That is not a required feature, you can assign the VLAN in the bridge.
What is missing is the dynamic assignment via RADIUS or bridge filters.
Request:
- New “CCR2004” rackmount hardware ( 24x1G, 4x10G port) with external 2x USB ports, internal 2x M.2 Storage port
The current CCR2004 lack of USB and Storage connection ports ( no LTE modem connection), this is ridiculous.
Mikrotik loves “cheap” SOC so use the “RTL9301-CG” chip with the ARM64 CPU with external USB and internal Storage ports.
Request: some function to “compact databases” so that the size of the databases again corresponds to what you would have after a
“reset configuration” and an “import” of the current configuration (plus things like certificates etc).
As it is now, the databases size tends to increase over time, resulting in large backup files and problems with storage on 16MB flash.
Not sure if this is already asked, please put configuration change log into separate topic, for eg. system,info,configuration to have ability to filter it out without filtering other logs from system,info topic. When configuration change logging was introduced into system,info topic, log can get bloated with these records for eg. in case when some shceduler is changing configuration multiple times during the day and it would be nice to have ability to filter this out.
Or more general: add an extra topic to each and every unique log message, which is some numeric code that uniquely identifies that particular message.
That allows us to easily log or exclude particular messages.
[feature request]
WinBox Keyboard hotkey navigation
to be activated for example pressing [ALT] twicethen the menu items could, for example, be iterated through a-z and on submenus (like MPLS, etc.) the iterations could move over to the submenu
so navigation could be much faster, hence one can navigate with the keyboard anyways for adding entries ( [INS] key) or de/activating items ( [STRG]+[D] / + [E] )MT-featReq_winbox_keyboardShortcutNav.png
still waiting
Feauture request
Please add
address-list on ros 7
Policy Routing Rule
Thank you
The underlying OS does not provide that feature!
In the WinBox script editor WHY there is not the line number and the column number of the cursor?
When you run a script you get errors referring to a line/column!
On devices capable of it, for PoE besides the auto-on setting that attempts passive PoE, also provide a 802.3af/at setting that only attempts standards-compliant PoE negotiation.
On the Products page of the website, improve the “filter” section to serve as a product selector.
Ideally, all features available across all models would have a section or checkmark there.
Like:
- number of ethernet ports and their speed
- RAM size
- Flash size
- CPU architecture
- CPU performance
- supply methods
- USB
- RS232
- Mini-PCIe
- M.2
- etc
(of course best if the selections are automatically populated based on the info about products, so new features appear here without risk of being forgotten)
On the Products page …
what also would be a convenience on the “Specifications” Page → Link the Row “License Level” direktly to the License Levels Help Pages
Ive been using Mikrotik for a few years now and there are a few things I’d love to see to make things a bit slicker. I have a background in networking earlier in my career, and I’ve worked a lot with Cisco ASA/Enterprise Switches/Routers & ASR and Palo Alto, plus HP/3Com so my requests are somewhat influenced by this. I only use Mikrotik at home.
My main asks are around config changes
-
Take a safe mode approach by default. or at least have a configuration setting that allows this to be turned on by default, needing manual exit of safe mode each time to be fully commited. Eg on Cisco I have to write mem/commit, as with many other vendors. Better to be able to reboot to back out changes Vs being locked out because you forgot to enable safe mode and really screwed something up by accident
-
Be able to see a clear difference of what was changed before committing. The current audit log is not very helpful as it just says things like “firewall rule moved” but without further detail - I want to know exactly what changed; a ‘rollback commit’ feature would be amazing.
-
Logs - Show the action taken on a firewall rule. The current format is esoteric and needs you to rely on giving meaningful log prefixes so that you know if it was dropped, accepted, whatever
-
I find that I can’t really trust exports & backups. Just today I noticed user accounts missing which are critical for access, and certs can be a pain aswell. It would be nice to know that I have a full, complete backup that I can load on a fresh device and be fully back as it was in a couple of clicks
-
Lower the barrier to entry and adoption. These are amazing devices with a challenging learning curve and an extremely unforgiving UI and CLI if not used with care. Improve quick start type features to make it easier to segment your network. Why let Ubiquiti and TP-Link take market share through a reputation of being too tricky? I am a power user in most sense but still feel like a rookie on Mikrotik (some incredibly helpful people around here help there, though).
Adlist whitelist function would be great!
More Fans.
http://forum.mikrotik.com/t/adlist-whitelist/177425/1
Logs - Show the action taken on a firewall rule. The current format is esoteric and needs you to rely on giving meaningful log prefixes so that you know if it was dropped, accepted, whatever
I find that I can’t really trust exports & backups. Just today I noticed user accounts missing which are critical for access, and certs can be a pain aswell. It would be nice to know that I have a full, com
+1 on 3 and 4
note to MT on “4”:
optionally make the binary “.backup” files not bound to the device it has been created on. e.g., maybe give a option to save a .backup for other devices so for example MAC addresses do not get overwritten but stuff like certificates and user/user group information is saved and restored on another mikrotik device
Re: … optionally make the binary “.backup” files not bound to the device …
It would be a useful feature to be able to make a backup that is portable to a different replacement Mikrotik device.
-or- even better
It would be very useful to have a new restore/import feature which would allow a replacement Mikrotik router to import a foreign ( a backup from a different Mikrotik router ).
Where the new imported/restored configuration has two options when restoring.
- Restore foreign backup and replace the current running configuration ( does not restore stuff like MAC addresses )
- Restore foreign backup and add to the current running configuration ( Does not auto reboot - does not restore stuff like MAC addresses )
North Idaho Tom Jones
It would be a useful feature to be able to make a backup that is portable to a different replacement Mikrotik device.
that’s what i meant
So does that mean that if my MT dies and I get another unit exactly the same, I cannot restore from the backup? I’d have to use commands from an export? yikes, i didn’t know that. Then +1 to the above!
- I find that I can’t really trust exports & backups. Just today I noticed user accounts missing which are critical for access, and certs can be a pain
You are right, it is a real pain that users and certificates are not included in /exports, not even with show-sensitive or other options!
That certainly should be fixed.
- Logs - Show the action taken on a firewall rule. The current format is esoteric and needs you to rely on giving meaningful log prefixes so that you know if it was dropped, accepted, whatever
True. I don’t mind that much that you need to put the action taken in a log prefix, but I do want to have the option to specify that the log message includes either what it is now (default) or an extended dump of the packet.
As I understand that a full packet dissector would cost valuable space in the code, it would be acceptable when one can log the header or the full packet in HEX so it can be decoded elsewhere.
For example, I am now studying the use of bad MSS values in TCP SYN, and while one can filter packets based on MSS, the log message issued when it matches a packet does not include the actual MSS value.
To get the affected packet it would have to be sent using a “sniff” action but that can only be done in “mangle”, making the whole setup overly complex.