Skip to content
May 13 / thebrotherswisp

TheBrothersWISP 68 – G.fast, Security Onion, Co-working spaces



This week Greg Dave from PennyTone choot the chit.

This cast we talk about:
Who is using G.fast; what are you using and how well did it work?
LibreNMS with Centos Brick. PHP conflict due to auto update
Security onion security collection
Flow collection / elastiflow with elasticstack and nfsen/ndfump(Nick B.), ntop(Tom S).
Co-working space, how would you configure it?
Mikrotik – layer 2 configuration difficulties

Help support us by becoming a patron! <==join our Slack team!
Keep contacting us: contactus (at) thebrotherswisp.com or https://facebook.com/thebrotherswisp

Here’s the video:(if you don’t see it, hit refresh)

Apr 29 / thebrotherswisp

TheBrothersWISP 67 – 10G unifi Gateway, New Mikrotik Hardware, 24Ghz Mimosa



This week Greg, Mike, and Tomas catchup for the first time in ages!

This cast we talk about:
New mimosa radio – was it 24Ghz?
Mikrotik MUM EU hardware
waplte
Unimus has blog/mass change pushes
10Gb unifi gateway
Cloudkey version 2 hits FCC
Mikrotik winbox port vulnerability from 6.29 to 6.42
xLEC Stuff FB Group – Mike’s Pimpin
Greg’s BGP full feed lab is live – go signup and getcha some
LHG60 hits FCC

Help support us by becoming a patron! <==join our Slack team!
Keep contacting us: contactus (at) thebrotherswisp.com or https://facebook.com/thebrotherswisp

Here’s the video:(if you don’t see it, hit refresh)

Apr 19 / Greg

Full Internet Routes/Full Internet Feeds For FREE!

If you are building a BGP lab to test/learn with, look no further, you can now get full feeds for your lab for free!

Visit the BGP Lab link at the top of the page, or click HERE.

See a demonstration of the system in action below!

Mikrotik MUM 2018 – Building A Better BGP Lab

Let me know if you have any questions or comments!

Apr 15 / thebrotherswisp

TheBrothersWISP66 – Mikrotik MUM 2018, wap60G, Mikrotik Hardware



This week Greg, Alex, Miller, and Tomas all sit down and talk on day one at the 2018 Baltimore MUM.

Thanks to our sponsor for this cast Sonar.Software. A simple yet feature rich customer billing platform.

This cast we talk about:
Some of the new CRS devices
wAP60G tweaks
Mikrotik Hardware

Help support us by becoming a patron! <==join our Slack team!
Keep contacting us: contactus (at) thebrotherswisp.com or https://facebook.com/thebrotherswisp

Here’s the video:(if you don’t see it, hit refresh)

Mar 29 / Greg

Pre Mikrotik RouterOS v6.38.5 Exploit In The Wild

Mikrotik released the following information:

Hello,

It has come to our attention that a rogue botnet is currently scanning random public IP addresses to find open Winbox (8291) and WWW (80) ports, to exploit a vulnerability in the RouterOS www server that was patched more than a year ago (in RouterOS v6.38.5, march 2017).

Since all RouterOS devices offer free upgrades with just two clicks, we urge you to upgrade your devices with the “Check for updates” button, if you haven’t done so within the last year.

More information can be found here: https://forum.mikrotik.com/viewtopic.php?f=21&t=132499

Best regards,
MikroTik

I’ve got confirmation from users that they currently have routers in the wild being exploited! I’m told the only fix for these routers is to immediately update the firmware. In the meantime block port 80(web) and 8291(winbox) to your customer routers.

Greg

Mar 5 / Greg

Mikrotik CRS328-24P-4S+RM – 24 Port PoE Switch

It looks like the CRS328 is about to be a thing, and I was looking at where it fits in.

Switching Features

• Non-blocking Layer 2 switching capacity
• 16K host table
• IEEE 802.1Q VLAN
• Supports up to 4K simultaneous VLANs
• Port isolation
• Port security
• Broadcast storm control
• Port mirroring of ingress/egress traffic
• STP / RSTP / MSTP
• Access Control List
• MikroTik neighbor discovery
• SNMP
• 10218-byte jumbo frames support
• IGMP snooping
• IEEE 802.3ad and static link aggregation

Quick Specs

• 24 Gigabit Ethernet ports
• 4 SFP+ ports
• RJ45 serial console port
• Non-Blocking throughput: 64 Gbps
• Switching capacity: 128 Gbps
• Forwarding rate: 95.2 Mpps
• Maximum power consumption: 44 W (without PoE
devices connected)
• Supports PoE+ IEEE 802.3at/af and 26 V
Passive PoE (per port individually selected/auto)
• Temperature based fan control
• 1U rackmount
• Selectable power output per port (26 / 48 V)

This switch has an ARM32 CPU, and the hardware incorporates a lot of interesting features that can be thrown into hardware…once it is integrated into ROS. I say ROS, it has SWOS support, but nobody likes or uses SWOS.

Here’s a typical MDU setup; many APs going into a switch. This switch can terminate AF/AT compliant devices as well as standard passive PoE devices. Prior to this switch coming out I would be looking at something like the Ubiquiti EdgeSwitch 24(EdgeSwitch ES-24-250W).

They both support port security(mac limiting), storm control(limit broadcast/multicast storms), and I believe DHCP snooping(prevent rogue DHCP servers). The CRS has SFP+ ports while the ES only has SFP ports, so this gives it an advantage there. Price wise the CRS will sell for around $379 and the ES24 sells for around $400, so there’s a slight cost savings from the CRS.

I don’t believe either does dynamic ARP inspection(ensuring that clients can’t spoof addresses), but I can always hold out hope.

While the CRS is new(I can’t yet order one), it seems to have a bit of an edge for my scenarios(MDU environment)…especially as they begin to unlock some of those hardware features.

What say you…interested in giving it a go?

Mar 4 / thebrotherswisp

TheBrothersWISP 65 – OpenVPN, Siklu 10Gb, VAR’s Design



This week Greg, Mike, Wilson, Miller, and Tomas discuss the chick pea, it’s neither a chick, nor a pea.

This cast we talk about:
chinog in may
Wispamerica very soon
OpenVPN isn’t so hard Mikey 😉
Unimus has some US MUM vouchers, so bother Tomas about it.
Siklu has 70/80Ghz 10Gb wireless link
Link Calculator
Greg’s VAR rant
Move your website to https
Network Collective: Episode 4 – The Impact Of Increasing Encrypted Traffic
CHALLEGE – do some form of home automation.

Help support us by becoming a patron! <==join our Slack team!
Keep contacting us: contactus (at) thebrotherswisp.com or https://facebook.com/thebrotherswisp

Click the link below to view the article!