MikroTik

hi!

I've a sector with much clients. the average uploading traffic is 2-300kbit/s. Sometimes it raises up to 5-6-700kbit/s - bringing the sector to an unstable state - PacketLoss/ping times are high, the net is unusable for the users.

The interesting is that this traffic is visible at the interface list, but when I'm torching to trace who's doing that upload, I don't see anything unusual (only the average 2-300kbit/s).

My opinion is that 2 clients are doing direct connectcions with each other, and this traffic is 'turning back on the wifi card', because no routing is needed, the wifi card is funcioning like a switch.

My question is how can I trace back in this case who's doing that traffic? Or, can I separate the clients from each other so they are not able to make 'intra-sector' connections?

thanx!!!

We are seeing the same thing and it's not traffic going from one customer to another. We are running MRTG on the public interface and it's showing full traffic. Running torch on either the public OR private interface doesn't show the same level of traffic. Mikrotik interface graphs also show the traffic.

It also seems to be off by a large margin. We are "missing" 1-2Mbps or more at times.

We are seeing the same thing and it's not traffic going from one customer to another. We are running MRTG on the public interface and it's showing full traffic. Running torch on either the public OR private interface doesn't show the same level of traffic. Mikrotik interface graphs also show the traffic.

It also seems to be off by a large margin. We are "missing" 1-2Mbps or more at times.

Might be this issue; I found 500k of missing traffic.

http://forum.mikrotik.com//viewtopic.php?t=8970

Change was made to the torch output. Don't know when.

Mike

we did some tests a few days ago:
the selected routerOS uses the ip address of 10.3.0.0/16. Unfortunately we use open network, so anyone can connect to the AP (of course net is not accessible with these IP zone).

The test was the following. Two laptops equipped with WiFi card - we set 192.168.0.1 and 2 to them. Connected to the AP. And it worked! They could connect to each other, and of course with full speed, thus making the AP unstable. This is not very suprising BUT: the WHOLE traffic is INVISIBLE. In torch tool, in the interface list. There isn't any correspondant entry in the ARP table... How is this possible? Does mikrotik work in this configuration like a switch and captures only higher level of traffic?? (traffic that needs routing, and passes through RB)

Is there any client separation option like in any 'normal' access point to block this 'intra-AP' traffic?

You could say I've to use authentication but, this is only a workaround, and when someone wants they can capture some valid MAC (mac filter) or crack the security key.

Do you have the forwarding option off on the wireless interface(s)?