Page 2 of 2

Re: v6.45.1 [stable] is released!

Posted: Wed Jul 17, 2019 3:15 pm
by dnordenberg
configuring the device in bridge mode from the quickset menu results in a bad configuration where you are locked out.
I did not do it exactly this way, I removed config completely after first startup (after factory reset). Then connected by MAC address, did the bridge config by hand and not trough quickset and boom, device disappeared from network...

But when I think about it again, it is not completely reproducible, sometimes only IP connectivity was gone, MAC access still worked. It was that way I could do a downgrade so at least once MAC access still worked and only IP was blocked. Damn hard to remember all the steps you make when you are just trying to get a device to work again hehe....

Re: v6.45.1 [stable] is released!

Posted: Wed Jul 17, 2019 4:40 pm
by pe1chl
Does it work OK when you configure it as a router in quickset? It should.
Then you can investigate what is going on.

Re: v6.45.1 [stable] is released!

Posted: Wed Jul 17, 2019 4:51 pm
by dnordenberg
Yes the factory default nat router config works so I can reset it back to that. It's when I apply the bridge config that things gets weird...

Re: v6.45.1 [stable] is released!

Posted: Wed Jul 17, 2019 5:13 pm
by mkx
It's when I apply the bridge config that things gets weird...
As @pe1chl wrote: you have to remove router functionality by hand (either via GUI or CLI, just don't use quickset).

Re: v6.45.1 [stable] is released!

Posted: Wed Jul 17, 2019 5:50 pm
by pe1chl
Yes as I wrote before, just keep the bridge settings made by the router config but remove the ether1 address config (dhcp client) and join it to the bridge (and change interface list membership, remove it from WAN).
Not by using the quickset but as separate steps in the configuration. Then it could be you also want to change the firewall.

Re: v6.45.1 [stable] is released!

Posted: Wed Jul 17, 2019 6:14 pm
by mstead
Is this the new API that sends the password in plain text?? I cannot figure WHY you guys would revert to that way of operation.

Re: v6.45.1 [stable] is released!

Posted: Wed Jul 17, 2019 7:07 pm
by bbs2web
The old API login method used CHAP (challenge authentication protocol), which requires the router to store the password in plain text. Passwords are now stored as a hash so you need to send the original password, which the router then hashes to compare to the stored password.

Use API-SSL if you are transmitting API over an untrusted network...

Re: v6.45.1 [stable] is released!

Posted: Wed Jul 17, 2019 7:26 pm
by iperezandres
The process for the API, is the same one that follows winbox for the user authentication? May that be related to the issue with incorrect user and password error?

Re: v6.45.1 [stable] is released!

Posted: Wed Jul 17, 2019 9:16 pm
by dnordenberg
Yes as I wrote before, just keep the bridge settings made by the router config but remove the ether1 address config (dhcp client) and join it to the bridge (and change interface list membership, remove it from WAN).
Not by using the quickset but as separate steps in the configuration. Then it could be you also want to change the firewall.

I think you are talking about another problem, this was strictly related to 6.45.1 as downgrading made the problem disappear. And I did not use quickset, I directly answered no to the question if I want to keep the config. Then the router reboots without a config. Everything still works fine as expected. The problem starts when creating a bridge.

Re: v6.45.1 [stable] is released!

Posted: Thu Jul 18, 2019 12:40 am
by firerain
Try connecting within Mac Address. If doesn't works, and RS232 neither you should do a reset of the config.
Jumping from 6.40 to 6.45.1 it's a very very big jump and there was a lot of changes between that two versions. One of those changes was the elimination of master and slave ports. Now all needs to be done within bridges.

Of course, I tried with MAC. That's actually the only method I use on a daily basis. I treat that box as a regular (well, almost) switch, hence only one port (ether1) has dhcp client (just in case) and is not connected most of the time.

Right now yes, serial is your last chance to see what went wrong and not lose the configuration completely.

Thanks for advises both of you. I've tried serial and guess what... Winbox connection (via MAC) suddenly started to work. No idea what happened. It's a quite basic config.
My switching configuration is untouched - besides lack of slave/master ports settings.
Anyway, I'm not planning to make a network bridge of native switching device. Sounds ridiculous.
It's enough that I've lost switching possibility for ether1 after some prior upgrade (from 6.3x.x to 6.4x).

Re: v6.45.1 [stable] is released!

Posted: Thu Jul 18, 2019 2:35 am
by tdw
It's enough that I've lost switching possibility for ether1 after some prior upgrade (from 6.3x.x to 6.4x).

What does /interface ethernet switch print detail show?

Re: v6.45.1 [stable] is released!

Posted: Thu Jul 18, 2019 5:39 pm
by bajodel
I don't know if these things are strictly related to 6.45.x but..

Yesterday I've added a secondary ethernet link from my main switch (CRS326) and my firewall (RB3011) in the knowledge my CRS326 would handle the backup link correctly (STP was already active on my CRS326); previously there was only the SFP-cable connecting them:

1) if I use the ether1 on my RB3011 (witch is the PoE-in capable port) the RB3011 switches off immediately (no matter what port I use on the CRS326 side). If I try to connect the ether1 port of the RB3011 to a spare CRS125 all is fine instead.
2) (using a different port on RB3011 than ether1) switching on STP on RB3011 (beside of the up and running STP process on the CRS326) the STP process select the root port correctly but I've noticed a lot of packet losses; the packet loss is reproducibile easily pushing repeatedly the button "Refresh" on Winbox to force a quick discovery in LAN!! Switching off the STP process on RB3011 and relying only on the STP process of the CRS326 is fine and there is no evident packet loss any more.
3) With STP active only on CRS326, the dual link (active/backup) to the firewall seems to behave correctly but I've noticed the main switch (CRS326) has some issues with ARP( e.g. my ip phone snom-370 is unable to get a DHCP response, connecting to the switch via Winbox needs 2-3 tries, ..).
4) removing the secondary/backup ethernet link from CRS326 and RB3011 solves all the problems: no ARP issues (slow/weird), my ip phone get his address normally. All is back to normal.

P.S. Every firmwares are updated along with the ros versions (so 6.45.1) and I've also tried with a fresh netinstall for both of them (CRS326/RB3011) and I reimported the configurations line by line from a previous export. Setups on CRS326 and RB3011 are quite well tried and I'm sure I've already tried in the past to put a redundant link between them without noticing any similar issues.

The weirdest thing, however, is the fact that the RB3011 will immediately switch off if I connect the ether1 (PoE-in capable port) to any port of the CRS326 !!

Has anyone any insights ?

Re: v6.45.1 [stable] is released!

Posted: Thu Jul 18, 2019 5:47 pm
by iperezandres
No idea. As far as I am reading, everyone seams to be experiencing different issues, but for me they look completely unrelated. Maybe v6.45.1 is not that stable?

Re: v6.45.1 [stable] is released!

Posted: Thu Jul 18, 2019 5:49 pm
by mkx
My thinking is that using STP to create redundant links between two directly attached devices is (slight) abuse.

In this case it would be better to use bonding. There are many varieties, if you only want to have backup line, you can use active-backup mode.

Re: v6.45.1 [stable] is released!

Posted: Thu Jul 18, 2019 5:54 pm
by pe1chl
Is there any ETA for...
Wrong question! At MikroTik, there never is an ETA!
"it is ready when it's ready".
Typical time for things to be ready is late friday afternoon.

Re: v6.45.1 [stable] is released!

Posted: Thu Jul 18, 2019 5:56 pm
by eworm
Is there any ETA for...
Wrong question! At MikroTik, there never is an ETA!
"it is ready when it's ready".
This is just spam to advertise Bitcoin/Cryptocurrency Trading Exchange Platform. (See signature.)

Re: v6.45.1 [stable] is released!

Posted: Thu Jul 18, 2019 7:27 pm
by bajodel
My thinking is that using STP to create redundant links between two directly attached devices is (slight) abuse.
In this case it would be better .. bonding..
I can agree on this, but consider that just phisically plugging ether1 of rb3011 to one port of the crs326 immediately kills the rb3011 (switched off, dead untill I unplug the cable and it reboots) ..no matter what configuration you have. Furthermore a backup link should be a standby/blocked link with no activity, beside stp messaging, and so pretty stable! ARP issues with this simple scenario is clearly a nonsense.
Bonding (active/backup) might be my best choice here, but it sounds like something to avoid now if I haven't got the chance to figure out what the hell it's happening in the first place :-)