MikroTik

BlackRat

.... /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik add authentication-types=wpa2-psk group-key-update=1h mode=dynamic-keys name=\ home supplicant-identity="" /interface wireless set [ find default-name=wlan1 ] band=2ghz-onlyn country=russia4 di...

BlackRat

Hi.
We have RBD53iG-5HacD2HnD and I can't find 5GHz network near router... Only 2GHz. Wifi interfaces was setup same (different only for 5GHz setting)... And If I try to scan from this MikroTik - I can't see any 5ПРя from MikroTik...
Broken 5GHz?

BlackRat

The problem eliminated by switch reboot.

BlackRat

Most of the ports working normaly.

BlackRat

I have 2 vlan's. One for management, (vlan10) and for internet connection (vlan20).
I didn't check all ports. Only 34 and 36. 34 is bad, 36 is good.

BlackRat

Using ROS. The problem in on the port 34. Temporary I moved connection from 34 to 36. Config is minimal. I didn't config any queues... Config is: /interface bridge add name=bridge pvid=10 vlan-filtering=yes /interface vlan add interface=bridge name=vlan10-management vlan-id=10 /interface wireless se...

BlackRat

Hi. We have several switches: CRS354-48G-4S+2Q+ ( 7.15.1 ). Several ports have a problem: download speed is approximately 10Mb/s (speed of connection is 1Gb/s). When I change port (for example from 36 to 34) - its ok. Incoming and outgoing traffiс is all right. It is not a problem of patchcord and p...

BlackRat

I try to monitor wireguard tunnel by snmp. Does it possible? I tried to monitor route for wireguard tunnel... For example: root@niyamamon:~ # snmpwalk -v 2c -c MySNMPCommunity routeripaddress .1.3.6.1.2.1.4.24.4.1.16 ... IP-FORWARD-MIB::ipCidrRouteStatus.172.20.0.0.255.255.255.0.0.172.20.254.253 = I...

BlackRat

Try to add access rule at the top:
add action=accept chain=input comment="ESTABLISHED, RELATED" connection-state=established,related

BlackRat

Downgraded to factory firmware (6.46.4) - problem still exists...

BlackRat

When R11e-LTE6 found it didn't have serial number... Now what I should to do to revert normal operation?

BlackRat

Hmm.. After Netinstall (now 6.49.6) problem exists.

BlackRat

Mikrotik RBD53GR-5HacD2HnD, updated to latest modem firmware first (Router firmware was 6.49.4).
Then upgraded router to 7.4.1.
Now LTE not working.
Thinking of Netinstall to 6.49.6...
Modem is appearing for a seconds, then disappear.

BlackRat

Tried MTU on IPIP 1420, 1410... Nothing helped.
Additionally used on both routers:
/ip firewall mangle
add action=change-mss chain=forward in-interface=ipip-tunnel-test new-mss=1380 passthrough=yes protocol=tcp tcp-flags=syn

download VS upload = 1 x 15..20 times.

BlackRat

Ping speed in ipip-tunnel = 52Mb/s x 62 Mb/s

BlackRat

On Office Router2 /routing table add fib name=inet add disabled=no fib name=tunnel /ip address add address=192.168.253.254/24 interface=bridge-local network=192.168.253.0 add address=192.168.200.2/30 interface=ipip-tunnel-test network=192.168.200.0 add address=192.168.38.1/24 interface=bridge-tunnel...

BlackRat

Hi. I have next scheme: Router1 = VDS MikroTik CHR (License level P1) with single interface (ether1) Router2 = MikroTik RB4011iGS+ (office) On Router2 there is 2 networks on different bridges: bridge-local = main network 192.168.253.0/24 bridge-tunnel = separated network 192.168.38.0/24 There is IPI...

BlackRat

Hi. I have two routers and IPSec tunnel between them. Windows--NetworkA--RouterA---internet---RouterB--NetworkB--Linux When I try to ssh from Windows to RouterB (inner interface) all worked nice. I can see full export without issues. When I try to ssh from Windows to Linux I have an headache, becaus...

BlackRat

Two sites. First site - two ISP (first ISP-wired connection "ISP1" = bridge-inet, the second ISP-LTE passthrough connection "ISP2" = bridge-yota). Second connection (LTE) we don't use now (but all rules for it exists). My internal network: 192.168.XXX.0/24 Clien's internal networ...

BlackRat

Same situation! parsing packet failed, possible cause: wrong password I have about 45 different IPSEC-tunnels and only one of the routers generating this error. I tried to change proposals - same situation. Tunnel established, but constantly see this error! /system routerboard print routerboard: yes...

BlackRat

Ok. I found one of the ways how to get it: my ( $ret_get_props, @aoh_props ) = $api->query( '/system/routerboard/print',{} ); print "The router current-firmware is: $aoh_props[0]->{'current-firmware'}\n"; and we will get current-firmware of the routerboard... print "The router model i...

BlackRat

Hi.
I newbie in Perl and MikroTik::API.
I using Perl to get Routerboard parameters.
How can I get values of the /system routerboard print page?
Should I use 8 singe line queries or I can get all parameters in one query?

BlackRat

I have RB4011iGS+ with 6.48.3 installed that connected to the RouterOS-x86 6.48.3. And I have the same situation: 13:05:09 ipsec,debug ===== received 76 bytes from XX.XXX.XX.XX[1025] to YY.YYY.YYY.YY[4500] 13:05:09 ipsec,debug,packet 53c28f4e 6b6fd2c5 8ce8c01f 63c109a1 05100201 00000000 0000004c 8ab...

BlackRat

Made ping test. And I think, that reason is wrong settings for additional address for external interface. I should use 85.xxx.xxx.20/24 and 85.xxx.xxx.21/24 instead of 85.xxx.xxx.20/32 and 85.xxx.xxx.21/24
Thanks' to CZFan anв mkx.

BlackRat

You can use this as start, removing all your actual routes, route rules and mangles /ip dns set servers=1.1.1.1,8.8.8.8 /ip route add comment="A - 1.1.1.1 must be reachable only from ISP1" distance=1 dst-address=1.1.1.1/32 gateway=85.XXX.XXX.1 scope=10 add comment="B - Recursive Rout...

BlackRat

@BlackRat, the setting you highlited is IMO invalid. It's not logical to have address with network address set to same value. If bridge-inet should use both addresses 85.xxx.xxx.20 and 85.xxx.xxx.21 and when router uses either of WAN addresses it can directly connect to the same subnet (which is lo...

BlackRat

I have special rule for additional NAT
add action=src-nat chain=srcnat out-interface=bridge-inet src-address=192.168.188.200 to-addresses=85.XXX.XXX.20
because I want to use another external address for my internal Server.

BlackRat

Hi. My config in general: bridge-inet - main ISP, backup-bridge - backup ISP and ISP for some IP-IP tunnel. I try to create config where my Router can accept connections from main and backup channels. Some times working well, but sometimes I have problem that I cannot understand. I have two ISP. And...

BlackRat

It is now other AP's with the same SSID... /caps-man channel add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=disabled name=UMEWirelessNetwork-2 tx-power=20 add band=5ghz-a/n/ac control-channel-width=20mhz extension-channel=Ce name=UMEWirelessNetwork-5 tx-power=10 add band=2ghz-b/g/...

BlackRat

Hi all! I have 5 AP's connected to CAPSMAN. Two of them very closed to each other, so I decided to separate one of these AP's from other config and created another config for single AP. Now I have problem: some time a Windows 10 client when it connected to WiFi can't renew IP. The only way: forget W...

BlackRat

Thank you! Now I understand... ReadTheFuckinManual - very important rule. :(

Sorry...

BlackRat

[admin@MikroTik] > /system routerboard print
routerboard: yes
board-name: hAP ac^2
model: RBD52G-5HacD2HnD
serial-number: YYYYYYYYYY
firmware-type: ipq4000L
factory-firmware: 6.44
current-firmware: 6.48.1
upgrade-firmware: 6.48.1

BlackRat

Strange problem. I have dhcp-client: [admin@MikroTik] > /ip dhcp-client print Flags: X - disabled, I - invalid, D - dynamic # INTERFACE USE-PEER-DNS ADD-DEFAULT-ROUTE STATUS ADDRESS 0 bridge-inet yes yes bound XXX.XXX.XXX.XXX/BB But can't get any values by console: [admin@MikroTik] > /ip dhcp-client...

BlackRat

config in file..

BlackRat

Hi. ROS: 6.48.1 Sorry, but... I have wired interface on bridge-inet->ether1 (with DHCP-CLIENT) and 3G-modm ppp-out1 interface on usb1. When I try to made default route distance for ppp-out1 as 1 and default route distance for dhcp-client as 2 I'm getting constanty swapping out interfaces... What's w...

BlackRat

Hi. Today faced with strange problem:
MikroTik, CRS109-8G-1S-2HnD, 6.48.1.
I can connect by winbox, ssh. But cannot login to web.
user = admin. It is only one user in the system...

BlackRat

I faced to problem with Netinstall and Windows 10 Prof. I couldn't see any devices in netinstall. My failed actions: 1. Disabled firewall 2. Enabled firewall and make "Allow all income traffic" rule (all ports, all programs... all all for all) 3. Disabled all properties TCP/IP settings (le...

BlackRat

I made support ticket minute ago.

BlackRat

Hi.
Yesterday I updated my CHR on Selectel.ru provider to the version 6.47.
Today I found that I can't connect to winbox and router stuck with error: do_IRQ: 0.105 No irq handler for vector (irq -1).

BlackRat

I have two CSS326-24G-2S+, one of them has version 2.8p. And I can't upgrade it automatically either manually. I can see new version (2.10) features but when I try to upgrade nothing happens.

BlackRat

Check installation = OK
Problem persists since previous versions (even not 6.45.6)... But, it seems to me not from the beginning... Ok will try to use netinstall ASAP...

BlackRat

/interface bridge add name=bridge-inet protocol-mode=none add name=bridge-local /interface ethernet set [ find default-name=ether1 ] name=ether01 speed=100Mbps set [ find default-name=ether2 ] name=ether02 speed=100Mbps set [ find default-name=ether3 ] name=ether03 speed=100Mbps set [ find default-n...

BlackRat

Can anybody help me?
Should I change hardware? This is important customer with such stupid problem!

BlackRat

Safe mode not active.
Problem persist. After reboot there no ports in the bridge---ports list other than CAPx...

BlackRat

Hi all. I have CRS328-24P-4S+ ether1--ether23 are in the bridge-local ether24 in the bridge-inet CAPSMAN is working. both AP's are in the bridge-local too. After reboot device shows me that only CAPX interfaces (from AP's) are in the bridge-local and that's all. No other ports in list! So I need to ...

BlackRat

SOLVED:
I removed "domain" from RADIUS server config page on MikroTik. Now I can see packets from MikroTik to RADIUS server.

BlackRat

I used packet sniffer on MikroTik on internal bridge and did'n found any packets from MikroTik to RADIUS server... As you can see in the log there is no 3 sec (now I use 3 seconds timeout) between all debug messages !

BlackRat

Hi. My config: 2011UiAS (6.44.3) + Windows 2003 Small Business Server (with Active Directory)... When I try to use pptp connection I got: 14:39:43 radius,debug new request 1b:02 code=Access-Request service=ppp called-id= ROUTEREXTERNALIP 14:39:43 radius,debug no radius server found for 1b:02 14:39:4...

BlackRat

Hi. Have next config: 1. MikroTik switch CRS125-24G-1S 2. VMWare Server (1 management + 4 LAN ports) 3. FreeBSD storage-server (2 LAN ports) Need to create: 1. VLAN 8 for LAN 2. VLAN18 for Storage-LAN 3. VMWare server must use untagged port in 8 VLAN for management and tagged 4 LAN ports (8 and 18) ...

BlackRat

Solved. It was a power problem. Now using UPS and no issues since UPS installed.

BlackRat

Strange problem. Mikrotik RB952Ui-5ac2nD-TC + USB-modem + 2 viop gateways grandstream + one computer over WiFi. Some time we lost config on mikrotik and could restore only from backup! It happened more than 4 times per two days! Password is strong and nobody knows it :( Only winbox and ssh ports is ...

BlackRat

Sorry. Found another host with same IP-address in the network segment.

BlackRat

I use VMWare installation of CHR (x86_64) + Dude. Very unstable. Periodicaly lost connection (E1000 or VMXNET3). Interface disable/enable helps.

BlackRat

When added MikroTik device to "devices" and insert wrong password I can see wrong time in RouterOS Connection Status. GMT Offset not implemented there...

BlackRat

Good day! I have CRS125-24G-1S and Samsung MFU. When I use ether9 for Samsung MFU I'l get an error: interface,warning eth10: bridge port received packet with own address as source address (e4:8d:8c:6e:61:2a), probably loop Ether10 up's automatically. When I use ether10 for Samsung MFU Ether9 up's au...

BlackRat

There was an error in peer ip address.

Sorry. It's my innatension.

BlackRat

I have 3 devices (MikroTik 1. A-router - 1200 (6.38.1) (internal network 192.168.0.0/24; external IP 194.87.66.170) 2. B-router - 2011UAS-2HnD (6.38.1) (internal networks 192.168.253.0/24 and 192.168.8.0/24; external IP 31.173.44.209) 3. C-router - 2011UAS-2HnD (6.38.1) (internal network 192.168.7.0...

BlackRat

Simple reboot helped me.

BlackRat

Can't add any SNMP community.When I try to open IP--SNMP I'l get SNMP Setting: Enabled = empty Trap Community (is red) = unknown Can't add any community in the communities section. When I try to insert something like this "/snmp community set public name="public" address=192.168.0.5/3...

BlackRat

Temprary: I made old ISP as http, https forwarder. Now http, https working without any issues.

How to investigate this problem?

BlackRat

Changed Internet service provider and now we have strange problem. RDP, SNMP, POP3 protocols working fine, but HTTP and HTTPS have strange behavior. google-sites working exelent. Other sites - waiting for connections.
Please help. Can't working now.

BlackRat

Please provide working example of ipv6 filter rules. We have tunnelbroker interface sit1. LAN-interface is bridge-local. We have internal DNS-server with static ipv6 address (all LAN servers have static address too). Now we have rules: /ipv6 firewall filter add action=accept chain=input comment=&quo...

BlackRat

Have the same troubles. I try to connect more than one pptp session to the MikroTik. The second VPN sessions stale on User login/password checking ant terminate with 806 error.
Try to investigate the reason. May be troubles are connected to the local firewall.

BlackRat

Ok. Another trouble. I have two locations. Both locations has two ISP (active-backup). And both locations use simple recursive routing for failower. I created 4 ipip-tunnels: Offices location has the same config: ipip-main-isp-remotemain-isp ipip-main-isp-remotebackup-isp ipip-backup-isp-remotemain-...

BlackRat

This can be an issue of mismatching lifetimes (peer definition as well as proposal) or lifebytes (peer defintion).
Additionallly, make sure that both Peers sync against the very same NTP server. IPsec is very delicate in timing.

Cheers
-Chris

Yea! I found lifetime mismatch! Thank you!

BlackRat

Hi. Have customer with two locations connected by IPSec tunnel. One location: RB1200 v.6.28 Second location: RB2011LS v.6.32.2 Some time IPSec tunnel is stopworking and I can't find a reason and method to restore tunnel. While IPSec is not working I see that internet on both sides is working perfect...

BlackRat

Please update time zone Europe/Moscow. Now GMT Offset is +3
http://www.timeanddate.com/time/change/russia/moscow

BlackRat

No answers means no solutions for wireless clients?

BlackRat

Use mikrotik, but still can't authenticate users from usermanager. Use this config: 1. base router with usermanager (6.17): 2011UAS-2HnD 2. ap (6.17): 751G-2HnD on the ap: /interface bridge add admin-mac=D4:CA:6D:20:E3:99 auto-mac=no l2mtu=1598 name=bridge-local /interface ethernet set [ find defaul...

BlackRat

Hi. Use this config: 1. Access Point: LinkSys WRT54GL 2. Access Point: Apple AirPort time capsule 3. Switch: MikroTik CRS125-24G-1S I use User Manager on MikroTik and try to configure WPA2 Enterprise on AP's. But I've got an error in User Manager: Username: user01 User IP: 0.0.0.0 Host IP: 10.10.10....

BlackRat

I tried to add
add action=dst-nat chain=dstnat dst-address=xxx.xxx.xxx.110 dst-port=443 protocol=tcp src-address=192.168.30.0/24 to-addresses=192.168.30.1 to-ports=443
at the top of NAT rules, not working...

BlackRat

ok. Try to minimise words quantity... Internal DNS. DNS Zone: mydomain.local SERVER1 = 192.168.30.1 SERVER2 = 192.168.30.2 DNS Zone: mydomain.ru MAIL = 192.168.30.1 others records copied from external DNS-server (that hosts mydomain.ru) For external users (all right!) For SERVER1: add action=dst-nat...

BlackRat

Hi. My company has LAN with domain mydomain.LOCAL. We have 2 servers (SERVER1 and SERVER2) My users wants to use single name mail.mydomain.ru (external internet address) for external access to the mail server SERVER1 (https) and RDP to terminal server SERVER2 because I configured 2 NAT rules: 1. fro...

BlackRat

Hi. We are using 2011UAS as VPN server. Mikrotik configured as RADIUS client for Windows NAP server. When we use login in English - all ok. If we try to use login in Russian language - we get errors from Windows Server... So... Is it possible to fix this problem or we need to use ONLY english in the...

BlackRat

One time we have faced with "broken" mikrotik. And restore it with help of netinstall. Then we manualy install packages on it. So... Now we need to upgrade (remotely) it to last version. But "The Dude" shows "some packages not available"... What packages I should instal...

BlackRat

Use 951G-2HnD. Use snmp-monitoring to control incoming/outgoing bandwith. SNMP enable but no response from MikroTik. But, as you can see on the screenshot the snmp-packets reach router.
So, what the problem with 951G-2HnD?
Others (RB2011L-IN, ...) are working perfect.

BlackRat

Nobody can help and nobody know how to solve this...

BlackRat

I'm talking about IPSec-tunnel. Not VLAN.

BlackRat

I used reccomended 6.2 (new). Now all is working perfect.

BlackRat

Now it's working. We are monitoring the situation... Thank's a lot.

BlackRat

6.2 has the same issues...
We have 2 IPSec tummels. Suddenly both tunnels ceased to work. We disabled on of them. After that the other works perfect.

So... Do I need downgrade to 6.0?

BlackRat

Hi. I have Mikrotik 6.2. RouterBoard 2011UAS-2HnD I'm pinging it through LAN (Gigabit port) and have: Ping minimum = 0msec, maximum = 228 msec, average= 57msec. Why? If I ping my LAN-switch I get ping minimum = 0msec, maximum = 0msec, average= 0msec MyComp - 100Mbit/s - LAN switch - 100Mbit/s - Mikr...

BlackRat

Hi. I created IPSec tunnel between two offices. One side (SITE1): 192.168.0.0/24 and local gateway is 192.168.0.254 (MikroTik) Other side (SITE2): 192.168.1.0/24 and local gateway is 192.168.1.254 (MikroTik) Servers in the SITE1. DNS server in the SITE1. DNS1 = 192.168.0.250 Clients in the SITE2. Wh...

BlackRat

Thank's. Now I can upgrade up to 6.2.

BlackRat

The same error. I saw "upgrade package" in the other package groups... Didn't find in the your archive.

BlackRat

I added files but can't upgrade with The Dude: "no packages available".

BlackRat

We have IPSec issues...

BlackRat

Please, give me a link to site with all releases... Need 6.0. Can't find.

BlackRat

Sorry. Cant's find oficial MikroTik's release 6.0.

BlackRat

Hi. We are support company. We have the monitoring site and the office (tech support). And we are connecting with help of IPSec tunnels to clients offices to monitor equipment. Suddenly we were faced the following trouble: 1. Client claims that IPSec tunnel beetwin client's offcices don't work. 2. W...

BlackRat

What about bridges? Do I need attach IP-address to the bridge or VLAN?

BlackRat

Hi. What is the right way and steps to create VLANs on MikroTik. Do I need to create bridges? My example in file. I try to understand Mikrotik's Wiki, but I found very complex config there and no ideological description. I have bridge-local as corporate LAN, bridge-guests as guests LAN. Do I need to...

BlackRat

About 20 users with Android devices. I think that 2-5 Mbit/s is enough for one user.

BlackRat

Hi!
I need to create wireless network for warehouse 40 (w) x 100 (l) x 8-10 (h) (in meters). Can I use Netgear (for example) PoE (802.3af) switch to connect to AP's? What technology I should use (mesh, one SSID + different freq. or somethin else)? How many AP's I need?

BlackRat

The same problem. My config is: 192.168.8.0/24--192.168.8.254(mikrotikA)xxx.xxx.xxx.150--xxx.xxx.xxx.129==yyy.yyy.yyy.1--yyy.yyy.yyy.146(mikrotikB)192.168.4.254--192.168.4.0/24 Try to ping from 192.168.4.10 to 192.168.8.10: success Try to ping from 192.168.8.10 to 192.168.4.10: unsuccessfull... xxx....

BlackRat

Thank's. It's working. I tested with Nortel BayStack 450-24T. All working with this config: 1. create (interface) vlan4 = ether1 2. create (interface) vlan5 = ether1 3. create bridge-vlan4 - I think, not needed 4. create bridge-vlan5 = vlan4 + ether2 (untagged access) 5. Add IP addresses to vlan4 an...

BlackRat

Try to use this link: http://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Vlan_Table Try to make new config: Port ether1 = tagged (VLAN4 - lan, VLAN5 - management) trunk Port ether2 = untagged (VLAN5 -management) access Config from mikrotik: /interface ethernet switch port> print # NAME SWITCH...

BlackRat

Sorry. Forgot. MikroTik will be as firewall and router between management, storage and LAN networks...

BlackRat

Hi. I have RB1200 and I want to use 1Gb/s switch to maximize throughoutput. I have HP Proliant Server with NIC1 and NIC2. I have Netgear NAS with NIC1 and NIC2. I plan to create VLANS: VLAN 2 - storage - HP Proliant server NIC2 + Netgear NAS NIC2 (ethernet4 + ethernet5) VLAN 3 - internet ethernet10 ...

BlackRat

I have ZyXEL ZyWALL 2 Plus from one side and MikroTik 751G-2HnD from another side. In the ZyXEL there is an option "nailed up connection". How I can create nailed up connection from MikroTik's side?

BlackRat

Thank's. I tried to run The Dude from inside network and it'k ok.

BlackRat

rule 9 allow snmp to router from outside.

BlackRat

Should I open SNMP UDP-161 from external (in the firewall)? I try to monitor from outside.

BlackRat

I turned on SNMP, but no results...

BlackRat

After upgrade I see in "The Dude" that services "partyally down". It CPU. So what the problem? It seems to me router is working fine. But I worry about other routers. Should I upgrade them to 5.21? How I can get rid off the CPU problem?

Search found 105 matches