MikroTik

oreggin

Thanks Guys, I hope now I understand the whole WG idea. I looked WG from bad direction. I tried to compare it with L2TP over IPSec or SSTP, however it simplify IPSec job and it is not a universal DMVPN solution. In IPSec I can control the traffic with IPSec policies, in WG I can control the traffic ...

oreggin

Thanks anav, now I got that "allowed-address" is for routing decision or similar in WG.
If I have 1000 of Spokes then I need 1000 WG interface on HUB?
Dynamic routing (IGP) should works on this? What about IPv6 and MPLS?
Can I scale this up to at least 1000 spokes?
Thanks!

oreggin

I desided to add second chance to WG, but I wasn't success. I try to set up two peer on one router but only the first working, I can't ping to the second one. I tried to setup a triangle topology with 3 routers but only one WG link is working from the three. /interface wireguard add listen-port=1323...

oreggin

DNS issue addressing is not success in 7.6rc1. It doesn't work most of the times. I created a bash oneliner to test it with 7.6rc1 and after downgrade to 7.6beta8 it works fine as you can see in the second case: $ while true; do i=0; while [ $i -lt 20 ]; do getent hosts web.facebook.com > /dev/null ...

oreggin

Fixed in 7.3RC1

oreggin

Hi, IIRC BGP signaled VPLS is under /interface/vpls/bgp-vpls/add It should be BGP signaled if you using site-id instead of cisco-id. for example if your AS is 65535 and RD is 111: /interface/vpls/bgp-vpls/add disabled=no rd=65535:111 import-route-targets=65535:111 export-route-targets=65535:111 site...

oreggin

Should ROS7 do MPLS forwarding over PPP tunnels like L2TP, as do with ROS6?
I set LDP on my L2TP tunnels but all mappings are inactive and no forwarding.

oreggin

I realize that what I am asking for down below is a LOOOOOT of work but....I'd like to put them in there. BGP Labeled Unicast (RFC3107) for both IPv4 and IPv6 BGP Link-State (RFC7752) for the TE database distribution between areas (allowing for inter-area MPLS-TE) BGP Route-Target Constraints (RFC4...

oreggin

Same here, RoSV7.3beta37 and RB4011

oreggin

Ohkay, (l)user error

I messed up the nexthops and this is why it didn't worked for me. Now I fix it and works fine.

oreggin

This could happen if you had model with a specific nand (can affect RB1100AHx2 and RB850x2). It will be fixed in the next version.

Thanks mrz, waiting for next release...

update: Upgraded to 7.3beta37 successfully. thanks again!

oreggin

Anyone else testing ROS7 with RB1100AHx2? If so experiencing this?

oreggin

When I saw "large" I expected thousands of spokes.
We using cleartext L2TP to aggregate IPv4 and IPv6 traffic from random/dynamic addressed Spokes (6000+, some behind NAT) on a single HUB.

oreggin

https://m.youtube.com/watch?v=U6cNovT-Vt8

hmmm, thanks, it works now but I can't figured out, why...

oreggin

How did you solve this? My RR doesn't wanna reflect clients routes to other clients even if I switching that "No Client To Client Reflection" knob.
I use 7.3beta33

oreggin

Thanks for reply.
I always keep routerboot on the same version as routeros even it needs dual reboot. I experiencing this with 7.x versions. Last time it runned 7.2RC5 and I had would like to upgrade it to 7.2 and failed.
All other type of my routerboards upgraded successfully.

oreggin

Hi! I have an RB1100AHx2 ppc based board and I testing ROSv7 with it. I can't upgrade it with normal method because of boot error, I see this on console: loading kernel partition 0... OK setting up elf image... OK jumping to kernel code Could not mount ubifs/yaffs filesystem: No such device [ 3.3081...

oreggin

...and RC7 make it inoperative again

oreggin

RourerOS v7.2RC5 solve this.
Thanks!

oreggin

Try redistribute=rip,connected.

Thanks for the hint. I added rip to redistribute on HUB without success. I upgradded all routers to 7.2rc4, no win

oreggin

Hi! I use RIPv2 for distribute large number of routes in HUB&Spoke setups with RoSv6. It is very scalable, easily fits thousands of Spokes on a HUB. I testing it with RoSv7.2rc3 but I see that RoSv7 HUB doesn't send out received RIPv2 routes from other Spokes. It sends out only its own redistrib...

oreggin

Hi! I using MPLS over PPP (PPPoE,L2TP,SSTP) in ROSv6, and tried it on ROSv7 without success. LDP neigborship build up, but forwarding doesn't working. MPLS forwarding table is empty and label mappings are inactive: [oreggin@rtr1.vtkl20] > mpls/export # dec/28/2021 22:49:22 by RouterOS 7.1.1 # softwa...

oreggin

Hi, I experiencing the same issue with my CHR lab. The first node after the packet source drops the packet. I can't debugging it, so I opened a support ticket.

oreggin

Sure, but then ... is anybody (except me? ;-) ) checking all the change-logs before blindly upgrading software? I mean ... it's ssh client upgrade which breaks things "that worked yesterday" and if one does one thing at a time, it would be pretty obvious, wouldn't it? Except for the part ...

oreggin

Sure, this is not a big problem, but many of us noticed "I can't login into my device which was worked yesterday". And some of us starts thinking "Some bad guy cracked it, or not?". In security, you have never be too careful.

oreggin

I have a similar problem when using L2TP/IPsec to connect from a device running 7.1rc3 to a device running 6.48.3. Everything works just fine for a couple of days, then suddenly the L2TP part stop working completely (IPsec part seems to work, SAs are being created and there are no errors in any log...

oreggin

....Ok, here's the rant: modern ssh clients refuse to work with mikrotik, because its crypto is woefully old.... What ssh client do you use? Why do you call it modern if it can't use old ciphers? It could/should compalin but dropping support in such a tool is a shame. Why not to drop telnet support...

oreggin

I will try to do some debug on AP when traffic stops, maybe somesthing comes out.

oreggin

Now, with OpenSSH v8.8p1 I can't use RSA pubkey auth as in this version it is disabled by default and I need to workaround in .ssh/config with PubkeyAcceptedKeyTypes +ssh-rsa to able to connect. Moreover still only RSA pubkey auth is supported in RC4, which is the first generation key type. The seco...

oreggin

RC4 didn't solve the issue.
I noticed that some of regular WiFi clients hangs too after random time. WiFi connection is seems good but there is no packet forwarding on it. Only disassoc-assoc repair the connection.

oreggin

I experienced loss of partial configuration on my Rb4011 with 7.1RC4 under normal operation, but unfortunately I didn't saved the autosupout. Next time I will save it and send to support, I promise ;-) It happend last week at night when I slept and next day I was can't reach it over IPv4, only on IP...

oreggin

Do you using any special in the config? I using L2TP over native ethernet IF and Vlan IF also and I have stable L2TP connections on my RB4011 (ARM) and RB1100AHx2 (PPC) with 7.1RC4. Here is my config about the L2TP client side: ppp/profile/print where name="default-encryption" Flags: * - d...

oreggin

Moreover my RB1100AHx2 (PPC) crashing with 7.1RCx when I add EoIP interface to any type of bridge.

oreggin

On ROSv6 I was using L2VPN/VPLS over L2TP over IPSec and when I upgraded my RB4011s to ROS7 I experienced the crash too. Then I tried EoIP over L2TP over IPSec instead but it cause the same crash so now I haven't L2 pipe possibility over global internet...

oreggin

Since we now have IPv6 VRF support, I do not see the reason why not.

6PE and 6VPE would be phenomenal, as this is the most missing feature that blocks MTik out from our backbone/aggregation.
I also trying the VPNv4 but I don't find a docu about it in ROSv7, maybe it is not implemented either.

oreggin

Hi,
there is FR for VPNv6/6VPE in the tree, maybe here would be better place for it.

oreggin

+1 for ipv6 fasttrack

oreggin

With RC3 I experience the same issue. After two days and a few hours it stop forwarding. I tried to generate supout on the far end AP2, but it hang at 8% and after that it rebooted itself and I have no supout file, while on AP1 I succesfully can generate supout. So on AP2 something smells fishy.

oreggin

Hi! I have a 4011 and it terminates three L2TPoIPSec. Not with the embedded PSK option but with separate IPSec config (IKEv2 with certificate). I can use it without any problem with RC2 and RC3. The difference is I don't use NAT on it.

oreggin

Hi! I have two wAPac (older ones), one of them is the WiFi GW the other is a repeater like AP. Topology: [wired LAN]==={wire}===[AP1]---(((wifi 5GHz)))---[AP2]---)))---WiFi clients I use AP2 to extend the wired & wireless LAN with WiFi-WDS. There is a static WDS between the two AP. On AP1 the WL...

oreggin

The same happens on my CHR lab: chr-lab.png When I enable LDP instance between two routers, traffic stops, however the label stack seems good for the first look. The config is: [admin@rtr1.CPE] > routing/ospf/export # sep/02/2021 11:42:10 by RouterOS 7.1rc2 # software id = # /routing ospf instance a...

oreggin

AFI in LDP configuration allows to specify on which address-family control plane will be working.

Thanks mrz! What if I don't specify the AFI and the backbone is dual stacked with IGP?

oreggin

Hi! What is the AFI conception of the MPLS LDP configuration? It is for LDPv6 or for 6PE?

oreggin

I seemlessly upgraded my home devices to ROSv7.1RC2 with the regular method.

oreggin

So, if I understand correctly, ZT is building a huge L2 domain inside the "Network"? There is a P2P L2 solution? We hate L2 in ISP backbone as it is very dangerous and caused a lot of issues. This huge L2 domain works only in a perfect world where we isn't living. How can we defend against...

oreggin

First of all I can't find ZT package in allpkg zip file: $ unzip -l all_packages-arm-7.1rc2.zip Archive: all_packages-arm-7.1rc2.zip Length Date Time Name --------- ---------- ----- ---- 14053521 2021-08-31 11:30 wifiwave2-7.1rc2-arm.npk 20625 2021-08-31 11:30 calea-7.1rc2-arm.npk 24721 2021-08-31 1...

oreggin

Yeah, ZT build up tunnels between Spokes, IF Spokes can talk to each other, but 1: this not alway possible, 2: we don't really need horizontal traffic engineering because of a lot of reason. However if we need horizontal traffic (L2VPN for example) then it goes through regional aggregation, and neve...

oreggin

WireGuard is not for HUB&Spoke. Its seems it is only P2P, and if Spokes has random global addresses, you might add billions of peers on the HUB. WireGuard is for whom has two dedicated fix global IP addresses on the two end, and Layer3 tunneling is enough. Then you gets an encrypted and fast IP ...

oreggin

The second problem with MD5 in OSPFv3, other vendors implementing SHA1 auth.

oreggin

Hi! I working in ISP sector and we operating with low-mid budget so we can't buy high-end SD-WAN solutions yet for 10X-20X the price. So we need to find the optimal solution at all times for the following: using various underlaying network, PPPoE, DOCSIS, metro ethernet, DF etc. with optional IPSec ...

oreggin

I hacked my RB433AH 10-15 years ago with openwrt and other more perverted methods to gets proper WiFi at my home but I don't have such time anymore

If I would like to buy cheap devices for hacking then I would searching on other vendors palette which are popular for hackers.

oreggin

Hi folks, I have a CHR lab (OSPF,BGP,LxVPN) with ROS6 and another one with ROS7 copied from ROS6. I tested ROS7 for a long time on the CHR lab but OSPF, BGP and MPLS does not working as expected. Then I saw 7.1RC1 is out and RB4011s get HW offloading with vlan filtering, so I trapped, I feeled to mu...

oreggin

Because of OSPFv3 I prefer set interface and not networks. I unsetted networks field but it does not help. However OSPFv2 works as before.
If I disable all of interface-template CPU hog still occurs.

oreggin

Yeah, I see now. All of beta6 issues must be reported under that thread?
BTW removing networks="" from interface-template does not fix for me as there was no networks before upgrade. I tried to disable all interface-templates but no success.

oreggin

Hi! I decided to upgrade my RoSv7 testbed (OSPFv2, v3, BGP, MPLS) from 7.0beta5 to 7.0beta6, but I stopped at the first CHR instance. When I enable OSPFv3 backbone area, routing eats up CPU and I can't reach the CHR over network. I can only reach it with VNC. OSPF config before upgrade: /routing osp...

oreggin

Hi, In one of our project we need to concentrate at least 1000 customer branch office with L2VPN. Branches has various conection types (L3 routed with/without NAT, PPPoE) so we need UDP based solution as GRE not goes through all NAT devices. We trying MikroTik L2TP/PPP as it can handle MLPPP (for Ju...

oreggin

This would be a good feature, we need this too for several reason. PXE environment, appliances, stc.

oreggin

Thanks, this is a common problem in ISP networks if there is a nonESPcapable FW in the path then IPSec is dead. I suggested to customers using IPSec peers behind NAT and now it is works fine. Would be nice an RFC standard for IPSec then we could configure it to use UDP on public networks too.

oreggin

/ip ipsec profile
set [ find default=yes ] dh-group=ecp521 dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=aes-256 hash-algorithm=sha256 lifetime=1h name=default \
    nat-traversal=yes proposal-check=obey

triple checked, same on both side

oreggin

Hi, Is there a way to make ESP encapsulation work over UDP and not using ip protocol 50 (ESP)? My setup is public addressed HUB and Spokes with enabled nat traversal and I would like if MTik routers sending ESP packet over UDP and not in ESP packets because of transport network has FW between them a...

oreggin

Hello! Does anyone know if Mikrotik GPON ONU SFP can be used with this device?

Same question here. Plus I see it is discontinued. There will be a replacement device? Some store has discontinued modules but if it is not supported in 4011 then I don't want to loose 90$.

oreggin

Does it start to work if you change interface type from point-to-point to broadcast?

Yes, thanks mrz for workaround.

oreggin

Hi! I have a ROS v7.1ß1 test setup with CHR on qemus and I have the same issue with OSPFv2. All of my ipv4 ospf routes duplicated and inactive: [admin@rtr1.CPE] > routing/ospf/interface-state/print Flags: D - dynamic; V - virtual-interface 0 D address=fe80::d012:2bff:fe83:2e99%Loopback0 area=backbon...

oreggin

it seems this is related here: viewtopic.php?f=1&t=153238

oreggin

I did some debug. On APs, 5GHz radios works fine and only 2.4GHz radios has this issue. Client trying to connect but can't go through handshake, never goes to authenticated state, remained in registered state for some seconds, but disconnect after that. However one of my lucky client did a successfu...

oreggin

I did some debug. On APs, 5GHz radios works fine and only 2.4GHz radios has this issue. Client trying to connect but can't go through handshake, never goes to authenticated state, remained in registered state for some seconds, but disconnect after that. However one of my lucky client did a successfu...

oreggin

Did you tried install 7beta4 with netinstall? If so, it works?

oreggin

Hi! I trying to get work ipv6 dhcp-client on Vlan interface on a vlan aware bridge under ros v6.46 on my RB1100AHx2. config: /interface bridge add name=LAN protocol-mode=mstp region-name=LAN region-revision=1 vlan-filtering=yes /interface bridge msti add bridge=LAN identifier=1 vlan-mapping=1-4094 /...

oreggin

Since at the moment v6 and v7 uses identical driver and software for wireless, your observation is most likely a coincidence. The performance should be the same, signals also. Yes it should. I'm total puzzled about this issue. Same device, same place, only the software version changed. An IoT devic...

oreggin

I have two type of dual band AP, and it ssems 2.4GHz radio is affected some strange thing. I see lower signal level both on clients and on AP with 7.0beta3.

oreggin

I write this here too, it seems in ros v7.0beta3 the 2.4GHz radios drops off some dBm of its tramsit signal level and client can't connect to it while 5GHz radio is working fine.

oreggin

I tried v7beta3 on RB433AH, and wAPac, and on both AP the 2.4GHz radio was useless. Clients can't connect to them because received signals (on client side) much lower with v7beta3.
Both AP works fine with ROS v6...

oreggin

Meanwhile I tested a script for update ipsec policy behind NAT: :global uplinkif "ether1" :global poladdr [ /ip ipsec policy get [ find peer=HUB ] src-address ] :global polip [:pick $poladdr 0 [:find $poladdr "/"]] :global intaddr [ /ip address get [ find interface=$uplinkif and ...

oreggin

Same here, KVM with host CPU which has AES-NI flag.
Is there any solution?

oreggin

I configured IPSec on one of my RoS devs, and that said don't configure base mode because it will removed in RoSv7 so something is cooking in the owen and i hope it wont burned up

oreggin

Off topic, what is your native language if I may ask?

Sure, my native lang is hungarian. I hope my english is not too wrong and you understand what I'd like to say. BTW we using worse, strange, mixed language in business that you shouldn't see/hear

oreggin

Meanwhile I switched the cabelmodem to bridge mode for testing so now the spoke has public IP, but I will switch it back as cabelmodem in this mode has a reduced feature set. Another thing I tried is a static policy on spoke with UDP:1701:1701 and tunnel mode, under identity "generate-policy=no...

oreggin

Cisco have their own protocol for that (DMVPN).

Yes, high-end vendors has mGRE+NHRP based DMVPN which is good but not scalable above some thousands of tunnels and it is off topic over here.

oreggin

Now it comes into my mind I tried this HUB setup with cisco CPE and when it is connects to HUB it somehow generating tunnel mode policy but I can't figured out how did it do that

oreggin

We have only one spoke behind every branch's ISP modem which are the NAT GWs, but spokes behind NAT with this configuration does not work. There is no need any trick to supports more spoke behind the same NAT GW. We need a trick to build tunnel mode (instead of transport mode) dynamic tunnels to wor...

oreggin

Here are my anonymised configs and print outputs: [oreggin@HUB] > ip ipsec export verbose # may/20/2019 17:52:51 by RouterOS 6.44.3 # software id = XXXX-XXXX # # model = XXX # serial number = XXXXXXXXXXXX /ip ipsec mode-config set [ find default=yes ] name=request-only responder=no /ip ipsec policy ...

oreggin

Thanks for deep explanations, good to learn something new every day. BTW your conclusion is not exactly right as our L2TP tunnels are encrypted, I checked it. Dynamic policies generated on HUB and spokes and SA counters increasing with the amount of trasmitted bytes. I don't say that I 100% understa...

oreggin

I didn't mentioned IPSec is the outer and L2TP is inside of it. In the reverse situation the result performance is terrible. Now I have dynamic policies on both end and it works if peers are not behind NAT. I'm not an IPSec expert, so do you say I need set static policy on spokes? On spokes because ...

oreggin

Under "/interface l2tp-client" I set "use-ipsec=no" as if I'm right it supports only PSK based auth. I configured dynamic policies under "/ip ipsec": /ip ipsec peer set 0 exchange-mode=ike2 /ip ipsec identity set 0 auth-method=rsa-signature generate-policy=port-override...

oreggin

How can I request tunnel mode, if both side has dynamic policies? I can't find this option in RoS

I using BGP inside L2TP to distribute (IPv4+IPv6) routes between hubs and spoke, so i think i can't drop L2TP, or can I? How?
Oh, and I missed the MPLS part inside the L2TP.

oreggin

Hi! I build a hub and spokes IKEv2/rsa signature auth with L2TP over IPSec setup with Tik deivces. There is one central HUB with static public address, and there are some spokes, one of them have a dynamic public address, and the other is behind NAT where NAT public address is dynamic as well. Publi...

oreggin

MikroTik's plan is to release RouterOS v7

"Probably this year" ™

Are you sure?!

oreggin

Nah, please public a roadmap with public informations in a correct way. Under correct I mean correct for MTik and correct for customers too.
If I working on something my boss insist plans

Please tell us MTik plans about RouterOS development.

oreggin

All I can say is that development of v7 has picked up in the last few months, more than ever. While I can't promise anything stable, it is pretty safe to say, that some kind of public test release (like beta for specific platforms) could be expected this year. The chances of that happening are now ...

oreggin

What is the timeline? if there is no cut-off date then it's just proof of concept for developers. Alpha is exactly that - proof of concept (in a lot of ways) They continue to work on 6.x, but 7 being a new kernel and everything means they have to make sure all existing functionality from 6.x is imp...

oreggin

And hopefully some new ARM64-based hardware as CCR replacement. Indeed. The CCR-line is a key product for many customers. It would be very welcomed with an refreshed version with similar number/type of interfaces. There is no need to replace the hardware if MT upgrade to the latest Linux kernel whi...

oreggin

I think, the first and most important step is to finish kernel transplantation at least RC state and this should has more and more priority over RoS v6.x train. After this can slowly dropping v6 and fix v7 bugs and implement the new features as a transition. I hope MT switch to the most recent LTS k...

oreggin

Too big silence...Santa brings some wanted surprise?

oreggin

V7 beta seems to be already in development. You can see mrz's post:

http://forum.mikrotik.com/viewtopic.php?t=130551

Seems to be v7beta running on Virtualbox.

Then mrz has a unicorn

When exactly we have one too? A bugpile is better than nothing...

oreggin

Thanks to all! So, the solution is disabling vlan-filtering on the CAP's bridge and then voilà! CAP drops selected SSID to its vlan what I set in CAPsMAN, so now CAPsMAN controlling the CAPs Vlan selection based on SSID. If I enabling vlan-filtering, this method is not works! As this is not a proble...

oreggin

Yes, this can be done in datapath. I jumped on the "do it manually per interface" train b/c you said that vlans differ from site to site for the same ssid... And this can only be done by hand ;-) I can configure as many datapath/configuration as I need and then assign it to provision and ...

oreggin

Thanks, but the topic started at somewhere "can capsman assign vlan to SSID on CAP instead of configuring it on every CAP by hand?" At the moment I assign vlans on CAP to SSID by hand.

Kind regards,
oreggin

oreggin

For using local forwarding, your CAP devices must have a bridge configured with ethernet and wlan interfaces in them. Then you set in cap settings bridge=<yourbridge> -Chris I did it: [oreggin@ap11] > interface bridge print Flags: X - disabled, R - running 0 R name="LAN" mtu=auto actual-m...

oreggin

You can edit this in the corresponding CAP interface under datapath. select vlan-mode = tag and then set the corresponding vlan id. A bit cumbersome, but it works. -Chris I tried it but it didn't work for me in local-forwarding mode. How to configure the CAP in this case? Now it has a bridge in MST...

oreggin

Hi! I found some topic under this issue but there is no clear to me if it would be possible to capsman assign vlan to ssid in local-forwarding mode where vlans specified on CAP device and not on capsman. I have a capsman device and caps devices in hub&spoke topology. CAPs are on some sites, and ...

oreggin

Dear Samot, Thanks for your answer but I think you totally misunderstand me. I didn't wrote that there would need another page. Instead it would be clearer if it is more sectioned and not mixing switching/bridging/L3Interface configs around pre-v6.41 and post-v6.41. In the past I used pre-v6.41 with...

oreggin

Hi CZFan! Thanks for pointing on that page. I read many times that wiki but all the times many inline "pre-v6.41", and "post-v6.41" are totally confused me, but I think I harvested the essence and now it works. As it depends on architecture, on RB1100AHx2 between ether1-5 and eth...

oreggin

Hi! I have an RB1100AHX2 and I would like to use it as desktop switch with hw-offload to save CPU. It works fine with vlan filtering but it disables hw-offload on all bridge port. If I disable vlan filtering (RSTP or none) then hw-offloading automatically enabled on all ports but forwarding not work...

oreggin

Hehe, I written many times "netinstall doesn't work without 'Clients for Microsoft Networks' option" and comes answares: "disable your firewall" LOL

oreggin

What about this? I can't use SLAAC however I disabled IPv6 forwarding. I tried on RoS ver 6.37.3 So my box is only router(board) in its name but not in its functionality as ipv6 forwarding disabled so it is a host device. So please make it possible to can get IPv6 address with SLAAC. This would be g...

oreggin

I found this topic and I would like to correct me. L2TP client MTU/MRU is 1460 if uplink MTU is 1500byte. This because L2TP uses UDP encapsulation (UDP port 1701). IPv4 + UDP header = 20+20 = 40 byte. 1500-40=1460. With these options I can reach almost the maximum speed of the router capability @ 10...

oreggin

Hi! I hope I write this to the right place. If not please excuse me. UPC Wi-Free service is getting more widespreading so it would be nice if we can use our routerboards running RoS on it as a wireless client to connect to UPC Wi-Free and share it among our PCs and Laptops. It is works with EAP-PEAP...

oreggin

Hi!

I faced the same problem. I can't use my RB433AH to connect UPC Wi-Free as a station, to share it for my PC and Laptop. UPC Wi-Free is getting more widespread, so it will be appreciated to implement PEAP-MSCHAPv2 in RoS.

Cheers,
oreggin

oreggin

Hi folks, I have a RB1100AHx2 and it has two fans, main + aux. At the same time only one FAN operating and I can choose between them. It has a really annoying noise :-) Can I chose an option to spin up both fans at half RPM but the same airflow and when one of them fault then the other doubling the ...

oreggin

http://www.taifatech.com/files/TF470_Product_Brief_02.pdf http://www.taifatech.com/files/TF480-Product-Brief-04-08.pdf Something like these? It is enough for 100M uplink. But if we need 1G or 10GE wire-speed NAT then we need something like this + TCAM + design + garnish: http://www.marvell.com/netw...

oreggin

If i'm right, CRS is a Layer2 ASIC with CPU Layer3 support. So it can't NAT or routing in ASIC but in CPU?
Do you plan make real Layer3 switches? I mean what can does simple routing or NAT functions with TCAM or similar.

oreggin

+1 for feature request

oreggin

Did you all mentioned it to MT support?

oreggin

Reboot can resolve it temporarily but after a random time the router lost again their routes to own connected neigbours. It can only reach itself. Really very strange thing. It would be appreciated if someone from MT could tells something if they knows this issue and working on it or not.

oreggin

Same problem here. I wrote it to support for months ago, I asked they multiple times if this is a known bug or not but no answare comes back.

oreggin

Same problem here. I have a 120/10 connection, and I can only using 12-13Mbps over it with NAT on L2TP /wo compression and encryption on my RB450G: [oreggin@RB450G] > /interface monitor ether1 name: ether1 rx-packets-per-second: 2 020 rx-drops-per-second: 0 rx-errors-per-second: 0 rx-bits-per-second...

oreggin

I think this happens because the Pool gets created and then the time gets set using ntp

I have reported this as a bug
Nick.

Me too

Thanks.

oreggin

oreggin

Hi, I testing an RB450G with RoS 5.18 on DSL and IPv6. While I configured dhcpv6 client on the router and it works but as soon as I reboot the router or turn on then dhcpv6 client doesn't make ipv6 pool: [admin@rtr.test] > /interface ethernet print Flags: X - disabled, R - running, S - slave # NAME ...

oreggin

This is a duplicated topic:
http://forum.mikrotik.com/viewtopic.php?f=2&t=63255

@mrz: do you have any information when will be supported RFC3021 in Linux/RoS on ethernet?

oreggin

Thus the smallest functional subnetting on an interface would be /30. And nothing is broken, just working as expected.

/31 doesn't brake too. Please see RFC3021.

oreggin

Ok, but what if I need to work with non-MT/RoS devices like cisco?

oreggin

You can do /31 on Mikrotik.

Set interface to 10.99.99.1/32 and set broadcast to the remote end e.g. 10.99.99.2 do the opposite on the remote end.

It is not clear to me. Can you please give us a config example?

Thanks,
oreggin

oreggin

Same thing here, but I don't forcing this because I can live with /30s and IPv6 is coming and knocking on the window

oreggin

Hi, I testing an RB450G /w RoS 5.18. I configured a bridge interface as a loopback and it seems to if i configure IPv6 address on bridge then that address can't be reachable: [admin@MikroTik] > /interface bridge print Flags: X - disabled, R - running 0 R name="loopback0" mtu=1500 l2mtu=655...

oreggin

Hi, I testing an RB450G interoperability on our cisco based network and i see exactly six times "Invalid MD5 digest" messages on our cisco router log after every RB450G (re)boot and after it successfully authenticated the BGP session: LC/0/0/CPU0:Jun 30 10:18:30.139 MET_DST: ifmgr[186]: %P...

oreggin

Moreover GRE tunnel interface doesn't have IPv6 link-local address and I can't set up link-local address on GRE tunnel interface so I can't use DHCPv6 on it.

oreggin

When will be approx. supported multipont GRE and/or NHRP in RoS? Where are these features on the roadmap?

oreggin

I can't generate supout.rif

I was tried over SSH and serial console...

oreggin

oreggin and nz_monkey, please contact support with support output file from the router.

Ok, I will send e-mail to support soon.

oreggin

I can't generate supout.rif but I will try again today...

oreggin

I started the sup-output process for 2 hours. I hope it will finish till I should go to work...

It's still running...

oreggin

I started the sup-output process for 2 hours. I hope it will finish till I should go to work...

oreggin

Hi, I have two routerboard. RB433AH and RG450G. Both hangs when I issue the /export or /interface export command: [admin@RB433AH] > /interface export # jan/02/1970 07:36:19 by RouterOS 5.1 # software id = XXXX-XXXX # /interface ethernet set 0 arp=enabled auto-negotiation=yes disabled=no full-duplex=...

oreggin

Any idea?

oreggin

Visit the OpenWRT site and check what boards are supported...

oreggin

Did you see what happens in console?

oreggin

It's only file you can upload to the router via serial port - *.fwf but can't use it for reinstall ROS

Ok, so it was uploaded through the serial line, not TFTP.

eth1's LEDs doesn't emit any light?

oreggin

I can't because eth1 is broken and it's impossible do netinstall over other 2 ethernet ports...

Then how did you change the firmware?

oreggin

Did you try format flash and reinstall ROS with netinstall from windows?

oreggin

Sure. Put a queue tree rule as follows: /queue tree add name="ether2" parent=ether2 limit-at=2000000 priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s Shouldn't it actually be "max-limit"? limit-at should be empty in this case This queue is doesn't any effect ...

oreggin

I have a RB433AH with an 11n wireless miniPCI card and use 5.0rc1 ROS. If I enable any queue on wlan1 (which isn't member port of bridge1), on the ether2 and ether3 port (which are member ports of bridge1) DNS resolving is slow (~5000msec). If I disable the queue DNS resolving is fast again ~50-100m...

oreggin

Sorry, I forgot: It was tested on ROS v5beta6

oreggin

This isn't working on wlan1 interface for example, but works on bridge1.

oreggin

I'd also like to have :tohex, it was just if you really needed some solution (even if not elegant) right now without waiting.

I had already integrated into my script, works fine

oreggin

You can find some inspiration in http://forum.mikrotik.com/viewtopic.php ... 18#p208818
Ehh, nice work but while this script part is 25 lines long then this should be 1 line ":tohex" for example...

Nahh, ok then 5 lines with kindness

oreggin

You can find some inspiration in http://forum.mikrotik.com/viewtopic.php ... 18#p208818

Ehh, nice work but while this script part is 25 lines long then this should be 1 line ":tohex" for example...
I hope your work will provide inspiration to ROS developer too

oreggin

http://wiki.mikrotik.com/wiki/Manual:IPv6_Overview#6to4_.286in4.29_tunnels Link above describe howto set up an 6to4 relay on ROS but one thing is missing: Now you need to add a IPv6 address to the tunnel interface. The address should be in form "2002 + <IPv4 address in hex> + <custom id>"...

oreggin

Any comment from Mikrotik team?

Converting from decimal to hexadecimal format completely missing from scripting toolset?

oreggin

Hy, As my ISP doesn't support native IPv6 so I use 6to4 relay. To this I need to configure the following in the router where "1.2.3.4" is my current WAN IP: /interface 6to4 add disabled=no local-address=1.2.3.4 mtu=1472 name=6to4 remote-address=192.88.99.1 /ipv6 address add address=2002:01...

oreggin

THX, I will try.

oreggin

works for me on win7 on multiple computers. Check your settings.

Scott

Which version of Win7 do U using? I'll be check settings...

oreggin

Netinstall also doesn't work on Windows 7 with default windows install config.
It produce the same thing like on WinXP without "Clients for Microsoft Networks" module :/

oreggin

PoweRouters do not have 10G ports, and they don't have the power to actually pump 10Gbit.. Maybe the 8-core version of the 2000 series PoweRouter does, but they do not actually provide any performance figures for that - and they don't offer 10G cards. Does anyone know which 10GbE Chipsets actually ...

oreggin

PoweRouters do not have 10G ports, and they don't have the power to actually pump 10Gbit.. Maybe the 8-core version of the 2000 series PoweRouter does, but they do not actually provide any performance figures for that - and they don't offer 10G cards. Does anyone know which 10GbE Chipsets actually ...

oreggin

Hi,

I have an RB450G and I would like to shape on LAN interfaces without MAC or IP address.
For example shape the whole traffic of ether3 interface to 2Mbps/4Mbps up/down.
It is possible? It could work?

Thx,
oreggin

oreggin

I figured out what was the problemwhen I failed with Netinstall.
If I remove "Client for Microsoft Networks" from network settings then the Netinstall won't work.
Normis, U can test it it is possible!

oreggin

I can't believe. On virgin WinXP installation Netinstall works at first time. Netinstall doesn't like me

Normis or anybody do you know any (experimental) settings on Windows that congest netinstall procedure?

oreggin

I tried the netinstall version 4.2 but the result is the same as in my previous post (at Tue Oct 20, 2009 2:22 pm) It's not possible, we tested and it works on our side. Try to run Netinstall from another PC and make sure no antivirus or firewall is running on that PC I was tested on two different ...

oreggin

bump

oreggin

I tried the netinstall version 4.2 but the result is the same as in my previous post (at Tue Oct 20, 2009 2:22 pm)

oreggin

When will be release the new versions of netinstall in that maybe fixed the "Sending offer..." issue?

oreggin

So I try Netinstall 4.0 as normis wrote. Attached screenshots, and the descriptions: booting.jpg: The router is booting the netinstalls kernel booted.jpg: The router has been booted the kernel and waiting for installation server netinstall1.jpg: Netinstall detect the router properly, package selecte...

oreggin

invalid upgrade file id

Because you select the firmware upgrade option in RouterBOOT menu.

Select boot from ethernet after you start the netinstall, and NOT the firmware upgrade.

Reboot the router and it will boot up, and waiting for installation server...

oreggin

we fixed the Netinstall upgrading issue where it's stuck at "Sending offer". It will be in next Netinstall version, right now you have to use Netinstall 4.0 http://www.mikrotik.com/download/netinstall-4.0.zip Sorry, maybe I'm too lamer but Netinstall never works for me. Not just the 4.x v...

oreggin

Ok, janisk was locked my topic:

viewtopic.php?f=3&t=35813

and linked this one but I don't understand why.
I was opened that topic at wrong place? I'm newby here, so sorry for offtopic

I searched about Netinstall but didn't found topics/posts about my issue.

oreggin

Netinstall v3.30 indicate "Sending offer..." for only 1 second after I press the "install" button and busy for 10 seconds but the result is the same = nothing...

oreggin

RouterBOOT booter 2.23

Where did you get this version of firmware?

oreggin

And why don't You use MetaRouter?

http://wiki.mikrotik.com/wiki/Metaroute ... nWRT_image

He sed:

"2- The second thing we tried was to use Ros 4 virtualization and boot OpenWRT. The problem is that apparently the guest can´t see the SD as storage."

oreggin

I was format the NAND flash and I can't restore the RouterOS on my RB450G with Netinstall. When I start the Netinstall it can boot the router and the router is wait for the installation server, Netinstall is found them and then I select it by MAC address and select package folder and package, and cl...

oreggin

And why don't You use MetaRouter?

http://wiki.mikrotik.com/wiki/Metaroute ... nWRT_image

Me?

oreggin

Hello, I was format the NAND flash and I can't restore the RouterOS on my RB450G with Netinstall. When I start the Netinstall, it can boot the router, and the router is wait for the installation server, but nothing else. I select the proper package and sometimes I select the previously saved license...

Search found 171 matches