Community discussions

MikroTik App

Search found 130 matches

by dmitris
Tue Oct 15, 2024 10:49 am
Forum: Forwarding Protocols
Topic: Route Aggregation
Replies: 2
Views: 468

Re: Route Aggregation

Yes, already checked these links (link in the first thread is not available anymore), but i asked how to make aggregated route advertised while there is active contributing route?
At this moment aggr route advertised always.
by dmitris
Tue Oct 15, 2024 10:24 am
Forum: Forwarding Protocols
Topic: Route Aggregation
Replies: 2
Views: 468

Route Aggregation

Hello,

Does anybody found a solution how to make aggregation route advertised over BGP only, if there is active contributing route?

BR,
Dmitri
by dmitris
Tue Feb 06, 2024 1:58 pm
Forum: Forwarding Protocols
Topic: ROS 7.12.1 BGP Redundant Route reflection, necessary attributes are missing
Replies: 9
Views: 3134

Re: ROS 7.12.1 BGP Redundant Route reflection, necessary attributes are missing

Good news, I received confirmation, that Mikrotik support have managed to reproduce the issue in their lab and will fix it.

d.
by dmitris
Sat Feb 03, 2024 10:12 pm
Forum: Beginner Basics
Topic: one Bridge over diverent MT devices
Replies: 2
Views: 521

Re: one Bridge over diverent MT devices

Yes you are right. All devices in one bridge should be reachable. If you want normal assistance, then share yours netpower and hap devices configuration without sensitive data, otherwise it will be guessing.
by dmitris
Sat Feb 03, 2024 12:51 am
Forum: General
Topic: CRS354 Management VLAN
Replies: 2
Views: 418

Re: CRS354 Management VLAN

There is nothing special, just read mikrotik documentation..

https://help.mikrotik.com/docs/display/ ... figuration
by dmitris
Mon Jan 29, 2024 7:40 pm
Forum: Forwarding Protocols
Topic: PPPoE server routing to internal IP address
Replies: 4
Views: 1644

Re: PPPoE server routing to internal IP address

Check the gateway configuration on proxy server, it should be 192.168.77.2
by dmitris
Mon Jan 29, 2024 5:19 pm
Forum: Forwarding Protocols
Topic: PPPoE server routing to internal IP address
Replies: 4
Views: 1644

Re: PPPoE server routing to internal IP address

Hi,
As you didn't paste you configuration, it will be guessing, but i will try..
If you have a configured firewall, then in forwarding chain you should add a rule which will allow icmp requests from 192.168.10.0/24 to 192.168.77.1
by dmitris
Sat Jan 27, 2024 6:33 pm
Forum: Forwarding Protocols
Topic: ROS 7.12.1 BGP Redundant Route reflection, necessary attributes are missing
Replies: 9
Views: 3134

Re: ROS 7.12.1 BGP Redundant Route reflection, necessary attributes are missing

Hello Network5!

Could you check on your RR router's advertised routes, do you see in any entry originator-id or cluster-list attributes?
/routing/bgp/advertisements/print detail

Can you share the BGP peering configuration which is pointing RR211 to R212 and vice-versa?

Thank you!


Br,
Dmitri
by dmitris
Fri Jan 26, 2024 10:00 pm
Forum: Forwarding Protocols
Topic: ROS 7.12.1 BGP Redundant Route reflection, necessary attributes are missing
Replies: 9
Views: 3134

Re: ROS 7.12.1 BGP Redundant Route reflection, necessary attributes are missing

Hi Network5! Thank you for your suggestion I appreciate it. RR1 and RR2 are already configured with local.role=ibgp-rr and on the client side configured "local.role=ibgp". In my situation, the RR CLIENT is receiving the BGP route which was announced/originated by itself. Did I understand c...
by dmitris
Sun Jan 21, 2024 6:00 pm
Forum: Beginner Basics
Topic: Recommendations on integrating my employer-issued MikroTik into my existing network.
Replies: 5
Views: 1143

Re: Recommendations on integrating my employer-issued MikroTik into my existing network.

Hello, I think that you need to play with static routes on yours home and ovpn router. 1. on your home router you need add static route towards ovpn router 2. on your home ovpn router you need add static route towards your employers networks over ovpn tunnel. On employers side they should also add s...
by dmitris
Tue Jan 16, 2024 3:55 pm
Forum: Forwarding Protocols
Topic: ROS 7.12.1 BGP Redundant Route reflection, necessary attributes are missing
Replies: 9
Views: 3134

ROS 7.12.1 BGP Redundant Route reflection, necessary attributes are missing

Hello, I have noticed that in Redundant RR scenario, when RR1 received prefix from RR-client1 and reflecting received prefix to the RR2 which is in the same cluster, originator-id and cluster-list attributes are not added to the reflected prefix. Is it known problem in Mikrotik or I'm missing someth...
by dmitris
Thu Nov 02, 2023 12:07 pm
Forum: Forwarding Protocols
Topic: RouterOS V7 does not work BGP multihop peer
Replies: 8
Views: 5568

Re: RouterOS V7 does not work BGP multihop peer

Thank you mrz, it helped, bfd and bgp sessions are up now. [admin@R1] /routing/bfd> session/print Flags: U - up, I - inactive 0 U multihop=yes vrf=main remote-address=10.0.0.2 local-address=10.0.0.1 state=up state-changes=2 uptime=48s desired-tx-interval=200ms actual-tx-interval=200ms required-min-r...
by dmitris
Thu Nov 02, 2023 11:50 am
Forum: Forwarding Protocols
Topic: RouterOS V7 does not work BGP multihop peer
Replies: 8
Views: 5568

Re: RouterOS V7 does not work BGP multihop peer

Hello mrz! I will post entire configurations of both routers and here it is. # ROUTER1 /interface bridge add name=loopback0 protocol-mode=none /interface ethernet set [ find default-name=ether1 ] advertise=10M-half,10M-full,100M-half,100M-full \ disable-running-check=no set [ find default-name=ether...
by dmitris
Tue Sep 26, 2023 3:48 pm
Forum: Forwarding Protocols
Topic: RouterOS V7 does not work BGP multihop peer
Replies: 8
Views: 5568

Re: RouterOS V7 does not work BGP multihop peer

Have similar problem in my EVE-NG lab. When i try to establish BGP connection between two adjacent routers, for local. and remote. addresses I'm using routers loopbacks, as result BGP sessions in down and /routing/bfd/session print show: @R1] > routing/bfd/session/print Flags: U - up, I - inactive 0...
by dmitris
Mon Dec 06, 2021 10:17 pm
Forum: General
Topic: VLAN & Trunk Configuration
Replies: 3
Views: 1013

Re: VLAN & Trunk Configuration

Hello everybody ! So I have a little question about my configuration. I have a D-Link DGS-3120 switch wich have VLAN21 configured on. All of my other routers has the same VLAN and I can access them by this VLAN. The problem right now is my Mikrotik router (CCR1036-8G basede on 6.47), I want to acce...
by dmitris
Wed Jul 28, 2021 9:53 am
Forum: General
Topic: Private IP site through public IP site [SOLVED]
Replies: 17
Views: 2368

Re: Private IP site through public IP site [SOLVED]

I made a new attempt. On the server router: - I enabled "Verify Client Certificate" - I exported the CA certificate with passphrase; - I exported the Client certificate with passphrase; - I loaded CA.crt, CA.key, Client.crt and Client.key on the Client router In the Client router: - I imp...
by dmitris
Tue Jul 27, 2021 11:22 pm
Forum: General
Topic: Private IP site through public IP site [SOLVED]
Replies: 17
Views: 2368

Re: Private IP site through public IP site [SOLVED]

or it will not generate export private key for with it Thank you for making it correct! I tested using certificates but it still doesn't work... This is the working SSTP config: # Server side /ppp secret add local-address=192.168.255.1 name=Client password=\ "12345678" profile=default-enc...
by dmitris
Tue Jul 27, 2021 1:27 pm
Forum: General
Topic: Private IP site through public IP site [SOLVED]
Replies: 17
Views: 2368

Re: Private IP site through public IP site [SOLVED]

Nice start! You need to create also client certificate and sign it with the same CA and export and install it on client side. When you exporting client certificate you must specify a passhphrase or it will not generate private key for it.
by dmitris
Sun Jul 25, 2021 12:52 am
Forum: General
Topic: recover a Mikrotik over another Mikrotik (same LAN) [SOLVED]
Replies: 8
Views: 1492

Re: recover a Mikrotik over another Mikrotik (same LAN) [SOLVED]

You need to post configuration from main router also...
by dmitris
Sun Jul 25, 2021 12:43 am
Forum: General
Topic: recover a Mikrotik over another Mikrotik (same LAN) [SOLVED]
Replies: 8
Views: 1492

Re: recover a Mikrotik over another Mikrotik (same LAN) [SOLVED]

Does this router have a static public ip address ?

You have a default configuration on you router and it accept mgmt connections only from LAN at this moment.
by dmitris
Sat Jul 24, 2021 9:24 pm
Forum: General
Topic: recover a Mikrotik over another Mikrotik (same LAN) [SOLVED]
Replies: 8
Views: 1492

Re: recover a Mikrotik over another Mikrotik (same LAN) [SOLVED]

Do you have configuration of your device? If yes, post it here without sensitive data.

Look in Neighbor Discovery, maybe it will available there...Also on locked device do you have configured mac-winbox-servrer or mac-telnet-server ?
by dmitris
Sat Jul 24, 2021 12:46 am
Forum: Beginner Basics
Topic: Routing issue with SSTP
Replies: 2
Views: 1071

Re: Routing issue with SSTP

You should specify route on both sides, than it will work as expected...

On SITE1 mikrotik:
/ip route add distance=1 dst-address=192.168.26.0/24 gateway=10.3.0.1

On SITE2 mikrotik:
/ip route add distance=1 dst-address=10.0.0.0/24 gateway=10.3.0.254
by dmitris
Fri Jul 23, 2021 9:46 am
Forum: Beginner Basics
Topic: Basic setup: not passing traffic.
Replies: 11
Views: 3053

Re: Basic setup: not passing traffic.

So what i can say...70.80.90.100 not from 70.80.90.1/28 subnet, so they can't talk to each other, also check twice that you configured correct subnet prefixes/masks everywhere.
by dmitris
Thu Jul 22, 2021 10:00 pm
Forum: Beginner Basics
Topic: Basic setup: not passing traffic.
Replies: 11
Views: 3053

Re: Basic setup: not passing traffic.

You didn't provide much information, so it's hard to help you... You didn't specify how your ISP will share 16 prefixes with you? BGP? PtP + static route? Something else? Let's assume that you have second variant...... 1. Specify on border router default gateway towards ISP upstream, do not apply fw...
by dmitris
Thu Jul 22, 2021 7:05 pm
Forum: Scripting
Topic: Automatic backup for 100 MKT
Replies: 9
Views: 4055

Re: Automatic backup for 100 MKT

Personally i'm using two approaches, one is Oxidize which is pulling config to git over ssh and second is script on mikrotik itself, which is sending config to ftp.

P.S
How to push configs to backup server only if configuration was changed, any ideas?
by dmitris
Thu Jul 22, 2021 6:31 pm
Forum: General
Topic: Private IP site through public IP site [SOLVED]
Replies: 17
Views: 2368

Re: Private IP site through public IP site [SOLVED]

Yes, you are right about ipsec site to site implementation, both sides should be equiped with public ip. Personally i prefer SSTP tunneling for such solutions. https://wiki.mikrotik.com/wiki/Manual:Interface/SSTP#Site-to-Site_SSTP OpenVPN setup is similar to SSTP setup, so you can try both of them. ...
by dmitris
Thu Jul 22, 2021 5:18 pm
Forum: General
Topic: Private IP site through public IP site [SOLVED]
Replies: 17
Views: 2368

Re: Private IP site through public IP site [SOLVED]

Yes, it wiil work!
by dmitris
Thu Jul 22, 2021 4:33 pm
Forum: Beginner Basics
Topic: Basic setup: not passing traffic.
Replies: 11
Views: 3053

Re: Basic setup: not passing traffic.

It's expected behaviour in your testing environment, because you are using public ip range (70.80.90.0/24) behind rfc1918 network 192.168.0.0/24 there is no way that it will pass to wan without NAT. It will work as router, when you establish your border router with 70.80.90.1/28 ip and connect to th...
by dmitris
Fri May 21, 2021 9:48 am
Forum: Beginner Basics
Topic: allow icmp to routers gw
Replies: 9
Views: 3029

Re: allow icmp to routers gw

Then your input chain rules are too loose. The only person with full access should be the admin, everyone else likely just access on port 53, tcp/udp for DNS. With youi guessed it, a drop all else rule at the end of the input chain. It's not what i asked. why you want a single rule? You need 4 rule...
by dmitris
Thu May 20, 2021 9:37 pm
Forum: Beginner Basics
Topic: allow icmp to routers gw
Replies: 9
Views: 3029

Re: allow icmp to routers gw

In general a drop all rule at the end of the forward chain will block all traffic between subnets. Therefore one only needs to delineate allowed traffic, typically -subnets to WAN -subnets to shared device (printer). In theory you are right, but in practice on Mikrotik it's something else. drop all...
by dmitris
Thu May 20, 2021 7:46 pm
Forum: Beginner Basics
Topic: allow icmp to routers gw
Replies: 9
Views: 3029

Re: allow icmp to routers gw

why you want a single rule? You need 4 rules on input: 3 rules allowing the ICMP ping from the specific subnet into the specific gateway, and one drop rule (maybe you already have drop all rule). ok, what will you do if behind router more than 3, f.e 100 or more subnets? I assume there is smarter w...
by dmitris
Thu May 20, 2021 7:13 pm
Forum: Beginner Basics
Topic: allow icmp to routers gw
Replies: 9
Views: 3029

Re: allow icmp to routers gw

So you want to block all ICMP messages except the gateway IP address (on the forward chain)? I want to allow hosts in specific subnet to ping only their default gateway and not others subnets gateways. f.e i have 3 subnets behind mikrotik router 192.168.0.1/24, 192.168.1.1/24, 192.168.2.1/24 and pr...
by dmitris
Thu May 20, 2021 6:00 pm
Forum: Beginner Basics
Topic: allow icmp to routers gw
Replies: 9
Views: 3029

allow icmp to routers gw

Hello Folks,

I have very basic question about firewall rule on INPUT chain.

Is it possible with single rule to restrict hosts to send ICMP requests only to it's gateway and not allow to ping gateways from others subnets? If you know how to solve it, please share example of rule.
by dmitris
Sun Apr 25, 2021 9:26 pm
Forum: General
Topic: PWR-LINE PRO
Replies: 26
Views: 6484

Re: PWR-LINE PRO

Sorry for hijacking thread, but for those who use PWR-LINE PRO - do you get additional latency? I've never used EoP devices before. I've heard stories that when using such devices you might get somewhat 30ms latency, even tho internet connectivity is rock stable. Just want to hear if it's true. I h...
by dmitris
Sun Apr 25, 2021 3:54 pm
Forum: General
Topic: PWR-LINE PRO
Replies: 26
Views: 6484

Re: PWR-LINE PRO

Sorry for hijacking thread, but for those who use PWR-LINE PRO - do you get additional latency? I've never used EoP devices before. I've heard stories that when using such devices you might get somewhat 30ms latency, even tho internet connectivity is rock stable. Just want to hear if it's true. I h...
by dmitris
Mon Feb 22, 2021 12:27 pm
Forum: General
Topic: Duplicate packet drop error - OpenVPN
Replies: 14
Views: 33616

Re: Duplicate packet drop error - OpenVPN

fyi, "Openvpn connect" client don't call such error in Mikrotik logs and also much faster bringing up TAP interface than "OpenVPN community" client.

Tried on Win10, macOS Big Sur
by dmitris
Sun Aug 23, 2020 10:56 pm
Forum: SwOS
Topic: CSS326-24G-2S+RM hangs until power cycle
Replies: 133
Views: 75005

Re: CSS326-24G-2S+RM hangs until power cycle

No he is not first person...use search and you will find my posts also in this thread about the same problem. Our problem was solved with newer ROS. As far as I know, you are the first person to report this lockup under ROS. This entire thread has been about SwOS. P.S Don't use long-term software, u...
by dmitris
Fri Aug 07, 2020 1:37 pm
Forum: Forwarding Protocols
Topic: CCR1036: fcs error on link sfpplus1
Replies: 4
Views: 6438

Re: CCR1036: fcs error on link sfpplus1

Hi, we have also in our production CCR1036-8G-2S+ router and it's connected on sfp+_port1 to Juniper qfx5100. A couple days ago we also started seeing warning messages "sfp1_plus - error on link". Version of mtik is 6.46.1. Will try to upgrade to the latest software available.
by dmitris
Mon Jun 15, 2020 11:19 pm
Forum: Beginner Basics
Topic: Public IP access Local IP
Replies: 9
Views: 10504

Re: Public IP access Local IP

Did you read this manual ? There are is pretty clearly explained how to configure dst-nat.
https://wiki.mikrotik.com/wiki/Manual:I ... nation_NAT
by dmitris
Mon Jun 08, 2020 10:21 am
Forum: General
Topic: unstable LAN
Replies: 7
Views: 2689

Re: unstable LAN

When you have ping issue peel in Tools>Profile> CPU Total (start) and chek that CPU load usage is ok, maybe it's overloaded in some moments.
by dmitris
Mon Jun 08, 2020 10:16 am
Forum: Announcements
Topic: Winbox v3.24 released!
Replies: 103
Views: 92960

Re: Winbox v3.24 released!

Still have problem with window size reverted after closing winbox.
Winbox v3.24 - 64bit
Windows 10 Pro - Build 18363
2 x 4k display - Scale 150%
by dmitris
Sat Jun 06, 2020 12:24 pm
Forum: General
Topic: dealing with a PPTP server !!
Replies: 2
Views: 935

Re: dealing with a PPTP server !!

Are tcp port 1723 and gre(47) allowed in firewall from wan to input chain of Mtik?
by dmitris
Sat Jun 06, 2020 12:53 am
Forum: Beginner Basics
Topic: Two APs, one DHCP server, 2 SSID's [SOLVED]
Replies: 6
Views: 8219

Re: Two APs, one DHCP server, 2 SSID's [SOLVED]

The simplest way is adding ether1 to bridge. Don't forget to disable dhcp server and firewall on hap lite, that's all. Also u can change dhcp client from ether1 to bridge.
by dmitris
Sat Jun 06, 2020 12:43 am
Forum: Beginner Basics
Topic: Use two WANs at same time (not Load Balancer)
Replies: 11
Views: 3941

Re: Use two WANs at same time (not Load Balancer)

You should know it's not possible to use two default routes simultaneously without marked packets.

Read https://wiki.mikrotik.com/wiki/Manual:PCC
by dmitris
Sun May 10, 2020 12:40 pm
Forum: SwOS
Topic: CSS326-24G-2S+RM hangs until power cycle
Replies: 133
Views: 75005

Re: CSS326-24G-2S+RM hangs until power cycle

We had similar problem with CRS326 switches, Mikrotik support suggested us to upgrade ROS to the latest stable (not long term) and after this upgrade switches still working fine 2-3 months wihtout a problem. Yes, running RouterOS. Initial post amended to include versions of firmware and rOS. The dev...
by dmitris
Wed Apr 29, 2020 4:44 pm
Forum: General
Topic: High number of established connections for one address
Replies: 26
Views: 12033

Re: High number of established connections for one address

I have to start from quite a faraway point. One would expect that a firewall would only allow a TCP connection to establish when it receives a SYN packet from a client towards the server. But this requires a bit more resources to analyse the packets, so the connection tracking module allows to redu...
by dmitris
Wed Apr 29, 2020 11:44 am
Forum: General
Topic: High number of established connections for one address
Replies: 26
Views: 12033

Re: High number of established connections for one address

Hello, i would like to extend this topic further, i have similar situation where lots of connections are established toward my client with 0/0 orig rate and bytes. I see that these connections are established backward only when client established connection to some https server. How i can filter suc...
by dmitris
Tue Apr 07, 2020 11:52 pm
Forum: Announcements
Topic: Winbox v3.22 released!
Replies: 117
Views: 88171

Re: Winbox v3.22 released!

Hi all, i'm alone who have problem with winbox64 v3.22 and v3.21 on MacOS Catalina 10.15.4? To be precise i can't connect to any Mikrotik with latest ROS. Winbox window is splashing for a second and nothing happens. In Mikrotik log i see that user loged in and logout by winbox. Any ideas how to solv...
by dmitris
Sun Jan 26, 2020 1:11 pm
Forum: SwOS
Topic: CSS326-24G-2S+RM hangs until power cycle
Replies: 133
Views: 75005

Re: CSS326-24G-2S+RM hangs until power cycle

LTS 6.44.5 - 6.44.6 didn't help us and Mikrotik support suggested us to upgrade to latest available software 6.45.7. After upgrade it's working now more than 1 month without problem....
by dmitris
Fri Jan 17, 2020 9:05 pm
Forum: Beginner Basics
Topic: FTP NAT helper not working with FTPes?!
Replies: 3
Views: 1944

Re: FTP NAT helper not working with FTPes?!

Thank you Sob!

It's all what i want to know...


btw,
Juniper devices have ftps-extension alg which does work with such type of traffic and this is why i was so curious about mikrotik ftp helper.
https://kb.juniper.net/InfoCenter/index ... id=KB19444
by dmitris
Thu Jan 16, 2020 8:30 pm
Forum: Beginner Basics
Topic: FTP NAT helper not working with FTPes?!
Replies: 3
Views: 1944

FTP NAT helper not working with FTPes?!

Hello,

I'm just curios, does Mikrotik ftp nat helper working when enryption is used and FTP configured to work in passv mode ?

At this moment i can reach server only when passv ports are dst-nated to host under ip>firewal>nat settings


BR,
Dmitris
by dmitris
Thu Jan 09, 2020 12:06 am
Forum: Beginner Basics
Topic: Communicate two networks with the same mask! [SOLVED]
Replies: 3
Views: 3129

Re: Communicate two networks with the same mask! [SOLVED]

I see that your static routes with different masks?!
You should check if routers can communicate over eoip tunnel (try ping)...if it works try to disable under firewall settings "drop" forwarding rule.
by dmitris
Thu Dec 12, 2019 8:40 pm
Forum: General
Topic: Neighbor discovery other than through WinBox?
Replies: 3
Views: 2104

Re: Neighbor discovery other than through WinBox?

This should work
https://robert.penz.name/1412/accessing ... linux-box/

P.S

Just checked on my Raspberry (debian 10). Working like a charm

upd:
Seems that this utility not working with latest ROS
https://github.com/haakonnessjoen/MAC-Telnet/issues/59
by dmitris
Thu Nov 21, 2019 6:29 pm
Forum: General
Topic: LTE Modem Firmware Upgrade [SOLVED]
Replies: 3
Views: 16544

Re: LTE Modem Firmware Upgrade [SOLVED]

Look at the bottom of this Manual page...

https://wiki.mikrotik.com/wiki/Manual:Interface/LTE
by dmitris
Thu Nov 21, 2019 6:24 pm
Forum: Beginner Basics
Topic: Random connection dropping [SOLVED]
Replies: 34
Views: 31962

Re: Random connection dropping [SOLVED]

Glad to hear that your connection performing better.
by dmitris
Sat Nov 16, 2019 10:57 am
Forum: General
Topic: BLock ip When login error [SOLVED]
Replies: 4
Views: 3921

Re: BLock ip When login error [SOLVED]

I'm using this one, helps a lot. Look at ssh example.
https://wiki.mikrotik.com/wiki/Brutefor ... prevention
by dmitris
Wed Nov 13, 2019 9:46 am
Forum: Beginner Basics
Topic: Need Help
Replies: 1
Views: 851

Re: Need Help

Hi, i'll suggest you to apply to certified Mikrotik consultants for such large planning and installation solution.

https://mikrotik.com/consultants
by dmitris
Wed Nov 06, 2019 4:28 pm
Forum: General
Topic: MikroTik hAP ac2 - PoE in problem
Replies: 16
Views: 9450

Re: MikroTik hAP ac2 - PoE in problem

I suppose that this one will help you....It's not converting 802.3af/at. It's using power adapter which you received with your hAP ac²
https://mikrotik.com/product/RBGPOE
by dmitris
Wed Nov 06, 2019 11:09 am
Forum: Beginner Basics
Topic: Random connection dropping [SOLVED]
Replies: 34
Views: 31962

Re: Random connection dropping [SOLVED]

https://mikrotik.com/product/RBSXTLTE3-7 The SXT LTE (product code RBSXTLTE3-7) is a special variant of our popular SXT device, and doesn’t include a 802.11 wireless device. Instead, it has a built in high quality LTE Category 3 modem for speeds of up to 100Mbit/s downlink and 50 Mbit/s uplink. You ...
by dmitris
Wed Nov 06, 2019 9:15 am
Forum: Beginner Basics
Topic: Random connection dropping [SOLVED]
Replies: 34
Views: 31962

Re: Random connection dropping [SOLVED]

This is why i don't like SwOS at all...no logs, no ssh....but it's very cheap :))
by dmitris
Tue Nov 05, 2019 11:31 am
Forum: Beginner Basics
Topic: Random connection dropping [SOLVED]
Replies: 34
Views: 31962

Re: Random connection dropping [SOLVED]

In my opinion, Mikrotik switch can't obtain upgrade software info because you defined a static IP on it. As you can see you defined only static IP but there are no fileds for mask, gateway and dns and hence device don't know how to reach update server. P.S Personally i have same behavior on this dev...
by dmitris
Mon Nov 04, 2019 1:28 pm
Forum: Beginner Basics
Topic: Timed Firewall Rul [SOLVED]
Replies: 9
Views: 2196

Re: Timed Firewall Rul [SOLVED]

Go the System>Watchdog is there any IP-address specified ? Watchdog reboot device when your device run in some troubles. (hardware or software). If you didn't specify IP-address under watchdog and reboot was initiated by watchdog then you should see "suppout.rif" under Files menu. https://...
by dmitris
Mon Nov 04, 2019 12:05 pm
Forum: Beginner Basics
Topic: Timed Firewall Rul [SOLVED]
Replies: 9
Views: 2196

Re: Timed Firewall Rul [SOLVED]

How many times you tried to re-insert address-list already?

i'm also using dynamically created lists with 30 days timeout and they works like a charm until reboot or timeout expiration..
by dmitris
Mon Nov 04, 2019 11:14 am
Forum: Beginner Basics
Topic: Timed Firewall Rul [SOLVED]
Replies: 9
Views: 2196

Re: Timed Firewall Rul [SOLVED]

Why you don't even try to search on the forum? https://forum.mikrotik.com/viewtopic.php?t=37522 When script is ready, you need setup scheduled start of this script. In winbox : System>Scheduler P.S You should know that time-outed address-lists are dynamical entries, if router rebooted then it will d...
by dmitris
Mon Nov 04, 2019 10:35 am
Forum: Beginner Basics
Topic: Timed Firewall Rul [SOLVED]
Replies: 9
Views: 2196

Re: Timed Firewall Rul [SOLVED]

Seems like your router is rebooted every 24h, can you confirm that? If yes this is why your address-list with timeout is gone.

Instead you can use scheduled script which will disable allowing rule.
by dmitris
Sun Nov 03, 2019 11:03 pm
Forum: Wireless Networking
Topic: how long cable support mikrotik
Replies: 8
Views: 4817

Re: how long cable support mikrotik

There is no need of a poe calculator... the omnitik has a psu of 60 watt. The consumption of all the devices ( max ) including the GPeR is less than 50 watt... So? At such distance there will be voltage drop ca 5V and I forget that Mikrotik devices works even in range 11-30V, in theory should work ...
by dmitris
Sun Nov 03, 2019 9:34 pm
Forum: Wireless Networking
Topic: how long cable support mikrotik
Replies: 8
Views: 4817

Re: how long cable support mikrotik

This dimitris is just in theory... sorry to dissapoint you but in practice is not exactly like that...! At least you can not be certain... I ve seen UTP CAT5e cables with length of 60-70m perform poorly and i ve seen also UTP cables with length over 100m perform well... Yes, i'm aware about this......
by dmitris
Sun Nov 03, 2019 8:35 pm
Forum: Wireless Networking
Topic: how long cable support mikrotik
Replies: 8
Views: 4817

Re: how long cable support mikrotik

Definitely it will not work at all or if it will connection between nodes will be unreliable....
by dmitris
Sun Nov 03, 2019 11:57 am
Forum: Beginner Basics
Topic: Random connection dropping [SOLVED]
Replies: 34
Views: 31962

Re: Random connection dropping [SOLVED]

The problem with the switches still does presist: ERROR: Could not determine latest version, probably no internet connection. Use manual upgrade. Don't be concerned about this problem now....It's not related to your current issue at all... Find you iPad MAC address, than log in your AP's and look a...
by dmitris
Sat Nov 02, 2019 5:44 pm
Forum: Beginner Basics
Topic: VPN Routing [SOLVED]
Replies: 7
Views: 2844

Re: VPN Routing [SOLVED]

You need to establish GRE tunnels between A<>B and B<>C and this will be interface, than you should define /30 on these interfaces and than you can route traffic between sites.
by dmitris
Fri Nov 01, 2019 11:57 pm
Forum: Beginner Basics
Topic: Random connection dropping [SOLVED]
Replies: 34
Views: 31962

Re: Random connection dropping [SOLVED]

From your logs i see that devices is roaming very often in short time for some reason... f.e this one 22:52:34 wireless,info 24:1B:7A:94:74:AF@wlan2: disconnected, registered to other device in network 22:53:33 wireless,info 24:1B:7A:94:74:AF@wlan2: connected, signal strength -70 22:55:46 wireless,i...
by dmitris
Fri Nov 01, 2019 11:36 pm
Forum: SwOS
Topic: CRS326Q-24S+2Q+ packet drops
Replies: 8
Views: 6287

Re: CRS326Q-24S+2Q+ packet drops

Maybe you have broadcast storm in your environment...configure lacp on sw side too or configure Broadcast Storm Control, by default it's 100% set it to 5%. https://wiki.mikrotik.com/wiki/SwOS/CSS326#LAG Maybe RSTP playing with you rough game, as you said all switches are with def conf. You should co...
by dmitris
Fri Nov 01, 2019 10:52 pm
Forum: SwOS
Topic: CRS326Q-24S+2Q+ packet drops
Replies: 8
Views: 6287

Re: CRS326Q-24S+2Q+ packet drops

Are these PC-s have only single connection to the switches?
by dmitris
Fri Nov 01, 2019 10:05 pm
Forum: Beginner Basics
Topic: Random connection dropping [SOLVED]
Replies: 34
Views: 31962

Re: Random connection dropping [SOLVED]

RSTP - Rapid Spanning Tree Protcol, it help prevent bridge loops in networks.
https://en.wikipedia.org/wiki/Spanning_Tree_Protocol
by dmitris
Fri Nov 01, 2019 4:54 pm
Forum: Beginner Basics
Topic: Mesh for security cameras
Replies: 10
Views: 2678

Re: Mesh for security cameras

Do not use CCTV over WiFi, only cabel.
by dmitris
Fri Nov 01, 2019 3:13 pm
Forum: SwOS
Topic: CRS326Q-24S+2Q+ packet drops
Replies: 8
Views: 6287

Re: CRS326Q-24S+2Q+ packet drops

Please make pictures of your configuration and post here.
by dmitris
Fri Nov 01, 2019 1:28 pm
Forum: Beginner Basics
Topic: Random connection dropping [SOLVED]
Replies: 34
Views: 31962

Re: Random connection dropping [SOLVED]

First of all it's useless in your network topology, the second one that it can be a source of your current problem...i'm just proposing an ideas what can help you...
by dmitris
Fri Nov 01, 2019 12:21 pm
Forum: SwOS
Topic: MikroTik User for 1 day
Replies: 5
Views: 4345

Re: MikroTik User for 1 day

Definetly Mikrotik products is not for all especially for persons whois not tech savvy at all :lol:
by dmitris
Thu Oct 31, 2019 11:19 am
Forum: Beginner Basics
Topic: Random connection dropping [SOLVED]
Replies: 34
Views: 31962

Re: Random connection dropping [SOLVED]

NB! Do backup from all devices before modifying config... 1. On router and all APs define IP-address on the bridge1 not interface. /ip address add address=192.168.88.x/24 comment=defconf interface=bridge1 network=192.168.88.0 - 2. On all APs you have configured dhcp-relay! Why? Disable it because al...
by dmitris
Wed Oct 30, 2019 3:36 pm
Forum: Wireless Networking
Topic: Current operator MCC+MNC
Replies: 6
Views: 4323

Re: Current operator MCC+MNC

Go to the interface>lte>cellularTAB
IMSI = 505 90 0202336000
505 == MCC
90 == MNC;
by dmitris
Wed Oct 30, 2019 1:35 pm
Forum: Beginner Basics
Topic: Random connection dropping [SOLVED]
Replies: 34
Views: 31962

Re: Random connection dropping [SOLVED]

Thx for precise information...

Do you have any PC's which are connected to this network with cable or all devices using internet only over WiFI?

Also i will suggest to check ether1 port on SXT for link downs. Look at Interfaces>ether1>statusTAB>Link downs= number.
by dmitris
Tue Oct 29, 2019 8:51 pm
Forum: Beginner Basics
Topic: Random connection dropping [SOLVED]
Replies: 34
Views: 31962

Re: Random connection dropping [SOLVED]

Let's assume that when interruption occurs and you client connected to the "AP Maja" try to ping all others ap's and switches, what is the result than?

BTW try login into your switches and check that you don't have tx/rx errors on ports.

How long is the cable between sw1 and sw2?
by dmitris
Mon Oct 28, 2019 9:17 pm
Forum: Beginner Basics
Topic: Hairpin NAT with DST NAT tcp/80
Replies: 6
Views: 2852

Re: Hairpin NAT with DST NAT tcp/80

Hi, HNAT rule must be first under NAT facility. Try to change position of HNAT rule and it should work. /ip firewall nat add action=masquerade chain=srcnat comment="NAT LOOPBACK, pre NAT pravidla neurcovat SRC interface" dst-address=192.168.2.0/24 log=yes log-prefix=NAT_LOOP: out-interface...
by dmitris
Fri Oct 25, 2019 10:48 am
Forum: SwOS
Topic: CSS326-24G-2S+RM hangs until power cycle
Replies: 133
Views: 75005

Re: CSS326-24G-2S+RM hangs until power cycle

I'm just curious, maybe anybody from Mikrotik support team can comment on this issue, do you aware about this behavior?

P.S
At this moment i'm afraid to use Mikortik switches for commercial services in our environment....
by dmitris
Thu Oct 24, 2019 10:56 am
Forum: RouterBOARD hardware
Topic: MikroTik MQS
Replies: 36
Views: 16864

Re: MikroTik MQS

Hello Rudolfs, thank you for asking me this questions. Yesterday i tried to upgrade MQS only over WiFi, LAN port wasn't connected...
Just tried over LAN connection and upgrade was successful.
Thank you again!
by dmitris
Wed Oct 23, 2019 11:05 pm
Forum: RouterBOARD hardware
Topic: MikroTik MQS
Replies: 36
Views: 16864

Re: MikroTik MQS

I just tried to upgrade from versios 1.1p and i receive continuously following message. ERROR: Upgrade failed - invalid firmware file.
Device reseted and no changes made before upgrade...

File name:
firmwareRouterBoard_MQS_v1.4-1571828907.fwf
by dmitris
Sun Oct 13, 2019 11:14 pm
Forum: Beginner Basics
Topic: Philips Hue Stopped Working
Replies: 7
Views: 2838

Re: Philips Hue Stopped Working

Maybe Philips Hue have an old gateway ip addr ? Check ip and dns configuration on this device.
by dmitris
Sun Oct 13, 2019 12:15 am
Forum: Beginner Basics
Topic: RB260GS as unmanaged (No IP address)
Replies: 3
Views: 1365

Re: RB260GS as unmanaged (No IP address)

I will suggest you to leave mgmt ip in your current subnet so you can monitor switches if some clients start complain and definitely set a password for each switch....
by dmitris
Sat Oct 12, 2019 11:48 am
Forum: Scripting
Topic: Script out entire router configuration or just a section of it?
Replies: 4
Views: 3124

Re: Script out entire router configuration or just a section of it?

Try this command:
/interface wireless export
by dmitris
Sat Oct 12, 2019 11:45 am
Forum: Beginner Basics
Topic: RB260GS as unmanaged (No IP address)
Replies: 3
Views: 1365

Re: RB260GS as unmanaged (No IP address)

Why you are so concerned about mgmt ip?
Just change swos mgmt ip addres to something like 10.10.10.10 and uncheck all "Allow From Ports".
by dmitris
Fri Oct 11, 2019 8:16 pm
Forum: General
Topic: Cannot open ports / access router externally
Replies: 1
Views: 1466

Re: Cannot open ports / access router externally

I checked your configuration and i don't see any granting rule to ssh. /ip firewall filter add action=accept chain=input comment="Allow SSH" dst-port=22 protocol=\ tcp * * Second thing i would not recommend to expose Winbox service to all, it's very insecure... Also you can check remotely,...
by dmitris
Fri Oct 11, 2019 2:45 pm
Forum: Beginner Basics
Topic: Dual Wan config on my router
Replies: 21
Views: 15289

Re: Dual Wan config on my router

in contradictory i want to say that DST-NAT in PREROUTING chain and it is done before routing decision, not after as you said, check packet flow diagram.... DST-NAT is indeed in prerouting. However, the NAT rules are about SRC-NAT and that's done in postrouting which comes after routing decision. S...
by dmitris
Fri Oct 11, 2019 1:34 pm
Forum: Beginner Basics
Topic: Dual Wan config on my router
Replies: 21
Views: 15289

Re: Dual Wan config on my router

When subnets is made, you can simply add src-nat for each subnet.. Is it really this simple? My impression is that dst-nat is done after routing decision is made (which actually selects the out-interface). Which means that src-address property in NAT rules example doesn't help. Instead it would be ...
by dmitris
Fri Oct 11, 2019 11:59 am
Forum: Beginner Basics
Topic: Dual Wan config on my router
Replies: 21
Views: 15289

Re: Dual Wan config on my router

in contradictory i want to say that DST-NAT in PREROUTING chain and it is done before routing decision, not after as you said, check packet flow diagram....
by dmitris
Fri Oct 11, 2019 11:40 am
Forum: General
Topic: Allow access to devices from other network
Replies: 8
Views: 10502

Re: Allow access to devices from other network

I just checked your rule and i think it will not work, correct one is:
/ip firewall nat
add action=dst-nat chain=dstnat dst-port=8080 dst-address=192.168.88.246 in-interface=ether1 protocol=tcp to-addresses=192.168.88.246 to-ports=8080
by dmitris
Fri Oct 11, 2019 11:07 am
Forum: Beginner Basics
Topic: Dual Wan config on my router
Replies: 21
Views: 15289

Re: Dual Wan config on my router

Now i see, the simplest way to do that is divide 1 x /24 to 2 x /25 it will give you two separate subnet spaces: IP-s: 192.168.1.2 - 192.168.1.126 MASK 255.255.255.128 GW LAN1 == 192.168.1.1/25 IP-s: 192.168.1.130 - 192.168.1.254 MASK 255.255.255.128 GW LAN2 == 192.168.1.129/25 When subnets is made,...
by dmitris
Fri Oct 11, 2019 10:01 am
Forum: Beginner Basics
Topic: Dual Wan config on my router
Replies: 21
Views: 15289

Re: Dual Wan config on my router

Can you make a network diagram? Maybe than we'll understand better what you want to achieve.
by dmitris
Thu Oct 10, 2019 5:44 pm
Forum: General
Topic: Allow access to devices from other network
Replies: 8
Views: 10502

Re: Allow access to devices from other network

Good, so you problem is solved? Please mark this thread as solved.
by dmitris
Thu Oct 10, 2019 5:06 pm
Forum: General
Topic: Low speed
Replies: 4
Views: 1735

Re: Low speed

Wire speed can be achieved only on first bridge, all others bridges are software this is why you have low perfomance. /interface bridge add name=TRUNK add name="b-LAN OLD" add name="bridge I/OT" add name="bridge guest WIFI" here explained how to correctly setup Switch R...
by dmitris
Thu Oct 10, 2019 4:44 pm
Forum: General
Topic: Allow access to devices from other network
Replies: 8
Views: 10502

Re: Allow access to devices from other network

In particular situation it's just for example. Basically this rule will make dst-nat from WAN network to host 192.168.88.x and port 80, you can modify host and port as you need it. Also as "Anumrak" said, you can use static routes on both ends to achieve net to net connection. On router wi...
by dmitris
Thu Oct 10, 2019 4:27 pm
Forum: General
Topic: can mikrotik router be a voip\sip server?
Replies: 10
Views: 6199

Re: can mikrotik router be a voip\sip server?

At least on Mikortik RouterOS packages web page, nothing about SIP...
https://wiki.mikrotik.com/wiki/Manual:System/Packages
by dmitris
Thu Oct 10, 2019 1:22 pm
Forum: General
Topic: Allow access to devices from other network
Replies: 8
Views: 10502

Re: Allow access to devices from other network

It's very simple use dst-nat on router with subnet 192.168.88.0/24
/ip firewall nat add chain=dstnat in-interface=ether1-WAN to-addresses=192.168.88.100 to-ports=80
by dmitris
Wed Oct 09, 2019 5:25 pm
Forum: SwOS
Topic: MAC port lock reset?
Replies: 6
Views: 5768

Re: MAC port lock reset?

For CRS3xx and CSS326, the port lock will restrict MAC address learning (a static host addresses should be configured). You can allow the switch to learn the first frame it receives, this requires both options enabled. Learning of the first MAC address will reset every time an interface status chan...
by dmitris
Wed Oct 09, 2019 9:34 am
Forum: Beginner Basics
Topic: Connecting Two Mikrotik routers / Two Subnets
Replies: 11
Views: 6730

Re: Connecting Two Mikrotik routers / Two Subnets

Thank you, this is what i expected to see =)
by dmitris
Mon Oct 07, 2019 11:38 pm
Forum: Beginner Basics
Topic: Connecting Two Mikrotik routers / Two Subnets
Replies: 11
Views: 6730

Re: Connecting Two Mikrotik routers / Two Subnets

Can you run commands on your R2 and post here output :
/ip route print detail
/ip dhcp-client print detail
by dmitris
Mon Oct 07, 2019 11:24 pm
Forum: Beginner Basics
Topic: hap2 ac firewall rules for Fronius Solar Inverter
Replies: 4
Views: 2374

Re: hap2 ac firewall rules for Fronius Solar Inverter

If i understood correctly....This rule will forward udp 49049 port from WAN to your LAN solar inverter
/ip firewall nat
add action=dst-nat chain=dstnat in-interface=ether1-gateway dst-port=49049 protocol=udp to-addresses=IP-OF-SOLAR-DEVICE to-ports=49049
by dmitris
Mon Oct 07, 2019 10:54 pm
Forum: Beginner Basics
Topic: Connecting Two Mikrotik routers / Two Subnets
Replies: 11
Views: 6730

Re: Connecting Two Mikrotik routers / Two Subnets

I checked your configuration of R1 and R2 and i'm totally confused. Your configuration should not work.... On R1 ether5 removed from bridge ... and on R2 ether1 used as WAN with dhcp-client on it.....it means that R2 will not get WAN ip and will not work.. Are u sure that R2 connected to eth5 on R1?...
by dmitris
Mon Oct 07, 2019 7:09 pm
Forum: General
Topic: how to allow pop3 from WAN1 and others from WAN 2
Replies: 4
Views: 1850

Re: how to allow pop3 from WAN1 and others from WAN 2

try to add ...
dst-port=25,587,465,110,995,143,993
by dmitris
Mon Oct 07, 2019 4:59 pm
Forum: General
Topic: Hotspot allow addresslist and drop rest [SOLVED]
Replies: 6
Views: 2506

Re: Hotspot allow addresslist and drop rest [SOLVED]

Sorry my fault..

Look at mikrotik packet flow diagramm:
https://wiki.mikrotik.com/wiki/Manual:Packet_Flow

"hotspot-in" on prerouting chain and it's first stage where packet goes this is why u can't block others ip. I think you should setup ip blocking in hotspot itself....
by dmitris
Mon Oct 07, 2019 2:59 pm
Forum: General
Topic: Unstable IPSEC over PPPOE interface
Replies: 10
Views: 3499

Re: Unstable IPSEC over PPPOE interface

What encryption and ciphers on ipsec configured ?

viewtopic.php?t=94931
by dmitris
Mon Oct 07, 2019 2:45 pm
Forum: General
Topic: Hotspot allow addresslist and drop rest [SOLVED]
Replies: 6
Views: 2506

Re: Hotspot allow addresslist and drop rest [SOLVED]

Try in mangle on prerouting chain...
/ip firewall mangle
add action=drop chain=prerouting in-interface=ether5 log=yes log-prefix="Dropped " src-address-list="!ether5 allowed ip"
by dmitris
Mon Oct 07, 2019 2:30 pm
Forum: General
Topic: how to allow pop3 from WAN1 and others from WAN 2
Replies: 4
Views: 1850

Re: how to allow pop3 from WAN1 and others from WAN 2

If you want reach mail server outside you organization, you can use src-nat for this... /ip firewall nat add action=masquerade chain=srcnat disabled=no dst-port=25,587,465,110,995 \ out-interface=WAN1 protocol=tcp add action=masquerade chain=srcnat disabled=no src-address=YOUR-SUBNET-HERE \ out-inte...
by dmitris
Mon Oct 07, 2019 2:19 pm
Forum: General
Topic: Unstable IPSEC over PPPOE interface
Replies: 10
Views: 3499

Re: Unstable IPSEC over PPPOE interface

check under /tool profile, what exactly using RB CPU so heavily
by dmitris
Mon Oct 07, 2019 11:34 am
Forum: General
Topic: Unstable IPSEC over PPPOE interface
Replies: 10
Views: 3499

Re: Unstable IPSEC over PPPOE interface

indeed, rb2011 don't support ipsec hw acceleration at all. When CPU usage is permanently 100% than router behaves unpredictable (internal facilities like nat, dhcp, ipsec,etc not working) BTW what encryption are used under ipsec peer and policies. Do you use encryption on PPPoE also? Look at PPPoE p...
by dmitris
Mon Oct 07, 2019 11:07 am
Forum: General
Topic: Unstable IPSEC over PPPOE interface
Replies: 10
Views: 3499

Re: Unstable IPSEC over PPPOE interface

What is CPU load on both sides when you copying files?
by dmitris
Mon Oct 07, 2019 10:38 am
Forum: Wireless Networking
Topic: Point to Point Wireless Security
Replies: 10
Views: 5621

Re: Point to Point Wireless Security

Also i will suggest using for each site different VLAN\subnet, than you can have fine tuned firewall between sites. Also use on wireless PtP strong password and hide SSID on receiving side it will help you from passers by, but not from directed attacks.
by dmitris
Sun Oct 06, 2019 10:31 pm
Forum: Beginner Basics
Topic: Best way to distribute ip block
Replies: 2
Views: 1839

Re: Best way to distribute ip block

Maybe this one will be helpful for you?

https://youtu.be/YJxVm6jZYiU?list=PLfpN ... EM5&t=1678
by dmitris
Sun Oct 06, 2019 10:18 pm
Forum: Beginner Basics
Topic: Connecting Two Mikrotik routers / Two Subnets
Replies: 11
Views: 6730

Re: Connecting Two Mikrotik routers / Two Subnets

On R1: /interface bridge port add bridge=bridge comment=defconf disabled=no interface=ether5 This should help you... When you enable ether5 back, try to ping on R2, 8.8.8.8 Basicaly your R2 should get ip from R1 and use it as WAN ip. If it still not working, please post here export from R2: /interfa...
by dmitris
Sun Oct 06, 2019 10:12 pm
Forum: General
Topic: DHCP Clinet is working on Basic router setup but not static setup [SOLVED]
Replies: 7
Views: 4155

Re: DHCP Clinet is working on Basic router setup but not static setup [SOLVED]

Can you post your configuration here not in PDF file ? Example conf /interface bridge add admin-mac=4C:5E:0C:25:00:00 auto-mac=no name=bridge protocol-mode=none /interface wireless set [ find default-name=wlan1 ] antenna-gain=3 band=2ghz-b/g/n channel-width=\ 20/40mhz-Ce country=etsi distance=indoor...
by dmitris
Sun Oct 06, 2019 7:12 pm
Forum: General
Topic: problem hma vpn and rb 951
Replies: 8
Views: 4366

Re: problem hma vpn and rb 951

If you want solve this issue, you need post here 2 things:

1. HMA Requirements for PPTP
2. You RB configuration
by dmitris
Sun Oct 06, 2019 6:56 pm
Forum: General
Topic: problem hma vpn and rb 951
Replies: 8
Views: 4366

Re: problem hma vpn and rb 951

So, then you should check configuration of your RB under these options, look below.

/interface pptp-client
/ppp secret
/ppp profile
by dmitris
Sun Oct 06, 2019 6:30 pm
Forum: General
Topic: problem hma vpn and rb 951
Replies: 8
Views: 4366

Re: problem hma vpn and rb 951

Check on your RB server allowed encryption types and then on your client side that that might be issue. What is saying your client logs? Also post here your RB config parts. /interface pptp-server export hide-sensitive /interface pptp-client export hide-sensitive /ppp secret export hide-sensitive /p...
by dmitris
Sun Oct 06, 2019 5:53 pm
Forum: General
Topic: youtube upload/download stats not showing in queue tree
Replies: 5
Views: 4062

Re: youtube upload/download stats not showing in queue tree

I think you are using wrong config to detect youtube traffic with L7 protocol, because this traffic is encrypted, and you can't simply see detail in the packet
You should look at TLS Host option in advanced tab.
by dmitris
Sun Oct 06, 2019 5:33 pm
Forum: General
Topic: problem hma vpn and rb 951
Replies: 8
Views: 4366

Re: problem hma vpn and rb 951

You should provide more information about your environment, both client and server.
What saying RB log?
by dmitris
Sun Oct 06, 2019 4:56 pm
Forum: Beginner Basics
Topic: Connecting Two Mikrotik routers / Two Subnets
Replies: 11
Views: 6730

Re: Connecting Two Mikrotik routers / Two Subnets

Maybe you need something like this?

On R2:

/ip dhcp-client
add comment=uplink dhcp-options=hostname,clientid disabled=no interface=\
ether1
/ip firewall nat
add action=masquerade chain=srcnat comment="Masq LAN" out-interface=\
ether1 src-address=10.0.1.0/24
by dmitris
Sun Oct 06, 2019 3:54 pm
Forum: SwOS
Topic: CSS326-24G-2S+RM hangs until power cycle
Replies: 133
Views: 75005

Re: CSS326-24G-2S+RM hangs until power cycle

We are also using in our production 10 x CRS326-24G-2S+ and two of them experienced the same issue. The devices itself are not at heavy load, on uplink max 5Mbit/s and cpu load 0-5%....BTW i can connect to hanged devices over console port, logs are ok but traffic is not passing in/out....Last hang 0...
by dmitris
Thu Feb 28, 2019 11:09 am
Forum: Scripting
Topic: Suppress output from ping in script?
Replies: 5
Views: 7488

Re: Suppress output from ping in script?

Hi There, seems this solution not working as expected. Does anybody solve this task in other manner ?

[admin@mtik] > :put [:execute {/ping 192.168.88.1 count=5}]
Output:
*d3