These comments are interesting to us, since we encountered odd OSPF update problems after upgrading from 6.43.4 to 6.43.7. However, in our case, the network context is very complex, with two separately-managed networks peering via OSPF. We are actually deploying MikroTik routers to isolate the routing between these two networks. Since we only have control over one of the two networks, it is difficult for us to diagnose the problem when we are looking at OSPF issues on the boundary between the two networks.We're seeing this too. We have one building-to-building link, using dynamic-mesh WDS. The two buildings, and the WDS link, are all on distinct subnets, with routing managed by OSPF.OSPF randomly passes only part of the records to the routing table. It stops having fun.
When the routers were running 6.43.4, when the link would drop & reestablish, everything recovered fine.
Since upgrading to 6.43.8 last night, when the link drops & reestablishes, the near end adds the correct routes to its routing table, but it doesn't seem to pass those updates to its other neighbors. Disabling and enabling the OSPF network for the WDS link corrects the problem almost immediately.
However, OSPF is not mentioned in the 6.43.8 release notes. One reason we upgraded to 6.43.7 was due to the above release note. I will try to provide more information, but our current situation is too complex to allow easy analysis. I’m intrigued with the simpler network setup describe by Hotz1, and may try to configure something similiar in a lab context to attempt to diagnose matters further.*) ospf - improved stability while handling type-5 LSAs;
In my PTP i don´t see changes, equal ping and equal bandwidth.After upgrade from 6.38.5 to 6.43.8 board 911G-5HPacD link 8 km the result is:
6.38.5
ping -3 ms
bandwidth test TCP: - 210 mbps
6.43.8
ping- 6 ms
bandwidth test TCP: - 145 mbps
I'm disappointed after upgrade. The only reason I made the change was that I saw in changelog: *) wireless - improved stability for 802.11ac;
Sorry socada just quick question i'm willing to know.This power limits it´s if you put regulatory-domain, in normal cases if put debug you use superchannel. I check this in my antennas, put debug and superchannel and works same power than no_country_set. But if put debug and regulatory-domain drops the power to this 5dbm.I think Country Debug it´s equal or better than old no_country_set.Code: Select all> interface wireless info country-info no_country_set ranges: 2402-2472/b,g,gn20,gn40(30dBm) 2417-2457/g-turbo(20dBm) 5170-5250/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(17dBm) 5250-5330/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(23dBm)/dfs,passive 5735-5835/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(30dBm) 5190-5230/a-turbo(17dBm)/dfs 5230-5310/a-turbo(23dBm)/dfs,passive 5740-5820/a-turbo(30dBm)/dfs 5180-5260/a-turbo(17dBm) 5260-5300/a-turbo(23dBm)/dfs,passive 5745-5825/a-turbo(30dBm) 902-927/b,g,g-turbo,gn20,gn40(30dBm)
Debug has very low power limits - 5 dBm (like 3mW)Code: Select all> interface wireless info country-info debug ranges: 902-927/b,g,g-turbo,gn20,gn40(5dBm) 2302-2382/b,g,gn20,gn40(5dBm) 2402-2482/b,g,gn20,gn40(5dBm) 2474-2494/b,g,gn20,gn40(5dBm) 2502-2742/b,g,gn20,gn40(5dBm) 2292-2392/g-turbo(5dBm) 2417-2457/g-turbo(5dBm) 2492-2752/g-turbo(5dBm) 5110-5710/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(5dBm) 5735-5835/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(5dBm) 5110-5690/a-turbo(5dBm) 5130-5670/a-turbo(5dBm)
Upon further testing on this, the culprit is indeed the virtual wlan interfaces.Symbol: ` in WLAN SSID brake all wlan interfaces.
Or even not a symbol, but a virtual WLAN. When I create a virtual WLAN and reboot hap ac^2, I don't see all interfaces and export doesn't work in the console.I don't think the problem is the ` symbol.DimaFIX - Please send supout.rif file from your router to support@mikrotik.com. If I add such symbol to my wireless interfaces SSID, then it continue to work properly.
I upgraded over 40 devices of all makes and models without any problems.
But on a single hAP ac^2 after reboot the interface list was empty. The SSIDs were standard ASCII names, without any special character.
After many minutes of waiting, the interfaces appeared but the wlans were missing, and the whole board was very sluggish (no, there was no cpu load).
Reboots didn't help.
Also after each reboot a blue warning was shown about defconf not being able to find any wireless interfaces.
After downgrading back to 6.43.4, the warning is still there, reboot times are long, but all interfaces are working again.
I cannot troubleshoot this further since it's in production.
No, I put debug for country and superchannel for frequency mode. In this answer I say that the power in the middle of () is only if you put regulatory-domain but if you put superchannel the power is the maximum.Sorry socada just quick question i'm willing to know.This power limits it´s if you put regulatory-domain, in normal cases if put debug you use superchannel. I check this in my antennas, put debug and superchannel and works same power than no_country_set. But if put debug and regulatory-domain drops the power to this 5dbm.I think Country Debug it´s equal or better than old no_country_set.Code: Select all> interface wireless info country-info no_country_set ranges: 2402-2472/b,g,gn20,gn40(30dBm) 2417-2457/g-turbo(20dBm) 5170-5250/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(17dBm) 5250-5330/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(23dBm)/dfs,passive 5735-5835/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(30dBm) 5190-5230/a-turbo(17dBm)/dfs 5230-5310/a-turbo(23dBm)/dfs,passive 5740-5820/a-turbo(30dBm)/dfs 5180-5260/a-turbo(17dBm) 5260-5300/a-turbo(23dBm)/dfs,passive 5745-5825/a-turbo(30dBm) 902-927/b,g,g-turbo,gn20,gn40(30dBm)
Debug has very low power limits - 5 dBm (like 3mW)Code: Select all> interface wireless info country-info debug ranges: 902-927/b,g,g-turbo,gn20,gn40(5dBm) 2302-2382/b,g,gn20,gn40(5dBm) 2402-2482/b,g,gn20,gn40(5dBm) 2474-2494/b,g,gn20,gn40(5dBm) 2502-2742/b,g,gn20,gn40(5dBm) 2292-2392/g-turbo(5dBm) 2417-2457/g-turbo(5dBm) 2492-2752/g-turbo(5dBm) 5110-5710/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(5dBm) 5735-5835/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(5dBm) 5110-5690/a-turbo(5dBm) 5130-5670/a-turbo(5dBm)
How you puting debug for regulatory-domain and superchannel ?
No, I put debug for country and superchannel for frequency mode. In this answer I say that the power in the middle of () is only if you put regulatory-domain but if you put superchannel the power is the maximum.Sorry socada just quick question i'm willing to know.This power limits it´s if you put regulatory-domain, in normal cases if put debug you use superchannel. I check this in my antennas, put debug and superchannel and works same power than no_country_set. But if put debug and regulatory-domain drops the power to this 5dbm.I think Country Debug it´s equal or better than old no_country_set.Code: Select all> interface wireless info country-info no_country_set ranges: 2402-2472/b,g,gn20,gn40(30dBm) 2417-2457/g-turbo(20dBm) 5170-5250/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(17dBm) 5250-5330/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(23dBm)/dfs,passive 5735-5835/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(30dBm) 5190-5230/a-turbo(17dBm)/dfs 5230-5310/a-turbo(23dBm)/dfs,passive 5740-5820/a-turbo(30dBm)/dfs 5180-5260/a-turbo(17dBm) 5260-5300/a-turbo(23dBm)/dfs,passive 5745-5825/a-turbo(30dBm) 902-927/b,g,g-turbo,gn20,gn40(30dBm)
Debug has very low power limits - 5 dBm (like 3mW)Code: Select all> interface wireless info country-info debug ranges: 902-927/b,g,g-turbo,gn20,gn40(5dBm) 2302-2382/b,g,gn20,gn40(5dBm) 2402-2482/b,g,gn20,gn40(5dBm) 2474-2494/b,g,gn20,gn40(5dBm) 2502-2742/b,g,gn20,gn40(5dBm) 2292-2392/g-turbo(5dBm) 2417-2457/g-turbo(5dBm) 2492-2752/g-turbo(5dBm) 5110-5710/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(5dBm) 5735-5835/a,an20,an40,ac20,ac40,ac80,ac160,ac80+80(5dBm) 5110-5690/a-turbo(5dBm) 5130-5670/a-turbo(5dBm)
How you puting debug for regulatory-domain and superchannel ?
Sorry if I don't understand your question my English not very good.
Quote only what is needed. No need to quote a quoted a quoted post.....My quastion was HOW??
I´m not saying that I use both at same time (superchannel and regulatory domain) only one need to choose obviously.
You dont need excellent english, just simple like you said:
"This power limits it´s if you put regulatory-domain, in normal cases if put debug you use superchannel. I check this in my antennas, put debug and superchannel and works same power than no_country_set. But if put debug and regulatory-domain drops the power to this 5dbm"
My quastion was HOW??
How you puting debug for regulatory-domain and superchannel ?
I've been debugging this and comparing the Group Key Handshake (GTK update) between 6.43.7 and 6.43.8 during the weekend, since I have a lot of clients with the famous group-key timeout issue.Can we get some details on this?*) capsman - fixed "group-key-update" parameter not using correct units;
How was the parameter interpreted before this fix? Is the long-term release affected by the same bug? If yes: when can we expect a backport of this bugfix to long-term?
After some digging, it turns out this is actually to fix an exploit that enables privilege escalation to root or damage to system files. Why is this not labelled as a security fix?!) telnet - do not allow to set "tracefile" parameter;
Disable /tool graphing, and use 6.43.8.But on a single hAP ac^2 after reboot the interface list was empty.
Nice find.After some digging, it turns out this is actually to fix an exploit that enables privilege escalation to root or damage to system files. Why is this not labelled as a security fix?!) telnet - do not allow to set "tracefile" parameter;
https://cxsecurity.com/issue/WLB-2018120151
Wow. Does every process in routeros run with unrestricted root privileges?
Wow. Does every process in routeros run with unrestricted root privileges?
I guess this likely is the point. Torch is a "right now" tool, not a "historical data" tool.roughly the same time.
I get that. But the webfig torch NEVER shows more than the two lines to be seen in the screenshot, no matter what traffic is to be seen via winbox.I guess this likely is the point. Torch is a "right now" tool, not a "historical data" tool.roughly the same time.
Just tried it myself. Right after opening the Torch screen I can see the same two lines as shown on your screenshots, but after clicking on the "Start" button it works as expected. Weird behavior, indeed.I get that. But the webfig torch NEVER shows more than the two lines to be seen in the screenshot, no matter what traffic is to be seen via winbox.
Thanks for reviewing my observation. Also in my case pressing the "Start" button helps, but I suppose it's not the way it's meant to be.Just tried it myself. Right after opening the Torch screen I can see the same two lines as shown on your screenshots, but after clicking on the "Start" button it works as expected. Weird behavior, indeed.I get that. But the webfig torch NEVER shows more than the two lines to be seen in the screenshot, no matter what traffic is to be seen via winbox.
/system script environment> :global A 10; remove "A"; :global A 20; print; remove "A"
# NAME VALUE
0 A 20
no such item (4)
/system script environment> :global A 10; remove "A"; :global A 20; print; :delay 5; remove "A"
There is no delay in appearance. The print command finds the entry named A, but the remove command fails regardless.There will always be delays before items appear in the table. Slower CPU greater delay.
/system script environment { :global A 10; remove "A"; :global A 20; print; remove [ find where name="A" ]; }
I didn't find any fasttrack filter in firewall. This issue is happening with those queues which are created later. Previously made queues are ok.Is perhaps fasttrack active (you'll see it in /ip firewall filter)? fasttrack-ing is not compatible with queues.
Potentially the problem is with queue 216? The target there is 0.0.0.0/0 and might be preventing the traffic from going to later queues.Please suggest me what should i do now? All users are using unlimited bandwidth now, thats why, it's so much tough to me for managing the bandwidth.
Another thing is that, when i logged into the mikrotik via winbox, it's showing unsecured mode at the right corner.
I see similar behavior. When manually upgraded ros to this version, I suddenly realised that routerboot was also upgraded, even the (undocumented!) feature system/routerboard/settings/"auto-upgrade" is not set. At least all devices booted normally (and only once) after upgrade so far.I've update a couple (±30) of RB2011/RB3011's hAP AC^2's and wAP AC devices from 6.43.4 to 6.43.8 and until now I got 2 wAP AC devices in an undefined state right after/during the update (update via capsman), they would not boot anymore. Luckily I'm able to power cycle these devices via PoE switches. After the powercycle the devices start with normal behaviour and the routerboard firmware has been updated to 6.34.8 (Routerboard firmware is set to auto update). It seems that they are able to updaten but fail to fully boot after the update, after a forced reboot (via PoE power cycle) the devices become responsive again and work as expected. The log of both the router and the AP show no warnings during/after the update.
Would like to know as well. My RB4011 keeps disabling 5ghz WiFi after a few days (see graph). Only a reboot can bring the WiFi up again. Wondering if this has been fixedhello support!
Could you give us more information about this changelog entry?
*) wireless - improved stability for 802.11ac;
What have been changed? Any improvement in NV2?
Thanks!
ssh_exchange_identification: Connection closed by remote host
In the currently supported stable and longterm versions, this problem exists, so it needs to be fixed.Mutator, in a previous post you wrote yourself that the problem is also reproducible on an earlier versions of RouterOS (6.42.x), so it is NOT a 6.43.8 specific regression. The release topics are meant for version-specific issues only.
ok, fix it.And also your previous post was in Russian only. This is an International forum, please respect others and post here in English only. Thanks in advance.
Nope, problems must be reported to support@mikrotik.com. This is community forum, if problem cannot be solved by changing your config - we can only sympathize. Or recommend to write to support@So I now indicate in each branch that there is this problem?
_____________________________________________________________________________________________
Так что мне в каждой ветке теперь указать, что есть эта проблема ?
This is done, waiting for an answer.Nope, problems must be reported to support@mikrotik.com.
Basically happens only: on Hap Ac2 at AP mode (full L2 bridge), still limiting SSH should work, IMHO...Found possible bug:
When you add subnet into "available from" field for SSH service, under IP Services...SSH becomes inaccessible, even if PC is in that subnet.It seems only to affect SSH though, for limiting access to http, https it work just fine.Code: Select allssh_exchange_identification: Connection closed by remote host
I am having the same problem.Would like to know as well. My RB4011 keeps disabling 5ghz WiFi after a few days (see graph). Only a reboot can bring the WiFi up again. Wondering if this has been fixedhello support!
Could you give us more information about this changelog entry?
*) wireless - improved stability for 802.11ac;
What have been changed? Any improvement in NV2?
Thanks!
I'm facing the same issue as mikelaurense. When this happens for me, I can see that the wifi interface is shown as "S" instead of "RS". When going in the settings, I can see "Enabled" is still checked but the interface is not shown as "Running". The wifi network in itself becomes inaccessible, as in, it doesn't appear anymore when scanning from another device. There is nothing in the logs about the interface being disabled. Disabling and Enabling again the interface does not fix the problem. Rebooting does....
mikelaurense - Does interface actually gets disabled? Or it becomes inacessible? If it disabled, then someone has done that manually. Please provide supout.rif file tp support@mikrotik.com. Make sure that file is generated while interface is "disabled".
...
Me tooI am having the same problem.Would like to know as well. My RB4011 keeps disabling 5ghz WiFi after a few days (see graph). Only a reboot can bring the WiFi up again. Wondering if this has been fixedhello support!
Could you give us more information about this changelog entry?
*) wireless - improved stability for 802.11ac;
What have been changed? Any improvement in NV2?
Thanks!
[tik01] > ip firewall mangle add action=change-ttl chain=p
postrouting prerouting
[tik01] > ip firewall mangle add action=change-ttl chain=perouting new-ttl=increment:1 passthrough=yes
[tik01] > ip firewall mangle ex co
# feb/01/2019 19:14:17 by RouterOS 6.43.8
# software id = BI8D-QNXG
#
# model = RouterBOARD 962UiGS-5HacT2HnT
# serial number = **
/ip firewall mangle
add action=change-ttl chain=prerouting new-ttl=increment:1 passthrough=yes
add action=change-ttl chain=perouting new-ttl=increment:1 passthrough=yes
[tik01] >
It is. Absolutely. You have simply added a rule to a custom (user-defined) chain named 'perouting' that you can now jump to using 'action=jump' rules.This is normal ?
After contact with Mikrotik support I changed channel width to ‘20/40/80 MHz XXXX’. This does seem to improve stability, although it did happen once or twice again since changing itI'm facing the same issue as mikelaurense. When this happens for me, I can see that the wifi interface is shown as "S" instead of "RS". When going in the settings, I can see "Enabled" is still checked but the interface is not shown as "Running". The wifi network in itself becomes inaccessible, as in, it doesn't appear anymore when scanning from another device. There is nothing in the logs about the interface being disabled. Disabling and Enabling again the interface does not fix the problem. Rebooting does....
mikelaurense - Does interface actually gets disabled? Or it becomes inacessible? If it disabled, then someone has done that manually. Please provide supout.rif file tp support@mikrotik.com. Make sure that file is generated while interface is "disabled".
...
This happens every few days seemingly at random hours, always during the day when nobody is home (virtually no traffic on wifi) or at night one I sleep (virtually no traffic on wifi).
LTE bell on any phone - kicks wifi on RB4011, any channel from 36-161!I am having the same problem.Would like to know as well. My RB4011 keeps disabling 5ghz WiFi after a few days (see graph). Only a reboot can bring the WiFi up again. Wondering if this has been fixedhello support!
Could you give us more information about this changelog entry?
*) wireless - improved stability for 802.11ac;
What have been changed? Any improvement in NV2?
Thanks!
"20 hour plane ride away", my god Please don't. Stay on bugfix or Long-term how it's called now.I'm afraid of upgrading my 941 and 952 devices as they don't have the 60mb for the leak and most of them are remote (like 20 hour plane ride away)