Have you set admin-mac on the bridge?Tested This New RC. My Bridge LACP bridge problem still exists. Not reachable through lacp bond if no other local port on bridge is active.
ip dhcp-client connected to bridge1 does eternal searching after reboot disable and enable fixes the problem
Fixed in 6.42rc35. Thanks!This is broken again. Sent my info to [Ticket#2018012322003459].*) ipsec - properly detect interface for "mode-config" client IP address assignment;
/system package update install
channel: release-candidate
current-version: 6.42rc30
latest-version: 6.42rc35
status: ERROR: not enough disk space, 19.4MiB is required and only 18.1MiB is free
/system resource print
uptime: 2m44s
version: 6.42rc30 (testing)
build-time: Feb/20/2018 10:44:28
free-memory: 203.1MiB
total-memory: 221.7MiB
cpu: Intel(R)
cpu-count: 2
cpu-frequency: 2594MHz
cpu-load: 0%
free-hdd-space: 18.2MiB
total-hdd-space: 63.5MiB
write-sect-since-reboot: 416
write-sect-total: 417
architecture-name: x86_64
board-name: CHR
platform: MikroTik
I have only created the bridge1 interface.Have you set admin-mac on the bridge?
/interface bridge export
# mar/12/1970 15:13:17 by RouterOS 6.42rc35
# software id = M8A7-BVIJ
#
# model = CRS326-24G-2S+
/interface bridge
add igmp-snooping=yes name=bridge1 protocol-mode=none pvid=64 vlan-filtering=yes
/interface bridge port
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether1 pvid=64
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether2 pvid=64
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether3 pvid=64
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether4 pvid=64
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether5 pvid=64
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether6 pvid=64
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether7 pvid=64
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether8 pvid=64
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether9 pvid=64
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether10 pvid=64
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether11 pvid=64
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether12 pvid=64
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether13 pvid=64
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether14 pvid=64
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether15 pvid=64
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether16 pvid=64
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether17 pvid=64
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether18 pvid=64
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether19 pvid=64
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether20 pvid=64
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether21 pvid=64
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether22 pvid=64
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether23 pvid=64
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether24 pvid=64
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=Core pvid=64
/interface bridge vlan
add bridge=bridge1 tagged=Core untagged="bridge1,ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10
,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24" \
vlan-ids=64
/interface bridge print detail
Flags: X - disabled, R - running
0 R name="bridge1" mtu=auto actual-mtu=1500 l2mtu=1592 arp=enabled arp-timeout=auto mac-address=6C:3B:6B:ED:F8:2E
protocol-mode=none fast-forward=yes igmp-snooping=yes auto-mac=yes ageing-time=5m vlan-filtering=yes pvid=64
/interface bonding export
# mar/12/1970 15:15:33 by RouterOS 6.42rc35
# software id = M8A7-BVIJ
#
# model = CRS326-24G-2S+
/interface bonding
add lacp-rate=1sec min-links=1 mode=802.3ad name=Core slaves=sfp-sfpplus1,sfp-sfpplus2 transmit-hash-policy=\
layer-3-and-4
Sure, i tried multiple channels, also two bands, i tried to change nearly each wireless setting.@jmi2
original post hereshort version: With this routerOS version, if there is single client with older card like CM9, then all other clients got no change to communicate without issues.
Simply if such client is connected to AP, then mobile and notebook have horrible connectivity and LG TV and hama radio got disconnected always after few seconds.
long version: Starting with 6.37 (actually already before, if previous FWs like 6.36.4 were switched to use wireless-rep) in combination with old HW like CM9, R52 on client side, wireless channel becomes useless for all (other clients of same AP and also clients of other APs on same channel). Same issue is still there with 6.42rc20.
...
Did you check different frequencies? I had two 912UAG-5HPnD and one 411U with R52 connected to another 411U with R52 at 5200MHz with one 912 constantly dropping connection. Can't completely rule out, that nothing else was using the spectrum at that frequency but scanning for wlans at 20MHz bandwidth didn't show anything. But changing to 5220MHz stabilized the connection
feb/27 00:18:22 dhcp,warning dhcp1 offering lease x.x.x.x for C0:FF:EE:00:BA:BE w
ithout success
feb/27 00:18:22 dhcp,warning dhcp1 offering lease x.x.x.x for C0:FF:EE:00:BA:BE w
ithout success
I have only created the bridge1 interface.Have you set admin-mac on the bridge?
<...>
what do you make of that?
/interface bridge
set bridge1 auto-mac=no admin-mac=6C:3B:6B:ED:F8:2E
Back to 6.41 - and it's fine again:10:50:58 ipsec Adjusting my encmode UDP-Tunnel->Tunnel
10:50:58 ipsec Adjusting peer's encmode UDP-Transport(4)->Transport(2)
10:50:58 ipsec encmode mismatched: my:Tunnel peer:Transport
Settings are quite straightforward:10:55:18 ipsec Adjusting my encmode UDP-Transport->Transport
10:55:18 ipsec Adjusting peer's encmode UDP-Transport(4)->Transport(2)
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha256,sha1
/interface l2tp-server server
set authentication=mschap2 enabled=yes ipsec-secret=wonttellyou use-ipsec=yes
I suppose, you might have shrinked the disk, as normally (AFAIK) 128MB is the starting disk size of CHR in every type.Upgrade fails on CHR:Upgrade path was 6.41.2 -> 6.42rc30 -> 6.42rc35. The system does not list any files except directories "skins" and "pub".Code: Select all/system package update install channel: release-candidate current-version: 6.42rc30 latest-version: 6.42rc35 status: ERROR: not enough disk space, 19.4MiB is required and only 18.1MiB is free /system resource print uptime: 2m44s version: 6.42rc30 (testing) build-time: Feb/20/2018 10:44:28 free-memory: 203.1MiB total-memory: 221.7MiB cpu: Intel(R) cpu-count: 2 cpu-frequency: 2594MHz cpu-load: 0% free-hdd-space: 18.2MiB total-hdd-space: 63.5MiB write-sect-since-reboot: 416 write-sect-total: 417 architecture-name: x86_64 board-name: CHR platform: MikroTik
Yes, this is an installation from the really early days of CHR.I suppose, you might have shrinked the disk, as normally (AFAIK) 128MB is the starting disk size of CHR in every type.Upgrade fails on CHR:Upgrade path was 6.41.2 -> 6.42rc30 -> 6.42rc35. The system does not list any files except directories "skins" and "pub".Code: Select all/system package update install channel: release-candidate current-version: 6.42rc30 latest-version: 6.42rc35 status: ERROR: not enough disk space, 19.4MiB is required and only 18.1MiB is free /system resource print uptime: 2m44s version: 6.42rc30 (testing) build-time: Feb/20/2018 10:44:28 free-memory: 203.1MiB total-memory: 221.7MiB cpu: Intel(R) cpu-count: 2 cpu-frequency: 2594MHz cpu-load: 0% free-hdd-space: 18.2MiB total-hdd-space: 63.5MiB write-sect-since-reboot: 416 write-sect-total: 417 architecture-name: x86_64 board-name: CHR platform: MikroTik
Or you started using CHR from the beginning, then 64MB was the starting size of the disk (as far as I can remember).
I can see 95+MiB total-hdd-space in every CHR I use, and 60+MiB free-hdd-space, so upgrade is always successful for me.
Probably, you should try resizing the disk of the CHR, then it might use the extra space, but probably, only the installation phase can resize the inner filesystem of CHR.
You should start from scratch, as stated in the System Requirements wiki, there 128MB of RAM and 128MB of disk space is required to operate/install CHR. You only need to copy out the current configuration, probably nothing more is needed.
Thanks for the quick response. Is there any workaround? I'm trying to setup it in Google Cloud so I cannot downgrade to 6.41.Thanks, Chupaka. We will fix this in next versions.
I have same problem and yes I have admin-mac on brigde.Have you set admin-mac on the bridge?Tested This New RC. My Bridge LACP bridge problem still exists. Not reachable through lacp bond if no other local port on bridge is active.
ip dhcp-client connected to bridge1 does eternal searching after reboot disable and enable fixes the problem
Thanks mrz....We are aware of this DHCP client problem, will try to fix in one of the next RC versions.
That is right, it is for CHR. Well, it appears to be a on-off problem, I did not see it in 6.42rc30 and it returned in 6.42rc35 but maybe that is pure coincidence.pe1chl - I assume that you are referring to CHR. This problem is not related to this concrete RouterOS version, however, we will fix it in upcoming RouterOS releases.
You can downgrade to previous release candidate version or configure IPsec with static policies instead of using policy template to generate them.Thanks for the quick response. Is there any workaround? I'm trying to setup it in Google Cloud so I cannot downgrade to 6.41.
Doesn't run in rc35 compared to what? Can't it beLooks like up-script from netwatch is no longer run with 6.42rc35. Are there any changes not mentioned in changelog?
What's new in 6.42rc30 (2018-Feb-20 10:44):
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
Ups, I skipped 6.42rc30 due to issues with ipsec and missed that change. Thanks for the hint!Doesn't run in rc35 compared to what? Can't it beLooks like up-script from netwatch is no longer run with 6.42rc35. Are there any changes not mentioned in changelog?What's new in 6.42rc30 (2018-Feb-20 10:44):
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
There is something specific to your setup that is causing access to the CPU being lost. Please write to support@mikrotik.com, attach the supout.rif file and a small, simplified network diagram (preferably with device's model name on the other end).Are you aware and have reproduced the LACP problem aswell?
My scripts requires "sensitive"... So back to scheduler with a high interval.Ups, I skipped 6.42rc30 due to issues with ipsec and missed that change. Thanks for the hint!Doesn't run in rc35 compared to what? Can't it beLooks like up-script from netwatch is no longer run with 6.42rc35. Are there any changes not mentioned in changelog?What's new in 6.42rc30 (2018-Feb-20 10:44):
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
Looks like I have to figure what exactly breaks my scripts.
Sounds wrongMy scripts requires "sensitive"... So back to scheduler with a high interval.
It works, thanksYou can downgrade to previous release candidate version or configure IPsec with static policies instead of using policy template to generate them.
The script reads and writes private-pre-shared-key from "/ interface wireless access-list" and sends e-mails. Both actions require "sensitive".Sounds wrongMy scripts requires "sensitive"... So back to scheduler with a high interval.
That's what I did. But it does no longer work.Can't you just create script in System -> Scripts and run it from on-up event of Netwatch?
/ip firewall connection remove [find dst-address ~ ":3478"];
/ip firewall connection remove [find dst-address ~ ":3479"];
/ip firewall connection remove [find dst-address ~ ":4569"];
/ip firewall connection remove [find dst-address ~ ":5060"];
Since rc35 CAPs do no longer get an DHCP IP-address if the DHCP client runs on a bridge.What's new in 6.42rc37 (2018-Mar-01 09:29):
Thanks, I added this to make my CAPs work again:We are aware of dhcp client problem on bridge interface, we will fix it in future RC versions. Disable/enable bridge or dhcp client and it will get an address.
/system scheduler
add name=DHCP-restart on-event=DHCP-restart policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-time=startup
/system script
add name=DHCP-restart owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
":delay 15\r\
\n/interface bridge disable bridgeLocal\
\n:delay 2\
\n/interface bridge enable bridgeLocal\
\n"
This helps just for smaller kids. Larger kids understand what is going on, and set an other DNS server.You can always configure OpenDNS as your DNS server
That's why you should block any traffic in chain=forward and force using web proxyEven then they can use VPN and bypass OpenDNS DNS.
it's okay as you say if I want to screen all the traffic, even the adults.You can always configure OpenDNS as your DNS server, either as the DNS for the router itself and then advertise the router address as DNS server in DHCP
or by advertising the OpenDNS servers in DHCP, and then configure an OpenDNS account on your internet address with the settings you like.
You do not require kid-control for that.
That is what I see too, so then you have lost the battleWhen you close your entire router they can use their 3G/4G connection.
failure: ether2 is already slave
You should add the bonding interface, not the ethernet interface!When I try to add the ether interfaces to the bridge, I get the following error message:Code: Select allfailure: ether2 is already slave
The documentation says add both.You should add the bonding interface, not the ethernet interface!
It's showing ether3 and ether4 also in the bridge as non-bonded ports as an example, but the bonded interface consisting of ether1 and ether2 is added to the bridge just as bond1.The documentation says add both.
With dhcp options and option sets you can define different DNS servers for specific users by mac address.it's okay as you say if I want to screen all the traffic, even the adults.You can always configure OpenDNS as your DNS server, either as the DNS for the router itself and then advertise the router address as DNS server in DHCP
or by advertising the OpenDNS servers in DHCP, and then configure an OpenDNS account on your internet address with the settings you like.
You do not require kid-control for that.
I want to isolate children from filtered dns like norton, but adult traffic is open to everything. If it would be possible to insert custom dns on mac address kid it would be much easier.
You are right, my mistake. But I don't get the "H" flag on the bonding device and it still not work. Also today I get the following messages on serial console, when I tried to reconfigure the bonding device:It's showing ether3 and ether4 also in the bridge as non-bonded ports as an example, but the bonded interface consisting of ether1 and ether2 is added to the bridge just as bond1.The documentation says add both.
MikroTik 6.42rc37 (testing)
MikroTik Login:
Rebooting...
Stopping services...
Internal error: Oops: 17 [#1] SMP
CPU: 0 Not tainted (3.3.5 #11)
PC is at bond_netdev_event+0x5c/0x158 [bonding@0x7f244000]
LR is at notifier_call
[admin@MikroTik] /interface bonding> set bond2 mtu=8148
failure: could not set mtu
[admin@MikroTik] /interface bonding>
Got a similar issue but I have a 128MB partitionI suppose, you might have shrinked the disk, as normally (AFAIK) 128MB is the starting disk size of CHR in every type.Upgrade fails on CHR:Upgrade path was 6.41.2 -> 6.42rc30 -> 6.42rc35. The system does not list any files except directories "skins" and "pub".Code: Select all/system package update install channel: release-candidate current-version: 6.42rc30 latest-version: 6.42rc35 status: ERROR: not enough disk space, 19.4MiB is required and only 18.1MiB is free /system resource print uptime: 2m44s version: 6.42rc30 (testing) build-time: Feb/20/2018 10:44:28 free-memory: 203.1MiB total-memory: 221.7MiB cpu: Intel(R) cpu-count: 2 cpu-frequency: 2594MHz cpu-load: 0% free-hdd-space: 18.2MiB total-hdd-space: 63.5MiB write-sect-since-reboot: 416 write-sect-total: 417 architecture-name: x86_64 board-name: CHR platform: MikroTik
Or you started using CHR from the beginning, then 64MB was the starting size of the disk (as far as I can remember).
I can see 95+MiB total-hdd-space in every CHR I use, and 60+MiB free-hdd-space, so upgrade is always successful for me.
Probably, you should try resizing the disk of the CHR, then it might use the extra space, but probably, only the installation phase can resize the inner filesystem of CHR.
You should start from scratch, as stated in the System Requirements wiki, there 128MB of RAM and 128MB of disk space is required to operate/install CHR. You only need to copy out the current configuration, probably nothing more is needed.
[admin@MikroTik] /log> /system package update install
channel: release-candidate
current-version: 6.42rc28
latest-version: 6.42rc37
status: ERROR: not enough disk space, 10.0MiB is required and only 3.7MiB is free
[admin@MikroTik] /log> /system resource print
uptime: 41m13s
version: 6.42rc28 (testing)
build-time: Feb/16/2018 07:02:32
free-memory: 90.7MiB
total-memory: 128.0MiB
cpu: MIPS 74Kc V4.12
cpu-count: 1
cpu-frequency: 600MHz
cpu-load: 11%
free-hdd-space: 3872.0KiB
total-hdd-space: 128.0MiB
write-sect-since-reboot: 5375
write-sect-total: 31175782
bad-blocks: 0%
architecture-name: mipsbe
board-name: RB951Ui-2HnD
platform: MikroTik
My exact thoughts. Why?There now is support for "band=5ghz-n/ac" in the GUI but none in the capsman GUI.
Please please please do some work on IPv6!
E.g. following priorities from this posting: viewtopic.php?f=2&t=123302
Things I really need, the sooner the better:
- route marking and multi route tables using marks as in IPv4
(via ipv6 firewall mangle and/or ipv6 route rule)
- configurable IPv6 nameservers in DHCPv6 and RA, or at least the option to publish the router's own
address as nameserver instead of the configured external DNS servers
Which products support 160Mhz? Thanks
*) winbox - added 160 MHz "channel-width" to wireless settings
Is this supposed to show under Terminal or via Winbox DHCP-Client Window row dispaly ? If its under window mine does not show the "D: flag as described for the release. If its under Terminal it does show up as in the Flags: rowWhat's new in 6.42rc39 (2018-Mar-07 07:01):
*) winbox - show "D" flag under "/ip dhcp-client" menu;
Yes can't agree more. Have got 6to4 backup as well as other tunnels but no can't route it properly, or heaven's forbid the ability to route specific ipv6 traffic over better suited tunnelsI It is incredible that we have no improvement for IPv6.
Please please please do some work on IPv6!
E.g. following priorities from this posting: viewtopic.php?f=2&t=123302
Things I really need, the sooner the better:
- route marking and multi route tables using marks as in IPv4
(via ipv6 firewall mangle and/or ipv6 route rule)
- configurable IPv6 nameservers in DHCPv6 and RA, or at least the option to publish the router's own
address as nameserver instead of the configured external DNS servers
Could we expect MAC-addresses list implemented?What's new in 6.42rc39 (2018-Mar-07 07:01):
.....
*) wireless - added support for "interface-list" for Access List entries;
.....
To me CAPsMAN along with VLANs works in 6.41+, so can you open a separate topic for that and describe what you want to achieve? Maybe a workaround can be found.Is CAPsMAN's VLAN implementation going to be fixed to work with the new bridge implementation? Now PVID seems to be used over VLAN and therefore makes CAPsMAN a little unusable.
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts;
*) bridge - added per-port learning options;
*) bridge - added support for static hosts;
[admin@MikroTik] > interface bridge port set learn=
auto no yes
For those still wondering, I found this https://wiki.mikrotik.com/wiki/Manual:C ... es#BondingStrods?What does "initial" mean here?
*) crs3xx - added initial hw-offload support for 802.3ad and balance-xor bonding
Such reports are probably meaningless without included export of your configuration, at least the firewall, queueing and routing part.Getting very poor performance with FastTrack, hap ac, 150Mbps download speed slows down to 15Mbps. Fasttrack disabled and I can get full speed. This only started recently, so I imagine it is from one of the RC's.
Well done!*) crs3xx - added initial "hw-offload" support for 802.3ad and "balance-xor" bonding;
[admin@MikroTik] /interface bonding> set bond2 mtu=8148
failure: could not set mtu
[admin@MikroTik] /interface bonding>
Can allso Confirm that my LACP probelm still exists: accessing the ip owned by bridge over hw offloaded tag'ed only vlan lacp is not possible. Arp on upstream client gets mac for bridge/ip but no luck pinging or connecting.Well done!*) crs3xx - added initial "hw-offload" support for 802.3ad and "balance-xor" bonding;
I can confirm it's working on a CRS326 now. Still open is the issue to change MTU size.
Code: Select all[admin@MikroTik] /interface bonding> set bond2 mtu=8148 failure: could not set mtu [admin@MikroTik] /interface bonding>
You must set L2MTU on slave interfaces first.Well done!
I can confirm it's working on a CRS326 now. Still open is the issue to change MTU size.
Code: Select all[admin@MikroTik] /interface bonding> set bond2 mtu=8148 failure: could not set mtu [admin@MikroTik] /interface bonding>
Q: How do you set the "default" option for "Unknown Unicast Flood", "Unknown Multicast Flood" and "Broadcast Flood" overall for an interface. It seems like dynamic interfaces (say an l2tp interface on the bridge) default to all flooding ON can you can't modify the options. I wonder if you can add a "Default Unknown Unicast Flood", "Default Unknown Multicast Flood", and "Default Broadcast Flood" option to the bridge, OR allow the ppp profile to set the bridge options similar to how you can set horizon.What's new in 6.42rc39 (2018-Mar-07 07:01):
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts;
*) bridge - added per-port learning options;
*) bridge - added support for static hosts;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
Many thanks for the hint. It's working now.You must set L2MTU on slave interfaces first.Well done!
I can confirm it's working on a CRS326 now. Still open is the issue to change MTU size.
Code: Select all[admin@MikroTik] /interface bonding> set bond2 mtu=8148 failure: could not set mtu [admin@MikroTik] /interface bonding>
+1Please would MikroTik consider allowing us to set granular pps (packets per second) filtering on ports, instead of percentage. 1% of 10 Gbps is still 100 Mbps, this would rapidly exhaust MAC address tables and take the network offline.
I've been using QinQ trunking in software bridges on a hex for sometime now. Nothing really special to report about it. I imagine it's software switched but for me that's not a problem.Are there plans to provide dot1q-tunnel equivalent features and switch port rules to manipulate two VLAN tags? (eg pop outer and inner tags and replace them with others)
# jan/13/1970 03:06:17 by RouterOS 6.42rc39
# software id = JLRA-QA36
#
# model = CRS326-24G-2S+
# serial number = 763C06E78477
/interface ethernet
set [ find default-name=sfp-sfpplus2 ] mac-address=6C:3B:6B:ED:F9:E6
/interface bridge
add admin-mac=6C:3B:6B:ED:F9:E6 auto-mac=no fast-forward=no name=bridge1 protocol-mode=none pvid=64 vlan-filtering=yes
/interface bonding
add lacp-rate=1sec min-links=1 mode=802.3ad name=Core slaves=sfp-sfpplus1,sfp-sfpplus2 transmit-hash-policy=layer-3-and-4
/interface bridge port
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=Core pvid=64
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether1 pvid=64 unknown-multicast-flood=no unknown-unicast-flood=no
/interface bridge vlan
add bridge=bridge1 tagged=Core untagged=bridge1,ether1 vlan-ids=64
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=bridge1
/system identity
set name=dc-jkb-dsa-4
/system package update
set channel=release-candidate
/system routerboard settings
set boot-os=router-os silent-boot=no
I've been using QinQ trunking in software bridges on a hex for sometime now. Nothing really special to report about it. I imagine it's software switched but for me that's not a problem.
Are there plans to provide dot1q-tunnel equivalent features and switch port rules to manipulate two VLAN tags? (eg pop outer and inner tags and replace them with others)
Well the CPU is weak, but not THAT weak. To have that problem you would have to do IPsec or extremely lot of (and badly ordered) filters.Exactly... The CPUs in CRS class devices are weak, extremely weak. I assisted someone recently that couldn't do 10Mbps routing on a CRS125, as this was software based.
No, everyone is now working on the big IPv6 update!small changelog, final version soon?
No, everyone is now working on the big IPv6 update!
(I am dreaming...)
And nothing in Log?It just reboots and I am stuck on 6.42rc41
can anyone please describe in numeric format, what "large amount" means?*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
Could you please comment on why this change was made?*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
My guess would be that routers are powered off-on during initialization when it takes so long, and configuration gets inconsistent resulting in complaints or returns.Specifically on older boards (with single-core 400MHz CPUs), this generation can take a long time.
Lets say I power-on a new router , or a router that has been reset to empty config.
It's way more comfortable for me for that router to generate its SSH keys while I might be clicking doing other things, rather than make me wait when I want to connect.
One is RouterOS version, the other is boot firmware version.Under System -> Routerboard I can see factory ROS version, while under System -> Resources it is blank field.
+1Could you please comment on why this change was made?*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
Is it not better to generate these at startup than to make an user wait the first time he connects?
Specifically on older boards (with single-core 400MHz CPUs), this generation can take a long time.
Lets say I power-on a new router , or a router that has been reset to empty config.
It's way more comfortable for me for that router to generate its SSH keys while I might be clicking doing other things, rather than make me wait when I want to connect.
But what is the benefit - what was the original need to change this?Waiting time is not too long. This kind of implementation will satisfy the biggest part of the users so we decided to re-make this generate process.
Good afternoon.
Such a problem - 6.42rc43 +hAP AC^2 = boot loop. If you roll 6.42rc43 and do not update the firmware, everything seems to be fine, but it's worth updating the firmware and the router stupidly goes to the boot loops. At the same time, I tried to download a stable version via nethinstall, but there is still a loop.
If the router reboots from the button (pull out the button, hold down the button, insert the PS and wait for 20 seconds, the router allows you to go through the winbox, but if you just reboot or turn it off / on, it's a loop again.
I was able to roll back to stable firmware in this way - installed 6.41.3, then rebooted from the button to the factory, connected to winbox and rolled firmware by pressing "update firmware" several times and then rebooted the device.
So it goes.
Sincerely.
Can confirm the issue, 6.42rc43 RouterBoot and hAP AC^2 don't mix well.Good afternoon.
Such a problem - 6.42rc43 +hAP AC^2 = boot loop. If you roll 6.42rc43 and do not update the firmware, everything seems to be fine, but it's worth updating the firmware and the router stupidly goes to the boot loops. At the same time, I tried to download a stable version via nethinstall, but there is still a loop.
I faced this kind of problem in WinBox a few times (enabling ipip and eoip interfaces, AFAIR) on ~v6.40-41I'm getting this error "no such item (4)" when enabling or disabling the pppoe client interface. Router is RB750Gr3 6.42RC43.
Note that this problem is not unique to 6.42RC43. I've encountered it before. It's just that I've only started looking into it now.
Hi strods,*) routerboot - fixed RouterBOOT upgrade process (introduced in v6.42rc);
Before such protocols are of any use to us, we need you to implement airMAX, the other guys to implement NV2, or you both agreeWe have made a potentially significant improvement for wireless Nv2 PtMP configurations in the latest 6.42rc version release.
All the changes are on the AP side so you need to upgrade the AP. Client version can stay the same.Regarding nv2.
Do we update clients and ap or just ap?
Hi strods,atlanticd - Yes, that is the fix for the problem. Please test it and report back to us with the results.
free-memory: 79.1MiB
total-memory: 106.3MiB
uptime: 1d7h32m31s
version: 6.40.5 (stable)
build-time: Oct/31/2017 13:05:15
factory-software: 6.40.5
free-memory: 208.7MiB
total-memory: 233.4MiB
cpu: ARMv7
cpu-count: 4
cpu-frequency: 716MHz
cpu-load: 0%
free-hdd-space: 4216.0KiB
total-hdd-space: 15.3MiB
write-sect-since-reboot: 136
write-sect-total: 136
bad-blocks: 0%
architecture-name: arm
board-name: hAP ac^2
platform: MikroTik
Is the version a typo? My systems find 6.42rc49.What's new in 6.42rc48 (2018-Mar-21 11:13):
Isn't a typo, were launched two versions today.Is the version a typo? My systems find 6.42rc49.
confirmed, RouterBOOT upgrade installed ok on hAP ac². Upgraded from ROS 6.41.3 to 6.42rc49, then from RouterBOOT 6.41.3 to 6.42rc49 without any problems.*) routerboot - fixed RouterBOOT upgrade process (introduced in v6.42rc);
Exactly!That is what I see too, so then you have lost the battleWhen you close your entire router they can use their 3G/4G connection.
Better to give good education.
Thank you for your report, the total-memory value will be reported correctly starting from the firmware version 6.42rc50Hi strods,atlanticd - Yes, that is the fix for the problem. Please test it and report back to us with the results.
I can confirm that the RouterBOOT firmware upgrade to 6.42rc46 works, and it is not causing boot loop anymore. However I noticed that after firmware upgrade (and only after Firmware upgrade, not ROS upgrade), the total memory and free memory shows much less than before. Instead of ~256 MB now it is ~128 MB.I reported earlier in another topic that interestingly my hAP ac^2 unit came with 256 MB unexpectedly, and a colleague from MikroTik support stated it that some unit came with more memory. Can you confirm that MikroTik now limit by intention the available memory in this new firmware just to meet the specs, even though the unit has more memory physically, or was it a software bug?Code: Select allfree-memory: 79.1MiB total-memory: 106.3MiB
Thank you.
[admin@sw-under] > interface bonding print
Flags: X - disabled, R - running
0 name="CoreUplink" mtu=1500 mac-address=64:D1:54:EA:BC:83 arp=enabled arp-timeout=auto slaves=sfp-sfpplus1,sfp-sfpplus2 mode=802.3ad primary=none link-monitoring=mii arp-interval=100ms arp-ip-targets="" mii-interval=100ms down-delay=0ms up-delay=0ms lacp-rate=1sec
transmit-hash-policy=layer-3-and-4 min-links=0
[admin@sw-under] > export
# jan/09/1970 16:55:12 by RouterOS 6.42rc43
# software id = E34N-V9KR
#
# model = CRS317-1G-16S+
# serial number = 7A1407CB40B1
/interface ethernet
set [ find default-name=sfp-sfpplus2 ] mac-address=64:D1:54:EA:BC:83
/interface bridge
add fast-forward=no igmp-snooping=yes name=bridge1 protocol-mode=none pvid=64 vlan-filtering=yes
/interface bonding
add lacp-rate=1sec mode=802.3ad name=CoreUplink slaves=sfp-sfpplus1,sfp-sfpplus2 transmit-hash-policy=layer-3-and-4
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=CoreUplink pvid=4094 unknown-multicast-flood=no unknown-unicast-flood=no
/interface bridge vlan
add bridge=bridge1 tagged=CoreUplink untagged=bridge1,ether1 vlan-ids=64
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/system identity
set name=sw-under
/system package update
set channel=release-candidate
/system routerboard settings
set boot-os=router-os silent-boot=no
[admin@sw-under] >
/interface ethernet
set [ find default-name=sfp-sfpplus2 ] mac-address=64:D1:54:EA:BC:83
Not what you ask for, but you can send you log to syslog.hello guys, in the last rc49 release, I wanted to write my hotspot logs on micro sd, only that he can not write on disk1, he always writes on flash
RG 750g3
on the log action type menu, the sd name does not appear
Synology NAS can do it if you install the Log Center package and configure it as the syslog destination for your Mikrotik. QNAP probably does something similar.nice of the info, could I use the nas synology or qnap to save or view the logs?
backup,critical mikrotik: error creating backup file: could not read all configuration files
Does this mean, that RouterOS can now be installed on UEFI devices?*) chr - added support for booting from NVMe disks;
I am also experiencing this phenomenon.Neighbors search sometimes seen, sometimes not in winbox. (CRS326)
I am also experiencing this phenomenon.Neighbors search sometimes seen, sometimes not in winbox. (CRS326)
It seems that it takes a tremendous amount of time to search RB from Winbox (3.12). After about 10 minutes, I saw some things.
- CCR1009-8G1S-S+
- RB850Gx2
- RB2011UAS
The following RBs were not searched.
- RB3011UiAS
- RB962UiGS-5HacT2HnT
I've been waiting for this! Thanks!*) chr - added support for "multi-queue" feature for "virtio-net" driver;
Me too.I've been waiting for this! Thanks!*) chr - added support for "multi-queue" feature for "virtio-net" driver;
/system resource irq print where users~"virtio"
Good tip, thanks.Per CPU, I think. Check withCode: Select all/system resource irq print where users~"virtio"
We cannot see this ticket's contents.My LACP problem is still Present in this RC ([Ticket#2018031222001218] LACP HW problem reaching bridge)
5G With WiFi Password, Firmware 6.42RC52
Connecting to host 192.168.55.203, port 5201
[ 4] local 192.168.88.253 port 50625 connected to 192.168.55.203 port 5201
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-1.00 sec 46.2 MBytes 388 Mbits/sec
[ 4] 1.00-2.00 sec 21.2 MBytes 178 Mbits/sec
[ 4] 2.00-3.00 sec 28.4 MBytes 238 Mbits/sec
[ 4] 3.00-4.00 sec 49.1 MBytes 414 Mbits/sec
[ 4] 4.00-5.00 sec 48.9 MBytes 410 Mbits/sec
[ 4] 5.00-6.00 sec 49.3 MBytes 414 Mbits/sec
[ 4] 6.00-7.00 sec 48.6 MBytes 408 Mbits/sec
[ 4] 7.00-8.00 sec 33.8 MBytes 283 Mbits/sec
[ 4] 8.00-9.00 sec 34.8 MBytes 292 Mbits/sec
[ 4] 9.00-10.00 sec 50.0 MBytes 419 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-10.00 sec 410 MBytes 344 Mbits/sec sender
[ 4] 0.00-10.00 sec 410 MBytes 344 Mbits/sec receiver
iperf Done.
Thank you very much for responding my post. Based on your information, I have already learned more about network bandwidth, throughput, and latency.When you compare tests made with different tools (e.g. iperf VS. CIFS) you have to be aware of behaviour of test "tools". Tests done using iperf are not affected by latency much (apart from usual TCP slow-start) while some more "chatty" protocol (such as CIFS file transfer) can be affected by larger latency quite much.
.......
.../system package> print
Flags: X - disabled
# NAME VERSION SCHEDULED
0 routeros-arm 6.42rc52
1 system 6.42rc52
2 X ipv6 6.42rc52
3 wireless 6.42rc52
4 hotspot 6.42rc52
5 dhcp 6.42rc52
6 mpls 6.42rc52
7 routing 6.42rc52
8 ppp 6.42rc52
9 security 6.42rc52
10 advanced-tools 6.42rc52
.../system routerboard> print
routerboard: yes
board-name: cAP ac
model: RouterBOARD cAP Gi-5acD2nD
serial-number: **************
firmware-type: ipq4000L
factory-firmware: 3.43
current-firmware: 6.42rc52
upgrade-firmware: 6.42rc52
I also have Mimosa and there the DFS even takes the network down longer. Up to some 15-20 minutes. Partially also because when the AP if 'free'd' from the DFS it takes a long time before clients are associated back and in full running mode again. Actually, if your Mimosa P2MP network is hammered by DFS you might as well not use is it at all....... completely unusable. You have to find a band/channel that has no radar or no DFS restrictions. Only then it works. (there is no way of avoiding DFS in Mimosa product line, as we can with MT. )...
Is there any bug? DFS searching time is 10minutes ??
p.s.: found answer... : IEEE 802.18-08/0016r0
Radar Detect and DFS on MikroTik
https://www.youtube.com/watch?v=ZbrbRUAfpac
Is it possible to display the time in the status window?
I understood it.I also have Mimosa and there the DFS even takes the network down longer. Up to some 15-20 minutes. Partially also because when the AP if 'free'd' from the DFS it takes a long time before clients are associated back and in full running mode again. Actually, if your Mimosa P2MP network is hammered by DFS you might as well not use is it at all....... completely unusable. You have to find a band/channel that has no radar or no DFS restrictions. Only then it works. (there is no way of avoiding DFS in Mimosa product line, as we can with MT. )...
Is there any bug? DFS searching time is 10minutes ??
p.s.: found answer... : IEEE 802.18-08/0016r0
Radar Detect and DFS on MikroTik
https://www.youtube.com/watch?v=ZbrbRUAfpac
Is it possible to display the time in the status window?
What does it fix excatly? Does it improve connection stability?*) lte - fixed LTE band setting for SXT LTE;
noWhat does it fix excatly? Does it improve connection stability?*) lte - fixed LTE band setting for SXT LTE;
BGP4 MIB (RFC 4273) next please*) snmp - added w60g support;
/interface bridge add name=LAN
/interface bridge port add bridge=LAN interface=ether5
/interface bridge port add bridge=LAN interface=ether6
/interface bridge port add bridge=LAN interface=ether7
/interface bridge port add bridge=LAN interface=ether8
/interface vlan add name=POP-CENTRO-SECTOR-LESTE interface=LAN use-service-tag=yes vlan-id=100
/ip pool add name=PPPoE-RES-1M ranges=172.16.11.1-172.16.11.126
/ppp profile add dns-server=172.31.255.2,1.1.1.2 local-address=1.1.1.2 name="1 MEGA" rate-limit="1M/1M" remote-address=PPPoE-RES-1M
/interface pppoe-server server add disabled=no interface=POP-CENTRO-SECTOR-LESTE default-profile="1 MEGA" service-name=BRAS1
/interface bridge add name=bridge1
/interface bridge port add bridge=bridge1 interface=wlan1
/interface bridge port add bridge=bridge1 interface=ether1
/interface wireless set [ find default-name=wlan1 ] vlan-id=100 vlan-mode=use-service-tag
jan/01 21:04:16 pppoe,info PPPoE connection established from D4:6E:0E:BC:E2:FB
jan/01 21:04:16 pppoe,info PPPoE connection from D4:6E:0E:BC:E2:FB was already active - closing previous one
What kind of cases does it address?What's new in 6.42rc39 (2018-Mar-07 07:01):
*) ike1 - fixed wildcard policy lookup on responder;
In version 6.42rc52 on Hаp Ас^2 there are problems with Interface/interface list. Tools that use interface list do not work. Such as the MAC winbox server or parameter In. Interface list in firewall rules.After flashing latest 6.42RC52 Winbox not auto detect my hAP AC2.
L2TP/IPSec wasn't working for me in earlier RCsWhat kind of cases does it address?What's new in 6.42rc39 (2018-Mar-07 07:01):
*) ike1 - fixed wildcard policy lookup on responder;
I should have been more specific. Does it affect 6.41.3, or was introduced on this RC? Is it a problem with the wildcard no matching at all? Or matching too much? Or just matching incorrectly?L2TP/IPSec wasn't working for me in earlier RCsWhat kind of cases does it address?What's new in 6.42rc39 (2018-Mar-07 07:01):
*) ike1 - fixed wildcard policy lookup on responder;
Ah, thanks. Good to know.Yep, it was introduced in RC, just a few versions earlier. I noticed it on default configuration.
Let's hope is doesn't introduce new bugs after all that German beer.....Confirmation from MT in Mail RC55 will have fix for my LACP Bonding problem. Have a Nice week end and I hope for the soon Release of RC55. One wonder what more magical fixes will be included.
Everything works for me without issues. Can you repeat this reboot loop after Netinstall with RouterOS and RouterBOOThAP ac^2. When upgrading from rc52 to rc56, i get a bootloop again. Restored by netinstall.
.rc56
No. Now, with rc56, router reboot correctly.Can you repeat this reboot loop after Netinstall with RouterOS and RouterBOOTversions?Code: Select all.rc56
:global zmienna [/tool fetch mode=tftp address=192.168.88.1 src-path=test.txt output=user]
so there is two tests, one test and after few seconds - second test.hAP ac^2 upgraded correctly from rc52 to rc56 but wifi performance is still very poor - the same problem yhfung is talking about.
/queue type
add kind=mq-pfifo mq-pfifo-limit=10000 name=mq-pfifo-10k
/queue interface
set ether1 queue=mq-pfifo-10k
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/system package update
set channel=release-candidate
/system resource irq rps
set ether1 disabled=yes
interface w60g monitor wlan60-1
connected: yes
frequency: 58320
remote-address: 04:xxxxxx
mcs: 4
signal: 40
rssi: -68
tx-sector: 28
tx-sector-info: left 3.8 degrees, down 3.8 degrees
rx-sector: 96
I confirm this. Went back to 6.41.4 and PtMP is working again.In rc56 w60g multipoint is not working
Hi strods,
We run Proxmox (Debian 9 with KVM) and upgraded a CHR to 6.42rc 56 to test multi-queue VirtIO network support.
We set queues equal to the assigned CPU cores and upgraded the router. After booting RouterOS there are no entries in '/int ethernet'...