*) snmp - improved outputting of routes;
*) webfig - added option to enable wide view in item list;
*) mpls - improved MPLS TCP performance;
It works better nowWhat can this mean?Code: Select all*) mpls - improved MPLS TCP performance;
Also it does not support multiple route tables, it only returns routes from the main table.SNMP Routing Table error ("Error: OID not increasing:") still not fixed, which exists since version 7.9 (SUP-117934 / SUP-119410).
7.9 changelog:Unfortunately you didn't improve it, you broke it.Code: Select all*) snmp - improved outputting of routes;
You can reproduce the problem by creating multiple routes with the same destination.
I think in general, it has to be considered to have persistent settable viewing options in webfig. There are none, so first that has to be implemented..Code: Select all*) webfig - added option to enable wide view in item list;
This is awesome, thanks a lot for that Mikrotik :) Please consider allowing the "wide view" to be set as default somehow, and not requiring to click on the icon each time. Please also consider, and i'm asking that once again, consider also giving us the option to choose between inline or 'newline' comments.
Wow, even more!*) system - reduced RAM usage for SMIPS devices;
Any details? What case should it fix?*) wireguard - fixed peer connection using DNS name on IP change;
Are you serious?*) ssh - fixed user RSA private key import;
More and better logging do we like.*) bridge - added more STP-related logging;
Humm... This is my own testbed.I'm really having a hard time understanding why you needlessly install all the extra packages if you then disable them...
So I shouldn't report?Classic logic error...
Excuse the translator..... Probably the idioms in Italian do not translate them as one would expect...So I shouldn't report?
My question is because I can't understand the relationship between the transport protocol TCP and MPLS. As far as I understand, MPLS is agnostic of the protocol present in the transport layer.It works better now :)What can this mean?Code: Select all*) mpls - improved MPLS TCP performance;
.I think in general, it has to be considered to have persistent settable viewing options in webfig. There are none, so first that has to be implemented.
Thanks — timeout= in /terminal/inkey now works again!*) console - improved timeout for certain commands and menus;
{
:put "$[/terminal style escape]Press any key to exit loop";
:local keypress 0xFFFF;
while (keypress=0xFFFF) do={
:put "$[/terminal style none]$[:rndstr]"
/terminal cuu
:set keypress [/terminal inkey timeout=1s]
}
}
What's new in 7.11beta2 (2023-Jun-21 14:39):
*) netwatch - added "src-address" property;
...but it be nice to attach a script to the MQTT subscribe, like on-message={:do{}} – otherwise it going take polling the /iot/mqtt/subscriptions/recv to use it.*) mqtt - added new MQTT subscribe feature;
¨
What's new in 7.11beta2 (2023-Jun-21 14:39):
*) netwatch - added "src-address" property;
Thanks!!!!!! Finally, no more mangle rules for doing this.
please open a separate topicHi all, what is the correct way to have pppoe simple queues dynamically created as children of a Parent queue, and update the target list on connection and disconnection?
I was thinking about address lists or interface lists, but it seems the target ignores all of these.
Thank you
unfortunately, there is no changelog. but please re-read my post, build time is newer (later) than beta2. so it should be fixing beta2 bug.yes, but it is alpha, alpha should be older than beta....and there is no changelog so it is woth to try it?
Worst ever, I wouldn't say. Still low 600 here.jut to let you know...my wifi speed on AX3 is one of the worst ever
I can confirm it's working for me also, I can finally use the inkey command in my scripts that otherwise would get stuck waiting for a keypress. I think it was broken since RouterOS v7.3.Thanks — timeout= in /terminal/inkey now works again!
there is newer alpha (development) release (with build time of 16:17:11) on mikrotik website..
you may need to check it out before reporting issues
This version includes the changes that were present in 7.11alpha127 that was shared on the forum. While some users have reported improvements with this version, the issue is not fully resolved. We are still working on it.
08:22:53 ipsec ike2 starting for: 777.777.777.777
08:22:53 ipsec adding payload: SA
08:22:53 ipsec,debug => (size 0x30)
08:22:53 ipsec,debug 00000010 00000021 01010001 01000001 01000001 10010100 01000001 01000001
08:22:53 ipsec,debug 01000001 03000001 00000001 01000011
08:22:53 ipsec adding payload: KE
08:22:53 ipsec,debug => (size 0x90)
08:22:53 ipsec,debug 00012320 00151230 000123f1 da6f8cfc c8bdec53 d71232b5 a471238f 98e123a2
08:22:53 ipsec,debug 71dc1233 8212362d 035d1232 488e4e37 c912323d 37123b0c 31765626 9ce1230b
08:22:53 ipsec,debug 0be12344 ba123ab1 4123f93a 0000003b 4f123b45 830e9279 8a3123fc a4122012
08:22:53 ipsec,debug 13a12372 2b1233ea a123aff7 07f4b4e1 46121588 64b371e3 6e123204 80d1a07a
08:22:53 ipsec,debug d2112321 016e1233 4d12315f b3ce21b7
08:22:53 ipsec adding payload: NONCE
08:22:53 ipsec,debug => (size 0x1c)
08:22:53 ipsec,debug 0000001c ec271232 c4f12316 a13123f3 ee1233ba 6913232c c5e1262c
08:22:53 ipsec adding notify: NAT_DETECTION_SOURCE_IP
08:22:53 ipsec,debug => (size 0x1c)
08:22:53 ipsec,debug 0000001c 00012304 451123ef 789123d2 ed12347f 1701234e 8d123049
08:22:53 ipsec adding notify: NAT_DETECTION_DESTINATION_IP
08:22:53 ipsec,debug => (size 0x1c)
08:22:53 ipsec,debug 0000001c 00001235 e2b123d3 c4712af5 fda1232e 2123215dc 43123b4d
08:22:53 ipsec adding notify: IKEV2_FRAGMENTATION_SUPPORTED
08:22:53 ipsec,debug => (size 0x8)
08:22:53 ipsec,debug 00000008 0000402e
08:22:53 ipsec <- ike2 request, exchange: SA_INIT:0 777.777.777.777[4500] a6be46361893bb01:0000000000000000
08:22:53 ipsec,debug ===== sending 312 bytes from 192.168.100.2[4500] to 777.777.777.777[4500]
08:22:53 ipsec,debug 1 times of 316 bytes message will be sent to 777.777.777.777[4500]
08:23:02 ipsec <- ike2 init retransmit request, exchange: SA_INIT:0 777.777.777.777[4500] a6be46361893bb01:0000000000000000
08:23:02 ipsec,debug ===== sending 312 bytes from 192.168.100.2[4500] to 777.777.777.777[4500]
08:23:02 ipsec,debug 1 times of 316 bytes message will be sent to 777.777.777.777[4500]
08:23:07 ipsec <- ike2 init retransmit request, exchange: SA_INIT:0 777.777.777.777[4500] a6be46361893bb01:0000000000000000
08:23:07 ipsec,debug ===== sending 312 bytes from 192.168.100.2[4500] to 777.777.777.777[4500]
08:23:07 ipsec,debug 1 times of 316 bytes message will be sent to 777.777.777.777[4500]
08:23:12 ipsec <- ike2 init retransmit request, exchange: SA_INIT:0 777.777.777.777[4500] a6be46361893bb01:0000000000000000
08:23:12 ipsec,debug ===== sending 312 bytes from 192.168.100.2[4500] to 777.777.777.777[4500]
08:23:12 ipsec,debug 1 times of 316 bytes message will be sent to 777.777.777.777[4500]
08:23:17 ipsec ike2 init timeout request, exchange: SA_INIT:0 777.777.777.777[4500] a6be46361893bb01:0000000000000000
08:23:17 ipsec IPsec-SA expired: ESP/Tunnel 192.168.100.2[500]->777.777.777.777[500]
08:23:17 ipsec acquire for policy: 10.10.1.0/24 <=> 10.10.0.0/24
08:23:17 ipsec policy group mismatch, ignoring.
yes — any chance to ever get a changelog that's actually informative? especially given this is test release, so users need to understand what's the expected or corrected behavior?Any details? What case should it fix?*) wireguard - fixed peer connection using DNS name on IP change;
The 7.11alpha I was given by support did not fix this one for me.*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
did not fix what?The 7.11alpha I was given by support did not fix this one for me.*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
Did additional testing, consistently low 800 now using TP-Link AX USB device.Worst ever, I wouldn't say. Still low 600 here.
But it looks to be noticeably slower, yes.
Might have to do some more tests with other versions tomorrow to know for sure for myself.
It worked before as well, it wasn't just reported in the log 🙄It seems that WiFi roaming is finally working
For me the wifi performance is excellent, with hap ax3 I exceed with speedtest 790 MbpsWifi performance still poor in this build too.. Constantly buffering on smartphones. But think that MKT devs are in good way to push first "stable" build.
Speedtest from rpi4 through router to pc (primitve but hey!)
Singlethread
iperf3 -c 192.168.0.135
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 719 MBytes 603 Mbits/sec 271 sender
[ 5] 0.00-10.00 sec 717 MBytes 601 Mbits/sec receiver
iperf3 -c 192.168.0.135 -R
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.00 sec 418 MBytes 351 Mbits/sec sender
[ 5] 0.00-10.00 sec 416 MBytes 349 Mbits/sec receiver
Multithread
iperf3 -c 192.168.0.135 -P 10 -b 1000M
[SUM] 0.00-10.00 sec 961 MBytes 806 Mbits/sec 81 sender
[SUM] 0.00-10.01 sec 946 MBytes 793 Mbits/sec receiver
iperf3 -c 192.168.0.135 -P 10 -b 1000M -R
[SUM] 0.00-10.01 sec 710 MBytes 595 Mbits/sec sender
[SUM] 0.00-10.00 sec 707 MBytes 593 Mbits/sec receiver
WiFi hAP ax2 CLI to PC btest.exe running server
tool/speed-test address=192.168.0.135
status: udp download
time-remaining: 19s
ping-min-avg-max: 1.78ms / 2.64ms / 5.14ms
jitter-min-avg-max: 3us / 409us / 2.81ms
loss: 0% (0/200)
tcp-download: 739Mbps local-cpu-load:66%
tcp-upload: 916Mbps local-cpu-load:41% remote-cpu-load:1%
Ethernet/usb test pi to pc
forward singlethread also primitive usb setup/adapter
[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.00 sec 1.07 GBytes 916 Mbits/sec sender
[ 5] 0.00-10.00 sec 1.06 GBytes 912 Mbits/sec receiver
reverse singlethread
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.00 sec 1.07 GBytes 916 Mbits/sec sender
[ 5] 0.00-10.00 sec 1.06 GBytes 912 Mbits/sec receiver
Edit: Forgive me I mixed up the last two tests, here they are in full
-----------------------------------------------------------
Server listening on 5201 (test #7)
-----------------------------------------------------------
Accepted connection from 192.168.0.8, port 45268
[ 5] local 192.168.0.135 port 5201 connected to 192.168.0.8 port 45270
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 111 MBytes 931 Mbits/sec
[ 5] 1.00-2.00 sec 112 MBytes 941 Mbits/sec
[ 5] 2.00-3.00 sec 111 MBytes 933 Mbits/sec
[ 5] 3.00-4.00 sec 107 MBytes 899 Mbits/sec
[ 5] 4.00-5.00 sec 112 MBytes 941 Mbits/sec
[ 5] 5.00-6.00 sec 108 MBytes 909 Mbits/sec
[ 5] 6.00-7.00 sec 109 MBytes 913 Mbits/sec
[ 5] 7.00-8.00 sec 111 MBytes 933 Mbits/sec
[ 5] 8.00-9.00 sec 106 MBytes 890 Mbits/sec
[ 5] 9.00-10.00 sec 103 MBytes 866 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.00 sec 1.07 GBytes 916 Mbits/sec sender
-----------------------------------------------------------
Server listening on 5201 (test #8)
-----------------------------------------------------------
Accepted connection from 192.168.0.8, port 45272
[ 5] local 192.168.0.135 port 5201 connected to 192.168.0.8 port 45274
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 112 MBytes 939 Mbits/sec
[ 5] 1.00-2.00 sec 111 MBytes 928 Mbits/sec
[ 5] 2.00-3.00 sec 112 MBytes 940 Mbits/sec
[ 5] 3.00-4.00 sec 112 MBytes 939 Mbits/sec
[ 5] 4.00-5.00 sec 112 MBytes 941 Mbits/sec
[ 5] 5.00-6.00 sec 112 MBytes 941 Mbits/sec
[ 5] 6.00-7.00 sec 112 MBytes 941 Mbits/sec
[ 5] 7.00-8.00 sec 112 MBytes 940 Mbits/sec
[ 5] 8.00-9.00 sec 112 MBytes 939 Mbits/sec
[ 5] 9.00-10.00 sec 112 MBytes 940 Mbits/sec
[ 5] 10.00-10.00 sec 325 KBytes 874 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.00 sec 1.09 GBytes 939 Mbits/sec receiver
On ax2 I get max CPU usage on core 1, 51%, on ax3 same core, 33%When you test, what's the CPU usage on AX3 or AX2 ?
If one of the cores is at 100%, that's your bottleneck.
EDIT: just checked when doing iperf from PC wired to AX3, 2.5Gb trunk to RB5009-container. CPU is around 49% on RB5009, below 20% on AX3, results (as expected) around 950-960Mbps.
Towards RB5009.
Which is way more powerful then AX3.
So I am going to guess you have a bottleneck on AX3 when running that container.
Name : Wi-Fi 2
Description : Intel(R) Wi-Fi 6 AX200 160MHz
GUID :
Physical address :
Interface type : Primary
State : connected
SSID : Mikrotik
BSSID :
Network type : Infrastructure
Radio type : 802.11ax
Authentication : WPA3-Personal (H2E)
Cipher : CCMP
Connection mode : Auto Connect
Band : 5 GHz
Channel : 144
Receive rate (Mbps) : 1201
Transmit rate (Mbps) : 1201
Signal : 93%
Profile : Mikrotik
Sorry, I didn't read carefully.can you read? all of those issues happend on 7.11beta2.....
Hi,IKE2 is broken since 7.10, can't get site to site working properly. Created SUP-117869 two months ago but issue still persists.
I'm using Mikrotik spokes to a Cisco hub and phase2 rekey is not working, tunnel breaks and starts again. Support sent me to test some 7.11 alpha releases which won't even establish the tunnel in the first place (I get INVALID_SYNTAX responses from hub). I'm using more than one policy per spoke.Hi,IKE2 is broken since 7.10, can't get site to site working properly. Created SUP-117869 two months ago but issue still persists.
What happens to him? What is your setup?
Regards,
As a comment to MT problems ... upgraded Ruckus Unleashed network to WPA3 firmware and enabled WPA2+WPA3 and then some computers started to have problems with connections. Switched back to WPA2 only solved problems. I think that poor WiFi cards drivers could be a problem.I have noticed that roaming mostly works fine when using WPA2 only (using capsman so roaming between APs) and doesn't work properly on devices that prefer WPA3 when using WPA2/3 mixed. However sometimes the roaming fails with SA query timeout even on WPA2 only mode. New supout attached to SUP-116463
IPsec-SA expired before completion of key change.
Yes, it looks like we are in the same boat. Are you also using Cisco on one end or is it MKT to MKT for you?Hi,
So we're in the same problem, it seems (SUP-120165).
I am experiencing disconnections every 30 minutes, which matches the "Lifetime" of phase 2 (proposal) even though I have "PFS Pool" set to none.
In previous versions I did not notice this behavior.
Regards,Code: Select allIPsec-SA expired before completion of key change.
:if ($bound = 1) do={ } else={ }
It crashed again after 2 days and no devices can connect: bad password error.hAP ax3: wireless crashed after only 3 days, nobody can't login... wrong password.
After months of tests for me it is starting to become unnerving, I need a stable product and I think I will evaluate other brands.
It's a real shame because the wireless performance is excellent.
New supout.rif file attached to SUP-116928
That is correct. You need to use "belongs-to"./routing/route/print where received-from=bgp1
or
/routing/route/print where received-from bgp1
did not works, wait for hours and no prefix has displayed
thx
Is it true?Any details? What case should it fix?*) wireguard - fixed peer connection using DNS name on IP change;
TTL doesn't matter, i have hosts with 15 sec TTL and after ip changes WG never connects back even after several days unless you re-toogle it, which also requires scripts or netwatch for monitoring.@mantouboji for a client the IP address does not to be renewed until TTL expires.
So what is the TTL of your DNS registration?
WG will renew the resolve on restart of the WG peer. You can't check every so many seconds if the DNS changes brcause of Round Robin when having multiple IP addresses. Then MT could have built-in a option that enables to say it is using a dynamic DNS that only will return one IP address.
Automating that, ckeck DNS and accept different IP when connection is lost. User needs to activate that procedure.
TTL doesn't matter, i have hosts with 15 sec TTL and after ip changes WG never connects back even after several days unless you re-toogle it, which also requires scripts or netwatch for monitoring.@mantouboji for a client the IP address does not to be renewed until TTL expires.
So what is the TTL of your DNS registration?
WG will renew the resolve on restart of the WG peer. You can't check every so many seconds if the DNS changes brcause of Round Robin when having multiple IP addresses. Then MT could have built-in a option that enables to say it is using a dynamic DNS that only will return one IP address.
Automating that, ckeck DNS and accept different IP when connection is lost. User needs to activate that procedure.
Anyway i repeat, Mikrotiks fix works and issue is solved!
Once RB4011 reboot, change to a new IP, and update domain name (xxx.dyndns.info ), the ax2 resolv the new domain name correctly, but wireguard peer still attemp to connect old IP, so must reboot AX2 to resolv it.
True. But there is another WG behaviour, by design, that should solve this with the use of keep alive:That's WG behaviour by design, and people solve that problem with scripts: viewtopic.php?t=166214
Hi peichl, i tried /routing/route/print where belongs-to did not works either.That is correct. You need to use "belongs-to"./routing/route/print where received-from=bgp1
or
/routing/route/print where received-from bgp1
did not works, wait for hours and no prefix has displayed
thx
received-from is a field from RouterOS v6 that is no longer supported in any 7.x version, it would be better if it were removed from the list.
(or it should be fixed so it works again)
I'm fine so far... and no one knows why...😭
Parameter of "belongs-to" is like "bgp-IP-1.2.3.4" when your BGP peer has address 1.2.3.4Hi peichl, i tried /routing/route/print where belongs-to did not works either.
can u capture yours for example, maybe i did wrong
[cesar@hAP-ax3] > /system/resource/print
uptime: 1w1d32m18s
version: 7.11beta2 (development)
build-time: Jun/21/2023 11:39:58
factory-software: 7.5
free-memory: 591.3MiB
total-memory: 928.0MiB
cpu: ARM64
cpu-count: 4
cpu-frequency: 864MHz
cpu-load: 1%
free-hdd-space: 93.7MiB
total-hdd-space: 128.5MiB
write-sect-since-reboot: 96088
write-sect-total: 487465
bad-blocks: 0%
architecture-name: arm64
board-name: hAP ax^3
platform: MikroTik
I can confirm it too... Waiting so long for this fix! Thank you MikroTik!OVPN works much better!!
Still having problem with receive- from and belong-to, i have to use /ip/route/print where gateway=xxxxxParameter of "belongs-to" is like "bgp-IP-1.2.3.4" when your BGP peer has address 1.2.3.4Hi peichl, i tried /routing/route/print where belongs-to did not works either.
can u capture yours for example, maybe i did wrong
Probably for other routing protocols it will be similar.
It can also be "static" or "connected".
# 2023-07-01 16:54:22 by RouterOS 7.11beta2
# software id = R6XF-XXXX
#
06-23 04:57:39 system,info installed system-7.11beta2
06-23 04:57:39 system,info installed wifiwave2-7.11beta2
06-23 04:57:40 system,info router rebooted
06-23 04:57:46 system,error,critical error while running customized default configuration script: no such item
06-23 04:57:46 system,error,critical
06-23 04:57:49 interface,info ether2 link up (speed 1G, full duplex)
06-23 04:57:49 dhcp,info dhcp-client on bridge got IP address 192.168.10.2
06-23 04:57:57 caps,info selected CAPsMAN MikroTik@48:A9:8A:0E:18:EB%*8
06-23 04:57:57 caps,info connected to MikroTik@48:A9:8A:0E:18:EB%*8
06-23 04:58:38 system,critical,info cloud change time Jun/23/2023 04:58:09 => Jun/23/2023 04:58:38
06-23 06:59:15 caps,info disconnected from MikroTik@48:A9:8A:0E:18:EB%*8, failed to connect
06-23 07:00:01 caps,info selected CAPsMAN MikroTik@48:A9:8A:0E:18:EB%*8
06-23 07:00:01 caps,info connected to MikroTik@48:A9:8A:0E:18:EB%*8
06-24 10:06:12 radvd,warning received Router Solicitation packet with invalid code=6
06-24 10:06:16 radvd,warning received Router Solicitation packet with invalid code=6
06-25 09:27:40 radvd,warning received Router Solicitation packet with invalid code=6
06-25 09:27:44 radvd,warning received Router Solicitation packet with invalid code=6
06-26 20:00:49 caps,info disconnected from MikroTik@48:A9:8A:0E:18:EB%*8, failed to connect
06-26 20:01:33 caps,info selected CAPsMAN MikroTik@48:A9:8A:0E:18:EB%*8
06-26 20:01:34 caps,info connected to MikroTik@48:A9:8A:0E:18:EB%*8
06-26 20:03:57 system,info,account user admin logged in from 192.168.10.26 via winbox
06-26 20:04:10 system,info,account user admin logged out from 192.168.10.26 via winbox
06-27 18:55:23 radvd,warning received Router Solicitation packet with invalid code=6
06-28 18:49:34 radvd,warning received Router Solicitation packet with invalid code=6
06-29 09:00:34 radvd,warning received Router Solicitation packet with invalid code=6
06-29 09:00:38 radvd,warning received Router Solicitation packet with invalid code=6
06-30 18:59:39 radvd,warning received Router Solicitation packet with invalid code=6
06-30 18:59:43 radvd,warning received Router Solicitation packet with invalid code=6
14:30:52 caps,info disconnected from MikroTik@48:A9:8A:0E:18:EB%*8, failed to connect
14:30:56 caps,info selected CAPsMAN MikroTik@48:A9:8A:0E:18:EB%*8
14:30:56 caps,info connected to MikroTik@48:A9:8A:0E:18:EB%*8
14:55:26 caps,info disconnected from MikroTik@48:A9:8A:0E:18:EB%*8, failed to connectå
14:55:30 caps,info selected CAPsMAN MikroTik@48:A9:8A:0E:18:EB%*8
14:55:30 caps,info connected to MikroTik@48:A9:8A:0E:18:EB%*8
15:00:20 caps,info disconnected from MikroTik@48:A9:8A:0E:18:EB%*8, failed to connect
15:00:25 caps,info selected CAPsMAN MikroTik@48:A9:8A:0E:18:EB%*8
15:00:25 caps,info connected to MikroTik@48:A9:8A:0E:18:EB%*8
15:25:25 caps,info disconnected from MikroTik@48:A9:8A:0E:18:EB%*8, failed to connect
15:25:29 caps,info selected CAPsMAN MikroTik@48:A9:8A:0E:18:EB%*8
15:25:29 caps,info connected to MikroTik@48:A9:8A:0E:18:EB%*8
16:52:44 system,info,account user admin logged in from 192.168.10.20 via winbox
16:54:09 system,info,account user admin logged in from 192.168.10.20 via local
There are no errors present in the logs. Ever since 7.9 there are numerous reports about Wifi stability on Wifiwave2 devices. Since this is a testing/beta version i had to report.@Plugpulled
At least report errors to support, or just talk on the forum?
[admin@wifi-out] /system/logging/action> add target=
disk echo email memory remote mqtt
[admin@wifi-out] /system/logging/action> add target=mqtt broker=mybroker1 topic="logs/wifi-out/$topic"
interface/bridge/set bridge-local-lan ingress-filtering=yes frame-types=admit-only-vlan-tagged vlan-filtering=yes pvid=1
Could you at least write your device?kernel failure in previous boot
please check SUP-121322
[RouterOS 7.11beta4]kernel failure in previous boot
I have the same questions. Could you please Mikrotik team provide more info?*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
What meen this bug fix? What interface hangs?
Starting with RouterOS 7.9, IPQ-6010 wifi interfaces would malfunction under certain conditions.What meen this bug fix? What interface hangs?
That's great news, finally! ...and well done for finding and fixing this difficult problem. Just this morning I woke up to find all my IoT devices disconnected from wifi and unable to connect again until I rebooted.The malfunctions would cause client device disconnections and subsequent key handshake timeouts until the AP is rebooted.
This fix prevents the malfunction from occurring.
You are absolutely right!I want to express my concern over the amount of disk space on ARM devices with 16MB of flash, like the hAP ac2 (but there are many others).
In a plain install with the hAP ac2 only operating in bridge mode as a WiFi access point, with this version I have only 1MB space remaining. And it decreases with every version (obviously due to the added features).
I think the use of optional packages for features that a typical home user does not need (and that do not introduce cross-dependencies) should be re-considered...
/routing/route/print where received-from or /routing/route/print where belongs-to broken, please fix it.What's new in 7.11beta4 (2023-Jul-05 13:33):
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - improved stability and responsiveness;
*) container - fixed duplicate image name;
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) package - treat disabled packages as enabled during upgrade;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) rose-storage - added "scsi-scan" command (CLI only);
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
print where received-from is broken, but print where belongs-to works fine. you are likely using it wrong./routing/route/print where received-from or /routing/route/print where belongs-to broken, please fix it.
/interface wifiwave2 security
add authentication-types=wpa2-psk,wpa3-psk disable-pmkid=yes disabled=no ft=no ft-over-ds=no management-protection=allowed name=Home wps=disable
add authentication-types=wpa3-eap disable-pmkid=no disabled=no ft=yes ft-over-ds=yes management-protection=required name=radius-eap wps=disable
add authentication-types=wpa3-psk disable-pmkid=yes disabled=no ft=no ft-over-ds=no management-protection=required name=radius-mac wps=disable
/interface wifiwave2
# managed by CAPsMAN
# mode: AP, SSID: Home, channel: 5180/ax/Ceee
set [ find default-name=wifi1 ] configuration.manager=capsman .mode=ap disabled=no
# managed by CAPsMAN
# mode: AP, SSID: Home, channel: 2437/ax
set [ find default-name=wifi2 ] configuration.manager=capsman disabled=no
/interface wifiwave2 cap
set discovery-interfaces=vlan1 enabled=yes
/interface bridge
add add-dhcp-option82=yes dhcp-snooping=yes name=bridge priority=0x7000 vlan-filtering=yes
/interface bridge port
add bridge=bridge interface=ether1 trusted=yes
add bridge=bridge interface=ether2 pvid=200
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=wifi1
add bridge=bridge interface=wifi2
add bridge=bridge interface=wifi3
add bridge=bridge interface=wifi4
add bridge=bridge interface=wifi5
add bridge=bridge interface=wifi6
/interface bridge vlan
add bridge=bridge tagged=bridge untagged=ether1,wifi1,wifi2,wifi3,wifi4,wifi5,wifi6 vlan-ids=1
add bridge=bridge tagged=bridge,ether1,wifi1,wifi2,wifi3,wifi4,wifi5,wifi6 vlan-ids=52
add bridge=bridge tagged=bridge,ether1,wifi1,wifi2,wifi3,wifi4,wifi5,wifi6 vlan-ids=53
add bridge=bridge tagged=bridge,ether1 untagged=ether2 vlan-ids=200
add bridge=bridge tagged=bridge,ether1,wifi1,wifi2,wifi3,wifi4,wifi5,wifi6 vlan-ids=666
add bridge=bridge tagged=bridge,ether1,wifi1,wifi2,wifi3,wifi4,wifi5,wifi6 vlan-ids=667
/system scheduler
add interval=1m name="CAP - Restart due to missing 'wifi3'" on-event=":if ([/sys\
tem resource get uptime] > 00:10:00) do={\r\
\n /interface bridge port {\r\
\n :local varif [find interface=wifi3]\r\
\n :if ([:len \$varif] = 0) do={\r\
\n /sys reboot\r\
\n }\r\
\n }\r\
\n}" policy=reboot,read start-date=1970-01-01 start-time=00:00:00
It goes from 1G to 100M to 1G and so forth ...Hi,
I have issue with speed detection of LAN on AX2.
Once is detected speed 1G and once 100M with the same device.
Hi, I would not bother support for this if this happens when not using the device, I had the same behaviour on some PCs, it's ethernet going in low power mode, maybe check ErP setting in BIOS.Once is detected speed 1G and once 100M with the same device.
[admin@RB5009UG+S+] > int bridge export
/interface bridge
add name=bridge dhcp-snooping=yes add-dhcp-option82=yes priority=0x6000 vlan-filtering=yes
/interface bridge port
add bridge=bridge interface=ether2
add bridge=bridge interface=ether3
add bridge=bridge interface=ether4
add bridge=bridge interface=ether5
add bridge=bridge interface=ether6
add bridge=bridge interface=ether7
add bridge=bridge interface=ether8
add bridge=bridge interface=sfp-sfpplus1
/interface bridge vlan
add bridge=bridge tagged=bridge untagged=ether2,ether5 vlan-ids=1
add bridge=bridge tagged=bridge,ether2,ether5 vlan-ids=52
add bridge=bridge tagged=bridge,ether2,ether5 vlan-ids=53
add bridge=bridge tagged=bridge,ether5 vlan-ids=200
add bridge=bridge tagged=bridge,ether2,ether5 vlan-ids=666
add bridge=bridge tagged=bridge,ether2,ether5 vlan-ids=667
[admin@RB5009UG+S+] > /int vlan export
/interface vlan
add comment="Management" interface=bridge name=vlan1 vlan-id=1
add comment="Guest WiFi:" interface=bridge name=vlan52 vlan-id=52
add comment="Guest - No IPv6:" interface=bridge name=vlan53 vlan-id=53
add comment=LTE interface=bridge name=vlan200 vlan-id=200
add comment="PacketFence - Registration:" interface=bridge name=vlan666 vlan-id=666
add comment="PacketFence - Isolation:" interface=bridge name=vlan667 vlan-id=667
Yes, the 'create-enabled' provisioning policy ensures that interface IDs stay static on the CAPsMAN, but not the cAP.Is it a known quirk, that wifi3-wifi6 CAPSMAN controlled slave interfaces disappear and then re-appear on enrolled APs with different reference names?
# cAP WiFi bridge port configuration in datapath settings, not /bridge/port menu
/interface/wifiwave2/datapath add name=bridged bridge=bridge interface
/interface/wifiwave2 set [find] datapath=bridged
/interface/wifiwave2/cap cap set slaves-datapath=bridged
# schedhuled script to reconfigure bridge VLANs if any include unused interface IDs
/global taggedVLANIDs {52;53;666;667}
/global untaggedVLANIDs {1}
/global wifis [/int wifi find where bound]
/global wifiNames ""
:foreach wifi in=$wifis do={
/global wifiName [/int wifi get $wifi name]
/set wifiNames ($wifiNames . "," . $wifiName)
}
/global PortList ("ether1,bridge" . $wifiNames)
/global VLANsWithDefunctIDs [/int bridge vlan find where tagged~"\\*" or untagged~"\\*"]
:foreach defunctVLAN in=$VLANsWithDefunctIDs do={
:foreach VLANID in=$taggedVLANIDs do={
if ([/int/bridge/vlan get $defunctVLAN vlan-id]=$VLANID) do={
/int/bridge/vlan set $defunctVLAN tagged=$PortList
}
}
:foreach VLANID in=$untaggedVLANIDs do={
if ([/int/bridge/vlan get $defunctVLAN vlan-id]=$VLANID) do={
/int/bridge/vlan set $defunctVLAN untagged=$PortList
}
}
}
/routing bgp template
add as=65530 disabled=no name=default routing-table=main
Well, as it is still a work in progress I have just done an export, edited the export a bit, then reset configuration with that export as initial script.Temporarly you can solve with deleting all templates, reboot, and after that do thisand add back the other templates, set the default template, then set the correct template for each "connection"...Code: Select all/routing bgp template add as=65530 disabled=no name=default routing-table=main
I agree, but in this config that was not done. Probably I change to that.I never use the default objects, I often just disable them (or ignore them if not disableable) and create the new ones I need.
I do not notice that before, but is a bug for sure.....- when exporting bgp configuration, as number should always be exported also when it is 65530.
Asked support about it, no response yet.Also noticed something else in IP/Cloud:
2 tabs with BTH VPN and BTH VPN WIreguard (BTH = Back To Home).
What are those supposed to be used for??
Can't see anything in the release notes for that.
Using 7.11beta4 here and did not see nothing like you mentioned.Also noticed something else in IP/Cloud:
2 tabs with BTH VPN and BTH VPN WIreguard (BTH = Back To Home).
What are those supposed to be used for??
Can't see anything in the release notes for that.
Maybe related to some packages like iot or tr069 ?Using 7.11beta4 here and did not see nothing like you mentioned.
I must confess that I'm a bit curious to see that.
*) bridge - prevent bridging the VLAN interface created on the same bridge;
/interface bridge
add name=test-bridge vlan-filtering=yes
/interface bridge vlan
add bridge=test-bridge tagged=test-bridge vlan-ids=111
/interface vlan
add name=test-vlan-111 interface=test-bridge vlan-id=111
/interface bridge port
add bridge=test-bridge interface=test-vlan-111 pvid=111
/ip dns static
add address-list=DNS_BYPASS comment=DNS_BYPASS forward-to=dns.isp regexp=
"[-a-zA-Z0-9][-a-zA-Z0-9][-a-zA-Z0-9][-a-zA-Z0-9]+\.[a-z][a-z]+" type=FWD
Many thanks for the script to dynamically fix the bridge VLAN assignments, that is a much better solution instead of restarting the managed CAPs. Also great to hear that multiple VLAN assignments per enrolled WiFi interface in datapath settings is on the roadmap.You can ensure wireless interfaces are always added as bridge ports on the cAP by specifying it in the wireless datapath settings, not in the bridge port configuration.
RADIUS CoA works perfectly for wireless but doesn't appear to be working for dot1x (ethernet) interfaces. This would most probably require a port to be temporarily disabled, so that the connected device re-initiates DHCP once placed in the different VLAN. This is in essence so that a guest devices connected to a hardwired port times out on EAP, falls back to MAC based authentication, is placed in the registration VLAN (if not known). Everything works as desired up to this point, when the user completes registration the CoA should most probably re-trigger 802.1X and flap the port on MAC authentication.Finally, if RADIUS CoA worked with standalone APs, it should work with CAPsMAN as well.
---Also noticed something else in IP/Cloud:
2 tabs with BTH VPN and BTH VPN WIreguard (BTH = Back To Home).
Certainly a new move for Mikrotik, not just ARM, but specific ones. But works-as-advertised on an ax3 - you check the box to enable & creates a WG iface/subnet and NAT rule. Trying to use the QR took the most time ;). e.g. they use proportional font with # text for a QR in winbox (instead of graphic) & but in CLI...it has a [ANSI] graphic with /ip/cloud/print but renders halfway across the screen. And :put [/ip/cloud/get vpn-wireguard-client-config-qrcode] - doesn't seem to respect the newlines in the ASCII QR text, nor use ANSI graphic for QR in CLI like /ip/cloud/print.How odd ... it doesn't show in RB5009, AX2, mAP, MAP Lite, Hex, ...
But it does on AX3 and AX Lite ?
Use a valid RegEx for DNS:Code: Select all[-a-zA-Z0-9][-a-zA-Z0-9][-a-zA-Z0-9][-a-zA-Z0-9]+\.[a-z][a-z]+
actually it will, because if router is behind NAT, connection will be going through our relay service, securely(briefly tested the creation, did not test the tunnel since that AX3 is behind another router, so it will not work that way).
Nice feature!!!Back to Home VPN service
Actually not entirely ?Only during BETA period it is limited to 802.11ax devices with wifiwave2 package.
We will expand supported device list after 7.11 release
OK, Q: how does this relate to Zerotier then ??actually it will, because if router is behind NAT, connection will be going through our relay service, securely(briefly tested the creation, did not test the tunnel since that AX3 is behind another router, so it will not work that way).
I'm not at home but from Winbox, the tabs are not visible on AX2. They do show on AX3 and AX Lite.1) it should work on AX2, try the Android app.
anyway I don't have a phone
app is just to make one click config and one click connection. But like Antons said, you can also use regular Wireguard app in any device. Just more config needed in that case. And the app not as prettyNice feature, app downloaded, will try with my ax3 today.
EDIT: This is for phones only ? Do you plan to release app for windows/macos/linux ?
hAP ac3 please)))🙄🙄🙄🙏Clarification, currently the early beta is enabled only for these models:
And my "Audience"?hAP ac3 please
Thanks for for your wisdom, i'll try early in the morning. I just wanted to smash some data through to help.The Back To Home process will activate wireguard on your router and setup a dedicated tunnel, make some IP pool, some firewall rules (? didn't check?), ....
It should not break anything else but since this is so new, I wouldn't do this on a device which you need to be operating for others.
At home or lab, with something completely under your own control, that's something else.
0 D ;;; cloud vpn
chain=input action=accept protocol=udp dst-port=xxxxx
Thanks, it just can't be that simple for me can it. i give up.It will make one firewall rule:
Code: Select all0 D ;;; cloud vpn chain=input action=accept protocol=udp dst-port=xxxxx
/ip/cloud/set back-to-home-vpn=enabled
expected end of command (line 1 column 15)
RouterOS does not support regular expressions like {0,61}. At least that's what Support said last time.@kcarhcUse a valid RegEx for DNS:Code: Select all[-a-zA-Z0-9][-a-zA-Z0-9][-a-zA-Z0-9][-a-zA-Z0-9]+\.[a-z][a-z]+
viewtopic.php?p=876023#p876023
"^(([a-zA-Z0-9][a-zA-Z0-9-]{0,61}){0,1}[a-zA-Z]\\.){1,9}[a-zA-Z][a-zA-Z0-9-]{0,28}[a-zA-Z]\$"
Neither mine nor yours take into account when "_" is used only as first character on a label, to indicate more parameters than IPs like:
_acme.example.com
_domainkey.example.com
_autodiscover._tcp.example.com
because "The underscore has a special role. It's permitted for the first character in SRV records by RFC definition."
^(([a-zA-Z0-9][a-zA-Z0-9-]*)?[a-zA-Z]\.)+[a-zA-Z][a-zA-Z0-9-]*[a-zA-Z]$
This new function is for convenience. A one click solution. If you need other things or self hosting, there is no more need for our service. Just set up your own Wireguard tunnels or use Zerotier which can achieve the same result.@normis What are the chances that the relay server could be self-hosted, i.e. for service providers? For example, I have a lot of customers with hAP's behind CGNAT. If I could host a relay on a CHR or CCR2116, their app/device could be configured to use that relay, which then forwards their tunnels to their own router at home. This would provide the least amount of overhead and latency, and highest possible throughput, especially for road warriors.
Probably what he means is to re-use the easy one click QR code configuration. You could allow the setting of a domain name for an alternate service, describe the required service configuration (i.e. what you have running now), and then the QR codes would one-click-generate a tunnel via that alternate service.This new function is for convenience. A one click solution. If you need other things or self hosting, there is no more need for our service. Just set up your own Wireguard tunnels or use Zerotier which can achieve the same result.
Can confirm that, ROS7.7 speeds were 71/70 Mbps (our office connection is 75/75, public IP) now with 7.11beta4 23/41 MbpsI cannot sure, but Wireguard seems to have problems on latest 7.11 beta4.
I am using wireguard between my house and summer house.
CCR2004 (house) <-> RB5009 (summer house) over wireguard
I am also using EoIP to fetch IP TV from my house which needs ipv4+ipv6.
So both devices have a small additional software bridge but this was never a problem before.
Primary bridge: hardware acceleration + wireguard
Secondary bridge : software bridge with EoIP for IP tv
Yesterday, under 7.11 beta4 I had very low output nearly 1 to 20 Mbit/s
I noticed it because I could not watch TV in my summer house.
Nothing special in logs, I rebooted several times without success.
Then I downgraded to RouterOS 7.10.2 and output was around 200 Mbits (x10 times faster) instantly.
I did some testing connecting remotely over wireguard using my laptop.
CC2004 <=> Laptop with wireguard
The issue was only with wireguard and downgrading to RouterOS 7.10.2 fixed everything.
Hope this helps.
Thanks @kcarhc you are thanked on post on the link.
All domain not matched before?
just use one single dot, but match also invalid DNS requests.
for regexp on dns effectively work differently from scripts...
just replace {} with (near) equivalent commands
from "^(([a-zA-Z0-9][a-zA-Z0-9-]{0,61}){0,1}[a-zA-Z]\.){1,9}[a-zA-Z][a-zA-Z0-9-]{0,28}[a-zA-Z]$" toFor "RFC definition" can be added one underscore before the first "a"Code: Select all^(([a-zA-Z0-9][a-zA-Z0-9-]*)?[a-zA-Z]\.)+[a-zA-Z][a-zA-Z0-9-]*[a-zA-Z]$
Well, the only one is WireGuard+BTH solves a similar need for VPN when both ends are behind NAT/CGNAT...but @normis is right the similarities stops there.2) no relation to zerotier. this is a wireguard tunnel
you are nor aloneSo I've been having issues with IPv6 over Wireguard on wAP (arm) from ROS 7.10 ongoing. In "allowed-networks" I had /48 networks. I got this to work again by replacing those with /64's. Issue is ongoing, SUP-120497.
Hi, Do you have any plans to develop these ovpn features?No, we plan to run our own relays. No self hosting.
/interface wifiwave2 access-list
add action=reject disabled=no interface=2GHz signal-range=-120..-51
I was wondering about this solution too but I have question.....What will happend if a device has only WiFi 2,4Ghz?? The device will not be able to connect any network with this rule so be carefull with implementation.Is access list broken ?I wana kick clients at home with very strong signal from 2ghz to force them to roam to 5ghz, its not working for me.Code: Select all/interface wifiwave2 access-list add action=reject disabled=no interface=2GHz signal-range=-120..-51
/interface wifiwave2 configuration set rrm=yes
/interface wifiwave2 steering add neighbor-group rrm wnm
Maybe this was reason access list was also broken? Will try when im home.Thankyou Team.
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
If you want to kick clients with strong signal, you should specify signal-range=-51..120 for a rejecting access-list rule.Is access list broken ?I wana kick clients at home with very strong signal from 2ghz to force them to roam to 5ghz, its not working for me.Code: Select all/interface wifiwave2 access-list add action=reject disabled=no interface=2GHz signal-range=-120..-51
Hey, this kinda works, now it doesnt allow my phone to connect to on 2ghz if im close to router so it seams it works, but...If you want to kick clients with strong signal, you should specify signal-range=-51..120 for a rejecting access-list rule.Is access list broken ?I wana kick clients at home with very strong signal from 2ghz to force them to roam to 5ghz, its not working for me.Code: Select all/interface wifiwave2 access-list add action=reject disabled=no interface=2GHz signal-range=-120..-51
:local MacAddress "xx:xx:xx:xx:xx:xx"
:local ClientSignal -51
:local InterfaceName 2GHz
/interface wifiwave2 registration-table remove [find where mac-address=$MacAddress and signal > $ClientSignal and interface=$InterfaceName]
Do Wifiwave2 package contains part of the VPN code, if so why?*) bth - added "Back To Home" VPN service for 802.11ax devices with wifiwave2 package;
Can confirm that it's working again :D*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
please check SUP-119969 kernel failure in 7.11beta5What's new in 7.11beta5 (2023-Jul-17 10:07):
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bth - added "Back To Home" VPN service for 802.11ax devices with wifiwave2 package;
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - improved stability when using fullscreen editor;
*) container - added IPv6 support for VETH interface;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) resource - fixed erroneous CPU usage values;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
Its like Access list is only checked on initial connection of client but it doesn't check it any further.
Any more tips how to achieve this?
/ip firewall nat
add action=endpoint-independent-nat chain=srcnat out-interface-list=WAN protocol=udp
add action=endpoint-independent-nat chain=dstnat in-interface-list=WAN protocol=udp
Interesting .... I see it only on the FP TX Packet rate counters. RX moves.Bug report:
* Latest beta 5, I just noticed on the RB5009 ethernet interfaces the FP Tx and FP Tx Packet rate counters are always 0.
Check the /interface/bridge/vlan menu, not /interface/bridge/port.*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clien´t work forments with new VLAN IDs connect;
Doesn´t work for me. In the bridge the VLAN-ID is still VLAN-ID 1, instead of 99 for my guest-WLAN.
7.11beta2 enabled 802.11v BSS transition management requests and 802.11k neighbor report responses.I know all this but it doesnt work regardless of this setting .For now my script in scheduler works to help band steer to 5ghz until mikrotik does some fixes /improvments to wave2.
Ability to change rates.7.11beta2 enabled 802.11v BSS transition management requests and 802.11k neighbor report responses.I know all this but it doesnt work regardless of this setting .For now my script in scheduler works to help band steer to 5ghz until mikrotik does some fixes /improvments to wave2.
What more would you like AP to do to facilitate roaming?
@FToms,is not working anymore, any info about the new "steering" options?Code: Select all/interface wifiwave2 configuration set rrm=yes
Code: Select all/interface wifiwave2 steering add neighbor-group rrm wnm
Thanks, waiting for it.We'll update the documentation shortly.
Well what about when im on lower signal on 5ghz, if i could disable lower rates, like set min 24 or 36 as i had on wave1 so my devices dont get stuck on lower 5ghz signal and move to another AP or 2ghz from same ap way sooner.To lower the distance at which a link can be established?
You can do that by manually lowering maximum transmit power.
The 'security.ft' setting enables 802.11r fast roaming.Is always CAPsMAN + ft=yes required for a device to roam between APs?
Can you please provide some instructions how to add dual-stack IPv4+IPv6 address to a container?What's new in 7.11beta5 (2023-Jul-17 10:07):
*) container - added IPv6 support for VETH interface;
In such cases, capsman is not necessary.If I have only one HAP AX3 and I want to enable roaming, should I use capsman when I use only one AP?
Hi FToms,Check the /interface/bridge/vlan menu, not /interface/bridge/port.*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clien´t work forments with new VLAN IDs connect;
Doesn´t work for me. In the bridge the VLAN-ID is still VLAN-ID 1, instead of 99 for my guest-WLAN.
It was working before update just fine, i will see if something was changed when update was done@gigabyte091 BTH tested and is working ok here, even behind NAT. Remember to add an additional allow rule, in case you put a deny all rule at the end of your forward chain.
There are 2 settings on a cAP, where datapath is specified.And in the /interface/bridge/port no wifi12 appears:
Can you please provide some instructions how to add dual-stack IPv4+IPv6 address to a container?What's new in 7.11beta5 (2023-Jul-17 10:07):
*) container - added IPv6 support for VETH interface;
Thanks
dksoft
/interface veth
add address=10.0.0.6/20,fd00::6/64 comment="Docker container" gateway=10.0.0.1 gateway6=fd00::1 name=PIHOLE
Done! Look under Tips and Tricks section.Can you please provide some instructions how to add dual-stack IPv4+IPv6 address to a container?
Thanks
dksoft
Very easy to configure!Done! Look under Tips and Tricks section.Can you please provide some instructions how to add dual-stack IPv4+IPv6 address to a container?
Thanks
dksoft
What channel sizes are you running on 2.4 and 5? What phone (operating system)?Unless there are some other tricks in FT or /interface/wifiwave2/steering we need option to change minimum rates so we can improve roaming decisions made by clients.
Reason im asking for this because my devices get stuck for days on 2ghz even if im 1m from AP, on other WIFI6 vendor APs this just works and my phone auto roams back to 5ghz from 2ghz when im back to good signal (like going outside then back to office), on Mikrotik only see client roam(its even printed in log) when i run out of 5ghz signal then moves me to 2ghz, but never returns me back to 5ghz.
[cesar-ro@RB5009] > /container/print
0 name="4736436b-e3cc-4f12-a794-7f128e0a26cf" tag="adguard/adguardhome:latest" os="linux" arch="arm64" interface=adguard root-dir=usb1-part1/adguard-root mounts=adguard-opt-adguardhome-conf,adguard-opt-adguardhome-work dns=172.31.0.254
hostname="adguard" workdir="/opt/adguardhome/work" start-on-boot=yes status=running
[cesar-ro@RB5009] > /container/shell number=0
/ # cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
0.0.0.0 adguard
[cesar-ro@RB5009] > /container/print
1 name="a05ce710-4794-48c3-98c2-d0469807d7dd" tag="zabbix/zabbix-proxy-sqlite3:alpine-6.0-latest" os="linux" arch="arm64" interface=zabbix envlist="zabbix" root-dir=usb1-part1/zabbix-root
mounts=zabbix-var-lib-zabbix-db_data,zabbix-var-lib-zabbix-enc dns=172.31.0.254 hostname="zabbix" workdir="/var/lib/zabbix" start-on-boot=yes status=running
[cesar-ro@RB5009] > /container/shell number=1
bash-5.1# cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
0.0.0.0 zabbix
Hi @antonsb, thank you for implementing IPv6 for containers, it is highly appreciated.Done! Look under Tips and Tricks section.
/container set 0 address=172.17.0.3/16,fd8d:5ad2:24:2::2/64 gateway6=fd8d:5ad2:24:2::1
Interesting, mine only seems to happen on TX on 2.5GB interfacesInteresting .... I see it only on the FP TX Packet rate counters. RX moves.Bug report:
* Latest beta 5, I just noticed on the RB5009 ethernet interfaces the FP Tx and FP Tx Packet rate counters are always 0.
Best to report to support@mikrotik.com.
How to enable steering ? I can't find anything in winbox and when i tried using terminal it says bad command...We'll update the documentation shortly.
'configuration.rrm' has been renamed to 'steering.rrm' and it enables or disables responses to neighbor report requests.
'steering.wnm' disables or enables responses to BSS transition management queries.
Those 2 types of frames both include a list of APs that are suggested as roaming candidates to clients interested in this info.
By default all APs with the same SSID and authentication settings are put in the same neighbor group. See /interface/wifiwave2/neighbour-group for active AP groups.
5GHz APs are listed as more desirable roaming candidates than 2.4GHz APs.
We'll appreciate suggestions on what functionality and configuration options you would like to have added to the steering menu.