v6.48beta [testing] is released!

emils · Tue Jul 07, 2020 12:33 pm

Version 6.48beta12 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.48beta12 (2020-Jul-06 13:33):

Changes in this release:

*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - improved BPDU guard logging;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed HW offloading for netPower 15FR and netPower 16P devices (introduced in v6.47);
*) crs3xx - fixed increased CPU temperature for CRS354-48G-4S+2Q+ device (introduced in v6.47);
*) crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
*) defconf - fixed default configuration loading on RBmAPL-2nD;
*) defconf - improved default configuration generation on devices with changed wireless interface names;
*) dhcpv6-server - added ability to generate binding on first request;
*) dhcpv6-server - disallow changing binding's "prefix-pool";
*) dhcpv6-server - improved stability when changing server for static bindings;
*) dns - do not allow setting "forward-to" same as "name" or "regex";
*) dns - do not allow setting zero value IP addresses for "A" and "AAAA" records;
*) dns - do not use DoH for local queries when a server is specified;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) export - fixed HotSpot "address-per-mac" parameter export;
*) export - fixed RouterBOARD USB "type" parameter export;
*) fetch - show status "uploaded" instead of "downloaded" when uploading a file;
*) filesystem - fixed increased "sector writes" reporting (introduced in v6.47);
*) filesystem - improved long-term filesystem stability and data integrity;
*) ftp - fixed possible buffer overflow;
*) ike1 - allow using "my-id" parameter with XAuth;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - fixed initiator child SA init without policy;
*) ike2 - fixed policy reference for pending acquire;
*) ike2 - improved child SA rekeying process;
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - do not update peer endpoints for generated policy entries (introduced in v6.47);
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) kidcontrol - allow creating static device entries without assigned user;
*) lora - added "spoof-gps" parameter for fake GPS coordinate sending;
*) lora - fixed JSON statistics inaccuracies;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles (CLI only);
*) lte - added support for MTS 8810FT;
*) lte - fixed modem initialization when multiple modems are used simultaneously;
*) lte - fixed PDP authentication configuration for SIM7600;
*) metarouter - fixed image importing (introduced in v6.46);
*) ospf - improved route tag processing for OSPFv3;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) ppp - allow specifying pool name for "remote-ipv6-prefix-pool" parameter;
*) profile - fixed "unclassified" load reporting on PowerPC devices (introduced in v6.47);
*) qsfp - fixed auto-negotiation status;
*) qsfp - fixed break-out cable linking after reboot (introduced in v6.47);
*) qsfp - ignore FEC mode when set to fec91, only fec74 mode is supported (introduced in v6.47);
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboard - fixed "mode-button" support on SMIPS devices (introduced in v6.47);
*) routerboard - fixed "reset-button" menu presence on all devices;
*) smb - fixed possible memory leak;
*) smb - fixed SMB server (introduced in v6.47);
*) smb - limit active session count to 5 per connection;
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) supout - added "LoRa" section to supout file;
*) switch - fixed MAC address learning on switch-cpu port for Atheros8316, Atheros8227 and Atheros7240 switch chips;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) w60g - added "mdmg-fix" parameter for RBwAP60Gx3 (CLI only);
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed flag displaying under "IP/DNS/Static" table;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "BGP/Peer" menu;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - hide irrelevant switch port parameters;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - changed "station-roaming" default setting from "enabled" to "disabled";
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "egypt" regulatory domain information;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

eworm · Tue Jul 07, 2020 12:51 pm

Now non-wireless devices have issues with the default configuration script:

system;error;critical;13328;39528;13328 error while running customized default configuration script: expected end of command (line 1310 column 53)

This is on RB750GL.

emils · Tue Jul 07, 2020 1:08 pm

Can you please send the supout.rif file from your device to support@mikrotik.com?

whatever · Tue Jul 07, 2020 1:42 pm

*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;

Is this comparable to "ondemand" scheduler from x86 linux? Any numbers on expected power savings when the device is idle?

santyx32 · Tue Jul 07, 2020 2:03 pm

I wonder what's the real advantage of running my router with ondemand scheduler?

eworm · Tue Jul 07, 2020 2:15 pm

I wonder what's the real advantage of running my router with ondemand scheduler?

It saves power and runs less hot.

morf · Tue Jul 07, 2020 2:15 pm

What does "Bridge Port Extender" mean ? MLAG ?

msatter · Tue Jul 07, 2020 2:15 pm

Can you please send the supout.rif file from your device to support@mikrotik.com?

And on the 4011RM and the hEX-S the same error message:

648beta12-error.JPG

13:04:38 system,error,critical error while running customized default configuration script: expected end of command (line 1310 column 53) 
13:04:38 system,error,critical

emils · Tue Jul 07, 2020 2:28 pm

msatter Do you have custom set of packages installed and wireless package is not installed?

msatter · Tue Jul 07, 2020 2:45 pm

msatter Do you have custom set of packages installed and wireless package is not installed?

648beta12-pack.JPG

I also lost direct Winbox access to my 4011RM which is behind the the hEX-S and now only able to connect through Romon. The configuration did not change and Winbox just flashes by on my screen. For the safety I revered to 6.47 on my hEX-S.

Update.
The TikAPP can access the 4011 directly without problem. Really strange!

Update:
Ignoring the saved VIW file gives access again and I hope that this will not happen again and I have to make backups of those VIW files in case of that.

eworm · Tue Jul 07, 2020 2:52 pm

msatter Do you have custom set of packages installed and wireless package is not installed?

Correct. My system has system, dhcp, advanced-tools & security installed. Opened SUP-21264 with support output.

honzam · Tue Jul 07, 2020 3:07 pm

On ARM: Check for updates: ERROR: file not found

emils · Tue Jul 07, 2020 3:17 pm

The default configuration script error message will be fixed in the next release. Thank you for reporting.
honzam Is there a specific package that is missing? What packages are installed on the device?

honzam · Tue Jul 07, 2020 3:21 pm

eworm · Tue Jul 07, 2020 3:30 pm

*) dns - do not use DoH for local queries when a server is specified;

This is about forwarding? Looks like queries are still sent via DoH for me.

*) dns - do not use type "A" for static entries with unspecified type;

I do not understand that one... How could type be "A" and unspecified at the same time?

nkourtzis · Tue Jul 07, 2020 3:31 pm

On ARM: Check for updates: ERROR: file not found

Not only on ARM. They probably withdrew the build due to the problems mentioned above.

msatter · Tue Jul 07, 2020 3:33 pm

See:

I had that same message on my hEX-S, so I manually uploaded the firmware file.

@nkourtzis: It happened even before any reports were made so not likely that the files have been removed.

doneware · Tue Jul 07, 2020 4:03 pm

crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);

is this 802.1BR?

if so, how long until we get also support for this in CCRs? i'd love to see ports from port extenders to show up as 'virtual ports' on the connected CCRs...

nkourtzis · Tue Jul 07, 2020 5:15 pm

Trying to upgrade but getting "not enough space for upgrade" after downloading and on rebooting, on a mAP 2nD, with the following packages installed:

Advanced Tools

DHCP

IPv6

LTE

NTP

PPP

Routing

Security

System

Wireless

Indeed, the "HDD space" is reported as 76 KiB without any files on it. This 16MB flash thing is becoming more and more annoying...

Jotne · Tue Jul 07, 2020 8:56 pm

*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) crs3xx - fixed HW offloading for netPower 15FR and netPower 16P devices (introduced in v6.47);
*) crs3xx - fixed increased CPU temperature for CRS354-48G-4S+2Q+ device (introduced in v6.47);
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) filesystem - fixed increased "sector writes" reporting (introduced in v6.47);
*) ipsec - do not update peer endpoints for generated policy entries (introduced in v6.47);
*) metarouter - fixed image importing (introduced in v6.46);
*) profile - fixed "unclassified" load reporting on PowerPC devices (introduced in v6.47);
*) qsfp - fixed break-out cable linking after reboot (introduced in v6.47);
*) qsfp - ignore FEC mode when set to fec91, only fec74 mode is supported (introduced in v6.47);
*) routerboard - fixed "mode-button" support on SMIPS devices (introduced in v6.47);
*) smb - fixed SMB server (introduced in v6.47);

Maybe there should be some more testing before new version is released?
10 errors was introduced in 6.47
2 errors was introduced in 6.46
That is 12 in total, maybe more that still are not found.

Where is 6.47.1 to fix errors introduced in 6.47?
I was hoping for no 6.48, but for 7.0beta

msatter · Tue Jul 07, 2020 10:31 pm

There seems to be testing but internal. We start 6.48 at version beta twelve.

The flash write counter is a big problem despite it not be actual writes. It will decrease the resell value of your router because the write counter is extremely high due to this bug. This bug alone should have been tackled by 6.47.1 version at a earlier moment.

I don't think it is wise to have two active beta's side by side, being developed.

DarkNate · Tue Jul 07, 2020 11:11 pm

*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) ppp - allow specifying pool name for "remote-ipv6-prefix-pool" parameter;

Does any of these changes mean it will help with this viewtopic.php?f=13&t=162930?

mikrotikedoff · Tue Jul 07, 2020 11:52 pm

There will continue to be 6.X versions for the foreseeable future as not all the chip sets out there will be able to support the new linux kernel in 7.X

@msatter What feature sets are you using in the versions with the flash write counter issue that are preventing you from just rolling back to a version without this issue?

mducharme · Wed Jul 08, 2020 12:15 am

There will continue to be 6.X versions for the foreseeable future as not all the chip sets out there will be able to support the new linux kernel in 7.X

What is not able to support the new linux kernel in v7? (other than really old devices, ex. mipsle)

From what I have seen, any MikroTik model that is currently sold works with v7, and probably most of those from the past several years that have been discontinued.

msatter · Wed Jul 08, 2020 1:46 am

@msatter What feature sets are you using in the versions with the flash write counter issue that are preventing you from just rolling back to a version without this issue?

I am sorry, but I won't go for that.

emils · Wed Jul 08, 2020 9:06 am

Upgrade issues from System Package menu should be resolved now.

corp9592 · Wed Jul 08, 2020 1:14 pm

*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) crs3xx - fixed HW offloading for netPower 15FR and netPower 16P devices (introduced in v6.47);
*) crs3xx - fixed increased CPU temperature for CRS354-48G-4S+2Q+ device (introduced in v6.47);
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) filesystem - fixed increased "sector writes" reporting (introduced in v6.47);
*) ipsec - do not update peer endpoints for generated policy entries (introduced in v6.47);
*) metarouter - fixed image importing (introduced in v6.46);
*) profile - fixed "unclassified" load reporting on PowerPC devices (introduced in v6.47);
*) qsfp - fixed break-out cable linking after reboot (introduced in v6.47);
*) qsfp - ignore FEC mode when set to fec91, only fec74 mode is supported (introduced in v6.47);
*) routerboard - fixed "mode-button" support on SMIPS devices (introduced in v6.47);
*) smb - fixed SMB server (introduced in v6.47);
Maybe there should be some more testing before new version is released?
10 errors was introduced in 6.47
2 errors was introduced in 6.46
That is 12 in total, maybe more that still are not found.

Where is 6.47.1 to fix errors introduced in 6.47?
I was hoping for no 6.48, but for 7.0beta

I actually has the same though. The v6.47 is supposed to be the stable one, but with that bug fixing I am not inclined to deploy it to my Tik.

krafg · Wed Jul 08, 2020 7:32 pm

*) lte - fixed modem initialization when multiple modems are used simultaneously;

Updated RBM33G and LtAP LTE kit successfully.

R11e-LTE-US keeps working well after update.

Regards.

arendn · Wed Jul 08, 2020 7:35 pm

*) w60g - added "mdmg-fix" parameter for RBwAP60Gx3 (CLI only);

After update no traffic flows through to station devices. cannot mactel to them or macping. Downgraded back to 6.46.6

Thu Jul 09, 2020 2:36 am

crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);

is this 802.1BR?

Yes it is 802.1BR

if so, how long until we get also support for this in CCRs? i'd love to see ports from port extenders to show up as 'virtual ports' on the connected CCRs...

I wondered the same thing. I suspect it may come fairly quickly, the CCR2004 is using it internally, so the code is already in place.

encorer · Thu Jul 09, 2020 12:36 pm

Testing the hap ac ^ 2 router with a 0-1% CPU load showed that there is no difference between the power consumption of 6.47 and 6.48beta12 firmware. In both cases, it is 5.2-5.4W

emils · Thu Jul 09, 2020 1:21 pm

Did you enable the on demand CPU scaling?

/system routerboard settings set cpu-frequency=auto

encorer · Thu Jul 09, 2020 2:40 pm

/system routerboard settings set cpu-frequency=auto

Now I tried it, the result: with any frequency, consumption does not change, only the full load on the processor increases it by about one watt.

mkx · Thu Jul 09, 2020 3:00 pm

Weird stuff ... the cpu-frequency setting. On my RB951G running ROS 6.46.5 it is possible to set cpu-frequency as well as cpu-mode ... which can be set to either regular or power-save. However, both print output and export keep quiet about this setting regardless the value. I'm not going to bother measuring the power draw to check if there's a difference.
On my RBD52G (hAP ac2) running same ROS version it is not possible to set cpu-mode ... it is not listed as possible argument to set command.

la2185x · Thu Jul 09, 2020 3:52 pm

OK, Question, is it possible to provide an overview of the properties and syntax of the port-controller and port-extender CLI menu? This would be helpful and much appreciated

crs3xx - added initial Bridge Port Extender support (CLI only);
crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);

cheers

H

onnoossendrijver · Thu Jul 09, 2020 4:12 pm

Let me tell you that this 802.1BR support makes me very excited

nithinkumar2000 · Thu Jul 09, 2020 9:48 pm

What's new in 6.48beta12 (2020-Jul-06 13:33):

Changes in this release:

*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) ppp - allow specifying pool name for "remote-ipv6-prefix-pool" parameter;

-
FInally some effort by Mikrotik Team for development of IPv6.

Please add Radius Accounting for Delegated-IPv6-Prefix over PPPOE

osc86 · Fri Jul 10, 2020 12:56 am

Still no fix mentioned for discarded IPv6 Neighbor solicitations entering the bridge when igmp-snooping is enabled.
It's really annoying not being able to use IPv6 and igmp-snooping together on the same bridge.

nithinkumar2000 · Fri Jul 10, 2020 11:38 am

I Wonder why still many people are not demanding IPv6 features.
IPv6 is now in trend and it is really beneficial because it consumes less resource and No NAT tensions....

Chupaka · Fri Jul 10, 2020 12:07 pm

No NAT tensions....

Multihoming and load balancing?..

nithinkumar2000 · Fri Jul 10, 2020 12:32 pm

No NAT tensions....
Multihoming and load balancing?..

BGP Multihoming can be done but not sure about Load balancing...... Well for ISP always NAT is the biggest problem. So much of tension in maintaing NAT Logs and also issues with Govt. Sites when Multiple Clients use same Public IP...

I Hope IPv6 is the only solutions to these set of issues...

Sob · Fri Jul 10, 2020 6:54 pm

BUG: DNS resolution fails for TXT records containing multiple strings.

Another user reported the problem here. I see slightly different results:

- client sends query to RouterOS device (e.g. "dig mail2._domainkey.mail.ru TXT @<routeros device>")
- RouterOS sends query to upstream resolver
- upstream resolver sends response
- RouterOS ignores response
- RouterOS retries previous two steps few times
- RouterOS sends server failure to client

In any case, it's broken. If there's only one string in TXT record, it works correctly. But if there are more, it fails. Other examples:

pp-epsilon1._domainkey.mail.paypal.com
softmaker_com_2018._domainkey.softmaker.com

I guess it's probably broken since DNS changes in 6.47.

nescafe2002 · Fri Jul 10, 2020 8:23 pm

Sob, If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

Edit: Issue has been reported to support (SUP-22228)

mattgorecki · Wed Jul 15, 2020 10:36 am

*) w60g - added "mdmg-fix" parameter for RBwAP60Gx3 (CLI only);
After update no traffic flows through to station devices. cannot mactel to them or macping. Downgraded back to 6.46.6

Upgraded a pair of Wireless Wire dishes and experienced the same thing. Link comes up but passes no traffic, not even mactel. Downgraded both sides to 6.47.1 for it to work again.

msatter · Wed Jul 15, 2020 9:17 pm

msatter
I also lost direct Winbox access to my 4011RM which is behind the the hEX-S and now only able to connect through Romon. The configuration did not change and Winbox just flashes by on my screen. For the safety I revered to 6.47 on my hEX-S.

Update.
The TikAPP can access the 4011 directly without problem. Really strange!

Update:
Ignoring the saved VIW file gives access again and I hope that this will not happen again and I have to make backups of those VIW files in case of that.

I lost again my setting and the only thing I did was use "shown columns" and I had this time a backup to restore the current config. This is really nasty that Winbox 3.24 and Beta 6.48-12 is causing this!

bobaoapae · Sun Jul 19, 2020 1:31 am

Hello, i have a RouterBoard Hex S, and on version 6.47.1 or 6.48.beta12, the dns server stop resolving certains domains after randomly time without any error on log.. I tested with and without DoH enabled, i don't know how to send info to check this issue, logs on WinBox don't show any error, after reboot DNS has back work.. I has do a downgrade to long term version and no issue has been in 3 days, on versions 6.47 or 6.48 dns stop working every day.

nescafe2002 · Sun Jul 19, 2020 1:55 am

i don't know how to send info to check this issue, logs on WinBox don't show any error, after reboot DNS has back work..

When DNS is unresponsive again, before rebooting: add logging topic dns, perform name lookup from client, generate supout.rif, download supout.rif and send it to support.

rooted · Sun Jul 19, 2020 2:47 am

hAP AC² updated and so far everything is working fine, maybe a couple hundred kilobytes more free memory is all I've noticed immediately.

Will let it settle in and see if anything pops up.

rooted · Sun Jul 19, 2020 12:56 pm

There seems to be testing but internal. We start 6.48 at version beta twelve.

The flash write counter is a big problem despite it not be actual writes. It will decrease the resell value of your router because the write counter is extremely high due to this bug. This bug alone should have been tackled by 6.47.1 version at a earlier moment.

I don't think it is wise to have two active beta's side by side, being developed.

Are these devices known to have an issue with the memory failing? I've had dd-wrt devices flashed and written to for 10+ years without failure, and these devices had new firmware flashed at least twice a month.

pe1chl · Fri Jul 24, 2020 12:35 am

I found that reset to defaults does not work correctly when only part of the packages is installed.
For example, I typically use only these packages on routers without wireless interface:
- advanced-tools
- dhcp
- ipv6
- ppp
- routing
- security
- system

So, no hotspot, mpls, wireless.
When such a router is reset to defaults, it will not be configured with defaults. It can only be accessed via MAC address.

Before I reset to defaults, I had the issue mentioned in reply #8 viewtopic.php?p=804449#p804449
(I did the reset because of that)

MRYAN81 · Mon Jul 27, 2020 10:49 pm

While using 6.48beta12 on a CCR1009, I noticed that my WAN IP isn't being obtained automatically. After the modem resets or looses service, the router doesn't not obtain a IP on IPv4. IPv6 seems to work fine. On the IPv4 side it just shows renewing, but appears to be passing traffic. If I click release, it grabs it with no issues.

petrb · Tue Jul 28, 2020 5:45 pm

Thanks for working on IPv6 ... please implement also "Framed-IPv6-Route" RADIUS attribute for DHCPv6. You are in half away. Thanks. Petr

Ivoshiee · Fri Aug 07, 2020 6:25 am

*) w60g - added "mdmg-fix" parameter for RBwAP60Gx3 (CLI only);
After update no traffic flows through to station devices. cannot mactel to them or macping. Downgraded back to 6.46.6

What ever it is supposed to do or what device it shall affect, but all my ptp w60g do the same - links are up, romon can see them and even ssh into them, but no ip traffic or even arp is working.

I will try to get downgrade to v6.47.1.

petrb · Sat Aug 08, 2020 7:24 pm

Hi,... bug - IPv6 prefix leases from dhcpv6 server (set via radius) are not marked as used in "ipv6 pool user prefixes". This can create prefix conflict. Works fine for the IPv4 dhcp+radius.

/ipv6 pool
add name=pool1 prefix=2a01:5e0:501::/48 prefix-length=56
/ipv6 dhcp-server
add address-pool=pool1 interface=bridge1 lease-time=10m name=server1 use-radius=yes
/ipv6 pool used print ///empty table, not posting :)
/ipv6 dhcp-server binding print 
Flags: X - disabled, R - radius, D - dynamic 
 #   ADDRESS                                                          DUID                    SERVER                    STATUS 
 0 RD 2a01:5e0:501:f00::/56                                            0xb869f499c7f8          server1                   bound

Same for IPv4, but used IP is successfully set as used.

Thanks.

rushlife · Wed Aug 12, 2020 12:02 pm

what about 6.48Beta23 ??

msatter · Wed Aug 12, 2020 2:05 pm

what about 6.48Beta23 ??

Context?

rushlife · Wed Aug 12, 2020 4:14 pm

ROS 6.48Beta23 should bring fix for CRS354 switches.
And it is "unpublic" release....

msatter · Wed Aug 12, 2020 4:25 pm

ROS 6.48Beta23 should bring fix for CRS354 switches.
And it is "unpublic" release....

Do you know if there is also a Beta48 fix for the crashing Winbox (64) the next time after you alter any columns in Winbox? Before testing backup your Winbox config files because the one altered has become unusable.

msatter · Fri Aug 14, 2020 4:19 pm

More than a month without an update of the 6.48 beta. That is a long time.

eworm · Fri Aug 14, 2020 5:00 pm

Indeed... We are bored, give us something to play with!

msatter · Fri Aug 14, 2020 8:16 pm

I want to change the shown collumns in Winbox and that it survive than the current session. Not blowing up in my face each time so that I have to restore a back session and start from scratch.

My orignal session was destroyed by 6.48 so I had to use one from a different router to have atleast some columns.

Yes it a beta but you don't expect it destroy your saved sessions by Winbox.

pe1chl · Fri Aug 14, 2020 8:19 pm

Is that a 6.48 bug or a winbox bug or a combined bug of these two?
I am still using winbox 3.21 because of big problems with newer versions, and I do not see this problem when connecting to 6.48beta12

msatter · Fri Aug 14, 2020 10:56 pm

Using a non 6.48 is no problem. It is a problem caused by 6.48beta12 and it does corrupt the saved sessions by Winbox. I use Winbox 3.24 64 bits.

pe1chl · Sat Aug 15, 2020 8:46 am

But it doesn't with winbox 3.21, that is why I think it may be a winbox bug just as well. Changes were made in winbox for scaling and it also
affects me on older RouterOS releases! I cannot reliably "drag" things anymore in winbox, they are dropped at random positions.
When I drag a column width, the width jumps to a very wide value. When I drag a line in the firewall rule set, it is dropped at a random place.

This makes winbox >3.21 (including 3.24) completely unusable for me. So I stick to 3.21 for now, I tried the beta on a CHR, and I do not observe the problem you noticed.

ricardobrock · Tue Aug 18, 2020 1:20 pm

Does this version also include "Delegated-IPv6-Prefix" for PPP ? And if not, is there a ETA for this?

emils · Wed Aug 19, 2020 10:52 am

Version 6.48beta27 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.48beta27 (2020-Aug-18 06:20):

Changes in this release:

*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved stability when forcing 25G speed on unsupported interface;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - fixed host table update on SNMP query;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - show "H" flag for extended bridge ports;
*) certificate - clear challenge password on renew;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed hardware offloaded MPLS forwarding when using bonding interfaces;
*) crs3xx - fixed QSFP+ interface LEDs when using break-out cable for CRS326-24S+2Q+;
*) crs3xx - fixed QSFP+ interface linking after reboot for CRS326-24S+2Q+ (introduced in v6.47);
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved system stability when using hardware offloaded MPLS;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use "static" interface list by default instead of "!dynamic";
*) dot1x - fixed duplicate EAP request packets for server;
*) dot1x - fixed EAP packet version numbering;
*) fetch - show status "uploaded" instead of "downloaded" when uploading a file;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - do not verify Hotspot interface status when detecting if HTTP/HTTPS login method is allowed;
*) hotspot - ignore packets from host while MAC authentication is in progress;
*) interface - added new builtin "static" interface list;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) kidcontrol - fixed "time-unlimited-rate" to engage in correct time;
*) l2tp - fixed multiple tunnel establishment from the same remote IP address (introduced in v6.47);
*) lora - expose "joinEui" un "devEui" values in the log;
*) lora - fixed "spoof-gps" parameter padding (introduced in v6.47.1);
*) lte - added "comment" parameter for APN profiles;
*) lte - fixed dynamic DHCP client creation when editing APN profile;
*) lte - fixed multiple passthrough APN default route installation;
*) lte - fixed RSCP value reporting;
*) lte - validate interface existence on initiation;
*) ospf - fixed case when changing one distribution metric changed metrics for other distribution options;
*) ospf - fixed disappearing NSSA default route;
*) ospf - fixed processing of "unknown" LSA type;
*) ospf - optimized LSA printing for smaller message sizes;
*) poe - fixed "power-cycle" functionality on RB960GSP;
*) ppp - fixed PPP interface editing for the first time after reboot or after 20 seconds;
*) routerboot - fixed etherboot FCS errors with 100Mbps rate for CRS309, CRS317 devices ("/system routerboard upgrade" required);
*) routerboot - fixed memory test on CCR2004-1G-12S+2XS ("/system routerboard upgrade" required);
*) sfp - stabilized CRS212 SFP port functionality and improved monitoring of optical modules;
*) sftp - fixed "flash" directory access (introduced in v6.46);
*) smb - fixed file path validation (introduced in v6.46);
*) snmp - fixed "current" value reporting on CCR series devices;
*) snmp - fixed "fan-speed" value reporting on CCR series devices;
*) ssh - skip interactive authentication when not running in interactive mode;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) traffic-flow - added NAT event logging support for IPFIX;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) webfig - fixed negative value usage in "spoof-gps" parameter (introduced in v6.47.1);
*) wireless - added support for U-NII-2 for cAP ac;
*) wireless - added support for U-NII-2 for wAP ac;
*) wireless - updated "canada" regulatory domain information;
*) wireless - updated "indonesia5" regulatory domain information;
*) wireless - updated "no_country_set" regulatory domain information;
*) wireless - updated "united states" regulatory domain information;
*) www - improved WWW service stability when receiving bogus packets;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

msatter · Wed Aug 19, 2020 1:03 pm

My Winbox crash on start, is gone with Beta 27. This happened when I added/deleted/changed a column to any viewing box. Many thanks.

rushlife · Wed Aug 19, 2020 1:19 pm

6.48beta27 installed on my CRS354, so we will see.
Anyway - thx for your hard work / mikrotik team.

btw.after install I see in log this :
system,error,critical,,, error while running customized default configuration script: expected end of command (line 1315 column 53)

eworm · Wed Aug 19, 2020 1:27 pm

btw.after install I see in log this :
system,error,critical,,, error while running customized default configuration script: expected end of command (line 1315 column 53)

Me too. Reported for 6.47beta12 as SUP-21264, just re-opened.

emils · Wed Aug 19, 2020 2:15 pm

My mistake. The fix was not properly pushed in the build. The issue is with non-present wireless package on the router. Will make sure it is fixed in the next build.

marekm · Thu Aug 20, 2020 8:22 pm

*) wireless - added support for U-NII-2 for cAP ac;
*) wireless - added support for U-NII-2 for wAP ac;

Which U-NII-2 ecactly: 2A, 2B or 2C?
5350-5470 MHz is U-NII-2B; 2A and 2C were already supported weren't they? Or do you mean in some specific countries?

yacq · Thu Aug 20, 2020 10:24 pm

What is controlling bridge?

anthonws · Mon Aug 24, 2020 10:23 am

Upgrading 2011UiAS-2HnD from beta 12 to beta 27 puts router in bootloop (stuck). Last message is "Starting services" and then router reboots.

Downgraded to beta 12 and restored configuration.

Kindis · Mon Aug 24, 2020 3:45 pm

*) wireless - added support for U-NII-2 for cAP ac;
*) wireless - added support for U-NII-2 for wAP ac;
Which U-NII-2 ecactly: 2A, 2B or 2C?
5350-5470 MHz is U-NII-2B; 2A and 2C were already supported weren't they? Or do you mean in some specific countries?

I was also confused by this but I think this is an unlock for US as I think all U-NII-2 bands where locked on US equipment. So for me with EU equipment do not have to care about this.

Ivoshiee · Wed Aug 26, 2020 1:01 pm

*) w60g - added "mdmg-fix" parameter for RBwAP60Gx3 (CLI only);
After update no traffic flows through to station devices. cannot mactel to them or macping. Downgraded back to 6.46.6
What ever it is supposed to do or what device it shall affect, but all my ptp w60g do the same - links are up, romon can see them and even ssh into them, but no ip traffic or even arp is working.

I will try to get downgrade to v6.47.1.

With the latest beta I went in more cautious mode and did not upgrade too many devices before finding out it being still broken. What is with that?

Btw: Make romon tool capable of transferring files, so that testing of broken firmwares will go more smoothly or so.

Edit: Suppout files as well:
http://ranume.levikom.ee/mikrotik/w60g/ ... supout.rif
http://ranume.levikom.ee/mikrotik/w60g/ ... supout.rif

mducharme · Wed Sep 02, 2020 12:29 am

I have a question about this 802.1BR support. I understand there is this idea of a controlling bridge, which would be like a master switch. What happens if this goes down? Is it a single point of failure?

With traditional proprietary stacking solutions from other vendors, the stacked units sync their config so that if one goes down the others continue operating, which prevents one from being a single point of failure.

emils · Wed Sep 02, 2020 2:29 pm

Version 6.48beta35 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.48beta35 (2020-Sep-02 07:50):

Changes in this release:

*) bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
*) bridge - fixed BPDU guard port disable/enable on HW offloaded interfaces;
*) bridge - fixed host table update on SNMP query;
*) bridge - fixed multicast table printing;
*) bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
*) bridge - fixed STP alternate and backup port states for devices with switch chip (introduced in v6.47);
*) bridge - increased multicast table size to 4K entries;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch ACL rules for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch port "egress-rate" removal for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices without wireless package installed;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID (CLI only);
*) discovery - allow choosing which discovery protocol is used (CLI only);
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) dns - added IPv6 support for DoH;
*) dns - fixed multiple TXT string replies;
*) dns - hide default static entry "type" from export;
*) fetch - fixed "src-address" usage for SFTP;
*) filesystem - improved long-term filesystem stability and data integrity;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - improved management service stability when receiving bogus packets;
*) ike2 - fixed local side NAT detection;
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) lte - added support for Alcatel IK41VE1;
*) snmp - fixed value types for "dot1dStp";
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added "sys-init-time" parameter support;
*) wireless - allow setting "tx-power" up to 40;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

Sob · Wed Sep 02, 2020 5:08 pm

*) ipsec - refresh peer's DNS only when phase 1 is down;

Tiny little problem with this, it keeps resolving hostname even when peer is disabled. It doesn't break anything, but it's unnecessary.

osc86 · Wed Sep 02, 2020 6:15 pm

*) discovery - allow choosing which discovery protocol is used (CLI only);
EDIT: just found out, you can choose multiple protocols, comma separated. Thanks for this welcome change, I can finally disable cdp.

ludvik · Thu Sep 03, 2020 12:27 am

/tool snmp-get working??? Last functional version is 6.45.6 ... SUP-8826

UpRunTech · Thu Sep 03, 2020 1:19 am

Emils, what does this mean exactly?

*) crs3xx - fixed switch ACL rules for CRS312, CRS326-24S+2Q+ and CRS354 devices;

I am using rules to prioritise traffic - does this mean they may not have been working up until this point? Which rule settings or behaviours were broken?

emils · Thu Sep 03, 2020 8:22 am

Tiny little problem with this, it keeps resolving hostname even when peer is disabled. It doesn't break anything, but it's unnecessary.

Unable to reproduce such behavior. Do you see actual DNS requests going out the router? How are you determining the hostname is being resolved when the peer is disabled?

EDIT: Reproduced. Should be resolved in the next build.

Florian · Thu Sep 03, 2020 4:53 pm

"*) dns - added IPv6 support for DoH;"

Not sure this is working ? The DoH server I'm using is https://doh.opendns.com/dns-query , and I see requests to 146.112.41.2 , but none to 2620:119:fc::2

olivier2831 · Tue Sep 08, 2020 2:01 pm

Version 6.48beta35 has been released.
...
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID (CLI only);

Is this feature enough to automatically assign IP Phones to specific VLAN (ie configuring a VoiceVLAN per port) ?

eworm · Tue Sep 08, 2020 2:11 pm

Not sure this is working ? The DoH server I'm using is https://doh.opendns.com/dns-query , and I see requests to 146.112.41.2 , but none to 2620:119:fc::2

I guess IPv4 is still preferred if a domain resolves with A and AAAA record. Try a domain that has just an AAAA record or use IPv6 address.

skylark · Tue Sep 08, 2020 2:18 pm

IPv6 DoH will work with:

set use-doh-server="https://[2606:4700:4700::1111]/dns-query"

LynxChaus · Wed Sep 09, 2020 12:15 am

*) ipsec - do not kill connection when peer's "name" or "comment" is changed;

Wow. It's possible to make this change for vpls, pptp, openvpn interfaces too?

pe1chl · Wed Sep 09, 2020 12:02 pm

*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
Wow. It's possible to make this change for vpls, pptp, openvpn interfaces too?

In fact this should be done for every possible item in the config. Don't know what is the exact status now, but I have seen many things go down-up when changing only a comment.

notToNew · Wed Sep 09, 2020 12:18 pm

In fact this should be done for every possible item in the config. Don't know what is the exact status now, but I have seen many things go down-up when changing only a comment.

netwatch too, just changing the comment should not update the uptime

Ivoshiee · Thu Sep 10, 2020 11:09 pm

May we expect the 60G devices to still be broken?

emils · Tue Sep 15, 2020 3:18 pm

Version 6.48beta40 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.48beta40 (2020-Sep-14 13:34):

Changes in this release:

*) arm64 - improved reboot reason reporting in log;
*) bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
*) bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
*) bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
*) conntrack - automatically reduce connection tracking timeouts when table is full;
*) console - allow "once" parameter for bonding monitoring;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
*) crs3xx - fixed IGMP snooping for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) detnet - fixed malformed dummy DHCP User Class option;
*) detnet - use MAC address from bridge interface instead of slave port;
*) dhcpv4-server - improved "client-id" value parsing;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) leds - fixed LED type setting;
*) smb - fixed possible memory leak;
*) sms - fixed SMS sending when both "interface" and "smsc" parameters are specified;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - fixed "/tool snmp-get" functionality (introduced in v 6.46beta43);
*) snmp - fixed value types for "dot1qPvid";
*) supout - added bonding interface monitor information;
*) switch - fixed Ethernet padding for small packets;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) wireless - improved WPS process stability;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

pe1chl · Tue Sep 15, 2020 4:28 pm

I have a feature request that should be "relatively easy to implement" :-)
There is the existing "/ip dhcp-server vendor-class-id" feature in the DHCP server. I would like to match the items not only by class-id but also by MAC address/mask.
Preferably as an AND function with two optional fields: you can either enter the class-ID (or leave it blank to always match) or enter a MAC address and mask (or leave it at default 00:00:00:00:00:00/00:00:00:00:00:00) or both.

The purpose is to match on e.g. the MAC prefix (with a match like 44:55:66:00:00:00/FF:FF:FF:00:00:00) or on MAC type (with 02:00:00:00:00:00/03:00:00:00:00:00 to match locally assigned MAC addresses, for example).
Once matched the DHCP server would use a specified pool/network just like the "/ip dhcp-server vendor-class-id" already does based on vendor class id.

osc86 · Tue Sep 15, 2020 6:35 pm

- IGMP-Snooping feature on CCR breaks igmp-proxy. IGMP Join Requests generated by the router on the upstream interface are filtered out by the igmp snooping feature.
When disabled, it works fine, but overloads my eoip tunnels because the traffic is flooded to all ports (as expected).

Wed Sep 16, 2020 12:03 pm

@osc86 - I did not manage to repeat the IGMP proxy issue. Please report this to support portal or email to support@mikrotik.com and briefly describe your setup.

Also, for everyone how is interested in the new Bridge Controller and Extender feature, we have created an article that describes it in more detail, more advanced examples are coming soon. Follow this link - https://help.mikrotik.com/docs/display/ ... t+Extender. Feel free to share you feedback and recommendations, or report if something goes wrong.

mducharme · Tue Sep 22, 2020 4:10 am

Also, for everyone how is interested in the new Bridge Controller and Extender feature, we have created an article that describes it in more detail, more advanced examples are coming soon. Follow this link - https://help.mikrotik.com/docs/display/ ... t+Extender. Feel free to share you feedback and recommendations, or report if something goes wrong.

That's very helpful, but it did not answer my most pressing question - does this create a single point of failure from the controller bridge perspective? Is there a way to have failover for the controller bridge? If you look at traditional stacking situations (ex. two switches stacked), either one can die and the remaining switch will carry on as normal. This is really helpful for ISP situations, you can get two cross connects with important providers so that if one switch dies your cross connect does not go down. With 802.1BR it seems that if you have one switch as a control bridge and the other as a port extender, if the control bridge switch dies, you lose both, so it seems that you don't really get redundancy as in traditional stacking. Can you clarify this?

mkx · Tue Sep 22, 2020 7:53 am

Another request for clarification: when reading Packet flow section of port extender description it is not entirely clear whether PE device actually switches frames between own ports (after physical port, associated with DST MAC, is known) on its own or all packets are forwarded to CB regardless the destination port location. If it's the later, then CB/PE concept is suboptimal also from performance point of view ...

Tue Sep 22, 2020 10:53 am

@mducharme, mkx - the CB currently does not support any failover techniques. Once the CB device dies, the PE devices will lose all the control and data forwarding rules, other PE will not take over as CB. This is an important aspect when considering this configuration and we are looking for ways how to make CB redundant.

The local switching on PE devices is not supported, the PE does not store any hosts in local FDB, it is considered as a dumb device and the main purpose is to extend ports. The switching performance can be affected when comparing multi-switch to single-switch forwarding. In turn, you get simplified LAN configuration and management. For a very time-sensitive application or congested upstream occasions, it can make sense to enable local switching. We will see if this can be implemented.

Cha0s · Tue Sep 22, 2020 10:59 am

If there's no redundancy and no efficiency (local switching), what's the point in this technology?

Why not implement something that's more datacenter/enterprise friendly?
Even if it's proprietary. It's not like everyone else's stacking options are inter-compatible anyway...

Tue Sep 22, 2020 12:54 pm

It allows you to manage only one device, you do no need to create VLANs, configure STP and apply other bridge-related settings on each switch separately. You can monitor all the PE devices from a single controller, like the PoE-out status and interface stats, and quickly apply any needed changes or add another port extender.

Edit: Note that this is an early implementation and we are still exploring what other feature sets can be brought into upcoming RouterOS versions, including the redundancy for CB.

pe1chl · Tue Sep 22, 2020 3:13 pm

It is a good idea, but it should support redundant connections and redundant switches. I.e. a "controlling bridge" is fine for configuration purposes but it should not be a SPOF in the actually running network.

Cha0s · Tue Sep 22, 2020 7:26 pm

All I am saying is, that those who have enough switches that will benefit from a single management plane, will almost certainly need HA features to go with it. In other words, introducing SPOFs on the network just to save on management costs, probably wont fly with most network engineers. At least that's my opinion.

Of course it's a nice addition, and I will surely use it on small/non critical networks, but if you are going to do it, do it right from the get go.
Otherwise you will just create more negative comments about MikroTik switches from those that expect a typical stacking option, only to find out not only its not "typical" but also a SPOF and a bottleneck.
Just like the negative comments about folks who thought that MikroTik switches can do wirespeed L3 routing.

IMHO you will not do yourself any favors by releasing this feature half-baked.

Wed Sep 23, 2020 4:26 am

I see this as being more useful as a port extender to CCR's, to say break out a 100Gbit port on a CCR to 10gigabit ports on the CRS.

Port Extension is NOT stacking...

Wed Sep 23, 2020 10:29 am

All I am saying is, that those who have enough switches that will benefit from a single management plane, will almost certainly need HA features to go with it.

My friends have an office here with 200+ client ports, with all cable runs going into a single rack with five 48-port access switches (something from HP as far as I remember), and one 16-port switch sitting in between these 5 access switches and the rest of the equipment in their server room. Managing VLAN memberships here is a pretty tedious task, I would say. Tracking the configuration history is not easy either. This setup already has SPOF, and in this particular case that's fine/acceptable. This port extension thing would be very beneficial for this kind of setups.

pe1chl · Wed Sep 23, 2020 10:42 am

Exactly. In that configuration (and when the switches are indeed from the same manufacturer) it would normally be possible to configure them as a "stack" and save a lot of effort configuring. But of course then you first need to read the manual chapter about the stacking, which lots of users never do.
Also, such configurations often grow from simple to more complex, adding new switches of different models along the way, and it may not be possible to stack them.

Still it would be nice if there was some configuration management in RouterOS where you can configure multiple units from a single interface. Not only for switches, but also e.g. for redundant routers in a VRRP setup. When this is limited to configuration and does not imply some active master that does all the work at runtime, it would not reduce reliability, in fact it could make it easier to make redundant setups.

mducharme · Thu Sep 24, 2020 2:40 am

Port Extension is NOT stacking...

Right, this isn't stacking - but where this all started was a thread where people were asking for stacking, and MikroTik said they would look for an open standards way, and then they came out with this. Also, they just said in the response to my request for clarification that they are looking for ways to make the control bridge failover, so presumably this is intended to be their solution for stacking.

hatred · Mon Sep 28, 2020 12:43 am

hAP ac², 6.48b40
After several days uptime router hanged and become unavailable via winbox (including by MAC).
After power re-cycle, it successfully booted up but most addresses from the address lists disappeared.
How can I enable verbose debug logging to USB flash or external host to see what happened next time?

anthonws · Tue Sep 29, 2020 11:59 am

RB4011iGS+5HacQ2HnD + 6.48beta40

When enabling IPFIX router enters reboot loop.

Shall I open a support case to share suppout?

Thanks,
anthonws.

shavenne · Tue Oct 06, 2020 6:34 pm

Tried to update my switches at home (CRS112-8P-4S, CRS112-8G-4S, CRS309-1G-8S+, CRS328-24P-4S+) to 6.48beta40 yesterday (6.47.4 before).
For some reason all clients stopped getting IPv6 addresses from my RB4011 (with 7.1beta2) then.
I started downgrading the firmware on the CRS328-24P-4S+ (to which the RB4011 is also connected) and all clients connected to it were getting IPv6 addresses again.
I still had to downgrade the other switches too to obtain IPv6 there also.

I find it quite strange as I'm not using any routing or firewall functions on the switches. Actually just VLANs (all IPv6 clients are in a vlan) and nothing else.
Any idea what's going wrong?

emils · Thu Oct 15, 2020 2:58 pm

Version 6.48beta48 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.48beta48 (2020-Oct-14 10:26):

Important note!!!

Using this version on CRS354-48G-4S+2Q+RM or CRS354-48P-4S+2Q+RM will cause booting issues and device may need to be reinstalled.

Changes in this release:

*) bridge - automatically remove extended interfaces when deleting PE device from CB;
*) cap - fixed L2MTU path discovery;
*) cap - fixed L2MTU setting from CAPsMAN;
*) certificate - fixed private key verification for CA certificate during signing process;
*) cloud - improved backup generation process;
*) crs3xx - fixed CDP packet forwarding for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed port-isolation for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices (introduced in v6.48beta35);
*) defconf - fixed default configuration loading on RBmAP-2nD;
*) dhcpv4-client - fixed DHCP offer packet parsing with overload option present;
*) discovery - fixed occasional wrong Chassis-ID for LLDP packets (introduced in v6.48beta35);
*) dot1x - accept priority tagged (VLAN 0) EAP packets on dot1x client;
*) fetch - improved SSL handshake processing;
*) filesystem - improved long-term filesystem stability and data integrity;
*) ike1 - fixed "my-id=address" parameter usage together with certificate authentication;
*) ike2 - added support for IKEv2 Message Fragmentation (RFC7383);
*) ike2 - fixed EAP MSK length validation;
*) ike2 - fixed too small payload parsing;
*) interface - added temperature warning and interface disable on overheat for SFP and SFP+ interfaces (CLI only);
*) led - fixed state persistence after device reboot on NetMetal 5 ac devices;
*) lora - fixed device going into "ERROR" state caused by FSK modulated downlinks;
*) lte - fixed "band" value reporting;
*) lte - fixed multiple APN passthrough on R11e-4G;
*) lte - improved EARFCN reporting in 3G and LTE modes on Sierra modems;
*) lte - limit allowed APN count to 3 on R11e-LTE;
*) m33g - added support for "/system gpio" menu (CLI only);
*) mpls - fixed duplicate "LabelRelease" message sending;
*) profile - improved idle process detection on x86 processors;
*) profile - improved process classification on ARM devices;
*) quickset - added "Port Mapping" to QuickSet;
*) quickset - fixed local IP address setting on master interface;
*) radius - added "Service-Type" attribute to Access-Request for IPv4 and IPv6 DHCP servers;
*) routerboard - fixed PCIe bus reset during power-on on MMIPS devices ("/system routerboard upgrade" required);
*) routerboard - force power-down on PCIe bus during reboot on LHGR devices ("/system routerboard upgrade" required);
*) script - added error message in the logs if startup script runtime limit was exceeded;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - added new LTE monitoring OID's to MIKROTIK-MIB;
*) switch - fixed Ethernet padding for small packets;
*) tr069-client - fixed RouterOS downgrade procedure;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-generator - fixed 32Gbps limitation;
*) user - improved WinBox and The Dude authenticated session handling;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) vrrp - made "password" parameter sensitive;
*) w60g - general stability and performance improvements;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for NetMetal series devices;
*) wireless - do not override MTU and ARP values from CAPsMAN with local forwarding;
*) wireless - fixed incorrect wireless capability information in association response frames;
*) wireless - updated "no_country_set" regulatory domain information;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

fbl · Thu Oct 15, 2020 4:30 pm

May we expect the 60G devices to still be broken?

I have talked with Mikrotik's support about this problem for some time.
They have applied a fix in 6.48beta48, which fixed the issues for me.
My 3,7km Link is stable again with 6.48beta48. It had massive stability issues (very frequent disconnects) with anything above 6.46.6.

Thu Oct 15, 2020 4:36 pm

May we expect the 60G devices to still be broken?
I have talked with Mikrotik's support about this problem for some time.
They have applied a fix in 6.48beta48, which fixed the issues for me.
My 3,7km Link is stable again with 6.48beta48. It had massive stability issues (very frequent disconnects) with anything above 6.46.6.

This should be fixed now, if you are still experiencing issues - please contact us through support portal, so we can debug even further.

DanAtCommon · Thu Oct 15, 2020 7:13 pm

I can confirm w60g connections are stable on beta48

LynxChaus · Thu Oct 15, 2020 7:59 pm

Version 6.48beta48 has been released.
*) interface - added temperature warning and interface disable on overheat for SFP and SFP+ interfaces (CLI only);

Is "interface disable" optional feature?

*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - added new LTE monitoring OID's to MIKROTIK-MIB;

Where is new MIB?

emils · Fri Oct 16, 2020 8:16 am

The MIB file is available on our wiki:
https://wiki.mikrotik.com/wiki/Manual:S ... _.28MIB.29

sid5632 · Fri Oct 16, 2020 1:00 pm

Why don't you link to this from https://mikrotik.com/download instead of burying it away on the Wiki?

LynxChaus · Fri Oct 16, 2020 3:34 pm

The MIB file is available on our wiki:
https://wiki.mikrotik.com/wiki/Manual:S ... _.28MIB.29

Thnx. Found glitch - mtxrLTEModemInterfaceIndex not returned:

MIKROTIK-MIB::mtxrLTEModemInterfaceIndex = No Such Object available on this agent at this OID
MIKROTIK-MIB::mtxrLTEModemSignalRSSI.1 = INTEGER: 0
MIKROTIK-MIB::mtxrLTEModemSignalRSRP.1 = INTEGER: -114
MIKROTIK-MIB::mtxrLTEModemCellId.1 = INTEGER: 7ad8203
MIKROTIK-MIB::mtxrLTEModemAccessTechnology.1 = INTEGER: eutran(7)
MIKROTIK-MIB::mtxrLTEModemSignalSINR.1 = INTEGER: -2
MIKROTIK-MIB::mtxrLTEModemEntry.8.1 = INTEGER: 503170
MIKROTIK-MIB::mtxrLTEModemEntry.9.1 = INTEGER: 3
MIKROTIK-MIB::mtxrLTEModemEntry.10.1 = INTEGER: 9720
MIKROTIK-MIB::mtxrLTEModemEntry.11.1 = STRING: "355654090805867"
MIKROTIK-MIB::mtxrLTEModemEntry.12.1 = STRING: "250026939347786"
MIKROTIK-MIB::mtxrLTEModemEntry.13.1 = STRING: "897010269393477862ff"
MIKROTIK-MIB::mtxrLTEModemEntry.14.1 = STRING: "Evolved 3G (LTE)"

and mtxrLTEModemEntry improperly described in MIB. smilint show bunch of warnings:

Mikrotik.mib:516: warning: index element `mtxrWlCMRtabAddr' of row `mtxrWlCMRtabEntry' should be not-accessible in SMIv2 MIB
Mikrotik.mib:626: warning: node `mtxrWlCMRtabEapIdent' must be contained in at least one conformance group
Mikrotik.mib:691: warning: node `mtxrWlCMState' must be contained in at least one conformance group
Mikrotik.mib:698: warning: node `mtxrWlCMChannel' must be contained in at least one conformance group
Mikrotik.mib:736: warning: node `mtxrWlCMRemoteName' must be contained in at least one conformance group
Mikrotik.mib:743: warning: node `mtxrWlCMRemoteState' must be contained in at least one conformance group
Mikrotik.mib:750: warning: node `mtxrWlCMRemoteAddress' must be contained in at least one conformance group
Mikrotik.mib:757: warning: node `mtxrWlCMRemoteRadios' must be contained in at least one conformance group
Mikrotik.mib:954: warning: node `mtxrWl60GStaPhyRate' must be contained in at least one conformance group
Mikrotik.mib:961: warning: node `mtxrWl60GStaRssi' must be contained in at least one conformance group
Mikrotik.mib:968: warning: node `mtxrWl60GStaDistance' must be contained in at least one conformance group
Mikrotik.mib:976: warning: current group `mtxrWirelessGroup' is not referenced in this module
Mikrotik.mib:1281: warning: current group `mtxrQueueGroup' is not referenced in this module
Mikrotik.mib:1485: warning: current group `mtxrHealthGroup' is not referenced in this module
Mikrotik.mib:1537: warning: current group `mtxrLincenseGroup' is not referenced in this module
Mikrotik.mib:1724: warning: current group `mtxrHotspotActiveUserGroup' is not referenced in this module
Mikrotik.mib:1758: warning: current group `mtxrDHCPGroup' is not referenced in this module
Mikrotik.mib:1823: warning: current group `mtxrSystemGroup' is not referenced in this module
Mikrotik.mib:1881: warning: current group `mtxrScriptGroup' is not referenced in this module
Mikrotik.mib:1924: warning: current group `mtxrScriptRunGroup' is not referenced in this module
Mikrotik.mib:1999: warning: current group `mtxrNstremeDualGroup' is not referenced in this module
Mikrotik.mib:2091: warning: current group `mtxrNeighborGroup' is not referenced in this module
Mikrotik.mib:2155: warning: current group `mtxrGPSGroup' is not referenced in this module
Mikrotik.mib:2184: warning: current group `mtxrWirelessModemGroup' is not referenced in this module
Mikrotik.mib:2762: warning: current group `mtxrInterfaceStatsGroup' is not referenced in this module
Mikrotik.mib:2911: warning: current group `mtxrPOEGroup' is not referenced in this module
Mikrotik.mib:3064: warning: current group `mtxrLTEModemGroup' is not referenced in this module
Mikrotik.mib:3151: warning: current group `mtxrPartitionGroup' is not referenced in this module
Mikrotik.mib:3192: warning: current group `mtxrOpticalGroup' is not referenced in this module
Mikrotik.mib:3335: warning: current group `mtxrIkeSAGroup' is not referenced in this module
Mikrotik.mib:3544: warning: current group `mtxrTrapGroup' is not referenced in this module

pe1chl · Fri Oct 16, 2020 7:51 pm

I had reported case SUP-28445 (memory leak in the DNS resolver) and when I now test it, it appears that it is fixed, but I do not remember what the reply size threshold was when I experienced this problem and reported it on the technical support service desk. And there is no mention of this issue in the release notes (that I recognize).
So a general remark: I think support cases should remain browseable for the submitter, even after they have been closed by MikroTik. At this time I do not know if the problem has been solved or if my current test case is below the threshold that I previously reported.

eworm · Fri Oct 16, 2020 8:13 pm

So a general remark: I think cases should remain browseable for the submitter, even after they have been closed by MikroTik.

I am pretty sure they are. Log in to the support portal and see your closed cases.

pe1chl · Fri Oct 16, 2020 9:08 pm

So a general remark: I think cases should remain browseable for the submitter, even after they have been closed by MikroTik.
I am pretty sure they are. Log in to the support portal and see your closed cases.

Ok now I see that with even more clicking they can be made visible...
(it would be so much clearer when the cases were visible on the home page of the support portal)

honzam · Sat Oct 17, 2020 10:49 am

I can confirm w60g connections are stable on beta48

Yes, it very very better

hazartilirot · Sun Oct 18, 2020 12:16 am

Who could explain me why my phone suffers from intermittent drops. I've updated to the latest version the same issue persists.
It usually happens when my internal DNS server is down. You might tell me - there is no internet connection. However I've got AC68U at hand when my phone connects to it provided the router doesn't have an ISP cable, the phone behaves in an ordinary way . Why does MikroTik drops connections and force it to reconnect? I've recorded a short video.
https://www.youtube.com/watch?v=um9T9K27AAY

#update: strangely enough I've just taken another phone it connects to the MikroTik and doesn't drop a connection. So the problem relates to my phone. The question is why it doesn't have the issue when it connects to AC68U. What makes it drop the connection? a lack of a DNS server?

michaels · Sun Oct 18, 2020 11:09 am

What's new in 6.48beta48 (2020-Oct-14 10:26):
*) traffic-flow - added NAT event logging support for IPFIX;

this is great. looking forward to the final 6.48 release.
I will test it with nfdump 1.6.21 collector.

pe1chl · Sun Oct 18, 2020 12:17 pm

Who could explain me why my phone suffers from intermittent drops. I've updated to the latest version the same issue persists.
It usually happens when my internal DNS server is down. You might tell me - there is no internet connection. However I've got AC68U at hand when my phone connects to it provided the router doesn't have an ISP cable, the phone behaves in an ordinary way . Why does MikroTik drops connections and force it to reconnect?

That is not done by your MikroTik router, it is done by the operating system of your phone. When it connects wifi and succeeds, it goes on to perform other tests like DHCP request and then DNS check and when something fails it disconnects and deems the connection unusable.

sakirozkan · Mon Oct 19, 2020 11:10 am

60 Ghz link up down still

viewtopic.php?f=7&t=166370

honzam · Mon Oct 19, 2020 5:12 pm

All clients also beta48? If yes, write to support@mikrotik.com

lelmus · Tue Oct 20, 2020 12:01 am

Ran into a problem with beta48 and SFP modules on CCR1016-12S-1S+. I'm using Intel modules that worked fine until beta48. Some reported data in the SFP fields is wrong like voltage and temperature, but this didn't cause any issues until beta48, and now they are randomly shutting off every few minutes with messages of "disabling sfp6 for 10min due to high module temperature".

The modules temperatures were checked and are between cool and light warm. Some SFP modules give correct voltage and temperature and some don't, but tests show speed and performance is solid on all of them. See enclosed pics of good and bad fields of reported data.

Any way to bypass/disable the disabling of SFP due to high module temperature???

Ivoshiee · Wed Oct 21, 2020 6:29 am

May we expect the 60G devices to still be broken?
I have talked with Mikrotik's support about this problem for some time.
They have applied a fix in 6.48beta48, which fixed the issues for me.
My 3,7km Link is stable again with 6.48beta48. It had massive stability issues (very frequent disconnects) with anything above 6.46.6.

Interesting, what Mikrotik 60g boxes are 3,7km capable?

fbl · Thu Oct 22, 2020 7:16 pm

May we expect the 60G devices to still be broken?
I have talked with Mikrotik's support about this problem for some time.
They have applied a fix in 6.48beta48, which fixed the issues for me.
My 3,7km Link is stable again with 6.48beta48. It had massive stability issues (very frequent disconnects) with anything above 6.46.6.
Interesting, what Mikrotik 60g boxes are 3,7km capable?

None are. At least not officially.
However, it is possible to establish a Link over at least 3,7km with a pair of LHG60. But it is extreamly sensible to bad weather and should have a backup of some kind if reliability is important.
https://twitter.com/fblaese/status/1259139628755451907

radionerd · Sun Oct 25, 2020 4:20 am

Tried 6.48beta48
L2TP IPSec using certificates is still broken for my clients.
Searched the forums, but haven't found any resolution.

My L2TP/IPSec clients failed after 6.47, was able to downgrade back to 6.46.6 and everything worked ok again.

msatter · Sun Oct 25, 2020 10:36 am

Tried 6.48beta48
L2TP IPSec using certificates is still broken for my clients.
Searched the forums, but haven't found any resolution.

My L2TP/IPSec clients failed after 6.47, was able to downgrade back to 6.46.6 and everything worked ok again.

Did you already contact Mikrotik support on this? e-mail: support@mikrotik.com

hatred · Mon Oct 26, 2020 7:53 am

Looks like there is a memory leak in 6.48 beta(s). My ac2 hangs after several days of uptime. Same thing with beta 40 and beta 48.

sindy · Mon Oct 26, 2020 8:54 am

Looks like there is a memory leak in 6.48 beta(s)

A clear disadvantage of having a hAP ac² with 256 MB RAM - with the standard 128 you'd notice that much sooner :) Send the supout.rif to support@mikrotik.com to help them identify the process which leaks.

pe1chl · Mon Oct 26, 2020 11:05 am

Send the supout.rif to support@mikrotik.com to help them identify the process which leaks.

I wonder if they have better tools to examine the supout.rif than the viewer available online (in your mikrotik.com account).
I had a memory leak recently but browsing through the sections of the supout.rif did nothing for me to identify the possible cause for it.
It was only through luck that I identified it (by reproducing the issue on another router) and I have then reported it to them.

hatred · Mon Oct 26, 2020 11:17 pm

Send the supout.rif to support@mikrotik.com to help them identify the process which leaks.

Done. [SUP-31833]

Tue Oct 27, 2020 2:01 pm

pe1chl - Of course we do. That is why we always ask to contact support@mikrotik.com and send a supout file if there is a potential software issue.

pe1chl · Tue Oct 27, 2020 2:19 pm

pe1chl - Of course we do. That is why we always ask to contact support@mikrotik.com and send a supout file if there is a potential software issue.

I did that, but although the issue I identified is a possible DoS problem I heard nothing until I solved it myself and sent info about my findings...
Now in the latest beta it suddenly appears to be fixed without mentioning it in the release notes.

Edit - further testing shows that it hasn't been fixed, that is likely why it was not mentioned in the release notes. My testing was not correct.

KarelB · Fri Oct 30, 2020 11:22 am

(I hope this is the right place to report this issue)

I upgraded to 6.48beta48 on my LTE kit 6 and now my iPhone app cannot connect to the router anymore. It always gives a timeout error on the "Downloading plugins" phase.

Sob · Sun Nov 08, 2020 7:48 pm

*) quickset - added "Port Mapping" to QuickSet;

I gave this a quick try and I see few problems or possible improvements:

Destination port defaults to 0 and it's accepted as such when user forgets to write correct port. It's not foolproof at all. The field should be optional and not used by default. And even when activated, it should not accept port 0.
Created dstnat rules have no destination specified:
Code: Select all
```
/ip firewall nat
add action=dst-nat chain=dstnat comment=web dst-port=80 protocol=tcp to-addresses=192.168.88.10 to-ports=80
```
For port 80 it means broken access to internet, and possibly user locked out from router, if WebFig on default port was used to configure it. Destination needs to be limited. Best would be dst-address=<WAN address> but that unfortunately can be dynamic. So either dst-address-type=local dst-address=!<LAN address>, or in-interface-list=WAN. The latter is not compatible with hairpin NAT, but maybe that's advanced stuff not needed by Quick Set users.

sindudas · Tue Nov 10, 2020 11:37 am

v6.48beta48, webproxy on hAP lite still doesn't work. Since versions 6.45.x

First try, its showed on "Web Proxy Connections" the server and client connection, but Browser never loaded the requested web. The next web requests ends with "connection timeout".

Is there plans to correct that issue?

emils · Wed Nov 25, 2020 9:22 am

Version 6.48beta58 has been released.

Before an upgrade:
1) Remember to make backup/export files before an upgrade and save them on another storage device;
2) Make sure the device will not lose power during upgrade process;
3) Device has enough free storage space for all RouterOS packages to be downloaded.

What's new in 6.48beta58 (2020-Nov-24 08:31):

*) arm - improved system stability;
*) bgp - treat route target with AS 65535 as two byte AS;
*) bonding - added LACP monitoring;
*) branding - fixed imported skin presence;
*) bridge - use "frame-types=admit-all" by default for extended bridge ports;
*) certificate - fixed CRL URL length limit;
*) certificate - generate CRL even when CRL URL not specified;
*) certificate - properly flush expired SCEP OTP entries;
*) chr - fixed SSH key import on Azure;
*) crs3xx - fixed booting issues on CRS354 devices (introduced in v6.48beta48);
*) crs3xx - fixed bridge port-extender for CRS318 devices;
*) crs3xx - fixed switch-cpu VLAN membership removal (introduced in v6.48beta40);
*) crs3xx - improved system stability on CRS354 devices;
*) defconf - fixed default configuration loading on RBcAP-2nD and RBwAP-2nD;
*) defconf - fixed static IP address setting in case default configuration loading fails;
*) dhcp - fixed DHCP packet forwarding to IPsec policies;
*) dhcpv6 server - added support for "Delegated-IPv6-Prefix" for PPP services;
*) dhcpv6-server - added support for "option18" and "option37" for RADIUS managed clients;
*) dhcpv6-server - allow loose static binding "pool" parameter (introduced in v6.46.8);
*) dhcpv6-server - make sure that calling station ID always contains DUID;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID;
*) discovery - allow choosing which discovery protocol is used;
*) disk - fixed external EXT3 disk mounting on x86 systems;
*) disk - improved disk management service stability when receiving bogus packets;
*) dns - end ongoing queries when changing DoH configuration;
*) dns - improved stability with large table of static records;
*) dot1x - fixed reauthentication after server rejects a client into VLAN;
*) dot1x - fixed unicast destination EAP packet receiving when a client is running on a bridge port;
*) dude - fixed configuration menu presence on ARM64 devices;
*) filesystem - improved long-term filesystem stability and data integrity;
*) hotspot - fixed "html-directory" parameter export;
*) ike2 - improved EAP message integrity checking;
*) interface - fixed pwr-line running state (introduced in v6.45);
*) lora - limited output power in RU region for range 868.7 MHz - 869.2 MHz according to regulations;
*) lte - increased "at+cops" reply timeout to 1 minute;
*) metarouter - allow creating RouterOS metarouter instances on devices with 16MB flash storage;
*) metarouter - fixed directory entry reporting;
*) metarouter - fixed memory leak when tearing down metarouter instance;
*) ppp - added "bridge-learning" parameter support;
*) ppp - store "last-caller-id" for PPP secrets;
*) ppp - store "last-disconnect-reason" for PPP secrets;
*) profile - fixed process classification on x86 systems (introduced in v6.47);
*) quickset - fixed wireless client "uptime" counter in "Home Mesh" mode;
*) sstp - fixed "idle-timeout" on TILE and CHR devices;
*) supout - improved autosupout.rif file generation process;
*) timezone - updated timezone information from "tzdata2020d" release;
*) tr069-client - added branding package version parameter;
*) upgrade - do not try installing packages if download was not completed;
*) webfig - allow hiding and renaming inline buttons;
*) webfig - allow hiding QuickSet mode selector;
*) webfig - properly stop background processes when switching away from QuickSet tab;
*) winbox - added "operator" parameter under "Interface/LTE" menu;
*) winbox - added "reformat-hold-button-max" parameter under "System/RouterBOARD/Settings" menu;
*) winbox - added "tls-mode" parameter under "CAPsMAN/Security Cfg." menu;
*) winbox - added "tx-rx-1024-max" counter under "Interface/Overall-Stats" for CRS3xx devices;
*) winbox - allow adding bonding interface with one slave interface;
*) winbox - do not allow MAC address changes on LTE interfaces;
*) winbox - do not show "network-mode" parameter for LTE interfaces that do not support it;
*) winbox - fixed "interface" and "on-interface" parameter presence under "Bridge/Hosts" menu;
*) winbox - provide sane default values for bridge "VLAN IDs" parameter;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "usb-bus" option on all boards that have it;
*) winbox - show "usb-type" option on all boards that have it;
*) winbox - sort IPv6 firewall "chain" parameter entries alphabetically;
*) wireless - added U-NII-2 support for US and Canada country profiles for mANTBox series devices;
*) wireless - increased "group-key-update" maximum value to 1 day;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as expected or after crash.

SiB · Wed Nov 25, 2020 9:43 am

*) lte - increased "at+cops" reply timeout to 1 minute;
*) metarouter - allow creating RouterOS metarouter instances on devices with 16MB flash storage;
*) winbox - added "operator" parameter under "Interface/LTE" menu;
*) winbox - do not allow MAC address changes on LTE interfaces;

MetaRouter & LTE Fixed - good !!!

Chaosphere64 · Wed Nov 25, 2020 10:09 am

*) sstp - fixed "idle-timeout" on TILE and CHR devices;

Could you please elaborate on that point?

Thanks!

emils · Wed Nov 25, 2020 10:26 am

Well, the idle-timeout parameter did not work at all on those systems. The tunnels were disconnected even if there was active traffic sent over the tunnel.

osc86 · Wed Nov 25, 2020 6:31 pm

6.48beta58: The default value for "LLDP MED Network Policy VLAN" is invalid. (IP > Neighbors > Discovery Settings)

sup5 · Wed Nov 25, 2020 10:17 pm

Well, the idle-timeout parameter did not work at all on those systems. The tunnels were disconnected even if there was active traffic sent over the tunnel.

I was pulling my hair out because of this!....

nje431 · Wed Nov 25, 2020 10:50 pm

*) arm - improved system stability;

Can you elaborate please? Does this fix the 4011 & 1100AHx4 management lockouts?

Thanks

pe1chl · Wed Nov 25, 2020 11:31 pm

*) dns - improved stability with large table of static records;

It now resolves them correctly into the DNS cache but it still does not load them correctly into address lists... (see SUP-28445)
When doing a remote request via the DNS resolver of 6.48beta58 the dig tool sometimes returns:
;; Truncated, retrying in TCP mode.
;; Got bad packet: bad label type
(followed by a hex dump)
This happens in about half the cases. The other half results in the correct reply.

Chaosphere64 · Wed Nov 25, 2020 11:37 pm

Well, the idle-timeout parameter did not work at all on those systems. The tunnels were disconnected even if there was active traffic sent over the tunnel.
I was pulling my hair out because of this!....

Me too, especially because I just saw it on some of my connections to a specific CHR but not all.

mhugo · Thu Nov 26, 2020 12:22 am

*) arm - improved system stability;

Can you elaborate please? Does this fix the 4011 & 1100AHx4 management lockouts?

I think is regarding the arm64 ie 2004s as we were told the issue we have with that was solved by this release.

When we tested it however it seems the router gets unresponsive when OSPF is enabled even by mac telnet and romon, so be careful.

/M

Thu Nov 26, 2020 5:13 am

*) arm - improved system stability;

Can you elaborate please? Does this fix the 4011 & 1100AHx4 management lockouts?

Yes, I believe this fix is for the RB4011 / RB1100AHx4 issues

nithinkumar2000 · Thu Nov 26, 2020 6:50 am

Version 6.48beta58 has been released.

*) dhcpv6 server - added support for "Delegated-IPv6-Prefix" for PPP services;

Dose this means support is added for Radius Accounting or Can Anyone please Explain this???

msatter · Thu Nov 26, 2020 3:38 pm

*) certificate - properly flush expired SCEP OTP entries [SUP-31328]

The flushing works, but when flushed it is made not visible in Winbox until you generate a new OTP hash manually refresh by changing windox in Winbox.

It is possible to generate OTP with a lifetime of zero minutes in Terminal and Winbox however those are shown in Winbox and Terminal.

This is Terminal after adding with a timeout of zero:

OTP-3.JPG

The E flag (expired is shown but after about 15 seconds when doing several "print" commands. Also it seems to be the case that the flushing happens when one ore more other OTP hashes have timed out. As long as the hash is displayed as expired then it is clear. the E flag is displayed under # and in this last beta there is more space for that.

I assume the expire flag is new and not yet present in Winbox.

Secondly I added several with a timeout of zero and noticed some had no timeout (the timeout is still counting up):

OTP-2.JPG

Update: added the text about the Expire flag.

hatred · Fri Nov 27, 2020 10:06 pm

Memory leak reported in [SUP-31833] still present in beta 58.

nithinkumar2000 · Mon Nov 30, 2020 6:10 am

Version 6.48beta58 has been released.

*) dhcpv6 server - added support for "Delegated-IPv6-Prefix" for PPP services;

Dose this means support is added for Radius Accounting or Can Anyone please Explain this???

Can Anyone from Mikrotik Support address this please?!!!

nostromog · Mon Nov 30, 2020 8:08 am

*) interface - fixed pwr-line running state (introduced in v6.45);

Can you further explain? I had problems with a couple of pwr-line adapters both in recent 6 versions and 7 beta, and I wonder it this could be related. I have a support ticket open, but no contact related to it since a couple of months ago. I actually bought a couple of no name pwr-line adaptors to substitute the mikrotik ones because of them not being operative.

SatireWolf · Mon Nov 30, 2020 9:19 pm

Fails to install on CRS328-24P-4S+ r2 running version 6.48 beta 48.

Twice tried installing 6.48 beta 58 via scp the extra npk files to :/ and also via the winbox interface. Both times failed to upgrade, and rebooted back into build 48 instead of 58. Both methods have worked previously on this device with this configuration.

I'm going to punt on installing this on my CCR2004-1G-12S+2XS since I can't even validate the configuration on my L3 network switch first.

Chupaka · Mon Nov 30, 2020 9:55 pm

Both times failed to upgrade, and rebooted back into build 48 instead of 58.

And the reason is..?
P.S. It's in Log

SatireWolf · Mon Nov 30, 2020 10:06 pm

I wish I knew. Default log config only persistently logs critical and no criticals were logged. I did check after all failed attempts and never saw a log message. Only a clean boot message on 6.48 beta build 48.

I do have warnings in the logs but it's just from an out of date switch on the network that needs to be replaced...

13:55:33 pim,warning RX IGMP_MEMBERSHIP_QUERY from x.x.x.2 to 224.0.0.1 on vif bridge: this interface is in IGMPv3 mode, but received IGMPv2 message
13:55:33 pim,warning Please configure properly all routers on that subnet to use same IGMP version

Is there a log configuration setting I can set that won't destroy the flash, but show the upgrade error?

msatter · Mon Nov 30, 2020 10:09 pm

Maybe this interferes: upgrade - do not try installing packages if download was not completed

SatireWolf · Mon Nov 30, 2020 10:14 pm

Hrmm maybe? I downloaded the .zip file with 'all extras' for arm and scp'd the .npk files as normal and validated they were all there and the right size.

When that didn't work after two attempts of scp and reboot, I tried the winbox method and it showed download complete and rebooted, but again failed.

I don't have any failure log messages just a normal boot up message after it boots as well.

aliclubb · Mon Nov 30, 2020 10:24 pm

Version 6.48beta58 has been released.

*) dhcpv6 server - added support for "Delegated-IPv6-Prefix" for PPP services;

Dose this means support is added for Radius Accounting or Can Anyone please Explain this???
Can Anyone from Mikrotik Support address this please?!!!

No idea with regards to accounting, but in terms of what it now brings to the table I can explain.

Now we can use the Delegated-IPv6-Prefix RADIUS attribute with ppp usernames to facilitate the creation of dynamic DHCPv6 servers that give out the specified prefix on the resulting tunnel interfaces. As far as I know the only way to previously do this was to manually specify it on a per profile basis. A big +1 for this in my opinion as a few weeks ago I was designing a PPPoE proposal and this was a real show stopper for DHCPv6 PD.

msatter · Mon Nov 30, 2020 11:38 pm

Hrmm maybe? I downloaded the .zip file with 'all extras' for arm and scp'd the .npk files as normal and validated they were all there and the right size.

When that didn't work after two attempts of scp and reboot, I tried the winbox method and it showed download complete and rebooted, but again failed.

I don't have any failure log messages just a normal boot up message after it boots as well.

Try with a clean update system:

viewtopic.php?f=21&t=161887&p=798175#p798175

mducharme · Tue Dec 01, 2020 12:03 am

Really happy to finally see Delegated-IPv6-Prefix support for PPPoE. I'm hoping that it includes RADIUS accounting for that attribute as well, or that the accounting is coming soon at least.

mducharme · Tue Dec 01, 2020 4:15 am

Version 6.48beta58 has been released.

*) dhcpv6 server - added support for "Delegated-IPv6-Prefix" for PPP services;

Dose this means support is added for Radius Accounting or Can Anyone please Explain this???

I just tested it - RADIUS accounting is now working too for Delegated-IPv6-Prefix!

RADIUS-grab.JPG

Note: this is with dynamic prefixes - I did NOT send a Delegated-IPv6-Prefix in the Access-Accept and it is still reporting the correct prefix.

Finally! Thank you MikroTik!

mducharme · Tue Dec 01, 2020 4:36 am

The remaining issue now is that it considers the IPv6 DHCP to be a completely separate RADIUS session from the PPPoE, and the username does not match (it uses the MAC instead). But at least it is being reported back to the RADIUS server.

SatireWolf · Tue Dec 01, 2020 6:30 pm

Hrmm maybe? I downloaded the .zip file with 'all extras' for arm and scp'd the .npk files as normal and validated they were all there and the right size.

When that didn't work after two attempts of scp and reboot, I tried the winbox method and it showed download complete and rebooted, but again failed.

I don't have any failure log messages just a normal boot up message after it boots as well.
Try with a clean update system:

viewtopic.php?f=21&t=161887&p=798175#p798175

No change... Even tried it completely from the command line, same behavior; reboots with the same beta 48 build.

[admin@sw0-number-city-state-country] > /system package update print
            channel: testing
  installed-version: 6.48beta48
     latest-version: 6.48beta58
             status: New version is available
[admin@sw0-number-city-state-country] > /system package update cancel

[admin@sw0-number-city-state-country] > /system package update print
            channel: testing
  installed-version: 6.48beta48
     latest-version: 6.48beta58
[admin@sw0-number-city-state-country] > /system package update check-for-updates
            channel: testing
  installed-version: 6.48beta48
     latest-version: 6.48beta58
             status: New version is available

[admin@sw0-number-city-state-country] > /system package update install
            channel: testing
  installed-version: 6.48beta48
     latest-version: 6.48beta58
             status: Downloaded 94% (12.9MiB)
Received disconnect from x.x.x.1 port 22:11: shutdown/reboot

Attached screenshot of logs... no errors just boots up with beta 48 again after install command and reboot. There's definitely something not compatible going on with this particular switch model. If I had to guess, the boot fix for the 354 broke the 328 somehow.

I ordered a new c**** style rj-45 usb-c console cable; can't find the usb-a ones I used to have, and even so doubt it would work through a series of adapters very well to usb-c on OSX. Thankful Mikrotik finally standardized on an 8 pin rj45 console port, but slightly frustrating they don't throw in a cheap rj45 to serial console adapter. Going to see if I can capture the failure in the console during upgrade that way. Just don't have any combination of cables at my disposal at the moment to do so. Used to the older Tile based units with usb console ports on them (esoteric but at least didn't require specialized adapters and came with a cable).

osc86 · Wed Dec 02, 2020 4:40 pm

what's in the disk log?
/log pr where buffer=disk topics~"critical"

RandyRiver88 · Thu Dec 03, 2020 10:00 pm

6.48 beta58 randomly starts dropping traffic.

DNS looks ups are fine

Some sites load others don’t. After a reboot suddenly starts working again for a few hours then stops again. Reboot fixes it.

Internet is up, no packet loss, dns working, disabled fast track, enabled fast track, checked route cache, no explanation. No complex configuration, however started using an IPSec tunnel but the hosts having issues are not even routing through the IPSec and are going straight through the WAN connection.

Everything shows fine but random hosts stop routing to random sites. Google works but can’t access some sites, clear connections no luck.

Checked everything and eventually couldn’t find the culprit. Dropped way back down to stable release.. not sure if anyone has had similar issues running on x86.

pe1chl · Thu Dec 03, 2020 10:42 pm

*) dns - improved stability with large table of static records;
It now resolves them correctly into the DNS cache but it still does not load them correctly into address lists... (see SUP-28445)

I have to recall that, it does not fix the issue, the router still exhausts the memory and crashes when large DNS responses are received.

SatireWolf · Fri Dec 04, 2020 3:01 am

what's in the disk log?
/log pr where buffer=disk topics~"critical"

[admin@sw0-number-city-state-country] > /log pr where buffer=disk topics~"critical"

[admin@sw0-number-city-state-country] >

Nothing returned saved to disk as critical.

mathieuhofstra · Fri Dec 04, 2020 12:23 pm

Version 6.48beta58 has been released.
What's new in 6.48beta58 (2020-Nov-24 08:31):
*) sstp - fixed "idle-timeout" on TILE and CHR devices;

When was this bug introduced?

nithinkumar2000 · Fri Dec 04, 2020 6:02 pm

The remaining issue now is that it considers the IPv6 DHCP to be a completely separate RADIUS session from the PPPoE, and the username does not match (it uses the MAC instead). But at least it is being reported back to the RADIUS server.

I Just Tried but no improvement Still Not Sending Delegated IPv6 Prefix to Radius on Accounting :(

V6 Dele.JPG

mhugo · Sat Dec 05, 2020 2:20 am

High packetloss on 2004s. Even with empty config using arpping or single ip.

/Mikael

dadaniel · Sat Dec 05, 2020 5:14 pm

6.48 beta58 randomly starts dropping traffic.

DNS looks ups are fine

Some sites load others don’t. After a reboot suddenly starts working again for a few hours then stops again. Reboot fixes it.

Internet is up, no packet loss, dns working, disabled fast track, enabled fast track, checked route cache, no explanation. No complex configuration, however started using an IPSec tunnel but the hosts having issues are not even routing through the IPSec and are going straight through the WAN connection.

Everything shows fine but random hosts stop routing to random sites. Google works but can’t access some sites, clear connections no luck.

Checked everything and eventually couldn’t find the culprit. Dropped way back down to stable release.. not sure if anyone has had similar issues running on x86.

Do you have any bridge in the config? Check its MTU, maybe it was decreased to the tunnel MTU value and is dropping certain (mostly https) connections now.

mducharme · Sat Dec 05, 2020 10:17 pm

I Just Tried but no improvement Still Not Sending Delegated IPv6 Prefix to Radius on Accounting :(

In the RADIUS menu you have to check not only the PPP box but also the DHCP box for the RADIUS server, then the delegated prefix will be sent on accounting.

/radius
add address=192.168.88.254 secret=mysecret service=ppp,dhcp

What MikroTik still has to do is implement the equivalent of the "address-change-immediate-update" setting from Juniper: https://kb.juniper.net/InfoCenter/index ... id=KB31659

nickb333 · Mon Dec 07, 2020 1:36 pm

Thanks for the IKEv2 and other IPSEC updates.

*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);

Strange effects when attempting to edit ip ipsec profile created with sha384 hash in Winbox 3.27 - the hash is shown as MD5.

Presume this will be fixed at release/next Winbox update?

sha384_shown_as_md5.PNG

nithinkumar2000 · Mon Dec 07, 2020 2:58 pm

I Just Tried but no improvement Still Not Sending Delegated IPv6 Prefix to Radius on Accounting :(
In the RADIUS menu you have to check not only the PPP box but also the DHCP box for the RADIUS server, then the delegated prefix will be sent on accounting.
Code: Select all
/radius
add address=192.168.88.254 secret=mysecret service=ppp,dhcp
What MikroTik still has to do is implement the equivalent of the "address-change-immediate-update" setting from Juniper: https://kb.juniper.net/InfoCenter/index ... id=KB31659

Hi Thank it worked after adding the dhcp.

But Found following issues.

1. When the accounting is being sent to radius the DHCP is creating seperate User Name=<MAC ID> which is not letting the Radius Fetch the Delegation Details.

Refer Screenshots below:

PPP Request.JPG

v6 Accounting.JPG

Mon Dec 07, 2020 6:17 pm

Code: Select all
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
Strange effects when attempting to edit ip ipsec profile created with sha384 hash in Winbox 3.27 - the hash is shown as MD5.

That "CLI only" remark means setting this up is not currently supported in either WinBox or WebFig. And so when you open that profile entry in WinBox it just changes the "Hash Algorithms" value to the first item from the list of supported values, which happened to be "md5". You may notice that the "Hash Algorithms" label is now blue (which means "has been changed/edited"), so if you click "OK" now you will change it to "md5" in your running configuration.

mducharme · Mon Dec 07, 2020 7:58 pm

1. When the accounting is being sent to radius the DHCP is creating seperate User Name=<MAC ID> which is not letting the Radius Fetch the Delegation Details.

Yes you didn't read my other sentence:

What MikroTik still has to do is implement the equivalent of the "address-change-immediate-update" setting from Juniper: https://kb.juniper.net/InfoCenter/index ... id=KB31659

Their behavior right now is the same as the default Juniper behavior, so I would not call that a bug. Juniper added the address-change-immediate-update setting, which takes the delegated prefix from the DHCP session and copies it to the PPPoE session so it can be included in the interim-update for the PPPoE session. Without the equivalent of address-change-immediate-update, the DHCP session and PPPoE session remain disconnected.

One actual bug that I found is that it creates two dynamic simple queues for each user instead of one - a regular simple queue for the PPP interface and a second dual stack simple queue created by DHCP over RADIUS. The dual stack queue is redundant because the simple queue for the PPP interface by itself is enough to shape both IPv6 and IPv4.

mducharme · Tue Dec 08, 2020 2:59 am

1. When the accounting is being sent to radius the DHCP is creating seperate User Name=<MAC ID> which is not letting the Radius Fetch the Delegation Details.

Yes you didn't read my other sentence:

What MikroTik still has to do is implement the equivalent of the "address-change-immediate-update" setting from Juniper: https://kb.juniper.net/InfoCenter/index ... id=KB31659

Their behavior right now is the same as the default Juniper behavior, so I would not call that a bug. Juniper added the address-change-immediate-update setting, which takes the delegated prefix from the DHCP session and copies it to the PPPoE session so it can be included in the interim-update for the PPPoE session. Without the equivalent of address-change-immediate-update, the DHCP session and PPPoE session remain disconnected from one another.

One actual bug that I found is that it creates two dynamic simple queues for each user instead of one - a regular simple queue for the PPP interface and a second dual stack simple queue created by DHCP over RADIUS. The dual stack queue is redundant because the simple queue for the PPP interface by itself is enough to shape both IPv6 and IPv4. MikroTik should only create a dual stack dynamic simple queue from DHCPv6-PD if the DHCPv6-PD request is not over a PPP connection.

nithinkumar2000 · Tue Dec 08, 2020 5:47 am

1. When the accounting is being sent to radius the DHCP is creating seperate User Name=<MAC ID> which is not letting the Radius Fetch the Delegation Details.
Yes you didn't read my other sentence:

What MikroTik still has to do is implement the equivalent of the "address-change-immediate-update" setting from Juniper: https://kb.juniper.net/InfoCenter/index ... id=KB31659
Their behavior right now is the same as the default Juniper behavior, so I would not call that a bug. Juniper added the address-change-immediate-update setting, which takes the delegated prefix from the DHCP session and copies it to the PPPoE session so it can be included in the interim-update for the PPPoE session. Without the equivalent of address-change-immediate-update, the DHCP session and PPPoE session remain disconnected from one another.

One actual bug that I found is that it creates two dynamic simple queues for each user instead of one - a regular simple queue for the PPP interface and a second dual stack simple queue created by DHCP over RADIUS. The dual stack queue is redundant because the simple queue for the PPP interface by itself is enough to shape both IPv6 and IPv4. MikroTik should only create a dual stack dynamic simple queue from DHCPv6-PD if the DHCPv6-PD request is not over a PPP connection.

Hope Mikrotik Team May Implement the same soon.....

mducharme · Tue Dec 08, 2020 7:16 am

Hope Mikrotik Team May Implement the same soon.....

I hope so too. In the meantime, if you use FreeRADIUS, it is possible to work around this with a bit of unlang code to revise the PPPoE accounting lines since the MAC address can be used to reference either.

nithinkumar2000 · Tue Dec 08, 2020 1:48 pm

Hope Mikrotik Team May Implement the same soon.....
I hope so too. In the meantime, if you use FreeRADIUS, it is possible to work around this with a bit of unlang code to revise the PPPoE accounting lines since the MAC address can be used to reference either.

Can you please Share me how to do this?

mducharme · Tue Dec 08, 2020 10:16 pm

Can you please Share me how to do this?

I don't use unlang every day so I don't have the greatest handle on the syntax, but this should be close to what you need:

if (!Delegated-IPv6-Prefix) {
	update request {
		&Delegated-IPv6-Prefix = %{sql:select delegatedipv6prefix from radacct where username='%{Calling-Station-Id}' and Delegated-IPv6-Prefix is not null limit 1 desc}}
	}
}

emils · Tue Dec 15, 2020 1:23 pm

New version 6.48rc1 has been released in testing RouterOS channel:

viewtopic.php?f=21&t=170796