Re: [Mikrotik Users] Upgrade from 6.35.x to 6.42.6

2018-08-20 Thread Scott Reed via Mikrotik-users 
Mikrotik has been know to make change to the syntax, so the new make 
look different that the old.

I have upgraded 100s of units from as low as 4.15 incrementally to 
6.42.8 without losing anything.  Not that they have much, but upgrades 
just work.

You may not be able to copy the export to another version, though.


On 8/20/2018 15:09, Sam Morris via Mikrotik-users wrote:
> We have a number of devices to upgrade from 6.35 to 6.42. In testing the
> upgrade in a lab, I'm finding many discrepancies in the "export" output.
>
> The steps I took were:
>
> (On the production router)  export file=prod-config   
>
> - set up an identical spare router on the same RoS as the prod router,
> reset its configuration, and copy/paste the output of the export command
> from the prod router into the spare router
>
> - upgrade the spare router to 6.42.6
>
> - export the upgraded router config (export file=upgraded-spare)
>
> After this, I compare the differences between the files exported on the
> original production router (still running 6.35.x) and the upgraded spare
> router (now running 6.42.6). When doing so, I see many differences, and
> am concerned that when we upgrade the production routers that they will
> no longer work.
>
> Is there anything that may help with this? Tools, documentation, etc? Or
> with RoS automatically do the conversion of commands from the earlier
> versions to the newest version?
>
> Thanks
> Sam
> ___
> Mikrotik-users mailing list
> Mikrotik-users@wispa.org
> http://lists.wispa.org/mailman/listinfo/mikrotik-users
>

-- 
Scott Reed
SBRConsulting, LLC
Network and Wireless Consulting
WISPA Vendor Member
IN UMC Associate Lay Leader
SLI Coach Trained


---
This email has been checked for viruses by AVG.
https://www.avg.com

___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] Multiple NAT targets

2018-08-09 Thread Scott Reed via Mikrotik-users 
I am pretty sure you can do ranges (with a -) or a comma separated 
list.  Just be sure to check when you are done that it does what you want.


On 8/9/2018 12:44, Nick Bright via Mikrotik-users wrote:
> Is there a way to specify multiple to-address in a dst-nat rule?
>
> This may not even be the right way to approach the problem, but it's
> what came to mind.
>
> I am trying to take my inbound syslog traffic, and send it to two
> different syslog servers inside the firewall.
>
> Any suggestions?
>

-- 
Scott Reed
SBRConsulting, LLC
Network and Wireless Consulting
WISPA Vendor Member
IN UMC Associate Lay Leader
SLI Coach Trained


---
This email has been checked for viruses by AVG.
https://www.avg.com

___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] Exploit in ROS 6.41.3/6.42rc27

2018-08-06 Thread Scott Reed via Mikrotik-users 

Right.

I wanted to make sure people know that there are lots of things that may 
or may not be impacted if a device is infected.  You either have to 
totally delete the configuration and restore from backup or you need to 
go through every menu item and make sure they have not been changed.



On 8/6/2018 6:55, Tim wrote:


This has been detected in devices with earlier versions of ROS.

*From:*mikrotik-users-boun...@wispa.org 
 *On Behalf Of *Scott Reed via 
Mikrotik-users

*Sent:* Monday, August 6, 2018 5:58 AM
*To:* mikrotik-users@wispa.org
*Subject:* Re: [Mikrotik Users] Exploit in ROS 6.41.3/6.42rc27

It will also change device identity, change admin password, add Admin, 
add 5 firewall filter rules to redirect forward traffic, change DNS 
server, enable DDNS, add IP Web Proxy rules and more, but that is all 
I remember off the top of my head.


On 8/5/2018 20:57, Bob Pensworth via Mikrotik-users wrote:

We are finding an IP/Socks connection:

We are finding an event entry in System/Scheduler

And the (below) script in System/Script:

/ip firewall filter remove [/ip firewall filter find where comment
~ "port [0-9]*"];/ip socks set enabled=yes port=11328
max-connections=255 connection-idle-timeout=60;/ip socks access
remove [/ip socks access find];/ip firewall filter add chain=input
protocol=tcp port=11328 action=accept comment="port 11328";/ip
firewall filter move [/ip firewall filter find comment="port
11328"] 1;

-- 


Bob Pensworth, WA7BOB | General Manager

CresComm WiFi, LLC <http://www.crescommwifi.com/> | (360) 928-, x1

*From:* mikrotik-users-boun...@wispa.org
<mailto:mikrotik-users-boun...@wispa.org>

<mailto:mikrotik-users-boun...@wispa.org> *On Behalf Of *Shawn C.
Peppers via Mikrotik-users
*Sent:* Friday, March 16, 2018 11:54 AM
*To:* mikrotik-users@wispa.org <mailto:mikrotik-users@wispa.org>;
memb...@wisp.org <mailto:memb...@wisp.org>
*Subject:* [Mikrotik Users] Exploit in ROS 6.41.3/6.42rc27

I have not tested this yet but


https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow

:: // Shawn Peppers

:: // DirectlinkAdmin.com <http://DirectlinkAdmin.com>




___

Mikrotik-users mailing list

Mikrotik-users@wispa.org <mailto:Mikrotik-users@wispa.org>

http://lists.wispa.org/mailman/listinfo/mikrotik-users



--
Scott Reed
SBRConsulting, LLC
Network and Wireless Consulting
WISPA Vendor Member
IN UMC Associate Lay Leader
SLI Coach Trained

<http://www.avg.com/email-signature?utm_medium=email_source=link_campaign=sig-email_content=emailclient>



Virus-free. www.avg.com 
<http://www.avg.com/email-signature?utm_medium=email_source=link_campaign=sig-email_content=emailclient> 





--
Scott Reed
SBRConsulting, LLC
Network and Wireless Consulting
WISPA Vendor Member
IN UMC Associate Lay Leader
SLI Coach Trained



---
This email has been checked for viruses by AVG.
https://www.avg.com
___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] Exploit in ROS 6.41.3/6.42rc27

2018-08-06 Thread Scott Reed via Mikrotik-users 
It will also change device identity, change admin password, add Admin, 
add 5 firewall filter rules to redirect forward traffic, change DNS 
server, enable DDNS, add IP Web Proxy rules and more, but that is all I 
remember off the top of my head.



On 8/5/2018 20:57, Bob Pensworth via Mikrotik-users wrote:


We are finding an IP/Socks connection:

We are finding an event entry in System/Scheduler

And the (below) script in System/Script:

/ip firewall filter remove [/ip firewall filter find where comment ~ 
"port [0-9]*"];/ip socks set enabled=yes port=11328 
max-connections=255 connection-idle-timeout=60;/ip socks access remove 
[/ip socks access find];/ip firewall filter add chain=input 
protocol=tcp port=11328 action=accept comment="port 11328";/ip 
firewall filter move [/ip firewall filter find comment="port 11328"] 1;


--

Bob Pensworth, WA7BOB | General Manager

CresComm WiFi, LLC  | (360) 928-, x1

*From:* mikrotik-users-boun...@wispa.org 
 *On Behalf Of *Shawn C. Peppers via 
Mikrotik-users

*Sent:* Friday, March 16, 2018 11:54 AM
*To:* mikrotik-users@wispa.org; memb...@wisp.org
*Subject:* [Mikrotik Users] Exploit in ROS 6.41.3/6.42rc27

I have not tested this yet but

https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow

:: // Shawn Peppers

:: // DirectlinkAdmin.com 



___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users


--
Scott Reed
SBRConsulting, LLC
Network and Wireless Consulting
WISPA Vendor Member
IN UMC Associate Lay Leader
SLI Coach Trained



---
This email has been checked for viruses by AVG.
https://www.avg.com
___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] How to disable switch feature on PowerBox?

2018-08-01 Thread Scott Reed via Mikrotik-users 
They will show red if the ports are down or disabled.


On 8/1/2018 13:00, mike.lyon--- via Mikrotik-users wrote:
> I’ve taken the master-port assignment off of all ports and have assigned IP 
> addressess to eth1, eth2 and eth3 and have also removed all bridges.
>
> I can setup a DHCP server on eth1 but when i try to setup dhcp servers for 
> eth2 and eth3, the DHCP configurations all show up as red, except for eth1.
>
> Sounds like maybe ports 2-5 are configured as switchports.
>
> Any ideas?
>
> Thanks,
> Mike
> ___
> Mikrotik-users mailing list
> Mikrotik-users@wispa.org
> http://lists.wispa.org/mailman/listinfo/mikrotik-users

-- 
Scott Reed
SBRConsulting, LLC
Network and Wireless Consulting
WISPA Vendor Member
IN UMC Associate Lay Leader
SLI Coach Trained


---
This email has been checked for viruses by AVG.
https://www.avg.com

___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

[Mikrotik Users] Detecting Virus/Malware

2018-06-18 Thread Scott Reed via Mikrotik-users 
While we are getting everything on a network upgraded to avert the 
infection threat on RouterOS, is there anything we can see to know that 
the device is infected?

-- 
Scott Reed
SBRConsulting, LLC
Network and Wireless Consulting
WISPA Vendor Member
IN UMC Associate Lay Leader
SLI Coach Trained


---
This email has been checked for viruses by AVG.
https://www.avg.com

___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] Site-to-Site VPN

2018-03-12 Thread Scott Reed via Mikrotik-users 
About the same here.  I have pptp connections to several remote 
networks.  Setup routing in the local MT to know how to get to the 
address ranges of each network. Everything just works.  I can WinBox to 
anything on any network, browse devices on private addresses, etc.



On 3/12/2018 11:28 AM, Josh Luthman via Mikrotik-users wrote:

>L2TP provide any routing

Are you serious?

Sounds like you just want to make it easy to manage.  I do this from 
my house to our network with PPTP and EOIP.  I have an EOIP tunnel 
that puts the office network on the "wan" of my home Mikrotik that 
masquerades all of my traffic as a management office IP.  Works pretty 
flawlessly, I can't think of any issues I've had in the last 2-3 years 
doing this.


If you're looking at passing customer traffic/DHCP server/etc over the 
link I would strongly suggest just putting another box at the other 
network, like another Powercode BMU/Mikrotik/etc.



Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Mon, Mar 12, 2018 at 9:28 AM, David McCullough via Mikrotik-users 
> wrote:


We are expanding into a new market, which will extend our service
base. This new market currently has a fiber drain and we will be
connecting these two markets onto a single network in the coming
months. In the mean time we need to implement a site-to-site VPN
so that we can monitor the new markets equipment, migrate to our
DHCP server, etc.

Both networks are utilizing MikroTik equipment. Our network is
utilizing OSPF, while the new market just has static routes. We
are looking at the various options to integrate the site-to-site
VPN. We are thinking to implement L2TP. Will L2TP provide any
routing? Will we need to enable GRE? Should we just add static
routes, since it’s temporary.

Thanks,

David McCullough
d...@hcwireless.com 
Hill Country Wireless & Technology

830.225.1465  (o)
830.309.0473  (c)

www.hcwireless.com 


___
Mikrotik-users mailing list
Mikrotik-users@wispa.org 
http://lists.wispa.org/mailman/listinfo/mikrotik-users




 
	Virus-free. www.avg.com 
 



<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>


___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users


--
Scott Reed
SBRConsulting, LLC
WISPA Vendor Member

___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] Questing regarding bypassing hotspot.

2018-01-22 Thread Scott Reed via Mikrotik-users 
Instead of putting the MAC in the HotSpot, put it in RADIUS as the user 
ID. If the Hotspot is setup to to MAC authentication, it will pass the 
MAC to RADIUS, just as if the user logged in.



On 1/21/2018 6:45 PM, ralph via Mikrotik-users wrote:

I have a lot of sites using MT Hotspot with an offsite RADIUS backend that 
handles billing and customer speed control, etc.

This is fine for when the customer has a browser equipped device. They just log 
in via the portal and away they go.  But now there are many new devices that 
don't use browsers,  things like smart thermostats, smart TVs, certain game 
consoles and who knows what else.  MT (and my backend) have MAC Authentication 
(where you set MAC as one of the login methods in the hotspot) for those sorts 
of devices. However that only works if the device initiates an HTTP connection. 
On HTTPS, no auto login  and on a lot of these other devices no auto login 
either.

So I end up having to put these device's  MACs into an IP Binding table in the 
MT hotspot.Works great.  But I lose all tracking of the user, I can't 
control their speed, and I don't even know they are on line.   But the worst 
part is that now I have to manually track whether or not their subscription is 
current. Sometimes I forget to and their devices get free service for months.

But I think there must be a way I can do the following:

1. Let their MAC just pass through without going through the hotspot.
2. Limit the device's speed to that of their subscription
3. And optionally, have the rule go away on a certain date (or after a certain 
period of time)

I'd be ecstatic if I could just get #1 and #2.

I don't know anything about "Manual Queues", only the ones the hotspot creates 
upon login.

Can someone help me out?

Thanks,
Ralph


___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users


---
This email has been checked for viruses by AVG.
http://www.avg.com



--
Scott Reed
SBRConsulting, LLC
WISPA Vendor Member

___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] Dude, howto, where?

2017-11-16 Thread Scott Reed via Mikrotik-users 
Yes, probably device. Forget the PPP stuff. Just use the new out facing 
IP Address.


I have never seen a place to put PPP info in the Dude. It deals with IP 
Addresses.



On 11/16/2017 3:43 PM, Jan Van Kort via Mikrotik-users wrote:


If I knew I wouldn't be here asking.  I'm calling them POPs, where the 
internet connection ISP hits one of my networks.  The POPs have new 
IPs (because I told the previous ISP to go pound sand!), so it 
wouldn't be a "device" would it?  Each POP is a mtik router, on the 
PPP secrets tab per each router is username,password and a ip address 
that is a remote/local address.  At the Dude router is the same info 
reversed.  These addresses are not working because they don't know 
where in hell the routers went because there is no reference to the 
new external "public" IP address so apparently that is what I'm 
missing and there does not seem to be a place to input that info.  It 
is very well hidden.  Seems they could have put it on the same tab as 
the other stuff, but no.



On 11/16/2017 11:33 AM, Josh Luthman wrote:
Devices?  Or what different IPs to scan?  Or a remote Dude server?  
What is it you're missing?



Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Thu, Nov 16, 2017 at 2:26 PM, Jan Van Kort via Mikrotik-users 
> wrote:


My POPs have new external IP addresses, Dude of course quit. 
Where do I tell Dude the new addresses? PPP just has the inside
secret tunnels listed.  I've been over every menu tab in winbox
and the Dude menus I can find that seem related and cannot find
where to point the Dude so it can work again.


On 11/06/2017 07:47 AM, Jesse DuPont via Mikrotik-users wrote:

On Dude v6.x, have to use command line from within RouterOS
(either Winbox or SSH into it).

/dude export-db backup-file="/"

Then you can drag/drop the file from the router via Winbox or
use FTP.

*_Jesse DuPont_*

Network Architect
email: jesse.dup...@celeritycorp.net

Celerity Networks LLC

Celerity Broadband LLC
Like us! facebook.com /celeritynetworksllc

Like us! facebook.com /celeritybroadband

On 11/6/17 8:29 AM, Ed Spoon via Mikrotik-users wrote:

Export, then Import on new machine.


​

*
*
*Ed Spoon*
Internet Services Manager - triparish.net
 / cajun.net 
(CSS) Computer Sales & Services, Inc. / 985-879-3219


On Mon, Nov 6, 2017 at 8:26 AM, Troy Gibson, Byhalia.net,LLC
> wrote:

How do you back up the Dude To load on different computer
if your changing computers it runs on?



Troy Gibson

Sent from my Verizon, Samsung Galaxy smartphone

 Original message 
From: Josh Luthman via Mikrotik-users
>
Date: 11/6/17 9:02 AM (GMT-05:00)
To: "Ed Spoon - CSS, Inc." >, Mikrotik Users
>
Subject: Re: [Mikrotik Users] Dude opening page

When I was using it, I did a small devices/outages pane at
the top and the rest a network overview map. Saved that
panel and every device would use that.

Josh Luthman
Office: 937-552-2340 
Direct: 937-552-2343 
1100 Wayne St


Suite 1337


Troy, OH 45373



On Nov 6, 2017 9:00 AM, "Ed Spoon via Mikrotik-users"
> wrote:

What Christian said. It opens to last map you had open.
If another user is on, it will open to the map they
have up.



*
*
*Ed Spoon*
Internet Services Manager - triparish.net
 / cajun.net 
(CSS) Computer Sales & Services, Inc. / 985-879-3219


On Sun, Nov 5, 2017 at 2:51 PM, Christian Palecek via
Mikrotik-users > wrote:

It just opens up to the last panel you had open
under the username.  If its opening to a submap
there is probably another client that is connected

Re: [Mikrotik Users] Queuing for half duplex

2017-11-01 Thread Scott Reed via Mikrotik-users 

Yep.

I would suggest searching for the HTB queuing stuff. There are a couple 
of MUM session recordings and some examples available.



On 11/1/2017 1:52 PM, Josh Luthman via Mikrotik-users wrote:

Would queue tree with a parent of global maybe do something for that?


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Wed, Nov 1, 2017 at 1:49 PM, Roy via Mikrotik-users 
> wrote:


I was looking for the ability to say something like a maximum of
10Mbps
total without regard to direction

On 11/1/2017 10:36 AM, Ethan E. Dee wrote:
> What are you looking at specifically? Sounds like you could set
up an
> asymetric simple queue.
>
> On 11/1/2017 1:22 PM, Roy via Mikrotik-users wrote:
>> Anyone got a pointer to how to set up queuing on a Mikrotik for a
>> half-duplex circuit like a wireless link?  I would like to add
some QOS
>> to a radio.
>>
>
>

___
Mikrotik-users mailing list
Mikrotik-users@wispa.org 
http://lists.wispa.org/mailman/listinfo/mikrotik-users




 
	Virus-free. www.avg.com 
 



<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>


___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users


___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] Bonding Configuration

2017-09-26 Thread Scott Reed via Mikrotik-users 
This may not be the cleanest so hopefully someone will have a better 
solution.


This assumes local end has static addresses.

Create a PPP (like PPTP, L2TP, OpenVPN, etc.) tunnel from the remote end 
to the local end.


Run your PPPoE tunnel over that.


On 9/26/2017 2:33 PM, Nick Bright via Mikrotik-users wrote:

https://wiki.mikrotik.com/wiki/Manual:Bonding_Examples

I'm attempting to bond two DSL connections at a remote site, I was using
an appliance for this but the service provider is discontinuing the service.

Reviewing the document above, I encountered a challenge - the far side,
being two PPPoE DSL connections, doesn't have static IP addresses.

Is there a way to implement this solution such that the far side of the
tunnel on dynamic IPs can work?

For reference, the bonding will end up being between an RB2011 and
CCR1009; both under my control (but separated by 'internet')



___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] manage setting on hAP?

2017-09-21 Thread Scott Reed via Mikrotik-users 
Why shouldn't it differ, they expect different hardware to be used for 
different roles?


I am pretty sure MT does not use the same default settings across 
hardware platforms, though they are similar.


I have not run into one that is not completely cleared when told to not 
use it after first boot.



On 9/20/2017 7:53 PM, Grand Avenue Broadband via Mikrotik-users wrote:
I don't use the stock programming for anything, so there's that.  And 
this is a good example of why I don't.


But the stock programming shouldn't differ between a mAP lite and a 
hAP lite.


On Sep 20, 2017, at 4:49 PM, Chris Hudson > wrote:


Did you custom program the hap or just use the stock programming? 
Mikrotik has some stock firewall rules that kill inbound connections 
from winbox, telnet, etc. Internally, you shouldn’t have any issues.

Chris
*From:*mikrotik-users-boun...@wispa.org 
[mailto:mikrotik-users-boun...@wispa.org]*On 
Behalf Of*Grand Avenue Broadband via Mikrotik-users

*Sent:*Friday, September 01, 2017 3:31 PM
*To:*Jan Van Kort; Mikrotik Users
*Subject:*Re: [Mikrotik Users] manage setting on hAP?
Kind of depends what tool you use to remote into it, and what 
functions might block that.  I install both mAP lite and hAP lite 
under CPEs (depending on whether the customer needs more ports or 
fewer occupied outlets) and they work identically for me.
If you turned ROMON on, you can pretty much always Winbox into it 
over ROMON.  It's worth turning ROMON on in every router, just for 
circumstances like this.
On Sep 1, 2017, at 1:19 PM, Jan Van Kort via Mikrotik-users 
> wrote:

I installed one of these new hAP lite routers at a customers house.  Now
it won't show up on Dude and I can't remote into it to adjust settings.
Didn't have this problem with the map-lite units.  Where is the setting
for this?

___
Mikrotik-users mailing list
Mikrotik-users@wispa.org 
http://lists.wispa.org/mailman/listinfo/mikrotik-users

--
  Grand Avenue Broadband -- Wireless Internet Service
 Circle City to Wickenburg and surrounding areas
http://grandavebb.com 


--
  Grand Avenue Broadband -- Wireless Internet Service
     Circle City to Wickenburg and surrounding areas
http://grandavebb.com


 
	Virus-free. www.avg.com 
 



<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>


___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users


___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] Am I just blind?

2017-07-11 Thread Scott Reed via Mikrotik-users 
They were showing some new stuff at WispAmerica. I think they are going 
to have something bigger than the 8-port, but I don't remember what all 
I saw.


On 7/11/2017 1:54 PM, Jesse Dupont via Mikrotik-users wrote:
The PacketFlux SiteMonitor2 has a 5-port remotely operable, DIN 
mounted PDU you can run D.C. Through. They also have an 8 port gig 
midspan PoE with each port remotely operable.



*From:* mikrotik-users-boun...@wispa.org 
 on behalf of Nick Bright via 
Mikrotik-users 

*Sent:* Tuesday, July 11, 2017 11:32:16 AM
*To:* mikrotik-users@wispa.org
*Subject:* Re: [Mikrotik Users] Am I just blind?
I like the wifi-texas stuff, I've had good results with it; though I 
do wish they had a model with remote control on/off per-port (or 
per-bank even).


Selectable voltage per-bank would be nice too, but with complexity 
comes possibility of failures.


I tried Netonix and have been very dis-satisfied with them.

On 7/1/2017 3:28 PM, Grand Avenue Broadband via Mikrotik-users wrote:

These aren't switches.  They're power injectors in manifold format.

On Jul 1, 2017, at 1:24 PM, Tim > wrote:


Would never buy one.  Loose the switch you loose everything.  Do dc 
power separate from Ethernet.
We lost an 8 port switch but use separate Poe.  With redundant 
wireless links we were recovered in 30 minutes.


Had new switch in play next AM.

Poe switch is a bad idea.



MT doesn't make that.  While you're waiting, you can try these:

https://find-a-poe.com


--
  Grand Avenue Broadband -- Wireless Internet Service
 Circle City to Wickenburg and surrounding areas
http://grandavebb.com



___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users



--
---
-  Nick Bright-
-  Vice President of Technology   -
-  Valnet -=- We Connect You -=-  -
-  Tel 888-332-1616 x 315 / Fax 620-331-0789  -
-  Webhttp://www.valnet.net/  -
---
- Are your files safe?-
- Valnet Vault - Secure Cloud Backup  -
- More information & 30 day free trial at -
-http://www.valnet.net/services/valnet-vault  -
---

This email message and any attachments are intended solely for the use of the 
addressees hereof. This message and any attachments may contain information 
that is confidential, privileged and exempt from disclosure under applicable 
law. If you are not the intended recipient of this message, you are prohibited 
from reading, disclosing, reproducing, distributing, disseminating or otherwise 
using this transmission. If you have received this message in error, please 
promptly notify the sender by reply E-mail and immediately delete this message 
from your system.

 
	Virus-free. www.avg.com 
 



<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>


___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users


___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] OSFP considerations for WISP

2017-06-27 Thread Scott Reed via Mikrotik-users 

A couple of other points to remember.

All routers must have a unique ID.  Do not use 0.0.0.0 for any of them.  
Mikrotik gets a little goofy with them sometimes.


Keep all timeouts, etc. the same in each Area.

Sometimes it pays to try a different type.

Flapping OSPF can find other issues you didn't know you had.  Flapping 
OSPF can tell you a link is having trouble staying connected, etc.



On 6/27/2017 12:14 PM, Robert Dillon via Mikrotik-users wrote:


ok thank you both for chiming in.  I get what both you said.  And 
really this is a bunch of independent point to point links.  But what 
I was really thinking of going with is NBMA because it says its good 
for wireless networks by not using multicast. I was hoping to hear 
some Ya's or Na's based on experience.


Good to know about the time sync, thanks.

*From:*mikrotik-users-boun...@wispa.org 
[mailto:mikrotik-users-boun...@wispa.org] *On Behalf Of *Scott Reed 
via Mikrotik-users

*Sent:* Tuesday, June 27, 2017 9:48 AM
*To:* mikrotik-users@wispa.org >> Mikrotik Users
*Subject:* Re: [Mikrotik Users] OSFP considerations for WISP

And PtMP is for Point to MultiPoint.

So, topology defines what you use. Each network type has its place.

Also, you will want all of the routers to be time-synched from the 
same source.


On 6/27/2017 9:49 AM, Dennis Burgess via Mikrotik-users wrote:

I would suggest contacting a MT consultant that can answer these
and help you, but point to point is made for guess what, point to
point links Jheehhe .

*/_Dennis Burgess_/**–**Network Solution Engineer – Consultant *

MikroTik Certified Trainer/Consultant
<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>
– MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

For Wireless Hardware/Routers visit www.linktechs.net
<http://www.linktechs.net/>

Radio Frequency Coverages: www.towercoverage.com
<http://www.towercoverage.com/>

Office: 314-735-0270

E-Mail: dmburg...@linktechs.net <mailto:dmburg...@linktechs.net>

*From:* mikrotik-users-boun...@wispa.org
<mailto:mikrotik-users-boun...@wispa.org>
[mailto:mikrotik-users-boun...@wispa.org] *On Behalf Of *Robert
Dillon via Mikrotik-users
*Sent:* Tuesday, June 27, 2017 7:58 AM
*To:* 'Mikrotik Users' <mikrotik-users@wispa.org>
<mailto:mikrotik-users@wispa.org>
*Subject:* [Mikrotik Users] OSFP considerations for WISP

Hello all, we are going to be running OSPF on our network using
Mikrotik CCR routers at each tower.  We are transitioning from a
fully bridged network to a routed network.  Network is made up a
several interconnected rings using full duplex microwave links.
 We have 2 different upstream providers in geographically
dispersed locations that are not yet providing us BGP upstream
redundancy but that is the plan in the future.

So questions are:

- What OSPF network type are most WISPs using?  I'd assume not
broadcast due to just that, broadcasts=bad. NBMA?, PtP, PtMP? 
NBMA or PtMP see to make the most sense to me.


- With multiple upstream ISPs, how do I handle default route
advertisements across the network?  Some default routes need to
point to ISP 1 and some routes need to point to ISP2.

Thank you for your time.

Robert Dillon

In the Stix Broadband LLC, Co-Owner

814-472-2662 Office

rdil...@itxbb.net <mailto:rdil...@itxbb.net>

www.itxbb.net <http://www.itxbb.net/>


<http://www.avg.com/email-signature?utm_medium=email_source=link_campaign=sig-email_content=emailclient>



Virus-free. www.avg.com

<http://www.avg.com/email-signature?utm_medium=email_source=link_campaign=sig-email_content=emailclient>





___

Mikrotik-users mailing list

Mikrotik-users@wispa.org <mailto:Mikrotik-users@wispa.org>

http://lists.wispa.org/mailman/listinfo/mikrotik-users



___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users


___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] [OffList: Mikrotik Users] OSFP considerations for WISP

2017-06-27 Thread Scott Reed via Mikrotik-users 

I am a consultant that can help with this.

I have helped several other networks move from bridged to routed and 
implement OSPF as well.


Let me know if you are interested in some services and we can work out 
how I can best help you.



On 6/27/2017 8:57 AM, Robert Dillon via Mikrotik-users wrote:


Hello all, we are going to be running OSPF on our network using 
Mikrotik CCR routers at each tower.  We are transitioning from a fully 
bridged network to a routed network.  Network is made up a several 
interconnected rings using full duplex microwave links.  We have 2 
different upstream providers in geographically dispersed locations 
that are not yet providing us BGP upstream redundancy but that is the 
plan in the future.


So questions are:

- What OSPF network type are most WISPs using?  I'd assume not 
broadcast due to just that, broadcasts=bad.  NBMA?, PtP, PtMP?  NBMA 
or PtMP see to make the most sense to me.


- With multiple upstream ISPs, how do I handle default route 
advertisements across the network?  Some default routes need to point 
to ISP 1 and some routes need to point to ISP2.


Thank you for your time.

Robert Dillon

In the Stix Broadband LLC, Co-Owner

814-472-2662 Office

rdil...@itxbb.net 

www.itxbb.net 


 
	Virus-free. www.avg.com 
 



<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>


___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users


--
Scott Reed
IN UMC Associate Lay Leader
SLI Coach Trained
SBRConsulting, LLC
Network and Wireless Consulting
WISPA Vendor Member

___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] OSFP considerations for WISP

2017-06-27 Thread Scott Reed via Mikrotik-users 

And PtMP is for Point to MultiPoint.

So, topology defines what you use. Each network type has its place.

Also, you will want all of the routers to be time-synched from the same 
source.




On 6/27/2017 9:49 AM, Dennis Burgess via Mikrotik-users wrote:


I would suggest contacting a MT consultant that can answer these and 
help you, but point to point is made for guess what, point to point 
links J  heehhe .


*/_Dennis Burgess_/**–**Network Solution Engineer – Consultant ***

MikroTik Certified Trainer/Consultant 
 – 
MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE


For Wireless Hardware/Routers visit www.linktechs.net 



Radio Frequency Coverages: www.towercoverage.com 



Office: 314-735-0270

E-Mail: dmburg...@linktechs.net 

*From:* mikrotik-users-boun...@wispa.org 
[mailto:mikrotik-users-boun...@wispa.org] *On Behalf Of *Robert Dillon 
via Mikrotik-users

*Sent:* Tuesday, June 27, 2017 7:58 AM
*To:* 'Mikrotik Users' 
*Subject:* [Mikrotik Users] OSFP considerations for WISP

Hello all, we are going to be running OSPF on our network using 
Mikrotik CCR routers at each tower.  We are transitioning from a fully 
bridged network to a routed network.  Network is made up a several 
interconnected rings using full duplex microwave links.  We have 2 
different upstream providers in geographically dispersed locations 
that are not yet providing us BGP upstream redundancy but that is the 
plan in the future.


So questions are:

- What OSPF network type are most WISPs using?  I'd assume not 
broadcast due to just that, broadcasts=bad.  NBMA?, PtP, PtMP?  NBMA 
or PtMP see to make the most sense to me.


- With multiple upstream ISPs, how do I handle default route 
advertisements across the network?  Some default routes need to point 
to ISP 1 and some routes need to point to ISP2.


Thank you for your time.

Robert Dillon

In the Stix Broadband LLC, Co-Owner

814-472-2662 Office

rdil...@itxbb.net 

www.itxbb.net 


 
	Virus-free. www.avg.com 
 



<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>


___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users


___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] Am I just blind?

2017-06-24 Thread Scott Reed via Mikrotik-users 
Their latest newletter also announced a couple of switches that can boot 
SWOS or ROS.



On 6/23/2017 9:06 PM, Blair Davis via Mikrotik-users wrote:

Exactly what I want!

Thank you!

I searched under RouterBoard, not under integrated solutions/ethernet
routers.

Thank you all again!

--


On 6/23/2017 7:47 PM, Brian - Winters Broadband via Mikrotik-users wrote:

It also handles voltages from 12V to 57V, so can be used with a 48V power
supply to support 48V devices.

Brian Horn
Winters Broadband LLC

-Original Message-
From: mikrotik-users-boun...@wispa.org
[mailto:mikrotik-users-boun...@wispa.org] On Behalf Of Kristian Hoffmann via
Mikrotik-users
Sent: Friday, June 23, 2017 3:26 PM
To: mikrotik-users@wispa.org
Subject: Re: [Mikrotik Users] Am I just blind?

https://routerboard.com/RB960PGS

5 ports, check
SFP, check
POE, check
ROS, check



On 06/23/2017 03:22 PM, Blair Davis via Mikrotik-users wrote:

Looking for a routerboard with 4-8 Ethernet ports and a fiber cage...

POE out on the Ethernet ports would be nice...

But I need ROS, not a switch.

--


On 6/21/2017 1:13 PM, Nick Bright via Mikrotik-users wrote:

On 5/28/2017 12:46 PM, Jan-OOLLC via Mikrotik-users wrote:

Joe,

I too have spent thousands of hours building my networks.  I'm tired
of wasting time and $$ on dis-information, half-way there solutions
and thought that perhaps I should be asking this particular group as
the members of this group should be the ones who would have good
helpful answers.

I'm looking for articles, documents covering solutions for the
authors and setups that actually worked.  I want to avoid making
more expensive mistakes and I want to read about other peoples
successes and how they got there.  Has anyone actually published?
What traps did they hit and what were the fixes?

Jan V


If you can get there, I highly suggest that you attend WISPAPALOOZA
and WISPAmerica shows. You will learn much of what you're asking at
these kinds of events.


___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users



___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] maplite

2017-04-13 Thread Scott Reed via Mikrotik-users 
The default configuration is a series of rules.  It is fairly standard 
across the SOHO lines.


The first time you connect to the mAP via wireless it will ask you if 
you want to remove the rules or list them.  So you  could just delete 
them and then configure from either port.



On 4/13/2017 1:53 PM, Jan-OOLLC via Mikrotik-users wrote:


Thanks for the help, any idea what this rule should look like?

Jan V

On 04/12/2017 09:09 PM, Grand Avenue Broadband via Mikrotik-users wrote:
MikroTik default configuration firewall drops EVERYTHING coming into 
the WAN port that isn't initiated from inside your network, or 
related to something that was.


On Apr 12, 2017, at 7:22 PM, Josh Luthman via Mikrotik-users 
> wrote:


What about Mac telnet?

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Apr 12, 2017 9:58 PM, "Daniel Peoples via Mikrotik-users" 
> wrote:


All tiks drop inet side of things by default, you will need to
add an allow rule for your winbox port if you want wan side mgmnt.

/Daniel Peoples/
Resonance Broadband
/Resonancebroadband.com/ 
918-429-3620


On Wed, Apr 12, 2017 at 7:29 PM, Jan Van Kort via Mikrotik-users
> wrote:

how to configure these from WAN side?

jan v

___
Mikrotik-users mailing list
Mikrotik-users@wispa.org 
http://lists.wispa.org/mailman/listinfo/mikrotik-users




___
Mikrotik-users mailing list
Mikrotik-users@wispa.org 
http://lists.wispa.org/mailman/listinfo/mikrotik-users


___
Mikrotik-users mailing list
Mikrotik-users@wispa.org 
http://lists.wispa.org/mailman/listinfo/mikrotik-users


--
  Grand Avenue Broadband -- Wireless Internet Service
 Circle City to Wickenburg and surrounding areas
http://grandavebb.com



___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users




___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users


___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] Cloud Core Router reboot with no log entries???

2017-03-02 Thread Scott Reed via Mikrotik-users 
Open a terminal window.  If it was a power outage, under the banner it 
will say something like reboot without proper shutdown.


Also, the very beginning of the log after power up may have some help.

The part you are showing looks like OSPF getting started.


On 3/2/2017 2:11 PM, Brough Turner via Mikrotik-users wrote:
At 12:24 today, one of our core routers appears to have had a brief 
outage. It's upstream of our monitoring server so initially everything 
looked like a disaster, but upon further examination, the outage 
lasted less than 30 seconds and the 11 VPN sessions at the monitoring 
server were all back up in less than 37 seconds.  Looking at the 
monitoring server and each of the devices upstream of the monitoring 
server, all had uptimes of >143 days, except the gateway router, a 
CCR1036.


Strangely, the uptime on the CCR1036 suggests it rebooted at 12:24 
today, but there is nothing in its log.  How can we have a 30 second 
service outage and have the router's uptime reset with no log 
entries?  On a router reboot, we normally have dozens of log entries 
before the router is up, has the correct time and is behaving normally.


Here's a Winbox view of date, time, uptime and the log. Any ideas?  Am 
I missing something obvious?



​

Thanks,
Brough

Brough Turner
netBlazr Inc. – Free your Broadband!
Mobile:  617-285-0433   Skype:  brough
netBlazr Inc. | Google+ 
 | Twitter 
 | LinkedIn 
 | Facebook 
 | Blog 
 | Personal website 





___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users


___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] Two routers without double nat

2017-02-11 Thread Scott Reed via Mikrotik-users 
50% isn't bad.  I would think filling up queues or something similar is 
a likely cause.


To answer your questions you shouldn't have to do anything other than 
move the queues, etc. to the inside router.  Give it an address out of a 
/30 and the edge router the other address from the /30 and just let them 
route.  No NAT needed on the inside unit.


You might also consider moving the DNS to a real DNS server.  You may be 
running low on memory because of he DNS cache.


If you need help with the router configurations, hit me off-list.


On 2/10/2017 9:01 PM, OWS Optimum Wireless via Mikrotik-users wrote:

Hello.

I'm trying to improve performance on our network, I have a RB3011 with 
about 370 clients doing queue, balancing two 100M lines, NAT, DNS, 
among other things. At around 8pm to 10:30pm I've had customer 
complaining about "slow internet". CPU on this device has gone up to a 
little over 50% and I think is time to do something before is too late.


I have another RB3011 which I would like to use to help out the other. 
I want to leave in the current unit balancing the internet and have 
the new one do queue, firewall, and other stuff.


Now, I don't want to double nat. How can I do it? or can you please 
guide me to where I can have an idea on how to do it.


This is basically what I'm trying to accomplish:

WAN ---> RB3011 (172.16.0.1, balancer) > RB3011 (queue and stuff) 
> LAN (172.16.0.0/16 )


Thanks in advanced for your time and help.




___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users


___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] Missing wireless?

2016-12-15 Thread Scott Reed via Mikrotik-users 
I have seen funny things when the upgrade firmware is lower than the 
current.  Put a new version of ROS on it, upgrade the firmware and see 
what you get.



On 12/15/2016 12:39 PM, Roy via Mikrotik-users wrote:

Hi,

Maybe I am getting to old or had too much eggnog last night

We just received a shipment of HAP AC Lite (RB 952Ui-5ac2nD) from a well
known US distributor. When we power them up, there is no configuration
and the wireless interfaces are missing.  We tried two different devices
and they were both the same

I even reset it to factory default and got the usual messages telling me
it was setting up as a router with NAT and such but then all of that is
missing.

/system routerboard print
 routerboard: yes
   model: RouterBOARD 952Ui-5ac2nD
   serial-number: 6CBB06E2A9BC
   firmware-type: qca9531L
factory-firmware: 3.33
current-firmware: 3.33
upgrade-firmware: 3.32

/interface wireless print
Flags: X - disabled, R - running


I am baffled.

Roy
___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users



___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] OSPF errors on router

2016-12-14 Thread Scott Reed via Mikrotik-users 
Time synchronization ranks up at the top as well. Doesn't usually cause 
OPs error, but it is critical.



On 12/14/2016 8:51 AM, Kevin Myers via Mikrotik-users wrote:

Just wanted to echo and reinforce the comments that Justin Wilson made about 
every router that participates in OSPF needs to have the exact same version on 
it. He is 110% correct. This is not brought up a lot but is the SINGLE biggest 
factor in achieving OSPF and overall stability between the routers. I probably 
have this conversation at least once a day with a client WISP about setting a 
common version between all the OSPF routers.

The bugfix versions are good, I usually recommend 6.32.4 or 6.36.4 bugfix for 
production routers and never the latest unless there is a feature or fix you 
must have.

Thanks,
  
Kevin Myers

MTCINE # 1409
MTCRE,  MTCTCE, MTCWE, CCNP, MCP
Network Architect / Managing Partner
+1 (601) 287-3868 - Mobile (GMT -6)
+1 (303) 590-9943 – Office (GMT -6)
ipa.kevin.myers – Skype


#1 Ranked MikroTik consulting firm in North America
Expert consulting in | BGP | MPLS | OSPF | ISP | Data Center

IPA 2016 Conference Schedule – Come meet up with us !!

2016 FTTH Connect – Nashville, TN – June 13 - 15
WISPAPALOOZA (WISPA) USA – Las Vegas, Nevada – TBA - Fall 2016
MikroTik User Meeting (MUM) CANADA – TBA – Fall 2016



-Original Message-
From: mikrotik-users-boun...@wispa.org 
[mailto:mikrotik-users-boun...@wispa.org] On Behalf Of Dan Harling via 
Mikrotik-users
Sent: Wednesday, December 14, 2016 6:25 AM
To: Robbie Wright; Mikrotik Users
Subject: Re: [Mikrotik Users] OSPF errors on router

Some of our routers report this same "locally originated" OSPF message every few minutes. 
 It's nothing close to "blowing up" the logs, but troubling nonetheless.  And yes, it 
didn't start happening until we upgraded, probably to 6.36.x.  Just another data point.

Daniel Harling  <><
Engineering, Cape Ann Communications
183 Main Street, Gloucester, MA  01930
harl...@capeanncomm.com


On Wed, Dec 14, 2016 at 1:12 AM, Robbie Wright via Mikrotik-users 
 wrote:

Yeah, that's how we have it set. Each router has a unique router ID.
Our main router has one ID, but has a dozen or so ospf neighbors.
We've been running this setup for quite a while. Doesn't seem like we
saw it until an upgrade a while back. We do have a loop in our
network, on purpose, that OSPF routes around for primary and
redundant. However, all of the IP's that are showing in the logs
aren't part of the ring. They are all legs/stubs of the ospf, not anything to 
do with the ring.


Robbie Wright
Siuslaw Broadband
541-902-5101

On Tue, Dec 13, 2016 at 9:30 PM, Faisal Imtiaz

wrote:

Each router should have a unique router ID

typically, best practice, is to take an IP Address (unique) and
assign it to the Loopback interface ( a dummy bridge interface) and
use that a router id in your OSPF instance..

irrespective of how many interfaces you have running OSPF, only one
unique router id is required.


-
is it possible that you have created a loop where you are seeing the
packets from the router it-self ?


Regards.


Faisal Imtiaz
Snappy Internet & Telecom
7266 SW 48 Street
Miami, FL 33155
Tel: 305 663 5518 x 232

Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net



From: "Robbie Wright via Mikrotik-users" 
To: "Mikrotik Users" 
Sent: Tuesday, December 13, 2016 11:50:36 PM

Subject: Re: [Mikrotik Users] OSPF errors on router

I saw this issue pop up again. The duplicate router ID thing caught me.
We've got a main tower that has a vlan to a dozen other sites, each
running an MT with OSPF. Each vlan has a ptp ospf interface, not
broadcast, with a unique /30 public IP space. We only run one
instance of OSPF on our main tower router, with only one router ID.

I'm thinking maybe the one router ID across all the vlans is causing
the issue? Functionally, everything is working fine. But our logs are
blowing up with the "Discarding packet: locally originated" error.


Robbie Wright
Siuslaw Broadband
541-902-5101

On Thu, Sep 17, 2015 at 10:07 AM, Steve Barnes  wrote:

Justin I think I have followed all those steps.  I am using 6.29
exclusively.  Is there issues with that release?



Steve Barnes

General Manager

PCSWIN.COM

Howard Power Performance



From: mikrotik-users-boun...@wispa.org
[mailto:mikrotik-users-boun...@wispa.org] On Behalf Of Justin Wilson
- MTIN
Sent: Thursday, September 17, 2015 12:47 PM


To: Mikrotik Users 
Subject: Re: [Mikrotik Users] OSPF errors on router




Some things to make sure of before banging your head.



1.Make sure *every* router participating in OSPF is on the same OS
version.  They don’t have to be the latest greatest, just the same.
one router in a pool of 50 can taint the database.  Even if it’s one
version behind of ahead.



2.Make

Re: [Mikrotik Users] OSPF errors on router

2016-12-14 Thread Scott Reed via Mikrotik-users 
My experience is that has almost always been a configuration error.  
Often related to Router ID, but not necessarily the one reporting the 
errors.


One thing MT appears to not like is Router ID of 0.0.0.0.

Duplicate IP addresses can cause this message. The packet actually came 
from somewhere else, but looks like it is local.


I am sure there are some other common things, but it has been a while 
since I was dealing with this error message.




On 12/14/2016 7:24 AM, Dan Harling via Mikrotik-users wrote:

Some of our routers report this same "locally originated" OSPF message
every few minutes.  It's nothing close to "blowing up" the logs, but
troubling nonetheless.  And yes, it didn't start happening until we
upgraded, probably to 6.36.x.  Just another data point.

Daniel Harling  <><
Engineering, Cape Ann Communications
183 Main Street, Gloucester, MA  01930
harl...@capeanncomm.com


On Wed, Dec 14, 2016 at 1:12 AM, Robbie Wright via Mikrotik-users
 wrote:

Yeah, that's how we have it set. Each router has a unique router ID. Our
main router has one ID, but has a dozen or so ospf neighbors. We've been
running this setup for quite a while. Doesn't seem like we saw it until an
upgrade a while back. We do have a loop in our network, on purpose, that
OSPF routes around for primary and redundant. However, all of the IP's that
are showing in the logs aren't part of the ring. They are all legs/stubs of
the ospf, not anything to do with the ring.


Robbie Wright
Siuslaw Broadband
541-902-5101

On Tue, Dec 13, 2016 at 9:30 PM, Faisal Imtiaz 
wrote:

Each router should have a unique router ID

typically, best practice, is to take an IP Address (unique) and assign it
to the Loopback interface ( a dummy bridge interface) and use that a router
id in your OSPF instance..

irrespective of how many interfaces you have running OSPF, only one unique
router id is required.


-
is it possible that you have created a loop where you are seeing the
packets from the router it-self ?


Regards.


Faisal Imtiaz
Snappy Internet & Telecom
7266 SW 48 Street
Miami, FL 33155
Tel: 305 663 5518 x 232

Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net



From: "Robbie Wright via Mikrotik-users" 
To: "Mikrotik Users" 
Sent: Tuesday, December 13, 2016 11:50:36 PM

Subject: Re: [Mikrotik Users] OSPF errors on router

I saw this issue pop up again. The duplicate router ID thing caught me.
We've got a main tower that has a vlan to a dozen other sites, each
running an MT with OSPF. Each vlan has a ptp ospf interface, not broadcast,
with a unique /30 public IP space. We only run one instance of OSPF on our
main tower router, with only one router ID.

I'm thinking maybe the one router ID across all the vlans is causing the
issue? Functionally, everything is working fine. But our logs are blowing up
with the "Discarding packet: locally originated" error.


Robbie Wright
Siuslaw Broadband
541-902-5101

On Thu, Sep 17, 2015 at 10:07 AM, Steve Barnes  wrote:

Justin I think I have followed all those steps.  I am using 6.29
exclusively.  Is there issues with that release?



Steve Barnes

General Manager

PCSWIN.COM

Howard Power Performance



From: mikrotik-users-boun...@wispa.org
[mailto:mikrotik-users-boun...@wispa.org] On Behalf Of Justin Wilson - MTIN
Sent: Thursday, September 17, 2015 12:47 PM


To: Mikrotik Users 
Subject: Re: [Mikrotik Users] OSPF errors on router




Some things to make sure of before banging your head.



1.Make sure *every* router participating in OSPF is on the same OS
version.  They don’t have to be the latest greatest, just the same.  one
router in a pool of 50 can taint the database.  Even if it’s one version
behind of ahead.



2.Make sure your loopback IP addresses (you are using loopbacks correct?)
are listed as the router ID.



3.If these are true point-to-point backhauls change the OSPF type to PTP.
This cuts down on the chatter on the link.  Once OSPF establishes a session
it stops talking as much as if it were in broadcast mode.



4.Double check your IPs and subnet masks.



80some% of the OSPF issues I see are a result of mismatched router OS
versions. Bringing everything to the same version solves a ton of issues.



Justin Wilson

j...@mtin.net



---
http://www.mtin.net Owner/CEO

xISP Solutions- Consulting – Data Centers - Bandwidth

http://www.midwest-ix.com  COO/Chairman

Internet Exchange - Peering - Distributed Fabric



On Sep 17, 2015, at 8:25 AM, Steve Barnes  wrote:



Not completely.  Not sure we don’t have a small Comm issue to a backhaul.
However the outages have gone away just get 2-3 errors a day but it is not
causing any OSPF issues or outages.  Thinking of just adding a Filter rule
to block them and go on with life.



Steve Barnes

General Manager

PCSWIN.COM

Re: [Mikrotik Users] Firewall vs IP Services

2016-10-05 Thread Scott Reed via Mikrotik-users 
IP services determine whether or not the router responds to requests on 
that port.

Input firewall rules block packets from even getting to the IP Service.


On 10/5/2016 1:12 PM, Matthew Brendle via Mikrotik-users wrote:
> What is the difference in using Firewall Rules and the IP Services Rules?
> Does one supersede the other or is one processed before the other?
>
> Thanks,
>
> Matt
>
> ___
> Mikrotik-users mailing list
> Mikrotik-users@wispa.org
> http://lists.wispa.org/mailman/listinfo/mikrotik-users
>

___
Mikrotik-users mailing list
Mikrotik-users@wispa.org
http://lists.wispa.org/mailman/listinfo/mikrotik-users