Community discussions

 
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1352
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

v6.38 [current] is released!

Mon Jan 02, 2017 2:41 pm

To upgrade, click "Check for updates" at /system package in your RouterOS configuration interface, or head to our download page: http://www.mikrotik.com/download

Important note!!!
RouterOS v6.38 contains STP/RSTP changes which makes bridges compatible with IEEE 802.1Q-2014 by sending and processing BPDU packets without VLAN tag.
To avoid STP/RSTP compatibility issues with older RouterOS versions, upgrade RouterOS to v6.38 on all routers in Layer2 networks with VLAN and STP/RSTP configurations.
The recommended procedure is to start by upgrading the remotest routers and gradually do it to the Root Bridge device.
If after upgrade you experience loss of connectivity, then disabling STP/RSTP on RouterOS bridge interface will restore connectivity so you can complete upgrade process on your network.

!) ipsec - added IKEv1 xauth user authentication with RADIUS "/ip ipsec user settings set xauth-use-radius=yes";
!) ipsec - added IKEv2 support;
!) ipsec - added IKEv2 EAP RADIUS passthrough authentication for responder;
!) ipsec - added support for unique policy generation;
!) ipsec - removed IKEv1 ah+esp support;
!) snmp - added basic get and walk functionality "/tool snmp-[get|walk]";
!) switch - added hardware STP functionality for CRS devices and small Atheros switch chips (http://wiki.mikrotik.com/wiki/Manual:CR ... e_Protocol);
!) tr069-client - initial implementation (as separate package) (cli only);
!) winbox - Winbox 3.7 is the minimum version that can connect to RouterOS;
*) arp - added "local-proxy-arp" feature;
*) bonding - added "forced-mac-address" option;
*) bonding - fixed "tx-drop" on VLAN over bonding on x86;
*) bridge - fixed rare crash on bridge port removal;
*) bridge - fixed VLAN BPDU rx and tx when connected to non-RouterOS device with STP functionality;
*) bridge - require admin-mac to be specified if auto-mac is disabled;
*) bridge - show bridge port name in port monitor;
*) capsman - added "group-key-update" parameter;
*) capsman - added possibility to change arp, mtu, l2mtu values in datapath configuration;
*) capsman - fixed CAP upgrade when separate wireless package is used (introduced in 6.37);
*) capsman - use correct source address in reply to unicast discovery requests;
*) ccr - added AHCI driver for Samsung XP941 128GB AHCI M.2;
*) certificates - added support for PKCS#12 export;
*) certificates - allow import multiple certs with the same key;
*) certificates - fixed crash when crl is removed while it is being fetched;
*) certificates - fixed trust chain update on local certificate revocation in programs using ssl;
*) certificates - if no name provided create certificate name automatically from certificate fields;
*) console - fixed multi argument value unset;
*) crs - added comment ability in more switch menus;
*) crs - fixed rare kernel failure on switch reset (for example, reboot);
*) dhcp - fixed DNS server assignment to client if dynamic server exists and is from another IP family;
*) dhcp - fixed issue when dhcp-client was still possible on interfaces with "slave" flag and using slave interface MAC address;
*) dhcp - show dhcp server as invalid and log an error when interface becomes a slave;
*) dhcp-server - fixed when wizard was unable to create pool >dhcp_pool99;
*) discovery - added LLDP support;
*) discovery - removed 6to4 tunnels from "/ip neighbor discovery menu";
*) dns - added "max-concurrent-queries" and "max-concurrent-tcp-sessions" settings;
*) dude - (changes discussed here: http://forum.mikrotik.com/viewtopic.php?f=8&t=112599);
*) ethernet - added "k" and "M" unit support to Ethernet Bandwidth setting;
*) ethernet - fixed "tx-fcs-error" on SFP+ interfaces when loop-protect is enabled;
*) export - do not show interface comment in "/ip neighbor discovery" menu;
*) export - updated default values to clean up export compact;
*) fastpath - fixed rare crash;
*) fastpath - fixed x86 bridge fast-path status shown as active even if it is manually disabled;
*) file - fixed file manager crash when file transfer gets cancelled;
*) firewall - added "creation-time" to address list entries;
*) firewall - added sctp/dccp/udp-lite support for "src-port", "dst-port", "port" and "to-ports" firewall options;
*) firewall - do not defragment packets which are marked with "notrack" in raw firewall;
*) firewall - fixed "time" option by recognizing weekday properly (introduced in v6.37.2);
*) firewall - fixed dynamic raw rule behaviour;
*) firewall - fixed rule activation if "time" option is used and no other active rules are present;
*) firewall - increased max size of connection tracking table to 1048576;
*) firewall - new faster "connection-limit" option implementation;
*) firewall - significantly improved large firewall rule set import performance;
*) graphing - fixed queue graphs showing up in web interface if aggregate name size >57840 symbols;
*) health - show power consumption on devices which has voltage and current monitor;
*) hotspot - fixed nat rule port setting in "hs-unauth-to" chain by changing it from "dst-port" to "src-port" on Walled Garden ip "return" rules;
*) interface - changed loopback interface mtu to 1500;
*) interface - do not treat multiple zeros as single zero on name comparison;
*) interface - show link stats in "/interface print stats-detail" output;
*) ipsec - added ability to specify static IP address at "send-dns" option;
*) ipsec - added ph2 accounting for each policy "/ip ipsec policy ph2-count";
*) ipsec - allow to specify explicit split dns address;
*) ipsec - changed logging topic from error to debug when empty pfkey messages are received;
*) ipsec - do not auto-negotiate more SAs than needed;
*) ipsec - ensure generated policy refers to valid proposal;
*) ipsec - fixed camellia crypto algorithm module loading;
*) ipsec - fixed IPv6 remote prefix;
*) ipsec - fixed kernel failure on tile with sha256 when hardware encryption is not being used;
*) ipsec - fixed peer configuration my-id IPv4 address endianness;
*) ipsec - fixed ph2 auto-negotiation by checking policies in correct order;
*) ipsec - load ipv6 related modules only when ipv6 package is enabled;
*) ipsec - make generated policies always as unique;
*) ipsec - non passive peers will also establish SAs from policy without waiting for the first packet;
*) ipsec - optimized logging under ipsec topic;
*) ipsec - show active flag when policy has active SA;
*) ipsec - show SA "enc-key-size";
*) ipsec - split "mode-config" and "send-dns" arguments;
*) ipv6 - added "no-dad" setting to ipv6 addresses;
*) ipv6 - fixed "accept-router-advertisements" behaviour;
*) ipv6 - moved empty IPv6 pool error message to error topic;
*) lcd - improved performance, causes less cpu load;
*) led - fixed dark mode for cAP 2nD (http://wiki.mikrotik.com/wiki/Manual:Sy ... ds_Setting);
*) log - fixed "System rebooted because of kernel failure" message to show after 1st crash reboot;
*) lte - added support for more Vodafone K4201-Z, Novatel USB620L, PANTECH UML295 and ZTE MF90 modems;
*) lte - allow to execute concurrent info commands;
*) lte - fixed dwm-222, Pantech UML296 support;
*) lte - fixed init delay after power reset;
*) lte - increased delay when setting sms send mode;
*) lte - return info data when all the fields are populated;
*) metarouter - fixed startup process (introduced in 6.37.2);
*) mmips - fixed traffic accounting in "/interface" menu;
*) ospf - fixed route crash caused by memory corruption when there are multiple active interfaces;
*) ppp - fixed packet size calculation when MRRU is set (was 2 bytes bigger than MTU allows);
*) ppp - significantly improved shutdown speed on servers with many active tunnels;
*) ppp - significantly improved tunnel termination process on servers with many active tunnels;
*) profile - added "bfd" and "remote-access" processes;
*) profile - added ability to monitor cpu usage per core;
*) profile - make profile work on mmips devices;
*) profile - properly classify "wireless" processes;
*) queue - fixed "time" option by recognizing weekday properly (introduced in v6.37.2);
*) radius - added IPSec service (cli only);
*) rb750Gr3 - fixed ipsec with 3des+md5 to work on this board;
*) rb850Gx2 - fixed pcb temperature monitor if temperature was above 60C;
*) resolver - ignore cache entries if specific server is used;
*) routerboot - show log message if router CPU/RAM is overclocked;
*) script - increment run count value when script is executed from snmp;
*) snmp - always report bonding speed as speed from first bonding slave;
*) snmp - fixed rare crash when incorrectly formatted packet was received;
*) snmp - provide sinr in lte table;
*) ssh - added routing-table setting (cli only);
*) ssh - fixed lost "/ip ssh" settings on upgrade from version older than 5.15;
*) system - reboot device on critical program crash;
*) tile - fixed kernel failure when when IPv6 ICMP packet is sent through PPP interface;
*) time - updated time zones;
*) traceroute - fixed memory leak;
*) traffic-flow - fixed flow sequence counter and length;
*) trafficgen - fixed compact export when "header-stack" includes tcp;
*) trafficgen - fixed crash when IPv6 traffic is processed;
*) trafficgen - fixed potential crash when very big frame is generated;
*) trafficgen - improved fastpath support;
*) tunnel - fixed transmit packets occasionally not going through fastpath;
*) tunnel - properly export keepalive value;
*) usb - fixed kernel failure when Nexus 6P device is removed;
*) users - added minimal required permission set for full user group;
*) users - added TikApp policy;
*) vlan - allow to add multiple VLANs which name starts with same number and has same length;
*) vrrp - do not show unrelated log warning messages about version mismatch;
*) watchdog - do not send supout file if "auto-send-supout" is disabled;
*) webfig - added extra protection against XSS exploits;
*) webfig - show ipv6 addresses correctly;
*) webfig - show properly interface last-link-up/down times;
*) winbox - added "Complete" flag to arp table;
*) winbox - added "untracked" option to firewall "connection-state" setting;
*) winbox - added Dude icon to Dude menu;
*) winbox - allow to enable/disable traffic flow targets;
*) winbox - allow to run profile from "/system resources" menu;
*) winbox - allow to specify interface for leds with "interface-speed" trigger;
*) winbox - do not allow to set "loop-protect-send-interval" to 0s;
*) winbox - do not show hotspot user profile incoming and outgoing filters and marks as set if there is no value specified;
*) winbox - fixed crash when legacy Winbox version was used;
*) winbox - fixed default values for interface "loop-protect-disable-time" and "loop-protect-send-interval";
*) winbox - fixed missing "IPv6/Settings" menu;
*) winbox - fixed typo in "propagate-ttl" setting;
*) winbox - make cert signing include provided ca-crl-host;
*) winbox - moved ipsec peer "exchange-mode" to General tab;
*) winbox - properly show VHT basic and supported rates in CAPsMAN;
*) winbox - removed spare values from loop-protect menu;
*) winbox - show all related HT tab settings in 2GHz-g/n mode;
*) winbox - show primary and secondary ntp addresses as 0.0.0.0 if none are set;
*) winbox - show proper ipv6 connection timeout;
*) wireless - added API command to report country-list (/interface/wireless/info/country-list);
*) wireless - added CRL checking for eap-tls;
*) wireless - fixed action frame handling for WDS nodes;
*) wireless - fixed custom channel extension-channel appearance in console;
*) wireless - fixed full "spectral-history" header print on AP modes;
*) wireless - fixed rare kernel failure when connecting to nv2 access point with legacy rate select;
*) wireless - fixed upgrade from older wireless packages when AP interface had empty SSID;
*) wireless - take in account channel width when returning supported channels;
*) wireless - use VLAN ID 0 in RADIUS message to disable VLAN tagging;

If you experience version related issues, then please send supout file from your router to support@mikrotik.com. File must be generated while router is not working as suspected or after crash.
 
User avatar
G2Dolphin
Member Candidate
Member Candidate
Posts: 154
Joined: Sun May 17, 2015 6:03 pm
Location: Moscow, Russia

Re: v6.38 [current] is released!

Mon Jan 02, 2017 2:53 pm

Never seen that big changelog yet. :)

Thank you, and a have a happy New Year!
Home: RB3011UiAS-IN (2011 case+3011-RM), hAP ac, mAP2n/mAP2nD, GrooveA-52HPn, hEX (r3), hAP lite, RB951G-2HnD
Work: RB2011UiAS-RM / UiAS-2HnD-IN, RB951G-2HnD, hEX (r3), CRS125-24G-1S-2HnD-IN, CCR1009-8G-1S-1S+
 
User avatar
irghost
Member Candidate
Member Candidate
Posts: 273
Joined: Sun Feb 21, 2016 1:49 pm
Contact:

Re: v6.38 [current] is released!

Mon Jan 02, 2017 4:01 pm

*) radius - added IPSec service (cli only);
please at it in Winbox
MTCNA MTCRE MTCTCE MTCUME MTCWE MTCIPv6E MTCINE
میکروتیک فا برای فارسی زبان ها
Mikrotik Certified Consultant
https://mikrotikfa.com
 
patrick7
Member Candidate
Member Candidate
Posts: 288
Joined: Sat Jul 20, 2013 2:40 pm

Re: v6.38 [current] is released!

Mon Jan 02, 2017 4:15 pm

*) snmp - always report bonding speed as speed from first bonding slave;
Why? Bondings with 2x1Gbps are now shown as 1Gbps which is not true.
Except from the STP problems which I already reported by E-Mail - good work! :-)

Happy new year.
 
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1352
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.38 [current] is released!

Mon Jan 02, 2017 4:33 pm

patrick7 - Bonding in past reported 2Gbps always. It did not matter if bonding had 2,3,4,5, etc. slave interfaces. Now it will simply report single link speed:
*) snmp - always report bonding speed as speed from first bonding slave;
 
chg123
just joined
Posts: 8
Joined: Mon May 11, 2015 1:24 pm

Re: v6.38 [current] is released!

Mon Jan 02, 2017 4:34 pm

Strange Bug:
After upgrading my CCR1009-8G-1S-1S+ from 6.37.3 to 6.38 the exported config mixed up the interface IDs:

/interface ethernet
set [ find default-name=ether5 ] l2mtu=1520 name=ether1-kbd
set [ find default-name=ether6 ] l2mtu=1520 name=ether2
set [ find default-name=ether7 ] l2mtu=1520 name=ether3
set [ find default-name=ether8 ] l2mtu=1520 name=ether4-inl
set [ find default-name=ether1 ] name=ether5-wan-lacp1-1
set [ find default-name=ether2 ] name=ether6-wan-lacp1-2
set [ find default-name=ether3 ] name=ether7-wan
set [ find default-name=ether4 ] name=ether8-wan

This was definitely NOT the actively running config since i did not rename the interfaces that crappy ;)

Just to make sure that the export was wrong tried to load this config into the zeroed device but it failed.

after a manual correction to:

/interface ethernet
set [ find default-name=ether1 ] l2mtu=1520 name=ether1-kbd
set [ find default-name=ether2 ] l2mtu=1520
set [ find default-name=ether3 ] l2mtu=1520
set [ find default-name=ether4 ] l2mtu=1520 name=ether4-inl
set [ find default-name=ether5 ] name=ether5-wan-lacp1-1
set [ find default-name=ether6 ] name=ether6-wan-lacp1-2
set [ find default-name=ether7 ] name=ether7-wan
set [ find default-name=ether8 ] name=ether8-wan

everything worked fine.

Is there any explanation for this effect?

Cheers,

Christoph
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8119
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.38 [current] is released!

Mon Jan 02, 2017 4:55 pm

*) arp - added "local-proxy-arp" feature;
*) bonding - added "forced-mac-address" option;
Any chance to get some documentation for those features?
*) traffic-flow - fixed flow sequence counter and length;
What was wrong with it?
*) winbox - allow to run profile from "/system resources" menu;
Can't see anything in Resources...
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8119
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: v6.38 [current] is released!

Mon Jan 02, 2017 4:57 pm

After upgrading my CCR1009-8G-1S-1S+ from 6.37.3 to 6.38 the exported config mixed up the interface IDs:

/interface ethernet
set [ find default-name=ether5 ] l2mtu=1520 name=ether1-kbd
set [ find default-name=ether6 ] l2mtu=1520 name=ether2
set [ find default-name=ether7 ] l2mtu=1520 name=ether3
set [ find default-name=ether8 ] l2mtu=1520 name=ether4-inl
set [ find default-name=ether1 ] name=ether5-wan-lacp1-1
set [ find default-name=ether2 ] name=ether6-wan-lacp1-2
set [ find default-name=ether3 ] name=ether7-wan
set [ find default-name=ether4 ] name=ether8-wan

This was definitely NOT the actively running config since i did not rename the interfaces that crappy ;)

Just to make sure that the export was wrong tried to load this config into the zeroed device but it failed.
At least it was because ether6 cannot be renamed to ether2: ether2 already exists and will be renamed later :) So sorting in Export should be not by name, but by default-name
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
Campano
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Mon Apr 17, 2006 2:35 am
Location: Ñuñoa - Chile
Contact:

Re: v6.38 [current] is released!

Mon Jan 02, 2017 5:27 pm

Nice work, now try! and check all is working :D
 
Siona
Frequent Visitor
Frequent Visitor
Posts: 83
Joined: Thu Jan 29, 2015 11:56 am

Re: RE: v6.38 [current] is released!

Mon Jan 02, 2017 6:37 pm



!) ipsec - added support for unique policy generation;



*) ipsec - added ability to specify static IP address at "send-dns" option;
*) ipsec - added ph2 accounting for each policy "/ip ipsec policy ph2-count";
*) ipsec - allow to specify explicit split dns address;
*) ipsec - changed logging topic from error to debug when empty pfkey messages are received;
*) ipsec - do not auto-negotiate more SAs than needed;
*) ipsec - ensure generated policy refers to valid proposal;
*) ipsec - fixed camellia crypto algorithm module loading;
*) ipsec - fixed IPv6 remote prefix;
*) ipsec - fixed kernel failure on tile with sha256 when hardware encryption is not being used;
*) ipsec - fixed peer configuration my-id IPv4 address endianness;
*) ipsec - fixed ph2 auto-negotiation by checking policies in correct order;
*) ipsec - load ipv6 related modules only when ipv6 package is enabled;
*) ipsec - make generated policies always as unique;
*) ipsec - non passive peers will also establish SAs from policy without waiting for the first packet;
*) ipsec - optimized logging under ipsec topic;
*) ipsec - show active flag when policy has active SA;
*) ipsec - show SA "enc-key-size";
*) ipsec - split "mode-config" and "send-dns" arguments;

.
Is it working out of box? Or need I configure this?
Especially unique policy.
 
borisk
Frequent Visitor
Frequent Visitor
Posts: 96
Joined: Mon Jul 04, 2016 10:02 pm
Location: Nizhniy Tagil, Russia

Re: v6.38 [current] is released!

Mon Jan 02, 2017 6:56 pm

Hello!

Sorry, what mean
*) interface - changed loopback interface mtu to 1500;
? There is special loopback interface now? Can't find it.

Regards,
Boris
 
User avatar
pietroscherer
Trainer
Trainer
Posts: 151
Joined: Thu Mar 05, 2015 3:05 pm
Location: RS, Brazil
Contact:

Re: v6.38 [current] is released!

Mon Jan 02, 2017 7:02 pm

*) routerboot - show log message if router CPU/RAM is overclocked;

It's possible to have a info message, when the router's CPU/RAM is out of factory/default value?
Pietro Scherer
https://about.me/pietroscherer
Skype: pietroscherer
 
DuduZZZ
just joined
Posts: 6
Joined: Tue Aug 23, 2016 11:31 am
Location: Hungary

Re: v6.38 [current] is released!

Mon Jan 02, 2017 7:16 pm

Hello,

After upgrade in the log appear: system, info, critical - memory overclocked. All device which is contain 128 MB memory.

Image

Devices affected in my network:
1x RB2011UiAS
2x CRS109-8G-1S-2HnD
2x CRS125-24G-1S

Devices not affected in my network:
2x RB3011UiAS

Thanks & Regards,
David
 
JimmyNyholm
Member Candidate
Member Candidate
Posts: 242
Joined: Mon Apr 25, 2016 2:16 am
Location: Sweden

Re: v6.38 [current] is released!

Mon Jan 02, 2017 7:36 pm

patrick7 - Bonding in past reported 2Gbps always. It did not matter if bonding had 2,3,4,5, etc. slave interfaces. Now it will simply report single link speed:
*) snmp - always report bonding speed as speed from first bonding slave;
For LACP that is Totally Wrong. In protocol less bonding this may be acceptable Something I never Use.
A bond with LACP have prerequisites that states that all members should be same link speed.
The snmp value for speed on a bond interface with LACP should be speed from first link (all is same) times number of link that have an active partner and is currently Aggregating and Hashing. This is how we can monitor if a fault is bound to happen.
 
cheeze
Member Candidate
Member Candidate
Posts: 146
Joined: Tue Jul 31, 2012 7:44 am

Re: v6.38 [current] is released!

Mon Jan 02, 2017 7:46 pm

patrick7 - Bonding in past reported 2Gbps always. It did not matter if bonding had 2,3,4,5, etc. slave interfaces. Now it will simply report single link speed:
*) snmp - always report bonding speed as speed from first bonding slave;
For LACP that is Totally Wrong. In protocol less bonding this may be acceptable Something I never Use.
A bond with LACP have prerequisites that states that all members should be same link speed.
The snmp value for speed on a bond interface with LACP should be speed from first link (all is same) times number of link that have an active partner and is currently Aggregating and Hashing. This is how we can monitor if a fault is bound to happen.
Correct me if I'm incorrect here but, I don't believe LACP bundles are something that RouterOS does. They haven't implemented that to my knowledge. It's been asked (a lot) and now maybe since they are not focusing on the current routing stack they might do it...

edit:

I was wrong, Mikrotik does support LACP/802.3ad

I'm sorry :(
 
moep
newbie
Posts: 40
Joined: Mon Jul 02, 2012 2:12 pm

Re: The Dude, v6.38 [current] release.

Mon Jan 02, 2017 8:15 pm

First of all happy new year and nice work on overall ipsec improvements.

But the password length is still capped to 31 characters, which creates incompatibility to previous versions with long xauth passwords
i wrote this here:
http://forum.mikrotik.com/viewtopic.php ... 86#p573186

please try to fix it :)
 
JanezFord
Member Candidate
Member Candidate
Posts: 258
Joined: Wed May 23, 2012 10:58 am

Re: v6.38 [current] is released!

Mon Jan 02, 2017 10:11 pm

Upgraded many devices without problems except two of rb912uag-2hnd with r11e-5nhd which never came back online - same config - cap client. Remote poe off/on did not help. Be carefull if you have rb912 devices.

JF.

Edit: Also missing one of rb951g-2hnd devices. Will not upgrade rest until sure of 6.38 stability.
Edit2: rb951g-2hnd came back online ... still missing both 912s ... poe reboot not helping.
Last edited by JanezFord on Mon Jan 02, 2017 10:27 pm, edited 1 time in total.
 
JimmyNyholm
Member Candidate
Member Candidate
Posts: 242
Joined: Mon Apr 25, 2016 2:16 am
Location: Sweden

Re: v6.38 [current] is released!

Mon Jan 02, 2017 10:18 pm

edit:

I was wrong, Mikrotik does support LACP/802.3ad

I'm sorry :(
;-) Right. I would not be a customer if they had not supported LACP. On the plus side is that they even have minimum link property for channel up state. I bought the 1036 before 1072 was out and I only use the two sfp+ ports LACP bundled to our redundant Core. Now with 1072 We have even more ports. Waiting eagerly for qsfp+ and qsfp28 Products from MT but that will be the day. Not so interesting before everything is multicore anyway.
 
csi
newbie
Posts: 31
Joined: Wed Mar 02, 2016 10:05 am

Re: v6.38 [current] is released!

Mon Jan 02, 2017 10:30 pm

Happy new year first!

After upgrading some of my boxes, I get an issue with a CRS109-8G-1S-2HnD. I use some tagged VLANs between a RB3011 and the CRS box. When I upgrade the CRS box, the interfaces are not useable and the CRS box is not reachable. When I take a downgrade to 6.37.3 the device is back. I have tested twice and also with an fresh upload of the firmware to the box. Normally I use the CAPsMan to upgrade my devices.

Please let me know, if you need some more information.


Cheers
csi
 
pe1chl
Forum Guru
Forum Guru
Posts: 4845
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.38 [current] is released!

Mon Jan 02, 2017 10:43 pm

I use some tagged VLANs between a RB3011 and the CRS box. When I upgrade the CRS box, the interfaces are not useable and the CRS box is not reachable.
Did you read the release notes?
 
JimmyNyholm
Member Candidate
Member Candidate
Posts: 242
Joined: Mon Apr 25, 2016 2:16 am
Location: Sweden

Re: v6.38 [current] is released!

Mon Jan 02, 2017 10:45 pm

Hello!

Sorry, what mean
*) interface - changed loopback interface mtu to 1500;
? There is special loopback interface now? Can't find it.

Regards,
Boris

+1 What does it say? Do we have Loopback Interface Now? Cant seem to find either in winbox nor in cli.
 
User avatar
GioMac
just joined
Posts: 3
Joined: Sun Dec 27, 2015 7:02 am
Location: Tbilisi, Georgia
Contact:

Re: v6.38 [current] is released!

Mon Jan 02, 2017 11:00 pm

Great release... And IPSec died for RW configuration
jan/03 00:43:12 ipsec,info respond new phase 1 (Identity Protection): x.x.x.x
2[500]<=>y.y.y.y[500] 
jan/03 00:43:13 ipsec,info ISAKMP-SA established x.x.x.x[4500]-y.y.y.y[
4500] spi:zzzz
jan/03 00:43:13 ipsec,info acquired 192.168.23.250 address for y.y.y.y[4500] 
jan/03 00:43:13 ipsec,info Xauth login succeeded for user: giomac 
jan/03 00:43:14 ipsec,error y.y.y.y[ failed to pre-process ph2 packet. 
jan/03 00:43:17 ipsec,error y.y.y.y[ peer sent packet for dead phase2 
jan/03 00:43:20 ipsec,error y.y.y.y[ peer sent packet for dead phase2 
jan/03 00:43:23 ipsec,error y.y.y.y[ peer sent packet for dead phase2 
jan/03 00:43:26 ipsec,error y.y.y.y[ peer sent packet for dead phase2 
jan/03 00:43:29 ipsec,error y.y.y.y[ peer sent packet for dead phase2 
jan/03 00:43:32 ipsec,error y.y.y.y[ peer sent packet for dead phase2 
jan/03 00:43:35 ipsec,error y.y.y.y[ peer sent packet for dead phase2 
jan/03 00:43:38 ipsec,error y.y.y.y[ peer sent packet for dead phase2 
jan/03 00:43:41 ipsec,error y.y.y.y[ peer sent packet for dead phase2 
jan/03 00:43:44 ipsec,info purging ISAKMP-SA x.x.x.x[4500]<=>y.y.y.y[45
00] spi=jjjj. 
jan/03 00:43:45 ipsec,info ISAKMP-SA deleted x.x.x.x[4500]-y.y.y.y[4500
] spi:wwww rekey:1 
jan/03 00:43:45 ipsec,info releasing address 192.168.23.250 
 
csi
newbie
Posts: 31
Joined: Wed Mar 02, 2016 10:05 am

Re: v6.38 [current] is released!

Mon Jan 02, 2017 11:07 pm

I use some tagged VLANs between a RB3011 and the CRS box. When I upgrade the CRS box, the interfaces are not useable and the CRS box is not reachable.
Did you read the release notes?
Yes I have. But I'm not using STP and bridges only for the WiFi interfaces. Or have I made a mistake with my thinking?
 
locodog
Frequent Visitor
Frequent Visitor
Posts: 63
Joined: Sun Apr 12, 2015 4:00 am

Re: v6.38 [current] is released!

Mon Jan 02, 2017 11:14 pm

Hello!

Sorry, what mean
*) interface - changed loopback interface mtu to 1500;
? There is special loopback interface now? Can't find it.

Regards,
Boris

+1 What does it say? Do we have Loopback Interface Now? Cant seem to find either in winbox nor in cli.


There is no Loopback interface added. If you need loopback interface simply create bridge and do not add any ports to it. (MTU of 1500 is for that empty bridge used as loopback).
 
locodog
Frequent Visitor
Frequent Visitor
Posts: 63
Joined: Sun Apr 12, 2015 4:00 am

Re: v6.38 [current] is released!

Mon Jan 02, 2017 11:16 pm

I use some tagged VLANs between a RB3011 and the CRS box. When I upgrade the CRS box, the interfaces are not useable and the CRS box is not reachable.
Did you read the release notes?

Also, does this affects L2 connections with another vendors? What exactly changed so that VLAN on 6.38 is different from vlan 6.37 and older?
 
pe1chl
Forum Guru
Forum Guru
Posts: 4845
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.38 [current] is released!

Tue Jan 03, 2017 12:05 am

I use some tagged VLANs between a RB3011 and the CRS box. When I upgrade the CRS box, the interfaces are not useable and the CRS box is not reachable.
Did you read the release notes?
Yes I have. But I'm not using STP and bridges only for the WiFi interfaces. Or have I made a mistake with my thinking?
Bridges have STP enabled by default. Did you set "protocol: none" on your bridges? If not, they have STP.
 
csi
newbie
Posts: 31
Joined: Wed Mar 02, 2016 10:05 am

Re: v6.38 [current] is released!

Tue Jan 03, 2017 2:20 am

I use some tagged VLANs between a RB3011 and the CRS box. When I upgrade the CRS box, the interfaces are not useable and the CRS box is not reachable.
Did you read the release notes?
Yes I have. But I'm not using STP and bridges only for the WiFi interfaces. Or have I made a mistake with my thinking?
Bridges have STP enabled by default. Did you set "protocol: none" on your bridges? If not, they have STP.
On the CRS the bridges are disabled, on the RB3011 not of course. I have enabled RSTP on CRS for testing, but same problem.
 
JimmyNyholm
Member Candidate
Member Candidate
Posts: 242
Joined: Mon Apr 25, 2016 2:16 am
Location: Sweden

Re: v6.38 [current] is released!

Tue Jan 03, 2017 11:36 am

*) interface - changed loopback interface mtu to 1500;
There is no Loopback interface added. If you need loopback interface simply create bridge and do not add any ports to it. (MTU of 1500 is for that empty bridge used as loopback).
This is well known to all of us this is why we are asking this question.
The release notes states that mtu values have changed for Loopback Interface. Hello WHAT LOOPBACK INTERFACE.
 
pe1chl
Forum Guru
Forum Guru
Posts: 4845
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.38 [current] is released!

Tue Jan 03, 2017 11:42 am

Probably the loopback interface (lo) internal to the Linux system that is beneath the RouterOS that you can see from the outside.
This by default has an MTU of 65536. Maybe this caused problems in some special case where traffic is sent via the loopback
for internal operations of the router and the first hop has a large MTU but later hops have smaller MTU.
 
User avatar
Plnt
just joined
Posts: 6
Joined: Thu Jul 16, 2015 2:27 pm
Contact:

Re: v6.38 [current] is released!

Tue Jan 03, 2017 12:22 pm

Hello,

After upgrade in the log appear: system, info, critical - memory overclocked. All device which is contain 128 MB memory.

Image

Devices affected in my network:
1x RB2011UiAS
2x CRS109-8G-1S-2HnD
2x CRS125-24G-1S

Devices not affected in my network:
2x RB3011UiAS

Thanks & Regards,
David
I have the same problem on two different RouterBOARD 911 Lite5 after the upgrade. I didn't do any overclocking on the devices. Apart from the message I didn't noticed any problems - everything works fine.
jan/03/2017 11:08:24 system,info,critical memory overclocked
[admin@xxx] > /system routerboard print 
                ;;; Warning: memory overclocked
...
Last edited by Plnt on Tue Jan 03, 2017 12:24 pm, edited 1 time in total.
 
strods
MikroTik Support
MikroTik Support
Topic Author
Posts: 1352
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: v6.38 [current] is released!

Tue Jan 03, 2017 12:23 pm

Do not worry about these overclocked messages - they are still work on progress. If you have not overclocked device manually, then there is no need to worry about that.
We are still improving this feature.
 
alfonzz
just joined
Posts: 16
Joined: Wed Oct 15, 2014 12:16 pm
Location: CZ

Re: v6.38 [current] is released!

Tue Jan 03, 2017 12:41 pm

Hello,
After upgrade in the log appear: system, info, critical - memory overclocked. All device which is contain 128 MB memory.
Image
It happens me too - on SXT lite5 with 64MB memory...
wtf?
 
Zorro
Long time Member
Long time Member
Posts: 676
Joined: Wed Apr 16, 2014 2:43 pm

Re: v6.38 [current] is released!

Tue Jan 03, 2017 1:31 pm

fantastic news !!
*put teapot on, unpacked pack of (vanilla)cookies and immediately start celebrating THAT !!*
thanks for continued efforts to Improve your products/ROS, MT !!
happy new year, anyone !
 
hgkeh
just joined
Posts: 2
Joined: Wed Mar 07, 2012 5:54 am

Re: v6.38 [current] is released!

Tue Jan 03, 2017 2:08 pm

I just upgraded my RB751U-2HnD, and after reboot all my LED stop functioning (no light).
 
kristaps
Member Candidate
Member Candidate
Posts: 272
Joined: Mon Jan 27, 2014 1:37 pm

Re: v6.38 [current] is released!

Tue Jan 03, 2017 3:17 pm

Just upgraded five RB751U with different configurations to 6.38 . All booted up without issues.

@hgkeh can you please post your configuration that you used on RB751U, that we can try to replicate your issue.
 
hgkeh
just joined
Posts: 2
Joined: Wed Mar 07, 2012 5:54 am

Re: v6.38 [current] is released!

Tue Jan 03, 2017 3:35 pm

# jan/03/2017 21:28:33 by RouterOS 6.38
# software id = 6QRW-GN7H
#
/interface bridge
add admin-mac=00:0C:42:E1:C1:A7 auto-mac=no mtu=1500 name=bridge-local
/interface ethernet
set [ find default-name=ether1 ] advertise=10M-full,100M-full,1000M-full name=\
    ether1-gateway rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether2 ] advertise=10M-full,100M-full,1000M-full name=\
    ether2-gateway rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether3 ] advertise=10M-full,100M-full,1000M-full name=\
    ether3-master-local rx-flow-control=auto speed=1Gbps tx-flow-control=auto
set [ find default-name=ether4 ] advertise=10M-full,100M-full,1000M-full master-port=\
    ether3-master-local name=ether4-slave-local rx-flow-control=auto speed=1Gbps \
    tx-flow-control=auto
set [ find default-name=ether5 ] advertise=10M-full,100M-full,1000M-full master-port=\
    ether3-master-local name=ether5-slave-local rx-flow-control=auto speed=1Gbps \
    tx-flow-control=auto
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/interface bridge port
add bridge=bridge-local interface=ether3-master-local
/interface bridge settings
set use-ip-firewall=yes
/ip settings
set rp-filter=strict tcp-syncookies=yes
/ip address
add address=x.x.x.x/x comment="default configuration" interface=ether3-master-local \
    network=x.x.x.x
add address=x.x.x.x/x interface=ether1-gateway network=x.x.x.x
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=no interface=\
    ether2-gateway use-peer-dns=no use-peer-ntp=no
/ip dhcp-server
add address-pool=default-dhcp lease-time=1h name=dhcp1
/ip dhcp-server network
add address=x.x.x.x/x comment="default configuration" dns-server=x.x.x.x \
    gateway=x.x.x.x
/ip dns
set allow-remote-requests=yes max-udp-packet-size=512 servers=\
    x.x.x.x,x.x.x.x
/ip dns static
add address=x.x.x.x name=router
/ip firewall filter
add action=accept chain=input comment="default configuration" disabled=yes protocol=icmp
add action=accept chain=input comment="default configuration" connection-state=established \
    disabled=yes
add action=accept chain=input comment="default configuration" connection-state=related \
    disabled=yes
add action=drop chain=input comment="default configuration" disabled=yes in-interface=\
    ether1-gateway
add action=accept chain=input comment=Management dst-address=192.168.88.1 in-interface=\
    bridge-local
add action=drop chain=input comment="Drop ICMP to gateway (OA)" in-interface=\
    ether1-gateway protocol=icmp
add action=drop chain=input comment="Drop ICMP to gateway (Time)" in-interface=\
    ether2-gateway protocol=icmp
add action=accept chain=input comment="Allow Established and related connections" \
    connection-state=established,related
add action=accept chain=input comment="IPTV multicast forwarding" disabled=yes protocol=\
    igmp
add action=accept chain=forward disabled=yes protocol=udp
add action=fasttrack-connection chain=forward comment=Fasttrack connection-state=\
    established,related
add action=accept chain=forward connection-state=established,related
add action=jump chain=forward comment="Make jumps to new chains" jump-target=tcp protocol=\
    tcp
add action=jump chain=forward jump-target=udp protocol=udp
add action=jump chain=forward jump-target=icmp protocol=icmp
add action=drop chain=input comment="Drop Invalid connections" connection-state=invalid
add action=drop chain=input comment="Drop everything else"
add action=drop chain=forward comment="Block \"bogon\" IP addresses" src-address=0.0.0.0/8
add action=drop chain=forward dst-address=0.0.0.0/8
add action=drop chain=forward src-address=127.0.0.0/8
add action=drop chain=forward dst-address=127.0.0.0/8
add action=drop chain=forward src-address=224.0.0.0/3
add action=drop chain=forward dst-address=224.0.0.0/3
add action=drop chain=tcp comment="deny TFTP" dst-port=69 protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper" dst-port=111 protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper" disabled=yes dst-port=135 \
    protocol=tcp
add action=drop chain=tcp comment="deny NBT" disabled=yes dst-port=137-139 protocol=tcp
add action=drop chain=tcp comment="deny cifs" disabled=yes dst-port=445 protocol=tcp
add action=drop chain=tcp comment="deny NFS" dst-port=2049 protocol=tcp
add action=drop chain=tcp comment="deny NetBus" dst-port=12345-12346 protocol=tcp
add action=drop chain=tcp comment="deny NetBus" dst-port=20034 protocol=tcp
add action=drop chain=tcp comment="deny BackOriffice" dst-port=3133 protocol=tcp
add action=drop chain=tcp comment="deny DHCP" dst-port=67-68 protocol=tcp
add action=drop chain=udp comment="deny TFTP" dst-port=69 protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" dst-port=111 protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" dst-port=135 protocol=udp
add action=drop chain=udp comment="deny NBT" dst-port=137-139 protocol=udp
add action=drop chain=udp comment="deny NFS" dst-port=2049 protocol=udp
add action=drop chain=udp comment="deny BackOriffice" dst-port=3133 protocol=udp
add action=drop chain=input comment="drop ftp brute forcers" dst-port=21 protocol=tcp \
    src-address-list=ftp_blacklist
add action=accept chain=output content="530 Login incorrect" dst-limit=\
    1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist address-list-timeout=3h \
    chain=output content="530 Login incorrect" protocol=tcp
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 protocol=tcp \
    src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=\
    input connection-state=new dst-port=22 protocol=tcp
add action=drop chain=forward comment="drop ssh brute downstream" dst-port=22 protocol=tcp \
    src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w \
    chain=input comment="Port scanners to list " protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w \
    chain=input comment="NMAP FIN Stealth scan" protocol=tcp tcp-flags=\
    fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w \
    chain=input comment="SYN/FIN scan" protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w \
    chain=input comment="SYN/RST scan" protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w \
    chain=input comment="FIN/PSH/URG scan" protocol=tcp tcp-flags=\
    fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w \
    chain=input comment="ALL/ALL scan" protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w \
    chain=input comment="NMAP NULL scan" protocol=tcp tcp-flags=\
    !fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="dropping port scanners" src-address-list=\
    "port scanners"
add action=accept chain=icmp comment="echo reply" icmp-options=0:0 protocol=icmp
add action=accept chain=icmp comment="net unreachable" icmp-options=3:0 protocol=icmp
add action=accept chain=icmp comment="host unreachable" icmp-options=3:1 protocol=icmp
add action=accept chain=icmp comment="host unreachable fragmentation required" \
    icmp-options=3:4 protocol=icmp
add action=accept chain=icmp comment="allow source quench" icmp-options=4:0 protocol=icmp
add action=accept chain=icmp comment="allow echo request" icmp-options=8:0 protocol=icmp
add action=accept chain=icmp comment="allow time exceed" icmp-options=11:0 protocol=icmp
add action=accept chain=icmp comment="allow parameter bad" icmp-options=12:0 protocol=icmp
add action=drop chain=icmp comment="deny all other types"
/ip firewall mangle
add action=mark-routing chain=prerouting dst-address=10.0.0.0/8 new-routing-mark=OA \
    passthrough=no
add action=mark-routing chain=prerouting dst-address=172.16.0.0/12 new-routing-mark=OA \
    passthrough=no
add action=mark-routing chain=prerouting dst-address=192.168.100.0/24 new-routing-mark=OA \
    passthrough=no
add action=mark-routing chain=prerouting disabled=yes dst-address=x.x.x.x \
    new-routing-mark=VPN passthrough=no
add action=mark-routing chain=prerouting disabled=yes dst-address=x.x.x.x \
    new-routing-mark=OA passthrough=no
add action=mark-routing chain=prerouting disabled=yes dst-address=x.x.x.x \
    new-routing-mark=Time passthrough=no
add action=mark-routing chain=prerouting content=x.x.x.x disabled=yes \
    new-routing-mark=OA passthrough=no
add action=mark-routing chain=prerouting new-routing-mark=Time passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=\
    ether1-gateway to-addresses=0.0.0.0
add action=masquerade chain=srcnat out-interface=ether2-gateway
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip pool
add name=default-dhcp next-pool=default-dhcp ranges=x.x.x.x/x
/ip route
add distance=1 gateway=x.x.x.x routing-mark=OA
add distance=1 gateway=ether2-gateway routing-mark=Time
/ip route rule
add dst-address=x.x.x.x/x table=main
add dst-address=x.x.x.x/x table=OA
add dst-address=x.x.x.x/x table=OA
add dst-address=1x.x.x.x/x table=OA
add routing-mark=OA table=OA
add routing-mark=Time table=Time
add routing-mark=VPN table=VPN
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
/ip smb shares
set [ find default=yes ] disabled=yes
/routing igmp-proxy
set quick-leave=yes
/routing igmp-proxy interface
add alternative-subnets=0.0.0.0/0 disabled=yes interface=ether2-gateway upstream=yes
add disabled=yes interface=bridge-local
/system leds
set 0 interface=wlan1
/system ntp client
set enabled=yes primary-ntp=x.x.x.x secondary-ntp=x.x.x.x
/system routerboard settings
set cpu-frequency=250MHz
/tool bandwidth-server
set enabled=no
/tool mac-server
add interface=ether2-gateway
add interface=ether3-master-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-gateway
add interface=ether3-master-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add
add interface=bridge-local
 
User avatar
nastitek
just joined
Posts: 7
Joined: Wed Jan 27, 2016 2:36 am
Location: PHILIPPINES

Re: v6.38 [current] is released!

Tue Jan 03, 2017 3:59 pm

Just upgraded to 6.38 HAP AC Lite.

Monitoring with Dude utilizes memory to 100% killing winbox 3.7 connection during this period.

Any recommendations?
 
User avatar
TomjNorthIdaho
Forum Veteran
Forum Veteran
Posts: 871
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: v6.38 [current] is released!

Tue Jan 03, 2017 4:12 pm

RE: Important note!!!
To avoid STP/RSTP compatibility issues with older RouterOS versions upgrade RouterOS on all routers in Layer2 networks with VLAN and STP/RSTP configurations.


I sure wish I would of known about this issue prior to upgrading a dozen Mikrotiks last month. Because of spanning-tree issues, I had the biggest/longest network outage since starting my ISP business over 10 years ago.

North Idaho Tom Jones
 
User avatar
macgaiver
Forum Guru
Forum Guru
Posts: 1684
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Re: v6.38 [current] is released!

Tue Jan 03, 2017 5:04 pm

RE: Important note!!!
To avoid STP/RSTP compatibility issues with older RouterOS versions upgrade RouterOS on all routers in Layer2 networks with VLAN and STP/RSTP configurations.


I sure wish I would of known about this issue prior to upgrading a dozen Mikrotiks last month. Because of spanning-tree issues, I had the biggest/longest network outage since starting my ISP business over 10 years ago.

North Idaho Tom Jones
Last month? Full version with this feature was released only this year.
Did you upgrade your production network to Release Candidate version?? if yes, that outage is all on you, all on you.
With great knowledge comes great responsibility, because of ability to recognize id... incompetent people much faster.
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1194
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: v6.38 [current] is released!

Tue Jan 03, 2017 6:01 pm

Something seems wrong with PPPoE upload:
ROS 6.38:
Image
ROS 6.36.4:
Image

Ignore download speed since it shows some variations due to network load.
For upload 13Mbps was the best result, having some tests peaking at 2-3Mbps.
Both are done on my RB1100AHx2 with the same configuration, repeated several times on multiple dynamic IPs, with the same behavior.
Speedtest server is local to my ISP. Maximum speed is 1Gb/200Mb.
ROS 6.37.3 was working OK, too.
Torturing CCR1009-7G-1C-1S+, RB450G, RB750GL, RB951G-2HnD, RB960PGS, RB260GSP, OmniTIK 5HnD and NetMetal 922UAGS-5HPacD + R11e-5HnD in my home network.
 
com2com
just joined
Posts: 2
Joined: Wed Jun 11, 2014 6:24 pm

Re: v6.38 [current] is released!

Tue Jan 03, 2017 6:59 pm

Software 6.38 cpu usage for fasttrack connections very high. For example ( 951g-2hnd at 750mhz) bandwidth 300 Mbps 6.37.3 cpu usage 30-40, 6.38 cpu usage 80-85.
 
pe1chl
Forum Guru
Forum Guru
Posts: 4845
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.38 [current] is released!

Tue Jan 03, 2017 7:54 pm

Something seems wrong with PPPoE upload:
Hmm on my RB2011 with my 50/24 VDSL it appears to be all normal, I achieve the expected upload rate.
(a bit below 24 Mbps)
 
User avatar
hknet
Frequent Visitor
Frequent Visitor
Posts: 86
Joined: Sun Jul 17, 2016 6:05 pm
Location: Vienna, Austria
Contact:

Re: The Dude, v6.38 [current] release.

Tue Jan 03, 2017 9:30 pm

any details on the obviously also new RouterBoard Firmware v.3.36?
 
User avatar
w32pamela
Member Candidate
Member Candidate
Posts: 100
Joined: Fri Jul 12, 2013 4:22 pm

Re: The Dude, v6.38 [current] release.

Tue Jan 03, 2017 10:10 pm

It is not possible in v6.38 to make a connection from a device configured as a CPE to an encrypted AP when using the Webfig Quick Set page. The link appears to broken between the Quick Set entries and the Security Profile.
 
moep
newbie
Posts: 40
Joined: Mon Jul 02, 2012 2:12 pm

Re: v6.38 [current] is released!

Tue Jan 03, 2017 10:12 pm

First of all happy new year and nice work on overall ipsec improvements.

But the password length is still capped to 31 characters, which creates incompatibility to previous versions with long xauth passwords
i wrote this here:
http://forum.mikrotik.com/viewtopic.php ... 86#p573186

please try to fix it :)
 
nje431
newbie
Posts: 39
Joined: Tue Sep 10, 2013 5:17 pm

Re: v6.38 [current] is released!

Tue Jan 03, 2017 10:50 pm

Can you elaborate on the RSTP incompatibility? We've been using 6.30/6.34/6.36 for some time now between different devices without a problem, including inter-operating with another vendor (A few HP/Aruba 48 port switches). Does this change affect the inter-operability with other vendors?

Thanks.
 
Njumaen
newbie
Posts: 33
Joined: Wed Feb 24, 2016 8:41 pm

Re: v6.38 [current] is released!

Tue Jan 03, 2017 10:54 pm

I had the following strange (???) behaviour:

RB3011 (6.36.4 bugfix) is connected to CRS125 (6.38 current).

Unless I set the STP protocol mode to "none" on the RB3011 local bridge they lose connection when I upgrade the RB3011 to 6.38

Is this intended? Why? What's the point I am missing?

Happy New Year to all,

Ralf.
 
pe1chl
Forum Guru
Forum Guru
Posts: 4845
Joined: Mon Jun 08, 2015 12:09 pm

Re: v6.38 [current] is released!

Tue Jan 03, 2017 11:03 pm

Is this intended? Why? What's the point I am missing?
You forgot to read the release notes!!

Important note!!!
To avoid STP/RSTP compatibility issues with older RouterOS versions upgrade RouterOS on all routers in Layer2 networks with VLAN and STP/RSTP configurations.
 
sup5
Member
Member
Posts: 311
Joined: Sat Jul 10, 2010 12:37 am

Re: v6.38 [current] is released!

Tue Jan 03, 2017 11:41 pm

Today I found a severe bug with 6.38:
It will not (or at least incompletely) learn MAC-Addresses on a bridge connected to the master-port of a switch.

This totally might explain these issues.
 
nacer
just joined
Posts: 13
Joined: Mon Sep 27, 2010 9:08 pm

Re: v6.38 [current] is released!

Tue Jan 03, 2017 11:43 pm

I had situation with 6.38 on my CRS
I have CRS-1009 router and CRS-125-24G switch. Both of them was ROS 6.37. I upgraded both to 6.38.
I am using Port based VLAN tagging described in http://wiki.mikrotik.com/wiki/Manual:Interface/VLAN / example #1 on my CRS-125-24
After 6.38 and all IP traffic stopped on my switch. When I disabled Vlan taggings IP traffic started on my management LAN.

I downgraded to 6.37 and Vlan problem disappeared.

İs this the problem you mentioned "To avoid STP/RSTP compatibility issues with older RouterOS versions upgrade RouterOS on all routers in Layer2 networks with VLAN and STP/RSTP configurations."

Thank you.

Who is online

Users browsing this forum: eworm, Mazutti and 18 guests