Community discussions

MikroTik App

Search found 216 matches

by jprietove
Sun Sep 15, 2024 4:55 pm
Forum: General
Topic: unauthorized SSH user is run command?
Replies: 2
Views: 523

Re: unauthorized SSH user is run command?

What I see is the router telling that user can't be authenticated because of strong keys enabled. Log says that if you want that (unknown to the router by now) user to be able to authenticate, you should disable strong keys.
by jprietove
Thu Aug 29, 2024 10:26 am
Forum: Announcements
Topic: 📣 WinBox 4 is here 📣
Replies: 1630
Views: 434573

Re: 📣 WinBox 4 is here 📣

Where does linux version stores 'saved routers'? Is there a way to import Winbox Loader Addresses?
by jprietove
Thu Aug 22, 2024 5:55 pm
Forum: General
Topic: OVPN server not validating client source address
Replies: 4
Views: 571

Re: OVPN server not validating client source address

I think you can achieve what you want using rp-filter=strict in IP settings

https://help.mikrotik.com/docs/display/ROS/IP+Settings
by jprietove
Thu Aug 22, 2024 3:38 pm
Forum: General
Topic: OVPN server not validating client source address
Replies: 4
Views: 571

Re: OVPN server not validating client source address

You can assign different IP to each client or group. Take a look at https://wiki.mikrotik.com/wiki/Manual:RADIUS_Client

Framed-IP-Address or Framed-Pool are your friends
by jprietove
Wed Aug 21, 2024 9:02 pm
Forum: General
Topic: Port forwarding to router itself doesn't work
Replies: 12
Views: 1141

Re: Port forwarding to router itself doesn't work

Try action redirect instead of dst-nst
by jprietove
Tue May 28, 2024 9:41 pm
Forum: Forwarding Protocols
Topic: OSPF Bug: incorrect network advertisement for point-to-point addresses
Replies: 9
Views: 1600

Re: OSPF Bug: incorrect network advertisement for point-to-point addresses

try add area=A disabled=no networks=10.200.200.0/24 passive type=ptp Very interesting.... it is interesting... and it works! And yes... the interfaces are point-to-point so maybe this is the (correct) way to do it! [admin@R1] > ip/route/print Flags: D - DYNAMIC; A - ACTIVE; c - CONNECT, o - OSPF, d...
by jprietove
Tue May 28, 2024 5:24 pm
Forum: Forwarding Protocols
Topic: OSPF Bug: incorrect network advertisement for point-to-point addresses
Replies: 9
Views: 1600

Re: OSPF Bug: incorrect network advertisement for point-to-point addresses

Have you checked with Mikrotik Support? (support@mikrotik.com)
Sent email and assigned #[SUP-154326]. No answer yet.
by jprietove
Tue May 28, 2024 5:22 pm
Forum: Forwarding Protocols
Topic: OSPF Bug: incorrect network advertisement for point-to-point addresses
Replies: 9
Views: 1600

Re: OSPF Bug: incorrect network advertisement for point-to-point addresses

/24 is missing on the address definition! Default is /32 which it advertises... Well, the post is about Point-To-Point addreses (/32) in which address is local IP for the point-to-point and network is the-other-side IP. I used this addresses in order to show the different behaviour in v6 and v7. v7...
by jprietove
Tue May 28, 2024 11:43 am
Forum: Forwarding Protocols
Topic: OSPF Bug: incorrect network advertisement for point-to-point addresses
Replies: 9
Views: 1600

OSPF Bug: incorrect network advertisement for point-to-point addresses

Tested in CHR 7.14.3 and 7.15rc4. Compared with CHR 6.49.6 TLDR ==== RouterOS v7 doesn't advertise network for point-to-point addresses (peer address). It advertises self-address instead. Example ======= R1 is an ABR for A area. RA es an A intra-area router. R1 configuration: /routing ospf instance ...
by jprietove
Mon May 06, 2024 5:47 pm
Forum: General
Topic: Need help to prepare for MTCNA exam
Replies: 2
Views: 470

Re: Need help to prepare for MTCNA exam

The best preparation is to attend and pay attention to your Certified Trainer.
by jprietove
Fri Mar 01, 2024 6:15 pm
Forum: Forwarding Protocols
Topic: BUG: OSPFv3 stub area Intra-Area-Router doesn't get default route
Replies: 2
Views: 1252

BUG: OSPFv3 stub area Intra-Area-Router doesn't get default route

This behaviour happens in RouterOS v7.13 and also in the new v7.14. Tested on CHR images, this report is based on v7.14 In a simple scenario with R1 as ABR, I have this configuration: /routing ospf instance add disabled=no name=ospf3 version=3 /routing ospf area add disabled=no instance=ospf3 name=b...
by jprietove
Tue Dec 26, 2023 11:41 am
Forum: Beginner Basics
Topic: weird bug or misconfiguration? wireguard VLAN [SOLVED]
Replies: 2
Views: 1067

Re: weird bug or misconfiguration? wireguard VLAN [SOLVED]

10.255.255.255/24 is not a valid IP address, as it is a broadcast address. Change your pool from /ip pool add name=default-dhcp ranges=192.168.88.10-192.168.88.254 add name=AWIF_POOL ranges=10.50.0.2-10.50.0.254 add name=USA_POOL ranges=10.255.0.2,10.255.0.255 to /ip pool add name=default-dhcp range...
by jprietove
Thu Nov 09, 2023 9:32 am
Forum: Forwarding Protocols
Topic: OSPF preferred routes
Replies: 1
Views: 1896

Re: OSPF preferred routes

by jprietove
Wed Oct 18, 2023 9:42 am
Forum: Forwarding Protocols
Topic: Can you create an entire OSPF network when all routers are connected via radio-link?
Replies: 3
Views: 2379

Re: Can you create an entire OSPF network when all routers are connected via radio-link?

Wireless networks are also PHYSICAL connections. So YES, you can use OSPF.
by jprietove
Thu Sep 28, 2023 6:56 pm
Forum: General
Topic: Export, Print, Get...everything?
Replies: 9
Views: 1617

Re: Export, Print, Get...everything?

Maybe supout file is what you need.

There's a viewer in your account at Mikrotik site.
by jprietove
Thu Feb 23, 2023 5:42 pm
Forum: Forwarding Protocols
Topic: OSPF Templates in V7 + Loopback interface
Replies: 1
Views: 2555

Re: OSPF Templates in V7 + Loopback interface

It's not necessary, but I think it's good to do it: instead of letting the router to choose the Router-ID, choose one yourself and propagate it through your network.

This way, you can always get (to the router that) you want. (read this like the Rolling Stones would do it)
by jprietove
Mon Feb 13, 2023 7:26 pm
Forum: General
Topic: Price Gouging in Spain
Replies: 14
Views: 1434

Re: Price Gouging in Spain

Well, sorry if this is off-topic. @anav, my contact details can be found on Trainers page of MikroTik. Also on Consultants.

I've done that configuration before. I don't have a router near to check it, but it looks good.
by jprietove
Sun Feb 12, 2023 1:09 am
Forum: General
Topic: Price Gouging in Spain
Replies: 14
Views: 1434

Re: Price Gouging in Spain

PcComponentes is a general computer store, the other ones are more professional oriented.

You only have to know where to buy and where not.
by jprietove
Mon Dec 12, 2022 9:39 pm
Forum: General
Topic: Bug: 6to4 tunnel critical kernel failure on RouterOS v7.5+
Replies: 4
Views: 954

Re: Bug: 6to4 tunnel critical kernel failure on RouterOS v7.5+

Tested in CHR new install, not coming from an upgrade.
by jprietove
Mon Dec 12, 2022 6:01 pm
Forum: General
Topic: /ip neighbor duplicate blank entry
Replies: 4
Views: 548

Re: /ip neighbor duplicate blank entry

I'm sorry but I can't see any duplicate. The blank entries shows no identity because, probably, they're not MikroTik devices. But other vendor devices, using either CDP or LLDP.
by jprietove
Mon Dec 12, 2022 5:55 pm
Forum: General
Topic: Bug: 6to4 tunnel critical kernel failure on RouterOS v7.5+
Replies: 4
Views: 954

Bug: 6to4 tunnel critical kernel failure on RouterOS v7.5+

Hello, I have been testing 6to4 tunnels and RouterOS reboots with critical kernel failure when packets are forwarded by the tunnel. This has been tested in v7.5, v7.6 and v7.7rc1. Simple scenario: R1 ether1 ----- RX ---- ether1 R2 # R1 /interface 6to4 add !keepalive local-address=192.168.1.2 name=6t...
by jprietove
Tue Nov 29, 2022 8:52 pm
Forum: SwOS
Topic: ONU stick and CSS610-8G-2S+IN compatibility
Replies: 8
Views: 3716

Re: ONU stick and CSS610-8G-2S+IN compatibility

Search in this thread: viewtopic.php?t=116364
by jprietove
Tue Jul 26, 2022 10:12 am
Forum: General
Topic: CCR1036 WEBSITE DOES NOT OPEN BANCO DO BRASIL [SOLVED]
Replies: 7
Views: 1347

Re: CCR1036 WEBSITE DOES NOT OPEN BANCO DO BRASIL [SOLVED]

Bridge has 1458 as MTU. It is because eoip tunnels that are members of the same bridge.

Change MTU of EOIP tunnels to 1500 and make sure Bridge actual MTU changes to 1500 also.
by jprietove
Tue Jul 26, 2022 12:15 am
Forum: General
Topic: CCR1036 WEBSITE DOES NOT OPEN BANCO DO BRASIL [SOLVED]
Replies: 7
Views: 1347

Re: CCR1036 WEBSITE DOES NOT OPEN BANCO DO BRASIL [SOLVED]

Check mtu on your configuration. Probably you have some misadjustment.
Post your configuration here if you need help
by jprietove
Wed Jun 01, 2022 5:44 pm
Forum: Forwarding Protocols
Topic: OSPF-PPPoE Summarize ROS6 vs ROS7
Replies: 6
Views: 2761

Re: OSPF-PPPoE Summarize ROS6 vs ROS7

I don't have any BGP instance, or if I understood correctly mark in the OSPF instance the BGP propagation. But in that case it has no effect. Redistribute-connected makes PPPoE network to be considered as external. In the end, if there is another way to make the pppoe not propagate along with the o...
by jprietove
Mon May 23, 2022 12:36 pm
Forum: Forwarding Protocols
Topic: v7. Should a OSPF router become IR when all intarfaces are on the same area, or when only one area is defined? [SOLVED]
Replies: 1
Views: 1413

Re: v7. Should a OSPF router become IR when all intarfaces are on the same area, or when only one area is defined? [SOLVED]

I've contacted with support and the answer is:
In v7 configured area is always active (no influence if there is any network added or not).
If an area is not used please disable it.

Yes, the behavior in v6 was different.
So, this behavior is a feature and not a bug
by jprietove
Fri May 20, 2022 9:44 am
Forum: Forwarding Protocols
Topic: v7. Should a OSPF router become IR when all intarfaces are on the same area, or when only one area is defined? [SOLVED]
Replies: 1
Views: 1413

v7. Should a OSPF router become IR when all intarfaces are on the same area, or when only one area is defined? [SOLVED]

Hello, I've been testing OSPF in v7 and, as expected, configuration is different than in v6. Details are provided in https://forum.mikrotik.com/viewtopic.php?t=186087#p934154 but, as I checked the topic as "solved" maybe it won't be read. So, when using RouterOS v7.3beta40, in a very simpl...
by jprietove
Thu May 19, 2022 4:10 pm
Forum: Forwarding Protocols
Topic: v.7.3beta40 OSPF possible BUG. Default route not created in STUB Intra-Area Router [SOLVED]
Replies: 3
Views: 2222

Re: v.7.3beta40 OSPF possible BUG. Default route not created in STUB Intra-Area Router [SOLVED]

I've been testing more and I've found a detail... that shocks me. If in IR a new Area is created, the default route doesn't appear!. It doesn't matter if there is no network in the new area. So maybe in this case this is a Bug. I think IR role should be determined by only having networks in one area...
by jprietove
Thu May 19, 2022 3:25 pm
Forum: Forwarding Protocols
Topic: v.7.3beta40 OSPF possible BUG. Default route not created in STUB Intra-Area Router [SOLVED]
Replies: 3
Views: 2222

Re: v.7.3beta40 OSPF possible BUG. Default route not created in STUB Intra-Area Router [SOLVED]

In v7 "default-cost" must be configured for the stub area to get the default route originated.
Thank you very much! That was! I wan't aware of this change.
by jprietove
Thu May 19, 2022 12:33 pm
Forum: Forwarding Protocols
Topic: v.7.3beta40 OSPF possible BUG. Default route not created in STUB Intra-Area Router [SOLVED]
Replies: 3
Views: 2222

v.7.3beta40 OSPF possible BUG. Default route not created in STUB Intra-Area Router [SOLVED]

I am testing OSPF with new RouterOS v7.3beta40 and I have found that in a STUB Intra-Area Router, the default route is not created. I am not sure if I it is my mistake or it is a bug. I have create a very simple scenario to test it: one router as ASBR with default-originate in backbone area. One ABR...
by jprietove
Thu May 19, 2022 11:39 am
Forum: Forwarding Protocols
Topic: v7. OSPF adjacency problems when two neighbor has two different connections: one broadcast and one ptp [SOLVED]
Replies: 1
Views: 4669

Re: v7. OSPF adjacency problems when two neighbor has two different connections: one broadcast and one ptp [SOLVED]

I finally found it was my mistake. R3 and R2 was assigned the same ID. When corrected, everything work as expected.
by jprietove
Wed May 18, 2022 12:40 pm
Forum: Forwarding Protocols
Topic: v7. OSPF adjacency problems when two neighbor has two different connections: one broadcast and one ptp [SOLVED]
Replies: 1
Views: 4669

v7. OSPF adjacency problems when two neighbor has two different connections: one broadcast and one ptp [SOLVED]

Hello, I've been testing OSPF in v7 and I think I've found a bug with adjacency establishment. I've configured the same scenario in GNS3 using x86 images of RouterOS with v.7.3beta40, v7.2.3 and v6.49.6. Results in v7 are not the expected. Results in v6 looks good. The scenario is this: Selección_12...
by jprietove
Thu May 05, 2022 2:37 pm
Forum: General
Topic: Problem with service Metro Ethernet
Replies: 3
Views: 875

Re: Problem with service Metro Ethernet

Post your export here:
export file=anynameyouwant hide-sensitive=yes
by jprietove
Thu May 05, 2022 11:31 am
Forum: General
Topic: Problem with service Metro Ethernet
Replies: 3
Views: 875

Re: Problem with service Metro Ethernet

/ip address add address=83.xxx.xxx.158/30 interface=ether1
/ip route add gateway=83.xxx.xxx.157
by jprietove
Sun Apr 17, 2022 9:31 am
Forum: General
Topic: Bug Bonding does not work correctly, some services stop working
Replies: 2
Views: 647

Re: Bug Bonding does not work correctly, some services stop working

As RR as mode (default) doesn't use transmit-hash-policy, try using mode=802.3ad or mode=balance-xor.
by jprietove
Wed Mar 30, 2022 3:14 pm
Forum: Beginner Basics
Topic: Problem with setting a priority bit on outgoing traffic
Replies: 4
Views: 879

Re: Problem with setting a priority bit on outgoing traffic

Well, the truth is that I wrote the commands with no router with me, so the syntax error.

About masquerade, I thought you had that rule previously created.

Does it work? Use tool sniffer to check if priority is being used
by jprietove
Tue Mar 29, 2022 8:13 pm
Forum: Beginner Basics
Topic: Problem with setting a priority bit on outgoing traffic
Replies: 4
Views: 879

Re: Problem with setting a priority bit on outgoing traffic

Try this: /interface list add name=wan-p2 /interface list member add list=wan-p2 member=vlan2900-WAN /interface list member add list=wan-p2 member=fibre-pppoe /ip firewall mangle add chain=output out-interface-list=wan-p2 action=set-priority new-priority=2 /ip firewall mangle add chain=forward out-i...
by jprietove
Sat Mar 26, 2022 10:29 pm
Forum: Beginner Basics
Topic: Difference between VRF and Routing Tables [SOLVED]
Replies: 3
Views: 2088

Re: Difference between VRF and Routing Tables [SOLVED]

VRF makes connected routers to be in a table route, instead of being in the main table.
by jprietove
Fri Mar 25, 2022 10:55 pm
Forum: RouterOS beta
Topic: OSPF multiple areas - routes not appearing in non-backbone area
Replies: 2
Views: 3090

Re: OSPF multiple areas - routes not appearing in non-backbone area

If R1 has two areas, it's then an ABR Area Border Router. It's configuration is wrong.

Put all is networks in the same area.

Same apply to RE.

So only R2 is the ABR.
by jprietove
Thu Mar 10, 2022 8:58 pm
Forum: General
Topic: what options for 2 factor authentication for VPN access [SOLVED]
Replies: 21
Views: 19913

Re: what options for 2 factor authentication for VPN access [SOLVED]

You can use Radius for authentication purpouse and enable any of the many 2FA plugins. Check, as an example, FreeRadius with Google Authenticator or Latch (from ElevenPath)
by jprietove
Sat Mar 05, 2022 11:07 am
Forum: General
Topic: CRS326-24S+2Q+RM divides all speed by 3
Replies: 13
Views: 1866

Re: CRS326-24S+2Q+RM divides all speed by 3

Just a few post ago someone was v7 is unfinished and unreliable? Everyone has an opinion, and every use case it's different. If you can, give it a try. If it fits you, ok. If it doesn't, well, you'll be as bad as now. I think that your configuration is simple and probably will work well. But we won...
by jprietove
Wed Mar 02, 2022 9:31 pm
Forum: General
Topic: CRS326-24S+2Q+RM divides all speed by 3
Replies: 13
Views: 1866

Re: CRS326-24S+2Q+RM divides all speed by 3

IMHO, try v7 with her offload routing. It should fly!
by jprietove
Thu Feb 24, 2022 11:19 am
Forum: General
Topic: Which use cases for CCR2004-1G-2XS-PCIe ?
Replies: 34
Views: 7460

Re: Which use cases for CCR2004-1G-2XS-PCIe ?

Well, some of us are waiting for docker containers to be ready. This could be another aproach: you have a Server with lots of services (LibreNMS, Radius, IPERF....) and RouterOS directly connected to it. Instead of having things running inside RouterOS, you have your RouterOS side-by-side with them....
by jprietove
Sat Feb 19, 2022 2:22 pm
Forum: General
Topic: Changing PPPoE Gateway
Replies: 5
Views: 1568

Re: Changing PPPoE Gateway

Instead of using IP as gateway for your routes, you can use the interface itself, as they are Point To Point.
by jprietove
Tue Feb 15, 2022 11:28 am
Forum: Virtualization
Topic: Mikrotik Interfaces and GNS3 labels don't match
Replies: 4
Views: 3940

Re: Mikrotik Interfaces and GNS3 labels don't match

In the configuration template, use this values:
Selección_937.png
by jprietove
Wed Feb 02, 2022 10:03 am
Forum: Wireless Networking
Topic: 14 years lasting BUG - disconnected, unicast key exchange timeout
Replies: 31
Views: 15203

Re: 14 years lasting BUG - disconnected, unicast key exchange timeout

BUGS in Layer 8 are much older than 14 years... and will last forever
by jprietove
Fri Jan 28, 2022 11:54 am
Forum: General
Topic: Mikrotik switch image for GNS3
Replies: 5
Views: 7962

Re: Mikrotik switch image for GNS3

I download and installed in GNS3 the chr-6.49.2.img and it works, but I also need the same "switch" menu in Winbox I see for my real hap ac2 Switch menu only is shown in devices that support it. CHR has no switch-chip inside, so you can't simulate it... and you won't see the menu option i...
by jprietove
Fri Jan 28, 2022 11:36 am
Forum: General
Topic: Mikrotik switch image for GNS3
Replies: 5
Views: 7962

Re: Mikrotik switch image for GNS3

He is using CHR image, not SWOS or similar. He is explaining Bridge configuration for CRS3xx but using a CHR image.

From GNS3 you can download CHR image from their repositories
by jprietove
Thu Jan 27, 2022 9:15 am
Forum: RouterOS beta
Topic: v.7.1.1.1 Bandwith test of several tunnels
Replies: 9
Views: 4267

Re: v.7.1.1.1 Bandwith test of several tunnels

Could you try it with -P 4? It may interesting if reverse id different. You can then test with two client at the same time: In the title you have stated 7.1.1.1 and that can be confusing to many. I will try this weekend again. I was testing with only one stream because I was interested in TCP file ...
by jprietove
Wed Jan 26, 2022 7:18 pm
Forum: RouterOS beta
Topic: v.7.1.1.1 Bandwith test of several tunnels
Replies: 9
Views: 4267

Re: v.7.1.1.1 Bandwith test of several tunnels

Are you sure ?
Tests uses 2 streams. In wiki you have more information: https://wiki.mikrotik.com/wiki/Manual:T ... mance_test
by jprietove
Wed Jan 26, 2022 10:46 am
Forum: RouterOS beta
Topic: v.7.1.1.1 Bandwith test of several tunnels
Replies: 9
Views: 4267

Re: v.7.1.1.1 Bandwith test of several tunnels

I would expect better performance on wireguard and IPsec... Test results on both 4011 and 1009 ... as far as IPsec is concerned, is about 500 Mbps for both, for 512 bytes of packet... Yes, but published data is in both directions (so 1Gbps link would be 2Gbps bandwidth) And my results are only in o...
by jprietove
Wed Jan 26, 2022 10:02 am
Forum: RouterOS beta
Topic: v.7.1.1.1 Bandwith test of several tunnels
Replies: 9
Views: 4267

v.7.1.1.1 Bandwith test of several tunnels

I have performed some test using RouterOS v7.1.1, all the devices with Connection Tracking disabled. The topology is: PC1 <--> CCR1009 <--> hAP AC3 <--> hAP AC3 <--> RB5009 <--> PC2 Using iperf3, TCP one stream, performing 3 tests of 10 seconds and getting the average value. With pure routing, the b...
by jprietove
Tue Jan 18, 2022 10:47 pm
Forum: RouterOS beta
Topic: Fans significantly more aggressive with ROS7
Replies: 2
Views: 2295

Re: Fans significantly more aggressive with ROS7

After reading the title I thought that this thread was about @anav getting more aggressive than usual :)
by jprietove
Tue Jan 18, 2022 5:28 pm
Forum: General
Topic: CCR1009 CPU load 100%
Replies: 11
Views: 3722

Re: CCR1009 CPU load 100%

It could be useful if you provide an export of your configuration:
/export hide-sensitive file=configexport
by jprietove
Wed Jan 05, 2022 1:25 am
Forum: RouterOS beta
Topic: ZeroTier Full Tunnel VPN
Replies: 7
Views: 4391

Re: ZeroTier Full Tunnel VPN

[quote=mozerd post_id=902834 Collaboration is far easier with TailScale …..
[/quote]

So bored about your constant spam... Please, we DO know that it's the best thing, but be polite and don't get dirty every thread of this forum.

Thanks in advance
by jprietove
Thu Dec 30, 2021 11:02 am
Forum: General
Topic: Fasttrack stop working after some time
Replies: 1
Views: 896

Re: Fasttrack stop working after some time

Post your config, please.
by jprietove
Mon Dec 27, 2021 11:17 am
Forum: Forwarding Protocols
Topic: Simplest OSPF network not working with v7.1
Replies: 13
Views: 8061

Re: Simplest OSPF network not working with v7.1

I use X86 architecture with e1000 network card. This way I can test performance, queues... Also I use CHR with virtio when I don't mind about 1Mbps limit

I use gns3 gui and server locally installed on my laptop: i don't use Gns3 VM

You can get to me using my username at Gmail or DM with Tweeter
by jprietove
Thu Dec 23, 2021 4:49 pm
Forum: Forwarding Protocols
Topic: Simplest OSPF network not working with v7.1
Replies: 13
Views: 8061

Re: Simplest OSPF network not working with v7.1

Well, I use gns3 also, latest version in Ubuntu 20.04LTS
Works good, switch also
by jprietove
Thu Dec 23, 2021 12:02 pm
Forum: Forwarding Protocols
Topic: Simplest OSPF network not working with v7.1
Replies: 13
Views: 8061

Re: Simplest OSPF network not working with v7.1

I sent this case to Mikrotik support.
Well, it works with v.7.1.1
Selección_860.png
by jprietove
Thu Dec 23, 2021 11:49 am
Forum: Forwarding Protocols
Topic: Simplest OSPF network not working with v7.1
Replies: 13
Views: 8061

Re: Simplest OSPF network not working with v7.1

Why mikrotik change OSPF configuration syntax in so radical way?
Thanks, but no thanks. I will use existing 6.49 or secondhand (refurbished) cisco routers.
Not related with topic. Please, don't disturb
by jprietove
Thu Dec 23, 2021 10:42 am
Forum: Forwarding Protocols
Topic: Simplest OSPF network not working with v7.1
Replies: 13
Views: 8061

Re: Simplest OSPF network not working with v7.1

Well, it cost me a lot to see that both R1 and R2 has the same Router-ID: 0.0.0.2. And no, there is no need to publish 192.168.10x.0/24 as you have selected 'redistribute connected' in your instance
by jprietove
Tue Dec 21, 2021 7:54 pm
Forum: RouterOS beta
Topic: Testing OSPF in simple configuration: bugs detected
Replies: 8
Views: 4050

Re: Testing OSPF in simple configuration: bugs detected

Happy to see that this bug has been solved in v.7.1.1

Now, when enabling R4 it get elected as DR and it's as fast as ffrouting changing R1 from DR to normal router.
And also, R1 status change from "ExStart" to "Full".

Thanks team! Good work!
by jprietove
Tue Dec 21, 2021 12:35 pm
Forum: General
Topic: VPLS
Replies: 4
Views: 1199

Re: VPLS

Posting your configuration could be useful.
by jprietove
Tue Dec 21, 2021 10:16 am
Forum: General
Topic: VPLS
Replies: 4
Views: 1199

Re: VPLS

by jprietove
Tue Dec 21, 2021 9:52 am
Forum: Forwarding Protocols
Topic: Simplest OSPF network not working with v7.1
Replies: 13
Views: 8061

Re: Simplest OSPF network not working with v7.1

You missed the networks you want to publish. In R1:
add area=backbone networks=192.168.101.0/24
And so on...
by jprietove
Mon Dec 20, 2021 11:59 am
Forum: Forwarding Protocols
Topic: OSPF - how to filter out routes in redistribution
Replies: 10
Views: 6444

Re: OSPF - how to filter out routes in redistribution

The particular use case is to prevent routes advertised by Neighbor A due to a bug from spreading further to the network
I think you can use two different OSPF Instances in your router, using redistribute-other-ospf. With different OSPF Instances, you can use ospf-filters between them.
by jprietove
Tue Dec 14, 2021 4:40 pm
Forum: Forwarding Protocols
Topic: BGP - received routes not installed in correct VRF
Replies: 3
Views: 2446

Re: BGP - received routes not installed in correct VRF

I would try with /30 instead of /31
by jprietove
Tue Dec 14, 2021 3:50 pm
Forum: RouterOS beta
Topic: Testing OSPF in simple configuration: bugs detected
Replies: 8
Views: 4050

Re: Testing OSPF in simple configuration: bugs detected

Tested same scenario but this time with IPv6 and OSPF-v3: again, the router that was DR doesn't like to give the Designation to the new DR and neighboring status keeps in "ExStart"
by jprietove
Tue Dec 14, 2021 3:13 pm
Forum: RouterOS beta
Topic: Testing OSPF in simple configuration: bugs detected
Replies: 8
Views: 4050

Re: Testing OSPF in simple configuration: bugs detected

Can you please enable ospf debug logs, trigger exstart state problem, generate supouts and send those files to support?
MikroTik support #[SUP-68898]
by jprietove
Tue Dec 14, 2021 1:50 pm
Forum: RouterOS beta
Topic: Testing OSPF in simple configuration: bugs detected
Replies: 8
Views: 4050

Re: Testing OSPF in simple configuration: bugs detected

R4 will elect itself as the DR after it looses adjacency with other neighbours. After the link is repaired a new election will happen with 2 DR present and R4 wins because of 'higher' router-id. Yes, thanks. It's not the same as 'cold-boot' I see now... I thought it would be the same as it happens ...
by jprietove
Tue Dec 14, 2021 12:43 pm
Forum: RouterOS beta
Topic: Testing OSPF in simple configuration: bugs detected
Replies: 8
Views: 4050

Re: Testing OSPF in simple configuration: bugs detected

More about this. I created the same project with RouterOS v.6.49.1, started all routers from R1 to R4, so R1 gets DR and R2 BDR. After suspending R4 link, wait until timeout and resume the link, R4 gets also elected as DR and ping from nuc-1 to nuc-2 loose 10 packets (10 seconds). And the same proje...
by jprietove
Tue Dec 14, 2021 10:38 am
Forum: RouterOS beta
Topic: Testing OSPF in simple configuration: bugs detected
Replies: 8
Views: 4050

Testing OSPF in simple configuration: bugs detected

In order to test OSPF in RouterOS v7.1 I've created this project in GNS3: project.png BUG: When routers get out of OSPF and after some time they come back, adjacency isn't recovered and DR election seems erratic. The configuration is the same for every router, changing only IP addresses: # R1 config...
by jprietove
Mon Dec 13, 2021 8:07 pm
Forum: Virtualization
Topic: MikroTik CHR – Breaking the 100G barrier - in depth review
Replies: 2
Views: 5004

Re: MikroTik CHR – Breaking the 100G barrier - in depth review

Very interesting results. Thanks for sharing!
by jprietove
Fri Dec 10, 2021 5:05 pm
Forum: Forwarding Protocols
Topic: Route flap after DR goes down
Replies: 8
Views: 6188

Re: Route flap after DR goes down

Sorry, I didn't... I will give a look and I'll tell you Well, quite a bit late. I am testing OSPF and BGP routing in new v7 and updating my training documents for v7. So I tried this and yes, routes flaps in v6 AND routes still flaps in v7 after DR goes down. [Edited] But, packets are lost in trans...
by jprietove
Mon Sep 06, 2021 9:02 pm
Forum: Beginner Basics
Topic: EoIP and Bridge Connection
Replies: 2
Views: 837

Re: EoIP and Bridge Connection

It would be great if you post your configs here.
/export hide-sensitive file=r1
Your screens show IPSec stablished... but we can't see EoIP configuration or state. Please, post your config if you want help
by jprietove
Tue Aug 31, 2021 9:58 am
Forum: General
Topic: Routing via GRE to VLAN networks [SOLVED]
Replies: 13
Views: 3582

Re: Routing via GRE to VLAN networks [SOLVED]

Instead of using gre interfaces as gateways, try to add an IP address on each gre interface and use it as your gateway. # Router A ip address add interface=gre-tunnel-sg address=192.168.162.1/30 ip route add dst-address=192.168.62.0/24 gateway=192.168.162.2 # Router B ip address add interface=gre-tu...
by jprietove
Tue Aug 17, 2021 10:48 am
Forum: Beginner Basics
Topic: VLAN Manipulation - QinQ to C-Tag
Replies: 2
Views: 997

Re: VLAN Manipulation - QinQ to C-Tag

Try to select ethertype in bridge:
/interface bridge set bridge1 ethertype=0x9100
by jprietove
Tue Jul 27, 2021 12:57 am
Forum: General
Topic: Site to Site IPsec - muti subnet routing & capturing
Replies: 4
Views: 1455

Re: Site to Site IPsec - muti subnet routing & capturing

(Edited) For debugging, maybe it can help if you change ESP to AH at IPsec policy.
If the packet lose persist, you can at least use Wireshark to look into the packet.
by jprietove
Tue Jul 20, 2021 3:07 pm
Forum: General
Topic: Mikrotik generate CRL for revoked certs [SOLVED]
Replies: 3
Views: 2093

Re: Mikrotik generate CRL for revoked certs [SOLVED]

If your Certificate was generated including CA CRL Host, it should be accesible from http://<public_ip>/crl/<cert_id>.crl With <cert_id> equal to an internal ID that I haven't found how to get it. But if the CA Certificate was the first created Certificate, it should be 1. So try with http://your_ip...
by jprietove
Wed Jun 23, 2021 1:11 pm
Forum: General
Topic: So why do I want to run ROS on a Switch when SWOS is just fine?
Replies: 17
Views: 4874

Re: So why do I want to run ROS on a Switch when SWOS is just fine?

Why not?
With RouterOS you can use DHCP-Server, inter-VLAN routing, Firewall rules...
With SwOS only L2.

So if you don't need it, it's OK. But it can be very useful in many scenarios.
Same with CLI: if you have CLI, why do you want WinBox?
by jprietove
Tue Apr 20, 2021 12:25 pm
Forum: Virtualization
Topic: WinBox in EVE-NG [SOLVED]
Replies: 2
Views: 22269

Re: WinBox in EVE-NG [SOLVED]

You can create a TAP interface in your Host, attach one of your Guest RouterOS interfaces to that TAP interface. Now, your Host should 'see' your Guest and, if WinBox is installed in Host, you could configure your Guest using WinBox.
by jprietove
Tue Apr 13, 2021 9:46 am
Forum: General
Topic: Using RADIUS and local user for VPN [SOLVED]
Replies: 2
Views: 1079

Re: Using RADIUS and local user for VPN [SOLVED]

Yes, you can use both: local and Radius users. If a user is in "secret" local database and in Radius, local database will be used. Only users not in local database will be searched in Radius
by jprietove
Fri Feb 05, 2021 1:31 pm
Forum: Virtualization
Topic: Proxmox not interface
Replies: 3
Views: 6997

Re: Proxmox not interface

Try this:
/interface print
instead of
/interface list print
by jprietove
Tue Jan 26, 2021 5:43 pm
Forum: Scripting
Topic: PPPOE with auto mangle and queue tree
Replies: 4
Views: 2816

Re: PPPOE with auto mangle and queue tree

I'm using radius and the way u do just will assign to simple queues.
Using Radius Attribute "Mikrotik-Rate-Limit" you can assign a queue dynamically. https://wiki.mikrotik.com/wiki/Manual:R ... Attributes
by jprietove
Wed Jan 13, 2021 8:54 pm
Forum: Forwarding Protocols
Topic: Mikrotik 6.48 and cpu 100%
Replies: 5
Views: 1907

Re: Mikrotik 6.48 and cpu 100%

It seems like Bgp doing some work. Maybe updating routes or cache. Is route cache enabled?

Enviado desde mi Mi A2 mediante Tapatalk

by jprietove
Sun Jan 10, 2021 10:57 am
Forum: General
Topic: PPPoE client drops with BT Full Fibre 100 [SOLVED]
Replies: 19
Views: 4917

Re: PPPoE client drops with BT Full Fibre 100 [SOLVED]

Would it be the cable? Interface ether goes down and up, so it looks like a L1 problem.
Try changing it

Enviado desde mi Mi A2 mediante Tapatalk

by jprietove
Tue Jan 05, 2021 10:46 pm
Forum: General
Topic: Wait wait wait wait wait.. Mikrotik 10Gbe is a scam...??
Replies: 5
Views: 1379

Re: Wait wait wait wait wait.. Mikrotik 10Gbe is a scam...??

43Gbps

Enviado desde mi Mi A2 mediante Tapatalk

by jprietove
Mon Jan 04, 2021 10:33 am
Forum: General
Topic: Mikrotik 6.48 TCP timestamps Vulnerability [SOLVED]
Replies: 13
Views: 5860

Re: Mikrotik 6.48 TCP timestamps Vulnerability [SOLVED]

If you are not using SNMP, disable it.
If you use it, Just change the SNMP community and don't use "public". And use v2 or v3 with authentication.
by jprietove
Mon Dec 28, 2020 7:22 pm
Forum: General
Topic: Multi VLAN's DHCP?
Replies: 2
Views: 761

Re: Multi VLAN's DHCP?

I use pppoe, one server per each Vlan, not bridging them. 600 users at the moment with CCR 1036. No connection tracking. Simple queues in radius profile.
Works like a charm. Less than 10% CPU usage.


Enviado desde mi Mi A2 mediante Tapatalk

by jprietove
Wed Dec 16, 2020 6:19 pm
Forum: Virtualization
Topic: high load CPU for a CHR working QT
Replies: 7
Views: 8540

Re: high load CPU for a CHR working QT

An
/export hide-sensitive
could help
by jprietove
Tue Dec 15, 2020 7:43 pm
Forum: Virtualization
Topic: high load CPU for a CHR working QT
Replies: 7
Views: 8540

Re: high load CPU for a CHR working QT

Queue Tree works on one CPU. If there's heavy traffic, this CPU get 100%. It's better to find a way using Simple Queues, so the workload is balanced over different CPUs.
Please, post your config and what do you want to achieve, maybe someone here can optimize it.
by jprietove
Sun Oct 25, 2020 9:27 am
Forum: General
Topic: CCR 2004 compatibility with SFP 10/100/1000 modules.
Replies: 3
Views: 2079

Re: CCR 2004 compatibility with SFP 10/100/1000 modules.

https://wiki.mikrotik.com/wiki/MikroTik ... iber_links


Ccr2004 is not compatible. Look the link

Enviado desde mi Mi A2 mediante Tapatalk

by jprietove
Wed Oct 07, 2020 10:35 am
Forum: General
Topic: DDoS detection and blocking [SOLVED]
Replies: 9
Views: 5911

Re: DDoS detection and blocking [SOLVED]

So the question remains, how do I drop and blacklist any traffic above 6 packets per 8 seconds? What would be the correct expire value for it and why? The answer can be found on https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Filter : dst-limit (integer[/time],integer,dst-address | dst-port | src...
by jprietove
Fri Sep 11, 2020 10:28 am
Forum: General
Topic: Single PPPoE account used on Multiple Routers
Replies: 3
Views: 1821

Re: Single PPPoE account used on Multiple Routers

/ppp profile set profile1 only-one=yes
by jprietove
Mon Sep 07, 2020 2:05 pm
Forum: General
Topic: pppoe-client traffic over a vlan(no solution?!?!) [SOLVED]
Replies: 10
Views: 3516

Re: pppoe-client traffic over a vlan(no solution?!?!) [SOLVED]

If the three pppoe-clients are pppoe-out1, pppoe-out2 and pppoe-out3, you can achieve it this way. First, you need VLAN interfaces on the link to your switch. /interface vlan add interface=ether2 name=e2.10 vlan-id=10 add interface=ether2 name=e2.20 vlan-id=20 add interface=ether2 name=e2.30 vlan-id...
by jprietove
Fri Sep 04, 2020 8:43 pm
Forum: General
Topic: pppoe-client traffic over a vlan(no solution?!?!) [SOLVED]
Replies: 10
Views: 3516

Re: pppoe-client traffic over a vlan(no solution?!?!) [SOLVED]

Then you have to create as many pppoe servers as Vlan you need, one server in each Vlan. From the client to the server you have to tag your Vlan. I can't understand it any other way. It's true that pppoe server work in a broadcast domain, but every pppoe session is isolated from the others. I can't ...
by jprietove
Fri Jul 31, 2020 12:41 pm
Forum: General
Topic: Port scanner shows port 53 open although blocked in firewall
Replies: 4
Views: 3242

Re: Port scanner shows port 53 open although blocked in firewall

Are you sure you are making your scan from the interface called WAN?
by jprietove
Fri Jul 31, 2020 11:09 am
Forum: General
Topic: DNS resolution vulnerability
Replies: 14
Views: 4535

Re: DNS resolution vulnerability

I think you should read https://wiki.mikrotik.com/wiki/Manual:S ... our_Router

Specially DNS Caché Section. It explains everything you should consider before exposing your router to Internet.
by jprietove
Sat Jul 18, 2020 12:50 am
Forum: Forwarding Protocols
Topic: Breaking a bonded pair
Replies: 3
Views: 2319

Re: Breaking a bonded pair

Remove bonding at far-end first. Then remove it at your near end

Enviado desde mi Mi A2 mediante Tapatalk

by jprietove
Fri Jul 17, 2020 7:09 pm
Forum: Useful user articles
Topic: [Request] Mikrotik Online Training during Pandamic
Replies: 5
Views: 12596

Re: [Request] Mikrotik Online Training during Pandamic

Any Plan for Online Training/Certifications???
We have provided online courses during Spanish lock down, but certification exams should be in person.
So maybe you should contact to your country trainers

Enviado desde mi Mi A2 mediante Tapatalk

by jprietove
Tue Jul 07, 2020 1:02 pm
Forum: Announcements
Topic: MUM EUROPE AND OTHER UPCOMING EVENTS - POSTPONED!
Replies: 59
Views: 250267

Re: MUM EUROPE AND OTHER UPCOMING EVENTS - POSTPONED!

In general, attending a MUM or any other conference is about knowledge transfer and networking, also for you ?
[ironic]I became a Trainer just for using the coffe-machine in Latvia offices[/ironic]
by jprietove
Mon Jul 06, 2020 9:19 pm
Forum: Announcements
Topic: MUM EUROPE AND OTHER UPCOMING EVENTS - POSTPONED!
Replies: 59
Views: 250267

Re: MUM EUROPE AND OTHER UPCOMING EVENTS - POSTPONED!

Yes, please! and don't forget to send us the t-shirt and device! I suppose that sending lunch is much more difficult

Enviado desde mi Mi A2 mediante Tapatalk

by jprietove
Wed Jul 01, 2020 9:21 am
Forum: General
Topic: MTU for L2TP with IPSec though LTE
Replies: 4
Views: 5047

Re: MTU for L2TP with IPSec though LTE

So you mean, I just leave everything as I have it set: thanks, by the way, this is very important. No, what I mean is trying this configuration: Server: /interface l2tp-server server set max-mru=1500 Client: /interface l2tp-client add name=l2tp-client user=l2tp-user password=123 connect-to=10.1.101...
by jprietove
Tue Jun 30, 2020 11:16 pm
Forum: General
Topic: MTU for L2TP with IPSec though LTE
Replies: 4
Views: 5047

Re: MTU for L2TP with IPSec though LTE

You use MRU and set it to 1500. L2TP slices the packets in one side of the tunnel and the slices can be reconstructed at the end of the tunnel.
It's different to fragmentation, because the reconstruction is done in the router and not in destination.


Enviado desde mi Mi A2 mediante Tapatalk

by jprietove
Thu Jun 25, 2020 6:02 pm
Forum: General
Topic: PPPoE Server - NTP and DNS passthrough [SOLVED]
Replies: 6
Views: 5127

Re: PPPoE Server - NTP and DNS passthrough [SOLVED]

Do you have a good tip for a Linux BRAS router?
I didn't read you were using a CRS. You can consider using RB4011 as BRAS. It's affordable and can handle several hundreds of sessions.
by jprietove
Wed Jun 24, 2020 9:08 pm
Forum: General
Topic: PPPoE Server - NTP and DNS passthrough [SOLVED]
Replies: 6
Views: 5127

Re: PPPoE Server - NTP and DNS passthrough [SOLVED]

NTP is not available as an option. For DNS, use the option dns-server in ppp profile:
/ppp profile 
add name="pppoe-profile" local-address=10.1.1.1 remote-address=pppoe-pool dns-server=1.1.1.1 
by jprietove
Wed Jun 17, 2020 5:33 pm
Forum: General
Topic: Traffic Flow Sample Rate
Replies: 5
Views: 4198

Re: Traffic Flow Sample Rate

Google took me here.
Shameless bump?

cant find a setting for sampling rate.
NetFlow does not have sampling rate.

Sampling rate is for sFlow, mainly used in Switches. At this time, RouterOS does not support sFlow
by jprietove
Mon Jun 15, 2020 8:12 pm
Forum: Beginner Basics
Topic: RB4011iGS+ Netflow not working
Replies: 4
Views: 2629

Re: RB4011iGS+ Netflow not working

Nothing like dripping sweat over your MT!! ;-) but who cares when the wine is so good, and the tortilla/tapas in the morning and gambas/calamari for lunch. Heck JP, forget the training lets just be degenerate (but only after early morning coffee and a 2 hour bike ride) !! Bike ride? Better a beer r...
by jprietove
Mon Jun 15, 2020 12:56 pm
Forum: Beginner Basics
Topic: RB4011iGS+ Netflow not working
Replies: 4
Views: 2629

Re: RB4011iGS+ Netflow not working

Why are you using 0.0.0.0 as source address? Disable it or put a valid IP, maybe that's the reason that Netflow is not reaching your server.
by jprietove
Mon Jun 01, 2020 2:46 pm
Forum: Beginner Basics
Topic: Duplicate Address Detected IPv6? [SOLVED]
Replies: 7
Views: 11016

Re: Duplicate Address Detected IPv6? [SOLVED]

Have you tried to enable 'EUI-64' in address? Maybe another device is trying to use the same address (prefix obtained with all the other bits 0). If you construct your IP address using the prefix + EUI-64 you shouldn't have this problem
by jprietove
Tue Mar 31, 2020 11:50 am
Forum: Forwarding Protocols
Topic: bgp table-map
Replies: 4
Views: 3532

Re: bgp table-map

You can use Routing - BGP - Network. Add your network and un-check 'synchronize'.
by jprietove
Mon Mar 30, 2020 7:45 pm
Forum: Beginner Basics
Topic: CRS317 High CPU [SOLVED]
Replies: 4
Views: 7074

Re: CRS317 High CPU [SOLVED]

You should rewrite your config using new Bridge VLAN features for Hardware Offload.

https://wiki.mikrotik.com/wiki/Manual:I ... _Filtering
by jprietove
Thu Mar 05, 2020 10:54 pm
Forum: General
Topic: pppd vulnerable to buffer overflow
Replies: 2
Views: 2507

Re: pppd vulnerable to buffer overflow

Hello !

Is Router OS vulnerable to the CVE-2020-8597 ?

https://www.kb.cert.org/vuls/id/782301/
In the link you provide, it is stated that mikrotik is not affected

Enviado desde mi Mi A2 mediante Tapatalk

by jprietove
Sat Feb 08, 2020 6:44 pm
Forum: General
Topic: HW offload and PPPoE - low speed.
Replies: 19
Views: 13350

Re: HW offload and PPPoE - low speed.


Fast forward is no use, its a switch with more than 2 interfaces
Then you should put here complete configuration, not only the one you stated.


Enviado desde mi Mi A2 mediante Tapatalk

by jprietove
Sat Feb 08, 2020 4:48 pm
Forum: General
Topic: HW offload and PPPoE - low speed.
Replies: 19
Views: 13350

Re: HW offload and PPPoE - low speed.

Well, according to https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Fast_Forward conditions that MUST be met in order for Fast Forward to be active: Bridge Hardware Offloading is disabled So maybe this is the reason I'll try to setup a lab next week to investigate it Enviado desde mi Mi A2 med...
by jprietove
Sat Feb 08, 2020 11:50 am
Forum: General
Topic: HW offload and PPPoE - low speed.
Replies: 19
Views: 13350

Re: HW offload and PPPoE - low speed.

It's strange.. I'm sorry but I don't have a Rb2011 unit over here and I can't do any test until Monday. But, could it be..?
interface ethernet switch set switch1 cpu-flow-control=no 
Enviado desde mi Mi A2 mediante Tapatalk

by jprietove
Fri Feb 07, 2020 9:09 pm
Forum: General
Topic: HW offload and PPPoE - low speed.
Replies: 19
Views: 13350

Re: HW offload and PPPoE - low speed.

It could help if you post your bridge configuration in both scenarios: with hw-offload enabled and disabled. Maybe you are missing something.
by jprietove
Tue Jan 28, 2020 10:28 pm
Forum: General
Topic: Free MUM entry vouchers for everyone with positive Karma
Replies: 19
Views: 6529

Re: Free MUM entry vouchers for everyone with positive Karma

Anyway, mum entrance is free. Just register. But if you can pay the very affordable price, you get much more than you pay: lunch, license, a router, coffee and beer also!

Enviado desde mi Mi A2 mediante Tapatalk

by jprietove
Tue Jan 28, 2020 10:26 pm
Forum: General
Topic: Set up repeat ping every 5 mins.
Replies: 2
Views: 1590

Re: Set up repeat ping every 5 mins.

You can use tool netwatch without any script, just the ip address and the timing

Enviado desde mi Mi A2 mediante Tapatalk

by jprietove
Mon Jan 13, 2020 5:08 pm
Forum: Forwarding Protocols
Topic: OSPF+MPLS+VPLS
Replies: 4
Views: 2995

Re: OSPF+MPLS+VPLS

vpls one side is up and other end is down help please, i have checked LDP and MTU on both routers but still its the same and i m stuck
Check IP address (/32) of both ends appears on routing table
by jprietove
Sat Dec 21, 2019 11:10 pm
Forum: Wireless Networking
Topic: RB4011 PoE output + cAP ac PoE input without PoE injector??
Replies: 15
Views: 8166

Re: RB4011 PoE output + cAP ac PoE input without PoE injector??

It really works. It's my configuration at home

Enviado desde mi Mi A2 mediante Tapatalk

by jprietove
Mon Oct 28, 2019 7:57 pm
Forum: Forwarding Protocols
Topic: Route flap after DR goes down
Replies: 8
Views: 6188

Re: Route flap after DR goes down

No change. Did you test it?
Sorry, I didn't... I will give a look and I'll tell you
by jprietove
Mon Oct 28, 2019 5:45 pm
Forum: Forwarding Protocols
Topic: Route flap after DR goes down
Replies: 8
Views: 6188

Re: Route flap after DR goes down

Use LOOPBACK ip Address as Router-ID:

* R1, /routing ospf instance set [ find default=yes ] router-id=192.168.2.1
* The same in all others Routrers

This will solve all your problems
by jprietove
Mon Oct 28, 2019 3:44 pm
Forum: Forwarding Protocols
Topic: Route flap after DR goes down
Replies: 8
Views: 6188

Re: Route flap after DR goes down

Please provide export of the routers

Enviado desde mi Mi A2 mediante Tapatalk

by jprietove
Sat Oct 12, 2019 10:47 am
Forum: Scripting
Topic: Script out entire router configuration or just a section of it?
Replies: 4
Views: 3124

Re: Script out entire router configuration or just a section of it?

Maybe I'm not understanding well but, are you asking about "export" command?

Enviado desde mi Mi A2 mediante Tapatalk

by jprietove
Tue Oct 08, 2019 11:55 pm
Forum: General
Topic: Using PRTG to execute a script through Mikrotik API
Replies: 3
Views: 2211

Re: Using PRTG to execute a script through Mikrotik API

I don't know exactly what are you trying to do. If you want to execute a script in a MikroTik router you can follow this link https://wiki.mikrotik.com/wiki/Manual:SNMP#Run_Script Using the OID and with write permissions in SNMP when PRTG gets the data though SNMP using this OID, the script is execu...
by jprietove
Wed Sep 18, 2019 8:29 pm
Forum: General
Topic: RouterOS v7.0beta1 (ARM)
Replies: 203
Views: 104677

Re: RouterOS v7.0beta1 (ARM)

Even if it's not perfect, we'd love to start testing BGP/MPLS on ARM/Tilera!
And CHR also, please!!
by jprietove
Fri Aug 30, 2019 9:01 pm
Forum: General
Topic: fiber pigtail connector
Replies: 5
Views: 2108

Re: fiber pigtail connector

Just use Movistar ont as a Bridge. Ir is the usual way for ftth. Imho

Enviado desde mi Mi A2 mediante Tapatalk

by jprietove
Fri Aug 30, 2019 6:02 pm
Forum: General
Topic: fiber pigtail connector
Replies: 5
Views: 2108

Re: fiber pigtail connector

I think he is talking about gpon. Have a look in this thread:

viewtopic.php?f=3&t=116364&hilit=Gpon

Enviado desde mi Mi A2 mediante Tapatalk

by jprietove
Wed Jul 17, 2019 11:05 am
Forum: Forwarding Protocols
Topic: OSPF Interface all passive
Replies: 9
Views: 6604

Re: OSPF Interface all passive

Well, not exactly because this is not OSPF-v3... it is (sorry for the mistake):
/routing ospf interface add interface=all passive=yes
by jprietove
Wed Jul 17, 2019 9:59 am
Forum: Forwarding Protocols
Topic: OSPF Interface all passive
Replies: 9
Views: 6604

Re: OSPF Interface all passive

Not as easy when you have a few hundred vlans. Not bad to script but would be nice to have a simple checkbox to automatically have all interfaces as passive and then add the ones you want.
/routing ospf interfaces add interface=all area=backbone passive=yes
by jprietove
Thu Jun 13, 2019 10:20 am
Forum: General
Topic: Reading NetFlow Data with Python
Replies: 2
Views: 2112

Re: Reading NetFlow Data with Python

Take a look at https://code.google.com/archive/p/flowd/

You have a python example code and it works nice!
by jprietove
Mon May 27, 2019 11:42 pm
Forum: General
Topic: Mikrotik CCR 1072 Hang
Replies: 12
Views: 4219

Re: Mikrotik CCR 1072 Hang

Any of you are using Ethernet port for something different of managing?

If it's used for routing, firewalling or anything it can hang the router

Enviado desde mi Mi A2 mediante Tapatalk

by jprietove
Mon May 13, 2019 12:34 pm
Forum: General
Topic: 70m cable with MikroTik
Replies: 8
Views: 2233

Re: 70m cable with MikroTik

Cat 5 cable is not suitable for 1Gbps. Use cat 5e or, much better, cat 6

Enviado desde mi Mi A2 mediante Tapatalk

by jprietove
Tue Apr 23, 2019 10:34 pm
Forum: Forwarding Protocols
Topic: Your experience with larger/diverse Area0 OSPF networks?
Replies: 19
Views: 6690

Re: Your experience with larger/diverse Area0 OSPF networks?

In my opinion you should consider migrate to BGP with ospf. With good planning it's not painful and it's not necessary to get clients without service.


Enviado desde mi Mi A2 mediante Tapatalk

by jprietove
Tue Apr 23, 2019 1:09 am
Forum: General
Topic: LAG 802.3AD slowness
Replies: 23
Views: 9137

Re: LAG 802.3AD slowness

It depends on the ccr1009 model. Not all shares the same block diagram

Enviado desde mi Mi A2 mediante Tapatalk

by jprietove
Mon Apr 22, 2019 11:28 am
Forum: General
Topic: LAG 802.3AD slowness
Replies: 23
Views: 9137

Re: LAG 802.3AD slowness

Acording to https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_Hardware_Offloading only CRS3xxx series supports bonding with hardware offload. It means that other devices do bonding with CPU. CCR1009-7G-1C-1S+PC has 9 cores so it can take 1 Gbps from each G port and bond them in total of ...
by jprietove
Sat Apr 20, 2019 11:28 pm
Forum: General
Topic: LAG 802.3AD slowness
Replies: 23
Views: 9137

Re: LAG 802.3AD slowness

Try using ether 5 and 6, for example. ether 1 to 4 are connected to switch chip and this chip is connected to cpu by 1gbps line. This may be a problem in performance. Check block diagram here: https://i.mt.lv/cdn/rb_files/CCR1009-8G-1S-1Splus-160128140835.png Enviado desde mi Mi A2 mediante Tapatalk
by jprietove
Sat Apr 20, 2019 10:12 pm
Forum: General
Topic: LAG 802.3AD slowness
Replies: 23
Views: 9137

Re: LAG 802.3AD slowness

I'm afraid that bonding is hardware offload only in crs3xx series. In CCR series bonding is done on software. But I've reached 2gbps with bonding on ccr1009 in a transit router. I mean, different IP addresses for source and destination. So there should be a problem in your setup. Enviado desde mi Mi...
by jprietove
Sat Apr 20, 2019 5:30 pm
Forum: General
Topic: CRS326-24G-2S+ Q-in-Q without Service Tag
Replies: 2
Views: 1953

Re: CRS326-24G-2S+ Q-in-Q without Service Tag

Follow the examples in https://wiki.mikrotik.com/wiki/Manual:C ... s_switches with ether type 0x8100 in bridge

Enviado desde mi Mi A2 mediante Tapatalk

by jprietove
Wed Apr 17, 2019 2:30 pm
Forum: Wireless Networking
Topic: BTest vs Internet Speed test
Replies: 4
Views: 4480

Re: BTest vs Internet Speed test

I suggest this video from recent MUM Europe 2019 in VIenna:
Understanding throughput: https://youtu.be/zsrdgo0Npc8
by jprietove
Tue Apr 16, 2019 11:28 am
Forum: General
Topic: Feature requests
Replies: 1792
Views: 677376

Re: Feature requests - Re Winbox , close all

A feature I would like to see in Winbox is a new selection to close all winbox windows Example - many many windows open in winbox , click close-all and presto they all close and you still have your connected winbox session North Idaho Tom Jones Or I'm not understanding you... or for sure it is the ...
by jprietove
Mon Apr 15, 2019 10:43 pm
Forum: General
Topic: who can I hire to get a export to work as an import an a clone [SOLVED]
Replies: 7
Views: 2516

Re: who can I hire to get a export to work as an import an a clone [SOLVED]

Sure a lot of people will be interested. You can also look here for someone near you:

https://mikrotik.com/consultants

Enviado desde mi Mi A2 mediante Tapatalk

by jprietove
Mon Apr 15, 2019 6:45 pm
Forum: General
Topic: Feature requests
Replies: 1792
Views: 677376

Re: Feature requests - Re Winbox , close all

A feature I would like to see in Winbox is a new selection to close all winbox windows
Example - many many windows open in winbox , click close-all and presto they all close and you still have your connected winbox session

North Idaho Tom Jones
Isn't it the existing Session -> Close Windows?
by jprietove
Wed Apr 10, 2019 11:17 pm
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 85315

Re: UKNOF 43 CVE

In ipv6 usual prefix is /64. So a local attack will not be filtered by the rules proposed and the number of possible hosts is 2^64 because ipv6 addresses are 128 bit numbers.

Enviado desde mi Mi A2 mediante Tapatalk

by jprietove
Tue Apr 09, 2019 10:17 am
Forum: Beginner Basics
Topic: PPPoe pools - one for all?
Replies: 2
Views: 1090

Re: PPPoe pools - one for all?

Yes, you can use the same pool for all the profiles
by jprietove
Thu Apr 04, 2019 8:23 pm
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 85315

Re: UKNOF 43 CVE

I have done several tests with GNS3 using CHR 6.44.2 (stable) and as long as the router has enough memory, it doesn't crash. In my tests, the attack 'steals' around 180 MiB. Using a CHR with 256 MB, system resources shows a total memory of 224 MiB and free-memory of 197 MiB before attack. During the...
by jprietove
Wed Apr 03, 2019 6:11 pm
Forum: General
Topic: Best (free?) network diagram tool
Replies: 3
Views: 4576

Re: Best (free?) network diagram tool

I use GNS3 that is more than a diagram tool and you can also try https://draw.io
by jprietove
Tue Apr 02, 2019 8:28 pm
Forum: RouterBOARD hardware
Topic: Port Will Not Negotiate 1Gbps
Replies: 5
Views: 2070

Re: Port Will Not Negotiate 1Gbps

I've used that configuration lots of time. No problem at all. Look your cables, connectors, etc. It should be almost 'plug and play'
by jprietove
Mon Apr 01, 2019 11:22 am
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 85315

Re: UKNOF 43 CVE

I have just tested this beta and I confirm that with 300 Mb RAM the router's memory doesn't fill. A CHR with 300 Mb of RAM with OSPF-v3 has 237 Mb of free-memory and during the attack it keeps on around 200 Mb.

Hopefully this fix will be in long-term and current branches soon.
by jprietove
Mon Apr 01, 2019 11:17 am
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 304
Views: 164389

Re: v6.45beta [testing] is released!

Version 6.45beta23 has been released. What's new in 6.45beta23 (2019-Apr-01 05:51): !) ipv6 - fixed soft lockup when forwarding IPv6 packets; !) ipv6 - fixed soft lockup when processing large IPv6 Neighbor table; ---------------------- Congratulations! I have tested this beta and I confirm that wit...
by jprietove
Sun Mar 31, 2019 12:01 pm
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 85315

Re: UKNOF 43 CVE

This sounds almost exactly the same as what MikroTik will be fixing on Monday.

What would be characters 9, 10, 11, 12 of the md5sum?
Sorry @maznu but I don't get the same md5sum you expected. Maybe mine is a different but correlated attack
by jprietove
Sun Mar 31, 2019 11:03 am
Forum: General
Topic: UKNOF 43 CVE
Replies: 223
Views: 85315

Re: UKNOF 43 CVE

I've done my own investigation and I think I can reproduce the problem. First it is important to note that the target of the attack needs not to be the Mikrotik itself: if it is forwarding traffic from an attack, its memory can exhaust and eventually it will reboot. So my lab is similar to this: an ...
by jprietove
Tue Mar 12, 2019 5:40 pm
Forum: Beginner Basics
Topic: CRS 3xxx VLAN configuration
Replies: 2
Views: 1641

Re: CRS 3xxx VLAN configuration

Export your config and tell us exactly what you want to achieve
by jprietove
Tue Mar 05, 2019 8:46 pm
Forum: General
Topic: ipv6 strangeness
Replies: 2
Views: 1122

Re: ipv6 strangeness

It is not strange, it is called hexadecimal: In the address 2001:db8::33/126 I will look into the last '33'. As it is HEX, in Binary it is 001100 11 The last two bits are not belonging to the prefix, so the prefix is 001100 00 If I write it in HEX again it is 30, os the prefix is 2001:db8::30/126 Th...
by jprietove
Tue Mar 05, 2019 3:19 pm
Forum: Beginner Basics
Topic: Can we create the PPPoE user pool for 500 or 1000?
Replies: 10
Views: 3372

Re: Can we create the PPPoE user pool for 500 or 1000?

Pool 10 11 2 has not a next pool

Enviado desde mi Redmi 3 mediante Tapatalk

by jprietove
Sun Mar 03, 2019 5:44 pm
Forum: General
Topic: Taged and untaged to the same interface. [SOLVED]
Replies: 40
Views: 6280

Re: Taged and untaged to the same interface. [SOLVED]

I posted this on my previous answer. Clearly you didn't read it

Enviado desde mi Redmi 3 mediante Tapatalk

by jprietove
Sun Mar 03, 2019 5:16 pm
Forum: General
Topic: Taged and untaged to the same interface. [SOLVED]
Replies: 40
Views: 6280

Re: Taged and untaged to the same interface. [SOLVED]

[admin@R2] > interface bridge vlan add bridge=bridge1 vlan-ids=30 tagged=ether4,ether5 untagged=ether5
failure: interface cannot be in tagged and untagged at the same time

Enviado desde mi Redmi 3 mediante Tapatalk

by jprietove
Sun Mar 03, 2019 4:53 pm
Forum: General
Topic: Taged and untaged to the same interface. [SOLVED]
Replies: 40
Views: 6280

Re: Taged and untaged to the same interface. [SOLVED]

I think you should mark this as solved and forget about it. You asked a question, the answer is simply "no, you can't" and I really don't know why are we still feeding the yroll

Enviado desde mi Redmi 3 mediante Tapatalk

by jprietove
Sun Mar 03, 2019 11:53 am
Forum: General
Topic: Taged and untaged to the same interface. [SOLVED]
Replies: 40
Views: 6280

Re: Taged and untaged to the same interface. [SOLVED]

I don't know exactly what are you asking in this post. One port can be 'tagged' and 'untagged' at the same time for different VLAN-id. Hybrid port is the name. BUT not for the SAME VLAN-ID A hybrid port can be useful in a construction where you have several nodes connected in a dumb switch (not vlan...
by jprietove
Sat Mar 02, 2019 7:12 pm
Forum: General
Topic: How to see what IP is generating traffic over specific port? [SOLVED]
Replies: 2
Views: 1424

Re: How to see what IP is generating traffic over specific port? [SOLVED]

Use tool torch

Enviado desde mi Redmi 3 mediante Tapatalk

by jprietove
Thu Feb 21, 2019 5:39 pm
Forum: General
Topic: Security issue when Winbox exposed
Replies: 68
Views: 54096

Re: Security issue when Winbox exposed

No, I haven't missed it: look at the title I have choosen.
by jprietove
Thu Feb 21, 2019 5:25 pm
Forum: General
Topic: Security issue when Winbox exposed
Replies: 68
Views: 54096

Security issue when Winbox exposed

There seems to be an issue that allows bypass firewall and nat if winbox is exposed.
Please read this carefully

https://medium.com/tenable-techblog/mik ... d46398bf24

Enviado desde mi Redmi 3 mediante Tapatalk

by jprietove
Thu Feb 21, 2019 11:49 am
Forum: Beginner Basics
Topic: Mikrotik Packet Tracer
Replies: 3
Views: 7122

Re: Mikrotik Packet Tracer

Not analogous but best is: reading, understanding, learning, practicing and a lot of Wireshark
by jprietove
Thu Feb 21, 2019 11:48 am
Forum: General
Topic: I Can't set 802.1p on VLAN for DHCP [probably BUG]
Replies: 9
Views: 3141

Re: I Can't set 802.1p on VLAN

Chain should be output. Try this:
/ip firewall mangle
add action=set-priority chain=output new-priority=5 out-interface=vlan2
by jprietove
Wed Feb 06, 2019 2:52 pm
Forum: General
Topic: Severe port flapping on CRS328-24P-4S+ and CRS317-1G-16S+
Replies: 224
Views: 76546

Re: Severe port flapping on CRS328-24P-4S+ and CRS317-1G-16S+

Are any of you using port ether1 or just sfp-plus ports? If you are, remember that "The new Cloud Router Switch 317-1G-16S+RM is a rack-mountable manageable switch with Layer3 features, it has 16 SFP+ ports for high performance 10GbE connectivity and a 1GbE copper port for management. "
by jprietove
Tue Feb 05, 2019 2:31 pm
Forum: General
Topic: High CPU plus Latency plus Packet Drops when bonding with balance-rr
Replies: 16
Views: 7632

Re: High CPU plus Latency plus Packet Drops when bonding with balance-rr

I've been using CCR1016 with bonding in balance_rr with 1.7 Gbps traffic for more than one year, software based (not hardware) and CPU hardly goes more than 5-6%. It would be usefull to know if you are using RouterOS or SwitchOS, which RouterOS/SwitchOS version are you using, an export of your confi...
by jprietove
Thu Jan 31, 2019 2:53 pm
Forum: General
Topic: High CPU plus Latency plus Packet Drops when bonding with balance-rr
Replies: 16
Views: 7632

Re: High CPU plus Latency plus Packet Drops when bonding with balance-rr

What is happening Your router are doing bonding and bridging by software, thats the reason your CPU goes so high. As your traffic is going from only one point to other, the MAC-addresses of all traffic will be the same so if you use layer2 hash, only one path will be choosen. Improving a little Bet...
by jprietove
Thu Jan 31, 2019 10:57 am
Forum: Forwarding Protocols
Topic: Routing filter order
Replies: 11
Views: 7739

Re: Routing filter order

Maybe it's a typo? Look here: /routing bgp peer add address-families=ip,vpnv4 in-filter=casino-in name=up-gcp_casino out-filter=casinio-out remote-address=169.254.0.2 remote-as=65502 ttl=default ^^^^^^^ You wrote casinio-out instead of casino-out
by jprietove
Fri Jan 25, 2019 7:24 pm
Forum: General
Topic: Slow speeds on fibre with pppoe [SOLVED]
Replies: 4
Views: 6383

Re: Slow speeds on fibre with pppoe [SOLVED]

Test mtu with ping and no fragment option. VLAN has additional bytes in header so instead of 1480 maybe it's 4 bytes less.


Enviado desde mi Redmi 3 mediante Tapatalk

by jprietove
Thu Jan 24, 2019 10:34 pm
Forum: General
Topic: Bequant tcp traffic booster
Replies: 4
Views: 3184

Re: Bequant tcp traffic booster

Anyone has experience in Bequant's tcp optimizer? http://www.bequant.com/bta.html Probably the same can be done by a Mikrotik CCR although they claim some patented technologies. And if someone can make same, send me a pm and give me a price for a 500Mbp backbone connection. Hello wireless Rudy, I h...
by jprietove
Tue Jan 22, 2019 12:39 pm
Forum: Virtualization
Topic: Proxomox Hosted CHR - IP Configuration
Replies: 2
Views: 6229

Re: Proxomox Hosted CHR - IP Configuration

Try this:
/ip address add interface=ether1 address=99.88.9.17 network=99.88.7.180
/ip route add dst-address=0.0.0.0/0 gateway=99.88.7.180
by jprietove
Tue Jan 08, 2019 10:23 pm
Forum: General
Topic: load balancing speed problem
Replies: 2
Views: 1325

Re: load balancing speed problem

I think you have been very well answered in the other forum viewtopic.php?p=706857#p706857

Enviado desde mi Redmi 3 mediante Tapatalk

by jprietove
Wed Dec 19, 2018 5:10 pm
Forum: General
Topic: server on cloud - what to install?
Replies: 14
Views: 5951

Re: server on cloud - what to install?

In AWS you can select Mikrotik CHR at VM creation time. No need to install Linux or anything else... Just choose Mikrotik CHR instead of Windows, Ubuntu or any other thing

Enviado desde mi Redmi 3 mediante Tapatalk

by jprietove
Wed Dec 05, 2018 7:10 pm
Forum: Forwarding Protocols
Topic: OSPF loses routes after days
Replies: 23
Views: 8618

Re: OSPF loses routes after days

I just checked all my routers. All of the ip, network (same being /32), and router IDs are unique to each router. Try also to change interface network-type. Instead of broadcast, it seems your configuration could be PTMP because it (appears to) has a central Router. This way, the routers will not l...
by jprietove
Wed Dec 05, 2018 4:46 pm
Forum: Forwarding Protocols
Topic: OSPF loses routes after days
Replies: 23
Views: 8618

Re: OSPF loses routes after days

Check if there are several routers with same Id. Check also that router up address in loopback interface is correct, with /32 and network equal to address. Sometimes if configuration is copied from one router and pasted in another, and then the loopback IP is changed, the network remains. For exampl...
by jprietove
Mon Nov 26, 2018 9:55 am
Forum: Beginner Basics
Topic: 3011 update
Replies: 10
Views: 2399

Re: 3011 update

Why could you not use the automatic update that ArchilMindiashvili describe above? You can do > System>Packages>> Check For Updates >> Download and install >> Reboot system is updated I can't speak for OP, but there's a legitimate case: when a router doesn't have internet access (for any particular...
by jprietove
Sun Nov 25, 2018 2:21 pm
Forum: General
Topic: IP .2 can't ping out, but it can be pinged. IP .4 acts normal
Replies: 1
Views: 906

Re: IP .2 can't ping out, but it can be pinged. IP .4 acts normal

Try to see what is in ip, ARP. Maybe you have a static assignment for your Mac address and IP address

Enviado desde mi Redmi 3 mediante Tapatalk

by jprietove
Thu Oct 25, 2018 9:36 am
Forum: General
Topic: Extract PPP user list from RB backup
Replies: 1
Views: 1301

Re: Extract PPP user list from RB backup

It is not recommended to restore a backup from a MikroTik into another one. But it can work, maybe it will not be fully functional, but I'm pretty sure that after restoring it into a same model router, you will be able to export the configuration you need. After that, reset configuration and build i...
by jprietove
Tue Sep 25, 2018 10:18 pm
Forum: General
Topic: question about transmit hash policy
Replies: 12
Views: 12724

Re: question about transmit hash policy

That's it: it should work ok, as it was an unique 5Gbps interface

Enviado desde mi Redmi 3 mediante Tapatalk

by jprietove
Tue Sep 25, 2018 7:42 pm
Forum: General
Topic: question about transmit hash policy
Replies: 12
Views: 12724

Re: question about transmit hash policy

and i think you have mistake i have up to 5gbps :D you told i am able use up to 5Mbps :D anyway thank you. You are right. 5 Gbps... :D :D and alst question my friend is what will happen if one my slave port bandwidth will be full ? are the other packets drop ? or they will transmit from other slave...
by jprietove
Tue Sep 25, 2018 6:25 pm
Forum: General
Topic: question about transmit hash policy
Replies: 12
Views: 12724

Re: question about transmit hash policy

Hello, in balance rr i think i will get retransmitting segments for tcp/ip If you use same cables (good quality Cat6), same length, it should be OK : no retransmission errors, no jitter and no problems. so its better use layer2-layer3 transmit hash, so when layer2-layer3 transmit hash in enabled i ...
by jprietove
Tue Sep 25, 2018 5:23 pm
Forum: General
Topic: question about transmit hash policy
Replies: 12
Views: 12724

Re: question about transmit hash policy

in addition to my last posts please http://prntscr.com/kyh2a1 1. when i have set layter2-layer3 transmit hash i see outgoing traffic balanced over active LAG ports, but sometimes i see one of the ports outgoing traffic is around 180mb and its not balance, when i check flow i see its from one src ip...
by jprietove
Tue Sep 25, 2018 5:21 pm
Forum: General
Topic: question about transmit hash policy
Replies: 12
Views: 12724

Re: question about transmit hash policy

1. as i understand your explaination because i have a switch behind my routers and my computers are connected to switches i should choose layer2-layer3 transmit poliocy so in this case outgoing traffic will go towards all ports right? so i can have 5gbps throughput for outgoing traffic ? but if i c...
by jprietove
Tue Sep 25, 2018 1:20 pm
Forum: General
Topic: question about transmit hash policy
Replies: 12
Views: 12724

Re: question about transmit hash policy

so my questions are : 1. right now can i have 5gb throughput from my brocade switch to mikrotik ccr 1016 ? You have configured your bonding mode=802.3ad. This means that "LACP balances outgoing traffic across the active ports based on hashed protocol header information and accepts incoming tra...
by jprietove
Mon Sep 17, 2018 6:25 pm
Forum: General
Topic: IPSec and OSPFv3
Replies: 2
Views: 1573

Re: IPSec and OSPFv3

Well, it was a very long time ago when this question was post in this forum. Maybe this is useful for somebody: IPSec can't transfer multicast traffic, so it is not possible to configure IPSec policy for it. Instead, you can use GRE6 tunnel between your routers and add this GRE interfaces to OSPF-v3...
by jprietove
Tue Jul 03, 2018 10:35 am
Forum: General
Topic: Reference Manual
Replies: 5
Views: 1343

Re: Reference Manual

by jprietove
Mon Jul 02, 2018 10:29 pm
Forum: General
Topic: IP address on backup VRRP is invalid [SOLVED]
Replies: 5
Views: 3005

Re: IP address on backup VRRP is invalid [SOLVED]

I think, you got your subnet masks wrong. VRRP-Interfaces always should be configured with /32 No, it is not necessary. The objective of VRRP is to have two or more devices for failover. If the main fails, the backup actives the IP that is shared in both routers (that is, configured the SAME IP add...
by jprietove
Mon Jul 02, 2018 6:27 pm
Forum: General
Topic: IP address on backup VRRP is invalid [SOLVED]
Replies: 5
Views: 3005

Re: IP address on backup VRRP is invalid [SOLVED]

It is OK: as soon as Master is not reachable, Backup VRRP will put their IPs on valid state.
by jprietove
Sat Jun 09, 2018 10:39 am
Forum: Forwarding Protocols
Topic: OSPF - How large can a flat network grow?
Replies: 8
Views: 3342

Re: OSPF - How large can a flat network grow?

In a WISP covering a very extensive area with 30 PPPoE servers, more than 300 PtMP and more than 2000 CPE we had problem with MPLS: sometimes MPLS forwarding table doesn't follow OSPF. We decided to split the very big OSPF domain into several little ones using iBGP. Routing tables have diminished fr...
by jprietove
Wed Jun 06, 2018 2:04 pm
Forum: Forwarding Protocols
Topic: Temporarily disable BGP full route feed
Replies: 7
Views: 3746

Re: Temporarily disable BGP full route feed

You can do it using a static route before disabling BGP Peer:
/ip route add gateway=[ip_default_gateway]
by jprietove
Mon May 21, 2018 3:01 pm
Forum: General
Topic: Certificates - SCEP-SERVER - Get errors, possible bugs?
Replies: 0
Views: 2171

Certificates - SCEP-SERVER - Get errors, possible bugs?

TL/TR: Hello, I'm trying to configure an scenario with certificates and I've found a bug and a possible one. [*]Trying to sign a certificate via SCEP only works on CLI. Winbox gets an error "Error in SCEP URL - double field expected" [*]Trying to add Registration Authorities I get an erro...
by jprietove
Thu May 17, 2018 9:19 am
Forum: Wireless Networking
Topic: Wireless P2P with no line of sight
Replies: 1
Views: 1053

Re: Wireless P2P with no line of sight

Hello, try yourself different antenna combinatios with MikroTik Wireless Calculator: https://mikrotik.com/calculator
by jprietove
Wed May 09, 2018 8:34 pm
Forum: General
Topic: Netinstall + ubuntu 16.04 [SOLVED]
Replies: 6
Views: 13025

Re: Netinstall + ubuntu 16.04 [SOLVED]

What version of wine are you using ? I'm using Wine 1.6.2 with Ubuntu 16.04.4 LTS, Netinstall for RouterOS v.6.40.1. I've just downloaded Netinstall v.6.42.1 and works OK. Tried with your IP addresses, everything works fine. Please, check: All your computer interfaces are disabled, except your wire...
by jprietove
Wed May 09, 2018 6:26 pm
Forum: General
Topic: Netinstall + ubuntu 16.04 [SOLVED]
Replies: 6
Views: 13025

Re: Netinstall + ubuntu 16.04 [SOLVED]

Hello, I can confirm than NetInstall runs properly on Ubuntu 16.04 using Wine. Instructions for using NetInstall can be found at https://wiki.mikrotik.com/wiki/Manual:Netinstall Be sure to run it as sudo. In my computer I launch it using: gksu wine /media/Compartida/Red/netinstall.exe Press reset bu...
by jprietove
Tue May 01, 2018 7:31 pm
Forum: General
Topic: Bug: ISO8601 timestamp in syslog - always using UTC time
Replies: 4
Views: 3053

Re: Bug: ISO8601 timestamp in syslog - always using UTC time

Hello, after digging I've found a mistake in my rsyslog configuration that led to this problem. Mikrotik remote log is reporting logs with its current time, so I think it is fine.
by jprietove
Tue May 01, 2018 12:53 pm
Forum: General
Topic: Bug: ISO8601 timestamp in syslog - always using UTC time
Replies: 4
Views: 3053

Re: Bug: ISO8601 timestamp in syslog - always using UTC time

Hello. I am having this problem too. CHR version 6.42.1. I'm reporting this as a bug
by jprietove
Thu Apr 19, 2018 10:02 am
Forum: Virtualization
Topic: mikrotik in gns3 and qemu
Replies: 2
Views: 7617

Re: mikrotik in gns3 and qemu

When using GNS3 I prefer to build my own qcow2 image starting from .ISO file. I use this commands: qemu-img create -f qcow2 routeros-6.40.7.qcow2 256M qemu-system-i386 -net none -cdrom mikrotik-6.40.7.iso -m 256M routeros-6.40.7.qcow2 Look the option -net none : this tells QEMU to create the image w...
by jprietove
Mon Apr 16, 2018 1:14 pm
Forum: General
Topic: BGP Peer to only advertise default gateway
Replies: 1
Views: 1215

Re: BGP Peer to only advertise default gateway

Be sure that your instance has: redistribute-connected: no redistribute-ospf: no redistribute-other-bgp: no redistribute-rip: no redistribute-static: no client-to-client-reflection: no And you will have no need to use any filter. If this doesn' work, please export here your BGP configuration for bot...
by jprietove
Sun Apr 01, 2018 6:43 pm
Forum: SwOS
Topic: CSS106-1G-4P-1S AutoNegotiation Drops to 100M
Replies: 2
Views: 3145

Re: CSS106-1G-4P-1S AutoNegotiation Drops to 100M

First of all, I would check all the cables and verify they are Cat6 or at least Cat5e and they are firmly and well crimped
by jprietove
Fri Mar 30, 2018 9:05 pm
Forum: Forwarding Protocols
Topic: WISP with PPPoE and VLANs
Replies: 5
Views: 3631

Re: WISP with PPPoE and VLANs

IMO, your problem may be caused because 1 public IP address is not enough. I have at home 60 TCP connections with not very much usage of Internet. It goes to near 200 when several devices are used. If you have only 1 IP address for 2000 customers, considering that TCP port is a 16-bit number so ther...
by jprietove
Fri Mar 30, 2018 5:29 pm
Forum: Forwarding Protocols
Topic: Simulating blackhole in lab enviroment
Replies: 2
Views: 1571

Re: Simulating blackhole in lab enviroment

Let's say the providers R2 and R3 has AS numbers 65002 and 65003, respectively. If R2 provides a Blackhole community, usually 65002:666, the peer with R1 has an IN-FILTER like this: [admin@MikroTik] > routing filter print Flags: X - disabled 0 chain=bgp-in bgp-communities=65002:666 invert-match=no a...
by jprietove
Mon Feb 12, 2018 8:35 pm
Forum: Scripting
Topic: Find specific firewall nat
Replies: 1
Views: 1177

Re: Find specific firewall nat

Similar as you write: /ip firewall nat print where chain=srcnat && action=masquerade && out-interface="bridge-local" If you need it on a script, syntax changes but essentially it is the same: :if ([:len [/ip firewall nat find chain=srcnat && action=masquerade &&...
by jprietove
Wed Jan 31, 2018 1:26 pm
Forum: Forwarding Protocols
Topic: strange vpls up down in mpls chain
Replies: 3
Views: 1377

Re: strange vpls up down in mpls chain

It seems that you don't have VPLS interface passive in OSPF.
In OSPF interfaces add all as passive and then, add only the interfaces that has to be active to OSPF, i.e., ether1, ether2...
by jprietove
Fri Dec 01, 2017 3:10 pm
Forum: Beginner Basics
Topic: DHCP-Relay three routers
Replies: 2
Views: 1422

Re: DHCP-Relay three routers

Hello: you need R1 to know how to get to 10.10.11.0/24. And R2 needs to know how to get there too. Try the following

Code: Select all

R1
/ip route add dst-address=10.10.11.0/24 gateway=192.168.60.2

R2
/ip route add dst-address=10.10.11.0/24 gateway=192.168.60.6
by jprietove
Thu Nov 30, 2017 8:09 pm
Forum: Beginner Basics
Topic: Failover Script
Replies: 3
Views: 1393

Re: Failover Script

Have you considered using 'check-gateway=ping'? From the wiki (https://wiki.mikrotik.com/wiki/Manual:IP/Route) "Periodically (every 10 seconds) check gateway by sending either ICMP echo request (ping) or ARP request (arp). If no response from gateway is received for 10 seconds, request times ou...
by jprietove
Thu Nov 30, 2017 8:02 pm
Forum: Beginner Basics
Topic: OSFP need hint.
Replies: 2
Views: 1171

Re: OSFP need hint.

Hello. I don't really understand what do you mean when you say "R2, R3 and R4 did not know about each other's existence, but only about R1". You can use different totally-stub areas for R2, R3 and R4. This way, R2, R3 and R4 will have a default gateway that will be R1. BUT they can send pa...
by jprietove
Wed Jun 14, 2017 10:10 am
Forum: General
Topic: Bug in ipv6 link-local address is now generated from tunnel local-address
Replies: 8
Views: 4140

Re: Bug in ipv6 link-local address is now generated from tunnel local-address

This issue has been fixed in version 6.39.2. I've tested it and seems it is working fine.

Thank you very much!
by jprietove
Tue Feb 21, 2017 9:09 am
Forum: General
Topic: Bug in ipv6 link-local address is now generated from tunnel local-address
Replies: 8
Views: 4140

Re: Bug in ipv6 link-local address is now generated from tunnel local-address

Thank you very much for your opinions. Anybody knows how to report this bug? Or maybe Mikrotik read this forum and will solve it?

Thank you again!
by jprietove
Wed Feb 15, 2017 10:37 am
Forum: General
Topic: Bug in ipv6 link-local address is now generated from tunnel local-address
Replies: 8
Views: 4140

Bug in ipv6 link-local address is now generated from tunnel local-address

In Release 6.37 there was this improvement: *) tunnel - ipv6 link-local address is now generated from tunnel local-address; Now, using Release 6.38 I've found what I think is a bug: Let's create a 6to4 tunnel with local address 10.0.0.1 and show the associated ipv6 link-local address: [admin@MikroTi...