MikroTik

dlynes

/interface wifi export for one of the CAPs (they have identical configs, but channel used will be different, depending on what capsman assigned to them): # 2024-12-01 13:12:09 by RouterOS 7.16.1 # # model = cAPGi-5HaxD2HaxD /interface wifi # managed by CAPsMAN # mode: AP, SSID: DSR 5G, channel: 5220...

dlynes

Could you please share your config, at least the wifi part? /interface wifi export Remove serial and any other provate info. With this config we can provide you with some tips and tricks. Please see the export below. Did you want a dump of any of the wifi interfaces on any of the cAP ax's? I have s...

dlynes

Hello Normis, I received a response. It's apparently a feature of the existing firmware. They will be adding in a fix to the firmware to hide those in the future to avoid any confusion. I already work with Hani Rahrouh (listed on the consultants list) and had already consulted with his company; they...

dlynes

Do you have any devices on the network using static IP addresses? If so, make sure that you've updated them to use a /23 subnet as well. Otherwise, they won't see anything in the 10.0.1.0/24 portion of the subnet.

dlynes

Congratulations on finding MikroTik and considering it for your next project. Once I found MikroTik, I never looked back. Haven't bought any Netgear, DLink, TPLink, ASUS or Cisco Small Business since. 1. It all depends on how you configure it. RouterOS is extremely flexible. 2. Yes 3. Yes. YMMV with...

dlynes

That is awesome Mr Penz. Thank you so much.

dlynes

Since Upgrading to CAPSMAN v2 with cAP ax from CAPSMAN v1 with wAP ac, I’ve been getting WiFi devices connected at 0/0 bps TX/RX rates You’ll see I have a lot of devices with a 1Mbps TX as well (1000Kbps TX). That’s concerning as well, but the 0/0 is my main complaint. I have 2.4GHz and 5GHz separat...

dlynes

I've had a ticket open for 2 weeks now, without a response. MikroTik used to respond to tickets within a couple of days or less. Has something changed? I see there was a post in the forums from someone else a couple of weeks ago about the exact same problem. My ticket number is SUP-171452 I have 21 ...

dlynes

I know we had a similar topic a while ago, but here there are some more specific questions. This is just to gather ideas and general opinions. Please don't just answer "yes, give us everything". It is more about what you would actually use, what you actually need. 1) Are you interested in...

dlynes

It's happening to me, also. Default password works for a complete factory reset, but when put into a caps mode reset, default password no longer works. With an 'O' or a '0', with old default password of 'admin', or no password doesn't work either. This has been a really frustrating install. Only one...

dlynes

Which OS is it laggy on? We would like to gather any bug reports and fix them, so please report more specifics, include hardware specs too. I submitted a bug report on this. It's laggy on Windows 10 22H2 with all the latest non-preview patches, on a 32GB RAM Lenovo P51 w/i7 and SSD storage. The lag...

dlynes

This is awesome, Normis! Platform: Windows 10 22H2 Intel i7 One thing that seems to be missing is the button to open another Winbox window? (Nvm...found it on the far right of the toolbar(?) where the workspace dropdown is. Groups are missing from the main connection screen; seem to be replaced by w...

dlynes

Yes, it does seem that "in-band" upgrade process downloads package files to storage area inaccessible to users. Regarding failed upgrades ... check log, when upgrading fails it usually contains something about the reason. Often it's due to some problem with installed optional packages. Th...

dlynes

RouterOS version 7.11, 7.11.1 and 7.11.2 have been released in the "v7 stable" channel! Tried upgrading CHR (x86_64) from 7.10 to 7.11.2 using winbox; says it downloaded and installed and then reboots, but I'm still left with the same version. Then tried /system/packages/update/download. ...

dlynes

No, it does not. You're correct. I was just saying a good distributor that backs up the product line helps a great deal.

There's at least three other distributors in Canada that I know of. One of them I order from once in a while if I need to make a shipment to Vancouver and Netwire's sold out.

dlynes

No, not PR. More I saw a post about somebody dissing MikroTik and my experience has been anything but.

I figured it was an opportunity to mention how having the right distributor can make all the difference, too.

dlynes

Hi, I'm afraid to say this, but DON'T buy any hardware from Mikotik, NO SUPPORT AT ALL. For more than a year problem with Mikrotik WAPac and WiFi clients with broadcom chipset. Emailed a lot, given all necessary info, no results, last emails don't have any response! I've been MikroTik networking ge...

dlynes

--1 please DON'T add all kind of stuff into ROS that should be run from a seperate machine. I agree. If it's a one off thing for a new customer, just get access to one of their local machines and run nmap. If it's on an existing customer's network, you can run nmap from an existing machine on the n...

dlynes

Now if only L2TP/IPsec got fixed on both routeros 7 and Windows 10/11. Then we'd all be happy

dlynes

Item 3 of yours would probably be the simplest to implement. Have a schedule to check your list once every 5 minutes to see if it's empty. If it's empty, trigger your job, and set a variable. Set a timer for 5 minutes to reset the variable, and then re-loop. For your firewall rule that adds the addr...

dlynes

Hello Raymond, Is this why bridge filter doesn't work? i.e. because it's a switch chip? If so, why is the bridge filter section visible if it's not usable? I've got it working after I enabled 'use ip firewall' in the bridge settings, and now I'm using the raw ip firewall table. However, I have to wo...

dlynes

I don't know of a way to do that in TheDude, but you can definitely do that in Cacti as each ESSID shows up as a different WiFi interface that gets exposed via SNMP.

Cacti will track 1 year's worth of data.

dlynes

I've got it working after I enabled 'use ip firewall' in the bridge settings, and now I'm using the raw ip firewall table.

However, I have to wonder which is the better way of getting it to work.

dlynes

Export has been sanitized.

Brief diagram of how it's connected
Internet -> [ether1 BRIDGE ether3] -> Billing Server

I want to block everything on the billing server except HTTPS.

dlynes

# sep/02/2021 05:42:10 by RouterOS 7.1rc2 # software id = MXUY-2KEQ # # model = CCR2004-16G-2S+ # serial number = HAW073H26RE /interface bridge add name=bridge-wan /interface ethernet set [ find default-name=ether1 ] name=ether1-to-navigata set [ find default-name=ether3 ] disabled=yes name=ether3-t...

dlynes

It doesn't seem to matter what I put into the bridge filters for 7.0b4 or 7.1rc2. Hardware offloading or no hardware offloading. Fast forward or no fast forward. Allow fast path or disallow fast path. Block by destination MAC address, or block by destination IP address. Input or forward. Adding a sw...

dlynes

Based on what I've discovered of the sequence of events from doing packet captures and trial and error, I got as far as #2 (not the ramdisk part) trying to figure it out without using a tunnel. The problem I ran into was how to get the 'vmlinux' file from the .npk file. If I knew how to do that, I'd...

dlynes

Thank you guys. I keep forgetting it's almost exactly the same as iptables. ok, misunderstanded: I usually do: ... add action=jump chain=input comment="Inizio Protezione IP Pubblico 1" dst-address=0.6.6.6 in-interface=ether1 jump-target=input_gateway add action=jump chain=input comment=&qu...

dlynes

Hello Mark, I see that you have a static route that duplicates that dynamic route. I'm assuming the dynamic route is automatically added when a dhcp client renews its IP address. If that's the case, check to see if that ethernet port keeps losing its link. If that's not the case, but you have a chec...

dlynes

There are two versions of TheDude. One runs in RouterOS. Another is a standalone application running on Windows that talks to the MikroTik and RouterOS devices. You can go here: https://mikrotik.com/download Then click on the TheDude drop down and select which stability you would like to download an...

dlynes

I would like to be able to use a MikroTik device as a Netinstall server for that rare occasion when a device goes into a reboot loop because it has corrupted firmware. It saves me a trip down to the client site if I can manage it all after hours, remotely. RouterOS supports tftp. I don't know if I c...

dlynes

The problem: Filter table gets so polluted that on routers with lots of rules, it's difficult to understand what's being filtered and why sometimes. If you have dynamic rules, it makes it even more challenging. On iptables, there's a solution for this by creating additional chains, and then joining ...

dlynes

Here's a detailed SSH log from when 10.10.30.254 is trying to connect to 10.10.30.253: tunneldevice any:any controlpersist no escapechar ~ ipqos lowdelay throughput rekeylimit 0 0 streamlocalbindmask 0177 root@officenas[~]# ssh -v 10.10.30.253 OpenSSH_7.5p1, OpenSSL 1.0.2s-freebsd 28 May 2019 debug1...

dlynes

I have an EoIP tunnel overlaid on an L2TP/ipsec VPN. The L2TP/ipsec VPN connects from a hEX to an RB3011. The hEX is NAT'd behind an ADSL modem operating in PPPoE mode. The RB3011 has a static public IP address. The hEX is connecting to the L2TP server on the RB3011. The EoIP tunnel is then negotiat...

dlynes

As of today, it was released into Linux 5.6 kernel to the general public.

dlynes

Is there a fix in the works for CVE-2019-14899? For more information, please see: https://linux.slashdot.org/story/19/12/05/2022205/new-linux-vulnerability-lets-attackers-hijack-vpn-connections and https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14899 and details of the exploit at: http://qn...

dlynes

We are working on something for you as well. New extreme performance devices are in the works, as well as v7 BGP speed improvements are still on track. Hello Normis, Does that mean QSFP288 (100GbE) support is in the works? I'm guessing that's one of the big reasons v7 hasn't come out yet is to make...

dlynes

Thank you Normis. As always you're helpful.

dlynes

Hello All, Does MikroTik have any devices that support 802.11af wireless networking standard? I've tried doing a search, but all I end up with is a whole bunch of hits on people mistakenly using 802.11af (the WiFi standard) as the key phrase when they really mean 802.3af (the PoE standard). The reas...

dlynes

I can confirm it was probably mailed out to everyone that was on the list. I had received it. I have not, however received any updates from MikroTik on the subsequent updates to VPNFilter status where essentially all devices running RouterOS were added to the original four cloud core router devices....

dlynes

FWIW, I use the following related best practices when I set up a router that has a public-facing interface: reset all configuration settings, uncheck 'keep default settings' Disable all non-essential services: telnet http https ftp api secure api Create a whitelist of admin IP addresses/netmasks Add...

dlynes

I've come across a bug in the ssh rendering code for 6.39.3. This bug is happening in other areas of the terminal as well, but this is the first chance I've had to document it. As such, this particular area is /caps-man registration-table pr stats:

dlynes

Any chance of adding access to this either through the API, or through SNMP?

Currently the only way to access it is via scripted command line access which is less than ideal because the output is formatted for humans, not machines.

dlynes

Easy solution - do not make any expectations :) We have already posted from time to time, that the biggest change is under the hood (minor kernel upgrade). There is no new GUI or anything. We are also working on a new routing engine. Actually we are making really cool stuff even in v6. Look at the ...

dlynes

I have heard that it is very hard to work on, and nobody likes it for that. But OpenVPN UDP support has been made in v7.

Awesome! I've always wondering why v6 didn't support UDP on OpenVPN...afaik, almost nobody uses TCP-based OpenVPN on Linux.

dlynes

I wish dhcp-client would trigger an event whenever it obtains/renews/releases a lease also. Then I wouldn't have to run my ddns-update script every 5 minutes. (I ---loathe--- scheduled scripts that do something that should just be event driven) The IP will not change w/o a lease being obtained. I d...

Search found 46 matches