|
Pendent posted:Two days before they were set to go away a flapping peer caused one of my edge routers to poo poo itself so badly it actually physically bounced a bonded interface. That's a bit excessive. They're great for OSPF rings, and non-fullroute BGP peering.
|
# ? Dec 11, 2018 19:35 |
|
|
# ? Jun 5, 2024 03:18 |
|
zennik posted:That's a bit excessive. Mikrotik is great for OSPF. Less great for VLANs. Definitely no good for BGP. Using them for internal nodes/points of presence via OSPF is a-ok. The RB3011 or even CCR1009 handles multi-gig perfectly fine.
|
# ? Dec 11, 2018 20:43 |
|
Seems like the CCRs would be good as bang-for-the-buck MPLS P routers, what with the fastpath forwarding and all. Anyone using them for that?
|
# ? Dec 11, 2018 20:58 |
|
I've had some buggy OSPF behavior even, mostly around route advertisements for directly connected networks. Then there's the random stability issues where they'll reboot more or less at random with a message about kernel failure in the log. I've still got 30-40 of various models in the field but their days are numbered.
|
# ? Dec 11, 2018 21:11 |
|
Sir Bobert Fishbone posted:So I think I might just be an idiot, but I'm a little out of my depth here and am wondering if someone might be able to help. They changed how VLANs are configured and all of my knowledge is out of date. First rule of VLAN is never mix untagged and tagged traffic on the same interface. On the RB4011 The wan interface will be untagged, and I keep one interface as an "oh poo poo" port that is also untagged and has a recorded IP address so I can just plug in a laptop with a correct IP for that network size and start fixing. The interface going to the hAP will be set for every VLAN that will cross it, as will the interface on the hAP itself. I know I'm forgetting a bunch because I haven't messed with this in a year. Make sure you have backups, the correction version of netinstall, and enough time to fiddle and it won't be too bad.
|
# ? Dec 12, 2018 05:58 |
|
thebigcow posted:They changed how VLANs are configured and all of my knowledge is out of date. Cool, thanks! It's super annoying because half of the documentation out there deals with the 'old' way and half deals with the 'new', so it's taking me much longer to figure out how this all works.
|
# ? Dec 12, 2018 14:16 |
|
Lately I've been having a random reboot issue on my own hAP AC with the latest long-term firmware and oddly enough it seems to stop if I disable Watchdog. Not sure if anyone's had a similar issue. Regardless, I'm planning on testing an overhaul of my home network to Ubiquiti. Probably the USG with a PoE switch, cloud key and AP. The hAP ACs, RB951Gs, etc. I've deployed have been working *okay* for years now but I want to expand out and try some different hardware. Definitely curious about VPN and hardware-offloading performance so I'd like to try that. It just seems like small or simple/flat networks MikroTik can handle well but once you start building complex ones or ones with 600mbit or greater from the ISP, they just falter.
|
# ? Dec 21, 2018 04:22 |
|
PUBLIC TOILET posted:Lately I've been having a random reboot issue on my own hAP AC with the latest long-term firmware and oddly enough it seems to stop if I disable Watchdog. Not sure if anyone's had a similar issue. Regardless, I'm planning on testing an overhaul of my home network to Ubiquiti. Probably the USG with a PoE switch, cloud key and AP. The hAP ACs, RB951Gs, etc. I've deployed have been working *okay* for years now but I want to expand out and try some different hardware. Definitely curious about VPN and hardware-offloading performance so I'd like to try that. Known long-standing bug. Watchdog enabled without a valid IP defined, will just randomly bug out and trigger a reboot. Disable watchdog, or give it a valid IP to 'watch' for.
|
# ? Dec 23, 2018 05:33 |
|
zennik posted:Known long-standing bug. OH f. That is why one of my RB3011 has been making GBS threads its pants once a day.
|
# ? Dec 23, 2018 17:07 |
|
zennik posted:Known long-standing bug. I'm sure this has been brought up before, but has anyone had positive experience with enabling/configuring IPv6 in RouterOS? The documentation I'm reading makes me believe that if I install the package and turn it on, firewall rules, bridges, rules, etc. will all need to be reconfigured.
|
# ? Dec 23, 2018 21:43 |
|
P sure a bug reported >6 years ago still exists where ospf3 won't install a /128 loopback address making your igp useless anyway. https://forum.mikrotik.com/viewtopic.php?f=14&t=51124
|
# ? Dec 23, 2018 21:52 |
|
PUBLIC TOILET posted:I'm sure this has been brought up before, but has anyone had positive experience with enabling/configuring IPv6 in RouterOS? The documentation I'm reading makes me believe that if I install the package and turn it on, firewall rules, bridges, rules, etc. will all need to be reconfigured. I use IPv6 in some dead simple home user configuration. It works fine out of the box, as long as you keep in mind that IPv4 and IPv6 are completely separate protocols and need completely separate configuration. If you just switch on IPv6 without defining any IPv6 firewall rules, you won't have any IPv6 firewall action happening. You won't damage your IPv4 config by turning on IPv6, though - they are entirely independent.
|
# ? Dec 23, 2018 22:00 |
|
PUBLIC TOILET posted:
Sure its really easy actually. Best thing to do is install the v6 package and reset the device with latest firmware installed. This will setup 'default' working IPv6 firewall rules. Then you need to configure a v6 Client and RA, AND assign a v6 IP to the Interface.
|
# ? Dec 23, 2018 23:56 |
|
redeyes posted:Sure its really easy actually. Best thing to do is install the v6 package and reset the device with latest firmware installed. This will setup 'default' working IPv6 firewall rules. Then you need to configure a v6 Client and RA, AND assign a v6 IP to the Interface. This worked perfectly on time warner/spectrum though I wasn’t able to figure out how to easily serve the box’s assigned v6 address for DNS
|
# ? Dec 25, 2018 04:59 |
|
redeyes posted:Sure its really easy actually. Best thing to do is install the v6 package and reset the device with latest firmware installed. This will setup 'default' working IPv6 firewall rules. Then you need to configure a v6 Client and RA, AND assign a v6 IP to the Interface. I'll give this a shot on a spare RB951G I just pulled from production. I only noticed recently the standard default RouterOS configuration seems much more simple now. That just goes to show how long it's been since I've reset one of these to factory and merely tweaked the default configuration. I give MikroTik brownie points for that as it makes it faster for me to configure one of these for someone out of the box. The Ubiquiti gear I've been using now has been a lot better, though. Sorry MikroTik.
|
# ? Jan 20, 2019 03:35 |
|
Do an /export of what the Mikrotik defaults are, and then do a /system reset-configuration no-defaults=yes no-backups=yes or whatever it exactly is. That will wipe the Mikrotik almost completely. Then either console in or Winbox in via MAC address and copy over a better config with exactly what you want on it. I never trust Mikrotik's defaults. It is nice to just wipe them.
|
# ? Jan 21, 2019 09:59 |
|
Also be sure to do a /system routerboard upgrade as well as a normal software package/OS upgrade. I had a co-worker update a bunch of CRS125s we were going to use for a bunch of low level last-mile deployments and they didn't do the second upgrade step of needing to update the firmware as well. I'm surprised how Mikrotik doesn't really advertise this that much with the upgrade process.
|
# ? Jan 21, 2019 10:00 |
|
In case you are like me and you need to get some quick and dirty network diagram with network bandwidth usage (and you cannot be assed to get cacti/observium/librenms up and running), you can set up a free CHR instance and use the dude without any restriction. It might lack the finesse of the more famous platform but it does the trick in a hurry. EDIT: It seems like there is a new major release (6.44), updating my CHR pretty much nuked most of the conf, maybe i was unlucky but watch out and backup everything before upgrading. SlowBloke fucked around with this message at 18:39 on Feb 26, 2019 |
# ? Feb 24, 2019 19:19 |
|
I want a RBSXTsq2nD and the QMP wall mount but none of the places I usually look have both in stock.
|
# ? Feb 27, 2019 05:40 |
|
RBSXTsq2nD says it works with 20-70mm pipe, but the hose clamp they ship with it says 30-70. Currently shooting across a big room indoors, cable tied onto PVC clamped onto a 3M Command broom holder. She gets 98 Mb/s with no firewall rules at 29% CPU. The quick mount pro is a strange animal. The pictures show a clip, but the the RBSXTsq2nD requires a pipe. You have to disassemble the mount and swap out the clip part for a pipe part. It feels well made for what it is.
|
# ? Mar 15, 2019 03:22 |
|
https://forum.mikrotik.com/viewtopic.php?f=2&t=147048 MikroTik IPv6 bug is being presented at a conference in less than two weeks. Hope you don't use it (I do).
|
# ? Mar 30, 2019 18:35 |
|
Just work for a company that is fukken cheap enough to use Mikrotiks but old enough to be sitting on a humorous amount of IPv4 that they use way too liberally! Problem solved! At least for me.
|
# ? Mar 30, 2019 18:53 |
|
That is very on-brand for Mikrotik. https://www.youtube.com/watch?v=vJBUdAMrKJw Thanks Ants fucked around with this message at 19:27 on Mar 30, 2019 |
# ? Mar 30, 2019 19:21 |
|
My loving ISP using Mikrotiks and IPv6 and guess what happens every once in a while.
|
# ? Mar 31, 2019 15:31 |
|
They claim it's fixed now. They also broke DHCPv6. In the newsletter they said some recent update turned on hardware IPsec on the RB3011
|
# ? Apr 10, 2019 00:05 |
|
For a little all-in-one home router box with Wi-Fi and IPSec VPN support, it looks like I’d struggle to do better than an hAP ac2, and then for better performance it’s a jump up to an RB4011. Have I missed something? All the home router vendors VPN support seems to extend as far as being able to push 20Mbps as an OpenVPN client, and the OpenWrt device support is a huge list of caveats.
|
# ? Apr 20, 2019 17:45 |
|
If you're thinking about using these for OpenVPN, don't. They don't support LZO or UDP with OpenVPN. IPSec/L2TP works pretty well now though if that's what you want to use.
|
# ? Apr 20, 2019 22:40 |
|
Nope it would be IPsec only, and I'd pick proposals that are accelerated: https://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Hardware_acceleration
|
# ? Apr 21, 2019 13:06 |
|
Why is my cAP Lite storage all used up with no files listed and barely any packages installed? I am trying to upgrade and the base operating system alone is 12 MB. How do I even debug this? Barebones bridge config, nothing special: code:
EssOEss fucked around with this message at 07:52 on Jul 17, 2019 |
# ? Jul 17, 2019 07:49 |
|
It should still update. Normis had a post on it that I can't find but I think it stores the update in RAM while it works. They've gotten stingy with storage on low end units, but from their perspective how much does a CPE or AP really need? The RB450G had half a gig, there was a guy who sold them with an Asterisk VM as a one box internet/phone/voicemail solution.
|
# ? Jul 19, 2019 00:40 |
|
Yeah, it finally upgraded after a few tries. However, that being said, what is actually taking up this "used" disk space if the file explorer shows effectively nothing?
|
# ? Jul 19, 2019 07:38 |
|
EssOEss posted:Yeah, it finally upgraded after a few tries. However, that being said, what is actually taking up this "used" disk space if the file explorer shows effectively nothing? Probably a memory leak-like diskspace usage knowing Mikrotik. It never hurts to do a clean format once in a while. You can do a full export of the code via /export and then copy and paste the whole thing back once upgraded. Use: "/system reset-configuration skip-backup=yes no-defaults=yes" Then use Winbox via MAC address neighbors to get back in to copy your profile back on to a nicely blanked (with no default configs) device. Be sure to run a "/sys rou upgrade" too besides just the package/software upgrade. Each new OS version now has a new matching firmware version as well. edit - NOTE: /export doesn't show custom users if you did any of that. jeeves fucked around with this message at 18:56 on Jul 19, 2019 |
# ? Jul 19, 2019 18:52 |
|
Yeah, I did that - still shows the mystery "used" disk space!
|
# ? Jul 21, 2019 21:38 |
|
Has anyone used that 4 port SFP+ switch Microtik put out? Any thoughts on performance? I really like the low power draw, and I especially like the idea of getting an SFP+ switch for a couple hundred bucks..
|
# ? Jul 21, 2019 21:44 |
|
So, I applied the latest long-term 6.44.5 branch to my RB3011 and reboot. Shortly afterward, I receive the following email from my rancid monitor:quote:[ ... snip ... ] I really wonder what kind of drugs Mikrotik developers are on that they manage to release a patch that does that to customers. alyandon fucked around with this message at 19:57 on Jul 24, 2019 |
# ? Jul 24, 2019 19:52 |
|
Somewhere unpronounceable is a massive WISP that demanded that feature and you know it.
|
# ? Jul 26, 2019 00:21 |
|
Does that just mean to allow the none auth mechanism ?
|
# ? Jul 26, 2019 20:51 |
|
The none/null cipher exists solely to test the key negotiation handshake (e.g. TLS, IKE) and should basically never be used, or even a configurable option, outside of a development environment. It definitely should never be set as a default.
|
# ? Jul 26, 2019 22:09 |
|
mikrotik.txt
|
# ? Jul 26, 2019 22:52 |
|
|
# ? Jun 5, 2024 03:18 |
|
SamDabbers posted:The none/null cipher exists solely to test the key negotiation handshake (e.g. TLS, IKE) and should basically never be used, or even a configurable option, outside of a development environment. It definitely should never be set as a default. Is bestest config, friend. Is to make you more secure.
|
# ? Aug 10, 2019 06:35 |