it seems that romon works with the first secret specificated.

In case if i have second one ,that doesn't work.

What is pont for the option that we can specificate more than one secrets?

AFAIK, the reason is if segments use a different RoMON secrets, it can use either. Say ether1 had router with "test1" and ether2 had router with "test2", on the central router with both test1 and test2 as secret it will be able to find them both. So I'm not sure why it doesn't work in your case, as either should work.

exactly, that is the whole point, specifice secret from specific devices. Doesn't work.

has this been tested on your end?

I have a few central routers that use blank and a specific secret (still two entries) that seems to work. At some point, I forgot to set the secret on a group of routers (so it was blank), and I want to say having two secrets (one a blank) worked to get to that group (and then set a RoMON secret to match after). And I left the two RoMON there.

But all the remote routers have one fixed secret in practice...so IDK for sure if this still works. e.g. The real one is the first one, so if your right the 2nd secret do not work, I wouldn't know

i'll go through the wiki once again, then probably i'll ask support

i'll go through the wiki once again, then probably i'll ask support

I've never used the interface-specific ones. But just re-read docs since I wrote from my memory and my usage .
https://help.mikrotik.com/docs/pages/vi ... ON-Secrets

One of the rules is

For each interface, if the interface-specific secret list is empty, a global secret list is used.

so if you have any secrets on item under Ports (including the default "all" I suspose), then NONE of the "global" secrets on main RoMON dialog are used if interface-specific one is set. e.g. from winbox, the interface-specific secret under Ports needs to be gray.

Assuming that's true, then your 2nd secret should work on any remote router used that "2nd secret" as it's 1st secret:

When sending out, messages are hashed with the first secret in list [...]
When received, [...] hashed messages are accepted if they are hashed with any of the secrets in list.

I think part of the idea of having multiple secrets is you can "rotate" the secret hash key... So the two non-blank case should work from my reading of the docs... But on some router it must be the first one listed. It will not match if 2nd secrets any two routers match, since it's first one that's listed that used when sending.