MikroTik

Posted: **Fri Jan 27, 2023 6:11 pm**

My l3hw offload for ipv6 on a crs317 works with no issues. Here is my ipv6 specific config:

/interface ethernet switch
set 0 l3-hw-offloading=yes
/interface ethernet switch l3hw-settings
set ipv6-hw=yes
/ipv6 address
add address=fd00:70::1 interface=vlan70
add address=fd00::2 advertise=no interface=vlan10
add address=fd00:5::1 interface=vlan500
add address=fd00:6::1 interface=vlan600
add address=fd00:4::1 interface=vlan400
add from-pool=from_comcast_vlan400 interface=vlan400
add from-pool=from_comcast_vlan500 interface=vlan500
add from-pool=from_comcast_vlan600 interface=vlan600
/ipv6 dhcp-client
add interface=vlan600 pool-name=from_comcast_vlan600 request=prefix use-peer-dns=no
add interface=vlan500 pool-name=from_comcast_vlan500 request=prefix use-peer-dns=no
add interface=vlan400 pool-name=from_comcast_vlan400 request=prefix use-peer-dns=no
/ipv6 nd
set [ find default=yes ] advertise-dns=no ra-delay=5s ra-interval=30s-1m
/ipv6 nd prefix default
set preferred-lifetime=1h valid-lifetime=2h
/ipv6 route
add disabled=no dst-address=::/0 gateway=fd00::1 routing-table=main

Posted: **Fri Jan 27, 2023 7:00 pm**

RB5009. The DNS server is on. Memory is melting before my eyes. Looks like a leak.

Posted: **Fri Jan 27, 2023 7:58 pm**

RB5009. The DNS server is on. Memory is melting before my eyes. Looks like a leak.

.
Already reported by some on this thread, complete radio silence from Mikrotik on that matter.

Posted: **Sat Jan 28, 2023 11:33 am**

The DNS leak requires more research. I do not see it at all. People who experience it should probably try to identify what use case triggers it.
(we saw the report by someone operating WiFi in a restaurant - that is a completely uncontrolled situation. but when someone sees it on their home router or in a company that is closed during weekends, maybe they can identify what kind of lookups causes a leak. could be things like repeated lookup of the same small-TTL item, repeated lookup of nonexisting names, etc etc)

Posted: **Sat Jan 28, 2023 12:18 pm**

Long time v.7 bug still not fixed:
BGP peers on WinBox always show 0

Screenshot 2023-01-28 121331.png

On CLI count-only working only without any where clause:

/routing/route/print count-only
56

/routing/route/print count-only  where belongs-to="bgp-IP-......."
0

Posted: **Sat Jan 28, 2023 12:24 pm**

That has been fixed in 7.8beta2.

/routing/route/print count-only  where belongs-to="bgp-IP-44.137.61.1"
86

Posted: **Sun Jan 29, 2023 9:01 pm**

Hi,

with fw 7.4.1 no problem to see sfp info but with fw 7.7 not impossible to see information
maybe with new version I can see all info, btw both sfp are Mikrotik,

I do some tests with others sfp models I can see info!

Thank you

Posted: **Mon Jan 30, 2023 10:32 am**

That has been fixed in 7.8beta2.
Code: Select all
/routing/route/print count-only  where belongs-to="bgp-IP-44.137.61.1"
86

@WinBox still count always is 0
but...
in 7.8beta2 belongs-to= clause is gone!
writing in other topic about it...

Posted: **Mon Jan 30, 2023 10:39 am**

Sorry MT, but I have still a problem with L3HW-offloading with IPv6 in this release. After activating on a CRS326-24G-2S+ the switch reboots spontanious without any obvious reason.
After the reboot the LOG shows:
hc_401.jpg
I opened a ticket with this problem also with 7.6Beta (SUP-92398), and it seems to be fixed with one of the newer 7.7BetaXX, but it wasn´t.
And even not with 7.7 stable. :-/

There´s nothing special on the switch, only 3 VLANS, IPv4 and IPv6 addresses, that´s all.
The connection to the rest of the network is established via a 10GBit fiber connection.

Has anybody else similar experiences??

does the CRS do any NAT related stuff or inter vlan routing?
bit hard to tell without knowing the config.
cheers

Posted: **Thu Feb 02, 2023 8:59 am**

It seems, that Mangle Rules are not working properly with wireguard.

I have a Chateau LTE12 here, which is used as a kind of backup - router.
So it uses a different Standardgateway instead of the lte1 - Interface.
But I have some tunnels ( OVPN and Wireguard ) coming in via lte1 - Interface.

So as on ROS 6,
I created 2 Mangle Rules and a new entry in the routing tables.
1st Mangle Rule does a new connection mark on lte1
2nd Mangle Rule does a new routing mark on the new connection mark using the created entry in the routing tables

Routing entries:
0.0.0.0/0 -> Gateway 1 -> Other Router -> Distance 2
0.0.0.0/0 -> Gateway 2 -> lte1 -> Distance 3
0.0.0.0/0 -> Gateway 3 -> lte1 - New Routing Mark -> Distance 1

This works perfect with all my OVPN ( TCP ) - Tunnels !
But Wireguard completely ignors Routing entry "Gateway 3"
always using Gateway 1.

Can anyone confirm this or must there be a different configuration with Wireguard ( UDP ) - Tunnels ?

Manfred

Posted: **Thu Feb 02, 2023 9:09 am**

1) ROS6 didn't have Wireguard
2) What if you point instead of lte1 to the name of your wireguard interface ? Because that's where you need to go through. Once in the tunnel, it doesn't care about the underlying medium. Wireguard will take care of that.
3) could be a config issue. Please start a new thread with full exposure of your config (minus private keys and serial number).

Posted: **Thu Feb 02, 2023 9:43 am**

Hi all
can someone tell me what this error is and where to look?

mikrotik disconnected, key handshake timeout, signal strength -95

Thanks

Posted: **Thu Feb 02, 2023 11:04 am**

- signal too weak
- wrong password

Posted: **Thu Feb 02, 2023 1:22 pm**

the router is located in a one-room apartment. are you kidding me? the password is correct since this situation is treated by reconnecting to the wifi network. What now?

Posted: **Thu Feb 02, 2023 2:00 pm**

the router is located in a one-room apartment. are you kidding me? the password is correct since this situation is treated by reconnecting to the wifi network. What now?

no kidding ... error message could point to those 2 possible factors

Posted: **Thu Feb 02, 2023 2:01 pm**

Make new thread, but also in it, include wireless config full output.

Posted: **Thu Feb 02, 2023 5:31 pm**

Hi,

with fw 7.4.1 no problem to see sfp info but with fw 7.7 not impossible to see information
maybe with new version I can see all info, btw both sfp are Mikrotik,

I do some tests with others sfp models I can see info!

Thank you

FLEXOPTIX SFP's (10G) working fine and showing details.

Posted: **Fri Feb 03, 2023 9:16 pm**

Does anyone know if regex is working in Logging, from syslog messages by chance?
if my string says "This is a test string with a [WARN] label in it", and I'm trying to hit on WARN, I am thinking I just need to put either WARN or "WARN" in the regex box, to get it to notify me.

I cannot get it to work however.
Thoughts?

Thank you!
Rod

Posted: **Fri Feb 03, 2023 9:22 pm**

Please don't ask HOWTO questions in a release topic!

Posted: **Sat Feb 04, 2023 4:53 pm**

CRS317 just upgraded to 7.7 with OSPF + BGP + L3HW offload. Routes learned via OSPF don't always get pushed to the switch chip. In this particular setup, the 317 has two equal cost paths to a 310 (also OSPF + BGP + L3HW offload), which has a single path to a 2004. When the adjacency comes up between the 2004 and the 310, the 317 won't send the traffic to the 310 unless I manually disable/enable L3HW offload. When the adjacency drops, the route is properly withdrawn; when it returns, the route populates in the table but not in the switch.

SUP-106771 submitted.

(I'll try to build this up in the lab with identical hardware to see if I can post a replicable config.)

Posted: **Sat Feb 04, 2023 7:24 pm**

Device: RB5009
Firmware : v7.7
Use case/ Problem:
Run Adguard Home as a container with RB5009. Its data is mounted as usb1, an external USB - SanDisk Ultra Fit USB 3.1.

Mounted as usb1.png

Everything is fine until I reboot RB5009 after 10 days.
Originally, SanDisk Ultra Fit's slot is usb1. After a reboot, SanDisk Ultra Fit got a different slot usb2!

Container not work.png

This breaks the Adguard container as files are supposed in usb1. Have to reboot RB5009 a few times before SanDisk Ultra Fit is available as usb1.

Questions:
1) Apparently, RB5009 has a single USB port only. Why on earth disk print shows usb1 and usb2 ?

disk print
Flags: E, M, F - FORMATTING; b - BLOCK-DEVICE
Columns: SLOT, MODEL, SERIAL, INTERFACE, SIZE, FREE
#    SLOT  MODEL              SERIAL                INTERFACE                    SIZE            FREE
0 Mb usb1  SanDisk Ultra Fit  4xxx                  USB 3.00 5000Mbps  15 376 318 464  14 991 310 848
1 E  usb2                                           USB 2.10 480Mbps

2) Now, whenever RB5009 is rebooted, there is a risk of losing network as Adguard Home container uses as a DNS just stopped due to the usb name issue (sometimes it is usb2 instead of usb1). Any solution to this usb slot name does not stay the same after reboot problem?

Posted: **Sun Feb 05, 2023 1:46 pm**

just stumbled upon this - but does anybody know what's going on on a RB1100AHx4 DE to not recognize its own hardware?

it has 3 UNKNOWN DEVICES on its PCI bus.

sysResPCI_v7.7 _RB1100AHx4DudeE.png

Posted: **Sun Feb 05, 2023 1:52 pm**

CRS317 just upgraded to 7.7 with OSPF + BGP + L3HW offload. Routes learned via OSPF don't always get pushed to the switch chip.
....

I've verified at least one configuration where I can reproduce the problem on 7.4.1, 7.6, and 7.7.

CRS317 -> Redundant VLANs out single SFP+ -> CRS328 -> paired VLANs split across two gigabit links -> combined at RB4011 -> CRS310 -> CCR2004

The 317 and 310 are in L3HW offload mode.

The 317 has four VLANs, two to the 4011 and two to the 310. The VLANs are split by the 328 across two gigabit RF links for load balancing, then combined at the RB4011. The 4011 has a multigig RF link to the 310, which in turn has a multigig RF link to the 2004.

When the link between the 2004 and 310 goes up and down, any routes advertised by the 2004 are properly removed from the 317's L3 switch chip (ASIC). When they return, they show up in the routing table but aren't inserted; traffic bounces between upstream routers unless I manually disable/enable L3HW Offloading.

By changing the path cost on one of the redundant VLANs' OSPF adjacency (or by disabling it altogether), in this case between the 317 and the 310, when the link between the 310 and the 2004 bounces, its routes are properly removed/added to the 317.

(Redundant ticket SUP106771 closed and ticket SUP106809 opened.)

Posted: **Mon Feb 06, 2023 4:12 am**

Device: RB5009
Firmware : v7.7
Use case/ Problem:
Run Adguard Home as a container with RB5009...

Hi,
You can rename the slot (eg to Fit1 or something)
With luck it might stay the same.

Posted: **Mon Feb 06, 2023 8:20 am**

I updated to 7.8beta2. The memory leak continues.

After updating to 7.8 beta3, memory leak problem solved.

daily78b3.png

Posted: **Mon Feb 06, 2023 4:27 pm**

Export issues in ROS 7.7:

1.) Exporting PPP - Secrets with ROS 7.7, all passwords are missing:in Exportfile:
ROS7.7:
# feb/06/2023 15:09:53 by RouterOS 7.7
# software id = K16J-7SHP
#
# model = D53G-5HacD2HnD
# serial number = 123456789
/ppp secret
add caller-id=x.x.x.x comment=1 local-address=10.248.254.253 name=\
Test profile=OVPN remote-address=10.248.0.1 routes=\
10.249.0.0/24,10.250.0.0/24,10.251.0.0/24,10.0.0.0/16 service=ovpn

ROS 6.49.6:
# feb/06/2023 15:11:11 by RouterOS 6.49.6
# software id = 2CTJ-4E6S
#
# model = RouterBOARD 3011UiAS
# serial number = 123456789
/ppp secret
add local-address=10.249.254.254 name=PW_Winkl password=somepassword profile=\
"OVPN - Aussenstationen" remote-address=10.249.5.88 routes=10.5.88.0/24 \
service=ovpn

2.) Exporting Wireguard with ROS 7.7, all preshared keys are missing:in Exportfile:

# feb/06/2023 15:19:27 by RouterOS 7.7
# software id = K16J-7SHP
#
# model = D53G-5HacD2HnD
# serial number = D7B00EDB556D
/interface wireguard
add listen-port=12345 mtu=1420 name=wg_Anlagen
/interface wireguard peers
add allowed-address=10.248.0.1/32,10.0.0.0/16,10.249.0.0/24 comment=\
"MSS Coneltestrouter" interface=wg_Anlagen persistent-keepalive=25s \
public-key="thekey"

Is this somehow intended or is there hopefully another way to get this back ?
It's really very hard to reenter the passwords / preshared keys of more than 200 tunnels after import on a maybe new hardware !!!

Manfred

Posted: **Mon Feb 06, 2023 4:36 pm**

Stop using release forum for your fault, open separate topic.
(/export on v6, /export show-sensitive on v7)

Posted: **Mon Feb 06, 2023 4:43 pm**

Stop using release forum for your fault, open separate topic.
(/export on v6, /export show-sensitive on v7)

Sorry for my fault,
but,
from where did you get this (show-sensitive) information ?
MKT Documentation says nothing about this (only hide-sensitive is described) !

Posted: **Mon Feb 06, 2023 4:59 pm**

Stop using release forum for your fault, open separate topic.
(/export on v6, /export show-sensitive on v7)

Unless someone follows the release notes (where it is mentioned from time to time when similar things happen), it's nowhere to be found in the help pages (read as: I could not find it in the obvious sections).
F1 on command line does show it but that's not really the right place to search.

Posted: **Mon Feb 06, 2023 6:40 pm**

L3HW offload is still buggy on 7.7. (Saw this in 7.5 and 7.6 too.)
This weekend I upgraded some CCR2116's that have been running 7.4.1 for months with solid L3HW offload (nearly 100 OSPF routes, thousands of BGP routes), and this morning woke up to some of the local routes missing from the ASIC despite being advertised via OSPF. Disabling L3HW offload fixed the problem immediately.

Posted: **Mon Feb 06, 2023 11:13 pm**

L3HW offload is still buggy on 7.7. (Saw this in 7.5 and 7.6 too.)
This weekend I upgraded some CCR2116's that have been running 7.4.1 for months with solid L3HW offload (nearly 100 OSPF routes, thousands of BGP routes), and this morning woke up to some of the local routes missing from the ASIC despite being advertised via OSPF. Disabling L3HW offload fixed the problem immediately.

excuse the maybe stupid question, but where do you evaluate the routes being "in the ASIC" or how to verify routes being L3HW offloaded?

Posted: **Mon Feb 06, 2023 11:17 pm**

excuse the maybe stupid question, but where do you evaluate the routes being "in the ASIC" or how to verify routes being L3HW offloaded?

I can't tell from the GUI or CLI, but I can tell when trying to trace a route from one device/router to another through the L3HW offloaded router. I can see the routes in the routing table, but traces stall at the router or ping-pong between routers. When L3HW offload the route starts working and the trace completes.

Posted: **Tue Feb 07, 2023 1:13 am**

After updating to 7.8 beta3, memory leak problem solved.

.
Updated two boxes that are heavily presenting the issue, will monitor them tomorrow and post the feedback here. Thanks for posting that it seems 7.8b3 solved the problem.

Posted: **Tue Feb 07, 2023 2:41 am**

excuse the maybe stupid question, but where do you evaluate the routes being "in the ASIC" or how to verify routes being L3HW offloaded?

I can't tell from the GUI or CLI, but I can tell when trying to trace a route from one device/router to another through the L3HW offloaded router. I can see the routes in the routing table, but traces stall at the router or ping-pong between routers. When L3HW offload the route starts working and the trace completes.

ok thanks for the info. thought i missed some submenu of flag which indicates offloaded routes or a table to read from which routes are currently offloaded to L3HW

Posted: **Wed Feb 08, 2023 7:26 pm**

After updating to 7.8 beta3, memory leak problem solved.

.
While I can't see that huge increase in memory usage anymore, it seems i'm still seeing a minor memory usage increasing over the time. I'll now wait some more days (or weeks) to see where that's going. But seems that that problem, if not fully solved, at least was partially handled. Memory usage is at least not increasing crazy fast anymore on 7.8b3.
.

mem1.jpg

.

mem2.jpg

Posted: **Wed Feb 08, 2023 8:02 pm**

It's still possible that what ever caches fill up. But it looks a lot more healthy now.

Posted: **Wed Feb 08, 2023 8:44 pm**

please check
SUP-107224 dns-static to-address-list not working

Posted: **Wed Feb 08, 2023 9:15 pm**

It's still possible that what ever caches fill up. But it looks a lot more healthy now.

.
Absolutely! While still seems to be increasing, it's not that crazy fast anymore ... well, at least on the first 2 days of running 7.8b3. Seems the changes are promissing!

Posted: **Thu Feb 09, 2023 8:03 am**

Not sure that''s a bug, but a GPON SFP module stays in "sfp-tx-fault=yes" state every time if in ex. I unplug it or disable it for a while, but sometimes after reboot it changes to normal state.
Instead of it it runs fine, maybe the reason is that GPON modules needs some time to boot up.

[kowal@Kowal-RB5009] /interface/ethernet> moni 0
                    name: SFP+
                  status: link-ok
        auto-negotiation: disabled
                    rate: 2.5Gbps
             full-duplex: yes
         tx-flow-control: no
         rx-flow-control: no
      sfp-module-present: yes
             sfp-rx-loss: no
            sfp-tx-fault: yes
                sfp-type: SFP-or-SFP+
      sfp-connector-type: SC
      sfp-link-length-sm: 20km
         sfp-vendor-name: HALNy
  sfp-vendor-part-number: HL-GSFP
     sfp-vendor-revision: V1.0
       sfp-vendor-serial: HALN[cut]
  sfp-manufacturing-date: 20150525
          sfp-wavelength: 1310nm
         sfp-temperature: 65C
      sfp-supply-voltage: 3.299V
     sfp-tx-bias-current: 24mA
            sfp-tx-power: 2.94dBm
            sfp-rx-power: -19.829dBm
         eeprom-checksum: good
                  eeprom: [cut]

Posted: **Thu Feb 09, 2023 3:44 pm**

Glad to see i'm not they only one having DNS cache problems with 7.7. DNS not respecting cache maximum size and memory usage constantly growing proportional to amount of DNS requests being processed by router.

...Hope Mikrotik fixes this soon

Posted: **Fri Feb 10, 2023 3:04 am**

*) dns - query upstream DNS servers for other record types even if static entry exists;

This change, while not necessarily wrong, is not great either. Previously when I set record of any type, it took over the whole name, i.e. it blocked all other types from upstream. Simple example, public server www.something.tld has both IPv4 and IPv6 addresses (A and AAAA records), but from the network where it's hosted it should be accessed directly using internal address, and for some reason IPv4 only. With older RouterOS, this was it:

/ip dns static add type=A name=www.something.tld address=10.0.0.10

If client asked router (as DNS resolver) for AAAA www.something.tld, it got nothing, no data. But now it gets real AAAA record from public DNS. I agree that this can be useful (for something else). But the previous behaviour was useful too, and now I don't see any good way how to achieve it. If it's just about blocking AAAA, I could set it to some invalid value (which is terrible "solution"). But if I want to block all other types, because there isn't just A/AAAA, it's now impossible.

As a bare minimum, there should be proper way for removing upstream records, e.g.:

/ip dns static add type=AAAA name=www.something.tld no-data=yes

And something for overriding the whole name, same way as it worked in previous versions, would be nice too.

Posted: **Fri Feb 10, 2023 12:10 pm**

*) dns - query upstream DNS servers for other record types even if static entry exists;
This change, while not necessarily wrong, is not great either.

The big problem I have with the recent DNS changes is that they break all kinds of scenarios. DNS has a strange spec, "the way it should work" is often not what one would suggest as an armchair philosopher, and lately MikroTik is incorporating customer requests into their in-house written DNS resolver that break things for different users, and when they fix things they break for other users.

It is time that this in-house project is terminated, the resolver replaced by an actively maintained open-source alternative (e.g. "unbound"), and the MikroTik developers freed to work on more important RouterOS deficiencies and problems.

Posted: **Fri Feb 10, 2023 12:48 pm**

Yes, lately it's breaking a bit too much. As in my example, there was default (and actually the only) behaviour since forever, and everyone relied on it, knowingly or accidentally. It's one thing to change default, it can be annoying, but sometimes it's inevitable. But not even an option to get the previous behaviour? That said, I still have hopes for it, after so much work put into it, the (happy) end shouldn't be that far away.

Posted: **Mon Feb 13, 2023 4:38 pm**

Hi guys,

What a shame the local DNS changes. My local domain .lan is completely unreachable inside docker containers.Is there any solution for this?

Regards

Posted: **Mon Feb 13, 2023 6:55 pm**

@Miguelin: It's not like they broke everything, it still mostly works. You should probably open new thread and post (much) more info about your problem.

Posted: **Tue Feb 14, 2023 11:32 am**

hi there,

found an error on dhcp-server screen under winbox...

ros7.7-dhcpserver.jpg

the address pool6 does not show the correct /ipv6 spool. the pool1 on screen updated from cli, but can not be done under winbox.
using ROS 7.7

P

Posted: **Wed Feb 15, 2023 10:06 am**

@MikroTik:
i have a few Cap AC and hap AC² at home and at work. since 7.7 they started randomly to reboot.

the cap's are all controlled by a rb5009 via CAPsMAN. additional configs are only for snmp read-access, radius-authentication and remote syslog logging.
the hap AC² at home is the main router and CAPsMAN Manager.

it always reboots a few devices at about the same time (not all) which is very strange (memory leak?)

the only log entries are something like:

feb/14/2023 05:51:02 system,error,critical router was rebooted without proper shut
down, probably kernel failure
feb/14/2023 05:51:03 system,error,critical kernel failure in previous boot
feb/14/2023 05:51:03 system,error,critical out of memory condition was detected

full cap config:

# feb/15/2023 09:00:07 by RouterOS 7.7
# software id = NXLI-MCWU
#
# model = RBcAPGi-5acD2nD
# serial number = HCN085816A0
/interface bridge
add admin-mac=18:FD:74:1B:9E:5C auto-mac=no comment=defconf name=bridgeLocal
/interface ethernet
set [ find default-name=ether2 ] disabled=yes
/interface wireless
# managed by CAPsMAN
# channel: 2412/20/gn(5dBm), SSID: WUp_mP4_all1, local forwarding
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX country=germany disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=MikroTik station-roaming=enabled \
    wireless-protocol=802.11
# managed by CAPsMAN
# channel: 5180/20-Ce/ac/P(20dBm), SSID: WUp_mP4_all1, local forwarding
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX country=germany disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=MikroTik station-roaming=enabled \
    wireless-protocol=802.11
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/snmp community
set [ find default=yes ] disabled=yes
add addresses=10.0.0.10/32 authentication-protocol=SHA1 encryption-protocol=AES name=librenms security=private
/system logging action
set 3 bsd-syslog=yes remote=10.0.0.10 syslog-severity=info
add bsd-syslog=yes name=SyslogINFO remote=10.0.0.10 syslog-severity=info target=remote
add bsd-syslog=yes name=SyslogERROR remote=10.0.0.10 syslog-severity=error target=remote
add bsd-syslog=yes name=SyslogWARNING remote=10.0.0.10 syslog-severity=warning target=remote
/interface bridge port
add bridge=bridgeLocal comment=defconf ingress-filtering=no interface=ether1
add bridge=bridgeLocal comment=defconf ingress-filtering=no interface=ether2
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface ovpn-server server
set auth=sha1,md5
/interface wireless cap
# 
set bridge=bridgeLocal certificate=request discovery-interfaces=bridgeLocal enabled=yes interfaces=wlan1,wlan2 lock-to-caps-man=yes
/ip dhcp-client
add comment=defconf interface=bridgeLocal
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set www-ssl certificate=https disabled=no
set api disabled=yes
/radius
add address=10.0.0.10 service=login,hotspot
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=02-02-FL-01.ap
/system logging
add action=SyslogINFO topics=info,!wireless
add action=SyslogWARNING topics=warning
add action=SyslogERROR topics=error
/tool romon
set enabled=yes
/user aaa
set use-radius=yes

is there anything i can do to provide you better informations?

Posted: **Wed Feb 15, 2023 10:09 am**

If you can get to the device right after reboot, create supout and send it to support.

Posted: **Wed Feb 15, 2023 10:22 am**

Good Idea. I will schedule it for @startup on a few devices. Thank you

edit:
is the autosupout.rif on the device allready the needed file? the timestamp fits the reboot time

Posted: **Wed Feb 15, 2023 10:52 am**

Probably yes.

Posted: **Mon Feb 20, 2023 3:32 pm**

RSTP issue.
BPDU exchange between two bridges does not work in ROS 7.7.
The two bridges and ether1 ports (with which they are connected to each other) have the same configuration: PVID 1, admin only VLAN tagged and Ingress Filtering checked.
Both ports transmit untagged BPDU packets but hAPax^3 receives them as tagged VLAN ID 1 and Audience does not receive anything.
Is this a bug ?
What should I do?

Posted: **Mon Feb 20, 2023 7:07 pm**

We have also been seeing random reboots on two of our CCR1072 routers at the same time. They are in the same routing path between a Fortigate device which has been stable as a rock. I reached out to support with ticket SUP-108339 but getting useless replies. The title of my ticket mentions we are on v7.7 and support replies saying our connection tracking is being overloaded and that we should upgrade to v7 which improves stability. In fact v6 was super stable. I replied back saying we are already on v7 as mentioned in the ticket and then I get a follow up reply saying are you on the latest v7? The ticket title clearly states as well that we are on v7.7 which is the latest stable release. This kind of support and lack of care is alarming. I provided supout files of the crash from both of the routers and it doesn't even look like they looked at it. If they did they would know that we are on v7.7.

We don't know what is causing both routers to crash at the same time and it happens at random times. Is there anyone on this forum that can help? We have been getting these random crashes for a couple of the past releases (since 7.2) but every time we reach out support says it's fixed in the next version.

Posted: **Mon Feb 20, 2023 7:17 pm**

I would suggest updating one of them to 7.8rc2 and see if that changes anything... or go back to 6.49.7 when that is still an option.

Posted: **Tue Feb 21, 2023 11:22 am**

RSTP issue.
BPDU exchange between two bridges does not work in ROS 7.7.
The two bridges and ether1 ports (with which they are connected to each other) have the same configuration: PVID 1, admin only VLAN tagged and Ingress Filtering checked.
Both ports transmit untagged BPDU packets but hAPax^3 receives them as tagged VLAN ID 1 and Audience does not receive anything.
Is this a bug ?
What should I do?

A "workaround" is to change vlan-mode from secure to falback on Audience.
/interface ethernet switch port
set ether1 vlan-header=add-if-missing vlan-mode=fallback

Posted: **Fri Feb 24, 2023 6:18 pm**

Dude, remote client stop with error 10053 when we try to enter on a device in the dude client.

Posted: **Fri Feb 24, 2023 7:08 pm**

Here is memory usage graph since Aug 2022. Jan 12 2023 is a point where I updated the firmware from 7.6 to 7.7, and then the graph level started increasing. It's a router which is in use by only 2 people. I do not know, what is it — caches, or not, but, if developers did not do changes related to caches, then it's a memory leak.

Posted: **Sun Feb 26, 2023 5:28 pm**

We have the opposite behavior - after 7.6 to 7.7 memory usage decrease and still steady on same conditions. More than 8M route prefixes and heavy traffic.

Screenshot 2023-02-26 172202.png

Posted: **Mon Feb 27, 2023 10:58 am**

RouterOS v7.8 has been released
viewtopic.php?t=193986

MikroTik

v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released! bug with SFP info not visible

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released! bug with SFP info not visible

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!

Re: v7.7 [stable] is released!