MikroTik

airnet

The downside of sync'd TDD that many people are not aware of is that there also needs to be uplink and downlink ratios defined across all radios playing ball in the same sync'd network for it to be effective. EG you have to define if the radio network will be 50/50 up/down or maybe 25/75 up/down th...

airnet

I had read to leave AP to default and tweak CPE data rates as the different distances from AP will result in different data rates, one CPE could have 24Mbit data rate and 90++% CCQ and another would have to be set at 12Mbit to achieve 90+% CCQ. Yes, thats probably the best bet for 802.11 or nstreme...

airnet

Have you tried to set up access and connect lists on the client/AP to limit who they are allowed to connect to? I would think that would help out with the problem you are talking about. You could also setup a scan list in the CPE so it never tries to scan the AP you don't want it to register to. .....

airnet

We are running a real world multipoint trial of NV2 v4.16. There is a single AP - an RB433 with an XR5 with 90deg sector antenna The AP is using 20mhz channel width, locked to 18meg data rate with NV2 security enabled You have your AP datarates locked at 18Mbps, I have each of the CPE locked at hig...

airnet

Have the other AP's the same SSID, and is the CPE's using NV2 or "any" wireless protocol Hmmm, good point. Yes, AP's have same SSID and CPE's are set to nv2-nstreme-802.11 for fallback purposes. We might do some experimentation with different AP SSID's and see what happens. Not sure about...

airnet

great to see something good about NV2 being posted here :) you would not mind posting your config of a client and the AP so that we may use it as a guide for future setups? It's just a simple and vanilla layer 2 config at AP and CPE. Basically all the wireless settings are mainly at their defaults ...

airnet

Hello Folks! Which Readio board is most suitable for NV2 ? We have used low end 133's and high end units for CPE's and they all work fine. Only use High end RB for AP tho . Our mainstream is RIC522C with RB411 and R52. I dont know anything about the RIC522 but the 411's are just fine My distributor...

airnet

To make the nexcom LCD work with RouterOS you just need to do a simple cable mod Zoom im and you can see exactly how its done. This is the ribbon between LPT port and LCD. Left side is Parrallel (LPT) Port. OMG that took many many hours of research to work out! nexgateLCD_MT_Wiring_modification.jpg...

airnet

Here is my though. We have ap A 5 miles away from ap B. Ap A would probe all aps and ap B would respond. Giving us the almost exact timing. I think this is almost the best approach. If we can time to the gps satillites, why cant we time to our own access points. That would be faster. Once the timin...

airnet

We are running a real world multipoint trial of NV2 v4.16. There is a single AP - an RB433 with an XR5 with 90deg sector antenna The AP is using 20mhz channel width, locked to 18meg data rate with NV2 security enabled There are 50 connected CPE's - a mix of 133's and 411's mainly running XR5's (ther...

airnet

I dont believe a successful GPS sync method can easily be done in software alone. We are talking microseconds, not milliseconds when it comes to the TDD timing of TDMA. In theory there would need to be a very tight timing interface directly to the WiFi card involved - and thats assuming the WiFi car...

airnet

Keep one of these in your toolbox: http://www.wickedlasers.com/lasers/Spyd ... 96-37.html
Perfect for determining line of sight

airnet

*bump* This exact same problem of 100% CPU with RB133 using PPPoE Client over wireless is evident in every single known version of MT since v3.0 and upwards. EXCEPT v3.19 is fine so this is the version we have had to standardise on. New boards we use are RB411 and they are fine. But the problem is t...

airnet

We need to Restrict traffic between 2 to 9 and Route all traffic to 1 How do we restric traffic between 2to9 (as port one being the WAN cannot be on the same bridge as 2 to 9) Use the bridge port horizon feature to allow 2-9 to talk to 1, but not allow 2-9 to talk to each other. From memory only di...

airnet

Put your PPPoE client(s) on bridge1 instead of ether1

airnet

Example scenario: 1000 DSL customers aggregated and delivered to MT by using QinQ over a single ethernet connection. Every customer has a unique 'inner' QinQ tag, delivered inside a service provider VLAN10 (this is the outer tag). Eg customer 1 = Outer Tag VLAN10, inner tag VLAN 1 customer 2 = Outer...

airnet

Couldnt find any info on this so spent the afternoon analysing with Wireshark: Setting use-service-tag=no sets the vlan ethertype to the .q standard of 0x8100 Setting use-service-tag=yes sets the vlan ethertype to the .ad standard of 0x88a8 Most vendors like the 'outer' tag to be 0x88a8 and the 'inn...

airnet

List There is already a standardised protocol that everyone here is requesting. The Wi-Fi Alliance has drawn on some of the more advanced elements of 802.11e to create WMM-SA, or WMM Scheduled Access. WMM-SA is a finely tuned enhancement to WMM To the best of my knowledge WMM-SA is a software enhanc...

airnet

also, i would like to note, that you had a chance to set up default load configuration before you installed router in place in some obscure place using netinstall tool as noted before in this thread. All MT Routerboards arrive from factory with RouterOS pre-installled. However, in knowing what we k...

airnet

Would a "/system reset-configuration file=name.rsc" do what you want? It would reset, and then apply the config in the RSC file so that your CPE could connect to the AP for example. Normis - yes this would be perfect in the long run. In fact, I was just about to suggest this in an email t...

airnet

i wondwer - how you imagined to access the board after you clear all the configuration that is there? If you have other routerboard near by in same ethernet network you can reset-configuration and then connect using mac-telnet from that box and set up configuration. Thats the exact purpose of this ...

airnet

currently you can give Netinstall an RSC file when installing/reinstalling RouterOS, and that will be used when doing system reset. Bummer... we're talking LOTS of 133's already deployed remotely and wirelessly. The nearest is 1km away. The farthest is 500km away. Netinstall is out of the question....

airnet

ChangeIP, full exports are a good text reference only. I have never had any luck importing a full export - only small export 'snippets' work 100%.

Or what am I missing here ?

Cheers

airnet

this is why you have the wonderful Export.rsc files, that can be: - human edited - generated by excel/calc - scripted - used as "default config" after "system reset" - etc ;) Normis - Please elaborate on how to do execute .rsc after system reset when no remote comms is possible ...

airnet

What's new in 3.0rc3:
*) ftpd - automatically execute uploaded scripts that have name *.auto.rsc;

I guess I should retract most of my rant...

Thanks.

airnet

<rant> I am sure this has been ranted about many times before but here goes again: WHY WHY WHY is MT STILL using a binary .backup system ? Why do we not have a good old startup-config.txt and running-config.txt based system yet ? *most of the time* a generic .backup file breaks wireless so this mean...

airnet

Same problem here with v3.14. Just use a different BGP instance per peer that connect to the same duplicate ID router. Should be the same with v3.10 ?

airnet

If you bridge the VLANS properly you can queue them and do all sorts of neat stuff. You currently have ETH1----bridge----ETH2. Whilst this will pass vlan traffic, there is not much you can do with it. Remove bridge that contains the physical ports, and make sure you dont put physical ports in the br...

airnet

I recently upgraded a 2.9.26 PPPoE Server box to 2.9.51. Nothing has changed except the version. What I see are users falling off one by one slowly with message logged 'peer not responding'. They log back in fine next time they retry after 30 secs (SOHO router PPPoE clients). Over a 24hr period, may...

airnet

I *really* need to ba able to shape PPPoE at the bridge level - but every version of MT to date has not been able to do this. As far as I underatand, you cannot do much with bridged non-ip traffic, eg PPPoE passing through. The solution is to shape at the box where you terminate PPPoE sessions, but ...

airnet

Who says cost effective = unreliable?

Still running 2.9.26 without a glitch for almost a year now.

uptime.GIF

airnet

82551 PRO/100 M Desktop Adapter A80897-xxx The Intel Pro 82551ER chipset NIC does NOT work. 2.8.28, 2.9.26, 2.9.27 tested. NIC works fine except will NOT pass any VLAN trafic. Driver comes up as PRO10/100. It's a pity too. I wrongly assumed that all Intel PRO 100 chips were fully supported and orde...

airnet

...at least for wireless interfaces: snmpget from linux machine to MT 2.9.27: (OID = wireless interface tx rate) management:~# snmpget -v1 -cpublic 10.0.5.1 .1.3.6.1.4.1.14988.1.1.1.1.1.2.3 Error in packet Reason: (noSuchName) There is no such variable name in this MIB. Failed object: SNMPv2-SMI::en...

airnet

Yes, dont forget the DB field type too. In MySQL if you use field type of 'int' instead of 'bigint', you get limited to 3.7gb ! We use Freeradius with MySQL. To enable the Xmit-Limit and Recv-Limit attributes we had to add this to the freeradius config file: # MikroTik Attributes VENDOR Mikrotik 149...

airnet

One of our longest standing issues has finally been uncovered. Ever since we have used MT from 2.7.x we have noticed that radius accounting was sometimes reading low for very heavy users. We are now running 2.9.27 PPPoE servers with freeradius and the problem still exists. The problem is that the MT...

airnet

In this case we are lucky.... all our managed connections have an originating MSS of either 1400 or 1460 - nothing else. So now, just the 1460's get their MSS changed down to 1452 and the 1400's remain unmodified. Otherwise that's very true. The dynamic MSS rule really needs to have the matcher so t...

airnet

Im Blind. There is indeed a matcher for existing TCP MSS in 2.9.27 (probably earlier versions of 2.9 too) Everything is now fixed at the PPPoE Server by doing two things: 1) 'Change TCP MSS' should equal 'No' in the PPPoE server profile 2) Add one rule to the firewall: / ip firewall mangle add chain...

airnet

Exact problem here. See http://forum.mikrotik.com/viewtopic.php?t=9825

You need a working TCP MSS rule

airnet

Sounds very much like http://forum.mikrotik.com/viewtopic.php?t=9825 Make sure that your router facing the internet is re-writing MSS to the lowest in the chain and not actually making it bigger AND that it is actually getting out to the internet. In our case the magic MSS number is 1400 for users b...

airnet

Have tested with 3 different FTP client apps, they all hang.

Are you FTPing in through wireless with absolutely no problems ?

For the life of me we cannot get it to work.

airnet

I have considered this option, making every client on the network operate with an MSS of 1400.....

However, wouldn't this create a lot more overhead ?

airnet

We have built a pile of fresh 2.9.27 units built on WRAP boards with CM9 wireless cards. We can FTP to the units via the ethernet port no problem. We cannot FTP to the units via the wireless connection. (Using IE, the login prompt appears, you type in the username and password and then the FTP sessi...

airnet

Absolutely, positively sure, well with version 2.9.27 at least. With no mangle rules: /ip firewall mangle print all shows NOTHING Etherreal sniffing a client with MSS of 1400 = MSS of 1400 Client can surf happily With the two default rules added by PPPoE profile for same client: /ip firewall mangle ...

airnet

Yes, I understand that. I will try to explain again: What we dont understand is why the MSS rule re-writes every packet to the new MSS. It should only re-write the MSS if the original MSS is greater than the MSS that the rule specifies READ: a TCP SYN MSS rule should only ever re-write the MSS to a ...

airnet

By Default, in PPPoE profile, we leave this option turned on always: / ppp profile set default name="default" change-tcp-mss=yes Scenario: Internet-------Etherreal.Sniffer------MT.PPPoE.Server(change-tcp-mss=yes)----DLINK(NAT)----MT.PPTP.Server--------MT.PPTP.Client------WindowsClient ALL ...

airnet

VRRP currently does not work on VLAN interfaces. Yes it does. Weve had it implimented for 2+Yrs on MT VLAN interfaces. It has never worked 'perfect' like it should with a real virtual mac address, rather it uses garp. Our scenario has 2 MT's acting as a reundant VRRP gateway (on VLAN interfaces) fo...

airnet

/ routing bgp peer add instance=default remote-address=206.123.64.2 remote-as=30496 tcp-md5-key="" multihop=yes route-reflect=no hold-time=3m ttl=2 in-filter="" out-filter=bgp-out disabled=no In 2.9.18, filtering at the peer did not have any effect. I cannot yet confirm if this ...

airnet

No, not production as yet, only in the lab. Using a fresh install of 2.9.20 Ive tried the same filtering setup from 2.9.18 that used to work. I am guessing it may have changed slightly.... as it was a bit buggy. (Eg in 2.9.18, 'out filtering' only worked when applied at the 'instance', it did not wo...

airnet

That particular WiFi router has issues as an MT PPPoE client . Not sure about the latest firmware, so try that first.

*Most* linksys' firmware's work fine, but there are *many* that have a lot of PPPoE related (and other) bugs. Choose hardware carefully.

airnet

We also cannot get any BGP 'out' filtering to work. This includes BGP prepending etc. Have tried applying the BGP 'out' filter to both the peer and/or the instance and it appears nothing takes effect... or has 'the way you need to do it' changed ?

BGP 'in' filtering appears to work fine.

airnet

Winbox support much appreciated and bench test so far so good, except the following bugs: 1) Upgrading from 2.9.18 loses all BGP instances except for the default instance 2) /routing filter set-prepend has now changed to set-bgp-prepend. Winbox GUI set-bgp-prepend is broken (you can add it in winbox...

airnet

routing-test all good here except...

I cannot get any BGP to redistribute to OSPF, let alone the default route. What am I missing or is there a bug ?

airnet

Unfortunately we had the same problem, but was not lucky enough to have an older version of 2.9 on hand. A few weeks back we could happily download older versions, so we didnt bother holding them. Oh yes that hurt. The last known working version for us was 2.9.12 that I asked MT to email a download ...

airnet

Redistribute-default=if-installed-as-type-x will only work if you have also have redistribute-static=yes enabled (and you have a static default route)

It will not redistribute a default BGP route (or any BGP route for that matter)

PLEASE fix in 2.9.19

airnet

Problem was only evident with Windows PPTP clients

Back on 2.8.28 now and all is good.

airnet

There is no NAT and NO firewalling.

Thanks anyway... it's been a long day and 2.8.28 is coming to the rescue.

airnet

Problem is nothing to do with NAT. We are not using NAT. All we did was upgrade from 2.9.12 to 2.9.18.

Read the message. This is easily replicated in any situation. It is a (nother) bug with 2.9.18

airnet

To make matters worse you can no longer download previous software to roll back. A week ago downloading old versions was possible so we no longer bother 'saving' old versions. **DONT UPGRADE** unless you have a copy of the old 'working' version. The more they fix, the more they break. It's not until...

airnet

2.9.18 has a serious problem with PPTP (gre) traffic passing through it. ONLY 1 client can ever connect to the same PPTP server at any given time ! PC 1---------LAN----- MT2.9.18 ------- internet ---------PPTP Server PC 2 You can easily replicate like this: (so dont ask me to send a supout.rif) 1) P...

airnet

Cool. Yes they are indeed incompatible from testing on the bench.

FYI Bench testing has also shown that the new VRRP virtual mac address does not work on VLAN interfaces. It still uses gratituous ARP instead. (but doesnt cause any problems)

airnet

Am I really the ONLY one in the world trying to redistribute BGP to OSPF ?

airnet

EDITED WITH UPDATE: Cannot redistribute any BGP to OSPF, let alone the default route. I am REALLY losing hair now. _________________________________________________________ There are 2 border routers. They each face the net and each one runs BGP. Only one of them is operating at one particular time,...

airnet

Something is broken in VRRP but difficult to pin down. Maybe its a compatibility issue between versions? Here is what works: VRRP master 2.9.12 + VRRP slave 2.8.28 VRRP master 2.8.28 + VRRP slave 2.9.12 However this keeps breaking things: VRRP master or slave 2.9.12 + VRRP master or slave 2.9.18 I c...

airnet

We've got both. NTOP is good for intimate detail, but trafmeter is GREAT because it is a live scrolling realtime graph accurate to the second.... and only costs 45 bucks or something to that effect

airnet

I am *guessing* that to carry VLANs over EOIP you will also have to add the appropriate VLAN interfaces to each end of the EOIP bridge. If that guess is correct, you would leave the EOIP MTU at 1500. Otherwise its like dot q over dot q via a dot q capable device. Usually that ends up breaking stuff...

airnet

Basic rule of thumb: Dont run NAT unless you have to (it WILL bite you in the arse one day) except for at the final CPE / Customer delivery point. Ideally, get enough public IP's from your upstream providers to cover every simultaneous connected client. Join ARIN / RIPE / APNIC (circle applicable) a...

airnet

Hmmm, is THIS the weird 2.9.x reboot thing we have just started to see over the last few days ?

On two occasions now EVERY PUBLICALLY AVAILABLE 2.9.x MT on our network rebooted within 2 mins of each other. The 2.8.28's were unhurt.
Have been scratching our heads furiously.

airnet

Nstreme is a radio-level protocol for special radio cards that support it.

It sounds like you have an external Layer 2 radio system linked to your MT vie ethernet ?

If so you want to read the manual on bonding and/or equal cost multipath routing....

airnet

http://www.trafmeter.com running on a MS box plugged into a mirrored port on your switch

airnet

Whenever this happens, customers start calling in and screaming, so my support staff race over to the MT and reboot it. You should have at least 2 MT's in place. The PPPoE protocol is Layer 2 ethernet and not layer 3 IP based. Thus it is inherently simple to add a second box for load sharing redund...

airnet

1) CARP (or similar) Live Firewall state syncronisation and rules syncronisation. CARP was developed for OpenBSD but no doubt there's a linux port somewhere. EG - for VRRP devices or for devices that want to do multiple-edge-bgp-peer-redundancy-balancing. Currently this is not physically possible IF...

airnet

This is the first I have heard of MT using virtual mac addresses for VRRP. The last time we did an autopsy on MT VRRP we discovered it uses 'Gratituous ARP' instead of virtual MAC as per the VRRP RFC. 'Gratituous ARP' actually works OK so we didnt care too much. ***BUT*** we found our problem. This ...

airnet

Finally went into the deep end and threw 2.9.17 back into production again as 1 of our PPPoE servers (the rest are 'safe' on 2.8.28 until 2.9 evolves....) Anyway, thanks for the routing fix. It appears OSPF works great this time. BUT PPPoE just seems 'weird' and something doesnt stack. It accepts co...

airnet

Certainly a great concept I had never considered. Am now using the latest packages and indeed, yes it works very well as a switch with a lot of features only ever found in high-end L2 switching devices. However I am still trying to work out a 'hack' for port mirroring and have had no luck as yet. Ho...

airnet

Not really a router job, usually the task of a switch....

but

Does anyone know if there is a way of hacking up MT to get it to do this ?

Dont want to do netflows or anything like that... just good ol' dumb layer 2 mirroring of ethernet port. Filtering would be a bonus.

airnet

You could start with this simple perl example #!/usr/bin/perl # command line usage: perl this-script.pl pppoe_username # Works with MT 2.8 # For MT 2.9 you need to change a couple of the commands but fundamentally works the same use Net::Telnet; # Set Variables $login = "someuser"; $passwo...

airnet

You need to use inbound filters with routing-test package eg: /routing filter chain=ospf-in set-distance=110 / routing ospf area set backbone area-id=0.0.0.0 authentication=none prefix-list-import=ospf-in prefix-list-export="" disabled=no BEWARE - the last (at least 2) versions of routing-...

airnet

I second that. More DETAIL in changelogs please.

One thing is fixed, but usually another 2 are broken. The other 2 that are usually broken never get a mention in the changelogs.

It is very hard work having to bench-test 'stable' software before putting it into production.

airnet

Has anyone had success with Marvell Yukon PCI-E NIC's yet ? Namely Marvell 8001 and Marvell 8053 chipsets. (I think they all use the sk98lin driver) 2.8.x did not work whatsoever. We last tried with a very early revision of 2.9 and the Marvell NIC's 'sort of' worked. Really weird low level driver pr...

airnet

See 7th post here re very broken 2.9.13 routing-test
http://forum.mikrotik.com//viewtopic.php?t=6874

airnet

This version of routing-test has a very broken OSPF. 1) OSPF logging does not work 2) OSPF 'dies', all routes go missing, and entire platform responds very slowly at least 5 times per day. Rolled back to 2.9.12 + 2.9.12 routing-test and all is well again. Not worth sending a supout.rif - its easily ...

airnet

We can confirm the following good, bad and the ugly with the 2.9.12 routing-test package. Anyone else seeing similar ? BGP Bad: BGP appears to always redistribute other bgp no matter what. Outbound Filtering is *strictly* required if you are multihomed. redistribute-static and redistribute-other-bgp...

airnet

We have an identical scenario. You only need to allow and/or port forward TCP 80 and 443. (actually, its probably only 443) MS RPC over HTTP / Exch2k3 Server is 'rather tricky' to setup. Not to mention some client machines can also be a nightmare. If you can surf to https://your.2k3.server and http:...

Search found 83 matches