Thanks becsHow can spanning tree port states be seen? (show spanning-tree equavelant)Code: Select all/interface bridge monitor bridge1 /interface bridge port monitor [find where bridge=bridge1] /interface bridge msti monitor [find]
Agree but winbox isn't alway possible to use.I think i would be interesting to have an option inside Winbox to automatically create a vlan rule on a brige when adding a vlan interface to it.
This would create a vlan rule with the vlan id of the interface, including all bridge ports.
Victory, I now feel confident enough to migrate some additional VLANs over nowThanks becsHow can spanning tree port states be seen? (show spanning-tree equavelant)Code: Select all/interface bridge monitor bridge1 /interface bridge port monitor [find where bridge=bridge1] /interface bridge msti monitor [find]
[admin@rtr1] > interface bridge port monitor [ find where bridge=br-master1 ]
interface: eth4 eth5
status: in-bridge in-bridge
port-number: 1 2
role: root-port alternate-port
edge-port: no no
edge-port-discovery: yes yes
point-to-point-port: no no
external-fdb: no no
sending-rstp: yes yes
learning: yes no
forwarding: yes no
internal-root-path-cost: 10 10
designated-bridge: 0x2000.8C:B6:4F:20:21:80 0x2000.8C:B6:4F:20:21:80
designated-internal-cost: 0 0
designated-port-number: 57 58
multicast-router: no no
Another possibility would be to optionally create a default vlan rule for newly created bridges, allowing all tagged vlan-id on all ports of the bridge. If this does not trig a performance issue.Agree but winbox isn't alway possible to use.I think i would be interesting to have an option inside Winbox to automatically create a vlan rule on a brige when adding a vlan interface to it.
This would create a vlan rule with the vlan id of the interface, including all bridge ports.
I still think that step need to be simplified
Enviado de meu XT1580 usando Tapatalk
you mean, untagged on some ports and tagged on others? or both untagged and tagged on the same port (schrodinger vlan)?..It is not possible to use untagged and tagged vlan-id=1 traffic at the same time.
i think some like thatAnother possibility would be to optionally create a default vlan rule for newly created bridges, allowing all tagged vlan-id on all ports of the bridge. If this does not trig a performance issue.
I tried to put such a rule, with vlan-ids 2-4094. This does not seem to rise the CPU %.
# This part you tell Mikrotik the port mode
/interface bridge port
add bridge=br-trunk1 interface=ether23 |\
add bridge=br-trunk1 interface=ether19 | TRUNK PORTS
add bridge=br-trunk1 interface=ether22 |/
add bridge=br-trunk1 interface=ether2 pvid=2 |\
add bridge=br-trunk1 interface=ether3 pvid=2 | \
add bridge=br-trunk1 interface=ether4 pvid=2 | \
add bridge=br-trunk1 interface=ether5 pvid=2 | \
add bridge=br-trunk1 interface=ether6 pvid=2 | \
add bridge=br-trunk1 interface=ether7 pvid=2 | \
add bridge=br-trunk1 interface=ether8 pvid=2 | ACCESS PORTS
add bridge=br-trunk1 interface=ether17 pvid=2 | /
add bridge=br-trunk1 interface=ether18 pvid=2 | /
add bridge=br-trunk1 interface=ether14 pvid=4 | /
add bridge=br-trunk1 interface=ether15 pvid=5 | /
add bridge=br-trunk1 interface=ether17 pvid=2 | /
add bridge=br-trunk1 interface=ether20 pvid=220|/
/interface bridge vlan
## Make Mikrotik smart enough to understand that vlans belong to the same bridge
# Tell that on eth is allowed only this tagged vlan
add bridge=br-trunk1 interface=ether23 tagged-vlan-ids=2,4,5,6,7,99,210,220
# Tell that on eth is allowed only this tagged vlan
add bridge=br-trunk1 interface=ether19 tagged-vlan-ids=4,5,6,7,99
# Tell that on eth is allowed only this tagged vlan
add bridge=br-trunk1 interface=ether22 tagged-vlan-ids=210,220
#----------------------------------
# a Hybrid mode e.g
add bridge=br-trunk1 interface=ether22 tagged-vlan-ids=210,220 utagged-vlan-ids=2
I think he means "have vlan 1 tagged on some port, and at the same time have some other vlan untagged on that or another port".you mean, untagged on some ports and tagged on others? or both untagged and tagged on the same port (schrodinger vlan)?..It is not possible to use untagged and tagged vlan-id=1 traffic at the same time.
FIPTech, I'm not following you. I just did a test with 2 MikroTik's and 2 Cisco routers in GNS3. I used the new VLAN aware bridges with the PVID set to 1. I added an IP directly to the bridge. I setup the link between the MIkroTik's to send traffic untagged for VLAN1 and the Cisco routers to tag VLAN1 with an IP on that sub-interface.According to a simple test i've just done on a vlan aware bridge, it is not possible to use tagged vlan 1 and untagged traffic at the same time.
As soon as a bridge vlan rule is set with vlan-ids=1 and bridge ports added as tagged, Winbox connection (connected on the bridge untagged vlan IP) is lost.
This result seems to confirm what i felt yesterday : because of the internal vlan id = 1 used for untagged external traffic, It is not possible to use untagged and tagged vlan-id=1 traffic at the same time.
The hardware switches i'm used to, (procurves) do allow to use untagged and tagged vlan=1 at the same time without any problem. More, vlan=1 is the default vlan vlan-id in those switches. This mean that it is not uncommon to see vlan 1 tagged inside an hybrid trunk, with untagged traffic from another vlan. In this case, it is not possible to connect such an hybrid trunk on a Mikrotik vlan aware bridge.
Please confirm. If i'm right this should be clearly stated in the documentation, or better, corrected in the code.
/interface bridge
add name=br-master1 protocol-mode=stp vlan-filtering=yes
/interface bridge port
add bridge=br-master1 interface=ether4
add bridge=br-master1 interface=ether1
add bridge=br-master1 interface=ether2
/interface bridge vlan
add bridge=br-master1 untagged=ether1,ether2 vlan-ids=999
add bridge=br-master1 tagged=ether1,ether2 vlan-ids=1
/ip address
add address=192.168.1.11/24 interface=br-master1 network=192.168.1.0
/interface bridge
add name=br-master1 protocol-mode=stp vlan-filtering=yes
/interface bridge port
add bridge=br-master1 interface=ether4
/ip address
add address=192.168.1.21/24 interface=br-master1 network=192.168.1.0
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.1
encapsulation dot1Q 1
ip address 192.168.1.31 255.255.255.0
!
interface FastEthernet0/0.999
encapsulation dot1Q 999 native
c1#ping 192.168.1.21 repeat 4
Type escape sequence to abort.
Sending 4, 100-byte ICMP Echos to 192.168.1.21, timeout is 2 seconds:
!!!!
Success rate is 100 percent (4/4), round-trip min/avg/max = 4/9/20 ms
^^ Exactly the reason I create and use VLAN999 on all of my switch to switch (or VLAN speaking router) links as the untagged VLAN. I also ensure that no IP addressing is ever applied to VLAN999. This is 1 of 2 recommended approaches for dealing with VLAN hopping. The other is to tag all traffic including the native VLAN. This method is less common and essentially discards any untagged traffic (in a similar fashion as having it on a non-routable VLAN).I think in a complex VLAN scenario with tagged/untagged use, one simply should not use VLAN 1 or not use it for something important.
exactly^^ Exactly the reason I create and use VLAN999 on all of my switch to switch (or VLAN speaking router) links as the untagged VLAN. I also ensure that no IP addressing is ever applied to VLAN999. This is 1 of 2 recommended approaches for dealing with VLAN hopping. The other is to tag all traffic including the native VLAN. This method is less common and essentially discards any untagged traffic (in a similar fashion as having it on a non-routable VLAN).I think in a complex VLAN scenario with tagged/untagged use, one simply should not use VLAN 1 or not use it for something important.
Yes, i mean put on the same trunk (hybrid) untagged traffic and tagged VLAN 1. This is not working with vlan aware bridges (except if you are using "PVID=something else than 1" to change the untagged traffic vlan-id).I think he means "have vlan 1 tagged on some port, and at the same time have some other vlan untagged on that or another port".you mean, untagged on some ports and tagged on others? or both untagged and tagged on the same port (schrodinger vlan)?..It is not possible to use untagged and tagged vlan-id=1 traffic at the same time.
While vlan 1 is nothing special, it would not be the first case where it causes problems to use it tagged. In the past I have
also tried to hunt down bugs on other manufacturer's switches, and even faced the situation where the manuf "could not reproduce"
the problem and it was because the Windows driver for the ethernetcard he uses to debug the problem (or maybe even Windows itself)
invisibly deleted a VLAN 1 tag from the packet even before wireshark gets it. Wireshark under Linux showed the problem clearly.
I think in a complex VLAN scenario with tagged/untagged use, one simply should not use VLAN 1 or not use it for something important.
1 D bridge=bridge vlan-ids=1 tagged="" untagged="" current-tagged="" current-untagged=bridge,ether2
Yes, i mean put on the same trunk (hybrid) untagged traffic and tagged VLAN 1. This is not working with vlan aware bridges (except if you are using "PVID=something else than 1" to change the untagged traffic vlan-id).I think he means "have vlan 1 tagged on some port, and at the same time have some other vlan untagged on that or another port".you mean, untagged on some ports and tagged on others? or both untagged and tagged on the same port (schrodinger vlan)?..It is not possible to use untagged and tagged vlan-id=1 traffic at the same time.
While vlan 1 is nothing special, it would not be the first case where it causes problems to use it tagged. In the past I have
also tried to hunt down bugs on other manufacturer's switches, and even faced the situation where the manuf "could not reproduce"
the problem and it was because the Windows driver for the ethernetcard he uses to debug the problem (or maybe even Windows itself)
invisibly deleted a VLAN 1 tag from the packet even before wireshark gets it. Wireshark under Linux showed the problem clearly.
I think in a complex VLAN scenario with tagged/untagged use, one simply should not use VLAN 1 or not use it for something important.
1 D bridge=bridge vlan-ids=1 tagged="" untagged="" current-tagged="" current-untagged=bridge,ether2
I agree with you that it should work and indeed it does work on Procurve (I have such a scenario at work) but before that we hadI've used vlan1 tagged mixed with untagged traffic without problems in the past with procurve switches as well as Mikrotiks.
No you are right tagged for vlan1 and untagged for vlan1 at the same time on the same port is not possible.Are you able to dump a configuration from the ProCurve's showing a single port untagged for VLAN1 and tagged for VLAN1? I'd be extremely surprised if that is the case as well as confused as to how that isn't at the least causing the link to bridge traffic twice if not forming a loop.
I know this is wandering dangerously off-topic of the actual content of the RC release so we may need to take it to a new thread. I can create one. At this point I'm more curious as to how something like that would actually work. I'm pretty sure what you're describing is definitely not standard behavior. The Cisco switches and routers I have in my lab won't let me do it. I don't have any ProCurve hardware to lab with, largely because they fall into the each model is configured differently category and that annoys me (at least since the 3com purchase).
1 D bridge=bridge vlan-ids=1 tagged="" untagged="" current-tagged="" current-untagged=bridge,ether2
#1) Create a bridge with ports:
/interface bridge
add name=bridge1 protocol-mode=none vlan-filtering=no
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
#2) Configure VLANs:
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,ether1,ether2 untagged="" vlan-ids=10
add bridge=bridge1 tagged=bridge1,ether1,ether2 untagged="" vlan-ids=20
add bridge=bridge1 tagged=bridge1,ether1,ether2 untagged="" vlan-ids=30
add bridge=bridge1 tagged=bridge1,ether1,ether2 untagged="" vlan-ids=40
#3) Assign VLANs to MST instances:
/interface bridge msti
add bridge=bridge1 identifier=1 vlan-mapping=10,20
add bridge=bridge1 identifier=2 vlan-mapping=30,40
#4) Enable VLAN Filtering and MSTP:
/interface bridge set bridge1 protocol-mode=mstp vlan-filtering=yes
#5) Check MSTP status:
/interface bridge msti monitor [find]
Any updates when we can expect fastpath support for PPPoE Client interfaces?*) lte - added initial fastpath support (except SXT LTE and Sierra modems);
It is supported since 6.35. And there also were improvements in 6.39. Check changelogs out for details.Any updates when we can expect fastpath support for PPPoE Client interfaces?
It doesn't work on RB850Gx2.It is supported since 6.35. And there also were improvements in 6.39. Check changelogs out for details.Any updates when we can expect fastpath support for PPPoE Client interfaces?
RB850Gx2 Ethernets doesn't have fastpath support, MT doesn't have their own driver there, they use ones provided by CPU manufactures so that IPsec hardware acceleration works. I asked about this at the MUM.It doesn't work on RB850Gx2.
No.I thought this problem can be solved on the forum.John39 - There are no related fixes mentioned in chagelog. Have you contacted support@mikrotik.com? Are you sure that problem was introduced in 6.40rc version and downgrade to older version fixes this problem?
Yes, I'm sure the upgrade to version 6.39.2 or earlier fixes this problem.John39 - There are no related fixes mentioned in chagelog. Have you contacted support@mikrotik.com? Are you sure that problem was introduced in 6.40rc version and downgrade to older version fixes this problem?
Preparing for the future: viewtopic.php?f=2&t=121533*) mmips - added support for NVME disks;
what possible current mmips based router has slot/interface to get an nvme ssd attached to it?
interface bridge vlan print
Flags: X - disabled, D - dynamic
# BRIDGE VLAN-IDS CURRENT-TAGGED CURRENT-UNTAGGED
0 br1 1 eth2 br1
eth3
1 br1 11 br1 eth4
eth2
eth3
2 br1 12 br1
eth2
eth3
3 br1 41 br1
eth2
eth3
4 br1 42 br1
eth2
eth3
5 br1 999 br1 eth2
eth3
Maybe M33 ??*) mmips - added support for NVME disks;
what possible current mmips based router has slot/interface to get an nvme ssd attached to it? afaik nvme is pcie, and the hexR3 (the sole mmips based mikrotik device) doesn’t have anything similar...
Many thanks!Here is a simple MSTP configuration example for insight. It could be used on 3 routers connected in a ring.
The upcoming RouterBoard M3 has a M.2 slot which could be used for a NVMe SSD....*) mmips - added support for NVME disks;
what possible current mmips based router has slot/interface to get an nvme ssd attached to it? afaik nvme is pcie, and the hexR3 (the sole mmips based mikrotik device) doesn’t have anything similar...
The upcoming RouterBoard M3 has a M.2 slot which could be used for a NVMe SSD....*) mmips - added support for NVME disks;
what possible current mmips based router has slot/interface to get an nvme ssd attached to it? afaik nvme is pcie, and the hexR3 (the sole mmips based mikrotik device) doesn’t have anything similar...
viewtopic.php?f=1&t=123497#p607883Yes, everything that saves to file from console is broken, export to file print to file etc. We will try to fix this in future rc versions.
When you press the backup button on winbox is encrypted by default, if you don't set up password you locked out,you lost the backup.. [emoji30]Not getting happier about this and I had to revert back current 39.2 to have my settings back. The backups I have all say "provide password" and I what am think WHAT password!!!! I tired many but none did work so that means all my carefully made backups are toast or is there some way to use them. The export .rsc are all trowing errors so that is also a no go.
This sets me back a few months in changes made in firewall and a lot of scripting I did in that time. I cant even go back to 6.40rc38 because of I have only the .backup and no .rsc.
Is there a reliable way to backup you settings so one can restore their router in case of disaster?
So back ot Bridge and Master. The load on the cores are with master more even and none is stressed to the utmost.
I wanted to show two pictures showing the difference in speed but I can't find the attach option any more. So bad luck all the way.
Known issue. See viewtopic.php?f=1&t=123497#p607883Unable to export configuration to a file
(...)
Tom
I had the same problem yesterday. RB2011UASUnable to export configuration to a file
Is anyone else having this issue? I can run /export from the CLI, but if I do:
/export file=x (or /export file="x")
No files get created.
It seems that it was corrected by rc41 as in Changelog of RouterOS 6.40rc41.I had the same problem yesterday. RB2011UASUnable to export configuration to a file
Is anyone else having this issue? I can run /export from the CLI, but if I do:
/export file=x (or /export file="x")
No files get created.
I thought I was too stupid to find the file.
ISSUE since rc38
Webfig:
No File download possible
ftp download is OK
*) pppoe-server - fixed situation when some of 100+ pppoe-servers can become invalid on reboot;
I'll keep on 6.40rc38 until 6.41rc hits the downloads then. Can't say i'm interested in reverting my new VLAN aware bridges back to the old way and then back again into VLAN aware bridges. Good progress. Don't fall asleep at the wheel. I hope you guys got some good initial testing on MSTP / VLAN ware bridging.v6.40 is scheduled for release, so we reverted hw-offload as well as igmp-snooping, because it requires more testing and bugfixes.
Most likely it will be back in v6.41rc
Important: This means all the new bridge/switch/igmp-snooping functionality is removed and will return in 6.41rc. The reason is that we found that these new features need more testing, and v6.40 was too close to release, so it would delay the release for some time. Those of you who used the RC, there is no painless way to upgrade or downgrade.!) bridge hw-offload implementation reverted back to pre-6.40rc36 state (testing will continue in v6.41rc);
!) wireless - added Nv2 AP synchronization feature "nv2-modes" and "nv2-sync-secret" option;
*) bonding - fixed 802.3ad mode on RB1100AHx4;
*) export - fixed export to a file (introduced in v6.40rc39);
*) hotspot - added "address-list" support in "walled-garden" IP section;
*) hotspot - fixed firewall accept rules created by "/ip hotspot walled garden ip" (introduced in v6.40rc18);
*) ike1 - create tunnel policy when no split net provided;
*) ike1 - wait for cfg set reply before ph2 creation with xAuth;
*) ipsec - allow to specify chain in "firewall" peer option;
*) ppp - fixed non-standard PAP or CHAP packet handling;
*) pppoe-server - fixed situation when some of 100+ pppoe-servers can become invalid on reboot;
*) routerboard - added "caps-mode" option for "reset-configuration";
*) sfp - fixed invalid temperature reporting when ambient temperature is less than 0;
*) winbox - make IPSec policies table an order list;
*) winbox - show "/interface wireless cap print" warnings;
Can I make partition(s) on my mAP Lite? It has only 32MB disk space.I really think Mikrotik should discuss using partitions in addition to backups.
You are right, but try to use partitioning on a hEX (or any other "zero flash") devices!This was very easy to roll back with a partition. Just make the partition..
Are you sure about that? mAP lite should have 64MB RAM and 16MB flash ... and no you cant use partitions ...Can I make partition(s) on my mAP Lite? It has only 32MB disk space.I really think Mikrotik should discuss using partitions in addition to backups.
+1This was very easy to roll back with a partition. Just make the partition active that was right before the upgrade. Took seconds.. As I mentioned, everyone doing RCs should use partitions. I copy my current RC and config over to a partition before I try out a new RC. Any issue, I just move back..
I had to with 38, upgraded to 41. On the 2011 it was still causing the display to flash. So 41 did not fix something from 38. So I "made active" my original partition and the issue was gone.
I really think Mikrotik should discuss using partitions in addition to backups.
Normis, what is the time-line for 6.40 GA and 6.41rc?Important: This means all the new bridge/switch/igmp-snooping functionality is removed and will return in 6.41rc. The reason is that we found that these new features need more testing, and v6.40 was too close to release, so it would delay the release for some time. Those of you who used the RC, there is no painless way to upgrade or downgrade.
It can boot off the secondary partition when booting off the first partition fails. Although it is not clearly defined what failing to boot really means.This is a wonderful idea. I didn't even know this was possible till you mentioned so as well some means to boot once off a secondary partition?
In the V6.40rc41 version, I can not find this option. Please tell me the details of the setup steps and methods, thanks. Please forgive me, my English is very badYes, the below methods.Currently RouterOS6.40rc does support any of EAP authentication methods?
The EAP section is on Wireless > Security Profiles > Profile entries (via winbox).In the V6.40rc41 version, I can not find this option. Please tell me the details of the setup steps and methods, thanks. Please forgive me, my English is very bad
+1I'm with you guys. I'm not sure what class embedded designers are taught to use tiniest flash chip available on the market but I'd like to alter that curriculum. That said, I do get that in the hardware world, cents does multiply out to dollars when the sale quantity gets high enough. It seems like an area were you could cheaply separate yourself from other router brands even with a 128mb or 256mb flash chip.
For poops and giggles, a quick google search shows:
0.61 USD = 32MB flash chip
3.43 USD = 256MB flash chip
9.52 USD = 1GB flash chip
These numbers are very quick and dirty. Naturally the product would have to be vetted to make sure it fits the design and volume purchase discounts could soften the cost. I was just hoping to put a cost per unit for the upgrade into print in hopes of giving us all a little perspective on what kind of price impact we'd see if MikroTik moved to larger chips and passed that cost onto consumers. A device like the hap AC already in that +100 USD cost may handle an additional ~9 USD different easier than say a cap lite. I personally would be very happy with a 256MB (even 128MB) upgrade at a ~3 USD impact per device across the product line. The cost increase for storage capacity would be a justifiable reason that would increase my likelyhood to purchase MikroTik. That is just me, I can't speak for all forum members in all markets.
This does seem strange in today's world.... but then again, as Idlemind points out - $2 for every unit sold can translate to hundreds of thousands or millions of dollars less in profits for a particular unit if it's popular...You are right, but try to use partitioning on a hEX (or any other "zero flash") devices!
There is no common sense in putting 16mb flash on new devices.. IMHO .. the real reason is obviously NOT save 2 bucks
I see yours point, but .... less in profits ..
Thanks null31, i try to try mikrotik route to build an iKEV2 VPN server, i have no radius, my client is windows7, i read wik i but still can not succeed. Would you like to help me?The EAP section is on Wireless > Security Profiles > Profile entries (via winbox).In the V6.40rc41 version, I can not find this option. Please tell me the details of the setup steps and methods, thanks. Please forgive me, my English is very bad
I forgot to ask.
Do you want the Mikrotik as EAP Client or as EAP Access Point?
The print that I showed is about EAP Client.
Now about EAP AP:
Page 16.
> https://mum.mikrotik.com//presentations ... 009077.pdf (Spanish language)
I'm with you guys. I'm not sure what class embedded designers are taught to use tiniest flash chip available on the market but I'd like to alter that curriculum. That said, I do get that in the hardware world, cents does multiply out to dollars when the sale quantity gets high enough. It seems like an area were you could cheaply separate yourself from other router brands even with a 128mb or 256mb flash chip.
For poops and giggles, a quick google search shows:
0.61 USD = 32MB flash chip
3.43 USD = 256MB flash chip
9.52 USD = 1GB flash chip
These numbers are very quick and dirty. Naturally the product would have to be vetted to make sure it fits the design and volume purchase discounts could soften the cost. I was just hoping to put a cost per unit for the upgrade into print in hopes of giving us all a little perspective on what kind of price impact we'd see if MikroTik moved to larger chips and passed that cost onto consumers. A device like the hap AC already in that +100 USD cost may handle an additional ~9 USD different easier than say a cap lite. I personally would be very happy with a 256MB (even 128MB) upgrade at a ~3 USD impact per device across the product line. The cost increase for storage capacity would be a justifiable reason that would increase my likelyhood to purchase MikroTik. That is just me, I can't speak for all forum members in all markets.
I don't think he did get it wrong, 8gbit (1gbyte) FLASH on digikey can cost as little as between $6.16 (each in 1000 of quantity) and $9.45 (each in 1 of quantity).You got this wrong ... flash chips are declared in Megabits ... so the prices you found are for 4MB, 32MB and 128MB respectively ...
Better use API call, will be faster way I suppose, likeAny chance you could add 'Radio Name' in the SNMP wireless registrations table? It is great having graphs of wireless clients but I do not know which is which without the name. Thanks.
/interface/wireless/registration-table
This is not realistic.Better use API call, will be faster way I suppose, likeAny chance you could add 'Radio Name' in the SNMP wireless registrations table? It is great having graphs of wireless clients but I do not know which is which without the name. Thanks.and play with.Code: Select all/interface/wireless/registration-table
I do understand your pain but Mikrotik is quite slow with SNMP so far. Keep asking, maybe one day?..This is not realistic.
Oh, I see you're wise person already, will not teach you this way I can't say how many routers you need to monitor from you initial question. Yes, let's wait for MT to help with this.scalable or manageable. Hence not realistic for production environment.
+1 support for thisAny chance you could add 'Radio Name' in the SNMP wireless registrations table? It is great having graphs of wireless clients but I do not know which is which without the name. Thanks.
That feature is actually available! But it is a bit hard to find and understand.They should add scripting into SNMP server, so you can set OID and which script to execute to reply the query This is where MT win all the time - scripting!
+1+1 support for thisAny chance you could add 'Radio Name' in the SNMP wireless registrations table? It is great having graphs of wireless clients but I do not know which is which without the name. Thanks.
Yes, and adding the "Radio Name" field is something that should, IMO, be relatively easy for them to do.APIs are good but tbh SNMP is far easier to work with in NMS tools. I've found a handful of OIDs I'd really like to see supported. Particularly IPv6 traffic tracking and connection counts. Saying it's solved with scripting to custom OIDs is a total hack over supporting standardized mibs.
There is probably a list of things that are relatively easy to do that is so long that it requires considerable effort to sort it all out...that should, IMO, be relatively easy for them to do.
Running 6.40rc38 (won't be upgrading until 6.41rc is released) I don't get hardware offload on any ports. That's ok for me because I have the hex doing intervlan routing which is done in CPU anyways per MikroTik support. I have a separate layer 2 switch that is capable of faster speeds between the hex and my various devices for intravlan traffic.By the way, I now can see two block diagrams for routers, one for non-switched config and other is for switched. So as 6.41 is out both still be there but "switched" become "attached to the same bridge", right?
Also, on this diagram:
am I right to say that if I set 2-4 ports to be switched, and port 1 as non-switched, then port 1 will be 1 Gbps, and four remaining will share another 1 Gpbs in routing scenario?
[admin@rack1_b3] /interface ipip> /ip ipsec policy print
Flags: T - template, X - disabled, D - dynamic, I - invalid, A - active, * - default
0 T * group=default src-address=::/0 dst-address=::/0 protocol=all proposal=default template=yes priority=0x10000
1 D ;;; ipip-tunnel4
src-address=1.1.1.1/32 src-port=any dst-address=1.1.1.2/32 dst-port=any protocol=ipencap action=encrypt
level=require ipsec-protocols=esp tunnel=no proposal=default priority=0x20000 ph2-count=0
[admin@rack1_b3] /interface ipip> print
Flags: X - disabled, R - running, D - dynamic
# NAME MTU ACTUAL-MTU LOCAL-ADDRESS REMOTE-ADDRESS KEEPALIVE DSCP
0 ipip-tu... auto 1480 1.1.1.1 1.1.1.2 10s,10 inherit
[admin@rack1_b3] /interface ipip> set 0 local-address=2.2.2.2
[admin@rack1_b3] /interface ipip> /ip ipsec policy print
Flags: T - template, X - disabled, D - dynamic, I - invalid, A - active, * - default
0 T * group=default src-address=::/0 dst-address=::/0 protocol=all proposal=default template=yes priority=0x10000
1 D ;;; ipip-tunnel4
src-address=2.2.2.2/32 src-port=any dst-address=1.1.1.2/32 dst-port=any protocol=ipencap action=encrypt
level=require ipsec-protocols=esp tunnel=no proposal=default priority=0x20000 ph2-count=0
Sorry, I just found why it is not working correct (may be I doing it incorrect). The reason is that I use mikrotik DDNS as destination address in tunnel. So situation is:@HeadCraft be more specific, what you described works:
Code: Select all[admin@rack1_b3] /interface ipip> /ip ipsec policy print Flags: T - template, X - disabled, D - dynamic, I - invalid, A - active, * - default 0 T * group=default src-address=::/0 dst-address=::/0 protocol=all proposal=default template=yes priority=0x10000 1 D ;;; ipip-tunnel4 src-address=1.1.1.1/32 src-port=any dst-address=1.1.1.2/32 dst-port=any protocol=ipencap action=encrypt level=require ipsec-protocols=esp tunnel=no proposal=default priority=0x20000 ph2-count=0 [admin@rack1_b3] /interface ipip> print Flags: X - disabled, R - running, D - dynamic # NAME MTU ACTUAL-MTU LOCAL-ADDRESS REMOTE-ADDRESS KEEPALIVE DSCP 0 ipip-tu... auto 1480 1.1.1.1 1.1.1.2 10s,10 inherit [admin@rack1_b3] /interface ipip> set 0 local-address=2.2.2.2 [admin@rack1_b3] /interface ipip> /ip ipsec policy print Flags: T - template, X - disabled, D - dynamic, I - invalid, A - active, * - default 0 T * group=default src-address=::/0 dst-address=::/0 protocol=all proposal=default template=yes priority=0x10000 1 D ;;; ipip-tunnel4 src-address=2.2.2.2/32 src-port=any dst-address=1.1.1.2/32 dst-port=any protocol=ipencap action=encrypt level=require ipsec-protocols=esp tunnel=no proposal=default priority=0x20000 ph2-count=0
[admin@MikroTik] > /interface ipip
add allow-fast-path=no ipsec-secret=123 !keepalive local-address=1.1.1.1 name=\
ipip-tunnel1 remote-address=google-public-dns-a.google.com
[admin@MikroTik] > ip ipsec policy print
Flags: T - template, X - disabled, D - dynamic, I - invalid, A - active, * - default
0 T * group=default src-address=::/0 dst-address=::/0 protocol=all proposal=default
template=yes
[admin@MikroTik] > ip ipsec policy print
Flags: T - template, X - disabled, D - dynamic, I - invalid, A - active, * - default
0 T * group=default src-address=::/0 dst-address=::/0 protocol=all proposal=default
template=yes
1 D ;;; ipip-tunnel1
src-address=1.1.1.1/32 src-port=any dst-address=8.8.8.8/32 dst-port=any
protocol=ipencap action=encrypt level=require ipsec-protocols=esp tunnel=no
proposal=default priority=0 ph2-count=0
[admin@MikroTik] > /interface ipip set [find name=ipip-tunnel1] local-address=3.3.3.3
[admin@MikroTik] > ip ipsec policy print
Flags: T - template, X - disabled, D - dynamic, I - invalid, A - active, * - default
0 T * group=default src-address=::/0 dst-address=::/0 protocol=all proposal=default
template=yes
1 D ;;; ipip-tunnel1
src-address=1.1.1.1/32 src-port=any dst-address=8.8.8.8/32 dst-port=any
protocol=ipencap action=encrypt level=require ipsec-protocols=esp tunnel=no
proposal=default priority=0 ph2-count=0
[admin@MikroTik] > ip ipsec peer print
Flags: X - disabled, D - dynamic, R - responder
0 D ;;; ipip-tunnel1
address=8.8.8.8/32 local-address=1.1.1.1 auth-method=pre-shared-key secret="123"
generate-policy=no policy-template-group=default exchange-mode=main
send-initial-contact=yes nat-traversal=yes proposal-check=obey hash-algorithm=sha1
enc-algorithm=aes-128,3des dh-group=modp1024 lifetime=1d dpd-interval=2m
dpd-maximum-failures=5