MikroTik

marting

Hi,
I tried some devices if I can wake them up by WoL after Shutdown. E.g cAP ac.
Seems they are not capable by default. Is it possible to enable WoL within RouterOs for MikroTik devices?
WoL Magic packet was generated with a CCR that usually works great with sending WoL.
Regards
Martin

marting

Theese two log entries have different ports, also connections show different ports.
Am I right assuming that each dst/src ip/port combination occurs only once?

marting

From a logical point of view, this behavior is absolutely reasonable as a connection needs an ACK for getting established state. So it is not yet established when you log the packet as it still has to be forwarded from routers point of view. As I never used outgoing firewall before, I am not sure, h...

marting

Hi, I want to to use a 1GBit connection as fallback for a 10GBit connection between my CRS326 and my ESXi server. As stated in the wiki hardware offloading gets disabled as soon as I set the bonding mode to active backup. Are there unfixable technical reasons for this? If so, how should I realize my...

marting

Oh sorry, did not know I had to justify myself for previous decisions :D Please believe me when I say I know what I am doing. The restaurant has also rooms, there is an office, there is no mobile reception at all. Router does also firewalling and queuing. And I repeat, there were no financial reason...

marting

Well, did not think this would matter

marting

Well, perhaps for a technician. But not for a restaurant at higher level

marting

The smaller one. I agree that a 40cm dish would be overkill and it is also a massive optical factor.
The smaller one is nearly invisible if you don't explicitly look for it.

marting

Thank you very much, works like a charm.
Interface monitor shows 28.5m.

marting

Thank you, so weatherproof. But it seems not to be able to assign it downwards. And I did not find a spot diagram. The mounting point of the main building is approx. 10-15m higher than the one of the holiday house. Are there really small masts that can be nicked or will it be no problem not to assig...

marting

I don't think, this one is weatherproof, is it?

marting

Wow, more massive than I thought to be necessary

But that's the reason why I ask

marting

Hi, I use Mikrotik Switches, Routers and AccessPoints for quite a long time now, but have absolutely no knowledge about PtP wireless connections. Recently I equipped the restaurant of my cousin with MikroTik Products (CRS328-24P-4S+RM, CCR1009-7G-1C-1S+ and six cAP ac) and CAPsMAN. This works for ab...

marting

A bridge is a like a switch, so yes. All vlans to the same bridge.

Take 4084 as pvid, it will be good as long as you do not need this vlan?

marting

More common and flexible way to choose would be /ip firewall filter.

marting

Ermm, what?
I am talking about MikroTik devices do not know that 2019/09/27 is a Friday. You have to script that (see link above).

Do you really think your answers were helpful? "Maybe with a script" and "of course"?

marting

The CRS has the same RouterOS like CCR and most other MikroTik devices. The CCR is ways to powerful for your scenario. Syntax would be the same like in my snippet. The only devices that don´t run RouterOS are CSS-devices. There are no graphs I think but you should also see the current bandwidth on t...

marting

On router 2 it could look like this: /ip route add distance=10 dst-address=0.0.0.0/0 gateway=10.0.100.1 add distance=20 dst-address=0.0.0.0/0 gateway=10.0.100.3 On router 3 it could look like this: /ip route add distance=10 dst-address=0.0.0.0/0 gateway=10.0.100.1 add distance=20 dst-address=0.0.0.0...

marting

This is no trivial script as you first have to detect the day of week (Mon/Tue/..) and this is not provided by routeros. Here are some script for doing that: https://forum.mikrotik.com/viewtopic.php?t=58750 En-/disabling script has to be run every day at 08:00 and 17:00 and condition (Mon-Fri) it ca...

marting

The configuration for your scheme would be like this: # VLANS: # 11: RouterMgmt # 21: VLAN_MAV # 22: VLAN_ORN # 23: VLAN_ORN_IN # 31: VLAN_DEV /interface bonding add mode=802.3ad name=bonding-switch slaves=ether2,ether3 transmit-hash-policy=layer-3-and-4 /interface vlan add interface=bridge name=vla...

marting

For clarification: 1. CCR should bridge WAN_MAV connection from ether4 to combo1 and WAN_ORN from ether6 to ether7? 2. Are there different devices for each WAN? I don´t really logically understand this layout. 3. Which WAN should bonding trunk use? 4. Does the router do any routing or do you only us...

marting

Sorry, nevertheless I think this is the wrong way. If you want to reset changed settings then you should reset it with set (like this): /ip firewall raw set [find comment="GENERATED: 001"] chain=prerouting disabled=no This way you don´t loose counters, don´t have risk of disconnection betw...

marting

I don´t understand the question, sorry. You always can use bridge and will earn switch behaviour on the bridge ports. Better would be a dedicated switch. I use a CCR1009 only as firewall and router connected by SFP+ DAC (tagged VLAN trunk) to a CRS326-24G-2S+RM. But of course it is possible to the C...

marting

I don´t think that it is really necessary, to recreate the rules. What exactly are you trying to do? place-before with numbers cannot be done with console or api this would be possible: /ip firewall filter add chain=input comment=first place-before=[ find comment="second" ] But as stated, ...

marting

Either ping some address in the internet until it is available or simply wait a few seconds before the email:

:delay 15
#mail....

marting

New release 2.0.0 with change from Moose to Moo. Should have a little less compile time:
https://metacpan.org/release/MikroTik-API
https://github.com/martin8883/MikroTik- ... tag/v2.0.0

marting

No, output is like this:

[martin@het-ro-a] > :put [ /system clock get date ]               
sep/13/2019

marting

/system scheduler add interval=1d name=disableUserSecrets on-event=":local usersToDisable [:toarray \"martin, thomas\"]\r\ \n:local dayToDisable \"09\"\r\ \n\r\ \n:if ( [ :pick [ /system clock get date ] 4 6 ] = \$dayToDisable ) do={\r\ \n :foreach user in \$usersToDisable ...

marting

At client side one call less is necessary to login. The only (extremely unimportant) thing I can say. I love MT products but the release policy is quite silly. There is also no explanation for those decisions like "killing MD5 saves xx% resources on the router" or something like that. Cons...

marting

Sorry, I missed the fact that the old method has been removed with 6.45. The changes (previously only on GitHub) are now also available with CPAN: https://metacpan.org/pod/MikroTik::API (v1.1.0). It precedencs new method and falls back to the old one. Please test it carefully before production use, ...

marting

Is there a fix out for this for PERL? Just upgraded a few devices from 6.44.x to 6.45.1 and now the API fails to log in. I have been using the CPAN installable which says it is version 1.0.5 and is up to date. Sorry, I missed the fact that the old method has been removed with 6.45. The changes (pre...

marting

Received my first cAP ac today and realized how large it is in contrast to the cAP lite :-) Really wondered as the sepcs are not sooo different. And I also realized that it has a center button (only clickable with the round enclosure). What's this button for? At first try it seems I can switch off L...

marting

You could also have a look into the manual

marting

Hi, I have two WAN ports: pppoe-internet and pppoe-voip. All SIP phones connect to a fixed IP, 172.16.10.1; I route these SIP packets with a mangle rule based on dst-address(-list) and routing marks. Works fine. Problem are the RTP packets. Their dst-address is generally unkown. Of course I can do a...

marting

I also have three questions/suggestions for this feature: 1. How stable is cloud.mikrotik.com. If this address is unreachable it doesn´t mean there really is no internet. 2. Will it be possible to have another Mikrotik router as check partner in future? 3. Which data is transmitted to cloud.mikrotik...

marting

Segment the network into subnets and attach those subnets to the interfaces where they are needed. I guess you won´t need your whole /22 to be within one block.
Additonally I would only assign those addresses and subnets that are actually in use. Will give you more flexibility afterwards.

marting

By looking into the lease table of the router that runs the DHCP server. If you are not able to do so why do you want to use DHCP?
Let's start from beginning. Which router, which subnets, any vlans? Your private lan at home? What if you use static IP for your PC? Does your PC get a DHCP lease?

marting

First of all you are mixing different things up. RB260GS is not operated by RouterOS but by SwitchOS (not dualload capable as far as I know). SwitchOS can not be managed with winbox but only with the browser. The switch does not need internet access at all because he has nothing that relies on inter...

marting

I guess you mean the RB260GS.
It is possible since SwitchOS 2.5. Then you can find it under System > General > Address Acquisition. Three options:
* DHCP with fallback
* static
* DHCP only

marting

We changed our systems to CoA and it works flawlessly.

marting

Thank you for confirmation.
Any plans for timeline?

marting

Are there any news on this? Nobody else have this problem?

marting

Hi, I started to create some Visio Shapes because the Shapes I did find, were not very satisfying to me. Before I build more, do you think this is the right direction? I build them to snap into the Visio Rackmount Template and added Connectors with the Ports. Visio Rackmount Template is quite small,...

marting

As suspected same error (unable to find suitable address) with this configuration: [admin@MikroTik] > /interface export # sep/22/2017 09:23:02 by RouterOS 6.40.3 # software id = IXF3-V908 # # model = 2011UiAS # serial number = 60880564F9AD /interface vrrp add interface=ether10 name=vrrp1 [admin@Mikr...

marting

Sorry, it's only a testing scenario. There is no IP from same subnet on a regular interface on the productive router and the problem is the same.
But I could remove ip from regular interface or switch vrrp ip to /32 next week and repost results then.

Regards Martin

marting

Hi, SMB-access is possible to a VRRP interface/ip with SMB interfaces=all. But SMB does not listen to the specified VRRP interfaces if there are interfaces specified. See following test scenario (had the problem with productive router, this is minimized version): [admin@MikroTik] > /interface export...

marting

In my understanding add-vpnconnectionroute is something like route -p add .... "vpn" (have to add each route by hand): https://technet.microsoft.com/en-us/itpro/powershell/windows/vpnclient/add-vpnconnectionroute Wheras the flag SplitTunneling true should cause the routes be added automati...

marting

Hi, I want to use gateway defined Split Tunneling for my Windows and Mobile terminals. But it seems to be implemented incomplete and also not Windows-compatible at all. In short words: Windows (latest v10) seems not to receive any subnet/route from the server in a compatible format: No route for vpn...

marting

Hi, I tried the "quite" new IKEv2 feature in ROS. I followed this guide https://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Road_Warrior_setup_Ikev2_RSA_auth and it works great if I import the genereated pfx cert to local computers cert store. It does not work (windows claims it cannot find IKE...

marting

No. One DHCP lease per MAC. One MAC per Interface. Either abuse VRRP or connect one physical port to the switch for one IP.
Same question with VRRP solution: viewtopic.php?t=93517

marting

Hi,
is there a possibility (with RouterOS possibilites only, no separate ReverseProxy and so on) to allow Web Access to Usermanager Admin GUI (http://x.x.x.x/userman) but to disallow regular Admin WebGUI? I don´t want to see the Admin GUI when going to http://x.x.x.x.
Regards
Martin

marting

Hi Ahmed,
did you find an information about this display? Like Pinout and so on?
Regards
Martin

marting

LACP is in rOS available since v4 I think. I use it for a few years already with some CCR1036-12G-4S and CRS212-1G-10S-1S+IN. See Wiki: http://wiki.mikrotik.com/wiki/Manual:Interface/Bonding#802.3ad I am talking about SwOS. In my opinion this is an essential switch feature, so until implemented I wo...

marting

Does this mean there is no 802.3ad at all? No Link Aggregation?
I was very interested in this switch but without LACP? This is a very big disadvantage.

Where can I find documentation about SwOS 2? This seems to cover v1 only: http://wiki.mikrotik.com/wiki/SwOS

marting

Thank you for providing this server! Although I wonder why ROS does not correctly track their own BTEST UDP/Receive connections. I have same issue with UDP Receving like some other in this thread. I allow ESTABLISHED&RELATED in input and forward chain. But I have to disable my REJECT chains for ...

marting

I know distance in DHCP client. But there is no check-gateway. Key of my previous post is type=prohibit for all other interfaces. Different distances for default gateway work great if an interface is completely down (no link). But check-gateway did not have any noticable effect with my last test for...

marting

Two default gateways with different distances do not always work as expected and has a few disadvantages: - you have to know the address of the default gateway and it has to be always the same - you have to use check-gateway, this often does not recognize lost connection to gw and will never recogni...

marting

Hi, it would be great to be able to enable safe mode by API. There are a few old posts concerning this but I did not find a public feature request in the ROS7 section of the forum, so here it is. http://forum.mikrotik.com/viewtopic.php?t=32907 http://forum.mikrotik.com/viewtopic.php?t=60279 Regards ...

marting

Hi lavv,
I already merged it, thank you!
Regards
Martin

marting

I checked it and without operators, the conditions were seen as AND. Nevertheless, at the moment I have no need to implement advanced operators. I will if I need them or if I have really boredom. But this won´t be in the next weeks. If someone else wants to implement - feel free to do so, I will acc...

marting

The query is based on this commit: https://github.com/elcamlost/mikrotik-perl-api/commit/10e5da1fd0ccb4a249ed3047c1d22c97251f666e So it is no complete implementation of all possibilites of query. It is a very simple AND. For example die Dumper( $api->query('/interface/print', {}, { type => 'ether', ...

marting

Ah, thank you for information. So do you think something like kheeva wants to do (remove all Firewall rules: /ip/firewall/filter/remove [/ip firewall filter find] ) is possible by API? As find is so useless by API, I would not put much effort in this if there are changes in the implementation requir...

marting

Is it possible to run cmd through API like that: /ip/firewall/filter/remove [/ip firewall filter find] ? No, not as far as I know. Not because of limitations in the Perl implementation but the way how the API works. I´m not an expert for this API, but if I look here at how the API works, I cannot i...

marting

Version 1.0.2 is available at github and uploaded to cpan. I guess it will be listed in the next hours.

marting

Hi kheeva,
thank you and sorry. I already implemented the timeout and some type of connection probing (useful for long lasting connections).
I will push it to github and CPAN later this day.
Regards
Martin

marting

I reworked it to OO and published it at github. See http://forum.mikrotik.com/viewtopic.php?f=9&t=102923 for more details.

marting

Hi, I reworked the existing perl API implementation from cheesegrits and some other guys (see http://forum.mikrotik.com/viewtopic.php?f=9&t=22744) and ported it to Moose. It will available at CPAN: http://search.cpan.org/~martingo/MikroTik-API/ and the repository is at github: https://github.com...

marting

Hi camlost,
did you make any progress and are you willing to share it?
I will have to do the same, the current version is nearly unusable in larger projects.
Regards
Martin

marting

Are you sure about this? Did you try latest ROS version?
If this is true, it would be a real issue and you should open a bug report.

marting

Edit: Seems as the problem was solved by a reboot. Perhaps some meantime learings with a wrong config were in cache. Hi, I have a Cloud Router Switch (CRS212-1G-10S-1S+) where I have some VLAN problems. Perhaps someone could help. SFP1 is inbound connection without VLAN. SFP9 should be VLAN Trunk Po...

marting

No, waiting for the final.

marting

Wow, fine. I´m looking forward for this!

marting

Radius PPPoE-Server CoA still not supported I guess.

And I think we are repeating. We already talked about all this (version, CoA, alternative solutions) previous in the thread.

marting

marting

In any version below 6.32.
So in 6.31.x it works.

marting

You have to add static rules for each user and change those. Or downgrade to 6.31.
This "bug" is "fixed" since 6.32

marting

I´m quite sure it will also work with Wine as Winbox does so.

marting

Not important for me whether it was a bug or a feature, it worked for months now

Now I cannot upgrade any longer until we reworked the whole system. Very annoying.

Do you know if proper coa support is already in work?

marting

But at the moment there is no consistent way to change rate limit for pppoe-users. There would be Radius CoA feature but that is not supported within ROS for PPPoE-Server with Radius. If that would exist I would agree perhaps. With the removal of this possiblity I would have have to create/remove si...

marting

Hi, regarding this bugfix http://forum.mikrotik.com/viewtopic.php?p=497871#p497871 I have a question (dynamic simple queues were editable by terminal and are no longer editable with the reason that dynamic items should not be editable): Why is it restricted by rOS whether I can edit a dynamic item? ...

marting

Okay, got it. Great. Thanks for this feature.

marting

How can I change my device to stay on the stable branch? I use System > Packages > Check for Updates and it shows 6.32.1 Do I have to install stable branches by hand? I think concept of stable and beta/testing branch is fine. But I think it is the wrong way to provide the unstable releases by the co...

marting

You can export to file like I wrote above: export file=export.rsc Your command did not work because you inserted spaces between file= and between =export.rsc This rule is wrong: /ip firewall nat add action=dst-nat chain=dstnat dst-address=118.91.190.195 to-addresses=10.0.0.0/8 You can´t do a dst-nat...

marting

All dynamic features should be fully controlled by their originating settings.

I would love to do so, but as I mentioned CoA is still not possible.

marting

You did not mention a modem till now. What´s this modem? Is it already a kind of router with DHCP server? Do you have to dial up by PPPoE? Tell more on your WAN connection.

marting

My routers ports 2 to 5 are bridged.. All tutorials shows no bridge...

The posted PCC configuration can be adapted to bridge very simple. Change in-interface=LAN to in-interface=your-bridge and so on.

marting

marting - Now you can not change dynamic queues also through CLI. Dynamic items should not be editable. What???? Why? My whole system relies on this. And it works great, so why do you remove a feature??? It is necessary for me to change rate limit on dynamic pppoe queues as ROS is still not able to...

marting

From what you said, I agree with jarda. Do you need some Dial-Up to an ISP?

marting

Bridge the masterports. If ether2 and ether5 are your master ports, then bridge them. Probably it does not make any difference but the configuration is more transparent.

marting

Which device do you own? Many devices have multiple switch groups, for example a RB2011 has one switch on 1-5 and one on 6-10, so you could use switch feature on the particular group but need an additional bridge that connects the two switch groups together.

marting

No I meant these lines: / ip address add address=10.111.0.2/24 network=10.111.0.0 broadcast=10.111.0.255 interface=ISP1 add address=10.112.0.2/24 network=10.112.0.0 broadcast=10.112.0.255 interface=ISP2 Go through the Explanation section and read each paragraph and build it step by step. It is reall...

marting

the article above is talking for 2 dsl lines with dhcp. is not the same for 1 pppoe and 1 dhcp. In fact it is not even talking about DHCP. It only relies on Interfaces. So which point in the article do you think will not work with pppoe interfaces? Of course you don´t have to add the WAN ip address...

marting

Rules with
connection-state=established
and
connection-state=related

marting

Click check for updates once more. Latest Version for me still 6.31, see screenshot

marting

Provide a DHCP relay on one of your interfaces:
http://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Relay

marting

Without having read your whole scripts, I recommend to follow these instructions:
http://wiki.mikrotik.com/wiki/Manual:PC ... _Balancing
I implemented it this way with good results.

marting

can u explain the difference of the 2 entries?
=".*\\.
="^

The first one matches to *.microsoft.com for example www.microsoft.com, downloads.microsoft.com, server2.europe.microsoft.com and so on...
The second one matches only to microsoft.com without any subdomain.

marting

Can you post an example of one of the lost rules?

marting

Dynamic Queues are still not editable by Winbox and Web but only by terminal and api.
Ticket No of confirmed bug is 2015082766000678 but as you see with the number it is a quite recent ago reported bug, so I guess it will be solved in some future release.

marting

Your rule #0 and #1 are in forward chain. This means, it will drop port 53 packets that are meant to go a host behind your router. This rule is correct if you use another host as DNS server. If you use your mikrotik as DNS server (you did not write that, but I assume) you have to move the rule into ...

marting

Well, it seems you won´t believe what I say, so I think I can´t help you. The mac address I am talking about is not one of yours but the gateway, so probably it is one address of your ISP. You will also see it at IP > ARP. Regardless if you believe or not what I told before, there are no MAC address...

marting

The mac address you see is probably the mac address of your gateway, so you really should not add it to the blacklist

You can´t work with mac addresses over the internet, IPs are the way to go.

marting

I´m not sure if understood correct. at ether 6 you have a pppoe-client to another pppoe-server at ether7-9 you want to run a pppoe-server for hosts to dial in at your Mikrotik? Can each host dial-in at each port? If yes, you need to switch or bridge ether7-9, add a ppoe-server with the bridge or swi...

marting

yes, but I think you can do a little work, too.

Hint:

[me@somewhere] /ip dhcp-server lease> :foreach i in=[find ] do={ :put [get $i status ] } 
waiting
bound
waiting

marting

No for the same reason.

The only thing you could do is distributing the connections to specific interfaces. For example all HTTP to ISP1, all Mail to ISP2 and so on.
But if you don´t tell more exactly what you want to do, I can´t help.

marting

:local firmware [ /system routerboard get current-firmware ]
:local routeros [ /system package get number=0 value-name=version ]

marting

Hi, I know it is not possible to have more than one packet mark per packet (latest mark wins afaik). However this would be very helpful sometimes. So does anyone know if there are plans for implementation? Or will this never be an option because of the close bonds to the Linux Kernel/netmark? Regard...

marting

Simple answer: NO

That is not possible because your ISP will not forward foreign IPs and when he would then the reply would go the other ISP.

marting

You need a criteria to dnat only access to the webserver. If you can´t use WAN IP because it´s dynamic, you can´t stop thinking but have to find another criteria. Multiple solutions possible: I would prefer relying on the incoming interface: /ip firewall nat chain=dstnat in-interface=ether1-gateway ...

marting

Hi, NetFlow is the way to go: http://wiki.mikrotik.com/wiki/Manual:IP/Traffic_Flow You need to configure your Mikrotik to send the data to a collector that you have to set up. Like nTop, Flowd and so on. Here´s a list of free NetFlow software: https://de.wikipedia.org/wiki/Netflow#Freie_Software Did...

marting

What´s your question? Or how is this related to the General discussion forum of RouterOS?

marting

Something like this: :local i; :local hostip; :local hostname; :local dhcplist ""; :local leasesall [ :len [ /ip dhcp-server lease find ] ]; :local leaseseoip [ :len [ /ip dhcp-server lease find where server=EOIP ] ]; /ip dhcp-server lease; :foreach i in=[find where server=DHCPSERVER_192 ]...

marting

/ip firewall filter does not apply to bridged ports. The first thing you could try is to enable "Use IP Firewall" under Bridge -> Settings: http://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_Settings The other thing is a separate Bridge Firewall: http://wiki.mikrotik.com/wiki/Man...

marting

No. I asked the support in February 2015 and got this reply: > For now RouterOS does not allow to create MLPPP server. > > We can not promise that this option will be implemented in nearest future, but we > are definitely planning to implement it. Most likely, it could happen within > version 7 of R...

marting

Mhmmm, strange. As I don´t have this issue, it seems not be a general problem and I would suggest to contact the support with an autosupout.rif attached.

marting

Did you also upgrade the Firmware? I´m on 3.27

marting

I just thougt about it and I guess he tries to block RDP within his private LAN which probably will not work as he expected because his PCs share the same subnet using the switch feature or a bridge or even a separate switch, so Firewall Filtering will never take place. fess: Please describe in deta...

marting

You can not use protocol=rdp. This is absolutely wrong. Protocol RDP stands for Reliable Data Protocol and has NOTHING to do with the Remote Desktop Protocol that you mean. RemoteDP is based on TCP and uses port 3389 by default. I´m 99.9% sure my rule is correct, so please post an export of your con...

marting

Fans of my CCR1036-12G-4S are spinning at 6.30.2 if it is necessary. Perhaps temperature is too low? I´m currently connected to the CCR and is on auto/main Temp is at 40C and CPU at 54C. Sometimes both are at 0RPM, sometimes only the second one is at about 3800RPM, sometimes both are beteween 3700 a...

marting

Type
/export file=export.rsc
in terminal, then drag&drop the file to your desktop, open it in a text editor and paste it here.

Obviously your POP traffic will go to wrong queue

marting

Do both PCs have an IPv6 address?
Linux: ifconfig
Windows command prompt: ipconfig

marting

Multiple issues: First of all input chain is only managing connections to the router not for other equipment. So forward chain is the way to go. 192.168.88.* is not a valid address or netmask. You probably want to use 192.168.88.0/24 dst-port must be numeric, no named protocols like rdp, smtp, ssh a...

marting

Is there any documentation on this mirror mode? Couldn´t find anything in the wiki or somewhere else so I thought it is still not implemented.

marting

I guess it is still not implemented for about ten years now

http://forum.mikrotik.com/viewtopic.php?t=7263

marting

/ip firewall nat
add chain=dstnat src-address-list=staff dst-address-list=websites_allowed_for_staff protocol=tcp dst-port=80,443 action=accept
add chain=dstnat src-address-list=staff protocol=tcp dst-port=80,443 action=dst-nat to-addresses=1.2.3.4

marting

See which path the SD-card has (I only use usb disks):
/disk print
In my case disk1, so export there:
/export file=/disk1/compact.rsc
/export verbose file=/disk1/verbose.rsc

marting

I think your answer is misleading. ProCurve perhaps only work with their own SFP modules inside the HP switch. It does not matter which SFP module is on the other side (inside the MikroTik) but they must use the same transmission mode. Edit: I think there are also HP compatible SFP modules from othe...

marting

You could disable the info rule at /system logging. Info is just info and nothing critical. This way you will loose some other info messages (like ether port up/down or rule changed). If you need some of the info message you could add a separate Topic for this (e.g. interface for if up/down). But yo...

marting

You should have a look to use SFP modules with same properties (Single-/MultiMode, CWDM color and so on).

marting

Without posting your whole configuration I don´t think anyone can help you.
Usually src-nat on a WAN link is trivial and there is no hidden secret to send or receive mails. So I guess your configuration is wrong. Perhaps you don´t allow every necessary outgoing connection.

marting

Of course you can if know the unwanted IPs: /ip firewall nat add action=dst-nat chain=dstnat dst-address-list=RedirectOfUnwanted to-addresses=173.194.112.183 The only restriction is that the webserver under this new IP must not use Hostname based Virtual Hosts, otherwise you will see the perhaps unw...

marting

My problem was solved with a simple hint: The connection in fact already was established but the screen was blank and I simply had to press a key

marting

What means "It doesn´t work"?
I say it does. This is a very simple L7 rule, why should it have stopped working?

marting

That´s a problem of your internal mail server. It must not work as an OpenRelay . This means it must not accept mails to the rest of the world from unauthenticated users. Here you can check if it meets the minimal security configurations: http://mxtoolbox.com/diagnostic.aspx Anything you will do on ...

marting

Hi, I did a capture of a RTP stream on a CCR1036 because there were transmission problems. The main problem is identified as problem of encoder and decoder. But I also noticed some strange packet loss during NAT. I did a dump file by packet sniffer tool and analyzed with Wireshark. NAT rule is like ...

marting

Hi, Partitions feature is nice and I would like to use it for deploying new configuration. New Dummy rules in 6.30 caused lots of trouble, so I am looking for a way to safely reconfigure a router at a remote location. The manual is quite inspecific for this feature: http://wiki.mikrotik.com/wiki/Man...

marting

Where do these rules come from? I have some RB2011 with these rules and some RB2011 without these rules. All are running 6.30 These rules caused real headache because my configuration script does something like: 1. disable all interfaces 2. clear all firewall rules (filter, nat, mangle) 3. do someth...

marting

Hi, I build a DB9->RJ45 cable attached to Serial/USB COM4. (Pinout: http://www.instructables.com/id/Simple-RJ45-DB9-Cisco-console-cable/ ) It was not possible to connect with putty to serial port with recommended preferences (115200 baud, 8 data bits, 1 stop bit, no parity, no flow control). Then I ...

marting

Hi, usually there is a src-nat 192.168.3.0/24 to 3.3.3.3 for our phones and they go into a tunnel. Today the other end of the tunnel crashed (leap second) and the l2tp-tunnel interface was down. So src-nat rule (relying on out-interface) was invalid and NAT did not longer apply. Finally the tunnel c...

marting

Yes, they all crashed: http://forum.mikrotik.com/viewtopic.php?f=3&t=95455 that post is from April? When you scroll down, you will find more recent posts from today. The reason is the same. On 1st of April there was a leap second insertion on some Italian nameservers and today it was worldwide:...

marting

Hi, I attached a small USB stick as proxy cache. Is it safe to keep max-cache-size=unlimited? Let´s assume the stick is only 128MB. Will there be problems if it is full or will the web proxy clear old content? I ask because I have different routers with different sized sticks and don´t want to adapt...

marting

Hey, I did not mix up, but I reduced my reading to the upper diagramm :-) In fact the upper diagramm shows that there first is the routing decision and secondly the output chain (green box). But you hit the point . There seems to be a routing adjustment at the end of the output chain (blue box). I m...

marting

Hi First of all - it works and I´m happy with this. But I don´t understand why: Mangle sets a routing mark in output chain and my ip route with this routing mark works correct for example this is used there: http://wiki.mikrotik.com/wiki/Manual:PCC#Policy_routing ) But according to this http://wiki....

marting

make mangle for LAN traffic with address list. make static simplequeue rules with packetmark LAN traffic. when user connect , MT make dinamic simplequeue for this user, because, static simplequeue rules capture LAN traffic, dinamic traffic capture all other, and this is Internet ! Although is a qui...

marting

Hi, I have a general question on ip routes: There are three networks with DHCP server. On two networks it is enough to set the etherX as gateway and on one network I have to set the gateway IP as gateway (then 1.2.3.4 reachable etherX appears). There is no obvious difference in DHCP lease I get from...

marting

Hi, I have some kind of initialization script with a common part and a superadmin part (managing users). The superadmin part should only be called if the current user that executes the script has the policy "policy" to do so. How can I get my own username by script? Like whoami on unix bas...

marting

Love webfig, however I would like to see the ability to disable the "disable eable buttons" particuarly in "interfaces" you can click the "D" to disable the interface, would like a read-only or remove option for those buttons, either for individual interfaces or as a w...

marting

Hi, I need a tunnel over a high latency link (Satellite, ~700ms). Layer 2 would be great. So I tried a L2TP tunnel from one MikroTik to another one (without IPsec). Performance without tunnel is about 20MBit/s and with tunnel it drops to 1-2MBit/s. Sometimes a little better but not good. Is there a ...

marting

Well, you´re absolutely right. It´s even in the verbose description of the router:
http://routerboard.com/RB2011UiAS-RM
I guess I only saw: "PoE out No" in the product specification table.
Thank you!

marting

Hi, i have a very important CCR at a remote location. Did a few things to prevent accidential lockout by firewall rules. But I think it can happen very easily to disable the internet uplink by accidential clicking on the D left to the interfaces sfp1. Is there a way to prevent this? Else I will have...

marting

Hi, I have some routerBOARD hardware like that: http://img.routerboard.com/mimg/717_l.jpg On ether1 is POE and I understand this is Power-Over-Ethernet IN. But what´s the yellow powerplug symbol on Ether10? And additionally what´s the unlabeled RJ45 port on the backside? Is this for serial console? ...

marting

Hi, I migrated from a Debian server firewall/router to a mikrotik. But now I have very often (usually at least one per hour) diconnects and before this I had no disconnects at all (online from 8am to 8pm). Log error message is: "<pptp-XYZ>: terminating... - peer is not responding" Internet...

marting

Finally found the problem - the compact export is complete (except users but i guess this is the way designed). But the import failed because I disabeld the guest Samba user a few versions before and this is not longer possible. So the import after reset failed at this point. Had to reset without de...

marting

Hi, I want to move from a 2011UiAS-2HnD to a 2011UiAS-RM (both on v6.26). The question is: how to do this? - Backup/Restore: Have read that this is only for exact the same router (not even a router of same type) - Export verbose: Can´t import, tried it by /system reset-configuration keep-users=no no...

marting

Thank you for information, did not find documentation that there is also a priority for the most specific rule. So I think this would be the sequence: 1. Select all applicable routes, from this: 2. choose routes with matching routing-mark (if existing), from this: 3. choose most specific routes, fro...

marting

Hi, I want to be sure that always the correct route is selected without introducing too many distances. From http://wiki.mikrotik.com/wiki/Manual:IP/Route#Route_selection I have learned that routing-mark with applying distance is more prior than applying distance without routing mark. Seems to be ob...

marting

But you suggest using SSTP/OVPN as point 1 in your solution. Do I misunderstand?

marting

Did anyone use this this script on a 6.x already?

marting

Hi eteranl,
thank you for sharing this solution. As I have read EoIP suffers performance, is there a better alternative? Would this work?
1. SSTP/OVPN to connect each WAN to each pper
2. MPLS/VPLS over VPN tunnel

marting

Or would it be better not to bond, establish a single VPN connection through each WAN interface and use this? http://wiki.mikrotik.com/wiki/Advanced_Routing_Failover_without_Scripting http://forum.mikrotik.com/viewtopic.php?f=2&t=45322&p=231651 As far as I understand the only advantage of ab...

marting

Hi, I have to connect two Mikrotik routers through Internet and I´m getting headache on thinking on how to realize best way :-) IS: Router R1 located in datacenter with a few puplic IP subnets Router R2 located in office with two WAN links (WAN1 leased-line or DSL and WAN2 LTE or SAT as failover). G...

marting

Hi,
I need to build a similar setup. Does anybody have a hint?
Regards
Martin

marting

could you reproduce or do you need some more information from me?

marting

Right, I reproduced it also on 6.22 firmware, so this is not gone with 6.20 And it is no disabled rule but an active rule with an folded/retracted/hidden address list. Just add a test firewall rule, select a DST or SRC adress list. Then click the upwards arrow and the list is not visible any longer....

marting

Thank you very much, you´re assumption was absolutely right. I was not aware that "hiding" (by clicking the arrow) leave the old value untouched. I checked src/dst adress list for all of my firewall rules and indeed there was one rule with a hidden occurence of my old address list. Thank y...

marting

So what do you think is the recommended configuration for this setup?

marting

My problem is not solved, too. I just ignore it :-) Because of the hint with the export file I did an export, too. And it is the same for me, the name of the address list occurs two times in the binary backup file but does not occur in the export file. I just realized that I perhaps made an mistake ...

marting

Hi I upgraded a CCR1036-12G-4S from 6.18 to 6.22 and firmware from 3.18 to 3.19. Ususally we had the graphs of sfp1 on a monitoring display. Auto refreshing worked fine. It happened extremly rare that one of the four graphs was not displayed until next auto refresh. But since the upgrade I have to d...

marting

Hi, I have a CCR1036-12G-4S with three Hosts for virtual machines directly connected to it (ether4, ether5, ether6). All virtual machines are in subnet 10.142.46.128/25 and machines are regularly moved over the hosts. Because the CCR is missing a switch chip, I use a bridge over these three ports at...

marting

Hi, I have problems configuring an additional subnet on a CCR to a separate VPN device. Assume I have a subnet A 203.0.113.16/29 on ether2. So I assigned 203.0.113.17/29 adress to the Mikrotik as gateway on ether2. VPN device has 203.0.113.18 with .17 as gateway. Working as expected. Now I need an a...

marting

No it is not removed by a reboot and it is even there after a restore of backup file. I can find it twice in the unencrypted backup file. The first occurence seems to be list of address lists and the second occurence seems to be a rule that really is there but the adress list is not included. Edit: ...

marting

Hi, I have created a few address lists and removed or renamed some of them. Now I have one address list that is not used any longer but it still appears in the drop down menus. I did an export in / and I can not find the name of this list in the rsc file. Do you have an idea how to get rid of this o...

Search found 172 matches