Thank you! I do use filters, although not to that extend, just didn't click they're called policies. I'll experiment with filters, thank you for your help. But it still would be great to have an option to disable ECMP for BGP, something like you can disable STP at a bridge settings.

Sorry, did you mean to add a static route? I'm not sure how to set a policy to local pref. But even so, this is a band aid again and it doesn't solve the issue. I've just shown one network destination as an example. I have quite a few of them, also variable per customer.

Hi eduplant, Thank you for your answer. You are right, the client router (v7.5) has 2 routes to the same IP address range over both VPNs. Both routes are coming from BGP: /ip/route> print Flags: D - DYNAMIC; X, I, A - ACTIVE; c, s, b, d, y - COPY; + - ECMP Columns: DST-ADDRESS, GATEWAY, DISTANCE # D...

Hi Everyone, Is it possible to cancel ECMP over BGP? Our clients (Router OS v7.5) establish 2 VPN tunnels to 2 different CCR routers in 2 offices (Router OS v6.49.6 on both). BGP is running over both VPN tunnels. ECMP on v7.5 router creates confusion in terms it becomes impossible to reach any clien...

Hi All, I've got lost in very simple things, sorry :) . Running CCR1036 on v.6.49.6. let's say I have 2 routes: 0.0.0.0/0 gateway 10.1.1.1 (default route); and a static route: 192.168.0.0/24 gateway 10.2.2.2 If gateway 10.2.2.2 becomes unreachable traffic to 192.168.0.0/24 starts going via default r...

I realise that BGP is not ready yet but maybe it can help to those who is working on it. Test router: CRS125-24G-1S-2HnD, v7.1.1. has a BGP session running to CCR v6.49.2. After a while (usually it happens within an hour) CRS v7 displayed BGP session still up with uptime in the picture (may need to ...

But remember, when e.g. Microsoft releases a new Windows version...

:)))))))) I even couldn't think of what to say :))))))) But yes, I know exactly what you're talking about. Well, thank you for your thoughts and let's hope that'll happen sooner rather than later.

2.,3) https://help.mikrotik.com/docs/display/ROS/ROSv7+Basic+Routing+Examples#ROSv7BasicRoutingExamples-BGPConfiguration mrz, Thank you again for that. I think I've figured out why OSPF gone broken on migration from v6 to v7. Maybe someone will find it handy. It looks like Mikrotik has converted ne...

Hi, I updated a RB1100AHx4 from 6.49.2 to 7.1 then 7.1.1 and ended up in a strange situation: The router works fine, but asa I reboot it all is screwed up: All bridges are gone, so all IPs are missing, no access via MAC-Telnet. After resetting it and restoring the 7.1 backup with 7.1.1 all works fi...

you are describing common suprises people will have when migrating from v6 to v7. You will have to re-learn a few things. (and also the BGP implementation is not complete) See the documentation on help.mikrotik.com Thank you for your answer. That is exactly what I'm talking about with the exception...

mrz, Thank you. I did try "immediate-gateway", "gateway". something like <sstp-client1> didn't appear in the corresponding columns. They were just blank or "unknown". I'll try your suggestion for 2 and 3, thank you but on a test router this time, sorry. BTW, after posti...

Upgraded CCR1036-12G-4S to v7.1.1. Latest Winbox version is used. First impressions, well... 1. OSPF between this router and another CCR v6.49.2 had stopped working. With a quick look I couldn't determine where the problem was... 2. Routing Filters didn't appear in the "classic" way in Win...

Hi guys, I had a CCR1036 v6.46.xxx (sorry, can't remember what "xxx" was) working as a SSTP server with multiple clients connected to it. CRL was set as a CCR's local IP address (10.0.0.1, for instance). The router got physically burned. Having all backups and certificates it was very easy...

I guess we will see a RouterOS update before that date that addresses the issue. 😜

Let's hope a work around will be created :)

Thank you very much for your help.

Seconds are counted from jan/01/1970 and stored in a signed integer (32 bit value). On jan/19/2038 this will overflow, thus anything before is the maximum date allowed by RouterOS. https://en.wikipedia.org/wiki/Unix_time Thank you very much. Does that mean that on Jan/19/2038 all certificates for a...

Hello everyone, I'm not very experienced with certificates and I've got a couple of questions, if someone can help me please? I'm using self signed certificates; SSTP server is running on CCR1036 v6.48.1. Our VPN network is quite large with a lot of clients connecting to the server as SSTP clients. ...

ctrl-c, ctrl-v everywhere... +1. I have never found a MikroTik user who found the current ^v "lock" feature useful. Conversely, I have assisted a number who were screaming "Jane! Stop this crazy thing!" after having activated it accidentally. Maybe it's time to bite the bullet, ...

Здравствуйте! На моем нетбуке разрешение экрана 1024х600, и в Winbox внизу не видна кнопка "Connect" к WiFi, она просто не помещается. И прокрутки нет, и масштаб не изменить. (Windows7x32) Hello! My netbook has a screen resolution of 1024x600, and in the Winbox below the "Connect&quo...

@Trezona: https://download.mikrotik.com/winbox/3.21/winbox.exe https://download.mikrotik.com/winbox/3.21/winbox64.exe Thanks you. After several test-cases I can confirm, that there is a but in 3.22 version when storing windows location/position/size to session file. With 3.21 it works as designed (...

@Trezona:
https://download.mikrotik.com/winbox/3.21/winbox.exe
https://download.mikrotik.com/winbox/3.21/winbox64.exe

Thank you!!!

Is the only problem the size? Are, for example, opened windows re-opened? Are you sure that you have launched WinBox loader with administrator privilegies, session is selected on WinBox loader before you access router (is not set to "<none>")? Hello, Yes, winbox is being launched with adm...

A bit of update, if someone is interested. The rule in my first post doesn't work if a SIP client uses TCP. Wireshark doesn't recognize such packets as "SIP" either. This is a part of the problem. However I still can't recognize UDP SIP packets if they are sent from behind PPPoE. Filtering...

Will it not be easier to allow SIP traffic only to the SIP providers you / building management approves of with Address Lists? Thank you for the reply. Yes, you are correct, it would be much easier. However, the building management is the only allowed SIP provider if you are using the building Inte...

You can create a "white-list" of IP addresses in Firewall, that could include your LAN and / or VPN, but NOT include your customer IP addresses.... Then simply allow Winbox from that IP address list only in input chain, not forward.

I don't know how traffic is flowing through your router to tell you which chain. This is step 1. ... You might tell us what you're trying to do. Hello pcunite, Thank you very much for the answer. Our company provides an Internet access for a building. We have a direct connect from our Mikrotik (CCR...

Hello everyone! I have a question about SIP, maybe somebody can help. We have a Mikrotik CCR v6.43.8 running as a PPPoE server with number of PPPoE clients. Each client is a simple SOHO router (not Mikrotik, not managed by us). What I need is to recognize SIP packets when they are sent from those PP...

Hello Leonardo, Thank you very much for your reply. Yes, I upgraded the firmware as well to v6.42.1 (/system routerboard upgrade), sorry I forgot to mention it. Firewall and antivirus are disabled, all interfaces on the PC apart from the one connected to the router are disabled. PC IP address = 192....

Hello, I've upgraded mAP2nD from v6.41.3 to v6.42.1 using usual upgrade method: in Winbox System>Packages>Check for updates>download and install After upgrade port ether1 became unresponsive but I still can connect to the router via ether2. Ether1 status shows as it is connected to something with 10...