Enterprise Networking Mikrotik Routers (RouterBoard & RouterOS), User and owner discussion group
|
|
 May 8 2022, 10:33 PM
Show posts by this member only | IPv6 | Post
#2551
|
 
Junior Member
612 posts Joined: Mar 2008  
|
QUOTE(ahlong @ May 7 2022, 10:03 PM) Yes thank you so much! Solved! YOU the man. Thank you so much again. The v7 routeros automatically added default route for pppoe both ipv4 and ipv6. When you tick the default route in ipv6 dhcp client it will confuse which route. Idk this is a bug or feature.Selamat Hari Raya Aidilfitri, Maaf Zahir & Batin.  ahlong liked this post
|
|
|
|
|
|
May 9 2022, 10:39 AM
|
Junior Member
612 posts Joined: Apr 2005 From: http://127.0.0.1:80/announce 
|
QUOTE(Gaara92 @ May 8 2022, 10:33 PM) The v7 routeros automatically added default route for pppoe both ipv4 and ipv6. When you tick the default route in ipv6 dhcp client it will confuse which route. Idk this is a bug or feature. I see.. thats why everything (setting-ipv6) bound but connection timeout (while doing ping test on ipv6 site). Thanks for the info! |
|
|
May 9 2022, 01:47 PM
|
Junior Member
157 posts Joined: May 2014
|
Anybody using CRS as access switch and CCR as core?
Thinking instead of using cisco switches , use mikrotik for SME  |
|
|
May 11 2022, 11:13 AM
|
|
Junior Member
612 posts Joined: Mar 2008
|
QUOTE(cmah89 @ May 9 2022, 01:47 PM) Anybody using CRS as access switch and CCR as core? mikrotik is consider as both enterprise and prosumer solution. just go with it at least it have winbox gui Thinking instead of using cisco switches , use mikrotik for SME  ahlong liked this post
|
|
|
May 12 2022, 10:23 AM
|
Newbie
7 posts Joined: Sep 2012
|
Finally got my RB5009 up and running on Maxis Home Fiber (Telekom Infra). Ipv6 is also working. This is my 1st Mikrotik that I configured from scratch after learning about it at work. It has been educational, and I love the fact that I have the options to control my internal network. ahlong liked this post
|
|
|
May 12 2022, 02:03 PM
|
 
Elite
2,558 posts Joined: Jan 2003
|
QUOTE(megablur @ May 12 2022, 10:23 AM) Finally got my RB5009 up and running on Maxis Home Fiber (Telekom Infra). Ipv6 is also working. This is my 1st Mikrotik that I configured from scratch after learning about it at work. It has been educational, and I love the fact that I have the options to control my internal network.  Once you're on Mikrotik, highly unlikely you'll move back to 'normal' branded one.  megablur liked this post
|
|
|
|
|
|
May 12 2022, 06:02 PM
Show posts by this member only | IPv6 | Post
#2557
|
|
Junior Member
203 posts Joined: Feb 2008
|
Testing out fq_codel.No more broken on ipv6.Hap ac2 on 7.2.3  megablur liked this post
|
|
|
May 12 2022, 06:52 PM
Show posts by this member only | IPv6 | Post
#2558
|
Senior Member
2,400 posts Joined: Jul 2009 From: /dev/null
|
I have successfully adding 2nd IPv6 Subnet, since our ISP refuse to give atleast /60, we do NAT6 in second subnet    This what I do IPv6 ➡ Pool  IPv6 ➡ Address ➡ ➕  IPv6 ➡ Firewall ➡ NAT ➡ ➕    CODE [General] Chain: srcnat Src. Address: 2000::/64 Out. Interface List: WAN [Advanced] IPsec Policy: out : none [Action] Action: masquerade Only works in ROS7+ Windows and browser refuse to using fc00::/7 ULA Space, we had to break IANA IPv6 Assignment because of our ISP mistake, just break it  IPv6 NAT will break P2P, good firewall layer to protect IoT, VPN Users, etc... I just found out that, when Metric/Distance same Value, Windows will choose lowest IP Address Number, my plan to use funny address like 2000:dead:cafe:b00b::/64, I choose 2000::/64 because is the lowest value valid More details I put on my blog here: https://www.hitoha.moe/second-ipv6-subnet-v...os-7-using-nat/ This post has been edited by Anime4000: May 12 2022, 06:55 PM hasmidzul_jojo, w00t, and 2 others liked this post
|
|
|
May 12 2022, 07:41 PM
|
All Stars
11,459 posts Joined: Oct 2007 From: KL
|
QUOTE(Anime4000 @ May 12 2022, 06:52 PM) I have successfully adding 2nd IPv6 Subnet, since our ISP refuse to give atleast /60, we do NAT6 in second subnet Wow, awesome tip. Thanks very much for sharing.... |
|
|
May 13 2022, 09:36 AM
|
|
Elite
2,558 posts Joined: Jan 2003
|
QUOTE(Anime4000 @ May 12 2022, 06:52 PM) I have successfully adding 2nd IPv6 Subnet, since our ISP refuse to give atleast /60, we do NAT6 in second subnet Awsesome.This what I do IPv6 ➡ Pool IPv6 ➡ Address ➡ ➕ IPv6 ➡ Firewall ➡ NAT ➡ ➕ CODE [General] Chain: srcnat Src. Address: 2000::/64 Out. Interface List: WAN [Advanced] IPsec Policy: out : none [Action] Action: masquerade Only works in ROS7+ Windows and browser refuse to using fc00::/7 ULA Space, we had to break IANA IPv6 Assignment because of our ISP mistake, just break it IPv6 NAT will break P2P, good firewall layer to protect IoT, VPN Users, etc... I just found out that, when Metric/Distance same Value, Windows will choose lowest IP Address Number, my plan to use funny address like 2000:dead:cafe:b00b::/64, I choose 2000::/64 because is the lowest value valid More details I put on my blog here: https://www.hitoha.moe/second-ipv6-subnet-v...os-7-using-nat/ Thanks for the tips  |
|
|
May 13 2022, 10:13 AM
|
|
Junior Member
612 posts Joined: Apr 2005 From: http://127.0.0.1:80/announce
|
» Click to show Spoiler - click again to hide... « Thank you for sharing ya This post has been edited by ahlong: May 13 2022, 10:15 AM |
|
|
May 16 2022, 02:22 PM
Show posts by this member only | IPv6 | Post
#2562
|
|
Newbie
12 posts Joined: Feb 2009
|
QUOTE(Anime4000 @ May 12 2022, 06:52 PM) I have successfully adding 2nd IPv6 Subnet, since our ISP refuse to give atleast /60, we do NAT6 in second subnet Thank for sharing. Hi sifu. I look at your website u already buy new mikrotik rb5009 and direct replace the onu with gpon onu sfp. Can u teach me how to making fibre direct connect to mikrotik. Can u share at your blog?This what I do IPv6 ➡ Pool IPv6 ➡ Address ➡ ➕ IPv6 ➡ Firewall ➡ NAT ➡ ➕ CODE [General] Chain: srcnat Src. Address: 2000::/64 Out. Interface List: WAN [Advanced] IPsec Policy: out : none [Action] Action: masquerade Only works in ROS7+ Windows and browser refuse to using fc00::/7 ULA Space, we had to break IANA IPv6 Assignment because of our ISP mistake, just break it IPv6 NAT will break P2P, good firewall layer to protect IoT, VPN Users, etc... I just found out that, when Metric/Distance same Value, Windows will choose lowest IP Address Number, my plan to use funny address like 2000:dead:cafe:b00b::/64, I choose 2000::/64 because is the lowest value valid More details I put on my blog here: https://www.hitoha.moe/second-ipv6-subnet-v...os-7-using-nat/ |
|
|
May 16 2022, 03:21 PM
Show posts by this member only | IPv6 | Post
#2563
|
|
Senior Member
2,400 posts Joined: Jul 2009 From: /dev/null
|
Thanks everyone, ROS7 made possible to do IPv6 NAT, To Malaysia ISP: You have failed to give us at least /60 subnet, we going to use IANA reserve IPv6 address, because of this mess, ISP at fault... QUOTE(benson208 @ May 16 2022, 02:22 PM) Thank for sharing. Hi sifu. I look at your website u already buy new mikrotik rb5009 and direct replace the onu with gpon onu sfp. Can u teach me how to making fibre direct connect to mikrotik. Can u share at your blog? Oh yea, I haven't make proper guide to replace SFU (Switch Fabric Unit) ONU with GPON ONU SFP,EDIT: I have made full guide that apply with TM-Unifi, TM-Maxis, Allo and TIME https://www.hitoha.moe/odi-dfp-34x-2c2-gpon-onu-sfp/ This post has been edited by Anime4000: May 16 2022, 05:27 PM OlgaC4, hasmidzul_jojo, and 4 others liked this post
|
|
|
|
|
|
May 16 2022, 10:36 PM
Show posts by this member only | IPv6 | Post
#2564
|
|
Newbie
12 posts Joined: Feb 2009
|
QUOTE(Anime4000 @ May 16 2022, 03:21 PM) Thanks everyone, ROS7 made possible to do IPv6 NAT, Thank for sharing the guide sifu To Malaysia ISP: You have failed to give us at least /60 subnet, we going to use IANA reserve IPv6 address, because of this mess, ISP at fault... Oh yea, I haven't make proper guide to replace SFU (Switch Fabric Unit) ONU with GPON ONU SFP, EDIT: I have made full guide that apply with TM-Unifi, TM-Maxis, Allo and TIME https://www.hitoha.moe/odi-dfp-34x-2c2-gpon-onu-sfp/  |
|
|
May 17 2022, 07:02 AM
Show posts by this member only | IPv6 | Post
#2565
|
|
Elite
2,558 posts Joined: Jan 2003
|
QUOTE(Anime4000 @ May 16 2022, 03:21 PM) Thanks everyone, ROS7 made possible to do IPv6 NAT, Awesome To Malaysia ISP: You have failed to give us at least /60 subnet, we going to use IANA reserve IPv6 address, because of this mess, ISP at fault... Oh yea, I haven't make proper guide to replace SFU (Switch Fabric Unit) ONU with GPON ONU SFP, EDIT: I have made full guide that apply with TM-Unifi, TM-Maxis, Allo and TIME https://www.hitoha.moe/odi-dfp-34x-2c2-gpon-onu-sfp/  |
|
|
May 17 2022, 12:34 PM
|
|
Senior Member
3,038 posts Joined: Dec 2011
|
Hi bro, thanks for the great information.
Just to enquiry, what if we cannot access the modem ONU? Something like Alcatel ONU which don have webgui? QUOTE(Anime4000 @ May 16 2022, 03:21 PM) Thanks everyone, ROS7 made possible to do IPv6 NAT, To Malaysia ISP: You have failed to give us at least /60 subnet, we going to use IANA reserve IPv6 address, because of this mess, ISP at fault... Oh yea, I haven't make proper guide to replace SFU (Switch Fabric Unit) ONU with GPON ONU SFP, EDIT: I have made full guide that apply with TM-Unifi, TM-Maxis, Allo and TIME https://www.hitoha.moe/odi-dfp-34x-2c2-gpon-onu-sfp/ |
|
|
May 17 2022, 12:43 PM
Show posts by this member only | IPv6 | Post
#2567
|
|
Junior Member
203 posts Joined: Feb 2008
|
QUOTE(Anime4000 @ May 16 2022, 03:21 PM) To Malaysia ISP: You have failed to give us at least /60 subnet, we going to use IANA reserve IPv6 address, because of this mess, ISP at fault... |
|
|
May 17 2022, 02:59 PM
Show posts by this member only | IPv6 | Post
#2568
|
|
Senior Member
2,400 posts Joined: Jul 2009 From: /dev/null
|
QUOTE(hasmidzul_jojo @ May 17 2022, 12:43 PM) QUOTE(benson208 @ May 16 2022, 10:36 PM) Thank for sharing the guide sifu QUOTE(haturaya @ May 17 2022, 07:02 AM) Awesome Thank You  QUOTE(jusbella @ May 17 2022, 12:34 PM) Hi bro, thanks for the great information. You can use HG8240H5 info in my guide example, you just need create a random HWTC serial number and PLOAM Password...Just to enquiry, what if we cannot access the modem ONU? Something like Alcatel ONU which don have webgui? if you can't obtain PLOAM Password, sacrifice must be made: 1. Off Alcatel ONU 2. Call TM say ONU is dead 3. On Alcatel ONU for internet 4. When TM technician arrive, take a piece a paper, jam into UPC connector making it cannot connect 5. TM technician replace new ONU, ask him your PLOAM Password 6. profit if you using TIME, PPPoE Password is your PLOAM Password, simple If you using 1Gbps, you can get 1.3Gbps or more when using SFP! lwk523 done that!    he using Intel Wi-Fi 6 AX200 160MHz 2x2 MIMO @ 2440Mbps since laptop is ultrabook has no Ethernet Mikrotik Router & Switch support 2.5Gb HiSGMII (ROS 7.3+) 1. CCR2004-1G-12S+2XS 2. CRS305-1G-4S+IN This post has been edited by Anime4000: May 17 2022, 03:07 PM |
|
|
May 17 2022, 07:47 PM
Show posts by this member only | IPv6 | Post
#2569
|
|
Newbie
20 posts Joined: Feb 2019
|
All,
Anyone knows how to remove active users (that weren't properly disconnected)? From what I've been reading, it's not possible short of a reboot.  
Thanks in advance! |
|
|
May 17 2022, 08:04 PM
Show posts by this member only | IPv6 | Post
#2570
|
|
Newbie
20 posts Joined: Feb 2019
|
QUOTE(machai_world @ May 4 2022, 05:06 PM) mind to share guideline to enable ipv6 address for both public and private? Hope i didn't miss anything, here's a copy from my config with some rules removed and added some comments.CODE /ipv6 dhcp-client add add-default-route=yes interface=Time pool-name="Time IPv6" request=prefix use-peer-dns=no <- Change interface to your PPPoE interface /ipv6 address add from-pool="Time IPv6" interface=bridge-local <- Change to your internal bridge interface name. Pool name from ipv6 dhcp-client /ipv6 nd set [ find default=yes ] advertise-dns=no mtu=1480 /ipv6 firewall address-list add address=::/128 comment="defconf: unspecified address" list=bad_ipv6 add address=::1/128 comment="defconf: lo" list=bad_ipv6 add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6 add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6 add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6 add address=100::/64 comment="defconf: discard only " list=bad_ipv6 add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6 add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6 add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6 add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6 add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6 add address=::/104 comment="defconf: other" list=bad_ipv6 add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6 /ipv6 firewall filter add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid log=yes log-prefix=ipv6-drop-invalid add action=accept chain=input comment="defconf: accept ICMPv6" icmp-options=!128:0-255 log-prefix=ipv6-icmp-allow protocol=icmpv6 add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related log=yes log-prefix=ipv6-input-allow add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10 add action=accept chain=input comment="defconf: accept IKE" disabled=yes dst-port=500,4500 protocol=udp add action=accept chain=input comment="defconf: accept ipsec AH" disabled=yes protocol=ipsec-ah add action=accept chain=input comment="defconf: accept ipsec ESP" disabled=yes protocol=ipsec-esp add action=accept chain=input comment="defconf: accept all that matches ipsec policy" disabled=yes ipsec-policy=in,ipsec add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN log=yes log-prefix=ipv6-input-drop add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6 add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6 log=yes log-prefix=ipv6-fwd-drop-baddst add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6 add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6 add action=accept chain=forward comment="defconf: accept HIP" protocol=139 add action=accept chain=forward comment="defconf: accept IKE" disabled=yes dst-port=500,4500 protocol=udp add action=accept chain=forward comment="defconf: accept ipsec AH" disabled=yes protocol=ipsec-ah add action=accept chain=forward comment="defconf: accept ipsec ESP" disabled=yes protocol=ipsec-esp add action=accept chain=forward comment="ccept all that matches ipsec policy" disabled=yes ipsec-policy=in,ipsec add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN log=yes log-prefix=ipv6-fwd-drop |
| Change to: |  0.0634sec
 1.32
 6 queries
 GZIP Disabled
Time is now: 18th December 2025 - 02:42 PM |
Quote