Re: [AFMUG] Cisco config?
On Sat, 2016-12-10 at 19:03 +, Paul Stewart wrote: > Really old switch ….. not sure if I follow what you’re trying to do > … if you had other switches in place, I’d start to suggest q-in-q > but really what you’re looking for is logical switches inside the > physical switch to keep the separation you are referring to. So next > obvious question, why not add a second physical switch maybe? > It is, as you said, logical switches that I am needing (the vlan20). I can add a second switch, but that is what I am wanting to avoid if possible. I am growing more convinced that this is what I will have to do. Maybe an easier way to say what I need is that I need 2 logical switches, each having the ability to pass vlan tags created OUTSIDE the switch. I'm just not sure that is possible in a cisco switch. -- Butch Evans Training and Support for WISPs 702-537-0979 http://store.wispgear.net/ http://www.butchevans.com/
[AFMUG] Cisco config?
I have a scenario where I need some "special" handling for vlans and am not sure how to configure this switch to handle it. Software is: IOS (tm) C3550 Software (C3550-I9Q3L2-M), Version 12.1(9)EA1c Switch model is WS-C3550-24. Here is the scenario I need to configure: Most ports are configured as trunk mode, so any vlans I add to gear outside the switch just pass through as I configure them. I have 4 ports (13-16) that need to be separate. Currently, these are set up as "switchport access vlan20". This configuration effectively creates a separate "switch", which is what I need. What I would LIKE to do, is have the ability to have those 4 ports allow me to create vlan configuration on gear plugged into these ports as well. In other words, I want to create "2 switches" and have any port that is part of "switch 1" pass vlans unhindered between those ports and "switch 2" do the same. I hope this is clear. I only need a quick example, as I am somewhat familiar with the configs, just not sure how to overcome the single vlan limit on the access port. The problem I have is that SOME gear on some of these ports are vlan unaware (and it needs to stay that way). Here is a portion of the config showing the 3 port configuration types: ! interface FastEthernet0/9 description Kelly Office switchport trunk encapsulation dot1q switchport mode trunk no ip address ! interface FastEthernet0/10 no ip address ! interface FastEthernet0/13 description Accounting switch switchport access vlan 20 switchport mode access no ip address ! In practice, port 13 (14-16 are exactly like 13) cannot see traffic on either port 9 or 10. Ports 9 and 10 can see each other (which is what I need) Any vlan that I configure on gear plugged into ports 9 or 10 are simply passed through. Ports 13-16 do not permit the vlan on the gear to pass. -- Butch Evans Training and Support for WISPs 702-537-0979 http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] Mikrotik Password reset for inherited network
On Wed, 2016-11-09 at 00:24 +, Brett A Mansfield wrote: > I was able to find the backups. Sadly they are running v6.36. > > If I default it can I restore its config and change the password or > will it apply the old one? > > Google for "mtpass". That will find the passwords in the backup file. If these backups contain the "old" OR the "new" password, when you default/restore the backup, the password will be whatever is in that file. -- Butch Evans Training and Support for WISPs 702-537-0979 http://store.wispgear.net/ http://www.butchevans.com/
[AFMUG] FS: Training Event
Just a reminder as this is next week. Still room if you want to attend. Course: MTCNA PLUS Location: Nashville, TN Cost: $995/seat (discounts for multiple seats) Dates: November 14-18, 2016 Registration: http://store.wispgear.net/ MTCNA PLUS training event has been listed at http://store.wispgear.net/ If you are interested in attending, you must register soon, as time is running very short. If you have interest in training from Butch Evans Consulting, who has been training since 2004 (even before MikroTik offered training), then this is your chance. Nashville in the fall is a BEAUTIFUL destination. There is a discount on rooms at the hotel (almost 1/3 off the list price), so registration with them using "Butch Evans Consulting" as a group code is important. Call 702-537-0979, email but...@butchevans.com or message me here if you have questions or need assistance. -- Butch Evans Training and Support for WISPs 702-537-0979 http://store.wispgear.net/ http://www.butchevans.com/
[AFMUG] Equipment sale
I have a Cisco ASA-5505 that is new in the box for sale. The box says it is: ASA5505-BUN-K9. Send me a private email (but...@butchevans.com) with your offer and I'll send it out. I'll ship it however you want, but shipping will be your cost. -- Butch Evans Training and Support for WISPs 702-537-0979 http://store.wispgear.net/ http://www.butchevans.com/
[AFMUG] IRR
So I have a customer who is wanting to peer with Netflix. They require registration of routes in a route server. I have never done this sort of work before and am interested to hear what preferred registry you all use and why. -- Butch Evans Training and Support for WISPs 702-537-0979 http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] OSPF Filtering
On 06/30/2016 02:17 PM, Chuck McCown wrote: Funny, the programmers have a ridiculous reaction to "VPN" anything. I have learned to never use that term with them. EoIP seems to be OK with them. That is funny. There was a pharmacy that was a customer when we first got going that needed to ensure their upstream connection was encrypted. The owner INSISTED on WEP because that was "secure". I had offered to move it to WPA, but he refused because it wasn't WEP. Go figure. -- Butch Evans Training and Support for WISPs 702-537-0979 http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] OSPF Filtering
On 06/30/2016 02:12 PM, Chuck McCown wrote: Encryption is 100% required any time you are involved in distributing TV content. Options are: L2TP w/o IPSEC = good speed + generally lightweight and MPPE128 L2TP with IPSEC = decent speed and MUCH stronger encryption OpenVPN = good speed and good encryption and likely as good speed as L2TP -Original Message- From: Butch Evans Sent: Thursday, June 30, 2016 1:07 PM To: af@afmug.com Subject: Re: [AFMUG] OSPF Filtering On 06/30/2016 02:03 PM, Chuck McCown wrote: Speaking of tunneling, if I was to import a TV headend feed, say 1 Gbps, over the open internet, which protocol would be best: GRE EoIP IPIP PPTP ? ? ? Same answer. Unless you need encryption, GRE is stable, fast and lightweight. If you need large packets (jumbo frames) you can use l2tp and add in the bcp MRRU and transport those. -- Butch Evans Training and Support for WISPs 702-537-0979 http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] OSPF Filtering
On 06/30/2016 02:03 PM, Chuck McCown wrote: Speaking of tunneling, if I was to import a TV headend feed, say 1 Gbps, over the open internet, which protocol would be best: GRE EoIP IPIP PPTP ? ? ? Same answer. Unless you need encryption, GRE is stable, fast and lightweight. If you need large packets (jumbo frames) you can use l2tp and add in the bcp MRRU and transport those. -- Butch Evans Training and Support for WISPs 702-537-0979 http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] OSPF Filtering
On 06/30/2016 01:55 PM, That One Guy /sarcasm wrote: what is the lightest rubust tunnel mikrotik is capable of? EOIP performs pretty well between our providers For a routing tunnel (like this), I'd use straight up GRE instead of EoIP. You could use L2TP as well (without all the IPSEC encryption added on), but GRE is likely better. -- Butch Evans Training and Support for WISPs 702-537-0979 http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] OSPF Filtering
On 06/30/2016 01:00 PM, That One Guy /sarcasm wrote: I want to account for the customer to customer traffic. the traffic has to traverse the BMUs which are at the edges of the network (theyre just another OSPF router) Without changing something, I dont see I can do it, especially where redundant rings exist without specific manual QOS for each customer at the POP mikrotiks I also cannot control the bandwidth between the customers if the traffic doesnt pass the BMU The only other method I can think of is to build tunnels from each tower site (or at least each one that has a redundant path) back to the core router, which will cause all traffic to traverse the network back to the core. You can, then, account for all traffic from each customer. The only problem with that is that if you have very much traffic that is intranet, that will pass through the network twice. This will not fix traffic from a user on router talking to another user on the same tower. -- Butch Evans Training and Support for WISPs 702-537-0979 http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] Mikrotik 2011 vs 3011
On Wed, 2016-02-17 at 15:40 +, Dennis Burgess wrote: > We have a number of them in stock. Zero is a number, right? (Just kidding) -- Butch Evans Training and Support for WISPs 702-537-0979 http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] OT Sip Phones
On Tue, 2016-01-26 at 05:04 +, Christopher Gray wrote: > I've heard decent things about the Grandstream DECT phones, but all > 2nd hand and never tried them. Anyone have experience with those? > > A Wired Phone Question: > I use mostly Linksys / Cisco wired with good results (good sound > quality, good handsets). How does Polycom compare to the standard > Cisco units? I have used Polycom since I first started using VoIP. Only my very first couple of experimental phones were something else. I still have (and use) one of my very first Polycom phones. They are very solid and don't feel like a toy, as many phones do. The speaker phones are very good and they have support for headsets (I think all models do) built in. I don't really like Polycom's conference phone, but that is more because of the way it looks rather than it's functionality. -- Butch Evans Training and Support for WISPs 702-537-0979 http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] Simple firewall script for securing ntp server in Mikrotik
On Tue, 2016-01-26 at 16:33 +, Erich Kaiser wrote: > Anyone have one they would like to share? /ip firewall address-list add list=NTPUsers address=10.10.10.0/24 add list=NTPUsers address=12.12.12.0/24 /ip firewall filter add chain=input dst-port=123 protocol=udp \ src-address-list=!NTPUsers action=drop -- Butch Evans Training and Support for WISPs 702-537-0979 http://store.wispgear.net/ http://www.butchevans.com/
[AFMUG] Last chance....
Last chance to register for the upcoming MTCNA+ Training in Nashville, TN on Feb 1-5, 2016. See http://store.wispgear.net/ for registration and details. Also, don't forget about the IPv6 training coming in March in Louisville, KY. -- Butch Evans Training and Support for WISPs 702-537-0979 http://store.wispgear.net/ http://www.butchevans.com/
[AFMUG] Animal Farm gonna happen this year?
I have been absent from this list for some time...mostly due to just not having much time to read/participate. Is there a meeting in the works for this year (well, next year really)? -- Butch Evans Training and Support for WISPs 702-537-0979 http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] UDP throughput is fine, TCP is bad?
On Fri, 2015-07-17 at 22:23 +, TJ Trout wrote: I have a set of Mimosa radios that when installed 3 weeks ago reported 500mbps mac rate and that was confirmed with the radios internal speed test as well as btest between two CCR's in both TCP and UDP, everything was great until I upgraded to beta software and I started seeing a problem where the radios Phy/Mac/Speed test are all the same as prior but when doing btest between two CCR's I can get 500 udp but only about 5-40 tcp! I promptly downgraded software and I'm still seeing the same problem. Any ideas? The most common cause of this sort of symptom is a speed/duplex mismatch on an ethernet port. Check them all (both sides of each link) until you verify this is not the issue. -- Butch Evans Training and Support for WISPs 702-537-0979 http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] Mikrotik not responding layer3?
On Thu, 2015-07-16 at 15:16 +, Sterling Jacobson wrote: I've got a CCR that I've reset back to no config and programmed it via MAC access on winbox. It can't seem to ping out. It shows up on the neighborhood view for the remote mikrotik, so I know it's talking layer2. Just can't seem to talk layer3. Seems like I've seen this before, but can't remember what the problem was. Maybe check to ensure you have the proper netmask on your address entry for the router. Also, ensure you have a proper default gateway. -- Butch Evans Training and Support for WISPs 702-537-0979 http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] ***SPAM*** Re: private ipv4 sale / leases
On Wed, 2015-07-01 at 14:00 +, Glen Waldrop wrote: Yeah, but the great thing about NAT is that my network isn't public. That is my primary argument with IPv6. And NAT provides some level of security? I think you are overestimating the benefit of NAT. Also, with about 5 rules in a router, I can 100% mimic the benefit of NAT with a public IPv6 block. If you were to venture a guess, what percentage of the bots out there now (part of larger botnets) run with a public vs NAT IP? I'd venture to say that this would be a mid to high 90s. -- Butch Evans Training and Support for WISPs 702-537-0979 http://store.wispgear.net/ http://www.butchevans.com/
[AFMUG] Training AND a donation
THIS WEEK ONLY (by Saturday, June 27) , I will be donating 10% of ALL sales for this class to a young man heading on a mission trip to teach others about Jesus Christ. I have 5 seats sold this week and only 3 left. Here is the deal. By the way, the young man is the son of a WISP. IF I sell the remaining 3 seats before midnight on Saturday, June 27, I will increase the donation to 12.5% of ALL sales this week. Please help me raise money for this cause. Time is running short for the upcoming MTCNA PLUS training in DFW July 20-24, 2015. This is a Butch Evans Consulting training event. Seats are beginning to fill and there may not be many left by the end of June. See http://tinyurl.com/ofuy5tm for details and registration. Those of you who have seen other trainers offer MTCNA courses in 3 days may wonder why it takes me 5 days to offer this training. It is because of the hands on labs AND the much more concentrated coverage of the materials. References? I could provide you with a long list of references, but I would rather you ask around. ANY of the mailing lists have hundreds of my satisfied training customers on them. Most training companies would rather pick and choose which testimonials you see, but I'd rather you seek them out for yourself. That way, you will be better able to trust the results of your research. By the way, I recommend that if you plan to attend ANY trainer's event, that you do the same. There is nothing worse than paying hundreds (or thousands) of dollars and being unhappy with the results. -- Butch Evans Training and Support for WISPs 702-537-0979 http://store.wispgear.net/ http://www.butchevans.com/
[AFMUG] FS: Training in July
Time is running short for the upcoming MTCNA PLUS training in DFW July 20-24, 2015. This is a Butch Evans Consulting training event. Seats are beginning to fill and there may not be many left by the end of June. See http://tinyurl.com/ofuy5tm for details and registration. Those of you who have seen other trainers offer MTCNA courses in 3 days may wonder why it takes me 5 days to offer this training. It is because of the hands on labs AND the much more concentrated coverage of the materials. References? I could provide you with a long list of references, but I would rather you ask around. ANY of the mailing lists have hundreds of my satisfied training customers on them. Most training companies would rather pick and choose which testimonials you see, but I'd rather you seek them out for yourself. That way, you will be better able to trust the results of your research. By the way, I recommend that if you plan to attend ANY trainer's event, that you do the same. There is nothing worse than paying hundreds (or thousands) of dollars and being unhappy with the results. -- Butch Evans Training and Support for WISPs 702-537-0979 http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] Quick Mikrotik Question about MAC Address Tables
On 06/11/2015 12:57 PM, Sterling Jacobson wrote: I guess my gripe is with the bridge. I want it to show what port on the bridge the MAC is showing on. It should know that, right? /interface bridge host print -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] Mikrotik routing
On 06/09/2015 11:42 PM, Brett A Mansfield wrote: They can ping the WAN public, but not the next hop. This usually indicates a problem on the upstream router. No route or wrong route to the public subnet. -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] Mikrotik routing
On 06/10/2015 03:52 PM, Butch Evans wrote: On 06/09/2015 11:42 PM, Brett A Mansfield wrote: They can ping the WAN public, but not the next hop. This usually indicates a problem on the upstream router. No route or wrong route to the public subnet. To add a little to this. If the symptom is: * CAN ping the local gateway - layer2 is right * CAN ping any IP on the same device as local gateway - layer 2 is right AND the device (your pc) is correctly configured * Local Gateway router can ping anything - Gateway router is configured correctly. * IF you attempt to ping with a source address of your public range (in your case) FROM the router and it fails, then the issue is the same as below * CANNOT ping (from the PC) beyond the local gateway router - Routing is broken in some other router -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] Other Mikrotik question
On 06/08/2015 05:36 PM, t...@nwohiobb.com wrote: Here is my question about an Mikrotik problem I am having problems pinging 192.168.x addresses but not having problems pinging 172.16.2.x address and the 192.168 addresses are dhcp on mk. I also want to say I am doing l2tp connect from one MK to other MK. Any thoughts on what I am doing wrong here? You have not provided enough information here to offer any good advice. Probably either a routing issue or you are using the wrong IP space on the tunnel and that is causing the issue. -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
[AFMUG] FS: Training for RouterOS
MTCNA Plus course in DFW July 20-24, 2015. If you have ever considered RouterOS Training, this is the one to take. There are many options out there for a 3 day MTCNA training and I offer only a 5 day training. By doing this, I am able to more fully teach about the protocols involved (OSPF, ARP, etc.) and the details about WHY (not just HOW) you do certain things. That is the Plus in my training events. See my store site at http://store.wispgear.net/ for details and registration. This class is already beginning to fill. If you need references, I can send you some OR you can simply ask around on the lists. I have HUNDREDS of satisfied customers who have attended a training event with me. Call me at 702-537-0979 or email but...@butchevans.com if you have questions about the training. -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] OSPF doesnt repopulate if link drops
On 06/05/2015 03:03 PM, That One Guy /sarcasm wrote: In the log I see this. I was told unless you know what youre looking at that OSPF logging is confusing. Is this normal to be seeing? That looks like you are sending packets that: 1. Shouldn't be sent (speaking OSPF from IPs you shouldn't) OR 2. You have a bridge loop or similar that is allowing packets from other interfaces to come back to this router You can send this offlist if you want, but do: /routing ospf export Post that information and it will be easier to see what's happening. You can mask the key in the output if you want. -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] OSPF doesnt repopulate if link drops
On 06/05/2015 03:01 PM, That One Guy /sarcasm wrote: How do I know what order theyre in? Im currently in winbox and thats just sorted. So what Im not understanding is why it initially works, but if a switch (or backhaul) in between drops, it shows the neighbor relationship, but never populates routes? Im not questioning the advice, just trying to understand the underlying mechanics to avoid a similar fate in the future CLI will show you: /ip address print When you are having this issue, does the neighbor on both sides show state full? If not, which state is it hanging in? -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] Mikrotik CLI documentation
On 05/28/2015 09:50 PM, That One Guy /sarcasm wrote: Im really loving the mikrotik This GUI is really nice in winbox, but i can see with all the small subnets associated with moving toward OSPF Thats going to become tedious very quickly. I like the imagesteams because I deal with the firewall file and the wan.conf and now the ospf files. Create them in a text editor and dump them in. What are the comparable files in MT, and whats the easiest way to move files? I use winscp with the imagestreams. There is no specific file really. One thing you can do, though, is separate these into files on your computer to manage each section of the config. A quick example for managing IP addresses. Let's say you have the following config: /ip address add interface=ether1 address=10.10.10.10/24 comment=WAN IP add interface=ether2 address=10.10.11.1/24 comment=SW AP add interface=ether3 address=10.10.12.1/24 comment=NW AP Down the road, you want to add an IP to the router, you can upload a file like this: /ip address add interface=ether4 address=10.10.13.1/24 comment=Another AP /ip address export file=MyRouterIP After uploading this file (assuming you name it NewIPSpace.rsc): /import NewIPSpace.rsc After importing this, you will find a file called MyRouterIP.rsc on the file system, which you can download to your computer for backup or whatever. Or, suppose you want to change the IP on ether2 from 10.10.11.1/24 to 10.10.15.1/24 for some reason. Your file would look like this: /ip address set [find comment=SW AP] address=10.10.15.1/24 network=10.10.15.0 /ip address export file=MyRouterIP Just be sure that your connection to the router isn't using the 10.10.11.1 IP for either a gateway OR for the connection itself. One other approach would be if you didn't want to CHANGE the existing IPs, but wanted to simply ADD one, you could send a file like this: /ip address add interface=ether1 address=10.10.10.10/24 comment=WAN IP add interface=ether2 address=10.10.11.1/24 comment=SW AP add interface=ether3 address=10.10.12.1/24 comment=NW AP add interface=ether4 address=10.10.13.1/24 comment=New IP being Added /ip address export file=MyRouterIP When you import this one, it will simply give you an error for the first 3 lines that attempt to add and IP, since the IP addresses already exist, but the script should still run. -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
[AFMUG] FS: RouterOS Training
Announcing the upcoming MTCNA PLUS training in DFW July 20-24, 2015. This is a Butch Evans Consulting training event. Early registration is recommended, as this location usually fills early. See http://tinyurl.com/ofuy5tm for details and registration. Those of you who have seen other trainers offer MTCNA courses in 3 days may wonder why it takes me 5 days to offer this training. It is because of the hands on labs AND the much more concentrated coverage of the materials. References? I could provide you with a long list of references, but I would rather you ask around. ANY of the mailing lists have hundreds of my satisfied training customers on them. Most training companies would rather pick and choose which testimonials you see, but I'd rather you seek them out for yourself. That way, you will be better able to trust the results of your research. By the way, I recommend that if you plan to attend ANY trainer's event, that you do the same. There is nothing worse than paying hundreds (or thousands) of dollars and being unhappy with the results. -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] MT config mirror script
On 04/20/2015 11:59 AM, That One Guy /sarcasm wrote: If I have a production router on the network, and a virtual router in the lab, is there a script to keep the production configuration mirrored onto the lab router? A while back, I wrote something like this in perl, though it only watched a few areas of the configuration. It is not likely that you could accomplish this sort of thing using ONLY the Mikrotik routers, unless you only used some small bits of the configuration. If you have interest in something like this, I can probably help you get it going, but it would be easiest (and more functional) to do it using a third party box (Linux). -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] Aggrigation of upstream
On 04/17/2015 02:46 PM, TJ Trout wrote: Anyone know of a service that can take several small business fiber circuits that don't support bgp and bond them and provide a bgp session ? I've not seen anyone do this commercially, but I can make this happen for you if you like. Let me know if you want to explore this, as I don't have this set up just yet as a commercial service. FWIW, I have done this on a couple of occasions (minus the BGP), but even the BGP session should be easily done. -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
[AFMUG] Mikrotik Mailing list....
Recently, the place where I host my mailing lists, had a DNS server die. They did not replace that DNS server, as it was not doing anything important for them...other than RDNS for the IP space. As a result, there were MANY bounces and several people were automatically unsubbed from the list. If you wish to rejoin, go to http://mail.butchevans.com/mailman/listinfo and do so. Sorry for the inconvenience. -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] Mikrotik Pros/Cons and recomendations
On 03/30/2015 02:26 PM, That One Guy wrote: After poking around at many different brands, it seems Mikrotik is the right fit for our network and budget. LOTS of good questions here. My thoughts inline. I dont fully understand the licensing tiers For the most part, if you are purchasing the appropriate routerboard product (CCR vs rb750), the right license will be preinstalled. The licensing is interesting mostly if you are installing on an X86 router. For the most part, Level 4 is the most appropriate choice, unless you are running large hotspots or aggregating your pppoe sessions to a single router. I can give a more detailed answer with more specific details of your network requirements. Is there a sizing chart on these? Not really. Here's the easiest way to say this, though: RB7XX and RB9XX are CPE RB1100 (and similar), along with CCR are intended to be infrastructure. RB450 works well as a tower router, but the cost difference to move to an 1100 should be considered carefully, as the 1100 is a much more powerful solution and has the added benefit of more ethernet ports. Is the interface similar between the router models and the switch models? Are the mikrotik switches comparable to the HP procurve in reliability? CRS devices run the exact same software as the routers, so the interface is exactly the same. If you are going to use them in switched mode, however, I am a fan of HP and even secondary market Cisco for switching. It would be the bees knees to see out network more universal as far as management interfaces go, we have three purposes for routers: our upstream routers, which we have 2, will ultimately be running OSPF internally and BGP externally (current thought) 200mbps-1gbps projected need through the next couple of years. Upstream - CCR or 1100ahX2 (minimum) Our network/POP routers ranging from 1 customer at a POP to 150 RB450 or RB1100 would fit this need. Depends mostly upon the port count requirement. Also, the RB2100 series would work well here. Any of these would handle this need easily. A residential solution comparable to the UBNT AirRouters (1-25mbps rate plans) wifi capable. RB9XX is intended for this purpose. As much a fan as I am for RouterOS, I cannot say that MT products compare for wireless on an equal plain with UBNT. One possible solution would be something like the RB750 (or rb951) + Unifi for the wireless. If the home is small enough to only need one AP, then the RB951 is easily enough. Specifically, the RB951-2n or the RB9511G-2HnD (higher power output). For larger homes, the RB2100-2HnD-IN is better still. If the switches have similar interfaces, we would look toward replacing a combination of UBNT toughswitch POE, and a variety of HP procurves from 1810G to 2510G and their other POE models. If you do much with VLANs, then I'd (personally) stick with HP or Cisco. I note alot of discussion regarding MT ethernet negotiation flakiness, how much of an impact does this present? Right now we have imagestream and fortigate on the network, and have zero issues with that. This is pretty specific to certain routerboard models and other gear. I am a fan of hard coding all interfaces on infrastructure gear, so this is not really an issue if you do things the right way (yes, I know this can start a religious war). My experience is that this does not happen with better ethernet chipsets, such as you would install in an X86 device. I would like to her from people entrenched in MT who love/hate it, anybody who turned their back on it, and anybody who moved toward it. As you know, I am a big fan of RouterOS, but only where it makes sense. -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] Mikrotik Pros/Cons and recomendations
On 03/30/2015 06:06 PM, That One Guy wrote: Regarding their line of switches, Im conflicted here, if I stick to using them as a switch is the consensus that they are good or bad? CRS as a switch, is good. CRS with VLANs is good, but truly a convoluted configuration, but is not too far from some of the same processes you use in HP vlan configs. Learning curve should be reasonable. I am happy to assist further with the configuration and such should you need it. -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
[AFMUG] [FS] Training
Time is short and there are not many seats left for either of these... Currently 2 training events scheduled: Course: Mikrotik RouterOS Firewall Training Date: March 18, 2015 Course Length: 1 day (about 7 hours) Location: ONLINE Registration: http://store.wispgear.net/ Course: Mikrotik Routing ONLINE Date: March 25, 2015 Course Length: 1 day Location: ONLINE Registration: http://store.wispgear.net/ Cost per course is $350. If you purchase both courses together, you can get both for $650 by using the coupon code 2COURSE at checkout. To get the discount, you MUST order both courses together. I am working on the IPv6 course, which I plan to have ready for late April timeframe. Additionally, the QOS and VPN courses will be ready to go in April. Also note that I will be adding a full MTCNA+ Event soon as well. Looking at the possibility of going the the Miami MUM and doing a wireless (MTCWE) training. Who else is planning to go to Miami? -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] Mikrotik Dst-nat question
I have a customer with a DVR, so we do the port forwarding thing in mikrotik and they can now access the DVR from the Internet all is good. However, I want to do some type of re-direct on the internal network so they can use the public IP on the internal network to access the DVR. This is what I tried? 1;;; DVR TCP External Access (works fine) chain=dstnat action=dst-nat to-addresses=192.168.2.137 protocol=tcp in-interface=ether1 dst-port=8080,554,8000 log=no log-prefix= 2 X ;;; DVR TCP Internal Access (Not Working) chain=dstnat action=netmap to-addresses=192.168.2.137 protocol=tcp dst-address=199.47.xxx.yyy in-interface=Local dst-port=8080,554,8000 log=no log-prefix= /ip firewall nat add chain=srcnat action=masquerade src-address=192.168.2.0/24 dst-address=192.168.2.0/24 You can specify the dst-address=192.168.2.137 if you prefer. -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
[AFMUG] FS: Training Online
Two different online courses scheduled for March. Course: Mikrotik RouterOS Firewall Training Date: March 18, 2015 Course Length: 1 day (about 7 hours) Location: ONLINE Registration and more info: http://store.wispgear.net/ This is a FULLY INTERACTIVE training course where we will cover the firewall features in RouterOS. * Defining your overall security policy * How to document your firewall * Understanding network traffic * Protecting your router from attack * Introduction to Connection Tracking * Understanding the different types of firewall applications * Designing and using NAT in your configuration * Troubleshooting your firewall application * And more!! Course: Mikrotik RouterOS Routing Training Date: March 25, 2015 Course Length: 1 day (about 7 hours) Location: ONLINE Registration and more info: http://store.wispgear.net/ This is a FULLY INTERACTIVE training course where we will cover the routing features in RouterOS. * Understanding basic routing * RouterOS basic routing * RouterOS policy routing implementation * Understanding OSPF * RouterOS OSPF implementation * And MORE! Routers necessary for the hands on labs will be provided. The training course is offered via a web conference and VoIP application for the audio. MINIMUM requirements for your PC includes a microphone and speakers. A headset is HIGHLY recommended. -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
[AFMUG] Cool device - a little OT, but WOW!
http://cicret.com/wordpress/ This looks like a pretty cool device. Expected Q4 2015 for consumers. -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] Cool device - a little OT, but WOW!
On 02/09/2015 01:42 PM, Mathew Howard wrote: It says their objective with your donation is to develop the prototype within six months... that makes it sound like they don't even have any sort of a prototype. They may be able to make a working prototype, but I'm guessing it will be quite a lot larger. I only quoted their website on projected release date. I agree that it is likely not gonna happen that quickly (Q4/2015 seems pretty optimistic). -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] Cool device - a little OT, but WOW!
On 02/09/2015 01:29 PM, Jason McKemie wrote: I'm not sure they're going to be able to make it that small and still have it project brightly enough to see in daylight. Good concept though. That's what I thought, too. Time will tell, though. One video showed it submerged in water (not while in use), and I have a hard time seeing how they can make battery life last very long in such a small form factor, even with LED. Being under water, means they would have to make the seal much better than just the normal plastic cover over the recharging port (likely micro-USB). I just thought the idea was interesting. -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
[AFMUG] What is this?
-- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] What is this?
On 02/06/2015 02:11 PM, Bill Prince wrote: Looks like some sort of dual polarity sector antenna. The coax leads look like they go to something on the other side of the pole? I meant does anyone recognize the antenna. :-) -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] [FS] Training ONLINE
On 02/01/2015 10:08 AM, That One Guy wrote: The Imagestream course you did was like 5 days online, I thought it was really good format, is there a reason to not do it online for a full class This is a very good question. There are a couple of reasons for this. The first, and most important, reason is that the satisfaction from customers is not as high as I would like. In my live and in person trainings, those who have returned satisfaction surveys show about 98% satisfaction with the events (facility + instructor + materials). For the online, when I did them before for more than just the one day courses, the satisfaction with materials + instructor remains high, but the online format is only rated at around 80% satisfaction. For the one day classes, it is around 88%. For me, that is WAY to low. There are 3 things that people dislike about the online classes (primarily): 1. Labs - While they labs are similar to the live classes, people do not seem to get as much out of the courses, if they do not have the physical gear in front of them. 2. Interruptions - These have little to do with me, but when people are in the office, they get interrupted. 3. Webinar Software - It is simply a fact, that ALL online meeting places have some drawbacks. Some are better in some areas than others and finding one that fills ALL needs is nearly impossible. For myself, it is MUCH more difficult to control and manage the classroom with online trainings. I can deal with one and maybe two day events, but I doubt I will ever offer another 5 day training online. It is too stressful for me to do, especially knowing that people will not be as happy with my service as I like. -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] [FS] Training ONLINE
On 01/30/2015 12:18 PM, Matt wrote: Can we get a detailed syllabus for what is covered in this class? This class was as full as I can do for online training class. I didn't see this question until just now, so I apologize. This particular class was the routing course. We covered (very briefly) subnetting. We cover static routing, policy routing (again, brief coverage), network design concepts, OSPF (great detail). This is all that can fit in a single day, given that we spend about 5 hours + in lecture and allocate 1-2 hours for lab work. Would like to see a Mikrotik essentials online class. Imagine that would be at least 3 days though. A really worthwhile essentials training would take 5 days and I don't do those online. I am still uncertain of whether I will do more online courses...I am awaiting feedback from students about their experience and feelings about this format before I decide. -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] [FS] Training ONLINE
On 01/27/2015 01:42 PM, Keefe John wrote: Can we get a detailed syllabus for what is covered in this class? This class was as full as I can do for online training class. I didn't see this question until just now, so I apologize. -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] [FS] Training ONLINE
On 01/25/2015 12:38 PM, CBB - Jay Fuller wrote: Given a month or two out, i'd try to schedule some of this for the guys. If this one goes well enough, there will be others to follow. -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] OT - MT usage stats
On 01/22/2015 05:50 PM, Adam Moffett wrote: I don't exactly have an answer.but maybe a direction to look.� MT has RADIUS support for DHCP.� The intent is to authenticate based on the DHCP client's MAC address.does that support RADIUS accounting?� If so then pair that with FreeRADIUS and I think you can get usage stats into SQL that way. There is no accounting data for DHCP, either direct OR via RADIUS. -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] OT - MT usage stats
On 01/22/2015 05:47 PM, Timothy D. McNabb wrote: Was wondering if anyone had come up with a nifty-keeno way to export usage counters to a SQL database? Trying not to re-invent the wheel, just modify it with 22�s on spinners or something fancy. Currently mapping that information through mangle rules, however Passthroughs are an option as well. Depends on which usage stat you are looking for and how you want to collect the data. What data are you wanting to collect? -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] Mikrotik
On 12/26/2014 01:59 PM, joseph marsh via Af wrote: I have a Mikrotik on charter network and I have typed in the static ip gateway and DNS. When I go to new terminal and ping. Google DNS. I get no route to host What am I missing. I know. Its something small and simple If you had load sharing turned on, you may want to send the output of the following terminal commands: /ip route rule print /ip firewall mangle print -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] WispaAmerica Speakers
On 12/15/2014 10:51 PM, Nathan Stooke All via Af wrote: Hello, It is hard to believe that WispAmerica is just around the corner, the agenda committee is hard at work already. We have the agenda posted on the website and are starting to look for speakers and moderators. Please check out the agenda and let me know if you are interested in speaking on a topic or 2. Nathan, this list doesn't give me your email address. Hit me offlist at but...@butchevans.com or call me (number below) this afternoon. Email is likely better. -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] IP Management
On 11/29/2014 07:06 PM, Josh Baird via Af wrote: 6Connect is good. Men Mice is also good (but doesn't SWIP or do ARIN). Solarwinds also has an IPAM offering. There really isn't a good -free- solution that I know of (especially one that hasn't turned to vaporware). Many people will suggest IPPlan, but I hated it (although it can be easily customized and/or modified if you have any PHP clue). I wasn't impressed with IPPlan, either. HaCi is another free option that may do what you want. I haven't looked at it recently, so I can't even recall all the features of it at the moment. -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
[AFMUG] [FS] Just a few seats left
Location: Orlando, FL Dates: Dec 8-12, 2014 Course: MTCNA+ (Standard MTCNA PLUS a LOT) Training MTCNA+ in Orlando, Florida. Not many seats left, but I have room for a few more. See the details at http://store.wispgear.net/ for the training content. If you're a WISPA member, send me an email to but...@butchevans.com for the discount code. -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] [OT] Weird MT situation
On 11/16/2014 08:48 AM, Erich Kaiser via Af wrote: Winbox and MAC-Telnet are your friend, there is no need to have anything else enabled. You can send backup scripts via email. Version 6.5 and higher has worked rock solid and the export scripts work perfectly. Properly protected, there is no need to turn them off, either. As a consultant, there is nothing more frustrating than to have to walk one router at a time via mac-telnet to reach a router that SHOULD be reachable via ssh. -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] [OT] Weird MT situation
On 11/16/2014 03:27 PM, Ken Hohhof via Af wrote: Properly protected however sounds a bit like blaming the victim. I would say it's a lot easier to protect a castle that just has one gate. If I use it once a year, why leave it running all the time beckoning to bad guys or waiting for me to slip up on firewall rules? I understand your reticence to leave it turned on. I was simply responding to the idea that turning it off (without qualification) was the only, best solution. Best practice is to protect necessary services. If it isn't necessary for you, then turning it off IS part of proper protection. In addition to SSH, the other attractive nuisance seems to be RDP. There's a simple little tool called DUBrute the kiddies will run against tcp/3389, they don't have to be successful, just the traffic will mess you up. Agreed. Again, though, protecting the port is key. It should not be open to the world. There are better practices than a simple nat that opens this up to the world. I'm waiting for webcams to be the next big target, so many of them use UPnP and DynDNS to expose a webserver on a public IP, and end users buy them at Amazon and Costco, even supposed computer and networking professionals install them with no thoughts about network security. Rinse and repeat above comments. -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] [OT] Weird MT situation
On 11/16/2014 10:15 PM, David Milholen via Af wrote: Love Port Knocking :) :-) This is one method that can be helpful for some parts of your security approach. By itself, of course, it isn't the whole approach. But it is a big step forward from nothing. Personally, I generally make ssh available from only a very limited subset of IP addresses and those require a VPN, even within the network. -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
[AFMUG] [FS] Training
MTCNA+ Training event in Orlando, FL. Dec 8-12, 2014. This training is NOT the standard Mikrotik training. It covers way more than the standard training outline. The hotel is releasing my room block today, so you should register for the hotel (at least) today. Airline prices are climbing as well. See http://store.wispgear.net/ for details on what is covered in this training event. If you are a WISPA member, be sure to contact me before you purchase and I will provide you with a discount code to use. My phone number is below, or you can contact me at but...@butchevans.com. Thank you for your time and God Bless! -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] Sip Behind NAT
On 11/14/2014 02:53 PM, Nate Burke via Af wrote: I know the short answer is 'Don't' but let's pretend for a minute I don't have an option. (Mikrotik router, Grandstream 6102 PBX) I have a trunk setup to the carrier, and I am doing a DST-NAT rule for all traffic from the carrier's IP Address to the Internal IP of the Grandstream. I am also dst-nat all UDP ports 8766-35000 traffic to the grandstream. After a few minutes an incoming call will have 1 way audio, but then the next call right after that will be fine.I do have the NAT settings set in the grandstream. It seems like I'm just missing something simple to keep it working all the time. Any pointers? Ensure that the ALG helper is turned of. IP-Firewall-Service Ports (turn off the SIP app) -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] For love of all that is evil (mikrotik/routerboard)
On 11/13/2014 01:25 PM, Ty Featherling via Af wrote: Yes. Works great too. George, that is a good idea. -Ty On Thu, Nov 13, 2014 at 1:18 PM, Josh Luthman via Af af@afmug.com mailto:af@afmug.com wrote: They did add the compact feature to help clear this issue up... This compact is now the default mode for exports (beginning somewhere in the middle of the 6.x series) -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
[AFMUG] [FS] Training class
If you haven't registered and are interested in attending, NOW is the best time to do so. The hotel prices and airline rates are going up already. Hotel price is guaranteed until Nov 15. Early registration can save you some money, too (see below). Course Dates: Dec 8-12, 2014 Location: Orlando, Florida Registration: http://store.wispgear.net/ Price: $995 (less any discounts - Read to the bottom to get one) What is it that makes a Butch Evans training better? Butch has been in the business of teaching end users about the MikroTik product since 2004. Butch Evans is the first trainer ever certified by MikroTik to present training on their product and was the first to develop a full training course on this product. Butch has been in the ISP business since 1994 and his extensive experience comes through in the training presentation. The core of our curriculum has been in development since 2004, so the presentation material you will see has been tested and proven to work well for both the student and teacher. What is MTCNA+? Mikrotik's MTCNA outline covers the very basics of getting started with RouterOS. Most trainers stop here with their training courses. My course, however, covers MUCH MUCH more that just these basics. You can see the details for what is covered on the registration site above. References? I could provide you with a long list of references, but I would rather you ask around. ANY of the mailing lists have hundreds of my satisfied training customers on them. Most training companies would rather pick and choose which testimonials you see, but I'd rather you seek them out for yourself. That way, you will be better able to trust the results of your research. By the way, I recommend that if you plan to attend ANY trainer's event, that you do the same. There is nothing worse than paying hundreds (or thousands) of dollars and being unhappy with the results. What about the discount? If you are a WISPA member, you can get a 10% discount on the registration fee for this course. There may be other discounts available as well. Drop me an email or call me at the number below for details. This location is PERFECT for a family visit as well. Disney at Christmastime is GORGEOUS! Bring the spouse and kids and enjoy the scenery. As always, let me know if you have any questions. Thank you and God Bless! -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
Re: [AFMUG] Mikrotik CCR and PPPoE
On 10/24/2014 12:51 PM, Matt via Af wrote: Recently updated to a 36 core CCR as a PPPoE server. Was having some issues with higher tier packages such as our office getting more than 20mbps through a single connection. IPv6 seemed to perform better then IPv4 for speed tests. Upgraded the CCR from v6.17 to v6.20. Now every pppoe connection is screaming fast. I don't know what Mikrotik did but something has changed. I wonder if they did anything with there BGP code? We have another one doing a couple gigabit full BGP connections. Seems to work fine but one core is almost always at 100 percent. Its currently running v6.19. Per MikroTik, the fix for multi-core routing is coming in V7 -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
[AFMUG] [FS] MTCNA PLUS
Course Dates: Dec 8-12, 2014 Location: Orlando, Florida Registration: http://store.wispgear.net/ Price: $995 (less any discounts - Read to the bottom to get one) What is it that makes a Butch Evans training better? Butch has been in the business of teaching end users about the MikroTik product since 2004. Butch Evans is the first trainer ever certified by MikroTik to present training on their product and was the first to develop a full training course on this product. Butch has been in the ISP business since 1994 and his extensive experience comes through in the training presentation. The core of our curriculum has been in development since 2004, so the presentation material you will see has been tested and proven to work well for both the student and teacher. What is MTCNA+? Mikrotik's MTCNA outline covers the very basics of getting started with RouterOS. Most trainers stop here with their training courses. My course, however, covers MUCH MUCH more that just these basics. You can see the details for what is covered on the registration site above. References? I could provide you with a long list of references, but I would rather you ask around. ANY of the mailing lists have hundreds of my satisfied training customers on them. Most training companies would rather pick and choose which testimonials you see, but I'd rather you seek them out for yourself. That way, you will be better able to trust the results of your research. By the way, I recommend that if you plan to attend ANY trainer's event, that you do the same. There is nothing worse than paying hundreds (or thousands) of dollars and being unhappy with the results. What about the discount? If you are a WISPA member, you can get a 10% discount on the registration fee for this course. There may be other discounts available as well. Drop me an email or call me at the number below for details. This location is PERFECT for a family visit as well. Disney at Christmastime is GORGEOUS! Bring the spouse and kids and enjoy the scenery. As always, let me know if you have any questions. Thank you and God Bless! -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
[AFMUG] Inactivity
I have been active on these lists (and others) since around 1997. In the past 2 months, I have more or less dropped off all lists in terms of offering support and help. I have been dealing with some personal issues over the past few months and wanted to let you folks know that I am still here and offering consulting support, though at a slightly reduced volume. I am deeply saddened that I was unable to attend the MUM and will not be able to attend this year's WISPAPALOOZA. My schedule will be more flexible in the coming months and I will be back at the shows next year. While a number of you are customers, I look forward to these shows because you folks are also my friends. I have missed the interaction with all of you on the lists and look forward to the time when I can return. My mental/emotional state is improving and I expect that I will return to my normal level of activity on these lists very soon. For those of you who didn't miss me at all...Not sure what to say, but I'm sticking my tongue out at you. :-) -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/
