v7.13rc [testing] is released!

Fri Dec 01, 2023 12:00 pm

RouterOS version 7.13rc has been released on the "v7 testing" channel!

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during the upgrade process;
3) Device has enough free storage space to download all RouterOS packages.

Notice - Starting from RouterOS version 7.13, significant changes have been made to the RouterOS wireless packages. This is done due to a new product developemnt which will require more disk space for hardware drivers so we had to split it in order to maintain old products alongside the new ones. More wireless packages are yet to come.

1. When upgrading by using "check-for-updates", all versions earlier than 7.12 will display 7.12 as the latest available version. Upgrade from v7.12 to v7.13 or later versions must be done through 7.12 in order to convert wireless packages automatically. Fresh installation with Netinstall or manual package installation works in the same manner as always.

2. Drivers for older wireless and 60GHz interfaces, as well as the wireless management system CAPsMAN, are now part of a separate "wireless" package instead of being a part of the bundle package. This package can be uninstalled if not needed.

3. The existing "wifiwave2" package has been divided into distinct packages: "wifi-qcom" and "wifi-qcom-ac", and the necessary utilities for WiFi management are now included in the RouterOS bundle. RouterOS and "wifi-qcom-ac" packages alongside each other now fit into 16MB flash memory.

What's new in 7.13rc4 (2023-Dec-12 15:16):

*) certificate - fixed CRL updating;
*) console - improved stability when removing script (introduced in v7.13beta3);
*) defconf - fixed configuration for Audience with "wifi-qcom-ac" package;
*) defconf - improved wifi interface detection after upgrade;
*) ethernet - improved system stability for L009 and hAP ax lite devices;
*) sfp - improved link establishment for SFP copper modules;

What's new in 7.13rc3 (2023-Dec-06 17:16):

*) console - fixed memory leak (introduced in v7.13beta1);
*) defconf - fixed wireless band and channel-width selection (introduced in v7.12);
*) iot - fixed incorrect LoRa ACK packet handling during downlink messaging (introduced in v7.12);
*) qos-hw - added initial congestion avoidance support for 98DX224S, 98DX226S, and 98DX3236 switch chips (CLI only);
*) sfp - fixed link establishment with S+DA0001 DAC cables;
*) sfp - improved link establishment for SFP copper modules;
*) wireless - keep configuration after manual package removal;

What's new in 7.13rc2 (2023-Nov-30 17:02):

*) bth - improved automatic firewall rule generation process;
*) certificate - added HTTP redirect support for CRL download;
*) console - fixed user login through RADIUS (introduced in v7.13beta1);
*) console - replace reserved characters in file and script names with underscores;
*) defconf - use "fan-min-speed-percent=25" for CRS354-48P-4S+2Q+ device;
*) ftp - improved upload and download speeds;
*) ospf - fixed missing opaque bit in opaque LSA;
*) ospf - fixed missing OSPF interface on L2TP interface reconnect;
*) qos-hw - added initial congestion avoidance support for 98DX224S, 98DX226S, and 98DX3236 switch chips (CLI only);
*) qsfp - added support for QSFP-to-SFP adapters;
*) ssh-client - fixed bogus output in interactive mode (introduced in v7.13beta3);
*) system - improved incoming and outgoing TCP connection performance;
*) system - improved internal process communication performance;
*) wifi - added "radio-mac" variable for "name-format" provisioning setting;
*) wifi - create first interface without number when using "name-format" provisioning setting;
*) wifi - fixed cap interface hangs with "busy" status (introduced in v7.13beta3);
*) wifi - improved CAPsMAN stability during provisioning;
*) winbox - improved connection speed;

Other changes since v7.12:

!) package - convert "wireless" and "wifi" packages automatically, if upgrading from v7.12;
!) wifi - split existing "wifiwave2" package into separate packages "wifi-qcom", "wifi-qcom-ac", and include required utilities for WiFi management into bundle;
!) wireless - separate "wireless" package from bundle and build as a standalone package;
*) bridge - added automatic "path-cost" values depending on interface rate;
*) bridge - added bridge interface property "port-cost-mode" with "short" and "long" arguments;
*) bridge - fixed bogus VLAN entries from wifi when vlan-filtering is not enabled;
*) bridge - fixed HW offload enable with multiple switches (introduced in v7.13beta1);
*) bridge - fixed missing "S" flag after configuration changes (introduced in v7.13beta1);
*) bridge - improved host flush when removing VLAN on HW offloaded bridge;
*) bridge - improved HW offload enable;
*) bth - added "VPN Prefer Relay Code" option;
*) certificate - add support for multiple DNS names for Let's Encrypt;
*) certificate - added support for certificates with key size 16384;
*) certificate - fixed certificate auto renewal via SCEP when certificate contains "subject-alt-name";
*) certificate - fixed CRL check (introduced in v7.13beta1);
*) certificate - fixed host certificate verification if host is IP address (introduced in v7.13beta1);
*) certificate - fixed manual URL addition for CRL (introduced in v7.13beta2);
*) certificate - improved CRL signature verification and download error messages;
*) certificate - improved initial certificate creation using SCEP;
*) certificate - use error topic for CRL update failures;
*) cloud - improved re-connect speed after network related connection errors;
*) console - added ":grep" command;
*) console - added ":onerror" command;
*) console - added ":serialize" and ":deserialize" commands for converting values to/from JSON;
*) console - added "interface" name when printing "interface/pppoe-server" entries;
*) console - added "read" command under "file" menu;
*) console - added "where" functionality for "export" command;
*) console - added flags to "print" command with "value-list";
*) console - added interface helper for "gateway" property under "ip/route" menu;
*) console - added unset option for "ssid-regex" and "allow-signal-out-of-range" properties under "interface/wifi/access-list" menu;
*) console - clear console history when resetting configuration;
*) console - disallow setting existing "name" under "system/script" and "system/scheduler" menus;
*) console - fixed "export" boolean arguments when saving output to file using API;
*) console - fixed "interface/ethernet/switch/port-isolation" export;
*) console - fixed "on-event" argument highlighting under "system/scheduler" menu;
*) console - fixed graphic distortions in WinBox;
*) console - fixed issue where API incorrectly asks for missing arguments;
*) console - fixed misaligned columns (introduced in v7.13beta1);
*) console - fixed missing escaped characters when using print in certain menus (introduced in v7.13beta1);
*) console - fixed printing to file using API;
*) console - ignore negative values for ":delay" command;
*) console - improved flag printing in certain menus;
*) console - improved stability when removing script;
*) console - improved stability when running "tool/ping" from API;
*) console - removed "route-cache" setting from "ip/settings" menu;
*) console - resolve "wifiwave2" directory to "wifi";
*) console - show "l2vpn-link" address family under "routing/route" menu;
*) console - use more compact login screen for empty branding;
*) defconf - expire password when reverting configuration;
*) defconf - fixed bogus wifi password on certain Audience devices;
*) defconf - hide default configuration for users without "sensitive" policy;
*) defconf - updated configuration with new "wifi" directory;
*) defconf - use "WISP Bridge" default configuration mode for RBGrooveGA-52HPacn device;
*) defconf - use device factory preset credentials when using CAPs mode;
*) defconf - use one SSID and enable FT when using "wifi" packages;
*) disk - fixed hang on reboot when network file systems mounted;
*) ethernet - improved packet CPU core classifier for Alpine CPUs for non IPv4/IPv6 traffic;
*) fetch - added "http-auth-scheme" parameter, allows to select HTTP basic or digest authentication;
*) fetch - added "http-content-encoding" setting;
*) fetch - added raw logging;
*) fetch - allow to receive HTTP response headers;
*) fetch - require "ftp" user policy;
*) firewall - added "nat-pmp" support;
*) firewall - added new IPv6 filter arguments "icmp-err-src-routing-header" and "icmp-headers-too-long" for "reject-with" setting;
*) firewall - do not mark all IPv6 GRE packets as invalid;
*) firewall - fixed altered address-list when upgrading from RouterOS v6;
*) firewall - fixed connections being tracked when tracking is disabled;
*) firewall - fixed IPv6 address-list timeout;
*) firewall - removed "prohibited" and "unreachable" IPv4 address-type arguments;
*) health - dynamically add and remove invalid sensors (e.g. sfp-temperature);
*) hotspot - fixed incorrect host moving to VLAN 0 when receiving packets through bridge;
*) ike2 - fixed ike2 double reply;
*) ipv6 - do not send out IPv6 RA deprecate message for re-used prefix;
*) isis - added IS-IS protocol support (CLI only);
*) l3hw - fixed routing for IPsec encapsulated packets;
*) leds - fixed LED indication in multi-APN setup for Chateau;
*) leds - improved LED indication during modem registration state for Chateau;
*) log - added "fetch" topic;
*) lora - added CUPs protocol support;
*) lora - fixed issue with lost LoRa configuration when rebooting the device;
*) lte - added RNDIS support for neoway N75-EA modem;
*) lte - added support for FOTA firmware upgrade from custom URL for R11eL-FG621-EA;
*) lte - disabled IMS service for Chateau 5G on A1 HR network;
*) lte - fixed rare cases where Chateau 5G in passthrough mode may stop forwarding packets;
*) lte - improved SIM slot status change notification handling for MBIM modems;
*) lte - replaced "passthrough-subnet-selection" with "passthrough-subnet-size" setting (CLI only);
*) lte - show each CA band in a new line;
*) mipsbe - improved system stability when removing USB devices;
*) mmips - properly mount and unmount USB devices;
*) modem - added option to read SMS using MBIM interface;
*) mpls - added "te-tunnel" property for VPLS monitor (CLI only);
*) mpls - fixed IPv6 RSVP-TE;
*) mpls - improved logging;
*) netinstall-cli - added more details to help messages;
*) ospf - fixed LSA Type3 advertisement for OSPFv2;
*) ovpn - improved memory allocation during key-renegotiation;
*) ovpn - removed "ping-timer-rem" option from client config file;
*) package - added warning log about missing "wireless" or "wifi" package;
*) pimsm - improved elected BSR change;
*) poe-out - improved firmware upgrade stability for AF/AT controlled boards;
*) ppc - fixed RouterOS bootup (introduced in v7.12);
*) ppp - added remote-ipv6-prefix to IPv6 firewall address-list if "address-list" property is provided;
*) ppp - allow at-chat and info commands in "waiting for packets" state for modems with shared data/info channel;
*) ppp - improved IPv6 link-local address uniqueness;
*) pppoe-server - fixed connection count limit per license level;
*) profiler - improved "disk" and "supout.rif" classifiers;
*) qsfp - fixed supported rates for breakout cables (introduced in v7.12);
*) quickset - show DDNS name as VPN address for devices with new style serial number;
*) route-filter - improved performance;
*) sfp - added "1G-baseT" link mode for modules that supports "2.5G-baseT" mode;
*) sfp - allow 2.5G rates only in forced link mode;
*) sfp - fixed SFP and combo interface handling for CRS328-4C-20S-4S+ device (introduced in 7.13beta1);
*) sfp - ignore irrelevant extended compliance code for SFP modules;
*) sfp - improved link establishment with certain modules for hEX S device;
*) sfp - improved SFP interface handling for 98DX224S, 98DX226S, 98DX3236, 98DX8208, and 98DX8216 switch chips;
*) sfp - show 10M and 100M supported rates for RJ45 copper modules;
*) ssh - added cipher and hash function acceleration for ARM64 and x86 architectures;
*) ssh - fix error that caused large chunks of text not being pasted in their entirety into console;
*) supout - added multiple WiFi sections;
*) supout - added VXLAN FDB section;
*) supout - include missing wireless information (introduced in v7.13beta1);
*) switch - fixed service VLAN tagged IP multicast packets for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - added "rtrace" debugging tool (CLI only);
*) traffic-generator - improved system stability when modifying interfaces;
*) usb - added support for RTL8152 USB ethernet on ARM, ARM64 and x86;
*) vpls - improved performance when decapsulating data;
*) vrf - fixed ICMP reply lookup;
*) webfig - allow to display comments in multiline or compact modes;
*) webfig - make table headers always visible;
*) webfig - use local storage for user preferences;
*) wifi - added "flat-snoop" tool for surveying WiFi APs and stations (CLI only);
*) wifi - added "remove" command in "capsman/remote-cap" menu;
*) wifi - after radar detections, avoid selection of channels not permitted by the user;
*) wifi - changed CAPsMAN generated certificate common name;
*) wifi - enable protected interworking ANQP responses;
*) wifi - fixed EAP authentication failures when the Session-Timout RADIUS attribute is defined;
*) wifi - fixed occasional failures to start on 20/40mhz-eC channels for 2.4GHz 802.11ax interfaces;
*) wifi - fixed overridden datapath settings on CAP when unsetting from CAPsMAN;
*) wifi - improved system stability when using sniffer (introduced in v7.13beta1);
*) wifi - make slave APs use datapath bridge settings inherited from master by default;
*) wifi - removed "openflow-switch" setting;
*) wifi-qcom - added fast-path for received packets;
*) winbox - added "Hw. Offload" property under "IP/Firewall/Filter" menu;
*) winbox - added "none" argument for "Preshared Key" under "WireGuard/Peers" menu;
*) winbox - added "Ping" button under "IP/DHCP Server/Leases" menu;
*) winbox - added "Tx bps" and "Rx bps" monitor values under "WiFi/Registration" menu;
*) winbox - added icon to entries under "WiFi/Access List" menu;
*) winbox - added missing "qos-classifier" argument for "Hw. Caps" under "WiFi/Radios" menu;
*) winbox - added missing arguments for "MAC Format" under "Wireless/Security Profiles/RADIUS" menu;
*) winbox - allow opening entries under "WiFi/Registration" menu;
*) winbox - fixed default "Name Format" property under "WiFi/Provisioning" menu;
*) winbox - fixed memory allocation (introduced in v7.13beta2);
*) winbox - fixed minor typo under "Routing/BFD" menu;
*) winbox - updated "wireless" and "wifi" menus;
*) wireless - fixed "wlan1" default name for RBSXTsqG-5acD and RBLDFG-5acD;
*) wireless - fixed snooper information gathering from re-assocation requests;

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

If you experience version related issues, please send a supout file from your router to support@mikrotik.com. File must be generated while a router is not working as suspected or after some problem has appeared on the device

Please keep this forum topic strictly related to this particular RouterOS release.

ToTheFull · Fri Dec 01, 2023 12:12 pm

Please can you confirm if this is the same as 7.13Apha240
And thankyou....

Fri Dec 01, 2023 12:51 pm

No, not the same. Even better, and includes more fixes!

Fri Dec 01, 2023 1:01 pm

Upgraded RB5009 from 7.13b1.
It appears upgrade of APs (AX2 and AX3) via capsman manager does not work anymore like it used to be.

Select APs, hit "Upgrade" and nothing happens.
Log file shows an interesting entry:
0xf7f0f460 manual upgrade request failed, no file (wifi-qcom-7.13rc2-arm64.npk)
So I need to foresee that file first on RB5009 ...

Logical, when you think about it, but nevertheless something to keep in mind.

alibloke · Fri Dec 01, 2023 1:35 pm

Yes, now the rb5009 doesn't need the qcom package you will have to upload it for the ax APs for auto upgrade to work via capsman

ToTheFull · Fri Dec 01, 2023 1:47 pm

No, not the same. Even better, and includes more fixes!

Thanks updated cap ax and ax2

Fri Dec 01, 2023 1:52 pm

Yes, now the rb5009 doesn't need the qcom package you will have to upload it for the ax APs for auto upgrade to work via capsman

Actually, you ALSO need to upload the base ROS package to that folder or those APs simply disappear from capsman once you got a folder specified.
Even with "none" as upgrade policy.

Filezilla, FTP to RB5009, 2 packages uploaded to folder.
And voila, APs back visible and now I'm able to upgrade them.
Again, there are going to be quite some who will hit this same wall since it is a complete deviation from wave2 devices how it used to work prior 7.13-chain.

Ullinator · Fri Dec 01, 2023 3:55 pm

Upgraded RB5009 from 7.13b1.
It appears upgrade of APs (AX2 and AX3) via capsman manager does not work anymore like it used to be.

Select APs, hit "Upgrade" and nothing happens.
Log file shows an interesting entry:
0xf7f0f460 manual upgrade request failed, no file (wifi-qcom-7.13rc2-arm64.npk)
So I need to foresee that file first on RB5009 ...

Logical, when you think about it, but nevertheless something to keep in mind.

The solution is quite simple :-) ->
https://git.eworm.de/cgit/routeros-scri ... ackages.md
I personaly use many of these scripts, they are perfect and very very helpful. :-)
They are from eworm here in this forum. A very smart guy ;-)
I have the honor to be a beta tester for new scripts or for feature updates.

ToTheFull · Fri Dec 01, 2023 4:00 pm

Have you very smart people any idea what program is doing this, yes this is a pc in laddys room!
Yes I have now disabled SSH

13:19:26 system,error,critical login failure for user  from 192.168.0.188 via ssh
 13:19:26 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:27 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:27 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:27 system,error,critical login failure for user  from 192.168.0.188 via ssh
 13:19:27 system,error,critical login failure for user MikroTikSystem from 192.168.0.188 via ssh
 13:19:27 system,error,critical login failure for user dircreate from 192.168.0.188 via ssh
 13:19:28 system,error,critical login failure for user EServicios from 192.168.0.188 via ssh
 13:19:28 system,error,critical login failure for user SolucTec from 192.168.0.188 via ssh
 13:19:28 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:28 system,error,critical login failure for user root from 192.168.0.188 via ssh
 13:19:28 system,error,critical login failure for user user from 192.168.0.188 via ssh
 13:19:29 system,error,critical login failure for user sysadm from 192.168.0.188 via ssh
 13:19:29 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:29 system,error,critical login failure for user meo from 192.168.0.188 via ssh
 13:19:29 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:29 system,error,critical login failure for user  from 192.168.0.188 via ssh
 13:19:30 system,error,critical login failure for user guest from 192.168.0.188 via ssh
 13:19:30 system,error,critical login failure for user root from 192.168.0.188 via ssh
 13:19:30 system,error,critical login failure for user ubnt from 192.168.0.188 via ssh
 13:19:30 system,error,critical login failure for user Admin from 192.168.0.188 via ssh
 13:19:30 system,error,critical login failure for user root from 192.168.0.188 via ssh
 13:19:30 system,error,critical login failure for user root from 192.168.0.188 via ssh
 13:19:31 system,error,critical login failure for user Admin from 192.168.0.188 via ssh
 13:19:31 system,error,critical login failure for user root from 192.168.0.188 via ssh
 13:19:31 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:31 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:32 system,error,critical login failure for user Administrator from 192.168.0.188 via ssh
 13:19:32 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:32 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:32 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:32 system,error,critical login failure for user vodafone from 192.168.0.188 via ssh
 13:19:32 system,error,critical login failure for user Administrator from 192.168.0.188 via ssh
 13:19:32 system,error,critical login failure for user root from 192.168.0.188 via ssh
 13:19:33 system,error,critical login failure for user webadmin from 192.168.0.188 via ssh
 13:19:33 system,error,critical login failure for user user from 192.168.0.188 via ssh
 13:19:33 system,error,critical login failure for user Admin from 192.168.0.188 via ssh
 13:19:33 system,error,critical login failure for user administrator from 192.168.0.188 via ssh
 13:19:33 system,error,critical login failure for user sysadmin from 192.168.0.188 via ssh
 13:19:34 system,error,critical login failure for user guest from 192.168.0.188 via ssh
 13:19:34 system,error,critical login failure for user manager from 192.168.0.188 via ssh
 13:19:34 system,error,critical login failure for user tech from 192.168.0.188 via ssh
 13:19:34 system,error,critical login failure for user admin2 from 192.168.0.188 via ssh
 13:19:34 system,error,critical login failure for user login from 192.168.0.188 via ssh
 13:19:35 system,error,critical login failure for user admim from 192.168.0.188 via ssh
 13:19:35 system,error,critical login failure for user support from 192.168.0.188 via ssh
 13:19:35 system,error,critical login failure for user root from 192.168.0.188 via ssh
 13:19:35 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:36 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:36 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:36 system,error,critical login failure for user root from 192.168.0.188 via ssh
 13:19:36 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:36 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:37 system,error,critical login failure for user root from 192.168.0.188 via ssh

Ullinator · Fri Dec 01, 2023 4:03 pm

Have you very smart people any idea what program is doing this, yes this is a pc in laddys room!
Yes I have now disabled SSH

13:19:26 system,error,critical login failure for user  from 192.168.0.188 via ssh
 13:19:26 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:27 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:27 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:27 system,error,critical login failure for user  from 192.168.0.188 via ssh
 13:19:27 system,error,critical login failure for user MikroTikSystem from 192.168.0.188 via ssh
 13:19:27 system,error,critical login failure for user dircreate from 192.168.0.188 via ssh
 13:19:28 system,error,critical login failure for user EServicios from 192.168.0.188 via ssh
 13:19:28 system,error,critical login failure for user SolucTec from 192.168.0.188 via ssh
 13:19:28 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:28 system,error,critical login failure for user root from 192.168.0.188 via ssh
 13:19:28 system,error,critical login failure for user user from 192.168.0.188 via ssh
 13:19:29 system,error,critical login failure for user sysadm from 192.168.0.188 via ssh
 13:19:29 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:29 system,error,critical login failure for user meo from 192.168.0.188 via ssh
 13:19:29 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:29 system,error,critical login failure for user  from 192.168.0.188 via ssh
 13:19:30 system,error,critical login failure for user guest from 192.168.0.188 via ssh
 13:19:30 system,error,critical login failure for user root from 192.168.0.188 via ssh
 13:19:30 system,error,critical login failure for user ubnt from 192.168.0.188 via ssh
 13:19:30 system,error,critical login failure for user Admin from 192.168.0.188 via ssh
 13:19:30 system,error,critical login failure for user root from 192.168.0.188 via ssh
 13:19:30 system,error,critical login failure for user root from 192.168.0.188 via ssh
 13:19:31 system,error,critical login failure for user Admin from 192.168.0.188 via ssh
 13:19:31 system,error,critical login failure for user root from 192.168.0.188 via ssh
 13:19:31 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:31 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:32 system,error,critical login failure for user Administrator from 192.168.0.188 via ssh
 13:19:32 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:32 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:32 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:32 system,error,critical login failure for user vodafone from 192.168.0.188 via ssh
 13:19:32 system,error,critical login failure for user Administrator from 192.168.0.188 via ssh
 13:19:32 system,error,critical login failure for user root from 192.168.0.188 via ssh
 13:19:33 system,error,critical login failure for user webadmin from 192.168.0.188 via ssh
 13:19:33 system,error,critical login failure for user user from 192.168.0.188 via ssh
 13:19:33 system,error,critical login failure for user Admin from 192.168.0.188 via ssh
 13:19:33 system,error,critical login failure for user administrator from 192.168.0.188 via ssh
 13:19:33 system,error,critical login failure for user sysadmin from 192.168.0.188 via ssh
 13:19:34 system,error,critical login failure for user guest from 192.168.0.188 via ssh
 13:19:34 system,error,critical login failure for user manager from 192.168.0.188 via ssh
 13:19:34 system,error,critical login failure for user tech from 192.168.0.188 via ssh
 13:19:34 system,error,critical login failure for user admin2 from 192.168.0.188 via ssh
 13:19:34 system,error,critical login failure for user login from 192.168.0.188 via ssh
 13:19:35 system,error,critical login failure for user admim from 192.168.0.188 via ssh
 13:19:35 system,error,critical login failure for user support from 192.168.0.188 via ssh
 13:19:35 system,error,critical login failure for user root from 192.168.0.188 via ssh
 13:19:35 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:36 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:36 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:36 system,error,critical login failure for user root from 192.168.0.188 via ssh
 13:19:36 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:36 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:37 system,error,critical login failure for user root from 192.168.0.188 via ssh

Looks for me like some kind of ransonware which has infect the PC...!?

Fri Dec 01, 2023 4:04 pm

Somebody with IP 192.168.0.188 is trying to guess your router password. Change SSH port, then go and find that person and teach them a lesson

Fri Dec 01, 2023 4:04 pm

Disconnect and check that PC offline !

Either a bot or some virusscanner trying to get in your router.
The fact it's trying to use several different user names, makes me think it's not up to any good.

Fri Dec 01, 2023 4:05 pm

Yea, could be Virus

ToTheFull · Fri Dec 01, 2023 4:09 pm

He tinkers with programing, I'll have another Word!
Thankyou

iustin · Fri Dec 01, 2023 4:35 pm

Honestly I think ssh with public key authentication is safer that any other protocol, since you can’t “guess” the key. Whereas you could happen to guess the password.

Amm0 · Fri Dec 01, 2023 5:00 pm

He tinkers with programing, I'll have another Word!
Thankyou

Google suggests it the AVG virus scanner looking for weak password on the LAN: https://support.avg.com/answers?id=9065p0000000jO6AAI#

ToTheFull · Fri Dec 01, 2023 5:11 pm

Ive had a word, it seems to happen at boot-time 20 secs... so you could be on the money as he does have AVG I believe @Amm0
Thanks will pass on!

maigonis · Fri Dec 01, 2023 5:28 pm

Please stick to the topic.

Cap ac, hap ac2 and wap ac + CCR1009-8G-1S-1S+ upgraded fine to this rc. Busy issue is gone and wave2 stability, performance and feature set is now in line whit hardware capabilities, better late than newer. Since first beta I'm testing (carefully whit understanding what I'm doing and having backup plan) ac wave2 in almost 900 students school, we daily have 300-400 STAs connected. WPA3 can and is causing issues, so I recommend starting upgrade whit "legacy security profile" - WPA2 only, MFP off, to be sure and learn how wave2 works as it brings changes.

To summarize my findings: There is no more "graceful disconnect issue", this was major stability issue, mostly noticeable in larger networks. Performance wise 40mhz channel can push around 140-160mbps under load, tested whit 32 ipads updating at the same time. All STAs that do support 2x2 will connect 2x2, and modulations are holding great (will depend on your env and deployment). Also noticed noticeably lower latency/jitter, network in general is more responsive. Wave2 features (802.11kvrw, beam forming, WPA3 etc) bring even more improvements, mostly noticeable in hi density (again) networks, but also smaller networks will see benefits, especially WPA3. As a feature request I would like to see channel utilization stats in capsman, also be able to collect them whit SNMP, so I can see actual ch usage over time. Also radar detect still needs improvement (Mediatek MT7921au based wifi cards still trigger DFS event almost on every interface toggle, also ax lineup), so for now I cant set Latvia as country, again US works like it should, but incorrect country is causing issues, so not recommended. Rate altering would be great, to cut BPSK and QPSK for example, again, useful in hi dense networks, so I can leave ACL RX limits alone (mostly).

Really happy too see wave2 on ac (arm at least) lineup, it brings a lot of stability, performance and feature improvements. To be clear, till stable is released I don't recommend updating larger networks if you don't monitor them and/or don't have knowledge how to do so, but this brings those device further. They now do work whit the same capsman, so you can mix whit ax lineup, even if you are in transition phase.

Great job boys/girls.

ToTheFull · Fri Dec 01, 2023 9:54 pm

Big thanks to you all for this release, works for me now on my AX gear.

UpRunTech · Fri Dec 01, 2023 10:17 pm

I just upgraded a hEX and cAPacs (with qcom-ac) to RC2. On the beta a configured CAP would show "WAP2-1" and "WAP2-2" with the suffix for the radio interface number as I used provisioning naming as "%I-". Now it shows "WAP2-" and "WAP2-2" where the 1 suffix is missing for all the WAPs.

Santi70 · Fri Dec 01, 2023 11:47 pm

I just upgraded a hEX and cAPacs (with qcom-ac) to RC2. On the beta a configured CAP would show "WAP2-1" and "WAP2-2" with the suffix for the radio interface number as I used provisioning naming as "%I-". Now it shows "WAP2-" and "WAP2-2" where the 1 suffix is missing for all the WAPs.

*) wifi - create first interface without number when using "name-format" provisioning setting;

UpRunTech · Sat Dec 02, 2023 1:30 am

Duh I missed that. OK change it back then. It's ugly and pointless.

kravemir · Sat Dec 02, 2023 7:58 am

OK change it back then. It's ugly and pointless.

Or, make it suffix-less only if there are no slaves.

Or, make it optional. With default based on, whether there are slaves or not.

With numbered WAP, it makes sense to add dash or underscore at the end to separate device number from wireless interface (SSID) number. I agree, it would result to be ugly.

However, ideally, I would like to have ability to set suffix/prefix for master and each slave explicitly. Such as "private-%I" ("%I-private") and "guest-%I" (%I-guest"). It would show up more informative in logs - connected to private/guest AP, roamed between private/guest APs.

Though, this release is great. WifiWave2 (renamed to WiFi) was brought to 802.11ac devices (ARM only). It allows people to upgrade/expand old network and keep everything under one (new) CAPsMAN. And, allows also to setup 802.11r/k/v roaming between all the devices - old ac ones, and new ax ones.

UpRunTech · Sat Dec 02, 2023 9:33 am

OK change it back then. It's ugly and pointless.
[/quote]
Though, this release is great. WifiWave2 (renamed to WiFi) was brought to 802.11ac devices (ARM only). It allows people to upgrade/expand old network and keep everything under one (new) CAPsMAN. And, allows also to setup 802.11r/k/v roaming between all the devices - old ac ones, and new ax ones.
[/quote]

Yeah I completely agree. Knowing since the beginning the ARM-AC chipsets were underutilised and underperforming and years of weird crashes requiring reboots and cranky clients has now given way to a new lease of life on the AC units. I am very, very happy with this development. I am trialling a small site with them and it's been just fine. Once this RC is done I'll try it at bigger sites. I don't expect any major issues.

foraster · Sat Dec 02, 2023 12:14 pm

Since updating a CAP AC I detected this error in the log after booting:
error while running customized default configuration script: no such item

Apparently the device is running fine (except for the lack of vlan assignment via new capsman), but how should I get rid of this error?

Is there prevision for a future release where vlan assignment will work again as expected and used to?

Regards

mkx · Sat Dec 02, 2023 1:34 pm

The error (perhaps worded slightly differently) is there for any ac device if wave2/wifi driver is installed instead of default wireless (e.g. wifiwave2 on audience). It had been reported numerous times, @rextended also pointed out exact location and proposed a solution. MT devs chose to ignore the reports though.

carl0s · Sat Dec 02, 2023 2:42 pm

Though, this release is great. WifiWave2 (renamed to WiFi) was brought to 802.11ac devices (ARM only). It allows people to upgrade/expand old network and keep everything under one (new) CAPsMAN.

True and I agree, very excited to upgrade the many cap AC and AC XL that I have installed for customers :-)

And, allows also to setup 802.11r/k/v roaming between all the devices - old ac ones, and new ax ones.

I'm not too sure about this though. With another vendor's gear, I found that some clients do not want to roam from ax to ac device (a client side issue of course). So i'm not sure mixing is a good idea. I'll try it soon anyway, maybe when Mikrotik release a wAP or a cAP that isn't the size of a frickin pizza.

kravemir · Sat Dec 02, 2023 4:18 pm

And, allows also to setup 802.11r/k/v roaming between all the devices - old ac ones, and new ax ones.
I'm not too sure about this though. With another vendor's gear, I found that some clients do not want to roam from ax to ac device (a client side issue of course). So i'm not sure mixing is a good idea. I'll try it soon anyway, maybe when Mikrotik release a wAP or a cAP that isn't the size of a frickin pizza.

I've tested it with hAP ax³ (7.12 CAPsMAN), hAP ax² (7.12 CAP) and wAP ac (7.13beta CAP). Clients do roam between all of them. I even run wAP 5GHz radio only on 40MHz width, and it works ok. Maybe, it's based on signal strength and predicted speed based on strength - i.e. slightly worse ax signal might be preferred over ac, but not heavily worse.

My goal is, that when connection to indoors ax access point is going to die, then it roams seamlessly to outdoors ac access point, without trying to hold on to poor signal to ax AP giving just 1MBit connection. This is accomplished.

(If interested, I've already shared the config for CAPsMAN and CAP in the beta thread)

Smoerrebroed · Sat Dec 02, 2023 4:25 pm

RB5009 + cAP XL ac (with CAPsMAN) work like a charm. Thank you, MikroTik!

carl0s · Sat Dec 02, 2023 4:54 pm

I'm not too sure about this though. With another vendor's gear, I found that some clients do not want to roam from ax to ac device (a client side issue of course). So i'm not sure mixing is a good idea. I'll try it soon anyway, maybe when Mikrotik release a wAP or a cAP that isn't the size of a frickin pizza.

I've tested it with hAP ax³ (7.12 CAPsMAN), hAP ax² (7.12 CAP) and wAP ac (7.13beta CAP). Clients do roam between all of them. I even run wAP 5GHz radio only on 40MHz width, and it works ok. Maybe, it's based on signal strength and predicted speed based on strength - i.e. slightly worse ax signal might be preferred over ac, but not heavily worse.

My goal is, that when connection to indoors ax access point is going to die, then it roams seamlessly to outdoors ac access point, without trying to hold on to poor signal to ax AP giving just 1MBit connection. This is accomplished.

(If interested, I've already shared the config for CAPsMAN and CAP in the beta thread)

For some reason I thought wap ac was mipsbe and couldn't get new WiFi driver. Hmm.
Anyway cool good news and thanks for sharing

maigonis · Sat Dec 02, 2023 4:57 pm

I've tested it with hAP ax³ (7.12 CAPsMAN), hAP ax² (7.12 CAP) and wAP ac (7.13beta CAP). Clients do roam between all of them. I even run wAP 5GHz radio only on 40MHz width, and it works ok. Maybe, it's based on signal strength and predicted speed based on strength - i.e. slightly worse ax signal might be preferred over ac, but not heavily worse.

My goal is, that when connection to indoors ax access point is going to die, then it roams seamlessly to outdoors ac access point, without trying to hold on to poor signal to ax AP giving just 1MBit connection. This is accomplished.

(If interested, I've already shared the config for CAPsMAN and CAP in the beta thread)
For some reason I thought wap ac was mipsbe and couldn't get new WiFi driver. Hmm.
Anyway cool good news and thanks for sharing

New version have ipq40xx soc inside.

Sat Dec 02, 2023 5:04 pm

There are 2 versions of wap ac
Mipsbe and arm.
Only arm will work with new drivers.

slackspace · Sat Dec 02, 2023 5:45 pm

Sorry if dumb question.

I have multiple CAP AC devices. Before this would run with capsman, multiple SSIDs with each SSID on their own vlan. Practically different datapaths, security, etc configured in capsman. So far i've just managed cap AX devices individually, and kept cap AC devices under capsman. So like many very excited at the possibility to manage under a single capsman going forward.

As I understand the vlans i've done via capsman no longer work if I use the new capsman under wifi with 7.13. Is this considered 'as it will be' when released, or is there efforts ongoing to bring this functionality into capsman on the wifi packagee?

Trying to understand if I should start finding a solution to this limitation, or should just hold out for future releases with that functionality.

carl0s · Sat Dec 02, 2023 6:13 pm

Sorry if dumb question.

I have multiple CAP AC devices. Before this would run with capsman, multiple SSIDs with each SSID on their own vlan. Practically different datapaths, security, etc configured in capsman. So far i've just managed cap AX devices individually, and kept cap AC devices under capsman. So like many very excited at the possibility to manage under a single capsman going forward.

As I understand the vlans i've done via capsman no longer work if I use the new capsman under wifi with 7.13. Is this considered 'as it will be' when released, or is there efforts ongoing to bring this functionality into capsman on the wifi packagee?

Trying to understand if I should start finding a solution to this limitation, or should just hold out for future releases with that functionality.

You can still do that. The configuration on the cap side is a bit special but that only matters if you are configuring yourself instead of caps-mode defaults (I posted about my difficulties getting this working, but got there in the end). I did struggle a bit though and an not super eager to have to do it again without more practice so I remember better .

rpingar · Sat Dec 02, 2023 6:33 pm

in the case of very big routing table (~5M ripv4 prefixes), in winbox when you open the window "ip route" to search a perfix,
the route print command never stops, also after showing the searched prefix, saturates indefinitely one cpu core, like it never stops to fetch the routing table. The cpu core remain at 100% also if you close the ip route window or even when you close winbox.

This cause a very slow bgp advertisment process and routing table update.

Instead of winbox ip route, if you use console, the command is executed and closed correctly, and one cpu core go to 100% just for the time it needs to seatch the prefix. So be very carefull to use winbox ip route.

SUP-133971 tracks this issue.
regards

Network5 · Sun Dec 03, 2023 1:27 am

Yes, this is an old issue with big routing tables. There are also some other issues as searching by a community or blackhole routes or whatever. Not all routes are displayed. Same behaviour in CLI or in Winbox.
They are already working on it.

emunt6 · Sun Dec 03, 2023 2:51 pm

RouterOS version 7.13rc has been released on the "v7 testing" channel!

Notice - Starting from RouterOS version 7.13, significant changes have been made to the RouterOS wireless packages. This is done due to a new product developemnt which will require more disk space for hardware drivers so we had to split it in order to maintain old products alongside the new ones. More wireless packages are yet to come.

That's why you using 16MB flash, later you regretting it. :D
Why not use internal M2/USB port for storage in all products? (as other vendors doing it)

bommi · Sun Dec 03, 2023 8:09 pm

I have one issue with my cap ax wifi which is controlled by my capsman controller on my hex s.
Some devices aren't placed in the correct vlan. In this screenshot you can see two devices which are connected to the same interface / ssid:

Screenshot_20231203_190437.png

One device got placed into the correct vlan-id and the other got no vlan-id.
Just WPA2-PSK without any dynamic vlan assignment.

This issue only happens on my cap ax, my hap ax2 fine.
Also this only happens on exactly this ssid, the two other ssids are not affected.

Sun Dec 03, 2023 8:40 pm

Start new thread with export of your config on hex and cap ax.

teleport · Sun Dec 03, 2023 9:11 pm

heavy memory leak on the rc2 on rb450gx4. within 4 hours, 1gb ram became 450MB available (from typical 920MB available)

bommi · Sun Dec 03, 2023 10:08 pm

I have one issue with my cap ax wifi which is controlled by my capsman controller on my hex s.
Some devices aren't placed in the correct vlan. In this screenshot you can see two devices which are connected to the same interface / ssid:
Screenshot_20231203_190437.png

One device got placed into the correct vlan-id and the other got no vlan-id.
Just WPA2-PSK without any dynamic vlan assignment.

This issue only happens on my cap ax, my hap ax2 fine.
Also this only happens on exactly this ssid, the two other ssids are not affected.

A downgrade to 7.13beta3 on the cap ax "fixed" it for now.
All devices in this ssid are now in the correct vlan again.

oeyre · Mon Dec 04, 2023 5:25 am

Cross posting from SUP-134528:

Should the OSPF logging issues be fixed now, or still a work in progress?

Loaded 7.13rc2 and I am still seeing the following:
received wrong LS Ack for opaque-area
received wrong LS Ack for router

marlab · Mon Dec 04, 2023 9:57 am

yeah OSFP routing stopped working correctly with 7.13rc2 :/

The routing table is populated as usual, but packets are not routed (tested on ax3)

osc86 · Mon Dec 04, 2023 2:12 pm

no issues with ospf in 7.13rc2. Have it running on 2 separate installations, rather small topology, but routing and route exchange works.

mfrey · Mon Dec 04, 2023 4:31 pm

Thanks for adding :deserialize. This is really useful for interacting with REST-Interfaces. I was already able to implement a scheduled auto-login for an annoying AP with a captive portal.

Also can't wait for migrating my cAP acs to wave2 once 7.13 is out, it's looking promising on my testing ac3.

mfrey · Mon Dec 04, 2023 5:08 pm

RouterOS crashes when I am importing a WireGuard config file.

erlinden · Mon Dec 04, 2023 5:15 pm

Can you share the config file (without any keys)?

mfrey · Mon Dec 04, 2023 5:37 pm

Here you go:

# 12: 12 > wgclient_12.conf
[Interface]
Address = 10.255.2.12/24
DNS = 10.255.2.1
PrivateKey = 0C7w3meByHk1VQ2mu9QnbiUtcWdH2joB/aJFateQ6UE=
MTU = 1280

[Peer]
PublicKey = lVaGrM7TX/H1yPG5ZuwJvclWtaE+a1XwWYeS5to/CwU=
PresharedKey = 6AZ6Mvl+z1L2eKgifQrsi/tWPSN+mcsO+QjSmwTSJUs=
AllowedIPs = 10.255.2.0/24, 192.168.0.0/16
Endpoint = my-endpoint:51820
PersistentKeepalive = 25

I've generated the keys for this example.

eworm · Mon Dec 04, 2023 7:07 pm

Possibly an address clash? You habe 10.255.2.0/24 for interface and allowed-ips inside the tunnel.

sirbryan · Mon Dec 04, 2023 8:12 pm

Pardon the "me too" post, but I observed an OSPF regression between 7.13Beta 2 and 7.13RC2. The beta ran fine on my home/office CCR2116 for a number of days (a week or two I believe). Loaded the RC for a few minutes (it peers via OSPF and BGP to the core of my ISP network) and adjacencies kept bouncing. Unfortunately it wasn't at a time where I could grab a supout to submit; I quickly had to switch partitions back to 7.12 to get things up and running.

macsrwe · Mon Dec 04, 2023 9:11 pm

Have you very smart people any idea what program is doing this, yes this is a pc in laddys room!
Yes I have now disabled SSH

13:19:26 system,error,critical login failure for user  from 192.168.0.188 via ssh
 13:19:26 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:27 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:27 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:27 system,error,critical login failure for user  from 192.168.0.188 via ssh
 13:19:27 system,error,critical login failure for user MikroTikSystem from 192.168.0.188 via ssh
 13:19:27 system,error,critical login failure for user dircreate from 192.168.0.188 via ssh
 13:19:28 system,error,critical login failure for user EServicios from 192.168.0.188 via ssh
 13:19:28 system,error,critical login failure for user SolucTec from 192.168.0.188 via ssh
 13:19:28 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:28 system,error,critical login failure for user root from 192.168.0.188 via ssh
 13:19:28 system,error,critical login failure for user user from 192.168.0.188 via ssh
 13:19:29 system,error,critical login failure for user sysadm from 192.168.0.188 via ssh
 13:19:29 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:29 system,error,critical login failure for user meo from 192.168.0.188 via ssh
 13:19:29 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:29 system,error,critical login failure for user  from 192.168.0.188 via ssh
 13:19:30 system,error,critical login failure for user guest from 192.168.0.188 via ssh
 13:19:30 system,error,critical login failure for user root from 192.168.0.188 via ssh
 13:19:30 system,error,critical login failure for user ubnt from 192.168.0.188 via ssh
 13:19:30 system,error,critical login failure for user Admin from 192.168.0.188 via ssh
 13:19:30 system,error,critical login failure for user root from 192.168.0.188 via ssh
 13:19:30 system,error,critical login failure for user root from 192.168.0.188 via ssh
 13:19:31 system,error,critical login failure for user Admin from 192.168.0.188 via ssh
 13:19:31 system,error,critical login failure for user root from 192.168.0.188 via ssh
 13:19:31 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:31 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:32 system,error,critical login failure for user Administrator from 192.168.0.188 via ssh
 13:19:32 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:32 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:32 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:32 system,error,critical login failure for user vodafone from 192.168.0.188 via ssh
 13:19:32 system,error,critical login failure for user Administrator from 192.168.0.188 via ssh
 13:19:32 system,error,critical login failure for user root from 192.168.0.188 via ssh
 13:19:33 system,error,critical login failure for user webadmin from 192.168.0.188 via ssh
 13:19:33 system,error,critical login failure for user user from 192.168.0.188 via ssh
 13:19:33 system,error,critical login failure for user Admin from 192.168.0.188 via ssh
 13:19:33 system,error,critical login failure for user administrator from 192.168.0.188 via ssh
 13:19:33 system,error,critical login failure for user sysadmin from 192.168.0.188 via ssh
 13:19:34 system,error,critical login failure for user guest from 192.168.0.188 via ssh
 13:19:34 system,error,critical login failure for user manager from 192.168.0.188 via ssh
 13:19:34 system,error,critical login failure for user tech from 192.168.0.188 via ssh
 13:19:34 system,error,critical login failure for user admin2 from 192.168.0.188 via ssh
 13:19:34 system,error,critical login failure for user login from 192.168.0.188 via ssh
 13:19:35 system,error,critical login failure for user admim from 192.168.0.188 via ssh
 13:19:35 system,error,critical login failure for user support from 192.168.0.188 via ssh
 13:19:35 system,error,critical login failure for user root from 192.168.0.188 via ssh
 13:19:35 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:36 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:36 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:36 system,error,critical login failure for user root from 192.168.0.188 via ssh
 13:19:36 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:36 system,error,critical login failure for user admin from 192.168.0.188 via ssh
 13:19:37 system,error,critical login failure for user root from 192.168.0.188 via ssh

Yes, this is malware. I came across it something like ten years ago on a few customer PCs when I was running our WISP. Common AV packages including Malwarebytes could not detect it, and since it was on the customers' PCs, I was not able to take it into the shop for a deep dive.

macsrwe · Mon Dec 04, 2023 9:16 pm

Question about the wifiwave2 repartitioning:

Is any of this going to fix the issue where on an Audience, you can get WPA3 or you can get meshing, but you can't get both?

If not, is it because the task is impossible due to hardware/protocol limitations, or possible but just not coded for?

mkx · Mon Dec 04, 2023 9:17 pm

I don't think wifi driver repartitioning will help with meshing+WPA3 in any way.

ivicask · Mon Dec 04, 2023 9:40 pm

I still have memory leaks even on 7.13RC2(over 500mb a day)
SUP-136530

YO3IPT · Mon Dec 04, 2023 10:20 pm

Question about the wifiwave2 repartitioning:

Is any of this going to fix the issue where on an Audience, you can get WPA3 or you can get meshing, but you can't get both?

If not, is it because the task is impossible due to hardware/protocol limitations, or possible but just not coded for?

It's something that i am also interested in. Support for WDS meshing should be on MikroTik's priority list for the new Wifi package, especially for the Audience use-case. In my opinion it could be possible, since in 7.12 there is already support for station-bridge mode, so the "road" is pretty much laid out in front. That being said, you could do a workaround for the mesh setup, using a PtMP topology where you select a well placed (centrally placed) device in AP mode and the other satellites in station-bridge mode.
Let's hope that MikroTik is working on a mesh topology solution for Wifi...

All the best!

mfrey · Mon Dec 04, 2023 10:38 pm

Possibly an address clash? You habe 10.255.2.0/24 for interface and allowed-ips inside the tunnel.

That should be no problem. The config is auto-generated by a script, so it should be fine.

And even if it was invalid, the router crashing is certainly not the right way to tell me that.

Amm0 · Mon Dec 04, 2023 10:59 pm

Possibly an address clash? You habe 10.255.2.0/24 for interface and allowed-ips inside the tunnel.
That should be no problem. The config is auto-generated by a script, so it should be fine.

And even if it was invalid, the router crashing is certainly not the right way to tell me that.

You should file a support ticket with a supout.rif from router, that should have details on the crash for Mikrotik. It could be the line endings, or the "#" comment...dunno, but agree it shouldn't crash

caleb20003 · Tue Dec 05, 2023 7:19 am

FYI
I did this upgrade to my rb5009 which is capsman to some wifiwave2 devices as well. I had recently added Adguard Container and when I did the upgrade the container didnt work anymore despite still running, couldnt ping it. So I had a DNS issue that took me a while to fix (forgot about the Nat settings!!) before eventually going to my backup DNS which I run on my Nas or even cloudflare. On top of that though the router itself was really really slow, even typing in a terminal took ages.
Resources on the device appeared normal so not sure what it was.
It was enough for me to roll back to 7.12 stable I won't be going near it until it comes out of test but even then I will need to be sure before going ahead as it didnt seem to recognise my Cap devices as they werent upgraded and as my client pc was running via one of them this created an initial issue. I will need to devise a good procedure for the next upgrade as I need the caps (Hap-ax2s and a Audience) to be able to work immediately.

Tue Dec 05, 2023 9:08 am

I upgraded my RB5009 last friday, also acting as capsman, incl AX2 and AX3.
On that RB5009 are also some containers running (amongst them PiHole).
I had zero problems with that upgrade.

One exception: upgrade via capsman of the cap devices was not possible until I specified an upgrade path and the necessary files on RB5009.
This is a consequence of the split of wireless drivers from the base package so on itself logical.

alexv87 · Wed Dec 06, 2023 1:29 am

Seems to be missing EAP Method Passthrough option.

SwissMT · Wed Dec 06, 2023 8:03 am

iPad-App don't show the "old" Wireless entries. The new "WiFi" is displayed but it seems not the "old" one.

Wed Dec 06, 2023 9:14 am

wg import will be fixed in upcoming releases.

rpingar · Wed Dec 06, 2023 9:33 am

with 7.13rc2 on CCR2216, with ipv4 HWl3 offload and bgp routing, lead to unexpected reboot without any log or autosupout, we had to downgrade to 7.12.1

asoroka · Wed Dec 06, 2023 11:42 am

When the problem with the absence of the following path attributes in bgp update will be fixed:
1. EXTENDED_COMMUNITIES
2. MP_REACH_NLRI
The problem affects only routers based on the ARM64 architecture.

Ullinator · Wed Dec 06, 2023 12:19 pm

with 7.13rc2 on CCR2216, with ipv4 HWl3 offload and bgp routing, lead to unexpected reboot without any log or autosupout, we had to downgrade to 7.12.1

Same behaviour for me with a CCR2004-1G12S+2XS
Yesterday during a video call the router spontaneus rebootet triggered by watchdog, what he never did in the past. It was the absolut first time he did it.
SUP-136647 open.

clambert · Wed Dec 06, 2023 12:48 pm

When the problem with the absence of the following path attributes in bgp update will be fixed:
1. EXTENDED_COMMUNITIES
2. MP_REACH_NLRI
The problem affects only routers based on the ARM64 architecture.

You should ask Support.

asoroka · Wed Dec 06, 2023 1:05 pm

When the problem with the absence of the following path attributes in bgp update will be fixed:
1. EXTENDED_COMMUNITIES
2. MP_REACH_NLRI
The problem affects only routers based on the ARM64 architecture.
You should ask Support.

I have opened appeal SUP-136441. There is a feeling that their support system simply cannot withstand such a load. Maybe they need to fix the problems in sections? And do not take on everything at once, which leads to a large number of problems and customer dissatisfaction.

carl0s · Wed Dec 06, 2023 3:29 pm

Is there any chance that the Cube 60Pro AC might get to use WiFi-qcom just for the wifi side of it, and leaving whatever is needed to keep the 60G working?
Since it is ARM.
and might be nice to have wave2 performance on the backup ac-wifi.

caleb20003 · Thu Dec 07, 2023 4:09 am

I upgraded my RB5009 last friday, also acting as capsman, incl AX2 and AX3.
On that RB5009 are also some containers running (amongst them PiHole).
I had zero problems with that upgrade.

One exception: upgrade via capsman of the cap devices was not possible until I specified an upgrade path and the necessary files on RB5009.
This is a consequence of the split of wireless drivers from the base package so on itself logical.

Interesting that we have a similar setup and different experience. I suspect it was the failure of the Adguard container that possibly caused all the slowness but nothing in logs, I need to revisit that component next time.

tafkamax · Thu Dec 07, 2023 11:29 am

When will they fix MLAG?

Ullinator · Thu Dec 07, 2023 11:34 am

When will they fix MLAG?

Sorry, but this is a pointless post.
No one can help you here without information about what is not working with MLAG, nor what your config looks like :-/

tafkamax · Thu Dec 07, 2023 11:35 am

When will they fix MLAG?
Sorry, but this is a pointless post.
No one can help you here without information about what is not working with MLAG, nor what your config looks like :-/

viewtopic.php?p=1040526#p1040526

Guscht · Thu Dec 07, 2023 1:15 pm

Regarding MLAG: MT is an excellent Router vendor, but they make lousy Switches. Use another vendor (like FS, D-Link...) for device-overlapping aggregation-groups. MT screwed that in such an overcomplicated way up, it seems they (itself) are unabled to fix it. Same with the "Loopback Detection", not fixable, just screwed up... my ticket is open for months.

tafkamax · Thu Dec 07, 2023 1:24 pm

Regarding MLAG: MT is an excellent Router vendor, but they make lousy Switches. Use another vendor (like FS, D-Link...) for device-overlapping aggregation-groups. MT screwed that in such an overcomplicated way up, it seems they (itself) are unabled to fix it. Same with the "Loopback Detection", not fixable, just screwed up... my ticket is open for months.

I am thinking of FS currently yes as an alternative. Unfortunately I did not do enough research into this and I was saying oh we can get MLAG for cheap to my boss.

Thu Dec 07, 2023 2:08 pm

What's new in 7.13rc3 (2023-Dec-06 17:16):

*) console - fixed memory leak (introduced in v7.13beta1);
*) defconf - fixed wireless band and channel-width selection (introduced in v7.12);
*) iot - fixed incorrect LoRa ACK packet handling during downlink messaging (introduced in v7.12);
*) qos-hw - added initial congestion avoidance support for 98DX224S, 98DX226S, and 98DX3236 switch chips (CLI only);
*) sfp - fixed link establishment with S+DA0001 DAC cables;
*) sfp - improved link establishment for SFP copper modules;
*) wireless - keep configuration after manual package removal;

eworm · Thu Dec 07, 2023 2:11 pm

What's new in 7.13rc3 (2023-Dec-06 17:16):

On hAP ac² with wifi-qcom-ac I have:

2023-12-07 13:02:57 system,error,critical error while running customized default configuration script: no such item
2023-12-07 13:02:57 system,error,critical
2023-12-07 13:03:33 system,error,critical error while running customized default configuration script: invalid internal item number
2023-12-07 13:03:33 system,error,critical

ToTheFull · Thu Dec 07, 2023 2:26 pm

hAP ax2

2023-12-07 12:20:13 system,error,critical error while running customized default
 configuration script: no such item
2023-12-07 12:20:13 system,error,critical

No such error on cAP ax

Still no power correction for the UK

interface/wifi/monitor 0,1,2,3                            
                 state: running      running running      running
               channel: 5500/ax/Ceee 2412/ax 5745/ax/Ceee 2462/ax
      registered-peers: 0            0       2            1
      authorized-peers: 0            0       2            1
              tx-power: 22           14      9            15
    available-channels: 5500/ax/Ceee 2412/ax 5745/ax/Ceee 2462/a

erlinden · Thu Dec 07, 2023 2:28 pm

What previous RouterOS version where you running, @eworm?

eworm · Thu Dec 07, 2023 2:29 pm

What previous RouterOS version where you running, @eworm?

RouterOS 7.13rc2, without errors.

rextended · Fri Dec 08, 2023 12:57 am

Is the same error on RouterOS source code, that I report various times, with the exact position and fix, completely ignored.
Someone also remember it...
viewtopic.php?t=201989#p1039584
It seems that only users on the forum can read what I write, the MikroTik staff cannot.

Already reported for 7.5, 7.6, 7.9rc, 7.2.2, 7.11.2
viewtopic.php?t=198641#p1022672

Fri Dec 08, 2023 7:51 am

Error about defconf generation process is just an outcome of many possible reasons. Simply "hey, there was some kind of error". As you can see in changelogs, defconf is updated quite often. This error only says "there was something wrong here". It is not a single issue. Quite often also it is possible to get such an error, for example, on 1/100 specific model devices simply because loading the system took a longer time, etc. We are looking into this and trying to figure out what kind of issue (or issues) it is this time. As always - proper way how to report bugs is through support@mikrotik.com. This is a user forum where simply MikroTik employees also like to be present.

Fri Dec 08, 2023 8:39 am

Rextended please stop posting with such confidence if you are not sure what you are talking about. "Is the same error on RouterOS source code" is wrong.

eworm · Fri Dec 08, 2023 9:46 am

The "error while running customized default configuration script" did not occur on next reboot... So not opening an issue for now.

Amm0 · Fri Dec 08, 2023 10:04 am

Error about defconf generation process is just an outcome of many possible reasons.

Is it even defconf? In @eworm case, it sounds like it was after a version upgrade...not the /system/default-configuration. Maybe it's crossfig (or whatever does config upgrade) since that only happen once too... If that's case, then the error message is kinda lousy (e.g. it's not the "default", but "current" config, that failed to upgrade).

eworm · Fri Dec 08, 2023 10:14 am

That's my understanding of the issue, yes. But as we do not have the crossfig script code we can not verify...

But adding one note here... My wifi interface do not have default names, I renamed all of them. Perhaps that's a problem?

[eworm@MikroTik] > /interface/wifi/print proplist=name,default-name  where default-name 
Flags: M - MASTER; B - BOUND; R - RUNNING
Columns: NAME, DEFAULT-NAME
 #     NAME        DEFAULT-NAME
 6 MB  wl2-intern  wifi1       
15 MBR wl5-intern  wifi2

Code like this should always work with the default-name property...

ToTheFull · Fri Dec 08, 2023 10:39 am

That's my understanding of the issue, yes. But as we do not have the crossfig script code we can not verify...

But adding one note here... My wifi interface do not have default names, I renamed all of them. Perhaps that's a problem?
Code: Select all
[eworm@MikroTik] > /interface/wifi/print proplist=name,default-name  where default-name 
Flags: M - MASTER; B - BOUND; R - RUNNING
Columns: NAME, DEFAULT-NAME
 #     NAME        DEFAULT-NAME
 6 MB  wl2-intern  wifi1       
15 MBR wl5-intern  wifi2
Code like this should always work with the default-name property...

I've not renamed mine just to let you know, Also I've not seen a repeat of the error after rebooting mine either.

ToTheFull · Fri Dec 08, 2023 10:40 am

Error about defconf generation process is just an outcome of many possible reasons. Simply "hey, there was some kind of error". As you can see in changelogs, defconf is updated quite often. This error only says "there was something wrong here". It is not a single issue. Quite often also it is possible to get such an error, for example, on 1/100 specific model devices simply because loading the system took a longer time, etc. We are looking into this and trying to figure out what kind of issue (or issues) it is this time. As always - proper way how to report bugs is through support@mikrotik.com. This is a user forum where simply MikroTik employees also like to be present.

Thanks for your thoughts Strods.

Fri Dec 08, 2023 3:24 pm

Hopefully, we have managed to reproduce the same problem with "defconf" generation for AX routers. It is a cosmetic, harmless issue that can occur randomly on any upgrade/downgrade, package installation/removal. We will try to fix it in upcoming RouterOS releases. The error has nothing to do with 7.13 (if you see it on AX router).

fragtion · Fri Dec 08, 2023 3:35 pm

Why are these newer builds no longer being posted to https://t.me/mikrotik_build (Telegram) and https://twitter.com/mikrotik_build (Twitter)? I am subscribed to notifications there so I get alerted the moment a new release occurs, but have received no notifications for a few weeks now (several builds)... Please fix..! :-)

izytech · Fri Dec 08, 2023 4:14 pm

I the new version of capsman, how do we connect a datapath to a vlan in a bridge? I get the following error and its documented, but I don seem to get any traffic trough by adding wifi interface a a bridge port or using the interface list option.

;;; client was disconnected because could not assign VLAN, maximum VLAN count for interface was reached

/interface wifi channel
add disabled=no name=channel1
/interface wifi datapath
add bridge=bridge disabled=no name=datapath1 vlan-id=22
/interface wifi configuration
add channel=channel1 country=Sweden datapath=datapath1 datapath.bridge=bridge .interface-list=datapath-home disabled=no mode=ap name=cfg1 ssid=test
/interface wifi cap
set enabled=yes
/interface wifi capsman
set enabled=yes interfaces=vlan0025 package-path=/firmware require-peer-certificate=no upgrade-policy=require-same-version
/interface wifi provisioning
add action=create-dynamic-enabled disabled=no master-configuration=cfg1 name-format=%I-%r

ToTheFull · Fri Dec 08, 2023 5:21 pm

Hopefully, we have managed to reproduce the same problem with "defconf" generation for AX routers. It is a cosmetic, harmless issue that can occur randomly on any upgrade/downgrade, package installation/removal. We will try to fix it in upcoming RouterOS releases. The error has nothing to do with 7.13 (if you see it on AX router).

Thanks for the update Strods.
Please keep it comming like you are guys. 7.13RC3 for my hAP ax2 is blazing..... on fire.
Thanks Team it's getting their!

Tests over WiFi to prove it should anybody wish to take a look.

Name                   : WiFi
    Description            : Intel(R) Wi-Fi 6E AX210 160MHz
    GUID                   : 
    Physical address       : a0:80
    Interface type         : Primary
    State                  : connected
    SSID                   : 02
    BSSID                  : 18:fd
    Network type           : Infrastructure
    Radio type             : 802.11ax
    Authentication         : WPA2-Personal
    Cipher                 : CCMP
    Connection mode        : Auto Connect
    Band                   : 5 GHz
    Channel                : 36
    Receive rate (Mbps)    : 1201
    Transmit rate (Mbps)   : 1201
    Signal                 : 87%
    Profile                : 02

Flags: A - AUTHORIZED
Columns: INTERFACE, SSID, MAC-ADDRESS, UPTIME, SIGNAL
#   INTERFACE  SSID     MAC-ADDRESS        UPTIME     SIGNAL
0 A wifi2           01  C0:4A:XX:XX:XX:XX  22h4m55s   -52   
1 A wifi1           02  A0:80:XX:XX:XX:XX  22h4m51s   -46   
2 A wifi1           02  84:2A:XX:XX:XX:XX  22h4m43s   -55   
3 A cap-wifi2       01  60:6B:XX:XX:XX:XX  21h37m18s  -66   
4 A wifi2           01  1C:56:XX:XX:XX:XX  17h8m35s   -38   
5 A cap-wifi1       01  AE:6B:XX:XX:XX:XX  16h57m54s  -49   
6 A cap-wifi1       01  6C:A1:XX:XX:XX:XX  16h26m14s  -58   
7 A wifi1           02  7E:40:XX:XX:XX:XX  2h7m48s    -53  




 status: done
      time-remaining: 0s
    ping-min-avg-max: 1.73ms / 2.20ms / 3.11ms
  jitter-min-avg-max: 1us / 165us / 844us
                loss: 0% (0/200)
        tcp-download: 907Mbps local-cpu-load:86%
          tcp-upload: 923Mbps local-cpu-load:40% remote-cpu-load:0%



              status: udp download
      time-remaining: 18s
    ping-min-avg-max: 1.73ms / 2.22ms / 3.13ms
  jitter-min-avg-max: 2us / 156us / 857us
                loss: 0% (0/200)
        tcp-download: 923Mbps local-cpu-load:85%
          tcp-upload: 895Mbps local-cpu-load:42% remote-cpu-load:0%


              status: udp download
      time-remaining: 17s
    ping-min-avg-max: 1.78ms / 2.24ms / 3.31ms
  jitter-min-avg-max: 1us / 146us / 1.07ms
                loss: 0% (0/200)
        tcp-download: 874Mbps local-cpu-load:82%
          tcp-upload: 919Mbps local-cpu-load:41% remote-cpu-load:0%

                                           My traceroute  [v0.95]
Holy-moly (172.28.106.170) -> pingbox1.thinkbroadband.com (80.249.99.164)            2023-12-08T11:28:34+0000
Keys:  Help   Display mode   Restart statistics   Order of fields   quit
                                                                  Packets               Pings
 Host                                                           Drop   Rcv    Avg Gmean Jttr Javg Jmax Jint
 1. 172.28.96.1                                                    0    52    0.4   0.4  0.0  0.1  0.2  0.6
 2. 192.168.0.254                                                  0    52    2.5   2.5  0.3  0.2  0.6  3.0
 3. (waiting for reply)
 4. 80.3.67.129                                                    0    52   12.3  11.8  0.2  2.8 30.7 48.7
 5. (waiting for reply)
 6. 62.254.42.174                                                  6    46   15.4  15.1  0.3  2.9 18.9 45.0
 7. (waiting for reply)
 8. 84.116.136.98                                                  0    52   14.9  14.7  3.4  1.9 19.9 29.5
 9. 129.250.66.101                                                 0    52   15.6  15.3  4.7  2.8 17.2 42.7
10. 129.250.3.214                                                  1    50   17.3  16.6  0.7  4.6 25.3 76.7
11. 129.250.3.251                                                  0    52   16.2  15.7 15.8  3.8 25.8 50.4
12. 192.80.16.146                                                  0    51   15.5  15.3  2.1  2.0 10.5 36.7
13. 80.249.97.72                                                   0    51   15.9  15.7  1.8  2.4 15.3 50.2
14. 80.249.97.90                                                   0    51   15.5  15.4  1.0  1.5  8.9 18.4
15. 80.249.99.164                                                  0    51   15.6  15.6  2.0  1.1  5.8 15.1


====== WAVEFORM.COM BUFFERBLOAT TEST RESULTS====== 

Test Version,1.0.8
Test 
Unix 

====== RESULTS SUMMARY ====== 
Bufferbloat Grade,A+

====== RESULTS SUMMARY ====== 
Mean Unloaded Latency (ms),17.3
Increase In Mean Latency During Download Test (ms),2.83
Increase In Mean During Upload Test (ms),0

Download speed (Mbps),242.979
Upload speed (Mbps),24.113

====== LATENCY TEST DETAIL ====== 
Unloaded - Median Latency (ms),15.96
Unloaded - 95th %ile Latency (ms),25.54
Unloaded - Mean Latency (ms),17.3
During Download - Median Latency (ms),18.73
During Download - 95th %ile Latency (ms),34.57
During Download - Mean Latency (ms),20.13
During Upload - Median Latency (ms),15.11
During Upload - 95th %ile Latency (ms),20.59
During Upload - Mean Latency (ms),15.65

===== BUFFERBLOAT IMPACT ====== 
Web Browsing,PASS,PASS
Audio Calls,PASS,PASS
4K Video Streaming,PASS,PASS
Video Conferencing,PASS,PASS
Low Latency Gaming,PASS,PASS

ips · Fri Dec 08, 2023 7:18 pm

Tests over WiFi to prove it should anybody wish to take a look.

Name                   : WiFi
    Description            : Intel(R) Wi-Fi 6E AX210 160MHz
    GUID                   : 
    Physical address       : a0:80
    Interface type         : Primary
    State                  : connected
    SSID                   : 02
    BSSID                  : 18:fd
    Network type           : Infrastructure
    Radio type             : 802.11ax
    Authentication         : WPA2-Personal
    Cipher                 : CCMP
    Connection mode        : Auto Connect
    Band                   : 5 GHz
    Channel                : 36
    Receive rate (Mbps)    : 1201
    Transmit rate (Mbps)   : 1201
    Signal                 : 87%
    Profile                : 02

Flags: A - AUTHORIZED
Columns: INTERFACE, SSID, MAC-ADDRESS, UPTIME, SIGNAL
#   INTERFACE  SSID     MAC-ADDRESS        UPTIME     SIGNAL
0 A wifi2           01  C0:4A:XX:XX:XX:XX  22h4m55s   -52   
1 A wifi1           02  A0:80:XX:XX:XX:XX  22h4m51s   -46   
2 A wifi1           02  84:2A:XX:XX:XX:XX  22h4m43s   -55   
3 A cap-wifi2       01  60:6B:XX:XX:XX:XX  21h37m18s  -66   
4 A wifi2           01  1C:56:XX:XX:XX:XX  17h8m35s   -38   
5 A cap-wifi1       01  AE:6B:XX:XX:XX:XX  16h57m54s  -49   
6 A cap-wifi1       01  6C:A1:XX:XX:XX:XX  16h26m14s  -58   
7 A wifi1           02  7E:40:XX:XX:XX:XX  2h7m48s    -53  




 status: done
      time-remaining: 0s
    ping-min-avg-max: 1.73ms / 2.20ms / 3.11ms
  jitter-min-avg-max: 1us / 165us / 844us
                loss: 0% (0/200)
        tcp-download: 907Mbps local-cpu-load:86%
          tcp-upload: 923Mbps local-cpu-load:40% remote-cpu-load:0%



              status: udp download
      time-remaining: 18s
    ping-min-avg-max: 1.73ms / 2.22ms / 3.13ms
  jitter-min-avg-max: 2us / 156us / 857us
                loss: 0% (0/200)
        tcp-download: 923Mbps local-cpu-load:85%
          tcp-upload: 895Mbps local-cpu-load:42% remote-cpu-load:0%


              status: udp download
      time-remaining: 17s
    ping-min-avg-max: 1.78ms / 2.24ms / 3.31ms
  jitter-min-avg-max: 1us / 146us / 1.07ms
                loss: 0% (0/200)
        tcp-download: 874Mbps local-cpu-load:82%
          tcp-upload: 919Mbps local-cpu-load:41% remote-cpu-load:0%

                                           My traceroute  [v0.95]
Holy-moly (172.28.106.170) -> pingbox1.thinkbroadband.com (80.249.99.164)            2023-12-08T11:28:34+0000
Keys:  Help   Display mode   Restart statistics   Order of fields   quit
                                                                  Packets               Pings
 Host                                                           Drop   Rcv    Avg Gmean Jttr Javg Jmax Jint
 1. 172.28.96.1                                                    0    52    0.4   0.4  0.0  0.1  0.2  0.6
 2. 192.168.0.254                                                  0    52    2.5   2.5  0.3  0.2  0.6  3.0
 3. (waiting for reply)
 4. 80.3.67.129                                                    0    52   12.3  11.8  0.2  2.8 30.7 48.7
 5. (waiting for reply)
 6. 62.254.42.174                                                  6    46   15.4  15.1  0.3  2.9 18.9 45.0
 7. (waiting for reply)
 8. 84.116.136.98                                                  0    52   14.9  14.7  3.4  1.9 19.9 29.5
 9. 129.250.66.101                                                 0    52   15.6  15.3  4.7  2.8 17.2 42.7
10. 129.250.3.214                                                  1    50   17.3  16.6  0.7  4.6 25.3 76.7
11. 129.250.3.251                                                  0    52   16.2  15.7 15.8  3.8 25.8 50.4
12. 192.80.16.146                                                  0    51   15.5  15.3  2.1  2.0 10.5 36.7
13. 80.249.97.72                                                   0    51   15.9  15.7  1.8  2.4 15.3 50.2
14. 80.249.97.90                                                   0    51   15.5  15.4  1.0  1.5  8.9 18.4
15. 80.249.99.164                                                  0    51   15.6  15.6  2.0  1.1  5.8 15.1


====== WAVEFORM.COM BUFFERBLOAT TEST RESULTS====== 

Test Version,1.0.8
Test 
Unix 

====== RESULTS SUMMARY ====== 
Bufferbloat Grade,A+

====== RESULTS SUMMARY ====== 
Mean Unloaded Latency (ms),17.3
Increase In Mean Latency During Download Test (ms),2.83
Increase In Mean During Upload Test (ms),0

Download speed (Mbps),242.979
Upload speed (Mbps),24.113

====== LATENCY TEST DETAIL ====== 
Unloaded - Median Latency (ms),15.96
Unloaded - 95th %ile Latency (ms),25.54
Unloaded - Mean Latency (ms),17.3
During Download - Median Latency (ms),18.73
During Download - 95th %ile Latency (ms),34.57
During Download - Mean Latency (ms),20.13
During Upload - Median Latency (ms),15.11
During Upload - 95th %ile Latency (ms),20.59
During Upload - Mean Latency (ms),15.65

===== BUFFERBLOAT IMPACT ====== 
Web Browsing,PASS,PASS
Audio Calls,PASS,PASS
4K Video Streaming,PASS,PASS
Video Conferencing,PASS,PASS
Low Latency Gaming,PASS,PASS

What kind of test is it?

kravemir · Fri Dec 08, 2023 8:34 pm

What kind of test is it?

BufferBloat test is for testing of Quality of Service - clients (or connections), that are trying to eat all the bandwidth of specific resource, shouldn't harm latency of other clients (or connections).

This is even normal daily use scenario, because if someone is downloading 12GB big OS upgrade, then it shouldn't harm quality of meetings (or gaming) for other people.

vovan700i · Fri Dec 08, 2023 9:25 pm

Hi,

Would like to note that the bug with non-working mangle mark routing rules with VxLAN described by esipoko in April and by me in December is still in place as of 7.13rc3. Wish it could be fixed in 7.13 stable. SUP-136716

rextended · Sat Dec 09, 2023 1:13 am

glat · Sat Dec 09, 2023 10:39 am

I the new version of capsman, how do we connect a datapath to a vlan in a bridge? I get the following error and its documented, but I don seem to get any traffic trough by adding wifi interface a a bridge port or using the interface list option.

;;; client was disconnected because could not assign VLAN, maximum VLAN count for interface was reached

Is this about an AC with new drivers? I've same behaviour, but only by using a WAP AC and wifi-qcom-ac. The AX2 is working right.

kreb · Sat Dec 09, 2023 11:28 am

Any reported wireguard problems?

herbrico · Sat Dec 09, 2023 11:42 am

ROS 7.13rc3 Wireguard stop working after 2-3 or 4 hours, need to reboot router to work again. Disable wg tunnel or peer do not help.

kreb · Sat Dec 09, 2023 12:53 pm

CCR2116, WireGuard isn't working, replaced it with ZeroTier, in details:
- delete and re-add the peer may solve the problem but once you disconnect you can't connect back.
- It shows 94bytes received, 'Handshake did not complete after 5 seconds'
- Same behavior on iPhone, iPad, Windows and MacOS
- This problem is only on connecting remotely on 'WAN', while if the device is present on LAN WireGuard works flawlessly connection get established/handshake without any problem.
- Tried to downgrade and netinstall, and that did not fix the problem.

I can't rule out human error 100% (?misconfiguration), and for this reason I'm asking for any known or reported bugs.

eworm · Sat Dec 09, 2023 1:13 pm

No problem with wireguard here, working well without issues.

Wondering if you have issues with the roaming functionality... Do you have any suspicious or unexpected addresses in actual-endpoint-address?

iustin · Sat Dec 09, 2023 1:18 pm

CCR2116, WireGuard isn't working, replaced it with ZeroTier, in details:
- delete and re-add the peer may solve the problem but once you disconnect you can't connect back.
- It shows 94bytes received, 'Handshake did not complete after 5 seconds'
- Same behavior on iPhone, iPad, Windows and MacOS
- This problem is only on connecting remotely on 'WAN', while if the device is present on LAN WireGuard works flawlessly connection get established/handshake without any problem.
- Tried to downgrade and netinstall, and that did not fix the problem.

I can't rule out human error 100% (?misconfiguration), and for this reason I'm asking for any known or reported bugs.

This looks very much like a firewall issue… Did you allow the ports used for wireguard?

Sat Dec 09, 2023 1:52 pm

My wireguard connections are operational already for days...

kreb · Sat Dec 09, 2023 2:01 pm

/interface bridge
add name=loopback port-cost-mode=short
/interface wireguard
add listen-port=13231 mtu=1420 name=wireguard1
/interface vlan
add interface=sfp-sfpplus4 name=GPON vlan-id=10
/interface bonding
add mode=802.3ad name=bonding1 slaves=sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3 transmit-hash-policy=layer-2-and-3
/interface pppoe-client
add add-default-route=yes disabled=no interface=GPON name=pppoe-out1 user=1blalbaa
/interface ethernet switch
set 0 l3-hw-offloading=yes
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=openvpn-pool ranges=10.100.100.11-10.100.100.99
/port
set 0 name=serial0
/routing ospf instance
add disabled=no name=ospf-instance-1 originate-default=always redistribute=connected
/routing ospf area
add disabled=no instance=ospf-instance-1 name=ospf-area-1
/system logging action
set 3 remote=10.10.10.10 src-address=10.0.0.1
/zerotier
set zt1 comment="ZeroTier Central controller - https://my.zerotier.com/" name=zt1 port=9993
/zerotier interface
add allow-default=no allow-global=no allow-managed=yes disabled=no instance=zt1 name=zerotier1 network=272f5eae16897148
/ip neighbor discovery-settings
set discover-interface-list=all
/interface detect-internet
set detect-interface-list=all internet-interface-list=all lan-interface-list=all wan-interface-list=all
/interface list member
add interface=pppoe-out1 list=WAN
add interface=bonding1 list=LAN
add interface=ether12 list=LAN
add interface=zerotier1 list=LAN
add interface=wireguard1 list=LAN
/interface ovpn-server server
set auth=sha1 certificate=*2 cipher=aes128-gcm,aes192-gcm,aes256-gcm port=443 require-client-certificate=yes
/interface wireguard peers
add allowed-address=10.100.100.2/32 interface=wireguard1 public-key="+L9oHVFkifH9GLf+25zNEt+blablabla="
/ip address
add address=192.168.88.1/24 interface=ether13 network=192.168.88.0
add address=10.255.255.1/30 interface=bonding1 network=10.255.255.0
add address=10.255.255.21/30 interface=ether12 network=10.255.255.20
add address=10.0.0.1 interface=loopback network=10.0.0.1
add address=10.100.100.1/24 interface=wireguard1 network=10.100.100.0
/ip cloud
set ddns-enabled=yes
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4,1.1.1.1,1.0.0.1
/ip firewall address-list
add list=bogons
add address=0.0.0.0/8 list=bogons
add address=10.0.0.0/8 list=bogons
add address=100.64.0.0/10 list=bogons
add address=127.0.0.0/8 list=bogons
add address=127.0.53.53 list=bogons
add address=169.254.0.0/16 list=bogons
add address=172.16.0.0/12 list=bogons
add address=192.0.0.0/24 list=bogons
add address=192.0.2.0/24 list=bogons
add address=192.168.0.0/16 list=bogons
add address=198.18.0.0/15 list=bogons
add address=198.51.100.0/24 list=bogons
add address=203.0.113.0/24 list=bogons
add address=224.0.0.0/4 list=bogons
add address=240.0.0.0/4 list=bogons
add address=255.255.255.255 list=bogons
add address=10.10.10.0/24 list=LAN
add address=10.10.20.0/24 list=LAN
add address=10.10.80.0/24 list=LAN
add address=10.10.90.0/24 list=LAN
add address=10.20.10.0/24 list=LAN
add address=10.100.100.0/24 list=LAN
/ip firewall filter
add action=accept chain=input comment="allow WireGuard" dst-port=13231 protocol=udp
add action=accept chain=input comment="allow WireGuard traffic" src-address=10.100.100.0/24
add action=accept chain=forward in-interface=zerotier1
add action=accept chain=input in-interface=zerotier1
add action=accept chain=input connection-state=established,related,untracked
add action=accept chain=input protocol=udp src-address=127.0.0.1
add action=drop chain=input connection-state=invalid log-prefix="input invalid blocked"
add action=accept chain=input protocol=icmp
add action=accept chain=input in-interface-list=LAN protocol=ospf
add action=accept chain=input in-interface-list=LAN src-address=10.10.20.0/24
add action=accept chain=input in-interface-list=LAN
add action=drop chain=input log-prefix="input drop"
add action=fasttrack-connection chain=forward connection-state=established,related hw-offload=yes
add action=accept chain=forward connection-state=established,related,untracked
add action=drop chain=forward connection-state=invalid log-prefix="forward invalid block"
add action=accept chain=forward in-interface-list=LAN out-interface-list=WAN
add action=drop chain=forward connection-nat-state=!dstnat connection-state=new in-interface-list=WAN log-prefix="not natted"
add action=jump chain=forward jump-target=icmp protocol=icmp
add action=drop chain=forward log-prefix="forward drop"
add action=accept chain=icmp icmp-options=0:0 protocol=icmp
add action=accept chain=icmp icmp-options=3:0 protocol=icmp
add action=accept chain=icmp icmp-options=3:1 protocol=icmp
add action=accept chain=icmp icmp-options=3:4 protocol=icmp
add action=accept chain=icmp icmp-options=8:0 protocol=icmp
add action=accept chain=icmp icmp-options=11:0 protocol=icmp
add action=accept chain=icmp icmp-options=12:0 protocol=icmp
add action=drop chain=icmp
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/routing ospf interface-template
add area=ospf-area-1 disabled=no interfaces=bonding1 type=ptp
add area=ospf-area-1 disabled=no interfaces=ether12 type=ptp
/snmp
set enabled=yes
/system clock
set time-zone-name=Universal
/system logging
add action=remote topics=pppoe,!debug
add action=remote topics=info
add topics=wireguard,debug
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp server
set enabled=yes
/system ntp client servers
add address=pool.ntp.org
add address=time.google.com
add address=time.cloudflare.com
/system package update
set channel=testing

This is the current configuration, also tried to lower MTU all the way to 1300.

erlinden · Sat Dec 09, 2023 2:05 pm

Uptime 1d23:34:09

Haven't had any interruptions on WG.

Change it to, @kreb:

/ip firewall filter
add action=accept chain=input comment="allow WireGuard" dst-port=13231 protocol=udp in-interface=pppoe-out1

You are currently missing the in-interface (or use in-interface-list=WAN).

And get rid of all unnecessary rules please.

kreb · Sat Dec 09, 2023 2:09 pm

/ip firewall filter
add action=accept chain=input comment="allow WireGuard" dst-port=13231 in-interface=pppoe-out1 protocol=udp
add action=accept chain=input comment="allow WireGuard traffic" src-address=10.100.100.0/24
add action=accept chain=input connection-state=established,related,untracked
add action=accept chain=input protocol=icmp
add action=accept chain=input in-interface-list=LAN
add action=drop chain=input disabled=yes log-prefix="input drop"
add action=fasttrack-connection chain=forward connection-state=established,related hw-offload=yes
add action=accept chain=forward connection-state=established,related,untracked
add action=accept chain=forward in-interface-list=LAN out-interface-list=WAN
add action=drop chain=forward connection-nat-state=!dstnat connection-state=new disabled=yes in-interface-list=WAN log-prefix="not natted"
add action=drop chain=forward disabled=yes log-prefix="forward drop"

[NET] UDP bind has been updated
2023-12-09 15:19:34.977
[NET] Routine: receive incoming v6 - started
2023-12-09 15:19:34.977
[NET] Routine: receive incoming v4 - started
2023-12-09 15:19:34.990
[NET] peer(oBoa…GpVM) - Sending handshake initiation
2023-12-09 15:19:35.053
[NET] peer(oBoa…GpVM) - Received handshake response
2023-12-09 15:19:39.520
[APP] Status update notification timeout for tunnel 'secretgarden'. Tunnel status is now 'connected'.
2023-12-09 15:19:50.467
[NET] peer(oBoa…GpVM) - Retrying handshake because we stopped hearing back after 15 seconds
2023-12-09 15:19:50.468
[NET] peer(oBoa…GpVM) - Sending handshake initiation
2023-12-09 15:19:55.653
[NET] peer(oBoa…GpVM) - Handshake did not complete after 5 seconds, retrying (try 2)
2023-12-09 15:19:55.653
[NET] peer(oBoa…GpVM) - Sending handshake initiation

removed all unnecessary filters, and disabled all drops for testing.

izytech · Sat Dec 09, 2023 6:42 pm

Is this about an AC with new drivers? I've same behaviour, but only by using a WAP AC and wifi-qcom-ac. The AX2 is working right.

Yes its AC, cap AC models are used. I didnt find any config information in the help section. I have tried to add caps wifi port manual to the bridge as any other bridged port but dont get any traffic.

erlinden · Sun Dec 10, 2023 12:26 am

removed all unnecessary filters, and disabled all drops for testing.

Do you see the counter of the accept rule increasing?
Could it be that the provider is blocking (perhaps because of CGNAT)?
Does any other port forward/open word work at all?

ToTheCLI · Sun Dec 10, 2023 12:27 am

CCR2116, WireGuard isn't working, replaced it with ZeroTier, in details:
- delete and re-add the peer may solve the problem but once you disconnect you can't connect back.
- It shows 94bytes received, 'Handshake did not complete after 5 seconds'
- Same behavior on iPhone, iPad, Windows and MacOS
- This problem is only on connecting remotely on 'WAN', while if the device is present on LAN WireGuard works flawlessly connection get established/handshake without any problem.
- Tried to downgrade and netinstall, and that did not fix the problem.

I can't rule out human error 100% (?misconfiguration), and for this reason I'm asking for any known or reported bugs.

Looks like your ISP is blocking the protocol by DPI can you make connections to other WG servers?

lluu131 · Sun Dec 10, 2023 2:50 am

The RC version is working fine, hopefully the official version will be available soon!

mantouboji · Sun Dec 10, 2023 6:35 am

Would you please add a feather to ignore BAD DUID response code from IPv6 dhcp ?

Some China's ISP uses ZTE v6000 , and will return a DUID code 0660, RouterOS report “bad server DUID", can't get IPv6 address and prefix, but other software like OpenWRT works.

JasonPugh · Sun Dec 10, 2023 5:54 pm

Just a heads up that upgrading to v7.13rc3 killed my PPPoE WAN connection - I've not had time to diagnose, but a rollback to rc2 has fixed the issue for me, so I'm confident that the rc3 upgrade was the cause. I am running an RB5009 with WAN connection via 1GbE copper SFP module - Manufacturer: FS model: SFP-GB-GE-T. I cannot see anything in the logs other than the PPPoE repeatedly trying and failing to connect, and cannot find any logging related to the SFP module. Looking at the release notes for rc3, I'm guessing that "*) sfp - improved link establishment for SFP copper modules;" has had unintended consequences! Here is my PPPoE config:

name="pppoe-out1"
max-mtu=auto
max-mru=auto
mrru=disabled
interface=sfp-sfpplus1
user="username"
password="password"
profile=default
keepalive-timeout=10
service-name=""
ac-name=""
add-default-route=yes
default-route-distance=1
dial-on-demand=no 
use-peer-dns=no
allow=pap,chap,mschap1,mschap2

Cheers, Jason.

UPDATE - I've now managed to run the SFP diagnostics, and it looks like the "improved link establishment for SFP copper modules" in rc3 has broken the negotiation of inserted SFP module capabilities, at least for my FS module:

v7.13rc2

                               name: sfp-sfpplus1
                             status: link-ok
                   auto-negotiation: done
                               rate: 1Gbps
                        full-duplex: yes
                    tx-flow-control: no
                    rx-flow-control: no
                          supported: 10M-baseT-half,10M-baseT-full,
                                     100M-baseT-half,100M-baseT-full,
                                     1G-baseT-half,1G-baseT-full,1G-baseX,
                                     2.5G-baseT,2.5G-baseX,5G-baseT,10G-baseT,
                                     10G-baseSR-LR,10G-baseCR
                      sfp-supported: 10M-baseT-half,10M-baseT-full,
                                     100M-baseT-half,100M-baseT-full,
                                     1G-baseT-half,1G-baseT-full
                        advertising: 10M-baseT-half,10M-baseT-full,
                                     100M-baseT-half,100M-baseT-full,
                                     1G-baseT-half,1G-baseT-full
           link-partner-advertising: 
                 sfp-module-present: yes
                        sfp-rx-loss: no
                       sfp-tx-fault: no
                           sfp-type: SFP/SFP+/SFP28/SFP56
                 sfp-connector-type: RJ45
  sfp-link-length-copper-active-om4: 100m
                    sfp-vendor-name: FS
             sfp-vendor-part-number: SFP-GB-GE-T
                  sfp-vendor-serial: S2001339604
             sfp-manufacturing-date: 20-01-10
                    eeprom-checksum: good
                             eeprom: 0000: 03 04 22 00 00 00 08 00  00 00 00 01 0d 00 00 00  .."..... ........
                                     0010: 00 00 64 00 46 53 20 20  20 20 20 20 20 20 20 20  ..d.FS           
                                     0020: 20 20 20 20 00 00 00 00  53 46 50 2d 47 42 2d 47      .... SFP-GB-G
                                     0030: 45 2d 54 20 20 20 20 20  20 20 20 20 00 00 00 f5  E-T          ....
                                     0040: 00 00 00 00 53 32 30 30  31 33 33 39 36 30 34 20  ....S200 1339604 
                                     0050: 20 20 20 20 32 30 30 31  31 30 20 20 00 00 00 53      2001 10  ...S
                                     0060: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........

v7.13rc3

                               name: sfp-sfpplus1
                             status: no-link
                   auto-negotiation: done
                          supported: 10M-baseT-half,10M-baseT-full,
                                     100M-baseT-half,100M-baseT-full,
                                     1G-baseT-half,1G-baseT-full,1G-baseX,
                                     2.5G-baseT,2.5G-baseX,5G-baseT,10G-baseT,
                                     10G-baseSR-LR,10G-baseCR
                      sfp-supported: 1G-baseX
                        advertising: 1G-baseX
           link-partner-advertising: 
                 sfp-module-present: yes
                        sfp-rx-loss: no
                       sfp-tx-fault: no
                           sfp-type: SFP/SFP+/SFP28/SFP56
                 sfp-connector-type: RJ45
  sfp-link-length-copper-active-om4: 100m
                    sfp-vendor-name: FS
             sfp-vendor-part-number: SFP-GB-GE-T
                  sfp-vendor-serial: S2001339604
             sfp-manufacturing-date: 20-01-10
                    eeprom-checksum: good
                             eeprom: 0000: 03 04 22 00 00 00 08 00  00 00 00 01 0d 00 00 00  .."..... ........
                                     0010: 00 00 64 00 46 53 20 20  20 20 20 20 20 20 20 20  ..d.FS           
                                     0020: 20 20 20 20 00 00 00 00  53 46 50 2d 47 42 2d 47      .... SFP-GB-G
                                     0030: 45 2d 54 20 20 20 20 20  20 20 20 20 00 00 00 f5  E-T          ....
                                     0040: 00 00 00 00 53 32 30 30  31 33 33 39 36 30 34 20  ....S200 1339604 
                                     0050: 20 20 20 20 32 30 30 31  31 30 20 20 00 00 00 53      2001 10  ...S
                                     0060: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........

evbocharov · Sun Dec 10, 2023 8:32 pm

RB4011iGS+5HacQ2HnD-IN all v7.13rc3 - PPPoE WAN connection - is OK!
/interface pppoe-client add add-default-route=yes allow=chap comment=WAN disabled=no interface=sfp-sfpplus1 name=pppoe-out1 user=login
P.S.
I want wipe settings - Bridge Interface Path Costs

/interface/bridge
set port-cost-mode=long

Message in Terminal:
numbers: /interface/bridge/port
Script Error: action cancelled

buset1974 · Mon Dec 11, 2023 8:23 am

every problem reported supout will be first ask by MT.
but not all problem can be captured in supout if we generated after rebooted.
and not all the supout can be generated when problem occurs.

question: sometime we see autosupout file in the router, anyone knows when exactly autosupout generated?
and can autosupout use for MT to find the problem when the routers hangs or before rebooted?

thx

Mon Dec 11, 2023 8:44 am

We have received a single report about "non-working" WireGuard in v7.13 on support, and it does not seem that it has anything to do with the software, but either a networking or configuration problem. If there are any other setups where WireGuard worked just fine in v7.12, but does not work in v7.13, then please do not hesitate and send a supout file from your router to support@mikrotik.com.

Mon Dec 11, 2023 8:48 am

Autosupout is the same supout file as manually generated, but is generated automatically when there is a software error. In short, there are such possibilities:

1) Router rebooted due to an out-of-memory condition or Kernel Failure (not on Watchdog reboots since Watchdog is a reboot done on purpose, it is not an issue);
2) Some internal program failed;
3) WinBox loader on your computer crashed while you were connected to this router (the most popular cause of autosupout files);
4) Hardware is doing tricks and making software to fail.

The "software issue" in supout file can be seen only by MT employees. For end-user it will look exactly the same as regular supout. Such files must be sent to us.

every problem reported supout will be first ask by MT.
but not all problem can be captured in supout if we generated after rebooted.
and not all the supout can be generated when problem occurs.

question: sometime we see autosupout file in the router, anyone knows when exactly autosupout generated?
and can autosupout use for MT to find the problem when the routers hangs or before rebooted?

thx

glat · Mon Dec 11, 2023 9:45 am

Yes its AC, cap AC models are used. I didnt find any config information in the help section. I have tried to add caps wifi port manual to the bridge as any other bridged port but dont get any traffic.

It works by using an AX AP. I've same behaviour by using an AC AP and new driver wifi-qcom-ac. You can make it work by configuring the bridge vlans AND by activating vlan filtering on the CAP.

I don't know if it is a bug or not, but on docs (https://help.mikrotik.com/docs/display/ ... stfeatures) you can read:
"VLAN configuration in the wireless settings (Per-interface VLANs can be configured in bridge settings)"

Bye

Kindis · Mon Dec 11, 2023 9:53 am

I have a wAP AC running 7.13rc2 and I have no issues but I do use bridge with VLAN filtering on and have made the dynamic interfaces static on the wAP AC so I could add them to the bridge and they do not disappear every time I reboot the device. Works like a charm. All this under new CapsMAN working together with cAP AX.
I hope the solve the VLAN thing on AC interfaces but for now it works at least.

glat · Mon Dec 11, 2023 11:05 am

I have a wAP AC running 7.13rc2 and I have no issues but I do use bridge with VLAN filtering on and have made the dynamic interfaces static on the wAP AC so I could add them to the bridge and they do not disappear every time I reboot the device. Works like a charm. All this under new CapsMAN working together with cAP AX.
I hope the solve the VLAN thing on AC interfaces but for now it works at least.

Yes, doing that will work... But in a scenario such mine (or others) where you've a hundred of AC APs it's hard to reconfigure manually all of them.
I'm waiting to see if this is a bug and it will be resolved, otherwise I cannot upgrade to new drivers for old AC series.
I think everyone here think like me.

Just a note: according my tests on AC APs using new drivers you can tag a single VLAN and it works, but you cannot add an additional SSID with a different VLAN ID (slave config in CAPSMAN). That will not work.

Bye

tim427 · Mon Dec 11, 2023 12:21 pm

I've found a bug in Bridge -> Ports; I'm unable to change the order.

Not with "/interface/bridge/port/move numbers=17 destination=1", nor with the WebGui, nor with Winbox.

osc86 · Mon Dec 11, 2023 2:18 pm

how is this a bug? The order doesn’t matter - at all.
There is also no equivalent brctl command to do that in linux.

Kindis · Mon Dec 11, 2023 2:45 pm

@glat I have always used the bridge to manage VLAN so this was not a problem for me but I do need to add each WIFI interface, main or slave, as a port in the bridge.
I agree if we want to migrate in large scale I think getting it to works like the AX interfaces would be great. Not sure this will help you as I think AX interfaces reply on a bridge

dksoft · Mon Dec 11, 2023 2:56 pm

Quick question before I waste more time: Is RBcAPGi-5acD2nD (cAP ac) supported by wifi-qcom-ac ?

The device works with 7.13rc3 and wireless. But the wifi-qcom-ac is always greyed out and can not be enabled.
Reading the new manual at https://help.mikrotik.com/docs/display/ROS/WiFi, it's in the compatible list.

Thanks dksoft

glat · Mon Dec 11, 2023 3:20 pm

@glat I have always used the bridge to manage VLAN so this was not a problem for me but I do need to add each WIFI interface, main or slave, as a port in the bridge.

wifi1 and wifi2 can be automatically added to the bridge setting the interface datapath but, when you add a slave configuration on the CAPSMAN, another wireless interface is created and that one must be made static and added to the bridge with bridge filtering enabled to works. On the old CAPSMAN it was automatically added to the bridge with vlan tagged and there was no need to enable the vlan filtering on it (the switch was used as a dumb one).

I agree if we want to migrate in large scale I think getting it to works like the AX interfaces would be great. Not sure this will help you as I think AX interfaces reply on a bridge.

Yes, I hope this will be corrected because we've a lot of installed ARM APs that can benefit of all new features, but if you need an additional SSID they cannot be migrated... On a single SSID they works, even.

Bye

kalamaja · Mon Dec 11, 2023 3:32 pm

Quick question before I waste more time: Is RBcAPGi-5acD2nD (cAP ac) supported by wifi-qcom-ac ?

Yes, runs really nicely for me: Packages -> wireless -> uninstall. Files -> add wifi-qcom-ac. Reboot. Connect over cable, fix ports in the bridge, new interfaces are wifi1 and wifi2. Configure basic stuff using oneliner from https://help.mikrotik.com/docs/display/ ... figuration:

dksoft · Mon Dec 11, 2023 4:34 pm

Quick question before I waste more time: Is RBcAPGi-5acD2nD (cAP ac) supported by wifi-qcom-ac ?
Yes, runs really nicely for me: Packages -> wireless -> uninstall. Files -> add wifi-qcom-ac. Reboot. Connect over cable, fix ports in the bridge, new interfaces are wifi1 and wifi2. Configure basic stuff using oneliner from https://help.mikrotik.com/docs/display/ ... figuration:

Thanks for you reply. Meanwhile I can confirm it working. Some devices where affected and after I netinstalled them, they work nicely with the "new CAPsMan"

kreb · Mon Dec 11, 2023 5:12 pm

Confirmed, WireGuard is blocked by ISP.

Kindis · Mon Dec 11, 2023 5:21 pm

@glet On each CAP you need to set slaves-static: yes. If you do this each slave interfaces will be permanent and not dynamic so you can configure them. This is what support told me and I did so and it works. It is good? No I would not say so but this means slave interfaces does work and can survive a restart.

tim427 · Mon Dec 11, 2023 5:24 pm

how is this a bug? The order doesn’t matter - at all.
There is also no equivalent brctl command to do that in linux.

Because it's a feature that doesn't work as expected, besides the discussion regarding the usefulness of this feature.

For example; the interface list; You can't move them, nor is there a command to move them. But with the Bridge->Ports overview, it does. So I would suggest; remove this broken feature, or fix the issue..

dksoft · Mon Dec 11, 2023 5:31 pm

Yes, runs really nicely for me: Packages -> wireless -> uninstall. Files -> add wifi-qcom-ac. Reboot. Connect over cable, fix ports in the bridge, new interfaces are wifi1 and wifi2. Configure basic stuff using oneliner from https://help.mikrotik.com/docs/display/ ... figuration:
Thanks for you reply. Meanwhile I can confirm it working. Some devices where affected and after I netinstalled them, they work nicely with the "new CAPsMan"

Except the VLAN problem. E.g. CAP AX device work well with vlan-id set in "/interface wifi datapath", CAP AC bring up an error message not supported by device. I read something about that above, but found no solution yet.

Is that confirmed as a problem which is currently been worked on?

MrYan · Mon Dec 11, 2023 5:46 pm

how is this a bug? The order doesn’t matter - at all.
There is also no equivalent brctl command to do that in linux.

Maybe or maybe not. I observed an issue with ordering of bridge ports on 7.12.1 - viewtopic.php?p=1041276

Larsa · Mon Dec 11, 2023 6:07 pm

Confirmed, WireGuard is blocked by ISP.

Unlikely, but try changing the port number. Btw, this is OT thus please create a new thread to continue troubleshooting.

parham · Mon Dec 11, 2023 7:24 pm

Hi all

Suggestion

Can you create new package with remove all old and not necessary protocols such as, rip, pptp, l2tp, ppp, …
Make it as small as possible to leave the room for more new package such as ZT on 16mb nands

Thanks
Parham

evbocharov · Mon Dec 11, 2023 10:52 pm

Hello. I don't understand why is the port-cost included in the default config?
RB4011iGS+5HacQ2HnD-IN all v7.13rc3
default port-cost-mode = short.
Is there any difference in the logic of the modes (long or short)? or does it differ only in reflection ?

mkx · Mon Dec 11, 2023 11:16 pm

Is there any difference in the logic of the modes (long or short)? or does it differ only in reflection ?

Some description is available in bridge interface setup part of bridging manual.

From wikipedia article it's follows that port-cost-mode=short should only apply when protocol-mode is set to stp while port-cost-mode=long should apply when protocol-mode is set either to rstp or mstp.

MT's docs don't clarify why did port-cost-mode become settable option if it's tied to protocol-mode (as could be understood from wikipedia article). Specially so as each switch adds its own port cost to the root path and it's essential that all use the same mode. E.g. if in a mesh of connections there's a switch using long mode while the rest are using short mode, then any path crossing that switch will be prohibitively expensive while in reality they might be the best; and the other way around, switch using short mode in mesh of switches using long mode will attract traffic even if in reality its connections are not that good.

kreb · Mon Dec 11, 2023 11:21 pm

Confirmed, WireGuard is blocked by ISP.
Unlikely, but try changing the port number. Btw, this is OT thus please create a new thread to continue troubleshooting.

Just noticed multiple reports about WireGuard failing to connect on the same ISP; you can disregard my previous comments about any possible bug on 7.13rc3.

Z0ltan · Tue Dec 12, 2023 10:08 am

@glet On each CAP you need to set slaves-static: yes. If you do this each slave interfaces will be permanent and not dynamic so you can configure them. This is what support told me and I did so and it works. It is good? No I would not say so but this means slave interfaces does work and can survive a restart.

Where/how do you set this?

EDIT: Nevermind, found it under the CAP settings. Let me change the question here, how does this setting play along with create-dynamic-enabled? Or this is the counterpart of create-enabled?

Kindis · Tue Dec 12, 2023 4:02 pm

I have Create Dynamic set on CapsMAN so the interfaces goes away on the CapsMAN machine but the interfaces stays on the CAP. I then add each wifi interface, both real and slave, as a bridge port and give the PVID that it should be on and then VLAN works for me. So far I have updated the CAP and restarted and the interfaces remains. I have also performed a fail over to a secondary CapsMAN machine and everything works for me.
So the way I understand this is that Create Dynamic only affects the CapsMAN machine and to get the interfaces to remain on the CAP you need to enable this Static Slave interface.

rushlife · Tue Dec 12, 2023 9:24 pm

I known I am ungrateful but whole this THING seam to me "little" unthoughtful.
Instead of having ONE mighty CAPsMAN (which can control everything) we have two.
Two configuration on two places. Two tables of registration tables. Two tables of access lists. Two stuffs of everything. It is so weird.

I don't like it. I don't like it single bit.

I still love you MIKROTIK, but this is not a good solution at all.

infabo · Tue Dec 12, 2023 9:56 pm

They have (I would rather say "they chose to care") to deal with legacy. And having two of them is one way. Other vendors just drop support and don't give a damn. So really ungrateful.

evbocharov · Tue Dec 12, 2023 10:06 pm

When will be returned mlag l3hw in CRS3xx ???

elijahwood · Tue Dec 12, 2023 10:51 pm

Hi all. An interesting thought came to mind. When switching to RouterOS 7, the kernel was updated. Will it be updated in the future as part of version 7 or will the next kernel update occur only in RouterOS 8?

maigonis · Wed Dec 13, 2023 8:18 am

Hi all. An interesting thought came to mind. When switching to RouterOS 7, the kernel was updated. Will it be updated in the future as part of version 7 or will the next kernel update occur only in RouterOS 8?

As mentioned in podcast, kernel version change is triggering ROS version update. So kernel v6 (v7?) will be ROS v8.

Guscht · Wed Dec 13, 2023 10:00 am

AFAIK a key element in ROSv7 is/was the ability to update kernels.
They said in ROSv6 this is not possible due to endless constraints but in ROSv7 it should be possible.

Z0ltan · Wed Dec 13, 2023 10:44 am

Is it possible to create a single CAPSMAN config that works on both ac and ax and uses the full extent of hardware available? Right now I have 2x 5g config (1 for ac w/o datapath and 1 for ax with datapath for VLAN), 2x 2g config (same for 2g n and 2g ax). Any such configuration example would be appreciated.

Wed Dec 13, 2023 10:56 am

What's new in 7.13rc4 (2023-Dec-12 15:16):

*) certificate - fixed CRL updating;
*) console - improved stability when removing script (introduced in v7.13beta3);
*) defconf - fixed configuration for Audience with "wifi-qcom-ac" package;
*) defconf - improved wifi interface detection after upgrade;
*) ethernet - improved system stability for L009 and hAP ax lite devices;
*) sfp - improved link establishment for SFP copper modules;

alibloke · Wed Dec 13, 2023 10:57 am

As mentioned in podcast

There's a podcast? Where can I get it?

prawira · Wed Dec 13, 2023 11:29 am

Hello,

I have a few problems on client side when using 7.12 and 7.12.1
1. the cpu of mipsbe keep rise-up from time to time when using 7.12, it seem solved on 7.12.1
2. crs309 cpu on 7.12.1 also keep rise-up about 2% per day untill rebooted (#[SUP-134606])
3. when the interface arp=reply-only and add-arp=yes on dhcp-server, the /ip arp flag become DIH when the hotspot activated.
4. i have couple cap-ax installed on resto area of hotel. it can running very well when provisioned with room-config or resto-config as master; but not when the config put on slave.

have the above items got fixed ?

P

Wed Dec 13, 2023 12:13 pm

As mentioned in podcast
There's a podcast? Where can I get it?

All major podcast platforms and RSS:
https://podcasters.spotify.com/pod/show/mikrotik/

Larsa · Wed Dec 13, 2023 12:22 pm

That link is for podcasters only. This is for us normal people ;-)

https://open.spotify.com/show/7sq8IetuZCDDKEvuLX3SL2

domagoj · Wed Dec 13, 2023 4:50 pm

Hi
Could someone confirm:
- If using Hap AC3 with 7.13 have to use wifi-qcom-ac which doesn't support CapsMAN datapath with VLANS and dynamic bridge assignment on CAP side after SSID is provisioned?
- If using Hap AC3 with 7.12 I can use it as CAP without above limitation?
If above is correct, does anyone knows if this is only temporary situation or it will be permanent for all future versions?
We have a client with a lot of AC3 and would like to upgrade his site with wave2, but they have 3-4 SSID's as virtual WiFi interfaces on different VLAN's
Thanks

Kindis · Wed Dec 13, 2023 5:12 pm

New CapsMAN and qcom-ac do not support VLAN set under datapath for AC interfaces so this will affect hAP AC3 as well.
I asked support what I should do the the reply was to on the CAP set Static Slave = True and assign each interface to the bridge and give correct PVID.
The static Slave means the interface will not disappear after disconnected from CapsMAN for example a Reboot.
I have done this on a wAP AC and it works. So you can get VLAN and more SSID to work with AC interfaces but there is more manual work involved.
Also note that you cannot run CapsMAN and connect CAP on the same box now. So if you run CapsMAN on a hAP AC3 the wireless interfaces on that box needs to be configured manually.

whatever · Wed Dec 13, 2023 5:49 pm

Could someone confirm:
- If using Hap AC3 with 7.13 have to use wifi-qcom-ac

No, you don't have to use the new driver. You can stay on the legacy "wireless" driver and keep using old capsman with old features (and old performance).

So if you run CapsMAN on a hAP AC3 the wireless interfaces on that box needs to be configured manually.

You don't need to do it manually, you can provision the local radios with the same provisioning rules that new capsman is using.

Kindis · Wed Dec 13, 2023 10:35 pm

That is true but you cannot set the interface to capsman like you could before. So you cannot run it via capsman but use same config but manually and locally controlled.

whatever · Wed Dec 13, 2023 11:14 pm

I doesn't really matter, does it? Even if you were able to connect local wifi interfaces to local capsman, the end result would be identical to local interfaces provisioned using the same configuration. I don't get where you see additional manual effort.

lluu131 · Thu Dec 14, 2023 5:35 am

What's new in 7.13rc4 (2023-Dec-12 15:16):

*) certificate - fixed CRL updating;
*) console - improved stability when removing script (introduced in v7.13beta3);
*) defconf - fixed configuration for Audience with "wifi-qcom-ac" package;
*) defconf - improved wifi interface detection after upgrade;
*) ethernet - improved system stability for L009 and hAP ax lite devices;
*) sfp - improved link establishment for SFP copper modules;

Any plans to release the official version before the holidays?

Thu Dec 14, 2023 8:53 am

Also note that you cannot run CapsMAN and connect CAP on the same box now. So if you run CapsMAN on a hAP AC3 the wireless interfaces on that box needs to be configured manually.

You can use provisioning rules on local radios by running the '/interface/wifi/radio/provision' command.

Thu Dec 14, 2023 9:05 am

That's new ? It has always been stated earlier that for wifiwave2 capsman, local radios needed to be configured locally.

Thu Dec 14, 2023 9:09 am

That's new ? It has always been stated earlier that for wifiwave2 capsman, local radios needed to be configured locally.

That is local.
You don't need to configure a cap connection to localhost for it to work.

sergiot77 · Thu Dec 14, 2023 11:44 am

VPLS seems to be broken on 7.13rc.

Interface goes up but router reboot after some minutes (rb4011) or some hours (2216).
With the same config no issue on 7.12...

Thu Dec 14, 2023 3:04 pm

VPLS seems to be broken on 7.13rc.

Interface goes up but router reboot after some minutes (rb4011) or some hours (2216).
With the same config no issue on 7.12...

Log a ticket with support@mikrotik.com

domagoj · Thu Dec 14, 2023 4:18 pm

No, you don't have to use the new driver. You can stay on the legacy "wireless" driver and keep using old capsman with old features (and old performance).

Thanks

OK old wireless is third option. Correct me if I'm wrong but why would I use old wireless if I can use 7.12 with regular wave2 driver which allows benefits of wave2 and connect it to new capsman (CHR VM) and also all provisioning rules with SSID and VLANS's should still work without the need of manual setting up of VLAN's' per SSID

So if you run CapsMAN on a hAP AC3 the wireless interfaces on that box needs to be configured manually.

You don't need to do it manually, you can provision the local radios with the same provisioning rules that new capsman is using.

Yes, but VLAN's should be setup manually on each AC3 cap if using new AC driver That's the problem of manual work on each cap and there is really a huge quantity of AC3 at this client's locations where roaming and wave2 would be of great use.

I would just like to know if this is temporary situation where new AC driver doesn't provision VLAN's on AC3 CAPs, in which case I could wait, or it's final..

whatever · Thu Dec 14, 2023 4:28 pm

why would I use old wireless if I can use 7.12 with regular wave2 driver which allows benefits of wave2 and connect it to new capsman (CHR VM) and also all provisioning rules with SSID and VLANS's should still work without the need of manual setting up of VLAN's' per SSID

Because you cannot do that. 7.12 with wave2 driver on AC devices has the same VLAN limitations as 7.13 with wifi-qcom-ac driver. Nothing has changed in this regard.

JasonPugh · Thu Dec 14, 2023 4:43 pm

Just a heads up that upgrading to v7.13rc3 killed my PPPoE WAN connection - I've not had time to diagnose, but a rollback to rc2 has fixed the issue for me, so I'm confident that the rc3 upgrade was the cause. I am running an RB5009 with WAN connection via 1GbE copper SFP module - Manufacturer: FS model: SFP-GB-GE-T. I cannot see anything in the logs other than the PPPoE repeatedly trying and failing to connect, and cannot find any logging related to the SFP module. Looking at the release notes for rc3, I'm guessing that "*) sfp - improved link establishment for SFP copper modules;" has had unintended consequences! Here is my PPPoE config:

I can confirm that installation of v7.13rc4 has fixed the SFP negotiation issue that I was experiencing with rc3 :-)

Cheers,

Jason.

evellin · Thu Dec 14, 2023 5:12 pm

Hi, When do you plan to make BGP filter on VRF work ?

Our MPLS network is frozen in v6.49 waiting for VRF support in V7 at least like V6 and CCR router running v6 are no more available :(

SecOps7 · Thu Dec 14, 2023 6:52 pm

Hi Everyone,

Does this change mean CapsMan on WifiWave2 will finally be capable of "Central-Forwarding" and not only the default "Local-Forwarding"?

*) wifi - make slave APs use datapath bridge settings inherited from master by default;

Currently... "WifiWave2 CAPsMAN only passes wireless configuration to the CAP, all forwarding decisions are left to the CAP itself - there is no CAPsMAN forwarding mode"

- Thank you kindly.

whatever · Thu Dec 14, 2023 7:27 pm

SecOps7 · Thu Dec 14, 2023 8:28 pm

no.

Care to elaborate?

mkx · Thu Dec 14, 2023 9:16 pm

no.
Care to elaborate?

The entry from changelog you quoted and highlited doesn't mention data forwarding at all (neither local nor capsman). Instead it says you don't have to explicitly configure datapath for virtual interfaces if datapath for master fits the bill.

SecOps7 · Thu Dec 14, 2023 9:20 pm

Care to elaborate?
The entry from changelog you quoted and highlited doesn't mention data forwarding at all (neither local nor capsman). Instead it says you don't have to explicitly configure datapath for virtual interfaces if datapath for master fits the bill.

Thanks. That makes sense. Too Bad.

Paternot · Fri Dec 15, 2023 5:44 am

AFAIK a key element in ROSv7 is/was the ability to update kernels.
They said in ROSv6 this is not possible due to endless constraints but in ROSv7 it should be possible.

Not only possible, but already done. The very early releases of RoS 7 used a different kernel. Don't remember the version, but I do remember the upgrade. It didn't change the major number (if I'm not mistaken it went from kernel 5.X to 5.Y).

Something about long term version and such.

evbocharov · Fri Dec 15, 2023 6:43 am

AFAIK a key element in ROSv7 is/was the ability to update kernels.
They said in ROSv6 this is not possible due to endless constraints but in ROSv7 it should be possible.
Not only possible, but already done. The very early releases of RoS 7 used a different kernel. Don't remember the version, but I do remember the upgrade. It didn't change the major number (if I'm not mistaken it went from kernel 5.X to 5.Y).

Something about long term version and such.

How can I see the kernel version ros?

rpingar · Fri Dec 15, 2023 6:52 am

How can I see the kernel version ros?

system/resource/usb print

regards

mkx · Fri Dec 15, 2023 9:01 am

The very early releases of RoS 7 used a different kernel. Don't remember the version, but I do remember the upgrade. It didn't change the major number (if I'm not mistaken it went from kernel 5.X to 5.Y).

ROS 7.1 shipped with 5.6.3. ROS 7.13rc4 is shipping the same kernel (5.6.3). I don't have any pre-7.1 versions handy to check and I can't find them on historical download pages.

Santi70 · Fri Dec 15, 2023 10:53 am

That version (5.6.3) is getting a bit old now. Maybe it's time for an update, at least to 5.16

Fri Dec 15, 2023 11:02 am

@Santi70, do you have specific reasons to desire a kernel upgrade? Or is it upgrade for the sake of upgrade, just because a newer version is available?

Jotne · Fri Dec 15, 2023 11:28 am

@andriys
Why do you upgrade Android,IOS,Linux,Windows etc. New function, bug fixes and most importante security fixes.
I guess you do not skip Windows updates for years? Nor is it recommended to do so.

5.6 was released in Mars 2020 and latest 5.6.19 was released in Juni 2020 , more than 3 years ago.

Larsa · Fri Dec 15, 2023 11:36 am

An LTS/SLTS kernel should for obvious reasons be a better choice, AFAIK v5.6.3 is not a such version.

Fri Dec 15, 2023 11:41 am

Version 7.13 has been released:

viewtopic.php?t=202423