Knowledgebase

Sometimes the amount of traffic on the network can cause slowness, or an individual website may be 'slow', but if you're suffering from a consistently poor connection speed on all the websites you visit, here are some things to try -

Check that all wires to your Router are firmly connected

Avoid heavy traffic -

The speed of your Internet connection depends on a number of factors - one important factor is how many other people are using the network in your house, and another important factor is whether it is a 'peak period' or not. The peak period is around 5pm to 12 midnight.

So, for example, if someone uses peer-to-peer software in your household, they can schedule their internet use at times when other people aren't using the internet.

Is your computer powerful enough? -

Generally, the more powerful computer that you have then the faster your browsing experience will be. For us to provide the Broadband Service, you must have a fully working and licensed personal computer. 

Keep your Router away from sources of electrical interference -

Common household electrical items can affect your broadband speed -

So make sure that your Router is placed at least five feet away from any of these -

  • Dimmer switches
  • Stereo or computer speakers
  • Christmas Tree lights
  • Halogen desk lamps
  • Televisions and monitors
  • 900MHz cordless telephones
  • AC Mains cords.

Clear your browser's cache 

Slow web pages can also be caused by a full cache of web pages or incorrect settings in Internet Explorer. To clear the cache, improve speed and also restore your default settings -

  • Open Internet Explorer
  • Click on Tools in the top menu
  • Select Internet Options
  • On the General tab, click on Delete Files and then click OK
  • Click on the Advanced tab at the top
  • Click on Restore Defaults
  • Click on Apply, then click on OK
  • Restart the computer and try again.

Pause any background downloads -

If you are downloading video, music, or other files, then your connection will slow down - and consequently, browsing the web may be a slower experience. To improve your broadband connection speed pause the download, and resume it at a later time.

Check for Spyware / Adware -

Are there any programs running in the background which may be affecting your connection speed? Viruses, spyware and some adware are together known as malware (short for "malicious software"). These programs can get on to your computer without your knowledge and run in the background while using up resources.

Check your firewall -

Have you raised the "security level" or equivalent setting on your firewall software? If you have it set to a very high security level this may give the appearance of a slower connection. This is because when the security level is high your firewall software will be closely examining everything being downloaded to your computer, which takes time. This is a matter of personal choice, but you may wish to consider lowering the security level to the default or normal setting in order to speed things up.

Also, check that you are only running one firewall and one antivirus program. Running more than one of each can cause processor overload and incorrect message reporting on intruder detection, hacker attacks, and more commonly virus reporting.

If you are wanting to configure multiple MikroTik routers with the same configuration, or to copy a config from one router to another, the best way is to use an export.  The export command dumps all of the configuration commands you added to a router to a text file and none of the stuff that gets you in trouble like MAC addresses.  Then by using the import command, you can apply that set of commands to an unconfigured router.  Issues with this method are often experienced if the target router has any configuration on it to begin with, even the default config, thereby causing the import to fail. Therefore, I always like to start with a fresh, blank router.  Unfortunately, unconfigured routers can be problematic to connect to via the MAC address for some PC's.   I have found a better way to accomplish this task.  The following example is from my latest book RouterOS by Example, 2nd Edition: Step 1 - Creating a Text Export on Router 1 The text export is created from the command line only:

  1. Open a terminal window by clicking the New Terminal button.
  2. At the root prompt, type export file=[your file name here]. Of course, the square brackets are not actually typed, you should be naming your file in that field. Example: export file=myconfig. It is not necessary to specify the file extension. The extension will be added automatically. Producing the export will take 100% CPU for a few seconds but will then produce a file in the Files List.
  3. From there you can drag and drop it to your desktop for renaming and further editing. You can also omit the “files=” portion of the command and it will export the configuration to the terminal window. From there you can copy and paste parts of the file for use elsewhere. Also note that the export is produced relative to the portion of the command tree you are in. For example, from the root of the command tree, you will export the entire configuration. By typing IP address and enter, you will then be inside the IP address menu branch and an export from there will only produce that portion of your configuration.

Step 2 - Upgrade and Import Assumptions:

  • I have reset the router  to the defaults using the reset switch or started with a router out of the box.
  • In my lab, I have a DHCP server and network access that I will connect to the router on ether1.  Since that port has a default config with DHCP client, it will pull an IP and have internet access.
  • I will be using the default configuration which includes a complete base config and I am attaching my laptop with DHCP to ether2.
  • Once everything boots, the laptop should have internet access through the defaulted router.
  1.  Once the router is booted and the laptop has internet access, click System-Packages and the Check for Upgrades button and install any upgrades, router will reboot.
  2. After reboot, drag the script your created on Router1 into the Files list on Router2.  You can even drag from one Winbox Files list to another Winbox window's files list, or drop it on your laptop desktop in between, your choice.
  3. Next, click System-Reset Configuration, check No Default Configuration and select the script you previously exported:

  2016-12-19_15-07-28 Click Reset Configuration. The router will then reboot, erase itself and then import your custom configuration.  This works very well when you have a stack of routers to upgrade and configure. Have fun and Keep on 'Tiking!  

Simple Queues don’t work properly...

I have heard this more than once, my MikroTik RouterOS Simple Queues don't work properly.  In a simple queue, “target” option is the only option that determines the flow direction of a simple queue.  Since the default value is 0.0.0.0/0, leaving it at that value creates an issue.

  • If a target is not specified (is 0.0.0.0/0), all traffic will be captured in the download part of the queue, as everything is download for 0.0.0.0/0.
  • This means the queue will not deliver the amount of bandwidth you are expecting.
  • Using the “dst” option is only an additional filter, it doesn’t determine the direction.

I did some tests using different values for target.  First, the incorrect target of 0.0.0.0/0. Notice this is a 3Mx3M queue and we aren't getting even close to that on download:  Now, I changed the target to the IP of the test workstation. As you can see the queue operates as expected now, about 3Mx3M.  Finally  I changed the target to the interface.  Same result, 3Mx3M:  Set that target, don't accept 0.0.0.0/0 and your MikroTik simple queues will work as expected.      

The switch menu and configuration interface is significantly different on the CRS3xx versus the CRS1xx or CRS2xx series switches and if you are trying to configure VLANs, the process is totally different. Here is a quick HowTo for configuring VLANs on MikroTik Switches such as the MikroTik CRS309 and similar.

Here is the setup we are trying to create:

Alt text

Everything is set up through the bridge menu for the most part. Begin with the creation of the bridge and port assignments:

/interface bridge
add name=bridge1
/interface bridge port
add bridge=bridge1 interface=ether1 hw=yes
add bridge=bridge1 interface=ether2 hw=yes pvid=20
add bridge=bridge1 interface=ether3 hw=yes pvid=30
/interface bridge vlan
add bridge=bridge1 tagged=ether1 untagged=ether2 vlan-ids=20
add bridge=bridge1 tagged=ether1 untagged=ether3 vlan-ids=30
add bridge=bridge1 tagged=ether1,bridge1 vlan-ids=99
/interface vlan
add interface=bridge1 vlan-id=99 name=MGMT
/ip address
add address=192.168.99.1/24 interface=MGMT
/interface bridge
set bridge1 vlan-filtering=yes

The lines that people seem to skip over are:

/interface bridge
set bridge1 vlan-filtering=yes

Also, adding the VLAN ID on the access ports when you add them to the bridge don’t forget these statements at the end:

pvid=20
pvid=30

for the two access ports, in this example ether2 and ether3.

Remember that this example only works for CRS3xx series switches. if you have a 1xx or 2xx switch, it is still done through the /switch menu. Here is the same configuration for 1xx and 2xx switches:

/interface bridge
add name=bridge1
/interface bridge port
add bridge=bridge1 interface=ether1 hw=yes
add bridge=bridge1 interface=ether2 hw=yes
add bridge=bridge1 interface=ether3 hw=yes
/interface ethernet switch ingress-vlan-translation
add ports=ether2 customer-vid=0 new-customer-vid=20 sa-learning=yes
add ports=ether3 customer-vid=0 new-customer-vid=30 sa-learning=yes
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether1 vlan-id=20
add tagged-ports=ether1 vlan-id=30
add tagged-ports=ether1,switch1-cpu vlan-id=99
/interface ethernet switch vlan
add ports=ether1,ether2 vlan-id=20 learn=yes
add ports=ether1,ether3 vlan-id=30 learn=yes
add ports=ether1,switch1-cpu vlan-id=99 learn=yes
/interface vlan
add interface=bridge1 vlan-id=99 name=MGMT
/ip address
add address=192.168.99.1/24 interface=MGMT
/interface ethernet switch
set drop-if-invalid-or-src-port-not-member-of-vlan-on-ports=ether1,ether2,ether3

I hope this post saves you some time and head scratching!

I converted an old perl backup utility written by Phillip Hutchison that was on the Mikrotik forums to make it a mass update utility for Mikrotik.

There are 2 versions (Link is at bottom)

version1 - "massupdater.pl" that uses only 1 username and password (UN and PW).

Version2 - "mkmassupdate-multi-login.pl" that tries 2 different logins.

 

The reason for the two different versions is that the multi login prints a "check" after it logs into the Mikrotik to verify that its logged in. After some testing i noticed that the "check" would fail if there is something in logging set to "echo" spamming the terminal it jacks with the output. this can be fixed by changing the check from "equals" to "includes" but then it may cause false positives with some scripts. Also the flooding of out put from the logging could still make the check miss.

the "massupdater.pl" version only waits for the login prompt then executes the script.

 

Here is how to use it.

This works on windows or linux if you have perl installed

For windows version I use activeperl found at http://www.activestate.com/activeperl and it includes the modules used so there isn't any additional setup to perl required.

On linux you need to install Net::Telnet after installing perl

 

Open the config file "massupdate.cfg" and change the username and passwords to match yours.

The email and backup directory is unused in these versions but you can put it in there incase it gets put back in.

 

Add the ip addresses for your routers to the "list.txt" file.

 

Add your script to the "script.rsc" file.

If you are unsure about how to write scripts in mikrotik you can just use and export as well and edit what is needed.

The included script file just adds 2 lines to the log of the router to help test that its working. you just need to make sure in "System->logging" that "info" is being logged, preferably to memory.

To build your own script from an existing setting just use the export command

eg: To get a script to update the DNS of all the routers you can open an existing router and open terminal and issue the command /ip dns export

and you will see

[[email protected]] /ip dns> export

  1. jun/11/2013 00:59:15 by RouterOS 6.0

/ip dns

set allow-remote-requests=yes max-udp-packet-size=512 servers=8.8.8.8,8.8.4.4

 

You can also use the command "export file=dns" and in the files you will see "dns.rsc". it will have the same commands that are exported to terminal but is helpful if your export is lengthy.

 

 

 

Now your ready to run massupdater.pl

massupdater.pl will look like this.


Mikrotik_massupdater_screenshot.png


and the massupdater-muli-login.pl will look something like this.

 


Mikrotik_massupdater_multi_screenshot.png


The above screenshot shows the event of both passwords failing. If the first password succeeds it will move on to the next router.

Download here https://www.dropbox.com/s/4vtd2kz25k3w6on/Mikrotik%20massupdater.zip?dl=0

Following is a quick and dirty way to export Mikrotik Local PPP (pppoe) users to USER MANAGER with same profile assigned as LOCAL profile section . I used the word dirty because there is no officially supported method that we can use by single CLI command or one window GUI.

Consider the following scenario:

Mikrotik is configured with PPPoE Server , and have two profiles with the name of 512k and 1mb and 6 users in ppp section …
As showed in the image below …

2-mt-profile

3-users-mt.

Our task is to migrate all local ppp users to USERMAN with minimum overhead management of manual workout.

First Open User Manager, and configure /add the NAS , so that Mikrotik can communicate with the UserMAN and wise-verse.

Now add same profiles in User Manager as present in the local Mikrotik PPP Section.
[This task can be done via CLI too, example is in the end]
As showed in the image below …

1b-userman-profiles.

.

Now as far as my dumb mind goes, I couldn’t found a way to assign profile to user using /tool userman menu, so to overcome this issue, I first created two users with same profile name and id.

Example if profile name is 512k, then create a user with name”512k” , it will be used as a master copy for cloning </div>
				</div>
				
				<div class=

aggregated

cisco bonding mikrotik to cisco

2 ports bonding

4ports_bonding

2020-05-13 13.19.04

This post was made for self reference purposes, so that I can find the configs easily from this page when needed again.


This post describes possible methods of creating ethernet interfaces bonding between Mikrotik to Cisco (etherchannel) or Mikrotik to Mikrotik to achieve load balancing & failover to achieve higher speed from multiple ethernet interfaces. Bonding is a technology that allows aggregation of multiple Ethernet-like interfaces into a single virtual link, thus getting Maximum Throughput and providing failover. You can use this technique to create bonding between WAN Cisco switch/R to User Mikrotik, then from User mikrotik to User distribution vlan switch. lots of combinations you can create in this regard.

Possible Scenarios:

OP have Mikrotik CCR1036 routerboard with SFP+. ISP have given OP with 10G of SFP+ connectivity on OP WAN Mikrotik router. but on user side router OP have simple CCR1036 with 1G ports only. So the wan link from 1036-wan to 1036-LAN is choking at  1G. Proper solution is to have back to back 10G connectivity between all routers, but since it requires cash investment, therefore the OP sometimes chooses workaround to fulfill the requirements for the time being. BONDING is one of that workaround that can be chosen. although I try to avoid using it as much as possible & always look for 10/25G solutions.


Hardware Used in this post

  • Mikrotik: RB2011
  • Cisco 36450 24 Ports Switch
  • In general you can use upto 8 ports Bonding, should be of same type/speed.
  • All ports should be enabled before adding them to bond.

Option-1# Mikrotik to Cisco Bonding (using 1Gx2 interfaces to achieve failover / load balancing / higher speed)

Using any two interfaces, we are creating 2 port Bonding interface. Example from Mikrotik Port 9 & 10 we will connect two cables connected to Cisco Switch port 23 & 24.

#Mikrotik Example Code , using port 9 & 10

1
2
/interface bonding
add link-monitoring=none mode=802.3ad name=bonding1-lan slaves=ether9,ether10 transmit-hash-policy=layer-2-and-3

# Cisco Switch Example Code, suing port 23 & 24

1
2
3
4
5
6
7
configure terminal
inter range gigabitEthernet 1/0/23-24
channel-group 1 mode active
channel-protocol lacp
#on newer IOS you dont need following CMD
#switchport trunk encapsulation dot1q
switchport mode trunk

Note: If you are doing Cisco to Cisco Port Bonding , then you need to repeat above code on 2nd switch too

Option-2# Mikrotik to Mikrotik Bonding

Its very simple. Just issue below command on both mikrotik and connect the cables from designated interfaces, assign IP, and you are good to go …

1
2
/interface bonding
add name=bonding1-to-ppp slaves=ether1,ether2

Some Helpful CMD’s related to etherchannel on Cisco switch …

1
2
3
show etherchannel summary
show etherchannel 1 port-channel
show interfaces etherchannel

Note: Before you connect both cable, make sure to add the config on Mikrotik & Cisco side, Else cisco port will get shut dueto STP protection to avoid loop.

1
*May 13 04:58:33.710: %ETC-5-L3DONTBNDL2: Gi1/0/23 suspended: LACP currently not enabled on the remote port.

Configuring EtherChannel Load Balancing

 

To view etherchannel load balancing setting, use the show command …

1
2
enable
show etherchannel load-balance

To configure load balancing, use the following commands:

1
2
3
4
enable
configure terminal
port-channel load-balance dst-mac
do wr

Mikrotik ‘User Manager‘ is a free and builtin package of mikrotik which provides basic level of radius / billing capabilities. Its good for smaller networks but form its introduction till the latest version, it always contains few bugs that can be sometimes annoying for the admin and surely not suitable for large production environment like ISP’s. One little example is FALSE active sessions in userman where user actually not active any more in the Mikrotik connected session but the userman shows it active thus preventing user from re-connecting.

This usually happens when users lost connectivity [specially wifi users] or disconnected from the mikrotik but userman still keep it in its active session therefore the user gets denied when he try to re-connect. so when the admin manually remove its Active session from the userman web interface, user then able to connect.

This is no mean a solution, but you can say as a workaround only a script was posted in mikrotik forums, therefore re-posting with some mods it so that it may help others as well. Just for reference purposes.

Schedule it to run according to your router load. on the load of around 150+ users with low end router, I schedule it to run after every 5 minutes as this script does take some times to calculate each user so take a note of it. adjust value accordingly.

 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# Script Source : Mikrotik Forums
# This script remove false active sessions in User Manager v5 or above
# I only tested it with ver 6.32.1 and it worked very well in a active network. [Lupael]
 
# Script Starts Here.
# Setting Timeout in Seconds
# Timeout in Seconds, when session update is older -> session closed
:local Timeout 60
 
#------------------------------------------
:local LastSessionUpdate;
:local SessionTimeout;
:foreach i in=[/tool user-manager session find where active=yes] do={
 
# When was the last Update of the session-informations
:set LastSessionUpdate [/tool user-manager session get $i till-time]
 
# SessionTimeout is a value that tells me how many seconds ago the last update of this session was
:set SessionTimeout ([system clock get time] - [:pick $LastSessionUpdate ([:find $LastSessionUpdate " "]+1) [:len $LastSessionUpdate]]-[/system clock get gmt-offset])
 
# if last update is more then Timeout seconds ago then close session and log it
:if ($SessionTimeout > $Timeout) do={
/tool user-manager session remove  numbers=$i
:log warning (" Removed false active session by Lupael https://i4e.com.bd - Username is  " . [/tool user-manager session get $i user]);
}
}

Following are few scenarios for some examples : I will add more soon.


Post#1 – PCQ base Bandwidth Management with different bandwidth for DAY / NIGHT / DAYS using TIME feature in Mikrotik

Scenario:

We are using Mikrotik CCR1036 ver 6.43.7 , acting as PPPoE NAS, Free-radius (DMA) is providing authentication for users account & also its informing NAS about from which POOL users should get IP address , based on the profile. Example 1mb user gets IP from 1mb pool from NAS.

We require following bandwidth plan:

1 mb user bandwidth plan

  • From 10am till 5pm > 1mb
  • From 5pm till 10am next morning > 2mb
  • Saturday + Sunday Full Time > 2mb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
/ip pool
add name=512kb ranges=172.16.114.1-172.16.115.255
add name=2mb ranges=172.16.102.1-172.16.103.255
add name=3mb ranges=172.16.104.1-172.16.105.255
add name=4mb ranges=172.16.106.1-172.16.107.255
add name=6mb ranges=172.16.108.1-172.16.109.255
add name=8mb ranges=172.16.110.1-172.16.111.255
add name=10mb ranges=172.16.112.1-172.16.113.255
add name=1mb ranges=172.16.100.1-172.16.101.255
 
/queue type
add kind=pcq name=1mb_down pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-rate=1024k pcq-src-address6-mask=64
add kind=pcq name=2mb_up pcq-classifier=src-address pcq-dst-address6-mask=64 pcq-rate=2048k pcq-src-address6-mask=64
add kind=pcq name=3mb_up pcq-classifier=src-address pcq-dst-address6-mask=64 pcq-rate=3072k pcq-src-address6-mask=64
add kind=pcq name=4mb_up pcq-classifier=src-address pcq-dst-address6-mask=64 pcq-rate=4096k pcq-src-address6-mask=64
add kind=pcq name=6mb_up pcq-classifier=src-address pcq-dst-address6-mask=64 pcq-rate=6144k pcq-src-address6-mask=64
add kind=pcq name=8mb_up pcq-classifier=src-address pcq-dst-address6-mask=64 pcq-rate=8192k pcq-src-address6-mask=64
add kind=pcq name=10mb_up pcq-classifier=src-address pcq-dst-address6-mask=64 pcq-rate=10240k pcq-src-address6-mask=64
add kind=pcq name=512kb_up pcq-classifier=src-address pcq-dst-address6-mask=64 pcq-rate=512k pcq-src-address6-mask=64
add kind=pcq name=2mb_down pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-rate=2048k pcq-src-address6-mask=64
add kind=pcq name=3mb_down pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-rate=3072k pcq-src-address6-mask=64
add kind=pcq name=4mb_down pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-rate=4096k pcq-src-address6-mask=64
add kind=pcq name=6mb_down pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-rate=6144k pcq-src-address6-mask=64
add kind=pcq name=8mb_down pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-rate=8192k pcq-src-address6-mask=64
add kind=pcq name=10mb_down pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-rate=10240k pcq-src-address6-mask=64
add kind=pcq name=512kb_down pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-rate=512k pcq-src-address6-mask=64
add kind=pcq name=1mb_up pcq-classifier=src-address pcq-dst-address6-mask=64 pcq-rate=1024k pcq-src-address6-mask=64
 
/queue simple
add max-limit=10M/10M name="Google DNS High Priority 1" priority=1/1 target=8.8.8.8/32
add max-limit=10M/10M name="Google DNS High Priority 2" priority=1/1 target=8.8.4.4/32
add name="1mb pcq day - 10 am till 5 pm" queue=1mb_up/1mb_down target=172.16.100.0/23 time=10h-16h59m59s,mon,tue,wed,thu,fri
add name="1mb pcq & 2mb double up night - 5pm till 10 am" queue=2mb_up/2mb_down target=172.16.100.0/23 time=17h-9h59m59s,mon,tue,wed,thu,fri
add name="1mb pcq & 2mb double up - saturday & sunday - 24 hours" queue=2mb_up/2mb_down target=172.16.100.0/23 time=0s-23h59m59s,sun,sat
add name="2mb pcq day - 10 am till 5 pm" queue=2mb_up/2mb_down target=172.16.102.0/23 time=10h-16h59m59s,mon,tue,wed,thu,fri
add name="2mb pcq & 3mb double up night - 5pm till 10 am " queue=3mb_up/3mb_down target=172.16.102.0/23 time=17h-9h59m59s,mon,tue,wed,thu,fri
add name="2mb pcq double up - saturday & sunday - 24 hours" queue=3mb_up/3mb_down target=172.16.102.0/23 time=0s-23h59m59s,sun,sat
add name="3mb pcq day - 10 am till 5 pm" queue=3mb_up/3mb_down target=172.16.104.0/23 time=10h-16h59m59s,mon,tue,wed,thu,fri
add name="3mb pcq & 6mb double up night -  5pm till 10 am " queue=6mb_up/6mb_down target=172.16.104.0/23 time=17h-9h59m59s,mon,tue,wed,thu,fri
add name="3mb pcq & 6mb double up - saturday & sunday - 24 hours" queue=6mb_up/6mb_down target=172.16.104.0/23 time=0s-23h59m59s,sun,sat
add name="4mb pcq - 24 hours" queue=4mb_up/4mb_down target=172.16.106.0/23 time=0s-1d,sun,mon,tue,wed,thu,fri,sat
add name="6mb pcq - 24 hours" queue=6mb_up/6mb_down target=172.16.108.0/23 time=0s-1d,sun,mon,tue,wed,thu,fri,sat
add name="8mb pcq - 24 hours" queue=8mb_up/8mb_down target=172.16.110.0/23 time=0s-1d,sun,mon,tue,wed,thu,fri,sat
add name="10mb pcq - 24 hours" queue=10mb_up/10mb_down target=172.16.112.0/23 time=0s-1d,sun,mon,tue,wed,thu,fri,sat
add name="512kb pcq day - 10 am till 5 pm" queue=512kb_up/512kb_down target=172.16.114.0/23 time=10h-16h59m59s,mon,tue,wed,thu,fri
add name="512kb pcq & 1mb double up night - 5 pm till10 am" queue=1mb_up/1mb_down target=172.16.114.0/23 time=17h-9h59m59s,mon,tue,wed,thu,fri
add name="512kb pcq & 1mb double up - saturday & sunday - 24 hours" queue=1mb_up/1mb_down target=172.16.114.0/23 time=0s-23h59m59s,sun,sat
add name="512kb for UKNOWN users IF any by zaib  - 24 hours" queue=512kb_up/512kb_down target=172.16.0.0/16 time=0s-23h59m59s,sun,mon,tue,wed,thu,fri,sat

in User PPP Profile, I have added following line

1
/queue simple remove [find dynamic]

This line will remove any Dynamic Queue that will be created by DMA.

Done.

Screenshots …

PCQ base simple Queues with TIME settings, each queue will be enabled as per time

q1

 

q2

q3

 

q4


Remove DYNAMIC Queue by Script command

Its useful when you are using PCQ base queueus , and your raidus still sends dynamic queues, you can add this in pppoe profile startups script section, so any dynamic queue will be removed whenever any user logins

1
/queue simple remove [find dynamic]

Post#2 – Limit user traffic using PCQ (also useful for Hotspot Bypassed MAC address)

To limit all users 192.168.1.0/24 to 512kb epr user, using PCQ, use following script.

1
2
3
4
5
6
7
8
9
10
11
/queue type
add kind=pcq name=download-512kb pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=524288 \
pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000
 
add kind=pcq name=upload-512kb pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=524288 \
pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000
 
/queue simple
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="Limit every Users at 512kb using PCQ. Can be used for hotspot BYPASSED macs too. Can be used for multi purpose  Lupael" \
direction=both disabled=no interface=all limit-at=0/0 max-limit=0/0 name=512k-limit packet-marks="" parent=none priority=8 queue=upload-512kb/download-512kb target-addresses=192.168.1.0/24 \
total-queue=default-small

Change the Bandwidth and Target IP addresses to meet your local requirements.
Bandwidth example:
512k = 524288
1mb = 1048576
2mb = 2097152
4mb = 4194304

Result as showed in the image below . . .

queue-pcq-per-user

Post#3 – Allowing specific extension Low Priority over other traffic

In this example we are marking traffic via mangle rules. .iso extension is marked as low priority traffic , and all other traffic is marked as hi priority traffic.

For example We have 256kb internet bandwidth in total. and we want that when users are downloading any .iso file, it gets low priority over other traffic i.e browsing etc. Use the following.

1
2
3
4
5
6
7
8
/ip firewall mangle
add action=mark-connection chain=postrouting comment="Mark Conn for .iso Ext" content=iso disabled=no new-connection-mark=iso-conn passthrough=yes
add action=mark-packet chain=postrouting comment="Mark Pkts for iso-conn Ext" connection-mark=iso-conn disabled=no new-packet-mark=lo-prio-traffic-pkts passthrough=no
add action=mark-connection chain=postrouting comment="Mark Conn for all other traffic" content=!iso disabled=no new-connection-mark=hi-prio-traffic-conn passthrough=yes
add action=mark-packet chain=postrouting comment="Mark Pkts for all other traffic" connection-mark=hi-prio-traffic-conn disabled=no new-packet-mark=hi-prio-traffic-pkts passthrough=no
/queue simple add name=wan_conn_limit interface=ether1 max-limit=256k/256k
/queue simple add name=hi-prio-traffic interface=ether1 parent=wan_conn_limit packet-marks=hi-prio-traffic-pkts priority=1
/queue simple add name=lo-prio-traffic packet-marks=lo-prio-traffic-pkts interface=ether1 parent=wan_conn_limit priority=8

4# Allowing Specific File Extensions High / Limited / Unlimited Bandwidth

For example, You have a network and every user have there bandwidth limited at 256kb. Now you want that if a user is downloading .FLV video file , He can view/download it at unlimited speed regardless of his allowed speed limit, i.e 256kb package, Use the following.

First mark all packets with .flv extention.

1
2
3
4
/ip firewall mangle
add action=mark-connection chain=postrouting comment="Mark Conn for .flv Ext" content=flv disabled=no new-connection-mark=flv-conn passthrough=yes
 
add action=mark-packet chain=postrouting comment="Mark Pkts for flv-conn Ext" connection-mark=flv-conn disabled=no new-packet-mark=flv passthrough=no

Now Create a Queue Tree and Set Unlimited or Limited Bandwidth (OR As per your requirements if you want to allot specific amount, set it) to Marked Packets

1
2
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=100M max-limit=100M name=Unlimited-Speed-4-Marked-Pkts packet-mark=flv parent=global-out priority=1 queue=defaul

You can use the same in reverse to limit specific extension type bandwidth usage.

5# Allowing Specific Ports High Priority over other traffic

First we need to mark protocols. (In this example we are using SMTP port 25 )

1
2
/ip firewall mangle add chain=prerouting protocol=tcp port=25 connection-state=new action=mark-connection new-connection-mark=hi_prio_conn
/ip firewall mangle add chain=prerouting connection-mark=hi_prio_conn action=mark-packet new-packet-mark=hi_prio_conn_pkts

Now we will create Simple Queue and give high priority to marked packets and other packets low priority. (In this example we have 2Mb WAN connection)

1
2
3
/queue simple add name=wan_conn_limit interface=ether1 max-limit=2M/2M
/queue simple add name=prio interface=ether1 parent=wan_conn_limit packet-marks=hi_prio_conn_pkts priority=1
/queue simple add name=other interface=ether1 parent=Internet priority=8

Now SMTP traffic will get higher priority over other traffic.

6# Equal Distribution of Bandwidth for a number of users using PCQ

If you have a 512 kbps WAN connection and you want to share this equally among your users  but if only one pc is active it should have the full 512 kbps, if 2 pcs are active 256 kbps each and vise versa.
As shown in the image below . . .


Use the following:

1
2
3
4
/queue type add name="PCQ_download" kind=pcq pcq-rate=512k pcq-classifier=dst-address
/queue type add name="PCQ_upload" kind=pcq pcq-rate=512k pcq-classifier=src-address
 
/queue simple add queue=PCQ_upload/PCQ_download target-addresses=192.168.2.0/24

7# Limiting Single User Bandwidth via Simple QUEUE (Lookout for order number)

1
/queue simple add name="Limiting Zaib to 256kb" target-addresses=192.168.2.6 max-limit=256k/256k

8# Simple Queue with BURST

Following simple queue with BURST

– Limit user at 64kb in general.
– When the user will download at full 64kbps speed, he will be able to burst upto 256kb for 5 seconds. after 5 seconds , user will fall to 64kb again for next 5 seconds.

In short 5 seconds on load 256kbps, and next 5 seconds, 64kbp.

1
2
3
/queue simple
add burst-limit=256k/256k burst-threshold=128k/128k burst-time=20s/20s direction=both disabled=no interface=all limit-at=0/0 max-limit=64k/64k name=queue1 \
packet-marks="" parent=none priority=8 queue=default-small/default-small target-addresses=172.16.0.10/32 total-queue=default-small

9# Give specific web site assigned Bandwidth on per user basis [updated: 14th April, 2014]

For example you want to limit bandwidth on per user basis for SPECIFIC WEBSITE ONLY. Let’s say 4mb per user for facebook.com
The logic is simple.
1- First create a script that adds the web site ip to an address list.
2- Add scheduler that runs above script after every 5 minutes so that even if the web site ip gets changes, it will update accordingly.
3- Now mark connection and packets for above created address list.
4- Add PCQ queue type (Bandwidth that will be distributed on per user basis using single simple queue)
5- Finally add a simple queue that will distribute bandwidth for marked packets using PCQ for per user basis.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
/system script
add name=facebook-list policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api source="# Script to add Facebook DNS IP addressess \r\
\n# Lupael/ [email protected]\r\
\n:log warning \"Script Started ... Adding Facebook DNS ip's to address list name   facebook_dns_ips\"\r\
\n:foreach i in=[/ip dns cache find] do={\r\
\n:local bNew \"true\";\r\
\n:local cacheName [/ip dns cache all get \$i name] ;\r\
\n:if ([:find \$cacheName \"facebook\"] != 0) do={\r\
\n:local tmpAddress [/ip dns cache get \$i address] ;\r\
\n:put \$tmpAddress;\r\
\n:if ( [/ip firewall address-list find ] = \"\") do={\r\
\n:log info (\"added entry: \$[/ip dns cache get \$i name] IP \$tmpAddress\");\r\
\n/ip firewall address-list add address=\$tmpAddress list=facebook_dns_ips comment=\$cacheName;\r\
\n} else={\r\
\n:foreach j in=[/ip firewall address-list find ] do={\r\
\n:if ( [/ip firewall address-list get \$j address] = \$tmpAddress ) do={\r\
\n:set bNew \"false\";\r\
\n}\r\
\n}\r\
\n:if ( \$bNew = \"true\" ) do={\r\
\n:log info (\"added entry: \$[/ip dns cache get \$i name] IP \$tmpAddress\");\r\
\n/ip firewall address-list add address=\$tmpAddress list=facebook_dns_ips comment=\$cacheName;\r\
\n}\r\
\n}\r\
\n}\r\
\n}\r\
\n# Script Ended..."
 
/system scheduler
add comment="Add Facebook IP's to address list name facebook-list after every 5 minutes / zaib" disabled=no interval=5m name=add_fb_to_list_scheduler_every_5mnts on-event=facebook-list policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api start-date=feb/11/2014 start-time=00:00:00
 
/ip firewall mangle
add action=mark-connection chain=postrouting comment="Mark Conn for FB Site / zaib" disabled=no dst-address-list=facebook_dns_ips new-connection-mark=FB-conn passthrough=yes
add action=mark-packet chain=postrouting comment="Mark Packtes for FB-CONN / zaib" connection-mark=FB-conn disabled=no new-packet-mark=FB_Packets passthrough=no
 
/queue type
add kind=pcq name=Download-4mb pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=4194304 \
pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=Upload-4mb pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=4194304 \
pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000
 
/queue simple
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="Limit FB speed 4mb per user using PCQ  / Lupael" direction=both disabled=no interface=all limit-at=0/0 max-limit=0/0 name=\
4mb_Limit_For_FB_Per_User packet-marks=FB_Packets parent=none priority=8 queue=Upload-4mb/Download-4mb target-addresses="" total-queue=default-small

 

Do remember, its just an example to show you how you can twist things, You can modify it as per your requirements 


Some Notes:

The target-address is used to specify the host that you want to shape… target-address is the address of (for example) your client who’s speed you are about to limit.

Destination-address is for more advanced shaping… for example to shape someone’s access to a specific server dst-address is the server to which this client will connect (if you like to limit his speed only when he connects to this one specific server)

Introduction

Let us suppose that we have several WAN links, and we want to monitor, whether the Internet is accessible through each of them. But what if your modem is up, and telephone line is down? What if one of your ISP has a problem inside it, so traceroute shows only a few hops - and then stops? Check-gateway can tell you your connection is down but maybe the problem is upstream?

Some people use NetWatch tool to monitor remote locations. Others use scripts to periodically ping remote hosts. And then disable routes or in some other way change the behavior of routing.

RouterOS has facilities that allow us to use only /ip routes to do such checking - no scripting and netwatch at all.

Implementation

Basic Setup

Let's suppose that we have two uplinks: GW1 , GW2 . It can be addresses of ADSL modems (like 192.168.1.1 and 192.168.2.1 ), or addresses of PPP interfaces (like pppoe-out1 and pptp-out1 ). Then, we have some policy routing rules, so all outgoing traffic is marked with ISP1 (which goes to GW1 ) and ISP2 (which goes to GW2 ) marks. And we want to monitor Host1 via GW1 , and Host2 via GW2 - those may be some popular Internet websites, like Google, Yahoo, etc.

First, create routes to those hosts via corresponding gateways:

      
 /ip route
 add dst-address='''Host1''' gateway=GW1 scope='''10'''
 add dst-address='''Host2''' gateway=GW2 scope='''10'''

    

Now we create rules for ISP1 routing mark (one for main gateway, and another one for failover):

      
 /ip route
 add distance=1 gateway='''Host1''' routing-mark=ISP1 check-gateway=ping
 add distance=2 gateway='''Host2''' routing-mark=ISP1 check-gateway=ping

    

Those routes will be resolved recursively (see [ [1] ]), and will be active only if HostN is pingable.

Then the same rules for ISP2 mark:

      
 /ip route
 add distance=1 gateway='''Host2''' routing-mark=ISP2 check-gateway=ping
 add distance=2 gateway='''Host1''' routing-mark=ISP2 check-gateway=ping

    

Multiple host checking per Uplink

If Host1 or Host2 in #Basic Setup fails, corresponding link is considered failed too. For redundancy, we may use several hosts per uplink: let's monitor Host1A and Host1B via GW1 , and Host2A and Host2B via GW2 . Also, we'll use double recursive lookup, so that there were fewer places where HostN is mentioned.

As earlier, first we need routes to our checking hosts:

      
 /ip route
 add dst-address='''Host1A''' gateway='''GW1''' scope=10
 add dst-address='''Host1B''' gateway='''GW1''' scope=10
 add dst-address='''Host2A''' gateway='''GW2''' scope=10
 add dst-address='''Host2B''' gateway='''GW2''' scope=10

    

Then, let's create destinations to "virtual" hops to use in further routes. I'm using 10.1.1.1 and 10.2.2.2 as an example:

      
 /ip route
 add dst-address=10.1.1.1 gateway='''Host1A''' scope=10 target-scope=10 check-gateway=ping
 add dst-address=10.1.1.1 gateway='''Host1B''' scope=10 target-scope=10 check-gateway=ping
 add dst-address=10.2.2.2 gateway='''Host2A''' scope=10 target-scope=10 check-gateway=ping
 add dst-address=10.2.2.2 gateway='''Host2B''' scope=10 target-scope=10 check-gateway=ping

    

And now we may add default routes for clients:

      
 /ip route
 add distance=1 gateway=10.1.1.1 routing-mark=ISP1
 add distance=2 gateway=10.2.2.2 routing-mark=ISP1
 add distance=1 gateway=10.2.2.2 routing-mark=ISP2
 add distance=2 gateway=10.1.1.1 routing-mark=ISP2

    

Workaround 1

In ROS versions at least up to 4.10 there's a bug, and if your ethernet interface goes down (for example, your directly connected ADSL modem is powered off) and then brings up, recursive routes are not recalculated (or something) and all traffic still goes via another uplink. As a workaround, additional rules for each HostN may be used. When adding them, all is recalculated correctly:

      
 /ip route
 add dst-address='''Host1''' type=blackhole distance=20
 add dst-address='''Host2''' type=blackhole distance=20

This script will set a series of ports to use one port as their master. Paste the script into a terminal or paste it to a notepad file named .rsc and import it. Edit the variables as described in the script and then run it.

      system script
add name="Set Ports" owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source="#\r\
    \n#\r\
    \n# Set master port\r\
    \n# Then set slave port type i.e.: ether or sfp \r\
    \n# This is for interfaces not named \93ether\94 like SFP\r\
    \n# Then set ports in range form using SlavePortStart and SlavePortStop.\r\
    \n:global MasterPort \"ether24\"\r\
    \n:global PortType \"ether\"\r\
    \n:global SlavePortsStart \"1\"\r\
    \n:global SlavePortsStop \"9\"\r\
    \n:for i from=\$SlavePortsStart to=\$SlavePortsStop do={\r\
    \n/interface ethernet set (\$PortType . \$i) master-port=\$MasterPort\r\
    \n}"

    

This script will clear any master ports and set all masters to none.

      
/system script
add name="Clear Ports" owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source=\
    "/interface ethernet\r\
    \nset [find] master=none"

its a weird world we live in !

Fix the root cause that is making issue , dont always go for workarounds

WORKAROUND :

Add this in in Hotspot > User Profile > Default > Scripts > On Login)

1
2
3
4
5
6
7
8
9
# Check if this hotspot user is already logged in on PPPOE on same mikrotik, then kick HOTSPOT
:local uname $user;
:local u;
:foreach u in=[/ppp active find name=$user ] do={
:log warning "$user ID is already active in pppoe. Now disconnecting from HotSpot ... Done!"
:foreach i in=[/ip hotspot active find user=$uname] do= {
/ip hotspot active remove numbers=$i;
}
}

123

.

With some modification you can add script in pppoe login profile as well, which will check if user is already active in hotspot then kick pppoe or hs user.

Did you know your Internet speed is shared?

Every connected device in your home uses some of your Internet speed.

Activities that affect your Internet speed:

  • Having many devices connected to your home Internet at the same time.
  • Doing multiple things that use a lot of Internet speed at the same time, like streaming, gaming, video-conferencing, and downloading large files.
  • Connecting to Wi-Fi®. Using a wired connection tends to be faster.
Have lots of connected devices?  it’s time for a new plan.

How can I get the most out of my Internet speed?

  • Restart your gateway now and then.
  • Keep your gateway and devices away from obstructions (like metal) and common sources of interference (like baby monitors and microwaves).
  • Move Wi-Fi devices closer to your gateway. The farther away they are, the weaker the signal and the slower the speed.
  • Place your Wi-Fi gateway in a central location in your home or office. Keeping it upright and off the floor improves coverage.
  • Only use Wi-Fi with devices that don’t have wired connection ports, like smartphones, tablets, and home assistants.
  • Add a Wi-Fi extender to improve coverage and signal strength if needed.
Are my devices affecting my speed?

Your device may be slowing you down. Try these tips:

  • Turn off Internet-connected devices when you aren’t using them..
  • Clear your browser cache and cookies.
  • Exit streaming apps after watching videos or listening to music.
  • Restart devices regularly. 
  • Turn off auto updates on apps, gaming consoles, and PCs.
  • Update anti-virus software, drivers, firmware, and computer and device software.
  • Upgrade older Wi-Fi devices to ones with newer, faster Wi-Fi technology.

What else affects my speed?

  • Interference from other Wi-Fi networks, especially in crowded areas or buildings with high Wi-Fi use.
  • Too many people connecting to a website or app at once.
  • Connecting at peak hours.
.
Most popular articles 
 
Newest articles