What’s new in 7.17beta5 (2024-Nov-13 12:51):
!) device-mode - after upgrade, mode “enterprise” is renamed to “advanced” and bandwidth-test, traffic-gen, partition (command “repartition”), routerboard and install-any-version features will be disabled;
!) webfig - redesigned HTML, styling and functionality (additional fixes);
*) bonding - hide mlag-id property on non-compatible devices;
*) bridge - added message for inactive port reason;
*) bridge - added priority setting to manually elect primary MLAG peer (CLI only);
*) bridge - fixed MVRP registrar and applicant port options;
*) bridge - prioritize MAC selection from Ethernet interfaces when using auto-mac feature;
*) bridge - re-synchronize MLAG system-id when bridge MAC changes;
*) bridge - update dynamic MSTI priority value when changing configuration;
*) certificate - do not download CRL if there is no enough free RAM;
*) certificate - do not show not relevant values for certificate template (CLI only);
*) certificate - removed unstructured address field support;
*) chr - added Chelsio VF driver for PCIID 5803;
*) console - added json.no-string-conversion to :serialize;
*) console - increased w60g scan-list size to 6;
*) console - show system-id in export for CHR;
*) container - fixed user and group ID range;
*) container - improved container shell;
*) defconf - do not add default password for CAP mode configuration on older Audience devices without a password;
*) detnet - remove dynamic DHCP client creation;
*) device-mode - added “allowed-versions” list which are allowed to be installed without “install-any-version” mode enabled;
*) device-mode - added routerboard, install-any-version and partitions features;
*) device-mode - limit device-mode update maximum allowed attempt count which can be reset only with reboot or button press;
*) device-mode - provide more precise device-mode update action printout;
*) dhcp-server - improved stability (introduced in v7.17beta4);
*) dhcp-server - use single RADIUS accounting session for IPv4 and IPv6 when dual stack is used (additional fixes);
*) dhcpv6-client - improved system stability when DHCPv6 client is enabled on non-existing interface;
*) dhcpv6-client - log message when response with invalid transaction-id received;
*) dhcpv6-server - added IPv6 address delegation support;
*) dhcpv6-server - improved system stability when removing actively used DHCPv6 server;
*) disk - add support for SWAP, currently allowed on any block device with “set x swap=yes” when container package is installed (CLI only);
*) disk - added “type=file” for file-based block devices, useful for using file as a swap, or when having file-based filesystem images (CLI only);
*) disk - added btrfs filesystems list (CLI only);
*) disk - auto mount iso and squashfs images;
*) disk - fixed managing and cleaning up mount points;
*) disk - fixed raid role auto selection for up to 64 drives;
) disk - recognize virtual sd interfaces;
*) disk - show usage as percentage (CLI only);
*) dns - added option to create named DNS servers that can be used as forward-to servers (additional fixes);
*) ethernet - improved linking after reboot for hAP ax lite devices (“/system routerboard upgrade” required);
*) ethernet - improved stability after reboot for Chateau PRO ax;
*) ethernet - improved system stability for CCR2004-1G-2XS-PCIe device;
*) firewall - added support for random external port allocation;
*) firewall - improved matching from deeply nested interface-lists;
*) ftp - added VRF support;
*) gps - LtAP mini, change default GPS antenna for new devices;
*) iot - added additional debug for LoRa logging;
*) iot - added support for USB Bluetooth dongles (LE 4.0+) which enables Bluetooth functionality;
*) iot - LoRa LNS improvement;
*) iot - modbus rework which improves Tx Rx switching behavior;
*) ipsec - ike2 improved process for policies;
*) lte - disabled ims service for Chateau 5G on operator “3 AT” network (PLMN ID 23205);
*) lte - drop operator selection support for R11e-4G modem as it is unreliable;
*) lte - fixed network registration for R11e-4G modem (introduced in v7.17beta2);
*) lte - fixed SMS sender parsing;
*) lte - improved R11eL-EC200A-EU modem firmware upgrade procedure;
*) lte - improvements to modem “firmware-upgrade” command (additional fixes);
*) lte - MBIM increased assignable APN profile count up to 8 then modem firmware allows it;
*) lte - modem firmware update (FOTA), added support to install provider specific version (additional fixes);
*) lte - set “sms-read=no” and “sms-protocol=auto” as default values;
*) modem - KNOT BG77 modem, improved handling of modem unexpected restarts;
*) netinstall - removed unused “Get key” button;
*) netwatch - fixed IP address variable for DNS probe;
*) ospf - improved stability on configuration update;
*) ovpn-client - added tls-crypt, tls-crypt-v2 support;
*) pimsm - improved system stability after interface disable;
*) poe-out - added low-voltage-too-low status;
*) poe-out - reset PoE-out configuration before reboot when using reset-configuration command;
*) poe-out - upgraded firmware for CRS354-48P-4S+2Q+ device (the update will cause brief power interruption to PoE-out interfaces);
*) port - more detailed print command output, include in “USED-BY” property channel number(s);
*) ppp - add routes in matching VRF;
*) ppp - added support for bridge-port-trusted configuration via ppp profile;
*) ppp - do not print local/remote pool related errors in log when configuration does not require pool usage;
*) ppp - fixed typos in log message;
*) ptp - added PTP support for CRS320-8P-8B-4S+ and CRS326-4C+20G+2Q+ devices;
*) ptp - fixed synchronization on QSFP28 interfaces;
*) romon - added dynamic switch rules on devices supporting it when enabling the service;
*) romon - added interface-list support;
*) route - fixed discourse attribute print;
*) route - fixed possible issue with inactive routes after reboot (introduced in v7.16);
*) routing-filter - fixed subtract and add for numerical values (+x, -x);
*) sfp - fixed 1Gbps supported rate for RB960 and RB962 devices;
*) sfp - improved SFP28, QSFP28 interface stability using DAC cable for CRS520 switch;
*) snmp - added wifi fields to MIKROTIK-MIB (additional fixes);
*) ssh - do not regenerate host key after update from RouterOS version older than 7.9;
*) ssh - fixed password authentication (introduced in v7.17beta2);
*) ssh - improved logging;
*) supout - added BGP advertisements section;
*) switch - fixed storm-rate accuracy on 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) switch - improved system stability for RB5009 and CCR2004-16G-2S+ devices;
*) switch - updated dynamic switch rules when using HW bridge with IGMP snooping (224.0.0.0/24 and ff02::/16 destination addresses are forwarded and copied to CPU) (additional fixes);
*) vpls - added support for bridge-pvid configuration;
*) webfig - allow download from file details;
*) webfig - reduce flickering when table is sorted by column with duplicate values (additional fixes);
*) wifi - add information to each interface, showing which CAPsMAN manages it or which CAP hosts it when applicable;
*) wifi - added station-roaming support (additional fixes);
*) wifi - fixed failure with “auto” peer update on the OWE interface;
*) wifi-qcom-ac - fix possible conflict between radio and USB initialization on hAP ac2;
*) wifi-qcom-ac - improved CPU load balancing and system stability;
*) winbox - added Enable/Disable buttons under “Tools/Graphing” menus;
*) winbox - allow to edit Ethernet MAC address;
*) winbox - refresh values under “Bridge/VLANs/MVRP Attributes” menu;
*) winbox - renamed wrong invalid interface flag to inactive;
*) x86 - Realtek r8169 updated driver;
Did not age well.
*) disk - add support for SWAP, currently allowed on any block device with "set x swap=yes" when container package is installed (CLI only);
It was a bait. You can thank me later 
I’m not sure if this topic is entirely relevant here, but I would like to clarify what I mean when I say I hope MLAG will be fixed.
In the diagram, I’ve shown how the switches are connected, managed through a VLAN interface. SW2 and SW3 are configured in MLAG with each other, as are SW4 and SW5 (L3 hardware offloading is disabled). When any of the secondary peers restarts, everything is fine; there’s not even an interruption between SW1 and SW6, and all switch management addresses remain accessible. However, in more than 50% of cases, when one of the primary peers (SW2 or SW4) is restarted, L3 connectivity to the management VLAN of one of SW1, SW2, SW4, or SW6 is lost, requiring an additional reboot.
More on the topic is written here.
http://forum.mikrotik.com/t/mlag-bridge-not-work-in-ros-7-7-7-8-7-9-ok-in-ros-7-6/166477/1
http://forum.mikrotik.com/t/mlag-breaks-access-to-switch-half-solved/162859/1
http://forum.mikrotik.com/t/mlag-hopelessly-broken/167137/1
The same topology, but built with CRS326-24S+ switches and ROS 7.6, works without these issues. This is why I want to point out that the CRS520-4XS-16XQ-RM cannot be downgraded to 7.6 because the minimum version for this switch is 7.15.1.
satboxbg
please make a separate topic. we only discuss changes between latest and previous beta in this topic.
Thank you for the note, normis, and I apologize.
I’m glad to hear there’s an improvement in the bridge functionality in 7.17beta5, which I eagerly anticipate.
*) bonding - hide mlag-id property on non-compatible devices;
*) bridge - added message for inactive port reason;
*) bridge - added priority setting to manually elect primary MLAG peer (CLI only);
*) bridge - fixed MVRP registrar and applicant port options;
*) bridge - prioritize MAC selection from Ethernet interfaces when using auto-mac feature;
*) bridge - re-synchronize MLAG system-id when bridge MAC changes;
*) bridge - update dynamic MSTI priority value when changing configuration;
Congratulations on the hard work.
Was able to upgrade through the App of both my RB4011 and cAP AX. The (two) wAP AX’s do not upgrade (hangs on “Download in progress”, nothing else happens). Nothing in the logging. Will try with Winbox tonight (currently off site). Anyone else having the same issue?
For who is interested, upgrading from cli does work:
/system package update check-for-updates
/system package update install
I just upgraded following devices without any hitch (home/lab setup):
RB5009
AX2
wAP AX
AX Lite
Hex Refresh
*) vpls - added support for bridge-pvid configuration;
Great news! Thanks Mikrotik Team!
For radio guys: I am from Czechia and enclosed link show exact allowed conditions for 5GHz frequency spectrum - https://ctu.gov.cz/sites/default/files/obsah/stranky/74784/soubory/vo-r-12-11.2021-11enfin.pdf It is clearly visible, that you limited frequency and power more strict than allowed by our regulator office. For example, if I have hAP ac^2 with 2.5dBi (isotropic) antenna - we have allowed 1W e.i.r.p. (30 dBm) - but you allow set only 26 + 2.5 = 28.5 dBm (0,71W) and I can not set more. In addition we have more allowed spectrum than in ETSI EN 301 893.
That is the reason, I have requested for “superchannel” for wifi-qcomm-ac. But reply for my ticket was - sorry - superchannel is not supported in wifi-qualcomm-ac, only in wifi-qualcomm. Checkmate.
Hmmm … what does /interface/wifi/radio/reg-info country=Czech show on your device? On my audience (running 7.15.3) it says
ranges: 2402-2482/20
5170-5250/23/indoor
5250-5330/23/indoor/dfs
5490-5710/30/dfs
Which more or less corresponds with limits from “your” document). BTW numbers in above table are EIRP, actual Tx power is reduced by antenna gain. BTW2 if chipset capability is lower, then that’s limitation which can’t be circumvented.
*) ovpn-client - added tls-crypt, tls-crypt-v2 support;
.
This is huge … THANKS Mikrotik Dev Team <3
Thanks, testing quad9 now!
I’m trying this new address delegation support but no clients would get IPv6 from DHCPv6.
Here’s my config:
[cesar@RB5009] > /ipv6/dhcp-server/export
/ipv6 dhcp-server
add address-pool="" interface=bridge lease-time=1d name=dhcpv6 prefix-pool=pppoe
[cesar@RB5009] > /ipv6/nd/export
/ipv6 nd
set [ find default=yes ] advertise-dns=no interface=bridge managed-address-configuration=yes
The IPv6 pool is a /64. IPv6 from RA works just fine, but DHCPv6 doesn’t even with managed-address-configuration=yes.
Other RouterOS’ in the same network with /ipv6/dhcp-client/add request=address are stuck in status=searching….
Am I missing something?
Just guessing: you have to set address-pool to some existing pool for DHCPv6 server to hand out addresses (seems like it uses prefix-pool only to hand out prefixes). And quite likely you have to provide a pool with same prefix length as is used on interface (and probably router’s address on that interface should belong to same prefix as address-pool). Which means you can’t simply set address-pool to pppoe, you probably have to create a pool with longer prefix (a part of large pool).
I think I have identified an issue causing DNS crashes in all versions of 7.16.x and 7.17betaX.
Simply enabling the following code reproduces the problem:
/ip dns static
add address-list=DNS_DMN-BYPASS disabled=yes forward-to=8.8.8.8 regexp="(\\.|^)[a-zA-Z0-9]+\\.[a-z][a-z]+\$" type=FWD
add address-list=DNS_DMN-BYPASS disabled=yes forward-to=8.8.8.8 regexp="(\\.|^)[a-zA-Z0-9][-a-zA-Z0-9]+\\.[a-z][a-z]+\$" type=FWD
After rebooting, you’ll notice that the dns dynamic-servers list is empty, indicating an abnormal DNS state.
However, once you disable these two lines and restart RouterOS, the dns dynamic-servers function returns to normal.
I have confirmed this issue in tests on 7.17beta5.
please check ticket SUP-167541
Oh well I guess not!
DoH server response not OK: 502: no downstream server available
And now the good, for the first time EVER! an iphone went from my cAP ax upstairs to the gym in an out building roaming to my hAP ax2 2.4g… came back in and re-connected back where it came from with no drama. I’ll say again, this has never happened. 33:25 -70 to -78
Please, update the documentation on how to use the new options for device-mode.
You must use address-pool instead of prefix-pool and address pool specified prefix-length must be /128. Other than that you have gotten the idea correctly - IPv6/ND must be used to advertise managed-network for end devices.
I see that logging of container actions was changed (but can’t find anything related in the changelog), now every container start logged to the system log =
I have a container which is started every 5 minutes by the scheduler, did the work and stops, now my log is spammed with this:
2024-11-14 20:55:38 container,info,debug container cd2ee075-7e28-4973-ab16-05e6d32fb75f started
2024-11-14 20:55:39 container,info,debug container cd2ee075-7e28-4973-ab16-05e6d32fb75f exited, status: 0
2024-11-14 21:00:38 container,info,debug container cd2ee075-7e28-4973-ab16-05e6d32fb75f started
2024-11-14 21:00:39 container,info,debug container cd2ee075-7e28-4973-ab16-05e6d32fb75f exited, status: 0
2024-11-14 21:05:38 container,info,debug container cd2ee075-7e28-4973-ab16-05e6d32fb75f started
2024-11-14 21:05:39 container,info,debug container cd2ee075-7e28-4973-ab16-05e6d32fb75f exited, status: 0
2024-11-14 21:10:38 container,info,debug container cd2ee075-7e28-4973-ab16-05e6d32fb75f started
2024-11-14 21:10:39 container,info,debug container cd2ee075-7e28-4973-ab16-05e6d32fb75f exited, status: 0
2024-11-14 21:15:38 container,info,debug container cd2ee075-7e28-4973-ab16-05e6d32fb75f started
2024-11-14 21:15:39 container,info,debug container cd2ee075-7e28-4973-ab16-05e6d32fb75f exited, status: 0
2024-11-14 21:20:38 container,info,debug container cd2ee075-7e28-4973-ab16-05e6d32fb75f started
2024-11-14 21:20:39 container,info,debug container cd2ee075-7e28-4973-ab16-05e6d32fb75f exited, status: 0
2024-11-14 21:25:38 container,info,debug container cd2ee075-7e28-4973-ab16-05e6d32fb75f started
2024-11-14 21:25:39 container,info,debug container cd2ee075-7e28-4973-ab16-05e6d32fb75f exited, status: 0
2024-11-14 21:30:38 container,info,debug container cd2ee075-7e28-4973-ab16-05e6d32fb75f started
2024-11-14 21:30:39 container,info,debug container cd2ee075-7e28-4973-ab16-05e6d32fb75f exited, status: 0
2024-11-14 21:35:38 container,info,debug container cd2ee075-7e28-4973-ab16-05e6d32fb75f started
2024-11-14 21:35:39 container,info,debug container cd2ee075-7e28-4973-ab16-05e6d32fb75f exited, status: 0
2024-11-14 21:40:38 container,info,debug container cd2ee075-7e28-4973-ab16-05e6d32fb75f started
2024-11-14 21:40:39 container,info,debug container cd2ee075-7e28-4973-ab16-05e6d32fb75f exited, status: 0
2024-11-14 21:45:38 container,info,debug container cd2ee075-7e28-4973-ab16-05e6d32fb75f started
2024-11-14 21:45:39 container,info,debug container cd2ee075-7e28-4973-ab16-05e6d32fb75f exited, status: 0
2024-11-14 21:50:38 container,info,debug container cd2ee075-7e28-4973-ab16-05e6d32fb75f started
2024-11-14 21:50:39 container,info,debug container cd2ee075-7e28-4973-ab16-05e6d32fb75f exited, status: 0
2024-11-14 21:55:38 container,info,debug container cd2ee075-7e28-4973-ab16-05e6d32fb75f started
2024-11-14 21:55:39 container,info,debug container cd2ee075-7e28-4973-ab16-05e6d32fb75f exited, status: 0
How to disable exactly these type of messages?
I understand that I can disable logging entirely for the container, but I need to keep container stdout messages, just disable start/stop actions.
P.S. disabling logging for the specific container didn’t help, It’s still spam start/stop to the system log =
P.P.S forked SUP-171389