MikroTik

zhex900

Hi,

My uplink is 25 MB/sec. 93% cpu only when I do a speed test. It only stays at this level for a few seconds.

Thank you for all your help.

I have just installed it in both houses. Hopefully, nothing will break.

zhex900

Hi, I have added the following rules to allow remote access. How can I restrict remote access to certain devices based on their mac-address. `src-mac-address` does not work. /ip firewall filter add action=accept chain=input disabled=no dst-port=8291 protocol=tcp /ip firewall filter add action=accept...

zhex900

HI,
I have another question. The CPU will clock max at 93% when I run a speed test. Is it possible to use the switch chip to free up some load on the CPU? My guess this is not possible because mangle rules are processed by CPU.

zhex900

HI Sindy, It is finally fixed. The problem I copied the config by restoring the backup from one router to another router. This caused the two routers to have the same mac address. I have reset the mac address on all interfaces. Changed the mac address on bridge-local. Now I have no packet loss. Than...

zhex900

Here is another file.
https://drive.google.com/file/d/1dXzadC ... sp=sharing

I don't know how to see the packet loss in Packet Sniffer.

zhex900

I will post it again after packet loss occurs.

This is my university's ip address. unsw.edu.au 202.58.60.194

zhex900

Here it is

https://drive.google.com/file/d/1dXzadC ... sp=sharing

192,168.80.253 is my laptop's ip address

zhex900

check-gateway=ping Should I uncheck this in ip route? [admin@MT-30] > /tool sniffer print only-headers: no memory-limit: 100KiB memory-scroll: yes file-name: pingloss.pcap file-limit: 8000KiB streaming-enabled: no streaming-server: 202.58.60.194 filter-stream: no filter-interface: ether1,ether2 filt...

zhex900

Sorry I cannot make any sense of the sniffer file.

https://drive.google.com/file/d/1dXzadC ... sp=sharing

How can I adapt to persistent user sessions PCC for my situation? Will it help?

https://wiki.mikrotik.com/wiki/NTH_load ... masquerade

zhex900

It's better now. But I still get 25% packet loss. The ping packet loss is only after pinging for a few minutes. The initial ping is fine. Packet loss increases as ping continues. ether2 cable is brand new and it is very short. The routers are right next to each other. If I switch off either ether1 o...

zhex900

Hi, It is almost working. There is still an ignoring problem. I get 20-50% packet loss! The result is the same if turn off either ether1 or ether2. At least I know both ports (ether1 and ether2) can serve internet traffic. Packet loss behaviour is not consistent. Packet loss reduces as I ping more. ...

zhex900

Not possible. One wire only.

zhex900

Hi Sindy,

I do understand the concept of it. But I just don't know how to implement it. Please have another go at it. I am close to solving it.

zhex900

Hi Sindy,

I tried my best to follow your suggestions. Unfortunately, I cannot get to work. To make things clear, I have made a separate post. Your help is much appreciated.

viewtopic.php?f=2&t=136302&p=671393#p671393

zhex900

Hi, I need some help with dual wan PCC configuration. I have two routers connected by one cable on ether2. The two routers have their independent respective internet connection. What I want to achieve is for both routers to share their internet traffic. Router A have subnet 192.168.80.0/24 and Route...

zhex900

So the resulting configuration would be symmetric like this: Router A Router B WAN1 WAN2 |\ /| | \______________________________________________________ / | | ether2 ether2 \/ | | ______________________________________________________/\ | | / \ | |/ \| PCC PCC | | bridge-lan A bridge-lan B And the ...

zhex900

While my purpose is for both routers have two WAN. Like what you suggested. My initial thinking was to have two interconnection links eth2 and vlan. Eth2 will direct internet A to B. Vlan will direct internet B to A.

Is vlan still necessary?

zhex900

Do I still need the vlan?

zhex900

I am not sure I understand everything.

I will remove eth3 from bridge wan and delete bridge wan.

eth2 remain as 192.168.88.1. Vlan will have interface eth2.

I will add pcc rules on both routers. I only had them on router A.

What route rules should I have ? Avoid the problem of round- robin.

zhex900

I changed the vlan interface to bridge-wan on router B. Is this what you are referring to? I don't need eth2 and eth3 to be bridged together. eth1 and eth2 are together. rest are all bridge-local. I can't touch the ip address on bridge-wan and eth0. If I disable one I will lose the router connection...

zhex900

Router B [admin@MikroTik] > /export hide-sensitive # jun/06/2018 16:48:06 by RouterOS 6.42.1 # software id = YSFQ-H9GG # # model = 2011UAS-2HnD # serial number = 419E0125FDC1 /interface bridge add fast-forward=no name=bridge-lan add admin-mac=00:0C:42:F8:A5:78 auto-mac=no comment=defconf name=bridge...

zhex900

Router A [admin@MT-MAIN] > export hide-sensitive # jun/06/2018 16:47:11 by RouterOS 6.42.3 # software id = 6I1X-92CP # # model = 2011UAS-2HnD # serial number = 402602239286 /caps-man channel add band=2ghz-b/g/n control-channel-width=20mhz name=2G add band=5ghz-a/n/ac control-channel-width=20mhz name...

zhex900

Router A COOKST bridge is used for CapsMAN. All ports are on the bridge-local. I am not sure whether vlan should also be on it. For now, I disabled it. I don't see any difference. [admin@MT-MAIN] /interface bridge port> print Flags: X - disabled, I - inactive, D - dynamic, H - hw-offload # INTERFACE...

zhex900

I really appreciate your help. Kindly look at my configures. Router B is a simple configure. I started with reset configurations. I selected a standard router configuration with NAT and bridged all ports. I added a new bridge. Rename the bridges into bridge-wan and bridge-lan. bridge-wan have eth1, ...

zhex900

Hi, I have added the passthrough. But I only see traffic on WAN1. Nothing on WAN2. /ip firewall mangle add action=accept chain=prerouting dst-address=192.168.80.0/24 in-interface=bridge-local add action=accept chain=prerouting dst-address=192.168.88.0/24 in-interface=bridge-local add action=mark-con...

zhex900

I deleted my old routes and these again. Now I get more traffic on wan2, but little on wan1. Create the unmarked default routes /ip route add dst-address=0.0.0.0/0 gateway=192.168.0.1 distance=1 add dst-address=0.0.0.0/0 gateway=192.168.88.1 distance=2 Create the marked default routes /ip route add ...

zhex900

I finally, got it working. I have added a static route on Router B, 0.0.0.0 with gateway 192.168.81.1. Router B has an internet connection and are switching for Router A. But I am not sure PCC is working probably on Router A. My understanding is that internet traffic is shared between wan1 and wan2....

zhex900

Basically, I want both houses to share their internet. Sometimes, the internet connection is slow on one of the houses. When the internet is slow I want the traffic to be routed to the better connection. My thought is to use Router A as dual WAN for both houses. Router B does not directly get the in...

zhex900

Thank you for your reply. Ok, I can stick with software bridge. How do I setup Router B Bridge-LANB as a switch to Router A? I mean, using VLAN-HOUSELINK as the link between the two routers. Do I need to set up a static route from Router B?

zhex900

5 ports for the switch is fine with me too. Port eth6 to eth10. How do I do this? I will read you post soon.

zhex900

30CookstNetwork.jpg Hi, I want to use two Mikrotik rb2011 to connect two houses together with one cable. Each house has its own internet service. My goal is to use dual WAN on both routers. The attached diagram shows my setup. Router A has two WAN ports, ETH_1 and ETH_2. ETH_2 uses Router B as a ga...

zhex900

Hi,

I finally got the vlan working. The problem was with the switch configuration. I reset my router to default. Added VLAN their ip address. It is working fine. Thank you.

zhex900

Anything to do with switch vlan? Router A [admin@MikroTik] > /interface vlan export # jun/02/2018 16:36:30 by RouterOS 6.42.1 # software id = YSFQ-H9GG # # model = 2011UAS-2HnD # serial number = 419E0125FDC1 /interface vlan add interface=ether2 name=vlan-100 use-service-tag=yes vlan-id=100 add inter...

zhex900

Thank you. But I cannot get VLAN working. I have named VLAN on both routers as VLAN-100 set on interface eth2, tagged, VLAN ID 100. Connected the two routers on port eth2. Set the ip address on RouterA VLAN-100 192.168.80.2/24, network 192.168.80.0 RouterB VLAN-100 192.168.80.3/24, network 192.168.8...

zhex900

Hi, I need some help to get this setup to work. Both routers are RB2011UAS-2HnD Router A (192.168.80.1) ISP A | ISP B. | wan1 | wan2 | ------------------------------------- eth1 | (eth2, valn1) | eth3-eth10 ------------------------------------- | | | Router B | (192.168.88.1) -----------------------...

zhex900

Hi, I have two houses 1.8 KM apart. The land is not flat. The elevation of one house is 90.3 meter or 296.1 feet. Another is 60.1 meter or 197.1 feet. Is it possible to connect the two houses? The left starting point is at 60 metres and right ending point is at 90 metres. The house at the right end ...

zhex900

Hi, I have two properties connected via a physical CAT6 cable. Both properties share a common wall. Each house have their own separate internet service. It is possible for both houses to have a dual wan with load balancing? Is it possible? I understand it is possible for one house to have two WAN wi...

zhex900

Hi, I have two properties connected via a physical CAT6 cable. Both properties share a common wall. Each house have their own separate internet service. I want to use a one CAPsMAN to manage all the APs, in both houses. Is it possible for the house 2 to be connected with house 1 for CAP management b...

zhex900

/ppp active print returns nothing. What should I do? /interface pppoe-client print Flags: X - disabled, R - running 0 R name="pppoe-out-iinet" max-mtu=1492 max-mru=1492 mrru=disabled interface=ether1-gateway user="churchinperth" password="xixI3WFo9" profile=default kee...

zhex900

Hi,

I want to disconnect and reconnect pppoe client in MK via command line. This is not just disable and enable pppoe. The Webfig GUI allows you to reconnect the pppoe client. How do I do this via the command line?

Thank you

Jake

zhex900

Hi, My ADSL service provider assigned me a static public address and a block of 4 ip addresses. My MikroTik uses PPPoE client with an ADSL modem as bridge. So MikroTik get a public ip directly from my ISP. Default public ip: 203.10.132.253 Additional ips: 203.10.17.24 203.10.17.25 203.10.17.26 203.1...

zhex900

Hi, I want to find out why Mikrotik-Recv-Limit attribute does not terminate session when the user reached data limit. I am using freeradius to logon wifi users. I am not using hotspot or ppp. Session-Timeout does terminate session when the time limit is reached. Mikrotik-Recv-Limit is sent to the NA...

zhex900

Does anyone have any ideas?

zhex900

Your script is for hotspot users. I don't use hotspot. My clients use EAP to connect directly into the network. So your script cannot help me.

zhex900

Currently I have a MikroTik (MT) router using EAP authentication via a FreeRadius server running Debian. Users can connect to the wireless service. I want to set traffic limit for each user. So I use MT-Total-Limit in the reply attribute. But MT router does not terminate the session when the limit i...

zhex900

I am not not familiar with L2TP. Is this setup what you referring?

http://wiki.mikrotik.com/wiki/Manual:Interface/L2TP

This will work for me. But it will take some time for me to learn how to implement this.

Thanks

zhex900

Hi, I thought user manager does not support EAP authentication. How do I configure userman to control wireless users? Are you referring to this? http://wiki.mikrotik.com/wiki/User_Manager/Wireless_Example This configuration does not use EAP. The username is the Mac address not a userman setup in the...

zhex900

Yes. I want redirect all traffic from an ip address to a web address. In my situation, I want my Mikrotik router to talk to a radius server with no static ip. Radius client only can have a static ip address of the radius server. It's a problem because my radius server's ip address will change. So I ...

zhex900

Hi,

I want to map a local ip address (192.168.88.2) to a public address (http://www.google.com). So whenever I enter 192.168.2 it will go to http://www.google.com. How do I do this? Is it possible to do this?

zhex900

Hi, I understand that Mikrotik support radius attributes in PPP and hotspot. But I want use Mikrotik as wireless access point only. So I don't want to use PPPoE or hotspot. Is it possible for me to use Mikrotik for this purpose? For example, when an user logins. Radius server sends MT-Total-Limit. M...

zhex900

Is Mikrotik-Recv-Limit is only supported by hotspot and PPPoE? If this is the case why Session-Timeout worked?

What I want to achieve is to set a data quota for each wireless user.

Can anyone help me?

zhex900

Hi,

I am not using PPPoe or hotspot. It is only for wireless authentication.

Do I need to set Acct-Interim-Interval in the reply item? Is 600 (10 mins) ok?

I thought NAS should terminate the session not the the freeradius' job right?

Jake He

zhex900

Hi, I am trying to limit user's download with Mikrotik-Recv-Limit. However NAS does not terminate the session when the limit is reached. Radius is working fine. It stops the user from login when the limit is reached. Accounting is working fine. Mikrotik-Recv-Limit is received by the NAS in Access-Ac...

zhex900

Hi,

It finally worked. I had configure my freeRadius. This is work I did.

Only for EAP-TTLS works. EAP-PEAP still does not send Session-Timeout in Access-Accept.

vi eap in /etc/freeradius/mods-enabled

use_tunneled_reply = yes for everything.

Thank you for helping me.

Jake He

zhex900

I think, I know what the problem is now.

I have not setup PPP on my NAS. http://wiki.mikrotik.com/wiki/Manual:PPP_AAA
Is this correct? If it is, can someone point me a good tutorial concerning it?

zhex900

I upgraded to v6.12. It still does not work. Do I need to install some packages or enable some service? I have taken a screenshot of my current packages.

zhex900

I am using RouterOS v5.24. Is it ok?

zhex900

A little progress. But NAS does not terminate the session when the time limit is reached.

I change my device authorisation method to EAP-TTLS, Session-Timeout is received on NAS (MikroTik). I set Session-Timeout = 300 (5 mins). But my device can still be connected after 5 mins.

What do I do now?

zhex900

I turned on CoA on FreeRadius and enable incoming radius in NAS. But it is still the same.

zhex900

Thank you for your help.

I don't know much about CoA. FreeRADIUS support it. Is it ok if I don't use it?

zhex900

Hi, I have trying to setup Freeradius to work with my MikroTik as a NAS. My aim is to have session time limit per user. Now user can log in. Session time limiting is working on the radius server. The radius rejects the user when the time limit is reached. However my problem is the NAS does not recei...

zhex900

Thanks. It worked.

zhex900

Thank you for your reply.

Do I follow this instructions?
http://www.mikrotik.com.my/reinstalling ... rial-port/

I tried but the netinstall cannot find my router. I connect a cable in eth1 into a computer.

zhex900

Hi,

My RB2011UAS-2HnD-IN is stuck in "loading kernel". So I want to use netinstall to reinstall firmware. But I don't have a serial cable.

Is there a way to do netinstall without a serial cable. Should I use normal network cable in the serial port?

Jake

zhex900

Hi, I am trying to limit each user to have one session only. Currently, I can login via NAS (MikroTik) through a freeradius server. However simultaneous-use is not working. I have set Simultaneous-Use to 1 in radcheck. Port-Limit to 1 in radreply. NAS received Port-Limit=1. I can see it in the log. ...

Search found 65 matches