|
theperminator posted:What you need is Per Connection Classifiers gimme a sec and try to whip up some rules I have no idea how "src-port" works in this instance, even after reading over the wiki link. Does it mean TCP source port? Or Ethernet port? I'm confused.
|
#
?
Jan 20, 2017 05:36
|
|
|
|
| # ? May 22, 2024 17:57 |
|
|
PUBLIC TOILET posted:I have no idea how "src-port" works in this instance, even after reading over the wiki link. Does it mean TCP source port? Or Ethernet port? I'm confused. TCP source port. It is mostly randomly assigned.
|
|
#
?
Jan 20, 2017 06:44
|
|
|
Looks like winbox v3.10 is out. code:
|
|
#
?
Jan 23, 2017 18:54
|
|
|
New Newsletter too http://mt.lv/news75quote:In this MikroTik newsletter: The CRS106 is kind of interesting, wonder what use cases there are for that? Also the dual-boot feature, can switch between RouterOS and SwOS on new switches, though having used SwOS I'm not sure why you'd subject yourself to that horror willingly.
|
|
#
?
Jan 24, 2017 00:32
|
|
|
Has anyone seen their mikrotik randomly start dropping connected wireless devices about once a week? I've got a ~3 year old RB951G that seems to start acting "weird" every seven days (like the SSID doesn't show up in the client's list of available networks, or it does, and you try to join but get no IP, etc.). Experimentally I've found that disabling and then re-enabling the wireless interface "fixes" it (for another week) and I could just cron that somehow but ... wtf? Wired connections are always perfectly fine when this happens. Wireless clients are android phones and mac laptops, if that makes any difference. (I have a weird feeling that maybe I posted about this in confusion before, but I don't have forums search enabled and am too lazy to go dig through the entire thread again. Maybe I just thought about doing so and chronic sleep deprivation is jacking with my memory. Apologies if this is a duplicate.  )
|
|
#
?
Jan 24, 2017 01:14
|
|
|
I searched for you and couldn't find any posts from you about this problem  Not sure what would be causing that, sounds like a software bug though. how long has this been happening?
|
|
#
?
Jan 24, 2017 01:30
|
|
|
checking in I set up 2x Mikrotik RBSXTG-5HPacD over about 550 ft PTP. Not much interference in the area in the 5.8Ghz band. I get 32-40MB/s. Yes, mega-bytes not bits. Last check I pushed ~70TB over this connection in 2 ish years with no drops. If I could marry these things I would.
|
|
#
?
Jan 24, 2017 02:54
|
|
|
volkadav posted:Has anyone seen their mikrotik randomly start dropping connected wireless devices about once a week? I've got a ~3 year old RB951G that seems to start acting "weird" every seven days (like the SSID doesn't show up in the client's list of available networks, or it does, and you try to join but get no IP, etc.). Experimentally I've found that disabling and then re-enabling the wireless interface "fixes" it (for another week) and I could just cron that somehow but ... wtf? Wired connections are always perfectly fine when this happens. Wireless clients are android phones and mac laptops, if that makes any difference. Not happened to my 951 but this could be either congestion in your area or a blown wifi amp/chipset. I'd personally try a different wifi AP for a bit and see what happens. Depending on that either get a new 951/whatever or get something with 5Ghz/AC radios. I got the Mikrotik RB911G-5HPacD-NB which is a 5Ghz A/N/AC only AP and just slapped a couple normal antennas on it and stuck it to my wall. Im sure it could serve like 100 clients but it has been rock solid for 2+ years. No reboots necessary, and performance that is fantastic. A few Intel Wifi AC chipsets don't have good speeds with this unit for whatever reason. Thats about the only downside for that unit I can tell.
|
|
#
?
Jan 24, 2017 03:01
|
|
|
Anyone have any experience with the wAP ac? I am thinking about upgrading my wireless network to 802.11ac and am considering it. Currently I have the previous generation Unifi UAP-Pro connected to a Mikrotik hEX router. Using one AP for a three story house and get good connectivity but just realized that all my devices except one are 802.11ac capable. The other option is obviously to just get one of the Unifi 802.11ac units. Also thinking that I will need to get more AP's if I really want to get max speed ac. Interested in opinions. Thanks much.
|
|
#
?
Jan 24, 2017 14:56
|
|
|
theperminator posted:New Newsletter too http://mt.lv/news75 I really can't work out why they are still making new single-band wireless n devices.
|
|
#
?
Jan 24, 2017 21:31
|
|
|
quote:The cAP lite supports 802.11b/g/n 300Mb/s two Hmmmmm
|
|
#
?
Jan 24, 2017 22:14
|
|
|
Thanks Ants posted:I really can't work out why they are still making new single-band wireless n devices. Tell me about it, I saw that new AP and was pretty interested until I saw "2.4Ghz" 2.4Ghz is so overcrowded and lovely I can't believe anyone would find it actually useful. CrazyLittle posted:Hmmmmm Classic Mikrotik, they probably got that figure from running the bandwidth test tool without involving ethernet at all... theperminator fucked around with this message at 00:05 on Jan 25, 2017 |
|
#
?
Jan 25, 2017 00:03
|
|
|
the cap is for people who have only 20 dollars and don't have to worry about things like 2.4ghz over crowding
|
|
#
?
Jan 25, 2017 01:33
|
|
|
Anime Schoolgirl posted:the cap is for people who have only 20 dollars and don't have to worry about things like 2.4ghz over crowding Probably makes sense in rural Latvia I guess.
|
|
#
?
Jan 25, 2017 02:44
|
|
|
It's been happening for about four months. I'm on the bugfix release stream and try to keep things pretty well updated. As it happens, "about four months" is roughly as long as we've been living in our current apartment. There are so many APs in range here that the network selection list on OSX scrooooooooooooooooooooooooooooooolls.  So I'm betting "congestion" is the right answer for lack of anything else to go on. We're supposed to be closing on a house in a semi-rural area next month, so hopefully that'll be a bit less of an issue. Thanks for the responses, folks.
|
|
#
?
Feb 1, 2017 06:38
|
|
|
unknown posted:Export netflow to an analyzer box (like ntopng). PRTG Network monitor does this too. It's free up to 100 sensors. I got an annoying one going lately. I work for a TV station operator that's all Mikrotik. Getting a weird drop on l2tp vpn over ipsec when the user is on a LTE card or hotspot. I turned the ipsec logging on and I swear something on verizon's side is interfering with the dead peer detection, You can ping-t over it and it stays connected, let it sit and after an indeterminate amount of time the router flushes the SA's. Farking Bastage fucked around with this message at 18:46 on Feb 8, 2017 |
|
#
?
Feb 8, 2017 18:44
|
|
|
Farking Bastage posted:PRTG Network monitor does this too. It's free up to 100 sensors. Thanks, I actually didn't know about the non-profit exception for ntop (apparently you can obtain free licenses?) I've e-mailed them to request more information about this. Not sure what the rules/requirements are.
|
|
#
?
Feb 9, 2017 04:48
|
|
|
Farking Bastage posted:I got an annoying one going lately. I work for a TV station operator that's all Mikrotik. Getting a weird drop on l2tp vpn over ipsec when the user is on a LTE card or hotspot. I turned the ipsec logging on and I swear something on verizon's side is interfering with the dead peer detection, You can ping-t over it and it stays connected, let it sit and after an indeterminate amount of time the router flushes the SA's. Telcos time out the the tcp/udp/whatever nat mappings fairly aggressively.
|
|
#
?
Feb 9, 2017 21:13
|
|
|
We got some of the new passively cooled CCR1009's in  That heat sink is a little... gaudy
|
|
#
?
Feb 10, 2017 15:22
|
|
|
Crossposting from the Cisco thread:quote:We have issues with our ASA. When we manually clear phase 1 of a VPN to a microtik, the ASA side establishes a new phase1/phase2 but the microtik side doesn't. It still sees the old SA as active until it's manually cleared. The ASA carries other VPN's and re-establishes when cleared no problem. To add to this, the colo has suggested we enable tunnel monitoring for each subnet, however I can only provide one pingable IP that we can rely on - they said that would mean only that phase 2 SA would re-negotiate. That makes no loving sense to me since this is a phase 1 issue. Anyone know a quick fix to this problem? We have a few different ASAs that have this problem with this colo's virtual microtiks.
|
|
#
?
Feb 23, 2017 22:12
|
|
|
Sepist posted:Crossposting from the Cisco thread: Try setting the 'Level' to Unique in Policies on the MTik.
|
|
#
?
Feb 24, 2017 01:28
|
|
|
Prescription Combs posted:Try setting the 'Level' to Unique in Policies on the MTik. I kicked it off to them. If it works - thanks! Edit: already set to unique Sepist fucked around with this message at 07:42 on Feb 24, 2017 |
|
#
?
Feb 24, 2017 05:26
|
|
|
You'll need to find the SW version they're running/get them up to date. IPsec gets updated fairly often with bug fixes.
|
|
#
?
Feb 24, 2017 20:45
|
|
|
Sepist posted:Crossposting from the Cisco thread: code:Farking Bastage fucked around with this message at 23:01 on Feb 24, 2017 |
|
#
?
Feb 24, 2017 22:57
|
|
|
I've recently stumbled across a fun little bug(well, re-stumbled. I encountered it years ago, forgot about it, and it just resurfaced) and thought I'd share it in case anyone runs into it: When dealing with a ton of 'objects' on a MikroTik router, especially MIPSBE ones. It sometimes gets 'stuck' and will claim certain objects are invalid. In this particular case, out of 120 VLANs, I had 10 'fail' and stop working. Interfaces looked normal but the IPs would always be red. Removing/re-adding wouldn't resolve it. Nor would reboots. Disabling ALL of the VLAN interfaces except the management VLAN and re-enabling them, however, did. All at once, though, not individually. Quite odd, and frustrating to troubleshoot. If anyone runs into that problem, there's how you fix it.
|
|
#
?
Mar 7, 2017 06:01
|
|
|
I'm trying to redirect traffic from an external IP address to an internal one. I tried using the following:code:
|
|
#
?
Mar 7, 2017 06:35
|
|
|
zennik posted:I've recently stumbled across a fun little bug(well, re-stumbled. I encountered it years ago, forgot about it, and it just resurfaced) and thought I'd share it in case anyone runs into it: mikrotik.txt
|
|
#
?
Mar 7, 2017 12:21
|
|
|
Boner Wad posted:I'm trying to redirect traffic from an external IP address to an internal one. I tried using the following: The behavior you're describing sounds normal for NAT. Is the client on the internal network?
|
|
#
?
Mar 7, 2017 16:47
|
|
|
thebigcow posted:The behavior you're describing sounds normal for NAT. Is the client on the internal network? Yep, essentially I am trying to man in the middle a workstation connecting to a specific destination and redirect it to a different local server. Both the local server and workstation would be internal, the destination is external.
|
|
#
?
Mar 7, 2017 17:02
|
|
|
Then you'll also need a src-nat rule, and I'm not really sure how to set this up for you. It sounds similar to https://wiki.mikrotik.com/wiki/Hairpin_NAT If you want 100% of local requests to that destination redirected it is probably easier to do it at your DNS server.
|
|
#
?
Mar 7, 2017 17:18
|
|
|
You need two rules, one in and one out, if you are doing 1:1 NAT translation.
|
|
#
?
Mar 7, 2017 20:18
|
|
|
Some of the supply chain issues with Mikrotiks make sense now. The ones we waited for that got held up in customs were probably being implanted with CIA software. 
|
|
#
?
Mar 8, 2017 02:54
|
|
|
If the CIA and NSA target the same person do both rootkits fit without taking out any of the stock packages?
|
|
#
?
Mar 8, 2017 16:36
|
|
|
I've been tasked with setting up a router than can do 1Gb/s for a 1Gb/s connection with at least a few firewall rules. I haven't gotten into this level of network performance yet. Which model (s) should I be looking at? Any gotchas or tips?
|
|
#
?
May 3, 2017 16:31
|
|
|
redeyes posted:I've been tasked with setting up a router than can do 1Gb/s for a 1Gb/s connection with at least a few firewall rules. I haven't gotten into this level of network performance yet. Which model (s) should I be looking at? Any gotchas or tips? a 3011 or an 850GX2 will do this just fine.
|
|
#
?
May 4, 2017 03:13
|
|
|
IIRC both of those require that everything you do works with fast path. If you can some up with the scratch look at a Cloud Core Router, I think the entry model was $400 something.
|
|
#
?
May 4, 2017 05:06
|
|
|
CCRs (get the one based on your port needs) should be able to handle that based on your requirement. Ubnt Edgerouter or Edgerouter Pro would probably be the competitor in this space/price.
|
|
#
?
May 4, 2017 14:28
|
|
|
thebigcow posted:IIRC both of those require that everything you do works with fast path. If you can some up with the scratch look at a Cloud Core Router, I think the entry model was $400 something. I know a 2011 with a direct fiber connection could NAT about ~450 meg before topping out the CPU, on a stock quickset config. I've routed about 3 gig using a 3011 before, and had similar results with the 850GX2. I'm pretty sure the 3011 can handle 1 GIG NAT, but I'll get one on the bench sometime in the near future and test it.
|
|
#
?
May 4, 2017 18:07
|
|
|
I'd be very interested in any tests on the RB3011, I haven't seen anything but MikroTik's numbers. My point about the CCR is that some features of RouterOS are CPU heavy and people don't realize it. Or they don't understand the layout of the switch chip. This leads to pages and pages of threads on the official forums from people who bought a Routerboard that "should" have handled their connection but they turned on something that made it fall over and now they're complaining in English as a fourth language.
|
|
#
?
May 5, 2017 19:55
|
|
|
|
| # ? May 22, 2024 17:57 |
|
|
Ubiquiti have the EdgeRouter Infinity on the way which should have a ton of headroom on for handling 1Gbps
|
|
#
?
May 5, 2017 20:02
|
|