MikroTik

inteq

Had the same issue. You will need to open a ticket with Mikrotik. Some people around here are adamant the CHR licencing needs no overhaul, but it craps itself from time to time. For example in my case: SUP-54631 Hello! No, there was an issue on our side. It is fixed. Sorry for the inconvenience caus...

inteq

Seems I am starting to forget things, or if you don't use them for too long, you forget them either way. For future reference. No clue if the extra mibs are being used. Synology CPU temperature: CPU-T: [oid("1.3.6.1.4.1.6574.1.2.0")]C Synology HDD temperature: HDD1-T [oid("1.3.6.1.4.1...

inteq

"Perhaps the Synology MIB doesn't have any thing Dude considers a "table"?" Might be. As stated above a bit, I have another Dude that I have upgraded from ROS 6.3somethhing all the way to 7.7, without any extra mibs, that can read more from Synology, disk like temperatures, fans,...

inteq

In my case, the module shows just fine. Does not seem to be a path problem. But is is grayed out and not loaded when doing a snmp-walk, as seen in the image below. syno-mib.png Tried all snmp versions 1,2,3. I can see basic snmp info, mostly regarding network interfaces, but nothing contained in tha...

inteq

One question.. i upload de MIB file and can view on Dude the entire mib node of the module, all parameters explained.. all ok. But, when i make a snmp-walk over the device that uses this MIB, the values of this module are not visible: i can see IF,SNMP,RFC module values..but not the specific module...

inteq

I am not asking for support. Znevnva, please got back to twitter/9gag or wherever you lurk during your spare time. I am asking for a warning somewhere in the logs, Winbox top bar or as a popup message. As Normis stated You can use CHR without a license, there are no limits. Trial mode (not licensed)...

inteq

Unfortunately, I do not have the VM backup anymore, but found a very quick way to reproduce the problem. Shutdown and unregister the VM. Copy it to a new datastore and import it. For some reason, once the VM is copied to another datastore, the interface names change inside RouterOS to ether3 and eth...

inteq

@Normis, you keep stating it cannot happen, yet it did in my case. I tried looking for a way to manually remove the licence from within Winbox and could not find one. Will try later this evening to see what could have caused this, ESXI side. Maybe I switched the nics around, automatic MAC that got c...

inteq

This post is the rambling of a pissed off user in regards to CHR license and ~16 lost hours. Have a Supermicro server that was in dire need of a good cleaning and ESXI reinstall. This server has a CHR for routing (no NAT) and some VMs inside ESXI. Nothing fancy. So I decided I would do this during w...

inteq

I use X722 on ESXI 8 with VMXNET3 and get 10 Gbps with minimal CPU usage.
vswitch is out of the question or why you need SR-IOV?

inteq

Spoke too soon. In SwOS, it seems the fan curve is totally diferent from RouterOS for the same device. As soon as the CPU hits 50 Celsius, the fans ramp up to 6.5K rpm, becoming way too loud. swos.png As soon as the temperature gets to around 48 Celsius, the fans will slow down to about 4K rpm. So s...

inteq

Useful feature to have.
Would not hold my breath tho.

inteq

m8, remove the "top secret" parts from the export if you want help.
Like calling your doctor and saying "it hurts" while not telling where.

inteq

Gave up on some RouterOS features and switched to SwOS. Fans now remain on even @ 40 Celsius doing 3800-4000 rpm. Barely audible. Lost phy-temp and CPU load information via SNMP, as SwOS does not provide those. Seems the device has the capability to always run the fans, but for some reason, the one ...

inteq

Just opened my CRS213 to to try to do something about that pin and...I got fooled by the zoomed in image from above. The actual chip and pins are way smaller. Way too small for my skills, soldering iron and no magnifying glass. Guess I am at the mercy of MT support to fix this crappy zero rpm someti...

inteq

@jimmer Just to be sure, check for a firmware update on that Intel nic.
There were some firmware updates fixing exactly this port flapping.
In my case, with the X722 Intel 10 Gbps nics on Supermicro servers.
Since updating, no more flapping.

inteq

Can't the middle pin be desoldered and raised a bit instead of cutting ?

inteq

@hyppen Thank you for taking your time to look into this. I am also looking for a way to disable this stupid zero rpm behavior, especially when https://mikrotik.com/product/crs312_4c_8xg_rm states MTBF Approximately 200'000 hours at 25C . (no clue if that refers to ambient or CPU actual temperature)...

inteq

Try to set the 5 Ghz interface like so:

5.png

inteq

Using some MikroTik S+AO0005 and MikroTik XS+DA0003 for some time now without any problems.
DId I miss something and there are problems with Mikrotik ones?

inteq

Found several other 1009s doing this. Mikrotik support sent me an alpha version that might fix this. Try routeros-7.7alpha255-tile-2.npk from https://box.mikrotik.com/f/61b327d9fb854902bd58/?dl=1 Or ask support. Installing now and will see how it goes. later edit: 6 days now and no more reboots. No ...

inteq

This is what I am using [...]
I don't think it refers to the routerboard, but to the external TG-BT5-OUT...

Indeed, I admit I never bothered to look for what exactly the model is.
As it seems it is not a RouterOS device, forget what I said

inteq

This is what I am using on ROS 7. Will not work on 6. 1st, get the sensor name with /system health print 2nd. edit the script and change the desired values :local DesiredTemp 70 :local MonitoredSensor "phy-temperature" :local NotifyTo ToEmail@domain.com" :local NotifyFrom "Router...

inteq

Had a CCR1009 doing the same. Weird thing is that is was doing the same even after I took it out of the rack and place it on my desk without internet. A netinstall and the same config back and so far no reboots (not back in production tho). Mikrotik support stated they saw a problem from supout and ...

inteq

No clue. This is the only CCR1009 I can test with.
Anybody else with one can test on local with random?
Maybe my unit is in a coma.

later edit:
found another 1009. Same story

3.png

inteq

Have a ressurected CCR1009 on the desk and was wondering the same thing. Purely computational wise, RB1100AHx4 is light years ahead of CCR1009 Bandwidth test on 127.0.0.1 for both I think shows that CCR1009 CCR1009.png RB1100AHx4 1100AHx4.png Also note that the CCR1009 was blank, without any firewal...

inteq

Thank you mkx. Will try iperf3.

inteq

Hello, Can one detect if the ISP is limiting pps between two locations? Might be totally wrong, but in Winbox, under IP/Firewall/Connections, if selecting Orig./Repl. Packets and filtering the connection in question, the amout of orig. packets should match the reply packets closely, correct? (might ...

inteq

A small but powerfull 2 SPF+ only would be a dream for many locations.
I have only one location without a proper switch.
Rest, only ether1 and ether 2 in use, no matter how big the router is. Waste of ports to be frank.

inteq

Don't bother with 7.4.1 and even 7.5. You can't upgrade from The Dude.

inteq

7.4.1 same story
And I have a lot of devices to update...

inteq

Wild guess because I just woke up. Maybe because your machine has a static IP in 192.168.1.0 that is default on Asus and Mikrotik's default is 192.168.88.0 ? Change pool and DHCP server details to 182.168.1.0 or 192.168.0.0 network on Mikrotik. Could be that the machine has a firewall allowing only ...

inteq

RouterOS 7.4 and the exact same behavior.
Pretty please with sugar on top allow us to disable zero rpm.
Fans @ ~4k rpm are barely audible and are doing an excellent job in keeping the switch cool.

inteq

See viewtopic.php?p=945739#p945739
Add a zero

inteq

CPU-Load: [oid("1.3.6.1.2.1.25.3.3.1.2.1")]%

Screenshot 2022-07-21 130247.png

inteq

Using The Dude, add a new probe like:

1.png

With OID:

iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifSpeed.1

Some routers will have a different OID. For example, HAP AC2 uses

 iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable.ifEntry.ifSpeed.3

for port 1
Add the probe to the device

inteq

Hello, I have a location built like a doomsday bunker, with lots of reinforced concrete. Most rooms are like this: ceiling.png Yeah, I skipped art classes if you cannot tell from the masterpiece above. Now, the owner would like the AP placement in the blue spot (out of sight). The problem is that be...

inteq

Mikrotik does NOT (edited) really have proper roaming I am afraid.
Try using capsman on the router and setup the two APs as caps.
Make sure you are not using Access Lists for WiFi with reject based on signal. That will cause disconnects as you describe.

inteq

You have 3 routers in your local network?
Or one router and two APs (or configured as AP)?

inteq

Playing the bad cop here: if you need to ask how to remove your mail server from a blacklist, I strongly advise you should think about getting a service from the big guys in the business.

inteq

That's what DoH (and others similar) was created for, so you don't spy/track/hijack your clients DNS requests.

While at the same time most DoH "supporters" use cloudflare, google and Co servers. The mothers of all spies.
DoH is a stupid idea.

inteq

try checking your PC 10g nic windows advanced settings

Thank you.

intmod.jpg

This little piggy was to blame. Was disabled. Enabled it and problem is gone.

inteq

Hello, I have a CRS312-4C+8XG https://mikrotik.com/product/crs312_4c_8xg_rm Using RouterOS version 6.49.6. No queues or firewall rules. Plain switching. PC connected via cooper 10 Gbps to it. ( 5 meters ) NAS connected via cooper 10 Gbps to it ( 1 meter ) Problem When connecting a 1 Gbps client to t...

inteq

Never understood tech channels on youtube with English title, English description and alien language.

inteq

The DNS Lookup Interval default value is 60 minutes
and you can change that on device property, not on general settings.

Thank you rextended.
An extra pair of eyes always helps.

inteq

Hello, As to not reopen a topic from 2008 https://forum.mikrotik.com/viewtopic.php?p=105231 , I am opening a new one. I am monitoring quite a lot of devices with dynamic IPs, thus the need for DDNS. The problem: The Dude is very slow to detect IP changes. Cannot say for sure, but it seems it can tak...

inteq

Got another RB4011 and the difference is night and day. The antennae are pretty tight.
Got my answer.

inteq

No clue where you got lost. This setup works just fine for hundreds of clients.
If you need a small diagram, reply and will do one.

inteq

Hello, Need confirmation from someone with a MikroTik RB4011iGS+5HacQ2HnD-IN if the antennae on their router are a bit loose or not. Have a client I suspect dropped their MikroTik RB4011iGS+5HacQ2HnD-IN and now some of the antennae are very loose. So loose that it barely stays upright on its own. Bu...

inteq

You are missing/messing something in your config. Since the same config works for the OP in 6.48.6 but doesn't in 6.49.2 and 7.1.1, I'd assume some encryption algo or alike to behave different between the versions, depending on CPU architecture. So I'd suggest to compare the /ip ipsec profile and /...

inteq

Tested from a RB1100AHx4 to a CHR on a ESXI 7 VM. Both on RoS 6.49.2
All good. Both ways.
You are missing/messing something in your config.

inteq

@inteq
Thank you for sharing I liked the Client "Draytek" it's very useful.
Did you test all the protocols working with MT?

Just L2TP with IPSEC

inteq

MS has released a out-of-band fix for this VPN issue. Windows 10: https://support.microsoft.com/en-gb/topic/january-17-2022-kb5010793-os-builds-19042-1469-19043-1469-and-19044-1469-out-of-band-f2d4f178-5b36-49cb-a6fd-4bf9857574f9 Windows update catalog (Win 10): https://www.catalog.update.microsoft...

inteq

Windows 10: wusa /uninstall /kb:5009543 yeah this works, and you will have reenter the L2TP username/password in windows, the IPsec PSK remained. Just use https://www.draytek.com/products/smart-vpn-client/ Works just fine with Mikrotik. You can export your profiles and import them back when needed....

inteq

Thank you Jotne

inteq

There is an 1.3 in this thread as well. Test it out. (Do not remember what was changed from 1.2 to 1.3)

Tested the 1.3 version a bit and found some problems.

err.png

I guess the script was not supposed to add phase1 to the list, right?

inteq

There is an 1.3 in this thread as well. Test it out. (Do not remember what was changed from 1.2 to 1.3)

Missed the 1.3 one. Will test now.
Thank you.

inteq

Was looking for such a script for a long time. Trying to implement it on a router getting lots of "negotiation failed" but I have an issue. The offending IP is added to IPSEC list, but it also adds 0.0.0.0 to the same list for some reason. Any clue as to why? Nothing in log showing 0.0.0....

inteq

Do not worry to use any time interval, parse all logs, the script prevent double-set IP on address list than cause interruption for error on duplicate entry. This script do not prevent the lock of your own remote IP if some error happen meantime. Remember to create the whitelist of yours IPs and ad...

inteq

@inteq
viewtopic.php?t=148397

Thank you

inteq

...
If you are after the best practice for this. there are scripts in the forum that can read log entries and add the src address to your black list.

Can you point us to one of those?
I looked and came up empty.

inteq

Windows 10:

wusa /uninstall /kb:5009543

inteq

most web browsers now default to using DNS over HTTPS to increase user privacy.

Good one.
/s

inteq

The problem is if a user reconnects/disconnects too fast, it will end up in the blacklist also.

inteq

2 x SFP+ (10G)
2 x 10Gbit copper (10G)
1 x Management with PoE

99% of locations I manage are using only 1 ISP, thus most multi port routers are pretty much empty (only using two ports because switches on RBs are crap)

inteq

Only two options:
A: not a "safe controlled environment" and someone else changed the password.
B: you changed the password or restored a backup containing a password and Alzeheimer wants to know your location.

inteq

I am all for more options and customizability, don't get me wrong.
Just curious as to why the need for a diferent WinBox port and more importantly, why "is not an option for some"?

inteq

Dowgraded from 6.49.1 to 6.45.9 one of my home wAP to test this.
The AP is a cap on a 1100AHx4DE.
Tested both versions on 5 Ghz at ~ 5m distance, direct sight and could not observe any differences.

6.49.1

Screenshot_20211204-071551_Speedtest.jpg

6.45.9

Screenshot_20211204-072340_Speedtest.jpg

inteq

Do all devices allow inbound Winbox port? If yes, it is accessible from all devices?
Have you set the type to RouterOS for each device?

inteq

If you are changing the default Winbox port hoping to be "stealthy", you are doing it wrong.
Just leave the darn port at default and setup good firewall rules/allow only whitelisted management IPs

inteq

No issues updating on:
RB1100AHx2,AHx4 and Dude edition. RB4011, CCR1009 and a lonely HeX S
HAP AC2&3
WAP and CAP AC (old and new models),Audience
CRS312

inteq

6.49.1 and it seems something has been changed. Not necessarly for the better. 8 minutes after upgrade and reboot the fans were still spinning at 8k rpm. I thought to myself "I should stop sending requests to support" thinking the fans now will be locked at 8k rpm. Did not notice this beha...

inteq

Hello, Trying to monitor some l2tp links that feed into one central location. Everything works OK. The problems is if a l2tp link goes down for whatever reason, The Dude will default the monitored interface to another available interface and never recover, even after the l2tp link comes back online....

inteq

Mikrotik support stated:

Hello,

Thank you for the report!
We have managed to reproduce the issue locally in our labs and look forward to fixing it on upcoming RouterOS versions, unfortunately, I cannot provide an ETA now.

inteq

Hello, Testing a CRS312-4C+8XG destined for office environment and I have to say the noise level is decent at ~4k rpm (as reported by Winbox with ROS 6.49). The problem is the fans will stop spinning under a certain temperature (~50 Celsius CPU and ~ 55 Celsius PHY), the temperature will quickly ris...

inteq

Don't bother looking for a fix to your setup. hAP AC3 just sucks for some reason. Maybe they will fix it in a future RouterOS version.
viewtopic.php?p=827986#p823038

inteq

In IP/Firewall/Raw add a rule with source as your VPN pool and destination as your PBX IP in prerouting chain and with action no track.
Copy the rule and reverse source with destination.

inteq

Any time you open a port for some specific program, there is a chance it will end badly. But at least in the case of RDP, we know there are lots of vulnerabilities. Some patched, some not yet found and a lot of them with released patches but not applied. For example: https://nvd.nist.gov/vuln/detail...

inteq

1st: never ever open rdp to public.
Use a VPN or allow RDP port only for certain trusted static IPs or ddns

inteq

@sid5632 can you please tell what was the issue exactly? What does "CHR was stopping transmitting" means?
I ask, because I also have problems with Dude on CHR randomly making everything inaccessible for short periods of time (10-30 seconds). Dude disabled=no problems.

inteq

Just a guess, but try to disable hugepages (+pdpe1gb)
Don't have this issue on ESXi

inteq

Well, expired license means you cannot upgrade ROS version. The router itself continues to work just as before. Support stated the same, nevertheless, I do not agree. At least one function did not work while the problem was active, so who knows what other functions are disabled? I only checked IP/C...

inteq

Just discovered that my CHR unlimited license was not updating/renewing. Who knows for how long this has been going on. Support fixed it after two days and stated the problem was on MT's end. Would be nice to get a warning in Winbox about license issues. Never crossed my mind to check the license st...

inteq

Yes, CPU and RAM barely used.
No comment regarding the "I never run 2 totaly different functions on 1 device"

inteq

The Dude is running on the router. Physical, VM, makes no difference.

inteq

Hello, Had some issues with a lot of routerboards causing internet service disruption/massive packet loss. Randomly, the router would not be accessible for 10-30 seconds. No interface flopping logged. Even weirder, a subnet behind the router will also lose connectivity when this happens. A netwatch ...

inteq

Bought Mikrotik hap ac3. Have a questions on wireless interfaces. In winbox, interface wlan1 or 2 in current Tx power there is no information. 2.4Ghz showing 0 Tx power, 5Ghz showing nothing. In Freq. usage function Hap Lite is always showing many channels with 75...90...50 usage, at the same time ...

inteq

I've always wondered if the reason I routinely encounter this problem is because I'm not running on a physical PC, but inside a Windows VM on a Mac device. Just for my curiosity, are you running on a physical PC?

Yes. Physical machine with W10. No VM.

inteq

Netinstall works, not all users do!

Say thank you for not stumbling upon this issue (yet) and move on if you have nothing better to add.

inteq

Had this issue today with a RBwAPG-5HacD2HnD. Failed upgrade to 6.48.2 and had to be sent back to me from another city. Netinstall did nothing and had to resort to the trick of closing the program, opening it again, deleting set and quickly install. This was the only way to successfully unbrick it a...

inteq

The RF Amplifier will be damaged if both antenna is not attached to the board. How does one know tht RF Amp is damaged? I've just purchased used ac3 and 5Ghz performance is really poor. Can it be because of damaged RF Amp? Cannot vouch for the possibility of damage without them attached, but can vo...

inteq

"HAP AC2 lack memory"
What you need more memory for on that tiny thing?

inteq

My solution on the only two switches using those modules is to put a small 40mm fan inside blowing straight onto the modules and one on the back exhausting air. Ugly part: requires an external power supply for the fans. sfp.png Fun fact: both modules are in use, nevertheless, one is always 10 degree...

inteq

Have you cleared DNS cache?

inteq

Yes, because changing a color would take an entire team of devs several months. /s
What does WinBox background color have to do with ROS other bugs is beyond me.

inteq

Don't fight it. Don't mess with support. Just buy the Ruckus radio and move on.

U R funny. Check https://forums.ruckuswireless.com/conve ... e247913632

inteq

We can only hope the reason for AC3 not being in stock is because they are working on making those antennae actually doing something useful, like extending coverage.

inteq

Having this issue with lots of Xiaomi devices, like Air purifiers and smart speakers.
Changed the group-key-update to 1 hour now. Will see.

inteq

Enabled The Dude again for one week. Packet loss and problems started. Disable again.No more packet loss. I do not think it is related to ARM, because after trying 4 ARM Mikrotik routers I moved this particular location to a CHR unlimited and the same problem continues. Funny thing is that RouterOS ...

inteq

Quick update I disabled Dude notification for some time and just stopped thinking about it too much. Beginning of December I decided to just disable The Dude because in my mind, the program had a lot of false positives. I just became numb to connection issues reported by The Dude. Lo and behold, 2 w...

inteq

1 day max to update to the latest stable RouterOS since release. So latest.

inteq

Most APC UPS will cut power once they send the critical battery status and after a predefined delay.
So in theory, the fact the RouterOS is dumb in this regard does not matter.

inteq

I do not get it You ping the capsman IP and if no response you disable caps mode. Every X minutes you enable caps mode to check if your device connects to the manager, in the process booting every WiFi device off the network. That is one weird WiFi experience for devices on that network. If the clie...

inteq

Won't work. Your hap ac lite will need to enable caps mode to be able to check if it can connect to the manager, disconnecting all wifi clients in the process. A https://mikrotik.com/product/ltap_mini_lte_kit might work, having a GPS. You could then script by GPS location. If at certain coordinate, ...

inteq

Just double checked and it seems RouterOS does not support this type of time calculation without extra math involved.

inteq

Execute your command inside the do={ }

inteq

See if this helps:

:local time [/system clock get time];
:if ($time >= "03:00:00" || $time <= "04:00:00") do={ :log warning hammer time }

inteq

I admit I only tried for a short time to troubleshoot userman, but I ended up ditching it in favor of an external RADIUS server. Synology for example comes with a RADIUS server package and I use it everywhere one is to be found for VPN auth and such. An alternative is a small Raspberry PI3/4 with a ...

inteq

Theory is not the problem. Real world testing with the devices I work with tells me there is no difference. And wAP ac has some pretty slow CPU. No clue what you mean by "So, if I will turn local forwarding off, all devies will get dhcp not from capsman, but from local network.". Local for...

inteq

"What test causes the status to be set to Up?: the service status being monitored on each device. For example ping."
Thank God you "Found the solution myself".

inteq

Antenna gain cannot be configured under capsman. I updated all 3 devices to the latest stable RouterOS. Reset into capsman mode: reset.png capsman set to auto provision using 00:00:00:00:00:00 MAC on both 2.4 and 5Ghz. Settings on AP: -disabled all IP/Services but Winbox. -disabled all IP/Firewall/S...

inteq

The agent is setup on The Dude server for each device. What test causes the status to be set to Up?: the service status being monitored on each device. For example ping. You said the two wAPs are setup identically. By any chance you copied the config from one to the other? If so, check if wAPs have ...

inteq

Which service is being monitored on the 172.19.3.249 wAP?
if ping, can you ping it from the dude server?
The agent is correctly setup for it?

inteq

Same exact RouterOS version. Same exact settings for WiFi, all 3 devices provisioned through capsman 00:00:00:00:00:00 on both radios, with channel 36 (5180Mhz) on 5Ghz, only-AC All 3 devices tested one at a time, so close to no radio interference. Only the testing client registered on capsman. Mayb...

inteq

I have tested AC3 and AC2, that is why I was telling you to skip ac3. External antennae are just for show on ac3. See https://forum.mikrotik.com/viewtopic.php?f=3&t=166931&p=823038#p823038 On the other hand, both ac2 and ac3 are pretty cheap to buy, so go buy one and test if it helps you sto...

inteq

For my use cases, bare metal RoS would be a waste. I admit I did not even try without virtualization.
ESXi throughput with 4 cores allocated:

bt.png

inteq

Using https://www.supermicro.com/en/products/ ... -FN8TP.cfm under ESXi
No BGP tho and this model only has 2X SFP+, but the option to add a PCIe via a 90 degree angle riser (included)

inteq

Supermicro has some nice 1U with 4X SFP+, 2x 10Gb ethernet and 2x 1Gb ethernet
See https://www.supermicro.com/en/products/ ... /rackmount

inteq

Both worse than ac2

inteq

Random timeout while waiting for program 20 while monitoring with Dude a remote RB1100Ahx4 DE. snmp behind the remote RB also did not work on APs and other snmp enabled devices.. Disabled and enabled Dude and everything is back to normal. No reboot required. Can't be sure these days is something is ...

inteq

You can go with free ESXi 7 that covers 8 real cores https://download.mikrotik.com/routeros/ ... 6.47.7.ova
Or plain x86 https://download.mikrotik.com/routeros/ ... 6.47.7.iso
I only used CHR/ESXi on Supermicro servers.

inteq

Indeed.

1.png

inteq

Winbox/Dude/Services
Double click on your RB1100AHx4 DE and change the agent

inteq

Hello, Been using The Dude for about 2 years now on a RB100AHx4 Dude Edition. Lots of false positives, unbelievable high latency recorded and unstable upgrade of ROS devices. No crashes. Decided to switch to a CHR VM running on ESXi 7/Supermicro server. Moved the db to the CHR and beside having to r...

inteq

You can have only two configurations/provisioning rules. Set the provisioning for 5Ghz to 00:00:00:00:00:00 instead of the MAC of each CAP. One for 2.4 and one for 5Ghz The trick is to not select a frequency for 5Ghz and have the 3rd wlan enabled on the Audience. You might also need to set the band ...

inteq

No clue why I see this recommendation so often or why it works for some people (if not placebo) but in all my setups with wAP local-forwarding=yes or no, makes absolutely no difference. Same speed. max 400Mbps download max 500Mbps upload. Just tested this again on a wAP AC. One SSID with local-forwa...

inteq

I know professionals with cool expensive toys will laugh their asses off, but this is the best I can do: one smartphone with WiFiman from Ubiquiti. wAP ac and Samsung Galaxy S9+ 1. Direct line of sight at 3 meters distance wap1.png 2. Behind a 19 cm thick concrete wall at 6 meters distance wap2.png ...

inteq

6.47.4 and zero crashes on a RB1100AHx4 Dude Edition.
Have some issues with it, like remote upgrades getting stuck on upload all the time, but crashing is not one of them.

inteq

Thank you @andriys for point this out. Indeed, you are correct.
I have briefly tested with only one concrete wall between the ac3 and the client and noticed the same behavior.
Tomorrow I will test this more thoroughly and get back with details in an up to 4 thick concrete walls location.

inteq

Tested today my first hAP ac3 Not impressed. Not even one bit. Same exact performance as hAP ac2, in a body twice the size, more expensive and with two useless antennae. Tested a hAP ac2, a wAP ac and the new hAP ac3 in the exact same location with an Intel AX200 client, direct line of sight at ~3-4...

inteq

https://www.supermicro.com/en/products/ ... 302-9D.cfm will suit your needs.

inteq

Long shot but try repeatedly to put it in netinstall. And I mean 20-30 times.
Had two routerboards which I had to do this. Managed to fix them this way.

later edit: more then one month since original post. My bad. Maybe helps someone else in the future.

inteq

4 Audience units without meshing in a building with 4 floors. 1 unit / floor. All 4 units CAP clients to a RB1100AHx4. Internet: 1 Gbps up/down fiber. Client: Intel AX200 and Samsung Galaxy S9+ wlan1 2Ghz 2 chains: ~90 Mbps up and down (might push more, but only 20 Mhz enabled) wlan2 5Ghz 2 chains: ...

inteq

I would not use access lists for WiFi.
Rejecting a client with it will disconnect any WiFi call.
I can "roam" just fine between access points without access list reject based on signal and keep my call.

inteq

Even professionals call them modem because they got used to speaking with non-tech customers that only knows this terminology. Try talking to your average Joe and tell them about ONU/ONT. You just tell them modem and they know what you are talking about. No point in correcting them or explaining. Yo...

inteq

I am all for mods, but ffs, stop this facebook crap.
I will not touch a facebook link even with a ten foot pole.

inteq

Using WiFi calling with default UDP timeouts and no problems here. Not with your provider tho.

inteq

I usually end up upgrading manually each site, but I would really like to get to the bottom of this. The Dude is installed on a RB1100AHx4 Dude Edition on the factory SATA SSD. I select the RBs 1st and "Upgrade to 6.47.3" or whatever the version might be. 99% of the time the uploads will g...

inteq

/tool e-mail send to=me@server.com subject="Something" body="Blahblah";

inteq

After scratching my neuron a bit I came up with this Create a script that runs every 10 minutes or so: :local listcount ([/ip firewall address-list print count-only where list~"allowed-countries"]) :if ( $listcount = 0 ) do={ /tool fetch "https://api.telegram.org/botX:Y/sendmessage?ch...

inteq

Hello, Need to filter some services by country. Using the following script to download and create a list: ip firewall address-list :local update do={ :do { :local data ([:tool fetch url=$url output=user as-value]->"data") :local array [find dynamic list=allowed-countries] :foreach value in...

inteq

Both employees and guests networks are using the same DNS server or different ones? I bet not, thus guests having no problems.
Are you using any king of QoS? Maybe double check it. Might cut off DNS.
Are you using any king of rate limiting or "ddos" protection? Try disabling.

inteq

A new RB4011, bought last August, just died. No link on any port. Reset not working. Just keeping track here :) later edit: How I unbricked this RB4011 The RB had no link on any port. Reset to factory defaults did nothing. Could not put it into netinstall mode. So I took it apart to check for visibl...

inteq

I use this to check a DNS server and change mikrotik's DNS server if it fails :local PrimaryDNS "1.2.3.4"; :local BackupDNS "9.9.9.9,149.112.112.112"; :local TestDomain "google.com"; :local ConfiguredDNS [/ip dns get servers]; :if ($ConfiguredDNS = $PrimaryDNS) do={ :do...

inteq

And another RB4011 with 100% CPU usage on one core without traffic, just waiting to crash. And another useless response from support with "netinstall blah blah blah" after I sent them supout.rif I guess up time and letting the client actually use the devices they pay for is an unknown for ...

inteq

Are you working for some optician business trying to get some sales going?
See https://wiki.mikrotik.com/wiki/Manual:Netinstall

inteq

Are you able to login to https://mikrotik.com/client/login ?
Just tested on a CHR and everything works

inteq

wanted.jpg

inteq

Will setup with arp-ping=yes and interval=100ms and get back with details.

ping gatewayIP arp-ping=yes interface=ether1 interval=100ms

Thank you.

inteq

I would not touch FF with a ten foot pole, but for you, I ran the portable FF 78.0.2 and I see no problem.

mt.png

inteq

No BGP.
Just ISP > ONT > Mikrotik.
Direct connected IP on one ether and a subnet on another ether.
The netwatch and script is run on Mikrotik

Simple diagram

1.png

inteq

Format=no license. At least this was the case the last time I checked, a looong time ago.
If you want a clean device, use netinstall
If for some strange reason you really need to format, 1st ask at support@mikrotik.com explaining what you want to do and why.

inteq

This is getting a bit ridiculous. I setup a 4th Mikrotik in the location, a RB1100AHx4 Dude Edition. Problem still persists. I bought a P-Unlimited CHR license and setup RouterOS inside ESXi on a Supermicro server equipped with Intel X722 nics. Problem still persists. Setup a Netwatch to call a trac...

inteq

Disable STP on the bridge.

inteq

Not sure, but I am guessing something with Firefox and by default enabled DoH in it.

inteq

Far from 100% but you can try a VM with pihole, intercept all DNS requests while blocking external DNS requests and use a blocklist with popular torrent trackers. Monitor pihole queries and add the missing ones. If this is for a business network, put HR to work. Notify employees and 1st strike you a...

inteq

Delete all WAN Miniports from device manager and restart.
With a bit of luck, that will fix it.

inteq

To be frank, only when I read "13Mbps lease line cost us USD3716.32/month" I thought that something is wrong and looked at the date.

inteq

Disable firewall on one of the machines that does not respond to ping. If you have Windows machines, open a command prompt and run: netsh advfirewall show allprofiles state Make sure the results are as in the image below: fw.png If ping works with firewall disabled, enable the firewall and create a ...

inteq

Reinstalled the 3rd RB1100AHx4 tonight and did not have to wait longer than 2 hours for the first interruption. This time it lasted 2 minutes as reported by Dude. So far used 4 different factory crimped ethernet cables and one cat 6 made by me. /interface ethernet print stats taken after the 1st inc...

inteq

Mikrotik responded with:

Hello

We have determined that this is a cosmetic issue that was introduced in v6.47 on some specific routers. We will try to resolve this problem as soon as possible.

Best regards

inteq

@sob I have tried without the Drop invalid rule when @tippenring suggested here https://forum.mikrotik.com/viewtopic.php?f=2&t=162627&p=801420#p801383. No change. @sindy Will have to reinstall the RB1100AHx4 to be able to check /interface ethernet print stats but if I recall there were some ...

inteq

To recap, 3 routerboards in a pure routing config, no NAT, no DHCP, no STP and even tested without a bridge: random packet loss lasting from couple of seconds to 1 minute. Did a test with only one interface setup with a public IP, without routing or anything else plugged into it: random packet loss....

inteq

@anav
Found anything interesting?

inteq

And a new RB1100AHx4 started crashing. 2nd time today.

crash.png

inteq

If the location is a business and the request comes straight from the top, imho the only viable solution is per computer screen monitoring after all employees have been notified. You get caught gaming, you are out. Trying to cover all bases on the router is a cat and mouse game. And we all know Jerr...

inteq

Another 5 still pending investigation with lots of packet loss and 3 just quit working out of warranty. I'm curious, on your routers experiencing packet loss, do you have a firewall rule that drops invalids in the forward chain? If so, I'd be curious to see what happens if you disable that rule. Wi...

inteq

Folosesti si switchuri Mikrotik ? Using switches also, but very few, so cannot really comment on those. Two CSS326. Both "modded" with two fans: one on the rear for air intake and one internal, blowing down on S+RJ10 modules. No problems with them besides crazy SPF+ modules temperatures. ...

inteq

Reality is: Mikrotik should do a better job at quality control. A lot better. I am in far from a big Mikrotik client with around ~ 100 routers and ~200 access points, but still I had to RMA close to 10 routers for various reasons, ranging from DoA to flapping ports and mysterious crashes. Another 5 ...

inteq

I would say because generating data is using a lot of CPU cycles, which your APs are in short supply. Thus, lower throughput.

inteq

Hello, The only RB1100AHx2 left in use is showing some strange CPU usage. Tool/Profile is showing consistent 100% CPU usage while System/Resources is showing almost constant 0% with small spikes to 1-2%. The unit is monitored with Dude, where the router shows again close to no CPU usage. Any clue if...

inteq

Sending supout is in vain. They will just reply with a standard "Connect a serial cable to this device, open serial console and make sure that you have successfully connected to RouterOS CLI. . No I don't think sending supout in this case is in vain. More feedback will result in improvement. I...

inteq

Sorry for bump, but this one is strange. Installed the 2nd RB1100AHx4 (the one purchased after the 1st RB4011) in another location. Same provider, same FTTH tech. 2 weeks already and absolutely stable. No packet loss at all. Setup a PC with intel nic in place of 3rd RB1100AHx4, in the problematic lo...

inteq

In my opinion, doh is the first example of how much mikrotik cares about the safety of its users and other initiatives in this direction are welcome. Don't be fooled into thinking DoH provides any "safety" for users. I mean don't do stupid stuff online just because you have DoH enabled th...

inteq

After few days or weeks, they just brick. I am very pissed off that mikrotik is pretty much ignoring this issue. . Please send Mikrotik supout and return them for repair if Mikrotik diagnose the issue as hardware issue. The more reports and investigations the better it will be long term. Sending su...

inteq

Was expecting to see some castle with some state of the art cabling.

inteq

And again on a RB4011iGS+RM
crash.png
Hi,

What should i configure to get result as above? i mean automatically reboot after crash

regards,
M

Not 100% sure, but I guess that is handled by Watchdog under System.

inteq

Hello, So I have a FTTH location where internet drops completely between 10 seconds to 2 minutes, at random times, for 1-4 times a day. Nothing in logs. No link downs on interface. Online UPS. 1st router: a RB4011. Because the router crashed couple of times, I thought those random internet dropouts ...

inteq

The issue is from at least 2013, if not from the beginning. ( viewtopic.php?t=77074 )
Still present in May 2020

inteq

I would try to do a netinstall and start from scratch.
For some reason, I am thinking about a hacked router in this case.

inteq

As I said: "The DNS on the router is not enabled.", thus no clients behind the router can cause this.
Somehow, the router itself queries for www.mikrotik.com

inteq

Hello I have a RB1100AHx4 that sends lots of queries for www.mikrotik.com The DNS on the router is not enabled. No NAT, only routing. No scripts, no netwatch and I am unable to find the reason why this router queries www.mikrotik.com so much. As soon as I flush DNS cache, the record pops back in. qu...

inteq

Setup Dude to monitor CPU on all 4011s
So far only two have issues but tired of this.
Starting to replace all 4011. Not worth the trouble.

cpu.png

inteq

Hello, My search came up empty so asking here. Setup a Dude Server on a RB1100AHx4 Dude Edition. Now, I need to monitor several locations with Mikrotik APs in CAPSMAN mode. I can add the APs in 1st location just fine, but on 2nd, 3rd, etc location, because APs have the same private IPs as on the 1st...

inteq

And again on a RB4011iGS+RM

crash.png

inteq

I have 2 3CX servers with firewall test failed on WUI, but everything works just fine for 3 years now. If you don't have any problems with RTP and calls, just ignore it. Me thinks 3CX is a bit dumb in that regard. Hi! are you using different ports for RTP on both servers? bests, Christian No. Using...

inteq

I'm fearing you're spreading some more FUD here ... No reason to fear. I said 4G LTE is just marketing and not real, true 4G. I am talking speed wise. You replied with "Actually its the other way around" and I asked "What is the other way around?" Are you stating that 4G LTE = r...

inteq

Actually its the other way around:

What is the other way around?
The discussion is about 4G LTE not "true" LTE.

inteq

To reiterate what SiB stated:
4G LTE is technically 3G with some magic sprinkled on top. More precisely you can call it 3.95G.
The 4G in the name is only marketing. A bit like what AT&T did with their fake 5G E logo.

inteq

You can test your upnp with https://www.xldevelopment.net/upnpwiz.php ( https://www.virustotal.com/gui/file/817 ... /detection )
The tool allows for test upnp rules creation on your router and it works with mikrotik.

inteq

As freemannnn stated, you can see the automatically created rules in Firewall/NAT, with the comment starting with "upnp" If you do not see any such rules, go to IP/UPnP, disable the service, delete all your upnp interfaces and recreate them. Enable the service. See https://forum.mikrotik.c...

inteq

Can you observe the same high latency when you ping directly from your Mikrotik router? How about other machines connected to the router? Do you have arp enabled on your internal interfaces/bridges?
I recall seeing such behavior on infected machines and networks with arp poisoning.

inteq

Try:

On Site A

/ip firewall nat
add action=accept chain=srcnat dst-address=192.168.2.0/24 \
    src-address=192.168.1.0/24

On Site B

/ip firewall nat
add action=accept chain=srcnat dst-address=192.168.1.0/24 \
    src-address=192.168.2.0/24

inteq

PSA
Make sure you have whitelisted your private IPs if using https://raw.githubusercontent.com/fireh ... el1.netset

inteq

Hello, First time today I have used the Winbox feature "Open in new window". Useful feature and saves a few clicks when opening many sessions. Nevertheless, with "Open in new window" ticked, the text in the new window is a lot smaller. oinw.png I can zoom in, but it seems the zoo...

inteq

The question is: are you using an UPS for your rack/router?
Normally, the log "system,error,critical router was rebooted without proper shutdown" is the result of power loss and not an actual error/crash.

inteq

viewtopic.php?f=2&t=149062

"Power users" use search.

inteq

There are services 24*7, i can't reboot it every day...

I see. But if you prefer bricking... it is better a 30 sec outage for reboot in the night....

We prefer a fix. Rebooting every night ain't one. I hope you don't do that to your users.

inteq

I have 2 3CX servers with firewall test failed on WUI, but everything works just fine for 3 years now.
If you don't have any problems with RTP and calls, just ignore it.
Me thinks 3CX is a bit dumb in that regard.

inteq

Tested on a simple firewall with 1st rule Accept established and related packets and 2nd rule Drop invalid packets (in forward section) I have the log rule as 3rd and it works just fine. Works with and without FastTrak and as long as the connection is forwarded. Test with another port, like 443 to b...

Search found 361 matches