Complaints from v7.17rc [testing]

MOD EDIT:
Moving quite a bit of complaints from 7.17rc thread over here


It’s definitely a challenge for managing MikroTik devices, especially in enterprise settings. A cloud provisioning portal would be a great solution for easier management.

I have a big stack of MikroTik devices here at home that I test betas and RCs long before putting things into production. I don’t have half the issues these people speak of. That said, when I do have an issue, it’s great that I’m testing it in a lab where it doesn’t matter, instead of on my enterprise production devices running a multi-million dollar business that no one would be happy if I tested on!

Can’t imagine how fun it would be as all the complainers are, to discover changes to /system/device-mode and to /interface/bridge/vlan in production…. That said, I love the changes made thus far, and look forward to my planned rollout.

Take it easy anyway, and REPLACE the devices (with equal but updated) or do netinstall on the place…
You can’t even imagine how many things you CANNOT test in the lab… One above all, the history of previous versions and the aftermath left by these…

my knee jerk reaction, and I will keep bringing this up until I’m blue in the face.

IF team MIKROTIK is LISTENING…

• Develop a damned cloud portal for us “enterprise” [IT/MSP/WISP/Enterprise/Professional] for us to manage and provision XYZ devices [Pro/Enterprise] type of hardware MikroTik develops. This would create the added layer of security and enough of this randomized password bullshit and this device-mode “Just press the button, its okay!”

We cannot ask customers to touch their equipment, otherwise costs us truck rolls. We are starting to leave MikroTik, you’re not listening - you’re not taking your Trainers, WISP/ISP customers seriously.. its’ a joke.

And now MikroTik is working with Ampere…

We realize MIkroTik is focusing on a level of security and safety for their hardware.

Our opinion:

hAP, SOHO routerboards == Consumer / Lab / end-users. Use Winbox, WebFig to manage. These are OKAY to use the randomized passwords on stickers. End-User MUST keep track. Or rely on the higher quality sticker to hold up over the years. We have concerns about the outdoor equipment and the stickers – see next comment.

it is a pain in ass for us as IT/WISP/MSP/Professionals to keep track of randomized passwords for EACH hardware device we deploy to customer. We have to develop a process, document and store the password. Or at worse, find the original order and ask distribution for the password for the particular device serial/MAC.

If MIkroTik HAD a Reseller or PARTNER portal – this would be easier and more uniform. We give our MikroTik Partner ID or customer portal ID to our distributors of choice, and when orders are placed everything will be stored or kicked over to the MikroTik partner account…

For the “enterprise” level equipment, there needs to be another way.

Also think about this - For those of us that deploy MikroTik switching gear. What happens if we have to for some reason factory reset a switch, or a new high-end MikroTik POE switch or upcoming Ampre gear… The switch will be in a RACK, mounted and most likely very difficult to access and read the sticker. We would have to defer to original order, or documentation. It is kind of silly to have to document every device serial/mac and associated default password. What if a users password vault, spreadsheet or other system was compromised?

Or say a bad actor at an organization could easily factory reset the MikroTik gear and laugh as they know they’d be locked out not having the original password documented.

Cloud device provisioning we can set the device(s) passwords per network or device.

We are NOT upgrading to 7.17 until we know what the plan is for device-mode. Even if there are the needed wireless qcom-ac and wireless AX driver fixes/improvemens.

MikroTik -Focus on the open bugs, issues and feature requests. Cut the crap with the ROSE. This does not belong on a router, it is cool for home lab or people that way to tinker. Release it as own operating system with the packages enabled by default.

We’re still waiting on CAPsMAN improvements [Config sync]
MLAG
Router High Availability via a Wizard [Not just manual VRRP], with config sync to active spare.

cloud and security. lol. keep your enterprise stuff.

There is never a perfect world. But for certain device types, cloud provisioning these days is leading the way. There also needs to be local management. If we cloud provision, the device info and network/device password would be saved at an administrative level. We copy password and use it to access the device locally [if cloud provisioned].

Cloud device management is as secure as using cloud password vaults. Go ahead, there are many enterprise hardware vendors out there. I for myself chose Mikrotik, because they dont do (and obviously honestly dont believe in) that Cloud crap.
Sry for the offtopic post.

or for us to test these new beta releases and improvements. Could MikroTik instead fork the releases into different types

IE:
7.17rc release with “security/lock-down mode”
7.17rc release without lock-down mode, but contains all new improvements,fixes, enhancements. etc

at some point we had to deploy around 800 cap ac for a hotel. of course managed by capsman. so with the old v6 ros, this was done in a few days, just resetting the new device and upload a minimal config that would set a few things took us around 1.5 - 2 min per device.
imagine now with DEVICE PASSWORD. read what’s written on the small label, then type it in, then change password to something normal… and after some time you start making errors and takes more and more time to read the small label. i think i’d start throwing them to the wall and then destroy everything around me and go to a mental healthcare.
and then if somewhere along that path entered some device mode and we had to do even MORE work to change some settings. hell no.
i really have no idea why the f you started with random passwords, and now with this device mode bullshit.
you’re not considering that IT PEOPLE don’t want to make their own life more difficult. but you’re making it more difficult with this nonsense choices.

PS i’m still waiting for the day you return real superchannel with all frequencies open. until that happens, bye bye mikrotik ptp.

10000% this and feel your fustration. Similar experience and feelings.

YES! I thought i was the only one.

YES! but in this case this will break stuff already deployed
don’t worry, it’s just a button press! (times 800 Cap’s hidden in the pigeon holes)
i’d imagine it would be easier to get approval to cycle power site-wide (plus, no dealings with safety people!)

YES!
And the fact those passwords are not also on a QR code, is evidence they are doing this just to taunt us.

I like you
We should meet at the MUM for some beers

There are two classes of crazy people in this thread:

• The ones that operate telecom networks
• The ones that cooked “device mode” and brought it to RC status

This thread speaks for itself, please rethink device-mode and don’t give a shit. We have been switching to MTik devices for some time, but now we can move on to other manufacturers. Thanks!

This year several of the largest “cloud providers” had 0day events, allowing hackers to take over your network during device provisioning. Please follow security blogs, it’s not as the pretty advertisements say. We take security very seriously, and working on our own controller, we are taking all this into consideration. Rushing cloud solutions gets you hacked.

Can you please describe in full sentences how device-mode is interfering with your workflow? What was implemented in first beta releases is no longer in 7.17rc.

I try to answer for all those who work there, and don’t play there at home.

!) device-mode - after upgrade, mode “enterprise” is renamed to “advanced”
No problem on this.

and traffic-gen [feature will be disabled]
I do not mind, I never use this feature on production or on non-core devices.

partition (command “repartition”) [feature will be disabled]
on production only a foolish change number of partition with the risk of lose the device…
if everything else can be done, who cares…

routerboard [feature will be disabled]
What exactly is disabled? The entire menu?

install-any-version [feature will be disabled]
Given that this thing can be TRIVIALLY circumvented, this could be an extremely annoying thing,
maybe MikroTik provides a version of RouterOS to solve some problem, but the customer can no longer do as before, that is, freely install it.
Also the fact of no longer being able to put a previous version, compared to those available in the menu,
which perhaps circumvents a bug present on the new versions, as OFTEN happens,
is a real pain in the ass if one has to reach a device mounted 200Km away just to turn it off and on again…

(additional fixes);
What???



The most obvious thing to do,
that a company respecting its customers should think about on its own, without the need for users to complain,
is to activate the new mode only in devices purchased new, which already have 7.17 and leave those already in PRODUCTION as they are,
without creating further burdens of WORK.
Often those who WORK there suggest to the administrations what to buy,
if you “bother too much” those who WORK there, with useless and ridiculous work, in the end they will change brands FOR SURE.

Thank you for these clear words. I appreciate Mikrotik’s position on the cloud topic.

One of the most beautiful sentences read on the forum.

@ Normis

mine is a question without controversy. It seems clear that Mikrotik is focusing on the domestic market and I can only be pleased about this, personal opinion. Have you ever thought of dividing ROS into an Enterprice branch and a Home branch, the latter with only the minimum packages (DLNA comes to mind - Media useful at home but perhaps not much in an Enterprice environment) perhaps with small step-by-step guided procedures? I know it would be a double version to maintain but in my opinion the Home version would be much simpler. The hateful problem of the 16MB flash memories of Home devices (AC2 for example) could be solved in one fell swoop. As a home user, I am in love with Mikrotik and ROS and where I could, even at relatives and friends’ houses, I installed a Mikrotik but sometimes I lost hours configuring everything 100%. A Home version perhaps even more concentrated only on WebFig instead of Winbox with small guided procedures, guides and advice would not be bad. Let’s be clear, in a Home environment you hardly use ROS in a complete way, once you create a wizard for: opening TCP/UDP ports, VPN, Media Sharing, Wifi with easy procedures to add a second RB as a repeater/access point you have almost completely satisfied home users and you could afford not to touch this “ROS-Home Edition” for months. It goes without saying that any device modes etc. on Home devices you could apply without too many problems and concentrate on more structured procedures for Enterprice users. If we look, all router manufacturers that sell both in the Enterprice and Home market have double versions of their ecosystem/system and in my opinion you should seriously consider this possibility if, as I think, you have rightly decided to enter the home-domestic market. Even if it has little to do with the discussion, I would invite Mikrotik to take our comments/suggestions a little more seriously and in my opinion only something good can come out of it, see the retracement of the much more restrictive device mode on the first betas of 7.17.

routerboard [feature will be disabled]
What exactly is disabled? The entire menu?

yes, but the only meaingful thing you can do there, is enable boot from network without touching the device. now you need to press the button, to change this menu.

install-any-version [feature will be disabled]
Given that this thing can be TRIVIALLY circumvented, this could be an extremely annoying thing,

how can this be circumvented?
the idea behind this function is to only allow versions without known security bugs / CVEs in this list. to install other version apart from this list, a button press is needed. that is all. it is not forbidden. it just requires a button press.

This is again a new offtopic. Is this a 7.17 question?

It seems clear that Mikrotik is focusing on the domestic market

that’s not true, we have more professional switches than ever, etc. we have many products.

Have you ever thought of dividing ROS

when extra space is needed, we already do that. if there is plenty of space in a device, you can simply ignore features you do not use. we don’t plan to separate RouterOS. it was always our main goal, any device can do anything. you don’t need to pay thousands to use ospf etc.

We provide other means to help the basic users - they can use MikroTik smartphone app and use the Wizard to configure the router. But if they later decide to learn, all the tools are in there. No need to pay extra or to change the device.