Hello, is it feasible for mikrotik team to implement snmp interface for kid control function? I want to gather per-user stats from mikrotik into monitoring system, but /ip/kid-control/device/print oid gives me error only. Or at least, give opportunity to display all values in bytes without "mul...

Can somebody explain to me, why my PSD rule is not kicking in with this case? One single IP is trying to connect on closed port tcp/23, I have full logserver of dropped packets, but this rule is not hitting. One significant thing is, that source port for every connection attempt is the same. add act...

Scripts run count on my CCR2004 is always 0. When I run script from winbox, this counter increases, but once I close and reopen winbox, I have 0 again. ROS 7.7, after update to 7.8 still the same. This is not happening on rb4011, so maybe only related to arm64?

After upgrade to 7.8 situation is the same, still script run count disapperas after a while. Could somebody with CCR2004-16-1S+ check this - maybe I have HW issue?

I just realized that scripts run count on my CCR2004 is always 0. When I run script from winbox, this counter increases, but once I close and reopen winbox, I have 0 again. ROS 7.7 stable. This does not happen on RB2011 with same OS version. Am I only one with this error?

I have opened support ticket for this, we will see if this is a bug or configuration issue

I will try to make capture direct on line without TZSP streaming to be completely sure I have not missed anything, and if this is confirmed, I will contact support.

I have captured this situation now, but it is really suspicious. Looks like RouterOS OpenVPN implementation BUG , because ONLY ONE packet has been received to udp/1194, and 31 packets has been sent back to "attacker" AND 80k LINES were written into log # cat mktk-hostname.log | uniq -c 1 F...

It is ~10k lines from same IP in same second. This will not get caught by "connection ratio" as from firewalls point of view its one connection (or udp stream to be precise)

Hello, is there any way to block "port scanners" or like, causing floods in my logs? I have openvpn server on 1194/udp, and few times a day I am facing logs like this: Feb 20 13:19:22 mktk-hostname ovpn,info <50.116.31.18>: disconnected <TLS failed> And by flood I mean ~10k same lines in s...

Great, so its no-problem here. Thanks!

Is this configuration with bridge port inside VLAN somehow related to security of device, eg exposing some router interface into network? How (and where) should this situation be filtered?

I also did netinstall and replicated same situation on fresh router. Should I fill some bug report?

Yes, when I turn off HW offloading for ether8 vlan55 works with SFP without having bridge in bridge vlan interface as it should. Looks like bug for me...

When I completely change sfp-sfpplus1 for ether1 and make trunk port there, reconnect cable and it is working as you are suggesting (eg without bridge itself configured as vlan port). So it has definitely something to do with SFP connected to CPU and not to switch chip.

Yes, I have twice exported config, reset configuration and imported config with no change. So this is not the issue here. Maybe its related to SFP, as this is not connected to switch chip?

mkx: so my config in first post should work, but is not working for vlan55. Or I do not understand where is problem, if I should not add bridge interface itself to bridge vlan.

Which device should serve as DHCP server for "other" VLANs, e.g. VLAN 55?

RB4011, but this is not issue, as I already found error in my config.

anav: this is my full config to date, I was only playing with VLANs on clean device.

Is there any chance that this certificate chain issue https://forum.mikrotik.com/viewtopic.php?t=188947#p957046 will be fixed in 7.8 ? I am using certificates in IPSec with no problems (Custom CA, intermediate and end-user cert) but I wan to upgrade CA (and intermediate + enduser ofc) but I am not a...

My CCR is now configured as a switch, because I am trying to learn right VLAN approach (instead filtering vlan at interface and having multiple per-vlan bridges), clean overall config and then it will replace 4011. I have already found my error (but I do not fully understand the matter) - I have to ...

Is there any roadmap when this certificate problem will be fixed? I need to change certificates on more routers due to new internal CA, but have same problem with "unable to get local issuer certificate" when I test new CA with new certs. And to downgrade OS is really not an option for me...

Hello, I am trying to understand why I have to enable DHCP snooping to enable DHCP clients on different VLANS be able to get IP address. My config: # jan/02/1970 03:35:44 by RouterOS 7.7 # software id = XMRC-DMUB # # model = CCR2004-16G-2S+ # serial number = censored /interface bridge add frame-type...

Hello, is there any problem with Mikrotik production? I am trying to find CCR2004-16G-2S+ for sale in eshops in central europe, and there are exact ZERO pcs available, some eshops stating that production has ended. Is it some kind of temporary shortage? I am planning home reconstruction - to move al...

Hello, is any chance that dot1x will be included also in SwOS in mid-term future? As lack of this feature disqualifies mikrotik switches from many implementations.