MikroTik

jamesw

We’re getting the following error on some (not all) of our Mikrotik CHR systems which is causing the system to be capped at 1Mbps throughput. These systems have a P1 perpetual licence. What does this error mean please? An example is below and its affecting over 25 (out of 140 which are all fine): “E...

jamesw

Thanks. I can confirm setting via terminal works just fine so it's purely a UI thing.

jamesw

I'm trying to configure my hap ax3 with wave2 support, but on the "Interworking" tab, there is no option for the ANQP to set the Roaming OI's or domains that are used for Hotspot 2.0/Openroaming to function. In non-wave2 radios this configuration is present and can be set. Here is the Mikr...

jamesw

When you have to upgrade 300 CHR's and have to manually re-license each one, it's a problem

Also, the system-id is staying the same (because we are hardcoding the UUID in the virtual machine XML config before it boots) , it's just saying that the system id can't be licensed.

jamesw

I this because the MBR will have changed, or that it somehow thinks its a new system/hardware ID? Both. How can resizing a disk create a new system ID? The UUID of the system/hardware and the UUID of the virtual disk does not change with a resize, so how does the Mikrotik know any different? Perpet...

jamesw

Would resizing the disk image of an existing machine generate a new system ID? Exactly. But adding another disk, keeping the original untouched in place, do not change system ID. I this because the MBR will have changed, or that it somehow thinks its a new system/hardware ID? Why should resizing a ...

jamesw

I have a question about how the CHR system id (for licensing purposes) is *really* generated/checked. We purchased over 400 CHR P1 perpetual licenses a few years ago that are used on either VirtualBox/Linux KVM hosts. They have been working fine until it comes to upgrade time... i.e. each reboot the...

jamesw

Anyone have any thoughts on this? Thanks

jamesw

We're currently using Hotspot with RADIUS authentication and returning a bandwidth limit via the Access-Accept reply which in turns creates a dynamic queue (per active user) set at the bandwidth specified. All good so far. We now have a requirement were we need to dynamically modify the bandwidth fo...

jamesw

What's going on here then? v7.6 on a CHR is showing a P1 licence on both Winbox and Terminal, but it's really on a P1 (Trial): I am sure that it used to say P1 (Trial) in Winbox so you could tell the difference? Tried this on 3 different CHR's and they all show the same P1 when its actually P1 (Tria...

jamesw

Thanks to both of you. I will indeed not worry bout the switches being "visible" on the network and just allow management via their static IP's from an allowed host.

Cheers

jamesw

Indeed, but this PC is not a dedicated PC just for accessing the management interface, and is gnerally on VLAN100 as the other devices are. I just want to be able to see the switches via Winbox, even though the PC is on VLAN100. I understand your point now about the broadcast only searching the VLAN...

jamesw

So add a VLAN100 interface to all the switches too, and also give them all an IP in the VLAN 100 range? But then what is the point of the VLAN99 management interface to keep things separate?

jamesw

So on all switches I have a VLAN 99 interface which is attached to the bridge. the VLAN99 interface is then given an IP address on the switch, like 172.16.99.x I do not have any firewall rules blocking inter-VLAN, so I would have though a broadcast from the PC running Winbox will be able to see all ...

jamesw

I currently have the following 1 x RB2011AHx2 3 x CRS125 1 x CSR326 Screenshot 2022-03-17 215750.png I'm currently using Winbox on the PC (VLAN 100) and the nework is working as expected, I receive an IP from the DHCP on the router from the VLAN 100 interface. All is good. But on Winbox I can only s...

jamesw

Just wondering if anyone is able to assist? Happy to provide any further config as required.

Thanks!

jamesw

Some more info, I've realised in the "Queues" the traffic for the client traffic is showing correct, is the queue causing the problem? We're limiting the user/s bandwidth to 2Mbps down/up hence the queue... Comparison of what the queue shows as opposed to the hotspot user: mt_test_3.png Th...

jamesw

Bit of an odd one but hoping someone can help... We have a hotspot set up on a VRRP interface, and everything works great, apart from the traffic that is showing for hotspot clients and on the hotspot interface itself is wrong. It's showing clients using a very small amount of download/upload bytes ...

jamesw

Further to this, it appears when the VRRP and the hotspot are on the same interface (ether3) the VRRP doesn't work or auto-switch master/backup, probably because the hotspot is running or blocking the traffic. As soon as the hotspot server is disabled, VRRP immediately works again. Any thoughts? Tha...

jamesw

I am trying to get a simple hotspot with VRRP with two CHR Virtualbox VM's The plan is to run a two routers as master/slave, both with hotspot running for guest users. I've configured it as I thought it should be, however when I create a hotspot and set it to run on the vrrp interface, although the ...

jamesw

The ISP's controller is a slightly odd set up, in that it's sitting behind IP 203.203.203.60 but configured to identify itself as 103.103.103.60. So, I tell my AP to join a controller at 203.203.203.60. It talks to the controller fine, but because the controller identifies itself as 103.103.103.60, ...

jamesw

I'm trying to have a Cisco AP in my lab connect to a remote controller hosted by our ISP for testing. I've been advised by my ISP that I need to use the following rule in order for it to work correctly, but this is intended for a Cisco IOS device: ip nat outside source static 103.103.103.60 203.203....

jamesw

Actually, turns out I was using the wrong PSK! Doh!

jamesw

Anyone able to help or give me a steer?

Thanks!

jamesw

Would any additional logs help? Just tying to make some progress on this

Thanks in advance

J

jamesw

RouterOS 6.45.2 I'm having trouble getting macOS and Android devices to connect to our VPN server hosted by the Mikrotik 110AHx2 in our office. It works fine for Windows and Ubuntu using the Shrew VPN software. The same appears in te logs for both Android and macOS clients (using their built-in VPN ...

jamesw

We are also facing the same issue with Hotspot / RADIUS authentication broken because the Password that is send to RADIUS is garbage/corrupt.

This is affecting 1000+ customers to a big issue.

Case raised; ticket #2019070322005393

Thanks for any help.

James

jamesw

Great explanations guys. Really appreciate the informative replies.

James

jamesw

Yep, I added a drop rule and then some specific forward rules for what I want open externally. Thanks!

jamesw

Strangely, in my testing, I removed those rules completely and the server still have access behind the assigned public IP, so seems it lets everything through. Guess I need to drop all and then allow just what I need through... Weird as I thought it wouldn't work at all without the following: add ac...

jamesw

Its working now - not sure why but ARP is just set to the default "enabled" instead of proxy-arp. Sob and co, thanks for the help. Last question - can I still limit the inbound traffic to the public IP using the MT firewall or is everything just "passed through" to the server now...

jamesw

Indeed. With proxy-arp on its working, but without it's not. I'd like to avoid having to use proxy-arp if I can as it shouldn't be required I think?

Thanks

jamesw

Thanks So without adding some dummy ip to the ether9 interface and then using this ip as the gateway on the server nothing would be routed, correct? I tried what you said but it still doesnt work without enabling proxy arp on ether9. Once I get this working, can I still use input firewall rules to b...

jamesw

I enabled proxy-arp on ether9 and it now works. But should I need to do this? Is this strictly required? Does it introduce any issues?

Thanks

jamesw

The torch tool shows a ping i am running to 2.1.1.1 (real ip 62.252.x.x in screenshot) from outside is being sent to ether9 and it appears it is responding but the ping fails, so, is it a firewall issue where traffic from ether9 cant go back out, like some nat or forward rule?

jamesw

Heh.

Managed to add it by removing the /32 from the network, so its just 2.2.2.1 but still not working.

The server at 2.2.2.1 plugged in to ether9 cant get any Internet. ping to 8.8.8.8 shows request timed out...

jamesw

Doesn't like it:

/ip address> add address=1.1.1.1/32 network=2.2.2.1/32 interface=ether9
invalid value for argument network

jamesw

Thanks. Even though I have 1.1.1.1 assigned as the ether5 static WAN IP already?

Thanks

jamesw

I had a look at that along with many other posts but it wasn't clear of the final outcome and how it should be configured. Ideally I just want to map an IP from my routed subnet directly to a physical server plugged in to ether9 - no PPPoE in this case or NAT/IP tunnels. Is that possible?

Thanks

jamesw

I've spent all day trying to get this to work, and still struggling, even though its a simple task. What I want is to use a public IP from my routed subnet directly on a server inside my network (without NAT). Current setup is: The ISP provides the following over the connection (IP's changed): Stati...

jamesw

Another question... if I am only using 1 port as the trunk port on the RB1100AHx2, is eth10 (part of switch1) faster/better than just using eth11/12/13 which are directly connected to the CPU?

Would there be any benefit?

Thanks

jamesw

Setting egress is not enough. When you switch to "vlan" tab (the first to the left of "eg. vlan tag"- as on the last image you send), what can you see there? Actually, your points made me check something. On the uplink siwtch, I only had "sfp1" as an egress vlan. So, a...

jamesw

You need to configure a port you plugged your AP to as a trunk port for vlan 10, 30 and 40 (I'm assuming this will be a port on one of your 14 switches). Since your vlans are working OK with a cable connection I'm assuming your uplink switch and RB and configured correctly. I thought setting the eg...

jamesw

Hi, Did you add eth9-meraki... port to relevant VLANs (Vlan tab on your Image 2)? On the CRS125 switch its plugged in to, or the RB1100? I have eth9-meraki listed in the egress table, so it should just pass those VLAN IDs to SFP1 (which connects to ether10 on the RB), and then the DHCP server on th...

jamesw

Really hoping for some help so I can kick-start our network :) I'm sure its just a setting or tweak required. Or, is there just no way at all without using a bridge? (I am only using a single trunk port on the RB - eth10), so don't really want to have a bridge with one port and force software routin...

jamesw

Image 4 (Topology) attached

jamesw

Hi guys. I'm coming up against an issue but I've exhausted my understanding on the topic. Basically, we have 14 x CRS125 switches all handing traffic from the patch panels. We set most of the ports on these switches to VLAN 10 using the Ingress VLAN table. We also have a couple of ports on each swit...

Search found 47 matches