m2mDNS server for Chromecast/Bonjour/ZeroConfig across VLANs.
WiFi networks are too big to have all the available devices all bridged to the LAN.
Would be nice to then firewall what devices are discoverable.
m2mDNS server for Chromecast/Bonjour/ZeroConfig across VLANs.
WiFi networks are too big to have all the available devices all bridged to the LAN.
Would be nice to then firewall what devices are discoverable.
Which functionality can you enable/configure in SwOS that can not be done in ROS?I hope full SwOS function are merged into RouterOS
The only sensible part of this wish is "letsencrypt support for SSL certificates" ...A solution like ha proxy in router os v7 would be usefull I like to run multiple ssl sites behind my mikrotik router on 1 public ip and lets encrypt support to automaticly secure them with ssl
While I did not make this request and do not need such functions, I would say that my CCR routers have so much CPU, crypto accel and RAM capacity that is sitting unused that it would certainly be worth it to load them with something like this, e.g. when the webserver itself gets a little overloaded by the crypto.PC hardware is much better suited to run such service than average xMIPS/ARM deployed in RBs. Not to mention additional RAM needed by this functionality (it needs to keep list of active connections if load-ballancing functionality of haproxy is used). Plus all encryption/decryption (not sure if that can/will be offloaded to HW on units that have such hardware).
Apparently we have different definition of expensive... I think our CCR1009's are quite cheap.I'd say that such an expensive hardware (as CCRs are)
I agree with that! But talking to MikroTIk staff it became clear to me that nothing is to be expected in that department.I think devs' time would be better used when implementing full feature set for IPv6 ... for example.
Perhaps not ... but we might have different perspectives. Me, for example, I associate CCRs with decent LAN size which deserves some dedicated boxes to do some things ... such as dedicated server for http/https and in this case CCR should do routing and firewalling. On the other hand I expect to see budget hardware (hEX/hAP) to do stuff where it is sensible to join different tasks on small number of devices.Apparently we have different definition of expensive... I think our CCR1009's are quite cheap.I'd say that such an expensive hardware (as CCRs are)
also here ... for securing IoT over VLANs, etc.m2mDNS server for Chromecast/Bonjour/ZeroConfig across VLANs.
WiFi networks are too big to have all the available devices all bridged to the LAN.
Would be nice to then firewall what devices are discoverable.
Log interface traffic counter to a syslog server. There you can see it number or you can graph it if you like.Monthly traffic per interface. Dont tell me about graphing. Its not fine for me.
It may be that he has one of those ISPs that have "limited bundle of traffic". Some other routers offer an optionLog interface traffic counter to a syslog server. There you can see it number or you can graph it if you like.Monthly traffic per interface. Dont tell me about graphing. Its not fine for me.
See link in my signature on how to set up Splunk (syslog server) to log MikroTik Routers.
This is the conundrum of IPv6 - the "no one is asking for it" line is the weakest excuse for not deploying IPv6. 99.999% of customers won't ask for it, nor should they. If it is done correctly they'll never even notice they are using it. Operators don't deploy it because vendor implementations are incomplete. IPv6 deployment is quite profound in mobile and smartgrid networks, and (at least in the US), nearly all major providers offer it (Comcast, ATT, Spectrum, etc.) and the content has been there for years. If Mikrotik would implement feature parity with IPv4 then the bar is further lowered.Apparently we have different definition of expensive... I think our CCR1009's are quite cheap.I'd say that such an expensive hardware (as CCRs are)
I agree with that! But talking to MikroTIk staff it became clear to me that nothing is to be expected in that department.I think devs' time would be better used when implementing full feature set for IPv6 ... for example.
Apparently most of their customers are not interested in IPv6.
Yes i agree with you. There is no major concentration to IPv6 Modules from Mikrotik Team.This is the conundrum of IPv6 - the "no one is asking for it" line is the weakest excuse for not deploying IPv6. 99.999% of customers won't ask for it, nor should they. If it is done correctly they'll never even notice they are using it. Operators don't deploy it because vendor implementations are incomplete. IPv6 deployment is quite profound in mobile and smartgrid networks, and (at least in the US), nearly all major providers offer it (Comcast, ATT, Spectrum, etc.) and the content has been there for years. If Mikrotik would implement feature parity with IPv4 then the bar is further lowered.Apparently we have different definition of expensive... I think our CCR1009's are quite cheap.I'd say that such an expensive hardware (as CCRs are)
I agree with that! But talking to MikroTIk staff it became clear to me that nothing is to be expected in that department.I think devs' time would be better used when implementing full feature set for IPv6 ... for example.
Apparently most of their customers are not interested in IPv6.
If we put even 1/8 of the effort into doing v6 as we did painting over the rusty carcas of ipv4 we would have been done a decade ago. Come on, Mikrotik, this is fundamental stuff.
nb
That is probably the biggest problem in IPv6 adaptation! When you do it correctly, nobody notices it. When you make a mistake, people complain that things thatThis is the conundrum of IPv6 - the "no one is asking for it" line is the weakest excuse for not deploying IPv6. 99.999% of customers won't ask for it, nor should they. If it is done correctly they'll never even notice they are using it.
Do you have any experience with that in practice, or is it only a proposal?But if you have a network so important it need 2x isp's, you could probably send that email and ask one of the isp's for a PI space as well. with ipv6 PI space, announced by the isp's or announced via a privateAS bgp should be the default solution for a small multihomed network, since the address space is so abundant, getting PI space is an email or 2 away. and not the problem it was on ipv4.
Very interesting, can you share some details about Rancid and Mikrotik backup?I suggest you look at RANCID, it does what you've described. Works for me, as well as with much other network equipment.There is this small, not-well-known but very useful tool called "etckeeper" for Linux, which automatically commits all changes you do on your configuration to the version-control-system of your choice (git, svn...). An implementation of that for MikroTik would be interesting
+1BGP option like Juniper "advertise-inactive".
+1A solution like ha proxy in router os v7 would be usefull I like to run multiple ssl sites behind my mikrotik router on 1 public ip and lets encrypt support to automaticly secure them with ssl
/interface wireless access-list
add mac-address=01:01:01:01:01:01 private-pre-shared-key=testvlan1
add mac-address=02:02:02:02:02:02 private-pre-shared-key=testvlan105 vlan-id=105 vlan-mode=use-tag
/interface wireless access-list
add mac-address=00:00:00:00:00:00 private-pre-shared-key=testvlan1
add mac-address=02:02:02:02:02:02 private-pre-shared-key=testvlan105 vlan-id=105 vlan-mode=use-tag
/interface wireless access-list
add mac-address=00:00:00:00:00:00 private-pre-shared-key=testvlan1
add mac-address=00:00:00:00:00:00 private-pre-shared-key=testvlan105 vlan-id=105 vlan-mode=use-tag
/code]
Damn... patent... that's why you can't have a toilet that flush properly or a saw that can saw without being over complicated these days...You are aware that this feature is patented by Ruckus?
WIFI multiple PSK ACL with wildcard MAC.
Here Engenius description on that. Ruckus also have something similar and I think Meraki also do so...
https://www.engeniustech.com/mypsk-a-ne ... porations/
Here discussion about the issue on the forum
viewtopic.php?p=913911&hilit=dpsk#p913911
Basic idea is to have a single SSID and allow multiple PSK and assigned VLAN based on PSK used. That is use in hotel or nursing home application where device does not always play well with WPA2-Enterprise (RADIUS). Basic idea, each room have it's own PSK on a single SSID and VLAN are assign based on PSK used, so device on same "room" can communicate with each other. Alexa, ChromeCast, Tablet...
Right now wifi ACL allow for (almost) that, but MAC need to be know. Also a "wildcard" MAC is allowed, but only the first one is evaluated. Need to have multiple wildcard, if first failed, check the next...
This is working
This is also workingCode: Select all/interface wireless access-list add mac-address=01:01:01:01:01:01 private-pre-shared-key=testvlan1 add mac-address=02:02:02:02:02:02 private-pre-shared-key=testvlan105 vlan-id=105 vlan-mode=use-tag
But this is not, and that is requieredCode: Select all/interface wireless access-list add mac-address=00:00:00:00:00:00 private-pre-shared-key=testvlan1 add mac-address=02:02:02:02:02:02 private-pre-shared-key=testvlan105 vlan-id=105 vlan-mode=use-tag
Code: Select all/interface wireless access-list add mac-address=00:00:00:00:00:00 private-pre-shared-key=testvlan1 add mac-address=00:00:00:00:00:00 private-pre-shared-key=testvlan105 vlan-id=105 vlan-mode=use-tag /code] [/quote]