Re: [MT-AU Public] Public Digest, Vol 1, Issue 4
I was thinking the same thing on the CRS' Andrew...at least feature wise. I'm fine with a low power CPU as long as it has basic features like DHCP snooping and dynamic ARP inspection. Honestly these are basic industry standard features for switches. Perhaps something like openTRILL in place of STP. I see the new SFP+ models as pretty good options for the server environment where those features aren't required. I'm sure they will make great media converters, though :) Greg On Thu, Mar 27, 2014 at 8:00 PM, <public-request@talk.mikrotik.com.au>wrote:
Send Public mailing list submissions to public@talk.mikrotik.com.au
To subscribe or unsubscribe via the World Wide Web, visit
http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
or, via email, send a message with subject or body 'help' to public-request@talk.mikrotik.com.au
You can reach the person managing the list at public-owner@talk.mikrotik.com.au
When replying, please edit your Subject line so it is more specific than "Re: Contents of Public digest..."
Today's Topics:
1. 'null' value of firewall filter attribute (Mike Everest) 2. Re: 'null' value of firewall filter attribute (Mike Everest) 3. Re: Thoughts on new CRS226-24G-2S+IN? (Mike Everest)
----------------------------------------------------------------------
Message: 1 Date: Thu, 27 Mar 2014 19:28:09 +1100 From: "Mike Everest" <mike@duxtel.com> To: <public@talk.mikrotik.com.au>, <members@talk.mikrotik.com.au> Subject: [MT-AU Public] 'null' value of firewall filter attribute Message-ID: <0adf01cf4996$7c66d5f0$753481d0$@duxtel.com> Content-Type: text/plain; charset="us-ascii"
Hi Folks,
I've been doing some work using API for various remote/centralised configuration push applications, and I've come across a surprising problem.
Surprising only because I never realised that I didn't know how to do it until I decided to try! :-D
Think winbox - we can enter a value against some firewall filter attribute, say 'src-port' for example, and then if we decide we don't want it any more, we can click that little 'up arrow' to null the value for that variable. We can see the difference when using ip firewall filter print:
With dst-port specified
1 ;;; test1
chain=input action=accept protocol=tcp src-address=1.2.3.0/24
dst-address=0.0.0.0/0 dst-port=25
After 'nulling' that dst-port value
1 ;;; test1
chain=input action=accept protocol=tcp src-address=1.2.3.0/24
dst-address=0.0.0.0/0
My question is how to do that in shell? I'm baffled! :-}
Regards, Mike Everest
www.duxtel.com.au
____________________________________________________________________________ ___
Wholesale Distributor for MikroTik and RouterBoard in Australia and Pacific Region
ISP and WISP Solutions - Hardware, Software, Training, Engineering and Support
All things MikroTik - <http://shop.duxtel.com.au/> http://shop.duxtel.com.au
____________________________________________________________________________ ___
Follow our tweets for news and updates: http://twitter.com/duxtel
------------------------------
Message: 2 Date: Thu, 27 Mar 2014 19:31:00 +1100 From: "Mike Everest" <mike@duxtel.com> To: "'MikroTik Australia Public List'" <public@talk.mikrotik.com.au>, <members@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] 'null' value of firewall filter attribute Message-ID: <0ae401cf4996$e25643a0$a702cae0$@duxtel.com> Content-Type: text/plain; charset="us-ascii"
Duh, there it is!
/ip firewall filter unset 1 dst-port
I spoke too soon.
(or is it 'asked to soon' ;-)
Cheers!
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Mike Everest Sent: Thursday, 27 March 2014 7:28 PM To: public@talk.mikrotik.com.au; members@talk.mikrotik.com.au Subject: [MT-AU Public] 'null' value of firewall filter attribute
Hi Folks,
I've been doing some work using API for various remote/centralised configuration push applications, and I've come across a surprising problem.
Surprising only because I never realised that I didn't know how to do it until I decided to try! :-D
Think winbox - we can enter a value against some firewall filter attribute, say 'src-port' for example, and then if we decide we don't want it any more, we can click that little 'up arrow' to null the value for that variable. We can see the difference when using ip firewall filter print:
With dst-port specified
1 ;;; test1
chain=input action=accept protocol=tcp src-address=1.2.3.0/24
dst-address=0.0.0.0/0 dst-port=25
After 'nulling' that dst-port value
1 ;;; test1
chain=input action=accept protocol=tcp src-address=1.2.3.0/24
dst-address=0.0.0.0/0
My question is how to do that in shell? I'm baffled! :-}
Regards, Mike Everest
www.duxtel.com.au
________________________________________________________________ ____________ ___
Wholesale Distributor for MikroTik and RouterBoard in Australia and Pacific Region
ISP and WISP Solutions - Hardware, Software, Training, Engineering and Support
All things MikroTik - <http://shop.duxtel.com.au/> http://shop.duxtel.com.au
________________________________________________________________ ____________ ___
Follow our tweets for news and updates: http://twitter.com/duxtel
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
------------------------------
Message: 3 Date: Fri, 28 Mar 2014 00:17:51 +1100 From: "Mike Everest" <mike@duxtel.com> To: "'MikroTik Australia Public List'" <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Thoughts on new CRS226-24G-2S+IN? Message-ID: <0b0401cf49be$f51e47d0$df5ad770$@duxtel.com> Content-Type: text/plain; charset="us-ascii"
{resending this one after discovering that I sent 'from' wrong email address :-}
Yes! The low CPU spec is a bit of a surprise to me too :-o
My guess is that they figured that as a switch, most of the forwarding is done by the switch chips and so powerful cpu is not important. Looking at typical load on other CRS switches in production at the moment, the routing capabilities are not used a great deal - just with one routed port as an internet gateway perhaps. In campus or enterprise switch application, cpu is probably doing little more than management tasks, so 400mhz is perfectly adequate ;-)
We have a few units already on order - hope to receive them by end of next week! :)
Cheers!
Mike.
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Andrew Lau Sent: Tuesday, 25 March 2014 8:08 PM To: Public@talk.mikrotik.com.au Subject: [MT-AU Public] Thoughts on new CRS226-24G-2S+IN?
Hi,
first non announcement post!
Has anyone seen the new CRS226-24G-2SplusIN http://routerboard.com/CRS226-24G-2SplusIN -- thoughts?
I'm working on a larger scale project that's was leaning towards a full Mikrotik environment but wasn't possible because of the missing SFP+ ports on the current CRS series. From initial view, this new CRS seems to be lacking in grunt although the newer CPU. Nor a rackmount case?
I have a two of the first CRS125s and they seem to be serving me well, although the software is still lacking a little..
I wonder how long till our local friends Duxtel will have stock :)
Andrew
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
------------------------------
Subject: Digest Footer
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
------------------------------
End of Public Digest, Vol 1, Issue 4 ************************************
-- GregSowell.com TheBrothersWISP.com
G'day!
environment where those features aren't required. I'm sure they will make great media converters, though :)
Speaking of media converters, I heard a story from a fellow who used a pair of 260GS switches as media converters for a pair of RB1100 in VRRP at each end of a private link - one fiber (using mikrotik DDM module) for each 260 switch, and two cables for each router. Result is a realtively neat and low cost duplication of all components. Of course if one of those fibres is broken, chances are that the other one will die too (i.e. accidentally dug-up bundle) but it's a neat way to use the resources at hand for a bit of extra security ;) Can't remember who it was, actually, was it someone on this list? :-) Cheers!
participants (2)
-
Greg Sowell
-
Mike Everest