|
Yeah it should be fine. There's lots of fiddly little options in the dhcp setup section.
|
# ? May 1, 2013 23:55 |
|
|
# ? May 15, 2024 04:51 |
|
I've got a RB2011 which is working fantastically as a router for a charity. I'm looking to setup the hotspot functionality on it (with AD as the radius server, It's going to supply the hotspot to about 150 active volunteers) however when I try and configure the hotspot and look in the router's files all I see are empty folders. I've tried factory resetting the device and uninstalling and re installing the hotspot package to see if that replaces the files, is there anything else I can try?
|
# ? May 4, 2013 00:31 |
|
Has anyone seen an RB493 just suddenly begin failing to get DHCP from a cable modem? Had a customer call up with that and it was quite bizarre. Still think it's his ISP as it gets a link and everything. He can also plug in *any* other device and get his IP. In other news, I have an RB750G that needs a new home. I have too many network devices. PM me if you're interested.
|
# ? May 4, 2013 19:23 |
|
CuddleChunks posted:TOOLS TOOLS TOOLS TOOLS! Fair enough. I've went into System -> Logging, configured a new topic of "interface" as well as "debug" just below it. I'm guessing the results of this debug are supposed to appear in the log through Winbox? It doesn't seem to display any diagnostics after configuring the topic. Same result if I do /log -> print in a new terminal window. Is it because of the logging rules currently configured in the IP -> Firewall?
|
# ? May 6, 2013 03:27 |
|
If you unplug and replug a live ethernet connection does the log fill with diagnostic info? That's what I would expect an interface log to show.
|
# ? May 6, 2013 08:01 |
|
I'm trying to segregate our LAN somewhat at the moment. We have over 100 devices or so all on the same subnet, 192.168.2.0/24 . I don't know if it's related, but we started having our so/ho routers crapping the bed. I got it in my mind that I would fix this through segregating into subnets, and separate unsecured wifi. I'm trying to figure out the best way to do this, or if it's even needed? I got a 10port + wireless routerboard, and it's pretty sweet. I need some help on how to accomplish setting this up. So our entire network is attached to (unmanaged,cheap)switches throughout the building, then connected to our router/gateway which is 192.168.2.3. We have a Windows Server that does DHCP, file and print sharing, etc on 192.168.2.10 We have a central switch I think I can replace with the Routerboard. It will have 4 switches attached, which are the switches I want to subnet. I can assign addresses to interfaces like (WAN) 192.168.2.1, ether3 192.168.3.1, ether4 192.168.4.1, and ether5 192.168.5.1. I can then assign dhcp-relays to our central dhcp server, or I can just replicate the dhcp server's settings for WINS, DNS,etc. That should be able to segregate our museum, planetarium, and art gallery into subnets and connect to our gateway. My hang-up is how should I route the subnets? I can bridge the interfaces, but from what I'm reading bridging forwards broadcasts, which is what I believe I want to cut down on. I assume this is a NAT issue, should/can I just turn NAT off, or should I forward all 192.0.0.0/8 ? I only want them isolated from broadcasts, I still want them to be able to connect to each other, or atleast be able to connect to the server. I'm in the middle of trying to learn a bunch of this stuff, so tell me if what I'm doing is idiotic darkhand fucked around with this message at 05:38 on May 8, 2013 |
# ? May 8, 2013 05:34 |
|
darkhand posted:I'm in the middle of trying to learn a bunch of this stuff, so tell me if what I'm doing is idiotic It makes sense if you want to cut down on the amount of broadcast traffic. Keep in mind that: a) You'll be using RouterOS DHCP server which means no good way to register the host names of DHCP clients with your Windows server b) You'll be routing traffic between subnets on the Routerboard. This will be slower than a switch and may be a new bottleneck depending on how your network is used. Each interface getting its own subnet will need to be taken off the switch chip, will need its own DHCP server settings and pool assigned, and an IP in that subnet which will be defined as the default gateway in DHCP. You shouldn't need to set up any routing as it already knows about the networks it has an interface on. I think you'll need to set up a WINS server on your Windows machine if it isn't already running or none of the Windows Networking stuff will work between subnets, this address is handed out by DHCP. I've never done this so I'm probably missing/wrong about a few things
|
# ? May 8, 2013 16:00 |
|
I've had a RB493G for a while, and while it took a couple of days to get it working, it's been rock solid for months. However, I need to set up QoS. I currently have 2 devices hard wired with wireless running off of a Ubiquity Unifi AP. Due to my apartment layout, all of my streaming video is done over wifi. I would like to set it up so traffic on {Interface AP} has higher priority over {Interface A} and {Interface B} whenever it's required. I get the impression that what I want isn't exactly possible, but what's the easiest/most efficient way to get what I need?
|
# ? May 11, 2013 03:18 |
|
Can someone idiot check what I'm doing here? I found something online which said the only thing I need to do to have a service on my LAN accessible from outside is to do this:code:
Edit: Scratch that. One of the dynamic routes has a preferred source which is one of the IPs that I don't want to use as our gateway and it's using this for some reason. Anyone got any ideas? Thanks Ants fucked around with this message at 15:00 on May 19, 2013 |
# ? May 19, 2013 14:50 |
|
Caged posted:Can someone idiot check what I'm doing here? I found something online which said the only thing I need to do to have a service on my LAN accessible from outside is to do this: Looks good, but you'll also need to create a filter rule on the forward chain to allow the NAT'd traffic in. Use the private address in the filter rule, because NAT happens before filtering. code:
|
# ? May 19, 2013 14:55 |
|
Thanks, that makes sense but this still isn't working. Should the new NAT and Firewall rules be above the defaults if these are in Winbox? The default masquerade NAT rule is still in there which I believe is what's giving me working internet at the moment.
|
# ? May 19, 2013 15:06 |
|
Can you post an export of the /ip firewall section? Remember to sanitize your external IPs.code:
|
# ? May 19, 2013 15:12 |
|
code:
|
# ? May 19, 2013 15:16 |
|
I have a hunch that the counters for all your dst-nat rules are zero. Change the src-port=x to dst-port=x in each rule and it should work. You want to match a packet destined to port x, no matter what the source port is. As far as rule ordering goes, the only hard requirement is that the "accept" rules in the filter section have to go above the "drop" rule at the end of each chain. I'd put the "connection-state=established" and "connection-state=related" rules above your port forward rules, simply because the majority of your packets will be matched by them. SamDabbers fucked around with this message at 15:32 on May 19, 2013 |
# ? May 19, 2013 15:29 |
|
They were at zero, I changed those. However I think there's a more fundamental issue as there isn't a ping response to that address from the WAN side, and HTTPS connections still don't work. Pings to other addresses in the same IP block from our ISP work fine. I've moved the HTTPS stuff onto the address that is working and everything's fine. I think I'll be calling the ISP next. Thanks for your help with everything though. Do you want a forums upgrade?
|
# ? May 19, 2013 15:48 |
|
Nah, I'm cool on the forums upgrades; just pay it forward Good luck getting it straightened out with your ISP. Is the address that works, by chance, the address assigned in your Mikrotik to ether1? It won't respond to pings sent to addresses that aren't on one of its interfaces, and that's normal. You may need to configure your other addresses as secondary IPs on ether1 to get things working: code:
SamDabbers fucked around with this message at 15:59 on May 19, 2013 |
# ? May 19, 2013 15:55 |
|
This is what that section looks like:code:
code:
Edit again: I've removed all the addresses above except for code:
Edit again again: Spoke to the ISP, ended up setting a src-nat to send a client out of each of the IP addresses in turn after adding them back in, and it worked fine (verified it was going out on the correct IP as well). Pinged them all from outside the network and everything worked except .212. I'm lost now but I've worked around things and things are at a point where they are working well enough for now. Just SIP calls take ages to go out but I can live with that. Thanks Ants fucked around with this message at 17:43 on May 19, 2013 |
# ? May 19, 2013 16:09 |
|
Mikrotik posted:RouterOS 6 released:
|
# ? May 21, 2013 09:20 |
|
Apparently IPv6 conntrack is broken in 6.0 final. Rules don't appear to create connections in the connections tab, so reply packets don't hit "allow established/related" rules and end up getting dropped. IPv4 conntrack still runs like a champ. I like how random stuff breaks in every ROS release, no matter how seemingly unrelated it is to things they've put in the changelogs. The autoreply from support@mikrotik.com says to wipe the config and reenter it Anyone have a chance to tinker with a Ubiquiti EdgeRouter? I picked one up last week for my lab; this might be the perfect time to try it out. SamDabbers fucked around with this message at 17:43 on May 21, 2013 |
# ? May 21, 2013 17:33 |
|
Does anybody have anything bad to say about the RB1200, I'm considering if for a replacment gateway for a wireless network with 60 mbps pipe and anywhere from 10 to 90 users at peak.
|
# ? May 21, 2013 17:44 |
|
I don't have any direct experience with the RB1200, but I have read some reports that it's somewhat underpowered. For $50 more you could get the RB1100Hx2, which is significantly more powerful with dual cores and double the RAM. The extra power can't hurt, especially if you'll have a bunch of queues.
|
# ? May 21, 2013 17:53 |
|
I'll check out the RB1100, I'm currently mostly window shopping Mikrotik after having been pleasantly surprised by the RB750s that I had to roll out in haste when another supplier failed to deliver. My Mikrotik reseller is pretty aggressive about HS Network Manager in conjunction with Mikrotik hotspots for delivering guest network functionality. Anybody here tried it ?. It seems on paper and in presentation as a pretty decent solution for managing and reselling Hotspot functionality.
|
# ? May 21, 2013 21:59 |
|
I haven't seen it but we've deployed hotspot through the mikrotik in several locations. I think we end up building some custom web pages, turn on the hotspot service and plop those down into the mikrotik that's handling hotspotting. Maybe this HSManager thing helps automate all that.
|
# ? May 21, 2013 23:47 |
|
CuddleChunks posted:If you unplug and replug a live ethernet connection does the log fill with diagnostic info? That's what I would expect an interface log to show. 19:35:45 interface,info ether1 link down 19:35:47 interface,info ether1 link up (speed 100M, full duplex)
|
# ? May 22, 2013 20:36 |
|
1550NM posted:Does anybody have anything bad to say about the RB1200, I'm considering if for a replacment gateway for a wireless network with 60 mbps pipe and anywhere from 10 to 90 users at peak. Can't say much about the RB1200, but I can give you an idea of running more or less the same configuration with RB1100 (rOS 4.17) and I have no problem at all. CPU won't load more than 10% (cause I think the main difference between RB1100 and RB1200 is the cpu ?) I am also using an RB493 (rOS 4.17) with 40 Users peak on 6x 24 Mbps ADSL Link, and it works fine as long as I take care of the users' database (wiping sessions and database rebuild) every week. Anyone tried the last rOS 6.0 ? Are the CCR usable in prod environment ?
|
# ? May 22, 2013 20:49 |
|
daita posted:19:35:45 interface,info ether1 link down Pretty much. Just as an update, I have to fiddle with the device to get it to connect and pull a lease from the router. Supposedly the device may be overheating (at least the NIC might be) and that's why this problem occurs. I just chalk it up to age and build quality. Sometimes if I erase the DHCP lease, disconnect the patch cable while it's powered on then plug it back in, it will reconnect, grab a lease and then connect at 100M. It is a strange one but unsurprising.
|
# ? May 22, 2013 23:23 |
|
have you tried with another ethernet cable ? :]
|
# ? May 23, 2013 00:33 |
|
1550NM posted:Does anybody have anything bad to say about the RB1200, I'm considering if for a replacment gateway for a wireless network with 60 mbps pipe and anywhere from 10 to 90 users at peak. I have a RB1200 at one head end with about 220 customers. At 45Mbps with about 15 firewall rules the CPU hits about 35%. I would go with the 1100ah just to be safe
|
# ? Jun 2, 2013 07:18 |
|
Remit posted:I have a RB1200 at one head end with about 220 customers. At 45Mbps with about 15 firewall rules the CPU hits about 35%. I would go with the 1100ah just to be safe Yeah, the 1100ah it is. It's not that much more expensive, and choosing just enough is the reason that I have to look around for a decent replacement.
|
# ? Jun 2, 2013 21:09 |
|
Has anyone tried RouterOS 6 yet?
|
# ? Jun 13, 2013 22:27 |
|
thebigcow posted:Has anyone tried RouterOS 6 yet? Yeah. The new icons are nifty, it seems to solve some problems with nstreme 2 which is good news. Seems stable though we don't have it in general use across the network yet. I've got the release candidate installed at home and it has been fine. I may update to the full version this weekend or something.
|
# ? Jun 13, 2013 23:40 |
|
CuddleChunks posted:Yeah. The new icons are nifty, it seems to solve some problems with nstreme 2 which is good news. Seems stable though we don't have it in general use across the network yet. I've got the release candidate installed at home and it has been fine. I may update to the full version this weekend or something. Yeah I see they have a new release (6.1) that came out on 6/12. I was going to ask if there are any known issues before upgrading from 5.25.
|
# ? Jun 13, 2013 23:55 |
|
PUBLIC TOILET posted:Yeah I see they have a new release (6.1) that came out on 6/12. I was going to ask if there are any known issues before upgrading from 5.25. With MikroTik its the unknown issues
|
# ? Jun 14, 2013 00:30 |
|
thebigcow posted:With MikroTik its the unknown issues This. And don't even bother contacting their support when you run into one. When I upgraded to 6.0 final from rc14, IPv6 conntrack stopped working. That is, none of the rules would create state and everything was hitting the default drop rules. I sent a detailed writeup of the problem (a bug report, really) with a supout file to support@mikrotik.com, and it took over a week for someone to respond with a link to a pre-release build of 6.1 and "no, you're wrong; it works fine." I like the hardware and RouterOS features; they're really quite interesting and powerful products, but I'd not put them in production, or even install minor point release updates on deployed units, without lots of testing and validation beforehand for a particular software release and hardware set. Between the random software defects in every point release, sometimes having to be "fixed" multiple times according to the changelog, and the company's terrible attitude towards support, I find it hard to recommend them for serious business purposes unless you're willing to support it all yourself.
|
# ? Jun 14, 2013 06:46 |
|
SamDabbers posted:When I upgraded to 6.0 final from rc14, IPv6 conntrack stopped working. That is, none of the rules would create state and everything was hitting the default drop rules. I sent a detailed writeup of the problem (a bug report, really) with a supout file to support@mikrotik.com, and it took over a week for someone to respond with a link to a pre-release build of 6.1 and "no, you're wrong; it works fine." Oh, so you're the other guy who reported that. quote:Hello, He was polite enough to give me the 6.1-rc1 link (which did solve it).
|
# ? Jun 14, 2013 11:07 |
|
Wolf on Air posted:Oh, so you're the other guy who reported that. So the first report of a problem gets a denial, and the second gets acknowledged because someone else reported it too? I swapped that router out for an EdgeRouter Lite I'd been itching to try, so I haven't tried 6.1 on it yet. The ERL works pretty well, and since it's Debian/Vyatta and lets me have an actual bash shell, I can install standard Linux software and script around things that don't work exactly the way I want. There are some rough edges still since the firmware is still evolving, but I'm pretty impressed so far. Also, Ubiquiti engineers seem to be far more responsive and helpful in their forums. Then again, the posters don't seem to be quite as terrible as those in the Mikrotik forums, which is just painful to read.
|
# ? Jun 14, 2013 16:47 |
|
The mikrotik forum has exactly one thread worth reading - the horrible installs picture thread. That's funny as hell. Other than that, oh man, what a mess. I'm generally pretty happy with MikroTik stuff but you're right, their poor customer support attitude and general wonkiness really hurts them from being taken seriously as a drop-in replacement for enterprise gear. They have almost all of the same features but their poo poo is broken in weird ways and continues to break unexpectedly as you move from revision to revision hoping that *this* will be the one where they fix your reported bug. Dangit MikroTik, I really really want to love you but you make it so hard.
|
# ? Jun 14, 2013 17:37 |
|
SamDabbers posted:Then again, the posters don't seem to be quite as terrible as those in the Mikrotik forums, which is just painful to read. Haha, try the UniFi section. Since ubiquitous WiFi is in high demand and they're the entry level of "real" solutions the retards are out in force. Most recently someone went full offensive against me for daring to suggest that MAC filtering on WiFi was not a security measure.
|
# ? Jun 14, 2013 18:48 |
|
I upgraded to 6.1 the other day and it appears to have hosed my DHCP server. Oddly some of my devices still get the correct static IPs but some get nothing and fall back to a 169.x.x.x IP. I tried to set it up again but the command seems to fail (on webfig and winbox the next button just does nothing, and on the console it just sits there after typing 'setup')
|
# ? Jun 17, 2013 13:27 |
|
|
# ? May 15, 2024 04:51 |
|
I have a slight problem. I have a server on the WAN that has a web interface. I don't want this accessable at all times so I decided I would just enable/disable a firewall rule on the MikroTik router in front of it when I need to access the web interface. The problem is, even with the firewall rule disabled, I can still connect to port 80 for some reason. I have full access to the box with the firewall rule disabled. Here is my setup: So, why am I still able to connect?
|
# ? Jun 17, 2013 16:20 |