MikroTik - Search

pmurdock

No fast-track but I have just found the solution.. It was 2 fold. 1) IPv6 was being used and thus bypassing the IPv6 target on the simple queue.. Some Ookla servers supported IPv6 and some did not.. obviously the ones that DID support IPv6 were bypassing my original simple queue BECAUSE I had only s...

pmurdock

I've setup a CCR2216 with L3HW on all ports except WAN port.. I did this to enable NAT / firewall rules on WAN / and simple queues .. ROS v7.7 What I thought was relevant was the config below.. all ports and switch have l3-hw-offloading=yes EXCEPT for WAN port (#8) # mar/22/2023 10:20:20 by RouterOS...

pmurdock

I would like to selectively turn off L3HW offloading connected and dynamic routes in a CCR2216.. In the past in ROS6 I would have used the chains dynamic-in and connected-in to modify route entries before they made it to the table.. I have been struggling to do this on ROS7.. I added a filter like t...

pmurdock

I have this same question..

did you ever find a good solution to this?

pmurdock

What I don't see with that is gateway redundancy for the subscriber base.. unless that aggregation cloud is where you've moved VRRP to.

pmurdock

thanks for the heads up! Loving the CCR2216 thus far.. man can it push throughput and all at 0% cpu..

cheers,
Paul

pmurdock

You make a great point.. :) This is basically a bog standard BGP test setup.. nothing else fancy added.. just verifying BGP works like v6.. except I can't use v6 because it's a CCR2216.. It's become apparent that there are some things still lacking, but I'm just trying to understand why whenever I f...

pmurdock

G'day, Testing out BGP on a CCR2217 v7.6rc1 BGP session establishes, but I make a change to a filter and want to resend out an update to my peer.. I hit resend and apparently the connection to the peer says "--SESSION IS STOPPED" the only way to get it to re-establish is go to sessions and...

pmurdock

G'day, I have a CRS518 switch that I'm powering some TiBit XGS-PON SFP+ modules.. The modules have been throwing an error about Transmit Bias.. In my discussions with TiBit it appears that the Mikrotik SFP+ ports cannot handle the Peak 3.5W (sustained 2.7W) power needed by the XGS-PON modules. Does ...

pmurdock

Did you ever find a solution to this? I feel like I have a similar issue.

pmurdock

Have users on each port of a CRS309.. Want to be able to traffic shape the ports for the service they want.. example Port 1 = 150Mbps, Port 2 = 500Mbps.. It appears egress shaping is working, but ingress is far below the shaped value.. See part of config that sets the shaping.. Flags: I - invalid # ...

pmurdock

I have this same problem.. As soon as DHCP82 is turned on, on the radio the client hardware past the AirMax AC radios can no longer pull DHCP addresses.. It doesn't seem to happen to all routers, but some routers seem to struggle with it.

pmurdock

Trying to conceptutally work this out. I have VPLS tunnels working to the CORE DHCP server.. RADIUS is working by DHCP auth to a freeradius 3.0 server. I would like to take this to the next level.. :) have RADIUS/DHCP hand out public ip's vs CGNAT ip's based on customer service level. At first I tho...

pmurdock

Seems like we should be able to offer multiple prefix sizes so that DHCP-PD clients can put a prefix-hint and get either a /56, /60, or /64 (default).. How can we set this up? It looks like on Mikrotik 6.45.6 (latest) we can only assign one IPv6 pool to a dhcp server on an interface.. and we can onl...

pmurdock

For further light and knowledge concerning how to do the type of application where you are adding/dropping wavelengths at specific customers sites, you should use F-OADM and ROADM units. "O"pitcal "A"dd "D"rop "M"ultiplexer.. So while the Mikrotik CWDM can mul...

pmurdock

Excellent description. Understood, and it makes sense.

pmurdock

It seems like it would be possible to just use one CWDM mux (dual fiber) in the server room, and then if you daisy chain that fiber to multiple locations just pull off the specific wavelength using Mikrotik's wavelength specific SFP's.. Would that be a correct assessment? I see most diagrams needing...

pmurdock

Did you ever find a solution to this problem?

I have determined that the Mikrotik DHCP server fails to work if the Ubiquiti AP has DHCP option 82 on.

pmurdock

事实上60 ghz链接Mikrotik和24 ghz雷竞技网站link is a Mimosa B24.. I don't see any fine control options for STP for the Mimosa, but I can defintely try those things on the Mikrotik 60GHz links.. I'll try and report back. I did notice that RSTP was ON, for the 60GHz links

pmurdock

So - in my mind I think it is an issue with the ROOT BRIDGE not disabling the backup port.. see attached image. 1) In the image below of the ROOT BRIDGE (/interfaces bridge port print) list you can see the paired ports Remote Tower 2 (in our previous example) ether3-ptp-castle-24GHz ether5-ptp-castl...

pmurdock

thanks for the response. Some things to be clear about. 1) No VLAN's at all in this setup. 2) root and alternation ports are selected by the switches (non root switches) correctly based on path cost.. 3) pinging stops working INTERMITTENTLY to 10.0.1.10 or 10.0.1.133,etc any switch OTHER than the RO...

pmurdock

I have a scenario with two CRS326 switches that have a dual wireless connections (for redundancy). CRS326 #1 --> port 1 --> 60GHz PTP link --> port 1 --> CRS326 #2 root bridge --> port 2 --> 24GHZ PTP link --> port 2 CRS326 #1 and #2 have IP address on their bridge port (all ports of switches are on...

pmurdock

I can confirm this script works a treat.. I can't believe we're here 3 years later with no other viable resolution to the core problem.

pmurdock

Try turning OFF fast path.. I have numerous rb2011's that for some reason work far better with it off.

pmurdock

寻找方法来限制exe防火墙规则cuted once per day or every 15 minutes, etc per an address-list.. In this case I want them redirected to a web page reminding them to make payment. I currently use web proxy and a dst-nat rule to accomplish this, but it stays on until I remove them f...

pmurdock

Ok.. so I haven't found an answer to the issue I have, but I did find a pretty good workaround.

Instead of having the servers on the same subnet that the router IP addresses were I put the servers on a separate subnet and that has solved the issue.

pmurdock

Ok. Now that I have the diagram up here is a more detailed explanation. PTP #1 goes down (I simply changed the ssid on the AP side so the interfaces are still up just no ip connectivity) Router #2 - routing table gets updated via OSPF and now it wants to send 0.0.0.0/0 traffic to 10.2.2.20.. ok BUT ...

pmurdock

Attached network diagram. Image uploading stll not working

See google drive link...
Network Diagram

pmurdock

G'day, I have an OSPF network ring topology setup. I was testing path failover and from an OSPF perspective it works, however locally connected "DAC" routes with a lower Distance (distance of 0) are overriding the imported OSPF routes. I had made a sketch of the network, but for some reaso...

pmurdock

G'day, So as I understand it there is no way to run a particular script on any type of event (other than using say the LOG watching script). example - ospf primary gateway goes down, every router switches to route 2.. However - they need to switch DNS servers when this happens.. I've found no better...

pmurdock

Ok.. did some further research on this.. One question that has come up is how does Mikrotik by default deal with IP packets with a DiffServ Class Select 1 DSCP of 0x08.. ie the lowest priority.. Turns out on my comcast all incoming IP packets are flagged with this DSCP priority of 0x08 whereas by de...

pmurdock

Ok.. so I moved WAN to ether5, and LAN is on SFP.. so we're not messing with any of the switch ports. still problems.. to make matters worse I put in linksys ea3500 and everything magically works.. What the heck is wrong with this CCR1009??? I also use an RB2011 - same problems.. so it's not a speci...

pmurdock

You have to assign your LAN port an address and then it will start assigning IP's by RA.

add the ::/1 address and it will make your LAN port take whatever prefix has been delegated to you.

cheers!
Paul

pmurdock

Good point. I just looked at the flow chart for the CCR1009 and I have WAN on port 1 and LAN on SFP port. I'll pop the WAN over to port 5 and see if that works better.

pmurdock

So I've been fiddling with this some more - and although changing to queue type to default-ethernet HELPS with slowness and erratic network behavior - it does not solve the problem. There are still a number of web sites that don't come up completely or streaming that doesn't start, etc.. any suggest...

pmurdock

I got Open VPN working

Couple things just to double check.

1) LZO compression off

2) tls-cipher DEFAULT option had to be set for my android clients

pmurdock

Man.. I've been struggling with a CCR1009-8G-1S-1S+PC. have a 300mbps connection.. users behind the router have been getting erratic connections - streaming has had problems, web sites partially come up, etc.. throughput is sometimes good, sometimes terrible. All very erratic.. and I think I've just...

pmurdock

这带来了一个有趣的动态,因为the LINK 1 is an MPLS/VPLS connection - but a routed one. I'm not so sure that connection tracking is only for NAT.. the nature of the tracking is I believe also useful for a stateful firewall - which is what I'm trying to accomplish - by tracking s...

pmurdock

G'day All, I'm going to try to clearly explain the situations then you can tell me if I'm crazy or not. :) PC -------> Site 1 <--[link 1]---> Site 2 <--[link 2]-----> Site 3 <------- Device I don't want any subnets on site 3 reaching anything on site 2 or site 1. I do want site 1 and 2 to reach all ...

pmurdock

Ok this problem has been solved - and the solution was interesting for me. I'll outline what was needed in order to pass the PCI compliance test. So as previously mentioned I was DROPPING packets coming in on the WAN port to port 53 - which was effective in stopping attacks from the WAN side --- HOW...

pmurdock

对不起,应该provided more details results for firewall - filter rules ether1-cox is the WAN-internet port Flags: X - disabled, I - invalid, D - dynamic 3 chain=input action=drop protocol=tcp in-interface=ether1-cox dst-port=53 4 chain=input action=drop protocol=udp in-interface=ether1-cox ds...

pmurdock

Ok - so here's a curiousity - I have a routerboard 433 setup - and we have this company doing an audit of the system - they claim there are 2 critical errors with our setup (that they can see from the outside) they are both related to DNS issues 98.191.121.61 Medium domain (53/udp) DNS Server Cache ...

pmurdock

I have the following setup working - and it's great! ISP1 gateway - 10.0.0.1, ISP2 gateway - 10.0.1.1 ISP1 --> 10.0.0.2 \ prio 1 | --> Mikrotik (192.168.0.0/24) NATTED | (192.168.0.9 is a WEB SERVER - use dst-nat ISP2 --> 10.0.1.2 / forward port 80 to 192.168.0.9) prio 2 All internal LAN machines wo...

Search found 43 matches