MikroTik

Posted: **Tue Aug 31, 2021 12:31 pm**

RouterOS version 7.1rc2 has been released in public "development" channel!

What's new in 7.1rc2 (2021-Aug-31 11:07):

*) added "failure" flag for VRRP;
*) fixed support for IGMP-Proxy;
*) fixed support for NV2;
*) fixed wifwave2 virtual AP configuration on boards with country locks;
*) improved routing filter configuration;
*) improved system stability when using CAKE and fq_codel queues;
*) other minor fixes and improvements;

All released RouterOS v7 changelogs are available here:
https://mikrotik.com/download/changelog ... lease-tree

Posted: **Tue Aug 31, 2021 12:44 pm**

Hi,

The RC2 that we receive by support email, is it the same RC2 as the one you publish? or should we re-update?

Regards,

Posted: **Tue Aug 31, 2021 12:45 pm**

No it is not the same as you can see by the build time.

Posted: **Tue Aug 31, 2021 12:47 pm**

No it is not the same as you can see by the build time.

Ok, thank you so much!!

Regards,

Posted: **Tue Aug 31, 2021 12:51 pm**

Thanks for your efforts, will give it a try, particularly for testing cake stability. Hoping GRE tunnel throughput might also be a bit faster but I understand that might be a while before that is hopefully looked into and sorted. Issue seems to be that it's only using a single thread, unlike my former Edgerouter which used multithreading for the GRE tunnel and maxed the CPU cores, have already recently reported this bug/issue though.

Posted: **Tue Aug 31, 2021 12:51 pm**

remote logging with BSD Syslog flag enabled produces unreadable logs in remote syslog server (full of #000#000#000#000).

Still present i rc2

Posted: **Tue Aug 31, 2021 12:53 pm**

Thanks for adding auto-complete for routing filters in CLI!

It's much more intuitive now

Posted: **Tue Aug 31, 2021 12:58 pm**

VPLS causes an immediate crash. I have to disable it on the far side to get the router out of a reboot loop.

1 - This version (v7.1rc2)
2 - heX
3 - Configure VPLS on both ends and enable.
4 -
Far end (CHR running 6.48.3):

/interface bridge
add name=brLO
/interface ethernet
set [ find default-name=ether10 ] comment=VLAN2001 disable-running-check=no
/interface vpls
add cisco-style=yes cisco-style-id=82 mac-address=02:6A:A2:0A:7E:19 name=vpls1 \
    remote-peer=172.16.5.253
/ip address
add address=172.16.5.254 interface=brLO network=172.16.5.254
add address=172.16.5.9/30 interface=ether10 network=172.16.5.8
/ip route
add distance=1 dst-address=172.16.5.253/32 gateway=172.16.5.10
/mpls ldp
set enabled=yes lsr-id=172.16.5.254 transport-address=172.16.5.254
/mpls ldp interface
add interface=ether10

heX end:

add name=brLO protocol-mode=none
/interface ethernet
set [ find default-name=ether2 ] l2mtu=2026 mtu=2008 speed=100Mbps
/interface vpls
add arp=enabled cisco-static-id=82 disabled=no mac-address=02:27:0C:2B:BE:A7 \
    mtu=1500 name=vpls1 peer=172.16.5.254
/interface vlan
add interface=ether2 mtu=2000 name=vlan10 vlan-id=10
/ip address
add address=172.16.5.253 interface=brLO network=172.16.5.253
add address=172.16.5.10/30 interface=vlan10 network=172.16.5.8
/ip route
add disabled=no dst-address=172.16.5.254/32 gateway=172.16.5.9 routing-table=\
    main suppress-hw-offload=no
/mpls ldp
add disabled=no lsr-id=172.16.5.253 transport-addresses=172.16.5.253
/mpls ldp interface
add accept-dynamic-neighbors=no disabled=no interface=vlan10 \
    transport-addresses=172.16.5.253

5. Logs:

system,error,critical router was rebooted without proper shutdown
system,error,critical kernel failure in previous boot

Posted: **Tue Aug 31, 2021 12:59 pm**

Kernel failure 5mins after setting cake to my simple queue..I sent you supout (SUP-58379)

Posted: **Tue Aug 31, 2021 1:14 pm**

How do we show BGP's advertised routes?

Manual mentions /routing/bgp/advertisements but no such command exists.

> /routing/bgp/advertisements
bad command name advertisements (line 1 column 14)

Posted: **Tue Aug 31, 2021 1:21 pm**

Well done MT, hope soon we install stable version.

Posted: **Tue Aug 31, 2021 1:24 pm**

Haha, used "System/Packages/Check For Upgrade" to update from some unofficial support-provided 7.1.RC2 to official 7.1RC2. Now my device is a brick. Did not come up again. Needs netinstall I guess. Well played!

edit:
Could connect with Winbox in MAC-mode. Device has apparently reset itself WITHOUT default-config. Or at least in some weird state without IP-address and non-working WIFI (though enabled with default as far I can see). I am always wondering HOW that can be even happen.

Press update -> device reset. Shake my head.

Posted: **Tue Aug 31, 2021 1:38 pm**

How do we show BGP's advertised routes?

Manual mentions /routing/bgp/advertisements but no such command exists.
Code: Select all
> /routing/bgp/advertisements
bad command name advertisements (line 1 column 14)

Works for me on RC2, tried several platforms arm,arm64,tile:

[admin@arm-bgp] /routing/bgp/advertisements> print 
 0 nlri=23.161.80.0 attrs=40010100500200060201000614704003040a9b65ba

Posted: **Tue Aug 31, 2021 1:43 pm**

Doesn't work on my hEX (RB750Gr3).
I also cannot advertise any BGP routes.

I'll give arm a try to see if it's architecture related.

Posted: **Tue Aug 31, 2021 1:45 pm**

HDevice has apparently reset itself WITHOUT default-config. Or at least in some weird state without IP-address and non-working WIFI (though enabled with default as far I can see). I am always wondering HOW that can be even happen.

Press update -> device reset. Shake my head.

Easy! The config is corrupt and is cleared on reboot. It would probably have happend when you had only rebooted. It is still happening in some cases in v7.
When you want to be sure, reboot before trying to update. Then you know if it is caused by the previous version or by the updating.

Posted: **Tue Aug 31, 2021 2:03 pm**

Doesn't show changelog in Winbox. Can this be fixed?

Posted: **Tue Aug 31, 2021 2:07 pm**

Doesn't work on my hEX (RB750Gr3).
I also cannot advertise any BGP routes.

I'll give arm a try to see if it's architecture related.

On smips, the same. With netinstall, no previous config.

  MMM      MMM       KKK                          TTTTTTTTTTT      KKK
  MMMM    MMMM       KKK                          TTTTTTTTTTT      KKK
  MMM MMMM MMM  III  KKK  KKK  RRRRRR     OOOOOO      TTT     III  KKK  KKK
  MMM  MM  MMM  III  KKKKK     RRR  RRR  OOO  OOO     TTT     III  KKKKK
  MMM      MMM  III  KKK KKK   RRRRRR    OOO  OOO     TTT     III  KKK KKK
  MMM      MMM  III  KKK  KKK  RRR  RRR   OOOOOO      TTT     III  KKK  KKK

  MikroTik RouterOS 7.1rc2 (c) 1999-2021       https://www.mikrotik.com/


Do you want to see the software license? [Y/n]: n

Press F1 for help
[admin@MikroTik] > /routing/bgp/
connection  session  template  vpn  export
[admin@MikroTik] > /routing/bgp/advertisments
bad command name advertisments (line 1 column 14)
[admin@MikroTik] >

Posted: **Tue Aug 31, 2021 2:17 pm**

Hi Mikrotik

i like to ask, is there any chance to solve issue/problem with "hidden" ipv6 address/route ?
here i mean, IPV6 -> Settings -> Accept router advertisements -> YES

it is sooooo confusing, that there is no v6 address and no v6 route listed
so, when you are in hurry, and things are working very strange, it is time consuming to hunt down "why the hell this router could do v6, and other no" ... then you realize that someone turned on SLAAC
and then start coursing, and wondering, how could it be? routing equipment without routing info ...

so, any chance to UNhide these v6 info ?
( did i asked politely this time? )

Posted: **Tue Aug 31, 2021 2:18 pm**

Is this topic not posted among Announcements intentionally or by mistake?

Posted: **Tue Aug 31, 2021 2:24 pm**

Kernel failure 5mins after setting cake to my simple queue..I sent you supout (SUP-58379)

Hi,

Can you share your settings? I have something similar and I don't have that problem. I would like to try it, thank you!

Regards,

Posted: **Tue Aug 31, 2021 2:26 pm**

Cake seems to work now.

But I can only get the expected ingress performance by:

* Setting the Simple queue limits to Unlimited and the Cake specific limit to my target
* Setting the target slightly lower than the real speed because we are missing the Ingress keyword to compensate

My requests are:

* Please add the Ingress keyword (trivial change)
* Give us the ability to create "really mega simple" queues that do not seperate the shaper and qdisc so that we can entirely bypass HTB and only use Cake shaper

Please Mikrotik

.B ingress

.br
	Indicates the qdisc is used on ingress (typically done with an IFB device).

	Most notably, this counts drops as data transferred, making ingress shaping
more accurate, since packets will have already traversed the link before Cake
gets to choose what to do with them.

	In addition, drops are also counted as data transferred for maintaining
fairness. This leads to the possibly unexpected result that with host fairness
enabled (see the
.B FLOW ISOLATION PARAMETERS
section), IPs with more simultaneous TCP flows may show lower total goodput than
IPs with fewer flows. This is expected, and is due to proportionally more
packets being dropped for congestion control when there are more active flows.
Clients can avoid this possible loss in goodput by either using fewer flows, or
enabling ECN for greater efficiency.

Posted: **Tue Aug 31, 2021 2:42 pm**

How do we show BGP's advertised routes?

Manual mentions /routing/bgp/advertisements but no such command exists.
Code: Select all
> /routing/bgp/advertisements
bad command name advertisements (line 1 column 14)
Works for me on RC2, tried several platforms arm,arm64,tile:
Code: Select all
[admin@arm-bgp] /routing/bgp/advertisements> print 
 0 nlri=23.161.80.0 attrs=40010100500200060201000614704003040a9b65ba 
 

OK, I tried on some boards I had laying around at the office.
All of them with fresh install (netinstall), with no previous configuration.

On all of them, /routing/bgp/advertisments command is missing.

[admin@MikroTik] > /system/routerboard/print 
       routerboard: yes
        board-name: hEX
             model: RB750Gr3
          revision: r4
     serial-number: ...
     firmware-type: mt7621L
  factory-firmware: 6.46.3
  current-firmware: 7.1rc2
  upgrade-firmware: 7.1rc2
[admin@MikroTik] > /routing/bgp/
connection  session  template  vpn  export
[admin@MikroTik] > /routing/bgp/advertisments
bad command name advertisments (line 1 column 14)

[admin@MikroTik] > /system/routerboard/print 
       routerboard: yes
             model: RouterBOARD 3011UiAS
     serial-number: ...
     firmware-type: ipq8060
  factory-firmware: 3.27
  current-firmware: 7.1rc2
  upgrade-firmware: 7.1rc2
[admin@MikroTik] > /routing/bgp/advertisments
bad command name advertisments (line 1 column 14)

[admin@MikroTik] > /system/routerboard/print 
       routerboard: yes
        board-name: hAP lite
             model: RouterBOARD 941-2nD
     serial-number: ...
     firmware-type: qca9531L
  factory-firmware: 3.24
  current-firmware: 7.1rc2
  upgrade-firmware: 7.1rc2
[admin@MikroTik] > /routing/bgp/
connection  session  template  vpn  export
[admin@MikroTik] > /routing/bgp/advertisments
bad command name advertisments (line 1 column 14)

[admin@MikroTik] > /system/routerboard/print 
       routerboard: yes
        board-name: mAP lite
             model: RouterBOARD mAP L-2nD
     serial-number: ...
     firmware-type: qca9531L
  factory-firmware: 3.27
  current-firmware: 7.1rc2
  upgrade-firmware: 7.1rc2
[admin@MikroTik] > /routing/bgp/
connection  session  template  vpn  export
[admin@MikroTik] > /routing/bgp/advertisments
bad command name advertisments (line 1 column 14)

[admin@MikroTik] > /system/routerboard/print 
       routerboard: yes
             model: 850Gx2
     serial-number: ...
     firmware-type: p1023
  factory-firmware: 3.24
  current-firmware: 7.1rc2
  upgrade-firmware: 7.1rc2
[admin@MikroTik] > /routing/bgp/
connection  session  template  vpn  export
[admin@MikroTik] > /routing/bgp/advertisments
bad command name advertisments (line 1 column 14)

[admin@MikroTik] > /system/routerboard/print 
       routerboard: yes
             model: 450
     serial-number: ...
     firmware-type: ar7100
  factory-firmware: 2.18
  current-firmware: 7.1rc2
  upgrade-firmware: 7.1rc2
[admin@MikroTik] > /routing/bgp/
connection  session  template  vpn  export
[admin@MikroTik] > /routing/bgp/advertisments
bad command name advertisments (line 1 column 14)

Posted: **Tue Aug 31, 2021 2:43 pm**

Also, on 850Gx2, when adding ether1 to a bridge, it reboots with kernel panic.

Posted: **Tue Aug 31, 2021 2:46 pm**

@chaos, it appears that the advertisement menu currently is not available for regular users because it is not completely finished.

Posted: **Tue Aug 31, 2021 2:55 pm**

hi,

on hapAC2 (arm32) basic functionality is fine bridging/nat/filtering/fasttrack/eoip/wireguard/openvpn/queue/dhcp/dhcp snooping and wifi

not tested

igmp-proxy/ospf/bgp/capsman/cake/codel/fq_codel/pppoe and hotspot

not working

cloud backup you can't upload if you do have previous upload from 6.48.4 but it's not listed in the UI so you can't remove previous version, workaround is to go back to 6.48.4 and delete the file there and go back to rc2 to make a backup

Posted: **Tue Aug 31, 2021 2:57 pm**

@chaos, it appears that the advertisement menu currently is not available for regular users because it is not completely finished.

Ok. Will that be added in the next rc?

Also, how do we advertise routes with v7?

Posted: **Tue Aug 31, 2021 2:57 pm**

@Cha0s, you've misspelled advertisements as advertisments everywhere... copy-paste can be a dangerous weapon.

Posted: **Tue Aug 31, 2021 2:59 pm**

@chaos, you've misspelled advertisements as advertisments everywhere... copy-paste can be a dangerous weapon.

Doesn't matter. Prior to manually writing advertisements (which I messed up, admittedly) I hit tab. As you can see there is no such command available.

Posted: **Tue Aug 31, 2021 3:00 pm**

I also cannot advertise any BGP routes.
I'll give arm a try to see if it's architecture related.

You are right, it does not advertise any BGP routes on CHR either! (configured without any route filters - I presume that would by default advertise all connected routes)

Posted: **Tue Aug 31, 2021 3:01 pm**

HDevice has apparently reset itself WITHOUT default-config. Or at least in some weird state without IP-address and non-working WIFI (though enabled with default as far I can see). I am always wondering HOW that can be even happen.

Press update -> device reset. Shake my head.
Easy! The config is corrupt and is cleared on reboot. It would probably have happend when you had only rebooted. It is still happening in some cases in v7.
When you want to be sure, reboot before trying to update. Then you know if it is caused by the previous version or by the updating.

Oh lol. Actually the only config change I did before upgrading - and without reboot - was to generate a lets-encrypt certificate (because I had an SUPEE opened for that - now resolved). Maybe the upgrade did not like that LE-certificate residing somewhere in the void of router-storage omg. I am possibly the only one here that issued a LE-certificate and performed an upgrade. hahahahahaha. Always those edge-cases.....

--

As far I observed the process of updating it works this way:

1) backup user config
2) format & install
3) restore user config

These steps are apparently not atomic and if step 3 fails - you're screwed.

Posted: **Tue Aug 31, 2021 3:03 pm**

I also cannot advertise any BGP routes.
I'll give arm a try to see if it's architecture related.
You are right, it does not advertise any BGP routes on CHR either! (configured without any route filters - I presume that would by default advertise all connected routes)

I believe in a previous beta that was working. You had to add a static route for each prefix you wanted to advertise.
I don't remember for sure if that was the case exactly, but I remember that I really didn't like the new approach (as mentioned by others too).

Posted: **Tue Aug 31, 2021 3:16 pm**

My requests are:

* Please add the Ingress keyword (trivial change)
* Give us the ability to create "really mega simple" queues that do not seperate the shaper and qdisc so that we can entirely bypass HTB and only use Cake shaper

Please Mikrotik

Wild guess: ingress/egress is automatically determined. Depending if you use it as download or upload queue

+1 for the "really mega simple" queue

Posted: **Tue Aug 31, 2021 3:40 pm**

Sierra MC7455 modem is working in MBIM
Prev topic: viewtopic.php?f=1&t=170940

Posted: **Tue Aug 31, 2021 3:54 pm**

Enabling igmp-proxy causes (harmless ?) kernel failure and autosupout.rif

 14:46:49 system,error,critical kernel failure in previous boot
 14:46:53 igmp-proxy,info starting IGMP proxy forwarding

Disabling igmp-proxy (by removing again all interfaces) suppresses that error message.

Posted: **Tue Aug 31, 2021 4:21 pm**

Does CCR2004 still crash using capsman?

Posted: **Tue Aug 31, 2021 5:00 pm**

Cake is very stable now on RB4011, no crash, I played a lot with the settings, leaving Winbox open for a very long time. Had a 36 hours uptime with the rc2 release someone posted in the rc1 thread.

Thanks!

Posted: **Tue Aug 31, 2021 5:04 pm**

Anyone noticed that L2TP clients can no longer login after upgrade from rc1 to rc2?
I do receive a message "l2tp,info INFO: first L2TP UDP packet received from 3911

551f:861e:54a6:d222:cd76:6a5" many times.
Reverting back to rc1 makes L2TP login possible right away, upgrading to rc2 again makes them fail.

Posted: **Tue Aug 31, 2021 5:06 pm**

[SUP-58832]: 7.1rc2 - sorting ip route (full route) by winbox load only one core

this behavior is present since the beginning of public v7 beta.
Ip route is almost impossible to navigate when there are hundredthousnds route.

regards
ros

Posted: **Tue Aug 31, 2021 5:12 pm**

You are right, it does not advertise any BGP routes on CHR either! (configured without any route filters - I presume that would by default advertise all connected routes)
I believe in a previous beta that was working. You had to add a static route for each prefix you wanted to advertise.
I don't remember for sure if that was the case exactly, but I remember that I really didn't like the new approach (as mentioned by others too).

That is correct, I did see it working as well. I have a test router (CHR) which has a BGP session with our main router, normally it shows no prefixes but when I added a bridge with a dummy address that address was advertised and the prefix count went to 1. Not anymore.
I do not like the new method so much either, it is nice that it reduces the work to maintain "BGP networks" but it will likely increase the work on "Routing filters" and/or the number of mistakes.
Maybe there should be a new attribute "BGP advertised yes/no" with static and connected routes?

Posted: **Tue Aug 31, 2021 5:17 pm**

Cake seems to work now.

But I can only get the expected ingress performance by:

* Setting the Simple queue limits to Unlimited and the Cake specific limit to my target
* Setting the target slightly lower than the real speed because we are missing the Ingress keyword to compensate

That's what I did too:
- I removed the max limit on my inboud/outbound queues
- I created 2 Cake queue types (inboud/outbound) which I assigned to the appropriate queues
- In the Cake config for the outbound, I set the bandwidth very close to my actual speed and it works great
- For the inbound, I really have to lower the bandwidth so that Cake does not try to go over my actual connection speed.. like 87% of my 100 mbit (so bandwidth=87M) Overhead seems to be ok for me.

If you have any ideas on how to not loose so much bandwidth for Cake to work, I am all ears..

In the meantime...

I get a+ on https://www.waveform.com/tools/bufferbloat
I get a+ on http://www.dslreports.com/speedtest

EDIT: ok I think I get what you mean, by default if not specified, Cake assumes an egress queue.. by specifying an ingress queue, it will be better for ingresses. Yes please Mikrotik, add a check box/dropdown to specify ingress/egress

Posted: **Tue Aug 31, 2021 5:27 pm**

I do not like the new method so much either, it is nice that it reduces the work to maintain "BGP networks" but it will likely increase the work on "Routing filters" and/or the number of mistakes.

Network advertisements+matching IGP route does not require routing filter to be set.
Redistribute (static, etc) does not require routing filter to be set.
The idea of controlling redistribution through routing filters (which was implemented in first betas) was scrapped, now it is the same as in v6, except that for BGP networks you always need IGP synchronized route.

Posted: **Tue Aug 31, 2021 5:40 pm**

Anyone noticed that L2TP clients can no longer login after upgrade from rc1 to rc2?

hi @dksoft

did you upgrade client or server to rc2 ?

Posted: **Tue Aug 31, 2021 6:04 pm**

Anyone noticed that L2TP clients can no longer login after upgrade from rc1 to rc2?
hi @dksoft

did you upgrade client or server to rc2 ?

I upgraded the server to rc2. Clients are on 6.48.4.

Posted: **Tue Aug 31, 2021 6:07 pm**

Network advertisements+matching IGP route does not require routing filter to be set.
Redistribute (static, etc) does not require routing filter to be set.
The idea of controlling redistribution through routing filters (which was implemented in first betas) was scrapped, now it is the same as in v6, except that for BGP networks you always need IGP synchronized route.

In v6 there was the tab "Networks" under BGP where you specify explicitly which local networks you want to distribute and where you could set a "synchronize" flag to only distribute them when they are active.
How is that now done in v7? Where do we find that setting?

Posted: **Tue Aug 31, 2021 6:08 pm**

except that for BGP networks you always need IGP synchronized route.

Posted: **Tue Aug 31, 2021 6:58 pm**

Thanks for this!

Are there any plans to re-implement the ? feature on the CLI, where you can press ? and it shows all the available commands.

Cheers.

Posted: **Tue Aug 31, 2021 7:28 pm**

LEDs seem to be broken since v7.1rc1 on the Audience.
There is no way to configure the LEDs, it seems like they are not added to the boards configuration anymore.

2021-08-31_18-26.png

Posted: **Tue Aug 31, 2021 7:32 pm**

except that for BGP networks you always need IGP synchronized route.

Please explain!
I have a router with a local network and it is connected to another router via a /30 and BGP connection.
How do I make the router advertise its local network?

Posted: **Tue Aug 31, 2021 7:40 pm**

Two options, the same as v6:
* Enable redistribution of connected routes in BGP config (and set up filters to accept only specific prefix)
* add bgp network (this will work without any additional route config, because you already have connected route in the table)

Posted: **Tue Aug 31, 2021 7:44 pm**

* add bgp network (this will work without any additional route config, because you already have connected route in the table)

How do I add bgp network? I don't see that option in v7. Sure I know how that worked in v6.

Posted: **Tue Aug 31, 2021 7:48 pm**

https://help.mikrotik.com/docs/display/ ... figuration
scroll down there is an example of how the v6 BGP network config translates to v7.

Posted: **Tue Aug 31, 2021 7:53 pm**

rb750gr3

still no temperature reading
still 0.5v voltage reading

Posted: **Tue Aug 31, 2021 8:04 pm**

Thanks, just updated from internal 7.1rc2 release. No problems with my hAP ac2 and simple queues with CAKE.

Posted: **Tue Aug 31, 2021 8:18 pm**

Still cannot upgrade the LTE modem on my LtAP mini LTE US kit.
When you want to upgrade, it got stuck (lost connection to internet)

[code[brg3466@LtAP] > /interface/lte/firmware-upgrade lte1 once
installed: R11eL_v05.03.183961
latest: R11eL_v05.04.193841
[brg3466@LtAP] > /interface/lte/firmware-upgrade lte1 upgrade=yes
status: checking

][/code]

Posted: **Tue Aug 31, 2021 8:45 pm**

https://help.mikrotik.com/docs/display/ ... figuration
scroll down there is an example of how the v6 BGP network config translates to v7.

What does /ip/firewall/address-list has to do with BGP?
Why make something that was straightforward and intuitive, such a convoluted mess?

By the way, the example has a typo. There is no 'type=blackhole' anymore in /ip/routes.
Apparently it got renamed to 'blackhole' (for some reason)...

Posted: **Tue Aug 31, 2021 8:54 pm**

Netflow is still reporting incorrect date and time. :

1970-01-01 01:02:41.540

Posted: **Tue Aug 31, 2021 8:59 pm**

typo fixed.
Address list because it is reusable in other parts of configuration without the need of implementing a new list that cannot be reused. There were a lot of requests to integrate BGP with firewall address lists, so here it is, the same reusable list for firewall, routing filters, BGP, etc.

Posted: **Tue Aug 31, 2021 9:21 pm**

typo fixed.
Address list because it is reusable in other parts of configuration without the need of implementing a new list that cannot be reused. There were a lot of requests to integrate BGP with firewall address lists, so here it is, the same reusable list for firewall, routing filters, BGP, etc.

Ok I got it working...
Remarks:
- when the address list is configured, it does not appear in the output networks selection list in BGP connection. It can be added in commandline, and then when looking in winbox again it appears in the list. But I think it should show the listname in the dropdownbox.
- when the connection is reconfigured with the output.network list, it does not automatically advertise the networks. the connection has to be closed and opened.

Now it looks like the network is properly advertised again. The synchronize option is no longer there but fortunately it appears to be always ON (best option).

W.r.t. using address lists for BGP: what would be even more useful to have is a way to make BGP update an address list instead of a routing table. e.g. based on community value, or for an entire instance. Received "routes" would not be put in a routing table but in an address list instead (or in addition).

Posted: **Tue Aug 31, 2021 9:24 pm**

One of the future features is the ability to add prefixes to the address lists with routing filters.

routing/bgp/session/apply-change - should apply new changes from templates/connections, if session is already established.

Posted: **Tue Aug 31, 2021 9:24 pm**

Is there (or will there ever be) an automatic translation of v6 BGP configuration to the new v7 syntax?

Posted: **Tue Aug 31, 2021 9:27 pm**

Stats for firewall filter entries doesn't work from CLI:

[user@MikroTik] > /ip/firewall/filter/print stats
Flags: X, I - INVALID
Columns: CHAIN, ACTION
<SNIP>

But does for NAT:

[user@MikroTik] > /ip/firewall/nat/print stats
Flags: X, I - INVALID
Columns: CHAIN, ACTION, BYTES, PACKETS
<SNIP>

IPv6 doesn't even show action:

[user@MikroTik] > /ipv6 firewall filter print stats
Flags: X, I - INVALID
Columns: CHAIN
<SNIP>

Trying to view graphs via web interface gives 404.

Posted: **Tue Aug 31, 2021 9:28 pm**

v6 BGP config conversion is already there since beta 2:
https://help.mikrotik.com/docs/display/ ... col+Status

Posted: **Tue Aug 31, 2021 9:31 pm**

minor fixes??

IPv6 support for L2TPv3 tunnels is finally here! great job! thanks a lot!

l2tpv3.jpg

Posted: **Tue Aug 31, 2021 10:08 pm**

Just updated the modem on the Chateau (LTE, NOT 5G) without issues. So the issue seems to be specific to the LtAP.

Still cannot upgrade the LTE modem on my LtAP mini LTE US kit.
When you want to upgrade, it got stuck (lost connection to internet)

[code[brg3466@LtAP] > /interface/lte/firmware-upgrade lte1 once
installed: R11eL_v05.03.183961
latest: R11eL_v05.04.193841
[brg3466@LtAP] > /interface/lte/firmware-upgrade lte1 upgrade=yes
status: checking

][/code]

Posted: **Tue Aug 31, 2021 11:20 pm**

IPv6 support for L2TPv3 tunnels is finally here! great job! thanks a lot!

@doneware, have you successfully completed the configuration of the tunnel? If so, could you please share the working server-side and client-side configuration?
I keep getting
l2tp,debug tunnel 2 has reached maximum session count, disconnecting
at the server side in response to ICRQ received from the client, whilst no session exists yet of course.

Posted: **Tue Aug 31, 2021 11:39 pm**

v7.1rc2 still doesn't know how to properly bring OWE interfaces up.

How they were created:

/interface wifiwave2
add configuration.country=Brazil .ssid="Guests" disabled=no mac-address=AA:BB:CC:DD:EE:12 master-interface=wifi1 name=wifi3 security.authentication-types=""
add configuration.country=Brazil .ssid="Guests" disabled=no mac-address=AA:BB:CC:DD:EE:13 master-interface=wifi2 name=wifi4 security.authentication-types=""
add configuration.country=Brazil .hide-ssid=yes .ssid="Guests OWE" disabled=no mac-address=AA:BB:CC:DD:EE:14 master-interface=wifi1 name=wifi5 security.authentication-types=owe .owe-transition-interface=wifi3
add configuration.country=Brazil .hide-ssid=yes .ssid="Guests OWE" disabled=no mac-address=AA:BB:CC:DD:EE:15 master-interface=wifi2 name=wifi6 security.authentication-types=owe .owe-transition-interface=wifi4
set security.owe-transition-interface=wifi5 wifi3
set security.owe-transition-interface=wifi6 wifi4
/queue interface
set wifi3 queue=hotspot-default
set wifi4 queue=hotspot-default
set wifi5 queue=hotspot-default
set wifi6 queue=hotspot-default
/

Before reboot:

/interface wifiwave2
add configuration.country=Brazil .ssid="Guests" disabled=no mac-address=AA:BB:CC:DD:EE:12 master-interface=wifi1 name=wifi3 security.authentication-types="" .owe-transition-interface=wifi5
add configuration.country=Brazil .ssid="Guests" disabled=no mac-address=AA:BB:CC:DD:EE:13 master-interface=wifi2 name=wifi4 security.authentication-types="" .owe-transition-interface=wifi6
add configuration.country=Brazil .hide-ssid=yes .ssid="Guests OWE" disabled=no mac-address=AA:BB:CC:DD:EE:14 master-interface=wifi1 name=wifi5 security.authentication-types=owe .owe-transition-interface=wifi3
add configuration.country=Brazil .hide-ssid=yes .ssid="Guests OWE" disabled=no mac-address=AA:BB:CC:DD:EE:15 master-interface=wifi2 name=wifi6 security.authentication-types=owe .owe-transition-interface=wifi4
/queue interface
set wifi3 queue=hotspot-default
set wifi4 queue=hotspot-default
set wifi5 queue=hotspot-default
set wifi6 queue=hotspot-default
/

After reboot:

/interface wifiwave2
# OWE transition mode misconfiguration
add configuration.country=Brazil .ssid="Guests" disabled=no mac-address=AA:BB:CC:DD:EE:12 master-interface=wifi1 name=wifi3 security.authentication-types="" .owe-transition-interface=wifi5
# OWE transition mode misconfiguration
add configuration.country=Brazil .ssid="Guests" disabled=no mac-address=AA:BB:CC:DD:EE:13 master-interface=wifi2 name=wifi4 security.authentication-types="" .owe-transition-interface=wifi6
add configuration.country=Brazil .hide-ssid=yes .ssid="Guests OWE" disabled=no mac-address=AA:BB:CC:DD:EE:14 master-interface=wifi1 name=wifi5 security.authentication-types=owe .owe-transition-interface=wifi3
add configuration.country=Brazil .hide-ssid=yes .ssid="Guests OWE" disabled=no mac-address=AA:BB:CC:DD:EE:15 master-interface=wifi2 name=wifi6 security.authentication-types=owe .owe-transition-interface=wifi4
/queue interface
# OWE transition mode misconfiguration
set wifi3 queue=hotspot-default
# OWE transition mode misconfiguration
set wifi4 queue=hotspot-default
set wifi5 queue=hotspot-default
set wifi6 queue=hotspot-default
/

Same issue even if I change the order of the interfaces (first authentication-types=owe, then authentication-types=""):

/interface wifiwave2
# OWE transition mode misconfiguration
add configuration.country=Brazil .hide-ssid=yes .ssid="Guests OWE" disabled=no mac-address=AA:BB:CC:DD:EE:12 master-interface=wifi1 name=wifi3 security.authentication-types=owe .owe-transition-interface=wifi5
# OWE transition mode misconfiguration
add configuration.country=Brazil .hide-ssid=yes .ssid="Guests OWE" disabled=no mac-address=AA:BB:CC:DD:EE:13 master-interface=wifi2 name=wifi4 security.authentication-types=owe .owe-transition-interface=wifi6
add configuration.country=Brazil .ssid="Guests" disabled=no mac-address=AA:BB:CC:DD:EE:14 master-interface=wifi1 name=wifi5 security.authentication-types="" .owe-transition-interface=wifi3
add configuration.country=Brazil .ssid="Guests" disabled=no mac-address=AA:BB:CC:DD:EE:15 master-interface=wifi2 name=wifi6 security.authentication-types="" .owe-transition-interface=wifi4

Is this issue known? Should I report to support?

Posted: **Tue Aug 31, 2021 11:42 pm**

IPv6 still not propagated towards PPP. It seems clearly, there is a problem in IPv6 FW queues. I have raised ticket SUP-58192, but no any response till now....

Posted: **Wed Sep 01, 2021 12:46 am**

HDevice has apparently reset itself WITHOUT default-config. Or at least in some weird state without IP-address and non-working WIFI (though enabled with default as far I can see). I am always wondering HOW that can be even happen.

Press update -> device reset. Shake my head.
Easy! The config is corrupt and is cleared on reboot. It would probably have happend when you had only rebooted. It is still happening in some cases in v7.
When you want to be sure, reboot before trying to update. Then you know if it is caused by the previous version or by the updating.

Had the same issue upgrading from rc1 -> rc2
Seemed to destroy prior config (on boot?)

When trying to reset to defaults, /system/default-configuration/print shows no script under script. Only caps-mode script present.

Going to try a clean netinstall to see if i get same results

Edit: device is a RB4011iGS+5HacQ2HnD

Posted: **Wed Sep 01, 2021 1:04 am**

Easy! The config is corrupt and is cleared on reboot. It would probably have happend when you had only rebooted. It is still happening in some cases in v7.
When you want to be sure, reboot before trying to update. Then you know if it is caused by the previous version or by the updating.
Had the same issue upgrading from rc1 -> rc2
Seemed to destroy prior config (on boot?)

When trying to reset to defaults, /system/default-configuration/print shows no script under script. Only caps-mode script present.

Going to try a clean netinstall to see if i get same results

Edit: device is a RB4011iGS+5HacQ2HnD

I think I may have solved my reboot-clears-config bug on my RB4011iGS+5HacQ2HnD, but it is still early days!!.

What I ended up doing is going to back the latest v6 stable, applying a stripped back version of my config (minus wg, etc.), rebooting the router to make sure it came back ok. Then I upgraded it to 7.1rc2 from within RouterOS (I couldn't get NetInstall to flash it while running v6). Once it was updated, I then re-applied the RouterOS 7 config (wg, etc.).

So far it's been fine and I have rebooted it several times, I'll be rebooting it often to make sure it is fixed. I don't want to find out my config is gone when the power cut happens

One thing I have noticed that isn't fixed, `routing-marks` in the exported config is still be exported as '*4000' instead of their actual text value.

Posted: **Wed Sep 01, 2021 2:48 am**

VPLS causes an immediate crash. I have to disable it on the far side to get the router out of a reboot loop.

That was one of the first things I tried as well, but per documentation, ldp signaled vpls is only "partially working" First tried with two rb750s, then I tested with a ccr1009 and a ccr2004, and the 2004 crashes. Hoping they green light this soon.

Whats working in v7 is down in the link below.

https://help.mikrotik.com/docs/display/ ... col+Status

Posted: **Wed Sep 01, 2021 3:22 am**

system/certificate self-signing isn't working. It getting stuck in the signing process. I have waited for ~1 hour with no success. On v6 it worked without problems in a less than 10 minutes.

hAP lite, ros7.1rc2

Posted: **Wed Sep 01, 2021 7:37 am**

GPS still appears to be unavailable on my LtAP in rc2.

Posted: **Wed Sep 01, 2021 7:47 am**

v7.1rc2 still doesn't know how to properly bring OWE interfaces up.

Is this issue known? Should I report to support?

Thank you for the configuration example. I've reported it internally. The issue arises when both of the linked transition-mode interfaces are virtual APs.
To work around it for now, configure the respective master interfaces (wifi1, wifi2) to be the open AP, then add OWE-encrypted networks as virtual APs, along with a password protected network, if needed.

Posted: **Wed Sep 01, 2021 12:48 pm**

CAKE already crashes my device completely. It's stuck - Need to powercycle manually. Not even a kernel panic.

Basically I added 2 cake "queue-types":

cake-ingress: cake-bandwidth: 50mbit; cake-autorate-ingress: yes
cake-egress: cake-bandwidth: 9mbit;

Then added a new simple with no limits; only queue=cake-ingress/cake-egress

Runs for some time (less of an hour), then the device hits EOL and needs a re-plug.

Posted: **Wed Sep 01, 2021 12:58 pm**

Tried this one too and to no avail. All gateway's are unreachable and I only can reach the 4011 through MAC. The PPPoE through a SFP still drops back to a MTU of 1480...it was fixed in Beta 6.49 so please patch ROS 7.x also.

Can I read my 6.49beta backup directly back into ROS 7 or do I first make a backup from the auto converted config? That one is not working. I can then do a Netinstall and restore config.

Posted: **Wed Sep 01, 2021 1:24 pm**

Backups are generally ROS version specific ... sure there are version series where backups are compatible but in general no. Since v7 comes with quite some differences under the hood (some are exposed via API), I sincerely doubt one can safely use v6.xx backup to restore v7 device.

Posted: **Wed Sep 01, 2021 1:33 pm**

You can, loading v6 backup into v7 is the same as upgrading from v6 to v7. Crossfig will try to convert the old config to a new one.

Posted: **Wed Sep 01, 2021 1:45 pm**

What is the difference between v7.1rc2 and v7rc2?
And why is this thread not in announcement?

Posted: **Wed Sep 01, 2021 2:38 pm**

You can, loading v6 backup into v7 is the same as upgrading from v6 to v7. Crossfig will try to convert the old config to a new one.

Thanks for that info, that will make it easier to experiment with the upgrading process before trying it in the production network!

Posted: **Wed Sep 01, 2021 3:31 pm**

LEDs seem to be broken since v7.1rc1 on the Audience.
There is no way to configure the LEDs, it seems like they are not added to the boards configuration anymore.

2021-08-31_18-26.png

I got the same problem with my Hap ac^3 with wifiwave2 installed.

I guess it's caused by the change in interface type, preventing the LED controller from recognizing them as wifi interfaces.

Posted: **Wed Sep 01, 2021 3:34 pm**

Still cannot config route-distinguisher in VRF

And typing “?” on CLI just gives red warning, instead of list of possible commands

Posted: **Wed Sep 01, 2021 3:49 pm**

And typing “?” on CLI just gives red warning, instead of list of possible commands

"?" has been replaced by F1

Posted: **Wed Sep 01, 2021 4:27 pm**

And typing “?” on CLI just gives red warning, instead of list of possible commands
"?" has been replaced by F1

Well noted on this, thanks!

Posted: **Wed Sep 01, 2021 4:42 pm**

"?" has been replaced by F1

Hi Raimonds,

Why was this changed?

Posted: **Wed Sep 01, 2021 5:01 pm**

What is the difference between v7.1rc2 and v7rc2?

v7rc2 ... is a release candidate #2 for version 7.0.0
v7.1rc2 ... is a release candidate #2 for version 7.1.0

Posted: **Wed Sep 01, 2021 5:04 pm**

"?" has been replaced by F1
Hi Raimonds,

Why was this changed?

My first guess based on history is change quotas. ROS7 is the star citizen of networking.

Posted: **Wed Sep 01, 2021 5:09 pm**

"?" has been replaced by F1
Hi Raimonds,

Why was this changed?

Hi,

There are two reasons for this change:

It confused new users who wanted to type actually "?" (required "\?")
Copy-pasting data containing "?" produced side effects. Imagine you want to post a URL (e.g. "viewforum.php?f=1") into the ROS console, but it displays the help in-between instead of pasting the "?" character.

It takes time to get used to a new hotkey. To be honest, I didn't get used to F1 myself and still occasionally typing "?" when I need help. However, I don't see it as such a big problem.

P.S. There is an internal discussion to restore the old "?" behavior based on the context. It could mean that the ROS console will try to guess if the user wants help or the "?" character at the current cursor position. While F1 will always display help and "\?" always lead to the character. But those are only discussions. No promises for the implementation

Posted: **Wed Sep 01, 2021 5:19 pm**

remote logging with BSD Syslog flag enabled produces unreadable logs in remote syslog server (full of #000#000#000#000).

Still present i rc2

Confirmed, this is still an issue on my CCR2004-1G-12S+2XS. PCAP shows UDP datagrams with correct lengths but filled with zeroes, no useful data.

Posted: **Wed Sep 01, 2021 5:21 pm**

When you start replacing console hotkeys that are plain ASCII characters with "function keys" it may be time to finally replace the Ctrl-V hotkey with something else!
People think (and rightly so!) that Ctrl-V means "paste" and they are quite surprised when they see the effect in a console (usually they think something is defective).

Posted: **Wed Sep 01, 2021 5:22 pm**

P.S. There is an internal discussion to restore the old "?" behavior based on the context.

Or, perhaps easier to implement, the suggestion already given by somebody else: make help key configurable with F1 default setting. For all farts like myself (and many other forum users) used to "?" it would be easy to change it back to what it was before ... those who will do it, are probably well used to the peculiarities of using "?" on console.

Posted: **Wed Sep 01, 2021 5:26 pm**

If you know Cisco, then you know to use ? for help. It should be an option or intelligently checked if you want to type ? or want help instead

Posted: **Wed Sep 01, 2021 5:34 pm**

What is the difference between v7.1rc2 and v7rc2?
v7rc2 ... is a release candidate #2 for version 7.0.0
v7.1rc2 ... is a release candidate #2 for version 7.1.0

Why, should not 7.0.0 be finished before starting to work on 7.1.0.
This is just confusing, working on RC2 on two different train at the same time.

Posted: **Wed Sep 01, 2021 5:51 pm**

P.S. There is an internal discussion to restore the old "?" behavior based on the context. It could mean that the ROS console will try to guess if the user wants help or the "?" character at the current cursor position. While F1 will always display help and "\?" always lead to the character. But those are only discussions. No promises for the implementation

Thank you for the insight.

Posted: **Wed Sep 01, 2021 6:01 pm**

I am online again thanks to my Hex-S. The 4011 won't accept Netinstall and I can now at least read up on Netinstall. Going back to 6.49Beta36 did not help this time and the I have no access through IP and no Internet.

When I start Netinstall it sees the router and when I press install it says offering and after 30 seconds ready....and nothing happened. The bar does not fill up.

Update:
Tried it with a different computer, the result is the same. No progress.

Posted: **Wed Sep 01, 2021 6:31 pm**

v7rc2 ... is a release candidate #2 for version 7.0.0
v7.1rc2 ... is a release candidate #2 for version 7.1.0
Why, should not 7.0.0 be finished before starting to work on 7.1.0.
This is just confusing, working on RC2 on two different train at the same time.

There is no 7.0.0

There is only 7.1 RC1, that will lead to 7.1

Posted: **Wed Sep 01, 2021 7:10 pm**

I am online again thanks to my Hex-S. The 4011 won't accept Netinstall and I can now at least read up on Netinstall. Going back to 6.49Beta36 did not help this time and the I have no access through IP and no Internet.
When I start Netinstall it sees the router and when I press install it says offering and after 30 seconds ready....and nothing happened. The bar does not fill up.
Update:
Tried it with a different computer, the result is the same. No progress.

Well, Netinstall is usually confusing to new users and while I have used it before, when I required to netinstall a device recently it again was a pain to get it working.
You have to jump through the right hoops at the right time, or else it will not work. When you have to use it first time to recover your main internet router, and it does not work, don't despair. "you probably are not holding it right" as the fanboys of some other brand say. You will have to keep reading and trying.

Posted: **Wed Sep 01, 2021 8:23 pm**

I went an other way and installed 6.48.2 of which I had backup. Then went up to my latest beta again 6.49beta36. I tried to restore 4 backups that I made in last months and no one want to stick despite they were made on the 6.49beta36. I just stayed on the 6.48.2 backup. I have the feeling that something in the background is really messed up by ROS 7.1RC2

Before upgrading I made a backup and RSC file so I can restore all, but it will be troublesome.

THANK GOD FOR THE .RSC FILE BACKUP!!

Don't trust your .backup files because your router will spit them out like spoiled fruit, not telling that it was spoiled in the first place. Four months of backup files are unusable.

Posted: **Wed Sep 01, 2021 8:35 pm**

ROS7 is the star citizen of networking.

Posted: **Wed Sep 01, 2021 8:50 pm**

Why, should not 7.0.0 be finished before starting to work on 7.1.0.
This is just confusing, working on RC2 on two different train at the same time.
There is no 7.0.0

There is only 7.1 RC1, that will lead to 7.1

What is this then:
7RC2 thread
viewtopic.php?f=1&t=178063

and this thread
7.1RC

I thought 7RC2=7.0RC2?? because its not 7.1RC2

Posted: **Wed Sep 01, 2021 9:53 pm**

Does CCR2004 still crash using capsman?

I will ask daily, no worries.

Posted: **Wed Sep 01, 2021 10:22 pm**

new bug in 4011
showing mac address doesn't a routers. when i put these new mac - doesn't connect to router, connect only when i put a correct mac.

Posted: **Wed Sep 01, 2021 11:13 pm**

Does CCR2004 still crash using capsman?
I will ask daily, no worries.

On a test today I started capsman and connected a client, it provisioned client and is still running. Not using it for anything, just test device.
2004 is still running.

2004 capsman.png

EDIT: ccr2004 with rj01 sfp will only negotiate 100 mb/s, is that a new feature for them?
with DAC it will negotiate 10gb/s.

Posted: **Thu Sep 02, 2021 1:12 am**

What is this then:
7RC2 thread
viewtopic.php?f=1&t=178063

That is a typo/omission - it should say v7.1rc2, not 7RC2. There is no such thing as v7.0rc2.

Posted: **Thu Sep 02, 2021 4:06 am**

CCR2004 Still crashes when a cap tries to register, but not provision.

I want a formal apology.

Posted: **Thu Sep 02, 2021 8:12 am**

What is this then:
7RC2 thread
viewtopic.php?f=1&t=178063
That is a typo/omission - it should say v7.1rc2, not 7RC2. There is no such thing as v7.0rc2.

So its this version 7.1rc2 that also contain ZeroTier. Thanks. MT should correct the thread header for the other thread.

Posted: **Thu Sep 02, 2021 8:28 am**

CCR2004 Still crashes when a cap tries to register, but not provision.

I want a formal apology.

Currently there are no known issues with CAPsMAN in v7.
Please open a formal bug report through support@mikrotik.com

Posted: **Thu Sep 02, 2021 8:49 am**

When you start replacing console hotkeys that are plain ASCII characters with "function keys" it may be time to finally replace the Ctrl-V hotkey with something else!
People think (and rightly so!) that Ctrl-V means "paste" and they are quite surprised when they see the effect in a console (usually they think something is defective).

HotLock mode hotkey has been changed too. Now it is F7 (Ctrl-V removed). Winbox Terminal still doesn't support Ctrl-V, though. You have to press Shift+Ins to paste. But at least now you won't accidentally activate HotLock mode while trying to paste.

Posted: **Thu Sep 02, 2021 9:17 am**

HotLock mode hotkey has been changed too. Now it is F7 (Ctrl-V removed). Winbox Terminal still doesn't support Ctrl-V, though. You have to press Shift+Ins to paste. But at least now you won't accidentally activate HotLock mode while trying to paste.

Are those types of changes documented somewhere?
Preferably a list showing what changed from v6 to v7.

Posted: **Thu Sep 02, 2021 9:35 am**

https://help.mikrotik.com/docs/display/ ... ListofKeys

Posted: **Thu Sep 02, 2021 10:25 am**

What is bad in this picture?

ROS7.1rc2.JPG

10.10.10.2 Is the router sitting in front of this router and between the internal network.

As soon I installed the RC the IP address of the router became unresponsive even when it was a default config. The router was only reachable by using the MAC/RoMon.

The whole ordeal: viewtopic.php?f=1&t=178045#p876497

Used this method because Netinstall refused to do it's work: viewtopic.php?f=1&t=178045#p876288

Posted: **Thu Sep 02, 2021 10:52 am**

We do have a small problem with PPPoE server.

In some cases we give the client also a subnet, in v6 we dit it with the "routes" in the PPP secret, but it looks like this is not working in v7..

Posted: **Thu Sep 02, 2021 11:57 am**

Had two random crashes today on my RB5009 on rc2. I'm actually not running anything special except many wireguard-connections and one l2tp. No queues.
rc1 was running for 4 days without any crash. rc2 was crashing after about 28 hours (while everyone was sleeping so nearly no traffic), then after about 5 hours.

Posted: **Thu Sep 02, 2021 12:18 pm**

well ...
from my point of view, rc2 is unusable (yes, now everyone could drop a stone on me)

same config, on two device, rb750gr3, hapAC2 (without WIFI)
nothing special
inter vlan routing, 4 WG peers, ipv4, ipv6 firewall, dhcp server and this is it
load under 20%, memory 70% free

started from scratch
netinstall, hand made config, nothing imported

devices are up to MAX 4 hrs
AC2 reboot, luckily config is (mostly) preserved
rb750gr3 reboot, config is blank, no defaults, nothing

both device make unusable binary backups, cloud/flash no difference
only way to recover is RSC, but lose certs, users, ssh keys

autosupout is sometime generatet,sometime not
if it is generated, it is blank, nothing usable

so
rebooting, no backups = alpha testing
far from production environment

Posted: **Thu Sep 02, 2021 12:26 pm**

I have the impression the backups are OK but the router denies import them. I had four months of backups being denied despite they where from the same router with the same ROS version 6.49beta36.

Going back to 6.48.2 I could restore and then go the working 6.49beta36. From there the RSC helped me to restre about 99% of my lastest settings.

Posted: **Thu Sep 02, 2021 12:28 pm**

We do have a small problem with PPPoE server.

In some cases we give the client also a subnet, in v6 we dit it with the "routes" in the PPP secret, but it looks like this is not working in v7..

Can you send a supout.rif file to support@mikrotik.com? I am unable to reproduce the issue, the route is properly installed on the router.

Posted: **Thu Sep 02, 2021 1:17 pm**

My ISP tells me they fixed their bufferbloat issues, i.e. guessing they switched to fq_codel, or cake.
So, it's time to also switch our mikrotik devices ques and buffers.
Apparently I would have to upgrade to the latest 7.1 rc version, and then add the queue types?
Is there a short how-to for that anywhere? I got here because it was mentioned in this thread.

TIA

Posted: **Thu Sep 02, 2021 1:41 pm**

Anyone noticed that L2TP clients can no longer login after upgrade from rc1 to rc2?
I do receive a message "l2tp,info INFO: first L2TP UDP packet received from 3911551f:861e:54a6:d222:cd76:6a5" many times.
Reverting back to rc1 makes L2TP login possible right away, upgrading to rc2 again makes them fail.

I had the same problem, so I rollback to rc1.

Posted: **Thu Sep 02, 2021 2:26 pm**

Thank you very much for your reports, they help us a lot to proceed further.
Currently our very big concern is random configuration lost on some occasions. It would be great anybody experience configuration lost provide us with information,
- routerboard model used;
- configuration used on the device
You can send information to support@mikrotik.com

Posted: **Thu Sep 02, 2021 2:43 pm**

CCR2004 Still crashes when a cap tries to register, but not provision.

I want a formal apology.
Currently there are no known issues with CAPsMAN in v7.
Please open a formal bug report through support@mikrotik.com

"Currently there are no known issues with CAPsMAN in v7."
I just found it, and no I will not log a ticket. It gets old hearing "We were unable to recreate the issue".

Ya'll couldn't recreate a ham sandwich if i sent you the schematic in CAD.

Posted: **Thu Sep 02, 2021 2:46 pm**

Currently there are no known issues with CAPsMAN in v7.
Please open a formal bug report through support@mikrotik.com
"Currently there are no known issues with CAPsMAN in v7."
I just found it, and no I will not log a ticket. It gets old hearing "We were unable to recreate the issue".

Ya'll couldn't recreate a ham sandwich if i sent you the schematic in CAD.

Could you provide me with the ticket number?
Unrelated to your issue, I have upgraded few capsmans to v7.x and it seems to work fine.

Posted: **Thu Sep 02, 2021 2:52 pm**

Almost every SUPEE I reported is at least at the state "we can reproduce in labs. gonna fix - but can't give ETA right now. thanks". So IMHO filing a support ticket is worth it. Commenting detailled issues in beta-release threads is kind of wasted time. I hardly doubt that any "loose" failure-description here is picked up by MT-staff at all. Maybe the issues that arise very often in the thread - maybe - but thats it.

Honestly, you just need to provide as much infos as possible so they can reproduce. "it is broken" may not help at all.

Posted: **Thu Sep 02, 2021 3:25 pm**

Anyone noticed that L2TP clients can no longer login after upgrade from rc1 to rc2?
I do receive a message "l2tp,info INFO: first L2TP UDP packet received from 3911551f:861e:54a6:d222:cd76:6a5" many times.
Reverting back to rc1 makes L2TP login possible right away, upgrading to rc2 again makes them fail.
I had the same problem, so I rollback to rc1.

Can you both please send your supout.rif files to support@mikrotik.com?

Posted: **Thu Sep 02, 2021 4:28 pm**

Had the same issue upgrading from rc1 -> rc2
Seemed to destroy prior config (on boot?)

When trying to reset to defaults, /system/default-configuration/print shows no script under script. Only caps-mode script present.

Going to try a clean netinstall to see if i get same results

Edit: device is a RB4011iGS+5HacQ2HnD
I think I may have solved my reboot-clears-config bug on my RB4011iGS+5HacQ2HnD, but it is still early days!!.

What I ended up doing is going to back the latest v6 stable, applying a stripped back version of my config (minus wg, etc.), rebooting the router to make sure it came back ok. Then I upgraded it to 7.1rc2 from within RouterOS (I couldn't get NetInstall to flash it while running v6). Once it was updated, I then re-applied the RouterOS 7 config (wg, etc.).

So far it's been fine and I have rebooted it several times, I'll be rebooting it often to make sure it is fixed. I don't want to find out my config is gone when the power cut happens

One thing I have noticed that isn't fixed, `routing-marks` in the exported config is still be exported as '*4000' instead of their actual text value.

I've just rebooted and my configuration was wiped. I'm going back to the stable v6 channel. I do have a support ticket open (SUP-58017) for this issues, granted I raised it against 7.1RC1.

Posted: **Thu Sep 02, 2021 10:00 pm**

Installed 7.1rc1 on a mAP 2nD, that crashed every now and then. Upgraded to 7.1rc2, still crashing.
I did not change any queue settings.

One crash it wiped the configuration, luckily I could load the backup I did just minutes before without issues. No idea though what could have caused the wipe.

Posted: **Thu Sep 02, 2021 10:09 pm**

What's new in 7.1rc1 (2021-Aug-19 13:06):
!) added support for IPv6 NAT (CLI only);

Currently action=netmap is not supported, which you'd expect for dual wan scenarios (to translate ULA prefix to ISP specific global prefix)

E.g. this config is not supported:

/ipv6 firewall nat
add chain=srcnat action=netmap out-interface=WAN1 to-address=2001:db8:0:1::/64
add chain=srcnat action=netmap out-interface=WAN2 to-address=2001:db8:0:2::/64

Posted: **Thu Sep 02, 2021 10:26 pm**

The PPPoE through a SFP still drops back to a MTU of 1480...it was fixed in Beta 6.49 so please patch ROS 7.x also.

Just chiming in again that I can second this. Thanks msatter for testing

I always look for your reports.

Posted: **Thu Sep 02, 2021 10:41 pm**

The PPPoE through a SFP still drops back to a MTU of 1480...it was fixed in Beta 6.49 so please patch ROS 7.x also.
Just chiming in again that I can second this. Thanks msatter for testing I always look for your reports.

Same here

Posted: **Fri Sep 03, 2021 1:37 am**

IPv6 no longer appears to work over PPPoE after updating to v7.*. Works fine on v6.* though.

Posted: **Fri Sep 03, 2021 3:50 am**

RB2011 still locked in 7.1beta6 (no upgrade path)

Posted: **Fri Sep 03, 2021 8:54 am**

hi,

on v7.1rc2 restoring configuration from backup is not working if the backup file is password protected, same issue with restoring config files from cloud backup

Posted: **Fri Sep 03, 2021 9:55 am**

RB2011 still locked in 7.1beta6 (no upgrade path)

In such situations you should do a /export of the full configuration and maybe also a backup, install the newer version, and restore the configuration from a local
winbox connected to the MAC address. (so you can wipe it entirely before importing the export)

Remember that importing an export does not restore users and their passwords, and certificates. So when you have them, your safer bet may be via the backup.

Posted: **Fri Sep 03, 2021 10:03 am**

Thank you very much for your reports, they help us a lot to proceed further.
Currently our very big concern is random configuration lost on some occasions. It would be great anybody experience configuration lost provide us with information,
- routerboard model used;
- configuration used on the device
You can send information to support@mikrotik.com

done please see ticket number below

https://mikrotik.com/client/tickets/SUP-59097/

Posted: **Fri Sep 03, 2021 11:03 am**

I had the same problem, so I rollback to rc1.
Can you both please send your supout.rif files to support@mikrotik.com?

I found where the problem is caused from. Please see here: viewtopic.php?f=1&t=178133#p876697

Posted: **Fri Sep 03, 2021 11:06 am**

IPv6 no longer appears to work over PPPoE after updating to v7.*. Works fine on v6.* though.

Must set the use IPv6 flag in the PPP Profile, also if you enabled default route in the PPPoE login, do not set it in dhcpv6-client.
IPv6 actually works but I also had many problems after migration from v6.

Posted: **Fri Sep 03, 2021 11:39 am**

I'm having issues with 6to4 interface. IPv4 packets are somehow assembled (length 2922 bytes) and then rejected with ICMPv6 Packet Too Big.
The tunnel throughput is starting at 900 Mbit and then dropping quickly to no more than 20 Mbps.

It is dependent on the uplink (SFP) and fast path setting (when using switched/bridged port).
Device RB4011, 7.1beta5 to 7.1rc2. Supouts and packet captures sent to support SUP-44956 (updated March, May, August, September).
Currently this ticket is unanswered.

A possible workaround is to create a (dummy) bridge or bonding interface for the wan port (sfp).
After this the throughput is somewhere between 150 Mbps and 400 Mbps.

Can anyone confirm/reproduce this behavior?

Posted: **Fri Sep 03, 2021 12:01 pm**

Any way to get fastpath working on Wireguard tunnels so we can get more performance out of it?
Fastpath works for PPPoE for example, but not for Wireguard?
I know Wireguard uses built-in kernel module, isn't that fastpath?

FP.png

Posted: **Fri Sep 03, 2021 1:01 pm**

I wouldn't count on wireguard, openvpn or zerotier use any Fastpath. They are all CPU based.

Posted: **Fri Sep 03, 2021 1:30 pm**

LEDs seem to be broken since v7.1rc1 on the Audience.
There is no way to configure the LEDs, it seems like they are not added to the boards configuration anymore.

2021-08-31_18-26.png

Same here. Blue led appears during boot, but green led during normal operation is not lit.

Posted: **Fri Sep 03, 2021 2:19 pm**

IPv6 no longer appears to work over PPPoE after updating to v7.*. Works fine on v6.* though.
Must set the use IPv6 flag in the PPP Profile, also if you enabled default route in the PPPoE login, do not set it in dhcpv6-client.
IPv6 actually works but I also had many problems after migration from v6.

IPv6 towards PPPoE really doesn't work. I have rised ticket and sent supout.rif file, but it is not solved yet.

Posted: **Fri Sep 03, 2021 2:35 pm**

RB2011 still locked in 7.1beta6 (no upgrade path)
In such situations you should do a /export of the full configuration and maybe also a backup, install the newer version, and restore the configuration from a local
winbox connected to the MAC address. (so you can wipe it entirely before importing the export)

Remember that importing an export does not restore users and their passwords, and certificates. So when you have them, your safer bet may be via the backup.

Darn, I just was told by support that the backups where broken and are still broken in 6.49beta. This a BIG problem to me and I have to wait for the next version to be able to make a backup that I can use to restore. Till then it is manual importing stuff from a RSC export file if needed.

Posted: **Fri Sep 03, 2021 3:01 pm**

I wouldn't count on wireguard, openvpn or zerotier use any Fastpath. They are all CPU based.

FastPath is a PMD hook into a userspace forwarding plane.

OpenVPN and ZeroTier are already userspace based, WireGuard is using the kernel module I believe.

Mikrotik could technically add FastPath support to any of these as long as they use the Userspace version rather than the Kernel module.

Will they? I have no idea... The developer time would be better spent on an IPv6 FastPath module, FastPath FIFO shaper and improving performance of the existing FastPath modules.

Posted: **Fri Sep 03, 2021 3:08 pm**

On hAP ac^2 if I set "strong-crypto=yes" in IP/SSH/ and try to export config of entire device, it takes a very long time and finally in file is error about SSH and this section is not exported:

......
set api disabled=yes
set winbox port=8291
set api-ssl disabled=yes
#error exporting /ip/ssh
/system clock
set time-zone-name=Europe/Warsaw
/system identity
.......

Config view from console :

[admin@Testv7] /ip/ssh> pr
           forwarding-enabled: no
  always-allow-password-login: no
                strong-crypto: yes
            allow-none-crypto: no
                host-key-size: 4096
[admin@Testv7] /ip/ssh>

Posted: **Fri Sep 03, 2021 3:23 pm**

I can not set a private pre-shared key in wireless access list. This command does not change anything:

/interface/wireless/access-list/set private-pre-shared-key=testing123 [ find ]

Posted: **Fri Sep 03, 2021 3:41 pm**

On hAP ac^2 if I set "strong-crypto=yes" in IP/SSH/ and try to export config of entire device, it takes a very long time and finally in file is error about SSH and this section is not exported:
Code: Select all
......
set api disabled=yes
set winbox port=8291
set api-ssl disabled=yes
#error exporting /ip/ssh
/system clock
set time-zone-name=Europe/Warsaw
/system identity
.......
Config view from console :
Code: Select all
[admin@Testv7] /ip/ssh> pr
           forwarding-enabled: no
  always-allow-password-login: no
                strong-crypto: yes
            allow-none-crypto: no
                host-key-size: 4096
[admin@Testv7] /ip/ssh> 

i'm also on hapac2, i can export config just fine with enabling strong-crypto, the only caveats is I should backup the config without password otherwise the backup file won't be restored successfully, already filed a ticket on this weird bug

Posted: **Fri Sep 03, 2021 4:12 pm**

On hAP ac^2 if I set "strong-crypto=yes" in IP/SSH/ and try to export config of entire device, it takes a very long time and finally in file is error about SSH and this section is not exported:
Code: Select all
......
set api disabled=yes
set winbox port=8291
set api-ssl disabled=yes
#error exporting /ip/ssh
/system clock
set time-zone-name=Europe/Warsaw
/system identity
.......
Config view from console :
Code: Select all
[admin@Testv7] /ip/ssh> pr
           forwarding-enabled: no
  always-allow-password-login: no
                strong-crypto: yes
            allow-none-crypto: no
                host-key-size: 4096
[admin@Testv7] /ip/ssh> 
i'm also on hapac2, i can export config just fine with enabling strong-crypto, the only caveats is I should backup the config without password otherwise the backup file won't be restored successfully, already filed a ticket on this weird bug

Interesting, I also have discovered how to reproduce. It happens if you set key size to 4096 and try to export config. In my case it caused to take ~2mins and 40% CPU load(and error line in exported file).
Setting key size to 2048 and export work fast and fine, then if you set again 4096 after that it also works.

Posted: **Fri Sep 03, 2021 6:18 pm**

I just upgraded Winbox to 3.29 and ROS to v7.1rc2 (tile). Winbox no longer has capsman in its highest level categories, but I still had a capsman window open from before the upgrades.
Additional info: I restored winbox 3.28 from a backup but it will not run with v7.1. I downgraded back to 6.49b54 and winbox 3.29 has capsman so the problem is 7.1rc2. I also did not see dude in 7.1rc2 but do not know if it is supposed to be there. I will wait for v71rc3 and try again.

Posted: **Fri Sep 03, 2021 6:33 pm**

IPv6 no longer appears to work over PPPoE after updating to v7.*. Works fine on v6.* though.
Must set the use IPv6 flag in the PPP Profile, also if you enabled default route in the PPPoE login, do not set it in dhcpv6-client.
IPv6 actually works but I also had many problems after migration from v6.

if you enabled default route in the PPPoE login, do not set it in dhcpv6-client.

That seems to have cured it.

Posted: **Fri Sep 03, 2021 7:07 pm**

So I was having the same issue as some others where the reboot cleared the configuration and also prevented backups from working.

I had a disabled package named wifiwave2.

I removed that package and everything works as expected.

Reboots and backups are working for me now.

CRS328 series router.

I hope the information helps.

Posted: **Fri Sep 03, 2021 8:22 pm**

Hi Mikrotik

i like to ask, is there any chance to solve issue/problem with "hidden" ipv6 address/route ?
here i mean, IPV6 -> Settings -> Accept router advertisements -> YES

it is sooooo confusing, that there is no v6 address and no v6 route listed
so, when you are in hurry, and things are working very strange, it is time consuming to hunt down "why the hell this router could do v6, and other no" ... then you realize that someone turned on SLAAC
and then start coursing, and wondering, how could it be? routing equipment without routing info ...

so, any chance to UNhide these v6 info ?
( did i asked politely this time? )

I agree, that would be super.

Posted: **Fri Sep 03, 2021 10:32 pm**

MTU >1500 is still unsupported on RB4011 on sfp+ port.

Posted: **Fri Sep 03, 2021 11:10 pm**

RB2011 still locked in 7.1beta6 (no upgrade path)
In such situations you should do a /export of the full configuration and maybe also a backup, install the newer version, and restore the configuration from a local
winbox connected to the MAC address. (so you can wipe it entirely before importing the export)

Remember that importing an export does not restore users and their passwords, and certificates. So when you have them, your safer bet may be via the backup.

This was reported back in the RC1 thread (another user opened a SUP). Even with a netinstall it is not possible to upgrade past beta 6.

Posted: **Fri Sep 03, 2021 11:27 pm**

MTU >1500 is still unsupported on RB4011 on sfp+ port.

I did not noticed that. That is maybe the cause the PPPoE dropped back to 1480 after connecting at 1500.

Posted: **Sat Sep 04, 2021 12:48 am**

v6 BGP config conversion is already there since beta 2:
https://help.mikrotik.com/docs/display/ ... col+Status

When will you turn on bfd in ros7?

Posted: **Sat Sep 04, 2021 10:28 am**

When will you turn on bfd in ros7?

Yes, that is important for us too! Or when BFD is considered to be deprecated, some replacement for it to quickly signal loss of a link used for BGP.

Posted: **Sat Sep 04, 2021 10:55 am**

BFD is currently work in progress.

Posted: **Sat Sep 04, 2021 11:35 am**

Are there any plans to bump the kernel version up to a currently supported one (say 5.10 LTS)? 5.6 seems like an odd choice to me.

Posted: **Sat Sep 04, 2021 3:27 pm**

My Hap ac^3 just reset itself after about 2 days of operation with cake and wifiwave2. Seems like this version still have some bugs to iron out.

Posted: **Sat Sep 04, 2021 3:33 pm**

Does wifi V2 support VLAN tagging?

Posted: **Sat Sep 04, 2021 4:11 pm**

Please add an option to /import, or make it the default behavior, to print the imported line when an error occurs (in addition to the error message), and to continue the import.
As it is now, it is very difficult to import rsc files as even with the slightest difference in features the import stops and prints only the error message (like "item already exists") without context.
The "verbose" option can be used, but it prints everything and it still does not continue after the error so repeated attempts with from-line option are required

Posted: **Sat Sep 04, 2021 6:01 pm**

Please add an option to /import, or make it the default behavior, to print the imported line when an error occurs (in addition to the error message), and to continue the import.
As it is now, it is very difficult to import rsc files as even with the slightest difference in features the import stops and prints only the error message (like "item already exists") without context.
The "verbose" option can be used, but it prints everything and it still does not continue after the error so repeated attempts with from-line option are required

i agree fully

Posted: **Sat Sep 04, 2021 6:53 pm**

Please add an option to /import, or make it the default behavior, to print the imported line when an error occurs (in addition to the error message), and to continue the import.
As it is now, it is very difficult to import rsc files as even with the slightest difference in features the import stops and prints only the error message (like "item already exists") without context.
The "verbose" option can be used, but it prints everything and it still does not continue after the error so repeated attempts with from-line option are required

This could be done by a script adding in front of the line do { and at end } on-error=:put "the line to be added} and if the import should be halted add also :error <output> in the on-error part.

You create an conditional this way add. I had to import manually an export and found that in address-list it continues if the entry already exist. I sckipped the interfaces and MAC addresses because those are manually be altered for safety.

If you import from a export list then it would nice if you could indicate to replace the whole firewall page (fliter,nat,mangle,raw) by the imported export...then this might be a solution.

On import the import changes to different parts by example Filter /ip firewall filter. What if you append ; remove [find do-not-try-this-at-home] and you don't have then any conflicts anymore because that page is empty and so no conflicts.

When ever you change menu, then also do the clean-up.

ps. it works if you remove the do-not-try-this-at-home text and I put that in because it dangerous command.

Posted: **Sat Sep 04, 2021 7:50 pm**

Yeah, but it is all too much work. We need a simple way to move existing configuration to a new router, RouterOS is seriously lacking in this.
You cannot make a backup and restore it on the new router, because backups can only be safely restored on the same device.
You cannot export the config and import it on the new router, because import is acting so finicky.
And to edit the export before importing it requires the user to have a powerful editor (I know that vi or emacs can do that kind of thing but not all users have such editors and the knowledge to use them for this).
Config migration should be a simple task that can be done by someone with basic expertise. And RouterOS could easily support it by doing an import that skips elements not supported on the new model (like LCD, LEDs) and ignoring "item already exists" that easily results from config that could not be completely cleared (e.g. user groups, dhcp client).

Posted: **Sat Sep 04, 2021 9:58 pm**

optimist you are.

Posted: **Sun Sep 05, 2021 1:15 am**

FYI; Packages update towards the testing version for our Metal 52ac bricked the device.
Have to do a netinstall in order to get it back to life again, I guess. Pretty cumbersome, because it is mounted outdoors on a high mast, which I can't reach in the dark, so I need to tell the users to wait it out until morning. And the netinstall has to be directly connected to the device, right? This makes it even more difficult, since it's now powered (PoE) from the router it is in, and by golly, where the heck did I keep its original PoE box? [ sigh, the life of a sysadmin

]

Posted: **Sun Sep 05, 2021 1:51 am**

I would rather use a script to convert the RSC export. It can can then be more delicate in what the target export should be to fit the it. Using keywords to skip certain sections.

I worked on an export/import script for single address-lists that can do conversions of the data source data and be selective what to import. A export is not much different and the easiest way as is with address-lists is to first clean and then import a whole section at once.

Remove is also not everywhere availble so it will not erase anything in that section.

Merging a existing config with a to be import is nearly impossible because the sequencing is unknown and add does add at the bottom of the section. Think of the rules in the firewall.

From the top of my head something like this and is just an example and not working or tested:

local keywords "RAW led DHCP"
local skip false
:local section do={:if ($1 in $keywords) do={local skip true} else={$1; local skip false} on-error={:log warning "Section $1 not available on this device"; local skip true}} 
:local add do={:if (skip = false) do={add $1} else={:log warning "Skipped adding $1"}} 

$section "/ip firewall mangle"
$add "comment=nothing"
$add "comment=nothing"
$section "/ip firewall RAW"
$add "comment=nothing"
$add "comment=nothing"

Two functions are called and each one does different things. $section changes to the correct section, if is not on the skip list. It performs also the removal of any present rules/lines.
$add does add the line if the section is not on the skip list. A local variable steers this.

That variable is set again with the new value when the next $section is encountered.

The changes made to the export file is adding an $ in front and eclose the line itself in ". $section is more work but doable.

Update, started a project on this: viewtopic.php?f=9&t=178213&p=877141#p877141

Posted: **Sun Sep 05, 2021 2:00 am**

and by golly, where the heck did I keep its original PoE box? [ sigh, the life of a sysadmin ]

MQS+powerbank: the sysadmin's best friend. https://mikrotik.com/product/mqs

Posted: **Sun Sep 05, 2021 10:48 am**

and by golly, where the heck did I keep its original PoE box? [ sigh, the life of a sysadmin ]
MQS+powerbank: the sysadmin's best friend. https://mikrotik.com/product/mqs

Nice! Unfortunately that would arrive here a bit late in the game.

Posted: **Sun Sep 05, 2021 11:03 pm**

My requests are:

* Please add the Ingress keyword (trivial change)
* Give us the ability to create "really mega simple" queues that do not seperate the shaper and qdisc so that we can entirely bypass HTB and only use Cake shaper

Please Mikrotik
Wild guess: ingress/egress is automatically determined. Depending if you use it as download or upload queue

I use Queue Trees so I don't think there's a way to guess...

Posted: **Mon Sep 06, 2021 1:17 am**

WiFi v2 Locked on Audience WiFi2. Got stuck on selecting channel after changing the SSID. First the MTU went nuts... then the SSID went away.

Back in the box until the next release.

But it was nice to see Mikrotik match 5 and 6 year old Cambium and Ruckus WAPs... well until you added Virtual APs or needed VLANs...

Posted: **Mon Sep 06, 2021 11:04 am**

MTU >1500 is still unsupported on RB4011 on sfp+ port.
I did not noticed that. That is maybe the cause the PPPoE dropped back to 1480 after connecting at 1500.

That's definitely the cause. No amount of manipulation with L2MTU/MTU causes packets >1500 bytes to pass at least on sfpplus port (didn't check other ports). I opened a support ticket on this issue, that's now months old. There were problems with this in ROS6, but not as bad as in ROS7 now.

Posted: **Mon Sep 06, 2021 11:39 am**

On my ccr2004 7.1rc2 config-diff catched a funny bug. Growth SMB shares and guest users.

2021-09-03 22:27

/ip smb shares
add comment="default share" directory=/pub name=pub
+add comment="default share" directory=/pub name=pub
/ip smb users
add name=guest
+add name=guest

2021-09-04 09:57

/ip smb shares
add comment="default share" directory=/pub name=pub
add comment="default share" directory=/pub name=pub
+add comment="default share" directory=/pub name=pub
/ip smb users
add name=guest
add name=guest
+add name=guest

2021-09-04 17:16

add comment="default share" directory=/pub name=pub
add comment="default share" directory=/pub name=pub
add comment="default share" directory=/pub name=pub
+add comment="default share" directory=/pub name=pub
/ip smb users
add name=guest
add name=guest
add name=guest
+add name=guest

etc.

Nobody touched it at this time, so looks like it got bored and needs more smb-shares every day

Posted: **Mon Sep 06, 2021 11:42 am**

SMB support should be removed from RouterOS! This kind of thing does not belong in a router and is not required anymore.

Posted: **Mon Sep 06, 2021 11:57 am**

SMB support should be removed from RouterOS! This kind of thing does not belong in a router and is not required anymore.

And what about ftp, tftp?
If you have device with external usb drive, SMB also can be used as remote storage protocol for PXE purposes.

Posted: **Mon Sep 06, 2021 12:22 pm**

RB2011 still locked in 7.1beta6 (no upgrade path)

my rb2011uias-rm has the same issue, kernel boot failure with 7.1rc2 install
Same issue not experienced on rb2011il-rm which upgraded to 7.1rc2 without issue

Posted: **Mon Sep 06, 2021 1:28 pm**

One More feature request, can we have a 2FA (MFA) Please

Posted: **Mon Sep 06, 2021 2:21 pm**

One More feature request, can we have a 2FA (MFA) Please

You can probably implement that via RADIUS authentication and a solution on your RADIUS server?

Posted: **Mon Sep 06, 2021 2:45 pm**

Hello,
I write this message to report a bug present in all the routeros v7 versions (also rc2) on x86 systems.
I tried both on the single board computer radxa rock pi x (atom cpu) and on an AMD laptop.
The bug is the following:
With an lte interface (tried quectel em12g and rm502q-ae, both in usb2 and usb3) when one run a speedtest the upload goes at full speed but the download start normally but after 30% start to decrease and ends to 3mbps some times and 6mpbs other times, with the rbm33g this doesn’t happen (i have full speed ~60mbps both in download and upload).
I don’t know if it’s a problem of the usb controller driver or other in the system, I also buyed an L4 licence thinking that was a limitation of the L0 trial.
I wrote also an email to the support
If needed i can provide my supout.rif ( I sent it in the email)

Posted: **Mon Sep 06, 2021 4:07 pm**

KERNAL panic after 3 days on rc2. ccr2004. no i won't log a ticket

Posted: **Mon Sep 06, 2021 4:21 pm**

Rfulton, what do you expect from us on the forum? Nobody here can help you - please create a supout.rif after the crash and send it to support.

Posted: **Mon Sep 06, 2021 7:39 pm**

Has anyone figured out how to use the wifiwave2 ACCESS LIST to whitelist mac addresses that I want to allow entry?

What I've tried with partial success is in the attached picture. Mac Address Mask is weird and it looks like a mask of "0" bit is to ignore mac bit, and "1" bit is not ignore. But it wont allow 00:00:00:00:00:00 on the mask, so I made a work around on the bottom for remaining addresses to blacklist. Adding mask of FF:FF:FF:FF:FF:FF on the accepted macs stops mac address entry for some weird reason, but blanking it out makes it somewhat work.

The issue I have with this setup is that some mac addresses allow entry and some do not get in even though they are on the list to allow. Mac address's are correctly written.

Posted: **Mon Sep 06, 2021 9:35 pm**

One More feature request, can we have a 2FA (MFA) Please
You can probably implement that via RADIUS authentication and a solution on your RADIUS server?

I don't think it's doable, until MT add PAP capability for login, as I recall 2FA using RADIUS, required PAP, while MT doesn't support PAP

Posted: **Mon Sep 06, 2021 10:23 pm**

VLAN MTU's appear to 'reset' to 290 every so often (2 x in 48 hours), and it breaks OSPF due to MTU mismatch

12 R VLAN2 vlan 290 1588 74:4D:28:XX:XX:XX
13 R VLAN3 vlan 290 1588 74:4D:28:XX:XX:XX
14 R VLAN4 vlan 290 1588 74:4D:28:XX:XX:XX
15 R VLAN6 vlan 290 1588 74:4D:28:XX:XX:XX
16 R VLAN9 vlan 290 1588 74:4D:28:XX:XX:XX

I need to go into /interface vlan, set MTU to 1504

Then into /interface, and set MTU manually to 1500.

If I don't go to /interface vlan first to make MTU larger, I can't set MTU in /interface to 1500

RB4011, V7.1rc2

Posted: **Mon Sep 06, 2021 11:51 pm**

I also did not see dude in 7.1rc2 but do not know if it is supposed to be there. I will wait for v71rc3 and try again.

I also don't know if it is supposed to be there either...

Specifically IF the Dude package going to be there, before v7.1 is released? I can understand "beta" not having it, but "rc", to me, means, a "feature complete" release... So I worry, since we do use it (& be fine it looked/acted same under V7).

Anyone know if the Dude package going to come back in the V7.1rc's? i.e. Even if there are no new features...

If it's going to be while for the Dude in V7.1, just be good to know...

Posted: **Tue Sep 07, 2021 1:37 am**

Rfulton, what do you expect from us on the forum? Nobody here can help you - please create a supout.rif after the crash and send it to support.

Ain't that the absolute 100% truth. Nobody can fix my kernal panics or it would be fixed already.

Posted: **Tue Sep 07, 2021 1:43 am**

Lmao. Trolling like a pro.

Posted: **Tue Sep 07, 2021 6:57 am**

Just experienced a kernel failure on my hap ac^3 with wifiwave2 and cake after about 2 days of operation. However, it didn't reset itself like the last time.
Switched to fq_codel for queue now, will report in 3 days.

Posted: **Tue Sep 07, 2021 9:04 am**

KERNAL panic after 3 days on rc2. ccr2004. no i won't log a ticket

First it's kernel and not kernal, second you need to create a supout file and send it to Mikrotik support email in order to properly report a bug.

Posted: **Tue Sep 07, 2021 10:33 am**

KERNAL panic after 3 days on rc2. ccr2004. no i won't log a ticket
First it's kernel and not kernal

Clearly he is a Commodore 64 user

Posted: **Tue Sep 07, 2021 1:39 pm**

Please add an option to /import, or make it the default behavior, to print the imported line when an error occurs (in addition to the error message), and to continue the import.
As it is now, it is very difficult to import rsc files as even with the slightest difference in features the import stops and prints only the error message (like "item already exists") without context.
The "verbose" option can be used, but it prints everything and it still does not continue after the error so repeated attempts with from-line option are required

+1. At least please print the imported line.

Posted: **Tue Sep 07, 2021 2:30 pm**

KERNAL panic after 3 days on rc2. ccr2004. no i won't log a ticket
First it's kernel and not kernal,

[sarcasm]
What is this kernel you all are talking about? The only kernel I know is a walnut kernel.
[/sarcasm]

Posted: **Tue Sep 07, 2021 3:47 pm**

First it's kernel and not kernal,

[sarcasm]
What is this kernel you all are talking about? The only kernel I know is a walnut kernel.
[/sarcasm]

Walnuts have kernels....... I thought only popcorn had kernels
This is such an informative forum, I thought those were just walnut pieces LOL

Posted: **Tue Sep 07, 2021 4:30 pm**

They just look like two brains. One smart walnut.

Posted: **Wed Sep 08, 2021 1:56 pm**

Cake seems to work now.

But I can only get the expected ingress performance by:

* Setting the Simple queue limits to Unlimited and the Cake specific limit to my target
* Setting the target slightly lower than the real speed because we are missing the Ingress keyword to compensate

My requests are:

* Please add the Ingress keyword (trivial change)
* Give us the ability to create "really mega simple" queues that do not seperate the shaper and qdisc so that we can entirely bypass HTB and only use Cake shaper

Please Mikrotik
Code: Select all
.B ingress

.br
	Indicates the qdisc is used on ingress (typically done with an IFB device).

	Most notably, this counts drops as data transferred, making ingress shaping
more accurate, since packets will have already traversed the link before Cake
gets to choose what to do with them.

	In addition, drops are also counted as data transferred for maintaining
fairness. This leads to the possibly unexpected result that with host fairness
enabled (see the
.B FLOW ISOLATION PARAMETERS
section), IPs with more simultaneous TCP flows may show lower total goodput than
IPs with fewer flows. This is expected, and is due to proportionally more
packets being dropped for congestion control when there are more active flows.
Clients can avoid this possible loss in goodput by either using fewer flows, or
enabling ECN for greater efficiency.

I opened SUP-59224 with this suggestion:

Screenshot from 2021-09-08 11-42-31.png

Posted: **Wed Sep 08, 2021 2:00 pm**

n1. keep us updated.

Posted: **Wed Sep 08, 2021 2:12 pm**

New version 7.1rc3 has been released in development RouterOS channel:

viewtopic.php?f=1&t=178341

MikroTik

v7.1rc2 [development] is released!

v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!

Re: v7.1rc2 [development] is released!