|
other people posted:I am not strong with mikrotik specially but it sounds like both wireless APs are part of the same broadcast domain and that multicast between them works ( I assume chromecast is using multicast to locate devices). That's all good. Thanks for the comments. It seems that IPv6 was the problem. The hAP was giving the Chromecast an IPv6 address, I disabled IPv6 and since then it's been working fine. Not sure if this is an obvious thing I should have checked, but putting it here on the off chance it ever helps someone else...
|
#
?
Dec 9, 2016 01:01
|
|
|
|
| # ? May 22, 2024 10:48 |
|
|
Muga posted:Thanks for the comments. IPv6 takes a bunch of configuration on Mikrotiks right now. I finally got mine working but it took a bunch of trial and error and you definitely need a good set of !Pv6 firewall rules. If you look earlier in the thread you can find these scripts. Or just turn it off.
|
|
#
?
Dec 11, 2016 19:38
|
|
|
Does anyone else have a hAP AC? Mine idles at 59C and I can't believe this is normal.
|
|
#
?
Dec 13, 2016 17:49
|
|
|
thebigcow posted:Does anyone else have a hAP AC? Mine idles at 59C and I can't believe this is normal. I don't have one but I have installed a few and from what I remember yeah they run hot.
|
|
#
?
Dec 14, 2016 00:03
|
|
|
News release! http://download2.mikrotik.com/news/news_74.pdf Got any old satellite dishes laying around? How about outdoor wireless quote:The LDF (Lite Dish Feed) is an outdoor wireless system They removed the switch chip on the CCR 1009's in favor of letting the interfaces have full CPU usage/ ( explains why I haven't been able to get any lately) They're adding TR-069 CPE management support 
|
|
#
?
Dec 20, 2016 18:17
|
|
|
Does anyone know if the SFP+ cages on CCR1009/CCR1016-12S-1S+ and such have enough power to light long distance single mode fiber? Like in-port LR/ER/ZR SFP+ adapters? We're getting incredibly pricing from our optics vendor due to end of the year, so we're trying to ditch our transceiver boxes and just go with in-port optics for a few long 10Gb fiber hops. IE: currently we have direct attach from SFP+ ports in Mikrotik to an Omnitron transceiver box, which then lights the XFP LR/ER/XR ranged adapters/optics that do the actual distance shot. If we can get rid of the Omnitron boxes we'll save a ton of money.
|
|
#
?
Dec 21, 2016 20:39
|
|
|
Does your vendor list a power draw for their modules?
|
|
#
?
Dec 21, 2016 20:49
|
|
|
thebigcow posted:Does your vendor list a power draw for their modules? These are Juniper optics, so probably. edit - Nevermind, we figured it out. jeeves fucked around with this message at 21:07 on Dec 21, 2016 |
|
#
?
Dec 21, 2016 20:55
|
|
|
So..............................is it going to work out for you?
|
|
#
?
Dec 21, 2016 22:28
|
|
|
All of the places that we're ending a fiber shot to a Mikrotik will actually end at a transceiver box first before then direct attaching to the Mikrotik SFP+ cage. So it is a moot point now, we no longer need to power fiber long shots with SFP+ cages.
|
|
#
?
Dec 22, 2016 23:39
|
|
|
thebigcow posted:Does anyone else have a hAP AC? Mine idles at 59C and I can't believe this is normal. Yeah, that seems pretty high. My hAP AC idles at 47C. Not sure what it is under load, but I can quickly find out by downloading/uploading large files on a 100/100 FiOS connection. 
|
|
#
?
Dec 23, 2016 04:41
|
|
|
PUBLIC TOILET posted:Yeah, that seems pretty high. My hAP AC idles at 47C. Not sure what it is under load, but I can quickly find out by downloading/uploading large files on a 100/100 FiOS connection. Normis said it was normal http://forum.mikrotik.com/viewtopic.php?p=572580#p572599
|
|
#
?
Dec 23, 2016 15:26
|
|
|
This is the longest I have for 10gig. All sites are using BiDi optics. code:
|
|
#
?
Dec 27, 2016 00:37
|
|
|
Happy New Year folks. I don't work with MikroTik stuff anymore and hardly post here at all these days. If you want to start up a new thread, be my guest. Thanks for the folks contributing and especially for that link about the LDF. That's a sweet way to repurpose old satellite gear.
|
|
#
?
Jan 7, 2017 04:28
|
|
|
CuddleChunks posted:Happy New Year folks. I don't work with MikroTik stuff anymore and hardly post here at all these days. If you want to start up a new thread, be my guest. This thread is still pretty good for reference and discussion. Keep it going, duder.
|
|
#
?
Jan 7, 2017 07:13
|
|
|
I still work with Mikrotiks daily at my job, however I just know the moment I leave it I will most likely never professionally touch another one for any other job. It is very nice though to be able to recommend cheap good networking gear for something that I would personally manage (my wife's small business network, for example) and have it work well without paying an arm and a leg. Thanks Mikrotik! Edit - Of course I feel bad for anyone trying to inherit any Mikrotik network that I set up and being like "what the gently caress is this software on this stuff?" - especially since I lock down all ports / services besides just Winbox. jeeves fucked around with this message at 05:27 on Jan 8, 2017 |
|
#
?
Jan 8, 2017 05:12
|
|
|
jeeves posted:Edit - Of course I feel bad for anyone trying to inherit any Mikrotik network that I set up and being like "what the gently caress is this software on this stuff?" - especially since I lock down all ports / services besides just Winbox. This happened to my successor at my last job, even though it was all documented and had winbox+ssh access he couldn't figure it out and ended up doing a factory reset. Pretty sure phones and stuff were down for days because he had no idea how to get the IPSec tunnels configured again
|
|
#
?
Jan 8, 2017 06:24
|
|
|
Zennik - sure, I'm glad folks are still finding it useful. theperminator - hahah at my last job I got a call from some folks that they couldn't connect to the network and could we please help them out right away. Then, I get a call from the tech they had hired to install their new Internet service. He didn't understand the setup, didn't bother to call the people who setup and maintained it and just hit reset on the main router. "You need to give them a new router because this one doesn't work." Uh, you reset it yourself dude, not us. "Don't you supply these?" Dude, YOU reset their router. YOU, not us. Good times. Even better times not doing that stuff anymore. Heh. On the other hand I'm *this* close to buying some more MikroTik and Ubiquiti gear because it's cheap as poo poo and will get the job done for a little install I have planned. It's nice to know it's out there and how easy it is to set up.
|
|
#
?
Jan 9, 2017 02:46
|
|
|
I put a sticker over reset holes now, as a matter of policy.
|
|
#
?
Jan 9, 2017 20:02
|
|
|
CrazyLittle posted:I put a sticker over reset holes now, as a matter of policy. Haha good idea.
|
|
#
?
Jan 10, 2017 04:06
|
|
|
Nothing like a good Latvian software release of the stable branch for the new year! Hope you read the release notes for the following gem (and then search the forums for horror stories). What's new in 6.38 (2016-Dec-30 11:33): Important note!!! RouterOS v6.38 contains STP/RSTP changes which makes bridges compatible with IEEE 802.1Q-2014 by sending and processing BPDU packets without VLAN tag. To avoid STP/RSTP compatibility issues with older RouterOS versions, upgrade RouterOS to v6.38 on all routers in Layer2 networks with VLAN and STP/RSTP configurations. The recommended procedure is to start by upgrading the remotest routers and gradually do it to the Root Bridge device. If after upgrade you experience loss of connectivity, then disabling STP/RSTP on RouterOS bridge interface will restore connectivity so you can complete upgrade process on your network. (...pages of additional changes...)
|
|
#
?
Jan 10, 2017 23:14
|
|
|
Yeah I usually don't touch a non x.x.0 release anyhow, but holy gently caress I am glad I didn't touch this one. I really don't need ALL of my vlans hosed up, thanks. It looks like I'll be on 6.37.3 for a while.
|
|
#
?
Jan 12, 2017 21:34
|
|
|
I've got something I'm hoping you all can help me with here. I'm fairly new to the Mikrotik world with most of my experience being with Cisco. Like many of you I work for a WISP. In this situation I have a specific client that's seeing bandwidth overages and I had someone offer for us to take a look at where their data is going over the course of several days. We do not have any external appliances which would be able to track this- the tracking will have to be done in Mikrotik. My boss in under the impression that I can use torch but I'm not really seeing how this is possible given that it seem built to monitor traffic in realtime, given the max one hour timeout. The other options I see are using the sniffer tool to do a PCAP or traffic flow. The former creates files that are too large to maintain the pcap for more than an hour or so and I'm not personally familiar with how I would track bandwidth usage from a PCAP. I'm understanding traffic flow to basically be Netflow so with an external sever of some sort it seems like it may do the trick but would be a headache for a few reasons due to how we're set up. How would you all deal with a similar request?
|
|
#
?
Jan 13, 2017 19:31
|
|
|
Export netflow to an analyzer box (like ntopng). http://www.ntop.org/ntopng/how-to-analyse-mikrotik-traffic-using-ntopng/ nprobe lifetime license is like $200 iirc.
|
|
#
?
Jan 13, 2017 19:41
|
|
|
I used to work a lot with these little things a few years ago and just haven't done any work with the, or networking at all really since a career change. I've had my RB2011 for some time and I haven't had a reason to touch it but alas, here I am wanting to forward a port and I'm too dumb now to do it but for a reason I can't explain. I think I have the NAT rule setup right except that I can't modify the dst port property in that rule: (Ignore the to-ports value there. I was messing around with stuff and forgot to change it for the screencap) Maybe I just forgot a step or something in port forwarding since my knowledge has regressed so much. Long story short, I want traffic from port 2626 to get forwarded to my computer on the network. Abstract goal: I want direct connect on Dolphin to work.
|
|
#
?
Jan 15, 2017 05:00
|
|
|
Canine Blues Arooo posted:I used to work a lot with these little things a few years ago and just haven't done any work with the, or networking at all really since a career change. I've had my RB2011 for some time and I haven't had a reason to touch it but alas, here I am wanting to forward a port and I'm too dumb now to do it but for a reason I can't explain. I think I have the NAT rule setup right except that I can't modify the dst port property in that rule: I think maybe this is just winbox being weird. I just tested it and it behaved the same way. Seems to let me do it via the web interface though. Try that or command line. Command line example: code:jaxercracks fucked around with this message at 16:07 on Jan 15, 2017 |
|
#
?
Jan 15, 2017 16:03
|
|
|
Don't you need to tick the box next to "Protocol"?
|
|
#
?
Jan 15, 2017 17:12
|
|
|
Thanks Ants posted:Don't you need to tick the box next to "Protocol"? The box is for 'NOT', so ticking it next to the protocol setting would mean "anything but the selected protocol".
|
|
#
?
Jan 15, 2017 18:09
|
|
|
See how it acts in /webfig/ to confirm if its a Winbox bug.
|
|
#
?
Jan 15, 2017 19:00
|
|
|
Turns out it is just a bug in Winbox. If you switch the protocol to something else and then back to TCP, you can edit the port fields again. I tried out /webfig/ as well, but left-clicking on objects in the Firewall and NAT menus doesn't work either for mystery reasons (everything else works). Either way, mystery solved. Change the protocols and stuff works again!
|
|
#
?
Jan 15, 2017 20:37
|
|
|
Bugfix track went from 6.36.4 to 6.37.4
|
|
#
?
Jan 18, 2017 20:14
|
|
|
thebigcow posted:Bugfix track went from 6.36.4 to 6.37.4 Wow, bravo Mikrotik!
|
|
#
?
Jan 18, 2017 20:54
|
|
|
If I scroll down it lists changes for 6.37.3 from last November but at least as of last week I never saw that offered in RouterOS.
|
|
#
?
Jan 18, 2017 22:36
|
|
|
Has anyone else encountered the issue with WinBox 3.9 crashing upon closing every single time? Not sure if there's a fix for that aside from waiting until the next version. Additionally, when it comes to creating a firewall rule, is there a way to specify multiple destination addresses for one rule? I had previously entered a range (ex. 192.168.88.49-192.168.88.50), but that doesn't seem to work well. It seems like the MikroTik firewall doesn't know how to revert to .49 should .50 ever become unavailable (but I imagine that's because I'm using a "range" and not a wildcard or separate individual addresses.) It seems like my only option is to have two copies of the same rule but with different destination addresses in each rule? Seems counter-intuitive.
|
|
#
?
Jan 19, 2017 18:11
|
|
|
I haven't had Winbox crash but I do get somewhat random disconnects. You could make an address list and point the firewall rule at that, but your range should work. Can you post the rule and what you're trying to do with it? What is breaking?
|
|
#
?
Jan 19, 2017 19:54
|
|
|
thebigcow posted:I haven't had Winbox crash but I do get somewhat random disconnects. I have one firewall filter rule in place that looks like this: code:code:
|
|
#
?
Jan 19, 2017 23:30
|
|
|
Are you trying to NAT to two destination addresses?
|
|
#
?
Jan 20, 2017 01:44
|
|
|
This NAT rule doesn't make sense to me. If you are trying to direct external traffic to two internal IPs then NAT won't work right. You can map lots of external requests onto a single internal IP with a regular NAT. However, this is a MikroTik so there are weirdass things you can do with Mangle rules that will let you "load balance" between multiple internal IP addresses if you're willing to go to the effort: http://forum.mikrotik.com/viewtopic.php?t=48025 has some suggestions. Are you trying to make a failover type setup so that if one NIC goes down the other takes over or do you want to round-robin them for load balancing reasons?
|
|
#
?
Jan 20, 2017 01:44
|
|
|
CuddleChunks posted:This NAT rule doesn't make sense to me. If you are trying to direct external traffic to two internal IPs then NAT won't work right. You can map lots of external requests onto a single internal IP with a regular NAT. However, this is a MikroTik so there are weirdass things you can do with Mangle rules that will let you "load balance" between multiple internal IP addresses if you're willing to go to the effort: http://forum.mikrotik.com/viewtopic.php?t=48025 has some suggestions. Honestly, no idea. I think my original intention was to create load-balancing but who knows. I've already realized none of this makes sense which is why I've since changed the server to only use one Ethernet controller and modified the MikroTik to only point to a single LAN IP. I was just more curious to know what the proper procedure would be for something like this. I know internally I've had certain services handling traffic only on one IP, while something like traffic to virtual machines was on the other IP. Would those two rules make sense if I keep them set to only point to 192.168.88.49? Or is there a better way to utilize a filter and NAT rule(s)?
|
|
#
?
Jan 20, 2017 03:20
|
|
|
|
| # ? May 22, 2024 10:48 |
|
|
PUBLIC TOILET posted:Honestly, no idea. I think my original intention was to create load-balancing but who knows. I've already realized none of this makes sense which is why I've since changed the server to only use one Ethernet controller and modified the MikroTik to only point to a single LAN IP. I was just more curious to know what the proper procedure would be for something like this. I know internally I've had certain services handling traffic only on one IP, while something like traffic to virtual machines was on the other IP. Would those two rules make sense if I keep them set to only point to 192.168.88.49? Or is there a better way to utilize a filter and NAT rule(s)? What you need is Per Connection Classifiers gimme a sec and try to whip up some rules :edit: here we go, this will determine which one to load balance to depending on the source port of the client which is random: Updated: changed per-connection-classifier=src-port:1 to per-connection-classifier=src-port:2 so that it actually does something... code:theperminator fucked around with this message at 03:46 on Jan 20, 2017 |
|
#
?
Jan 20, 2017 03:35
|
|