Community discussions

 
3liswaid
newbie
Topic Author
Posts: 44
Joined: Thu Feb 14, 2019 5:12 pm
Location: Syria
Contact:

Rb951ui-2nD issues

Sun Feb 24, 2019 11:05 pm

Hi,
i have some issues with my Mikrotik router Rb951ui-2nD.
i will write them one by one.
1-sometime the router reboot automatically throughout the working hours.
i have 3 WLANs and 1AP and connect my PC through Ethernet.
all the interfaces down for 1 min then all up.
2-when i apply something new the router WLAN goes down then up again
this is for some configuration not for the all.
3-if i apply the tick box for (VPN Access) the WLAN goes down and it's up again but the default security profile is edited to be open. so the same WLAN comeback up without a password (it's open WLAN)
-4 i have made queues and when some que reach the limit it affects the ping a little bit
it raises from 80ms to 110ms (ping to 8.8.8.8) is it CPU load?
5-i want to connect a 4G router through USB ( it's not a stick)
it's Huawei 4G router like ES577
this router comes with APN inside it ( no need to configure the APN from Mikrotik router)
please your help
the Mikrotik router has recognised the Huawei 4G router
 
BRMateus2
Frequent Visitor
Frequent Visitor
Posts: 70
Joined: Thu Oct 26, 2017 11:18 pm

Re: Rb951ui-2nD issues

Mon Feb 25, 2019 4:50 pm

What version of RouterOS and firmware you are using?
 
3liswaid
newbie
Topic Author
Posts: 44
Joined: Thu Feb 14, 2019 5:12 pm
Location: Syria
Contact:

Re: Rb951ui-2nD issues

Tue Feb 26, 2019 12:50 am

What version of RouterOS and firmware you are using?
current firmware:6.43.12
RouterOS v6.43.12 (stable)
 
3liswaid
newbie
Topic Author
Posts: 44
Joined: Thu Feb 14, 2019 5:12 pm
Location: Syria
Contact:

Re: Rb951ui-2nD issues

Tue Feb 26, 2019 1:19 am

MIPSBE
 
BRMateus2
Frequent Visitor
Frequent Visitor
Posts: 70
Joined: Thu Oct 26, 2017 11:18 pm

Re: Rb951ui-2nD issues

Tue Feb 26, 2019 1:39 am

Please
/export hide-sensitive
in terminal.
 
3liswaid
newbie
Topic Author
Posts: 44
Joined: Thu Feb 14, 2019 5:12 pm
Location: Syria
Contact:

Re: Rb951ui-2nD issues

Tue Feb 26, 2019 11:25 am

Please
/export hide-sensitive
in terminal.
# feb/26/2019 03:34:32 by RouterOS 6.43.12
# software id = 7AJ5-IU6H
#
# model = 951Ui-2nD
# serial number = 925109E50438
/interface bridge
add admin-mac=B8:69:F4:0B:4C:A4 auto-mac=no disabled=yes name=Bridge01
add disabled=yes mtu=1500 name=Bridge02
add disabled=yes name=Bridge03
add disabled=yes name=Bridge04
/interface ethernet
set [ find default-name=ether1 ] name=Ether01
set [ find default-name=ether2 ] name=Ether02
set [ find default-name=ether3 ] name=Ether03
set [ find default-name=ether4 ] name=Ether04
set [ find default-name=ether5 ] name=Ether05
/interface ppp-client
add add-default-route=no apn=net.syriatel.com dial-on-demand=no name="3G Modem"
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] eap-methods="" supplicant-identity=MikroTik
add eap-methods="" management-protection=allowed name="Security Profile" supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-eC country=syria disabled=no frequency=auto mode=ap-bridge name=WLAN-Mikrotik security-profile=\
    "Security Profile" ssid=MikroTik wireless-protocol=802.11
add disabled=no keepalive-frames=disabled mac-address=BA:69:F4:0B:4C:A9 master-interface=WLAN-Mikrotik multicast-buffering=disabled name=Ab security-profile=\
    "Security Profile" ssid=Ab wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=BA:69:F4:0B:4C:AA master-interface=WLAN-Mikrotik multicast-buffering=disabled name=Amr security-profile=\
    "Security Profile" ssid=Amr wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/ip firewall layer7-protocol
add name=Torrent regexp=\
    "^(\\x13bittorrent protocol|azver\\x01\$|get /scrape\\\?info_hash=get /announce\\\?info_hash=|get /client/bitcomet/|GET /data\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[RP]"
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name="Pool 02" ranges=172.16.0.10-172.16.255.254
add name="Pool 03" ranges=192.168.3.10-192.168.3.254
add name=dhcp ranges=10.0.0.10-10.255.255.254
add name="Pool 04" ranges=192.168.4.10-192.168.4.254
add name=vpn ranges=192.168.89.2-192.168.89.255
add name="3G pool" ranges=192.168.10.10-192.168.10.254
/ip dhcp-server
add address-pool="Pool 02" disabled=no interface=Ether02 name=dhcp02
add address-pool="Pool 03" disabled=no interface=Ether03 name=dhcp03
add address-pool=dhcp disabled=no interface=Ether05 name=dhcp01
add address-pool="Pool 04" disabled=no interface=Ether04 name=dhcp04
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/queue simple
add disabled=yes max-limit=10M/10M name="Bridge01 Mikrotik" priority=1/1 target=10.0.0.0/8
add disabled=yes max-limit=2M/2M name="Bridge02 Amr" target=172.16.0.0/16
add disabled=yes name="Bridge04 Eth04" target=192.168.4.0/24
add disabled=yes max-limit=256k/1M name="Bridge03 Ab" target=192.168.3.0/24
/queue tree
add disabled=yes max-limit=5M name="All bandwidth" parent=global priority=1
add max-limit=4M name=Download packet-mark=client-dw-pk parent="All bandwidth" priority=2
add max-limit=4M name=http-dw-pk packet-mark=http-dw-pk parent=Download priority=1
add max-limit=2M name=other-dw-pk packet-mark=other-dw-pk parent=Download priority=6
add max-limit=1M name=Upload packet-mark=client-up-pk parent="All bandwidth" priority=2
add max-limit=1M name=http-up-pk packet-mark=http-up-pk parent=Upload priority=1
add max-limit=512k name=other-up-pk packet-mark=other-up-pk parent=Upload priority=6
/tool user-manager customer
set admin access=own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add bridge=Bridge01 disabled=yes interface=Ether01
add bridge=Bridge02 disabled=yes interface=Ether02
add bridge=Bridge04 disabled=yes interface=Ether04
add bridge=Bridge01 disabled=yes interface=WLAN-Mikrotik
add bridge=Bridge03 disabled=yes interface=Ab
add bridge=Bridge02 disabled=yes interface=Amr
add bridge=Bridge03 disabled=yes interface=Ether03
add bridge=Bridge01 disabled=yes interface=Ether05
/interface l2tp-server server
set enabled=yes use-ipsec=yes
/interface list member
add interface=Ether02 list=LAN
add interface=Ether03 list=LAN
add interface=Ether04 list=LAN
add interface=Ether05 list=LAN
add interface=Ether01 list=WAN
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/interface wireless access-list
add comment="Note 5" mac-address=80:35:C1:52:DB:52
add comment="Asus PC" mac-address=F8:59:71:43:2C:18 vlan-mode=no-tag
/interface wireless cap
set bridge=Bridge01 discovery-interfaces=Bridge01 interfaces=WLAN-Mikrotik
/ip address
add address=172.16.0.1/16 interface=Ether02 network=172.16.0.0
add address=192.168.3.1/24 interface=Ether03 network=192.168.3.0
add address=10.0.0.1/8 interface=Ether05 network=10.0.0.0
add address=192.168.4.1/24 interface=Ether04 network=192.168.4.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=Bridge01
add dhcp-options=hostname,clientid disabled=no interface=Ether01
/ip dhcp-server network
add address=10.0.0.0/8 gateway=10.0.0.1 netmask=8
add address=172.16.0.0/16 gateway=172.16.0.1 netmask=16
add address=192.168.3.0/24 gateway=192.168.3.1 netmask=24
add address=192.168.4.0/24 gateway=192.168.4.1 netmask=24
/ip dns
set servers=8.8.8.8
/ip firewall filter
add action=add-src-to-address-list address-list="Torrent Users" address-list-timeout=1m chain=forward comment=Torrent disabled=yes layer7-protocol=Torrent log-prefix=\
    Torrent
/ip firewall mangle
add action=mark-connection chain=forward comment=client-dw-conn in-interface=Ether01 new-connection-mark=client-dw-conn passthrough=yes
add action=mark-packet chain=forward comment=client-dw-pk connection-mark=client-dw-conn new-packet-mark=client-dw-pk passthrough=yes
# Bridge01 not ready
add action=mark-connection chain=prerouting comment=client-up-conn in-interface=Bridge01 new-connection-mark=client-up-conn passthrough=yes
add action=mark-packet chain=prerouting comment=client-up-pk connection-mark=client-up-conn new-packet-mark=client-up-pk passthrough=yes
add action=mark-packet chain=forward comment=http-dw-pk new-packet-mark=http-dw-pk packet-mark=client-dw-pk passthrough=no port=80,443 protocol=tcp
add action=mark-packet chain=forward comment=http-up-pk new-packet-mark=http-up-pk packet-mark=client-up-pk passthrough=no port=80,443 protocol=tcp
add action=mark-packet chain=forward comment=other-dw-pk new-packet-mark=other-dw-pk packet-mark=client-dw-pk passthrough=yes
add action=mark-packet chain=forward comment=other-up-pk new-packet-mark=other-up-pk packet-mark=client-up-pk passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=192.168.89.0/24
/ip route
add distance=1 dst-address=10.32.245.189/32 gateway=Ether01
/ppp secret
add local-address=192.168.0.100 name=vpn
/system clock
set time-zone-name=Asia/Damascus
/system console
set [ find ] disabled=yes
add
/tool graphing interface
add interface=Ether01
/tool traffic-monitor
add disabled=yes interface=Ether04 name="AP Downlink" threshold=0 trigger=always
add disabled=yes interface=Ether04 name="AP UP" threshold=0 traffic=received trigger=always
/tool user-manager database
set db-path=flash/user-manager
 
BRMateus2
Frequent Visitor
Frequent Visitor
Posts: 70
Joined: Thu Oct 26, 2017 11:18 pm

Re: Rb951ui-2nD issues

Tue Feb 26, 2019 5:08 pm

1. This might be port flapping, that means not related to any attacks or vulnerabilities - you might want to disable hardware offloading and enable cpu offloading as I had this same issue with my RB951G.
Seems related to a bad cable/layer1 with mixed ethernet negotiation speeds, where any renegotiation crashes the whole switch.
/interface bridge port .. hw=off
/interface ethernet switch
set 0 cpu-flow-control=yes name=switch1

2. This is normal if you are modifying anything related directly or indirectly to WLAN, even the bridges assimilation, except firewall for example.


3. I don't know about that, seems a bug which you can report with supout "support file" to support@mikrotik.com. You can create a new profile and do not use the default at all, if it works, it is some strange behaviour.


4. Your router can handle about 60mbps with some massive home queues using PCQ and more with less mangling - atleast 250mbps with fasttrack (which ignores Queues).
You might want to fix the Queues to PCQ model, where I use a 25ms buffer to pcq-limit and (pcq-limit-total = 2 * pcq-limit).
The reason of ping latency oscilating with queues might be related to you are using pfifo, which is a first-in-first-out algorithm, so it depends on how many packets are on the buffer.
Example
/queue type
add kind=pcq name=QoS-PCQ-Download pcq-classifier=dst-address,dst-port pcq-limit=128KiB pcq-total-limit=256KiB
add kind=pcq name=QoS-PCQ-Upload pcq-classifier=dst-address pcq-limit=20KiB pcq-total-limit=40KiB

5. I'm sorry but I don't know about this. You might want to read this: https://blog.ligos.net/2018-03-01/Mikro ... lover.html


At your mangle rules, the mark packet does not need passthrough (only connection mark needs). This optimizes a little (1-4%).
 
3liswaid
newbie
Topic Author
Posts: 44
Joined: Thu Feb 14, 2019 5:12 pm
Location: Syria
Contact:

Re: Rb951ui-2nD issues

Wed Mar 13, 2019 3:29 pm

1. This might be port flapping, that means not related to any attacks or vulnerabilities - you might want to disable hardware offloading and enable cpu offloading as I had this same issue with my RB951G.
Seems related to a bad cable/layer1 with mixed ethernet negotiation speeds, where any renegotiation crashes the whole switch.
/interface bridge port .. hw=off
/interface ethernet switch
set 0 cpu-flow-control=yes name=switch1

2. This is normal if you are modifying anything related directly or indirectly to WLAN, even the bridges assimilation, except firewall for example.


3. I don't know about that, seems a bug which you can report with supout "support file" to support@mikrotik.com. You can create a new profile and do not use the default at all, if it works, it is some strange behaviour.


4. Your router can handle about 60mbps with some massive home queues using PCQ and more with less mangling - atleast 250mbps with fasttrack (which ignores Queues).
You might want to fix the Queues to PCQ model, where I use a 25ms buffer to pcq-limit and (pcq-limit-total = 2 * pcq-limit).
The reason of ping latency oscilating with queues might be related to you are using pfifo, which is a first-in-first-out algorithm, so it depends on how many packets are on the buffer.
Example
/queue type
add kind=pcq name=QoS-PCQ-Download pcq-classifier=dst-address,dst-port pcq-limit=128KiB pcq-total-limit=256KiB
add kind=pcq name=QoS-PCQ-Upload pcq-classifier=dst-address pcq-limit=20KiB pcq-total-limit=40KiB

5. I'm sorry but I don't know about this. You might want to read this: https://blog.ligos.net/2018-03-01/Mikro ... lover.html


At your mangle rules, the mark packet does not need passthrough (only connection mark needs). This optimizes a little (1-4%).

i want to thank you :)

Who is online

Users browsing this forum: No registered users and 105 guests