classic.ISPforum.cz

What's new in v6.40 (2017-Jul-21 08:45):

!) lte - added initial fastpath support (except SXT LTE and Sierra modems);
!) lte - added initial support for passthrough mode for lte modems that supports fastpath;
!) wireless - added Nv2 AP synchronization feature "nv2-modes" and "nv2-sync-secret" option;
bonding - fixed 802.3ad mode on RB1100AHx4;
btest - fixed crash when packet size has been changed during test;
capsman - added "current-registered-clients" and "current-authorized-clients" count for CAP interfaces;
capsman - fixed EAP identity reporting in "registration-table";
capsman - set minimal "caps-man-names" and "caps-man-certificate-common-names" length to 1 char;
certificate - added "crl-use" setting to disable CRL use (CLI only);
certificate - update and reload old certificate with new one if SKID matches;
chr - fixed MAC address assignment when hot plugging NIC on XenServer;
chr - maximal system disk size now limited to 16GB;
conntrack - fixed IPv6 connection tracking enable/disable;
console - fixed different command auto complete on <tab>;
crs212 - fixed Optech sfp-10G-tx module compatibility with SFP ports;
defconf - added IPv6 default firewall configuration (IPv6 package must be enabled on reset);
defconf - improved IPv4 default firewall configuration;
defconf - renamed 192.168.88.1 address static DNS entry from "router" to "router.lan";
dhcp - added "debug" logs on MAC address change;
dhcpv4-client - added "gateway-address" script parameter;
dhcpv4-server - fixed lease renew for DHCP clients that sends renewal with "ciaddr = 0.0.0.0";
dhcpv4-server - fixed server state on interface change in Winbox and Webfig;
discovery - fixed timeouts for LLDP neighbours;
dns - remove all dynamic cache RRs of same type when adding static entry;
dude - fixed server crash;
email - added support for multiple attachments;
ethernet - fixed occasional broken interface order after reset/first boot;
ethernet - fixed rare linking problem with forced 10Mbps full-duplex mode;
export - added "terse" option;
export - added default "init-delay" setting for "/routerboard settings" menu;
export - added router model and serial number to configuration export;
export - fixed "/interface list" verbose export;
export - fixed "/ipv6 route" compact export;
export - fixed MPLS "dynamic-label-range" export;
export - fixed SNMP "src-address" for compact export;
fastpath - improved performance when packets for slowpath are received;
fastpath - improved process of removing dynamic interfaces;
fasttrack - fixed fasttrack over interfaces with dynamic MAC address;
fetch - added "src-address" parameter for HTTP and HTTPS;
filesystem - improved error correcting process on tilera and RB1100AHx4 storage;
firewall - added "none-dynamic" and "none-static" options for "address-list-timeout" parameter;
firewall - fixed bridge "action=log" rules;
firewall - fixed cosmetic "inactive" flag when item was disabled;
firewall - fixed crash on fasttrack dummy rule manual change attempt;
firewall - removed unique address list name limit;
hAP ac lite - removed nonexistent "wlan-led";
hotspot - added "address-list" support in "walled-garden" IP section;
hotspot - require "dns-name" to contain "." symbol under Hotspot Server Profile configuration;
ike1 - added log error message if netmask was not provided by "mode-config" server;
ike1 - added support for "framed-pool" RADIUS attribute;
ike1 - create tunnel policy when no split net provided;
ike1 - fixed minor memory leak on peer configuration change;
ike1 - kill phase1 instead of rekey if "mode-config" is used;
ike1 - removed SAs on DPD;
ike1 - send phase1 delete;
ike1 - wait for cfg set reply before ph2 creation with xAuth;
ike2 - added RADIUS attributes "Framed-Pool", "Framed-Ip-Address", "Framed-Ip-Netmask";
ike2 - added pfkey kernel return checks;
ike2 - added support for "Mikrotik_Address_List" RADIUS attribute;
ike2 - added support for "mode-config" static address;
ike2 - by default use "/24" netmask for peer IP address in split net;
ike2 - fixed duplicate policy checking with "0.0.0.0/0" policies;
ike2 - prefer traffic selector with "mode-config" address;
ipsec - added "firewall=add-notrack" peer option (CLI only);
ipsec - added information in console XML for "mode-config" menu;
ipsec - added support for "key-id" peer identification type;
ipsec - allow to specify chain in "firewall" peer option;
ipsec - do not deduct "dst-address" from "sa-dst-address" for "/0" policies;
ipsec - enabled modp2048 DH group by default;
ipsec - fixed connections cleanup on policy or proposal modification;
ipsec - optimized logging under IPSec topic;
ipsec - removed policy priority;
l2tp - fixed handling of pre-authenticated L2TP sessions with CHAP authentication;
l2tp-server - added "one-session-per-host" option;
log - added "poe-out" topic;
log - improved "l2tp" logs;
log - optimized "wireless,info" topic logs;
log - work on false CPU/RAM overclocked alarms;
lte - added "accounting" logs for LTE connections;
lte - added additional driver support for DWR-910;
lte - added info command support for the Jaton LTE modem;
lte - added initial support for "NTT DoCoMo" modem;
lte - added support for Huawei E3531-6;
lte - added support for ZTE TE W120;
lte - fixed info command when it is executed at the same time as modem restarts/disconnects;
lte - improved SMS delivery report;
lte - improved reliability on SXT LTE;
metarouter - fixed display of bogus error message on startup;
mmips - added support for NVME disks;
ovpn - added support for "push-continuation";
ovpn - added support for topology subnet for IP mode;
ovpn - fixed duplicate default gateway presence when receiving extra routes;
ovpn - improved performance when receiving too many options;
packages - increased automatic download retry interval to 5 minutes if there is no free disk space;
ping - fixed ping getting stuck (after several thousands of ping attempts);
ppp - added initial support for ZTE K4203-Z and ME3630-E;
ppp - added output values for "info" command for finding the GSM base station's location ("LAC" and "IMSI");
ppp - fixed "user-command" output;
ppp - fixed non-standart PAP or CHAP packet handling;
ppp - improved MLPPP packet forwarding performance;
ppp - use interface name instead of IP as default route gateway;
proxy - fixed potential crash;
proxy - fixed rare program crash after closing client connection;
quickset - added "Band" setting to "CPE" and "PTP CPE" modes;
quickset - added special firewall exception rules for IPSec;
quickset - fixed incorrect VPN address value on arm and tilera;
quickset - simplified LTE status monitoring;
quickset - use active user name and permissions when applying changes;
rb1100ahx4 - fixed startup problems (requires additional reboot after upgrade);
rb3011 - fixed packet passthrough on switch2 while booting;
rb750gr3 - fixed USB power;
routerboard - added "caps-mode" option for "reset-configuration";
routerboard - added "caps-mode-script" for default-configuration print;
routing - allow to disable "all" interface entry in BFD;
safe-mode - fixed session handling when Safe Mode is used on multiple sessions at the same time;
sfp - fixed invalid temperature reporting when ambient temperature is less than 0;
sms - decode reports in readable format;
sniffer - do not skip L2 packets when "all" interface mode was used;
snmp - added "ifindex" on interface traps;
snmp - added CAPsMAN interface statistics;
snmp - added ability to set "src-address";
snmp - fixed "/system resource cpu print oid" menu;
snmp - fixed crash on interface table get;
snmp - fixed wireless interface walk table id ordering;
socks - fixed crash while processing many simultaneous sessions;
ssl - added Wildcard support for "left-most" DNS label (will allow to use signed Wildcard certificate on VPN servers);
supout - fixed IPv6 firewall section;
switch - fixed "loop-protect" on CRS SFP/SFP+ ports;
switch - fixed multicast forwarding on CRS326;
tile - fixed copying large amount of text over serial console;
tr069-client - fixed lost HTTP header on authorization;
trafficgen - added "lost-ratio" to statistics;
ups - show correct "line-voltage" value for usbhid UPS devices;
userman - added "/tool user-manager user clear-profiles" command;
userman - do not send disconnect request for user when "simultaneous session limit reached";
userman - lookup language files also in "/flash" directory;
vlan - do not delete existing VLAN interface on "failure: already have such vlan";
webfig - fixed wireless "scan-list" parameter not being saved after applying changes;
winbox - added "eap-identity" to CAPsMAN registration table;
winbox - added "no-dad" setting to IPv6 addresses;
winbox - added "reselect-channel" to CAPsMAN interfaces;
winbox - added "session-uptime" to LTE interface;
winbox - added TR069 support;
winbox - do not autoscale graphs outside known maximums;
winbox - fixed wireless interface "amsdu-threshold" max limit;
winbox - hide LCD menu on CRS112-8G-4S;
winbox - make IPSec policies table an order list;
winbox - moved LTE info fields to status tab;
winbox - show "/interface wireless cap print" warnings;
winbox - show "/system health" only on boards that have health monitoring;
winbox - show "D" flag under "/interface mesh port" menu;
wireless - NAK any methods except MS-CHAPv2 as inner method in PEAP;
wireless - added option to change "nv2-downlink-ratio" for nv2 protocol;
wireless - added option to set "fixed-downlink" mode for nv2 protocol;
wireless - allow VirutalAP on Level0 (24h demo) license;
wireless - always use "multicast-helper" when DHCP is being used;
wireless - do not skip >2462 channels if interface is WDS slave;
wireless - fixed 802.11u wireless request processing;
wireless - fixed EAP PEAP success processing;
wireless - fixed compatibility with "AR5212" wireless chips;
wireless - fixed rare crash on cap disable;
wireless - fixed registration table "signal-strength" reporting for chains when using nv2;

Solidní nálož oprav

Ahoj,

souhlasím, že oprav přišlo hodně. Zkusili jsme na části sítě a 4 desky 912UAG sice fungují a propouští data, ale nevykonávají příkazy, nejdou ani rebootnout. Bude se muset na místo zkusit vyp. / zap. U jedné desky se ztratil balíček wireless a u další se změnilo SSID a z karta ztratila nastavení IP adresy.


Takže z cca 50 desek po upgradu 6 chyb. To není moc pozitivní. Jaké máte zkušenosti? Nechce se mi to zatím moc pouštět do zbytku sítě.

no kdyz to ctu, tak se mi do toho taky moc nechce

Na test upgrade cca 100 zarizek z 6.38.3 a neumrelo ani jedno.

k3dt píše:Na test upgrade cca 100 zarizek z 6.38.3 a neumrelo ani jedno.

Souhlasim, upgrade RB912, RB922, hap, sxt lite a/n, sxt lite ac a vse jede. Prechod z verze 6.39.1 nebo 6.39.2.

Nevím co se děje ale od verze R.O. 6.38 mám potíže s master portami na desce RB1200 , do této verze to chodilo v pohodě , když se do portů které jsou v master portu strčí cokoliv jiné než druhý MK (RB600) tak fungují , jakmile se zapojí RB600 s adresou ve stejné podsíti do portů které jsou v master portu a ten RB600 je v bridge , prostě ani si nepingne na ten 1 MK (RB1200) , ale když se mu dá dhpc client najednou to funguje , když porty vyhodím z Master Portu a dám je do bridge vše funguje , nastavený mám vše dobře ..... Co jsem dál zpozoroval : jakýkoliv port který vede v RB1200 do switche AR8327 protáhne jen 20Mb , kdežto port který vede do cpu protáhne plný gigabit , je to zajímavé .... Setkal jste se někdo s tím ...

Zkoušel jste někdo tu NV2 synchronizaci? Zkušenosti?

kadlcikales píše:Nevím co se děje ale od verze R.O. 6.38 mám potíže s master portami na desce RB1200 , do této verze to chodilo v pohodě , když se do portů které jsou v master portu strčí cokoliv jiné než druhý MK (RB600) tak fungují , jakmile se zapojí RB600 s adresou ve stejné podsíti do portů které jsou v master portu a ten RB600 je v bridge , prostě ani si nepingne na ten 1 MK (RB1200) , ale když se mu dá dhpc client najednou to funguje , když porty vyhodím z Master Portu a dám je do bridge vše funguje , nastavený mám vše dobře ..... Co jsem dál zpozoroval : jakýkoliv port který vede v RB1200 do switche AR8327 protáhne jen 20Mb , kdežto port který vede do cpu protáhne plný gigabit , je to zajímavé .... Setkal jste se někdo s tím ...

Noo, psalo to v changelogu, neco o tom, ze nastaveni a-la mester port nebude podporovano. Precti si changelog (tusim, ze pro RC verze - tam to najdes - zmena je od 6.38.5rc??)

O master portu se v 6.38 moc nepíše.

honza198 píše:

kadlcikales píše:Noo, psalo to v changelogu, neco o tom, ze nastaveni a-la mester port nebude podporovano. Precti si changelog (tusim, ze pro RC verze - tam to najdes - zmena je od 6.38.5rc??)

Co bych viděl hůře, je verze 6.41. Tam se to opravdu měnit bude, asi už nebude rozdíl mezi bridge a switchem, co půjde, bude konfigurováno na switchi. A co jsme dnes konfigurovali na switchi, budeme nastavovat na bridgi. Vůbec si neumím představit, kolik verzí jim bude trvat stabilizace této funkce.

to ludvik:
to nam zase pribude vrasek na cele nez to odladej Osobne se zas na nejakou dobu prepinam do konzervativnich rezimu

honzam píše:Zkoušel jste někdo tu NV2 synchronizaci? Zkušenosti?

nejak ji nemuzu najit ? od ktery verze a kde to je?

a hledáš ve CLI?

od verze 6.40
https://wiki.mikrotik.com/wiki/Manual:N ... ronization