox is a new selection to close all winbox windows
Example - many many windows open in winbox , click close-all and presto they all close and you still have your connected winbox session
North Idaho Tom Jones
OOoooOr I'm not understanding you... or for sure it is the existing option "Session->Close All Windows". It closes all the windows without disconnecting the winbox session. Please, check itA feature I would like to see in Winbox is a new selection to close all winbox windows
Example - many many windows open in winbox , click close-all and presto they all close and you still have your connected winbox session
North Idaho Tom Jones
I think that does not fit within the design philosophy of RouterOS (where you get low-level tools rather than high-level blocks that perform a complex task).So, a feature request for RouterOS, formal, flexible port knocking.
Knocking should allow any combination and order of ports and protocols, up to N layers deep.
Kids control.I think that does not fit within the design philosophy of RouterOS (where you get low-level tools rather than high-level blocks that perform a complex task).
Dear Mikrotik, what about automatic sertificates from Let's Encrypt?
From the manual page (https://ndilieto.github.io/uacme/ ), it appears uacme supports dns-01 challenges and allows total flexibility by the --hook option, which calls an external script to accept, decline or set up the challenge environment.I'm sure that MikroTik can easily write their own ACME client. But it's even more important how it should fit into RouterOS and work for as many scenarios as possible.
For example, maybe you just want certificate for https WebFig (or SSTP server). Sounds easy, right? There's already a webserver on router, so simple http-01 validation can be used. But what if you don't want or can't open port 80 (AFAIK http-01 always starts with plain http on standard port 80)? It would be the case on at least half of routers where I'd like to use Let's Encrypt certificates, because there's typically only one public address and standard http(s) ports are already forwarded to some internal webserver. There would have to be support for dns-01 validation and it has different problems too.
I think it's doable, I tried some suggestions in Support for ACME/Let's Encrypt certificate management thread, but so far it doesn't look like anyone from MikroTik though "oh yes, it's super-awesome, we need to have that!" Maybe try to invent some other foolproof plan that will finally convince them.
If specified, uacme executes PROGRAM (a binary, a shell script or any file that can be executed by the operating system) for every challenge with the following 5 string arguments:
METHOD one of begin, done or failed.
begin is called at the beginning of the challenge. PROGRAM must return 0 to accept it. Any other return code declines the challenge. Neither done nor failed method calls are made for declined challenges.
done is called upon successful completion of an accepted challenge.
failed is called upon failure of an accepted challenge.
TYPE challenge type (for example dns-01 or http-01)
IDENT The identifier the challenge refers to
TOKEN The challenge token
AUTH The key authorization (for dns-01 already converted to the base64-encoded SHA256 digest format to be provisioned as _acme-challenge DNS TXT record).
I've tried to search this topic, but I haven't found it (hope there are not any duplicates):
NTP Client - Possibility to use server name, not just IP address
exFAT (FAT64) or NTFS support - yes, MT is not NAS (it's slow), but it would be great to use file system capable of handling >4GB file complatible with Windows (you have HDD with big files and you want to share some files - you cannot connect it to MT, you have to reformat it to FAT32, copy everything except for big files back...)
Wireless - move Country and Distance setting to Simple Mode - you can set every other important "basic" setting in simple mode, but you have to switch to Advanced Mode for these two settings.
Quick Set - It's working with WPA1 password. It doesn't recognise, when you manually set WPA2-PSK AES only password. It requires also setting WPA1 password (even if WPA1 is not allowed), otherwise Quick Set shows WiFi password red and empty (WPA2 only is used)
Yea , using a connect list with MAC address could almost work (almost).And it is already available... you can make a connect list with different MAC addresses for the same SSID.
Re compatibility problems - that is the reason I stated optional setting. Default on an upgrade to a newer ROS with such a feature should be default Off.Why use SSID for this? This may bring compatibilty problems. Wouldn't a preferred list of AP's (e.g. by address instead of SSID) on the client alone help with your issues? So no change on the AP side necessary.
When you have to manage 300 devices you should have some mechanism in place to support remote management.Thus, if you have 300 clients connecting to a tower with more than one AP , then you can end up with 300 clients that need to be reconfigured/re-programmed.
I've been down this road many times in the past and it ain't pretty.
Re: … mechanism in place to support remote management …When you have to manage 300 devices you should have some mechanism in place to support remote management.Thus, if you have 300 clients connecting to a tower with more than one AP , then you can end up with 300 clients that need to be reconfigured/re-programmed.
I've been down this road many times in the past and it ain't pretty.
It can be done with MikroTik. I have seen solutions for that presented at MUM events.
E.g. you make a scheduled job that runs once a day and attempts to download some file with a naming convention depending on the client, and when it exists it imports that file.
(it would be a good idea to have some version numbering so you can avoid re-running the same file every day after it has been already run once)
There should be more explicit support for that in the Dude.
This is very much needed.Routeros openvpn server needs a way to push routes to the clients.
These issues are completely independent. You need a bulk management method to distrubute any configuration changes to your clients, but apparently you already have it.The problem with bulk management is configuring an algorithm which does two thing - 1; load share connected clients on APs and 2; define a set of client preferred APs to use when available.
I had similar issue (although I do not run commercial ISP but community network). My solution was to use my own MAC addresses (invented for the purpose) for network adapters.That means, after I replace adapter, I set designated MAC for that AP and clients see no difference.Using a MAC address connect method presents a management problem for all clients when an AP needs to be replaced or upgraded.
A change of an AP, can result in a different MAC address , which then can result if every wireless client needing to be re-configured.
Thus, if you have 300 clients connecting to a tower with more than one AP , then you can end up with 300 clients that need to be reconfigured/re-programmed.
I've been down this road many times in the past and it ain't pretty.
I would love to see this also. Often on lower end RBs people dont realize how much CPU load winbox/mgmt can have on the device. the more winbox windows open, the more updates that have to be sent, thus more CPU load (im talking in a single winbox session/window / connected to a single routerboard).A feature I would like to see in Winbox is a new selection to close all winbox windows
Example - many many windows open in winbox , click close-all and presto they all close and you still have your connected winbox session
North Idaho Tom Jones
Then why did you not notice the replies made to Tom that this feature is already available?I would love to see this also.A feature I would like to see in Winbox is a new selection to close all winbox windows
Example - many many windows open in winbox , click close-all and presto they all close and you still have your connected winbox session
North Idaho Tom Jones
wrongThe suggestion from another user session-> close all windows , only occurs when you EXIT winbox (ie the next time you connect all windows will be closed).
oh wow, you are correct, choosing session-> close all windows , does infact accomplish this (wo existing the app). thanks!wrongThe suggestion from another user session-> close all windows , only occurs when you EXIT winbox (ie the next time you connect all windows will be closed).
netwatch with option to set src-address will make easier to test connections on multi connection routers...and the possibility to set source address (e.g. remote ipsec hosts)Hey, Mikrotik team!
Please extend "netwatch" funtionality a little bit. It is a nice feature, but so undeveloped.
It will be nice to have an option to set amount of ping to send before change status to down and at its frequency.
any poe-command (even print command) causes error in script if HW doesn't have poe-out interfaces...