v6.16/v6.17

Shkrid · Thu Jul 24, 2014 10:42 am

Normis, what is it in logs? This is new feature of broadcast/multicast storm detection?

3bs · Thu Jul 24, 2014 12:20 pm

Cool, on some routers disapeared configuration after update. Firmwares more and more worse from version to version.

rextended · Thu Jul 24, 2014 2:12 pm

Actually I'm updated 3/4 of my network (and I still go on).
The first updated devices, just re-updated when 6.17 come out, still online and perfectly working.

--->>> I DO NOT USE IPsec <<<---

Thu Jul 24, 2014 2:13 pm

We already made some IPsec fixes in v6.18rc3 which is available for testing upon request.

napismizpravu · Thu Jul 24, 2014 4:52 pm

RB433UAH 6.18rc3 > proxy (USBx) Cache Contents no view (not displayed) info WinBox, command line

>ip proxy cache-contents print

IntrusDave · Thu Jul 24, 2014 6:08 pm

We already made some IPsec fixes in v6.18rc3 which is available for testing upon request.

I'm requesting.

I have only updated my test box (CCR1016) and it is very unstable. I use a lot of IPSec.

kgninfos · Thu Jul 24, 2014 7:50 pm

see the signal i am getting in V1.7

how can i read the bars????

ismets · Thu Jul 24, 2014 8:27 pm

Hi
I have 2 ccr1036-12g-4s.
I update one 6.15 to 6.17 and routerboard 3.13 to 3.18.
200Mhz cpu setting fan speed is 6000 RPM

old 6.15 Cpu 800Mhz fan speed 5000 RPM
We have a bug?

skibi82 · Thu Jul 24, 2014 8:41 pm

After switching BaseBox 2 to silent mode in routerboard on the latest firmware and ROS 6.17
Router asleep forever.

If i press reset all LED lights for ever

The router is not dead - it is impossible run Netinstall as well as anything else

Good job off support

P. S.
Thank God RMA work.

tldrmyh · Thu Jul 24, 2014 11:31 pm

RB2011UiAS-2HnD-IN, new one, ROS 6.2.

1st login => update to 6.17 => reboot
2nd login => change country in Wi-Fi area of quickset => device is inaccessible
power off/on => device is inaccessible.

I'll try to reset to defaults later, just curious if it's a normal operation and I just have to leave country setting as it is?

TikUser · Fri Jul 25, 2014 12:59 am

I upgraded one Omnitik from ROSv6.12, firmware 3.10, to ROSv6.17, firmware 3.17, wireless-fp enabled. I'm noticing port flapping. Omnitik is through ether1 connected to RB493G, which has ROSv5.26, firmware 3.07.
Auto Negotiation is enabled. Tx/RX Flow Control is off. In Advertise (10M half, 10M full, 100M half, 100M full,...) everything is checked. These are the default Mikrotik settings. In the RB493G these settings are also untouched (default). Interfaces are not bridged or switched.

Are there some problems in the communication between these ROS versions?

14:06:18 interface,info ether1 link down 
14:06:20 interface,info ether1 link up (speed 100M, full duplex) 
14:08:40 interface,info ether1 link down 
14:08:41 interface,info ether1 link up (speed 100M, full duplex) 
14:08:44 interface,info ether1 link down 
14:08:48 interface,info ether1 link up (speed 100M, full duplex) 
14:09:17 interface,info ether1 link down 
14:09:18 interface,info ether1 link up (speed 100M, full duplex) 
16:09:54 interface,info ether1 link down 
16:10:00 interface,info ether1 link up (speed 100M, full duplex) 
16:10:24 interface,info ether1 link down 
16:10:25 interface,info ether1 link up (speed 100M, full duplex) 
16:10:26 interface,info ether1 link down 
16:10:31 interface,info ether1 link up (speed 100M, full duplex) 
16:23:37 interface,info ether1 link down 
16:23:42 interface,info ether1 link up (speed 100M, full duplex) 
20:46:39 interface,info ether1 link down 
20:46:40 interface,info ether1 link up (speed 100M, full duplex) 
20:47:29 interface,info ether1 link down 
20:47:30 interface,info ether1 link up (speed 100M, full duplex) 
20:48:15 interface,info ether1 link down 
20:48:17 interface,info ether1 link up (speed 100M, full duplex) 
20:51:28 interface,info ether1 link down 
20:51:30 interface,info ether1 link up (speed 100M, full duplex) 
20:57:31 interface,info ether1 link down 
20:57:33 interface,info ether1 link up (speed 100M, full duplex) 
21:09:17 interface,info ether1 link down 
21:09:19 interface,info ether1 link up (speed 100M, full duplex) 
21:09:29 interface,info ether1 link down 
21:09:31 interface,info ether1 link up (speed 100M, full duplex) 
22:17:12 interface,info ether1 link down 
22:17:13 interface,info ether1 link up (speed 100M, full duplex)

Thalid · Fri Jul 25, 2014 1:13 am

I upgraded one Omnitik from ROSv6.12, firmware 3.10, to ROSv6.17, firmware 3.17, wireless-fp enabled. I'm noticing port flapping. Omnitik is through ether1 connected to RB493G, which has ROSv5.26, firmware 3.07.
Auto Negotiation is enabled. Tx/RX Flow Control is off. In Advertise (10M half, 10M full, 100M half, 100M full,...) everything is checked. These are the default Mikrotik settings.

Are there some problems in the communication between these ROS versions?

tryd whitout auto negotiation?

avantwireless · Fri Jul 25, 2014 3:57 am

I'm seeing the port flapping on a QRT and turning off auto-negotiation does not fix it. This is showing up on more devices with later versions of ROS... Time for this to get fixed!!!

kgninfos · Fri Jul 25, 2014 4:40 am

can anyone check the the ting bellow
i had 2 SXT5 dual chan i upgraded it to 6.17 then the wireless-fp but not enabled it
first one is on bridge mode second in client
as soon as i upgraded the wireless link disconnected

the log at client flooded with message "Failed join recently to SSID No network that satisfies connect list"(Had the entry in connectlist but was disabled)
at the bridge there was no log at showing any wireless error (Seemed the client was not trying to connect)
when i removed the connectlist entry in client the link was up

i guess it's checking the connect list even when it's disabled

mt-guy · Fri Jul 25, 2014 9:29 am

We already made some IPsec fixes in v6.18rc3 which is available for testing upon request.

I am interested, since we have major issues with reproducible issues and what seems to be random issues with IPsec.

Fri Jul 25, 2014 9:33 am

We already made some IPsec fixes in v6.18rc3 which is available for testing upon request.
I am interested, since we have major issues with reproducible issues and what seems to be random issues with IPsec.

We have now added it to the regular download page:
http://www.mikrotik.com/download

kivimart · Fri Jul 25, 2014 9:58 am

We already made some IPsec fixes in v6.18rc3 which is available for testing upon request.
I am interested, since we have major issues with reproducible issues and what seems to be random issues with IPsec.
We have now added it to the regular download page:
http://www.mikrotik.com/download

the link routeros-mipsbe-6.18rc.npk point to file routeros-x86-6.18rc.npk

Basdno · Fri Jul 25, 2014 2:48 pm

see the signal i am getting in V1.7 how can i read the bars????

Hi,

What do you mean? What signal and bars do you mean, and v1.7 of what? Do you mean RouterOS 6.17?

Please be a little more specific when posting so its easier for your fellow forum-users to help you!

Somikov · Fri Jul 25, 2014 6:35 pm

New feature?
Watchdog timer is disabled, but the router still reboots on watchdog timer.
And it does not wait for 10 minutes, and may restart in 30 seconds.
------------------------

[admin@AI5926CX] /system routerboard> print
       routerboard: yes
             model: 411U
     serial-number: 28DB012DC0E8
  current-firmware: 3.18
  upgrade-firmware: 3.18
[admin@AI5926CX] > /system watchdog print
     watch-address: 8.8.8.8
    watchdog-timer: no
     no-ping-delay: 10m
  automatic-supout: yes
  auto-send-supout: no
[admin@AI5926CX] > /system clock print
            time: 18:22:01
            date: jul/25/2014
  time-zone-name: Europe/Kiev
      gmt-offset: +03:00
      dst-active: yes
[admin@AI5926CX] > /log print follow  where topics~"watchdog" or topics~"ppp"
18:22:50 async,ppp,info ppp-outIT: terminating... - hungup
18:22:50 async,ppp,info ppp-outIT: disconnected
18:23:00 async,ppp,info ppp-outIT: initializing...
18:23:00 async,ppp,info ppp-outIT: reseting link...
18:23:00 async,ppp,info ppp-outIT: reseting link... - could not acquire serial port
18:23:00 async,ppp,info ppp-outIT: disconnected
18:23:10 async,ppp,info ppp-outIT: initializing...
18:23:10 async,ppp,info ppp-outIT: reseting link...
18:23:10 async,ppp,info ppp-outIT: reseting link... - could not acquire serial port
18:23:10 async,ppp,info ppp-outIT: disconnected
18:23:20 async,ppp,info ppp-outIT: initializing...
18:23:20 async,ppp,info ppp-outIT: reseting link...
18:23:20 async,ppp,info ppp-outIT: reseting link... - could not acquire serial port
18:23:20 async,ppp,info ppp-outIT: disconnected
18:23:30 async,ppp,info ppp-outIT: initializing...
18:23:30 async,ppp,info ppp-outIT: reseting link...
18:23:30 async,ppp,info ppp-outIT: reseting link... - could not acquire serial port
18:23:30 async,ppp,info ppp-outIT: disconnected
18:23:40 async,ppp,info ppp-outIT: initializing...
18:23:40 async,ppp,info ppp-outIT: reseting link...
18:23:40 async,ppp,info ppp-outIT: reseting link... - could not acquire serial port
18:23:40 async,ppp,info ppp-outIT: disconnected
18:23:46 watchdog,error,critical watchdog cannot ping address 8.8.8.8, rebooting
18:23:50 async,ppp,info ppp-outIT: initializing...
18:23:50 async,ppp,info ppp-outIT: reseting link...
18:23:50 async,ppp,info ppp-outIT: reseting link... - could not acquire serial port
18:23:50 async,ppp,info ppp-outIT: disconnected
-- Ctrl-C to quit. Space prints separator. New entries will appear at bottom.
echo: watchdog,error,critical watchdog cannot ping address 8.8.8.8, rebooting

wrobli · Fri Jul 25, 2014 9:43 pm

We upgrade 70% our network so far all working.

rextended · Fri Jul 25, 2014 9:44 pm

NEW PARAMETER REQUEST ON ALREADY EXISTENT FUNCTIONS:

Sometime we (yes, we, not only I) need to run some command on CLI interface by pasting it inside from clipboard,
or running script from CLI.

Everyone know: if you run one script on CLI if contain upgrade, rebuild, reboot, reset, etc. ask confirmation.

Please consider to add parameter "skip-confirmation=yes" to the all command ask for confirmation like:

/system routerboard upgrade skip-confirmation=yes;

/tool user-manager database clear skip-confirmation=yes;

/tool user-manager database clear-log skip-confirmation=yes;

/tool user-manager database rebuild skip-confirmation=yes;

/system reboot skip-confirmation=yes;

/system reset-configuration run-after-reset=myfile.rsc skip-confirmation=yes;

/ip proxy reset-html skip-confirmation=yes;

Probably I miss some other examples.

AND ADD FOR THIS ONE CONFIRMATION IN CLI OR WINBOX:

/interface wireless reset-configuration;

I hope I'm not the only ask for this.

EDIT: added more examples.

Chupaka · Fri Jul 25, 2014 9:57 pm

in scripts, it works fine without confirmation. in Terminal, I don't think it's hard to press 'y' in the end of script - probably sometime it will save someone from loosing their config =) anyway, 'reset' or 'reboot' is always the last command in script

rextended · Sat Jul 26, 2014 8:55 am

>>>I don't think it's hard to press 'y' in the end of script
It's like you do not have read correctly the post (english or not).
If you paste something from clipboard, the "y" sometime is unexpected and broken the rest of the pasted commands.

>>>probably sometime it will save someone from loosing their config =)
If are saved scripts, are supposed to work right, if you run by script or sceduler, if are bad, still be dangerous for lost config.

>>>anyway, 'reset' or 'reboot' is always the last command in script
Absolutely wrong. OR right just for your scripts.
One simple example: on my maintenance script at the boot, if new bios version are available are updated and system rebooted before script go further, at reboot script continue (because are scheduled at the boot and the bios is already updated).

BRCnet · Sat Jul 26, 2014 10:33 am

Three RB912 upgraded to 6.17 and I had a few days and well, but I did a massive upgrade has been a disaster.
Especially the RB2011 have been killed, even after trying to update after some running to 6.18rc5

No this can happen as the truth, I have major teams stand right now. Now I'm afraid they can take those keeping 6.17 as many have fallen even without restart.

Any solution?

bornwired · Sat Jul 26, 2014 7:08 pm

Anyone having this issue with RB2011 after the upgrade?

Help appreciated, thanks.

http://forum.mikrotik.com/viewtopic.php?f=7&t=87402

Chupaka · Sun Jul 27, 2014 12:02 am

If you paste something from clipboard, the "y" sometime is unexpected and broken the rest of the pasted commands.

<...>

One simple example: on my maintenance script at the boot, if new bios version are available are updated and system rebooted before script go further, at reboot script continue (because are scheduled at the boot and the bios is already updated).

please make an example where 'reboot' command is pasted from clipboard (not executed from script, where it asks nothing) and is not the last command

that's what I mean

rextended · Sun Jul 27, 2014 12:39 am

I do not want reply because if i do that I show my script, and I do not want disclose it to any.

Sun Jul 27, 2014 12:47 am

I do not want reply because if i do that I show my script, and I do not want disclose it to any.

Then just describe basically what is that script of yours supposed to do (no specifics or actual code), and why would you (realistically) want to not have the reset be the last thing in there.

rextended · Sun Jul 27, 2014 12:58 am

I do not want reply because if i do that I show my script, and I do not want disclose it to any.
Then just describe basically what is that script of yours supposed to do (no specifics or actual code), and why would you (realistically) want to not have the reset be the last thing in there.

*** Check what version of initialization script used to first time program the CPE and accordingly what version are found, reset configuration with running new .rsc script OR if are more recent version simply change some value on configuration. If the bios on RouterOS are more recent than the bios onboard, first of all upgrade and then reboot, after reboot continue the script (run again) ***

Already writed (And chupaka ask for reboot, not for reset):

One simple example: on my maintenance script at the boot, if new bios version are available are updated and system rebooted before script go further, at reboot script continue (because are scheduled at the boot and the bios is already updated).

I think the Chupaka questions derail the sense of the request.
What importance have where is placed reboot/reset on the "pasted from the clipboard" / "invoked saved script"???

http://forum.mikrotik.com/viewtopic.php ... 43#p438805

I ask only if possible to remove ALL confirmation messages upon provided parameter,
and ADD THE WARNING MESSAGE WHERE IS MISSING like on reset-configuration on wireless.

Forget REBOOT.

rextended · Sun Jul 27, 2014 1:07 am

If you read this, first read again my just previous post. I have modified some things...

Sun Jul 27, 2014 2:14 am

Reboot, reset... whatever...

You can easily wrap your copy&paste script into a scheduler even that is 1s away, and the first thing it does is to remove itself. That way, you're executing everything, and not even leaving a trail. This includes reboots, and I'm pretty sure it would work for a reset as well.

e.g.

/system scheduler add name="SETTER" interval=1s on-event={
/system scheduler remove "SETTER"

/system reboot

}

or more generally

/system scheduler add name="SETTER" interval=1s on-event={
/system scheduler remove "SETTER"

#Your script here

}

Technically, there's also the "execute" command, which doesn't involve adding a self removing item, but it requires the script as a string, meaning it's less convenient for the most part.

ibm · Sun Jul 27, 2014 9:28 am

What's happened to the stats?
I'm sure that it isn't a ddos because the 600Mhz CPU last night was always at 5% and the WANs hadn't traffic.

rextended · Sun Jul 27, 2014 11:09 am

Reboot, reset... whatever...

You can easily wrap your copy&paste script into a scheduler even that is 1s away, and the first thing it does is to remove itself. That way, you're executing everything, and not even leaving a trail. This includes reboots, and I'm pretty sure it would work for a reset as well.

e.g.
Code: Select all
/system scheduler add name="SETTER" interval=1s on-event={
/system scheduler remove "SETTER"

/system reboot

}
or more generally
Code: Select all
/system scheduler add name="SETTER" interval=1s on-event={
/system scheduler remove "SETTER"

#Your script here

}
Technically, there's also the "execute" command, which doesn't involve adding a self removing item, but it requires the script as a string, meaning it's less convenient for the most part.

Why must be find everytime one walktrought instead obtaining one simpe solution from mikrotik?

Another example is "toip" for convert one "1.2.3.4/32" as string toip not work, and toipprefix not exist,
must be used again another fantasious method instead to have toip working as expected:
http://forum.mikrotik.com/viewtopic.php ... 85#p438947

Do not tink I can not make script without this fix, but sometime is frustrating when some instruction missing or not work as expected.

The language used for Scripting are mikrotik proprietary and I'm not expecting anything more what I can do, but I ask just for fix ALREADY existent functions, not add new, like decimal numbers or read more than 4096 characters on file.

gemhero · Sun Jul 27, 2014 12:56 pm

While upgrading from v6.15 to v6.17.
IP / DHCP Server - Leases list is all gone .. (Leases list is removed)

RB2011UAS / RB2011UiAS / RB750GL / RB450G was all the same problem

For me it is a serious problem.

Monday tomorrow, we hope not only no problems at suppliers.

Sun Jul 27, 2014 1:42 pm

Another example is "toip" for convert one "1.2.3.4/32" as string toip not work, and toipprefix not exist,
must be used again another fantasious method instead to have toip working as expected:
http://forum.mikrotik.com/viewtopic.php ... 85#p438947

The language used for Scripting are mikrotik proprietary and I'm not expecting anything more what I can do, but I ask just for fix ALREADY existent functions, not add new, like decimal numbers or read more than 4096 characters on file.

It really depends on how easy and generic the supposed workaround is, and ideally, that should dictate the priority of feature additions and fixes.

In the case of skip-confirmation, the workaround for that is easy (three lines that don't disturb the rest of your flow) and generic (you can apply it to any script containing stuff that would otherwise require prompts).

In the case of toip-prefix, the workaround is not as easy and generic (because of ":parse"... any script with that starts to turn into a complex "hack"; BTW, I had sent a feature request for that to support before your post, and got a "sure... eventually..." kind of reply), and in the case of decimal numbers and 4096+ characters, it's downright impossible.

So personally, my preferred order (in terms of what I think MikroTik should focus their efforts on) would be the reverse of your propositions - 4096+ first, decimals second, toip-prefix third, and skip-confirmation forth.

rextended · Sun Jul 27, 2014 5:31 pm

I like your order, is similar to mine, but on the hope first are made "easy" things...

IPTel · Sun Jul 27, 2014 5:36 pm

After upgrading from 6.15 to 6.17 disk memory using inreased
on router 1 (750) from ~2 500 to ~5 000 sectors/day
on router 2 (750G) from ~3000 to ~7 400 sectors/day
on router 3 (750G) from ~2 000 to ~4 000 sectors/day

without changing of configuration, of course

rextended · Mon Jul 28, 2014 8:19 am

You keep on this type of statistic?

Is like you do not read the change log, or better, you do not understand the change log.

Read again and you find why.

rextended · Mon Jul 28, 2014 8:21 am

While upgrading from v6.15 to v6.17.
IP / DHCP Server - Leases list is all gone .. (Leases list is removed)

RB2011UAS / RB2011UiAS / RB750GL / RB450G was all the same problem

For me it is a serious problem.

Monday tomorrow, we hope not only no problems at suppliers.

Are present static leases or only dynamic?

Simply put back from backup. Yu have backup, right?

nick3dos · Mon Jul 28, 2014 9:30 am

After updating CCR1009-8G-1S from 6.13 to 6.17 from time to time, administration users are all reset to default 'admin' user with no password.
I had to make a script to check when the users are deleted and create them back.
I can see Nothing to log !!!

IPTel · Mon Jul 28, 2014 9:56 am

You keep on this type of statistic?

Is like you do not read the change log, or better, you do not understand the change log.

Read again and you find why.

I read again and once more. And I can't find why.

May be, can you specify the reason?

SaLMoN · Mon Jul 28, 2014 10:44 am

While upgrading from v6.15 to v6.17.
IP / DHCP Server - Leases list is all gone .. (Leases list is removed)

RB2011UAS / RB2011UiAS / RB750GL / RB450G was all the same problem

Have the same problem on 435G. Additionally, the list disappeared after accidental power failure. And when I try to make a backup:

error creating backup file: could not read all configuration files

gemhero · Mon Jul 28, 2014 12:07 pm

While upgrading from v6.15 to v6.17.
IP / DHCP Server - Leases list is all gone .. (Leases list is removed)

RB2011UAS / RB2011UiAS / RB750GL / RB450G was all the same problem

For me it is a serious problem.

Monday tomorrow, we hope not only no problems at suppliers.
Are present static leases or only dynamic?

Simply put back from backup. Yu have backup, right?

Only a dynamic leases.
Because many mobile users.
I did not use the automatic upgrade.
"All Packages" using the updated.
Until now, there was no such problem.
So there is no backup.

Important thing.

Future possible problems that can occur when updating?
Or in the way I can fix this problem if there is a way of setting?

Chupaka · Mon Jul 28, 2014 12:16 pm

Technically, there's also the "execute" command

perfect!

execute "/system reboot"

does not ask for confirmation! so, to skip confirmation, one should replace '$command' with 'execute "$command"'

rextended · Mon Jul 28, 2014 5:46 pm

You keep on this type of statistic?

Is like you do not read the change log, or better, you do not understand the change log.

Read again and you find why.
I read again and once more. And I can't find why.
May be, can you specify the reason?

Saving time each 10 min (?) on board

rextended · Mon Jul 28, 2014 5:48 pm

Technically, there's also the "execute" command
perfect!
Code: Select all
execute "/system reboot"
does not ask for confirmation! so, to skip confirmation, one should replace '$command' with 'execute "$command"'

Thanks for the info!

But is another walktrought...

TikUser · Mon Jul 28, 2014 11:35 pm

Have the same problem on 435G. Additionally, the list disappeared after accidental power failure. And when I try to make a backup:
Code: Select all
error creating backup file: could not read all configuration files

Apply (restore) previous backup over the existing configuration, then try to make a new backup.
Or reset the configuration first, and then apply previous backup.
That worked in my case.

SaLMoN · Tue Jul 29, 2014 8:34 am

Apply (restore) previous backup over the existing configuration, then try to make a new backup.
Or reset the configuration first, and then apply previous backup.
That worked in my case.

I went back to v. 6.15 on this device. In addition to downgrade ROS I had to downgrade RouterBoard firmware too, because the problem persists. I'll wait for a better version.

sumanbarman · Tue Jul 29, 2014 10:38 am

Dear Normis,
Nice to hear released v 6.16/6.17
But still now transparent web proxy doesn't work in both 6.15 & 6.17
here is my router configuration:

/ip firewall nat
add chain=dstnat action=redirect to-ports=8080 protocol=tcp dst-port=80
add chain=srcnat action=masquerade src-address=192.168.2.0/24 out-interface=WIMAX

/ip firewall mangle
add action=mark-packet chain=output comment="CACHE HIT" disabled=no dscp=4 new-packet-mark=cache-hits passthrough=no

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="Unlimited Speed for CACHE"
packet-mark=cache-hits parent=global priority=8 queue=default

/ip proxy> print
enabled: yes
src-address: ::
port: 8080
anonymous: no
parent-proxy: 0.0.0.0
parent-proxy-port: 0
cache-administrator: webmaster
max-cache-size: unlimited
max-cache-object-size: 40960KiB
cache-on-disk: yes
max-client-connections: 1000
max-server-connections: 1000
max-fresh-time: 3d
serialize-connections: no
always-from-cache: no
cache-hit-dscp: 4
cache-drive: usb1

Chupaka · Tue Jul 29, 2014 12:36 pm

But still now transparent web proxy doesn't work in both 6.15 & 6.17

what exactly doesn't work? what do you check, what do you expect to see and what results do you actually see?

Tue Jul 29, 2014 12:37 pm

New feature?
Watchdog timer is disabled, but the router still reboots on watchdog timer.

Watchdog address is not the same as Watchdog timer. What you see is a reboot because of kernel crash. This is also done by watchdog, and can't be disabled.

pchott · Tue Jul 29, 2014 12:46 pm

But still now transparent web proxy doesn't work in both 6.15 & 6.17
what exactly doesn't work? what do you check, what do you expect to see and what results do you actually see?

In version 6.15 I was not able to configure transparent web-proxy to show this login page: http://www.samplecomponents.com/scripts ... ll?hittite

Chupaka · Tue Jul 29, 2014 1:03 pm

In version 6.15 I was not able to configure transparent web-proxy to show this login page: http://www.samplecomponents.com/scripts ... ll?hittite

what were your steps to do that? we're not telepathists. what do you mean saying 'to show this page'? all pages were opening normally, and that only page didn't work?

Tue Jul 29, 2014 1:09 pm

you are using transparent proxy to show login page? can this even work? you should be using hotspot with external login page redirect

IPTel · Tue Jul 29, 2014 2:01 pm

You keep on this type of statistic?

Is like you do not read the change log, or better, you do not understand the change log.

Read again and you find why.
I read again and once more. And I can't find why.
May be, can you specify the reason?
Saving time each 10 min (?) on board

24 hours. On all devices. Always.

Somikov · Tue Jul 29, 2014 2:15 pm

New feature?
Watchdog timer is disabled, but the router still reboots on watchdog timer.
And it does not wait for 10 minutes, and may restart in 30 seconds.

So what? It is a bug or a feature?

Tue Jul 29, 2014 2:26 pm

New feature?
Watchdog timer is disabled, but the router still reboots on watchdog timer.
And it does not wait for 10 minutes, and may restart in 30 seconds.
So what? It is a bug or a feature?

I already answered a few posts above

pchott · Tue Jul 29, 2014 3:39 pm

In version 6.15 I was not able to configure transparent web-proxy to show this login page: http://www.samplecomponents.com/scripts ... ll?hittite
what were your steps to do that? we're not telepathists. what do you mean saying 'to show this page'? all pages were opening normally, and that only page didn't work?

I had been running transparent web-proxy for week and users did not report any other problems than on this page. I was trying to diagnose but without luck, why is only happen on this page. Maybe some other but was not hit in test time.

config

/ip proxy
set cache-administrator=it@test.com cache-on-disk=yes enabled=\
    yes max-cache-size=none max-fresh-time=1w
/ip proxy access
add action=deny comment="block telnet & spam e-mail relaying" disabled=yes \
    dst-port=23-25
add action=deny comment=\
    "allow CONNECT only to SSL ports 443 [https] and 563 [snews]" dst-port=\
    !443,563 method=CONNECT

I'll do some tests at weekend, maybe I can give more info then

sumanbarman · Tue Jul 29, 2014 4:14 pm

But still now transparent web proxy doesn't work in both 6.15 & 6.17
what exactly doesn't work? what do you check, what do you expect to see and what results do you actually see?

I see that /queue tree is not working in 6.15 & 6.17
it does not touch the any traffic ...... ?
here is my /queue tree configuration

/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name="Unlimited Speed for CACHE"
packet-mark=cache-hits parent=global priority=8 queue=default

Chupaka · Tue Jul 29, 2014 4:19 pm

and what about your Mangle rule? does it count packets?

sumanbarman · Tue Jul 29, 2014 4:24 pm

and what about your Mangle rule? does it count packets?

It's not count any packet.
here is my mangle rule :

/ip firewall mangle
add action=mark-packet chain=output comment="CACHE HIT" disabled=no dscp=4 new-packet-mark=cache-hits passthrough=no

Chupaka · Tue Jul 29, 2014 4:29 pm

then that queue should not work

was that mangle rule working in v6.15?

sumanbarman · Tue Jul 29, 2014 4:31 pm

Same strange problem with also 6.15

sumanbarman · Tue Jul 29, 2014 4:36 pm

here is my router full configuration:
[admin@MikroTik] > export
# jul/29/2014 19:32:54 by RouterOS 6.17
# software id = XXXX-XXXX
#
/interface ethernet
set [ find default-name=ether2 ] name=LAN
set [ find default-name=ether3 ] name=WIMAX
/interface wireless security-profiles
add authentication-types=wpa-psk,wpa2-psk,wpa-eap,wpa2-eap \
management-protection=allowed mode=dynamic-keys name=profile1 \
supplicant-identity="" wpa-pre-shared-key=0085642200 wpa2-pre-shared-key=\
0085642200
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=2 band=2ghz-b/g/n disabled=no \
frequency=auto l2mtu=2290 mode=ap-bridge name=WLAN nv2-preshared-key=\
0085642200 nv2-security=enabled security-profile=profile1 ssid=01670397585
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/queue simple
add burst-limit=1M/1M burst-threshold=1M/1M burst-time=5s/5s limit-at=512k/512k \
max-limit=512k/512k name="Desktop pc 01" priority=1/1 target=\
192.168.2.10/32
add burst-limit=512k/512k burst-threshold=512k/512k burst-time=5s/5s limit-at=\
512k/512k max-limit=512k/512k name="Desktop pc 02" target=192.168.0.10/32
add burst-limit=1M/1M burst-threshold=1M/1M burst-time=5s/5s limit-at=512k/512k \
max-limit=512k/512k name="SYMPHONY W68" target=192.168.0.20/32
add burst-limit=512k/512k burst-threshold=512k/512k burst-time=5s/5s limit-at=\
512k/512k max-limit=512k/512k name=Guest target=192.168.0.30/32
add burst-limit=1M/1M burst-threshold=1M/1M burst-time=5s/5s limit-at=512k/512k \
max-limit=512k/512k name="Walton GH+" target=192.168.0.40/32
/queue tree
add name="Unlimited Speed for CACHE" packet-mark=cache-hits parent=global \
queue=default
/ip address
add address=192.168.1.10/24 interface=WIMAX network=192.168.1.0
add address=192.168.2.1/24 interface=LAN network=192.168.2.0
add address=192.168.0.1/24 interface=WLAN network=192.168.0.0
/ip arp
add address=192.168.0.20 interface=WLAN mac-address=8C:C5:E1:54:41:CF
add address=192.168.2.10 interface=LAN mac-address=00:30:67:ED:20:74
add address=192.168.0.10 interface=WLAN mac-address=74:D0:2B:CE:F0:9F
/ip dns
set allow-remote-requests=yes cache-size=25000KiB max-udp-packet-size=512 \
servers=8.8.8.8,8.8.4.4,208.67.222.222,208.67.220.220
/ip firewall address-list
add address=0.0.0.0/8 list=BOGONS
add address=10.0.0.0/8 list=BOGONS
add address=100.64.0.0/10 list=BOGONS
add address=127.0.0.0/8 list=BOGONS
add address=169.254.0.0/16 list=BOGONS
add address=172.16.0.0/12 list=BOGONS
add address=192.0.0.0/24 list=BOGONS
add address=192.0.2.0/24 list=BOGONS
add address=192.168.0.0/16 list=BOGONS
add address=198.18.0.0/15 list=BOGONS
add address=198.51.100.0/24 list=BOGONS
add address=203.0.113.0/24 list=BOGONS
add address=224.0.0.0/3 list=BOGONS
/ip firewall filter
add chain=input comment="Accept established connections" connection-state=\
established
add chain=input comment="Accept related connections" connection-state=related
add action=drop chain=input comment="Drop invalid connections" \
connection-state=invalid
add chain=input comment=UDP protocol=udp
add chain=input comment="Allow limited pings" limit=50/5s,2 protocol=icmp
add action=drop chain=input comment="Drop excess pings" protocol=icmp
add chain=input comment="SSH for secure shell" dst-port=22 protocol=tcp
add chain=input comment=winbox dst-port=8291 protocol=tcp
add chain=forward comment="allow established connections" connection-state=\
established
add chain=forward comment="allow related connections" connection-state=related
add action=drop chain=forward comment="drop invalid connections" \
connection-state=invalid
add action=jump chain=forward comment="jump to the virus chain" jump-target=\
virus
add action=tarpit chain=input connection-limit=3,32 protocol=tcp \
src-address-list=blocked-addr
add action=drop chain=virus comment="Drop Blaster Worm" dst-port=135-139 \
protocol=tcp
add action=drop chain=virus comment="Drop Messenger Worm" dst-port=135-139 \
protocol=udp
add action=drop chain=virus comment="Drop Blaster Worm" dst-port=445 protocol=\
tcp
add action=drop chain=virus comment="Drop Blaster Worm" dst-port=445 protocol=\
udp
add action=drop chain=virus comment=________ dst-port=593 protocol=tcp
add action=drop chain=virus comment=________ dst-port=1024-1030 protocol=tcp
add action=drop chain=virus comment="Drop MyDoom" dst-port=1080 protocol=tcp
add action=drop chain=virus comment=________ dst-port=1214 protocol=tcp
add action=drop chain=virus comment="ndm requester" dst-port=1363 protocol=tcp
add action=drop chain=virus comment="ndm server" dst-port=1364 protocol=tcp
add action=drop chain=virus comment="screen cast" dst-port=1368 protocol=tcp
add action=drop chain=virus comment=hromgrafx dst-port=1373 protocol=tcp
add action=drop chain=virus comment=cichlid dst-port=1377 protocol=tcp
add action=drop chain=virus comment=Worm dst-port=1433-1434 protocol=tcp
add action=drop chain=virus comment="Bagle Virus" dst-port=2745 protocol=tcp
add action=drop chain=virus comment="Drop Dumaru.Y" dst-port=2283 protocol=tcp
add action=drop chain=virus comment="Drop Beagle" dst-port=2535 protocol=tcp
add action=drop chain=virus comment="Drop Beagle.C-K" dst-port=2745 protocol=\
tcp
add action=drop chain=virus comment="Drop MyDoom" dst-port=3127-3128 protocol=\
tcp
add action=drop chain=virus comment="Drop Backdoor OptixPro" dst-port=3410 \
protocol=tcp
add action=drop chain=virus comment=Worm dst-port=4444 protocol=tcp
add action=drop chain=virus comment=Worm dst-port=4444 protocol=udp
add action=drop chain=virus comment="Drop Sasser" dst-port=5554 protocol=tcp
add action=drop chain=virus comment="Drop Beagle.B" dst-port=8866 protocol=tcp
add action=drop chain=virus comment="Drop Dabber.A-B" dst-port=9898 protocol=\
tcp
add action=drop chain=virus comment="Drop Dumaru.Y" dst-port=10000 protocol=tcp
add action=drop chain=virus comment="Drop MyDoom.B" dst-port=10080 protocol=tcp
add action=drop chain=virus comment="Drop NetBus" dst-port=12345 protocol=tcp
add action=drop chain=virus comment="Drop Kuang2" dst-port=17300 protocol=tcp
add action=drop chain=virus comment="Drop SubSeven" dst-port=27374 protocol=tcp
add action=drop chain=virus comment="Drop PhatBot, Agobot, Gaobot" dst-port=\
65506 protocol=tcp
add chain=forward comment="Allow HTTP" dst-port=80 protocol=tcp
add chain=forward comment="Allow SMTP" dst-port=25 protocol=tcp
add chain=forward comment="allow TCP" protocol=tcp
add chain=forward comment="allow ping" protocol=icmp
add chain=forward comment="allow udp" protocol=udp
add action=drop chain=forward comment="drop everything else"
/ip firewall mangle
add action=change-dscp chain=output comment="HIT TRAFFIC FROM PROXY" disabled=\
yes new-dscp=4
add action=mark-packet chain=output comment="CACHE HIT" dscp=4 new-packet-mark=\
cache-hits passthrough=no
/ip firewall nat
add action=redirect chain=dstnat dst-port=80 protocol=tcp to-ports=8080
add action=masquerade chain=srcnat out-interface=WIMAX src-address=\
192.168.2.0/24
add action=masquerade chain=srcnat out-interface=WIMAX src-address=\
192.168.0.0/24
/ip ipsec policy
add template=yes
/ip proxy
set cache-on-disk=yes enabled=yes max-client-connections=1000 \
max-server-connections=1000 parent-proxy=0.0.0.0
/ip proxy access
add action=deny comment="block telnet & spam e-mail relaying" dst-port=23-25
add action=deny comment=\
"allow CONNECT only to SSL ports 443 [https] and 563 [snews]" dst-port=\
!443,563 method=CONNECT
add comment="Enable Http Connection" dst-port=80
/ip proxy cache
add action=deny disabled=yes dst-host=":cgi-bin \\\?"
add action=deny disabled=yes dst-host=":cgi-bin \\\\\\\?"
/ip route
add distance=1 gateway=192.168.1.1
/ip upnp
set allow-disable-external-interface=no
/system clock
set time-zone-name=Asia/Dhaka
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set WLAN disabled=yes display-time=5s
set ether1 disabled=yes display-time=5s
set LAN disabled=yes display-time=5s
set WIMAX disabled=yes display-time=5s
set ether4 disabled=yes display-time=5s
set ether5 disabled=yes display-time=5s
/system leds
set 0 interface=WLAN
/system ntp client
set enabled=yes primary-ntp=211.233.40.78 secondary-ntp=218.189.210.3
/system upgrade upgrade-package-source
add address=192.168.2.1 user=admin
/tool graphing interface
add interface=LAN
add interface=WIMAX
add interface=WLAN
/tool graphing queue
add simple-queue="Desktop pc 01"
add simple-queue="Desktop pc 02"
add simple-queue="SYMPHONY W68"
/tool graphing resource
add

Somikov · Tue Jul 29, 2014 4:37 pm

I already answered a few posts above

I read your answer, but later than the written message.
Router reboots because that no response from the server 8.8.8.8.
In one of the five routers installed in intercity buses, stable, every few days, reset settings R52 Wi-Fi adapter on RB411U.
I doubt that the problem in ROS 6.17.
How to diagnose the problem?

Chupaka · Tue Jul 29, 2014 4:43 pm

ping watchdog is enabled by setting an IP address. remove IP address - ping watchdog will be disabled. watchdog-timer is about hardware watchdog

joegoldman · Tue Jul 29, 2014 5:09 pm

Not sure if this is a bug in older versions - only just noticed today with a custom setup - RB 951-2n running ROS 6.17, when a pppoe-client interface is part of a VRF, the default route learned from the ppp connection is not added to the VRF but to the main routing table.

Somikov · Tue Jul 29, 2014 5:16 pm

ping watchdog is enabled by setting an IP address. remove IP address - ping watchdog will be disabled. watchdog-timer is about hardware watchdog

With this, I understood everything. Thank you.
Very often, the router does not have time to restore 3g connection, because the router is rebooted ping timeout.
This happens because that timer counts time from the last attempt.
And so, reboot the router ping timeout can occur 30 seconds after disconnection.
Correct if I'm wrong.

Chupaka · Tue Jul 29, 2014 5:25 pm

probably. I asked for tunable parameters of ping watchdog a few years ago, but still nothing

WirelessRudy · Wed Jul 30, 2014 12:52 pm

Cool, on some routers disapeared configuration after update. Firmwares more and more worse from version to version.

I've now updated some 150 units. Most from 6.15 to 6.17, some from 6.13 or even 6.10. Out of these 150 some 5-7 lost their config.

One particular groove had 6.15 running. It had some (other) issue. Corrected it, unit was up and running. Client had internet. Decided to do a upgrade to 6.17.
After the reboot the unit came up, was present in the AP registration table but I had no access. Not by IP nor mac (winbox). Even the ping didn't got a reply. But is was connected! Client had no internet. Asked him to do a power reset. Antenna is now on my desk. No more access. Have it now on my desk. No access. Reset doesn't bring it back. Guess I have to do a ether-net install.

See if that works.

Other example; Installed newly configure groove with 5.17. Worked fine at my house. Brought to client, installed it and worked fine... for an hour or so. Since than all connectivity lost. Technician went back. No more access. He brought brandnew SXT-Lite with him. That was configured and tested fine in my house for use at other new client. Installed it, worked for some hours... disconnected and not able to reach anymore. Technician has to go back to replace....

Two other Groove's were updated from 5.15 to 5.17 and ceased to work within 12 hours.....

I don't know what is causing this. We have no difficult config. Just wireless station mode with freq. set in scan list and NV2 and 'connect to' list in use. Fixed IP on clients side (ethernet) with dhcp-server and wlan is dhcp-client and firewall has masquerade nat with some simple rules to protect intruders. Some dns and ntp setting and that's it. No tunnels or complicate routing.

It is impossible to make supout.rif because the units become completely in-accessible. This really is something MT has to look at.

WirelessRudy · Wed Jul 30, 2014 1:01 pm

In addition to my last post; IN 6.15 we had some units loosing their config. They were reset. But still able to reach by a mac winbox session. So we could than ren-instate the backup config and it solved the problem.
I've in 6.17 had 2 units that just lost part of their config. No more access to the AP and we found that the wlan interface disappeared in the several instances were it is used ('connect to' list, dhcp-client). Also the dhcp-server had no more interface assigned (should be ether1).
In this case we could mac-winbox in and set the interfaces right on the different settings and the unit worked again...

We didn't make supout.rifs here because these were production units on clients that already complained and the technician's time is already stretched...

This whole 'losing config' or worse started with the introduction of the new wireless package. I am not saying that that is the cause, but it happened at the same time we started to use it...... (so basically 6.15 and higher...)

WirelessRudy · Wed Jul 30, 2014 2:07 pm

Just tried to netinstall some of the units that ceased to work after upgrade to 6.17. Impossible. Although the network adapter in the laptop tells me it is connected, and the led light of the ethernet also shows their is connection, winbox or the netinstall program are not able to talk to the units...
I'll guess it's going to be the RMA process.......

I've now 5 or 6 units after some 100 upgrades... 5% failure rate. Very poor..... I am not happy!
I'll stop further upgrade until we have new, better ros. Probably 6.22 or so......

Wed Jul 30, 2014 2:15 pm

We have found some issue in mips-be that could fix your issue, Rudy. Please wait until tomorrow until we have something to test.

WirelessRudy · Wed Jul 30, 2014 2:31 pm

We have found some issue in mips-be that could fix your issue, Rudy. Please wait until tomorrow until we have something to test.

Well, let's see. But for the 'dead' units it will be too late. They have to be send back I'm afraid. There is no way I can login to these. Winbox nor Telnet 'sees' the units anymore. (I'm referring 2 grooves now. They both worked and only passed away after the remote upgrade fm 6.15 toward 6.17).
I still have to test 2 SXT's I believe, they are on their way to me..

Wed Jul 30, 2014 2:44 pm

We have found some issue in mips-be that could fix your issue, Rudy. Please wait until tomorrow until we have something to test.
Well, let's see. But for the 'dead' units it will be too late. They have to be send back I'm afraid. There is no way I can login to these. Winbox nor Telnet 'sees' the units anymore. (I'm referring 2 grooves now. They both worked and only passed away after the remote upgrade fm 6.15 toward 6.17).
I still have to test 2 SXT's I believe, they are on their way to me..

Netinstall should be able to revive them. If not, maybe you have some other issue with them

rextended · Wed Jul 30, 2014 3:26 pm

I still upgrade all my devices with last 3.17/3.18 BIOS and RouterOS 6.17,
I'm doing that from the day is out,
NO ONE SINGLE PROBLEM,
I'm a WISP and I have updated/upgraded almost 400 mipsbe devices and 10 ppc (RB1xxx) without any problem.

I have near all models on production environment, from RB411 to QRT-5,
the only devices I do not have are mipsle and tilera models.

WirelessRudy · Wed Jul 30, 2014 5:00 pm

We have found some issue in mips-be that could fix your issue, Rudy. Please wait until tomorrow until we have something to test.
Well, let's see. But for the 'dead' units it will be too late. They have to be send back I'm afraid. There is no way I can login to these. Winbox nor Telnet 'sees' the units anymore. (I'm referring 2 grooves now. They both worked and only passed away after the remote upgrade fm 6.15 toward 6.17).
I still have to test 2 SXT's I believe, they are on their way to me..
Netinstall should be able to revive them. If not, maybe you have some other issue with them

Both the 2 Groove's I had the issue were actually running fine and delivering internet to the client.
One groove went completely dead after the upgrade, the other was still connecting to the AP and even getting an IP fm the dhcp-server. But I couldn't reach it and the client had no internet he said. So I asked him to do a power cycle and since that it is dead.

Both are on my desk now, when I try to netinstall (or whatever kind of bootup; normal or with pressed reset button to get it reset) it just beeps, leds come on and go off when button is released (for reset) or after a while (so netinstall should hand out IP to the unit).
In all cases, the unit doesn't come up with its second series of beeps, to tell me the bootup is finished.
And in both cases, winbox won't see the unit and netinstall doesn't show anything neither.... so I really wouldn't know what to do more to these apart from sending them back to supplier....

WirelessRudy · Wed Jul 30, 2014 5:05 pm

I still upgrade all my devices with last 3.17/3.18 BIOS and RouterOS 6.17,
I'm doing that from the day is out,
NO ONE SINGLE PROBLEM,
I'm a WISP and I have updated/upgraded almost 400 mipsbe devices and 10 ppc (RB1xxx) without any problem.

I have near all models on production environment, from RB411 to QRT-5,
the only devices I do not have are mipsle and tilera models.

hmm, strange. But yeah, I also started it when it came out. It is only the last days we find some units are giving the problems. Doesn't mean the problem wasn't there before. It just didn't surface yet. I am not monitoring all clients. Some units might not be seen because they are down but I only react when the client calls. Many client switch their stuff off so If I can see or not see the CPE is not always a proof it is down.

Could you share us with a sample CPE setup? So I can see what differences you might have compared with my relative simple setups. (masquerade secrete/private items).
It could be it has something to do with power issues. We already saw before (6.13, 6.15) that some units lost their configs due a short lived power cut. But they were always recoverable locally.
These ones now are really not accessible anymore.....

rextended · Wed Jul 30, 2014 10:23 pm

The CPE setup is very easy and simple.

wlan1 connected on AP by wpa2 aes-ccm and nv2 security active 5ghz-a/n wireless protocol "any" nstreme active
mode "station", no WDS used.

[this settings are for let the AP choice the protocol mode]

pppoe-client are linked on wlan1 (no ip on wlan1)
MRRU are set to 1614 and MPPE encryption are enabled (not required)
use peer dns are active
change mtu are active (on server side)
on ether1 are one fixed ip with classic DHCP Server network
UPnP active
SNTP active
DNS active (with firewall rule drop request incoming from internet)
normal masquerade.
script for reboot the cpe each 28 days @ 04:00 AM
script each 5 min for activate all ethernet and all wireless interface disabled (for errors....)
all the service stopped, except for winbox and http
firewal sip, ftp and pptp helper active, the others not.
Firewall mangle for mark all connection and packet from client network to internet.
The traffic incoming from internet is not marked.

Queue tree for limit all traffic on out from how many bandwidth client buy. (no burst, pure symmetric bandwidth)
sub queue for prioritizing voip and reserve 64k for each number client own.

ALL THE WIRELESS AND OTHER FIELDS PARAMETERS ARE THE RouterOS DEFAULT.

Nothing particular.

************************

On some of my old post I publish one method to add one script to restore wireless basic config to resetted wlan (how not matter).
Search, and if you have some luck is one anchr of salvation on some cases...

WirelessRudy · Thu Jul 31, 2014 1:56 am

Well, if you call that simple, what do I have? It's even more simple...

wlan1 connected to AP by nv2 and security active only 5ghz-only-n and wireless protocol "nv2" active.
mode "station", no WDS used, freq. set in scan list, default data rates, client mode ANP,
AP with both mac and SSID in separate rules in 'connect to' list. All rest is default.

[In my experience this give the fastest reconnection and most stable connection for clients to AP. CPE's, even in 40+ CPE-AP network reconnect that fast in case of forced disconnect client hardly notices. This setting implemented in the time NV2 was not matured and airmax systems made my links go bananas. These settings were the only way of controlling my network.]

dhcp-client on wlan1
No specific MRRU setting, no MPPE encryption
dns setting set manually
no mtu change nowhere
ether1 fixed IP with classic DHCP Server network
UPnP not active (only at request)
SNTP client set with clock setting
SNMP enabled with some basic info. No further use. (In prep for some future usage.)
DNS active and remote access enabled (old remains in script, its not used. Client request direct to OpenDNS) (Since a year catch all dns requests in border router to dns cache system, that again asks OpenDNS and some others.)

normal masquerade
some standard dst-nat to reach client's wifi router or voip box. (It they have.)
only some script for address>dns name translation for use in mangle (In prep. for some future usage.)
scheduler set to run these daily.
all services enabled exept default disable www.ssl. (Firewall rules only allow outgoing traffic from client network and incoming only for winbox or telnet coming from our internal network. We have one big network. Address translation to public takes place in border router.)
Some mangle rules, not in use. (wrongly made. No time to correct these)
No queues. (Most firewalling, mangle and queueing is done in border router. Queues that could use the mangle marks are not in place. Need correction but thats how it is.)
All rest default.

So basically even more simple than yours.... I don't see any reason why any of these settings would make 'only some' units go down in an upgrade (+firmware upgrade) process.

I still bet on some power issue. I still have to get my SXT back that died on me. Maybe tomorrow late more news.....

rextended · Thu Jul 31, 2014 9:39 am

When you update/upgrade the board, can you add watchdog?

WirelessRudy · Thu Jul 31, 2014 2:47 pm

When you update/upgrade the board, can you add watchdog?

Yes, I can. Or; yes I have. Watchdog is enabled but without IP for test.
That's what I am thinking of to set, a IP that can be tested and if not reachable (due malfunction of the wireless or the radio link, but than again it also works if the AP is malfunctioning. This last is not so desirable because all CPE of a AP-network start to reboot...)
Now the issue is that watchdog is either not in action because the radio still can ping the AP (Because after all, it DOES get IP from AP/dhcp-server. It is just not able to reach by any telnet or winbox session, not from both ends), or the unit is just dead and therefore it also doesn't perform.
The idea would be a reboot might bring it back to life, and the supout.rif produced would be able to use for troubleshooting.
But the mail sending of the supout.rif is not working or the units in total just is inaccessible.

The only I can think of is to set watchdog with a ping to AP, I can then deny troubled unit access to AP so it disconnects and after the wait period the watchdog will produce supout.rif and store it. We only have to hope unit comes back alive afterwards..

But first I need to set 600 units with watchdog ping and an 'pingable' IP in the AP, and than hope (or not) that when I have same issue again evolving, at least that unit might able to produce a supout.rif..... Well, next year maybe. I just don't have the time to do that now, tomorrow or next week.....

rextended · Thu Jul 31, 2014 3:52 pm

>>>...It is just not able to reach by any telnet or winbox session...<<<

And by MAC telnet on winbox -> AP -> ip/neighbors list?

WirelessRudy · Thu Jul 31, 2014 4:44 pm

>>>...It is just not able to reach by any telnet or winbox session...<<<

And by MAC telnet on winbox -> AP -> ip/neighbors list?

I tried from AP side; mac-ping... no reply, ping.... no reply, mac telnet... disconnected, telnet ... no reply,
Then we tried with laptop from ethernet end. (By technician that doesn't know as much as me...) But winbox doesn't even 'see' it. We tried to contact it to its default ethernet IP address (after setting laptop to manual IP in same network) but no reply neither.
Laptop was also not getting IP address from CPE dhcp-server on the lan.
But symbols and lights on devices do notice the connection.

Later on my desk tried all the same from the ethernet end, no way.... just no response whatsoever, even not after 20 mins. (sometimes we have troubled units that only come up after long, long time..)

I didn't try via neighbor list from AP's end when unit was still 'visible' in the reg list but not responding. Since a power cycle mostly helps with 'stalled' radios, the standard is to do a power cycle first. Usually it solves the issue, but now it just stayed completely inaccessible. Off course it was too late than for the neighbor method.

Thu Jul 31, 2014 5:21 pm

>>>...It is just not able to reach by any telnet or winbox session...<<<

And by MAC telnet on winbox -> AP -> ip/neighbors list?
I tried from AP side; mac-ping... no reply, ping.... no reply, mac telnet... disconnected, telnet ... no reply,
Then we tried with laptop from ethernet end. (By technician that doesn't know as much as me...) But winbox doesn't even 'see' it. We tried to contact it to its default ethernet IP address (after setting laptop to manual IP in same network) but no reply neither.
Laptop was also not getting IP address from CPE dhcp-server on the lan.
But symbols and lights on devices do notice the connection.

Later on my desk tried all the same from the ethernet end, no way.... just no response whatsoever, even not after 20 mins. (sometimes we have troubled units that only come up after long, long time..)

I didn't try via neighbor list from AP's end when unit was still 'visible' in the reg list but not responding. Since a power cycle mostly helps with 'stalled' radios, the standard is to do a power cycle first. Usually it solves the issue, but now it just stayed completely inaccessible. Off course it was too late than for the neighbor method.

We have lost 2 devices out of 50 after upgrading to 6.15. Then we stopped upgrading to 6.15. May be this problem persist for a while now. The devices are completely inaccessible. They have ethernet link but no neighbor discovery packets arive and mac-telnet do not work either. Not sure it was 6.15 or the firmware. One Omnitik and one RB411AH.

peydude · Fri Aug 01, 2014 2:57 am

Changing profiles in quickset you get a warning that you could loose connectivity, no matter what i answer it just pops back to my original quickset profile.

Running Chromes and windows 7.

I have confirmed this on Safari and FireFox after I upgraded two SXT-AC units. Has this been confirmed as a bug?

WirelessRudy · Fri Aug 01, 2014 3:16 am

If a pre 6.14 or a 6.15 unit without installed wireless-fp package is updated to 6.17 via the winbox ; "system / packages / Check For Updates / Download & Upgrade" process, is now indeed the new wireless package installed?

I thought so, but since I now see that the Wireless CAPsMAN is still a separate package on the download site I got now the feeling you just update the old 'legacy' wireless package?

Is there anyone that can confirm which wireless package is now actually installed. (If it the new wireless-fp that gets installed it also means you cannot opt for having it NOT installed but the original instead?)

Could it be that some of the 'config lost' issue we see has to do with the fact the wireless package is new?

rextended · Fri Aug 01, 2014 10:38 am

>>>If a pre 6.14 or a 6.15 unit without installed wireless-fp package is updated to 6.17 via the winbox ; "system / packages / Check For Updates / Download & Upgrade" process, is now indeed the new wireless package installed?

Yes is installed, BUT is inactive [if previously are not activated]

>>>Is there anyone that can confirm which wireless package is now actually installed.

Both, but is active only what you have active before update.

>>>(If it the new wireless-fp that gets installed it also means you cannot opt for having it NOT installed but the original instead?)

This not have any importance, if the "-fp" package are disabled, are disabled.

>>>Could it be that some of the 'config lost' issue we see has to do with the fact the wireless package is new?
I do more 5.25/5.26/6.7 to 6.17 (till today ~500 unit) no one single problem.

Who is online