There is still EXPORT bug at some x86 boards:
/interface ethernet
set [ find default-name=ether1 ] comment=LAN speed=100Mbps
set [ find default-name=ether2 ] comment=WAN1
set [ find default-name=ether3 ] comment=WAN2
The "ether1" is connected at 1Gbit! and "ether2", "ether3" - are 100Mbit ports
You are wrong! That port (ether1 and all other ports) is set to "Auto negotiation" and "Advertise" is set to all available speeds: 10Mhalf, 10Mfull, 100Mhalf, 100Mfull, 1000M half, 1000M full.export shows values that are changed by user from default, not where ports are connected to. Just unset that speed value.
Maybe is a problem about interpretation between RBOS and the type of that network card...You are wrong! That port (ether1 and all other ports) is set to "Auto negotiation" and "Advertise" is set to all available speeds: 10Mhalf, 10Mfull, 100Mhalf, 100Mfull, 1000M half, 1000M full.export shows values that are changed by user from default, not where ports are connected to. Just unset that speed value.
So that is RouterOS export bug! From some version of RouterOS...
just follow this:You are wrong! That port (ether1 and all other ports) is set to "Auto negotiation" and "Advertise" is set to all available speeds: 10Mhalf, 10Mfull, 100Mhalf, 100Mfull, 1000M half, 1000M full.export shows values that are changed by user from default, not where ports are connected to. Just unset that speed value.
So that is RouterOS export bug! From some version of RouterOS...
[admin@TestPlace] > int eth
[admin@TestPlace] /interface ethernet> export
/interface ethernet
set [ find default-name=ether1 ] comment=test speed=100Mbps
set [ find default-name=ether2 ] speed=100Mbps
set [ find default-name=ether3 ] disable-running-check=no
[admin@TestPlace] /interface ethernet> set ether2 speed=1Gbps
[admin@TestPlace] /interface ethernet> export
/interface ethernet
set [ find default-name=ether1 ] comment=test speed=100Mbps
set [ find default-name=ether3 ] disable-running-check=no
[admin@TestPlace] /interface ethernet>
OK, this is an important note, but what has been changed in this version?What's new in 6.37.2 (2016-Nov-08 13:15):
Important note!!!
Dude client auto-upgrade to this version will not work. Use http://www.mikrotik.com/download for 6.37.2 client download/install.
It will be fixed in soon to be released v6.37.3
Are 6.38rc builds affected by this as well? If so, will there be an update that includes this fix?What's new in 6.37.2 (2016-Nov-08 13:15):
*) firewall - fixed "connection-state" value disappearance in rules that were created before v6.22;
What a heavy bug, think of a rule thats like "accepts all packets with connection state 'established,reladed'" and after the Update its "accepts all packets with connection state ''"Are 6.38rc builds affected by this as well? If so, will there be an update that includes this fix?What's new in 6.37.2 (2016-Nov-08 13:15):
*) firewall - fixed "connection-state" value disappearance in rules that were created before v6.22;
Does this fix rules that were already broken by upgrade, or just prevent 6.31.2 and newer upgrades from breaking them?
Your fears match reality unfortunately, which is why I wanted to confirm how the fix is handled and if this affects the 6.38 branch. Having a rule at the top that changes from "established,related" to "anything" is bad indeed.What a heavy bug, think of a rule thats like "accepts all packets with connection state 'established,reladed'" and after the Update its "accepts all packets with connection state ''"Are 6.38rc builds affected by this as well? If so, will there be an update that includes this fix?What's new in 6.37.2 (2016-Nov-08 13:15):
*) firewall - fixed "connection-state" value disappearance in rules that were created before v6.22;
Does this fix rules that were already broken by upgrade, or just prevent 6.31.2 and newer upgrades from breaking them?
HOPE that this is not what happens.
the second bad thing is that connection-state="" works just like connection-state=invalid,established,related,newYour fears match reality unfortunately, which is why I wanted to confirm how the fix is handled and if this affects the 6.38 branch. Having a rule at the top that changes from "established,related" to "anything" is bad indeed.
[admin@MikroTik] > /interface bridge add
[admin@MikroTik] > /interface bridge port add bridge=bridge1 interface=ether10
[admin@MikroTik] > /interface bridge settings set use-ip-firewall=yes
[admin@MikroTik] > /ip firewall filter add chain=forward in-bridge-port=ether9
[admin@MikroTik] > /ip firewall filter add chain=forward in-bridge-port=ether10
input does not match any value of interface
[admin@MikroTik] > /ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic
0 I ;;; in/out-bridge-port matcher not possible when interface (ether9) is not slave
chain=forward in-bridge-port=ether9
[admin@MikroTik] > /interface bridge port add bridge=bridge1 interface=ether9
[admin@MikroTik] > /ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=forward in-bridge-port=*A
I Have the same problem with 6.37.2 and had to downgrade.micromaxi - Please write to support@mikrotik.com and send backup file so we can test it by ourselves. I have tested this and with default configuration I do not see any problems after upgrade;
darkprocess - Make sure that DHCP client is configured on master interface. It must not be configured on slave interface;
Do you have DHCP-client on slave interface?On wapAC after upgrading from 6.37.1, it was unable to get a dhcp address lease. I needed to downgrade back to make it have a lease again.
It's a wAPac so no master slave ports !!!
my wAPac is configured as a CAP.
eth1 is configured as dhcp-client.
6.37.1 i get a dhcp lease
6.37.2 i don't get a dhcp lease.
the wAPac is connected to a RB3011 (still on 6.37.1) i can see that it's unable to allocate the lease to the wAPac running on 6.37.2
That's not the issue here - the issue is that in/out-bridge-port rules doesn't work anymore:Nissarin - This is not related with this RouterOS version. When interface is used as standalone interface it is not the same thing as interface which is, for example, in bridge.
.................Do you have DHCP-client on slave interface?................It's a wAPac so no master slave ports !!!.......................
You should set it on the bridge, never a slave interface. They fixed that bug.In 6.37.2 the ether-interfaces are missing for dhcp-client.
I'm simply using a LAN-Bridge containing ether1
Yes, worked for me also on 6.37.2. Last time something went wrong when trying dhcp on the bridge. Now testing, hope everything will be ok.Thats right. i changed to the bridge and it works now.
6.37.2 seems to correct my configuration mistake.
Something is broken with this improvement*) firewall - improved "time" option (ranges like 22h-10h now are acceptable);
/ip firewall filter
add action=drop chain=forward comment="Block" disabled=no src-address-list=Some_List time=19h-1d,sun,mon,tue,wed,thu
/ip firewall raw
add action=passthrough chain=prerouting in-interface=sfp-sfpplus1
add action=accept chain=prerouting in-interface=sfp-sfpplus1 src-address-list=RUSIA
add action=drop chain=prerouting dst-address=!200.30.30.0/24 in-interface=sfp-sfpplus1
add action=accept chain=prerouting disabled=yes dst-address=200.30.30.0/24 in-interface=sfp-sfpplus1 limit=20k,20k:packet
add action=accept chain=prerouting disabled=yes dst-address=200.30.30.0/24 dst-limit=10000,10000,dst-address/1m40s in-interface=sfp-sfpplus1
add action=accept chain=prerouting
add action=drop chain=prerouting in-interface=sfp-sfpplus1
09:59:40 caps,error removing stale connection [::ffff:192.168.99.5:46897,Run,CAP-000C42955C76] because of ident conflict with [::ffff:192.168.99.5:57259,Join,CAP-000C42955C7
6]
::ffff:192:168:99:5 on port 46897 and port 57259. Only the ports differ.Hello
any idea why this happens :
Code: Select all09:59:40 caps,error removing stale connection [::ffff:192.168.99.5:46897,Run,CAP-000C42955C76] because of ident conflict with [::ffff:192.168.99.5:57259,Join,CAP-000C42955C7 6]
Are you using NAT between the CAP and the manager?but the question is why i get conflict on the same device
noAre you using NAT between the CAP and the manager?but the question is why i get conflict on the same device
Could not connect to 192.168.88.1 - other end is not responding
Router has been disconnected