MikroTik

Smith

If you are using CF card or ordinary hard disk you can mount it to any other linux and check log files.

Smith

I am not sure what are you trying to accomplish. If you are only trying to split logs from many mikrotik routers to different log files, on a syslog server, you can do this: for redhat based systems (fedora, centos...) put inside rsyslog.conf: :programname,isequal,"YOUR MIKROTIK PREFIX" /v...

Smith

AP isolation in mikrotik is named "Default forward". You will find it in Interface setup. You can set it as default and override it per user in access list.

Smith

Exactly, both sides use known password to encrypt data and exchange keys. If they succeed, then password is correct...

Smith

Even then, radius is unable to send access accept for encrypted connections. Only PAP will go. And, because windows is setup to try PAP only if nothing else is available, majority of connections will not pass. It can be done if Mikrotik is setup for PAP only. And, even then, there will be windows co...

Smith

I am not sure what are you asking. If you want users to have traffic shaping assigned on connect you can setup radius for that, or setup simple queue and static ip addresses...

Smith

I wasn't talking about traffic shaping, just traffic counting. For example, we can have 1 rule/filter that counts local traffic and 1 one rule/counter that counts the rest of the traffic. When user disconnects we can send those counters inside Stop Packet. Or we can have counters for port 80 and cou...

Smith

99% of the time virus is trying to send spam, solution is to block outgoing port 25. Also, it is a good practice to block packets destined to port 25 outside your network. Most of the time that traffic belongs to viruses. Even if not, human users can easily use smtp-auth to send emails, and smtp-aut...

Smith

Good, i am glad you got it working

Good luck with your service

br

Smith

Your uplink is full and ping suffers. Did you even bother to check uplink interface traffic during high ping intervals?

Smith

I don't know if it's possible but... By now, only possible solution for billing users differently based on where they go and what kind of traffic they make was to use traffic-flow. But, is it possible to use Framed-Filter and radius attributes extension to accomplish the sam thing? For example, when...

Smith

In every section (authorize,instantiate,accounting) daily counter is at the end? It looks like you have daily counter before chap, pap etc. modules?

Smith

You need to limit user monthly? Or you are selling internet time and user has no time limit to spend it?
Maybe you don't need this, it depends on what you exactly want to accomplish...

Smith

Huh, you got it wrong again, but at least your question was precise this time :) counter daily { filename = ${raddbdir}/db.daily key = User-Name count-attribute = Acct-Session-Time reset = daily counter-name = Daily-Session-Time check-name = Max-Daily-Session allowed-servicetype = Framed-User cache-...

Smith

This is why i hate this kind of conversation. Maybe you didn't mean to sound like you sounded to me. But, i felt like i was occused of being rude and telling you "go away". Maybe you didn't mean that, maybe you did. I don't know. You should have been more precise in what you want. I am sor...

Smith

Don't bridge P2P links, bridge only interfaces you have users connected on. If you need to bridge two interfaces on different location use eoip tunnel for example, and then put that tunnel to bridge, together with user interface.

Smith

Just be careful. It takes lot of disk space and lot of CPU to track all users. Don't be surprised if you spend few GBs per day for data... And you need very fast CPU and lot of memory and dedicated server for calculating.

Smith

What are you talking about? If you've read my post carefuly you would see that i told you what exact feature to search for in radius setup. But, i guess it is lot easier to feal sorry for your self and try to gain some simpaty that way? Or do you expect me to search for it? Ok, here it is: # counter...

Smith

Try to set arp to reply-only and for dhp check "add arp for leases only".
I think that this way if user sets static ip manualy he will not be able to pass through because mikrotik doesn't have his mac address in arp table.

Smith

http://wiki.mikrotik.com/wiki/User_Manager/PPP_Example#PPP_server_configuration "Set IP address of the PPPoE server, IP address might not be assigned to the interface of PPPoE server. Moreover static IP address or DHCP should not be used on the same interfaces as the PPPoE server for security r...

Smith

Netflow

Smith

Nothing.

Smith

Not realy, i was trying to do that. I've used nonexistent mac address and all users on that bridge disconnected without being able to connect again

Smith

I know that, but i need to have two pppoe servers on those two virtual ethernet interfaces. Every virtual ethernet interface is bridged with different AP's. I need that so that i can always have same MAC address of each pppoe server. If i put those pppoe servers on bridge interfaces i can't be 100% ...

Smith

You need to send DM (disconnect message).

http://wiki.freeradius.org/Disconnect_Messages

Smith

No. I was hoping that i can have something like eth0:1, eth0:2 etc. that is very easy to do on standard linux... Is that possible?

Smith

I made a mistake with Service-Type. Service-Type is "Framed-User". Sorry for misleading... Anyway, here are some of the attributes. The other ones you were referring to are sent by Cisco equipment and maybe some thers but not by Mikrotik. Service-Type Framed-Protocol NAS-Port NAS-Port-Type...

Smith

You need to do that on radius side, mikrotik has nothing to do with that. Look at freeradius documentation, search for counter module.

Smith

No, except MTU, i am not sure about that...

Smith

In your sql.conf (i am ssuming you are using freeradius) look for %{Realm} and replace that with %{Mikrotik-Realm}. The rest is not sent back by Mikrotik. Groupname is the name of group user belongs to (used in radgroupreply), so you can do some mysql changes in sql.conf to put that data in radacct ...

Smith

As far as i know you can use CHAP and MS-CHAP, but don't use MS-CHAP v2. I think that there are some issues in linux kernel regarding MPPE encryption and losing sync after few MB. It is not Mikrotik issue, it is linux MPPE issue from while ago.

Smith

What am i missing? I am using ROS 3.30 x86 and Intel Dual Core based PC. I am trying to add virtual-ethernet to existing ether0 interface. When i try to do that in winbox i get "feature not implemented yet" If i try to do that in command line i can't because function doesn't even exist /in...

Smith

Hello all, i was wondering if anyone has achieved vpn/preshared key/group auth, like cisco ASA can do. I can establish pptp server with preshared key but i can't establish anything similar to my subject, so that i am able to connect to my office with cisco vpn client.

Thank you

Smith

This has been covered in the past, can't remember the thread title. The quick of it, static buildup on the omni is blowing the diversity chip. Run a ground up the omni to about 2-3 inches above the top. Can you provide some pictures because i lost 6 cards already, all with same symptoms: after mont...

Smith

I am using r52h because it has good output power, next card in that price range is compex 200 mw, but it has almost twice lower output power...

Smith

Yes, i use antenna, and yes, i use grounding...

Smith

I am having big problems with R52H. They failed on me on 3 out of 7 times. Description of my problem: setup: all left at default, including output power... It works great for two weeks up to one month and then drops down to half of its output strength. For example, scanning with ovislink 5460ap give...

Smith

Thank you, that worked

Smith

Yes, two dynamic rules are made upon connect, with jump to ppp.out, but nothing goes through those rules...

Smith

I am not sure what would be exact firewall rules to have incoming-filter per profile. i've made new chain, named ppp.out, in it i am allowing only two IP's (just for testing). ppp rules are dynamicaly made upon connect and they have two jumps to ppp.out, but nothing is passing through them, and enti...

Smith

this is realy not mikrotik question

google for mysql_auth for apache...

Smith

It is late here in my timezone (1am). But you can disable those ospf networks and then route everything staticaly, like you wanted. routing ospf export print you will get list of networks that were added to ospf redistribution then use remove command to remove those networks remove item id after tha...

Smith

routing ospf export

Smith

i see some ospf routes but i can't find ospf setup anywhere? :not sure:

Smith

Hi. Im trying to setup a ballancing between two or more routers conneted to wan dsl lines. The problem is that by simply adding a second route dosent solves the problem but actually creating one. The problem is that when for example somebody browsing or streaming audio and some packets are sent thr...

Smith

Hi Smith, the problem is that all wlan-accesspoints in our environment are configured as bridge, routing is done by cisco-routers. Bridge is not the only way to make it work. Try routing, shaping will work, trust me... does that mean that queues only work in routing-mode? I am not sure how shaping ...

Smith

It is configured as wlan-accesspoint. therefore eth1&wlan1 are configured as bridge.

Bridge is not the only way to make it work. Try routing, shaping will work, trust me...

Smith

Can you post "system export" here. You can omit any data that you don't want us to see, but keep the addresses and routing intact.
I need system export from both MT.
Thank you.

Smith

1 chain=srcnat out-interface=wlan1 dst-address=10.0.0.0/8 action=masquerade

10.0.0.0/8 is including 10.3.2.1 too. You are NATing the router itself if i am right... Why do you use NAT?

Smith

Have you tried to make 2 queues? If you are doing NAT maybe you can try incoming traffic from 203.84.155.0 to put in one queue and outgoing traffic from your network to another queue and naming exact interface where that traffic will go through...

Smith

Check current and voltage. If those two are not OK board will reset when burdened. Or maybe you have some scripts that reboot your boards daily or on some other condition...

Smith

I don't think it is possible without BGP. If you send a packet to some server and start TCP connection that server will send back his packets same way the requesting packets came. On the other hand. Let's say that i am staring connection with your server and am coming to your gateway 2 (your downstr...

Smith

I had a same problem. Didn't even try to talk to Mikrotik about getting a new license. Problem is not in your licence. During upgrade/format procedure system id changed. License is directly connected to system ID. Let's be real. There is no way to prove that it was an accident nor that anyone could ...

Smith

I had problems with OSPF when i was using CM9 and enabled compression. Routes were not distributing at all. After disabling CM9 compression (and losing 1mbps of bandwidth

) everything works

Smith

clients on wlan0 uplink on wlan1 wlan0: 172.16.1.1/24 wlan1: 172.16.2.1/24 users can access internet, routed over wlan1 shaping works for everything that is outside, routed over wlan1 shaping doesn't work when users download between each other. while watching simple queues traffic i can see no traff...

Smith

Using 2 CM9 for PTP link. OSPF active. When compression enabled there is no OSPF routes distribution. When compression disabled everything works like a charm, but i am loosing 1mbps of bandwidth without compression. Did anyone had similar problems?

Smith

I have updated firmware and everything works superb now

This problem cost me one license because for some reason License key changed after reinstall, but at least it s behind me now

Smith

After some googling i came up with this: A problem exists with WRAP boards which do not correctly detect the card on a cold boot. After a reboot the card works properly. WRAP boards with firmware 1.11 or newer cold boot properly and do not have this problem. Firmware version on my wrap board is 1.09...

Smith

Using Wrap .2C Geocode 1100 1. wireless card CM9 2. wireless card NMP-8602 PLUS (FCC) RouterOS 2.9.38 After first install both cards are visible in system. After power off/ power on (simulating power failure) one card is missing fom system (NMP). After "system reboot" card is visible again...

Smith

Thank you

Smith

Does MT have atheros 5413 support?

10x in advance

Search found 61 matches