Hello everyone
I'm confused on the crs 125 series what is the best way,
Use the new vlan on bridge or stay using the switch menu?
Thanks.

Enviado de meu XT1580 usando Tapatalk

Hello everyone
I'm confused on the crs 125 series what is the best way,
Use the new vlan on bridge or stay using the switch menu?
Thanks.

Enviado de meu XT1580 usando Tapatalk

My understanding from the 6.40rc36 and 38 releases was that the switch chip menu was to not be used for ports not in a new bridge and ideally all configurations should move to the new VLAN aware hw-offload bridges.

I do recall a conflicting post from a MikroTik poster so clarification from own of the MikroTik folks would be great.

Upgrade from 6.40 last rc to 6.41.3 my 2011UiAS-2HnD all leds on active interfaces are off, Except led on eth10 is on witch is POE Out and is active. Is this normal or something wrong with this.

Upgrade from 6.40 last rc to 6.41.3 my 2011UiAS-2HnD all leds on active interfaces are off,

My understanding from the 6.40rc36 and 38 releases was that the switch chip menu was to not be used for ports not in a new bridge and ideally all configurations should move to the new VLAN aware hw-offload bridges.

If you see the table of crs 1xx/2xx series
It have a - on bridge vlan filter

My understanding from the 6.40rc36 and 38 releases was that the switch chip menu was to not be used for ports not in a new bridge and ideally all configurations should move to the new VLAN aware hw-offload bridges.

Currently, it is implemented only for CRS3xx series switches.

If you see the table of crs 1xx/2xx series
It have a - on bridge vlan filter

On CRS125 VLANs still have to be configured in "/interface ethernet switch" menu to keep hw-offload working. If they are configured in "/interface bridge vlan", the hw-offload will turn off.

!) bridge - implemented software based vlan-aware bridges;
https://wiki.mikrotik.com/wiki/Manual:I ... _Filtering

I'm creating VLAN20 on Bridge1 - there's still ok.
But when I add VLAN20 to Bridge2, RB is unavailable on these two ports.

Shouldn't VLAN be created on Ethernet port, not the bridge ...
Or you are trying Bridge VLAN Filtering and vlan-ids ...

I'm creating VLAN20 on Bridge1 - there's still ok.
But when I add VLAN20 to Bridge2, RB is unavailable on these two ports.

/interface bridge
add name=bridge1
add name=bridge2
add name=bridge3
/interface vlan
add interface=bridge1 name=vlan20 vlan-id=20
add interface=bridge1 name=vlan30 vlan-id=30
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether2
add bridge=bridge2 interface=vlan20
add bridge=bridge3 interface=vlan30

If you see the table of crs 1xx/2xx series
It have a - on bridge vlan filter

On CRS125 VLANs still have to be configured in "/interface ethernet switch" menu to keep hw-offload working. If they are configured in "/interface bridge vlan", the hw-offload will turn off.

If you see the table of crs 1xx/2xx series
It have a - on bridge vlan filter

On CRS125 VLANs still have to be configured in "/interface ethernet switch" menu to keep hw-offload working. If they are configured in "/interface bridge vlan", the hw-offload will turn off.

Will there be shift to new syntax also for CRS125 series? It is a bit confusing to have to use different syntax for each product to get things done ...

JF.

Shouldn't VLAN be created on Ethernet port, not the bridge ...
Or you are trying Bridge VLAN Filtering and vlan-ids ...

I'm creating VLAN20 on Bridge1 - there's still ok.
But when I add VLAN20 to Bridge2, RB is unavailable on these two ports.

It does not work even if I put my vlan on ether1 or 2.
I want to get the old way tagged vlan20 on ports ether1,2,3 ... n (before master port1 and slave ether2,3, ... n)
Bridge strip Taging. I have DHCP server for vlan20.

+1
Agree, need to be more simple, no offense but the Cisco way it very simple
Switch port mode trunk/access
Switch port access vlan x
Switch port trunk allow vlan x,y,z

RB2011UAS v6.41rc1 - rc20
IPv6 address assignment is broken State is 'invalid'

It does not work even if I put my vlan on ether1 or 2.

/interface bridge
add name=bridge1
add name=bridge2
add name=bridge3
/interface vlan
add interface=ether2 name=vlan20 vlan-id=20
add interface=ether2 name=vlan30 vlan-id=30
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether3
add bridge=bridge2 interface=vlan20
add bridge=bridge3 interface=vlan30

On CRS125 VLANs still have to be configured in "/interface ethernet switch" menu to keep hw-offload working. If they are configured in "/interface bridge vlan", the hw-offload will turn off.

Vlan is Hard to understand IF you used HP as they use the term tag/untagged (Their Ports are all hybrid and can't be trunk or access from the cisco perpspective.)

AccessPort = A port that is only accepting untaged frames on ingress and only output untaged frames on egress. All other frametypes is silently droped
TrunkPort = A port that only accepts tagged frames, all untaged frames is silently droped. it only egress taged frames.

Other have then invented shortcuts of that:

Hybrid = A port that accept both taged and untaged frames on ingress, untaged frames are assumed to belong to a native vlan. the same vlan can even recieve frames taged as beloning to it. Egres a hybrid port outputs as a trunk on all vlans and as an access port on the native vlan.

HP's implementation of only hybrid have stirred quit a few it guys in the field. The cisco way is cleaner and less error prone.

This is a Mikrotik forum and I who claims to understand .1q or qinq or qinqinqinq for one loves the freedom in mikrotik bridge being software layer, switch being hardware layer or at least I assume. Here i'm am currently not sure due to 6.41rc work.... but that will clear when it's done.

The VLAN does not work on the Atheros 8327 chip switch.
I create Bridge1 and add Ethernet1 and Ethernet2.
I'm creating VLAN20 on Bridge1 - there's still ok.
But when I add VLAN20 to Bridge2, RB is unavailable on these two ports.

Sorry about my English.

/export

• RouterBOARD 750G r3
• RouterBOARD wAP G-5HacT2HnD
• RouterBOARD cAP L-2nD

#error exporting /system routerboard mode-button

JimmyNyholm, a Cisco trunk port will pass both tagged or untagged traffic depending on the allowed VLAN list assigned to the trunk port (by default all VLANs are allowed). This is the "hybrid" behavior you're describing. Leaving the native VLAN routable on trunks is what exposes people to double tagging VLAN hop methods for what it's worth.

JimmyNyholm, a Cisco trunk port will pass both tagged or untagged traffic depending on the allowed VLAN list assigned to the trunk port (by default all VLANs are allowed). This is the "hybrid" behavior you're describing. Leaving the native VLAN routable on trunks is what exposes people to double tagging VLAN hop methods for what it's worth.

Idlemind: you are right when talking to later 802.1q adaptations from cisco side. switchport mode trunk will still only accept taged frames on ingress (leaning back from the isl days before 802.q was ratified). You have to tell it to process untagged frames as well and that command is only available after certain version of the ios. We do agree upon that this will make even ciscos implementation leaning to hybrid.
My writing was to open up peoples mind to the idea of what is happening ingress and egress of a switchport, and to set some acronyms. To many techs think vlan is difficult when it's actually not just with the right mindset.

never connect vlan 0 from different vendors, never use spanning tree. Allways know what you are doing.

What's new in 6.41rc3 (2017-Jul-26 09:32):
*) ippool6 - try to assign desired prefix for client if prefix is not being already used;

[admin@rtr1] > ipv6 address add    
address  advertise  comment  copy-from  disabled  eui-64  from-pool  no-dad  interface

Running the command:

Code: Select all

/export

Hardware I tested against:

• RouterBOARD 750G r3
• RouterBOARD wAP G-5HacT2HnD
• RouterBOARD cAP L-2nD

The result I see in the print-out:

Code: Select all

#error exporting /system routerboard mode-button

I'm pretty sure it's benign but just thought I'd post it.

*) ipv6 - fixed IPv6 address request from pool (introduced in 6.41rc1);

[admin@migo] /ipv6 address> add address=::1/64 from-pool=netdsl-ipv6 interface=bridge-local advertise=yes
[admin@migo] /ipv6 address> print
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local 
 #    ADDRESS                                     FROM-POOL INTERFACE                                                                                                                                                                                                ADVERTISE
 0 DL fe80::d6ca:6dff:fea0:ff93/64                          bridge-local                                                                                                                                                                                             no       
 1 DL fe80::d6ca:6dff:fea0:ff92/64                          ether1-gateway                                                                                                                                                                                           no       
 2 DL fe80::d/64                                            pppoe-out1                                                                                                                                                                                               no       
 3  G 2001:4dd2:a7c1::1/64                        netdsl... bridge-local                                                                                                                                                                                             yes      

[admin@migo] /system> reboot
...
[admin@migo] /ipv6 address> print
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local 
 #    ADDRESS                                     FROM-POOL INTERFACE                                                                                                                                                                                                ADVERTISE
 0 IG 2001:4dd2:a7c1::1/64                        netdsl... bridge-local                                                                                                                                                                                             yes      
 1 DL fe80::d6ca:6dff:fea0:ff93/64                          bridge-local                                                                                                                                                                                             no       
 2 DL fe80::d/64                                            pppoe-out1                                                                                                                                                                                               no       
 3 DL fe80::d6ca:6dff:fea0:ff92/64                          ether1-gateway                                                                                                                                                                                         no       

[admin@migo] /ipv6 address> remove
numbers: 0
[admin@migo] /ipv6 address> add address=::1/64 from-pool=netdsl-ipv6 interface=bridge-local advertise=yes
[admin@migo] /ipv6 address> print
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local 
 #    ADDRESS                                     FROM-POOL INTERFACE                                                                                                                                                                                                ADVERTISE
 0 DL fe80::d6ca:6dff:fea0:ff93/64                          bridge-local                                                                                                                                                                                             no       
 1 DL fe80::d/64                                            pppoe-out1                                                                                                                                                                                               no       
 2 DL fe80::d6ca:6dff:fea0:ff92/64                          ether1-gateway                                                                                                                                                                                           no       
 3  G 2001:4dd2:a7c8::1/64                        netdsl... bridge-local

*) ippool6 - try to assign desired prefix for client if prefix is not being already used;

:1/64

*) ippool6 - try to assign desired prefix for client if prefix is not being already used;

So how do I use this feature?

Suppose my pool prefix is 2001:db8:/48 and I wish to assign subprefix 1234::1/64 from this pool onto interface ether1. How do I enter this?
Suppose further that I wish to define this in such a way that if the prefix changes in the future that I don't need to change anything in the router.

*) lte - fixed LTE not passing any traffic while in running state;

heaven - Please send supout file to support@mikrotik.com. Generate it while PPPoE client is not working. We have tested it locally and in general PPPoE client is working as suspected. There must be something very specific.

*) ipsec - allow to specify remote peer address as DNS name (CLI only);

*) sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;

make a new plain text file with contents:

Code: Select all

/system identity set name=ITWORKS

Save this file with name test.auto.rsc

Then upload it with SFTP. Check what your identity name is now.

make a new plain text file with contents:

Code: Select all

/system identity set name=ITWORKS

Save this file with name test.auto.rsc

Then upload it with SFTP. Check what your identity name is now.

Hello

is there any problem on PPPOE-out?

after upgrade they desapear.

Hello

is there any problem on PPPOE-out?

after upgrade they desapear.

pppoe-client configs disappear after upgrade.
It also invalidates the firewall and NAT configs because the interface has disappeared.

I reinstall the pppoe-client config and try enabling pppoe-client.
I monitor the interface but nothing happens.
I unplug and re-insert the Ethernet lead and the pppoe-out1 interface springs into life.

All this is on RB751G-2HnD

make a new plain text file with contents:

Code: Select all

/system identity set name=ITWORKS

Save this file with name test.auto.rsc

Then upload it with SFTP. Check what your identity name is now.

So, if I rename the 6.41rc6 .npk file to 6.41rc6.auto.npk and upload it a RouterBoard it will reboot into 6.41rc6?

So, it works for newer versions but not older versions. MikroTik please make it so you can downgrade RouterOS through this mechanic. If necessary make it a boolean value in the /ip service sftp settings to toggle allow/disallow software downgrades.

I'm looking for a way without netinstall to allow that action.

[bat@hgw2] /ip firewall nat> /sys package downgrade

I'm looking for a way without netinstall to allow that action.

sorry.
put your npk files on the /file section, then do a

Code: Select all

[bat@hgw2] /ip firewall nat> /sys package downgrade

it will ask for confirmation on reload, and then install whatever version you have on the files, so yes it is the way you downgrade your OS.
i hope i got it right this time.

idlemind - Which type of interface is the master interface of VLAN?

What's new in 6.41rc15 (2017-Aug-18 07:33):
*) lte - added passthrough support (CLI only);

*) lte - added passthrough support (CLI only);

*) ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2 (CLI only);

What's new in 6.41rc16 (2017-Aug-18 13:44):

Important note!!! Backup before upgrade!
RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload).
This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such.
Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions.
The rest of RouterOS Switch specific configuration remains untouched in usual menus for now.
Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

Changes since previous 6.41rc release:

*) ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2 (CLI only);
*) lcd - fixed unresponsive LCD (introduced in 6.41rc15);
*) lte - added passthrough support (CLI only);
*) traffic-flow - fixed reboots when IPv6 address has been set as target address without active IPv6 package;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.

/interface lte set lte1 apn=apn1/vlan600

Working on a new RB750Gr3 (hex). I installed 6.41rc9 and I'm unable to get an access port working for a VLAN on the new VLAN aware bridges. A similar configuration is working on a RB750Gr3 running 6,41rc6.

Code: Select all

  MMM      MMM       KKK                          TTTTTTTTTTT      KKK
  MMMM    MMMM       KKK                          TTTTTTTTTTT      KKK
  MMM MMMM MMM  III  KKK  KKK  RRRRRR     OOOOOO      TTT     III  KKK  KKK
  MMM  MM  MMM  III  KKKKK     RRR  RRR  OOO  OOO     TTT     III  KKKKK
  MMM      MMM  III  KKK KKK   RRRRRR    OOO  OOO     TTT     III  KKK KKK
  MMM      MMM  III  KKK  KKK  RRR  RRR   OOOOOO      TTT     III  KKK  KKK

  MikroTik RouterOS 6.41rc9 (c) 1999-2017       http://www.mikrotik.com/

[?]             Gives the list of available commands
command [?]     Gives help on the command and list of arguments

[Tab]           Completes the command/word. If the input is ambiguous,
                a second [Tab] gives possible options

/               Move up to base level
..              Move up one level
/command        Use command at the base level

[admin@rtr1] > export
# aug/07/2017 13:27:40 by RouterOS 6.41rc9
# software id = 247N-DPAI
#
# model = RouterBOARD 750G r3
# serial number = xxxxxxxxxxxx
/interface bridge
add admin-mac=6C:3B:6B:bb:xx:yy auto-mac=no fast-forward=no igmp-snooping=no name=br1 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name=eth1
set [ find default-name=ether2 ] name=eth2
set [ find default-name=ether3 ] name=eth3
set [ find default-name=ether4 ] name=eth4
set [ find default-name=ether5 ] name=eth5
/ip neighbor discovery
set eth1 discover=no
/interface vlan
add interface=br1 name=br1-vlan11 vlan-id=11
add interface=br1 name=br1-vlan12 vlan-id=12
add interface=br1 name=br1-vlan999 vlan-id=999
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=vlan11 ranges=10.214.11.100-10.214.11.199
add name=vlan12 ranges=10.214.11.100-10.214.11.199
add name=vlan13 ranges=10.214.11.100-10.214.11.199
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=br1 name=defconf
add address-pool=vlan11 disabled=no interface=br1-vlan11 name=vlan11
add address-pool=vlan12 disabled=no interface=br1-vlan12 name=vlan12
/interface bridge port
add bridge=br1 hw=no interface=eth2 pvid=11
add bridge=br1 hw=no interface=eth3
add bridge=br1 hw=no interface=eth4
add bridge=br1 hw=no interface=eth5
/interface bridge vlan
add bridge=br1 untagged=eth2 vlan-ids=11
/ip address
add address=192.168.88.1/24 comment=defconf interface=br1 network=192.168.88.0
add address=10.214.11.254/24 interface=br1-vlan11 network=10.214.11.0
add address=10.214.12.254/24 interface=br1-vlan12 network=10.214.12.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=eth1
/ip dhcp-server network
add address=10.214.11.0/24 dns-server=10.214.0.1 domain=123.local gateway=10.214.11.254
add address=10.214.12.0/24 dns-server=10.214.0.1 domain=123.local gateway=10.214.12.254
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall nat
add action=masquerade chain=srcnat ipsec-policy=out,none out-interface=eth1
/system package update
set channel=release-candidate
#error exporting /system routerboard mode-button
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=br1
add interface=br1-vlan11
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=br1
add interface=br1-vlan11

A packet capture shows STP frames and discovery frames from the relevant VLAN interface, in this case br-vlan11, but does not seem to forward other traffic. I'm unable to mac-telnet into the router despite allowing it on the br1-vlan11 interface. I cannot ping the IP address assigned to br-vlan11 despite seeing it in the CDP message in WireShark (both interface and IP).

Hallo!
After updating a RB922 with a Huawei ME909s-120 modem to 6.41RC16, the lte-interface doesn't switch in running mode. The status of the interface shows only one information: "Functionality == minimal", nothing else.
Is this a normal behavior in case of lte-passthrough or a bug?

regards

Hallo!
It is/was running perfect with 6.40.1 since it was released und before with 6.39.2. The Firmware of the modem is 11.617.06.00.00. To activate the logging is only with RC helpful, isn't it? I will try it once more in the evening.

Hallo!
It is/was running perfect with 6.40.1 since it was released und before with 6.39.2. The Firmware of the modem is 11.617.06.00.00. To activate the logging is only with RC helpful, isn't it? I will try it once more in the evening.

We tested and 909s-120 works with such firmware in RouterOS6.41rc16
Try to specify the init-delay in the System Routerboard settings to 9s and then reboot the board.
Also check if it works when you do a usb power reset option.

Hallo!
It is/was running perfect with 6.40.1 since it was released und before with 6.39.2. The Firmware of the modem is 11.617.06.00.00. To activate the logging is only with RC helpful, isn't it? I will try it once more in the evening.

We tested and 909s-120 works with such firmware in RouterOS6.41rc16
Try to specify the init-delay in the System Routerboard settings to 9s and then reboot the board.
Also check if it works when you do a usb power reset option.

So, after a bit of testing the solution was, that I have to do a usb power reset over CLI. Over Winbox it doesn't work and after the next reboot I have to handle the same procedure. I think there is a problem with the USB-power-reset after reboot in 6.41RC16. After a downgrade to 6.40.1 everything works fine.
The passthrough itself was working as expectet, but I can't set it on a VLAN, only physical interfaces are supported. Would it be possible to support Vlan-interfaces too?

I am having issues with CAPsMAN on 6.41rc13... Looks like cap interfaces with CAPsMAN forwarding do not pass any traffic.

Working on a new RB750Gr3 (hex). I installed 6.41rc9 and I'm unable to get an access port working for a VLAN on the new VLAN aware bridges. A similar configuration is working on a RB750Gr3 running 6,41rc6.

Code: Select all

  MMM      MMM       KKK                          TTTTTTTTTTT      KKK
  MMMM    MMMM       KKK                          TTTTTTTTTTT      KKK
  MMM MMMM MMM  III  KKK  KKK  RRRRRR     OOOOOO      TTT     III  KKK  KKK
  MMM  MM  MMM  III  KKKKK     RRR  RRR  OOO  OOO     TTT     III  KKKKK
  MMM      MMM  III  KKK KKK   RRRRRR    OOO  OOO     TTT     III  KKK KKK
  MMM      MMM  III  KKK  KKK  RRR  RRR   OOOOOO      TTT     III  KKK  KKK

  MikroTik RouterOS 6.41rc9 (c) 1999-2017       http://www.mikrotik.com/

[?]             Gives the list of available commands
command [?]     Gives help on the command and list of arguments

[Tab]           Completes the command/word. If the input is ambiguous,
                a second [Tab] gives possible options

/               Move up to base level
..              Move up one level
/command        Use command at the base level

[admin@rtr1] > export
# aug/07/2017 13:27:40 by RouterOS 6.41rc9
# software id = 247N-DPAI
#
# model = RouterBOARD 750G r3
# serial number = xxxxxxxxxxxx
/interface bridge
add admin-mac=6C:3B:6B:bb:xx:yy auto-mac=no fast-forward=no igmp-snooping=no name=br1 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name=eth1
set [ find default-name=ether2 ] name=eth2
set [ find default-name=ether3 ] name=eth3
set [ find default-name=ether4 ] name=eth4
set [ find default-name=ether5 ] name=eth5
/ip neighbor discovery
set eth1 discover=no
/interface vlan
add interface=br1 name=br1-vlan11 vlan-id=11
add interface=br1 name=br1-vlan12 vlan-id=12
add interface=br1 name=br1-vlan999 vlan-id=999
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=vlan11 ranges=10.214.11.100-10.214.11.199
add name=vlan12 ranges=10.214.11.100-10.214.11.199
add name=vlan13 ranges=10.214.11.100-10.214.11.199
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=br1 name=defconf
add address-pool=vlan11 disabled=no interface=br1-vlan11 name=vlan11
add address-pool=vlan12 disabled=no interface=br1-vlan12 name=vlan12
/interface bridge port
add bridge=br1 hw=no interface=eth2 pvid=11
add bridge=br1 hw=no interface=eth3
add bridge=br1 hw=no interface=eth4
add bridge=br1 hw=no interface=eth5
/interface bridge vlan
add bridge=br1 untagged=eth2 vlan-ids=11
/ip address
add address=192.168.88.1/24 comment=defconf interface=br1 network=192.168.88.0
add address=10.214.11.254/24 interface=br1-vlan11 network=10.214.11.0
add address=10.214.12.254/24 interface=br1-vlan12 network=10.214.12.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=eth1
/ip dhcp-server network
add address=10.214.11.0/24 dns-server=10.214.0.1 domain=123.local gateway=10.214.11.254
add address=10.214.12.0/24 dns-server=10.214.0.1 domain=123.local gateway=10.214.12.254
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall nat
add action=masquerade chain=srcnat ipsec-policy=out,none out-interface=eth1
/system package update
set channel=release-candidate
#error exporting /system routerboard mode-button
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=br1
add interface=br1-vlan11
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=br1
add interface=br1-vlan11

A packet capture shows STP frames and discovery frames from the relevant VLAN interface, in this case br-vlan11, but does not seem to forward other traffic. I'm unable to mac-telnet into the router despite allowing it on the br1-vlan11 interface. I cannot ping the IP address assigned to br-vlan11 despite seeing it in the CDP message in WireShark (both interface and IP).

I am seeing something very similar on a CRS210-8G-2S+ switch... CDP/LLDP passes just fine... I even get ARP in the right VLAN(s), but no dice when sending from the neighboring device on the same VLAN.

What's new in 6.41rc3 (2017-Jul-26 09:32):
*) ippool6 - try to assign desired prefix for client if prefix is not being already used;

I am having issues with CAPsMAN on 6.41rc13... Looks like cap interfaces with CAPsMAN forwarding do not pass any traffic.

The issue persists with 6.41rc16... Just downgraded to 6.41rc11 and wireless is up and running.

What's new in 6.41rc17 (2017-Aug-22 11:58):

Important note!!! Backup before upgrade!
RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload).
This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such.
Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions.
The rest of RouterOS Switch specific configuration remains untouched in usual menus for now.
Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

Changes since previous 6.41rc release:

*) bridge - fixed "R" state for bridge interfaces on x86 and CHR installations (introduced in v6.41rc12);
*) capsman - added "vlan-mode=no-tag" option;
*) ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2 (CLI only);
*) ipsec - allow to specify "remote-peer" address as DNS name;
*) lcd - fixed unresponsive LCD (introduced in v6.41rc15);
*) lte - added Passthrough support (CLI only);
*) pppoe - fixed invalid PPPoE server or client after reboot or "interface" edit (introduced in v6.41rc9);
*) snmp - fixed bridge host requests on devices with multiple bridge interfaces;
*) winbox - added possibility to define "comment" for "/routing bgp network" entries;
*) winbox - do not show LCD menu for devices which does not have it;
*) www - fixed unresponsive Web services (introduced in v6.40);

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.

irghost - What is the question about SXT LTE? Are you referring to Passthrough support? if you do, then take a look at this list:
https://wiki.mikrotik.com/wiki/Supporte ... and_modems

irghost - What is the question about SXT LTE? Are you referring to Passthrough support? if you do, then take a look at this list:
https://wiki.mikrotik.com/wiki/Supporte ... and_modems

*) lte - added Passthrough support (CLI only);

*) pppoe - fixed invalid PPPoE server or client after reboot or "interface" edit (introduced in v6.41rc9);

raffav - What do you mean with "don`t show up either"? Be more specific. This fixed as written in changelog "invalid PPPoE server or client after reboot or "interface" edit". Did you upgrade device and you see invalid (red) PPPoE server or client interface?

Hallo!
It is/was running perfect with 6.40.1 since it was released und before with 6.39.2. The Firmware of the modem is 11.617.06.00.00. To activate the logging is only with RC helpful, isn't it? I will try it once more in the evening.

We tested and 909s-120 works with such firmware in RouterOS6.41rc16
Try to specify the init-delay in the System Routerboard settings to 9s and then reboot the board.
Also check if it works when you do a usb power reset option.

So, after a bit of testing the solution was, that I have to do a usb power reset over CLI. Over Winbox it doesn't work and after the next reboot I have to handle the same procedure. I think there is a problem with the USB-power-reset after reboot in 6.41RC16. After a downgrade to 6.40.1 everything works fine.
The passthrough itself was working as expectet, but I can't set it on a VLAN, only physical interfaces are supported. Would it be possible to support Vlan-interfaces too?

Have you tried to specify that init-delay?
What does it show in the log when you enable the lte logging?
It should support the Vlan interface as well - what error message did it show?

What's new in 6.41rc18 (2017-Aug-24 07:52):

*) ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;

*) ipsec - allow to specify remote peer address as DNS name (CLI only);

does this mean ipsec tunnels can be established between 2 sites with dynamic ip addresses, so I can get rid of the additional L2TP Tunnel?

In road warrior setups, yes.

I am having issues with CAPsMAN on 6.41rc13... Looks like cap interfaces with CAPsMAN forwarding do not pass any traffic.

The issue persists with 6.41rc16... Just downgraded to 6.41rc11 and wireless is up and running.

Please provide us more info on your setup and how to reproduce the problem as we tested locally and the CAPsMAN forwarding is working.

Hallo!
It is/was running perfect with 6.40.1 since it was released und before with 6.39.2. The Firmware of the modem is 11.617.06.00.00. To activate the logging is only with RC helpful, isn't it? I will try it once more in the evening.

We tested and 909s-120 works with such firmware in RouterOS6.41rc16
Try to specify the init-delay in the System Routerboard settings to 9s and then reboot the board.
Also check if it works when you do a usb power reset option.

So, after a bit of testing the solution was, that I have to do a usb power reset over CLI. Over Winbox it doesn't work and after the next reboot I have to handle the same procedure. I think there is a problem with the USB-power-reset after reboot in 6.41RC16. After a downgrade to 6.40.1 everything works fine.
The passthrough itself was working as expectet, but I can't set it on a VLAN, only physical interfaces are supported. Would it be possible to support Vlan-interfaces too?

Have you tried to specify that init-delay?
What does it show in the log when you enable the lte logging?
It should support the Vlan interface as well - what error message did it show?

With RC17 I was able to set a Vlan for passthrough but the LTE-Modem doesn't start with 0,3,6 and 9 seconds init-delay. Also a total power-reset with a duration of more than 1 minute, didn't solve the problem. After a munual usb power-reset with a duration of 1 second, the LTE-interface starts. Tested with 2 RB922UAGS-5HPacT (current Firmware 3,41) with Huawei ME909s-120. With 3.40.1 or older I never had such problems (init-delay 1s)

We tested and 909s-120 works with such firmware in RouterOS6.41rc16
Try to specify the init-delay in the System Routerboard settings to 9s and then reboot the board.
Also check if it works when you do a usb power reset option.

So, after a bit of testing the solution was, that I have to do a usb power reset over CLI. Over Winbox it doesn't work and after the next reboot I have to handle the same procedure. I think there is a problem with the USB-power-reset after reboot in 6.41RC16. After a downgrade to 6.40.1 everything works fine.
The passthrough itself was working as expectet, but I can't set it on a VLAN, only physical interfaces are supported. Would it be possible to support Vlan-interfaces too?

Have you tried to specify that init-delay?
What does it show in the log when you enable the lte logging?
It should support the Vlan interface as well - what error message did it show?

With RC17 I was able to set a Vlan for passthrough but the LTE-Modem doesn't start with 0,3,6 and 9 seconds init-delay. Also a total power-reset with a duration of more than 1 minute, didn't solve the problem. After a munual usb power-reset with a duration of 1 second, the LTE-interface starts. Tested with 2 RB922UAGS-5HPacT (current Firmware 3,41) with Huawei ME909s-120. With 3.40.1 or older I never had such problems (init-delay 1s)

Could you make a support output file after the reboot when the interface doesn't work and send that to support@mikrotik.com?
The problem also happens when you are not using the passthrough mode?

How would one realize inter-vlan routing or generally vlan interfaces with the new bridge implementation?
Can't find anything on this except some emtpy placeholder topic in the Wiki.

/interface bridge add vlan-filtering=no name=br1

/interface vlan add interface=br1 vlan-id=11 name=br1-vlan11
/interface vlan add interface=br1 vlan-id=12 name=br1-vlan12

/ip address add interface=br-vlan11 address=10.99.11.254/24
/ip address add interface=br-vlan11 address=10.99.12.254/24

/interface bridge vlan add bridge=br1 vlan-ids=11 tagged=br1,ether4 untagged=ether2
/interface bridge vlan add bridge=br1 vlan-ids=12 tagged=br1,ether4 untagged=ether3

/interface bridge port add bridge=br1 interface=ether2 pvid=11 frame-types=admit-only-untagged-and-priority-tagged
/interface bridge port add bridge=br1 interface=ether3 pvid=12 frame-types=admit-only-untagged-and-priority-tagged
/interface bridge port add bridge=br1 interface=ether4 pvid=1 frame-types=admit-all

/interface bridge set [ find where name=br1 ] vlan-filtering=yes

What's new in 6.41rc20 (2017-Aug-29 06:41):

What's new in 6.41rc20 (2017-Aug-29 06:41):
*) bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;

Also I see there is new option Bridge Fast forward, what does it do?

*) bridge - implemented software based MSTP;

@andirys and mikrotik

*) bridge - implemented software based MSTP;

thank you for making this happen

...snip...
Ker-blamo, you have a 2 VLAN network with an access port in each and a trunk port on ether4 to uplink to your network.

- ipv6 - fixed IPv6 address request from pool (introduced in 6.41rc1);

RB2011UAS v6.41rc1 - rc20
IPv6 address assignment is broken State is 'invalid'


Just for INFO:
MikroTik have managed to reproduce the problem. The error only occurs with me and a few others. MikroTik are working on it. But I fear this will remain an eternal bug.
I can live with the router not to reboot.

Since 6.41rc13 the DHCPv6 client has no more prefix. The IPv6 address could therefore not be assigned manually. Since 6.41rc20 gets the DHCPv6 client again a prefix which I then manually assigned.

I can not test the feature with the dynamic subprefix.
- Ippool6 - try to assign the requested prefix for client if prefix is not being already used;

How would one realize inter-vlan routing or generally vlan interfaces with the new bridge implementation?
Can't find anything on this except some emtpy placeholder topic in the Wiki.

The example "InterVLAN Routing by Bridge" has been updated:
https://wiki.mikrotik.com/wiki/Manual:I ... _Bridge.29

How about HW switching if STP and Layer3 Routing is needed? (bridge vlan disables HW)

What's the difference between /interface ethernet switch vlan/ports and the bridge VLAN implementation?
What is the correct way to create a switch with multiple VLANs (tagged and untagged) with a management IP on a vlan?

I'm aware of that. VLAN aware bridges disables HW offload on small switches (RB750GL etc). I'd like to have routing (this will be in CPU) AND switching (in hardware) on the same device as it was possible before 6.41rc. STP is needed too. I don't see a way how to solve this.

Unfortunately, currently SXT LTE does not support passthrough mode.

irghost - What is the question about SXT LTE? Are you referring to Passthrough support? if you do, then take a look at this list:
https://wiki.mikrotik.com/wiki/Supporte ... and_modems

v6.41rc20 has some really cool stuff. I'm still having a problem with IGMP-Snooping where it drops an ACTIVE multicast group (after about 4-5 Min.). I'm not sure why it is doing this and to remedy it, I have to deactivate IGMP-Snooping and redeploy PIM (v6.40.2). I can't seem to find the ability to list the "Master Port" under Interface/Ethernet anymore. This might have been on purpose, just asking. I believe you folks are coming along nicely on IGMP-Snooping though it needs some tweaks (time will tell, right?). Would the ability to "Query" for IGMP Groups help in my case? Just spit-balling there..

Thanks,

-tp

Unfortunately, currently SXT LTE does not support passthrough mode.

irghost - What is the question about SXT LTE? Are you referring to Passthrough support? if you do, then take a look at this list:
https://wiki.mikrotik.com/wiki/Supporte ... and_modems

Is there a plan for this or even and ETA? SXT LTE is the ultimate platform to get this feature.

*) bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
.

DANGER

If you are running CAPSMAN avoid 6.41rc23

6.41rc23 breaks CAP communication with CAPSMAN, at least when using a tunelled datapath. Downgrading to 6.41rc20 does not fix the problem

Mikrotik support are aware of this issue.

DANGER

If you are running CAPSMAN avoid 6.41rc23

6.41rc23 breaks CAP communication with CAPSMAN, at least when using a tunelled datapath. Downgrading to 6.41rc20 does not fix the problem

Mikrotik support are aware of this issue.

Too late. My users complain that they are connected to the wifi, but there´s hardly any or only few traffic is getting through the connection.

You can download prior versions of the RC by manually adjusting the URL from the download page if you wanted to revert back to an RC that it still works at for you to retain the new bridge.

How are you connecting the CAP to the CAPsMAN? Are you using Local-forwarding or CAPsMAN forwarding? Are you using VLAN in our setup?

There is bug that after the downgrade from the newest RC you need to do a soft reboot of the board as the dhcp-client doesn't start in the first boot. Powercycle will not help, you need to do a sift reboot.

*) crs317 - added initial support for HW offloaded MPLS forwarding;

What's new in 6.41rc26 (2017-Sep-07 13:26):

Important note!!! Backup before upgrade!
RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload).
This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such.
Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions.
The rest of RouterOS Switch specific configuration remains untouched in usual menus for now.
Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

Changes since previous 6.41rc release:

!) bridge - general development of hw-offload bridge implementation (introduced in v6.40rc36);
*) chr - added KVM memory balloon support;
*) chr - added suspend support;
*) crs1xx/2xx - fixed 1 Gbps forced mode for several SFP modules;
*) crs317 - added initial support for HW offloaded MPLS forwarding;
*) dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
*) e-mail - auto complete file name on "file" parameter (introduced in v6.40);
*) eoip - made L2MTU parameter read-only;
*) hotspot - fixed missing "/ip hotspot server profile" if invalid "dns-name" was specified;
*) lte - added Passthrough support (CLI only);
*) lte - added support for ZTE ME3630 E1C;
*) lte - fixed mode initialization after reboot;
*) ppp - fixed missing PPP client interface after reboot (introduced in v6.41rc);
*) rb931-2nd - fixed startup problems (requires additional reboot after upgrade);
*) userman - fixed unresponsive RADIUS server (introduced in v6.40.3);
*) webfig - improved reliability of login process;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.

is there any news about SXT LTE?

Unfortunately, currently SXT LTE does not support passthrough mode.

What about netcut and ip scanner for who using hotspot and not managed switch with ubnt AP's ?

is there any news about SXT LTE?

Your question was already answered!

Unfortunately, currently SXT LTE does not support passthrough mode.

What about netcut and ip scanner for who using hotspot and not managed switch with ubnt AP's ?

Sorry, I don't understand, what are you talking about?

What's new in 6.41rc6 (2017-Aug-01 11:30):
[...]
*) ppp - added support for Sierra MC7750, Verizon USB730L;
[...]

is there any news about SXT LTE?

Your question was already answered!

Unfortunately, currently SXT LTE does not support passthrough mode.

Passthrough is not currently supported on SXT LTE and we do not have plans to implement such functionality in near future.

Passthrough is not currently supported on SXT LTE and we do not have plans to implement such functionality in near future.

Passthrough is not currently supported on SXT LTE and we do not have plans to implement such functionality in near future.