MikroTik

ploquets

If I remember right, the regexp matching in layer 7 rules ignores zero bytes. So \ff may match, but you have to combine it with other substrings to limit false positives. When I try to use "content" into the rule, not creating a "layer7 specific rule" , I can't add "\FF&quo...

ploquets

@rextended
Can you please help me how to match DNS answers which has QTYPE (query type) = 255 (FF in HEX) ?

I've tried to match with content="\00\f\f" but this is not working.

ploquets

Does anyone knows how to drop DNS answers when the query was made with type 255 (hex FF) (type ANY) ?

I tried to match content="\00\f\f" but this would not match the traffic.

ploquets

I'm having the same issue.
I want to traceroute from one interface answered by this interface IP and not by the default route.

ploquets

RA is not 8, is th 8th bit set to 1
IS too late to explain better, but the 2 BYTEs are
10000000 10000101 = 80 85

I'm trying to understand how to block this messages:
https://routley.io/posts/hand-writing-dns-messages/

This blog kinda helps.

ploquets

please explain, i do not have understand what you want do. 0x8105 are two bytes, 0x81 and 0x05 the conversion is "\81\05", but if on the field on the packet is on reverse order is "\05\81" Trying to achieve the objective to drop responses with DNS Refused, as RFC1035 inform us. ...

ploquets

You understand why now ;) but on winbox you can not insert special characters like the character "\08", but can be added on CLI On all regex field and on terminal, RouterOS support only \1F hexadecimal characters rapresentation, with hexadecimal letters uppercase and without the "x&q...

ploquets

add action=log chain=prerouting content="\03www\06google\03com"

OOWWW I see, when I tried to insert using terminal, the code gets different when viewing in winbox.
Got it.

ploquets

Check the manual.

Which manual do you reffer?

ploquets

No. You have to use a byte whose value is the length of the subsequent part of the domain name, example:
\08somename\03com

But is it "\x08" or only "\08" ?

ploquets

Content filter parameter can be only a string, and on dns packet the dot do "not exist".
Understand this?

So what that means? Should I use space instead of dot ?

ploquets

It doesn't work because the dot symbol is not actually present in the DNS query - the FQDNs are encoded in a rather complicated way, see the RFC for DNS for details. There are multiple topics regarding this here on the forum, e.g, this post gives you a hint. When I try to use the example from the t...

ploquets

Hello I want to match DNS content with the content filter in advanced firewall rule tab. But when I use with some dot, like, example.com it stops to match the string. Sometimes it matches, but much less than normal scenario. If I tried to use regex, like example\.com things get even worse. Do someon...

ploquets

What's new in 6.47.6 (2020-Oct-21 10:41):

*) crs3xx - fixed switch rules for CRS309 and CRS317 devices (introduced in v6.47.3);

ploquets

Following
viewtopic.php?f=2&t=167744

ploquets

Hello! We have a Switch CRS317-1G-16S+ that was working with swOS We are using a CCR1036 as a CGNAT and even with all those rules checked, some packets are leaving the CGNAT with RFC6598 as src-address. So, for block this spoof traffic, we created an ACL rule to block CGNAT src-address leaving the C...

ploquets

By Default it uses the filters

ospf-out
ospf-in

So to avoid confusion you can Rename IPv4 Filters to another

The problem is when you want to filter differently by areas.... or instances..

ploquets

This was working.... we are used to use loopback as a bridge to avoid the IP to get down, but now doesn't make any sense, since the IP is always answering requests even with the interface down.
Please, correct this Mikrotik.

ploquets

Sometimes I get same error overhere....
But with another RouterBoard it works...
Same network, same rules...

Go figure...

ploquets

I'm getting the same scenario over here. I think its a bug
v6.45.9 long-term

ploquets

Please, does anybody know how to protect a BGP Router (Port TCP 179) without breaking fastpath ?

ploquets

I have tried this approach on newly bought CSS326-24G-2S, however the web-interface only briefly shows " upgrading ... (don't interrupt) " and " rebooting... " notifications, quickly returning ( 2- 3s ) into standard web look reporting again " 2.0 (built at Thu Jan 26 2017 ...

ploquets

Same Here

Please, update the Dude with 64bit counters

ploquets

I solved this for me with Routing Filters under Set Next-Hop-in with multiple Gateway-Addresses. This works for me even for BGP.

Thanks for this, I could workaround this issue and now working!

ploquets

I tried with 802.3ad bonding mode & with Layer-2-and-3 hashing, traffic was still going on one link only. Hello! Could you please tell me if you resolved your issue ? Here we have CRS317-1G-16S+RM and I'm bonding a CCR1036 with two SFP+ Our CCR1036 is getting 10Gbps+ aggregate traffic, fastpath...

ploquets

Please, Mikrotik Staff, we need RPKI this year.... Impressive how this thread is from 2014 and nobody seems to care about it.

ploquets

you need following rule before fasttrack-connection otherwise SYN packets will be fasttracked and clamp-tcp-mss will break /ip firewall filter add action=accept chain=forward comment="tcp syn no-FP" connection-state=established,related \ protocol=tcp tcp-flags=syn fyi. Since version 6.39,...

ploquets

I'm having some issues when connecting to The Dude. Sometimes I need to disconnect and connect. Same LAN. Sometimes it gives me timeout. timeout.png Sometimes it shows getting stuff but it gets nothing. I need to disconnect and connect.... and keep this going til it gets data. And I can see login an...

ploquets

Thank you for the script can it be altered to use mail ? to ship it directory in a support desk I guess you can use this # ------------------- header ------------------------------------------- # Traffic analysis script and report by E-mail # By Andre Almeida # Tested in RouterOS 6.45.8 # Created a...

ploquets

Workaround For profile on UP :delay 1s; :local remoteAddr $"remote-address" :local interfaceName [/interface get $interface name] :if ( [:len [/ip firewall address-list find address=$remoteAddr and dynamic=yes]] > 0 ) do={ :foreach i in=[/ip firewall address-list find address=$remoteAddr] ...

ploquets

but I know a traditional L2TP/IPSEC does not work on IPv6 in RouterOS. The device simply is incapable of "listening" on IPv6 for a very large number of services. So, if I'm running already a VPN Server with L2TP + IPSec with IPv4, and just add IPv6 on a loopback (with world connectivity) ...

ploquets

Please Mikrotik, this feature is a must have.
Asked since the first day Mikrotik released Mikrotik-Address-List feature.

viewtopic.php?t=24224#p116985

Thank you

ploquets

Hello! Is it possible to correct the font on System Note? (since 3.20) Art is not possible to add anymore, because when the note window opens, it looks weird. Like this: https://forum.mikrotik.com/viewtopic.php?t=152988#p763628 I know that @normis said that note is not for art, but Mikrotik WiKi say...

ploquets

SwOS v2.9 has few changes which require updated fan controller firmware that comes only within RouterOS. You should boot your CRS317-1G-16S+ in RouterOS and upgrade to the latest testing version (currently it is 6.44rc1, should be included in next stable version as well). After that, you can simply...

ploquets

is it solved?
How did you manage to workaround this?

ploquets

Linked this CSS326 with CRS317..... with s+da0001 When Flow Control is enabled, we see RX Pauses. When Flow Control is disabled, we see Rx Overruns Seems the problem is with CSS326, because, we moved one 10G interface from CSS326 to the CRS317.... and it is running without erros. No change on module...

ploquets

Same here... Only overruns, only at one interface 10G

Interface traffic most time is passing 2Gbps+

ploquets

This can be fixed by adding a /delay 30 at the top of the exported file, but of course that means you need to download, edit and upload each of those files, which makes automation yet again harder. Of course MikroTik should include that delay inside RouterOS itself, but they don't. Seems to be the ...

ploquets

Did you reset-mac ALL interfaces in the router? . /interface ethernet reset-mac-address [find]; . By default WLAN is not copied with backup procedure. I know that because we always add mac-address to the access-list, so, if WLAN MAC was duplicated, our system would report. We can find a device by W...

ploquets

It could be enough to remove and re-add the dhcp6 client after you have reset the MAC. There does not appear to be a set duid... Of course you never know what other surprises like this exist in your restored devices, but that is only a theoretical issue. I already tried this. No go... DUID is alway...

ploquets

Confirmed.

Reseting those SXT Devices resolve the issue.

But, is it possible to solve this other way?

ploquets

How did you initially configure those devices? Did you make a backup of a configured device and restore that on a new device? That is definitely a no-no. Never do that! Try to do a full factory reset on one of the problematic devices, configure it manually or at most by pasting some /export'ed line...

ploquets

Hey, welcome to my issue.... ops, thread. So, I was debugging why some customers are not getting IPv6 with PPPoE and DHCPv6 What I've noticed is that every SXT that is not getting the prefix delegation, are showing us the same DUID. I've checked twice the MAC Address and already did reset the mac-ad...

ploquets

/ip firewall layer7-protocol add name=DNS_AAAA regexp="\\x1C\\x01" add name=DNS_Hotspot regexp=hotspot.example.org /ip firewall add chain=pre-hs-input hotspot=!auth protocol=udp dst-port=64872 action=jump jump-target=hs-unauth-dns comment="filter unauth udp dns requests" add cha...

ploquets

Is it possible to use this script with a proxy? In the light of recent events in the Russian Federation, access to the portal api.telegram.org is limited, so many important alerts stopped working. In this regard, I would like to clarify whether it is possible to modify the script to work through a ...

ploquets

What I did was: At VPN Server side: /ppp profile set VPN session-timeout=7h And at Windows side (Windows 10) Imported this task (xml) on Windows Task Scheduler: Save this code as a XML File <?xml version="1.0" encoding="UTF-16"?> <Task version="1.2" xmlns="http://s...

ploquets

As for the workaround, since my application is relatively easy and simple, so at the beginning we just set the server to terminate the connection on every 7hrs (after the tunnel is established), and set the Windows client to automatically re-connect the L2TP/IPSec once again. At least the re-connec...

ploquets

Whats the solution or workaround?

ploquets

Has this topic got any action lately? I've recently been doing some testing with this parameter using the 5GHz RB912 bd. The question I posed to Mikrotik that was never answered, was "what is the numerical setting of 'default' ". Above, it's mentioned several times that the default settin...

ploquets

Hi, is this script works on latest ros? I can’t run it and get no warnings

Yes it works.
I have working on 6.40.8 bugfix

ploquets

There is one problem, in this configuration, the script does NOT include back triggers. It is necessary or in scheduller automatically to include triggers in 2-3 minutes or to add in a script a parameter about inclusion of the trigger on number Sorry, I did not understand. Could you explain a littl...

ploquets

Well it didn’t show an error, but here you go:
Code: Select all
/ppp active print count-only where (address in 203.0.113.0/24 and !(address in 203.0.113.0/27))

Nice!!!!!!

This worked like a charm
Thank you

ploquets

 /ppp active print count-only where (address in 203.0.113.0/24 AND address in !203.0.113.0/27)

Doesn't work.
Have you tested your code?

Thanks in advance

ploquets

Hello... I've been searching about this sintaxe, but did not find anything useful.

Does somebody knows how to get this command to work?

/ppp active print count-only where (address in 203.0.113.0/24 AND address not in 203.0.113.0/27)

Thank you

ploquets

You'll never see a dynamic ARP entry with pub flag set AFAIK, if there's one It means you added a static entry for proxy-arp. This can be useful in some situations like ppp tunnels (ages has passed since there's no need for it) or for WOL to work for example. The pub flag is to set static proxy-ARP...

ploquets

still waiting for the bugfix only update

Same here.

ploquets

Please, I will repeat my post from here: https://forum.mikrotik.com/viewtopic.php?f=8&t=108083&p=541709#p541709 --------- Hello. Here we are used to use The Dude as we think its an awesome network monitoring tool. One little thing is really annoying me, which is monitoring BGP Routers. When ...

ploquets

Can the script be eligible to go to the wiki?

ploquets

Hello. Recently we needed a script to report if an interface was passing more than X traffic. Everything was OK if using the traffic-monitor... but with just 1 second of traffic (traffic peak) I got notified. So, I've created a script that is triggered by the traffic-monitor to start the analysis. I...

ploquets

Please, I will repeat my post from here: https://forum.mikrotik.com/viewtopic.php?t=108083#p541709 --------- Hello. Here we are used to use The Dude as we think its an awesome network monitoring tool. One little thing is really annoying me, which is monitoring BGP Routers. When we enable the RouterO...

ploquets

Same here...
Tested using Moto Z2 Play and Asus Zenfone 3

Only RX (phone Upload) gets on MCS.

TX is always on 802.11g I guess

WTF MK ?

ploquets

I'm having the same problem over here.

Wireless N 2.4

How did you guys managed to solve?
Thanks

ploquets

I'm getting this as well, but in 5Ghz N.

Is it possible to resolve this?

ploquets

Also some adjustments should be made in connection tracking. There are 2 common ways: 1) reduce connection timeouts, so that connections with old public IP expires faster 2) some script that clears conntrack on failover event. The worst timeout is for TCP Established, which is set as 1d by default....

ploquets

Hi ploquets thank you for your great info.. My network is bridged network. and to sending customer pppoe_client connection to pppoe_server Im uinsg EoIP tunnels. EoIP tunnels MTU is auto, when i check them actual MTU size is 1458 both side. I bridge wlan interface and EoiP interface at AP side. als...

ploquets

Hi ploquets thank you for your great info.. My network is bridged network. and to sending customer pppoe_client connection to pppoe_server Im uinsg EoIP tunnels. EoIP tunnels MTU is auto, when i check them actual MTU size is 1458 both side. I bridge wlan interface and EoiP interface at AP side. als...

ploquets

Just updated whole my pppoe site to 6.39.2, you can forget about change-mss rules, it all is now nicely build-in into ppp interfaces, even with MRU now it works fine. Is not the following rule necessary? /ip firewall mangle add action=change-mss chain=forward new-mss=clamp-to-pmtu passthrough=yes \...

ploquets

Just updated whole my pppoe site to 6.39.2, you can forget about change-mss rules, it all is now nicely build-in into ppp interfaces, even with MRU now it works fine. this is out of topic but I would like to ask in interface pppoe-server server side, how should i set service. should i set max-mtu=1...

ploquets

Just updated whole my pppoe site to 6.39.2, you can forget about change-mss rules, it all is now nicely build-in into ppp interfaces, even with MRU now it works fine. Thanks about the feedback! Could you see, please, if all PPPoE interfaces has same MTU? I want to test it when MTU is not the same f...

ploquets

Do you have an example that shows this in use? I am wondering if 2 gateways, each on different subnets, can use this rule - or is it only used when you have a range of outbound ip addresses that you masq under (using the same gateway)? Sam I know this is an old post and the OP probably got the answ...

ploquets

Hi all,
FYI - I've tried these mangle rules, with SRC NAT SAME (IP RANGE) but still the IP changes every few minutes on the client side.

Have you tried to check the box "not by dst." when creating this kind of rule?

ploquets

The choice is always "do I want to bother with fasttrack and get some additional performance" or "do I want a system where all features work". For me, until now the choice has always been to disable fastpath and fasttrack, as fortunately everywhere where I need performance I hav...

ploquets

well fasttrack enables you to use fastpath with NAT.

But I guess fasttrack will break simple queues.
Those queues are dynamically created when "Mikrotik-Rate-Limit" attribute is defined in Radius.

ploquets

If just mangle rules with Change mss are created to change MSS for PPPoE tunnels....

Do I need connection tracking?

Or I can create raw rules with no-track action for those which doesn't need NATing ?
Would the no-track action reduce CPU usage?

Thanks

ploquets

Now this functionality is build-in into ppp interfaces themselves So, imagine my scenario, when those mangle rules were for all-ppp and limited by the minimal MTU.... (before 6.39) So now, it will consider the MTU from each tunnel ? Which means that I don't have to worry about limiting all-ppp just...

ploquets

/ip firewall mangle add action=change-mss chain=forward new-mss=clamp-to-pmtu passthrough=yes \ protocol=tcp tcp-flags=syn If we put this, all packets, even those with MSS lower will have MSS increased. Is that a guess, or did you actually observe that? It should only lower the MSS when too high, n...

ploquets

/ip firewall mangle add action=change-mss chain=forward new-mss=clamp-to-pmtu passthrough=yes \ protocol=tcp tcp-flags=syn If we put this, all packets, even those with MSS lower will have MSS increased. I don't know much about the concept, but, if a packet want to have a lower MSS, should we let it...

ploquets

I'm still trying to figure it out this changelog from 6.39
!) ppp - implemented internal algorithm for "change-mss", no mangle rules necessary;

viewtopic.php?t=122019

Please help

ploquets

Please, I really need comments on this.

Mikrotik staff?

Thanks

ploquets

So, I realized that when change-mss is enable in PPP profile, there is a bit of a problem... If MAX MTU and MAX MRU is set = 1492 Two mangle rules are dynamically created (of course, this is with a version < 6.39) One match traffic going to all-ppp interfaces and change MSS to 1452 when MSS is betwe...

ploquets

Create a filter to not redistribute /32 that is part of the /24 ( so, no more /32 that is inside the /24 would be announced) inside OSPF instance, just mark redistribute static routes. That's what I said. ;) Thanks ZeroByte... indeed you said, I did not realize that would redistribute the blackhole...

ploquets

Here is what I did. Create a /24 blackhole route (this will prevent static loop as well) Create a filter to not redistribute /32 that is part of the /24 ( so, no more /32 that is inside the /24 would be announced) inside OSPF instance, just mark redistribute static routes. Even with the /24 static r...

ploquets

To my knowledge, ROS does not have the ability to auto-summarize external routes. e.g. in Cisco, you can issue the command summary-address 192.0.2.0 255.255.255.0 This will cause an ASBR to announce only a summary prefix, and only when at least one route within this prefix is active. It will also c...

ploquets

add in ospf interfaces all interfaces to be passive, for example I need to run OSPF on ether1 other pppoe should be passive (no hellos). /routing ospf interface add interface=ether1 network-type=broadcast add interface=all passive=yes then add area range to summarize all pppoe, for example pppoe ad...

ploquets

stupid question first: - did you set ether1 and ether10 as the master ports respectively? - why don't you run (R)STP on your bridge? loop prevention is a thing one may needs. Yes, master ports are ether1 for switch1 and ether10 for switch2 rather to left without RSTP just for now because I already ...

ploquets

Hi I use this script :foreach i in [/ip firewall address-list find list=spamm] do={ /tool e-mail send to=xxx@xxxx.xx subject="Spamm" body=("Spamm fra " . [/ip firewall address-list get $i address])} Is there any way to create only one email with all IPs inside at the address-lis...

ploquets

Hello, thanks for reaching my question. I realized that RB2011 has two switch chips. My question is one of them is not able to "independent learning"? I don't know why, but when I enable MPLS at three different devices, and enable dynamic discovery, it shows devices that should not be seea...

ploquets

Bump

Enviado de meu XT1225 usando Tapatalk

ploquets

Well, just use routes than. And, to monitor if link is UP, you can do it by creating some recursive routes and use those routes to create default routes with different distances and with CHECK GATEWAY enabled. No need to do anything in mangle. And will provide fail-over with constant pinging and mon...

ploquets

Hello. I need to create graphs about how much bandwidth we sell, related with bandwidth used per plan. This would make possible to see if we sell more speed, would be more profitable than sell low speed plans. Because sometimes with low speed, costumer needs to be downloading/uploading for longer pe...

ploquets

Use RADIUS authentication with unique password for each user. Then just delete his account. Normis, if the SXT could not access the radius, this should be a problem too. Because, sometimes, the device is not connected to any AP. So, without communication with radius, would not be possible to go the...

ploquets

Is it possible to put a hashed password inside this script?
Read my post about SSH public key authentication above. You'll still have to provide the private key to the script but you can use file permissions to limit its exposure.

What about winbox access?

ploquets

Imagine this: we have a bunch of SXT. Every SXT is "protected" by a random password, which is linked somehow to the customer database (customer code, or something like that).... This password will only be retrieved if a employee can have access to the ERP from this company. So, if a guy is...

ploquets

If we set a password to a user, this is not exportable from the router.
Is there anyway to put on a script a hashed password, other than plaintext?

We are used to configure a user account with a password, like a backdoor, but... with this as plaintext, is not really good.
thanks

ploquets

http://www.tamax.com.ar/blog/wp-content/QoS_Megis.pdf
see page 29

I did not understand this calculation... from where they got the number "20" ??

ploquets

Thx to Uldis! We solved this problem. CAPsMANv2 6.23 (may be earlier too) works via ipv4 address with one thing - need routes between networks in both side and opened ports on CAPsMAN 5246,5247/udp I think it should be on wiki. Yes. For those who are running CAPSMANAGER and CAP at the same router, ...

ploquets

I couldn't understand. If this should adapt the "hearing" of the radio.... Lets pick the Basebox5 as example. We have a -96 as limit for the sensitivity. https://routerboard.com/RB912UAG-5HPnD-OUT So, how putting -105 as threshold would change anything ? If the objective was to decrease th...

ploquets

On gigabit switches the vlan-header attribute is ignored in secure vlan-mode. Instead the port will behave as leave-as-is. Use the default-vlan-id to tag and untag traffic in secure vlan-mode. Your configuration is untagging vlan 3 on ether10. Also make sure the vlan table is correct for all ports....

ploquets

Hard to see from this anything abnormal.

Is someone complaining?

Otherwise, maybe something more go damaged due to the discharge.

Check the uplink traffic.

It should be the aggregate traffic from those others interfaces.

Enviado de meu XT1225 usando Tapatalk

ploquets

Please, help

Enviado de meu XT1225 usando Tapatalk

ploquets

But my management IPs reside not in a VLAN, but rather in the native VLAN, which is not a 802.1q VLAN at all, it is just normal untagged traffic, this is why I put the IP address on the physical master-port (ether24 in my case). Did you solve this problem ? I'm trying to acheive exactly the same. E...

ploquets

It does the same under Administrator account and under non-Administrator account.

What if you execute Dude as administrator from any account ? Maybe it will grant permissions to be updated.

ploquets

nothing ? +1 for multiple files in email

ploquets

Bump... please, any help would be much appreciated.

ploquets

Thank you all! @sob - I am doing lot of my testing remote via opvn therefore I am very carefully. I am so glad that I beginn to understand firewall rules :-) @ploquets XXX.XXX.XXX.XXX/XX is not a single IP but an expression for a subnet incl. subnetmask? e.g. 192.168.10.0/24 - Do I need 172.16.5.25...

ploquets

Yes, if you want to block access like, winbox... you can do it in /ip firewall filter Assuming that your router (the one you want to prevent access) is the Gateway, you need to create input rules to accept from those you want to grant access. And after, you deny (action=drop) from everyone else. Exa...

ploquets

Hello! thanks for reach my question I need help to achieve a scenario that will prioritize an interface, but, generically. How is that? Let me explain: We have some customers that would not disconnect any cable from its internal network and want to perform some testing, just to see if the ISP is del...

ploquets

Slawek,

Right now I am on business trip, and cannot access the router. I will post it next week.

Please, post it... Right now I need your working configuration.
Thanks

ploquets

Hello! Is it possible to create an user without possibility to use the sensitive information stored on devices? Because on Dude 4.0beta3, we deliver the web for seeing network maps and from the web, they couldn't use the password, for example, to access Winbox as admin. And, now, sorry for this, but...

ploquets

Hello Recently we had to use a RB2011 as Switch. The goal was to manage the switch (RB2011) on VLAN 0 ( normally known as vlan 1 on others switches) ... by putting default route and IP on master-port. Receive at this port (master-port / UPLINK port) , tagged vlans. Make some ports untagged on respec...

ploquets

Hello. Recently, we had to use an RB2011 as a Switch because one of ours got damaged by an electric discharge. So, we decide to use the switch chip inside of it, and bridge the two master ports. The configuration worked just fine, but we have notice an very asymmetrical traffic. like this: Capturar....

ploquets

Please make background scan for NV2 APs. Thanks.

+1

ploquets

ploquets

bump!

ploquets

I just did it. In my case, we have such of a DMZ. So, what I did is create a dst-nat rule like that: /ip firewall nat add action=dst-nat chain=dstnat comment=DMZ dst-address=$WAN-IP protocol=!tcp to-addresses=$DMZ-IP add action=dst-nat chain=dstnat comment=DMZ dst-address=$WAN-IP dst-port=!$ALTERNAT...

ploquets

Hello, is it possible to run www service on mikrotik, but , for example: accessible via LAN on por 80 (accept input in firewall)
But only accept www via WAN on another port.... (accept that input port in firewall)

??

Thanks

ploquets

Nice... testing on RB2011, so far, so good

ploquets

In general you are right - this setting controls if LDP distributes label binding for default route. Wether you should enable it, depends of how your routing is configured and what you use MPLS for. But you have to be careful with this setting: once label switching path is established across your n...

ploquets

thanks for the answer. Another question about that, how to avoid beein notified multiple times, if the device has multiple probes... eg, probe for ping should be like a master probe. If ping is down, I don't care about the others, because ping seems that the device is down so other probes will proba...

ploquets

ploquets - Are you using Winbox 3.7? If not, then upgrade - it should solve the problem. Indeed. Winbox version was the problem. I was used to login with Dude 4.0beta3, because its on Windows machine. is there any option to update Dude's winbox to a newer version, without upgrading the whole Dude s...

ploquets

Hello. It's seems to be a bug on 6.36.4 on mipsbe We are used to use on Basebox5 and RB911G-5HPnD But, cannot edit MAC address in Wireless Access List VLAN Mode became invalid, doesn't matter which is chosen. OBS. This doesn't happen when adding and after editing. Only noticed when editing clients a...

ploquets

For me its working with this: :local sendto email@domain.com /system package update set channel=bugfix check-for-updates once :delay 10s; :global scriptgetnewversion [get latest-version]; :global scriptactualversion [/system resource get version]; :if ( [get status] = "New version is available&...

ploquets

+1

I need this aswell

ploquets

Hello guys, We have a scenario that is hard to implement this fail-over via OSPF because of many reasons, so, I'll ask a question about RSTP and before you start saying do via OSPF, I need to do via layer 2 (RSTP) [ correct me if I am wrong ] We have this scenario and we want to make possible to f...

ploquets

Hello, I've written a code to automatically backup our Routers with RouterOS running. So, the script simply backup, more code to help identify the backup, like from where, when it did the backup. But, when try to upload to the FTP, the folder structure need to be already there, otherwise it will fai...

ploquets

2016 and we have nothing about this feature yet?

how to choose a clear channel if we can't see the other end remotely ?

Would be very very very very nice if Mikrotik Staff could implement something like this, but before the miraculous version 7 come out.

ploquets

Beethoven - Für Elise :beep frequency=659 length=200ms; :delay 200ms; :beep frequency=622 length=200ms; :delay 200ms; :beep frequency=659 length=200ms; :delay 200ms; :beep frequency=622 length=200ms; :delay 200ms; :beep frequency=659 length=200ms; :delay 200ms; :beep frequency=494 length=200ms; :del...

ploquets

Beethoven - Für Elise :beep frequency=659 length=200ms; :delay 200ms; :beep frequency=622 length=200ms; :delay 200ms; :beep frequency=659 length=200ms; :delay 200ms; :beep frequency=622 length=200ms; :delay 200ms; :beep frequency=659 length=200ms; :delay 200ms; :beep frequency=494 length=200ms; :del...

ploquets

Use ":len $str" as a 3rd argument, or in your particular example: :foreach limited in=[/queue simple find max-limit~"1024k"] do={ :local customerusername [/queue simple get $limited name] :put [:pick $customerusername 8 [:len $customerusername]] } Nice! Thanks.... sure, that log...

ploquets

You need loopback address distributed to NSSA area from backbone. Otherwise VPLS tunnel will not be able to establish. Either you change area to default or set translate-always and inject-summary-lsa. Hello. Please, could you tell me where do I need to translate? I'm on same scenario, trying to est...

ploquets

Hello. Here we are used to use The Dude as we think its an awesome network monitoring tool. One little thing is really annoying me, which is monitoring BGP Routers. When we enable the RouterOS checkbox, all those routes (more then 1.2 million) would be read by The Dude. If I enable SNMP, this also o...

ploquets

Is it possible to pick from a point to the end?

more likely this:

:foreach limited in=[/queue simple find max-limit~"1024k"] do={
:local customerusername [/queue simple get $limited name]
:pick [ $customerusername 8 to end ] }

???
Thanks!

ploquets

I'm having exactly the same issue. How did you solve it?

Only way to put the x86 back on track is by doing a reboot.

ploquets

Is it possible to implement a better antenna ? By opening and weld a 5dbi antenna for example?

ploquets

I'm sorry for rising this thread, but my problem is similar to this. I'm build a script to change firewall script already installed and working on our customers CPEs. What I want is to find and remove by script NAT rules that would match the action=masquerade Would that be possible? I've tried with:...

ploquets

Hello, any news about that? My backup file has 29.3MB. I've made a VACUUM before exporting the database file. It shows me after importing: [admin@CHR] /dude> print enabled: no data-directory: dude status: import done and then i did: /dude set enabled=yes now when I do a /dude print it shows me: enab...

ploquets

I didn't see many examples fro RouterOS 6 so I thought I could share mine. We've been testing this configuration for a month and seems to do its job. It was tested on a RB2011 with WAN on eth1, and different LANs on the rest of the interfaces (eth2 - 192.168.2.0/24 ...) If you detect any mistake or...

ploquets

Thank you, I've t´configured it! It works! What a great feature!

Hello, would you please export your configuration ? Just to know how did you do it.
Thanks

ploquets

Is there any stable version for CHR ?
On mikrotik download page we can find a stable version, but, after installing, it recognizes as x86, which make our license invalid.

Thanks

ploquets

Any Ideas?

ploquets

Hello, we are trying to connect ourselves on a IXP, but they are telling us that our interface does not learn more than 60 MACs. Is there any way to get around that? Transceiver used is: Vendor Name: CISCO-SUMITOMO Vendor part Number: SCP6G44-C1-BMH I guess we don't have any Switches right now to do...

ploquets

Please use CAPsMAN v2 and use vlan-id setting for each SSID (CAP interface). Then add a vlan interfaces on the ethernet/bridge interface on the CAPsMAN where the CAP boards are connected. This is for the local-forwarding. The datapath bridge option will only work if you use the full-forwarding and ...

ploquets

Hello everyone. Is it possible to "live" monitor wireless registration per CAP at the Device inside The Dude Map's? I'm trying to, but it seems that only the caps-manager has the ability to do that. I'm trying to use this function: [ros_command("caps-man registration-table print count...

ploquets

Hello! I'm trying to use The Dude and I've reached a trouble that I'm not capable to resolve by myself. The thing is, i'm monitoring voltage and temperature over our network, all devices that have this feature of report voltage and temperature, they are shown by the MAP and graphing. I guess the pro...

ploquets

+1 for AS information on netflow!!!

ploquets

Problem solved!!! I use vlan in datapath section: In CAPsMAN: add client-to-client-forwarding=no local-forwarding=yes name=\ office_guest_local_vlan vlan-id=52 vlan-mode=use-service-tag add client-to-client-forwarding=no local-forwarding=yes name=\ office_royal_local_vlan vlan-id=1 vlan-mode=use-se...

ploquets

Please use CAPsMAN v2 and use vlan-id setting for each SSID (CAP interface). Then add a vlan interfaces on the ethernet/bridge interface on the CAPsMAN where the CAP boards are connected. This is for the local-forwarding. The datapath bridge option will only work if you use the full-forwarding and ...

ploquets

In the meanwhile i got it work. I use switch-chip feature for VLAN-Tagging and forgot to assign both VLAN's to switch_cpu "port". Now everything works fine. ;-) Thx for your assistance! eMuell I've read your configuration export, but, could you please teach me how to do it ? I'm not aware...

ploquets

I'm trying to use a CHR as PPPoE Server with Radius authentication. But every time a client reach a full traffic specified on queue... the CHR reboots. This happens specially when using a SpeedTest. If I kill the queue related to the PPPoE client, everything works OK. But then I cannot limit the cli...

ploquets

Making the OVF does work.Thanks!

ploquets

... datastore has a lot of free space). As far as cleaning up that datastore, you can right-click it and Browse and poke around to see what kind of files are taking up the space. It may be likely that your host is configured to use a different datastore for all VMs by default and it is just taken u...

ploquets

tried everything and keep getting this error error.jpg I'm getting same error here.... When installing routerOS..... almost done and it fails with same error: http://img.ctrlv.in/img/16/01/05/568bbe885352f.png http://img.ctrlv.in/img/16/01/05/568bbddd19843.png The error is while installing the OS (...

ploquets

You need to turn off propagate TTL in your MPLS settings. That will hide the internal hops Nick One thing I've notice... it seems to show hops only from LERs... but the LSRs are transparent if I uncheck the TTL Propagate. On my cenario, there is only one LSR between clients and border... so, only o...

ploquets

1508 is however correct if you need to deliver full frames (1500) in a pppoe session inside of the vpls tunnel. Which is what the presentation was dealing with. Please, can you tell me: Whats the difference between "MPLS MTU" which is configure inside MPLS ? Will the ether's MTU interfere...

ploquets

You need to turn off propagate TTL in your MPLS settings. That will hide the internal hops
Nick

Nice man!
That way works!

But, thinking about performace, will this work same way as making a VPLS tunel and concentrating PPPoE ?

What would you recommend ?

Thank you! Nice tip!

ploquets

I have found the solution yesterday, but thank you.
Yes it was only a test if he could send it, i thought that the router can receive them
I have now installed a software on my computer to receiver the traps and it works.

How did you solve?
can you send me a snmp export?

Thanks!

ploquets

Hello! I was searching about something like that... What I want to is: Monitor some external IP to see if everything is working OK [ I guess that I can create that by using netwatch] If I can't ping, send some kind of snmp trap to the dude server,so I can know that is a problem on that router. That ...

ploquets

You can stub the RFC1918 point-to-point area and advertise the loopback area.

What is a point-to-point area?
What's the point of implementing it?

Thanks !

ploquets

But, how to make OSPF to advertise all /32 routes from PPPoE clients to the border and make client's traffic to flow thru the VPLS tunnel ? If you want to concentrate the PPPoE tunnels in a single point you will need VPLS tunnels. If you can have several PPPoE server in the network you can do "...

ploquets

And to make a job more complete, I was reading about making a L2 Tunnel using VPLS (I'm aware of some MTU configuration, jumbo frames and most common problems that we face by implement MPLS) to be able to reach the border router with 1 hop . You can do it merely enabling MPLS on every host. Well, b...

ploquets

We use VPLS when building networks for ISPs all the time for exactly that reason. Aside from being a great way to backhaul PPPoE from different locations to a common BRAS, it works very well if you have a customer that you want to hand off a full BGP table to. By building a VPLS pseudowire, you can...

ploquets

Hello guys, first post !!! and honestly, I'm kind of a beginner.... please be pacient Well, people exchange knowledge and learn this way, so, I'm kindly asking for help :) We are a internet service provider: A brief about our infrastructure: -- Towers do not connect direct to each other, all towers ...

Search found 162 matches