MikroTik - Search

flatbat

I have now encountered multiple occasions of packet loss and 'strange' problems on hAPax3. When the Bridge has 'fast-forward' enabled by default and two HW-offloaded ether ports active it all is fine, but as soon as a third port in the form of a dynamic wan-interface adds itself to the Bridge, it ra...

flatbat

If the attacker can get close enough to plug that rogue access point into a LAN port instead Sure, but if someone gets physical access to install their own device in the endpoint, then the protocol used wouldn't matter much at all anyway.. ;-) DNS spoofing is a good point that could work though. Wh...

flatbat

Sure there is a risk with PPTP if there indeed is somewhere where someone has physical access to intercept and record your traffic, and then the ability to brute force your password from that recording. They could then disconnect my link and quickly use the credentials to log in to our server before...

flatbat

Sure, but I agree with OP that it doesn't seem very professional with screens full of red warnings that every connection is unsafe. I could maybe DIY some solution with IPSec or EoIP, but that would also have its flaws and potential security issues due to the increased complexity. RouterOS also does...

flatbat

We use lots of PPTP for file transfers over long-distance (=high latency) Point-2-Point links, where GRE is much much faster than the TCP- and UDP-based protocols. We have seen that L2TP/IPsec works just as good as PPTP, but seems to be rate-limited at times; Contrary to many beliefs, it's our exper...

flatbat

Upgrading from 6.49.1 worked mostly fine for us, except; * OSPF areas connected over PPP-links were missing; This was lost in ROS6: /routing ospf network add area=backbone network=10.7.1.0/24 Manually readded in ROS7 after upgrade like this: /routing ospf interface-template add area=backbone-v2 netw...

flatbat

Audience is just using CAPsMAN and link with other CAP-devices on the third wlan similar to repeater (bridge-ap/station-bridge). It is not using WDS mesh or any specific mesh technology. Source:? The device itself..; [admin@Audience1] > /system default-configuration print script: :global ssid; #| R...

flatbat

Audience is just using CAPsMAN and link with other CAP-devices on the third wlan similar to repeater (bridge-ap/station-bridge).
It is not using WDS mesh or any specific mesh technology.

flatbat

Thanks, that would obviously be a clean solution, but what would be the exact reason for multihoming not working with a single router?

Is in fact firewall Connection Tracking or NAT in any way linked to upstream interface in RouterOS?

flatbat

Is firewall Connection Tracking or NAT in any way linked to upstream interface in RouterOS? I mean, we plan to multihome with ISP1 and ISP2 and announce the same /24 to both ISPs, and want to srcnat outbound traffic from a private network behind one of the public addresses in the /24. Default gatewa...

flatbat

Multicast worked technically, but there were lots of dropped packets and picture pixelation. We changed to use unicast via http and rtmp instead, and that works almost perfectly. Customer is happy.

flatbat

We have a network where we today send IPTV multicast from a few servers. Users connected via cable can watch the streams, and the switches use IGMP snooping to open up for the requested stream to each client. Now some users want to watch the streams via wireless. The wireless network consists of man...

flatbat

We have some public locations where we provide WiFi using CAPsMAN and wAPac. There are international travellers in some areas, and many of those can not connect to our AP's on 5GHz because their clients don't support some of the channels automatically selected by CAPsMAN. Is there a country-code in ...

flatbat

We have several places where we run CHR on AWS, both as central location for management/vpn-termination/dude and to use RouterOS for VPN-tunnels instead of having to struggle with the AWS VPN service. To take this concept further, we would really be helped by the ability to install CHR on KVM and Go...

flatbat

IGMP snooping is the only reason we are still buying Cisco switches. If this works, our Cisco rep will lose an account now..

flatbat

Would be nice to have some more powerful solution as well. According to the calculator a combination of NetMetal5+mANT30 in theory would reach 60km where Dynadish stops at 14km?

flatbat

Are you using WMM? What's your preamble mode? What does "bad connectivity" means? Low signal? iphones get unregistered? captive portal doesn't show up? djdrastic, you referred to a rather old ROS version... I use all sorts of iOS devices myself, and have installations where 80% of devices...

flatbat

We have been using capsman with cap2n in hotel corridors since they were released, and they have worked pretty good. They still work good, but recently we have received an increasing number of complaints about instability and bad connectivity, which seems to be mainly from users with modern smartpho...

flatbat

Thanks for the warning. As we may need 4-5 dishes in a single co-located tower, the interference may become a problem then. I wonder if it is worth the extra cost to use Netmetal5+mANT30+Sleeve30 instead of DynaDish in those cases..? Do you also have experience like our case with two wireless links ...

flatbat

I would appreciate some experienced feedback on how to deploy a wireless backbone to bridge a few wired networks in a remote location where it is not possible to pull cable. As seen in the attached image, the idea is to set up a link from the uplink location to a tower close to the remote locations,...

flatbat

To use Chromecast via CAPsMAN you need to enable 'Client to client forwarding' on the datapath configuration.

flatbat

I agree it would be easy with BGP, but these upstreams are corporate PPPoE links with no support for BGP provided by the ISP. We need some other way to identify the ASN and set up routing.

flatbat

Note to self.. echo "@rtconfig printPrefixes \"/ip route add dst-address=%p/%l gateway=link4 comment=-IRR-AS2906\n\" filter AS2906" | rtconfig /ip route add dst-address=23.246.0.0/18 gateway=link4 comment=-IRR-AS2906 /ip route add dst-address=23.246.15.0/24 gateway=link4 comment=...

flatbat

I have a site with static routes (no BGP) to multiple transit providers where we want to optimize the path to some specific AS'es by creating static routes for their prefixes via specific providers. To automatically manage this, we were looking at tools like using peval from http://irrtoolset.isc.or...

flatbat

Thanks. You're right.
Replacing 'port=4500' with 'port=500' solved the problem.
With 'nat-traversal=yes' the CCR is automatically moving to port 4500 after the initial ISAKMP setup, so that port doesn't have to be specified.

flatbat

We have an ipsec tunnel between a CCR and a remote site using Strongswan. It's configured to use NAT-T on port 4500, and everything works fine. But once every hour we get 5-6 errors in the CCR log, mentioning timeout trying to negotiate phase1 from the standard IKE port 500. This issue seems obvious...

flatbat

We have a CAPsMAN with 'auto'-generated CA and certificate, and lots of CAPs also with certificates requested from the CAPsMAN but without 'Lock To CAPsMAN'. We need to replace the router running CAPsMAN with another larger model. How do we manage the certificates? I'm sure it would work to log in t...

flatbat

I have very bad results with SXT2 60, with more than 12 stations it is very bad with pings over 200ms. With RB912UAG-2HPnD-OUT and sector antenna is better with over 25 stations working very good. Thanks InoX. 12 stations sounds like a serious limitation for the SXT2. What kind of antenna are you u...

flatbat

I need to provide public wifi for a 'typical' outdoor hotel pool area, filled with people with smartphones and laptops. It's approx 200x100 meters, with a rectangular swimmingpool in the center surrounded by a sun deck with lots of deck chairs, tables and a restaurant patio. I was initially thinking...

flatbat

Sounds like the choice would be primarily between central switches and 3 cables to each room, or a single cable to a switch/router in each room.
I understand the issue in maintaining lots of devices and maybe it is a good advice to not install devices in guest rooms. But there will be lots of cables..

flatbat

Thanks for your suggestions! Cacti99 - The reason for initially not choosing RB951Ui-2HnD was that it is bigger, costs more and also has an unnecessary powerful 1000mA radio. The small 50mA in RB951-2n seemed more suitable for a small hotel room, at least on paper.. Is there any particular reason to...

flatbat

We have been asked to deploy a network for a new 4-star hotel with 170 guest rooms. All rooms must have good wifi coverage, wired ethernet for Internet, as well as wired ethernet for a separate IPTV VLAN. The suggestion is to place a RB951-2n in each room, use one port for uplink, one port for Inter...

flatbat

I am trying to configure a RB to log on as a VPN client to a MS server (presumably ISA) using l2tp/ipsec, basically emulating a standard Windows-XP client. The Windows-client logon just fine, so I know it works on the server side. I first started by setting up the ipsec layer. On the first connect I...

flatbat

All, thanks for your response! My initial question was just if this was a known problem. Since it's apparently not, I agree with you that the issue should be in the switches downstream somewhere. ROS and hotspot configuration is unlikely to be an issue since hotspot works just fine with one and two ...

flatbat

Yes, all switches are manageable. I'm not sure what you mean with a flat mode, but we use many different vlans. In the router the hotspot is configured on a vlan interface, and this vlan is then tagged over all switches. The switch ports on the final switch where cpe's are connected, are configured ...

flatbat

I have encountered an unexpected problem in a switched network, where it seems to be possible with only two switches between a client and a ROS Hotspot. This works fine: client--switchA--switchB--RB_hotspot This does not work: client--switchA--switchB--switchC--RB_hotspot The symptom is that with th...

flatbat

Sorry, I should have been clearer on that point.. Thank's for bearing with me! Yes, the modem/routers have their own built-in DHCP-servers, which handle out addresses in the 192.168.x.x scope. On the RB1100 that runs the hotspot, there is a central DHCP server that handles out the addresses in the 1...

flatbat

Thanks SurferTim, but I don't think you get the point..;
The 192.168.x.x addresses shouldn't be visible to the hotspot at all..?!
They should be secretly hidden behind the users' NAT modem/router..

flatbat

Yupp, that's right. But what I don't understand is how the hotspot see the 19.168.1.0-addresses, as these are behind another NAT router (the ADSL router/modems). Look for instance at D8:5D:4C:86:80:60; This is an ADSL router/modem that is logged on and active on row 18. But on row 10 it appears agai...

flatbat

We have a number of Hotspot servers running on different interfaces on a RB1100, which is used to authenticate ADSL users. All users have their own local ADSL modem with NAT, where they use a local 192.168.1.0 network for their internal devices. The ADSL modems get their external address from our DH...

flatbat

Mmmm.. you're right. I should download the RB1100 user guide and read it myself, instead of asking silly questions.. In the wrong forum as well, apparently.. (no idea why I created this thread under Virtualization). Anyway, I'll try to enable Web Proxy in one of our production RB1100 routers and see...

flatbat

Sorry.. still struggling..

Are you saying that the RB1100 has 512MB RAM when shipped, PLUS 512MB storage ('disk' in /store disk print) ?

flatbat

I'm a bit confused about the memory on the RB1100.. It should have 512 MB internal memory, but it some places it says it's SDRAM, and in others that this is a NAND (flash). [admin@core1] > /ip proxy export # nov/26/2010 02:27:18 by RouterOS 4.10 # software id = VWJR-1NLM # /ip proxy set always-from-...

flatbat

Is it a good idea to switch on Web Proxy on a RB1100?
Would it it that case be best to expand the RAM and use the system store, or to insert a SD card and use that as a separate store for the Web Proxy? Where is the NAND in the RB1100..? Is this the 512 MB built-in memory or something else..?

Thanks

flatbat

A customer has a network with an existing firewall that does not support PPPoE. The firewall is NATting a private nework on the inside. They now want to connect a PPPoE link anyway, and we thought we could solve this by puttin a MT in front of the firewall, let the MT connect the PPPoE link to the I...

flatbat

我觉得这里有点如履薄冰,但我确实following in both servers; echo 256960 > /proc/sys/net/core/rmem_default echo 256960 > /proc/sys/net/core/rmem_max echo 256960 > /proc/sys/net/core/wmem_default echo 256960 > /proc/sys/net/core/wmem_max (The default was 124928 and max was 131071 before) N...

flatbat

Thanks for your suggestion.
But in the end, there will be lots of servers and users in both ends, so I'm not able to adjust the configs on all those. Any configs must have to be on the Mikrotik routers...?

flatbat

Hi, I've setup two RouterOS boxes - one in Europe and one in Asia, where the normal Internet latency is about 400 ms between the endpoints. One of the routers is connected to Internet with PPPoE (MTU/MRU 1460). The other one has a direct ethernet connection to Internet. Running the Mikrotik Bandwidt...

flatbat

Thanks. I missed that since PCC also seems to be developed only with outbound load balancing in mind. If inbound load balancing using MT PCC does work that simply, then I'm astonished that noone has posted any working example as this would provide much of the core functionality you get in a dedicate...

flatbat

你好,是否可以使用RouterOS作为入站ll雷竞技oad balancer with session affinity (aka persistence, stickiness, ...)? I have seen some post referring to the other way around, but no evidence that inbound load balancing would be supported. The typical scenario is if you have a single inbound wan l...

flatbat

Thanks hedele The part that makes me most curious here, is why the MT builtin Bandwidth testserver provides an almost perfect result between the two routers. Could it be related to what you say, that maybe the MT bandwidth tester is using UDP packets? I have made a few more tests, and seen that resu...

flatbat

你好,我试着现在。它工作在技术上,但unfortunately the throughput is miserable.. The strange thing is that the MT Bandwidth Test shows very decent numbers (1.5 Mbps + 1.5 Mbps = 3.0 Mbps total), but when I route my laptop through these routers to the Internet, I only get around 200 kbps th...

flatbat

I have a small subnet with a single switch, where some users connect with cable and the majority of the users are connecting via wireless 802.1g via a RB433 connected to the same switch. There is not supposed to be any multicast in the network, but a user has tried to set up his own VNC streaming, a...

flatbat

Hi, I have read lots of posts without really getting the full picture re. bonding of links between two locations. I have a datacenter in Europe with a high speed Internet connection coming in to a Mikrotik box. A branch office in Asia can not get a high speed connection, but is instead using two ADS...

Search found 54 matches