MikroTik

arturportella

All our switches are STP disabled, may this can be the problem?

arturportella

Hello guys. Currently we are facing a lot of issues with CRS switches. Sometimes, they stop forwarding mac addresses and so. We have a huge infrastructure with a lot of VLANS. Our main issue to be solved is that our trunk switches (CRS326) suddenly stop answering at our network (No ping, no mac-teln...

arturportella

Hello guys! I'm trying to achieve the following scenario: I have a CRS317 switch forwarding a lot of VLANS to uplink port (SFP-SFPPLUS1). What I want to do, is to create a rule, so untagged packets are isolated from other ports (I give them one ingress vlan translation to TAG 5 for example). Other V...

arturportella

Hello TonyJr!

For this you will require a proprietary wireless video link from cameramen to base station, and from the video outputs therer

Can you give me more info about this proprietary wireless video link? Do you know any?

Best regards and thank for your patience hahaha...

Artur Portella.

arturportella

Hello Guys! I have a weird scenario, but I will try to make it simple to understand. I have a customer that works with video streaming. He use a kind of video encoder that sends multicast traffic over the network, so the connection was made to be simple: He take a video source and insert it on the e...

arturportella

Hi 49er!

Can you tell us from what older version this problem don't happen? From what version you had no problems?

Regards,

arturportella

Hello Renato, The answer is: It depends... Really, there is no such a magic number to calculate that, you need to achieve at least an average amount of rules to be applied in your routing session (routing/filtering/firewalling/queuing). The CCR-1036 is a very powerful device, I heard a lot of good f...

arturportella

Sounds confusing...

From my understanding, you want to route everything from a vpn session to a specific port, right? Like a bridge through one vpn end to other?

Can you draw a simple diagram on "mspaint" for us?

Regards,

arturportella

Try two things: Add a dumb switch in the middle of the path (between SXT and CCR). See if the problem solves. Also check for errors at interfaces (CRS, FCS, etc) on both equipments. And the least but not less important, if the problem persists, try enabling flow control on both equipments. Good luck...

arturportella

Can you (if you could) draw it and explain it more clearly?

Regards,

arturportella

No, This is possible with CRS due to a very flexible switch chip inside it, while the RB951G-2HnD doesn't have it. You can do it on RB951G-2HnD by applying the interfaces you want inside a bridge and doing filtering at bridge to isolate between ports. But, of course, it uses your CPU resources to do...

arturportella

Ok, I probably know the reason... CPU is too weak to use it as a router :/ I was writing at the time you've posted this hehehehe... Of course you can enable fasttrack to speed up your NAT and reduce cpu usage. Remind that every rule that you put in your Filter / Firewall rules does a huge amount of...

arturportella

Hello juhas!

Had you checked your CPU usage? Try checking your system resource while doing a speedtest @ ookla and see if it's a CPU bottleneck. Of course, if your cpu reach 100%, maybe it's something that's using all your box, so we can check up your NAT rules and etc...

Best regards,

arturportella

Good way: OSPF or other dynamic routing protocol.

arturportella

Are you still able to connect to the router through MAC or IP using winbox -> Neighbors?

arturportella

I had this problem once. We had a faulty hardware due to bad POE adapter, have you checked it? Check temps, voltage, etc. And of course: supout.rif to Mikrotik's staff.

arturportella

Everything is possible to your scenario, but keep in mind that bridging + acl is not a good idea since it uses your equipment processing power (sometimes, a LOT). I bet that you can use filters in your bridge setup (put everything together) and isolate them. But if you want to just isolate them, why...

arturportella

Lower case the username in an authetnication packet, but leave it as is in an accounting packet? Surely, you are using ACCOUNTING data to send PODs, not AUTHENTICATION data? The company I work today have a control software that uses Accounting data to send the POD to mikrotik. They don't want to ch...

arturportella

Well, I'm trying to make RouterOS accept Radius commands as "non case sensitive". My freeradius accepts requests from my users logins: Potato - PoTaTo - POTATO - potatO, etc and Mikrotik put them online with no clues... But when sending a command from FreeRadius to mikrotik to drop user &q...

arturportella

Hello everyone! I've readed a lot about scripting, but I still cant figure a way to get one thing working. The goal is to get inserted user login from hotspot or ppp authentication and put it in router as "uppercase". Let me try to explain what is going on. Today I work with about 1500 use...

arturportella

Hello folks! I was able to do customer vlan very well yesterday between three CRS226. What I did in my setup was setting ether2 as an access port to vlan 100 (ingress-vlan-translation) and took cpu to vlan100 to get management vlan in trunk port + local management access to switch, and in both switc...

arturportella

Thank you so much! It works! It's a little bit sad that those switchs doesn't support LACP and IGMP snooping, as well STP with slave/master ports setup.

Still waiting for updates from MK development crew.

So, if I enable trunk in both sides, there is no loop between them?
yes

arturportella

So, if I enable trunk in both sides, there is no loop between them?

arturportella

Hello everyone! I'm trying to achieve bonding between two switches. They are both CRS125-24G-1S. What I did: SW1 -> All ports to master port Ether2 SW2 -> All ports to master port Ether2 SW1 (ether14,ether15) ============= (ether1,ether2) SW2 But I can't use Bonding because interfaces are slave of e...

arturportella

That's right, with other routerboards, I was able to isolate ports just doing this. It's not working with CRS125 or 226.

I use multiple master ports on my RB2011.

arturportella

You can set more than a Master port ? I think so Hello! I'm trying to isolate port groups with CRS. What happen is if I try to listen the network with wireshark on a port that doesn't have a Master port (Master port set to none) a lot of broadcast leaks to it. I want a uplink in ether1 to isolated ...

arturportella

Hello! I'm trying to isolate port groups with CRS. What happen is if I try to listen the network with wireshark on a port that doesn't have a Master port (Master port set to none) a lot of broadcast leaks to it. I want a uplink in ether1 to isolated ports between ether2 to ether20. What I did was us...

arturportella

Here we go: QCA 8513L

Sad to hear/read that. They should mention this in their portfolio, not in the "manual" session.

Edit: Of course I didn't searched for ACL, but far as I know, a "managed" switch should support many wire-speed features like those mentioned before.

arturportella

OMG, how I didn't saw that? ;(

We bought tons of CRS, but CRS125-24G-1S. Their switch chip doesn't allow ACL. Thats pretty bad! What can I do? There is no plans for their chip switch to support ACL in any way?

arturportella

Well, Here in Brazil, most ISPs starts with the same infrastructure: Local network with few customers sharing a network. You start adding more devices to your network and so, sooner you will have problems. Now we are a ISP with an ASN with a lot of customers with the same initial structure. That's w...

arturportella

Hello guys! After a lot of researching through forums, I still can't find some "easy" tasks found in another L2/L3 switches. Of course, CRS have a very powerful chip inside the box, but the routerOS is not really prepared for noobs in mikrotik like me. Well, let's get started with one thin...

arturportella

Hello! Welcome to MikroTik forums! I bet your translate tool is falhando for some reason hahahah.. I think that you need to take a look at "Tools -> Profile" to see what is locking up your system. Because you know, reasons. You need to search what task inside your router is bottlenecking u...

arturportella

Hello! I'm facing some dificulties to block external IP addresses from scanning HTTP ports on our network. We have a /24 subnet with valid IP addresses and all port scanners scripts works only for few ports. How can I create a rule to add src. addresses that scan my entire subnet at HTTP 80? I have ...

arturportella

Awww, that's sad. Well, by the way, your tutorial works very well for it's purpose. Let's wait for some update in this scenario. I guess that on Hotspot (dual stacked customers) this is a very important thing to work on. I will grab my popcorn here and wait hahaha.. Thanks a lot!

arturportella

Amazing tutorial! But I'm facing some issues. As I have a Radius server giving all my customers the correct access-list with blocked connections (blocked-access) and etc, how can I use this script to work on? I can't use "address list" on User profile because this can suppress my Radius-se...

arturportella

I guess that with a diagram the problem will be more easy to solve: DOUBT.png In this scenario, I have 1 to 8 acting as promiscuous isolated ports in port profile 0 as uplink ports, and from 9 to 24 + sfp as isolated ports in port profile 1. But, what if I want to create a rule to bypass from port 9...

arturportella

Let me add some details, or just simplify my question :P I want every interface from ether1 to ether8 to be uplink ports (they can see every interface of the switch), and from ether9 to ether24 + sfp1 to be isolated between them. But, what if I want to get untagged traffic accessing uplink ports and...

arturportella

Hello guys! :D I have created rules to isolate ports on CRS in this following scenario: FROM 1 to 8 -> UPLINK PORTS FROM 9 TO 24 + SFP -> ISOLATED PORTS (they can see uplink ports but no traffic between them) Well, my doubt is about port to port vlan bypass. I have a group of isolated ports, so, how...

arturportella

when you say bridgind vlans do you refer to do hardware switching?? Ok CRS can do that at wire speed with no CPU usage I refer to the software bridges in router OS configuration, its not the purpose of a hardware switch to do software bridging YES, I mean hardware switching! How can I link a VLAN i...

arturportella

How about bridging vlans? There will be no packet processing. I used to have HP 1910 switches here, and this setup was easily achieved in their web interface. We had no CPU issues at all, but all our infrastructure are Mikrotik based (except for wireless networking). So, we are moving from HP to MK....

arturportella

RouterOS default behaviour is all ports are trunks and let everything pass. No specific setting is needed unless you start setting VLANs. I've tried the following (winbox): Add a VLAN (ex: Vlan ID 100) to ether5 and ether11. Created a Bridge named "Vlan 100", add ports ether5.100 and ther...

arturportella

please specify on every port of the topology which vlan goes tagged or untagged Hello Chechito! Now, for experiences purposes (but actually in production), our CRS is active in our main network. ether2 is a Master Port and every other port are slave of it. We are an ISP here, so we have more than o...

arturportella

Hello, My scenario is the following: vlan example.png I want to pass untagged through all ports of CRS, but leave VLAN passing only through one port. Is this possible? On older RouterBoards I could set up a port to port vlan + untagged just adding them to both ports and brigding them, but on CRS thi...

arturportella

Hello everyone! Actually I use Mikrotik in my entire network. We are an ISP, around 3k customers. I need to solve the following scenario: Put two IP addresses in the same routerboard (public addresses) in transparent mode, so the RB would work as an "Transparent Filter". One port would be ...

arturportella

Hello everyone! Actually I use Mikrotik in my entire network. We are an ISP, around 3k customers. I need to solve the following scenario: Put two IP addresses in the same routerboard (public addresses) in transparent mode, so the RB would work as an "Transparent Filter". One port would be ...

arturportella

Hello everyone! I'm trying to monitor some mikrotik router through SNMP. I'm actually monitoring a lot of them individually. However, when I try to get some values from a queue that uses network instead of a simple address (xxx.xxx.xxx.xxx/XX), I get weird values that screws up all my graphs. I'm u...

Search found 46 matches