Re: [AFMUG] Weird IP issue

[Christopher Tyler]

Confirmed that firewall is not the issue, disabled the rules, no change. I 
don't know why, but I didn't even think of torch/packet capture, brain-fart I 
guess.
If the downgrade doesn't fix it I'll look at that next.

-- 
Christopher Tyler
Senior Network Engineer
MTCRE/MTCNA/MTCTCE/MTCWE

Total Highspeed Internet Solutions
1091 W. Kathryn Street
Nixa, MO 65714
(417) 851-1107 x. 9002
www.totalhighspeed.com

This institution is an equal opportunity provider and employer.
Esta institución es un proveedor de servicios con igualdad de oportunidades.

- Original Message -
> From: "castarritt" 
> To: "AnimalFarm Microwave Users Group" 
> Sent: Wednesday, May 4, 2022 3:51:18 PM
> Subject: Re: [AFMUG] Weird IP issue

> If it's not something obvious with routing or firewall, my next step would be 
> to
> look at torch and/or packet captures to narrow it down.
> 
> On Wed, May 4, 2022 at 3:34 PM < [ mailto:dmmoff...@gmail.com |
> dmmoff...@gmail.com ] > wrote:
> 
> 
> Fair enough, but traffic through the router would be forward chain. Input 
> chain
> only affects traffic destined for the router itself.
> I agree it's an easy thing to check.
> 
> -Original Message-
> From: AF < [ mailto:af-boun...@af.afmug.com | af-boun...@af.afmug.com ] > On
> Behalf Of Larry Smith
> Sent: Wednesday, May 04, 2022 4:17 PM
> To: AnimalFarm Microwave Users Group < [ mailto:af@af.afmug.com |
> af@af.afmug.com ] >
> Subject: Re: [AFMUG] Weird IP issue
> 
> 
> Yes, but it ends with an INPUT "drop all" entry.
> Agree it does not "appear" to be anything in the firewall, but only takes a 
> few
> seconds to test and prove one way or the other.
> 
> --
> Larry Smith
> [ mailto:lesm...@ecsis.net | lesm...@ecsis.net ]
> 
> On Wed May 4 2022 14:58, Christopher Tyler wrote:
>> That is the export of the entire firewall on that router, there are no
>> forward, nat or mangle rules, therefore there shouldn't be anything
>> keeping the data from getting to/from anything, let alone blocking all
>> but one IP address in the IP range.
>> 
>> It's a /29 block, ip is x.x.x.x/29 on the router interface to the
>> switch,
>> /29 in OSPF network as well.
>> 
>> This is why I'm completely stumped, everything looks fine. We're going
>> to roll that router back tonight to 7.1.5 the "long term" version to
>> see if that does anything.
>> 
>> --
>> Christopher Tyler
>> Senior Network Engineer
>> MTCRE/MTCNA/MTCTCE/MTCWE
>> 
>> Total Highspeed Internet Solutions
>> 1091 W. Kathryn Street
>> Nixa, MO 65714
>> (417) 851-1107 x. 9002
>> [ http://www.totalhighspeed.com/ | www.totalhighspeed.com ]
>> 
>> This institution is an equal opportunity provider and employer.
>> Esta institución es un proveedor de servicios con igualdad de
>> oportunidades.
>> 
>> - Original Message -
>> 
>> > From: "Josh Luthman" < [ mailto:j...@imaginenetworksllc.com |
>> > j...@imaginenetworksllc.com ] >
>> > To: "AnimalFarm Microwave Users Group" < [ mailto:af@af.afmug.com |
>> > af@af.afmug.com ] >
>> > Sent: Wednesday, May 4, 2022 11:39:22 AM
>> > Subject: Re: [AFMUG] Weird IP issue
>> > 
>> > Input/output aren't relevant for forward traffic.
>> > 
>> > Are your subnets right everywhere?
>> > 
>> > On Wed, May 4, 2022 at 12:20 PM Christopher Tyler < [
>> > mailto: [ mailto:ch...@totalhighspeed.net | ch...@totalhighspeed.net ] | [
>> > mailto:ch...@totalhighspeed.net | ch...@totalhighspeed.net ] ] > wrote:
>> > 
>> > 
>> > Very minimal, really just basic input rules, nothing that would
>> > block the IP addresses from getting through. No NAT or Mangle rules on this
>> > router.
>> > 
>> > /ip firewall filter
>> > add action=accept chain=input comment="ACCEPT ESTABLISHED/RELATED" \
>> > connection-state=established,related
>> > add action=accept chain=input comment="ACCEPT OSPF" protocol=ospf
>> > add action=accept chain=input comment="ACCEPT ICMP (ping)"
>> > protocol=icmp add action=accept chain=input comment="ACCEPT SNMP"
>> > dst-port=160-161 protocol=\ udp add action=accept chain=input
>> > comment="ACCEPT DHCP" dst-port=67 protocol=udp add action=accept
>> > chain=input comment="Allow MTIK Bandwidth Test" dst-port=\ 2000-3000
>> > protocol=tcp add action=accept chain=input comment="Allow MTIK
>> > Bandwidth Test"
>> > dst-port=\ 2000-3000 protocol=udp
>> > add action=accept chain=input dst-port=5678 protocol=tcp add
>> > action=accept chain=input comment="ACCEPT THIS Mgmt"
>> > src-address-list=\ THIS_ADMIN
>> > add action=accept chain=output comment="ACCEPT ALL OUTBOUND"
>> > add action=drop chain=input comment="DROP ALL OTHER INPUT"
>> > 
>> > 
>> > --
>> > Christopher Tyler
>> > Senior Network Engineer
>> > MTCRE/MTCNA/MTCTCE/MTCWE
>> > 
>> > Total Highspeed Internet Solutions
>> > 1091 W. Kathryn Street
>> > Nixa, MO 65714
>> > (417) 851-1107 x. 9002
>> > [ [ http://www.totalhighspeed.com/ | http://www.totalhighspeed.com/ ] | [
>> > http://www.totalhighspeed.com/ | www.totalhighspeed.com ] ]
>> > 
>> > This institution is an equal opportunity provider and 

Re: [AFMUG] UniFi migrate to cloud key

[dmmoffett]

Thanks for info.  That all makes sense.

 

 

From: AF  On Behalf Of Craig Baird
Sent: Wednesday, May 04, 2022 11:28 AM
To: AnimalFarm Microwave Users Group 
Subject: Re: [AFMUG] UniFi migrate to cloud key

 

You can either forget them and re-adopt on the cloud key or you can back up the 
old controller and restore it to the cloud key (they should both be running the 
same software version if you do that.) If you forget and re-adopt you’ll have 
to reconfigure everything. If you backup and restore, all the config migrates 
and it all works like it did before. If the old controller is dead and you 
don’t have a backup you’ll need to physically reset all the devices unless you 
know the device SSH credentials that were configured in the old controller. If 
you know that, you can adopt them on the new controller without having to 
reset. 

 

Craig

 

 

On Wed, May 4, 2022 at 9:09 AM mailto:dmmoff...@gmail.com> > wrote:

If a unifi network is already managed in a unifi server and then someone comes 
along and plugs in a cloud key on the LAN, can you then just adopt all the 
stuff into the cloud key?  Or do you have to “forget” them on the server first?

 

-Adam

 

-- 
AF mailing list
AF@af.afmug.com  
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Weird IP issue

[castarritt]

If it's not something obvious with routing or firewall, my next step would
be to look at torch and/or packet captures to narrow it down.

On Wed, May 4, 2022 at 3:34 PM  wrote:

> Fair enough, but traffic through the router would be forward chain.  Input
> chain only affects traffic destined for the router itself.
> I agree it's an easy thing to check.
>
> -Original Message-
> From: AF  On Behalf Of Larry Smith
> Sent: Wednesday, May 04, 2022 4:17 PM
> To: AnimalFarm Microwave Users Group 
> Subject: Re: [AFMUG] Weird IP issue
>
>
> Yes, but it ends with an INPUT "drop all" entry.
> Agree it does not "appear" to be anything in the firewall, but only takes
> a few seconds to test and prove one way or the other.
>
> --
> Larry Smith
> lesm...@ecsis.net
>
> On Wed May 4 2022 14:58, Christopher Tyler wrote:
> > That is the export of the entire firewall on that router, there are no
> > forward, nat or mangle rules, therefore there shouldn't be anything
> > keeping the data from getting to/from anything, let alone blocking all
> > but one IP address in the IP range.
> >
> > It's a /29 block, ip is x.x.x.x/29 on the router interface to the
> > switch,
> > /29 in OSPF network as well.
> >
> > This is why I'm completely stumped, everything looks fine. We're going
> > to roll that router back tonight to 7.1.5 the "long term" version to
> > see if that does anything.
> >
> > --
> > Christopher Tyler
> > Senior Network Engineer
> > MTCRE/MTCNA/MTCTCE/MTCWE
> >
> > Total Highspeed Internet Solutions
> > 1091 W. Kathryn Street
> > Nixa, MO 65714
> > (417) 851-1107 x. 9002
> > www.totalhighspeed.com
> >
> > This institution is an equal opportunity provider and employer.
> > Esta institución es un proveedor de servicios con igualdad de
> > oportunidades.
> >
> > - Original Message -
> >
> > > From: "Josh Luthman" 
> > > To: "AnimalFarm Microwave Users Group" 
> > > Sent: Wednesday, May 4, 2022 11:39:22 AM
> > > Subject: Re: [AFMUG] Weird IP issue
> > >
> > > Input/output aren't relevant for forward traffic.
> > >
> > > Are your subnets right everywhere?
> > >
> > > On Wed, May 4, 2022 at 12:20 PM Christopher Tyler < [
> > > mailto:ch...@totalhighspeed.net | ch...@totalhighspeed.net ] > wrote:
> > >
> > >
> > > Very minimal, really just basic input rules, nothing that would
> > > block the IP addresses from getting through. No NAT or Mangle rules on
> this router.
> > >
> > > /ip firewall filter
> > > add action=accept chain=input comment="ACCEPT ESTABLISHED/RELATED" \
> > > connection-state=established,related
> > > add action=accept chain=input comment="ACCEPT OSPF" protocol=ospf
> > > add action=accept chain=input comment="ACCEPT ICMP (ping)"
> > > protocol=icmp add action=accept chain=input comment="ACCEPT SNMP"
> > > dst-port=160-161 protocol=\ udp add action=accept chain=input
> > > comment="ACCEPT DHCP" dst-port=67 protocol=udp add action=accept
> > > chain=input comment="Allow MTIK Bandwidth Test" dst-port=\ 2000-3000
> > > protocol=tcp add action=accept chain=input comment="Allow MTIK
> > > Bandwidth Test"
> > > dst-port=\ 2000-3000 protocol=udp
> > > add action=accept chain=input dst-port=5678 protocol=tcp add
> > > action=accept chain=input comment="ACCEPT THIS Mgmt"
> > > src-address-list=\ THIS_ADMIN
> > > add action=accept chain=output comment="ACCEPT ALL OUTBOUND"
> > > add action=drop chain=input comment="DROP ALL OTHER INPUT"
> > >
> > >
> > > --
> > > Christopher Tyler
> > > Senior Network Engineer
> > > MTCRE/MTCNA/MTCTCE/MTCWE
> > >
> > > Total Highspeed Internet Solutions
> > > 1091 W. Kathryn Street
> > > Nixa, MO 65714
> > > (417) 851-1107 x. 9002
> > > [ http://www.totalhighspeed.com/ | www.totalhighspeed.com ]
> > >
> > > This institution is an equal opportunity provider and employer.
> > > Esta institución es un proveedor de servicios con igualdad de
> > > oportunidades.
> > >
> > > - Original Message -
> > >
> > >> From: "Josh Luthman" < [ mailto:j...@imaginenetworksllc.com |
> > >> j...@imaginenetworksllc.com ] >
> > >> To: "AnimalFarm Microwave Users Group" < [ mailto:af@af.afmug.com |
> > >> af@af.afmug.com ] >
> > >> Sent: Wednesday, May 4, 2022 11:12:55 AM
> > >> Subject: Re: [AFMUG] Weird IP issue
> > >>
> > >> Firewall filter rules?
> > >>
> > >> Double check the gateway and subnet on the server.
> > >>
> > >> On Wed, May 4, 2022 at 11:17 AM Christopher Tyler < [
> > >> mailto: [ mailto:ch...@totalhighspeed.net |
> > >> ch...@totalhighspeed.net ] | [ mailto:ch...@totalhighspeed.net |
> > >> ch...@totalhighspeed.net ] ] >
> > >> wrote:
> > >>
> > >>
> > >> We have one of the new Mikrotik CCR2216-1G-12XS-2XQ routers running
> > >> RouterOS 7.2.1 with a Mikrotik switch (running 6.44.3) hanging off
> > >> of it. I have two servers on that switch both in the the same
> > >> public IP block. I can ping both servers from the router, and they
> > >> can ping each other. One server is globally reachable and the other
> > >> is not reachable other than from the router or 

Re: [AFMUG] Weird IP issue

[dmmoffett]

Fair enough, but traffic through the router would be forward chain.  Input 
chain only affects traffic destined for the router itself.
I agree it's an easy thing to check.

-Original Message-
From: AF  On Behalf Of Larry Smith
Sent: Wednesday, May 04, 2022 4:17 PM
To: AnimalFarm Microwave Users Group 
Subject: Re: [AFMUG] Weird IP issue


Yes, but it ends with an INPUT "drop all" entry.
Agree it does not "appear" to be anything in the firewall, but only takes a few 
seconds to test and prove one way or the other.

--
Larry Smith
lesm...@ecsis.net

On Wed May 4 2022 14:58, Christopher Tyler wrote:
> That is the export of the entire firewall on that router, there are no 
> forward, nat or mangle rules, therefore there shouldn't be anything 
> keeping the data from getting to/from anything, let alone blocking all 
> but one IP address in the IP range.
>
> It's a /29 block, ip is x.x.x.x/29 on the router interface to the 
> switch,
> /29 in OSPF network as well.
>
> This is why I'm completely stumped, everything looks fine. We're going 
> to roll that router back tonight to 7.1.5 the "long term" version to 
> see if that does anything.
>
> --
> Christopher Tyler
> Senior Network Engineer
> MTCRE/MTCNA/MTCTCE/MTCWE
>
> Total Highspeed Internet Solutions
> 1091 W. Kathryn Street
> Nixa, MO 65714
> (417) 851-1107 x. 9002
> www.totalhighspeed.com
>
> This institution is an equal opportunity provider and employer.
> Esta institución es un proveedor de servicios con igualdad de 
> oportunidades.
>
> - Original Message -
>
> > From: "Josh Luthman" 
> > To: "AnimalFarm Microwave Users Group" 
> > Sent: Wednesday, May 4, 2022 11:39:22 AM
> > Subject: Re: [AFMUG] Weird IP issue
> >
> > Input/output aren't relevant for forward traffic.
> >
> > Are your subnets right everywhere?
> >
> > On Wed, May 4, 2022 at 12:20 PM Christopher Tyler < [ 
> > mailto:ch...@totalhighspeed.net | ch...@totalhighspeed.net ] > wrote:
> >
> >
> > Very minimal, really just basic input rules, nothing that would 
> > block the IP addresses from getting through. No NAT or Mangle rules on this 
> > router.
> >
> > /ip firewall filter
> > add action=accept chain=input comment="ACCEPT ESTABLISHED/RELATED" \ 
> > connection-state=established,related
> > add action=accept chain=input comment="ACCEPT OSPF" protocol=ospf 
> > add action=accept chain=input comment="ACCEPT ICMP (ping)" 
> > protocol=icmp add action=accept chain=input comment="ACCEPT SNMP" 
> > dst-port=160-161 protocol=\ udp add action=accept chain=input 
> > comment="ACCEPT DHCP" dst-port=67 protocol=udp add action=accept 
> > chain=input comment="Allow MTIK Bandwidth Test" dst-port=\ 2000-3000 
> > protocol=tcp add action=accept chain=input comment="Allow MTIK 
> > Bandwidth Test"
> > dst-port=\ 2000-3000 protocol=udp
> > add action=accept chain=input dst-port=5678 protocol=tcp add 
> > action=accept chain=input comment="ACCEPT THIS Mgmt"
> > src-address-list=\ THIS_ADMIN
> > add action=accept chain=output comment="ACCEPT ALL OUTBOUND"
> > add action=drop chain=input comment="DROP ALL OTHER INPUT"
> >
> >
> > --
> > Christopher Tyler
> > Senior Network Engineer
> > MTCRE/MTCNA/MTCTCE/MTCWE
> >
> > Total Highspeed Internet Solutions
> > 1091 W. Kathryn Street
> > Nixa, MO 65714
> > (417) 851-1107 x. 9002
> > [ http://www.totalhighspeed.com/ | www.totalhighspeed.com ]
> >
> > This institution is an equal opportunity provider and employer.
> > Esta institución es un proveedor de servicios con igualdad de 
> > oportunidades.
> >
> > - Original Message -
> >
> >> From: "Josh Luthman" < [ mailto:j...@imaginenetworksllc.com | 
> >> j...@imaginenetworksllc.com ] >
> >> To: "AnimalFarm Microwave Users Group" < [ mailto:af@af.afmug.com | 
> >> af@af.afmug.com ] >
> >> Sent: Wednesday, May 4, 2022 11:12:55 AM
> >> Subject: Re: [AFMUG] Weird IP issue
> >>
> >> Firewall filter rules?
> >>
> >> Double check the gateway and subnet on the server.
> >>
> >> On Wed, May 4, 2022 at 11:17 AM Christopher Tyler < [
> >> mailto: [ mailto:ch...@totalhighspeed.net | 
> >> ch...@totalhighspeed.net ] | [ mailto:ch...@totalhighspeed.net | 
> >> ch...@totalhighspeed.net ] ] >
> >> wrote:
> >>
> >>
> >> We have one of the new Mikrotik CCR2216-1G-12XS-2XQ routers running 
> >> RouterOS 7.2.1 with a Mikrotik switch (running 6.44.3) hanging off 
> >> of it. I have two servers on that switch both in the the same 
> >> public IP block. I can ping both servers from the router, and they 
> >> can ping each other. One server is globally reachable and the other 
> >> is not reachable other than from the router or switch itself. I 
> >> plugged in my laptop and assigned it an IP in that same range and 
> >> cannot reach it extrenally either. The router is using OSPF and I 
> >> can see the route for that IP block from both sides of the router, 
> >> but traceroutes/pings to anything other than the server that is 
> >> working stop at the router. No vlans or special configuration 
> >> between the 

Re: [AFMUG] Weird IP issue

[Larry Smith]

Yes, but it ends with an INPUT "drop all" entry.
Agree it does not "appear" to be anything in the firewall,
but only takes a few seconds to test and prove one
way or the other.

-- 
Larry Smith
lesm...@ecsis.net

On Wed May 4 2022 14:58, Christopher Tyler wrote:
> That is the export of the entire firewall on that router, there are no
> forward, nat or mangle rules, therefore there shouldn't be anything keeping
> the data from getting to/from anything, let alone blocking all but one IP
> address in the IP range.
>
> It's a /29 block, ip is x.x.x.x/29 on the router interface to the switch,
> /29 in OSPF network as well.
>
> This is why I'm completely stumped, everything looks fine. We're going to
> roll that router back tonight to 7.1.5 the "long term" version to see if
> that does anything.
>
> --
> Christopher Tyler
> Senior Network Engineer
> MTCRE/MTCNA/MTCTCE/MTCWE
>
> Total Highspeed Internet Solutions
> 1091 W. Kathryn Street
> Nixa, MO 65714
> (417) 851-1107 x. 9002
> www.totalhighspeed.com
>
> This institution is an equal opportunity provider and employer.
> Esta institución es un proveedor de servicios con igualdad de
> oportunidades.
>
> - Original Message -
>
> > From: "Josh Luthman" 
> > To: "AnimalFarm Microwave Users Group" 
> > Sent: Wednesday, May 4, 2022 11:39:22 AM
> > Subject: Re: [AFMUG] Weird IP issue
> >
> > Input/output aren't relevant for forward traffic.
> >
> > Are your subnets right everywhere?
> >
> > On Wed, May 4, 2022 at 12:20 PM Christopher Tyler < [
> > mailto:ch...@totalhighspeed.net | ch...@totalhighspeed.net ] > wrote:
> >
> >
> > Very minimal, really just basic input rules, nothing that would block the
> > IP addresses from getting through. No NAT or Mangle rules on this router.
> >
> > /ip firewall filter
> > add action=accept chain=input comment="ACCEPT ESTABLISHED/RELATED" \
> > connection-state=established,related
> > add action=accept chain=input comment="ACCEPT OSPF" protocol=ospf
> > add action=accept chain=input comment="ACCEPT ICMP (ping)" protocol=icmp
> > add action=accept chain=input comment="ACCEPT SNMP" dst-port=160-161
> > protocol=\ udp
> > add action=accept chain=input comment="ACCEPT DHCP" dst-port=67
> > protocol=udp add action=accept chain=input comment="Allow MTIK Bandwidth
> > Test" dst-port=\ 2000-3000 protocol=tcp
> > add action=accept chain=input comment="Allow MTIK Bandwidth Test"
> > dst-port=\ 2000-3000 protocol=udp
> > add action=accept chain=input dst-port=5678 protocol=tcp
> > add action=accept chain=input comment="ACCEPT THIS Mgmt"
> > src-address-list=\ THIS_ADMIN
> > add action=accept chain=output comment="ACCEPT ALL OUTBOUND"
> > add action=drop chain=input comment="DROP ALL OTHER INPUT"
> >
> >
> > --
> > Christopher Tyler
> > Senior Network Engineer
> > MTCRE/MTCNA/MTCTCE/MTCWE
> >
> > Total Highspeed Internet Solutions
> > 1091 W. Kathryn Street
> > Nixa, MO 65714
> > (417) 851-1107 x. 9002
> > [ http://www.totalhighspeed.com/ | www.totalhighspeed.com ]
> >
> > This institution is an equal opportunity provider and employer.
> > Esta institución es un proveedor de servicios con igualdad de
> > oportunidades.
> >
> > - Original Message -
> >
> >> From: "Josh Luthman" < [ mailto:j...@imaginenetworksllc.com |
> >> j...@imaginenetworksllc.com ] >
> >> To: "AnimalFarm Microwave Users Group" < [ mailto:af@af.afmug.com |
> >> af@af.afmug.com ] >
> >> Sent: Wednesday, May 4, 2022 11:12:55 AM
> >> Subject: Re: [AFMUG] Weird IP issue
> >>
> >> Firewall filter rules?
> >>
> >> Double check the gateway and subnet on the server.
> >>
> >> On Wed, May 4, 2022 at 11:17 AM Christopher Tyler < [
> >> mailto: [ mailto:ch...@totalhighspeed.net | ch...@totalhighspeed.net ] |
> >> [ mailto:ch...@totalhighspeed.net | ch...@totalhighspeed.net ] ] >
> >> wrote:
> >>
> >>
> >> We have one of the new Mikrotik CCR2216-1G-12XS-2XQ routers running
> >> RouterOS 7.2.1 with a Mikrotik switch (running 6.44.3) hanging off of
> >> it. I have two servers on that switch both in the the same public IP
> >> block. I can ping both servers from the router, and they can ping each
> >> other. One server is globally reachable and the other is not reachable
> >> other than from the router or switch itself. I plugged in my laptop and
> >> assigned it an IP in that same range and cannot reach it extrenally
> >> either. The router is using OSPF and I can see the route for that IP
> >> block from both sides of the router, but traceroutes/pings to anything
> >> other than the server that is working stop at the router. No vlans or
> >> special configuration between the router and the switch, just basic IP,
> >> all ports on the switch are bridged. Forwarded ports (dstnat) don't
> >> appear to work from the router either.
> >>
> >> I'm stumped, so I figured I would ask if anyone else has seen anything
> >> like this and have a solution, or am I looking at a possible RouterOS 7
> >> issue?
> >>
> >> --
> >> Christopher Tyler
> >> Senior Network Engineer
> >> 

Re: [AFMUG] Weird IP issue

[Christopher Tyler]

When I connected my laptop, I had internet, which is also weird since it was 
unreachable by ping. But yes I statically assigned the IP to the laptop with 
the correct IP, gateway and subnet.

-- 
Christopher Tyler
Senior Network Engineer
MTCRE/MTCNA/MTCTCE/MTCWE

Total Highspeed Internet Solutions
1091 W. Kathryn Street
Nixa, MO 65714
(417) 851-1107 x. 9002
www.totalhighspeed.com

This institution is an equal opportunity provider and employer.
Esta institución es un proveedor de servicios con igualdad de oportunidades.

- Original Message -
> From: "AnimalFarm Microwave Users Group" 
> To: "AnimalFarm Microwave Users Group" 
> Cc: "David Sovereen" 
> Sent: Wednesday, May 4, 2022 3:04:42 PM
> Subject: Re: [AFMUG] Weird IP issue

> Does the server without connectivity have a working default gateway?
> 
> Dave
> 
>> On May 4, 2022, at 4:00 PM, Christopher Tyler  
>> wrote:
>> 
>> Rebooted both the router and the switch, no joy, issue persists.
>> 
>> --
>> Christopher Tyler
>> Senior Network Engineer
>> MTCRE/MTCNA/MTCTCE/MTCWE
>> 
>> Total Highspeed Internet Solutions
>> 1091 W. Kathryn Street
>> Nixa, MO 65714
>> (417) 851-1107 x. 9002
>> www.totalhighspeed.com
>> 
>> This institution is an equal opportunity provider and employer.
>> Esta institución es un proveedor de servicios con igualdad de oportunidades.
>> 
>> - Original Message -
>>> From: "Adam Moffett" 
>>> To: "AnimalFarm Microwave Users Group" 
>>> Sent: Wednesday, May 4, 2022 2:50:13 PM
>>> Subject: Re: [AFMUG] Weird IP issue
>> 
>>> If this is a Mikrotik switch, reboot it before you waste a lot of time.
>>> 
>>> I've seen weird stuff too many times.   I had a CRS317 the other day where 
>>> we
>>> got 98% packet loss to one specific host.  Watching the switch hosts table 
>>> it
>>> seemed like it kept changing it's mind as to which interface that MAC 
>>> address
>>> was on.  Reboot cleared it right up.
>>> 
>>> -Adam
>>> 
>>> 
>>> -Original Message-
>>> From: AF  On Behalf Of Larry Smith
>>> Sent: Wednesday, May 04, 2022 12:50 PM
>>> To: AnimalFarm Microwave Users Group 
>>> Subject: Re: [AFMUG] Weird IP issue
>>> 
>>> 
>>> To verify that, drop the firewall and then test again.
>>> If its firewall related it will start working.
>>> 
>>> --
>>> Larry Smith
>>> lesm...@ecsis.net
>>> 
>>> On Wed May 4 2022 11:18, Christopher Tyler wrote:
 Very minimal, really just basic input rules, nothing that would block
 the IP addresses from getting through. No NAT or Mangle rules on this 
 router.
 
 /ip firewall filter
 add action=accept chain=input comment="ACCEPT ESTABLISHED/RELATED" \
connection-state=established,related
 add action=accept chain=input comment="ACCEPT OSPF" protocol=ospf add
 action=accept chain=input comment="ACCEPT ICMP (ping)" protocol=icmp
 add action=accept chain=input comment="ACCEPT SNMP" dst-port=160-161
 protocol=\ udp add action=accept chain=input comment="ACCEPT DHCP"
 dst-port=67 protocol=udp add action=accept chain=input comment="Allow
 MTIK Bandwidth Test" dst-port=\ 2000-3000 protocol=tcp add
 action=accept chain=input comment="Allow MTIK Bandwidth Test"
 dst-port=\ 2000-3000 protocol=udp
 add action=accept chain=input dst-port=5678 protocol=tcp add
 action=accept chain=input comment="ACCEPT THIS Mgmt" src-address-list=\
THIS_ADMIN
 add action=accept chain=output comment="ACCEPT ALL OUTBOUND"
 add action=drop chain=input comment="DROP ALL OTHER INPUT"
 
 
 --
 Christopher Tyler
 Senior Network Engineer
 MTCRE/MTCNA/MTCTCE/MTCWE
 
 Total Highspeed Internet Solutions
 1091 W. Kathryn Street
 Nixa, MO 65714
 (417) 851-1107 x. 9002
 www.totalhighspeed.com
 
 This institution is an equal opportunity provider and employer.
 Esta institución es un proveedor de servicios con igualdad de
 oportunidades.
 
 - Original Message -
 
> From: "Josh Luthman" 
> To: "AnimalFarm Microwave Users Group" 
> Sent: Wednesday, May 4, 2022 11:12:55 AM
> Subject: Re: [AFMUG] Weird IP issue
> 
> Firewall filter rules?
> 
> Double check the gateway and subnet on the server.
> 
> On Wed, May 4, 2022 at 11:17 AM Christopher Tyler < [
> mailto:ch...@totalhighspeed.net | ch...@totalhighspeed.net ] > wrote:
> 
> 
> We have one of the new Mikrotik CCR2216-1G-12XS-2XQ routers running
> RouterOS 7.2.1 with a Mikrotik switch (running 6.44.3) hanging off of it.
> I have two servers on that switch both in the the same public IP
> block. I can ping both servers from the router, and they can ping
> each other. One server is globally reachable and the other is not
> reachable other than from the router or switch itself. I plugged in
> my laptop and assigned it an IP in that same range and cannot reach
> it extrenally either. The router is using OSPF and I can see the
> route for 

Re: [AFMUG] Weird IP issue

[Christopher Tyler]

Yup, x.x.x.x/29 in the same range.

-- 
Christopher Tyler
Senior Network Engineer
MTCRE/MTCNA/MTCTCE/MTCWE

Total Highspeed Internet Solutions
1091 W. Kathryn Street
Nixa, MO 65714
(417) 851-1107 x. 9002
www.totalhighspeed.com

This institution is an equal opportunity provider and employer.
Esta institución es un proveedor de servicios con igualdad de oportunidades.

- Original Message -
> From: "Josh Luthman" 
> To: "AnimalFarm Microwave Users Group" 
> Sent: Wednesday, May 4, 2022 3:01:47 PM
> Subject: Re: [AFMUG] Weird IP issue

>>It's a /29 block, ip is x.x.x.x/29 on the router interface to the switch, /29 
>>in
>>OSPF network as well.
> 
> And the servers/laptop?
> 
> On Wed, May 4, 2022 at 4:00 PM Christopher Tyler < [
> mailto:ch...@totalhighspeed.net | ch...@totalhighspeed.net ] > wrote:
> 
> 
> That is the export of the entire firewall on that router, there are no 
> forward,
> nat or mangle rules, therefore there shouldn't be anything keeping the data
> from getting to/from anything, let alone blocking all but one IP address in 
> the
> IP range.
> 
> It's a /29 block, ip is x.x.x.x/29 on the router interface to the switch, /29 
> in
> OSPF network as well.
> 
> This is why I'm completely stumped, everything looks fine. We're going to roll
> that router back tonight to 7.1.5 the "long term" version to see if that does
> anything.
> 
> --
> Christopher Tyler
> Senior Network Engineer
> MTCRE/MTCNA/MTCTCE/MTCWE
> 
> Total Highspeed Internet Solutions
> 1091 W. Kathryn Street
> Nixa, MO 65714
> (417) 851-1107 x. 9002
> [ http://www.totalhighspeed.com/ | www.totalhighspeed.com ]
> 
> This institution is an equal opportunity provider and employer.
> Esta institución es un proveedor de servicios con igualdad de oportunidades.
> 
> - Original Message -
>> From: "Josh Luthman" < [ mailto:j...@imaginenetworksllc.com |
>> j...@imaginenetworksllc.com ] >
>> To: "AnimalFarm Microwave Users Group" < [ mailto:af@af.afmug.com |
>> af@af.afmug.com ] >
>> Sent: Wednesday, May 4, 2022 11:39:22 AM
>> Subject: Re: [AFMUG] Weird IP issue
> 
>> Input/output aren't relevant for forward traffic.
>> 
>> Are your subnets right everywhere?
>> 
>> On Wed, May 4, 2022 at 12:20 PM Christopher Tyler < [
>> mailto: [ mailto:ch...@totalhighspeed.net | ch...@totalhighspeed.net ] | [
>> mailto:ch...@totalhighspeed.net | ch...@totalhighspeed.net ] ] > wrote:
>> 
>> 
>> Very minimal, really just basic input rules, nothing that would block the IP
>> addresses from getting through. No NAT or Mangle rules on this router.
>> 
>> /ip firewall filter
>> add action=accept chain=input comment="ACCEPT ESTABLISHED/RELATED" \
>> connection-state=established,related
>> add action=accept chain=input comment="ACCEPT OSPF" protocol=ospf
>> add action=accept chain=input comment="ACCEPT ICMP (ping)" protocol=icmp
>> add action=accept chain=input comment="ACCEPT SNMP" dst-port=160-161 
>> protocol=\
>> udp
>> add action=accept chain=input comment="ACCEPT DHCP" dst-port=67 protocol=udp
>> add action=accept chain=input comment="Allow MTIK Bandwidth Test" dst-port=\
>> 2000-3000 protocol=tcp
>> add action=accept chain=input comment="Allow MTIK Bandwidth Test" dst-port=\
>> 2000-3000 protocol=udp
>> add action=accept chain=input dst-port=5678 protocol=tcp
>> add action=accept chain=input comment="ACCEPT THIS Mgmt" src-address-list=\
>> THIS_ADMIN
>> add action=accept chain=output comment="ACCEPT ALL OUTBOUND"
>> add action=drop chain=input comment="DROP ALL OTHER INPUT"
>> 
>> 
>> --
>> Christopher Tyler
>> Senior Network Engineer
>> MTCRE/MTCNA/MTCTCE/MTCWE
>> 
>> Total Highspeed Internet Solutions
>> 1091 W. Kathryn Street
>> Nixa, MO 65714
>> (417) 851-1107 x. 9002
>> [ [ http://www.totalhighspeed.com/ | http://www.totalhighspeed.com/ ] | [
>> http://www.totalhighspeed.com/ | www.totalhighspeed.com ] ]
>> 
>> This institution is an equal opportunity provider and employer.
>> Esta institución es un proveedor de servicios con igualdad de oportunidades.
>> 
>> - Original Message -
>>> From: "Josh Luthman" < [ mailto: [ mailto:j...@imaginenetworksllc.com |
>>> j...@imaginenetworksllc.com ] |
>>> [ mailto:j...@imaginenetworksllc.com | j...@imaginenetworksllc.com ] ] >
>>> To: "AnimalFarm Microwave Users Group" < [ mailto: [ mailto:af@af.afmug.com 
>>> |
>>> af@af.afmug.com ] |
>>> [ mailto:af@af.afmug.com | af@af.afmug.com ] ] >
>>> Sent: Wednesday, May 4, 2022 11:12:55 AM
>>> Subject: Re: [AFMUG] Weird IP issue
>> 
>>> Firewall filter rules?
>>> 
>>> Double check the gateway and subnet on the server.
>>> 
>>> On Wed, May 4, 2022 at 11:17 AM Christopher Tyler < [
>>> mailto: [ mailto: [ mailto:ch...@totalhighspeed.net | 
>>> ch...@totalhighspeed.net ]
>>> | [ mailto:ch...@totalhighspeed.net | ch...@totalhighspeed.net ] ] | [
>>> mailto: [ mailto:ch...@totalhighspeed.net | ch...@totalhighspeed.net ] | [
>>> mailto:ch...@totalhighspeed.net | ch...@totalhighspeed.net ] ] ] > wrote:
>>> 
>>> 
>>> We have one of the new Mikrotik 

Re: [AFMUG] Weird IP issue

[David Sovereen via AF]

Does the server without connectivity have a working default gateway?

Dave

> On May 4, 2022, at 4:00 PM, Christopher Tyler  
> wrote:
> 
> Rebooted both the router and the switch, no joy, issue persists.
> 
> -- 
> Christopher Tyler
> Senior Network Engineer
> MTCRE/MTCNA/MTCTCE/MTCWE
> 
> Total Highspeed Internet Solutions
> 1091 W. Kathryn Street
> Nixa, MO 65714
> (417) 851-1107 x. 9002
> www.totalhighspeed.com
> 
> This institution is an equal opportunity provider and employer.
> Esta institución es un proveedor de servicios con igualdad de oportunidades.
> 
> - Original Message -
>> From: "Adam Moffett" 
>> To: "AnimalFarm Microwave Users Group" 
>> Sent: Wednesday, May 4, 2022 2:50:13 PM
>> Subject: Re: [AFMUG] Weird IP issue
> 
>> If this is a Mikrotik switch, reboot it before you waste a lot of time.
>> 
>> I've seen weird stuff too many times.   I had a CRS317 the other day where we
>> got 98% packet loss to one specific host.  Watching the switch hosts table it
>> seemed like it kept changing it's mind as to which interface that MAC address
>> was on.  Reboot cleared it right up.
>> 
>> -Adam
>> 
>> 
>> -Original Message-
>> From: AF  On Behalf Of Larry Smith
>> Sent: Wednesday, May 04, 2022 12:50 PM
>> To: AnimalFarm Microwave Users Group 
>> Subject: Re: [AFMUG] Weird IP issue
>> 
>> 
>> To verify that, drop the firewall and then test again.
>> If its firewall related it will start working.
>> 
>> --
>> Larry Smith
>> lesm...@ecsis.net
>> 
>> On Wed May 4 2022 11:18, Christopher Tyler wrote:
>>> Very minimal, really just basic input rules, nothing that would block
>>> the IP addresses from getting through. No NAT or Mangle rules on this 
>>> router.
>>> 
>>> /ip firewall filter
>>> add action=accept chain=input comment="ACCEPT ESTABLISHED/RELATED" \
>>>connection-state=established,related
>>> add action=accept chain=input comment="ACCEPT OSPF" protocol=ospf add
>>> action=accept chain=input comment="ACCEPT ICMP (ping)" protocol=icmp
>>> add action=accept chain=input comment="ACCEPT SNMP" dst-port=160-161
>>> protocol=\ udp add action=accept chain=input comment="ACCEPT DHCP"
>>> dst-port=67 protocol=udp add action=accept chain=input comment="Allow
>>> MTIK Bandwidth Test" dst-port=\ 2000-3000 protocol=tcp add
>>> action=accept chain=input comment="Allow MTIK Bandwidth Test"
>>> dst-port=\ 2000-3000 protocol=udp
>>> add action=accept chain=input dst-port=5678 protocol=tcp add
>>> action=accept chain=input comment="ACCEPT THIS Mgmt" src-address-list=\
>>>THIS_ADMIN
>>> add action=accept chain=output comment="ACCEPT ALL OUTBOUND"
>>> add action=drop chain=input comment="DROP ALL OTHER INPUT"
>>> 
>>> 
>>> --
>>> Christopher Tyler
>>> Senior Network Engineer
>>> MTCRE/MTCNA/MTCTCE/MTCWE
>>> 
>>> Total Highspeed Internet Solutions
>>> 1091 W. Kathryn Street
>>> Nixa, MO 65714
>>> (417) 851-1107 x. 9002
>>> www.totalhighspeed.com
>>> 
>>> This institution is an equal opportunity provider and employer.
>>> Esta institución es un proveedor de servicios con igualdad de
>>> oportunidades.
>>> 
>>> - Original Message -
>>> 
 From: "Josh Luthman" 
 To: "AnimalFarm Microwave Users Group" 
 Sent: Wednesday, May 4, 2022 11:12:55 AM
 Subject: Re: [AFMUG] Weird IP issue
 
 Firewall filter rules?
 
 Double check the gateway and subnet on the server.
 
 On Wed, May 4, 2022 at 11:17 AM Christopher Tyler < [
 mailto:ch...@totalhighspeed.net | ch...@totalhighspeed.net ] > wrote:
 
 
 We have one of the new Mikrotik CCR2216-1G-12XS-2XQ routers running
 RouterOS 7.2.1 with a Mikrotik switch (running 6.44.3) hanging off of it.
 I have two servers on that switch both in the the same public IP
 block. I can ping both servers from the router, and they can ping
 each other. One server is globally reachable and the other is not
 reachable other than from the router or switch itself. I plugged in
 my laptop and assigned it an IP in that same range and cannot reach
 it extrenally either. The router is using OSPF and I can see the
 route for that IP block from both sides of the router, but
 traceroutes/pings to anything other than the server that is working
 stop at the router. No vlans or special configuration between the
 router and the switch, just basic IP, all ports on the switch are
 bridged. Forwarded ports (dstnat) don't appear to work from the router 
 either.
 
 I'm stumped, so I figured I would ask if anyone else has seen
 anything like this and have a solution, or am I looking at a
 possible RouterOS 7 issue?
 
 --
 Christopher Tyler
 Senior Network Engineer
 MTCRE/MTCNA/MTCTCE/MTCWE
 
 Total Highspeed Internet Solutions
 1091 W. Kathryn Street
 Nixa, MO 65714
 (417) 851-1107 x. 9002
 [ http://www.totalhighspeed.com/ | www.totalhighspeed.com ]
 
 This institution is an equal opportunity provider and employer.

Re: [AFMUG] Weird IP issue

[Josh Luthman]

>It's a /29 block, ip is x.x.x.x/29 on the router interface to the switch,
/29 in OSPF network as well.

And the servers/laptop?

On Wed, May 4, 2022 at 4:00 PM Christopher Tyler 
wrote:

> That is the export of the entire firewall on that router, there are no
> forward, nat or mangle rules, therefore there shouldn't be anything keeping
> the data from getting to/from anything, let alone blocking all but one IP
> address in the IP range.
>
> It's a /29 block, ip is x.x.x.x/29 on the router interface to the switch,
> /29 in OSPF network as well.
>
> This is why I'm completely stumped, everything looks fine. We're going to
> roll that router back tonight to 7.1.5 the "long term" version to see if
> that does anything.
>
> --
> Christopher Tyler
> Senior Network Engineer
> MTCRE/MTCNA/MTCTCE/MTCWE
>
> Total Highspeed Internet Solutions
> 1091 W. Kathryn Street
> Nixa, MO 65714
> (417) 851-1107 x. 9002
> www.totalhighspeed.com
>
> This institution is an equal opportunity provider and employer.
> Esta institución es un proveedor de servicios con igualdad de
> oportunidades.
>
> - Original Message -
> > From: "Josh Luthman" 
> > To: "AnimalFarm Microwave Users Group" 
> > Sent: Wednesday, May 4, 2022 11:39:22 AM
> > Subject: Re: [AFMUG] Weird IP issue
>
> > Input/output aren't relevant for forward traffic.
> >
> > Are your subnets right everywhere?
> >
> > On Wed, May 4, 2022 at 12:20 PM Christopher Tyler < [
> > mailto:ch...@totalhighspeed.net | ch...@totalhighspeed.net ] > wrote:
> >
> >
> > Very minimal, really just basic input rules, nothing that would block
> the IP
> > addresses from getting through. No NAT or Mangle rules on this router.
> >
> > /ip firewall filter
> > add action=accept chain=input comment="ACCEPT ESTABLISHED/RELATED" \
> > connection-state=established,related
> > add action=accept chain=input comment="ACCEPT OSPF" protocol=ospf
> > add action=accept chain=input comment="ACCEPT ICMP (ping)" protocol=icmp
> > add action=accept chain=input comment="ACCEPT SNMP" dst-port=160-161
> protocol=\
> > udp
> > add action=accept chain=input comment="ACCEPT DHCP" dst-port=67
> protocol=udp
> > add action=accept chain=input comment="Allow MTIK Bandwidth Test"
> dst-port=\
> > 2000-3000 protocol=tcp
> > add action=accept chain=input comment="Allow MTIK Bandwidth Test"
> dst-port=\
> > 2000-3000 protocol=udp
> > add action=accept chain=input dst-port=5678 protocol=tcp
> > add action=accept chain=input comment="ACCEPT THIS Mgmt"
> src-address-list=\
> > THIS_ADMIN
> > add action=accept chain=output comment="ACCEPT ALL OUTBOUND"
> > add action=drop chain=input comment="DROP ALL OTHER INPUT"
> >
> >
> > --
> > Christopher Tyler
> > Senior Network Engineer
> > MTCRE/MTCNA/MTCTCE/MTCWE
> >
> > Total Highspeed Internet Solutions
> > 1091 W. Kathryn Street
> > Nixa, MO 65714
> > (417) 851-1107 x. 9002
> > [ http://www.totalhighspeed.com/ | www.totalhighspeed.com ]
> >
> > This institution is an equal opportunity provider and employer.
> > Esta institución es un proveedor de servicios con igualdad de
> oportunidades.
> >
> > - Original Message -
> >> From: "Josh Luthman" < [ mailto:j...@imaginenetworksllc.com |
> >> j...@imaginenetworksllc.com ] >
> >> To: "AnimalFarm Microwave Users Group" < [ mailto:af@af.afmug.com |
> >> af@af.afmug.com ] >
> >> Sent: Wednesday, May 4, 2022 11:12:55 AM
> >> Subject: Re: [AFMUG] Weird IP issue
> >
> >> Firewall filter rules?
> >>
> >> Double check the gateway and subnet on the server.
> >>
> >> On Wed, May 4, 2022 at 11:17 AM Christopher Tyler < [
> >> mailto: [ mailto:ch...@totalhighspeed.net | ch...@totalhighspeed.net ]
> | [
> >> mailto:ch...@totalhighspeed.net | ch...@totalhighspeed.net ] ] > wrote:
> >>
> >>
> >> We have one of the new Mikrotik CCR2216-1G-12XS-2XQ routers running
> RouterOS
> >> 7.2.1 with a Mikrotik switch (running 6.44.3) hanging off of it. I have
> two
> >> servers on that switch both in the the same public IP block. I can ping
> both
> >> servers from the router, and they can ping each other. One server is
> globally
> >> reachable and the other is not reachable other than from the router or
> switch
> >> itself. I plugged in my laptop and assigned it an IP in that same range
> and
> >> cannot reach it extrenally either. The router is using OSPF and I can
> see the
> >> route for that IP block from both sides of the router, but
> traceroutes/pings to
> >> anything other than the server that is working stop at the router. No
> vlans or
> >> special configuration between the router and the switch, just basic IP,
> all
> >> ports on the switch are bridged. Forwarded ports (dstnat) don't appear
> to work
> >> from the router either.
> >>
> >> I'm stumped, so I figured I would ask if anyone else has seen anything
> like this
> >> and have a solution, or am I looking at a possible RouterOS 7 issue?
> >>
> >> --
> >> Christopher Tyler
> >> Senior Network Engineer
> >> MTCRE/MTCNA/MTCTCE/MTCWE
> >>
> >> Total Highspeed Internet Solutions
> 

Re: [AFMUG] Weird IP issue

[Christopher Tyler]

Rebooted both the router and the switch, no joy, issue persists.

-- 
Christopher Tyler
Senior Network Engineer
MTCRE/MTCNA/MTCTCE/MTCWE

Total Highspeed Internet Solutions
1091 W. Kathryn Street
Nixa, MO 65714
(417) 851-1107 x. 9002
www.totalhighspeed.com

This institution is an equal opportunity provider and employer.
Esta institución es un proveedor de servicios con igualdad de oportunidades.

- Original Message -
> From: "Adam Moffett" 
> To: "AnimalFarm Microwave Users Group" 
> Sent: Wednesday, May 4, 2022 2:50:13 PM
> Subject: Re: [AFMUG] Weird IP issue

> If this is a Mikrotik switch, reboot it before you waste a lot of time.
> 
> I've seen weird stuff too many times.   I had a CRS317 the other day where we
> got 98% packet loss to one specific host.  Watching the switch hosts table it
> seemed like it kept changing it's mind as to which interface that MAC address
> was on.  Reboot cleared it right up.
> 
> -Adam
> 
> 
> -Original Message-
> From: AF  On Behalf Of Larry Smith
> Sent: Wednesday, May 04, 2022 12:50 PM
> To: AnimalFarm Microwave Users Group 
> Subject: Re: [AFMUG] Weird IP issue
> 
> 
> To verify that, drop the firewall and then test again.
> If its firewall related it will start working.
> 
> --
> Larry Smith
> lesm...@ecsis.net
> 
> On Wed May 4 2022 11:18, Christopher Tyler wrote:
>> Very minimal, really just basic input rules, nothing that would block
>> the IP addresses from getting through. No NAT or Mangle rules on this router.
>>
>> /ip firewall filter
>> add action=accept chain=input comment="ACCEPT ESTABLISHED/RELATED" \
>> connection-state=established,related
>> add action=accept chain=input comment="ACCEPT OSPF" protocol=ospf add
>> action=accept chain=input comment="ACCEPT ICMP (ping)" protocol=icmp
>> add action=accept chain=input comment="ACCEPT SNMP" dst-port=160-161
>> protocol=\ udp add action=accept chain=input comment="ACCEPT DHCP"
>> dst-port=67 protocol=udp add action=accept chain=input comment="Allow
>> MTIK Bandwidth Test" dst-port=\ 2000-3000 protocol=tcp add
>> action=accept chain=input comment="Allow MTIK Bandwidth Test"
>> dst-port=\ 2000-3000 protocol=udp
>> add action=accept chain=input dst-port=5678 protocol=tcp add
>> action=accept chain=input comment="ACCEPT THIS Mgmt" src-address-list=\
>> THIS_ADMIN
>> add action=accept chain=output comment="ACCEPT ALL OUTBOUND"
>> add action=drop chain=input comment="DROP ALL OTHER INPUT"
>>
>>
>> --
>> Christopher Tyler
>> Senior Network Engineer
>> MTCRE/MTCNA/MTCTCE/MTCWE
>>
>> Total Highspeed Internet Solutions
>> 1091 W. Kathryn Street
>> Nixa, MO 65714
>> (417) 851-1107 x. 9002
>> www.totalhighspeed.com
>>
>> This institution is an equal opportunity provider and employer.
>> Esta institución es un proveedor de servicios con igualdad de
>> oportunidades.
>>
>> - Original Message -
>>
>> > From: "Josh Luthman" 
>> > To: "AnimalFarm Microwave Users Group" 
>> > Sent: Wednesday, May 4, 2022 11:12:55 AM
>> > Subject: Re: [AFMUG] Weird IP issue
>> >
>> > Firewall filter rules?
>> >
>> > Double check the gateway and subnet on the server.
>> >
>> > On Wed, May 4, 2022 at 11:17 AM Christopher Tyler < [
>> > mailto:ch...@totalhighspeed.net | ch...@totalhighspeed.net ] > wrote:
>> >
>> >
>> > We have one of the new Mikrotik CCR2216-1G-12XS-2XQ routers running
>> > RouterOS 7.2.1 with a Mikrotik switch (running 6.44.3) hanging off of it.
>> > I have two servers on that switch both in the the same public IP
>> > block. I can ping both servers from the router, and they can ping
>> > each other. One server is globally reachable and the other is not
>> > reachable other than from the router or switch itself. I plugged in
>> > my laptop and assigned it an IP in that same range and cannot reach
>> > it extrenally either. The router is using OSPF and I can see the
>> > route for that IP block from both sides of the router, but
>> > traceroutes/pings to anything other than the server that is working
>> > stop at the router. No vlans or special configuration between the
>> > router and the switch, just basic IP, all ports on the switch are
>> > bridged. Forwarded ports (dstnat) don't appear to work from the router 
>> > either.
>> >
>> > I'm stumped, so I figured I would ask if anyone else has seen
>> > anything like this and have a solution, or am I looking at a
>> > possible RouterOS 7 issue?
>> >
>> > --
>> > Christopher Tyler
>> > Senior Network Engineer
>> > MTCRE/MTCNA/MTCTCE/MTCWE
>> >
>> > Total Highspeed Internet Solutions
>> > 1091 W. Kathryn Street
>> > Nixa, MO 65714
>> > (417) 851-1107 x. 9002
>> > [ http://www.totalhighspeed.com/ | www.totalhighspeed.com ]
>> >
>> > This institution is an equal opportunity provider and employer.
>> > Esta institución es un proveedor de servicios con igualdad de
>> > oportunidades.
>> >
>> > --
>> > AF mailing list
>> > [ mailto:AF@af.afmug.com | AF@af.afmug.com ] [
>> > http://af.afmug.com/mailman/listinfo/af_af.afmug.com |
>> > 

Re: [AFMUG] Weird IP issue

[Christopher Tyler]

That is the export of the entire firewall on that router, there are no forward, 
nat or mangle rules, therefore there shouldn't be anything keeping the data 
from getting to/from anything, let alone blocking all but one IP address in the 
IP range.

It's a /29 block, ip is x.x.x.x/29 on the router interface to the switch, /29 
in OSPF network as well.

This is why I'm completely stumped, everything looks fine. We're going to roll 
that router back tonight to 7.1.5 the "long term" version to see if that does 
anything.

-- 
Christopher Tyler
Senior Network Engineer
MTCRE/MTCNA/MTCTCE/MTCWE

Total Highspeed Internet Solutions
1091 W. Kathryn Street
Nixa, MO 65714
(417) 851-1107 x. 9002
www.totalhighspeed.com

This institution is an equal opportunity provider and employer.
Esta institución es un proveedor de servicios con igualdad de oportunidades.

- Original Message -
> From: "Josh Luthman" 
> To: "AnimalFarm Microwave Users Group" 
> Sent: Wednesday, May 4, 2022 11:39:22 AM
> Subject: Re: [AFMUG] Weird IP issue

> Input/output aren't relevant for forward traffic.
> 
> Are your subnets right everywhere?
> 
> On Wed, May 4, 2022 at 12:20 PM Christopher Tyler < [
> mailto:ch...@totalhighspeed.net | ch...@totalhighspeed.net ] > wrote:
> 
> 
> Very minimal, really just basic input rules, nothing that would block the IP
> addresses from getting through. No NAT or Mangle rules on this router.
> 
> /ip firewall filter
> add action=accept chain=input comment="ACCEPT ESTABLISHED/RELATED" \
> connection-state=established,related
> add action=accept chain=input comment="ACCEPT OSPF" protocol=ospf
> add action=accept chain=input comment="ACCEPT ICMP (ping)" protocol=icmp
> add action=accept chain=input comment="ACCEPT SNMP" dst-port=160-161 
> protocol=\
> udp
> add action=accept chain=input comment="ACCEPT DHCP" dst-port=67 protocol=udp
> add action=accept chain=input comment="Allow MTIK Bandwidth Test" dst-port=\
> 2000-3000 protocol=tcp
> add action=accept chain=input comment="Allow MTIK Bandwidth Test" dst-port=\
> 2000-3000 protocol=udp
> add action=accept chain=input dst-port=5678 protocol=tcp
> add action=accept chain=input comment="ACCEPT THIS Mgmt" src-address-list=\
> THIS_ADMIN
> add action=accept chain=output comment="ACCEPT ALL OUTBOUND"
> add action=drop chain=input comment="DROP ALL OTHER INPUT"
> 
> 
> --
> Christopher Tyler
> Senior Network Engineer
> MTCRE/MTCNA/MTCTCE/MTCWE
> 
> Total Highspeed Internet Solutions
> 1091 W. Kathryn Street
> Nixa, MO 65714
> (417) 851-1107 x. 9002
> [ http://www.totalhighspeed.com/ | www.totalhighspeed.com ]
> 
> This institution is an equal opportunity provider and employer.
> Esta institución es un proveedor de servicios con igualdad de oportunidades.
> 
> - Original Message -
>> From: "Josh Luthman" < [ mailto:j...@imaginenetworksllc.com |
>> j...@imaginenetworksllc.com ] >
>> To: "AnimalFarm Microwave Users Group" < [ mailto:af@af.afmug.com |
>> af@af.afmug.com ] >
>> Sent: Wednesday, May 4, 2022 11:12:55 AM
>> Subject: Re: [AFMUG] Weird IP issue
> 
>> Firewall filter rules?
>> 
>> Double check the gateway and subnet on the server.
>> 
>> On Wed, May 4, 2022 at 11:17 AM Christopher Tyler < [
>> mailto: [ mailto:ch...@totalhighspeed.net | ch...@totalhighspeed.net ] | [
>> mailto:ch...@totalhighspeed.net | ch...@totalhighspeed.net ] ] > wrote:
>> 
>> 
>> We have one of the new Mikrotik CCR2216-1G-12XS-2XQ routers running RouterOS
>> 7.2.1 with a Mikrotik switch (running 6.44.3) hanging off of it. I have two
>> servers on that switch both in the the same public IP block. I can ping both
>> servers from the router, and they can ping each other. One server is globally
>> reachable and the other is not reachable other than from the router or switch
>> itself. I plugged in my laptop and assigned it an IP in that same range and
>> cannot reach it extrenally either. The router is using OSPF and I can see the
>> route for that IP block from both sides of the router, but traceroutes/pings 
>> to
>> anything other than the server that is working stop at the router. No vlans 
>> or
>> special configuration between the router and the switch, just basic IP, all
>> ports on the switch are bridged. Forwarded ports (dstnat) don't appear to 
>> work
>> from the router either.
>> 
>> I'm stumped, so I figured I would ask if anyone else has seen anything like 
>> this
>> and have a solution, or am I looking at a possible RouterOS 7 issue?
>> 
>> --
>> Christopher Tyler
>> Senior Network Engineer
>> MTCRE/MTCNA/MTCTCE/MTCWE
>> 
>> Total Highspeed Internet Solutions
>> 1091 W. Kathryn Street
>> Nixa, MO 65714
>> (417) 851-1107 x. 9002
>> [ [ http://www.totalhighspeed.com/ | http://www.totalhighspeed.com/ ] | [
>> http://www.totalhighspeed.com/ | www.totalhighspeed.com ] ]
>> 
>> This institution is an equal opportunity provider and employer.
>> Esta institución es un proveedor de servicios con igualdad de oportunidades.
>> 
>> --
>> AF mailing list
>> [ mailto: [ 

Re: [AFMUG] Cambium Timing

[dmmoffett]

You have the proper name…..Ctl Req Success was how I labeled my chart.

 

In any case, I’m reasonably sure it’s showing the % of upload bandwidth 
requests which were handled successfully.  Those requests come in during the 
control slot using a contention based method.  So it’s possible to have 
collisions during that period and you’ll see that as jitter.

 

-Adam

 

 

From: AF  On Behalf Of Carl Peterson
Sent: Wednesday, May 04, 2022 11:25 AM
To: AnimalFarm Microwave Users Group 
Subject: Re: [AFMUG] Cambium Timing

 

is 1.3.6.1.4.1.161.19.3.1.12.1.19.0 frUtlLowIntervalBwReqPercentage or Ctl Req 
Success?  

 

On Wed, May 4, 2022 at 9:44 AM mailto:dmmoff...@gmail.com> > wrote:

The value to watch for that is Ctl Req Success.  OID 
1.3.6.1.4.1.161.19.3.1.12.1.19.0

Even with 8 control slots I see that fall to 70% or so at peak times on the 
busier AP’s.  That means some of the SM’s were not able to request an upload 
timeslot, which means whatever they’re wanting to upload is waiting for at 
least another frame.  If it’s realtime traffic (VOIP) then the delay might 
matter.

 

I’ll pass the conch to whoever wants to argue for lower control slots, but I 
made my choice and I’m sticking to it.

 

 

From: dmmoff...@gmail.com   mailto:dmmoff...@gmail.com> > 
Sent: Wednesday, May 04, 2022 10:34 AM
To: 'AnimalFarm Microwave Users Group' mailto:af@af.afmug.com> >
Subject: RE: [AFMUG] Cambium Timing

 

1.  Some AP’s have few SM’s, some have many SM’s.  I need timing to match 
either way.
2.  Contention over control slots could cause jitter.  I don’t want jitter, 
and there’s not that much cost to having a few more control slots….see point 3.
3.  There’s only a 4% difference between 1 control slot and 8 control 
slots.  If you want to fight for that 4% then go for it, but channel size and 
frame size are the battles I really want to win.

 

 

 

 

From: AF mailto:af-boun...@af.afmug.com> > On Behalf 
Of Carl Peterson
Sent: Wednesday, May 04, 2022 10:24 AM
To: AnimalFarm Microwave Users Group mailto:af@af.afmug.com> >
Subject: Re: [AFMUG] Cambium Timing

 

Why 8 control slots?  Cambium recommends starting with 8 for over 150 subs per 
sector which seems like an insane number of subs on anything but M.  

 

On Wed, May 4, 2022 at 9:15 AM mailto:dmmoff...@gmail.com> > wrote:

In case it’s not obvious, the 5mhz “receive start” happens before the 30mhz 
“transmit end”.  So the 30mhz AP is going to cause uplink interference on the 
5mhz AP…..assuming there’s channel overlap.

 

 

From: dmmoff...@gmail.com   mailto:dmmoff...@gmail.com> > 
Sent: Wednesday, May 04, 2022 10:10 AM
To: 'AnimalFarm Microwave Users Group' mailto:af@af.afmug.com> >
Subject: RE: [AFMUG] Cambium Timing

 

I don’t know specifically how.

 

But here’s frame calculator result for 30mhz, 75%, 10 miles, 8 control slots:
AP Antenna Transmit End : 34161, 3.416176 ms
AP Antenna Receive Start : 36530, 3.653073 ms
AP Antenna Receive End : 49175

 

Now same at 5mhz:

AP Antenna Transmit End : 27916, 2.791688 ms
AP Antenna Receive Start : 30551, 3.055120 ms
AP Antenna Receive End : 49104

 

Not even close to a match.  If you haven’t been adjusting for channel size 
you’d better double check yours.

 

 

From: AF mailto:af-boun...@af.afmug.com> > On Behalf 
Of castarritt
Sent: Wednesday, May 04, 2022 10:04 AM
To: AnimalFarm Microwave Users Group mailto:af@af.afmug.com> >
Subject: Re: [AFMUG] Cambium Timing

 

How does channel width affect timing?

 

On Wed, May 4, 2022 at 7:39 AM mailto:dmmoff...@gmail.com> > wrote:

Yes, those all match.  The new challenge is comparing different channel sizes.  

 

 

From: AF mailto:af-boun...@af.afmug.com> > On Behalf 
Of Carl Peterson
Sent: Tuesday, May 03, 2022 11:14 AM
To: AnimalFarm Microwave Users Group mailto:af@af.afmug.com> >
Subject: [AFMUG] Cambium Timing

 

We still have our cambium network timed as if it were collocated with legacy 
100 gear but the 100 gear is long gone so I'm looking to re-time everything. 

 

Not finding colocation info about 450M, 450, 450i.  Is timing all the same on 
them?  Seems to be but I haven't done this in over a decade.  


 

 

-- 
AF mailing list
AF@af.afmug.com  
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

-- 
AF mailing list
AF@af.afmug.com  
http://af.afmug.com/mailman/listinfo/af_af.afmug.com




 

-- 

Carl Peterson

PORT NETWORKS

401 E Pratt St, Ste 2553

Baltimore, MD 21202

(410) 637-3707 

-- 
AF mailing list
AF@af.afmug.com  
http://af.afmug.com/mailman/listinfo/af_af.afmug.com




 

-- 

Carl Peterson

PORT NETWORKS

401 E Pratt St, Ste 2553

Baltimore, MD 21202

(410) 637-3707 

-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Weird IP issue

[dmmoffett]

If this is a Mikrotik switch, reboot it before you waste a lot of time.

I've seen weird stuff too many times.   I had a CRS317 the other day where we 
got 98% packet loss to one specific host.  Watching the switch hosts table it 
seemed like it kept changing it's mind as to which interface that MAC address 
was on.  Reboot cleared it right up.

-Adam


-Original Message-
From: AF  On Behalf Of Larry Smith
Sent: Wednesday, May 04, 2022 12:50 PM
To: AnimalFarm Microwave Users Group 
Subject: Re: [AFMUG] Weird IP issue


To verify that, drop the firewall and then test again.
If its firewall related it will start working.

--
Larry Smith
lesm...@ecsis.net

On Wed May 4 2022 11:18, Christopher Tyler wrote:
> Very minimal, really just basic input rules, nothing that would block 
> the IP addresses from getting through. No NAT or Mangle rules on this router.
>
> /ip firewall filter
> add action=accept chain=input comment="ACCEPT ESTABLISHED/RELATED" \
> connection-state=established,related
> add action=accept chain=input comment="ACCEPT OSPF" protocol=ospf add 
> action=accept chain=input comment="ACCEPT ICMP (ping)" protocol=icmp 
> add action=accept chain=input comment="ACCEPT SNMP" dst-port=160-161 
> protocol=\ udp add action=accept chain=input comment="ACCEPT DHCP" 
> dst-port=67 protocol=udp add action=accept chain=input comment="Allow 
> MTIK Bandwidth Test" dst-port=\ 2000-3000 protocol=tcp add 
> action=accept chain=input comment="Allow MTIK Bandwidth Test"
> dst-port=\ 2000-3000 protocol=udp
> add action=accept chain=input dst-port=5678 protocol=tcp add 
> action=accept chain=input comment="ACCEPT THIS Mgmt" src-address-list=\
> THIS_ADMIN
> add action=accept chain=output comment="ACCEPT ALL OUTBOUND"
> add action=drop chain=input comment="DROP ALL OTHER INPUT"
>
>
> --
> Christopher Tyler
> Senior Network Engineer
> MTCRE/MTCNA/MTCTCE/MTCWE
>
> Total Highspeed Internet Solutions
> 1091 W. Kathryn Street
> Nixa, MO 65714
> (417) 851-1107 x. 9002
> www.totalhighspeed.com
>
> This institution is an equal opportunity provider and employer.
> Esta institución es un proveedor de servicios con igualdad de 
> oportunidades.
>
> - Original Message -
>
> > From: "Josh Luthman" 
> > To: "AnimalFarm Microwave Users Group" 
> > Sent: Wednesday, May 4, 2022 11:12:55 AM
> > Subject: Re: [AFMUG] Weird IP issue
> >
> > Firewall filter rules?
> >
> > Double check the gateway and subnet on the server.
> >
> > On Wed, May 4, 2022 at 11:17 AM Christopher Tyler < [ 
> > mailto:ch...@totalhighspeed.net | ch...@totalhighspeed.net ] > wrote:
> >
> >
> > We have one of the new Mikrotik CCR2216-1G-12XS-2XQ routers running 
> > RouterOS 7.2.1 with a Mikrotik switch (running 6.44.3) hanging off of it.
> > I have two servers on that switch both in the the same public IP 
> > block. I can ping both servers from the router, and they can ping 
> > each other. One server is globally reachable and the other is not 
> > reachable other than from the router or switch itself. I plugged in 
> > my laptop and assigned it an IP in that same range and cannot reach 
> > it extrenally either. The router is using OSPF and I can see the 
> > route for that IP block from both sides of the router, but 
> > traceroutes/pings to anything other than the server that is working 
> > stop at the router. No vlans or special configuration between the 
> > router and the switch, just basic IP, all ports on the switch are 
> > bridged. Forwarded ports (dstnat) don't appear to work from the router 
> > either.
> >
> > I'm stumped, so I figured I would ask if anyone else has seen 
> > anything like this and have a solution, or am I looking at a 
> > possible RouterOS 7 issue?
> >
> > --
> > Christopher Tyler
> > Senior Network Engineer
> > MTCRE/MTCNA/MTCTCE/MTCWE
> >
> > Total Highspeed Internet Solutions
> > 1091 W. Kathryn Street
> > Nixa, MO 65714
> > (417) 851-1107 x. 9002
> > [ http://www.totalhighspeed.com/ | www.totalhighspeed.com ]
> >
> > This institution is an equal opportunity provider and employer.
> > Esta institución es un proveedor de servicios con igualdad de 
> > oportunidades.
> >
> > --
> > AF mailing list
> > [ mailto:AF@af.afmug.com | AF@af.afmug.com ] [ 
> > http://af.afmug.com/mailman/listinfo/af_af.afmug.com | 
> > http://af.afmug.com/mailman/listinfo/af_af.afmug.com ]
> >
> > --
> > AF mailing list
> > AF@af.afmug.com
> > http://af.afmug.com/mailman/listinfo/af_af.afmug.com

--
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com


-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Weird IP issue

[Larry Smith]

To verify that, drop the firewall and then test again.
If its firewall related it will start working.

-- 
Larry Smith
lesm...@ecsis.net

On Wed May 4 2022 11:18, Christopher Tyler wrote:
> Very minimal, really just basic input rules, nothing that would block the
> IP addresses from getting through. No NAT or Mangle rules on this router.
>
> /ip firewall filter
> add action=accept chain=input comment="ACCEPT ESTABLISHED/RELATED" \
> connection-state=established,related
> add action=accept chain=input comment="ACCEPT OSPF" protocol=ospf
> add action=accept chain=input comment="ACCEPT ICMP (ping)" protocol=icmp
> add action=accept chain=input comment="ACCEPT SNMP" dst-port=160-161
> protocol=\ udp
> add action=accept chain=input comment="ACCEPT DHCP" dst-port=67
> protocol=udp add action=accept chain=input comment="Allow MTIK Bandwidth
> Test" dst-port=\ 2000-3000 protocol=tcp
> add action=accept chain=input comment="Allow MTIK Bandwidth Test"
> dst-port=\ 2000-3000 protocol=udp
> add action=accept chain=input dst-port=5678 protocol=tcp
> add action=accept chain=input comment="ACCEPT THIS Mgmt" src-address-list=\
> THIS_ADMIN
> add action=accept chain=output comment="ACCEPT ALL OUTBOUND"
> add action=drop chain=input comment="DROP ALL OTHER INPUT"
>
>
> --
> Christopher Tyler
> Senior Network Engineer
> MTCRE/MTCNA/MTCTCE/MTCWE
>
> Total Highspeed Internet Solutions
> 1091 W. Kathryn Street
> Nixa, MO 65714
> (417) 851-1107 x. 9002
> www.totalhighspeed.com
>
> This institution is an equal opportunity provider and employer.
> Esta institución es un proveedor de servicios con igualdad de
> oportunidades.
>
> - Original Message -
>
> > From: "Josh Luthman" 
> > To: "AnimalFarm Microwave Users Group" 
> > Sent: Wednesday, May 4, 2022 11:12:55 AM
> > Subject: Re: [AFMUG] Weird IP issue
> >
> > Firewall filter rules?
> >
> > Double check the gateway and subnet on the server.
> >
> > On Wed, May 4, 2022 at 11:17 AM Christopher Tyler < [
> > mailto:ch...@totalhighspeed.net | ch...@totalhighspeed.net ] > wrote:
> >
> >
> > We have one of the new Mikrotik CCR2216-1G-12XS-2XQ routers running
> > RouterOS 7.2.1 with a Mikrotik switch (running 6.44.3) hanging off of it.
> > I have two servers on that switch both in the the same public IP block. I
> > can ping both servers from the router, and they can ping each other. One
> > server is globally reachable and the other is not reachable other than
> > from the router or switch itself. I plugged in my laptop and assigned it
> > an IP in that same range and cannot reach it extrenally either. The
> > router is using OSPF and I can see the route for that IP block from both
> > sides of the router, but traceroutes/pings to anything other than the
> > server that is working stop at the router. No vlans or special
> > configuration between the router and the switch, just basic IP, all ports
> > on the switch are bridged. Forwarded ports (dstnat) don't appear to work
> > from the router either.
> >
> > I'm stumped, so I figured I would ask if anyone else has seen anything
> > like this and have a solution, or am I looking at a possible RouterOS 7
> > issue?
> >
> > --
> > Christopher Tyler
> > Senior Network Engineer
> > MTCRE/MTCNA/MTCTCE/MTCWE
> >
> > Total Highspeed Internet Solutions
> > 1091 W. Kathryn Street
> > Nixa, MO 65714
> > (417) 851-1107 x. 9002
> > [ http://www.totalhighspeed.com/ | www.totalhighspeed.com ]
> >
> > This institution is an equal opportunity provider and employer.
> > Esta institución es un proveedor de servicios con igualdad de
> > oportunidades.
> >
> > --
> > AF mailing list
> > [ mailto:AF@af.afmug.com | AF@af.afmug.com ]
> > [ http://af.afmug.com/mailman/listinfo/af_af.afmug.com |
> > http://af.afmug.com/mailman/listinfo/af_af.afmug.com ]
> >
> > --
> > AF mailing list
> > AF@af.afmug.com
> > http://af.afmug.com/mailman/listinfo/af_af.afmug.com

-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Weird IP issue

[Josh Luthman]

Input/output aren't relevant for forward traffic.

Are your subnets right everywhere?

On Wed, May 4, 2022 at 12:20 PM Christopher Tyler 
wrote:

> Very minimal, really just basic input rules, nothing that would block the
> IP addresses from getting through. No NAT or Mangle rules on this router.
>
> /ip firewall filter
> add action=accept chain=input comment="ACCEPT ESTABLISHED/RELATED" \
> connection-state=established,related
> add action=accept chain=input comment="ACCEPT OSPF" protocol=ospf
> add action=accept chain=input comment="ACCEPT ICMP (ping)" protocol=icmp
> add action=accept chain=input comment="ACCEPT SNMP" dst-port=160-161
> protocol=\
> udp
> add action=accept chain=input comment="ACCEPT DHCP" dst-port=67
> protocol=udp
> add action=accept chain=input comment="Allow MTIK Bandwidth Test"
> dst-port=\
> 2000-3000 protocol=tcp
> add action=accept chain=input comment="Allow MTIK Bandwidth Test"
> dst-port=\
> 2000-3000 protocol=udp
> add action=accept chain=input dst-port=5678 protocol=tcp
> add action=accept chain=input comment="ACCEPT THIS Mgmt" src-address-list=\
> THIS_ADMIN
> add action=accept chain=output comment="ACCEPT ALL OUTBOUND"
> add action=drop chain=input comment="DROP ALL OTHER INPUT"
>
>
> --
> Christopher Tyler
> Senior Network Engineer
> MTCRE/MTCNA/MTCTCE/MTCWE
>
> Total Highspeed Internet Solutions
> 1091 W. Kathryn Street
> Nixa, MO 65714
> (417) 851-1107 x. 9002
> www.totalhighspeed.com
>
> This institution is an equal opportunity provider and employer.
> Esta institución es un proveedor de servicios con igualdad de
> oportunidades.
>
> - Original Message -
> > From: "Josh Luthman" 
> > To: "AnimalFarm Microwave Users Group" 
> > Sent: Wednesday, May 4, 2022 11:12:55 AM
> > Subject: Re: [AFMUG] Weird IP issue
>
> > Firewall filter rules?
> >
> > Double check the gateway and subnet on the server.
> >
> > On Wed, May 4, 2022 at 11:17 AM Christopher Tyler < [
> > mailto:ch...@totalhighspeed.net | ch...@totalhighspeed.net ] > wrote:
> >
> >
> > We have one of the new Mikrotik CCR2216-1G-12XS-2XQ routers running
> RouterOS
> > 7.2.1 with a Mikrotik switch (running 6.44.3) hanging off of it. I have
> two
> > servers on that switch both in the the same public IP block. I can ping
> both
> > servers from the router, and they can ping each other. One server is
> globally
> > reachable and the other is not reachable other than from the router or
> switch
> > itself. I plugged in my laptop and assigned it an IP in that same range
> and
> > cannot reach it extrenally either. The router is using OSPF and I can
> see the
> > route for that IP block from both sides of the router, but
> traceroutes/pings to
> > anything other than the server that is working stop at the router. No
> vlans or
> > special configuration between the router and the switch, just basic IP,
> all
> > ports on the switch are bridged. Forwarded ports (dstnat) don't appear
> to work
> > from the router either.
> >
> > I'm stumped, so I figured I would ask if anyone else has seen anything
> like this
> > and have a solution, or am I looking at a possible RouterOS 7 issue?
> >
> > --
> > Christopher Tyler
> > Senior Network Engineer
> > MTCRE/MTCNA/MTCTCE/MTCWE
> >
> > Total Highspeed Internet Solutions
> > 1091 W. Kathryn Street
> > Nixa, MO 65714
> > (417) 851-1107 x. 9002
> > [ http://www.totalhighspeed.com/ | www.totalhighspeed.com ]
> >
> > This institution is an equal opportunity provider and employer.
> > Esta institución es un proveedor de servicios con igualdad de
> oportunidades.
> >
> > --
> > AF mailing list
> > [ mailto:AF@af.afmug.com | AF@af.afmug.com ]
> > [ http://af.afmug.com/mailman/listinfo/af_af.afmug.com |
> > http://af.afmug.com/mailman/listinfo/af_af.afmug.com ]
> >
> > --
> > AF mailing list
> > AF@af.afmug.com
> > http://af.afmug.com/mailman/listinfo/af_af.afmug.com
>
> --
> AF mailing list
> AF@af.afmug.com
> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
>
-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Weird IP issue

[Christopher Tyler]

Very minimal, really just basic input rules, nothing that would block the IP 
addresses from getting through. No NAT or Mangle rules on this router.

/ip firewall filter
add action=accept chain=input comment="ACCEPT ESTABLISHED/RELATED" \
connection-state=established,related
add action=accept chain=input comment="ACCEPT OSPF" protocol=ospf
add action=accept chain=input comment="ACCEPT ICMP (ping)" protocol=icmp
add action=accept chain=input comment="ACCEPT SNMP" dst-port=160-161 protocol=\
udp
add action=accept chain=input comment="ACCEPT DHCP" dst-port=67 protocol=udp
add action=accept chain=input comment="Allow MTIK Bandwidth Test" dst-port=\
2000-3000 protocol=tcp
add action=accept chain=input comment="Allow MTIK Bandwidth Test" dst-port=\
2000-3000 protocol=udp
add action=accept chain=input dst-port=5678 protocol=tcp
add action=accept chain=input comment="ACCEPT THIS Mgmt" src-address-list=\
THIS_ADMIN
add action=accept chain=output comment="ACCEPT ALL OUTBOUND"
add action=drop chain=input comment="DROP ALL OTHER INPUT"


-- 
Christopher Tyler
Senior Network Engineer
MTCRE/MTCNA/MTCTCE/MTCWE

Total Highspeed Internet Solutions
1091 W. Kathryn Street
Nixa, MO 65714
(417) 851-1107 x. 9002
www.totalhighspeed.com

This institution is an equal opportunity provider and employer.
Esta institución es un proveedor de servicios con igualdad de oportunidades.

- Original Message -
> From: "Josh Luthman" 
> To: "AnimalFarm Microwave Users Group" 
> Sent: Wednesday, May 4, 2022 11:12:55 AM
> Subject: Re: [AFMUG] Weird IP issue

> Firewall filter rules?
> 
> Double check the gateway and subnet on the server.
> 
> On Wed, May 4, 2022 at 11:17 AM Christopher Tyler < [
> mailto:ch...@totalhighspeed.net | ch...@totalhighspeed.net ] > wrote:
> 
> 
> We have one of the new Mikrotik CCR2216-1G-12XS-2XQ routers running RouterOS
> 7.2.1 with a Mikrotik switch (running 6.44.3) hanging off of it. I have two
> servers on that switch both in the the same public IP block. I can ping both
> servers from the router, and they can ping each other. One server is globally
> reachable and the other is not reachable other than from the router or switch
> itself. I plugged in my laptop and assigned it an IP in that same range and
> cannot reach it extrenally either. The router is using OSPF and I can see the
> route for that IP block from both sides of the router, but traceroutes/pings 
> to
> anything other than the server that is working stop at the router. No vlans or
> special configuration between the router and the switch, just basic IP, all
> ports on the switch are bridged. Forwarded ports (dstnat) don't appear to work
> from the router either.
> 
> I'm stumped, so I figured I would ask if anyone else has seen anything like 
> this
> and have a solution, or am I looking at a possible RouterOS 7 issue?
> 
> --
> Christopher Tyler
> Senior Network Engineer
> MTCRE/MTCNA/MTCTCE/MTCWE
> 
> Total Highspeed Internet Solutions
> 1091 W. Kathryn Street
> Nixa, MO 65714
> (417) 851-1107 x. 9002
> [ http://www.totalhighspeed.com/ | www.totalhighspeed.com ]
> 
> This institution is an equal opportunity provider and employer.
> Esta institución es un proveedor de servicios con igualdad de oportunidades.
> 
> --
> AF mailing list
> [ mailto:AF@af.afmug.com | AF@af.afmug.com ]
> [ http://af.afmug.com/mailman/listinfo/af_af.afmug.com |
> http://af.afmug.com/mailman/listinfo/af_af.afmug.com ]
> 
> --
> AF mailing list
> AF@af.afmug.com
> http://af.afmug.com/mailman/listinfo/af_af.afmug.com

-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Weird IP issue

[Josh Luthman]

Firewall filter rules?

Double check the gateway and subnet on the server.

On Wed, May 4, 2022 at 11:17 AM Christopher Tyler 
wrote:

> We have one of the new Mikrotik CCR2216-1G-12XS-2XQ routers running
> RouterOS 7.2.1 with a Mikrotik switch (running 6.44.3) hanging off of it. I
> have two servers on that switch both in the the same public IP block. I can
> ping both servers from the router, and they can ping each other. One server
> is globally reachable and the other is not reachable other than from the
> router or switch itself. I plugged in my laptop and assigned it an IP in
> that same range and cannot reach it extrenally either. The router is using
> OSPF and I can see the route for that IP block from both sides of the
> router, but traceroutes/pings to anything other than the server that is
> working stop at the router. No vlans or special configuration between the
> router and the switch, just basic IP, all ports on the switch are bridged.
> Forwarded ports (dstnat) don't appear to work from the router either.
>
> I'm stumped, so I figured I would ask if anyone else has seen anything
> like this and have a solution, or am I looking at a possible RouterOS 7
> issue?
>
> --
> Christopher Tyler
> Senior Network Engineer
> MTCRE/MTCNA/MTCTCE/MTCWE
>
> Total Highspeed Internet Solutions
> 1091 W. Kathryn Street
> Nixa, MO 65714
> (417) 851-1107 x. 9002
> www.totalhighspeed.com
>
> This institution is an equal opportunity provider and employer.
> Esta institución es un proveedor de servicios con igualdad de
> oportunidades.
>
> --
> AF mailing list
> AF@af.afmug.com
> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
>
-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] UniFi migrate to cloud key

[Craig Baird]

You can either forget them and re-adopt on the cloud key or you can back up
the old controller and restore it to the cloud key (they should both be
running the same software version if you do that.) If you forget and
re-adopt you’ll have to reconfigure everything. If you backup and restore,
all the config migrates and it all works like it did before. If the old
controller is dead and you don’t have a backup you’ll need to physically
reset all the devices unless you know the device SSH credentials that were
configured in the old controller. If you know that, you can adopt them on
the new controller without having to reset.

Craig


On Wed, May 4, 2022 at 9:09 AM  wrote:

> If a unifi network is already managed in a unifi server and then someone
> comes along and plugs in a cloud key on the LAN, can you then just adopt
> all the stuff into the cloud key?  Or do you have to “forget” them on the
> server first?
>
>
>
> -Adam
>
>
> --
> AF mailing list
> AF@af.afmug.com
> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
>
-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Cambium Timing

[Carl Peterson]

is 1.3.6.1.4.1.161.19.3.1.12.1.19.0 frUtlLowIntervalBwReqPercentage or Ctl
Req Success?

On Wed, May 4, 2022 at 9:44 AM  wrote:

> The value to watch for that is Ctl Req Success.  OID
> 1.3.6.1.4.1.161.19.3.1.12.1.19.0
>
> Even with 8 control slots I see that fall to 70% or so at peak times on
> the busier AP’s.  That means some of the SM’s were not able to request an
> upload timeslot, which means whatever they’re wanting to upload is waiting
> for at least another frame.  If it’s realtime traffic (VOIP) then the delay
> might matter.
>
>
>
> I’ll pass the conch to whoever wants to argue for lower control slots, but
> I made my choice and I’m sticking to it.
>
>
>
>
>
> *From:* dmmoff...@gmail.com 
> *Sent:* Wednesday, May 04, 2022 10:34 AM
> *To:* 'AnimalFarm Microwave Users Group' 
> *Subject:* RE: [AFMUG] Cambium Timing
>
>
>
>1. Some AP’s have few SM’s, some have many SM’s.  I need timing to
>match either way.
>2. Contention over control slots could cause jitter.  I don’t want
>jitter, and there’s not that much cost to having a few more control
>slots….see point 3.
>3. There’s only a 4% difference between 1 control slot and 8 control
>slots.  If you want to fight for that 4% then go for it, but channel size
>and frame size are the battles I really want to win.
>
>
>
>
>
>
>
>
>
> *From:* AF  *On Behalf Of *Carl Peterson
> *Sent:* Wednesday, May 04, 2022 10:24 AM
> *To:* AnimalFarm Microwave Users Group 
> *Subject:* Re: [AFMUG] Cambium Timing
>
>
>
> Why 8 control slots?  Cambium recommends starting with 8 for over 150 subs
> per sector which seems like an insane number of subs on anything but M.
>
>
>
> On Wed, May 4, 2022 at 9:15 AM  wrote:
>
> In case it’s not obvious, the 5mhz “receive start” happens before the
> 30mhz “transmit end”.  So the 30mhz AP is going to cause uplink
> interference on the 5mhz AP…..assuming there’s channel overlap.
>
>
>
>
>
> *From:* dmmoff...@gmail.com 
> *Sent:* Wednesday, May 04, 2022 10:10 AM
> *To:* 'AnimalFarm Microwave Users Group' 
> *Subject:* RE: [AFMUG] Cambium Timing
>
>
>
> I don’t know specifically how.
>
>
>
> But here’s frame calculator result for 30mhz, 75%, 10 miles, 8 control
> slots:
> AP Antenna Transmit End : *34161, 3.416176 ms*
> AP Antenna Receive Start : *36530, 3.653073 ms*
> AP Antenna Receive End : 49175
>
>
>
> Now same at 5mhz:
>
> AP Antenna Transmit End : *27916, 2.791688 ms*
> AP Antenna Receive Start : *30551, 3.055120 ms*
> AP Antenna Receive End : 49104
>
>
>
> Not even close to a match.  If you haven’t been adjusting for channel size
> you’d better double check yours.
>
>
>
>
>
> *From:* AF  *On Behalf Of *castarritt
> *Sent:* Wednesday, May 04, 2022 10:04 AM
> *To:* AnimalFarm Microwave Users Group 
> *Subject:* Re: [AFMUG] Cambium Timing
>
>
>
> How does channel width affect timing?
>
>
>
> On Wed, May 4, 2022 at 7:39 AM  wrote:
>
> Yes, those all match.  The new challenge is comparing different channel
> sizes.
>
>
>
>
>
> *From:* AF  *On Behalf Of *Carl Peterson
> *Sent:* Tuesday, May 03, 2022 11:14 AM
> *To:* AnimalFarm Microwave Users Group 
> *Subject:* [AFMUG] Cambium Timing
>
>
>
> We still have our cambium network timed as if it were collocated with
> legacy 100 gear but the 100 gear is long gone so I'm looking to re-time
> everything.
>
>
>
> Not finding colocation info about 450M, 450, 450i.  Is timing all the same
> on them?  Seems to be but I haven't done this in over a decade.
>
>
>
>
>
> --
> AF mailing list
> AF@af.afmug.com
> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
>
> --
> AF mailing list
> AF@af.afmug.com
> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
>
>
>
>
> --
>
> Carl Peterson
>
> *PORT NETWORKS*
>
> 401 E Pratt St, Ste 2553
>
> Baltimore, MD 21202
>
> (410) 637-3707
> --
> AF mailing list
> AF@af.afmug.com
> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
>


-- 

Carl Peterson

*PORT NETWORKS*

401 E Pratt St, Ste 2553

Baltimore, MD 21202

(410) 637-3707
-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

[AFMUG] Weird IP issue

[Christopher Tyler]

We have one of the new Mikrotik CCR2216-1G-12XS-2XQ routers running RouterOS 
7.2.1 with a Mikrotik switch (running 6.44.3) hanging off of it. I have two 
servers on that switch both in the the same public IP block. I can ping both 
servers from the router, and they can ping each other. One server is globally 
reachable and the other is not reachable other than from the router or switch 
itself. I plugged in my laptop and assigned it an IP in that same range and 
cannot reach it extrenally either. The router is using OSPF and I can see the 
route for that IP block from both sides of the router, but traceroutes/pings to 
anything other than the server that is working stop at the router. No vlans or 
special configuration between the router and the switch, just basic IP, all 
ports on the switch are bridged. Forwarded ports (dstnat) don't appear to work 
from the router either.

I'm stumped, so I figured I would ask if anyone else has seen anything like 
this and have a solution, or am I looking at a possible RouterOS 7 issue?

-- 
Christopher Tyler
Senior Network Engineer
MTCRE/MTCNA/MTCTCE/MTCWE

Total Highspeed Internet Solutions
1091 W. Kathryn Street
Nixa, MO 65714
(417) 851-1107 x. 9002
www.totalhighspeed.com

This institution is an equal opportunity provider and employer.
Esta institución es un proveedor de servicios con igualdad de oportunidades.

-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

[AFMUG] UniFi migrate to cloud key

[dmmoffett]

If a unifi network is already managed in a unifi server and then someone
comes along and plugs in a cloud key on the LAN, can you then just adopt all
the stuff into the cloud key?  Or do you have to "forget" them on the server
first?

 

-Adam

 

-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Cambium Timing

[dmmoffett]

The value to watch for that is Ctl Req Success.  OID 
1.3.6.1.4.1.161.19.3.1.12.1.19.0

Even with 8 control slots I see that fall to 70% or so at peak times on the 
busier AP’s.  That means some of the SM’s were not able to request an upload 
timeslot, which means whatever they’re wanting to upload is waiting for at 
least another frame.  If it’s realtime traffic (VOIP) then the delay might 
matter.

 

I’ll pass the conch to whoever wants to argue for lower control slots, but I 
made my choice and I’m sticking to it.

 

 

From: dmmoff...@gmail.com  
Sent: Wednesday, May 04, 2022 10:34 AM
To: 'AnimalFarm Microwave Users Group' 
Subject: RE: [AFMUG] Cambium Timing

 

1.  Some AP’s have few SM’s, some have many SM’s.  I need timing to match 
either way.
2.  Contention over control slots could cause jitter.  I don’t want jitter, 
and there’s not that much cost to having a few more control slots….see point 3.
3.  There’s only a 4% difference between 1 control slot and 8 control 
slots.  If you want to fight for that 4% then go for it, but channel size and 
frame size are the battles I really want to win.

 

 

 

 

From: AF mailto:af-boun...@af.afmug.com> > On Behalf 
Of Carl Peterson
Sent: Wednesday, May 04, 2022 10:24 AM
To: AnimalFarm Microwave Users Group mailto:af@af.afmug.com> >
Subject: Re: [AFMUG] Cambium Timing

 

Why 8 control slots?  Cambium recommends starting with 8 for over 150 subs per 
sector which seems like an insane number of subs on anything but M.  

 

On Wed, May 4, 2022 at 9:15 AM mailto:dmmoff...@gmail.com> > wrote:

In case it’s not obvious, the 5mhz “receive start” happens before the 30mhz 
“transmit end”.  So the 30mhz AP is going to cause uplink interference on the 
5mhz AP…..assuming there’s channel overlap.

 

 

From: dmmoff...@gmail.com   mailto:dmmoff...@gmail.com> > 
Sent: Wednesday, May 04, 2022 10:10 AM
To: 'AnimalFarm Microwave Users Group' mailto:af@af.afmug.com> >
Subject: RE: [AFMUG] Cambium Timing

 

I don’t know specifically how.

 

But here’s frame calculator result for 30mhz, 75%, 10 miles, 8 control slots:
AP Antenna Transmit End : 34161, 3.416176 ms
AP Antenna Receive Start : 36530, 3.653073 ms
AP Antenna Receive End : 49175

 

Now same at 5mhz:

AP Antenna Transmit End : 27916, 2.791688 ms
AP Antenna Receive Start : 30551, 3.055120 ms
AP Antenna Receive End : 49104

 

Not even close to a match.  If you haven’t been adjusting for channel size 
you’d better double check yours.

 

 

From: AF mailto:af-boun...@af.afmug.com> > On Behalf 
Of castarritt
Sent: Wednesday, May 04, 2022 10:04 AM
To: AnimalFarm Microwave Users Group mailto:af@af.afmug.com> >
Subject: Re: [AFMUG] Cambium Timing

 

How does channel width affect timing?

 

On Wed, May 4, 2022 at 7:39 AM mailto:dmmoff...@gmail.com> > wrote:

Yes, those all match.  The new challenge is comparing different channel sizes.  

 

 

From: AF mailto:af-boun...@af.afmug.com> > On Behalf 
Of Carl Peterson
Sent: Tuesday, May 03, 2022 11:14 AM
To: AnimalFarm Microwave Users Group mailto:af@af.afmug.com> >
Subject: [AFMUG] Cambium Timing

 

We still have our cambium network timed as if it were collocated with legacy 
100 gear but the 100 gear is long gone so I'm looking to re-time everything. 

 

Not finding colocation info about 450M, 450, 450i.  Is timing all the same on 
them?  Seems to be but I haven't done this in over a decade.  


 

 

-- 
AF mailing list
AF@af.afmug.com  
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

-- 
AF mailing list
AF@af.afmug.com  
http://af.afmug.com/mailman/listinfo/af_af.afmug.com




 

-- 

Carl Peterson

PORT NETWORKS

401 E Pratt St, Ste 2553

Baltimore, MD 21202

(410) 637-3707 

-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Cambium Timing

[dmmoffett]

1.  Some AP’s have few SM’s, some have many SM’s.  I need timing to match 
either way.
2.  Contention over control slots could cause jitter.  I don’t want jitter, 
and there’s not that much cost to having a few more control slots….see point 3.
3.  There’s only a 4% difference between 1 control slot and 8 control 
slots.  If you want to fight for that 4% then go for it, but channel size and 
frame size are the battles I really want to win.

 

 

 

From: AF  On Behalf Of Carl Peterson
Sent: Wednesday, May 04, 2022 10:24 AM
To: AnimalFarm Microwave Users Group 
Subject: Re: [AFMUG] Cambium Timing

 

Why 8 control slots?  Cambium recommends starting with 8 for over 150 subs per 
sector which seems like an insane number of subs on anything but M.  

 

On Wed, May 4, 2022 at 9:15 AM mailto:dmmoff...@gmail.com> > wrote:

In case it’s not obvious, the 5mhz “receive start” happens before the 30mhz 
“transmit end”.  So the 30mhz AP is going to cause uplink interference on the 
5mhz AP…..assuming there’s channel overlap.

 

 

From: dmmoff...@gmail.com    
Sent: Wednesday, May 04, 2022 10:10 AM
To: 'AnimalFarm Microwave Users Group' mailto:af@af.afmug.com> >
Subject: RE: [AFMUG] Cambium Timing

 

I don’t know specifically how.

 

But here’s frame calculator result for 30mhz, 75%, 10 miles, 8 control slots:
AP Antenna Transmit End : 34161, 3.416176 ms
AP Antenna Receive Start : 36530, 3.653073 ms
AP Antenna Receive End : 49175

 

Now same at 5mhz:

AP Antenna Transmit End : 27916, 2.791688 ms
AP Antenna Receive Start : 30551, 3.055120 ms
AP Antenna Receive End : 49104

 

Not even close to a match.  If you haven’t been adjusting for channel size 
you’d better double check yours.

 

 

From: AF mailto:af-boun...@af.afmug.com> > On Behalf 
Of castarritt
Sent: Wednesday, May 04, 2022 10:04 AM
To: AnimalFarm Microwave Users Group mailto:af@af.afmug.com> >
Subject: Re: [AFMUG] Cambium Timing

 

How does channel width affect timing?

 

On Wed, May 4, 2022 at 7:39 AM mailto:dmmoff...@gmail.com> > wrote:

Yes, those all match.  The new challenge is comparing different channel sizes.  

 

 

From: AF mailto:af-boun...@af.afmug.com> > On Behalf 
Of Carl Peterson
Sent: Tuesday, May 03, 2022 11:14 AM
To: AnimalFarm Microwave Users Group mailto:af@af.afmug.com> >
Subject: [AFMUG] Cambium Timing

 

We still have our cambium network timed as if it were collocated with legacy 
100 gear but the 100 gear is long gone so I'm looking to re-time everything. 

 

Not finding colocation info about 450M, 450, 450i.  Is timing all the same on 
them?  Seems to be but I haven't done this in over a decade.  


 

 

-- 
AF mailing list
AF@af.afmug.com  
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

-- 
AF mailing list
AF@af.afmug.com  
http://af.afmug.com/mailman/listinfo/af_af.afmug.com




 

-- 

Carl Peterson

PORT NETWORKS

401 E Pratt St, Ste 2553

Baltimore, MD 21202

(410) 637-3707 

-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Cambium Timing

[Carl Peterson]

Why 8 control slots?  Cambium recommends starting with 8 for over 150 subs
per sector which seems like an insane number of subs on anything but M.

On Wed, May 4, 2022 at 9:15 AM  wrote:

> In case it’s not obvious, the 5mhz “receive start” happens before the
> 30mhz “transmit end”.  So the 30mhz AP is going to cause uplink
> interference on the 5mhz AP…..assuming there’s channel overlap.
>
>
>
>
>
> *From:* dmmoff...@gmail.com 
> *Sent:* Wednesday, May 04, 2022 10:10 AM
> *To:* 'AnimalFarm Microwave Users Group' 
> *Subject:* RE: [AFMUG] Cambium Timing
>
>
>
> I don’t know specifically how.
>
>
>
> But here’s frame calculator result for 30mhz, 75%, 10 miles, 8 control
> slots:
> AP Antenna Transmit End : *34161, 3.416176 ms*
> AP Antenna Receive Start : *36530, 3.653073 ms*
> AP Antenna Receive End : 49175
>
>
>
> Now same at 5mhz:
>
> AP Antenna Transmit End : *27916, 2.791688 ms*
> AP Antenna Receive Start : *30551, 3.055120 ms*
> AP Antenna Receive End : 49104
>
>
>
> Not even close to a match.  If you haven’t been adjusting for channel size
> you’d better double check yours.
>
>
>
>
>
> *From:* AF  *On Behalf Of *castarritt
> *Sent:* Wednesday, May 04, 2022 10:04 AM
> *To:* AnimalFarm Microwave Users Group 
> *Subject:* Re: [AFMUG] Cambium Timing
>
>
>
> How does channel width affect timing?
>
>
>
> On Wed, May 4, 2022 at 7:39 AM  wrote:
>
> Yes, those all match.  The new challenge is comparing different channel
> sizes.
>
>
>
>
>
> *From:* AF  *On Behalf Of *Carl Peterson
> *Sent:* Tuesday, May 03, 2022 11:14 AM
> *To:* AnimalFarm Microwave Users Group 
> *Subject:* [AFMUG] Cambium Timing
>
>
>
> We still have our cambium network timed as if it were collocated with
> legacy 100 gear but the 100 gear is long gone so I'm looking to re-time
> everything.
>
>
>
> Not finding colocation info about 450M, 450, 450i.  Is timing all the same
> on them?  Seems to be but I haven't done this in over a decade.
>
>
>
>
>
> --
> AF mailing list
> AF@af.afmug.com
> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
>
> --
> AF mailing list
> AF@af.afmug.com
> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
>


-- 

Carl Peterson

*PORT NETWORKS*

401 E Pratt St, Ste 2553

Baltimore, MD 21202

(410) 637-3707
-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Cambium Timing

[dmmoffett]

In case it’s not obvious, the 5mhz “receive start” happens before the 30mhz 
“transmit end”.  So the 30mhz AP is going to cause uplink interference on the 
5mhz AP…..assuming there’s channel overlap.

 

 

From: dmmoff...@gmail.com  
Sent: Wednesday, May 04, 2022 10:10 AM
To: 'AnimalFarm Microwave Users Group' 
Subject: RE: [AFMUG] Cambium Timing

 

I don’t know specifically how.

 

But here’s frame calculator result for 30mhz, 75%, 10 miles, 8 control slots:
AP Antenna Transmit End : 34161, 3.416176 ms
AP Antenna Receive Start : 36530, 3.653073 ms
AP Antenna Receive End : 49175

 

Now same at 5mhz:

AP Antenna Transmit End : 27916, 2.791688 ms
AP Antenna Receive Start : 30551, 3.055120 ms
AP Antenna Receive End : 49104

 

Not even close to a match.  If you haven’t been adjusting for channel size 
you’d better double check yours.

 

 

From: AF mailto:af-boun...@af.afmug.com> > On Behalf 
Of castarritt
Sent: Wednesday, May 04, 2022 10:04 AM
To: AnimalFarm Microwave Users Group mailto:af@af.afmug.com> >
Subject: Re: [AFMUG] Cambium Timing

 

How does channel width affect timing?

 

On Wed, May 4, 2022 at 7:39 AM mailto:dmmoff...@gmail.com> > wrote:

Yes, those all match.  The new challenge is comparing different channel sizes.  

 

 

From: AF mailto:af-boun...@af.afmug.com> > On Behalf 
Of Carl Peterson
Sent: Tuesday, May 03, 2022 11:14 AM
To: AnimalFarm Microwave Users Group mailto:af@af.afmug.com> >
Subject: [AFMUG] Cambium Timing

 

We still have our cambium network timed as if it were collocated with legacy 
100 gear but the 100 gear is long gone so I'm looking to re-time everything. 

 

Not finding colocation info about 450M, 450, 450i.  Is timing all the same on 
them?  Seems to be but I haven't done this in over a decade.  


 

 

-- 
AF mailing list
AF@af.afmug.com  
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Cambium Timing

[dmmoffett]

I don’t know specifically how.

 

But here’s frame calculator result for 30mhz, 75%, 10 miles, 8 control slots:
AP Antenna Transmit End : 34161, 3.416176 ms
AP Antenna Receive Start : 36530, 3.653073 ms
AP Antenna Receive End : 49175

 

Now same at 5mhz:

AP Antenna Transmit End : 27916, 2.791688 ms
AP Antenna Receive Start : 30551, 3.055120 ms
AP Antenna Receive End : 49104

 

Not even close to a match.  If you haven’t been adjusting for channel size 
you’d better double check yours.

 

 

From: AF  On Behalf Of castarritt
Sent: Wednesday, May 04, 2022 10:04 AM
To: AnimalFarm Microwave Users Group 
Subject: Re: [AFMUG] Cambium Timing

 

How does channel width affect timing?

 

On Wed, May 4, 2022 at 7:39 AM mailto:dmmoff...@gmail.com> > wrote:

Yes, those all match.  The new challenge is comparing different channel sizes.  

 

 

From: AF mailto:af-boun...@af.afmug.com> > On Behalf 
Of Carl Peterson
Sent: Tuesday, May 03, 2022 11:14 AM
To: AnimalFarm Microwave Users Group mailto:af@af.afmug.com> >
Subject: [AFMUG] Cambium Timing

 

We still have our cambium network timed as if it were collocated with legacy 
100 gear but the 100 gear is long gone so I'm looking to re-time everything. 

 

Not finding colocation info about 450M, 450, 450i.  Is timing all the same on 
them?  Seems to be but I haven't done this in over a decade.  


 

 

-- 
AF mailing list
AF@af.afmug.com  
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Cambium Timing

[castarritt]

How does channel width affect timing?

On Wed, May 4, 2022 at 7:39 AM  wrote:

> Yes, those all match.  The new challenge is comparing different channel
> sizes.
>
>
>
>
>
> *From:* AF  *On Behalf Of *Carl Peterson
> *Sent:* Tuesday, May 03, 2022 11:14 AM
> *To:* AnimalFarm Microwave Users Group 
> *Subject:* [AFMUG] Cambium Timing
>
>
>
> We still have our cambium network timed as if it were collocated with
> legacy 100 gear but the 100 gear is long gone so I'm looking to re-time
> everything.
>
>
>
> Not finding colocation info about 450M, 450, 450i.  Is timing all the same
> on them?  Seems to be but I haven't done this in over a decade.
>
>
>
>
> --
> AF mailing list
> AF@af.afmug.com
> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
>
-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

Re: [AFMUG] Cambium Timing

[dmmoffett]

Yes, those all match.  The new challenge is comparing different channel sizes.  

 

 

From: AF  On Behalf Of Carl Peterson
Sent: Tuesday, May 03, 2022 11:14 AM
To: AnimalFarm Microwave Users Group 
Subject: [AFMUG] Cambium Timing

 

We still have our cambium network timed as if it were collocated with legacy 
100 gear but the 100 gear is long gone so I'm looking to re-time everything. 

 

Not finding colocation info about 450M, 450, 450i.  Is timing all the same on 
them?  Seems to be but I haven't done this in over a decade.  


 

 

-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com