v6.39rc [release candidate] is released

Mon Jan 02, 2017 4:51 pm

What's new in 6.39rc4 (2016-Dec-30 07:16):

!) ppp - completely rewritten internal fragmentation algorithm (when MRRU is used), optimized for multicore;
*) capsman - added CAP discovery interface list support;
*) ethernet - renamed "rx-lose" to "rx-loss" in ethernet statistics;
*) health - report fan speed for RB800 and RB1100 when 3-pin fan is being used;
*) led - show warning on print when "modem-signal-threshold" is not available;
*) lte - added error handling for remote AT execute;
*) wAP ac - improved 2.4GHz wireless performance;
*) wireless - added "station-roaming" setting (cli only);
*) wireless - show comment on "security-profile" if it is set (cli only);

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.

lekozs · Mon Jan 02, 2017 5:21 pm

Would you be so kind and shed some light on this line in the changelog:

*) wireless - added "station-roaming" setting (cli only);

Mon Jan 02, 2017 7:25 pm

Would you be so kind and shed some light on this line in the changelog:

*) wireless - added "station-roaming" setting (cli only);

Here is information about this station-roaming:
http://wiki.mikrotik.com/wiki/Manual:In ... on_Roaming

Now you can disable station-roaming if you do not want it or, for example, if you have P2P using 802.11 protocol were you don't have another AP to connect to.

Tue Jan 03, 2017 11:12 am

Hi Guys,

Can I please have more info on *) wAP ac - improved 2.4GHz wireless performance;

e.g. under what situations is performance "improved" ?

I ask as we have had issues with the wAP AC's 2.4Ghz radios and performance to Samsung android devices, as well as WPA group-key issues..

Tue Jan 03, 2017 3:32 pm

When I installed the firmware 6.39 rc4 was my ovpn connection interrupted.
After back downgrade to 6:36 bugfix everything was ok.
This somehow seems like a bug

hknet · Tue Jan 03, 2017 10:25 pm

"ppp optimized for multicore" - on all platforms?

Tue Jan 03, 2017 10:37 pm

I forgot to mention that the firmware proved a rb3011.
Mikrotik will have to resolve this isseu. This is a bug.

coylh · Wed Jan 04, 2017 2:15 am

I hope this one: http://forum.mikrotik.com/viewtopic.php?f=7&t=115180

I'll try the RC and see if it helps.

Hi Guys,

Can I please have more info on *) wAP ac - improved 2.4GHz wireless performance;

e.g. under what situations is performance "improved" ?

I ask as we have had issues with the wAP AC's 2.4Ghz radios and performance to Samsung android devices, as well as WPA group-key issues..

timtasse · Wed Jan 04, 2017 11:56 pm

are there plans to add NAT for IPv6 ?
at home i have dynamic ipv6 from the provider and a static ipv6 net with no flatrate at tunnelprovider.
the simplest solution is to NAT unknown networks und known networks without NAT for static firewall config.

sakirozkan · Thu Jan 05, 2017 10:30 am

Station Roaming feature is available only for 802.11 wireless protocol. when we use background scan on nv2 and use station roaming. is there any work for nv2.

deathmagicmedia · Thu Jan 05, 2017 11:46 am

Please add HTTP POST and HTTP GET to the Dude's notification feature.
This will allow integration into 3rd-party applications such as Telegram (https://core.telegram.org/bots/api).
Quite important to allow toggling between secure and non-secure connections.

Thu Jan 05, 2017 11:50 am

Station Roaming feature is available only for 802.11 wireless protocol. when we use background scan on nv2 and use station roaming. is there any work for nv2.

It is clarified in the manual: http://wiki.mikrotik.com/wiki/Manual:In ... on_Roaming

Thu Jan 05, 2017 4:14 pm

Version 6.39rc7 has been released.
Changes since previous rc:
*) bridge - fixed MAC address learning from switch master-port;
*) capsman - support for communicating frame priority between CAP and CAPsMAN;
*) dhcpv6-client - fixed dhcpv6 rebind on startup;
*) dns - fixed typo in regexp error message;
*) dude - (changes discussed here: http://forum.mikrotik.com/viewtopic.php?f=21&t=116471);
*) firewall - nat action "netmap" now requires to-addresses to be specified;
*) ike2 - allow empty selectors to reach policy handler;
*) ike2 - fixed error packet from initiator on responder reply;
*) ike2 - fixed ph1 initial-contact rare desync;
*) ike2 - fixed traffic selector prefix calculation;
*) ike2 - show peer identity of connected peers;
*) ike2 - update also local port when peer changes port;
*) ipsec - fixed flush speed and SAs on startup;
*) ipsec - fixed peer port export;
*) ipsec - port is used only for initiators;
*) leds - added lte modem access technology trigger;
*) log - added warning when winbox/dude sessions was denied;
*) log - improved firewall log messages when NAT has changed only connection ports;
*) mmips - improved general stability;
*) ovpn - fixed address acquisition when ovpn-in interface becomes slave;
*) proxy - fixed "max-cache-object-size" export;
*) proxy - speed-up almost empty disk cache clean-up;
*) rb1100ahx2 - fixed random counter resets for ether12,13;
*) ssh - fixed high memory consumption when transferring file over ssh tunnel;
*) wireless - fixed issue when wireless interfaces might not show up in CAP mode;
*) wireless - fixed occasional crash on interface disabling;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.

Cha0s · Thu Jan 05, 2017 4:30 pm

are there plans to add NAT for IPv6 ?
at home i have dynamic ipv6 from the provider and a static ipv6 net with no flatrate at tunnelprovider.
the simplest solution is to NAT unknown networks und known networks without NAT for static firewall config.

I've requested this 2 years ago but the NAT Nazis say "it's wrong". Because some IPv6/end2end connectivity ideologists said so.
Those 'No-NAT-on-IPv6' people are becoming worse than Apple fanboys

http://forum.mikrotik.com/viewtopic.php?f=19&t=90564

And a more comprehensive post about NAT usefulness in IPv6 by ZeroByte http://forum.mikrotik.com/viewtopic.php?f=1&t=110925

Thu Jan 05, 2017 4:52 pm

Please do not hijack versoin topic with questions which are not related to release itself.

timtasse, deathmagicmedia - You should create new topic with your request and/or write to support.

Kalpar · Thu Jan 05, 2017 6:19 pm

Hello

!) ppp - completely rewritten internal fragmentation algorithm (when MRRU is used), optimized for multicore;

Can you clarify if this adds any new features for PPP / MRRU? Does this mean that you have added (or will add) PPP Fragmentation reordering / buffering to fix the case where MRRU fragments come in our of order?

--Greg

benoga · Fri Jan 06, 2017 9:24 am

LED off is only for "Currently "RB cAP 2n" and "RB cAP 2nD" ?

I've got the Error on my HAP AC (mipsbe):

[benoga@HAP_AC] > /system leds setting set all-leds-off=immediate
missing values (5)

When HAP AC not support this, then please disable the Setting in CLI and Winbox

greez

Fri Jan 06, 2017 10:41 am

Kalpar - Yes, that is exactly what was done! MRRU works in same way as it did before, but it is now adjusted/updated to multi core age

JHV · Sat Jan 07, 2017 1:22 pm

Version 6.39rc7 has been released.
Changes since previous rc:
*) dhcpv6-client - fixed dhcpv6 rebind on startup;

Rebinding or renewing? And only on startup?
However, the new version solves my problem at least partially.

As I have already described in this thread, DHCPv6 is broken for me since v6.34, If the connection is lost, renewing and rebinding takes 20 minutes. Since v6.39rc this time has been reduced to 10 minutes.

Before v6.34:
PPPoE connected ---> status: bound

After v6.34:
PPPoE connected ---> status: rebinding ---> 10 minutes waiting ---> status: renewing ---> 10 Minutes waiting ---> status: bound

After v6.39rc:
PPPoE connected ---> status: rebinding ---> 10 minutes waiting --- status: bound

msatter · Sat Jan 07, 2017 11:34 pm

Version 6.39rc7 has been released.
Changes since previous rc:
*) dhcpv6-client - fixed dhcpv6 rebind on startup;
Rebinding or renewing? And only on startup?
However, the new version solves my problem at least partially.

As I have already described in this thread, DHCPv6 is broken for me since v6.34, If the connection is lost, renewing and rebinding takes 20 minutes. Since v6.39rc this time has been reduced to 10 minutes.

Before v6.34:
PPPoE connected ---> status: bound

After v6.34:
PPPoE connected ---> status: rebinding ---> 10 minutes waiting ---> status: renewing ---> 10 Minutes waiting ---> status: bound

After v6.39rc:
PPPoE connected ---> status: rebinding ---> 10 minutes waiting --- status: bound

http://forum.mikrotik.com/viewtopic.php ... 16#p575316

I used this command when I scheduled a PPPoE reconnect: ipv6 dhcp-client release 0;

kujo · Sat Jan 07, 2017 11:51 pm

Kalpar - Yes, that is exactly what was done! MRRU works in same way as it did before, but it is now adjusted/updated to multi core age

Can we use L2TP + MRRU over one WAN link of PPPoE provider 1492 MTU/MRU?

Sent from my iPhone using Tapatalk

qiet72 · Sun Jan 08, 2017 2:59 pm

Hi

I have just tried 6.39rc7 on a RB2011UiAS-2HnD-IN. A lot of client equipment seem to connect fine with or without encryption. Unfortunately, an old Intel 2200BG client cannot connect to it no matter if I use WPA2 encryption on it or not. To confirm that the Intel 2200BG card worked, I tested it up against a Broadcom based access point and it connected fine with or without encryption.
I have debug logs turned on. The logs say "disconnected, extensive data loss" when I try with wpa2 encryption. If I use no encryption, the logs say "disconnected, received disassoc: unspecified (1)".

Qiet72

JHV · Sun Jan 08, 2017 4:16 pm

Version 6.39rc7 has been released.
Changes since previous rc:
*) dhcpv6-client - fixed dhcpv6 rebind on startup;
Rebinding or renewing? And only on startup?
However, the new version solves my problem at least partially.

As I have already described in this thread, DHCPv6 is broken for me since v6.34, If the connection is lost, renewing and rebinding takes 20 minutes. Since v6.39rc this time has been reduced to 10 minutes.

Before v6.34:
PPPoE connected ---> status: bound

After v6.34:
PPPoE connected ---> status: rebinding ---> 10 minutes waiting ---> status: renewing ---> 10 Minutes waiting ---> status: bound

After v6.39rc:
PPPoE connected ---> status: rebinding ---> 10 minutes waiting --- status: bound
http://forum.mikrotik.com/viewtopic.php ... 16#p575316

I used this command when I scheduled a PPPoE reconnect: ipv6 dhcp-client release 0;

Thank you for your advice. It works indeed, but needs a delay between enabling PPPoE and dhcp-client release.
Therefore I have altered my script as follows:

/interface pppoe-client disable [find name="pppoe-out1"];
/ipv6 dhcp-client disable [find interface="pppoe-out1"];
/interface pppoe-client enable [find name="pppoe-out1"];
/ipv6 dhcp-client enable [find interface="pppoe-out1"];

This script lacks elegance, but at least it works.

AlexHam · Mon Jan 09, 2017 12:58 am

Doesn't work VLANS between two devices on this firmware.
First device RB1100AHx2 (ppc)
Second device RB750UPr2 (mipsbe).
I installed v6.39rc on both devices.
on both devices I make configure:
RB750UPr2:
/interface bridge
add name=LAN
add name=TRUNC
/interface vlan
add interface=TRUNC name=vlan4 vlan-id=4
/interface bridge port
add bridge=TRUNC interface=ether1
add bridge=LAN interface=ether2
add bridge=LAN interface=vlan4
/ip address
add address=192.168.77.1/24 interface=LAN network=192.168.77.0

RB1100AHx2:
/interface bridge
add name=LAN
add name=TRUNC
/interface vlan
add interface=TRUNC name=vlan4 vlan-id=4
/interface bridge port
add bridge=LAN interface=vlan4
add bridge=TRUNC interface=ether1
/ip address
add address=192.168.77.2/24 interface=LAN network=192.168.77.0

Connect Routers by eth1 ports.
Connect laptop to RB750UPr2 to eht2 port.
I can connect to RB750UPr2. But cannot connect to RB1100AHx2.

This configuration successfully work on 6.37 firmware.

This bug only between RB750UPr2 and RB1100AHx2.
If I use, example, RB750UPr2 and RB Metal 2SHPn, this configuration is work.

irico · Mon Jan 09, 2017 7:10 pm

On a new CHR machine (v6.39rc7 vhdx image), I have an error creating new IPSec Peer from Winbox (v3.7):
- Could not add new IPsec peer - Property not supported (6)

The problem is in the NAT-T property. If winbox is set to "false" the error occurs. It would be good to hide this property for IKE2.

pe1chl · Mon Jan 09, 2017 8:30 pm

Please add another release channel between "bugfix" and "current", e.g. named "previous".
This should be set to the previous "current" version whenever the latest "release candidate" is released as "current".
Often just after release, a lot of new bugs get noticed because people now first run the new "current", and there is
no easy way to install the previous and usually more stable "current" version without going all the way back to "bugfix".
Another option would be to add a "custom" channel with an input field where a certain base version, e.g. 6.37, can be
entered or selected from a reasonable list, and the channel will track the latest minor version within that.

docmarius · Mon Jan 09, 2017 9:07 pm

Now this is a good idea.
I had to downgrade to 6.36.4 instead of 6.37.3, since manual downgrade and reinstalling additional packages is not quite trivial and fast on a running system.

pe1chl · Mon Jan 09, 2017 10:06 pm

I had to downgrade to 6.36.4 instead of 6.37.3, since manual downgrade and reinstalling additional packages is not quite trivial and fast on a running system.

And on the new-style "only 16MB flash" models it is even more difficult...

msatter · Tue Jan 10, 2017 3:56 pm

Version 6.39rc7 has been released.
Changes since previous rc:
Code: Select all
/interface pppoe-client disable [find name="pppoe-out1"];
/ipv6 dhcp-client disable [find interface="pppoe-out1"];
/interface pppoe-client enable [find name="pppoe-out1"];
/ipv6 dhcp-client enable [find interface="pppoe-out1"];
This script lacks elegance, but at least it works.

I checked how long it took to reconnect. I disconnected my PPPoE and stopped the DHCPv6 Client. Started my DHCPv6 Client and then again the PPPoE and the client got bound within two seconds. I have added a while ago the Prefix hint in the DHCPv6 and you can end it with "::" with /subnet then check what the reconnect time is.

pe1chl · Tue Jan 10, 2017 6:03 pm

XS4ALL? It is a bug at their side.
You can work around it by setting up a tool->netwatch of some internet IP (e.g. the nexthop you get for the default route)
and putting this in the "UP script":
/ipv6 dhcp-client release [find status=bound]

This makes the client release and then request the IPv6 prefix when the interface comes up (within a minute).

Dude2048 · Tue Jan 10, 2017 11:16 pm

Maybe I overlooked it but what do you mean with : capsman - added CAP discovery interface list support? (Release notes)

mariuslazar · Wed Jan 11, 2017 10:18 am

Broken:
DHCP over EOIP (no encription)
Some devices don't get IP's even directly connected - Panasonic VOIP phone. Works fine in 3.37.3

pe1chl · Wed Jan 11, 2017 10:50 am

The packet sniffer in WebFig always shows status "unknown" in the top left instead of "running" or "stopped".

Wed Jan 11, 2017 12:32 pm

Broken:
DHCP over EOIP (no encription)
Some devices don't get IP's even directly connected - Panasonic VOIP phone. Works fine in 3.37.3

Please make support output file and send it to support@mikrotik.com so we could see your configuration and reproduce this problem

msatter · Wed Jan 11, 2017 9:12 pm

XS4ALL? It is a bug at their side.
You can work around it by setting up a tool->netwatch of some internet IP (e.g. the nexthop you get for the default route)
and putting this in the "UP script":
/ipv6 dhcp-client release [find status=bound]

This makes the client release and then request the IPv6 prefix when the interface comes up (within a minute).

If you have more information we could ask Mike to look i to it if it can be changed on their side to make it more compatible besides the AVM routers.

pe1chl · Wed Jan 11, 2017 9:17 pm

If you have more information we could ask Mike to look i to it if it can be changed on their side to make it more compatible besides the AVM routers.

Mike says it cannot be changed, and he thinks it is a bug in the router that it keeps the lease when the PPPoE goes down and does
not request a new release immediately when it comes back up. But this is only "common practice", it is not written in the standard.
My workaround with netwatch works, but I would prefer when MikroTik adds a specific "script run when interface comes up" feature.

msatter · Wed Jan 11, 2017 10:39 pm

If you have more information we could ask Mike to look i to it if it can be changed on their side to make it more compatible besides the AVM routers.
Mike says it cannot be changed, and he thinks it is a bug in the router that it keeps the lease when the PPPoE goes down and does
not request a new release immediately when it comes back up. But this is only "common practice", it is not written in the standard.
My workaround with netwatch works, but I would prefer when MikroTik adds a specific "script run when interface comes up" feature.

Thanks and I have now added the Netwatch and I found that only this one worked for me: /ipv6 dhcp-client release [find status=rebinding...]

When I down and up the PPPoE the "bound" will change directly in "rebinding..." and I have set a 5 second check.

This also works: /ipv6 dhcp-client release [find status!=bound]

pe1chl · Thu Jan 12, 2017 12:31 am

It may be that the required command is different for 6.39rc because changes were made to try to fix it.
Maybe it is better to select on some other value as there usually will be only one entry and that is the one to be released.

msatter · Thu Jan 12, 2017 1:10 am

It may be that the required command is different for 6.39rc because changes were made to try to fix it.
Maybe it is better to select on some other value as there usually will be only one entry and that is the one to be released.

So the behaviour (6.39RC7) is now to renew and if necessary to rebind and that is a I think the normal way. Then as an exception on this there could be a option to choose for release when renew does not fetch the address. Or to renew-->rebind-->release-->renew-->rebind-->release-->etc. as default fetch.

I did see the communication with Mike on this and many thanks for that!

pe1chl · Thu Jan 12, 2017 10:33 am

I now use this command:
/ipv6 dhcp-client release [find interface=pppoe-xs4all]
it now is independent of the state. Of course the interface name has to be adjusted to the locally used name.
(default is pppoe-out1)

efka · Thu Jan 12, 2017 10:41 am

Hi,

hAP ac .6.39rc7. Winbox 3.7.

Couldn't change LED settings:

<Coldn't change LED Settings - action failed (5)>

Fri Jan 13, 2017 1:26 pm

6.39rc12 has been released.
Changes since previous version:

!) quickset - configuration changes are now applied only on "OK" and "Apply" (not on mode change);
!) winbox - minimal required version is v3.8 (because of new quickset);
*) bridge - disallow manual removal of dynamic bridge ports;
*) bridge - fixed access loss to device through bridge if master port had a loop (introduced in v6.38);
*) bridge - fixed rare conflicts between hardware and software STP (introduced in v6.38);
*) certificate - added year cap (invalid-after date will not exceed year 2039);
*) certificate - allow CRL address to be specified as DNS name;
*) certificate - fixed fail on import from CAPs when both key and name already exist;
*) dhcpv6-server - fixed server removal crash if static binding was present;
*) dude - (changes discussed here: http://forum.mikrotik.com/viewtopic.php?f=21&t=116471);
*) fan - improved RPM monitor on CCR1009;
*) firewall - fixed import of exported configuration that had updated "limit" setting;
*) graphs - fixed graph disappearance after power outage;
*) ike1 - fixed ph1 rekey in setups with mode-cfg;
*) ike2 - auto-negotiate split nets;
*) ike2 - default to tunnel mode in setups without policy;
*) ike2 - fixed initiator TS updating;
*) ike2 - fixed policy setting for /0 selector with different address families;
*) ike2 - fixed split policy active flag;
*) ike2 - fixed xauth add check;
*) ike2 - include identity in peer address info;
*) ike2 - log empty TS payload;
*) ike2 - minor logging update;
*) ike2 - traffic selector improvements;
*) ike2 - use first split net for empty TS;
*) ike2 - use standard retransmission timers for DPD;
*) ike2 - xauth like auth method with user support;
*) ipsec - added ability to kill particular remote-peer;
*) ipv6 - added warning about having interface MTU less than minimal IPv6 packet fragment (1280);
*) leds - added LTE modem access technology trigger;
*) leds - do not update single LED state when it is not changed;
*) license - fixed demo license expiration after installation on x86;
*) logs - work on false CPU/RAM overclocked alarms;
*) mpls - fixed crash on active tunnel loss in MPLS TE setups;
*) ppp - fixed rare kernel failure on PPP client connection;
*) pppoe - make default keepalive 10s for PPPoE clients;
*) profile - classify ethernet driver activity properly in ARM architecture;
*) quickset - various small changes;
*) rb751u - fixed ethernet LEDs (broken since 6.38rc16);
*) tr069-client - added connection request authentication;
*) tr069-client - added parameters for DNS client management support;
*) tr069-client - generate random connection request target path;
*) webfig - allow shorten bytes to k,M,G in firewall "connection-bytes" and "connection-rates";
*) webfig - show properly large BGP AS numbers;
*) winbox - added "add-relay-info" and "relay-info-remote-id" to DHCP relay;
*) winbox - added "group-key-update" to CAPsMAN security settings;
*) winbox - added "make-static" to IPv6 DHCP server bindings;
*) winbox - added "prefix-pool" to DHCPv6 server binding;
*) winbox - added IPsec to radius services;
*) winbox - added upstream flag to IGMP proxy interfaces;
*) winbox - allow shorten bytes to k,M,G in bridge firewall just like in "/ip firewall";
*) winbox - allow shorten bytes to k,M,G in firewall "connection-bytes" and "connection-rates";
*) winbox - allow to change user password to empty one;
*) winbox - allow to specify "connection-bytes" & "connection-rate" for any protocol in "/ip firewall" rules;
*) winbox - allow to specify "sip-timeout" under ip firewall service-ports;
*) winbox - allow to specify certificate type when exporting it;
*) winbox - allow to specify interfaces that CAPsMAN can use for management;
*) winbox - do not create empty rates.vht-basic/supported-mcs if not specified in CAPsMAN;
*) winbox - do not create time field when copying CAPsMAN access list entry;
*) winbox - do not try to disable dynamic items from firewall tables;
*) winbox - fixed typo in "/system resources pci" list;
*) winbox - hide "nat-traversal" setting in IPsec peer if IKEv2 is selected;
*) winbox - removed "sfp-rate-select" setting from ethernet interface;
*) winbox - show dynamic IPv6 pools properly;
*) winbox - show errors on IPv6 addresses ;
*) winbox - specify metric for "/ip dns cache-used" setting;
*) winbox - updated fan management menu;
*) wireless - added "station-roaming" setting;
*) wireless - fixed rare wireless ac interface lockup;
*) wireless - show comment on "security-profile" if it is set;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.

Valexus · Fri Jan 13, 2017 1:56 pm

*) wireless - fixed rare wireless ac interface lockup;

Please tell me that this is the problem on the "hap AC" when the wireless interface is running but not visible or flapping?

amokkatmt · Fri Jan 13, 2017 3:45 pm

Can anyone confirm this viewtopic.php?f=21&t=116821&p=577546 ?

Chupaka · Fri Jan 13, 2017 4:16 pm

Can anyone confirm this viewtopic.php?f=21&t=116821&p=577546 ?

yep, WinBox 3.8 doesn't allow to edit src/dst-port even on previous versions of ROS

Sat Jan 14, 2017 12:27 am

Wow that's a massive changelog for a RC.

Some awesome stuff in there.

cheeze · Sat Jan 14, 2017 1:18 am

mpls - fixed crash on active tunnel loss in MPLS TE setups;

Can we ask what this entails?

liamalxd · Sat Jan 14, 2017 8:47 pm

*) fan - improved RPM monitor on CCR1009;

woo

very happy about this.

LynxChaus · Mon Jan 16, 2017 5:35 pm

wireless still broken. my old phone Lenovo A660 can't connect to AP after 6.37 migration anymore.

notToNew · Mon Jan 16, 2017 5:44 pm

wireless still broken. my old phone Lenovo A660 can't connect to AP after 6.37 migration anymore.

Stay at 6.36.4 or disable encryption in newer releases as workaround

Tue Jan 17, 2017 9:15 am

Version 6.39rc13 has been released,

Changes since previous version:

*) capsman - fixed SGI (Short Guard Interval) support;
*) dude - (changes discussed here: http://forum.mikrotik.com/viewtopic.php?f=21&t=116471);
*) firewall - added "fasttrack" dummy rule to "/ip firewall raw" table;
*) ike2 - also kill IKEv2 connections on proposal change;
*) ike2 - fixed ph2 state when sending notify;
*) ike2 - fixed proposal change crash;
*) ike2 - fixed responder TS updating on wild match;
*) ipsec - keep policy in kernel even with bad proposal;
*) ipsec - kill ph2 on policy removal;
*) lte - added support for Vodafone R216 (Huawei);
*) switch - fixed crash when trying to configure second master port on the same chipset (RB3011, RB2011, CCR1009-8G-1S+);

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.

Tue Jan 17, 2017 9:32 am

Nice work guys.

It is looking like 6.39 is going to be another massive release.

diegotormes · Tue Jan 17, 2017 5:47 pm

mpls - fixed crash on active tunnel loss in MPLS TE setups;

Can we ask what this entails?

http://forum.mikrotik.com/viewtopic.php?f=14&t=116270

notToNew · Wed Jan 18, 2017 11:46 am

wireless still broken. my old phone Lenovo A660 can't connect to AP after 6.37 migration anymore.
Stay at 6.36.4 or disable encryption in newer releases as workaround

Not good that you stopped supporting 6.36.x and replaced it with 6.37.4!! Not at all!

Wed Jan 18, 2017 4:28 pm

Hi

I have just tried 6.39rc7 on a RB2011UiAS-2HnD-IN. A lot of client equipment seem to connect fine with or without encryption. Unfortunately, an old Intel 2200BG client cannot connect to it no matter if I use WPA2 encryption on it or not. To confirm that the Intel 2200BG card worked, I tested it up against a Broadcom based access point and it connected fine with or without encryption.
I have debug logs turned on. The logs say "disconnected, extensive data loss" when I try with wpa2 encryption. If I use no encryption, the logs say "disconnected, received disassoc: unspecified (1)".

Qiet72

About Intel 2200bg
Last Windows version that supports drivers for this card is Windows XP, last time drivers got update was on 12/10/2009 this card is already legacy
This wireless card had updates fixing various problems problems with authentication. Please update to latest driver version, if that does not help -
Please change your wireless card or stick to older RouterOS releases - WPA2 support workaround for this card won't be added!

Edit:
Should be fixed from 6.39rc33

notToNew · Wed Jan 18, 2017 6:10 pm

Hi
About Intel 2200bg [..] WPA2 support workaround for this card won't be added!
Last supported version for Intel 2200bg 6.36.4

A Client has >50 IP-Cams which does not work with newer ROS, so they are all stuck at 6.36.4?
So why don't you decide to offer the old wireless-cm2 package for newer ROS just for compatibily to such legacy devices?
This will be a deal-breaker for a lot of my customers, who use Mikrotik-Devices on a Campsite! A lot of Caravans and guests
have build-in devices like this, and it is just not possible to explain all those users that their wifi is too old.

Currently are 3007 Clients connected to >100 Mikrotiks, and 6 of them don't work with wireless-rep and newer. I just tested
other hardware of other several other companies, all of them worked.

So I try to suggest 2 possible solutions:
# continou to support 6.36.4 as "old-bugfix".
# offer optional wireless-cm2 package for ROS > 6.39

Wed Jan 18, 2017 6:25 pm

so they are all stuck at 6.36.4?

I'm sorry, but what is wrong with that? Very good and recent version. I have some applications that are restricted to v5.26 for similar reasons. Or all the mipsle devices that are stuck @ v6.32.4

It is impossible to support all the legacy stuff all the time - at some time you have to move on.

notToNew · Wed Jan 18, 2017 6:43 pm

It is impossible to support all the legacy stuff all the time - at some time you have to move on.

You might be right, but other vendors do support this devices. If they stop the support for 6.36.4 now,
it will be old within a year at lest, exactly the timeframe i neew to switch to other hardware.
The only thing I'd like to hear is if MT plans to give some "enhanced" or "longterm" support to 6.36.4 or
if I do have to make plans about exchanging my AP-Devices.

pe1chl · Wed Jan 18, 2017 7:01 pm

It should be no problem to keep your access points at 6.36.4 when you want to support old clients,
after all most of the new functionality and important fixes e.g. for security will only affect the router
functions, and are not important in access points operating in bridge mode.

Fri Jan 20, 2017 2:11 pm

Version 6.39rc15 has been released.
Changes since previous version:

*) bridge - do not add dynamic hardware STP ports if master port isn't capable of hardware STP;
*) dhcpv4-server - do some lease checks only on enabled object;
*) dude - (changes discussed here: http://forum.mikrotik.com/viewtopic.php?f=21&t=116471);
*) firewall - do not show ipv4 fastpath as active if route cache is disabled;
*) ike1 - fixed responder xauth trailing null;
*) ike2 - always limit empty remote selector;
*) ike2 - fixed ph2 state when sending notify;
*) ike2 - fixed state when sending delete packet;
*) ipsec - added last-seen parameter to active connection list;
*) leds - fixed defaults for RBSXT5HacD2nr2;
*) lte - added initial support for Quectel ec25;
*) lte - fixed IPv6 address prefix on interface
*) lte - fixed older standard CEREG parsing;
*) lte - fixed support for Huawei R216;
*) traceroute - small fix;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.

Zorro · Sun Jan 22, 2017 4:50 pm

It is impossible to support all the legacy stuff all the time - at some time you have to move on.
You might be right, but other vendors do support this devices. If they stop the support for 6.36.4 now,
it will be old within a year at lest, exactly the timeframe i neew to switch to other hardware.
The only thing I'd like to hear is if MT plans to give some "enhanced" or "longterm" support to 6.36.4 or
if I do have to make plans about exchanging my AP-Devices.

im afraid that not true.
arches(either that was mips, arm, ppc or x86 branch)that marked "deprecated" ans phased-out from linux toolchain(and kernel thus not be updated as much or at all)aren't supported by, regardless vendor. and few one that still backporting thing trying to keep alive(cicsco/linksys, juniper, etc)doing it not for long.
heck, some vendors aren't properly support(with mission/time-citical security fixes atleast) their Current devices, let alone Legacy. google for example how frequent updates of say alpha or ubiquity or belkin, flextronix or oher ODM or OEM are done.
so nope despite "being pathetic" or "spend too much on PR"(esp compared with "engineering") other vendors usually not bring.

pe1chl · Sun Jan 22, 2017 11:58 pm

After updating to v6.39rc15 I noticed something that I have seen before and disregarded as a coincidence:
By doing the update using "check updates" on the WebGUI I downloaded 6.39rc15 while running 6.39rc7 and
after the reboot the PPPoE interface to my ISP refuses to come up. Disabling and enabling it does not fix it.
Doing another reboot fixes it: PPPoE interface comes up without problem.
As I often have done a second reboot after update for other reasons it never really occurred to me that
this is happening, but I did notice it before.
There may be an issue here, and it could be troublesome as I now also have deployed two routers that I
maintain remotely over the internet and that have PPPoE as well. I would have to go to the site to update them.

pe1chl · Mon Jan 23, 2017 11:36 am

After update to 6.39rc15 I noticed my IPv6 was down. The router did not announce itself on the LAN and WiFi networks
anymore. I went back to 6.38.1 and that fixed it. The PPPoE problem mentioned above did not occur during this downgrade.

Mon Jan 23, 2017 5:26 pm

Version 6.39rc17 has been released.
Changes since previous version:

*) capsman - added save-channel option to speed up frequency selection on CAPsMAN restart;
*) capsman - added support for static virtual interfaces on CAP;
*) dude - (changes discussed here: http://forum.mikrotik.com/viewtopic.php?f=21&t=116471);
*) hotspot - fixed rare kernel crash on multicore systems;
*) ike2 - default to /32 peer address mask;
*) ike2 - fixed EAP message length;
*) ike2 - update calling_station_id radius attribute;
*) ike2 - update radius attributes;
*) ipsec - better responder flag calculator for console;
*) ipsec - hide sa-addrs for transport policies;
*) wireless - apply broadcast bit to DHCP requests when using station-pseudobridge mode;
*) wireless - update Thailand country frequency settings;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.

ditonet · Tue Jan 24, 2017 12:12 am

@strods

Any chance to fix VLAN and bridge problem described here:
http://forum.mikrotik.com/viewtopic.php ... 37#p578951

Regards,

lexbrugman · Tue Jan 24, 2017 1:02 am

I am affected by the following problem since 6.38: http://forum.mikrotik.com/viewtopic.php ... 44#p567223 this is affecting two devices on separate networks for road warrior l2tp/ipsec vpn with psk and radius auth. Version 6.37 and lower work fine with the same configuration.

The post I'm referring to mentions this would've been fixed in one of the 6.38 rc's, but both the 6.38 final and 6.39 rc are still affected.

himvas · Tue Jan 24, 2017 4:52 pm

About
*) wap-ac - fixed performance problems with 2.4GHz wireless (additional reboot after upgrade required);

I have same issue with wAP (RBwAP2nD) - in the same place there are D-Link DAP-2310 and just buyed wAP. I connect from the same device and run iperf. D-Link gives about double speed above wAP. Of course there are only one AP (D-Link or wAP) switched on. And D-Link TX power and sensitivity lower, than wAP. I fighting second day , try all possible modes for wAP - no result.
Maybe there are similar solution for wAP as for wAP AC?

Tue Jan 24, 2017 5:59 pm

About
*) wap-ac - fixed performance problems with 2.4GHz wireless (additional reboot after upgrade required);

I have same issue with wAP (RBwAP2nD) - in the same place there are D-Link DAP-2310 and just buyed wAP. I connect from the same device and run iperf. D-Link gives about double speed above wAP. Of course there are only one AP (D-Link or wAP) switched on. And D-Link TX power and sensitivity lower, than wAP. I fighting second day , try all possible modes for wAP - no result.
Maybe there are similar solution for wAP as for wAP AC?

Regular wAP doesn't have such problem. Please contact support@mikrotik.com with detailed explanation on your test, we will try to assist in your problem with wAP board.

facubertran · Tue Jan 24, 2017 10:37 pm

Hi, i need a function similar to "show running config", to be able show the config in CLI. It's possible?

Tue Jan 24, 2017 11:13 pm

Hi, i need a function similar to "show running config", to be able show the config in CLI. It's possible?

That's exactly what /export does.

notToNew · Wed Jan 25, 2017 1:16 pm

im afraid that not true.
arches(either that was mips, arm, ppc or x86 branch)that marked "deprecated" ans phased-out from linux toolchain(and kernel thus not be updated as much or at all)aren't supported by, regardless vendor. and few one that still backporting thing trying to keep alive(cicsco/linksys, juniper, etc)doing it not for long.
heck, some vendors aren't properly support(with mission/time-citical security fixes atleast) their Current devices, let alone Legacy. google for example how frequent updates of say alpha or ubiquity or belkin, flextronix or oher ODM or OEM are done.
so nope despite "being pathetic" or "spend too much on PR"(esp compared with "engineering") other vendors usually not bring.

I'm afraid, thats not the full truth aswell. It doesn't seem that MT did change the kernel in 6.37.x, as they planned to change the kernel in 7.x. If you know more, just tell me.
Anyway, I need a device where most of my customer-devices work, so i need the information if ROS 6.36.4 will still get an update if they find a security-whole in any of the other components.
It seems that they stopped this kind of support, and that's why I have to consider a change of the Hardware. I currently test ruckus (which works), FortiAP (which Works) and a cheap netgear, which works with those old devices aswell.

Wed Jan 25, 2017 1:41 pm

Version 6.39rc19 has been released.
Changes since previous version:

*) bridge - fixed STP/RSTP packet receive on all types of bridge ports;
*) ike2 - fixed ISA handler object removal on SA delete;
*) ippool - return proper error message when trying to create duplicate name;
*) leds - changed error message on unsupported board;
*) lte - fixed network mode selection for me909u, mu609;
*) lte - fixed user-command;
*) tr069-client - added DHCP server support;
*) tr069-client - added support for managing "/system/identity/" value;
*) tr069-client - added support for memory and CPU load parameters;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.

facubertran · Wed Jan 25, 2017 5:43 pm

Hi, i need a function similar to "show running config", to be able show the config in CLI. It's possible?
That's exactly what /export does.

Yes, but for example, ssh admin@192.168.88.1 show-config | Grep ether1 is not possible with export, or yes?

Wed Jan 25, 2017 5:59 pm

Yes, but for example, ssh admin@192.168.88.1 show-config | Grep ether1 is not possible with export, or yes?

This:

ssh admin@192.168.88.1 "/export"

works like a charm for me. Have you even bothered to try it yourself before asking?

mrz · Wed Jan 25, 2017 6:04 pm

Probably he asked built in grep. RouterOS does not have that, but you can still do on linux

ssh admin@x.x.x.x "/export" | grep ether1

facubertran · Wed Jan 25, 2017 6:17 pm

Yes, but for example, ssh admin@192.168.88.1 show-config | Grep ether1 is not possible with export, or yes?
This:
Code: Select all
ssh admin@192.168.88.1 "/export"
works like a charm for me. Have even bothered to try it yourself before asking?

I apologize, it's true, when I tried it a while back I had not worked but then I did not try again. Thank you.

asik · Thu Jan 26, 2017 12:27 pm

On device QRT AC, winbox 3.10, ROS 6.38 - 6.38.1 and 6.39rc19 release i don't see settings for HT MCS on wlan interface.

Thu Jan 26, 2017 1:17 pm

asik - Thank you for your report. We will try to fix this as soon as possible.

baragoon · Thu Jan 26, 2017 1:59 pm

On device QRT AC, winbox 3.10, ROS 6.38 - 6.38.1 and 6.39rc19 release i don't see settings for HT MCS on wlan interface.

same on hap ac lite with 6.39rc19

Fri Jan 27, 2017 12:33 pm

Version 6.39rc20 has been released.
Changes since previous version:

!) filesystem - fixed rare situation when filesystem went into read-only mode (some configuration might have gotten lost on reboot);
!) filesystem - fixed rare situation when filesystem failed to read all configuration on startup;
*) rb3011 - fixed noise from buzzer after silent boot;
*) tr069-client - added basic stats parameters for some interface types;
*) usb - added missing USB ethernet drivers to arm & tile architecture;
*) webfig - added menubar to quickly select between Webfig, Quickset and Terminal;
*) webfig - fixed tab ordering on Google Chrome;
*) webfig - make Terminal window work within Webfig window;
*) winbox - added H flag to "/ip arp" ;
*) winbox - added missing "use-fan2" and "active-fan2" to "/system health";
*) winbox - added save-selected setting under CAPsMAN channels;
*) winbox - added static-virtual to wireless CAP;
*) winbox - do not hide 00:00:00:00:00:00 MAC address in unpublished ARPs;
*) winbox - fixed matching "connection-state=untracked" connections;
*) winbox - fixed misleading error when trying to export certificate;
*) winbox - increased maximal number of Winbox sessions 20->100;
*) winbox - make "power-cycle-after" show correct value;
*) winbox - make "power-cycle-interval" not to depend on "power-cycle-ping-enabled" in PoE settings;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.

Fri Jan 27, 2017 12:39 pm

!) filesystem - fixed rare situation when filesystem went into read-only mode (some configuration might have gotten lost on reboot);
!) filesystem - fixed rare situation when filesystem failed to read all configuration on startup;

Any more detailed explanation on these? Is this the one that caused some configuration loss issues in v6 since the beginning?

Fri Jan 27, 2017 5:10 pm

macgaiver - Yes, that is correct. However this was really rare situation and could cause issues like - unable to write anything in memory (also add and save configuration since it would be lost after reboot).

pe1chl · Sat Jan 28, 2017 6:21 pm

Version 6.39rc20 has been released.
*) webfig - added menubar to quickly select between Webfig, Quickset and Terminal;

That is great! Even better would be when it lands on the Webfig page after login, maybe only on Quickset when no config has been done before.

NetworkPro · Mon Jan 30, 2017 4:31 pm

6.39rc20 address-list problem

had address list edning in 0/24 changed it to start_ip-dash-end_ip and it broke
the start ip -> dash -> end ip syntax (192.168.1.1-254) does not even work

192.168.1.1-192.168.1.254 - this more explicit one, works

tried to change it again - cant change it anymore to anything

lopar · Mon Jan 30, 2017 5:55 pm

your hyper-v client is a dhcp-client receiving the address from the DHCP server?
Yes. Mikrotik - DHCP server. Guest OS on HOST and HOST himself - clients

In addition - when described error is occurred, the affected clients remaining in "offering" state in DHCP server - Leases table with cycled 30s timeout. Seems like synthethic NIC dont answer on offer from DHCP, while real ones work as usual. In ROS 6.37 all work fine with both NIC.
We have observed exactly this with a UniFi UAP-LR and a Soekris Engineering Net4801 board. We have reverted to 6.37.3 to restore correct DHCP behaviour.

Thanks
Giles.

We also observed exactly this with CRS125 24G-1S-RM and RB2011UiAS-RM routers. 6.38.1 did not fix it. We have reverted to 6.37.3 too. Should it be fixed in future patches?

Tue Jan 31, 2017 9:36 am

NetworkPro - Thank you for report. We will try to fix this as soon as possible.

msatter · Wed Feb 01, 2017 11:42 pm

Today I wanted to readout through a script the IP address present in the "/ip ipsec remote-peers" and I ended up each time with a blank field.
The used code is:

:put [/ip ipsec remote-peers get 0 remote-address];

Then I ran the "print" command in the screen and saw that really the remote-address was present......now when running the script the IP address is show.
Disconnecting and connecting again shows the remote-address in Winbox but not in script until I do a print again.

I don't know if this behaviour is only present in RC20 or also in earlier versions.

Chupaka · Thu Feb 02, 2017 12:27 am

but not in script until I do a print again.

indices were never meant to be used without 'print'. correct form is the following:

:put [/ip ipsec remote-peers get [find where something=blabla] remote-address];

colanderman · Thu Feb 02, 2017 5:22 am

On device QRT AC, winbox 3.10, ROS 6.38 - 6.38.1 and 6.39rc19 release i don't see settings for HT MCS on wlan interface.

Also, radio name and regulatory domain disappeared in 6.38, and tx power table is missing for 5 GHz.

Thu Feb 02, 2017 10:09 am

colanderman - Are you sure that Advanced Mode is enabled on wireless interface?

Thu Feb 02, 2017 10:22 am

Version 6.39rc25 has been released.

Changes since previous version:
!) bridge - added "fast-forward" setting and counters (enabled by default only for new bridges) (CLI only);
!) bridge - added support for special and faster case of fastpath called "fast-forward" (available only on bridges with 2 interfaces);
*) address - fixed crash when address is assigned to another bridge port;
*) bridge - fixed rare crash when hardware STP capable interface gets new “master-port” which already is in bridge;
*) bridge - fixed rare situation when port flapping occurs on bridge ports;
*) bridge - minor improvements in performance when "master-port" is bridge port;
*) graphing - fixed graphing crash when high amount of traffic is processed;
*) tr069-client - added architecture name parameter (X_MIKROTIK_ArchName - vendor specific);
*) tr069-client - added ping diagnostics support;
*) tr069-client - increased performance on GetParameterValues;
*) webfig - added menu bar to quickly select between Webfig, Quickset and Terminal;
*) webfig - fixed delays on key press in terminal;
*) winbox - added missing "use-fan2" and "active-fan2" to "/system health";

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.

Thu Feb 02, 2017 10:54 am

fast-forward is an exciting development

It would be great if Mikrotik did a wiki article on this feature, explaining the use cases and limitations. That way I wont spam support with a bunch of tickets asking you

Thu Feb 02, 2017 3:05 pm

fast-forward is an exciting development

i did some tests with traffic generator on first board i could find (RB750Gr2) - ~20% increase in max throughput, not bad, not bad at all.

Thu Feb 02, 2017 3:57 pm

I have upgraded RB433 to 6.39rc25.
On the other side there is RB3011@6.37.3

I have defined GRE tunnel on both sides, assigned IPs, but only on RB433 I have specified IPSec Secret.
GRE tunnel is working despite the fact that on RB3011 there is no IPSecret specified.
Deactivated tunnels on one, the other, both sides ... no change.

Am I doing sth wrong or IPSec Secret is ignored ?

pe1chl · Thu Feb 02, 2017 7:21 pm

I have upgraded RB433 to 6.39rc25.
On the other side there is RB3011@6.37.3

I have defined GRE tunnel on both sides, assigned IPs, but only on RB433 I have specified IPSec Secret.
GRE tunnel is working despite the fact that on RB3011 there is no IPSecret specified.
Deactivated tunnels on one, the other, both sides ... no change.

Am I doing sth wrong or IPSec Secret is ignored ?

This is normal when you do not pay special attention to the firewall.
The IPsec config is only a shortcut to IPsec to setup a Peer and Policy for GRE traffic, but as long as the
IPsec association is not established the GRE traffic (or other traffic with similar config) will simply be sent
in the clear. When this makes it through to the other side, apparently you are allowing GRE traffic that is
in the clear through your firewall. Not good, I would say.

So, make sure your firewall entries are correct. Like:
add action=accept chain=input ipsec-policy=in,ipsec protocol=gre

colanderman · Thu Feb 02, 2017 10:09 pm

colanderman - Are you sure that Advanced Mode is enabled on wireless interface?

Yes, Advanced Mode or not, these fields do not appear.

Thu Feb 02, 2017 10:49 pm

colanderman - Before you connect to router go to Tools/Clear Cache on Winbox loader and try to test this afterwards.

Thu Feb 02, 2017 11:38 pm

This is normal when you do not pay special attention to the firewall.
The IPsec config is only a shortcut to IPsec to setup a Peer and Policy for GRE traffic, but as long as the...
So, make sure your firewall entries are correct. Like:
add action=accept chain=input ipsec-policy=in,ipsec protocol=gre

I do not understand. It is obvious that there should be proper firewall set of rules to pass GRE and IPSec connection but what is such firewall rule for? How it deals with password?
I assume that I am assigning IPs to secured connection so I assume that addresses are assigned not to pure GRE but to IPSec over GRE so if there is no matching password pair then the IPSec should not be established = no traffic from side to side.
I'm expecting sending data over encrypted tunnel not over simple GRE which carries IPSec traffic.
More, if I have no such rule then there should be no chance to make secured connection so traffic should be blocked.

ditonet · Thu Feb 02, 2017 11:39 pm

@strods
Any info about VLAN belonging to bridge problem described here:
http://forum.mikrotik.com/viewtopic.php ... 37#p578886
Is this bug confirmed by MT staff?

Regards,

msatter · Fri Feb 03, 2017 12:19 am

but not in script until I do a print again.
indices were never meant to be used without 'print'. correct form is the following:
Code: Select all
:put [/ip ipsec remote-peers get [find where something=blabla] remote-address];

Thanks, however in that part there seems nothing can be found to hook with "find where" so I looked again into printing. I am now issuing now "/ip ipsec remote-peers print value-list;" before the line.

pe1chl · Fri Feb 03, 2017 12:27 am

This is normal when you do not pay special attention to the firewall.
The IPsec config is only a shortcut to IPsec to setup a Peer and Policy for GRE traffic, but as long as the...
So, make sure your firewall entries are correct. Like:
add action=accept chain=input ipsec-policy=in,ipsec protocol=gre
I do not understand. It is obvious that there should be proper firewall set of rules to pass GRE and IPSec connection but what is such firewall rule for? How it deals with password?
I assume that I am assigning IPs to secured connection so I assume that addresses are assigned not to pure GRE but to IPSec over GRE so if there is no matching password pair then the IPSec should not be established = no traffic from side to side.
I'm expecting sending data over encrypted tunnel not over simple GRE which carries IPSec traffic.
More, if I have no such rule then there should be no chance to make secured connection so traffic should be blocked.

You expect a lot, but it does not work like that!
IPsec policies define what traffic is encrypted and all traffic that does not match the policies is simply sent unencrypted.
As the policies are dynamically generated (first a phase1 association with the peer as defined in the tunnel interface setup and
then a phase2 policy generated from there), in case the IPsec is not defined at both ends there simply is no encryption.
Many examples for using firewall entries for tunnel over IPsec for MikroTik are simply incorrect. E.g. for GRE/IPsec they list
that protocol 47 is to be allowed, for L2TP/IPsec they list that UDP port 1702 is to be allowed. That is simply wrong, the
extra qualifier ipsec-policy=in,ipsec as mentioned above should be present for those allow rules or else unencrypted traffic
for that protocol will be allowed as well! When you would not allow plain incoming GRE traffic the connection would not
be established. And when you are very worried about sending unencrypted traffic, probably you should also use output
rules to drop GRE traffic when not ipsec-policy=out,ipsec ...

colanderman · Fri Feb 03, 2017 1:06 am

colanderman - Before you connect to router go to Tools/Clear Cache on Winbox loader and try to test this afterwards.

Oh sorry! I mean in webfig, not winbox.

Chupaka · Fri Feb 03, 2017 1:26 pm

but not in script until I do a print again.
indices were never meant to be used without 'print'. correct form is the following:
Code: Select all
:put [/ip ipsec remote-peers get [find where something=blabla] remote-address];
Thanks, however in that part there seems nothing can be found to hook with "find where" so I looked again into printing. I am now issuing now "/ip ipsec remote-peers print value-list;" before the line.

If there's only one peer, then just use [find], without 'where' part

parham · Fri Feb 03, 2017 2:16 pm

In iPad Safari terminal tab seems ok but won't bring the keyboard up. with out the keyboard can't do anything.

msatter · Fri Feb 03, 2017 2:32 pm

but not in script until I do a print again.
indices were never meant to be used without 'print'. correct form is the following:
Code: Select all
:put [/ip ipsec remote-peers get [find where something=blabla] remote-address];
Thanks, however in that part there seems nothing can be found to hook with "find where" so I looked again into printing. I am now issuing now "/ip ipsec remote-peers print value-list;" before the line.
If there's only one peer, then just use [find], without 'where' part

Indeed that works and there is a problem is when the first IPSEC connect did not work and you had to reconnect. Then there are more connections active of which the invalid ones will timeout eventually. Only one remote-dynamic-address isn't working and I get than an error that the template is invalid.

So I get then as message "invalid internal item number" so I will stick with the "print value-list" and then I can check each line.

:put /ip ipsec remote-peers> :put [/ip ipsec remote-peers get [find] remote-address ];
invalid internal item number

Thanks again for the help on this.

Fri Feb 03, 2017 5:28 pm

...You expect a lot, but it does not work like that!....
IPsec policies define what traffic is encrypted and all traffic that does not match the policies is simply sent unencrypted. ....

Thank you for long explanation but I expect, seems that I am wrong at this point, that If I specify passwords, the tunnel will not pass traffic if there is no match of password for both ends. Traffic should not be carried without encryption despite the method of generating policies.

pe1chl · Fri Feb 03, 2017 6:55 pm

With the proper firewall entries at both ends that would be true.
Put this in your input chain at both sides BEFORE the Established/Related entry.
/ip firewall filter
add action=reject chain=input comment="reject unprotected GRE" ipsec-policy=in,none protocol=gre reject-with=icmp-admin-prohibited

w32pamela · Sat Feb 04, 2017 4:56 pm

colanderman - Before you connect to router go to Tools/Clear Cache on Winbox loader and try to test this afterwards.
Oh sorry! I mean in webfig, not winbox.

Just to echo colanderman, Frequency Mode, Country & Antenna Gain are missing from webfig Wireless details in Advanced Mode. This problem is present in v6.38 and continues in v6.39RC. If I open Winbox and go to wireless advanced mode before I open Webfig then they appear.

The Terminal button does not bring up a functional terminal window in Chrome, Firefox, or IE with Windows 10. All I get is white window without a cursor.

Tue Feb 07, 2017 10:58 am

Version 6.39rc26 has been released.

Changes since previous version:
*) dhcp - do not listen on IPv4/IPv6 client to IPv6 MLD packets;
*) email - check for errors during SMTP exchange process;
*) hotspot - added access to HTTP headers using $(http-header-name);
*) ike1 - added more Radius accounting attributes - "event-timestamp", "acct-session-id", "acct-authentic", "acct-session-time";
*) ipsec - do not require "sa-dst-address" if "action=none" or "action=discard";
*) ipsec - fixed "mode-cfg" verbose export;
*) log - added tr069 topic;
*) tr069-client - added traceroute diagnostics support;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.

me9 · Tue Feb 07, 2017 1:06 pm

Version 6.39rc26 has been released.
Hi.
rb750gr3

anuser · Wed Feb 08, 2017 12:24 pm

- WAP AC 6.39rc26
- users reported that their clients get disconnected randomely
- I watched caps,info logging and found concurrent "disconnected, group key timeout" messages for multiple clients running on 2.4Ghz,
i.e. 5 clients (e.g. with different MAC addresses starting with: 3CE072, F48E92, E0DB10, 64CC2E,5CF7:E6) get dropped at once in this case. I do not know whether this is the reason for this problem...

- Note: This seems to be only on WAP AC devices with serial number starting with 711E06..... (with MAC address starting with 6C:3B:6B) I bought 10 of those last week. On older devices with serial number 65710/69A50/6CBA06 no problems have been reported so far.

Wed Feb 08, 2017 1:20 pm

- WAP AC 6.39rc26
- users reported that their clients get disconnected randomely
- I watched caps,info logging and found concurrent "disconnected, group key timeout" messages for multiple clients running on 2.4Ghz,
i.e. 5 clients (e.g. with different MAC addresses starting with: 3CE072, F48E92, E0DB10, 64CC2E,5CF7:E6) get dropped at once in this case. I do not know whether this is the reason for this problem...

- Note: This seems to be only on WAP AC devices with serial number starting with 711E06..... (with MAC address starting with 6C:3B:6B) I bought 10 of those last week. On older devices with serial number 65710/69A50/6CBA06 no problems have been reported so far.

Could you please write to support@mikrotik.com with the exact SN that experience this problem?
Also if possible maybe you could make a support output file on the wAP ac when this problem happens?

Thu Feb 09, 2017 2:03 pm

Version 6.39rc27 has been released.

Changes since previous version:
*) dhcp-client - added "script" option which executes script on state changes (CLI only);
*) firewall - do not allow to set "time" parameter to 0s for "limit" option;
*) ike2 - always replace empty TSi with configured address if it is available;
*) ipsec - fixed "/ip ipsec policy group export verbose";
*) lte - fixed "/interface lte info X once";
*) ppp-client - added support for Datacard 750UL and DWR-730;
*) snmp - added SSID to CAPsMAN registration table;
*) snmp - improved response speed when multiple requests are received within short period of time;
*) userman - allow access to User Manager users page only through "/user" URL;
*) webfig - improved field layout;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.

Thu Feb 09, 2017 3:18 pm

*) dhcp-client - added "script" option which executes script on state changes (CLI only);

Yay!!!

alexjhart · Fri Feb 10, 2017 1:08 am

*) dhcp-client - added "script" option which executes script on state changes (CLI only);

cool. now I can react to lease instead of scheduling script to do ddns, address-lists, etc. ?

*) snmp - added SSID to CAPsMAN registration table;

Didn't know this was in the works. Looked through release notes. Happy to see it though!
Looks like minor bug though:
`/caps-man registration-table print oid` reports 1.3.6.1.4.1.14988.1.1.1.4.1...
but snmpwalk shows that it is really 1.3.6.1.4.1.14988.1.1.1.5.1...

Fri Feb 10, 2017 11:07 am

Thank you very much for the report about capsman oid values.

jaxx · Fri Feb 10, 2017 6:46 pm

Hi everyone,

I don't post that often, but since 6.38 (now .1 ) (I believe, as I don't recall having the issue before) my CRS is acting very bad, actually, waking me up at night sometimes.
It manages to restart on it's own, but crashes hard enough to leave the remote side of an SFP+ in a bad state (Mellanox cards get over it fine, but I have an Intel Dual AF DA card that never manages to reset itself, (even an ifdown&&rmmod&&modprobe&&ifup doesn't do a thing, needing a warm reboot of the server))... Since this switch is core of my home network, including my ISPs GPON access on a vlan, the good old unbreakable (besides it's PSU) RB1100AH doesn't get along that much neither, sticking DHCP in a "searching" state until I renew manually.
In contrast, when I reboot the switch intentionally, from the CLI or Winbox: everything connected device reacts perfectly fine

I see in the changelog stability improvements for MMIPS, any chance you fixed some stuff on MIPSBE as well ?
Are RCes safe enough to give it a try (afterall it's "just" home, not my real workplace)
Or, what downgrade paths can I go through? seeing many changes on 6.38.x is it even possible ?

Supout.rif doesn't seem to give anything, and it's generated after the crash anyways, but I hooked up a console port and got some non consistent stack traces:

grabserial with timestamping:

# grabserial -T -b 115200 -d /dev/ttyUSB0 -v
Opening serial port /dev/ttyUSB0
115200:8N1:xonxoff=0:rtscts=0
Printing absolute timing information for each line
Use Control-C to stop...


[18:14:36.570195 0.000002] -=< Watchdog IRQ >=-
[18:14:36.593493 0.031310] Call Trace:
[18:14:36.593796 0.000305] <4>{c3ee1ae0} dump_stack+0x8/0x30
[18:14:36.594533 0.000736] <4>{c3ee1ba8} 0xc32742d8 [music_dog@0xc3274000]
[18:14:36.595548 0.001016] <4>{c3ee1bc0} handle_irq_event_percpu+0x64/0x25c
[18:14:36.596584 0.001036] <4>{c3ee1c00} handle_irq_event+0x38/0x68
[18:14:36.597481 0.000897] <4>{c3ee1c18} handle_level_irq+0xc8/0xe8
[18:14:36.598352 0.000871] <4>{c3ee1c30} generic_handle_irq+0x28/0x44
[18:14:36.599264 0.000912] <4>{c3ee1c48} do_IRQ+0xb0/0xc0
[18:14:36.599940 0.000676] <4>{c3ee1c60} music_irq_dispatch+0x50/0x7c
[18:14:36.600867 0.000927] <4>{c3ee1c88} handle_irq_event_percpu+0x64/0x25c
[18:14:36.601928 0.001061] <4>{c3ee1cc8} handle_percpu_irq+0x54/0x84
[18:14:36.602837 0.000909] <4>{c3ee1ce8} generic_handle_irq+0x28/0x44
[18:14:36.603763 0.000927] <4>{c3ee1d00} do_IRQ+0xb0/0xc0
[18:14:36.604461 0.000697] <4>{c3ee1d18} ret_from_irq+0x0/0x4
[18:14:36.605211 0.000750] <4>more trace (sp:c3ee1d80):
[18:14:36.605854 0.000643] <4>{c3ee1d80} addrlist_get_list+0x128/0x1f4 [packet_hook@0xc3000000]
[18:14:36.607333 0.001479] <4>{c3ee1dc0} 0xc24f0118 [music_gmac@0xc24f0000]
[18:14:36.608369 0.001036] <4>{c3ee1de8} 0xc24f0560 [music_gmac@0xc24f0000]
[18:14:36.609411 0.001042] <4>{c3ee1e28} 0xc24f2688 [music_gmac@0xc24f0000]
[18:14:36.610452 0.001041] <4>{c3ee1e68} process_one_work+0x2dc/0x484
[18:14:36.611412 0.000960] <4>{c3ee1ea0} worker_thread+0x23c/0x3e0
[18:14:36.612329 0.000917] <4>{c3ee1ee0} kthread+0x88/0x90
[18:14:36.613784 0.001455] <4>{c3ee1f18} kernel_thread_helper+0x10/0x18
[18:14:36.619372 0.005588] <4>
[18:14:39.089481 2.470104]
[18:14:39.089613 0.000136]
[18:14:39.089665 0.000053] RouterBOOT booter 3.22
[18:14:39.090193 0.000528]
[18:14:39.090243 0.000050] CRS226-24G-2S+
[18:14:39.092686 0.002442]
[18:14:39.092739 0.000054] CPU frequency: 400 MHz
[18:14:39.095527 0.002787]   Memory size:  64 MiB
[18:14:39.100394 0.004867]     NAND size: 128 MiB
[18:14:39.209472 0.109074]
[18:14:39.209592 0.000124] Press any key within 2 seconds to enter setup..
[18:14:41.241416 2.031820]
[18:14:41.241529 0.000118] loading kernel from nand... OK
[18:14:43.523657 2.282122] setting up elf image... OK
[18:14:43.664576 0.140921] jumping to kernel code
[18:14:47.950500 4.285923] Starting...
[18:14:59.544603 11.594102] Starting services...
[18:15:16.490655 16.946053]



[18:15:16.493766 0.003115] mtk-core-switch Login: -=< Watchdog IRQ >=-
[18:37:36.215519 1339.721749] Call Trace:
[18:37:36.218042 0.002527] <4>{c3ee1ad8} dump_stack+0x8/0x30
[18:37:36.221096 0.003054] <4>{c3ee1ba0} 0xc32882d8 [music_dog@0xc3288000]
[18:37:36.224452 0.003357] <4>{c3ee1bb8} handle_irq_event_percpu+0x64/0x25c
[18:37:36.229146 0.004694] <4>{c3ee1bf8} handle_irq_event+0x38/0x68
[18:37:36.232361 0.003215] <4>{c3ee1c10} handle_level_irq+0xc8/0xe8
[18:37:36.235556 0.003194] <4>{c3ee1c28} generic_handle_irq+0x28/0x44
[18:37:36.241172 0.005617] <4>{c3ee1c40} do_IRQ+0xb0/0xc0
[18:37:36.243154 0.001982] <4>{c3ee1c58} music_irq_dispatch+0x50/0x7c
[18:37:36.246397 0.003242] <4>{c3ee1c80} handle_irq_event_percpu+0x64/0x25c
[18:37:36.252114 0.005717] <4>{c3ee1cc0} handle_percpu_irq+0x54/0x84
[18:37:36.255332 0.003219] <4>{c3ee1ce0} generic_handle_irq+0x28/0x44
[18:37:36.257564 0.002232] <4>{c3ee1cf8} do_IRQ+0xb0/0xc0
[18:37:36.260583 0.003018] <4>{c3ee1d10} ret_from_irq+0x0/0x4
[18:37:36.266012 0.005429] <4>more trace (sp:c3ee1da8):
[18:37:36.267971 0.001959] <4>{c3ee1da8} 0xc339853c [music_gmac@0xc3398000]
[18:37:36.271336 0.003365] <4>{c3ee1de8} 0xc339853c [music_gmac@0xc3398000]
[18:37:36.277050 0.005714] <4>{c3ee1e28} 0xc339a688 [music_gmac@0xc3398000]
[18:37:36.280422 0.003372] <4>{c3ee1e68} process_one_work+0x2dc/0x484
[18:37:36.285009 0.004588] <4>{c3ee1ea0} worker_thread+0x23c/0x3e0
[18:37:36.288212 0.003203] <4>{c3ee1ee0} kthread+0x88/0x90
[18:37:36.291237 0.003025] <4>{c3ee1f18} kernel_thread_helper+0x10/0x18
[18:37:36.296519 0.005282] <4>
[18:37:38.768090 2.471566]
[18:37:38.768223 0.000137]
[18:37:38.768275 0.000053] RouterBOOT booter 3.22
[18:37:38.768736 0.000461]
[18:37:38.768782 0.000046] CRS226-24G-2S+
[18:37:38.771277 0.002494]
[18:37:38.771333 0.000057] CPU frequency: 400 MHz
[18:37:38.773122 0.001789]   Memory size:  64 MiB
[18:37:38.777983 0.004860]     NAND size: 128 MiB
[18:37:38.887068 0.109081]
[18:37:38.887186 0.000123] Press any key within 2 seconds to enter setup..
[18:37:40.919999 2.032808]
[18:37:40.920113 0.000119] loading kernel from nand... OK
[18:37:43.202189 2.282072] setting up elf image... OK
[18:37:43.342161 0.139971] jumping to kernel code
[18:37:47.629077 4.286916] Starting...
[18:37:59.209126 11.580047] Starting services...
[18:38:16.450197 17.241073]

[/size]

I sense the CPU gets hogged up quite easily, but as much as I can say, I've not used anything that might be out of a purely hardware switch-chip managed configuration (besides giving it an IP and the LCD), the cpu is generally under low load, including at night when I have ~200Mbs of internet traffic going through it twice (ISP>CRS>RB>CRS>SFP attached server)

Well, merely a bottle in the sea, hoping I'm not the only one seeing odd things

Anyway of making kernel related messages and crashes more verbose on the console ?

Thanks,
JaXX

For the curious: here's the dmesg of the server with the Intel Card when the switch crash-reboots on it's own: I've updated kernel from old 3.x to a 4.9 with the exact same phenomenon
(An Intel Dual AF-DA in a Proliant Micro Server Gen3)

[Sun Feb  5 09:46:53 2017] ------------[ cut here ]------------
[Sun Feb  5 09:46:53 2017] WARNING: CPU: 0 PID: 0 at /home/zumbi/linux-4.9.2/net/sched/sch_generic.c:316 dev_watchdog+0x220/0x230
[Sun Feb  5 09:46:53 2017] NETDEV WATCHDOG: eth1 (ixgbe): transmit queue 1 timed out
[Sun Feb  5 09:46:53 2017] Modules linked in: tun rfcomm bnep parport_pc bluetooth ppdev lp rfkill parport xt_multiport iptable_filter ip_tables x_tables fuse nfsd auth_rpcgss nfs_acl nfs lockd grace fscache sunrpc bridge 8021q garp mrp stp llc loop amd64_edac_mod amdkfd edac_mce_amd edac_core kvm_amd radeon kvm ttm irqbypass pcspkr k10temp drm_kms_helper evdev drm i2c_algo_bit tpm_infineon acpi_cpufreq tpm_tis button tpm_tis_core sp5100_tco tpm i2c_piix4 shpchp ext4 crc16 jbd2 fscrypto mbcache dm_mod raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c crc32c_generic md_mod hid_generic usbhid hid sr_mod cdrom sg sd_mod ata_generic ohci_pci tg3 pata_atiixp libphy ixgbe ahci libahci libata ehci_pci ohci_hcd dca ptp pps_core mdio ehci_hcd scsi_mod fjes usbcore usb_common
[Sun Feb  5 09:46:53 2017] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.9.0-0.bpo.1-amd64 #1 Debian 4.9.2-2~bpo8+1
[Sun Feb  5 09:46:53 2017] Hardware name: HP ProLiant MicroServer, BIOS O41     07/29/2011
[Sun Feb  5 09:46:53 2017]  0000000000000000 ffffffffbe32a1f5 ffff97969fc03e38 0000000000000000
[Sun Feb  5 09:46:53 2017]  ffffffffbe077884 0000000000000001 ffff97969fc03e90 ffff9796960e0000
[Sun Feb  5 09:46:53 2017]  0000000000000000 ffff979696ada740 0000000000000020 ffffffffbe0778ff
[Sun Feb  5 09:46:53 2017] Call Trace:
[Sun Feb  5 09:46:53 2017]  <IRQ>
[Sun Feb  5 09:46:53 2017]  [<ffffffffbe32a1f5>] ? dump_stack+0x5c/0x77
[Sun Feb  5 09:46:53 2017]  [<ffffffffbe077884>] ? __warn+0xc4/0xe0
[Sun Feb  5 09:46:53 2017]  [<ffffffffbe0778ff>] ? warn_slowpath_fmt+0x5f/0x80
[Sun Feb  5 09:46:53 2017]  [<ffffffffbe51fc30>] ? dev_watchdog+0x220/0x230
[Sun Feb  5 09:46:53 2017]  [<ffffffffbe51fa10>] ? dev_deactivate_queue.constprop.27+0x60/0x60
[Sun Feb  5 09:46:53 2017]  [<ffffffffbe0e6210>] ? call_timer_fn+0x30/0x130
[Sun Feb  5 09:46:53 2017]  [<ffffffffbe0e7085>] ? run_timer_softirq+0x215/0x4b0
[Sun Feb  5 09:46:53 2017]  [<ffffffffbe333434>] ? timerqueue_add+0x54/0xa0
[Sun Feb  5 09:46:53 2017]  [<ffffffffbe0e82c8>] ? enqueue_hrtimer+0x38/0x80
[Sun Feb  5 09:46:53 2017]  [<ffffffffbe5fcce6>] ? __do_softirq+0x106/0x292
[Sun Feb  5 09:46:53 2017]  [<ffffffffbe07db08>] ? irq_exit+0x98/0xa0
[Sun Feb  5 09:46:53 2017]  [<ffffffffbe5fcaee>] ? smp_apic_timer_interrupt+0x3e/0x50
[Sun Feb  5 09:46:53 2017]  [<ffffffffbe5fbe02>] ? apic_timer_interrupt+0x82/0x90
[Sun Feb  5 09:46:53 2017]  <EOI>
[Sun Feb  5 09:46:53 2017]  [<ffffffffbe5f9a22>] ? native_safe_halt+0x2/0x10
[Sun Feb  5 09:46:53 2017]  [<ffffffffbe5f9748>] ? default_idle+0x18/0xd0
[Sun Feb  5 09:46:53 2017]  [<ffffffffbe02fb48>] ? amd_e400_idle+0x58/0xd0
[Sun Feb  5 09:46:53 2017]  [<ffffffffbe0bc070>] ? cpu_startup_entry+0x1f0/0x260
[Sun Feb  5 09:46:53 2017]  [<ffffffffbed49f84>] ? start_kernel+0x46d/0x48d
[Sun Feb  5 09:46:53 2017]  [<ffffffffbed49120>] ? early_idt_handler_array+0x120/0x120
[Sun Feb  5 09:46:53 2017]  [<ffffffffbed495b9>] ? x86_64_start_kernel+0x152/0x176
[Sun Feb  5 09:46:53 2017] ---[ end trace 1b654a01d52cecd3 ]---
[Sun Feb  5 09:46:53 2017] ixgbe 0000:02:00.0 eth1: initiating reset due to tx timeout
[Sun Feb  5 09:46:53 2017] ixgbe 0000:02:00.0 eth1: Reset adapter
[Sun Feb  5 09:46:53 2017] ixgbe 0000:02:00.0 eth1: RXDCTL.ENABLE on Rx queue 0 not cleared within the polling period
[Sun Feb  5 09:46:53 2017] ixgbe 0000:02:00.0 eth1: RXDCTL.ENABLE on Rx queue 1 not cleared within the polling period
[Sun Feb  5 09:46:56 2017] ixgbe 0000:02:00.0 eth1: detected SFP+: 0
[Sun Feb  5 09:46:58 2017] ixgbe 0000:02:00.0 eth1: NIC Link is Up 10 Gbps, Flow Control: RX/TX
[Sun Feb  5 09:47:08 2017] ixgbe 0000:02:00.0 eth1: initiating reset due to tx timeout
[Sun Feb  5 09:47:08 2017] ixgbe 0000:02:00.0 eth1: Reset adapter
[Sun Feb  5 09:47:08 2017] ixgbe 0000:02:00.0 eth1: RXDCTL.ENABLE on Rx queue 0 not cleared within the polling period
[Sun Feb  5 09:47:08 2017] ixgbe 0000:02:00.0 eth1: RXDCTL.ENABLE on Rx queue 1 not cleared within the polling period
[Sun Feb  5 09:47:11 2017] ixgbe 0000:02:00.0 eth1: detected SFP+: 0
[Sun Feb  5 09:47:13 2017] ixgbe 0000:02:00.0 eth1: NIC Link is Up 10 Gbps, Flow Control: RX/TX
[Sun Feb  5 09:47:23 2017] ixgbe 0000:02:00.0 eth1: initiating reset due to tx timeout
[Sun Feb  5 09:47:23 2017] ixgbe 0000:02:00.0 eth1: Reset adapter
[Sun Feb  5 09:47:23 2017] ixgbe 0000:02:00.0 eth1: RXDCTL.ENABLE on Rx queue 0 not cleared within the polling period
[Sun Feb  5 09:47:23 2017] ixgbe 0000:02:00.0 eth1: RXDCTL.ENABLE on Rx queue 1 not cleared within the polling period
[Sun Feb  5 09:47:26 2017] ixgbe 0000:02:00.0 eth1: detected SFP+: 0
[Sun Feb  5 09:47:28 2017] ixgbe 0000:02:00.0 eth1: NIC Link is Up 10 Gbps, Flow Control: RX/TX
[Sun Feb  5 09:47:38 2017] ixgbe 0000:02:00.0 eth1: initiating reset due to tx timeout
[Sun Feb  5 09:47:38 2017] ixgbe 0000:02:00.0 eth1: Reset adapter
[Sun Feb  5 09:47:38 2017] ixgbe 0000:02:00.0 eth1: RXDCTL.ENABLE on Rx queue 0 not cleared within the polling period
[Sun Feb  5 09:47:38 2017] ixgbe 0000:02:00.0 eth1: RXDCTL.ENABLE on Rx queue 1 not cleared within the polling period
[Sun Feb  5 09:47:41 2017] ixgbe 0000:02:00.0 eth1: detected SFP+: 0

[/size]

alexjhart · Fri Feb 10, 2017 8:14 pm

Thank you very much for the report about capsman oid values.

Happy to help

gtj · Sat Feb 11, 2017 8:30 pm

Whose ever idea it was to add a "Terminal" button to the top of the WebFig pages deserves a BIG PAY RAISE!

pe1chl · Sat Feb 11, 2017 10:11 pm

Whose ever idea it was to add a "Terminal" button to the top of the WebFig pages deserves a BIG PAY RAISE!

And even more important (the terminal button was already in the left menu): finally the Quickset interface is hidden once you
no longer need it, no more risk to disturb the whole config by clicking a wrong button on the startpage! Hooray!

gtj · Sun Feb 12, 2017 5:50 pm

(the terminal button was already in the left menu)

To be honest the left menu makes me NUTS because the items can be in different places even on 2 identical devices. Maybe it has something to do with the order packages are installed but IPv6 and PPP seem to be the biggest offenders. Sometimes IPv6 is above IP, sometimes below and on my ccr, it's between Tools and Radius.

pe1chl · Sun Feb 12, 2017 8:27 pm

Interesting, I have not seen that problem. IPv6 is in a strange position (not just below IP) but it does not vary for me.
Maybe it depends on the browser or the way the system was installed.

msatter · Thu Feb 16, 2017 10:10 am

I am still on RC25 and read that the DHCP-Client has got script fields. Is this also available on up/down of IPv6?

The Wiki is updated with variables for DHCP-IPv6: http://wiki.mikrotik.com/index.php?titl ... 062#Script

It is possible to add a script that will be executed when a prefix or an address is acquired and applied or expires and is removed using DHCP client. There are separated sets of variables that will have the value set by the client depending on prefix or address status change as the client can acquire both and each of them can have a different effect on the router configuration.

Available variables for dhcp-client

pd-valid - value - 1 or 0 - if prefix is acquired and it is applied or not
pd-prefix - value ipv6/num (ipv6 prefix with mask) - the prefix inself
na-valid - value - 1 or 0 - if address is acquired and it is applied or not
na-address - value - ipv6 address - the address

Thanks for working on the Wiki to keep it up to date and it great to use to implement/lookup things and a must read before posting in the forum.

Fri Feb 17, 2017 1:32 pm

Version 6.39rc33 has been released.

Changes since previous version:
!) winbox - minimal required version is v3.11;
*) capsman - added support for static virtual interfaces on CAP;
*) chr - fixed problem when transmit speed was reduced by interface queues;
*) defconf - fixed Groove 52 ac band settings;
*) dhcp-client - added "script" option which executes script on state changes;
*) dhcpv4-server - added "lease-hostname" script parameter;
*) dhcpv6-server - require "address-pool" to be specified;
*) export - do not show "read-only" IRQ entries;
*) gps - added "fix-quality" and "horizontal-dilution" parameters;
*) ike1 - fixed unnecessary Radius accounting requests;
*) ike1 - fixed "xauth" Radius login;
*) ike2 - update peer identity after successful EAP authentication;
*) irq - properly detect all IRQ entries;
*) log - added "gps" topic;
*) log - make SNMP logs more compact;
*) lte - buffer AT events while info command is active;
*) ppp-client - added support for Datacard 750UL and DWR-730;
*) snmp - "No Such Instance" error message is replaced with "No Such Object";
*) snmp - fixed "/tool snmp-get" crash on session timeout;
*) snmp - fixed CAPsMAN registration table OID print;
*) snmp - fixed situation when SNMP could not read "/system health" values after reboot;
*) snmp - improved response speed when multiple requests are received within short period of time;
*) tile - added initial support for NVMe SSD disk drives;
*) tr069-client - fixed "traceroute" parameter IDs;
*) userman - show warning when no users are selected for CSV file generation;
*) winbox - added GPS menu;
*) winbox - allow to not specify certificate in IPSec peer settings;
*) winbox - allow unhide SNMP passwords;
*) winbox - do not hide "power-cycle-after" option;
*) winbox - do not show empty LTE fields in Info menu;
*) winbox - hide advertise tab in Hotspot user profile configuration if "transparent-proxy" is not enabled;
*) winbox - properly name CAP Interface on new interface creation;
*) winbox - properly show BGP communities in routing filters table filter;
*) wireless - added Egypt 5.8 country settings;
*) wireless - fixed scan tool stuck in background;
*) wireless - improved compatibility with Intel 2200BG wireless card;
*) x86 - added support for NVMe SSD disk drives;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.

MayestroPW · Fri Feb 17, 2017 2:22 pm

capsman - added support for static virtual interfaces on CAP;

What it means?

Fri Feb 17, 2017 2:39 pm

capsman - added support for static virtual interfaces on CAP;
What it means?

As I understand, now you should be able to create child (virtual) interfaces under the physical interface that's being managed by CAPsMAN. I have not tried it myself yet, though.

MayestroPW · Fri Feb 17, 2017 3:03 pm

As I understand, now you should be able to create child (virtual) interfaces under the physical interface that's being managed by CAPsMAN. I have not tried it myself yet, though.

That function was already

Fri Feb 17, 2017 3:16 pm

As I understand, now you should be able to create child (virtual) interfaces under the physical interface that's being managed by CAPsMAN. I have not tried it myself yet, though.
That function was already

Nope. It was possible to added slave interface on CAPsMAN (controller), but you could not add slave interface locally on a CAP (managed board) itself. It appears to be possible now.

MayestroPW · Fri Feb 17, 2017 4:03 pm

Nope. It was possible to added slave interface on CAPsMAN (controller), but you could not add slave interface locally on a CAP (managed board) itself. It appears to be possible now.

When you connect CAP to CAPsMAN virtual interface on CAP becomes disabled. I just tested it, and it works same as 6.38.1. So it's not it, but would be awesome if it was that

Fri Feb 17, 2017 4:15 pm

capsman - added support for static virtual interfaces on CAP;
What it means?

CAP supports static interfaces instead of dynamic ones, they do not disappear after reboot and count number is not changed all the time (recognised by mac-address).

td32 · Fri Feb 17, 2017 6:19 pm

So it seams you don't have to do the copy caps setting to a new one just to set a custom name and make the cap static. nice!
Edit:
mm perhaps i didn't understand it right
what i wrote up can already be done by adding a cap manually.

alexjhart · Fri Feb 17, 2017 8:08 pm

Version 6.39rc33 has been released.

Changes since previous version:
...
*) snmp - fixed CAPsMAN registration table OID print;
...

I'm still getting the same incorrect output.

korniza · Sat Feb 18, 2017 6:35 pm

Help people!
I have a script that was reading snmp individual mac address from capsman registration table. After upgrade I can not read any of them.
What is the SNMP oid to get all the wireless clients MAC on capsman (not the count)???!

alexjhart · Sat Feb 18, 2017 6:41 pm

Help people!
I have a script that was reading snmp individual mac address from capsman registration table. After upgrade I can not read any of them.
What is the SNMP oid to get all the wireless clients MAC on capsman (not the count)???!

I posted above (ignore the minor bug they're working on)
`/caps-man registration-table print oid` reports 1.3.6.1.4.1.14988.1.1.1.4.1...
but snmpwalk shows that it is really 1.3.6.1.4.1.14988.1.1.1.5.1...

So if you walk that, you'll see stats for all registered capsman clients, including mac address. Does that make sense?

korniza · Sat Feb 18, 2017 6:47 pm

Help people!
I have a script that was reading snmp individual mac address from capsman registration table. After upgrade I can not read any of them.
What is the SNMP oid to get all the wireless clients MAC on capsman (not the count)???!
I posted above (ignore the minor bug they're working on)
`/caps-man registration-table print oid` reports 1.3.6.1.4.1.14988.1.1.1.4.1...
but snmpwalk shows that it is really 1.3.6.1.4.1.14988.1.1.1.5.1...

So if you walk that, you'll see stats for all registered capsman clients, including mac address. Does that make sense?

I get the following which does not have any MAC address of the clients

 snmpwalk -c public -v 2c 192.168.10.1 1.3.6.1.4.1.14988.1.1.1.5.1
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.3.0.4.32.239.134.9.195 = Timeticks: (140225400) 16 days, 5:30:54.00
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.3.40.16.123.35.106.44.202 = Timeticks: (114602300) 13 days, 6:20:23.00
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.3.44.240.238.73.164.89.204 = Timeticks: (101436600) 11 days, 17:46:06.00
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.3.60.51.0.51.170.194.202 = Timeticks: (151901200) 17 days, 13:56:52.00
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.3.72.238.12.124.113.215.201 = Timeticks: (290717300) 33 days, 15:32:53.00
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.3.92.207.127.1.138.227.193 = Timeticks: (160445600) 18 days, 13:40:56.00
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.3.92.207.127.129.10.170.195 = Timeticks: (160445300) 18 days, 13:40:53.00
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.3.148.16.62.205.37.201.204 = Timeticks: (304600) 0:50:46.00
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.3.164.119.51.168.68.54.194 = Timeticks: (160439000) 18 days, 13:39:50.00
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.3.164.119.51.239.164.100.193 = Timeticks: (3174200) 8:49:02.00
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.3.168.129.149.141.101.106.195 = Timeticks: (160424800) 18 days, 13:37:28.00
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.3.176.197.84.1.85.60.200 = Timeticks: (26533200) 3 days, 1:42:12.00
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.3.176.197.84.2.156.36.201 = Timeticks: (290776200) 33 days, 15:42:42.00
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.3.176.197.84.3.112.103.201 = Timeticks: (290739400) 33 days, 15:36:34.00
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.3.176.197.84.5.105.150.202 = Timeticks: (131831600) 15 days, 6:11:56.00
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.3.238.34.128.108.26.145.206 = Timeticks: (271971200) 31 days, 11:28:32.00
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.4.0.4.32.239.134.9.195 = Counter32: 5821244
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.4.40.16.123.35.106.44.202 = Counter32: 73790913
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.4.44.240.238.73.164.89.204 = Counter32: 14501780
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.4.60.51.0.51.170.194.202 = Counter32: 3251847
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.4.72.238.12.124.113.215.201 = Counter32: 428737
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.4.92.207.127.1.138.227.193 = Counter32: 135337
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.4.92.207.127.129.10.170.195 = Counter32: 480132
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.4.148.16.62.205.37.201.204 = Counter32: 2090
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.4.164.119.51.168.68.54.194 = Counter32: 68642196
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.4.164.119.51.239.164.100.193 = Counter32: 498267
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.4.168.129.149.141.101.106.195 = Counter32: 72654044
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.4.176.197.84.1.85.60.200 = Counter32: 47798728
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.4.176.197.84.2.156.36.201 = Counter32: 230505304
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.4.176.197.84.3.112.103.201 = Counter32: 11839456
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.4.176.197.84.5.105.150.202 = Counter32: 11044643
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.4.238.34.128.108.26.145.206 = Counter32: 2126093
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.5.0.4.32.239.134.9.195 = Counter32: 1536484
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.5.40.16.123.35.106.44.202 = Counter32: 1608283769
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.5.44.240.238.73.164.89.204 = Counter32: 1464379
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.5.60.51.0.51.170.194.202 = Counter32: 3173338763
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.5.72.238.12.124.113.215.201 = Counter32: 829923
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.5.92.207.127.1.138.227.193 = Counter32: 104828
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.5.92.207.127.129.10.170.195 = Counter32: 511559
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.5.148.16.62.205.37.201.204 = Counter32: 4048
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.5.164.119.51.168.68.54.194 = Counter32: 6079397
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.5.164.119.51.239.164.100.193 = Counter32: 170935
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.5.168.129.149.141.101.106.195 = Counter32: 5243963
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.5.176.197.84.1.85.60.200 = Counter32: 1952933251
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.5.176.197.84.2.156.36.201 = Counter32: 908878507
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.5.176.197.84.3.112.103.201 = Counter32: 2161636
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.5.176.197.84.5.105.150.202 = Counter32: 541918651
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.5.238.34.128.108.26.145.206 = Counter32: 5897834
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.6.0.4.32.239.134.9.195 = Counter32: 17605
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.6.40.16.123.35.106.44.202 = Counter32: 1127441
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.6.44.240.238.73.164.89.204 = Counter32: 11616
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.6.60.51.0.51.170.194.202 = Counter32: 35534
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.6.72.238.12.124.113.215.201 = Counter32: 7080
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.6.92.207.127.1.138.227.193 = Counter32: 1268
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.6.92.207.127.129.10.170.195 = Counter32: 7985
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.6.148.16.62.205.37.201.204 = Counter32: 32
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.6.164.119.51.168.68.54.194 = Counter32: 64529
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.6.164.119.51.239.164.100.193 = Counter32: 1744
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.6.168.129.149.141.101.106.195 = Counter32: 61812
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.6.176.197.84.1.85.60.200 = Counter32: 878525
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.6.176.197.84.2.156.36.201 = Counter32: 4235450
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.6.176.197.84.3.112.103.201 = Counter32: 87886
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.6.176.197.84.5.105.150.202 = Counter32: 177603
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.6.238.34.128.108.26.145.206 = Counter32: 26254
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.7.0.4.32.239.134.9.195 = Counter32: 18520
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.7.40.16.123.35.106.44.202 = Counter32: 1360940
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.7.44.240.238.73.164.89.204 = Counter32: 12007
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.7.60.51.0.51.170.194.202 = Counter32: 5942883
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.7.72.238.12.124.113.215.201 = Counter32: 8389
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.7.92.207.127.1.138.227.193 = Counter32: 1323
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.7.92.207.127.129.10.170.195 = Counter32: 8088
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.7.148.16.62.205.37.201.204 = Counter32: 48
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.7.164.119.51.168.68.54.194 = Counter32: 49427
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.7.164.119.51.239.164.100.193 = Counter32: 1304
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.7.168.129.149.141.101.106.195 = Counter32: 64913
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.7.176.197.84.1.85.60.200 = Counter32: 4306854
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.7.176.197.84.2.156.36.201 = Counter32: 9719647
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.7.176.197.84.3.112.103.201 = Counter32: 33413
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.7.176.197.84.5.105.150.202 = Counter32: 3597021
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.7.238.34.128.108.26.145.206 = Counter32: 81421
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.8.0.4.32.239.134.9.195 = Gauge32: 120000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.8.40.16.123.35.106.44.202 = Gauge32: 65000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.8.44.240.238.73.164.89.204 = Gauge32: 104000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.8.60.51.0.51.170.194.202 = Gauge32: 150000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.8.72.238.12.124.113.215.201 = Gauge32: 150000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.8.92.207.127.1.138.227.193 = Gauge32: 48000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.8.92.207.127.129.10.170.195 = Gauge32: 72200000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.8.148.16.62.205.37.201.204 = Gauge32: 26000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.8.164.119.51.168.68.54.194 = Gauge32: 65000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.8.164.119.51.239.164.100.193 = Gauge32: 58500000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.8.168.129.149.141.101.106.195 = Gauge32: 72200000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.8.176.197.84.1.85.60.200 = Gauge32: 150000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.8.176.197.84.2.156.36.201 = Gauge32: 57700000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.8.176.197.84.3.112.103.201 = Gauge32: 65000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.8.176.197.84.5.105.150.202 = Gauge32: 108000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.8.238.34.128.108.26.145.206 = Gauge32: 270000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.9.0.4.32.239.134.9.195 = Gauge32: 54000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.9.40.16.123.35.106.44.202 = Gauge32: 72200000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.9.44.240.238.73.164.89.204 = Gauge32: 130000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.9.60.51.0.51.170.194.202 = Gauge32: 81000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.9.72.238.12.124.113.215.201 = Gauge32: 150000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.9.92.207.127.1.138.227.193 = Gauge32: 48000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.9.92.207.127.129.10.170.195 = Gauge32: 18000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.9.148.16.62.205.37.201.204 = Gauge32: 135000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.9.164.119.51.168.68.54.194 = Gauge32: 65000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.9.164.119.51.239.164.100.193 = Gauge32: 65000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.9.168.129.149.141.101.106.195 = Gauge32: 72200000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.9.176.197.84.1.85.60.200 = Gauge32: 150000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.9.176.197.84.2.156.36.201 = Gauge32: 52000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.9.176.197.84.3.112.103.201 = Gauge32: 65000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.9.176.197.84.5.105.150.202 = Gauge32: 27000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.9.238.34.128.108.26.145.206 = Gauge32: 243000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.10.0.4.32.239.134.9.195 = INTEGER: 0
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.10.40.16.123.35.106.44.202 = INTEGER: 0
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.10.44.240.238.73.164.89.204 = INTEGER: 0
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.10.60.51.0.51.170.194.202 = INTEGER: 0
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.10.72.238.12.124.113.215.201 = INTEGER: 0
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.10.92.207.127.1.138.227.193 = INTEGER: 0
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.10.92.207.127.129.10.170.195 = INTEGER: 0
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.10.148.16.62.205.37.201.204 = INTEGER: 0
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.10.164.119.51.168.68.54.194 = INTEGER: 0
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.10.164.119.51.239.164.100.193 = INTEGER: 0
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.10.168.129.149.141.101.106.195 = INTEGER: 0
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.10.176.197.84.1.85.60.200 = INTEGER: 0
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.10.176.197.84.2.156.36.201 = INTEGER: 0
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.10.176.197.84.3.112.103.201 = INTEGER: 0
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.10.176.197.84.5.105.150.202 = INTEGER: 0
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.10.238.34.128.108.26.145.206 = INTEGER: 0
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.11.0.4.32.239.134.9.195 = INTEGER: -60
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.11.40.16.123.35.106.44.202 = INTEGER: -39
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.11.44.240.238.73.164.89.204 = INTEGER: -65
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.11.60.51.0.51.170.194.202 = INTEGER: -49
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.11.72.238.12.124.113.215.201 = INTEGER: -66
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.11.92.207.127.1.138.227.193 = INTEGER: -69
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.11.92.207.127.129.10.170.195 = INTEGER: -55
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.11.148.16.62.205.37.201.204 = INTEGER: -66
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.11.164.119.51.168.68.54.194 = INTEGER: -59
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.11.164.119.51.239.164.100.193 = INTEGER: -41
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.11.168.129.149.141.101.106.195 = INTEGER: -44
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.11.176.197.84.1.85.60.200 = INTEGER: -61
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.11.176.197.84.2.156.36.201 = INTEGER: -57
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.11.176.197.84.3.112.103.201 = INTEGER: -51
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.11.176.197.84.5.105.150.202 = INTEGER: -55
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.11.238.34.128.108.26.145.206 = INTEGER: -62
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.12.0.4.32.239.134.9.195 = INTEGER: 4607184
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.12.40.16.123.35.106.44.202 = INTEGER: 4596448
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.12.44.240.238.73.164.89.204 = INTEGER: 4596072
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.12.60.51.0.51.170.194.202 = INTEGER: 4597208
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.12.72.238.12.124.113.215.201 = INTEGER: 4664576
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.12.92.207.127.1.138.227.193 = INTEGER: 4602992
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.12.92.207.127.129.10.170.195 = INTEGER: 4600792
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.12.148.16.62.205.37.201.204 = INTEGER: 4596960
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.12.164.119.51.168.68.54.194 = INTEGER: 4619216
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.12.164.119.51.239.164.100.193 = INTEGER: 4584736
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.12.168.129.149.141.101.106.195 = INTEGER: 4544520
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.12.176.197.84.1.85.60.200 = INTEGER: 4601120
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.12.176.197.84.2.156.36.201 = INTEGER: 4607384
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.12.176.197.84.3.112.103.201 = INTEGER: 4664208
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.12.176.197.84.5.105.150.202 = INTEGER: 4538888
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.12.238.34.128.108.26.145.206 = INTEGER: 4542200

looking around I see that THERE IS NO oid for MAC address as there was before! Mikrotik fixed wrong entry issue removing the MAC entry?

/caps-man registration-table print oid
 0 uptime=.1.3.6.1.4.1.14988.1.1.1.4.1.3.176.197.84.2.156.36.201 tx-bytes=.1.3.6.1.4.1.14988.1.1.1.4.1.4.176.197.84.2.156.36.201 rx-bytes=.1.3.6.1.4.1.14988.1.1.1.4.1.5.176.197.84.2.156.36.201 
   tx-packets=.1.3.6.1.4.1.14988.1.1.1.4.1.6.176.197.84.2.156.36.201 rx-packets=.1.3.6.1.4.1.14988.1.1.1.4.1.7.176.197.84.2.156.36.201 tx-rate=.1.3.6.1.4.1.14988.1.1.1.4.1.8.176.197.84.2.156.36.201 
   rx-rate=.1.3.6.1.4.1.14988.1.1.1.4.1.9.176.197.84.2.156.36.201 tx-signal=.1.3.6.1.4.1.14988.1.1.1.4.1.10.176.197.84.2.156.36.201 rx-signal=.1.3.6.1.4.1.14988.1.1.1.4.1.11.176.197.84.2.156.36.201 
   ssid=.1.3.6.1.4.1.14988.1.1.1.4.1.12.176.197.84.2.156.36.201

alexjhart · Sat Feb 18, 2017 7:04 pm

Help people!
I have a script that was reading snmp individual mac address from capsman registration table. After upgrade I can not read any of them.
What is the SNMP oid to get all the wireless clients MAC on capsman (not the count)???!
I posted above (ignore the minor bug they're working on)
`/caps-man registration-table print oid` reports 1.3.6.1.4.1.14988.1.1.1.4.1...
but snmpwalk shows that it is really 1.3.6.1.4.1.14988.1.1.1.5.1...

So if you walk that, you'll see stats for all registered capsman clients, including mac address. Does that make sense?

I get the following which does not have any MAC address of the clients

 snmpwalk -c public -v 2c 192.168.10.1 1.3.6.1.4.1.14988.1.1.1.5.1
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.3.0.4.32.239.134.9.195 = Timeticks: (140225400) 16 days, 5:30:54.00
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.3.40.16.123.35.106.44.202 = Timeticks: (114602300) 13 days, 6:20:23.00
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.3.44.240.238.73.164.89.204 = Timeticks: (101436600) 11 days, 17:46:06.00
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.3.60.51.0.51.170.194.202 = Timeticks: (151901200) 17 days, 13:56:52.00
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.3.72.238.12.124.113.215.201 = Timeticks: (290717300) 33 days, 15:32:53.00
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.3.92.207.127.1.138.227.193 = Timeticks: (160445600) 18 days, 13:40:56.00
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.3.92.207.127.129.10.170.195 = Timeticks: (160445300) 18 days, 13:40:53.00
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.3.148.16.62.205.37.201.204 = Timeticks: (304600) 0:50:46.00
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.3.164.119.51.168.68.54.194 = Timeticks: (160439000) 18 days, 13:39:50.00
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.3.164.119.51.239.164.100.193 = Timeticks: (3174200) 8:49:02.00
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.3.168.129.149.141.101.106.195 = Timeticks: (160424800) 18 days, 13:37:28.00
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.3.176.197.84.1.85.60.200 = Timeticks: (26533200) 3 days, 1:42:12.00
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.3.176.197.84.2.156.36.201 = Timeticks: (290776200) 33 days, 15:42:42.00
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.3.176.197.84.3.112.103.201 = Timeticks: (290739400) 33 days, 15:36:34.00
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.3.176.197.84.5.105.150.202 = Timeticks: (131831600) 15 days, 6:11:56.00
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.3.238.34.128.108.26.145.206 = Timeticks: (271971200) 31 days, 11:28:32.00
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.4.0.4.32.239.134.9.195 = Counter32: 5821244
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.4.40.16.123.35.106.44.202 = Counter32: 73790913
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.4.44.240.238.73.164.89.204 = Counter32: 14501780
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.4.60.51.0.51.170.194.202 = Counter32: 3251847
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.4.72.238.12.124.113.215.201 = Counter32: 428737
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.4.92.207.127.1.138.227.193 = Counter32: 135337
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.4.92.207.127.129.10.170.195 = Counter32: 480132
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.4.148.16.62.205.37.201.204 = Counter32: 2090
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.4.164.119.51.168.68.54.194 = Counter32: 68642196
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.4.164.119.51.239.164.100.193 = Counter32: 498267
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.4.168.129.149.141.101.106.195 = Counter32: 72654044
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.4.176.197.84.1.85.60.200 = Counter32: 47798728
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.4.176.197.84.2.156.36.201 = Counter32: 230505304
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.4.176.197.84.3.112.103.201 = Counter32: 11839456
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.4.176.197.84.5.105.150.202 = Counter32: 11044643
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.4.238.34.128.108.26.145.206 = Counter32: 2126093
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.5.0.4.32.239.134.9.195 = Counter32: 1536484
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.5.40.16.123.35.106.44.202 = Counter32: 1608283769
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.5.44.240.238.73.164.89.204 = Counter32: 1464379
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.5.60.51.0.51.170.194.202 = Counter32: 3173338763
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.5.72.238.12.124.113.215.201 = Counter32: 829923
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.5.92.207.127.1.138.227.193 = Counter32: 104828
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.5.92.207.127.129.10.170.195 = Counter32: 511559
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.5.148.16.62.205.37.201.204 = Counter32: 4048
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.5.164.119.51.168.68.54.194 = Counter32: 6079397
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.5.164.119.51.239.164.100.193 = Counter32: 170935
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.5.168.129.149.141.101.106.195 = Counter32: 5243963
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.5.176.197.84.1.85.60.200 = Counter32: 1952933251
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.5.176.197.84.2.156.36.201 = Counter32: 908878507
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.5.176.197.84.3.112.103.201 = Counter32: 2161636
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.5.176.197.84.5.105.150.202 = Counter32: 541918651
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.5.238.34.128.108.26.145.206 = Counter32: 5897834
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.6.0.4.32.239.134.9.195 = Counter32: 17605
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.6.40.16.123.35.106.44.202 = Counter32: 1127441
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.6.44.240.238.73.164.89.204 = Counter32: 11616
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.6.60.51.0.51.170.194.202 = Counter32: 35534
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.6.72.238.12.124.113.215.201 = Counter32: 7080
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.6.92.207.127.1.138.227.193 = Counter32: 1268
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.6.92.207.127.129.10.170.195 = Counter32: 7985
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.6.148.16.62.205.37.201.204 = Counter32: 32
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.6.164.119.51.168.68.54.194 = Counter32: 64529
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.6.164.119.51.239.164.100.193 = Counter32: 1744
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.6.168.129.149.141.101.106.195 = Counter32: 61812
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.6.176.197.84.1.85.60.200 = Counter32: 878525
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.6.176.197.84.2.156.36.201 = Counter32: 4235450
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.6.176.197.84.3.112.103.201 = Counter32: 87886
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.6.176.197.84.5.105.150.202 = Counter32: 177603
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.6.238.34.128.108.26.145.206 = Counter32: 26254
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.7.0.4.32.239.134.9.195 = Counter32: 18520
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.7.40.16.123.35.106.44.202 = Counter32: 1360940
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.7.44.240.238.73.164.89.204 = Counter32: 12007
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.7.60.51.0.51.170.194.202 = Counter32: 5942883
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.7.72.238.12.124.113.215.201 = Counter32: 8389
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.7.92.207.127.1.138.227.193 = Counter32: 1323
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.7.92.207.127.129.10.170.195 = Counter32: 8088
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.7.148.16.62.205.37.201.204 = Counter32: 48
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.7.164.119.51.168.68.54.194 = Counter32: 49427
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.7.164.119.51.239.164.100.193 = Counter32: 1304
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.7.168.129.149.141.101.106.195 = Counter32: 64913
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.7.176.197.84.1.85.60.200 = Counter32: 4306854
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.7.176.197.84.2.156.36.201 = Counter32: 9719647
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.7.176.197.84.3.112.103.201 = Counter32: 33413
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.7.176.197.84.5.105.150.202 = Counter32: 3597021
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.7.238.34.128.108.26.145.206 = Counter32: 81421
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.8.0.4.32.239.134.9.195 = Gauge32: 120000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.8.40.16.123.35.106.44.202 = Gauge32: 65000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.8.44.240.238.73.164.89.204 = Gauge32: 104000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.8.60.51.0.51.170.194.202 = Gauge32: 150000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.8.72.238.12.124.113.215.201 = Gauge32: 150000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.8.92.207.127.1.138.227.193 = Gauge32: 48000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.8.92.207.127.129.10.170.195 = Gauge32: 72200000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.8.148.16.62.205.37.201.204 = Gauge32: 26000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.8.164.119.51.168.68.54.194 = Gauge32: 65000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.8.164.119.51.239.164.100.193 = Gauge32: 58500000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.8.168.129.149.141.101.106.195 = Gauge32: 72200000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.8.176.197.84.1.85.60.200 = Gauge32: 150000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.8.176.197.84.2.156.36.201 = Gauge32: 57700000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.8.176.197.84.3.112.103.201 = Gauge32: 65000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.8.176.197.84.5.105.150.202 = Gauge32: 108000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.8.238.34.128.108.26.145.206 = Gauge32: 270000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.9.0.4.32.239.134.9.195 = Gauge32: 54000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.9.40.16.123.35.106.44.202 = Gauge32: 72200000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.9.44.240.238.73.164.89.204 = Gauge32: 130000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.9.60.51.0.51.170.194.202 = Gauge32: 81000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.9.72.238.12.124.113.215.201 = Gauge32: 150000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.9.92.207.127.1.138.227.193 = Gauge32: 48000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.9.92.207.127.129.10.170.195 = Gauge32: 18000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.9.148.16.62.205.37.201.204 = Gauge32: 135000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.9.164.119.51.168.68.54.194 = Gauge32: 65000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.9.164.119.51.239.164.100.193 = Gauge32: 65000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.9.168.129.149.141.101.106.195 = Gauge32: 72200000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.9.176.197.84.1.85.60.200 = Gauge32: 150000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.9.176.197.84.2.156.36.201 = Gauge32: 52000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.9.176.197.84.3.112.103.201 = Gauge32: 65000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.9.176.197.84.5.105.150.202 = Gauge32: 27000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.9.238.34.128.108.26.145.206 = Gauge32: 243000000
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.10.0.4.32.239.134.9.195 = INTEGER: 0
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.10.40.16.123.35.106.44.202 = INTEGER: 0
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.10.44.240.238.73.164.89.204 = INTEGER: 0
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.10.60.51.0.51.170.194.202 = INTEGER: 0
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.10.72.238.12.124.113.215.201 = INTEGER: 0
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.10.92.207.127.1.138.227.193 = INTEGER: 0
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.10.92.207.127.129.10.170.195 = INTEGER: 0
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.10.148.16.62.205.37.201.204 = INTEGER: 0
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.10.164.119.51.168.68.54.194 = INTEGER: 0
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.10.164.119.51.239.164.100.193 = INTEGER: 0
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.10.168.129.149.141.101.106.195 = INTEGER: 0
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.10.176.197.84.1.85.60.200 = INTEGER: 0
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.10.176.197.84.2.156.36.201 = INTEGER: 0
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.10.176.197.84.3.112.103.201 = INTEGER: 0
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.10.176.197.84.5.105.150.202 = INTEGER: 0
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.10.238.34.128.108.26.145.206 = INTEGER: 0
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.11.0.4.32.239.134.9.195 = INTEGER: -60
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.11.40.16.123.35.106.44.202 = INTEGER: -39
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.11.44.240.238.73.164.89.204 = INTEGER: -65
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.11.60.51.0.51.170.194.202 = INTEGER: -49
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.11.72.238.12.124.113.215.201 = INTEGER: -66
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.11.92.207.127.1.138.227.193 = INTEGER: -69
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.11.92.207.127.129.10.170.195 = INTEGER: -55
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.11.148.16.62.205.37.201.204 = INTEGER: -66
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.11.164.119.51.168.68.54.194 = INTEGER: -59
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.11.164.119.51.239.164.100.193 = INTEGER: -41
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.11.168.129.149.141.101.106.195 = INTEGER: -44
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.11.176.197.84.1.85.60.200 = INTEGER: -61
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.11.176.197.84.2.156.36.201 = INTEGER: -57
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.11.176.197.84.3.112.103.201 = INTEGER: -51
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.11.176.197.84.5.105.150.202 = INTEGER: -55
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.11.238.34.128.108.26.145.206 = INTEGER: -62
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.12.0.4.32.239.134.9.195 = INTEGER: 4607184
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.12.40.16.123.35.106.44.202 = INTEGER: 4596448
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.12.44.240.238.73.164.89.204 = INTEGER: 4596072
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.12.60.51.0.51.170.194.202 = INTEGER: 4597208
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.12.72.238.12.124.113.215.201 = INTEGER: 4664576
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.12.92.207.127.1.138.227.193 = INTEGER: 4602992
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.12.92.207.127.129.10.170.195 = INTEGER: 4600792
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.12.148.16.62.205.37.201.204 = INTEGER: 4596960
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.12.164.119.51.168.68.54.194 = INTEGER: 4619216
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.12.164.119.51.239.164.100.193 = INTEGER: 4584736
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.12.168.129.149.141.101.106.195 = INTEGER: 4544520
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.12.176.197.84.1.85.60.200 = INTEGER: 4601120
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.12.176.197.84.2.156.36.201 = INTEGER: 4607384
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.12.176.197.84.3.112.103.201 = INTEGER: 4664208
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.12.176.197.84.5.105.150.202 = INTEGER: 4538888
SNMPv2-SMI::enterprises.14988.1.1.1.5.1.12.238.34.128.108.26.145.206 = INTEGER: 4542200

looking around I see that THERE IS NO oid for MAC address as there was before! Mikrotik fixed wrong entry issue removing the MAC entry?

/caps-man registration-table print oid
 0 uptime=.1.3.6.1.4.1.14988.1.1.1.4.1.3.176.197.84.2.156.36.201 tx-bytes=.1.3.6.1.4.1.14988.1.1.1.4.1.4.176.197.84.2.156.36.201 rx-bytes=.1.3.6.1.4.1.14988.1.1.1.4.1.5.176.197.84.2.156.36.201 
   tx-packets=.1.3.6.1.4.1.14988.1.1.1.4.1.6.176.197.84.2.156.36.201 rx-packets=.1.3.6.1.4.1.14988.1.1.1.4.1.7.176.197.84.2.156.36.201 tx-rate=.1.3.6.1.4.1.14988.1.1.1.4.1.8.176.197.84.2.156.36.201 
   rx-rate=.1.3.6.1.4.1.14988.1.1.1.4.1.9.176.197.84.2.156.36.201 tx-signal=.1.3.6.1.4.1.14988.1.1.1.4.1.10.176.197.84.2.156.36.201 rx-signal=.1.3.6.1.4.1.14988.1.1.1.4.1.11.176.197.84.2.156.36.201 
   ssid=.1.3.6.1.4.1.14988.1.1.1.4.1.12.176.197.84.2.156.36.201

Well, look at that. Not only did they not fix the misprint of oid, they did in fact remove mac from the tree. I'm guessing someone just removed they wrong thing by accident. They'll need to fix that clearly.

In the meantime, I am able to get the mac-address values in rc31 for entries there using a mikrotik script (your original issue?). For example:
> foreach client in=[/caps-man registration-table find] do={put [/caps-man registration-table get $client mac-address]}

alexjhart · Sat Feb 18, 2017 7:19 pm

Well, look at that. Not only did they not fix the misprint of oid, they did in fact remove mac from the tree. I'm guessing someone just removed they wrong thing by accident. They'll need to fix that clearly.

I could have sworn it was in there, but I downgraded to the last release (rc27) and still didn't see mac listed in oid tree. So either that changed in an earlier version (perhaps unintentionally) or this just needs to be a feature request. It's gotta be in there in the future though, right?

korniza · Sat Feb 18, 2017 7:31 pm

Well, look at that. Not only did they not fix the misprint of oid, they did in fact remove mac from the tree. I'm guessing someone just removed they wrong thing by accident. They'll need to fix that clearly.
I could have sworn it was in there, but I downgraded to the last release (rc27) and still didn't see mac listed in oid tree. So either that changed in an earlier version (perhaps unintentionally) or this just needs to be a feature request. It's gotta be in there in the future though, right?

I do not know if there was on rc27 because I jumped to the latest (6.39rc33) from the 6.38. I hope to be fixed fast as the script I use to get mac address is a geo-location script that reports users availability on the network. fingers crossed!

alexjhart · Sat Feb 18, 2017 7:42 pm

Well, look at that. Not only did they not fix the misprint of oid, they did in fact remove mac from the tree. I'm guessing someone just removed they wrong thing by accident. They'll need to fix that clearly.
I could have sworn it was in there, but I downgraded to the last release (rc27) and still didn't see mac listed in oid tree. So either that changed in an earlier version (perhaps unintentionally) or this just needs to be a feature request. It's gotta be in there in the future though, right?
I do not know if there was on rc27 because I jumped to the latest (6.39rc33) from the 6.38. I hope to be fixed fast as the script I use to get mac address is a geo-location script that reports users availability on the network. fingers crossed!

Yeah, I also jumped from 6.38rc to 6.39rc, so could have been lost in an earlier version. If we both thought it was there, maybe it was? Either way, I've asked in my ticket they make sure to add it.

korniza · Sat Feb 18, 2017 7:43 pm

Well, look at that. Not only did they not fix the misprint of oid, they did in fact remove mac from the tree. I'm guessing someone just removed they wrong thing by accident. They'll need to fix that clearly.
I could have sworn it was in there, but I downgraded to the last release (rc27) and still didn't see mac listed in oid tree. So either that changed in an earlier version (perhaps unintentionally) or this just needs to be a feature request. It's gotta be in there in the future though, right?

6.38.1 is a good version to downgrade and get back mac address oid. I just did it and all are back to normal

alexjhart · Sat Feb 18, 2017 7:44 pm

6.38.1 is a good version to downgrade and get back mac address oid. I just did it and all are back to normal

Thanks for taking the time and effort to confirm that. Odds are in our favor they will add that back in then

korniza · Sat Feb 18, 2017 7:52 pm

6.38.1 is a good version to downgrade and get back mac address oid. I just did it and all are back to normal
Thanks for taking the time and effort to confirm that. Odds are in our favor they will add that back in then

I hope for a quick fix as I had mentioned the wrong oid months ago on http://forum.mikrotik.com/viewtopic.php?f=13&t=107522
Till then still they have wrong output on oid on console that snmp-walk. And now they broke it. Shall we will wait months to get back the previous functionality and get matched oid? Hoping for the best....

expert · Sat Feb 18, 2017 9:17 pm

Is the RSTP problem (which I reported here http://forum.mikrotik.com/viewtopic.php ... 50#p582781 ) fixed?

Zorro · Sun Feb 19, 2017 8:42 pm

noticed that last RC's of 639 both upgrade and Boot-Up MUCH faster than before.
not big deal, but not bad thing either.

mducharme · Sun Feb 19, 2017 10:32 pm

Hello,

If you can fix in an upcoming RC - in the TR-069 data model, the MAC address for Ethernet interfaces seems to be missing. I can still see the MAC addresses for the wireless interfaces, but they are gone for the Ethernet interfaces. I have many other stats, ex. byte counts for all ethernet interfaces, but no MAC addresses. This looks like a strange oversight. It is useful for us to collect the MAC address of our managed devices, particularly the ether1 interface, so I would really like to have this data.

Mon Feb 20, 2017 10:29 am

OIDs for CAPsMAN will be fixed in next rc release. MAC-Address parameter is removed since it was already available and this was a duplicate entry,

VASCO108 · Mon Feb 20, 2017 3:48 pm

Hi everyone

I have 10g ports on my router and graphs look like this:

I am using version: 6.38.1
3G everything looks good, after exceeding this value, it begins to fall apart.
What could be the reason?
I will add that any problems with the link no

The cacti looks normal.

ps: I apologize in advance for my English

alexjhart · Mon Feb 20, 2017 5:06 pm

Hi everyone

I have 10g ports on my router and graphs look like this:

I am using version: 6.38.1
3G everything looks good, after exceeding this value, it begins to fall apart.
What could be the reason?
I will add that any problems with the link no The cacti looks normal.

ps: I apologize in advance for my English

Looks like a 32 vs 64 bit counter rollover problem. Lots of info if you do a Google search on that. Here is one example:
https://www.google.com/amp/s/gorthx.wor ... -like/amp/

alexjhart · Mon Feb 20, 2017 5:07 pm

OIDs for CAPsMAN will be fixed in next rc release. MAC-Address parameter is removed since it was already available and this was a duplicate entry,

Where else is it included that we aren't finding (I say we because others are posting about this being gone too, so it's not just me missing it)?

kujo · Mon Feb 20, 2017 5:10 pm

Version 6.39rc33 has been released.

*) chr - fixed problem when transmit speed was reduced by interface queues;

Thank you!

VASCO108 · Mon Feb 20, 2017 6:37 pm

Hi everyone

I have 10g ports on my router and graphs look like this:

I am using version: 6.38.1
3G everything looks good, after exceeding this value, it begins to fall apart.
What could be the reason?
I will add that any problems with the link no The cacti looks normal.

ps: I apologize in advance for my English
Looks like a 32 vs 64 bit counter rollover problem. Lots of info if you do a Google search on that. Here is one example:
https://www.google.com/amp/s/gorthx.wor ... -like/amp/

Thank you very much for your answer. I understand the question of whether and when the dude will support 64bit?

mducharme · Mon Feb 20, 2017 10:40 pm

OIDs for CAPsMAN will be fixed in next rc release. MAC-Address parameter is removed since it was already available and this was a duplicate entry,

Where is it available? I do not see the MAC address anywhere in TR-069 data returned from device, except for the MAC addresses for the WiFi interfaces. What I want is the ethernet interface MAC addresses, primarily ether1 so that I can see what MAC address the customer has on their WAN port. I have gone through the entire TR-069 data returned from my device and from what I can see this is not present.

alexjhart · Mon Feb 20, 2017 10:44 pm

OIDs for CAPsMAN will be fixed in next rc release. MAC-Address parameter is removed since it was already available and this was a duplicate entry,
Where is it available? I do not see the MAC address anywhere in TR-069 data returned from device, except for the MAC addresses for the WiFi interfaces. What I want is the ethernet interface MAC addresses, primarily ether1 so that I can see what MAC address the customer has on their WAN port. I have gone through the entire TR-069 data returned from my device and from what I can see this is not present.

I think that is a reply regarding snmp, not tr-069

mducharme · Mon Feb 20, 2017 10:50 pm

OIDs for CAPsMAN will be fixed in next rc release. MAC-Address parameter is removed since it was already available and this was a duplicate entry,
Where is it available? I do not see the MAC address anywhere in TR-069 data returned from device, except for the MAC addresses for the WiFi interfaces. What I want is the ethernet interface MAC addresses, primarily ether1 so that I can see what MAC address the customer has on their WAN port. I have gone through the entire TR-069 data returned from my device and from what I can see this is not present.
I think that is a reply regarding snmp, not tr-069

Ahh, thanks - I didn't realize there was another post about MAC addresses with SNMP in the thread that strods was probably replying to.

rah · Mon Feb 20, 2017 11:47 pm

OIDs for CAPsMAN will be fixed in next rc release. MAC-Address parameter is removed since it was already available and this was a duplicate entry,
Where else is it included that we aren't finding (I say we because others are posting about this being gone too, so it's not just me missing it)?

In the same boat as well. I updated to the latest 6.39rc33 for the virtual static ap for capsmam feature, which works great! But it broke the snmp capsman registration table Mac address oid. Hopefully it can be fixed soon.

alexjhart · Tue Feb 21, 2017 12:22 am

OIDs for CAPsMAN will be fixed in next rc release. MAC-Address parameter is removed since it was already available and this was a duplicate entry,
Where else is it included that we aren't finding (I say we because others are posting about this being gone too, so it's not just me missing it)?

So based on some of my own digging, I found that the entries for capsman can be looked up in the bridge mib.

As an example, this client:
1.3.6.1.4.1.14988.1.1.1.5.1.[3-12].0.14.88.171.21.21.14
has a mac address here:
1.3.6.1.2.1.17.4.3.1.1.0.14.88.171.21.21 = Hex-STRING: 00 02 B3 AB C1 DE

Based on the conversation in my ticket so far, it seems as if they expect us to use that. I'm waiting on confirmation.

rah · Tue Feb 21, 2017 3:53 am

OIDs for CAPsMAN will be fixed in next rc release. MAC-Address parameter is removed since it was already available and this was a duplicate entry,
Where else is it included that we aren't finding (I say we because others are posting about this being gone too, so it's not just me missing it)?
So based on some of my own digging, I found that the entries for capsman can be looked up in the bridge mib.

As an example, this client:
1.3.6.1.4.1.14988.1.1.1.5.1.[3-12].0.14.88.171.21.21.14
has a mac address here:
1.3.6.1.2.1.17.4.3.1.1.0.14.88.171.21.21 = Hex-STRING: 00 02 B3 AB C1 DE

Based on the conversation in my ticket so far, it seems as if they expect us to use that. I'm waiting on confirmation.

Thanks for the info. It looks like the mac entries are a lookup table. To see if a client is disconnected or connected, would have to check the client by the snmp id addresses and not the macs. Not super useful for my application as I used the snmp macs in the capsman registration table to determine if people are home or not for some home automation. Ideally they can bring this back. However I did some more digging and found macs (wired and wireless) are also listed in the 'ipNetToMediaPhysAddress' with the OID prefix of: 1.3.6.1.2.1.4.22.1.2.9. This so far seems to working for my application.

Tue Feb 21, 2017 1:02 pm

This is an example about SNMP CAPsMAN registration table.

We run SNMPwalk to device. As a result we get different OIDs. For example:
iso.3.6.1.4.1.14988.1.1.1.5.1.12..587

In this case:
iso.3.6.1.4.1.14988.1.1.1.5.1.12 - CAPsMAN registration table specific entry;
xx.xx.xx.xx.xx.xx - MAC address in decimal system
587 - specific ID to avoid duplicates

alexjhart · Tue Feb 21, 2017 9:00 pm

This is an example about SNMP CAPsMAN registration table.

We run SNMPwalk to device. As a result we get different OIDs. For example:
iso.3.6.1.4.1.14988.1.1.1.5.1.12..587

In this case:
iso.3.6.1.4.1.14988.1.1.1.5.1.12 - CAPsMAN registration table specific entry;
xx.xx.xx.xx.xx.xx - MAC address in decimal system
587 - specific ID to avoid duplicates

I see now, so what you mean is the mac address is part of the OID, just in decimal form instead of hexadecimal.
for example, mac address 00:DB:9A:B0:E4:72 would be converted to 0.219.154.176.228.114 and it's stats would then be iso.3.6.1.4.1.14988.1.1.1.5.1.12.0.219.154.176.228.114.1
or, mac address DB:DB:DB:DB:DB:DB would become 219.219.219.219.219.219

While I can see this works, it does seem to be easier to have a Hex-String or String conversion automatically done for us in an additional OID. Since the code was there already and it makes things easier on folks, why not just leave it (put it back)?

rah · Wed Feb 22, 2017 6:15 am

Thanks for the example and help Strods. I understand it now however I agree with Alex that it's much easier to have the strings even though it is somewhat redundant. Much appreciated if it can be placed back in!

mducharme · Wed Feb 22, 2017 1:36 pm

Hello,

I have found what might be a bug in the TR-069 client. If I try setting any parameter to a value with an ampersand (ex. changing identity from MikroTik to Mikro&Tik) through my ACS (GenieACS) it goes crazy and gets stuck in an endless repeating communication loop trying to set the value over and over again unsuccessfully hundreds of times per second until I not only cancel the task in GenieACS but also disable and re-enable the TR-069 on the MikroTik.

The GenieACS developer was not able to reproduce this problem with his non-MikroTik devices. This makes me wonder if it is a bug in the TR-069 stack on MikroTik - can any TR-069 users reproduce this issue?

Wed Feb 22, 2017 2:36 pm

While I can see this works, it does seem to be easier to have a Hex-String or String conversion automatically done for us in an additional OID. Since the code was there already and it makes things easier on folks, why not just leave it (put it back)?

That's additional data to be sent over the wire, which may be significant on a busy system with lots of registered clients. I believe keeping the SNMP traffic as low as possible by eliminating the duplicates is a good thing.

mducharme · Wed Feb 22, 2017 2:59 pm

Update: The GenieACS developer says there is a bug in MikroTik's TR-069 client. Any SetParameterValues request that includes an ampersand in the value causes an empty reply to be sent to the ACS by the MikroTik. This in turn causes a problem in GenieACS which is not expecting an empty reply from the MikroTik and resends the request, causing a loop.

Wed Feb 22, 2017 3:05 pm

Yes, we are already investigating this issue

Wed Feb 22, 2017 4:27 pm

Version 6.39rc35 has been released.

Changes since previous version:
*) gps - added "fix-quality" and "horizontal-dilution" parameters;
*) snmp - fixed CAPsMAN registration table OID print;
*) snmp - fixed CAPsMAN registration table SSID type;
*) snmp - optimized bridge table processing;
*) tr069-client - added "Ethernet.Interface.{i}.MACAddress" parameter;
*) userman - allow access to User Manager users page only through "/user" URL;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.

alexjhart · Wed Feb 22, 2017 5:16 pm

While I can see this works, it does seem to be easier to have a Hex-String or String conversion automatically done for us in an additional OID. Since the code was there already and it makes things easier on folks, why not just leave it (put it back)?
That's additional data to be sent over the wire, which may be significant on a busy system with lots of registered clients. I believe keeping the SNMP traffic as low as possible by eliminating the duplicates is a good thing.

It doesn't get sent over the wire unless requested. Having it there as an option doesnt seem bad. Just don't request it on those busy systems.

kez · Wed Feb 22, 2017 5:36 pm

I saw this on RB750Gr3. System / Routerboard / Settings. It's possible to see and change RAM frequency via CLI but not via Winbox.
CLI keeps telling me there is a RAM overclock when I run /export, now running at 1200MHz and I didn't changed it.
There is no change log available for Routerboot version 3.35.
Running 6.38.1, posting here because I think this post it's a good place to talk about bugs. If not, I'm sorry.

Thanks

anuser · Wed Feb 22, 2017 10:48 pm

*) snmp - fixed CAPsMAN registration table OID print;
*) snmp - fixed CAPsMAN registration table SSID type;

I am asking myself, whether it is possible to get the values of the amount of users, connected to a specific SSID for a single CAP with SNMP polling the CAPSMAN controller?

alexjhart · Wed Feb 22, 2017 11:07 pm

*) snmp - fixed CAPsMAN registration table OID print;
*) snmp - fixed CAPsMAN registration table SSID type;

Looks like you guys got it this time! Thanks for the quick fix.

Still sad you are being stubborn about leaving/adding back the mac OID in there. I think redundancy is a poor argument and believe myself and others will benefit from this being available. So many standard MIBs, including ones you are using (like bridge mib) provide this even if the mac is encoded in the OID in decimal format. Also, using the bridge and arp tables as previously mentioned in this thread are incomplete workarounds in my opinion since the entries in those tables can timeout (or never exist depending on configuration) even when a wireless client is still connected. Most tools don't have a built in way for parsing and converting the mac address from the OID, rather they rely on SNMP index and data provided in the table.

napismizpravu · Thu Feb 23, 2017 1:56 pm

RB433UAH 6.39rc35 microSD, 2x USB Flash disk, (power 24V 2A)

one USB Flash disk lost (6.38.1. works)

pe1chl · Thu Feb 23, 2017 4:33 pm

So many standard MIBs, including ones you are using (like bridge mib) provide this even if the mac is encoded in the OID in decimal format.

IMHO the MAC should always be encoded in the OID as 6 decimal numbers, not as a binary string.
It causes difficulty in scripts that are not binary transparent.
I think it was first started by copying some OID values used by Ubiquiti e.g. for reporting link parameters on an AP by client.
But using 6 decimal numbers instead of the 6-byte binary is much better.

zcybercomputing · Thu Feb 23, 2017 9:24 pm

Does the black list function in the discover info window of the dude client for windows work right in this build? In 6.38.3, and previous versions I don't see the . or ... buttons shown in the manual here.

http://wiki.mikrotik.com/wiki/Manual:Th ... _discovery

There is a related bug where dude discovers phantom devices on the broadcast and subnet IP addresses during discovery discussed here:
http://forum.mikrotik.com/viewtopic.php?f=8&t=118250

Fri Feb 24, 2017 3:01 pm

Version 6.39rc38 has been released.

Changes since previous version:
!) routeros - added support for new products and RouterOS features which will be announced at MUM EU (https://mum.mikrotik.com/2017/EU/info/EN);
*) capsman - fixed "/caps-man manager interface" compact export;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.

diegotormes · Sun Feb 26, 2017 12:14 am

Version 6.39rc38 has been released.

Changes since previous version:
!) routeros - added support for new products and RouterOS features which will be announced at MUM EU (https://mum.mikrotik.com/2017/EU/info/EN);

Good call. We have a month to try it, but at least tell us where to search!

PtDragon · Sun Feb 26, 2017 12:51 am

Version 6.39rc38 has been released.

Changes since previous version:
!) routeros - added support for new products and RouterOS features which will be announced at MUM EU (https://mum.mikrotik.com/2017/EU/info/EN);
Good call. We have a month to try it, but at least tell us where to search!

Yeah, it will be good to know WHAT we are having xD

alexjhart · Sun Feb 26, 2017 2:01 am

Version 6.39rc38 has been released.

Changes since previous version:
!) routeros - added support for new products and RouterOS features which will be announced at MUM EU (https://mum.mikrotik.com/2017/EU/info/EN);
Good call. We have a month to try it, but at least tell us where to search!
Yeah, it will be good to know WHAT we are having xD

Nice plug to get people to attend MUM EU?

korniza · Sun Feb 26, 2017 7:36 am

This is an example about SNMP CAPsMAN registration table.

We run SNMPwalk to device. As a result we get different OIDs. For example:
iso.3.6.1.4.1.14988.1.1.1.5.1.12..587

In this case:
iso.3.6.1.4.1.14988.1.1.1.5.1.12 - CAPsMAN registration table specific entry;
xx.xx.xx.xx.xx.xx - MAC address in decimal system
587 - specific ID to avoid duplicates
I see now, so what you mean is the mac address is part of the OID, just in decimal form instead of hexadecimal.
for example, mac address 00:DB:9A:B0:E4:72 would be converted to 0.219.154.176.228.114 and it's stats would then be iso.3.6.1.4.1.14988.1.1.1.5.1.12.0.219.154.176.228.114.1
or, mac address DB:DB:DB:DB:DB:DB would become 219.219.219.219.219.219

While I can see this works, it does seem to be easier to have a Hex-String or String conversion automatically done for us in an additional OID. Since the code was there already and it makes things easier on folks, why not just leave it (put it back)?

I totally agree! we have to rebuild so many scripts, so many waste of time and many 3rd party software keep failing. Let them as it was!

athurdent · Sun Feb 26, 2017 11:27 am

Version 6.39rc38 has been released.

Changes since previous version:
!) routeros - added support for new products and RouterOS features which will be announced at MUM EU (https://mum.mikrotik.com/2017/EU/info/EN);
*) capsman - fixed "/caps-man manager interface" compact export;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.

This version (Edit: no necessarily this specific version, but rc4 is perfectly fine for example) completely broke DFS for me in Germany. My wAP AC resides on the top floor, sometimes no 5GHz clients connected. As soon as I come near it with a client (tested with iPhone 6s, multiple times) it logs something like pasted below. I'm pretty sure it interprets clients looking for WLAN APs as RADAR. Please fix this! It's the same for a hAP AC with the current stable version (v6.38.3).

Feb 26 10:06:12 mikrotik-wap-ac wireless,info wlan2: radar detected on 5580000
Feb 26 10:06:17 mikrotik-wap-ac wireless,debug wlan2: must select channel
Feb 26 10:06:17 mikrotik-wap-ac wireless,debug wlan2: radar reported on 5580000
Feb 26 10:06:17 mikrotik-wap-ac wireless,debug wlan2: radar reported on 5260000
Feb 26 10:06:17 mikrotik-wap-ac wireless,debug wlan2: radar reported on 5580000
Feb 26 10:06:17 mikrotik-wap-ac wireless,debug wlan2: selected channel 5500000
Feb 26 10:06:17 mikrotik-wap-ac wireless,debug wlan2: search for radars on 5500000
Feb 26 10:07:17 mikrotik-wap-ac wireless,debug wlan2: no radar detetected, start network

at 10:07 I was already back downstairs, going up again and leaving the phone there the following happens:

Feb 26 10:20:14 mikrotik-wap-ac wireless,info wlan2: radar detected on 5500000
Feb 26 10:20:19 mikrotik-wap-ac wireless,debug wlan2: must select channel
Feb 26 10:20:19 mikrotik-wap-ac wireless,debug wlan2: radar reported on 5580000
Feb 26 10:20:19 mikrotik-wap-ac wireless,debug wlan2: radar reported on 5260000
Feb 26 10:20:19 mikrotik-wap-ac wireless,debug wlan2: radar reported on 5500000
Feb 26 10:20:19 mikrotik-wap-ac wireless,debug wlan2: radar reported on 5580000
Feb 26 10:20:19 mikrotik-wap-ac wireless,debug wlan2: selected channel 5180000

after selecting a non-DFS channel I see my iPhone connecting to the AP in the logs.

mducharme · Mon Feb 27, 2017 2:42 am

Now that TR-069 support is basically here and working, I would like to request a change to the RouterOS Main Package:

Could you please have the IPv6 package enabled by default instead of disabled? Or at least provide a means of enabling the package in NetInstall?

We want our TR-069 managed customer routers to have IPv6 enabled and configured when they receive them - the way things are set up currently, the customer router needs to be rebooted after they boot it up for the first time in order to enable IPv6 and apply the IPv6 config. Our defaults script applied by NetInstall can enable the IPv6 package but can't configure the settings until the router is rebooted because the package isn't active yet. This makes things much more awkward for us.

Thanks.

Mon Feb 27, 2017 11:42 am

alexjhart, MAC-address is not present in /interface wireless registration-table print oid either, and it is calculated in the same way as for capsman table OIDs.

alexjhart · Tue Feb 28, 2017 5:18 pm

alexjhart, MAC-address is not present in /interface wireless registration-table print oid either, and it is calculated in the same way as for capsman table OIDs.

It's there in the bridge table and i wouldn't mind it for the wireless registration table too, but I was focused on capsman here. Especially since it was there, then removed. Feel free to add it for the wireless registration table too.

Wed Mar 01, 2017 10:08 am

Update: The GenieACS developer says there is a bug in MikroTik's TR-069 client. Any SetParameterValues request that includes an ampersand in the value causes an empty reply to be sent to the ACS by the MikroTik. This in turn causes a problem in GenieACS which is not expecting an empty reply from the MikroTik and resends the request, causing a loop.

thanks for the report, the next RC will have fix for this

mducharme · Wed Mar 01, 2017 7:14 pm

Update: The GenieACS developer says there is a bug in MikroTik's TR-069 client. Any SetParameterValues request that includes an ampersand in the value causes an empty reply to be sent to the ACS by the MikroTik. This in turn causes a problem in GenieACS which is not expecting an empty reply from the MikroTik and resends the request, causing a loop.
thanks for the report, the next RC will have fix for this

Great!

And for the IPv6 package, any way of having that enabled by default in the main package with NetInstall? We need a solution for that - before it didn't matter so much, but now that you have TR-069, we need IPv6 turned on when the router first boots up after NetInstall.... Maybe you could just put up a second copy of each RouterOS main package which was the same except had IPv6 enabled by default, in a different folder on your web server, for those who needed it?

ex. regular package at https://download2.mikrotik.com/routeros ... 39rc38.npk and ipv6 default enabled package at https://download2.mikrotik.com/routeros ... 39rc38.npk

Thanks.

Sob · Wed Mar 01, 2017 7:30 pm

Or it could be simply made enabled by default for everyone. It's 2017 already, about time...

mducharme · Wed Mar 01, 2017 7:55 pm

Or it could be simply made enabled by default for everyone. It's 2017 already, about time...

Yes, either/or.. However I suspect that they haven't been switching the main package to IPv6 enabled because then they would need a default IPv6 firewall config (at least a basic one to block all input except from the local bridge so that people on the WAN subnet can't login with webfig or winbox via IPv6), and existing devices would not have this in their factory default config scripts. However at least putting up this package as an alternative main package for people who use NetInstall and replace the default config script anyway - that should be safe, and it strikes me as something that they could do almost immediately.

soonwai · Thu Mar 02, 2017 12:33 pm

RB2011UAS-2HnD on 6.39rc38
No scripts scheduled. Freshly rebooted. I have these environment variables. Any ideas what they are?

Thu Mar 02, 2017 1:14 pm

Version 6.39rc40 has been released.

Changes since previous version:
!) l2tp - added fastpath support when MRRU is enabled;
!) ppp - implemented internal algorithm for "change-mss", no mangle rules necessary;
!) pppoe - added fastpath support when MRRU and MLPPP are enabled;
*) hotspot - show Host table commentaries also in Active tab and vice versa;
*) ike2 - fixed responder subsequent new child creation when PFS is used;
*) ipsec - deducted policy SA src/dst address from src/dst address;
*) ipsec - fixed SA address check in policy lookup;
*) ipsec - updated tilera classifier for UDP encapsulated ESP;
*) snmp - added back MAC address OID in "/caps-man registration-table" (introduced in 6.39rc33);
*) tr069-client - added basic support for "/ip firewall filters";
*) tr069-client - added support for escaped entity references (& < > ' &quot);
*) tr069-client - close connection if CPE considers XML as invalid;
*) tr069-client - fixed special escape characters on XML data send;
*) tr069-client - general improvements on reducing storage space;
*) usb - added support for more CP210X devices;
*) wireless - do not allow equal MAC addresses between multiple Virtual APs when same master interface is used;
*) wireless - fixed rare crash on nv2 configurations;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.

ulysses · Thu Mar 02, 2017 1:26 pm

Hi,

I LOVE the new script property of DHCP client. But something very basic seems to be missing - in my case the DHCP server is _not_ the gateway. However I don't see the gateway-address or like variable available. Any chance this can be added soon?

BTW, although offtopic, is there a way to inspect :local variables in the current scope? like environment but for the current scope including the local variables?

psannz · Thu Mar 02, 2017 1:46 pm

*) ipsec - updated tilera classifier for UDP encapsulated ESP;

Does this fix the IPSEC packet re-ordering problem?
viewtopic.php?f=1&t=112545

Chupaka · Thu Mar 02, 2017 1:48 pm

I LOVE the new script property of DHCP client. But something very basic seems to be missing - in my case the DHCP server is _not_ the gateway. However I don't see the gateway-address or like variable available. Any chance this can be added soon?

as a workaround:

:put [ /ip dhcp-server network get [ find $leaseActIP in address ] gateway ];

soonwai · Thu Mar 02, 2017 2:46 pm

RB2011UAS-2HnD updated to 6.39rc40.
PPPoE client connects. Local and remote address acquired but nothing works.
• RB2011 unable to ping 8.8.8.8
• "/system package update check-for-updates " unable to resolve dns.

Edit: Just noticed the default route to remote address is unreachable.

PPP profile's "Change TCP MSS" is and has always been Yes.
MTU & MRU not set (1480)
FastTrack is currently disabled.
Not sure how to diagnose.

Disabled PPPoE client. Changed to my backup link (routed through my neighbour) and everything is fine.

Thu Mar 02, 2017 4:16 pm

soonwai - This seems to be an issue which we managed to reproduce locally. If it is the same problem, then it will be fixed in next rc release.

soonwai · Thu Mar 02, 2017 5:00 pm

soonwai - This seems to be an issue which we managed to reproduce locally. If it is the same problem, then it will be fixed in next rc release.

Awesome, thanks for the quick reply.

msatter · Thu Mar 02, 2017 8:20 pm

Same problem here of PPPoe working but no traffic shall pass. Torching the PPPoe connection makes it active till you stop torching it.

alexjhart · Thu Mar 02, 2017 9:05 pm

*) ipsec - updated tilera classifier for UDP encapsulated ESP;

Details?

alexjhart · Thu Mar 02, 2017 9:06 pm

*) snmp - added back MAC address OID in "/caps-man registration-table" (introduced in 6.39rc33);

Many thanks

macsrwe · Thu Mar 02, 2017 11:39 pm

Version 6.39rc40 has been released.

No dude client on the MikroTik website for this release, and auto-update attempt from older dude gives error: bad http response from cloud. Help!

msatter · Fri Mar 03, 2017 12:07 pm

soonwai - This seems to be an issue which we managed to reproduce locally. If it is the same problem, then it will be fixed in next rc release.

To which posting of Soonwai did you respond because I see the posting about the Variables and the one about PPPoE.

I have the same problem with PPPoE working but no traffic until I torch the connection and I have to keep torching. I am now back on the current release of RouterOS and can't go back to a working (lower) version of RC anymore.

bennyh · Fri Mar 03, 2017 1:02 pm

I have too problem with PPPoE in RC40 with RB3011. When I ping the RB's address from pppoe client, there is no answer.
Torch trick is working, until it running I can ping the RB.

msatter · Fri Mar 03, 2017 1:23 pm

I did already downgrade so if you are still om RC40 check if the default route present in menu "IP" "Routes"?

line: DAS 0.0.0.0/0 xxx.xxx.xxx.xxx reachable pppoe-out 1