Ok, thank you so much!!No it is not the same as you can see by the build time.
/interface bridge
add name=brLO
/interface ethernet
set [ find default-name=ether10 ] comment=VLAN2001 disable-running-check=no
/interface vpls
add cisco-style=yes cisco-style-id=82 mac-address=02:6A:A2:0A:7E:19 name=vpls1 \
remote-peer=172.16.5.253
/ip address
add address=172.16.5.254 interface=brLO network=172.16.5.254
add address=172.16.5.9/30 interface=ether10 network=172.16.5.8
/ip route
add distance=1 dst-address=172.16.5.253/32 gateway=172.16.5.10
/mpls ldp
set enabled=yes lsr-id=172.16.5.254 transport-address=172.16.5.254
/mpls ldp interface
add interface=ether10
add name=brLO protocol-mode=none
/interface ethernet
set [ find default-name=ether2 ] l2mtu=2026 mtu=2008 speed=100Mbps
/interface vpls
add arp=enabled cisco-static-id=82 disabled=no mac-address=02:27:0C:2B:BE:A7 \
mtu=1500 name=vpls1 peer=172.16.5.254
/interface vlan
add interface=ether2 mtu=2000 name=vlan10 vlan-id=10
/ip address
add address=172.16.5.253 interface=brLO network=172.16.5.253
add address=172.16.5.10/30 interface=vlan10 network=172.16.5.8
/ip route
add disabled=no dst-address=172.16.5.254/32 gateway=172.16.5.9 routing-table=\
main suppress-hw-offload=no
/mpls ldp
add disabled=no lsr-id=172.16.5.253 transport-addresses=172.16.5.253
/mpls ldp interface
add accept-dynamic-neighbors=no disabled=no interface=vlan10 \
transport-addresses=172.16.5.253
system,error,critical router was rebooted without proper shutdown
system,error,critical kernel failure in previous boot
> /routing/bgp/advertisements
bad command name advertisements (line 1 column 14)
Works for me on RC2, tried several platforms arm,arm64,tile:How do we show BGP's advertised routes?
Manual mentions /routing/bgp/advertisements but no such command exists.Code: Select all> /routing/bgp/advertisements bad command name advertisements (line 1 column 14)
[admin@arm-bgp] /routing/bgp/advertisements> print
0 nlri=23.161.80.0 attrs=40010100500200060201000614704003040a9b65ba
Easy! The config is corrupt and is cleared on reboot. It would probably have happend when you had only rebooted. It is still happening in some cases in v7.HDevice has apparently reset itself WITHOUT default-config. Or at least in some weird state without IP-address and non-working WIFI (though enabled with default as far I can see). I am always wondering HOW that can be even happen.
Press update -> device reset. Shake my head.
On smips, the same. With netinstall, no previous config.Doesn't work on my hEX (RB750Gr3).
I also cannot advertise any BGP routes.
I'll give arm a try to see if it's architecture related.
MMM MMM KKK TTTTTTTTTTT KKK
MMMM MMMM KKK TTTTTTTTTTT KKK
MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK
MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK
MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK
MikroTik RouterOS 7.1rc2 (c) 1999-2021 https://www.mikrotik.com/
Do you want to see the software license? [Y/n]: n
Press F1 for help
[admin@MikroTik] > /routing/bgp/
connection session template vpn export
[admin@MikroTik] > /routing/bgp/advertisments
bad command name advertisments (line 1 column 14)
[admin@MikroTik] >
Hi,Kernel failure 5mins after setting cake to my simple queue..I sent you supout (SUP-58379)
.B ingress
.br
Indicates the qdisc is used on ingress (typically done with an IFB device).
Most notably, this counts drops as data transferred, making ingress shaping
more accurate, since packets will have already traversed the link before Cake
gets to choose what to do with them.
In addition, drops are also counted as data transferred for maintaining
fairness. This leads to the possibly unexpected result that with host fairness
enabled (see the
.B FLOW ISOLATION PARAMETERS
section), IPs with more simultaneous TCP flows may show lower total goodput than
IPs with fewer flows. This is expected, and is due to proportionally more
packets being dropped for congestion control when there are more active flows.
Clients can avoid this possible loss in goodput by either using fewer flows, or
enabling ECN for greater efficiency.
OK, I tried on some boards I had laying around at the office.Works for me on RC2, tried several platforms arm,arm64,tile:How do we show BGP's advertised routes?
Manual mentions /routing/bgp/advertisements but no such command exists.Code: Select all> /routing/bgp/advertisements bad command name advertisements (line 1 column 14)
Code: Select all[admin@arm-bgp] /routing/bgp/advertisements> print 0 nlri=23.161.80.0 attrs=40010100500200060201000614704003040a9b65ba
[admin@MikroTik] > /system/routerboard/print
routerboard: yes
board-name: hEX
model: RB750Gr3
revision: r4
serial-number: ...
firmware-type: mt7621L
factory-firmware: 6.46.3
current-firmware: 7.1rc2
upgrade-firmware: 7.1rc2
[admin@MikroTik] > /routing/bgp/
connection session template vpn export
[admin@MikroTik] > /routing/bgp/advertisments
bad command name advertisments (line 1 column 14)
[admin@MikroTik] > /system/routerboard/print
routerboard: yes
model: RouterBOARD 3011UiAS
serial-number: ...
firmware-type: ipq8060
factory-firmware: 3.27
current-firmware: 7.1rc2
upgrade-firmware: 7.1rc2
[admin@MikroTik] > /routing/bgp/advertisments
bad command name advertisments (line 1 column 14)
[admin@MikroTik] > /system/routerboard/print
routerboard: yes
board-name: hAP lite
model: RouterBOARD 941-2nD
serial-number: ...
firmware-type: qca9531L
factory-firmware: 3.24
current-firmware: 7.1rc2
upgrade-firmware: 7.1rc2
[admin@MikroTik] > /routing/bgp/
connection session template vpn export
[admin@MikroTik] > /routing/bgp/advertisments
bad command name advertisments (line 1 column 14)
[admin@MikroTik] > /system/routerboard/print
routerboard: yes
board-name: mAP lite
model: RouterBOARD mAP L-2nD
serial-number: ...
firmware-type: qca9531L
factory-firmware: 3.27
current-firmware: 7.1rc2
upgrade-firmware: 7.1rc2
[admin@MikroTik] > /routing/bgp/
connection session template vpn export
[admin@MikroTik] > /routing/bgp/advertisments
bad command name advertisments (line 1 column 14)
[admin@MikroTik] > /system/routerboard/print
routerboard: yes
model: 850Gx2
serial-number: ...
firmware-type: p1023
factory-firmware: 3.24
current-firmware: 7.1rc2
upgrade-firmware: 7.1rc2
[admin@MikroTik] > /routing/bgp/
connection session template vpn export
[admin@MikroTik] > /routing/bgp/advertisments
bad command name advertisments (line 1 column 14)
[admin@MikroTik] > /system/routerboard/print
routerboard: yes
model: 450
serial-number: ...
firmware-type: ar7100
factory-firmware: 2.18
current-firmware: 7.1rc2
upgrade-firmware: 7.1rc2
[admin@MikroTik] > /routing/bgp/
connection session template vpn export
[admin@MikroTik] > /routing/bgp/advertisments
bad command name advertisments (line 1 column 14)
Ok. Will that be added in the next rc?@chaos, it appears that the advertisement menu currently is not available for regular users because it is not completely finished.
Doesn't matter. Prior to manually writing advertisements (which I messed up, admittedly) I hit tab. As you can see there is no such command available.@chaos, you've misspelled advertisements as advertisments everywhere... copy-paste can be a dangerous weapon.
You are right, it does not advertise any BGP routes on CHR either! (configured without any route filters - I presume that would by default advertise all connected routes)I also cannot advertise any BGP routes.
I'll give arm a try to see if it's architecture related.
Oh lol. Actually the only config change I did before upgrading - and without reboot - was to generate a lets-encrypt certificate (because I had an SUPEE opened for that - now resolved). Maybe the upgrade did not like that LE-certificate residing somewhere in the void of router-storage omg. I am possibly the only one here that issued a LE-certificate and performed an upgrade. hahahahahaha. Always those edge-cases.....Easy! The config is corrupt and is cleared on reboot. It would probably have happend when you had only rebooted. It is still happening in some cases in v7.HDevice has apparently reset itself WITHOUT default-config. Or at least in some weird state without IP-address and non-working WIFI (though enabled with default as far I can see). I am always wondering HOW that can be even happen.
Press update -> device reset. Shake my head.
When you want to be sure, reboot before trying to update. Then you know if it is caused by the previous version or by the updating.
I believe in a previous beta that was working. You had to add a static route for each prefix you wanted to advertise.You are right, it does not advertise any BGP routes on CHR either! (configured without any route filters - I presume that would by default advertise all connected routes)I also cannot advertise any BGP routes.
I'll give arm a try to see if it's architecture related.
Wild guess: ingress/egress is automatically determined. Depending if you use it as download or upload queueMy requests are:
* Please add the Ingress keyword (trivial change)
* Give us the ability to create "really mega simple" queues that do not seperate the shaper and qdisc so that we can entirely bypass HTB and only use Cake shaper
Please Mikrotik
14:46:49 system,error,critical kernel failure in previous boot
14:46:53 igmp-proxy,info starting IGMP proxy forwarding
That is correct, I did see it working as well. I have a test router (CHR) which has a BGP session with our main router, normally it shows no prefixes but when I added a bridge with a dummy address that address was advertised and the prefix count went to 1. Not anymore.I believe in a previous beta that was working. You had to add a static route for each prefix you wanted to advertise.You are right, it does not advertise any BGP routes on CHR either! (configured without any route filters - I presume that would by default advertise all connected routes)
I don't remember for sure if that was the case exactly, but I remember that I really didn't like the new approach (as mentioned by others too).
That's what I did too:Cake seems to work now.
But I can only get the expected ingress performance by:
* Setting the Simple queue limits to Unlimited and the Cake specific limit to my target
* Setting the target slightly lower than the real speed because we are missing the Ingress keyword to compensate
Network advertisements+matching IGP route does not require routing filter to be set.I do not like the new method so much either, it is nice that it reduces the work to maintain "BGP networks" but it will likely increase the work on "Routing filters" and/or the number of mistakes.
hi @dksoftAnyone noticed that L2TP clients can no longer login after upgrade from rc1 to rc2?
I upgraded the server to rc2. Clients are on 6.48.4.hi @dksoftAnyone noticed that L2TP clients can no longer login after upgrade from rc1 to rc2?
did you upgrade client or server to rc2 ?
In v6 there was the tab "Networks" under BGP where you specify explicitly which local networks you want to distribute and where you could set a "synchronize" flag to only distribute them when they are active.Network advertisements+matching IGP route does not require routing filter to be set.
Redistribute (static, etc) does not require routing filter to be set.
The idea of controlling redistribution through routing filters (which was implemented in first betas) was scrapped, now it is the same as in v6, except that for BGP networks you always need IGP synchronized route.
except that for BGP networks you always need IGP synchronized route.
Please explain!except that for BGP networks you always need IGP synchronized route.
How do I add bgp network? I don't see that option in v7. Sure I know how that worked in v6.* add bgp network (this will work without any additional route config, because you already have connected route in the table)
What does /ip/firewall/address-list has to do with BGP?https://help.mikrotik.com/docs/display/ ... figuration
scroll down there is an example of how the v6 BGP network config translates to v7.
Ok I got it working...typo fixed.
Address list because it is reusable in other parts of configuration without the need of implementing a new list that cannot be reused. There were a lot of requests to integrate BGP with firewall address lists, so here it is, the same reusable list for firewall, routing filters, BGP, etc.
Still cannot upgrade the LTE modem on my LtAP mini LTE US kit.
When you want to upgrade, it got stuck (lost connection to internet)
[code[brg3466@LtAP] > /interface/lte/firmware-upgrade lte1 once
installed: R11eL_v05.03.183961
latest: R11eL_v05.04.193841
[brg3466@LtAP] > /interface/lte/firmware-upgrade lte1 upgrade=yes
status: checking
][/code]
@doneware, have you successfully completed the configuration of the tunnel? If so, could you please share the working server-side and client-side configuration?IPv6 support for L2TPv3 tunnels is finally here! great job! thanks a lot!
/interface wifiwave2
add configuration.country=Brazil .ssid="Guests" disabled=no mac-address=AA:BB:CC:DD:EE:12 master-interface=wifi1 name=wifi3 security.authentication-types=""
add configuration.country=Brazil .ssid="Guests" disabled=no mac-address=AA:BB:CC:DD:EE:13 master-interface=wifi2 name=wifi4 security.authentication-types=""
add configuration.country=Brazil .hide-ssid=yes .ssid="Guests OWE" disabled=no mac-address=AA:BB:CC:DD:EE:14 master-interface=wifi1 name=wifi5 security.authentication-types=owe .owe-transition-interface=wifi3
add configuration.country=Brazil .hide-ssid=yes .ssid="Guests OWE" disabled=no mac-address=AA:BB:CC:DD:EE:15 master-interface=wifi2 name=wifi6 security.authentication-types=owe .owe-transition-interface=wifi4
set security.owe-transition-interface=wifi5 wifi3
set security.owe-transition-interface=wifi6 wifi4
/queue interface
set wifi3 queue=hotspot-default
set wifi4 queue=hotspot-default
set wifi5 queue=hotspot-default
set wifi6 queue=hotspot-default
/
/interface wifiwave2
add configuration.country=Brazil .ssid="Guests" disabled=no mac-address=AA:BB:CC:DD:EE:12 master-interface=wifi1 name=wifi3 security.authentication-types="" .owe-transition-interface=wifi5
add configuration.country=Brazil .ssid="Guests" disabled=no mac-address=AA:BB:CC:DD:EE:13 master-interface=wifi2 name=wifi4 security.authentication-types="" .owe-transition-interface=wifi6
add configuration.country=Brazil .hide-ssid=yes .ssid="Guests OWE" disabled=no mac-address=AA:BB:CC:DD:EE:14 master-interface=wifi1 name=wifi5 security.authentication-types=owe .owe-transition-interface=wifi3
add configuration.country=Brazil .hide-ssid=yes .ssid="Guests OWE" disabled=no mac-address=AA:BB:CC:DD:EE:15 master-interface=wifi2 name=wifi6 security.authentication-types=owe .owe-transition-interface=wifi4
/queue interface
set wifi3 queue=hotspot-default
set wifi4 queue=hotspot-default
set wifi5 queue=hotspot-default
set wifi6 queue=hotspot-default
/
/interface wifiwave2
# OWE transition mode misconfiguration
add configuration.country=Brazil .ssid="Guests" disabled=no mac-address=AA:BB:CC:DD:EE:12 master-interface=wifi1 name=wifi3 security.authentication-types="" .owe-transition-interface=wifi5
# OWE transition mode misconfiguration
add configuration.country=Brazil .ssid="Guests" disabled=no mac-address=AA:BB:CC:DD:EE:13 master-interface=wifi2 name=wifi4 security.authentication-types="" .owe-transition-interface=wifi6
add configuration.country=Brazil .hide-ssid=yes .ssid="Guests OWE" disabled=no mac-address=AA:BB:CC:DD:EE:14 master-interface=wifi1 name=wifi5 security.authentication-types=owe .owe-transition-interface=wifi3
add configuration.country=Brazil .hide-ssid=yes .ssid="Guests OWE" disabled=no mac-address=AA:BB:CC:DD:EE:15 master-interface=wifi2 name=wifi6 security.authentication-types=owe .owe-transition-interface=wifi4
/queue interface
# OWE transition mode misconfiguration
set wifi3 queue=hotspot-default
# OWE transition mode misconfiguration
set wifi4 queue=hotspot-default
set wifi5 queue=hotspot-default
set wifi6 queue=hotspot-default
/
/interface wifiwave2
# OWE transition mode misconfiguration
add configuration.country=Brazil .hide-ssid=yes .ssid="Guests OWE" disabled=no mac-address=AA:BB:CC:DD:EE:12 master-interface=wifi1 name=wifi3 security.authentication-types=owe .owe-transition-interface=wifi5
# OWE transition mode misconfiguration
add configuration.country=Brazil .hide-ssid=yes .ssid="Guests OWE" disabled=no mac-address=AA:BB:CC:DD:EE:13 master-interface=wifi2 name=wifi4 security.authentication-types=owe .owe-transition-interface=wifi6
add configuration.country=Brazil .ssid="Guests" disabled=no mac-address=AA:BB:CC:DD:EE:14 master-interface=wifi1 name=wifi5 security.authentication-types="" .owe-transition-interface=wifi3
add configuration.country=Brazil .ssid="Guests" disabled=no mac-address=AA:BB:CC:DD:EE:15 master-interface=wifi2 name=wifi6 security.authentication-types="" .owe-transition-interface=wifi4
Had the same issue upgrading from rc1 -> rc2Easy! The config is corrupt and is cleared on reboot. It would probably have happend when you had only rebooted. It is still happening in some cases in v7.HDevice has apparently reset itself WITHOUT default-config. Or at least in some weird state without IP-address and non-working WIFI (though enabled with default as far I can see). I am always wondering HOW that can be even happen.
Press update -> device reset. Shake my head.
When you want to be sure, reboot before trying to update. Then you know if it is caused by the previous version or by the updating.
I think I may have solved my reboot-clears-config bug on my RB4011iGS+5HacQ2HnD, but it is still early days!!.Had the same issue upgrading from rc1 -> rc2
Easy! The config is corrupt and is cleared on reboot. It would probably have happend when you had only rebooted. It is still happening in some cases in v7.
When you want to be sure, reboot before trying to update. Then you know if it is caused by the previous version or by the updating.
Seemed to destroy prior config (on boot?)
When trying to reset to defaults, /system/default-configuration/print shows no script under script. Only caps-mode script present.
Going to try a clean netinstall to see if i get same results
Edit: device is a RB4011iGS+5HacQ2HnD
That was one of the first things I tried as well, but per documentation, ldp signaled vpls is only "partially working" First tried with two rb750s, then I tested with a ccr1009 and a ccr2004, and the 2004 crashes. Hoping they green light this soon.VPLS causes an immediate crash. I have to disable it on the far side to get the router out of a reboot loop.
Thank you for the configuration example. I've reported it internally. The issue arises when both of the linked transition-mode interfaces are virtual APs.v7.1rc2 still doesn't know how to properly bring OWE interfaces up.
Is this issue known? Should I report to support?
Thanks for that info, that will make it easier to experiment with the upgrading process before trying it in the production network!You can, loading v6 backup into v7 is the same as upgrading from v6 to v7. Crossfig will try to convert the old config to a new one.
I got the same problem with my Hap ac^3 with wifiwave2 installed.LEDs seem to be broken since v7.1rc1 on the Audience.
There is no way to configure the LEDs, it seems like they are not added to the boards configuration anymore.
2021-08-31_18-26.png
"?" has been replaced by F1And typing “?” on CLI just gives red warning, instead of list of possible commands
Well noted on this, thanks!"?" has been replaced by F1And typing “?” on CLI just gives red warning, instead of list of possible commands
Hi Raimonds,"?" has been replaced by F1
v7rc2 ... is a release candidate #2 for version 7.0.0What is the difference between v7.1rc2 and v7rc2?
My first guess based on history is change quotas. ROS7 is the star citizen of networking.Hi Raimonds,"?" has been replaced by F1
Why was this changed?
Hi,Hi Raimonds,"?" has been replaced by F1
Why was this changed?
Confirmed, this is still an issue on my CCR2004-1G-12S+2XS. PCAP shows UDP datagrams with correct lengths but filled with zeroes, no useful data.remote logging with BSD Syslog flag enabled produces unreadable logs in remote syslog server (full of #000#000#000#000).
Still present i rc2
P.S. There is an internal discussion to restore the old "?" behavior based on the context.
Why, should not 7.0.0 be finished before starting to work on 7.1.0.v7rc2 ... is a release candidate #2 for version 7.0.0What is the difference between v7.1rc2 and v7rc2?
v7.1rc2 ... is a release candidate #2 for version 7.1.0
Thank you for the insight.P.S. There is an internal discussion to restore the old "?" behavior based on the context. It could mean that the ROS console will try to guess if the user wants help or the "?" character at the current cursor position. While F1 will always display help and "\?" always lead to the character. But those are only discussions. No promises for the implementation
There is no 7.0.0Why, should not 7.0.0 be finished before starting to work on 7.1.0.
v7rc2 ... is a release candidate #2 for version 7.0.0
v7.1rc2 ... is a release candidate #2 for version 7.1.0
This is just confusing, working on RC2 on two different train at the same time.
Well, Netinstall is usually confusing to new users and while I have used it before, when I required to netinstall a device recently it again was a pain to get it working.I am online again thanks to my Hex-S. The 4011 won't accept Netinstall and I can now at least read up on Netinstall. Going back to 6.49Beta36 did not help this time and the I have no access through IP and no Internet.
When I start Netinstall it sees the router and when I press install it says offering and after 30 seconds ready....and nothing happened. The bar does not fill up.
Update:
Tried it with a different computer, the result is the same. No progress.
ROS7 is the star citizen of networking.
What is this then:There is no 7.0.0
Why, should not 7.0.0 be finished before starting to work on 7.1.0.
This is just confusing, working on RC2 on two different train at the same time.
There is only 7.1 RC1, that will lead to 7.1
I will ask daily, no worries.Does CCR2004 still crash using capsman?
On a test today I started capsman and connected a client, it provisioned client and is still running. Not using it for anything, just test device.I will ask daily, no worries.Does CCR2004 still crash using capsman?
That is a typo/omission - it should say v7.1rc2, not 7RC2. There is no such thing as v7.0rc2.
So its this version 7.1rc2 that also contain ZeroTier. Thanks. MT should correct the thread header for the other thread.That is a typo/omission - it should say v7.1rc2, not 7RC2. There is no such thing as v7.0rc2.
Currently there are no known issues with CAPsMAN in v7.CCR2004 Still crashes when a cap tries to register, but not provision.
I want a formal apology.
HotLock mode hotkey has been changed too. Now it is F7 (Ctrl-V removed). Winbox Terminal still doesn't support Ctrl-V, though. You have to press Shift+Ins to paste. But at least now you won't accidentally activate HotLock mode while trying to paste.When you start replacing console hotkeys that are plain ASCII characters with "function keys" it may be time to finally replace the Ctrl-V hotkey with something else!
People think (and rightly so!) that Ctrl-V means "paste" and they are quite surprised when they see the effect in a console (usually they think something is defective).
Are those types of changes documented somewhere?HotLock mode hotkey has been changed too. Now it is F7 (Ctrl-V removed). Winbox Terminal still doesn't support Ctrl-V, though. You have to press Shift+Ins to paste. But at least now you won't accidentally activate HotLock mode while trying to paste.
Can you send a supout.rif file to support@mikrotik.com? I am unable to reproduce the issue, the route is properly installed on the router.We do have a small problem with PPPoE server.
In some cases we give the client also a subnet, in v6 we dit it with the "routes" in the PPP secret, but it looks like this is not working in v7..
I had the same problem, so I rollback to rc1.Anyone noticed that L2TP clients can no longer login after upgrade from rc1 to rc2?
I do receive a message "l2tp,info INFO: first L2TP UDP packet received from 3911551f:861e:54a6:d222:cd76:6a5" many times.
Reverting back to rc1 makes L2TP login possible right away, upgrading to rc2 again makes them fail.
"Currently there are no known issues with CAPsMAN in v7."Currently there are no known issues with CAPsMAN in v7.CCR2004 Still crashes when a cap tries to register, but not provision.
I want a formal apology.
Please open a formal bug report through support@mikrotik.com
Could you provide me with the ticket number?"Currently there are no known issues with CAPsMAN in v7."
Currently there are no known issues with CAPsMAN in v7.
Please open a formal bug report through support@mikrotik.com
I just found it, and no I will not log a ticket. It gets old hearing "We were unable to recreate the issue".
Ya'll couldn't recreate a ham sandwich if i sent you the schematic in CAD.
Can you both please send your supout.rif files to support@mikrotik.com?I had the same problem, so I rollback to rc1.Anyone noticed that L2TP clients can no longer login after upgrade from rc1 to rc2?
I do receive a message "l2tp,info INFO: first L2TP UDP packet received from 3911551f:861e:54a6:d222:cd76:6a5" many times.
Reverting back to rc1 makes L2TP login possible right away, upgrading to rc2 again makes them fail.
I've just rebooted and my configuration was wiped. I'm going back to the stable v6 channel. I do have a support ticket open (SUP-58017) for this issues, granted I raised it against 7.1RC1.I think I may have solved my reboot-clears-config bug on my RB4011iGS+5HacQ2HnD, but it is still early days!!.
Had the same issue upgrading from rc1 -> rc2
Seemed to destroy prior config (on boot?)
When trying to reset to defaults, /system/default-configuration/print shows no script under script. Only caps-mode script present.
Going to try a clean netinstall to see if i get same results
Edit: device is a RB4011iGS+5HacQ2HnD
What I ended up doing is going to back the latest v6 stable, applying a stripped back version of my config (minus wg, etc.), rebooting the router to make sure it came back ok. Then I upgraded it to 7.1rc2 from within RouterOS (I couldn't get NetInstall to flash it while running v6). Once it was updated, I then re-applied the RouterOS 7 config (wg, etc.).
So far it's been fine and I have rebooted it several times, I'll be rebooting it often to make sure it is fixed. I don't want to find out my config is gone when the power cut happens
One thing I have noticed that isn't fixed, `routing-marks` in the exported config is still be exported as '*4000' instead of their actual text value.
/ipv6 firewall nat
add chain=srcnat action=netmap out-interface=WAN1 to-address=2001:db8:0:1::/64
add chain=srcnat action=netmap out-interface=WAN2 to-address=2001:db8:0:2::/64
Just chiming in again that I can second this. Thanks msatter for testing I always look for your reports.The PPPoE through a SFP still drops back to a MTU of 1480...it was fixed in Beta 6.49 so please patch ROS 7.x also.
Same hereJust chiming in again that I can second this. Thanks msatter for testing I always look for your reports.The PPPoE through a SFP still drops back to a MTU of 1480...it was fixed in Beta 6.49 so please patch ROS 7.x also.
In such situations you should do a /export of the full configuration and maybe also a backup, install the newer version, and restore the configuration from a localRB2011 still locked in 7.1beta6 (no upgrade path)
done please see ticket number belowThank you very much for your reports, they help us a lot to proceed further.
Currently our very big concern is random configuration lost on some occasions. It would be great anybody experience configuration lost provide us with information,
- routerboard model used;
- configuration used on the device
You can send information to support@mikrotik.com
I found where the problem is caused from. Please see here: viewtopic.php?f=1&t=178133#p876697Can you both please send your supout.rif files to support@mikrotik.com?I had the same problem, so I rollback to rc1.
Must set the use IPv6 flag in the PPP Profile, also if you enabled default route in the PPPoE login, do not set it in dhcpv6-client.IPv6 no longer appears to work over PPPoE after updating to v7.*. Works fine on v6.* though.
Same here. Blue led appears during boot, but green led during normal operation is not lit.LEDs seem to be broken since v7.1rc1 on the Audience.
There is no way to configure the LEDs, it seems like they are not added to the boards configuration anymore.
2021-08-31_18-26.png
IPv6 towards PPPoE really doesn't work. I have rised ticket and sent supout.rif file, but it is not solved yet.Must set the use IPv6 flag in the PPP Profile, also if you enabled default route in the PPPoE login, do not set it in dhcpv6-client.IPv6 no longer appears to work over PPPoE after updating to v7.*. Works fine on v6.* though.
IPv6 actually works but I also had many problems after migration from v6.
Darn, I just was told by support that the backups where broken and are still broken in 6.49beta. This a BIG problem to me and I have to wait for the next version to be able to make a backup that I can use to restore. Till then it is manual importing stuff from a RSC export file if needed.In such situations you should do a /export of the full configuration and maybe also a backup, install the newer version, and restore the configuration from a localRB2011 still locked in 7.1beta6 (no upgrade path)
winbox connected to the MAC address. (so you can wipe it entirely before importing the export)
Remember that importing an export does not restore users and their passwords, and certificates. So when you have them, your safer bet may be via the backup.
FastPath is a PMD hook into a userspace forwarding plane.I wouldn't count on wireguard, openvpn or zerotier use any Fastpath. They are all CPU based.
......
set api disabled=yes
set winbox port=8291
set api-ssl disabled=yes
#error exporting /ip/ssh
/system clock
set time-zone-name=Europe/Warsaw
/system identity
.......
[admin@Testv7] /ip/ssh> pr
forwarding-enabled: no
always-allow-password-login: no
strong-crypto: yes
allow-none-crypto: no
host-key-size: 4096
[admin@Testv7] /ip/ssh>
/interface/wireless/access-list/set private-pre-shared-key=testing123 [ find ]
i'm also on hapac2, i can export config just fine with enabling strong-crypto, the only caveats is I should backup the config without password otherwise the backup file won't be restored successfully, already filed a ticket on this weird bugOn hAP ac^2 if I set "strong-crypto=yes" in IP/SSH/ and try to export config of entire device, it takes a very long time and finally in file is error about SSH and this section is not exported:
Config view from console :Code: Select all...... set api disabled=yes set winbox port=8291 set api-ssl disabled=yes #error exporting /ip/ssh /system clock set time-zone-name=Europe/Warsaw /system identity .......
Code: Select all[admin@Testv7] /ip/ssh> pr forwarding-enabled: no always-allow-password-login: no strong-crypto: yes allow-none-crypto: no host-key-size: 4096 [admin@Testv7] /ip/ssh>
Interesting, I also have discovered how to reproduce. It happens if you set key size to 4096 and try to export config. In my case it caused to take ~2mins and 40% CPU load(and error line in exported file).i'm also on hapac2, i can export config just fine with enabling strong-crypto, the only caveats is I should backup the config without password otherwise the backup file won't be restored successfully, already filed a ticket on this weird bugOn hAP ac^2 if I set "strong-crypto=yes" in IP/SSH/ and try to export config of entire device, it takes a very long time and finally in file is error about SSH and this section is not exported:
Config view from console :Code: Select all...... set api disabled=yes set winbox port=8291 set api-ssl disabled=yes #error exporting /ip/ssh /system clock set time-zone-name=Europe/Warsaw /system identity .......
Code: Select all[admin@Testv7] /ip/ssh> pr forwarding-enabled: no always-allow-password-login: no strong-crypto: yes allow-none-crypto: no host-key-size: 4096 [admin@Testv7] /ip/ssh>
Must set the use IPv6 flag in the PPP Profile, also if you enabled default route in the PPPoE login, do not set it in dhcpv6-client.IPv6 no longer appears to work over PPPoE after updating to v7.*. Works fine on v6.* though.
IPv6 actually works but I also had many problems after migration from v6.
That seems to have cured it.if you enabled default route in the PPPoE login, do not set it in dhcpv6-client.
I agree, that would be super.Hi Mikrotik
i like to ask, is there any chance to solve issue/problem with "hidden" ipv6 address/route ?
here i mean, IPV6 -> Settings -> Accept router advertisements -> YES
it is sooooo confusing, that there is no v6 address and no v6 route listed
so, when you are in hurry, and things are working very strange, it is time consuming to hunt down "why the hell this router could do v6, and other no" ... then you realize that someone turned on SLAAC
and then start coursing, and wondering, how could it be? routing equipment without routing info ...
so, any chance to UNhide these v6 info ?
( did i asked politely this time? )
This was reported back in the RC1 thread (another user opened a SUP). Even with a netinstall it is not possible to upgrade past beta 6.In such situations you should do a /export of the full configuration and maybe also a backup, install the newer version, and restore the configuration from a localRB2011 still locked in 7.1beta6 (no upgrade path)
winbox connected to the MAC address. (so you can wipe it entirely before importing the export)
Remember that importing an export does not restore users and their passwords, and certificates. So when you have them, your safer bet may be via the backup.
I did not noticed that. That is maybe the cause the PPPoE dropped back to 1480 after connecting at 1500.MTU >1500 is still unsupported on RB4011 on sfp+ port.
When will you turn on bfd in ros7?v6 BGP config conversion is already there since beta 2:
https://help.mikrotik.com/docs/display/ ... col+Status
Yes, that is important for us too! Or when BFD is considered to be deprecated, some replacement for it to quickly signal loss of a link used for BGP.When will you turn on bfd in ros7?
i agree fullyPlease add an option to /import, or make it the default behavior, to print the imported line when an error occurs (in addition to the error message), and to continue the import.
As it is now, it is very difficult to import rsc files as even with the slightest difference in features the import stops and prints only the error message (like "item already exists") without context.
The "verbose" option can be used, but it prints everything and it still does not continue after the error so repeated attempts with from-line option are required
Please add an option to /import, or make it the default behavior, to print the imported line when an error occurs (in addition to the error message), and to continue the import.
As it is now, it is very difficult to import rsc files as even with the slightest difference in features the import stops and prints only the error message (like "item already exists") without context.
The "verbose" option can be used, but it prints everything and it still does not continue after the error so repeated attempts with from-line option are required
local keywords "RAW led DHCP"
local skip false
:local section do={:if ($1 in $keywords) do={local skip true} else={$1; local skip false} on-error={:log warning "Section $1 not available on this device"; local skip true}}
:local add do={:if (skip = false) do={add $1} else={:log warning "Skipped adding $1"}}
$section "/ip firewall mangle"
$add "comment=nothing"
$add "comment=nothing"
$section "/ip firewall RAW"
$add "comment=nothing"
$add "comment=nothing"
MQS+powerbank: the sysadmin's best friend. https://mikrotik.com/product/mqsand by golly, where the heck did I keep its original PoE box? [ sigh, the life of a sysadmin ]
Nice! Unfortunately that would arrive here a bit late in the game.MQS+powerbank: the sysadmin's best friend. https://mikrotik.com/product/mqsand by golly, where the heck did I keep its original PoE box? [ sigh, the life of a sysadmin ]
I use Queue Trees so I don't think there's a way to guess...Wild guess: ingress/egress is automatically determined. Depending if you use it as download or upload queueMy requests are:
* Please add the Ingress keyword (trivial change)
* Give us the ability to create "really mega simple" queues that do not seperate the shaper and qdisc so that we can entirely bypass HTB and only use Cake shaper
Please Mikrotik
That's definitely the cause. No amount of manipulation with L2MTU/MTU causes packets >1500 bytes to pass at least on sfpplus port (didn't check other ports). I opened a support ticket on this issue, that's now months old. There were problems with this in ROS6, but not as bad as in ROS7 now.I did not noticed that. That is maybe the cause the PPPoE dropped back to 1480 after connecting at 1500.MTU >1500 is still unsupported on RB4011 on sfp+ port.
/ip smb shares
add comment="default share" directory=/pub name=pub
+add comment="default share" directory=/pub name=pub
/ip smb users
add name=guest
+add name=guest
/ip smb shares
add comment="default share" directory=/pub name=pub
add comment="default share" directory=/pub name=pub
+add comment="default share" directory=/pub name=pub
/ip smb users
add name=guest
add name=guest
+add name=guest
add comment="default share" directory=/pub name=pub
add comment="default share" directory=/pub name=pub
add comment="default share" directory=/pub name=pub
+add comment="default share" directory=/pub name=pub
/ip smb users
add name=guest
add name=guest
add name=guest
+add name=guest
SMB support should be removed from RouterOS! This kind of thing does not belong in a router and is not required anymore.
my rb2011uias-rm has the same issue, kernel boot failure with 7.1rc2 installRB2011 still locked in 7.1beta6 (no upgrade path)
You can probably implement that via RADIUS authentication and a solution on your RADIUS server?One More feature request, can we have a 2FA (MFA) Please
I don't think it's doable, until MT add PAP capability for login, as I recall 2FA using RADIUS, required PAP, while MT doesn't support PAPYou can probably implement that via RADIUS authentication and a solution on your RADIUS server?One More feature request, can we have a 2FA (MFA) Please
I also don't know if it is supposed to be there either...I also did not see dude in 7.1rc2 but do not know if it is supposed to be there. I will wait for v71rc3 and try again.
Ain't that the absolute 100% truth. Nobody can fix my kernal panics or it would be fixed already.Rfulton, what do you expect from us on the forum? Nobody here can help you - please create a supout.rif after the crash and send it to support.
First it's kernel and not kernal, second you need to create a supout file and send it to Mikrotik support email in order to properly report a bug.KERNAL panic after 3 days on rc2. ccr2004. no i won't log a ticket
First it's kernel and not kernalKERNAL panic after 3 days on rc2. ccr2004. no i won't log a ticket
+1. At least please print the imported line.Please add an option to /import, or make it the default behavior, to print the imported line when an error occurs (in addition to the error message), and to continue the import.
As it is now, it is very difficult to import rsc files as even with the slightest difference in features the import stops and prints only the error message (like "item already exists") without context.
The "verbose" option can be used, but it prints everything and it still does not continue after the error so repeated attempts with from-line option are required
First it's kernel and not kernal,KERNAL panic after 3 days on rc2. ccr2004. no i won't log a ticket
Walnuts have kernels....... I thought only popcorn had kernels
First it's kernel and not kernal,
[sarcasm]
What is this kernel you all are talking about? The only kernel I know is a walnut kernel.
[/sarcasm]
Cake seems to work now.
But I can only get the expected ingress performance by:
* Setting the Simple queue limits to Unlimited and the Cake specific limit to my target
* Setting the target slightly lower than the real speed because we are missing the Ingress keyword to compensate
My requests are:
* Please add the Ingress keyword (trivial change)
* Give us the ability to create "really mega simple" queues that do not seperate the shaper and qdisc so that we can entirely bypass HTB and only use Cake shaper
Please Mikrotik
Code: Select all.B ingress .br Indicates the qdisc is used on ingress (typically done with an IFB device). Most notably, this counts drops as data transferred, making ingress shaping more accurate, since packets will have already traversed the link before Cake gets to choose what to do with them. In addition, drops are also counted as data transferred for maintaining fairness. This leads to the possibly unexpected result that with host fairness enabled (see the .B FLOW ISOLATION PARAMETERS section), IPs with more simultaneous TCP flows may show lower total goodput than IPs with fewer flows. This is expected, and is due to proportionally more packets being dropped for congestion control when there are more active flows. Clients can avoid this possible loss in goodput by either using fewer flows, or enabling ECN for greater efficiency.